FAILED: patch "[PATCH] ASoC: renesas: rz-ssi: Terminate all the DMA transactions" failed to apply to 6.12-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.12-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y
git checkout FETCH_HEAD
git cherry-pick -x 541011dc2d7c4c82523706f726f422a5e23cc86f
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021036-humorist-voltage-3645@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 541011dc2d7c4c82523706f726f422a5e23cc86f Mon Sep 17 00:00:00 2001
From: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com>
Date: Tue, 10 Dec 2024 19:09:33 +0200
Subject: [PATCH] ASoC: renesas: rz-ssi: Terminate all the DMA transactions
The stop trigger invokes rz_ssi_stop() and rz_ssi_stream_quit().
- The purpose of rz_ssi_stop() is to disable TX/RX, terminate DMA
transactions, and set the controller to idle.
- The purpose of rz_ssi_stream_quit() is to reset the substream-specific
software data by setting strm->running and strm->substream appropriately.
The function rz_ssi_is_stream_running() checks if both strm->substream and
strm->running are valid and returns true if so. Its implementation is as
follows:
static inline bool rz_ssi_is_stream_running(struct rz_ssi_stream *strm)
{
return strm->substream && strm->running;
}
When the controller is configured in full-duplex mode (with both playback
and capture active), the rz_ssi_stop() function does not modify the
controller settings when called for the first substream in the full-duplex
setup. Instead, it simply sets strm->running = 0 and returns if the
companion substream is still running. The following code illustrates this:
static int rz_ssi_stop(struct rz_ssi_priv *ssi, struct rz_ssi_stream *strm)
{
strm->running = 0;
if (rz_ssi_is_stream_running(&ssi->playback) ||
rz_ssi_is_stream_running(&ssi->capture))
return 0;
// ...
}
The controller settings, along with the DMA termination (for the last
stopped substream), are only applied when the last substream in the
full-duplex setup is stopped.
While applying the controller settings only when the last substream stops
is not problematic, terminating the DMA operations for only one substream
causes failures when starting and stopping full-duplex operations multiple
times in a loop.
To address this issue, call dmaengine_terminate_async() for both substreams
involved in the full-duplex setup when the last substream in the setup is
stopped.
Fixes: 4f8cd05a4305 ("ASoC: sh: rz-ssi: Add full duplex support")
Cc: stable(a)vger.kernel.org
Reviewed-by: Biju Das <biju.das.jz(a)bp.renesas.com>
Signed-off-by: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com>
Reviewed-by: Geert Uytterhoeven <geert+renesas(a)glider.be>
Link: https://patch.msgid.link/20241210170953.2936724-5-claudiu.beznea.uj@bp.rene…
Signed-off-by: Mark Brown <broonie(a)kernel.org>
diff --git a/sound/soc/renesas/rz-ssi.c b/sound/soc/renesas/rz-ssi.c
index 6efd017aaa7f..2d8721156099 100644
--- a/sound/soc/renesas/rz-ssi.c
+++ b/sound/soc/renesas/rz-ssi.c
@@ -415,8 +415,12 @@ static int rz_ssi_stop(struct rz_ssi_priv *ssi, struct rz_ssi_stream *strm)
rz_ssi_reg_mask_setl(ssi, SSICR, SSICR_TEN | SSICR_REN, 0);
/* Cancel all remaining DMA transactions */
- if (rz_ssi_is_dma_enabled(ssi))
- dmaengine_terminate_async(strm->dma_ch);
+ if (rz_ssi_is_dma_enabled(ssi)) {
+ if (ssi->playback.dma_ch)
+ dmaengine_terminate_async(ssi->playback.dma_ch);
+ if (ssi->capture.dma_ch)
+ dmaengine_terminate_async(ssi->capture.dma_ch);
+ }
rz_ssi_set_idle(ssi);
2 months, 2 weeks
- 1
- 0
FAILED: patch "[PATCH] wifi: mt76: mt7915: add module param to select 5 GHz or 6 GHz" failed to apply to 6.1-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.1-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y
git checkout FETCH_HEAD
git cherry-pick -x 57af267d2b8f5d88485c6372761386d79c5e6a1a
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021037-retype-jaunt-6b0b@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 57af267d2b8f5d88485c6372761386d79c5e6a1a Mon Sep 17 00:00:00 2001
From: Shayne Chen <shayne.chen(a)mediatek.com>
Date: Thu, 10 Oct 2024 10:38:16 +0200
Subject: [PATCH] wifi: mt76: mt7915: add module param to select 5 GHz or 6 GHz
on MT7916
Due to a limitation in available memory, the MT7916 firmware can only
handle either 5 GHz or 6 GHz at a time. It does not support runtime
switching without a full restart.
On older firmware, this accidentally worked to some degree due to missing
checks, but couldn't be supported properly, because it left the 6 GHz
channels uncalibrated.
Newer firmware refuses to start on either band if the passed EEPROM
data indicates support for both.
Deal with this limitation by using a module parameter to specify the
preferred band in case both are supported.
Fixes: b4d093e321bd ("mt76: mt7915: add 6 GHz support")
Cc: stable(a)vger.kernel.org
Signed-off-by: Shayne Chen <shayne.chen(a)mediatek.com>
Link: https://patch.msgid.link/20241010083816.51880-1-nbd@nbd.name
Signed-off-by: Felix Fietkau <nbd(a)nbd.name>
diff --git a/drivers/net/wireless/mediatek/mt76/mt7915/eeprom.c b/drivers/net/wireless/mediatek/mt76/mt7915/eeprom.c
index bfdbc15abaa9..928e0b07a9bf 100644
--- a/drivers/net/wireless/mediatek/mt76/mt7915/eeprom.c
+++ b/drivers/net/wireless/mediatek/mt76/mt7915/eeprom.c
@@ -2,9 +2,14 @@
/* Copyright (C) 2020 MediaTek Inc. */
#include <linux/firmware.h>
+#include <linux/moduleparam.h>
#include "mt7915.h"
#include "eeprom.h"
+static bool enable_6ghz;
+module_param(enable_6ghz, bool, 0644);
+MODULE_PARM_DESC(enable_6ghz, "Enable 6 GHz instead of 5 GHz on hardware that supports both");
+
static int mt7915_eeprom_load_precal(struct mt7915_dev *dev)
{
struct mt76_dev *mdev = &dev->mt76;
@@ -170,8 +175,20 @@ static void mt7915_eeprom_parse_band_config(struct mt7915_phy *phy)
phy->mt76->cap.has_6ghz = true;
return;
case MT_EE_V2_BAND_SEL_5GHZ_6GHZ:
- phy->mt76->cap.has_5ghz = true;
- phy->mt76->cap.has_6ghz = true;
+ if (enable_6ghz) {
+ phy->mt76->cap.has_6ghz = true;
+ u8p_replace_bits(&eeprom[MT_EE_WIFI_CONF + band],
+ MT_EE_V2_BAND_SEL_6GHZ,
+ MT_EE_WIFI_CONF0_BAND_SEL);
+ } else {
+ phy->mt76->cap.has_5ghz = true;
+ u8p_replace_bits(&eeprom[MT_EE_WIFI_CONF + band],
+ MT_EE_V2_BAND_SEL_5GHZ,
+ MT_EE_WIFI_CONF0_BAND_SEL);
+ }
+ /* force to buffer mode */
+ dev->flash_mode = true;
+
return;
default:
phy->mt76->cap.has_2ghz = true;
diff --git a/drivers/net/wireless/mediatek/mt76/mt7915/init.c b/drivers/net/wireless/mediatek/mt76/mt7915/init.c
index 6bef96e3d2a3..f82216d1bda0 100644
--- a/drivers/net/wireless/mediatek/mt76/mt7915/init.c
+++ b/drivers/net/wireless/mediatek/mt76/mt7915/init.c
@@ -1239,14 +1239,14 @@ int mt7915_register_device(struct mt7915_dev *dev)
if (ret)
goto unreg_dev;
- ieee80211_queue_work(mt76_hw(dev), &dev->init_work);
-
if (phy2) {
ret = mt7915_register_ext_phy(dev, phy2);
if (ret)
goto unreg_thermal;
}
+ ieee80211_queue_work(mt76_hw(dev), &dev->init_work);
+
dev->recovery.hw_init_done = true;
ret = mt7915_init_debugfs(&dev->phy);
2 months, 2 weeks
- 1
- 0
FAILED: patch "[PATCH] Input: bbnsm_pwrkey - add remove hook" failed to apply to 6.6-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.6-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y
git checkout FETCH_HEAD
git cherry-pick -x 55b75306c3edf369285ce22ba1ced45e335094c2
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021047-wiry-tweed-c09f@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 55b75306c3edf369285ce22ba1ced45e335094c2 Mon Sep 17 00:00:00 2001
From: Peng Fan <peng.fan(a)nxp.com>
Date: Thu, 12 Dec 2024 11:03:22 +0800
Subject: [PATCH] Input: bbnsm_pwrkey - add remove hook
Without remove hook to clear wake irq, there will be kernel dump when
doing module test.
"bbnsm_pwrkey 44440000.bbnsm:pwrkey: wake irq already initialized"
Add remove hook to clear wake irq and set wakeup to false.
Signed-off-by: Peng Fan <peng.fan(a)nxp.com>
Fixes: 40e40fdfec3f ("Input: bbnsm_pwrkey - add bbnsm power key support")
Link: https://lore.kernel.org/r/20241212030322.3110017-1-peng.fan@oss.nxp.com
Cc: stable(a)vger.kernel.org
Signed-off-by: Dmitry Torokhov <dmitry.torokhov(a)gmail.com>
diff --git a/drivers/input/misc/nxp-bbnsm-pwrkey.c b/drivers/input/misc/nxp-bbnsm-pwrkey.c
index eb4173f9c820..7ba8d166d68c 100644
--- a/drivers/input/misc/nxp-bbnsm-pwrkey.c
+++ b/drivers/input/misc/nxp-bbnsm-pwrkey.c
@@ -187,6 +187,12 @@ static int bbnsm_pwrkey_probe(struct platform_device *pdev)
return 0;
}
+static void bbnsm_pwrkey_remove(struct platform_device *pdev)
+{
+ dev_pm_clear_wake_irq(&pdev->dev);
+ device_init_wakeup(&pdev->dev, false);
+}
+
static int __maybe_unused bbnsm_pwrkey_suspend(struct device *dev)
{
struct platform_device *pdev = to_platform_device(dev);
@@ -223,6 +229,8 @@ static struct platform_driver bbnsm_pwrkey_driver = {
.of_match_table = bbnsm_pwrkey_ids,
},
.probe = bbnsm_pwrkey_probe,
+ .remove = bbnsm_pwrkey_remove,
+
};
module_platform_driver(bbnsm_pwrkey_driver);
2 months, 2 weeks
- 1
- 0
FAILED: patch "[PATCH] Input: synaptics - fix crash when enabling pass-through port" failed to apply to 6.12-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.12-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y
git checkout FETCH_HEAD
git cherry-pick -x 08bd5b7c9a2401faabdaa1472d45c7de0755fd7e
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021059-splice-blush-823b@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 08bd5b7c9a2401faabdaa1472d45c7de0755fd7e Mon Sep 17 00:00:00 2001
From: Dmitry Torokhov <dmitry.torokhov(a)gmail.com>
Date: Fri, 17 Jan 2025 09:23:40 -0800
Subject: [PATCH] Input: synaptics - fix crash when enabling pass-through port
When enabling a pass-through port an interrupt might come before psmouse
driver binds to the pass-through port. However synaptics sub-driver
tries to access psmouse instance presumably associated with the
pass-through port to figure out if only 1 byte of response or entire
protocol packet needs to be forwarded to the pass-through port and may
crash if psmouse instance has not been attached to the port yet.
Fix the crash by introducing open() and close() methods for the port and
check if the port is open before trying to access psmouse instance.
Because psmouse calls serio_open() only after attaching psmouse instance
to serio port instance this prevents the potential crash.
Reported-by: Takashi Iwai <tiwai(a)suse.de>
Fixes: 100e16959c3c ("Input: libps2 - attach ps2dev instances as serio port's drvdata")
Link: https://bugzilla.suse.com/show_bug.cgi?id=1219522
Cc: stable(a)vger.kernel.org
Reviewed-by: Takashi Iwai <tiwai(a)suse.de>
Link: https://lore.kernel.org/r/Z4qSHORvPn7EU2j1@google.com
Signed-off-by: Dmitry Torokhov <dmitry.torokhov(a)gmail.com>
diff --git a/drivers/input/mouse/synaptics.c b/drivers/input/mouse/synaptics.c
index 2735f86c23cc..aba57abe6978 100644
--- a/drivers/input/mouse/synaptics.c
+++ b/drivers/input/mouse/synaptics.c
@@ -665,23 +665,50 @@ static void synaptics_pt_stop(struct serio *serio)
priv->pt_port = NULL;
}
+static int synaptics_pt_open(struct serio *serio)
+{
+ struct psmouse *parent = psmouse_from_serio(serio->parent);
+ struct synaptics_data *priv = parent->private;
+
+ guard(serio_pause_rx)(parent->ps2dev.serio);
+ priv->pt_port_open = true;
+
+ return 0;
+}
+
+static void synaptics_pt_close(struct serio *serio)
+{
+ struct psmouse *parent = psmouse_from_serio(serio->parent);
+ struct synaptics_data *priv = parent->private;
+
+ guard(serio_pause_rx)(parent->ps2dev.serio);
+ priv->pt_port_open = false;
+}
+
static int synaptics_is_pt_packet(u8 *buf)
{
return (buf[0] & 0xFC) == 0x84 && (buf[3] & 0xCC) == 0xC4;
}
-static void synaptics_pass_pt_packet(struct serio *ptport, u8 *packet)
+static void synaptics_pass_pt_packet(struct synaptics_data *priv, u8 *packet)
{
- struct psmouse *child = psmouse_from_serio(ptport);
+ struct serio *ptport;
- if (child && child->state == PSMOUSE_ACTIVATED) {
- serio_interrupt(ptport, packet[1], 0);
- serio_interrupt(ptport, packet[4], 0);
- serio_interrupt(ptport, packet[5], 0);
- if (child->pktsize == 4)
- serio_interrupt(ptport, packet[2], 0);
- } else {
- serio_interrupt(ptport, packet[1], 0);
+ ptport = priv->pt_port;
+ if (!ptport)
+ return;
+
+ serio_interrupt(ptport, packet[1], 0);
+
+ if (priv->pt_port_open) {
+ struct psmouse *child = psmouse_from_serio(ptport);
+
+ if (child->state == PSMOUSE_ACTIVATED) {
+ serio_interrupt(ptport, packet[4], 0);
+ serio_interrupt(ptport, packet[5], 0);
+ if (child->pktsize == 4)
+ serio_interrupt(ptport, packet[2], 0);
+ }
}
}
@@ -720,6 +747,8 @@ static void synaptics_pt_create(struct psmouse *psmouse)
serio->write = synaptics_pt_write;
serio->start = synaptics_pt_start;
serio->stop = synaptics_pt_stop;
+ serio->open = synaptics_pt_open;
+ serio->close = synaptics_pt_close;
serio->parent = psmouse->ps2dev.serio;
psmouse->pt_activate = synaptics_pt_activate;
@@ -1216,11 +1245,10 @@ static psmouse_ret_t synaptics_process_byte(struct psmouse *psmouse)
if (SYN_CAP_PASS_THROUGH(priv->info.capabilities) &&
synaptics_is_pt_packet(psmouse->packet)) {
- if (priv->pt_port)
- synaptics_pass_pt_packet(priv->pt_port,
- psmouse->packet);
- } else
+ synaptics_pass_pt_packet(priv, psmouse->packet);
+ } else {
synaptics_process_packet(psmouse);
+ }
return PSMOUSE_FULL_PACKET;
}
diff --git a/drivers/input/mouse/synaptics.h b/drivers/input/mouse/synaptics.h
index 899aee598632..3853165b6b3a 100644
--- a/drivers/input/mouse/synaptics.h
+++ b/drivers/input/mouse/synaptics.h
@@ -188,6 +188,7 @@ struct synaptics_data {
bool disable_gesture; /* disable gestures */
struct serio *pt_port; /* Pass-through serio port */
+ bool pt_port_open;
/*
* Last received Advanced Gesture Mode (AGM) packet. An AGM packet
2 months, 2 weeks
- 1
- 0
FAILED: patch "[PATCH] Input: synaptics - fix crash when enabling pass-through port" failed to apply to 6.6-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.6-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y
git checkout FETCH_HEAD
git cherry-pick -x 08bd5b7c9a2401faabdaa1472d45c7de0755fd7e
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021058-unthread-acutely-f430@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 08bd5b7c9a2401faabdaa1472d45c7de0755fd7e Mon Sep 17 00:00:00 2001
From: Dmitry Torokhov <dmitry.torokhov(a)gmail.com>
Date: Fri, 17 Jan 2025 09:23:40 -0800
Subject: [PATCH] Input: synaptics - fix crash when enabling pass-through port
When enabling a pass-through port an interrupt might come before psmouse
driver binds to the pass-through port. However synaptics sub-driver
tries to access psmouse instance presumably associated with the
pass-through port to figure out if only 1 byte of response or entire
protocol packet needs to be forwarded to the pass-through port and may
crash if psmouse instance has not been attached to the port yet.
Fix the crash by introducing open() and close() methods for the port and
check if the port is open before trying to access psmouse instance.
Because psmouse calls serio_open() only after attaching psmouse instance
to serio port instance this prevents the potential crash.
Reported-by: Takashi Iwai <tiwai(a)suse.de>
Fixes: 100e16959c3c ("Input: libps2 - attach ps2dev instances as serio port's drvdata")
Link: https://bugzilla.suse.com/show_bug.cgi?id=1219522
Cc: stable(a)vger.kernel.org
Reviewed-by: Takashi Iwai <tiwai(a)suse.de>
Link: https://lore.kernel.org/r/Z4qSHORvPn7EU2j1@google.com
Signed-off-by: Dmitry Torokhov <dmitry.torokhov(a)gmail.com>
diff --git a/drivers/input/mouse/synaptics.c b/drivers/input/mouse/synaptics.c
index 2735f86c23cc..aba57abe6978 100644
--- a/drivers/input/mouse/synaptics.c
+++ b/drivers/input/mouse/synaptics.c
@@ -665,23 +665,50 @@ static void synaptics_pt_stop(struct serio *serio)
priv->pt_port = NULL;
}
+static int synaptics_pt_open(struct serio *serio)
+{
+ struct psmouse *parent = psmouse_from_serio(serio->parent);
+ struct synaptics_data *priv = parent->private;
+
+ guard(serio_pause_rx)(parent->ps2dev.serio);
+ priv->pt_port_open = true;
+
+ return 0;
+}
+
+static void synaptics_pt_close(struct serio *serio)
+{
+ struct psmouse *parent = psmouse_from_serio(serio->parent);
+ struct synaptics_data *priv = parent->private;
+
+ guard(serio_pause_rx)(parent->ps2dev.serio);
+ priv->pt_port_open = false;
+}
+
static int synaptics_is_pt_packet(u8 *buf)
{
return (buf[0] & 0xFC) == 0x84 && (buf[3] & 0xCC) == 0xC4;
}
-static void synaptics_pass_pt_packet(struct serio *ptport, u8 *packet)
+static void synaptics_pass_pt_packet(struct synaptics_data *priv, u8 *packet)
{
- struct psmouse *child = psmouse_from_serio(ptport);
+ struct serio *ptport;
- if (child && child->state == PSMOUSE_ACTIVATED) {
- serio_interrupt(ptport, packet[1], 0);
- serio_interrupt(ptport, packet[4], 0);
- serio_interrupt(ptport, packet[5], 0);
- if (child->pktsize == 4)
- serio_interrupt(ptport, packet[2], 0);
- } else {
- serio_interrupt(ptport, packet[1], 0);
+ ptport = priv->pt_port;
+ if (!ptport)
+ return;
+
+ serio_interrupt(ptport, packet[1], 0);
+
+ if (priv->pt_port_open) {
+ struct psmouse *child = psmouse_from_serio(ptport);
+
+ if (child->state == PSMOUSE_ACTIVATED) {
+ serio_interrupt(ptport, packet[4], 0);
+ serio_interrupt(ptport, packet[5], 0);
+ if (child->pktsize == 4)
+ serio_interrupt(ptport, packet[2], 0);
+ }
}
}
@@ -720,6 +747,8 @@ static void synaptics_pt_create(struct psmouse *psmouse)
serio->write = synaptics_pt_write;
serio->start = synaptics_pt_start;
serio->stop = synaptics_pt_stop;
+ serio->open = synaptics_pt_open;
+ serio->close = synaptics_pt_close;
serio->parent = psmouse->ps2dev.serio;
psmouse->pt_activate = synaptics_pt_activate;
@@ -1216,11 +1245,10 @@ static psmouse_ret_t synaptics_process_byte(struct psmouse *psmouse)
if (SYN_CAP_PASS_THROUGH(priv->info.capabilities) &&
synaptics_is_pt_packet(psmouse->packet)) {
- if (priv->pt_port)
- synaptics_pass_pt_packet(priv->pt_port,
- psmouse->packet);
- } else
+ synaptics_pass_pt_packet(priv, psmouse->packet);
+ } else {
synaptics_process_packet(psmouse);
+ }
return PSMOUSE_FULL_PACKET;
}
diff --git a/drivers/input/mouse/synaptics.h b/drivers/input/mouse/synaptics.h
index 899aee598632..3853165b6b3a 100644
--- a/drivers/input/mouse/synaptics.h
+++ b/drivers/input/mouse/synaptics.h
@@ -188,6 +188,7 @@ struct synaptics_data {
bool disable_gesture; /* disable gestures */
struct serio *pt_port; /* Pass-through serio port */
+ bool pt_port_open;
/*
* Last received Advanced Gesture Mode (AGM) packet. An AGM packet
2 months, 2 weeks
- 1
- 0
FAILED: patch "[PATCH] clk: mediatek: mt2701-img: add missing dummy clk" failed to apply to 6.1-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.1-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y
git checkout FETCH_HEAD
git cherry-pick -x 366640868ccb4a7991aebe8442b01340fab218e2
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021028-sanctity-giving-9e31@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 366640868ccb4a7991aebe8442b01340fab218e2 Mon Sep 17 00:00:00 2001
From: Daniel Golle <daniel(a)makrotopia.org>
Date: Sun, 15 Dec 2024 22:14:48 +0000
Subject: [PATCH] clk: mediatek: mt2701-img: add missing dummy clk
Add dummy clk for index 0 which was missed during the conversion to
mtk_clk_simple_probe().
Fixes: 973d1607d936 ("clk: mediatek: mt2701: use mtk_clk_simple_probe to simplify driver")
Cc: stable(a)vger.kernel.org
Signed-off-by: Daniel Golle <daniel(a)makrotopia.org>
Link: https://lore.kernel.org/r/d677486a5c563fe5c47aa995841adc2aaa183b8a.17343006…
Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com>
Signed-off-by: Stephen Boyd <sboyd(a)kernel.org>
diff --git a/drivers/clk/mediatek/clk-mt2701-img.c b/drivers/clk/mediatek/clk-mt2701-img.c
index 875594bc9dcb..c158e54c4652 100644
--- a/drivers/clk/mediatek/clk-mt2701-img.c
+++ b/drivers/clk/mediatek/clk-mt2701-img.c
@@ -22,6 +22,7 @@ static const struct mtk_gate_regs img_cg_regs = {
GATE_MTK(_id, _name, _parent, &img_cg_regs, _shift, &mtk_clk_gate_ops_setclr)
static const struct mtk_gate img_clks[] = {
+ GATE_DUMMY(CLK_DUMMY, "img_dummy"),
GATE_IMG(CLK_IMG_SMI_COMM, "img_smi_comm", "mm_sel", 0),
GATE_IMG(CLK_IMG_RESZ, "img_resz", "mm_sel", 1),
GATE_IMG(CLK_IMG_JPGDEC_SMI, "img_jpgdec_smi", "mm_sel", 5),
2 months, 2 weeks
- 1
- 0
FAILED: patch "[PATCH] clk: mediatek: mt2701-bdp: add missing dummy clk" failed to apply to 6.1-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.1-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y
git checkout FETCH_HEAD
git cherry-pick -x fd291adc5e9a4ee6cd91e57f148f3b427f80647b
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021017-tyke-stiffness-35bf@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From fd291adc5e9a4ee6cd91e57f148f3b427f80647b Mon Sep 17 00:00:00 2001
From: Daniel Golle <daniel(a)makrotopia.org>
Date: Sun, 15 Dec 2024 22:14:24 +0000
Subject: [PATCH] clk: mediatek: mt2701-bdp: add missing dummy clk
Add dummy clk for index 0 which was missed during the conversion to
mtk_clk_simple_probe().
Fixes: 973d1607d936 ("clk: mediatek: mt2701: use mtk_clk_simple_probe to simplify driver")
Cc: stable(a)vger.kernel.org
Signed-off-by: Daniel Golle <daniel(a)makrotopia.org>
Link: https://lore.kernel.org/r/b8526c882a50f2b158df0eccb4a165956fd8fa13.17343006…
Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com>
Signed-off-by: Stephen Boyd <sboyd(a)kernel.org>
diff --git a/drivers/clk/mediatek/clk-mt2701-bdp.c b/drivers/clk/mediatek/clk-mt2701-bdp.c
index 5da3eabffd3e..f11c7a4fa37b 100644
--- a/drivers/clk/mediatek/clk-mt2701-bdp.c
+++ b/drivers/clk/mediatek/clk-mt2701-bdp.c
@@ -31,6 +31,7 @@ static const struct mtk_gate_regs bdp1_cg_regs = {
GATE_MTK(_id, _name, _parent, &bdp1_cg_regs, _shift, &mtk_clk_gate_ops_setclr_inv)
static const struct mtk_gate bdp_clks[] = {
+ GATE_DUMMY(CLK_DUMMY, "bdp_dummy"),
GATE_BDP0(CLK_BDP_BRG_BA, "brg_baclk", "mm_sel", 0),
GATE_BDP0(CLK_BDP_BRG_DRAM, "brg_dram", "mm_sel", 1),
GATE_BDP0(CLK_BDP_LARB_DRAM, "larb_dram", "mm_sel", 2),
2 months, 2 weeks
- 1
- 0
FAILED: patch "[PATCH] clk: mediatek: mt2701-vdec: fix conversion to" failed to apply to 6.1-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.1-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y
git checkout FETCH_HEAD
git cherry-pick -x 7c8746126a4e256fcf1af9174ee7d92cc3f3bc31
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021049-dipper-royal-a0b9@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 7c8746126a4e256fcf1af9174ee7d92cc3f3bc31 Mon Sep 17 00:00:00 2001
From: Daniel Golle <daniel(a)makrotopia.org>
Date: Sun, 15 Dec 2024 22:13:49 +0000
Subject: [PATCH] clk: mediatek: mt2701-vdec: fix conversion to
mtk_clk_simple_probe
Commit 973d1607d936 ("clk: mediatek: mt2701: use mtk_clk_simple_probe to
simplify driver") broke DT bindings as the highest index was reduced by
1 because the id count starts from 1 and not from 0.
Fix this, like for other drivers which had the same issue, by adding a
dummy clk at index 0.
Fixes: 973d1607d936 ("clk: mediatek: mt2701: use mtk_clk_simple_probe to simplify driver")
Cc: stable(a)vger.kernel.org
Signed-off-by: Daniel Golle <daniel(a)makrotopia.org>
Link: https://lore.kernel.org/r/b126a5577f3667ef19b1b5feea5e70174084fb03.17343006…
Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com>
Signed-off-by: Stephen Boyd <sboyd(a)kernel.org>
diff --git a/drivers/clk/mediatek/clk-mt2701-vdec.c b/drivers/clk/mediatek/clk-mt2701-vdec.c
index 94db86f8d0a4..5299d92f3aba 100644
--- a/drivers/clk/mediatek/clk-mt2701-vdec.c
+++ b/drivers/clk/mediatek/clk-mt2701-vdec.c
@@ -31,6 +31,7 @@ static const struct mtk_gate_regs vdec1_cg_regs = {
GATE_MTK(_id, _name, _parent, &vdec1_cg_regs, _shift, &mtk_clk_gate_ops_setclr_inv)
static const struct mtk_gate vdec_clks[] = {
+ GATE_DUMMY(CLK_DUMMY, "vdec_dummy"),
GATE_VDEC0(CLK_VDEC_CKGEN, "vdec_cken", "vdec_sel", 0),
GATE_VDEC1(CLK_VDEC_LARB, "vdec_larb_cken", "mm_sel", 0),
};
2 months, 2 weeks
- 1
- 0
FAILED: patch "[PATCH] Bluetooth: qca: Fix poor RF performance for WCN6855" failed to apply to 6.12-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.12-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y
git checkout FETCH_HEAD
git cherry-pick -x a2fad248947d702ed3dcb52b8377c1a3ae201e44
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021049-unrated-entering-7761@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From a2fad248947d702ed3dcb52b8377c1a3ae201e44 Mon Sep 17 00:00:00 2001
From: Zijun Hu <quic_zijuhu(a)quicinc.com>
Date: Mon, 13 Jan 2025 22:43:23 +0800
Subject: [PATCH] Bluetooth: qca: Fix poor RF performance for WCN6855
For WCN6855, board ID specific NVM needs to be downloaded once board ID
is available, but the default NVM is always downloaded currently.
The wrong NVM causes poor RF performance, and effects user experience
for several types of laptop with WCN6855 on the market.
Fix by downloading board ID specific NVM if board ID is available.
Fixes: 095327fede00 ("Bluetooth: hci_qca: Add support for QTI Bluetooth chip wcn6855")
Cc: stable(a)vger.kernel.org # 6.4
Signed-off-by: Zijun Hu <quic_zijuhu(a)quicinc.com>
Tested-by: Johan Hovold <johan+linaro(a)kernel.org>
Reviewed-by: Johan Hovold <johan+linaro(a)kernel.org>
Tested-by: Steev Klimaszewski <steev(a)kali.org> #Thinkpad X13s
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com>
diff --git a/drivers/bluetooth/btqca.c b/drivers/bluetooth/btqca.c
index a6b53d1f23db..cdf09d9a9ad2 100644
--- a/drivers/bluetooth/btqca.c
+++ b/drivers/bluetooth/btqca.c
@@ -909,8 +909,9 @@ int qca_uart_setup(struct hci_dev *hdev, uint8_t baudrate,
"qca/msnv%02x.bin", rom_ver);
break;
case QCA_WCN6855:
- snprintf(config.fwname, sizeof(config.fwname),
- "qca/hpnv%02x.bin", rom_ver);
+ qca_read_fw_board_id(hdev, &boardid);
+ qca_get_nvm_name_by_board(config.fwname, sizeof(config.fwname),
+ "hpnv", soc_type, ver, rom_ver, boardid);
break;
case QCA_WCN7850:
qca_get_nvm_name_by_board(config.fwname, sizeof(config.fwname),
2 months, 2 weeks
- 1
- 0
FAILED: patch "[PATCH] Bluetooth: qca: Fix poor RF performance for WCN6855" failed to apply to 6.13-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.13-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.13.y
git checkout FETCH_HEAD
git cherry-pick -x a2fad248947d702ed3dcb52b8377c1a3ae201e44
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021049-during-buddhist-0ffa@gregkh' --subject-prefix 'PATCH 6.13.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From a2fad248947d702ed3dcb52b8377c1a3ae201e44 Mon Sep 17 00:00:00 2001
From: Zijun Hu <quic_zijuhu(a)quicinc.com>
Date: Mon, 13 Jan 2025 22:43:23 +0800
Subject: [PATCH] Bluetooth: qca: Fix poor RF performance for WCN6855
For WCN6855, board ID specific NVM needs to be downloaded once board ID
is available, but the default NVM is always downloaded currently.
The wrong NVM causes poor RF performance, and effects user experience
for several types of laptop with WCN6855 on the market.
Fix by downloading board ID specific NVM if board ID is available.
Fixes: 095327fede00 ("Bluetooth: hci_qca: Add support for QTI Bluetooth chip wcn6855")
Cc: stable(a)vger.kernel.org # 6.4
Signed-off-by: Zijun Hu <quic_zijuhu(a)quicinc.com>
Tested-by: Johan Hovold <johan+linaro(a)kernel.org>
Reviewed-by: Johan Hovold <johan+linaro(a)kernel.org>
Tested-by: Steev Klimaszewski <steev(a)kali.org> #Thinkpad X13s
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com>
diff --git a/drivers/bluetooth/btqca.c b/drivers/bluetooth/btqca.c
index a6b53d1f23db..cdf09d9a9ad2 100644
--- a/drivers/bluetooth/btqca.c
+++ b/drivers/bluetooth/btqca.c
@@ -909,8 +909,9 @@ int qca_uart_setup(struct hci_dev *hdev, uint8_t baudrate,
"qca/msnv%02x.bin", rom_ver);
break;
case QCA_WCN6855:
- snprintf(config.fwname, sizeof(config.fwname),
- "qca/hpnv%02x.bin", rom_ver);
+ qca_read_fw_board_id(hdev, &boardid);
+ qca_get_nvm_name_by_board(config.fwname, sizeof(config.fwname),
+ "hpnv", soc_type, ver, rom_ver, boardid);
break;
case QCA_WCN7850:
qca_get_nvm_name_by_board(config.fwname, sizeof(config.fwname),
2 months, 2 weeks
- 1
- 0
FAILED: patch "[PATCH] drm/rockchip: cdn-dp: Use" failed to apply to 5.10-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 5.10-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y
git checkout FETCH_HEAD
git cherry-pick -x 666e1960464140cc4bc9203c203097e70b54c95a
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021026-surfboard-eskimo-5c01@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 666e1960464140cc4bc9203c203097e70b54c95a Mon Sep 17 00:00:00 2001
From: Thomas Zimmermann <tzimmermann(a)suse.de>
Date: Tue, 5 Nov 2024 14:38:16 +0100
Subject: [PATCH] drm/rockchip: cdn-dp: Use
drm_connector_helper_hpd_irq_event()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The code for detecting and updating the connector status in
cdn_dp_pd_event_work() has a number of problems.
- It does not aquire the locks to call the detect helper and update
the connector status. These are struct drm_mode_config.connection_mutex
and struct drm_mode_config.mutex.
- It does not use drm_helper_probe_detect(), which helps with the
details of locking and detection.
- It uses the connector's status field to determine a change to
the connector status. The epoch_counter field is the correct one. The
field signals a change even if the connector status' value did not
change.
Replace the code with a call to drm_connector_helper_hpd_irq_event(),
which fixes all these problems.
Signed-off-by: Thomas Zimmermann <tzimmermann(a)suse.de>
Fixes: 81632df69772 ("drm/rockchip: cdn-dp: do not use drm_helper_hpd_irq_event")
Cc: Chris Zhong <zyw(a)rock-chips.com>
Cc: Guenter Roeck <groeck(a)chromium.org>
Cc: Sandy Huang <hjc(a)rock-chips.com>
Cc: "Heiko Stübner" <heiko(a)sntech.de>
Cc: Andy Yan <andy.yan(a)rock-chips.com>
Cc: dri-devel(a)lists.freedesktop.org
Cc: linux-arm-kernel(a)lists.infradead.org
Cc: linux-rockchip(a)lists.infradead.org
Cc: <stable(a)vger.kernel.org> # v4.11+
Signed-off-by: Heiko Stuebner <heiko(a)sntech.de>
Link: https://patchwork.freedesktop.org/patch/msgid/20241105133848.480407-1-tzimm…
diff --git a/drivers/gpu/drm/rockchip/cdn-dp-core.c b/drivers/gpu/drm/rockchip/cdn-dp-core.c
index b04538907f95..f576b1aa86d1 100644
--- a/drivers/gpu/drm/rockchip/cdn-dp-core.c
+++ b/drivers/gpu/drm/rockchip/cdn-dp-core.c
@@ -947,9 +947,6 @@ static void cdn_dp_pd_event_work(struct work_struct *work)
{
struct cdn_dp_device *dp = container_of(work, struct cdn_dp_device,
event_work);
- struct drm_connector *connector = &dp->connector;
- enum drm_connector_status old_status;
-
int ret;
mutex_lock(&dp->lock);
@@ -1009,11 +1006,7 @@ static void cdn_dp_pd_event_work(struct work_struct *work)
out:
mutex_unlock(&dp->lock);
-
- old_status = connector->status;
- connector->status = connector->funcs->detect(connector, false);
- if (old_status != connector->status)
- drm_kms_helper_hotplug_event(dp->drm_dev);
+ drm_connector_helper_hpd_irq_event(&dp->connector);
}
static int cdn_dp_pd_event(struct notifier_block *nb,
2 months, 2 weeks
- 1
- 0
FAILED: patch "[PATCH] drm/rockchip: cdn-dp: Use" failed to apply to 5.15-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 5.15-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y
git checkout FETCH_HEAD
git cherry-pick -x 666e1960464140cc4bc9203c203097e70b54c95a
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021025-abdomen-glass-2533@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 666e1960464140cc4bc9203c203097e70b54c95a Mon Sep 17 00:00:00 2001
From: Thomas Zimmermann <tzimmermann(a)suse.de>
Date: Tue, 5 Nov 2024 14:38:16 +0100
Subject: [PATCH] drm/rockchip: cdn-dp: Use
drm_connector_helper_hpd_irq_event()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The code for detecting and updating the connector status in
cdn_dp_pd_event_work() has a number of problems.
- It does not aquire the locks to call the detect helper and update
the connector status. These are struct drm_mode_config.connection_mutex
and struct drm_mode_config.mutex.
- It does not use drm_helper_probe_detect(), which helps with the
details of locking and detection.
- It uses the connector's status field to determine a change to
the connector status. The epoch_counter field is the correct one. The
field signals a change even if the connector status' value did not
change.
Replace the code with a call to drm_connector_helper_hpd_irq_event(),
which fixes all these problems.
Signed-off-by: Thomas Zimmermann <tzimmermann(a)suse.de>
Fixes: 81632df69772 ("drm/rockchip: cdn-dp: do not use drm_helper_hpd_irq_event")
Cc: Chris Zhong <zyw(a)rock-chips.com>
Cc: Guenter Roeck <groeck(a)chromium.org>
Cc: Sandy Huang <hjc(a)rock-chips.com>
Cc: "Heiko Stübner" <heiko(a)sntech.de>
Cc: Andy Yan <andy.yan(a)rock-chips.com>
Cc: dri-devel(a)lists.freedesktop.org
Cc: linux-arm-kernel(a)lists.infradead.org
Cc: linux-rockchip(a)lists.infradead.org
Cc: <stable(a)vger.kernel.org> # v4.11+
Signed-off-by: Heiko Stuebner <heiko(a)sntech.de>
Link: https://patchwork.freedesktop.org/patch/msgid/20241105133848.480407-1-tzimm…
diff --git a/drivers/gpu/drm/rockchip/cdn-dp-core.c b/drivers/gpu/drm/rockchip/cdn-dp-core.c
index b04538907f95..f576b1aa86d1 100644
--- a/drivers/gpu/drm/rockchip/cdn-dp-core.c
+++ b/drivers/gpu/drm/rockchip/cdn-dp-core.c
@@ -947,9 +947,6 @@ static void cdn_dp_pd_event_work(struct work_struct *work)
{
struct cdn_dp_device *dp = container_of(work, struct cdn_dp_device,
event_work);
- struct drm_connector *connector = &dp->connector;
- enum drm_connector_status old_status;
-
int ret;
mutex_lock(&dp->lock);
@@ -1009,11 +1006,7 @@ static void cdn_dp_pd_event_work(struct work_struct *work)
out:
mutex_unlock(&dp->lock);
-
- old_status = connector->status;
- connector->status = connector->funcs->detect(connector, false);
- if (old_status != connector->status)
- drm_kms_helper_hotplug_event(dp->drm_dev);
+ drm_connector_helper_hpd_irq_event(&dp->connector);
}
static int cdn_dp_pd_event(struct notifier_block *nb,
2 months, 2 weeks
- 1
- 0
FAILED: patch "[PATCH] drm/amd/display: Correct register address in dcn35" failed to apply to 6.12-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.12-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y
git checkout FETCH_HEAD
git cherry-pick -x f88192d2335b5a911fcfa09338cc00624571ec5e
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021028-chooser-popcorn-29ee@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From f88192d2335b5a911fcfa09338cc00624571ec5e Mon Sep 17 00:00:00 2001
From: loanchen <lo-an.chen(a)amd.com>
Date: Wed, 15 Jan 2025 17:43:29 +0800
Subject: [PATCH] drm/amd/display: Correct register address in dcn35
[Why]
the offset address of mmCLK5_spll_field_8 was incorrect for dcn35
which causes SSC not to be enabled.
Reviewed-by: Charlene Liu <charlene.liu(a)amd.com>
Signed-off-by: Lo-An Chen <lo-an.chen(a)amd.com>
Signed-off-by: Zaeem Mohamed <zaeem.mohamed(a)amd.com>
Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com>
Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com>
Cc: stable(a)vger.kernel.org
diff --git a/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c b/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c
index 1f974ea3b0c6..1648226586e2 100644
--- a/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c
+++ b/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c
@@ -89,7 +89,7 @@
#define mmCLK1_CLK4_ALLOW_DS 0x16EA8
#define mmCLK1_CLK5_ALLOW_DS 0x16EB1
-#define mmCLK5_spll_field_8 0x1B04B
+#define mmCLK5_spll_field_8 0x1B24B
#define mmDENTIST_DISPCLK_CNTL 0x0124
#define regDENTIST_DISPCLK_CNTL 0x0064
#define regDENTIST_DISPCLK_CNTL_BASE_IDX 1
2 months, 2 weeks
- 1
- 0
FAILED: patch "[PATCH] drm/amd/display: Correct register address in dcn35" failed to apply to 6.13-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.13-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.13.y
git checkout FETCH_HEAD
git cherry-pick -x f88192d2335b5a911fcfa09338cc00624571ec5e
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021028-primp-darkening-0a43@gregkh' --subject-prefix 'PATCH 6.13.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From f88192d2335b5a911fcfa09338cc00624571ec5e Mon Sep 17 00:00:00 2001
From: loanchen <lo-an.chen(a)amd.com>
Date: Wed, 15 Jan 2025 17:43:29 +0800
Subject: [PATCH] drm/amd/display: Correct register address in dcn35
[Why]
the offset address of mmCLK5_spll_field_8 was incorrect for dcn35
which causes SSC not to be enabled.
Reviewed-by: Charlene Liu <charlene.liu(a)amd.com>
Signed-off-by: Lo-An Chen <lo-an.chen(a)amd.com>
Signed-off-by: Zaeem Mohamed <zaeem.mohamed(a)amd.com>
Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com>
Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com>
Cc: stable(a)vger.kernel.org
diff --git a/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c b/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c
index 1f974ea3b0c6..1648226586e2 100644
--- a/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c
+++ b/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c
@@ -89,7 +89,7 @@
#define mmCLK1_CLK4_ALLOW_DS 0x16EA8
#define mmCLK1_CLK5_ALLOW_DS 0x16EB1
-#define mmCLK5_spll_field_8 0x1B04B
+#define mmCLK5_spll_field_8 0x1B24B
#define mmDENTIST_DISPCLK_CNTL 0x0124
#define regDENTIST_DISPCLK_CNTL 0x0064
#define regDENTIST_DISPCLK_CNTL_BASE_IDX 1
2 months, 2 weeks
- 1
- 0
FAILED: patch "[PATCH] drm/i915/guc: Debug print LRC state entries only if the" failed to apply to 5.15-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 5.15-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y
git checkout FETCH_HEAD
git cherry-pick -x 57965269896313e1629a518d3971ad55f599b792
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021048-majority-stature-58b1@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 57965269896313e1629a518d3971ad55f599b792 Mon Sep 17 00:00:00 2001
From: Daniele Ceraolo Spurio <daniele.ceraolospurio(a)intel.com>
Date: Tue, 14 Jan 2025 16:13:34 -0800
Subject: [PATCH] drm/i915/guc: Debug print LRC state entries only if the
context is pinned
After the context is unpinned the backing memory can also be unpinned,
so any accesses via the lrc_reg_state pointer can end up in unmapped
memory. To avoid that, make sure to only access that memory if the
context is pinned when printing its info.
v2: fix newline alignment
Fixes: 28ff6520a34d ("drm/i915/guc: Update GuC debugfs to support new GuC")
Signed-off-by: Daniele Ceraolo Spurio <daniele.ceraolospurio(a)intel.com>
Cc: John Harrison <John.C.Harrison(a)Intel.com>
Cc: Matthew Brost <matthew.brost(a)intel.com>
Cc: <stable(a)vger.kernel.org> # v5.15+
Reviewed-by: John Harrison <John.C.Harrison(a)Intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20250115001334.3875347-1-dani…
(cherry picked from commit 5bea40687c5cf2a33bf04e9110eb2e2b80222ef5)
Signed-off-by: Rodrigo Vivi <rodrigo.vivi(a)intel.com>
diff --git a/drivers/gpu/drm/i915/gt/uc/intel_guc_submission.c b/drivers/gpu/drm/i915/gt/uc/intel_guc_submission.c
index bd4b3d2470e4..cc05bd9e43b4 100644
--- a/drivers/gpu/drm/i915/gt/uc/intel_guc_submission.c
+++ b/drivers/gpu/drm/i915/gt/uc/intel_guc_submission.c
@@ -5535,12 +5535,20 @@ static inline void guc_log_context(struct drm_printer *p,
{
drm_printf(p, "GuC lrc descriptor %u:\n", ce->guc_id.id);
drm_printf(p, "\tHW Context Desc: 0x%08x\n", ce->lrc.lrca);
- drm_printf(p, "\t\tLRC Head: Internal %u, Memory %u\n",
- ce->ring->head,
- ce->lrc_reg_state[CTX_RING_HEAD]);
- drm_printf(p, "\t\tLRC Tail: Internal %u, Memory %u\n",
- ce->ring->tail,
- ce->lrc_reg_state[CTX_RING_TAIL]);
+ if (intel_context_pin_if_active(ce)) {
+ drm_printf(p, "\t\tLRC Head: Internal %u, Memory %u\n",
+ ce->ring->head,
+ ce->lrc_reg_state[CTX_RING_HEAD]);
+ drm_printf(p, "\t\tLRC Tail: Internal %u, Memory %u\n",
+ ce->ring->tail,
+ ce->lrc_reg_state[CTX_RING_TAIL]);
+ intel_context_unpin(ce);
+ } else {
+ drm_printf(p, "\t\tLRC Head: Internal %u, Memory not pinned\n",
+ ce->ring->head);
+ drm_printf(p, "\t\tLRC Tail: Internal %u, Memory not pinned\n",
+ ce->ring->tail);
+ }
drm_printf(p, "\t\tContext Pin Count: %u\n",
atomic_read(&ce->pin_count));
drm_printf(p, "\t\tGuC ID Ref Count: %u\n",
2 months, 2 weeks
- 1
- 0
FAILED: patch "[PATCH] ksmbd: fix integer overflows on 32 bit systems" failed to apply to 5.15-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 5.15-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y
git checkout FETCH_HEAD
git cherry-pick -x aab98e2dbd648510f8f51b83fbf4721206ccae45
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021018-blurry-lukewarm-5d5d@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From aab98e2dbd648510f8f51b83fbf4721206ccae45 Mon Sep 17 00:00:00 2001
From: Dan Carpenter <dan.carpenter(a)linaro.org>
Date: Wed, 15 Jan 2025 09:28:35 +0900
Subject: [PATCH] ksmbd: fix integer overflows on 32 bit systems
On 32bit systems the addition operations in ipc_msg_alloc() can
potentially overflow leading to memory corruption.
Add bounds checking using KSMBD_IPC_MAX_PAYLOAD to avoid overflow.
Fixes: 0626e6641f6b ("cifsd: add server handler for central processing and tranport layers")
Cc: stable(a)vger.kernel.org
Signed-off-by: Dan Carpenter <dan.carpenter(a)linaro.org>
Signed-off-by: Namjae Jeon <linkinjeon(a)kernel.org>
Signed-off-by: Steve French <stfrench(a)microsoft.com>
diff --git a/fs/smb/server/transport_ipc.c b/fs/smb/server/transport_ipc.c
index c0bb8c7722d7..0460ebea6ff0 100644
--- a/fs/smb/server/transport_ipc.c
+++ b/fs/smb/server/transport_ipc.c
@@ -627,6 +627,9 @@ ksmbd_ipc_spnego_authen_request(const char *spnego_blob, int blob_len)
struct ksmbd_spnego_authen_request *req;
struct ksmbd_spnego_authen_response *resp;
+ if (blob_len > KSMBD_IPC_MAX_PAYLOAD)
+ return NULL;
+
msg = ipc_msg_alloc(sizeof(struct ksmbd_spnego_authen_request) +
blob_len + 1);
if (!msg)
@@ -806,6 +809,9 @@ struct ksmbd_rpc_command *ksmbd_rpc_write(struct ksmbd_session *sess, int handle
struct ksmbd_rpc_command *req;
struct ksmbd_rpc_command *resp;
+ if (payload_sz > KSMBD_IPC_MAX_PAYLOAD)
+ return NULL;
+
msg = ipc_msg_alloc(sizeof(struct ksmbd_rpc_command) + payload_sz + 1);
if (!msg)
return NULL;
@@ -854,6 +860,9 @@ struct ksmbd_rpc_command *ksmbd_rpc_ioctl(struct ksmbd_session *sess, int handle
struct ksmbd_rpc_command *req;
struct ksmbd_rpc_command *resp;
+ if (payload_sz > KSMBD_IPC_MAX_PAYLOAD)
+ return NULL;
+
msg = ipc_msg_alloc(sizeof(struct ksmbd_rpc_command) + payload_sz + 1);
if (!msg)
return NULL;
2 months, 2 weeks
- 1
- 0
FAILED: patch "[PATCH] KVM: nVMX: Defer SVI update to vmcs01 on EOI when L2 is" failed to apply to 5.4-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 5.4-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y
git checkout FETCH_HEAD
git cherry-pick -x 04bc93cf49d16d01753b95ddb5d4f230b809a991
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021054-arbitrary-dilation-d2cd@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 04bc93cf49d16d01753b95ddb5d4f230b809a991 Mon Sep 17 00:00:00 2001
From: Chao Gao <chao.gao(a)intel.com>
Date: Wed, 27 Nov 2024 16:00:10 -0800
Subject: [PATCH] KVM: nVMX: Defer SVI update to vmcs01 on EOI when L2 is
active w/o VID
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
If KVM emulates an EOI for L1's virtual APIC while L2 is active, defer
updating GUEST_INTERUPT_STATUS.SVI, i.e. the VMCS's cache of the highest
in-service IRQ, until L1 is active, as vmcs01, not vmcs02, needs to track
vISR. The missed SVI update for vmcs01 can result in L1 interrupts being
incorrectly blocked, e.g. if there is a pending interrupt with lower
priority than the interrupt that was EOI'd.
This bug only affects use cases where L1's vAPIC is effectively passed
through to L2, e.g. in a pKVM scenario where L2 is L1's depriveleged host,
as KVM will only emulate an EOI for L1's vAPIC if Virtual Interrupt
Delivery (VID) is disabled in vmc12, and L1 isn't intercepting L2 accesses
to its (virtual) APIC page (or if x2APIC is enabled, the EOI MSR).
WARN() if KVM updates L1's ISR while L2 is active with VID enabled, as an
EOI from L2 is supposed to affect L2's vAPIC, but still defer the update,
to try to keep L1 alive. Specifically, KVM forwards all APICv-related
VM-Exits to L1 via nested_vmx_l1_wants_exit():
case EXIT_REASON_APIC_ACCESS:
case EXIT_REASON_APIC_WRITE:
case EXIT_REASON_EOI_INDUCED:
/*
* The controls for "virtualize APIC accesses," "APIC-
* register virtualization," and "virtual-interrupt
* delivery" only come from vmcs12.
*/
return true;
Fixes: c7c9c56ca26f ("x86, apicv: add virtual interrupt delivery support")
Cc: stable(a)vger.kernel.org
Link: https://lore.kernel.org/kvm/20230312180048.1778187-1-jason.cj.chen@intel.com
Reported-by: Markku Ahvenjärvi <mankku(a)gmail.com>
Closes: https://lore.kernel.org/all/20240920080012.74405-1-mankku@gmail.com
Cc: Janne Karhunen <janne.karhunen(a)gmail.com>
Signed-off-by: Chao Gao <chao.gao(a)intel.com>
[sean: drop request, handle in VMX, write changelog]
Tested-by: Chao Gao <chao.gao(a)intel.com>
Link: https://lore.kernel.org/r/20241128000010.4051275-3-seanjc@google.com
Signed-off-by: Sean Christopherson <seanjc(a)google.com>
diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c
index 39ae2f5f9866..d0913aceeae4 100644
--- a/arch/x86/kvm/lapic.c
+++ b/arch/x86/kvm/lapic.c
@@ -816,6 +816,17 @@ static inline void apic_clear_isr(int vec, struct kvm_lapic *apic)
}
}
+void kvm_apic_update_hwapic_isr(struct kvm_vcpu *vcpu)
+{
+ struct kvm_lapic *apic = vcpu->arch.apic;
+
+ if (WARN_ON_ONCE(!lapic_in_kernel(vcpu)) || !apic->apicv_active)
+ return;
+
+ kvm_x86_call(hwapic_isr_update)(vcpu, apic_find_highest_isr(apic));
+}
+EXPORT_SYMBOL_GPL(kvm_apic_update_hwapic_isr);
+
int kvm_lapic_find_highest_irr(struct kvm_vcpu *vcpu)
{
/* This may race with setting of irr in __apic_accept_irq() and
diff --git a/arch/x86/kvm/lapic.h b/arch/x86/kvm/lapic.h
index 24add38beaf0..1a8553ebdb42 100644
--- a/arch/x86/kvm/lapic.h
+++ b/arch/x86/kvm/lapic.h
@@ -118,6 +118,7 @@ void kvm_apic_send_ipi(struct kvm_lapic *apic, u32 icr_low, u32 icr_high);
int kvm_apic_set_base(struct kvm_vcpu *vcpu, u64 value, bool host_initiated);
int kvm_apic_get_state(struct kvm_vcpu *vcpu, struct kvm_lapic_state *s);
int kvm_apic_set_state(struct kvm_vcpu *vcpu, struct kvm_lapic_state *s);
+void kvm_apic_update_hwapic_isr(struct kvm_vcpu *vcpu);
int kvm_lapic_find_highest_irr(struct kvm_vcpu *vcpu);
u64 kvm_get_lapic_tscdeadline_msr(struct kvm_vcpu *vcpu);
diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c
index aa78b6f38dfe..103baa8e4cf8 100644
--- a/arch/x86/kvm/vmx/nested.c
+++ b/arch/x86/kvm/vmx/nested.c
@@ -5050,6 +5050,11 @@ void nested_vmx_vmexit(struct kvm_vcpu *vcpu, u32 vm_exit_reason,
kvm_make_request(KVM_REQ_APICV_UPDATE, vcpu);
}
+ if (vmx->nested.update_vmcs01_hwapic_isr) {
+ vmx->nested.update_vmcs01_hwapic_isr = false;
+ kvm_apic_update_hwapic_isr(vcpu);
+ }
+
if ((vm_exit_reason != -1) &&
(enable_shadow_vmcs || nested_vmx_is_evmptr12_valid(vmx)))
vmx->nested.need_vmcs12_to_shadow_sync = true;
diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
index 22cb11ab8709..01abcdcbbf70 100644
--- a/arch/x86/kvm/vmx/vmx.c
+++ b/arch/x86/kvm/vmx/vmx.c
@@ -6867,6 +6867,27 @@ void vmx_hwapic_isr_update(struct kvm_vcpu *vcpu, int max_isr)
u16 status;
u8 old;
+ /*
+ * If L2 is active, defer the SVI update until vmcs01 is loaded, as SVI
+ * is only relevant for if and only if Virtual Interrupt Delivery is
+ * enabled in vmcs12, and if VID is enabled then L2 EOIs affect L2's
+ * vAPIC, not L1's vAPIC. KVM must update vmcs01 on the next nested
+ * VM-Exit, otherwise L1 with run with a stale SVI.
+ */
+ if (is_guest_mode(vcpu)) {
+ /*
+ * KVM is supposed to forward intercepted L2 EOIs to L1 if VID
+ * is enabled in vmcs12; as above, the EOIs affect L2's vAPIC.
+ * Note, userspace can stuff state while L2 is active; assert
+ * that VID is disabled if and only if the vCPU is in KVM_RUN
+ * to avoid false positives if userspace is setting APIC state.
+ */
+ WARN_ON_ONCE(vcpu->wants_to_run &&
+ nested_cpu_has_vid(get_vmcs12(vcpu)));
+ to_vmx(vcpu)->nested.update_vmcs01_hwapic_isr = true;
+ return;
+ }
+
if (max_isr == -1)
max_isr = 0;
diff --git a/arch/x86/kvm/vmx/vmx.h b/arch/x86/kvm/vmx/vmx.h
index 43f573f6ca46..892302022094 100644
--- a/arch/x86/kvm/vmx/vmx.h
+++ b/arch/x86/kvm/vmx/vmx.h
@@ -176,6 +176,7 @@ struct nested_vmx {
bool reload_vmcs01_apic_access_page;
bool update_vmcs01_cpu_dirty_logging;
bool update_vmcs01_apicv_status;
+ bool update_vmcs01_hwapic_isr;
/*
* Enlightened VMCS has been enabled. It does not mean that L1 has to
2 months, 2 weeks
- 1
- 0
FAILED: patch "[PATCH] KVM: nVMX: Defer SVI update to vmcs01 on EOI when L2 is" failed to apply to 5.10-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 5.10-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y
git checkout FETCH_HEAD
git cherry-pick -x 04bc93cf49d16d01753b95ddb5d4f230b809a991
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021053-trout-supreme-8b3f@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 04bc93cf49d16d01753b95ddb5d4f230b809a991 Mon Sep 17 00:00:00 2001
From: Chao Gao <chao.gao(a)intel.com>
Date: Wed, 27 Nov 2024 16:00:10 -0800
Subject: [PATCH] KVM: nVMX: Defer SVI update to vmcs01 on EOI when L2 is
active w/o VID
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
If KVM emulates an EOI for L1's virtual APIC while L2 is active, defer
updating GUEST_INTERUPT_STATUS.SVI, i.e. the VMCS's cache of the highest
in-service IRQ, until L1 is active, as vmcs01, not vmcs02, needs to track
vISR. The missed SVI update for vmcs01 can result in L1 interrupts being
incorrectly blocked, e.g. if there is a pending interrupt with lower
priority than the interrupt that was EOI'd.
This bug only affects use cases where L1's vAPIC is effectively passed
through to L2, e.g. in a pKVM scenario where L2 is L1's depriveleged host,
as KVM will only emulate an EOI for L1's vAPIC if Virtual Interrupt
Delivery (VID) is disabled in vmc12, and L1 isn't intercepting L2 accesses
to its (virtual) APIC page (or if x2APIC is enabled, the EOI MSR).
WARN() if KVM updates L1's ISR while L2 is active with VID enabled, as an
EOI from L2 is supposed to affect L2's vAPIC, but still defer the update,
to try to keep L1 alive. Specifically, KVM forwards all APICv-related
VM-Exits to L1 via nested_vmx_l1_wants_exit():
case EXIT_REASON_APIC_ACCESS:
case EXIT_REASON_APIC_WRITE:
case EXIT_REASON_EOI_INDUCED:
/*
* The controls for "virtualize APIC accesses," "APIC-
* register virtualization," and "virtual-interrupt
* delivery" only come from vmcs12.
*/
return true;
Fixes: c7c9c56ca26f ("x86, apicv: add virtual interrupt delivery support")
Cc: stable(a)vger.kernel.org
Link: https://lore.kernel.org/kvm/20230312180048.1778187-1-jason.cj.chen@intel.com
Reported-by: Markku Ahvenjärvi <mankku(a)gmail.com>
Closes: https://lore.kernel.org/all/20240920080012.74405-1-mankku@gmail.com
Cc: Janne Karhunen <janne.karhunen(a)gmail.com>
Signed-off-by: Chao Gao <chao.gao(a)intel.com>
[sean: drop request, handle in VMX, write changelog]
Tested-by: Chao Gao <chao.gao(a)intel.com>
Link: https://lore.kernel.org/r/20241128000010.4051275-3-seanjc@google.com
Signed-off-by: Sean Christopherson <seanjc(a)google.com>
diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c
index 39ae2f5f9866..d0913aceeae4 100644
--- a/arch/x86/kvm/lapic.c
+++ b/arch/x86/kvm/lapic.c
@@ -816,6 +816,17 @@ static inline void apic_clear_isr(int vec, struct kvm_lapic *apic)
}
}
+void kvm_apic_update_hwapic_isr(struct kvm_vcpu *vcpu)
+{
+ struct kvm_lapic *apic = vcpu->arch.apic;
+
+ if (WARN_ON_ONCE(!lapic_in_kernel(vcpu)) || !apic->apicv_active)
+ return;
+
+ kvm_x86_call(hwapic_isr_update)(vcpu, apic_find_highest_isr(apic));
+}
+EXPORT_SYMBOL_GPL(kvm_apic_update_hwapic_isr);
+
int kvm_lapic_find_highest_irr(struct kvm_vcpu *vcpu)
{
/* This may race with setting of irr in __apic_accept_irq() and
diff --git a/arch/x86/kvm/lapic.h b/arch/x86/kvm/lapic.h
index 24add38beaf0..1a8553ebdb42 100644
--- a/arch/x86/kvm/lapic.h
+++ b/arch/x86/kvm/lapic.h
@@ -118,6 +118,7 @@ void kvm_apic_send_ipi(struct kvm_lapic *apic, u32 icr_low, u32 icr_high);
int kvm_apic_set_base(struct kvm_vcpu *vcpu, u64 value, bool host_initiated);
int kvm_apic_get_state(struct kvm_vcpu *vcpu, struct kvm_lapic_state *s);
int kvm_apic_set_state(struct kvm_vcpu *vcpu, struct kvm_lapic_state *s);
+void kvm_apic_update_hwapic_isr(struct kvm_vcpu *vcpu);
int kvm_lapic_find_highest_irr(struct kvm_vcpu *vcpu);
u64 kvm_get_lapic_tscdeadline_msr(struct kvm_vcpu *vcpu);
diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c
index aa78b6f38dfe..103baa8e4cf8 100644
--- a/arch/x86/kvm/vmx/nested.c
+++ b/arch/x86/kvm/vmx/nested.c
@@ -5050,6 +5050,11 @@ void nested_vmx_vmexit(struct kvm_vcpu *vcpu, u32 vm_exit_reason,
kvm_make_request(KVM_REQ_APICV_UPDATE, vcpu);
}
+ if (vmx->nested.update_vmcs01_hwapic_isr) {
+ vmx->nested.update_vmcs01_hwapic_isr = false;
+ kvm_apic_update_hwapic_isr(vcpu);
+ }
+
if ((vm_exit_reason != -1) &&
(enable_shadow_vmcs || nested_vmx_is_evmptr12_valid(vmx)))
vmx->nested.need_vmcs12_to_shadow_sync = true;
diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
index 22cb11ab8709..01abcdcbbf70 100644
--- a/arch/x86/kvm/vmx/vmx.c
+++ b/arch/x86/kvm/vmx/vmx.c
@@ -6867,6 +6867,27 @@ void vmx_hwapic_isr_update(struct kvm_vcpu *vcpu, int max_isr)
u16 status;
u8 old;
+ /*
+ * If L2 is active, defer the SVI update until vmcs01 is loaded, as SVI
+ * is only relevant for if and only if Virtual Interrupt Delivery is
+ * enabled in vmcs12, and if VID is enabled then L2 EOIs affect L2's
+ * vAPIC, not L1's vAPIC. KVM must update vmcs01 on the next nested
+ * VM-Exit, otherwise L1 with run with a stale SVI.
+ */
+ if (is_guest_mode(vcpu)) {
+ /*
+ * KVM is supposed to forward intercepted L2 EOIs to L1 if VID
+ * is enabled in vmcs12; as above, the EOIs affect L2's vAPIC.
+ * Note, userspace can stuff state while L2 is active; assert
+ * that VID is disabled if and only if the vCPU is in KVM_RUN
+ * to avoid false positives if userspace is setting APIC state.
+ */
+ WARN_ON_ONCE(vcpu->wants_to_run &&
+ nested_cpu_has_vid(get_vmcs12(vcpu)));
+ to_vmx(vcpu)->nested.update_vmcs01_hwapic_isr = true;
+ return;
+ }
+
if (max_isr == -1)
max_isr = 0;
diff --git a/arch/x86/kvm/vmx/vmx.h b/arch/x86/kvm/vmx/vmx.h
index 43f573f6ca46..892302022094 100644
--- a/arch/x86/kvm/vmx/vmx.h
+++ b/arch/x86/kvm/vmx/vmx.h
@@ -176,6 +176,7 @@ struct nested_vmx {
bool reload_vmcs01_apic_access_page;
bool update_vmcs01_cpu_dirty_logging;
bool update_vmcs01_apicv_status;
+ bool update_vmcs01_hwapic_isr;
/*
* Enlightened VMCS has been enabled. It does not mean that L1 has to
2 months, 2 weeks
- 1
- 0
FAILED: patch "[PATCH] KVM: nVMX: Defer SVI update to vmcs01 on EOI when L2 is" failed to apply to 5.15-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 5.15-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y
git checkout FETCH_HEAD
git cherry-pick -x 04bc93cf49d16d01753b95ddb5d4f230b809a991
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021051-gender-figure-95e1@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 04bc93cf49d16d01753b95ddb5d4f230b809a991 Mon Sep 17 00:00:00 2001
From: Chao Gao <chao.gao(a)intel.com>
Date: Wed, 27 Nov 2024 16:00:10 -0800
Subject: [PATCH] KVM: nVMX: Defer SVI update to vmcs01 on EOI when L2 is
active w/o VID
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
If KVM emulates an EOI for L1's virtual APIC while L2 is active, defer
updating GUEST_INTERUPT_STATUS.SVI, i.e. the VMCS's cache of the highest
in-service IRQ, until L1 is active, as vmcs01, not vmcs02, needs to track
vISR. The missed SVI update for vmcs01 can result in L1 interrupts being
incorrectly blocked, e.g. if there is a pending interrupt with lower
priority than the interrupt that was EOI'd.
This bug only affects use cases where L1's vAPIC is effectively passed
through to L2, e.g. in a pKVM scenario where L2 is L1's depriveleged host,
as KVM will only emulate an EOI for L1's vAPIC if Virtual Interrupt
Delivery (VID) is disabled in vmc12, and L1 isn't intercepting L2 accesses
to its (virtual) APIC page (or if x2APIC is enabled, the EOI MSR).
WARN() if KVM updates L1's ISR while L2 is active with VID enabled, as an
EOI from L2 is supposed to affect L2's vAPIC, but still defer the update,
to try to keep L1 alive. Specifically, KVM forwards all APICv-related
VM-Exits to L1 via nested_vmx_l1_wants_exit():
case EXIT_REASON_APIC_ACCESS:
case EXIT_REASON_APIC_WRITE:
case EXIT_REASON_EOI_INDUCED:
/*
* The controls for "virtualize APIC accesses," "APIC-
* register virtualization," and "virtual-interrupt
* delivery" only come from vmcs12.
*/
return true;
Fixes: c7c9c56ca26f ("x86, apicv: add virtual interrupt delivery support")
Cc: stable(a)vger.kernel.org
Link: https://lore.kernel.org/kvm/20230312180048.1778187-1-jason.cj.chen@intel.com
Reported-by: Markku Ahvenjärvi <mankku(a)gmail.com>
Closes: https://lore.kernel.org/all/20240920080012.74405-1-mankku@gmail.com
Cc: Janne Karhunen <janne.karhunen(a)gmail.com>
Signed-off-by: Chao Gao <chao.gao(a)intel.com>
[sean: drop request, handle in VMX, write changelog]
Tested-by: Chao Gao <chao.gao(a)intel.com>
Link: https://lore.kernel.org/r/20241128000010.4051275-3-seanjc@google.com
Signed-off-by: Sean Christopherson <seanjc(a)google.com>
diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c
index 39ae2f5f9866..d0913aceeae4 100644
--- a/arch/x86/kvm/lapic.c
+++ b/arch/x86/kvm/lapic.c
@@ -816,6 +816,17 @@ static inline void apic_clear_isr(int vec, struct kvm_lapic *apic)
}
}
+void kvm_apic_update_hwapic_isr(struct kvm_vcpu *vcpu)
+{
+ struct kvm_lapic *apic = vcpu->arch.apic;
+
+ if (WARN_ON_ONCE(!lapic_in_kernel(vcpu)) || !apic->apicv_active)
+ return;
+
+ kvm_x86_call(hwapic_isr_update)(vcpu, apic_find_highest_isr(apic));
+}
+EXPORT_SYMBOL_GPL(kvm_apic_update_hwapic_isr);
+
int kvm_lapic_find_highest_irr(struct kvm_vcpu *vcpu)
{
/* This may race with setting of irr in __apic_accept_irq() and
diff --git a/arch/x86/kvm/lapic.h b/arch/x86/kvm/lapic.h
index 24add38beaf0..1a8553ebdb42 100644
--- a/arch/x86/kvm/lapic.h
+++ b/arch/x86/kvm/lapic.h
@@ -118,6 +118,7 @@ void kvm_apic_send_ipi(struct kvm_lapic *apic, u32 icr_low, u32 icr_high);
int kvm_apic_set_base(struct kvm_vcpu *vcpu, u64 value, bool host_initiated);
int kvm_apic_get_state(struct kvm_vcpu *vcpu, struct kvm_lapic_state *s);
int kvm_apic_set_state(struct kvm_vcpu *vcpu, struct kvm_lapic_state *s);
+void kvm_apic_update_hwapic_isr(struct kvm_vcpu *vcpu);
int kvm_lapic_find_highest_irr(struct kvm_vcpu *vcpu);
u64 kvm_get_lapic_tscdeadline_msr(struct kvm_vcpu *vcpu);
diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c
index aa78b6f38dfe..103baa8e4cf8 100644
--- a/arch/x86/kvm/vmx/nested.c
+++ b/arch/x86/kvm/vmx/nested.c
@@ -5050,6 +5050,11 @@ void nested_vmx_vmexit(struct kvm_vcpu *vcpu, u32 vm_exit_reason,
kvm_make_request(KVM_REQ_APICV_UPDATE, vcpu);
}
+ if (vmx->nested.update_vmcs01_hwapic_isr) {
+ vmx->nested.update_vmcs01_hwapic_isr = false;
+ kvm_apic_update_hwapic_isr(vcpu);
+ }
+
if ((vm_exit_reason != -1) &&
(enable_shadow_vmcs || nested_vmx_is_evmptr12_valid(vmx)))
vmx->nested.need_vmcs12_to_shadow_sync = true;
diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
index 22cb11ab8709..01abcdcbbf70 100644
--- a/arch/x86/kvm/vmx/vmx.c
+++ b/arch/x86/kvm/vmx/vmx.c
@@ -6867,6 +6867,27 @@ void vmx_hwapic_isr_update(struct kvm_vcpu *vcpu, int max_isr)
u16 status;
u8 old;
+ /*
+ * If L2 is active, defer the SVI update until vmcs01 is loaded, as SVI
+ * is only relevant for if and only if Virtual Interrupt Delivery is
+ * enabled in vmcs12, and if VID is enabled then L2 EOIs affect L2's
+ * vAPIC, not L1's vAPIC. KVM must update vmcs01 on the next nested
+ * VM-Exit, otherwise L1 with run with a stale SVI.
+ */
+ if (is_guest_mode(vcpu)) {
+ /*
+ * KVM is supposed to forward intercepted L2 EOIs to L1 if VID
+ * is enabled in vmcs12; as above, the EOIs affect L2's vAPIC.
+ * Note, userspace can stuff state while L2 is active; assert
+ * that VID is disabled if and only if the vCPU is in KVM_RUN
+ * to avoid false positives if userspace is setting APIC state.
+ */
+ WARN_ON_ONCE(vcpu->wants_to_run &&
+ nested_cpu_has_vid(get_vmcs12(vcpu)));
+ to_vmx(vcpu)->nested.update_vmcs01_hwapic_isr = true;
+ return;
+ }
+
if (max_isr == -1)
max_isr = 0;
diff --git a/arch/x86/kvm/vmx/vmx.h b/arch/x86/kvm/vmx/vmx.h
index 43f573f6ca46..892302022094 100644
--- a/arch/x86/kvm/vmx/vmx.h
+++ b/arch/x86/kvm/vmx/vmx.h
@@ -176,6 +176,7 @@ struct nested_vmx {
bool reload_vmcs01_apic_access_page;
bool update_vmcs01_cpu_dirty_logging;
bool update_vmcs01_apicv_status;
+ bool update_vmcs01_hwapic_isr;
/*
* Enlightened VMCS has been enabled. It does not mean that L1 has to
2 months, 2 weeks
- 1
- 0
FAILED: patch "[PATCH] KVM: nVMX: Defer SVI update to vmcs01 on EOI when L2 is" failed to apply to 6.1-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.1-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y
git checkout FETCH_HEAD
git cherry-pick -x 04bc93cf49d16d01753b95ddb5d4f230b809a991
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021050-undertone-outlying-d78e@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 04bc93cf49d16d01753b95ddb5d4f230b809a991 Mon Sep 17 00:00:00 2001
From: Chao Gao <chao.gao(a)intel.com>
Date: Wed, 27 Nov 2024 16:00:10 -0800
Subject: [PATCH] KVM: nVMX: Defer SVI update to vmcs01 on EOI when L2 is
active w/o VID
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
If KVM emulates an EOI for L1's virtual APIC while L2 is active, defer
updating GUEST_INTERUPT_STATUS.SVI, i.e. the VMCS's cache of the highest
in-service IRQ, until L1 is active, as vmcs01, not vmcs02, needs to track
vISR. The missed SVI update for vmcs01 can result in L1 interrupts being
incorrectly blocked, e.g. if there is a pending interrupt with lower
priority than the interrupt that was EOI'd.
This bug only affects use cases where L1's vAPIC is effectively passed
through to L2, e.g. in a pKVM scenario where L2 is L1's depriveleged host,
as KVM will only emulate an EOI for L1's vAPIC if Virtual Interrupt
Delivery (VID) is disabled in vmc12, and L1 isn't intercepting L2 accesses
to its (virtual) APIC page (or if x2APIC is enabled, the EOI MSR).
WARN() if KVM updates L1's ISR while L2 is active with VID enabled, as an
EOI from L2 is supposed to affect L2's vAPIC, but still defer the update,
to try to keep L1 alive. Specifically, KVM forwards all APICv-related
VM-Exits to L1 via nested_vmx_l1_wants_exit():
case EXIT_REASON_APIC_ACCESS:
case EXIT_REASON_APIC_WRITE:
case EXIT_REASON_EOI_INDUCED:
/*
* The controls for "virtualize APIC accesses," "APIC-
* register virtualization," and "virtual-interrupt
* delivery" only come from vmcs12.
*/
return true;
Fixes: c7c9c56ca26f ("x86, apicv: add virtual interrupt delivery support")
Cc: stable(a)vger.kernel.org
Link: https://lore.kernel.org/kvm/20230312180048.1778187-1-jason.cj.chen@intel.com
Reported-by: Markku Ahvenjärvi <mankku(a)gmail.com>
Closes: https://lore.kernel.org/all/20240920080012.74405-1-mankku@gmail.com
Cc: Janne Karhunen <janne.karhunen(a)gmail.com>
Signed-off-by: Chao Gao <chao.gao(a)intel.com>
[sean: drop request, handle in VMX, write changelog]
Tested-by: Chao Gao <chao.gao(a)intel.com>
Link: https://lore.kernel.org/r/20241128000010.4051275-3-seanjc@google.com
Signed-off-by: Sean Christopherson <seanjc(a)google.com>
diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c
index 39ae2f5f9866..d0913aceeae4 100644
--- a/arch/x86/kvm/lapic.c
+++ b/arch/x86/kvm/lapic.c
@@ -816,6 +816,17 @@ static inline void apic_clear_isr(int vec, struct kvm_lapic *apic)
}
}
+void kvm_apic_update_hwapic_isr(struct kvm_vcpu *vcpu)
+{
+ struct kvm_lapic *apic = vcpu->arch.apic;
+
+ if (WARN_ON_ONCE(!lapic_in_kernel(vcpu)) || !apic->apicv_active)
+ return;
+
+ kvm_x86_call(hwapic_isr_update)(vcpu, apic_find_highest_isr(apic));
+}
+EXPORT_SYMBOL_GPL(kvm_apic_update_hwapic_isr);
+
int kvm_lapic_find_highest_irr(struct kvm_vcpu *vcpu)
{
/* This may race with setting of irr in __apic_accept_irq() and
diff --git a/arch/x86/kvm/lapic.h b/arch/x86/kvm/lapic.h
index 24add38beaf0..1a8553ebdb42 100644
--- a/arch/x86/kvm/lapic.h
+++ b/arch/x86/kvm/lapic.h
@@ -118,6 +118,7 @@ void kvm_apic_send_ipi(struct kvm_lapic *apic, u32 icr_low, u32 icr_high);
int kvm_apic_set_base(struct kvm_vcpu *vcpu, u64 value, bool host_initiated);
int kvm_apic_get_state(struct kvm_vcpu *vcpu, struct kvm_lapic_state *s);
int kvm_apic_set_state(struct kvm_vcpu *vcpu, struct kvm_lapic_state *s);
+void kvm_apic_update_hwapic_isr(struct kvm_vcpu *vcpu);
int kvm_lapic_find_highest_irr(struct kvm_vcpu *vcpu);
u64 kvm_get_lapic_tscdeadline_msr(struct kvm_vcpu *vcpu);
diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c
index aa78b6f38dfe..103baa8e4cf8 100644
--- a/arch/x86/kvm/vmx/nested.c
+++ b/arch/x86/kvm/vmx/nested.c
@@ -5050,6 +5050,11 @@ void nested_vmx_vmexit(struct kvm_vcpu *vcpu, u32 vm_exit_reason,
kvm_make_request(KVM_REQ_APICV_UPDATE, vcpu);
}
+ if (vmx->nested.update_vmcs01_hwapic_isr) {
+ vmx->nested.update_vmcs01_hwapic_isr = false;
+ kvm_apic_update_hwapic_isr(vcpu);
+ }
+
if ((vm_exit_reason != -1) &&
(enable_shadow_vmcs || nested_vmx_is_evmptr12_valid(vmx)))
vmx->nested.need_vmcs12_to_shadow_sync = true;
diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
index 22cb11ab8709..01abcdcbbf70 100644
--- a/arch/x86/kvm/vmx/vmx.c
+++ b/arch/x86/kvm/vmx/vmx.c
@@ -6867,6 +6867,27 @@ void vmx_hwapic_isr_update(struct kvm_vcpu *vcpu, int max_isr)
u16 status;
u8 old;
+ /*
+ * If L2 is active, defer the SVI update until vmcs01 is loaded, as SVI
+ * is only relevant for if and only if Virtual Interrupt Delivery is
+ * enabled in vmcs12, and if VID is enabled then L2 EOIs affect L2's
+ * vAPIC, not L1's vAPIC. KVM must update vmcs01 on the next nested
+ * VM-Exit, otherwise L1 with run with a stale SVI.
+ */
+ if (is_guest_mode(vcpu)) {
+ /*
+ * KVM is supposed to forward intercepted L2 EOIs to L1 if VID
+ * is enabled in vmcs12; as above, the EOIs affect L2's vAPIC.
+ * Note, userspace can stuff state while L2 is active; assert
+ * that VID is disabled if and only if the vCPU is in KVM_RUN
+ * to avoid false positives if userspace is setting APIC state.
+ */
+ WARN_ON_ONCE(vcpu->wants_to_run &&
+ nested_cpu_has_vid(get_vmcs12(vcpu)));
+ to_vmx(vcpu)->nested.update_vmcs01_hwapic_isr = true;
+ return;
+ }
+
if (max_isr == -1)
max_isr = 0;
diff --git a/arch/x86/kvm/vmx/vmx.h b/arch/x86/kvm/vmx/vmx.h
index 43f573f6ca46..892302022094 100644
--- a/arch/x86/kvm/vmx/vmx.h
+++ b/arch/x86/kvm/vmx/vmx.h
@@ -176,6 +176,7 @@ struct nested_vmx {
bool reload_vmcs01_apic_access_page;
bool update_vmcs01_cpu_dirty_logging;
bool update_vmcs01_apicv_status;
+ bool update_vmcs01_hwapic_isr;
/*
* Enlightened VMCS has been enabled. It does not mean that L1 has to
2 months, 2 weeks
- 1
- 0
FAILED: patch "[PATCH] KVM: nVMX: Defer SVI update to vmcs01 on EOI when L2 is" failed to apply to 6.6-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.6-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y
git checkout FETCH_HEAD
git cherry-pick -x 04bc93cf49d16d01753b95ddb5d4f230b809a991
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021049-sprinkler-amaretto-8596@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 04bc93cf49d16d01753b95ddb5d4f230b809a991 Mon Sep 17 00:00:00 2001
From: Chao Gao <chao.gao(a)intel.com>
Date: Wed, 27 Nov 2024 16:00:10 -0800
Subject: [PATCH] KVM: nVMX: Defer SVI update to vmcs01 on EOI when L2 is
active w/o VID
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
If KVM emulates an EOI for L1's virtual APIC while L2 is active, defer
updating GUEST_INTERUPT_STATUS.SVI, i.e. the VMCS's cache of the highest
in-service IRQ, until L1 is active, as vmcs01, not vmcs02, needs to track
vISR. The missed SVI update for vmcs01 can result in L1 interrupts being
incorrectly blocked, e.g. if there is a pending interrupt with lower
priority than the interrupt that was EOI'd.
This bug only affects use cases where L1's vAPIC is effectively passed
through to L2, e.g. in a pKVM scenario where L2 is L1's depriveleged host,
as KVM will only emulate an EOI for L1's vAPIC if Virtual Interrupt
Delivery (VID) is disabled in vmc12, and L1 isn't intercepting L2 accesses
to its (virtual) APIC page (or if x2APIC is enabled, the EOI MSR).
WARN() if KVM updates L1's ISR while L2 is active with VID enabled, as an
EOI from L2 is supposed to affect L2's vAPIC, but still defer the update,
to try to keep L1 alive. Specifically, KVM forwards all APICv-related
VM-Exits to L1 via nested_vmx_l1_wants_exit():
case EXIT_REASON_APIC_ACCESS:
case EXIT_REASON_APIC_WRITE:
case EXIT_REASON_EOI_INDUCED:
/*
* The controls for "virtualize APIC accesses," "APIC-
* register virtualization," and "virtual-interrupt
* delivery" only come from vmcs12.
*/
return true;
Fixes: c7c9c56ca26f ("x86, apicv: add virtual interrupt delivery support")
Cc: stable(a)vger.kernel.org
Link: https://lore.kernel.org/kvm/20230312180048.1778187-1-jason.cj.chen@intel.com
Reported-by: Markku Ahvenjärvi <mankku(a)gmail.com>
Closes: https://lore.kernel.org/all/20240920080012.74405-1-mankku@gmail.com
Cc: Janne Karhunen <janne.karhunen(a)gmail.com>
Signed-off-by: Chao Gao <chao.gao(a)intel.com>
[sean: drop request, handle in VMX, write changelog]
Tested-by: Chao Gao <chao.gao(a)intel.com>
Link: https://lore.kernel.org/r/20241128000010.4051275-3-seanjc@google.com
Signed-off-by: Sean Christopherson <seanjc(a)google.com>
diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c
index 39ae2f5f9866..d0913aceeae4 100644
--- a/arch/x86/kvm/lapic.c
+++ b/arch/x86/kvm/lapic.c
@@ -816,6 +816,17 @@ static inline void apic_clear_isr(int vec, struct kvm_lapic *apic)
}
}
+void kvm_apic_update_hwapic_isr(struct kvm_vcpu *vcpu)
+{
+ struct kvm_lapic *apic = vcpu->arch.apic;
+
+ if (WARN_ON_ONCE(!lapic_in_kernel(vcpu)) || !apic->apicv_active)
+ return;
+
+ kvm_x86_call(hwapic_isr_update)(vcpu, apic_find_highest_isr(apic));
+}
+EXPORT_SYMBOL_GPL(kvm_apic_update_hwapic_isr);
+
int kvm_lapic_find_highest_irr(struct kvm_vcpu *vcpu)
{
/* This may race with setting of irr in __apic_accept_irq() and
diff --git a/arch/x86/kvm/lapic.h b/arch/x86/kvm/lapic.h
index 24add38beaf0..1a8553ebdb42 100644
--- a/arch/x86/kvm/lapic.h
+++ b/arch/x86/kvm/lapic.h
@@ -118,6 +118,7 @@ void kvm_apic_send_ipi(struct kvm_lapic *apic, u32 icr_low, u32 icr_high);
int kvm_apic_set_base(struct kvm_vcpu *vcpu, u64 value, bool host_initiated);
int kvm_apic_get_state(struct kvm_vcpu *vcpu, struct kvm_lapic_state *s);
int kvm_apic_set_state(struct kvm_vcpu *vcpu, struct kvm_lapic_state *s);
+void kvm_apic_update_hwapic_isr(struct kvm_vcpu *vcpu);
int kvm_lapic_find_highest_irr(struct kvm_vcpu *vcpu);
u64 kvm_get_lapic_tscdeadline_msr(struct kvm_vcpu *vcpu);
diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c
index aa78b6f38dfe..103baa8e4cf8 100644
--- a/arch/x86/kvm/vmx/nested.c
+++ b/arch/x86/kvm/vmx/nested.c
@@ -5050,6 +5050,11 @@ void nested_vmx_vmexit(struct kvm_vcpu *vcpu, u32 vm_exit_reason,
kvm_make_request(KVM_REQ_APICV_UPDATE, vcpu);
}
+ if (vmx->nested.update_vmcs01_hwapic_isr) {
+ vmx->nested.update_vmcs01_hwapic_isr = false;
+ kvm_apic_update_hwapic_isr(vcpu);
+ }
+
if ((vm_exit_reason != -1) &&
(enable_shadow_vmcs || nested_vmx_is_evmptr12_valid(vmx)))
vmx->nested.need_vmcs12_to_shadow_sync = true;
diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
index 22cb11ab8709..01abcdcbbf70 100644
--- a/arch/x86/kvm/vmx/vmx.c
+++ b/arch/x86/kvm/vmx/vmx.c
@@ -6867,6 +6867,27 @@ void vmx_hwapic_isr_update(struct kvm_vcpu *vcpu, int max_isr)
u16 status;
u8 old;
+ /*
+ * If L2 is active, defer the SVI update until vmcs01 is loaded, as SVI
+ * is only relevant for if and only if Virtual Interrupt Delivery is
+ * enabled in vmcs12, and if VID is enabled then L2 EOIs affect L2's
+ * vAPIC, not L1's vAPIC. KVM must update vmcs01 on the next nested
+ * VM-Exit, otherwise L1 with run with a stale SVI.
+ */
+ if (is_guest_mode(vcpu)) {
+ /*
+ * KVM is supposed to forward intercepted L2 EOIs to L1 if VID
+ * is enabled in vmcs12; as above, the EOIs affect L2's vAPIC.
+ * Note, userspace can stuff state while L2 is active; assert
+ * that VID is disabled if and only if the vCPU is in KVM_RUN
+ * to avoid false positives if userspace is setting APIC state.
+ */
+ WARN_ON_ONCE(vcpu->wants_to_run &&
+ nested_cpu_has_vid(get_vmcs12(vcpu)));
+ to_vmx(vcpu)->nested.update_vmcs01_hwapic_isr = true;
+ return;
+ }
+
if (max_isr == -1)
max_isr = 0;
diff --git a/arch/x86/kvm/vmx/vmx.h b/arch/x86/kvm/vmx/vmx.h
index 43f573f6ca46..892302022094 100644
--- a/arch/x86/kvm/vmx/vmx.h
+++ b/arch/x86/kvm/vmx/vmx.h
@@ -176,6 +176,7 @@ struct nested_vmx {
bool reload_vmcs01_apic_access_page;
bool update_vmcs01_cpu_dirty_logging;
bool update_vmcs01_apicv_status;
+ bool update_vmcs01_hwapic_isr;
/*
* Enlightened VMCS has been enabled. It does not mean that L1 has to
2 months, 2 weeks
- 1
- 0
FAILED: patch "[PATCH] KVM: nVMX: Defer SVI update to vmcs01 on EOI when L2 is" failed to apply to 6.12-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.12-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y
git checkout FETCH_HEAD
git cherry-pick -x 04bc93cf49d16d01753b95ddb5d4f230b809a991
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021048-giggly-device-2286@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 04bc93cf49d16d01753b95ddb5d4f230b809a991 Mon Sep 17 00:00:00 2001
From: Chao Gao <chao.gao(a)intel.com>
Date: Wed, 27 Nov 2024 16:00:10 -0800
Subject: [PATCH] KVM: nVMX: Defer SVI update to vmcs01 on EOI when L2 is
active w/o VID
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
If KVM emulates an EOI for L1's virtual APIC while L2 is active, defer
updating GUEST_INTERUPT_STATUS.SVI, i.e. the VMCS's cache of the highest
in-service IRQ, until L1 is active, as vmcs01, not vmcs02, needs to track
vISR. The missed SVI update for vmcs01 can result in L1 interrupts being
incorrectly blocked, e.g. if there is a pending interrupt with lower
priority than the interrupt that was EOI'd.
This bug only affects use cases where L1's vAPIC is effectively passed
through to L2, e.g. in a pKVM scenario where L2 is L1's depriveleged host,
as KVM will only emulate an EOI for L1's vAPIC if Virtual Interrupt
Delivery (VID) is disabled in vmc12, and L1 isn't intercepting L2 accesses
to its (virtual) APIC page (or if x2APIC is enabled, the EOI MSR).
WARN() if KVM updates L1's ISR while L2 is active with VID enabled, as an
EOI from L2 is supposed to affect L2's vAPIC, but still defer the update,
to try to keep L1 alive. Specifically, KVM forwards all APICv-related
VM-Exits to L1 via nested_vmx_l1_wants_exit():
case EXIT_REASON_APIC_ACCESS:
case EXIT_REASON_APIC_WRITE:
case EXIT_REASON_EOI_INDUCED:
/*
* The controls for "virtualize APIC accesses," "APIC-
* register virtualization," and "virtual-interrupt
* delivery" only come from vmcs12.
*/
return true;
Fixes: c7c9c56ca26f ("x86, apicv: add virtual interrupt delivery support")
Cc: stable(a)vger.kernel.org
Link: https://lore.kernel.org/kvm/20230312180048.1778187-1-jason.cj.chen@intel.com
Reported-by: Markku Ahvenjärvi <mankku(a)gmail.com>
Closes: https://lore.kernel.org/all/20240920080012.74405-1-mankku@gmail.com
Cc: Janne Karhunen <janne.karhunen(a)gmail.com>
Signed-off-by: Chao Gao <chao.gao(a)intel.com>
[sean: drop request, handle in VMX, write changelog]
Tested-by: Chao Gao <chao.gao(a)intel.com>
Link: https://lore.kernel.org/r/20241128000010.4051275-3-seanjc@google.com
Signed-off-by: Sean Christopherson <seanjc(a)google.com>
diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c
index 39ae2f5f9866..d0913aceeae4 100644
--- a/arch/x86/kvm/lapic.c
+++ b/arch/x86/kvm/lapic.c
@@ -816,6 +816,17 @@ static inline void apic_clear_isr(int vec, struct kvm_lapic *apic)
}
}
+void kvm_apic_update_hwapic_isr(struct kvm_vcpu *vcpu)
+{
+ struct kvm_lapic *apic = vcpu->arch.apic;
+
+ if (WARN_ON_ONCE(!lapic_in_kernel(vcpu)) || !apic->apicv_active)
+ return;
+
+ kvm_x86_call(hwapic_isr_update)(vcpu, apic_find_highest_isr(apic));
+}
+EXPORT_SYMBOL_GPL(kvm_apic_update_hwapic_isr);
+
int kvm_lapic_find_highest_irr(struct kvm_vcpu *vcpu)
{
/* This may race with setting of irr in __apic_accept_irq() and
diff --git a/arch/x86/kvm/lapic.h b/arch/x86/kvm/lapic.h
index 24add38beaf0..1a8553ebdb42 100644
--- a/arch/x86/kvm/lapic.h
+++ b/arch/x86/kvm/lapic.h
@@ -118,6 +118,7 @@ void kvm_apic_send_ipi(struct kvm_lapic *apic, u32 icr_low, u32 icr_high);
int kvm_apic_set_base(struct kvm_vcpu *vcpu, u64 value, bool host_initiated);
int kvm_apic_get_state(struct kvm_vcpu *vcpu, struct kvm_lapic_state *s);
int kvm_apic_set_state(struct kvm_vcpu *vcpu, struct kvm_lapic_state *s);
+void kvm_apic_update_hwapic_isr(struct kvm_vcpu *vcpu);
int kvm_lapic_find_highest_irr(struct kvm_vcpu *vcpu);
u64 kvm_get_lapic_tscdeadline_msr(struct kvm_vcpu *vcpu);
diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c
index aa78b6f38dfe..103baa8e4cf8 100644
--- a/arch/x86/kvm/vmx/nested.c
+++ b/arch/x86/kvm/vmx/nested.c
@@ -5050,6 +5050,11 @@ void nested_vmx_vmexit(struct kvm_vcpu *vcpu, u32 vm_exit_reason,
kvm_make_request(KVM_REQ_APICV_UPDATE, vcpu);
}
+ if (vmx->nested.update_vmcs01_hwapic_isr) {
+ vmx->nested.update_vmcs01_hwapic_isr = false;
+ kvm_apic_update_hwapic_isr(vcpu);
+ }
+
if ((vm_exit_reason != -1) &&
(enable_shadow_vmcs || nested_vmx_is_evmptr12_valid(vmx)))
vmx->nested.need_vmcs12_to_shadow_sync = true;
diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
index 22cb11ab8709..01abcdcbbf70 100644
--- a/arch/x86/kvm/vmx/vmx.c
+++ b/arch/x86/kvm/vmx/vmx.c
@@ -6867,6 +6867,27 @@ void vmx_hwapic_isr_update(struct kvm_vcpu *vcpu, int max_isr)
u16 status;
u8 old;
+ /*
+ * If L2 is active, defer the SVI update until vmcs01 is loaded, as SVI
+ * is only relevant for if and only if Virtual Interrupt Delivery is
+ * enabled in vmcs12, and if VID is enabled then L2 EOIs affect L2's
+ * vAPIC, not L1's vAPIC. KVM must update vmcs01 on the next nested
+ * VM-Exit, otherwise L1 with run with a stale SVI.
+ */
+ if (is_guest_mode(vcpu)) {
+ /*
+ * KVM is supposed to forward intercepted L2 EOIs to L1 if VID
+ * is enabled in vmcs12; as above, the EOIs affect L2's vAPIC.
+ * Note, userspace can stuff state while L2 is active; assert
+ * that VID is disabled if and only if the vCPU is in KVM_RUN
+ * to avoid false positives if userspace is setting APIC state.
+ */
+ WARN_ON_ONCE(vcpu->wants_to_run &&
+ nested_cpu_has_vid(get_vmcs12(vcpu)));
+ to_vmx(vcpu)->nested.update_vmcs01_hwapic_isr = true;
+ return;
+ }
+
if (max_isr == -1)
max_isr = 0;
diff --git a/arch/x86/kvm/vmx/vmx.h b/arch/x86/kvm/vmx/vmx.h
index 43f573f6ca46..892302022094 100644
--- a/arch/x86/kvm/vmx/vmx.h
+++ b/arch/x86/kvm/vmx/vmx.h
@@ -176,6 +176,7 @@ struct nested_vmx {
bool reload_vmcs01_apic_access_page;
bool update_vmcs01_cpu_dirty_logging;
bool update_vmcs01_apicv_status;
+ bool update_vmcs01_hwapic_isr;
/*
* Enlightened VMCS has been enabled. It does not mean that L1 has to
2 months, 2 weeks
- 1
- 0
FAILED: patch "[PATCH] arm64/sme: Move storage of reg_smidr to __cpuinfo_store_cpu()" failed to apply to 6.1-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.1-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y
git checkout FETCH_HEAD
git cherry-pick -x d3c7c48d004f6c8d892f39b5d69884fd0fe98c81
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021015-natural-sleek-dde1@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From d3c7c48d004f6c8d892f39b5d69884fd0fe98c81 Mon Sep 17 00:00:00 2001
From: Mark Brown <broonie(a)kernel.org>
Date: Tue, 17 Dec 2024 21:59:48 +0000
Subject: [PATCH] arm64/sme: Move storage of reg_smidr to __cpuinfo_store_cpu()
In commit 892f7237b3ff ("arm64: Delay initialisation of
cpuinfo_arm64::reg_{zcr,smcr}") we moved access to ZCR, SMCR and SMIDR
later in the boot process in order to ensure that we don't attempt to
interact with them if SVE or SME is disabled on the command line.
Unfortunately when initialising the boot CPU in init_cpu_features() we work
on a copy of the struct cpuinfo_arm64 for the boot CPU used only during
boot, not the percpu copy used by the sysfs code. The expectation of the
feature identification code was that the ID registers would be read in
__cpuinfo_store_cpu() and the values not modified by init_cpu_features().
The main reason for the original change was to avoid early accesses to
ZCR on practical systems that were seen shipping with SVE reported in ID
registers but traps enabled at EL3 and handled as fatal errors, SME was
rolled in due to the similarity with SVE. Since then we have removed the
early accesses to ZCR and SMCR in commits:
abef0695f9665c3d ("arm64/sve: Remove ZCR pseudo register from cpufeature code")
391208485c3ad50f ("arm64/sve: Remove SMCR pseudo register from cpufeature code")
so only the SMIDR_EL1 part of the change remains. Since SMIDR_EL1 is
only trapped via FEAT_IDST and not the SME trap it is less likely to be
affected by similar issues, and the factors that lead to issues with SVE
are less likely to apply to SME.
Since we have not yet seen practical SME systems that need to use a
command line override (and are only just beginning to see SME systems at
all) and the ID register read is much more likely to be safe let's just
store SMIDR_EL1 along with all the other ID register reads in
__cpuinfo_store_cpu().
This issue wasn't apparent when testing on emulated platforms that do not
report values in SMIDR_EL1.
Fixes: 892f7237b3ff ("arm64: Delay initialisation of cpuinfo_arm64::reg_{zcr,smcr}")
Signed-off-by: Mark Brown <broonie(a)kernel.org>
Cc: stable(a)vger.kernel.org
Link: https://lore.kernel.org/r/20241217-arm64-fix-boot-cpu-smidr-v3-1-7be278a856…
Signed-off-by: Will Deacon <will(a)kernel.org>
diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
index 13de0c7af053..b105e6683571 100644
--- a/arch/arm64/kernel/cpufeature.c
+++ b/arch/arm64/kernel/cpufeature.c
@@ -1166,12 +1166,6 @@ void __init init_cpu_features(struct cpuinfo_arm64 *info)
id_aa64pfr1_sme(read_sanitised_ftr_reg(SYS_ID_AA64PFR1_EL1))) {
unsigned long cpacr = cpacr_save_enable_kernel_sme();
- /*
- * We mask out SMPS since even if the hardware
- * supports priorities the kernel does not at present
- * and we block access to them.
- */
- info->reg_smidr = read_cpuid(SMIDR_EL1) & ~SMIDR_EL1_SMPS;
vec_init_vq_map(ARM64_VEC_SME);
cpacr_restore(cpacr);
@@ -1422,13 +1416,6 @@ void update_cpu_features(int cpu,
id_aa64pfr1_sme(read_sanitised_ftr_reg(SYS_ID_AA64PFR1_EL1))) {
unsigned long cpacr = cpacr_save_enable_kernel_sme();
- /*
- * We mask out SMPS since even if the hardware
- * supports priorities the kernel does not at present
- * and we block access to them.
- */
- info->reg_smidr = read_cpuid(SMIDR_EL1) & ~SMIDR_EL1_SMPS;
-
/* Probe vector lengths */
if (!system_capabilities_finalized())
vec_update_vq_map(ARM64_VEC_SME);
diff --git a/arch/arm64/kernel/cpuinfo.c b/arch/arm64/kernel/cpuinfo.c
index d79e88fccdfc..c45633b5ae23 100644
--- a/arch/arm64/kernel/cpuinfo.c
+++ b/arch/arm64/kernel/cpuinfo.c
@@ -482,6 +482,16 @@ static void __cpuinfo_store_cpu(struct cpuinfo_arm64 *info)
if (id_aa64pfr0_mpam(info->reg_id_aa64pfr0))
info->reg_mpamidr = read_cpuid(MPAMIDR_EL1);
+ if (IS_ENABLED(CONFIG_ARM64_SME) &&
+ id_aa64pfr1_sme(info->reg_id_aa64pfr1)) {
+ /*
+ * We mask out SMPS since even if the hardware
+ * supports priorities the kernel does not at present
+ * and we block access to them.
+ */
+ info->reg_smidr = read_cpuid(SMIDR_EL1) & ~SMIDR_EL1_SMPS;
+ }
+
cpuinfo_detect_icache_policy(info);
}
2 months, 2 weeks
- 1
- 0
FAILED: patch "[PATCH] arm64/sme: Move storage of reg_smidr to __cpuinfo_store_cpu()" failed to apply to 6.6-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.6-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y
git checkout FETCH_HEAD
git cherry-pick -x d3c7c48d004f6c8d892f39b5d69884fd0fe98c81
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021014-landscape-stencil-2aa9@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From d3c7c48d004f6c8d892f39b5d69884fd0fe98c81 Mon Sep 17 00:00:00 2001
From: Mark Brown <broonie(a)kernel.org>
Date: Tue, 17 Dec 2024 21:59:48 +0000
Subject: [PATCH] arm64/sme: Move storage of reg_smidr to __cpuinfo_store_cpu()
In commit 892f7237b3ff ("arm64: Delay initialisation of
cpuinfo_arm64::reg_{zcr,smcr}") we moved access to ZCR, SMCR and SMIDR
later in the boot process in order to ensure that we don't attempt to
interact with them if SVE or SME is disabled on the command line.
Unfortunately when initialising the boot CPU in init_cpu_features() we work
on a copy of the struct cpuinfo_arm64 for the boot CPU used only during
boot, not the percpu copy used by the sysfs code. The expectation of the
feature identification code was that the ID registers would be read in
__cpuinfo_store_cpu() and the values not modified by init_cpu_features().
The main reason for the original change was to avoid early accesses to
ZCR on practical systems that were seen shipping with SVE reported in ID
registers but traps enabled at EL3 and handled as fatal errors, SME was
rolled in due to the similarity with SVE. Since then we have removed the
early accesses to ZCR and SMCR in commits:
abef0695f9665c3d ("arm64/sve: Remove ZCR pseudo register from cpufeature code")
391208485c3ad50f ("arm64/sve: Remove SMCR pseudo register from cpufeature code")
so only the SMIDR_EL1 part of the change remains. Since SMIDR_EL1 is
only trapped via FEAT_IDST and not the SME trap it is less likely to be
affected by similar issues, and the factors that lead to issues with SVE
are less likely to apply to SME.
Since we have not yet seen practical SME systems that need to use a
command line override (and are only just beginning to see SME systems at
all) and the ID register read is much more likely to be safe let's just
store SMIDR_EL1 along with all the other ID register reads in
__cpuinfo_store_cpu().
This issue wasn't apparent when testing on emulated platforms that do not
report values in SMIDR_EL1.
Fixes: 892f7237b3ff ("arm64: Delay initialisation of cpuinfo_arm64::reg_{zcr,smcr}")
Signed-off-by: Mark Brown <broonie(a)kernel.org>
Cc: stable(a)vger.kernel.org
Link: https://lore.kernel.org/r/20241217-arm64-fix-boot-cpu-smidr-v3-1-7be278a856…
Signed-off-by: Will Deacon <will(a)kernel.org>
diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
index 13de0c7af053..b105e6683571 100644
--- a/arch/arm64/kernel/cpufeature.c
+++ b/arch/arm64/kernel/cpufeature.c
@@ -1166,12 +1166,6 @@ void __init init_cpu_features(struct cpuinfo_arm64 *info)
id_aa64pfr1_sme(read_sanitised_ftr_reg(SYS_ID_AA64PFR1_EL1))) {
unsigned long cpacr = cpacr_save_enable_kernel_sme();
- /*
- * We mask out SMPS since even if the hardware
- * supports priorities the kernel does not at present
- * and we block access to them.
- */
- info->reg_smidr = read_cpuid(SMIDR_EL1) & ~SMIDR_EL1_SMPS;
vec_init_vq_map(ARM64_VEC_SME);
cpacr_restore(cpacr);
@@ -1422,13 +1416,6 @@ void update_cpu_features(int cpu,
id_aa64pfr1_sme(read_sanitised_ftr_reg(SYS_ID_AA64PFR1_EL1))) {
unsigned long cpacr = cpacr_save_enable_kernel_sme();
- /*
- * We mask out SMPS since even if the hardware
- * supports priorities the kernel does not at present
- * and we block access to them.
- */
- info->reg_smidr = read_cpuid(SMIDR_EL1) & ~SMIDR_EL1_SMPS;
-
/* Probe vector lengths */
if (!system_capabilities_finalized())
vec_update_vq_map(ARM64_VEC_SME);
diff --git a/arch/arm64/kernel/cpuinfo.c b/arch/arm64/kernel/cpuinfo.c
index d79e88fccdfc..c45633b5ae23 100644
--- a/arch/arm64/kernel/cpuinfo.c
+++ b/arch/arm64/kernel/cpuinfo.c
@@ -482,6 +482,16 @@ static void __cpuinfo_store_cpu(struct cpuinfo_arm64 *info)
if (id_aa64pfr0_mpam(info->reg_id_aa64pfr0))
info->reg_mpamidr = read_cpuid(MPAMIDR_EL1);
+ if (IS_ENABLED(CONFIG_ARM64_SME) &&
+ id_aa64pfr1_sme(info->reg_id_aa64pfr1)) {
+ /*
+ * We mask out SMPS since even if the hardware
+ * supports priorities the kernel does not at present
+ * and we block access to them.
+ */
+ info->reg_smidr = read_cpuid(SMIDR_EL1) & ~SMIDR_EL1_SMPS;
+ }
+
cpuinfo_detect_icache_policy(info);
}
2 months, 2 weeks
- 1
- 0
FAILED: patch "[PATCH] arm64: Filter out SVE hwcaps when FEAT_SVE isn't implemented" failed to apply to 5.4-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 5.4-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y
git checkout FETCH_HEAD
git cherry-pick -x 064737920bdbca86df91b96aed256e88018fef3a
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021017-pardon-unpeeled-1e81@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 064737920bdbca86df91b96aed256e88018fef3a Mon Sep 17 00:00:00 2001
From: Marc Zyngier <maz(a)kernel.org>
Date: Tue, 7 Jan 2025 22:59:41 +0000
Subject: [PATCH] arm64: Filter out SVE hwcaps when FEAT_SVE isn't implemented
The hwcaps code that exposes SVE features to userspace only
considers ID_AA64ZFR0_EL1, while this is only valid when
ID_AA64PFR0_EL1.SVE advertises that SVE is actually supported.
The expectations are that when ID_AA64PFR0_EL1.SVE is 0, the
ID_AA64ZFR0_EL1 register is also 0. So far, so good.
Things become a bit more interesting if the HW implements SME.
In this case, a few ID_AA64ZFR0_EL1 fields indicate *SME*
features. And these fields overlap with their SVE interpretations.
But the architecture says that the SME and SVE feature sets must
match, so we're still hunky-dory.
This goes wrong if the HW implements SME, but not SVE. In this
case, we end-up advertising some SVE features to userspace, even
if the HW has none. That's because we never consider whether SVE
is actually implemented. Oh well.
Fix it by restricting all SVE capabilities to ID_AA64PFR0_EL1.SVE
being non-zero. The HWCAPS documentation is amended to reflect the
actually checks performed by the kernel.
Fixes: 06a916feca2b ("arm64: Expose SVE2 features for userspace")
Reported-by: Catalin Marinas <catalin.marinas(a)arm.com>
Signed-off-by: Marc Zyngier <maz(a)kernel.org>
Signed-off-by: Mark Brown <broonie(a)kernel.org>
Cc: Will Deacon <will(a)kernel.org>
Cc: Mark Rutland <mark.rutland(a)arm.com>
Cc: stable(a)vger.kernel.org
Reviewed-by: Mark Brown <broonie(a)kernel.org>
Link: https://lore.kernel.org/r/20250107-arm64-2024-dpisa-v5-1-7578da51fc3d@kerne…
Signed-off-by: Will Deacon <will(a)kernel.org>
diff --git a/Documentation/arch/arm64/elf_hwcaps.rst b/Documentation/arch/arm64/elf_hwcaps.rst
index 2ff922a406ad..1a31723e79fd 100644
--- a/Documentation/arch/arm64/elf_hwcaps.rst
+++ b/Documentation/arch/arm64/elf_hwcaps.rst
@@ -178,22 +178,28 @@ HWCAP2_DCPODP
Functionality implied by ID_AA64ISAR1_EL1.DPB == 0b0010.
HWCAP2_SVE2
- Functionality implied by ID_AA64ZFR0_EL1.SVEver == 0b0001.
+ Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and
+ ID_AA64ZFR0_EL1.SVEver == 0b0001.
HWCAP2_SVEAES
- Functionality implied by ID_AA64ZFR0_EL1.AES == 0b0001.
+ Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and
+ ID_AA64ZFR0_EL1.AES == 0b0001.
HWCAP2_SVEPMULL
- Functionality implied by ID_AA64ZFR0_EL1.AES == 0b0010.
+ Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and
+ ID_AA64ZFR0_EL1.AES == 0b0010.
HWCAP2_SVEBITPERM
- Functionality implied by ID_AA64ZFR0_EL1.BitPerm == 0b0001.
+ Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and
+ ID_AA64ZFR0_EL1.BitPerm == 0b0001.
HWCAP2_SVESHA3
- Functionality implied by ID_AA64ZFR0_EL1.SHA3 == 0b0001.
+ Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and
+ ID_AA64ZFR0_EL1.SHA3 == 0b0001.
HWCAP2_SVESM4
- Functionality implied by ID_AA64ZFR0_EL1.SM4 == 0b0001.
+ Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and
+ ID_AA64ZFR0_EL1.SM4 == 0b0001.
HWCAP2_FLAGM2
Functionality implied by ID_AA64ISAR0_EL1.TS == 0b0010.
@@ -202,16 +208,20 @@ HWCAP2_FRINT
Functionality implied by ID_AA64ISAR1_EL1.FRINTTS == 0b0001.
HWCAP2_SVEI8MM
- Functionality implied by ID_AA64ZFR0_EL1.I8MM == 0b0001.
+ Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and
+ ID_AA64ZFR0_EL1.I8MM == 0b0001.
HWCAP2_SVEF32MM
- Functionality implied by ID_AA64ZFR0_EL1.F32MM == 0b0001.
+ Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and
+ ID_AA64ZFR0_EL1.F32MM == 0b0001.
HWCAP2_SVEF64MM
- Functionality implied by ID_AA64ZFR0_EL1.F64MM == 0b0001.
+ Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and
+ ID_AA64ZFR0_EL1.F64MM == 0b0001.
HWCAP2_SVEBF16
- Functionality implied by ID_AA64ZFR0_EL1.BF16 == 0b0001.
+ Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and
+ ID_AA64ZFR0_EL1.BF16 == 0b0001.
HWCAP2_I8MM
Functionality implied by ID_AA64ISAR1_EL1.I8MM == 0b0001.
@@ -277,7 +287,8 @@ HWCAP2_EBF16
Functionality implied by ID_AA64ISAR1_EL1.BF16 == 0b0010.
HWCAP2_SVE_EBF16
- Functionality implied by ID_AA64ZFR0_EL1.BF16 == 0b0010.
+ Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and
+ ID_AA64ZFR0_EL1.BF16 == 0b0010.
HWCAP2_CSSC
Functionality implied by ID_AA64ISAR2_EL1.CSSC == 0b0001.
@@ -286,7 +297,8 @@ HWCAP2_RPRFM
Functionality implied by ID_AA64ISAR2_EL1.RPRFM == 0b0001.
HWCAP2_SVE2P1
- Functionality implied by ID_AA64ZFR0_EL1.SVEver == 0b0010.
+ Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and
+ ID_AA64ZFR0_EL1.SVEver == 0b0010.
HWCAP2_SME2
Functionality implied by ID_AA64SMFR0_EL1.SMEver == 0b0001.
@@ -313,7 +325,8 @@ HWCAP2_HBC
Functionality implied by ID_AA64ISAR2_EL1.BC == 0b0001.
HWCAP2_SVE_B16B16
- Functionality implied by ID_AA64ZFR0_EL1.B16B16 == 0b0001.
+ Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and
+ ID_AA64ZFR0_EL1.B16B16 == 0b0001.
HWCAP2_LRCPC3
Functionality implied by ID_AA64ISAR1_EL1.LRCPC == 0b0011.
diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
index b105e6683571..678da3ffaef9 100644
--- a/arch/arm64/kernel/cpufeature.c
+++ b/arch/arm64/kernel/cpufeature.c
@@ -3008,6 +3008,13 @@ static const struct arm64_cpu_capabilities arm64_features[] = {
.matches = match, \
}
+#define HWCAP_CAP_MATCH_ID(match, reg, field, min_value, cap_type, cap) \
+ { \
+ __HWCAP_CAP(#cap, cap_type, cap) \
+ HWCAP_CPUID_MATCH(reg, field, min_value) \
+ .matches = match, \
+ }
+
#ifdef CONFIG_ARM64_PTR_AUTH
static const struct arm64_cpu_capabilities ptr_auth_hwcap_addr_matches[] = {
{
@@ -3036,6 +3043,13 @@ static const struct arm64_cpu_capabilities ptr_auth_hwcap_gen_matches[] = {
};
#endif
+#ifdef CONFIG_ARM64_SVE
+static bool has_sve_feature(const struct arm64_cpu_capabilities *cap, int scope)
+{
+ return system_supports_sve() && has_user_cpuid_feature(cap, scope);
+}
+#endif
+
static const struct arm64_cpu_capabilities arm64_elf_hwcaps[] = {
HWCAP_CAP(ID_AA64ISAR0_EL1, AES, PMULL, CAP_HWCAP, KERNEL_HWCAP_PMULL),
HWCAP_CAP(ID_AA64ISAR0_EL1, AES, AES, CAP_HWCAP, KERNEL_HWCAP_AES),
@@ -3078,19 +3092,19 @@ static const struct arm64_cpu_capabilities arm64_elf_hwcaps[] = {
HWCAP_CAP(ID_AA64MMFR2_EL1, AT, IMP, CAP_HWCAP, KERNEL_HWCAP_USCAT),
#ifdef CONFIG_ARM64_SVE
HWCAP_CAP(ID_AA64PFR0_EL1, SVE, IMP, CAP_HWCAP, KERNEL_HWCAP_SVE),
- HWCAP_CAP(ID_AA64ZFR0_EL1, SVEver, SVE2p1, CAP_HWCAP, KERNEL_HWCAP_SVE2P1),
- HWCAP_CAP(ID_AA64ZFR0_EL1, SVEver, SVE2, CAP_HWCAP, KERNEL_HWCAP_SVE2),
- HWCAP_CAP(ID_AA64ZFR0_EL1, AES, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEAES),
- HWCAP_CAP(ID_AA64ZFR0_EL1, AES, PMULL128, CAP_HWCAP, KERNEL_HWCAP_SVEPMULL),
- HWCAP_CAP(ID_AA64ZFR0_EL1, BitPerm, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEBITPERM),
- HWCAP_CAP(ID_AA64ZFR0_EL1, B16B16, IMP, CAP_HWCAP, KERNEL_HWCAP_SVE_B16B16),
- HWCAP_CAP(ID_AA64ZFR0_EL1, BF16, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEBF16),
- HWCAP_CAP(ID_AA64ZFR0_EL1, BF16, EBF16, CAP_HWCAP, KERNEL_HWCAP_SVE_EBF16),
- HWCAP_CAP(ID_AA64ZFR0_EL1, SHA3, IMP, CAP_HWCAP, KERNEL_HWCAP_SVESHA3),
- HWCAP_CAP(ID_AA64ZFR0_EL1, SM4, IMP, CAP_HWCAP, KERNEL_HWCAP_SVESM4),
- HWCAP_CAP(ID_AA64ZFR0_EL1, I8MM, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEI8MM),
- HWCAP_CAP(ID_AA64ZFR0_EL1, F32MM, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEF32MM),
- HWCAP_CAP(ID_AA64ZFR0_EL1, F64MM, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEF64MM),
+ HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, SVEver, SVE2p1, CAP_HWCAP, KERNEL_HWCAP_SVE2P1),
+ HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, SVEver, SVE2, CAP_HWCAP, KERNEL_HWCAP_SVE2),
+ HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, AES, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEAES),
+ HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, AES, PMULL128, CAP_HWCAP, KERNEL_HWCAP_SVEPMULL),
+ HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, BitPerm, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEBITPERM),
+ HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, B16B16, IMP, CAP_HWCAP, KERNEL_HWCAP_SVE_B16B16),
+ HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, BF16, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEBF16),
+ HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, BF16, EBF16, CAP_HWCAP, KERNEL_HWCAP_SVE_EBF16),
+ HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, SHA3, IMP, CAP_HWCAP, KERNEL_HWCAP_SVESHA3),
+ HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, SM4, IMP, CAP_HWCAP, KERNEL_HWCAP_SVESM4),
+ HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, I8MM, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEI8MM),
+ HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, F32MM, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEF32MM),
+ HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, F64MM, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEF64MM),
#endif
#ifdef CONFIG_ARM64_GCS
HWCAP_CAP(ID_AA64PFR1_EL1, GCS, IMP, CAP_HWCAP, KERNEL_HWCAP_GCS),
2 months, 2 weeks
- 1
- 0
FAILED: patch "[PATCH] arm64: Filter out SVE hwcaps when FEAT_SVE isn't implemented" failed to apply to 5.10-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 5.10-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y
git checkout FETCH_HEAD
git cherry-pick -x 064737920bdbca86df91b96aed256e88018fef3a
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021012-straw-unsterile-169b@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 064737920bdbca86df91b96aed256e88018fef3a Mon Sep 17 00:00:00 2001
From: Marc Zyngier <maz(a)kernel.org>
Date: Tue, 7 Jan 2025 22:59:41 +0000
Subject: [PATCH] arm64: Filter out SVE hwcaps when FEAT_SVE isn't implemented
The hwcaps code that exposes SVE features to userspace only
considers ID_AA64ZFR0_EL1, while this is only valid when
ID_AA64PFR0_EL1.SVE advertises that SVE is actually supported.
The expectations are that when ID_AA64PFR0_EL1.SVE is 0, the
ID_AA64ZFR0_EL1 register is also 0. So far, so good.
Things become a bit more interesting if the HW implements SME.
In this case, a few ID_AA64ZFR0_EL1 fields indicate *SME*
features. And these fields overlap with their SVE interpretations.
But the architecture says that the SME and SVE feature sets must
match, so we're still hunky-dory.
This goes wrong if the HW implements SME, but not SVE. In this
case, we end-up advertising some SVE features to userspace, even
if the HW has none. That's because we never consider whether SVE
is actually implemented. Oh well.
Fix it by restricting all SVE capabilities to ID_AA64PFR0_EL1.SVE
being non-zero. The HWCAPS documentation is amended to reflect the
actually checks performed by the kernel.
Fixes: 06a916feca2b ("arm64: Expose SVE2 features for userspace")
Reported-by: Catalin Marinas <catalin.marinas(a)arm.com>
Signed-off-by: Marc Zyngier <maz(a)kernel.org>
Signed-off-by: Mark Brown <broonie(a)kernel.org>
Cc: Will Deacon <will(a)kernel.org>
Cc: Mark Rutland <mark.rutland(a)arm.com>
Cc: stable(a)vger.kernel.org
Reviewed-by: Mark Brown <broonie(a)kernel.org>
Link: https://lore.kernel.org/r/20250107-arm64-2024-dpisa-v5-1-7578da51fc3d@kerne…
Signed-off-by: Will Deacon <will(a)kernel.org>
diff --git a/Documentation/arch/arm64/elf_hwcaps.rst b/Documentation/arch/arm64/elf_hwcaps.rst
index 2ff922a406ad..1a31723e79fd 100644
--- a/Documentation/arch/arm64/elf_hwcaps.rst
+++ b/Documentation/arch/arm64/elf_hwcaps.rst
@@ -178,22 +178,28 @@ HWCAP2_DCPODP
Functionality implied by ID_AA64ISAR1_EL1.DPB == 0b0010.
HWCAP2_SVE2
- Functionality implied by ID_AA64ZFR0_EL1.SVEver == 0b0001.
+ Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and
+ ID_AA64ZFR0_EL1.SVEver == 0b0001.
HWCAP2_SVEAES
- Functionality implied by ID_AA64ZFR0_EL1.AES == 0b0001.
+ Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and
+ ID_AA64ZFR0_EL1.AES == 0b0001.
HWCAP2_SVEPMULL
- Functionality implied by ID_AA64ZFR0_EL1.AES == 0b0010.
+ Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and
+ ID_AA64ZFR0_EL1.AES == 0b0010.
HWCAP2_SVEBITPERM
- Functionality implied by ID_AA64ZFR0_EL1.BitPerm == 0b0001.
+ Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and
+ ID_AA64ZFR0_EL1.BitPerm == 0b0001.
HWCAP2_SVESHA3
- Functionality implied by ID_AA64ZFR0_EL1.SHA3 == 0b0001.
+ Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and
+ ID_AA64ZFR0_EL1.SHA3 == 0b0001.
HWCAP2_SVESM4
- Functionality implied by ID_AA64ZFR0_EL1.SM4 == 0b0001.
+ Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and
+ ID_AA64ZFR0_EL1.SM4 == 0b0001.
HWCAP2_FLAGM2
Functionality implied by ID_AA64ISAR0_EL1.TS == 0b0010.
@@ -202,16 +208,20 @@ HWCAP2_FRINT
Functionality implied by ID_AA64ISAR1_EL1.FRINTTS == 0b0001.
HWCAP2_SVEI8MM
- Functionality implied by ID_AA64ZFR0_EL1.I8MM == 0b0001.
+ Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and
+ ID_AA64ZFR0_EL1.I8MM == 0b0001.
HWCAP2_SVEF32MM
- Functionality implied by ID_AA64ZFR0_EL1.F32MM == 0b0001.
+ Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and
+ ID_AA64ZFR0_EL1.F32MM == 0b0001.
HWCAP2_SVEF64MM
- Functionality implied by ID_AA64ZFR0_EL1.F64MM == 0b0001.
+ Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and
+ ID_AA64ZFR0_EL1.F64MM == 0b0001.
HWCAP2_SVEBF16
- Functionality implied by ID_AA64ZFR0_EL1.BF16 == 0b0001.
+ Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and
+ ID_AA64ZFR0_EL1.BF16 == 0b0001.
HWCAP2_I8MM
Functionality implied by ID_AA64ISAR1_EL1.I8MM == 0b0001.
@@ -277,7 +287,8 @@ HWCAP2_EBF16
Functionality implied by ID_AA64ISAR1_EL1.BF16 == 0b0010.
HWCAP2_SVE_EBF16
- Functionality implied by ID_AA64ZFR0_EL1.BF16 == 0b0010.
+ Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and
+ ID_AA64ZFR0_EL1.BF16 == 0b0010.
HWCAP2_CSSC
Functionality implied by ID_AA64ISAR2_EL1.CSSC == 0b0001.
@@ -286,7 +297,8 @@ HWCAP2_RPRFM
Functionality implied by ID_AA64ISAR2_EL1.RPRFM == 0b0001.
HWCAP2_SVE2P1
- Functionality implied by ID_AA64ZFR0_EL1.SVEver == 0b0010.
+ Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and
+ ID_AA64ZFR0_EL1.SVEver == 0b0010.
HWCAP2_SME2
Functionality implied by ID_AA64SMFR0_EL1.SMEver == 0b0001.
@@ -313,7 +325,8 @@ HWCAP2_HBC
Functionality implied by ID_AA64ISAR2_EL1.BC == 0b0001.
HWCAP2_SVE_B16B16
- Functionality implied by ID_AA64ZFR0_EL1.B16B16 == 0b0001.
+ Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and
+ ID_AA64ZFR0_EL1.B16B16 == 0b0001.
HWCAP2_LRCPC3
Functionality implied by ID_AA64ISAR1_EL1.LRCPC == 0b0011.
diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
index b105e6683571..678da3ffaef9 100644
--- a/arch/arm64/kernel/cpufeature.c
+++ b/arch/arm64/kernel/cpufeature.c
@@ -3008,6 +3008,13 @@ static const struct arm64_cpu_capabilities arm64_features[] = {
.matches = match, \
}
+#define HWCAP_CAP_MATCH_ID(match, reg, field, min_value, cap_type, cap) \
+ { \
+ __HWCAP_CAP(#cap, cap_type, cap) \
+ HWCAP_CPUID_MATCH(reg, field, min_value) \
+ .matches = match, \
+ }
+
#ifdef CONFIG_ARM64_PTR_AUTH
static const struct arm64_cpu_capabilities ptr_auth_hwcap_addr_matches[] = {
{
@@ -3036,6 +3043,13 @@ static const struct arm64_cpu_capabilities ptr_auth_hwcap_gen_matches[] = {
};
#endif
+#ifdef CONFIG_ARM64_SVE
+static bool has_sve_feature(const struct arm64_cpu_capabilities *cap, int scope)
+{
+ return system_supports_sve() && has_user_cpuid_feature(cap, scope);
+}
+#endif
+
static const struct arm64_cpu_capabilities arm64_elf_hwcaps[] = {
HWCAP_CAP(ID_AA64ISAR0_EL1, AES, PMULL, CAP_HWCAP, KERNEL_HWCAP_PMULL),
HWCAP_CAP(ID_AA64ISAR0_EL1, AES, AES, CAP_HWCAP, KERNEL_HWCAP_AES),
@@ -3078,19 +3092,19 @@ static const struct arm64_cpu_capabilities arm64_elf_hwcaps[] = {
HWCAP_CAP(ID_AA64MMFR2_EL1, AT, IMP, CAP_HWCAP, KERNEL_HWCAP_USCAT),
#ifdef CONFIG_ARM64_SVE
HWCAP_CAP(ID_AA64PFR0_EL1, SVE, IMP, CAP_HWCAP, KERNEL_HWCAP_SVE),
- HWCAP_CAP(ID_AA64ZFR0_EL1, SVEver, SVE2p1, CAP_HWCAP, KERNEL_HWCAP_SVE2P1),
- HWCAP_CAP(ID_AA64ZFR0_EL1, SVEver, SVE2, CAP_HWCAP, KERNEL_HWCAP_SVE2),
- HWCAP_CAP(ID_AA64ZFR0_EL1, AES, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEAES),
- HWCAP_CAP(ID_AA64ZFR0_EL1, AES, PMULL128, CAP_HWCAP, KERNEL_HWCAP_SVEPMULL),
- HWCAP_CAP(ID_AA64ZFR0_EL1, BitPerm, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEBITPERM),
- HWCAP_CAP(ID_AA64ZFR0_EL1, B16B16, IMP, CAP_HWCAP, KERNEL_HWCAP_SVE_B16B16),
- HWCAP_CAP(ID_AA64ZFR0_EL1, BF16, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEBF16),
- HWCAP_CAP(ID_AA64ZFR0_EL1, BF16, EBF16, CAP_HWCAP, KERNEL_HWCAP_SVE_EBF16),
- HWCAP_CAP(ID_AA64ZFR0_EL1, SHA3, IMP, CAP_HWCAP, KERNEL_HWCAP_SVESHA3),
- HWCAP_CAP(ID_AA64ZFR0_EL1, SM4, IMP, CAP_HWCAP, KERNEL_HWCAP_SVESM4),
- HWCAP_CAP(ID_AA64ZFR0_EL1, I8MM, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEI8MM),
- HWCAP_CAP(ID_AA64ZFR0_EL1, F32MM, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEF32MM),
- HWCAP_CAP(ID_AA64ZFR0_EL1, F64MM, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEF64MM),
+ HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, SVEver, SVE2p1, CAP_HWCAP, KERNEL_HWCAP_SVE2P1),
+ HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, SVEver, SVE2, CAP_HWCAP, KERNEL_HWCAP_SVE2),
+ HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, AES, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEAES),
+ HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, AES, PMULL128, CAP_HWCAP, KERNEL_HWCAP_SVEPMULL),
+ HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, BitPerm, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEBITPERM),
+ HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, B16B16, IMP, CAP_HWCAP, KERNEL_HWCAP_SVE_B16B16),
+ HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, BF16, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEBF16),
+ HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, BF16, EBF16, CAP_HWCAP, KERNEL_HWCAP_SVE_EBF16),
+ HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, SHA3, IMP, CAP_HWCAP, KERNEL_HWCAP_SVESHA3),
+ HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, SM4, IMP, CAP_HWCAP, KERNEL_HWCAP_SVESM4),
+ HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, I8MM, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEI8MM),
+ HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, F32MM, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEF32MM),
+ HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, F64MM, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEF64MM),
#endif
#ifdef CONFIG_ARM64_GCS
HWCAP_CAP(ID_AA64PFR1_EL1, GCS, IMP, CAP_HWCAP, KERNEL_HWCAP_GCS),
2 months, 2 weeks
- 1
- 0
FAILED: patch "[PATCH] arm64: Filter out SVE hwcaps when FEAT_SVE isn't implemented" failed to apply to 5.15-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 5.15-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y
git checkout FETCH_HEAD
git cherry-pick -x 064737920bdbca86df91b96aed256e88018fef3a
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021006-unclog-unlearned-af9c@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 064737920bdbca86df91b96aed256e88018fef3a Mon Sep 17 00:00:00 2001
From: Marc Zyngier <maz(a)kernel.org>
Date: Tue, 7 Jan 2025 22:59:41 +0000
Subject: [PATCH] arm64: Filter out SVE hwcaps when FEAT_SVE isn't implemented
The hwcaps code that exposes SVE features to userspace only
considers ID_AA64ZFR0_EL1, while this is only valid when
ID_AA64PFR0_EL1.SVE advertises that SVE is actually supported.
The expectations are that when ID_AA64PFR0_EL1.SVE is 0, the
ID_AA64ZFR0_EL1 register is also 0. So far, so good.
Things become a bit more interesting if the HW implements SME.
In this case, a few ID_AA64ZFR0_EL1 fields indicate *SME*
features. And these fields overlap with their SVE interpretations.
But the architecture says that the SME and SVE feature sets must
match, so we're still hunky-dory.
This goes wrong if the HW implements SME, but not SVE. In this
case, we end-up advertising some SVE features to userspace, even
if the HW has none. That's because we never consider whether SVE
is actually implemented. Oh well.
Fix it by restricting all SVE capabilities to ID_AA64PFR0_EL1.SVE
being non-zero. The HWCAPS documentation is amended to reflect the
actually checks performed by the kernel.
Fixes: 06a916feca2b ("arm64: Expose SVE2 features for userspace")
Reported-by: Catalin Marinas <catalin.marinas(a)arm.com>
Signed-off-by: Marc Zyngier <maz(a)kernel.org>
Signed-off-by: Mark Brown <broonie(a)kernel.org>
Cc: Will Deacon <will(a)kernel.org>
Cc: Mark Rutland <mark.rutland(a)arm.com>
Cc: stable(a)vger.kernel.org
Reviewed-by: Mark Brown <broonie(a)kernel.org>
Link: https://lore.kernel.org/r/20250107-arm64-2024-dpisa-v5-1-7578da51fc3d@kerne…
Signed-off-by: Will Deacon <will(a)kernel.org>
diff --git a/Documentation/arch/arm64/elf_hwcaps.rst b/Documentation/arch/arm64/elf_hwcaps.rst
index 2ff922a406ad..1a31723e79fd 100644
--- a/Documentation/arch/arm64/elf_hwcaps.rst
+++ b/Documentation/arch/arm64/elf_hwcaps.rst
@@ -178,22 +178,28 @@ HWCAP2_DCPODP
Functionality implied by ID_AA64ISAR1_EL1.DPB == 0b0010.
HWCAP2_SVE2
- Functionality implied by ID_AA64ZFR0_EL1.SVEver == 0b0001.
+ Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and
+ ID_AA64ZFR0_EL1.SVEver == 0b0001.
HWCAP2_SVEAES
- Functionality implied by ID_AA64ZFR0_EL1.AES == 0b0001.
+ Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and
+ ID_AA64ZFR0_EL1.AES == 0b0001.
HWCAP2_SVEPMULL
- Functionality implied by ID_AA64ZFR0_EL1.AES == 0b0010.
+ Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and
+ ID_AA64ZFR0_EL1.AES == 0b0010.
HWCAP2_SVEBITPERM
- Functionality implied by ID_AA64ZFR0_EL1.BitPerm == 0b0001.
+ Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and
+ ID_AA64ZFR0_EL1.BitPerm == 0b0001.
HWCAP2_SVESHA3
- Functionality implied by ID_AA64ZFR0_EL1.SHA3 == 0b0001.
+ Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and
+ ID_AA64ZFR0_EL1.SHA3 == 0b0001.
HWCAP2_SVESM4
- Functionality implied by ID_AA64ZFR0_EL1.SM4 == 0b0001.
+ Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and
+ ID_AA64ZFR0_EL1.SM4 == 0b0001.
HWCAP2_FLAGM2
Functionality implied by ID_AA64ISAR0_EL1.TS == 0b0010.
@@ -202,16 +208,20 @@ HWCAP2_FRINT
Functionality implied by ID_AA64ISAR1_EL1.FRINTTS == 0b0001.
HWCAP2_SVEI8MM
- Functionality implied by ID_AA64ZFR0_EL1.I8MM == 0b0001.
+ Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and
+ ID_AA64ZFR0_EL1.I8MM == 0b0001.
HWCAP2_SVEF32MM
- Functionality implied by ID_AA64ZFR0_EL1.F32MM == 0b0001.
+ Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and
+ ID_AA64ZFR0_EL1.F32MM == 0b0001.
HWCAP2_SVEF64MM
- Functionality implied by ID_AA64ZFR0_EL1.F64MM == 0b0001.
+ Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and
+ ID_AA64ZFR0_EL1.F64MM == 0b0001.
HWCAP2_SVEBF16
- Functionality implied by ID_AA64ZFR0_EL1.BF16 == 0b0001.
+ Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and
+ ID_AA64ZFR0_EL1.BF16 == 0b0001.
HWCAP2_I8MM
Functionality implied by ID_AA64ISAR1_EL1.I8MM == 0b0001.
@@ -277,7 +287,8 @@ HWCAP2_EBF16
Functionality implied by ID_AA64ISAR1_EL1.BF16 == 0b0010.
HWCAP2_SVE_EBF16
- Functionality implied by ID_AA64ZFR0_EL1.BF16 == 0b0010.
+ Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and
+ ID_AA64ZFR0_EL1.BF16 == 0b0010.
HWCAP2_CSSC
Functionality implied by ID_AA64ISAR2_EL1.CSSC == 0b0001.
@@ -286,7 +297,8 @@ HWCAP2_RPRFM
Functionality implied by ID_AA64ISAR2_EL1.RPRFM == 0b0001.
HWCAP2_SVE2P1
- Functionality implied by ID_AA64ZFR0_EL1.SVEver == 0b0010.
+ Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and
+ ID_AA64ZFR0_EL1.SVEver == 0b0010.
HWCAP2_SME2
Functionality implied by ID_AA64SMFR0_EL1.SMEver == 0b0001.
@@ -313,7 +325,8 @@ HWCAP2_HBC
Functionality implied by ID_AA64ISAR2_EL1.BC == 0b0001.
HWCAP2_SVE_B16B16
- Functionality implied by ID_AA64ZFR0_EL1.B16B16 == 0b0001.
+ Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and
+ ID_AA64ZFR0_EL1.B16B16 == 0b0001.
HWCAP2_LRCPC3
Functionality implied by ID_AA64ISAR1_EL1.LRCPC == 0b0011.
diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
index b105e6683571..678da3ffaef9 100644
--- a/arch/arm64/kernel/cpufeature.c
+++ b/arch/arm64/kernel/cpufeature.c
@@ -3008,6 +3008,13 @@ static const struct arm64_cpu_capabilities arm64_features[] = {
.matches = match, \
}
+#define HWCAP_CAP_MATCH_ID(match, reg, field, min_value, cap_type, cap) \
+ { \
+ __HWCAP_CAP(#cap, cap_type, cap) \
+ HWCAP_CPUID_MATCH(reg, field, min_value) \
+ .matches = match, \
+ }
+
#ifdef CONFIG_ARM64_PTR_AUTH
static const struct arm64_cpu_capabilities ptr_auth_hwcap_addr_matches[] = {
{
@@ -3036,6 +3043,13 @@ static const struct arm64_cpu_capabilities ptr_auth_hwcap_gen_matches[] = {
};
#endif
+#ifdef CONFIG_ARM64_SVE
+static bool has_sve_feature(const struct arm64_cpu_capabilities *cap, int scope)
+{
+ return system_supports_sve() && has_user_cpuid_feature(cap, scope);
+}
+#endif
+
static const struct arm64_cpu_capabilities arm64_elf_hwcaps[] = {
HWCAP_CAP(ID_AA64ISAR0_EL1, AES, PMULL, CAP_HWCAP, KERNEL_HWCAP_PMULL),
HWCAP_CAP(ID_AA64ISAR0_EL1, AES, AES, CAP_HWCAP, KERNEL_HWCAP_AES),
@@ -3078,19 +3092,19 @@ static const struct arm64_cpu_capabilities arm64_elf_hwcaps[] = {
HWCAP_CAP(ID_AA64MMFR2_EL1, AT, IMP, CAP_HWCAP, KERNEL_HWCAP_USCAT),
#ifdef CONFIG_ARM64_SVE
HWCAP_CAP(ID_AA64PFR0_EL1, SVE, IMP, CAP_HWCAP, KERNEL_HWCAP_SVE),
- HWCAP_CAP(ID_AA64ZFR0_EL1, SVEver, SVE2p1, CAP_HWCAP, KERNEL_HWCAP_SVE2P1),
- HWCAP_CAP(ID_AA64ZFR0_EL1, SVEver, SVE2, CAP_HWCAP, KERNEL_HWCAP_SVE2),
- HWCAP_CAP(ID_AA64ZFR0_EL1, AES, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEAES),
- HWCAP_CAP(ID_AA64ZFR0_EL1, AES, PMULL128, CAP_HWCAP, KERNEL_HWCAP_SVEPMULL),
- HWCAP_CAP(ID_AA64ZFR0_EL1, BitPerm, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEBITPERM),
- HWCAP_CAP(ID_AA64ZFR0_EL1, B16B16, IMP, CAP_HWCAP, KERNEL_HWCAP_SVE_B16B16),
- HWCAP_CAP(ID_AA64ZFR0_EL1, BF16, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEBF16),
- HWCAP_CAP(ID_AA64ZFR0_EL1, BF16, EBF16, CAP_HWCAP, KERNEL_HWCAP_SVE_EBF16),
- HWCAP_CAP(ID_AA64ZFR0_EL1, SHA3, IMP, CAP_HWCAP, KERNEL_HWCAP_SVESHA3),
- HWCAP_CAP(ID_AA64ZFR0_EL1, SM4, IMP, CAP_HWCAP, KERNEL_HWCAP_SVESM4),
- HWCAP_CAP(ID_AA64ZFR0_EL1, I8MM, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEI8MM),
- HWCAP_CAP(ID_AA64ZFR0_EL1, F32MM, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEF32MM),
- HWCAP_CAP(ID_AA64ZFR0_EL1, F64MM, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEF64MM),
+ HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, SVEver, SVE2p1, CAP_HWCAP, KERNEL_HWCAP_SVE2P1),
+ HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, SVEver, SVE2, CAP_HWCAP, KERNEL_HWCAP_SVE2),
+ HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, AES, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEAES),
+ HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, AES, PMULL128, CAP_HWCAP, KERNEL_HWCAP_SVEPMULL),
+ HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, BitPerm, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEBITPERM),
+ HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, B16B16, IMP, CAP_HWCAP, KERNEL_HWCAP_SVE_B16B16),
+ HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, BF16, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEBF16),
+ HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, BF16, EBF16, CAP_HWCAP, KERNEL_HWCAP_SVE_EBF16),
+ HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, SHA3, IMP, CAP_HWCAP, KERNEL_HWCAP_SVESHA3),
+ HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, SM4, IMP, CAP_HWCAP, KERNEL_HWCAP_SVESM4),
+ HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, I8MM, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEI8MM),
+ HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, F32MM, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEF32MM),
+ HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, F64MM, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEF64MM),
#endif
#ifdef CONFIG_ARM64_GCS
HWCAP_CAP(ID_AA64PFR1_EL1, GCS, IMP, CAP_HWCAP, KERNEL_HWCAP_GCS),
2 months, 2 weeks
- 1
- 0
FAILED: patch "[PATCH] arm64: Filter out SVE hwcaps when FEAT_SVE isn't implemented" failed to apply to 6.1-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.1-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y
git checkout FETCH_HEAD
git cherry-pick -x 064737920bdbca86df91b96aed256e88018fef3a
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021005-riding-underfeed-c095@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 064737920bdbca86df91b96aed256e88018fef3a Mon Sep 17 00:00:00 2001
From: Marc Zyngier <maz(a)kernel.org>
Date: Tue, 7 Jan 2025 22:59:41 +0000
Subject: [PATCH] arm64: Filter out SVE hwcaps when FEAT_SVE isn't implemented
The hwcaps code that exposes SVE features to userspace only
considers ID_AA64ZFR0_EL1, while this is only valid when
ID_AA64PFR0_EL1.SVE advertises that SVE is actually supported.
The expectations are that when ID_AA64PFR0_EL1.SVE is 0, the
ID_AA64ZFR0_EL1 register is also 0. So far, so good.
Things become a bit more interesting if the HW implements SME.
In this case, a few ID_AA64ZFR0_EL1 fields indicate *SME*
features. And these fields overlap with their SVE interpretations.
But the architecture says that the SME and SVE feature sets must
match, so we're still hunky-dory.
This goes wrong if the HW implements SME, but not SVE. In this
case, we end-up advertising some SVE features to userspace, even
if the HW has none. That's because we never consider whether SVE
is actually implemented. Oh well.
Fix it by restricting all SVE capabilities to ID_AA64PFR0_EL1.SVE
being non-zero. The HWCAPS documentation is amended to reflect the
actually checks performed by the kernel.
Fixes: 06a916feca2b ("arm64: Expose SVE2 features for userspace")
Reported-by: Catalin Marinas <catalin.marinas(a)arm.com>
Signed-off-by: Marc Zyngier <maz(a)kernel.org>
Signed-off-by: Mark Brown <broonie(a)kernel.org>
Cc: Will Deacon <will(a)kernel.org>
Cc: Mark Rutland <mark.rutland(a)arm.com>
Cc: stable(a)vger.kernel.org
Reviewed-by: Mark Brown <broonie(a)kernel.org>
Link: https://lore.kernel.org/r/20250107-arm64-2024-dpisa-v5-1-7578da51fc3d@kerne…
Signed-off-by: Will Deacon <will(a)kernel.org>
diff --git a/Documentation/arch/arm64/elf_hwcaps.rst b/Documentation/arch/arm64/elf_hwcaps.rst
index 2ff922a406ad..1a31723e79fd 100644
--- a/Documentation/arch/arm64/elf_hwcaps.rst
+++ b/Documentation/arch/arm64/elf_hwcaps.rst
@@ -178,22 +178,28 @@ HWCAP2_DCPODP
Functionality implied by ID_AA64ISAR1_EL1.DPB == 0b0010.
HWCAP2_SVE2
- Functionality implied by ID_AA64ZFR0_EL1.SVEver == 0b0001.
+ Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and
+ ID_AA64ZFR0_EL1.SVEver == 0b0001.
HWCAP2_SVEAES
- Functionality implied by ID_AA64ZFR0_EL1.AES == 0b0001.
+ Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and
+ ID_AA64ZFR0_EL1.AES == 0b0001.
HWCAP2_SVEPMULL
- Functionality implied by ID_AA64ZFR0_EL1.AES == 0b0010.
+ Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and
+ ID_AA64ZFR0_EL1.AES == 0b0010.
HWCAP2_SVEBITPERM
- Functionality implied by ID_AA64ZFR0_EL1.BitPerm == 0b0001.
+ Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and
+ ID_AA64ZFR0_EL1.BitPerm == 0b0001.
HWCAP2_SVESHA3
- Functionality implied by ID_AA64ZFR0_EL1.SHA3 == 0b0001.
+ Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and
+ ID_AA64ZFR0_EL1.SHA3 == 0b0001.
HWCAP2_SVESM4
- Functionality implied by ID_AA64ZFR0_EL1.SM4 == 0b0001.
+ Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and
+ ID_AA64ZFR0_EL1.SM4 == 0b0001.
HWCAP2_FLAGM2
Functionality implied by ID_AA64ISAR0_EL1.TS == 0b0010.
@@ -202,16 +208,20 @@ HWCAP2_FRINT
Functionality implied by ID_AA64ISAR1_EL1.FRINTTS == 0b0001.
HWCAP2_SVEI8MM
- Functionality implied by ID_AA64ZFR0_EL1.I8MM == 0b0001.
+ Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and
+ ID_AA64ZFR0_EL1.I8MM == 0b0001.
HWCAP2_SVEF32MM
- Functionality implied by ID_AA64ZFR0_EL1.F32MM == 0b0001.
+ Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and
+ ID_AA64ZFR0_EL1.F32MM == 0b0001.
HWCAP2_SVEF64MM
- Functionality implied by ID_AA64ZFR0_EL1.F64MM == 0b0001.
+ Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and
+ ID_AA64ZFR0_EL1.F64MM == 0b0001.
HWCAP2_SVEBF16
- Functionality implied by ID_AA64ZFR0_EL1.BF16 == 0b0001.
+ Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and
+ ID_AA64ZFR0_EL1.BF16 == 0b0001.
HWCAP2_I8MM
Functionality implied by ID_AA64ISAR1_EL1.I8MM == 0b0001.
@@ -277,7 +287,8 @@ HWCAP2_EBF16
Functionality implied by ID_AA64ISAR1_EL1.BF16 == 0b0010.
HWCAP2_SVE_EBF16
- Functionality implied by ID_AA64ZFR0_EL1.BF16 == 0b0010.
+ Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and
+ ID_AA64ZFR0_EL1.BF16 == 0b0010.
HWCAP2_CSSC
Functionality implied by ID_AA64ISAR2_EL1.CSSC == 0b0001.
@@ -286,7 +297,8 @@ HWCAP2_RPRFM
Functionality implied by ID_AA64ISAR2_EL1.RPRFM == 0b0001.
HWCAP2_SVE2P1
- Functionality implied by ID_AA64ZFR0_EL1.SVEver == 0b0010.
+ Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and
+ ID_AA64ZFR0_EL1.SVEver == 0b0010.
HWCAP2_SME2
Functionality implied by ID_AA64SMFR0_EL1.SMEver == 0b0001.
@@ -313,7 +325,8 @@ HWCAP2_HBC
Functionality implied by ID_AA64ISAR2_EL1.BC == 0b0001.
HWCAP2_SVE_B16B16
- Functionality implied by ID_AA64ZFR0_EL1.B16B16 == 0b0001.
+ Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and
+ ID_AA64ZFR0_EL1.B16B16 == 0b0001.
HWCAP2_LRCPC3
Functionality implied by ID_AA64ISAR1_EL1.LRCPC == 0b0011.
diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
index b105e6683571..678da3ffaef9 100644
--- a/arch/arm64/kernel/cpufeature.c
+++ b/arch/arm64/kernel/cpufeature.c
@@ -3008,6 +3008,13 @@ static const struct arm64_cpu_capabilities arm64_features[] = {
.matches = match, \
}
+#define HWCAP_CAP_MATCH_ID(match, reg, field, min_value, cap_type, cap) \
+ { \
+ __HWCAP_CAP(#cap, cap_type, cap) \
+ HWCAP_CPUID_MATCH(reg, field, min_value) \
+ .matches = match, \
+ }
+
#ifdef CONFIG_ARM64_PTR_AUTH
static const struct arm64_cpu_capabilities ptr_auth_hwcap_addr_matches[] = {
{
@@ -3036,6 +3043,13 @@ static const struct arm64_cpu_capabilities ptr_auth_hwcap_gen_matches[] = {
};
#endif
+#ifdef CONFIG_ARM64_SVE
+static bool has_sve_feature(const struct arm64_cpu_capabilities *cap, int scope)
+{
+ return system_supports_sve() && has_user_cpuid_feature(cap, scope);
+}
+#endif
+
static const struct arm64_cpu_capabilities arm64_elf_hwcaps[] = {
HWCAP_CAP(ID_AA64ISAR0_EL1, AES, PMULL, CAP_HWCAP, KERNEL_HWCAP_PMULL),
HWCAP_CAP(ID_AA64ISAR0_EL1, AES, AES, CAP_HWCAP, KERNEL_HWCAP_AES),
@@ -3078,19 +3092,19 @@ static const struct arm64_cpu_capabilities arm64_elf_hwcaps[] = {
HWCAP_CAP(ID_AA64MMFR2_EL1, AT, IMP, CAP_HWCAP, KERNEL_HWCAP_USCAT),
#ifdef CONFIG_ARM64_SVE
HWCAP_CAP(ID_AA64PFR0_EL1, SVE, IMP, CAP_HWCAP, KERNEL_HWCAP_SVE),
- HWCAP_CAP(ID_AA64ZFR0_EL1, SVEver, SVE2p1, CAP_HWCAP, KERNEL_HWCAP_SVE2P1),
- HWCAP_CAP(ID_AA64ZFR0_EL1, SVEver, SVE2, CAP_HWCAP, KERNEL_HWCAP_SVE2),
- HWCAP_CAP(ID_AA64ZFR0_EL1, AES, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEAES),
- HWCAP_CAP(ID_AA64ZFR0_EL1, AES, PMULL128, CAP_HWCAP, KERNEL_HWCAP_SVEPMULL),
- HWCAP_CAP(ID_AA64ZFR0_EL1, BitPerm, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEBITPERM),
- HWCAP_CAP(ID_AA64ZFR0_EL1, B16B16, IMP, CAP_HWCAP, KERNEL_HWCAP_SVE_B16B16),
- HWCAP_CAP(ID_AA64ZFR0_EL1, BF16, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEBF16),
- HWCAP_CAP(ID_AA64ZFR0_EL1, BF16, EBF16, CAP_HWCAP, KERNEL_HWCAP_SVE_EBF16),
- HWCAP_CAP(ID_AA64ZFR0_EL1, SHA3, IMP, CAP_HWCAP, KERNEL_HWCAP_SVESHA3),
- HWCAP_CAP(ID_AA64ZFR0_EL1, SM4, IMP, CAP_HWCAP, KERNEL_HWCAP_SVESM4),
- HWCAP_CAP(ID_AA64ZFR0_EL1, I8MM, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEI8MM),
- HWCAP_CAP(ID_AA64ZFR0_EL1, F32MM, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEF32MM),
- HWCAP_CAP(ID_AA64ZFR0_EL1, F64MM, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEF64MM),
+ HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, SVEver, SVE2p1, CAP_HWCAP, KERNEL_HWCAP_SVE2P1),
+ HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, SVEver, SVE2, CAP_HWCAP, KERNEL_HWCAP_SVE2),
+ HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, AES, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEAES),
+ HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, AES, PMULL128, CAP_HWCAP, KERNEL_HWCAP_SVEPMULL),
+ HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, BitPerm, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEBITPERM),
+ HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, B16B16, IMP, CAP_HWCAP, KERNEL_HWCAP_SVE_B16B16),
+ HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, BF16, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEBF16),
+ HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, BF16, EBF16, CAP_HWCAP, KERNEL_HWCAP_SVE_EBF16),
+ HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, SHA3, IMP, CAP_HWCAP, KERNEL_HWCAP_SVESHA3),
+ HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, SM4, IMP, CAP_HWCAP, KERNEL_HWCAP_SVESM4),
+ HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, I8MM, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEI8MM),
+ HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, F32MM, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEF32MM),
+ HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, F64MM, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEF64MM),
#endif
#ifdef CONFIG_ARM64_GCS
HWCAP_CAP(ID_AA64PFR1_EL1, GCS, IMP, CAP_HWCAP, KERNEL_HWCAP_GCS),
2 months, 2 weeks
- 1
- 0
FAILED: patch "[PATCH] spi: atmel-qspi: Memory barriers after memory-mapped I/O" failed to apply to 5.4-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 5.4-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y
git checkout FETCH_HEAD
git cherry-pick -x be92ab2de0ee1a13291c3b47b2d7eb24d80c0a2c
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021005-grain-faucet-6a4d@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From be92ab2de0ee1a13291c3b47b2d7eb24d80c0a2c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bence=20Cs=C3=B3k=C3=A1s?= <csokas.bence(a)prolan.hu>
Date: Thu, 19 Dec 2024 10:12:58 +0100
Subject: [PATCH] spi: atmel-qspi: Memory barriers after memory-mapped I/O
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The QSPI peripheral control and status registers are
accessible via the SoC's APB bus, whereas MMIO transactions'
data travels on the AHB bus.
Microchip documentation and even sample code from Atmel
emphasises the need for a memory barrier before the first
MMIO transaction to the AHB-connected QSPI, and before the
last write to its registers via APB. This is achieved by
the following lines in `atmel_qspi_transfer()`:
/* Dummy read of QSPI_IFR to synchronize APB and AHB accesses */
(void)atmel_qspi_read(aq, QSPI_IFR);
However, the current documentation makes no mention to
synchronization requirements in the other direction, i.e.
after the last data written via AHB, and before the first
register access on APB.
In our case, we were facing an issue where the QSPI peripheral
would cease to send any new CSR (nCS Rise) interrupts,
leading to a timeout in `atmel_qspi_wait_for_completion()`
and ultimately this panic in higher levels:
ubi0 error: ubi_io_write: error -110 while writing 63108 bytes
to PEB 491:128, written 63104 bytes
After months of extensive research of the codebase, fiddling
around the debugger with kgdb, and back-and-forth with
Microchip, we came to the conclusion that the issue is
probably that the peripheral is still busy receiving on AHB
when the LASTXFER bit is written to its Control Register
on APB, therefore this write gets lost, and the peripheral
still thinks there is more data to come in the MMIO transfer.
This was first formulated when we noticed that doubling the
write() of QSPI_CR_LASTXFER seemed to solve the problem.
Ultimately, the solution is to introduce memory barriers
after the AHB-mapped MMIO transfers, to ensure ordering.
Fixes: d5433def3153 ("mtd: spi-nor: atmel-quadspi: Add spi-mem support to atmel-quadspi")
Cc: Hari.PrasathGE(a)microchip.com
Cc: Mahesh.Abotula(a)microchip.com
Cc: Marco.Cardellini(a)microchip.com
Cc: stable(a)vger.kernel.org # c0a0203cf579: ("spi: atmel-quadspi: Create `atmel_qspi_ops`"...)
Cc: stable(a)vger.kernel.org # 6.x.y
Signed-off-by: Bence Csókás <csokas.bence(a)prolan.hu>
Link: https://patch.msgid.link/20241219091258.395187-1-csokas.bence@prolan.hu
Signed-off-by: Mark Brown <broonie(a)kernel.org>
diff --git a/drivers/spi/atmel-quadspi.c b/drivers/spi/atmel-quadspi.c
index f46da363574f..8fdc9d27a95e 100644
--- a/drivers/spi/atmel-quadspi.c
+++ b/drivers/spi/atmel-quadspi.c
@@ -661,13 +661,20 @@ static int atmel_qspi_transfer(struct spi_mem *mem,
(void)atmel_qspi_read(aq, QSPI_IFR);
/* Send/Receive data */
- if (op->data.dir == SPI_MEM_DATA_IN)
+ if (op->data.dir == SPI_MEM_DATA_IN) {
memcpy_fromio(op->data.buf.in, aq->mem + offset,
op->data.nbytes);
- else
+
+ /* Synchronize AHB and APB accesses again */
+ rmb();
+ } else {
memcpy_toio(aq->mem + offset, op->data.buf.out,
op->data.nbytes);
+ /* Synchronize AHB and APB accesses again */
+ wmb();
+ }
+
/* Release the chip-select */
atmel_qspi_write(QSPI_CR_LASTXFER, aq, QSPI_CR);
2 months, 2 weeks
- 1
- 0
FAILED: patch "[PATCH] spi: atmel-qspi: Memory barriers after memory-mapped I/O" failed to apply to 5.10-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 5.10-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y
git checkout FETCH_HEAD
git cherry-pick -x be92ab2de0ee1a13291c3b47b2d7eb24d80c0a2c
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021004-crank-detonate-a1d2@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From be92ab2de0ee1a13291c3b47b2d7eb24d80c0a2c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bence=20Cs=C3=B3k=C3=A1s?= <csokas.bence(a)prolan.hu>
Date: Thu, 19 Dec 2024 10:12:58 +0100
Subject: [PATCH] spi: atmel-qspi: Memory barriers after memory-mapped I/O
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The QSPI peripheral control and status registers are
accessible via the SoC's APB bus, whereas MMIO transactions'
data travels on the AHB bus.
Microchip documentation and even sample code from Atmel
emphasises the need for a memory barrier before the first
MMIO transaction to the AHB-connected QSPI, and before the
last write to its registers via APB. This is achieved by
the following lines in `atmel_qspi_transfer()`:
/* Dummy read of QSPI_IFR to synchronize APB and AHB accesses */
(void)atmel_qspi_read(aq, QSPI_IFR);
However, the current documentation makes no mention to
synchronization requirements in the other direction, i.e.
after the last data written via AHB, and before the first
register access on APB.
In our case, we were facing an issue where the QSPI peripheral
would cease to send any new CSR (nCS Rise) interrupts,
leading to a timeout in `atmel_qspi_wait_for_completion()`
and ultimately this panic in higher levels:
ubi0 error: ubi_io_write: error -110 while writing 63108 bytes
to PEB 491:128, written 63104 bytes
After months of extensive research of the codebase, fiddling
around the debugger with kgdb, and back-and-forth with
Microchip, we came to the conclusion that the issue is
probably that the peripheral is still busy receiving on AHB
when the LASTXFER bit is written to its Control Register
on APB, therefore this write gets lost, and the peripheral
still thinks there is more data to come in the MMIO transfer.
This was first formulated when we noticed that doubling the
write() of QSPI_CR_LASTXFER seemed to solve the problem.
Ultimately, the solution is to introduce memory barriers
after the AHB-mapped MMIO transfers, to ensure ordering.
Fixes: d5433def3153 ("mtd: spi-nor: atmel-quadspi: Add spi-mem support to atmel-quadspi")
Cc: Hari.PrasathGE(a)microchip.com
Cc: Mahesh.Abotula(a)microchip.com
Cc: Marco.Cardellini(a)microchip.com
Cc: stable(a)vger.kernel.org # c0a0203cf579: ("spi: atmel-quadspi: Create `atmel_qspi_ops`"...)
Cc: stable(a)vger.kernel.org # 6.x.y
Signed-off-by: Bence Csókás <csokas.bence(a)prolan.hu>
Link: https://patch.msgid.link/20241219091258.395187-1-csokas.bence@prolan.hu
Signed-off-by: Mark Brown <broonie(a)kernel.org>
diff --git a/drivers/spi/atmel-quadspi.c b/drivers/spi/atmel-quadspi.c
index f46da363574f..8fdc9d27a95e 100644
--- a/drivers/spi/atmel-quadspi.c
+++ b/drivers/spi/atmel-quadspi.c
@@ -661,13 +661,20 @@ static int atmel_qspi_transfer(struct spi_mem *mem,
(void)atmel_qspi_read(aq, QSPI_IFR);
/* Send/Receive data */
- if (op->data.dir == SPI_MEM_DATA_IN)
+ if (op->data.dir == SPI_MEM_DATA_IN) {
memcpy_fromio(op->data.buf.in, aq->mem + offset,
op->data.nbytes);
- else
+
+ /* Synchronize AHB and APB accesses again */
+ rmb();
+ } else {
memcpy_toio(aq->mem + offset, op->data.buf.out,
op->data.nbytes);
+ /* Synchronize AHB and APB accesses again */
+ wmb();
+ }
+
/* Release the chip-select */
atmel_qspi_write(QSPI_CR_LASTXFER, aq, QSPI_CR);
2 months, 2 weeks
- 1
- 0
FAILED: patch "[PATCH] spi: atmel-qspi: Memory barriers after memory-mapped I/O" failed to apply to 5.15-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 5.15-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y
git checkout FETCH_HEAD
git cherry-pick -x be92ab2de0ee1a13291c3b47b2d7eb24d80c0a2c
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021003-crewmate-marxism-a03e@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From be92ab2de0ee1a13291c3b47b2d7eb24d80c0a2c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bence=20Cs=C3=B3k=C3=A1s?= <csokas.bence(a)prolan.hu>
Date: Thu, 19 Dec 2024 10:12:58 +0100
Subject: [PATCH] spi: atmel-qspi: Memory barriers after memory-mapped I/O
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The QSPI peripheral control and status registers are
accessible via the SoC's APB bus, whereas MMIO transactions'
data travels on the AHB bus.
Microchip documentation and even sample code from Atmel
emphasises the need for a memory barrier before the first
MMIO transaction to the AHB-connected QSPI, and before the
last write to its registers via APB. This is achieved by
the following lines in `atmel_qspi_transfer()`:
/* Dummy read of QSPI_IFR to synchronize APB and AHB accesses */
(void)atmel_qspi_read(aq, QSPI_IFR);
However, the current documentation makes no mention to
synchronization requirements in the other direction, i.e.
after the last data written via AHB, and before the first
register access on APB.
In our case, we were facing an issue where the QSPI peripheral
would cease to send any new CSR (nCS Rise) interrupts,
leading to a timeout in `atmel_qspi_wait_for_completion()`
and ultimately this panic in higher levels:
ubi0 error: ubi_io_write: error -110 while writing 63108 bytes
to PEB 491:128, written 63104 bytes
After months of extensive research of the codebase, fiddling
around the debugger with kgdb, and back-and-forth with
Microchip, we came to the conclusion that the issue is
probably that the peripheral is still busy receiving on AHB
when the LASTXFER bit is written to its Control Register
on APB, therefore this write gets lost, and the peripheral
still thinks there is more data to come in the MMIO transfer.
This was first formulated when we noticed that doubling the
write() of QSPI_CR_LASTXFER seemed to solve the problem.
Ultimately, the solution is to introduce memory barriers
after the AHB-mapped MMIO transfers, to ensure ordering.
Fixes: d5433def3153 ("mtd: spi-nor: atmel-quadspi: Add spi-mem support to atmel-quadspi")
Cc: Hari.PrasathGE(a)microchip.com
Cc: Mahesh.Abotula(a)microchip.com
Cc: Marco.Cardellini(a)microchip.com
Cc: stable(a)vger.kernel.org # c0a0203cf579: ("spi: atmel-quadspi: Create `atmel_qspi_ops`"...)
Cc: stable(a)vger.kernel.org # 6.x.y
Signed-off-by: Bence Csókás <csokas.bence(a)prolan.hu>
Link: https://patch.msgid.link/20241219091258.395187-1-csokas.bence@prolan.hu
Signed-off-by: Mark Brown <broonie(a)kernel.org>
diff --git a/drivers/spi/atmel-quadspi.c b/drivers/spi/atmel-quadspi.c
index f46da363574f..8fdc9d27a95e 100644
--- a/drivers/spi/atmel-quadspi.c
+++ b/drivers/spi/atmel-quadspi.c
@@ -661,13 +661,20 @@ static int atmel_qspi_transfer(struct spi_mem *mem,
(void)atmel_qspi_read(aq, QSPI_IFR);
/* Send/Receive data */
- if (op->data.dir == SPI_MEM_DATA_IN)
+ if (op->data.dir == SPI_MEM_DATA_IN) {
memcpy_fromio(op->data.buf.in, aq->mem + offset,
op->data.nbytes);
- else
+
+ /* Synchronize AHB and APB accesses again */
+ rmb();
+ } else {
memcpy_toio(aq->mem + offset, op->data.buf.out,
op->data.nbytes);
+ /* Synchronize AHB and APB accesses again */
+ wmb();
+ }
+
/* Release the chip-select */
atmel_qspi_write(QSPI_CR_LASTXFER, aq, QSPI_CR);
2 months, 2 weeks
- 1
- 0
FAILED: patch "[PATCH] spi: atmel-qspi: Memory barriers after memory-mapped I/O" failed to apply to 6.1-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.1-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y
git checkout FETCH_HEAD
git cherry-pick -x be92ab2de0ee1a13291c3b47b2d7eb24d80c0a2c
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021002-capitol-dribble-d5f7@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From be92ab2de0ee1a13291c3b47b2d7eb24d80c0a2c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bence=20Cs=C3=B3k=C3=A1s?= <csokas.bence(a)prolan.hu>
Date: Thu, 19 Dec 2024 10:12:58 +0100
Subject: [PATCH] spi: atmel-qspi: Memory barriers after memory-mapped I/O
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The QSPI peripheral control and status registers are
accessible via the SoC's APB bus, whereas MMIO transactions'
data travels on the AHB bus.
Microchip documentation and even sample code from Atmel
emphasises the need for a memory barrier before the first
MMIO transaction to the AHB-connected QSPI, and before the
last write to its registers via APB. This is achieved by
the following lines in `atmel_qspi_transfer()`:
/* Dummy read of QSPI_IFR to synchronize APB and AHB accesses */
(void)atmel_qspi_read(aq, QSPI_IFR);
However, the current documentation makes no mention to
synchronization requirements in the other direction, i.e.
after the last data written via AHB, and before the first
register access on APB.
In our case, we were facing an issue where the QSPI peripheral
would cease to send any new CSR (nCS Rise) interrupts,
leading to a timeout in `atmel_qspi_wait_for_completion()`
and ultimately this panic in higher levels:
ubi0 error: ubi_io_write: error -110 while writing 63108 bytes
to PEB 491:128, written 63104 bytes
After months of extensive research of the codebase, fiddling
around the debugger with kgdb, and back-and-forth with
Microchip, we came to the conclusion that the issue is
probably that the peripheral is still busy receiving on AHB
when the LASTXFER bit is written to its Control Register
on APB, therefore this write gets lost, and the peripheral
still thinks there is more data to come in the MMIO transfer.
This was first formulated when we noticed that doubling the
write() of QSPI_CR_LASTXFER seemed to solve the problem.
Ultimately, the solution is to introduce memory barriers
after the AHB-mapped MMIO transfers, to ensure ordering.
Fixes: d5433def3153 ("mtd: spi-nor: atmel-quadspi: Add spi-mem support to atmel-quadspi")
Cc: Hari.PrasathGE(a)microchip.com
Cc: Mahesh.Abotula(a)microchip.com
Cc: Marco.Cardellini(a)microchip.com
Cc: stable(a)vger.kernel.org # c0a0203cf579: ("spi: atmel-quadspi: Create `atmel_qspi_ops`"...)
Cc: stable(a)vger.kernel.org # 6.x.y
Signed-off-by: Bence Csókás <csokas.bence(a)prolan.hu>
Link: https://patch.msgid.link/20241219091258.395187-1-csokas.bence@prolan.hu
Signed-off-by: Mark Brown <broonie(a)kernel.org>
diff --git a/drivers/spi/atmel-quadspi.c b/drivers/spi/atmel-quadspi.c
index f46da363574f..8fdc9d27a95e 100644
--- a/drivers/spi/atmel-quadspi.c
+++ b/drivers/spi/atmel-quadspi.c
@@ -661,13 +661,20 @@ static int atmel_qspi_transfer(struct spi_mem *mem,
(void)atmel_qspi_read(aq, QSPI_IFR);
/* Send/Receive data */
- if (op->data.dir == SPI_MEM_DATA_IN)
+ if (op->data.dir == SPI_MEM_DATA_IN) {
memcpy_fromio(op->data.buf.in, aq->mem + offset,
op->data.nbytes);
- else
+
+ /* Synchronize AHB and APB accesses again */
+ rmb();
+ } else {
memcpy_toio(aq->mem + offset, op->data.buf.out,
op->data.nbytes);
+ /* Synchronize AHB and APB accesses again */
+ wmb();
+ }
+
/* Release the chip-select */
atmel_qspi_write(QSPI_CR_LASTXFER, aq, QSPI_CR);
2 months, 2 weeks
- 1
- 0
FAILED: patch "[PATCH] spi: atmel-qspi: Memory barriers after memory-mapped I/O" failed to apply to 6.6-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.6-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y
git checkout FETCH_HEAD
git cherry-pick -x be92ab2de0ee1a13291c3b47b2d7eb24d80c0a2c
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021001-swinging-ashes-6c0f@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From be92ab2de0ee1a13291c3b47b2d7eb24d80c0a2c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bence=20Cs=C3=B3k=C3=A1s?= <csokas.bence(a)prolan.hu>
Date: Thu, 19 Dec 2024 10:12:58 +0100
Subject: [PATCH] spi: atmel-qspi: Memory barriers after memory-mapped I/O
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The QSPI peripheral control and status registers are
accessible via the SoC's APB bus, whereas MMIO transactions'
data travels on the AHB bus.
Microchip documentation and even sample code from Atmel
emphasises the need for a memory barrier before the first
MMIO transaction to the AHB-connected QSPI, and before the
last write to its registers via APB. This is achieved by
the following lines in `atmel_qspi_transfer()`:
/* Dummy read of QSPI_IFR to synchronize APB and AHB accesses */
(void)atmel_qspi_read(aq, QSPI_IFR);
However, the current documentation makes no mention to
synchronization requirements in the other direction, i.e.
after the last data written via AHB, and before the first
register access on APB.
In our case, we were facing an issue where the QSPI peripheral
would cease to send any new CSR (nCS Rise) interrupts,
leading to a timeout in `atmel_qspi_wait_for_completion()`
and ultimately this panic in higher levels:
ubi0 error: ubi_io_write: error -110 while writing 63108 bytes
to PEB 491:128, written 63104 bytes
After months of extensive research of the codebase, fiddling
around the debugger with kgdb, and back-and-forth with
Microchip, we came to the conclusion that the issue is
probably that the peripheral is still busy receiving on AHB
when the LASTXFER bit is written to its Control Register
on APB, therefore this write gets lost, and the peripheral
still thinks there is more data to come in the MMIO transfer.
This was first formulated when we noticed that doubling the
write() of QSPI_CR_LASTXFER seemed to solve the problem.
Ultimately, the solution is to introduce memory barriers
after the AHB-mapped MMIO transfers, to ensure ordering.
Fixes: d5433def3153 ("mtd: spi-nor: atmel-quadspi: Add spi-mem support to atmel-quadspi")
Cc: Hari.PrasathGE(a)microchip.com
Cc: Mahesh.Abotula(a)microchip.com
Cc: Marco.Cardellini(a)microchip.com
Cc: stable(a)vger.kernel.org # c0a0203cf579: ("spi: atmel-quadspi: Create `atmel_qspi_ops`"...)
Cc: stable(a)vger.kernel.org # 6.x.y
Signed-off-by: Bence Csókás <csokas.bence(a)prolan.hu>
Link: https://patch.msgid.link/20241219091258.395187-1-csokas.bence@prolan.hu
Signed-off-by: Mark Brown <broonie(a)kernel.org>
diff --git a/drivers/spi/atmel-quadspi.c b/drivers/spi/atmel-quadspi.c
index f46da363574f..8fdc9d27a95e 100644
--- a/drivers/spi/atmel-quadspi.c
+++ b/drivers/spi/atmel-quadspi.c
@@ -661,13 +661,20 @@ static int atmel_qspi_transfer(struct spi_mem *mem,
(void)atmel_qspi_read(aq, QSPI_IFR);
/* Send/Receive data */
- if (op->data.dir == SPI_MEM_DATA_IN)
+ if (op->data.dir == SPI_MEM_DATA_IN) {
memcpy_fromio(op->data.buf.in, aq->mem + offset,
op->data.nbytes);
- else
+
+ /* Synchronize AHB and APB accesses again */
+ rmb();
+ } else {
memcpy_toio(aq->mem + offset, op->data.buf.out,
op->data.nbytes);
+ /* Synchronize AHB and APB accesses again */
+ wmb();
+ }
+
/* Release the chip-select */
atmel_qspi_write(QSPI_CR_LASTXFER, aq, QSPI_CR);
2 months, 2 weeks
- 1
- 0
FAILED: patch "[PATCH] spi: atmel-qspi: Memory barriers after memory-mapped I/O" failed to apply to 6.12-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.12-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y
git checkout FETCH_HEAD
git cherry-pick -x be92ab2de0ee1a13291c3b47b2d7eb24d80c0a2c
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021000-onslaught-gumming-8c6b@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From be92ab2de0ee1a13291c3b47b2d7eb24d80c0a2c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bence=20Cs=C3=B3k=C3=A1s?= <csokas.bence(a)prolan.hu>
Date: Thu, 19 Dec 2024 10:12:58 +0100
Subject: [PATCH] spi: atmel-qspi: Memory barriers after memory-mapped I/O
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The QSPI peripheral control and status registers are
accessible via the SoC's APB bus, whereas MMIO transactions'
data travels on the AHB bus.
Microchip documentation and even sample code from Atmel
emphasises the need for a memory barrier before the first
MMIO transaction to the AHB-connected QSPI, and before the
last write to its registers via APB. This is achieved by
the following lines in `atmel_qspi_transfer()`:
/* Dummy read of QSPI_IFR to synchronize APB and AHB accesses */
(void)atmel_qspi_read(aq, QSPI_IFR);
However, the current documentation makes no mention to
synchronization requirements in the other direction, i.e.
after the last data written via AHB, and before the first
register access on APB.
In our case, we were facing an issue where the QSPI peripheral
would cease to send any new CSR (nCS Rise) interrupts,
leading to a timeout in `atmel_qspi_wait_for_completion()`
and ultimately this panic in higher levels:
ubi0 error: ubi_io_write: error -110 while writing 63108 bytes
to PEB 491:128, written 63104 bytes
After months of extensive research of the codebase, fiddling
around the debugger with kgdb, and back-and-forth with
Microchip, we came to the conclusion that the issue is
probably that the peripheral is still busy receiving on AHB
when the LASTXFER bit is written to its Control Register
on APB, therefore this write gets lost, and the peripheral
still thinks there is more data to come in the MMIO transfer.
This was first formulated when we noticed that doubling the
write() of QSPI_CR_LASTXFER seemed to solve the problem.
Ultimately, the solution is to introduce memory barriers
after the AHB-mapped MMIO transfers, to ensure ordering.
Fixes: d5433def3153 ("mtd: spi-nor: atmel-quadspi: Add spi-mem support to atmel-quadspi")
Cc: Hari.PrasathGE(a)microchip.com
Cc: Mahesh.Abotula(a)microchip.com
Cc: Marco.Cardellini(a)microchip.com
Cc: stable(a)vger.kernel.org # c0a0203cf579: ("spi: atmel-quadspi: Create `atmel_qspi_ops`"...)
Cc: stable(a)vger.kernel.org # 6.x.y
Signed-off-by: Bence Csókás <csokas.bence(a)prolan.hu>
Link: https://patch.msgid.link/20241219091258.395187-1-csokas.bence@prolan.hu
Signed-off-by: Mark Brown <broonie(a)kernel.org>
diff --git a/drivers/spi/atmel-quadspi.c b/drivers/spi/atmel-quadspi.c
index f46da363574f..8fdc9d27a95e 100644
--- a/drivers/spi/atmel-quadspi.c
+++ b/drivers/spi/atmel-quadspi.c
@@ -661,13 +661,20 @@ static int atmel_qspi_transfer(struct spi_mem *mem,
(void)atmel_qspi_read(aq, QSPI_IFR);
/* Send/Receive data */
- if (op->data.dir == SPI_MEM_DATA_IN)
+ if (op->data.dir == SPI_MEM_DATA_IN) {
memcpy_fromio(op->data.buf.in, aq->mem + offset,
op->data.nbytes);
- else
+
+ /* Synchronize AHB and APB accesses again */
+ rmb();
+ } else {
memcpy_toio(aq->mem + offset, op->data.buf.out,
op->data.nbytes);
+ /* Synchronize AHB and APB accesses again */
+ wmb();
+ }
+
/* Release the chip-select */
atmel_qspi_write(QSPI_CR_LASTXFER, aq, QSPI_CR);
2 months, 2 weeks
- 1
- 0
FAILED: patch "[PATCH] cpufreq: fix using cpufreq-dt as module" failed to apply to 6.6-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.6-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y
git checkout FETCH_HEAD
git cherry-pick -x f1f010c9d9c62c865d9f54e94075800ba764b4d9
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021010-liquefy-pointer-8122@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From f1f010c9d9c62c865d9f54e94075800ba764b4d9 Mon Sep 17 00:00:00 2001
From: Andreas Kemnade <andreas(a)kemnade.info>
Date: Sun, 3 Nov 2024 22:02:51 +0100
Subject: [PATCH] cpufreq: fix using cpufreq-dt as module
This driver can be built as a module since commit 3b062a086984 ("cpufreq:
dt-platdev: Support building as module"), but unfortunately this caused
a regression because the cputfreq-dt-platdev.ko module does not autoload.
Usually, this is solved by just using the MODULE_DEVICE_TABLE() macro to
export all the device IDs as module aliases. But this driver is special
due how matches with devices and decides what platform supports.
There are two of_device_id lists, an allow list that are for CPU devices
that always match and a deny list that's for devices that must not match.
The driver registers a cpufreq-dt platform device for all the CPU device
nodes that either are in the allow list or contain an operating-points-v2
property and are not in the deny list.
Enforce builtin compile of cpufreq-dt-platdev to make autoload work.
Fixes: 3b062a086984 ("cpufreq: dt-platdev: Support building as module")
Link: https://lore.kernel.org/all/20241104201424.2a42efdd@akair/
Link: https://lore.kernel.org/all/20241119111918.1732531-1-javierm@redhat.com/
Cc: stable(a)vger.kernel.org
Signed-off-by: Andreas Kemnade <andreas(a)kemnade.info>
Reported-by: Radu Rendec <rrendec(a)redhat.com>
Reported-by: Javier Martinez Canillas <javierm(a)redhat.com>
[ Viresh: Picked commit log from Javier, updated tags ]
Signed-off-by: Viresh Kumar <viresh.kumar(a)linaro.org>
diff --git a/drivers/cpufreq/Kconfig b/drivers/cpufreq/Kconfig
index 92a83a9bb2e1..ea9afdc119fb 100644
--- a/drivers/cpufreq/Kconfig
+++ b/drivers/cpufreq/Kconfig
@@ -232,7 +232,7 @@ config CPUFREQ_VIRT
If in doubt, say N.
config CPUFREQ_DT_PLATDEV
- tristate "Generic DT based cpufreq platdev driver"
+ bool "Generic DT based cpufreq platdev driver"
depends on OF
help
This adds a generic DT based cpufreq platdev driver for frequency
diff --git a/drivers/cpufreq/cpufreq-dt-platdev.c b/drivers/cpufreq/cpufreq-dt-platdev.c
index 2a3e8bd317c9..9c198bd4f7e9 100644
--- a/drivers/cpufreq/cpufreq-dt-platdev.c
+++ b/drivers/cpufreq/cpufreq-dt-platdev.c
@@ -235,5 +235,3 @@ static int __init cpufreq_dt_platdev_init(void)
sizeof(struct cpufreq_dt_platform_data)));
}
core_initcall(cpufreq_dt_platdev_init);
-MODULE_DESCRIPTION("Generic DT based cpufreq platdev driver");
-MODULE_LICENSE("GPL");
2 months, 2 weeks
- 1
- 0
[PATCH v4 0/2] Tegra ADMA fixes
by Mohan Kumar D
- Fix build error due to 64-by-32 division
- Additional check for adma max page
Mohan Kumar D (2):
dmaengine: tegra210-adma: Fix build error due to 64-by-32 division
dmaengine: tegra210-adma: check for adma max page
drivers/dma/tegra210-adma.c | 20 ++++++++++++++++----
1 file changed, 16 insertions(+), 4 deletions(-)
--
2.25.1
2 months, 2 weeks
- 4
- 13
[PATCH] USB: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk
by Marek Vasut
Add Renesas R-Car D3 USB Download mode quirk and update comments
on all the other Renesas R-Car USB Download mode quirks to discern
them from each other. This follows R-Car Series, 3rd Generation
reference manual Rev.2.00 chapter 19.2.8 USB download mode .
Fixes: 6d853c9e4104 ("usb: cdc-acm: Add DISABLE_ECHO for Renesas USB Download mode")
Signed-off-by: Marek Vasut <marek.vasut+renesas(a)mailbox.org>
---
Cc: Chris Brandt <chris.brandt(a)renesas.com>
Cc: Geert Uytterhoeven <geert+renesas(a)glider.be>
Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
Cc: Oliver Neukum <oneukum(a)suse.com>
Cc: linux-renesas-soc(a)vger.kernel.org
Cc: linux-usb(a)vger.kernel.org
Cc: stable(a)vger.kernel.org
---
drivers/usb/class/cdc-acm.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/drivers/usb/class/cdc-acm.c b/drivers/usb/class/cdc-acm.c
index 6b37d1c47fce1..06c7d86c5449e 100644
--- a/drivers/usb/class/cdc-acm.c
+++ b/drivers/usb/class/cdc-acm.c
@@ -1727,13 +1727,16 @@ static const struct usb_device_id acm_ids[] = {
{ USB_DEVICE(0x0870, 0x0001), /* Metricom GS Modem */
.driver_info = NO_UNION_NORMAL, /* has no union descriptor */
},
- { USB_DEVICE(0x045b, 0x023c), /* Renesas USB Download mode */
+ { USB_DEVICE(0x045b, 0x023c), /* Renesas R-Car H3 USB Download mode */
.driver_info = DISABLE_ECHO, /* Don't echo banner */
},
- { USB_DEVICE(0x045b, 0x0248), /* Renesas USB Download mode */
+ { USB_DEVICE(0x045b, 0x0247), /* Renesas R-Car D3 USB Download mode */
.driver_info = DISABLE_ECHO, /* Don't echo banner */
},
- { USB_DEVICE(0x045b, 0x024D), /* Renesas USB Download mode */
+ { USB_DEVICE(0x045b, 0x0248), /* Renesas R-Car M3-N USB Download mode */
+ .driver_info = DISABLE_ECHO, /* Don't echo banner */
+ },
+ { USB_DEVICE(0x045b, 0x024D), /* Renesas R-Car E3 USB Download mode */
.driver_info = DISABLE_ECHO, /* Don't echo banner */
},
{ USB_DEVICE(0x0e8d, 0x0003), /* FIREFLY, MediaTek Inc; andrey.arapov(a)gmail.com */
--
2.47.2
2 months, 2 weeks
- 4
- 4
[PATCH v5.15-v5.4] lib/generic-radix-tree.c: Don't overflow in peek()
by hsimeliere.opensource@witekio.com
From: Kent Overstreet <kent.overstreet(a)gmail.com>
[ Upstream commit 9492261ff2460252cf2d8de89cdf854c7e2b28a0 ]
When we started spreading new inode numbers throughout most of the 64
bit inode space, that triggered some corner case bugs, in particular
some integer overflows related to the radix tree code. Oops.
Signed-off-by: Kent Overstreet <kent.overstreet(a)gmail.com>
Signed-off-by: Bruno VERNAY <bruno.vernay(a)se.com>
Signed-off-by: Hugo SIMELIERE <hsimeliere.opensource(a)witekio.com>
---
include/linux/generic-radix-tree.h | 7 +++++++
lib/generic-radix-tree.c | 17 ++++++++++++++---
2 files changed, 21 insertions(+), 3 deletions(-)
diff --git a/include/linux/generic-radix-tree.h b/include/linux/generic-radix-tree.h
index bfd00320c7f3..0e7abc635e5f 100644
--- a/include/linux/generic-radix-tree.h
+++ b/include/linux/generic-radix-tree.h
@@ -39,6 +39,7 @@
#include <asm/page.h>
#include <linux/bug.h>
#include <linux/kernel.h>
+#include <linux/limits.h>
#include <linux/log2.h>
struct genradix_root;
@@ -183,6 +184,12 @@ void *__genradix_iter_peek(struct genradix_iter *, struct __genradix *, size_t);
static inline void __genradix_iter_advance(struct genradix_iter *iter,
size_t obj_size)
{
+ if (iter->offset + obj_size < iter->offset) {
+ iter->offset = SIZE_MAX;
+ iter->pos = SIZE_MAX;
+ return;
+ }
+
iter->offset += obj_size;
if (!is_power_of_2(obj_size) &&
diff --git a/lib/generic-radix-tree.c b/lib/generic-radix-tree.c
index 34d3ac52de89..78f081d695d0 100644
--- a/lib/generic-radix-tree.c
+++ b/lib/generic-radix-tree.c
@@ -168,6 +168,10 @@ void *__genradix_iter_peek(struct genradix_iter *iter,
struct genradix_root *r;
struct genradix_node *n;
unsigned level, i;
+
+ if (iter->offset == SIZE_MAX)
+ return NULL;
+
restart:
r = READ_ONCE(radix->root);
if (!r)
@@ -186,10 +190,17 @@ void *__genradix_iter_peek(struct genradix_iter *iter,
(GENRADIX_ARY - 1);
while (!n->children[i]) {
+ size_t objs_per_ptr = genradix_depth_size(level);
+
+ if (iter->offset + objs_per_ptr < iter->offset) {
+ iter->offset = SIZE_MAX;
+ iter->pos = SIZE_MAX;
+ return NULL;
+ }
+
i++;
- iter->offset = round_down(iter->offset +
- genradix_depth_size(level),
- genradix_depth_size(level));
+ iter->offset = round_down(iter->offset + objs_per_ptr,
+ objs_per_ptr);
iter->pos = (iter->offset >> PAGE_SHIFT) *
objs_per_page;
if (i == GENRADIX_ARY)
--
2.43.0
2 months, 2 weeks
- 2
- 3
[PATCH] fuse: prevent folio use-after-free in readahead
by Vlastimil Babka
There have been crash reports in 6.13+ kernels related to FUSE and
Flatpak, such as from Christian:
BUG: Bad page state in process rnote pfn:67587
page: refcount:-1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x67587
flags: 0xfffffc8000020(lru|node=0|zone=1|lastcpupid=0x1fffff)
raw: 000fffffc8000020 dead000000000100 dead000000000122 0000000000000000
raw: 0000000000000000 0000000000000000 ffffffffffffffff 0000000000000000
page dumped because: PAGE_FLAGS_CHECK_AT_PREP flag(s) set
CPU: 0 UID: 1000 PID: 1962 Comm: rnote Not tainted 6.14.0-rc1-1-mainline #1 715c0460cf5d3cc18e3178ef3209cee42e97ae1c
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS unknown 02/02/2022
Call Trace:
dump_stack_lvl+0x5d/0x80
bad_page.cold+0x7a/0x91
__rmqueue_pcplist+0x200/0xc50
get_page_from_freelist+0x2ae/0x1740
? srso_return_thunk+0x5/0x5f
? __pm_runtime_suspend+0x69/0xc0
? srso_return_thunk+0x5/0x5f
? __seccomp_filter+0x303/0x520
? srso_return_thunk+0x5/0x5f
__alloc_frozen_pages_noprof+0x184/0x330
alloc_pages_mpol+0x7d/0x160
folio_alloc_mpol_noprof+0x14/0x40
vma_alloc_folio_noprof+0x69/0xb0
do_anonymous_page+0x32a/0x8b0
? srso_return_thunk+0x5/0x5f
? ___pte_offset_map+0x1b/0x180
__handle_mm_fault+0xb5e/0xfe0
handle_mm_fault+0xe2/0x2c0
do_user_addr_fault+0x217/0x620
exc_page_fault+0x81/0x1b0
asm_exc_page_fault+0x26/0x30
RIP: 0033:0x7fcfc31c8cf9
Or Mantas:
list_add corruption. next->prev should be prev (ffff889c8f5bd5f0), but was ffff889940066a10. (next=ffffe3ce8b683548).
WARNING: CPU: 3 PID: 2184 at lib/list_debug.c:29 __list_add_valid_or_report+0x62/0xb0
spi_intel_pci soundcore nvme_core spi_intel rfkill rtsx_pci nvme_auth cec i8042 video serio wmi
CPU: 3 UID: 1000 PID: 2184 Comm: fuse mainloop Tainted: G U OE 6.13.1-arch1-1 #1 c1258adae10e6ad423427764ae6ad3679b7d8e8a
Tainted: [U]=USER, [O]=OOT_MODULE, [E]=UNSIGNED_MODULE
Hardware name: LENOVO 20S6003QPB/20S6003QPB, BIOS N2XET42W (1.32 ) 06/12/2024
RIP: 0010:__list_add_valid_or_report+0x62/0xb0
Call Trace:
<TASK>
? __list_add_valid_or_report+0x62/0xb0
? __warn.cold+0x93/0xf6
? __list_add_valid_or_report+0x62/0xb0
? report_bug+0xff/0x140
? handle_bug+0x58/0x90
? exc_invalid_op+0x17/0x70
? asm_exc_invalid_op+0x1a/0x20
? __list_add_valid_or_report+0x62/0xb0
free_unref_page_commit.cold+0x9/0x12
free_unref_page+0x46e/0x570
fuse_copy_page+0x37e/0x6c0
fuse_copy_args+0x186/0x210
fuse_dev_do_write+0x796/0x12a0
fuse_dev_splice_write+0x29d/0x380
do_splice+0x308/0x890
__do_splice+0x204/0x220
__x64_sys_splice+0x84/0xf0
do_syscall_64+0x82/0x190
entry_SYSCALL_64_after_hwframe+0x76/0x7e
RIP: 0033:0x77e0dde36e56
Christian bisected the issue to 3eab9d7bc2f4 ("fuse: convert readahead
to use folios"). The bug reports suggest a refcount underflow on struct
page due to a use after free or double free. The bisected commit
switches fuse_readahead() to readahead_folio() which includes a
folio_put() and removes folio_put() from fuse_readpages_end(). As a
result folios on the ap->folios (previously ap->pages) don't have an
elevated refcount. According to Matthew the folio lock should protect
them from being freed prematurely. It's unclear why not, but before this
is fully resolved we can stop the kernels from crashing by having the
refcount relevated again. Thus switch to __readahead_folio() that does
not drop the refcount, and reinstate folio_put() in
fuse_readpages_end().
Fixes: 3eab9d7bc2f4 ("fuse: convert readahead to use folios")
Reported-by: Christian Heusel <christian(a)heusel.eu>
Closes: https://lore.kernel.org/all/2f681f48-00f5-4e09-8431-2b3dbfaa881e@heusel.eu/
Closes: https://gitlab.archlinux.org/archlinux/packaging/packages/linux/-/issues/110
Reported-by: Mantas Mikulėnas <grawity(a)gmail.com>
Closes: https://lore.kernel.org/all/34feb867-09e2-46e4-aa31-d9660a806d1a@gmail.com/
Closes: https://bugzilla.opensuse.org/show_bug.cgi?id=1236660
Tested-by: Joanne Koong <joannelkoong(a)gmail.com>
Cc: Vlastimil Babka <vbabka(a)suse.cz>
Cc: Matthew Wilcox <willy(a)infradead.org>
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Vlastimil Babka <vbabka(a)suse.cz>
---
Given the impact on users and positive testing feedback, this is the
proper patch in case Miklos decides to mainline and stable it before the
full picture is known.
fs/fuse/file.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/fs/fuse/file.c b/fs/fuse/file.c
index 7d92a5479998..a40d65ffb94d 100644
--- a/fs/fuse/file.c
+++ b/fs/fuse/file.c
@@ -955,8 +955,10 @@ static void fuse_readpages_end(struct fuse_mount *fm, struct fuse_args *args,
fuse_invalidate_atime(inode);
}
- for (i = 0; i < ap->num_folios; i++)
+ for (i = 0; i < ap->num_folios; i++) {
folio_end_read(ap->folios[i], !err);
+ folio_put(ap->folios[i]);
+ }
if (ia->ff)
fuse_file_put(ia->ff, false);
@@ -1048,7 +1050,7 @@ static void fuse_readahead(struct readahead_control *rac)
ap = &ia->ap;
while (ap->num_folios < cur_pages) {
- folio = readahead_folio(rac);
+ folio = __readahead_folio(rac);
ap->folios[ap->num_folios] = folio;
ap->descs[ap->num_folios].length = folio_size(folio);
ap->num_folios++;
--
2.48.1
2 months, 2 weeks
- 1
- 0
[PATCH] mm/cma: add an API to enable/disable concurrent memory allocation for the CMA
by yangge1116@126.com
From: yangge <yangge1116(a)126.com>
Commit 60a60e32cf91 ("Revert "mm/cma.c: remove redundant cma_mutex lock"")
simply reverts to the original method of using the cma_mutex to ensure
that alloc_contig_range() runs sequentially. This change was made to avoid
concurrency allocation failures. However, it can negatively impact
performance when concurrent allocation of CMA memory is required.
To address this issue, we could introduce an API for concurrency settings,
allowing users to decide whether their CMA can perform concurrent memory
allocations or not.
Fixes: 60a60e32cf91 ("Revert "mm/cma.c: remove redundant cma_mutex lock"")
Signed-off-by: yangge <yangge1116(a)126.com>
Cc: <stable(a)vger.kernel.org>
---
include/linux/cma.h | 2 ++
mm/cma.c | 22 ++++++++++++++++++++--
mm/cma.h | 1 +
3 files changed, 23 insertions(+), 2 deletions(-)
diff --git a/include/linux/cma.h b/include/linux/cma.h
index d15b64f..2384624 100644
--- a/include/linux/cma.h
+++ b/include/linux/cma.h
@@ -53,6 +53,8 @@ extern int cma_for_each_area(int (*it)(struct cma *cma, void *data), void *data)
extern void cma_reserve_pages_on_error(struct cma *cma);
+extern bool cma_set_concurrency(struct cma *cma, bool concurrency);
+
#ifdef CONFIG_CMA
struct folio *cma_alloc_folio(struct cma *cma, int order, gfp_t gfp);
bool cma_free_folio(struct cma *cma, const struct folio *folio);
diff --git a/mm/cma.c b/mm/cma.c
index de5bc0c..49a7186 100644
--- a/mm/cma.c
+++ b/mm/cma.c
@@ -460,9 +460,17 @@ static struct page *__cma_alloc(struct cma *cma, unsigned long count,
spin_unlock_irq(&cma->lock);
pfn = cma->base_pfn + (bitmap_no << cma->order_per_bit);
- mutex_lock(&cma_mutex);
+
+ /*
+ * If the user sets the concurr_alloc of CMA to true, concurrent
+ * memory allocation is allowed. If the user sets it to false or
+ * does not set it, concurrent memory allocation is not allowed.
+ */
+ if (!cma->concurr_alloc)
+ mutex_lock(&cma_mutex);
ret = alloc_contig_range(pfn, pfn + count, MIGRATE_CMA, gfp);
- mutex_unlock(&cma_mutex);
+ if (!cma->concurr_alloc)
+ mutex_unlock(&cma_mutex);
if (ret == 0) {
page = pfn_to_page(pfn);
break;
@@ -610,3 +618,13 @@ int cma_for_each_area(int (*it)(struct cma *cma, void *data), void *data)
return 0;
}
+
+bool cma_set_concurrency(struct cma *cma, bool concurrency)
+{
+ if (!cma)
+ return false;
+
+ cma->concurr_alloc = concurrency;
+
+ return true;
+}
diff --git a/mm/cma.h b/mm/cma.h
index 8485ef8..30f489d 100644
--- a/mm/cma.h
+++ b/mm/cma.h
@@ -16,6 +16,7 @@ struct cma {
unsigned long *bitmap;
unsigned int order_per_bit; /* Order of pages represented by one bit */
spinlock_t lock;
+ bool concurr_alloc;
#ifdef CONFIG_CMA_DEBUGFS
struct hlist_head mem_head;
spinlock_t mem_head_lock;
--
2.7.4
2 months, 2 weeks
- 6
- 8
[PATCH v3 2/5] misc: pci_endpoint_test: Fix disyplaying irq_type after request_irq error
by Kunihiko Hayashi
There are two variables that indicate the interrupt type to be used
in the next test execution, global "irq_type" and test->irq_type.
The former is referenced from pci_endpoint_test_get_irq() to preserve
the current type for ioctl(PCITEST_GET_IRQTYPE).
In pci_endpoint_test_request_irq(), since this global variable is
referenced when an error occurs, the unintended error message is
displayed.
For example, the following message shows "MSI 3" even if the current
irq type becomes "MSI-X".
# pcitest -i 2
pci-endpoint-test 0000:01:00.0: Failed to request IRQ 30 for MSI 3
SET IRQ TYPE TO MSI-X: NOT OKAY
Fix this issue by using test->irq_type instead of global "irq_type".
Cc: stable(a)vger.kernel.org
Fixes: b2ba9225e031 ("misc: pci_endpoint_test: Avoid using module parameter to determine irqtype")
Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org>
Signed-off-by: Kunihiko Hayashi <hayashi.kunihiko(a)socionext.com>
---
drivers/misc/pci_endpoint_test.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/misc/pci_endpoint_test.c b/drivers/misc/pci_endpoint_test.c
index bbcccd425700..f13fa32ef91a 100644
--- a/drivers/misc/pci_endpoint_test.c
+++ b/drivers/misc/pci_endpoint_test.c
@@ -242,7 +242,7 @@ static int pci_endpoint_test_request_irq(struct pci_endpoint_test *test)
return 0;
fail:
- switch (irq_type) {
+ switch (test->irq_type) {
case IRQ_TYPE_INTX:
dev_err(dev, "Failed to request IRQ %d for Legacy\n",
pci_irq_vector(pdev, i));
--
2.25.1
2 months, 2 weeks
- 1
- 0
[PATCH 6.6 v2 0/6] md/md-bitmap: move bitmap_{start, end}write to md upper layer
by Yu Kuai
From: Yu Kuai <yukuai3(a)huawei.com>
Changes in v2:
- Add descriptions about chagnes from the original commits, in order to
fix conflicts.
This set is actually a refactor, we're bacporting this set because
following problems can be fixed:
https://lore.kernel.org/all/CAJpMwyjmHQLvm6zg1cmQErttNNQPDAAXPKM3xgTjMhbfts…
https://lore.kernel.org/all/ADF7D720-5764-4AF3-B68E-1845988737AA@flyingcirc…
See details in patch 6.
I'll suggest people to upgrade their kernel to v6.6+, please let me know
if anyone really want this set for lower version.
Benjamin Marzinski (1):
md/raid5: recheck if reshape has finished with device_lock held
Yu Kuai (5):
md/md-bitmap: factor behind write counters out from
bitmap_{start/end}write()
md/md-bitmap: remove the last parameter for bimtap_ops->endwrite()
md: add a new callback pers->bitmap_sector()
md/raid5: implement pers->bitmap_sector()
md/md-bitmap: move bitmap_{start, end}write to md upper layer
drivers/md/md-bitmap.c | 75 ++++++++++-------
drivers/md/md-bitmap.h | 6 +-
drivers/md/md.c | 26 ++++++
drivers/md/md.h | 5 ++
drivers/md/raid1.c | 35 ++------
drivers/md/raid1.h | 1 -
drivers/md/raid10.c | 26 +-----
drivers/md/raid10.h | 1 -
drivers/md/raid5-cache.c | 4 -
drivers/md/raid5.c | 174 ++++++++++++++++++++++-----------------
drivers/md/raid5.h | 4 -
11 files changed, 185 insertions(+), 172 deletions(-)
--
2.39.2
2 months, 2 weeks
- 1
- 6
[PATCH v2 1/3] misc: pci_endpoint_test: Avoid issue of interrupts remaining after request_irq error
by Kunihiko Hayashi
After devm_request_irq() fails with error,
pci_endpoint_test_free_irq_vectors() is called to free allocated vectors
with pci_free_irq_vectors().
However some requested IRQs are still allocated, so there are still
/proc/irq/* entries remaining and we encounters WARN() with the following
message:
remove_proc_entry: removing non-empty directory 'irq/30', leaking at
least 'pci-endpoint-test.0'
WARNING: CPU: 0 PID: 80 at fs/proc/generic.c:717 remove_proc_entry
+0x190/0x19c
To solve this issue, set the number of remaining IRQs and release the IRQs
in advance by calling pci_endpoint_test_release_irq().
Cc: stable(a)vger.kernel.org
Fixes: e03327122e2c ("pci_endpoint_test: Add 2 ioctl commands")
Signed-off-by: Kunihiko Hayashi <hayashi.kunihiko(a)socionext.com>
---
drivers/misc/pci_endpoint_test.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/misc/pci_endpoint_test.c b/drivers/misc/pci_endpoint_test.c
index 3702dcc89ab7..302955c20979 100644
--- a/drivers/misc/pci_endpoint_test.c
+++ b/drivers/misc/pci_endpoint_test.c
@@ -252,6 +252,9 @@ static bool pci_endpoint_test_request_irq(struct pci_endpoint_test *test)
break;
}
+ test->num_irqs = i;
+ pci_endpoint_test_release_irq(test);
+
return false;
}
--
2.25.1
2 months, 2 weeks
- 2
- 4
Re: [PATCH] wifi: brcmfmac: cfg80211: Handle SSID based pmksa deletion
by Aditya Garg
Hi
wpa_supplicant 2.11 broke Wi-Fi on T2 Macs as well, but this patch doesn't seem to be fixing Wi-Fi. Instead, it's breaking it even on older 2.10 wpa_supplicant. Tested by a user on bcm4364b2 wifi chip with a WPA2-PSK [AES] network. dmesg output:
However dmesg outputs more info
[ 5.852978] usbcore: registered new interface driver brcmfmac
[ 5.853114] brcmfmac 0000:01:00.0: enabling device (0000 -> 0002)
[ 5.992212] brcmfmac: brcmf_fw_alloc_request: using brcm/brcmfmac4364b2-pcie for chip BCM4364/3
[ 5.993923] brcmfmac 0000:01:00.0: Direct firmware load for brcm/brcmfmac4364b2-pcie.apple,maui-HRPN-u-7.5-X0.bin failed with error -2
[ 5.993968] brcmfmac 0000:01:00.0: Direct firmware load for brcm/brcmfmac4364b2-pcie.apple,maui-HRPN-u-7.5.bin failed with error -2
[ 5.994004] brcmfmac 0000:01:00.0: Direct firmware load for brcm/brcmfmac4364b2-pcie.apple,maui-HRPN-u.bin failed with error -2
[ 5.994041] brcmfmac 0000:01:00.0: Direct firmware load for brcm/brcmfmac4364b2-pcie.apple,maui-HRPN.bin failed with error -2
[ 5.994076] brcmfmac 0000:01:00.0: Direct firmware load for brcm/brcmfmac4364b2-pcie.apple,maui-X0.bin failed with error -2
[ 6.162830] Bluetooth: hci0: BCM: 'brcm/BCM.hcd'
[ 6.796637] brcmfmac: brcmf_c_process_txcap_blob: TxCap blob found, loading
[ 6.798396] brcmfmac: brcmf_c_preinit_dcmds: Firmware: BCM4364/3 wl0: Jul 10 2023 12:30:19 version 9.30.503.0.32.5.92 FWID 01-88a8883
[ 6.885876] brcmfmac 0000:01:00.0 wlp1s0: renamed from wlan0
[ 8.195243] ieee80211 phy0: brcmf_p2p_set_firmware: failed to update device address ret -52
[ 8.196584] ieee80211 phy0: brcmf_p2p_create_p2pdev: set p2p_disc error
[ 8.196588] ieee80211 phy0: brcmf_cfg80211_add_iface: add iface p2p-dev-wlp1s0 type 10 failed: err=-52
2 months, 2 weeks
- 3
- 7
[PATCH 6.12.y] mptcp: prevent excessive coalescing on receive
by Matthieu Baerts (NGI0)
From: Paolo Abeni <pabeni(a)redhat.com>
commit 56b824eb49d6258aa0bad09a406ceac3f643cdae upstream.
Currently the skb size after coalescing is only limited by the skb
layout (the skb must not carry frag_list). A single coalesced skb
covering several MSS can potentially fill completely the receive
buffer. In such a case, the snd win will zero until the receive buffer
will be empty again, affecting tput badly.
Fixes: 8268ed4c9d19 ("mptcp: introduce and use mptcp_try_coalesce()")
Cc: stable(a)vger.kernel.org # please delay 2 weeks after 6.13-final release
Signed-off-by: Paolo Abeni <pabeni(a)redhat.com>
Reviewed-by: Mat Martineau <martineau(a)kernel.org>
Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org>
Link: https://patch.msgid.link/20241230-net-mptcp-rbuf-fixes-v1-3-8608af434ceb@ke…
Signed-off-by: Jakub Kicinski <kuba(a)kernel.org>
Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org>
---
Notes:
- We asked to delay the patch. There were no conflicts.
---
net/mptcp/protocol.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c
index fac774825aff..42b239d9b2b3 100644
--- a/net/mptcp/protocol.c
+++ b/net/mptcp/protocol.c
@@ -136,6 +136,7 @@ static bool mptcp_try_coalesce(struct sock *sk, struct sk_buff *to,
int delta;
if (MPTCP_SKB_CB(from)->offset ||
+ ((to->len + from->len) > (sk->sk_rcvbuf >> 3)) ||
!skb_try_coalesce(to, from, &fragstolen, &delta))
return false;
--
2.47.1
2 months, 2 weeks
- 1
- 0
[PATCH 5.10.y] mptcp: prevent excessive coalescing on receive
by Matthieu Baerts (NGI0)
From: Paolo Abeni <pabeni(a)redhat.com>
commit 56b824eb49d6258aa0bad09a406ceac3f643cdae upstream.
Currently the skb size after coalescing is only limited by the skb
layout (the skb must not carry frag_list). A single coalesced skb
covering several MSS can potentially fill completely the receive
buffer. In such a case, the snd win will zero until the receive buffer
will be empty again, affecting tput badly.
Fixes: 8268ed4c9d19 ("mptcp: introduce and use mptcp_try_coalesce()")
Cc: stable(a)vger.kernel.org # please delay 2 weeks after 6.13-final release
Signed-off-by: Paolo Abeni <pabeni(a)redhat.com>
Reviewed-by: Mat Martineau <martineau(a)kernel.org>
Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org>
Link: https://patch.msgid.link/20241230-net-mptcp-rbuf-fixes-v1-3-8608af434ceb@ke…
Signed-off-by: Jakub Kicinski <kuba(a)kernel.org>
Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org>
---
Notes:
- We asked to delay the patch. There were no conflicts.
---
net/mptcp/protocol.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c
index 8558309a2d3f..51b552fa392a 100644
--- a/net/mptcp/protocol.c
+++ b/net/mptcp/protocol.c
@@ -125,6 +125,7 @@ static bool mptcp_try_coalesce(struct sock *sk, struct sk_buff *to,
int delta;
if (MPTCP_SKB_CB(from)->offset ||
+ ((to->len + from->len) > (sk->sk_rcvbuf >> 3)) ||
!skb_try_coalesce(to, from, &fragstolen, &delta))
return false;
--
2.47.1
2 months, 2 weeks
- 1
- 0
[PATCH 5.15.y] mptcp: prevent excessive coalescing on receive
by Matthieu Baerts (NGI0)
From: Paolo Abeni <pabeni(a)redhat.com>
commit 56b824eb49d6258aa0bad09a406ceac3f643cdae upstream.
Currently the skb size after coalescing is only limited by the skb
layout (the skb must not carry frag_list). A single coalesced skb
covering several MSS can potentially fill completely the receive
buffer. In such a case, the snd win will zero until the receive buffer
will be empty again, affecting tput badly.
Fixes: 8268ed4c9d19 ("mptcp: introduce and use mptcp_try_coalesce()")
Cc: stable(a)vger.kernel.org # please delay 2 weeks after 6.13-final release
Signed-off-by: Paolo Abeni <pabeni(a)redhat.com>
Reviewed-by: Mat Martineau <martineau(a)kernel.org>
Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org>
Link: https://patch.msgid.link/20241230-net-mptcp-rbuf-fixes-v1-3-8608af434ceb@ke…
Signed-off-by: Jakub Kicinski <kuba(a)kernel.org>
Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org>
---
Notes:
- We asked to delay the patch. There were no conflicts.
---
net/mptcp/protocol.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c
index f337dd3323a0..c6a11d6df516 100644
--- a/net/mptcp/protocol.c
+++ b/net/mptcp/protocol.c
@@ -133,6 +133,7 @@ static bool mptcp_try_coalesce(struct sock *sk, struct sk_buff *to,
int delta;
if (MPTCP_SKB_CB(from)->offset ||
+ ((to->len + from->len) > (sk->sk_rcvbuf >> 3)) ||
!skb_try_coalesce(to, from, &fragstolen, &delta))
return false;
--
2.47.1
2 months, 2 weeks
- 1
- 0
FAILED: patch "[PATCH] mptcp: pm: only set fullmesh for subflow endp" failed to apply to 6.1-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.1-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y
git checkout FETCH_HEAD
git cherry-pick -x 1bb0d1348546ad059f55c93def34e67cb2a034a6
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025020435-eagle-precision-e8dd@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 1bb0d1348546ad059f55c93def34e67cb2a034a6 Mon Sep 17 00:00:00 2001
From: "Matthieu Baerts (NGI0)" <matttbe(a)kernel.org>
Date: Thu, 23 Jan 2025 19:05:55 +0100
Subject: [PATCH] mptcp: pm: only set fullmesh for subflow endp
With the in-kernel path-manager, it is possible to change the 'fullmesh'
flag. The code in mptcp_pm_nl_fullmesh() expects to change it only on
'subflow' endpoints, to recreate more or less subflows using the linked
address.
Unfortunately, the set_flags() hook was a bit more permissive, and
allowed 'implicit' endpoints to get the 'fullmesh' flag while it is not
allowed before.
That's what syzbot found, triggering the following warning:
WARNING: CPU: 0 PID: 6499 at net/mptcp/pm_netlink.c:1496 __mark_subflow_endp_available net/mptcp/pm_netlink.c:1496 [inline]
WARNING: CPU: 0 PID: 6499 at net/mptcp/pm_netlink.c:1496 mptcp_pm_nl_fullmesh net/mptcp/pm_netlink.c:1980 [inline]
WARNING: CPU: 0 PID: 6499 at net/mptcp/pm_netlink.c:1496 mptcp_nl_set_flags net/mptcp/pm_netlink.c:2003 [inline]
WARNING: CPU: 0 PID: 6499 at net/mptcp/pm_netlink.c:1496 mptcp_pm_nl_set_flags+0x974/0xdc0 net/mptcp/pm_netlink.c:2064
Modules linked in:
CPU: 0 UID: 0 PID: 6499 Comm: syz.1.413 Not tainted 6.13.0-rc5-syzkaller-00172-gd1bf27c4e176 #0
Hardware name: Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
RIP: 0010:__mark_subflow_endp_available net/mptcp/pm_netlink.c:1496 [inline]
RIP: 0010:mptcp_pm_nl_fullmesh net/mptcp/pm_netlink.c:1980 [inline]
RIP: 0010:mptcp_nl_set_flags net/mptcp/pm_netlink.c:2003 [inline]
RIP: 0010:mptcp_pm_nl_set_flags+0x974/0xdc0 net/mptcp/pm_netlink.c:2064
Code: 01 00 00 49 89 c5 e8 fb 45 e8 f5 e9 b8 fc ff ff e8 f1 45 e8 f5 4c 89 f7 be 03 00 00 00 e8 44 1d 0b f9 eb a0 e8 dd 45 e8 f5 90 <0f> 0b 90 e9 17 ff ff ff 89 d9 80 e1 07 38 c1 0f 8c c9 fc ff ff 48
RSP: 0018:ffffc9000d307240 EFLAGS: 00010293
RAX: ffffffff8bb72e03 RBX: 0000000000000000 RCX: ffff88807da88000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc9000d307430 R08: ffffffff8bb72cf0 R09: 1ffff1100b842a5e
R10: dffffc0000000000 R11: ffffed100b842a5f R12: ffff88801e2e5ac0
R13: ffff88805c214800 R14: ffff88805c2152e8 R15: 1ffff1100b842a5d
FS: 00005555619f6500(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020002840 CR3: 00000000247e6000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
genl_family_rcv_msg_doit net/netlink/genetlink.c:1115 [inline]
genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]
genl_rcv_msg+0xb14/0xec0 net/netlink/genetlink.c:1210
netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2542
genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219
netlink_unicast_kernel net/netlink/af_netlink.c:1321 [inline]
netlink_unicast+0x7f6/0x990 net/netlink/af_netlink.c:1347
netlink_sendmsg+0x8e4/0xcb0 net/netlink/af_netlink.c:1891
sock_sendmsg_nosec net/socket.c:711 [inline]
__sock_sendmsg+0x221/0x270 net/socket.c:726
____sys_sendmsg+0x52a/0x7e0 net/socket.c:2583
___sys_sendmsg net/socket.c:2637 [inline]
__sys_sendmsg+0x269/0x350 net/socket.c:2669
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f5fe8785d29
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fff571f5558 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f5fe8975fa0 RCX: 00007f5fe8785d29
RDX: 0000000000000000 RSI: 0000000020000480 RDI: 0000000000000007
RBP: 00007f5fe8801b08 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f5fe8975fa0 R14: 00007f5fe8975fa0 R15: 00000000000011f4
</TASK>
Here, syzbot managed to set the 'fullmesh' flag on an 'implicit' and
used -- according to 'id_avail_bitmap' -- endpoint, causing the PM to
try decrement the local_addr_used counter which is only incremented for
the 'subflow' endpoint.
Note that 'no type' endpoints -- not 'subflow', 'signal', 'implicit' --
are fine, because their ID will not be marked as used in the 'id_avail'
bitmap, and setting 'fullmesh' can help forcing the creation of subflow
when receiving an ADD_ADDR.
Fixes: 73c762c1f07d ("mptcp: set fullmesh flag in pm_netlink")
Cc: stable(a)vger.kernel.org
Reported-by: syzbot+cd16e79c1e45f3fe0377(a)syzkaller.appspotmail.com
Closes: https://lore.kernel.org/6786ac51.050a0220.216c54.00a6.GAE@google.com
Closes: https://github.com/multipath-tcp/mptcp_net-next/issues/540
Reviewed-by: Mat Martineau <martineau(a)kernel.org>
Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org>
Link: https://patch.msgid.link/20250123-net-mptcp-syzbot-issues-v1-2-af73258a726f…
Signed-off-by: Jakub Kicinski <kuba(a)kernel.org>
diff --git a/net/mptcp/pm_netlink.c b/net/mptcp/pm_netlink.c
index 98ac73938bd8..572d160edca3 100644
--- a/net/mptcp/pm_netlink.c
+++ b/net/mptcp/pm_netlink.c
@@ -2020,7 +2020,8 @@ int mptcp_pm_nl_set_flags(struct sk_buff *skb, struct genl_info *info)
return -EINVAL;
}
if ((addr.flags & MPTCP_PM_ADDR_FLAG_FULLMESH) &&
- (entry->flags & MPTCP_PM_ADDR_FLAG_SIGNAL)) {
+ (entry->flags & (MPTCP_PM_ADDR_FLAG_SIGNAL |
+ MPTCP_PM_ADDR_FLAG_IMPLICIT))) {
spin_unlock_bh(&pernet->lock);
GENL_SET_ERR_MSG(info, "invalid addr flags");
return -EINVAL;
2 months, 2 weeks
- 2
- 3
FAILED: patch "[PATCH] mptcp: pm: only set fullmesh for subflow endp" failed to apply to 6.6-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.6-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y
git checkout FETCH_HEAD
git cherry-pick -x 1bb0d1348546ad059f55c93def34e67cb2a034a6
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025020428-unashamed-delicate-248c@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 1bb0d1348546ad059f55c93def34e67cb2a034a6 Mon Sep 17 00:00:00 2001
From: "Matthieu Baerts (NGI0)" <matttbe(a)kernel.org>
Date: Thu, 23 Jan 2025 19:05:55 +0100
Subject: [PATCH] mptcp: pm: only set fullmesh for subflow endp
With the in-kernel path-manager, it is possible to change the 'fullmesh'
flag. The code in mptcp_pm_nl_fullmesh() expects to change it only on
'subflow' endpoints, to recreate more or less subflows using the linked
address.
Unfortunately, the set_flags() hook was a bit more permissive, and
allowed 'implicit' endpoints to get the 'fullmesh' flag while it is not
allowed before.
That's what syzbot found, triggering the following warning:
WARNING: CPU: 0 PID: 6499 at net/mptcp/pm_netlink.c:1496 __mark_subflow_endp_available net/mptcp/pm_netlink.c:1496 [inline]
WARNING: CPU: 0 PID: 6499 at net/mptcp/pm_netlink.c:1496 mptcp_pm_nl_fullmesh net/mptcp/pm_netlink.c:1980 [inline]
WARNING: CPU: 0 PID: 6499 at net/mptcp/pm_netlink.c:1496 mptcp_nl_set_flags net/mptcp/pm_netlink.c:2003 [inline]
WARNING: CPU: 0 PID: 6499 at net/mptcp/pm_netlink.c:1496 mptcp_pm_nl_set_flags+0x974/0xdc0 net/mptcp/pm_netlink.c:2064
Modules linked in:
CPU: 0 UID: 0 PID: 6499 Comm: syz.1.413 Not tainted 6.13.0-rc5-syzkaller-00172-gd1bf27c4e176 #0
Hardware name: Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
RIP: 0010:__mark_subflow_endp_available net/mptcp/pm_netlink.c:1496 [inline]
RIP: 0010:mptcp_pm_nl_fullmesh net/mptcp/pm_netlink.c:1980 [inline]
RIP: 0010:mptcp_nl_set_flags net/mptcp/pm_netlink.c:2003 [inline]
RIP: 0010:mptcp_pm_nl_set_flags+0x974/0xdc0 net/mptcp/pm_netlink.c:2064
Code: 01 00 00 49 89 c5 e8 fb 45 e8 f5 e9 b8 fc ff ff e8 f1 45 e8 f5 4c 89 f7 be 03 00 00 00 e8 44 1d 0b f9 eb a0 e8 dd 45 e8 f5 90 <0f> 0b 90 e9 17 ff ff ff 89 d9 80 e1 07 38 c1 0f 8c c9 fc ff ff 48
RSP: 0018:ffffc9000d307240 EFLAGS: 00010293
RAX: ffffffff8bb72e03 RBX: 0000000000000000 RCX: ffff88807da88000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc9000d307430 R08: ffffffff8bb72cf0 R09: 1ffff1100b842a5e
R10: dffffc0000000000 R11: ffffed100b842a5f R12: ffff88801e2e5ac0
R13: ffff88805c214800 R14: ffff88805c2152e8 R15: 1ffff1100b842a5d
FS: 00005555619f6500(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020002840 CR3: 00000000247e6000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
genl_family_rcv_msg_doit net/netlink/genetlink.c:1115 [inline]
genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]
genl_rcv_msg+0xb14/0xec0 net/netlink/genetlink.c:1210
netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2542
genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219
netlink_unicast_kernel net/netlink/af_netlink.c:1321 [inline]
netlink_unicast+0x7f6/0x990 net/netlink/af_netlink.c:1347
netlink_sendmsg+0x8e4/0xcb0 net/netlink/af_netlink.c:1891
sock_sendmsg_nosec net/socket.c:711 [inline]
__sock_sendmsg+0x221/0x270 net/socket.c:726
____sys_sendmsg+0x52a/0x7e0 net/socket.c:2583
___sys_sendmsg net/socket.c:2637 [inline]
__sys_sendmsg+0x269/0x350 net/socket.c:2669
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f5fe8785d29
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fff571f5558 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f5fe8975fa0 RCX: 00007f5fe8785d29
RDX: 0000000000000000 RSI: 0000000020000480 RDI: 0000000000000007
RBP: 00007f5fe8801b08 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f5fe8975fa0 R14: 00007f5fe8975fa0 R15: 00000000000011f4
</TASK>
Here, syzbot managed to set the 'fullmesh' flag on an 'implicit' and
used -- according to 'id_avail_bitmap' -- endpoint, causing the PM to
try decrement the local_addr_used counter which is only incremented for
the 'subflow' endpoint.
Note that 'no type' endpoints -- not 'subflow', 'signal', 'implicit' --
are fine, because their ID will not be marked as used in the 'id_avail'
bitmap, and setting 'fullmesh' can help forcing the creation of subflow
when receiving an ADD_ADDR.
Fixes: 73c762c1f07d ("mptcp: set fullmesh flag in pm_netlink")
Cc: stable(a)vger.kernel.org
Reported-by: syzbot+cd16e79c1e45f3fe0377(a)syzkaller.appspotmail.com
Closes: https://lore.kernel.org/6786ac51.050a0220.216c54.00a6.GAE@google.com
Closes: https://github.com/multipath-tcp/mptcp_net-next/issues/540
Reviewed-by: Mat Martineau <martineau(a)kernel.org>
Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org>
Link: https://patch.msgid.link/20250123-net-mptcp-syzbot-issues-v1-2-af73258a726f…
Signed-off-by: Jakub Kicinski <kuba(a)kernel.org>
diff --git a/net/mptcp/pm_netlink.c b/net/mptcp/pm_netlink.c
index 98ac73938bd8..572d160edca3 100644
--- a/net/mptcp/pm_netlink.c
+++ b/net/mptcp/pm_netlink.c
@@ -2020,7 +2020,8 @@ int mptcp_pm_nl_set_flags(struct sk_buff *skb, struct genl_info *info)
return -EINVAL;
}
if ((addr.flags & MPTCP_PM_ADDR_FLAG_FULLMESH) &&
- (entry->flags & MPTCP_PM_ADDR_FLAG_SIGNAL)) {
+ (entry->flags & (MPTCP_PM_ADDR_FLAG_SIGNAL |
+ MPTCP_PM_ADDR_FLAG_IMPLICIT))) {
spin_unlock_bh(&pernet->lock);
GENL_SET_ERR_MSG(info, "invalid addr flags");
return -EINVAL;
2 months, 2 weeks
- 2
- 4
Please Apply: Revert "drm/amd/display: Fix green screen issue after suspend"
by Mingcong Bai
The display on Lenovo Xiaoxin Pro 13 2019 (Lenovo XiaoXinPro-13API 2019)
briefly shows a garbled screen upon wakeup from S3 with kernel v6.13.2,
but not with v6.14-rc1. I have bisected to
04d6273faed083e619fc39a738ab0372b6a4db20 ("Revert "drm/amd/display: Fix
green screen issue after suspend"") as the fix to this issue.
However, it is quite strange that the title indicated a revert to the
fix for the exact issue I was experiencing - despite the commit claiming
that the maintainers "cannot see the issue" any more. It seems that I'm
running into some sort of unexpected issue that is outside of AMD's test
case.
In any case, this commit fixes the issue on the device I have tested and
applies cleanly on 6.13. I would therefore like to request for this
commit to be backported to 6.13 (and maybe other branches, but I think
the maintainers may have a better idea on this).
Reported-By: Yang Wu <harico(a)yurier.net>
Tested-by: Yang Wu <harico(a)yurier.net>
Suggested-by: Mingcong Bai <jeffbai(a)aosc.io>
2 months, 2 weeks
- 1
- 0
Re: The business loan-
by David Song
Hello,
My name is David Song, at AA4 FS, we are a consultancy and
brokerage Firm specializing in Growth Financial Loan and joint
partnership venture. We specialize in investments in all Private
and public sectors in a broad range of areas within our Financial
Investment Services.
We are experts in financial and operational management, due
diligence and capital planning in all markets and industries. Our
Investors wish to invest in any viable Project presented by your
Management after reviews on your Business Project Presentation
Plan.
We look forward to your Swift response. We also offer commission
to consultants and brokers for any partnership referrals.
Regards,
David Song
Senior Broker
AA4 Financial Services
13 Wonersh Way, Cheam,
Sutton, Surrey, SM2 7LX
Email: dsong(a)aa4financialservice.com
2 months, 2 weeks
- 1
- 0
[PATCH v9 05/13] drm/bridge: cdns-dsi: Wait for Clk and Data Lanes to be ready
by Aradhya Bhatia
From: Aradhya Bhatia <a-bhatia1(a)ti.com>
Once the DSI Link and DSI Phy are initialized, the code needs to wait
for Clk and Data Lanes to be ready, before continuing configuration.
This is in accordance with the DSI Start-up procedure, found in the
Technical Reference Manual of Texas Instrument's J721E SoC[0] which
houses this DSI TX controller.
If the previous bridge (or crtc/encoder) are configured pre-maturely,
the input signal FIFO gets corrupt. This introduces a color-shift on the
display.
Allow the driver to wait for the clk and data lanes to get ready during
DSI enable.
[0]: See section 12.6.5.7.3 "Start-up Procedure" in J721E SoC TRM
TRM Link: http://www.ti.com/lit/pdf/spruil1
Fixes: e19233955d9e ("drm/bridge: Add Cadence DSI driver")
Cc: stable(a)vger.kernel.org
Tested-by: Dominik Haller <d.haller(a)phytec.de>
Reviewed-by: Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com>
Signed-off-by: Aradhya Bhatia <a-bhatia1(a)ti.com>
Signed-off-by: Aradhya Bhatia <aradhya.bhatia(a)linux.dev>
---
drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c | 15 ++++++++++++++-
1 file changed, 14 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c b/drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c
index 87921a748cdb..6a77ca36cb9d 100644
--- a/drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c
+++ b/drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c
@@ -769,7 +769,7 @@ static void cdns_dsi_bridge_enable(struct drm_bridge *bridge)
struct phy_configure_opts_mipi_dphy *phy_cfg = &output->phy_opts.mipi_dphy;
unsigned long tx_byte_period;
struct cdns_dsi_cfg dsi_cfg;
- u32 tmp, reg_wakeup, div;
+ u32 tmp, reg_wakeup, div, status;
int nlanes;
if (WARN_ON(pm_runtime_get_sync(dsi->base.dev) < 0))
@@ -786,6 +786,19 @@ static void cdns_dsi_bridge_enable(struct drm_bridge *bridge)
cdns_dsi_hs_init(dsi);
cdns_dsi_init_link(dsi);
+ /*
+ * Now that the DSI Link and DSI Phy are initialized,
+ * wait for the CLK and Data Lanes to be ready.
+ */
+ tmp = CLK_LANE_RDY;
+ for (int i = 0; i < nlanes; i++)
+ tmp |= DATA_LANE_RDY(i);
+
+ if (readl_poll_timeout(dsi->regs + MCTL_MAIN_STS, status,
+ (tmp == (status & tmp)), 100, 500000))
+ dev_err(dsi->base.dev,
+ "Timed Out: DSI-DPhy Clock and Data Lanes not ready.\n");
+
writel(HBP_LEN(dsi_cfg.hbp) | HSA_LEN(dsi_cfg.hsa),
dsi->regs + VID_HSIZE1);
writel(HFP_LEN(dsi_cfg.hfp) | HACT_LEN(dsi_cfg.hact),
--
2.34.1
2 months, 2 weeks
- 1
- 0
[PATCH v9 04/13] drm/bridge: cdns-dsi: Check return value when getting default PHY config
by Aradhya Bhatia
From: Aradhya Bhatia <a-bhatia1(a)ti.com>
Check for the return value of the phy_mipi_dphy_get_default_config()
call, and in case of an error, return back the same.
Fixes: fced5a364dee ("drm/bridge: cdns: Convert to phy framework")
Cc: stable(a)vger.kernel.org
Reviewed-by: Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com>
Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
Signed-off-by: Aradhya Bhatia <a-bhatia1(a)ti.com>
Signed-off-by: Aradhya Bhatia <aradhya.bhatia(a)linux.dev>
---
drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c b/drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c
index 19cc8734a4c8..87921a748cdb 100644
--- a/drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c
+++ b/drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c
@@ -575,9 +575,11 @@ static int cdns_dsi_check_conf(struct cdns_dsi *dsi,
if (ret)
return ret;
- phy_mipi_dphy_get_default_config(mode_clock * 1000,
- mipi_dsi_pixel_format_to_bpp(output->dev->format),
- nlanes, phy_cfg);
+ ret = phy_mipi_dphy_get_default_config(mode_clock * 1000,
+ mipi_dsi_pixel_format_to_bpp(output->dev->format),
+ nlanes, phy_cfg);
+ if (ret)
+ return ret;
ret = cdns_dsi_adjust_phy_config(dsi, dsi_cfg, phy_cfg, mode, mode_valid_check);
if (ret)
--
2.34.1
2 months, 2 weeks
- 1
- 0
[PATCH v9 03/13] drm/bridge: cdns-dsi: Fix the clock variable for mode_valid()
by Aradhya Bhatia
From: Aradhya Bhatia <a-bhatia1(a)ti.com>
The crtc_* mode parameters do not get generated (duplicated in this
case) from the regular parameters before the mode validation phase
begins.
The rest of the code conditionally uses the crtc_* parameters only
during the bridge enable phase, but sticks to the regular parameters
for mode validation. In this singular instance, however, the driver
tries to use the crtc_clock parameter even during the mode validation,
causing the validation to fail.
Allow the D-Phy config checks to use mode->clock instead of
mode->crtc_clock during mode_valid checks, like everywhere else in the
driver.
Fixes: fced5a364dee ("drm/bridge: cdns: Convert to phy framework")
Cc: stable(a)vger.kernel.org
Reviewed-by: Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com>
Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
Signed-off-by: Aradhya Bhatia <a-bhatia1(a)ti.com>
Signed-off-by: Aradhya Bhatia <aradhya.bhatia(a)linux.dev>
---
drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c b/drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c
index b0a1a6774ea6..19cc8734a4c8 100644
--- a/drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c
+++ b/drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c
@@ -568,13 +568,14 @@ static int cdns_dsi_check_conf(struct cdns_dsi *dsi,
struct phy_configure_opts_mipi_dphy *phy_cfg = &output->phy_opts.mipi_dphy;
unsigned long dsi_hss_hsa_hse_hbp;
unsigned int nlanes = output->dev->lanes;
+ int mode_clock = (mode_valid_check ? mode->clock : mode->crtc_clock);
int ret;
ret = cdns_dsi_mode2cfg(dsi, mode, dsi_cfg, mode_valid_check);
if (ret)
return ret;
- phy_mipi_dphy_get_default_config(mode->crtc_clock * 1000,
+ phy_mipi_dphy_get_default_config(mode_clock * 1000,
mipi_dsi_pixel_format_to_bpp(output->dev->format),
nlanes, phy_cfg);
--
2.34.1
2 months, 2 weeks
- 1
- 0
[PATCH v9 02/13] drm/bridge: cdns-dsi: Fix phy de-init and flag it so
by Aradhya Bhatia
From: Aradhya Bhatia <a-bhatia1(a)ti.com>
The driver code doesn't have a Phy de-initialization path as yet, and so
it does not clear the phy_initialized flag while suspending. This is a
problem because after resume the driver looks at this flag to determine
if a Phy re-initialization is required or not. It is in fact required
because the hardware is resuming from a suspend, but the driver does not
carry out any re-initialization causing the D-Phy to not work at all.
Call the counterparts of phy_init() and phy_power_on(), that are
phy_exit() and phy_power_off(), from _bridge_post_disable(), and clear
the flags so that the Phy can be initialized again when required.
Fixes: fced5a364dee ("drm/bridge: cdns: Convert to phy framework")
Cc: stable(a)vger.kernel.org
Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
Reviewed-by: Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com>
Signed-off-by: Aradhya Bhatia <a-bhatia1(a)ti.com>
Signed-off-by: Aradhya Bhatia <aradhya.bhatia(a)linux.dev>
---
drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c b/drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c
index 2f897ea5e80a..b0a1a6774ea6 100644
--- a/drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c
+++ b/drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c
@@ -680,6 +680,11 @@ static void cdns_dsi_bridge_post_disable(struct drm_bridge *bridge)
struct cdns_dsi_input *input = bridge_to_cdns_dsi_input(bridge);
struct cdns_dsi *dsi = input_to_dsi(input);
+ dsi->phy_initialized = false;
+ dsi->link_initialized = false;
+ phy_power_off(dsi->dphy);
+ phy_exit(dsi->dphy);
+
pm_runtime_put(dsi->base.dev);
}
@@ -1152,7 +1157,6 @@ static int __maybe_unused cdns_dsi_suspend(struct device *dev)
clk_disable_unprepare(dsi->dsi_sys_clk);
clk_disable_unprepare(dsi->dsi_p_clk);
reset_control_assert(dsi->dsi_p_rst);
- dsi->link_initialized = false;
return 0;
}
--
2.34.1
2 months, 2 weeks
- 1
- 0
[PATCH v9 01/13] drm/bridge: cdns-dsi: Fix connecting to next bridge
by Aradhya Bhatia
From: Aradhya Bhatia <a-bhatia1(a)ti.com>
Fix the OF node pointer passed to the of_drm_find_bridge() call to find
the next bridge in the display chain.
The code to find the next panel (and create its panel-bridge) works
fine, but to find the next (non-panel) bridge does not.
To find the next bridge in the pipeline, we need to pass "np" - the OF
node pointer of the next entity in the devicetree chain. Passing
"of_node" to of_drm_find_bridge (which is what the code does currently)
will fetch the bridge for the cdns-dsi which is not what's required.
Fix that.
Fixes: e19233955d9e ("drm/bridge: Add Cadence DSI driver")
Cc: stable(a)vger.kernel.org
Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
Reviewed-by: Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com>
Signed-off-by: Aradhya Bhatia <a-bhatia1(a)ti.com>
Signed-off-by: Aradhya Bhatia <aradhya.bhatia(a)linux.dev>
---
drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c b/drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c
index c7a0247e06ad..2f897ea5e80a 100644
--- a/drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c
+++ b/drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c
@@ -952,7 +952,7 @@ static int cdns_dsi_attach(struct mipi_dsi_host *host,
bridge = drm_panel_bridge_add_typed(panel,
DRM_MODE_CONNECTOR_DSI);
} else {
- bridge = of_drm_find_bridge(dev->dev.of_node);
+ bridge = of_drm_find_bridge(np);
if (!bridge)
bridge = ERR_PTR(-EINVAL);
}
--
2.34.1
2 months, 2 weeks
- 1
- 0
[char-misc] mei: me: add panther lake P DID
by Alexander Usyskin
Add Panther Lake P device id.
Cc: <stable(a)vger.kernel.org>
Co-developed-by: Tomas Winkler <tomasw(a)gmail.com>
Signed-off-by: Tomas Winkler <tomasw(a)gmail.com>
Signed-off-by: Alexander Usyskin <alexander.usyskin(a)intel.com>
---
drivers/misc/mei/hw-me-regs.h | 2 ++
drivers/misc/mei/pci-me.c | 2 ++
2 files changed, 4 insertions(+)
diff --git a/drivers/misc/mei/hw-me-regs.h b/drivers/misc/mei/hw-me-regs.h
index c3a6657dcd4a..a5f88ec97df7 100644
--- a/drivers/misc/mei/hw-me-regs.h
+++ b/drivers/misc/mei/hw-me-regs.h
@@ -117,6 +117,8 @@
#define MEI_DEV_ID_LNL_M 0xA870 /* Lunar Lake Point M */
+#define MEI_DEV_ID_PTL_P 0xE470 /* Panther Lake P */
+
/*
* MEI HW Section
*/
diff --git a/drivers/misc/mei/pci-me.c b/drivers/misc/mei/pci-me.c
index 6589635f8ba3..d6ff9d82ae94 100644
--- a/drivers/misc/mei/pci-me.c
+++ b/drivers/misc/mei/pci-me.c
@@ -124,6 +124,8 @@ static const struct pci_device_id mei_me_pci_tbl[] = {
{MEI_PCI_DEVICE(MEI_DEV_ID_LNL_M, MEI_ME_PCH15_CFG)},
+ {MEI_PCI_DEVICE(MEI_DEV_ID_PTL_P, MEI_ME_PCH15_CFG)},
+
/* required last entry */
{0, }
};
--
2.43.0
2 months, 2 weeks
- 1
- 0
[PATCH] crypto: ccp - Fix check for the primary ASP device
by Tom Lendacky
Currently, the ASP primary device check does not have support for PCI
domains, and, as a result, when the system is configured with PCI domains
(PCI segments) the wrong device can be selected as primary. This results
in commands submitted to the device timing out and failing. The device
check also relies on specific device and function assignments that may
not hold in the future.
Fix the primary ASP device check to include support for PCI domains and
to perform proper checking of the Bus/Device/Function positions.
Fixes: 2a6170dfe755 ("crypto: ccp: Add Platform Security Processor (PSP) device support")
Cc: stable(a)vger.kernel.org
Signed-off-by: Tom Lendacky <thomas.lendacky(a)amd.com>
---
drivers/crypto/ccp/sp-pci.c | 15 +++++++++------
1 file changed, 9 insertions(+), 6 deletions(-)
diff --git a/drivers/crypto/ccp/sp-pci.c b/drivers/crypto/ccp/sp-pci.c
index 248d98fd8c48..157f9a9ed636 100644
--- a/drivers/crypto/ccp/sp-pci.c
+++ b/drivers/crypto/ccp/sp-pci.c
@@ -189,14 +189,17 @@ static bool sp_pci_is_master(struct sp_device *sp)
pdev_new = to_pci_dev(dev_new);
pdev_cur = to_pci_dev(dev_cur);
- if (pdev_new->bus->number < pdev_cur->bus->number)
- return true;
+ if (pci_domain_nr(pdev_new->bus) != pci_domain_nr(pdev_cur->bus))
+ return pci_domain_nr(pdev_new->bus) < pci_domain_nr(pdev_cur->bus);
- if (PCI_SLOT(pdev_new->devfn) < PCI_SLOT(pdev_cur->devfn))
- return true;
+ if (pdev_new->bus->number != pdev_cur->bus->number)
+ return pdev_new->bus->number < pdev_cur->bus->number;
- if (PCI_FUNC(pdev_new->devfn) < PCI_FUNC(pdev_cur->devfn))
- return true;
+ if (PCI_SLOT(pdev_new->devfn) != PCI_SLOT(pdev_cur->devfn))
+ return PCI_SLOT(pdev_new->devfn) < PCI_SLOT(pdev_cur->devfn);
+
+ if (PCI_FUNC(pdev_new->devfn) != PCI_FUNC(pdev_cur->devfn))
+ return PCI_FUNC(pdev_new->devfn) < PCI_FUNC(pdev_cur->devfn);
return false;
}
base-commit: cd26cd65476711e2c69e0a049c0eeef4b743f5ac
--
2.46.2
2 months, 2 weeks
- 2
- 1
FAILED: patch "[PATCH] tty: xilinx_uartps: split sysrq handling" failed to apply to 5.4-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 5.4-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y
git checkout FETCH_HEAD
git cherry-pick -x b06f388994500297bb91be60ffaf6825ecfd2afe
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025020900-irritate-payphone-afbb@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From b06f388994500297bb91be60ffaf6825ecfd2afe Mon Sep 17 00:00:00 2001
From: Sean Anderson <sean.anderson(a)linux.dev>
Date: Fri, 10 Jan 2025 16:38:22 -0500
Subject: [PATCH] tty: xilinx_uartps: split sysrq handling
lockdep detects the following circular locking dependency:
CPU 0 CPU 1
========================== ============================
cdns_uart_isr() printk()
uart_port_lock(port) console_lock()
cdns_uart_console_write()
if (!port->sysrq)
uart_port_lock(port)
uart_handle_break()
port->sysrq = ...
uart_handle_sysrq_char()
printk()
console_lock()
The fixed commit attempts to avoid this situation by only taking the
port lock in cdns_uart_console_write if port->sysrq unset. However, if
(as shown above) cdns_uart_console_write runs before port->sysrq is set,
then it will try to take the port lock anyway. This may result in a
deadlock.
Fix this by splitting sysrq handling into two parts. We use the prepare
helper under the port lock and defer handling until we release the lock.
Fixes: 74ea66d4ca06 ("tty: xuartps: Improve sysrq handling")
Signed-off-by: Sean Anderson <sean.anderson(a)linux.dev>
Cc: stable(a)vger.kernel.org # c980248179d: serial: xilinx_uartps: Use port lock wrappers
Acked-by: John Ogness <john.ogness(a)linutronix.de>
Link: https://lore.kernel.org/r/20250110213822.2107462-1-sean.anderson@linux.dev
Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
diff --git a/drivers/tty/serial/xilinx_uartps.c b/drivers/tty/serial/xilinx_uartps.c
index beb151be4d32..92ec51870d1d 100644
--- a/drivers/tty/serial/xilinx_uartps.c
+++ b/drivers/tty/serial/xilinx_uartps.c
@@ -287,7 +287,7 @@ static void cdns_uart_handle_rx(void *dev_id, unsigned int isrstatus)
continue;
}
- if (uart_handle_sysrq_char(port, data))
+ if (uart_prepare_sysrq_char(port, data))
continue;
if (is_rxbs_support) {
@@ -495,7 +495,7 @@ static irqreturn_t cdns_uart_isr(int irq, void *dev_id)
!(readl(port->membase + CDNS_UART_CR) & CDNS_UART_CR_RX_DIS))
cdns_uart_handle_rx(dev_id, isrstatus);
- uart_port_unlock(port);
+ uart_unlock_and_check_sysrq(port);
return IRQ_HANDLED;
}
@@ -1380,9 +1380,7 @@ static void cdns_uart_console_write(struct console *co, const char *s,
unsigned int imr, ctrl;
int locked = 1;
- if (port->sysrq)
- locked = 0;
- else if (oops_in_progress)
+ if (oops_in_progress)
locked = uart_port_trylock_irqsave(port, &flags);
else
uart_port_lock_irqsave(port, &flags);
2 months, 2 weeks
- 1
- 0
FAILED: patch "[PATCH] tty: xilinx_uartps: split sysrq handling" failed to apply to 5.10-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 5.10-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y
git checkout FETCH_HEAD
git cherry-pick -x b06f388994500297bb91be60ffaf6825ecfd2afe
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025020957-proofs-smilingly-7fac@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From b06f388994500297bb91be60ffaf6825ecfd2afe Mon Sep 17 00:00:00 2001
From: Sean Anderson <sean.anderson(a)linux.dev>
Date: Fri, 10 Jan 2025 16:38:22 -0500
Subject: [PATCH] tty: xilinx_uartps: split sysrq handling
lockdep detects the following circular locking dependency:
CPU 0 CPU 1
========================== ============================
cdns_uart_isr() printk()
uart_port_lock(port) console_lock()
cdns_uart_console_write()
if (!port->sysrq)
uart_port_lock(port)
uart_handle_break()
port->sysrq = ...
uart_handle_sysrq_char()
printk()
console_lock()
The fixed commit attempts to avoid this situation by only taking the
port lock in cdns_uart_console_write if port->sysrq unset. However, if
(as shown above) cdns_uart_console_write runs before port->sysrq is set,
then it will try to take the port lock anyway. This may result in a
deadlock.
Fix this by splitting sysrq handling into two parts. We use the prepare
helper under the port lock and defer handling until we release the lock.
Fixes: 74ea66d4ca06 ("tty: xuartps: Improve sysrq handling")
Signed-off-by: Sean Anderson <sean.anderson(a)linux.dev>
Cc: stable(a)vger.kernel.org # c980248179d: serial: xilinx_uartps: Use port lock wrappers
Acked-by: John Ogness <john.ogness(a)linutronix.de>
Link: https://lore.kernel.org/r/20250110213822.2107462-1-sean.anderson@linux.dev
Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
diff --git a/drivers/tty/serial/xilinx_uartps.c b/drivers/tty/serial/xilinx_uartps.c
index beb151be4d32..92ec51870d1d 100644
--- a/drivers/tty/serial/xilinx_uartps.c
+++ b/drivers/tty/serial/xilinx_uartps.c
@@ -287,7 +287,7 @@ static void cdns_uart_handle_rx(void *dev_id, unsigned int isrstatus)
continue;
}
- if (uart_handle_sysrq_char(port, data))
+ if (uart_prepare_sysrq_char(port, data))
continue;
if (is_rxbs_support) {
@@ -495,7 +495,7 @@ static irqreturn_t cdns_uart_isr(int irq, void *dev_id)
!(readl(port->membase + CDNS_UART_CR) & CDNS_UART_CR_RX_DIS))
cdns_uart_handle_rx(dev_id, isrstatus);
- uart_port_unlock(port);
+ uart_unlock_and_check_sysrq(port);
return IRQ_HANDLED;
}
@@ -1380,9 +1380,7 @@ static void cdns_uart_console_write(struct console *co, const char *s,
unsigned int imr, ctrl;
int locked = 1;
- if (port->sysrq)
- locked = 0;
- else if (oops_in_progress)
+ if (oops_in_progress)
locked = uart_port_trylock_irqsave(port, &flags);
else
uart_port_lock_irqsave(port, &flags);
2 months, 2 weeks
- 1
- 0
FAILED: patch "[PATCH] tty: xilinx_uartps: split sysrq handling" failed to apply to 5.15-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 5.15-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y
git checkout FETCH_HEAD
git cherry-pick -x b06f388994500297bb91be60ffaf6825ecfd2afe
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025020955-handbook-simplify-cf71@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From b06f388994500297bb91be60ffaf6825ecfd2afe Mon Sep 17 00:00:00 2001
From: Sean Anderson <sean.anderson(a)linux.dev>
Date: Fri, 10 Jan 2025 16:38:22 -0500
Subject: [PATCH] tty: xilinx_uartps: split sysrq handling
lockdep detects the following circular locking dependency:
CPU 0 CPU 1
========================== ============================
cdns_uart_isr() printk()
uart_port_lock(port) console_lock()
cdns_uart_console_write()
if (!port->sysrq)
uart_port_lock(port)
uart_handle_break()
port->sysrq = ...
uart_handle_sysrq_char()
printk()
console_lock()
The fixed commit attempts to avoid this situation by only taking the
port lock in cdns_uart_console_write if port->sysrq unset. However, if
(as shown above) cdns_uart_console_write runs before port->sysrq is set,
then it will try to take the port lock anyway. This may result in a
deadlock.
Fix this by splitting sysrq handling into two parts. We use the prepare
helper under the port lock and defer handling until we release the lock.
Fixes: 74ea66d4ca06 ("tty: xuartps: Improve sysrq handling")
Signed-off-by: Sean Anderson <sean.anderson(a)linux.dev>
Cc: stable(a)vger.kernel.org # c980248179d: serial: xilinx_uartps: Use port lock wrappers
Acked-by: John Ogness <john.ogness(a)linutronix.de>
Link: https://lore.kernel.org/r/20250110213822.2107462-1-sean.anderson@linux.dev
Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
diff --git a/drivers/tty/serial/xilinx_uartps.c b/drivers/tty/serial/xilinx_uartps.c
index beb151be4d32..92ec51870d1d 100644
--- a/drivers/tty/serial/xilinx_uartps.c
+++ b/drivers/tty/serial/xilinx_uartps.c
@@ -287,7 +287,7 @@ static void cdns_uart_handle_rx(void *dev_id, unsigned int isrstatus)
continue;
}
- if (uart_handle_sysrq_char(port, data))
+ if (uart_prepare_sysrq_char(port, data))
continue;
if (is_rxbs_support) {
@@ -495,7 +495,7 @@ static irqreturn_t cdns_uart_isr(int irq, void *dev_id)
!(readl(port->membase + CDNS_UART_CR) & CDNS_UART_CR_RX_DIS))
cdns_uart_handle_rx(dev_id, isrstatus);
- uart_port_unlock(port);
+ uart_unlock_and_check_sysrq(port);
return IRQ_HANDLED;
}
@@ -1380,9 +1380,7 @@ static void cdns_uart_console_write(struct console *co, const char *s,
unsigned int imr, ctrl;
int locked = 1;
- if (port->sysrq)
- locked = 0;
- else if (oops_in_progress)
+ if (oops_in_progress)
locked = uart_port_trylock_irqsave(port, &flags);
else
uart_port_lock_irqsave(port, &flags);
2 months, 2 weeks
- 1
- 0
FAILED: patch "[PATCH] tty: xilinx_uartps: split sysrq handling" failed to apply to 6.1-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.1-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y
git checkout FETCH_HEAD
git cherry-pick -x b06f388994500297bb91be60ffaf6825ecfd2afe
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025020952-saline-reprimand-8184@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From b06f388994500297bb91be60ffaf6825ecfd2afe Mon Sep 17 00:00:00 2001
From: Sean Anderson <sean.anderson(a)linux.dev>
Date: Fri, 10 Jan 2025 16:38:22 -0500
Subject: [PATCH] tty: xilinx_uartps: split sysrq handling
lockdep detects the following circular locking dependency:
CPU 0 CPU 1
========================== ============================
cdns_uart_isr() printk()
uart_port_lock(port) console_lock()
cdns_uart_console_write()
if (!port->sysrq)
uart_port_lock(port)
uart_handle_break()
port->sysrq = ...
uart_handle_sysrq_char()
printk()
console_lock()
The fixed commit attempts to avoid this situation by only taking the
port lock in cdns_uart_console_write if port->sysrq unset. However, if
(as shown above) cdns_uart_console_write runs before port->sysrq is set,
then it will try to take the port lock anyway. This may result in a
deadlock.
Fix this by splitting sysrq handling into two parts. We use the prepare
helper under the port lock and defer handling until we release the lock.
Fixes: 74ea66d4ca06 ("tty: xuartps: Improve sysrq handling")
Signed-off-by: Sean Anderson <sean.anderson(a)linux.dev>
Cc: stable(a)vger.kernel.org # c980248179d: serial: xilinx_uartps: Use port lock wrappers
Acked-by: John Ogness <john.ogness(a)linutronix.de>
Link: https://lore.kernel.org/r/20250110213822.2107462-1-sean.anderson@linux.dev
Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
diff --git a/drivers/tty/serial/xilinx_uartps.c b/drivers/tty/serial/xilinx_uartps.c
index beb151be4d32..92ec51870d1d 100644
--- a/drivers/tty/serial/xilinx_uartps.c
+++ b/drivers/tty/serial/xilinx_uartps.c
@@ -287,7 +287,7 @@ static void cdns_uart_handle_rx(void *dev_id, unsigned int isrstatus)
continue;
}
- if (uart_handle_sysrq_char(port, data))
+ if (uart_prepare_sysrq_char(port, data))
continue;
if (is_rxbs_support) {
@@ -495,7 +495,7 @@ static irqreturn_t cdns_uart_isr(int irq, void *dev_id)
!(readl(port->membase + CDNS_UART_CR) & CDNS_UART_CR_RX_DIS))
cdns_uart_handle_rx(dev_id, isrstatus);
- uart_port_unlock(port);
+ uart_unlock_and_check_sysrq(port);
return IRQ_HANDLED;
}
@@ -1380,9 +1380,7 @@ static void cdns_uart_console_write(struct console *co, const char *s,
unsigned int imr, ctrl;
int locked = 1;
- if (port->sysrq)
- locked = 0;
- else if (oops_in_progress)
+ if (oops_in_progress)
locked = uart_port_trylock_irqsave(port, &flags);
else
uart_port_lock_irqsave(port, &flags);
2 months, 2 weeks
- 1
- 0
Re: The business loan-
by David Song
Hello,
My name is David Song, at AA4 FS, we are a consultancy and
brokerage Firm specializing in Growth Financial Loan and joint
partnership venture. We specialize in investments in all Private
and public sectors in a broad range of areas within our Financial
Investment Services.
We are experts in financial and operational management, due
diligence and capital planning in all markets and industries. Our
Investors wish to invest in any viable Project presented by your
Management after reviews on your Business Project Presentation
Plan.
We look forward to your Swift response. We also offer commission
to consultants and brokers for any partnership referrals.
Regards,
David Song
Senior Broker
AA4 Financial Services
13 Wonersh Way, Cheam,
Sutton, Surrey, SM2 7LX
Email: dsong(a)aa4financialservice.com
2 months, 3 weeks
- 1
- 0
[PATCH v2] tpm: do not start chip while suspended
by Thadeu Lima de Souza Cascardo
Checking TPM_CHIP_FLAG_SUSPENDED after the call to tpm_find_get_ops() can
lead to a spurious tpm_chip_start() call:
[35985.503771] i2c i2c-1: Transfer while suspended
[35985.503796] WARNING: CPU: 0 PID: 74 at drivers/i2c/i2c-core.h:56 __i2c_transfer+0xbe/0x810
[35985.503802] Modules linked in:
[35985.503808] CPU: 0 UID: 0 PID: 74 Comm: hwrng Tainted: G W 6.13.0-next-20250203-00005-gfa0cb5642941 #19 9c3d7f78192f2d38e32010ac9c90fdc71109ef6f
[35985.503814] Tainted: [W]=WARN
[35985.503817] Hardware name: Google Morphius/Morphius, BIOS Google_Morphius.13434.858.0 10/26/2023
[35985.503819] RIP: 0010:__i2c_transfer+0xbe/0x810
[35985.503825] Code: 30 01 00 00 4c 89 f7 e8 40 fe d8 ff 48 8b 93 80 01 00 00 48 85 d2 75 03 49 8b 16 48 c7 c7 0a fb 7c a7 48 89 c6 e8 32 ad b0 fe <0f> 0b b8 94 ff ff ff e9 33 04 00 00 be 02 00 00 00 83 fd 02 0f 5
[35985.503828] RSP: 0018:ffffa106c0333d30 EFLAGS: 00010246
[35985.503833] RAX: 074ba64aa20f7000 RBX: ffff8aa4c1167120 RCX: 0000000000000000
[35985.503836] RDX: 0000000000000000 RSI: ffffffffa77ab0e4 RDI: 0000000000000001
[35985.503838] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000
[35985.503841] R10: 0000000000000004 R11: 00000001000313d5 R12: ffff8aa4c10f1820
[35985.503843] R13: ffff8aa4c0e243c0 R14: ffff8aa4c1167250 R15: ffff8aa4c1167120
[35985.503846] FS: 0000000000000000(0000) GS:ffff8aa4eae00000(0000) knlGS:0000000000000000
[35985.503849] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[35985.503852] CR2: 00007fab0aaf1000 CR3: 0000000105328000 CR4: 00000000003506f0
[35985.503855] Call Trace:
[35985.503859] <TASK>
[35985.503863] ? __warn+0xd4/0x260
[35985.503868] ? __i2c_transfer+0xbe/0x810
[35985.503874] ? report_bug+0xf3/0x210
[35985.503882] ? handle_bug+0x63/0xb0
[35985.503887] ? exc_invalid_op+0x16/0x50
[35985.503892] ? asm_exc_invalid_op+0x16/0x20
[35985.503904] ? __i2c_transfer+0xbe/0x810
[35985.503913] tpm_cr50_i2c_transfer_message+0x24/0xf0
[35985.503920] tpm_cr50_i2c_read+0x8e/0x120
[35985.503928] tpm_cr50_request_locality+0x75/0x170
[35985.503935] tpm_chip_start+0x116/0x160
[35985.503942] tpm_try_get_ops+0x57/0x90
[35985.503948] tpm_find_get_ops+0x26/0xd0
[35985.503955] tpm_get_random+0x2d/0x80
Don't move forward with tpm_chip_start() inside tpm_try_get_ops(), unless
TPM_CHIP_FLAG_SUSPENDED is not set. tpm_find_get_ops() will return NULL in
such a failure case.
Fixes: 9265fed6db60 ("tpm: Lock TPM chip in tpm_pm_suspend() first")
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>
Cc: stable(a)vger.kernel.org
Cc: Jerry Snitselaar <jsnitsel(a)redhat.com>
Cc: Mike Seo <mikeseohyungjin(a)gmail.com>
Cc: Jarkko Sakkinen <jarkko(a)kernel.org>
---
Changes in v2:
- Improve commit message as suggested by Jarkko Sakkinen.
- Link to v1: https://lore.kernel.org/r/20250205-tpm-suspend-v1-1-fb89a29c0b69@igalia.com
---
drivers/char/tpm/tpm-chip.c | 5 +++++
drivers/char/tpm/tpm-interface.c | 7 -------
2 files changed, 5 insertions(+), 7 deletions(-)
diff --git a/drivers/char/tpm/tpm-chip.c b/drivers/char/tpm/tpm-chip.c
index 7df7abaf3e526bf7e85ac9dfbaa1087a51d2ab7e..6db864696a583bf59c534ec8714900a6be7b5156 100644
--- a/drivers/char/tpm/tpm-chip.c
+++ b/drivers/char/tpm/tpm-chip.c
@@ -168,6 +168,11 @@ int tpm_try_get_ops(struct tpm_chip *chip)
goto out_ops;
mutex_lock(&chip->tpm_mutex);
+
+ /* tmp_chip_start may issue IO that is denied while suspended */
+ if (chip->flags & TPM_CHIP_FLAG_SUSPENDED)
+ goto out_lock;
+
rc = tpm_chip_start(chip);
if (rc)
goto out_lock;
diff --git a/drivers/char/tpm/tpm-interface.c b/drivers/char/tpm/tpm-interface.c
index b1daa0d7b341b1a4c71a200115f0d29d2e87512d..f62f7871edbdb0181fad8af3367878308fa8a454 100644
--- a/drivers/char/tpm/tpm-interface.c
+++ b/drivers/char/tpm/tpm-interface.c
@@ -445,18 +445,11 @@ int tpm_get_random(struct tpm_chip *chip, u8 *out, size_t max)
if (!chip)
return -ENODEV;
- /* Give back zero bytes, as TPM chip has not yet fully resumed: */
- if (chip->flags & TPM_CHIP_FLAG_SUSPENDED) {
- rc = 0;
- goto out;
- }
-
if (chip->flags & TPM_CHIP_FLAG_TPM2)
rc = tpm2_get_random(chip, out, max);
else
rc = tpm1_get_random(chip, out, max);
-out:
tpm_put_ops(chip);
return rc;
}
---
base-commit: 2014c95afecee3e76ca4a56956a936e23283f05b
change-id: 20250205-tpm-suspend-b22f745f3124
Best regards,
--
Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>
2 months, 3 weeks
- 3
- 2
[PATCH 5.10.y 1/2] netdevsim: print human readable IP address
by Harshit Mogalapalli
From: Hangbin Liu <liuhangbin(a)gmail.com>
[ Upstream commit c71bc6da6198a6d88df86094f1052bb581951d65 ]
Currently, IPSec addresses are printed in hexadecimal format, which is
not user-friendly. e.g.
# cat /sys/kernel/debug/netdevsim/netdevsim0/ports/0/ipsec
SA count=2 tx=20
sa[0] rx ipaddr=0x00000000 00000000 00000000 0100a8c0
sa[0] spi=0x00000101 proto=0x32 salt=0x0adecc3a crypt=1
sa[0] key=0x3167608a ca4f1397 43565909 941fa627
sa[1] tx ipaddr=0x00000000 00000000 00000000 00000000
sa[1] spi=0x00000100 proto=0x32 salt=0x0adecc3a crypt=1
sa[1] key=0x3167608a ca4f1397 43565909 941fa627
This patch updates the code to print the IPSec address in a human-readable
format for easier debug. e.g.
# cat /sys/kernel/debug/netdevsim/netdevsim0/ports/0/ipsec
SA count=4 tx=40
sa[0] tx ipaddr=0.0.0.0
sa[0] spi=0x00000100 proto=0x32 salt=0x0adecc3a crypt=1
sa[0] key=0x3167608a ca4f1397 43565909 941fa627
sa[1] rx ipaddr=192.168.0.1
sa[1] spi=0x00000101 proto=0x32 salt=0x0adecc3a crypt=1
sa[1] key=0x3167608a ca4f1397 43565909 941fa627
sa[2] tx ipaddr=::
sa[2] spi=0x00000100 proto=0x32 salt=0x0adecc3a crypt=1
sa[2] key=0x3167608a ca4f1397 43565909 941fa627
sa[3] rx ipaddr=2000::1
sa[3] spi=0x00000101 proto=0x32 salt=0x0adecc3a crypt=1
sa[3] key=0x3167608a ca4f1397 43565909 941fa627
Reviewed-by: Simon Horman <horms(a)kernel.org>
Signed-off-by: Hangbin Liu <liuhangbin(a)gmail.com>
Link: https://patch.msgid.link/20241010040027.21440-2-liuhangbin@gmail.com
Signed-off-by: Jakub Kicinski <kuba(a)kernel.org>
(cherry picked from commit c71bc6da6198a6d88df86094f1052bb581951d65)
[Harshit: backport to stable kernels]
Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli(a)oracle.com>
---
drivers/net/netdevsim/ipsec.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/drivers/net/netdevsim/ipsec.c b/drivers/net/netdevsim/ipsec.c
index feca55eef993..ec1fc1d3ea36 100644
--- a/drivers/net/netdevsim/ipsec.c
+++ b/drivers/net/netdevsim/ipsec.c
@@ -39,10 +39,14 @@ static ssize_t nsim_dbg_netdev_ops_read(struct file *filp,
if (!sap->used)
continue;
- p += scnprintf(p, bufsize - (p - buf),
- "sa[%i] %cx ipaddr=0x%08x %08x %08x %08x\n",
- i, (sap->rx ? 'r' : 't'), sap->ipaddr[0],
- sap->ipaddr[1], sap->ipaddr[2], sap->ipaddr[3]);
+ if (sap->xs->props.family == AF_INET6)
+ p += scnprintf(p, bufsize - (p - buf),
+ "sa[%i] %cx ipaddr=%pI6c\n",
+ i, (sap->rx ? 'r' : 't'), &sap->ipaddr);
+ else
+ p += scnprintf(p, bufsize - (p - buf),
+ "sa[%i] %cx ipaddr=%pI4\n",
+ i, (sap->rx ? 'r' : 't'), &sap->ipaddr[3]);
p += scnprintf(p, bufsize - (p - buf),
"sa[%i] spi=0x%08x proto=0x%x salt=0x%08x crypt=%d\n",
i, be32_to_cpu(sap->xs->id.spi),
--
2.46.0
2 months, 3 weeks
- 1
- 1
[PATCH 5.15.y 1/2] netdevsim: print human readable IP address
by Harshit Mogalapalli
From: Hangbin Liu <liuhangbin(a)gmail.com>
[ Upstream commit c71bc6da6198a6d88df86094f1052bb581951d65 ]
Currently, IPSec addresses are printed in hexadecimal format, which is
not user-friendly. e.g.
# cat /sys/kernel/debug/netdevsim/netdevsim0/ports/0/ipsec
SA count=2 tx=20
sa[0] rx ipaddr=0x00000000 00000000 00000000 0100a8c0
sa[0] spi=0x00000101 proto=0x32 salt=0x0adecc3a crypt=1
sa[0] key=0x3167608a ca4f1397 43565909 941fa627
sa[1] tx ipaddr=0x00000000 00000000 00000000 00000000
sa[1] spi=0x00000100 proto=0x32 salt=0x0adecc3a crypt=1
sa[1] key=0x3167608a ca4f1397 43565909 941fa627
This patch updates the code to print the IPSec address in a human-readable
format for easier debug. e.g.
# cat /sys/kernel/debug/netdevsim/netdevsim0/ports/0/ipsec
SA count=4 tx=40
sa[0] tx ipaddr=0.0.0.0
sa[0] spi=0x00000100 proto=0x32 salt=0x0adecc3a crypt=1
sa[0] key=0x3167608a ca4f1397 43565909 941fa627
sa[1] rx ipaddr=192.168.0.1
sa[1] spi=0x00000101 proto=0x32 salt=0x0adecc3a crypt=1
sa[1] key=0x3167608a ca4f1397 43565909 941fa627
sa[2] tx ipaddr=::
sa[2] spi=0x00000100 proto=0x32 salt=0x0adecc3a crypt=1
sa[2] key=0x3167608a ca4f1397 43565909 941fa627
sa[3] rx ipaddr=2000::1
sa[3] spi=0x00000101 proto=0x32 salt=0x0adecc3a crypt=1
sa[3] key=0x3167608a ca4f1397 43565909 941fa627
Reviewed-by: Simon Horman <horms(a)kernel.org>
Signed-off-by: Hangbin Liu <liuhangbin(a)gmail.com>
Link: https://patch.msgid.link/20241010040027.21440-2-liuhangbin@gmail.com
Signed-off-by: Jakub Kicinski <kuba(a)kernel.org>
(cherry picked from commit c71bc6da6198a6d88df86094f1052bb581951d65)
[Harshit: backport to stable kernels]
Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli(a)oracle.com>
---
drivers/net/netdevsim/ipsec.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/drivers/net/netdevsim/ipsec.c b/drivers/net/netdevsim/ipsec.c
index feca55eef993..ec1fc1d3ea36 100644
--- a/drivers/net/netdevsim/ipsec.c
+++ b/drivers/net/netdevsim/ipsec.c
@@ -39,10 +39,14 @@ static ssize_t nsim_dbg_netdev_ops_read(struct file *filp,
if (!sap->used)
continue;
- p += scnprintf(p, bufsize - (p - buf),
- "sa[%i] %cx ipaddr=0x%08x %08x %08x %08x\n",
- i, (sap->rx ? 'r' : 't'), sap->ipaddr[0],
- sap->ipaddr[1], sap->ipaddr[2], sap->ipaddr[3]);
+ if (sap->xs->props.family == AF_INET6)
+ p += scnprintf(p, bufsize - (p - buf),
+ "sa[%i] %cx ipaddr=%pI6c\n",
+ i, (sap->rx ? 'r' : 't'), &sap->ipaddr);
+ else
+ p += scnprintf(p, bufsize - (p - buf),
+ "sa[%i] %cx ipaddr=%pI4\n",
+ i, (sap->rx ? 'r' : 't'), &sap->ipaddr[3]);
p += scnprintf(p, bufsize - (p - buf),
"sa[%i] spi=0x%08x proto=0x%x salt=0x%08x crypt=%d\n",
i, be32_to_cpu(sap->xs->id.spi),
--
2.46.0
2 months, 3 weeks
- 1
- 1
[PATCH] mtd: rawnand: qcom: fix broken config in qcom_param_page_type_exec
by Christian Marangi
Fix broken config in qcom_param_page_type_exec caused by copy-paste error
from commit 0c08080fd71c ("mtd: rawnand: qcom: use FIELD_PREP and GENMASK")
In qcom_param_page_type_exec the value needs to be set to
nandc->regs->cfg0 instead of host->cfg0. This wrong configuration caused
the Qcom NANDC driver to malfunction on any device that makes use of it
(IPQ806x, IPQ40xx, IPQ807x, IPQ60xx) with the following error:
[ 0.885369] nand: device found, Manufacturer ID: 0x2c, Chip ID: 0xaa
[ 0.885909] nand: Micron NAND 256MiB 1,8V 8-bit
[ 0.892499] nand: 256 MiB, SLC, erase size: 128 KiB, page size: 2048, OOB size: 64
[ 0.896823] nand: ECC (step, strength) = (512, 8) does not fit in OOB
[ 0.896836] qcom-nandc 79b0000.nand-controller: No valid ECC settings possible
[ 0.910996] bam-dma-engine 7984000.dma-controller: Cannot free busy channel
[ 0.918070] qcom-nandc: probe of 79b0000.nand-controller failed with error -28
Restore original configuration fix the problem and makes the driver work
again.
Cc: stable(a)vger.kernel.org
Fixes: 0c08080fd71c ("mtd: rawnand: qcom: use FIELD_PREP and GENMASK")
Signed-off-by: Christian Marangi <ansuelsmth(a)gmail.com>
---
drivers/mtd/nand/raw/qcom_nandc.c | 24 ++++++++++++------------
1 file changed, 12 insertions(+), 12 deletions(-)
diff --git a/drivers/mtd/nand/raw/qcom_nandc.c b/drivers/mtd/nand/raw/qcom_nandc.c
index d2d2aeee42a7..4e3a3e049d9d 100644
--- a/drivers/mtd/nand/raw/qcom_nandc.c
+++ b/drivers/mtd/nand/raw/qcom_nandc.c
@@ -1881,18 +1881,18 @@ static int qcom_param_page_type_exec(struct nand_chip *chip, const struct nand_
nandc->regs->addr0 = 0;
nandc->regs->addr1 = 0;
- host->cfg0 = FIELD_PREP(CW_PER_PAGE_MASK, 0) |
- FIELD_PREP(UD_SIZE_BYTES_MASK, 512) |
- FIELD_PREP(NUM_ADDR_CYCLES_MASK, 5) |
- FIELD_PREP(SPARE_SIZE_BYTES_MASK, 0);
-
- host->cfg1 = FIELD_PREP(NAND_RECOVERY_CYCLES_MASK, 7) |
- FIELD_PREP(BAD_BLOCK_BYTE_NUM_MASK, 17) |
- FIELD_PREP(CS_ACTIVE_BSY, 0) |
- FIELD_PREP(BAD_BLOCK_IN_SPARE_AREA, 1) |
- FIELD_PREP(WR_RD_BSY_GAP_MASK, 2) |
- FIELD_PREP(WIDE_FLASH, 0) |
- FIELD_PREP(DEV0_CFG1_ECC_DISABLE, 1);
+ nandc->regs->cfg0 = FIELD_PREP(CW_PER_PAGE_MASK, 0) |
+ FIELD_PREP(UD_SIZE_BYTES_MASK, 512) |
+ FIELD_PREP(NUM_ADDR_CYCLES_MASK, 5) |
+ FIELD_PREP(SPARE_SIZE_BYTES_MASK, 0);
+
+ nandc->regs->cfg1 = FIELD_PREP(NAND_RECOVERY_CYCLES_MASK, 7) |
+ FIELD_PREP(BAD_BLOCK_BYTE_NUM_MASK, 17) |
+ FIELD_PREP(CS_ACTIVE_BSY, 0) |
+ FIELD_PREP(BAD_BLOCK_IN_SPARE_AREA, 1) |
+ FIELD_PREP(WR_RD_BSY_GAP_MASK, 2) |
+ FIELD_PREP(WIDE_FLASH, 0) |
+ FIELD_PREP(DEV0_CFG1_ECC_DISABLE, 1);
if (!nandc->props->qpic_version2)
nandc->regs->ecc_buf_cfg = cpu_to_le32(ECC_CFG_ECC_DISABLE);
--
2.47.1
2 months, 3 weeks
- 3
- 2
[PATCH 6.1.y 1/2] netdevsim: print human readable IP address
by Harshit Mogalapalli
From: Hangbin Liu <liuhangbin(a)gmail.com>
[ Upstream commit c71bc6da6198a6d88df86094f1052bb581951d65 ]
Currently, IPSec addresses are printed in hexadecimal format, which is
not user-friendly. e.g.
# cat /sys/kernel/debug/netdevsim/netdevsim0/ports/0/ipsec
SA count=2 tx=20
sa[0] rx ipaddr=0x00000000 00000000 00000000 0100a8c0
sa[0] spi=0x00000101 proto=0x32 salt=0x0adecc3a crypt=1
sa[0] key=0x3167608a ca4f1397 43565909 941fa627
sa[1] tx ipaddr=0x00000000 00000000 00000000 00000000
sa[1] spi=0x00000100 proto=0x32 salt=0x0adecc3a crypt=1
sa[1] key=0x3167608a ca4f1397 43565909 941fa627
This patch updates the code to print the IPSec address in a human-readable
format for easier debug. e.g.
# cat /sys/kernel/debug/netdevsim/netdevsim0/ports/0/ipsec
SA count=4 tx=40
sa[0] tx ipaddr=0.0.0.0
sa[0] spi=0x00000100 proto=0x32 salt=0x0adecc3a crypt=1
sa[0] key=0x3167608a ca4f1397 43565909 941fa627
sa[1] rx ipaddr=192.168.0.1
sa[1] spi=0x00000101 proto=0x32 salt=0x0adecc3a crypt=1
sa[1] key=0x3167608a ca4f1397 43565909 941fa627
sa[2] tx ipaddr=::
sa[2] spi=0x00000100 proto=0x32 salt=0x0adecc3a crypt=1
sa[2] key=0x3167608a ca4f1397 43565909 941fa627
sa[3] rx ipaddr=2000::1
sa[3] spi=0x00000101 proto=0x32 salt=0x0adecc3a crypt=1
sa[3] key=0x3167608a ca4f1397 43565909 941fa627
Reviewed-by: Simon Horman <horms(a)kernel.org>
Signed-off-by: Hangbin Liu <liuhangbin(a)gmail.com>
Link: https://patch.msgid.link/20241010040027.21440-2-liuhangbin@gmail.com
Signed-off-by: Jakub Kicinski <kuba(a)kernel.org>
(cherry picked from commit c71bc6da6198a6d88df86094f1052bb581951d65)
[Harshit: backport to stable kernels]
Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli(a)oracle.com>
---
drivers/net/netdevsim/ipsec.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/drivers/net/netdevsim/ipsec.c b/drivers/net/netdevsim/ipsec.c
index feca55eef993..ec1fc1d3ea36 100644
--- a/drivers/net/netdevsim/ipsec.c
+++ b/drivers/net/netdevsim/ipsec.c
@@ -39,10 +39,14 @@ static ssize_t nsim_dbg_netdev_ops_read(struct file *filp,
if (!sap->used)
continue;
- p += scnprintf(p, bufsize - (p - buf),
- "sa[%i] %cx ipaddr=0x%08x %08x %08x %08x\n",
- i, (sap->rx ? 'r' : 't'), sap->ipaddr[0],
- sap->ipaddr[1], sap->ipaddr[2], sap->ipaddr[3]);
+ if (sap->xs->props.family == AF_INET6)
+ p += scnprintf(p, bufsize - (p - buf),
+ "sa[%i] %cx ipaddr=%pI6c\n",
+ i, (sap->rx ? 'r' : 't'), &sap->ipaddr);
+ else
+ p += scnprintf(p, bufsize - (p - buf),
+ "sa[%i] %cx ipaddr=%pI4\n",
+ i, (sap->rx ? 'r' : 't'), &sap->ipaddr[3]);
p += scnprintf(p, bufsize - (p - buf),
"sa[%i] spi=0x%08x proto=0x%x salt=0x%08x crypt=%d\n",
i, be32_to_cpu(sap->xs->id.spi),
--
2.46.0
2 months, 3 weeks
- 1
- 1
[PATCH 6.6.y 1/2] netdevsim: print human readable IP address
by Harshit Mogalapalli
From: Hangbin Liu <liuhangbin(a)gmail.com>
[ Upstream commit c71bc6da6198a6d88df86094f1052bb581951d65 ]
Currently, IPSec addresses are printed in hexadecimal format, which is
not user-friendly. e.g.
# cat /sys/kernel/debug/netdevsim/netdevsim0/ports/0/ipsec
SA count=2 tx=20
sa[0] rx ipaddr=0x00000000 00000000 00000000 0100a8c0
sa[0] spi=0x00000101 proto=0x32 salt=0x0adecc3a crypt=1
sa[0] key=0x3167608a ca4f1397 43565909 941fa627
sa[1] tx ipaddr=0x00000000 00000000 00000000 00000000
sa[1] spi=0x00000100 proto=0x32 salt=0x0adecc3a crypt=1
sa[1] key=0x3167608a ca4f1397 43565909 941fa627
This patch updates the code to print the IPSec address in a human-readable
format for easier debug. e.g.
# cat /sys/kernel/debug/netdevsim/netdevsim0/ports/0/ipsec
SA count=4 tx=40
sa[0] tx ipaddr=0.0.0.0
sa[0] spi=0x00000100 proto=0x32 salt=0x0adecc3a crypt=1
sa[0] key=0x3167608a ca4f1397 43565909 941fa627
sa[1] rx ipaddr=192.168.0.1
sa[1] spi=0x00000101 proto=0x32 salt=0x0adecc3a crypt=1
sa[1] key=0x3167608a ca4f1397 43565909 941fa627
sa[2] tx ipaddr=::
sa[2] spi=0x00000100 proto=0x32 salt=0x0adecc3a crypt=1
sa[2] key=0x3167608a ca4f1397 43565909 941fa627
sa[3] rx ipaddr=2000::1
sa[3] spi=0x00000101 proto=0x32 salt=0x0adecc3a crypt=1
sa[3] key=0x3167608a ca4f1397 43565909 941fa627
Reviewed-by: Simon Horman <horms(a)kernel.org>
Signed-off-by: Hangbin Liu <liuhangbin(a)gmail.com>
Link: https://patch.msgid.link/20241010040027.21440-2-liuhangbin@gmail.com
Signed-off-by: Jakub Kicinski <kuba(a)kernel.org>
(cherry picked from commit c71bc6da6198a6d88df86094f1052bb581951d65)
[Harshit: backport to stable kernels]
Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli(a)oracle.com>
---
drivers/net/netdevsim/ipsec.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/drivers/net/netdevsim/ipsec.c b/drivers/net/netdevsim/ipsec.c
index 3612b0633bd1..88187dd4eb2d 100644
--- a/drivers/net/netdevsim/ipsec.c
+++ b/drivers/net/netdevsim/ipsec.c
@@ -39,10 +39,14 @@ static ssize_t nsim_dbg_netdev_ops_read(struct file *filp,
if (!sap->used)
continue;
- p += scnprintf(p, bufsize - (p - buf),
- "sa[%i] %cx ipaddr=0x%08x %08x %08x %08x\n",
- i, (sap->rx ? 'r' : 't'), sap->ipaddr[0],
- sap->ipaddr[1], sap->ipaddr[2], sap->ipaddr[3]);
+ if (sap->xs->props.family == AF_INET6)
+ p += scnprintf(p, bufsize - (p - buf),
+ "sa[%i] %cx ipaddr=%pI6c\n",
+ i, (sap->rx ? 'r' : 't'), &sap->ipaddr);
+ else
+ p += scnprintf(p, bufsize - (p - buf),
+ "sa[%i] %cx ipaddr=%pI4\n",
+ i, (sap->rx ? 'r' : 't'), &sap->ipaddr[3]);
p += scnprintf(p, bufsize - (p - buf),
"sa[%i] spi=0x%08x proto=0x%x salt=0x%08x crypt=%d\n",
i, be32_to_cpu(sap->xs->id.spi),
--
2.46.0
2 months, 3 weeks
- 1
- 1
[PATCH 6.12 000/122] 6.12.11-rc1 review
by Greg Kroah-Hartman
This is the start of the stable review cycle for the 6.12.11 release.
There are 122 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Thu, 23 Jan 2025 17:45:02 +0000.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.12.11-rc…
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.12.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
Linux 6.12.11-rc1
Ryan Lee <ryan.lee(a)canonical.com>
apparmor: allocate xmatch for nullpdb inside aa_alloc_null
Wayne Lin <Wayne.Lin(a)amd.com>
drm/amd/display: Validate mdoe under MST LCT=1 case as well
Nicholas Susanto <Nicholas.Susanto(a)amd.com>
Revert "drm/amd/display: Enable urgent latency adjustments for DCN35"
Leo Li <sunpeng.li(a)amd.com>
drm/amd/display: Do not wait for PSR disable on vbl enable
Tom Chung <chiahsuan.chung(a)amd.com>
drm/amd/display: Disable replay and psr while VRR is enabled
Tom Chung <chiahsuan.chung(a)amd.com>
drm/amd/display: Fix PSR-SU not support but still call the amdgpu_dm_psr_enable
Christian König <christian.koenig(a)amd.com>
drm/amdgpu: always sync the GFX pipe on ctx switch
Kenneth Feng <kenneth.feng(a)amd.com>
drm/amdgpu: disable gfxoff with the compute workload on gfx12
Gui Chengming <Jack.Gui(a)amd.com>
drm/amdgpu: fix fw attestation for MP0_14_0_{2/3}
Alex Deucher <alexander.deucher(a)amd.com>
drm/amdgpu/smu13: update powersave optimizations
Ashutosh Dixit <ashutosh.dixit(a)intel.com>
drm/xe/oa: Add missing VISACTL mux registers
Matthew Brost <matthew.brost(a)intel.com>
drm/xe: Mark ComputeCS read mode as UC on iGPU
Ville Syrjälä <ville.syrjala(a)linux.intel.com>
drm/i915/fb: Relax clear color alignment to 64 bytes
Xin Li (Intel) <xin(a)zytor.com>
x86/fred: Fix the FRED RSP0 MSR out of sync with its per-CPU cache
Frederic Weisbecker <frederic(a)kernel.org>
timers/migration: Enforce group initialization visibility to tree walkers
Frederic Weisbecker <frederic(a)kernel.org>
timers/migration: Fix another race between hotplug and idle entry/exit
Koichiro Den <koichiro.den(a)canonical.com>
hrtimers: Handle CPU state correctly on hotplug
Tomas Krcka <krckatom(a)amazon.de>
irqchip/gic-v3-its: Don't enable interrupts in its_irq_set_vcpu_affinity()
Yogesh Lal <quic_ylal(a)quicinc.com>
irqchip/gic-v3: Handle CPU_PM_ENTER_FAILED correctly
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
irqchip: Plug a OF node reference leak in platform_irqchip_probe()
Steven Rostedt <rostedt(a)goodmis.org>
tracing: gfp: Fix the GFP enum values shown for user space tracing tools
Donet Tom <donettom(a)linux.ibm.com>
mm: vmscan : pgdemote vmstat is not getting updated when MGLRU is enabled.
Ryan Roberts <ryan.roberts(a)arm.com>
mm: clear uffd-wp PTE/PMD state on mremap()
Leo Li <sunpeng.li(a)amd.com>
drm/amd/display: Do not elevate mem_type change to full update
Ryan Roberts <ryan.roberts(a)arm.com>
selftests/mm: set allocated memory to non-zero content in cow test
Guo Weikang <guoweikang.kernel(a)gmail.com>
mm/kmemleak: fix percpu memory leak detection failure
Xiaolei Wang <xiaolei.wang(a)windriver.com>
pmdomain: imx8mp-blk-ctrl: add missing loop break condition
Suren Baghdasaryan <surenb(a)google.com>
tools: fix atomic_set() definition to set the value correctly
Sean Anderson <sean.anderson(a)linux.dev>
gpio: xilinx: Convert gpio_lock to raw spinlock
Rik van Riel <riel(a)surriel.com>
fs/proc: fix softlockup in __read_vmcore (part 2)
Marco Nelissen <marco.nelissen(a)gmail.com>
filemap: avoid truncating 64-bit offset to 32 bits
Paul Fertser <fercerpav(a)gmail.com>
net/ncsi: fix locking in Get MAC Address handling
Takashi Iwai <tiwai(a)suse.de>
drm/nouveau/disp: Fix missing backlight control on Macbook 5,1
Dave Airlie <airlied(a)redhat.com>
nouveau/fence: handle cross device fences properly
Stefano Garzarella <sgarzare(a)redhat.com>
vsock: prevent null-ptr-deref in vsock_*[has_data|has_space]
Stefano Garzarella <sgarzare(a)redhat.com>
vsock: reset socket state when de-assigning the transport
Stefano Garzarella <sgarzare(a)redhat.com>
vsock/virtio: cancel close work in the destructor
Stefano Garzarella <sgarzare(a)redhat.com>
vsock/virtio: discard packets if the transport changes
Stefano Garzarella <sgarzare(a)redhat.com>
vsock/bpf: return early if transport is not assigned
Heiner Kallweit <hkallweit1(a)gmail.com>
net: ethernet: xgbe: re-add aneg to supported features in PHY quirks
Paolo Abeni <pabeni(a)redhat.com>
selftests: mptcp: avoid spurious errors on disconnect
Paolo Abeni <pabeni(a)redhat.com>
mptcp: fix spurious wake-up on under memory pressure
Paolo Abeni <pabeni(a)redhat.com>
mptcp: be sure to send ack when mptcp-level window re-opens
Tomi Valkeinen <tomi.valkeinen+renesas(a)ideasonboard.com>
i2c: atr: Fix client detach
Kairui Song <kasong(a)tencent.com>
zram: fix potential UAF of zram table
Luke D. Jones <luke(a)ljones.dev>
ALSA: hda/realtek: fixup ASUS H7606W
Luke D. Jones <luke(a)ljones.dev>
ALSA: hda/realtek: fixup ASUS GA605W
Stefan Binding <sbinding(a)opensource.cirrus.com>
ALSA: hda/realtek: Add support for Ayaneo System using CS35L41 HDA
Juergen Gross <jgross(a)suse.com>
x86/asm: Make serialize() always_inline
Peter Zijlstra <peterz(a)infradead.org>
sched/fair: Fix update_cfs_group() vs DELAY_DEQUEUE
Peter Zijlstra <peterz(a)infradead.org>
sched/fair: Fix EEVDF entity placement bug causing scheduling lag
Luis Chamberlain <mcgrof(a)kernel.org>
nvmet: propagate npwg topology
Tejun Heo <tj(a)kernel.org>
sched_ext: Fix dsq_local_on selftest
Hongguang Gao <hongguang.gao(a)broadcom.com>
RDMA/bnxt_re: Fix to export port num to ib_query_qp
David Vernet <void(a)manifault.com>
scx: Fix maximal BPF selftest prog
Ihor Solodrai <ihor.solodrai(a)pm.me>
selftests/sched_ext: fix build after renames in sched_ext API
Oleg Nesterov <oleg(a)redhat.com>
poll_wait: add mb() to fix theoretical race between waitqueue_active() and .poll()
Lizhi Xu <lizhi.xu(a)windriver.com>
afs: Fix merge preference rule failure condition
Marco Nelissen <marco.nelissen(a)gmail.com>
iomap: avoid avoid truncating 64-bit offset to 32 bits
Henry Huang <henry.hj(a)antgroup.com>
sched_ext: keep running prev when prev->scx.slice != 0
Hans de Goede <hdegoede(a)redhat.com>
ACPI: resource: acpi_dev_irq_override(): Check DMI match last
Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com>
platform/x86: ISST: Add Clearwater Forest to support list
Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com>
platform/x86/intel: power-domains: Add Clearwater Forest support
Jakub Kicinski <kuba(a)kernel.org>
selftests: tc-testing: reduce rshift value
Koichiro Den <koichiro.den(a)canonical.com>
gpio: sim: lock up configfs that an instantiated device depends on
Koichiro Den <koichiro.den(a)canonical.com>
gpio: virtuser: lock up configfs that an instantiated device depends on
Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org>
scsi: ufs: core: Honor runtime/system PM levels if set by host controller drivers
Max Kellermann <max.kellermann(a)ionos.com>
cachefiles: Parse the "secctx" immediately
David Howells <dhowells(a)redhat.com>
netfs: Fix non-contiguous donation between completed reads
David Howells <dhowells(a)redhat.com>
kheaders: Ignore silly-rename files
Zhang Kunbo <zhangkunbo(a)huawei.com>
fs: fix missing declaration of init_files
Brahmajit Das <brahmajit.xyz(a)gmail.com>
fs/qnx6: Fix building with GCC 15
Leo Stone <leocstone(a)gmail.com>
hfs: Sanity check the root record
Lizhi Xu <lizhi.xu(a)windriver.com>
mac802154: check local interfaces before deleting sdata list
Paulo Alcantara <pc(a)manguebit.com>
smb: client: fix double free of TCP_Server_Info::hostname
David Lechner <dlechner(a)baylibre.com>
hwmon: (ltc2991) Fix mixed signed/unsigned in DIV_ROUND_CLOSEST
Wolfram Sang <wsa+renesas(a)sang-engineering.com>
i2c: testunit: on errors, repeat NACK until STOP
Wolfram Sang <wsa+renesas(a)sang-engineering.com>
i2c: rcar: fix NACK handling when being a target
Wolfram Sang <wsa+renesas(a)sang-engineering.com>
i2c: mux: demux-pinctrl: check initial mux selection, too
Pratyush Yadav <pratyush(a)kernel.org>
Revert "mtd: spi-nor: core: replace dummy buswidth from addr to data"
David Lechner <dlechner(a)baylibre.com>
hwmon: (tmp513) Fix division of negative numbers
Chenyuan Yang <chenyuan0y(a)gmail.com>
platform/x86: lenovo-yoga-tab2-pro-1380-fastcharger: fix serdev race
Chenyuan Yang <chenyuan0y(a)gmail.com>
platform/x86: dell-uart-backlight: fix serdev race
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
i2c: core: fix reference leak in i2c_register_adapter()
MD Danish Anwar <danishanwar(a)ti.com>
soc: ti: pruss: Fix pruss APIs
Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com>
reset: rzg2l-usbphy-ctrl: Assign proper of node to the allocated device
Maíra Canal <mcanal(a)igalia.com>
drm/v3d: Ensure job pointer is set to NULL after job completion
Ian Forbes <ian.forbes(a)broadcom.com>
drm/vmwgfx: Add new keep_resv BO param
Ian Forbes <ian.forbes(a)broadcom.com>
drm/vmwgfx: Unreserve BO on error
Yu-Chun Lin <eleanor15x(a)gmail.com>
drm/tests: helpers: Fix compiler warning
Jakub Kicinski <kuba(a)kernel.org>
netdev: avoid CFI problems with sock priv helpers
Leon Romanovsky <leon(a)kernel.org>
net/mlx5e: Always start IPsec sequence number from 1
Leon Romanovsky <leon(a)kernel.org>
net/mlx5e: Rely on reqid in IPsec tunnel mode
Leon Romanovsky <leon(a)kernel.org>
net/mlx5e: Fix inversion dependency warning while enabling IPsec tunnel
Mark Zhang <markzhang(a)nvidia.com>
net/mlx5: Clear port select structure when fail to create
Chris Mi <cmi(a)nvidia.com>
net/mlx5: SF, Fix add port error handling
Yishai Hadas <yishaih(a)nvidia.com>
net/mlx5: Fix a lockdep warning as part of the write combining test
Patrisious Haddad <phaddad(a)nvidia.com>
net/mlx5: Fix RDMA TX steering prio
Pavel Begunkov <asml.silence(a)gmail.com>
net: make page_pool_ref_netmem work with net iovs
Kevin Groeneveld <kgroeneveld(a)lenbrook.com>
net: fec: handle page_pool_dev_alloc_pages error
Sean Anderson <sean.anderson(a)linux.dev>
net: xilinx: axienet: Fix IRQ coalescing packet count overflow
Dan Carpenter <dan.carpenter(a)linaro.org>
nfp: bpf: prevent integer overflow in nfp_bpf_event_output()
Viresh Kumar <viresh.kumar(a)linaro.org>
cpufreq: Move endif to the end of Kconfig file
Kuniyuki Iwashima <kuniyu(a)amazon.com>
pfcp: Destroy device along with udp socket's netns dismantle.
Kuniyuki Iwashima <kuniyu(a)amazon.com>
gtp: Destroy device along with udp socket's netns dismantle.
Kuniyuki Iwashima <kuniyu(a)amazon.com>
gtp: Use for_each_netdev_rcu() in gtp_genl_dump_pdp().
Qu Wenruo <wqu(a)suse.com>
btrfs: add the missing error handling inside get_canonical_dev_path
Rafael J. Wysocki <rafael.j.wysocki(a)intel.com>
cpuidle: teo: Update documentation after previous changes
Karol Kolacinski <karol.kolacinski(a)intel.com>
ice: Add correct PHY lane assignment
Sergey Temerkhanov <sergey.temerkhanov(a)intel.com>
ice: Use ice_adapter for PTP shared data instead of auxdev
Sergey Temerkhanov <sergey.temerkhanov(a)intel.com>
ice: Add ice_get_ctrl_ptp() wrapper to simplify the code
Sergey Temerkhanov <sergey.temerkhanov(a)intel.com>
ice: Introduce ice_get_phy_model() wrapper
Karol Kolacinski <karol.kolacinski(a)intel.com>
ice: Fix ETH56G FC-FEC Rx offset value
Karol Kolacinski <karol.kolacinski(a)intel.com>
ice: Fix quad registers read on E825
Karol Kolacinski <karol.kolacinski(a)intel.com>
ice: Fix E825 initialization
Artem Chernyshev <artem.chernyshev(a)red-soft.ru>
pktgen: Avoid out-of-bounds access in get_imix_entries
Ilya Maximets <i.maximets(a)ovn.org>
openvswitch: fix lockup on tx to unregistering netdev with carrier
Paul Barker <paul.barker.ct(a)bp.renesas.com>
net: ravb: Fix max TX frame size for RZ/V2M
Jakub Kicinski <kuba(a)kernel.org>
eth: bnxt: always recalculate features after XDP clearing, fix null-deref
Michal Luczaj <mhal(a)rbox.co>
bpf: Fix bpf_sk_select_reuseport() memory leak
Sudheer Kumar Doredla <s-doredla(a)ti.com>
net: ethernet: ti: cpsw_ale: Fix cpsw_ale_get_field()
Ard Biesheuvel <ardb(a)kernel.org>
efi/zboot: Limit compression options to GZIP and ZSTD
-------------
Diffstat:
Makefile | 4 +-
arch/x86/include/asm/special_insns.h | 2 +-
arch/x86/kernel/fred.c | 8 +-
drivers/acpi/resource.c | 6 +-
drivers/block/zram/zram_drv.c | 1 +
drivers/cpufreq/Kconfig | 4 +-
drivers/cpuidle/governors/teo.c | 91 +++----
drivers/firmware/efi/Kconfig | 4 -
drivers/firmware/efi/libstub/Makefile.zboot | 18 +-
drivers/gpio/gpio-sim.c | 48 +++-
drivers/gpio/gpio-virtuser.c | 49 +++-
drivers/gpio/gpio-xilinx.c | 32 +--
drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.c | 5 +-
drivers/gpu/drm/amd/amdgpu/amdgpu_fw_attestation.c | 4 +
drivers/gpu/drm/amd/amdgpu/amdgpu_ib.c | 4 +-
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 41 ++-
.../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_crc.c | 25 +-
.../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_crtc.c | 4 +-
.../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_crtc.h | 2 +-
.../drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c | 2 +-
.../amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 14 +-
.../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_psr.c | 35 ++-
.../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_psr.h | 3 +-
.../gpu/drm/amd/display/dc/dml/dcn35/dcn35_fpu.c | 4 +-
.../gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_0_ppt.c | 11 +-
drivers/gpu/drm/i915/display/intel_fb.c | 2 +-
drivers/gpu/drm/nouveau/nouveau_fence.c | 6 +-
drivers/gpu/drm/nouveau/nvkm/engine/disp/mcp77.c | 1 +
drivers/gpu/drm/tests/drm_kunit_helpers.c | 3 +-
drivers/gpu/drm/v3d/v3d_irq.c | 4 +
drivers/gpu/drm/vmwgfx/vmwgfx_bo.c | 3 +-
drivers/gpu/drm/vmwgfx/vmwgfx_bo.h | 3 +-
drivers/gpu/drm/vmwgfx/vmwgfx_drv.c | 7 +-
drivers/gpu/drm/vmwgfx/vmwgfx_gem.c | 1 +
drivers/gpu/drm/vmwgfx/vmwgfx_kms.c | 20 +-
drivers/gpu/drm/vmwgfx/vmwgfx_shader.c | 7 +-
drivers/gpu/drm/vmwgfx/vmwgfx_ttm_buffer.c | 5 +-
drivers/gpu/drm/xe/xe_hw_engine.c | 2 +-
drivers/gpu/drm/xe/xe_oa.c | 1 +
drivers/hwmon/ltc2991.c | 2 +-
drivers/hwmon/tmp513.c | 7 +-
drivers/i2c/busses/i2c-rcar.c | 20 +-
drivers/i2c/i2c-atr.c | 2 +-
drivers/i2c/i2c-core-base.c | 1 +
drivers/i2c/i2c-slave-testunit.c | 19 +-
drivers/i2c/muxes/i2c-demux-pinctrl.c | 4 +-
drivers/infiniband/hw/bnxt_re/ib_verbs.c | 1 +
drivers/infiniband/hw/bnxt_re/ib_verbs.h | 4 +
drivers/infiniband/hw/bnxt_re/qplib_fp.c | 1 +
drivers/infiniband/hw/bnxt_re/qplib_fp.h | 1 +
drivers/irqchip/irq-gic-v3-its.c | 2 +-
drivers/irqchip/irq-gic-v3.c | 2 +-
drivers/irqchip/irqchip.c | 4 +-
drivers/mtd/spi-nor/core.c | 2 +-
drivers/net/ethernet/amd/xgbe/xgbe-phy-v2.c | 19 +-
drivers/net/ethernet/broadcom/bnxt/bnxt.c | 25 +-
drivers/net/ethernet/broadcom/bnxt/bnxt.h | 2 +-
drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c | 7 -
drivers/net/ethernet/freescale/fec_main.c | 19 +-
drivers/net/ethernet/intel/ice/ice.h | 5 +
drivers/net/ethernet/intel/ice/ice_adapter.c | 6 +
drivers/net/ethernet/intel/ice/ice_adapter.h | 22 +-
drivers/net/ethernet/intel/ice/ice_adminq_cmd.h | 1 +
drivers/net/ethernet/intel/ice/ice_common.c | 51 ++++
drivers/net/ethernet/intel/ice/ice_common.h | 1 +
drivers/net/ethernet/intel/ice/ice_main.c | 6 +-
drivers/net/ethernet/intel/ice/ice_ptp.c | 165 +++++++-----
drivers/net/ethernet/intel/ice/ice_ptp.h | 9 +-
drivers/net/ethernet/intel/ice/ice_ptp_consts.h | 2 +-
drivers/net/ethernet/intel/ice/ice_ptp_hw.c | 285 +++++++++++----------
drivers/net/ethernet/intel/ice/ice_ptp_hw.h | 5 +
drivers/net/ethernet/intel/ice/ice_type.h | 2 -
.../ethernet/mellanox/mlx5/core/en_accel/ipsec.c | 22 +-
.../mellanox/mlx5/core/en_accel/ipsec_fs.c | 12 +-
.../mellanox/mlx5/core/en_accel/ipsec_offload.c | 11 +-
drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 1 +
.../net/ethernet/mellanox/mlx5/core/lag/port_sel.c | 4 +-
.../net/ethernet/mellanox/mlx5/core/sf/devlink.c | 1 +
drivers/net/ethernet/mellanox/mlx5/core/wc.c | 24 +-
drivers/net/ethernet/netronome/nfp/bpf/offload.c | 3 +-
drivers/net/ethernet/renesas/ravb_main.c | 1 +
drivers/net/ethernet/ti/cpsw_ale.c | 14 +-
drivers/net/ethernet/xilinx/xilinx_axienet_main.c | 6 +
drivers/net/gtp.c | 26 +-
drivers/net/pfcp.c | 15 +-
drivers/nvme/target/io-cmd-bdev.c | 2 +-
drivers/platform/x86/dell/dell-uart-backlight.c | 5 +-
.../x86/intel/speed_select_if/isst_if_common.c | 1 +
drivers/platform/x86/intel/tpmi_power_domains.c | 1 +
.../x86/lenovo-yoga-tab2-pro-1380-fastcharger.c | 5 +-
drivers/pmdomain/imx/imx8mp-blk-ctrl.c | 2 +-
drivers/reset/reset-rzg2l-usbphy-ctrl.c | 1 +
drivers/ufs/core/ufshcd.c | 9 +-
fs/afs/addr_prefs.c | 6 +-
fs/btrfs/volumes.c | 4 +
fs/cachefiles/daemon.c | 14 +-
fs/cachefiles/internal.h | 3 +-
fs/cachefiles/security.c | 6 +-
fs/file.c | 1 +
fs/hfs/super.c | 4 +-
fs/iomap/buffered-io.c | 2 +-
fs/netfs/read_collect.c | 9 +-
fs/proc/vmcore.c | 2 +
fs/qnx6/inode.c | 11 +-
fs/smb/client/connect.c | 3 +-
include/linux/hrtimer.h | 1 +
include/linux/poll.h | 10 +-
include/linux/pruss_driver.h | 12 +-
include/linux/userfaultfd_k.h | 12 +
include/net/page_pool/helpers.h | 2 +-
include/trace/events/mmflags.h | 63 +++++
kernel/cpu.c | 2 +-
kernel/gen_kheaders.sh | 1 +
kernel/sched/ext.c | 11 +-
kernel/sched/fair.c | 151 ++---------
kernel/time/hrtimer.c | 11 +-
kernel/time/timer_migration.c | 43 +++-
mm/filemap.c | 2 +-
mm/huge_memory.c | 12 +
mm/hugetlb.c | 14 +-
mm/kmemleak.c | 2 +-
mm/mremap.c | 32 ++-
mm/vmscan.c | 3 +
net/core/filter.c | 30 ++-
net/core/netdev-genl-gen.c | 14 +-
net/core/pktgen.c | 6 +-
net/mac802154/iface.c | 4 +
net/mptcp/options.c | 6 +-
net/mptcp/protocol.h | 9 +-
net/ncsi/internal.h | 2 +
net/ncsi/ncsi-manage.c | 16 +-
net/ncsi/ncsi-rsp.c | 19 +-
net/openvswitch/actions.c | 4 +-
net/vmw_vsock/af_vsock.c | 18 ++
net/vmw_vsock/virtio_transport_common.c | 38 ++-
net/vmw_vsock/vsock_bpf.c | 9 +
security/apparmor/policy.c | 1 +
sound/pci/hda/patch_realtek.c | 3 +
tools/net/ynl/ynl-gen-c.py | 16 +-
tools/testing/selftests/mm/cow.c | 8 +-
tools/testing/selftests/net/mptcp/mptcp_connect.c | 43 +++-
.../selftests/sched_ext/ddsp_bogus_dsq_fail.bpf.c | 2 +-
.../selftests/sched_ext/ddsp_vtimelocal_fail.bpf.c | 4 +-
.../testing/selftests/sched_ext/dsp_local_on.bpf.c | 7 +-
tools/testing/selftests/sched_ext/dsp_local_on.c | 5 +-
.../selftests/sched_ext/enq_select_cpu_fails.bpf.c | 2 +-
tools/testing/selftests/sched_ext/exit.bpf.c | 4 +-
tools/testing/selftests/sched_ext/maximal.bpf.c | 8 +-
.../selftests/sched_ext/select_cpu_dfl.bpf.c | 2 +-
.../sched_ext/select_cpu_dfl_nodispatch.bpf.c | 2 +-
.../selftests/sched_ext/select_cpu_dispatch.bpf.c | 2 +-
.../sched_ext/select_cpu_dispatch_bad_dsq.bpf.c | 2 +-
.../sched_ext/select_cpu_dispatch_dbl_dsp.bpf.c | 4 +-
.../selftests/sched_ext/select_cpu_vtime.bpf.c | 8 +-
.../tc-testing/tc-tests/filters/flow.json | 4 +-
tools/testing/shared/linux/maple_tree.h | 2 +-
tools/testing/vma/linux/atomic.h | 2 +-
157 files changed, 1345 insertions(+), 766 deletions(-)
2 months, 3 weeks
- 16
- 142
[PATCH net 6/6] can: rockchip: rkcanfd_handle_rx_fifo_overflow_int(): bail out if skb cannot be allocated
by Marc Kleine-Budde
From: Robin van der Gracht <robin(a)protonic.nl>
Fix NULL pointer check in rkcanfd_handle_rx_fifo_overflow_int() to
bail out if skb cannot be allocated.
Fixes: ff60bfbaf67f ("can: rockchip_canfd: add driver for Rockchip CAN-FD controller")
Cc: stable(a)vger.kernel.org
Signed-off-by: Robin van der Gracht <robin(a)protonic.nl>
Link: https://patch.msgid.link/20250208-fix-rockchip-canfd-v1-1-ec533c8a9895@peng…
Signed-off-by: Marc Kleine-Budde <mkl(a)pengutronix.de>
---
drivers/net/can/rockchip/rockchip_canfd-core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/can/rockchip/rockchip_canfd-core.c b/drivers/net/can/rockchip/rockchip_canfd-core.c
index df18c85fc078..d9a937ba126c 100644
--- a/drivers/net/can/rockchip/rockchip_canfd-core.c
+++ b/drivers/net/can/rockchip/rockchip_canfd-core.c
@@ -622,7 +622,7 @@ rkcanfd_handle_rx_fifo_overflow_int(struct rkcanfd_priv *priv)
netdev_dbg(priv->ndev, "RX-FIFO overflow\n");
skb = rkcanfd_alloc_can_err_skb(priv, &cf, ×tamp);
- if (skb)
+ if (!skb)
return 0;
rkcanfd_get_berr_counter_corrected(priv, &bec);
--
2.47.2
2 months, 3 weeks
- 1
- 0
[PATCH net 5/6] can: etas_es58x: fix potential NULL pointer dereference on udev->serial
by Marc Kleine-Budde
From: Vincent Mailhol <mailhol.vincent(a)wanadoo.fr>
The driver assumed that es58x_dev->udev->serial could never be NULL.
While this is true on commercially available devices, an attacker
could spoof the device identity providing a NULL USB serial number.
That would trigger a NULL pointer dereference.
Add a check on es58x_dev->udev->serial before accessing it.
Reported-by: yan kang <kangyan91(a)outlook.com>
Reported-by: yue sun <samsun1006219(a)gmail.com>
Closes: https://lore.kernel.org/linux-can/SY8P300MB0421E0013C0EBD2AA46BA709A1F42@SY…
Fixes: 9f06631c3f1f ("can: etas_es58x: export product information through devlink_ops::info_get()")
Signed-off-by: Vincent Mailhol <mailhol.vincent(a)wanadoo.fr>
Link: https://patch.msgid.link/20250204154859.9797-2-mailhol.vincent@wanadoo.fr
Cc: stable(a)vger.kernel.org
Signed-off-by: Marc Kleine-Budde <mkl(a)pengutronix.de>
---
drivers/net/can/usb/etas_es58x/es58x_devlink.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/drivers/net/can/usb/etas_es58x/es58x_devlink.c b/drivers/net/can/usb/etas_es58x/es58x_devlink.c
index eee20839d96f..0d155eb1b9e9 100644
--- a/drivers/net/can/usb/etas_es58x/es58x_devlink.c
+++ b/drivers/net/can/usb/etas_es58x/es58x_devlink.c
@@ -248,7 +248,11 @@ static int es58x_devlink_info_get(struct devlink *devlink,
return ret;
}
- return devlink_info_serial_number_put(req, es58x_dev->udev->serial);
+ if (es58x_dev->udev->serial)
+ ret = devlink_info_serial_number_put(req,
+ es58x_dev->udev->serial);
+
+ return ret;
}
const struct devlink_ops es58x_dl_ops = {
--
2.47.2
2 months, 3 weeks
- 1
- 0
[PATCH net 4/6] can: c_can: fix unbalanced runtime PM disable in error path
by Marc Kleine-Budde
From: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org>
Runtime PM is enabled as one of the last steps of probe(), so all
earlier gotos to "exit_free_device" label were not correct and were
leading to unbalanced runtime PM disable depth.
Fixes: 6e2fe01dd6f9 ("can: c_can: move runtime PM enable/disable to c_can_platform")
Cc: stable(a)vger.kernel.org
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org>
Reviewed-by: Vincent Mailhol <mailhol.vincent(a)wanadoo.fr>
Link: https://patch.msgid.link/20250112-syscon-phandle-args-can-v1-1-314d9549906f…
Signed-off-by: Marc Kleine-Budde <mkl(a)pengutronix.de>
---
drivers/net/can/c_can/c_can_platform.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/net/can/c_can/c_can_platform.c b/drivers/net/can/c_can/c_can_platform.c
index 6cba9717a6d8..399844809bbe 100644
--- a/drivers/net/can/c_can/c_can_platform.c
+++ b/drivers/net/can/c_can/c_can_platform.c
@@ -385,15 +385,16 @@ static int c_can_plat_probe(struct platform_device *pdev)
if (ret) {
dev_err(&pdev->dev, "registering %s failed (err=%d)\n",
KBUILD_MODNAME, ret);
- goto exit_free_device;
+ goto exit_pm_runtime;
}
dev_info(&pdev->dev, "%s device registered (regs=%p, irq=%d)\n",
KBUILD_MODNAME, priv->base, dev->irq);
return 0;
-exit_free_device:
+exit_pm_runtime:
pm_runtime_disable(priv->device);
+exit_free_device:
free_c_can_dev(dev);
exit:
dev_err(&pdev->dev, "probe failed\n");
--
2.47.2
2 months, 3 weeks
- 1
- 0
[PATCH net 3/6] can: ctucanfd: handle skb allocation failure
by Marc Kleine-Budde
From: Fedor Pchelkin <pchelkin(a)ispras.ru>
If skb allocation fails, the pointer to struct can_frame is NULL. This
is actually handled everywhere inside ctucan_err_interrupt() except for
the only place.
Add the missed NULL check.
Found by Linux Verification Center (linuxtesting.org) with SVACE static
analysis tool.
Fixes: 2dcb8e8782d8 ("can: ctucanfd: add support for CTU CAN FD open-source IP core - bus independent part.")
Cc: stable(a)vger.kernel.org
Signed-off-by: Fedor Pchelkin <pchelkin(a)ispras.ru>
Acked-by: Pavel Pisa <pisa(a)cmp.felk.cvut.cz>
Reviewed-by: Vincent Mailhol <mailhol.vincent(a)wanadoo.fr>
Link: https://patch.msgid.link/20250114152138.139580-1-pchelkin@ispras.ru
Signed-off-by: Marc Kleine-Budde <mkl(a)pengutronix.de>
---
drivers/net/can/ctucanfd/ctucanfd_base.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/drivers/net/can/ctucanfd/ctucanfd_base.c b/drivers/net/can/ctucanfd/ctucanfd_base.c
index 64c349fd4600..f65c1a1e05cc 100644
--- a/drivers/net/can/ctucanfd/ctucanfd_base.c
+++ b/drivers/net/can/ctucanfd/ctucanfd_base.c
@@ -867,10 +867,12 @@ static void ctucan_err_interrupt(struct net_device *ndev, u32 isr)
}
break;
case CAN_STATE_ERROR_ACTIVE:
- cf->can_id |= CAN_ERR_CNT;
- cf->data[1] = CAN_ERR_CRTL_ACTIVE;
- cf->data[6] = bec.txerr;
- cf->data[7] = bec.rxerr;
+ if (skb) {
+ cf->can_id |= CAN_ERR_CNT;
+ cf->data[1] = CAN_ERR_CRTL_ACTIVE;
+ cf->data[6] = bec.txerr;
+ cf->data[7] = bec.rxerr;
+ }
break;
default:
netdev_warn(ndev, "unhandled error state (%d:%s)!\n",
--
2.47.2
2 months, 3 weeks
- 1
- 0
[PATCH net 2/6] can: j1939: j1939_sk_send_loop(): fix unable to send messages with data length zero
by Marc Kleine-Budde
From: Alexander Hölzl <alexander.hoelzl(a)gmx.net>
The J1939 standard requires the transmission of messages of length 0.
For example proprietary messages are specified with a data length of 0
to 1785. The transmission of such messages is not possible. Sending
results in no error being returned but no corresponding can frame
being generated.
Enable the transmission of zero length J1939 messages. In order to
facilitate this two changes are necessary:
1) If the transmission of a new message is requested from user space
the message is segmented in j1939_sk_send_loop(). Let the segmentation
take into account zero length messages, do not terminate immediately,
queue the corresponding skb.
2) j1939_session_skb_get_by_offset() selects the next skb to transmit
for a session. Take into account that there might be zero length skbs
in the queue.
Signed-off-by: Alexander Hölzl <alexander.hoelzl(a)gmx.net>
Acked-by: Oleksij Rempel <o.rempel(a)pengutronix.de>
Link: https://patch.msgid.link/20250205174651.103238-1-alexander.hoelzl@gmx.net
Fixes: 9d71dd0c7009 ("can: add support of SAE J1939 protocol")
Cc: stable(a)vger.kernel.org
[mkl: commit message rephrased]
Signed-off-by: Marc Kleine-Budde <mkl(a)pengutronix.de>
---
net/can/j1939/socket.c | 4 ++--
net/can/j1939/transport.c | 5 +++--
2 files changed, 5 insertions(+), 4 deletions(-)
diff --git a/net/can/j1939/socket.c b/net/can/j1939/socket.c
index 305dd72c844c..17226b2341d0 100644
--- a/net/can/j1939/socket.c
+++ b/net/can/j1939/socket.c
@@ -1132,7 +1132,7 @@ static int j1939_sk_send_loop(struct j1939_priv *priv, struct sock *sk,
todo_size = size;
- while (todo_size) {
+ do {
struct j1939_sk_buff_cb *skcb;
segment_size = min_t(size_t, J1939_MAX_TP_PACKET_SIZE,
@@ -1177,7 +1177,7 @@ static int j1939_sk_send_loop(struct j1939_priv *priv, struct sock *sk,
todo_size -= segment_size;
session->total_queued_size += segment_size;
- }
+ } while (todo_size);
switch (ret) {
case 0: /* OK */
diff --git a/net/can/j1939/transport.c b/net/can/j1939/transport.c
index 95f7a7e65a73..9b72d118d756 100644
--- a/net/can/j1939/transport.c
+++ b/net/can/j1939/transport.c
@@ -382,8 +382,9 @@ sk_buff *j1939_session_skb_get_by_offset(struct j1939_session *session,
skb_queue_walk(&session->skb_queue, do_skb) {
do_skcb = j1939_skb_to_cb(do_skb);
- if (offset_start >= do_skcb->offset &&
- offset_start < (do_skcb->offset + do_skb->len)) {
+ if ((offset_start >= do_skcb->offset &&
+ offset_start < (do_skcb->offset + do_skb->len)) ||
+ (offset_start == 0 && do_skcb->offset == 0 && do_skb->len == 0)) {
skb = do_skb;
}
}
--
2.47.2
2 months, 3 weeks
- 1
- 0
[PATCH] can: rockchip: rkcanfd_handle_rx_fifo_overflow_int(): bail out if skb cannot be allocated
by Marc Kleine-Budde
From: Robin van der Gracht <robin(a)protonic.nl>
Fix NULL pointer check in rkcanfd_handle_rx_fifo_overflow_int() to
bail out if skb cannot be allocated.
Fixes: ff60bfbaf67f ("can: rockchip_canfd: add driver for Rockchip CAN-FD controller")
Cc: stable(a)vger.kernel.org
Signed-off-by: Robin van der Gracht <robin(a)protonic.nl>
Signed-off-by: Marc Kleine-Budde <mkl(a)pengutronix.de>
---
drivers/net/can/rockchip/rockchip_canfd-core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/can/rockchip/rockchip_canfd-core.c b/drivers/net/can/rockchip/rockchip_canfd-core.c
index df18c85fc078..d9a937ba126c 100644
--- a/drivers/net/can/rockchip/rockchip_canfd-core.c
+++ b/drivers/net/can/rockchip/rockchip_canfd-core.c
@@ -622,7 +622,7 @@ rkcanfd_handle_rx_fifo_overflow_int(struct rkcanfd_priv *priv)
netdev_dbg(priv->ndev, "RX-FIFO overflow\n");
skb = rkcanfd_alloc_can_err_skb(priv, &cf, ×tamp);
- if (skb)
+ if (!skb)
return 0;
rkcanfd_get_berr_counter_corrected(priv, &bec);
---
base-commit: 1438f5d07b9a7afb15e1d0e26df04a6fd4e56a3c
change-id: 20250208-fix-rockchip-canfd-ce09e1e424ce
Best regards,
--
Marc Kleine-Budde <mkl(a)pengutronix.de>
2 months, 3 weeks
- 1
- 0
Linux 6.13.2
by Greg Kroah-Hartman
I'm announcing the release of the 6.13.2 kernel.
All users of the 6.13 kernel series must upgrade.
The updated 6.13.y git tree can be found at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.13.y
and can be browsed at the normal kernel.org git web browser:
https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary
thanks,
greg k-h
------------
Documentation/devicetree/bindings/display/msm/qcom,sa8775p-mdss.yaml | 3
Documentation/devicetree/bindings/leds/leds-class-multicolor.yaml | 2
Documentation/devicetree/bindings/mfd/rohm,bd71815-pmic.yaml | 20 -
Documentation/devicetree/bindings/mmc/mmc-controller.yaml | 2
Documentation/devicetree/bindings/regulator/mt6315-regulator.yaml | 6
Documentation/driver-api/crypto/iaa/iaa-crypto.rst | 9
Makefile | 2
arch/arm/boot/dts/aspeed/aspeed-bmc-facebook-yosemite4.dts | 24 -
arch/arm/boot/dts/intel/socfpga/socfpga_arria10.dtsi | 6
arch/arm/boot/dts/mediatek/mt7623.dtsi | 2
arch/arm/boot/dts/microchip/at91-sama5d27_wlsom1_ek.dts | 1
arch/arm/boot/dts/microchip/at91-sama5d29_curiosity.dts | 1
arch/arm/boot/dts/nxp/imx/imx7-tqma7.dtsi | 1
arch/arm/boot/dts/st/stm32mp13xx-dhcor-som.dtsi | 16
arch/arm/boot/dts/st/stm32mp151.dtsi | 2
arch/arm/boot/dts/st/stm32mp15xx-dhcom-drc02.dtsi | 12
arch/arm/boot/dts/st/stm32mp15xx-dhcom-pdk2.dtsi | 10
arch/arm/boot/dts/st/stm32mp15xx-dhcom-picoitx.dtsi | 10
arch/arm/boot/dts/st/stm32mp15xx-dhcom-som.dtsi | 7
arch/arm/mach-at91/pm.c | 31 +
arch/arm/mach-omap1/board-nokia770.c | 2
arch/arm64/boot/dts/freescale/imx93.dtsi | 2
arch/arm64/boot/dts/marvell/cn9131-cf-solidwan.dts | 4
arch/arm64/boot/dts/mediatek/mt7988a.dtsi | 3
arch/arm64/boot/dts/mediatek/mt8173-elm.dtsi | 29 -
arch/arm64/boot/dts/mediatek/mt8173-evb.dts | 25 -
arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi-damu.dts | 4
arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi-kenzo.dts | 15
arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi-willow.dtsi | 15
arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi.dtsi | 2
arch/arm64/boot/dts/mediatek/mt8183.dtsi | 3
arch/arm64/boot/dts/mediatek/mt8186.dtsi | 8
arch/arm64/boot/dts/mediatek/mt8188.dtsi | 2
arch/arm64/boot/dts/mediatek/mt8192-asurada.dtsi | 3
arch/arm64/boot/dts/mediatek/mt8195-cherry.dtsi | 2
arch/arm64/boot/dts/mediatek/mt8195-demo.dts | 9
arch/arm64/boot/dts/mediatek/mt8195.dtsi | 5
arch/arm64/boot/dts/mediatek/mt8365.dtsi | 3
arch/arm64/boot/dts/mediatek/mt8395-genio-1200-evk.dts | 2
arch/arm64/boot/dts/mediatek/mt8395-radxa-nio-12l.dts | 2
arch/arm64/boot/dts/mediatek/mt8516.dtsi | 11
arch/arm64/boot/dts/mediatek/pumpkin-common.dtsi | 2
arch/arm64/boot/dts/nvidia/tegra234.dtsi | 2
arch/arm64/boot/dts/qcom/msm8916.dtsi | 2
arch/arm64/boot/dts/qcom/msm8939.dtsi | 2
arch/arm64/boot/dts/qcom/msm8994.dtsi | 11
arch/arm64/boot/dts/qcom/msm8996-xiaomi-gemini.dts | 2
arch/arm64/boot/dts/qcom/msm8996.dtsi | 9
arch/arm64/boot/dts/qcom/qcm6490-shift-otter.dts | 2
arch/arm64/boot/dts/qcom/qcs404.dtsi | 2
arch/arm64/boot/dts/qcom/qcs8550-aim300.dtsi | 2
arch/arm64/boot/dts/qcom/qdu1000-idp.dts | 2
arch/arm64/boot/dts/qcom/qrb4210-rb2.dts | 2
arch/arm64/boot/dts/qcom/qru1000-idp.dts | 2
arch/arm64/boot/dts/qcom/sa8775p-ride.dtsi | 2
arch/arm64/boot/dts/qcom/sa8775p.dtsi | 32 +
arch/arm64/boot/dts/qcom/sc7180-trogdor-pompom.dtsi | 4
arch/arm64/boot/dts/qcom/sc7180-trogdor-quackingstick.dtsi | 1
arch/arm64/boot/dts/qcom/sc7180.dtsi | 18 -
arch/arm64/boot/dts/qcom/sc7280.dtsi | 2
arch/arm64/boot/dts/qcom/sc8280xp.dtsi | 46 +-
arch/arm64/boot/dts/qcom/sdm845-db845c-navigation-mezzanine.dtso | 42 --
arch/arm64/boot/dts/qcom/sdm845.dtsi | 20 -
arch/arm64/boot/dts/qcom/sdx75.dtsi | 2
arch/arm64/boot/dts/qcom/sm4450.dtsi | 2
arch/arm64/boot/dts/qcom/sm6125.dtsi | 2
arch/arm64/boot/dts/qcom/sm6375.dtsi | 2
arch/arm64/boot/dts/qcom/sm7225-fairphone-fp4.dts | 2
arch/arm64/boot/dts/qcom/sm8150-microsoft-surface-duo.dts | 4
arch/arm64/boot/dts/qcom/sm8250.dtsi | 30 -
arch/arm64/boot/dts/qcom/sm8350.dtsi | 2
arch/arm64/boot/dts/qcom/sm8450.dtsi | 2
arch/arm64/boot/dts/qcom/sm8550-hdk.dts | 2
arch/arm64/boot/dts/qcom/sm8550-mtp.dts | 2
arch/arm64/boot/dts/qcom/sm8550-qrd.dts | 2
arch/arm64/boot/dts/qcom/sm8550-samsung-q5q.dts | 2
arch/arm64/boot/dts/qcom/sm8550-sony-xperia-yodo-pdx234.dts | 2
arch/arm64/boot/dts/qcom/sm8650-hdk.dts | 2
arch/arm64/boot/dts/qcom/sm8650-mtp.dts | 2
arch/arm64/boot/dts/qcom/sm8650-qrd.dts | 2
arch/arm64/boot/dts/qcom/sm8650.dtsi | 6
arch/arm64/boot/dts/qcom/x1e80100-microsoft-romulus.dtsi | 4
arch/arm64/boot/dts/qcom/x1e80100.dtsi | 2
arch/arm64/boot/dts/renesas/rzg3s-smarc-som.dtsi | 5
arch/arm64/boot/dts/renesas/rzg3s-smarc.dtsi | 7
arch/arm64/boot/dts/rockchip/rk3308-rock-s0.dts | 25 +
arch/arm64/boot/dts/rockchip/rk3568-wolfvision-pf5.dts | 2
arch/arm64/boot/dts/rockchip/rk3588-edgeble-neu6a-io.dtsi | 81 +++-
arch/arm64/boot/dts/ti/Makefile | 6
arch/arm64/boot/dts/ti/k3-am62-main.dtsi | 1
arch/arm64/boot/dts/ti/k3-am62a-main.dtsi | 1
arch/arm64/boot/dts/ti/k3-am642-hummingboard-t-pcie.dts | 47 ++
arch/arm64/boot/dts/ti/k3-am642-hummingboard-t-pcie.dtso | 45 --
arch/arm64/boot/dts/ti/k3-am642-hummingboard-t-usb3.dts | 47 ++
arch/arm64/boot/dts/ti/k3-am642-hummingboard-t-usb3.dtso | 44 --
arch/arm64/configs/defconfig | 1
arch/hexagon/include/asm/cmpxchg.h | 2
arch/hexagon/kernel/traps.c | 4
arch/loongarch/include/asm/hw_breakpoint.h | 4
arch/loongarch/include/asm/loongarch.h | 60 +++
arch/loongarch/kernel/hw_breakpoint.c | 16
arch/loongarch/power/platform.c | 2
arch/powerpc/include/asm/hugetlb.h | 9
arch/powerpc/kernel/iommu.c | 2
arch/powerpc/platforms/pseries/iommu.c | 12
arch/riscv/kernel/vector.c | 2
arch/s390/Kconfig | 1
arch/s390/Makefile | 2
arch/s390/boot/vmem.c | 74 ++--
arch/s390/include/asm/sclp.h | 1
arch/s390/kernel/perf_cpum_cf.c | 2
arch/s390/kernel/perf_pai_crypto.c | 2
arch/s390/kernel/perf_pai_ext.c | 2
arch/s390/kernel/setup.c | 5
arch/s390/purgatory/Makefile | 2
arch/x86/events/amd/ibs.c | 2
arch/x86/include/asm/kvm_host.h | 2
arch/x86/kernel/smpboot.c | 11
arch/x86/kvm/lapic.c | 11
arch/x86/kvm/vmx/vmx.c | 2
arch/x86/kvm/vmx/x86_ops.h | 2
block/bio-integrity.c | 15
block/blk-core.c | 21 -
block/blk-integrity.c | 4
block/blk-mq.c | 34 -
block/blk-mq.h | 6
block/blk-settings.c | 31 +
block/blk-sysfs.c | 137 +++----
block/blk-zoned.c | 7
block/genhd.c | 22 -
block/partitions/ldm.h | 2
crypto/algapi.c | 4
drivers/acpi/acpica/achware.h | 2
drivers/acpi/fan_core.c | 10
drivers/base/class.c | 9
drivers/block/nbd.c | 1
drivers/block/ps3disk.c | 4
drivers/block/virtio_blk.c | 4
drivers/bluetooth/btbcm.c | 3
drivers/bluetooth/btnxpuart.c | 3
drivers/bluetooth/btrtl.c | 4
drivers/bluetooth/btusb.c | 7
drivers/char/ipmi/ipmb_dev_int.c | 3
drivers/char/ipmi/ssif_bmc.c | 5
drivers/clk/analogbits/wrpll-cln28hpc.c | 2
drivers/clk/clk.c | 4
drivers/clk/imx/clk-imx8mp.c | 5
drivers/clk/imx/clk-imx93.c | 32 -
drivers/clk/mmp/clk-pxa1908-apbc.c | 4
drivers/clk/mmp/clk-pxa1908-apbcp.c | 4
drivers/clk/mmp/clk-pxa1908-mpmu.c | 4
drivers/clk/qcom/camcc-x1e80100.c | 7
drivers/clk/qcom/gcc-sdm845.c | 32 -
drivers/clk/qcom/gcc-x1e80100.c | 2
drivers/clk/ralink/clk-mtmips.c | 1
drivers/clk/renesas/renesas-cpg-mssr.c | 2
drivers/clk/sunxi-ng/ccu-sun50i-a64.c | 13
drivers/clk/thead/clk-th1520-ap.c | 13
drivers/cpufreq/acpi-cpufreq.c | 36 +-
drivers/cpufreq/amd-pstate.c | 2
drivers/cpufreq/qcom-cpufreq-hw.c | 34 +
drivers/crypto/caam/blob_gen.c | 3
drivers/crypto/hisilicon/sec2/sec.h | 3
drivers/crypto/hisilicon/sec2/sec_crypto.c | 161 ++++-----
drivers/crypto/hisilicon/sec2/sec_crypto.h | 11
drivers/crypto/intel/iaa/iaa_crypto_main.c | 2
drivers/crypto/intel/ixp4xx/ixp4xx_crypto.c | 3
drivers/crypto/tegra/tegra-se-aes.c | 7
drivers/crypto/tegra/tegra-se-hash.c | 7
drivers/dma/ti/edma.c | 3
drivers/firewire/device-attribute-test.c | 2
drivers/firmware/efi/sysfb_efi.c | 2
drivers/firmware/qcom/qcom_scm.c | 42 +-
drivers/gpio/gpio-mxc.c | 3
drivers/gpio/gpio-pca953x.c | 3
drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gfx_v9.c | 6
drivers/gpu/drm/amd/amdgpu/amdgpu_gfx.c | 8
drivers/gpu/drm/amd/amdgpu/amdgpu_sdma.c | 4
drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 1
drivers/gpu/drm/amd/amdgpu/vcn_v4_0_3.c | 2
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 12
drivers/gpu/drm/amd/display/dc/dpp/dcn10/dcn10_dpp.c | 3
drivers/gpu/drm/amd/display/dc/hubp/dcn10/dcn10_hubp.c | 10
drivers/gpu/drm/amd/display/dc/hubp/dcn10/dcn10_hubp.h | 2
drivers/gpu/drm/amd/display/dc/hubp/dcn20/dcn20_hubp.c | 1
drivers/gpu/drm/amd/display/dc/hubp/dcn201/dcn201_hubp.c | 1
drivers/gpu/drm/amd/display/dc/hubp/dcn21/dcn21_hubp.c | 3
drivers/gpu/drm/amd/display/dc/hubp/dcn30/dcn30_hubp.c | 3
drivers/gpu/drm/amd/display/dc/hubp/dcn31/dcn31_hubp.c | 1
drivers/gpu/drm/amd/display/dc/hubp/dcn32/dcn32_hubp.c | 1
drivers/gpu/drm/amd/display/dc/hubp/dcn35/dcn35_hubp.c | 1
drivers/gpu/drm/amd/display/dc/hubp/dcn401/dcn401_hubp.c | 3
drivers/gpu/drm/amd/display/dc/hwss/dcn10/dcn10_hwseq.c | 2
drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c | 2
drivers/gpu/drm/amd/display/dc/inc/hw/hubp.h | 2
drivers/gpu/drm/amd/pm/powerplay/hwmgr/ppatomctrl.c | 2
drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega10_powertune.c | 5
drivers/gpu/drm/bridge/ite-it6505.c | 2
drivers/gpu/drm/display/drm_hdmi_state_helper.c | 8
drivers/gpu/drm/etnaviv/etnaviv_gem.c | 16
drivers/gpu/drm/i915/display/intel_crt.c | 10
drivers/gpu/drm/msm/adreno/a6xx_gmu.c | 8
drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_10_0_sm8650.h | 2
drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_4_1_sdm670.h | 54 ++-
drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_5_0_sm8150.h | 2
drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_5_1_sc8180x.h | 2
drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_6_0_sm8250.h | 2
drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_7_0_sm8350.h | 2
drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_9_0_sm8550.h | 2
drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_9_2_x1e80100.h | 2
drivers/gpu/drm/msm/disp/dpu1/dpu_plane.c | 15
drivers/gpu/drm/msm/disp/mdp4/mdp4_lcdc_encoder.c | 2
drivers/gpu/drm/msm/dp/dp_audio.c | 2
drivers/gpu/drm/msm/dp/dp_catalog.c | 1
drivers/gpu/drm/msm/dp/dp_ctrl.c | 2
drivers/gpu/drm/msm/dp/dp_utils.c | 10
drivers/gpu/drm/msm/dp/dp_utils.h | 2
drivers/gpu/drm/msm/hdmi/hdmi_phy_8998.c | 2
drivers/gpu/drm/msm/msm_kms.c | 1
drivers/gpu/drm/panthor/panthor_device.c | 4
drivers/gpu/drm/rockchip/rockchip_drm_vop2.c | 115 +++++-
drivers/gpu/drm/rockchip/rockchip_drm_vop2.h | 10
drivers/gpu/drm/rockchip/rockchip_vop2_reg.c | 26 +
drivers/gpu/drm/v3d/v3d_debugfs.c | 4
drivers/gpu/drm/v3d/v3d_perfmon.c | 15
drivers/gpu/drm/v3d/v3d_regs.h | 29 -
drivers/hid/hid-core.c | 2
drivers/hid/hid-input.c | 37 --
drivers/hid/hid-multitouch.c | 2
drivers/hid/hid-thrustmaster.c | 8
drivers/hwmon/Kconfig | 4
drivers/hwmon/nct6775-core.c | 6
drivers/i2c/busses/i2c-designware-common.c | 5
drivers/i2c/busses/i2c-designware-master.c | 5
drivers/i2c/busses/i2c-designware-slave.c | 5
drivers/i3c/master/dw-i3c-master.c | 1
drivers/infiniband/hw/Makefile | 2
drivers/infiniband/hw/bnxt_re/ib_verbs.c | 7
drivers/infiniband/hw/cxgb4/device.c | 6
drivers/infiniband/hw/cxgb4/qp.c | 8
drivers/infiniband/hw/hns/Kconfig | 20 -
drivers/infiniband/hw/hns/Makefile | 9
drivers/infiniband/hw/mlx4/main.c | 8
drivers/infiniband/hw/mlx5/odp.c | 62 ++-
drivers/infiniband/sw/rxe/rxe_param.h | 2
drivers/infiniband/sw/rxe/rxe_pool.c | 11
drivers/infiniband/sw/rxe/rxe_verbs.c | 5
drivers/infiniband/ulp/rtrs/rtrs.c | 3
drivers/infiniband/ulp/srp/ib_srp.c | 1
drivers/iommu/amd/amd_iommu.h | 5
drivers/iommu/amd/init.c | 14
drivers/iommu/amd/iommu.c | 132 ++-----
drivers/iommu/amd/pasid.c | 3
drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 17
drivers/iommu/intel/pasid.c | 22 +
drivers/iommu/intel/pasid.h | 6
drivers/iommu/iommufd/iova_bitmap.c | 2
drivers/iommu/iommufd/main.c | 2
drivers/iommu/riscv/iommu.c | 2
drivers/leds/leds-cht-wcove.c | 6
drivers/leds/leds-netxbig.c | 1
drivers/mailbox/mailbox-mpfs.c | 2
drivers/mailbox/mailbox-th1520.c | 6
drivers/md/md-bitmap.c | 79 ++--
drivers/md/md-bitmap.h | 7
drivers/md/md.c | 34 +
drivers/md/md.h | 5
drivers/md/raid1.c | 34 -
drivers/md/raid1.h | 1
drivers/md/raid10.c | 26 -
drivers/md/raid10.h | 1
drivers/md/raid5-cache.c | 4
drivers/md/raid5.c | 111 +++---
drivers/md/raid5.h | 4
drivers/media/i2c/imx290.c | 3
drivers/media/i2c/imx412.c | 42 +-
drivers/media/i2c/ov9282.c | 2
drivers/media/platform/marvell/mcam-core.c | 7
drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c | 7
drivers/media/platform/nxp/imx8-isi/imx8-isi-video.c | 3
drivers/media/platform/samsung/exynos4-is/mipi-csis.c | 10
drivers/media/platform/samsung/s3c-camif/camif-core.c | 13
drivers/media/rc/iguanair.c | 4
drivers/media/usb/dvb-usb-v2/af9035.c | 18 -
drivers/media/usb/dvb-usb-v2/lmedm04.c | 12
drivers/media/usb/uvc/uvc_queue.c | 3
drivers/media/usb/uvc/uvc_status.c | 4
drivers/memory/tegra/tegra20-emc.c | 8
drivers/mfd/syscon.c | 19 -
drivers/misc/cardreader/rtsx_usb.c | 15
drivers/mtd/hyperbus/hbmc-am654.c | 19 -
drivers/mtd/nand/raw/brcmnand/brcmnand.c | 5
drivers/mtd/ubi/ubi.h | 2
drivers/mtd/ubi/wl.c | 21 -
drivers/net/bonding/bond_main.c | 19 -
drivers/net/ethernet/broadcom/bgmac.h | 3
drivers/net/ethernet/davicom/dm9000.c | 3
drivers/net/ethernet/freescale/fec_main.c | 31 +
drivers/net/ethernet/hisilicon/hns3/hnae3.c | 15
drivers/net/ethernet/hisilicon/hns3/hnae3.h | 2
drivers/net/ethernet/hisilicon/hns3/hns3_enet.c | 2
drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 2
drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 2
drivers/net/ethernet/intel/iavf/iavf_main.c | 19 -
drivers/net/ethernet/intel/ice/ice_adminq_cmd.h | 1
drivers/net/ethernet/intel/ice/ice_ethtool.c | 1
drivers/net/ethernet/intel/ice/ice_ethtool.h | 1
drivers/net/ethernet/intel/ice/ice_parser.h | 6
drivers/net/ethernet/intel/ice/ice_parser_rt.c | 12
drivers/net/ethernet/intel/idpf/idpf_controlq.c | 6
drivers/net/ethernet/intel/idpf/idpf_main.c | 15
drivers/net/ethernet/intel/idpf/idpf_virtchnl.c | 14
drivers/net/ethernet/marvell/octeon_ep/octep_main.c | 10
drivers/net/ethernet/marvell/octeon_ep_vf/octep_vf_main.c | 8
drivers/net/ethernet/mediatek/airoha_eth.c | 37 +-
drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 2
drivers/net/ethernet/mellanox/mlx5/core/steering/hws/definer.c | 2
drivers/net/ethernet/mellanox/mlxfw/mlxfw_fsm.c | 2
drivers/net/ethernet/mellanox/mlxsw/spectrum_mr.c | 8
drivers/net/ethernet/renesas/ravb_main.c | 22 -
drivers/net/ethernet/renesas/sh_eth.c | 4
drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 30 +
drivers/net/ethernet/ti/am65-cpsw-nuss.c | 2
drivers/net/netdevsim/netdevsim.h | 1
drivers/net/netdevsim/udp_tunnels.c | 23 -
drivers/net/phy/marvell-88q2xxx.c | 33 +
drivers/net/phy/realtek.c | 29 -
drivers/net/tap.c | 6
drivers/net/team/team_core.c | 7
drivers/net/tun.c | 6
drivers/net/usb/rtl8150.c | 22 +
drivers/net/vxlan/vxlan_vnifilter.c | 5
drivers/net/wireless/ath/ath11k/dp_rx.c | 1
drivers/net/wireless/ath/ath11k/hal_rx.c | 3
drivers/net/wireless/ath/ath12k/mac.c | 42 +-
drivers/net/wireless/ath/wcn36xx/main.c | 5
drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwil.h | 2
drivers/net/wireless/intel/iwlwifi/fw/uefi.c | 44 +-
drivers/net/wireless/intel/iwlwifi/mvm/coex.c | 9
drivers/net/wireless/intel/iwlwifi/mvm/d3.c | 18 -
drivers/net/wireless/intel/iwlwifi/mvm/tx.c | 4
drivers/net/wireless/mediatek/mt76/mac80211.c | 2
drivers/net/wireless/mediatek/mt76/mt7615/mcu.c | 2
drivers/net/wireless/mediatek/mt76/mt76_connac_mcu.c | 2
drivers/net/wireless/mediatek/mt76/mt76_connac_mcu.h | 1
drivers/net/wireless/mediatek/mt76/mt7915/init.c | 2
drivers/net/wireless/mediatek/mt76/mt7915/mac.c | 7
drivers/net/wireless/mediatek/mt76/mt7915/main.c | 9
drivers/net/wireless/mediatek/mt76/mt7915/mmio.c | 2
drivers/net/wireless/mediatek/mt76/mt7915/mt7915.h | 1
drivers/net/wireless/mediatek/mt76/mt7915/pci.c | 1
drivers/net/wireless/mediatek/mt76/mt7921/mac.c | 1
drivers/net/wireless/mediatek/mt76/mt7921/main.c | 9
drivers/net/wireless/mediatek/mt76/mt7925/mac.c | 6
drivers/net/wireless/mediatek/mt76/mt7925/main.c | 109 ++++--
drivers/net/wireless/mediatek/mt76/mt7925/mcu.c | 142 +++++---
drivers/net/wireless/mediatek/mt76/mt7925/mcu.h | 5
drivers/net/wireless/mediatek/mt76/mt7925/mt7925.h | 2
drivers/net/wireless/mediatek/mt76/mt792x.h | 7
drivers/net/wireless/mediatek/mt76/mt792x_core.c | 3
drivers/net/wireless/mediatek/mt76/mt792x_mac.c | 2
drivers/net/wireless/mediatek/mt76/mt7996/init.c | 20 -
drivers/net/wireless/mediatek/mt76/mt7996/mac.c | 5
drivers/net/wireless/mediatek/mt76/mt7996/main.c | 3
drivers/net/wireless/mediatek/mt76/mt7996/mcu.c | 47 +-
drivers/net/wireless/mediatek/mt76/mt7996/mmio.c | 2
drivers/net/wireless/mediatek/mt76/usb.c | 4
drivers/net/wireless/microchip/wilc1000/netdev.c | 2
drivers/net/wireless/microchip/wilc1000/sdio.c | 9
drivers/net/wireless/microchip/wilc1000/spi.c | 9
drivers/net/wireless/realtek/rtlwifi/base.c | 13
drivers/net/wireless/realtek/rtlwifi/base.h | 1
drivers/net/wireless/realtek/rtlwifi/pci.c | 61 ---
drivers/net/wireless/realtek/rtlwifi/rtl8192se/sw.c | 7
drivers/net/wireless/realtek/rtlwifi/rtl8821ae/phy.c | 4
drivers/net/wireless/realtek/rtlwifi/usb.c | 12
drivers/net/wireless/realtek/rtlwifi/wifi.h | 12
drivers/net/wireless/realtek/rtw89/chan.c | 31 +
drivers/net/wireless/realtek/rtw89/chan.h | 9
drivers/net/wireless/realtek/rtw89/core.c | 11
drivers/net/wireless/realtek/rtw89/core.h | 3
drivers/net/wireless/realtek/rtw89/fw.c | 40 +-
drivers/net/wireless/realtek/rtw89/mac80211.c | 12
drivers/net/wireless/ti/wlcore/main.c | 10
drivers/nvme/host/core.c | 34 +
drivers/nvme/host/tcp.c | 70 +++
drivers/of/fdt.c | 10
drivers/of/of_reserved_mem.c | 3
drivers/of/property.c | 2
drivers/opp/core.c | 57 ++-
drivers/opp/of.c | 4
drivers/pci/controller/dwc/pci-imx6.c | 30 -
drivers/pci/controller/dwc/pcie-designware-host.c | 1
drivers/pci/controller/dwc/pcie-qcom.c | 2
drivers/pci/controller/pcie-rcar-ep.c | 2
drivers/pci/controller/pcie-rockchip-ep.c | 5
drivers/pci/controller/plda/pcie-microchip-host.c | 96 +++++
drivers/pci/controller/plda/pcie-plda-host.c | 17
drivers/pci/controller/plda/pcie-plda.h | 6
drivers/pci/endpoint/functions/pci-epf-test.c | 6
drivers/pci/endpoint/pci-epc-core.c | 2
drivers/pinctrl/nomadik/pinctrl-nomadik.c | 35 +
drivers/pinctrl/pinctrl-amd.c | 27 +
drivers/pinctrl/pinctrl-amd.h | 7
drivers/pinctrl/samsung/pinctrl-exynos.c | 3
drivers/pinctrl/stm32/pinctrl-stm32.c | 76 ++--
drivers/platform/mellanox/mlxbf-pmc.c | 6
drivers/platform/x86/x86-android-tablets/core.c | 4
drivers/platform/x86/x86-android-tablets/lenovo.c | 4
drivers/platform/x86/x86-android-tablets/other.c | 4
drivers/pps/clients/pps-gpio.c | 4
drivers/pps/clients/pps-ktimer.c | 4
drivers/pps/clients/pps-ldisc.c | 6
drivers/pps/clients/pps_parport.c | 4
drivers/pps/kapi.c | 10
drivers/pps/kc.c | 10
drivers/pps/pps.c | 127 +++----
drivers/ptp/ptp_chardev.c | 4
drivers/ptp/ptp_ocp.c | 2
drivers/pwm/core.c | 13
drivers/pwm/pwm-stm32-lp.c | 8
drivers/pwm/pwm-stm32.c | 7
drivers/regulator/core.c | 2
drivers/regulator/of_regulator.c | 14
drivers/remoteproc/mtk_scp.c | 12
drivers/remoteproc/remoteproc_core.c | 14
drivers/rtc/rtc-loongson.c | 13
drivers/rtc/rtc-pcf85063.c | 11
drivers/rtc/rtc-tps6594.c | 2
drivers/s390/char/sclp.c | 12
drivers/scsi/mpi3mr/mpi3mr_app.c | 8
drivers/scsi/mpt3sas/mpt3sas_base.c | 3
drivers/scsi/sd.c | 17
drivers/scsi/sr.c | 5
drivers/soc/atmel/soc.c | 2
drivers/spi/spi-omap2-mcspi.c | 11
drivers/spi/spi-zynq-qspi.c | 13
drivers/staging/media/imx/imx-media-of.c | 8
drivers/staging/media/max96712/max96712.c | 4
drivers/tty/mips_ejtag_fdc.c | 4
drivers/tty/serial/8250/8250_port.c | 32 +
drivers/ufs/core/ufs_bsg.c | 1
drivers/usb/dwc3/core.c | 35 +
drivers/usb/dwc3/dwc3-am62.c | 1
drivers/usb/gadget/function/f_tcm.c | 14
drivers/usb/host/xhci-ring.c | 3
drivers/usb/typec/tcpm/tcpci.c | 13
drivers/usb/typec/tcpm/tcpm.c | 10
drivers/video/fbdev/omap2/omapfb/dss/dss-of.c | 1
drivers/watchdog/rti_wdt.c | 1
fs/afs/dir.c | 7
fs/afs/internal.h | 9
fs/afs/rxrpc.c | 12
fs/afs/xdr_fs.h | 2
fs/afs/yfsclient.c | 5
fs/btrfs/inode.c | 158 ++++++--
fs/btrfs/qgroup.c | 21 -
fs/btrfs/subpage.c | 6
fs/btrfs/subpage.h | 13
fs/btrfs/super.c | 2
fs/dlm/lock.c | 46 +-
fs/dlm/lowcomms.c | 3
fs/erofs/zdata.c | 3
fs/f2fs/dir.c | 53 ++
fs/f2fs/f2fs.h | 6
fs/f2fs/inline.c | 5
fs/file_table.c | 2
fs/hostfs/hostfs_kern.c | 27 -
fs/nfs/localio.c | 4
fs/nfs/nfs42proc.c | 2
fs/nfs/nfs42xdr.c | 2
fs/nfs_common/common.c | 89 ++++-
fs/nilfs2/dir.c | 13
fs/nilfs2/namei.c | 29 -
fs/nilfs2/nilfs.h | 4
fs/nilfs2/page.c | 31 +
fs/nilfs2/segment.c | 4
fs/ocfs2/quota_global.c | 5
fs/pstore/blk.c | 4
fs/select.c | 4
fs/smb/client/cifsacl.c | 25 -
fs/smb/client/cifsproto.h | 2
fs/smb/client/cifssmb.c | 4
fs/smb/client/readdir.c | 2
fs/smb/client/reparse.c | 22 +
fs/smb/client/smb2ops.c | 3
fs/ubifs/debug.c | 22 -
fs/xfs/xfs_buf.c | 3
fs/xfs/xfs_buf_item_recover.c | 11
fs/xfs/xfs_dquot.c | 12
fs/xfs/xfs_notify_failure.c | 121 ++++--
fs/xfs/xfs_qm_bhv.c | 27 -
include/acpi/acpixf.h | 1
include/dt-bindings/clock/imx93-clock.h | 1
include/linux/alloc_tag.h | 11
include/linux/blkdev.h | 23 -
include/linux/btf.h | 5
include/linux/coredump.h | 4
include/linux/hid.h | 1
include/linux/ieee80211.h | 11
include/linux/kallsyms.h | 2
include/linux/mroute_base.h | 6
include/linux/netdevice.h | 2
include/linux/nfs_common.h | 3
include/linux/perf_event.h | 6
include/linux/pps_kernel.h | 3
include/linux/ptr_ring.h | 21 -
include/linux/pwm.h | 17
include/linux/sched.h | 1
include/linux/skb_array.h | 17
include/linux/usb/tcpm.h | 3
include/net/ax25.h | 10
include/net/inetpeer.h | 12
include/net/netfilter/nf_tables.h | 6
include/net/page_pool/types.h | 1
include/net/pkt_cls.h | 13
include/net/sch_generic.h | 5
include/net/xfrm.h | 16
include/sound/hdaudio_ext.h | 45 --
include/trace/events/afs.h | 2
include/trace/events/rxrpc.h | 25 +
io_uring/io_uring.c | 1
io_uring/msg_ring.c | 4
io_uring/register.c | 2
io_uring/uring_cmd.c | 2
kernel/bpf/arena.c | 8
kernel/bpf/bpf_local_storage.c | 8
kernel/bpf/bpf_struct_ops.c | 21 +
kernel/bpf/btf.c | 5
kernel/bpf/helpers.c | 18 -
kernel/events/core.c | 35 +
kernel/events/uprobes.c | 4
kernel/fork.c | 17
kernel/irq/internals.h | 9
kernel/module/main.c | 7
kernel/padata.c | 45 ++
kernel/power/hibernate.c | 7
kernel/printk/internal.h | 6
kernel/printk/printk.c | 5
kernel/printk/printk_safe.c | 7
kernel/sched/core.c | 6
kernel/sched/cpufreq_schedutil.c | 4
kernel/sched/ext.c | 114 ++++--
kernel/sched/fair.c | 21 -
kernel/sched/features.h | 9
kernel/sched/stats.h | 4
kernel/sched/syscalls.c | 2
kernel/trace/bpf_trace.c | 13
lib/alloc_tag.c | 2
lib/rhashtable.c | 12
mm/memcontrol.c | 7
mm/oom_kill.c | 8
net/ax25/af_ax25.c | 12
net/ax25/ax25_dev.c | 4
net/ax25/ax25_ip.c | 3
net/ax25/ax25_out.c | 22 -
net/ax25/ax25_route.c | 2
net/core/dev.c | 23 -
net/core/filter.c | 2
net/core/page_pool.c | 2
net/core/page_pool_priv.h | 2
net/core/page_pool_user.c | 15
net/core/sysctl_net_core.c | 5
net/ethtool/ioctl.c | 2
net/ethtool/netlink.c | 2
net/hsr/hsr_forward.c | 7
net/ipv4/icmp.c | 9
net/ipv4/inetpeer.c | 31 -
net/ipv4/ip_fragment.c | 15
net/ipv4/ipmr.c | 28 -
net/ipv4/ipmr_base.c | 9
net/ipv4/route.c | 17
net/ipv4/tcp_cubic.c | 8
net/ipv4/tcp_output.c | 9
net/ipv4/udp.c | 56 +++
net/ipv6/icmp.c | 6
net/ipv6/ip6_output.c | 6
net/ipv6/ip6mr.c | 28 -
net/ipv6/ndisc.c | 8
net/ipv6/udp.c | 50 ++
net/mac80211/debugfs_netdev.c | 2
net/mac80211/driver-ops.h | 3
net/mac80211/rx.c | 1
net/mptcp/ctrl.c | 4
net/mptcp/options.c | 13
net/mptcp/pm_netlink.c | 3
net/mptcp/protocol.c | 4
net/mptcp/protocol.h | 30 -
net/ncsi/ncsi-rsp.c | 18 -
net/netfilter/nf_tables_api.c | 57 ++-
net/netfilter/nft_flow_offload.c | 16
net/netfilter/nft_set_rbtree.c | 43 ++
net/rose/af_rose.c | 16
net/rose/rose_timer.c | 15
net/rxrpc/conn_event.c | 12
net/rxrpc/peer_event.c | 16
net/rxrpc/peer_object.c | 12
net/sched/cls_api.c | 57 +--
net/sched/cls_bpf.c | 2
net/sched/cls_flower.c | 2
net/sched/cls_matchall.c | 2
net/sched/cls_u32.c | 4
net/sched/sch_api.c | 4
net/sched/sch_generic.c | 4
net/sched/sch_sfq.c | 4
net/smc/af_smc.c | 2
net/smc/smc_rx.c | 37 +-
net/smc/smc_rx.h | 8
net/sunrpc/svcsock.c | 12
net/vmw_vsock/af_vsock.c | 5
net/wireless/scan.c | 7
net/wireless/tests/scan.c | 2
net/xfrm/xfrm_replay.c | 10
net/xfrm/xfrm_state.c | 93 ++++-
samples/landlock/sandboxer.c | 7
scripts/Makefile.build | 2
scripts/Makefile.lib | 10
scripts/Makefile.modinst | 2
scripts/genksyms/genksyms.c | 11
scripts/genksyms/genksyms.h | 2
scripts/genksyms/parse.y | 18 -
scripts/kconfig/confdata.c | 6
scripts/kconfig/symbol.c | 1
security/landlock/fs.c | 11
sound/core/seq/Kconfig | 4
sound/pci/hda/patch_realtek.c | 1
sound/soc/amd/acp/acp-i2s.c | 1
sound/soc/codecs/Makefile | 8
sound/soc/codecs/da7213.c | 2
sound/soc/intel/avs/apl.c | 3
sound/soc/intel/avs/cnl.c | 1
sound/soc/intel/avs/core.c | 14
sound/soc/intel/avs/loader.c | 2
sound/soc/intel/avs/registers.h | 45 ++
sound/soc/intel/avs/skl.c | 1
sound/soc/intel/avs/topology.c | 4
sound/soc/intel/boards/sof_sdw.c | 47 +-
sound/soc/mediatek/mt8365/Makefile | 2
sound/soc/renesas/rz-ssi.c | 3
sound/soc/rockchip/rockchip_i2s_tdm.c | 31 +
sound/soc/sdca/Makefile | 2
sound/soc/sunxi/sun4i-spdif.c | 7
sound/usb/quirks.c | 2
tools/bootconfig/main.c | 4
tools/build/Makefile.feature | 7
tools/build/feature/test-all.c | 5
tools/include/uapi/linux/if_xdp.h | 4
tools/lib/bpf/btf.c | 1
tools/lib/bpf/btf_relocate.c | 2
tools/lib/bpf/linker.c | 22 -
tools/lib/bpf/usdt.c | 2
tools/net/ynl/lib/ynl.c | 2
tools/perf/MANIFEST | 1
tools/perf/Makefile.config | 83 ++--
tools/perf/builtin-inject.c | 8
tools/perf/builtin-lock.c | 66 ++-
tools/perf/builtin-report.c | 2
tools/perf/builtin-top.c | 2
tools/perf/builtin-trace.c | 6
tools/perf/tests/shell/lib/perf_json_output_lint.py | 14
tools/perf/tests/shell/stat.sh | 6
tools/perf/tests/shell/trace_btf_enum.sh | 8
tools/perf/util/annotate.c | 76 ++++
tools/perf/util/annotate.h | 15
tools/perf/util/bpf-event.c | 10
tools/perf/util/bpf_skel/augmented_raw_syscalls.bpf.c | 11
tools/perf/util/disasm.c | 83 ----
tools/perf/util/env.c | 13
tools/perf/util/env.h | 4
tools/perf/util/expr.c | 5
tools/perf/util/header.c | 8
tools/perf/util/machine.c | 2
tools/perf/util/maps.c | 7
tools/perf/util/namespaces.c | 7
tools/perf/util/namespaces.h | 3
tools/perf/util/stat-display.c | 177 +++++-----
tools/perf/util/symbol.c | 9
tools/power/cpupower/utils/idle_monitor/mperf_monitor.c | 15
tools/power/x86/turbostat/turbostat.c | 58 +++
tools/testing/ktest/ktest.pl | 7
tools/testing/selftests/bpf/Makefile | 4
tools/testing/selftests/bpf/prog_tests/btf_distill.c | 4
tools/testing/selftests/bpf/prog_tests/fill_link_info.c | 4
tools/testing/selftests/bpf/progs/test_fill_link_info.c | 13
tools/testing/selftests/bpf/test_tc_tunnel.sh | 1
tools/testing/selftests/bpf/veristat.c | 1
tools/testing/selftests/bpf/xdp_hw_metadata.c | 2
tools/testing/selftests/drivers/net/netdevsim/udp_tunnel_nic.sh | 16
tools/testing/selftests/ftrace/test.d/00basic/mount_options.tc | 8
tools/testing/selftests/kselftest/ktap_helpers.sh | 2
tools/testing/selftests/kselftest_harness.h | 24 -
tools/testing/selftests/landlock/Makefile | 4
tools/testing/selftests/landlock/fs_test.c | 3
tools/testing/selftests/mm/Makefile | 9
tools/testing/selftests/net/lib/Makefile | 2
tools/testing/selftests/net/mptcp/Makefile | 2
tools/testing/selftests/net/openvswitch/Makefile | 2
tools/testing/selftests/powerpc/benchmarks/gettimeofday.c | 2
tools/testing/selftests/rseq/rseq.c | 32 +
tools/testing/selftests/rseq/rseq.h | 9
tools/testing/selftests/timers/clocksource-switch.c | 6
701 files changed, 5743 insertions(+), 3312 deletions(-)
Aaro Koskinen (1):
ARM: omap1: Fix up the Retu IRQ on Nokia 770
Abel Vesa (1):
clk: qcom: gcc-x1e80100: Do not turn off usb_2 controller GDSC
Abhinav Kumar (4):
drm/msm/dp: do not touch the MMSS_DP_INTF_CONFIG for tpg
drm/msm/dp: dont call dp_catalog_ctrl_mainlink_ctrl in dp_ctrl_configure_source_params()
drm/msm/dp: disable the opp table request even for dp_ctrl_off_link()
drm/msm/dpu: check dpu_plane_atomic_print_state() for valid sspp
Aditya Kumar Singh (2):
wifi: ath12k: fix read pointer after free in ath12k_mac_assign_vif_to_vdev()
wifi: ath12k: fix key cache handling
Ahmad Fatoum (1):
gpio: mxc: remove dead code after switch to DT-only
Akhil R (1):
arm64: tegra: Fix DMA ID for SPI2
Al Viro (1):
hostfs: fix string handling in __dentry_name()
Alan Stern (1):
HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections
Alejandro Jimenez (1):
iommu/amd: Remove unused amd_iommu_domain_update()
Alexander Aring (2):
dlm: fix removal of rsb struct that is master and dir record
dlm: fix srcu_read_lock() return type to int
Alexander Stein (2):
ARM: dts: imx7-tqma7: add missing vs-supply for LM75A (rev. 01xxx)
regulator: core: Add missing newline character
Alexandre Cassen (1):
xfrm: delete intermediate secpath entry in packet offload mode
Alexis Lothoré (2):
wifi: wilc1000: unregister wiphy only if it has been registered
wifi: wilc1000: unregister wiphy only after netdev registration
Amadeusz Sławiński (1):
ASoC: Intel: avs: Fix init-config parsing
Amit Pundir (1):
clk: qcom: gcc-sdm845: Do not use shared clk_ops for QUPs
Andrea Righi (1):
sched_ext: Use the NUMA scheduling domain for NUMA optimizations
Andreas Kemnade (1):
wifi: wlcore: fix unbalanced pm_runtime calls
Andrii Nakryiko (1):
libbpf: don't adjust USDT semaphore address if .stapsdt.base addr is missing
Andy Strohman (1):
wifi: mac80211: fix tid removal during mesh forwarding
Andy Yan (7):
drm/rockchip: vop2: Fix cluster windows alpha ctrl regsiters offset
drm/rockchip: vop2: Fix the mixer alpha setup for layer 0
drm/rockchip: vop2: Fix the windows switch between different layers
drm/rockchip: vop2: Set AXI id for rk3588
drm/rockchip: vop2: Setup delay cycle for Esmart2/3
drm/rockchip: vop2: Check linear format for Cluster windows on rk3566/8
drm/rockchip: vop2: Add check for 32 bpp format for rk3588
Antoine Tenart (1):
net: avoid race between device unregistration and ethnl ops
Anumula Murali Mohan Reddy (1):
RDMA/cxgb4: Notify rdma stack for IB_EVENT_QP_LAST_WQE_REACHED event
Aric Cyr (1):
drm/amd/display: Add hubp cache reset when powergating
Arnaldo Carvalho de Melo (6):
tools features: Don't check for libunwind devel files by default
tools build: Remove the libunwind feature tests from the ones detected when test-all.o builds
perf top: Don't complain about lack of vmlinux when not resolving some kernel samples
perf namespaces: Introduce nsinfo__set_in_pidns()
perf namespaces: Fixup the nsinfo__in_pidns() return type, its bool
perf MANIFEST: Add arch/*/include/uapi/asm/bpf_perf_event.h to the perf tarball
Arnaud Pouliquen (2):
ARM: dts: stm32: Fix IPCC EXTI declaration on stm32mp151
remoteproc: core: Fix ida_free call while not allocated
Ba Jing (1):
ktest.pl: Remove unused declarations in run_bisect_test function
Balaji Pothunoori (1):
wifi: ath11k: Fix unexpected return buffer manager error for WCN6750/WCN6855
Bard Liao (1):
ASoC: Intel: sof_sdw: correct mach_params->dmic_num
Barnabás Czémán (1):
wifi: wcn36xx: fix channel survey memory allocation size
Benjamin Lin (2):
wifi: mt76: mt7996: fix incorrect indexing of MIB FW event
wifi: mt76: mt7996: fix definition of tx descriptor
Bo Gan (1):
clk: analogbits: Fix incorrect calculation of vco rate delta
Bokun Zhang (1):
drm/amdgpu/vcn: reset fw_shared under SRIOV
Boris Brezillon (1):
drm/panthor: Preserve the result returned by panthor_fw_resume()
Breno Leitao (1):
rhashtable: Fix potential deadlock by moving schedule_work outside lock
Bryan Brattlof (2):
arm64: dts: ti: k3-am62: Remove duplicate GICR reg
arm64: dts: ti: k3-am62a: Remove duplicate GICR reg
Bryan O'Donoghue (1):
clk: qcom: camcc-x1e80100: Set titan_top_gdsc as the parent GDSC of subordinate GDSCs
Calvin Owens (1):
pps: Fix a use-after-free
Cezary Rojewski (4):
ASoC: Intel: avs: Do not readq() u32 registers
ASoC: Intel: avs: Fix the minimum firmware version numbers
ASoC: Intel: avs: Fix theoretical infinite loop
ALSA: hda: Fix compilation of snd_hdac_adsp_xxx() helpers
Charles Han (4):
ipmi: ipmb: Add check devm_kasprintf() returned value
wifi: mt76: mt7925: fix NULL deref check in mt7925_change_vif_links
Bluetooth: btbcm: Fix NULL deref in btbcm_get_board_name()
firewire: test: Fix potential null dereference in firewire kunit test
Chen Ni (1):
media: lmedm04: Handle errors for lme2510_int_read
Chen Ridong (5):
crypto: tegra - do not transfer req when tegra init fails
padata: fix UAF in padata_reorder
padata: add pd get/put refcnt helper
padata: avoid UAF for reorder_work
memcg: fix soft lockup in the OOM process
Chen-Yu Tsai (12):
regulator: dt-bindings: mt6315: Drop regulator-compatible property
arm64: dts: mediatek: mt8173-evb: Drop regulator-compatible property
arm64: dts: mediatek: mt8173-elm: Drop regulator-compatible property
arm64: dts: mediatek: mt8192-asurada: Drop regulator-compatible property
arm64: dts: mediatek: mt8195-cherry: Drop regulator-compatible property
arm64: dts: mediatek: mt8195-demo: Drop regulator-compatible property
arm64: dts: medaitek: mt8395-nio-12l: Drop regulator-compatible property
arm64: dts: mediatek: mt8395-genio-1200-evk: Drop regulator-compatible property
arm64: dts: mediatek: mt8173-elm: Fix MT6397 PMIC sub-node names
arm64: dts: mediatek: mt8173-evb: Fix MT6397 PMIC sub-node names
arm64: dts: mediatek: mt8183-kukui-jacuzzi: Drop pp3300_panel voltage settings
remoteproc: mtk_scp: Only populate devices for SCP cores
Chengming Zhou (1):
psi: Fix race when task wakes up before psi_sched_switch() adjusts flags
Chenyuan Yang (1):
net: davicom: fix UAF in dm9000_drv_remove
Chih-Kang Chang (1):
wifi: rtw89: avoid to init mgnt_entry list twice when WoWLAN failed
Christian Marangi (1):
net: airoha: Fix wrong GDM4 register definition
Christoph Hellwig (7):
block: copy back bounce buffer to user-space correctly in case of split
block: check BLK_FEAT_POLL under q_usage_count
block: don't update BLK_FEAT_POLL in __blk_mq_update_nr_hw_queues
block: add a queue_limits_commit_update_frozen helper
block: add a store_limit operations for sysfs entries
block: fix queue freeze vs limits lock order in sysfs store methods
xfs: check for dead buffers in xfs_buf_find_insert
Christophe JAILLET (3):
drm/amd/pm: Fix an error handling path in vega10_enable_se_edc_force_stall_config()
wifi: mt76: mt7915: Fix an error handling path in mt7915_add_interface()
pinctrl: samsung: Fix irq handling if an error occurs in exynos_irq_demux_eint16_31()
Christophe Leroy (4):
select: Fix unbalanced user_access_end()
perf maps: Fix display of kernel symbols
perf machine: Don't ignore _etext when not a text symbol
module: Don't fail module loading when setting ro_after_init section RO failed
Chuck Lever (1):
Revert "SUNRPC: Reduce thread wake-up rate when receiving large RPC messages"
Chun-Tse Shao (1):
perf lock: Fix parse_lock_type which only retrieve one lock flag
Claudiu Beznea (3):
ASoC: renesas: rz-ssi: Use only the proper amount of dividers
arm64: dts: renesas: rzg3s-smarc: Fix the debug serial alias
ASoC: da7213: Initialize the mutex
Colin Ian King (1):
wifi: rtlwifi: rtl8821ae: phy: restore removed code to fix infinite loop
Cosmin Ratiu (1):
bonding: Correctly support GSO ESP offload
Cristian Birsan (2):
ARM: dts: microchip: sama5d29_curiosity: Add no-1-8-v property to sdmmc0 node
ARM: dts: microchip: sama5d27_wlsom1_ek: Add no-1-8-v property to sdmmc0 node
Daire McNamara (1):
PCI: microchip: Set inbound address translation for coherent or non-coherent mode
Damien Le Moal (1):
PCI: rockchip: Add missing fields descriptions for struct rockchip_pcie_ep
Dan Carpenter (11):
drm/amdgpu: Fix shift type in amdgpu_debugfs_sdma_sched_mask_set()
clk: mmp: pxa1908-mpmu: Fix a NULL vs IS_ERR() check
clk: mmp: pxa1908-apbcp: Fix a NULL vs IS_ERR() check
clk: mmp: pxa1908-apbc: Fix NULL vs IS_ERR() check
wifi: mt76: mt7925: fix off by one in mt7925_load_clc()
rdma/cxgb4: Prevent potential integer overflow on 32bit
mailbox: th1520: Fix a NULL vs IS_ERR() bug
mailbox: mpfs: fix copy and paste bug in probe
PCI: rockchip-ep: Fix error code in rockchip_pcie_ep_init_ob_mem()
rtc: tps6594: Fix integer overflow on 32bit systems
media: imx-jpeg: Fix potential error pointer dereference in detach_pm()
Daniel Baluta (1):
ASoC: amd: acp: Fix possible deadlock
Daniel Gabay (1):
wifi: iwlwifi: mvm: don't count mgmt frames as MPDU
Daniel Golle (3):
net: phy: realtek: clear 1000Base-T lpa if link is down
net: phy: realtek: clear master_slave_state if link is down
net: phy: realtek: always clear NBase-T lpa
Daniel Lee (1):
f2fs: Introduce linear search for dentries
Daniel Xu (1):
bpf: tcp: Mark bpf_load_hdr_opt() arg2 as read-write
Darrick J. Wong (3):
xfs: don't over-report free space or inodes in statvfs
xfs: release the dquot buf outside of qli_lock
xfs: don't shut down the filesystem for media failures beyond end of log
Dave Stevenson (2):
media: i2c: imx290: Register 0x3011 varies between imx327 and imx290
media: i2c: ov9282: Correct the exposure offset
David Howells (6):
afs: Fix EEXIST error returned from afs_rmdir() to be ENOTEMPTY
afs: Fix directory format encoding struct
afs: Fix cleanup of immediately failed async calls
afs: Fix the fallback handling for the YFS.RemoveFile2 RPC call
rxrpc: Fix handling of received connection abort
rxrpc, afs: Fix peer hash locking vs RCU callback
Derek Foreman (1):
drm/connector: Allow clearing HDMI infoframes
Desnes Nunes (1):
media: dvb-usb-v2: af9035: fix ISO C90 compilation error on af9035_i2c_master_xfer
Detlev Casanova (1):
ASoC: rockchip: i2s_tdm: Re-add the set_sysclk callback
Dheeraj Reddy Jonnalagadda (1):
net: fec: implement TSO descriptor cleanup
Dimitri Fedrau (1):
net: phy: marvell-88q2xxx: Fix temperature measurement with reset-gpios
Dmitry Antipov (1):
wifi: cfg80211: adjust allocation of colocated AP data
Dmitry Baryshkov (30):
drm/msm/dp: set safe_to_exit_level before printing it
drm/msm/dp: fix msm_dp_utils_pack_sdp_header interface
dt-bindings: display/msm: qcom,sa8775p-mdss: fix the example
drm/msm/dpu: provide DSPP and correct LM config for SDM670
drm/msm/dpu: link DSPP_2/_3 blocks on SM8150
drm/msm/dpu: link DSPP_2/_3 blocks on SC8180X
drm/msm/dpu: link DSPP_2/_3 blocks on SM8250
drm/msm/dpu: link DSPP_2/_3 blocks on SM8350
drm/msm/dpu: link DSPP_2/_3 blocks on SM8550
drm/msm/dpu: link DSPP_2/_3 blocks on SM8650
drm/msm/dpu: link DSPP_2/_3 blocks on X1E80100
drm/msm: don't clean up priv->kms prematurely
drm/msm/mdp4: correct LCDC regulator name
arm64: dts: qcom: msm8916: correct sleep clock frequency
arm64: dts: qcom: msm8939: correct sleep clock frequency
arm64: dts: qcom: msm8994: correct sleep clock frequency
arm64: dts: qcom: qcs404: correct sleep clock frequency
arm64: dts: qcom: q[dr]u1000: correct sleep clock frequency
arm64: dts: qcom: qrb4210-rb2: correct sleep clock frequency
arm64: dts: qcom: sc7280: correct sleep clock frequency
arm64: dts: qcom: sdx75: correct sleep clock frequency
arm64: dts: qcom: sm4450: correct sleep clock frequency
arm64: dts: qcom: sm6125: correct sleep clock frequency
arm64: dts: qcom: sm6375: correct sleep clock frequency
arm64: dts: qcom: sm8250: correct sleep clock frequency
arm64: dts: qcom: sm8350: correct sleep clock frequency
arm64: dts: qcom: sm8450: correct sleep clock frequency
arm64: dts: qcom: sm8550: correct sleep clock frequency
arm64: dts: qcom: sm8650: correct sleep clock frequency
arm64: dts: qcom: x1e80100: correct sleep clock frequency
Dmitry V. Levin (1):
selftests: harness: fix printing of mismatch values in __EXPECT()
Dmytro Maluka (1):
of/fdt: Restore possibility to use both ACPI and FDT from bootloader
Douglas Anderson (1):
Bluetooth: btusb: mediatek: Add locks for usb_driver_claim_interface()
Drew Fustini (3):
clk: thead: Fix clk gate registration to pass flags
clk: thead: Add CLK_IGNORE_UNUSED to fix TH1520 boot
clk: thead: Fix cpu2vp_clk for TH1520 AP_SUBSYS clocks
Emil Tantilov (2):
idpf: add read memory barrier when checking descriptor done bit
idpf: fix transaction timeouts on reset
Emmanuel Grumbach (1):
wifi: iwlwifi: mvm: remove unneeded NULL pointer checks
Eric Dumazet (10):
inetpeer: remove create argument of inet_getpeer_v[46]()
inetpeer: remove create argument of inet_getpeer()
inetpeer: update inetpeer timestamp in inet_getpeer()
inetpeer: do not get a refcount in inet_getpeer()
ptr_ring: do not block hard interrupts in ptr_ring_resize_multiple()
ax25: rcu protect dev->ax25_ptr
inet: ipmr: fix data-races
ipmr: do not call mr_mfc_uses_dev() for unres entries
net: rose: fix timer races against user threads
net: hsr: fix fill_frame_info() regression vs VLAN packets
Eric-SY Chang (1):
wifi: mt76: mt7925: fix wrong band_idx setting when enable sniffer mode
Eugen Hristev (1):
pstore/blk: trivial typo fixes
Felix Fietkau (4):
wifi: mt76: mt7996: fix rx filter setting for bfee functionality
wifi: mt76: only enable tx worker after setting the channel
wifi: mt76: mt7915: firmware restart on devices with a second pcie link
wifi: mt76: mt7915: fix omac index assignment after hardware reset
Florian Westphal (2):
netfilter: nft_flow_offload: update tcp state flags under lock
xfrm: state: fix out-of-bounds read during lookup
Frank Li (1):
PCI: imx6: Configure PHY based on Root Complex or Endpoint mode
Frank Wunderlich (1):
arm64: dts: mediatek: mt7988: Add missing clock-div property for i2c
Gal Pressman (1):
ethtool: Fix set RXNFC command with symmetric RSS hash
Gao Xiang (1):
erofs: fix potential return value overflow of z_erofs_shrink_scan()
Gaurav Batra (1):
powerpc/pseries/iommu: IOMMU incorrectly marks MMIO range in DDW
Gaurav Jain (1):
crypto: caam - use JobR's space to access page 0 regs
Gautham R. Shenoy (1):
cpufreq: ACPI: Fix max-frequency computation
Geert Uytterhoeven (3):
ps3disk: Do not use dev->bounce_size before it is set
dt-bindings: leds: class-multicolor: Fix path to color definitions
selftests: timers: clocksource-switch: Adapt progress to kselftest framework
George Lander (1):
ASoC: sun4i-spdif: Add clock multiplier settings
Greg Kroah-Hartman (1):
Linux 6.13.2
Guangguan Wang (1):
net/smc: fix data error when recvmsg with MSG_PEEK flag
Guixin Liu (2):
scsi: ufs: bsg: Delete bsg_dev when setting up bsg fails
scsi: mpi3mr: Fix possible crash when setting up bsg fails
Guo Ren (1):
iommu/riscv: Fixup compile warning
Hans de Goede (2):
platform/x86: x86-android-tablets: Add missing __init to get_i2c_adap_by_*()
platform/x86: x86-android-tablets: Make variables only used locally static
He Rongguang (1):
cpupower: fix TSC MHz calculation
Heiko Carstens (1):
s390/sclp: Initialize sclp subsystem via arch_cpu_finalize_init()
Heiko Stuebner (1):
drm/rockchip: vop2: fix rk3588 dp+dsi maxclk verification
Herbert Xu (2):
crypto: api - Fix boot-up self-test race
rhashtable: Fix rhashtable_try_insert test
Hermes Wu (1):
drm/bridge: it6505: Change definition of AUX_FIFO_MAX_SIZE
Hou Tao (1):
bpf: Cancel the running bpf_timer through kworker for PREEMPT_RT
Howard Chu (2):
perf trace: Fix BPF loading failure (-E2BIG)
perf trace: Fix runtime error of index out of bounds
Howard Hsu (2):
wifi: mt76: mt7996: fix the capability of reception of EHT MU PPDU
wifi: mt76: mt7996: fix HE Phy capability
Hsin-Te Yuan (2):
arm64: dts: mediatek: mt8183: kenzo: Support second source touchscreen
arm64: dts: mediatek: mt8183: willow: Support second source touchscreen
Hsin-Yi Wang (1):
arm64: dts: mt8183: set DMIC one-wire mode on Damu
Huacai Chen (1):
LoongArch: Fix warnings during S3 suspend
Ian Rogers (3):
perf test stat: Avoid hybrid assumption when virtualized
perf inject: Fix use without initialization of local variables
perf annotate: Use an array for the disassembler preference
Ilan Peer (1):
wifi: mac80211: Fix common size calculation for ML element
Ivan Stepchenko (1):
drm/amdgpu: Fix potential NULL pointer dereference in atomctrl_get_smc_sclk_range_table
Jagan Teki (1):
arm64: dts: rockchip: Fix PCIe3 handling for Edgeble-6TOPS Modules
Jakub Kicinski (3):
net: netdevsim: try to close UDP port harness races
tools: ynl: c: correct reverse decode of empty attrs
net: page_pool: don't try to stash the napi id
Jamal Hadi Salim (1):
net: sched: Disallow replacing of child qdisc from one parent to another
James Clark (1):
perf stat: Fix trailing comma when there is no metric unit
Jan Stancek (2):
selftests: mptcp: extend CFLAGS to keep options from environment
selftests: net/{lib,openvswitch}: extend CFLAGS to keep options from environment
Jason Gunthorpe (6):
iommu/arm-smmuv3: Update comments about ATS and bypass
iommu/amd: Remove domain_alloc()
iommu/amd: Remove dev == NULL checks
iommu/amd: Remove type argument from do_iommu_domain_alloc() and related
iommu/amd: Change amd_iommu_pgtable to use enum protection_domain_mode
iommu/amd: Fully decode all combinations of alloc_paging_flags
Jason-JH.Lin (2):
dts: arm64: mediatek: mt8188: Update OVL compatible from MT8183 to MT8195
dts: arm64: mediatek: mt8195: Remove MT8183 compatible for OVL
Javier Carrasco (2):
clk: renesas: cpg-mssr: Fix 'soc' node handling in cpg_mssr_reserved_init()
soc: atmel: fix device_node release in atmel_soc_device_init()
Jens Axboe (4):
nvme: fix bogus kzalloc() return check in nvme_init_effects_log()
io_uring/msg_ring: don't leave potentially dangling ->tctx pointer
io_uring/uring_cmd: use cached cmd_op in io_uring_cmd_sock()
io_uring/register: use atomic_read/write for sq_flags migration
Jiachen Zhang (1):
perf report: Fix misleading help message about --demangle
Jian Shen (1):
net: hns3: fix oops when unload drivers paralleling
Jianbo Liu (1):
xfrm: replay: Fix the update of replay_esn->oseq_hi for GSO
Jiang Liu (1):
drm/amdgpu: tear down ttm range manager for doorbell in amdgpu_ttm_fini()
Jiasheng Jiang (3):
media: marvell: Add check for clk_enable()
media: mipi-csis: Add check for clk_enable()
media: camif-core: Add check for clk_enable()
Jiayuan Chen (1):
selftests/bpf: Avoid generating untracked files when running bpf selftests
Jinliang Zheng (1):
fs: fix proc_handler for sysctl_nr_open
Jiri Kosina (1):
HID: multitouch: fix support for Goodix PID 0x01e9
Jiri Slaby (SUSE) (1):
tty: mips_ejtag_fdc: fix one more u8 warning
Joe Hattori (14):
clk: fix an OF node reference leak in of_clk_get_parent_name()
ACPI: fan: cleanup resources in the error path of .probe()
leds: netxbig: Fix an OF node reference leak in netxbig_leds_get_of_pdata()
regulator: of: Implement the unwind path of of_regulator_match()
OPP: OF: Fix an OF node leak in _opp_add_static_v2()
leds: cht-wcove: Use devm_led_classdev_register() to avoid memory leak
crypto: ixp4xx - fix OF node reference leaks in init_ixp_crypto()
memory: tegra20-emc: fix an OF node reference bug in tegra_emc_find_node_by_ram_code()
fbdev: omapfb: Fix an OF node leak in dss_of_port_get_parent_device()
mtd: hyperbus: hbmc-am654: fix an OF node reference leak
watchdog: rti_wdt: Fix an OF node leak in rti_wdt_probe()
staging: media: imx: fix OF node leak in imx_media_add_of_subdevs()
dmaengine: ti: edma: fix OF node reference leaks in edma_driver
usb: dwc3-am62: Fix an OF node leak in phy_syscon_pll_refclk()
Joel Stanley (2):
hwmon: Fix help text for aspeed-g6-pwm-tach
arm64: dts: qcom: x1e80100-romulus: Update firmware nodes
Johannes Berg (3):
wifi: iwlwifi: fw: read STEP table from correct UEFI var
wifi: mac80211: prohibit deactivating all links
wifi: mac80211: don't flush non-uploaded STAs
John Garry (1):
block: Ensure start sector is aligned for stacking atomic writes
John Ogness (2):
printk: Defer legacy printing when holding printk_cpu_sync
serial: 8250: Adjust the timeout for FIFO mode
Jon Maloy (1):
tcp: correct handling of extreme memory squeeze
Jonas Karlman (1):
arm64: dts: rockchip: Fix sdmmc access on rk3308-rock-s0 v1.1 boards
Jonathan Kim (1):
drm/amdgpu: fix gpu recovery disable with per queue reset
Jos Wang (1):
usb: typec: tcpm: set SRC_SEND_CAPABILITIES timeout to PD_T_SENDER_RESPONSE
Josua Mayer (2):
arm64: dts: marvell: cn9131-cf-solidwan: fix cp1 comphy links
arm64: dts: ti: k3-am642-hummingboard-t: Convert overlay to board dts
Junxian Huang (1):
RDMA/hns: Clean up the legacy CONFIG_INFINIBAND_HNS
K Prateek Nayak (1):
x86/topology: Use x86_sched_itmt_flags for PKG domain unconditionally
Kailang Yang (1):
ALSA: hda/realtek - Fixed headphone distorted sound on Acer Aspire A115-31 laptop
Kalesh AP (1):
RDMA/bnxt_re: Fix to drop reference to the mmap entry in case of error
Kanchana P Sridhar (1):
crypto: iaa - Fix IAA disabling that occurs when sync_mode is set to 'async'
Karol Przybylski (2):
drm/amdgpu: Fix potential integer overflow in scheduler mask calculations
HID: hid-thrustmaster: Fix warning in thrustmaster_probe by adding endpoint check
Kees Cook (2):
coredump: Do not lock during 'comm' reporting
wifi: cfg80211: Move cfg80211_scan_req_add_chan() n_channels increment earlier
Keisuke Nishimura (2):
nvme: Add error check for xa_store in nvme_get_effects_log
nvme: Add error path for xa_store in nvme_init_effects
Kevin Brodsky (1):
selftests/mm: build with -O2
King Dix (1):
PCI: rcar-ep: Fix incorrect variable used when calling devm_request_mem_region()
Konrad Dybcio (5):
arm64: dts: qcom: sa8775p: Use a SoC-specific compatible for GPI DMA
arm64: dts: qcom: sa8775p: Use valid node names for GPI DMAs
arm64: dts: qcom: msm8996: Fix up USB3 interrupts
arm64: dts: qcom: msm8994: Describe USB interrupts
arm64: dts: qcom: sc8280xp: Fix up remoteproc register space sizes
Kory Maincent (2):
net: ravb: Fix missing rtnl lock in suspend/resume path
net: sh_eth: Fix missing rtnl lock in suspend/resume path
Krishna chaitanya chundru (1):
PCI: qcom: Update ICC and OPP values after Link Up event
Krzysztof Kozlowski (2):
arm64: dts: qcom: sm8650: Fix CDSP context banks unit addresses
firmware: qcom: scm: Cleanup global '__scm' on probe failures
Kunihiko Hayashi (2):
net: stmmac: Limit the number of MTL queues to hardware capability
net: stmmac: Limit FIFO size by hardware capability
Kuniyuki Iwashima (1):
dev: Acquire netdev_rename_lock before restoring dev->name in dev_change_name().
Kyle Tso (2):
usb: dwc3: core: Defer the probe until USB power supply ready
usb: typec: tcpci: Prevent Sink disconnection before vPpsShutdown in SPR PPS
Laurent Pinchart (1):
media: uvcvideo: Fix double free in error path
Laurentiu Palcu (2):
media: nxp: imx8-isi: fix v4l2-compliance test errors
staging: media: max96712: fix kernel oops when removing module
Len Brown (1):
tools/power turbostat: Fix forked child affinity regression
Leon Romanovsky (1):
RDMA/mlx4: Avoid false error about access to uninitialized gids array
Leon Yen (1):
wifi: mt76: mt7925: Fix CNM Timeout with Single Active Link in MLO
Levi Yun (1):
perf expr: Initialize is_test value in expr__ctx_new()
Li Zhijian (1):
RDMA/rtrs: Add missing deinit() call
Liam R. Howlett (1):
kernel: be more careful about dup_mmap() failures and uprobe registering
Lianqin Hu (1):
ALSA: usb-audio: Add delay quirk for iBasso DC07 Pro
Lin Yujun (1):
hexagon: Fix unbalanced spinlock in die()
Liu Jian (1):
net: let net.core.dev_weight always be non-zero
Long Li (1):
xfs: fix mount hang during primary superblock recovery failure
Lorenzo Bianconi (1):
net: airoha: Fix error path in airoha_probe()
Lu Baolu (1):
iommu/vt-d: Draining PRQ in sva unbind path when FPD bit set
Luca Ceresoli (1):
gpio: pca953x: log an error when failing to get the reset GPIO
Luca Weiss (2):
arm64: dts: qcom: sm7225-fairphone-fp4: Drop extra qcom,msm-id value
media: i2c: imx412: Add missing newline to prints
Luo Yifan (1):
tools/bootconfig: Fix the wrong format specifier
Ma Ke (1):
RDMA/srp: Fix error handling in srp_add_port
Maciej S. Szmigiero (1):
pinctrl: amd: Take suspend type into consideration which pins are non-wake
Mahdi Arghavani (1):
tcp_cubic: fix incorrect HyStart round start detection
Maher Sanalla (1):
net/mlxfw: Drop hard coded max FW flash image size
Mamta Shukla (1):
arm: dts: socfpga: use reset-name "stmmaceth-ocp" instead of "ahb"
Manivannan Sadhasivam (3):
cpufreq: qcom: Fix qcom_cpufreq_hw_recalc_rate() to query LUT if LMh IRQ is not available
cpufreq: qcom: Implement clk_ops::determine_rate() for qcom_cpufreq* clocks
PCI: endpoint: pci-epf-test: Fix check for DMA MEMCPY test
Manoj Vishwanathan (1):
idpf: Acquire the lock before accessing the xn->salt
Marcel Hamer (1):
wifi: brcmfmac: add missing header include for brcmf_dbg
Marco Leogrande (2):
tools/testing/selftests/bpf/test_tc_tunnel.sh: Fix wait for server bind
idpf: convert workqueues to unbound
Marek Vasut (6):
clk: imx8mp: Fix clkout1/2 support
ARM: dts: stm32: Increase CPU core voltage on STM32MP13xx DHCOR SoM
ARM: dts: stm32: Sort M24256E write-lockable page in DH STM32MP13xx DHCOR SoM DT
ARM: dts: stm32: Deduplicate serial aliases and chosen node for STM32MP15xx DHCOM SoM
ARM: dts: stm32: Swap USART3 and UART8 alias on STM32MP15xx DHCOM SoM
arm64: dts: qcom: msm8996-xiaomi-gemini: Fix LP5562 LED1 reg property
Mario Limonciello (1):
cpufreq/amd-pstate: Fix prefcore rankings
Mark Brown (1):
spi: omap2-mcspi: Correctly handle devm_clk_get_optional() errors
Martin KaFai Lau (2):
bpf: bpf_local_storage: Always use bpf_mem_alloc in PREEMPT_RT
bpf: Reject struct_ops registration that uses module ptr and the module btf_id is missing
Masahiro Yamada (5):
genksyms: fix memory leak when the same symbol is added from source
genksyms: fix memory leak when the same symbol is read from *.symref file
kconfig: fix file name in warnings when loading KCONFIG_DEFCONFIG_LIST
kconfig: fix memory leak in sym_warn_unmet_dep()
kbuild: fix Clang LTO with CONFIG_OBJTOOL=n
Masami Hiramatsu (Google) (1):
selftests/ftrace: Fix to use remount when testing mount GID option
Mateusz Polchlopek (1):
ice: remove invalid parameter of equalizer
Mathieu Desnoyers (1):
selftests/rseq: Fix handling of glibc without rseq support
Matthieu Baerts (NGI0) (2):
mptcp: pm: only set fullmesh for subflow endp
mptcp: blackhole only if 1st SYN retrans w/o MPC is accepted
Matti Vaittinen (1):
dt-bindings: mfd: bd71815: Fix rsense and typos
Maulik Shah (1):
arm64: dts: qcom: sa8775p: Add CPUs to psci power domain
Max Chou (1):
Bluetooth: btrtl: check for NULL in btrtl_setup_realtek()
Maíra Canal (1):
drm/v3d: Fix performance counter source settings on V3D 7.x
Melissa Wen (1):
drm/amd/display: restore invalid MSA timing check for freesync
Michael Ellerman (1):
selftests/powerpc: Fix argument order to timer_sub()
Michael Guralnik (1):
RDMA/mlx5: Fix indirect mkey ODP page count
Michael Lo (1):
wifi: mt76: mt7921: fix using incorrect group cipher after disconnection.
Michael Riesch (1):
arm64: dts: rockchip: fix num-channels property of wolfvision pf5 mic
Michal Luczaj (1):
vsock: Allow retrying on connect() failure
Michal Pecio (1):
usb: xhci: Fix NULL pointer dereference on certain command aborts
Michal Swiatkowski (1):
iavf: allow changing VLAN state without calling PF
Michal Wilczynski (1):
mailbox: th1520: Fix memory corruption due to incorrect array size
Mickaël Salaün (4):
selftests: ktap_helpers: Fix uninitialized variable
landlock: Handle weird files
selftests/landlock: Fix build with non-default pthread linking
selftests/landlock: Fix error message
Mike Snitzer (1):
nfs: fix incorrect error handling in LOCALIO
Min-Hua Chen (1):
drm/rockchip: vop2: include rockchip_drm_drv.h
Ming Wang (1):
rtc: loongson: clear TOY_MATCH0_REG in loongson_rtc_isr()
Ming Yen Hsieh (15):
wifi: mt76: mt7925: fix get wrong chip cap from incorrect pointer
wifi: mt76: mt7925: fix the invalid ip address for arp offload
wifi: mt76: mt7925: Fix incorrect MLD address in bss_mld_tlv for MLO support
wifi: mt76: mt7925: Fix incorrect WCID assignment for MLO
wifi: mt76: mt7925: fix wrong parameter for related cmd of chan info
wifi: mt76: mt7925: Enhance mt7925_mac_link_bss_add to support MLO
wifi: mt76: Enhance mt7925_mac_link_sta_add to support MLO
wifi: mt76: mt7925: Update mt7925_mcu_sta_update for BC in ASSOC state
wifi: mt76: mt7925: Update mt792x_rx_get_wcid for per-link STA
wifi: mt76: mt7925: Update mt7925_unassign_vif_chanctx for per-link BSS
wifi: mt76: mt7925: Update secondary link PS flow
wifi: mt76: mt7925: Init secondary link PM state
wifi: mt76: mt7925: Update mt7925_mcu_uni_[tx,rx]_ba for MLO
wifi: mt76: mt7925: Cleanup MLO settings post-disconnection
wifi: mt76: mt7925: Properly handle responses for commands with events
Mingwei Zheng (5):
spi: zynq-qspi: Add check for clk_enable()
pwm: stm32-lp: Add check for clk_enable()
pwm: stm32: Add check for clk_enable()
pinctrl: nomadik: Add check for clk_enable()
pinctrl: stm32: Add check for clk_enable()
Miri Korenblit (1):
wifi: iwlwifi: mvm: avoid NULL pointer dereference
Mohamed Khalfella (1):
PCI: endpoint: pci-epf-test: Set dma_chan_rx pointer to NULL on error
Namhyung Kim (2):
perf symbol: Prefer non-label symbols with same address
perf test: Skip syscall enum test if no landlock syscall
Nathan Chancellor (1):
s390: Add '-std=gnu11' to decompressor and purgatory CFLAGS
Neeraj Sanjay Kale (1):
Bluetooth: btnxpuart: Fix glitches seen in dual A2DP streaming
Neil Armstrong (9):
OPP: add index check to assert to avoid buffer overflow in _read_freq()
OPP: fix dev_pm_opp_find_bw_*() when bandwidth table not initialized
dt-bindings: mmc: controller: clarify the address-cells description
arm64: dts: qcom: qcm6490-shift-otter: remove invalid orientation-switch
arm64: dts: qcom: sdm845-db845c-navigation-mezzanine: remove disabled ov7251 camera
arm64: dts: qcom: sc7180-trogdor-quackingstick: add missing avee-supply
arm64: dts: qcom: sc7180-trogdor-pompom: rename 5v-choke thermal zone
arm64: dts: qcom: sc7180: fix psci power domain node names
arm64: dts: qcom: sm8150-microsoft-surface-duo: fix typos in da7280 properties
Nicolas Cavallari (1):
wifi: mt76: mt7915: Fix mesh scan on MT7916 DBDC
Nicolas Ferre (1):
ARM: at91: pm: change BU Power Switch to automatic mode
Nikita Zhandarovich (2):
net/rose: prevent integer overflows in rose_setsockopt()
net: usb: rtl8150: enable basic endpoint checking
Nícolas F. R. A. Prado (2):
arm64: dts: mediatek: mt8186: Move wakeup to MTU3 to get working suspend
arm64: dts: mediatek: mt8195: Remove suspend-breaking reset from pcie1
Octavian Purdila (2):
net_sched: sch_sfq: don't allow 1 packet limit
team: prevent adding a device which is already a team device lower
Oleksij Rempel (1):
rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read
Olga Kornievskaia (2):
NFSv4.2: fix COPY_NOTIFY xdr buf size calculation
NFSv4.2: mark OFFLOAD_CANCEL MOVEABLE
Oliver Neukum (1):
media: rc: iguanair: handle timeouts
Pablo Neira Ayuso (2):
netfilter: nf_tables: fix set size with rbtree backend
netfilter: nf_tables: reject mismatching sum of field_len with set key length
Pali Rohár (3):
cifs: Use cifs_autodisable_serverino() for disabling CIFS_MOUNT_SERVER_INUM in readdir.c
cifs: Validate EAs for WSL reparse points
cifs: Fix getting and setting SACLs over SMB1
Palmer Dabbelt (1):
RISC-V: Mark riscv_v_init() as __init
Paolo Abeni (2):
mptcp: consolidate suboption status
mptcp: handle fastopen disconnect correctly
Patrisious Haddad (1):
RDMA/mlx5: Fix implicit ODP use after free
Patryk Wlazlyn (1):
tools/power turbostat: Fix PMT mmaped file size rounding
Paul Fertser (1):
net/ncsi: use dev_set_mac_address() for Get MC MAC Address handling
Paul Menzel (1):
scsi: mpt3sas: Set ioc->manu_pg11.EEDPTagMode directly to 1
Paulo Alcantara (1):
smb: client: fix oops due to unset link speed
Pavel Begunkov (1):
io_uring: prevent reg-wait speculations
Pei Xiao (4):
platform/mellanox: mlxbf-pmc: incorrect type in assignment
platform/x86: x86-android-tablets: make platform data be static
bpf: Use refcount_t instead of atomic_t for mmap_count
i3c: dw: Fix use-after-free in dw_i3c_master driver due to race condition
Peng Fan (1):
clk: imx: Apply some clks only for i.MX93
Peter Chiu (4):
wifi: mt76: mt7915: fix register mapping
wifi: mt76: mt7996: fix register mapping
wifi: mt76: mt7996: add max mpdu len capability
wifi: mt76: mt7996: fix ldpc setting
Peter Zijlstra (2):
sched/fair: Untangle NEXT_BUDDY and pick_next_task()
sched/fair: Fix value reported by hot tasks pulled in /proc/schedstat
Ping-Ke Shih (1):
wifi: rtw89: fix race between cancel_hw_scan and hw_scan completion
Po-Hao Huang (1):
wifi: rtw89: correct header conversion rule for MLO only
Przemek Kitszel (1):
ice: fix ice_parser_rt::bst_key array size
Pu Lehui (3):
selftests/bpf: Fix btf leak on new btf alloc failure in btf_distill test
libbpf: Fix return zero when elf_begin failed
libbpf: Fix incorrect traversal end type ID when marking BTF_IS_EMBEDDED
Puranjay Mohan (1):
bpf: Send signals asynchronously if !preemptible
Qasim Ijaz (1):
iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index()
Qu Wenruo (5):
btrfs: improve the warning and error message for btrfs_remove_qgroup()
btrfs: subpage: fix the bitmap dump of the locked flags
btrfs: output the reason for open_ctree() failure
btrfs: do proper folio cleanup when cow_file_range() failed
btrfs: do proper folio cleanup when run_delalloc_nocow() failed
Quan Nguyen (1):
ipmi: ssif_bmc: Fix new request loss when bmc ready for a response
Quentin Monnet (1):
libbpf: Fix segfault due to libelf functions not setting errno
Rafał Miłecki (2):
ARM: dts: mediatek: mt7623: fix IR nodename
bgmac: reduce max frame size to support just MTU 1500
Randy Dunlap (2):
partitions: ldm: remove the initial kernel-doc notation
efi: sysfb_efi: fix W=1 warnings when EFI is not set
Ray Chi (1):
usb: dwc3: Skip resume if pm_runtime_set_active() fails
Rex Nie (1):
drm/msm/hdmi: simplify code in pll_get_integloop_gain
Ricardo B. Marliere (1):
ktest.pl: Check kernelrelease return in get_version
Ricardo Ribalda (2):
media: uvcvideo: Fix deadlock during uvc_probe
media: uvcvideo: Propagate buf->error to userspace
Richard Zhu (4):
PCI: imx6: Skip controller_id generation logic for i.MX7D
PCI: imx6: Deassert apps_reset in imx_pcie_deassert_core_reset()
PCI: imx6: Add missing reference clock disable logic
PCI: dwc: Always stop link in the dw_pcie_suspend_noirq
Ricky CX Wu (3):
ARM: dts: aspeed: yosemite4: correct the compatible string of adm1272
ARM: dts: aspeed: yosemite4: Add required properties for IOE on fan boards
ARM: dts: aspeed: yosemite4: correct the compatible string for max31790
Rob Herring (Arm) (1):
mfd: syscon: Fix race in device_node_get_regmap()
Roger Quadros (1):
net: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns()
Ross Burton (1):
arm64: defconfig: remove obsolete CONFIG_SM_DISPCC_8650
Ryusuke Konishi (3):
nilfs2: do not force clear folio if buffer is referenced
nilfs2: protect access to buffers with no active references
nilfs2: handle errors that nilfs_prepare_chunk() may return
Sagi Grimberg (1):
nvme-tcp: Fix I/O queue cpu spreading for multiple controllers
Saket Kumar Bhaskar (1):
selftests/bpf: Fix fill_link_info selftest on powerpc
Sathishkumar Muruganandam (1):
wifi: ath12k: fix tx power, max reg power update to firmware
Sean Christopherson (1):
KVM: x86: Plumb in the vCPU to kvm_x86_ops.hwapic_isr_update()
Sean Rhodes (1):
drivers/card_reader/rtsx_usb: Restore interrupt based detection
Sean Wang (1):
wifi: mt76: connac: Extend mt76_connac_mcu_uni_add_dev for MLO
Sebastian Andrzej Siewior (1):
module: Extend the preempt disabled section in dereference_symbol_descriptor().
Sebastian Sewior (1):
xfrm: Don't disable preemption while looking up cache state.
Sergio Paracuellos (1):
clk: ralink: mtmips: remove duplicated 'xtal' clock for Ralink SoC RT3883
Shayne Chen (1):
wifi: mt76: mt7996: fix invalid interface combinations
Shengjiu Wang (3):
dt-bindings: clock: imx93: Add SPDIF IPG clk
clk: imx93: Add IMX93_CLK_SPDIF_IPG clock
arm64: dts: imx93: Use IMX93_CLK_SPDIF_IPG as SPDIF IPG clock
Shigeru Yoshida (1):
vxlan: Fix uninit-value in vxlan_vnifilter_dump()
Shinas Rasheed (2):
octeon_ep: remove firmware stats fetch in ndo_get_stats64
octeon_ep_vf: remove firmware stats fetch in ndo_get_stats64
Shivaprasad G Bhat (1):
powerpc/pseries/iommu: Don't unset window if it was never set
Siddharth Vadapalli (1):
arm64: dts: ti: Makefile: Fix typo "k3-j7200-evm-pcie1-ep.dtbo"
Simon Trimmer (2):
ASoC: Intel: sof_sdw: Fix DMI match for Lenovo 83LC
ASoC: Intel: sof_sdw: Fix DMI match for Lenovo 83JX, 83MC and 83NM
Song Yoong Siang (1):
selftests/bpf: Actuate tx_metadata_len in xdp_hw_metadata
Sourabh Jain (1):
powerpc/book3s64/hugetlb: Fix disabling hugetlb when fadump is active
Stanislav Fomichev (1):
net/mlx5e: add missing cpu_to_node to kvzalloc_node in mlx5e_open_xdpredirect_sq
Stefano Brivio (1):
udp: Deal with race between UDP socket address change and rehash
Su Yue (1):
ocfs2: mark dquot as inactive if failed to start trans while releasing dquot
Sui Jingfeng (2):
drm/etnaviv: Fix page property being used for non writecombine buffers
drm/msm: Check return value of of_dma_configure()
Sultan Alsawaf (unemployed) (1):
cpufreq: schedutil: Fix superfluous updates caused by need_freq_update
Suraj Sonawane (1):
iommu: iommufd: fix WARNING in iommufd_device_unbind
Suren Baghdasaryan (1):
alloc_tag: avoid current->alloc_tag manipulations when profiling is disabled
Takashi Iwai (6):
ASoC: cs40l50: Use *-y for Makefile
ASoC: mediatek: mt8365: Use *-y for Makefile
ASoC: SDCA: Use *-y for Makefile
ASoC: cs42l84: Use *-y for Makefile
ASoC: wcd937x: Use *-y for Makefile
ALSA: seq: Make dependency on UMP clearer
Taniya Das (1):
arm64: dts: qcom: sa8775p: Update sleep_clk frequency
Terry Tritton (1):
HID: fix generic desktop D-Pad controls
Thadeu Lima de Souza Cascardo (9):
wifi: rtlwifi: do not complete firmware loading needlessly
wifi: rtlwifi: rtl8192se: rise completion of firmware loading as last step
wifi: rtlwifi: wait for firmware loading before releasing memory
wifi: rtlwifi: fix init_sw_vars leak when probe fails
wifi: rtlwifi: usb: fix workqueue leak when probe fails
wifi: rtlwifi: remove unused check_buddy_priv
wifi: rtlwifi: destroy workqueue at rtl_deinit_core
wifi: rtlwifi: fix memory leaks and invalid access at probe error path
wifi: rtlwifi: pci: wait for firmware loading before releasing memory
Thinh Nguyen (2):
usb: gadget: f_tcm: Fix Get/SetInterface return value
usb: gadget: f_tcm: Don't free command immediately
Thomas Gleixner (1):
genirq: Make handle_enforce_irqctx() unconditionally available
Thomas Weißschuh (2):
padata: fix sysfs store callback check
ptp: Properly handle compat ioctls
Tianchen Ding (1):
sched: Fix race between yield_to() and try_to_wake_up()
Tiezhu Yang (1):
LoongArch: Change 8 to 14 for LOONGARCH_MAX_{BRP,WRP}
Toke Høiland-Jørgensen (1):
net: xdp: Disallow attaching device-bound programs in generic mode
Tony Ambardar (1):
selftests/bpf: Fix undefined UINT_MAX in veristat.c
Torsten Hilbrich (1):
kbuild: Fix signing issue for external modules
Uwe Kleine-König (3):
hwmon: (nct6775): Actually make use of the HWMON_NCT6775 symbol namespace
i2c: designware: Actually make use of the I2C_DW_COMMON and I2C_DW symbol namespaces
pwm: Ensure callbacks exist before calling them
Val Packett (5):
arm64: dts: mediatek: mt8516: fix GICv2 range
arm64: dts: mediatek: mt8516: fix wdt irq type
arm64: dts: mediatek: mt8516: add i2c clock-div property
arm64: dts: mediatek: mt8516: reserve 192 KiB for TF-A
arm64: dts: mediatek: add per-SoC compatibles for keypad nodes
Vasily Gorbik (1):
s390/mm: Allow large pages for KASAN shadow mapping
Vasily Khoruzhick (1):
clk: sunxi-ng: a64: stop force-selecting PLL-MIPI as TCON0 parent
Ville Syrjälä (1):
drm/i915: Grab intel_display from the encoder to avoid potential oopsies
Vishal Chourasia (1):
tools: Sync if_xdp.h uapi tooling header
Vladimir Zapolskiy (3):
arm64: dts: qcom: sc8280xp: Fix interrupt type of camss interrupts
arm64: dts: qcom: sdm845: Fix interrupt types of camss interrupts
arm64: dts: qcom: sm8250: Fix interrupt types of camss interrupts
WangYuli (1):
wifi: mt76: mt76u_vendor_request: Do not print error messages when -EPROTO
Wenkai Lin (2):
crypto: hisilicon/sec2 - fix for aead icv error
crypto: hisilicon/sec2 - fix for aead invalid authsize
Wentao Liang (1):
PM: hibernate: Add error handling for syscore_suspend()
Willem de Bruijn (1):
hexagon: fix using plain integer as NULL pointer warning in cmpxchg
Xin Long (1):
net: sched: refine software bypass handling in tc_run
Yabin Cui (1):
perf/core: Save raw sample data conditionally based on sample type
Yang Erkun (1):
block: retry call probe after request_module in blk_request_module
Yevgeny Kliteynik (1):
net/mlx5: HWS, fix definer's HWS_SET32 macro for negative offset
Yu Kuai (7):
nbd: don't allow reconnect after disconnect
md/md-bitmap: factor behind write counters out from bitmap_{start/end}write()
md/md-bitmap: remove the last parameter for bimtap_ops->endwrite()
md: add a new callback pers->bitmap_sector()
md/raid5: implement pers->bitmap_sector()
md/md-bitmap: move bitmap_{start, end}write to md upper layer
md/md-bitmap: Synchronize bitmap_get_stats() with bitmap lifetime
Zhihao Cheng (1):
ubi: Revert "ubi: wl: Close down wear-leveling before nand is suspended"
Zhongqiu Han (3):
perf header: Fix one memory leakage in process_bpf_btf()
perf header: Fix one memory leakage in process_bpf_prog_info()
perf bpf: Fix two memory leakages when calling perf_env__insert_bpf_prog_info()
Zhu Yanjun (1):
RDMA/rxe: Fix the warning "__rxe_cleanup+0x12c/0x170 [rdma_rxe]"
Zichen Xie (2):
wifi: cfg80211: tests: Fix potential NULL dereference in test_cfg80211_parse_colocated_ap()
samples/landlock: Fix possible NULL dereference in parse_path()
Zijun Hu (4):
of: property: Avoiding using uninitialized variable @imaplen in parse_interrupt_map()
of: reserved-memory: Do not make kmemleak ignore freed address
PCI: endpoint: Destroy the EPC device in devm_pci_epc_destroy()
driver core: class: Fix wild pointer dereferences in API class_dev_iter_next()
Zong-Zhe Yang (3):
wifi: rtw89: fix proceeding MCC with wrong scanning state after sequence changes
wifi: rtw89: chan: fix soft lockup in rtw89_entity_recalc_mgnt_roles()
wifi: rtw89: mcc: consider time limits not divisible by 1024
allan.wang (1):
wifi: mt76: mt7925: Fix incorrect WCID phy_idx assignment
david regan (1):
mtd: rawnand: brcmnand: fix status read of brcmnand_waitfunc
pangliyuan (1):
ubifs: skip dumping tnc tree when zroot is null
xueqin Luo (2):
wifi: mt76: mt7996: fix overflows seen when writing limit attributes
wifi: mt76: mt7915: fix overflows seen when writing limit attributes
zhenwei pi (1):
RDMA/rxe: Fix mismatched max_msg_sz
2 months, 3 weeks
- 1
- 1
Linux 6.12.13
by Greg Kroah-Hartman
I'm announcing the release of the 6.12.13 kernel.
All users of the 6.12 kernel series must upgrade.
The updated 6.12.y git tree can be found at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.12.y
and can be browsed at the normal kernel.org git web browser:
https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary
thanks,
greg k-h
------------
Documentation/core-api/symbol-namespaces.rst | 4
Documentation/devicetree/bindings/clock/imx93-clock.yaml | 1
Documentation/devicetree/bindings/leds/leds-class-multicolor.yaml | 2
Documentation/devicetree/bindings/mfd/rohm,bd71815-pmic.yaml | 20
Documentation/devicetree/bindings/mmc/mmc-controller.yaml | 2
Documentation/devicetree/bindings/regulator/mt6315-regulator.yaml | 6
Documentation/driver-api/crypto/iaa/iaa-crypto.rst | 9
Documentation/translations/it_IT/core-api/symbol-namespaces.rst | 4
Documentation/translations/zh_CN/core-api/symbol-namespaces.rst | 4
Makefile | 4
arch/arm/boot/dts/aspeed/aspeed-bmc-facebook-yosemite4.dts | 24
arch/arm/boot/dts/intel/socfpga/socfpga_arria10.dtsi | 6
arch/arm/boot/dts/mediatek/mt7623.dtsi | 2
arch/arm/boot/dts/microchip/at91-sama5d27_wlsom1_ek.dts | 1
arch/arm/boot/dts/microchip/at91-sama5d29_curiosity.dts | 1
arch/arm/boot/dts/nxp/imx/imx7-tqma7.dtsi | 1
arch/arm/boot/dts/st/stm32mp13xx-dhcor-som.dtsi | 4
arch/arm/boot/dts/st/stm32mp151.dtsi | 2
arch/arm/boot/dts/st/stm32mp15xx-dhcom-drc02.dtsi | 12
arch/arm/boot/dts/st/stm32mp15xx-dhcom-pdk2.dtsi | 10
arch/arm/boot/dts/st/stm32mp15xx-dhcom-picoitx.dtsi | 10
arch/arm/boot/dts/st/stm32mp15xx-dhcom-som.dtsi | 7
arch/arm/mach-at91/pm.c | 31
arch/arm/mach-omap1/board-nokia770.c | 2
arch/arm64/boot/dts/allwinner/sun50i-a64-pinebook.dts | 2
arch/arm64/boot/dts/allwinner/sun50i-a64-teres-i.dts | 2
arch/arm64/boot/dts/allwinner/sun50i-a64.dtsi | 2
arch/arm64/boot/dts/freescale/imx93.dtsi | 2
arch/arm64/boot/dts/marvell/cn9131-cf-solidwan.dts | 4
arch/arm64/boot/dts/mediatek/mt7988a.dtsi | 3
arch/arm64/boot/dts/mediatek/mt8173-elm.dtsi | 29
arch/arm64/boot/dts/mediatek/mt8173-evb.dts | 25
arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi-damu.dts | 4
arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi-kenzo.dts | 15
arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi-willow.dtsi | 15
arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi.dtsi | 2
arch/arm64/boot/dts/mediatek/mt8183.dtsi | 3
arch/arm64/boot/dts/mediatek/mt8186.dtsi | 8
arch/arm64/boot/dts/mediatek/mt8192-asurada.dtsi | 3
arch/arm64/boot/dts/mediatek/mt8195-cherry.dtsi | 2
arch/arm64/boot/dts/mediatek/mt8195-demo.dts | 9
arch/arm64/boot/dts/mediatek/mt8195.dtsi | 5
arch/arm64/boot/dts/mediatek/mt8365.dtsi | 3
arch/arm64/boot/dts/mediatek/mt8395-genio-1200-evk.dts | 2
arch/arm64/boot/dts/mediatek/mt8395-radxa-nio-12l.dts | 2
arch/arm64/boot/dts/mediatek/mt8516.dtsi | 11
arch/arm64/boot/dts/mediatek/pumpkin-common.dtsi | 2
arch/arm64/boot/dts/nvidia/tegra234.dtsi | 2
arch/arm64/boot/dts/qcom/Makefile | 3
arch/arm64/boot/dts/qcom/msm8916.dtsi | 2
arch/arm64/boot/dts/qcom/msm8939.dtsi | 2
arch/arm64/boot/dts/qcom/msm8994.dtsi | 11
arch/arm64/boot/dts/qcom/msm8996-xiaomi-gemini.dts | 2
arch/arm64/boot/dts/qcom/msm8996.dtsi | 9
arch/arm64/boot/dts/qcom/qcm6490-shift-otter.dts | 2
arch/arm64/boot/dts/qcom/qcs404.dtsi | 2
arch/arm64/boot/dts/qcom/qcs8550-aim300.dtsi | 2
arch/arm64/boot/dts/qcom/qdu1000-idp.dts | 2
arch/arm64/boot/dts/qcom/qrb4210-rb2.dts | 2
arch/arm64/boot/dts/qcom/qru1000-idp.dts | 2
arch/arm64/boot/dts/qcom/sa8775p-ride.dtsi | 2
arch/arm64/boot/dts/qcom/sc7180-firmware-tfa.dtsi | 84 +-
arch/arm64/boot/dts/qcom/sc7180-trogdor-coachz.dtsi | 8
arch/arm64/boot/dts/qcom/sc7180-trogdor-homestar.dtsi | 8
arch/arm64/boot/dts/qcom/sc7180-trogdor-pompom.dtsi | 4
arch/arm64/boot/dts/qcom/sc7180-trogdor-quackingstick.dtsi | 1
arch/arm64/boot/dts/qcom/sc7180-trogdor-wormdingler.dtsi | 8
arch/arm64/boot/dts/qcom/sc7180.dtsi | 362 +++++-----
arch/arm64/boot/dts/qcom/sc7280.dtsi | 2
arch/arm64/boot/dts/qcom/sc8280xp.dtsi | 46 -
arch/arm64/boot/dts/qcom/sdm845-db845c-navigation-mezzanine.dts | 104 --
arch/arm64/boot/dts/qcom/sdm845-db845c-navigation-mezzanine.dtso | 70 +
arch/arm64/boot/dts/qcom/sdm845.dtsi | 20
arch/arm64/boot/dts/qcom/sdx75.dtsi | 2
arch/arm64/boot/dts/qcom/sm4450.dtsi | 2
arch/arm64/boot/dts/qcom/sm6125.dtsi | 2
arch/arm64/boot/dts/qcom/sm6375.dtsi | 2
arch/arm64/boot/dts/qcom/sm7125.dtsi | 16
arch/arm64/boot/dts/qcom/sm7225-fairphone-fp4.dts | 2
arch/arm64/boot/dts/qcom/sm8150-microsoft-surface-duo.dts | 4
arch/arm64/boot/dts/qcom/sm8250.dtsi | 30
arch/arm64/boot/dts/qcom/sm8350.dtsi | 2
arch/arm64/boot/dts/qcom/sm8450.dtsi | 2
arch/arm64/boot/dts/qcom/sm8550-hdk.dts | 2
arch/arm64/boot/dts/qcom/sm8550-mtp.dts | 2
arch/arm64/boot/dts/qcom/sm8550-qrd.dts | 2
arch/arm64/boot/dts/qcom/sm8550-samsung-q5q.dts | 2
arch/arm64/boot/dts/qcom/sm8550-sony-xperia-yodo-pdx234.dts | 2
arch/arm64/boot/dts/qcom/sm8650-hdk.dts | 2
arch/arm64/boot/dts/qcom/sm8650-mtp.dts | 2
arch/arm64/boot/dts/qcom/sm8650-qrd.dts | 2
arch/arm64/boot/dts/qcom/sm8650.dtsi | 6
arch/arm64/boot/dts/qcom/x1e80100-microsoft-romulus.dtsi | 4
arch/arm64/boot/dts/qcom/x1e80100.dtsi | 2
arch/arm64/boot/dts/renesas/rzg3s-smarc-som.dtsi | 5
arch/arm64/boot/dts/renesas/rzg3s-smarc.dtsi | 7
arch/arm64/boot/dts/rockchip/rk3308-rock-s0.dts | 25
arch/arm64/boot/dts/rockchip/rk3568-wolfvision-pf5.dts | 2
arch/arm64/boot/dts/ti/Makefile | 4
arch/arm64/boot/dts/ti/k3-am62-main.dtsi | 1
arch/arm64/boot/dts/ti/k3-am62a-main.dtsi | 1
arch/arm64/boot/dts/ti/k3-am642-hummingboard-t-pcie.dts | 47 +
arch/arm64/boot/dts/ti/k3-am642-hummingboard-t-pcie.dtso | 45 -
arch/arm64/boot/dts/ti/k3-am642-hummingboard-t-usb3.dts | 47 +
arch/arm64/boot/dts/ti/k3-am642-hummingboard-t-usb3.dtso | 44 -
arch/arm64/configs/defconfig | 1
arch/hexagon/include/asm/cmpxchg.h | 2
arch/hexagon/kernel/traps.c | 4
arch/loongarch/include/asm/hw_breakpoint.h | 4
arch/loongarch/include/asm/loongarch.h | 60 +
arch/loongarch/kernel/hw_breakpoint.c | 16
arch/loongarch/power/platform.c | 2
arch/powerpc/include/asm/hugetlb.h | 9
arch/powerpc/kernel/iommu.c | 2
arch/powerpc/platforms/pseries/iommu.c | 12
arch/riscv/kernel/vector.c | 2
arch/s390/Kconfig | 1
arch/s390/Makefile | 2
arch/s390/include/asm/sclp.h | 1
arch/s390/kernel/perf_cpum_cf.c | 2
arch/s390/kernel/perf_pai_crypto.c | 2
arch/s390/kernel/perf_pai_ext.c | 2
arch/s390/kernel/setup.c | 5
arch/s390/purgatory/Makefile | 2
arch/x86/events/amd/ibs.c | 2
arch/x86/include/asm/kvm_host.h | 2
arch/x86/kernel/smpboot.c | 10
arch/x86/kvm/lapic.c | 11
arch/x86/kvm/vmx/vmx.c | 2
arch/x86/kvm/vmx/x86_ops.h | 2
block/bio-integrity.c | 15
block/blk-core.c | 21
block/blk-mq.c | 34
block/blk-mq.h | 6
block/blk-sysfs.c | 9
block/genhd.c | 22
block/partitions/ldm.h | 2
crypto/algapi.c | 4
drivers/acpi/acpica/achware.h | 2
drivers/acpi/fan_core.c | 10
drivers/base/class.c | 9
drivers/block/nbd.c | 1
drivers/block/ps3disk.c | 4
drivers/bluetooth/btbcm.c | 3
drivers/bluetooth/btnxpuart.c | 3
drivers/bluetooth/btrtl.c | 4
drivers/bluetooth/btusb.c | 7
drivers/cdx/Makefile | 2
drivers/char/ipmi/ipmb_dev_int.c | 3
drivers/char/ipmi/ssif_bmc.c | 5
drivers/clk/analogbits/wrpll-cln28hpc.c | 2
drivers/clk/clk.c | 4
drivers/clk/imx/clk-imx8mp.c | 5
drivers/clk/imx/clk-imx93.c | 89 +-
drivers/clk/qcom/camcc-x1e80100.c | 7
drivers/clk/qcom/gcc-sdm845.c | 32
drivers/clk/qcom/gcc-x1e80100.c | 2
drivers/clk/ralink/clk-mtmips.c | 1
drivers/clk/renesas/renesas-cpg-mssr.c | 2
drivers/clk/sunxi-ng/ccu-sun50i-a64.c | 13
drivers/clk/sunxi-ng/ccu-sun50i-a64.h | 2
drivers/clk/thead/clk-th1520-ap.c | 13
drivers/cpufreq/acpi-cpufreq.c | 36
drivers/cpufreq/qcom-cpufreq-hw.c | 34
drivers/crypto/caam/blob_gen.c | 3
drivers/crypto/hisilicon/sec2/sec.h | 3
drivers/crypto/hisilicon/sec2/sec_crypto.c | 161 ++--
drivers/crypto/hisilicon/sec2/sec_crypto.h | 11
drivers/crypto/intel/iaa/Makefile | 2
drivers/crypto/intel/iaa/iaa_crypto_main.c | 2
drivers/crypto/intel/ixp4xx/ixp4xx_crypto.c | 3
drivers/crypto/intel/qat/qat_common/Makefile | 2
drivers/crypto/tegra/tegra-se-aes.c | 7
drivers/crypto/tegra/tegra-se-hash.c | 7
drivers/dma/idxd/Makefile | 2
drivers/dma/ti/edma.c | 3
drivers/firewire/device-attribute-test.c | 2
drivers/firmware/efi/sysfb_efi.c | 2
drivers/firmware/qcom/qcom_scm.c | 42 -
drivers/gpio/gpio-idio-16.c | 2
drivers/gpio/gpio-mxc.c | 3
drivers/gpio/gpio-pca953x.c | 3
drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gfx_v9.c | 6
drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 1
drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c | 4
drivers/gpu/drm/amd/amdgpu/gfx_v9_4_3.c | 6
drivers/gpu/drm/amd/amdgpu/vcn_v4_0_3.c | 2
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.h | 2
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 34
drivers/gpu/drm/amd/display/dc/dpp/dcn10/dcn10_dpp.c | 3
drivers/gpu/drm/amd/display/dc/hubp/dcn10/dcn10_hubp.c | 10
drivers/gpu/drm/amd/display/dc/hubp/dcn10/dcn10_hubp.h | 2
drivers/gpu/drm/amd/display/dc/hubp/dcn20/dcn20_hubp.c | 1
drivers/gpu/drm/amd/display/dc/hubp/dcn201/dcn201_hubp.c | 1
drivers/gpu/drm/amd/display/dc/hubp/dcn21/dcn21_hubp.c | 3
drivers/gpu/drm/amd/display/dc/hubp/dcn30/dcn30_hubp.c | 3
drivers/gpu/drm/amd/display/dc/hubp/dcn31/dcn31_hubp.c | 1
drivers/gpu/drm/amd/display/dc/hubp/dcn32/dcn32_hubp.c | 1
drivers/gpu/drm/amd/display/dc/hubp/dcn35/dcn35_hubp.c | 1
drivers/gpu/drm/amd/display/dc/hubp/dcn401/dcn401_hubp.c | 3
drivers/gpu/drm/amd/display/dc/hwss/dcn10/dcn10_hwseq.c | 2
drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c | 2
drivers/gpu/drm/amd/display/dc/inc/hw/hubp.h | 2
drivers/gpu/drm/amd/pm/powerplay/hwmgr/ppatomctrl.c | 2
drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega10_powertune.c | 5
drivers/gpu/drm/bridge/ite-it6505.c | 2
drivers/gpu/drm/display/drm_hdmi_state_helper.c | 8
drivers/gpu/drm/etnaviv/etnaviv_gem.c | 16
drivers/gpu/drm/msm/adreno/a6xx_gmu.c | 8
drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_10_0_sm8650.h | 2
drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_4_1_sdm670.h | 54 +
drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_5_0_sm8150.h | 2
drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_5_1_sc8180x.h | 2
drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_6_0_sm8250.h | 2
drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_7_0_sm8350.h | 2
drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_9_0_sm8550.h | 2
drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_9_2_x1e80100.h | 2
drivers/gpu/drm/msm/disp/mdp4/mdp4_lcdc_encoder.c | 2
drivers/gpu/drm/msm/dp/dp_audio.c | 2
drivers/gpu/drm/msm/hdmi/hdmi_phy_8998.c | 2
drivers/gpu/drm/msm/msm_kms.c | 1
drivers/gpu/drm/panthor/panthor_device.c | 4
drivers/gpu/drm/rockchip/rockchip_drm_vop2.c | 115 ++-
drivers/gpu/drm/rockchip/rockchip_drm_vop2.h | 10
drivers/gpu/drm/rockchip/rockchip_vop2_reg.c | 26
drivers/gpu/drm/v3d/v3d_debugfs.c | 4
drivers/gpu/drm/v3d/v3d_perfmon.c | 15
drivers/gpu/drm/v3d/v3d_regs.h | 29
drivers/hid/hid-core.c | 2
drivers/hid/hid-input.c | 37 -
drivers/hid/hid-multitouch.c | 2
drivers/hid/hid-thrustmaster.c | 8
drivers/hwmon/Kconfig | 4
drivers/hwmon/nct6775-core.c | 6
drivers/i2c/busses/i2c-designware-common.c | 5
drivers/i2c/busses/i2c-designware-master.c | 5
drivers/i2c/busses/i2c-designware-slave.c | 5
drivers/i3c/master/dw-i3c-master.c | 1
drivers/infiniband/hw/Makefile | 2
drivers/infiniband/hw/bnxt_re/ib_verbs.c | 7
drivers/infiniband/hw/cxgb4/device.c | 6
drivers/infiniband/hw/cxgb4/qp.c | 8
drivers/infiniband/hw/hns/Kconfig | 20
drivers/infiniband/hw/hns/Makefile | 9
drivers/infiniband/hw/mlx4/main.c | 8
drivers/infiniband/hw/mlx5/odp.c | 62 +
drivers/infiniband/sw/rxe/rxe_param.h | 2
drivers/infiniband/sw/rxe/rxe_pool.c | 11
drivers/infiniband/sw/rxe/rxe_verbs.c | 5
drivers/infiniband/ulp/rtrs/rtrs.c | 3
drivers/infiniband/ulp/srp/ib_srp.c | 1
drivers/iommu/amd/amd_iommu.h | 1
drivers/iommu/amd/iommu.c | 9
drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 17
drivers/iommu/iommufd/iova_bitmap.c | 2
drivers/iommu/iommufd/main.c | 2
drivers/leds/leds-cht-wcove.c | 6
drivers/leds/leds-netxbig.c | 1
drivers/md/md-bitmap.c | 79 +-
drivers/md/md-bitmap.h | 7
drivers/md/md.c | 34
drivers/md/md.h | 5
drivers/md/raid1.c | 34
drivers/md/raid1.h | 1
drivers/md/raid10.c | 26
drivers/md/raid10.h | 1
drivers/md/raid5-cache.c | 4
drivers/md/raid5.c | 111 +--
drivers/md/raid5.h | 4
drivers/media/i2c/imx290.c | 3
drivers/media/i2c/imx412.c | 42 -
drivers/media/i2c/ov9282.c | 2
drivers/media/platform/marvell/mcam-core.c | 7
drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c | 7
drivers/media/platform/nxp/imx8-isi/imx8-isi-video.c | 3
drivers/media/platform/samsung/exynos4-is/mipi-csis.c | 10
drivers/media/platform/samsung/s3c-camif/camif-core.c | 13
drivers/media/rc/iguanair.c | 4
drivers/media/usb/dvb-usb-v2/af9035.c | 18
drivers/media/usb/dvb-usb-v2/lmedm04.c | 12
drivers/media/usb/uvc/uvc_queue.c | 3
drivers/media/usb/uvc/uvc_status.c | 1
drivers/memory/tegra/tegra20-emc.c | 8
drivers/mfd/syscon.c | 19
drivers/misc/cardreader/rtsx_usb.c | 15
drivers/mtd/hyperbus/hbmc-am654.c | 19
drivers/mtd/nand/raw/brcmnand/brcmnand.c | 5
drivers/net/ethernet/broadcom/bgmac.h | 3
drivers/net/ethernet/davicom/dm9000.c | 3
drivers/net/ethernet/freescale/fec_main.c | 31
drivers/net/ethernet/hisilicon/hns3/hnae3.c | 15
drivers/net/ethernet/hisilicon/hns3/hnae3.h | 2
drivers/net/ethernet/hisilicon/hns3/hns3_enet.c | 2
drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 2
drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 2
drivers/net/ethernet/intel/iavf/iavf_main.c | 19
drivers/net/ethernet/intel/ice/ice_adminq_cmd.h | 18
drivers/net/ethernet/intel/ice/ice_ethtool.c | 109 +--
drivers/net/ethernet/intel/ice/ice_ethtool.h | 38 -
drivers/net/ethernet/intel/ice/ice_parser.h | 6
drivers/net/ethernet/intel/ice/ice_parser_rt.c | 12
drivers/net/ethernet/intel/idpf/idpf_controlq.c | 6
drivers/net/ethernet/intel/idpf/idpf_main.c | 15
drivers/net/ethernet/intel/idpf/idpf_virtchnl.c | 14
drivers/net/ethernet/marvell/octeon_ep/octep_main.c | 10
drivers/net/ethernet/marvell/octeon_ep_vf/octep_vf_main.c | 8
drivers/net/ethernet/mediatek/airoha_eth.c | 37 -
drivers/net/ethernet/mellanox/mlx5/core/steering/hws/mlx5hws_definer.c | 2
drivers/net/ethernet/mellanox/mlxfw/mlxfw_fsm.c | 2
drivers/net/ethernet/mellanox/mlxsw/spectrum_mr.c | 8
drivers/net/ethernet/renesas/ravb_main.c | 22
drivers/net/ethernet/renesas/sh_eth.c | 4
drivers/net/ethernet/sfc/ef100_ethtool.c | 1
drivers/net/ethernet/sfc/ethtool.c | 1
drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 30
drivers/net/ethernet/ti/am65-cpsw-nuss.c | 2
drivers/net/netdevsim/netdevsim.h | 1
drivers/net/netdevsim/udp_tunnels.c | 23
drivers/net/phy/marvell-88q2xxx.c | 33
drivers/net/tap.c | 6
drivers/net/team/team_core.c | 7
drivers/net/tun.c | 6
drivers/net/usb/rtl8150.c | 22
drivers/net/vxlan/vxlan_vnifilter.c | 5
drivers/net/wireless/ath/ath11k/dp_rx.c | 1
drivers/net/wireless/ath/ath11k/hal_rx.c | 3
drivers/net/wireless/ath/ath12k/mac.c | 6
drivers/net/wireless/ath/wcn36xx/main.c | 5
drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwil.h | 2
drivers/net/wireless/intel/iwlwifi/fw/uefi.c | 44 -
drivers/net/wireless/intel/iwlwifi/mvm/coex.c | 9
drivers/net/wireless/intel/iwlwifi/mvm/tx.c | 4
drivers/net/wireless/mediatek/mt76/mac80211.c | 2
drivers/net/wireless/mediatek/mt76/mt7615/mcu.c | 2
drivers/net/wireless/mediatek/mt76/mt76_connac_mcu.c | 2
drivers/net/wireless/mediatek/mt76/mt76_connac_mcu.h | 1
drivers/net/wireless/mediatek/mt76/mt7915/init.c | 2
drivers/net/wireless/mediatek/mt76/mt7915/mac.c | 7
drivers/net/wireless/mediatek/mt76/mt7915/main.c | 9
drivers/net/wireless/mediatek/mt76/mt7915/mmio.c | 2
drivers/net/wireless/mediatek/mt76/mt7915/mt7915.h | 1
drivers/net/wireless/mediatek/mt76/mt7915/pci.c | 1
drivers/net/wireless/mediatek/mt76/mt7921/mac.c | 1
drivers/net/wireless/mediatek/mt76/mt7921/main.c | 9
drivers/net/wireless/mediatek/mt76/mt7925/mac.c | 6
drivers/net/wireless/mediatek/mt76/mt7925/main.c | 109 ++-
drivers/net/wireless/mediatek/mt76/mt7925/mcu.c | 142 ++-
drivers/net/wireless/mediatek/mt76/mt7925/mcu.h | 5
drivers/net/wireless/mediatek/mt76/mt7925/mt7925.h | 2
drivers/net/wireless/mediatek/mt76/mt792x.h | 7
drivers/net/wireless/mediatek/mt76/mt792x_core.c | 3
drivers/net/wireless/mediatek/mt76/mt792x_mac.c | 2
drivers/net/wireless/mediatek/mt76/mt7996/init.c | 20
drivers/net/wireless/mediatek/mt76/mt7996/mac.c | 5
drivers/net/wireless/mediatek/mt76/mt7996/main.c | 3
drivers/net/wireless/mediatek/mt76/mt7996/mcu.c | 47 -
drivers/net/wireless/mediatek/mt76/mt7996/mmio.c | 2
drivers/net/wireless/mediatek/mt76/usb.c | 4
drivers/net/wireless/realtek/rtlwifi/base.c | 13
drivers/net/wireless/realtek/rtlwifi/base.h | 1
drivers/net/wireless/realtek/rtlwifi/pci.c | 61 -
drivers/net/wireless/realtek/rtlwifi/rtl8192se/sw.c | 7
drivers/net/wireless/realtek/rtlwifi/rtl8821ae/phy.c | 4
drivers/net/wireless/realtek/rtlwifi/usb.c | 12
drivers/net/wireless/realtek/rtlwifi/wifi.h | 12
drivers/net/wireless/realtek/rtw89/chan.c | 212 +++++
drivers/net/wireless/realtek/rtw89/chan.h | 28
drivers/net/wireless/realtek/rtw89/core.c | 122 +--
drivers/net/wireless/realtek/rtw89/core.h | 27
drivers/net/wireless/realtek/rtw89/fw.c | 40 -
drivers/net/wireless/realtek/rtw89/mac.c | 3
drivers/net/wireless/realtek/rtw89/mac80211.c | 10
drivers/net/wireless/ti/wlcore/main.c | 10
drivers/nvme/host/core.c | 34
drivers/nvme/host/tcp.c | 70 +
drivers/of/fdt.c | 13
drivers/of/of_private.h | 3
drivers/of/of_reserved_mem.c | 176 +++-
drivers/of/property.c | 2
drivers/opp/core.c | 57 +
drivers/opp/of.c | 4
drivers/pci/controller/dwc/pci-imx6.c | 30
drivers/pci/controller/dwc/pcie-designware-host.c | 1
drivers/pci/controller/dwc/pcie-qcom.c | 2
drivers/pci/controller/pcie-rcar-ep.c | 2
drivers/pci/controller/plda/pcie-microchip-host.c | 222 ++++--
drivers/pci/controller/plda/pcie-plda-host.c | 17
drivers/pci/controller/plda/pcie-plda.h | 6
drivers/pci/endpoint/functions/pci-epf-test.c | 6
drivers/pci/endpoint/pci-epc-core.c | 2
drivers/pinctrl/nomadik/pinctrl-nomadik.c | 35
drivers/pinctrl/pinctrl-amd.c | 27
drivers/pinctrl/pinctrl-amd.h | 7
drivers/pinctrl/samsung/pinctrl-exynos.c | 3
drivers/pinctrl/stm32/pinctrl-stm32.c | 76 +-
drivers/platform/mellanox/mlxbf-pmc.c | 6
drivers/platform/x86/x86-android-tablets/lenovo.c | 4
drivers/pps/clients/pps-gpio.c | 4
drivers/pps/clients/pps-ktimer.c | 4
drivers/pps/clients/pps-ldisc.c | 6
drivers/pps/clients/pps_parport.c | 4
drivers/pps/kapi.c | 10
drivers/pps/kc.c | 10
drivers/pps/pps.c | 127 +--
drivers/ptp/ptp_chardev.c | 4
drivers/ptp/ptp_ocp.c | 2
drivers/pwm/core.c | 2
drivers/pwm/pwm-dwc-core.c | 2
drivers/pwm/pwm-lpss.c | 2
drivers/pwm/pwm-stm32-lp.c | 8
drivers/pwm/pwm-stm32.c | 7
drivers/regulator/core.c | 2
drivers/regulator/of_regulator.c | 14
drivers/remoteproc/mtk_scp.c | 12
drivers/remoteproc/remoteproc_core.c | 14
drivers/rtc/rtc-loongson.c | 13
drivers/rtc/rtc-pcf85063.c | 11
drivers/rtc/rtc-tps6594.c | 2
drivers/s390/char/sclp.c | 12
drivers/scsi/mpi3mr/mpi3mr_app.c | 8
drivers/scsi/mpt3sas/mpt3sas_base.c | 3
drivers/soc/atmel/soc.c | 2
drivers/spi/spi-omap2-mcspi.c | 11
drivers/spi/spi-zynq-qspi.c | 13
drivers/staging/media/imx/imx-media-of.c | 8
drivers/staging/media/max96712/max96712.c | 4
drivers/tty/mips_ejtag_fdc.c | 4
drivers/tty/serial/8250/8250_port.c | 32
drivers/tty/serial/sc16is7xx.c | 2
drivers/ufs/core/ufs_bsg.c | 1
drivers/usb/dwc3/core.c | 35
drivers/usb/dwc3/dwc3-am62.c | 1
drivers/usb/gadget/function/f_tcm.c | 14
drivers/usb/host/xhci-ring.c | 3
drivers/usb/storage/Makefile | 2
drivers/usb/typec/tcpm/tcpci.c | 13
drivers/usb/typec/tcpm/tcpm.c | 10
drivers/video/fbdev/omap2/omapfb/dss/dss-of.c | 1
drivers/watchdog/rti_wdt.c | 1
fs/afs/dir.c | 7
fs/afs/internal.h | 9
fs/afs/rxrpc.c | 12
fs/afs/xdr_fs.h | 2
fs/afs/yfsclient.c | 5
fs/btrfs/inode.c | 95 ++
fs/btrfs/qgroup.c | 21
fs/btrfs/subpage.c | 6
fs/btrfs/subpage.h | 13
fs/btrfs/super.c | 2
fs/dlm/lock.c | 46 -
fs/dlm/lowcomms.c | 3
fs/erofs/internal.h | 17
fs/erofs/zdata.c | 190 +++--
fs/erofs/zutil.c | 155 ----
fs/f2fs/dir.c | 53 +
fs/f2fs/f2fs.h | 6
fs/f2fs/inline.c | 5
fs/file_table.c | 2
fs/hostfs/hostfs_kern.c | 27
fs/nfs/localio.c | 4
fs/nfs/nfs42proc.c | 2
fs/nfs/nfs42xdr.c | 2
fs/nfs_common/common.c | 89 ++
fs/nilfs2/dir.c | 13
fs/nilfs2/namei.c | 29
fs/nilfs2/nilfs.h | 4
fs/nilfs2/page.c | 31
fs/nilfs2/segment.c | 4
fs/ocfs2/quota_global.c | 5
fs/pstore/blk.c | 4
fs/select.c | 4
fs/smb/client/cifsacl.c | 25
fs/smb/client/cifsproto.h | 2
fs/smb/client/cifssmb.c | 4
fs/smb/client/readdir.c | 2
fs/smb/client/reparse.c | 22
fs/smb/client/smb2ops.c | 3
fs/ubifs/debug.c | 22
fs/xfs/xfs_buf.c | 3
fs/xfs/xfs_notify_failure.c | 121 ++-
include/acpi/acpixf.h | 1
include/dt-bindings/clock/imx93-clock.h | 7
include/dt-bindings/clock/sun50i-a64-ccu.h | 2
include/linux/btf.h | 5
include/linux/coredump.h | 4
include/linux/ethtool.h | 4
include/linux/export.h | 2
include/linux/hid.h | 1
include/linux/ieee80211.h | 11
include/linux/kallsyms.h | 2
include/linux/mroute_base.h | 6
include/linux/netdevice.h | 2
include/linux/nfs_common.h | 3
include/linux/perf_event.h | 6
include/linux/pps_kernel.h | 3
include/linux/ptr_ring.h | 21
include/linux/sched.h | 1
include/linux/skb_array.h | 17
include/linux/usb/tcpm.h | 3
include/net/ax25.h | 10
include/net/inetpeer.h | 12
include/net/netfilter/nf_tables.h | 6
include/net/netns/xfrm.h | 1
include/net/pkt_cls.h | 13
include/net/sch_generic.h | 5
include/net/xfrm.h | 30
include/sound/hdaudio_ext.h | 45 -
include/trace/events/afs.h | 2
include/trace/events/rxrpc.h | 25
include/uapi/linux/xfrm.h | 2
io_uring/uring_cmd.c | 2
kernel/bpf/arena.c | 8
kernel/bpf/bpf_local_storage.c | 8
kernel/bpf/bpf_struct_ops.c | 21
kernel/bpf/btf.c | 5
kernel/bpf/helpers.c | 18
kernel/dma/coherent.c | 14
kernel/events/core.c | 35
kernel/irq/internals.h | 9
kernel/module/main.c | 7
kernel/padata.c | 45 -
kernel/power/hibernate.c | 7
kernel/printk/internal.h | 6
kernel/printk/printk.c | 5
kernel/printk/printk_safe.c | 7
kernel/sched/core.c | 83 +-
kernel/sched/cpufreq_schedutil.c | 4
kernel/sched/fair.c | 21
kernel/sched/features.h | 9
kernel/sched/sched.h | 56 -
kernel/sched/stats.h | 33
kernel/sched/syscalls.c | 2
kernel/trace/bpf_trace.c | 13
lib/rhashtable.c | 12
mm/memcontrol.c | 7
mm/oom_kill.c | 8
net/ax25/af_ax25.c | 12
net/ax25/ax25_dev.c | 4
net/ax25/ax25_ip.c | 3
net/ax25/ax25_out.c | 22
net/ax25/ax25_route.c | 2
net/core/dev.c | 21
net/core/filter.c | 2
net/core/sysctl_net_core.c | 5
net/ethtool/ioctl.c | 8
net/ethtool/netlink.c | 2
net/hsr/hsr_forward.c | 7
net/ipv4/esp4_offload.c | 6
net/ipv4/icmp.c | 9
net/ipv4/inetpeer.c | 31
net/ipv4/ip_fragment.c | 15
net/ipv4/ipmr.c | 28
net/ipv4/ipmr_base.c | 9
net/ipv4/route.c | 17
net/ipv4/tcp_cubic.c | 8
net/ipv4/tcp_output.c | 9
net/ipv4/udp.c | 56 +
net/ipv6/esp6_offload.c | 6
net/ipv6/icmp.c | 6
net/ipv6/ip6_output.c | 6
net/ipv6/ip6mr.c | 28
net/ipv6/ndisc.c | 8
net/ipv6/udp.c | 50 +
net/key/af_key.c | 7
net/mac80211/debugfs_netdev.c | 2
net/mac80211/driver-ops.h | 3
net/mac80211/rx.c | 1
net/mptcp/ctrl.c | 4
net/mptcp/options.c | 13
net/mptcp/pm_netlink.c | 3
net/mptcp/protocol.c | 4
net/mptcp/protocol.h | 30
net/ncsi/ncsi-rsp.c | 18
net/netfilter/nf_tables_api.c | 57 +
net/netfilter/nft_flow_offload.c | 16
net/netfilter/nft_set_rbtree.c | 43 +
net/rose/af_rose.c | 16
net/rose/rose_timer.c | 15
net/rxrpc/conn_event.c | 12
net/rxrpc/peer_event.c | 16
net/rxrpc/peer_object.c | 12
net/sched/cls_api.c | 57 -
net/sched/cls_bpf.c | 2
net/sched/cls_flower.c | 2
net/sched/cls_matchall.c | 2
net/sched/cls_u32.c | 4
net/sched/sch_api.c | 4
net/sched/sch_generic.c | 4
net/sched/sch_sfq.c | 43 -
net/smc/af_smc.c | 2
net/smc/smc_rx.c | 37 -
net/smc/smc_rx.h | 8
net/sunrpc/svcsock.c | 12
net/vmw_vsock/af_vsock.c | 5
net/wireless/scan.c | 7
net/wireless/tests/scan.c | 2
net/xfrm/xfrm_compat.c | 6
net/xfrm/xfrm_input.c | 2
net/xfrm/xfrm_policy.c | 12
net/xfrm/xfrm_replay.c | 10
net/xfrm/xfrm_state.c | 256 ++++++-
net/xfrm/xfrm_user.c | 59 +
samples/landlock/sandboxer.c | 7
scripts/Makefile.lib | 4
scripts/genksyms/genksyms.c | 11
scripts/genksyms/genksyms.h | 2
scripts/genksyms/parse.y | 18
scripts/kconfig/confdata.c | 6
scripts/kconfig/symbol.c | 1
security/landlock/fs.c | 11
sound/core/seq/Kconfig | 4
sound/pci/hda/patch_realtek.c | 1
sound/soc/amd/acp/acp-i2s.c | 1
sound/soc/codecs/Makefile | 6
sound/soc/codecs/da7213.c | 2
sound/soc/intel/avs/apl.c | 3
sound/soc/intel/avs/cnl.c | 1
sound/soc/intel/avs/core.c | 14
sound/soc/intel/avs/loader.c | 2
sound/soc/intel/avs/registers.h | 45 +
sound/soc/intel/avs/skl.c | 1
sound/soc/intel/avs/topology.c | 4
sound/soc/intel/boards/sof_sdw.c | 47 -
sound/soc/mediatek/mt8365/Makefile | 2
sound/soc/rockchip/rockchip_i2s_tdm.c | 31
sound/soc/sh/rz-ssi.c | 3
sound/soc/sunxi/sun4i-spdif.c | 7
sound/usb/quirks.c | 2
tools/bootconfig/main.c | 4
tools/include/uapi/linux/if_xdp.h | 4
tools/lib/bpf/btf.c | 1
tools/lib/bpf/btf_relocate.c | 2
tools/lib/bpf/linker.c | 22
tools/lib/bpf/usdt.c | 2
tools/net/ynl/lib/ynl.c | 2
tools/perf/MANIFEST | 1
tools/perf/builtin-inject.c | 8
tools/perf/builtin-lock.c | 66 +
tools/perf/builtin-report.c | 2
tools/perf/builtin-top.c | 2
tools/perf/builtin-trace.c | 6
tools/perf/tests/shell/trace_btf_enum.sh | 8
tools/perf/util/bpf-event.c | 10
tools/perf/util/bpf_skel/augmented_raw_syscalls.bpf.c | 11
tools/perf/util/env.c | 13
tools/perf/util/env.h | 4
tools/perf/util/expr.c | 5
tools/perf/util/header.c | 8
tools/perf/util/machine.c | 2
tools/perf/util/maps.c | 7
tools/perf/util/namespaces.c | 7
tools/perf/util/namespaces.h | 3
tools/power/cpupower/utils/idle_monitor/mperf_monitor.c | 15
tools/power/x86/turbostat/turbostat.8 | 25
tools/power/x86/turbostat/turbostat.c | 163 ++++
tools/testing/ktest/ktest.pl | 7
tools/testing/selftests/bpf/Makefile | 4
tools/testing/selftests/bpf/prog_tests/btf_distill.c | 4
tools/testing/selftests/bpf/prog_tests/fill_link_info.c | 4
tools/testing/selftests/bpf/prog_tests/tailcalls.c | 120 ++-
tools/testing/selftests/bpf/progs/tc_bpf2bpf.c | 5
tools/testing/selftests/bpf/progs/test_fill_link_info.c | 13
tools/testing/selftests/bpf/test_tc_tunnel.sh | 1
tools/testing/selftests/bpf/xdp_hw_metadata.c | 2
tools/testing/selftests/drivers/net/netdevsim/udp_tunnel_nic.sh | 16
tools/testing/selftests/ftrace/test.d/00basic/mount_options.tc | 8
tools/testing/selftests/kselftest/ktap_helpers.sh | 2
tools/testing/selftests/kselftest_harness.h | 24
tools/testing/selftests/landlock/Makefile | 4
tools/testing/selftests/landlock/fs_test.c | 3
tools/testing/selftests/net/lib/Makefile | 2
tools/testing/selftests/net/mptcp/Makefile | 2
tools/testing/selftests/net/openvswitch/Makefile | 2
tools/testing/selftests/powerpc/benchmarks/gettimeofday.c | 2
tools/testing/selftests/rseq/rseq.c | 32
tools/testing/selftests/rseq/rseq.h | 9
tools/testing/selftests/timers/clocksource-switch.c | 6
677 files changed, 6485 insertions(+), 3583 deletions(-)
Aaro Koskinen (1):
ARM: omap1: Fix up the Retu IRQ on Nokia 770
Abel Vesa (1):
clk: qcom: gcc-x1e80100: Do not turn off usb_2 controller GDSC
Ahmad Fatoum (1):
gpio: mxc: remove dead code after switch to DT-only
Akhil R (1):
arm64: tegra: Fix DMA ID for SPI2
Al Viro (1):
hostfs: fix string handling in __dentry_name()
Alan Stern (1):
HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections
Alejandro Jimenez (1):
iommu/amd: Remove unused amd_iommu_domain_update()
Alex Deucher (1):
Revert "drm/amdgpu/gfx9: put queue resets behind a debug option"
Alexander Aring (2):
dlm: fix removal of rsb struct that is master and dir record
dlm: fix srcu_read_lock() return type to int
Alexander Stein (2):
ARM: dts: imx7-tqma7: add missing vs-supply for LM75A (rev. 01xxx)
regulator: core: Add missing newline character
Alexandre Cassen (1):
xfrm: delete intermediate secpath entry in packet offload mode
Amadeusz Sławiński (1):
ASoC: Intel: avs: Fix init-config parsing
Amit Pundir (1):
clk: qcom: gcc-sdm845: Do not use shared clk_ops for QUPs
Andreas Kemnade (1):
wifi: wlcore: fix unbalanced pm_runtime calls
Andrii Nakryiko (1):
libbpf: don't adjust USDT semaphore address if .stapsdt.base addr is missing
Andy Strohman (1):
wifi: mac80211: fix tid removal during mesh forwarding
Andy Yan (7):
drm/rockchip: vop2: Fix cluster windows alpha ctrl regsiters offset
drm/rockchip: vop2: Fix the mixer alpha setup for layer 0
drm/rockchip: vop2: Fix the windows switch between different layers
drm/rockchip: vop2: Set AXI id for rk3588
drm/rockchip: vop2: Setup delay cycle for Esmart2/3
drm/rockchip: vop2: Check linear format for Cluster windows on rk3566/8
drm/rockchip: vop2: Add check for 32 bpp format for rk3588
Antoine Tenart (1):
net: avoid race between device unregistration and ethnl ops
Anumula Murali Mohan Reddy (1):
RDMA/cxgb4: Notify rdma stack for IB_EVENT_QP_LAST_WQE_REACHED event
Aric Cyr (1):
drm/amd/display: Add hubp cache reset when powergating
Arnaldo Carvalho de Melo (4):
perf top: Don't complain about lack of vmlinux when not resolving some kernel samples
perf namespaces: Introduce nsinfo__set_in_pidns()
perf namespaces: Fixup the nsinfo__in_pidns() return type, its bool
perf MANIFEST: Add arch/*/include/uapi/asm/bpf_perf_event.h to the perf tarball
Arnaud Pouliquen (2):
ARM: dts: stm32: Fix IPCC EXTI declaration on stm32mp151
remoteproc: core: Fix ida_free call while not allocated
Ba Jing (1):
ktest.pl: Remove unused declarations in run_bisect_test function
Balaji Pothunoori (1):
wifi: ath11k: Fix unexpected return buffer manager error for WCN6750/WCN6855
Bard Liao (1):
ASoC: Intel: sof_sdw: correct mach_params->dmic_num
Barnabás Czémán (1):
wifi: wcn36xx: fix channel survey memory allocation size
Benjamin Lin (2):
wifi: mt76: mt7996: fix incorrect indexing of MIB FW event
wifi: mt76: mt7996: fix definition of tx descriptor
Bo Gan (1):
clk: analogbits: Fix incorrect calculation of vco rate delta
Bokun Zhang (1):
drm/amdgpu/vcn: reset fw_shared under SRIOV
Boris Brezillon (1):
drm/panthor: Preserve the result returned by panthor_fw_resume()
Breno Leitao (1):
rhashtable: Fix potential deadlock by moving schedule_work outside lock
Bryan Brattlof (2):
arm64: dts: ti: k3-am62: Remove duplicate GICR reg
arm64: dts: ti: k3-am62a: Remove duplicate GICR reg
Bryan O'Donoghue (2):
clk: qcom: camcc-x1e80100: Set titan_top_gdsc as the parent GDSC of subordinate GDSCs
arm64: dts: qcom: sdm845-db845c-navigation-mezzanine: Convert mezzanine riser to dtso
Calvin Owens (1):
pps: Fix a use-after-free
Cezary Rojewski (4):
ASoC: Intel: avs: Do not readq() u32 registers
ASoC: Intel: avs: Fix the minimum firmware version numbers
ASoC: Intel: avs: Fix theoretical infinite loop
ALSA: hda: Fix compilation of snd_hdac_adsp_xxx() helpers
Charles Han (4):
ipmi: ipmb: Add check devm_kasprintf() returned value
wifi: mt76: mt7925: fix NULL deref check in mt7925_change_vif_links
Bluetooth: btbcm: Fix NULL deref in btbcm_get_board_name()
firewire: test: Fix potential null dereference in firewire kunit test
Chen Ni (1):
media: lmedm04: Handle errors for lme2510_int_read
Chen Ridong (5):
crypto: tegra - do not transfer req when tegra init fails
padata: fix UAF in padata_reorder
padata: add pd get/put refcnt helper
padata: avoid UAF for reorder_work
memcg: fix soft lockup in the OOM process
Chen-Yu Tsai (12):
regulator: dt-bindings: mt6315: Drop regulator-compatible property
arm64: dts: mediatek: mt8173-evb: Drop regulator-compatible property
arm64: dts: mediatek: mt8173-elm: Drop regulator-compatible property
arm64: dts: mediatek: mt8192-asurada: Drop regulator-compatible property
arm64: dts: mediatek: mt8195-cherry: Drop regulator-compatible property
arm64: dts: mediatek: mt8195-demo: Drop regulator-compatible property
arm64: dts: medaitek: mt8395-nio-12l: Drop regulator-compatible property
arm64: dts: mediatek: mt8395-genio-1200-evk: Drop regulator-compatible property
arm64: dts: mediatek: mt8173-elm: Fix MT6397 PMIC sub-node names
arm64: dts: mediatek: mt8173-evb: Fix MT6397 PMIC sub-node names
arm64: dts: mediatek: mt8183-kukui-jacuzzi: Drop pp3300_panel voltage settings
remoteproc: mtk_scp: Only populate devices for SCP cores
Chengming Zhou (1):
psi: Fix race when task wakes up before psi_sched_switch() adjusts flags
Chenyuan Yang (1):
net: davicom: fix UAF in dm9000_drv_remove
Chih-Kang Chang (1):
wifi: rtw89: avoid to init mgnt_entry list twice when WoWLAN failed
Christian Marangi (1):
net: airoha: Fix wrong GDM4 register definition
Christoph Hellwig (4):
block: copy back bounce buffer to user-space correctly in case of split
block: check BLK_FEAT_POLL under q_usage_count
block: don't update BLK_FEAT_POLL in __blk_mq_update_nr_hw_queues
xfs: check for dead buffers in xfs_buf_find_insert
Christophe JAILLET (3):
drm/amd/pm: Fix an error handling path in vega10_enable_se_edc_force_stall_config()
wifi: mt76: mt7915: Fix an error handling path in mt7915_add_interface()
pinctrl: samsung: Fix irq handling if an error occurs in exynos_irq_demux_eint16_31()
Christophe Leroy (4):
select: Fix unbalanced user_access_end()
perf maps: Fix display of kernel symbols
perf machine: Don't ignore _etext when not a text symbol
module: Don't fail module loading when setting ro_after_init section RO failed
Chuck Lever (1):
Revert "SUNRPC: Reduce thread wake-up rate when receiving large RPC messages"
Chun-Tse Shao (1):
perf lock: Fix parse_lock_type which only retrieve one lock flag
Claudiu Beznea (3):
ASoC: renesas: rz-ssi: Use only the proper amount of dividers
arm64: dts: renesas: rzg3s-smarc: Fix the debug serial alias
ASoC: da7213: Initialize the mutex
Colin Ian King (1):
wifi: rtlwifi: rtl8821ae: phy: restore removed code to fix infinite loop
Conor Dooley (1):
PCI: microchip: Add support for using either Root Port 1 or 2
Cristian Birsan (2):
ARM: dts: microchip: sama5d29_curiosity: Add no-1-8-v property to sdmmc0 node
ARM: dts: microchip: sama5d27_wlsom1_ek: Add no-1-8-v property to sdmmc0 node
Daire McNamara (1):
PCI: microchip: Set inbound address translation for coherent or non-coherent mode
Dan Carpenter (4):
wifi: mt76: mt7925: fix off by one in mt7925_load_clc()
rdma/cxgb4: Prevent potential integer overflow on 32bit
rtc: tps6594: Fix integer overflow on 32bit systems
media: imx-jpeg: Fix potential error pointer dereference in detach_pm()
Daniel Baluta (1):
ASoC: amd: acp: Fix possible deadlock
Daniel Gabay (1):
wifi: iwlwifi: mvm: don't count mgmt frames as MPDU
Daniel Lee (1):
f2fs: Introduce linear search for dentries
Daniel Xu (1):
bpf: tcp: Mark bpf_load_hdr_opt() arg2 as read-write
Darrick J. Wong (1):
xfs: don't shut down the filesystem for media failures beyond end of log
Dave Stevenson (2):
media: i2c: imx290: Register 0x3011 varies between imx327 and imx290
media: i2c: ov9282: Correct the exposure offset
David Howells (6):
afs: Fix EEXIST error returned from afs_rmdir() to be ENOTEMPTY
afs: Fix directory format encoding struct
afs: Fix cleanup of immediately failed async calls
afs: Fix the fallback handling for the YFS.RemoveFile2 RPC call
rxrpc: Fix handling of received connection abort
rxrpc, afs: Fix peer hash locking vs RCU callback
Derek Foreman (1):
drm/connector: Allow clearing HDMI infoframes
Desnes Nunes (1):
media: dvb-usb-v2: af9035: fix ISO C90 compilation error on af9035_i2c_master_xfer
Detlev Casanova (1):
ASoC: rockchip: i2s_tdm: Re-add the set_sysclk callback
Dheeraj Reddy Jonnalagadda (1):
net: fec: implement TSO descriptor cleanup
Dimitri Fedrau (1):
net: phy: marvell-88q2xxx: Fix temperature measurement with reset-gpios
Dmitry Antipov (1):
wifi: cfg80211: adjust allocation of colocated AP data
Dmitry Baryshkov (28):
drm/msm/dp: set safe_to_exit_level before printing it
drm/msm/dpu: provide DSPP and correct LM config for SDM670
drm/msm/dpu: link DSPP_2/_3 blocks on SM8150
drm/msm/dpu: link DSPP_2/_3 blocks on SC8180X
drm/msm/dpu: link DSPP_2/_3 blocks on SM8250
drm/msm/dpu: link DSPP_2/_3 blocks on SM8350
drm/msm/dpu: link DSPP_2/_3 blocks on SM8550
drm/msm/dpu: link DSPP_2/_3 blocks on SM8650
drm/msm/dpu: link DSPP_2/_3 blocks on X1E80100
drm/msm: don't clean up priv->kms prematurely
drm/msm/mdp4: correct LCDC regulator name
arm64: dts: qcom: msm8916: correct sleep clock frequency
arm64: dts: qcom: msm8939: correct sleep clock frequency
arm64: dts: qcom: msm8994: correct sleep clock frequency
arm64: dts: qcom: qcs404: correct sleep clock frequency
arm64: dts: qcom: q[dr]u1000: correct sleep clock frequency
arm64: dts: qcom: qrb4210-rb2: correct sleep clock frequency
arm64: dts: qcom: sc7280: correct sleep clock frequency
arm64: dts: qcom: sdx75: correct sleep clock frequency
arm64: dts: qcom: sm4450: correct sleep clock frequency
arm64: dts: qcom: sm6125: correct sleep clock frequency
arm64: dts: qcom: sm6375: correct sleep clock frequency
arm64: dts: qcom: sm8250: correct sleep clock frequency
arm64: dts: qcom: sm8350: correct sleep clock frequency
arm64: dts: qcom: sm8450: correct sleep clock frequency
arm64: dts: qcom: sm8550: correct sleep clock frequency
arm64: dts: qcom: sm8650: correct sleep clock frequency
arm64: dts: qcom: x1e80100: correct sleep clock frequency
Dmitry V. Levin (1):
selftests: harness: fix printing of mismatch values in __EXPECT()
Dmytro Maluka (1):
of/fdt: Restore possibility to use both ACPI and FDT from bootloader
Douglas Anderson (1):
Bluetooth: btusb: mediatek: Add locks for usb_driver_claim_interface()
Drew Fustini (3):
clk: thead: Fix clk gate registration to pass flags
clk: thead: Add CLK_IGNORE_UNUSED to fix TH1520 boot
clk: thead: Fix cpu2vp_clk for TH1520 AP_SUBSYS clocks
Edward Cree (1):
net: ethtool: only allow set_rxnfc with rss + ring_cookie if driver opts in
Emil Tantilov (2):
idpf: add read memory barrier when checking descriptor done bit
idpf: fix transaction timeouts on reset
Eric Dumazet (11):
net_sched: sch_sfq: handle bigger packets
inetpeer: remove create argument of inet_getpeer_v[46]()
inetpeer: remove create argument of inet_getpeer()
inetpeer: update inetpeer timestamp in inet_getpeer()
inetpeer: do not get a refcount in inet_getpeer()
ptr_ring: do not block hard interrupts in ptr_ring_resize_multiple()
ax25: rcu protect dev->ax25_ptr
inet: ipmr: fix data-races
ipmr: do not call mr_mfc_uses_dev() for unres entries
net: rose: fix timer races against user threads
net: hsr: fix fill_frame_info() regression vs VLAN packets
Eric-SY Chang (1):
wifi: mt76: mt7925: fix wrong band_idx setting when enable sniffer mode
Eugen Hristev (1):
pstore/blk: trivial typo fixes
Everest K.C (1):
xfrm: Add error handling when nla_put_u32() returns an error
Felix Fietkau (4):
wifi: mt76: mt7996: fix rx filter setting for bfee functionality
wifi: mt76: only enable tx worker after setting the channel
wifi: mt76: mt7915: firmware restart on devices with a second pcie link
wifi: mt76: mt7915: fix omac index assignment after hardware reset
Florian Westphal (2):
netfilter: nft_flow_offload: update tcp state flags under lock
xfrm: state: fix out-of-bounds read during lookup
Frank Li (1):
PCI: imx6: Configure PHY based on Root Complex or Endpoint mode
Frank Wunderlich (1):
arm64: dts: mediatek: mt7988: Add missing clock-div property for i2c
Gal Pressman (2):
ethtool: Fix set RXNFC command with symmetric RSS hash
ethtool: Fix access to uninitialized fields in set RXNFC command
Gao Xiang (4):
erofs: get rid of erofs_{find,insert}_workgroup
erofs: move erofs_workgroup operations into zdata.c
erofs: sunset `struct erofs_workgroup`
erofs: fix potential return value overflow of z_erofs_shrink_scan()
Gaurav Batra (1):
powerpc/pseries/iommu: IOMMU incorrectly marks MMIO range in DDW
Gaurav Jain (1):
crypto: caam - use JobR's space to access page 0 regs
Gautham R. Shenoy (1):
cpufreq: ACPI: Fix max-frequency computation
Geert Uytterhoeven (4):
ps3disk: Do not use dev->bounce_size before it is set
dt-bindings: leds: class-multicolor: Fix path to color definitions
selftests: timers: clocksource-switch: Adapt progress to kselftest framework
dma-mapping: save base/size instead of pointer to shared DMA pool
George Lander (1):
ASoC: sun4i-spdif: Add clock multiplier settings
Greg Kroah-Hartman (1):
Linux 6.12.13
Guangguan Wang (1):
net/smc: fix data error when recvmsg with MSG_PEEK flag
Guixin Liu (2):
scsi: ufs: bsg: Delete bsg_dev when setting up bsg fails
scsi: mpi3mr: Fix possible crash when setting up bsg fails
He Rongguang (1):
cpupower: fix TSC MHz calculation
Heiko Carstens (1):
s390/sclp: Initialize sclp subsystem via arch_cpu_finalize_init()
Heiko Stuebner (1):
drm/rockchip: vop2: fix rk3588 dp+dsi maxclk verification
Herbert Xu (2):
crypto: api - Fix boot-up self-test race
rhashtable: Fix rhashtable_try_insert test
Hermes Wu (1):
drm/bridge: it6505: Change definition of AUX_FIFO_MAX_SIZE
Hou Tao (1):
bpf: Cancel the running bpf_timer through kworker for PREEMPT_RT
Howard Chu (2):
perf trace: Fix BPF loading failure (-E2BIG)
perf trace: Fix runtime error of index out of bounds
Howard Hsu (2):
wifi: mt76: mt7996: fix the capability of reception of EHT MU PPDU
wifi: mt76: mt7996: fix HE Phy capability
Hsin-Te Yuan (2):
arm64: dts: mediatek: mt8183: kenzo: Support second source touchscreen
arm64: dts: mediatek: mt8183: willow: Support second source touchscreen
Hsin-Yi Wang (1):
arm64: dts: mt8183: set DMIC one-wire mode on Damu
Huacai Chen (1):
LoongArch: Fix warnings during S3 suspend
Ian Rogers (1):
perf inject: Fix use without initialization of local variables
Ilan Peer (1):
wifi: mac80211: Fix common size calculation for ML element
Ivan Stepchenko (1):
drm/amdgpu: Fix potential NULL pointer dereference in atomctrl_get_smc_sclk_range_table
Jakub Kicinski (3):
net: netdevsim: try to close UDP port harness races
tools: ynl: c: correct reverse decode of empty attrs
ethtool: ntuple: fix rss + ring_cookie check
Jamal Hadi Salim (1):
net: sched: Disallow replacing of child qdisc from one parent to another
Jan Stancek (2):
selftests: mptcp: extend CFLAGS to keep options from environment
selftests: net/{lib,openvswitch}: extend CFLAGS to keep options from environment
Jason Gunthorpe (1):
iommu/arm-smmuv3: Update comments about ATS and bypass
Jason-JH.Lin (1):
dts: arm64: mediatek: mt8195: Remove MT8183 compatible for OVL
Javier Carrasco (2):
clk: renesas: cpg-mssr: Fix 'soc' node handling in cpg_mssr_reserved_init()
soc: atmel: fix device_node release in atmel_soc_device_init()
Jens Axboe (2):
nvme: fix bogus kzalloc() return check in nvme_init_effects_log()
io_uring/uring_cmd: use cached cmd_op in io_uring_cmd_sock()
Jiachen Zhang (1):
perf report: Fix misleading help message about --demangle
Jian Shen (1):
net: hns3: fix oops when unload drivers paralleling
Jianbo Liu (1):
xfrm: replay: Fix the update of replay_esn->oseq_hi for GSO
Jiang Liu (1):
drm/amdgpu: tear down ttm range manager for doorbell in amdgpu_ttm_fini()
Jiasheng Jiang (3):
media: marvell: Add check for clk_enable()
media: mipi-csis: Add check for clk_enable()
media: camif-core: Add check for clk_enable()
Jiayuan Chen (1):
selftests/bpf: Avoid generating untracked files when running bpf selftests
Jinliang Zheng (1):
fs: fix proc_handler for sysctl_nr_open
Jiri Kosina (1):
HID: multitouch: fix support for Goodix PID 0x01e9
Jiri Slaby (SUSE) (1):
tty: mips_ejtag_fdc: fix one more u8 warning
Joe Hattori (14):
clk: fix an OF node reference leak in of_clk_get_parent_name()
ACPI: fan: cleanup resources in the error path of .probe()
leds: netxbig: Fix an OF node reference leak in netxbig_leds_get_of_pdata()
regulator: of: Implement the unwind path of of_regulator_match()
OPP: OF: Fix an OF node leak in _opp_add_static_v2()
leds: cht-wcove: Use devm_led_classdev_register() to avoid memory leak
crypto: ixp4xx - fix OF node reference leaks in init_ixp_crypto()
memory: tegra20-emc: fix an OF node reference bug in tegra_emc_find_node_by_ram_code()
fbdev: omapfb: Fix an OF node leak in dss_of_port_get_parent_device()
mtd: hyperbus: hbmc-am654: fix an OF node reference leak
watchdog: rti_wdt: Fix an OF node leak in rti_wdt_probe()
staging: media: imx: fix OF node leak in imx_media_add_of_subdevs()
dmaengine: ti: edma: fix OF node reference leaks in edma_driver
usb: dwc3-am62: Fix an OF node leak in phy_syscon_pll_refclk()
Joel Stanley (2):
hwmon: Fix help text for aspeed-g6-pwm-tach
arm64: dts: qcom: x1e80100-romulus: Update firmware nodes
Johannes Berg (3):
wifi: iwlwifi: fw: read STEP table from correct UEFI var
wifi: mac80211: prohibit deactivating all links
wifi: mac80211: don't flush non-uploaded STAs
Johannes Weiner (1):
sched: psi: pass enqueue/dequeue flags to psi callbacks directly
John Ogness (2):
printk: Defer legacy printing when holding printk_cpu_sync
serial: 8250: Adjust the timeout for FIFO mode
John Stultz (1):
sched: Split out __schedule() deactivate task logic into a helper
Jon Maloy (1):
tcp: correct handling of extreme memory squeeze
Jonas Karlman (1):
arm64: dts: rockchip: Fix sdmmc access on rk3308-rock-s0 v1.1 boards
Jonathan Kim (1):
drm/amdgpu: fix gpu recovery disable with per queue reset
Jos Wang (1):
usb: typec: tcpm: set SRC_SEND_CAPABILITIES timeout to PD_T_SENDER_RESPONSE
Josua Mayer (2):
arm64: dts: marvell: cn9131-cf-solidwan: fix cp1 comphy links
arm64: dts: ti: k3-am642-hummingboard-t: Convert overlay to board dts
Junxian Huang (1):
RDMA/hns: Clean up the legacy CONFIG_INFINIBAND_HNS
K Prateek Nayak (1):
x86/topology: Use x86_sched_itmt_flags for PKG domain unconditionally
Kailang Yang (1):
ALSA: hda/realtek - Fixed headphone distorted sound on Acer Aspire A115-31 laptop
Kalesh AP (1):
RDMA/bnxt_re: Fix to drop reference to the mmap entry in case of error
Kanchana P Sridhar (1):
crypto: iaa - Fix IAA disabling that occurs when sync_mode is set to 'async'
Karol Przybylski (1):
HID: hid-thrustmaster: Fix warning in thrustmaster_probe by adding endpoint check
Kees Cook (2):
coredump: Do not lock during 'comm' reporting
wifi: cfg80211: Move cfg80211_scan_req_add_chan() n_channels increment earlier
Keisuke Nishimura (2):
nvme: Add error check for xa_store in nvme_get_effects_log
nvme: Add error path for xa_store in nvme_init_effects
King Dix (1):
PCI: rcar-ep: Fix incorrect variable used when calling devm_request_mem_region()
Konrad Dybcio (3):
arm64: dts: qcom: msm8996: Fix up USB3 interrupts
arm64: dts: qcom: msm8994: Describe USB interrupts
arm64: dts: qcom: sc8280xp: Fix up remoteproc register space sizes
Kory Maincent (2):
net: ravb: Fix missing rtnl lock in suspend/resume path
net: sh_eth: Fix missing rtnl lock in suspend/resume path
Krishna chaitanya chundru (1):
PCI: qcom: Update ICC and OPP values after Link Up event
Krzysztof Kozlowski (3):
arm64: dts: qcom: sm8650: Fix CDSP context banks unit addresses
arm64: dts: qcom: sc7180: change labels to lower-case
firmware: qcom: scm: Cleanup global '__scm' on probe failures
Kunihiko Hayashi (2):
net: stmmac: Limit the number of MTL queues to hardware capability
net: stmmac: Limit FIFO size by hardware capability
Kuniyuki Iwashima (1):
dev: Acquire netdev_rename_lock before restoring dev->name in dev_change_name().
Kyle Tso (2):
usb: dwc3: core: Defer the probe until USB power supply ready
usb: typec: tcpci: Prevent Sink disconnection before vPpsShutdown in SPR PPS
Laurent Pinchart (1):
media: uvcvideo: Fix double free in error path
Laurentiu Palcu (2):
media: nxp: imx8-isi: fix v4l2-compliance test errors
staging: media: max96712: fix kernel oops when removing module
Len Brown (1):
tools/power turbostat: Fix forked child affinity regression
Leon Hwang (1):
selftests/bpf: Add test to verify tailcall and freplace restrictions
Leon Romanovsky (1):
RDMA/mlx4: Avoid false error about access to uninitialized gids array
Leon Yen (1):
wifi: mt76: mt7925: Fix CNM Timeout with Single Active Link in MLO
Levi Yun (1):
perf expr: Initialize is_test value in expr__ctx_new()
Li Zhijian (1):
RDMA/rtrs: Add missing deinit() call
Lianqin Hu (1):
ALSA: usb-audio: Add delay quirk for iBasso DC07 Pro
Lin Yujun (1):
hexagon: Fix unbalanced spinlock in die()
Liu Jian (1):
net: let net.core.dev_weight always be non-zero
Lorenzo Bianconi (1):
net: airoha: Fix error path in airoha_probe()
Luca Ceresoli (1):
gpio: pca953x: log an error when failing to get the reset GPIO
Luca Weiss (2):
arm64: dts: qcom: sm7225-fairphone-fp4: Drop extra qcom,msm-id value
media: i2c: imx412: Add missing newline to prints
Luo Yifan (1):
tools/bootconfig: Fix the wrong format specifier
Ma Ke (1):
RDMA/srp: Fix error handling in srp_add_port
Maciej S. Szmigiero (1):
pinctrl: amd: Take suspend type into consideration which pins are non-wake
Mahdi Arghavani (1):
tcp_cubic: fix incorrect HyStart round start detection
Maher Sanalla (1):
net/mlxfw: Drop hard coded max FW flash image size
Mamta Shukla (1):
arm: dts: socfpga: use reset-name "stmmaceth-ocp" instead of "ahb"
Manivannan Sadhasivam (3):
cpufreq: qcom: Fix qcom_cpufreq_hw_recalc_rate() to query LUT if LMh IRQ is not available
cpufreq: qcom: Implement clk_ops::determine_rate() for qcom_cpufreq* clocks
PCI: endpoint: pci-epf-test: Fix check for DMA MEMCPY test
Manoj Vishwanathan (1):
idpf: Acquire the lock before accessing the xn->salt
Marcel Hamer (1):
wifi: brcmfmac: add missing header include for brcmf_dbg
Marco Leogrande (2):
tools/testing/selftests/bpf/test_tc_tunnel.sh: Fix wait for server bind
idpf: convert workqueues to unbound
Marek Vasut (5):
clk: imx8mp: Fix clkout1/2 support
ARM: dts: stm32: Increase CPU core voltage on STM32MP13xx DHCOR SoM
ARM: dts: stm32: Deduplicate serial aliases and chosen node for STM32MP15xx DHCOM SoM
ARM: dts: stm32: Swap USART3 and UART8 alias on STM32MP15xx DHCOM SoM
arm64: dts: qcom: msm8996-xiaomi-gemini: Fix LP5562 LED1 reg property
Mark Brown (1):
spi: omap2-mcspi: Correctly handle devm_clk_get_optional() errors
Martin KaFai Lau (2):
bpf: bpf_local_storage: Always use bpf_mem_alloc in PREEMPT_RT
bpf: Reject struct_ops registration that uses module ptr and the module btf_id is missing
Masahiro Yamada (5):
module: Convert default symbol namespace to string literal
genksyms: fix memory leak when the same symbol is added from source
genksyms: fix memory leak when the same symbol is read from *.symref file
kconfig: fix file name in warnings when loading KCONFIG_DEFCONFIG_LIST
kconfig: fix memory leak in sym_warn_unmet_dep()
Masami Hiramatsu (Google) (1):
selftests/ftrace: Fix to use remount when testing mount GID option
Mateusz Polchlopek (3):
ice: rework of dump serdes equalizer values feature
ice: extend dump serdes equalizer values feature
ice: remove invalid parameter of equalizer
Mathieu Desnoyers (1):
selftests/rseq: Fix handling of glibc without rseq support
Matthieu Baerts (NGI0) (2):
mptcp: pm: only set fullmesh for subflow endp
mptcp: blackhole only if 1st SYN retrans w/o MPC is accepted
Matti Vaittinen (1):
dt-bindings: mfd: bd71815: Fix rsense and typos
Max Chou (1):
Bluetooth: btrtl: check for NULL in btrtl_setup_realtek()
Maíra Canal (1):
drm/v3d: Fix performance counter source settings on V3D 7.x
Michael Ellerman (1):
selftests/powerpc: Fix argument order to timer_sub()
Michael Guralnik (1):
RDMA/mlx5: Fix indirect mkey ODP page count
Michael Lo (1):
wifi: mt76: mt7921: fix using incorrect group cipher after disconnection.
Michael Riesch (1):
arm64: dts: rockchip: fix num-channels property of wolfvision pf5 mic
Michal Luczaj (1):
vsock: Allow retrying on connect() failure
Michal Pecio (1):
usb: xhci: Fix NULL pointer dereference on certain command aborts
Michal Swiatkowski (1):
iavf: allow changing VLAN state without calling PF
Mickaël Salaün (4):
selftests: ktap_helpers: Fix uninitialized variable
landlock: Handle weird files
selftests/landlock: Fix build with non-default pthread linking
selftests/landlock: Fix error message
Mike Snitzer (1):
nfs: fix incorrect error handling in LOCALIO
Min-Hua Chen (1):
drm/rockchip: vop2: include rockchip_drm_drv.h
Ming Wang (1):
rtc: loongson: clear TOY_MATCH0_REG in loongson_rtc_isr()
Ming Yen Hsieh (15):
wifi: mt76: mt7925: fix get wrong chip cap from incorrect pointer
wifi: mt76: mt7925: fix the invalid ip address for arp offload
wifi: mt76: mt7925: Fix incorrect MLD address in bss_mld_tlv for MLO support
wifi: mt76: mt7925: Fix incorrect WCID assignment for MLO
wifi: mt76: mt7925: fix wrong parameter for related cmd of chan info
wifi: mt76: mt7925: Enhance mt7925_mac_link_bss_add to support MLO
wifi: mt76: Enhance mt7925_mac_link_sta_add to support MLO
wifi: mt76: mt7925: Update mt7925_mcu_sta_update for BC in ASSOC state
wifi: mt76: mt7925: Update mt792x_rx_get_wcid for per-link STA
wifi: mt76: mt7925: Update mt7925_unassign_vif_chanctx for per-link BSS
wifi: mt76: mt7925: Update secondary link PS flow
wifi: mt76: mt7925: Init secondary link PM state
wifi: mt76: mt7925: Update mt7925_mcu_uni_[tx,rx]_ba for MLO
wifi: mt76: mt7925: Cleanup MLO settings post-disconnection
wifi: mt76: mt7925: Properly handle responses for commands with events
Mingwei Zheng (5):
spi: zynq-qspi: Add check for clk_enable()
pwm: stm32-lp: Add check for clk_enable()
pwm: stm32: Add check for clk_enable()
pinctrl: nomadik: Add check for clk_enable()
pinctrl: stm32: Add check for clk_enable()
Miri Korenblit (1):
wifi: iwlwifi: mvm: avoid NULL pointer dereference
Mohamed Khalfella (1):
PCI: endpoint: pci-epf-test: Set dma_chan_rx pointer to NULL on error
Namhyung Kim (1):
perf test: Skip syscall enum test if no landlock syscall
Nathan Chancellor (1):
s390: Add '-std=gnu11' to decompressor and purgatory CFLAGS
Neeraj Sanjay Kale (1):
Bluetooth: btnxpuart: Fix glitches seen in dual A2DP streaming
Neil Armstrong (9):
OPP: add index check to assert to avoid buffer overflow in _read_freq()
OPP: fix dev_pm_opp_find_bw_*() when bandwidth table not initialized
dt-bindings: mmc: controller: clarify the address-cells description
arm64: dts: qcom: qcm6490-shift-otter: remove invalid orientation-switch
arm64: dts: qcom: sdm845-db845c-navigation-mezzanine: remove disabled ov7251 camera
arm64: dts: qcom: sc7180-trogdor-quackingstick: add missing avee-supply
arm64: dts: qcom: sc7180-trogdor-pompom: rename 5v-choke thermal zone
arm64: dts: qcom: sc7180: fix psci power domain node names
arm64: dts: qcom: sm8150-microsoft-surface-duo: fix typos in da7280 properties
Nicolas Cavallari (1):
wifi: mt76: mt7915: Fix mesh scan on MT7916 DBDC
Nicolas Ferre (1):
ARM: at91: pm: change BU Power Switch to automatic mode
Nikita Zhandarovich (2):
net/rose: prevent integer overflows in rose_setsockopt()
net: usb: rtl8150: enable basic endpoint checking
Nícolas F. R. A. Prado (2):
arm64: dts: mediatek: mt8186: Move wakeup to MTU3 to get working suspend
arm64: dts: mediatek: mt8195: Remove suspend-breaking reset from pcie1
Octavian Purdila (2):
net_sched: sch_sfq: don't allow 1 packet limit
team: prevent adding a device which is already a team device lower
Oleksij Rempel (1):
rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read
Olga Kornievskaia (2):
NFSv4.2: fix COPY_NOTIFY xdr buf size calculation
NFSv4.2: mark OFFLOAD_CANCEL MOVEABLE
Oliver Neukum (1):
media: rc: iguanair: handle timeouts
Oreoluwa Babatunde (1):
of: reserved_mem: Restructure how the reserved memory regions are processed
Pablo Neira Ayuso (2):
netfilter: nf_tables: fix set size with rbtree backend
netfilter: nf_tables: reject mismatching sum of field_len with set key length
Pali Rohár (3):
cifs: Use cifs_autodisable_serverino() for disabling CIFS_MOUNT_SERVER_INUM in readdir.c
cifs: Validate EAs for WSL reparse points
cifs: Fix getting and setting SACLs over SMB1
Palmer Dabbelt (1):
RISC-V: Mark riscv_v_init() as __init
Paolo Abeni (2):
mptcp: consolidate suboption status
mptcp: handle fastopen disconnect correctly
Parth Pancholi (1):
kbuild: switch from lz4c to lz4 for compression
Patrisious Haddad (1):
RDMA/mlx5: Fix implicit ODP use after free
Patryk Wlazlyn (2):
tools/power turbostat: Allow using cpu device in perf counters on hybrid platforms
tools/power turbostat: Fix PMT mmaped file size rounding
Paul Fertser (1):
net/ncsi: use dev_set_mac_address() for Get MC MAC Address handling
Paul Menzel (1):
scsi: mpt3sas: Set ioc->manu_pg11.EEDPTagMode directly to 1
Paulo Alcantara (1):
smb: client: fix oops due to unset link speed
Pei Xiao (4):
platform/mellanox: mlxbf-pmc: incorrect type in assignment
platform/x86: x86-android-tablets: make platform data be static
bpf: Use refcount_t instead of atomic_t for mmap_count
i3c: dw: Fix use-after-free in dw_i3c_master driver due to race condition
Peng Fan (1):
clk: imx: Apply some clks only for i.MX93
Pengfei Li (4):
dt-bindings: clock: imx93: Drop IMX93_CLK_END macro definition
dt-bindings: clock: Add i.MX91 clock support
clk: imx93: Move IMX93_CLK_END macro to clk driver
clk: imx: add i.MX91 clk
Perry Yuan (1):
x86/cpu: Enable SD_ASYM_PACKING for PKG domain on AMD
Peter Chiu (4):
wifi: mt76: mt7915: fix register mapping
wifi: mt76: mt7996: fix register mapping
wifi: mt76: mt7996: add max mpdu len capability
wifi: mt76: mt7996: fix ldpc setting
Peter Zijlstra (2):
sched/fair: Untangle NEXT_BUDDY and pick_next_task()
sched/fair: Fix value reported by hot tasks pulled in /proc/schedstat
Ping-Ke Shih (1):
wifi: rtw89: fix race between cancel_hw_scan and hw_scan completion
Przemek Kitszel (1):
ice: fix ice_parser_rt::bst_key array size
Pu Lehui (3):
selftests/bpf: Fix btf leak on new btf alloc failure in btf_distill test
libbpf: Fix return zero when elf_begin failed
libbpf: Fix incorrect traversal end type ID when marking BTF_IS_EMBEDDED
Puranjay Mohan (1):
bpf: Send signals asynchronously if !preemptible
Qasim Ijaz (1):
iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index()
Qu Wenruo (4):
btrfs: improve the warning and error message for btrfs_remove_qgroup()
btrfs: subpage: fix the bitmap dump of the locked flags
btrfs: output the reason for open_ctree() failure
btrfs: do proper folio cleanup when run_delalloc_nocow() failed
Quan Nguyen (1):
ipmi: ssif_bmc: Fix new request loss when bmc ready for a response
Quentin Monnet (1):
libbpf: Fix segfault due to libelf functions not setting errno
Rafał Miłecki (2):
ARM: dts: mediatek: mt7623: fix IR nodename
bgmac: reduce max frame size to support just MTU 1500
Randy Dunlap (2):
partitions: ldm: remove the initial kernel-doc notation
efi: sysfb_efi: fix W=1 warnings when EFI is not set
Ray Chi (1):
usb: dwc3: Skip resume if pm_runtime_set_active() fails
Rex Nie (1):
drm/msm/hdmi: simplify code in pll_get_integloop_gain
Ricardo B. Marliere (1):
ktest.pl: Check kernelrelease return in get_version
Ricardo Ribalda (1):
media: uvcvideo: Propagate buf->error to userspace
Richard Zhu (4):
PCI: imx6: Skip controller_id generation logic for i.MX7D
PCI: imx6: Deassert apps_reset in imx_pcie_deassert_core_reset()
PCI: imx6: Add missing reference clock disable logic
PCI: dwc: Always stop link in the dw_pcie_suspend_noirq
Ricky CX Wu (3):
ARM: dts: aspeed: yosemite4: correct the compatible string of adm1272
ARM: dts: aspeed: yosemite4: Add required properties for IOE on fan boards
ARM: dts: aspeed: yosemite4: correct the compatible string for max31790
Rob Herring (Arm) (1):
mfd: syscon: Fix race in device_node_get_regmap()
Roger Quadros (1):
net: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns()
Ross Burton (1):
arm64: defconfig: remove obsolete CONFIG_SM_DISPCC_8650
Ryusuke Konishi (3):
nilfs2: do not force clear folio if buffer is referenced
nilfs2: protect access to buffers with no active references
nilfs2: handle errors that nilfs_prepare_chunk() may return
Sagi Grimberg (1):
nvme-tcp: Fix I/O queue cpu spreading for multiple controllers
Saket Kumar Bhaskar (1):
selftests/bpf: Fix fill_link_info selftest on powerpc
Sathishkumar Muruganandam (1):
wifi: ath12k: fix tx power, max reg power update to firmware
Sean Christopherson (1):
KVM: x86: Plumb in the vCPU to kvm_x86_ops.hwapic_isr_update()
Sean Rhodes (1):
drivers/card_reader/rtsx_usb: Restore interrupt based detection
Sean Wang (1):
wifi: mt76: connac: Extend mt76_connac_mcu_uni_add_dev for MLO
Sebastian Andrzej Siewior (1):
module: Extend the preempt disabled section in dereference_symbol_descriptor().
Sebastian Sewior (1):
xfrm: Don't disable preemption while looking up cache state.
Sergio Paracuellos (1):
clk: ralink: mtmips: remove duplicated 'xtal' clock for Ralink SoC RT3883
Shayne Chen (1):
wifi: mt76: mt7996: fix invalid interface combinations
Shengjiu Wang (3):
dt-bindings: clock: imx93: Add SPDIF IPG clk
clk: imx93: Add IMX93_CLK_SPDIF_IPG clock
arm64: dts: imx93: Use IMX93_CLK_SPDIF_IPG as SPDIF IPG clock
Shigeru Yoshida (1):
vxlan: Fix uninit-value in vxlan_vnifilter_dump()
Shinas Rasheed (2):
octeon_ep: remove firmware stats fetch in ndo_get_stats64
octeon_ep_vf: remove firmware stats fetch in ndo_get_stats64
Shivaprasad G Bhat (1):
powerpc/pseries/iommu: Don't unset window if it was never set
Simon Trimmer (2):
ASoC: Intel: sof_sdw: Fix DMI match for Lenovo 83LC
ASoC: Intel: sof_sdw: Fix DMI match for Lenovo 83JX, 83MC and 83NM
Song Yoong Siang (1):
selftests/bpf: Actuate tx_metadata_len in xdp_hw_metadata
Sourabh Jain (1):
powerpc/book3s64/hugetlb: Fix disabling hugetlb when fadump is active
Stefano Brivio (1):
udp: Deal with race between UDP socket address change and rehash
Steffen Klassert (4):
xfrm: Add support for per cpu xfrm state handling.
xfrm: Cache used outbound xfrm states at the policy.
xfrm: Add an inbound percpu state cache.
xfrm: Fix acquire state insertion.
Su Yue (1):
ocfs2: mark dquot as inactive if failed to start trans while releasing dquot
Sui Jingfeng (2):
drm/etnaviv: Fix page property being used for non writecombine buffers
drm/msm: Check return value of of_dma_configure()
Sultan Alsawaf (unemployed) (1):
cpufreq: schedutil: Fix superfluous updates caused by need_freq_update
Suraj Sonawane (1):
iommu: iommufd: fix WARNING in iommufd_device_unbind
Takashi Iwai (4):
ASoC: cs40l50: Use *-y for Makefile
ASoC: mediatek: mt8365: Use *-y for Makefile
ASoC: wcd937x: Use *-y for Makefile
ALSA: seq: Make dependency on UMP clearer
Taniya Das (1):
arm64: dts: qcom: sa8775p: Update sleep_clk frequency
Terry Tritton (1):
HID: fix generic desktop D-Pad controls
Thadeu Lima de Souza Cascardo (9):
wifi: rtlwifi: do not complete firmware loading needlessly
wifi: rtlwifi: rtl8192se: rise completion of firmware loading as last step
wifi: rtlwifi: wait for firmware loading before releasing memory
wifi: rtlwifi: fix init_sw_vars leak when probe fails
wifi: rtlwifi: usb: fix workqueue leak when probe fails
wifi: rtlwifi: remove unused check_buddy_priv
wifi: rtlwifi: destroy workqueue at rtl_deinit_core
wifi: rtlwifi: fix memory leaks and invalid access at probe error path
wifi: rtlwifi: pci: wait for firmware loading before releasing memory
Thinh Nguyen (2):
usb: gadget: f_tcm: Fix Get/SetInterface return value
usb: gadget: f_tcm: Don't free command immediately
Thomas Gleixner (1):
genirq: Make handle_enforce_irqctx() unconditionally available
Thomas Weißschuh (2):
padata: fix sysfs store callback check
ptp: Properly handle compat ioctls
Tianchen Ding (1):
sched: Fix race between yield_to() and try_to_wake_up()
Tiezhu Yang (1):
LoongArch: Change 8 to 14 for LOONGARCH_MAX_{BRP,WRP}
Toke Høiland-Jørgensen (1):
net: xdp: Disallow attaching device-bound programs in generic mode
Uwe Kleine-König (2):
hwmon: (nct6775): Actually make use of the HWMON_NCT6775 symbol namespace
i2c: designware: Actually make use of the I2C_DW_COMMON and I2C_DW symbol namespaces
Val Packett (5):
arm64: dts: mediatek: mt8516: fix GICv2 range
arm64: dts: mediatek: mt8516: fix wdt irq type
arm64: dts: mediatek: mt8516: add i2c clock-div property
arm64: dts: mediatek: mt8516: reserve 192 KiB for TF-A
arm64: dts: mediatek: add per-SoC compatibles for keypad nodes
Vasily Gorbik (2):
s390/mm: Allow large pages for KASAN shadow mapping
Revert "s390/mm: Allow large pages for KASAN shadow mapping"
Vasily Khoruzhick (4):
dt-bindings: clock: sunxi: Export PLL_VIDEO_2X and PLL_MIPI
clk: sunxi-ng: a64: drop redundant CLK_PLL_VIDEO0_2X and CLK_PLL_MIPI
clk: sunxi-ng: a64: stop force-selecting PLL-MIPI as TCON0 parent
arm64: dts: allwinner: a64: explicitly assign clock parent for TCON0
Vishal Chourasia (1):
tools: Sync if_xdp.h uapi tooling header
Vladimir Zapolskiy (3):
arm64: dts: qcom: sc8280xp: Fix interrupt type of camss interrupts
arm64: dts: qcom: sdm845: Fix interrupt types of camss interrupts
arm64: dts: qcom: sm8250: Fix interrupt types of camss interrupts
WangYuli (1):
wifi: mt76: mt76u_vendor_request: Do not print error messages when -EPROTO
Wayne Lin (1):
drm/amd/display: Reduce accessing remote DPCD overhead
Wenkai Lin (2):
crypto: hisilicon/sec2 - fix for aead icv error
crypto: hisilicon/sec2 - fix for aead invalid authsize
Wentao Liang (1):
PM: hibernate: Add error handling for syscore_suspend()
Willem de Bruijn (1):
hexagon: fix using plain integer as NULL pointer warning in cmpxchg
Xin Long (1):
net: sched: refine software bypass handling in tc_run
Yabin Cui (1):
perf/core: Save raw sample data conditionally based on sample type
Yang Erkun (1):
block: retry call probe after request_module in blk_request_module
Yevgeny Kliteynik (1):
net/mlx5: HWS, fix definer's HWS_SET32 macro for negative offset
Yu Kuai (7):
nbd: don't allow reconnect after disconnect
md/md-bitmap: factor behind write counters out from bitmap_{start/end}write()
md/md-bitmap: remove the last parameter for bimtap_ops->endwrite()
md: add a new callback pers->bitmap_sector()
md/raid5: implement pers->bitmap_sector()
md/md-bitmap: move bitmap_{start, end}write to md upper layer
md/md-bitmap: Synchronize bitmap_get_stats() with bitmap lifetime
Zhongqiu Han (3):
perf header: Fix one memory leakage in process_bpf_btf()
perf header: Fix one memory leakage in process_bpf_prog_info()
perf bpf: Fix two memory leakages when calling perf_env__insert_bpf_prog_info()
Zhu Yanjun (1):
RDMA/rxe: Fix the warning "__rxe_cleanup+0x12c/0x170 [rdma_rxe]"
Zichen Xie (2):
wifi: cfg80211: tests: Fix potential NULL dereference in test_cfg80211_parse_colocated_ap()
samples/landlock: Fix possible NULL dereference in parse_path()
Zijun Hu (5):
of: property: Avoiding using uninitialized variable @imaplen in parse_interrupt_map()
of: reserved-memory: Do not make kmemleak ignore freed address
PCI: endpoint: Destroy the EPC device in devm_pci_epc_destroy()
driver core: class: Fix wild pointer dereferences in API class_dev_iter_next()
of: reserved-memory: Warn for missing static reserved memory regions
Zong-Zhe Yang (6):
wifi: rtw89: handle entity active flag per PHY
wifi: rtw89: chan: manage active interfaces
wifi: rtw89: tweak setting of channel and TX power for MLO
wifi: rtw89: fix proceeding MCC with wrong scanning state after sequence changes
wifi: rtw89: chan: fix soft lockup in rtw89_entity_recalc_mgnt_roles()
wifi: rtw89: mcc: consider time limits not divisible by 1024
allan.wang (1):
wifi: mt76: mt7925: Fix incorrect WCID phy_idx assignment
david regan (1):
mtd: rawnand: brcmnand: fix status read of brcmnand_waitfunc
pangliyuan (1):
ubifs: skip dumping tnc tree when zroot is null
xueqin Luo (2):
wifi: mt76: mt7996: fix overflows seen when writing limit attributes
wifi: mt76: mt7915: fix overflows seen when writing limit attributes
zhenwei pi (1):
RDMA/rxe: Fix mismatched max_msg_sz
2 months, 3 weeks
- 1
- 1
Linux 6.6.76
by Greg Kroah-Hartman
I'm announcing the release of the 6.6.76 kernel.
All users of the 6.6 kernel series must upgrade.
The updated 6.6.y git tree can be found at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.6.y
and can be browsed at the normal kernel.org git web browser:
https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary
thanks,
greg k-h
------------
Documentation/devicetree/bindings/leds/leds-class-multicolor.yaml | 2
Documentation/devicetree/bindings/mfd/rohm,bd71815-pmic.yaml | 20
Documentation/devicetree/bindings/mmc/mmc-controller.yaml | 2
Documentation/devicetree/bindings/regulator/mt6315-regulator.yaml | 6
Makefile | 4
arch/arm/boot/dts/aspeed/aspeed-bmc-facebook-yosemite4.dts | 24
arch/arm/boot/dts/intel/socfpga/socfpga_arria10.dtsi | 6
arch/arm/boot/dts/mediatek/mt7623.dtsi | 2
arch/arm/boot/dts/microchip/at91-sama5d27_wlsom1_ek.dts | 2
arch/arm/boot/dts/st/stm32mp151.dtsi | 2
arch/arm/boot/dts/st/stm32mp15xx-dhcom-drc02.dtsi | 12
arch/arm/boot/dts/st/stm32mp15xx-dhcom-pdk2.dtsi | 10
arch/arm/boot/dts/st/stm32mp15xx-dhcom-picoitx.dtsi | 10
arch/arm/boot/dts/st/stm32mp15xx-dhcom-som.dtsi | 7
arch/arm/mach-at91/pm.c | 31
arch/arm/mach-omap1/board-nokia770.c | 2
arch/arm64/boot/dts/allwinner/sun50i-a64-pinebook.dts | 2
arch/arm64/boot/dts/allwinner/sun50i-a64-teres-i.dts | 2
arch/arm64/boot/dts/allwinner/sun50i-a64.dtsi | 2
arch/arm64/boot/dts/mediatek/mt8173-elm.dtsi | 29
arch/arm64/boot/dts/mediatek/mt8173-evb.dts | 25
arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi-damu.dts | 4
arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi-kenzo.dts | 15
arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi-willow.dtsi | 15
arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi.dtsi | 2
arch/arm64/boot/dts/mediatek/mt8183.dtsi | 3
arch/arm64/boot/dts/mediatek/mt8186.dtsi | 8
arch/arm64/boot/dts/mediatek/mt8192-asurada.dtsi | 3
arch/arm64/boot/dts/mediatek/mt8195-cherry.dtsi | 2
arch/arm64/boot/dts/mediatek/mt8195-demo.dts | 9
arch/arm64/boot/dts/mediatek/mt8195.dtsi | 5
arch/arm64/boot/dts/mediatek/mt8365.dtsi | 3
arch/arm64/boot/dts/mediatek/mt8516.dtsi | 11
arch/arm64/boot/dts/mediatek/pumpkin-common.dtsi | 2
arch/arm64/boot/dts/nvidia/tegra234.dtsi | 2
arch/arm64/boot/dts/qcom/Makefile | 3
arch/arm64/boot/dts/qcom/msm8916.dtsi | 2
arch/arm64/boot/dts/qcom/msm8939.dtsi | 2
arch/arm64/boot/dts/qcom/msm8994.dtsi | 11
arch/arm64/boot/dts/qcom/msm8996-xiaomi-gemini.dts | 2
arch/arm64/boot/dts/qcom/msm8996.dtsi | 9
arch/arm64/boot/dts/qcom/pm6150.dtsi | 2
arch/arm64/boot/dts/qcom/pm6150l.dtsi | 3
arch/arm64/boot/dts/qcom/qcs404.dtsi | 2
arch/arm64/boot/dts/qcom/qdu1000-idp.dts | 2
arch/arm64/boot/dts/qcom/qrb4210-rb2.dts | 2
arch/arm64/boot/dts/qcom/qru1000-idp.dts | 2
arch/arm64/boot/dts/qcom/sa8775p-ride.dts | 827 ----------
arch/arm64/boot/dts/qcom/sa8775p-ride.dtsi | 814 +++++++++
arch/arm64/boot/dts/qcom/sc7180-firmware-tfa.dtsi | 84 -
arch/arm64/boot/dts/qcom/sc7180-trogdor-coachz.dtsi | 9
arch/arm64/boot/dts/qcom/sc7180-trogdor-homestar.dtsi | 9
arch/arm64/boot/dts/qcom/sc7180-trogdor-pompom.dtsi | 7
arch/arm64/boot/dts/qcom/sc7180-trogdor-quackingstick.dtsi | 1
arch/arm64/boot/dts/qcom/sc7180-trogdor-wormdingler.dtsi | 9
arch/arm64/boot/dts/qcom/sc7180-trogdor.dtsi | 3
arch/arm64/boot/dts/qcom/sc7180.dtsi | 387 ++--
arch/arm64/boot/dts/qcom/sc7280.dtsi | 2
arch/arm64/boot/dts/qcom/sc8280xp.dtsi | 6
arch/arm64/boot/dts/qcom/sdm845-db845c-navigation-mezzanine.dts | 104 -
arch/arm64/boot/dts/qcom/sdm845-db845c-navigation-mezzanine.dtso | 70
arch/arm64/boot/dts/qcom/sdm845.dtsi | 20
arch/arm64/boot/dts/qcom/sdx75.dtsi | 2
arch/arm64/boot/dts/qcom/sm4450.dtsi | 2
arch/arm64/boot/dts/qcom/sm6125.dtsi | 2
arch/arm64/boot/dts/qcom/sm6375.dtsi | 2
arch/arm64/boot/dts/qcom/sm7125.dtsi | 16
arch/arm64/boot/dts/qcom/sm7225-fairphone-fp4.dts | 2
arch/arm64/boot/dts/qcom/sm8150-microsoft-surface-duo.dts | 4
arch/arm64/boot/dts/qcom/sm8250.dtsi | 30
arch/arm64/boot/dts/qcom/sm8350.dtsi | 2
arch/arm64/boot/dts/qcom/sm8450.dtsi | 2
arch/arm64/boot/dts/ti/k3-am62-main.dtsi | 1
arch/arm64/boot/dts/ti/k3-am62a-main.dtsi | 1
arch/hexagon/include/asm/cmpxchg.h | 2
arch/hexagon/kernel/traps.c | 4
arch/loongarch/include/asm/hw_breakpoint.h | 4
arch/loongarch/include/asm/loongarch.h | 60
arch/loongarch/kernel/hw_breakpoint.c | 16
arch/loongarch/power/platform.c | 2
arch/powerpc/include/asm/hugetlb.h | 9
arch/powerpc/kernel/smp.c | 4
arch/powerpc/sysdev/xive/native.c | 4
arch/powerpc/sysdev/xive/spapr.c | 3
arch/riscv/kernel/vector.c | 2
arch/s390/Makefile | 2
arch/s390/kernel/perf_cpum_cf.c | 2
arch/s390/kernel/perf_pai_crypto.c | 2
arch/s390/kernel/perf_pai_ext.c | 2
arch/s390/kernel/topology.c | 2
arch/s390/purgatory/Makefile | 2
arch/x86/events/amd/ibs.c | 2
arch/x86/kernel/smpboot.c | 12
block/genhd.c | 22
block/partitions/ldm.h | 2
drivers/acpi/acpica/achware.h | 2
drivers/acpi/fan_core.c | 10
drivers/base/class.c | 9
drivers/block/nbd.c | 1
drivers/bluetooth/btnxpuart.c | 3
drivers/bus/ti-sysc.c | 4
drivers/char/ipmi/ipmb_dev_int.c | 3
drivers/char/ipmi/ssif_bmc.c | 5
drivers/clk/analogbits/wrpll-cln28hpc.c | 2
drivers/clk/clk-conf.c | 4
drivers/clk/clk-si5351.c | 76
drivers/clk/clk.c | 14
drivers/clk/imx/clk-imx8mp.c | 5
drivers/clk/qcom/common.c | 4
drivers/clk/qcom/gcc-sdm845.c | 32
drivers/clk/ralink/clk-mtmips.c | 1
drivers/clk/sunxi-ng/ccu-sun50i-a64.c | 13
drivers/clk/sunxi-ng/ccu-sun50i-a64.h | 2
drivers/clk/sunxi/clk-simple-gates.c | 4
drivers/clk/sunxi/clk-sun8i-bus-gates.c | 4
drivers/clocksource/samsung_pwm_timer.c | 4
drivers/cpufreq/acpi-cpufreq.c | 36
drivers/cpufreq/qcom-cpufreq-hw.c | 34
drivers/crypto/caam/blob_gen.c | 3
drivers/crypto/hisilicon/sec2/sec.h | 3
drivers/crypto/hisilicon/sec2/sec_crypto.c | 168 --
drivers/crypto/hisilicon/sec2/sec_crypto.h | 11
drivers/crypto/intel/ixp4xx/ixp4xx_crypto.c | 3
drivers/dma/ti/edma.c | 3
drivers/firmware/efi/sysfb_efi.c | 2
drivers/gpio/gpio-brcmstb.c | 5
drivers/gpio/gpio-mxc.c | 3
drivers/gpio/gpio-pca953x.c | 108 -
drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 1
drivers/gpu/drm/amd/amdgpu/vcn_v4_0_3.c | 2
drivers/gpu/drm/amd/pm/powerplay/hwmgr/ppatomctrl.c | 2
drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega10_powertune.c | 5
drivers/gpu/drm/bridge/ite-it6505.c | 2
drivers/gpu/drm/etnaviv/etnaviv_gem.c | 16
drivers/gpu/drm/msm/adreno/a6xx_gmu.c | 8
drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_5_0_sm8150.h | 2
drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_5_1_sc8180x.h | 2
drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_6_0_sm8250.h | 2
drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_7_0_sm8350.h | 2
drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_9_0_sm8550.h | 2
drivers/gpu/drm/msm/dp/dp_audio.c | 2
drivers/gpu/drm/rockchip/analogix_dp-rockchip.c | 1
drivers/gpu/drm/rockchip/cdn-dp-core.c | 1
drivers/gpu/drm/rockchip/dw-mipi-dsi-rockchip.c | 1
drivers/gpu/drm/rockchip/dw_hdmi-rockchip.c | 1
drivers/gpu/drm/rockchip/inno_hdmi.c | 1
drivers/gpu/drm/rockchip/rk3066_hdmi.c | 1
drivers/gpu/drm/rockchip/rockchip_drm_drv.h | 18
drivers/gpu/drm/rockchip/rockchip_drm_vop.h | 12
drivers/gpu/drm/rockchip/rockchip_drm_vop2.c | 121 +
drivers/gpu/drm/rockchip/rockchip_drm_vop2.h | 18
drivers/gpu/drm/rockchip/rockchip_lvds.c | 1
drivers/gpu/drm/rockchip/rockchip_rgb.c | 1
drivers/hid/hid-core.c | 2
drivers/hid/hid-input.c | 37
drivers/hid/hid-multitouch.c | 2
drivers/hid/hid-thrustmaster.c | 8
drivers/i3c/master/dw-i3c-master.c | 68
drivers/i3c/master/dw-i3c-master.h | 2
drivers/iio/adc/ti_am335x_adc.c | 4
drivers/infiniband/hw/bnxt_re/ib_verbs.c | 7
drivers/infiniband/hw/cxgb4/device.c | 6
drivers/infiniband/hw/mlx4/main.c | 8
drivers/infiniband/hw/mlx5/odp.c | 32
drivers/infiniband/sw/rxe/rxe.c | 6
drivers/infiniband/sw/rxe/rxe.h | 6
drivers/infiniband/sw/rxe/rxe_comp.c | 4
drivers/infiniband/sw/rxe/rxe_cq.c | 4
drivers/infiniband/sw/rxe/rxe_mr.c | 16
drivers/infiniband/sw/rxe/rxe_mw.c | 2
drivers/infiniband/sw/rxe/rxe_param.h | 2
drivers/infiniband/sw/rxe/rxe_pool.c | 11
drivers/infiniband/sw/rxe/rxe_qp.c | 8
drivers/infiniband/sw/rxe/rxe_resp.c | 12
drivers/infiniband/sw/rxe/rxe_task.c | 4
drivers/infiniband/sw/rxe/rxe_verbs.c | 221 +-
drivers/infiniband/ulp/srp/ib_srp.c | 1
drivers/irqchip/irq-atmel-aic-common.c | 4
drivers/irqchip/irq-pic32-evic.c | 4
drivers/leds/leds-cht-wcove.c | 6
drivers/leds/leds-netxbig.c | 1
drivers/media/i2c/imx290.c | 3
drivers/media/i2c/imx412.c | 42
drivers/media/i2c/ov9282.c | 2
drivers/media/platform/marvell/mcam-core.c | 7
drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c | 7
drivers/media/platform/nxp/imx8-isi/imx8-isi-video.c | 3
drivers/media/platform/samsung/exynos4-is/mipi-csis.c | 10
drivers/media/platform/samsung/s3c-camif/camif-core.c | 13
drivers/media/rc/iguanair.c | 4
drivers/media/usb/dvb-usb-v2/af9035.c | 18
drivers/media/usb/dvb-usb-v2/lmedm04.c | 12
drivers/media/usb/uvc/uvc_queue.c | 3
drivers/media/usb/uvc/uvc_status.c | 1
drivers/memory/tegra/tegra20-emc.c | 8
drivers/mfd/syscon.c | 81
drivers/mfd/ti_am335x_tscadc.c | 4
drivers/misc/cardreader/rtsx_usb.c | 15
drivers/mtd/hyperbus/hbmc-am654.c | 25
drivers/mtd/nand/raw/brcmnand/brcmnand.c | 5
drivers/net/ethernet/broadcom/bgmac.h | 3
drivers/net/ethernet/davicom/dm9000.c | 3
drivers/net/ethernet/freescale/fec_main.c | 31
drivers/net/ethernet/hisilicon/hns3/hnae3.c | 15
drivers/net/ethernet/hisilicon/hns3/hnae3.h | 2
drivers/net/ethernet/hisilicon/hns3/hns3_enet.c | 2
drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 2
drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 2
drivers/net/ethernet/intel/iavf/iavf_main.c | 19
drivers/net/ethernet/marvell/octeon_ep/octep_main.c | 10
drivers/net/ethernet/mellanox/mlxfw/mlxfw_fsm.c | 2
drivers/net/ethernet/mellanox/mlxsw/spectrum_mr.c | 8
drivers/net/ethernet/renesas/sh_eth.c | 4
drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 30
drivers/net/ethernet/ti/am65-cpsw-nuss.c | 2
drivers/net/netdevsim/netdevsim.h | 1
drivers/net/netdevsim/udp_tunnels.c | 23
drivers/net/team/team.c | 7
drivers/net/usb/rtl8150.c | 22
drivers/net/vxlan/vxlan_vnifilter.c | 5
drivers/net/wireless/ath/ath11k/dp_rx.c | 1
drivers/net/wireless/ath/ath11k/hal_rx.c | 3
drivers/net/wireless/ath/ath12k/mac.c | 6
drivers/net/wireless/ath/wcn36xx/main.c | 5
drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwil.h | 2
drivers/net/wireless/mediatek/mt76/mt7615/init.c | 2
drivers/net/wireless/mediatek/mt76/mt7615/mcu.c | 10
drivers/net/wireless/mediatek/mt76/mt7615/mt7615.h | 1
drivers/net/wireless/mediatek/mt76/mt76_connac_mcu.c | 11
drivers/net/wireless/mediatek/mt76/mt76_connac_mcu.h | 1
drivers/net/wireless/mediatek/mt76/mt7915/init.c | 2
drivers/net/wireless/mediatek/mt76/mt7915/mac.c | 32
drivers/net/wireless/mediatek/mt76/mt7915/main.c | 15
drivers/net/wireless/mediatek/mt76/mt7915/mcu.c | 2
drivers/net/wireless/mediatek/mt76/mt7915/mmio.c | 2
drivers/net/wireless/mediatek/mt76/mt7915/mt7915.h | 1
drivers/net/wireless/mediatek/mt76/mt7915/pci.c | 1
drivers/net/wireless/mediatek/mt76/mt7921/main.c | 8
drivers/net/wireless/mediatek/mt76/mt7996/init.c | 15
drivers/net/wireless/mediatek/mt76/mt7996/main.c | 3
drivers/net/wireless/mediatek/mt76/mt7996/mcu.c | 47
drivers/net/wireless/mediatek/mt76/mt7996/mmio.c | 2
drivers/net/wireless/mediatek/mt76/usb.c | 4
drivers/net/wireless/realtek/rtlwifi/base.c | 13
drivers/net/wireless/realtek/rtlwifi/base.h | 1
drivers/net/wireless/realtek/rtlwifi/pci.c | 61
drivers/net/wireless/realtek/rtlwifi/rtl8192se/sw.c | 7
drivers/net/wireless/realtek/rtlwifi/usb.c | 12
drivers/net/wireless/realtek/rtlwifi/wifi.h | 12
drivers/net/wireless/ti/wlcore/main.c | 10
drivers/nvme/host/core.c | 34
drivers/of/of_reserved_mem.c | 3
drivers/opp/core.c | 57
drivers/opp/of.c | 4
drivers/pci/controller/dwc/pci-imx6.c | 139 -
drivers/pci/controller/pcie-rcar-ep.c | 2
drivers/pci/endpoint/functions/pci-epf-test.c | 6
drivers/pci/endpoint/pci-epc-core.c | 2
drivers/pinctrl/nxp/pinctrl-s32cc.c | 4
drivers/pinctrl/pinctrl-amd.c | 27
drivers/pinctrl/pinctrl-amd.h | 7
drivers/pinctrl/pinctrl-k210.c | 4
drivers/pinctrl/stm32/pinctrl-stm32.c | 76
drivers/pps/clients/pps-gpio.c | 4
drivers/pps/clients/pps-ktimer.c | 4
drivers/pps/clients/pps-ldisc.c | 6
drivers/pps/clients/pps_parport.c | 4
drivers/pps/kapi.c | 10
drivers/pps/kc.c | 10
drivers/pps/pps.c | 127 -
drivers/ptp/ptp_chardev.c | 4
drivers/ptp/ptp_ocp.c | 2
drivers/pwm/pwm-samsung.c | 4
drivers/pwm/pwm-stm32-lp.c | 8
drivers/pwm/pwm-stm32.c | 7
drivers/regulator/core.c | 2
drivers/regulator/of_regulator.c | 14
drivers/remoteproc/remoteproc_core.c | 14
drivers/rtc/rtc-loongson.c | 13
drivers/rtc/rtc-pcf85063.c | 11
drivers/scsi/mpt3sas/mpt3sas_base.c | 3
drivers/soc/atmel/soc.c | 2
drivers/spi/spi-omap2-mcspi.c | 11
drivers/spi/spi-zynq-qspi.c | 13
drivers/staging/media/imx/imx-media-of.c | 8
drivers/staging/media/max96712/max96712.c | 4
drivers/tty/serial/8250/8250_port.c | 32
drivers/tty/serial/sc16is7xx.c | 34
drivers/tty/sysrq.c | 4
drivers/ufs/core/ufs_bsg.c | 1
drivers/usb/dwc3/core.c | 30
drivers/usb/dwc3/dwc3-am62.c | 1
drivers/usb/gadget/function/f_tcm.c | 14
drivers/usb/host/xhci-ring.c | 3
drivers/usb/misc/usb251xb.c | 4
drivers/usb/typec/tcpm/tcpci.c | 13
drivers/usb/typec/tcpm/tcpm.c | 10
drivers/vfio/iova_bitmap.c | 2
drivers/video/fbdev/omap2/omapfb/dss/dss-of.c | 1
drivers/watchdog/rti_wdt.c | 1
fs/afs/dir.c | 7
fs/afs/internal.h | 9
fs/afs/rxrpc.c | 12
fs/afs/xdr_fs.h | 2
fs/afs/yfsclient.c | 5
fs/btrfs/super.c | 2
fs/buffer.c | 24
fs/dlm/lowcomms.c | 3
fs/f2fs/dir.c | 53
fs/f2fs/f2fs.h | 6
fs/f2fs/inline.c | 5
fs/file_table.c | 2
fs/hostfs/hostfs_kern.c | 157 +
fs/nfs/nfs42proc.c | 2
fs/nfs/nfs42xdr.c | 2
fs/nfsd/nfs4callback.c | 1
fs/nilfs2/segment.c | 11
fs/ocfs2/quota_global.c | 5
fs/pstore/blk.c | 4
fs/select.c | 4
fs/smb/client/cifsacl.c | 25
fs/smb/client/cifsproto.h | 2
fs/smb/client/cifssmb.c | 4
fs/smb/client/readdir.c | 2
fs/smb/client/reparse.c | 22
fs/smb/client/smb2ops.c | 3
fs/ubifs/debug.c | 22
include/acpi/acpixf.h | 1
include/dt-bindings/clock/sun50i-a64-ccu.h | 2
include/linux/buffer_head.h | 4
include/linux/hid.h | 1
include/linux/ieee80211.h | 11
include/linux/kallsyms.h | 2
include/linux/mfd/syscon.h | 33
include/linux/mroute_base.h | 6
include/linux/netdevice.h | 2
include/linux/of.h | 15
include/linux/perf_event.h | 6
include/linux/platform_data/pca953x.h | 13
include/linux/platform_data/si5351.h | 2
include/linux/pps_kernel.h | 3
include/linux/sched.h | 1
include/linux/usb/tcpm.h | 3
include/net/ax25.h | 10
include/net/inetpeer.h | 12
include/net/netfilter/nf_tables.h | 8
include/net/xfrm.h | 16
include/trace/events/afs.h | 2
include/trace/events/rxrpc.h | 25
io_uring/uring_cmd.c | 2
kernel/bpf/bpf_local_storage.c | 8
kernel/events/core.c | 35
kernel/irq/internals.h | 9
kernel/padata.c | 45
kernel/power/hibernate.c | 7
kernel/sched/cpufreq_schedutil.c | 4
kernel/sched/fair.c | 19
kernel/sched/topology.c | 8
kernel/trace/bpf_trace.c | 13
net/ax25/af_ax25.c | 12
net/ax25/ax25_dev.c | 4
net/ax25/ax25_ip.c | 3
net/ax25/ax25_out.c | 22
net/ax25/ax25_route.c | 2
net/core/dev.c | 4
net/core/filter.c | 2
net/core/sysctl_net_core.c | 5
net/ethtool/netlink.c | 2
net/hsr/hsr_forward.c | 7
net/ipv4/icmp.c | 9
net/ipv4/inetpeer.c | 31
net/ipv4/ip_fragment.c | 15
net/ipv4/ipmr.c | 28
net/ipv4/ipmr_base.c | 9
net/ipv4/route.c | 17
net/ipv4/tcp_cubic.c | 8
net/ipv4/tcp_output.c | 9
net/ipv6/icmp.c | 6
net/ipv6/ip6_output.c | 6
net/ipv6/ip6mr.c | 28
net/ipv6/ndisc.c | 8
net/mac80211/debugfs_netdev.c | 2
net/mac80211/driver-ops.h | 3
net/mac80211/rx.c | 1
net/mptcp/options.c | 13
net/mptcp/protocol.c | 4
net/mptcp/protocol.h | 30
net/netfilter/nf_tables_api.c | 57
net/netfilter/nft_flow_offload.c | 16
net/netfilter/nft_set_pipapo.c | 7
net/netfilter/nft_set_rbtree.c | 178 +-
net/rose/af_rose.c | 16
net/rose/rose_timer.c | 15
net/rxrpc/conn_event.c | 12
net/sched/sch_api.c | 4
net/sched/sch_sfq.c | 56
net/smc/af_smc.c | 2
net/smc/smc_rx.c | 37
net/smc/smc_rx.h | 8
net/sunrpc/svcsock.c | 12
net/vmw_vsock/af_vsock.c | 5
net/wireless/scan.c | 35
net/xfrm/xfrm_replay.c | 10
samples/landlock/sandboxer.c | 7
scripts/Makefile.lib | 4
scripts/genksyms/genksyms.c | 11
scripts/genksyms/genksyms.h | 2
scripts/genksyms/parse.y | 18
scripts/kconfig/conf.c | 6
scripts/kconfig/confdata.c | 115 -
scripts/kconfig/lkc_proto.h | 2
scripts/kconfig/symbol.c | 10
security/landlock/fs.c | 11
sound/core/seq/Kconfig | 5
sound/pci/hda/patch_realtek.c | 1
sound/soc/codecs/arizona.c | 12
sound/soc/intel/avs/apl.c | 53
sound/soc/intel/avs/avs.h | 40
sound/soc/intel/avs/core.c | 51
sound/soc/intel/avs/ipc.c | 36
sound/soc/intel/avs/loader.c | 2
sound/soc/intel/avs/messages.h | 10
sound/soc/intel/avs/registers.h | 6
sound/soc/intel/avs/skl.c | 30
sound/soc/rockchip/rockchip_i2s_tdm.c | 31
sound/soc/sh/rz-ssi.c | 3
sound/soc/sunxi/sun4i-spdif.c | 7
sound/usb/quirks.c | 2
tools/bootconfig/main.c | 4
tools/lib/bpf/linker.c | 22
tools/lib/bpf/usdt.c | 2
tools/perf/builtin-lock.c | 66
tools/perf/builtin-report.c | 2
tools/perf/builtin-top.c | 2
tools/perf/builtin-trace.c | 6
tools/perf/util/bpf-event.c | 10
tools/perf/util/env.c | 13
tools/perf/util/env.h | 4
tools/perf/util/expr.c | 5
tools/perf/util/header.c | 8
tools/perf/util/machine.c | 2
tools/perf/util/namespaces.c | 7
tools/perf/util/namespaces.h | 3
tools/power/cpupower/utils/idle_monitor/mperf_monitor.c | 15
tools/testing/ktest/ktest.pl | 7
tools/testing/selftests/bpf/prog_tests/fill_link_info.c | 4
tools/testing/selftests/bpf/progs/test_fill_link_info.c | 13
tools/testing/selftests/bpf/test_tc_tunnel.sh | 1
tools/testing/selftests/drivers/net/netdevsim/udp_tunnel_nic.sh | 16
tools/testing/selftests/kselftest_harness.h | 24
tools/testing/selftests/landlock/fs_test.c | 3
tools/testing/selftests/powerpc/benchmarks/gettimeofday.c | 2
tools/testing/selftests/rseq/rseq.c | 32
tools/testing/selftests/rseq/rseq.h | 9
tools/testing/selftests/timers/clocksource-switch.c | 6
455 files changed, 4558 insertions(+), 3437 deletions(-)
Aaro Koskinen (1):
ARM: omap1: Fix up the Retu IRQ on Nokia 770
Ahmad Fatoum (1):
gpio: mxc: remove dead code after switch to DT-only
Akhil R (1):
arm64: tegra: Fix DMA ID for SPI2
Al Viro (1):
hostfs: fix string handling in __dentry_name()
Alan Stern (1):
HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections
Alexander Aring (1):
dlm: fix srcu_read_lock() return type to int
Alexander Stein (1):
regulator: core: Add missing newline character
Alexandre Cassen (1):
xfrm: delete intermediate secpath entry in packet offload mode
Alvin Šipraga (1):
clk: si5351: allow PLLs to be adjusted without reset
Amit Pundir (1):
clk: qcom: gcc-sdm845: Do not use shared clk_ops for QUPs
Andreas Kemnade (1):
wifi: wlcore: fix unbalanced pm_runtime calls
Andrew Halaney (2):
arm64: dts: qcom: sa8775p-ride: Describe sgmii_phy0 irq
arm64: dts: qcom: sa8775p-ride: Describe sgmii_phy1 irq
Andrii Nakryiko (1):
libbpf: don't adjust USDT semaphore address if .stapsdt.base addr is missing
Andy Shevchenko (2):
gpio: pca953x: Drop unused fields in struct pca953x_platform_data
gpio: pca953x: Fully convert to device managed resources
Andy Strohman (1):
wifi: mac80211: fix tid removal during mesh forwarding
Andy Yan (7):
drm/rockchip: vop2: Fix cluster windows alpha ctrl regsiters offset
drm/rockchip: vop2: Fix the mixer alpha setup for layer 0
drm/rockchip: vop2: Set YUV/RGB overlay mode
drm/rockchip: vop2: set bg dly and prescan dly at vop2_post_config
drm/rockchip: vop2: Fix the windows switch between different layers
drm/rockchip: vop2: Check linear format for Cluster windows on rk3566/8
drm/rockchip: move output interface related definition to rockchip_drm_drv.h
Antoine Tenart (1):
net: avoid race between device unregistration and ethnl ops
Arnaldo Carvalho de Melo (3):
perf top: Don't complain about lack of vmlinux when not resolving some kernel samples
perf namespaces: Introduce nsinfo__set_in_pidns()
perf namespaces: Fixup the nsinfo__in_pidns() return type, its bool
Arnaud Pouliquen (2):
ARM: dts: stm32: Fix IPCC EXTI declaration on stm32mp151
remoteproc: core: Fix ida_free call while not allocated
Ba Jing (1):
ktest.pl: Remove unused declarations in run_bisect_test function
Balaji Pothunoori (1):
wifi: ath11k: Fix unexpected return buffer manager error for WCN6750/WCN6855
Barnabás Czémán (1):
wifi: wcn36xx: fix channel survey memory allocation size
Bartosz Golaszewski (1):
arm64: dts: qcom: move common parts for sa8775p-ride variants into a .dtsi
Benjamin Lin (1):
wifi: mt76: mt7996: fix incorrect indexing of MIB FW event
Billy Tsai (1):
i3c: dw: Add hot-join support.
Bo Gan (1):
clk: analogbits: Fix incorrect calculation of vco rate delta
Bokun Zhang (1):
drm/amdgpu/vcn: reset fw_shared under SRIOV
Bryan Brattlof (2):
arm64: dts: ti: k3-am62: Remove duplicate GICR reg
arm64: dts: ti: k3-am62a: Remove duplicate GICR reg
Bryan O'Donoghue (1):
arm64: dts: qcom: sdm845-db845c-navigation-mezzanine: Convert mezzanine riser to dtso
Calvin Owens (1):
pps: Fix a use-after-free
Cezary Rojewski (4):
ASoC: Intel: avs: Prefix SKL/APL-specific members
ASoC: Intel: avs: Abstract IPC handling
ASoC: Intel: avs: Do not readq() u32 registers
ASoC: Intel: avs: Fix theoretical infinite loop
Charles Han (1):
ipmi: ipmb: Add check devm_kasprintf() returned value
Chen Ni (1):
media: lmedm04: Handle errors for lme2510_int_read
Chen Ridong (3):
padata: fix UAF in padata_reorder
padata: add pd get/put refcnt helper
padata: avoid UAF for reorder_work
Chen-Yu Tsai (9):
regulator: dt-bindings: mt6315: Drop regulator-compatible property
arm64: dts: mediatek: mt8173-evb: Drop regulator-compatible property
arm64: dts: mediatek: mt8173-elm: Drop regulator-compatible property
arm64: dts: mediatek: mt8192-asurada: Drop regulator-compatible property
arm64: dts: mediatek: mt8195-cherry: Drop regulator-compatible property
arm64: dts: mediatek: mt8195-demo: Drop regulator-compatible property
arm64: dts: mediatek: mt8173-elm: Fix MT6397 PMIC sub-node names
arm64: dts: mediatek: mt8173-evb: Fix MT6397 PMIC sub-node names
arm64: dts: mediatek: mt8183-kukui-jacuzzi: Drop pp3300_panel voltage settings
Chenghai Huang (1):
crypto: hisilicon/sec2 - optimize the error return process
Chenyuan Yang (1):
net: davicom: fix UAF in dm9000_drv_remove
Christophe JAILLET (1):
drm/amd/pm: Fix an error handling path in vega10_enable_se_edc_force_stall_config()
Christophe Leroy (2):
select: Fix unbalanced user_access_end()
perf machine: Don't ignore _etext when not a text symbol
Chuck Lever (2):
NFSD: Reset cb_seq_status after NFS4ERR_DELAY
Revert "SUNRPC: Reduce thread wake-up rate when receiving large RPC messages"
Chun-Tse Shao (1):
perf lock: Fix parse_lock_type which only retrieve one lock flag
Claudiu Beznea (1):
ASoC: renesas: rz-ssi: Use only the proper amount of dividers
Cristian Birsan (1):
ARM: dts: microchip: sama5d27_wlsom1_ek: Add no-1-8-v property to sdmmc0 node
Dan Carpenter (2):
rdma/cxgb4: Prevent potential integer overflow on 32bit
media: imx-jpeg: Fix potential error pointer dereference in detach_pm()
Daniel Lee (1):
f2fs: Introduce linear search for dentries
Daniel Xu (1):
bpf: tcp: Mark bpf_load_hdr_opt() arg2 as read-write
Dave Stevenson (2):
media: i2c: imx290: Register 0x3011 varies between imx327 and imx290
media: i2c: ov9282: Correct the exposure offset
David Howells (5):
afs: Fix EEXIST error returned from afs_rmdir() to be ENOTEMPTY
afs: Fix directory format encoding struct
afs: Fix cleanup of immediately failed async calls
afs: Fix the fallback handling for the YFS.RemoveFile2 RPC call
rxrpc: Fix handling of received connection abort
David Wronek (1):
arm64: dts: qcom: Add SM7125 device tree
Desnes Nunes (1):
media: dvb-usb-v2: af9035: fix ISO C90 compilation error on af9035_i2c_master_xfer
Detlev Casanova (1):
ASoC: rockchip: i2s_tdm: Re-add the set_sysclk callback
Dheeraj Reddy Jonnalagadda (1):
net: fec: implement TSO descriptor cleanup
Dmitry Antipov (1):
wifi: cfg80211: adjust allocation of colocated AP data
Dmitry Baryshkov (20):
drm/msm/dp: set safe_to_exit_level before printing it
drm/msm/dpu: link DSPP_2/_3 blocks on SM8150
drm/msm/dpu: link DSPP_2/_3 blocks on SC8180X
drm/msm/dpu: link DSPP_2/_3 blocks on SM8250
drm/msm/dpu: link DSPP_2/_3 blocks on SM8350
drm/msm/dpu: link DSPP_2/_3 blocks on SM8550
arm64: dts: qcom: msm8916: correct sleep clock frequency
arm64: dts: qcom: msm8939: correct sleep clock frequency
arm64: dts: qcom: msm8994: correct sleep clock frequency
arm64: dts: qcom: qcs404: correct sleep clock frequency
arm64: dts: qcom: q[dr]u1000: correct sleep clock frequency
arm64: dts: qcom: qrb4210-rb2: correct sleep clock frequency
arm64: dts: qcom: sc7280: correct sleep clock frequency
arm64: dts: qcom: sdx75: correct sleep clock frequency
arm64: dts: qcom: sm4450: correct sleep clock frequency
arm64: dts: qcom: sm6125: correct sleep clock frequency
arm64: dts: qcom: sm6375: correct sleep clock frequency
arm64: dts: qcom: sm8250: correct sleep clock frequency
arm64: dts: qcom: sm8350: correct sleep clock frequency
arm64: dts: qcom: sm8450: correct sleep clock frequency
Dmitry V. Levin (1):
selftests: harness: fix printing of mismatch values in __EXPECT()
Eric Dumazet (11):
net_sched: sch_sfq: annotate data-races around q->perturb_period
net_sched: sch_sfq: handle bigger packets
inetpeer: remove create argument of inet_getpeer_v[46]()
inetpeer: remove create argument of inet_getpeer()
inetpeer: update inetpeer timestamp in inet_getpeer()
inetpeer: do not get a refcount in inet_getpeer()
ax25: rcu protect dev->ax25_ptr
inet: ipmr: fix data-races
ipmr: do not call mr_mfc_uses_dev() for unres entries
net: rose: fix timer races against user threads
net: hsr: fix fill_frame_info() regression vs VLAN packets
Eugen Hristev (1):
pstore/blk: trivial typo fixes
Felix Fietkau (5):
wifi: mt76: mt7996: fix rx filter setting for bfee functionality
wifi: mt76: mt7915: firmware restart on devices with a second pcie link
wifi: mt76: connac: move mt7615_mcu_del_wtbl_all to connac
wifi: mt76: mt7915: improve hardware restart reliability
wifi: mt76: mt7915: fix omac index assignment after hardware reset
Florian Westphal (4):
netfilter: nf_tables: de-constify set commit ops function argument
netfilter: nft_set_rbtree: rename gc deactivate+erase function
netfilter: nft_set_rbtree: prefer sync gc to async worker
netfilter: nft_flow_offload: update tcp state flags under lock
Frank Li (1):
PCI: imx6: Simplify clock handling by using clk_bulk*() function
Gaurav Jain (1):
crypto: caam - use JobR's space to access page 0 regs
Gautham R. Shenoy (1):
cpufreq: ACPI: Fix max-frequency computation
Geert Uytterhoeven (2):
dt-bindings: leds: class-multicolor: Fix path to color definitions
selftests: timers: clocksource-switch: Adapt progress to kselftest framework
George Lander (1):
ASoC: sun4i-spdif: Add clock multiplier settings
Greg Kroah-Hartman (1):
Linux 6.6.76
Guangguan Wang (1):
net/smc: fix data error when recvmsg with MSG_PEEK flag
Guixin Liu (1):
scsi: ufs: bsg: Delete bsg_dev when setting up bsg fails
He Rongguang (1):
cpupower: fix TSC MHz calculation
Hermes Wu (1):
drm/bridge: it6505: Change definition of AUX_FIFO_MAX_SIZE
Hongbo Li (2):
hostfs: convert hostfs to use the new mount API
hostfs: fix the host directory parse when mounting.
Howard Chu (1):
perf trace: Fix runtime error of index out of bounds
Howard Hsu (2):
wifi: mt76: mt7996: fix the capability of reception of EHT MU PPDU
wifi: mt76: mt7996: fix HE Phy capability
Hsin-Te Yuan (2):
arm64: dts: mediatek: mt8183: kenzo: Support second source touchscreen
arm64: dts: mediatek: mt8183: willow: Support second source touchscreen
Hsin-Yi Wang (1):
arm64: dts: mt8183: set DMIC one-wire mode on Damu
Huacai Chen (1):
LoongArch: Fix warnings during S3 suspend
Hugo Villeneuve (1):
serial: sc16is7xx: use device_property APIs when configuring irda mode
Ilan Peer (2):
wifi: mac80211: Fix common size calculation for ML element
wifi: cfg80211: Handle specific BSSID in 6GHz scanning
Ivan Stepchenko (1):
drm/amdgpu: Fix potential NULL pointer dereference in atomctrl_get_smc_sclk_range_table
Jakub Kicinski (1):
net: netdevsim: try to close UDP port harness races
Jamal Hadi Salim (1):
net: sched: Disallow replacing of child qdisc from one parent to another
Jason-JH.Lin (1):
dts: arm64: mediatek: mt8195: Remove MT8183 compatible for OVL
Javier Carrasco (1):
soc: atmel: fix device_node release in atmel_soc_device_init()
Jens Axboe (2):
nvme: fix bogus kzalloc() return check in nvme_init_effects_log()
io_uring/uring_cmd: use cached cmd_op in io_uring_cmd_sock()
Jiachen Zhang (1):
perf report: Fix misleading help message about --demangle
Jian Shen (1):
net: hns3: fix oops when unload drivers paralleling
Jianbo Liu (1):
xfrm: replay: Fix the update of replay_esn->oseq_hi for GSO
Jiang Liu (1):
drm/amdgpu: tear down ttm range manager for doorbell in amdgpu_ttm_fini()
Jiasheng Jiang (3):
media: marvell: Add check for clk_enable()
media: mipi-csis: Add check for clk_enable()
media: camif-core: Add check for clk_enable()
Jinliang Zheng (1):
fs: fix proc_handler for sysctl_nr_open
Jiri Kosina (1):
HID: multitouch: fix support for Goodix PID 0x01e9
Joe Hattori (14):
clk: fix an OF node reference leak in of_clk_get_parent_name()
ACPI: fan: cleanup resources in the error path of .probe()
leds: netxbig: Fix an OF node reference leak in netxbig_leds_get_of_pdata()
regulator: of: Implement the unwind path of of_regulator_match()
OPP: OF: Fix an OF node leak in _opp_add_static_v2()
leds: cht-wcove: Use devm_led_classdev_register() to avoid memory leak
crypto: ixp4xx - fix OF node reference leaks in init_ixp_crypto()
memory: tegra20-emc: fix an OF node reference bug in tegra_emc_find_node_by_ram_code()
fbdev: omapfb: Fix an OF node leak in dss_of_port_get_parent_device()
mtd: hyperbus: hbmc-am654: fix an OF node reference leak
watchdog: rti_wdt: Fix an OF node leak in rti_wdt_probe()
staging: media: imx: fix OF node leak in imx_media_add_of_subdevs()
dmaengine: ti: edma: fix OF node reference leaks in edma_driver
usb: dwc3-am62: Fix an OF node leak in phy_syscon_pll_refclk()
Johannes Berg (2):
wifi: mac80211: prohibit deactivating all links
wifi: mac80211: don't flush non-uploaded STAs
John Ogness (1):
serial: 8250: Adjust the timeout for FIFO mode
Jon Maloy (1):
tcp: correct handling of extreme memory squeeze
Jos Wang (1):
usb: typec: tcpm: set SRC_SEND_CAPABILITIES timeout to PD_T_SENDER_RESPONSE
K Prateek Nayak (1):
x86/topology: Use x86_sched_itmt_flags for PKG domain unconditionally
Kailang Yang (1):
ALSA: hda/realtek - Fixed headphone distorted sound on Acer Aspire A115-31 laptop
Kalesh AP (1):
RDMA/bnxt_re: Fix to drop reference to the mmap entry in case of error
Karol Przybylski (1):
HID: hid-thrustmaster: Fix warning in thrustmaster_probe by adding endpoint check
Keisuke Nishimura (2):
nvme: Add error check for xa_store in nvme_get_effects_log
nvme: Add error path for xa_store in nvme_init_effects
King Dix (1):
PCI: rcar-ep: Fix incorrect variable used when calling devm_request_mem_region()
Konrad Dybcio (4):
arm64: dts: qcom: msm8996: Fix up USB3 interrupts
arm64: dts: qcom: msm8994: Describe USB interrupts
arm64: dts: qcom: sc7180-*: Remove thermal zone polling delays
arm64: dts: qcom: sc8280xp: Fix up remoteproc register space sizes
Kory Maincent (1):
net: sh_eth: Fix missing rtnl lock in suspend/resume path
Krzysztof Kozlowski (2):
mfd: syscon: Use scoped variables with memory allocators to simplify error paths
arm64: dts: qcom: sc7180: change labels to lower-case
Kunihiko Hayashi (2):
net: stmmac: Limit the number of MTL queues to hardware capability
net: stmmac: Limit FIFO size by hardware capability
Kyle Tso (2):
usb: dwc3: core: Defer the probe until USB power supply ready
usb: typec: tcpci: Prevent Sink disconnection before vPpsShutdown in SPR PPS
Laurent Pinchart (1):
media: uvcvideo: Fix double free in error path
Laurentiu Palcu (2):
media: nxp: imx8-isi: fix v4l2-compliance test errors
staging: media: max96712: fix kernel oops when removing module
Leon Romanovsky (1):
RDMA/mlx4: Avoid false error about access to uninitialized gids array
Levi Yun (1):
perf expr: Initialize is_test value in expr__ctx_new()
Li Zhijian (1):
RDMA/rxe: Improve newline in printing messages
Lianqin Hu (1):
ALSA: usb-audio: Add delay quirk for iBasso DC07 Pro
Lin Yujun (1):
hexagon: Fix unbalanced spinlock in die()
Liu Jian (1):
net: let net.core.dev_weight always be non-zero
Luca Ceresoli (2):
of: remove internal arguments from of_property_for_each_u32()
gpio: pca953x: log an error when failing to get the reset GPIO
Luca Weiss (2):
arm64: dts: qcom: sm7225-fairphone-fp4: Drop extra qcom,msm-id value
media: i2c: imx412: Add missing newline to prints
Luo Yifan (1):
tools/bootconfig: Fix the wrong format specifier
Ma Ke (1):
RDMA/srp: Fix error handling in srp_add_port
Maciej S. Szmigiero (1):
pinctrl: amd: Take suspend type into consideration which pins are non-wake
Mahdi Arghavani (1):
tcp_cubic: fix incorrect HyStart round start detection
Maher Sanalla (1):
net/mlxfw: Drop hard coded max FW flash image size
Mamta Shukla (1):
arm: dts: socfpga: use reset-name "stmmaceth-ocp" instead of "ahb"
Manivannan Sadhasivam (3):
cpufreq: qcom: Fix qcom_cpufreq_hw_recalc_rate() to query LUT if LMh IRQ is not available
cpufreq: qcom: Implement clk_ops::determine_rate() for qcom_cpufreq* clocks
PCI: endpoint: pci-epf-test: Fix check for DMA MEMCPY test
Marcel Hamer (1):
wifi: brcmfmac: add missing header include for brcmf_dbg
Marco Leogrande (1):
tools/testing/selftests/bpf/test_tc_tunnel.sh: Fix wait for server bind
Marek Vasut (4):
clk: imx8mp: Fix clkout1/2 support
ARM: dts: stm32: Deduplicate serial aliases and chosen node for STM32MP15xx DHCOM SoM
ARM: dts: stm32: Swap USART3 and UART8 alias on STM32MP15xx DHCOM SoM
arm64: dts: qcom: msm8996-xiaomi-gemini: Fix LP5562 LED1 reg property
Mark Brown (1):
spi: omap2-mcspi: Correctly handle devm_clk_get_optional() errors
Martin KaFai Lau (1):
bpf: bpf_local_storage: Always use bpf_mem_alloc in PREEMPT_RT
Masahiro Yamada (8):
ALSA: seq: remove redundant 'tristate' for SND_SEQ_UMP_CLIENT
genksyms: fix memory leak when the same symbol is added from source
genksyms: fix memory leak when the same symbol is read from *.symref file
kconfig: fix file name in warnings when loading KCONFIG_DEFCONFIG_LIST
kconfig: require a space after '#' for valid input
kconfig: remove unused code for S_DEF_AUTO in conf_read_simple()
kconfig: deduplicate code in conf_read_simple()
kconfig: fix memory leak in sym_warn_unmet_dep()
Mathieu Desnoyers (1):
selftests/rseq: Fix handling of glibc without rseq support
Matthew Wilcox (Oracle) (2):
buffer: make folio_create_empty_buffers() return a buffer_head
nilfs2: convert nilfs_lookup_dirty_data_buffers to use folio_create_empty_buffers
Matti Vaittinen (1):
dt-bindings: mfd: bd71815: Fix rsense and typos
Michael Ellerman (1):
selftests/powerpc: Fix argument order to timer_sub()
Michael Guralnik (1):
RDMA/mlx5: Fix indirect mkey ODP page count
Michael Lo (1):
wifi: mt76: mt7921: fix using incorrect group cipher after disconnection.
Michal Luczaj (1):
vsock: Allow retrying on connect() failure
Michal Pecio (1):
usb: xhci: Fix NULL pointer dereference on certain command aborts
Michal Swiatkowski (1):
iavf: allow changing VLAN state without calling PF
Mickaël Salaün (2):
landlock: Handle weird files
selftests/landlock: Fix error message
Mihai Sain (1):
ARM: dts: microchip: sama5d27_wlsom1_ek: Remove mmc-ddr-3_3v property from sdmmc0 node
Min-Hua Chen (1):
drm/rockchip: vop2: include rockchip_drm_drv.h
Ming Wang (1):
rtc: loongson: clear TOY_MATCH0_REG in loongson_rtc_isr()
Mingwei Zheng (4):
spi: zynq-qspi: Add check for clk_enable()
pwm: stm32-lp: Add check for clk_enable()
pwm: stm32: Add check for clk_enable()
pinctrl: stm32: Add check for clk_enable()
Mohamed Khalfella (1):
PCI: endpoint: pci-epf-test: Set dma_chan_rx pointer to NULL on error
Nathan Chancellor (2):
hostfs: Add const qualifier to host_root in hostfs_fill_super()
s390: Add '-std=gnu11' to decompressor and purgatory CFLAGS
Neeraj Sanjay Kale (1):
Bluetooth: btnxpuart: Fix glitches seen in dual A2DP streaming
Neil Armstrong (8):
OPP: add index check to assert to avoid buffer overflow in _read_freq()
OPP: fix dev_pm_opp_find_bw_*() when bandwidth table not initialized
dt-bindings: mmc: controller: clarify the address-cells description
arm64: dts: qcom: sdm845-db845c-navigation-mezzanine: remove disabled ov7251 camera
arm64: dts: qcom: sc7180-trogdor-quackingstick: add missing avee-supply
arm64: dts: qcom: sc7180-trogdor-pompom: rename 5v-choke thermal zone
arm64: dts: qcom: sc7180: fix psci power domain node names
arm64: dts: qcom: sm8150-microsoft-surface-duo: fix typos in da7280 properties
Nicolas Cavallari (1):
wifi: mt76: mt7915: Fix mesh scan on MT7916 DBDC
Nicolas Ferre (1):
ARM: at91: pm: change BU Power Switch to automatic mode
Nikita Zhandarovich (2):
net/rose: prevent integer overflows in rose_setsockopt()
net: usb: rtl8150: enable basic endpoint checking
Nícolas F. R. A. Prado (2):
arm64: dts: mediatek: mt8186: Move wakeup to MTU3 to get working suspend
arm64: dts: mediatek: mt8195: Remove suspend-breaking reset from pcie1
Octavian Purdila (2):
net_sched: sch_sfq: don't allow 1 packet limit
team: prevent adding a device which is already a team device lower
Oleksij Rempel (1):
rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read
Olga Kornievskaia (2):
NFSv4.2: fix COPY_NOTIFY xdr buf size calculation
NFSv4.2: mark OFFLOAD_CANCEL MOVEABLE
Oliver Neukum (1):
media: rc: iguanair: handle timeouts
Pablo Neira Ayuso (2):
netfilter: nf_tables: fix set size with rbtree backend
netfilter: nf_tables: reject mismatching sum of field_len with set key length
Pali Rohár (3):
cifs: Use cifs_autodisable_serverino() for disabling CIFS_MOUNT_SERVER_INUM in readdir.c
cifs: Validate EAs for WSL reparse points
cifs: Fix getting and setting SACLs over SMB1
Palmer Dabbelt (1):
RISC-V: Mark riscv_v_init() as __init
Paolo Abeni (2):
mptcp: consolidate suboption status
mptcp: handle fastopen disconnect correctly
Parth Pancholi (1):
kbuild: switch from lz4c to lz4 for compression
Paul Menzel (1):
scsi: mpt3sas: Set ioc->manu_pg11.EEDPTagMode directly to 1
Paulo Alcantara (1):
smb: client: fix oops due to unset link speed
Pei Xiao (1):
i3c: dw: Fix use-after-free in dw_i3c_master driver due to race condition
Perry Yuan (1):
x86/cpu: Enable SD_ASYM_PACKING for PKG domain on AMD
Peter Chiu (4):
wifi: mt76: mt7915: fix register mapping
wifi: mt76: mt7996: fix register mapping
wifi: mt76: mt7996: add max mpdu len capability
wifi: mt76: mt7996: fix ldpc setting
Peter Griffin (2):
mfd: syscon: Remove extern from function prototypes
mfd: syscon: Add of_syscon_register_regmap() API
Peter Zijlstra (2):
sched/fair: Fix value reported by hot tasks pulled in /proc/schedstat
sched/topology: Rename 'DIE' domain to 'PKG'
Puranjay Mohan (1):
bpf: Send signals asynchronously if !preemptible
Qasim Ijaz (1):
iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index()
Qu Wenruo (1):
btrfs: output the reason for open_ctree() failure
Quan Nguyen (1):
ipmi: ssif_bmc: Fix new request loss when bmc ready for a response
Quentin Monnet (1):
libbpf: Fix segfault due to libelf functions not setting errno
Rafał Miłecki (2):
ARM: dts: mediatek: mt7623: fix IR nodename
bgmac: reduce max frame size to support just MTU 1500
Randy Dunlap (2):
partitions: ldm: remove the initial kernel-doc notation
efi: sysfb_efi: fix W=1 warnings when EFI is not set
Ricardo B. Marliere (1):
ktest.pl: Check kernelrelease return in get_version
Ricardo Ribalda (1):
media: uvcvideo: Propagate buf->error to userspace
Richard Zhu (1):
PCI: imx6: Skip controller_id generation logic for i.MX7D
Ricky CX Wu (3):
ARM: dts: aspeed: yosemite4: correct the compatible string of adm1272
ARM: dts: aspeed: yosemite4: Add required properties for IOE on fan boards
ARM: dts: aspeed: yosemite4: correct the compatible string for max31790
Rob Herring (Arm) (1):
mfd: syscon: Fix race in device_node_get_regmap()
Roger Quadros (1):
net: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns()
Ryusuke Konishi (1):
nilfs2: protect access to buffers with no active references
Saket Kumar Bhaskar (1):
selftests/bpf: Fix fill_link_info selftest on powerpc
Sathishkumar Muruganandam (1):
wifi: ath12k: fix tx power, max reg power update to firmware
Sean Rhodes (1):
drivers/card_reader/rtsx_usb: Restore interrupt based detection
Sebastian Andrzej Siewior (1):
module: Extend the preempt disabled section in dereference_symbol_descriptor().
Sergey Senozhatsky (1):
kconfig: WERROR unmet symbol dependency
Sergio Paracuellos (1):
clk: ralink: mtmips: remove duplicated 'xtal' clock for Ralink SoC RT3883
Shazad Hussain (1):
arm64: dts: qcom: sa8775p-ride: enable pmm8654au_0_pon_resin
Shigeru Yoshida (1):
vxlan: Fix uninit-value in vxlan_vnifilter_dump()
Shinas Rasheed (1):
octeon_ep: remove firmware stats fetch in ndo_get_stats64
Sourabh Jain (1):
powerpc/book3s64/hugetlb: Fix disabling hugetlb when fadump is active
Su Yue (1):
ocfs2: mark dquot as inactive if failed to start trans while releasing dquot
Sui Jingfeng (2):
drm/etnaviv: Fix page property being used for non writecombine buffers
drm/msm: Check return value of of_dma_configure()
Sultan Alsawaf (unemployed) (1):
cpufreq: schedutil: Fix superfluous updates caused by need_freq_update
Takashi Iwai (1):
ALSA: seq: Make dependency on UMP clearer
Taniya Das (1):
arm64: dts: qcom: sa8775p: Update sleep_clk frequency
Terry Tritton (1):
HID: fix generic desktop D-Pad controls
Thadeu Lima de Souza Cascardo (9):
wifi: rtlwifi: do not complete firmware loading needlessly
wifi: rtlwifi: rtl8192se: rise completion of firmware loading as last step
wifi: rtlwifi: wait for firmware loading before releasing memory
wifi: rtlwifi: fix init_sw_vars leak when probe fails
wifi: rtlwifi: usb: fix workqueue leak when probe fails
wifi: rtlwifi: remove unused check_buddy_priv
wifi: rtlwifi: destroy workqueue at rtl_deinit_core
wifi: rtlwifi: fix memory leaks and invalid access at probe error path
wifi: rtlwifi: pci: wait for firmware loading before releasing memory
Thinh Nguyen (2):
usb: gadget: f_tcm: Fix Get/SetInterface return value
usb: gadget: f_tcm: Don't free command immediately
Thomas Gleixner (1):
genirq: Make handle_enforce_irqctx() unconditionally available
Thomas Weißschuh (2):
padata: fix sysfs store callback check
ptp: Properly handle compat ioctls
Tiezhu Yang (1):
LoongArch: Change 8 to 14 for LOONGARCH_MAX_{BRP,WRP}
Toke Høiland-Jørgensen (1):
net: xdp: Disallow attaching device-bound programs in generic mode
Uwe Kleine-König (1):
mtd: hyperbus: hbmc-am654: Convert to platform remove callback returning void
Val Packett (5):
arm64: dts: mediatek: mt8516: fix GICv2 range
arm64: dts: mediatek: mt8516: fix wdt irq type
arm64: dts: mediatek: mt8516: add i2c clock-div property
arm64: dts: mediatek: mt8516: reserve 192 KiB for TF-A
arm64: dts: mediatek: add per-SoC compatibles for keypad nodes
Vasily Khoruzhick (4):
dt-bindings: clock: sunxi: Export PLL_VIDEO_2X and PLL_MIPI
clk: sunxi-ng: a64: drop redundant CLK_PLL_VIDEO0_2X and CLK_PLL_MIPI
clk: sunxi-ng: a64: stop force-selecting PLL-MIPI as TCON0 parent
arm64: dts: allwinner: a64: explicitly assign clock parent for TCON0
Vladimir Zapolskiy (2):
arm64: dts: qcom: sdm845: Fix interrupt types of camss interrupts
arm64: dts: qcom: sm8250: Fix interrupt types of camss interrupts
WangYuli (1):
wifi: mt76: mt76u_vendor_request: Do not print error messages when -EPROTO
Wenkai Lin (2):
crypto: hisilicon/sec2 - fix for aead icv error
crypto: hisilicon/sec2 - fix for aead invalid authsize
Wentao Liang (1):
PM: hibernate: Add error handling for syscore_suspend()
Willem de Bruijn (1):
hexagon: fix using plain integer as NULL pointer warning in cmpxchg
Yabin Cui (1):
perf/core: Save raw sample data conditionally based on sample type
Yang Erkun (1):
block: retry call probe after request_module in blk_request_module
Yu Kuai (1):
nbd: don't allow reconnect after disconnect
Zhongqiu Han (3):
perf header: Fix one memory leakage in process_bpf_btf()
perf header: Fix one memory leakage in process_bpf_prog_info()
perf bpf: Fix two memory leakages when calling perf_env__insert_bpf_prog_info()
Zhu Yanjun (1):
RDMA/rxe: Fix the warning "__rxe_cleanup+0x12c/0x170 [rdma_rxe]"
Zichen Xie (1):
samples/landlock: Fix possible NULL dereference in parse_path()
Zijun Hu (3):
of: reserved-memory: Do not make kmemleak ignore freed address
PCI: endpoint: Destroy the EPC device in devm_pci_epc_destroy()
driver core: class: Fix wild pointer dereferences in API class_dev_iter_next()
david regan (1):
mtd: rawnand: brcmnand: fix status read of brcmnand_waitfunc
pangliyuan (1):
ubifs: skip dumping tnc tree when zroot is null
xueqin Luo (1):
wifi: mt76: mt7915: fix overflows seen when writing limit attributes
zhenwei pi (1):
RDMA/rxe: Fix mismatched max_msg_sz
2 months, 3 weeks
- 1
- 1
[PATCH 6.1.y] cachefiles: Fix NULL pointer dereference in object->file
by lanbincn@qq.com
From: Zizhi Wo <wozizhi(a)huawei.com>
commit 31ad74b20227ce6b40910ff78b1c604e42975cf1 upstream.
At present, the object->file has the NULL pointer dereference problem in
ondemand-mode. The root cause is that the allocated fd and object->file
lifetime are inconsistent, and the user-space invocation to anon_fd uses
object->file. Following is the process that triggers the issue:
[write fd] [umount]
cachefiles_ondemand_fd_write_iter
fscache_cookie_state_machine
cachefiles_withdraw_cookie
if (!file) return -ENOBUFS
cachefiles_clean_up_object
cachefiles_unmark_inode_in_use
fput(object->file)
object->file = NULL
// file NULL pointer dereference!
__cachefiles_write(..., file, ...)
Fix this issue by add an additional reference count to the object->file
before write/llseek, and decrement after it finished.
Fixes: c8383054506c ("cachefiles: notify the user daemon when looking up cookie")
Signed-off-by: Zizhi Wo <wozizhi(a)huawei.com>
Link: https://lore.kernel.org/r/20241107110649.3980193-5-wozizhi@huawei.com
Reviewed-by: David Howells <dhowells(a)redhat.com>
Signed-off-by: Christian Brauner <brauner(a)kernel.org>
Signed-off-by: Bin Lan <lanbincn(a)qq.com>
---
fs/cachefiles/interface.c | 14 ++++++++++----
fs/cachefiles/ondemand.c | 30 ++++++++++++++++++++++++------
2 files changed, 34 insertions(+), 10 deletions(-)
diff --git a/fs/cachefiles/interface.c b/fs/cachefiles/interface.c
index bde23e156a63..fd71775c703a 100644
--- a/fs/cachefiles/interface.c
+++ b/fs/cachefiles/interface.c
@@ -327,6 +327,8 @@ static void cachefiles_commit_object(struct cachefiles_object *object,
static void cachefiles_clean_up_object(struct cachefiles_object *object,
struct cachefiles_cache *cache)
{
+ struct file *file;
+
if (test_bit(FSCACHE_COOKIE_RETIRED, &object->cookie->flags)) {
if (!test_bit(CACHEFILES_OBJECT_USING_TMPFILE, &object->flags)) {
cachefiles_see_object(object, cachefiles_obj_see_clean_delete);
@@ -342,10 +344,14 @@ static void cachefiles_clean_up_object(struct cachefiles_object *object,
}
cachefiles_unmark_inode_in_use(object, object->file);
- if (object->file) {
- fput(object->file);
- object->file = NULL;
- }
+
+ spin_lock(&object->lock);
+ file = object->file;
+ object->file = NULL;
+ spin_unlock(&object->lock);
+
+ if (file)
+ fput(file);
}
/*
diff --git a/fs/cachefiles/ondemand.c b/fs/cachefiles/ondemand.c
index d1a0264b08a6..3389a373faf6 100644
--- a/fs/cachefiles/ondemand.c
+++ b/fs/cachefiles/ondemand.c
@@ -61,20 +61,26 @@ static ssize_t cachefiles_ondemand_fd_write_iter(struct kiocb *kiocb,
{
struct cachefiles_object *object = kiocb->ki_filp->private_data;
struct cachefiles_cache *cache = object->volume->cache;
- struct file *file = object->file;
+ struct file *file;
size_t len = iter->count;
loff_t pos = kiocb->ki_pos;
const struct cred *saved_cred;
int ret;
- if (!file)
+ spin_lock(&object->lock);
+ file = object->file;
+ if (!file) {
+ spin_unlock(&object->lock);
return -ENOBUFS;
+ }
+ get_file(file);
+ spin_unlock(&object->lock);
cachefiles_begin_secure(cache, &saved_cred);
ret = __cachefiles_prepare_write(object, file, &pos, &len, true);
cachefiles_end_secure(cache, saved_cred);
if (ret < 0)
- return ret;
+ goto out;
trace_cachefiles_ondemand_fd_write(object, file_inode(file), pos, len);
ret = __cachefiles_write(object, file, pos, iter, NULL, NULL);
@@ -83,6 +89,8 @@ static ssize_t cachefiles_ondemand_fd_write_iter(struct kiocb *kiocb,
kiocb->ki_pos += ret;
}
+out:
+ fput(file);
return ret;
}
@@ -90,12 +98,22 @@ static loff_t cachefiles_ondemand_fd_llseek(struct file *filp, loff_t pos,
int whence)
{
struct cachefiles_object *object = filp->private_data;
- struct file *file = object->file;
+ struct file *file;
+ loff_t ret;
- if (!file)
+ spin_lock(&object->lock);
+ file = object->file;
+ if (!file) {
+ spin_unlock(&object->lock);
return -ENOBUFS;
+ }
+ get_file(file);
+ spin_unlock(&object->lock);
- return vfs_llseek(file, pos, whence);
+ ret = vfs_llseek(file, pos, whence);
+ fput(file);
+
+ return ret;
}
static long cachefiles_ondemand_fd_ioctl(struct file *filp, unsigned int ioctl,
--
2.43.0
2 months, 3 weeks
- 1
- 0
[PATCH 6.6.y] cachefiles: Fix NULL pointer dereference in object->file
by lanbincn@qq.com
From: Zizhi Wo <wozizhi(a)huawei.com>
commit 31ad74b20227ce6b40910ff78b1c604e42975cf1 upstream.
At present, the object->file has the NULL pointer dereference problem in
ondemand-mode. The root cause is that the allocated fd and object->file
lifetime are inconsistent, and the user-space invocation to anon_fd uses
object->file. Following is the process that triggers the issue:
[write fd] [umount]
cachefiles_ondemand_fd_write_iter
fscache_cookie_state_machine
cachefiles_withdraw_cookie
if (!file) return -ENOBUFS
cachefiles_clean_up_object
cachefiles_unmark_inode_in_use
fput(object->file)
object->file = NULL
// file NULL pointer dereference!
__cachefiles_write(..., file, ...)
Fix this issue by add an additional reference count to the object->file
before write/llseek, and decrement after it finished.
Fixes: c8383054506c ("cachefiles: notify the user daemon when looking up cookie")
Signed-off-by: Zizhi Wo <wozizhi(a)huawei.com>
Link: https://lore.kernel.org/r/20241107110649.3980193-5-wozizhi@huawei.com
Reviewed-by: David Howells <dhowells(a)redhat.com>
Signed-off-by: Christian Brauner <brauner(a)kernel.org>
Signed-off-by: Bin Lan <lanbincn(a)qq.com>
---
fs/cachefiles/interface.c | 14 ++++++++++----
fs/cachefiles/ondemand.c | 30 ++++++++++++++++++++++++------
2 files changed, 34 insertions(+), 10 deletions(-)
diff --git a/fs/cachefiles/interface.c b/fs/cachefiles/interface.c
index 35ba2117a6f6..3e63cfe15874 100644
--- a/fs/cachefiles/interface.c
+++ b/fs/cachefiles/interface.c
@@ -327,6 +327,8 @@ static void cachefiles_commit_object(struct cachefiles_object *object,
static void cachefiles_clean_up_object(struct cachefiles_object *object,
struct cachefiles_cache *cache)
{
+ struct file *file;
+
if (test_bit(FSCACHE_COOKIE_RETIRED, &object->cookie->flags)) {
if (!test_bit(CACHEFILES_OBJECT_USING_TMPFILE, &object->flags)) {
cachefiles_see_object(object, cachefiles_obj_see_clean_delete);
@@ -342,10 +344,14 @@ static void cachefiles_clean_up_object(struct cachefiles_object *object,
}
cachefiles_unmark_inode_in_use(object, object->file);
- if (object->file) {
- fput(object->file);
- object->file = NULL;
- }
+
+ spin_lock(&object->lock);
+ file = object->file;
+ object->file = NULL;
+ spin_unlock(&object->lock);
+
+ if (file)
+ fput(file);
}
/*
diff --git a/fs/cachefiles/ondemand.c b/fs/cachefiles/ondemand.c
index d1a0264b08a6..3389a373faf6 100644
--- a/fs/cachefiles/ondemand.c
+++ b/fs/cachefiles/ondemand.c
@@ -61,20 +61,26 @@ static ssize_t cachefiles_ondemand_fd_write_iter(struct kiocb *kiocb,
{
struct cachefiles_object *object = kiocb->ki_filp->private_data;
struct cachefiles_cache *cache = object->volume->cache;
- struct file *file = object->file;
+ struct file *file;
size_t len = iter->count;
loff_t pos = kiocb->ki_pos;
const struct cred *saved_cred;
int ret;
- if (!file)
+ spin_lock(&object->lock);
+ file = object->file;
+ if (!file) {
+ spin_unlock(&object->lock);
return -ENOBUFS;
+ }
+ get_file(file);
+ spin_unlock(&object->lock);
cachefiles_begin_secure(cache, &saved_cred);
ret = __cachefiles_prepare_write(object, file, &pos, &len, true);
cachefiles_end_secure(cache, saved_cred);
if (ret < 0)
- return ret;
+ goto out;
trace_cachefiles_ondemand_fd_write(object, file_inode(file), pos, len);
ret = __cachefiles_write(object, file, pos, iter, NULL, NULL);
@@ -83,6 +89,8 @@ static ssize_t cachefiles_ondemand_fd_write_iter(struct kiocb *kiocb,
kiocb->ki_pos += ret;
}
+out:
+ fput(file);
return ret;
}
@@ -90,12 +98,22 @@ static loff_t cachefiles_ondemand_fd_llseek(struct file *filp, loff_t pos,
int whence)
{
struct cachefiles_object *object = filp->private_data;
- struct file *file = object->file;
+ struct file *file;
+ loff_t ret;
- if (!file)
+ spin_lock(&object->lock);
+ file = object->file;
+ if (!file) {
+ spin_unlock(&object->lock);
return -ENOBUFS;
+ }
+ get_file(file);
+ spin_unlock(&object->lock);
- return vfs_llseek(file, pos, whence);
+ ret = vfs_llseek(file, pos, whence);
+ fput(file);
+
+ return ret;
}
static long cachefiles_ondemand_fd_ioctl(struct file *filp, unsigned int ioctl,
--
2.43.0
2 months, 3 weeks
- 1
- 0
[PATCH] usb: cdns3: exit cdns3_gadget_udc_start if FAST_REG_ACCESS cannot be set
by Siddharth Vadapalli
When the device is in a low power state, access to the following
registers takes a long time:
- EP_CFG
- EP_TRADDR
- EP_CMD
- EP_SEL
- EP_STS
- USB_CONF
To address this, the fast register access feature can be enabled by
setting PUSB_PWR_FST_REG_ACCESS bit of the USB_PWR register, which
allows quick access by software. Software is expected to poll on
PUSB_PWR_FST_REG_ACCESS_STAT to ensure that fast register access has
been enabled by the controller. Attempting to access any of the
aforementioned registers after setting PUSB_PWR_FST_REG_ACCESS but
before PUSB_PWR_FST_REG_ACCESS_STAT has been set will result in
undefined behavior and potentially result in system hang.
Hence, poll on PUSB_PWR_FST_REG_ACCESS_STAT before proceeding with
gadget configuration, and exit if it cannot be enabled.
Fixes: b5148d946f45 ("usb: cdns3: gadget: set fast access bit")
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Siddharth Vadapalli <s-vadapalli(a)ti.com>
---
Hello,
This patch is based on commit
92514ef226f5 Merge tag 'for-6.14-rc1-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux
of Mainline Linux.
Regards,
Siddharth.
drivers/usb/cdns3/cdns3-gadget.c | 18 ++++++++++++++++--
1 file changed, 16 insertions(+), 2 deletions(-)
diff --git a/drivers/usb/cdns3/cdns3-gadget.c b/drivers/usb/cdns3/cdns3-gadget.c
index fd1beb10bba7..b62691944272 100644
--- a/drivers/usb/cdns3/cdns3-gadget.c
+++ b/drivers/usb/cdns3/cdns3-gadget.c
@@ -2971,8 +2971,6 @@ static void cdns3_gadget_config(struct cdns3_device *priv_dev)
/* enable generic interrupt*/
writel(USB_IEN_INIT, ®s->usb_ien);
writel(USB_CONF_CLK2OFFDS | USB_CONF_L1DS, ®s->usb_conf);
- /* keep Fast Access bit */
- writel(PUSB_PWR_FST_REG_ACCESS, &priv_dev->regs->usb_pwr);
cdns3_configure_dmult(priv_dev, NULL);
}
@@ -2990,6 +2988,8 @@ static int cdns3_gadget_udc_start(struct usb_gadget *gadget,
struct cdns3_device *priv_dev = gadget_to_cdns3_device(gadget);
unsigned long flags;
enum usb_device_speed max_speed = driver->max_speed;
+ int ret;
+ u32 reg;
spin_lock_irqsave(&priv_dev->lock, flags);
priv_dev->gadget_driver = driver;
@@ -2997,6 +2997,20 @@ static int cdns3_gadget_udc_start(struct usb_gadget *gadget,
/* limit speed if necessary */
max_speed = min(driver->max_speed, gadget->max_speed);
+ /* keep Fast Access bit */
+ writel(PUSB_PWR_FST_REG_ACCESS, &priv_dev->regs->usb_pwr);
+ reg = readl(&priv_dev->regs->usb_pwr);
+ if (!(reg & PUSB_PWR_FST_REG_ACCESS_STAT)) {
+ ret = readl_poll_timeout_atomic(&priv_dev->regs->usb_pwr, reg,
+ (reg & PUSB_PWR_FST_REG_ACCESS_STAT),
+ 10, 1000);
+ if (ret) {
+ dev_err(priv_dev->dev, "Failed to enable fast access\n");
+ spin_unlock_irqrestore(&priv_dev->lock, flags);
+ return ret;
+ }
+ }
+
switch (max_speed) {
case USB_SPEED_FULL:
writel(USB_CONF_SFORCE_FS, &priv_dev->regs->usb_conf);
--
2.43.0
2 months, 3 weeks
- 2
- 4
Re: The business loan-
by David Song
Hello,
My name is David Song, at AA4 FS, we are a consultancy and
brokerage Firm specializing in Growth Financial Loan and joint
partnership venture. We specialize in investments in all Private
and public sectors in a broad range of areas within our Financial
Investment Services.
We are experts in financial and operational management, due
diligence and capital planning in all markets and industries. Our
Investors wish to invest in any viable Project presented by your
Management after reviews on your Business Project Presentation
Plan.
We look forward to your Swift response. We also offer commission
to consultants and brokers for any partnership referrals.
Regards,
David Song
Senior Broker
AA4 Financial Services
13 Wonersh Way, Cheam,
Sutton, Surrey, SM2 7LX
Email: dsong(a)aa4financialservice.com
2 months, 3 weeks
- 1
- 0
[PATCH 6.13 000/619] 6.13.2-rc2 review
by Greg Kroah-Hartman
This is the start of the stable review cycle for the 6.13.2 release.
There are 619 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Sat, 08 Feb 2025 16:05:17 +0000.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.13.2-rc2…
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.13.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
Linux 6.13.2-rc2
Qu Wenruo <wqu(a)suse.com>
btrfs: do proper folio cleanup when run_delalloc_nocow() failed
Qu Wenruo <wqu(a)suse.com>
btrfs: do proper folio cleanup when cow_file_range() failed
Tiezhu Yang <yangtiezhu(a)loongson.cn>
LoongArch: Change 8 to 14 for LOONGARCH_MAX_{BRP,WRP}
Uwe Kleine-König <u.kleine-koenig(a)baylibre.com>
pwm: Ensure callbacks exist before calling them
Chen Ridong <chenridong(a)huawei.com>
memcg: fix soft lockup in the OOM process
Sean Christopherson <seanjc(a)google.com>
KVM: x86: Plumb in the vCPU to kvm_x86_ops.hwapic_isr_update()
Aric Cyr <Aric.Cyr(a)amd.com>
drm/amd/display: Add hubp cache reset when powergating
Nathan Chancellor <nathan(a)kernel.org>
s390: Add '-std=gnu11' to decompressor and purgatory CFLAGS
Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com>
ASoC: da7213: Initialize the mutex
Kevin Brodsky <kevin.brodsky(a)arm.com>
selftests/mm: build with -O2
Qu Wenruo <wqu(a)suse.com>
btrfs: output the reason for open_ctree() failure
Yu Kuai <yukuai3(a)huawei.com>
md/md-bitmap: Synchronize bitmap_get_stats() with bitmap lifetime
Shivaprasad G Bhat <sbhat(a)linux.ibm.com>
powerpc/pseries/iommu: Don't unset window if it was never set
Dan Carpenter <dan.carpenter(a)linaro.org>
media: imx-jpeg: Fix potential error pointer dereference in detach_pm()
Laurentiu Palcu <laurentiu.palcu(a)oss.nxp.com>
staging: media: max96712: fix kernel oops when removing module
Melissa Wen <mwen(a)igalia.com>
drm/amd/display: restore invalid MSA timing check for freesync
Thinh Nguyen <Thinh.Nguyen(a)synopsys.com>
usb: gadget: f_tcm: Don't free command immediately
Calvin Owens <calvin(a)wbinvd.org>
pps: Fix a use-after-free
Laurent Pinchart <laurent.pinchart(a)ideasonboard.com>
media: uvcvideo: Fix double free in error path
Arnaud Pouliquen <arnaud.pouliquen(a)foss.st.com>
remoteproc: core: Fix ida_free call while not allocated
Patrisious Haddad <phaddad(a)nvidia.com>
RDMA/mlx5: Fix implicit ODP use after free
Matthieu Baerts (NGI0) <matttbe(a)kernel.org>
mptcp: blackhole only if 1st SYN retrans w/o MPC is accepted
Paolo Abeni <pabeni(a)redhat.com>
mptcp: handle fastopen disconnect correctly
Matthieu Baerts (NGI0) <matttbe(a)kernel.org>
mptcp: pm: only set fullmesh for subflow endp
Paolo Abeni <pabeni(a)redhat.com>
mptcp: consolidate suboption status
Abel Vesa <abel.vesa(a)linaro.org>
clk: qcom: gcc-x1e80100: Do not turn off usb_2 controller GDSC
Kyle Tso <kyletso(a)google.com>
usb: typec: tcpci: Prevent Sink disconnection before vPpsShutdown in SPR PPS
Jos Wang <joswang(a)lenovo.com>
usb: typec: tcpm: set SRC_SEND_CAPABILITIES timeout to PD_T_SENDER_RESPONSE
Ray Chi <raychi(a)google.com>
usb: dwc3: Skip resume if pm_runtime_set_active() fails
Kyle Tso <kyletso(a)google.com>
usb: dwc3: core: Defer the probe until USB power supply ready
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
usb: dwc3-am62: Fix an OF node leak in phy_syscon_pll_refclk()
Thinh Nguyen <Thinh.Nguyen(a)synopsys.com>
usb: gadget: f_tcm: Fix Get/SetInterface return value
Sean Rhodes <sean(a)starlabs.systems>
drivers/card_reader/rtsx_usb: Restore interrupt based detection
Michal Pecio <michal.pecio(a)gmail.com>
usb: xhci: Fix NULL pointer dereference on certain command aborts
Nikita Zhandarovich <n.zhandarovich(a)fintech.ru>
net: usb: rtl8150: enable basic endpoint checking
Lianqin Hu <hulianqin(a)vivo.com>
ALSA: usb-audio: Add delay quirk for iBasso DC07 Pro
Darrick J. Wong <djwong(a)kernel.org>
xfs: don't shut down the filesystem for media failures beyond end of log
Darrick J. Wong <djwong(a)kernel.org>
xfs: release the dquot buf outside of qli_lock
Darrick J. Wong <djwong(a)kernel.org>
xfs: don't over-report free space or inodes in statvfs
Long Li <leo.lilong(a)huawei.com>
xfs: fix mount hang during primary superblock recovery failure
Christoph Hellwig <hch(a)lst.de>
xfs: check for dead buffers in xfs_buf_find_insert
Ricardo B. Marliere <rbm(a)suse.com>
ktest.pl: Check kernelrelease return in get_version
Masami Hiramatsu (Google) <mhiramat(a)kernel.org>
selftests/ftrace: Fix to use remount when testing mount GID option
Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com>
selftests/rseq: Fix handling of glibc without rseq support
Pablo Neira Ayuso <pablo(a)netfilter.org>
netfilter: nf_tables: reject mismatching sum of field_len with set key length
Chuck Lever <chuck.lever(a)oracle.com>
Revert "SUNRPC: Reduce thread wake-up rate when receiving large RPC messages"
Yu Kuai <yukuai3(a)huawei.com>
md/md-bitmap: move bitmap_{start, end}write to md upper layer
Yu Kuai <yukuai3(a)huawei.com>
md/raid5: implement pers->bitmap_sector()
Yu Kuai <yukuai3(a)huawei.com>
md: add a new callback pers->bitmap_sector()
Yu Kuai <yukuai3(a)huawei.com>
md/md-bitmap: remove the last parameter for bimtap_ops->endwrite()
Yu Kuai <yukuai3(a)huawei.com>
md/md-bitmap: factor behind write counters out from bitmap_{start/end}write()
Daniel Lee <chullee(a)google.com>
f2fs: Introduce linear search for dentries
Liam R. Howlett <Liam.Howlett(a)Oracle.com>
kernel: be more careful about dup_mmap() failures and uprobe registering
Masahiro Yamada <masahiroy(a)kernel.org>
kbuild: fix Clang LTO with CONFIG_OBJTOOL=n
Lin Yujun <linyujun809(a)huawei.com>
hexagon: Fix unbalanced spinlock in die()
Willem de Bruijn <willemb(a)google.com>
hexagon: fix using plain integer as NULL pointer warning in cmpxchg
Masahiro Yamada <masahiroy(a)kernel.org>
kconfig: fix memory leak in sym_warn_unmet_dep()
Masahiro Yamada <masahiroy(a)kernel.org>
kconfig: fix file name in warnings when loading KCONFIG_DEFCONFIG_LIST
Pali Rohár <pali(a)kernel.org>
cifs: Fix getting and setting SACLs over SMB1
Pali Rohár <pali(a)kernel.org>
cifs: Validate EAs for WSL reparse points
Len Brown <len.brown(a)intel.com>
tools/power turbostat: Fix forked child affinity regression
Daniel Baluta <daniel.baluta(a)nxp.com>
ASoC: amd: acp: Fix possible deadlock
Jens Axboe <axboe(a)kernel.dk>
io_uring/register: use atomic_read/write for sq_flags migration
Jens Axboe <axboe(a)kernel.dk>
io_uring/uring_cmd: use cached cmd_op in io_uring_cmd_sock()
Jens Axboe <axboe(a)kernel.dk>
io_uring/msg_ring: don't leave potentially dangling ->tctx pointer
Detlev Casanova <detlev.casanova(a)collabora.com>
ASoC: rockchip: i2s_tdm: Re-add the set_sysclk callback
Palmer Dabbelt <palmer(a)rivosinc.com>
RISC-V: Mark riscv_v_init() as __init
Torsten Hilbrich <torsten.hilbrich(a)secunet.com>
kbuild: Fix signing issue for external modules
Patryk Wlazlyn <patryk.wlazlyn(a)linux.intel.com>
tools/power turbostat: Fix PMT mmaped file size rounding
Al Viro <viro(a)zeniv.linux.org.uk>
hostfs: fix string handling in __dentry_name()
Masahiro Yamada <masahiroy(a)kernel.org>
genksyms: fix memory leak when the same symbol is read from *.symref file
Masahiro Yamada <masahiroy(a)kernel.org>
genksyms: fix memory leak when the same symbol is added from source
Eric Dumazet <edumazet(a)google.com>
net: hsr: fix fill_frame_info() regression vs VLAN packets
Kory Maincent <kory.maincent(a)bootlin.com>
net: sh_eth: Fix missing rtnl lock in suspend/resume path
Kory Maincent <kory.maincent(a)bootlin.com>
net: ravb: Fix missing rtnl lock in suspend/resume path
Toke Høiland-Jørgensen <toke(a)redhat.com>
net: xdp: Disallow attaching device-bound programs in generic mode
Jon Maloy <jmaloy(a)redhat.com>
tcp: correct handling of extreme memory squeeze
Rafał Miłecki <rafal(a)milecki.pl>
bgmac: reduce max frame size to support just MTU 1500
Michal Luczaj <mhal(a)rbox.co>
vsock: Allow retrying on connect() failure
Neeraj Sanjay Kale <neeraj.sanjaykale(a)nxp.com>
Bluetooth: btnxpuart: Fix glitches seen in dual A2DP streaming
Douglas Anderson <dianders(a)chromium.org>
Bluetooth: btusb: mediatek: Add locks for usb_driver_claim_interface()
Namhyung Kim <namhyung(a)kernel.org>
perf test: Skip syscall enum test if no landlock syscall
Howard Chu <howardchu95(a)gmail.com>
perf trace: Fix runtime error of index out of bounds
Heiko Carstens <hca(a)linux.ibm.com>
s390/sclp: Initialize sclp subsystem via arch_cpu_finalize_init()
Cosmin Ratiu <cratiu(a)nvidia.com>
bonding: Correctly support GSO ESP offload
Kunihiko Hayashi <hayashi.kunihiko(a)socionext.com>
net: stmmac: Limit FIFO size by hardware capability
Kunihiko Hayashi <hayashi.kunihiko(a)socionext.com>
net: stmmac: Limit the number of MTL queues to hardware capability
Gal Pressman <gal(a)nvidia.com>
ethtool: Fix set RXNFC command with symmetric RSS hash
Thomas Weißschuh <linux(a)weissschuh.net>
ptp: Properly handle compat ioctls
Ian Rogers <irogers(a)google.com>
perf annotate: Use an array for the disassembler preference
Chenyuan Yang <chenyuan0y(a)gmail.com>
net: davicom: fix UAF in dm9000_drv_remove
Shigeru Yoshida <syoshida(a)redhat.com>
vxlan: Fix uninit-value in vxlan_vnifilter_dump()
David Howells <dhowells(a)redhat.com>
rxrpc, afs: Fix peer hash locking vs RCU callback
Jan Stancek <jstancek(a)redhat.com>
selftests: net/{lib,openvswitch}: extend CFLAGS to keep options from environment
Jan Stancek <jstancek(a)redhat.com>
selftests: mptcp: extend CFLAGS to keep options from environment
Jakub Kicinski <kuba(a)kernel.org>
net: page_pool: don't try to stash the napi id
Jakub Kicinski <kuba(a)kernel.org>
tools: ynl: c: correct reverse decode of empty attrs
Stanislav Fomichev <sdf(a)fomichev.me>
net/mlx5e: add missing cpu_to_node to kvzalloc_node in mlx5e_open_xdpredirect_sq
Jakub Kicinski <kuba(a)kernel.org>
net: netdevsim: try to close UDP port harness races
Eric Dumazet <edumazet(a)google.com>
net: rose: fix timer races against user threads
Paul Fertser <fercerpav(a)gmail.com>
net/ncsi: use dev_set_mac_address() for Get MC MAC Address handling
Vasily Gorbik <gor(a)linux.ibm.com>
s390/mm: Allow large pages for KASAN shadow mapping
Michal Swiatkowski <michal.swiatkowski(a)linux.intel.com>
iavf: allow changing VLAN state without calling PF
Mateusz Polchlopek <mateusz.polchlopek(a)intel.com>
ice: remove invalid parameter of equalizer
Przemek Kitszel <przemyslaw.kitszel(a)intel.com>
ice: fix ice_parser_rt::bst_key array size
Marco Leogrande <leogrande(a)google.com>
idpf: convert workqueues to unbound
Manoj Vishwanathan <manojvishy(a)google.com>
idpf: Acquire the lock before accessing the xn->salt
Emil Tantilov <emil.s.tantilov(a)intel.com>
idpf: fix transaction timeouts on reset
Emil Tantilov <emil.s.tantilov(a)intel.com>
idpf: add read memory barrier when checking descriptor done bit
Sebastian Sewior <bigeasy(a)linutronix.de>
xfrm: Don't disable preemption while looking up cache state.
Howard Chu <howardchu95(a)gmail.com>
perf trace: Fix BPF loading failure (-E2BIG)
Wentao Liang <vulab(a)iscas.ac.cn>
PM: hibernate: Add error handling for syscore_suspend()
Eric Dumazet <edumazet(a)google.com>
ipmr: do not call mr_mfc_uses_dev() for unres entries
Dheeraj Reddy Jonnalagadda <dheeraj.linuxdev(a)gmail.com>
net: fec: implement TSO descriptor cleanup
Dimitri Fedrau <dima.fedrau(a)gmail.com>
net: phy: marvell-88q2xxx: Fix temperature measurement with reset-gpios
Ahmad Fatoum <a.fatoum(a)pengutronix.de>
gpio: mxc: remove dead code after switch to DT-only
Jian Shen <shenjian15(a)huawei.com>
net: hns3: fix oops when unload drivers paralleling
Christian Marangi <ansuelsmth(a)gmail.com>
net: airoha: Fix wrong GDM4 register definition
Alexander Stein <alexander.stein(a)ew.tq-group.com>
regulator: core: Add missing newline character
pangliyuan <pangliyuan1(a)huawei.com>
ubifs: skip dumping tnc tree when zroot is null
Zhihao Cheng <chengzhihao1(a)huawei.com>
ubi: Revert "ubi: wl: Close down wear-leveling before nand is suspended"
Ming Wang <wangming01(a)loongson.cn>
rtc: loongson: clear TOY_MATCH0_REG in loongson_rtc_isr()
Oleksij Rempel <o.rempel(a)pengutronix.de>
rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read
Dan Carpenter <dan.carpenter(a)linaro.org>
rtc: tps6594: Fix integer overflow on 32bit systems
Alexandre Cassen <acassen(a)corp.free.fr>
xfrm: delete intermediate secpath entry in packet offload mode
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
dmaengine: ti: edma: fix OF node reference leaks in edma_driver
Florian Westphal <fw(a)strlen.de>
xfrm: state: fix out-of-bounds read during lookup
Jianbo Liu <jianbol(a)nvidia.com>
xfrm: replay: Fix the update of replay_esn->oseq_hi for GSO
Luo Yifan <luoyifan(a)cmss.chinamobile.com>
tools/bootconfig: Fix the wrong format specifier
Huacai Chen <chenhuacai(a)kernel.org>
LoongArch: Fix warnings during S3 suspend
Olga Kornievskaia <okorniev(a)redhat.com>
NFSv4.2: mark OFFLOAD_CANCEL MOVEABLE
Olga Kornievskaia <okorniev(a)redhat.com>
NFSv4.2: fix COPY_NOTIFY xdr buf size calculation
Mike Snitzer <snitzer(a)kernel.org>
nfs: fix incorrect error handling in LOCALIO
John Ogness <john.ogness(a)linutronix.de>
serial: 8250: Adjust the timeout for FIFO mode
Jiri Slaby (SUSE) <jirislaby(a)kernel.org>
tty: mips_ejtag_fdc: fix one more u8 warning
Zijun Hu <quic_zijuhu(a)quicinc.com>
driver core: class: Fix wild pointer dereferences in API class_dev_iter_next()
Christophe Leroy <christophe.leroy(a)csgroup.eu>
module: Don't fail module loading when setting ro_after_init section RO failed
Sebastian Andrzej Siewior <bigeasy(a)linutronix.de>
module: Extend the preempt disabled section in dereference_symbol_descriptor().
Suren Baghdasaryan <surenb(a)google.com>
alloc_tag: avoid current->alloc_tag manipulations when profiling is disabled
Ryusuke Konishi <konishi.ryusuke(a)gmail.com>
nilfs2: handle errors that nilfs_prepare_chunk() may return
Ryusuke Konishi <konishi.ryusuke(a)gmail.com>
nilfs2: protect access to buffers with no active references
Ryusuke Konishi <konishi.ryusuke(a)gmail.com>
nilfs2: do not force clear folio if buffer is referenced
Su Yue <glass.su(a)suse.com>
ocfs2: mark dquot as inactive if failed to start trans while releasing dquot
Gao Xiang <xiang(a)kernel.org>
erofs: fix potential return value overflow of z_erofs_shrink_scan()
Charles Han <hanchunchao(a)inspur.com>
firewire: test: Fix potential null dereference in firewire kunit test
Guixin Liu <kanie(a)linux.alibaba.com>
scsi: mpi3mr: Fix possible crash when setting up bsg fails
Guixin Liu <kanie(a)linux.alibaba.com>
scsi: ufs: bsg: Delete bsg_dev when setting up bsg fails
Paul Menzel <pmenzel(a)molgen.mpg.de>
scsi: mpt3sas: Set ioc->manu_pg11.EEDPTagMode directly to 1
Daire McNamara <daire.mcnamara(a)microchip.com>
PCI: microchip: Set inbound address translation for coherent or non-coherent mode
Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org>
PCI: endpoint: pci-epf-test: Fix check for DMA MEMCPY test
Mohamed Khalfella <khalfella(a)gmail.com>
PCI: endpoint: pci-epf-test: Set dma_chan_rx pointer to NULL on error
Richard Zhu <hongxing.zhu(a)nxp.com>
PCI: dwc: Always stop link in the dw_pcie_suspend_noirq
Krishna chaitanya chundru <quic_krichai(a)quicinc.com>
PCI: qcom: Update ICC and OPP values after Link Up event
Richard Zhu <hongxing.zhu(a)nxp.com>
PCI: imx6: Add missing reference clock disable logic
Richard Zhu <hongxing.zhu(a)nxp.com>
PCI: imx6: Deassert apps_reset in imx_pcie_deassert_core_reset()
Richard Zhu <hongxing.zhu(a)nxp.com>
PCI: imx6: Skip controller_id generation logic for i.MX7D
Frank Li <Frank.Li(a)nxp.com>
PCI: imx6: Configure PHY based on Root Complex or Endpoint mode
Dan Carpenter <dan.carpenter(a)linaro.org>
PCI: rockchip-ep: Fix error code in rockchip_pcie_ep_init_ob_mem()
Damien Le Moal <dlemoal(a)kernel.org>
PCI: rockchip: Add missing fields descriptions for struct rockchip_pcie_ep
King Dix <kingdix10(a)qq.com>
PCI: rcar-ep: Fix incorrect variable used when calling devm_request_mem_region()
Desnes Nunes <desnesn(a)redhat.com>
media: dvb-usb-v2: af9035: fix ISO C90 compilation error on af9035_i2c_master_xfer
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
staging: media: imx: fix OF node leak in imx_media_add_of_subdevs()
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
watchdog: rti_wdt: Fix an OF node leak in rti_wdt_probe()
Laurentiu Palcu <laurentiu.palcu(a)oss.nxp.com>
media: nxp: imx8-isi: fix v4l2-compliance test errors
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
mtd: hyperbus: hbmc-am654: fix an OF node reference leak
david regan <dregan(a)broadcom.com>
mtd: rawnand: brcmnand: fix status read of brcmnand_waitfunc
Ricardo Ribalda <ribalda(a)chromium.org>
media: uvcvideo: Propagate buf->error to userspace
Ricardo Ribalda <ribalda(a)chromium.org>
media: uvcvideo: Fix deadlock during uvc_probe
Jiasheng Jiang <jiashengjiangcool(a)gmail.com>
media: camif-core: Add check for clk_enable()
Jiasheng Jiang <jiashengjiangcool(a)gmail.com>
media: mipi-csis: Add check for clk_enable()
Dave Stevenson <dave.stevenson(a)raspberrypi.com>
media: i2c: ov9282: Correct the exposure offset
Luca Weiss <luca.weiss(a)fairphone.com>
media: i2c: imx412: Add missing newline to prints
Dave Stevenson <dave.stevenson(a)raspberrypi.com>
media: i2c: imx290: Register 0x3011 varies between imx327 and imx290
Jiasheng Jiang <jiashengjiangcool(a)gmail.com>
media: marvell: Add check for clk_enable()
Chen-Yu Tsai <wenst(a)chromium.org>
remoteproc: mtk_scp: Only populate devices for SCP cores
Zijun Hu <quic_zijuhu(a)quicinc.com>
PCI: endpoint: Destroy the EPC device in devm_pci_epc_destroy()
Chen Ni <nichen(a)iscas.ac.cn>
media: lmedm04: Handle errors for lme2510_int_read
Oliver Neukum <oneukum(a)suse.com>
media: rc: iguanair: handle timeouts
Dmytro Maluka <dmaluka(a)chromium.org>
of/fdt: Restore possibility to use both ACPI and FDT from bootloader
Mark Brown <broonie(a)kernel.org>
spi: omap2-mcspi: Correctly handle devm_clk_get_optional() errors
Michal Wilczynski <m.wilczynski(a)samsung.com>
mailbox: th1520: Fix memory corruption due to incorrect array size
Dan Carpenter <dan.carpenter(a)linaro.org>
mailbox: mpfs: fix copy and paste bug in probe
Dan Carpenter <dan.carpenter(a)linaro.org>
mailbox: th1520: Fix a NULL vs IS_ERR() bug
Qasim Ijaz <qasdev00(a)gmail.com>
iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index()
Suraj Sonawane <surajsonawane0215(a)gmail.com>
iommu: iommufd: fix WARNING in iommufd_device_unbind
Zhu Yanjun <yanjun.zhu(a)linux.dev>
RDMA/rxe: Fix the warning "__rxe_cleanup+0x12c/0x170 [rdma_rxe]"
Anumula Murali Mohan Reddy <anumula(a)chelsio.com>
RDMA/cxgb4: Notify rdma stack for IB_EVENT_QP_LAST_WQE_REACHED event
Randy Dunlap <rdunlap(a)infradead.org>
efi: sysfb_efi: fix W=1 warnings when EFI is not set
Zijun Hu <quic_zijuhu(a)quicinc.com>
of: reserved-memory: Do not make kmemleak ignore freed address
Zijun Hu <quic_zijuhu(a)quicinc.com>
of: property: Avoiding using uninitialized variable @imaplen in parse_interrupt_map()
Michael Guralnik <michaelgur(a)nvidia.com>
RDMA/mlx5: Fix indirect mkey ODP page count
Pei Xiao <xiaopei01(a)kylinos.cn>
i3c: dw: Fix use-after-free in dw_i3c_master driver due to race condition
Joel Stanley <joel(a)jms.id.au>
arm64: dts: qcom: x1e80100-romulus: Update firmware nodes
Akhil R <akhilrajeev(a)nvidia.com>
arm64: tegra: Fix DMA ID for SPI2
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
fbdev: omapfb: Fix an OF node leak in dss_of_port_get_parent_device()
Josua Mayer <josua(a)solid-run.com>
arm64: dts: ti: k3-am642-hummingboard-t: Convert overlay to board dts
Siddharth Vadapalli <s-vadapalli(a)ti.com>
arm64: dts: ti: Makefile: Fix typo "k3-j7200-evm-pcie1-ep.dtbo"
Michael Riesch <michael.riesch(a)wolfvision.net>
arm64: dts: rockchip: fix num-channels property of wolfvision pf5 mic
Jagan Teki <jagan(a)edgeble.ai>
arm64: dts: rockchip: Fix PCIe3 handling for Edgeble-6TOPS Modules
Rafał Miłecki <rafal(a)milecki.pl>
ARM: dts: mediatek: mt7623: fix IR nodename
Josua Mayer <josua(a)solid-run.com>
arm64: dts: marvell: cn9131-cf-solidwan: fix cp1 comphy links
Vladimir Zapolskiy <vladimir.zapolskiy(a)linaro.org>
arm64: dts: qcom: sm8250: Fix interrupt types of camss interrupts
Vladimir Zapolskiy <vladimir.zapolskiy(a)linaro.org>
arm64: dts: qcom: sdm845: Fix interrupt types of camss interrupts
Vladimir Zapolskiy <vladimir.zapolskiy(a)linaro.org>
arm64: dts: qcom: sc8280xp: Fix interrupt type of camss interrupts
Val Packett <val(a)packett.cool>
arm64: dts: mediatek: add per-SoC compatibles for keypad nodes
Jason-JH.Lin <jason-jh.lin(a)mediatek.com>
dts: arm64: mediatek: mt8195: Remove MT8183 compatible for OVL
Jason-JH.Lin <jason-jh.lin(a)mediatek.com>
dts: arm64: mediatek: mt8188: Update OVL compatible from MT8183 to MT8195
Frank Wunderlich <frank-w(a)public-files.de>
arm64: dts: mediatek: mt7988: Add missing clock-div property for i2c
Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org>
firmware: qcom: scm: Cleanup global '__scm' on probe failures
Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com>
arm64: dts: qcom: sc8280xp: Fix up remoteproc register space sizes
Neil Armstrong <neil.armstrong(a)linaro.org>
arm64: dts: qcom: sm8150-microsoft-surface-duo: fix typos in da7280 properties
Neil Armstrong <neil.armstrong(a)linaro.org>
arm64: dts: qcom: sc7180: fix psci power domain node names
Alan Stern <stern(a)rowland.harvard.edu>
HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections
Neil Armstrong <neil.armstrong(a)linaro.org>
arm64: dts: qcom: sc7180-trogdor-pompom: rename 5v-choke thermal zone
Neil Armstrong <neil.armstrong(a)linaro.org>
arm64: dts: qcom: sc7180-trogdor-quackingstick: add missing avee-supply
Neil Armstrong <neil.armstrong(a)linaro.org>
arm64: dts: qcom: sdm845-db845c-navigation-mezzanine: remove disabled ov7251 camera
Neil Armstrong <neil.armstrong(a)linaro.org>
arm64: dts: qcom: qcm6490-shift-otter: remove invalid orientation-switch
Aaro Koskinen <aaro.koskinen(a)iki.fi>
ARM: omap1: Fix up the Retu IRQ on Nokia 770
Junxian Huang <huangjunxian6(a)hisilicon.com>
RDMA/hns: Clean up the legacy CONFIG_INFINIBAND_HNS
Li Zhijian <lizhijian(a)fujitsu.com>
RDMA/rtrs: Add missing deinit() call
Kalesh AP <kalesh-anakkur.purayil(a)broadcom.com>
RDMA/bnxt_re: Fix to drop reference to the mmap entry in case of error
Jonas Karlman <jonas(a)kwiboo.se>
arm64: dts: rockchip: Fix sdmmc access on rk3308-rock-s0 v1.1 boards
Bryan Brattlof <bb(a)ti.com>
arm64: dts: ti: k3-am62a: Remove duplicate GICR reg
Bryan Brattlof <bb(a)ti.com>
arm64: dts: ti: k3-am62: Remove duplicate GICR reg
Cristian Birsan <cristian.birsan(a)microchip.com>
ARM: dts: microchip: sama5d27_wlsom1_ek: Add no-1-8-v property to sdmmc0 node
Cristian Birsan <cristian.birsan(a)microchip.com>
ARM: dts: microchip: sama5d29_curiosity: Add no-1-8-v property to sdmmc0 node
Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org>
arm64: dts: qcom: sm8650: Fix CDSP context banks unit addresses
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: x1e80100: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: sm8650: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: sm8550: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: sm8450: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: sm8350: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: sm8250: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: sm6375: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: sm6125: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: sm4450: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: sdx75: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: sc7280: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: qrb4210-rb2: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: q[dr]u1000: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: qcs404: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: msm8994: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: msm8939: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: msm8916: correct sleep clock frequency
Luca Weiss <luca.weiss(a)fairphone.com>
arm64: dts: qcom: sm7225-fairphone-fp4: Drop extra qcom,msm-id value
Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com>
arm64: dts: qcom: msm8994: Describe USB interrupts
Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com>
arm64: dts: qcom: msm8996: Fix up USB3 interrupts
Ross Burton <ross.burton(a)arm.com>
arm64: defconfig: remove obsolete CONFIG_SM_DISPCC_8650
Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com>
arm64: dts: qcom: sa8775p: Use valid node names for GPI DMAs
Maulik Shah <quic_mkshah(a)quicinc.com>
arm64: dts: qcom: sa8775p: Add CPUs to psci power domain
Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com>
arm64: dts: qcom: sa8775p: Use a SoC-specific compatible for GPI DMA
Taniya Das <quic_tdas(a)quicinc.com>
arm64: dts: qcom: sa8775p: Update sleep_clk frequency
Marek Vasut <marex(a)denx.de>
arm64: dts: qcom: msm8996-xiaomi-gemini: Fix LP5562 LED1 reg property
Chen-Yu Tsai <wenst(a)chromium.org>
arm64: dts: mediatek: mt8183-kukui-jacuzzi: Drop pp3300_panel voltage settings
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
memory: tegra20-emc: fix an OF node reference bug in tegra_emc_find_node_by_ram_code()
Marek Vasut <marex(a)denx.de>
ARM: dts: stm32: Swap USART3 and UART8 alias on STM32MP15xx DHCOM SoM
Marek Vasut <marex(a)denx.de>
ARM: dts: stm32: Deduplicate serial aliases and chosen node for STM32MP15xx DHCOM SoM
Nícolas F. R. A. Prado <nfraprado(a)collabora.com>
arm64: dts: mediatek: mt8195: Remove suspend-breaking reset from pcie1
Ma Ke <make_ruc2021(a)163.com>
RDMA/srp: Fix error handling in srp_add_port
Hsin-Te Yuan <yuanhsinte(a)chromium.org>
arm64: dts: mediatek: mt8183: willow: Support second source touchscreen
Hsin-Te Yuan <yuanhsinte(a)chromium.org>
arm64: dts: mediatek: mt8183: kenzo: Support second source touchscreen
zhenwei pi <pizhenwei(a)bytedance.com>
RDMA/rxe: Fix mismatched max_msg_sz
Mamta Shukla <mamta.shukla(a)leica-geosystems.com>
arm: dts: socfpga: use reset-name "stmmaceth-ocp" instead of "ahb"
Ricky CX Wu <ricky.cx.wu.wiwynn(a)gmail.com>
ARM: dts: aspeed: yosemite4: correct the compatible string for max31790
Ricky CX Wu <ricky.cx.wu.wiwynn(a)gmail.com>
ARM: dts: aspeed: yosemite4: Add required properties for IOE on fan boards
Ricky CX Wu <ricky.cx.wu.wiwynn(a)gmail.com>
ARM: dts: aspeed: yosemite4: correct the compatible string of adm1272
Chen-Yu Tsai <wenst(a)chromium.org>
arm64: dts: mediatek: mt8173-evb: Fix MT6397 PMIC sub-node names
Chen-Yu Tsai <wenst(a)chromium.org>
arm64: dts: mediatek: mt8173-elm: Fix MT6397 PMIC sub-node names
Chen-Yu Tsai <wenst(a)chromium.org>
arm64: dts: mediatek: mt8395-genio-1200-evk: Drop regulator-compatible property
Chen-Yu Tsai <wenst(a)chromium.org>
arm64: dts: medaitek: mt8395-nio-12l: Drop regulator-compatible property
Chen-Yu Tsai <wenst(a)chromium.org>
arm64: dts: mediatek: mt8195-demo: Drop regulator-compatible property
Chen-Yu Tsai <wenst(a)chromium.org>
arm64: dts: mediatek: mt8195-cherry: Drop regulator-compatible property
Chen-Yu Tsai <wenst(a)chromium.org>
arm64: dts: mediatek: mt8192-asurada: Drop regulator-compatible property
Chen-Yu Tsai <wenst(a)chromium.org>
arm64: dts: mediatek: mt8173-elm: Drop regulator-compatible property
Chen-Yu Tsai <wenst(a)chromium.org>
arm64: dts: mediatek: mt8173-evb: Drop regulator-compatible property
Dan Carpenter <dan.carpenter(a)linaro.org>
rdma/cxgb4: Prevent potential integer overflow on 32bit
Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com>
arm64: dts: renesas: rzg3s-smarc: Fix the debug serial alias
Leon Romanovsky <leon(a)kernel.org>
RDMA/mlx4: Avoid false error about access to uninitialized gids array
Arnaud Pouliquen <arnaud.pouliquen(a)foss.st.com>
ARM: dts: stm32: Fix IPCC EXTI declaration on stm32mp151
Marek Vasut <marex(a)denx.de>
ARM: dts: stm32: Sort M24256E write-lockable page in DH STM32MP13xx DHCOR SoM DT
Marek Vasut <marex(a)denx.de>
ARM: dts: stm32: Increase CPU core voltage on STM32MP13xx DHCOR SoM
Val Packett <val(a)packett.cool>
arm64: dts: mediatek: mt8516: reserve 192 KiB for TF-A
Val Packett <val(a)packett.cool>
arm64: dts: mediatek: mt8516: add i2c clock-div property
Val Packett <val(a)packett.cool>
arm64: dts: mediatek: mt8516: fix wdt irq type
Val Packett <val(a)packett.cool>
arm64: dts: mediatek: mt8516: fix GICv2 range
Hsin-Yi Wang <hsinyi(a)chromium.org>
arm64: dts: mt8183: set DMIC one-wire mode on Damu
Nícolas F. R. A. Prado <nfraprado(a)collabora.com>
arm64: dts: mediatek: mt8186: Move wakeup to MTU3 to get working suspend
Alexander Stein <alexander.stein(a)ew.tq-group.com>
ARM: dts: imx7-tqma7: add missing vs-supply for LM75A (rev. 01xxx)
Nicolas Ferre <nicolas.ferre(a)microchip.com>
ARM: at91: pm: change BU Power Switch to automatic mode
Javier Carrasco <javier.carrasco.cruz(a)gmail.com>
soc: atmel: fix device_node release in atmel_soc_device_init()
Hou Tao <houtao1(a)huawei.com>
bpf: Cancel the running bpf_timer through kworker for PREEMPT_RT
Pali Rohár <pali(a)kernel.org>
cifs: Use cifs_autodisable_serverino() for disabling CIFS_MOUNT_SERVER_INUM in readdir.c
Paulo Alcantara <pc(a)manguebit.com>
smb: client: fix oops due to unset link speed
Herbert Xu <herbert(a)gondor.apana.org.au>
rhashtable: Fix rhashtable_try_insert test
Chen Ridong <chenridong(a)huawei.com>
padata: avoid UAF for reorder_work
Chen Ridong <chenridong(a)huawei.com>
padata: add pd get/put refcnt helper
Chen Ridong <chenridong(a)huawei.com>
padata: fix UAF in padata_reorder
Chun-Tse Shao <ctshao(a)google.com>
perf lock: Fix parse_lock_type which only retrieve one lock flag
Vishal Chourasia <vishalc(a)linux.ibm.com>
tools: Sync if_xdp.h uapi tooling header
Kailang Yang <kailang(a)realtek.com>
ALSA: hda/realtek - Fixed headphone distorted sound on Acer Aspire A115-31 laptop
Jason Gunthorpe <jgg(a)ziepe.ca>
iommu/amd: Fully decode all combinations of alloc_paging_flags
Jason Gunthorpe <jgg(a)ziepe.ca>
iommu/amd: Change amd_iommu_pgtable to use enum protection_domain_mode
Jason Gunthorpe <jgg(a)ziepe.ca>
iommu/amd: Remove type argument from do_iommu_domain_alloc() and related
Jason Gunthorpe <jgg(a)ziepe.ca>
iommu/amd: Remove dev == NULL checks
Jason Gunthorpe <jgg(a)ziepe.ca>
iommu/amd: Remove domain_alloc()
Alejandro Jimenez <alejandro.j.jimenez(a)oracle.com>
iommu/amd: Remove unused amd_iommu_domain_update()
Guo Ren <guoren(a)kernel.org>
iommu/riscv: Fixup compile warning
Daniel Xu <dxu(a)dxuuu.xyz>
bpf: tcp: Mark bpf_load_hdr_opt() arg2 as read-write
Pu Lehui <pulehui(a)huawei.com>
libbpf: Fix incorrect traversal end type ID when marking BTF_IS_EMBEDDED
Pu Lehui <pulehui(a)huawei.com>
libbpf: Fix return zero when elf_begin failed
Pu Lehui <pulehui(a)huawei.com>
selftests/bpf: Fix btf leak on new btf alloc failure in btf_distill test
Tony Ambardar <tony.ambardar(a)gmail.com>
selftests/bpf: Fix undefined UINT_MAX in veristat.c
Puranjay Mohan <puranjay(a)kernel.org>
bpf: Send signals asynchronously if !preemptible
Simon Trimmer <simont(a)opensource.cirrus.com>
ASoC: Intel: sof_sdw: Fix DMI match for Lenovo 83JX, 83MC and 83NM
Simon Trimmer <simont(a)opensource.cirrus.com>
ASoC: Intel: sof_sdw: Fix DMI match for Lenovo 83LC
Ian Rogers <irogers(a)google.com>
perf inject: Fix use without initialization of local variables
Ian Rogers <irogers(a)google.com>
perf test stat: Avoid hybrid assumption when virtualized
Maciej S. Szmigiero <mail(a)maciej.szmigiero.name>
pinctrl: amd: Take suspend type into consideration which pins are non-wake
Mingwei Zheng <zmw12306(a)gmail.com>
pinctrl: stm32: Add check for clk_enable()
Jiachen Zhang <me(a)jcix.top>
perf report: Fix misleading help message about --demangle
Cezary Rojewski <cezary.rojewski(a)intel.com>
ALSA: hda: Fix compilation of snd_hdac_adsp_xxx() helpers
Arnaldo Carvalho de Melo <acme(a)kernel.org>
perf MANIFEST: Add arch/*/include/uapi/asm/bpf_perf_event.h to the perf tarball
Namhyung Kim <namhyung(a)kernel.org>
perf symbol: Prefer non-label symbols with same address
Amadeusz Sławiński <amadeuszx.slawinski(a)linux.intel.com>
ASoC: Intel: avs: Fix init-config parsing
Cezary Rojewski <cezary.rojewski(a)intel.com>
ASoC: Intel: avs: Fix theoretical infinite loop
Cezary Rojewski <cezary.rojewski(a)intel.com>
ASoC: Intel: avs: Fix the minimum firmware version numbers
Cezary Rojewski <cezary.rojewski(a)intel.com>
ASoC: Intel: avs: Do not readq() u32 registers
Arnaldo Carvalho de Melo <acme(a)redhat.com>
perf namespaces: Fixup the nsinfo__in_pidns() return type, its bool
Arnaldo Carvalho de Melo <acme(a)redhat.com>
perf namespaces: Introduce nsinfo__set_in_pidns()
Christophe Leroy <christophe.leroy(a)csgroup.eu>
perf machine: Don't ignore _etext when not a text symbol
Christophe Leroy <christophe.leroy(a)csgroup.eu>
perf maps: Fix display of kernel symbols
Arnaldo Carvalho de Melo <acme(a)redhat.com>
perf top: Don't complain about lack of vmlinux when not resolving some kernel samples
Lu Baolu <baolu.lu(a)linux.intel.com>
iommu/vt-d: Draining PRQ in sva unbind path when FPD bit set
Jiayuan Chen <mrpre(a)163.com>
selftests/bpf: Avoid generating untracked files when running bpf selftests
Thomas Weißschuh <linux(a)weissschuh.net>
padata: fix sysfs store callback check
Martin KaFai Lau <martin.lau(a)kernel.org>
bpf: Reject struct_ops registration that uses module ptr and the module btf_id is missing
Takashi Iwai <tiwai(a)suse.de>
ALSA: seq: Make dependency on UMP clearer
Pei Xiao <xiaopei01(a)kylinos.cn>
bpf: Use refcount_t instead of atomic_t for mmap_count
Kanchana P Sridhar <kanchana.p.sridhar(a)intel.com>
crypto: iaa - Fix IAA disabling that occurs when sync_mode is set to 'async'
James Clark <james.clark(a)linaro.org>
perf stat: Fix trailing comma when there is no metric unit
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
crypto: ixp4xx - fix OF node reference leaks in init_ixp_crypto()
Wenkai Lin <linwenkai6(a)hisilicon.com>
crypto: hisilicon/sec2 - fix for aead invalid authsize
Wenkai Lin <linwenkai6(a)hisilicon.com>
crypto: hisilicon/sec2 - fix for aead icv error
Breno Leitao <leitao(a)debian.org>
rhashtable: Fix potential deadlock by moving schedule_work outside lock
Martin KaFai Lau <martin.lau(a)kernel.org>
bpf: bpf_local_storage: Always use bpf_mem_alloc in PREEMPT_RT
Ba Jing <bajing(a)cmss.chinamobile.com>
ktest.pl: Remove unused declarations in run_bisect_test function
Mingwei Zheng <zmw12306(a)gmail.com>
pinctrl: nomadik: Add check for clk_enable()
Levi Yun <yeoreum.yun(a)arm.com>
perf expr: Initialize is_test value in expr__ctx_new()
Arnaldo Carvalho de Melo <acme(a)redhat.com>
tools build: Remove the libunwind feature tests from the ones detected when test-all.o builds
Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com>
ASoC: renesas: rz-ssi: Use only the proper amount of dividers
Zhongqiu Han <quic_zhonhan(a)quicinc.com>
perf bpf: Fix two memory leakages when calling perf_env__insert_bpf_prog_info()
Zhongqiu Han <quic_zhonhan(a)quicinc.com>
perf header: Fix one memory leakage in process_bpf_prog_info()
Zhongqiu Han <quic_zhonhan(a)quicinc.com>
perf header: Fix one memory leakage in process_bpf_btf()
Hans de Goede <hdegoede(a)redhat.com>
platform/x86: x86-android-tablets: Make variables only used locally static
Hans de Goede <hdegoede(a)redhat.com>
platform/x86: x86-android-tablets: Add missing __init to get_i2c_adap_by_*()
Gaurav Jain <gaurav.jain(a)nxp.com>
crypto: caam - use JobR's space to access page 0 regs
Herbert Xu <herbert(a)gondor.apana.org.au>
crypto: api - Fix boot-up self-test race
Chen Ridong <chenridong(a)huawei.com>
crypto: tegra - do not transfer req when tegra init fails
Jason Gunthorpe <jgg(a)ziepe.ca>
iommu/arm-smmuv3: Update comments about ATS and bypass
Saket Kumar Bhaskar <skb99(a)linux.ibm.com>
selftests/bpf: Fix fill_link_info selftest on powerpc
Arnaldo Carvalho de Melo <acme(a)redhat.com>
tools features: Don't check for libunwind devel files by default
George Lander <lander(a)jagmn.com>
ASoC: sun4i-spdif: Add clock multiplier settings
Bard Liao <yung-chuan.liao(a)linux.intel.com>
ASoC: Intel: sof_sdw: correct mach_params->dmic_num
Quentin Monnet <qmo(a)kernel.org>
libbpf: Fix segfault due to libelf functions not setting errno
Andrea Righi <arighi(a)nvidia.com>
sched_ext: Use the NUMA scheduling domain for NUMA optimizations
Marco Leogrande <leogrande(a)google.com>
tools/testing/selftests/bpf/test_tc_tunnel.sh: Fix wait for server bind
Takashi Iwai <tiwai(a)suse.de>
ASoC: wcd937x: Use *-y for Makefile
Takashi Iwai <tiwai(a)suse.de>
ASoC: cs42l84: Use *-y for Makefile
Takashi Iwai <tiwai(a)suse.de>
ASoC: SDCA: Use *-y for Makefile
Takashi Iwai <tiwai(a)suse.de>
ASoC: mediatek: mt8365: Use *-y for Makefile
Takashi Iwai <tiwai(a)suse.de>
ASoC: cs40l50: Use *-y for Makefile
Andrii Nakryiko <andrii(a)kernel.org>
libbpf: don't adjust USDT semaphore address if .stapsdt.base addr is missing
Christophe JAILLET <christophe.jaillet(a)wanadoo.fr>
pinctrl: samsung: Fix irq handling if an error occurs in exynos_irq_demux_eint16_31()
Pei Xiao <xiaopei01(a)kylinos.cn>
platform/x86: x86-android-tablets: make platform data be static
Pei Xiao <xiaopei01(a)kylinos.cn>
platform/mellanox: mlxbf-pmc: incorrect type in assignment
Nikita Zhandarovich <n.zhandarovich(a)fintech.ru>
net/rose: prevent integer overflows in rose_setsockopt()
Mahdi Arghavani <ma.arghavani(a)yahoo.com>
tcp_cubic: fix incorrect HyStart round start detection
Roger Quadros <rogerq(a)kernel.org>
net: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns()
Xin Long <lucien.xin(a)gmail.com>
net: sched: refine software bypass handling in tc_run
Florian Westphal <fw(a)strlen.de>
netfilter: nft_flow_offload: update tcp state flags under lock
Pablo Neira Ayuso <pablo(a)netfilter.org>
netfilter: nf_tables: fix set size with rbtree backend
Jamal Hadi Salim <jhs(a)mojatatu.com>
net: sched: Disallow replacing of child qdisc from one parent to another
Antoine Tenart <atenart(a)kernel.org>
net: avoid race between device unregistration and ethnl ops
Shinas Rasheed <srasheed(a)marvell.com>
octeon_ep_vf: remove firmware stats fetch in ndo_get_stats64
Shinas Rasheed <srasheed(a)marvell.com>
octeon_ep: remove firmware stats fetch in ndo_get_stats64
Maher Sanalla <msanalla(a)nvidia.com>
net/mlxfw: Drop hard coded max FW flash image size
Liu Jian <liujian56(a)huawei.com>
net: let net.core.dev_weight always be non-zero
Mickaël Salaün <mic(a)digikod.net>
selftests/landlock: Fix error message
Mickaël Salaün <mic(a)digikod.net>
selftests/landlock: Fix build with non-default pthread linking
Daniel Golle <daniel(a)makrotopia.org>
net: phy: realtek: always clear NBase-T lpa
Daniel Golle <daniel(a)makrotopia.org>
net: phy: realtek: clear master_slave_state if link is down
Daniel Golle <daniel(a)makrotopia.org>
net: phy: realtek: clear 1000Base-T lpa if link is down
Mingwei Zheng <zmw12306(a)gmail.com>
pwm: stm32: Add check for clk_enable()
Kuniyuki Iwashima <kuniyu(a)amazon.com>
dev: Acquire netdev_rename_lock before restoring dev->name in dev_change_name().
Bo Gan <ganboing(a)gmail.com>
clk: analogbits: Fix incorrect calculation of vco rate delta
Eric Dumazet <edumazet(a)google.com>
inet: ipmr: fix data-races
Alexis Lothoré <alexis.lothore(a)bootlin.com>
wifi: wilc1000: unregister wiphy only after netdev registration
Max Chou <max.chou(a)realtek.com>
Bluetooth: btrtl: check for NULL in btrtl_setup_realtek()
Charles Han <hanchunchao(a)inspur.com>
Bluetooth: btbcm: Fix NULL deref in btbcm_get_board_name()
Dmitry Antipov <dmantipov(a)yandex.ru>
wifi: cfg80211: adjust allocation of colocated AP data
Dmitry V. Levin <ldv(a)strace.io>
selftests: harness: fix printing of mismatch values in __EXPECT()
Geert Uytterhoeven <geert+renesas(a)glider.be>
selftests: timers: clocksource-switch: Adapt progress to kselftest framework
Aditya Kumar Singh <quic_adisi(a)quicinc.com>
wifi: ath12k: fix key cache handling
Gautham R. Shenoy <gautham.shenoy(a)amd.com>
cpufreq: ACPI: Fix max-frequency computation
Uwe Kleine-König <u.kleine-koenig(a)baylibre.com>
i2c: designware: Actually make use of the I2C_DW_COMMON and I2C_DW symbol namespaces
Peter Chiu <chui-hao.chiu(a)mediatek.com>
wifi: mt76: mt7996: fix ldpc setting
Benjamin Lin <benjamin-jw.lin(a)mediatek.com>
wifi: mt76: mt7996: fix definition of tx descriptor
Benjamin Lin <benjamin-jw.lin(a)mediatek.com>
wifi: mt76: mt7996: fix incorrect indexing of MIB FW event
Howard Hsu <howard-yh.hsu(a)mediatek.com>
wifi: mt76: mt7996: fix HE Phy capability
Howard Hsu <howard-yh.hsu(a)mediatek.com>
wifi: mt76: mt7996: fix the capability of reception of EHT MU PPDU
Peter Chiu <chui-hao.chiu(a)mediatek.com>
wifi: mt76: mt7996: add max mpdu len capability
Peter Chiu <chui-hao.chiu(a)mediatek.com>
wifi: mt76: mt7996: fix register mapping
Peter Chiu <chui-hao.chiu(a)mediatek.com>
wifi: mt76: mt7915: fix register mapping
Felix Fietkau <nbd(a)nbd.name>
wifi: mt76: mt7915: fix omac index assignment after hardware reset
Felix Fietkau <nbd(a)nbd.name>
wifi: mt76: mt7915: firmware restart on devices with a second pcie link
Felix Fietkau <nbd(a)nbd.name>
wifi: mt76: only enable tx worker after setting the channel
Felix Fietkau <nbd(a)nbd.name>
wifi: mt76: mt7996: fix rx filter setting for bfee functionality
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: Properly handle responses for commands with events
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: Cleanup MLO settings post-disconnection
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: Update mt7925_mcu_uni_[tx,rx]_ba for MLO
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: Init secondary link PM state
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: Update secondary link PS flow
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: Update mt7925_unassign_vif_chanctx for per-link BSS
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: Update mt792x_rx_get_wcid for per-link STA
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: Update mt7925_mcu_sta_update for BC in ASSOC state
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: Enhance mt7925_mac_link_sta_add to support MLO
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: Enhance mt7925_mac_link_bss_add to support MLO
Leon Yen <leon.yen(a)mediatek.com>
wifi: mt76: mt7925: Fix CNM Timeout with Single Active Link in MLO
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: fix wrong parameter for related cmd of chan info
allan.wang <allan.wang(a)mediatek.com>
wifi: mt76: mt7925: Fix incorrect WCID phy_idx assignment
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: Fix incorrect WCID assignment for MLO
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: Fix incorrect MLD address in bss_mld_tlv for MLO support
Sean Wang <sean.wang(a)mediatek.com>
wifi: mt76: connac: Extend mt76_connac_mcu_uni_add_dev for MLO
xueqin Luo <luoxueqin(a)kylinos.cn>
wifi: mt76: mt7915: fix overflows seen when writing limit attributes
xueqin Luo <luoxueqin(a)kylinos.cn>
wifi: mt76: mt7996: fix overflows seen when writing limit attributes
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: fix the invalid ip address for arp offload
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: fix get wrong chip cap from incorrect pointer
Eric-SY Chang <eric-sy.chang(a)mediatek.com>
wifi: mt76: mt7925: fix wrong band_idx setting when enable sniffer mode
Charles Han <hanchunchao(a)inspur.com>
wifi: mt76: mt7925: fix NULL deref check in mt7925_change_vif_links
Christophe JAILLET <christophe.jaillet(a)wanadoo.fr>
wifi: mt76: mt7915: Fix an error handling path in mt7915_add_interface()
Michael Lo <michael.lo(a)mediatek.com>
wifi: mt76: mt7921: fix using incorrect group cipher after disconnection.
WangYuli <wangyuli(a)uniontech.com>
wifi: mt76: mt76u_vendor_request: Do not print error messages when -EPROTO
Mickaël Salaün <mic(a)digikod.net>
landlock: Handle weird files
Guangguan Wang <guangguan.wang(a)linux.alibaba.com>
net/smc: fix data error when recvmsg with MSG_PEEK flag
Drew Fustini <dfustini(a)tenstorrent.com>
clk: thead: Fix cpu2vp_clk for TH1520 AP_SUBSYS clocks
Drew Fustini <dfustini(a)tenstorrent.com>
clk: thead: Add CLK_IGNORE_UNUSED to fix TH1520 boot
Drew Fustini <dfustini(a)tenstorrent.com>
clk: thead: Fix clk gate registration to pass flags
Sergio Paracuellos <sergio.paracuellos(a)gmail.com>
clk: ralink: mtmips: remove duplicated 'xtal' clock for Ralink SoC RT3883
Johannes Berg <johannes.berg(a)intel.com>
wifi: mac80211: don't flush non-uploaded STAs
Ilan Peer <ilan.peer(a)intel.com>
wifi: mac80211: Fix common size calculation for ML element
Andy Strohman <andrew(a)andrewstrohman.com>
wifi: mac80211: fix tid removal during mesh forwarding
Kees Cook <kees(a)kernel.org>
wifi: cfg80211: Move cfg80211_scan_req_add_chan() n_channels increment earlier
Johannes Berg <johannes.berg(a)intel.com>
wifi: mac80211: prohibit deactivating all links
Emmanuel Grumbach <emmanuel.grumbach(a)intel.com>
wifi: iwlwifi: mvm: remove unneeded NULL pointer checks
Daniel Gabay <daniel.gabay(a)intel.com>
wifi: iwlwifi: mvm: don't count mgmt frames as MPDU
Miri Korenblit <miriam.rachel.korenblit(a)intel.com>
wifi: iwlwifi: mvm: avoid NULL pointer dereference
Johannes Berg <johannes.berg(a)intel.com>
wifi: iwlwifi: fw: read STEP table from correct UEFI var
Nicolas Cavallari <nicolas.cavallari(a)green-communications.fr>
wifi: mt76: mt7915: Fix mesh scan on MT7916 DBDC
Dan Carpenter <dan.carpenter(a)linaro.org>
wifi: mt76: mt7925: fix off by one in mt7925_load_clc()
Joel Stanley <joel(a)jms.id.au>
hwmon: Fix help text for aspeed-g6-pwm-tach
Ping-Ke Shih <pkshih(a)realtek.com>
wifi: rtw89: fix race between cancel_hw_scan and hw_scan completion
Zong-Zhe Yang <kevin_yang(a)realtek.com>
wifi: rtw89: mcc: consider time limits not divisible by 1024
Chih-Kang Chang <gary.chang(a)realtek.com>
wifi: rtw89: avoid to init mgnt_entry list twice when WoWLAN failed
Po-Hao Huang <phhuang(a)realtek.com>
wifi: rtw89: correct header conversion rule for MLO only
Zong-Zhe Yang <kevin_yang(a)realtek.com>
wifi: rtw89: chan: fix soft lockup in rtw89_entity_recalc_mgnt_roles()
Zong-Zhe Yang <kevin_yang(a)realtek.com>
wifi: rtw89: fix proceeding MCC with wrong scanning state after sequence changes
Andreas Kemnade <andreas(a)kemnade.info>
wifi: wlcore: fix unbalanced pm_runtime calls
Alexis Lothoré <alexis.lothore(a)bootlin.com>
wifi: wilc1000: unregister wiphy only if it has been registered
Shayne Chen <shayne.chen(a)mediatek.com>
wifi: mt76: mt7996: fix invalid interface combinations
Zichen Xie <zichenxie0106(a)gmail.com>
samples/landlock: Fix possible NULL dereference in parse_path()
Rob Herring (Arm) <robh(a)kernel.org>
mfd: syscon: Fix race in device_node_get_regmap()
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
leds: cht-wcove: Use devm_led_classdev_register() to avoid memory leak
Terry Tritton <terry.tritton(a)linaro.org>
HID: fix generic desktop D-Pad controls
Karol Przybylski <karprzy7(a)gmail.com>
HID: hid-thrustmaster: Fix warning in thrustmaster_probe by adding endpoint check
Amit Pundir <amit.pundir(a)linaro.org>
clk: qcom: gcc-sdm845: Do not use shared clk_ops for QUPs
Sathishkumar Muruganandam <quic_murugana(a)quicinc.com>
wifi: ath12k: fix tx power, max reg power update to firmware
Quan Nguyen <quan(a)os.amperecomputing.com>
ipmi: ssif_bmc: Fix new request loss when bmc ready for a response
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
OPP: OF: Fix an OF node leak in _opp_add_static_v2()
Yevgeny Kliteynik <kliteyn(a)nvidia.com>
net/mlx5: HWS, fix definer's HWS_SET32 macro for negative offset
Eric Dumazet <edumazet(a)google.com>
ax25: rcu protect dev->ax25_ptr
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
regulator: of: Implement the unwind path of of_regulator_match()
Vasily Khoruzhick <anarsoul(a)gmail.com>
clk: sunxi-ng: a64: stop force-selecting PLL-MIPI as TCON0 parent
Mario Limonciello <mario.limonciello(a)amd.com>
cpufreq/amd-pstate: Fix prefcore rankings
Octavian Purdila <tavip(a)google.com>
team: prevent adding a device which is already a team device lower
Bryan O'Donoghue <bryan.odonoghue(a)linaro.org>
clk: qcom: camcc-x1e80100: Set titan_top_gdsc as the parent GDSC of subordinate GDSCs
Peng Fan <peng.fan(a)nxp.com>
clk: imx: Apply some clks only for i.MX93
Shengjiu Wang <shengjiu.wang(a)nxp.com>
arm64: dts: imx93: Use IMX93_CLK_SPDIF_IPG as SPDIF IPG clock
Shengjiu Wang <shengjiu.wang(a)nxp.com>
clk: imx93: Add IMX93_CLK_SPDIF_IPG clock
Shengjiu Wang <shengjiu.wang(a)nxp.com>
dt-bindings: clock: imx93: Add SPDIF IPG clk
Marek Vasut <marex(a)denx.de>
clk: imx8mp: Fix clkout1/2 support
Stefano Brivio <sbrivio(a)redhat.com>
udp: Deal with race between UDP socket address change and rehash
Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org>
cpufreq: qcom: Implement clk_ops::determine_rate() for qcom_cpufreq* clocks
Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org>
cpufreq: qcom: Fix qcom_cpufreq_hw_recalc_rate() to query LUT if LMh IRQ is not available
Luca Ceresoli <luca.ceresoli(a)bootlin.com>
gpio: pca953x: log an error when failing to get the reset GPIO
Lorenzo Bianconi <lorenzo(a)kernel.org>
net: airoha: Fix error path in airoha_probe()
Eric Dumazet <edumazet(a)google.com>
ptr_ring: do not block hard interrupts in ptr_ring_resize_multiple()
Mickaël Salaün <mic(a)digikod.net>
selftests: ktap_helpers: Fix uninitialized variable
Sultan Alsawaf (unemployed) <sultan(a)kerneltoast.com>
cpufreq: schedutil: Fix superfluous updates caused by need_freq_update
Mingwei Zheng <zmw12306(a)gmail.com>
pwm: stm32-lp: Add check for clk_enable()
Eric Dumazet <edumazet(a)google.com>
inetpeer: do not get a refcount in inet_getpeer()
Eric Dumazet <edumazet(a)google.com>
inetpeer: update inetpeer timestamp in inet_getpeer()
Eric Dumazet <edumazet(a)google.com>
inetpeer: remove create argument of inet_getpeer()
Eric Dumazet <edumazet(a)google.com>
inetpeer: remove create argument of inet_getpeer_v[46]()
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
leds: netxbig: Fix an OF node reference leak in netxbig_leds_get_of_pdata()
Matti Vaittinen <mazziesaccount(a)gmail.com>
dt-bindings: mfd: bd71815: Fix rsense and typos
He Rongguang <herongguang(a)linux.alibaba.com>
cpupower: fix TSC MHz calculation
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
ACPI: fan: cleanup resources in the error path of .probe()
Uwe Kleine-König <u.kleine-koenig(a)baylibre.com>
hwmon: (nct6775): Actually make use of the HWMON_NCT6775 symbol namespace
Marcel Hamer <marcel.hamer(a)windriver.com>
wifi: brcmfmac: add missing header include for brcmf_dbg
Aditya Kumar Singh <quic_adisi(a)quicinc.com>
wifi: ath12k: fix read pointer after free in ath12k_mac_assign_vif_to_vdev()
Chen-Yu Tsai <wenst(a)chromium.org>
regulator: dt-bindings: mt6315: Drop regulator-compatible property
Jiri Kosina <jikos(a)kernel.org>
HID: multitouch: fix support for Goodix PID 0x01e9
Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>
wifi: rtlwifi: pci: wait for firmware loading before releasing memory
Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>
wifi: rtlwifi: fix memory leaks and invalid access at probe error path
Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>
wifi: rtlwifi: destroy workqueue at rtl_deinit_core
Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>
wifi: rtlwifi: remove unused check_buddy_priv
Geert Uytterhoeven <geert+renesas(a)glider.be>
dt-bindings: leds: class-multicolor: Fix path to color definitions
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
clk: fix an OF node reference leak in of_clk_get_parent_name()
Neil Armstrong <neil.armstrong(a)linaro.org>
dt-bindings: mmc: controller: clarify the address-cells description
David Howells <dhowells(a)redhat.com>
rxrpc: Fix handling of received connection abort
Mingwei Zheng <zmw12306(a)gmail.com>
spi: zynq-qspi: Add check for clk_enable()
Octavian Purdila <tavip(a)google.com>
net_sched: sch_sfq: don't allow 1 packet limit
Song Yoong Siang <yoong.siang.song(a)intel.com>
selftests/bpf: Actuate tx_metadata_len in xdp_hw_metadata
Zichen Xie <zichenxie0106(a)gmail.com>
wifi: cfg80211: tests: Fix potential NULL dereference in test_cfg80211_parse_colocated_ap()
Dan Carpenter <dan.carpenter(a)linaro.org>
clk: mmp: pxa1908-apbc: Fix NULL vs IS_ERR() check
Dan Carpenter <dan.carpenter(a)linaro.org>
clk: mmp: pxa1908-apbcp: Fix a NULL vs IS_ERR() check
Dan Carpenter <dan.carpenter(a)linaro.org>
clk: mmp: pxa1908-mpmu: Fix a NULL vs IS_ERR() check
Javier Carrasco <javier.carrasco.cruz(a)gmail.com>
clk: renesas: cpg-mssr: Fix 'soc' node handling in cpg_mssr_reserved_init()
Barnabás Czémán <barnabas.czeman(a)mainlining.org>
wifi: wcn36xx: fix channel survey memory allocation size
Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>
wifi: rtlwifi: usb: fix workqueue leak when probe fails
Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>
wifi: rtlwifi: fix init_sw_vars leak when probe fails
Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>
wifi: rtlwifi: wait for firmware loading before releasing memory
Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>
wifi: rtlwifi: rtl8192se: rise completion of firmware loading as last step
Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>
wifi: rtlwifi: do not complete firmware loading needlessly
Colin Ian King <colin.i.king(a)gmail.com>
wifi: rtlwifi: rtl8821ae: phy: restore removed code to fix infinite loop
Balaji Pothunoori <quic_bpothuno(a)quicinc.com>
wifi: ath11k: Fix unexpected return buffer manager error for WCN6750/WCN6855
Charles Han <hanchunchao(a)inspur.com>
ipmi: ipmb: Add check devm_kasprintf() returned value
Thomas Gleixner <tglx(a)linutronix.de>
genirq: Make handle_enforce_irqctx() unconditionally available
Jonathan Kim <jonathan.kim(a)amd.com>
drm/amdgpu: fix gpu recovery disable with per queue reset
Jiang Liu <gerry(a)linux.alibaba.com>
drm/amdgpu: tear down ttm range manager for doorbell in amdgpu_ttm_fini()
Dan Carpenter <dan.carpenter(a)linaro.org>
drm/amdgpu: Fix shift type in amdgpu_debugfs_sdma_sched_mask_set()
Hermes Wu <hermes.wu(a)ite.com.tw>
drm/bridge: it6505: Change definition of AUX_FIFO_MAX_SIZE
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
drm/msm/mdp4: correct LCDC regulator name
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
drm/msm: don't clean up priv->kms prematurely
Sui Jingfeng <sui.jingfeng(a)linux.dev>
drm/msm: Check return value of of_dma_configure()
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
drm/msm/dpu: link DSPP_2/_3 blocks on X1E80100
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
drm/msm/dpu: link DSPP_2/_3 blocks on SM8650
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
drm/msm/dpu: link DSPP_2/_3 blocks on SM8550
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
drm/msm/dpu: link DSPP_2/_3 blocks on SM8350
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
drm/msm/dpu: link DSPP_2/_3 blocks on SM8250
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
drm/msm/dpu: link DSPP_2/_3 blocks on SC8180X
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
drm/msm/dpu: link DSPP_2/_3 blocks on SM8150
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
drm/msm/dpu: provide DSPP and correct LM config for SDM670
Neil Armstrong <neil.armstrong(a)linaro.org>
OPP: fix dev_pm_opp_find_bw_*() when bandwidth table not initialized
Neil Armstrong <neil.armstrong(a)linaro.org>
OPP: add index check to assert to avoid buffer overflow in _read_freq()
Karol Przybylski <karprzy7(a)gmail.com>
drm/amdgpu: Fix potential integer overflow in scheduler mask calculations
Bokun Zhang <bokun.zhang(a)amd.com>
drm/amdgpu/vcn: reset fw_shared under SRIOV
Min-Hua Chen <minhuadotchen(a)gmail.com>
drm/rockchip: vop2: include rockchip_drm_drv.h
Andy Yan <andy.yan(a)rock-chips.com>
drm/rockchip: vop2: Add check for 32 bpp format for rk3588
Andy Yan <andy.yan(a)rock-chips.com>
drm/rockchip: vop2: Check linear format for Cluster windows on rk3566/8
Andy Yan <andy.yan(a)rock-chips.com>
drm/rockchip: vop2: Setup delay cycle for Esmart2/3
Andy Yan <andy.yan(a)rock-chips.com>
drm/rockchip: vop2: Set AXI id for rk3588
Derek Foreman <derek.foreman(a)collabora.com>
drm/connector: Allow clearing HDMI infoframes
John Ogness <john.ogness(a)linutronix.de>
printk: Defer legacy printing when holding printk_cpu_sync
Andy Yan <andy.yan(a)rock-chips.com>
drm/rockchip: vop2: Fix the windows switch between different layers
Abhinav Kumar <quic_abhinavk(a)quicinc.com>
drm/msm/dpu: check dpu_plane_atomic_print_state() for valid sspp
Abhinav Kumar <quic_abhinavk(a)quicinc.com>
drm/msm/dp: disable the opp table request even for dp_ctrl_off_link()
Abhinav Kumar <quic_abhinavk(a)quicinc.com>
drm/msm/dp: dont call dp_catalog_ctrl_mainlink_ctrl in dp_ctrl_configure_source_params()
Abhinav Kumar <quic_abhinavk(a)quicinc.com>
drm/msm/dp: do not touch the MMSS_DP_INTF_CONFIG for tpg
Boris Brezillon <boris.brezillon(a)collabora.com>
drm/panthor: Preserve the result returned by panthor_fw_resume()
Andy Yan <andy.yan(a)rock-chips.com>
drm/rockchip: vop2: Fix the mixer alpha setup for layer 0
Andy Yan <andy.yan(a)rock-chips.com>
drm/rockchip: vop2: Fix cluster windows alpha ctrl regsiters offset
Ivan Stepchenko <sid(a)itb.spb.ru>
drm/amdgpu: Fix potential NULL pointer dereference in atomctrl_get_smc_sclk_range_table
Christophe JAILLET <christophe.jaillet(a)wanadoo.fr>
drm/amd/pm: Fix an error handling path in vega10_enable_se_edc_force_stall_config()
Sui Jingfeng <sui.jingfeng(a)linux.dev>
drm/etnaviv: Fix page property being used for non writecombine buffers
Rex Nie <rex.nie(a)jaguarmicro.com>
drm/msm/hdmi: simplify code in pll_get_integloop_gain
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
dt-bindings: display/msm: qcom,sa8775p-mdss: fix the example
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
drm/msm/dp: fix msm_dp_utils_pack_sdp_header interface
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
drm/msm/dp: set safe_to_exit_level before printing it
Heiko Stuebner <heiko.stuebner(a)cherry.de>
drm/rockchip: vop2: fix rk3588 dp+dsi maxclk verification
Ville Syrjälä <ville.syrjala(a)linux.intel.com>
drm/i915: Grab intel_display from the encoder to avoid potential oopsies
Maíra Canal <mcanal(a)igalia.com>
drm/v3d: Fix performance counter source settings on V3D 7.x
Chengming Zhou <chengming.zhou(a)linux.dev>
psi: Fix race when task wakes up before psi_sched_switch() adjusts flags
K Prateek Nayak <kprateek.nayak(a)amd.com>
x86/topology: Use x86_sched_itmt_flags for PKG domain unconditionally
Tianchen Ding <dtcccc(a)linux.alibaba.com>
sched: Fix race between yield_to() and try_to_wake_up()
Peter Zijlstra <peterz(a)infradead.org>
sched/fair: Fix value reported by hot tasks pulled in /proc/schedstat
Peter Zijlstra <peterz(a)infradead.org>
sched/fair: Untangle NEXT_BUDDY and pick_next_task()
Yabin Cui <yabinc(a)google.com>
perf/core: Save raw sample data conditionally based on sample type
John Garry <john.g.garry(a)oracle.com>
block: Ensure start sector is aligned for stacking atomic writes
David Howells <dhowells(a)redhat.com>
afs: Fix the fallback handling for the YFS.RemoveFile2 RPC call
Jens Axboe <axboe(a)kernel.dk>
nvme: fix bogus kzalloc() return check in nvme_init_effects_log()
Christophe Leroy <christophe.leroy(a)csgroup.eu>
select: Fix unbalanced user_access_end()
Qu Wenruo <wqu(a)suse.com>
btrfs: subpage: fix the bitmap dump of the locked flags
Randy Dunlap <rdunlap(a)infradead.org>
partitions: ldm: remove the initial kernel-doc notation
Qu Wenruo <wqu(a)suse.com>
btrfs: improve the warning and error message for btrfs_remove_qgroup()
Keisuke Nishimura <keisuke.nishimura(a)inria.fr>
nvme: Add error path for xa_store in nvme_init_effects
Michael Ellerman <mpe(a)ellerman.id.au>
selftests/powerpc: Fix argument order to timer_sub()
Gaurav Batra <gbatra(a)linux.ibm.com>
powerpc/pseries/iommu: IOMMU incorrectly marks MMIO range in DDW
Keisuke Nishimura <keisuke.nishimura(a)inria.fr>
nvme: Add error check for xa_store in nvme_get_effects_log
Sagi Grimberg <sagi(a)grimberg.me>
nvme-tcp: Fix I/O queue cpu spreading for multiple controllers
Christoph Hellwig <hch(a)lst.de>
block: fix queue freeze vs limits lock order in sysfs store methods
Christoph Hellwig <hch(a)lst.de>
block: add a store_limit operations for sysfs entries
Christoph Hellwig <hch(a)lst.de>
block: add a queue_limits_commit_update_frozen helper
Christoph Hellwig <hch(a)lst.de>
block: don't update BLK_FEAT_POLL in __blk_mq_update_nr_hw_queues
Christoph Hellwig <hch(a)lst.de>
block: check BLK_FEAT_POLL under q_usage_count
Eugen Hristev <eugen.hristev(a)linaro.org>
pstore/blk: trivial typo fixes
Yu Kuai <yukuai3(a)huawei.com>
nbd: don't allow reconnect after disconnect
Geert Uytterhoeven <geert+renesas(a)glider.be>
ps3disk: Do not use dev->bounce_size before it is set
Yang Erkun <yangerkun(a)huawei.com>
block: retry call probe after request_module in blk_request_module
Pavel Begunkov <asml.silence(a)gmail.com>
io_uring: prevent reg-wait speculations
Christoph Hellwig <hch(a)lst.de>
block: copy back bounce buffer to user-space correctly in case of split
Jinliang Zheng <alexjlzheng(a)gmail.com>
fs: fix proc_handler for sysctl_nr_open
David Howells <dhowells(a)redhat.com>
afs: Fix cleanup of immediately failed async calls
David Howells <dhowells(a)redhat.com>
afs: Fix directory format encoding struct
David Howells <dhowells(a)redhat.com>
afs: Fix EEXIST error returned from afs_rmdir() to be ENOTEMPTY
Alexander Aring <aahringo(a)redhat.com>
dlm: fix srcu_read_lock() return type to int
Alexander Aring <aahringo(a)redhat.com>
dlm: fix removal of rsb struct that is master and dir record
Sourabh Jain <sourabhjain(a)linux.ibm.com>
powerpc/book3s64/hugetlb: Fix disabling hugetlb when fadump is active
Kees Cook <kees(a)kernel.org>
coredump: Do not lock during 'comm' reporting
-------------
Diffstat:
.../bindings/display/msm/qcom,sa8775p-mdss.yaml | 3 +-
.../bindings/leds/leds-class-multicolor.yaml | 2 +-
.../devicetree/bindings/mfd/rohm,bd71815-pmic.yaml | 20 +--
.../devicetree/bindings/mmc/mmc-controller.yaml | 2 +-
.../bindings/regulator/mt6315-regulator.yaml | 6 -
Documentation/driver-api/crypto/iaa/iaa-crypto.rst | 9 +-
Makefile | 4 +-
.../dts/aspeed/aspeed-bmc-facebook-yosemite4.dts | 24 ++-
.../boot/dts/intel/socfpga/socfpga_arria10.dtsi | 6 +-
arch/arm/boot/dts/mediatek/mt7623.dtsi | 2 +-
.../boot/dts/microchip/at91-sama5d27_wlsom1_ek.dts | 1 +
.../boot/dts/microchip/at91-sama5d29_curiosity.dts | 1 +
arch/arm/boot/dts/nxp/imx/imx7-tqma7.dtsi | 1 +
arch/arm/boot/dts/st/stm32mp13xx-dhcor-som.dtsi | 16 +-
arch/arm/boot/dts/st/stm32mp151.dtsi | 2 +-
arch/arm/boot/dts/st/stm32mp15xx-dhcom-drc02.dtsi | 12 --
arch/arm/boot/dts/st/stm32mp15xx-dhcom-pdk2.dtsi | 10 --
.../arm/boot/dts/st/stm32mp15xx-dhcom-picoitx.dtsi | 10 --
arch/arm/boot/dts/st/stm32mp15xx-dhcom-som.dtsi | 7 +
arch/arm/mach-at91/pm.c | 31 ++--
arch/arm/mach-omap1/board-nokia770.c | 2 +-
arch/arm64/boot/dts/freescale/imx93.dtsi | 2 +-
arch/arm64/boot/dts/marvell/cn9131-cf-solidwan.dts | 4 +-
arch/arm64/boot/dts/mediatek/mt7988a.dtsi | 3 +
arch/arm64/boot/dts/mediatek/mt8173-elm.dtsi | 29 +---
arch/arm64/boot/dts/mediatek/mt8173-evb.dts | 25 +--
.../dts/mediatek/mt8183-kukui-jacuzzi-damu.dts | 4 +
.../dts/mediatek/mt8183-kukui-jacuzzi-kenzo.dts | 15 ++
.../dts/mediatek/mt8183-kukui-jacuzzi-willow.dtsi | 15 ++
.../boot/dts/mediatek/mt8183-kukui-jacuzzi.dtsi | 2 -
arch/arm64/boot/dts/mediatek/mt8183.dtsi | 3 +-
arch/arm64/boot/dts/mediatek/mt8186.dtsi | 8 +-
arch/arm64/boot/dts/mediatek/mt8188.dtsi | 2 +-
arch/arm64/boot/dts/mediatek/mt8192-asurada.dtsi | 3 -
arch/arm64/boot/dts/mediatek/mt8195-cherry.dtsi | 2 -
arch/arm64/boot/dts/mediatek/mt8195-demo.dts | 9 --
arch/arm64/boot/dts/mediatek/mt8195.dtsi | 5 +-
arch/arm64/boot/dts/mediatek/mt8365.dtsi | 3 +-
.../boot/dts/mediatek/mt8395-genio-1200-evk.dts | 2 -
.../boot/dts/mediatek/mt8395-radxa-nio-12l.dts | 2 -
arch/arm64/boot/dts/mediatek/mt8516.dtsi | 11 +-
arch/arm64/boot/dts/mediatek/pumpkin-common.dtsi | 2 -
arch/arm64/boot/dts/nvidia/tegra234.dtsi | 2 +-
arch/arm64/boot/dts/qcom/msm8916.dtsi | 2 +-
arch/arm64/boot/dts/qcom/msm8939.dtsi | 2 +-
arch/arm64/boot/dts/qcom/msm8994.dtsi | 11 +-
arch/arm64/boot/dts/qcom/msm8996-xiaomi-gemini.dts | 2 +-
arch/arm64/boot/dts/qcom/msm8996.dtsi | 9 +-
arch/arm64/boot/dts/qcom/qcm6490-shift-otter.dts | 2 -
arch/arm64/boot/dts/qcom/qcs404.dtsi | 2 +-
arch/arm64/boot/dts/qcom/qcs8550-aim300.dtsi | 2 +-
arch/arm64/boot/dts/qcom/qdu1000-idp.dts | 2 +-
arch/arm64/boot/dts/qcom/qrb4210-rb2.dts | 2 +-
arch/arm64/boot/dts/qcom/qru1000-idp.dts | 2 +-
arch/arm64/boot/dts/qcom/sa8775p-ride.dtsi | 2 +-
arch/arm64/boot/dts/qcom/sa8775p.dtsi | 32 +++-
.../arm64/boot/dts/qcom/sc7180-trogdor-pompom.dtsi | 4 +-
.../dts/qcom/sc7180-trogdor-quackingstick.dtsi | 1 +
arch/arm64/boot/dts/qcom/sc7180.dtsi | 18 +--
arch/arm64/boot/dts/qcom/sc7280.dtsi | 2 +-
arch/arm64/boot/dts/qcom/sc8280xp.dtsi | 46 +++---
.../qcom/sdm845-db845c-navigation-mezzanine.dtso | 42 -----
arch/arm64/boot/dts/qcom/sdm845.dtsi | 20 +--
arch/arm64/boot/dts/qcom/sdx75.dtsi | 2 +-
arch/arm64/boot/dts/qcom/sm4450.dtsi | 2 +-
arch/arm64/boot/dts/qcom/sm6125.dtsi | 2 +-
arch/arm64/boot/dts/qcom/sm6375.dtsi | 2 +-
arch/arm64/boot/dts/qcom/sm7225-fairphone-fp4.dts | 2 +-
.../boot/dts/qcom/sm8150-microsoft-surface-duo.dts | 4 +-
arch/arm64/boot/dts/qcom/sm8250.dtsi | 30 ++--
arch/arm64/boot/dts/qcom/sm8350.dtsi | 2 +-
arch/arm64/boot/dts/qcom/sm8450.dtsi | 2 +-
arch/arm64/boot/dts/qcom/sm8550-hdk.dts | 2 +-
arch/arm64/boot/dts/qcom/sm8550-mtp.dts | 2 +-
arch/arm64/boot/dts/qcom/sm8550-qrd.dts | 2 +-
arch/arm64/boot/dts/qcom/sm8550-samsung-q5q.dts | 2 +-
.../dts/qcom/sm8550-sony-xperia-yodo-pdx234.dts | 2 +-
arch/arm64/boot/dts/qcom/sm8650-hdk.dts | 2 +-
arch/arm64/boot/dts/qcom/sm8650-mtp.dts | 2 +-
arch/arm64/boot/dts/qcom/sm8650-qrd.dts | 2 +-
arch/arm64/boot/dts/qcom/sm8650.dtsi | 6 +-
.../boot/dts/qcom/x1e80100-microsoft-romulus.dtsi | 4 +-
arch/arm64/boot/dts/qcom/x1e80100.dtsi | 2 +-
arch/arm64/boot/dts/renesas/rzg3s-smarc-som.dtsi | 5 -
arch/arm64/boot/dts/renesas/rzg3s-smarc.dtsi | 7 +-
arch/arm64/boot/dts/rockchip/rk3308-rock-s0.dts | 25 ++-
.../boot/dts/rockchip/rk3568-wolfvision-pf5.dts | 2 +-
.../boot/dts/rockchip/rk3588-edgeble-neu6a-io.dtsi | 95 +++++++----
arch/arm64/boot/dts/ti/Makefile | 6 +-
arch/arm64/boot/dts/ti/k3-am62-main.dtsi | 1 -
arch/arm64/boot/dts/ti/k3-am62a-main.dtsi | 1 -
...-pcie.dtso => k3-am642-hummingboard-t-pcie.dts} | 14 +-
...-usb3.dtso => k3-am642-hummingboard-t-usb3.dts} | 13 +-
arch/arm64/configs/defconfig | 1 -
arch/hexagon/include/asm/cmpxchg.h | 2 +-
arch/hexagon/kernel/traps.c | 4 +-
arch/loongarch/include/asm/hw_breakpoint.h | 4 +-
arch/loongarch/include/asm/loongarch.h | 60 +++++++
arch/loongarch/kernel/hw_breakpoint.c | 16 +-
arch/loongarch/power/platform.c | 2 +-
arch/powerpc/include/asm/hugetlb.h | 9 ++
arch/powerpc/kernel/iommu.c | 2 +-
arch/powerpc/platforms/pseries/iommu.c | 12 +-
arch/riscv/kernel/vector.c | 2 +-
arch/s390/Kconfig | 1 +
arch/s390/Makefile | 2 +-
arch/s390/boot/vmem.c | 74 ++++++---
arch/s390/include/asm/sclp.h | 1 +
arch/s390/kernel/perf_cpum_cf.c | 2 +-
arch/s390/kernel/perf_pai_crypto.c | 2 +-
arch/s390/kernel/perf_pai_ext.c | 2 +-
arch/s390/kernel/setup.c | 5 +
arch/s390/purgatory/Makefile | 2 +-
arch/x86/events/amd/ibs.c | 2 +-
arch/x86/include/asm/kvm_host.h | 2 +-
arch/x86/kernel/smpboot.c | 11 +-
arch/x86/kvm/lapic.c | 11 +-
arch/x86/kvm/vmx/vmx.c | 2 +-
arch/x86/kvm/vmx/x86_ops.h | 2 +-
block/bio-integrity.c | 15 +-
block/blk-core.c | 21 +--
block/blk-integrity.c | 4 +-
block/blk-mq.c | 34 ++--
block/blk-mq.h | 6 +
block/blk-settings.c | 31 +++-
block/blk-sysfs.c | 137 ++++++++--------
block/blk-zoned.c | 7 +-
block/genhd.c | 22 ++-
block/partitions/ldm.h | 2 +-
crypto/algapi.c | 4 +-
drivers/acpi/acpica/achware.h | 2 -
drivers/acpi/fan_core.c | 10 +-
drivers/base/class.c | 9 +-
drivers/block/nbd.c | 1 +
drivers/block/ps3disk.c | 4 +-
drivers/block/virtio_blk.c | 4 +-
drivers/bluetooth/btbcm.c | 3 +
drivers/bluetooth/btnxpuart.c | 3 +-
drivers/bluetooth/btrtl.c | 4 +-
drivers/bluetooth/btusb.c | 7 +
drivers/char/ipmi/ipmb_dev_int.c | 3 +
drivers/char/ipmi/ssif_bmc.c | 5 +-
drivers/clk/analogbits/wrpll-cln28hpc.c | 2 +-
drivers/clk/clk.c | 4 +-
drivers/clk/imx/clk-imx8mp.c | 5 +-
drivers/clk/imx/clk-imx93.c | 32 ++--
drivers/clk/mmp/clk-pxa1908-apbc.c | 4 +-
drivers/clk/mmp/clk-pxa1908-apbcp.c | 4 +-
drivers/clk/mmp/clk-pxa1908-mpmu.c | 4 +-
drivers/clk/qcom/camcc-x1e80100.c | 7 +
drivers/clk/qcom/gcc-sdm845.c | 32 ++--
drivers/clk/qcom/gcc-x1e80100.c | 2 +-
drivers/clk/ralink/clk-mtmips.c | 1 -
drivers/clk/renesas/renesas-cpg-mssr.c | 2 +-
drivers/clk/sunxi-ng/ccu-sun50i-a64.c | 13 +-
drivers/clk/thead/clk-th1520-ap.c | 13 +-
drivers/cpufreq/acpi-cpufreq.c | 36 +++--
drivers/cpufreq/amd-pstate.c | 2 +-
drivers/cpufreq/qcom-cpufreq-hw.c | 34 ++--
drivers/crypto/caam/blob_gen.c | 3 +-
drivers/crypto/hisilicon/sec2/sec.h | 3 +-
drivers/crypto/hisilicon/sec2/sec_crypto.c | 157 +++++++++---------
drivers/crypto/hisilicon/sec2/sec_crypto.h | 11 --
drivers/crypto/intel/iaa/iaa_crypto_main.c | 2 +-
drivers/crypto/intel/ixp4xx/ixp4xx_crypto.c | 3 +
drivers/crypto/tegra/tegra-se-aes.c | 7 +-
drivers/crypto/tegra/tegra-se-hash.c | 7 +-
drivers/dma/ti/edma.c | 3 +-
drivers/firewire/device-attribute-test.c | 2 +
drivers/firmware/efi/sysfb_efi.c | 2 +-
drivers/firmware/qcom/qcom_scm.c | 42 +++--
drivers/gpio/gpio-mxc.c | 3 +-
drivers/gpio/gpio-pca953x.c | 3 +-
drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gfx_v9.c | 6 +
drivers/gpu/drm/amd/amdgpu/amdgpu_gfx.c | 8 +-
drivers/gpu/drm/amd/amdgpu/amdgpu_sdma.c | 4 +-
drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 1 +
drivers/gpu/drm/amd/amdgpu/vcn_v4_0_3.c | 2 +
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 12 +-
.../gpu/drm/amd/display/dc/dpp/dcn10/dcn10_dpp.c | 3 +
.../gpu/drm/amd/display/dc/hubp/dcn10/dcn10_hubp.c | 10 +-
.../gpu/drm/amd/display/dc/hubp/dcn10/dcn10_hubp.h | 2 +
.../gpu/drm/amd/display/dc/hubp/dcn20/dcn20_hubp.c | 1 +
.../drm/amd/display/dc/hubp/dcn201/dcn201_hubp.c | 1 +
.../gpu/drm/amd/display/dc/hubp/dcn21/dcn21_hubp.c | 3 +
.../gpu/drm/amd/display/dc/hubp/dcn30/dcn30_hubp.c | 3 +
.../gpu/drm/amd/display/dc/hubp/dcn31/dcn31_hubp.c | 1 +
.../gpu/drm/amd/display/dc/hubp/dcn32/dcn32_hubp.c | 1 +
.../gpu/drm/amd/display/dc/hubp/dcn35/dcn35_hubp.c | 1 +
.../drm/amd/display/dc/hubp/dcn401/dcn401_hubp.c | 3 +-
.../drm/amd/display/dc/hwss/dcn10/dcn10_hwseq.c | 2 +
.../drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c | 2 +
drivers/gpu/drm/amd/display/dc/inc/hw/hubp.h | 2 +
.../gpu/drm/amd/pm/powerplay/hwmgr/ppatomctrl.c | 2 +
.../drm/amd/pm/powerplay/hwmgr/vega10_powertune.c | 5 +-
drivers/gpu/drm/bridge/ite-it6505.c | 2 +-
drivers/gpu/drm/display/drm_hdmi_state_helper.c | 8 +
drivers/gpu/drm/etnaviv/etnaviv_gem.c | 16 +-
drivers/gpu/drm/i915/display/intel_crt.c | 10 +-
drivers/gpu/drm/msm/adreno/a6xx_gmu.c | 8 +-
.../drm/msm/disp/dpu1/catalog/dpu_10_0_sm8650.h | 2 +
.../gpu/drm/msm/disp/dpu1/catalog/dpu_4_1_sdm670.h | 54 ++++++-
.../gpu/drm/msm/disp/dpu1/catalog/dpu_5_0_sm8150.h | 2 +
.../drm/msm/disp/dpu1/catalog/dpu_5_1_sc8180x.h | 2 +
.../gpu/drm/msm/disp/dpu1/catalog/dpu_6_0_sm8250.h | 2 +
.../gpu/drm/msm/disp/dpu1/catalog/dpu_7_0_sm8350.h | 2 +
.../gpu/drm/msm/disp/dpu1/catalog/dpu_9_0_sm8550.h | 2 +
.../drm/msm/disp/dpu1/catalog/dpu_9_2_x1e80100.h | 2 +
drivers/gpu/drm/msm/disp/dpu1/dpu_plane.c | 15 +-
drivers/gpu/drm/msm/disp/mdp4/mdp4_lcdc_encoder.c | 2 +-
drivers/gpu/drm/msm/dp/dp_audio.c | 2 +-
drivers/gpu/drm/msm/dp/dp_catalog.c | 1 -
drivers/gpu/drm/msm/dp/dp_ctrl.c | 2 +-
drivers/gpu/drm/msm/dp/dp_utils.c | 10 +-
drivers/gpu/drm/msm/dp/dp_utils.h | 2 +-
drivers/gpu/drm/msm/hdmi/hdmi_phy_8998.c | 2 +-
drivers/gpu/drm/msm/msm_kms.c | 1 -
drivers/gpu/drm/panthor/panthor_device.c | 4 +-
drivers/gpu/drm/rockchip/rockchip_drm_vop2.c | 115 ++++++++++---
drivers/gpu/drm/rockchip/rockchip_drm_vop2.h | 10 ++
drivers/gpu/drm/rockchip/rockchip_vop2_reg.c | 26 ++-
drivers/gpu/drm/v3d/v3d_debugfs.c | 4 +-
drivers/gpu/drm/v3d/v3d_perfmon.c | 15 +-
drivers/gpu/drm/v3d/v3d_regs.h | 29 ++--
drivers/hid/hid-core.c | 2 +
drivers/hid/hid-input.c | 37 ++---
drivers/hid/hid-multitouch.c | 2 +-
drivers/hid/hid-thrustmaster.c | 8 +
drivers/hwmon/Kconfig | 4 +-
drivers/hwmon/nct6775-core.c | 6 +-
drivers/i2c/busses/i2c-designware-common.c | 5 +-
drivers/i2c/busses/i2c-designware-master.c | 5 +-
drivers/i2c/busses/i2c-designware-slave.c | 5 +-
drivers/i3c/master/dw-i3c-master.c | 1 +
drivers/infiniband/hw/Makefile | 2 +-
drivers/infiniband/hw/bnxt_re/ib_verbs.c | 7 +-
drivers/infiniband/hw/cxgb4/device.c | 6 +-
drivers/infiniband/hw/cxgb4/qp.c | 8 +
drivers/infiniband/hw/hns/Kconfig | 20 +--
drivers/infiniband/hw/hns/Makefile | 9 +-
drivers/infiniband/hw/mlx4/main.c | 8 +-
drivers/infiniband/hw/mlx5/odp.c | 62 +++++---
drivers/infiniband/sw/rxe/rxe_param.h | 2 +-
drivers/infiniband/sw/rxe/rxe_pool.c | 11 +-
drivers/infiniband/sw/rxe/rxe_verbs.c | 5 +-
drivers/infiniband/ulp/rtrs/rtrs.c | 3 +
drivers/infiniband/ulp/srp/ib_srp.c | 1 -
drivers/iommu/amd/amd_iommu.h | 5 +-
drivers/iommu/amd/init.c | 14 +-
drivers/iommu/amd/iommu.c | 132 +++++----------
drivers/iommu/amd/pasid.c | 3 +-
drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 17 +-
drivers/iommu/intel/pasid.c | 22 ++-
drivers/iommu/intel/pasid.h | 6 +
drivers/iommu/iommufd/iova_bitmap.c | 2 +-
drivers/iommu/iommufd/main.c | 2 +-
drivers/iommu/riscv/iommu.c | 2 +-
drivers/leds/leds-cht-wcove.c | 6 +-
drivers/leds/leds-netxbig.c | 1 +
drivers/mailbox/mailbox-mpfs.c | 2 +-
drivers/mailbox/mailbox-th1520.c | 6 +-
drivers/md/md-bitmap.c | 79 +++++----
drivers/md/md-bitmap.h | 7 +-
drivers/md/md.c | 34 ++++
drivers/md/md.h | 5 +
drivers/md/raid1.c | 34 +---
drivers/md/raid1.h | 1 -
drivers/md/raid10.c | 26 +--
drivers/md/raid10.h | 1 -
drivers/md/raid5-cache.c | 4 -
drivers/md/raid5.c | 111 ++++++-------
drivers/md/raid5.h | 4 -
drivers/media/i2c/imx290.c | 3 +-
drivers/media/i2c/imx412.c | 42 ++---
drivers/media/i2c/ov9282.c | 2 +-
drivers/media/platform/marvell/mcam-core.c | 7 +-
drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c | 7 +-
.../media/platform/nxp/imx8-isi/imx8-isi-video.c | 3 +
.../media/platform/samsung/exynos4-is/mipi-csis.c | 10 +-
.../media/platform/samsung/s3c-camif/camif-core.c | 13 +-
drivers/media/rc/iguanair.c | 4 +-
drivers/media/usb/dvb-usb-v2/af9035.c | 18 ++-
drivers/media/usb/dvb-usb-v2/lmedm04.c | 12 +-
drivers/media/usb/uvc/uvc_queue.c | 3 +-
drivers/media/usb/uvc/uvc_status.c | 4 +
drivers/memory/tegra/tegra20-emc.c | 8 +-
drivers/mfd/syscon.c | 19 +--
drivers/misc/cardreader/rtsx_usb.c | 15 ++
drivers/mtd/hyperbus/hbmc-am654.c | 19 ++-
drivers/mtd/nand/raw/brcmnand/brcmnand.c | 5 +
drivers/mtd/ubi/ubi.h | 2 -
drivers/mtd/ubi/wl.c | 21 ---
drivers/net/bonding/bond_main.c | 19 +--
drivers/net/ethernet/broadcom/bgmac.h | 3 +-
drivers/net/ethernet/davicom/dm9000.c | 3 +-
drivers/net/ethernet/freescale/fec_main.c | 31 +++-
drivers/net/ethernet/hisilicon/hns3/hnae3.c | 15 ++
drivers/net/ethernet/hisilicon/hns3/hnae3.h | 2 +
drivers/net/ethernet/hisilicon/hns3/hns3_enet.c | 2 +
.../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 2 +
.../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 2 +
drivers/net/ethernet/intel/iavf/iavf_main.c | 19 ++-
drivers/net/ethernet/intel/ice/ice_adminq_cmd.h | 1 -
drivers/net/ethernet/intel/ice/ice_ethtool.c | 1 -
drivers/net/ethernet/intel/ice/ice_ethtool.h | 1 -
drivers/net/ethernet/intel/ice/ice_parser.h | 6 +-
drivers/net/ethernet/intel/ice/ice_parser_rt.c | 12 +-
drivers/net/ethernet/intel/idpf/idpf_controlq.c | 6 +
drivers/net/ethernet/intel/idpf/idpf_main.c | 15 +-
drivers/net/ethernet/intel/idpf/idpf_virtchnl.c | 14 +-
.../net/ethernet/marvell/octeon_ep/octep_main.c | 10 --
.../ethernet/marvell/octeon_ep_vf/octep_vf_main.c | 8 -
drivers/net/ethernet/mediatek/airoha_eth.c | 37 +++--
drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 2 +-
.../mellanox/mlx5/core/steering/hws/definer.c | 2 +-
drivers/net/ethernet/mellanox/mlxfw/mlxfw_fsm.c | 2 -
drivers/net/ethernet/mellanox/mlxsw/spectrum_mr.c | 8 +-
drivers/net/ethernet/renesas/ravb_main.c | 22 ++-
drivers/net/ethernet/renesas/sh_eth.c | 4 +
drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 30 ++++
drivers/net/ethernet/ti/am65-cpsw-nuss.c | 2 +-
drivers/net/netdevsim/netdevsim.h | 1 +
drivers/net/netdevsim/udp_tunnels.c | 23 +--
drivers/net/phy/marvell-88q2xxx.c | 33 +++-
drivers/net/phy/realtek.c | 29 ++--
drivers/net/tap.c | 6 +-
drivers/net/team/team_core.c | 7 +
drivers/net/tun.c | 6 +-
drivers/net/usb/rtl8150.c | 22 +++
drivers/net/vxlan/vxlan_vnifilter.c | 5 +
drivers/net/wireless/ath/ath11k/dp_rx.c | 1 +
drivers/net/wireless/ath/ath11k/hal_rx.c | 3 +-
drivers/net/wireless/ath/ath12k/mac.c | 42 ++---
drivers/net/wireless/ath/wcn36xx/main.c | 5 +-
.../wireless/broadcom/brcm80211/brcmfmac/fwil.h | 2 +
drivers/net/wireless/intel/iwlwifi/fw/uefi.c | 44 +++--
drivers/net/wireless/intel/iwlwifi/mvm/coex.c | 9 +-
drivers/net/wireless/intel/iwlwifi/mvm/d3.c | 18 ---
drivers/net/wireless/intel/iwlwifi/mvm/tx.c | 4 +-
drivers/net/wireless/mediatek/mt76/mac80211.c | 2 +-
drivers/net/wireless/mediatek/mt76/mt7615/mcu.c | 2 +-
.../net/wireless/mediatek/mt76/mt76_connac_mcu.c | 2 +-
.../net/wireless/mediatek/mt76/mt76_connac_mcu.h | 1 +
drivers/net/wireless/mediatek/mt76/mt7915/init.c | 2 +-
drivers/net/wireless/mediatek/mt76/mt7915/mac.c | 7 +
drivers/net/wireless/mediatek/mt76/mt7915/main.c | 9 +-
drivers/net/wireless/mediatek/mt76/mt7915/mmio.c | 2 +-
drivers/net/wireless/mediatek/mt76/mt7915/mt7915.h | 1 +
drivers/net/wireless/mediatek/mt76/mt7915/pci.c | 1 +
drivers/net/wireless/mediatek/mt76/mt7921/mac.c | 1 +
drivers/net/wireless/mediatek/mt76/mt7921/main.c | 9 +-
drivers/net/wireless/mediatek/mt76/mt7925/mac.c | 6 +-
drivers/net/wireless/mediatek/mt76/mt7925/main.c | 109 +++++++++----
drivers/net/wireless/mediatek/mt76/mt7925/mcu.c | 142 +++++++++++------
drivers/net/wireless/mediatek/mt76/mt7925/mcu.h | 5 +-
drivers/net/wireless/mediatek/mt76/mt7925/mt7925.h | 2 +
drivers/net/wireless/mediatek/mt76/mt792x.h | 7 +-
drivers/net/wireless/mediatek/mt76/mt792x_core.c | 3 +-
drivers/net/wireless/mediatek/mt76/mt792x_mac.c | 2 +-
drivers/net/wireless/mediatek/mt76/mt7996/init.c | 20 +--
drivers/net/wireless/mediatek/mt76/mt7996/mac.c | 5 +-
drivers/net/wireless/mediatek/mt76/mt7996/main.c | 3 +-
drivers/net/wireless/mediatek/mt76/mt7996/mcu.c | 47 ++++--
drivers/net/wireless/mediatek/mt76/mt7996/mmio.c | 2 +-
drivers/net/wireless/mediatek/mt76/usb.c | 4 +-
drivers/net/wireless/microchip/wilc1000/netdev.c | 2 -
drivers/net/wireless/microchip/wilc1000/sdio.c | 9 +-
drivers/net/wireless/microchip/wilc1000/spi.c | 9 +-
drivers/net/wireless/realtek/rtlwifi/base.c | 13 +-
drivers/net/wireless/realtek/rtlwifi/base.h | 1 -
drivers/net/wireless/realtek/rtlwifi/pci.c | 61 ++-----
.../net/wireless/realtek/rtlwifi/rtl8192se/sw.c | 7 +-
.../net/wireless/realtek/rtlwifi/rtl8821ae/phy.c | 4 +-
drivers/net/wireless/realtek/rtlwifi/usb.c | 12 +-
drivers/net/wireless/realtek/rtlwifi/wifi.h | 12 --
drivers/net/wireless/realtek/rtw89/chan.c | 31 +++-
drivers/net/wireless/realtek/rtw89/chan.h | 9 +-
drivers/net/wireless/realtek/rtw89/core.c | 11 +-
drivers/net/wireless/realtek/rtw89/core.h | 3 +
drivers/net/wireless/realtek/rtw89/fw.c | 40 ++++-
drivers/net/wireless/realtek/rtw89/mac80211.c | 12 +-
drivers/net/wireless/ti/wlcore/main.c | 10 +-
drivers/nvme/host/core.c | 34 +++-
drivers/nvme/host/tcp.c | 70 ++++++--
drivers/of/fdt.c | 10 +-
drivers/of/of_reserved_mem.c | 3 +-
drivers/of/property.c | 2 +-
drivers/opp/core.c | 57 +++++--
drivers/opp/of.c | 4 +-
drivers/pci/controller/dwc/pci-imx6.c | 30 ++--
drivers/pci/controller/dwc/pcie-designware-host.c | 1 +
drivers/pci/controller/dwc/pcie-qcom.c | 2 +
drivers/pci/controller/pcie-rcar-ep.c | 2 +-
drivers/pci/controller/pcie-rockchip-ep.c | 5 +
drivers/pci/controller/plda/pcie-microchip-host.c | 96 +++++++++++
drivers/pci/controller/plda/pcie-plda-host.c | 17 +-
drivers/pci/controller/plda/pcie-plda.h | 6 +-
drivers/pci/endpoint/functions/pci-epf-test.c | 6 +-
drivers/pci/endpoint/pci-epc-core.c | 2 +-
drivers/pinctrl/nomadik/pinctrl-nomadik.c | 35 +++-
drivers/pinctrl/pinctrl-amd.c | 27 +++-
drivers/pinctrl/pinctrl-amd.h | 7 +-
drivers/pinctrl/samsung/pinctrl-exynos.c | 3 +-
drivers/pinctrl/stm32/pinctrl-stm32.c | 76 ++++-----
drivers/platform/mellanox/mlxbf-pmc.c | 6 +-
drivers/platform/x86/x86-android-tablets/core.c | 4 +-
drivers/platform/x86/x86-android-tablets/lenovo.c | 4 +-
drivers/platform/x86/x86-android-tablets/other.c | 4 +-
drivers/pps/clients/pps-gpio.c | 4 +-
drivers/pps/clients/pps-ktimer.c | 4 +-
drivers/pps/clients/pps-ldisc.c | 6 +-
drivers/pps/clients/pps_parport.c | 4 +-
drivers/pps/kapi.c | 10 +-
drivers/pps/kc.c | 10 +-
drivers/pps/pps.c | 127 ++++++++-------
drivers/ptp/ptp_chardev.c | 4 +
drivers/ptp/ptp_ocp.c | 2 +-
drivers/pwm/core.c | 13 +-
drivers/pwm/pwm-stm32-lp.c | 8 +-
drivers/pwm/pwm-stm32.c | 7 +-
drivers/regulator/core.c | 2 +-
drivers/regulator/of_regulator.c | 14 +-
drivers/remoteproc/mtk_scp.c | 12 +-
drivers/remoteproc/remoteproc_core.c | 14 +-
drivers/rtc/rtc-loongson.c | 13 +-
drivers/rtc/rtc-pcf85063.c | 11 +-
drivers/rtc/rtc-tps6594.c | 2 +-
drivers/s390/char/sclp.c | 12 +-
drivers/scsi/mpi3mr/mpi3mr_app.c | 8 +-
drivers/scsi/mpt3sas/mpt3sas_base.c | 3 +-
drivers/scsi/sd.c | 17 +-
drivers/scsi/sr.c | 5 +-
drivers/soc/atmel/soc.c | 2 +-
drivers/spi/spi-omap2-mcspi.c | 11 +-
drivers/spi/spi-zynq-qspi.c | 13 +-
drivers/staging/media/imx/imx-media-of.c | 8 +-
drivers/staging/media/max96712/max96712.c | 4 +-
drivers/tty/mips_ejtag_fdc.c | 4 +-
drivers/tty/serial/8250/8250_port.c | 32 +++-
drivers/ufs/core/ufs_bsg.c | 1 +
drivers/usb/dwc3/core.c | 35 ++--
drivers/usb/dwc3/dwc3-am62.c | 1 +
drivers/usb/gadget/function/f_tcm.c | 14 +-
drivers/usb/host/xhci-ring.c | 3 +-
drivers/usb/typec/tcpm/tcpci.c | 13 +-
drivers/usb/typec/tcpm/tcpm.c | 10 +-
drivers/video/fbdev/omap2/omapfb/dss/dss-of.c | 1 +
drivers/watchdog/rti_wdt.c | 1 +
fs/afs/dir.c | 7 +-
fs/afs/internal.h | 9 ++
fs/afs/rxrpc.c | 12 +-
fs/afs/xdr_fs.h | 2 +-
fs/afs/yfsclient.c | 5 +-
fs/btrfs/inode.c | 160 ++++++++++++++-----
fs/btrfs/qgroup.c | 21 ++-
fs/btrfs/subpage.c | 6 +-
fs/btrfs/subpage.h | 13 ++
fs/btrfs/super.c | 2 +-
fs/dlm/lock.c | 46 ++++--
fs/dlm/lowcomms.c | 3 +-
fs/erofs/zdata.c | 3 +-
fs/f2fs/dir.c | 53 ++++--
fs/f2fs/f2fs.h | 6 +-
fs/f2fs/inline.c | 5 +-
fs/file_table.c | 2 +-
fs/hostfs/hostfs_kern.c | 27 +---
fs/nfs/localio.c | 4 +-
fs/nfs/nfs42proc.c | 2 +-
fs/nfs/nfs42xdr.c | 2 +
fs/nfs_common/common.c | 89 +++++++++--
fs/nilfs2/dir.c | 13 +-
fs/nilfs2/namei.c | 29 ++--
fs/nilfs2/nilfs.h | 4 +-
fs/nilfs2/page.c | 31 +++-
fs/nilfs2/segment.c | 4 +-
fs/ocfs2/quota_global.c | 5 +
fs/pstore/blk.c | 4 +-
fs/select.c | 4 +-
fs/smb/client/cifsacl.c | 25 +--
fs/smb/client/cifsproto.h | 2 +-
fs/smb/client/cifssmb.c | 4 +-
fs/smb/client/readdir.c | 2 +-
fs/smb/client/reparse.c | 22 ++-
fs/smb/client/smb2ops.c | 3 +-
fs/ubifs/debug.c | 22 +--
fs/xfs/xfs_buf.c | 3 +-
fs/xfs/xfs_buf_item_recover.c | 11 +-
fs/xfs/xfs_dquot.c | 12 +-
fs/xfs/xfs_notify_failure.c | 121 +++++++++-----
fs/xfs/xfs_qm_bhv.c | 27 ++--
include/acpi/acpixf.h | 1 +
include/dt-bindings/clock/imx93-clock.h | 1 +
include/linux/alloc_tag.h | 11 +-
include/linux/blkdev.h | 23 +--
include/linux/btf.h | 5 +
include/linux/coredump.h | 4 +-
include/linux/hid.h | 1 +
include/linux/ieee80211.h | 11 +-
include/linux/kallsyms.h | 2 +-
include/linux/mroute_base.h | 6 +-
include/linux/netdevice.h | 2 +-
include/linux/nfs_common.h | 3 +-
include/linux/perf_event.h | 6 +
include/linux/pps_kernel.h | 3 +-
include/linux/ptr_ring.h | 21 ++-
include/linux/pwm.h | 17 ++
include/linux/sched.h | 1 +
include/linux/skb_array.h | 17 +-
include/linux/usb/tcpm.h | 3 +-
include/net/ax25.h | 10 +-
include/net/inetpeer.h | 12 +-
include/net/netfilter/nf_tables.h | 6 +
include/net/page_pool/types.h | 1 -
include/net/pkt_cls.h | 13 +-
include/net/sch_generic.h | 5 +-
include/net/xfrm.h | 16 +-
include/sound/hdaudio_ext.h | 45 ------
include/trace/events/afs.h | 2 +
include/trace/events/rxrpc.h | 25 +++
io_uring/io_uring.c | 1 +
io_uring/msg_ring.c | 4 +-
io_uring/register.c | 2 +-
io_uring/uring_cmd.c | 2 +-
kernel/bpf/arena.c | 8 +-
kernel/bpf/bpf_local_storage.c | 8 +-
kernel/bpf/bpf_struct_ops.c | 21 +++
kernel/bpf/btf.c | 5 -
kernel/bpf/helpers.c | 18 ++-
kernel/events/core.c | 35 ++--
kernel/events/uprobes.c | 4 +
kernel/fork.c | 17 +-
kernel/irq/internals.h | 9 +-
kernel/module/main.c | 7 +-
kernel/padata.c | 45 ++++--
kernel/power/hibernate.c | 7 +-
kernel/printk/internal.h | 6 +
kernel/printk/printk.c | 5 +
kernel/printk/printk_safe.c | 7 +-
kernel/sched/core.c | 6 +-
kernel/sched/cpufreq_schedutil.c | 4 +-
kernel/sched/ext.c | 114 +++++++++----
kernel/sched/fair.c | 21 ++-
kernel/sched/features.h | 9 ++
kernel/sched/stats.h | 4 +
kernel/sched/syscalls.c | 2 +-
kernel/trace/bpf_trace.c | 13 +-
lib/alloc_tag.c | 2 +
lib/rhashtable.c | 12 +-
mm/memcontrol.c | 7 +-
mm/oom_kill.c | 8 +-
net/ax25/af_ax25.c | 12 +-
net/ax25/ax25_dev.c | 4 +-
net/ax25/ax25_ip.c | 3 +-
net/ax25/ax25_out.c | 22 ++-
net/ax25/ax25_route.c | 2 +
net/core/dev.c | 23 ++-
net/core/filter.c | 2 +-
net/core/page_pool.c | 2 +
net/core/page_pool_priv.h | 2 +
net/core/page_pool_user.c | 15 +-
net/core/sysctl_net_core.c | 5 +-
net/ethtool/ioctl.c | 2 +-
net/ethtool/netlink.c | 2 +-
net/hsr/hsr_forward.c | 7 +-
net/ipv4/icmp.c | 9 +-
net/ipv4/inetpeer.c | 31 +---
net/ipv4/ip_fragment.c | 15 +-
net/ipv4/ipmr.c | 28 ++--
net/ipv4/ipmr_base.c | 9 +-
net/ipv4/route.c | 17 +-
net/ipv4/tcp_cubic.c | 8 +-
net/ipv4/tcp_output.c | 9 +-
net/ipv4/udp.c | 56 +++++++
net/ipv6/icmp.c | 6 +-
net/ipv6/ip6_output.c | 6 +-
net/ipv6/ip6mr.c | 28 ++--
net/ipv6/ndisc.c | 8 +-
net/ipv6/udp.c | 50 ++++++
net/mac80211/debugfs_netdev.c | 2 +-
net/mac80211/driver-ops.h | 3 +
net/mac80211/rx.c | 1 +
net/mptcp/ctrl.c | 4 +-
net/mptcp/options.c | 13 +-
net/mptcp/pm_netlink.c | 3 +-
net/mptcp/protocol.c | 4 +-
net/mptcp/protocol.h | 30 ++--
net/ncsi/ncsi-rsp.c | 18 +--
net/netfilter/nf_tables_api.c | 57 ++++++-
net/netfilter/nft_flow_offload.c | 16 +-
net/netfilter/nft_set_rbtree.c | 43 +++++
net/rose/af_rose.c | 16 +-
net/rose/rose_timer.c | 15 ++
net/rxrpc/conn_event.c | 12 +-
net/rxrpc/peer_event.c | 16 +-
net/rxrpc/peer_object.c | 12 +-
net/sched/cls_api.c | 57 +++----
net/sched/cls_bpf.c | 2 +
net/sched/cls_flower.c | 2 +
net/sched/cls_matchall.c | 2 +
net/sched/cls_u32.c | 4 +
net/sched/sch_api.c | 4 +
net/sched/sch_generic.c | 4 +-
net/sched/sch_sfq.c | 4 +
net/smc/af_smc.c | 2 +-
net/smc/smc_rx.c | 37 +++--
net/smc/smc_rx.h | 8 +-
net/sunrpc/svcsock.c | 12 +-
net/vmw_vsock/af_vsock.c | 5 +
net/wireless/scan.c | 7 +-
net/wireless/tests/scan.c | 2 +
net/xfrm/xfrm_replay.c | 10 +-
net/xfrm/xfrm_state.c | 93 ++++++++---
samples/landlock/sandboxer.c | 7 +
scripts/Makefile.build | 2 +
scripts/Makefile.lib | 10 +-
scripts/Makefile.modinst | 2 +-
scripts/genksyms/genksyms.c | 11 +-
scripts/genksyms/genksyms.h | 2 +-
scripts/genksyms/parse.y | 18 ++-
scripts/kconfig/confdata.c | 6 +-
scripts/kconfig/symbol.c | 1 +
security/landlock/fs.c | 11 +-
sound/core/seq/Kconfig | 4 +-
sound/pci/hda/patch_realtek.c | 1 +
sound/soc/amd/acp/acp-i2s.c | 1 +
sound/soc/codecs/Makefile | 8 +-
sound/soc/codecs/da7213.c | 2 +
sound/soc/intel/avs/apl.c | 3 +-
sound/soc/intel/avs/cnl.c | 1 +
sound/soc/intel/avs/core.c | 14 +-
sound/soc/intel/avs/loader.c | 2 +-
sound/soc/intel/avs/registers.h | 45 ++++++
sound/soc/intel/avs/skl.c | 1 +
sound/soc/intel/avs/topology.c | 4 +-
sound/soc/intel/boards/sof_sdw.c | 47 ++++--
sound/soc/mediatek/mt8365/Makefile | 2 +-
sound/soc/renesas/rz-ssi.c | 3 +-
sound/soc/rockchip/rockchip_i2s_tdm.c | 31 +++-
sound/soc/sdca/Makefile | 2 +-
sound/soc/sunxi/sun4i-spdif.c | 7 +
sound/usb/quirks.c | 2 +
tools/bootconfig/main.c | 4 +-
tools/build/Makefile.feature | 7 -
tools/build/feature/test-all.c | 5 -
tools/include/uapi/linux/if_xdp.h | 4 +-
tools/lib/bpf/btf.c | 1 +
tools/lib/bpf/btf_relocate.c | 2 +-
tools/lib/bpf/linker.c | 22 +--
tools/lib/bpf/usdt.c | 2 +-
tools/net/ynl/lib/ynl.c | 2 +-
tools/perf/MANIFEST | 1 +
tools/perf/Makefile.config | 83 ++++++----
tools/perf/builtin-inject.c | 8 +-
tools/perf/builtin-lock.c | 66 +++++---
tools/perf/builtin-report.c | 2 +-
tools/perf/builtin-top.c | 2 +-
tools/perf/builtin-trace.c | 6 +-
.../perf/tests/shell/lib/perf_json_output_lint.py | 14 +-
tools/perf/tests/shell/stat.sh | 6 +-
tools/perf/tests/shell/trace_btf_enum.sh | 8 +-
tools/perf/util/annotate.c | 76 ++++++++-
tools/perf/util/annotate.h | 15 +-
tools/perf/util/bpf-event.c | 10 +-
.../util/bpf_skel/augmented_raw_syscalls.bpf.c | 11 +-
tools/perf/util/disasm.c | 83 ++--------
tools/perf/util/env.c | 13 +-
tools/perf/util/env.h | 4 +-
tools/perf/util/expr.c | 5 +-
tools/perf/util/header.c | 8 +-
tools/perf/util/machine.c | 2 +-
tools/perf/util/maps.c | 7 +-
tools/perf/util/namespaces.c | 7 +-
tools/perf/util/namespaces.h | 3 +-
tools/perf/util/stat-display.c | 177 +++++++++++----------
tools/perf/util/symbol.c | 9 +-
.../cpupower/utils/idle_monitor/mperf_monitor.c | 15 +-
tools/power/x86/turbostat/turbostat.c | 58 ++++++-
tools/testing/ktest/ktest.pl | 7 +-
tools/testing/selftests/bpf/Makefile | 4 +-
.../testing/selftests/bpf/prog_tests/btf_distill.c | 4 +-
.../selftests/bpf/prog_tests/fill_link_info.c | 4 +
.../selftests/bpf/progs/test_fill_link_info.c | 13 +-
tools/testing/selftests/bpf/test_tc_tunnel.sh | 1 +
tools/testing/selftests/bpf/veristat.c | 1 +
tools/testing/selftests/bpf/xdp_hw_metadata.c | 2 +-
.../drivers/net/netdevsim/udp_tunnel_nic.sh | 16 +-
.../ftrace/test.d/00basic/mount_options.tc | 8 +-
tools/testing/selftests/kselftest/ktap_helpers.sh | 2 +-
tools/testing/selftests/kselftest_harness.h | 24 +--
tools/testing/selftests/landlock/Makefile | 4 +-
tools/testing/selftests/landlock/fs_test.c | 3 +-
tools/testing/selftests/mm/Makefile | 9 +-
tools/testing/selftests/net/lib/Makefile | 2 +-
tools/testing/selftests/net/mptcp/Makefile | 2 +-
tools/testing/selftests/net/openvswitch/Makefile | 2 +-
.../selftests/powerpc/benchmarks/gettimeofday.c | 2 +-
tools/testing/selftests/rseq/rseq.c | 32 +++-
tools/testing/selftests/rseq/rseq.h | 9 +-
.../testing/selftests/timers/clocksource-switch.c | 6 +-
699 files changed, 5672 insertions(+), 3241 deletions(-)
2 months, 3 weeks
- 12
- 11
[PATCH 6.1.y v2] net: dsa: fix netdev_priv() dereference before check on non-DSA netdevice events
by jetlan9@163.com
From: Vladimir Oltean <vladimir.oltean(a)nxp.com>
commit 844f104790bd69c2e4dbb9ee3eba46fde1fcea7b upstream.
After the blamed commit, we started doing this dereference for every
NETDEV_CHANGEUPPER and NETDEV_PRECHANGEUPPER event in the system.
static inline struct dsa_port *dsa_user_to_port(const struct net_device *dev)
{
struct dsa_user_priv *p = netdev_priv(dev);
return p->dp;
}
Which is obviously bogus, because not all net_devices have a netdev_priv()
of type struct dsa_user_priv. But struct dsa_user_priv is fairly small,
and p->dp means dereferencing 8 bytes starting with offset 16. Most
drivers allocate that much private memory anyway, making our access not
fault, and we discard the bogus data quickly afterwards, so this wasn't
caught.
But the dummy interface is somewhat special in that it calls
alloc_netdev() with a priv size of 0. So every netdev_priv() dereference
is invalid, and we get this when we emit a NETDEV_PRECHANGEUPPER event
with a VLAN as its new upper:
$ ip link add dummy1 type dummy
$ ip link add link dummy1 name dummy1.100 type vlan id 100
[ 43.309174] ==================================================================
[ 43.316456] BUG: KASAN: slab-out-of-bounds in dsa_user_prechangeupper+0x30/0xe8
[ 43.323835] Read of size 8 at addr ffff3f86481d2990 by task ip/374
[ 43.330058]
[ 43.342436] Call trace:
[ 43.366542] dsa_user_prechangeupper+0x30/0xe8
[ 43.371024] dsa_user_netdevice_event+0xb38/0xee8
[ 43.375768] notifier_call_chain+0xa4/0x210
[ 43.379985] raw_notifier_call_chain+0x24/0x38
[ 43.384464] __netdev_upper_dev_link+0x3ec/0x5d8
[ 43.389120] netdev_upper_dev_link+0x70/0xa8
[ 43.393424] register_vlan_dev+0x1bc/0x310
[ 43.397554] vlan_newlink+0x210/0x248
[ 43.401247] rtnl_newlink+0x9fc/0xe30
[ 43.404942] rtnetlink_rcv_msg+0x378/0x580
Avoid the kernel oops by dereferencing after the type check, as customary.
Fixes: 4c3f80d22b2e ("net: dsa: walk through all changeupper notifier functions")
Reported-and-tested-by: syzbot+d81bcd883824180500c8(a)syzkaller.appspotmail.com
Closes: https://lore.kernel.org/netdev/0000000000001d4255060e87545c@google.com/
Signed-off-by: Vladimir Oltean <vladimir.oltean(a)nxp.com>
Reviewed-by: Florian Fainelli <florian.fainelli(a)broadcom.com>
Reviewed-by: Eric Dumazet <edumazet(a)google.com>
Link: https://lore.kernel.org/r/20240110003354.2796778-1-vladimir.oltean@nxp.com
Signed-off-by: Jakub Kicinski <kuba(a)kernel.org>
Signed-off-by: Wenshan Lan <jetlan9(a)163.com>
---
v2: add the upstream commit in this commit log.
---
net/dsa/slave.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/net/dsa/slave.c b/net/dsa/slave.c
index 5fe075bf479e..caeb7e75b287 100644
--- a/net/dsa/slave.c
+++ b/net/dsa/slave.c
@@ -2592,13 +2592,14 @@ EXPORT_SYMBOL_GPL(dsa_slave_dev_check);
static int dsa_slave_changeupper(struct net_device *dev,
struct netdev_notifier_changeupper_info *info)
{
- struct dsa_port *dp = dsa_slave_to_port(dev);
struct netlink_ext_ack *extack;
int err = NOTIFY_DONE;
+ struct dsa_port *dp;
if (!dsa_slave_dev_check(dev))
return err;
+ dp = dsa_slave_to_port(dev);
extack = netdev_notifier_info_to_extack(&info->info);
if (netif_is_bridge_master(info->upper_dev)) {
@@ -2652,11 +2653,13 @@ static int dsa_slave_changeupper(struct net_device *dev,
static int dsa_slave_prechangeupper(struct net_device *dev,
struct netdev_notifier_changeupper_info *info)
{
- struct dsa_port *dp = dsa_slave_to_port(dev);
+ struct dsa_port *dp;
if (!dsa_slave_dev_check(dev))
return NOTIFY_DONE;
+ dp = dsa_slave_to_port(dev);
+
if (netif_is_bridge_master(info->upper_dev) && !info->linking)
dsa_port_pre_bridge_leave(dp, info->upper_dev);
else if (netif_is_lag_master(info->upper_dev) && !info->linking)
--
2.43.0
2 months, 3 weeks
- 1
- 0
[PATCH 6.12 000/583] 6.12.13-rc2 review
by Greg Kroah-Hartman
This is the start of the stable review cycle for the 6.12.13 release.
There are 583 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Sat, 08 Feb 2025 16:05:14 +0000.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.12.13-rc…
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.12.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
Linux 6.12.13-rc2
Jakub Kicinski <kuba(a)kernel.org>
ethtool: ntuple: fix rss + ring_cookie check
Qu Wenruo <wqu(a)suse.com>
btrfs: do proper folio cleanup when run_delalloc_nocow() failed
Tiezhu Yang <yangtiezhu(a)loongson.cn>
LoongArch: Change 8 to 14 for LOONGARCH_MAX_{BRP,WRP}
Chen Ridong <chenridong(a)huawei.com>
memcg: fix soft lockup in the OOM process
Sean Christopherson <seanjc(a)google.com>
KVM: x86: Plumb in the vCPU to kvm_x86_ops.hwapic_isr_update()
Aric Cyr <Aric.Cyr(a)amd.com>
drm/amd/display: Add hubp cache reset when powergating
Nathan Chancellor <nathan(a)kernel.org>
s390: Add '-std=gnu11' to decompressor and purgatory CFLAGS
Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com>
ASoC: da7213: Initialize the mutex
Leon Hwang <leon.hwang(a)linux.dev>
selftests/bpf: Add test to verify tailcall and freplace restrictions
Vasily Gorbik <gor(a)linux.ibm.com>
Revert "s390/mm: Allow large pages for KASAN shadow mapping"
Gal Pressman <gal(a)nvidia.com>
ethtool: Fix access to uninitialized fields in set RXNFC command
Steffen Klassert <steffen.klassert(a)secunet.com>
xfrm: Fix acquire state insertion.
Everest K.C <everestkc(a)everestkc.com.np>
xfrm: Add error handling when nla_put_u32() returns an error
Geert Uytterhoeven <geert+renesas(a)glider.be>
dma-mapping: save base/size instead of pointer to shared DMA pool
Zijun Hu <quic_zijuhu(a)quicinc.com>
of: reserved-memory: Warn for missing static reserved memory regions
Qu Wenruo <wqu(a)suse.com>
btrfs: output the reason for open_ctree() failure
Yu Kuai <yukuai3(a)huawei.com>
md/md-bitmap: Synchronize bitmap_get_stats() with bitmap lifetime
Shivaprasad G Bhat <sbhat(a)linux.ibm.com>
powerpc/pseries/iommu: Don't unset window if it was never set
Dan Carpenter <dan.carpenter(a)linaro.org>
media: imx-jpeg: Fix potential error pointer dereference in detach_pm()
Laurentiu Palcu <laurentiu.palcu(a)oss.nxp.com>
staging: media: max96712: fix kernel oops when removing module
Thinh Nguyen <Thinh.Nguyen(a)synopsys.com>
usb: gadget: f_tcm: Don't free command immediately
Calvin Owens <calvin(a)wbinvd.org>
pps: Fix a use-after-free
Laurent Pinchart <laurent.pinchart(a)ideasonboard.com>
media: uvcvideo: Fix double free in error path
Arnaud Pouliquen <arnaud.pouliquen(a)foss.st.com>
remoteproc: core: Fix ida_free call while not allocated
Patrisious Haddad <phaddad(a)nvidia.com>
RDMA/mlx5: Fix implicit ODP use after free
Matthieu Baerts (NGI0) <matttbe(a)kernel.org>
mptcp: blackhole only if 1st SYN retrans w/o MPC is accepted
Paolo Abeni <pabeni(a)redhat.com>
mptcp: handle fastopen disconnect correctly
Matthieu Baerts (NGI0) <matttbe(a)kernel.org>
mptcp: pm: only set fullmesh for subflow endp
Paolo Abeni <pabeni(a)redhat.com>
mptcp: consolidate suboption status
Abel Vesa <abel.vesa(a)linaro.org>
clk: qcom: gcc-x1e80100: Do not turn off usb_2 controller GDSC
Kyle Tso <kyletso(a)google.com>
usb: typec: tcpci: Prevent Sink disconnection before vPpsShutdown in SPR PPS
Jos Wang <joswang(a)lenovo.com>
usb: typec: tcpm: set SRC_SEND_CAPABILITIES timeout to PD_T_SENDER_RESPONSE
Ray Chi <raychi(a)google.com>
usb: dwc3: Skip resume if pm_runtime_set_active() fails
Kyle Tso <kyletso(a)google.com>
usb: dwc3: core: Defer the probe until USB power supply ready
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
usb: dwc3-am62: Fix an OF node leak in phy_syscon_pll_refclk()
Thinh Nguyen <Thinh.Nguyen(a)synopsys.com>
usb: gadget: f_tcm: Fix Get/SetInterface return value
Sean Rhodes <sean(a)starlabs.systems>
drivers/card_reader/rtsx_usb: Restore interrupt based detection
Michal Pecio <michal.pecio(a)gmail.com>
usb: xhci: Fix NULL pointer dereference on certain command aborts
Nikita Zhandarovich <n.zhandarovich(a)fintech.ru>
net: usb: rtl8150: enable basic endpoint checking
Lianqin Hu <hulianqin(a)vivo.com>
ALSA: usb-audio: Add delay quirk for iBasso DC07 Pro
Darrick J. Wong <djwong(a)kernel.org>
xfs: don't shut down the filesystem for media failures beyond end of log
Christoph Hellwig <hch(a)lst.de>
xfs: check for dead buffers in xfs_buf_find_insert
Ricardo B. Marliere <rbm(a)suse.com>
ktest.pl: Check kernelrelease return in get_version
Masami Hiramatsu (Google) <mhiramat(a)kernel.org>
selftests/ftrace: Fix to use remount when testing mount GID option
Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com>
selftests/rseq: Fix handling of glibc without rseq support
Wayne Lin <Wayne.Lin(a)amd.com>
drm/amd/display: Reduce accessing remote DPCD overhead
Pablo Neira Ayuso <pablo(a)netfilter.org>
netfilter: nf_tables: reject mismatching sum of field_len with set key length
Parth Pancholi <parth.pancholi(a)toradex.com>
kbuild: switch from lz4c to lz4 for compression
Chuck Lever <chuck.lever(a)oracle.com>
Revert "SUNRPC: Reduce thread wake-up rate when receiving large RPC messages"
Yu Kuai <yukuai3(a)huawei.com>
md/md-bitmap: move bitmap_{start, end}write to md upper layer
Yu Kuai <yukuai3(a)huawei.com>
md/raid5: implement pers->bitmap_sector()
Yu Kuai <yukuai3(a)huawei.com>
md: add a new callback pers->bitmap_sector()
Yu Kuai <yukuai3(a)huawei.com>
md/md-bitmap: remove the last parameter for bimtap_ops->endwrite()
Yu Kuai <yukuai3(a)huawei.com>
md/md-bitmap: factor behind write counters out from bitmap_{start/end}write()
Daniel Lee <chullee(a)google.com>
f2fs: Introduce linear search for dentries
Lin Yujun <linyujun809(a)huawei.com>
hexagon: Fix unbalanced spinlock in die()
Willem de Bruijn <willemb(a)google.com>
hexagon: fix using plain integer as NULL pointer warning in cmpxchg
Masahiro Yamada <masahiroy(a)kernel.org>
kconfig: fix memory leak in sym_warn_unmet_dep()
Masahiro Yamada <masahiroy(a)kernel.org>
kconfig: fix file name in warnings when loading KCONFIG_DEFCONFIG_LIST
Pali Rohár <pali(a)kernel.org>
cifs: Fix getting and setting SACLs over SMB1
Pali Rohár <pali(a)kernel.org>
cifs: Validate EAs for WSL reparse points
Len Brown <len.brown(a)intel.com>
tools/power turbostat: Fix forked child affinity regression
Daniel Baluta <daniel.baluta(a)nxp.com>
ASoC: amd: acp: Fix possible deadlock
Jens Axboe <axboe(a)kernel.dk>
io_uring/uring_cmd: use cached cmd_op in io_uring_cmd_sock()
Detlev Casanova <detlev.casanova(a)collabora.com>
ASoC: rockchip: i2s_tdm: Re-add the set_sysclk callback
Palmer Dabbelt <palmer(a)rivosinc.com>
RISC-V: Mark riscv_v_init() as __init
Patryk Wlazlyn <patryk.wlazlyn(a)linux.intel.com>
tools/power turbostat: Fix PMT mmaped file size rounding
Patryk Wlazlyn <patryk.wlazlyn(a)linux.intel.com>
tools/power turbostat: Allow using cpu device in perf counters on hybrid platforms
Al Viro <viro(a)zeniv.linux.org.uk>
hostfs: fix string handling in __dentry_name()
Masahiro Yamada <masahiroy(a)kernel.org>
genksyms: fix memory leak when the same symbol is read from *.symref file
Masahiro Yamada <masahiroy(a)kernel.org>
genksyms: fix memory leak when the same symbol is added from source
Eric Dumazet <edumazet(a)google.com>
net: hsr: fix fill_frame_info() regression vs VLAN packets
Kory Maincent <kory.maincent(a)bootlin.com>
net: sh_eth: Fix missing rtnl lock in suspend/resume path
Kory Maincent <kory.maincent(a)bootlin.com>
net: ravb: Fix missing rtnl lock in suspend/resume path
Toke Høiland-Jørgensen <toke(a)redhat.com>
net: xdp: Disallow attaching device-bound programs in generic mode
Jon Maloy <jmaloy(a)redhat.com>
tcp: correct handling of extreme memory squeeze
Rafał Miłecki <rafal(a)milecki.pl>
bgmac: reduce max frame size to support just MTU 1500
Michal Luczaj <mhal(a)rbox.co>
vsock: Allow retrying on connect() failure
Neeraj Sanjay Kale <neeraj.sanjaykale(a)nxp.com>
Bluetooth: btnxpuart: Fix glitches seen in dual A2DP streaming
Douglas Anderson <dianders(a)chromium.org>
Bluetooth: btusb: mediatek: Add locks for usb_driver_claim_interface()
Namhyung Kim <namhyung(a)kernel.org>
perf test: Skip syscall enum test if no landlock syscall
Howard Chu <howardchu95(a)gmail.com>
perf trace: Fix runtime error of index out of bounds
Heiko Carstens <hca(a)linux.ibm.com>
s390/sclp: Initialize sclp subsystem via arch_cpu_finalize_init()
Kunihiko Hayashi <hayashi.kunihiko(a)socionext.com>
net: stmmac: Limit FIFO size by hardware capability
Kunihiko Hayashi <hayashi.kunihiko(a)socionext.com>
net: stmmac: Limit the number of MTL queues to hardware capability
Gal Pressman <gal(a)nvidia.com>
ethtool: Fix set RXNFC command with symmetric RSS hash
Edward Cree <ecree.xilinx(a)gmail.com>
net: ethtool: only allow set_rxnfc with rss + ring_cookie if driver opts in
Thomas Weißschuh <linux(a)weissschuh.net>
ptp: Properly handle compat ioctls
Chenyuan Yang <chenyuan0y(a)gmail.com>
net: davicom: fix UAF in dm9000_drv_remove
Shigeru Yoshida <syoshida(a)redhat.com>
vxlan: Fix uninit-value in vxlan_vnifilter_dump()
David Howells <dhowells(a)redhat.com>
rxrpc, afs: Fix peer hash locking vs RCU callback
Jan Stancek <jstancek(a)redhat.com>
selftests: net/{lib,openvswitch}: extend CFLAGS to keep options from environment
Jan Stancek <jstancek(a)redhat.com>
selftests: mptcp: extend CFLAGS to keep options from environment
Jakub Kicinski <kuba(a)kernel.org>
tools: ynl: c: correct reverse decode of empty attrs
Jakub Kicinski <kuba(a)kernel.org>
net: netdevsim: try to close UDP port harness races
Eric Dumazet <edumazet(a)google.com>
net: rose: fix timer races against user threads
Paul Fertser <fercerpav(a)gmail.com>
net/ncsi: use dev_set_mac_address() for Get MC MAC Address handling
Vasily Gorbik <gor(a)linux.ibm.com>
s390/mm: Allow large pages for KASAN shadow mapping
Michal Swiatkowski <michal.swiatkowski(a)linux.intel.com>
iavf: allow changing VLAN state without calling PF
Mateusz Polchlopek <mateusz.polchlopek(a)intel.com>
ice: remove invalid parameter of equalizer
Mateusz Polchlopek <mateusz.polchlopek(a)intel.com>
ice: extend dump serdes equalizer values feature
Mateusz Polchlopek <mateusz.polchlopek(a)intel.com>
ice: rework of dump serdes equalizer values feature
Przemek Kitszel <przemyslaw.kitszel(a)intel.com>
ice: fix ice_parser_rt::bst_key array size
Marco Leogrande <leogrande(a)google.com>
idpf: convert workqueues to unbound
Manoj Vishwanathan <manojvishy(a)google.com>
idpf: Acquire the lock before accessing the xn->salt
Emil Tantilov <emil.s.tantilov(a)intel.com>
idpf: fix transaction timeouts on reset
Emil Tantilov <emil.s.tantilov(a)intel.com>
idpf: add read memory barrier when checking descriptor done bit
Sebastian Sewior <bigeasy(a)linutronix.de>
xfrm: Don't disable preemption while looking up cache state.
Howard Chu <howardchu95(a)gmail.com>
perf trace: Fix BPF loading failure (-E2BIG)
Wentao Liang <vulab(a)iscas.ac.cn>
PM: hibernate: Add error handling for syscore_suspend()
Eric Dumazet <edumazet(a)google.com>
ipmr: do not call mr_mfc_uses_dev() for unres entries
Dheeraj Reddy Jonnalagadda <dheeraj.linuxdev(a)gmail.com>
net: fec: implement TSO descriptor cleanup
Dimitri Fedrau <dima.fedrau(a)gmail.com>
net: phy: marvell-88q2xxx: Fix temperature measurement with reset-gpios
Ahmad Fatoum <a.fatoum(a)pengutronix.de>
gpio: mxc: remove dead code after switch to DT-only
Jian Shen <shenjian15(a)huawei.com>
net: hns3: fix oops when unload drivers paralleling
Christian Marangi <ansuelsmth(a)gmail.com>
net: airoha: Fix wrong GDM4 register definition
Alexander Stein <alexander.stein(a)ew.tq-group.com>
regulator: core: Add missing newline character
pangliyuan <pangliyuan1(a)huawei.com>
ubifs: skip dumping tnc tree when zroot is null
Ming Wang <wangming01(a)loongson.cn>
rtc: loongson: clear TOY_MATCH0_REG in loongson_rtc_isr()
Oleksij Rempel <o.rempel(a)pengutronix.de>
rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read
Dan Carpenter <dan.carpenter(a)linaro.org>
rtc: tps6594: Fix integer overflow on 32bit systems
Alexandre Cassen <acassen(a)corp.free.fr>
xfrm: delete intermediate secpath entry in packet offload mode
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
dmaengine: ti: edma: fix OF node reference leaks in edma_driver
Florian Westphal <fw(a)strlen.de>
xfrm: state: fix out-of-bounds read during lookup
Steffen Klassert <steffen.klassert(a)secunet.com>
xfrm: Add an inbound percpu state cache.
Steffen Klassert <steffen.klassert(a)secunet.com>
xfrm: Cache used outbound xfrm states at the policy.
Steffen Klassert <steffen.klassert(a)secunet.com>
xfrm: Add support for per cpu xfrm state handling.
Jianbo Liu <jianbol(a)nvidia.com>
xfrm: replay: Fix the update of replay_esn->oseq_hi for GSO
Luo Yifan <luoyifan(a)cmss.chinamobile.com>
tools/bootconfig: Fix the wrong format specifier
Huacai Chen <chenhuacai(a)kernel.org>
LoongArch: Fix warnings during S3 suspend
Olga Kornievskaia <okorniev(a)redhat.com>
NFSv4.2: mark OFFLOAD_CANCEL MOVEABLE
Olga Kornievskaia <okorniev(a)redhat.com>
NFSv4.2: fix COPY_NOTIFY xdr buf size calculation
Mike Snitzer <snitzer(a)kernel.org>
nfs: fix incorrect error handling in LOCALIO
John Ogness <john.ogness(a)linutronix.de>
serial: 8250: Adjust the timeout for FIFO mode
Jiri Slaby (SUSE) <jirislaby(a)kernel.org>
tty: mips_ejtag_fdc: fix one more u8 warning
Zijun Hu <quic_zijuhu(a)quicinc.com>
driver core: class: Fix wild pointer dereferences in API class_dev_iter_next()
Christophe Leroy <christophe.leroy(a)csgroup.eu>
module: Don't fail module loading when setting ro_after_init section RO failed
Sebastian Andrzej Siewior <bigeasy(a)linutronix.de>
module: Extend the preempt disabled section in dereference_symbol_descriptor().
Ryusuke Konishi <konishi.ryusuke(a)gmail.com>
nilfs2: handle errors that nilfs_prepare_chunk() may return
Ryusuke Konishi <konishi.ryusuke(a)gmail.com>
nilfs2: protect access to buffers with no active references
Ryusuke Konishi <konishi.ryusuke(a)gmail.com>
nilfs2: do not force clear folio if buffer is referenced
Su Yue <glass.su(a)suse.com>
ocfs2: mark dquot as inactive if failed to start trans while releasing dquot
Gao Xiang <xiang(a)kernel.org>
erofs: fix potential return value overflow of z_erofs_shrink_scan()
Gao Xiang <xiang(a)kernel.org>
erofs: sunset `struct erofs_workgroup`
Gao Xiang <xiang(a)kernel.org>
erofs: move erofs_workgroup operations into zdata.c
Gao Xiang <xiang(a)kernel.org>
erofs: get rid of erofs_{find,insert}_workgroup
Charles Han <hanchunchao(a)inspur.com>
firewire: test: Fix potential null dereference in firewire kunit test
Guixin Liu <kanie(a)linux.alibaba.com>
scsi: mpi3mr: Fix possible crash when setting up bsg fails
Guixin Liu <kanie(a)linux.alibaba.com>
scsi: ufs: bsg: Delete bsg_dev when setting up bsg fails
Paul Menzel <pmenzel(a)molgen.mpg.de>
scsi: mpt3sas: Set ioc->manu_pg11.EEDPTagMode directly to 1
Daire McNamara <daire.mcnamara(a)microchip.com>
PCI: microchip: Set inbound address translation for coherent or non-coherent mode
Conor Dooley <conor.dooley(a)microchip.com>
PCI: microchip: Add support for using either Root Port 1 or 2
Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org>
PCI: endpoint: pci-epf-test: Fix check for DMA MEMCPY test
Mohamed Khalfella <khalfella(a)gmail.com>
PCI: endpoint: pci-epf-test: Set dma_chan_rx pointer to NULL on error
Richard Zhu <hongxing.zhu(a)nxp.com>
PCI: dwc: Always stop link in the dw_pcie_suspend_noirq
Krishna chaitanya chundru <quic_krichai(a)quicinc.com>
PCI: qcom: Update ICC and OPP values after Link Up event
Richard Zhu <hongxing.zhu(a)nxp.com>
PCI: imx6: Add missing reference clock disable logic
Richard Zhu <hongxing.zhu(a)nxp.com>
PCI: imx6: Deassert apps_reset in imx_pcie_deassert_core_reset()
Richard Zhu <hongxing.zhu(a)nxp.com>
PCI: imx6: Skip controller_id generation logic for i.MX7D
Frank Li <Frank.Li(a)nxp.com>
PCI: imx6: Configure PHY based on Root Complex or Endpoint mode
King Dix <kingdix10(a)qq.com>
PCI: rcar-ep: Fix incorrect variable used when calling devm_request_mem_region()
Desnes Nunes <desnesn(a)redhat.com>
media: dvb-usb-v2: af9035: fix ISO C90 compilation error on af9035_i2c_master_xfer
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
staging: media: imx: fix OF node leak in imx_media_add_of_subdevs()
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
watchdog: rti_wdt: Fix an OF node leak in rti_wdt_probe()
Laurentiu Palcu <laurentiu.palcu(a)oss.nxp.com>
media: nxp: imx8-isi: fix v4l2-compliance test errors
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
mtd: hyperbus: hbmc-am654: fix an OF node reference leak
david regan <dregan(a)broadcom.com>
mtd: rawnand: brcmnand: fix status read of brcmnand_waitfunc
Ricardo Ribalda <ribalda(a)chromium.org>
media: uvcvideo: Propagate buf->error to userspace
Jiasheng Jiang <jiashengjiangcool(a)gmail.com>
media: camif-core: Add check for clk_enable()
Jiasheng Jiang <jiashengjiangcool(a)gmail.com>
media: mipi-csis: Add check for clk_enable()
Dave Stevenson <dave.stevenson(a)raspberrypi.com>
media: i2c: ov9282: Correct the exposure offset
Luca Weiss <luca.weiss(a)fairphone.com>
media: i2c: imx412: Add missing newline to prints
Dave Stevenson <dave.stevenson(a)raspberrypi.com>
media: i2c: imx290: Register 0x3011 varies between imx327 and imx290
Jiasheng Jiang <jiashengjiangcool(a)gmail.com>
media: marvell: Add check for clk_enable()
Chen-Yu Tsai <wenst(a)chromium.org>
remoteproc: mtk_scp: Only populate devices for SCP cores
Zijun Hu <quic_zijuhu(a)quicinc.com>
PCI: endpoint: Destroy the EPC device in devm_pci_epc_destroy()
Chen Ni <nichen(a)iscas.ac.cn>
media: lmedm04: Handle errors for lme2510_int_read
Oliver Neukum <oneukum(a)suse.com>
media: rc: iguanair: handle timeouts
Dmytro Maluka <dmaluka(a)chromium.org>
of/fdt: Restore possibility to use both ACPI and FDT from bootloader
Oreoluwa Babatunde <quic_obabatun(a)quicinc.com>
of: reserved_mem: Restructure how the reserved memory regions are processed
Mark Brown <broonie(a)kernel.org>
spi: omap2-mcspi: Correctly handle devm_clk_get_optional() errors
Qasim Ijaz <qasdev00(a)gmail.com>
iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index()
Suraj Sonawane <surajsonawane0215(a)gmail.com>
iommu: iommufd: fix WARNING in iommufd_device_unbind
Zhu Yanjun <yanjun.zhu(a)linux.dev>
RDMA/rxe: Fix the warning "__rxe_cleanup+0x12c/0x170 [rdma_rxe]"
Anumula Murali Mohan Reddy <anumula(a)chelsio.com>
RDMA/cxgb4: Notify rdma stack for IB_EVENT_QP_LAST_WQE_REACHED event
Randy Dunlap <rdunlap(a)infradead.org>
efi: sysfb_efi: fix W=1 warnings when EFI is not set
Zijun Hu <quic_zijuhu(a)quicinc.com>
of: reserved-memory: Do not make kmemleak ignore freed address
Zijun Hu <quic_zijuhu(a)quicinc.com>
of: property: Avoiding using uninitialized variable @imaplen in parse_interrupt_map()
Michael Guralnik <michaelgur(a)nvidia.com>
RDMA/mlx5: Fix indirect mkey ODP page count
Pei Xiao <xiaopei01(a)kylinos.cn>
i3c: dw: Fix use-after-free in dw_i3c_master driver due to race condition
Joel Stanley <joel(a)jms.id.au>
arm64: dts: qcom: x1e80100-romulus: Update firmware nodes
Akhil R <akhilrajeev(a)nvidia.com>
arm64: tegra: Fix DMA ID for SPI2
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
fbdev: omapfb: Fix an OF node leak in dss_of_port_get_parent_device()
Josua Mayer <josua(a)solid-run.com>
arm64: dts: ti: k3-am642-hummingboard-t: Convert overlay to board dts
Michael Riesch <michael.riesch(a)wolfvision.net>
arm64: dts: rockchip: fix num-channels property of wolfvision pf5 mic
Rafał Miłecki <rafal(a)milecki.pl>
ARM: dts: mediatek: mt7623: fix IR nodename
Josua Mayer <josua(a)solid-run.com>
arm64: dts: marvell: cn9131-cf-solidwan: fix cp1 comphy links
Vladimir Zapolskiy <vladimir.zapolskiy(a)linaro.org>
arm64: dts: qcom: sm8250: Fix interrupt types of camss interrupts
Vladimir Zapolskiy <vladimir.zapolskiy(a)linaro.org>
arm64: dts: qcom: sdm845: Fix interrupt types of camss interrupts
Vladimir Zapolskiy <vladimir.zapolskiy(a)linaro.org>
arm64: dts: qcom: sc8280xp: Fix interrupt type of camss interrupts
Val Packett <val(a)packett.cool>
arm64: dts: mediatek: add per-SoC compatibles for keypad nodes
Jason-JH.Lin <jason-jh.lin(a)mediatek.com>
dts: arm64: mediatek: mt8195: Remove MT8183 compatible for OVL
Frank Wunderlich <frank-w(a)public-files.de>
arm64: dts: mediatek: mt7988: Add missing clock-div property for i2c
Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org>
firmware: qcom: scm: Cleanup global '__scm' on probe failures
Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com>
arm64: dts: qcom: sc8280xp: Fix up remoteproc register space sizes
Neil Armstrong <neil.armstrong(a)linaro.org>
arm64: dts: qcom: sm8150-microsoft-surface-duo: fix typos in da7280 properties
Neil Armstrong <neil.armstrong(a)linaro.org>
arm64: dts: qcom: sc7180: fix psci power domain node names
Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org>
arm64: dts: qcom: sc7180: change labels to lower-case
Neil Armstrong <neil.armstrong(a)linaro.org>
arm64: dts: qcom: sc7180-trogdor-pompom: rename 5v-choke thermal zone
Neil Armstrong <neil.armstrong(a)linaro.org>
arm64: dts: qcom: sc7180-trogdor-quackingstick: add missing avee-supply
Neil Armstrong <neil.armstrong(a)linaro.org>
arm64: dts: qcom: sdm845-db845c-navigation-mezzanine: remove disabled ov7251 camera
Bryan O'Donoghue <bryan.odonoghue(a)linaro.org>
arm64: dts: qcom: sdm845-db845c-navigation-mezzanine: Convert mezzanine riser to dtso
Neil Armstrong <neil.armstrong(a)linaro.org>
arm64: dts: qcom: qcm6490-shift-otter: remove invalid orientation-switch
Aaro Koskinen <aaro.koskinen(a)iki.fi>
ARM: omap1: Fix up the Retu IRQ on Nokia 770
Junxian Huang <huangjunxian6(a)hisilicon.com>
RDMA/hns: Clean up the legacy CONFIG_INFINIBAND_HNS
Li Zhijian <lizhijian(a)fujitsu.com>
RDMA/rtrs: Add missing deinit() call
Kalesh AP <kalesh-anakkur.purayil(a)broadcom.com>
RDMA/bnxt_re: Fix to drop reference to the mmap entry in case of error
Vasily Khoruzhick <anarsoul(a)gmail.com>
arm64: dts: allwinner: a64: explicitly assign clock parent for TCON0
Jonas Karlman <jonas(a)kwiboo.se>
arm64: dts: rockchip: Fix sdmmc access on rk3308-rock-s0 v1.1 boards
Bryan Brattlof <bb(a)ti.com>
arm64: dts: ti: k3-am62a: Remove duplicate GICR reg
Bryan Brattlof <bb(a)ti.com>
arm64: dts: ti: k3-am62: Remove duplicate GICR reg
Cristian Birsan <cristian.birsan(a)microchip.com>
ARM: dts: microchip: sama5d27_wlsom1_ek: Add no-1-8-v property to sdmmc0 node
Cristian Birsan <cristian.birsan(a)microchip.com>
ARM: dts: microchip: sama5d29_curiosity: Add no-1-8-v property to sdmmc0 node
Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org>
arm64: dts: qcom: sm8650: Fix CDSP context banks unit addresses
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: x1e80100: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: sm8650: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: sm8550: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: sm8450: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: sm8350: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: sm8250: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: sm6375: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: sm6125: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: sm4450: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: sdx75: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: sc7280: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: qrb4210-rb2: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: q[dr]u1000: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: qcs404: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: msm8994: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: msm8939: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: msm8916: correct sleep clock frequency
Luca Weiss <luca.weiss(a)fairphone.com>
arm64: dts: qcom: sm7225-fairphone-fp4: Drop extra qcom,msm-id value
Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com>
arm64: dts: qcom: msm8994: Describe USB interrupts
Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com>
arm64: dts: qcom: msm8996: Fix up USB3 interrupts
Ross Burton <ross.burton(a)arm.com>
arm64: defconfig: remove obsolete CONFIG_SM_DISPCC_8650
Taniya Das <quic_tdas(a)quicinc.com>
arm64: dts: qcom: sa8775p: Update sleep_clk frequency
Marek Vasut <marex(a)denx.de>
arm64: dts: qcom: msm8996-xiaomi-gemini: Fix LP5562 LED1 reg property
Chen-Yu Tsai <wenst(a)chromium.org>
arm64: dts: mediatek: mt8183-kukui-jacuzzi: Drop pp3300_panel voltage settings
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
memory: tegra20-emc: fix an OF node reference bug in tegra_emc_find_node_by_ram_code()
Marek Vasut <marex(a)denx.de>
ARM: dts: stm32: Swap USART3 and UART8 alias on STM32MP15xx DHCOM SoM
Marek Vasut <marex(a)denx.de>
ARM: dts: stm32: Deduplicate serial aliases and chosen node for STM32MP15xx DHCOM SoM
Nícolas F. R. A. Prado <nfraprado(a)collabora.com>
arm64: dts: mediatek: mt8195: Remove suspend-breaking reset from pcie1
Ma Ke <make_ruc2021(a)163.com>
RDMA/srp: Fix error handling in srp_add_port
Hsin-Te Yuan <yuanhsinte(a)chromium.org>
arm64: dts: mediatek: mt8183: willow: Support second source touchscreen
Hsin-Te Yuan <yuanhsinte(a)chromium.org>
arm64: dts: mediatek: mt8183: kenzo: Support second source touchscreen
zhenwei pi <pizhenwei(a)bytedance.com>
RDMA/rxe: Fix mismatched max_msg_sz
Mamta Shukla <mamta.shukla(a)leica-geosystems.com>
arm: dts: socfpga: use reset-name "stmmaceth-ocp" instead of "ahb"
Ricky CX Wu <ricky.cx.wu.wiwynn(a)gmail.com>
ARM: dts: aspeed: yosemite4: correct the compatible string for max31790
Ricky CX Wu <ricky.cx.wu.wiwynn(a)gmail.com>
ARM: dts: aspeed: yosemite4: Add required properties for IOE on fan boards
Ricky CX Wu <ricky.cx.wu.wiwynn(a)gmail.com>
ARM: dts: aspeed: yosemite4: correct the compatible string of adm1272
Chen-Yu Tsai <wenst(a)chromium.org>
arm64: dts: mediatek: mt8173-evb: Fix MT6397 PMIC sub-node names
Chen-Yu Tsai <wenst(a)chromium.org>
arm64: dts: mediatek: mt8173-elm: Fix MT6397 PMIC sub-node names
Chen-Yu Tsai <wenst(a)chromium.org>
arm64: dts: mediatek: mt8395-genio-1200-evk: Drop regulator-compatible property
Chen-Yu Tsai <wenst(a)chromium.org>
arm64: dts: medaitek: mt8395-nio-12l: Drop regulator-compatible property
Chen-Yu Tsai <wenst(a)chromium.org>
arm64: dts: mediatek: mt8195-demo: Drop regulator-compatible property
Chen-Yu Tsai <wenst(a)chromium.org>
arm64: dts: mediatek: mt8195-cherry: Drop regulator-compatible property
Chen-Yu Tsai <wenst(a)chromium.org>
arm64: dts: mediatek: mt8192-asurada: Drop regulator-compatible property
Chen-Yu Tsai <wenst(a)chromium.org>
arm64: dts: mediatek: mt8173-elm: Drop regulator-compatible property
Chen-Yu Tsai <wenst(a)chromium.org>
arm64: dts: mediatek: mt8173-evb: Drop regulator-compatible property
Dan Carpenter <dan.carpenter(a)linaro.org>
rdma/cxgb4: Prevent potential integer overflow on 32bit
Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com>
arm64: dts: renesas: rzg3s-smarc: Fix the debug serial alias
Leon Romanovsky <leon(a)kernel.org>
RDMA/mlx4: Avoid false error about access to uninitialized gids array
Arnaud Pouliquen <arnaud.pouliquen(a)foss.st.com>
ARM: dts: stm32: Fix IPCC EXTI declaration on stm32mp151
Marek Vasut <marex(a)denx.de>
ARM: dts: stm32: Increase CPU core voltage on STM32MP13xx DHCOR SoM
Val Packett <val(a)packett.cool>
arm64: dts: mediatek: mt8516: reserve 192 KiB for TF-A
Val Packett <val(a)packett.cool>
arm64: dts: mediatek: mt8516: add i2c clock-div property
Val Packett <val(a)packett.cool>
arm64: dts: mediatek: mt8516: fix wdt irq type
Val Packett <val(a)packett.cool>
arm64: dts: mediatek: mt8516: fix GICv2 range
Hsin-Yi Wang <hsinyi(a)chromium.org>
arm64: dts: mt8183: set DMIC one-wire mode on Damu
Nícolas F. R. A. Prado <nfraprado(a)collabora.com>
arm64: dts: mediatek: mt8186: Move wakeup to MTU3 to get working suspend
Alexander Stein <alexander.stein(a)ew.tq-group.com>
ARM: dts: imx7-tqma7: add missing vs-supply for LM75A (rev. 01xxx)
Nicolas Ferre <nicolas.ferre(a)microchip.com>
ARM: at91: pm: change BU Power Switch to automatic mode
Javier Carrasco <javier.carrasco.cruz(a)gmail.com>
soc: atmel: fix device_node release in atmel_soc_device_init()
Hou Tao <houtao1(a)huawei.com>
bpf: Cancel the running bpf_timer through kworker for PREEMPT_RT
Pali Rohár <pali(a)kernel.org>
cifs: Use cifs_autodisable_serverino() for disabling CIFS_MOUNT_SERVER_INUM in readdir.c
Paulo Alcantara <pc(a)manguebit.com>
smb: client: fix oops due to unset link speed
Herbert Xu <herbert(a)gondor.apana.org.au>
rhashtable: Fix rhashtable_try_insert test
Chen Ridong <chenridong(a)huawei.com>
padata: avoid UAF for reorder_work
Chen Ridong <chenridong(a)huawei.com>
padata: add pd get/put refcnt helper
Chen Ridong <chenridong(a)huawei.com>
padata: fix UAF in padata_reorder
Chun-Tse Shao <ctshao(a)google.com>
perf lock: Fix parse_lock_type which only retrieve one lock flag
Vishal Chourasia <vishalc(a)linux.ibm.com>
tools: Sync if_xdp.h uapi tooling header
Kailang Yang <kailang(a)realtek.com>
ALSA: hda/realtek - Fixed headphone distorted sound on Acer Aspire A115-31 laptop
Alejandro Jimenez <alejandro.j.jimenez(a)oracle.com>
iommu/amd: Remove unused amd_iommu_domain_update()
Daniel Xu <dxu(a)dxuuu.xyz>
bpf: tcp: Mark bpf_load_hdr_opt() arg2 as read-write
Pu Lehui <pulehui(a)huawei.com>
libbpf: Fix incorrect traversal end type ID when marking BTF_IS_EMBEDDED
Pu Lehui <pulehui(a)huawei.com>
libbpf: Fix return zero when elf_begin failed
Pu Lehui <pulehui(a)huawei.com>
selftests/bpf: Fix btf leak on new btf alloc failure in btf_distill test
Puranjay Mohan <puranjay(a)kernel.org>
bpf: Send signals asynchronously if !preemptible
Simon Trimmer <simont(a)opensource.cirrus.com>
ASoC: Intel: sof_sdw: Fix DMI match for Lenovo 83JX, 83MC and 83NM
Simon Trimmer <simont(a)opensource.cirrus.com>
ASoC: Intel: sof_sdw: Fix DMI match for Lenovo 83LC
Ian Rogers <irogers(a)google.com>
perf inject: Fix use without initialization of local variables
Maciej S. Szmigiero <mail(a)maciej.szmigiero.name>
pinctrl: amd: Take suspend type into consideration which pins are non-wake
Mingwei Zheng <zmw12306(a)gmail.com>
pinctrl: stm32: Add check for clk_enable()
Jiachen Zhang <me(a)jcix.top>
perf report: Fix misleading help message about --demangle
Cezary Rojewski <cezary.rojewski(a)intel.com>
ALSA: hda: Fix compilation of snd_hdac_adsp_xxx() helpers
Arnaldo Carvalho de Melo <acme(a)kernel.org>
perf MANIFEST: Add arch/*/include/uapi/asm/bpf_perf_event.h to the perf tarball
Amadeusz Sławiński <amadeuszx.slawinski(a)linux.intel.com>
ASoC: Intel: avs: Fix init-config parsing
Cezary Rojewski <cezary.rojewski(a)intel.com>
ASoC: Intel: avs: Fix theoretical infinite loop
Cezary Rojewski <cezary.rojewski(a)intel.com>
ASoC: Intel: avs: Fix the minimum firmware version numbers
Cezary Rojewski <cezary.rojewski(a)intel.com>
ASoC: Intel: avs: Do not readq() u32 registers
Arnaldo Carvalho de Melo <acme(a)redhat.com>
perf namespaces: Fixup the nsinfo__in_pidns() return type, its bool
Arnaldo Carvalho de Melo <acme(a)redhat.com>
perf namespaces: Introduce nsinfo__set_in_pidns()
Christophe Leroy <christophe.leroy(a)csgroup.eu>
perf machine: Don't ignore _etext when not a text symbol
Christophe Leroy <christophe.leroy(a)csgroup.eu>
perf maps: Fix display of kernel symbols
Arnaldo Carvalho de Melo <acme(a)redhat.com>
perf top: Don't complain about lack of vmlinux when not resolving some kernel samples
Jiayuan Chen <mrpre(a)163.com>
selftests/bpf: Avoid generating untracked files when running bpf selftests
Thomas Weißschuh <linux(a)weissschuh.net>
padata: fix sysfs store callback check
Martin KaFai Lau <martin.lau(a)kernel.org>
bpf: Reject struct_ops registration that uses module ptr and the module btf_id is missing
Takashi Iwai <tiwai(a)suse.de>
ALSA: seq: Make dependency on UMP clearer
Pei Xiao <xiaopei01(a)kylinos.cn>
bpf: Use refcount_t instead of atomic_t for mmap_count
Kanchana P Sridhar <kanchana.p.sridhar(a)intel.com>
crypto: iaa - Fix IAA disabling that occurs when sync_mode is set to 'async'
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
crypto: ixp4xx - fix OF node reference leaks in init_ixp_crypto()
Wenkai Lin <linwenkai6(a)hisilicon.com>
crypto: hisilicon/sec2 - fix for aead invalid authsize
Wenkai Lin <linwenkai6(a)hisilicon.com>
crypto: hisilicon/sec2 - fix for aead icv error
Breno Leitao <leitao(a)debian.org>
rhashtable: Fix potential deadlock by moving schedule_work outside lock
Martin KaFai Lau <martin.lau(a)kernel.org>
bpf: bpf_local_storage: Always use bpf_mem_alloc in PREEMPT_RT
Ba Jing <bajing(a)cmss.chinamobile.com>
ktest.pl: Remove unused declarations in run_bisect_test function
Mingwei Zheng <zmw12306(a)gmail.com>
pinctrl: nomadik: Add check for clk_enable()
Levi Yun <yeoreum.yun(a)arm.com>
perf expr: Initialize is_test value in expr__ctx_new()
Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com>
ASoC: renesas: rz-ssi: Use only the proper amount of dividers
Zhongqiu Han <quic_zhonhan(a)quicinc.com>
perf bpf: Fix two memory leakages when calling perf_env__insert_bpf_prog_info()
Zhongqiu Han <quic_zhonhan(a)quicinc.com>
perf header: Fix one memory leakage in process_bpf_prog_info()
Zhongqiu Han <quic_zhonhan(a)quicinc.com>
perf header: Fix one memory leakage in process_bpf_btf()
Gaurav Jain <gaurav.jain(a)nxp.com>
crypto: caam - use JobR's space to access page 0 regs
Herbert Xu <herbert(a)gondor.apana.org.au>
crypto: api - Fix boot-up self-test race
Chen Ridong <chenridong(a)huawei.com>
crypto: tegra - do not transfer req when tegra init fails
Jason Gunthorpe <jgg(a)ziepe.ca>
iommu/arm-smmuv3: Update comments about ATS and bypass
Saket Kumar Bhaskar <skb99(a)linux.ibm.com>
selftests/bpf: Fix fill_link_info selftest on powerpc
George Lander <lander(a)jagmn.com>
ASoC: sun4i-spdif: Add clock multiplier settings
Bard Liao <yung-chuan.liao(a)linux.intel.com>
ASoC: Intel: sof_sdw: correct mach_params->dmic_num
Quentin Monnet <qmo(a)kernel.org>
libbpf: Fix segfault due to libelf functions not setting errno
Marco Leogrande <leogrande(a)google.com>
tools/testing/selftests/bpf/test_tc_tunnel.sh: Fix wait for server bind
Takashi Iwai <tiwai(a)suse.de>
ASoC: wcd937x: Use *-y for Makefile
Takashi Iwai <tiwai(a)suse.de>
ASoC: mediatek: mt8365: Use *-y for Makefile
Takashi Iwai <tiwai(a)suse.de>
ASoC: cs40l50: Use *-y for Makefile
Andrii Nakryiko <andrii(a)kernel.org>
libbpf: don't adjust USDT semaphore address if .stapsdt.base addr is missing
Christophe JAILLET <christophe.jaillet(a)wanadoo.fr>
pinctrl: samsung: Fix irq handling if an error occurs in exynos_irq_demux_eint16_31()
Pei Xiao <xiaopei01(a)kylinos.cn>
platform/x86: x86-android-tablets: make platform data be static
Pei Xiao <xiaopei01(a)kylinos.cn>
platform/mellanox: mlxbf-pmc: incorrect type in assignment
Nikita Zhandarovich <n.zhandarovich(a)fintech.ru>
net/rose: prevent integer overflows in rose_setsockopt()
Mahdi Arghavani <ma.arghavani(a)yahoo.com>
tcp_cubic: fix incorrect HyStart round start detection
Roger Quadros <rogerq(a)kernel.org>
net: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns()
Xin Long <lucien.xin(a)gmail.com>
net: sched: refine software bypass handling in tc_run
Florian Westphal <fw(a)strlen.de>
netfilter: nft_flow_offload: update tcp state flags under lock
Pablo Neira Ayuso <pablo(a)netfilter.org>
netfilter: nf_tables: fix set size with rbtree backend
Jamal Hadi Salim <jhs(a)mojatatu.com>
net: sched: Disallow replacing of child qdisc from one parent to another
Antoine Tenart <atenart(a)kernel.org>
net: avoid race between device unregistration and ethnl ops
Shinas Rasheed <srasheed(a)marvell.com>
octeon_ep_vf: remove firmware stats fetch in ndo_get_stats64
Shinas Rasheed <srasheed(a)marvell.com>
octeon_ep: remove firmware stats fetch in ndo_get_stats64
Maher Sanalla <msanalla(a)nvidia.com>
net/mlxfw: Drop hard coded max FW flash image size
Liu Jian <liujian56(a)huawei.com>
net: let net.core.dev_weight always be non-zero
Mickaël Salaün <mic(a)digikod.net>
selftests/landlock: Fix error message
Mickaël Salaün <mic(a)digikod.net>
selftests/landlock: Fix build with non-default pthread linking
Mingwei Zheng <zmw12306(a)gmail.com>
pwm: stm32: Add check for clk_enable()
Kuniyuki Iwashima <kuniyu(a)amazon.com>
dev: Acquire netdev_rename_lock before restoring dev->name in dev_change_name().
Bo Gan <ganboing(a)gmail.com>
clk: analogbits: Fix incorrect calculation of vco rate delta
Eric Dumazet <edumazet(a)google.com>
inet: ipmr: fix data-races
Max Chou <max.chou(a)realtek.com>
Bluetooth: btrtl: check for NULL in btrtl_setup_realtek()
Charles Han <hanchunchao(a)inspur.com>
Bluetooth: btbcm: Fix NULL deref in btbcm_get_board_name()
Dmitry Antipov <dmantipov(a)yandex.ru>
wifi: cfg80211: adjust allocation of colocated AP data
Dmitry V. Levin <ldv(a)strace.io>
selftests: harness: fix printing of mismatch values in __EXPECT()
Geert Uytterhoeven <geert+renesas(a)glider.be>
selftests: timers: clocksource-switch: Adapt progress to kselftest framework
Gautham R. Shenoy <gautham.shenoy(a)amd.com>
cpufreq: ACPI: Fix max-frequency computation
Uwe Kleine-König <u.kleine-koenig(a)baylibre.com>
i2c: designware: Actually make use of the I2C_DW_COMMON and I2C_DW symbol namespaces
Peter Chiu <chui-hao.chiu(a)mediatek.com>
wifi: mt76: mt7996: fix ldpc setting
Benjamin Lin <benjamin-jw.lin(a)mediatek.com>
wifi: mt76: mt7996: fix definition of tx descriptor
Benjamin Lin <benjamin-jw.lin(a)mediatek.com>
wifi: mt76: mt7996: fix incorrect indexing of MIB FW event
Howard Hsu <howard-yh.hsu(a)mediatek.com>
wifi: mt76: mt7996: fix HE Phy capability
Howard Hsu <howard-yh.hsu(a)mediatek.com>
wifi: mt76: mt7996: fix the capability of reception of EHT MU PPDU
Peter Chiu <chui-hao.chiu(a)mediatek.com>
wifi: mt76: mt7996: add max mpdu len capability
Peter Chiu <chui-hao.chiu(a)mediatek.com>
wifi: mt76: mt7996: fix register mapping
Peter Chiu <chui-hao.chiu(a)mediatek.com>
wifi: mt76: mt7915: fix register mapping
Felix Fietkau <nbd(a)nbd.name>
wifi: mt76: mt7915: fix omac index assignment after hardware reset
Felix Fietkau <nbd(a)nbd.name>
wifi: mt76: mt7915: firmware restart on devices with a second pcie link
Felix Fietkau <nbd(a)nbd.name>
wifi: mt76: only enable tx worker after setting the channel
Felix Fietkau <nbd(a)nbd.name>
wifi: mt76: mt7996: fix rx filter setting for bfee functionality
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: Properly handle responses for commands with events
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: Cleanup MLO settings post-disconnection
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: Update mt7925_mcu_uni_[tx,rx]_ba for MLO
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: Init secondary link PM state
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: Update secondary link PS flow
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: Update mt7925_unassign_vif_chanctx for per-link BSS
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: Update mt792x_rx_get_wcid for per-link STA
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: Update mt7925_mcu_sta_update for BC in ASSOC state
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: Enhance mt7925_mac_link_sta_add to support MLO
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: Enhance mt7925_mac_link_bss_add to support MLO
Leon Yen <leon.yen(a)mediatek.com>
wifi: mt76: mt7925: Fix CNM Timeout with Single Active Link in MLO
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: fix wrong parameter for related cmd of chan info
allan.wang <allan.wang(a)mediatek.com>
wifi: mt76: mt7925: Fix incorrect WCID phy_idx assignment
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: Fix incorrect WCID assignment for MLO
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: Fix incorrect MLD address in bss_mld_tlv for MLO support
Sean Wang <sean.wang(a)mediatek.com>
wifi: mt76: connac: Extend mt76_connac_mcu_uni_add_dev for MLO
xueqin Luo <luoxueqin(a)kylinos.cn>
wifi: mt76: mt7915: fix overflows seen when writing limit attributes
xueqin Luo <luoxueqin(a)kylinos.cn>
wifi: mt76: mt7996: fix overflows seen when writing limit attributes
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: fix the invalid ip address for arp offload
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: fix get wrong chip cap from incorrect pointer
Eric-SY Chang <eric-sy.chang(a)mediatek.com>
wifi: mt76: mt7925: fix wrong band_idx setting when enable sniffer mode
Charles Han <hanchunchao(a)inspur.com>
wifi: mt76: mt7925: fix NULL deref check in mt7925_change_vif_links
Christophe JAILLET <christophe.jaillet(a)wanadoo.fr>
wifi: mt76: mt7915: Fix an error handling path in mt7915_add_interface()
Michael Lo <michael.lo(a)mediatek.com>
wifi: mt76: mt7921: fix using incorrect group cipher after disconnection.
WangYuli <wangyuli(a)uniontech.com>
wifi: mt76: mt76u_vendor_request: Do not print error messages when -EPROTO
Mickaël Salaün <mic(a)digikod.net>
landlock: Handle weird files
Guangguan Wang <guangguan.wang(a)linux.alibaba.com>
net/smc: fix data error when recvmsg with MSG_PEEK flag
Drew Fustini <dfustini(a)tenstorrent.com>
clk: thead: Fix cpu2vp_clk for TH1520 AP_SUBSYS clocks
Drew Fustini <dfustini(a)tenstorrent.com>
clk: thead: Add CLK_IGNORE_UNUSED to fix TH1520 boot
Drew Fustini <dfustini(a)tenstorrent.com>
clk: thead: Fix clk gate registration to pass flags
Sergio Paracuellos <sergio.paracuellos(a)gmail.com>
clk: ralink: mtmips: remove duplicated 'xtal' clock for Ralink SoC RT3883
Johannes Berg <johannes.berg(a)intel.com>
wifi: mac80211: don't flush non-uploaded STAs
Ilan Peer <ilan.peer(a)intel.com>
wifi: mac80211: Fix common size calculation for ML element
Andy Strohman <andrew(a)andrewstrohman.com>
wifi: mac80211: fix tid removal during mesh forwarding
Kees Cook <kees(a)kernel.org>
wifi: cfg80211: Move cfg80211_scan_req_add_chan() n_channels increment earlier
Johannes Berg <johannes.berg(a)intel.com>
wifi: mac80211: prohibit deactivating all links
Daniel Gabay <daniel.gabay(a)intel.com>
wifi: iwlwifi: mvm: don't count mgmt frames as MPDU
Miri Korenblit <miriam.rachel.korenblit(a)intel.com>
wifi: iwlwifi: mvm: avoid NULL pointer dereference
Johannes Berg <johannes.berg(a)intel.com>
wifi: iwlwifi: fw: read STEP table from correct UEFI var
Nicolas Cavallari <nicolas.cavallari(a)green-communications.fr>
wifi: mt76: mt7915: Fix mesh scan on MT7916 DBDC
Dan Carpenter <dan.carpenter(a)linaro.org>
wifi: mt76: mt7925: fix off by one in mt7925_load_clc()
Joel Stanley <joel(a)jms.id.au>
hwmon: Fix help text for aspeed-g6-pwm-tach
Ping-Ke Shih <pkshih(a)realtek.com>
wifi: rtw89: fix race between cancel_hw_scan and hw_scan completion
Zong-Zhe Yang <kevin_yang(a)realtek.com>
wifi: rtw89: mcc: consider time limits not divisible by 1024
Chih-Kang Chang <gary.chang(a)realtek.com>
wifi: rtw89: avoid to init mgnt_entry list twice when WoWLAN failed
Zong-Zhe Yang <kevin_yang(a)realtek.com>
wifi: rtw89: chan: fix soft lockup in rtw89_entity_recalc_mgnt_roles()
Zong-Zhe Yang <kevin_yang(a)realtek.com>
wifi: rtw89: fix proceeding MCC with wrong scanning state after sequence changes
Zong-Zhe Yang <kevin_yang(a)realtek.com>
wifi: rtw89: tweak setting of channel and TX power for MLO
Zong-Zhe Yang <kevin_yang(a)realtek.com>
wifi: rtw89: chan: manage active interfaces
Zong-Zhe Yang <kevin_yang(a)realtek.com>
wifi: rtw89: handle entity active flag per PHY
Andreas Kemnade <andreas(a)kemnade.info>
wifi: wlcore: fix unbalanced pm_runtime calls
Shayne Chen <shayne.chen(a)mediatek.com>
wifi: mt76: mt7996: fix invalid interface combinations
Zichen Xie <zichenxie0106(a)gmail.com>
samples/landlock: Fix possible NULL dereference in parse_path()
Rob Herring (Arm) <robh(a)kernel.org>
mfd: syscon: Fix race in device_node_get_regmap()
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
leds: cht-wcove: Use devm_led_classdev_register() to avoid memory leak
Terry Tritton <terry.tritton(a)linaro.org>
HID: fix generic desktop D-Pad controls
Karol Przybylski <karprzy7(a)gmail.com>
HID: hid-thrustmaster: Fix warning in thrustmaster_probe by adding endpoint check
Amit Pundir <amit.pundir(a)linaro.org>
clk: qcom: gcc-sdm845: Do not use shared clk_ops for QUPs
Sathishkumar Muruganandam <quic_murugana(a)quicinc.com>
wifi: ath12k: fix tx power, max reg power update to firmware
Quan Nguyen <quan(a)os.amperecomputing.com>
ipmi: ssif_bmc: Fix new request loss when bmc ready for a response
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
OPP: OF: Fix an OF node leak in _opp_add_static_v2()
Yevgeny Kliteynik <kliteyn(a)nvidia.com>
net/mlx5: HWS, fix definer's HWS_SET32 macro for negative offset
Eric Dumazet <edumazet(a)google.com>
ax25: rcu protect dev->ax25_ptr
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
regulator: of: Implement the unwind path of of_regulator_match()
Vasily Khoruzhick <anarsoul(a)gmail.com>
clk: sunxi-ng: a64: stop force-selecting PLL-MIPI as TCON0 parent
Vasily Khoruzhick <anarsoul(a)gmail.com>
clk: sunxi-ng: a64: drop redundant CLK_PLL_VIDEO0_2X and CLK_PLL_MIPI
Vasily Khoruzhick <anarsoul(a)gmail.com>
dt-bindings: clock: sunxi: Export PLL_VIDEO_2X and PLL_MIPI
Octavian Purdila <tavip(a)google.com>
team: prevent adding a device which is already a team device lower
Bryan O'Donoghue <bryan.odonoghue(a)linaro.org>
clk: qcom: camcc-x1e80100: Set titan_top_gdsc as the parent GDSC of subordinate GDSCs
Peng Fan <peng.fan(a)nxp.com>
clk: imx: Apply some clks only for i.MX93
Shengjiu Wang <shengjiu.wang(a)nxp.com>
arm64: dts: imx93: Use IMX93_CLK_SPDIF_IPG as SPDIF IPG clock
Shengjiu Wang <shengjiu.wang(a)nxp.com>
clk: imx93: Add IMX93_CLK_SPDIF_IPG clock
Pengfei Li <pengfei.li_1(a)nxp.com>
clk: imx: add i.MX91 clk
Pengfei Li <pengfei.li_1(a)nxp.com>
clk: imx93: Move IMX93_CLK_END macro to clk driver
Shengjiu Wang <shengjiu.wang(a)nxp.com>
dt-bindings: clock: imx93: Add SPDIF IPG clk
Pengfei Li <pengfei.li_1(a)nxp.com>
dt-bindings: clock: Add i.MX91 clock support
Pengfei Li <pengfei.li_1(a)nxp.com>
dt-bindings: clock: imx93: Drop IMX93_CLK_END macro definition
Marek Vasut <marex(a)denx.de>
clk: imx8mp: Fix clkout1/2 support
Stefano Brivio <sbrivio(a)redhat.com>
udp: Deal with race between UDP socket address change and rehash
Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org>
cpufreq: qcom: Implement clk_ops::determine_rate() for qcom_cpufreq* clocks
Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org>
cpufreq: qcom: Fix qcom_cpufreq_hw_recalc_rate() to query LUT if LMh IRQ is not available
Luca Ceresoli <luca.ceresoli(a)bootlin.com>
gpio: pca953x: log an error when failing to get the reset GPIO
Lorenzo Bianconi <lorenzo(a)kernel.org>
net: airoha: Fix error path in airoha_probe()
Eric Dumazet <edumazet(a)google.com>
ptr_ring: do not block hard interrupts in ptr_ring_resize_multiple()
Mickaël Salaün <mic(a)digikod.net>
selftests: ktap_helpers: Fix uninitialized variable
Sultan Alsawaf (unemployed) <sultan(a)kerneltoast.com>
cpufreq: schedutil: Fix superfluous updates caused by need_freq_update
Mingwei Zheng <zmw12306(a)gmail.com>
pwm: stm32-lp: Add check for clk_enable()
Eric Dumazet <edumazet(a)google.com>
inetpeer: do not get a refcount in inet_getpeer()
Eric Dumazet <edumazet(a)google.com>
inetpeer: update inetpeer timestamp in inet_getpeer()
Eric Dumazet <edumazet(a)google.com>
inetpeer: remove create argument of inet_getpeer()
Eric Dumazet <edumazet(a)google.com>
inetpeer: remove create argument of inet_getpeer_v[46]()
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
leds: netxbig: Fix an OF node reference leak in netxbig_leds_get_of_pdata()
Matti Vaittinen <mazziesaccount(a)gmail.com>
dt-bindings: mfd: bd71815: Fix rsense and typos
He Rongguang <herongguang(a)linux.alibaba.com>
cpupower: fix TSC MHz calculation
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
ACPI: fan: cleanup resources in the error path of .probe()
Uwe Kleine-König <u.kleine-koenig(a)baylibre.com>
hwmon: (nct6775): Actually make use of the HWMON_NCT6775 symbol namespace
Masahiro Yamada <masahiroy(a)kernel.org>
module: Convert default symbol namespace to string literal
Marcel Hamer <marcel.hamer(a)windriver.com>
wifi: brcmfmac: add missing header include for brcmf_dbg
Chen-Yu Tsai <wenst(a)chromium.org>
regulator: dt-bindings: mt6315: Drop regulator-compatible property
Jiri Kosina <jikos(a)kernel.org>
HID: multitouch: fix support for Goodix PID 0x01e9
Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>
wifi: rtlwifi: pci: wait for firmware loading before releasing memory
Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>
wifi: rtlwifi: fix memory leaks and invalid access at probe error path
Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>
wifi: rtlwifi: destroy workqueue at rtl_deinit_core
Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>
wifi: rtlwifi: remove unused check_buddy_priv
Geert Uytterhoeven <geert+renesas(a)glider.be>
dt-bindings: leds: class-multicolor: Fix path to color definitions
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
clk: fix an OF node reference leak in of_clk_get_parent_name()
Neil Armstrong <neil.armstrong(a)linaro.org>
dt-bindings: mmc: controller: clarify the address-cells description
David Howells <dhowells(a)redhat.com>
rxrpc: Fix handling of received connection abort
Mingwei Zheng <zmw12306(a)gmail.com>
spi: zynq-qspi: Add check for clk_enable()
Octavian Purdila <tavip(a)google.com>
net_sched: sch_sfq: don't allow 1 packet limit
Eric Dumazet <edumazet(a)google.com>
net_sched: sch_sfq: handle bigger packets
Song Yoong Siang <yoong.siang.song(a)intel.com>
selftests/bpf: Actuate tx_metadata_len in xdp_hw_metadata
Zichen Xie <zichenxie0106(a)gmail.com>
wifi: cfg80211: tests: Fix potential NULL dereference in test_cfg80211_parse_colocated_ap()
Javier Carrasco <javier.carrasco.cruz(a)gmail.com>
clk: renesas: cpg-mssr: Fix 'soc' node handling in cpg_mssr_reserved_init()
Barnabás Czémán <barnabas.czeman(a)mainlining.org>
wifi: wcn36xx: fix channel survey memory allocation size
Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>
wifi: rtlwifi: usb: fix workqueue leak when probe fails
Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>
wifi: rtlwifi: fix init_sw_vars leak when probe fails
Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>
wifi: rtlwifi: wait for firmware loading before releasing memory
Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>
wifi: rtlwifi: rtl8192se: rise completion of firmware loading as last step
Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>
wifi: rtlwifi: do not complete firmware loading needlessly
Colin Ian King <colin.i.king(a)gmail.com>
wifi: rtlwifi: rtl8821ae: phy: restore removed code to fix infinite loop
Balaji Pothunoori <quic_bpothuno(a)quicinc.com>
wifi: ath11k: Fix unexpected return buffer manager error for WCN6750/WCN6855
Charles Han <hanchunchao(a)inspur.com>
ipmi: ipmb: Add check devm_kasprintf() returned value
Thomas Gleixner <tglx(a)linutronix.de>
genirq: Make handle_enforce_irqctx() unconditionally available
Jonathan Kim <jonathan.kim(a)amd.com>
drm/amdgpu: fix gpu recovery disable with per queue reset
Alex Deucher <alexander.deucher(a)amd.com>
Revert "drm/amdgpu/gfx9: put queue resets behind a debug option"
Jiang Liu <gerry(a)linux.alibaba.com>
drm/amdgpu: tear down ttm range manager for doorbell in amdgpu_ttm_fini()
Hermes Wu <hermes.wu(a)ite.com.tw>
drm/bridge: it6505: Change definition of AUX_FIFO_MAX_SIZE
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
drm/msm/mdp4: correct LCDC regulator name
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
drm/msm: don't clean up priv->kms prematurely
Sui Jingfeng <sui.jingfeng(a)linux.dev>
drm/msm: Check return value of of_dma_configure()
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
drm/msm/dpu: link DSPP_2/_3 blocks on X1E80100
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
drm/msm/dpu: link DSPP_2/_3 blocks on SM8650
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
drm/msm/dpu: link DSPP_2/_3 blocks on SM8550
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
drm/msm/dpu: link DSPP_2/_3 blocks on SM8350
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
drm/msm/dpu: link DSPP_2/_3 blocks on SM8250
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
drm/msm/dpu: link DSPP_2/_3 blocks on SC8180X
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
drm/msm/dpu: link DSPP_2/_3 blocks on SM8150
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
drm/msm/dpu: provide DSPP and correct LM config for SDM670
Neil Armstrong <neil.armstrong(a)linaro.org>
OPP: fix dev_pm_opp_find_bw_*() when bandwidth table not initialized
Neil Armstrong <neil.armstrong(a)linaro.org>
OPP: add index check to assert to avoid buffer overflow in _read_freq()
Bokun Zhang <bokun.zhang(a)amd.com>
drm/amdgpu/vcn: reset fw_shared under SRIOV
Min-Hua Chen <minhuadotchen(a)gmail.com>
drm/rockchip: vop2: include rockchip_drm_drv.h
Andy Yan <andy.yan(a)rock-chips.com>
drm/rockchip: vop2: Add check for 32 bpp format for rk3588
Andy Yan <andy.yan(a)rock-chips.com>
drm/rockchip: vop2: Check linear format for Cluster windows on rk3566/8
Andy Yan <andy.yan(a)rock-chips.com>
drm/rockchip: vop2: Setup delay cycle for Esmart2/3
Andy Yan <andy.yan(a)rock-chips.com>
drm/rockchip: vop2: Set AXI id for rk3588
Derek Foreman <derek.foreman(a)collabora.com>
drm/connector: Allow clearing HDMI infoframes
John Ogness <john.ogness(a)linutronix.de>
printk: Defer legacy printing when holding printk_cpu_sync
Andy Yan <andy.yan(a)rock-chips.com>
drm/rockchip: vop2: Fix the windows switch between different layers
Boris Brezillon <boris.brezillon(a)collabora.com>
drm/panthor: Preserve the result returned by panthor_fw_resume()
Andy Yan <andy.yan(a)rock-chips.com>
drm/rockchip: vop2: Fix the mixer alpha setup for layer 0
Andy Yan <andy.yan(a)rock-chips.com>
drm/rockchip: vop2: Fix cluster windows alpha ctrl regsiters offset
Ivan Stepchenko <sid(a)itb.spb.ru>
drm/amdgpu: Fix potential NULL pointer dereference in atomctrl_get_smc_sclk_range_table
Christophe JAILLET <christophe.jaillet(a)wanadoo.fr>
drm/amd/pm: Fix an error handling path in vega10_enable_se_edc_force_stall_config()
Alan Stern <stern(a)rowland.harvard.edu>
HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections
Sui Jingfeng <sui.jingfeng(a)linux.dev>
drm/etnaviv: Fix page property being used for non writecombine buffers
Rex Nie <rex.nie(a)jaguarmicro.com>
drm/msm/hdmi: simplify code in pll_get_integloop_gain
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
drm/msm/dp: set safe_to_exit_level before printing it
Heiko Stuebner <heiko.stuebner(a)cherry.de>
drm/rockchip: vop2: fix rk3588 dp+dsi maxclk verification
Maíra Canal <mcanal(a)igalia.com>
drm/v3d: Fix performance counter source settings on V3D 7.x
Chengming Zhou <chengming.zhou(a)linux.dev>
psi: Fix race when task wakes up before psi_sched_switch() adjusts flags
Johannes Weiner <hannes(a)cmpxchg.org>
sched: psi: pass enqueue/dequeue flags to psi callbacks directly
John Stultz <jstultz(a)google.com>
sched: Split out __schedule() deactivate task logic into a helper
K Prateek Nayak <kprateek.nayak(a)amd.com>
x86/topology: Use x86_sched_itmt_flags for PKG domain unconditionally
Perry Yuan <perry.yuan(a)amd.com>
x86/cpu: Enable SD_ASYM_PACKING for PKG domain on AMD
Tianchen Ding <dtcccc(a)linux.alibaba.com>
sched: Fix race between yield_to() and try_to_wake_up()
Peter Zijlstra <peterz(a)infradead.org>
sched/fair: Fix value reported by hot tasks pulled in /proc/schedstat
Peter Zijlstra <peterz(a)infradead.org>
sched/fair: Untangle NEXT_BUDDY and pick_next_task()
Yabin Cui <yabinc(a)google.com>
perf/core: Save raw sample data conditionally based on sample type
David Howells <dhowells(a)redhat.com>
afs: Fix the fallback handling for the YFS.RemoveFile2 RPC call
Jens Axboe <axboe(a)kernel.dk>
nvme: fix bogus kzalloc() return check in nvme_init_effects_log()
Christophe Leroy <christophe.leroy(a)csgroup.eu>
select: Fix unbalanced user_access_end()
Qu Wenruo <wqu(a)suse.com>
btrfs: subpage: fix the bitmap dump of the locked flags
Randy Dunlap <rdunlap(a)infradead.org>
partitions: ldm: remove the initial kernel-doc notation
Qu Wenruo <wqu(a)suse.com>
btrfs: improve the warning and error message for btrfs_remove_qgroup()
Keisuke Nishimura <keisuke.nishimura(a)inria.fr>
nvme: Add error path for xa_store in nvme_init_effects
Michael Ellerman <mpe(a)ellerman.id.au>
selftests/powerpc: Fix argument order to timer_sub()
Gaurav Batra <gbatra(a)linux.ibm.com>
powerpc/pseries/iommu: IOMMU incorrectly marks MMIO range in DDW
Keisuke Nishimura <keisuke.nishimura(a)inria.fr>
nvme: Add error check for xa_store in nvme_get_effects_log
Sagi Grimberg <sagi(a)grimberg.me>
nvme-tcp: Fix I/O queue cpu spreading for multiple controllers
Christoph Hellwig <hch(a)lst.de>
block: don't update BLK_FEAT_POLL in __blk_mq_update_nr_hw_queues
Christoph Hellwig <hch(a)lst.de>
block: check BLK_FEAT_POLL under q_usage_count
Eugen Hristev <eugen.hristev(a)linaro.org>
pstore/blk: trivial typo fixes
Yu Kuai <yukuai3(a)huawei.com>
nbd: don't allow reconnect after disconnect
Geert Uytterhoeven <geert+renesas(a)glider.be>
ps3disk: Do not use dev->bounce_size before it is set
Yang Erkun <yangerkun(a)huawei.com>
block: retry call probe after request_module in blk_request_module
Christoph Hellwig <hch(a)lst.de>
block: copy back bounce buffer to user-space correctly in case of split
Jinliang Zheng <alexjlzheng(a)gmail.com>
fs: fix proc_handler for sysctl_nr_open
David Howells <dhowells(a)redhat.com>
afs: Fix cleanup of immediately failed async calls
David Howells <dhowells(a)redhat.com>
afs: Fix directory format encoding struct
David Howells <dhowells(a)redhat.com>
afs: Fix EEXIST error returned from afs_rmdir() to be ENOTEMPTY
Alexander Aring <aahringo(a)redhat.com>
dlm: fix srcu_read_lock() return type to int
Alexander Aring <aahringo(a)redhat.com>
dlm: fix removal of rsb struct that is master and dir record
Sourabh Jain <sourabhjain(a)linux.ibm.com>
powerpc/book3s64/hugetlb: Fix disabling hugetlb when fadump is active
Kees Cook <kees(a)kernel.org>
coredump: Do not lock during 'comm' reporting
-------------
Diffstat:
Documentation/core-api/symbol-namespaces.rst | 4 +-
.../devicetree/bindings/clock/imx93-clock.yaml | 1 +
.../bindings/leds/leds-class-multicolor.yaml | 2 +-
.../devicetree/bindings/mfd/rohm,bd71815-pmic.yaml | 20 +-
.../devicetree/bindings/mmc/mmc-controller.yaml | 2 +-
.../bindings/regulator/mt6315-regulator.yaml | 6 -
Documentation/driver-api/crypto/iaa/iaa-crypto.rst | 9 +-
.../it_IT/core-api/symbol-namespaces.rst | 4 +-
.../zh_CN/core-api/symbol-namespaces.rst | 4 +-
Makefile | 6 +-
.../dts/aspeed/aspeed-bmc-facebook-yosemite4.dts | 24 +-
.../boot/dts/intel/socfpga/socfpga_arria10.dtsi | 6 +-
arch/arm/boot/dts/mediatek/mt7623.dtsi | 2 +-
.../boot/dts/microchip/at91-sama5d27_wlsom1_ek.dts | 1 +
.../boot/dts/microchip/at91-sama5d29_curiosity.dts | 1 +
arch/arm/boot/dts/nxp/imx/imx7-tqma7.dtsi | 1 +
arch/arm/boot/dts/st/stm32mp13xx-dhcor-som.dtsi | 4 +-
arch/arm/boot/dts/st/stm32mp151.dtsi | 2 +-
arch/arm/boot/dts/st/stm32mp15xx-dhcom-drc02.dtsi | 12 -
arch/arm/boot/dts/st/stm32mp15xx-dhcom-pdk2.dtsi | 10 -
.../arm/boot/dts/st/stm32mp15xx-dhcom-picoitx.dtsi | 10 -
arch/arm/boot/dts/st/stm32mp15xx-dhcom-som.dtsi | 7 +
arch/arm/mach-at91/pm.c | 31 +-
arch/arm/mach-omap1/board-nokia770.c | 2 +-
.../boot/dts/allwinner/sun50i-a64-pinebook.dts | 2 +
.../boot/dts/allwinner/sun50i-a64-teres-i.dts | 2 +
arch/arm64/boot/dts/allwinner/sun50i-a64.dtsi | 2 +
arch/arm64/boot/dts/freescale/imx93.dtsi | 2 +-
arch/arm64/boot/dts/marvell/cn9131-cf-solidwan.dts | 4 +-
arch/arm64/boot/dts/mediatek/mt7988a.dtsi | 3 +
arch/arm64/boot/dts/mediatek/mt8173-elm.dtsi | 29 +-
arch/arm64/boot/dts/mediatek/mt8173-evb.dts | 25 +-
.../dts/mediatek/mt8183-kukui-jacuzzi-damu.dts | 4 +
.../dts/mediatek/mt8183-kukui-jacuzzi-kenzo.dts | 15 +
.../dts/mediatek/mt8183-kukui-jacuzzi-willow.dtsi | 15 +
.../boot/dts/mediatek/mt8183-kukui-jacuzzi.dtsi | 2 -
arch/arm64/boot/dts/mediatek/mt8183.dtsi | 3 +-
arch/arm64/boot/dts/mediatek/mt8186.dtsi | 8 +-
arch/arm64/boot/dts/mediatek/mt8192-asurada.dtsi | 3 -
arch/arm64/boot/dts/mediatek/mt8195-cherry.dtsi | 2 -
arch/arm64/boot/dts/mediatek/mt8195-demo.dts | 9 -
arch/arm64/boot/dts/mediatek/mt8195.dtsi | 5 +-
arch/arm64/boot/dts/mediatek/mt8365.dtsi | 3 +-
.../boot/dts/mediatek/mt8395-genio-1200-evk.dts | 2 -
.../boot/dts/mediatek/mt8395-radxa-nio-12l.dts | 2 -
arch/arm64/boot/dts/mediatek/mt8516.dtsi | 11 +-
arch/arm64/boot/dts/mediatek/pumpkin-common.dtsi | 2 -
arch/arm64/boot/dts/nvidia/tegra234.dtsi | 2 +-
arch/arm64/boot/dts/qcom/Makefile | 3 +
arch/arm64/boot/dts/qcom/msm8916.dtsi | 2 +-
arch/arm64/boot/dts/qcom/msm8939.dtsi | 2 +-
arch/arm64/boot/dts/qcom/msm8994.dtsi | 11 +-
arch/arm64/boot/dts/qcom/msm8996-xiaomi-gemini.dts | 2 +-
arch/arm64/boot/dts/qcom/msm8996.dtsi | 9 +-
arch/arm64/boot/dts/qcom/qcm6490-shift-otter.dts | 2 -
arch/arm64/boot/dts/qcom/qcs404.dtsi | 2 +-
arch/arm64/boot/dts/qcom/qcs8550-aim300.dtsi | 2 +-
arch/arm64/boot/dts/qcom/qdu1000-idp.dts | 2 +-
arch/arm64/boot/dts/qcom/qrb4210-rb2.dts | 2 +-
arch/arm64/boot/dts/qcom/qru1000-idp.dts | 2 +-
arch/arm64/boot/dts/qcom/sa8775p-ride.dtsi | 2 +-
arch/arm64/boot/dts/qcom/sc7180-firmware-tfa.dtsi | 84 ++---
.../arm64/boot/dts/qcom/sc7180-trogdor-coachz.dtsi | 8 +-
.../boot/dts/qcom/sc7180-trogdor-homestar.dtsi | 8 +-
.../arm64/boot/dts/qcom/sc7180-trogdor-pompom.dtsi | 4 +-
.../dts/qcom/sc7180-trogdor-quackingstick.dtsi | 1 +
.../boot/dts/qcom/sc7180-trogdor-wormdingler.dtsi | 8 +-
arch/arm64/boot/dts/qcom/sc7180.dtsi | 362 ++++++++++-----------
arch/arm64/boot/dts/qcom/sc7280.dtsi | 2 +-
arch/arm64/boot/dts/qcom/sc8280xp.dtsi | 46 +--
...dts => sdm845-db845c-navigation-mezzanine.dtso} | 46 +--
arch/arm64/boot/dts/qcom/sdm845.dtsi | 20 +-
arch/arm64/boot/dts/qcom/sdx75.dtsi | 2 +-
arch/arm64/boot/dts/qcom/sm4450.dtsi | 2 +-
arch/arm64/boot/dts/qcom/sm6125.dtsi | 2 +-
arch/arm64/boot/dts/qcom/sm6375.dtsi | 2 +-
arch/arm64/boot/dts/qcom/sm7125.dtsi | 16 +-
arch/arm64/boot/dts/qcom/sm7225-fairphone-fp4.dts | 2 +-
.../boot/dts/qcom/sm8150-microsoft-surface-duo.dts | 4 +-
arch/arm64/boot/dts/qcom/sm8250.dtsi | 30 +-
arch/arm64/boot/dts/qcom/sm8350.dtsi | 2 +-
arch/arm64/boot/dts/qcom/sm8450.dtsi | 2 +-
arch/arm64/boot/dts/qcom/sm8550-hdk.dts | 2 +-
arch/arm64/boot/dts/qcom/sm8550-mtp.dts | 2 +-
arch/arm64/boot/dts/qcom/sm8550-qrd.dts | 2 +-
arch/arm64/boot/dts/qcom/sm8550-samsung-q5q.dts | 2 +-
.../dts/qcom/sm8550-sony-xperia-yodo-pdx234.dts | 2 +-
arch/arm64/boot/dts/qcom/sm8650-hdk.dts | 2 +-
arch/arm64/boot/dts/qcom/sm8650-mtp.dts | 2 +-
arch/arm64/boot/dts/qcom/sm8650-qrd.dts | 2 +-
arch/arm64/boot/dts/qcom/sm8650.dtsi | 6 +-
.../boot/dts/qcom/x1e80100-microsoft-romulus.dtsi | 4 +-
arch/arm64/boot/dts/qcom/x1e80100.dtsi | 2 +-
arch/arm64/boot/dts/renesas/rzg3s-smarc-som.dtsi | 5 -
arch/arm64/boot/dts/renesas/rzg3s-smarc.dtsi | 7 +-
arch/arm64/boot/dts/rockchip/rk3308-rock-s0.dts | 25 +-
.../boot/dts/rockchip/rk3568-wolfvision-pf5.dts | 2 +-
arch/arm64/boot/dts/ti/Makefile | 4 -
arch/arm64/boot/dts/ti/k3-am62-main.dtsi | 1 -
arch/arm64/boot/dts/ti/k3-am62a-main.dtsi | 1 -
...-pcie.dtso => k3-am642-hummingboard-t-pcie.dts} | 14 +-
...-usb3.dtso => k3-am642-hummingboard-t-usb3.dts} | 13 +-
arch/arm64/configs/defconfig | 1 -
arch/hexagon/include/asm/cmpxchg.h | 2 +-
arch/hexagon/kernel/traps.c | 4 +-
arch/loongarch/include/asm/hw_breakpoint.h | 4 +-
arch/loongarch/include/asm/loongarch.h | 60 ++++
arch/loongarch/kernel/hw_breakpoint.c | 16 +-
arch/loongarch/power/platform.c | 2 +-
arch/powerpc/include/asm/hugetlb.h | 9 +
arch/powerpc/kernel/iommu.c | 2 +-
arch/powerpc/platforms/pseries/iommu.c | 12 +-
arch/riscv/kernel/vector.c | 2 +-
arch/s390/Kconfig | 1 +
arch/s390/Makefile | 2 +-
arch/s390/include/asm/sclp.h | 1 +
arch/s390/kernel/perf_cpum_cf.c | 2 +-
arch/s390/kernel/perf_pai_crypto.c | 2 +-
arch/s390/kernel/perf_pai_ext.c | 2 +-
arch/s390/kernel/setup.c | 5 +
arch/s390/purgatory/Makefile | 2 +-
arch/x86/events/amd/ibs.c | 2 +-
arch/x86/include/asm/kvm_host.h | 2 +-
arch/x86/kernel/smpboot.c | 10 +-
arch/x86/kvm/lapic.c | 11 +-
arch/x86/kvm/vmx/vmx.c | 2 +-
arch/x86/kvm/vmx/x86_ops.h | 2 +-
block/bio-integrity.c | 15 +-
block/blk-core.c | 21 +-
block/blk-mq.c | 34 +-
block/blk-mq.h | 6 +
block/blk-sysfs.c | 9 +-
block/genhd.c | 22 +-
block/partitions/ldm.h | 2 +-
crypto/algapi.c | 4 +-
drivers/acpi/acpica/achware.h | 2 -
drivers/acpi/fan_core.c | 10 +-
drivers/base/class.c | 9 +-
drivers/block/nbd.c | 1 +
drivers/block/ps3disk.c | 4 +-
drivers/bluetooth/btbcm.c | 3 +
drivers/bluetooth/btnxpuart.c | 3 +-
drivers/bluetooth/btrtl.c | 4 +-
drivers/bluetooth/btusb.c | 7 +
drivers/cdx/Makefile | 2 +-
drivers/char/ipmi/ipmb_dev_int.c | 3 +
drivers/char/ipmi/ssif_bmc.c | 5 +-
drivers/clk/analogbits/wrpll-cln28hpc.c | 2 +-
drivers/clk/clk.c | 4 +-
drivers/clk/imx/clk-imx8mp.c | 5 +-
drivers/clk/imx/clk-imx93.c | 89 +++--
drivers/clk/qcom/camcc-x1e80100.c | 7 +
drivers/clk/qcom/gcc-sdm845.c | 32 +-
drivers/clk/qcom/gcc-x1e80100.c | 2 +-
drivers/clk/ralink/clk-mtmips.c | 1 -
drivers/clk/renesas/renesas-cpg-mssr.c | 2 +-
drivers/clk/sunxi-ng/ccu-sun50i-a64.c | 13 +-
drivers/clk/sunxi-ng/ccu-sun50i-a64.h | 2 -
drivers/clk/thead/clk-th1520-ap.c | 13 +-
drivers/cpufreq/acpi-cpufreq.c | 36 +-
drivers/cpufreq/qcom-cpufreq-hw.c | 34 +-
drivers/crypto/caam/blob_gen.c | 3 +-
drivers/crypto/hisilicon/sec2/sec.h | 3 +-
drivers/crypto/hisilicon/sec2/sec_crypto.c | 157 +++++----
drivers/crypto/hisilicon/sec2/sec_crypto.h | 11 -
drivers/crypto/intel/iaa/Makefile | 2 +-
drivers/crypto/intel/iaa/iaa_crypto_main.c | 2 +-
drivers/crypto/intel/ixp4xx/ixp4xx_crypto.c | 3 +
drivers/crypto/intel/qat/qat_common/Makefile | 2 +-
drivers/crypto/tegra/tegra-se-aes.c | 7 +-
drivers/crypto/tegra/tegra-se-hash.c | 7 +-
drivers/dma/idxd/Makefile | 2 +-
drivers/dma/ti/edma.c | 3 +-
drivers/firewire/device-attribute-test.c | 2 +
drivers/firmware/efi/sysfb_efi.c | 2 +-
drivers/firmware/qcom/qcom_scm.c | 42 ++-
drivers/gpio/gpio-idio-16.c | 2 +-
drivers/gpio/gpio-mxc.c | 3 +-
drivers/gpio/gpio-pca953x.c | 3 +-
drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gfx_v9.c | 6 +-
drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 1 +
drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c | 4 -
drivers/gpu/drm/amd/amdgpu/gfx_v9_4_3.c | 6 -
drivers/gpu/drm/amd/amdgpu/vcn_v4_0_3.c | 2 +
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.h | 2 +
.../amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 34 +-
.../gpu/drm/amd/display/dc/dpp/dcn10/dcn10_dpp.c | 3 +
.../gpu/drm/amd/display/dc/hubp/dcn10/dcn10_hubp.c | 10 +-
.../gpu/drm/amd/display/dc/hubp/dcn10/dcn10_hubp.h | 2 +
.../gpu/drm/amd/display/dc/hubp/dcn20/dcn20_hubp.c | 1 +
.../drm/amd/display/dc/hubp/dcn201/dcn201_hubp.c | 1 +
.../gpu/drm/amd/display/dc/hubp/dcn21/dcn21_hubp.c | 3 +
.../gpu/drm/amd/display/dc/hubp/dcn30/dcn30_hubp.c | 3 +
.../gpu/drm/amd/display/dc/hubp/dcn31/dcn31_hubp.c | 1 +
.../gpu/drm/amd/display/dc/hubp/dcn32/dcn32_hubp.c | 1 +
.../gpu/drm/amd/display/dc/hubp/dcn35/dcn35_hubp.c | 1 +
.../drm/amd/display/dc/hubp/dcn401/dcn401_hubp.c | 3 +-
.../drm/amd/display/dc/hwss/dcn10/dcn10_hwseq.c | 2 +
.../drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c | 2 +
drivers/gpu/drm/amd/display/dc/inc/hw/hubp.h | 2 +
.../gpu/drm/amd/pm/powerplay/hwmgr/ppatomctrl.c | 2 +
.../drm/amd/pm/powerplay/hwmgr/vega10_powertune.c | 5 +-
drivers/gpu/drm/bridge/ite-it6505.c | 2 +-
drivers/gpu/drm/display/drm_hdmi_state_helper.c | 8 +
drivers/gpu/drm/etnaviv/etnaviv_gem.c | 16 +-
drivers/gpu/drm/msm/adreno/a6xx_gmu.c | 8 +-
.../drm/msm/disp/dpu1/catalog/dpu_10_0_sm8650.h | 2 +
.../gpu/drm/msm/disp/dpu1/catalog/dpu_4_1_sdm670.h | 54 ++-
.../gpu/drm/msm/disp/dpu1/catalog/dpu_5_0_sm8150.h | 2 +
.../drm/msm/disp/dpu1/catalog/dpu_5_1_sc8180x.h | 2 +
.../gpu/drm/msm/disp/dpu1/catalog/dpu_6_0_sm8250.h | 2 +
.../gpu/drm/msm/disp/dpu1/catalog/dpu_7_0_sm8350.h | 2 +
.../gpu/drm/msm/disp/dpu1/catalog/dpu_9_0_sm8550.h | 2 +
.../drm/msm/disp/dpu1/catalog/dpu_9_2_x1e80100.h | 2 +
drivers/gpu/drm/msm/disp/mdp4/mdp4_lcdc_encoder.c | 2 +-
drivers/gpu/drm/msm/dp/dp_audio.c | 2 +-
drivers/gpu/drm/msm/hdmi/hdmi_phy_8998.c | 2 +-
drivers/gpu/drm/msm/msm_kms.c | 1 -
drivers/gpu/drm/panthor/panthor_device.c | 4 +-
drivers/gpu/drm/rockchip/rockchip_drm_vop2.c | 115 +++++--
drivers/gpu/drm/rockchip/rockchip_drm_vop2.h | 10 +
drivers/gpu/drm/rockchip/rockchip_vop2_reg.c | 26 +-
drivers/gpu/drm/v3d/v3d_debugfs.c | 4 +-
drivers/gpu/drm/v3d/v3d_perfmon.c | 15 +-
drivers/gpu/drm/v3d/v3d_regs.h | 29 +-
drivers/hid/hid-core.c | 2 +
drivers/hid/hid-input.c | 37 +--
drivers/hid/hid-multitouch.c | 2 +-
drivers/hid/hid-thrustmaster.c | 8 +
drivers/hwmon/Kconfig | 4 +-
drivers/hwmon/nct6775-core.c | 6 +-
drivers/i2c/busses/i2c-designware-common.c | 5 +-
drivers/i2c/busses/i2c-designware-master.c | 5 +-
drivers/i2c/busses/i2c-designware-slave.c | 5 +-
drivers/i3c/master/dw-i3c-master.c | 1 +
drivers/infiniband/hw/Makefile | 2 +-
drivers/infiniband/hw/bnxt_re/ib_verbs.c | 7 +-
drivers/infiniband/hw/cxgb4/device.c | 6 +-
drivers/infiniband/hw/cxgb4/qp.c | 8 +
drivers/infiniband/hw/hns/Kconfig | 20 +-
drivers/infiniband/hw/hns/Makefile | 9 +-
drivers/infiniband/hw/mlx4/main.c | 8 +-
drivers/infiniband/hw/mlx5/odp.c | 62 ++--
drivers/infiniband/sw/rxe/rxe_param.h | 2 +-
drivers/infiniband/sw/rxe/rxe_pool.c | 11 +-
drivers/infiniband/sw/rxe/rxe_verbs.c | 5 +-
drivers/infiniband/ulp/rtrs/rtrs.c | 3 +
drivers/infiniband/ulp/srp/ib_srp.c | 1 -
drivers/iommu/amd/amd_iommu.h | 1 -
drivers/iommu/amd/iommu.c | 9 -
drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 17 +-
drivers/iommu/iommufd/iova_bitmap.c | 2 +-
drivers/iommu/iommufd/main.c | 2 +-
drivers/leds/leds-cht-wcove.c | 6 +-
drivers/leds/leds-netxbig.c | 1 +
drivers/md/md-bitmap.c | 79 +++--
drivers/md/md-bitmap.h | 7 +-
drivers/md/md.c | 34 ++
drivers/md/md.h | 5 +
drivers/md/raid1.c | 34 +-
drivers/md/raid1.h | 1 -
drivers/md/raid10.c | 26 +-
drivers/md/raid10.h | 1 -
drivers/md/raid5-cache.c | 4 -
drivers/md/raid5.c | 111 ++++---
drivers/md/raid5.h | 4 -
drivers/media/i2c/imx290.c | 3 +-
drivers/media/i2c/imx412.c | 42 +--
drivers/media/i2c/ov9282.c | 2 +-
drivers/media/platform/marvell/mcam-core.c | 7 +-
drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c | 7 +-
.../media/platform/nxp/imx8-isi/imx8-isi-video.c | 3 +
.../media/platform/samsung/exynos4-is/mipi-csis.c | 10 +-
.../media/platform/samsung/s3c-camif/camif-core.c | 13 +-
drivers/media/rc/iguanair.c | 4 +-
drivers/media/usb/dvb-usb-v2/af9035.c | 18 +-
drivers/media/usb/dvb-usb-v2/lmedm04.c | 12 +-
drivers/media/usb/uvc/uvc_queue.c | 3 +-
drivers/media/usb/uvc/uvc_status.c | 1 +
drivers/memory/tegra/tegra20-emc.c | 8 +-
drivers/mfd/syscon.c | 19 +-
drivers/misc/cardreader/rtsx_usb.c | 15 +
drivers/mtd/hyperbus/hbmc-am654.c | 19 +-
drivers/mtd/nand/raw/brcmnand/brcmnand.c | 5 +
drivers/net/ethernet/broadcom/bgmac.h | 3 +-
drivers/net/ethernet/davicom/dm9000.c | 3 +-
drivers/net/ethernet/freescale/fec_main.c | 31 +-
drivers/net/ethernet/hisilicon/hns3/hnae3.c | 15 +
drivers/net/ethernet/hisilicon/hns3/hnae3.h | 2 +
drivers/net/ethernet/hisilicon/hns3/hns3_enet.c | 2 +
.../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 2 +
.../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 2 +
drivers/net/ethernet/intel/iavf/iavf_main.c | 19 +-
drivers/net/ethernet/intel/ice/ice_adminq_cmd.h | 18 +-
drivers/net/ethernet/intel/ice/ice_ethtool.c | 109 +++----
drivers/net/ethernet/intel/ice/ice_ethtool.h | 38 ++-
drivers/net/ethernet/intel/ice/ice_parser.h | 6 +-
drivers/net/ethernet/intel/ice/ice_parser_rt.c | 12 +-
drivers/net/ethernet/intel/idpf/idpf_controlq.c | 6 +
drivers/net/ethernet/intel/idpf/idpf_main.c | 15 +-
drivers/net/ethernet/intel/idpf/idpf_virtchnl.c | 14 +-
.../net/ethernet/marvell/octeon_ep/octep_main.c | 10 -
.../ethernet/marvell/octeon_ep_vf/octep_vf_main.c | 8 -
drivers/net/ethernet/mediatek/airoha_eth.c | 37 ++-
.../mlx5/core/steering/hws/mlx5hws_definer.c | 2 +-
drivers/net/ethernet/mellanox/mlxfw/mlxfw_fsm.c | 2 -
drivers/net/ethernet/mellanox/mlxsw/spectrum_mr.c | 8 +-
drivers/net/ethernet/renesas/ravb_main.c | 22 +-
drivers/net/ethernet/renesas/sh_eth.c | 4 +
drivers/net/ethernet/sfc/ef100_ethtool.c | 1 +
drivers/net/ethernet/sfc/ethtool.c | 1 +
drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 30 ++
drivers/net/ethernet/ti/am65-cpsw-nuss.c | 2 +-
drivers/net/netdevsim/netdevsim.h | 1 +
drivers/net/netdevsim/udp_tunnels.c | 23 +-
drivers/net/phy/marvell-88q2xxx.c | 33 +-
drivers/net/tap.c | 6 +-
drivers/net/team/team_core.c | 7 +
drivers/net/tun.c | 6 +-
drivers/net/usb/rtl8150.c | 22 ++
drivers/net/vxlan/vxlan_vnifilter.c | 5 +
drivers/net/wireless/ath/ath11k/dp_rx.c | 1 +
drivers/net/wireless/ath/ath11k/hal_rx.c | 3 +-
drivers/net/wireless/ath/ath12k/mac.c | 6 +-
drivers/net/wireless/ath/wcn36xx/main.c | 5 +-
.../wireless/broadcom/brcm80211/brcmfmac/fwil.h | 2 +
drivers/net/wireless/intel/iwlwifi/fw/uefi.c | 44 ++-
drivers/net/wireless/intel/iwlwifi/mvm/coex.c | 9 +-
drivers/net/wireless/intel/iwlwifi/mvm/tx.c | 4 +-
drivers/net/wireless/mediatek/mt76/mac80211.c | 2 +-
drivers/net/wireless/mediatek/mt76/mt7615/mcu.c | 2 +-
.../net/wireless/mediatek/mt76/mt76_connac_mcu.c | 2 +-
.../net/wireless/mediatek/mt76/mt76_connac_mcu.h | 1 +
drivers/net/wireless/mediatek/mt76/mt7915/init.c | 2 +-
drivers/net/wireless/mediatek/mt76/mt7915/mac.c | 7 +
drivers/net/wireless/mediatek/mt76/mt7915/main.c | 9 +-
drivers/net/wireless/mediatek/mt76/mt7915/mmio.c | 2 +-
drivers/net/wireless/mediatek/mt76/mt7915/mt7915.h | 1 +
drivers/net/wireless/mediatek/mt76/mt7915/pci.c | 1 +
drivers/net/wireless/mediatek/mt76/mt7921/mac.c | 1 +
drivers/net/wireless/mediatek/mt76/mt7921/main.c | 9 +-
drivers/net/wireless/mediatek/mt76/mt7925/mac.c | 6 +-
drivers/net/wireless/mediatek/mt76/mt7925/main.c | 109 +++++--
drivers/net/wireless/mediatek/mt76/mt7925/mcu.c | 142 +++++---
drivers/net/wireless/mediatek/mt76/mt7925/mcu.h | 5 +-
drivers/net/wireless/mediatek/mt76/mt7925/mt7925.h | 2 +
drivers/net/wireless/mediatek/mt76/mt792x.h | 7 +-
drivers/net/wireless/mediatek/mt76/mt792x_core.c | 3 +-
drivers/net/wireless/mediatek/mt76/mt792x_mac.c | 2 +-
drivers/net/wireless/mediatek/mt76/mt7996/init.c | 20 +-
drivers/net/wireless/mediatek/mt76/mt7996/mac.c | 5 +-
drivers/net/wireless/mediatek/mt76/mt7996/main.c | 3 +-
drivers/net/wireless/mediatek/mt76/mt7996/mcu.c | 47 ++-
drivers/net/wireless/mediatek/mt76/mt7996/mmio.c | 2 +-
drivers/net/wireless/mediatek/mt76/usb.c | 4 +-
drivers/net/wireless/realtek/rtlwifi/base.c | 13 +-
drivers/net/wireless/realtek/rtlwifi/base.h | 1 -
drivers/net/wireless/realtek/rtlwifi/pci.c | 61 +---
.../net/wireless/realtek/rtlwifi/rtl8192se/sw.c | 7 +-
.../net/wireless/realtek/rtlwifi/rtl8821ae/phy.c | 4 +-
drivers/net/wireless/realtek/rtlwifi/usb.c | 12 +-
drivers/net/wireless/realtek/rtlwifi/wifi.h | 12 -
drivers/net/wireless/realtek/rtw89/chan.c | 212 +++++++++++-
drivers/net/wireless/realtek/rtw89/chan.h | 28 +-
drivers/net/wireless/realtek/rtw89/core.c | 124 ++++---
drivers/net/wireless/realtek/rtw89/core.h | 27 +-
drivers/net/wireless/realtek/rtw89/fw.c | 40 ++-
drivers/net/wireless/realtek/rtw89/mac.c | 3 +-
drivers/net/wireless/realtek/rtw89/mac80211.c | 10 +-
drivers/net/wireless/ti/wlcore/main.c | 10 +-
drivers/nvme/host/core.c | 34 +-
drivers/nvme/host/tcp.c | 70 +++-
drivers/of/fdt.c | 13 +-
drivers/of/of_private.h | 3 +-
drivers/of/of_reserved_mem.c | 174 +++++++---
drivers/of/property.c | 2 +-
drivers/opp/core.c | 57 +++-
drivers/opp/of.c | 4 +-
drivers/pci/controller/dwc/pci-imx6.c | 30 +-
drivers/pci/controller/dwc/pcie-designware-host.c | 1 +
drivers/pci/controller/dwc/pcie-qcom.c | 2 +
drivers/pci/controller/pcie-rcar-ep.c | 2 +-
drivers/pci/controller/plda/pcie-microchip-host.c | 222 +++++++++----
drivers/pci/controller/plda/pcie-plda-host.c | 17 +-
drivers/pci/controller/plda/pcie-plda.h | 6 +-
drivers/pci/endpoint/functions/pci-epf-test.c | 6 +-
drivers/pci/endpoint/pci-epc-core.c | 2 +-
drivers/pinctrl/nomadik/pinctrl-nomadik.c | 35 +-
drivers/pinctrl/pinctrl-amd.c | 27 +-
drivers/pinctrl/pinctrl-amd.h | 7 +-
drivers/pinctrl/samsung/pinctrl-exynos.c | 3 +-
drivers/pinctrl/stm32/pinctrl-stm32.c | 76 ++---
drivers/platform/mellanox/mlxbf-pmc.c | 6 +-
drivers/platform/x86/x86-android-tablets/lenovo.c | 4 +-
drivers/pps/clients/pps-gpio.c | 4 +-
drivers/pps/clients/pps-ktimer.c | 4 +-
drivers/pps/clients/pps-ldisc.c | 6 +-
drivers/pps/clients/pps_parport.c | 4 +-
drivers/pps/kapi.c | 10 +-
drivers/pps/kc.c | 10 +-
drivers/pps/pps.c | 127 ++++----
drivers/ptp/ptp_chardev.c | 4 +
drivers/ptp/ptp_ocp.c | 2 +-
drivers/pwm/core.c | 2 +-
drivers/pwm/pwm-dwc-core.c | 2 +-
drivers/pwm/pwm-lpss.c | 2 +-
drivers/pwm/pwm-stm32-lp.c | 8 +-
drivers/pwm/pwm-stm32.c | 7 +-
drivers/regulator/core.c | 2 +-
drivers/regulator/of_regulator.c | 14 +-
drivers/remoteproc/mtk_scp.c | 12 +-
drivers/remoteproc/remoteproc_core.c | 14 +-
drivers/rtc/rtc-loongson.c | 13 +-
drivers/rtc/rtc-pcf85063.c | 11 +-
drivers/rtc/rtc-tps6594.c | 2 +-
drivers/s390/char/sclp.c | 12 +-
drivers/scsi/mpi3mr/mpi3mr_app.c | 8 +-
drivers/scsi/mpt3sas/mpt3sas_base.c | 3 +-
drivers/soc/atmel/soc.c | 2 +-
drivers/spi/spi-omap2-mcspi.c | 11 +-
drivers/spi/spi-zynq-qspi.c | 13 +-
drivers/staging/media/imx/imx-media-of.c | 8 +-
drivers/staging/media/max96712/max96712.c | 4 +-
drivers/tty/mips_ejtag_fdc.c | 4 +-
drivers/tty/serial/8250/8250_port.c | 32 +-
drivers/tty/serial/sc16is7xx.c | 2 +-
drivers/ufs/core/ufs_bsg.c | 1 +
drivers/usb/dwc3/core.c | 35 +-
drivers/usb/dwc3/dwc3-am62.c | 1 +
drivers/usb/gadget/function/f_tcm.c | 14 +-
drivers/usb/host/xhci-ring.c | 3 +-
drivers/usb/storage/Makefile | 2 +-
drivers/usb/typec/tcpm/tcpci.c | 13 +-
drivers/usb/typec/tcpm/tcpm.c | 10 +-
drivers/video/fbdev/omap2/omapfb/dss/dss-of.c | 1 +
drivers/watchdog/rti_wdt.c | 1 +
fs/afs/dir.c | 7 +-
fs/afs/internal.h | 9 +
fs/afs/rxrpc.c | 12 +-
fs/afs/xdr_fs.h | 2 +-
fs/afs/yfsclient.c | 5 +-
fs/btrfs/inode.c | 97 +++++-
fs/btrfs/qgroup.c | 21 +-
fs/btrfs/subpage.c | 6 +-
fs/btrfs/subpage.h | 13 +
fs/btrfs/super.c | 2 +-
fs/dlm/lock.c | 46 ++-
fs/dlm/lowcomms.c | 3 +-
fs/erofs/internal.h | 17 +-
fs/erofs/zdata.c | 190 ++++++++---
fs/erofs/zutil.c | 155 +--------
fs/f2fs/dir.c | 53 ++-
fs/f2fs/f2fs.h | 6 +-
fs/f2fs/inline.c | 5 +-
fs/file_table.c | 2 +-
fs/hostfs/hostfs_kern.c | 27 +-
fs/nfs/localio.c | 4 +-
fs/nfs/nfs42proc.c | 2 +-
fs/nfs/nfs42xdr.c | 2 +
fs/nfs_common/common.c | 89 ++++-
fs/nilfs2/dir.c | 13 +-
fs/nilfs2/namei.c | 29 +-
fs/nilfs2/nilfs.h | 4 +-
fs/nilfs2/page.c | 31 +-
fs/nilfs2/segment.c | 4 +-
fs/ocfs2/quota_global.c | 5 +
fs/pstore/blk.c | 4 +-
fs/select.c | 4 +-
fs/smb/client/cifsacl.c | 25 +-
fs/smb/client/cifsproto.h | 2 +-
fs/smb/client/cifssmb.c | 4 +-
fs/smb/client/readdir.c | 2 +-
fs/smb/client/reparse.c | 22 +-
fs/smb/client/smb2ops.c | 3 +-
fs/ubifs/debug.c | 22 +-
fs/xfs/xfs_buf.c | 3 +-
fs/xfs/xfs_notify_failure.c | 121 ++++---
include/acpi/acpixf.h | 1 +
include/dt-bindings/clock/imx93-clock.h | 7 +-
include/dt-bindings/clock/sun50i-a64-ccu.h | 2 +
include/linux/btf.h | 5 +
include/linux/coredump.h | 4 +-
include/linux/ethtool.h | 4 +
include/linux/export.h | 2 +-
include/linux/hid.h | 1 +
include/linux/ieee80211.h | 11 +-
include/linux/kallsyms.h | 2 +-
include/linux/mroute_base.h | 6 +-
include/linux/netdevice.h | 2 +-
include/linux/nfs_common.h | 3 +-
include/linux/perf_event.h | 6 +
include/linux/pps_kernel.h | 3 +-
include/linux/ptr_ring.h | 21 +-
include/linux/sched.h | 1 +
include/linux/skb_array.h | 17 +-
include/linux/usb/tcpm.h | 3 +-
include/net/ax25.h | 10 +-
include/net/inetpeer.h | 12 +-
include/net/netfilter/nf_tables.h | 6 +
include/net/netns/xfrm.h | 1 +
include/net/pkt_cls.h | 13 +-
include/net/sch_generic.h | 5 +-
include/net/xfrm.h | 30 +-
include/sound/hdaudio_ext.h | 45 ---
include/trace/events/afs.h | 2 +
include/trace/events/rxrpc.h | 25 ++
include/uapi/linux/xfrm.h | 2 +
io_uring/uring_cmd.c | 2 +-
kernel/bpf/arena.c | 8 +-
kernel/bpf/bpf_local_storage.c | 8 +-
kernel/bpf/bpf_struct_ops.c | 21 ++
kernel/bpf/btf.c | 5 -
kernel/bpf/helpers.c | 18 +-
kernel/dma/coherent.c | 14 +-
kernel/events/core.c | 35 +-
kernel/irq/internals.h | 9 +-
kernel/module/main.c | 7 +-
kernel/padata.c | 45 ++-
kernel/power/hibernate.c | 7 +-
kernel/printk/internal.h | 6 +
kernel/printk/printk.c | 5 +
kernel/printk/printk_safe.c | 7 +-
kernel/sched/core.c | 83 +++--
kernel/sched/cpufreq_schedutil.c | 4 +-
kernel/sched/fair.c | 21 +-
kernel/sched/features.h | 9 +
kernel/sched/sched.h | 56 ++--
kernel/sched/stats.h | 33 +-
kernel/sched/syscalls.c | 2 +-
kernel/trace/bpf_trace.c | 13 +-
lib/rhashtable.c | 12 +-
mm/memcontrol.c | 7 +-
mm/oom_kill.c | 8 +-
net/ax25/af_ax25.c | 12 +-
net/ax25/ax25_dev.c | 4 +-
net/ax25/ax25_ip.c | 3 +-
net/ax25/ax25_out.c | 22 +-
net/ax25/ax25_route.c | 2 +
net/core/dev.c | 21 +-
net/core/filter.c | 2 +-
net/core/sysctl_net_core.c | 5 +-
net/ethtool/ioctl.c | 8 +-
net/ethtool/netlink.c | 2 +-
net/hsr/hsr_forward.c | 7 +-
net/ipv4/esp4_offload.c | 6 +-
net/ipv4/icmp.c | 9 +-
net/ipv4/inetpeer.c | 31 +-
net/ipv4/ip_fragment.c | 15 +-
net/ipv4/ipmr.c | 28 +-
net/ipv4/ipmr_base.c | 9 +-
net/ipv4/route.c | 17 +-
net/ipv4/tcp_cubic.c | 8 +-
net/ipv4/tcp_output.c | 9 +-
net/ipv4/udp.c | 56 ++++
net/ipv6/esp6_offload.c | 6 +-
net/ipv6/icmp.c | 6 +-
net/ipv6/ip6_output.c | 6 +-
net/ipv6/ip6mr.c | 28 +-
net/ipv6/ndisc.c | 8 +-
net/ipv6/udp.c | 50 +++
net/key/af_key.c | 7 +-
net/mac80211/debugfs_netdev.c | 2 +-
net/mac80211/driver-ops.h | 3 +
net/mac80211/rx.c | 1 +
net/mptcp/ctrl.c | 4 +-
net/mptcp/options.c | 13 +-
net/mptcp/pm_netlink.c | 3 +-
net/mptcp/protocol.c | 4 +-
net/mptcp/protocol.h | 30 +-
net/ncsi/ncsi-rsp.c | 18 +-
net/netfilter/nf_tables_api.c | 57 +++-
net/netfilter/nft_flow_offload.c | 16 +-
net/netfilter/nft_set_rbtree.c | 43 +++
net/rose/af_rose.c | 16 +-
net/rose/rose_timer.c | 15 +
net/rxrpc/conn_event.c | 12 +-
net/rxrpc/peer_event.c | 16 +-
net/rxrpc/peer_object.c | 12 +-
net/sched/cls_api.c | 57 ++--
net/sched/cls_bpf.c | 2 +
net/sched/cls_flower.c | 2 +
net/sched/cls_matchall.c | 2 +
net/sched/cls_u32.c | 4 +
net/sched/sch_api.c | 4 +
net/sched/sch_generic.c | 4 +-
net/sched/sch_sfq.c | 45 +--
net/smc/af_smc.c | 2 +-
net/smc/smc_rx.c | 37 ++-
net/smc/smc_rx.h | 8 +-
net/sunrpc/svcsock.c | 12 +-
net/vmw_vsock/af_vsock.c | 5 +
net/wireless/scan.c | 7 +-
net/wireless/tests/scan.c | 2 +
net/xfrm/xfrm_compat.c | 6 +-
net/xfrm/xfrm_input.c | 2 +-
net/xfrm/xfrm_policy.c | 12 +
net/xfrm/xfrm_replay.c | 10 +-
net/xfrm/xfrm_state.c | 256 +++++++++++++--
net/xfrm/xfrm_user.c | 59 +++-
samples/landlock/sandboxer.c | 7 +
scripts/Makefile.lib | 4 +-
scripts/genksyms/genksyms.c | 11 +-
scripts/genksyms/genksyms.h | 2 +-
scripts/genksyms/parse.y | 18 +-
scripts/kconfig/confdata.c | 6 +-
scripts/kconfig/symbol.c | 1 +
security/landlock/fs.c | 11 +-
sound/core/seq/Kconfig | 4 +-
sound/pci/hda/patch_realtek.c | 1 +
sound/soc/amd/acp/acp-i2s.c | 1 +
sound/soc/codecs/Makefile | 6 +-
sound/soc/codecs/da7213.c | 2 +
sound/soc/intel/avs/apl.c | 3 +-
sound/soc/intel/avs/cnl.c | 1 +
sound/soc/intel/avs/core.c | 14 +-
sound/soc/intel/avs/loader.c | 2 +-
sound/soc/intel/avs/registers.h | 45 +++
sound/soc/intel/avs/skl.c | 1 +
sound/soc/intel/avs/topology.c | 4 +-
sound/soc/intel/boards/sof_sdw.c | 47 ++-
sound/soc/mediatek/mt8365/Makefile | 2 +-
sound/soc/rockchip/rockchip_i2s_tdm.c | 31 +-
sound/soc/sh/rz-ssi.c | 3 +-
sound/soc/sunxi/sun4i-spdif.c | 7 +
sound/usb/quirks.c | 2 +
tools/bootconfig/main.c | 4 +-
tools/include/uapi/linux/if_xdp.h | 4 +-
tools/lib/bpf/btf.c | 1 +
tools/lib/bpf/btf_relocate.c | 2 +-
tools/lib/bpf/linker.c | 22 +-
tools/lib/bpf/usdt.c | 2 +-
tools/net/ynl/lib/ynl.c | 2 +-
tools/perf/MANIFEST | 1 +
tools/perf/builtin-inject.c | 8 +-
tools/perf/builtin-lock.c | 66 ++--
tools/perf/builtin-report.c | 2 +-
tools/perf/builtin-top.c | 2 +-
tools/perf/builtin-trace.c | 6 +-
tools/perf/tests/shell/trace_btf_enum.sh | 8 +-
tools/perf/util/bpf-event.c | 10 +-
.../util/bpf_skel/augmented_raw_syscalls.bpf.c | 11 +-
tools/perf/util/env.c | 13 +-
tools/perf/util/env.h | 4 +-
tools/perf/util/expr.c | 5 +-
tools/perf/util/header.c | 8 +-
tools/perf/util/machine.c | 2 +-
tools/perf/util/maps.c | 7 +-
tools/perf/util/namespaces.c | 7 +-
tools/perf/util/namespaces.h | 3 +-
.../cpupower/utils/idle_monitor/mperf_monitor.c | 15 +-
tools/power/x86/turbostat/turbostat.8 | 25 ++
tools/power/x86/turbostat/turbostat.c | 163 +++++++++-
tools/testing/ktest/ktest.pl | 7 +-
tools/testing/selftests/bpf/Makefile | 4 +-
.../testing/selftests/bpf/prog_tests/btf_distill.c | 4 +-
.../selftests/bpf/prog_tests/fill_link_info.c | 4 +
tools/testing/selftests/bpf/prog_tests/tailcalls.c | 124 ++++++-
tools/testing/selftests/bpf/progs/tc_bpf2bpf.c | 5 +-
.../selftests/bpf/progs/test_fill_link_info.c | 13 +-
tools/testing/selftests/bpf/test_tc_tunnel.sh | 1 +
tools/testing/selftests/bpf/xdp_hw_metadata.c | 2 +-
.../drivers/net/netdevsim/udp_tunnel_nic.sh | 16 +-
.../ftrace/test.d/00basic/mount_options.tc | 8 +-
tools/testing/selftests/kselftest/ktap_helpers.sh | 2 +-
tools/testing/selftests/kselftest_harness.h | 24 +-
tools/testing/selftests/landlock/Makefile | 4 +-
tools/testing/selftests/landlock/fs_test.c | 3 +-
tools/testing/selftests/net/lib/Makefile | 2 +-
tools/testing/selftests/net/mptcp/Makefile | 2 +-
tools/testing/selftests/net/openvswitch/Makefile | 2 +-
.../selftests/powerpc/benchmarks/gettimeofday.c | 2 +-
tools/testing/selftests/rseq/rseq.c | 32 +-
tools/testing/selftests/rseq/rseq.h | 9 +-
.../testing/selftests/timers/clocksource-switch.c | 6 +-
674 files changed, 6346 insertions(+), 3444 deletions(-)
2 months, 3 weeks
- 8
- 7
[PATCH 6.1.y] net: dsa: fix netdev_priv() dereference before check on non-DSA netdevice events
by jetlan9@163.com
From: Vladimir Oltean <vladimir.oltean(a)nxp.com>
After the blamed commit, we started doing this dereference for every
NETDEV_CHANGEUPPER and NETDEV_PRECHANGEUPPER event in the system.
static inline struct dsa_port *dsa_user_to_port(const struct net_device *dev)
{
struct dsa_user_priv *p = netdev_priv(dev);
return p->dp;
}
Which is obviously bogus, because not all net_devices have a netdev_priv()
of type struct dsa_user_priv. But struct dsa_user_priv is fairly small,
and p->dp means dereferencing 8 bytes starting with offset 16. Most
drivers allocate that much private memory anyway, making our access not
fault, and we discard the bogus data quickly afterwards, so this wasn't
caught.
But the dummy interface is somewhat special in that it calls
alloc_netdev() with a priv size of 0. So every netdev_priv() dereference
is invalid, and we get this when we emit a NETDEV_PRECHANGEUPPER event
with a VLAN as its new upper:
$ ip link add dummy1 type dummy
$ ip link add link dummy1 name dummy1.100 type vlan id 100
[ 43.309174] ==================================================================
[ 43.316456] BUG: KASAN: slab-out-of-bounds in dsa_user_prechangeupper+0x30/0xe8
[ 43.323835] Read of size 8 at addr ffff3f86481d2990 by task ip/374
[ 43.330058]
[ 43.342436] Call trace:
[ 43.366542] dsa_user_prechangeupper+0x30/0xe8
[ 43.371024] dsa_user_netdevice_event+0xb38/0xee8
[ 43.375768] notifier_call_chain+0xa4/0x210
[ 43.379985] raw_notifier_call_chain+0x24/0x38
[ 43.384464] __netdev_upper_dev_link+0x3ec/0x5d8
[ 43.389120] netdev_upper_dev_link+0x70/0xa8
[ 43.393424] register_vlan_dev+0x1bc/0x310
[ 43.397554] vlan_newlink+0x210/0x248
[ 43.401247] rtnl_newlink+0x9fc/0xe30
[ 43.404942] rtnetlink_rcv_msg+0x378/0x580
Avoid the kernel oops by dereferencing after the type check, as customary.
Fixes: 4c3f80d22b2e ("net: dsa: walk through all changeupper notifier functions")
Reported-and-tested-by: syzbot+d81bcd883824180500c8(a)syzkaller.appspotmail.com
Closes: https://lore.kernel.org/netdev/0000000000001d4255060e87545c@google.com/
Signed-off-by: Vladimir Oltean <vladimir.oltean(a)nxp.com>
Reviewed-by: Florian Fainelli <florian.fainelli(a)broadcom.com>
Reviewed-by: Eric Dumazet <edumazet(a)google.com>
Link: https://lore.kernel.org/r/20240110003354.2796778-1-vladimir.oltean@nxp.com
Signed-off-by: Jakub Kicinski <kuba(a)kernel.org>
Signed-off-by: Wenshan Lan <jetlan9(a)163.com>
---
net/dsa/slave.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/net/dsa/slave.c b/net/dsa/slave.c
index 5fe075bf479e..caeb7e75b287 100644
--- a/net/dsa/slave.c
+++ b/net/dsa/slave.c
@@ -2592,13 +2592,14 @@ EXPORT_SYMBOL_GPL(dsa_slave_dev_check);
static int dsa_slave_changeupper(struct net_device *dev,
struct netdev_notifier_changeupper_info *info)
{
- struct dsa_port *dp = dsa_slave_to_port(dev);
struct netlink_ext_ack *extack;
int err = NOTIFY_DONE;
+ struct dsa_port *dp;
if (!dsa_slave_dev_check(dev))
return err;
+ dp = dsa_slave_to_port(dev);
extack = netdev_notifier_info_to_extack(&info->info);
if (netif_is_bridge_master(info->upper_dev)) {
@@ -2652,11 +2653,13 @@ static int dsa_slave_changeupper(struct net_device *dev,
static int dsa_slave_prechangeupper(struct net_device *dev,
struct netdev_notifier_changeupper_info *info)
{
- struct dsa_port *dp = dsa_slave_to_port(dev);
+ struct dsa_port *dp;
if (!dsa_slave_dev_check(dev))
return NOTIFY_DONE;
+ dp = dsa_slave_to_port(dev);
+
if (netif_is_bridge_master(info->upper_dev) && !info->linking)
dsa_port_pre_bridge_leave(dp, info->upper_dev);
else if (netif_is_lag_master(info->upper_dev) && !info->linking)
--
2.43.0
2 months, 3 weeks
- 3
- 2
+ mm-damon-avoid-applying-damos-action-to-same-entity-multiple-times.patch added to mm-unstable branch
by Andrew Morton
The patch titled
Subject: mm/damon: avoid applying DAMOS action to same entity multiple times
has been added to the -mm mm-unstable branch. Its filename is
mm-damon-avoid-applying-damos-action-to-same-entity-multiple-times.patch
This patch will shortly appear at
https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche…
This patch will later appear in the mm-unstable branch at
git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
Before you just go and hit "reply", please:
a) Consider who else should be cc'ed
b) Prefer to cc a suitable mailing list as well
c) Ideally: find the original patch on the mailing list and do a
reply-to-all to that, adding suitable additional cc's
*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***
The -mm tree is included into linux-next via the mm-everything
branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
and is updated there every 2-3 working days
------------------------------------------------------
From: SeongJae Park <sj(a)kernel.org>
Subject: mm/damon: avoid applying DAMOS action to same entity multiple times
Date: Fri, 7 Feb 2025 13:20:33 -0800
'paddr' DAMON operations set can apply a DAMOS scheme's action to a large
folio multiple times in single DAMOS-regions-walk if the folio is laid on
multiple DAMON regions. Add a field for DAMOS scheme object that can be
used by the underlying ops to know what was the last entity that the
scheme's action has applied. The core layer unsets the field when each
DAMOS-regions-walk is done for the given scheme. And update 'paddr' ops
to use the infrastructure to avoid the problem.
Link: https://lkml.kernel.org/r/20250207212033.45269-3-sj@kernel.org
Fixes: 57223ac29584 ("mm/damon/paddr: support the pageout scheme")
Signed-off-by: SeongJae Park <sj(a)kernel.org>
Reported-by: Usama Arif <usamaarif642(a)gmail.com>
Closes: https://lore.kernel.org/20250203225604.44742-3-usamaarif642@gmail.com
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org>
---
include/linux/damon.h | 11 +++++++++++
mm/damon/core.c | 1 +
mm/damon/paddr.c | 39 +++++++++++++++++++++++++++------------
3 files changed, 39 insertions(+), 12 deletions(-)
--- a/include/linux/damon.h~mm-damon-avoid-applying-damos-action-to-same-entity-multiple-times
+++ a/include/linux/damon.h
@@ -432,6 +432,7 @@ struct damos_access_pattern {
* @wmarks: Watermarks for automated (in)activation of this scheme.
* @target_nid: Destination node if @action is "migrate_{hot,cold}".
* @filters: Additional set of &struct damos_filter for &action.
+ * @last_applied: Last @action applied ops-managing entity.
* @stat: Statistics of this scheme.
* @list: List head for siblings.
*
@@ -454,6 +455,15 @@ struct damos_access_pattern {
* implementation could check pages of the region and skip &action to respect
* &filters
*
+ * The minimum entity that @action can be applied depends on the underlying
+ * &struct damon_operations. Since it may not be aligned with the core layer
+ * abstract, namely &struct damon_region, &struct damon_operations could apply
+ * @action to same entity multiple times. Large folios that underlying on
+ * multiple &struct damon region objects could be such examples. The &struct
+ * damon_operations can use @last_applied to avoid that. DAMOS core logic
+ * unsets @last_applied when each regions walking for applying the scheme is
+ * finished.
+ *
* After applying the &action to each region, &stat_count and &stat_sz is
* updated to reflect the number of regions and total size of regions that the
* &action is applied.
@@ -477,6 +487,7 @@ struct damos {
int target_nid;
};
struct list_head filters;
+ void *last_applied;
struct damos_stat stat;
struct list_head list;
};
--- a/mm/damon/core.c~mm-damon-avoid-applying-damos-action-to-same-entity-multiple-times
+++ a/mm/damon/core.c
@@ -1851,6 +1851,7 @@ static void kdamond_apply_schemes(struct
s->next_apply_sis = c->passed_sample_intervals +
(s->apply_interval_us ? s->apply_interval_us :
c->attrs.aggr_interval) / sample_interval;
+ s->last_applied = NULL;
}
}
--- a/mm/damon/paddr.c~mm-damon-avoid-applying-damos-action-to-same-entity-multiple-times
+++ a/mm/damon/paddr.c
@@ -243,6 +243,17 @@ static bool damos_pa_filter_out(struct d
return false;
}
+static bool damon_pa_invalid_damos_folio(struct folio *folio, struct damos *s)
+{
+ if (!folio)
+ return true;
+ if (folio == s->last_applied) {
+ folio_put(folio);
+ return true;
+ }
+ return false;
+}
+
static unsigned long damon_pa_pageout(struct damon_region *r, struct damos *s,
unsigned long *sz_filter_passed)
{
@@ -250,6 +261,7 @@ static unsigned long damon_pa_pageout(st
LIST_HEAD(folio_list);
bool install_young_filter = true;
struct damos_filter *filter;
+ struct folio *folio;
/* check access in page level again by default */
damos_for_each_filter(filter, s) {
@@ -268,9 +280,8 @@ static unsigned long damon_pa_pageout(st
addr = r->ar.start;
while (addr < r->ar.end) {
- struct folio *folio = damon_get_folio(PHYS_PFN(addr));
-
- if (!folio) {
+ folio = damon_get_folio(PHYS_PFN(addr));
+ if (damon_pa_invalid_damos_folio(folio, s)) {
addr += PAGE_SIZE;
continue;
}
@@ -296,6 +307,7 @@ put_folio:
damos_destroy_filter(filter);
applied = reclaim_pages(&folio_list);
cond_resched();
+ s->last_applied = folio;
return applied * PAGE_SIZE;
}
@@ -304,12 +316,12 @@ static inline unsigned long damon_pa_mar
unsigned long *sz_filter_passed)
{
unsigned long addr, applied = 0;
+ struct folio *folio;
addr = r->ar.start;
while (addr < r->ar.end) {
- struct folio *folio = damon_get_folio(PHYS_PFN(addr));
-
- if (!folio) {
+ folio = damon_get_folio(PHYS_PFN(addr));
+ if (damon_pa_invalid_damos_folio(folio, s)) {
addr += PAGE_SIZE;
continue;
}
@@ -328,6 +340,7 @@ put_folio:
addr += folio_size(folio);
folio_put(folio);
}
+ s->last_applied = folio;
return applied * PAGE_SIZE;
}
@@ -471,12 +484,12 @@ static unsigned long damon_pa_migrate(st
{
unsigned long addr, applied;
LIST_HEAD(folio_list);
+ struct folio *folio;
addr = r->ar.start;
while (addr < r->ar.end) {
- struct folio *folio = damon_get_folio(PHYS_PFN(addr));
-
- if (!folio) {
+ folio = damon_get_folio(PHYS_PFN(addr));
+ if (damon_pa_invalid_damos_folio(folio, s)) {
addr += PAGE_SIZE;
continue;
}
@@ -495,6 +508,7 @@ put_folio:
}
applied = damon_pa_migrate_pages(&folio_list, s->target_nid);
cond_resched();
+ s->last_applied = folio;
return applied * PAGE_SIZE;
}
@@ -512,15 +526,15 @@ static unsigned long damon_pa_stat(struc
{
unsigned long addr;
LIST_HEAD(folio_list);
+ struct folio *folio;
if (!damon_pa_scheme_has_filter(s))
return 0;
addr = r->ar.start;
while (addr < r->ar.end) {
- struct folio *folio = damon_get_folio(PHYS_PFN(addr));
-
- if (!folio) {
+ folio = damon_get_folio(PHYS_PFN(addr));
+ if (damon_pa_invalid_damos_folio(folio, s)) {
addr += PAGE_SIZE;
continue;
}
@@ -530,6 +544,7 @@ static unsigned long damon_pa_stat(struc
addr += folio_size(folio);
folio_put(folio);
}
+ s->last_applied = folio;
return 0;
}
_
Patches currently in -mm which might be from sj(a)kernel.org are
mm-madvise-split-out-mmap-locking-operations-for-madvise.patch
mm-madvise-split-out-madvise-input-validity-check.patch
mm-madvise-split-out-madvise-behavior-execution.patch
mm-madvise-remove-redundant-mmap_lock-operations-from-process_madvise.patch
mm-damon-avoid-applying-damos-action-to-same-entity-multiple-times.patch
2 months, 3 weeks
- 1
- 0
+ mm-damon-ops-have-damon_get_folio-return-folio-even-for-tail-pages.patch added to mm-unstable branch
by Andrew Morton
The patch titled
Subject: mm/damon/ops: have damon_get_folio return folio even for tail pages
has been added to the -mm mm-unstable branch. Its filename is
mm-damon-ops-have-damon_get_folio-return-folio-even-for-tail-pages.patch
This patch will shortly appear at
https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche…
This patch will later appear in the mm-unstable branch at
git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
Before you just go and hit "reply", please:
a) Consider who else should be cc'ed
b) Prefer to cc a suitable mailing list as well
c) Ideally: find the original patch on the mailing list and do a
reply-to-all to that, adding suitable additional cc's
*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***
The -mm tree is included into linux-next via the mm-everything
branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
and is updated there every 2-3 working days
------------------------------------------------------
From: Usama Arif <usamaarif642(a)gmail.com>
Subject: mm/damon/ops: have damon_get_folio return folio even for tail pages
Date: Fri, 7 Feb 2025 13:20:32 -0800
Patch series "mm/damon/paddr: fix large folios access and schemes handling".
DAMON operations set for physical address space, namely 'paddr', treats
tail pages as unaccessed always. It can also apply DAMOS action to a
large folio multiple times within single DAMOS' regions walking. As a
result, the monitoring output has poor quality and DAMOS works in
unexpected ways when large folios are being used. Fix those.
The patches were parts of Usama's hugepage_size DAMOS filter patch
series[1]. The first fix has collected from there with a slight commit
message change for the subject prefix. The second fix is re-written by SJ
and posted as an RFC before this series. The second one also got a slight
commit message change for the subject prefix.
[1] https://lore.kernel.org/20250203225604.44742-1-usamaarif642@gmail.com
[2] https://lore.kernel.org/20250206231103.38298-1-sj@kernel.org
This patch (of 2):
This effectively adds support for large folios in damon for paddr, as
damon_pa_mkold/young won't get a null folio from this function and won't
ignore it, hence access will be checked and reported. This also means
that larger folios will be considered for different DAMOS actions like
pageout, prioritization and migration. As these DAMOS actions will
consider larger folios, iterate through the region at folio_size and not
PAGE_SIZE intervals. This should not have an affect on vaddr, as
damon_young_pmd_entry considers pmd entries.
Link: https://lkml.kernel.org/r/20250207212033.45269-1-sj@kernel.org
Link: https://lkml.kernel.org/r/20250207212033.45269-2-sj@kernel.org
Fixes: a28397beb55b ("mm/damon: implement primitives for physical address space monitoring")
Signed-off-by: Usama Arif <usamaarif642(a)gmail.com>
Signed-off-by: SeongJae Park <sj(a)kernel.org>
Reviewed-by: SeongJae Park <sj(a)kernel.org>
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org>
---
mm/damon/ops-common.c | 2 +-
mm/damon/paddr.c | 24 ++++++++++++++++++------
2 files changed, 19 insertions(+), 7 deletions(-)
--- a/mm/damon/ops-common.c~mm-damon-ops-have-damon_get_folio-return-folio-even-for-tail-pages
+++ a/mm/damon/ops-common.c
@@ -24,7 +24,7 @@ struct folio *damon_get_folio(unsigned l
struct page *page = pfn_to_online_page(pfn);
struct folio *folio;
- if (!page || PageTail(page))
+ if (!page)
return NULL;
folio = page_folio(page);
--- a/mm/damon/paddr.c~mm-damon-ops-have-damon_get_folio-return-folio-even-for-tail-pages
+++ a/mm/damon/paddr.c
@@ -266,11 +266,14 @@ static unsigned long damon_pa_pageout(st
damos_add_filter(s, filter);
}
- for (addr = r->ar.start; addr < r->ar.end; addr += PAGE_SIZE) {
+ addr = r->ar.start;
+ while (addr < r->ar.end) {
struct folio *folio = damon_get_folio(PHYS_PFN(addr));
- if (!folio)
+ if (!folio) {
+ addr += PAGE_SIZE;
continue;
+ }
if (damos_pa_filter_out(s, folio))
goto put_folio;
@@ -286,6 +289,7 @@ static unsigned long damon_pa_pageout(st
else
list_add(&folio->lru, &folio_list);
put_folio:
+ addr += folio_size(folio);
folio_put(folio);
}
if (install_young_filter)
@@ -301,11 +305,14 @@ static inline unsigned long damon_pa_mar
{
unsigned long addr, applied = 0;
- for (addr = r->ar.start; addr < r->ar.end; addr += PAGE_SIZE) {
+ addr = r->ar.start;
+ while (addr < r->ar.end) {
struct folio *folio = damon_get_folio(PHYS_PFN(addr));
- if (!folio)
+ if (!folio) {
+ addr += PAGE_SIZE;
continue;
+ }
if (damos_pa_filter_out(s, folio))
goto put_folio;
@@ -318,6 +325,7 @@ static inline unsigned long damon_pa_mar
folio_deactivate(folio);
applied += folio_nr_pages(folio);
put_folio:
+ addr += folio_size(folio);
folio_put(folio);
}
return applied * PAGE_SIZE;
@@ -464,11 +472,14 @@ static unsigned long damon_pa_migrate(st
unsigned long addr, applied;
LIST_HEAD(folio_list);
- for (addr = r->ar.start; addr < r->ar.end; addr += PAGE_SIZE) {
+ addr = r->ar.start;
+ while (addr < r->ar.end) {
struct folio *folio = damon_get_folio(PHYS_PFN(addr));
- if (!folio)
+ if (!folio) {
+ addr += PAGE_SIZE;
continue;
+ }
if (damos_pa_filter_out(s, folio))
goto put_folio;
@@ -479,6 +490,7 @@ static unsigned long damon_pa_migrate(st
goto put_folio;
list_add(&folio->lru, &folio_list);
put_folio:
+ addr += folio_size(folio);
folio_put(folio);
}
applied = damon_pa_migrate_pages(&folio_list, s->target_nid);
_
Patches currently in -mm which might be from usamaarif642(a)gmail.com are
mm-damon-ops-have-damon_get_folio-return-folio-even-for-tail-pages.patch
2 months, 3 weeks
- 1
- 0
[PATCH v3 0/2] rust: lockdep: Fix soundness issue affecting LockClassKeys
by Mitchell Levy
This series is aimed at fixing a soundness issue with how dynamically
allocated LockClassKeys are handled. Currently, LockClassKeys can be
used without being Pin'd, which can break lockdep since it relies on
address stability. Similarly, these keys are not automatically
(de)registered with lockdep.
At the suggestion of Alice Ryhl, this series includes a patch for
-stable kernels that disables dynamically allocated keys. This prevents
backported patches from using the unsound implementation.
Currently, this series requires that all dynamically allocated
LockClassKeys have a lifetime of 'static (i.e., they must be leaked
after allocation). This is because Lock does not currently keep a
reference to the LockClassKey, instead passing it to C via FFI. This
causes a problem because the rust compiler would allow creating a
'static Lock with a 'a LockClassKey (with 'a < 'static) while C would
expect the LockClassKey to live as long as the lock. This problem
represents an avenue for future work.
---
Changes in v3:
- Rebased on rust-next
- Fixed clippy/compiler warninings (Thanks Boqun Feng)
- Link to v2: https://lore.kernel.org/r/20241219-rust-lockdep-v2-0-f65308fbc5ca@gmail.com
Changes in v2:
- Dropped formatting change that's already fixed upstream (Thanks Dirk
Behme).
- Moved safety comment to the right point in the patch series (Thanks
Dirk Behme and Boqun Feng).
- Added an example of dynamic LockClassKey usage (Thanks Boqun Feng).
- Link to v1: https://lore.kernel.org/r/20241004-rust-lockdep-v1-0-e9a5c45721fc@gmail.com
Changes from RFC:
- Split into two commits so that dynamically allocated LockClassKeys are
removed from stable kernels. (Thanks Alice Ryhl)
- Extract calls to C lockdep functions into helpers so things build
properly when LOCKDEP=n. (Thanks Benno Lossin)
- Remove extraneous `get_ref()` calls. (Thanks Benno Lossin)
- Provide better documentation for `new_dynamic()`. (Thanks Benno
Lossin)
- Ran rustfmt to fix formatting and some extraneous changes. (Thanks
Alice Ryhl and Benno Lossin)
- Link to RFC: https://lore.kernel.org/r/20240905-rust-lockdep-v1-1-d2c9c21aa8b2@gmail.com
---
Mitchell Levy (2):
rust: lockdep: Remove support for dynamically allocated LockClassKeys
rust: lockdep: Use Pin for all LockClassKey usages
rust/helpers/helpers.c | 1 +
rust/helpers/sync.c | 13 +++++++++
rust/kernel/sync.rs | 63 ++++++++++++++++++++++++++++++++++-------
rust/kernel/sync/condvar.rs | 5 ++--
rust/kernel/sync/lock.rs | 9 ++----
rust/kernel/sync/lock/global.rs | 5 ++--
rust/kernel/sync/poll.rs | 2 +-
rust/kernel/workqueue.rs | 2 +-
8 files changed, 77 insertions(+), 23 deletions(-)
---
base-commit: ceff0757f5dafb5be5205988171809c877b1d3e3
change-id: 20240905-rust-lockdep-d3e30521c8ba
Best regards,
--
Mitchell Levy <levymitchell0(a)gmail.com>
2 months, 3 weeks
- 3
- 4
[PATCH v4 3/5] arm64: errata: Add KRYO 2XX/3XX/4XX silver cores to Spectre BHB safe list
by Douglas Anderson
Qualcomm has confirmed that, much like Cortex A53 and A55, KRYO
2XX/3XX/4XX silver cores are unaffected by Spectre BHB. Add them to
the safe list.
Fixes: 558c303c9734 ("arm64: Mitigate spectre style branch history side channels")
Cc: stable(a)vger.kernel.org
Cc: Scott Bauer <sbauer(a)quicinc.com>
Signed-off-by: Douglas Anderson <dianders(a)chromium.org>
---
Changes in v4:
- Re-added KRYO 2XX/3XX/4XX silver patch after Qualcomm confirmed.
Changes in v3:
- Removed KRYO 2XX/3XX/4XX silver patch.
Changes in v2:
- New
arch/arm64/kernel/proton-pack.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/arch/arm64/kernel/proton-pack.c b/arch/arm64/kernel/proton-pack.c
index 17aa836fe46d..89405be53d8f 100644
--- a/arch/arm64/kernel/proton-pack.c
+++ b/arch/arm64/kernel/proton-pack.c
@@ -854,6 +854,9 @@ static bool is_spectre_bhb_safe(int scope)
MIDR_ALL_VERSIONS(MIDR_CORTEX_A510),
MIDR_ALL_VERSIONS(MIDR_CORTEX_A520),
MIDR_ALL_VERSIONS(MIDR_BRAHMA_B53),
+ MIDR_ALL_VERSIONS(MIDR_QCOM_KRYO_2XX_SILVER),
+ MIDR_ALL_VERSIONS(MIDR_QCOM_KRYO_3XX_SILVER),
+ MIDR_ALL_VERSIONS(MIDR_QCOM_KRYO_4XX_SILVER),
{},
};
static bool all_safe = true;
--
2.47.1.613.gc27f4b7a9f-goog
2 months, 3 weeks
- 2
- 1
[PATCH v4 1/5] arm64: errata: Add QCOM_KRYO_4XX_GOLD to the spectre_bhb_k24_list
by Douglas Anderson
Qualcomm Kryo 400-series Gold cores have a derivative of an ARM Cortex
A76 in them. Since A76 needs Spectre mitigation via looping then the
Kyro 400-series Gold cores also need Spectre mitigation via looping.
Qualcomm has confirmed that the proper "k" value for Kryo 400-series
Gold cores is 24.
Fixes: 558c303c9734 ("arm64: Mitigate spectre style branch history side channels")
Cc: stable(a)vger.kernel.org
Cc: Scott Bauer <sbauer(a)quicinc.com>
Signed-off-by: Douglas Anderson <dianders(a)chromium.org>
---
Changes in v4:
- Re-added QCOM_KRYO_4XX_GOLD k24 patch after Qualcomm confirmed.
Changes in v3:
- Removed QCOM_KRYO_4XX_GOLD k24 patch.
Changes in v2:
- Slight change to wording and notes of KRYO_4XX_GOLD patch
arch/arm64/kernel/proton-pack.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/arm64/kernel/proton-pack.c b/arch/arm64/kernel/proton-pack.c
index da53722f95d4..e149efadff20 100644
--- a/arch/arm64/kernel/proton-pack.c
+++ b/arch/arm64/kernel/proton-pack.c
@@ -866,6 +866,7 @@ u8 spectre_bhb_loop_affected(int scope)
MIDR_ALL_VERSIONS(MIDR_CORTEX_A76),
MIDR_ALL_VERSIONS(MIDR_CORTEX_A77),
MIDR_ALL_VERSIONS(MIDR_NEOVERSE_N1),
+ MIDR_ALL_VERSIONS(MIDR_QCOM_KRYO_4XX_GOLD),
{},
};
static const struct midr_range spectre_bhb_k11_list[] = {
--
2.47.1.613.gc27f4b7a9f-goog
2 months, 3 weeks
- 2
- 1
[PATCH 6.6 00/24] xfs backports for 6.6.y (from 6.12)
by Catherine Hoang
Hello,
This series contains backports for 6.6 from the 6.12 release. This patchset
has gone through xfs testing and review.
Andrew Kreimer (1):
xfs: fix a typo
Brian Foster (2):
xfs: skip background cowblock trims on inodes open for write
xfs: don't free cowblocks from under dirty pagecache on unshare
Chi Zhiling (1):
xfs: Reduce unnecessary searches when searching for the best extents
Christoph Hellwig (15):
xfs: assert a valid limit in xfs_rtfind_forw
xfs: merge xfs_attr_leaf_try_add into xfs_attr_leaf_addname
xfs: return bool from xfs_attr3_leaf_add
xfs: distinguish extra split from real ENOSPC from
xfs_attr3_leaf_split
xfs: distinguish extra split from real ENOSPC from
xfs_attr_node_try_addname
xfs: fold xfs_bmap_alloc_userdata into xfs_bmapi_allocate
xfs: don't ifdef around the exact minlen allocations
xfs: call xfs_bmap_exact_minlen_extent_alloc from xfs_bmap_btalloc
xfs: support lowmode allocations in xfs_bmap_exact_minlen_extent_alloc
xfs: pass the exact range to initialize to xfs_initialize_perag
xfs: update the file system geometry after recoverying superblock
buffers
xfs: error out when a superblock buffer update reduces the agcount
xfs: don't use __GFP_RETRY_MAYFAIL in xfs_initialize_perag
xfs: update the pag for the last AG at recovery time
xfs: streamline xfs_filestream_pick_ag
Darrick J. Wong (2):
xfs: validate inumber in xfs_iget
xfs: fix a sloppy memory handling bug in xfs_iroot_realloc
Ojaswin Mujoo (1):
xfs: Check for delayed allocations before setting extsize
Uros Bizjak (1):
xfs: Use try_cmpxchg() in xlog_cil_insert_pcp_aggregate()
Zhang Zekun (1):
xfs: Remove empty declartion in header file
fs/xfs/libxfs/xfs_ag.c | 47 ++++----
fs/xfs/libxfs/xfs_ag.h | 6 +-
fs/xfs/libxfs/xfs_alloc.c | 9 +-
fs/xfs/libxfs/xfs_alloc.h | 4 +-
fs/xfs/libxfs/xfs_attr.c | 190 ++++++++++++++-------------------
fs/xfs/libxfs/xfs_attr_leaf.c | 40 +++----
fs/xfs/libxfs/xfs_attr_leaf.h | 2 +-
fs/xfs/libxfs/xfs_bmap.c | 140 ++++++++----------------
fs/xfs/libxfs/xfs_da_btree.c | 5 +-
fs/xfs/libxfs/xfs_inode_fork.c | 10 +-
fs/xfs/libxfs/xfs_rtbitmap.c | 2 +
fs/xfs/xfs_buf_item_recover.c | 70 ++++++++++++
fs/xfs/xfs_filestream.c | 96 ++++++++---------
fs/xfs/xfs_fsops.c | 18 ++--
fs/xfs/xfs_icache.c | 39 ++++---
fs/xfs/xfs_inode.c | 2 +-
fs/xfs/xfs_inode.h | 5 +
fs/xfs/xfs_ioctl.c | 4 +-
fs/xfs/xfs_log.h | 1 -
fs/xfs/xfs_log_cil.c | 11 +-
fs/xfs/xfs_log_recover.c | 9 +-
fs/xfs/xfs_mount.c | 4 +-
fs/xfs/xfs_reflink.c | 3 +
fs/xfs/xfs_reflink.h | 19 ++++
24 files changed, 375 insertions(+), 361 deletions(-)
--
2.39.3
2 months, 3 weeks
- 2
- 25
[PATCH 5.4 5.10 5.15 0/3] nilfs2: protect busy buffer heads from being force-cleared
by Ryusuke Konishi
Please apply this series to the stable trees indicated by the subject
prefix.
This series makes it possible to backport the latter two patches
(fixing some syzbot issues and a use-after-free issue) that could not
be backported as-is.
To achieve this, one dependent patch (patch 1/3) is included, and each
patch is tailored to avoid extensive page/folio conversion. Both
adjustments are specific to nilfs2 and do not include tree-wide
changes.
It has also been tested against the latest versions of each tree.
Thanks,
Ryusuke Konishi
Ryusuke Konishi (3):
nilfs2: do not output warnings when clearing dirty buffers
nilfs2: do not force clear folio if buffer is referenced
nilfs2: protect access to buffers with no active references
fs/nilfs2/inode.c | 4 ++--
fs/nilfs2/mdt.c | 6 ++---
fs/nilfs2/page.c | 55 ++++++++++++++++++++++++++-------------------
fs/nilfs2/page.h | 4 ++--
fs/nilfs2/segment.c | 4 +++-
5 files changed, 42 insertions(+), 31 deletions(-)
--
2.43.5
2 months, 3 weeks
- 2
- 4
[PATCH 5.10 1/2] Revert "btrfs: avoid monopolizing a core when activating a swap file"
by Koichiro Den
This reverts commit a1c3a19446a440c68e80e9c34c5f308ff58aac88.
The backport for linux-5.10.y, commit a1c3a19446a4 ("btrfs: avoid
monopolizing a core when activating a swap file"), inserted
cond_resched() in the wrong location.
Revert it now; a subsequent commit will re-backport the original patch.
Fixes: a1c3a19446a4 ("btrfs: avoid monopolizing a core when activating a swap file") # linux-5.10.y
Signed-off-by: Koichiro Den <koichiro.den(a)canonical.com>
---
fs/btrfs/inode.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c
index 560c4f2a1833..45c1732a9677 100644
--- a/fs/btrfs/inode.c
+++ b/fs/btrfs/inode.c
@@ -7127,8 +7127,6 @@ noinline int can_nocow_extent(struct inode *inode, u64 offset, u64 *len,
ret = -EAGAIN;
goto out;
}
-
- cond_resched();
}
btrfs_release_path(path);
--
2.45.2
2 months, 3 weeks
- 2
- 2
[PATCH 5.4 1/2] Revert "btrfs: avoid monopolizing a core when activating a swap file"
by Koichiro Den
This reverts commit 3d770d44dd5c6316913b003790998404636ec2a8.
The backport for linux-5.4.y, commit 3d770d44dd5c ("btrfs: avoid
monopolizing a core when activating a swap file"), inserted
cond_resched() in the wrong location.
Revert it now; a subsequent commit will re-backport the original patch.
Fixes: 3d770d44dd5c ("btrfs: avoid monopolizing a core when activating a swap file") # linux-5.4.y
Signed-off-by: Koichiro Den <koichiro.den(a)canonical.com>
---
fs/btrfs/inode.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c
index d9a581f46f13..cd72409ccc94 100644
--- a/fs/btrfs/inode.c
+++ b/fs/btrfs/inode.c
@@ -7679,8 +7679,6 @@ noinline int can_nocow_extent(struct inode *inode, u64 offset, u64 *len,
ret = -EAGAIN;
goto out;
}
-
- cond_resched();
}
btrfs_release_path(path);
--
2.45.2
2 months, 3 weeks
- 2
- 2
FAILED: patch "[PATCH] pps: Fix a use-after-free" failed to apply to 6.1-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.1-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y
git checkout FETCH_HEAD
git cherry-pick -x c79a39dc8d060b9e64e8b0fa9d245d44befeefbe
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025020420-subtly-blaming-0ded@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From c79a39dc8d060b9e64e8b0fa9d245d44befeefbe Mon Sep 17 00:00:00 2001
From: Calvin Owens <calvin(a)wbinvd.org>
Date: Mon, 11 Nov 2024 20:13:29 -0800
Subject: [PATCH] pps: Fix a use-after-free
On a board running ntpd and gpsd, I'm seeing a consistent use-after-free
in sys_exit() from gpsd when rebooting:
pps pps1: removed
------------[ cut here ]------------
kobject: '(null)' (00000000db4bec24): is not initialized, yet kobject_put() is being called.
WARNING: CPU: 2 PID: 440 at lib/kobject.c:734 kobject_put+0x120/0x150
CPU: 2 UID: 299 PID: 440 Comm: gpsd Not tainted 6.11.0-rc6-00308-gb31c44928842 #1
Hardware name: Raspberry Pi 4 Model B Rev 1.1 (DT)
pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : kobject_put+0x120/0x150
lr : kobject_put+0x120/0x150
sp : ffffffc0803d3ae0
x29: ffffffc0803d3ae0 x28: ffffff8042dc9738 x27: 0000000000000001
x26: 0000000000000000 x25: ffffff8042dc9040 x24: ffffff8042dc9440
x23: ffffff80402a4620 x22: ffffff8042ef4bd0 x21: ffffff80405cb600
x20: 000000000008001b x19: ffffff8040b3b6e0 x18: 0000000000000000
x17: 0000000000000000 x16: 0000000000000000 x15: 696e6920746f6e20
x14: 7369203a29343263 x13: 205d303434542020 x12: 0000000000000000
x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000
x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000000
x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000000
Call trace:
kobject_put+0x120/0x150
cdev_put+0x20/0x3c
__fput+0x2c4/0x2d8
____fput+0x1c/0x38
task_work_run+0x70/0xfc
do_exit+0x2a0/0x924
do_group_exit+0x34/0x90
get_signal+0x7fc/0x8c0
do_signal+0x128/0x13b4
do_notify_resume+0xdc/0x160
el0_svc+0xd4/0xf8
el0t_64_sync_handler+0x140/0x14c
el0t_64_sync+0x190/0x194
---[ end trace 0000000000000000 ]---
...followed by more symptoms of corruption, with similar stacks:
refcount_t: underflow; use-after-free.
kernel BUG at lib/list_debug.c:62!
Kernel panic - not syncing: Oops - BUG: Fatal exception
This happens because pps_device_destruct() frees the pps_device with the
embedded cdev immediately after calling cdev_del(), but, as the comment
above cdev_del() notes, fops for previously opened cdevs are still
callable even after cdev_del() returns. I think this bug has always
been there: I can't explain why it suddenly started happening every time
I reboot this particular board.
In commit d953e0e837e6 ("pps: Fix a use-after free bug when
unregistering a source."), George Spelvin suggested removing the
embedded cdev. That seems like the simplest way to fix this, so I've
implemented his suggestion, using __register_chrdev() with pps_idr
becoming the source of truth for which minor corresponds to which
device.
But now that pps_idr defines userspace visibility instead of cdev_add(),
we need to be sure the pps->dev refcount can't reach zero while
userspace can still find it again. So, the idr_remove() call moves to
pps_unregister_cdev(), and pps_idr now holds a reference to pps->dev.
pps_core: source serial1 got cdev (251:1)
<...>
pps pps1: removed
pps_core: unregistering pps1
pps_core: deallocating pps1
Fixes: d953e0e837e6 ("pps: Fix a use-after free bug when unregistering a source.")
Cc: stable(a)vger.kernel.org
Signed-off-by: Calvin Owens <calvin(a)wbinvd.org>
Reviewed-by: Michal Schmidt <mschmidt(a)redhat.com>
Link: https://lore.kernel.org/r/a17975fd5ae99385791929e563f72564edbcf28f.17313837…
Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
diff --git a/drivers/pps/clients/pps-gpio.c b/drivers/pps/clients/pps-gpio.c
index 634c3b2f8c26..f77b19884f05 100644
--- a/drivers/pps/clients/pps-gpio.c
+++ b/drivers/pps/clients/pps-gpio.c
@@ -214,8 +214,8 @@ static int pps_gpio_probe(struct platform_device *pdev)
return -EINVAL;
}
- dev_info(data->pps->dev, "Registered IRQ %d as PPS source\n",
- data->irq);
+ dev_dbg(&data->pps->dev, "Registered IRQ %d as PPS source\n",
+ data->irq);
return 0;
}
diff --git a/drivers/pps/clients/pps-ktimer.c b/drivers/pps/clients/pps-ktimer.c
index d33106bd7a29..2f465549b843 100644
--- a/drivers/pps/clients/pps-ktimer.c
+++ b/drivers/pps/clients/pps-ktimer.c
@@ -56,7 +56,7 @@ static struct pps_source_info pps_ktimer_info = {
static void __exit pps_ktimer_exit(void)
{
- dev_info(pps->dev, "ktimer PPS source unregistered\n");
+ dev_dbg(&pps->dev, "ktimer PPS source unregistered\n");
del_timer_sync(&ktimer);
pps_unregister_source(pps);
@@ -74,7 +74,7 @@ static int __init pps_ktimer_init(void)
timer_setup(&ktimer, pps_ktimer_event, 0);
mod_timer(&ktimer, jiffies + HZ);
- dev_info(pps->dev, "ktimer PPS source registered\n");
+ dev_dbg(&pps->dev, "ktimer PPS source registered\n");
return 0;
}
diff --git a/drivers/pps/clients/pps-ldisc.c b/drivers/pps/clients/pps-ldisc.c
index 443d6bae19d1..fa5660f3c4b7 100644
--- a/drivers/pps/clients/pps-ldisc.c
+++ b/drivers/pps/clients/pps-ldisc.c
@@ -32,7 +32,7 @@ static void pps_tty_dcd_change(struct tty_struct *tty, bool active)
pps_event(pps, &ts, active ? PPS_CAPTUREASSERT :
PPS_CAPTURECLEAR, NULL);
- dev_dbg(pps->dev, "PPS %s at %lu\n",
+ dev_dbg(&pps->dev, "PPS %s at %lu\n",
active ? "assert" : "clear", jiffies);
}
@@ -69,7 +69,7 @@ static int pps_tty_open(struct tty_struct *tty)
goto err_unregister;
}
- dev_info(pps->dev, "source \"%s\" added\n", info.path);
+ dev_dbg(&pps->dev, "source \"%s\" added\n", info.path);
return 0;
@@ -89,7 +89,7 @@ static void pps_tty_close(struct tty_struct *tty)
if (WARN_ON(!pps))
return;
- dev_info(pps->dev, "removed\n");
+ dev_info(&pps->dev, "removed\n");
pps_unregister_source(pps);
}
diff --git a/drivers/pps/clients/pps_parport.c b/drivers/pps/clients/pps_parport.c
index abaffb4e1c1c..24db06750297 100644
--- a/drivers/pps/clients/pps_parport.c
+++ b/drivers/pps/clients/pps_parport.c
@@ -81,7 +81,7 @@ static void parport_irq(void *handle)
/* check the signal (no signal means the pulse is lost this time) */
if (!signal_is_set(port)) {
local_irq_restore(flags);
- dev_err(dev->pps->dev, "lost the signal\n");
+ dev_err(&dev->pps->dev, "lost the signal\n");
goto out_assert;
}
@@ -98,7 +98,7 @@ static void parport_irq(void *handle)
/* timeout */
dev->cw_err++;
if (dev->cw_err >= CLEAR_WAIT_MAX_ERRORS) {
- dev_err(dev->pps->dev, "disabled clear edge capture after %d"
+ dev_err(&dev->pps->dev, "disabled clear edge capture after %d"
" timeouts\n", dev->cw_err);
dev->cw = 0;
dev->cw_err = 0;
diff --git a/drivers/pps/kapi.c b/drivers/pps/kapi.c
index d9d566f70ed1..92d1b62ea239 100644
--- a/drivers/pps/kapi.c
+++ b/drivers/pps/kapi.c
@@ -41,7 +41,7 @@ static void pps_add_offset(struct pps_ktime *ts, struct pps_ktime *offset)
static void pps_echo_client_default(struct pps_device *pps, int event,
void *data)
{
- dev_info(pps->dev, "echo %s %s\n",
+ dev_info(&pps->dev, "echo %s %s\n",
event & PPS_CAPTUREASSERT ? "assert" : "",
event & PPS_CAPTURECLEAR ? "clear" : "");
}
@@ -112,7 +112,7 @@ struct pps_device *pps_register_source(struct pps_source_info *info,
goto kfree_pps;
}
- dev_info(pps->dev, "new PPS source %s\n", info->name);
+ dev_dbg(&pps->dev, "new PPS source %s\n", info->name);
return pps;
@@ -166,7 +166,7 @@ void pps_event(struct pps_device *pps, struct pps_event_time *ts, int event,
/* check event type */
BUG_ON((event & (PPS_CAPTUREASSERT | PPS_CAPTURECLEAR)) == 0);
- dev_dbg(pps->dev, "PPS event at %lld.%09ld\n",
+ dev_dbg(&pps->dev, "PPS event at %lld.%09ld\n",
(s64)ts->ts_real.tv_sec, ts->ts_real.tv_nsec);
timespec_to_pps_ktime(&ts_real, ts->ts_real);
@@ -188,7 +188,7 @@ void pps_event(struct pps_device *pps, struct pps_event_time *ts, int event,
/* Save the time stamp */
pps->assert_tu = ts_real;
pps->assert_sequence++;
- dev_dbg(pps->dev, "capture assert seq #%u\n",
+ dev_dbg(&pps->dev, "capture assert seq #%u\n",
pps->assert_sequence);
captured = ~0;
@@ -202,7 +202,7 @@ void pps_event(struct pps_device *pps, struct pps_event_time *ts, int event,
/* Save the time stamp */
pps->clear_tu = ts_real;
pps->clear_sequence++;
- dev_dbg(pps->dev, "capture clear seq #%u\n",
+ dev_dbg(&pps->dev, "capture clear seq #%u\n",
pps->clear_sequence);
captured = ~0;
diff --git a/drivers/pps/kc.c b/drivers/pps/kc.c
index 50dc59af45be..fbd23295afd7 100644
--- a/drivers/pps/kc.c
+++ b/drivers/pps/kc.c
@@ -43,11 +43,11 @@ int pps_kc_bind(struct pps_device *pps, struct pps_bind_args *bind_args)
pps_kc_hardpps_mode = 0;
pps_kc_hardpps_dev = NULL;
spin_unlock_irq(&pps_kc_hardpps_lock);
- dev_info(pps->dev, "unbound kernel"
+ dev_info(&pps->dev, "unbound kernel"
" consumer\n");
} else {
spin_unlock_irq(&pps_kc_hardpps_lock);
- dev_err(pps->dev, "selected kernel consumer"
+ dev_err(&pps->dev, "selected kernel consumer"
" is not bound\n");
return -EINVAL;
}
@@ -57,11 +57,11 @@ int pps_kc_bind(struct pps_device *pps, struct pps_bind_args *bind_args)
pps_kc_hardpps_mode = bind_args->edge;
pps_kc_hardpps_dev = pps;
spin_unlock_irq(&pps_kc_hardpps_lock);
- dev_info(pps->dev, "bound kernel consumer: "
+ dev_info(&pps->dev, "bound kernel consumer: "
"edge=0x%x\n", bind_args->edge);
} else {
spin_unlock_irq(&pps_kc_hardpps_lock);
- dev_err(pps->dev, "another kernel consumer"
+ dev_err(&pps->dev, "another kernel consumer"
" is already bound\n");
return -EINVAL;
}
@@ -83,7 +83,7 @@ void pps_kc_remove(struct pps_device *pps)
pps_kc_hardpps_mode = 0;
pps_kc_hardpps_dev = NULL;
spin_unlock_irq(&pps_kc_hardpps_lock);
- dev_info(pps->dev, "unbound kernel consumer"
+ dev_info(&pps->dev, "unbound kernel consumer"
" on device removal\n");
} else
spin_unlock_irq(&pps_kc_hardpps_lock);
diff --git a/drivers/pps/pps.c b/drivers/pps/pps.c
index 25d47907db17..6a02245ea35f 100644
--- a/drivers/pps/pps.c
+++ b/drivers/pps/pps.c
@@ -25,7 +25,7 @@
* Local variables
*/
-static dev_t pps_devt;
+static int pps_major;
static struct class *pps_class;
static DEFINE_MUTEX(pps_idr_lock);
@@ -62,7 +62,7 @@ static int pps_cdev_pps_fetch(struct pps_device *pps, struct pps_fdata *fdata)
else {
unsigned long ticks;
- dev_dbg(pps->dev, "timeout %lld.%09d\n",
+ dev_dbg(&pps->dev, "timeout %lld.%09d\n",
(long long) fdata->timeout.sec,
fdata->timeout.nsec);
ticks = fdata->timeout.sec * HZ;
@@ -80,7 +80,7 @@ static int pps_cdev_pps_fetch(struct pps_device *pps, struct pps_fdata *fdata)
/* Check for pending signals */
if (err == -ERESTARTSYS) {
- dev_dbg(pps->dev, "pending signal caught\n");
+ dev_dbg(&pps->dev, "pending signal caught\n");
return -EINTR;
}
@@ -98,7 +98,7 @@ static long pps_cdev_ioctl(struct file *file,
switch (cmd) {
case PPS_GETPARAMS:
- dev_dbg(pps->dev, "PPS_GETPARAMS\n");
+ dev_dbg(&pps->dev, "PPS_GETPARAMS\n");
spin_lock_irq(&pps->lock);
@@ -114,7 +114,7 @@ static long pps_cdev_ioctl(struct file *file,
break;
case PPS_SETPARAMS:
- dev_dbg(pps->dev, "PPS_SETPARAMS\n");
+ dev_dbg(&pps->dev, "PPS_SETPARAMS\n");
/* Check the capabilities */
if (!capable(CAP_SYS_TIME))
@@ -124,14 +124,14 @@ static long pps_cdev_ioctl(struct file *file,
if (err)
return -EFAULT;
if (!(params.mode & (PPS_CAPTUREASSERT | PPS_CAPTURECLEAR))) {
- dev_dbg(pps->dev, "capture mode unspecified (%x)\n",
+ dev_dbg(&pps->dev, "capture mode unspecified (%x)\n",
params.mode);
return -EINVAL;
}
/* Check for supported capabilities */
if ((params.mode & ~pps->info.mode) != 0) {
- dev_dbg(pps->dev, "unsupported capabilities (%x)\n",
+ dev_dbg(&pps->dev, "unsupported capabilities (%x)\n",
params.mode);
return -EINVAL;
}
@@ -144,7 +144,7 @@ static long pps_cdev_ioctl(struct file *file,
/* Restore the read only parameters */
if ((params.mode & (PPS_TSFMT_TSPEC | PPS_TSFMT_NTPFP)) == 0) {
/* section 3.3 of RFC 2783 interpreted */
- dev_dbg(pps->dev, "time format unspecified (%x)\n",
+ dev_dbg(&pps->dev, "time format unspecified (%x)\n",
params.mode);
pps->params.mode |= PPS_TSFMT_TSPEC;
}
@@ -165,7 +165,7 @@ static long pps_cdev_ioctl(struct file *file,
break;
case PPS_GETCAP:
- dev_dbg(pps->dev, "PPS_GETCAP\n");
+ dev_dbg(&pps->dev, "PPS_GETCAP\n");
err = put_user(pps->info.mode, iuarg);
if (err)
@@ -176,7 +176,7 @@ static long pps_cdev_ioctl(struct file *file,
case PPS_FETCH: {
struct pps_fdata fdata;
- dev_dbg(pps->dev, "PPS_FETCH\n");
+ dev_dbg(&pps->dev, "PPS_FETCH\n");
err = copy_from_user(&fdata, uarg, sizeof(struct pps_fdata));
if (err)
@@ -206,7 +206,7 @@ static long pps_cdev_ioctl(struct file *file,
case PPS_KC_BIND: {
struct pps_bind_args bind_args;
- dev_dbg(pps->dev, "PPS_KC_BIND\n");
+ dev_dbg(&pps->dev, "PPS_KC_BIND\n");
/* Check the capabilities */
if (!capable(CAP_SYS_TIME))
@@ -218,7 +218,7 @@ static long pps_cdev_ioctl(struct file *file,
/* Check for supported capabilities */
if ((bind_args.edge & ~pps->info.mode) != 0) {
- dev_err(pps->dev, "unsupported capabilities (%x)\n",
+ dev_err(&pps->dev, "unsupported capabilities (%x)\n",
bind_args.edge);
return -EINVAL;
}
@@ -227,7 +227,7 @@ static long pps_cdev_ioctl(struct file *file,
if (bind_args.tsformat != PPS_TSFMT_TSPEC ||
(bind_args.edge & ~PPS_CAPTUREBOTH) != 0 ||
bind_args.consumer != PPS_KC_HARDPPS) {
- dev_err(pps->dev, "invalid kernel consumer bind"
+ dev_err(&pps->dev, "invalid kernel consumer bind"
" parameters (%x)\n", bind_args.edge);
return -EINVAL;
}
@@ -259,7 +259,7 @@ static long pps_cdev_compat_ioctl(struct file *file,
struct pps_fdata fdata;
int err;
- dev_dbg(pps->dev, "PPS_FETCH\n");
+ dev_dbg(&pps->dev, "PPS_FETCH\n");
err = copy_from_user(&compat, uarg, sizeof(struct pps_fdata_compat));
if (err)
@@ -296,20 +296,36 @@ static long pps_cdev_compat_ioctl(struct file *file,
#define pps_cdev_compat_ioctl NULL
#endif
+static struct pps_device *pps_idr_get(unsigned long id)
+{
+ struct pps_device *pps;
+
+ mutex_lock(&pps_idr_lock);
+ pps = idr_find(&pps_idr, id);
+ if (pps)
+ get_device(&pps->dev);
+
+ mutex_unlock(&pps_idr_lock);
+ return pps;
+}
+
static int pps_cdev_open(struct inode *inode, struct file *file)
{
- struct pps_device *pps = container_of(inode->i_cdev,
- struct pps_device, cdev);
+ struct pps_device *pps = pps_idr_get(iminor(inode));
+
+ if (!pps)
+ return -ENODEV;
+
file->private_data = pps;
- kobject_get(&pps->dev->kobj);
return 0;
}
static int pps_cdev_release(struct inode *inode, struct file *file)
{
- struct pps_device *pps = container_of(inode->i_cdev,
- struct pps_device, cdev);
- kobject_put(&pps->dev->kobj);
+ struct pps_device *pps = file->private_data;
+
+ WARN_ON(pps->id != iminor(inode));
+ put_device(&pps->dev);
return 0;
}
@@ -331,22 +347,13 @@ static void pps_device_destruct(struct device *dev)
{
struct pps_device *pps = dev_get_drvdata(dev);
- cdev_del(&pps->cdev);
-
- /* Now we can release the ID for re-use */
pr_debug("deallocating pps%d\n", pps->id);
- mutex_lock(&pps_idr_lock);
- idr_remove(&pps_idr, pps->id);
- mutex_unlock(&pps_idr_lock);
-
- kfree(dev);
kfree(pps);
}
int pps_register_cdev(struct pps_device *pps)
{
int err;
- dev_t devt;
mutex_lock(&pps_idr_lock);
/*
@@ -363,40 +370,29 @@ int pps_register_cdev(struct pps_device *pps)
goto out_unlock;
}
pps->id = err;
- mutex_unlock(&pps_idr_lock);
- devt = MKDEV(MAJOR(pps_devt), pps->id);
-
- cdev_init(&pps->cdev, &pps_cdev_fops);
- pps->cdev.owner = pps->info.owner;
-
- err = cdev_add(&pps->cdev, devt, 1);
- if (err) {
- pr_err("%s: failed to add char device %d:%d\n",
- pps->info.name, MAJOR(pps_devt), pps->id);
+ pps->dev.class = pps_class;
+ pps->dev.parent = pps->info.dev;
+ pps->dev.devt = MKDEV(pps_major, pps->id);
+ dev_set_drvdata(&pps->dev, pps);
+ dev_set_name(&pps->dev, "pps%d", pps->id);
+ err = device_register(&pps->dev);
+ if (err)
goto free_idr;
- }
- pps->dev = device_create(pps_class, pps->info.dev, devt, pps,
- "pps%d", pps->id);
- if (IS_ERR(pps->dev)) {
- err = PTR_ERR(pps->dev);
- goto del_cdev;
- }
/* Override the release function with our own */
- pps->dev->release = pps_device_destruct;
+ pps->dev.release = pps_device_destruct;
- pr_debug("source %s got cdev (%d:%d)\n", pps->info.name,
- MAJOR(pps_devt), pps->id);
+ pr_debug("source %s got cdev (%d:%d)\n", pps->info.name, pps_major,
+ pps->id);
+ get_device(&pps->dev);
+ mutex_unlock(&pps_idr_lock);
return 0;
-del_cdev:
- cdev_del(&pps->cdev);
-
free_idr:
- mutex_lock(&pps_idr_lock);
idr_remove(&pps_idr, pps->id);
+ put_device(&pps->dev);
out_unlock:
mutex_unlock(&pps_idr_lock);
return err;
@@ -406,7 +402,13 @@ void pps_unregister_cdev(struct pps_device *pps)
{
pr_debug("unregistering pps%d\n", pps->id);
pps->lookup_cookie = NULL;
- device_destroy(pps_class, pps->dev->devt);
+ device_destroy(pps_class, pps->dev.devt);
+
+ /* Now we can release the ID for re-use */
+ mutex_lock(&pps_idr_lock);
+ idr_remove(&pps_idr, pps->id);
+ put_device(&pps->dev);
+ mutex_unlock(&pps_idr_lock);
}
/*
@@ -426,6 +428,11 @@ void pps_unregister_cdev(struct pps_device *pps)
* so that it will not be used again, even if the pps device cannot
* be removed from the idr due to pending references holding the minor
* number in use.
+ *
+ * Since pps_idr holds a reference to the device, the returned
+ * pps_device is guaranteed to be valid until pps_unregister_cdev() is
+ * called on it. But after calling pps_unregister_cdev(), it may be
+ * freed at any time.
*/
struct pps_device *pps_lookup_dev(void const *cookie)
{
@@ -448,13 +455,11 @@ EXPORT_SYMBOL(pps_lookup_dev);
static void __exit pps_exit(void)
{
class_destroy(pps_class);
- unregister_chrdev_region(pps_devt, PPS_MAX_SOURCES);
+ __unregister_chrdev(pps_major, 0, PPS_MAX_SOURCES, "pps");
}
static int __init pps_init(void)
{
- int err;
-
pps_class = class_create("pps");
if (IS_ERR(pps_class)) {
pr_err("failed to allocate class\n");
@@ -462,8 +467,9 @@ static int __init pps_init(void)
}
pps_class->dev_groups = pps_groups;
- err = alloc_chrdev_region(&pps_devt, 0, PPS_MAX_SOURCES, "pps");
- if (err < 0) {
+ pps_major = __register_chrdev(0, 0, PPS_MAX_SOURCES, "pps",
+ &pps_cdev_fops);
+ if (pps_major < 0) {
pr_err("failed to allocate char device region\n");
goto remove_class;
}
@@ -476,8 +482,7 @@ static int __init pps_init(void)
remove_class:
class_destroy(pps_class);
-
- return err;
+ return pps_major;
}
subsys_initcall(pps_init);
diff --git a/drivers/ptp/ptp_ocp.c b/drivers/ptp/ptp_ocp.c
index 5feecaadde8e..120db96d9e95 100644
--- a/drivers/ptp/ptp_ocp.c
+++ b/drivers/ptp/ptp_ocp.c
@@ -4420,7 +4420,7 @@ ptp_ocp_complete(struct ptp_ocp *bp)
pps = pps_lookup_dev(bp->ptp);
if (pps)
- ptp_ocp_symlink(bp, pps->dev, "pps");
+ ptp_ocp_symlink(bp, &pps->dev, "pps");
ptp_ocp_debugfs_add_device(bp);
diff --git a/include/linux/pps_kernel.h b/include/linux/pps_kernel.h
index 78c8ac4951b5..c7abce28ed29 100644
--- a/include/linux/pps_kernel.h
+++ b/include/linux/pps_kernel.h
@@ -56,8 +56,7 @@ struct pps_device {
unsigned int id; /* PPS source unique ID */
void const *lookup_cookie; /* For pps_lookup_dev() only */
- struct cdev cdev;
- struct device *dev;
+ struct device dev;
struct fasync_struct *async_queue; /* fasync method */
spinlock_t lock;
};
2 months, 3 weeks
- 3
- 2
FAILED: patch "[PATCH] pps: Fix a use-after-free" failed to apply to 5.4-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 5.4-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y
git checkout FETCH_HEAD
git cherry-pick -x c79a39dc8d060b9e64e8b0fa9d245d44befeefbe
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025020424-bloated-undecided-1814@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From c79a39dc8d060b9e64e8b0fa9d245d44befeefbe Mon Sep 17 00:00:00 2001
From: Calvin Owens <calvin(a)wbinvd.org>
Date: Mon, 11 Nov 2024 20:13:29 -0800
Subject: [PATCH] pps: Fix a use-after-free
On a board running ntpd and gpsd, I'm seeing a consistent use-after-free
in sys_exit() from gpsd when rebooting:
pps pps1: removed
------------[ cut here ]------------
kobject: '(null)' (00000000db4bec24): is not initialized, yet kobject_put() is being called.
WARNING: CPU: 2 PID: 440 at lib/kobject.c:734 kobject_put+0x120/0x150
CPU: 2 UID: 299 PID: 440 Comm: gpsd Not tainted 6.11.0-rc6-00308-gb31c44928842 #1
Hardware name: Raspberry Pi 4 Model B Rev 1.1 (DT)
pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : kobject_put+0x120/0x150
lr : kobject_put+0x120/0x150
sp : ffffffc0803d3ae0
x29: ffffffc0803d3ae0 x28: ffffff8042dc9738 x27: 0000000000000001
x26: 0000000000000000 x25: ffffff8042dc9040 x24: ffffff8042dc9440
x23: ffffff80402a4620 x22: ffffff8042ef4bd0 x21: ffffff80405cb600
x20: 000000000008001b x19: ffffff8040b3b6e0 x18: 0000000000000000
x17: 0000000000000000 x16: 0000000000000000 x15: 696e6920746f6e20
x14: 7369203a29343263 x13: 205d303434542020 x12: 0000000000000000
x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000
x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000000
x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000000
Call trace:
kobject_put+0x120/0x150
cdev_put+0x20/0x3c
__fput+0x2c4/0x2d8
____fput+0x1c/0x38
task_work_run+0x70/0xfc
do_exit+0x2a0/0x924
do_group_exit+0x34/0x90
get_signal+0x7fc/0x8c0
do_signal+0x128/0x13b4
do_notify_resume+0xdc/0x160
el0_svc+0xd4/0xf8
el0t_64_sync_handler+0x140/0x14c
el0t_64_sync+0x190/0x194
---[ end trace 0000000000000000 ]---
...followed by more symptoms of corruption, with similar stacks:
refcount_t: underflow; use-after-free.
kernel BUG at lib/list_debug.c:62!
Kernel panic - not syncing: Oops - BUG: Fatal exception
This happens because pps_device_destruct() frees the pps_device with the
embedded cdev immediately after calling cdev_del(), but, as the comment
above cdev_del() notes, fops for previously opened cdevs are still
callable even after cdev_del() returns. I think this bug has always
been there: I can't explain why it suddenly started happening every time
I reboot this particular board.
In commit d953e0e837e6 ("pps: Fix a use-after free bug when
unregistering a source."), George Spelvin suggested removing the
embedded cdev. That seems like the simplest way to fix this, so I've
implemented his suggestion, using __register_chrdev() with pps_idr
becoming the source of truth for which minor corresponds to which
device.
But now that pps_idr defines userspace visibility instead of cdev_add(),
we need to be sure the pps->dev refcount can't reach zero while
userspace can still find it again. So, the idr_remove() call moves to
pps_unregister_cdev(), and pps_idr now holds a reference to pps->dev.
pps_core: source serial1 got cdev (251:1)
<...>
pps pps1: removed
pps_core: unregistering pps1
pps_core: deallocating pps1
Fixes: d953e0e837e6 ("pps: Fix a use-after free bug when unregistering a source.")
Cc: stable(a)vger.kernel.org
Signed-off-by: Calvin Owens <calvin(a)wbinvd.org>
Reviewed-by: Michal Schmidt <mschmidt(a)redhat.com>
Link: https://lore.kernel.org/r/a17975fd5ae99385791929e563f72564edbcf28f.17313837…
Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
diff --git a/drivers/pps/clients/pps-gpio.c b/drivers/pps/clients/pps-gpio.c
index 634c3b2f8c26..f77b19884f05 100644
--- a/drivers/pps/clients/pps-gpio.c
+++ b/drivers/pps/clients/pps-gpio.c
@@ -214,8 +214,8 @@ static int pps_gpio_probe(struct platform_device *pdev)
return -EINVAL;
}
- dev_info(data->pps->dev, "Registered IRQ %d as PPS source\n",
- data->irq);
+ dev_dbg(&data->pps->dev, "Registered IRQ %d as PPS source\n",
+ data->irq);
return 0;
}
diff --git a/drivers/pps/clients/pps-ktimer.c b/drivers/pps/clients/pps-ktimer.c
index d33106bd7a29..2f465549b843 100644
--- a/drivers/pps/clients/pps-ktimer.c
+++ b/drivers/pps/clients/pps-ktimer.c
@@ -56,7 +56,7 @@ static struct pps_source_info pps_ktimer_info = {
static void __exit pps_ktimer_exit(void)
{
- dev_info(pps->dev, "ktimer PPS source unregistered\n");
+ dev_dbg(&pps->dev, "ktimer PPS source unregistered\n");
del_timer_sync(&ktimer);
pps_unregister_source(pps);
@@ -74,7 +74,7 @@ static int __init pps_ktimer_init(void)
timer_setup(&ktimer, pps_ktimer_event, 0);
mod_timer(&ktimer, jiffies + HZ);
- dev_info(pps->dev, "ktimer PPS source registered\n");
+ dev_dbg(&pps->dev, "ktimer PPS source registered\n");
return 0;
}
diff --git a/drivers/pps/clients/pps-ldisc.c b/drivers/pps/clients/pps-ldisc.c
index 443d6bae19d1..fa5660f3c4b7 100644
--- a/drivers/pps/clients/pps-ldisc.c
+++ b/drivers/pps/clients/pps-ldisc.c
@@ -32,7 +32,7 @@ static void pps_tty_dcd_change(struct tty_struct *tty, bool active)
pps_event(pps, &ts, active ? PPS_CAPTUREASSERT :
PPS_CAPTURECLEAR, NULL);
- dev_dbg(pps->dev, "PPS %s at %lu\n",
+ dev_dbg(&pps->dev, "PPS %s at %lu\n",
active ? "assert" : "clear", jiffies);
}
@@ -69,7 +69,7 @@ static int pps_tty_open(struct tty_struct *tty)
goto err_unregister;
}
- dev_info(pps->dev, "source \"%s\" added\n", info.path);
+ dev_dbg(&pps->dev, "source \"%s\" added\n", info.path);
return 0;
@@ -89,7 +89,7 @@ static void pps_tty_close(struct tty_struct *tty)
if (WARN_ON(!pps))
return;
- dev_info(pps->dev, "removed\n");
+ dev_info(&pps->dev, "removed\n");
pps_unregister_source(pps);
}
diff --git a/drivers/pps/clients/pps_parport.c b/drivers/pps/clients/pps_parport.c
index abaffb4e1c1c..24db06750297 100644
--- a/drivers/pps/clients/pps_parport.c
+++ b/drivers/pps/clients/pps_parport.c
@@ -81,7 +81,7 @@ static void parport_irq(void *handle)
/* check the signal (no signal means the pulse is lost this time) */
if (!signal_is_set(port)) {
local_irq_restore(flags);
- dev_err(dev->pps->dev, "lost the signal\n");
+ dev_err(&dev->pps->dev, "lost the signal\n");
goto out_assert;
}
@@ -98,7 +98,7 @@ static void parport_irq(void *handle)
/* timeout */
dev->cw_err++;
if (dev->cw_err >= CLEAR_WAIT_MAX_ERRORS) {
- dev_err(dev->pps->dev, "disabled clear edge capture after %d"
+ dev_err(&dev->pps->dev, "disabled clear edge capture after %d"
" timeouts\n", dev->cw_err);
dev->cw = 0;
dev->cw_err = 0;
diff --git a/drivers/pps/kapi.c b/drivers/pps/kapi.c
index d9d566f70ed1..92d1b62ea239 100644
--- a/drivers/pps/kapi.c
+++ b/drivers/pps/kapi.c
@@ -41,7 +41,7 @@ static void pps_add_offset(struct pps_ktime *ts, struct pps_ktime *offset)
static void pps_echo_client_default(struct pps_device *pps, int event,
void *data)
{
- dev_info(pps->dev, "echo %s %s\n",
+ dev_info(&pps->dev, "echo %s %s\n",
event & PPS_CAPTUREASSERT ? "assert" : "",
event & PPS_CAPTURECLEAR ? "clear" : "");
}
@@ -112,7 +112,7 @@ struct pps_device *pps_register_source(struct pps_source_info *info,
goto kfree_pps;
}
- dev_info(pps->dev, "new PPS source %s\n", info->name);
+ dev_dbg(&pps->dev, "new PPS source %s\n", info->name);
return pps;
@@ -166,7 +166,7 @@ void pps_event(struct pps_device *pps, struct pps_event_time *ts, int event,
/* check event type */
BUG_ON((event & (PPS_CAPTUREASSERT | PPS_CAPTURECLEAR)) == 0);
- dev_dbg(pps->dev, "PPS event at %lld.%09ld\n",
+ dev_dbg(&pps->dev, "PPS event at %lld.%09ld\n",
(s64)ts->ts_real.tv_sec, ts->ts_real.tv_nsec);
timespec_to_pps_ktime(&ts_real, ts->ts_real);
@@ -188,7 +188,7 @@ void pps_event(struct pps_device *pps, struct pps_event_time *ts, int event,
/* Save the time stamp */
pps->assert_tu = ts_real;
pps->assert_sequence++;
- dev_dbg(pps->dev, "capture assert seq #%u\n",
+ dev_dbg(&pps->dev, "capture assert seq #%u\n",
pps->assert_sequence);
captured = ~0;
@@ -202,7 +202,7 @@ void pps_event(struct pps_device *pps, struct pps_event_time *ts, int event,
/* Save the time stamp */
pps->clear_tu = ts_real;
pps->clear_sequence++;
- dev_dbg(pps->dev, "capture clear seq #%u\n",
+ dev_dbg(&pps->dev, "capture clear seq #%u\n",
pps->clear_sequence);
captured = ~0;
diff --git a/drivers/pps/kc.c b/drivers/pps/kc.c
index 50dc59af45be..fbd23295afd7 100644
--- a/drivers/pps/kc.c
+++ b/drivers/pps/kc.c
@@ -43,11 +43,11 @@ int pps_kc_bind(struct pps_device *pps, struct pps_bind_args *bind_args)
pps_kc_hardpps_mode = 0;
pps_kc_hardpps_dev = NULL;
spin_unlock_irq(&pps_kc_hardpps_lock);
- dev_info(pps->dev, "unbound kernel"
+ dev_info(&pps->dev, "unbound kernel"
" consumer\n");
} else {
spin_unlock_irq(&pps_kc_hardpps_lock);
- dev_err(pps->dev, "selected kernel consumer"
+ dev_err(&pps->dev, "selected kernel consumer"
" is not bound\n");
return -EINVAL;
}
@@ -57,11 +57,11 @@ int pps_kc_bind(struct pps_device *pps, struct pps_bind_args *bind_args)
pps_kc_hardpps_mode = bind_args->edge;
pps_kc_hardpps_dev = pps;
spin_unlock_irq(&pps_kc_hardpps_lock);
- dev_info(pps->dev, "bound kernel consumer: "
+ dev_info(&pps->dev, "bound kernel consumer: "
"edge=0x%x\n", bind_args->edge);
} else {
spin_unlock_irq(&pps_kc_hardpps_lock);
- dev_err(pps->dev, "another kernel consumer"
+ dev_err(&pps->dev, "another kernel consumer"
" is already bound\n");
return -EINVAL;
}
@@ -83,7 +83,7 @@ void pps_kc_remove(struct pps_device *pps)
pps_kc_hardpps_mode = 0;
pps_kc_hardpps_dev = NULL;
spin_unlock_irq(&pps_kc_hardpps_lock);
- dev_info(pps->dev, "unbound kernel consumer"
+ dev_info(&pps->dev, "unbound kernel consumer"
" on device removal\n");
} else
spin_unlock_irq(&pps_kc_hardpps_lock);
diff --git a/drivers/pps/pps.c b/drivers/pps/pps.c
index 25d47907db17..6a02245ea35f 100644
--- a/drivers/pps/pps.c
+++ b/drivers/pps/pps.c
@@ -25,7 +25,7 @@
* Local variables
*/
-static dev_t pps_devt;
+static int pps_major;
static struct class *pps_class;
static DEFINE_MUTEX(pps_idr_lock);
@@ -62,7 +62,7 @@ static int pps_cdev_pps_fetch(struct pps_device *pps, struct pps_fdata *fdata)
else {
unsigned long ticks;
- dev_dbg(pps->dev, "timeout %lld.%09d\n",
+ dev_dbg(&pps->dev, "timeout %lld.%09d\n",
(long long) fdata->timeout.sec,
fdata->timeout.nsec);
ticks = fdata->timeout.sec * HZ;
@@ -80,7 +80,7 @@ static int pps_cdev_pps_fetch(struct pps_device *pps, struct pps_fdata *fdata)
/* Check for pending signals */
if (err == -ERESTARTSYS) {
- dev_dbg(pps->dev, "pending signal caught\n");
+ dev_dbg(&pps->dev, "pending signal caught\n");
return -EINTR;
}
@@ -98,7 +98,7 @@ static long pps_cdev_ioctl(struct file *file,
switch (cmd) {
case PPS_GETPARAMS:
- dev_dbg(pps->dev, "PPS_GETPARAMS\n");
+ dev_dbg(&pps->dev, "PPS_GETPARAMS\n");
spin_lock_irq(&pps->lock);
@@ -114,7 +114,7 @@ static long pps_cdev_ioctl(struct file *file,
break;
case PPS_SETPARAMS:
- dev_dbg(pps->dev, "PPS_SETPARAMS\n");
+ dev_dbg(&pps->dev, "PPS_SETPARAMS\n");
/* Check the capabilities */
if (!capable(CAP_SYS_TIME))
@@ -124,14 +124,14 @@ static long pps_cdev_ioctl(struct file *file,
if (err)
return -EFAULT;
if (!(params.mode & (PPS_CAPTUREASSERT | PPS_CAPTURECLEAR))) {
- dev_dbg(pps->dev, "capture mode unspecified (%x)\n",
+ dev_dbg(&pps->dev, "capture mode unspecified (%x)\n",
params.mode);
return -EINVAL;
}
/* Check for supported capabilities */
if ((params.mode & ~pps->info.mode) != 0) {
- dev_dbg(pps->dev, "unsupported capabilities (%x)\n",
+ dev_dbg(&pps->dev, "unsupported capabilities (%x)\n",
params.mode);
return -EINVAL;
}
@@ -144,7 +144,7 @@ static long pps_cdev_ioctl(struct file *file,
/* Restore the read only parameters */
if ((params.mode & (PPS_TSFMT_TSPEC | PPS_TSFMT_NTPFP)) == 0) {
/* section 3.3 of RFC 2783 interpreted */
- dev_dbg(pps->dev, "time format unspecified (%x)\n",
+ dev_dbg(&pps->dev, "time format unspecified (%x)\n",
params.mode);
pps->params.mode |= PPS_TSFMT_TSPEC;
}
@@ -165,7 +165,7 @@ static long pps_cdev_ioctl(struct file *file,
break;
case PPS_GETCAP:
- dev_dbg(pps->dev, "PPS_GETCAP\n");
+ dev_dbg(&pps->dev, "PPS_GETCAP\n");
err = put_user(pps->info.mode, iuarg);
if (err)
@@ -176,7 +176,7 @@ static long pps_cdev_ioctl(struct file *file,
case PPS_FETCH: {
struct pps_fdata fdata;
- dev_dbg(pps->dev, "PPS_FETCH\n");
+ dev_dbg(&pps->dev, "PPS_FETCH\n");
err = copy_from_user(&fdata, uarg, sizeof(struct pps_fdata));
if (err)
@@ -206,7 +206,7 @@ static long pps_cdev_ioctl(struct file *file,
case PPS_KC_BIND: {
struct pps_bind_args bind_args;
- dev_dbg(pps->dev, "PPS_KC_BIND\n");
+ dev_dbg(&pps->dev, "PPS_KC_BIND\n");
/* Check the capabilities */
if (!capable(CAP_SYS_TIME))
@@ -218,7 +218,7 @@ static long pps_cdev_ioctl(struct file *file,
/* Check for supported capabilities */
if ((bind_args.edge & ~pps->info.mode) != 0) {
- dev_err(pps->dev, "unsupported capabilities (%x)\n",
+ dev_err(&pps->dev, "unsupported capabilities (%x)\n",
bind_args.edge);
return -EINVAL;
}
@@ -227,7 +227,7 @@ static long pps_cdev_ioctl(struct file *file,
if (bind_args.tsformat != PPS_TSFMT_TSPEC ||
(bind_args.edge & ~PPS_CAPTUREBOTH) != 0 ||
bind_args.consumer != PPS_KC_HARDPPS) {
- dev_err(pps->dev, "invalid kernel consumer bind"
+ dev_err(&pps->dev, "invalid kernel consumer bind"
" parameters (%x)\n", bind_args.edge);
return -EINVAL;
}
@@ -259,7 +259,7 @@ static long pps_cdev_compat_ioctl(struct file *file,
struct pps_fdata fdata;
int err;
- dev_dbg(pps->dev, "PPS_FETCH\n");
+ dev_dbg(&pps->dev, "PPS_FETCH\n");
err = copy_from_user(&compat, uarg, sizeof(struct pps_fdata_compat));
if (err)
@@ -296,20 +296,36 @@ static long pps_cdev_compat_ioctl(struct file *file,
#define pps_cdev_compat_ioctl NULL
#endif
+static struct pps_device *pps_idr_get(unsigned long id)
+{
+ struct pps_device *pps;
+
+ mutex_lock(&pps_idr_lock);
+ pps = idr_find(&pps_idr, id);
+ if (pps)
+ get_device(&pps->dev);
+
+ mutex_unlock(&pps_idr_lock);
+ return pps;
+}
+
static int pps_cdev_open(struct inode *inode, struct file *file)
{
- struct pps_device *pps = container_of(inode->i_cdev,
- struct pps_device, cdev);
+ struct pps_device *pps = pps_idr_get(iminor(inode));
+
+ if (!pps)
+ return -ENODEV;
+
file->private_data = pps;
- kobject_get(&pps->dev->kobj);
return 0;
}
static int pps_cdev_release(struct inode *inode, struct file *file)
{
- struct pps_device *pps = container_of(inode->i_cdev,
- struct pps_device, cdev);
- kobject_put(&pps->dev->kobj);
+ struct pps_device *pps = file->private_data;
+
+ WARN_ON(pps->id != iminor(inode));
+ put_device(&pps->dev);
return 0;
}
@@ -331,22 +347,13 @@ static void pps_device_destruct(struct device *dev)
{
struct pps_device *pps = dev_get_drvdata(dev);
- cdev_del(&pps->cdev);
-
- /* Now we can release the ID for re-use */
pr_debug("deallocating pps%d\n", pps->id);
- mutex_lock(&pps_idr_lock);
- idr_remove(&pps_idr, pps->id);
- mutex_unlock(&pps_idr_lock);
-
- kfree(dev);
kfree(pps);
}
int pps_register_cdev(struct pps_device *pps)
{
int err;
- dev_t devt;
mutex_lock(&pps_idr_lock);
/*
@@ -363,40 +370,29 @@ int pps_register_cdev(struct pps_device *pps)
goto out_unlock;
}
pps->id = err;
- mutex_unlock(&pps_idr_lock);
- devt = MKDEV(MAJOR(pps_devt), pps->id);
-
- cdev_init(&pps->cdev, &pps_cdev_fops);
- pps->cdev.owner = pps->info.owner;
-
- err = cdev_add(&pps->cdev, devt, 1);
- if (err) {
- pr_err("%s: failed to add char device %d:%d\n",
- pps->info.name, MAJOR(pps_devt), pps->id);
+ pps->dev.class = pps_class;
+ pps->dev.parent = pps->info.dev;
+ pps->dev.devt = MKDEV(pps_major, pps->id);
+ dev_set_drvdata(&pps->dev, pps);
+ dev_set_name(&pps->dev, "pps%d", pps->id);
+ err = device_register(&pps->dev);
+ if (err)
goto free_idr;
- }
- pps->dev = device_create(pps_class, pps->info.dev, devt, pps,
- "pps%d", pps->id);
- if (IS_ERR(pps->dev)) {
- err = PTR_ERR(pps->dev);
- goto del_cdev;
- }
/* Override the release function with our own */
- pps->dev->release = pps_device_destruct;
+ pps->dev.release = pps_device_destruct;
- pr_debug("source %s got cdev (%d:%d)\n", pps->info.name,
- MAJOR(pps_devt), pps->id);
+ pr_debug("source %s got cdev (%d:%d)\n", pps->info.name, pps_major,
+ pps->id);
+ get_device(&pps->dev);
+ mutex_unlock(&pps_idr_lock);
return 0;
-del_cdev:
- cdev_del(&pps->cdev);
-
free_idr:
- mutex_lock(&pps_idr_lock);
idr_remove(&pps_idr, pps->id);
+ put_device(&pps->dev);
out_unlock:
mutex_unlock(&pps_idr_lock);
return err;
@@ -406,7 +402,13 @@ void pps_unregister_cdev(struct pps_device *pps)
{
pr_debug("unregistering pps%d\n", pps->id);
pps->lookup_cookie = NULL;
- device_destroy(pps_class, pps->dev->devt);
+ device_destroy(pps_class, pps->dev.devt);
+
+ /* Now we can release the ID for re-use */
+ mutex_lock(&pps_idr_lock);
+ idr_remove(&pps_idr, pps->id);
+ put_device(&pps->dev);
+ mutex_unlock(&pps_idr_lock);
}
/*
@@ -426,6 +428,11 @@ void pps_unregister_cdev(struct pps_device *pps)
* so that it will not be used again, even if the pps device cannot
* be removed from the idr due to pending references holding the minor
* number in use.
+ *
+ * Since pps_idr holds a reference to the device, the returned
+ * pps_device is guaranteed to be valid until pps_unregister_cdev() is
+ * called on it. But after calling pps_unregister_cdev(), it may be
+ * freed at any time.
*/
struct pps_device *pps_lookup_dev(void const *cookie)
{
@@ -448,13 +455,11 @@ EXPORT_SYMBOL(pps_lookup_dev);
static void __exit pps_exit(void)
{
class_destroy(pps_class);
- unregister_chrdev_region(pps_devt, PPS_MAX_SOURCES);
+ __unregister_chrdev(pps_major, 0, PPS_MAX_SOURCES, "pps");
}
static int __init pps_init(void)
{
- int err;
-
pps_class = class_create("pps");
if (IS_ERR(pps_class)) {
pr_err("failed to allocate class\n");
@@ -462,8 +467,9 @@ static int __init pps_init(void)
}
pps_class->dev_groups = pps_groups;
- err = alloc_chrdev_region(&pps_devt, 0, PPS_MAX_SOURCES, "pps");
- if (err < 0) {
+ pps_major = __register_chrdev(0, 0, PPS_MAX_SOURCES, "pps",
+ &pps_cdev_fops);
+ if (pps_major < 0) {
pr_err("failed to allocate char device region\n");
goto remove_class;
}
@@ -476,8 +482,7 @@ static int __init pps_init(void)
remove_class:
class_destroy(pps_class);
-
- return err;
+ return pps_major;
}
subsys_initcall(pps_init);
diff --git a/drivers/ptp/ptp_ocp.c b/drivers/ptp/ptp_ocp.c
index 5feecaadde8e..120db96d9e95 100644
--- a/drivers/ptp/ptp_ocp.c
+++ b/drivers/ptp/ptp_ocp.c
@@ -4420,7 +4420,7 @@ ptp_ocp_complete(struct ptp_ocp *bp)
pps = pps_lookup_dev(bp->ptp);
if (pps)
- ptp_ocp_symlink(bp, pps->dev, "pps");
+ ptp_ocp_symlink(bp, &pps->dev, "pps");
ptp_ocp_debugfs_add_device(bp);
diff --git a/include/linux/pps_kernel.h b/include/linux/pps_kernel.h
index 78c8ac4951b5..c7abce28ed29 100644
--- a/include/linux/pps_kernel.h
+++ b/include/linux/pps_kernel.h
@@ -56,8 +56,7 @@ struct pps_device {
unsigned int id; /* PPS source unique ID */
void const *lookup_cookie; /* For pps_lookup_dev() only */
- struct cdev cdev;
- struct device *dev;
+ struct device dev;
struct fasync_struct *async_queue; /* fasync method */
spinlock_t lock;
};
2 months, 3 weeks
- 3
- 2
[PATCH 6.6 1/2] Revert "btrfs: avoid monopolizing a core when activating a swap file"
by Koichiro Den
This reverts commit 6e1a8225930719a9f352d56320214e33e2dde0a6.
The backport for linux-6.6.y, commit 6e1a82259307 ("btrfs: avoid
monopolizing a core when activating a swap file"), inserted
cond_resched() in the wrong location.
Revert it now; a subsequent commit will re-backport the original patch.
Fixes: 6e1a82259307 ("btrfs: avoid monopolizing a core when activating a swap file") # linux-6.6.y
Signed-off-by: Koichiro Den <koichiro.den(a)canonical.com>
---
fs/btrfs/inode.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c
index eb9319d856f2..49c927e8a807 100644
--- a/fs/btrfs/inode.c
+++ b/fs/btrfs/inode.c
@@ -7153,8 +7153,6 @@ noinline int can_nocow_extent(struct inode *inode, u64 offset, u64 *len,
ret = -EAGAIN;
goto out;
}
-
- cond_resched();
}
if (orig_start)
--
2.45.2
2 months, 3 weeks
- 2
- 2
[PATCH 5.4~6.13] MIPS: ftrace: Declare ftrace_get_parent_ra_addr() as static
by WangYuli
commit ddd068d81445b17ac0bed084dfeb9e58b4df3ddd upstream.
Declare ftrace_get_parent_ra_addr() as static to suppress clang
compiler warning that 'no previous prototype'. This function is
not intended to be called from other parts.
Fix follow error with clang-19:
arch/mips/kernel/ftrace.c:251:15: error: no previous prototype for function 'ftrace_get_parent_ra_addr' [-Werror,-Wmissing-prototypes]
251 | unsigned long ftrace_get_parent_ra_addr(unsigned long self_ra, unsigned long
| ^
arch/mips/kernel/ftrace.c:251:1: note: declare 'static' if the function is not intended to be used outside of this translation unit
251 | unsigned long ftrace_get_parent_ra_addr(unsigned long self_ra, unsigned long
| ^
| static
1 error generated.
Signed-off-by: WangYuli <wangyuli(a)uniontech.com>
Acked-by: Masami Hiramatsu (Google) <mhiramat(a)kernel.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd(a)linaro.org>
Signed-off-by: Thomas Bogendoerfer <tsbogend(a)alpha.franken.de>
Signed-off-by: WangYuli <wangyuli(a)uniontech.com>
---
arch/mips/kernel/ftrace.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/mips/kernel/ftrace.c b/arch/mips/kernel/ftrace.c
index 8c401e42301c..f39e85fd58fa 100644
--- a/arch/mips/kernel/ftrace.c
+++ b/arch/mips/kernel/ftrace.c
@@ -248,7 +248,7 @@ int ftrace_disable_ftrace_graph_caller(void)
#define S_R_SP (0xafb0 << 16) /* s{d,w} R, offset(sp) */
#define OFFSET_MASK 0xffff /* stack offset range: 0 ~ PT_SIZE */
-unsigned long ftrace_get_parent_ra_addr(unsigned long self_ra, unsigned long
+static unsigned long ftrace_get_parent_ra_addr(unsigned long self_ra, unsigned long
old_parent_ra, unsigned long parent_ra_addr, unsigned long fp)
{
unsigned long sp, ip, tmp;
--
2.47.2
2 months, 3 weeks
- 2
- 1
[PATCH] Documentation/no_hz: Remove description that states boot CPU cannot be nohz_full
by Krishanth Jagaduri via B4 Relay
From: Oleg Nesterov <oleg(a)redhat.com>
[ Upstream commit 5097cbcb38e6e0d2627c9dde1985e91d2c9f880e ]
Documentation/timers/no_hz.rst states that the "nohz_full=" mask must not
include the boot CPU, which is no longer true after:
commit 08ae95f4fd3b ("nohz_full: Allow the boot CPU to be nohz_full").
Apply changes only to Documentation/timers/no_hz.rst in stable kernels.
Signed-off-by: Oleg Nesterov <oleg(a)redhat.com>
Cc: stable(a)vger.kernel.org # 5.4+
Signed-off-by: Krishanth Jagaduri <Krishanth.Jagaduri(a)sony.com>
---
Hi,
Before kernel 6.9, Documentation/timers/no_hz.rst states that
"nohz_full=" mask must not include the boot CPU, which is no longer
true after commit 08ae95f4fd3b ("nohz_full: Allow the boot CPU to be
nohz_full").
This was fixed upstream by commit 5097cbcb38e6 ("sched/isolation: Prevent
boot crash when the boot CPU is nohz_full").
While it fixes the document description, it also fixes issue introduced
by another commit aae17ebb53cd ("workqueue: Avoid using isolated cpus'
timers on queue_delayed_work").
It is unlikely that it will be backported to stable kernels which does
not contain the commit that introduced the issue.
Could Documentation/timers/no_hz.rst be fixed in stable kernels 5.4+?
---
Documentation/timers/no_hz.rst | 7 ++-----
1 file changed, 2 insertions(+), 5 deletions(-)
diff --git a/Documentation/timers/no_hz.rst b/Documentation/timers/no_hz.rst
index 065db217cb04fc252bbf6a05991296e7f1d3a4c5..16bda468423e88090c0dc467ca7a5c7f3fd2bf02 100644
--- a/Documentation/timers/no_hz.rst
+++ b/Documentation/timers/no_hz.rst
@@ -129,11 +129,8 @@ adaptive-tick CPUs: At least one non-adaptive-tick CPU must remain
online to handle timekeeping tasks in order to ensure that system
calls like gettimeofday() returns accurate values on adaptive-tick CPUs.
(This is not an issue for CONFIG_NO_HZ_IDLE=y because there are no running
-user processes to observe slight drifts in clock rate.) Therefore, the
-boot CPU is prohibited from entering adaptive-ticks mode. Specifying a
-"nohz_full=" mask that includes the boot CPU will result in a boot-time
-error message, and the boot CPU will be removed from the mask. Note that
-this means that your system must have at least two CPUs in order for
+user processes to observe slight drifts in clock rate.) Note that this
+means that your system must have at least two CPUs in order for
CONFIG_NO_HZ_FULL=y to do anything for you.
Finally, adaptive-ticks CPUs must have their RCU callbacks offloaded.
---
base-commit: 219d54332a09e8d8741c1e1982f5eae56099de85
change-id: 20250129-send-oss-20250129-3c42dcf463eb
Best regards,
--
Krishanth Jagaduri <Krishanth.Jagaduri(a)sony.com>
2 months, 3 weeks
- 4
- 3
FAILED: patch "[PATCH] pps: Fix a use-after-free" failed to apply to 5.10-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 5.10-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y
git checkout FETCH_HEAD
git cherry-pick -x c79a39dc8d060b9e64e8b0fa9d245d44befeefbe
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025020422-tragedy-splashing-50db@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From c79a39dc8d060b9e64e8b0fa9d245d44befeefbe Mon Sep 17 00:00:00 2001
From: Calvin Owens <calvin(a)wbinvd.org>
Date: Mon, 11 Nov 2024 20:13:29 -0800
Subject: [PATCH] pps: Fix a use-after-free
On a board running ntpd and gpsd, I'm seeing a consistent use-after-free
in sys_exit() from gpsd when rebooting:
pps pps1: removed
------------[ cut here ]------------
kobject: '(null)' (00000000db4bec24): is not initialized, yet kobject_put() is being called.
WARNING: CPU: 2 PID: 440 at lib/kobject.c:734 kobject_put+0x120/0x150
CPU: 2 UID: 299 PID: 440 Comm: gpsd Not tainted 6.11.0-rc6-00308-gb31c44928842 #1
Hardware name: Raspberry Pi 4 Model B Rev 1.1 (DT)
pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : kobject_put+0x120/0x150
lr : kobject_put+0x120/0x150
sp : ffffffc0803d3ae0
x29: ffffffc0803d3ae0 x28: ffffff8042dc9738 x27: 0000000000000001
x26: 0000000000000000 x25: ffffff8042dc9040 x24: ffffff8042dc9440
x23: ffffff80402a4620 x22: ffffff8042ef4bd0 x21: ffffff80405cb600
x20: 000000000008001b x19: ffffff8040b3b6e0 x18: 0000000000000000
x17: 0000000000000000 x16: 0000000000000000 x15: 696e6920746f6e20
x14: 7369203a29343263 x13: 205d303434542020 x12: 0000000000000000
x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000
x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000000
x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000000
Call trace:
kobject_put+0x120/0x150
cdev_put+0x20/0x3c
__fput+0x2c4/0x2d8
____fput+0x1c/0x38
task_work_run+0x70/0xfc
do_exit+0x2a0/0x924
do_group_exit+0x34/0x90
get_signal+0x7fc/0x8c0
do_signal+0x128/0x13b4
do_notify_resume+0xdc/0x160
el0_svc+0xd4/0xf8
el0t_64_sync_handler+0x140/0x14c
el0t_64_sync+0x190/0x194
---[ end trace 0000000000000000 ]---
...followed by more symptoms of corruption, with similar stacks:
refcount_t: underflow; use-after-free.
kernel BUG at lib/list_debug.c:62!
Kernel panic - not syncing: Oops - BUG: Fatal exception
This happens because pps_device_destruct() frees the pps_device with the
embedded cdev immediately after calling cdev_del(), but, as the comment
above cdev_del() notes, fops for previously opened cdevs are still
callable even after cdev_del() returns. I think this bug has always
been there: I can't explain why it suddenly started happening every time
I reboot this particular board.
In commit d953e0e837e6 ("pps: Fix a use-after free bug when
unregistering a source."), George Spelvin suggested removing the
embedded cdev. That seems like the simplest way to fix this, so I've
implemented his suggestion, using __register_chrdev() with pps_idr
becoming the source of truth for which minor corresponds to which
device.
But now that pps_idr defines userspace visibility instead of cdev_add(),
we need to be sure the pps->dev refcount can't reach zero while
userspace can still find it again. So, the idr_remove() call moves to
pps_unregister_cdev(), and pps_idr now holds a reference to pps->dev.
pps_core: source serial1 got cdev (251:1)
<...>
pps pps1: removed
pps_core: unregistering pps1
pps_core: deallocating pps1
Fixes: d953e0e837e6 ("pps: Fix a use-after free bug when unregistering a source.")
Cc: stable(a)vger.kernel.org
Signed-off-by: Calvin Owens <calvin(a)wbinvd.org>
Reviewed-by: Michal Schmidt <mschmidt(a)redhat.com>
Link: https://lore.kernel.org/r/a17975fd5ae99385791929e563f72564edbcf28f.17313837…
Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
diff --git a/drivers/pps/clients/pps-gpio.c b/drivers/pps/clients/pps-gpio.c
index 634c3b2f8c26..f77b19884f05 100644
--- a/drivers/pps/clients/pps-gpio.c
+++ b/drivers/pps/clients/pps-gpio.c
@@ -214,8 +214,8 @@ static int pps_gpio_probe(struct platform_device *pdev)
return -EINVAL;
}
- dev_info(data->pps->dev, "Registered IRQ %d as PPS source\n",
- data->irq);
+ dev_dbg(&data->pps->dev, "Registered IRQ %d as PPS source\n",
+ data->irq);
return 0;
}
diff --git a/drivers/pps/clients/pps-ktimer.c b/drivers/pps/clients/pps-ktimer.c
index d33106bd7a29..2f465549b843 100644
--- a/drivers/pps/clients/pps-ktimer.c
+++ b/drivers/pps/clients/pps-ktimer.c
@@ -56,7 +56,7 @@ static struct pps_source_info pps_ktimer_info = {
static void __exit pps_ktimer_exit(void)
{
- dev_info(pps->dev, "ktimer PPS source unregistered\n");
+ dev_dbg(&pps->dev, "ktimer PPS source unregistered\n");
del_timer_sync(&ktimer);
pps_unregister_source(pps);
@@ -74,7 +74,7 @@ static int __init pps_ktimer_init(void)
timer_setup(&ktimer, pps_ktimer_event, 0);
mod_timer(&ktimer, jiffies + HZ);
- dev_info(pps->dev, "ktimer PPS source registered\n");
+ dev_dbg(&pps->dev, "ktimer PPS source registered\n");
return 0;
}
diff --git a/drivers/pps/clients/pps-ldisc.c b/drivers/pps/clients/pps-ldisc.c
index 443d6bae19d1..fa5660f3c4b7 100644
--- a/drivers/pps/clients/pps-ldisc.c
+++ b/drivers/pps/clients/pps-ldisc.c
@@ -32,7 +32,7 @@ static void pps_tty_dcd_change(struct tty_struct *tty, bool active)
pps_event(pps, &ts, active ? PPS_CAPTUREASSERT :
PPS_CAPTURECLEAR, NULL);
- dev_dbg(pps->dev, "PPS %s at %lu\n",
+ dev_dbg(&pps->dev, "PPS %s at %lu\n",
active ? "assert" : "clear", jiffies);
}
@@ -69,7 +69,7 @@ static int pps_tty_open(struct tty_struct *tty)
goto err_unregister;
}
- dev_info(pps->dev, "source \"%s\" added\n", info.path);
+ dev_dbg(&pps->dev, "source \"%s\" added\n", info.path);
return 0;
@@ -89,7 +89,7 @@ static void pps_tty_close(struct tty_struct *tty)
if (WARN_ON(!pps))
return;
- dev_info(pps->dev, "removed\n");
+ dev_info(&pps->dev, "removed\n");
pps_unregister_source(pps);
}
diff --git a/drivers/pps/clients/pps_parport.c b/drivers/pps/clients/pps_parport.c
index abaffb4e1c1c..24db06750297 100644
--- a/drivers/pps/clients/pps_parport.c
+++ b/drivers/pps/clients/pps_parport.c
@@ -81,7 +81,7 @@ static void parport_irq(void *handle)
/* check the signal (no signal means the pulse is lost this time) */
if (!signal_is_set(port)) {
local_irq_restore(flags);
- dev_err(dev->pps->dev, "lost the signal\n");
+ dev_err(&dev->pps->dev, "lost the signal\n");
goto out_assert;
}
@@ -98,7 +98,7 @@ static void parport_irq(void *handle)
/* timeout */
dev->cw_err++;
if (dev->cw_err >= CLEAR_WAIT_MAX_ERRORS) {
- dev_err(dev->pps->dev, "disabled clear edge capture after %d"
+ dev_err(&dev->pps->dev, "disabled clear edge capture after %d"
" timeouts\n", dev->cw_err);
dev->cw = 0;
dev->cw_err = 0;
diff --git a/drivers/pps/kapi.c b/drivers/pps/kapi.c
index d9d566f70ed1..92d1b62ea239 100644
--- a/drivers/pps/kapi.c
+++ b/drivers/pps/kapi.c
@@ -41,7 +41,7 @@ static void pps_add_offset(struct pps_ktime *ts, struct pps_ktime *offset)
static void pps_echo_client_default(struct pps_device *pps, int event,
void *data)
{
- dev_info(pps->dev, "echo %s %s\n",
+ dev_info(&pps->dev, "echo %s %s\n",
event & PPS_CAPTUREASSERT ? "assert" : "",
event & PPS_CAPTURECLEAR ? "clear" : "");
}
@@ -112,7 +112,7 @@ struct pps_device *pps_register_source(struct pps_source_info *info,
goto kfree_pps;
}
- dev_info(pps->dev, "new PPS source %s\n", info->name);
+ dev_dbg(&pps->dev, "new PPS source %s\n", info->name);
return pps;
@@ -166,7 +166,7 @@ void pps_event(struct pps_device *pps, struct pps_event_time *ts, int event,
/* check event type */
BUG_ON((event & (PPS_CAPTUREASSERT | PPS_CAPTURECLEAR)) == 0);
- dev_dbg(pps->dev, "PPS event at %lld.%09ld\n",
+ dev_dbg(&pps->dev, "PPS event at %lld.%09ld\n",
(s64)ts->ts_real.tv_sec, ts->ts_real.tv_nsec);
timespec_to_pps_ktime(&ts_real, ts->ts_real);
@@ -188,7 +188,7 @@ void pps_event(struct pps_device *pps, struct pps_event_time *ts, int event,
/* Save the time stamp */
pps->assert_tu = ts_real;
pps->assert_sequence++;
- dev_dbg(pps->dev, "capture assert seq #%u\n",
+ dev_dbg(&pps->dev, "capture assert seq #%u\n",
pps->assert_sequence);
captured = ~0;
@@ -202,7 +202,7 @@ void pps_event(struct pps_device *pps, struct pps_event_time *ts, int event,
/* Save the time stamp */
pps->clear_tu = ts_real;
pps->clear_sequence++;
- dev_dbg(pps->dev, "capture clear seq #%u\n",
+ dev_dbg(&pps->dev, "capture clear seq #%u\n",
pps->clear_sequence);
captured = ~0;
diff --git a/drivers/pps/kc.c b/drivers/pps/kc.c
index 50dc59af45be..fbd23295afd7 100644
--- a/drivers/pps/kc.c
+++ b/drivers/pps/kc.c
@@ -43,11 +43,11 @@ int pps_kc_bind(struct pps_device *pps, struct pps_bind_args *bind_args)
pps_kc_hardpps_mode = 0;
pps_kc_hardpps_dev = NULL;
spin_unlock_irq(&pps_kc_hardpps_lock);
- dev_info(pps->dev, "unbound kernel"
+ dev_info(&pps->dev, "unbound kernel"
" consumer\n");
} else {
spin_unlock_irq(&pps_kc_hardpps_lock);
- dev_err(pps->dev, "selected kernel consumer"
+ dev_err(&pps->dev, "selected kernel consumer"
" is not bound\n");
return -EINVAL;
}
@@ -57,11 +57,11 @@ int pps_kc_bind(struct pps_device *pps, struct pps_bind_args *bind_args)
pps_kc_hardpps_mode = bind_args->edge;
pps_kc_hardpps_dev = pps;
spin_unlock_irq(&pps_kc_hardpps_lock);
- dev_info(pps->dev, "bound kernel consumer: "
+ dev_info(&pps->dev, "bound kernel consumer: "
"edge=0x%x\n", bind_args->edge);
} else {
spin_unlock_irq(&pps_kc_hardpps_lock);
- dev_err(pps->dev, "another kernel consumer"
+ dev_err(&pps->dev, "another kernel consumer"
" is already bound\n");
return -EINVAL;
}
@@ -83,7 +83,7 @@ void pps_kc_remove(struct pps_device *pps)
pps_kc_hardpps_mode = 0;
pps_kc_hardpps_dev = NULL;
spin_unlock_irq(&pps_kc_hardpps_lock);
- dev_info(pps->dev, "unbound kernel consumer"
+ dev_info(&pps->dev, "unbound kernel consumer"
" on device removal\n");
} else
spin_unlock_irq(&pps_kc_hardpps_lock);
diff --git a/drivers/pps/pps.c b/drivers/pps/pps.c
index 25d47907db17..6a02245ea35f 100644
--- a/drivers/pps/pps.c
+++ b/drivers/pps/pps.c
@@ -25,7 +25,7 @@
* Local variables
*/
-static dev_t pps_devt;
+static int pps_major;
static struct class *pps_class;
static DEFINE_MUTEX(pps_idr_lock);
@@ -62,7 +62,7 @@ static int pps_cdev_pps_fetch(struct pps_device *pps, struct pps_fdata *fdata)
else {
unsigned long ticks;
- dev_dbg(pps->dev, "timeout %lld.%09d\n",
+ dev_dbg(&pps->dev, "timeout %lld.%09d\n",
(long long) fdata->timeout.sec,
fdata->timeout.nsec);
ticks = fdata->timeout.sec * HZ;
@@ -80,7 +80,7 @@ static int pps_cdev_pps_fetch(struct pps_device *pps, struct pps_fdata *fdata)
/* Check for pending signals */
if (err == -ERESTARTSYS) {
- dev_dbg(pps->dev, "pending signal caught\n");
+ dev_dbg(&pps->dev, "pending signal caught\n");
return -EINTR;
}
@@ -98,7 +98,7 @@ static long pps_cdev_ioctl(struct file *file,
switch (cmd) {
case PPS_GETPARAMS:
- dev_dbg(pps->dev, "PPS_GETPARAMS\n");
+ dev_dbg(&pps->dev, "PPS_GETPARAMS\n");
spin_lock_irq(&pps->lock);
@@ -114,7 +114,7 @@ static long pps_cdev_ioctl(struct file *file,
break;
case PPS_SETPARAMS:
- dev_dbg(pps->dev, "PPS_SETPARAMS\n");
+ dev_dbg(&pps->dev, "PPS_SETPARAMS\n");
/* Check the capabilities */
if (!capable(CAP_SYS_TIME))
@@ -124,14 +124,14 @@ static long pps_cdev_ioctl(struct file *file,
if (err)
return -EFAULT;
if (!(params.mode & (PPS_CAPTUREASSERT | PPS_CAPTURECLEAR))) {
- dev_dbg(pps->dev, "capture mode unspecified (%x)\n",
+ dev_dbg(&pps->dev, "capture mode unspecified (%x)\n",
params.mode);
return -EINVAL;
}
/* Check for supported capabilities */
if ((params.mode & ~pps->info.mode) != 0) {
- dev_dbg(pps->dev, "unsupported capabilities (%x)\n",
+ dev_dbg(&pps->dev, "unsupported capabilities (%x)\n",
params.mode);
return -EINVAL;
}
@@ -144,7 +144,7 @@ static long pps_cdev_ioctl(struct file *file,
/* Restore the read only parameters */
if ((params.mode & (PPS_TSFMT_TSPEC | PPS_TSFMT_NTPFP)) == 0) {
/* section 3.3 of RFC 2783 interpreted */
- dev_dbg(pps->dev, "time format unspecified (%x)\n",
+ dev_dbg(&pps->dev, "time format unspecified (%x)\n",
params.mode);
pps->params.mode |= PPS_TSFMT_TSPEC;
}
@@ -165,7 +165,7 @@ static long pps_cdev_ioctl(struct file *file,
break;
case PPS_GETCAP:
- dev_dbg(pps->dev, "PPS_GETCAP\n");
+ dev_dbg(&pps->dev, "PPS_GETCAP\n");
err = put_user(pps->info.mode, iuarg);
if (err)
@@ -176,7 +176,7 @@ static long pps_cdev_ioctl(struct file *file,
case PPS_FETCH: {
struct pps_fdata fdata;
- dev_dbg(pps->dev, "PPS_FETCH\n");
+ dev_dbg(&pps->dev, "PPS_FETCH\n");
err = copy_from_user(&fdata, uarg, sizeof(struct pps_fdata));
if (err)
@@ -206,7 +206,7 @@ static long pps_cdev_ioctl(struct file *file,
case PPS_KC_BIND: {
struct pps_bind_args bind_args;
- dev_dbg(pps->dev, "PPS_KC_BIND\n");
+ dev_dbg(&pps->dev, "PPS_KC_BIND\n");
/* Check the capabilities */
if (!capable(CAP_SYS_TIME))
@@ -218,7 +218,7 @@ static long pps_cdev_ioctl(struct file *file,
/* Check for supported capabilities */
if ((bind_args.edge & ~pps->info.mode) != 0) {
- dev_err(pps->dev, "unsupported capabilities (%x)\n",
+ dev_err(&pps->dev, "unsupported capabilities (%x)\n",
bind_args.edge);
return -EINVAL;
}
@@ -227,7 +227,7 @@ static long pps_cdev_ioctl(struct file *file,
if (bind_args.tsformat != PPS_TSFMT_TSPEC ||
(bind_args.edge & ~PPS_CAPTUREBOTH) != 0 ||
bind_args.consumer != PPS_KC_HARDPPS) {
- dev_err(pps->dev, "invalid kernel consumer bind"
+ dev_err(&pps->dev, "invalid kernel consumer bind"
" parameters (%x)\n", bind_args.edge);
return -EINVAL;
}
@@ -259,7 +259,7 @@ static long pps_cdev_compat_ioctl(struct file *file,
struct pps_fdata fdata;
int err;
- dev_dbg(pps->dev, "PPS_FETCH\n");
+ dev_dbg(&pps->dev, "PPS_FETCH\n");
err = copy_from_user(&compat, uarg, sizeof(struct pps_fdata_compat));
if (err)
@@ -296,20 +296,36 @@ static long pps_cdev_compat_ioctl(struct file *file,
#define pps_cdev_compat_ioctl NULL
#endif
+static struct pps_device *pps_idr_get(unsigned long id)
+{
+ struct pps_device *pps;
+
+ mutex_lock(&pps_idr_lock);
+ pps = idr_find(&pps_idr, id);
+ if (pps)
+ get_device(&pps->dev);
+
+ mutex_unlock(&pps_idr_lock);
+ return pps;
+}
+
static int pps_cdev_open(struct inode *inode, struct file *file)
{
- struct pps_device *pps = container_of(inode->i_cdev,
- struct pps_device, cdev);
+ struct pps_device *pps = pps_idr_get(iminor(inode));
+
+ if (!pps)
+ return -ENODEV;
+
file->private_data = pps;
- kobject_get(&pps->dev->kobj);
return 0;
}
static int pps_cdev_release(struct inode *inode, struct file *file)
{
- struct pps_device *pps = container_of(inode->i_cdev,
- struct pps_device, cdev);
- kobject_put(&pps->dev->kobj);
+ struct pps_device *pps = file->private_data;
+
+ WARN_ON(pps->id != iminor(inode));
+ put_device(&pps->dev);
return 0;
}
@@ -331,22 +347,13 @@ static void pps_device_destruct(struct device *dev)
{
struct pps_device *pps = dev_get_drvdata(dev);
- cdev_del(&pps->cdev);
-
- /* Now we can release the ID for re-use */
pr_debug("deallocating pps%d\n", pps->id);
- mutex_lock(&pps_idr_lock);
- idr_remove(&pps_idr, pps->id);
- mutex_unlock(&pps_idr_lock);
-
- kfree(dev);
kfree(pps);
}
int pps_register_cdev(struct pps_device *pps)
{
int err;
- dev_t devt;
mutex_lock(&pps_idr_lock);
/*
@@ -363,40 +370,29 @@ int pps_register_cdev(struct pps_device *pps)
goto out_unlock;
}
pps->id = err;
- mutex_unlock(&pps_idr_lock);
- devt = MKDEV(MAJOR(pps_devt), pps->id);
-
- cdev_init(&pps->cdev, &pps_cdev_fops);
- pps->cdev.owner = pps->info.owner;
-
- err = cdev_add(&pps->cdev, devt, 1);
- if (err) {
- pr_err("%s: failed to add char device %d:%d\n",
- pps->info.name, MAJOR(pps_devt), pps->id);
+ pps->dev.class = pps_class;
+ pps->dev.parent = pps->info.dev;
+ pps->dev.devt = MKDEV(pps_major, pps->id);
+ dev_set_drvdata(&pps->dev, pps);
+ dev_set_name(&pps->dev, "pps%d", pps->id);
+ err = device_register(&pps->dev);
+ if (err)
goto free_idr;
- }
- pps->dev = device_create(pps_class, pps->info.dev, devt, pps,
- "pps%d", pps->id);
- if (IS_ERR(pps->dev)) {
- err = PTR_ERR(pps->dev);
- goto del_cdev;
- }
/* Override the release function with our own */
- pps->dev->release = pps_device_destruct;
+ pps->dev.release = pps_device_destruct;
- pr_debug("source %s got cdev (%d:%d)\n", pps->info.name,
- MAJOR(pps_devt), pps->id);
+ pr_debug("source %s got cdev (%d:%d)\n", pps->info.name, pps_major,
+ pps->id);
+ get_device(&pps->dev);
+ mutex_unlock(&pps_idr_lock);
return 0;
-del_cdev:
- cdev_del(&pps->cdev);
-
free_idr:
- mutex_lock(&pps_idr_lock);
idr_remove(&pps_idr, pps->id);
+ put_device(&pps->dev);
out_unlock:
mutex_unlock(&pps_idr_lock);
return err;
@@ -406,7 +402,13 @@ void pps_unregister_cdev(struct pps_device *pps)
{
pr_debug("unregistering pps%d\n", pps->id);
pps->lookup_cookie = NULL;
- device_destroy(pps_class, pps->dev->devt);
+ device_destroy(pps_class, pps->dev.devt);
+
+ /* Now we can release the ID for re-use */
+ mutex_lock(&pps_idr_lock);
+ idr_remove(&pps_idr, pps->id);
+ put_device(&pps->dev);
+ mutex_unlock(&pps_idr_lock);
}
/*
@@ -426,6 +428,11 @@ void pps_unregister_cdev(struct pps_device *pps)
* so that it will not be used again, even if the pps device cannot
* be removed from the idr due to pending references holding the minor
* number in use.
+ *
+ * Since pps_idr holds a reference to the device, the returned
+ * pps_device is guaranteed to be valid until pps_unregister_cdev() is
+ * called on it. But after calling pps_unregister_cdev(), it may be
+ * freed at any time.
*/
struct pps_device *pps_lookup_dev(void const *cookie)
{
@@ -448,13 +455,11 @@ EXPORT_SYMBOL(pps_lookup_dev);
static void __exit pps_exit(void)
{
class_destroy(pps_class);
- unregister_chrdev_region(pps_devt, PPS_MAX_SOURCES);
+ __unregister_chrdev(pps_major, 0, PPS_MAX_SOURCES, "pps");
}
static int __init pps_init(void)
{
- int err;
-
pps_class = class_create("pps");
if (IS_ERR(pps_class)) {
pr_err("failed to allocate class\n");
@@ -462,8 +467,9 @@ static int __init pps_init(void)
}
pps_class->dev_groups = pps_groups;
- err = alloc_chrdev_region(&pps_devt, 0, PPS_MAX_SOURCES, "pps");
- if (err < 0) {
+ pps_major = __register_chrdev(0, 0, PPS_MAX_SOURCES, "pps",
+ &pps_cdev_fops);
+ if (pps_major < 0) {
pr_err("failed to allocate char device region\n");
goto remove_class;
}
@@ -476,8 +482,7 @@ static int __init pps_init(void)
remove_class:
class_destroy(pps_class);
-
- return err;
+ return pps_major;
}
subsys_initcall(pps_init);
diff --git a/drivers/ptp/ptp_ocp.c b/drivers/ptp/ptp_ocp.c
index 5feecaadde8e..120db96d9e95 100644
--- a/drivers/ptp/ptp_ocp.c
+++ b/drivers/ptp/ptp_ocp.c
@@ -4420,7 +4420,7 @@ ptp_ocp_complete(struct ptp_ocp *bp)
pps = pps_lookup_dev(bp->ptp);
if (pps)
- ptp_ocp_symlink(bp, pps->dev, "pps");
+ ptp_ocp_symlink(bp, &pps->dev, "pps");
ptp_ocp_debugfs_add_device(bp);
diff --git a/include/linux/pps_kernel.h b/include/linux/pps_kernel.h
index 78c8ac4951b5..c7abce28ed29 100644
--- a/include/linux/pps_kernel.h
+++ b/include/linux/pps_kernel.h
@@ -56,8 +56,7 @@ struct pps_device {
unsigned int id; /* PPS source unique ID */
void const *lookup_cookie; /* For pps_lookup_dev() only */
- struct cdev cdev;
- struct device *dev;
+ struct device dev;
struct fasync_struct *async_queue; /* fasync method */
spinlock_t lock;
};
2 months, 3 weeks
- 3
- 2
[PATCH 6.1 1/2] Revert "btrfs: avoid monopolizing a core when activating a swap file"
by Koichiro Den
This reverts commit bb8e287f596b62fac18ed84cc03a9f1752f6b3b8.
The backport for linux-6.1.y, commit bb8e287f596b ("btrfs: avoid
monopolizing a core when activating a swap file"), inserted
cond_resched() in the wrong location.
Revert it now; a subsequent commit will re-backport the original patch.
Fixes: bb8e287f596b ("btrfs: avoid monopolizing a core when activating a swap file") # linux-6.1.y
Signed-off-by: Koichiro Den <koichiro.den(a)canonical.com>
---
fs/btrfs/inode.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c
index b2cded5bf69c..f4a754d62bf4 100644
--- a/fs/btrfs/inode.c
+++ b/fs/btrfs/inode.c
@@ -7387,8 +7387,6 @@ noinline int can_nocow_extent(struct inode *inode, u64 offset, u64 *len,
ret = -EAGAIN;
goto out;
}
-
- cond_resched();
}
if (orig_start)
--
2.45.2
2 months, 3 weeks
- 2
- 2
[PATCH 5.15 1/2] Revert "btrfs: avoid monopolizing a core when activating a swap file"
by Koichiro Den
This reverts commit 214d92f0a465f93eea15e702e743f2c63823b1fd.
The backport for linux-5.15.y, commit 214d92f0a465 ("btrfs: avoid
monopolizing a core when activating a swap file"), inserted
cond_resched() in the wrong location.
Revert it now; a subsequent commit will re-backport the original patch.
Fixes: 214d92f0a465 ("btrfs: avoid monopolizing a core when activating a swap file") # linux-5.15.y
Signed-off-by: Koichiro Den <koichiro.den(a)canonical.com>
---
fs/btrfs/inode.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c
index a6b1dd834060..8f048e517e65 100644
--- a/fs/btrfs/inode.c
+++ b/fs/btrfs/inode.c
@@ -7698,8 +7698,6 @@ noinline int can_nocow_extent(struct inode *inode, u64 offset, u64 *len,
ret = -EAGAIN;
goto out;
}
-
- cond_resched();
}
btrfs_release_path(path);
--
2.45.2
2 months, 3 weeks
- 2
- 2
[PATCH 5.10.y] profile: Fix use after free in profile_tick()
by Xingrui Yi
[free]
profiling_store()
--> profile_init()
--> free_cpumask_var(prof_cpu_mask) <-- freed
[use]
tick_sched_timer()
--> profile_tick()
--> cpumask_available(prof_cpu_mask) <-- prof_cpu_mask is not NULL
if cpumask offstack
--> cpumask_test_cpu(smp_processor_id(), prof_cpu_mask) <-- use after free
When profile_init() failed if prof_buffer is not allocated,
prof_cpu_mask will be kfreed by free_cpumask_var() but not set
to NULL when CONFIG_CPUMASK_OFFSTACK=y, thus profile_tick() will
use prof_cpu_mask after free.
Signed-off-by: Xingrui Yi <yixingrui(a)linux.alibaba.com>
---
kernel/profile.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/kernel/profile.c b/kernel/profile.c
index 0db1122855c0..b5e85193cb02 100644
--- a/kernel/profile.c
+++ b/kernel/profile.c
@@ -137,6 +137,9 @@ int __ref profile_init(void)
return 0;
free_cpumask_var(prof_cpu_mask);
+#ifdef CONFIG_CPUMASK_OFFSTACK
+ prof_cpu_mask = NULL;
+#endif
return -ENOMEM;
}
--
2.43.5
2 months, 3 weeks
- 3
- 2
[PATCH 6.12 1/2] Revert "btrfs: avoid monopolizing a core when activating a swap file"
by Koichiro Den
This reverts commit 9f372e86b9bd1914df58c8f6e30939b7a224c6b0.
The backport for linux-6.12.y, commit 9f372e86b9bd ("btrfs: avoid
monopolizing a core when activating a swap file"), inserted
cond_resched() in the wrong location.
Revert it now; a subsequent commit will re-backport the original patch.
Fixes: 9f372e86b9bd ("btrfs: avoid monopolizing a core when activating a swap file") # linux-6.12.y
Signed-off-by: Koichiro Den <koichiro.den(a)canonical.com>
---
fs/btrfs/inode.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c
index a3c861b2a6d2..a74a09cf622d 100644
--- a/fs/btrfs/inode.c
+++ b/fs/btrfs/inode.c
@@ -7117,8 +7117,6 @@ noinline int can_nocow_extent(struct inode *inode, u64 offset, u64 *len,
ret = -EAGAIN;
goto out;
}
-
- cond_resched();
}
if (file_extent)
--
2.45.2
2 months, 3 weeks
- 2
- 2
[PATCH 6.1&6.6 0/3] kbuild: Avoid weak external linkage where possible
by Huacai Chen
Backport this series to 6.1&6.6 because LoongArch gets build errors with
latest binutils which has commit 599df6e2db17d1c4 ("ld, LoongArch: print
error about linking without -fPIC or -fPIE flag in more detail").
CC .vmlinux.export.o
UPD include/generated/utsversion.h
CC init/version-timestamp.o
LD .tmp_vmlinux.kallsyms1
loongarch64-unknown-linux-gnu-ld: kernel/kallsyms.o:(.text+0): relocation R_LARCH_PCALA_HI20 against `kallsyms_markers` can not be used when making a PIE object; recompile with -fPIE
loongarch64-unknown-linux-gnu-ld: kernel/crash_core.o:(.init.text+0x984): relocation R_LARCH_PCALA_HI20 against `kallsyms_names` can not be used when making a PIE object; recompile with -fPIE
loongarch64-unknown-linux-gnu-ld: kernel/bpf/btf.o:(.text+0xcc7c): relocation R_LARCH_PCALA_HI20 against `__start_BTF` can not be used when making a PIE object; recompile with -fPIE
loongarch64-unknown-linux-gnu-ld: BFD (GNU Binutils) 2.43.50.20241126 assertion fail ../../bfd/elfnn-loongarch.c:2673
In theory 5.10&5.15 also need this, but since LoongArch get upstream at
5.19, so I just ignore them because there is no error report about other
archs now.
Weak external linkage is intended for cases where a symbol reference
can remain unsatisfied in the final link. Taking the address of such a
symbol should yield NULL if the reference was not satisfied.
Given that ordinary RIP or PC relative references cannot produce NULL,
some kind of indirection is always needed in such cases, and in position
independent code, this results in a GOT entry. In ordinary code, it is
arch specific but amounts to the same thing.
While unavoidable in some cases, weak references are currently also used
to declare symbols that are always defined in the final link, but not in
the first linker pass. This means we end up with worse codegen for no
good reason. So let's clean this up, by providing preliminary
definitions that are only used as a fallback.
Ard Biesheuvel (3):
kallsyms: Avoid weak references for kallsyms symbols
vmlinux: Avoid weak reference to notes section
btf: Avoid weak external references
Signed-off-by: Ard Biesheuvel <ardb(a)kernel.org>
Signed-off-by: Huacai Chen <chenhuacai(a)loongson.cn>
---
include/asm-generic/vmlinux.lds.h | 28 ++++++++++++++++++
kernel/bpf/btf.c | 7 +++--
kernel/bpf/sysfs_btf.c | 6 ++--
kernel/kallsyms.c | 6 ----
kernel/kallsyms_internal.h | 30 ++++++++------------
kernel/ksysfs.c | 4 +--
lib/buildid.c | 4 +--
7 files changed, 52 insertions(+), 33 deletions(-)
---
2.27.0
2 months, 3 weeks
- 8
- 16
[PATCH 6.1] net: Fix icmp host relookup triggering ip_rt_bug
by vgiraud.opensource@witekio.com
From: Dong Chenchen <dongchenchen2(a)huawei.com>
[ Upstream commit c44daa7e3c73229f7ac74985acb8c7fb909c4e0a ]
arp link failure may trigger ip_rt_bug while xfrm enabled, call trace is:
WARNING: CPU: 0 PID: 0 at net/ipv4/route.c:1241 ip_rt_bug+0x14/0x20
Modules linked in:
CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.12.0-rc6-00077-g2e1b3cc9d7f7
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014
RIP: 0010:ip_rt_bug+0x14/0x20
Call Trace:
<IRQ>
ip_send_skb+0x14/0x40
__icmp_send+0x42d/0x6a0
ipv4_link_failure+0xe2/0x1d0
arp_error_report+0x3c/0x50
neigh_invalidate+0x8d/0x100
neigh_timer_handler+0x2e1/0x330
call_timer_fn+0x21/0x120
__run_timer_base.part.0+0x1c9/0x270
run_timer_softirq+0x4c/0x80
handle_softirqs+0xac/0x280
irq_exit_rcu+0x62/0x80
sysvec_apic_timer_interrupt+0x77/0x90
The script below reproduces this scenario:
ip xfrm policy add src 0.0.0.0/0 dst 0.0.0.0/0 \
dir out priority 0 ptype main flag localok icmp
ip l a veth1 type veth
ip a a 192.168.141.111/24 dev veth0
ip l s veth0 up
ping 192.168.141.155 -c 1
icmp_route_lookup() create input routes for locally generated packets
while xfrm relookup ICMP traffic.Then it will set input route
(dst->out = ip_rt_bug) to skb for DESTUNREACH.
For ICMP err triggered by locally generated packets, dst->dev of output
route is loopback. Generally, xfrm relookup verification is not required
on loopback interfaces (net.ipv4.conf.lo.disable_xfrm = 1).
Skip icmp relookup for locally generated packets to fix it.
Fixes: 8b7817f3a959 ("[IPSEC]: Add ICMP host relookup support")
Signed-off-by: Dong Chenchen <dongchenchen2(a)huawei.com>
Reviewed-by: David Ahern <dsahern(a)kernel.org>
Reviewed-by: Eric Dumazet <edumazet(a)google.com>
Link: https://patch.msgid.link/20241127040850.1513135-1-dongchenchen2@huawei.com
Signed-off-by: Jakub Kicinski <kuba(a)kernel.org>
Signed-off-by: Bruno VERNAY <bruno.vernay(a)se.com>
Signed-off-by: Victor Giraud <vgiraud.opensource(a)witekio.com>
---
net/ipv4/icmp.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/net/ipv4/icmp.c b/net/ipv4/icmp.c
index 9dffdd876fef..ab830c093f7e 100644
--- a/net/ipv4/icmp.c
+++ b/net/ipv4/icmp.c
@@ -522,6 +522,9 @@ static struct rtable *icmp_route_lookup(struct net *net,
if (rt != rt2)
return rt;
} else if (PTR_ERR(rt) == -EPERM) {
+ if (inet_addr_type_dev_table(net, route_lookup_dev,
+ fl4->daddr) == RTN_LOCAL)
+ return rt;
rt = NULL;
} else
return rt;
--
2.34.1
2 months, 3 weeks
- 2
- 1
FAILED: patch "[PATCH] pps: Fix a use-after-free" failed to apply to 5.15-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 5.15-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y
git checkout FETCH_HEAD
git cherry-pick -x c79a39dc8d060b9e64e8b0fa9d245d44befeefbe
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025020421-probe-shock-4e0d@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From c79a39dc8d060b9e64e8b0fa9d245d44befeefbe Mon Sep 17 00:00:00 2001
From: Calvin Owens <calvin(a)wbinvd.org>
Date: Mon, 11 Nov 2024 20:13:29 -0800
Subject: [PATCH] pps: Fix a use-after-free
On a board running ntpd and gpsd, I'm seeing a consistent use-after-free
in sys_exit() from gpsd when rebooting:
pps pps1: removed
------------[ cut here ]------------
kobject: '(null)' (00000000db4bec24): is not initialized, yet kobject_put() is being called.
WARNING: CPU: 2 PID: 440 at lib/kobject.c:734 kobject_put+0x120/0x150
CPU: 2 UID: 299 PID: 440 Comm: gpsd Not tainted 6.11.0-rc6-00308-gb31c44928842 #1
Hardware name: Raspberry Pi 4 Model B Rev 1.1 (DT)
pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : kobject_put+0x120/0x150
lr : kobject_put+0x120/0x150
sp : ffffffc0803d3ae0
x29: ffffffc0803d3ae0 x28: ffffff8042dc9738 x27: 0000000000000001
x26: 0000000000000000 x25: ffffff8042dc9040 x24: ffffff8042dc9440
x23: ffffff80402a4620 x22: ffffff8042ef4bd0 x21: ffffff80405cb600
x20: 000000000008001b x19: ffffff8040b3b6e0 x18: 0000000000000000
x17: 0000000000000000 x16: 0000000000000000 x15: 696e6920746f6e20
x14: 7369203a29343263 x13: 205d303434542020 x12: 0000000000000000
x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000
x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000000
x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000000
Call trace:
kobject_put+0x120/0x150
cdev_put+0x20/0x3c
__fput+0x2c4/0x2d8
____fput+0x1c/0x38
task_work_run+0x70/0xfc
do_exit+0x2a0/0x924
do_group_exit+0x34/0x90
get_signal+0x7fc/0x8c0
do_signal+0x128/0x13b4
do_notify_resume+0xdc/0x160
el0_svc+0xd4/0xf8
el0t_64_sync_handler+0x140/0x14c
el0t_64_sync+0x190/0x194
---[ end trace 0000000000000000 ]---
...followed by more symptoms of corruption, with similar stacks:
refcount_t: underflow; use-after-free.
kernel BUG at lib/list_debug.c:62!
Kernel panic - not syncing: Oops - BUG: Fatal exception
This happens because pps_device_destruct() frees the pps_device with the
embedded cdev immediately after calling cdev_del(), but, as the comment
above cdev_del() notes, fops for previously opened cdevs are still
callable even after cdev_del() returns. I think this bug has always
been there: I can't explain why it suddenly started happening every time
I reboot this particular board.
In commit d953e0e837e6 ("pps: Fix a use-after free bug when
unregistering a source."), George Spelvin suggested removing the
embedded cdev. That seems like the simplest way to fix this, so I've
implemented his suggestion, using __register_chrdev() with pps_idr
becoming the source of truth for which minor corresponds to which
device.
But now that pps_idr defines userspace visibility instead of cdev_add(),
we need to be sure the pps->dev refcount can't reach zero while
userspace can still find it again. So, the idr_remove() call moves to
pps_unregister_cdev(), and pps_idr now holds a reference to pps->dev.
pps_core: source serial1 got cdev (251:1)
<...>
pps pps1: removed
pps_core: unregistering pps1
pps_core: deallocating pps1
Fixes: d953e0e837e6 ("pps: Fix a use-after free bug when unregistering a source.")
Cc: stable(a)vger.kernel.org
Signed-off-by: Calvin Owens <calvin(a)wbinvd.org>
Reviewed-by: Michal Schmidt <mschmidt(a)redhat.com>
Link: https://lore.kernel.org/r/a17975fd5ae99385791929e563f72564edbcf28f.17313837…
Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
diff --git a/drivers/pps/clients/pps-gpio.c b/drivers/pps/clients/pps-gpio.c
index 634c3b2f8c26..f77b19884f05 100644
--- a/drivers/pps/clients/pps-gpio.c
+++ b/drivers/pps/clients/pps-gpio.c
@@ -214,8 +214,8 @@ static int pps_gpio_probe(struct platform_device *pdev)
return -EINVAL;
}
- dev_info(data->pps->dev, "Registered IRQ %d as PPS source\n",
- data->irq);
+ dev_dbg(&data->pps->dev, "Registered IRQ %d as PPS source\n",
+ data->irq);
return 0;
}
diff --git a/drivers/pps/clients/pps-ktimer.c b/drivers/pps/clients/pps-ktimer.c
index d33106bd7a29..2f465549b843 100644
--- a/drivers/pps/clients/pps-ktimer.c
+++ b/drivers/pps/clients/pps-ktimer.c
@@ -56,7 +56,7 @@ static struct pps_source_info pps_ktimer_info = {
static void __exit pps_ktimer_exit(void)
{
- dev_info(pps->dev, "ktimer PPS source unregistered\n");
+ dev_dbg(&pps->dev, "ktimer PPS source unregistered\n");
del_timer_sync(&ktimer);
pps_unregister_source(pps);
@@ -74,7 +74,7 @@ static int __init pps_ktimer_init(void)
timer_setup(&ktimer, pps_ktimer_event, 0);
mod_timer(&ktimer, jiffies + HZ);
- dev_info(pps->dev, "ktimer PPS source registered\n");
+ dev_dbg(&pps->dev, "ktimer PPS source registered\n");
return 0;
}
diff --git a/drivers/pps/clients/pps-ldisc.c b/drivers/pps/clients/pps-ldisc.c
index 443d6bae19d1..fa5660f3c4b7 100644
--- a/drivers/pps/clients/pps-ldisc.c
+++ b/drivers/pps/clients/pps-ldisc.c
@@ -32,7 +32,7 @@ static void pps_tty_dcd_change(struct tty_struct *tty, bool active)
pps_event(pps, &ts, active ? PPS_CAPTUREASSERT :
PPS_CAPTURECLEAR, NULL);
- dev_dbg(pps->dev, "PPS %s at %lu\n",
+ dev_dbg(&pps->dev, "PPS %s at %lu\n",
active ? "assert" : "clear", jiffies);
}
@@ -69,7 +69,7 @@ static int pps_tty_open(struct tty_struct *tty)
goto err_unregister;
}
- dev_info(pps->dev, "source \"%s\" added\n", info.path);
+ dev_dbg(&pps->dev, "source \"%s\" added\n", info.path);
return 0;
@@ -89,7 +89,7 @@ static void pps_tty_close(struct tty_struct *tty)
if (WARN_ON(!pps))
return;
- dev_info(pps->dev, "removed\n");
+ dev_info(&pps->dev, "removed\n");
pps_unregister_source(pps);
}
diff --git a/drivers/pps/clients/pps_parport.c b/drivers/pps/clients/pps_parport.c
index abaffb4e1c1c..24db06750297 100644
--- a/drivers/pps/clients/pps_parport.c
+++ b/drivers/pps/clients/pps_parport.c
@@ -81,7 +81,7 @@ static void parport_irq(void *handle)
/* check the signal (no signal means the pulse is lost this time) */
if (!signal_is_set(port)) {
local_irq_restore(flags);
- dev_err(dev->pps->dev, "lost the signal\n");
+ dev_err(&dev->pps->dev, "lost the signal\n");
goto out_assert;
}
@@ -98,7 +98,7 @@ static void parport_irq(void *handle)
/* timeout */
dev->cw_err++;
if (dev->cw_err >= CLEAR_WAIT_MAX_ERRORS) {
- dev_err(dev->pps->dev, "disabled clear edge capture after %d"
+ dev_err(&dev->pps->dev, "disabled clear edge capture after %d"
" timeouts\n", dev->cw_err);
dev->cw = 0;
dev->cw_err = 0;
diff --git a/drivers/pps/kapi.c b/drivers/pps/kapi.c
index d9d566f70ed1..92d1b62ea239 100644
--- a/drivers/pps/kapi.c
+++ b/drivers/pps/kapi.c
@@ -41,7 +41,7 @@ static void pps_add_offset(struct pps_ktime *ts, struct pps_ktime *offset)
static void pps_echo_client_default(struct pps_device *pps, int event,
void *data)
{
- dev_info(pps->dev, "echo %s %s\n",
+ dev_info(&pps->dev, "echo %s %s\n",
event & PPS_CAPTUREASSERT ? "assert" : "",
event & PPS_CAPTURECLEAR ? "clear" : "");
}
@@ -112,7 +112,7 @@ struct pps_device *pps_register_source(struct pps_source_info *info,
goto kfree_pps;
}
- dev_info(pps->dev, "new PPS source %s\n", info->name);
+ dev_dbg(&pps->dev, "new PPS source %s\n", info->name);
return pps;
@@ -166,7 +166,7 @@ void pps_event(struct pps_device *pps, struct pps_event_time *ts, int event,
/* check event type */
BUG_ON((event & (PPS_CAPTUREASSERT | PPS_CAPTURECLEAR)) == 0);
- dev_dbg(pps->dev, "PPS event at %lld.%09ld\n",
+ dev_dbg(&pps->dev, "PPS event at %lld.%09ld\n",
(s64)ts->ts_real.tv_sec, ts->ts_real.tv_nsec);
timespec_to_pps_ktime(&ts_real, ts->ts_real);
@@ -188,7 +188,7 @@ void pps_event(struct pps_device *pps, struct pps_event_time *ts, int event,
/* Save the time stamp */
pps->assert_tu = ts_real;
pps->assert_sequence++;
- dev_dbg(pps->dev, "capture assert seq #%u\n",
+ dev_dbg(&pps->dev, "capture assert seq #%u\n",
pps->assert_sequence);
captured = ~0;
@@ -202,7 +202,7 @@ void pps_event(struct pps_device *pps, struct pps_event_time *ts, int event,
/* Save the time stamp */
pps->clear_tu = ts_real;
pps->clear_sequence++;
- dev_dbg(pps->dev, "capture clear seq #%u\n",
+ dev_dbg(&pps->dev, "capture clear seq #%u\n",
pps->clear_sequence);
captured = ~0;
diff --git a/drivers/pps/kc.c b/drivers/pps/kc.c
index 50dc59af45be..fbd23295afd7 100644
--- a/drivers/pps/kc.c
+++ b/drivers/pps/kc.c
@@ -43,11 +43,11 @@ int pps_kc_bind(struct pps_device *pps, struct pps_bind_args *bind_args)
pps_kc_hardpps_mode = 0;
pps_kc_hardpps_dev = NULL;
spin_unlock_irq(&pps_kc_hardpps_lock);
- dev_info(pps->dev, "unbound kernel"
+ dev_info(&pps->dev, "unbound kernel"
" consumer\n");
} else {
spin_unlock_irq(&pps_kc_hardpps_lock);
- dev_err(pps->dev, "selected kernel consumer"
+ dev_err(&pps->dev, "selected kernel consumer"
" is not bound\n");
return -EINVAL;
}
@@ -57,11 +57,11 @@ int pps_kc_bind(struct pps_device *pps, struct pps_bind_args *bind_args)
pps_kc_hardpps_mode = bind_args->edge;
pps_kc_hardpps_dev = pps;
spin_unlock_irq(&pps_kc_hardpps_lock);
- dev_info(pps->dev, "bound kernel consumer: "
+ dev_info(&pps->dev, "bound kernel consumer: "
"edge=0x%x\n", bind_args->edge);
} else {
spin_unlock_irq(&pps_kc_hardpps_lock);
- dev_err(pps->dev, "another kernel consumer"
+ dev_err(&pps->dev, "another kernel consumer"
" is already bound\n");
return -EINVAL;
}
@@ -83,7 +83,7 @@ void pps_kc_remove(struct pps_device *pps)
pps_kc_hardpps_mode = 0;
pps_kc_hardpps_dev = NULL;
spin_unlock_irq(&pps_kc_hardpps_lock);
- dev_info(pps->dev, "unbound kernel consumer"
+ dev_info(&pps->dev, "unbound kernel consumer"
" on device removal\n");
} else
spin_unlock_irq(&pps_kc_hardpps_lock);
diff --git a/drivers/pps/pps.c b/drivers/pps/pps.c
index 25d47907db17..6a02245ea35f 100644
--- a/drivers/pps/pps.c
+++ b/drivers/pps/pps.c
@@ -25,7 +25,7 @@
* Local variables
*/
-static dev_t pps_devt;
+static int pps_major;
static struct class *pps_class;
static DEFINE_MUTEX(pps_idr_lock);
@@ -62,7 +62,7 @@ static int pps_cdev_pps_fetch(struct pps_device *pps, struct pps_fdata *fdata)
else {
unsigned long ticks;
- dev_dbg(pps->dev, "timeout %lld.%09d\n",
+ dev_dbg(&pps->dev, "timeout %lld.%09d\n",
(long long) fdata->timeout.sec,
fdata->timeout.nsec);
ticks = fdata->timeout.sec * HZ;
@@ -80,7 +80,7 @@ static int pps_cdev_pps_fetch(struct pps_device *pps, struct pps_fdata *fdata)
/* Check for pending signals */
if (err == -ERESTARTSYS) {
- dev_dbg(pps->dev, "pending signal caught\n");
+ dev_dbg(&pps->dev, "pending signal caught\n");
return -EINTR;
}
@@ -98,7 +98,7 @@ static long pps_cdev_ioctl(struct file *file,
switch (cmd) {
case PPS_GETPARAMS:
- dev_dbg(pps->dev, "PPS_GETPARAMS\n");
+ dev_dbg(&pps->dev, "PPS_GETPARAMS\n");
spin_lock_irq(&pps->lock);
@@ -114,7 +114,7 @@ static long pps_cdev_ioctl(struct file *file,
break;
case PPS_SETPARAMS:
- dev_dbg(pps->dev, "PPS_SETPARAMS\n");
+ dev_dbg(&pps->dev, "PPS_SETPARAMS\n");
/* Check the capabilities */
if (!capable(CAP_SYS_TIME))
@@ -124,14 +124,14 @@ static long pps_cdev_ioctl(struct file *file,
if (err)
return -EFAULT;
if (!(params.mode & (PPS_CAPTUREASSERT | PPS_CAPTURECLEAR))) {
- dev_dbg(pps->dev, "capture mode unspecified (%x)\n",
+ dev_dbg(&pps->dev, "capture mode unspecified (%x)\n",
params.mode);
return -EINVAL;
}
/* Check for supported capabilities */
if ((params.mode & ~pps->info.mode) != 0) {
- dev_dbg(pps->dev, "unsupported capabilities (%x)\n",
+ dev_dbg(&pps->dev, "unsupported capabilities (%x)\n",
params.mode);
return -EINVAL;
}
@@ -144,7 +144,7 @@ static long pps_cdev_ioctl(struct file *file,
/* Restore the read only parameters */
if ((params.mode & (PPS_TSFMT_TSPEC | PPS_TSFMT_NTPFP)) == 0) {
/* section 3.3 of RFC 2783 interpreted */
- dev_dbg(pps->dev, "time format unspecified (%x)\n",
+ dev_dbg(&pps->dev, "time format unspecified (%x)\n",
params.mode);
pps->params.mode |= PPS_TSFMT_TSPEC;
}
@@ -165,7 +165,7 @@ static long pps_cdev_ioctl(struct file *file,
break;
case PPS_GETCAP:
- dev_dbg(pps->dev, "PPS_GETCAP\n");
+ dev_dbg(&pps->dev, "PPS_GETCAP\n");
err = put_user(pps->info.mode, iuarg);
if (err)
@@ -176,7 +176,7 @@ static long pps_cdev_ioctl(struct file *file,
case PPS_FETCH: {
struct pps_fdata fdata;
- dev_dbg(pps->dev, "PPS_FETCH\n");
+ dev_dbg(&pps->dev, "PPS_FETCH\n");
err = copy_from_user(&fdata, uarg, sizeof(struct pps_fdata));
if (err)
@@ -206,7 +206,7 @@ static long pps_cdev_ioctl(struct file *file,
case PPS_KC_BIND: {
struct pps_bind_args bind_args;
- dev_dbg(pps->dev, "PPS_KC_BIND\n");
+ dev_dbg(&pps->dev, "PPS_KC_BIND\n");
/* Check the capabilities */
if (!capable(CAP_SYS_TIME))
@@ -218,7 +218,7 @@ static long pps_cdev_ioctl(struct file *file,
/* Check for supported capabilities */
if ((bind_args.edge & ~pps->info.mode) != 0) {
- dev_err(pps->dev, "unsupported capabilities (%x)\n",
+ dev_err(&pps->dev, "unsupported capabilities (%x)\n",
bind_args.edge);
return -EINVAL;
}
@@ -227,7 +227,7 @@ static long pps_cdev_ioctl(struct file *file,
if (bind_args.tsformat != PPS_TSFMT_TSPEC ||
(bind_args.edge & ~PPS_CAPTUREBOTH) != 0 ||
bind_args.consumer != PPS_KC_HARDPPS) {
- dev_err(pps->dev, "invalid kernel consumer bind"
+ dev_err(&pps->dev, "invalid kernel consumer bind"
" parameters (%x)\n", bind_args.edge);
return -EINVAL;
}
@@ -259,7 +259,7 @@ static long pps_cdev_compat_ioctl(struct file *file,
struct pps_fdata fdata;
int err;
- dev_dbg(pps->dev, "PPS_FETCH\n");
+ dev_dbg(&pps->dev, "PPS_FETCH\n");
err = copy_from_user(&compat, uarg, sizeof(struct pps_fdata_compat));
if (err)
@@ -296,20 +296,36 @@ static long pps_cdev_compat_ioctl(struct file *file,
#define pps_cdev_compat_ioctl NULL
#endif
+static struct pps_device *pps_idr_get(unsigned long id)
+{
+ struct pps_device *pps;
+
+ mutex_lock(&pps_idr_lock);
+ pps = idr_find(&pps_idr, id);
+ if (pps)
+ get_device(&pps->dev);
+
+ mutex_unlock(&pps_idr_lock);
+ return pps;
+}
+
static int pps_cdev_open(struct inode *inode, struct file *file)
{
- struct pps_device *pps = container_of(inode->i_cdev,
- struct pps_device, cdev);
+ struct pps_device *pps = pps_idr_get(iminor(inode));
+
+ if (!pps)
+ return -ENODEV;
+
file->private_data = pps;
- kobject_get(&pps->dev->kobj);
return 0;
}
static int pps_cdev_release(struct inode *inode, struct file *file)
{
- struct pps_device *pps = container_of(inode->i_cdev,
- struct pps_device, cdev);
- kobject_put(&pps->dev->kobj);
+ struct pps_device *pps = file->private_data;
+
+ WARN_ON(pps->id != iminor(inode));
+ put_device(&pps->dev);
return 0;
}
@@ -331,22 +347,13 @@ static void pps_device_destruct(struct device *dev)
{
struct pps_device *pps = dev_get_drvdata(dev);
- cdev_del(&pps->cdev);
-
- /* Now we can release the ID for re-use */
pr_debug("deallocating pps%d\n", pps->id);
- mutex_lock(&pps_idr_lock);
- idr_remove(&pps_idr, pps->id);
- mutex_unlock(&pps_idr_lock);
-
- kfree(dev);
kfree(pps);
}
int pps_register_cdev(struct pps_device *pps)
{
int err;
- dev_t devt;
mutex_lock(&pps_idr_lock);
/*
@@ -363,40 +370,29 @@ int pps_register_cdev(struct pps_device *pps)
goto out_unlock;
}
pps->id = err;
- mutex_unlock(&pps_idr_lock);
- devt = MKDEV(MAJOR(pps_devt), pps->id);
-
- cdev_init(&pps->cdev, &pps_cdev_fops);
- pps->cdev.owner = pps->info.owner;
-
- err = cdev_add(&pps->cdev, devt, 1);
- if (err) {
- pr_err("%s: failed to add char device %d:%d\n",
- pps->info.name, MAJOR(pps_devt), pps->id);
+ pps->dev.class = pps_class;
+ pps->dev.parent = pps->info.dev;
+ pps->dev.devt = MKDEV(pps_major, pps->id);
+ dev_set_drvdata(&pps->dev, pps);
+ dev_set_name(&pps->dev, "pps%d", pps->id);
+ err = device_register(&pps->dev);
+ if (err)
goto free_idr;
- }
- pps->dev = device_create(pps_class, pps->info.dev, devt, pps,
- "pps%d", pps->id);
- if (IS_ERR(pps->dev)) {
- err = PTR_ERR(pps->dev);
- goto del_cdev;
- }
/* Override the release function with our own */
- pps->dev->release = pps_device_destruct;
+ pps->dev.release = pps_device_destruct;
- pr_debug("source %s got cdev (%d:%d)\n", pps->info.name,
- MAJOR(pps_devt), pps->id);
+ pr_debug("source %s got cdev (%d:%d)\n", pps->info.name, pps_major,
+ pps->id);
+ get_device(&pps->dev);
+ mutex_unlock(&pps_idr_lock);
return 0;
-del_cdev:
- cdev_del(&pps->cdev);
-
free_idr:
- mutex_lock(&pps_idr_lock);
idr_remove(&pps_idr, pps->id);
+ put_device(&pps->dev);
out_unlock:
mutex_unlock(&pps_idr_lock);
return err;
@@ -406,7 +402,13 @@ void pps_unregister_cdev(struct pps_device *pps)
{
pr_debug("unregistering pps%d\n", pps->id);
pps->lookup_cookie = NULL;
- device_destroy(pps_class, pps->dev->devt);
+ device_destroy(pps_class, pps->dev.devt);
+
+ /* Now we can release the ID for re-use */
+ mutex_lock(&pps_idr_lock);
+ idr_remove(&pps_idr, pps->id);
+ put_device(&pps->dev);
+ mutex_unlock(&pps_idr_lock);
}
/*
@@ -426,6 +428,11 @@ void pps_unregister_cdev(struct pps_device *pps)
* so that it will not be used again, even if the pps device cannot
* be removed from the idr due to pending references holding the minor
* number in use.
+ *
+ * Since pps_idr holds a reference to the device, the returned
+ * pps_device is guaranteed to be valid until pps_unregister_cdev() is
+ * called on it. But after calling pps_unregister_cdev(), it may be
+ * freed at any time.
*/
struct pps_device *pps_lookup_dev(void const *cookie)
{
@@ -448,13 +455,11 @@ EXPORT_SYMBOL(pps_lookup_dev);
static void __exit pps_exit(void)
{
class_destroy(pps_class);
- unregister_chrdev_region(pps_devt, PPS_MAX_SOURCES);
+ __unregister_chrdev(pps_major, 0, PPS_MAX_SOURCES, "pps");
}
static int __init pps_init(void)
{
- int err;
-
pps_class = class_create("pps");
if (IS_ERR(pps_class)) {
pr_err("failed to allocate class\n");
@@ -462,8 +467,9 @@ static int __init pps_init(void)
}
pps_class->dev_groups = pps_groups;
- err = alloc_chrdev_region(&pps_devt, 0, PPS_MAX_SOURCES, "pps");
- if (err < 0) {
+ pps_major = __register_chrdev(0, 0, PPS_MAX_SOURCES, "pps",
+ &pps_cdev_fops);
+ if (pps_major < 0) {
pr_err("failed to allocate char device region\n");
goto remove_class;
}
@@ -476,8 +482,7 @@ static int __init pps_init(void)
remove_class:
class_destroy(pps_class);
-
- return err;
+ return pps_major;
}
subsys_initcall(pps_init);
diff --git a/drivers/ptp/ptp_ocp.c b/drivers/ptp/ptp_ocp.c
index 5feecaadde8e..120db96d9e95 100644
--- a/drivers/ptp/ptp_ocp.c
+++ b/drivers/ptp/ptp_ocp.c
@@ -4420,7 +4420,7 @@ ptp_ocp_complete(struct ptp_ocp *bp)
pps = pps_lookup_dev(bp->ptp);
if (pps)
- ptp_ocp_symlink(bp, pps->dev, "pps");
+ ptp_ocp_symlink(bp, &pps->dev, "pps");
ptp_ocp_debugfs_add_device(bp);
diff --git a/include/linux/pps_kernel.h b/include/linux/pps_kernel.h
index 78c8ac4951b5..c7abce28ed29 100644
--- a/include/linux/pps_kernel.h
+++ b/include/linux/pps_kernel.h
@@ -56,8 +56,7 @@ struct pps_device {
unsigned int id; /* PPS source unique ID */
void const *lookup_cookie; /* For pps_lookup_dev() only */
- struct cdev cdev;
- struct device *dev;
+ struct device dev;
struct fasync_struct *async_queue; /* fasync method */
spinlock_t lock;
};
2 months, 3 weeks
- 3
- 2
[PATCHSET RFC 6.12] xfs: bug fixes for 6.12.y LTS
by Darrick J. Wong
Hi all,
Here's a bunch of bespoke hand-ported bug fixes for 6.12 LTS.
If you're going to start using this code, I strongly recommend pulling
from my git trees, which are linked below.
With a bit of luck, this should all go splendidly.
Comments and questions are, as always, welcome.
--D
kernel git tree:
https://git.kernel.org/cgit/linux/kernel/git/djwong/xfs-linux.git/log/?h=ne…
---
Commits in this patchset:
* xfs: avoid nested calls to __xfs_trans_commit
* xfs: don't lose solo superblock counter update transactions
* xfs: don't lose solo dquot update transactions
* xfs: separate dquot buffer reads from xfs_dqflush
* xfs: clean up log item accesses in xfs_qm_dqflush{,_done}
* xfs: attach dquot buffer to dquot log item buffer
* xfs: convert quotacheck to attach dquot buffers
* xfs: don't over-report free space or inodes in statvfs
* xfs: release the dquot buf outside of qli_lock
* xfs: lock dquot buffer before detaching dquot from b_li_list
---
fs/xfs/xfs_dquot.c | 199 +++++++++++++++++++++++++++++++++++++++-------
fs/xfs/xfs_dquot.h | 6 +
fs/xfs/xfs_dquot_item.c | 51 +++++++++---
fs/xfs/xfs_dquot_item.h | 7 ++
fs/xfs/xfs_qm.c | 48 +++++++++--
fs/xfs/xfs_qm_bhv.c | 27 ++++--
fs/xfs/xfs_quota.h | 7 +-
fs/xfs/xfs_trans.c | 39 +++++----
fs/xfs/xfs_trans_ail.c | 2
fs/xfs/xfs_trans_dquot.c | 31 ++++++-
10 files changed, 328 insertions(+), 89 deletions(-)
2 months, 3 weeks
- 3
- 14
[PATCH 6.1 5.15 5.10 5.4 0/3] Backport ASIX AX99100 support
by Tomita Moeko
This patchset backports ASIX AX99100 pcie serial/parallel port
controller support to linux 6.1 5.15 5.10 5.4. It just add a device ID,
no functional changes included.
The commit 3029ad913353("can: ems_pci: move ASIX AX99100 ids to
pci_ids.h") was renamed to "PCI: add ASIX AX99100 ids to pci_ids.h",
and changes in drivers/net/can/sja1000/ems_pci.c were dropped as the
ems_pci change are only relevant for linux 6.3 and later.
Tomita Moeko (3):
PCI: add ASIX AX99100 ids to pci_ids.h
serial: 8250_pci: add support for ASIX AX99100
parport_pc: add support for ASIX AX99100
drivers/parport/parport_pc.c | 5 +++++
drivers/tty/serial/8250/8250_pci.c | 10 ++++++++++
include/linux/pci_ids.h | 4 ++++
3 files changed, 19 insertions(+)
--
2.47.2
2 months, 3 weeks
- 2
- 4
[PATCH 6.1 0/3] nilfs2: protect busy buffer heads from being force-cleared
by Ryusuke Konishi
Please apply this series to the 6.1-stable tree.
This series makes it possible to backport the latter two patches
(fixing some syzbot issues and a use-after-free issue) that could not
be backported to 6.1.y.
To achieve this, one dependent patch (patch 1/3) is included, and each
patch is tailored to avoid extensive page/folio conversion. Both
adjustments are specific to nilfs2 and do not include tree-wide
changes.
It has also been tested against the latest 6.1.y.
Thanks,
Ryusuke Konishi
Ryusuke Konishi (3):
nilfs2: do not output warnings when clearing dirty buffers
nilfs2: do not force clear folio if buffer is referenced
nilfs2: protect access to buffers with no active references
fs/nilfs2/inode.c | 4 ++--
fs/nilfs2/mdt.c | 6 ++---
fs/nilfs2/page.c | 55 ++++++++++++++++++++++++++-------------------
fs/nilfs2/page.h | 4 ++--
fs/nilfs2/segment.c | 4 +++-
5 files changed, 42 insertions(+), 31 deletions(-)
--
2.43.5
2 months, 3 weeks
- 2
- 4
[PATCH Linux-6.12.y 1/1] selftests/bpf: Add test to verify tailcall and freplace restrictions
by Yifei Liu
From: Leon Hwang <leon.hwang(a)linux.dev>
[ Upstream commit 021611d33e78694f4bd54573093c6fc70a812644 ]
Add a test case to ensure that attaching a tail callee program with an
freplace program fails, and that updating an extended program to a
prog_array map is also prohibited.
This test is designed to prevent the potential infinite loop issue caused
by the combination of tail calls and freplace, ensuring the correct
behavior and stability of the system.
Additionally, fix the broken tailcalls/tailcall_freplace selftest
because an extension prog should not be tailcalled.
cd tools/testing/selftests/bpf; ./test_progs -t tailcalls
337/25 tailcalls/tailcall_freplace:OK
337/26 tailcalls/tailcall_bpf2bpf_freplace:OK
337 tailcalls:OK
Summary: 1/26 PASSED, 0 SKIPPED, 0 FAILED
Acked-by: Eduard Zingerman <eddyz87(a)gmail.com>
Signed-off-by: Leon Hwang <leon.hwang(a)linux.dev>
Link: https://lore.kernel.org/r/20241015150207.70264-3-leon.hwang@linux.dev
Signed-off-by: Alexei Starovoitov <ast(a)kernel.org>
(cherry picked from commit 021611d33e78694f4bd54573093c6fc70a812644)
[Yifei: bpf freplace update is backported to linux-6.12 by commit 987aa730bad3 ("bpf: Prevent tailcall infinite
loop caused by freplace"). It will cause selftest #336/25 failed. Then backport this commit]
Signed-off-by: Yifei Liu <yifei.l.liu(a)oracle.com>
---
.../selftests/bpf/prog_tests/tailcalls.c | 120 ++++++++++++++++--
.../testing/selftests/bpf/progs/tc_bpf2bpf.c | 5 +-
2 files changed, 109 insertions(+), 16 deletions(-)
diff --git a/tools/testing/selftests/bpf/prog_tests/tailcalls.c b/tools/testing/selftests/bpf/prog_tests/tailcalls.c
index 21c5a37846ad..40f22454cf05 100644
--- a/tools/testing/selftests/bpf/prog_tests/tailcalls.c
+++ b/tools/testing/selftests/bpf/prog_tests/tailcalls.c
@@ -1496,8 +1496,8 @@ static void test_tailcall_bpf2bpf_hierarchy_3(void)
RUN_TESTS(tailcall_bpf2bpf_hierarchy3);
}
-/* test_tailcall_freplace checks that the attached freplace prog is OK to
- * update the prog_array map.
+/* test_tailcall_freplace checks that the freplace prog fails to update the
+ * prog_array map, no matter whether the freplace prog attaches to its target.
*/
static void test_tailcall_freplace(void)
{
@@ -1505,7 +1505,7 @@ static void test_tailcall_freplace(void)
struct bpf_link *freplace_link = NULL;
struct bpf_program *freplace_prog;
struct tc_bpf2bpf *tc_skel = NULL;
- int prog_fd, map_fd;
+ int prog_fd, tc_prog_fd, map_fd;
char buff[128] = {};
int err, key;
@@ -1523,9 +1523,10 @@ static void test_tailcall_freplace(void)
if (!ASSERT_OK_PTR(tc_skel, "tc_bpf2bpf__open_and_load"))
goto out;
- prog_fd = bpf_program__fd(tc_skel->progs.entry_tc);
+ tc_prog_fd = bpf_program__fd(tc_skel->progs.entry_tc);
freplace_prog = freplace_skel->progs.entry_freplace;
- err = bpf_program__set_attach_target(freplace_prog, prog_fd, "subprog");
+ err = bpf_program__set_attach_target(freplace_prog, tc_prog_fd,
+ "subprog_tc");
if (!ASSERT_OK(err, "set_attach_target"))
goto out;
@@ -1533,27 +1534,116 @@ static void test_tailcall_freplace(void)
if (!ASSERT_OK(err, "tailcall_freplace__load"))
goto out;
- freplace_link = bpf_program__attach_freplace(freplace_prog, prog_fd,
- "subprog");
+ map_fd = bpf_map__fd(freplace_skel->maps.jmp_table);
+ prog_fd = bpf_program__fd(freplace_prog);
+ key = 0;
+ err = bpf_map_update_elem(map_fd, &key, &prog_fd, BPF_ANY);
+ ASSERT_ERR(err, "update jmp_table failure");
+
+ freplace_link = bpf_program__attach_freplace(freplace_prog, tc_prog_fd,
+ "subprog_tc");
if (!ASSERT_OK_PTR(freplace_link, "attach_freplace"))
goto out;
- map_fd = bpf_map__fd(freplace_skel->maps.jmp_table);
- prog_fd = bpf_program__fd(freplace_prog);
+ err = bpf_map_update_elem(map_fd, &key, &prog_fd, BPF_ANY);
+ ASSERT_ERR(err, "update jmp_table failure");
+
+out:
+ bpf_link__destroy(freplace_link);
+ tailcall_freplace__destroy(freplace_skel);
+ tc_bpf2bpf__destroy(tc_skel);
+}
+
+/* test_tailcall_bpf2bpf_freplace checks the failure that fails to attach a tail
+ * callee prog with freplace prog or fails to update an extended prog to
+ * prog_array map.
+ */
+static void test_tailcall_bpf2bpf_freplace(void)
+{
+ struct tailcall_freplace *freplace_skel = NULL;
+ struct bpf_link *freplace_link = NULL;
+ struct tc_bpf2bpf *tc_skel = NULL;
+ char buff[128] = {};
+ int prog_fd, map_fd;
+ int err, key;
+
+ LIBBPF_OPTS(bpf_test_run_opts, topts,
+ .data_in = buff,
+ .data_size_in = sizeof(buff),
+ .repeat = 1,
+ );
+
+ tc_skel = tc_bpf2bpf__open_and_load();
+ if (!ASSERT_OK_PTR(tc_skel, "tc_bpf2bpf__open_and_load"))
+ goto out;
+
+ prog_fd = bpf_program__fd(tc_skel->progs.entry_tc);
+ freplace_skel = tailcall_freplace__open();
+ if (!ASSERT_OK_PTR(freplace_skel, "tailcall_freplace__open"))
+ goto out;
+
+ err = bpf_program__set_attach_target(freplace_skel->progs.entry_freplace,
+ prog_fd, "subprog_tc");
+ if (!ASSERT_OK(err, "set_attach_target"))
+ goto out;
+
+ err = tailcall_freplace__load(freplace_skel);
+ if (!ASSERT_OK(err, "tailcall_freplace__load"))
+ goto out;
+
+ /* OK to attach then detach freplace prog. */
+
+ freplace_link = bpf_program__attach_freplace(freplace_skel->progs.entry_freplace,
+ prog_fd, "subprog_tc");
+ if (!ASSERT_OK_PTR(freplace_link, "attach_freplace"))
+ goto out;
+
+ err = bpf_link__destroy(freplace_link);
+ if (!ASSERT_OK(err, "destroy link"))
+ goto out;
+
+ /* OK to update prog_array map then delete element from the map. */
+
key = 0;
+ map_fd = bpf_map__fd(freplace_skel->maps.jmp_table);
err = bpf_map_update_elem(map_fd, &key, &prog_fd, BPF_ANY);
if (!ASSERT_OK(err, "update jmp_table"))
goto out;
- prog_fd = bpf_program__fd(tc_skel->progs.entry_tc);
- err = bpf_prog_test_run_opts(prog_fd, &topts);
- ASSERT_OK(err, "test_run");
- ASSERT_EQ(topts.retval, 34, "test_run retval");
+ err = bpf_map_delete_elem(map_fd, &key);
+ if (!ASSERT_OK(err, "delete_elem from jmp_table"))
+ goto out;
+
+ /* Fail to attach a tail callee prog with freplace prog. */
+
+ err = bpf_map_update_elem(map_fd, &key, &prog_fd, BPF_ANY);
+ if (!ASSERT_OK(err, "update jmp_table"))
+ goto out;
+
+ freplace_link = bpf_program__attach_freplace(freplace_skel->progs.entry_freplace,
+ prog_fd, "subprog_tc");
+ if (!ASSERT_ERR_PTR(freplace_link, "attach_freplace failure"))
+ goto out;
+
+ err = bpf_map_delete_elem(map_fd, &key);
+ if (!ASSERT_OK(err, "delete_elem from jmp_table"))
+ goto out;
+
+ /* Fail to update an extended prog to prog_array map. */
+
+ freplace_link = bpf_program__attach_freplace(freplace_skel->progs.entry_freplace,
+ prog_fd, "subprog_tc");
+ if (!ASSERT_OK_PTR(freplace_link, "attach_freplace"))
+ goto out;
+
+ err = bpf_map_update_elem(map_fd, &key, &prog_fd, BPF_ANY);
+ if (!ASSERT_ERR(err, "update jmp_table failure"))
+ goto out;
out:
bpf_link__destroy(freplace_link);
- tc_bpf2bpf__destroy(tc_skel);
tailcall_freplace__destroy(freplace_skel);
+ tc_bpf2bpf__destroy(tc_skel);
}
void test_tailcalls(void)
@@ -1606,4 +1696,6 @@ void test_tailcalls(void)
test_tailcall_bpf2bpf_hierarchy_3();
if (test__start_subtest("tailcall_freplace"))
test_tailcall_freplace();
+ if (test__start_subtest("tailcall_bpf2bpf_freplace"))
+ test_tailcall_bpf2bpf_freplace();
}
diff --git a/tools/testing/selftests/bpf/progs/tc_bpf2bpf.c b/tools/testing/selftests/bpf/progs/tc_bpf2bpf.c
index 79f5087dade2..fe6249d99b31 100644
--- a/tools/testing/selftests/bpf/progs/tc_bpf2bpf.c
+++ b/tools/testing/selftests/bpf/progs/tc_bpf2bpf.c
@@ -5,10 +5,11 @@
#include "bpf_misc.h"
__noinline
-int subprog(struct __sk_buff *skb)
+int subprog_tc(struct __sk_buff *skb)
{
int ret = 1;
+ __sink(skb);
__sink(ret);
/* let verifier know that 'subprog_tc' can change pointers to skb->data */
bpf_skb_change_proto(skb, 0, 0);
@@ -18,7 +19,7 @@ int subprog(struct __sk_buff *skb)
SEC("tc")
int entry_tc(struct __sk_buff *skb)
{
- return subprog(skb);
+ return subprog_tc(skb);
}
char __license[] SEC("license") = "GPL";
--
2.46.0
2 months, 3 weeks
- 2
- 1
[PATCH 0/2] mm/damon/paddr: fix large folios access and schemes handling
by SeongJae Park
DAMON operations set for physical address space, namely 'paddr', treats
tail pages as unaccessed always. It can also apply DAMOS action to
a large folio multiple times within single DAMOS' regions walking. As a
result, the monitoring output has poor quality and DAMOS works in
unexpected ways when large folios are being used. Fix those.
The patches were parts of Usama's hugepage_size DAMOS filter patch
series[1]. The first fix has collected from there with a slight commit
message change for the subject prefix. The second fix is re-written by
SJ and posted as an RFC before this series. The second one also got a
slight commit message change for the subject prefix.
[1] https://lore.kernel.org/20250203225604.44742-1-usamaarif642@gmail.com
[2] https://lore.kernel.org/20250206231103.38298-1-sj@kernel.org
SeongJae Park (1):
mm/damon: avoid applying DAMOS action to same entity multiple times
Usama Arif (1):
mm/damon/ops: have damon_get_folio return folio even for tail pages
include/linux/damon.h | 11 +++++++++
mm/damon/core.c | 1 +
mm/damon/ops-common.c | 2 +-
mm/damon/paddr.c | 57 +++++++++++++++++++++++++++++++------------
4 files changed, 55 insertions(+), 16 deletions(-)
base-commit: 9c9a75a50e600803a157f4fc76cb856326406ce4
--
2.39.5
2 months, 3 weeks
- 1
- 2
[PATCH net 1/2] net: advertise 'netns local' property via netlink
by Nicolas Dichtel
Since the below commit, there is no way to see if the netns_local property
is set on a device. Let's add a netlink attribute to advertise it.
CC: stable(a)vger.kernel.org
Fixes: 05c1280a2bcf ("netdev_features: convert NETIF_F_NETNS_LOCAL to dev->netns_local")
Signed-off-by: Nicolas Dichtel <nicolas.dichtel(a)6wind.com>
---
include/uapi/linux/if_link.h | 1 +
net/core/rtnetlink.c | 3 +++
2 files changed, 4 insertions(+)
diff --git a/include/uapi/linux/if_link.h b/include/uapi/linux/if_link.h
index bfe880fbbb24..ed4a64e1c8f1 100644
--- a/include/uapi/linux/if_link.h
+++ b/include/uapi/linux/if_link.h
@@ -378,6 +378,7 @@ enum {
IFLA_GRO_IPV4_MAX_SIZE,
IFLA_DPLL_PIN,
IFLA_MAX_PACING_OFFLOAD_HORIZON,
+ IFLA_NETNS_LOCAL,
__IFLA_MAX
};
diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
index d1e559fce918..5032e65b8faa 100644
--- a/net/core/rtnetlink.c
+++ b/net/core/rtnetlink.c
@@ -1287,6 +1287,7 @@ static noinline size_t if_nlmsg_size(const struct net_device *dev,
+ nla_total_size(4) /* IFLA_TSO_MAX_SEGS */
+ nla_total_size(1) /* IFLA_OPERSTATE */
+ nla_total_size(1) /* IFLA_LINKMODE */
+ + nla_total_size(1) /* IFLA_NETNS_LOCAL */
+ nla_total_size(4) /* IFLA_CARRIER_CHANGES */
+ nla_total_size(4) /* IFLA_LINK_NETNSID */
+ nla_total_size(4) /* IFLA_GROUP */
@@ -2041,6 +2042,7 @@ static int rtnl_fill_ifinfo(struct sk_buff *skb,
netif_running(dev) ? READ_ONCE(dev->operstate) :
IF_OPER_DOWN) ||
nla_put_u8(skb, IFLA_LINKMODE, READ_ONCE(dev->link_mode)) ||
+ nla_put_u8(skb, IFLA_NETNS_LOCAL, dev->netns_local) ||
nla_put_u32(skb, IFLA_MTU, READ_ONCE(dev->mtu)) ||
nla_put_u32(skb, IFLA_MIN_MTU, READ_ONCE(dev->min_mtu)) ||
nla_put_u32(skb, IFLA_MAX_MTU, READ_ONCE(dev->max_mtu)) ||
@@ -2229,6 +2231,7 @@ static const struct nla_policy ifla_policy[IFLA_MAX+1] = {
[IFLA_ALLMULTI] = { .type = NLA_REJECT },
[IFLA_GSO_IPV4_MAX_SIZE] = NLA_POLICY_MIN(NLA_U32, MAX_TCP_HEADER + 1),
[IFLA_GRO_IPV4_MAX_SIZE] = { .type = NLA_U32 },
+ [IFLA_NETNS_LOCAL] = { .type = NLA_U8 },
};
static const struct nla_policy ifla_info_policy[IFLA_INFO_MAX+1] = {
--
2.47.1
2 months, 3 weeks
- 4
- 5
[PATCH 5.10/5.15] i3c: master: cdns: Fix use after free vulnerability in cdns_i3c_master Driver Due to Race Condition
by Alexey Panov
From: Kaixin Wang <kxwang23(a)m.fudan.edu.cn>
[ Upstream commit 609366e7a06d035990df78f1562291c3bf0d4a12 ]
In the cdns_i3c_master_probe function, &master->hj_work is bound with
cdns_i3c_master_hj. And cdns_i3c_master_interrupt can call
cnds_i3c_master_demux_ibis function to start the work.
If we remove the module which will call cdns_i3c_master_remove to
make cleanup, it will free master->base through i3c_master_unregister
while the work mentioned above will be used. The sequence of operations
that may lead to a UAF bug is as follows:
CPU0 CPU1
| cdns_i3c_master_hj
cdns_i3c_master_remove |
i3c_master_unregister(&master->base) |
device_unregister(&master->dev) |
device_release |
//free master->base |
| i3c_master_do_daa(&master->base)
| //use master->base
Fix it by ensuring that the work is canceled before proceeding with
the cleanup in cdns_i3c_master_remove.
Signed-off-by: Kaixin Wang <kxwang23(a)m.fudan.edu.cn>
Link: https://lore.kernel.org/r/20240911153544.848398-1-kxwang23@m.fudan.edu.cn
Signed-off-by: Alexandre Belloni <alexandre.belloni(a)bootlin.com>
Signed-off-by: Alexey Panov <apanov(a)astralinux.ru>
---
Backport fix for CVE-2024-50061
drivers/i3c/master/i3c-master-cdns.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/i3c/master/i3c-master-cdns.c b/drivers/i3c/master/i3c-master-cdns.c
index b9cfda6ae9ae..4473c0b1ae2e 100644
--- a/drivers/i3c/master/i3c-master-cdns.c
+++ b/drivers/i3c/master/i3c-master-cdns.c
@@ -1668,6 +1668,7 @@ static int cdns_i3c_master_remove(struct platform_device *pdev)
struct cdns_i3c_master *master = platform_get_drvdata(pdev);
int ret;
+ cancel_work_sync(&master->hj_work);
ret = i3c_master_unregister(&master->base);
if (ret)
return ret;
--
2.30.2
2 months, 3 weeks
- 1
- 0
[PATCH 6.1] i3c: master: cdns: Fix use after free vulnerability in cdns_i3c_master Driver Due to Race Condition
by Alexey Panov
From: Kaixin Wang <kxwang23(a)m.fudan.edu.cn>
[ Upstream commit 609366e7a06d035990df78f1562291c3bf0d4a12 ]
In the cdns_i3c_master_probe function, &master->hj_work is bound with
cdns_i3c_master_hj. And cdns_i3c_master_interrupt can call
cnds_i3c_master_demux_ibis function to start the work.
If we remove the module which will call cdns_i3c_master_remove to
make cleanup, it will free master->base through i3c_master_unregister
while the work mentioned above will be used. The sequence of operations
that may lead to a UAF bug is as follows:
CPU0 CPU1
| cdns_i3c_master_hj
cdns_i3c_master_remove |
i3c_master_unregister(&master->base) |
device_unregister(&master->dev) |
device_release |
//free master->base |
| i3c_master_do_daa(&master->base)
| //use master->base
Fix it by ensuring that the work is canceled before proceeding with
the cleanup in cdns_i3c_master_remove.
Signed-off-by: Kaixin Wang <kxwang23(a)m.fudan.edu.cn>
Link: https://lore.kernel.org/r/20240911153544.848398-1-kxwang23@m.fudan.edu.cn
Signed-off-by: Alexandre Belloni <alexandre.belloni(a)bootlin.com>
Signed-off-by: Alexey Panov <apanov(a)astralinux.ru>
---
Backport fix for CVE-2024-50061
drivers/i3c/master/i3c-master-cdns.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/i3c/master/i3c-master-cdns.c b/drivers/i3c/master/i3c-master-cdns.c
index 35b90bb686ad..c5a37f58079a 100644
--- a/drivers/i3c/master/i3c-master-cdns.c
+++ b/drivers/i3c/master/i3c-master-cdns.c
@@ -1667,6 +1667,7 @@ static int cdns_i3c_master_remove(struct platform_device *pdev)
{
struct cdns_i3c_master *master = platform_get_drvdata(pdev);
+ cancel_work_sync(&master->hj_work);
i3c_master_unregister(&master->base);
clk_disable_unprepare(master->sysclk);
--
2.30.2
2 months, 3 weeks
- 1
- 0
2 months, 3 weeks
- 2
- 1
[PATCH 5.10/5.15] tty: n_gsm: Fix use-after-free in gsm_cleanup_mux
by Alexey Panov
commit 9462f4ca56e7d2430fdb6dcc8498244acbfc4489 upstream.
BUG: KASAN: slab-use-after-free in gsm_cleanup_mux+0x77b/0x7b0
drivers/tty/n_gsm.c:3160 [n_gsm]
Read of size 8 at addr ffff88815fe99c00 by task poc/3379
CPU: 0 UID: 0 PID: 3379 Comm: poc Not tainted 6.11.0+ #56
Hardware name: VMware, Inc. VMware Virtual Platform/440BX
Desktop Reference Platform, BIOS 6.00 11/12/2020
Call Trace:
<TASK>
gsm_cleanup_mux+0x77b/0x7b0 drivers/tty/n_gsm.c:3160 [n_gsm]
__pfx_gsm_cleanup_mux+0x10/0x10 drivers/tty/n_gsm.c:3124 [n_gsm]
__pfx_sched_clock_cpu+0x10/0x10 kernel/sched/clock.c:389
update_load_avg+0x1c1/0x27b0 kernel/sched/fair.c:4500
__pfx_min_vruntime_cb_rotate+0x10/0x10 kernel/sched/fair.c:846
__rb_insert_augmented+0x492/0xbf0 lib/rbtree.c:161
gsmld_ioctl+0x395/0x1450 drivers/tty/n_gsm.c:3408 [n_gsm]
_raw_spin_lock_irqsave+0x92/0xf0 arch/x86/include/asm/atomic.h:107
__pfx_gsmld_ioctl+0x10/0x10 drivers/tty/n_gsm.c:3822 [n_gsm]
ktime_get+0x5e/0x140 kernel/time/timekeeping.c:195
ldsem_down_read+0x94/0x4e0 arch/x86/include/asm/atomic64_64.h:79
__pfx_ldsem_down_read+0x10/0x10 drivers/tty/tty_ldsem.c:338
__pfx_do_vfs_ioctl+0x10/0x10 fs/ioctl.c:805
tty_ioctl+0x643/0x1100 drivers/tty/tty_io.c:2818
Allocated by task 65:
gsm_data_alloc.constprop.0+0x27/0x190 drivers/tty/n_gsm.c:926 [n_gsm]
gsm_send+0x2c/0x580 drivers/tty/n_gsm.c:819 [n_gsm]
gsm1_receive+0x547/0xad0 drivers/tty/n_gsm.c:3038 [n_gsm]
gsmld_receive_buf+0x176/0x280 drivers/tty/n_gsm.c:3609 [n_gsm]
tty_ldisc_receive_buf+0x101/0x1e0 drivers/tty/tty_buffer.c:391
tty_port_default_receive_buf+0x61/0xa0 drivers/tty/tty_port.c:39
flush_to_ldisc+0x1b0/0x750 drivers/tty/tty_buffer.c:445
process_scheduled_works+0x2b0/0x10d0 kernel/workqueue.c:3229
worker_thread+0x3dc/0x950 kernel/workqueue.c:3391
kthread+0x2a3/0x370 kernel/kthread.c:389
ret_from_fork+0x2d/0x70 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:257
Freed by task 3367:
kfree+0x126/0x420 mm/slub.c:4580
gsm_cleanup_mux+0x36c/0x7b0 drivers/tty/n_gsm.c:3160 [n_gsm]
gsmld_ioctl+0x395/0x1450 drivers/tty/n_gsm.c:3408 [n_gsm]
tty_ioctl+0x643/0x1100 drivers/tty/tty_io.c:2818
[Analysis]
gsm_msg on the tx_ctrl_list or tx_data_list of gsm_mux
can be freed by multi threads through ioctl,which leads
to the occurrence of uaf. Protect it by gsm tx lock.
Signed-off-by: Longlong Xia <xialonglong(a)kylinos.cn>
Cc: stable <stable(a)kernel.org>
Suggested-by: Jiri Slaby <jirislaby(a)kernel.org>
Link: https://lore.kernel.org/r/20240926130213.531959-1-xialonglong@kylinos.cn
Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
[ Alexey: Replace guard macro with spin_lock_irqsave due to its unavailability
in pre-6.1 kernels. Based on a v1 patch from Longlong Xia [1]. ]
Link: https://lore.kernel.org/all/20240924093519.767036-1-xialonglong@kylinos.cn/ [1]
Signed-off-by: Alexey Panov <apanov(a)astralinux.ru>
---
Backport fix for CVE-2024-50073
drivers/tty/n_gsm.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/tty/n_gsm.c b/drivers/tty/n_gsm.c
index aae9f73585bd..1becbdf7c470 100644
--- a/drivers/tty/n_gsm.c
+++ b/drivers/tty/n_gsm.c
@@ -2443,6 +2443,7 @@ static void gsm_cleanup_mux(struct gsm_mux *gsm, bool disc)
int i;
struct gsm_dlci *dlci;
struct gsm_msg *txq, *ntxq;
+ unsigned long flags;
gsm->dead = true;
mutex_lock(&gsm->mutex);
@@ -2471,9 +2472,12 @@ static void gsm_cleanup_mux(struct gsm_mux *gsm, bool disc)
mutex_unlock(&gsm->mutex);
/* Now wipe the queues */
tty_ldisc_flush(gsm->tty);
+
+ spin_lock_irqsave(&gsm->tx_lock, flags);
list_for_each_entry_safe(txq, ntxq, &gsm->tx_list, list)
kfree(txq);
INIT_LIST_HEAD(&gsm->tx_list);
+ spin_unlock_irqrestore(&gsm->tx_lock, flags);
}
/**
--
2.30.2
2 months, 3 weeks
- 1
- 1
[PATCH 1/2] scsi: qedf: Replace kmalloc_array() with kcalloc()
by Jiasheng Jiang
Replace kmalloc_array() with kcalloc() to avoid old (dirty) data being
used/freed.
Fixes: 61d8658b4a43 ("scsi: qedf: Add QLogic FastLinQ offload FCoE driver framework.")
Cc: <stable(a)vger.kernel.org> # v5.10+
Signed-off-by: Jiasheng Jiang <jiashengjiangcool(a)gmail.com>
---
drivers/scsi/qedf/qedf_io.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/drivers/scsi/qedf/qedf_io.c b/drivers/scsi/qedf/qedf_io.c
index fcfc3bed02c6..d52057b97a4f 100644
--- a/drivers/scsi/qedf/qedf_io.c
+++ b/drivers/scsi/qedf/qedf_io.c
@@ -254,9 +254,7 @@ struct qedf_cmd_mgr *qedf_cmd_mgr_alloc(struct qedf_ctx *qedf)
}
/* Allocate pool of io_bdts - one for each qedf_ioreq */
- cmgr->io_bdt_pool = kmalloc_array(num_ios, sizeof(struct io_bdt *),
- GFP_KERNEL);
-
+ cmgr->io_bdt_pool = kcalloc(num_ios, sizeof(*cmgr->io_bdt_pool), GFP_KERNEL);
if (!cmgr->io_bdt_pool) {
QEDF_WARN(&(qedf->dbg_ctx), "Failed to alloc io_bdt_pool.\n");
goto mem_err;
--
2.25.1
2 months, 3 weeks
- 2
- 8
[stable] please apply media: cxd2841er: fix 64-bit division on gcc-9
by Dan Carpenter
Hi Greg and Sasha,
Could you please apply commit 8d46603eeeb4 ("media: cxd2841er: fix 64-bit
division on gcc-9") on v6.13.y? It fixes the build with gcc-8 on arm32.
It applies cleanly to older kernels as well, but it's only required
for v6.13.y.
regards,
dan carpenter
2 months, 3 weeks
- 1
- 0
[PATCH 6.13 000/623] 6.13.2-rc1 review
by Greg Kroah-Hartman
This is the start of the stable review cycle for the 6.13.2 release.
There are 623 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Fri, 07 Feb 2025 13:42:57 +0000.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.13.2-rc1…
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.13.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
Linux 6.13.2-rc1
Qu Wenruo <wqu(a)suse.com>
btrfs: do proper folio cleanup when run_delalloc_nocow() failed
Qu Wenruo <wqu(a)suse.com>
btrfs: do proper folio cleanup when cow_file_range() failed
Tiezhu Yang <yangtiezhu(a)loongson.cn>
LoongArch: Change 8 to 14 for LOONGARCH_MAX_{BRP,WRP}
Uwe Kleine-König <u.kleine-koenig(a)baylibre.com>
pwm: Ensure callbacks exist before calling them
Chen Ridong <chenridong(a)huawei.com>
memcg: fix soft lockup in the OOM process
Sean Christopherson <seanjc(a)google.com>
KVM: x86: Plumb in the vCPU to kvm_x86_ops.hwapic_isr_update()
Aric Cyr <Aric.Cyr(a)amd.com>
drm/amd/display: Add hubp cache reset when powergating
Nathan Chancellor <nathan(a)kernel.org>
s390: Add '-std=gnu11' to decompressor and purgatory CFLAGS
Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com>
ASoC: da7213: Initialize the mutex
Kevin Brodsky <kevin.brodsky(a)arm.com>
selftests/mm: build with -O2
Qu Wenruo <wqu(a)suse.com>
btrfs: output the reason for open_ctree() failure
Yu Kuai <yukuai3(a)huawei.com>
md/md-bitmap: Synchronize bitmap_get_stats() with bitmap lifetime
Shivaprasad G Bhat <sbhat(a)linux.ibm.com>
powerpc/pseries/iommu: Don't unset window if it was never set
Dan Carpenter <dan.carpenter(a)linaro.org>
media: imx-jpeg: Fix potential error pointer dereference in detach_pm()
Laurentiu Palcu <laurentiu.palcu(a)oss.nxp.com>
staging: media: max96712: fix kernel oops when removing module
Melissa Wen <mwen(a)igalia.com>
drm/amd/display: restore invalid MSA timing check for freesync
Thinh Nguyen <Thinh.Nguyen(a)synopsys.com>
usb: gadget: f_tcm: Don't free command immediately
Calvin Owens <calvin(a)wbinvd.org>
pps: Fix a use-after-free
Laurent Pinchart <laurent.pinchart(a)ideasonboard.com>
media: uvcvideo: Fix double free in error path
Arnaud Pouliquen <arnaud.pouliquen(a)foss.st.com>
remoteproc: core: Fix ida_free call while not allocated
Patrisious Haddad <phaddad(a)nvidia.com>
RDMA/mlx5: Fix implicit ODP use after free
Matthieu Baerts (NGI0) <matttbe(a)kernel.org>
mptcp: blackhole only if 1st SYN retrans w/o MPC is accepted
Paolo Abeni <pabeni(a)redhat.com>
mptcp: handle fastopen disconnect correctly
Matthieu Baerts (NGI0) <matttbe(a)kernel.org>
mptcp: pm: only set fullmesh for subflow endp
Paolo Abeni <pabeni(a)redhat.com>
mptcp: consolidate suboption status
Abel Vesa <abel.vesa(a)linaro.org>
clk: qcom: gcc-x1e80100: Do not turn off usb_2 controller GDSC
Kyle Tso <kyletso(a)google.com>
usb: typec: tcpci: Prevent Sink disconnection before vPpsShutdown in SPR PPS
Jos Wang <joswang(a)lenovo.com>
usb: typec: tcpm: set SRC_SEND_CAPABILITIES timeout to PD_T_SENDER_RESPONSE
Ray Chi <raychi(a)google.com>
usb: dwc3: Skip resume if pm_runtime_set_active() fails
Kyle Tso <kyletso(a)google.com>
usb: dwc3: core: Defer the probe until USB power supply ready
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
usb: dwc3-am62: Fix an OF node leak in phy_syscon_pll_refclk()
Thinh Nguyen <Thinh.Nguyen(a)synopsys.com>
usb: gadget: f_tcm: Fix Get/SetInterface return value
Sean Rhodes <sean(a)starlabs.systems>
drivers/card_reader/rtsx_usb: Restore interrupt based detection
Michal Pecio <michal.pecio(a)gmail.com>
usb: xhci: Fix NULL pointer dereference on certain command aborts
Nikita Zhandarovich <n.zhandarovich(a)fintech.ru>
net: usb: rtl8150: enable basic endpoint checking
Lianqin Hu <hulianqin(a)vivo.com>
ALSA: usb-audio: Add delay quirk for iBasso DC07 Pro
Darrick J. Wong <djwong(a)kernel.org>
xfs: don't shut down the filesystem for media failures beyond end of log
Darrick J. Wong <djwong(a)kernel.org>
xfs: release the dquot buf outside of qli_lock
Darrick J. Wong <djwong(a)kernel.org>
xfs: don't over-report free space or inodes in statvfs
Long Li <leo.lilong(a)huawei.com>
xfs: fix mount hang during primary superblock recovery failure
Christoph Hellwig <hch(a)lst.de>
xfs: check for dead buffers in xfs_buf_find_insert
Ricardo B. Marliere <rbm(a)suse.com>
ktest.pl: Check kernelrelease return in get_version
Masami Hiramatsu (Google) <mhiramat(a)kernel.org>
selftests/ftrace: Fix to use remount when testing mount GID option
Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com>
selftests/rseq: Fix handling of glibc without rseq support
Pablo Neira Ayuso <pablo(a)netfilter.org>
netfilter: nf_tables: reject mismatching sum of field_len with set key length
Chuck Lever <chuck.lever(a)oracle.com>
Revert "SUNRPC: Reduce thread wake-up rate when receiving large RPC messages"
Yu Kuai <yukuai3(a)huawei.com>
md/md-bitmap: move bitmap_{start, end}write to md upper layer
Yu Kuai <yukuai3(a)huawei.com>
md/raid5: implement pers->bitmap_sector()
Yu Kuai <yukuai3(a)huawei.com>
md: add a new callback pers->bitmap_sector()
Yu Kuai <yukuai3(a)huawei.com>
md/md-bitmap: remove the last parameter for bimtap_ops->endwrite()
Yu Kuai <yukuai3(a)huawei.com>
md/md-bitmap: factor behind write counters out from bitmap_{start/end}write()
Daniel Lee <chullee(a)google.com>
f2fs: Introduce linear search for dentries
Liam R. Howlett <Liam.Howlett(a)Oracle.com>
kernel: be more careful about dup_mmap() failures and uprobe registering
Masahiro Yamada <masahiroy(a)kernel.org>
kbuild: fix Clang LTO with CONFIG_OBJTOOL=n
Lin Yujun <linyujun809(a)huawei.com>
hexagon: Fix unbalanced spinlock in die()
Willem de Bruijn <willemb(a)google.com>
hexagon: fix using plain integer as NULL pointer warning in cmpxchg
Masahiro Yamada <masahiroy(a)kernel.org>
kconfig: fix memory leak in sym_warn_unmet_dep()
Masahiro Yamada <masahiroy(a)kernel.org>
kconfig: fix file name in warnings when loading KCONFIG_DEFCONFIG_LIST
Pali Rohár <pali(a)kernel.org>
cifs: Fix getting and setting SACLs over SMB1
Pali Rohár <pali(a)kernel.org>
cifs: Validate EAs for WSL reparse points
Len Brown <len.brown(a)intel.com>
tools/power turbostat: Fix forked child affinity regression
Daniel Baluta <daniel.baluta(a)nxp.com>
ASoC: amd: acp: Fix possible deadlock
Jens Axboe <axboe(a)kernel.dk>
io_uring/register: use atomic_read/write for sq_flags migration
Jens Axboe <axboe(a)kernel.dk>
io_uring/uring_cmd: use cached cmd_op in io_uring_cmd_sock()
Jens Axboe <axboe(a)kernel.dk>
io_uring/msg_ring: don't leave potentially dangling ->tctx pointer
Detlev Casanova <detlev.casanova(a)collabora.com>
ASoC: rockchip: i2s_tdm: Re-add the set_sysclk callback
Palmer Dabbelt <palmer(a)rivosinc.com>
RISC-V: Mark riscv_v_init() as __init
Torsten Hilbrich <torsten.hilbrich(a)secunet.com>
kbuild: Fix signing issue for external modules
Patryk Wlazlyn <patryk.wlazlyn(a)linux.intel.com>
tools/power turbostat: Fix PMT mmaped file size rounding
Al Viro <viro(a)zeniv.linux.org.uk>
hostfs: fix string handling in __dentry_name()
Masahiro Yamada <masahiroy(a)kernel.org>
genksyms: fix memory leak when the same symbol is read from *.symref file
Masahiro Yamada <masahiroy(a)kernel.org>
genksyms: fix memory leak when the same symbol is added from source
Eric Dumazet <edumazet(a)google.com>
net: hsr: fix fill_frame_info() regression vs VLAN packets
Kory Maincent <kory.maincent(a)bootlin.com>
net: sh_eth: Fix missing rtnl lock in suspend/resume path
Kory Maincent <kory.maincent(a)bootlin.com>
net: ravb: Fix missing rtnl lock in suspend/resume path
Toke Høiland-Jørgensen <toke(a)redhat.com>
net: xdp: Disallow attaching device-bound programs in generic mode
Jon Maloy <jmaloy(a)redhat.com>
tcp: correct handling of extreme memory squeeze
Rafał Miłecki <rafal(a)milecki.pl>
bgmac: reduce max frame size to support just MTU 1500
Michal Luczaj <mhal(a)rbox.co>
vsock: Allow retrying on connect() failure
Michal Luczaj <mhal(a)rbox.co>
vsock: Keep the binding until socket destruction
Neeraj Sanjay Kale <neeraj.sanjaykale(a)nxp.com>
Bluetooth: btnxpuart: Fix glitches seen in dual A2DP streaming
Douglas Anderson <dianders(a)chromium.org>
Bluetooth: btusb: mediatek: Add locks for usb_driver_claim_interface()
Rafael J. Wysocki <rafael.j.wysocki(a)intel.com>
PM: sleep: core: Synchronize runtime PM status of parents and children
Namhyung Kim <namhyung(a)kernel.org>
perf test: Skip syscall enum test if no landlock syscall
Howard Chu <howardchu95(a)gmail.com>
perf trace: Fix runtime error of index out of bounds
Heiko Carstens <hca(a)linux.ibm.com>
s390/sclp: Initialize sclp subsystem via arch_cpu_finalize_init()
Cosmin Ratiu <cratiu(a)nvidia.com>
bonding: Correctly support GSO ESP offload
Kunihiko Hayashi <hayashi.kunihiko(a)socionext.com>
net: stmmac: Limit FIFO size by hardware capability
Kunihiko Hayashi <hayashi.kunihiko(a)socionext.com>
net: stmmac: Limit the number of MTL queues to hardware capability
Gal Pressman <gal(a)nvidia.com>
ethtool: Fix set RXNFC command with symmetric RSS hash
Thomas Weißschuh <linux(a)weissschuh.net>
ptp: Properly handle compat ioctls
Ian Rogers <irogers(a)google.com>
perf annotate: Use an array for the disassembler preference
Chenyuan Yang <chenyuan0y(a)gmail.com>
net: davicom: fix UAF in dm9000_drv_remove
Shigeru Yoshida <syoshida(a)redhat.com>
vxlan: Fix uninit-value in vxlan_vnifilter_dump()
David Howells <dhowells(a)redhat.com>
rxrpc, afs: Fix peer hash locking vs RCU callback
Jan Stancek <jstancek(a)redhat.com>
selftests: net/{lib,openvswitch}: extend CFLAGS to keep options from environment
Jan Stancek <jstancek(a)redhat.com>
selftests: mptcp: extend CFLAGS to keep options from environment
Jakub Kicinski <kuba(a)kernel.org>
net: page_pool: don't try to stash the napi id
Jakub Kicinski <kuba(a)kernel.org>
tools: ynl: c: correct reverse decode of empty attrs
Stanislav Fomichev <sdf(a)fomichev.me>
net/mlx5e: add missing cpu_to_node to kvzalloc_node in mlx5e_open_xdpredirect_sq
Jakub Kicinski <kuba(a)kernel.org>
net: netdevsim: try to close UDP port harness races
Eric Dumazet <edumazet(a)google.com>
net: rose: fix timer races against user threads
Paul Fertser <fercerpav(a)gmail.com>
net/ncsi: use dev_set_mac_address() for Get MC MAC Address handling
Vasily Gorbik <gor(a)linux.ibm.com>
s390/mm: Allow large pages for KASAN shadow mapping
Michal Swiatkowski <michal.swiatkowski(a)linux.intel.com>
iavf: allow changing VLAN state without calling PF
Mateusz Polchlopek <mateusz.polchlopek(a)intel.com>
ice: remove invalid parameter of equalizer
Przemek Kitszel <przemyslaw.kitszel(a)intel.com>
ice: fix ice_parser_rt::bst_key array size
Marco Leogrande <leogrande(a)google.com>
idpf: convert workqueues to unbound
Manoj Vishwanathan <manojvishy(a)google.com>
idpf: Acquire the lock before accessing the xn->salt
Emil Tantilov <emil.s.tantilov(a)intel.com>
idpf: fix transaction timeouts on reset
Emil Tantilov <emil.s.tantilov(a)intel.com>
idpf: add read memory barrier when checking descriptor done bit
Sebastian Sewior <bigeasy(a)linutronix.de>
xfrm: Don't disable preemption while looking up cache state.
Howard Chu <howardchu95(a)gmail.com>
perf trace: Fix BPF loading failure (-E2BIG)
Wentao Liang <vulab(a)iscas.ac.cn>
PM: hibernate: Add error handling for syscore_suspend()
Eric Dumazet <edumazet(a)google.com>
ipmr: do not call mr_mfc_uses_dev() for unres entries
Dheeraj Reddy Jonnalagadda <dheeraj.linuxdev(a)gmail.com>
net: fec: implement TSO descriptor cleanup
Dimitri Fedrau <dima.fedrau(a)gmail.com>
net: phy: marvell-88q2xxx: Fix temperature measurement with reset-gpios
Ahmad Fatoum <a.fatoum(a)pengutronix.de>
gpio: mxc: remove dead code after switch to DT-only
Jian Shen <shenjian15(a)huawei.com>
net: hns3: fix oops when unload drivers paralleling
Christian Marangi <ansuelsmth(a)gmail.com>
net: airoha: Fix wrong GDM4 register definition
Alexander Stein <alexander.stein(a)ew.tq-group.com>
regulator: core: Add missing newline character
pangliyuan <pangliyuan1(a)huawei.com>
ubifs: skip dumping tnc tree when zroot is null
Zhihao Cheng <chengzhihao1(a)huawei.com>
ubi: Revert "ubi: wl: Close down wear-leveling before nand is suspended"
Ming Wang <wangming01(a)loongson.cn>
rtc: loongson: clear TOY_MATCH0_REG in loongson_rtc_isr()
Oleksij Rempel <o.rempel(a)pengutronix.de>
rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read
Dan Carpenter <dan.carpenter(a)linaro.org>
rtc: tps6594: Fix integer overflow on 32bit systems
Alexandre Cassen <acassen(a)corp.free.fr>
xfrm: delete intermediate secpath entry in packet offload mode
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
dmaengine: ti: edma: fix OF node reference leaks in edma_driver
Adam Ford <aford173(a)gmail.com>
phy: freescale: fsl-samsung-hdmi: Clean up fld_tg_code calculation
Florian Westphal <fw(a)strlen.de>
xfrm: state: fix out-of-bounds read during lookup
Jianbo Liu <jianbol(a)nvidia.com>
xfrm: replay: Fix the update of replay_esn->oseq_hi for GSO
Luo Yifan <luoyifan(a)cmss.chinamobile.com>
tools/bootconfig: Fix the wrong format specifier
Huacai Chen <chenhuacai(a)kernel.org>
LoongArch: Fix warnings during S3 suspend
Olga Kornievskaia <okorniev(a)redhat.com>
NFSv4.2: mark OFFLOAD_CANCEL MOVEABLE
Olga Kornievskaia <okorniev(a)redhat.com>
NFSv4.2: fix COPY_NOTIFY xdr buf size calculation
Mike Snitzer <snitzer(a)kernel.org>
nfs: fix incorrect error handling in LOCALIO
John Ogness <john.ogness(a)linutronix.de>
serial: 8250: Adjust the timeout for FIFO mode
Jiri Slaby (SUSE) <jirislaby(a)kernel.org>
tty: mips_ejtag_fdc: fix one more u8 warning
Zijun Hu <quic_zijuhu(a)quicinc.com>
driver core: class: Fix wild pointer dereferences in API class_dev_iter_next()
Christophe Leroy <christophe.leroy(a)csgroup.eu>
module: Don't fail module loading when setting ro_after_init section RO failed
Sebastian Andrzej Siewior <bigeasy(a)linutronix.de>
module: Extend the preempt disabled section in dereference_symbol_descriptor().
Suren Baghdasaryan <surenb(a)google.com>
alloc_tag: avoid current->alloc_tag manipulations when profiling is disabled
Ryusuke Konishi <konishi.ryusuke(a)gmail.com>
nilfs2: handle errors that nilfs_prepare_chunk() may return
Ryusuke Konishi <konishi.ryusuke(a)gmail.com>
nilfs2: protect access to buffers with no active references
Ryusuke Konishi <konishi.ryusuke(a)gmail.com>
nilfs2: do not force clear folio if buffer is referenced
Su Yue <glass.su(a)suse.com>
ocfs2: mark dquot as inactive if failed to start trans while releasing dquot
Gao Xiang <xiang(a)kernel.org>
erofs: fix potential return value overflow of z_erofs_shrink_scan()
Charles Han <hanchunchao(a)inspur.com>
firewire: test: Fix potential null dereference in firewire kunit test
Guixin Liu <kanie(a)linux.alibaba.com>
scsi: mpi3mr: Fix possible crash when setting up bsg fails
Guixin Liu <kanie(a)linux.alibaba.com>
scsi: ufs: bsg: Delete bsg_dev when setting up bsg fails
Paul Menzel <pmenzel(a)molgen.mpg.de>
scsi: mpt3sas: Set ioc->manu_pg11.EEDPTagMode directly to 1
Daire McNamara <daire.mcnamara(a)microchip.com>
PCI: microchip: Set inbound address translation for coherent or non-coherent mode
Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org>
PCI: endpoint: pci-epf-test: Fix check for DMA MEMCPY test
Mohamed Khalfella <khalfella(a)gmail.com>
PCI: endpoint: pci-epf-test: Set dma_chan_rx pointer to NULL on error
Richard Zhu <hongxing.zhu(a)nxp.com>
PCI: dwc: Always stop link in the dw_pcie_suspend_noirq
Krishna chaitanya chundru <quic_krichai(a)quicinc.com>
PCI: qcom: Update ICC and OPP values after Link Up event
Richard Zhu <hongxing.zhu(a)nxp.com>
PCI: imx6: Add missing reference clock disable logic
Richard Zhu <hongxing.zhu(a)nxp.com>
PCI: imx6: Deassert apps_reset in imx_pcie_deassert_core_reset()
Richard Zhu <hongxing.zhu(a)nxp.com>
PCI: imx6: Skip controller_id generation logic for i.MX7D
Frank Li <Frank.Li(a)nxp.com>
PCI: imx6: Configure PHY based on Root Complex or Endpoint mode
Dan Carpenter <dan.carpenter(a)linaro.org>
PCI: rockchip-ep: Fix error code in rockchip_pcie_ep_init_ob_mem()
Damien Le Moal <dlemoal(a)kernel.org>
PCI: rockchip: Add missing fields descriptions for struct rockchip_pcie_ep
King Dix <kingdix10(a)qq.com>
PCI: rcar-ep: Fix incorrect variable used when calling devm_request_mem_region()
Desnes Nunes <desnesn(a)redhat.com>
media: dvb-usb-v2: af9035: fix ISO C90 compilation error on af9035_i2c_master_xfer
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
staging: media: imx: fix OF node leak in imx_media_add_of_subdevs()
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
watchdog: rti_wdt: Fix an OF node leak in rti_wdt_probe()
Laurentiu Palcu <laurentiu.palcu(a)oss.nxp.com>
media: nxp: imx8-isi: fix v4l2-compliance test errors
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
mtd: hyperbus: hbmc-am654: fix an OF node reference leak
david regan <dregan(a)broadcom.com>
mtd: rawnand: brcmnand: fix status read of brcmnand_waitfunc
Ricardo Ribalda <ribalda(a)chromium.org>
media: uvcvideo: Propagate buf->error to userspace
Ricardo Ribalda <ribalda(a)chromium.org>
media: uvcvideo: Fix deadlock during uvc_probe
Jiasheng Jiang <jiashengjiangcool(a)gmail.com>
media: camif-core: Add check for clk_enable()
Jiasheng Jiang <jiashengjiangcool(a)gmail.com>
media: mipi-csis: Add check for clk_enable()
Dave Stevenson <dave.stevenson(a)raspberrypi.com>
media: i2c: ov9282: Correct the exposure offset
Luca Weiss <luca.weiss(a)fairphone.com>
media: i2c: imx412: Add missing newline to prints
Dave Stevenson <dave.stevenson(a)raspberrypi.com>
media: i2c: imx290: Register 0x3011 varies between imx327 and imx290
Jiasheng Jiang <jiashengjiangcool(a)gmail.com>
media: marvell: Add check for clk_enable()
Chen-Yu Tsai <wenst(a)chromium.org>
remoteproc: mtk_scp: Only populate devices for SCP cores
Jian-Hong Pan <jhp(a)endlessos.org>
PCI/ASPM: Save parent L1SS config in pci_save_aspm_l1ss_state()
Zijun Hu <quic_zijuhu(a)quicinc.com>
PCI: endpoint: Destroy the EPC device in devm_pci_epc_destroy()
Chen Ni <nichen(a)iscas.ac.cn>
media: lmedm04: Handle errors for lme2510_int_read
Oliver Neukum <oneukum(a)suse.com>
media: rc: iguanair: handle timeouts
Dmytro Maluka <dmaluka(a)chromium.org>
of/fdt: Restore possibility to use both ACPI and FDT from bootloader
Mark Brown <broonie(a)kernel.org>
spi: omap2-mcspi: Correctly handle devm_clk_get_optional() errors
Michal Wilczynski <m.wilczynski(a)samsung.com>
mailbox: th1520: Fix memory corruption due to incorrect array size
Dan Carpenter <dan.carpenter(a)linaro.org>
mailbox: mpfs: fix copy and paste bug in probe
Dan Carpenter <dan.carpenter(a)linaro.org>
mailbox: th1520: Fix a NULL vs IS_ERR() bug
Qasim Ijaz <qasdev00(a)gmail.com>
iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index()
Suraj Sonawane <surajsonawane0215(a)gmail.com>
iommu: iommufd: fix WARNING in iommufd_device_unbind
Zhu Yanjun <yanjun.zhu(a)linux.dev>
RDMA/rxe: Fix the warning "__rxe_cleanup+0x12c/0x170 [rdma_rxe]"
Anumula Murali Mohan Reddy <anumula(a)chelsio.com>
RDMA/cxgb4: Notify rdma stack for IB_EVENT_QP_LAST_WQE_REACHED event
Randy Dunlap <rdunlap(a)infradead.org>
efi: sysfb_efi: fix W=1 warnings when EFI is not set
Zijun Hu <quic_zijuhu(a)quicinc.com>
of: reserved-memory: Do not make kmemleak ignore freed address
Zijun Hu <quic_zijuhu(a)quicinc.com>
of: property: Avoiding using uninitialized variable @imaplen in parse_interrupt_map()
Michael Guralnik <michaelgur(a)nvidia.com>
RDMA/mlx5: Fix indirect mkey ODP page count
Pei Xiao <xiaopei01(a)kylinos.cn>
i3c: dw: Fix use-after-free in dw_i3c_master driver due to race condition
Joel Stanley <joel(a)jms.id.au>
arm64: dts: qcom: x1e80100-romulus: Update firmware nodes
Akhil R <akhilrajeev(a)nvidia.com>
arm64: tegra: Fix DMA ID for SPI2
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
fbdev: omapfb: Fix an OF node leak in dss_of_port_get_parent_device()
Josua Mayer <josua(a)solid-run.com>
arm64: dts: ti: k3-am642-hummingboard-t: Convert overlay to board dts
Siddharth Vadapalli <s-vadapalli(a)ti.com>
arm64: dts: ti: Makefile: Fix typo "k3-j7200-evm-pcie1-ep.dtbo"
Michael Riesch <michael.riesch(a)wolfvision.net>
arm64: dts: rockchip: fix num-channels property of wolfvision pf5 mic
Jagan Teki <jagan(a)edgeble.ai>
arm64: dts: rockchip: Fix PCIe3 handling for Edgeble-6TOPS Modules
Rafał Miłecki <rafal(a)milecki.pl>
ARM: dts: mediatek: mt7623: fix IR nodename
Josua Mayer <josua(a)solid-run.com>
arm64: dts: marvell: cn9131-cf-solidwan: fix cp1 comphy links
Vladimir Zapolskiy <vladimir.zapolskiy(a)linaro.org>
arm64: dts: qcom: sm8250: Fix interrupt types of camss interrupts
Vladimir Zapolskiy <vladimir.zapolskiy(a)linaro.org>
arm64: dts: qcom: sdm845: Fix interrupt types of camss interrupts
Vladimir Zapolskiy <vladimir.zapolskiy(a)linaro.org>
arm64: dts: qcom: sc8280xp: Fix interrupt type of camss interrupts
Val Packett <val(a)packett.cool>
arm64: dts: mediatek: add per-SoC compatibles for keypad nodes
Jason-JH.Lin <jason-jh.lin(a)mediatek.com>
dts: arm64: mediatek: mt8195: Remove MT8183 compatible for OVL
Jason-JH.Lin <jason-jh.lin(a)mediatek.com>
dts: arm64: mediatek: mt8188: Update OVL compatible from MT8183 to MT8195
Frank Wunderlich <frank-w(a)public-files.de>
arm64: dts: mediatek: mt7988: Add missing clock-div property for i2c
Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org>
firmware: qcom: scm: Cleanup global '__scm' on probe failures
Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com>
arm64: dts: qcom: sc8280xp: Fix up remoteproc register space sizes
Neil Armstrong <neil.armstrong(a)linaro.org>
arm64: dts: qcom: sm8150-microsoft-surface-duo: fix typos in da7280 properties
Neil Armstrong <neil.armstrong(a)linaro.org>
arm64: dts: qcom: sc7180: fix psci power domain node names
Alan Stern <stern(a)rowland.harvard.edu>
HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections
Neil Armstrong <neil.armstrong(a)linaro.org>
arm64: dts: qcom: sc7180-trogdor-pompom: rename 5v-choke thermal zone
Neil Armstrong <neil.armstrong(a)linaro.org>
arm64: dts: qcom: sc7180-trogdor-quackingstick: add missing avee-supply
Neil Armstrong <neil.armstrong(a)linaro.org>
arm64: dts: qcom: sdm845-db845c-navigation-mezzanine: remove disabled ov7251 camera
Neil Armstrong <neil.armstrong(a)linaro.org>
arm64: dts: qcom: qcm6490-shift-otter: remove invalid orientation-switch
Aaro Koskinen <aaro.koskinen(a)iki.fi>
ARM: omap1: Fix up the Retu IRQ on Nokia 770
Junxian Huang <huangjunxian6(a)hisilicon.com>
RDMA/hns: Clean up the legacy CONFIG_INFINIBAND_HNS
Li Zhijian <lizhijian(a)fujitsu.com>
RDMA/rtrs: Add missing deinit() call
Kalesh AP <kalesh-anakkur.purayil(a)broadcom.com>
RDMA/bnxt_re: Fix to drop reference to the mmap entry in case of error
Jonas Karlman <jonas(a)kwiboo.se>
arm64: dts: rockchip: Fix sdmmc access on rk3308-rock-s0 v1.1 boards
Bryan Brattlof <bb(a)ti.com>
arm64: dts: ti: k3-am62a: Remove duplicate GICR reg
Bryan Brattlof <bb(a)ti.com>
arm64: dts: ti: k3-am62: Remove duplicate GICR reg
Cristian Birsan <cristian.birsan(a)microchip.com>
ARM: dts: microchip: sama5d27_wlsom1_ek: Add no-1-8-v property to sdmmc0 node
Cristian Birsan <cristian.birsan(a)microchip.com>
ARM: dts: microchip: sama5d29_curiosity: Add no-1-8-v property to sdmmc0 node
Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org>
arm64: dts: qcom: sm8650: Fix CDSP context banks unit addresses
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: x1e80100: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: sm8650: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: sm8550: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: sm8450: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: sm8350: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: sm8250: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: sm6375: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: sm6125: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: sm4450: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: sdx75: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: sc7280: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: qrb4210-rb2: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: q[dr]u1000: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: qcs404: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: msm8994: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: msm8939: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: msm8916: correct sleep clock frequency
Luca Weiss <luca.weiss(a)fairphone.com>
arm64: dts: qcom: sm7225-fairphone-fp4: Drop extra qcom,msm-id value
Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com>
arm64: dts: qcom: msm8994: Describe USB interrupts
Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com>
arm64: dts: qcom: msm8996: Fix up USB3 interrupts
Ross Burton <ross.burton(a)arm.com>
arm64: defconfig: remove obsolete CONFIG_SM_DISPCC_8650
Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com>
arm64: dts: qcom: sa8775p: Use valid node names for GPI DMAs
Maulik Shah <quic_mkshah(a)quicinc.com>
arm64: dts: qcom: sa8775p: Add CPUs to psci power domain
Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com>
arm64: dts: qcom: sa8775p: Use a SoC-specific compatible for GPI DMA
Taniya Das <quic_tdas(a)quicinc.com>
arm64: dts: qcom: sa8775p: Update sleep_clk frequency
Marek Vasut <marex(a)denx.de>
arm64: dts: qcom: msm8996-xiaomi-gemini: Fix LP5562 LED1 reg property
Chen-Yu Tsai <wenst(a)chromium.org>
arm64: dts: mediatek: mt8183-kukui-jacuzzi: Drop pp3300_panel voltage settings
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
memory: tegra20-emc: fix an OF node reference bug in tegra_emc_find_node_by_ram_code()
Marek Vasut <marex(a)denx.de>
ARM: dts: stm32: Swap USART3 and UART8 alias on STM32MP15xx DHCOM SoM
Marek Vasut <marex(a)denx.de>
ARM: dts: stm32: Deduplicate serial aliases and chosen node for STM32MP15xx DHCOM SoM
Nícolas F. R. A. Prado <nfraprado(a)collabora.com>
arm64: dts: mediatek: mt8195: Remove suspend-breaking reset from pcie1
Ma Ke <make_ruc2021(a)163.com>
RDMA/srp: Fix error handling in srp_add_port
Hsin-Te Yuan <yuanhsinte(a)chromium.org>
arm64: dts: mediatek: mt8183: willow: Support second source touchscreen
Hsin-Te Yuan <yuanhsinte(a)chromium.org>
arm64: dts: mediatek: mt8183: kenzo: Support second source touchscreen
zhenwei pi <pizhenwei(a)bytedance.com>
RDMA/rxe: Fix mismatched max_msg_sz
Mamta Shukla <mamta.shukla(a)leica-geosystems.com>
arm: dts: socfpga: use reset-name "stmmaceth-ocp" instead of "ahb"
Ricky CX Wu <ricky.cx.wu.wiwynn(a)gmail.com>
ARM: dts: aspeed: yosemite4: correct the compatible string for max31790
Ricky CX Wu <ricky.cx.wu.wiwynn(a)gmail.com>
ARM: dts: aspeed: yosemite4: Add required properties for IOE on fan boards
Ricky CX Wu <ricky.cx.wu.wiwynn(a)gmail.com>
ARM: dts: aspeed: yosemite4: correct the compatible string of adm1272
Chen-Yu Tsai <wenst(a)chromium.org>
arm64: dts: mediatek: mt8173-evb: Fix MT6397 PMIC sub-node names
Chen-Yu Tsai <wenst(a)chromium.org>
arm64: dts: mediatek: mt8173-elm: Fix MT6397 PMIC sub-node names
Chen-Yu Tsai <wenst(a)chromium.org>
arm64: dts: mediatek: mt8395-genio-1200-evk: Drop regulator-compatible property
Chen-Yu Tsai <wenst(a)chromium.org>
arm64: dts: medaitek: mt8395-nio-12l: Drop regulator-compatible property
Chen-Yu Tsai <wenst(a)chromium.org>
arm64: dts: mediatek: mt8195-demo: Drop regulator-compatible property
Chen-Yu Tsai <wenst(a)chromium.org>
arm64: dts: mediatek: mt8195-cherry: Drop regulator-compatible property
Chen-Yu Tsai <wenst(a)chromium.org>
arm64: dts: mediatek: mt8192-asurada: Drop regulator-compatible property
Chen-Yu Tsai <wenst(a)chromium.org>
arm64: dts: mediatek: mt8173-elm: Drop regulator-compatible property
Chen-Yu Tsai <wenst(a)chromium.org>
arm64: dts: mediatek: mt8173-evb: Drop regulator-compatible property
Dan Carpenter <dan.carpenter(a)linaro.org>
rdma/cxgb4: Prevent potential integer overflow on 32bit
Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com>
arm64: dts: renesas: rzg3s-smarc: Fix the debug serial alias
Leon Romanovsky <leon(a)kernel.org>
RDMA/mlx4: Avoid false error about access to uninitialized gids array
Arnaud Pouliquen <arnaud.pouliquen(a)foss.st.com>
ARM: dts: stm32: Fix IPCC EXTI declaration on stm32mp151
Marek Vasut <marex(a)denx.de>
ARM: dts: stm32: Sort M24256E write-lockable page in DH STM32MP13xx DHCOR SoM DT
Marek Vasut <marex(a)denx.de>
ARM: dts: stm32: Increase CPU core voltage on STM32MP13xx DHCOR SoM
Val Packett <val(a)packett.cool>
arm64: dts: mediatek: mt8516: reserve 192 KiB for TF-A
Val Packett <val(a)packett.cool>
arm64: dts: mediatek: mt8516: add i2c clock-div property
Val Packett <val(a)packett.cool>
arm64: dts: mediatek: mt8516: fix wdt irq type
Val Packett <val(a)packett.cool>
arm64: dts: mediatek: mt8516: fix GICv2 range
Hsin-Yi Wang <hsinyi(a)chromium.org>
arm64: dts: mt8183: set DMIC one-wire mode on Damu
Nícolas F. R. A. Prado <nfraprado(a)collabora.com>
arm64: dts: mediatek: mt8186: Move wakeup to MTU3 to get working suspend
Alexander Stein <alexander.stein(a)ew.tq-group.com>
ARM: dts: imx7-tqma7: add missing vs-supply for LM75A (rev. 01xxx)
Nicolas Ferre <nicolas.ferre(a)microchip.com>
ARM: at91: pm: change BU Power Switch to automatic mode
Javier Carrasco <javier.carrasco.cruz(a)gmail.com>
soc: atmel: fix device_node release in atmel_soc_device_init()
Hou Tao <houtao1(a)huawei.com>
bpf: Cancel the running bpf_timer through kworker for PREEMPT_RT
Pali Rohár <pali(a)kernel.org>
cifs: Use cifs_autodisable_serverino() for disabling CIFS_MOUNT_SERVER_INUM in readdir.c
Paulo Alcantara <pc(a)manguebit.com>
smb: client: fix oops due to unset link speed
Herbert Xu <herbert(a)gondor.apana.org.au>
rhashtable: Fix rhashtable_try_insert test
Chen Ridong <chenridong(a)huawei.com>
padata: avoid UAF for reorder_work
Chen Ridong <chenridong(a)huawei.com>
padata: add pd get/put refcnt helper
Chen Ridong <chenridong(a)huawei.com>
padata: fix UAF in padata_reorder
Chun-Tse Shao <ctshao(a)google.com>
perf lock: Fix parse_lock_type which only retrieve one lock flag
Vishal Chourasia <vishalc(a)linux.ibm.com>
tools: Sync if_xdp.h uapi tooling header
Kailang Yang <kailang(a)realtek.com>
ALSA: hda/realtek - Fixed headphone distorted sound on Acer Aspire A115-31 laptop
Jason Gunthorpe <jgg(a)ziepe.ca>
iommu/amd: Fully decode all combinations of alloc_paging_flags
Jason Gunthorpe <jgg(a)ziepe.ca>
iommu/amd: Change amd_iommu_pgtable to use enum protection_domain_mode
Jason Gunthorpe <jgg(a)ziepe.ca>
iommu/amd: Remove type argument from do_iommu_domain_alloc() and related
Jason Gunthorpe <jgg(a)ziepe.ca>
iommu/amd: Remove dev == NULL checks
Jason Gunthorpe <jgg(a)ziepe.ca>
iommu/amd: Remove domain_alloc()
Alejandro Jimenez <alejandro.j.jimenez(a)oracle.com>
iommu/amd: Remove unused amd_iommu_domain_update()
Guo Ren <guoren(a)kernel.org>
iommu/riscv: Fixup compile warning
Daniel Xu <dxu(a)dxuuu.xyz>
bpf: tcp: Mark bpf_load_hdr_opt() arg2 as read-write
Pu Lehui <pulehui(a)huawei.com>
libbpf: Fix incorrect traversal end type ID when marking BTF_IS_EMBEDDED
Pu Lehui <pulehui(a)huawei.com>
libbpf: Fix return zero when elf_begin failed
Pu Lehui <pulehui(a)huawei.com>
selftests/bpf: Fix btf leak on new btf alloc failure in btf_distill test
Tony Ambardar <tony.ambardar(a)gmail.com>
selftests/bpf: Fix undefined UINT_MAX in veristat.c
Puranjay Mohan <puranjay(a)kernel.org>
bpf: Send signals asynchronously if !preemptible
Simon Trimmer <simont(a)opensource.cirrus.com>
ASoC: Intel: sof_sdw: Fix DMI match for Lenovo 83JX, 83MC and 83NM
Simon Trimmer <simont(a)opensource.cirrus.com>
ASoC: Intel: sof_sdw: Fix DMI match for Lenovo 83LC
Ian Rogers <irogers(a)google.com>
perf inject: Fix use without initialization of local variables
Ian Rogers <irogers(a)google.com>
perf test stat: Avoid hybrid assumption when virtualized
Maciej S. Szmigiero <mail(a)maciej.szmigiero.name>
pinctrl: amd: Take suspend type into consideration which pins are non-wake
Mingwei Zheng <zmw12306(a)gmail.com>
pinctrl: stm32: Add check for clk_enable()
Jiachen Zhang <me(a)jcix.top>
perf report: Fix misleading help message about --demangle
Cezary Rojewski <cezary.rojewski(a)intel.com>
ALSA: hda: Fix compilation of snd_hdac_adsp_xxx() helpers
Arnaldo Carvalho de Melo <acme(a)kernel.org>
perf MANIFEST: Add arch/*/include/uapi/asm/bpf_perf_event.h to the perf tarball
Namhyung Kim <namhyung(a)kernel.org>
perf symbol: Prefer non-label symbols with same address
Amadeusz Sławiński <amadeuszx.slawinski(a)linux.intel.com>
ASoC: Intel: avs: Fix init-config parsing
Cezary Rojewski <cezary.rojewski(a)intel.com>
ASoC: Intel: avs: Fix theoretical infinite loop
Cezary Rojewski <cezary.rojewski(a)intel.com>
ASoC: Intel: avs: Fix the minimum firmware version numbers
Cezary Rojewski <cezary.rojewski(a)intel.com>
ASoC: Intel: avs: Do not readq() u32 registers
Arnaldo Carvalho de Melo <acme(a)redhat.com>
perf namespaces: Fixup the nsinfo__in_pidns() return type, its bool
Arnaldo Carvalho de Melo <acme(a)redhat.com>
perf namespaces: Introduce nsinfo__set_in_pidns()
Christophe Leroy <christophe.leroy(a)csgroup.eu>
perf machine: Don't ignore _etext when not a text symbol
Christophe Leroy <christophe.leroy(a)csgroup.eu>
perf maps: Fix display of kernel symbols
Arnaldo Carvalho de Melo <acme(a)redhat.com>
perf top: Don't complain about lack of vmlinux when not resolving some kernel samples
Lu Baolu <baolu.lu(a)linux.intel.com>
iommu/vt-d: Draining PRQ in sva unbind path when FPD bit set
Jiayuan Chen <mrpre(a)163.com>
selftests/bpf: Avoid generating untracked files when running bpf selftests
Thomas Weißschuh <linux(a)weissschuh.net>
padata: fix sysfs store callback check
Martin KaFai Lau <martin.lau(a)kernel.org>
bpf: Reject struct_ops registration that uses module ptr and the module btf_id is missing
Takashi Iwai <tiwai(a)suse.de>
ALSA: seq: Make dependency on UMP clearer
Pei Xiao <xiaopei01(a)kylinos.cn>
bpf: Use refcount_t instead of atomic_t for mmap_count
Kanchana P Sridhar <kanchana.p.sridhar(a)intel.com>
crypto: iaa - Fix IAA disabling that occurs when sync_mode is set to 'async'
James Clark <james.clark(a)linaro.org>
perf stat: Fix trailing comma when there is no metric unit
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
crypto: ixp4xx - fix OF node reference leaks in init_ixp_crypto()
Wenkai Lin <linwenkai6(a)hisilicon.com>
crypto: hisilicon/sec2 - fix for aead invalid authsize
Wenkai Lin <linwenkai6(a)hisilicon.com>
crypto: hisilicon/sec2 - fix for aead icv error
Breno Leitao <leitao(a)debian.org>
rhashtable: Fix potential deadlock by moving schedule_work outside lock
Martin KaFai Lau <martin.lau(a)kernel.org>
bpf: bpf_local_storage: Always use bpf_mem_alloc in PREEMPT_RT
Ba Jing <bajing(a)cmss.chinamobile.com>
ktest.pl: Remove unused declarations in run_bisect_test function
Mingwei Zheng <zmw12306(a)gmail.com>
pinctrl: nomadik: Add check for clk_enable()
Levi Yun <yeoreum.yun(a)arm.com>
perf expr: Initialize is_test value in expr__ctx_new()
Arnaldo Carvalho de Melo <acme(a)redhat.com>
tools build: Remove the libunwind feature tests from the ones detected when test-all.o builds
Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com>
ASoC: renesas: rz-ssi: Use only the proper amount of dividers
Zhongqiu Han <quic_zhonhan(a)quicinc.com>
perf bpf: Fix two memory leakages when calling perf_env__insert_bpf_prog_info()
Zhongqiu Han <quic_zhonhan(a)quicinc.com>
perf header: Fix one memory leakage in process_bpf_prog_info()
Zhongqiu Han <quic_zhonhan(a)quicinc.com>
perf header: Fix one memory leakage in process_bpf_btf()
Hans de Goede <hdegoede(a)redhat.com>
platform/x86: x86-android-tablets: Make variables only used locally static
Hans de Goede <hdegoede(a)redhat.com>
platform/x86: x86-android-tablets: Add missing __init to get_i2c_adap_by_*()
Gaurav Jain <gaurav.jain(a)nxp.com>
crypto: caam - use JobR's space to access page 0 regs
Herbert Xu <herbert(a)gondor.apana.org.au>
crypto: api - Fix boot-up self-test race
Chen Ridong <chenridong(a)huawei.com>
crypto: tegra - do not transfer req when tegra init fails
Jason Gunthorpe <jgg(a)ziepe.ca>
iommu/arm-smmuv3: Update comments about ATS and bypass
Saket Kumar Bhaskar <skb99(a)linux.ibm.com>
selftests/bpf: Fix fill_link_info selftest on powerpc
Arnaldo Carvalho de Melo <acme(a)redhat.com>
tools features: Don't check for libunwind devel files by default
George Lander <lander(a)jagmn.com>
ASoC: sun4i-spdif: Add clock multiplier settings
Bard Liao <yung-chuan.liao(a)linux.intel.com>
ASoC: Intel: sof_sdw: correct mach_params->dmic_num
Quentin Monnet <qmo(a)kernel.org>
libbpf: Fix segfault due to libelf functions not setting errno
Andrea Righi <arighi(a)nvidia.com>
sched_ext: Use the NUMA scheduling domain for NUMA optimizations
Marco Leogrande <leogrande(a)google.com>
tools/testing/selftests/bpf/test_tc_tunnel.sh: Fix wait for server bind
Takashi Iwai <tiwai(a)suse.de>
ASoC: wcd937x: Use *-y for Makefile
Takashi Iwai <tiwai(a)suse.de>
ASoC: cs42l84: Use *-y for Makefile
Takashi Iwai <tiwai(a)suse.de>
ASoC: SDCA: Use *-y for Makefile
Takashi Iwai <tiwai(a)suse.de>
ASoC: mediatek: mt8365: Use *-y for Makefile
Takashi Iwai <tiwai(a)suse.de>
ASoC: cs40l50: Use *-y for Makefile
Andrii Nakryiko <andrii(a)kernel.org>
libbpf: don't adjust USDT semaphore address if .stapsdt.base addr is missing
Christophe JAILLET <christophe.jaillet(a)wanadoo.fr>
pinctrl: samsung: Fix irq handling if an error occurs in exynos_irq_demux_eint16_31()
Pei Xiao <xiaopei01(a)kylinos.cn>
platform/x86: x86-android-tablets: make platform data be static
Pei Xiao <xiaopei01(a)kylinos.cn>
platform/mellanox: mlxbf-pmc: incorrect type in assignment
Nikita Zhandarovich <n.zhandarovich(a)fintech.ru>
net/rose: prevent integer overflows in rose_setsockopt()
Mahdi Arghavani <ma.arghavani(a)yahoo.com>
tcp_cubic: fix incorrect HyStart round start detection
Roger Quadros <rogerq(a)kernel.org>
net: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns()
Xin Long <lucien.xin(a)gmail.com>
net: sched: refine software bypass handling in tc_run
Florian Westphal <fw(a)strlen.de>
netfilter: nft_flow_offload: update tcp state flags under lock
Pablo Neira Ayuso <pablo(a)netfilter.org>
netfilter: nf_tables: fix set size with rbtree backend
Jamal Hadi Salim <jhs(a)mojatatu.com>
net: sched: Disallow replacing of child qdisc from one parent to another
Antoine Tenart <atenart(a)kernel.org>
net: avoid race between device unregistration and ethnl ops
Shinas Rasheed <srasheed(a)marvell.com>
octeon_ep_vf: remove firmware stats fetch in ndo_get_stats64
Shinas Rasheed <srasheed(a)marvell.com>
octeon_ep: remove firmware stats fetch in ndo_get_stats64
Maher Sanalla <msanalla(a)nvidia.com>
net/mlxfw: Drop hard coded max FW flash image size
Liu Jian <liujian56(a)huawei.com>
net: let net.core.dev_weight always be non-zero
Mickaël Salaün <mic(a)digikod.net>
selftests/landlock: Fix error message
Mickaël Salaün <mic(a)digikod.net>
selftests/landlock: Fix build with non-default pthread linking
Daniel Golle <daniel(a)makrotopia.org>
net: phy: realtek: always clear NBase-T lpa
Daniel Golle <daniel(a)makrotopia.org>
net: phy: realtek: clear master_slave_state if link is down
Daniel Golle <daniel(a)makrotopia.org>
net: phy: realtek: clear 1000Base-T lpa if link is down
Mingwei Zheng <zmw12306(a)gmail.com>
pwm: stm32: Add check for clk_enable()
Kuniyuki Iwashima <kuniyu(a)amazon.com>
dev: Acquire netdev_rename_lock before restoring dev->name in dev_change_name().
Bo Gan <ganboing(a)gmail.com>
clk: analogbits: Fix incorrect calculation of vco rate delta
Eric Dumazet <edumazet(a)google.com>
inet: ipmr: fix data-races
Alexis Lothoré <alexis.lothore(a)bootlin.com>
wifi: wilc1000: unregister wiphy only after netdev registration
Max Chou <max.chou(a)realtek.com>
Bluetooth: btrtl: check for NULL in btrtl_setup_realtek()
Charles Han <hanchunchao(a)inspur.com>
Bluetooth: btbcm: Fix NULL deref in btbcm_get_board_name()
Dmitry Antipov <dmantipov(a)yandex.ru>
wifi: cfg80211: adjust allocation of colocated AP data
Dmitry V. Levin <ldv(a)strace.io>
selftests: harness: fix printing of mismatch values in __EXPECT()
Geert Uytterhoeven <geert+renesas(a)glider.be>
selftests: timers: clocksource-switch: Adapt progress to kselftest framework
Aditya Kumar Singh <quic_adisi(a)quicinc.com>
wifi: ath12k: fix key cache handling
Gautham R. Shenoy <gautham.shenoy(a)amd.com>
cpufreq: ACPI: Fix max-frequency computation
Uwe Kleine-König <u.kleine-koenig(a)baylibre.com>
i2c: designware: Actually make use of the I2C_DW_COMMON and I2C_DW symbol namespaces
Peter Chiu <chui-hao.chiu(a)mediatek.com>
wifi: mt76: mt7996: fix ldpc setting
Benjamin Lin <benjamin-jw.lin(a)mediatek.com>
wifi: mt76: mt7996: fix definition of tx descriptor
Benjamin Lin <benjamin-jw.lin(a)mediatek.com>
wifi: mt76: mt7996: fix incorrect indexing of MIB FW event
Howard Hsu <howard-yh.hsu(a)mediatek.com>
wifi: mt76: mt7996: fix HE Phy capability
Howard Hsu <howard-yh.hsu(a)mediatek.com>
wifi: mt76: mt7996: fix the capability of reception of EHT MU PPDU
Peter Chiu <chui-hao.chiu(a)mediatek.com>
wifi: mt76: mt7996: add max mpdu len capability
Peter Chiu <chui-hao.chiu(a)mediatek.com>
wifi: mt76: mt7996: fix register mapping
Peter Chiu <chui-hao.chiu(a)mediatek.com>
wifi: mt76: mt7915: fix register mapping
Felix Fietkau <nbd(a)nbd.name>
wifi: mt76: mt7915: fix omac index assignment after hardware reset
Felix Fietkau <nbd(a)nbd.name>
wifi: mt76: mt7915: firmware restart on devices with a second pcie link
Felix Fietkau <nbd(a)nbd.name>
wifi: mt76: only enable tx worker after setting the channel
Felix Fietkau <nbd(a)nbd.name>
wifi: mt76: mt7996: fix rx filter setting for bfee functionality
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: Properly handle responses for commands with events
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: Cleanup MLO settings post-disconnection
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: Update mt7925_mcu_uni_[tx,rx]_ba for MLO
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: Init secondary link PM state
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: Update secondary link PS flow
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: Update mt7925_unassign_vif_chanctx for per-link BSS
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: Update mt792x_rx_get_wcid for per-link STA
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: Update mt7925_mcu_sta_update for BC in ASSOC state
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: Enhance mt7925_mac_link_sta_add to support MLO
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: Enhance mt7925_mac_link_bss_add to support MLO
Leon Yen <leon.yen(a)mediatek.com>
wifi: mt76: mt7925: Fix CNM Timeout with Single Active Link in MLO
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: fix wrong parameter for related cmd of chan info
allan.wang <allan.wang(a)mediatek.com>
wifi: mt76: mt7925: Fix incorrect WCID phy_idx assignment
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: Fix incorrect WCID assignment for MLO
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: Fix incorrect MLD address in bss_mld_tlv for MLO support
Sean Wang <sean.wang(a)mediatek.com>
wifi: mt76: connac: Extend mt76_connac_mcu_uni_add_dev for MLO
xueqin Luo <luoxueqin(a)kylinos.cn>
wifi: mt76: mt7915: fix overflows seen when writing limit attributes
xueqin Luo <luoxueqin(a)kylinos.cn>
wifi: mt76: mt7996: fix overflows seen when writing limit attributes
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: fix the invalid ip address for arp offload
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: fix get wrong chip cap from incorrect pointer
Eric-SY Chang <eric-sy.chang(a)mediatek.com>
wifi: mt76: mt7925: fix wrong band_idx setting when enable sniffer mode
Charles Han <hanchunchao(a)inspur.com>
wifi: mt76: mt7925: fix NULL deref check in mt7925_change_vif_links
Christophe JAILLET <christophe.jaillet(a)wanadoo.fr>
wifi: mt76: mt7915: Fix an error handling path in mt7915_add_interface()
Michael Lo <michael.lo(a)mediatek.com>
wifi: mt76: mt7921: fix using incorrect group cipher after disconnection.
WangYuli <wangyuli(a)uniontech.com>
wifi: mt76: mt76u_vendor_request: Do not print error messages when -EPROTO
Mickaël Salaün <mic(a)digikod.net>
landlock: Handle weird files
Guangguan Wang <guangguan.wang(a)linux.alibaba.com>
net/smc: fix data error when recvmsg with MSG_PEEK flag
Drew Fustini <dfustini(a)tenstorrent.com>
clk: thead: Fix cpu2vp_clk for TH1520 AP_SUBSYS clocks
Drew Fustini <dfustini(a)tenstorrent.com>
clk: thead: Add CLK_IGNORE_UNUSED to fix TH1520 boot
Drew Fustini <dfustini(a)tenstorrent.com>
clk: thead: Fix clk gate registration to pass flags
Sergio Paracuellos <sergio.paracuellos(a)gmail.com>
clk: ralink: mtmips: remove duplicated 'xtal' clock for Ralink SoC RT3883
Johannes Berg <johannes.berg(a)intel.com>
wifi: mac80211: don't flush non-uploaded STAs
Ilan Peer <ilan.peer(a)intel.com>
wifi: mac80211: Fix common size calculation for ML element
Andy Strohman <andrew(a)andrewstrohman.com>
wifi: mac80211: fix tid removal during mesh forwarding
Kees Cook <kees(a)kernel.org>
wifi: cfg80211: Move cfg80211_scan_req_add_chan() n_channels increment earlier
Johannes Berg <johannes.berg(a)intel.com>
wifi: mac80211: prohibit deactivating all links
Emmanuel Grumbach <emmanuel.grumbach(a)intel.com>
wifi: iwlwifi: mvm: remove unneeded NULL pointer checks
Daniel Gabay <daniel.gabay(a)intel.com>
wifi: iwlwifi: mvm: don't count mgmt frames as MPDU
Miri Korenblit <miriam.rachel.korenblit(a)intel.com>
wifi: iwlwifi: mvm: avoid NULL pointer dereference
Johannes Berg <johannes.berg(a)intel.com>
wifi: iwlwifi: fw: read STEP table from correct UEFI var
Nicolas Cavallari <nicolas.cavallari(a)green-communications.fr>
wifi: mt76: mt7915: Fix mesh scan on MT7916 DBDC
Dan Carpenter <dan.carpenter(a)linaro.org>
wifi: mt76: mt7925: fix off by one in mt7925_load_clc()
Joel Stanley <joel(a)jms.id.au>
hwmon: Fix help text for aspeed-g6-pwm-tach
Ping-Ke Shih <pkshih(a)realtek.com>
wifi: rtw89: fix race between cancel_hw_scan and hw_scan completion
Zong-Zhe Yang <kevin_yang(a)realtek.com>
wifi: rtw89: mcc: consider time limits not divisible by 1024
Chih-Kang Chang <gary.chang(a)realtek.com>
wifi: rtw89: avoid to init mgnt_entry list twice when WoWLAN failed
Po-Hao Huang <phhuang(a)realtek.com>
wifi: rtw89: correct header conversion rule for MLO only
Zong-Zhe Yang <kevin_yang(a)realtek.com>
wifi: rtw89: chan: fix soft lockup in rtw89_entity_recalc_mgnt_roles()
Zong-Zhe Yang <kevin_yang(a)realtek.com>
wifi: rtw89: fix proceeding MCC with wrong scanning state after sequence changes
Andreas Kemnade <andreas(a)kemnade.info>
wifi: wlcore: fix unbalanced pm_runtime calls
Alexis Lothoré <alexis.lothore(a)bootlin.com>
wifi: wilc1000: unregister wiphy only if it has been registered
Shayne Chen <shayne.chen(a)mediatek.com>
wifi: mt76: mt7996: fix invalid interface combinations
Zichen Xie <zichenxie0106(a)gmail.com>
samples/landlock: Fix possible NULL dereference in parse_path()
Rob Herring (Arm) <robh(a)kernel.org>
mfd: syscon: Fix race in device_node_get_regmap()
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
leds: cht-wcove: Use devm_led_classdev_register() to avoid memory leak
Terry Tritton <terry.tritton(a)linaro.org>
HID: fix generic desktop D-Pad controls
Karol Przybylski <karprzy7(a)gmail.com>
HID: hid-thrustmaster: Fix warning in thrustmaster_probe by adding endpoint check
Amit Pundir <amit.pundir(a)linaro.org>
clk: qcom: gcc-sdm845: Do not use shared clk_ops for QUPs
Sathishkumar Muruganandam <quic_murugana(a)quicinc.com>
wifi: ath12k: fix tx power, max reg power update to firmware
Quan Nguyen <quan(a)os.amperecomputing.com>
ipmi: ssif_bmc: Fix new request loss when bmc ready for a response
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
OPP: OF: Fix an OF node leak in _opp_add_static_v2()
Yevgeny Kliteynik <kliteyn(a)nvidia.com>
net/mlx5: HWS, fix definer's HWS_SET32 macro for negative offset
Eric Dumazet <edumazet(a)google.com>
ax25: rcu protect dev->ax25_ptr
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
regulator: of: Implement the unwind path of of_regulator_match()
Vasily Khoruzhick <anarsoul(a)gmail.com>
clk: sunxi-ng: a64: stop force-selecting PLL-MIPI as TCON0 parent
Mario Limonciello <mario.limonciello(a)amd.com>
cpufreq/amd-pstate: Fix prefcore rankings
Octavian Purdila <tavip(a)google.com>
team: prevent adding a device which is already a team device lower
Bryan O'Donoghue <bryan.odonoghue(a)linaro.org>
clk: qcom: camcc-x1e80100: Set titan_top_gdsc as the parent GDSC of subordinate GDSCs
Peng Fan <peng.fan(a)nxp.com>
clk: imx: Apply some clks only for i.MX93
Shengjiu Wang <shengjiu.wang(a)nxp.com>
arm64: dts: imx93: Use IMX93_CLK_SPDIF_IPG as SPDIF IPG clock
Shengjiu Wang <shengjiu.wang(a)nxp.com>
clk: imx93: Add IMX93_CLK_SPDIF_IPG clock
Shengjiu Wang <shengjiu.wang(a)nxp.com>
dt-bindings: clock: imx93: Add SPDIF IPG clk
Marek Vasut <marex(a)denx.de>
clk: imx8mp: Fix clkout1/2 support
Stefano Brivio <sbrivio(a)redhat.com>
udp: Deal with race between UDP socket address change and rehash
Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org>
cpufreq: qcom: Implement clk_ops::determine_rate() for qcom_cpufreq* clocks
Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org>
cpufreq: qcom: Fix qcom_cpufreq_hw_recalc_rate() to query LUT if LMh IRQ is not available
Luca Ceresoli <luca.ceresoli(a)bootlin.com>
gpio: pca953x: log an error when failing to get the reset GPIO
Lorenzo Bianconi <lorenzo(a)kernel.org>
net: airoha: Fix error path in airoha_probe()
Eric Dumazet <edumazet(a)google.com>
ptr_ring: do not block hard interrupts in ptr_ring_resize_multiple()
Mickaël Salaün <mic(a)digikod.net>
selftests: ktap_helpers: Fix uninitialized variable
Sultan Alsawaf (unemployed) <sultan(a)kerneltoast.com>
cpufreq: schedutil: Fix superfluous updates caused by need_freq_update
Mingwei Zheng <zmw12306(a)gmail.com>
pwm: stm32-lp: Add check for clk_enable()
Eric Dumazet <edumazet(a)google.com>
inetpeer: do not get a refcount in inet_getpeer()
Eric Dumazet <edumazet(a)google.com>
inetpeer: update inetpeer timestamp in inet_getpeer()
Eric Dumazet <edumazet(a)google.com>
inetpeer: remove create argument of inet_getpeer()
Eric Dumazet <edumazet(a)google.com>
inetpeer: remove create argument of inet_getpeer_v[46]()
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
leds: netxbig: Fix an OF node reference leak in netxbig_leds_get_of_pdata()
Matti Vaittinen <mazziesaccount(a)gmail.com>
dt-bindings: mfd: bd71815: Fix rsense and typos
He Rongguang <herongguang(a)linux.alibaba.com>
cpupower: fix TSC MHz calculation
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
ACPI: fan: cleanup resources in the error path of .probe()
Uwe Kleine-König <u.kleine-koenig(a)baylibre.com>
hwmon: (nct6775): Actually make use of the HWMON_NCT6775 symbol namespace
Marcel Hamer <marcel.hamer(a)windriver.com>
wifi: brcmfmac: add missing header include for brcmf_dbg
Aditya Kumar Singh <quic_adisi(a)quicinc.com>
wifi: ath12k: fix read pointer after free in ath12k_mac_assign_vif_to_vdev()
Chen-Yu Tsai <wenst(a)chromium.org>
regulator: dt-bindings: mt6315: Drop regulator-compatible property
Jiri Kosina <jikos(a)kernel.org>
HID: multitouch: fix support for Goodix PID 0x01e9
Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>
wifi: rtlwifi: pci: wait for firmware loading before releasing memory
Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>
wifi: rtlwifi: fix memory leaks and invalid access at probe error path
Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>
wifi: rtlwifi: destroy workqueue at rtl_deinit_core
Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>
wifi: rtlwifi: remove unused check_buddy_priv
Geert Uytterhoeven <geert+renesas(a)glider.be>
dt-bindings: leds: class-multicolor: Fix path to color definitions
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
clk: fix an OF node reference leak in of_clk_get_parent_name()
Neil Armstrong <neil.armstrong(a)linaro.org>
dt-bindings: mmc: controller: clarify the address-cells description
David Howells <dhowells(a)redhat.com>
rxrpc: Fix handling of received connection abort
Mingwei Zheng <zmw12306(a)gmail.com>
spi: zynq-qspi: Add check for clk_enable()
Octavian Purdila <tavip(a)google.com>
net_sched: sch_sfq: don't allow 1 packet limit
Song Yoong Siang <yoong.siang.song(a)intel.com>
selftests/bpf: Actuate tx_metadata_len in xdp_hw_metadata
Zichen Xie <zichenxie0106(a)gmail.com>
wifi: cfg80211: tests: Fix potential NULL dereference in test_cfg80211_parse_colocated_ap()
Dan Carpenter <dan.carpenter(a)linaro.org>
clk: mmp: pxa1908-apbc: Fix NULL vs IS_ERR() check
Dan Carpenter <dan.carpenter(a)linaro.org>
clk: mmp: pxa1908-apbcp: Fix a NULL vs IS_ERR() check
Dan Carpenter <dan.carpenter(a)linaro.org>
clk: mmp: pxa1908-mpmu: Fix a NULL vs IS_ERR() check
Javier Carrasco <javier.carrasco.cruz(a)gmail.com>
clk: renesas: cpg-mssr: Fix 'soc' node handling in cpg_mssr_reserved_init()
Barnabás Czémán <barnabas.czeman(a)mainlining.org>
wifi: wcn36xx: fix channel survey memory allocation size
Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>
wifi: rtlwifi: usb: fix workqueue leak when probe fails
Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>
wifi: rtlwifi: fix init_sw_vars leak when probe fails
Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>
wifi: rtlwifi: wait for firmware loading before releasing memory
Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>
wifi: rtlwifi: rtl8192se: rise completion of firmware loading as last step
Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>
wifi: rtlwifi: do not complete firmware loading needlessly
Colin Ian King <colin.i.king(a)gmail.com>
wifi: rtlwifi: rtl8821ae: phy: restore removed code to fix infinite loop
Balaji Pothunoori <quic_bpothuno(a)quicinc.com>
wifi: ath11k: Fix unexpected return buffer manager error for WCN6750/WCN6855
Charles Han <hanchunchao(a)inspur.com>
ipmi: ipmb: Add check devm_kasprintf() returned value
Thomas Gleixner <tglx(a)linutronix.de>
genirq: Make handle_enforce_irqctx() unconditionally available
Jonathan Kim <jonathan.kim(a)amd.com>
drm/amdgpu: fix gpu recovery disable with per queue reset
Jiang Liu <gerry(a)linux.alibaba.com>
drm/amdgpu: tear down ttm range manager for doorbell in amdgpu_ttm_fini()
Dan Carpenter <dan.carpenter(a)linaro.org>
drm/amdgpu: Fix shift type in amdgpu_debugfs_sdma_sched_mask_set()
Hermes Wu <hermes.wu(a)ite.com.tw>
drm/bridge: it6505: Change definition of AUX_FIFO_MAX_SIZE
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
drm/msm/mdp4: correct LCDC regulator name
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
drm/msm: don't clean up priv->kms prematurely
Sui Jingfeng <sui.jingfeng(a)linux.dev>
drm/msm: Check return value of of_dma_configure()
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
drm/msm/dpu: link DSPP_2/_3 blocks on X1E80100
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
drm/msm/dpu: link DSPP_2/_3 blocks on SM8650
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
drm/msm/dpu: link DSPP_2/_3 blocks on SM8550
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
drm/msm/dpu: link DSPP_2/_3 blocks on SM8350
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
drm/msm/dpu: link DSPP_2/_3 blocks on SM8250
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
drm/msm/dpu: link DSPP_2/_3 blocks on SC8180X
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
drm/msm/dpu: link DSPP_2/_3 blocks on SM8150
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
drm/msm/dpu: provide DSPP and correct LM config for SDM670
Neil Armstrong <neil.armstrong(a)linaro.org>
OPP: fix dev_pm_opp_find_bw_*() when bandwidth table not initialized
Neil Armstrong <neil.armstrong(a)linaro.org>
OPP: add index check to assert to avoid buffer overflow in _read_freq()
Karol Przybylski <karprzy7(a)gmail.com>
drm/amdgpu: Fix potential integer overflow in scheduler mask calculations
Bokun Zhang <bokun.zhang(a)amd.com>
drm/amdgpu/vcn: reset fw_shared under SRIOV
Min-Hua Chen <minhuadotchen(a)gmail.com>
drm/rockchip: vop2: include rockchip_drm_drv.h
Andy Yan <andy.yan(a)rock-chips.com>
drm/rockchip: vop2: Add check for 32 bpp format for rk3588
Andy Yan <andy.yan(a)rock-chips.com>
drm/rockchip: vop2: Check linear format for Cluster windows on rk3566/8
Andy Yan <andy.yan(a)rock-chips.com>
drm/rockchip: vop2: Setup delay cycle for Esmart2/3
Andy Yan <andy.yan(a)rock-chips.com>
drm/rockchip: vop2: Set AXI id for rk3588
Derek Foreman <derek.foreman(a)collabora.com>
drm/connector: Allow clearing HDMI infoframes
John Ogness <john.ogness(a)linutronix.de>
printk: Defer legacy printing when holding printk_cpu_sync
Andy Yan <andy.yan(a)rock-chips.com>
drm/rockchip: vop2: Fix the windows switch between different layers
Abhinav Kumar <quic_abhinavk(a)quicinc.com>
drm/msm/dpu: check dpu_plane_atomic_print_state() for valid sspp
Abhinav Kumar <quic_abhinavk(a)quicinc.com>
drm/msm/dp: disable the opp table request even for dp_ctrl_off_link()
Abhinav Kumar <quic_abhinavk(a)quicinc.com>
drm/msm/dp: dont call dp_catalog_ctrl_mainlink_ctrl in dp_ctrl_configure_source_params()
Abhinav Kumar <quic_abhinavk(a)quicinc.com>
drm/msm/dp: do not touch the MMSS_DP_INTF_CONFIG for tpg
Boris Brezillon <boris.brezillon(a)collabora.com>
drm/panthor: Preserve the result returned by panthor_fw_resume()
Andy Yan <andy.yan(a)rock-chips.com>
drm/rockchip: vop2: Fix the mixer alpha setup for layer 0
Andy Yan <andy.yan(a)rock-chips.com>
drm/rockchip: vop2: Fix cluster windows alpha ctrl regsiters offset
Ivan Stepchenko <sid(a)itb.spb.ru>
drm/amdgpu: Fix potential NULL pointer dereference in atomctrl_get_smc_sclk_range_table
Christophe JAILLET <christophe.jaillet(a)wanadoo.fr>
drm/amd/pm: Fix an error handling path in vega10_enable_se_edc_force_stall_config()
Sui Jingfeng <sui.jingfeng(a)linux.dev>
drm/etnaviv: Fix page property being used for non writecombine buffers
Rex Nie <rex.nie(a)jaguarmicro.com>
drm/msm/hdmi: simplify code in pll_get_integloop_gain
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
dt-bindings: display/msm: qcom,sa8775p-mdss: fix the example
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
drm/msm/dp: fix msm_dp_utils_pack_sdp_header interface
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
drm/msm/dp: set safe_to_exit_level before printing it
Heiko Stuebner <heiko.stuebner(a)cherry.de>
drm/rockchip: vop2: fix rk3588 dp+dsi maxclk verification
Ville Syrjälä <ville.syrjala(a)linux.intel.com>
drm/i915: Grab intel_display from the encoder to avoid potential oopsies
Maíra Canal <mcanal(a)igalia.com>
drm/v3d: Fix performance counter source settings on V3D 7.x
Chengming Zhou <chengming.zhou(a)linux.dev>
psi: Fix race when task wakes up before psi_sched_switch() adjusts flags
K Prateek Nayak <kprateek.nayak(a)amd.com>
x86/topology: Use x86_sched_itmt_flags for PKG domain unconditionally
Tianchen Ding <dtcccc(a)linux.alibaba.com>
sched: Fix race between yield_to() and try_to_wake_up()
Peter Zijlstra <peterz(a)infradead.org>
sched/fair: Fix value reported by hot tasks pulled in /proc/schedstat
Peter Zijlstra <peterz(a)infradead.org>
sched/fair: Untangle NEXT_BUDDY and pick_next_task()
Yabin Cui <yabinc(a)google.com>
perf/core: Save raw sample data conditionally based on sample type
John Garry <john.g.garry(a)oracle.com>
block: Ensure start sector is aligned for stacking atomic writes
David Howells <dhowells(a)redhat.com>
afs: Fix the fallback handling for the YFS.RemoveFile2 RPC call
Jens Axboe <axboe(a)kernel.dk>
nvme: fix bogus kzalloc() return check in nvme_init_effects_log()
Christophe Leroy <christophe.leroy(a)csgroup.eu>
select: Fix unbalanced user_access_end()
Qu Wenruo <wqu(a)suse.com>
btrfs: subpage: fix the bitmap dump of the locked flags
Randy Dunlap <rdunlap(a)infradead.org>
partitions: ldm: remove the initial kernel-doc notation
Qu Wenruo <wqu(a)suse.com>
btrfs: improve the warning and error message for btrfs_remove_qgroup()
Keisuke Nishimura <keisuke.nishimura(a)inria.fr>
nvme: Add error path for xa_store in nvme_init_effects
Michael Ellerman <mpe(a)ellerman.id.au>
selftests/powerpc: Fix argument order to timer_sub()
Gaurav Batra <gbatra(a)linux.ibm.com>
powerpc/pseries/iommu: IOMMU incorrectly marks MMIO range in DDW
Keisuke Nishimura <keisuke.nishimura(a)inria.fr>
nvme: Add error check for xa_store in nvme_get_effects_log
Sagi Grimberg <sagi(a)grimberg.me>
nvme-tcp: Fix I/O queue cpu spreading for multiple controllers
Christoph Hellwig <hch(a)lst.de>
block: fix queue freeze vs limits lock order in sysfs store methods
Christoph Hellwig <hch(a)lst.de>
block: add a store_limit operations for sysfs entries
Christoph Hellwig <hch(a)lst.de>
block: add a queue_limits_commit_update_frozen helper
Christoph Hellwig <hch(a)lst.de>
block: don't update BLK_FEAT_POLL in __blk_mq_update_nr_hw_queues
Christoph Hellwig <hch(a)lst.de>
block: check BLK_FEAT_POLL under q_usage_count
Eugen Hristev <eugen.hristev(a)linaro.org>
pstore/blk: trivial typo fixes
Yu Kuai <yukuai3(a)huawei.com>
nbd: don't allow reconnect after disconnect
Geert Uytterhoeven <geert+renesas(a)glider.be>
ps3disk: Do not use dev->bounce_size before it is set
Yang Erkun <yangerkun(a)huawei.com>
block: retry call probe after request_module in blk_request_module
Pavel Begunkov <asml.silence(a)gmail.com>
io_uring: prevent reg-wait speculations
Christoph Hellwig <hch(a)lst.de>
block: copy back bounce buffer to user-space correctly in case of split
Jinliang Zheng <alexjlzheng(a)gmail.com>
fs: fix proc_handler for sysctl_nr_open
David Howells <dhowells(a)redhat.com>
afs: Fix cleanup of immediately failed async calls
David Howells <dhowells(a)redhat.com>
afs: Fix directory format encoding struct
David Howells <dhowells(a)redhat.com>
afs: Fix EEXIST error returned from afs_rmdir() to be ENOTEMPTY
Alexander Aring <aahringo(a)redhat.com>
dlm: fix srcu_read_lock() return type to int
Alexander Aring <aahringo(a)redhat.com>
dlm: fix removal of rsb struct that is master and dir record
Sourabh Jain <sourabhjain(a)linux.ibm.com>
powerpc/book3s64/hugetlb: Fix disabling hugetlb when fadump is active
Kees Cook <kees(a)kernel.org>
coredump: Do not lock during 'comm' reporting
-------------
Diffstat:
.../bindings/display/msm/qcom,sa8775p-mdss.yaml | 3 +-
.../bindings/leds/leds-class-multicolor.yaml | 2 +-
.../devicetree/bindings/mfd/rohm,bd71815-pmic.yaml | 20 +--
.../devicetree/bindings/mmc/mmc-controller.yaml | 2 +-
.../bindings/regulator/mt6315-regulator.yaml | 6 -
Documentation/driver-api/crypto/iaa/iaa-crypto.rst | 9 +-
Makefile | 4 +-
.../dts/aspeed/aspeed-bmc-facebook-yosemite4.dts | 24 ++-
.../boot/dts/intel/socfpga/socfpga_arria10.dtsi | 6 +-
arch/arm/boot/dts/mediatek/mt7623.dtsi | 2 +-
.../boot/dts/microchip/at91-sama5d27_wlsom1_ek.dts | 1 +
.../boot/dts/microchip/at91-sama5d29_curiosity.dts | 1 +
arch/arm/boot/dts/nxp/imx/imx7-tqma7.dtsi | 1 +
arch/arm/boot/dts/st/stm32mp13xx-dhcor-som.dtsi | 16 +-
arch/arm/boot/dts/st/stm32mp151.dtsi | 2 +-
arch/arm/boot/dts/st/stm32mp15xx-dhcom-drc02.dtsi | 12 --
arch/arm/boot/dts/st/stm32mp15xx-dhcom-pdk2.dtsi | 10 --
.../arm/boot/dts/st/stm32mp15xx-dhcom-picoitx.dtsi | 10 --
arch/arm/boot/dts/st/stm32mp15xx-dhcom-som.dtsi | 7 +
arch/arm/mach-at91/pm.c | 31 ++--
arch/arm/mach-omap1/board-nokia770.c | 2 +-
arch/arm64/boot/dts/freescale/imx93.dtsi | 2 +-
arch/arm64/boot/dts/marvell/cn9131-cf-solidwan.dts | 4 +-
arch/arm64/boot/dts/mediatek/mt7988a.dtsi | 3 +
arch/arm64/boot/dts/mediatek/mt8173-elm.dtsi | 29 +---
arch/arm64/boot/dts/mediatek/mt8173-evb.dts | 25 +--
.../dts/mediatek/mt8183-kukui-jacuzzi-damu.dts | 4 +
.../dts/mediatek/mt8183-kukui-jacuzzi-kenzo.dts | 15 ++
.../dts/mediatek/mt8183-kukui-jacuzzi-willow.dtsi | 15 ++
.../boot/dts/mediatek/mt8183-kukui-jacuzzi.dtsi | 2 -
arch/arm64/boot/dts/mediatek/mt8183.dtsi | 3 +-
arch/arm64/boot/dts/mediatek/mt8186.dtsi | 8 +-
arch/arm64/boot/dts/mediatek/mt8188.dtsi | 2 +-
arch/arm64/boot/dts/mediatek/mt8192-asurada.dtsi | 3 -
arch/arm64/boot/dts/mediatek/mt8195-cherry.dtsi | 2 -
arch/arm64/boot/dts/mediatek/mt8195-demo.dts | 9 --
arch/arm64/boot/dts/mediatek/mt8195.dtsi | 5 +-
arch/arm64/boot/dts/mediatek/mt8365.dtsi | 3 +-
.../boot/dts/mediatek/mt8395-genio-1200-evk.dts | 2 -
.../boot/dts/mediatek/mt8395-radxa-nio-12l.dts | 2 -
arch/arm64/boot/dts/mediatek/mt8516.dtsi | 11 +-
arch/arm64/boot/dts/mediatek/pumpkin-common.dtsi | 2 -
arch/arm64/boot/dts/nvidia/tegra234.dtsi | 2 +-
arch/arm64/boot/dts/qcom/msm8916.dtsi | 2 +-
arch/arm64/boot/dts/qcom/msm8939.dtsi | 2 +-
arch/arm64/boot/dts/qcom/msm8994.dtsi | 11 +-
arch/arm64/boot/dts/qcom/msm8996-xiaomi-gemini.dts | 2 +-
arch/arm64/boot/dts/qcom/msm8996.dtsi | 9 +-
arch/arm64/boot/dts/qcom/qcm6490-shift-otter.dts | 2 -
arch/arm64/boot/dts/qcom/qcs404.dtsi | 2 +-
arch/arm64/boot/dts/qcom/qcs8550-aim300.dtsi | 2 +-
arch/arm64/boot/dts/qcom/qdu1000-idp.dts | 2 +-
arch/arm64/boot/dts/qcom/qrb4210-rb2.dts | 2 +-
arch/arm64/boot/dts/qcom/qru1000-idp.dts | 2 +-
arch/arm64/boot/dts/qcom/sa8775p-ride.dtsi | 2 +-
arch/arm64/boot/dts/qcom/sa8775p.dtsi | 32 +++-
.../arm64/boot/dts/qcom/sc7180-trogdor-pompom.dtsi | 4 +-
.../dts/qcom/sc7180-trogdor-quackingstick.dtsi | 1 +
arch/arm64/boot/dts/qcom/sc7180.dtsi | 18 +--
arch/arm64/boot/dts/qcom/sc7280.dtsi | 2 +-
arch/arm64/boot/dts/qcom/sc8280xp.dtsi | 46 +++---
.../qcom/sdm845-db845c-navigation-mezzanine.dtso | 42 -----
arch/arm64/boot/dts/qcom/sdm845.dtsi | 20 +--
arch/arm64/boot/dts/qcom/sdx75.dtsi | 2 +-
arch/arm64/boot/dts/qcom/sm4450.dtsi | 2 +-
arch/arm64/boot/dts/qcom/sm6125.dtsi | 2 +-
arch/arm64/boot/dts/qcom/sm6375.dtsi | 2 +-
arch/arm64/boot/dts/qcom/sm7225-fairphone-fp4.dts | 2 +-
.../boot/dts/qcom/sm8150-microsoft-surface-duo.dts | 4 +-
arch/arm64/boot/dts/qcom/sm8250.dtsi | 30 ++--
arch/arm64/boot/dts/qcom/sm8350.dtsi | 2 +-
arch/arm64/boot/dts/qcom/sm8450.dtsi | 2 +-
arch/arm64/boot/dts/qcom/sm8550-hdk.dts | 2 +-
arch/arm64/boot/dts/qcom/sm8550-mtp.dts | 2 +-
arch/arm64/boot/dts/qcom/sm8550-qrd.dts | 2 +-
arch/arm64/boot/dts/qcom/sm8550-samsung-q5q.dts | 2 +-
.../dts/qcom/sm8550-sony-xperia-yodo-pdx234.dts | 2 +-
arch/arm64/boot/dts/qcom/sm8650-hdk.dts | 2 +-
arch/arm64/boot/dts/qcom/sm8650-mtp.dts | 2 +-
arch/arm64/boot/dts/qcom/sm8650-qrd.dts | 2 +-
arch/arm64/boot/dts/qcom/sm8650.dtsi | 6 +-
.../boot/dts/qcom/x1e80100-microsoft-romulus.dtsi | 4 +-
arch/arm64/boot/dts/qcom/x1e80100.dtsi | 2 +-
arch/arm64/boot/dts/renesas/rzg3s-smarc-som.dtsi | 5 -
arch/arm64/boot/dts/renesas/rzg3s-smarc.dtsi | 7 +-
arch/arm64/boot/dts/rockchip/rk3308-rock-s0.dts | 25 ++-
.../boot/dts/rockchip/rk3568-wolfvision-pf5.dts | 2 +-
.../boot/dts/rockchip/rk3588-edgeble-neu6a-io.dtsi | 95 +++++++----
arch/arm64/boot/dts/ti/Makefile | 6 +-
arch/arm64/boot/dts/ti/k3-am62-main.dtsi | 1 -
arch/arm64/boot/dts/ti/k3-am62a-main.dtsi | 1 -
...-pcie.dtso => k3-am642-hummingboard-t-pcie.dts} | 14 +-
...-usb3.dtso => k3-am642-hummingboard-t-usb3.dts} | 13 +-
arch/arm64/configs/defconfig | 1 -
arch/hexagon/include/asm/cmpxchg.h | 2 +-
arch/hexagon/kernel/traps.c | 4 +-
arch/loongarch/include/asm/hw_breakpoint.h | 4 +-
arch/loongarch/include/asm/loongarch.h | 60 +++++++
arch/loongarch/kernel/hw_breakpoint.c | 16 +-
arch/loongarch/power/platform.c | 2 +-
arch/powerpc/include/asm/hugetlb.h | 9 ++
arch/powerpc/kernel/iommu.c | 2 +-
arch/powerpc/platforms/pseries/iommu.c | 12 +-
arch/riscv/kernel/vector.c | 2 +-
arch/s390/Kconfig | 1 +
arch/s390/Makefile | 2 +-
arch/s390/boot/vmem.c | 74 ++++++---
arch/s390/include/asm/sclp.h | 1 +
arch/s390/kernel/perf_cpum_cf.c | 2 +-
arch/s390/kernel/perf_pai_crypto.c | 2 +-
arch/s390/kernel/perf_pai_ext.c | 2 +-
arch/s390/kernel/setup.c | 5 +
arch/s390/purgatory/Makefile | 2 +-
arch/x86/events/amd/ibs.c | 2 +-
arch/x86/include/asm/kvm_host.h | 2 +-
arch/x86/kernel/smpboot.c | 11 +-
arch/x86/kvm/lapic.c | 11 +-
arch/x86/kvm/vmx/vmx.c | 2 +-
arch/x86/kvm/vmx/x86_ops.h | 2 +-
block/bio-integrity.c | 15 +-
block/blk-core.c | 21 +--
block/blk-integrity.c | 4 +-
block/blk-mq.c | 34 ++--
block/blk-mq.h | 6 +
block/blk-settings.c | 31 +++-
block/blk-sysfs.c | 137 ++++++++--------
block/blk-zoned.c | 7 +-
block/genhd.c | 22 ++-
block/partitions/ldm.h | 2 +-
crypto/algapi.c | 4 +-
drivers/acpi/acpica/achware.h | 2 -
drivers/acpi/fan_core.c | 10 +-
drivers/base/class.c | 9 +-
drivers/base/power/main.c | 29 ++--
drivers/block/nbd.c | 1 +
drivers/block/ps3disk.c | 4 +-
drivers/block/virtio_blk.c | 4 +-
drivers/bluetooth/btbcm.c | 3 +
drivers/bluetooth/btnxpuart.c | 3 +-
drivers/bluetooth/btrtl.c | 4 +-
drivers/bluetooth/btusb.c | 7 +
drivers/char/ipmi/ipmb_dev_int.c | 3 +
drivers/char/ipmi/ssif_bmc.c | 5 +-
drivers/clk/analogbits/wrpll-cln28hpc.c | 2 +-
drivers/clk/clk.c | 4 +-
drivers/clk/imx/clk-imx8mp.c | 5 +-
drivers/clk/imx/clk-imx93.c | 32 ++--
drivers/clk/mmp/clk-pxa1908-apbc.c | 4 +-
drivers/clk/mmp/clk-pxa1908-apbcp.c | 4 +-
drivers/clk/mmp/clk-pxa1908-mpmu.c | 4 +-
drivers/clk/qcom/camcc-x1e80100.c | 7 +
drivers/clk/qcom/gcc-sdm845.c | 32 ++--
drivers/clk/qcom/gcc-x1e80100.c | 2 +-
drivers/clk/ralink/clk-mtmips.c | 1 -
drivers/clk/renesas/renesas-cpg-mssr.c | 2 +-
drivers/clk/sunxi-ng/ccu-sun50i-a64.c | 13 +-
drivers/clk/thead/clk-th1520-ap.c | 13 +-
drivers/cpufreq/acpi-cpufreq.c | 36 +++--
drivers/cpufreq/amd-pstate.c | 2 +-
drivers/cpufreq/qcom-cpufreq-hw.c | 34 ++--
drivers/crypto/caam/blob_gen.c | 3 +-
drivers/crypto/hisilicon/sec2/sec.h | 3 +-
drivers/crypto/hisilicon/sec2/sec_crypto.c | 157 +++++++++---------
drivers/crypto/hisilicon/sec2/sec_crypto.h | 11 --
drivers/crypto/intel/iaa/iaa_crypto_main.c | 2 +-
drivers/crypto/intel/ixp4xx/ixp4xx_crypto.c | 3 +
drivers/crypto/tegra/tegra-se-aes.c | 7 +-
drivers/crypto/tegra/tegra-se-hash.c | 7 +-
drivers/dma/ti/edma.c | 3 +-
drivers/firewire/device-attribute-test.c | 2 +
drivers/firmware/efi/sysfb_efi.c | 2 +-
drivers/firmware/qcom/qcom_scm.c | 42 +++--
drivers/gpio/gpio-mxc.c | 3 +-
drivers/gpio/gpio-pca953x.c | 3 +-
drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gfx_v9.c | 6 +
drivers/gpu/drm/amd/amdgpu/amdgpu_gfx.c | 8 +-
drivers/gpu/drm/amd/amdgpu/amdgpu_sdma.c | 4 +-
drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 1 +
drivers/gpu/drm/amd/amdgpu/vcn_v4_0_3.c | 2 +
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 12 +-
.../gpu/drm/amd/display/dc/dpp/dcn10/dcn10_dpp.c | 3 +
.../gpu/drm/amd/display/dc/hubp/dcn10/dcn10_hubp.c | 10 +-
.../gpu/drm/amd/display/dc/hubp/dcn10/dcn10_hubp.h | 2 +
.../gpu/drm/amd/display/dc/hubp/dcn20/dcn20_hubp.c | 1 +
.../drm/amd/display/dc/hubp/dcn201/dcn201_hubp.c | 1 +
.../gpu/drm/amd/display/dc/hubp/dcn21/dcn21_hubp.c | 3 +
.../gpu/drm/amd/display/dc/hubp/dcn30/dcn30_hubp.c | 3 +
.../gpu/drm/amd/display/dc/hubp/dcn31/dcn31_hubp.c | 1 +
.../gpu/drm/amd/display/dc/hubp/dcn32/dcn32_hubp.c | 1 +
.../gpu/drm/amd/display/dc/hubp/dcn35/dcn35_hubp.c | 1 +
.../drm/amd/display/dc/hubp/dcn401/dcn401_hubp.c | 3 +-
.../drm/amd/display/dc/hwss/dcn10/dcn10_hwseq.c | 2 +
.../drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c | 2 +
drivers/gpu/drm/amd/display/dc/inc/hw/hubp.h | 2 +
.../gpu/drm/amd/pm/powerplay/hwmgr/ppatomctrl.c | 2 +
.../drm/amd/pm/powerplay/hwmgr/vega10_powertune.c | 5 +-
drivers/gpu/drm/bridge/ite-it6505.c | 2 +-
drivers/gpu/drm/display/drm_hdmi_state_helper.c | 8 +
drivers/gpu/drm/etnaviv/etnaviv_gem.c | 16 +-
drivers/gpu/drm/i915/display/intel_crt.c | 10 +-
drivers/gpu/drm/msm/adreno/a6xx_gmu.c | 8 +-
.../drm/msm/disp/dpu1/catalog/dpu_10_0_sm8650.h | 2 +
.../gpu/drm/msm/disp/dpu1/catalog/dpu_4_1_sdm670.h | 54 ++++++-
.../gpu/drm/msm/disp/dpu1/catalog/dpu_5_0_sm8150.h | 2 +
.../drm/msm/disp/dpu1/catalog/dpu_5_1_sc8180x.h | 2 +
.../gpu/drm/msm/disp/dpu1/catalog/dpu_6_0_sm8250.h | 2 +
.../gpu/drm/msm/disp/dpu1/catalog/dpu_7_0_sm8350.h | 2 +
.../gpu/drm/msm/disp/dpu1/catalog/dpu_9_0_sm8550.h | 2 +
.../drm/msm/disp/dpu1/catalog/dpu_9_2_x1e80100.h | 2 +
drivers/gpu/drm/msm/disp/dpu1/dpu_plane.c | 15 +-
drivers/gpu/drm/msm/disp/mdp4/mdp4_lcdc_encoder.c | 2 +-
drivers/gpu/drm/msm/dp/dp_audio.c | 2 +-
drivers/gpu/drm/msm/dp/dp_catalog.c | 1 -
drivers/gpu/drm/msm/dp/dp_ctrl.c | 2 +-
drivers/gpu/drm/msm/dp/dp_utils.c | 10 +-
drivers/gpu/drm/msm/dp/dp_utils.h | 2 +-
drivers/gpu/drm/msm/hdmi/hdmi_phy_8998.c | 2 +-
drivers/gpu/drm/msm/msm_kms.c | 1 -
drivers/gpu/drm/panthor/panthor_device.c | 4 +-
drivers/gpu/drm/rockchip/rockchip_drm_vop2.c | 115 ++++++++++---
drivers/gpu/drm/rockchip/rockchip_drm_vop2.h | 10 ++
drivers/gpu/drm/rockchip/rockchip_vop2_reg.c | 26 ++-
drivers/gpu/drm/v3d/v3d_debugfs.c | 4 +-
drivers/gpu/drm/v3d/v3d_perfmon.c | 15 +-
drivers/gpu/drm/v3d/v3d_regs.h | 29 ++--
drivers/hid/hid-core.c | 2 +
drivers/hid/hid-input.c | 37 ++---
drivers/hid/hid-multitouch.c | 2 +-
drivers/hid/hid-thrustmaster.c | 8 +
drivers/hwmon/Kconfig | 4 +-
drivers/hwmon/nct6775-core.c | 6 +-
drivers/i2c/busses/i2c-designware-common.c | 5 +-
drivers/i2c/busses/i2c-designware-master.c | 5 +-
drivers/i2c/busses/i2c-designware-slave.c | 5 +-
drivers/i3c/master/dw-i3c-master.c | 1 +
drivers/infiniband/hw/Makefile | 2 +-
drivers/infiniband/hw/bnxt_re/ib_verbs.c | 7 +-
drivers/infiniband/hw/cxgb4/device.c | 6 +-
drivers/infiniband/hw/cxgb4/qp.c | 8 +
drivers/infiniband/hw/hns/Kconfig | 20 +--
drivers/infiniband/hw/hns/Makefile | 9 +-
drivers/infiniband/hw/mlx4/main.c | 8 +-
drivers/infiniband/hw/mlx5/odp.c | 62 +++++---
drivers/infiniband/sw/rxe/rxe_param.h | 2 +-
drivers/infiniband/sw/rxe/rxe_pool.c | 11 +-
drivers/infiniband/sw/rxe/rxe_verbs.c | 5 +-
drivers/infiniband/ulp/rtrs/rtrs.c | 3 +
drivers/infiniband/ulp/srp/ib_srp.c | 1 -
drivers/iommu/amd/amd_iommu.h | 5 +-
drivers/iommu/amd/init.c | 14 +-
drivers/iommu/amd/iommu.c | 132 +++++----------
drivers/iommu/amd/pasid.c | 3 +-
drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 17 +-
drivers/iommu/intel/pasid.c | 22 ++-
drivers/iommu/intel/pasid.h | 6 +
drivers/iommu/iommufd/iova_bitmap.c | 2 +-
drivers/iommu/iommufd/main.c | 2 +-
drivers/iommu/riscv/iommu.c | 2 +-
drivers/leds/leds-cht-wcove.c | 6 +-
drivers/leds/leds-netxbig.c | 1 +
drivers/mailbox/mailbox-mpfs.c | 2 +-
drivers/mailbox/mailbox-th1520.c | 6 +-
drivers/md/md-bitmap.c | 79 +++++----
drivers/md/md-bitmap.h | 7 +-
drivers/md/md.c | 34 ++++
drivers/md/md.h | 5 +
drivers/md/raid1.c | 34 +---
drivers/md/raid1.h | 1 -
drivers/md/raid10.c | 26 +--
drivers/md/raid10.h | 1 -
drivers/md/raid5-cache.c | 4 -
drivers/md/raid5.c | 111 ++++++-------
drivers/md/raid5.h | 4 -
drivers/media/i2c/imx290.c | 3 +-
drivers/media/i2c/imx412.c | 42 ++---
drivers/media/i2c/ov9282.c | 2 +-
drivers/media/platform/marvell/mcam-core.c | 7 +-
drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c | 7 +-
.../media/platform/nxp/imx8-isi/imx8-isi-video.c | 3 +
.../media/platform/samsung/exynos4-is/mipi-csis.c | 10 +-
.../media/platform/samsung/s3c-camif/camif-core.c | 13 +-
drivers/media/rc/iguanair.c | 4 +-
drivers/media/usb/dvb-usb-v2/af9035.c | 18 ++-
drivers/media/usb/dvb-usb-v2/lmedm04.c | 12 +-
drivers/media/usb/uvc/uvc_queue.c | 3 +-
drivers/media/usb/uvc/uvc_status.c | 4 +
drivers/memory/tegra/tegra20-emc.c | 8 +-
drivers/mfd/syscon.c | 19 +--
drivers/misc/cardreader/rtsx_usb.c | 15 ++
drivers/mtd/hyperbus/hbmc-am654.c | 19 ++-
drivers/mtd/nand/raw/brcmnand/brcmnand.c | 5 +
drivers/mtd/ubi/ubi.h | 2 -
drivers/mtd/ubi/wl.c | 21 ---
drivers/net/bonding/bond_main.c | 19 +--
drivers/net/ethernet/broadcom/bgmac.h | 3 +-
drivers/net/ethernet/davicom/dm9000.c | 3 +-
drivers/net/ethernet/freescale/fec_main.c | 31 +++-
drivers/net/ethernet/hisilicon/hns3/hnae3.c | 15 ++
drivers/net/ethernet/hisilicon/hns3/hnae3.h | 2 +
drivers/net/ethernet/hisilicon/hns3/hns3_enet.c | 2 +
.../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 2 +
.../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 2 +
drivers/net/ethernet/intel/iavf/iavf_main.c | 19 ++-
drivers/net/ethernet/intel/ice/ice_adminq_cmd.h | 1 -
drivers/net/ethernet/intel/ice/ice_ethtool.c | 1 -
drivers/net/ethernet/intel/ice/ice_ethtool.h | 1 -
drivers/net/ethernet/intel/ice/ice_parser.h | 6 +-
drivers/net/ethernet/intel/ice/ice_parser_rt.c | 12 +-
drivers/net/ethernet/intel/idpf/idpf_controlq.c | 6 +
drivers/net/ethernet/intel/idpf/idpf_main.c | 15 +-
drivers/net/ethernet/intel/idpf/idpf_virtchnl.c | 14 +-
.../net/ethernet/marvell/octeon_ep/octep_main.c | 10 --
.../ethernet/marvell/octeon_ep_vf/octep_vf_main.c | 8 -
drivers/net/ethernet/mediatek/airoha_eth.c | 37 +++--
drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 2 +-
.../mellanox/mlx5/core/steering/hws/definer.c | 2 +-
drivers/net/ethernet/mellanox/mlxfw/mlxfw_fsm.c | 2 -
drivers/net/ethernet/mellanox/mlxsw/spectrum_mr.c | 8 +-
drivers/net/ethernet/renesas/ravb_main.c | 22 ++-
drivers/net/ethernet/renesas/sh_eth.c | 4 +
drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 30 ++++
drivers/net/ethernet/ti/am65-cpsw-nuss.c | 2 +-
drivers/net/netdevsim/netdevsim.h | 1 +
drivers/net/netdevsim/udp_tunnels.c | 23 +--
drivers/net/phy/marvell-88q2xxx.c | 33 +++-
drivers/net/phy/realtek.c | 29 ++--
drivers/net/tap.c | 6 +-
drivers/net/team/team_core.c | 7 +
drivers/net/tun.c | 6 +-
drivers/net/usb/rtl8150.c | 22 +++
drivers/net/vxlan/vxlan_vnifilter.c | 5 +
drivers/net/wireless/ath/ath11k/dp_rx.c | 1 +
drivers/net/wireless/ath/ath11k/hal_rx.c | 3 +-
drivers/net/wireless/ath/ath12k/mac.c | 42 ++---
drivers/net/wireless/ath/wcn36xx/main.c | 5 +-
.../wireless/broadcom/brcm80211/brcmfmac/fwil.h | 2 +
drivers/net/wireless/intel/iwlwifi/fw/uefi.c | 44 +++--
drivers/net/wireless/intel/iwlwifi/mvm/coex.c | 9 +-
drivers/net/wireless/intel/iwlwifi/mvm/d3.c | 18 ---
drivers/net/wireless/intel/iwlwifi/mvm/tx.c | 4 +-
drivers/net/wireless/mediatek/mt76/mac80211.c | 2 +-
drivers/net/wireless/mediatek/mt76/mt7615/mcu.c | 2 +-
.../net/wireless/mediatek/mt76/mt76_connac_mcu.c | 2 +-
.../net/wireless/mediatek/mt76/mt76_connac_mcu.h | 1 +
drivers/net/wireless/mediatek/mt76/mt7915/init.c | 2 +-
drivers/net/wireless/mediatek/mt76/mt7915/mac.c | 7 +
drivers/net/wireless/mediatek/mt76/mt7915/main.c | 9 +-
drivers/net/wireless/mediatek/mt76/mt7915/mmio.c | 2 +-
drivers/net/wireless/mediatek/mt76/mt7915/mt7915.h | 1 +
drivers/net/wireless/mediatek/mt76/mt7915/pci.c | 1 +
drivers/net/wireless/mediatek/mt76/mt7921/mac.c | 1 +
drivers/net/wireless/mediatek/mt76/mt7921/main.c | 9 +-
drivers/net/wireless/mediatek/mt76/mt7925/mac.c | 6 +-
drivers/net/wireless/mediatek/mt76/mt7925/main.c | 109 +++++++++----
drivers/net/wireless/mediatek/mt76/mt7925/mcu.c | 142 +++++++++++------
drivers/net/wireless/mediatek/mt76/mt7925/mcu.h | 5 +-
drivers/net/wireless/mediatek/mt76/mt7925/mt7925.h | 2 +
drivers/net/wireless/mediatek/mt76/mt792x.h | 7 +-
drivers/net/wireless/mediatek/mt76/mt792x_core.c | 3 +-
drivers/net/wireless/mediatek/mt76/mt792x_mac.c | 2 +-
drivers/net/wireless/mediatek/mt76/mt7996/init.c | 20 +--
drivers/net/wireless/mediatek/mt76/mt7996/mac.c | 5 +-
drivers/net/wireless/mediatek/mt76/mt7996/main.c | 3 +-
drivers/net/wireless/mediatek/mt76/mt7996/mcu.c | 47 ++++--
drivers/net/wireless/mediatek/mt76/mt7996/mmio.c | 2 +-
drivers/net/wireless/mediatek/mt76/usb.c | 4 +-
drivers/net/wireless/microchip/wilc1000/netdev.c | 2 -
drivers/net/wireless/microchip/wilc1000/sdio.c | 9 +-
drivers/net/wireless/microchip/wilc1000/spi.c | 9 +-
drivers/net/wireless/realtek/rtlwifi/base.c | 13 +-
drivers/net/wireless/realtek/rtlwifi/base.h | 1 -
drivers/net/wireless/realtek/rtlwifi/pci.c | 61 ++-----
.../net/wireless/realtek/rtlwifi/rtl8192se/sw.c | 7 +-
.../net/wireless/realtek/rtlwifi/rtl8821ae/phy.c | 4 +-
drivers/net/wireless/realtek/rtlwifi/usb.c | 12 +-
drivers/net/wireless/realtek/rtlwifi/wifi.h | 12 --
drivers/net/wireless/realtek/rtw89/chan.c | 31 +++-
drivers/net/wireless/realtek/rtw89/chan.h | 9 +-
drivers/net/wireless/realtek/rtw89/core.c | 11 +-
drivers/net/wireless/realtek/rtw89/core.h | 3 +
drivers/net/wireless/realtek/rtw89/fw.c | 40 ++++-
drivers/net/wireless/realtek/rtw89/mac80211.c | 12 +-
drivers/net/wireless/ti/wlcore/main.c | 10 +-
drivers/nvme/host/core.c | 34 +++-
drivers/nvme/host/tcp.c | 70 ++++++--
drivers/of/fdt.c | 10 +-
drivers/of/of_reserved_mem.c | 3 +-
drivers/of/property.c | 2 +-
drivers/opp/core.c | 57 +++++--
drivers/opp/of.c | 4 +-
drivers/pci/controller/dwc/pci-imx6.c | 30 ++--
drivers/pci/controller/dwc/pcie-designware-host.c | 1 +
drivers/pci/controller/dwc/pcie-qcom.c | 2 +
drivers/pci/controller/pcie-rcar-ep.c | 2 +-
drivers/pci/controller/pcie-rockchip-ep.c | 5 +
drivers/pci/controller/plda/pcie-microchip-host.c | 96 +++++++++++
drivers/pci/controller/plda/pcie-plda-host.c | 17 +-
drivers/pci/controller/plda/pcie-plda.h | 6 +-
drivers/pci/endpoint/functions/pci-epf-test.c | 6 +-
drivers/pci/endpoint/pci-epc-core.c | 2 +-
drivers/pci/pcie/aspm.c | 35 +++-
drivers/phy/freescale/phy-fsl-samsung-hdmi.c | 30 ++--
drivers/pinctrl/nomadik/pinctrl-nomadik.c | 35 +++-
drivers/pinctrl/pinctrl-amd.c | 27 +++-
drivers/pinctrl/pinctrl-amd.h | 7 +-
drivers/pinctrl/samsung/pinctrl-exynos.c | 3 +-
drivers/pinctrl/stm32/pinctrl-stm32.c | 76 ++++-----
drivers/platform/mellanox/mlxbf-pmc.c | 6 +-
drivers/platform/x86/x86-android-tablets/core.c | 4 +-
drivers/platform/x86/x86-android-tablets/lenovo.c | 4 +-
drivers/platform/x86/x86-android-tablets/other.c | 4 +-
drivers/pps/clients/pps-gpio.c | 4 +-
drivers/pps/clients/pps-ktimer.c | 4 +-
drivers/pps/clients/pps-ldisc.c | 6 +-
drivers/pps/clients/pps_parport.c | 4 +-
drivers/pps/kapi.c | 10 +-
drivers/pps/kc.c | 10 +-
drivers/pps/pps.c | 127 ++++++++-------
drivers/ptp/ptp_chardev.c | 4 +
drivers/ptp/ptp_ocp.c | 2 +-
drivers/pwm/core.c | 13 +-
drivers/pwm/pwm-stm32-lp.c | 8 +-
drivers/pwm/pwm-stm32.c | 7 +-
drivers/regulator/core.c | 2 +-
drivers/regulator/of_regulator.c | 14 +-
drivers/remoteproc/mtk_scp.c | 12 +-
drivers/remoteproc/remoteproc_core.c | 14 +-
drivers/rtc/rtc-loongson.c | 13 +-
drivers/rtc/rtc-pcf85063.c | 11 +-
drivers/rtc/rtc-tps6594.c | 2 +-
drivers/s390/char/sclp.c | 12 +-
drivers/scsi/mpi3mr/mpi3mr_app.c | 8 +-
drivers/scsi/mpt3sas/mpt3sas_base.c | 3 +-
drivers/scsi/sd.c | 17 +-
drivers/scsi/sr.c | 5 +-
drivers/soc/atmel/soc.c | 2 +-
drivers/spi/spi-omap2-mcspi.c | 11 +-
drivers/spi/spi-zynq-qspi.c | 13 +-
drivers/staging/media/imx/imx-media-of.c | 8 +-
drivers/staging/media/max96712/max96712.c | 4 +-
drivers/tty/mips_ejtag_fdc.c | 4 +-
drivers/tty/serial/8250/8250_port.c | 32 +++-
drivers/ufs/core/ufs_bsg.c | 1 +
drivers/usb/dwc3/core.c | 35 ++--
drivers/usb/dwc3/dwc3-am62.c | 1 +
drivers/usb/gadget/function/f_tcm.c | 14 +-
drivers/usb/host/xhci-ring.c | 3 +-
drivers/usb/typec/tcpm/tcpci.c | 13 +-
drivers/usb/typec/tcpm/tcpm.c | 10 +-
drivers/video/fbdev/omap2/omapfb/dss/dss-of.c | 1 +
drivers/watchdog/rti_wdt.c | 1 +
fs/afs/dir.c | 7 +-
fs/afs/internal.h | 9 ++
fs/afs/rxrpc.c | 12 +-
fs/afs/xdr_fs.h | 2 +-
fs/afs/yfsclient.c | 5 +-
fs/btrfs/inode.c | 160 ++++++++++++++-----
fs/btrfs/qgroup.c | 21 ++-
fs/btrfs/subpage.c | 6 +-
fs/btrfs/subpage.h | 13 ++
fs/btrfs/super.c | 2 +-
fs/dlm/lock.c | 46 ++++--
fs/dlm/lowcomms.c | 3 +-
fs/erofs/zdata.c | 3 +-
fs/f2fs/dir.c | 53 ++++--
fs/f2fs/f2fs.h | 6 +-
fs/f2fs/inline.c | 5 +-
fs/file_table.c | 2 +-
fs/hostfs/hostfs_kern.c | 27 +---
fs/nfs/localio.c | 4 +-
fs/nfs/nfs42proc.c | 2 +-
fs/nfs/nfs42xdr.c | 2 +
fs/nfs_common/common.c | 89 +++++++++--
fs/nilfs2/dir.c | 13 +-
fs/nilfs2/namei.c | 29 ++--
fs/nilfs2/nilfs.h | 4 +-
fs/nilfs2/page.c | 31 +++-
fs/nilfs2/segment.c | 4 +-
fs/ocfs2/quota_global.c | 5 +
fs/pstore/blk.c | 4 +-
fs/select.c | 4 +-
fs/smb/client/cifsacl.c | 25 +--
fs/smb/client/cifsproto.h | 2 +-
fs/smb/client/cifssmb.c | 4 +-
fs/smb/client/readdir.c | 2 +-
fs/smb/client/reparse.c | 22 ++-
fs/smb/client/smb2ops.c | 3 +-
fs/ubifs/debug.c | 22 +--
fs/xfs/xfs_buf.c | 3 +-
fs/xfs/xfs_buf_item_recover.c | 11 +-
fs/xfs/xfs_dquot.c | 12 +-
fs/xfs/xfs_notify_failure.c | 121 +++++++++-----
fs/xfs/xfs_qm_bhv.c | 27 ++--
include/acpi/acpixf.h | 1 +
include/dt-bindings/clock/imx93-clock.h | 1 +
include/linux/alloc_tag.h | 11 +-
include/linux/blkdev.h | 23 +--
include/linux/btf.h | 5 +
include/linux/coredump.h | 4 +-
include/linux/hid.h | 1 +
include/linux/ieee80211.h | 11 +-
include/linux/kallsyms.h | 2 +-
include/linux/mroute_base.h | 6 +-
include/linux/netdevice.h | 2 +-
include/linux/nfs_common.h | 3 +-
include/linux/perf_event.h | 6 +
include/linux/pm.h | 1 +
include/linux/pps_kernel.h | 3 +-
include/linux/ptr_ring.h | 21 ++-
include/linux/pwm.h | 17 ++
include/linux/sched.h | 1 +
include/linux/skb_array.h | 17 +-
include/linux/usb/tcpm.h | 3 +-
include/net/ax25.h | 10 +-
include/net/inetpeer.h | 12 +-
include/net/netfilter/nf_tables.h | 6 +
include/net/page_pool/types.h | 1 -
include/net/pkt_cls.h | 13 +-
include/net/sch_generic.h | 5 +-
include/net/xfrm.h | 16 +-
include/sound/hdaudio_ext.h | 45 ------
include/trace/events/afs.h | 2 +
include/trace/events/rxrpc.h | 25 +++
io_uring/io_uring.c | 1 +
io_uring/msg_ring.c | 4 +-
io_uring/register.c | 2 +-
io_uring/uring_cmd.c | 2 +-
kernel/bpf/arena.c | 8 +-
kernel/bpf/bpf_local_storage.c | 8 +-
kernel/bpf/bpf_struct_ops.c | 21 +++
kernel/bpf/btf.c | 5 -
kernel/bpf/helpers.c | 18 ++-
kernel/events/core.c | 35 ++--
kernel/events/uprobes.c | 4 +
kernel/fork.c | 17 +-
kernel/irq/internals.h | 9 +-
kernel/module/main.c | 7 +-
kernel/padata.c | 45 ++++--
kernel/power/hibernate.c | 7 +-
kernel/printk/internal.h | 6 +
kernel/printk/printk.c | 5 +
kernel/printk/printk_safe.c | 7 +-
kernel/sched/core.c | 6 +-
kernel/sched/cpufreq_schedutil.c | 4 +-
kernel/sched/ext.c | 114 +++++++++----
kernel/sched/fair.c | 21 ++-
kernel/sched/features.h | 9 ++
kernel/sched/stats.h | 4 +
kernel/sched/syscalls.c | 2 +-
kernel/trace/bpf_trace.c | 13 +-
lib/alloc_tag.c | 2 +
lib/rhashtable.c | 12 +-
mm/memcontrol.c | 7 +-
mm/oom_kill.c | 8 +-
net/ax25/af_ax25.c | 12 +-
net/ax25/ax25_dev.c | 4 +-
net/ax25/ax25_ip.c | 3 +-
net/ax25/ax25_out.c | 22 ++-
net/ax25/ax25_route.c | 2 +
net/core/dev.c | 23 ++-
net/core/filter.c | 2 +-
net/core/page_pool.c | 2 +
net/core/page_pool_priv.h | 2 +
net/core/page_pool_user.c | 15 +-
net/core/sysctl_net_core.c | 5 +-
net/ethtool/ioctl.c | 2 +-
net/ethtool/netlink.c | 2 +-
net/hsr/hsr_forward.c | 7 +-
net/ipv4/icmp.c | 9 +-
net/ipv4/inetpeer.c | 31 +---
net/ipv4/ip_fragment.c | 15 +-
net/ipv4/ipmr.c | 28 ++--
net/ipv4/ipmr_base.c | 9 +-
net/ipv4/route.c | 17 +-
net/ipv4/tcp_cubic.c | 8 +-
net/ipv4/tcp_output.c | 9 +-
net/ipv4/udp.c | 56 +++++++
net/ipv6/icmp.c | 6 +-
net/ipv6/ip6_output.c | 6 +-
net/ipv6/ip6mr.c | 28 ++--
net/ipv6/ndisc.c | 8 +-
net/ipv6/udp.c | 50 ++++++
net/mac80211/debugfs_netdev.c | 2 +-
net/mac80211/driver-ops.h | 3 +
net/mac80211/rx.c | 1 +
net/mptcp/ctrl.c | 4 +-
net/mptcp/options.c | 13 +-
net/mptcp/pm_netlink.c | 3 +-
net/mptcp/protocol.c | 4 +-
net/mptcp/protocol.h | 30 ++--
net/ncsi/ncsi-rsp.c | 18 +--
net/netfilter/nf_tables_api.c | 57 ++++++-
net/netfilter/nft_flow_offload.c | 16 +-
net/netfilter/nft_set_rbtree.c | 43 +++++
net/rose/af_rose.c | 16 +-
net/rose/rose_timer.c | 15 ++
net/rxrpc/conn_event.c | 12 +-
net/rxrpc/peer_event.c | 16 +-
net/rxrpc/peer_object.c | 12 +-
net/sched/cls_api.c | 57 +++----
net/sched/cls_bpf.c | 2 +
net/sched/cls_flower.c | 2 +
net/sched/cls_matchall.c | 2 +
net/sched/cls_u32.c | 4 +
net/sched/sch_api.c | 4 +
net/sched/sch_generic.c | 4 +-
net/sched/sch_sfq.c | 4 +
net/smc/af_smc.c | 2 +-
net/smc/smc_rx.c | 37 +++--
net/smc/smc_rx.h | 8 +-
net/sunrpc/svcsock.c | 12 +-
net/vmw_vsock/af_vsock.c | 13 +-
net/wireless/scan.c | 7 +-
net/wireless/tests/scan.c | 2 +
net/xfrm/xfrm_replay.c | 10 +-
net/xfrm/xfrm_state.c | 93 ++++++++---
samples/landlock/sandboxer.c | 7 +
scripts/Makefile.build | 2 +
scripts/Makefile.lib | 10 +-
scripts/Makefile.modinst | 2 +-
scripts/genksyms/genksyms.c | 11 +-
scripts/genksyms/genksyms.h | 2 +-
scripts/genksyms/parse.y | 18 ++-
scripts/kconfig/confdata.c | 6 +-
scripts/kconfig/symbol.c | 1 +
security/landlock/fs.c | 11 +-
sound/core/seq/Kconfig | 4 +-
sound/pci/hda/patch_realtek.c | 1 +
sound/soc/amd/acp/acp-i2s.c | 1 +
sound/soc/codecs/Makefile | 8 +-
sound/soc/codecs/da7213.c | 2 +
sound/soc/intel/avs/apl.c | 3 +-
sound/soc/intel/avs/cnl.c | 1 +
sound/soc/intel/avs/core.c | 14 +-
sound/soc/intel/avs/loader.c | 2 +-
sound/soc/intel/avs/registers.h | 45 ++++++
sound/soc/intel/avs/skl.c | 1 +
sound/soc/intel/avs/topology.c | 4 +-
sound/soc/intel/boards/sof_sdw.c | 47 ++++--
sound/soc/mediatek/mt8365/Makefile | 2 +-
sound/soc/renesas/rz-ssi.c | 3 +-
sound/soc/rockchip/rockchip_i2s_tdm.c | 31 +++-
sound/soc/sdca/Makefile | 2 +-
sound/soc/sunxi/sun4i-spdif.c | 7 +
sound/usb/quirks.c | 2 +
tools/bootconfig/main.c | 4 +-
tools/build/Makefile.feature | 7 -
tools/build/feature/test-all.c | 5 -
tools/include/uapi/linux/if_xdp.h | 4 +-
tools/lib/bpf/btf.c | 1 +
tools/lib/bpf/btf_relocate.c | 2 +-
tools/lib/bpf/linker.c | 22 +--
tools/lib/bpf/usdt.c | 2 +-
tools/net/ynl/lib/ynl.c | 2 +-
tools/perf/MANIFEST | 1 +
tools/perf/Makefile.config | 83 ++++++----
tools/perf/builtin-inject.c | 8 +-
tools/perf/builtin-lock.c | 66 +++++---
tools/perf/builtin-report.c | 2 +-
tools/perf/builtin-top.c | 2 +-
tools/perf/builtin-trace.c | 6 +-
.../perf/tests/shell/lib/perf_json_output_lint.py | 14 +-
tools/perf/tests/shell/stat.sh | 6 +-
tools/perf/tests/shell/trace_btf_enum.sh | 8 +-
tools/perf/util/annotate.c | 76 ++++++++-
tools/perf/util/annotate.h | 15 +-
tools/perf/util/bpf-event.c | 10 +-
.../util/bpf_skel/augmented_raw_syscalls.bpf.c | 11 +-
tools/perf/util/disasm.c | 83 ++--------
tools/perf/util/env.c | 13 +-
tools/perf/util/env.h | 4 +-
tools/perf/util/expr.c | 5 +-
tools/perf/util/header.c | 8 +-
tools/perf/util/machine.c | 2 +-
tools/perf/util/maps.c | 7 +-
tools/perf/util/namespaces.c | 7 +-
tools/perf/util/namespaces.h | 3 +-
tools/perf/util/stat-display.c | 177 +++++++++++----------
tools/perf/util/symbol.c | 9 +-
.../cpupower/utils/idle_monitor/mperf_monitor.c | 15 +-
tools/power/x86/turbostat/turbostat.c | 58 ++++++-
tools/testing/ktest/ktest.pl | 7 +-
tools/testing/selftests/bpf/Makefile | 4 +-
.../testing/selftests/bpf/prog_tests/btf_distill.c | 4 +-
.../selftests/bpf/prog_tests/fill_link_info.c | 4 +
.../selftests/bpf/progs/test_fill_link_info.c | 13 +-
tools/testing/selftests/bpf/test_tc_tunnel.sh | 1 +
tools/testing/selftests/bpf/veristat.c | 1 +
tools/testing/selftests/bpf/xdp_hw_metadata.c | 2 +-
.../drivers/net/netdevsim/udp_tunnel_nic.sh | 16 +-
.../ftrace/test.d/00basic/mount_options.tc | 8 +-
tools/testing/selftests/kselftest/ktap_helpers.sh | 2 +-
tools/testing/selftests/kselftest_harness.h | 24 +--
tools/testing/selftests/landlock/Makefile | 4 +-
tools/testing/selftests/landlock/fs_test.c | 3 +-
tools/testing/selftests/mm/Makefile | 9 +-
tools/testing/selftests/net/lib/Makefile | 2 +-
tools/testing/selftests/net/mptcp/Makefile | 2 +-
tools/testing/selftests/net/openvswitch/Makefile | 2 +-
.../selftests/powerpc/benchmarks/gettimeofday.c | 2 +-
tools/testing/selftests/rseq/rseq.c | 32 +++-
tools/testing/selftests/rseq/rseq.h | 9 +-
.../testing/selftests/timers/clocksource-switch.c | 6 +-
703 files changed, 5738 insertions(+), 3278 deletions(-)
2 months, 3 weeks
- 16
- 642
Re: Patch "hostfs: convert hostfs to use the new mount API" has been added to the 6.6-stable tree
by Hongbo Li
On 2025/2/4 0:27, Sasha Levin wrote:
> This is a note to let you know that I've just added the patch titled
>
> hostfs: convert hostfs to use the new mount API
>
> to the 6.6-stable tree which can be found at:
> http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum…
>
Hi Sasha,
If this, the fix : ef9ca17ca458 ("hostfs: fix the host directory parse
when mounting.") also should be added. It fixes the mounting bug when
pass the host directory.
Thanks,
Hongbo
> The filename of the patch is:
> hostfs-convert-hostfs-to-use-the-new-mount-api.patch
> and it can be found in the queue-6.6 subdirectory.
>
> If you, or anyone else, feels it should not be added to the stable tree,
> please let <stable(a)vger.kernel.org> know about it.
>
>
>
> commit 6f2433956e6ade80d59bd673d4062ec2c1bacc3e
> Author: Hongbo Li <lihongbo22(a)huawei.com>
> Date: Thu May 30 20:01:11 2024 +0800
>
> hostfs: convert hostfs to use the new mount API
>
> [ Upstream commit cd140ce9f611a5e9d2a5989a282b75e55c71dab3 ]
>
> Convert the hostfs filesystem to the new internal mount API as the old
> one will be obsoleted and removed. This allows greater flexibility in
> communication of mount parameters between userspace, the VFS and the
> filesystem.
>
> See Documentation/filesystems/mount_api.txt for more information.
>
> Signed-off-by: Hongbo Li <lihongbo22(a)huawei.com>
> Link: https://lore.kernel.org/r/20240530120111.3794664-1-lihongbo22@huawei.com
> Signed-off-by: Christian Brauner <brauner(a)kernel.org>
> Stable-dep-of: 60a600243244 ("hostfs: fix string handling in __dentry_name()")
> Signed-off-by: Sasha Levin <sashal(a)kernel.org>
>
> diff --git a/fs/hostfs/hostfs_kern.c b/fs/hostfs/hostfs_kern.c
> index ff201753fd181..1fb8eacb9817f 100644
> --- a/fs/hostfs/hostfs_kern.c
> +++ b/fs/hostfs/hostfs_kern.c
> @@ -16,11 +16,16 @@
> #include <linux/seq_file.h>
> #include <linux/writeback.h>
> #include <linux/mount.h>
> +#include <linux/fs_context.h>
> #include <linux/namei.h>
> #include "hostfs.h"
> #include <init.h>
> #include <kern.h>
>
> +struct hostfs_fs_info {
> + char *host_root_path;
> +};
> +
> struct hostfs_inode_info {
> int fd;
> fmode_t mode;
> @@ -90,8 +95,10 @@ static char *__dentry_name(struct dentry *dentry, char *name)
> char *p = dentry_path_raw(dentry, name, PATH_MAX);
> char *root;
> size_t len;
> + struct hostfs_fs_info *fsi;
>
> - root = dentry->d_sb->s_fs_info;
> + fsi = dentry->d_sb->s_fs_info;
> + root = fsi->host_root_path;
> len = strlen(root);
> if (IS_ERR(p)) {
> __putname(name);
> @@ -196,8 +203,10 @@ static int hostfs_statfs(struct dentry *dentry, struct kstatfs *sf)
> long long f_bavail;
> long long f_files;
> long long f_ffree;
> + struct hostfs_fs_info *fsi;
>
> - err = do_statfs(dentry->d_sb->s_fs_info,
> + fsi = dentry->d_sb->s_fs_info;
> + err = do_statfs(fsi->host_root_path,
> &sf->f_bsize, &f_blocks, &f_bfree, &f_bavail, &f_files,
> &f_ffree, &sf->f_fsid, sizeof(sf->f_fsid),
> &sf->f_namelen);
> @@ -245,7 +254,11 @@ static void hostfs_free_inode(struct inode *inode)
>
> static int hostfs_show_options(struct seq_file *seq, struct dentry *root)
> {
> - const char *root_path = root->d_sb->s_fs_info;
> + struct hostfs_fs_info *fsi;
> + const char *root_path;
> +
> + fsi = root->d_sb->s_fs_info;
> + root_path = fsi->host_root_path;
> size_t offset = strlen(root_ino) + 1;
>
> if (strlen(root_path) > offset)
> @@ -924,10 +937,11 @@ static const struct inode_operations hostfs_link_iops = {
> .get_link = hostfs_get_link,
> };
>
> -static int hostfs_fill_sb_common(struct super_block *sb, void *d, int silent)
> +static int hostfs_fill_super(struct super_block *sb, struct fs_context *fc)
> {
> + struct hostfs_fs_info *fsi = sb->s_fs_info;
> struct inode *root_inode;
> - char *host_root_path, *req_root = d;
> + char *host_root = fc->source;
> int err;
>
> sb->s_blocksize = 1024;
> @@ -941,15 +955,15 @@ static int hostfs_fill_sb_common(struct super_block *sb, void *d, int silent)
> return err;
>
> /* NULL is printed as '(null)' by printf(): avoid that. */
> - if (req_root == NULL)
> - req_root = "";
> + if (fc->source == NULL)
> + host_root = "";
>
> - sb->s_fs_info = host_root_path =
> - kasprintf(GFP_KERNEL, "%s/%s", root_ino, req_root);
> - if (host_root_path == NULL)
> + fsi->host_root_path =
> + kasprintf(GFP_KERNEL, "%s/%s", root_ino, host_root);
> + if (fsi->host_root_path == NULL)
> return -ENOMEM;
>
> - root_inode = hostfs_iget(sb, host_root_path);
> + root_inode = hostfs_iget(sb, fsi->host_root_path);
> if (IS_ERR(root_inode))
> return PTR_ERR(root_inode);
>
> @@ -957,7 +971,7 @@ static int hostfs_fill_sb_common(struct super_block *sb, void *d, int silent)
> char *name;
>
> iput(root_inode);
> - name = follow_link(host_root_path);
> + name = follow_link(fsi->host_root_path);
> if (IS_ERR(name))
> return PTR_ERR(name);
>
> @@ -974,11 +988,38 @@ static int hostfs_fill_sb_common(struct super_block *sb, void *d, int silent)
> return 0;
> }
>
> -static struct dentry *hostfs_read_sb(struct file_system_type *type,
> - int flags, const char *dev_name,
> - void *data)
> +static int hostfs_fc_get_tree(struct fs_context *fc)
> {
> - return mount_nodev(type, flags, data, hostfs_fill_sb_common);
> + return get_tree_nodev(fc, hostfs_fill_super);
> +}
> +
> +static void hostfs_fc_free(struct fs_context *fc)
> +{
> + struct hostfs_fs_info *fsi = fc->s_fs_info;
> +
> + if (!fsi)
> + return;
> +
> + kfree(fsi->host_root_path);
> + kfree(fsi);
> +}
> +
> +static const struct fs_context_operations hostfs_context_ops = {
> + .get_tree = hostfs_fc_get_tree,
> + .free = hostfs_fc_free,
> +};
> +
> +static int hostfs_init_fs_context(struct fs_context *fc)
> +{
> + struct hostfs_fs_info *fsi;
> +
> + fsi = kzalloc(sizeof(*fsi), GFP_KERNEL);
> + if (!fsi)
> + return -ENOMEM;
> +
> + fc->s_fs_info = fsi;
> + fc->ops = &hostfs_context_ops;
> + return 0;
> }
>
> static void hostfs_kill_sb(struct super_block *s)
> @@ -988,11 +1029,11 @@ static void hostfs_kill_sb(struct super_block *s)
> }
>
> static struct file_system_type hostfs_type = {
> - .owner = THIS_MODULE,
> - .name = "hostfs",
> - .mount = hostfs_read_sb,
> - .kill_sb = hostfs_kill_sb,
> - .fs_flags = 0,
> + .owner = THIS_MODULE,
> + .name = "hostfs",
> + .init_fs_context = hostfs_init_fs_context,
> + .kill_sb = hostfs_kill_sb,
> + .fs_flags = 0,
> };
> MODULE_ALIAS_FS("hostfs");
>
2 months, 3 weeks
- 2
- 5
[PATCH v2] mtd: Add check and kfree() for kcalloc()
by Jiasheng Jiang
Add a check for kcalloc() to ensure successful allocation.
Moreover, add kfree() in the error-handling path to prevent memory leaks.
Fixes: 78c08247b9d3 ("mtd: Support kmsg dumper based on pstore/blk")
Cc: <stable(a)vger.kernel.org> # v5.10+
Signed-off-by: Jiasheng Jiang <jiashengjiangcool(a)gmail.com>
---
Changelog:
v1 -> v2:
1. Remove redundant logging.
2. Add kfree() in the error-handling path.
---
drivers/mtd/mtdpstore.c | 19 ++++++++++++++++++-
1 file changed, 18 insertions(+), 1 deletion(-)
diff --git a/drivers/mtd/mtdpstore.c b/drivers/mtd/mtdpstore.c
index 7ac8ac901306..2d8e330dd215 100644
--- a/drivers/mtd/mtdpstore.c
+++ b/drivers/mtd/mtdpstore.c
@@ -418,10 +418,17 @@ static void mtdpstore_notify_add(struct mtd_info *mtd)
longcnt = BITS_TO_LONGS(div_u64(mtd->size, info->kmsg_size));
cxt->rmmap = kcalloc(longcnt, sizeof(long), GFP_KERNEL);
+ if (!cxt->rmmap)
+ goto end;
+
cxt->usedmap = kcalloc(longcnt, sizeof(long), GFP_KERNEL);
+ if (!cxt->usedmap)
+ goto free_rmmap;
longcnt = BITS_TO_LONGS(div_u64(mtd->size, mtd->erasesize));
cxt->badmap = kcalloc(longcnt, sizeof(long), GFP_KERNEL);
+ if (!cxt->badmap)
+ goto free_usedmap;
/* just support dmesg right now */
cxt->dev.flags = PSTORE_FLAGS_DMESG;
@@ -435,10 +442,20 @@ static void mtdpstore_notify_add(struct mtd_info *mtd)
if (ret) {
dev_err(&mtd->dev, "mtd%d register to psblk failed\n",
mtd->index);
- return;
+ goto free_badmap;
}
cxt->mtd = mtd;
dev_info(&mtd->dev, "Attached to MTD device %d\n", mtd->index);
+ goto end;
+
+free_badmap:
+ kfree(cxt->badmap);
+free_usedmap:
+ kfree(cxt->usedmap);
+free_rmmap:
+ kfree(cxt->rmmap);
+end:
+ return;
}
static int mtdpstore_flush_removed_do(struct mtdpstore_context *cxt,
--
2.25.1
2 months, 3 weeks
- 4
- 9
[PATCH RFC] soc: qcom: pmic_glink: Fix device access from worker during suspend
by Abel Vesa
The pmic_glink_altmode_worker() currently gets scheduled on the system_wq.
When the system is suspended (s2idle), the fact that the worker can be
scheduled to run while devices are still suspended provesto be a problem
when a Type-C retimer, switch or mux that is controlled over a bus like
I2C, because the I2C controller is suspended.
This has been proven to be the case on the X Elite boards where such
retimers (ParadeTech PS8830) are used in order to handle Type-C
orientation and altmode configuration. The following warning is thrown:
[ 35.134876] i2c i2c-4: Transfer while suspended
[ 35.143865] WARNING: CPU: 0 PID: 99 at drivers/i2c/i2c-core.h:56 __i2c_transfer+0xb4/0x57c [i2c_core]
[ 35.352879] Workqueue: events pmic_glink_altmode_worker [pmic_glink_altmode]
[ 35.360179] pstate: 61400005 (nZCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)
[ 35.455242] Call trace:
[ 35.457826] __i2c_transfer+0xb4/0x57c [i2c_core] (P)
[ 35.463086] i2c_transfer+0x98/0xf0 [i2c_core]
[ 35.467713] i2c_transfer_buffer_flags+0x54/0x88 [i2c_core]
[ 35.473502] regmap_i2c_write+0x20/0x48 [regmap_i2c]
[ 35.478659] _regmap_raw_write_impl+0x780/0x944
[ 35.483401] _regmap_bus_raw_write+0x60/0x7c
[ 35.487848] _regmap_write+0x134/0x184
[ 35.491773] regmap_write+0x54/0x78
[ 35.495418] ps883x_set+0x58/0xec [ps883x]
[ 35.499688] ps883x_sw_set+0x60/0x84 [ps883x]
[ 35.504223] typec_switch_set+0x48/0x74 [typec]
[ 35.508952] pmic_glink_altmode_worker+0x44/0x1fc [pmic_glink_altmode]
[ 35.515712] process_scheduled_works+0x1a0/0x2d0
[ 35.520525] worker_thread+0x2a8/0x3c8
[ 35.524449] kthread+0xfc/0x184
[ 35.527749] ret_from_fork+0x10/0x20
The solution here is to schedule the altmode worker on the system_freezable_wq
instead of the system_wq. This will result in the altmode worker not being
scheduled to run until the devices are resumed first, which will give the
controllers like I2C a chance to resume before the transfer is requested.
Fixes: 080b4e24852b ("soc: qcom: pmic_glink: Introduce altmode support")
Cc: stable(a)vger.kernel.org # 6.3
Signed-off-by: Abel Vesa <abel.vesa(a)linaro.org>
---
drivers/soc/qcom/pmic_glink_altmode.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/soc/qcom/pmic_glink_altmode.c b/drivers/soc/qcom/pmic_glink_altmode.c
index bd06ce16180411059e9efb14d9aeccda27744280..bde129aa7d90a39becaa720376c0539bcaa492fb 100644
--- a/drivers/soc/qcom/pmic_glink_altmode.c
+++ b/drivers/soc/qcom/pmic_glink_altmode.c
@@ -295,7 +295,7 @@ static void pmic_glink_altmode_sc8180xp_notify(struct pmic_glink_altmode *altmod
alt_port->mode = mode;
alt_port->hpd_state = hpd_state;
alt_port->hpd_irq = hpd_irq;
- schedule_work(&alt_port->work);
+ queue_work(system_freezable_wq, &alt_port->work);
}
#define SC8280XP_DPAM_MASK 0x3f
@@ -338,7 +338,7 @@ static void pmic_glink_altmode_sc8280xp_notify(struct pmic_glink_altmode *altmod
alt_port->mode = mode;
alt_port->hpd_state = hpd_state;
alt_port->hpd_irq = hpd_irq;
- schedule_work(&alt_port->work);
+ queue_work(system_freezable_wq, &alt_port->work);
}
static void pmic_glink_altmode_callback(const void *data, size_t len, void *priv)
---
base-commit: 2b88851f583d3c4e40bcd40cfe1965241ec229dd
change-id: 20250110-soc-qcom-pmic-glink-fix-device-access-on-worker-while-suspended-af54c5e43ed6
Best regards,
--
Abel Vesa <abel.vesa(a)linaro.org>
2 months, 3 weeks
- 5
- 9
[PATCH v2 0/3] mtd: rawnand: cadence: improvement and fixes
by niravkumar.l.rabara@intel.com
From: Niravkumar L Rabara <niravkumar.l.rabara(a)intel.com>
This patchset introduces improvements and fixes for cadence nand driver.
The changes include:
1. Support deferred prob mechanism when DMA driver is not probed yet.
2. Map the slave DMA address using dma_map_resource. When ARM SMMU
is enabled, using a direct physical address of SDMA results in
DMA transaction failure.
3. Fixed the incorrect device context used for dma_unmap_single.
v2 changes:-
- Added the missing Fixes and Cc: stable tags to the patches.
Niravkumar L Rabara (3):
mtd: rawnand: cadence: support deferred prob when DMA is not ready
mtd: rawnand: cadence: use dma_map_resource for sdma address
mtd: rawnand: cadence: fix incorrect dev context in dma_unmap_single
.../mtd/nand/raw/cadence-nand-controller.c | 35 +++++++++++++++----
1 file changed, 28 insertions(+), 7 deletions(-)
--
2.25.1
2 months, 3 weeks
- 3
- 22
[PATCH v2] serial: 8250: Fix fifo underflow on flush
by John Keeping
When flushing the serial port's buffer, uart_flush_buffer() calls
kfifo_reset() but if there is an outstanding DMA transfer then the
completion function will consume data from the kfifo via
uart_xmit_advance(), underflowing and leading to ongoing DMA as the
driver tries to transmit another 2^32 bytes.
This is readily reproduced with serial-generic and amidi sending even
short messages as closing the device on exit will wait for the fifo to
drain and in the underflow case amidi hangs for 30 seconds on exit in
tty_wait_until_sent(). A trace of that gives:
kworker/1:1-84 [001] 51.769423: bprint: serial8250_tx_dma: tx_size=3 fifo_len=3
amidi-763 [001] 51.769460: bprint: uart_flush_buffer: resetting fifo
irq/21-fe530000-76 [000] 51.769474: bprint: __dma_tx_complete: tx_size=3
irq/21-fe530000-76 [000] 51.769479: bprint: serial8250_tx_dma: tx_size=4096 fifo_len=4294967293
irq/21-fe530000-76 [000] 51.781295: bprint: __dma_tx_complete: tx_size=4096
irq/21-fe530000-76 [000] 51.781301: bprint: serial8250_tx_dma: tx_size=4096 fifo_len=4294963197
irq/21-fe530000-76 [000] 51.793131: bprint: __dma_tx_complete: tx_size=4096
irq/21-fe530000-76 [000] 51.793135: bprint: serial8250_tx_dma: tx_size=4096 fifo_len=4294959101
irq/21-fe530000-76 [000] 51.804949: bprint: __dma_tx_complete: tx_size=4096
Since the port lock is held in when the kfifo is reset in
uart_flush_buffer() and in __dma_tx_complete(), adding a flush_buffer
hook to adjust the outstanding DMA byte count is sufficient to avoid the
kfifo underflow.
Fixes: 9ee4b83e51f74 ("serial: 8250: Add support for dmaengine")
Cc: stable(a)vger.kernel.org
Signed-off-by: John Keeping <jkeeping(a)inmusicbrands.com>
---
Changes in v2:
- Add Fixes: tag
- Return early to reduce indentation in serial8250_tx_dma_flush()
drivers/tty/serial/8250/8250.h | 1 +
drivers/tty/serial/8250/8250_dma.c | 16 ++++++++++++++++
drivers/tty/serial/8250/8250_port.c | 9 +++++++++
3 files changed, 26 insertions(+)
diff --git a/drivers/tty/serial/8250/8250.h b/drivers/tty/serial/8250/8250.h
index 11e05aa014e54..8ef45622e4363 100644
--- a/drivers/tty/serial/8250/8250.h
+++ b/drivers/tty/serial/8250/8250.h
@@ -374,6 +374,7 @@ static inline int is_omap1510_8250(struct uart_8250_port *pt)
#ifdef CONFIG_SERIAL_8250_DMA
extern int serial8250_tx_dma(struct uart_8250_port *);
+extern void serial8250_tx_dma_flush(struct uart_8250_port *);
extern int serial8250_rx_dma(struct uart_8250_port *);
extern void serial8250_rx_dma_flush(struct uart_8250_port *);
extern int serial8250_request_dma(struct uart_8250_port *);
diff --git a/drivers/tty/serial/8250/8250_dma.c b/drivers/tty/serial/8250/8250_dma.c
index d215c494ee24c..f245a84f4a508 100644
--- a/drivers/tty/serial/8250/8250_dma.c
+++ b/drivers/tty/serial/8250/8250_dma.c
@@ -149,6 +149,22 @@ int serial8250_tx_dma(struct uart_8250_port *p)
return ret;
}
+void serial8250_tx_dma_flush(struct uart_8250_port *p)
+{
+ struct uart_8250_dma *dma = p->dma;
+
+ if (!dma->tx_running)
+ return;
+
+ /*
+ * kfifo_reset() has been called by the serial core, avoid
+ * advancing and underflowing in __dma_tx_complete().
+ */
+ dma->tx_size = 0;
+
+ dmaengine_terminate_async(dma->rxchan);
+}
+
int serial8250_rx_dma(struct uart_8250_port *p)
{
struct uart_8250_dma *dma = p->dma;
diff --git a/drivers/tty/serial/8250/8250_port.c b/drivers/tty/serial/8250/8250_port.c
index d7976a21cca9c..442967a6cd52d 100644
--- a/drivers/tty/serial/8250/8250_port.c
+++ b/drivers/tty/serial/8250/8250_port.c
@@ -2555,6 +2555,14 @@ static void serial8250_shutdown(struct uart_port *port)
serial8250_do_shutdown(port);
}
+static void serial8250_flush_buffer(struct uart_port *port)
+{
+ struct uart_8250_port *up = up_to_u8250p(port);
+
+ if (up->dma)
+ serial8250_tx_dma_flush(up);
+}
+
static unsigned int serial8250_do_get_divisor(struct uart_port *port,
unsigned int baud,
unsigned int *frac)
@@ -3244,6 +3252,7 @@ static const struct uart_ops serial8250_pops = {
.break_ctl = serial8250_break_ctl,
.startup = serial8250_startup,
.shutdown = serial8250_shutdown,
+ .flush_buffer = serial8250_flush_buffer,
.set_termios = serial8250_set_termios,
.set_ldisc = serial8250_set_ldisc,
.pm = serial8250_pm,
--
2.48.1
2 months, 3 weeks
- 2
- 1
[PATCH v3] arm64: Handle .ARM.attributes section in linker scripts
by Nathan Chancellor
A recent LLVM commit [1] started generating an .ARM.attributes section
similar to the one that exists for 32-bit, which results in orphan
section warnings (or errors if CONFIG_WERROR is enabled) from the linker
because it is not handled in the arm64 linker scripts.
ld.lld: error: arch/arm64/kernel/vdso/vgettimeofday.o:(.ARM.attributes) is being placed in '.ARM.attributes'
ld.lld: error: arch/arm64/kernel/vdso/vgetrandom.o:(.ARM.attributes) is being placed in '.ARM.attributes'
ld.lld: error: vmlinux.a(lib/vsprintf.o):(.ARM.attributes) is being placed in '.ARM.attributes'
ld.lld: error: vmlinux.a(lib/win_minmax.o):(.ARM.attributes) is being placed in '.ARM.attributes'
ld.lld: error: vmlinux.a(lib/xarray.o):(.ARM.attributes) is being placed in '.ARM.attributes'
Discard the new sections in the necessary linker scripts to resolve the
warnings, as the kernel and vDSO do not need to retain it, similar to
the .note.gnu.property section.
Cc: stable(a)vger.kernel.org
Fixes: b3e5d80d0c48 ("arm64/build: Warn on orphan section placement")
Link: https://github.com/llvm/llvm-project/commit/ee99c4d4845db66c4daa2373352133f… [1]
Signed-off-by: Nathan Chancellor <nathan(a)kernel.org>
---
Changes in v3:
- Update location of section discard in vDSO to align with
.note.gnu.property discard since the sectionss are similar in
nature (Will).
- Link to v2: https://lore.kernel.org/r/20250204-arm64-handle-arm-attributes-in-linker-sc…
Changes in v2:
- Discard the section instead of adding it to the final artifacts to
mirror the .note.gnu.property section handling (Will).
- Link to v1: https://lore.kernel.org/r/20250124-arm64-handle-arm-attributes-in-linker-sc…
---
arch/arm64/kernel/vdso/vdso.lds.S | 1 +
arch/arm64/kernel/vmlinux.lds.S | 1 +
2 files changed, 2 insertions(+)
diff --git a/arch/arm64/kernel/vdso/vdso.lds.S b/arch/arm64/kernel/vdso/vdso.lds.S
index 4ec32e86a8da..47ad6944f9f0 100644
--- a/arch/arm64/kernel/vdso/vdso.lds.S
+++ b/arch/arm64/kernel/vdso/vdso.lds.S
@@ -41,6 +41,7 @@ SECTIONS
*/
/DISCARD/ : {
*(.note.GNU-stack .note.gnu.property)
+ *(.ARM.attributes)
}
.note : { *(.note.*) } :text :note
diff --git a/arch/arm64/kernel/vmlinux.lds.S b/arch/arm64/kernel/vmlinux.lds.S
index f84c71f04d9e..e73326bd3ff7 100644
--- a/arch/arm64/kernel/vmlinux.lds.S
+++ b/arch/arm64/kernel/vmlinux.lds.S
@@ -162,6 +162,7 @@ SECTIONS
/DISCARD/ : {
*(.interp .dynamic)
*(.dynsym .dynstr .hash .gnu.hash)
+ *(.ARM.attributes)
}
. = KIMAGE_VADDR;
---
base-commit: 1dd3393696efba1598aa7692939bba99d0cffae3
change-id: 20250123-arm64-handle-arm-attributes-in-linker-script-82aee25313ac
Best regards,
--
Nathan Chancellor <nathan(a)kernel.org>
2 months, 3 weeks
- 2
- 1
[PATCH v1 13/16] mm: Don't skip arch_sync_kernel_mappings() in error paths
by Ryan Roberts
Fix callers that previously skipped calling arch_sync_kernel_mappings()
if an error occurred during a pgtable update. The call is still required
to sync any pgtable updates that may have occurred prior to hitting the
error condition.
These are theoretical bugs discovered during code review.
Cc: <stable(a)vger.kernel.org>
Fixes: 2ba3e6947aed ("mm/vmalloc: track which page-table levels were modified")
Fixes: 0c95cba49255 ("mm: apply_to_pte_range warn and fail if a large pte is encountered")
Signed-off-by: Ryan Roberts <ryan.roberts(a)arm.com>
---
mm/memory.c | 6 ++++--
mm/vmalloc.c | 4 ++--
2 files changed, 6 insertions(+), 4 deletions(-)
diff --git a/mm/memory.c b/mm/memory.c
index 539c0f7c6d54..a15f7dd500ea 100644
--- a/mm/memory.c
+++ b/mm/memory.c
@@ -3040,8 +3040,10 @@ static int __apply_to_page_range(struct mm_struct *mm, unsigned long addr,
next = pgd_addr_end(addr, end);
if (pgd_none(*pgd) && !create)
continue;
- if (WARN_ON_ONCE(pgd_leaf(*pgd)))
- return -EINVAL;
+ if (WARN_ON_ONCE(pgd_leaf(*pgd))) {
+ err = -EINVAL;
+ break;
+ }
if (!pgd_none(*pgd) && WARN_ON_ONCE(pgd_bad(*pgd))) {
if (!create)
continue;
diff --git a/mm/vmalloc.c b/mm/vmalloc.c
index 6111ce900ec4..68950b1824d0 100644
--- a/mm/vmalloc.c
+++ b/mm/vmalloc.c
@@ -604,13 +604,13 @@ static int vmap_small_pages_range_noflush(unsigned long addr, unsigned long end,
mask |= PGTBL_PGD_MODIFIED;
err = vmap_pages_p4d_range(pgd, addr, next, prot, pages, &nr, &mask);
if (err)
- return err;
+ break;
} while (pgd++, addr = next, addr != end);
if (mask & ARCH_PAGE_TABLE_SYNC_MASK)
arch_sync_kernel_mappings(start, end);
- return 0;
+ return err;
}
/*
--
2.43.0
2 months, 3 weeks
- 2
- 1
[PATCH] pidfs: improve ioctl handling
by Christian Brauner
Pidfs supports extensible and non-extensible ioctls. The extensible
ioctls need to check for the ioctl number itself not just the ioctl
command otherwise both backward- and forward compatibility are broken.
The pidfs ioctl handler also needs to look at the type of the ioctl
command to guard against cases where "[...] a daemon receives some
random file descriptor from a (potentially less privileged) client and
expects the FD to be of some specific type, it might call ioctl() on
this FD with some type-specific command and expect the call to fail if
the FD is of the wrong type; but due to the missing type check, the
kernel instead performs some action that userspace didn't expect."
(cf. [1]]
Reported-by: Jann Horn <jannh(a)google.com>
Cc: stable(a)vger.kernel.org # v6.13
Fixes: https://lore.kernel.org/r/CAG48ez2K9A5GwtgqO31u9ZL292we8ZwAA=TJwwEv7wRuJ3j4… [1]
Signed-off-by: Christian Brauner <brauner(a)kernel.org>
---
Hey,
Jann reported that the pidfs extensible ioctl checking has two issues:
(1) We check for the ioctl command, not the number breaking forward and
backward compatibility.
(2) We don't verify the type encoded in the ioctl to guard against
ioctl number collisions.
This adresses both.
Greg, when this patch (or a version thereof) lands upstream then it
needs to please be backported to v6.13 together with the already
upstream commit 8ce352818820 ("pidfs: check for valid ioctl commands").
Christian
---
fs/pidfs.c | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/fs/pidfs.c b/fs/pidfs.c
index 049352f973de..63f9699ebac3 100644
--- a/fs/pidfs.c
+++ b/fs/pidfs.c
@@ -287,7 +287,6 @@ static bool pidfs_ioctl_valid(unsigned int cmd)
switch (cmd) {
case FS_IOC_GETVERSION:
case PIDFD_GET_CGROUP_NAMESPACE:
- case PIDFD_GET_INFO:
case PIDFD_GET_IPC_NAMESPACE:
case PIDFD_GET_MNT_NAMESPACE:
case PIDFD_GET_NET_NAMESPACE:
@@ -300,6 +299,17 @@ static bool pidfs_ioctl_valid(unsigned int cmd)
return true;
}
+ /* Extensible ioctls require some more careful checks. */
+ switch (_IOC_NR(cmd)) {
+ case _IOC_NR(PIDFD_GET_INFO):
+ /*
+ * Try to prevent performing a pidfd ioctl when someone
+ * erronously mistook the file descriptor for a pidfd.
+ * This is not perfect but will catch most cases.
+ */
+ return (_IOC_TYPE(cmd) == _IOC_TYPE(PIDFD_GET_INFO));
+ }
+
return false;
}
---
base-commit: 6470d2c6d4233a781c67f842d3c066bf1cfa4fdc
change-id: 20250204-work-pidfs-ioctl-6ef79a65e36b
2 months, 3 weeks
- 4
- 4
[PATCH 4/4] batman-adv: Fix incorrect offset in batadv_tt_tvlv_ogm_handler_v1()
by Simon Wunderlich
From: Remi Pommarel <repk(a)triplefau.lt>
Since commit 4436df478860 ("batman-adv: Add flex array to struct
batadv_tvlv_tt_data"), the introduction of batadv_tvlv_tt_data's flex
array member in batadv_tt_tvlv_ogm_handler_v1() put tt_changes at
invalid offset. Those TT changes are supposed to be filled from the end
of batadv_tvlv_tt_data structure (including vlan_data flexible array),
but only the flex array size is taken into account missing completely
the size of the fixed part of the structure itself.
Fix the tt_change offset computation by using struct_size() instead of
flex_array_size() so both flex array member and its container structure
sizes are taken into account.
Cc: stable(a)vger.kernel.org
Fixes: 4436df478860 ("batman-adv: Add flex array to struct batadv_tvlv_tt_data")
Signed-off-by: Remi Pommarel <repk(a)triplefau.lt>
Signed-off-by: Sven Eckelmann <sven(a)narfation.org>
Signed-off-by: Simon Wunderlich <sw(a)simonwunderlich.de>
---
net/batman-adv/translation-table.c | 12 +++++-------
1 file changed, 5 insertions(+), 7 deletions(-)
diff --git a/net/batman-adv/translation-table.c b/net/batman-adv/translation-table.c
index 760d51fdbdf6..7d5de4cbb814 100644
--- a/net/batman-adv/translation-table.c
+++ b/net/batman-adv/translation-table.c
@@ -3959,23 +3959,21 @@ static void batadv_tt_tvlv_ogm_handler_v1(struct batadv_priv *bat_priv,
struct batadv_tvlv_tt_change *tt_change;
struct batadv_tvlv_tt_data *tt_data;
u16 num_entries, num_vlan;
- size_t flex_size;
+ size_t tt_data_sz;
if (tvlv_value_len < sizeof(*tt_data))
return;
tt_data = tvlv_value;
- tvlv_value_len -= sizeof(*tt_data);
-
num_vlan = ntohs(tt_data->num_vlan);
- flex_size = flex_array_size(tt_data, vlan_data, num_vlan);
- if (tvlv_value_len < flex_size)
+ tt_data_sz = struct_size(tt_data, vlan_data, num_vlan);
+ if (tvlv_value_len < tt_data_sz)
return;
tt_change = (struct batadv_tvlv_tt_change *)((void *)tt_data
- + flex_size);
- tvlv_value_len -= flex_size;
+ + tt_data_sz);
+ tvlv_value_len -= tt_data_sz;
num_entries = batadv_tt_entries(tvlv_value_len);
--
2.39.5
2 months, 3 weeks
- 1
- 0
[PATCH 3/4] batman-adv: Drop unmanaged ELP metric worker
by Simon Wunderlich
From: Sven Eckelmann <sven(a)narfation.org>
The ELP worker needs to calculate new metric values for all neighbors
"reachable" over an interface. Some of the used metric sources require
locks which might need to sleep. This sleep is incompatible with the RCU
list iterator used for the recorded neighbors. The initial approach to work
around of this problem was to queue another work item per neighbor and then
run this in a new context.
Even when this solved the RCU vs might_sleep() conflict, it has a major
problems: Nothing was stopping the work item in case it is not needed
anymore - for example because one of the related interfaces was removed or
the batman-adv module was unloaded - resulting in potential invalid memory
accesses.
Directly canceling the metric worker also has various problems:
* cancel_work_sync for a to-be-deactivated interface is called with
rtnl_lock held. But the code in the ELP metric worker also tries to use
rtnl_lock() - which will never return in this case. This also means that
cancel_work_sync would never return because it is waiting for the worker
to finish.
* iterating over the neighbor list for the to-be-deactivated interface is
currently done using the RCU specific methods. Which means that it is
possible to miss items when iterating over it without the associated
spinlock - a behaviour which is acceptable for a periodic metric check
but not for a cleanup routine (which must "stop" all still running
workers)
The better approch is to get rid of the per interface neighbor metric
worker and handle everything in the interface worker. The original problems
are solved by:
* creating a list of neighbors which require new metric information inside
the RCU protected context, gathering the metric according to the new list
outside the RCU protected context
* only use rcu_trylock inside metric gathering code to avoid a deadlock
when the cancel_delayed_work_sync is called in the interface removal code
(which is called with the rtnl_lock held)
Cc: stable(a)vger.kernel.org
Fixes: c833484e5f38 ("batman-adv: ELP - compute the metric based on the estimated throughput")
Signed-off-by: Sven Eckelmann <sven(a)narfation.org>
Signed-off-by: Simon Wunderlich <sw(a)simonwunderlich.de>
---
net/batman-adv/bat_v.c | 2 --
net/batman-adv/bat_v_elp.c | 71 ++++++++++++++++++++++++++------------
net/batman-adv/bat_v_elp.h | 2 --
net/batman-adv/types.h | 3 --
4 files changed, 48 insertions(+), 30 deletions(-)
diff --git a/net/batman-adv/bat_v.c b/net/batman-adv/bat_v.c
index ac11f1f08db0..d35479c465e2 100644
--- a/net/batman-adv/bat_v.c
+++ b/net/batman-adv/bat_v.c
@@ -113,8 +113,6 @@ static void
batadv_v_hardif_neigh_init(struct batadv_hardif_neigh_node *hardif_neigh)
{
ewma_throughput_init(&hardif_neigh->bat_v.throughput);
- INIT_WORK(&hardif_neigh->bat_v.metric_work,
- batadv_v_elp_throughput_metric_update);
}
/**
diff --git a/net/batman-adv/bat_v_elp.c b/net/batman-adv/bat_v_elp.c
index 65e52de52bcd..b065578b4436 100644
--- a/net/batman-adv/bat_v_elp.c
+++ b/net/batman-adv/bat_v_elp.c
@@ -18,6 +18,7 @@
#include <linux/if_ether.h>
#include <linux/jiffies.h>
#include <linux/kref.h>
+#include <linux/list.h>
#include <linux/minmax.h>
#include <linux/netdevice.h>
#include <linux/nl80211.h>
@@ -26,6 +27,7 @@
#include <linux/rcupdate.h>
#include <linux/rtnetlink.h>
#include <linux/skbuff.h>
+#include <linux/slab.h>
#include <linux/stddef.h>
#include <linux/string.h>
#include <linux/types.h>
@@ -41,6 +43,18 @@
#include "routing.h"
#include "send.h"
+/**
+ * struct batadv_v_metric_queue_entry - list of hardif neighbors which require
+ * and metric update
+ */
+struct batadv_v_metric_queue_entry {
+ /** @hardif_neigh: hardif neighbor scheduled for metric update */
+ struct batadv_hardif_neigh_node *hardif_neigh;
+
+ /** @list: list node for metric_queue */
+ struct list_head list;
+};
+
/**
* batadv_v_elp_start_timer() - restart timer for ELP periodic work
* @hard_iface: the interface for which the timer has to be reset
@@ -137,10 +151,17 @@ static bool batadv_v_elp_get_throughput(struct batadv_hardif_neigh_node *neigh,
goto default_throughput;
}
+ /* only use rtnl_trylock because the elp worker will be cancelled while
+ * the rntl_lock is held. the cancel_delayed_work_sync() would otherwise
+ * wait forever when the elp work_item was started and it is then also
+ * trying to rtnl_lock
+ */
+ if (!rtnl_trylock())
+ return false;
+
/* if not a wifi interface, check if this device provides data via
* ethtool (e.g. an Ethernet adapter)
*/
- rtnl_lock();
ret = __ethtool_get_link_ksettings(hard_iface->net_dev, &link_settings);
rtnl_unlock();
if (ret == 0) {
@@ -175,31 +196,19 @@ static bool batadv_v_elp_get_throughput(struct batadv_hardif_neigh_node *neigh,
/**
* batadv_v_elp_throughput_metric_update() - worker updating the throughput
* metric of a single hop neighbour
- * @work: the work queue item
+ * @neigh: the neighbour to probe
*/
-void batadv_v_elp_throughput_metric_update(struct work_struct *work)
+static void
+batadv_v_elp_throughput_metric_update(struct batadv_hardif_neigh_node *neigh)
{
- struct batadv_hardif_neigh_node_bat_v *neigh_bat_v;
- struct batadv_hardif_neigh_node *neigh;
u32 throughput;
bool valid;
- neigh_bat_v = container_of(work, struct batadv_hardif_neigh_node_bat_v,
- metric_work);
- neigh = container_of(neigh_bat_v, struct batadv_hardif_neigh_node,
- bat_v);
-
valid = batadv_v_elp_get_throughput(neigh, &throughput);
if (!valid)
- goto put_neigh;
+ return;
ewma_throughput_add(&neigh->bat_v.throughput, throughput);
-
-put_neigh:
- /* decrement refcounter to balance increment performed before scheduling
- * this task
- */
- batadv_hardif_neigh_put(neigh);
}
/**
@@ -273,14 +282,16 @@ batadv_v_elp_wifi_neigh_probe(struct batadv_hardif_neigh_node *neigh)
*/
static void batadv_v_elp_periodic_work(struct work_struct *work)
{
+ struct batadv_v_metric_queue_entry *metric_entry;
+ struct batadv_v_metric_queue_entry *metric_safe;
struct batadv_hardif_neigh_node *hardif_neigh;
struct batadv_hard_iface *hard_iface;
struct batadv_hard_iface_bat_v *bat_v;
struct batadv_elp_packet *elp_packet;
+ struct list_head metric_queue;
struct batadv_priv *bat_priv;
struct sk_buff *skb;
u32 elp_interval;
- bool ret;
bat_v = container_of(work, struct batadv_hard_iface_bat_v, elp_wq.work);
hard_iface = container_of(bat_v, struct batadv_hard_iface, bat_v);
@@ -316,6 +327,8 @@ static void batadv_v_elp_periodic_work(struct work_struct *work)
atomic_inc(&hard_iface->bat_v.elp_seqno);
+ INIT_LIST_HEAD(&metric_queue);
+
/* The throughput metric is updated on each sent packet. This way, if a
* node is dead and no longer sends packets, batman-adv is still able to
* react timely to its death.
@@ -340,16 +353,28 @@ static void batadv_v_elp_periodic_work(struct work_struct *work)
/* Reading the estimated throughput from cfg80211 is a task that
* may sleep and that is not allowed in an rcu protected
- * context. Therefore schedule a task for that.
+ * context. Therefore add it to metric_queue and process it
+ * outside rcu protected context.
*/
- ret = queue_work(batadv_event_workqueue,
- &hardif_neigh->bat_v.metric_work);
-
- if (!ret)
+ metric_entry = kzalloc(sizeof(*metric_entry), GFP_ATOMIC);
+ if (!metric_entry) {
batadv_hardif_neigh_put(hardif_neigh);
+ continue;
+ }
+
+ metric_entry->hardif_neigh = hardif_neigh;
+ list_add(&metric_entry->list, &metric_queue);
}
rcu_read_unlock();
+ list_for_each_entry_safe(metric_entry, metric_safe, &metric_queue, list) {
+ batadv_v_elp_throughput_metric_update(metric_entry->hardif_neigh);
+
+ batadv_hardif_neigh_put(metric_entry->hardif_neigh);
+ list_del(&metric_entry->list);
+ kfree(metric_entry);
+ }
+
restart_timer:
batadv_v_elp_start_timer(hard_iface);
out:
diff --git a/net/batman-adv/bat_v_elp.h b/net/batman-adv/bat_v_elp.h
index 9e2740195fa2..c9cb0a307100 100644
--- a/net/batman-adv/bat_v_elp.h
+++ b/net/batman-adv/bat_v_elp.h
@@ -10,7 +10,6 @@
#include "main.h"
#include <linux/skbuff.h>
-#include <linux/workqueue.h>
int batadv_v_elp_iface_enable(struct batadv_hard_iface *hard_iface);
void batadv_v_elp_iface_disable(struct batadv_hard_iface *hard_iface);
@@ -19,6 +18,5 @@ void batadv_v_elp_iface_activate(struct batadv_hard_iface *primary_iface,
void batadv_v_elp_primary_iface_set(struct batadv_hard_iface *primary_iface);
int batadv_v_elp_packet_recv(struct sk_buff *skb,
struct batadv_hard_iface *if_incoming);
-void batadv_v_elp_throughput_metric_update(struct work_struct *work);
#endif /* _NET_BATMAN_ADV_BAT_V_ELP_H_ */
diff --git a/net/batman-adv/types.h b/net/batman-adv/types.h
index 04f6398b3a40..85a50096f5b2 100644
--- a/net/batman-adv/types.h
+++ b/net/batman-adv/types.h
@@ -596,9 +596,6 @@ struct batadv_hardif_neigh_node_bat_v {
* neighbor
*/
unsigned long last_unicast_tx;
-
- /** @metric_work: work queue callback item for metric update */
- struct work_struct metric_work;
};
/**
--
2.39.5
2 months, 3 weeks
- 1
- 0
[PATCH 2/4] batman-adv: Ignore neighbor throughput metrics in error case
by Simon Wunderlich
From: Sven Eckelmann <sven(a)narfation.org>
If a temporary error happened in the evaluation of the neighbor throughput
information, then the invalid throughput result should not be stored in the
throughtput EWMA.
Cc: stable(a)vger.kernel.org
Signed-off-by: Sven Eckelmann <sven(a)narfation.org>
Signed-off-by: Simon Wunderlich <sw(a)simonwunderlich.de>
---
net/batman-adv/bat_v_elp.c | 50 ++++++++++++++++++++++++++------------
1 file changed, 34 insertions(+), 16 deletions(-)
diff --git a/net/batman-adv/bat_v_elp.c b/net/batman-adv/bat_v_elp.c
index fbf499bcc671..65e52de52bcd 100644
--- a/net/batman-adv/bat_v_elp.c
+++ b/net/batman-adv/bat_v_elp.c
@@ -59,11 +59,13 @@ static void batadv_v_elp_start_timer(struct batadv_hard_iface *hard_iface)
/**
* batadv_v_elp_get_throughput() - get the throughput towards a neighbour
* @neigh: the neighbour for which the throughput has to be obtained
+ * @pthroughput: calculated throughput towards the given neighbour in multiples
+ * of 100kpbs (a value of '1' equals 0.1Mbps, '10' equals 1Mbps, etc).
*
- * Return: The throughput towards the given neighbour in multiples of 100kpbs
- * (a value of '1' equals 0.1Mbps, '10' equals 1Mbps, etc).
+ * Return: true when value behind @pthroughput was set
*/
-static u32 batadv_v_elp_get_throughput(struct batadv_hardif_neigh_node *neigh)
+static bool batadv_v_elp_get_throughput(struct batadv_hardif_neigh_node *neigh,
+ u32 *pthroughput)
{
struct batadv_hard_iface *hard_iface = neigh->if_incoming;
struct net_device *soft_iface = hard_iface->soft_iface;
@@ -77,14 +79,16 @@ static u32 batadv_v_elp_get_throughput(struct batadv_hardif_neigh_node *neigh)
* batman-adv interface
*/
if (!soft_iface)
- return BATADV_THROUGHPUT_DEFAULT_VALUE;
+ return false;
/* if the user specified a customised value for this interface, then
* return it directly
*/
throughput = atomic_read(&hard_iface->bat_v.throughput_override);
- if (throughput != 0)
- return throughput;
+ if (throughput != 0) {
+ *pthroughput = throughput;
+ return true;
+ }
/* if this is a wireless device, then ask its throughput through
* cfg80211 API
@@ -111,19 +115,24 @@ static u32 batadv_v_elp_get_throughput(struct batadv_hardif_neigh_node *neigh)
* possible to delete this neighbor. For now set
* the throughput metric to 0.
*/
- return 0;
+ *pthroughput = 0;
+ return true;
}
if (ret)
goto default_throughput;
- if (sinfo.filled & BIT(NL80211_STA_INFO_EXPECTED_THROUGHPUT))
- return sinfo.expected_throughput / 100;
+ if (sinfo.filled & BIT(NL80211_STA_INFO_EXPECTED_THROUGHPUT)) {
+ *pthroughput = sinfo.expected_throughput / 100;
+ return true;
+ }
/* try to estimate the expected throughput based on reported tx
* rates
*/
- if (sinfo.filled & BIT(NL80211_STA_INFO_TX_BITRATE))
- return cfg80211_calculate_bitrate(&sinfo.txrate) / 3;
+ if (sinfo.filled & BIT(NL80211_STA_INFO_TX_BITRATE)) {
+ *pthroughput = cfg80211_calculate_bitrate(&sinfo.txrate) / 3;
+ return true;
+ }
goto default_throughput;
}
@@ -142,8 +151,10 @@ static u32 batadv_v_elp_get_throughput(struct batadv_hardif_neigh_node *neigh)
hard_iface->bat_v.flags &= ~BATADV_FULL_DUPLEX;
throughput = link_settings.base.speed;
- if (throughput && throughput != SPEED_UNKNOWN)
- return throughput * 10;
+ if (throughput && throughput != SPEED_UNKNOWN) {
+ *pthroughput = throughput * 10;
+ return true;
+ }
}
default_throughput:
@@ -157,7 +168,8 @@ static u32 batadv_v_elp_get_throughput(struct batadv_hardif_neigh_node *neigh)
}
/* if none of the above cases apply, return the base_throughput */
- return BATADV_THROUGHPUT_DEFAULT_VALUE;
+ *pthroughput = BATADV_THROUGHPUT_DEFAULT_VALUE;
+ return true;
}
/**
@@ -169,15 +181,21 @@ void batadv_v_elp_throughput_metric_update(struct work_struct *work)
{
struct batadv_hardif_neigh_node_bat_v *neigh_bat_v;
struct batadv_hardif_neigh_node *neigh;
+ u32 throughput;
+ bool valid;
neigh_bat_v = container_of(work, struct batadv_hardif_neigh_node_bat_v,
metric_work);
neigh = container_of(neigh_bat_v, struct batadv_hardif_neigh_node,
bat_v);
- ewma_throughput_add(&neigh->bat_v.throughput,
- batadv_v_elp_get_throughput(neigh));
+ valid = batadv_v_elp_get_throughput(neigh, &throughput);
+ if (!valid)
+ goto put_neigh;
+
+ ewma_throughput_add(&neigh->bat_v.throughput, throughput);
+put_neigh:
/* decrement refcounter to balance increment performed before scheduling
* this task
*/
--
2.39.5
2 months, 3 weeks
- 1
- 0
[PATCH net-next 0/4] ptp: vmclock: bugfixes and cleanups for error handling
by Thomas Weißschuh
Some error handling issues I noticed while looking at the code.
Only compile-tested.
Signed-off-by: Thomas Weißschuh <thomas.weissschuh(a)linutronix.de>
---
Thomas Weißschuh (4):
ptp: vmclock: Set driver data before its usage
ptp: vmclock: Don't unregister misc device if it was not registered
ptp: vmclock: Clean up miscdev and ptp clock through devres
ptp: vmclock: Remove goto-based cleanup logic
drivers/ptp/ptp_vmclock.c | 46 ++++++++++++++++++++--------------------------
1 file changed, 20 insertions(+), 26 deletions(-)
---
base-commit: 2014c95afecee3e76ca4a56956a936e23283f05b
change-id: 20250206-vmclock-probe-57cbcb770925
Best regards,
--
Thomas Weißschuh <thomas.weissschuh(a)linutronix.de>
2 months, 3 weeks
- 4
- 9
[PATCH] fs/xattr: actually support O_PATH fds in *xattrat() syscalls
by Mike Yuan
Cited from commit message of original patch [1]:
> One use case will be setfiles(8) setting SELinux file contexts
> ("security.selinux") without race conditions and without a file
> descriptor opened with read access requiring SELinux read permission.
Also, generally all *at() syscalls operate on O_PATH fds, unlike
f*() ones. Yet the O_PATH fds are rejected by *xattrat() syscalls
in the final version merged into tree. Instead, let's switch things
to CLASS(fd_raw).
Note that there's one side effect: f*xattr() starts to work with
O_PATH fds too. It's not clear to me whether this is desirable
(e.g. fstat() accepts O_PATH fds as an outlier).
[1] https://lore.kernel.org/all/20240426162042.191916-1-cgoettsche@seltendoof.d…
Fixes: 6140be90ec70 ("fs/xattr: add *at family syscalls")
Signed-off-by: Mike Yuan <me(a)yhndnzj.com>
Cc: Al Viro <viro(a)zeniv.linux.org.uk>
Cc: Christian Göttsche <cgzones(a)googlemail.com>
Cc: Christian Brauner <brauner(a)kernel.org>
Cc: <stable(a)vger.kernel.org>
---
fs/xattr.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/fs/xattr.c b/fs/xattr.c
index 02bee149ad96..15df71e56187 100644
--- a/fs/xattr.c
+++ b/fs/xattr.c
@@ -704,7 +704,7 @@ static int path_setxattrat(int dfd, const char __user *pathname,
filename = getname_maybe_null(pathname, at_flags);
if (!filename) {
- CLASS(fd, f)(dfd);
+ CLASS(fd_raw, f)(dfd);
if (fd_empty(f))
error = -EBADF;
else
@@ -848,7 +848,7 @@ static ssize_t path_getxattrat(int dfd, const char __user *pathname,
filename = getname_maybe_null(pathname, at_flags);
if (!filename) {
- CLASS(fd, f)(dfd);
+ CLASS(fd_raw, f)(dfd);
if (fd_empty(f))
return -EBADF;
return file_getxattr(fd_file(f), &ctx);
@@ -978,7 +978,7 @@ static ssize_t path_listxattrat(int dfd, const char __user *pathname,
filename = getname_maybe_null(pathname, at_flags);
if (!filename) {
- CLASS(fd, f)(dfd);
+ CLASS(fd_raw, f)(dfd);
if (fd_empty(f))
return -EBADF;
return file_listxattr(fd_file(f), list, size);
@@ -1079,7 +1079,7 @@ static int path_removexattrat(int dfd, const char __user *pathname,
filename = getname_maybe_null(pathname, at_flags);
if (!filename) {
- CLASS(fd, f)(dfd);
+ CLASS(fd_raw, f)(dfd);
if (fd_empty(f))
return -EBADF;
return file_removexattr(fd_file(f), &kname);
base-commit: a86bf2283d2c9769205407e2b54777c03d012939
--
2.48.1
2 months, 3 weeks
- 2
- 9
[tip: timers/urgent] timers/migration: Fix off-by-one root mis-connection
by tip-bot2 for Frederic Weisbecker
The following commit has been merged into the timers/urgent branch of tip:
Commit-ID: 868c9037df626b3c245ee26a290a03ae1f9f58d3
Gitweb: https://git.kernel.org/tip/868c9037df626b3c245ee26a290a03ae1f9f58d3
Author: Frederic Weisbecker <frederic(a)kernel.org>
AuthorDate: Wed, 05 Feb 2025 17:02:20 +01:00
Committer: Thomas Gleixner <tglx(a)linutronix.de>
CommitterDate: Fri, 07 Feb 2025 09:02:16 +01:00
timers/migration: Fix off-by-one root mis-connection
Before attaching a new root to the old root, the children counter of the
new root is checked to verify that only the upcoming CPU's top group have
been connected to it. However since the recently added commit b729cc1ec21a
("timers/migration: Fix another race between hotplug and idle entry/exit")
this check is not valid anymore because the old root is pre-accounted
as a child to the new root. Therefore after connecting the upcoming
CPU's top group to the new root, the children count to be expected must
be 2 and not 1 anymore.
This omission results in the old root to not be connected to the new
root. Then eventually the system may run with more than one top level,
which defeats the purpose of a single idle migrator.
Also the old root is pre-accounted but not connected upon the new root
creation. But it can be connected to the new root later on. Therefore
the old root may be accounted twice to the new root. The propagation of
such overcommit can end up creating a double final top-level root with a
groupmask incorrectly initialized. Although harmless given that the final
top level roots will never have a parent to walk up to, this oddity
opportunistically reported the core issue:
WARNING: CPU: 8 PID: 0 at kernel/time/timer_migration.c:543 tmigr_requires_handle_remote
CPU: 8 UID: 0 PID: 0 Comm: swapper/8
RIP: 0010:tmigr_requires_handle_remote
Call Trace:
<IRQ>
? tmigr_requires_handle_remote
? hrtimer_run_queues
update_process_times
tick_periodic
tick_handle_periodic
__sysvec_apic_timer_interrupt
sysvec_apic_timer_interrupt
</IRQ>
Fix the problem by taking the old root into account in the children count
of the new root so the connection is not omitted.
Also warn when more than one top level group exists to better detect
similar issues in the future.
Fixes: b729cc1ec21a ("timers/migration: Fix another race between hotplug and idle entry/exit")
Reported-by: Matt Fleming <mfleming(a)cloudflare.com>
Signed-off-by: Frederic Weisbecker <frederic(a)kernel.org>
Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de>
Cc: stable(a)vger.kernel.org
Link: https://lore.kernel.org/all/20250205160220.39467-1-frederic@kernel.org
---
kernel/time/timer_migration.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/kernel/time/timer_migration.c b/kernel/time/timer_migration.c
index 9cb9b65..2f63308 100644
--- a/kernel/time/timer_migration.c
+++ b/kernel/time/timer_migration.c
@@ -1675,6 +1675,9 @@ static int tmigr_setup_groups(unsigned int cpu, unsigned int node)
} while (i < tmigr_hierarchy_levels);
+ /* Assert single root */
+ WARN_ON_ONCE(!err && !group->parent && !list_is_singular(&tmigr_level_list[top]));
+
while (i > 0) {
group = stack[--i];
@@ -1716,7 +1719,12 @@ static int tmigr_setup_groups(unsigned int cpu, unsigned int node)
WARN_ON_ONCE(top == 0);
lvllist = &tmigr_level_list[top];
- if (group->num_children == 1 && list_is_singular(lvllist)) {
+
+ /*
+ * Newly created root level should have accounted the upcoming
+ * CPU's child group and pre-accounted the old root.
+ */
+ if (group->num_children == 2 && list_is_singular(lvllist)) {
/*
* The target CPU must never do the prepare work, except
* on early boot when the boot CPU is the target. Otherwise
2 months, 3 weeks
- 1
- 0
[PATCH v1 2/2] arm64: dts: qcom: ipq9574: Fix USB vdd info
by Varadarajan Narayanan
USB phys in ipq9574 use the 'L5' regulator. The commit
ec4f047679d5 ("arm64: dts: qcom: ipq9574: Enable USB")
incorrectly specified it as 'L2'. Because of this when the phy
module turns off/on its regulators, 'L2' is turned off/on
resulting in 2 issues, namely 'L5' is not turned off/on and the
network module powered by the 'L2' is turned off/on.
Cc: stable(a)vger.kernel.org
Fixes: ec4f047679d5 ("arm64: dts: qcom: ipq9574: Enable USB")
Signed-off-by: Varadarajan Narayanan <quic_varada(a)quicinc.com>
---
arch/arm64/boot/dts/qcom/ipq9574-rdp-common.dtsi | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/arch/arm64/boot/dts/qcom/ipq9574-rdp-common.dtsi b/arch/arm64/boot/dts/qcom/ipq9574-rdp-common.dtsi
index ae12f069f26f..b24b795873d4 100644
--- a/arch/arm64/boot/dts/qcom/ipq9574-rdp-common.dtsi
+++ b/arch/arm64/boot/dts/qcom/ipq9574-rdp-common.dtsi
@@ -111,6 +111,13 @@ mp5496_l2: l2 {
regulator-always-on;
regulator-boot-on;
};
+
+ mp5496_l5: l5 {
+ regulator-min-microvolt = <1800000>;
+ regulator-max-microvolt = <1800000>;
+ regulator-always-on;
+ regulator-boot-on;
+ };
};
};
@@ -146,7 +153,7 @@ &usb_0_dwc3 {
};
&usb_0_qmpphy {
- vdda-pll-supply = <&mp5496_l2>;
+ vdda-pll-supply = <&mp5496_l5>;
vdda-phy-supply = <®ulator_fixed_0p925>;
status = "okay";
@@ -154,7 +161,7 @@ &usb_0_qmpphy {
&usb_0_qusbphy {
vdd-supply = <®ulator_fixed_0p925>;
- vdda-pll-supply = <&mp5496_l2>;
+ vdda-pll-supply = <&mp5496_l5>;
vdda-phy-dpdm-supply = <®ulator_fixed_3p3>;
status = "okay";
--
2.34.1
2 months, 3 weeks
- 2
- 2
[PATCH net] rtnetlink: fix netns leak with rtnl_setlink()
by Nicolas Dichtel
A call to rtnl_nets_destroy() is needed to release references taken on
netns put in rtnl_nets.
CC: stable(a)vger.kernel.org
Fixes: 636af13f213b ("rtnetlink: Register rtnl_dellink() and rtnl_setlink() with RTNL_FLAG_DOIT_PERNET_WIP.")
Signed-off-by: Nicolas Dichtel <nicolas.dichtel(a)6wind.com>
---
net/core/rtnetlink.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
index 1f4d4b5570ab..d1e559fce918 100644
--- a/net/core/rtnetlink.c
+++ b/net/core/rtnetlink.c
@@ -3432,6 +3432,7 @@ static int rtnl_setlink(struct sk_buff *skb, struct nlmsghdr *nlh,
err = -ENODEV;
rtnl_nets_unlock(&rtnl_nets);
+ rtnl_nets_destroy(&rtnl_nets);
errout:
return err;
}
--
2.47.1
2 months, 3 weeks
- 3
- 2
[PATCH] x86: rust: set rustc-abi=x86-softfloat on rustc>=1.86.0
by Alice Ryhl
When using Rust on the x86 architecture, we are currently using the
unstable target.json feature to specify the compilation target. Rustc is
going to change how softfloat is specified in the target.json file on
x86, thus update generate_rust_target.rs to specify softfloat using the
new option.
Note that if you enable this parameter with a compiler that does not
recognize it, then that triggers a warning but it does not break the
build.
Cc: stable(a)vger.kernel.org # for 6.12.y
Link: https://github.com/rust-lang/rust/pull/136146
Signed-off-by: Alice Ryhl <aliceryhl(a)google.com>
---
scripts/generate_rust_target.rs | 18 ++++++++++++++++++
1 file changed, 18 insertions(+)
diff --git a/scripts/generate_rust_target.rs b/scripts/generate_rust_target.rs
index 0d00ac3723b5..4fd6b6ab3e32 100644
--- a/scripts/generate_rust_target.rs
+++ b/scripts/generate_rust_target.rs
@@ -165,6 +165,18 @@ fn has(&self, option: &str) -> bool {
let option = "CONFIG_".to_owned() + option;
self.0.contains_key(&option)
}
+
+ /// Is the rustc version at least `major.minor.patch`?
+ fn rustc_version_atleast(&self, major: u32, minor: u32, patch: u32) -> bool {
+ let check_version = 100000 * major + 100 * minor + patch;
+ let actual_version = self
+ .0
+ .get("CONFIG_RUSTC_VERSION")
+ .unwrap()
+ .parse::<u32>()
+ .unwrap();
+ check_version <= actual_version
+ }
}
fn main() {
@@ -182,6 +194,9 @@ fn main() {
}
} else if cfg.has("X86_64") {
ts.push("arch", "x86_64");
+ if cfg.rustc_version_atleast(1, 86, 0) {
+ ts.push("rustc-abi", "x86-softfloat");
+ }
ts.push(
"data-layout",
"e-m:e-p270:32:32-p271:32:32-p272:64:64-i64:64-i128:128-f80:128-n8:16:32:64-S128",
@@ -215,6 +230,9 @@ fn main() {
panic!("32-bit x86 only works under UML");
}
ts.push("arch", "x86");
+ if cfg.rustc_version_atleast(1, 86, 0) {
+ ts.push("rustc-abi", "x86-softfloat");
+ }
ts.push(
"data-layout",
"e-m:e-p:32:32-p270:32:32-p271:32:32-p272:64:64-i128:128-f64:32:64-f80:32-n8:16:32-S128",
---
base-commit: 40384c840ea1944d7c5a392e8975ed088ecf0b37
change-id: 20250203-rustc-1-86-x86-softfloat-0b973054c4bc
Best regards,
--
Alice Ryhl <aliceryhl(a)google.com>
2 months, 3 weeks
- 3
- 6
[PATCH] arm64: tegra: delete the Orin NX/Nano suspend key
by Ivy Huang
From: Ninad Malwade <nmalwade(a)nvidia.com>
As per the Orin Nano Dev Kit schematic, GPIO_G.02 is not available
on this device family. It should not be used at all on Orin NX/Nano.
Having this unused pin mapped as the suspend key can lead to
unpredictable behavior for low power modes.
Orin NX/Nano uses GPIO_EE.04 as both a "power" button and a "suspend"
button. However, we cannot have two gpio-keys mapped to the same
GPIO. Therefore delete the "suspend" key.
Cc: stable(a)vger.kernel.org
Fixes: e63472eda5ea ("arm64: tegra: Support Jetson Orin NX reference platform")
Signed-off-by: Ninad Malwade <nmalwade(a)nvidia.com>
Signed-off-by: Ivy Huang <yijuh(a)nvidia.com>
---
arch/arm64/boot/dts/nvidia/tegra234-p3768-0000+p3767.dtsi | 7 -------
1 file changed, 7 deletions(-)
diff --git a/arch/arm64/boot/dts/nvidia/tegra234-p3768-0000+p3767.dtsi b/arch/arm64/boot/dts/nvidia/tegra234-p3768-0000+p3767.dtsi
index 19340d13f789..41821354bbda 100644
--- a/arch/arm64/boot/dts/nvidia/tegra234-p3768-0000+p3767.dtsi
+++ b/arch/arm64/boot/dts/nvidia/tegra234-p3768-0000+p3767.dtsi
@@ -227,13 +227,6 @@
wakeup-event-action = <EV_ACT_ASSERTED>;
wakeup-source;
};
-
- key-suspend {
- label = "Suspend";
- gpios = <&gpio TEGRA234_MAIN_GPIO(G, 2) GPIO_ACTIVE_LOW>;
- linux,input-type = <EV_KEY>;
- linux,code = <KEY_SLEEP>;
- };
};
fan: pwm-fan {
--
2.17.1
2 months, 3 weeks
- 1
- 0
[PATCH v3 1/2] seccomp: passthrough uretprobe systemcall without filtering
by Eyal Birger
When attaching uretprobes to processes running inside docker, the attached
process is segfaulted when encountering the retprobe.
The reason is that now that uretprobe is a system call the default seccomp
filters in docker block it as they only allow a specific set of known
syscalls. This is true for other userspace applications which use seccomp
to control their syscall surface.
Since uretprobe is a "kernel implementation detail" system call which is
not used by userspace application code directly, it is impractical and
there's very little point in forcing all userspace applications to
explicitly allow it in order to avoid crashing tracked processes.
Pass this systemcall through seccomp without depending on configuration.
Note: uretprobe isn't supported in i386 and __NR_ia32_rt_tgsigqueueinfo
uses the same number as __NR_uretprobe so the syscall isn't forced in the
compat bitmap.
Fixes: ff474a78cef5 ("uprobe: Add uretprobe syscall to speed up return probe")
Reported-by: Rafael Buchbinder <rafi(a)rbk.io>
Link: https://lore.kernel.org/lkml/CAHsH6Gs3Eh8DFU0wq58c_LF8A4_+o6z456J7BidmcVY2A…
Link: https://lore.kernel.org/lkml/20250121182939.33d05470@gandalf.local.home/T/#…
Link: https://lore.kernel.org/lkml/20250128145806.1849977-1-eyal.birger@gmail.com/
Cc: stable(a)vger.kernel.org
Signed-off-by: Eyal Birger <eyal.birger(a)gmail.com>
---
v3: no change - deferring 32bit compat handling as there aren't plans to
support this syscall in compat mode.
v2: use action_cache bitmap and mode1 array to check the syscall
---
kernel/seccomp.c | 24 +++++++++++++++++++++---
1 file changed, 21 insertions(+), 3 deletions(-)
diff --git a/kernel/seccomp.c b/kernel/seccomp.c
index f59381c4a2ff..09b6f8e6db51 100644
--- a/kernel/seccomp.c
+++ b/kernel/seccomp.c
@@ -734,13 +734,13 @@ seccomp_prepare_user_filter(const char __user *user_filter)
#ifdef SECCOMP_ARCH_NATIVE
/**
- * seccomp_is_const_allow - check if filter is constant allow with given data
+ * seccomp_is_filter_const_allow - check if filter is constant allow with given data
* @fprog: The BPF programs
* @sd: The seccomp data to check against, only syscall number and arch
* number are considered constant.
*/
-static bool seccomp_is_const_allow(struct sock_fprog_kern *fprog,
- struct seccomp_data *sd)
+static bool seccomp_is_filter_const_allow(struct sock_fprog_kern *fprog,
+ struct seccomp_data *sd)
{
unsigned int reg_value = 0;
unsigned int pc;
@@ -812,6 +812,21 @@ static bool seccomp_is_const_allow(struct sock_fprog_kern *fprog,
return false;
}
+static bool seccomp_is_const_allow(struct sock_fprog_kern *fprog,
+ struct seccomp_data *sd)
+{
+#ifdef __NR_uretprobe
+ if (sd->nr == __NR_uretprobe
+#ifdef SECCOMP_ARCH_COMPAT
+ && sd->arch != SECCOMP_ARCH_COMPAT
+#endif
+ )
+ return true;
+#endif
+
+ return seccomp_is_filter_const_allow(fprog, sd);
+}
+
static void seccomp_cache_prepare_bitmap(struct seccomp_filter *sfilter,
void *bitmap, const void *bitmap_prev,
size_t bitmap_size, int arch)
@@ -1023,6 +1038,9 @@ static inline void seccomp_log(unsigned long syscall, long signr, u32 action,
*/
static const int mode1_syscalls[] = {
__NR_seccomp_read, __NR_seccomp_write, __NR_seccomp_exit, __NR_seccomp_sigreturn,
+#ifdef __NR_uretprobe
+ __NR_uretprobe,
+#endif
-1, /* negative terminated */
};
--
2.43.0
2 months, 3 weeks
- 2
- 1
[PATCH] tpm: do not start chip while suspended
by Thadeu Lima de Souza Cascardo
tpm_chip_start may issue IO that should not be done while the chip is
suspended. In the particular case of I2C, it will issue the following
warning:
[35985.503769] ------------[ cut here ]------------
[35985.503771] i2c i2c-1: Transfer while suspended
[35985.503796] WARNING: CPU: 0 PID: 74 at drivers/i2c/i2c-core.h:56 __i2c_transfer+0xbe/0x810
[35985.503802] Modules linked in:
[35985.503808] CPU: 0 UID: 0 PID: 74 Comm: hwrng Tainted: G W 6.13.0-next-20250203-00005-gfa0cb5642941 #19 9c3d7f78192f2d38e32010ac9c90fdc71109ef6f
[35985.503814] Tainted: [W]=WARN
[35985.503817] Hardware name: Google Morphius/Morphius, BIOS Google_Morphius.13434.858.0 10/26/2023
[35985.503819] RIP: 0010:__i2c_transfer+0xbe/0x810
[35985.503825] Code: 30 01 00 00 4c 89 f7 e8 40 fe d8 ff 48 8b 93 80 01 00 00 48 85 d2 75 03 49 8b 16 48 c7 c7 0a fb 7c a7 48 89 c6 e8 32 ad b0 fe <0f> 0b b8 94 ff ff ff e9 33 04 00 00 be 02 00 00 00 83 fd 02 0f 5
[35985.503828] RSP: 0018:ffffa106c0333d30 EFLAGS: 00010246
[35985.503833] RAX: 074ba64aa20f7000 RBX: ffff8aa4c1167120 RCX: 0000000000000000
[35985.503836] RDX: 0000000000000000 RSI: ffffffffa77ab0e4 RDI: 0000000000000001
[35985.503838] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000
[35985.503841] R10: 0000000000000004 R11: 00000001000313d5 R12: ffff8aa4c10f1820
[35985.503843] R13: ffff8aa4c0e243c0 R14: ffff8aa4c1167250 R15: ffff8aa4c1167120
[35985.503846] FS: 0000000000000000(0000) GS:ffff8aa4eae00000(0000) knlGS:0000000000000000
[35985.503849] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[35985.503852] CR2: 00007fab0aaf1000 CR3: 0000000105328000 CR4: 00000000003506f0
[35985.503855] Call Trace:
[35985.503859] <TASK>
[35985.503863] ? __warn+0xd4/0x260
[35985.503868] ? __i2c_transfer+0xbe/0x810
[35985.503874] ? report_bug+0xf3/0x210
[35985.503882] ? handle_bug+0x63/0xb0
[35985.503887] ? exc_invalid_op+0x16/0x50
[35985.503892] ? asm_exc_invalid_op+0x16/0x20
[35985.503904] ? __i2c_transfer+0xbe/0x810
[35985.503913] tpm_cr50_i2c_transfer_message+0x24/0xf0
[35985.503920] tpm_cr50_i2c_read+0x8e/0x120
[35985.503928] tpm_cr50_request_locality+0x75/0x170
[35985.503935] tpm_chip_start+0x116/0x160
[35985.503942] tpm_try_get_ops+0x57/0x90
[35985.503948] tpm_find_get_ops+0x26/0xd0
[35985.503955] tpm_get_random+0x2d/0x80
[35985.503960] hwrng_fillfn+0x13b/0x2e0
[35985.503964] ? __cfi_hwrng_fillfn+0x10/0x10
[35985.503969] kthread+0x23d/0x250
[35985.503974] ? srso_return_thunk+0x5/0x5f
[35985.503979] ? lockdep_hardirqs_on+0x95/0x150
[35985.503985] ? __cfi_kthread+0x10/0x10
[35985.503989] ret_from_fork+0x44/0x50
[35985.503994] ? __cfi_kthread+0x10/0x10
[35985.503998] ret_from_fork_asm+0x11/0x20
[35985.504013] </TASK>
[35985.504015] irq event stamp: 107462
[35985.504017] hardirqs last enabled at (107461): [<ffffffffa6b82d41>] _raw_spin_unlock_irqrestore+0x31/0x60
[35985.504022] hardirqs last disabled at (107462): [<ffffffffa6b77309>] __schedule+0x159/0x16f0
[35985.504027] softirqs last enabled at (104760): [<ffffffffa4f62ef5>] __irq_exit_rcu+0x75/0x160
[35985.504032] softirqs last disabled at (104755): [<ffffffffa4f62ef5>] __irq_exit_rcu+0x75/0x160
[35985.504036] ---[ end trace 0000000000000000 ]---
[35985.504126] tpm tpm0: i2c transfer failed (attempt 2/3): -108
[35985.504207] tpm tpm0: i2c transfer failed (attempt 3/3): -108
[35985.504395] tpm tpm0: i2c transfer failed (attempt 2/3): -108
[35985.504474] tpm tpm0: i2c transfer failed (attempt 3/3): -108
Test for the suspended flag inside tpm_try_get_ops while holding the chip
tpm_mutex before calling tpm_chip_start. That will also prevent
tpm_get_random from doing IO while the TPM is suspended.
Fixes: 9265fed6db60 ("tpm: Lock TPM chip in tpm_pm_suspend() first")
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>
Cc: stable(a)vger.kernel.org
Cc: Jerry Snitselaar <jsnitsel(a)redhat.com>
Cc: Mike Seo <mikeseohyungjin(a)gmail.com>
Cc: Jarkko Sakkinen <jarkko(a)kernel.org>
---
drivers/char/tpm/tpm-chip.c | 5 +++++
drivers/char/tpm/tpm-interface.c | 8 +-------
2 files changed, 6 insertions(+), 7 deletions(-)
diff --git a/drivers/char/tpm/tpm-chip.c b/drivers/char/tpm/tpm-chip.c
index 7df7abaf3e526bf7e85ac9dfbaa1087a51d2ab7e..6db864696a583bf59c534ec8714900a6be7b5156 100644
--- a/drivers/char/tpm/tpm-chip.c
+++ b/drivers/char/tpm/tpm-chip.c
@@ -168,6 +168,11 @@ int tpm_try_get_ops(struct tpm_chip *chip)
goto out_ops;
mutex_lock(&chip->tpm_mutex);
+
+ /* tmp_chip_start may issue IO that is denied while suspended */
+ if (chip->flags & TPM_CHIP_FLAG_SUSPENDED)
+ goto out_lock;
+
rc = tpm_chip_start(chip);
if (rc)
goto out_lock;
diff --git a/drivers/char/tpm/tpm-interface.c b/drivers/char/tpm/tpm-interface.c
index b1daa0d7b341b1a4c71a200115f0d29d2e87512d..e6d786ce4e36970428b75d288a066e832c5b2af1 100644
--- a/drivers/char/tpm/tpm-interface.c
+++ b/drivers/char/tpm/tpm-interface.c
@@ -441,22 +441,16 @@ int tpm_get_random(struct tpm_chip *chip, u8 *out, size_t max)
if (!out || max > TPM_MAX_RNG_DATA)
return -EINVAL;
+ /* NULL will be returned if chip is suspended */
chip = tpm_find_get_ops(chip);
if (!chip)
return -ENODEV;
- /* Give back zero bytes, as TPM chip has not yet fully resumed: */
- if (chip->flags & TPM_CHIP_FLAG_SUSPENDED) {
- rc = 0;
- goto out;
- }
-
if (chip->flags & TPM_CHIP_FLAG_TPM2)
rc = tpm2_get_random(chip, out, max);
else
rc = tpm1_get_random(chip, out, max);
-out:
tpm_put_ops(chip);
return rc;
}
---
base-commit: 2014c95afecee3e76ca4a56956a936e23283f05b
change-id: 20250205-tpm-suspend-b22f745f3124
Best regards,
--
Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>
2 months, 3 weeks
- 2
- 1
[PATCH v2 0/2] ASoC: SOF: Correct sps->stream and cstream nullity management
by Peter Ujfalusi
Hi,
Changes since v1:
- fix the SHA of the Fixes tag
The Nullity of sps->cstream needs to be checked in sof_ipc_msg_data() and not
assume that it is not NULL.
The sps->stream must be cleared to NULL on close since this is used as a check
to see if we have active PCM stream.
Regards,
Peter
---
Peter Ujfalusi (2):
ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data()
ASoC: SOF: pcm: Clear the susbstream pointer to NULL on close
sound/soc/sof/pcm.c | 2 ++
sound/soc/sof/stream-ipc.c | 6 +++++-
2 files changed, 7 insertions(+), 1 deletion(-)
--
2.48.1
2 months, 3 weeks
- 2
- 3
[PATCH 0/2] ASoC: SOF: Correct sps->stream and cstream nullity management
by Peter Ujfalusi
Hi,
The Nullity of sps->cstream needs to be checked in sof_ipc_msg_data() and not
assume that it is not NULL.
The sps->stream must be cleared to NULL on close since this is used as a check
to see if we have active PCM stream.
Regards,
Peter
---
Peter Ujfalusi (2):
ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data()
ASoC: SOF: pcm: Clear the susbstream pointer to NULL on close
sound/soc/sof/pcm.c | 2 ++
sound/soc/sof/stream-ipc.c | 6 +++++-
2 files changed, 7 insertions(+), 1 deletion(-)
--
2.47.1
2 months, 3 weeks
- 2
- 5
[PATCH v2 0/2] ASoC: SOF: Correct sps->stream and cstream nullity management
by Peter Ujfalusi
Hi,
Changes since v1:
- Cc stable
The nullity of sps->cstream needs to be checked in sof_ipc_msg_data()
and not assume that it is not NULL.
The sps->stream must be cleared to NULL on close since this is used
as a check to see if we have active PCM stream.
Regards,
Peter
---
Peter Ujfalusi (2):
ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data()
ASoC: SOF: pcm: Clear the susbstream pointer to NULL on close
sound/soc/sof/pcm.c | 2 ++
sound/soc/sof/stream-ipc.c | 6 +++++-
2 files changed, 7 insertions(+), 1 deletion(-)
--
2.47.0
2 months, 3 weeks
- 2
- 4
Re: [PATCH 6.13 000/619] 6.13.2-rc2 review
by Ronald Warsow
Hi Greg
no regressions here on x86_64 (RKL, Intel 11th Gen. CPU)
Thanks
Tested-by: Ronald Warsow <rwarsow(a)gmx.de>
2 months, 3 weeks
- 1
- 0
[PATCH v2] arm64: Handle .ARM.attributes section in linker scripts
by Nathan Chancellor
A recent LLVM commit [1] started generating an .ARM.attributes section
similar to the one that exists for 32-bit, which results in orphan
section warnings (or errors if CONFIG_WERROR is enabled) from the linker
because it is not handled in the arm64 linker scripts.
ld.lld: error: arch/arm64/kernel/vdso/vgettimeofday.o:(.ARM.attributes) is being placed in '.ARM.attributes'
ld.lld: error: arch/arm64/kernel/vdso/vgetrandom.o:(.ARM.attributes) is being placed in '.ARM.attributes'
ld.lld: error: vmlinux.a(lib/vsprintf.o):(.ARM.attributes) is being placed in '.ARM.attributes'
ld.lld: error: vmlinux.a(lib/win_minmax.o):(.ARM.attributes) is being placed in '.ARM.attributes'
ld.lld: error: vmlinux.a(lib/xarray.o):(.ARM.attributes) is being placed in '.ARM.attributes'
Discard the new sections in the necessary linker scripts to resolve the
warnings, as the kernel and vDSO do not need to retain it, similar to
the .note.gnu.property section.
Cc: stable(a)vger.kernel.org
Fixes: b3e5d80d0c48 ("arm64/build: Warn on orphan section placement")
Link: https://github.com/llvm/llvm-project/commit/ee99c4d4845db66c4daa2373352133f… [1]
Signed-off-by: Nathan Chancellor <nathan(a)kernel.org>
---
Changes in v2:
- Discard the section instead of adding it to the final artifacts to
mirror the .note.gnu.property section handling (Will).
- Link to v1: https://lore.kernel.org/r/20250124-arm64-handle-arm-attributes-in-linker-sc…
---
arch/arm64/kernel/vdso/vdso.lds.S | 1 +
arch/arm64/kernel/vmlinux.lds.S | 1 +
2 files changed, 2 insertions(+)
diff --git a/arch/arm64/kernel/vdso/vdso.lds.S b/arch/arm64/kernel/vdso/vdso.lds.S
index 4ec32e86a8da..8095fef66209 100644
--- a/arch/arm64/kernel/vdso/vdso.lds.S
+++ b/arch/arm64/kernel/vdso/vdso.lds.S
@@ -80,6 +80,7 @@ SECTIONS
*(.data .data.* .gnu.linkonce.d.* .sdata*)
*(.bss .sbss .dynbss .dynsbss)
*(.eh_frame .eh_frame_hdr)
+ *(.ARM.attributes)
}
}
diff --git a/arch/arm64/kernel/vmlinux.lds.S b/arch/arm64/kernel/vmlinux.lds.S
index f84c71f04d9e..e73326bd3ff7 100644
--- a/arch/arm64/kernel/vmlinux.lds.S
+++ b/arch/arm64/kernel/vmlinux.lds.S
@@ -162,6 +162,7 @@ SECTIONS
/DISCARD/ : {
*(.interp .dynamic)
*(.dynsym .dynstr .hash .gnu.hash)
+ *(.ARM.attributes)
}
. = KIMAGE_VADDR;
---
base-commit: 1dd3393696efba1598aa7692939bba99d0cffae3
change-id: 20250123-arm64-handle-arm-attributes-in-linker-script-82aee25313ac
Best regards,
--
Nathan Chancellor <nathan(a)kernel.org>
2 months, 3 weeks
- 2
- 4
[PATCH 1/2] smb: client: change lease epoch type from unsigned int to __u16
by meetakshisetiyaoss@gmail.com
From: Meetakshi Setiya <msetiya(a)microsoft.com>
MS-SMB2 section 2.2.13.2.10 specifies that 'epoch' should be a 16-bit
unsigned integer used to track lease state changes. Change the data
type of all instances of 'epoch' from unsigned int to __u16. This
simplifies the epoch change comparisons and makes the code more
compliant with the protocol spec.
Cc: stable(a)vger.kernel.org
Signed-off-by: Meetakshi Setiya <msetiya(a)microsoft.com>
Reviewed-by: Shyam Prasad N <sprasad(a)microsoft.com>
---
fs/smb/client/cifsglob.h | 12 ++++++------
fs/smb/client/smb1ops.c | 2 +-
fs/smb/client/smb2ops.c | 18 +++++++++---------
fs/smb/client/smb2pdu.c | 2 +-
fs/smb/client/smb2proto.h | 2 +-
5 files changed, 18 insertions(+), 18 deletions(-)
diff --git a/fs/smb/client/cifsglob.h b/fs/smb/client/cifsglob.h
index a68434ad744a..2c1b0438fe7d 100644
--- a/fs/smb/client/cifsglob.h
+++ b/fs/smb/client/cifsglob.h
@@ -357,7 +357,7 @@ struct smb_version_operations {
int (*handle_cancelled_mid)(struct mid_q_entry *, struct TCP_Server_Info *);
void (*downgrade_oplock)(struct TCP_Server_Info *server,
struct cifsInodeInfo *cinode, __u32 oplock,
- unsigned int epoch, bool *purge_cache);
+ __u16 epoch, bool *purge_cache);
/* process transaction2 response */
bool (*check_trans2)(struct mid_q_entry *, struct TCP_Server_Info *,
char *, int);
@@ -552,12 +552,12 @@ struct smb_version_operations {
/* if we can do cache read operations */
bool (*is_read_op)(__u32);
/* set oplock level for the inode */
- void (*set_oplock_level)(struct cifsInodeInfo *, __u32, unsigned int,
+ void (*set_oplock_level)(struct cifsInodeInfo *, __u32, __u16,
bool *);
/* create lease context buffer for CREATE request */
char * (*create_lease_buf)(u8 *lease_key, u8 oplock);
/* parse lease context buffer and return oplock/epoch info */
- __u8 (*parse_lease_buf)(void *buf, unsigned int *epoch, char *lkey);
+ __u8 (*parse_lease_buf)(void *buf, __u16 *epoch, char *lkey);
ssize_t (*copychunk_range)(const unsigned int,
struct cifsFileInfo *src_file,
struct cifsFileInfo *target_file,
@@ -1447,7 +1447,7 @@ struct cifs_fid {
__u8 create_guid[16];
__u32 access;
struct cifs_pending_open *pending_open;
- unsigned int epoch;
+ __u16 epoch;
#ifdef CONFIG_CIFS_DEBUG2
__u64 mid;
#endif /* CIFS_DEBUG2 */
@@ -1480,7 +1480,7 @@ struct cifsFileInfo {
bool oplock_break_cancelled:1;
bool status_file_deleted:1; /* file has been deleted */
bool offload:1; /* offload final part of _put to a wq */
- unsigned int oplock_epoch; /* epoch from the lease break */
+ __u16 oplock_epoch; /* epoch from the lease break */
__u32 oplock_level; /* oplock/lease level from the lease break */
int count;
spinlock_t file_info_lock; /* protects four flag/count fields above */
@@ -1577,7 +1577,7 @@ struct cifsInodeInfo {
spinlock_t open_file_lock; /* protects openFileList */
__u32 cifsAttrs; /* e.g. DOS archive bit, sparse, compressed, system */
unsigned int oplock; /* oplock/lease level we have */
- unsigned int epoch; /* used to track lease state changes */
+ __u16 epoch; /* used to track lease state changes */
#define CIFS_INODE_PENDING_OPLOCK_BREAK (0) /* oplock break in progress */
#define CIFS_INODE_PENDING_WRITERS (1) /* Writes in progress */
#define CIFS_INODE_FLAG_UNUSED (2) /* Unused flag */
diff --git a/fs/smb/client/smb1ops.c b/fs/smb/client/smb1ops.c
index 9756b876a75e..d6e2fb669c40 100644
--- a/fs/smb/client/smb1ops.c
+++ b/fs/smb/client/smb1ops.c
@@ -377,7 +377,7 @@ coalesce_t2(char *second_buf, struct smb_hdr *target_hdr)
static void
cifs_downgrade_oplock(struct TCP_Server_Info *server,
struct cifsInodeInfo *cinode, __u32 oplock,
- unsigned int epoch, bool *purge_cache)
+ __u16 epoch, bool *purge_cache)
{
cifs_set_oplock_level(cinode, oplock);
}
diff --git a/fs/smb/client/smb2ops.c b/fs/smb/client/smb2ops.c
index 77309217dab4..ec36bed54b0b 100644
--- a/fs/smb/client/smb2ops.c
+++ b/fs/smb/client/smb2ops.c
@@ -3904,22 +3904,22 @@ static long smb3_fallocate(struct file *file, struct cifs_tcon *tcon, int mode,
static void
smb2_downgrade_oplock(struct TCP_Server_Info *server,
struct cifsInodeInfo *cinode, __u32 oplock,
- unsigned int epoch, bool *purge_cache)
+ __u16 epoch, bool *purge_cache)
{
server->ops->set_oplock_level(cinode, oplock, 0, NULL);
}
static void
smb21_set_oplock_level(struct cifsInodeInfo *cinode, __u32 oplock,
- unsigned int epoch, bool *purge_cache);
+ __u16 epoch, bool *purge_cache);
static void
smb3_downgrade_oplock(struct TCP_Server_Info *server,
struct cifsInodeInfo *cinode, __u32 oplock,
- unsigned int epoch, bool *purge_cache)
+ __u16 epoch, bool *purge_cache)
{
unsigned int old_state = cinode->oplock;
- unsigned int old_epoch = cinode->epoch;
+ __u16 old_epoch = cinode->epoch;
unsigned int new_state;
if (epoch > old_epoch) {
@@ -3939,7 +3939,7 @@ smb3_downgrade_oplock(struct TCP_Server_Info *server,
static void
smb2_set_oplock_level(struct cifsInodeInfo *cinode, __u32 oplock,
- unsigned int epoch, bool *purge_cache)
+ __u16 epoch, bool *purge_cache)
{
oplock &= 0xFF;
cinode->lease_granted = false;
@@ -3963,7 +3963,7 @@ smb2_set_oplock_level(struct cifsInodeInfo *cinode, __u32 oplock,
static void
smb21_set_oplock_level(struct cifsInodeInfo *cinode, __u32 oplock,
- unsigned int epoch, bool *purge_cache)
+ __u16 epoch, bool *purge_cache)
{
char message[5] = {0};
unsigned int new_oplock = 0;
@@ -4000,7 +4000,7 @@ smb21_set_oplock_level(struct cifsInodeInfo *cinode, __u32 oplock,
static void
smb3_set_oplock_level(struct cifsInodeInfo *cinode, __u32 oplock,
- unsigned int epoch, bool *purge_cache)
+ __u16 epoch, bool *purge_cache)
{
unsigned int old_oplock = cinode->oplock;
@@ -4114,7 +4114,7 @@ smb3_create_lease_buf(u8 *lease_key, u8 oplock)
}
static __u8
-smb2_parse_lease_buf(void *buf, unsigned int *epoch, char *lease_key)
+smb2_parse_lease_buf(void *buf, __u16 *epoch, char *lease_key)
{
struct create_lease *lc = (struct create_lease *)buf;
@@ -4125,7 +4125,7 @@ smb2_parse_lease_buf(void *buf, unsigned int *epoch, char *lease_key)
}
static __u8
-smb3_parse_lease_buf(void *buf, unsigned int *epoch, char *lease_key)
+smb3_parse_lease_buf(void *buf, __u16 *epoch, char *lease_key)
{
struct create_lease_v2 *lc = (struct create_lease_v2 *)buf;
diff --git a/fs/smb/client/smb2pdu.c b/fs/smb/client/smb2pdu.c
index 40ad9e79437a..51204ff58bf6 100644
--- a/fs/smb/client/smb2pdu.c
+++ b/fs/smb/client/smb2pdu.c
@@ -2329,7 +2329,7 @@ parse_posix_ctxt(struct create_context *cc, struct smb2_file_all_info *info,
int smb2_parse_contexts(struct TCP_Server_Info *server,
struct kvec *rsp_iov,
- unsigned int *epoch,
+ __u16 *epoch,
char *lease_key, __u8 *oplock,
struct smb2_file_all_info *buf,
struct create_posix_rsp *posix)
diff --git a/fs/smb/client/smb2proto.h b/fs/smb/client/smb2proto.h
index 2336dfb23f36..4662c7e2d259 100644
--- a/fs/smb/client/smb2proto.h
+++ b/fs/smb/client/smb2proto.h
@@ -283,7 +283,7 @@ extern enum securityEnum smb2_select_sectype(struct TCP_Server_Info *,
enum securityEnum);
int smb2_parse_contexts(struct TCP_Server_Info *server,
struct kvec *rsp_iov,
- unsigned int *epoch,
+ __u16 *epoch,
char *lease_key, __u8 *oplock,
struct smb2_file_all_info *buf,
struct create_posix_rsp *posix);
--
2.46.0.46.g406f326d27
2 months, 3 weeks
- 2
- 2
[PATCH] USB: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone
by Mathias Nyman
The fastboot tool for communicating with Android bootloaders does not
work reliably with this device if USB 2 Link Power Management (LPM)
is enabled.
Various fastboot commands are affected, including the
following, which usually reproduces the problem within two tries:
fastboot getvar kernel
getvar:kernel FAILED (remote: 'GetVar Variable Not found')
This issue was hidden on many systems up until commit 63a1f8454962
("xhci: stored cached port capability values in one place") as the xhci
driver failed to detect USB 2 LPM support if USB 3 ports were listed
before USB 2 ports in the "supported protocol capabilities".
Adding the quirk resolves the issue. No drawbacks are expected since
the device uses different USB product IDs outside of fastboot mode, and
since fastboot commands worked before, until LPM was enabled on the
tested system by the aforementioned commit.
Based on a patch from Forest <forestix(a)nom.one> from which most of the
code and commit message is taken.
Cc: stable(a)vger.kernel.org
Reported-by: Forest <forestix(a)nom.one>
Closes: https://lore.kernel.org/hk8umj9lv4l4qguftdq1luqtdrpa1gks5l@sonic.net
Tested-by: Forest <forestix(a)nom.one>
Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com>
---
drivers/usb/core/quirks.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/usb/core/quirks.c b/drivers/usb/core/quirks.c
index 67732c791c93..59ed9768dae1 100644
--- a/drivers/usb/core/quirks.c
+++ b/drivers/usb/core/quirks.c
@@ -435,6 +435,9 @@ static const struct usb_device_id usb_quirk_list[] = {
{ USB_DEVICE(0x0c45, 0x7056), .driver_info =
USB_QUIRK_IGNORE_REMOTE_WAKEUP },
+ /* Sony Xperia XZ1 Compact (lilac) smartphone in fastboot mode */
+ { USB_DEVICE(0x0fce, 0x0dde), .driver_info = USB_QUIRK_NO_LPM },
+
/* Action Semiconductor flash disk */
{ USB_DEVICE(0x10d6, 0x2200), .driver_info =
USB_QUIRK_STRING_FETCH_255 },
--
2.25.1
2 months, 3 weeks
- 1
- 0
[PATCH 6.6 000/393] 6.6.76-rc1 review
by Greg Kroah-Hartman
This is the start of the stable review cycle for the 6.6.76 release.
There are 393 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Fri, 07 Feb 2025 13:43:04 +0000.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.76-rc1…
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
Linux 6.6.76-rc1
Tiezhu Yang <yangtiezhu(a)loongson.cn>
LoongArch: Change 8 to 14 for LOONGARCH_MAX_{BRP,WRP}
Nathan Chancellor <nathan(a)kernel.org>
s390: Add '-std=gnu11' to decompressor and purgatory CFLAGS
Qu Wenruo <wqu(a)suse.com>
btrfs: output the reason for open_ctree() failure
Dan Carpenter <dan.carpenter(a)linaro.org>
media: imx-jpeg: Fix potential error pointer dereference in detach_pm()
Laurentiu Palcu <laurentiu.palcu(a)oss.nxp.com>
staging: media: max96712: fix kernel oops when removing module
Thinh Nguyen <Thinh.Nguyen(a)synopsys.com>
usb: gadget: f_tcm: Don't free command immediately
Calvin Owens <calvin(a)wbinvd.org>
pps: Fix a use-after-free
Laurent Pinchart <laurent.pinchart(a)ideasonboard.com>
media: uvcvideo: Fix double free in error path
Arnaud Pouliquen <arnaud.pouliquen(a)foss.st.com>
remoteproc: core: Fix ida_free call while not allocated
Paolo Abeni <pabeni(a)redhat.com>
mptcp: handle fastopen disconnect correctly
Paolo Abeni <pabeni(a)redhat.com>
mptcp: consolidate suboption status
Kyle Tso <kyletso(a)google.com>
usb: typec: tcpci: Prevent Sink disconnection before vPpsShutdown in SPR PPS
Jos Wang <joswang(a)lenovo.com>
usb: typec: tcpm: set SRC_SEND_CAPABILITIES timeout to PD_T_SENDER_RESPONSE
Kyle Tso <kyletso(a)google.com>
usb: dwc3: core: Defer the probe until USB power supply ready
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
usb: dwc3-am62: Fix an OF node leak in phy_syscon_pll_refclk()
Thinh Nguyen <Thinh.Nguyen(a)synopsys.com>
usb: gadget: f_tcm: Fix Get/SetInterface return value
Sean Rhodes <sean(a)starlabs.systems>
drivers/card_reader/rtsx_usb: Restore interrupt based detection
Michal Pecio <michal.pecio(a)gmail.com>
usb: xhci: Fix NULL pointer dereference on certain command aborts
Nikita Zhandarovich <n.zhandarovich(a)fintech.ru>
net: usb: rtl8150: enable basic endpoint checking
Lianqin Hu <hulianqin(a)vivo.com>
ALSA: usb-audio: Add delay quirk for iBasso DC07 Pro
Ricardo B. Marliere <rbm(a)suse.com>
ktest.pl: Check kernelrelease return in get_version
Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com>
selftests/rseq: Fix handling of glibc without rseq support
Pablo Neira Ayuso <pablo(a)netfilter.org>
netfilter: nf_tables: reject mismatching sum of field_len with set key length
Parth Pancholi <parth.pancholi(a)toradex.com>
kbuild: switch from lz4c to lz4 for compression
Chuck Lever <chuck.lever(a)oracle.com>
Revert "SUNRPC: Reduce thread wake-up rate when receiving large RPC messages"
Chuck Lever <chuck.lever(a)oracle.com>
NFSD: Reset cb_seq_status after NFS4ERR_DELAY
Daniel Lee <chullee(a)google.com>
f2fs: Introduce linear search for dentries
Lin Yujun <linyujun809(a)huawei.com>
hexagon: Fix unbalanced spinlock in die()
Willem de Bruijn <willemb(a)google.com>
hexagon: fix using plain integer as NULL pointer warning in cmpxchg
Masahiro Yamada <masahiroy(a)kernel.org>
kconfig: fix memory leak in sym_warn_unmet_dep()
Sergey Senozhatsky <senozhatsky(a)chromium.org>
kconfig: WERROR unmet symbol dependency
Masahiro Yamada <masahiroy(a)kernel.org>
kconfig: deduplicate code in conf_read_simple()
Masahiro Yamada <masahiroy(a)kernel.org>
kconfig: remove unused code for S_DEF_AUTO in conf_read_simple()
Masahiro Yamada <masahiroy(a)kernel.org>
kconfig: require a space after '#' for valid input
Masahiro Yamada <masahiroy(a)kernel.org>
kconfig: fix file name in warnings when loading KCONFIG_DEFCONFIG_LIST
Pali Rohár <pali(a)kernel.org>
cifs: Fix getting and setting SACLs over SMB1
Pali Rohár <pali(a)kernel.org>
cifs: Validate EAs for WSL reparse points
Jens Axboe <axboe(a)kernel.dk>
io_uring/uring_cmd: use cached cmd_op in io_uring_cmd_sock()
Detlev Casanova <detlev.casanova(a)collabora.com>
ASoC: rockchip: i2s_tdm: Re-add the set_sysclk callback
Palmer Dabbelt <palmer(a)rivosinc.com>
RISC-V: Mark riscv_v_init() as __init
Hongbo Li <lihongbo22(a)huawei.com>
hostfs: fix the host directory parse when mounting.
Nathan Chancellor <nathan(a)kernel.org>
hostfs: Add const qualifier to host_root in hostfs_fill_super()
Al Viro <viro(a)zeniv.linux.org.uk>
hostfs: fix string handling in __dentry_name()
Hongbo Li <lihongbo22(a)huawei.com>
hostfs: convert hostfs to use the new mount API
Masahiro Yamada <masahiroy(a)kernel.org>
genksyms: fix memory leak when the same symbol is read from *.symref file
Masahiro Yamada <masahiroy(a)kernel.org>
genksyms: fix memory leak when the same symbol is added from source
Eric Dumazet <edumazet(a)google.com>
net: hsr: fix fill_frame_info() regression vs VLAN packets
Kory Maincent <kory.maincent(a)bootlin.com>
net: sh_eth: Fix missing rtnl lock in suspend/resume path
Toke Høiland-Jørgensen <toke(a)redhat.com>
net: xdp: Disallow attaching device-bound programs in generic mode
Jon Maloy <jmaloy(a)redhat.com>
tcp: correct handling of extreme memory squeeze
Rafał Miłecki <rafal(a)milecki.pl>
bgmac: reduce max frame size to support just MTU 1500
Michal Luczaj <mhal(a)rbox.co>
vsock: Allow retrying on connect() failure
Michal Luczaj <mhal(a)rbox.co>
vsock: Keep the binding until socket destruction
Neeraj Sanjay Kale <neeraj.sanjaykale(a)nxp.com>
Bluetooth: btnxpuart: Fix glitches seen in dual A2DP streaming
Rafael J. Wysocki <rafael.j.wysocki(a)intel.com>
PM: sleep: core: Synchronize runtime PM status of parents and children
Rafael J. Wysocki <rafael.j.wysocki(a)intel.com>
PM: sleep: Use bool for all 1-bit fields in struct dev_pm_info
Rafael J. Wysocki <rafael.j.wysocki(a)intel.com>
PM: sleep: Restore asynchronous device resume optimization
Howard Chu <howardchu95(a)gmail.com>
perf trace: Fix runtime error of index out of bounds
Kunihiko Hayashi <hayashi.kunihiko(a)socionext.com>
net: stmmac: Limit FIFO size by hardware capability
Kunihiko Hayashi <hayashi.kunihiko(a)socionext.com>
net: stmmac: Limit the number of MTL queues to hardware capability
Thomas Weißschuh <linux(a)weissschuh.net>
ptp: Properly handle compat ioctls
Chenyuan Yang <chenyuan0y(a)gmail.com>
net: davicom: fix UAF in dm9000_drv_remove
Shigeru Yoshida <syoshida(a)redhat.com>
vxlan: Fix uninit-value in vxlan_vnifilter_dump()
Jakub Kicinski <kuba(a)kernel.org>
net: netdevsim: try to close UDP port harness races
Eric Dumazet <edumazet(a)google.com>
net: rose: fix timer races against user threads
Michal Swiatkowski <michal.swiatkowski(a)linux.intel.com>
iavf: allow changing VLAN state without calling PF
Wentao Liang <vulab(a)iscas.ac.cn>
PM: hibernate: Add error handling for syscore_suspend()
Eric Dumazet <edumazet(a)google.com>
ipmr: do not call mr_mfc_uses_dev() for unres entries
Dheeraj Reddy Jonnalagadda <dheeraj.linuxdev(a)gmail.com>
net: fec: implement TSO descriptor cleanup
Ahmad Fatoum <a.fatoum(a)pengutronix.de>
gpio: mxc: remove dead code after switch to DT-only
Jian Shen <shenjian15(a)huawei.com>
net: hns3: fix oops when unload drivers paralleling
Alexander Stein <alexander.stein(a)ew.tq-group.com>
regulator: core: Add missing newline character
pangliyuan <pangliyuan1(a)huawei.com>
ubifs: skip dumping tnc tree when zroot is null
Ming Wang <wangming01(a)loongson.cn>
rtc: loongson: clear TOY_MATCH0_REG in loongson_rtc_isr()
Oleksij Rempel <o.rempel(a)pengutronix.de>
rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read
Alexandre Cassen <acassen(a)corp.free.fr>
xfrm: delete intermediate secpath entry in packet offload mode
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
dmaengine: ti: edma: fix OF node reference leaks in edma_driver
Jianbo Liu <jianbol(a)nvidia.com>
xfrm: replay: Fix the update of replay_esn->oseq_hi for GSO
Luo Yifan <luoyifan(a)cmss.chinamobile.com>
tools/bootconfig: Fix the wrong format specifier
Huacai Chen <chenhuacai(a)kernel.org>
LoongArch: Fix warnings during S3 suspend
Olga Kornievskaia <okorniev(a)redhat.com>
NFSv4.2: mark OFFLOAD_CANCEL MOVEABLE
Olga Kornievskaia <okorniev(a)redhat.com>
NFSv4.2: fix COPY_NOTIFY xdr buf size calculation
John Ogness <john.ogness(a)linutronix.de>
serial: 8250: Adjust the timeout for FIFO mode
Zijun Hu <quic_zijuhu(a)quicinc.com>
driver core: class: Fix wild pointer dereferences in API class_dev_iter_next()
Sebastian Andrzej Siewior <bigeasy(a)linutronix.de>
module: Extend the preempt disabled section in dereference_symbol_descriptor().
Ryusuke Konishi <konishi.ryusuke(a)gmail.com>
nilfs2: protect access to buffers with no active references
Matthew Wilcox (Oracle) <willy(a)infradead.org>
nilfs2: convert nilfs_lookup_dirty_data_buffers to use folio_create_empty_buffers
Matthew Wilcox (Oracle) <willy(a)infradead.org>
buffer: make folio_create_empty_buffers() return a buffer_head
Su Yue <glass.su(a)suse.com>
ocfs2: mark dquot as inactive if failed to start trans while releasing dquot
Guixin Liu <kanie(a)linux.alibaba.com>
scsi: ufs: bsg: Delete bsg_dev when setting up bsg fails
Paul Menzel <pmenzel(a)molgen.mpg.de>
scsi: mpt3sas: Set ioc->manu_pg11.EEDPTagMode directly to 1
Manivannan Sadhasivam <mani(a)kernel.org>
PCI: endpoint: pci-epf-test: Fix check for DMA MEMCPY test
Mohamed Khalfella <khalfella(a)gmail.com>
PCI: endpoint: pci-epf-test: Set dma_chan_rx pointer to NULL on error
Richard Zhu <hongxing.zhu(a)nxp.com>
PCI: imx6: Skip controller_id generation logic for i.MX7D
Frank Li <Frank.Li(a)nxp.com>
PCI: imx6: Simplify clock handling by using clk_bulk*() function
King Dix <kingdix10(a)qq.com>
PCI: rcar-ep: Fix incorrect variable used when calling devm_request_mem_region()
Desnes Nunes <desnesn(a)redhat.com>
media: dvb-usb-v2: af9035: fix ISO C90 compilation error on af9035_i2c_master_xfer
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
staging: media: imx: fix OF node leak in imx_media_add_of_subdevs()
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
watchdog: rti_wdt: Fix an OF node leak in rti_wdt_probe()
Laurentiu Palcu <laurentiu.palcu(a)oss.nxp.com>
media: nxp: imx8-isi: fix v4l2-compliance test errors
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
mtd: hyperbus: hbmc-am654: fix an OF node reference leak
Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de>
mtd: hyperbus: hbmc-am654: Convert to platform remove callback returning void
david regan <dregan(a)broadcom.com>
mtd: rawnand: brcmnand: fix status read of brcmnand_waitfunc
Ricardo Ribalda <ribalda(a)chromium.org>
media: uvcvideo: Propagate buf->error to userspace
Jiasheng Jiang <jiashengjiangcool(a)gmail.com>
media: camif-core: Add check for clk_enable()
Jiasheng Jiang <jiashengjiangcool(a)gmail.com>
media: mipi-csis: Add check for clk_enable()
Dave Stevenson <dave.stevenson(a)raspberrypi.com>
media: i2c: ov9282: Correct the exposure offset
Luca Weiss <luca.weiss(a)fairphone.com>
media: i2c: imx412: Add missing newline to prints
Dave Stevenson <dave.stevenson(a)raspberrypi.com>
media: i2c: imx290: Register 0x3011 varies between imx327 and imx290
Jiasheng Jiang <jiashengjiangcool(a)gmail.com>
media: marvell: Add check for clk_enable()
Zijun Hu <quic_zijuhu(a)quicinc.com>
PCI: endpoint: Destroy the EPC device in devm_pci_epc_destroy()
Chen Ni <nichen(a)iscas.ac.cn>
media: lmedm04: Handle errors for lme2510_int_read
Oliver Neukum <oneukum(a)suse.com>
media: rc: iguanair: handle timeouts
Mark Brown <broonie(a)kernel.org>
spi: omap2-mcspi: Correctly handle devm_clk_get_optional() errors
Qasim Ijaz <qasdev00(a)gmail.com>
iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index()
Zhu Yanjun <yanjun.zhu(a)linux.dev>
RDMA/rxe: Fix the warning "__rxe_cleanup+0x12c/0x170 [rdma_rxe]"
Randy Dunlap <rdunlap(a)infradead.org>
efi: sysfb_efi: fix W=1 warnings when EFI is not set
Zijun Hu <quic_zijuhu(a)quicinc.com>
of: reserved-memory: Do not make kmemleak ignore freed address
Michael Guralnik <michaelgur(a)nvidia.com>
RDMA/mlx5: Fix indirect mkey ODP page count
Pei Xiao <xiaopei01(a)kylinos.cn>
i3c: dw: Fix use-after-free in dw_i3c_master driver due to race condition
Billy Tsai <billy_tsai(a)aspeedtech.com>
i3c: dw: Add hot-join support.
Akhil R <akhilrajeev(a)nvidia.com>
arm64: tegra: Fix DMA ID for SPI2
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
fbdev: omapfb: Fix an OF node leak in dss_of_port_get_parent_device()
Rafał Miłecki <rafal(a)milecki.pl>
ARM: dts: mediatek: mt7623: fix IR nodename
Vladimir Zapolskiy <vladimir.zapolskiy(a)linaro.org>
arm64: dts: qcom: sm8250: Fix interrupt types of camss interrupts
Vladimir Zapolskiy <vladimir.zapolskiy(a)linaro.org>
arm64: dts: qcom: sdm845: Fix interrupt types of camss interrupts
Val Packett <val(a)packett.cool>
arm64: dts: mediatek: add per-SoC compatibles for keypad nodes
Jason-JH.Lin <jason-jh.lin(a)mediatek.com>
dts: arm64: mediatek: mt8195: Remove MT8183 compatible for OVL
Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com>
arm64: dts: qcom: sc8280xp: Fix up remoteproc register space sizes
Neil Armstrong <neil.armstrong(a)linaro.org>
arm64: dts: qcom: sm8150-microsoft-surface-duo: fix typos in da7280 properties
Neil Armstrong <neil.armstrong(a)linaro.org>
arm64: dts: qcom: sc7180: fix psci power domain node names
Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org>
arm64: dts: qcom: sc7180: change labels to lower-case
David Wronek <davidwronek(a)gmail.com>
arm64: dts: qcom: Add SM7125 device tree
Neil Armstrong <neil.armstrong(a)linaro.org>
arm64: dts: qcom: sc7180-trogdor-pompom: rename 5v-choke thermal zone
Konrad Dybcio <konrad.dybcio(a)linaro.org>
arm64: dts: qcom: sc7180-*: Remove thermal zone polling delays
Neil Armstrong <neil.armstrong(a)linaro.org>
arm64: dts: qcom: sc7180-trogdor-quackingstick: add missing avee-supply
Neil Armstrong <neil.armstrong(a)linaro.org>
arm64: dts: qcom: sdm845-db845c-navigation-mezzanine: remove disabled ov7251 camera
Bryan O'Donoghue <bryan.odonoghue(a)linaro.org>
arm64: dts: qcom: sdm845-db845c-navigation-mezzanine: Convert mezzanine riser to dtso
Aaro Koskinen <aaro.koskinen(a)iki.fi>
ARM: omap1: Fix up the Retu IRQ on Nokia 770
Kalesh AP <kalesh-anakkur.purayil(a)broadcom.com>
RDMA/bnxt_re: Fix to drop reference to the mmap entry in case of error
Vasily Khoruzhick <anarsoul(a)gmail.com>
arm64: dts: allwinner: a64: explicitly assign clock parent for TCON0
Bryan Brattlof <bb(a)ti.com>
arm64: dts: ti: k3-am62a: Remove duplicate GICR reg
Bryan Brattlof <bb(a)ti.com>
arm64: dts: ti: k3-am62: Remove duplicate GICR reg
Cristian Birsan <cristian.birsan(a)microchip.com>
ARM: dts: microchip: sama5d27_wlsom1_ek: Add no-1-8-v property to sdmmc0 node
Mihai Sain <mihai.sain(a)microchip.com>
ARM: dts: microchip: sama5d27_wlsom1_ek: Remove mmc-ddr-3_3v property from sdmmc0 node
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: sm8450: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: sm8350: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: sm8250: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: sm6375: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: sm6125: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: sm4450: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: sdx75: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: sc7280: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: qrb4210-rb2: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: q[dr]u1000: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: qcs404: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: msm8994: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: msm8939: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: msm8916: correct sleep clock frequency
Luca Weiss <luca.weiss(a)fairphone.com>
arm64: dts: qcom: sm7225-fairphone-fp4: Drop extra qcom,msm-id value
Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com>
arm64: dts: qcom: msm8994: Describe USB interrupts
Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com>
arm64: dts: qcom: msm8996: Fix up USB3 interrupts
Taniya Das <quic_tdas(a)quicinc.com>
arm64: dts: qcom: sa8775p: Update sleep_clk frequency
Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org>
arm64: dts: qcom: move common parts for sa8775p-ride variants into a .dtsi
Shazad Hussain <quic_shazhuss(a)quicinc.com>
arm64: dts: qcom: sa8775p-ride: enable pmm8654au_0_pon_resin
Andrew Halaney <ahalaney(a)redhat.com>
arm64: dts: qcom: sa8775p-ride: Describe sgmii_phy1 irq
Andrew Halaney <ahalaney(a)redhat.com>
arm64: dts: qcom: sa8775p-ride: Describe sgmii_phy0 irq
Marek Vasut <marex(a)denx.de>
arm64: dts: qcom: msm8996-xiaomi-gemini: Fix LP5562 LED1 reg property
Chen-Yu Tsai <wenst(a)chromium.org>
arm64: dts: mediatek: mt8183-kukui-jacuzzi: Drop pp3300_panel voltage settings
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
memory: tegra20-emc: fix an OF node reference bug in tegra_emc_find_node_by_ram_code()
Marek Vasut <marex(a)denx.de>
ARM: dts: stm32: Swap USART3 and UART8 alias on STM32MP15xx DHCOM SoM
Marek Vasut <marex(a)denx.de>
ARM: dts: stm32: Deduplicate serial aliases and chosen node for STM32MP15xx DHCOM SoM
Nícolas F. R. A. Prado <nfraprado(a)collabora.com>
arm64: dts: mediatek: mt8195: Remove suspend-breaking reset from pcie1
Ma Ke <make_ruc2021(a)163.com>
RDMA/srp: Fix error handling in srp_add_port
Hsin-Te Yuan <yuanhsinte(a)chromium.org>
arm64: dts: mediatek: mt8183: willow: Support second source touchscreen
Hsin-Te Yuan <yuanhsinte(a)chromium.org>
arm64: dts: mediatek: mt8183: kenzo: Support second source touchscreen
zhenwei pi <pizhenwei(a)bytedance.com>
RDMA/rxe: Fix mismatched max_msg_sz
Li Zhijian <lizhijian(a)fujitsu.com>
RDMA/rxe: Improve newline in printing messages
Mamta Shukla <mamta.shukla(a)leica-geosystems.com>
arm: dts: socfpga: use reset-name "stmmaceth-ocp" instead of "ahb"
Ricky CX Wu <ricky.cx.wu.wiwynn(a)gmail.com>
ARM: dts: aspeed: yosemite4: correct the compatible string for max31790
Ricky CX Wu <ricky.cx.wu.wiwynn(a)gmail.com>
ARM: dts: aspeed: yosemite4: Add required properties for IOE on fan boards
Ricky CX Wu <ricky.cx.wu.wiwynn(a)gmail.com>
ARM: dts: aspeed: yosemite4: correct the compatible string of adm1272
Chen-Yu Tsai <wenst(a)chromium.org>
arm64: dts: mediatek: mt8173-evb: Fix MT6397 PMIC sub-node names
Chen-Yu Tsai <wenst(a)chromium.org>
arm64: dts: mediatek: mt8173-elm: Fix MT6397 PMIC sub-node names
Chen-Yu Tsai <wenst(a)chromium.org>
arm64: dts: mediatek: mt8195-demo: Drop regulator-compatible property
Chen-Yu Tsai <wenst(a)chromium.org>
arm64: dts: mediatek: mt8195-cherry: Drop regulator-compatible property
Chen-Yu Tsai <wenst(a)chromium.org>
arm64: dts: mediatek: mt8192-asurada: Drop regulator-compatible property
Chen-Yu Tsai <wenst(a)chromium.org>
arm64: dts: mediatek: mt8173-elm: Drop regulator-compatible property
Chen-Yu Tsai <wenst(a)chromium.org>
arm64: dts: mediatek: mt8173-evb: Drop regulator-compatible property
Dan Carpenter <dan.carpenter(a)linaro.org>
rdma/cxgb4: Prevent potential integer overflow on 32bit
Leon Romanovsky <leon(a)kernel.org>
RDMA/mlx4: Avoid false error about access to uninitialized gids array
Arnaud Pouliquen <arnaud.pouliquen(a)foss.st.com>
ARM: dts: stm32: Fix IPCC EXTI declaration on stm32mp151
Val Packett <val(a)packett.cool>
arm64: dts: mediatek: mt8516: reserve 192 KiB for TF-A
Val Packett <val(a)packett.cool>
arm64: dts: mediatek: mt8516: add i2c clock-div property
Val Packett <val(a)packett.cool>
arm64: dts: mediatek: mt8516: fix wdt irq type
Val Packett <val(a)packett.cool>
arm64: dts: mediatek: mt8516: fix GICv2 range
Hsin-Yi Wang <hsinyi(a)chromium.org>
arm64: dts: mt8183: set DMIC one-wire mode on Damu
Nícolas F. R. A. Prado <nfraprado(a)collabora.com>
arm64: dts: mediatek: mt8186: Move wakeup to MTU3 to get working suspend
Nicolas Ferre <nicolas.ferre(a)microchip.com>
ARM: at91: pm: change BU Power Switch to automatic mode
Javier Carrasco <javier.carrasco.cruz(a)gmail.com>
soc: atmel: fix device_node release in atmel_soc_device_init()
Pali Rohár <pali(a)kernel.org>
cifs: Use cifs_autodisable_serverino() for disabling CIFS_MOUNT_SERVER_INUM in readdir.c
Paulo Alcantara <pc(a)manguebit.com>
smb: client: fix oops due to unset link speed
Chen Ridong <chenridong(a)huawei.com>
padata: avoid UAF for reorder_work
Chen Ridong <chenridong(a)huawei.com>
padata: add pd get/put refcnt helper
Chen Ridong <chenridong(a)huawei.com>
padata: fix UAF in padata_reorder
Chun-Tse Shao <ctshao(a)google.com>
perf lock: Fix parse_lock_type which only retrieve one lock flag
Kailang Yang <kailang(a)realtek.com>
ALSA: hda/realtek - Fixed headphone distorted sound on Acer Aspire A115-31 laptop
Daniel Xu <dxu(a)dxuuu.xyz>
bpf: tcp: Mark bpf_load_hdr_opt() arg2 as read-write
Puranjay Mohan <puranjay(a)kernel.org>
bpf: Send signals asynchronously if !preemptible
Maciej S. Szmigiero <mail(a)maciej.szmigiero.name>
pinctrl: amd: Take suspend type into consideration which pins are non-wake
Mingwei Zheng <zmw12306(a)gmail.com>
pinctrl: stm32: Add check for clk_enable()
Jiachen Zhang <me(a)jcix.top>
perf report: Fix misleading help message about --demangle
Cezary Rojewski <cezary.rojewski(a)intel.com>
ASoC: Intel: avs: Fix theoretical infinite loop
Cezary Rojewski <cezary.rojewski(a)intel.com>
ASoC: Intel: avs: Do not readq() u32 registers
Cezary Rojewski <cezary.rojewski(a)intel.com>
ASoC: Intel: avs: Abstract IPC handling
Cezary Rojewski <cezary.rojewski(a)intel.com>
ASoC: Intel: avs: Prefix SKL/APL-specific members
Arnaldo Carvalho de Melo <acme(a)redhat.com>
perf namespaces: Fixup the nsinfo__in_pidns() return type, its bool
Arnaldo Carvalho de Melo <acme(a)redhat.com>
perf namespaces: Introduce nsinfo__set_in_pidns()
Christophe Leroy <christophe.leroy(a)csgroup.eu>
perf machine: Don't ignore _etext when not a text symbol
Arnaldo Carvalho de Melo <acme(a)redhat.com>
perf top: Don't complain about lack of vmlinux when not resolving some kernel samples
Thomas Weißschuh <linux(a)weissschuh.net>
padata: fix sysfs store callback check
Takashi Iwai <tiwai(a)suse.de>
ALSA: seq: Make dependency on UMP clearer
Masahiro Yamada <masahiroy(a)kernel.org>
ALSA: seq: remove redundant 'tristate' for SND_SEQ_UMP_CLIENT
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
crypto: ixp4xx - fix OF node reference leaks in init_ixp_crypto()
Wenkai Lin <linwenkai6(a)hisilicon.com>
crypto: hisilicon/sec2 - fix for aead invalid authsize
Wenkai Lin <linwenkai6(a)hisilicon.com>
crypto: hisilicon/sec2 - fix for aead icv error
Chenghai Huang <huangchenghai2(a)huawei.com>
crypto: hisilicon/sec2 - optimize the error return process
Martin KaFai Lau <martin.lau(a)kernel.org>
bpf: bpf_local_storage: Always use bpf_mem_alloc in PREEMPT_RT
Ba Jing <bajing(a)cmss.chinamobile.com>
ktest.pl: Remove unused declarations in run_bisect_test function
Levi Yun <yeoreum.yun(a)arm.com>
perf expr: Initialize is_test value in expr__ctx_new()
Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com>
ASoC: renesas: rz-ssi: Use only the proper amount of dividers
Zhongqiu Han <quic_zhonhan(a)quicinc.com>
perf bpf: Fix two memory leakages when calling perf_env__insert_bpf_prog_info()
Zhongqiu Han <quic_zhonhan(a)quicinc.com>
perf header: Fix one memory leakage in process_bpf_prog_info()
Zhongqiu Han <quic_zhonhan(a)quicinc.com>
perf header: Fix one memory leakage in process_bpf_btf()
Gaurav Jain <gaurav.jain(a)nxp.com>
crypto: caam - use JobR's space to access page 0 regs
Herbert Xu <herbert(a)gondor.apana.org.au>
crypto: api - Fix boot-up self-test race
Saket Kumar Bhaskar <skb99(a)linux.ibm.com>
selftests/bpf: Fix fill_link_info selftest on powerpc
George Lander <lander(a)jagmn.com>
ASoC: sun4i-spdif: Add clock multiplier settings
Quentin Monnet <qmo(a)kernel.org>
libbpf: Fix segfault due to libelf functions not setting errno
Marco Leogrande <leogrande(a)google.com>
tools/testing/selftests/bpf/test_tc_tunnel.sh: Fix wait for server bind
Andrii Nakryiko <andrii(a)kernel.org>
libbpf: don't adjust USDT semaphore address if .stapsdt.base addr is missing
Nikita Zhandarovich <n.zhandarovich(a)fintech.ru>
net/rose: prevent integer overflows in rose_setsockopt()
Mahdi Arghavani <ma.arghavani(a)yahoo.com>
tcp_cubic: fix incorrect HyStart round start detection
Roger Quadros <rogerq(a)kernel.org>
net: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns()
Florian Westphal <fw(a)strlen.de>
netfilter: nft_flow_offload: update tcp state flags under lock
Pablo Neira Ayuso <pablo(a)netfilter.org>
netfilter: nf_tables: fix set size with rbtree backend
Florian Westphal <fw(a)strlen.de>
netfilter: nft_set_rbtree: prefer sync gc to async worker
Florian Westphal <fw(a)strlen.de>
netfilter: nft_set_rbtree: rename gc deactivate+erase function
Florian Westphal <fw(a)strlen.de>
netfilter: nf_tables: de-constify set commit ops function argument
Jamal Hadi Salim <jhs(a)mojatatu.com>
net: sched: Disallow replacing of child qdisc from one parent to another
Antoine Tenart <atenart(a)kernel.org>
net: avoid race between device unregistration and ethnl ops
Shinas Rasheed <srasheed(a)marvell.com>
octeon_ep: remove firmware stats fetch in ndo_get_stats64
Maher Sanalla <msanalla(a)nvidia.com>
net/mlxfw: Drop hard coded max FW flash image size
Liu Jian <liujian56(a)huawei.com>
net: let net.core.dev_weight always be non-zero
Mickaël Salaün <mic(a)digikod.net>
selftests/landlock: Fix error message
Mingwei Zheng <zmw12306(a)gmail.com>
pwm: stm32: Add check for clk_enable()
Bo Gan <ganboing(a)gmail.com>
clk: analogbits: Fix incorrect calculation of vco rate delta
Eric Dumazet <edumazet(a)google.com>
inet: ipmr: fix data-races
Dmitry Antipov <dmantipov(a)yandex.ru>
wifi: cfg80211: adjust allocation of colocated AP data
Ilan Peer <ilan.peer(a)intel.com>
wifi: cfg80211: Handle specific BSSID in 6GHz scanning
Dmitry V. Levin <ldv(a)strace.io>
selftests: harness: fix printing of mismatch values in __EXPECT()
Geert Uytterhoeven <geert+renesas(a)glider.be>
selftests: timers: clocksource-switch: Adapt progress to kselftest framework
Gautham R. Shenoy <gautham.shenoy(a)amd.com>
cpufreq: ACPI: Fix max-frequency computation
Peter Chiu <chui-hao.chiu(a)mediatek.com>
wifi: mt76: mt7996: fix ldpc setting
Benjamin Lin <benjamin-jw.lin(a)mediatek.com>
wifi: mt76: mt7996: fix incorrect indexing of MIB FW event
Howard Hsu <howard-yh.hsu(a)mediatek.com>
wifi: mt76: mt7996: fix HE Phy capability
Howard Hsu <howard-yh.hsu(a)mediatek.com>
wifi: mt76: mt7996: fix the capability of reception of EHT MU PPDU
Peter Chiu <chui-hao.chiu(a)mediatek.com>
wifi: mt76: mt7996: add max mpdu len capability
Peter Chiu <chui-hao.chiu(a)mediatek.com>
wifi: mt76: mt7996: fix register mapping
Peter Chiu <chui-hao.chiu(a)mediatek.com>
wifi: mt76: mt7915: fix register mapping
Felix Fietkau <nbd(a)nbd.name>
wifi: mt76: mt7915: fix omac index assignment after hardware reset
Felix Fietkau <nbd(a)nbd.name>
wifi: mt76: mt7915: improve hardware restart reliability
Felix Fietkau <nbd(a)nbd.name>
wifi: mt76: connac: move mt7615_mcu_del_wtbl_all to connac
Felix Fietkau <nbd(a)nbd.name>
wifi: mt76: mt7915: firmware restart on devices with a second pcie link
Felix Fietkau <nbd(a)nbd.name>
wifi: mt76: mt7996: fix rx filter setting for bfee functionality
xueqin Luo <luoxueqin(a)kylinos.cn>
wifi: mt76: mt7915: fix overflows seen when writing limit attributes
Michael Lo <michael.lo(a)mediatek.com>
wifi: mt76: mt7921: fix using incorrect group cipher after disconnection.
WangYuli <wangyuli(a)uniontech.com>
wifi: mt76: mt76u_vendor_request: Do not print error messages when -EPROTO
Mickaël Salaün <mic(a)digikod.net>
landlock: Handle weird files
Guangguan Wang <guangguan.wang(a)linux.alibaba.com>
net/smc: fix data error when recvmsg with MSG_PEEK flag
Sergio Paracuellos <sergio.paracuellos(a)gmail.com>
clk: ralink: mtmips: remove duplicated 'xtal' clock for Ralink SoC RT3883
Johannes Berg <johannes.berg(a)intel.com>
wifi: mac80211: don't flush non-uploaded STAs
Ilan Peer <ilan.peer(a)intel.com>
wifi: mac80211: Fix common size calculation for ML element
Andy Strohman <andrew(a)andrewstrohman.com>
wifi: mac80211: fix tid removal during mesh forwarding
Johannes Berg <johannes.berg(a)intel.com>
wifi: mac80211: prohibit deactivating all links
Nicolas Cavallari <nicolas.cavallari(a)green-communications.fr>
wifi: mt76: mt7915: Fix mesh scan on MT7916 DBDC
Andreas Kemnade <andreas(a)kemnade.info>
wifi: wlcore: fix unbalanced pm_runtime calls
Zichen Xie <zichenxie0106(a)gmail.com>
samples/landlock: Fix possible NULL dereference in parse_path()
Rob Herring (Arm) <robh(a)kernel.org>
mfd: syscon: Fix race in device_node_get_regmap()
Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org>
mfd: syscon: Use scoped variables with memory allocators to simplify error paths
Peter Griffin <peter.griffin(a)linaro.org>
mfd: syscon: Add of_syscon_register_regmap() API
Peter Griffin <peter.griffin(a)linaro.org>
mfd: syscon: Remove extern from function prototypes
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
leds: cht-wcove: Use devm_led_classdev_register() to avoid memory leak
Terry Tritton <terry.tritton(a)linaro.org>
HID: fix generic desktop D-Pad controls
Karol Przybylski <karprzy7(a)gmail.com>
HID: hid-thrustmaster: Fix warning in thrustmaster_probe by adding endpoint check
Amit Pundir <amit.pundir(a)linaro.org>
clk: qcom: gcc-sdm845: Do not use shared clk_ops for QUPs
Sathishkumar Muruganandam <quic_murugana(a)quicinc.com>
wifi: ath12k: fix tx power, max reg power update to firmware
Quan Nguyen <quan(a)os.amperecomputing.com>
ipmi: ssif_bmc: Fix new request loss when bmc ready for a response
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
OPP: OF: Fix an OF node leak in _opp_add_static_v2()
Eric Dumazet <edumazet(a)google.com>
ax25: rcu protect dev->ax25_ptr
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
regulator: of: Implement the unwind path of of_regulator_match()
Vasily Khoruzhick <anarsoul(a)gmail.com>
clk: sunxi-ng: a64: stop force-selecting PLL-MIPI as TCON0 parent
Vasily Khoruzhick <anarsoul(a)gmail.com>
clk: sunxi-ng: a64: drop redundant CLK_PLL_VIDEO0_2X and CLK_PLL_MIPI
Vasily Khoruzhick <anarsoul(a)gmail.com>
dt-bindings: clock: sunxi: Export PLL_VIDEO_2X and PLL_MIPI
Octavian Purdila <tavip(a)google.com>
team: prevent adding a device which is already a team device lower
Marek Vasut <marex(a)denx.de>
clk: imx8mp: Fix clkout1/2 support
Manivannan Sadhasivam <mani(a)kernel.org>
cpufreq: qcom: Implement clk_ops::determine_rate() for qcom_cpufreq* clocks
Manivannan Sadhasivam <mani(a)kernel.org>
cpufreq: qcom: Fix qcom_cpufreq_hw_recalc_rate() to query LUT if LMh IRQ is not available
Luca Ceresoli <luca.ceresoli(a)bootlin.com>
gpio: pca953x: log an error when failing to get the reset GPIO
Andy Shevchenko <andriy.shevchenko(a)linux.intel.com>
gpio: pca953x: Fully convert to device managed resources
Andy Shevchenko <andriy.shevchenko(a)linux.intel.com>
gpio: pca953x: Drop unused fields in struct pca953x_platform_data
Sultan Alsawaf (unemployed) <sultan(a)kerneltoast.com>
cpufreq: schedutil: Fix superfluous updates caused by need_freq_update
Mingwei Zheng <zmw12306(a)gmail.com>
pwm: stm32-lp: Add check for clk_enable()
Eric Dumazet <edumazet(a)google.com>
inetpeer: do not get a refcount in inet_getpeer()
Eric Dumazet <edumazet(a)google.com>
inetpeer: update inetpeer timestamp in inet_getpeer()
Eric Dumazet <edumazet(a)google.com>
inetpeer: remove create argument of inet_getpeer()
Eric Dumazet <edumazet(a)google.com>
inetpeer: remove create argument of inet_getpeer_v[46]()
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
leds: netxbig: Fix an OF node reference leak in netxbig_leds_get_of_pdata()
Matti Vaittinen <mazziesaccount(a)gmail.com>
dt-bindings: mfd: bd71815: Fix rsense and typos
He Rongguang <herongguang(a)linux.alibaba.com>
cpupower: fix TSC MHz calculation
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
ACPI: fan: cleanup resources in the error path of .probe()
Marcel Hamer <marcel.hamer(a)windriver.com>
wifi: brcmfmac: add missing header include for brcmf_dbg
Chen-Yu Tsai <wenst(a)chromium.org>
regulator: dt-bindings: mt6315: Drop regulator-compatible property
Jiri Kosina <jkosina(a)suse.com>
HID: multitouch: fix support for Goodix PID 0x01e9
Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>
wifi: rtlwifi: pci: wait for firmware loading before releasing memory
Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>
wifi: rtlwifi: fix memory leaks and invalid access at probe error path
Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>
wifi: rtlwifi: destroy workqueue at rtl_deinit_core
Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>
wifi: rtlwifi: remove unused check_buddy_priv
Geert Uytterhoeven <geert+renesas(a)glider.be>
dt-bindings: leds: class-multicolor: Fix path to color definitions
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
clk: fix an OF node reference leak in of_clk_get_parent_name()
Luca Ceresoli <luca.ceresoli(a)bootlin.com>
of: remove internal arguments from of_property_for_each_u32()
Alvin Šipraga <alsi(a)bang-olufsen.dk>
clk: si5351: allow PLLs to be adjusted without reset
Hugo Villeneuve <hvilleneuve(a)dimonoff.com>
serial: sc16is7xx: use device_property APIs when configuring irda mode
Neil Armstrong <neil.armstrong(a)linaro.org>
dt-bindings: mmc: controller: clarify the address-cells description
David Howells <dhowells(a)redhat.com>
rxrpc: Fix handling of received connection abort
Mingwei Zheng <zmw12306(a)gmail.com>
spi: zynq-qspi: Add check for clk_enable()
Octavian Purdila <tavip(a)google.com>
net_sched: sch_sfq: don't allow 1 packet limit
Eric Dumazet <edumazet(a)google.com>
net_sched: sch_sfq: handle bigger packets
Eric Dumazet <edumazet(a)google.com>
net_sched: sch_sfq: annotate data-races around q->perturb_period
Barnabás Czémán <barnabas.czeman(a)mainlining.org>
wifi: wcn36xx: fix channel survey memory allocation size
Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>
wifi: rtlwifi: usb: fix workqueue leak when probe fails
Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>
wifi: rtlwifi: fix init_sw_vars leak when probe fails
Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>
wifi: rtlwifi: wait for firmware loading before releasing memory
Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>
wifi: rtlwifi: rtl8192se: rise completion of firmware loading as last step
Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>
wifi: rtlwifi: do not complete firmware loading needlessly
Balaji Pothunoori <quic_bpothuno(a)quicinc.com>
wifi: ath11k: Fix unexpected return buffer manager error for WCN6750/WCN6855
Charles Han <hanchunchao(a)inspur.com>
ipmi: ipmb: Add check devm_kasprintf() returned value
Thomas Gleixner <tglx(a)linutronix.de>
genirq: Make handle_enforce_irqctx() unconditionally available
Jiang Liu <gerry(a)linux.alibaba.com>
drm/amdgpu: tear down ttm range manager for doorbell in amdgpu_ttm_fini()
Hermes Wu <hermes.wu(a)ite.com.tw>
drm/bridge: it6505: Change definition of AUX_FIFO_MAX_SIZE
Sui Jingfeng <sui.jingfeng(a)linux.dev>
drm/msm: Check return value of of_dma_configure()
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
drm/msm/dpu: link DSPP_2/_3 blocks on SM8550
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
drm/msm/dpu: link DSPP_2/_3 blocks on SM8350
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
drm/msm/dpu: link DSPP_2/_3 blocks on SM8250
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
drm/msm/dpu: link DSPP_2/_3 blocks on SC8180X
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
drm/msm/dpu: link DSPP_2/_3 blocks on SM8150
Neil Armstrong <neil.armstrong(a)linaro.org>
OPP: fix dev_pm_opp_find_bw_*() when bandwidth table not initialized
Neil Armstrong <neil.armstrong(a)linaro.org>
OPP: add index check to assert to avoid buffer overflow in _read_freq()
Bokun Zhang <bokun.zhang(a)amd.com>
drm/amdgpu/vcn: reset fw_shared under SRIOV
Min-Hua Chen <minhuadotchen(a)gmail.com>
drm/rockchip: vop2: include rockchip_drm_drv.h
Andy Yan <andy.yan(a)rock-chips.com>
drm/rockchip: move output interface related definition to rockchip_drm_drv.h
Andy Yan <andy.yan(a)rock-chips.com>
drm/rockchip: vop2: Check linear format for Cluster windows on rk3566/8
Andy Yan <andy.yan(a)rock-chips.com>
drm/rockchip: vop2: Fix the windows switch between different layers
Andy Yan <andy.yan(a)rock-chips.com>
drm/rockchip: vop2: set bg dly and prescan dly at vop2_post_config
Andy Yan <andy.yan(a)rock-chips.com>
drm/rockchip: vop2: Set YUV/RGB overlay mode
Andy Yan <andy.yan(a)rock-chips.com>
drm/rockchip: vop2: Fix the mixer alpha setup for layer 0
Andy Yan <andy.yan(a)rock-chips.com>
drm/rockchip: vop2: Fix cluster windows alpha ctrl regsiters offset
Ivan Stepchenko <sid(a)itb.spb.ru>
drm/amdgpu: Fix potential NULL pointer dereference in atomctrl_get_smc_sclk_range_table
Christophe JAILLET <christophe.jaillet(a)wanadoo.fr>
drm/amd/pm: Fix an error handling path in vega10_enable_se_edc_force_stall_config()
Alan Stern <stern(a)rowland.harvard.edu>
HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections
Sui Jingfeng <sui.jingfeng(a)linux.dev>
drm/etnaviv: Fix page property being used for non writecombine buffers
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
drm/msm/dp: set safe_to_exit_level before printing it
K Prateek Nayak <kprateek.nayak(a)amd.com>
x86/topology: Use x86_sched_itmt_flags for PKG domain unconditionally
Perry Yuan <perry.yuan(a)amd.com>
x86/cpu: Enable SD_ASYM_PACKING for PKG domain on AMD
Peter Zijlstra <peterz(a)infradead.org>
sched/topology: Rename 'DIE' domain to 'PKG'
Peter Zijlstra <peterz(a)infradead.org>
sched/fair: Fix value reported by hot tasks pulled in /proc/schedstat
Yabin Cui <yabinc(a)google.com>
perf/core: Save raw sample data conditionally based on sample type
David Howells <dhowells(a)redhat.com>
afs: Fix the fallback handling for the YFS.RemoveFile2 RPC call
Jens Axboe <axboe(a)kernel.dk>
nvme: fix bogus kzalloc() return check in nvme_init_effects_log()
Christophe Leroy <christophe.leroy(a)csgroup.eu>
select: Fix unbalanced user_access_end()
Randy Dunlap <rdunlap(a)infradead.org>
partitions: ldm: remove the initial kernel-doc notation
Keisuke Nishimura <keisuke.nishimura(a)inria.fr>
nvme: Add error path for xa_store in nvme_init_effects
Michael Ellerman <mpe(a)ellerman.id.au>
selftests/powerpc: Fix argument order to timer_sub()
Keisuke Nishimura <keisuke.nishimura(a)inria.fr>
nvme: Add error check for xa_store in nvme_get_effects_log
Eugen Hristev <eugen.hristev(a)linaro.org>
pstore/blk: trivial typo fixes
Yu Kuai <yukuai3(a)huawei.com>
nbd: don't allow reconnect after disconnect
Yang Erkun <yangerkun(a)huawei.com>
block: retry call probe after request_module in blk_request_module
Jinliang Zheng <alexjlzheng(a)gmail.com>
fs: fix proc_handler for sysctl_nr_open
David Howells <dhowells(a)redhat.com>
afs: Fix cleanup of immediately failed async calls
David Howells <dhowells(a)redhat.com>
afs: Fix directory format encoding struct
David Howells <dhowells(a)redhat.com>
afs: Fix EEXIST error returned from afs_rmdir() to be ENOTEMPTY
Alexander Aring <aahringo(a)redhat.com>
dlm: fix srcu_read_lock() return type to int
Sourabh Jain <sourabhjain(a)linux.ibm.com>
powerpc/book3s64/hugetlb: Fix disabling hugetlb when fadump is active
-------------
Diffstat:
.../bindings/leds/leds-class-multicolor.yaml | 2 +-
.../devicetree/bindings/mfd/rohm,bd71815-pmic.yaml | 20 +-
.../devicetree/bindings/mmc/mmc-controller.yaml | 2 +-
.../bindings/regulator/mt6315-regulator.yaml | 6 -
Makefile | 6 +-
.../dts/aspeed/aspeed-bmc-facebook-yosemite4.dts | 24 +-
.../boot/dts/intel/socfpga/socfpga_arria10.dtsi | 6 +-
arch/arm/boot/dts/mediatek/mt7623.dtsi | 2 +-
.../boot/dts/microchip/at91-sama5d27_wlsom1_ek.dts | 2 +-
arch/arm/boot/dts/st/stm32mp151.dtsi | 2 +-
arch/arm/boot/dts/st/stm32mp15xx-dhcom-drc02.dtsi | 12 -
arch/arm/boot/dts/st/stm32mp15xx-dhcom-pdk2.dtsi | 10 -
.../arm/boot/dts/st/stm32mp15xx-dhcom-picoitx.dtsi | 10 -
arch/arm/boot/dts/st/stm32mp15xx-dhcom-som.dtsi | 7 +
arch/arm/mach-at91/pm.c | 31 +-
arch/arm/mach-omap1/board-nokia770.c | 2 +-
.../boot/dts/allwinner/sun50i-a64-pinebook.dts | 2 +
.../boot/dts/allwinner/sun50i-a64-teres-i.dts | 2 +
arch/arm64/boot/dts/allwinner/sun50i-a64.dtsi | 2 +
arch/arm64/boot/dts/mediatek/mt8173-elm.dtsi | 29 +-
arch/arm64/boot/dts/mediatek/mt8173-evb.dts | 25 +-
.../dts/mediatek/mt8183-kukui-jacuzzi-damu.dts | 4 +
.../dts/mediatek/mt8183-kukui-jacuzzi-kenzo.dts | 15 +
.../dts/mediatek/mt8183-kukui-jacuzzi-willow.dtsi | 15 +
.../boot/dts/mediatek/mt8183-kukui-jacuzzi.dtsi | 2 -
arch/arm64/boot/dts/mediatek/mt8183.dtsi | 3 +-
arch/arm64/boot/dts/mediatek/mt8186.dtsi | 8 +-
arch/arm64/boot/dts/mediatek/mt8192-asurada.dtsi | 3 -
arch/arm64/boot/dts/mediatek/mt8195-cherry.dtsi | 2 -
arch/arm64/boot/dts/mediatek/mt8195-demo.dts | 9 -
arch/arm64/boot/dts/mediatek/mt8195.dtsi | 5 +-
arch/arm64/boot/dts/mediatek/mt8365.dtsi | 3 +-
arch/arm64/boot/dts/mediatek/mt8516.dtsi | 11 +-
arch/arm64/boot/dts/mediatek/pumpkin-common.dtsi | 2 -
arch/arm64/boot/dts/nvidia/tegra234.dtsi | 2 +-
arch/arm64/boot/dts/qcom/Makefile | 3 +
arch/arm64/boot/dts/qcom/msm8916.dtsi | 2 +-
arch/arm64/boot/dts/qcom/msm8939.dtsi | 2 +-
arch/arm64/boot/dts/qcom/msm8994.dtsi | 11 +-
arch/arm64/boot/dts/qcom/msm8996-xiaomi-gemini.dts | 2 +-
arch/arm64/boot/dts/qcom/msm8996.dtsi | 9 +-
arch/arm64/boot/dts/qcom/pm6150.dtsi | 2 +-
arch/arm64/boot/dts/qcom/pm6150l.dtsi | 3 -
arch/arm64/boot/dts/qcom/qcs404.dtsi | 2 +-
arch/arm64/boot/dts/qcom/qdu1000-idp.dts | 2 +-
arch/arm64/boot/dts/qcom/qrb4210-rb2.dts | 2 +-
arch/arm64/boot/dts/qcom/qru1000-idp.dts | 2 +-
arch/arm64/boot/dts/qcom/sa8775p-ride.dts | 829 +--------------------
arch/arm64/boot/dts/qcom/sa8775p-ride.dtsi | 814 ++++++++++++++++++++
arch/arm64/boot/dts/qcom/sc7180-firmware-tfa.dtsi | 84 +--
.../arm64/boot/dts/qcom/sc7180-trogdor-coachz.dtsi | 9 +-
.../boot/dts/qcom/sc7180-trogdor-homestar.dtsi | 9 +-
.../arm64/boot/dts/qcom/sc7180-trogdor-pompom.dtsi | 7 +-
.../dts/qcom/sc7180-trogdor-quackingstick.dtsi | 1 +
.../boot/dts/qcom/sc7180-trogdor-wormdingler.dtsi | 9 +-
arch/arm64/boot/dts/qcom/sc7180-trogdor.dtsi | 3 -
arch/arm64/boot/dts/qcom/sc7180.dtsi | 387 +++++-----
arch/arm64/boot/dts/qcom/sc7280.dtsi | 2 +-
arch/arm64/boot/dts/qcom/sc8280xp.dtsi | 6 +-
...dts => sdm845-db845c-navigation-mezzanine.dtso} | 46 +-
arch/arm64/boot/dts/qcom/sdm845.dtsi | 20 +-
arch/arm64/boot/dts/qcom/sdx75.dtsi | 2 +-
arch/arm64/boot/dts/qcom/sm4450.dtsi | 2 +-
arch/arm64/boot/dts/qcom/sm6125.dtsi | 2 +-
arch/arm64/boot/dts/qcom/sm6375.dtsi | 2 +-
arch/arm64/boot/dts/qcom/sm7125.dtsi | 16 +
arch/arm64/boot/dts/qcom/sm7225-fairphone-fp4.dts | 2 +-
.../boot/dts/qcom/sm8150-microsoft-surface-duo.dts | 4 +-
arch/arm64/boot/dts/qcom/sm8250.dtsi | 30 +-
arch/arm64/boot/dts/qcom/sm8350.dtsi | 2 +-
arch/arm64/boot/dts/qcom/sm8450.dtsi | 2 +-
arch/arm64/boot/dts/ti/k3-am62-main.dtsi | 1 -
arch/arm64/boot/dts/ti/k3-am62a-main.dtsi | 1 -
arch/hexagon/include/asm/cmpxchg.h | 2 +-
arch/hexagon/kernel/traps.c | 4 +-
arch/loongarch/include/asm/hw_breakpoint.h | 4 +-
arch/loongarch/include/asm/loongarch.h | 60 ++
arch/loongarch/kernel/hw_breakpoint.c | 16 +-
arch/loongarch/power/platform.c | 2 +-
arch/powerpc/include/asm/hugetlb.h | 9 +
arch/powerpc/kernel/smp.c | 4 +-
arch/powerpc/sysdev/xive/native.c | 4 +-
arch/powerpc/sysdev/xive/spapr.c | 3 +-
arch/riscv/kernel/vector.c | 2 +-
arch/s390/Makefile | 2 +-
arch/s390/kernel/perf_cpum_cf.c | 2 +-
arch/s390/kernel/perf_pai_crypto.c | 2 +-
arch/s390/kernel/perf_pai_ext.c | 2 +-
arch/s390/kernel/topology.c | 2 +-
arch/s390/purgatory/Makefile | 2 +-
arch/x86/events/amd/ibs.c | 2 +-
arch/x86/kernel/smpboot.c | 12 +-
block/genhd.c | 22 +-
block/partitions/ldm.h | 2 +-
crypto/algapi.c | 4 +-
drivers/acpi/acpica/achware.h | 2 -
drivers/acpi/fan_core.c | 10 +-
drivers/base/class.c | 9 +-
drivers/base/power/main.c | 146 ++--
drivers/block/nbd.c | 1 +
drivers/bluetooth/btnxpuart.c | 3 +-
drivers/bus/ti-sysc.c | 4 +-
drivers/char/ipmi/ipmb_dev_int.c | 3 +
drivers/char/ipmi/ssif_bmc.c | 5 +-
drivers/clk/analogbits/wrpll-cln28hpc.c | 2 +-
drivers/clk/clk-conf.c | 4 +-
drivers/clk/clk-si5351.c | 76 +-
drivers/clk/clk.c | 14 +-
drivers/clk/imx/clk-imx8mp.c | 5 +-
drivers/clk/qcom/common.c | 4 +-
drivers/clk/qcom/gcc-sdm845.c | 32 +-
drivers/clk/ralink/clk-mtmips.c | 1 -
drivers/clk/sunxi-ng/ccu-sun50i-a64.c | 13 +-
drivers/clk/sunxi-ng/ccu-sun50i-a64.h | 2 -
drivers/clk/sunxi/clk-simple-gates.c | 4 +-
drivers/clk/sunxi/clk-sun8i-bus-gates.c | 4 +-
drivers/clocksource/samsung_pwm_timer.c | 4 +-
drivers/cpufreq/acpi-cpufreq.c | 36 +-
drivers/cpufreq/qcom-cpufreq-hw.c | 34 +-
drivers/crypto/caam/blob_gen.c | 3 +-
drivers/crypto/hisilicon/sec2/sec.h | 3 +-
drivers/crypto/hisilicon/sec2/sec_crypto.c | 164 ++--
drivers/crypto/hisilicon/sec2/sec_crypto.h | 11 -
drivers/crypto/intel/ixp4xx/ixp4xx_crypto.c | 3 +
drivers/dma/ti/edma.c | 3 +-
drivers/firmware/efi/sysfb_efi.c | 2 +-
drivers/gpio/gpio-brcmstb.c | 5 +-
drivers/gpio/gpio-mxc.c | 3 +-
drivers/gpio/gpio-pca953x.c | 108 ++-
drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 1 +
drivers/gpu/drm/amd/amdgpu/vcn_v4_0_3.c | 2 +
.../gpu/drm/amd/pm/powerplay/hwmgr/ppatomctrl.c | 2 +
.../drm/amd/pm/powerplay/hwmgr/vega10_powertune.c | 5 +-
drivers/gpu/drm/bridge/ite-it6505.c | 2 +-
drivers/gpu/drm/etnaviv/etnaviv_gem.c | 16 +-
drivers/gpu/drm/msm/adreno/a6xx_gmu.c | 8 +-
.../gpu/drm/msm/disp/dpu1/catalog/dpu_5_0_sm8150.h | 2 +
.../drm/msm/disp/dpu1/catalog/dpu_5_1_sc8180x.h | 2 +
.../gpu/drm/msm/disp/dpu1/catalog/dpu_6_0_sm8250.h | 2 +
.../gpu/drm/msm/disp/dpu1/catalog/dpu_7_0_sm8350.h | 2 +
.../gpu/drm/msm/disp/dpu1/catalog/dpu_9_0_sm8550.h | 2 +
drivers/gpu/drm/msm/dp/dp_audio.c | 2 +-
drivers/gpu/drm/rockchip/analogix_dp-rockchip.c | 1 -
drivers/gpu/drm/rockchip/cdn-dp-core.c | 1 -
drivers/gpu/drm/rockchip/dw-mipi-dsi-rockchip.c | 1 -
drivers/gpu/drm/rockchip/dw_hdmi-rockchip.c | 1 -
drivers/gpu/drm/rockchip/inno_hdmi.c | 1 -
drivers/gpu/drm/rockchip/rk3066_hdmi.c | 1 -
drivers/gpu/drm/rockchip/rockchip_drm_drv.h | 18 +
drivers/gpu/drm/rockchip/rockchip_drm_vop.h | 12 -
drivers/gpu/drm/rockchip/rockchip_drm_vop2.c | 121 ++-
drivers/gpu/drm/rockchip/rockchip_drm_vop2.h | 18 +-
drivers/gpu/drm/rockchip/rockchip_lvds.c | 1 -
drivers/gpu/drm/rockchip/rockchip_rgb.c | 1 -
drivers/hid/hid-core.c | 2 +
drivers/hid/hid-input.c | 37 +-
drivers/hid/hid-multitouch.c | 2 +-
drivers/hid/hid-thrustmaster.c | 8 +
drivers/i3c/master/dw-i3c-master.c | 66 +-
drivers/i3c/master/dw-i3c-master.h | 2 +
drivers/iio/adc/ti_am335x_adc.c | 4 +-
drivers/infiniband/hw/bnxt_re/ib_verbs.c | 7 +-
drivers/infiniband/hw/cxgb4/device.c | 6 +-
drivers/infiniband/hw/mlx4/main.c | 8 +-
drivers/infiniband/hw/mlx5/odp.c | 32 +-
drivers/infiniband/sw/rxe/rxe.c | 6 +-
drivers/infiniband/sw/rxe/rxe.h | 6 +-
drivers/infiniband/sw/rxe/rxe_comp.c | 4 +-
drivers/infiniband/sw/rxe/rxe_cq.c | 4 +-
drivers/infiniband/sw/rxe/rxe_mr.c | 16 +-
drivers/infiniband/sw/rxe/rxe_mw.c | 2 +-
drivers/infiniband/sw/rxe/rxe_param.h | 2 +-
drivers/infiniband/sw/rxe/rxe_pool.c | 11 +-
drivers/infiniband/sw/rxe/rxe_qp.c | 8 +-
drivers/infiniband/sw/rxe/rxe_resp.c | 12 +-
drivers/infiniband/sw/rxe/rxe_task.c | 4 +-
drivers/infiniband/sw/rxe/rxe_verbs.c | 221 +++---
drivers/infiniband/ulp/srp/ib_srp.c | 1 -
drivers/irqchip/irq-atmel-aic-common.c | 4 +-
drivers/irqchip/irq-pic32-evic.c | 4 +-
drivers/leds/leds-cht-wcove.c | 6 +-
drivers/leds/leds-netxbig.c | 1 +
drivers/media/i2c/imx290.c | 3 +-
drivers/media/i2c/imx412.c | 42 +-
drivers/media/i2c/ov9282.c | 2 +-
drivers/media/platform/marvell/mcam-core.c | 7 +-
drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c | 7 +-
.../media/platform/nxp/imx8-isi/imx8-isi-video.c | 3 +
.../media/platform/samsung/exynos4-is/mipi-csis.c | 10 +-
.../media/platform/samsung/s3c-camif/camif-core.c | 13 +-
drivers/media/rc/iguanair.c | 4 +-
drivers/media/usb/dvb-usb-v2/af9035.c | 18 +-
drivers/media/usb/dvb-usb-v2/lmedm04.c | 12 +-
drivers/media/usb/uvc/uvc_queue.c | 3 +-
drivers/media/usb/uvc/uvc_status.c | 1 +
drivers/memory/tegra/tegra20-emc.c | 8 +-
drivers/mfd/syscon.c | 81 +-
drivers/mfd/ti_am335x_tscadc.c | 4 +-
drivers/misc/cardreader/rtsx_usb.c | 15 +
drivers/mtd/hyperbus/hbmc-am654.c | 25 +-
drivers/mtd/nand/raw/brcmnand/brcmnand.c | 5 +
drivers/net/ethernet/broadcom/bgmac.h | 3 +-
drivers/net/ethernet/davicom/dm9000.c | 3 +-
drivers/net/ethernet/freescale/fec_main.c | 31 +-
drivers/net/ethernet/hisilicon/hns3/hnae3.c | 15 +
drivers/net/ethernet/hisilicon/hns3/hnae3.h | 2 +
drivers/net/ethernet/hisilicon/hns3/hns3_enet.c | 2 +
.../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 2 +
.../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 2 +
drivers/net/ethernet/intel/iavf/iavf_main.c | 19 +-
.../net/ethernet/marvell/octeon_ep/octep_main.c | 10 -
drivers/net/ethernet/mellanox/mlxfw/mlxfw_fsm.c | 2 -
drivers/net/ethernet/mellanox/mlxsw/spectrum_mr.c | 8 +-
drivers/net/ethernet/renesas/sh_eth.c | 4 +
drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 30 +
drivers/net/ethernet/ti/am65-cpsw-nuss.c | 2 +-
drivers/net/netdevsim/netdevsim.h | 1 +
drivers/net/netdevsim/udp_tunnels.c | 23 +-
drivers/net/team/team.c | 7 +
drivers/net/usb/rtl8150.c | 22 +
drivers/net/vxlan/vxlan_vnifilter.c | 5 +
drivers/net/wireless/ath/ath11k/dp_rx.c | 1 +
drivers/net/wireless/ath/ath11k/hal_rx.c | 3 +-
drivers/net/wireless/ath/ath12k/mac.c | 6 +-
drivers/net/wireless/ath/wcn36xx/main.c | 5 +-
.../wireless/broadcom/brcm80211/brcmfmac/fwil.h | 2 +
drivers/net/wireless/mediatek/mt76/mt7615/init.c | 2 +-
drivers/net/wireless/mediatek/mt76/mt7615/mcu.c | 10 -
drivers/net/wireless/mediatek/mt76/mt7615/mt7615.h | 1 -
.../net/wireless/mediatek/mt76/mt76_connac_mcu.c | 11 +
.../net/wireless/mediatek/mt76/mt76_connac_mcu.h | 1 +
drivers/net/wireless/mediatek/mt76/mt7915/init.c | 2 +-
drivers/net/wireless/mediatek/mt76/mt7915/mac.c | 34 +-
drivers/net/wireless/mediatek/mt76/mt7915/main.c | 15 +-
drivers/net/wireless/mediatek/mt76/mt7915/mcu.c | 2 +
drivers/net/wireless/mediatek/mt76/mt7915/mmio.c | 2 +-
drivers/net/wireless/mediatek/mt76/mt7915/mt7915.h | 1 +
drivers/net/wireless/mediatek/mt76/mt7915/pci.c | 1 +
drivers/net/wireless/mediatek/mt76/mt7921/main.c | 8 +-
drivers/net/wireless/mediatek/mt76/mt7996/init.c | 15 +-
drivers/net/wireless/mediatek/mt76/mt7996/main.c | 3 +-
drivers/net/wireless/mediatek/mt76/mt7996/mcu.c | 47 +-
drivers/net/wireless/mediatek/mt76/mt7996/mmio.c | 2 +-
drivers/net/wireless/mediatek/mt76/usb.c | 4 +-
drivers/net/wireless/realtek/rtlwifi/base.c | 13 +-
drivers/net/wireless/realtek/rtlwifi/base.h | 1 -
drivers/net/wireless/realtek/rtlwifi/pci.c | 61 +-
.../net/wireless/realtek/rtlwifi/rtl8192se/sw.c | 7 +-
drivers/net/wireless/realtek/rtlwifi/usb.c | 12 +-
drivers/net/wireless/realtek/rtlwifi/wifi.h | 12 -
drivers/net/wireless/ti/wlcore/main.c | 10 +-
drivers/nvme/host/core.c | 34 +-
drivers/of/of_reserved_mem.c | 3 +-
drivers/opp/core.c | 57 +-
drivers/opp/of.c | 4 +-
drivers/pci/controller/dwc/pci-imx6.c | 139 ++--
drivers/pci/controller/pcie-rcar-ep.c | 2 +-
drivers/pci/endpoint/functions/pci-epf-test.c | 6 +-
drivers/pci/endpoint/pci-epc-core.c | 2 +-
drivers/pinctrl/nxp/pinctrl-s32cc.c | 4 +-
drivers/pinctrl/pinctrl-amd.c | 27 +-
drivers/pinctrl/pinctrl-amd.h | 7 +-
drivers/pinctrl/pinctrl-k210.c | 4 +-
drivers/pinctrl/stm32/pinctrl-stm32.c | 76 +-
drivers/pps/clients/pps-gpio.c | 4 +-
drivers/pps/clients/pps-ktimer.c | 4 +-
drivers/pps/clients/pps-ldisc.c | 6 +-
drivers/pps/clients/pps_parport.c | 4 +-
drivers/pps/kapi.c | 10 +-
drivers/pps/kc.c | 10 +-
drivers/pps/pps.c | 127 ++--
drivers/ptp/ptp_chardev.c | 4 +
drivers/ptp/ptp_ocp.c | 2 +-
drivers/pwm/pwm-samsung.c | 4 +-
drivers/pwm/pwm-stm32-lp.c | 8 +-
drivers/pwm/pwm-stm32.c | 7 +-
drivers/regulator/core.c | 2 +-
drivers/regulator/of_regulator.c | 14 +-
drivers/remoteproc/remoteproc_core.c | 14 +-
drivers/rtc/rtc-loongson.c | 13 +-
drivers/rtc/rtc-pcf85063.c | 11 +-
drivers/scsi/mpt3sas/mpt3sas_base.c | 3 +-
drivers/soc/atmel/soc.c | 2 +-
drivers/spi/spi-omap2-mcspi.c | 11 +-
drivers/spi/spi-zynq-qspi.c | 13 +-
drivers/staging/media/imx/imx-media-of.c | 8 +-
drivers/staging/media/max96712/max96712.c | 4 +-
drivers/tty/serial/8250/8250_port.c | 32 +-
drivers/tty/serial/sc16is7xx.c | 34 +-
drivers/tty/sysrq.c | 4 +-
drivers/ufs/core/ufs_bsg.c | 1 +
drivers/usb/dwc3/core.c | 30 +-
drivers/usb/dwc3/dwc3-am62.c | 1 +
drivers/usb/gadget/function/f_tcm.c | 14 +-
drivers/usb/host/xhci-ring.c | 3 +-
drivers/usb/misc/usb251xb.c | 4 +-
drivers/usb/typec/tcpm/tcpci.c | 13 +-
drivers/usb/typec/tcpm/tcpm.c | 10 +-
drivers/vfio/iova_bitmap.c | 2 +-
drivers/video/fbdev/omap2/omapfb/dss/dss-of.c | 1 +
drivers/watchdog/rti_wdt.c | 1 +
fs/afs/dir.c | 7 +-
fs/afs/internal.h | 9 +
fs/afs/rxrpc.c | 12 +-
fs/afs/xdr_fs.h | 2 +-
fs/afs/yfsclient.c | 5 +-
fs/btrfs/super.c | 2 +-
fs/buffer.c | 24 +-
fs/dlm/lowcomms.c | 3 +-
fs/f2fs/dir.c | 53 +-
fs/f2fs/f2fs.h | 6 +-
fs/f2fs/inline.c | 5 +-
fs/file_table.c | 2 +-
fs/hostfs/hostfs_kern.c | 157 ++--
fs/nfs/nfs42proc.c | 2 +-
fs/nfs/nfs42xdr.c | 2 +
fs/nfsd/nfs4callback.c | 1 +
fs/nilfs2/segment.c | 11 +-
fs/ocfs2/quota_global.c | 5 +
fs/pstore/blk.c | 4 +-
fs/select.c | 4 +-
fs/smb/client/cifsacl.c | 25 +-
fs/smb/client/cifsproto.h | 2 +-
fs/smb/client/cifssmb.c | 4 +-
fs/smb/client/readdir.c | 2 +-
fs/smb/client/reparse.c | 22 +-
fs/smb/client/smb2ops.c | 3 +-
fs/ubifs/debug.c | 22 +-
include/acpi/acpixf.h | 1 +
include/dt-bindings/clock/sun50i-a64-ccu.h | 2 +
include/linux/buffer_head.h | 4 +-
include/linux/hid.h | 1 +
include/linux/ieee80211.h | 11 +-
include/linux/kallsyms.h | 2 +-
include/linux/mfd/syscon.h | 33 +-
include/linux/mroute_base.h | 6 +-
include/linux/netdevice.h | 2 +-
include/linux/of.h | 15 +-
include/linux/perf_event.h | 6 +
include/linux/platform_data/pca953x.h | 13 -
include/linux/platform_data/si5351.h | 2 +
include/linux/pm.h | 32 +-
include/linux/pps_kernel.h | 3 +-
include/linux/sched.h | 1 +
include/linux/usb/tcpm.h | 3 +-
include/net/ax25.h | 10 +-
include/net/inetpeer.h | 12 +-
include/net/netfilter/nf_tables.h | 8 +-
include/net/xfrm.h | 16 +-
include/trace/events/afs.h | 2 +
include/trace/events/rxrpc.h | 25 +
io_uring/uring_cmd.c | 2 +-
kernel/bpf/bpf_local_storage.c | 8 +-
kernel/events/core.c | 35 +-
kernel/irq/internals.h | 9 +-
kernel/padata.c | 45 +-
kernel/power/hibernate.c | 7 +-
kernel/sched/cpufreq_schedutil.c | 4 +-
kernel/sched/fair.c | 19 +-
kernel/sched/topology.c | 8 +-
kernel/trace/bpf_trace.c | 13 +-
net/ax25/af_ax25.c | 12 +-
net/ax25/ax25_dev.c | 4 +-
net/ax25/ax25_ip.c | 3 +-
net/ax25/ax25_out.c | 22 +-
net/ax25/ax25_route.c | 2 +
net/core/dev.c | 4 +
net/core/filter.c | 2 +-
net/core/sysctl_net_core.c | 5 +-
net/ethtool/netlink.c | 2 +-
net/hsr/hsr_forward.c | 7 +-
net/ipv4/icmp.c | 9 +-
net/ipv4/inetpeer.c | 31 +-
net/ipv4/ip_fragment.c | 15 +-
net/ipv4/ipmr.c | 28 +-
net/ipv4/ipmr_base.c | 9 +-
net/ipv4/route.c | 17 +-
net/ipv4/tcp_cubic.c | 8 +-
net/ipv4/tcp_output.c | 9 +-
net/ipv6/icmp.c | 6 +-
net/ipv6/ip6_output.c | 6 +-
net/ipv6/ip6mr.c | 28 +-
net/ipv6/ndisc.c | 8 +-
net/mac80211/debugfs_netdev.c | 2 +-
net/mac80211/driver-ops.h | 3 +
net/mac80211/rx.c | 1 +
net/mptcp/options.c | 13 +-
net/mptcp/protocol.c | 4 +-
net/mptcp/protocol.h | 30 +-
net/netfilter/nf_tables_api.c | 57 +-
net/netfilter/nft_flow_offload.c | 16 +-
net/netfilter/nft_set_pipapo.c | 7 +-
net/netfilter/nft_set_rbtree.c | 178 +++--
net/rose/af_rose.c | 16 +-
net/rose/rose_timer.c | 15 +
net/rxrpc/conn_event.c | 12 +-
net/sched/sch_api.c | 4 +
net/sched/sch_sfq.c | 58 +-
net/smc/af_smc.c | 2 +-
net/smc/smc_rx.c | 37 +-
net/smc/smc_rx.h | 8 +-
net/sunrpc/svcsock.c | 12 +-
net/vmw_vsock/af_vsock.c | 13 +-
net/wireless/scan.c | 35 +
net/xfrm/xfrm_replay.c | 10 +-
samples/landlock/sandboxer.c | 7 +
scripts/Makefile.lib | 4 +-
scripts/genksyms/genksyms.c | 11 +-
scripts/genksyms/genksyms.h | 2 +-
scripts/genksyms/parse.y | 18 +-
scripts/kconfig/conf.c | 6 +
scripts/kconfig/confdata.c | 113 ++-
scripts/kconfig/lkc_proto.h | 2 +
scripts/kconfig/symbol.c | 10 +
security/landlock/fs.c | 11 +-
sound/core/seq/Kconfig | 5 +-
sound/pci/hda/patch_realtek.c | 1 +
sound/soc/codecs/arizona.c | 12 +-
sound/soc/intel/avs/apl.c | 53 +-
sound/soc/intel/avs/avs.h | 40 +-
sound/soc/intel/avs/core.c | 51 +-
sound/soc/intel/avs/ipc.c | 36 +-
sound/soc/intel/avs/loader.c | 2 +-
sound/soc/intel/avs/messages.h | 10 +-
sound/soc/intel/avs/registers.h | 6 +-
sound/soc/intel/avs/skl.c | 30 +-
sound/soc/rockchip/rockchip_i2s_tdm.c | 31 +-
sound/soc/sh/rz-ssi.c | 3 +-
sound/soc/sunxi/sun4i-spdif.c | 7 +
sound/usb/quirks.c | 2 +
tools/bootconfig/main.c | 4 +-
tools/lib/bpf/linker.c | 22 +-
tools/lib/bpf/usdt.c | 2 +-
tools/perf/builtin-lock.c | 66 +-
tools/perf/builtin-report.c | 2 +-
tools/perf/builtin-top.c | 2 +-
tools/perf/builtin-trace.c | 6 +-
tools/perf/util/bpf-event.c | 10 +-
tools/perf/util/env.c | 13 +-
tools/perf/util/env.h | 4 +-
tools/perf/util/expr.c | 5 +-
tools/perf/util/header.c | 8 +-
tools/perf/util/machine.c | 2 +-
tools/perf/util/namespaces.c | 7 +-
tools/perf/util/namespaces.h | 3 +-
.../cpupower/utils/idle_monitor/mperf_monitor.c | 15 +-
tools/testing/ktest/ktest.pl | 7 +-
.../selftests/bpf/prog_tests/fill_link_info.c | 4 +
.../selftests/bpf/progs/test_fill_link_info.c | 13 +-
tools/testing/selftests/bpf/test_tc_tunnel.sh | 1 +
.../drivers/net/netdevsim/udp_tunnel_nic.sh | 16 +-
tools/testing/selftests/kselftest_harness.h | 24 +-
tools/testing/selftests/landlock/fs_test.c | 3 +-
.../selftests/powerpc/benchmarks/gettimeofday.c | 2 +-
tools/testing/selftests/rseq/rseq.c | 32 +-
tools/testing/selftests/rseq/rseq.h | 9 +-
.../testing/selftests/timers/clocksource-switch.c | 6 +-
457 files changed, 4603 insertions(+), 3454 deletions(-)
2 months, 3 weeks
- 9
- 401
[PATCH v2] ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers
by Peter Ujfalusi
Other, non DAI copier widgets could have the same stream name (sname) as
the ALH copier and in that case the copier->data is NULL, no alh_data is
attached, which could lead to NULL pointer dereference.
We could check for this NULL pointer in sof_ipc4_prepare_copier_module()
and avoid the crash, but a similar loop in sof_ipc4_widget_setup_comp_dai()
will miscalculate the ALH device count, causing broken audio.
The correct fix is to harden the matching logic by making sure that the
1. widget is a DAI widget - so dai = w->private is valid
2. the dai (and thus the copier) is ALH copier
Fixes: a150345aa758 ("ASoC: SOF: ipc4-topology: add SoundWire/ALH aggregation support")
Reported-by: Seppo Ingalsuo <seppo.ingalsuo(a)linux.intel.com>
Link: https://github.com/thesofproject/sof/pull/9652
Signed-off-by: Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com>
Reviewed-by: Liam Girdwood <liam.r.girdwood(a)intel.com>
Reviewed-by: Ranjani Sridharan <ranjani.sridharan(a)linux.intel.com>
Reviewed-by: Bard Liao <yung-chuan.liao(a)linux.intel.com>
---
Hi,
Changes since v1:
- correct SHA in Fixes tag
Regards,
Peter
sound/soc/sof/ipc4-topology.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/sound/soc/sof/ipc4-topology.c b/sound/soc/sof/ipc4-topology.c
index c04c62478827..6d5cda813e48 100644
--- a/sound/soc/sof/ipc4-topology.c
+++ b/sound/soc/sof/ipc4-topology.c
@@ -765,10 +765,16 @@ static int sof_ipc4_widget_setup_comp_dai(struct snd_sof_widget *swidget)
}
list_for_each_entry(w, &sdev->widget_list, list) {
- if (w->widget->sname &&
+ struct snd_sof_dai *alh_dai;
+
+ if (!WIDGET_IS_DAI(w->id) || !w->widget->sname ||
strcmp(w->widget->sname, swidget->widget->sname))
continue;
+ alh_dai = w->private;
+ if (alh_dai->type != SOF_DAI_INTEL_ALH)
+ continue;
+
blob->alh_cfg.device_count++;
}
@@ -2061,11 +2067,13 @@ sof_ipc4_prepare_copier_module(struct snd_sof_widget *swidget,
list_for_each_entry(w, &sdev->widget_list, list) {
u32 node_type;
- if (w->widget->sname &&
+ if (!WIDGET_IS_DAI(w->id) || !w->widget->sname ||
strcmp(w->widget->sname, swidget->widget->sname))
continue;
dai = w->private;
+ if (dai->type != SOF_DAI_INTEL_ALH)
+ continue;
alh_copier = (struct sof_ipc4_copier *)dai->private;
alh_data = &alh_copier->data;
node_type = SOF_IPC4_GET_NODE_TYPE(alh_data->gtw_cfg.node_id);
--
2.48.1
2 months, 3 weeks
- 2
- 1
[PATCH] ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers
by Peter Ujfalusi
Other, non DAI copier widgets could have the same stream name (sname) as
the ALH copier and in that case the copier->data is NULL, no alh_data is
attached, which could lead to NULL pointer dereference.
We could check for this NULL pointer in sof_ipc4_prepare_copier_module()
and avoid the crash, but a similar loop in sof_ipc4_widget_setup_comp_dai()
will miscalculate the ALH device count, causing broken audio.
The correct fix is to harden the matching logic by making sure that the
1. widget is a DAI widget - so dai = w->private is valid
2. the dai (and thus the copier) is ALH copier
Fixes: 0e357b529053 ("ASoC: SOF: ipc4-topology: add SoundWire/ALH aggregation support")
Cc: stable(a)vger.kernel.org
Reported-by: Seppo Ingalsuo <seppo.ingalsuo(a)linux.intel.com>
Link: https://github.com/thesofproject/sof/pull/9652
Signed-off-by: Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com>
Reviewed-by: Liam Girdwood <liam.r.girdwood(a)intel.com>
Reviewed-by: Ranjani Sridharan <ranjani.sridharan(a)linux.intel.com>
Reviewed-by: Bard Liao <yung-chuan.liao(a)linux.intel.com>
---
sound/soc/sof/ipc4-topology.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/sound/soc/sof/ipc4-topology.c b/sound/soc/sof/ipc4-topology.c
index b55eb977e443..70b7bfb080f4 100644
--- a/sound/soc/sof/ipc4-topology.c
+++ b/sound/soc/sof/ipc4-topology.c
@@ -765,10 +765,16 @@ static int sof_ipc4_widget_setup_comp_dai(struct snd_sof_widget *swidget)
}
list_for_each_entry(w, &sdev->widget_list, list) {
- if (w->widget->sname &&
+ struct snd_sof_dai *alh_dai;
+
+ if (!WIDGET_IS_DAI(w->id) || !w->widget->sname ||
strcmp(w->widget->sname, swidget->widget->sname))
continue;
+ alh_dai = w->private;
+ if (alh_dai->type != SOF_DAI_INTEL_ALH)
+ continue;
+
blob->alh_cfg.device_count++;
}
@@ -2061,11 +2067,13 @@ sof_ipc4_prepare_copier_module(struct snd_sof_widget *swidget,
list_for_each_entry(w, &sdev->widget_list, list) {
u32 node_type;
- if (w->widget->sname &&
+ if (!WIDGET_IS_DAI(w->id) || !w->widget->sname ||
strcmp(w->widget->sname, swidget->widget->sname))
continue;
dai = w->private;
+ if (dai->type != SOF_DAI_INTEL_ALH)
+ continue;
alh_copier = (struct sof_ipc4_copier *)dai->private;
alh_data = &alh_copier->data;
node_type = SOF_IPC4_GET_NODE_TYPE(alh_data->gtw_cfg.node_id);
--
2.47.1
2 months, 3 weeks
- 2
- 2
[PATCH 6.12 000/590] 6.12.13-rc1 review
by Greg Kroah-Hartman
This is the start of the stable review cycle for the 6.12.13 release.
There are 590 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Fri, 07 Feb 2025 13:43:01 +0000.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.12.13-rc…
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.12.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
Linux 6.12.13-rc1
Qu Wenruo <wqu(a)suse.com>
btrfs: do proper folio cleanup when run_delalloc_nocow() failed
Tiezhu Yang <yangtiezhu(a)loongson.cn>
LoongArch: Change 8 to 14 for LOONGARCH_MAX_{BRP,WRP}
Chen Ridong <chenridong(a)huawei.com>
memcg: fix soft lockup in the OOM process
Sean Christopherson <seanjc(a)google.com>
KVM: x86: Plumb in the vCPU to kvm_x86_ops.hwapic_isr_update()
Aric Cyr <Aric.Cyr(a)amd.com>
drm/amd/display: Add hubp cache reset when powergating
Nathan Chancellor <nathan(a)kernel.org>
s390: Add '-std=gnu11' to decompressor and purgatory CFLAGS
Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com>
ASoC: da7213: Initialize the mutex
Leon Hwang <leon.hwang(a)linux.dev>
selftests/bpf: Add test to verify tailcall and freplace restrictions
Vasily Gorbik <gor(a)linux.ibm.com>
Revert "s390/mm: Allow large pages for KASAN shadow mapping"
Adam Ford <aford173(a)gmail.com>
phy: freescale: fsl-samsung-hdmi: Fix 64-by-32 division cocci warnings
Gal Pressman <gal(a)nvidia.com>
ethtool: Fix access to uninitialized fields in set RXNFC command
Steffen Klassert <steffen.klassert(a)secunet.com>
xfrm: Fix acquire state insertion.
Everest K.C <everestkc(a)everestkc.com.np>
xfrm: Add error handling when nla_put_u32() returns an error
Geert Uytterhoeven <geert+renesas(a)glider.be>
dma-mapping: save base/size instead of pointer to shared DMA pool
Zijun Hu <quic_zijuhu(a)quicinc.com>
of: reserved-memory: Warn for missing static reserved memory regions
Qu Wenruo <wqu(a)suse.com>
btrfs: output the reason for open_ctree() failure
Yu Kuai <yukuai3(a)huawei.com>
md/md-bitmap: Synchronize bitmap_get_stats() with bitmap lifetime
Shivaprasad G Bhat <sbhat(a)linux.ibm.com>
powerpc/pseries/iommu: Don't unset window if it was never set
Dan Carpenter <dan.carpenter(a)linaro.org>
media: imx-jpeg: Fix potential error pointer dereference in detach_pm()
Laurentiu Palcu <laurentiu.palcu(a)oss.nxp.com>
staging: media: max96712: fix kernel oops when removing module
Thinh Nguyen <Thinh.Nguyen(a)synopsys.com>
usb: gadget: f_tcm: Don't free command immediately
Calvin Owens <calvin(a)wbinvd.org>
pps: Fix a use-after-free
Laurent Pinchart <laurent.pinchart(a)ideasonboard.com>
media: uvcvideo: Fix double free in error path
Arnaud Pouliquen <arnaud.pouliquen(a)foss.st.com>
remoteproc: core: Fix ida_free call while not allocated
Patrisious Haddad <phaddad(a)nvidia.com>
RDMA/mlx5: Fix implicit ODP use after free
Matthieu Baerts (NGI0) <matttbe(a)kernel.org>
mptcp: blackhole only if 1st SYN retrans w/o MPC is accepted
Paolo Abeni <pabeni(a)redhat.com>
mptcp: handle fastopen disconnect correctly
Matthieu Baerts (NGI0) <matttbe(a)kernel.org>
mptcp: pm: only set fullmesh for subflow endp
Paolo Abeni <pabeni(a)redhat.com>
mptcp: consolidate suboption status
Abel Vesa <abel.vesa(a)linaro.org>
clk: qcom: gcc-x1e80100: Do not turn off usb_2 controller GDSC
Kyle Tso <kyletso(a)google.com>
usb: typec: tcpci: Prevent Sink disconnection before vPpsShutdown in SPR PPS
Jos Wang <joswang(a)lenovo.com>
usb: typec: tcpm: set SRC_SEND_CAPABILITIES timeout to PD_T_SENDER_RESPONSE
Ray Chi <raychi(a)google.com>
usb: dwc3: Skip resume if pm_runtime_set_active() fails
Kyle Tso <kyletso(a)google.com>
usb: dwc3: core: Defer the probe until USB power supply ready
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
usb: dwc3-am62: Fix an OF node leak in phy_syscon_pll_refclk()
Thinh Nguyen <Thinh.Nguyen(a)synopsys.com>
usb: gadget: f_tcm: Fix Get/SetInterface return value
Sean Rhodes <sean(a)starlabs.systems>
drivers/card_reader/rtsx_usb: Restore interrupt based detection
Michal Pecio <michal.pecio(a)gmail.com>
usb: xhci: Fix NULL pointer dereference on certain command aborts
Nikita Zhandarovich <n.zhandarovich(a)fintech.ru>
net: usb: rtl8150: enable basic endpoint checking
Lianqin Hu <hulianqin(a)vivo.com>
ALSA: usb-audio: Add delay quirk for iBasso DC07 Pro
Darrick J. Wong <djwong(a)kernel.org>
xfs: don't shut down the filesystem for media failures beyond end of log
Christoph Hellwig <hch(a)lst.de>
xfs: check for dead buffers in xfs_buf_find_insert
Ricardo B. Marliere <rbm(a)suse.com>
ktest.pl: Check kernelrelease return in get_version
Masami Hiramatsu (Google) <mhiramat(a)kernel.org>
selftests/ftrace: Fix to use remount when testing mount GID option
Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com>
selftests/rseq: Fix handling of glibc without rseq support
Wayne Lin <Wayne.Lin(a)amd.com>
drm/amd/display: Reduce accessing remote DPCD overhead
Pablo Neira Ayuso <pablo(a)netfilter.org>
netfilter: nf_tables: reject mismatching sum of field_len with set key length
Parth Pancholi <parth.pancholi(a)toradex.com>
kbuild: switch from lz4c to lz4 for compression
Chuck Lever <chuck.lever(a)oracle.com>
Revert "SUNRPC: Reduce thread wake-up rate when receiving large RPC messages"
Yu Kuai <yukuai3(a)huawei.com>
md/md-bitmap: move bitmap_{start, end}write to md upper layer
Yu Kuai <yukuai3(a)huawei.com>
md/raid5: implement pers->bitmap_sector()
Yu Kuai <yukuai3(a)huawei.com>
md: add a new callback pers->bitmap_sector()
Yu Kuai <yukuai3(a)huawei.com>
md/md-bitmap: remove the last parameter for bimtap_ops->endwrite()
Yu Kuai <yukuai3(a)huawei.com>
md/md-bitmap: factor behind write counters out from bitmap_{start/end}write()
Daniel Lee <chullee(a)google.com>
f2fs: Introduce linear search for dentries
Lin Yujun <linyujun809(a)huawei.com>
hexagon: Fix unbalanced spinlock in die()
Willem de Bruijn <willemb(a)google.com>
hexagon: fix using plain integer as NULL pointer warning in cmpxchg
Masahiro Yamada <masahiroy(a)kernel.org>
kconfig: fix memory leak in sym_warn_unmet_dep()
Masahiro Yamada <masahiroy(a)kernel.org>
kconfig: fix file name in warnings when loading KCONFIG_DEFCONFIG_LIST
Pali Rohár <pali(a)kernel.org>
cifs: Fix getting and setting SACLs over SMB1
Pali Rohár <pali(a)kernel.org>
cifs: Validate EAs for WSL reparse points
Len Brown <len.brown(a)intel.com>
tools/power turbostat: Fix forked child affinity regression
Daniel Baluta <daniel.baluta(a)nxp.com>
ASoC: amd: acp: Fix possible deadlock
Jens Axboe <axboe(a)kernel.dk>
io_uring/uring_cmd: use cached cmd_op in io_uring_cmd_sock()
Detlev Casanova <detlev.casanova(a)collabora.com>
ASoC: rockchip: i2s_tdm: Re-add the set_sysclk callback
Palmer Dabbelt <palmer(a)rivosinc.com>
RISC-V: Mark riscv_v_init() as __init
Patryk Wlazlyn <patryk.wlazlyn(a)linux.intel.com>
tools/power turbostat: Fix PMT mmaped file size rounding
Patryk Wlazlyn <patryk.wlazlyn(a)linux.intel.com>
tools/power turbostat: Allow using cpu device in perf counters on hybrid platforms
Al Viro <viro(a)zeniv.linux.org.uk>
hostfs: fix string handling in __dentry_name()
Masahiro Yamada <masahiroy(a)kernel.org>
genksyms: fix memory leak when the same symbol is read from *.symref file
Masahiro Yamada <masahiroy(a)kernel.org>
genksyms: fix memory leak when the same symbol is added from source
Eric Dumazet <edumazet(a)google.com>
net: hsr: fix fill_frame_info() regression vs VLAN packets
Kory Maincent <kory.maincent(a)bootlin.com>
net: sh_eth: Fix missing rtnl lock in suspend/resume path
Kory Maincent <kory.maincent(a)bootlin.com>
net: ravb: Fix missing rtnl lock in suspend/resume path
Toke Høiland-Jørgensen <toke(a)redhat.com>
net: xdp: Disallow attaching device-bound programs in generic mode
Jon Maloy <jmaloy(a)redhat.com>
tcp: correct handling of extreme memory squeeze
Rafał Miłecki <rafal(a)milecki.pl>
bgmac: reduce max frame size to support just MTU 1500
Michal Luczaj <mhal(a)rbox.co>
vsock: Allow retrying on connect() failure
Michal Luczaj <mhal(a)rbox.co>
vsock: Keep the binding until socket destruction
Neeraj Sanjay Kale <neeraj.sanjaykale(a)nxp.com>
Bluetooth: btnxpuart: Fix glitches seen in dual A2DP streaming
Douglas Anderson <dianders(a)chromium.org>
Bluetooth: btusb: mediatek: Add locks for usb_driver_claim_interface()
Rafael J. Wysocki <rafael.j.wysocki(a)intel.com>
PM: sleep: core: Synchronize runtime PM status of parents and children
Namhyung Kim <namhyung(a)kernel.org>
perf test: Skip syscall enum test if no landlock syscall
Howard Chu <howardchu95(a)gmail.com>
perf trace: Fix runtime error of index out of bounds
Heiko Carstens <hca(a)linux.ibm.com>
s390/sclp: Initialize sclp subsystem via arch_cpu_finalize_init()
Kunihiko Hayashi <hayashi.kunihiko(a)socionext.com>
net: stmmac: Limit FIFO size by hardware capability
Kunihiko Hayashi <hayashi.kunihiko(a)socionext.com>
net: stmmac: Limit the number of MTL queues to hardware capability
Gal Pressman <gal(a)nvidia.com>
ethtool: Fix set RXNFC command with symmetric RSS hash
Edward Cree <ecree.xilinx(a)gmail.com>
net: ethtool: only allow set_rxnfc with rss + ring_cookie if driver opts in
Thomas Weißschuh <linux(a)weissschuh.net>
ptp: Properly handle compat ioctls
Chenyuan Yang <chenyuan0y(a)gmail.com>
net: davicom: fix UAF in dm9000_drv_remove
Shigeru Yoshida <syoshida(a)redhat.com>
vxlan: Fix uninit-value in vxlan_vnifilter_dump()
David Howells <dhowells(a)redhat.com>
rxrpc, afs: Fix peer hash locking vs RCU callback
Jan Stancek <jstancek(a)redhat.com>
selftests: net/{lib,openvswitch}: extend CFLAGS to keep options from environment
Jan Stancek <jstancek(a)redhat.com>
selftests: mptcp: extend CFLAGS to keep options from environment
Jakub Kicinski <kuba(a)kernel.org>
tools: ynl: c: correct reverse decode of empty attrs
Jakub Kicinski <kuba(a)kernel.org>
net: netdevsim: try to close UDP port harness races
Eric Dumazet <edumazet(a)google.com>
net: rose: fix timer races against user threads
Paul Fertser <fercerpav(a)gmail.com>
net/ncsi: use dev_set_mac_address() for Get MC MAC Address handling
Vasily Gorbik <gor(a)linux.ibm.com>
s390/mm: Allow large pages for KASAN shadow mapping
Michal Swiatkowski <michal.swiatkowski(a)linux.intel.com>
iavf: allow changing VLAN state without calling PF
Mateusz Polchlopek <mateusz.polchlopek(a)intel.com>
ice: remove invalid parameter of equalizer
Mateusz Polchlopek <mateusz.polchlopek(a)intel.com>
ice: extend dump serdes equalizer values feature
Mateusz Polchlopek <mateusz.polchlopek(a)intel.com>
ice: rework of dump serdes equalizer values feature
Przemek Kitszel <przemyslaw.kitszel(a)intel.com>
ice: fix ice_parser_rt::bst_key array size
Marco Leogrande <leogrande(a)google.com>
idpf: convert workqueues to unbound
Manoj Vishwanathan <manojvishy(a)google.com>
idpf: Acquire the lock before accessing the xn->salt
Emil Tantilov <emil.s.tantilov(a)intel.com>
idpf: fix transaction timeouts on reset
Emil Tantilov <emil.s.tantilov(a)intel.com>
idpf: add read memory barrier when checking descriptor done bit
Sebastian Sewior <bigeasy(a)linutronix.de>
xfrm: Don't disable preemption while looking up cache state.
Howard Chu <howardchu95(a)gmail.com>
perf trace: Fix BPF loading failure (-E2BIG)
Wentao Liang <vulab(a)iscas.ac.cn>
PM: hibernate: Add error handling for syscore_suspend()
Eric Dumazet <edumazet(a)google.com>
ipmr: do not call mr_mfc_uses_dev() for unres entries
Dheeraj Reddy Jonnalagadda <dheeraj.linuxdev(a)gmail.com>
net: fec: implement TSO descriptor cleanup
Dimitri Fedrau <dima.fedrau(a)gmail.com>
net: phy: marvell-88q2xxx: Fix temperature measurement with reset-gpios
Ahmad Fatoum <a.fatoum(a)pengutronix.de>
gpio: mxc: remove dead code after switch to DT-only
Jian Shen <shenjian15(a)huawei.com>
net: hns3: fix oops when unload drivers paralleling
Christian Marangi <ansuelsmth(a)gmail.com>
net: airoha: Fix wrong GDM4 register definition
Alexander Stein <alexander.stein(a)ew.tq-group.com>
regulator: core: Add missing newline character
pangliyuan <pangliyuan1(a)huawei.com>
ubifs: skip dumping tnc tree when zroot is null
Ming Wang <wangming01(a)loongson.cn>
rtc: loongson: clear TOY_MATCH0_REG in loongson_rtc_isr()
Oleksij Rempel <o.rempel(a)pengutronix.de>
rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read
Dan Carpenter <dan.carpenter(a)linaro.org>
rtc: tps6594: Fix integer overflow on 32bit systems
Alexandre Cassen <acassen(a)corp.free.fr>
xfrm: delete intermediate secpath entry in packet offload mode
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
dmaengine: ti: edma: fix OF node reference leaks in edma_driver
Adam Ford <aford173(a)gmail.com>
phy: freescale: fsl-samsung-hdmi: Clean up fld_tg_code calculation
Adam Ford <aford173(a)gmail.com>
phy: freescale: fsl-samsung-hdmi: Support dynamic integer
Adam Ford <aford173(a)gmail.com>
phy: freescale: fsl-samsung-hdmi: Simplify REG21_PMS_S_MASK lookup
Adam Ford <aford173(a)gmail.com>
phy: freescale: fsl-samsung-hdmi: Replace register defines with macro
Florian Westphal <fw(a)strlen.de>
xfrm: state: fix out-of-bounds read during lookup
Steffen Klassert <steffen.klassert(a)secunet.com>
xfrm: Add an inbound percpu state cache.
Steffen Klassert <steffen.klassert(a)secunet.com>
xfrm: Cache used outbound xfrm states at the policy.
Steffen Klassert <steffen.klassert(a)secunet.com>
xfrm: Add support for per cpu xfrm state handling.
Jianbo Liu <jianbol(a)nvidia.com>
xfrm: replay: Fix the update of replay_esn->oseq_hi for GSO
Luo Yifan <luoyifan(a)cmss.chinamobile.com>
tools/bootconfig: Fix the wrong format specifier
Huacai Chen <chenhuacai(a)kernel.org>
LoongArch: Fix warnings during S3 suspend
Olga Kornievskaia <okorniev(a)redhat.com>
NFSv4.2: mark OFFLOAD_CANCEL MOVEABLE
Olga Kornievskaia <okorniev(a)redhat.com>
NFSv4.2: fix COPY_NOTIFY xdr buf size calculation
Mike Snitzer <snitzer(a)kernel.org>
nfs: fix incorrect error handling in LOCALIO
John Ogness <john.ogness(a)linutronix.de>
serial: 8250: Adjust the timeout for FIFO mode
Jiri Slaby (SUSE) <jirislaby(a)kernel.org>
tty: mips_ejtag_fdc: fix one more u8 warning
Zijun Hu <quic_zijuhu(a)quicinc.com>
driver core: class: Fix wild pointer dereferences in API class_dev_iter_next()
Christophe Leroy <christophe.leroy(a)csgroup.eu>
module: Don't fail module loading when setting ro_after_init section RO failed
Sebastian Andrzej Siewior <bigeasy(a)linutronix.de>
module: Extend the preempt disabled section in dereference_symbol_descriptor().
Ryusuke Konishi <konishi.ryusuke(a)gmail.com>
nilfs2: handle errors that nilfs_prepare_chunk() may return
Ryusuke Konishi <konishi.ryusuke(a)gmail.com>
nilfs2: protect access to buffers with no active references
Ryusuke Konishi <konishi.ryusuke(a)gmail.com>
nilfs2: do not force clear folio if buffer is referenced
Su Yue <glass.su(a)suse.com>
ocfs2: mark dquot as inactive if failed to start trans while releasing dquot
Gao Xiang <xiang(a)kernel.org>
erofs: fix potential return value overflow of z_erofs_shrink_scan()
Gao Xiang <xiang(a)kernel.org>
erofs: sunset `struct erofs_workgroup`
Gao Xiang <xiang(a)kernel.org>
erofs: move erofs_workgroup operations into zdata.c
Gao Xiang <xiang(a)kernel.org>
erofs: get rid of erofs_{find,insert}_workgroup
Charles Han <hanchunchao(a)inspur.com>
firewire: test: Fix potential null dereference in firewire kunit test
Guixin Liu <kanie(a)linux.alibaba.com>
scsi: mpi3mr: Fix possible crash when setting up bsg fails
Guixin Liu <kanie(a)linux.alibaba.com>
scsi: ufs: bsg: Delete bsg_dev when setting up bsg fails
Paul Menzel <pmenzel(a)molgen.mpg.de>
scsi: mpt3sas: Set ioc->manu_pg11.EEDPTagMode directly to 1
Daire McNamara <daire.mcnamara(a)microchip.com>
PCI: microchip: Set inbound address translation for coherent or non-coherent mode
Conor Dooley <conor.dooley(a)microchip.com>
PCI: microchip: Add support for using either Root Port 1 or 2
Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org>
PCI: endpoint: pci-epf-test: Fix check for DMA MEMCPY test
Mohamed Khalfella <khalfella(a)gmail.com>
PCI: endpoint: pci-epf-test: Set dma_chan_rx pointer to NULL on error
Richard Zhu <hongxing.zhu(a)nxp.com>
PCI: dwc: Always stop link in the dw_pcie_suspend_noirq
Krishna chaitanya chundru <quic_krichai(a)quicinc.com>
PCI: qcom: Update ICC and OPP values after Link Up event
Richard Zhu <hongxing.zhu(a)nxp.com>
PCI: imx6: Add missing reference clock disable logic
Richard Zhu <hongxing.zhu(a)nxp.com>
PCI: imx6: Deassert apps_reset in imx_pcie_deassert_core_reset()
Richard Zhu <hongxing.zhu(a)nxp.com>
PCI: imx6: Skip controller_id generation logic for i.MX7D
Frank Li <Frank.Li(a)nxp.com>
PCI: imx6: Configure PHY based on Root Complex or Endpoint mode
King Dix <kingdix10(a)qq.com>
PCI: rcar-ep: Fix incorrect variable used when calling devm_request_mem_region()
Desnes Nunes <desnesn(a)redhat.com>
media: dvb-usb-v2: af9035: fix ISO C90 compilation error on af9035_i2c_master_xfer
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
staging: media: imx: fix OF node leak in imx_media_add_of_subdevs()
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
watchdog: rti_wdt: Fix an OF node leak in rti_wdt_probe()
Laurentiu Palcu <laurentiu.palcu(a)oss.nxp.com>
media: nxp: imx8-isi: fix v4l2-compliance test errors
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
mtd: hyperbus: hbmc-am654: fix an OF node reference leak
david regan <dregan(a)broadcom.com>
mtd: rawnand: brcmnand: fix status read of brcmnand_waitfunc
Ricardo Ribalda <ribalda(a)chromium.org>
media: uvcvideo: Propagate buf->error to userspace
Jiasheng Jiang <jiashengjiangcool(a)gmail.com>
media: camif-core: Add check for clk_enable()
Jiasheng Jiang <jiashengjiangcool(a)gmail.com>
media: mipi-csis: Add check for clk_enable()
Dave Stevenson <dave.stevenson(a)raspberrypi.com>
media: i2c: ov9282: Correct the exposure offset
Luca Weiss <luca.weiss(a)fairphone.com>
media: i2c: imx412: Add missing newline to prints
Dave Stevenson <dave.stevenson(a)raspberrypi.com>
media: i2c: imx290: Register 0x3011 varies between imx327 and imx290
Jiasheng Jiang <jiashengjiangcool(a)gmail.com>
media: marvell: Add check for clk_enable()
Chen-Yu Tsai <wenst(a)chromium.org>
remoteproc: mtk_scp: Only populate devices for SCP cores
Jian-Hong Pan <jhp(a)endlessos.org>
PCI/ASPM: Save parent L1SS config in pci_save_aspm_l1ss_state()
Zijun Hu <quic_zijuhu(a)quicinc.com>
PCI: endpoint: Destroy the EPC device in devm_pci_epc_destroy()
Chen Ni <nichen(a)iscas.ac.cn>
media: lmedm04: Handle errors for lme2510_int_read
Oliver Neukum <oneukum(a)suse.com>
media: rc: iguanair: handle timeouts
Dmytro Maluka <dmaluka(a)chromium.org>
of/fdt: Restore possibility to use both ACPI and FDT from bootloader
Oreoluwa Babatunde <quic_obabatun(a)quicinc.com>
of: reserved_mem: Restructure how the reserved memory regions are processed
Mark Brown <broonie(a)kernel.org>
spi: omap2-mcspi: Correctly handle devm_clk_get_optional() errors
Qasim Ijaz <qasdev00(a)gmail.com>
iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index()
Suraj Sonawane <surajsonawane0215(a)gmail.com>
iommu: iommufd: fix WARNING in iommufd_device_unbind
Zhu Yanjun <yanjun.zhu(a)linux.dev>
RDMA/rxe: Fix the warning "__rxe_cleanup+0x12c/0x170 [rdma_rxe]"
Anumula Murali Mohan Reddy <anumula(a)chelsio.com>
RDMA/cxgb4: Notify rdma stack for IB_EVENT_QP_LAST_WQE_REACHED event
Randy Dunlap <rdunlap(a)infradead.org>
efi: sysfb_efi: fix W=1 warnings when EFI is not set
Zijun Hu <quic_zijuhu(a)quicinc.com>
of: reserved-memory: Do not make kmemleak ignore freed address
Zijun Hu <quic_zijuhu(a)quicinc.com>
of: property: Avoiding using uninitialized variable @imaplen in parse_interrupt_map()
Michael Guralnik <michaelgur(a)nvidia.com>
RDMA/mlx5: Fix indirect mkey ODP page count
Pei Xiao <xiaopei01(a)kylinos.cn>
i3c: dw: Fix use-after-free in dw_i3c_master driver due to race condition
Joel Stanley <joel(a)jms.id.au>
arm64: dts: qcom: x1e80100-romulus: Update firmware nodes
Akhil R <akhilrajeev(a)nvidia.com>
arm64: tegra: Fix DMA ID for SPI2
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
fbdev: omapfb: Fix an OF node leak in dss_of_port_get_parent_device()
Josua Mayer <josua(a)solid-run.com>
arm64: dts: ti: k3-am642-hummingboard-t: Convert overlay to board dts
Michael Riesch <michael.riesch(a)wolfvision.net>
arm64: dts: rockchip: fix num-channels property of wolfvision pf5 mic
Rafał Miłecki <rafal(a)milecki.pl>
ARM: dts: mediatek: mt7623: fix IR nodename
Josua Mayer <josua(a)solid-run.com>
arm64: dts: marvell: cn9131-cf-solidwan: fix cp1 comphy links
Vladimir Zapolskiy <vladimir.zapolskiy(a)linaro.org>
arm64: dts: qcom: sm8250: Fix interrupt types of camss interrupts
Vladimir Zapolskiy <vladimir.zapolskiy(a)linaro.org>
arm64: dts: qcom: sdm845: Fix interrupt types of camss interrupts
Vladimir Zapolskiy <vladimir.zapolskiy(a)linaro.org>
arm64: dts: qcom: sc8280xp: Fix interrupt type of camss interrupts
Val Packett <val(a)packett.cool>
arm64: dts: mediatek: add per-SoC compatibles for keypad nodes
Jason-JH.Lin <jason-jh.lin(a)mediatek.com>
dts: arm64: mediatek: mt8195: Remove MT8183 compatible for OVL
Frank Wunderlich <frank-w(a)public-files.de>
arm64: dts: mediatek: mt7988: Add missing clock-div property for i2c
Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org>
firmware: qcom: scm: Cleanup global '__scm' on probe failures
Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com>
arm64: dts: qcom: sc8280xp: Fix up remoteproc register space sizes
Neil Armstrong <neil.armstrong(a)linaro.org>
arm64: dts: qcom: sm8150-microsoft-surface-duo: fix typos in da7280 properties
Neil Armstrong <neil.armstrong(a)linaro.org>
arm64: dts: qcom: sc7180: fix psci power domain node names
Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org>
arm64: dts: qcom: sc7180: change labels to lower-case
Neil Armstrong <neil.armstrong(a)linaro.org>
arm64: dts: qcom: sc7180-trogdor-pompom: rename 5v-choke thermal zone
Neil Armstrong <neil.armstrong(a)linaro.org>
arm64: dts: qcom: sc7180-trogdor-quackingstick: add missing avee-supply
Neil Armstrong <neil.armstrong(a)linaro.org>
arm64: dts: qcom: sdm845-db845c-navigation-mezzanine: remove disabled ov7251 camera
Bryan O'Donoghue <bryan.odonoghue(a)linaro.org>
arm64: dts: qcom: sdm845-db845c-navigation-mezzanine: Convert mezzanine riser to dtso
Neil Armstrong <neil.armstrong(a)linaro.org>
arm64: dts: qcom: qcm6490-shift-otter: remove invalid orientation-switch
Aaro Koskinen <aaro.koskinen(a)iki.fi>
ARM: omap1: Fix up the Retu IRQ on Nokia 770
Junxian Huang <huangjunxian6(a)hisilicon.com>
RDMA/hns: Clean up the legacy CONFIG_INFINIBAND_HNS
Li Zhijian <lizhijian(a)fujitsu.com>
RDMA/rtrs: Add missing deinit() call
Kalesh AP <kalesh-anakkur.purayil(a)broadcom.com>
RDMA/bnxt_re: Fix to drop reference to the mmap entry in case of error
Vasily Khoruzhick <anarsoul(a)gmail.com>
arm64: dts: allwinner: a64: explicitly assign clock parent for TCON0
Jonas Karlman <jonas(a)kwiboo.se>
arm64: dts: rockchip: Fix sdmmc access on rk3308-rock-s0 v1.1 boards
Bryan Brattlof <bb(a)ti.com>
arm64: dts: ti: k3-am62a: Remove duplicate GICR reg
Bryan Brattlof <bb(a)ti.com>
arm64: dts: ti: k3-am62: Remove duplicate GICR reg
Cristian Birsan <cristian.birsan(a)microchip.com>
ARM: dts: microchip: sama5d27_wlsom1_ek: Add no-1-8-v property to sdmmc0 node
Cristian Birsan <cristian.birsan(a)microchip.com>
ARM: dts: microchip: sama5d29_curiosity: Add no-1-8-v property to sdmmc0 node
Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org>
arm64: dts: qcom: sm8650: Fix CDSP context banks unit addresses
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: x1e80100: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: sm8650: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: sm8550: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: sm8450: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: sm8350: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: sm8250: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: sm6375: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: sm6125: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: sm4450: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: sdx75: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: sc7280: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: qrb4210-rb2: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: q[dr]u1000: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: qcs404: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: msm8994: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: msm8939: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: msm8916: correct sleep clock frequency
Luca Weiss <luca.weiss(a)fairphone.com>
arm64: dts: qcom: sm7225-fairphone-fp4: Drop extra qcom,msm-id value
Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com>
arm64: dts: qcom: msm8994: Describe USB interrupts
Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com>
arm64: dts: qcom: msm8996: Fix up USB3 interrupts
Ross Burton <ross.burton(a)arm.com>
arm64: defconfig: remove obsolete CONFIG_SM_DISPCC_8650
Taniya Das <quic_tdas(a)quicinc.com>
arm64: dts: qcom: sa8775p: Update sleep_clk frequency
Marek Vasut <marex(a)denx.de>
arm64: dts: qcom: msm8996-xiaomi-gemini: Fix LP5562 LED1 reg property
Chen-Yu Tsai <wenst(a)chromium.org>
arm64: dts: mediatek: mt8183-kukui-jacuzzi: Drop pp3300_panel voltage settings
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
memory: tegra20-emc: fix an OF node reference bug in tegra_emc_find_node_by_ram_code()
Marek Vasut <marex(a)denx.de>
ARM: dts: stm32: Swap USART3 and UART8 alias on STM32MP15xx DHCOM SoM
Marek Vasut <marex(a)denx.de>
ARM: dts: stm32: Deduplicate serial aliases and chosen node for STM32MP15xx DHCOM SoM
Nícolas F. R. A. Prado <nfraprado(a)collabora.com>
arm64: dts: mediatek: mt8195: Remove suspend-breaking reset from pcie1
Ma Ke <make_ruc2021(a)163.com>
RDMA/srp: Fix error handling in srp_add_port
Hsin-Te Yuan <yuanhsinte(a)chromium.org>
arm64: dts: mediatek: mt8183: willow: Support second source touchscreen
Hsin-Te Yuan <yuanhsinte(a)chromium.org>
arm64: dts: mediatek: mt8183: kenzo: Support second source touchscreen
zhenwei pi <pizhenwei(a)bytedance.com>
RDMA/rxe: Fix mismatched max_msg_sz
Mamta Shukla <mamta.shukla(a)leica-geosystems.com>
arm: dts: socfpga: use reset-name "stmmaceth-ocp" instead of "ahb"
Ricky CX Wu <ricky.cx.wu.wiwynn(a)gmail.com>
ARM: dts: aspeed: yosemite4: correct the compatible string for max31790
Ricky CX Wu <ricky.cx.wu.wiwynn(a)gmail.com>
ARM: dts: aspeed: yosemite4: Add required properties for IOE on fan boards
Ricky CX Wu <ricky.cx.wu.wiwynn(a)gmail.com>
ARM: dts: aspeed: yosemite4: correct the compatible string of adm1272
Chen-Yu Tsai <wenst(a)chromium.org>
arm64: dts: mediatek: mt8173-evb: Fix MT6397 PMIC sub-node names
Chen-Yu Tsai <wenst(a)chromium.org>
arm64: dts: mediatek: mt8173-elm: Fix MT6397 PMIC sub-node names
Chen-Yu Tsai <wenst(a)chromium.org>
arm64: dts: mediatek: mt8395-genio-1200-evk: Drop regulator-compatible property
Chen-Yu Tsai <wenst(a)chromium.org>
arm64: dts: medaitek: mt8395-nio-12l: Drop regulator-compatible property
Chen-Yu Tsai <wenst(a)chromium.org>
arm64: dts: mediatek: mt8195-demo: Drop regulator-compatible property
Chen-Yu Tsai <wenst(a)chromium.org>
arm64: dts: mediatek: mt8195-cherry: Drop regulator-compatible property
Chen-Yu Tsai <wenst(a)chromium.org>
arm64: dts: mediatek: mt8192-asurada: Drop regulator-compatible property
Chen-Yu Tsai <wenst(a)chromium.org>
arm64: dts: mediatek: mt8173-elm: Drop regulator-compatible property
Chen-Yu Tsai <wenst(a)chromium.org>
arm64: dts: mediatek: mt8173-evb: Drop regulator-compatible property
Dan Carpenter <dan.carpenter(a)linaro.org>
rdma/cxgb4: Prevent potential integer overflow on 32bit
Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com>
arm64: dts: renesas: rzg3s-smarc: Fix the debug serial alias
Leon Romanovsky <leon(a)kernel.org>
RDMA/mlx4: Avoid false error about access to uninitialized gids array
Arnaud Pouliquen <arnaud.pouliquen(a)foss.st.com>
ARM: dts: stm32: Fix IPCC EXTI declaration on stm32mp151
Marek Vasut <marex(a)denx.de>
ARM: dts: stm32: Increase CPU core voltage on STM32MP13xx DHCOR SoM
Val Packett <val(a)packett.cool>
arm64: dts: mediatek: mt8516: reserve 192 KiB for TF-A
Val Packett <val(a)packett.cool>
arm64: dts: mediatek: mt8516: add i2c clock-div property
Val Packett <val(a)packett.cool>
arm64: dts: mediatek: mt8516: fix wdt irq type
Val Packett <val(a)packett.cool>
arm64: dts: mediatek: mt8516: fix GICv2 range
Hsin-Yi Wang <hsinyi(a)chromium.org>
arm64: dts: mt8183: set DMIC one-wire mode on Damu
Nícolas F. R. A. Prado <nfraprado(a)collabora.com>
arm64: dts: mediatek: mt8186: Move wakeup to MTU3 to get working suspend
Alexander Stein <alexander.stein(a)ew.tq-group.com>
ARM: dts: imx7-tqma7: add missing vs-supply for LM75A (rev. 01xxx)
Nicolas Ferre <nicolas.ferre(a)microchip.com>
ARM: at91: pm: change BU Power Switch to automatic mode
Javier Carrasco <javier.carrasco.cruz(a)gmail.com>
soc: atmel: fix device_node release in atmel_soc_device_init()
Hou Tao <houtao1(a)huawei.com>
bpf: Cancel the running bpf_timer through kworker for PREEMPT_RT
Pali Rohár <pali(a)kernel.org>
cifs: Use cifs_autodisable_serverino() for disabling CIFS_MOUNT_SERVER_INUM in readdir.c
Paulo Alcantara <pc(a)manguebit.com>
smb: client: fix oops due to unset link speed
Herbert Xu <herbert(a)gondor.apana.org.au>
rhashtable: Fix rhashtable_try_insert test
Chen Ridong <chenridong(a)huawei.com>
padata: avoid UAF for reorder_work
Chen Ridong <chenridong(a)huawei.com>
padata: add pd get/put refcnt helper
Chen Ridong <chenridong(a)huawei.com>
padata: fix UAF in padata_reorder
Chun-Tse Shao <ctshao(a)google.com>
perf lock: Fix parse_lock_type which only retrieve one lock flag
Vishal Chourasia <vishalc(a)linux.ibm.com>
tools: Sync if_xdp.h uapi tooling header
Kailang Yang <kailang(a)realtek.com>
ALSA: hda/realtek - Fixed headphone distorted sound on Acer Aspire A115-31 laptop
Alejandro Jimenez <alejandro.j.jimenez(a)oracle.com>
iommu/amd: Remove unused amd_iommu_domain_update()
Daniel Xu <dxu(a)dxuuu.xyz>
bpf: tcp: Mark bpf_load_hdr_opt() arg2 as read-write
Pu Lehui <pulehui(a)huawei.com>
libbpf: Fix incorrect traversal end type ID when marking BTF_IS_EMBEDDED
Pu Lehui <pulehui(a)huawei.com>
libbpf: Fix return zero when elf_begin failed
Pu Lehui <pulehui(a)huawei.com>
selftests/bpf: Fix btf leak on new btf alloc failure in btf_distill test
Puranjay Mohan <puranjay(a)kernel.org>
bpf: Send signals asynchronously if !preemptible
Simon Trimmer <simont(a)opensource.cirrus.com>
ASoC: Intel: sof_sdw: Fix DMI match for Lenovo 83JX, 83MC and 83NM
Simon Trimmer <simont(a)opensource.cirrus.com>
ASoC: Intel: sof_sdw: Fix DMI match for Lenovo 83LC
Ian Rogers <irogers(a)google.com>
perf inject: Fix use without initialization of local variables
Maciej S. Szmigiero <mail(a)maciej.szmigiero.name>
pinctrl: amd: Take suspend type into consideration which pins are non-wake
Mingwei Zheng <zmw12306(a)gmail.com>
pinctrl: stm32: Add check for clk_enable()
Jiachen Zhang <me(a)jcix.top>
perf report: Fix misleading help message about --demangle
Cezary Rojewski <cezary.rojewski(a)intel.com>
ALSA: hda: Fix compilation of snd_hdac_adsp_xxx() helpers
Arnaldo Carvalho de Melo <acme(a)kernel.org>
perf MANIFEST: Add arch/*/include/uapi/asm/bpf_perf_event.h to the perf tarball
Amadeusz Sławiński <amadeuszx.slawinski(a)linux.intel.com>
ASoC: Intel: avs: Fix init-config parsing
Cezary Rojewski <cezary.rojewski(a)intel.com>
ASoC: Intel: avs: Fix theoretical infinite loop
Cezary Rojewski <cezary.rojewski(a)intel.com>
ASoC: Intel: avs: Fix the minimum firmware version numbers
Cezary Rojewski <cezary.rojewski(a)intel.com>
ASoC: Intel: avs: Do not readq() u32 registers
Arnaldo Carvalho de Melo <acme(a)redhat.com>
perf namespaces: Fixup the nsinfo__in_pidns() return type, its bool
Arnaldo Carvalho de Melo <acme(a)redhat.com>
perf namespaces: Introduce nsinfo__set_in_pidns()
Christophe Leroy <christophe.leroy(a)csgroup.eu>
perf machine: Don't ignore _etext when not a text symbol
Christophe Leroy <christophe.leroy(a)csgroup.eu>
perf maps: Fix display of kernel symbols
Arnaldo Carvalho de Melo <acme(a)redhat.com>
perf top: Don't complain about lack of vmlinux when not resolving some kernel samples
Jiayuan Chen <mrpre(a)163.com>
selftests/bpf: Avoid generating untracked files when running bpf selftests
Thomas Weißschuh <linux(a)weissschuh.net>
padata: fix sysfs store callback check
Martin KaFai Lau <martin.lau(a)kernel.org>
bpf: Reject struct_ops registration that uses module ptr and the module btf_id is missing
Takashi Iwai <tiwai(a)suse.de>
ALSA: seq: Make dependency on UMP clearer
Pei Xiao <xiaopei01(a)kylinos.cn>
bpf: Use refcount_t instead of atomic_t for mmap_count
Kanchana P Sridhar <kanchana.p.sridhar(a)intel.com>
crypto: iaa - Fix IAA disabling that occurs when sync_mode is set to 'async'
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
crypto: ixp4xx - fix OF node reference leaks in init_ixp_crypto()
Wenkai Lin <linwenkai6(a)hisilicon.com>
crypto: hisilicon/sec2 - fix for aead invalid authsize
Wenkai Lin <linwenkai6(a)hisilicon.com>
crypto: hisilicon/sec2 - fix for aead icv error
Breno Leitao <leitao(a)debian.org>
rhashtable: Fix potential deadlock by moving schedule_work outside lock
Martin KaFai Lau <martin.lau(a)kernel.org>
bpf: bpf_local_storage: Always use bpf_mem_alloc in PREEMPT_RT
Ba Jing <bajing(a)cmss.chinamobile.com>
ktest.pl: Remove unused declarations in run_bisect_test function
Mingwei Zheng <zmw12306(a)gmail.com>
pinctrl: nomadik: Add check for clk_enable()
Levi Yun <yeoreum.yun(a)arm.com>
perf expr: Initialize is_test value in expr__ctx_new()
Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com>
ASoC: renesas: rz-ssi: Use only the proper amount of dividers
Zhongqiu Han <quic_zhonhan(a)quicinc.com>
perf bpf: Fix two memory leakages when calling perf_env__insert_bpf_prog_info()
Zhongqiu Han <quic_zhonhan(a)quicinc.com>
perf header: Fix one memory leakage in process_bpf_prog_info()
Zhongqiu Han <quic_zhonhan(a)quicinc.com>
perf header: Fix one memory leakage in process_bpf_btf()
Gaurav Jain <gaurav.jain(a)nxp.com>
crypto: caam - use JobR's space to access page 0 regs
Herbert Xu <herbert(a)gondor.apana.org.au>
crypto: api - Fix boot-up self-test race
Chen Ridong <chenridong(a)huawei.com>
crypto: tegra - do not transfer req when tegra init fails
Jason Gunthorpe <jgg(a)ziepe.ca>
iommu/arm-smmuv3: Update comments about ATS and bypass
Saket Kumar Bhaskar <skb99(a)linux.ibm.com>
selftests/bpf: Fix fill_link_info selftest on powerpc
George Lander <lander(a)jagmn.com>
ASoC: sun4i-spdif: Add clock multiplier settings
Bard Liao <yung-chuan.liao(a)linux.intel.com>
ASoC: Intel: sof_sdw: correct mach_params->dmic_num
Quentin Monnet <qmo(a)kernel.org>
libbpf: Fix segfault due to libelf functions not setting errno
Marco Leogrande <leogrande(a)google.com>
tools/testing/selftests/bpf/test_tc_tunnel.sh: Fix wait for server bind
Takashi Iwai <tiwai(a)suse.de>
ASoC: wcd937x: Use *-y for Makefile
Takashi Iwai <tiwai(a)suse.de>
ASoC: mediatek: mt8365: Use *-y for Makefile
Takashi Iwai <tiwai(a)suse.de>
ASoC: cs40l50: Use *-y for Makefile
Andrii Nakryiko <andrii(a)kernel.org>
libbpf: don't adjust USDT semaphore address if .stapsdt.base addr is missing
Christophe JAILLET <christophe.jaillet(a)wanadoo.fr>
pinctrl: samsung: Fix irq handling if an error occurs in exynos_irq_demux_eint16_31()
Pei Xiao <xiaopei01(a)kylinos.cn>
platform/x86: x86-android-tablets: make platform data be static
Pei Xiao <xiaopei01(a)kylinos.cn>
platform/mellanox: mlxbf-pmc: incorrect type in assignment
Nikita Zhandarovich <n.zhandarovich(a)fintech.ru>
net/rose: prevent integer overflows in rose_setsockopt()
Mahdi Arghavani <ma.arghavani(a)yahoo.com>
tcp_cubic: fix incorrect HyStart round start detection
Roger Quadros <rogerq(a)kernel.org>
net: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns()
Xin Long <lucien.xin(a)gmail.com>
net: sched: refine software bypass handling in tc_run
Florian Westphal <fw(a)strlen.de>
netfilter: nft_flow_offload: update tcp state flags under lock
Pablo Neira Ayuso <pablo(a)netfilter.org>
netfilter: nf_tables: fix set size with rbtree backend
Jamal Hadi Salim <jhs(a)mojatatu.com>
net: sched: Disallow replacing of child qdisc from one parent to another
Antoine Tenart <atenart(a)kernel.org>
net: avoid race between device unregistration and ethnl ops
Shinas Rasheed <srasheed(a)marvell.com>
octeon_ep_vf: remove firmware stats fetch in ndo_get_stats64
Shinas Rasheed <srasheed(a)marvell.com>
octeon_ep: remove firmware stats fetch in ndo_get_stats64
Maher Sanalla <msanalla(a)nvidia.com>
net/mlxfw: Drop hard coded max FW flash image size
Liu Jian <liujian56(a)huawei.com>
net: let net.core.dev_weight always be non-zero
Mickaël Salaün <mic(a)digikod.net>
selftests/landlock: Fix error message
Mickaël Salaün <mic(a)digikod.net>
selftests/landlock: Fix build with non-default pthread linking
Mingwei Zheng <zmw12306(a)gmail.com>
pwm: stm32: Add check for clk_enable()
Kuniyuki Iwashima <kuniyu(a)amazon.com>
dev: Acquire netdev_rename_lock before restoring dev->name in dev_change_name().
Bo Gan <ganboing(a)gmail.com>
clk: analogbits: Fix incorrect calculation of vco rate delta
Eric Dumazet <edumazet(a)google.com>
inet: ipmr: fix data-races
Max Chou <max.chou(a)realtek.com>
Bluetooth: btrtl: check for NULL in btrtl_setup_realtek()
Charles Han <hanchunchao(a)inspur.com>
Bluetooth: btbcm: Fix NULL deref in btbcm_get_board_name()
Dmitry Antipov <dmantipov(a)yandex.ru>
wifi: cfg80211: adjust allocation of colocated AP data
Dmitry V. Levin <ldv(a)strace.io>
selftests: harness: fix printing of mismatch values in __EXPECT()
Geert Uytterhoeven <geert+renesas(a)glider.be>
selftests: timers: clocksource-switch: Adapt progress to kselftest framework
Gautham R. Shenoy <gautham.shenoy(a)amd.com>
cpufreq: ACPI: Fix max-frequency computation
Uwe Kleine-König <u.kleine-koenig(a)baylibre.com>
i2c: designware: Actually make use of the I2C_DW_COMMON and I2C_DW symbol namespaces
Peter Chiu <chui-hao.chiu(a)mediatek.com>
wifi: mt76: mt7996: fix ldpc setting
Benjamin Lin <benjamin-jw.lin(a)mediatek.com>
wifi: mt76: mt7996: fix definition of tx descriptor
Benjamin Lin <benjamin-jw.lin(a)mediatek.com>
wifi: mt76: mt7996: fix incorrect indexing of MIB FW event
Howard Hsu <howard-yh.hsu(a)mediatek.com>
wifi: mt76: mt7996: fix HE Phy capability
Howard Hsu <howard-yh.hsu(a)mediatek.com>
wifi: mt76: mt7996: fix the capability of reception of EHT MU PPDU
Peter Chiu <chui-hao.chiu(a)mediatek.com>
wifi: mt76: mt7996: add max mpdu len capability
Peter Chiu <chui-hao.chiu(a)mediatek.com>
wifi: mt76: mt7996: fix register mapping
Peter Chiu <chui-hao.chiu(a)mediatek.com>
wifi: mt76: mt7915: fix register mapping
Felix Fietkau <nbd(a)nbd.name>
wifi: mt76: mt7915: fix omac index assignment after hardware reset
Felix Fietkau <nbd(a)nbd.name>
wifi: mt76: mt7915: firmware restart on devices with a second pcie link
Felix Fietkau <nbd(a)nbd.name>
wifi: mt76: only enable tx worker after setting the channel
Felix Fietkau <nbd(a)nbd.name>
wifi: mt76: mt7996: fix rx filter setting for bfee functionality
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: Properly handle responses for commands with events
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: Cleanup MLO settings post-disconnection
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: Update mt7925_mcu_uni_[tx,rx]_ba for MLO
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: Init secondary link PM state
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: Update secondary link PS flow
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: Update mt7925_unassign_vif_chanctx for per-link BSS
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: Update mt792x_rx_get_wcid for per-link STA
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: Update mt7925_mcu_sta_update for BC in ASSOC state
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: Enhance mt7925_mac_link_sta_add to support MLO
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: Enhance mt7925_mac_link_bss_add to support MLO
Leon Yen <leon.yen(a)mediatek.com>
wifi: mt76: mt7925: Fix CNM Timeout with Single Active Link in MLO
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: fix wrong parameter for related cmd of chan info
allan.wang <allan.wang(a)mediatek.com>
wifi: mt76: mt7925: Fix incorrect WCID phy_idx assignment
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: Fix incorrect WCID assignment for MLO
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: Fix incorrect MLD address in bss_mld_tlv for MLO support
Sean Wang <sean.wang(a)mediatek.com>
wifi: mt76: connac: Extend mt76_connac_mcu_uni_add_dev for MLO
xueqin Luo <luoxueqin(a)kylinos.cn>
wifi: mt76: mt7915: fix overflows seen when writing limit attributes
xueqin Luo <luoxueqin(a)kylinos.cn>
wifi: mt76: mt7996: fix overflows seen when writing limit attributes
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: fix the invalid ip address for arp offload
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: fix get wrong chip cap from incorrect pointer
Eric-SY Chang <eric-sy.chang(a)mediatek.com>
wifi: mt76: mt7925: fix wrong band_idx setting when enable sniffer mode
Charles Han <hanchunchao(a)inspur.com>
wifi: mt76: mt7925: fix NULL deref check in mt7925_change_vif_links
Christophe JAILLET <christophe.jaillet(a)wanadoo.fr>
wifi: mt76: mt7915: Fix an error handling path in mt7915_add_interface()
Michael Lo <michael.lo(a)mediatek.com>
wifi: mt76: mt7921: fix using incorrect group cipher after disconnection.
WangYuli <wangyuli(a)uniontech.com>
wifi: mt76: mt76u_vendor_request: Do not print error messages when -EPROTO
Mickaël Salaün <mic(a)digikod.net>
landlock: Handle weird files
Guangguan Wang <guangguan.wang(a)linux.alibaba.com>
net/smc: fix data error when recvmsg with MSG_PEEK flag
Drew Fustini <dfustini(a)tenstorrent.com>
clk: thead: Fix cpu2vp_clk for TH1520 AP_SUBSYS clocks
Drew Fustini <dfustini(a)tenstorrent.com>
clk: thead: Add CLK_IGNORE_UNUSED to fix TH1520 boot
Drew Fustini <dfustini(a)tenstorrent.com>
clk: thead: Fix clk gate registration to pass flags
Sergio Paracuellos <sergio.paracuellos(a)gmail.com>
clk: ralink: mtmips: remove duplicated 'xtal' clock for Ralink SoC RT3883
Johannes Berg <johannes.berg(a)intel.com>
wifi: mac80211: don't flush non-uploaded STAs
Ilan Peer <ilan.peer(a)intel.com>
wifi: mac80211: Fix common size calculation for ML element
Andy Strohman <andrew(a)andrewstrohman.com>
wifi: mac80211: fix tid removal during mesh forwarding
Kees Cook <kees(a)kernel.org>
wifi: cfg80211: Move cfg80211_scan_req_add_chan() n_channels increment earlier
Johannes Berg <johannes.berg(a)intel.com>
wifi: mac80211: prohibit deactivating all links
Daniel Gabay <daniel.gabay(a)intel.com>
wifi: iwlwifi: mvm: don't count mgmt frames as MPDU
Miri Korenblit <miriam.rachel.korenblit(a)intel.com>
wifi: iwlwifi: mvm: avoid NULL pointer dereference
Johannes Berg <johannes.berg(a)intel.com>
wifi: iwlwifi: fw: read STEP table from correct UEFI var
Nicolas Cavallari <nicolas.cavallari(a)green-communications.fr>
wifi: mt76: mt7915: Fix mesh scan on MT7916 DBDC
Dan Carpenter <dan.carpenter(a)linaro.org>
wifi: mt76: mt7925: fix off by one in mt7925_load_clc()
Joel Stanley <joel(a)jms.id.au>
hwmon: Fix help text for aspeed-g6-pwm-tach
Ping-Ke Shih <pkshih(a)realtek.com>
wifi: rtw89: fix race between cancel_hw_scan and hw_scan completion
Zong-Zhe Yang <kevin_yang(a)realtek.com>
wifi: rtw89: mcc: consider time limits not divisible by 1024
Chih-Kang Chang <gary.chang(a)realtek.com>
wifi: rtw89: avoid to init mgnt_entry list twice when WoWLAN failed
Zong-Zhe Yang <kevin_yang(a)realtek.com>
wifi: rtw89: chan: fix soft lockup in rtw89_entity_recalc_mgnt_roles()
Zong-Zhe Yang <kevin_yang(a)realtek.com>
wifi: rtw89: fix proceeding MCC with wrong scanning state after sequence changes
Zong-Zhe Yang <kevin_yang(a)realtek.com>
wifi: rtw89: tweak setting of channel and TX power for MLO
Zong-Zhe Yang <kevin_yang(a)realtek.com>
wifi: rtw89: chan: manage active interfaces
Zong-Zhe Yang <kevin_yang(a)realtek.com>
wifi: rtw89: handle entity active flag per PHY
Andreas Kemnade <andreas(a)kemnade.info>
wifi: wlcore: fix unbalanced pm_runtime calls
Shayne Chen <shayne.chen(a)mediatek.com>
wifi: mt76: mt7996: fix invalid interface combinations
Zichen Xie <zichenxie0106(a)gmail.com>
samples/landlock: Fix possible NULL dereference in parse_path()
Rob Herring (Arm) <robh(a)kernel.org>
mfd: syscon: Fix race in device_node_get_regmap()
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
leds: cht-wcove: Use devm_led_classdev_register() to avoid memory leak
Terry Tritton <terry.tritton(a)linaro.org>
HID: fix generic desktop D-Pad controls
Karol Przybylski <karprzy7(a)gmail.com>
HID: hid-thrustmaster: Fix warning in thrustmaster_probe by adding endpoint check
Amit Pundir <amit.pundir(a)linaro.org>
clk: qcom: gcc-sdm845: Do not use shared clk_ops for QUPs
Sathishkumar Muruganandam <quic_murugana(a)quicinc.com>
wifi: ath12k: fix tx power, max reg power update to firmware
Quan Nguyen <quan(a)os.amperecomputing.com>
ipmi: ssif_bmc: Fix new request loss when bmc ready for a response
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
OPP: OF: Fix an OF node leak in _opp_add_static_v2()
Yevgeny Kliteynik <kliteyn(a)nvidia.com>
net/mlx5: HWS, fix definer's HWS_SET32 macro for negative offset
Eric Dumazet <edumazet(a)google.com>
ax25: rcu protect dev->ax25_ptr
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
regulator: of: Implement the unwind path of of_regulator_match()
Vasily Khoruzhick <anarsoul(a)gmail.com>
clk: sunxi-ng: a64: stop force-selecting PLL-MIPI as TCON0 parent
Vasily Khoruzhick <anarsoul(a)gmail.com>
clk: sunxi-ng: a64: drop redundant CLK_PLL_VIDEO0_2X and CLK_PLL_MIPI
Vasily Khoruzhick <anarsoul(a)gmail.com>
dt-bindings: clock: sunxi: Export PLL_VIDEO_2X and PLL_MIPI
Octavian Purdila <tavip(a)google.com>
team: prevent adding a device which is already a team device lower
Bryan O'Donoghue <bryan.odonoghue(a)linaro.org>
clk: qcom: camcc-x1e80100: Set titan_top_gdsc as the parent GDSC of subordinate GDSCs
Peng Fan <peng.fan(a)nxp.com>
clk: imx: Apply some clks only for i.MX93
Shengjiu Wang <shengjiu.wang(a)nxp.com>
arm64: dts: imx93: Use IMX93_CLK_SPDIF_IPG as SPDIF IPG clock
Shengjiu Wang <shengjiu.wang(a)nxp.com>
clk: imx93: Add IMX93_CLK_SPDIF_IPG clock
Pengfei Li <pengfei.li_1(a)nxp.com>
clk: imx: add i.MX91 clk
Pengfei Li <pengfei.li_1(a)nxp.com>
clk: imx93: Move IMX93_CLK_END macro to clk driver
Shengjiu Wang <shengjiu.wang(a)nxp.com>
dt-bindings: clock: imx93: Add SPDIF IPG clk
Pengfei Li <pengfei.li_1(a)nxp.com>
dt-bindings: clock: Add i.MX91 clock support
Pengfei Li <pengfei.li_1(a)nxp.com>
dt-bindings: clock: imx93: Drop IMX93_CLK_END macro definition
Marek Vasut <marex(a)denx.de>
clk: imx8mp: Fix clkout1/2 support
Stefano Brivio <sbrivio(a)redhat.com>
udp: Deal with race between UDP socket address change and rehash
Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org>
cpufreq: qcom: Implement clk_ops::determine_rate() for qcom_cpufreq* clocks
Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org>
cpufreq: qcom: Fix qcom_cpufreq_hw_recalc_rate() to query LUT if LMh IRQ is not available
Luca Ceresoli <luca.ceresoli(a)bootlin.com>
gpio: pca953x: log an error when failing to get the reset GPIO
Lorenzo Bianconi <lorenzo(a)kernel.org>
net: airoha: Fix error path in airoha_probe()
Eric Dumazet <edumazet(a)google.com>
ptr_ring: do not block hard interrupts in ptr_ring_resize_multiple()
Mickaël Salaün <mic(a)digikod.net>
selftests: ktap_helpers: Fix uninitialized variable
Sultan Alsawaf (unemployed) <sultan(a)kerneltoast.com>
cpufreq: schedutil: Fix superfluous updates caused by need_freq_update
Mingwei Zheng <zmw12306(a)gmail.com>
pwm: stm32-lp: Add check for clk_enable()
Eric Dumazet <edumazet(a)google.com>
inetpeer: do not get a refcount in inet_getpeer()
Eric Dumazet <edumazet(a)google.com>
inetpeer: update inetpeer timestamp in inet_getpeer()
Eric Dumazet <edumazet(a)google.com>
inetpeer: remove create argument of inet_getpeer()
Eric Dumazet <edumazet(a)google.com>
inetpeer: remove create argument of inet_getpeer_v[46]()
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
leds: netxbig: Fix an OF node reference leak in netxbig_leds_get_of_pdata()
Matti Vaittinen <mazziesaccount(a)gmail.com>
dt-bindings: mfd: bd71815: Fix rsense and typos
He Rongguang <herongguang(a)linux.alibaba.com>
cpupower: fix TSC MHz calculation
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
ACPI: fan: cleanup resources in the error path of .probe()
Uwe Kleine-König <u.kleine-koenig(a)baylibre.com>
hwmon: (nct6775): Actually make use of the HWMON_NCT6775 symbol namespace
Masahiro Yamada <masahiroy(a)kernel.org>
module: Convert default symbol namespace to string literal
Marcel Hamer <marcel.hamer(a)windriver.com>
wifi: brcmfmac: add missing header include for brcmf_dbg
Chen-Yu Tsai <wenst(a)chromium.org>
regulator: dt-bindings: mt6315: Drop regulator-compatible property
Jiri Kosina <jikos(a)kernel.org>
HID: multitouch: fix support for Goodix PID 0x01e9
Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>
wifi: rtlwifi: pci: wait for firmware loading before releasing memory
Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>
wifi: rtlwifi: fix memory leaks and invalid access at probe error path
Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>
wifi: rtlwifi: destroy workqueue at rtl_deinit_core
Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>
wifi: rtlwifi: remove unused check_buddy_priv
Geert Uytterhoeven <geert+renesas(a)glider.be>
dt-bindings: leds: class-multicolor: Fix path to color definitions
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
clk: fix an OF node reference leak in of_clk_get_parent_name()
Neil Armstrong <neil.armstrong(a)linaro.org>
dt-bindings: mmc: controller: clarify the address-cells description
David Howells <dhowells(a)redhat.com>
rxrpc: Fix handling of received connection abort
Mingwei Zheng <zmw12306(a)gmail.com>
spi: zynq-qspi: Add check for clk_enable()
Octavian Purdila <tavip(a)google.com>
net_sched: sch_sfq: don't allow 1 packet limit
Eric Dumazet <edumazet(a)google.com>
net_sched: sch_sfq: handle bigger packets
Song Yoong Siang <yoong.siang.song(a)intel.com>
selftests/bpf: Actuate tx_metadata_len in xdp_hw_metadata
Zichen Xie <zichenxie0106(a)gmail.com>
wifi: cfg80211: tests: Fix potential NULL dereference in test_cfg80211_parse_colocated_ap()
Javier Carrasco <javier.carrasco.cruz(a)gmail.com>
clk: renesas: cpg-mssr: Fix 'soc' node handling in cpg_mssr_reserved_init()
Barnabás Czémán <barnabas.czeman(a)mainlining.org>
wifi: wcn36xx: fix channel survey memory allocation size
Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>
wifi: rtlwifi: usb: fix workqueue leak when probe fails
Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>
wifi: rtlwifi: fix init_sw_vars leak when probe fails
Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>
wifi: rtlwifi: wait for firmware loading before releasing memory
Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>
wifi: rtlwifi: rtl8192se: rise completion of firmware loading as last step
Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>
wifi: rtlwifi: do not complete firmware loading needlessly
Colin Ian King <colin.i.king(a)gmail.com>
wifi: rtlwifi: rtl8821ae: phy: restore removed code to fix infinite loop
Balaji Pothunoori <quic_bpothuno(a)quicinc.com>
wifi: ath11k: Fix unexpected return buffer manager error for WCN6750/WCN6855
Charles Han <hanchunchao(a)inspur.com>
ipmi: ipmb: Add check devm_kasprintf() returned value
Thomas Gleixner <tglx(a)linutronix.de>
genirq: Make handle_enforce_irqctx() unconditionally available
Jonathan Kim <jonathan.kim(a)amd.com>
drm/amdgpu: fix gpu recovery disable with per queue reset
Alex Deucher <alexander.deucher(a)amd.com>
Revert "drm/amdgpu/gfx9: put queue resets behind a debug option"
Jiang Liu <gerry(a)linux.alibaba.com>
drm/amdgpu: tear down ttm range manager for doorbell in amdgpu_ttm_fini()
Hermes Wu <hermes.wu(a)ite.com.tw>
drm/bridge: it6505: Change definition of AUX_FIFO_MAX_SIZE
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
drm/msm/mdp4: correct LCDC regulator name
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
drm/msm: don't clean up priv->kms prematurely
Sui Jingfeng <sui.jingfeng(a)linux.dev>
drm/msm: Check return value of of_dma_configure()
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
drm/msm/dpu: link DSPP_2/_3 blocks on X1E80100
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
drm/msm/dpu: link DSPP_2/_3 blocks on SM8650
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
drm/msm/dpu: link DSPP_2/_3 blocks on SM8550
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
drm/msm/dpu: link DSPP_2/_3 blocks on SM8350
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
drm/msm/dpu: link DSPP_2/_3 blocks on SM8250
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
drm/msm/dpu: link DSPP_2/_3 blocks on SC8180X
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
drm/msm/dpu: link DSPP_2/_3 blocks on SM8150
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
drm/msm/dpu: provide DSPP and correct LM config for SDM670
Neil Armstrong <neil.armstrong(a)linaro.org>
OPP: fix dev_pm_opp_find_bw_*() when bandwidth table not initialized
Neil Armstrong <neil.armstrong(a)linaro.org>
OPP: add index check to assert to avoid buffer overflow in _read_freq()
Bokun Zhang <bokun.zhang(a)amd.com>
drm/amdgpu/vcn: reset fw_shared under SRIOV
Min-Hua Chen <minhuadotchen(a)gmail.com>
drm/rockchip: vop2: include rockchip_drm_drv.h
Andy Yan <andy.yan(a)rock-chips.com>
drm/rockchip: vop2: Add check for 32 bpp format for rk3588
Andy Yan <andy.yan(a)rock-chips.com>
drm/rockchip: vop2: Check linear format for Cluster windows on rk3566/8
Andy Yan <andy.yan(a)rock-chips.com>
drm/rockchip: vop2: Setup delay cycle for Esmart2/3
Andy Yan <andy.yan(a)rock-chips.com>
drm/rockchip: vop2: Set AXI id for rk3588
Derek Foreman <derek.foreman(a)collabora.com>
drm/connector: Allow clearing HDMI infoframes
John Ogness <john.ogness(a)linutronix.de>
printk: Defer legacy printing when holding printk_cpu_sync
Andy Yan <andy.yan(a)rock-chips.com>
drm/rockchip: vop2: Fix the windows switch between different layers
Boris Brezillon <boris.brezillon(a)collabora.com>
drm/panthor: Preserve the result returned by panthor_fw_resume()
Andy Yan <andy.yan(a)rock-chips.com>
drm/rockchip: vop2: Fix the mixer alpha setup for layer 0
Andy Yan <andy.yan(a)rock-chips.com>
drm/rockchip: vop2: Fix cluster windows alpha ctrl regsiters offset
Ivan Stepchenko <sid(a)itb.spb.ru>
drm/amdgpu: Fix potential NULL pointer dereference in atomctrl_get_smc_sclk_range_table
Christophe JAILLET <christophe.jaillet(a)wanadoo.fr>
drm/amd/pm: Fix an error handling path in vega10_enable_se_edc_force_stall_config()
Alan Stern <stern(a)rowland.harvard.edu>
HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections
Sui Jingfeng <sui.jingfeng(a)linux.dev>
drm/etnaviv: Fix page property being used for non writecombine buffers
Rex Nie <rex.nie(a)jaguarmicro.com>
drm/msm/hdmi: simplify code in pll_get_integloop_gain
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
drm/msm/dp: set safe_to_exit_level before printing it
Heiko Stuebner <heiko.stuebner(a)cherry.de>
drm/rockchip: vop2: fix rk3588 dp+dsi maxclk verification
Maíra Canal <mcanal(a)igalia.com>
drm/v3d: Fix performance counter source settings on V3D 7.x
Chengming Zhou <chengming.zhou(a)linux.dev>
psi: Fix race when task wakes up before psi_sched_switch() adjusts flags
Johannes Weiner <hannes(a)cmpxchg.org>
sched: psi: pass enqueue/dequeue flags to psi callbacks directly
John Stultz <jstultz(a)google.com>
sched: Split out __schedule() deactivate task logic into a helper
K Prateek Nayak <kprateek.nayak(a)amd.com>
x86/topology: Use x86_sched_itmt_flags for PKG domain unconditionally
Perry Yuan <perry.yuan(a)amd.com>
x86/cpu: Enable SD_ASYM_PACKING for PKG domain on AMD
Tianchen Ding <dtcccc(a)linux.alibaba.com>
sched: Fix race between yield_to() and try_to_wake_up()
Peter Zijlstra <peterz(a)infradead.org>
sched/fair: Fix value reported by hot tasks pulled in /proc/schedstat
Peter Zijlstra <peterz(a)infradead.org>
sched/fair: Untangle NEXT_BUDDY and pick_next_task()
Yabin Cui <yabinc(a)google.com>
perf/core: Save raw sample data conditionally based on sample type
David Howells <dhowells(a)redhat.com>
afs: Fix the fallback handling for the YFS.RemoveFile2 RPC call
Jens Axboe <axboe(a)kernel.dk>
nvme: fix bogus kzalloc() return check in nvme_init_effects_log()
Christophe Leroy <christophe.leroy(a)csgroup.eu>
select: Fix unbalanced user_access_end()
Qu Wenruo <wqu(a)suse.com>
btrfs: subpage: fix the bitmap dump of the locked flags
Randy Dunlap <rdunlap(a)infradead.org>
partitions: ldm: remove the initial kernel-doc notation
Qu Wenruo <wqu(a)suse.com>
btrfs: improve the warning and error message for btrfs_remove_qgroup()
Keisuke Nishimura <keisuke.nishimura(a)inria.fr>
nvme: Add error path for xa_store in nvme_init_effects
Michael Ellerman <mpe(a)ellerman.id.au>
selftests/powerpc: Fix argument order to timer_sub()
Gaurav Batra <gbatra(a)linux.ibm.com>
powerpc/pseries/iommu: IOMMU incorrectly marks MMIO range in DDW
Keisuke Nishimura <keisuke.nishimura(a)inria.fr>
nvme: Add error check for xa_store in nvme_get_effects_log
Sagi Grimberg <sagi(a)grimberg.me>
nvme-tcp: Fix I/O queue cpu spreading for multiple controllers
Christoph Hellwig <hch(a)lst.de>
block: don't update BLK_FEAT_POLL in __blk_mq_update_nr_hw_queues
Christoph Hellwig <hch(a)lst.de>
block: check BLK_FEAT_POLL under q_usage_count
Eugen Hristev <eugen.hristev(a)linaro.org>
pstore/blk: trivial typo fixes
Yu Kuai <yukuai3(a)huawei.com>
nbd: don't allow reconnect after disconnect
Geert Uytterhoeven <geert+renesas(a)glider.be>
ps3disk: Do not use dev->bounce_size before it is set
Yang Erkun <yangerkun(a)huawei.com>
block: retry call probe after request_module in blk_request_module
Christoph Hellwig <hch(a)lst.de>
block: copy back bounce buffer to user-space correctly in case of split
Jinliang Zheng <alexjlzheng(a)gmail.com>
fs: fix proc_handler for sysctl_nr_open
David Howells <dhowells(a)redhat.com>
afs: Fix cleanup of immediately failed async calls
David Howells <dhowells(a)redhat.com>
afs: Fix directory format encoding struct
David Howells <dhowells(a)redhat.com>
afs: Fix EEXIST error returned from afs_rmdir() to be ENOTEMPTY
Alexander Aring <aahringo(a)redhat.com>
dlm: fix srcu_read_lock() return type to int
Alexander Aring <aahringo(a)redhat.com>
dlm: fix removal of rsb struct that is master and dir record
Sourabh Jain <sourabhjain(a)linux.ibm.com>
powerpc/book3s64/hugetlb: Fix disabling hugetlb when fadump is active
Kees Cook <kees(a)kernel.org>
coredump: Do not lock during 'comm' reporting
-------------
Diffstat:
Documentation/core-api/symbol-namespaces.rst | 4 +-
.../devicetree/bindings/clock/imx93-clock.yaml | 1 +
.../bindings/leds/leds-class-multicolor.yaml | 2 +-
.../devicetree/bindings/mfd/rohm,bd71815-pmic.yaml | 20 +-
.../devicetree/bindings/mmc/mmc-controller.yaml | 2 +-
.../bindings/regulator/mt6315-regulator.yaml | 6 -
Documentation/driver-api/crypto/iaa/iaa-crypto.rst | 9 +-
.../it_IT/core-api/symbol-namespaces.rst | 4 +-
.../zh_CN/core-api/symbol-namespaces.rst | 4 +-
Makefile | 6 +-
.../dts/aspeed/aspeed-bmc-facebook-yosemite4.dts | 24 +-
.../boot/dts/intel/socfpga/socfpga_arria10.dtsi | 6 +-
arch/arm/boot/dts/mediatek/mt7623.dtsi | 2 +-
.../boot/dts/microchip/at91-sama5d27_wlsom1_ek.dts | 1 +
.../boot/dts/microchip/at91-sama5d29_curiosity.dts | 1 +
arch/arm/boot/dts/nxp/imx/imx7-tqma7.dtsi | 1 +
arch/arm/boot/dts/st/stm32mp13xx-dhcor-som.dtsi | 4 +-
arch/arm/boot/dts/st/stm32mp151.dtsi | 2 +-
arch/arm/boot/dts/st/stm32mp15xx-dhcom-drc02.dtsi | 12 -
arch/arm/boot/dts/st/stm32mp15xx-dhcom-pdk2.dtsi | 10 -
.../arm/boot/dts/st/stm32mp15xx-dhcom-picoitx.dtsi | 10 -
arch/arm/boot/dts/st/stm32mp15xx-dhcom-som.dtsi | 7 +
arch/arm/mach-at91/pm.c | 31 +-
arch/arm/mach-omap1/board-nokia770.c | 2 +-
.../boot/dts/allwinner/sun50i-a64-pinebook.dts | 2 +
.../boot/dts/allwinner/sun50i-a64-teres-i.dts | 2 +
arch/arm64/boot/dts/allwinner/sun50i-a64.dtsi | 2 +
arch/arm64/boot/dts/freescale/imx93.dtsi | 2 +-
arch/arm64/boot/dts/marvell/cn9131-cf-solidwan.dts | 4 +-
arch/arm64/boot/dts/mediatek/mt7988a.dtsi | 3 +
arch/arm64/boot/dts/mediatek/mt8173-elm.dtsi | 29 +-
arch/arm64/boot/dts/mediatek/mt8173-evb.dts | 25 +-
.../dts/mediatek/mt8183-kukui-jacuzzi-damu.dts | 4 +
.../dts/mediatek/mt8183-kukui-jacuzzi-kenzo.dts | 15 +
.../dts/mediatek/mt8183-kukui-jacuzzi-willow.dtsi | 15 +
.../boot/dts/mediatek/mt8183-kukui-jacuzzi.dtsi | 2 -
arch/arm64/boot/dts/mediatek/mt8183.dtsi | 3 +-
arch/arm64/boot/dts/mediatek/mt8186.dtsi | 8 +-
arch/arm64/boot/dts/mediatek/mt8192-asurada.dtsi | 3 -
arch/arm64/boot/dts/mediatek/mt8195-cherry.dtsi | 2 -
arch/arm64/boot/dts/mediatek/mt8195-demo.dts | 9 -
arch/arm64/boot/dts/mediatek/mt8195.dtsi | 5 +-
arch/arm64/boot/dts/mediatek/mt8365.dtsi | 3 +-
.../boot/dts/mediatek/mt8395-genio-1200-evk.dts | 2 -
.../boot/dts/mediatek/mt8395-radxa-nio-12l.dts | 2 -
arch/arm64/boot/dts/mediatek/mt8516.dtsi | 11 +-
arch/arm64/boot/dts/mediatek/pumpkin-common.dtsi | 2 -
arch/arm64/boot/dts/nvidia/tegra234.dtsi | 2 +-
arch/arm64/boot/dts/qcom/Makefile | 3 +
arch/arm64/boot/dts/qcom/msm8916.dtsi | 2 +-
arch/arm64/boot/dts/qcom/msm8939.dtsi | 2 +-
arch/arm64/boot/dts/qcom/msm8994.dtsi | 11 +-
arch/arm64/boot/dts/qcom/msm8996-xiaomi-gemini.dts | 2 +-
arch/arm64/boot/dts/qcom/msm8996.dtsi | 9 +-
arch/arm64/boot/dts/qcom/qcm6490-shift-otter.dts | 2 -
arch/arm64/boot/dts/qcom/qcs404.dtsi | 2 +-
arch/arm64/boot/dts/qcom/qcs8550-aim300.dtsi | 2 +-
arch/arm64/boot/dts/qcom/qdu1000-idp.dts | 2 +-
arch/arm64/boot/dts/qcom/qrb4210-rb2.dts | 2 +-
arch/arm64/boot/dts/qcom/qru1000-idp.dts | 2 +-
arch/arm64/boot/dts/qcom/sa8775p-ride.dtsi | 2 +-
arch/arm64/boot/dts/qcom/sc7180-firmware-tfa.dtsi | 84 ++--
.../arm64/boot/dts/qcom/sc7180-trogdor-coachz.dtsi | 8 +-
.../boot/dts/qcom/sc7180-trogdor-homestar.dtsi | 8 +-
.../arm64/boot/dts/qcom/sc7180-trogdor-pompom.dtsi | 4 +-
.../dts/qcom/sc7180-trogdor-quackingstick.dtsi | 1 +
.../boot/dts/qcom/sc7180-trogdor-wormdingler.dtsi | 8 +-
arch/arm64/boot/dts/qcom/sc7180.dtsi | 362 ++++++-------
arch/arm64/boot/dts/qcom/sc7280.dtsi | 2 +-
arch/arm64/boot/dts/qcom/sc8280xp.dtsi | 46 +-
...dts => sdm845-db845c-navigation-mezzanine.dtso} | 46 +-
arch/arm64/boot/dts/qcom/sdm845.dtsi | 20 +-
arch/arm64/boot/dts/qcom/sdx75.dtsi | 2 +-
arch/arm64/boot/dts/qcom/sm4450.dtsi | 2 +-
arch/arm64/boot/dts/qcom/sm6125.dtsi | 2 +-
arch/arm64/boot/dts/qcom/sm6375.dtsi | 2 +-
arch/arm64/boot/dts/qcom/sm7125.dtsi | 16 +-
arch/arm64/boot/dts/qcom/sm7225-fairphone-fp4.dts | 2 +-
.../boot/dts/qcom/sm8150-microsoft-surface-duo.dts | 4 +-
arch/arm64/boot/dts/qcom/sm8250.dtsi | 30 +-
arch/arm64/boot/dts/qcom/sm8350.dtsi | 2 +-
arch/arm64/boot/dts/qcom/sm8450.dtsi | 2 +-
arch/arm64/boot/dts/qcom/sm8550-hdk.dts | 2 +-
arch/arm64/boot/dts/qcom/sm8550-mtp.dts | 2 +-
arch/arm64/boot/dts/qcom/sm8550-qrd.dts | 2 +-
arch/arm64/boot/dts/qcom/sm8550-samsung-q5q.dts | 2 +-
.../dts/qcom/sm8550-sony-xperia-yodo-pdx234.dts | 2 +-
arch/arm64/boot/dts/qcom/sm8650-hdk.dts | 2 +-
arch/arm64/boot/dts/qcom/sm8650-mtp.dts | 2 +-
arch/arm64/boot/dts/qcom/sm8650-qrd.dts | 2 +-
arch/arm64/boot/dts/qcom/sm8650.dtsi | 6 +-
.../boot/dts/qcom/x1e80100-microsoft-romulus.dtsi | 4 +-
arch/arm64/boot/dts/qcom/x1e80100.dtsi | 2 +-
arch/arm64/boot/dts/renesas/rzg3s-smarc-som.dtsi | 5 -
arch/arm64/boot/dts/renesas/rzg3s-smarc.dtsi | 7 +-
arch/arm64/boot/dts/rockchip/rk3308-rock-s0.dts | 25 +-
.../boot/dts/rockchip/rk3568-wolfvision-pf5.dts | 2 +-
arch/arm64/boot/dts/ti/Makefile | 4 -
arch/arm64/boot/dts/ti/k3-am62-main.dtsi | 1 -
arch/arm64/boot/dts/ti/k3-am62a-main.dtsi | 1 -
...-pcie.dtso => k3-am642-hummingboard-t-pcie.dts} | 14 +-
...-usb3.dtso => k3-am642-hummingboard-t-usb3.dts} | 13 +-
arch/arm64/configs/defconfig | 1 -
arch/hexagon/include/asm/cmpxchg.h | 2 +-
arch/hexagon/kernel/traps.c | 4 +-
arch/loongarch/include/asm/hw_breakpoint.h | 4 +-
arch/loongarch/include/asm/loongarch.h | 60 +++
arch/loongarch/kernel/hw_breakpoint.c | 16 +-
arch/loongarch/power/platform.c | 2 +-
arch/powerpc/include/asm/hugetlb.h | 9 +
arch/powerpc/kernel/iommu.c | 2 +-
arch/powerpc/platforms/pseries/iommu.c | 12 +-
arch/riscv/kernel/vector.c | 2 +-
arch/s390/Kconfig | 1 +
arch/s390/Makefile | 2 +-
arch/s390/include/asm/sclp.h | 1 +
arch/s390/kernel/perf_cpum_cf.c | 2 +-
arch/s390/kernel/perf_pai_crypto.c | 2 +-
arch/s390/kernel/perf_pai_ext.c | 2 +-
arch/s390/kernel/setup.c | 5 +
arch/s390/purgatory/Makefile | 2 +-
arch/x86/events/amd/ibs.c | 2 +-
arch/x86/include/asm/kvm_host.h | 2 +-
arch/x86/kernel/smpboot.c | 10 +-
arch/x86/kvm/lapic.c | 11 +-
arch/x86/kvm/vmx/vmx.c | 2 +-
arch/x86/kvm/vmx/x86_ops.h | 2 +-
block/bio-integrity.c | 15 +-
block/blk-core.c | 21 +-
block/blk-mq.c | 34 +-
block/blk-mq.h | 6 +
block/blk-sysfs.c | 9 +-
block/genhd.c | 22 +-
block/partitions/ldm.h | 2 +-
crypto/algapi.c | 4 +-
drivers/acpi/acpica/achware.h | 2 -
drivers/acpi/fan_core.c | 10 +-
drivers/base/class.c | 9 +-
drivers/base/power/main.c | 29 +-
drivers/block/nbd.c | 1 +
drivers/block/ps3disk.c | 4 +-
drivers/bluetooth/btbcm.c | 3 +
drivers/bluetooth/btnxpuart.c | 3 +-
drivers/bluetooth/btrtl.c | 4 +-
drivers/bluetooth/btusb.c | 7 +
drivers/cdx/Makefile | 2 +-
drivers/char/ipmi/ipmb_dev_int.c | 3 +
drivers/char/ipmi/ssif_bmc.c | 5 +-
drivers/clk/analogbits/wrpll-cln28hpc.c | 2 +-
drivers/clk/clk.c | 4 +-
drivers/clk/imx/clk-imx8mp.c | 5 +-
drivers/clk/imx/clk-imx93.c | 89 ++--
drivers/clk/qcom/camcc-x1e80100.c | 7 +
drivers/clk/qcom/gcc-sdm845.c | 32 +-
drivers/clk/qcom/gcc-x1e80100.c | 2 +-
drivers/clk/ralink/clk-mtmips.c | 1 -
drivers/clk/renesas/renesas-cpg-mssr.c | 2 +-
drivers/clk/sunxi-ng/ccu-sun50i-a64.c | 13 +-
drivers/clk/sunxi-ng/ccu-sun50i-a64.h | 2 -
drivers/clk/thead/clk-th1520-ap.c | 13 +-
drivers/cpufreq/acpi-cpufreq.c | 36 +-
drivers/cpufreq/qcom-cpufreq-hw.c | 34 +-
drivers/crypto/caam/blob_gen.c | 3 +-
drivers/crypto/hisilicon/sec2/sec.h | 3 +-
drivers/crypto/hisilicon/sec2/sec_crypto.c | 157 +++---
drivers/crypto/hisilicon/sec2/sec_crypto.h | 11 -
drivers/crypto/intel/iaa/Makefile | 2 +-
drivers/crypto/intel/iaa/iaa_crypto_main.c | 2 +-
drivers/crypto/intel/ixp4xx/ixp4xx_crypto.c | 3 +
drivers/crypto/intel/qat/qat_common/Makefile | 2 +-
drivers/crypto/tegra/tegra-se-aes.c | 7 +-
drivers/crypto/tegra/tegra-se-hash.c | 7 +-
drivers/dma/idxd/Makefile | 2 +-
drivers/dma/ti/edma.c | 3 +-
drivers/firewire/device-attribute-test.c | 2 +
drivers/firmware/efi/sysfb_efi.c | 2 +-
drivers/firmware/qcom/qcom_scm.c | 42 +-
drivers/gpio/gpio-idio-16.c | 2 +-
drivers/gpio/gpio-mxc.c | 3 +-
drivers/gpio/gpio-pca953x.c | 3 +-
drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gfx_v9.c | 6 +-
drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 1 +
drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c | 4 -
drivers/gpu/drm/amd/amdgpu/gfx_v9_4_3.c | 6 -
drivers/gpu/drm/amd/amdgpu/vcn_v4_0_3.c | 2 +
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.h | 2 +
.../amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 34 +-
.../gpu/drm/amd/display/dc/dpp/dcn10/dcn10_dpp.c | 3 +
.../gpu/drm/amd/display/dc/hubp/dcn10/dcn10_hubp.c | 10 +-
.../gpu/drm/amd/display/dc/hubp/dcn10/dcn10_hubp.h | 2 +
.../gpu/drm/amd/display/dc/hubp/dcn20/dcn20_hubp.c | 1 +
.../drm/amd/display/dc/hubp/dcn201/dcn201_hubp.c | 1 +
.../gpu/drm/amd/display/dc/hubp/dcn21/dcn21_hubp.c | 3 +
.../gpu/drm/amd/display/dc/hubp/dcn30/dcn30_hubp.c | 3 +
.../gpu/drm/amd/display/dc/hubp/dcn31/dcn31_hubp.c | 1 +
.../gpu/drm/amd/display/dc/hubp/dcn32/dcn32_hubp.c | 1 +
.../gpu/drm/amd/display/dc/hubp/dcn35/dcn35_hubp.c | 1 +
.../drm/amd/display/dc/hubp/dcn401/dcn401_hubp.c | 3 +-
.../drm/amd/display/dc/hwss/dcn10/dcn10_hwseq.c | 2 +
.../drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c | 2 +
drivers/gpu/drm/amd/display/dc/inc/hw/hubp.h | 2 +
.../gpu/drm/amd/pm/powerplay/hwmgr/ppatomctrl.c | 2 +
.../drm/amd/pm/powerplay/hwmgr/vega10_powertune.c | 5 +-
drivers/gpu/drm/bridge/ite-it6505.c | 2 +-
drivers/gpu/drm/display/drm_hdmi_state_helper.c | 8 +
drivers/gpu/drm/etnaviv/etnaviv_gem.c | 16 +-
drivers/gpu/drm/msm/adreno/a6xx_gmu.c | 8 +-
.../drm/msm/disp/dpu1/catalog/dpu_10_0_sm8650.h | 2 +
.../gpu/drm/msm/disp/dpu1/catalog/dpu_4_1_sdm670.h | 54 +-
.../gpu/drm/msm/disp/dpu1/catalog/dpu_5_0_sm8150.h | 2 +
.../drm/msm/disp/dpu1/catalog/dpu_5_1_sc8180x.h | 2 +
.../gpu/drm/msm/disp/dpu1/catalog/dpu_6_0_sm8250.h | 2 +
.../gpu/drm/msm/disp/dpu1/catalog/dpu_7_0_sm8350.h | 2 +
.../gpu/drm/msm/disp/dpu1/catalog/dpu_9_0_sm8550.h | 2 +
.../drm/msm/disp/dpu1/catalog/dpu_9_2_x1e80100.h | 2 +
drivers/gpu/drm/msm/disp/mdp4/mdp4_lcdc_encoder.c | 2 +-
drivers/gpu/drm/msm/dp/dp_audio.c | 2 +-
drivers/gpu/drm/msm/hdmi/hdmi_phy_8998.c | 2 +-
drivers/gpu/drm/msm/msm_kms.c | 1 -
drivers/gpu/drm/panthor/panthor_device.c | 4 +-
drivers/gpu/drm/rockchip/rockchip_drm_vop2.c | 115 ++++-
drivers/gpu/drm/rockchip/rockchip_drm_vop2.h | 10 +
drivers/gpu/drm/rockchip/rockchip_vop2_reg.c | 26 +-
drivers/gpu/drm/v3d/v3d_debugfs.c | 4 +-
drivers/gpu/drm/v3d/v3d_perfmon.c | 15 +-
drivers/gpu/drm/v3d/v3d_regs.h | 29 +-
drivers/hid/hid-core.c | 2 +
drivers/hid/hid-input.c | 37 +-
drivers/hid/hid-multitouch.c | 2 +-
drivers/hid/hid-thrustmaster.c | 8 +
drivers/hwmon/Kconfig | 4 +-
drivers/hwmon/nct6775-core.c | 6 +-
drivers/i2c/busses/i2c-designware-common.c | 5 +-
drivers/i2c/busses/i2c-designware-master.c | 5 +-
drivers/i2c/busses/i2c-designware-slave.c | 5 +-
drivers/i3c/master/dw-i3c-master.c | 1 +
drivers/infiniband/hw/Makefile | 2 +-
drivers/infiniband/hw/bnxt_re/ib_verbs.c | 7 +-
drivers/infiniband/hw/cxgb4/device.c | 6 +-
drivers/infiniband/hw/cxgb4/qp.c | 8 +
drivers/infiniband/hw/hns/Kconfig | 20 +-
drivers/infiniband/hw/hns/Makefile | 9 +-
drivers/infiniband/hw/mlx4/main.c | 8 +-
drivers/infiniband/hw/mlx5/odp.c | 62 ++-
drivers/infiniband/sw/rxe/rxe_param.h | 2 +-
drivers/infiniband/sw/rxe/rxe_pool.c | 11 +-
drivers/infiniband/sw/rxe/rxe_verbs.c | 5 +-
drivers/infiniband/ulp/rtrs/rtrs.c | 3 +
drivers/infiniband/ulp/srp/ib_srp.c | 1 -
drivers/iommu/amd/amd_iommu.h | 1 -
drivers/iommu/amd/iommu.c | 9 -
drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 17 +-
drivers/iommu/iommufd/iova_bitmap.c | 2 +-
drivers/iommu/iommufd/main.c | 2 +-
drivers/leds/leds-cht-wcove.c | 6 +-
drivers/leds/leds-netxbig.c | 1 +
drivers/md/md-bitmap.c | 79 +--
drivers/md/md-bitmap.h | 7 +-
drivers/md/md.c | 34 ++
drivers/md/md.h | 5 +
drivers/md/raid1.c | 34 +-
drivers/md/raid1.h | 1 -
drivers/md/raid10.c | 26 +-
drivers/md/raid10.h | 1 -
drivers/md/raid5-cache.c | 4 -
drivers/md/raid5.c | 111 ++--
drivers/md/raid5.h | 4 -
drivers/media/i2c/imx290.c | 3 +-
drivers/media/i2c/imx412.c | 42 +-
drivers/media/i2c/ov9282.c | 2 +-
drivers/media/platform/marvell/mcam-core.c | 7 +-
drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c | 7 +-
.../media/platform/nxp/imx8-isi/imx8-isi-video.c | 3 +
.../media/platform/samsung/exynos4-is/mipi-csis.c | 10 +-
.../media/platform/samsung/s3c-camif/camif-core.c | 13 +-
drivers/media/rc/iguanair.c | 4 +-
drivers/media/usb/dvb-usb-v2/af9035.c | 18 +-
drivers/media/usb/dvb-usb-v2/lmedm04.c | 12 +-
drivers/media/usb/uvc/uvc_queue.c | 3 +-
drivers/media/usb/uvc/uvc_status.c | 1 +
drivers/memory/tegra/tegra20-emc.c | 8 +-
drivers/mfd/syscon.c | 19 +-
drivers/misc/cardreader/rtsx_usb.c | 15 +
drivers/mtd/hyperbus/hbmc-am654.c | 19 +-
drivers/mtd/nand/raw/brcmnand/brcmnand.c | 5 +
drivers/net/ethernet/broadcom/bgmac.h | 3 +-
drivers/net/ethernet/davicom/dm9000.c | 3 +-
drivers/net/ethernet/freescale/fec_main.c | 31 +-
drivers/net/ethernet/hisilicon/hns3/hnae3.c | 15 +
drivers/net/ethernet/hisilicon/hns3/hnae3.h | 2 +
drivers/net/ethernet/hisilicon/hns3/hns3_enet.c | 2 +
.../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 2 +
.../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 2 +
drivers/net/ethernet/intel/iavf/iavf_main.c | 19 +-
drivers/net/ethernet/intel/ice/ice_adminq_cmd.h | 18 +-
drivers/net/ethernet/intel/ice/ice_ethtool.c | 109 ++--
drivers/net/ethernet/intel/ice/ice_ethtool.h | 38 +-
drivers/net/ethernet/intel/ice/ice_parser.h | 6 +-
drivers/net/ethernet/intel/ice/ice_parser_rt.c | 12 +-
drivers/net/ethernet/intel/idpf/idpf_controlq.c | 6 +
drivers/net/ethernet/intel/idpf/idpf_main.c | 15 +-
drivers/net/ethernet/intel/idpf/idpf_virtchnl.c | 14 +-
.../net/ethernet/marvell/octeon_ep/octep_main.c | 10 -
.../ethernet/marvell/octeon_ep_vf/octep_vf_main.c | 8 -
drivers/net/ethernet/mediatek/airoha_eth.c | 37 +-
.../mlx5/core/steering/hws/mlx5hws_definer.c | 2 +-
drivers/net/ethernet/mellanox/mlxfw/mlxfw_fsm.c | 2 -
drivers/net/ethernet/mellanox/mlxsw/spectrum_mr.c | 8 +-
drivers/net/ethernet/renesas/ravb_main.c | 22 +-
drivers/net/ethernet/renesas/sh_eth.c | 4 +
drivers/net/ethernet/sfc/ef100_ethtool.c | 1 +
drivers/net/ethernet/sfc/ethtool.c | 1 +
drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 30 ++
drivers/net/ethernet/ti/am65-cpsw-nuss.c | 2 +-
drivers/net/netdevsim/netdevsim.h | 1 +
drivers/net/netdevsim/udp_tunnels.c | 23 +-
drivers/net/phy/marvell-88q2xxx.c | 33 +-
drivers/net/tap.c | 6 +-
drivers/net/team/team_core.c | 7 +
drivers/net/tun.c | 6 +-
drivers/net/usb/rtl8150.c | 22 +
drivers/net/vxlan/vxlan_vnifilter.c | 5 +
drivers/net/wireless/ath/ath11k/dp_rx.c | 1 +
drivers/net/wireless/ath/ath11k/hal_rx.c | 3 +-
drivers/net/wireless/ath/ath12k/mac.c | 6 +-
drivers/net/wireless/ath/wcn36xx/main.c | 5 +-
.../wireless/broadcom/brcm80211/brcmfmac/fwil.h | 2 +
drivers/net/wireless/intel/iwlwifi/fw/uefi.c | 44 +-
drivers/net/wireless/intel/iwlwifi/mvm/coex.c | 9 +-
drivers/net/wireless/intel/iwlwifi/mvm/tx.c | 4 +-
drivers/net/wireless/mediatek/mt76/mac80211.c | 2 +-
drivers/net/wireless/mediatek/mt76/mt7615/mcu.c | 2 +-
.../net/wireless/mediatek/mt76/mt76_connac_mcu.c | 2 +-
.../net/wireless/mediatek/mt76/mt76_connac_mcu.h | 1 +
drivers/net/wireless/mediatek/mt76/mt7915/init.c | 2 +-
drivers/net/wireless/mediatek/mt76/mt7915/mac.c | 7 +
drivers/net/wireless/mediatek/mt76/mt7915/main.c | 9 +-
drivers/net/wireless/mediatek/mt76/mt7915/mmio.c | 2 +-
drivers/net/wireless/mediatek/mt76/mt7915/mt7915.h | 1 +
drivers/net/wireless/mediatek/mt76/mt7915/pci.c | 1 +
drivers/net/wireless/mediatek/mt76/mt7921/mac.c | 1 +
drivers/net/wireless/mediatek/mt76/mt7921/main.c | 9 +-
drivers/net/wireless/mediatek/mt76/mt7925/mac.c | 6 +-
drivers/net/wireless/mediatek/mt76/mt7925/main.c | 109 ++--
drivers/net/wireless/mediatek/mt76/mt7925/mcu.c | 142 ++++--
drivers/net/wireless/mediatek/mt76/mt7925/mcu.h | 5 +-
drivers/net/wireless/mediatek/mt76/mt7925/mt7925.h | 2 +
drivers/net/wireless/mediatek/mt76/mt792x.h | 7 +-
drivers/net/wireless/mediatek/mt76/mt792x_core.c | 3 +-
drivers/net/wireless/mediatek/mt76/mt792x_mac.c | 2 +-
drivers/net/wireless/mediatek/mt76/mt7996/init.c | 20 +-
drivers/net/wireless/mediatek/mt76/mt7996/mac.c | 5 +-
drivers/net/wireless/mediatek/mt76/mt7996/main.c | 3 +-
drivers/net/wireless/mediatek/mt76/mt7996/mcu.c | 47 +-
drivers/net/wireless/mediatek/mt76/mt7996/mmio.c | 2 +-
drivers/net/wireless/mediatek/mt76/usb.c | 4 +-
drivers/net/wireless/realtek/rtlwifi/base.c | 13 +-
drivers/net/wireless/realtek/rtlwifi/base.h | 1 -
drivers/net/wireless/realtek/rtlwifi/pci.c | 61 +--
.../net/wireless/realtek/rtlwifi/rtl8192se/sw.c | 7 +-
.../net/wireless/realtek/rtlwifi/rtl8821ae/phy.c | 4 +-
drivers/net/wireless/realtek/rtlwifi/usb.c | 12 +-
drivers/net/wireless/realtek/rtlwifi/wifi.h | 12 -
drivers/net/wireless/realtek/rtw89/chan.c | 212 +++++++-
drivers/net/wireless/realtek/rtw89/chan.h | 28 +-
drivers/net/wireless/realtek/rtw89/core.c | 124 +++--
drivers/net/wireless/realtek/rtw89/core.h | 27 +-
drivers/net/wireless/realtek/rtw89/fw.c | 40 +-
drivers/net/wireless/realtek/rtw89/mac.c | 3 +-
drivers/net/wireless/realtek/rtw89/mac80211.c | 10 +-
drivers/net/wireless/ti/wlcore/main.c | 10 +-
drivers/nvme/host/core.c | 34 +-
drivers/nvme/host/tcp.c | 70 ++-
drivers/of/fdt.c | 13 +-
drivers/of/of_private.h | 3 +-
drivers/of/of_reserved_mem.c | 174 +++++--
drivers/of/property.c | 2 +-
drivers/opp/core.c | 57 ++-
drivers/opp/of.c | 4 +-
drivers/pci/controller/dwc/pci-imx6.c | 30 +-
drivers/pci/controller/dwc/pcie-designware-host.c | 1 +
drivers/pci/controller/dwc/pcie-qcom.c | 2 +
drivers/pci/controller/pcie-rcar-ep.c | 2 +-
drivers/pci/controller/plda/pcie-microchip-host.c | 222 +++++---
drivers/pci/controller/plda/pcie-plda-host.c | 17 +-
drivers/pci/controller/plda/pcie-plda.h | 6 +-
drivers/pci/endpoint/functions/pci-epf-test.c | 6 +-
drivers/pci/endpoint/pci-epc-core.c | 2 +-
drivers/pci/pcie/aspm.c | 35 +-
drivers/phy/freescale/phy-fsl-samsung-hdmi.c | 558 ++++++++++++---------
drivers/pinctrl/nomadik/pinctrl-nomadik.c | 35 +-
drivers/pinctrl/pinctrl-amd.c | 27 +-
drivers/pinctrl/pinctrl-amd.h | 7 +-
drivers/pinctrl/samsung/pinctrl-exynos.c | 3 +-
drivers/pinctrl/stm32/pinctrl-stm32.c | 76 +--
drivers/platform/mellanox/mlxbf-pmc.c | 6 +-
drivers/platform/x86/x86-android-tablets/lenovo.c | 4 +-
drivers/pps/clients/pps-gpio.c | 4 +-
drivers/pps/clients/pps-ktimer.c | 4 +-
drivers/pps/clients/pps-ldisc.c | 6 +-
drivers/pps/clients/pps_parport.c | 4 +-
drivers/pps/kapi.c | 10 +-
drivers/pps/kc.c | 10 +-
drivers/pps/pps.c | 127 ++---
drivers/ptp/ptp_chardev.c | 4 +
drivers/ptp/ptp_ocp.c | 2 +-
drivers/pwm/core.c | 2 +-
drivers/pwm/pwm-dwc-core.c | 2 +-
drivers/pwm/pwm-lpss.c | 2 +-
drivers/pwm/pwm-stm32-lp.c | 8 +-
drivers/pwm/pwm-stm32.c | 7 +-
drivers/regulator/core.c | 2 +-
drivers/regulator/of_regulator.c | 14 +-
drivers/remoteproc/mtk_scp.c | 12 +-
drivers/remoteproc/remoteproc_core.c | 14 +-
drivers/rtc/rtc-loongson.c | 13 +-
drivers/rtc/rtc-pcf85063.c | 11 +-
drivers/rtc/rtc-tps6594.c | 2 +-
drivers/s390/char/sclp.c | 12 +-
drivers/scsi/mpi3mr/mpi3mr_app.c | 8 +-
drivers/scsi/mpt3sas/mpt3sas_base.c | 3 +-
drivers/soc/atmel/soc.c | 2 +-
drivers/spi/spi-omap2-mcspi.c | 11 +-
drivers/spi/spi-zynq-qspi.c | 13 +-
drivers/staging/media/imx/imx-media-of.c | 8 +-
drivers/staging/media/max96712/max96712.c | 4 +-
drivers/tty/mips_ejtag_fdc.c | 4 +-
drivers/tty/serial/8250/8250_port.c | 32 +-
drivers/tty/serial/sc16is7xx.c | 2 +-
drivers/ufs/core/ufs_bsg.c | 1 +
drivers/usb/dwc3/core.c | 35 +-
drivers/usb/dwc3/dwc3-am62.c | 1 +
drivers/usb/gadget/function/f_tcm.c | 14 +-
drivers/usb/host/xhci-ring.c | 3 +-
drivers/usb/storage/Makefile | 2 +-
drivers/usb/typec/tcpm/tcpci.c | 13 +-
drivers/usb/typec/tcpm/tcpm.c | 10 +-
drivers/video/fbdev/omap2/omapfb/dss/dss-of.c | 1 +
drivers/watchdog/rti_wdt.c | 1 +
fs/afs/dir.c | 7 +-
fs/afs/internal.h | 9 +
fs/afs/rxrpc.c | 12 +-
fs/afs/xdr_fs.h | 2 +-
fs/afs/yfsclient.c | 5 +-
fs/btrfs/inode.c | 97 +++-
fs/btrfs/qgroup.c | 21 +-
fs/btrfs/subpage.c | 6 +-
fs/btrfs/subpage.h | 13 +
fs/btrfs/super.c | 2 +-
fs/dlm/lock.c | 46 +-
fs/dlm/lowcomms.c | 3 +-
fs/erofs/internal.h | 17 +-
fs/erofs/zdata.c | 190 +++++--
fs/erofs/zutil.c | 155 +-----
fs/f2fs/dir.c | 53 +-
fs/f2fs/f2fs.h | 6 +-
fs/f2fs/inline.c | 5 +-
fs/file_table.c | 2 +-
fs/hostfs/hostfs_kern.c | 27 +-
fs/nfs/localio.c | 4 +-
fs/nfs/nfs42proc.c | 2 +-
fs/nfs/nfs42xdr.c | 2 +
fs/nfs_common/common.c | 89 +++-
fs/nilfs2/dir.c | 13 +-
fs/nilfs2/namei.c | 29 +-
fs/nilfs2/nilfs.h | 4 +-
fs/nilfs2/page.c | 31 +-
fs/nilfs2/segment.c | 4 +-
fs/ocfs2/quota_global.c | 5 +
fs/pstore/blk.c | 4 +-
fs/select.c | 4 +-
fs/smb/client/cifsacl.c | 25 +-
fs/smb/client/cifsproto.h | 2 +-
fs/smb/client/cifssmb.c | 4 +-
fs/smb/client/readdir.c | 2 +-
fs/smb/client/reparse.c | 22 +-
fs/smb/client/smb2ops.c | 3 +-
fs/ubifs/debug.c | 22 +-
fs/xfs/xfs_buf.c | 3 +-
fs/xfs/xfs_notify_failure.c | 121 +++--
include/acpi/acpixf.h | 1 +
include/dt-bindings/clock/imx93-clock.h | 7 +-
include/dt-bindings/clock/sun50i-a64-ccu.h | 2 +
include/linux/btf.h | 5 +
include/linux/coredump.h | 4 +-
include/linux/ethtool.h | 4 +
include/linux/export.h | 2 +-
include/linux/hid.h | 1 +
include/linux/ieee80211.h | 11 +-
include/linux/kallsyms.h | 2 +-
include/linux/mroute_base.h | 6 +-
include/linux/netdevice.h | 2 +-
include/linux/nfs_common.h | 3 +-
include/linux/perf_event.h | 6 +
include/linux/pm.h | 1 +
include/linux/pps_kernel.h | 3 +-
include/linux/ptr_ring.h | 21 +-
include/linux/sched.h | 1 +
include/linux/skb_array.h | 17 +-
include/linux/usb/tcpm.h | 3 +-
include/net/ax25.h | 10 +-
include/net/inetpeer.h | 12 +-
include/net/netfilter/nf_tables.h | 6 +
include/net/netns/xfrm.h | 1 +
include/net/pkt_cls.h | 13 +-
include/net/sch_generic.h | 5 +-
include/net/xfrm.h | 30 +-
include/sound/hdaudio_ext.h | 45 --
include/trace/events/afs.h | 2 +
include/trace/events/rxrpc.h | 25 +
include/uapi/linux/xfrm.h | 2 +
io_uring/uring_cmd.c | 2 +-
kernel/bpf/arena.c | 8 +-
kernel/bpf/bpf_local_storage.c | 8 +-
kernel/bpf/bpf_struct_ops.c | 21 +
kernel/bpf/btf.c | 5 -
kernel/bpf/helpers.c | 18 +-
kernel/dma/coherent.c | 14 +-
kernel/events/core.c | 35 +-
kernel/irq/internals.h | 9 +-
kernel/module/main.c | 7 +-
kernel/padata.c | 45 +-
kernel/power/hibernate.c | 7 +-
kernel/printk/internal.h | 6 +
kernel/printk/printk.c | 5 +
kernel/printk/printk_safe.c | 7 +-
kernel/sched/core.c | 83 +--
kernel/sched/cpufreq_schedutil.c | 4 +-
kernel/sched/fair.c | 21 +-
kernel/sched/features.h | 9 +
kernel/sched/sched.h | 56 +--
kernel/sched/stats.h | 33 +-
kernel/sched/syscalls.c | 2 +-
kernel/trace/bpf_trace.c | 13 +-
lib/rhashtable.c | 12 +-
mm/memcontrol.c | 7 +-
mm/oom_kill.c | 8 +-
net/ax25/af_ax25.c | 12 +-
net/ax25/ax25_dev.c | 4 +-
net/ax25/ax25_ip.c | 3 +-
net/ax25/ax25_out.c | 22 +-
net/ax25/ax25_route.c | 2 +
net/core/dev.c | 21 +-
net/core/filter.c | 2 +-
net/core/sysctl_net_core.c | 5 +-
net/ethtool/ioctl.c | 8 +-
net/ethtool/netlink.c | 2 +-
net/hsr/hsr_forward.c | 7 +-
net/ipv4/esp4_offload.c | 6 +-
net/ipv4/icmp.c | 9 +-
net/ipv4/inetpeer.c | 31 +-
net/ipv4/ip_fragment.c | 15 +-
net/ipv4/ipmr.c | 28 +-
net/ipv4/ipmr_base.c | 9 +-
net/ipv4/route.c | 17 +-
net/ipv4/tcp_cubic.c | 8 +-
net/ipv4/tcp_output.c | 9 +-
net/ipv4/udp.c | 56 +++
net/ipv6/esp6_offload.c | 6 +-
net/ipv6/icmp.c | 6 +-
net/ipv6/ip6_output.c | 6 +-
net/ipv6/ip6mr.c | 28 +-
net/ipv6/ndisc.c | 8 +-
net/ipv6/udp.c | 50 ++
net/key/af_key.c | 7 +-
net/mac80211/debugfs_netdev.c | 2 +-
net/mac80211/driver-ops.h | 3 +
net/mac80211/rx.c | 1 +
net/mptcp/ctrl.c | 4 +-
net/mptcp/options.c | 13 +-
net/mptcp/pm_netlink.c | 3 +-
net/mptcp/protocol.c | 4 +-
net/mptcp/protocol.h | 30 +-
net/ncsi/ncsi-rsp.c | 18 +-
net/netfilter/nf_tables_api.c | 57 ++-
net/netfilter/nft_flow_offload.c | 16 +-
net/netfilter/nft_set_rbtree.c | 43 ++
net/rose/af_rose.c | 16 +-
net/rose/rose_timer.c | 15 +
net/rxrpc/conn_event.c | 12 +-
net/rxrpc/peer_event.c | 16 +-
net/rxrpc/peer_object.c | 12 +-
net/sched/cls_api.c | 57 +--
net/sched/cls_bpf.c | 2 +
net/sched/cls_flower.c | 2 +
net/sched/cls_matchall.c | 2 +
net/sched/cls_u32.c | 4 +
net/sched/sch_api.c | 4 +
net/sched/sch_generic.c | 4 +-
net/sched/sch_sfq.c | 45 +-
net/smc/af_smc.c | 2 +-
net/smc/smc_rx.c | 37 +-
net/smc/smc_rx.h | 8 +-
net/sunrpc/svcsock.c | 12 +-
net/vmw_vsock/af_vsock.c | 13 +-
net/wireless/scan.c | 7 +-
net/wireless/tests/scan.c | 2 +
net/xfrm/xfrm_compat.c | 6 +-
net/xfrm/xfrm_input.c | 2 +-
net/xfrm/xfrm_policy.c | 12 +
net/xfrm/xfrm_replay.c | 10 +-
net/xfrm/xfrm_state.c | 256 ++++++++--
net/xfrm/xfrm_user.c | 59 ++-
samples/landlock/sandboxer.c | 7 +
scripts/Makefile.lib | 4 +-
scripts/genksyms/genksyms.c | 11 +-
scripts/genksyms/genksyms.h | 2 +-
scripts/genksyms/parse.y | 18 +-
scripts/kconfig/confdata.c | 6 +-
scripts/kconfig/symbol.c | 1 +
security/landlock/fs.c | 11 +-
sound/core/seq/Kconfig | 4 +-
sound/pci/hda/patch_realtek.c | 1 +
sound/soc/amd/acp/acp-i2s.c | 1 +
sound/soc/codecs/Makefile | 6 +-
sound/soc/codecs/da7213.c | 2 +
sound/soc/intel/avs/apl.c | 3 +-
sound/soc/intel/avs/cnl.c | 1 +
sound/soc/intel/avs/core.c | 14 +-
sound/soc/intel/avs/loader.c | 2 +-
sound/soc/intel/avs/registers.h | 45 ++
sound/soc/intel/avs/skl.c | 1 +
sound/soc/intel/avs/topology.c | 4 +-
sound/soc/intel/boards/sof_sdw.c | 47 +-
sound/soc/mediatek/mt8365/Makefile | 2 +-
sound/soc/rockchip/rockchip_i2s_tdm.c | 31 +-
sound/soc/sh/rz-ssi.c | 3 +-
sound/soc/sunxi/sun4i-spdif.c | 7 +
sound/usb/quirks.c | 2 +
tools/bootconfig/main.c | 4 +-
tools/include/uapi/linux/if_xdp.h | 4 +-
tools/lib/bpf/btf.c | 1 +
tools/lib/bpf/btf_relocate.c | 2 +-
tools/lib/bpf/linker.c | 22 +-
tools/lib/bpf/usdt.c | 2 +-
tools/net/ynl/lib/ynl.c | 2 +-
tools/perf/MANIFEST | 1 +
tools/perf/builtin-inject.c | 8 +-
tools/perf/builtin-lock.c | 66 ++-
tools/perf/builtin-report.c | 2 +-
tools/perf/builtin-top.c | 2 +-
tools/perf/builtin-trace.c | 6 +-
tools/perf/tests/shell/trace_btf_enum.sh | 8 +-
tools/perf/util/bpf-event.c | 10 +-
.../util/bpf_skel/augmented_raw_syscalls.bpf.c | 11 +-
tools/perf/util/env.c | 13 +-
tools/perf/util/env.h | 4 +-
tools/perf/util/expr.c | 5 +-
tools/perf/util/header.c | 8 +-
tools/perf/util/machine.c | 2 +-
tools/perf/util/maps.c | 7 +-
tools/perf/util/namespaces.c | 7 +-
tools/perf/util/namespaces.h | 3 +-
.../cpupower/utils/idle_monitor/mperf_monitor.c | 15 +-
tools/power/x86/turbostat/turbostat.8 | 25 +
tools/power/x86/turbostat/turbostat.c | 163 +++++-
tools/testing/ktest/ktest.pl | 7 +-
tools/testing/selftests/bpf/Makefile | 4 +-
.../testing/selftests/bpf/prog_tests/btf_distill.c | 4 +-
.../selftests/bpf/prog_tests/fill_link_info.c | 4 +
tools/testing/selftests/bpf/prog_tests/tailcalls.c | 124 ++++-
tools/testing/selftests/bpf/progs/tc_bpf2bpf.c | 5 +-
.../selftests/bpf/progs/test_fill_link_info.c | 13 +-
tools/testing/selftests/bpf/test_tc_tunnel.sh | 1 +
tools/testing/selftests/bpf/xdp_hw_metadata.c | 2 +-
.../drivers/net/netdevsim/udp_tunnel_nic.sh | 16 +-
.../ftrace/test.d/00basic/mount_options.tc | 8 +-
tools/testing/selftests/kselftest/ktap_helpers.sh | 2 +-
tools/testing/selftests/kselftest_harness.h | 24 +-
tools/testing/selftests/landlock/Makefile | 4 +-
tools/testing/selftests/landlock/fs_test.c | 3 +-
tools/testing/selftests/net/lib/Makefile | 2 +-
tools/testing/selftests/net/mptcp/Makefile | 2 +-
tools/testing/selftests/net/openvswitch/Makefile | 2 +-
.../selftests/powerpc/benchmarks/gettimeofday.c | 2 +-
tools/testing/selftests/rseq/rseq.c | 32 +-
tools/testing/selftests/rseq/rseq.h | 9 +-
.../testing/selftests/timers/clocksource-switch.c | 6 +-
678 files changed, 6718 insertions(+), 3703 deletions(-)
2 months, 3 weeks
- 12
- 604
[PATCH 0/8] KVM: arm64: FPSIMD/SVE/SME fixes
by Mark Rutland
These patches fix some isuses with the way KVM manages FPSIMD/SVE?SME
state. The series supersedes my earlier attempt at fixing the host SVE
state corruption issue:
https://lore.kernel.org/linux-arm-kernel/20250121100026.3974971-1-mark.rutl…
Patch 1 addreses the host SVE state corruption issue by always saving
and unbinding the host state when loading a vCPU, as discussed on the
earlier patch:
https://lore.kernel.org/linux-arm-kernel/Z4--YuG5SWrP_pW7@J2N7QTR9R3/
https://lore.kernel.org/linux-arm-kernel/86plkful48.wl-maz@kernel.org/
Patches 2 to 4 remove code made redundant by patch 1. These probably
warrant backporting along with patch 1 as there is some historical
brokenness in the code they remove.
Patches 5 to 7 are preparatory refactoring for patch 8, and are not
intended to have any functional impact.
Patch 8 addreses some mismanagement of ZCR_EL{1,2} which can result in
the host VMM unexpectedly receiving a SIGKILL. To fix this, we eagerly
swith ZCR_EL{1,2} at guest<->host transitions, as discussed on another
series:
https://lore.kernel.org/linux-arm-kernel/Z4pAMaEYvdLpmbg2@J2N7QTR9R3/
https://lore.kernel.org/linux-arm-kernel/86o6zzukwr.wl-maz@kernel.org/
https://lore.kernel.org/linux-arm-kernel/Z5Dc-WMu2azhTuMn@J2N7QTR9R3/
The end result is that KVM loses ~100 lines of code, and becomes a bit
simpler to reaason about.
I've pushed these patches (with some additional debug patches that can
be used for testing) to the arm64-kvm-fpsimd-fixes-20250204 tag on my
kernel.org repo:
https://git.kernel.org/pub/scm/linux/kernel/git/mark/linux.git/
git://git.kernel.org/pub/scm/linux/kernel/git/mark/linux.git
I've given this some basic testing on a virtual platform, booting a host
and a guest with and without constraining the guet's max SVE VL, with:
* kvm_arm.mode=vhe
* kvm_arm.mode=nvhe
* kvm_arm.mode=protected (IIUC this will default to hVHE)
Any additional testing would be much appreciated.
Mark.
Mark Rutland (8):
KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state
KVM: arm64: Remove host FPSIMD saving for non-protected KVM
KVM: arm64: Remove VHE host restore of CPACR_EL1.ZEN
KVM: arm64: Remove VHE host restore of CPACR_EL1.SMEN
KVM: arm64: Refactor CPTR trap deactivation
KVM: arm64: Refactor exit handlers
KVM: arm64: Mark some header functions as inline
KVM: arm64: Eagerly switch ZCR_EL{1,2}
arch/arm64/include/asm/kvm_emulate.h | 42 ---------
arch/arm64/include/asm/kvm_host.h | 22 +----
arch/arm64/kernel/fpsimd.c | 25 -----
arch/arm64/kvm/arm.c | 8 --
arch/arm64/kvm/fpsimd.c | 100 ++------------------
arch/arm64/kvm/hyp/include/hyp/switch.h | 116 +++++++++++++++++-------
arch/arm64/kvm/hyp/nvhe/hyp-main.c | 15 ++-
arch/arm64/kvm/hyp/nvhe/switch.c | 91 ++++++++++---------
arch/arm64/kvm/hyp/vhe/switch.c | 33 ++++---
9 files changed, 170 insertions(+), 282 deletions(-)
--
2.30.2
2 months, 3 weeks
- 4
- 23
[PATCH v1 01/16] mm: hugetlb: Add huge page size param to huge_ptep_get_and_clear()
by Ryan Roberts
In order to fix a bug, arm64 needs to be told the size of the huge page
for which the huge_pte is being set in huge_ptep_get_and_clear().
Provide for this by adding an `unsigned long sz` parameter to the
function. This follows the same pattern as huge_pte_clear() and
set_huge_pte_at().
This commit makes the required interface modifications to the core mm as
well as all arches that implement this function (arm64, loongarch, mips,
parisc, powerpc, riscv, s390, sparc). The actual arm64 bug will be fixed
in a separate commit.
Cc: <stable(a)vger.kernel.org>
Fixes: 66b3923a1a0f ("arm64: hugetlb: add support for PTE contiguous bit")
Signed-off-by: Ryan Roberts <ryan.roberts(a)arm.com>
---
arch/arm64/include/asm/hugetlb.h | 4 ++--
arch/arm64/mm/hugetlbpage.c | 8 +++++---
arch/loongarch/include/asm/hugetlb.h | 6 ++++--
arch/mips/include/asm/hugetlb.h | 6 ++++--
arch/parisc/include/asm/hugetlb.h | 2 +-
arch/parisc/mm/hugetlbpage.c | 2 +-
arch/powerpc/include/asm/hugetlb.h | 6 ++++--
arch/riscv/include/asm/hugetlb.h | 3 ++-
arch/riscv/mm/hugetlbpage.c | 2 +-
arch/s390/include/asm/hugetlb.h | 12 ++++++++----
arch/s390/mm/hugetlbpage.c | 10 ++++++++--
arch/sparc/include/asm/hugetlb.h | 2 +-
arch/sparc/mm/hugetlbpage.c | 2 +-
include/asm-generic/hugetlb.h | 2 +-
include/linux/hugetlb.h | 4 +++-
mm/hugetlb.c | 4 ++--
16 files changed, 48 insertions(+), 27 deletions(-)
diff --git a/arch/arm64/include/asm/hugetlb.h b/arch/arm64/include/asm/hugetlb.h
index c6dff3e69539..03db9cb21ace 100644
--- a/arch/arm64/include/asm/hugetlb.h
+++ b/arch/arm64/include/asm/hugetlb.h
@@ -42,8 +42,8 @@ extern int huge_ptep_set_access_flags(struct vm_area_struct *vma,
unsigned long addr, pte_t *ptep,
pte_t pte, int dirty);
#define __HAVE_ARCH_HUGE_PTEP_GET_AND_CLEAR
-extern pte_t huge_ptep_get_and_clear(struct mm_struct *mm,
- unsigned long addr, pte_t *ptep);
+extern pte_t huge_ptep_get_and_clear(struct mm_struct *mm, unsigned long addr,
+ pte_t *ptep, unsigned long sz);
#define __HAVE_ARCH_HUGE_PTEP_SET_WRPROTECT
extern void huge_ptep_set_wrprotect(struct mm_struct *mm,
unsigned long addr, pte_t *ptep);
diff --git a/arch/arm64/mm/hugetlbpage.c b/arch/arm64/mm/hugetlbpage.c
index 98a2a0e64e25..06db4649af91 100644
--- a/arch/arm64/mm/hugetlbpage.c
+++ b/arch/arm64/mm/hugetlbpage.c
@@ -396,8 +396,8 @@ void huge_pte_clear(struct mm_struct *mm, unsigned long addr,
__pte_clear(mm, addr, ptep);
}
-pte_t huge_ptep_get_and_clear(struct mm_struct *mm,
- unsigned long addr, pte_t *ptep)
+pte_t huge_ptep_get_and_clear(struct mm_struct *mm, unsigned long addr,
+ pte_t *ptep, unsigned long sz)
{
int ncontig;
size_t pgsize;
@@ -549,6 +549,8 @@ bool __init arch_hugetlb_valid_size(unsigned long size)
pte_t huge_ptep_modify_prot_start(struct vm_area_struct *vma, unsigned long addr, pte_t *ptep)
{
+ unsigned long psize = huge_page_size(hstate_vma(vma));
+
if (alternative_has_cap_unlikely(ARM64_WORKAROUND_2645198)) {
/*
* Break-before-make (BBM) is required for all user space mappings
@@ -558,7 +560,7 @@ pte_t huge_ptep_modify_prot_start(struct vm_area_struct *vma, unsigned long addr
if (pte_user_exec(__ptep_get(ptep)))
return huge_ptep_clear_flush(vma, addr, ptep);
}
- return huge_ptep_get_and_clear(vma->vm_mm, addr, ptep);
+ return huge_ptep_get_and_clear(vma->vm_mm, addr, ptep, psize);
}
void huge_ptep_modify_prot_commit(struct vm_area_struct *vma, unsigned long addr, pte_t *ptep,
diff --git a/arch/loongarch/include/asm/hugetlb.h b/arch/loongarch/include/asm/hugetlb.h
index c8e4057734d0..4dc4b3e04225 100644
--- a/arch/loongarch/include/asm/hugetlb.h
+++ b/arch/loongarch/include/asm/hugetlb.h
@@ -36,7 +36,8 @@ static inline void huge_pte_clear(struct mm_struct *mm, unsigned long addr,
#define __HAVE_ARCH_HUGE_PTEP_GET_AND_CLEAR
static inline pte_t huge_ptep_get_and_clear(struct mm_struct *mm,
- unsigned long addr, pte_t *ptep)
+ unsigned long addr, pte_t *ptep,
+ unsigned long sz)
{
pte_t clear;
pte_t pte = ptep_get(ptep);
@@ -51,8 +52,9 @@ static inline pte_t huge_ptep_clear_flush(struct vm_area_struct *vma,
unsigned long addr, pte_t *ptep)
{
pte_t pte;
+ unsigned long sz = huge_page_size(hstate_vma(vma));
- pte = huge_ptep_get_and_clear(vma->vm_mm, addr, ptep);
+ pte = huge_ptep_get_and_clear(vma->vm_mm, addr, ptep, sz);
flush_tlb_page(vma, addr);
return pte;
}
diff --git a/arch/mips/include/asm/hugetlb.h b/arch/mips/include/asm/hugetlb.h
index d0a86ce83de9..fbc71ddcf0f6 100644
--- a/arch/mips/include/asm/hugetlb.h
+++ b/arch/mips/include/asm/hugetlb.h
@@ -27,7 +27,8 @@ static inline int prepare_hugepage_range(struct file *file,
#define __HAVE_ARCH_HUGE_PTEP_GET_AND_CLEAR
static inline pte_t huge_ptep_get_and_clear(struct mm_struct *mm,
- unsigned long addr, pte_t *ptep)
+ unsigned long addr, pte_t *ptep,
+ unsigned long sz)
{
pte_t clear;
pte_t pte = *ptep;
@@ -42,13 +43,14 @@ static inline pte_t huge_ptep_clear_flush(struct vm_area_struct *vma,
unsigned long addr, pte_t *ptep)
{
pte_t pte;
+ unsigned long sz = huge_page_size(hstate_vma(vma));
/*
* clear the huge pte entry firstly, so that the other smp threads will
* not get old pte entry after finishing flush_tlb_page and before
* setting new huge pte entry
*/
- pte = huge_ptep_get_and_clear(vma->vm_mm, addr, ptep);
+ pte = huge_ptep_get_and_clear(vma->vm_mm, addr, ptep, sz);
flush_tlb_page(vma, addr);
return pte;
}
diff --git a/arch/parisc/include/asm/hugetlb.h b/arch/parisc/include/asm/hugetlb.h
index 5b3a5429f71b..21e9ace17739 100644
--- a/arch/parisc/include/asm/hugetlb.h
+++ b/arch/parisc/include/asm/hugetlb.h
@@ -10,7 +10,7 @@ void set_huge_pte_at(struct mm_struct *mm, unsigned long addr,
#define __HAVE_ARCH_HUGE_PTEP_GET_AND_CLEAR
pte_t huge_ptep_get_and_clear(struct mm_struct *mm, unsigned long addr,
- pte_t *ptep);
+ pte_t *ptep, unsigned long sz);
#define __HAVE_ARCH_HUGE_PTEP_CLEAR_FLUSH
static inline pte_t huge_ptep_clear_flush(struct vm_area_struct *vma,
diff --git a/arch/parisc/mm/hugetlbpage.c b/arch/parisc/mm/hugetlbpage.c
index e9d18cf25b79..a94fe546d434 100644
--- a/arch/parisc/mm/hugetlbpage.c
+++ b/arch/parisc/mm/hugetlbpage.c
@@ -126,7 +126,7 @@ void set_huge_pte_at(struct mm_struct *mm, unsigned long addr,
pte_t huge_ptep_get_and_clear(struct mm_struct *mm, unsigned long addr,
- pte_t *ptep)
+ pte_t *ptep, unsigned long sz)
{
pte_t entry;
diff --git a/arch/powerpc/include/asm/hugetlb.h b/arch/powerpc/include/asm/hugetlb.h
index dad2e7980f24..86326587e58d 100644
--- a/arch/powerpc/include/asm/hugetlb.h
+++ b/arch/powerpc/include/asm/hugetlb.h
@@ -45,7 +45,8 @@ void set_huge_pte_at(struct mm_struct *mm, unsigned long addr, pte_t *ptep,
#define __HAVE_ARCH_HUGE_PTEP_GET_AND_CLEAR
static inline pte_t huge_ptep_get_and_clear(struct mm_struct *mm,
- unsigned long addr, pte_t *ptep)
+ unsigned long addr, pte_t *ptep,
+ unsigned long sz)
{
return __pte(pte_update(mm, addr, ptep, ~0UL, 0, 1));
}
@@ -55,8 +56,9 @@ static inline pte_t huge_ptep_clear_flush(struct vm_area_struct *vma,
unsigned long addr, pte_t *ptep)
{
pte_t pte;
+ unsigned long sz = huge_page_size(hstate_vma(vma));
- pte = huge_ptep_get_and_clear(vma->vm_mm, addr, ptep);
+ pte = huge_ptep_get_and_clear(vma->vm_mm, addr, ptep, sz);
flush_hugetlb_page(vma, addr);
return pte;
}
diff --git a/arch/riscv/include/asm/hugetlb.h b/arch/riscv/include/asm/hugetlb.h
index faf3624d8057..446126497768 100644
--- a/arch/riscv/include/asm/hugetlb.h
+++ b/arch/riscv/include/asm/hugetlb.h
@@ -28,7 +28,8 @@ void set_huge_pte_at(struct mm_struct *mm,
#define __HAVE_ARCH_HUGE_PTEP_GET_AND_CLEAR
pte_t huge_ptep_get_and_clear(struct mm_struct *mm,
- unsigned long addr, pte_t *ptep);
+ unsigned long addr, pte_t *ptep,
+ unsigned long sz);
#define __HAVE_ARCH_HUGE_PTEP_CLEAR_FLUSH
pte_t huge_ptep_clear_flush(struct vm_area_struct *vma,
diff --git a/arch/riscv/mm/hugetlbpage.c b/arch/riscv/mm/hugetlbpage.c
index 42314f093922..b4a78a4b35cf 100644
--- a/arch/riscv/mm/hugetlbpage.c
+++ b/arch/riscv/mm/hugetlbpage.c
@@ -293,7 +293,7 @@ int huge_ptep_set_access_flags(struct vm_area_struct *vma,
pte_t huge_ptep_get_and_clear(struct mm_struct *mm,
unsigned long addr,
- pte_t *ptep)
+ pte_t *ptep, unsigned long sz)
{
pte_t orig_pte = ptep_get(ptep);
int pte_num;
diff --git a/arch/s390/include/asm/hugetlb.h b/arch/s390/include/asm/hugetlb.h
index 7c52acaf9f82..420c74306779 100644
--- a/arch/s390/include/asm/hugetlb.h
+++ b/arch/s390/include/asm/hugetlb.h
@@ -26,7 +26,11 @@ void __set_huge_pte_at(struct mm_struct *mm, unsigned long addr,
pte_t huge_ptep_get(struct mm_struct *mm, unsigned long addr, pte_t *ptep);
#define __HAVE_ARCH_HUGE_PTEP_GET_AND_CLEAR
-pte_t huge_ptep_get_and_clear(struct mm_struct *mm, unsigned long addr, pte_t *ptep);
+pte_t huge_ptep_get_and_clear(struct mm_struct *mm,
+ unsigned long addr, pte_t *ptep,
+ unsigned long sz);
+pte_t __huge_ptep_get_and_clear(struct mm_struct *mm,
+ unsigned long addr, pte_t *ptep);
static inline void arch_clear_hugetlb_flags(struct folio *folio)
{
@@ -48,7 +52,7 @@ static inline void huge_pte_clear(struct mm_struct *mm, unsigned long addr,
static inline pte_t huge_ptep_clear_flush(struct vm_area_struct *vma,
unsigned long address, pte_t *ptep)
{
- return huge_ptep_get_and_clear(vma->vm_mm, address, ptep);
+ return __huge_ptep_get_and_clear(vma->vm_mm, address, ptep);
}
#define __HAVE_ARCH_HUGE_PTEP_SET_ACCESS_FLAGS
@@ -59,7 +63,7 @@ static inline int huge_ptep_set_access_flags(struct vm_area_struct *vma,
int changed = !pte_same(huge_ptep_get(vma->vm_mm, addr, ptep), pte);
if (changed) {
- huge_ptep_get_and_clear(vma->vm_mm, addr, ptep);
+ __huge_ptep_get_and_clear(vma->vm_mm, addr, ptep);
__set_huge_pte_at(vma->vm_mm, addr, ptep, pte);
}
return changed;
@@ -69,7 +73,7 @@ static inline int huge_ptep_set_access_flags(struct vm_area_struct *vma,
static inline void huge_ptep_set_wrprotect(struct mm_struct *mm,
unsigned long addr, pte_t *ptep)
{
- pte_t pte = huge_ptep_get_and_clear(mm, addr, ptep);
+ pte_t pte = __huge_ptep_get_and_clear(mm, addr, ptep);
__set_huge_pte_at(mm, addr, ptep, pte_wrprotect(pte));
}
diff --git a/arch/s390/mm/hugetlbpage.c b/arch/s390/mm/hugetlbpage.c
index d9ce199953de..52ee8e854195 100644
--- a/arch/s390/mm/hugetlbpage.c
+++ b/arch/s390/mm/hugetlbpage.c
@@ -188,8 +188,8 @@ pte_t huge_ptep_get(struct mm_struct *mm, unsigned long addr, pte_t *ptep)
return __rste_to_pte(pte_val(*ptep));
}
-pte_t huge_ptep_get_and_clear(struct mm_struct *mm,
- unsigned long addr, pte_t *ptep)
+pte_t __huge_ptep_get_and_clear(struct mm_struct *mm,
+ unsigned long addr, pte_t *ptep)
{
pte_t pte = huge_ptep_get(mm, addr, ptep);
pmd_t *pmdp = (pmd_t *) ptep;
@@ -202,6 +202,12 @@ pte_t huge_ptep_get_and_clear(struct mm_struct *mm,
return pte;
}
+pte_t huge_ptep_get_and_clear(struct mm_struct *mm,
+ unsigned long addr, pte_t *ptep, unsigned long sz)
+{
+ return __huge_ptep_get_and_clear(mm, addr, ptep);
+}
+
pte_t *huge_pte_alloc(struct mm_struct *mm, struct vm_area_struct *vma,
unsigned long addr, unsigned long sz)
{
diff --git a/arch/sparc/include/asm/hugetlb.h b/arch/sparc/include/asm/hugetlb.h
index c714ca6a05aa..e7a9cdd498dc 100644
--- a/arch/sparc/include/asm/hugetlb.h
+++ b/arch/sparc/include/asm/hugetlb.h
@@ -20,7 +20,7 @@ void __set_huge_pte_at(struct mm_struct *mm, unsigned long addr,
#define __HAVE_ARCH_HUGE_PTEP_GET_AND_CLEAR
pte_t huge_ptep_get_and_clear(struct mm_struct *mm, unsigned long addr,
- pte_t *ptep);
+ pte_t *ptep, unsigned long sz);
#define __HAVE_ARCH_HUGE_PTEP_CLEAR_FLUSH
static inline pte_t huge_ptep_clear_flush(struct vm_area_struct *vma,
diff --git a/arch/sparc/mm/hugetlbpage.c b/arch/sparc/mm/hugetlbpage.c
index eee601a0d2cf..80504148d8a5 100644
--- a/arch/sparc/mm/hugetlbpage.c
+++ b/arch/sparc/mm/hugetlbpage.c
@@ -260,7 +260,7 @@ void set_huge_pte_at(struct mm_struct *mm, unsigned long addr,
}
pte_t huge_ptep_get_and_clear(struct mm_struct *mm, unsigned long addr,
- pte_t *ptep)
+ pte_t *ptep, unsigned long sz)
{
unsigned int i, nptes, orig_shift, shift;
unsigned long size;
diff --git a/include/asm-generic/hugetlb.h b/include/asm-generic/hugetlb.h
index f42133dae68e..2afc95bf1655 100644
--- a/include/asm-generic/hugetlb.h
+++ b/include/asm-generic/hugetlb.h
@@ -90,7 +90,7 @@ static inline void set_huge_pte_at(struct mm_struct *mm, unsigned long addr,
#ifndef __HAVE_ARCH_HUGE_PTEP_GET_AND_CLEAR
static inline pte_t huge_ptep_get_and_clear(struct mm_struct *mm,
- unsigned long addr, pte_t *ptep)
+ unsigned long addr, pte_t *ptep, unsigned long sz)
{
return ptep_get_and_clear(mm, addr, ptep);
}
diff --git a/include/linux/hugetlb.h b/include/linux/hugetlb.h
index ec8c0ccc8f95..bf5f7256bd28 100644
--- a/include/linux/hugetlb.h
+++ b/include/linux/hugetlb.h
@@ -1004,7 +1004,9 @@ static inline void hugetlb_count_sub(long l, struct mm_struct *mm)
static inline pte_t huge_ptep_modify_prot_start(struct vm_area_struct *vma,
unsigned long addr, pte_t *ptep)
{
- return huge_ptep_get_and_clear(vma->vm_mm, addr, ptep);
+ unsigned long psize = huge_page_size(hstate_vma(vma));
+
+ return huge_ptep_get_and_clear(vma->vm_mm, addr, ptep, psize);
}
#endif
diff --git a/mm/hugetlb.c b/mm/hugetlb.c
index 65068671e460..de9d49e521c1 100644
--- a/mm/hugetlb.c
+++ b/mm/hugetlb.c
@@ -5447,7 +5447,7 @@ static void move_huge_pte(struct vm_area_struct *vma, unsigned long old_addr,
if (src_ptl != dst_ptl)
spin_lock_nested(src_ptl, SINGLE_DEPTH_NESTING);
- pte = huge_ptep_get_and_clear(mm, old_addr, src_pte);
+ pte = huge_ptep_get_and_clear(mm, old_addr, src_pte, sz);
if (need_clear_uffd_wp && pte_marker_uffd_wp(pte))
huge_pte_clear(mm, new_addr, dst_pte, sz);
@@ -5622,7 +5622,7 @@ void __unmap_hugepage_range(struct mmu_gather *tlb, struct vm_area_struct *vma,
set_vma_resv_flags(vma, HPAGE_RESV_UNMAPPED);
}
- pte = huge_ptep_get_and_clear(mm, address, ptep);
+ pte = huge_ptep_get_and_clear(mm, address, ptep, sz);
tlb_remove_huge_tlb_entry(h, tlb, ptep, address);
if (huge_pte_dirty(pte))
set_page_dirty(page);
--
2.43.0
2 months, 3 weeks
- 2
- 2
[PATCH] regmap-irq: Add missing kfree()
by Jiasheng Jiang
Add kfree() for "d->main_status_buf" in the error-handling path to prevent
a memory leak.
Fixes: a2d21848d921 ("regmap: regmap-irq: Add main status register support")
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Jiasheng Jiang <jiashengjiangcool(a)gmail.com>
---
drivers/base/regmap/regmap-irq.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/base/regmap/regmap-irq.c b/drivers/base/regmap/regmap-irq.c
index 0bcd81389a29..b73ab3cda781 100644
--- a/drivers/base/regmap/regmap-irq.c
+++ b/drivers/base/regmap/regmap-irq.c
@@ -906,6 +906,7 @@ int regmap_add_irq_chip_fwnode(struct fwnode_handle *fwnode,
kfree(d->wake_buf);
kfree(d->mask_buf_def);
kfree(d->mask_buf);
+ kfree(d->main_status_buf);
kfree(d->status_buf);
kfree(d->status_reg_buf);
if (d->config_buf) {
--
2.25.1
2 months, 3 weeks
- 4
- 7
[PATCH netdev] net: stmmac: dwmac-rk: Provide FIFO sizes for DWMAC 1000
by Chen-Yu Tsai
From: Chen-Yu Tsai <wens(a)csie.org>
The DWMAC 1000 DMA capabilities register does not provide actual
FIFO sizes, nor does the driver really care. If they are not
provided via some other means, the driver will work fine, only
disallowing changing the MTU setting.
The recent commit 8865d22656b4 ("net: stmmac: Specify hardware
capability value when FIFO size isn't specified") changed this by
requiring the FIFO sizes to be provided, breaking devices that were
working just fine.
Provide the FIFO sizes through the driver's platform data, to not
only fix the breakage, but also enable MTU changes. The FIFO sizes
are confirmed to be the same across RK3288, RK3328, RK3399 and PX30,
based on their respective manuals. It is likely that Rockchip
synthesized their DWMAC 1000 with the same parameters on all their
chips that have it.
Fixes: eaf4fac47807 ("net: stmmac: Do not accept invalid MTU values")
Fixes: 8865d22656b4 ("net: stmmac: Specify hardware capability value when FIFO size isn't specified")
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Chen-Yu Tsai <wens(a)csie.org>
---
The reason for stable inclusion is not to fix the device breakage
(which only broke in v6.14-rc1), but to provide the values so that MTU
changes can work in older kernels.
Since a fix for stmmac in general has already been sent [1] and a revert
was also proposed [2], I'll refrain from sending mine.
[1] https://lore.kernel.org/all/20250203093419.25804-1-steven.price@arm.com/
[2] https://lore.kernel.org/all/Z6Clkh44QgdNJu_O@shell.armlinux.org.uk/
drivers/net/ethernet/stmicro/stmmac/dwmac-rk.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/stmicro/stmmac/dwmac-rk.c b/drivers/net/ethernet/stmicro/stmmac/dwmac-rk.c
index a4dc89e23a68..71a4c4967467 100644
--- a/drivers/net/ethernet/stmicro/stmmac/dwmac-rk.c
+++ b/drivers/net/ethernet/stmicro/stmmac/dwmac-rk.c
@@ -1966,8 +1966,11 @@ static int rk_gmac_probe(struct platform_device *pdev)
/* If the stmmac is not already selected as gmac4,
* then make sure we fallback to gmac.
*/
- if (!plat_dat->has_gmac4)
+ if (!plat_dat->has_gmac4) {
plat_dat->has_gmac = true;
+ plat_dat->rx_fifo_size = 4096;
+ plat_dat->tx_fifo_size = 2048;
+ }
plat_dat->fix_mac_speed = rk_fix_speed;
plat_dat->bsp_priv = rk_gmac_setup(pdev, plat_dat, data);
--
2.39.5
2 months, 3 weeks
- 6
- 8
[PATCH v2] Documentation/no_hz: Remove description that states boot CPU cannot be nohz_full
by Krishanth Jagaduri via B4 Relay
From: Oleg Nesterov <oleg(a)redhat.com>
sched/isolation: Prevent boot crash when the boot CPU is nohz_full
[ Upstream commit 5097cbcb38e6e0d2627c9dde1985e91d2c9f880e ]
Documentation/timers/no_hz.rst states that the "nohz_full=" mask must not
include the boot CPU, which is no longer true after:
commit 08ae95f4fd3b ("nohz_full: Allow the boot CPU to be nohz_full").
However after:
aae17ebb53cd ("workqueue: Avoid using isolated cpus' timers on queue_delayed_work")
the kernel will crash at boot time in this case; housekeeping_any_cpu()
returns an invalid CPU number until smp_init() brings the first
housekeeping CPU up.
Change housekeeping_any_cpu() to check the result of cpumask_any_and() and
return smp_processor_id() in this case.
This is just the simple and backportable workaround which fixes the
symptom, but smp_processor_id() at boot time should be safe at least for
type == HK_TYPE_TIMER, this more or less matches the tick_do_timer_boot_cpu
logic.
There is no worry about cpu_down(); tick_nohz_cpu_down() will not allow to
offline tick_do_timer_cpu (the 1st online housekeeping CPU).
[ Apply only documentation changes as commit which causes boot
crash when boot CPU is nohz_full is not backported to stable
kernels - Krishanth ]
Fixes: aae17ebb53cd ("workqueue: Avoid using isolated cpus' timers on queue_delayed_work")
Reported-by: Chris von Recklinghausen <crecklin(a)redhat.com>
Signed-off-by: Oleg Nesterov <oleg(a)redhat.com>
Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de>
Signed-off-by: Ingo Molnar <mingo(a)kernel.org>
Reviewed-by: Phil Auld <pauld(a)redhat.com>
Acked-by: Frederic Weisbecker <frederic(a)kernel.org>
Link: https://lore.kernel.org/r/20240411143905.GA19288@redhat.com
Closes: https://lore.kernel.org/all/20240402105847.GA24832@redhat.com/
Cc: stable(a)vger.kernel.org # 5.4+
Signed-off-by: Krishanth Jagaduri <Krishanth.Jagaduri(a)sony.com>
---
Hi,
Before kernel 6.9, Documentation/timers/no_hz.rst states that
"nohz_full=" mask must not include the boot CPU, which is no longer
true after commit 08ae95f4fd3b ("nohz_full: Allow the boot CPU to be
nohz_full").
When trying LTS kernels between 5.4 and 6.6, we noticed we could use
boot CPU as nohz_full but the information in the document was misleading.
This was fixed upstream by commit 5097cbcb38e6 ("sched/isolation: Prevent
boot crash when the boot CPU is nohz_full").
While it fixes the document description, it also fixes issue introduced
by another commit aae17ebb53cd ("workqueue: Avoid using isolated cpus'
timers on queue_delayed_work").
It is unlikely that upstream commit as a whole will be backported to
stable kernels which does not contain the commit that introduced the
issue of boot crash when boot CPU is nohz_full.
Could we fix only the document portion in stable kernels 5.4+ that
mentions boot CPU cannot be nohz_full?
---
Changes in v2:
- Add original changelog and trailers to commit message.
- Add backport note for why only document portion is modified.
- Link to v1: https://lore.kernel.org/r/20250205-send-oss-20250129-v1-1-d404921e6d7e@sony…
---
Documentation/timers/no_hz.rst | 7 ++-----
1 file changed, 2 insertions(+), 5 deletions(-)
diff --git a/Documentation/timers/no_hz.rst b/Documentation/timers/no_hz.rst
index 065db217cb04fc252bbf6a05991296e7f1d3a4c5..16bda468423e88090c0dc467ca7a5c7f3fd2bf02 100644
--- a/Documentation/timers/no_hz.rst
+++ b/Documentation/timers/no_hz.rst
@@ -129,11 +129,8 @@ adaptive-tick CPUs: At least one non-adaptive-tick CPU must remain
online to handle timekeeping tasks in order to ensure that system
calls like gettimeofday() returns accurate values on adaptive-tick CPUs.
(This is not an issue for CONFIG_NO_HZ_IDLE=y because there are no running
-user processes to observe slight drifts in clock rate.) Therefore, the
-boot CPU is prohibited from entering adaptive-ticks mode. Specifying a
-"nohz_full=" mask that includes the boot CPU will result in a boot-time
-error message, and the boot CPU will be removed from the mask. Note that
-this means that your system must have at least two CPUs in order for
+user processes to observe slight drifts in clock rate.) Note that this
+means that your system must have at least two CPUs in order for
CONFIG_NO_HZ_FULL=y to do anything for you.
Finally, adaptive-ticks CPUs must have their RCU callbacks offloaded.
---
base-commit: 219d54332a09e8d8741c1e1982f5eae56099de85
change-id: 20250129-send-oss-20250129-3c42dcf463eb
Best regards,
--
Krishanth Jagaduri <Krishanth.Jagaduri(a)sony.com>
2 months, 3 weeks
- 1
- 0
[PATCH v2] ftrace: Avoid potential division by zero in function_stat_show()
by Nikolay Kuratov
Check whether denominator expression x * (x - 1) * 1000 mod {2^32, 2^64}
produce zero and skip stddev computation in that case.
For now don't care about rec->counter * rec->counter overflow because
rec->time * rec->time overflow will likely happen earlier.
Cc: stable(a)vger.kernel.org
Fixes: e31f7939c1c27 ("ftrace: Avoid potential division by zero in function profiler")
Signed-off-by: Nikolay Kuratov <kniv(a)yandex-team.ru>
---
v2: Instead of splitting the division into two store denominator into
separate variable and zero-check it
kernel/trace/ftrace.c | 27 ++++++++++++---------------
1 file changed, 12 insertions(+), 15 deletions(-)
diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c
index 728ecda6e8d4..9ea6609588cf 100644
--- a/kernel/trace/ftrace.c
+++ b/kernel/trace/ftrace.c
@@ -540,6 +540,7 @@ static int function_stat_show(struct seq_file *m, void *v)
static struct trace_seq s;
unsigned long long avg;
unsigned long long stddev;
+ unsigned long long stddev_denom;
#endif
guard(mutex)(&ftrace_profile_lock);
@@ -559,23 +560,19 @@ static int function_stat_show(struct seq_file *m, void *v)
#ifdef CONFIG_FUNCTION_GRAPH_TRACER
seq_puts(m, " ");
- /* Sample standard deviation (s^2) */
- if (rec->counter <= 1)
- stddev = 0;
- else {
- /*
- * Apply Welford's method:
- * s^2 = 1 / (n * (n-1)) * (n * \Sum (x_i)^2 - (\Sum x_i)^2)
- */
+ /*
+ * Variance formula:
+ * s^2 = 1 / (n * (n-1)) * (n * \Sum (x_i)^2 - (\Sum x_i)^2)
+ * Maybe Welford's method is better here?
+ * Divide only by 1000 for ns^2 -> us^2 conversion.
+ * trace_print_graph_duration will divide by 1000 again.
+ */
+ stddev = 0;
+ stddev_denom = rec->counter * (rec->counter - 1) * 1000;
+ if (stddev_denom) {
stddev = rec->counter * rec->time_squared -
rec->time * rec->time;
-
- /*
- * Divide only 1000 for ns^2 -> us^2 conversion.
- * trace_print_graph_duration will divide 1000 again.
- */
- stddev = div64_ul(stddev,
- rec->counter * (rec->counter - 1) * 1000);
+ stddev = div64_ul(stddev, stddev_denom);
}
trace_seq_init(&s);
--
2.34.1
2 months, 3 weeks
- 1
- 0
[PATCH] net: stmmac: dwmac-loongson: Set correct {tx,rx}_fifo_size
by Huacai Chen
Now for dwmac-loongson {tx,rx}_fifo_size are uninitialised, which means
zero. This means dwmac-loongson doesn't support changing MTU, so set the
correct tx_fifo_size and rx_fifo_size for it (16KB multiplied by channel
counts).
Note: the Fixes tag is not exactly right, but it is a key commit of the
dwmac-loongson series.
Cc: stable(a)vger.kernel.org
Fixes: ad72f783de06827a1f ("net: stmmac: Add multi-channel support")
Signed-off-by: Chong Qiao <qiaochong(a)loongson.cn>
Signed-off-by: Huacai Chen <chenhuacai(a)loongson.cn>
---
drivers/net/ethernet/stmicro/stmmac/dwmac-loongson.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/net/ethernet/stmicro/stmmac/dwmac-loongson.c b/drivers/net/ethernet/stmicro/stmmac/dwmac-loongson.c
index bfe6e2d631bd..79acdf38c525 100644
--- a/drivers/net/ethernet/stmicro/stmmac/dwmac-loongson.c
+++ b/drivers/net/ethernet/stmicro/stmmac/dwmac-loongson.c
@@ -574,6 +574,9 @@ static int loongson_dwmac_probe(struct pci_dev *pdev, const struct pci_device_id
if (ret)
goto err_disable_device;
+ plat->tx_fifo_size = SZ_16K * plat->tx_queues_to_use;
+ plat->rx_fifo_size = SZ_16K * plat->rx_queues_to_use;
+
if (dev_of_node(&pdev->dev))
ret = loongson_dwmac_dt_config(pdev, plat, &res);
else
--
2.47.1
2 months, 3 weeks
- 5
- 5
[PATCH 2/2] scsi: qedf: Add check for bdt_info
by Jiasheng Jiang
Add a check for "bdt_info". Otherwise, if one of the allocations
for "cmgr->io_bdt_pool[i]" fails, "bdt_info->bd_tbl" will cause a NULL
pointer dereference.
Fixes: 61d8658b4a43 ("scsi: qedf: Add QLogic FastLinQ offload FCoE driver framework.")
Cc: <stable(a)vger.kernel.org> # v5.10+
Signed-off-by: Jiasheng Jiang <jiashengjiangcool(a)gmail.com>
---
drivers/scsi/qedf/qedf_io.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/scsi/qedf/qedf_io.c b/drivers/scsi/qedf/qedf_io.c
index d52057b97a4f..1ed0ee4f8dde 100644
--- a/drivers/scsi/qedf/qedf_io.c
+++ b/drivers/scsi/qedf/qedf_io.c
@@ -125,7 +125,7 @@ void qedf_cmd_mgr_free(struct qedf_cmd_mgr *cmgr)
bd_tbl_sz = QEDF_MAX_BDS_PER_CMD * sizeof(struct scsi_sge);
for (i = 0; i < num_ios; i++) {
bdt_info = cmgr->io_bdt_pool[i];
- if (bdt_info->bd_tbl) {
+ if (bdt_info && bdt_info->bd_tbl) {
dma_free_coherent(&qedf->pdev->dev, bd_tbl_sz,
bdt_info->bd_tbl, bdt_info->bd_tbl_dma);
bdt_info->bd_tbl = NULL;
--
2.25.1
2 months, 3 weeks
- 1
- 0
[PATCH net] selftests: mptcp: connect: -f: no reconnect
by Matthieu Baerts (NGI0)
The '-f' parameter is there to force the kernel to emit MPTCP FASTCLOSE
by closing the connection with unread bytes in the receive queue.
The xdisconnect() helper was used to stop the connection, but it does
more than that: it will shut it down, then wait before reconnecting to
the same address. This causes the mptcp_join's "fastclose test" to fail
all the time.
This failure is due to a recent change, with commit 218cc166321f
("selftests: mptcp: avoid spurious errors on disconnect"), but that went
unnoticed because the test is currently ignored. The recent modification
only shown an existing issue: xdisconnect() doesn't need to be used
here, only the shutdown() part is needed.
Fixes: 6bf41020b72b ("selftests: mptcp: update and extend fastclose test-cases")
Cc: stable(a)vger.kernel.org
Reviewed-by: Mat Martineau <martineau(a)kernel.org>
Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org>
---
Notes:
- The failure was not clearly visible on NIPA, because the results for
the two impacted sub-tests are currently ignored (unstable). Still,
it looks important to fix that, as this will help when the tests will
be improved not to be unstable any more.
---
tools/testing/selftests/net/mptcp/mptcp_connect.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/testing/selftests/net/mptcp/mptcp_connect.c b/tools/testing/selftests/net/mptcp/mptcp_connect.c
index 414addef9a4514c489ecd09249143fe0ce2af649..d240d02fa443a1cd802f0e705ab36db5c22063a8 100644
--- a/tools/testing/selftests/net/mptcp/mptcp_connect.c
+++ b/tools/testing/selftests/net/mptcp/mptcp_connect.c
@@ -1302,7 +1302,7 @@ int main_loop(void)
return ret;
if (cfg_truncate > 0) {
- xdisconnect(fd);
+ shutdown(fd, SHUT_WR);
} else if (--cfg_repeat > 0) {
xdisconnect(fd);
---
base-commit: 4241a702e0d0c2ca9364cfac08dbf134264962de
change-id: 20250204-net-mptcp-sft-conn-f-d1c14274ba66
Best regards,
--
Matthieu Baerts (NGI0) <matttbe(a)kernel.org>
2 months, 3 weeks
- 2
- 1
[PATCH 6.6 0/6] md/md-bitmap: move bitmap_{start, end}write to md upper layer
by Yu Kuai
From: Yu Kuai <yukuai3(a)huawei.com>
This set fix reported problem:
https://lore.kernel.org/all/CAJpMwyjmHQLvm6zg1cmQErttNNQPDAAXPKM3xgTjMhbfts…
https://lore.kernel.org/all/ADF7D720-5764-4AF3-B68E-1845988737AA@flyingcirc…
See details in patch 6.
Benjamin Marzinski (1):
md/raid5: recheck if reshape has finished with device_lock held
Yu Kuai (5):
md/md-bitmap: factor behind write counters out from
bitmap_{start/end}write()
md/md-bitmap: remove the last parameter for bimtap_ops->endwrite()
md: add a new callback pers->bitmap_sector()
md/raid5: implement pers->bitmap_sector()
md/md-bitmap: move bitmap_{start, end}write to md upper layer
drivers/md/md-bitmap.c | 75 ++++++++++-------
drivers/md/md-bitmap.h | 6 +-
drivers/md/md.c | 26 ++++++
drivers/md/md.h | 5 ++
drivers/md/raid1.c | 35 ++------
drivers/md/raid1.h | 1 -
drivers/md/raid10.c | 26 +-----
drivers/md/raid10.h | 1 -
drivers/md/raid5-cache.c | 4 -
drivers/md/raid5.c | 174 ++++++++++++++++++++++-----------------
drivers/md/raid5.h | 4 -
11 files changed, 185 insertions(+), 172 deletions(-)
--
2.39.2
2 months, 3 weeks
- 3
- 10
[PATCH 6.13 0/5] md/md-bitmap: move bitmap_{start, end}write to md upper layer
by Yu Kuai
This set fix reported problem:
https://lore.kernel.org/all/CAJpMwyjmHQLvm6zg1cmQErttNNQPDAAXPKM3xgTjMhbfts…
https://lore.kernel.org/all/ADF7D720-5764-4AF3-B68E-1845988737AA@flyingcirc…
See details in patch 5.
Yu Kuai (5):
md/md-bitmap: factor behind write counters out from
bitmap_{start/end}write()
md/md-bitmap: remove the last parameter for bimtap_ops->endwrite()
md: add a new callback pers->bitmap_sector()
md/raid5: implement pers->bitmap_sector()
md/md-bitmap: move bitmap_{start, end}write to md upper layer
drivers/md/md-bitmap.c | 74 ++++++++++++++++----------
drivers/md/md-bitmap.h | 7 ++-
drivers/md/md.c | 29 ++++++++++
drivers/md/md.h | 5 ++
drivers/md/raid1.c | 34 +++---------
drivers/md/raid1.h | 1 -
drivers/md/raid10.c | 26 +--------
drivers/md/raid10.h | 1 -
drivers/md/raid5-cache.c | 4 --
drivers/md/raid5.c | 111 ++++++++++++++++++++-------------------
drivers/md/raid5.h | 4 --
11 files changed, 149 insertions(+), 147 deletions(-)
--
2.39.2
2 months, 3 weeks
- 3
- 9
[PATCH] drivers: virt: acrn: hsm: Use kzalloc to avoid info leak in pmcmd_ioctl
by Haoyu Li
In the "pmcmd_ioctl" function, three memory objects allocated by
kmalloc are initialized by "hcall_get_cpu_state", which are then
copied to user space. The initializer is indeed implemented in
"acrn_hypercall2" (arch/x86/include/asm/acrn.h). There is a risk of
information leakage due to uninitialized bytes.
Fixes: 3d679d5aec64 ("virt: acrn: Introduce interfaces to query C-states and P-states allowed by hypervisor")
Signed-off-by: Haoyu Li <lihaoyu499(a)gmail.com>
Cc: stable(a)vger.kernel.org
---
drivers/virt/acrn/hsm.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/virt/acrn/hsm.c b/drivers/virt/acrn/hsm.c
index c24036c4e51e..e4e196abdaac 100644
--- a/drivers/virt/acrn/hsm.c
+++ b/drivers/virt/acrn/hsm.c
@@ -49,7 +49,7 @@ static int pmcmd_ioctl(u64 cmd, void __user *uptr)
switch (cmd & PMCMD_TYPE_MASK) {
case ACRN_PMCMD_GET_PX_CNT:
case ACRN_PMCMD_GET_CX_CNT:
- pm_info = kmalloc(sizeof(u64), GFP_KERNEL);
+ pm_info = kzalloc(sizeof(u64), GFP_KERNEL);
if (!pm_info)
return -ENOMEM;
@@ -64,7 +64,7 @@ static int pmcmd_ioctl(u64 cmd, void __user *uptr)
kfree(pm_info);
break;
case ACRN_PMCMD_GET_PX_DATA:
- px_data = kmalloc(sizeof(*px_data), GFP_KERNEL);
+ px_data = kzalloc(sizeof(*px_data), GFP_KERNEL);
if (!px_data)
return -ENOMEM;
@@ -79,7 +79,7 @@ static int pmcmd_ioctl(u64 cmd, void __user *uptr)
kfree(px_data);
break;
case ACRN_PMCMD_GET_CX_DATA:
- cx_data = kmalloc(sizeof(*cx_data), GFP_KERNEL);
+ cx_data = kzalloc(sizeof(*cx_data), GFP_KERNEL);
if (!cx_data)
return -ENOMEM;
--
2.34.1
2 months, 3 weeks
- 2
- 1
[PATCH] usb: roles: cache usb roles received during switch registration
by Elson Roy Serrao
The role switch registration and set_role() can happen in parallel as they
are invoked independent of each other. There is a possibility that a driver
might spend significant amount of time in usb_role_switch_register() API
due to the presence of time intensive operations like component_add()
which operate under common mutex. This leads to a time window after
allocating the switch and before setting the registered flag where the set
role notifications are dropped. Below timeline summarizes this behavior
Thread1 | Thread2
usb_role_switch_register() |
| |
---> allocate switch |
| |
---> component_add() | usb_role_switch_set_role()
| | |
| | --> Drop role notifications
| | since sw->registered
| | flag is not set.
| |
--->Set registered flag.|
To avoid this, cache the last role received and set it once the switch
registration is complete. Since we are now caching the roles based on
registered flag, protect this flag with the switch mutex.
Fixes: b787a3e78175 ("usb: roles: don't get/set_role() when usb_role_switch is unregistered")
cc: stable(a)vger.kernel.org
Signed-off-by: Elson Roy Serrao <quic_eserrao(a)quicinc.com>
---
drivers/usb/roles/class.c | 45 ++++++++++++++++++++++++++++++++-------
1 file changed, 37 insertions(+), 8 deletions(-)
diff --git a/drivers/usb/roles/class.c b/drivers/usb/roles/class.c
index c58a12c147f4..c0149c31c01b 100644
--- a/drivers/usb/roles/class.c
+++ b/drivers/usb/roles/class.c
@@ -26,6 +26,8 @@ struct usb_role_switch {
struct mutex lock; /* device lock*/
struct module *module; /* the module this device depends on */
enum usb_role role;
+ enum usb_role cached_role;
+ bool cached;
bool registered;
/* From descriptor */
@@ -65,6 +67,20 @@ static const struct component_ops connector_ops = {
.unbind = connector_unbind,
};
+static int __usb_role_switch_set_role(struct usb_role_switch *sw,
+ enum usb_role role)
+{
+ int ret;
+
+ ret = sw->set(sw, role);
+ if (!ret) {
+ sw->role = role;
+ kobject_uevent(&sw->dev.kobj, KOBJ_CHANGE);
+ }
+
+ return ret;
+}
+
/**
* usb_role_switch_set_role - Set USB role for a switch
* @sw: USB role switch
@@ -79,17 +95,21 @@ int usb_role_switch_set_role(struct usb_role_switch *sw, enum usb_role role)
if (IS_ERR_OR_NULL(sw))
return 0;
- if (!sw->registered)
- return -EOPNOTSUPP;
-
+ /*
+ * Since we have a valid sw struct here, role switch registration might
+ * be in progress. Hence cache the role here and send it out once
+ * registration is complete.
+ */
mutex_lock(&sw->lock);
-
- ret = sw->set(sw, role);
- if (!ret) {
- sw->role = role;
- kobject_uevent(&sw->dev.kobj, KOBJ_CHANGE);
+ if (!sw->registered) {
+ sw->cached = true;
+ sw->cached_role = role;
+ mutex_unlock(&sw->lock);
+ return 0;
}
+ ret = __usb_role_switch_set_role(sw, role);
+
mutex_unlock(&sw->lock);
return ret;
@@ -399,8 +419,14 @@ usb_role_switch_register(struct device *parent,
dev_warn(&sw->dev, "failed to add component\n");
}
+ mutex_lock(&sw->lock);
sw->registered = true;
+ if (sw->cached)
+ __usb_role_switch_set_role(sw, sw->cached_role);
+
+ mutex_unlock(&sw->lock);
+
/* TODO: Symlinks for the host port and the device controller. */
return sw;
@@ -417,7 +443,10 @@ void usb_role_switch_unregister(struct usb_role_switch *sw)
{
if (IS_ERR_OR_NULL(sw))
return;
+ mutex_lock(&sw->lock);
sw->registered = false;
+ sw->cached = false;
+ mutex_unlock(&sw->lock);
if (dev_fwnode(&sw->dev))
component_del(&sw->dev, &connector_ops);
device_unregister(&sw->dev);
--
2.17.1
2 months, 3 weeks
- 3
- 2
[PATCH] soc: qcom: mark pd-mapper as broken
by Johan Hovold
When using the in-kernel pd-mapper on x1e80100, client drivers often
fail to communicate with the firmware during boot, which specifically
breaks battery and USB-C altmode notifications. This has been observed
to happen on almost every second boot (41%) but likely depends on probe
order:
pmic_glink_altmode.pmic_glink_altmode pmic_glink.altmode.0: failed to send altmode request: 0x10 (-125)
pmic_glink_altmode.pmic_glink_altmode pmic_glink.altmode.0: failed to request altmode notifications: -125
ucsi_glink.pmic_glink_ucsi pmic_glink.ucsi.0: failed to send UCSI read request: -125
qcom_battmgr.pmic_glink_power_supply pmic_glink.power-supply.0: failed to request power notifications
In the same setup audio also fails to probe albeit much more rarely:
PDR: avs/audio get domain list txn wait failed: -110
PDR: service lookup for avs/audio failed: -110
Chris Lew has provided an analysis and is working on a fix for the
ECANCELED (125) errors, but it is not yet clear whether this will also
address the audio regression.
Even if this was first observed on x1e80100 there is currently no reason
to believe that these issues are specific to that platform.
Disable the in-kernel pd-mapper for now, and make sure to backport this
to stable to prevent users and distros from migrating away from the
user-space service.
Fixes: 1ebcde047c54 ("soc: qcom: add pd-mapper implementation")
Cc: stable(a)vger.kernel.org # 6.11
Link: https://lore.kernel.org/lkml/Zqet8iInnDhnxkT9@hovoldconsulting.com/
Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org>
---
It's now been over two months since I reported this regression, and even
if we seem to be making some progress on at least some of these issues I
think we need disable the pd-mapper temporarily until the fixes are in
place (e.g. to prevent distros from dropping the user-space service).
Johan
#regzbot introduced: 1ebcde047c54
drivers/soc/qcom/Kconfig | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/soc/qcom/Kconfig b/drivers/soc/qcom/Kconfig
index 74b9121240f8..35ddab9338d4 100644
--- a/drivers/soc/qcom/Kconfig
+++ b/drivers/soc/qcom/Kconfig
@@ -78,6 +78,7 @@ config QCOM_PD_MAPPER
select QCOM_PDR_MSG
select AUXILIARY_BUS
depends on NET && QRTR && (ARCH_QCOM || COMPILE_TEST)
+ depends on BROKEN
default QCOM_RPROC_COMMON
help
The Protection Domain Mapper maps registered services to the domains
--
2.45.2
2 months, 3 weeks
- 6
- 18
[PATCH AUTOSEL 6.13 01/16] ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params
by Sasha Levin
From: Bard Liao <yung-chuan.liao(a)linux.intel.com>
[ Upstream commit 569922b82ca660f8b24e705f6cf674e6b1f99cc7 ]
Each cpu DAI should associate with a widget. However, the topology might
not create the right number of DAI widgets for aggregated amps. And it
will cause NULL pointer deference.
Check that the DAI widget associated with the CPU DAI is valid to prevent
NULL pointer deference due to missing DAI widgets in topologies with
aggregated amps.
Signed-off-by: Bard Liao <yung-chuan.liao(a)linux.intel.com>
Reviewed-by: Ranjani Sridharan <ranjani.sridharan(a)linux.intel.com>
Reviewed-by: Péter Ujfalusi <peter.ujfalusi(a)linux.intel.com>
Reviewed-by: Liam Girdwood <liam.r.girdwood(a)intel.com>
Link: https://patch.msgid.link/20241203104853.56956-1-yung-chuan.liao@linux.intel…
Signed-off-by: Mark Brown <broonie(a)kernel.org>
Signed-off-by: Sasha Levin <sashal(a)kernel.org>
---
sound/soc/sof/intel/hda-dai.c | 12 ++++++++++++
sound/soc/sof/intel/hda.c | 5 +++++
2 files changed, 17 insertions(+)
diff --git a/sound/soc/sof/intel/hda-dai.c b/sound/soc/sof/intel/hda-dai.c
index 0db2a3e554fb2..da12aabc1bb85 100644
--- a/sound/soc/sof/intel/hda-dai.c
+++ b/sound/soc/sof/intel/hda-dai.c
@@ -503,6 +503,12 @@ int sdw_hda_dai_hw_params(struct snd_pcm_substream *substream,
int ret;
int i;
+ if (!w) {
+ dev_err(cpu_dai->dev, "%s widget not found, check amp link num in the topology\n",
+ cpu_dai->name);
+ return -EINVAL;
+ }
+
ops = hda_dai_get_ops(substream, cpu_dai);
if (!ops) {
dev_err(cpu_dai->dev, "DAI widget ops not set\n");
@@ -582,6 +588,12 @@ int sdw_hda_dai_hw_params(struct snd_pcm_substream *substream,
*/
for_each_rtd_cpu_dais(rtd, i, dai) {
w = snd_soc_dai_get_widget(dai, substream->stream);
+ if (!w) {
+ dev_err(cpu_dai->dev,
+ "%s widget not found, check amp link num in the topology\n",
+ dai->name);
+ return -EINVAL;
+ }
ipc4_copier = widget_to_copier(w);
memcpy(&ipc4_copier->dma_config_tlv[cpu_dai_id], dma_config_tlv,
sizeof(*dma_config_tlv));
diff --git a/sound/soc/sof/intel/hda.c b/sound/soc/sof/intel/hda.c
index f991785f727e9..be689f6e10c81 100644
--- a/sound/soc/sof/intel/hda.c
+++ b/sound/soc/sof/intel/hda.c
@@ -63,6 +63,11 @@ static int sdw_params_stream(struct device *dev,
struct snd_soc_dapm_widget *w = snd_soc_dai_get_widget(d, params_data->substream->stream);
struct snd_sof_dai_config_data data = { 0 };
+ if (!w) {
+ dev_err(dev, "%s widget not found, check amp link num in the topology\n",
+ d->name);
+ return -EINVAL;
+ }
data.dai_index = (params_data->link_id << 8) | d->id;
data.dai_data = params_data->alh_stream_id;
data.dai_node_id = data.dai_data;
--
2.39.5
2 months, 3 weeks
- 3
- 18
[PATCH] ACPI: PRM: Remove unnecessary strict handler address checks
by Aubrey Li
Commit 088984c8d54c ("ACPI: PRM: Find EFI_MEMORY_RUNTIME block for PRM
handler and context") added unnecessary strict handler address checks,
caused the PRM module to fail in translating memory error addresses.
Both static data buffer address and acpi parameter buffer address may
be NULL if they are not needed, as described in section 4.1.2 PRM Handler
Information Structure of Platform Runtime Mechanism specification [1].
Here are two examples from real hardware:
----PRMT.dsl----
- staic data address is not used
[10Ch 0268 2] Revision : 0000
[10Eh 0270 2] Length : 002C
[110h 0272 16] Handler GUID : F6A58D47-E04F-4F5A-86B8-2A50D4AA109B
[120h 0288 8] Handler address : 0000000065CE51F4
[128h 0296 8] Satic Data Address : 0000000000000000
[130h 0304 8] ACPI Parameter Address : 000000006522A718
- ACPI parameter address is not used
[1B0h 0432 2] Revision : 0000
[1B2h 0434 2] Length : 002C
[1B4h 0436 16] Handler GUID : 657E8AE6-A8FC-4877-BB28-42E7DE1899A5
[1C4h 0452 8] Handler address : 0000000065C567C8
[1CCh 0460 8] Satic Data Address : 000000006113FB98
[1D4h 0468 8] ACPI Parameter Address : 0000000000000000
Fixes: 088984c8d54c ("ACPI: PRM: Find EFI_MEMORY_RUNTIME block for PRM handler and context")
Reported-and-tested-by: Shi Liu <aurelianliu(a)tencent.com>
Cc: All applicable <stable(a)vger.kernel.org>
Signed-off-by: Aubrey Li <aubrey.li(a)linux.intel.com>
Link: https://uefi.org/sites/default/files/resources/Platform%20Runtime%20Mechani… # [1]
---
drivers/acpi/prmt.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/drivers/acpi/prmt.c b/drivers/acpi/prmt.c
index 747f83f7114d..e549914a636c 100644
--- a/drivers/acpi/prmt.c
+++ b/drivers/acpi/prmt.c
@@ -287,9 +287,7 @@ static acpi_status acpi_platformrt_space_handler(u32 function,
if (!handler || !module)
goto invalid_guid;
- if (!handler->handler_addr ||
- !handler->static_data_buffer_addr ||
- !handler->acpi_param_buffer_addr) {
+ if (!handler->handler_addr) {
buffer->prm_status = PRM_HANDLER_ERROR;
return AE_OK;
}
--
2.34.1
2 months, 3 weeks
- 4
- 3
Business Help
by Calib Cassim
Good Day,
How are you?
My name is Calib Cassim from Eskom Holdings Ltd. SA. I got your email from
my personal search.
I have in my position an (over-invoice / estimated) contract amount
executed by a Foreign Contractor through my Department, which the
contractor has been paid, and left the (over-invoice / estimated) amount
with the Payor.
So, I'm asking for your help to receive $25.5 Million on my behalf for my
investment in your area, I will obtain all the needed legal documents in
your name for the transfer of the amount to you.
If you can help, please send me your phone number for easy communication.
Thanks,
Mr. Calib
2 months, 3 weeks
- 1
- 0
[PATCH v2] scsi: core: Do not retry I/Os during depopulation
by Igor Pylypiv
Fail I/Os instead of retry to prevent user space processes from being
blocked on the I/O completion for several minutes.
Retrying I/Os during "depopulation in progress" or "depopulation restore
in progress" results in a continuous retry loop until the depopulation
completes or until the I/O retry loop is aborted due to a timeout by
the scsi_cmd_runtime_exceeced().
Depopulation is slow and can take 24+ hours to complete on 20+ TB HDDs.
Most I/Os in the depopulation retry loop end up taking several minutes
before returning the failure to user space.
Cc: <stable(a)vger.kernel.org> # 4.18.x: 2bbeb8d scsi: core: Handle depopulation and restoration in progress
Cc: <stable(a)vger.kernel.org> # 4.18.x
Fixes: e37c7d9a0341 ("scsi: core: sanitize++ in progress")
Signed-off-by: Igor Pylypiv <ipylypiv(a)google.com>
---
Changes in v2:
- Added Fixes: and Cc: stable tags.
drivers/scsi/scsi_lib.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c
index e7ea1f04164a..3ab4c958da45 100644
--- a/drivers/scsi/scsi_lib.c
+++ b/drivers/scsi/scsi_lib.c
@@ -872,13 +872,18 @@ static void scsi_io_completion_action(struct scsi_cmnd *cmd, int result)
case 0x1a: /* start stop unit in progress */
case 0x1b: /* sanitize in progress */
case 0x1d: /* configuration in progress */
- case 0x24: /* depopulation in progress */
- case 0x25: /* depopulation restore in progress */
action = ACTION_DELAYED_RETRY;
break;
case 0x0a: /* ALUA state transition */
action = ACTION_DELAYED_REPREP;
break;
+ /*
+ * Depopulation might take many hours,
+ * thus it is not worthwhile to retry.
+ */
+ case 0x24: /* depopulation in progress */
+ case 0x25: /* depopulation restore in progress */
+ fallthrough;
default:
action = ACTION_FAIL;
break;
--
2.48.1.362.g079036d154-goog
2 months, 3 weeks
- 2
- 1
[PATCH 2/5] net: usb: qmi_wwan: add Telit Cinterion FN990B composition
by Fabio Porcedda
Add the following Telit Cinterion FN990B composition:
0x10d0: rmnet + tty (AT/NMEA) + tty (AT) + tty (AT) + tty (AT) +
tty (diag) + DPL + QDSS (Qualcomm Debug SubSystem) + adb
T: Bus=01 Lev=01 Prnt=01 Port=01 Cnt=01 Dev#= 17 Spd=480 MxCh= 0
D: Ver= 2.10 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs= 1
P: Vendor=1bc7 ProdID=10d0 Rev=05.15
S: Manufacturer=Telit Cinterion
S: Product=FN990
S: SerialNumber=43b38f19
C: #Ifs= 9 Cfg#= 1 Atr=e0 MxPwr=500mA
I: If#= 0 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=50 Driver=qmi_wwan
E: Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=81(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=82(I) Atr=03(Int.) MxPS= 8 Ivl=32ms
I: If#= 1 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=60 Driver=option
E: Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=83(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=84(I) Atr=03(Int.) MxPS= 10 Ivl=32ms
I: If#= 2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=40 Driver=option
E: Ad=03(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=85(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=86(I) Atr=03(Int.) MxPS= 10 Ivl=32ms
I: If#= 3 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=40 Driver=option
E: Ad=04(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=87(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=88(I) Atr=03(Int.) MxPS= 10 Ivl=32ms
I: If#= 4 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=40 Driver=option
E: Ad=05(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=89(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=8a(I) Atr=03(Int.) MxPS= 10 Ivl=32ms
I: If#= 5 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=30 Driver=option
E: Ad=06(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=8b(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I: If#= 6 Alt= 0 #EPs= 1 Cls=ff(vend.) Sub=ff Prot=80 Driver=(none)
E: Ad=8c(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I: If#= 7 Alt= 0 #EPs= 1 Cls=ff(vend.) Sub=ff Prot=70 Driver=(none)
E: Ad=8d(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I: If#= 8 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=42 Prot=01 Driver=usbfs
E: Ad=07(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=8e(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
Cc: stable(a)vger.kernel.org
Signed-off-by: Fabio Porcedda <fabio.porcedda(a)gmail.com>
---
drivers/net/usb/qmi_wwan.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/net/usb/qmi_wwan.c b/drivers/net/usb/qmi_wwan.c
index e9208a8d2bfa..7548ac187c26 100644
--- a/drivers/net/usb/qmi_wwan.c
+++ b/drivers/net/usb/qmi_wwan.c
@@ -1368,6 +1368,7 @@ static const struct usb_device_id products[] = {
{QMI_QUIRK_SET_DTR(0x1bc7, 0x10c0, 0)}, /* Telit FE910C04 */
{QMI_QUIRK_SET_DTR(0x1bc7, 0x10c4, 0)}, /* Telit FE910C04 */
{QMI_QUIRK_SET_DTR(0x1bc7, 0x10c8, 0)}, /* Telit FE910C04 */
+ {QMI_QUIRK_SET_DTR(0x1bc7, 0x10d0, 0)}, /* Telit FN990B */
{QMI_FIXED_INTF(0x1bc7, 0x1100, 3)}, /* Telit ME910 */
{QMI_FIXED_INTF(0x1bc7, 0x1101, 3)}, /* Telit ME910 dual modem */
{QMI_FIXED_INTF(0x1bc7, 0x1200, 5)}, /* Telit LE920 */
--
2.48.1
2 months, 3 weeks
- 1
- 0
[PATCH] Input: cyttsp5 - ensure minimum reset pulse width
by Hugo Villeneuve
From: Hugo Villeneuve <hvilleneuve(a)dimonoff.com>
The current reset pulse width is measured to be 5us on a
Renesas RZ/G2L SOM. The manufacturer's minimum reset pulse width is
specified as 10us.
Extend reset pulse width to make sure it is long enough on all platforms.
Also reword confusing comments about reset pin assertion.
Fixes: 5b0c03e24a06 ("Input: Add driver for Cypress Generation 5 touchscreen")
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Hugo Villeneuve <hvilleneuve(a)dimonoff.com>
---
drivers/input/touchscreen/cyttsp5.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/input/touchscreen/cyttsp5.c b/drivers/input/touchscreen/cyttsp5.c
index eafe5a9b8964..bb09e84d0e92 100644
--- a/drivers/input/touchscreen/cyttsp5.c
+++ b/drivers/input/touchscreen/cyttsp5.c
@@ -870,13 +870,16 @@ static int cyttsp5_probe(struct device *dev, struct regmap *regmap, int irq,
ts->input->phys = ts->phys;
input_set_drvdata(ts->input, ts);
- /* Reset the gpio to be in a reset state */
+ /* Assert gpio to be in a reset state */
ts->reset_gpio = devm_gpiod_get_optional(dev, "reset", GPIOD_OUT_HIGH);
if (IS_ERR(ts->reset_gpio)) {
error = PTR_ERR(ts->reset_gpio);
dev_err(dev, "Failed to request reset gpio, error %d\n", error);
return error;
}
+
+ fsleep(1000); /* Ensure long-enough reset pulse (minimum 10us). */
+
gpiod_set_value_cansleep(ts->reset_gpio, 0);
/* Need a delay to have device up */
base-commit: 0de63bb7d91975e73338300a57c54b93d3cc151c
--
2.39.5
2 months, 3 weeks
- 3
- 3
Re: [PATCH 6.13 000/623] 6.13.2-rc1 review
by Ronald Warsow
Hi Greg
no regressions here on x86_64 (RKL, Intel 11th Gen. CPU)
Thanks
Tested-by: Ronald Warsow <rwarsow(a)gmx.de>
2 months, 3 weeks
- 1
- 0
[PATCH v2] mm,madvise,hugetlb: check for 0-length range after end address adjustment
by Ricardo Cañuelo Navarro
Add a sanity check to madvise_dontneed_free() to address a corner case
in madvise where a race condition causes the current vma being processed
to be backed by a different page size.
During a madvise(MADV_DONTNEED) call on a memory region registered with
a userfaultfd, there's a period of time where the process mm lock is
temporarily released in order to send a UFFD_EVENT_REMOVE and let
userspace handle the event. During this time, the vma covering the
current address range may change due to an explicit mmap done
concurrently by another thread.
If, after that change, the memory region, which was originally backed by
4KB pages, is now backed by hugepages, the end address is rounded down
to a hugepage boundary to avoid data loss (see "Fixes" below). This
rounding may cause the end address to be truncated to the same address
as the start.
Make this corner case follow the same semantics as in other similar
cases where the requested region has zero length (ie. return 0).
This will make madvise_walk_vmas() continue to the next vma in the
range (this time holding the process mm lock) which, due to the prev
pointer becoming stale because of the vma change, will be the same
hugepage-backed vma that was just checked before. The next time
madvise_dontneed_free() runs for this vma, if the start address isn't
aligned to a hugepage boundary, it'll return -EINVAL, which is also in
line with the madvise api.
From userspace perspective, madvise() will return EINVAL because the
start address isn't aligned according to the new vma alignment
requirements (hugepage), even though it was correctly page-aligned when
the call was issued.
Fixes: 8ebe0a5eaaeb ("mm,madvise,hugetlb: fix unexpected data loss with MADV_DONTNEED on hugetlbfs")
Cc: stable(a)vger.kernel.org
Signed-off-by: Ricardo Cañuelo Navarro <rcn(a)igalia.com>
---
Changes in v2:
- Added documentation in the code to tell the user how this situation
can happen. (Andrew)
---
mm/madvise.c | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/mm/madvise.c b/mm/madvise.c
index 49f3a75046f6..08b207f8e61e 100644
--- a/mm/madvise.c
+++ b/mm/madvise.c
@@ -933,7 +933,16 @@ static long madvise_dontneed_free(struct vm_area_struct *vma,
*/
end = vma->vm_end;
}
- VM_WARN_ON(start >= end);
+ /*
+ * If the memory region between start and end was
+ * originally backed by 4kB pages and then remapped to
+ * be backed by hugepages while mmap_lock was dropped,
+ * the adjustment for hugetlb vma above may have rounded
+ * end down to the start address.
+ */
+ if (start == end)
+ return 0;
+ VM_WARN_ON(start > end);
}
if (behavior == MADV_DONTNEED || behavior == MADV_DONTNEED_LOCKED)
--
2.48.1
2 months, 3 weeks
- 2
- 1
FAILED: patch "[PATCH] btrfs: fix double accounting race when" failed to apply to 5.4-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 5.4-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y
git checkout FETCH_HEAD
git cherry-pick -x 72dad8e377afa50435940adfb697e070d3556670
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025020535-recognize-universe-67dc@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 72dad8e377afa50435940adfb697e070d3556670 Mon Sep 17 00:00:00 2001
From: Qu Wenruo <wqu(a)suse.com>
Date: Thu, 12 Dec 2024 16:43:55 +1030
Subject: [PATCH] btrfs: fix double accounting race when
btrfs_run_delalloc_range() failed
[BUG]
When running btrfs with block size (4K) smaller than page size (64K,
aarch64), there is a very high chance to crash the kernel at
generic/750, with the following messages:
(before the call traces, there are 3 extra debug messages added)
BTRFS warning (device dm-3): read-write for sector size 4096 with page size 65536 is experimental
BTRFS info (device dm-3): checking UUID tree
hrtimer: interrupt took 5451385 ns
BTRFS error (device dm-3): cow_file_range failed, root=4957 inode=257 start=1605632 len=69632: -28
BTRFS error (device dm-3): run_delalloc_nocow failed, root=4957 inode=257 start=1605632 len=69632: -28
BTRFS error (device dm-3): failed to run delalloc range, root=4957 ino=257 folio=1572864 submit_bitmap=8-15 start=1605632 len=69632: -28
------------[ cut here ]------------
WARNING: CPU: 2 PID: 3020984 at ordered-data.c:360 can_finish_ordered_extent+0x370/0x3b8 [btrfs]
CPU: 2 UID: 0 PID: 3020984 Comm: kworker/u24:1 Tainted: G OE 6.13.0-rc1-custom+ #89
Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE
Hardware name: QEMU KVM Virtual Machine, BIOS unknown 2/2/2022
Workqueue: events_unbound btrfs_async_reclaim_data_space [btrfs]
pc : can_finish_ordered_extent+0x370/0x3b8 [btrfs]
lr : can_finish_ordered_extent+0x1ec/0x3b8 [btrfs]
Call trace:
can_finish_ordered_extent+0x370/0x3b8 [btrfs] (P)
can_finish_ordered_extent+0x1ec/0x3b8 [btrfs] (L)
btrfs_mark_ordered_io_finished+0x130/0x2b8 [btrfs]
extent_writepage+0x10c/0x3b8 [btrfs]
extent_write_cache_pages+0x21c/0x4e8 [btrfs]
btrfs_writepages+0x94/0x160 [btrfs]
do_writepages+0x74/0x190
filemap_fdatawrite_wbc+0x74/0xa0
start_delalloc_inodes+0x17c/0x3b0 [btrfs]
btrfs_start_delalloc_roots+0x17c/0x288 [btrfs]
shrink_delalloc+0x11c/0x280 [btrfs]
flush_space+0x288/0x328 [btrfs]
btrfs_async_reclaim_data_space+0x180/0x228 [btrfs]
process_one_work+0x228/0x680
worker_thread+0x1bc/0x360
kthread+0x100/0x118
ret_from_fork+0x10/0x20
---[ end trace 0000000000000000 ]---
BTRFS critical (device dm-3): bad ordered extent accounting, root=4957 ino=257 OE offset=1605632 OE len=16384 to_dec=16384 left=0
BTRFS critical (device dm-3): bad ordered extent accounting, root=4957 ino=257 OE offset=1622016 OE len=12288 to_dec=12288 left=0
Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008
BTRFS critical (device dm-3): bad ordered extent accounting, root=4957 ino=257 OE offset=1634304 OE len=8192 to_dec=4096 left=0
CPU: 1 UID: 0 PID: 3286940 Comm: kworker/u24:3 Tainted: G W OE 6.13.0-rc1-custom+ #89
Hardware name: QEMU KVM Virtual Machine, BIOS unknown 2/2/2022
Workqueue: btrfs_work_helper [btrfs] (btrfs-endio-write)
pstate: 404000c5 (nZcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : process_one_work+0x110/0x680
lr : worker_thread+0x1bc/0x360
Call trace:
process_one_work+0x110/0x680 (P)
worker_thread+0x1bc/0x360 (L)
worker_thread+0x1bc/0x360
kthread+0x100/0x118
ret_from_fork+0x10/0x20
Code: f84086a1 f9000fe1 53041c21 b9003361 (f9400661)
---[ end trace 0000000000000000 ]---
Kernel panic - not syncing: Oops: Fatal exception
SMP: stopping secondary CPUs
SMP: failed to stop secondary CPUs 2-3
Dumping ftrace buffer:
(ftrace buffer empty)
Kernel Offset: 0x275bb9540000 from 0xffff800080000000
PHYS_OFFSET: 0xffff8fbba0000000
CPU features: 0x100,00000070,00801250,8201720b
[CAUSE]
The above warning is triggered immediately after the delalloc range
failure, this happens in the following sequence:
- Range [1568K, 1636K) is dirty
1536K 1568K 1600K 1636K 1664K
| |/////////|////////| |
Where 1536K, 1600K and 1664K are page boundaries (64K page size)
- Enter extent_writepage() for page 1536K
- Enter run_delalloc_nocow() with locked page 1536K and range
[1568K, 1636K)
This is due to the inode having preallocated extents.
- Enter cow_file_range() with locked page 1536K and range
[1568K, 1636K)
- btrfs_reserve_extent() only reserved two extents
The main loop of cow_file_range() only reserved two data extents,
Now we have:
1536K 1568K 1600K 1636K 1664K
| |<-->|<--->|/|///////| |
1584K 1596K
Range [1568K, 1596K) has an ordered extent reserved.
- btrfs_reserve_extent() failed inside cow_file_range() for file offset
1596K
This is already a bug in our space reservation code, but for now let's
focus on the error handling path.
Now cow_file_range() returned -ENOSPC.
- btrfs_run_delalloc_range() do error cleanup <<< ROOT CAUSE
Call btrfs_cleanup_ordered_extents() with locked folio 1536K and range
[1568K, 1636K)
Function btrfs_cleanup_ordered_extents() normally needs to skip the
ranges inside the folio, as it will normally be cleaned up by
extent_writepage().
Such split error handling is already problematic in the first place.
What's worse is the folio range skipping itself, which is not taking
subpage cases into consideration at all, it will only skip the range
if the page start >= the range start.
In our case, the page start < the range start, since for subpage cases
we can have delalloc ranges inside the folio but not covering the
folio.
So it doesn't skip the page range at all.
This means all the ordered extents, both [1568K, 1584K) and
[1584K, 1596K) will be marked as IOERR.
And these two ordered extents have no more pending ios, they are marked
finished, and *QUEUED* to be deleted from the io tree.
- extent_writepage() do error cleanup
Call btrfs_mark_ordered_io_finished() for the range [1536K, 1600K).
Although ranges [1568K, 1584K) and [1584K, 1596K) are finished, the
deletion from io tree is async, it may or may not happen at this
time.
If the ranges have not yet been removed, we will do double cleaning on
those ranges, triggering the above ordered extent warnings.
In theory there are other bugs, like the cleanup in extent_writepage()
can cause double accounting on ranges that are submitted asynchronously
(compression for example).
But that's much harder to trigger because normally we do not mix regular
and compression delalloc ranges.
[FIX]
The folio range split is already buggy and not subpage compatible, it
was introduced a long time ago where subpage support was not even considered.
So instead of splitting the ordered extents cleanup into the folio range
and out of folio range, do all the cleanup inside writepage_delalloc().
- Pass @NULL as locked_folio for btrfs_cleanup_ordered_extents() in
btrfs_run_delalloc_range()
- Skip the btrfs_cleanup_ordered_extents() if writepage_delalloc()
failed
So all ordered extents are only cleaned up by
btrfs_run_delalloc_range().
- Handle the ranges that already have ordered extents allocated
If part of the folio already has ordered extent allocated, and
btrfs_run_delalloc_range() failed, we also need to cleanup that range.
Now we have a concentrated error handling for ordered extents during
btrfs_run_delalloc_range().
Fixes: d1051d6ebf8e ("btrfs: Fix error handling in btrfs_cleanup_ordered_extents")
CC: stable(a)vger.kernel.org # 5.15+
Reviewed-by: Boris Burkov <boris(a)bur.io>
Signed-off-by: Qu Wenruo <wqu(a)suse.com>
Signed-off-by: David Sterba <dsterba(a)suse.com>
diff --git a/fs/btrfs/extent_io.c b/fs/btrfs/extent_io.c
index c068a442753c..bc2bd103c8cc 100644
--- a/fs/btrfs/extent_io.c
+++ b/fs/btrfs/extent_io.c
@@ -1134,14 +1134,19 @@ static bool find_next_delalloc_bitmap(struct folio *folio,
}
/*
- * helper for extent_writepage(), doing all of the delayed allocation setup.
+ * Do all of the delayed allocation setup.
*
- * This returns 1 if btrfs_run_delalloc_range function did all the work required
- * to write the page (copy into inline extent). In this case the IO has
- * been started and the page is already unlocked.
+ * Return >0 if all the dirty blocks are submitted async (compression) or inlined.
+ * The @folio should no longer be touched (treat it as already unlocked).
*
- * This returns 0 if all went well (page still locked)
- * This returns < 0 if there were errors (page still locked)
+ * Return 0 if there is still dirty block that needs to be submitted through
+ * extent_writepage_io().
+ * bio_ctrl->submit_bitmap will indicate which blocks of the folio should be
+ * submitted, and @folio is still kept locked.
+ *
+ * Return <0 if there is any error hit.
+ * Any allocated ordered extent range covering this folio will be marked
+ * finished (IOERR), and @folio is still kept locked.
*/
static noinline_for_stack int writepage_delalloc(struct btrfs_inode *inode,
struct folio *folio,
@@ -1159,6 +1164,16 @@ static noinline_for_stack int writepage_delalloc(struct btrfs_inode *inode,
* last delalloc end.
*/
u64 last_delalloc_end = 0;
+ /*
+ * The range end (exclusive) of the last successfully finished delalloc
+ * range.
+ * Any range covered by ordered extent must either be manually marked
+ * finished (error handling), or has IO submitted (and finish the
+ * ordered extent normally).
+ *
+ * This records the end of ordered extent cleanup if we hit an error.
+ */
+ u64 last_finished_delalloc_end = page_start;
u64 delalloc_start = page_start;
u64 delalloc_end = page_end;
u64 delalloc_to_write = 0;
@@ -1227,11 +1242,19 @@ static noinline_for_stack int writepage_delalloc(struct btrfs_inode *inode,
found_len = last_delalloc_end + 1 - found_start;
if (ret >= 0) {
+ /*
+ * Some delalloc range may be created by previous folios.
+ * Thus we still need to clean up this range during error
+ * handling.
+ */
+ last_finished_delalloc_end = found_start;
/* No errors hit so far, run the current delalloc range. */
ret = btrfs_run_delalloc_range(inode, folio,
found_start,
found_start + found_len - 1,
wbc);
+ if (ret >= 0)
+ last_finished_delalloc_end = found_start + found_len;
} else {
/*
* We've hit an error during previous delalloc range,
@@ -1266,8 +1289,22 @@ static noinline_for_stack int writepage_delalloc(struct btrfs_inode *inode,
delalloc_start = found_start + found_len;
}
- if (ret < 0)
+ /*
+ * It's possible we had some ordered extents created before we hit
+ * an error, cleanup non-async successfully created delalloc ranges.
+ */
+ if (unlikely(ret < 0)) {
+ unsigned int bitmap_size = min(
+ (last_finished_delalloc_end - page_start) >>
+ fs_info->sectorsize_bits,
+ fs_info->sectors_per_page);
+
+ for_each_set_bit(bit, &bio_ctrl->submit_bitmap, bitmap_size)
+ btrfs_mark_ordered_io_finished(inode, folio,
+ page_start + (bit << fs_info->sectorsize_bits),
+ fs_info->sectorsize, false);
return ret;
+ }
out:
if (last_delalloc_end)
delalloc_end = last_delalloc_end;
@@ -1501,13 +1538,13 @@ static int extent_writepage(struct folio *folio, struct btrfs_bio_ctrl *bio_ctrl
bio_ctrl->wbc->nr_to_write--;
-done:
- if (ret) {
+ if (ret)
btrfs_mark_ordered_io_finished(inode, folio,
page_start, PAGE_SIZE, !ret);
- mapping_set_error(folio->mapping, ret);
- }
+done:
+ if (ret < 0)
+ mapping_set_error(folio->mapping, ret);
/*
* Only unlock ranges that are submitted. As there can be some async
* submitted ranges inside the folio.
diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c
index 1546f341f9a4..b81afe757f64 100644
--- a/fs/btrfs/inode.c
+++ b/fs/btrfs/inode.c
@@ -2301,8 +2301,7 @@ int btrfs_run_delalloc_range(struct btrfs_inode *inode, struct folio *locked_fol
out:
if (ret < 0)
- btrfs_cleanup_ordered_extents(inode, locked_folio, start,
- end - start + 1);
+ btrfs_cleanup_ordered_extents(inode, NULL, start, end - start + 1);
return ret;
}
2 months, 3 weeks
- 1
- 0
FAILED: patch "[PATCH] btrfs: fix double accounting race when" failed to apply to 5.10-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 5.10-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y
git checkout FETCH_HEAD
git cherry-pick -x 72dad8e377afa50435940adfb697e070d3556670
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025020507-parole-precise-a4a5@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 72dad8e377afa50435940adfb697e070d3556670 Mon Sep 17 00:00:00 2001
From: Qu Wenruo <wqu(a)suse.com>
Date: Thu, 12 Dec 2024 16:43:55 +1030
Subject: [PATCH] btrfs: fix double accounting race when
btrfs_run_delalloc_range() failed
[BUG]
When running btrfs with block size (4K) smaller than page size (64K,
aarch64), there is a very high chance to crash the kernel at
generic/750, with the following messages:
(before the call traces, there are 3 extra debug messages added)
BTRFS warning (device dm-3): read-write for sector size 4096 with page size 65536 is experimental
BTRFS info (device dm-3): checking UUID tree
hrtimer: interrupt took 5451385 ns
BTRFS error (device dm-3): cow_file_range failed, root=4957 inode=257 start=1605632 len=69632: -28
BTRFS error (device dm-3): run_delalloc_nocow failed, root=4957 inode=257 start=1605632 len=69632: -28
BTRFS error (device dm-3): failed to run delalloc range, root=4957 ino=257 folio=1572864 submit_bitmap=8-15 start=1605632 len=69632: -28
------------[ cut here ]------------
WARNING: CPU: 2 PID: 3020984 at ordered-data.c:360 can_finish_ordered_extent+0x370/0x3b8 [btrfs]
CPU: 2 UID: 0 PID: 3020984 Comm: kworker/u24:1 Tainted: G OE 6.13.0-rc1-custom+ #89
Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE
Hardware name: QEMU KVM Virtual Machine, BIOS unknown 2/2/2022
Workqueue: events_unbound btrfs_async_reclaim_data_space [btrfs]
pc : can_finish_ordered_extent+0x370/0x3b8 [btrfs]
lr : can_finish_ordered_extent+0x1ec/0x3b8 [btrfs]
Call trace:
can_finish_ordered_extent+0x370/0x3b8 [btrfs] (P)
can_finish_ordered_extent+0x1ec/0x3b8 [btrfs] (L)
btrfs_mark_ordered_io_finished+0x130/0x2b8 [btrfs]
extent_writepage+0x10c/0x3b8 [btrfs]
extent_write_cache_pages+0x21c/0x4e8 [btrfs]
btrfs_writepages+0x94/0x160 [btrfs]
do_writepages+0x74/0x190
filemap_fdatawrite_wbc+0x74/0xa0
start_delalloc_inodes+0x17c/0x3b0 [btrfs]
btrfs_start_delalloc_roots+0x17c/0x288 [btrfs]
shrink_delalloc+0x11c/0x280 [btrfs]
flush_space+0x288/0x328 [btrfs]
btrfs_async_reclaim_data_space+0x180/0x228 [btrfs]
process_one_work+0x228/0x680
worker_thread+0x1bc/0x360
kthread+0x100/0x118
ret_from_fork+0x10/0x20
---[ end trace 0000000000000000 ]---
BTRFS critical (device dm-3): bad ordered extent accounting, root=4957 ino=257 OE offset=1605632 OE len=16384 to_dec=16384 left=0
BTRFS critical (device dm-3): bad ordered extent accounting, root=4957 ino=257 OE offset=1622016 OE len=12288 to_dec=12288 left=0
Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008
BTRFS critical (device dm-3): bad ordered extent accounting, root=4957 ino=257 OE offset=1634304 OE len=8192 to_dec=4096 left=0
CPU: 1 UID: 0 PID: 3286940 Comm: kworker/u24:3 Tainted: G W OE 6.13.0-rc1-custom+ #89
Hardware name: QEMU KVM Virtual Machine, BIOS unknown 2/2/2022
Workqueue: btrfs_work_helper [btrfs] (btrfs-endio-write)
pstate: 404000c5 (nZcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : process_one_work+0x110/0x680
lr : worker_thread+0x1bc/0x360
Call trace:
process_one_work+0x110/0x680 (P)
worker_thread+0x1bc/0x360 (L)
worker_thread+0x1bc/0x360
kthread+0x100/0x118
ret_from_fork+0x10/0x20
Code: f84086a1 f9000fe1 53041c21 b9003361 (f9400661)
---[ end trace 0000000000000000 ]---
Kernel panic - not syncing: Oops: Fatal exception
SMP: stopping secondary CPUs
SMP: failed to stop secondary CPUs 2-3
Dumping ftrace buffer:
(ftrace buffer empty)
Kernel Offset: 0x275bb9540000 from 0xffff800080000000
PHYS_OFFSET: 0xffff8fbba0000000
CPU features: 0x100,00000070,00801250,8201720b
[CAUSE]
The above warning is triggered immediately after the delalloc range
failure, this happens in the following sequence:
- Range [1568K, 1636K) is dirty
1536K 1568K 1600K 1636K 1664K
| |/////////|////////| |
Where 1536K, 1600K and 1664K are page boundaries (64K page size)
- Enter extent_writepage() for page 1536K
- Enter run_delalloc_nocow() with locked page 1536K and range
[1568K, 1636K)
This is due to the inode having preallocated extents.
- Enter cow_file_range() with locked page 1536K and range
[1568K, 1636K)
- btrfs_reserve_extent() only reserved two extents
The main loop of cow_file_range() only reserved two data extents,
Now we have:
1536K 1568K 1600K 1636K 1664K
| |<-->|<--->|/|///////| |
1584K 1596K
Range [1568K, 1596K) has an ordered extent reserved.
- btrfs_reserve_extent() failed inside cow_file_range() for file offset
1596K
This is already a bug in our space reservation code, but for now let's
focus on the error handling path.
Now cow_file_range() returned -ENOSPC.
- btrfs_run_delalloc_range() do error cleanup <<< ROOT CAUSE
Call btrfs_cleanup_ordered_extents() with locked folio 1536K and range
[1568K, 1636K)
Function btrfs_cleanup_ordered_extents() normally needs to skip the
ranges inside the folio, as it will normally be cleaned up by
extent_writepage().
Such split error handling is already problematic in the first place.
What's worse is the folio range skipping itself, which is not taking
subpage cases into consideration at all, it will only skip the range
if the page start >= the range start.
In our case, the page start < the range start, since for subpage cases
we can have delalloc ranges inside the folio but not covering the
folio.
So it doesn't skip the page range at all.
This means all the ordered extents, both [1568K, 1584K) and
[1584K, 1596K) will be marked as IOERR.
And these two ordered extents have no more pending ios, they are marked
finished, and *QUEUED* to be deleted from the io tree.
- extent_writepage() do error cleanup
Call btrfs_mark_ordered_io_finished() for the range [1536K, 1600K).
Although ranges [1568K, 1584K) and [1584K, 1596K) are finished, the
deletion from io tree is async, it may or may not happen at this
time.
If the ranges have not yet been removed, we will do double cleaning on
those ranges, triggering the above ordered extent warnings.
In theory there are other bugs, like the cleanup in extent_writepage()
can cause double accounting on ranges that are submitted asynchronously
(compression for example).
But that's much harder to trigger because normally we do not mix regular
and compression delalloc ranges.
[FIX]
The folio range split is already buggy and not subpage compatible, it
was introduced a long time ago where subpage support was not even considered.
So instead of splitting the ordered extents cleanup into the folio range
and out of folio range, do all the cleanup inside writepage_delalloc().
- Pass @NULL as locked_folio for btrfs_cleanup_ordered_extents() in
btrfs_run_delalloc_range()
- Skip the btrfs_cleanup_ordered_extents() if writepage_delalloc()
failed
So all ordered extents are only cleaned up by
btrfs_run_delalloc_range().
- Handle the ranges that already have ordered extents allocated
If part of the folio already has ordered extent allocated, and
btrfs_run_delalloc_range() failed, we also need to cleanup that range.
Now we have a concentrated error handling for ordered extents during
btrfs_run_delalloc_range().
Fixes: d1051d6ebf8e ("btrfs: Fix error handling in btrfs_cleanup_ordered_extents")
CC: stable(a)vger.kernel.org # 5.15+
Reviewed-by: Boris Burkov <boris(a)bur.io>
Signed-off-by: Qu Wenruo <wqu(a)suse.com>
Signed-off-by: David Sterba <dsterba(a)suse.com>
diff --git a/fs/btrfs/extent_io.c b/fs/btrfs/extent_io.c
index c068a442753c..bc2bd103c8cc 100644
--- a/fs/btrfs/extent_io.c
+++ b/fs/btrfs/extent_io.c
@@ -1134,14 +1134,19 @@ static bool find_next_delalloc_bitmap(struct folio *folio,
}
/*
- * helper for extent_writepage(), doing all of the delayed allocation setup.
+ * Do all of the delayed allocation setup.
*
- * This returns 1 if btrfs_run_delalloc_range function did all the work required
- * to write the page (copy into inline extent). In this case the IO has
- * been started and the page is already unlocked.
+ * Return >0 if all the dirty blocks are submitted async (compression) or inlined.
+ * The @folio should no longer be touched (treat it as already unlocked).
*
- * This returns 0 if all went well (page still locked)
- * This returns < 0 if there were errors (page still locked)
+ * Return 0 if there is still dirty block that needs to be submitted through
+ * extent_writepage_io().
+ * bio_ctrl->submit_bitmap will indicate which blocks of the folio should be
+ * submitted, and @folio is still kept locked.
+ *
+ * Return <0 if there is any error hit.
+ * Any allocated ordered extent range covering this folio will be marked
+ * finished (IOERR), and @folio is still kept locked.
*/
static noinline_for_stack int writepage_delalloc(struct btrfs_inode *inode,
struct folio *folio,
@@ -1159,6 +1164,16 @@ static noinline_for_stack int writepage_delalloc(struct btrfs_inode *inode,
* last delalloc end.
*/
u64 last_delalloc_end = 0;
+ /*
+ * The range end (exclusive) of the last successfully finished delalloc
+ * range.
+ * Any range covered by ordered extent must either be manually marked
+ * finished (error handling), or has IO submitted (and finish the
+ * ordered extent normally).
+ *
+ * This records the end of ordered extent cleanup if we hit an error.
+ */
+ u64 last_finished_delalloc_end = page_start;
u64 delalloc_start = page_start;
u64 delalloc_end = page_end;
u64 delalloc_to_write = 0;
@@ -1227,11 +1242,19 @@ static noinline_for_stack int writepage_delalloc(struct btrfs_inode *inode,
found_len = last_delalloc_end + 1 - found_start;
if (ret >= 0) {
+ /*
+ * Some delalloc range may be created by previous folios.
+ * Thus we still need to clean up this range during error
+ * handling.
+ */
+ last_finished_delalloc_end = found_start;
/* No errors hit so far, run the current delalloc range. */
ret = btrfs_run_delalloc_range(inode, folio,
found_start,
found_start + found_len - 1,
wbc);
+ if (ret >= 0)
+ last_finished_delalloc_end = found_start + found_len;
} else {
/*
* We've hit an error during previous delalloc range,
@@ -1266,8 +1289,22 @@ static noinline_for_stack int writepage_delalloc(struct btrfs_inode *inode,
delalloc_start = found_start + found_len;
}
- if (ret < 0)
+ /*
+ * It's possible we had some ordered extents created before we hit
+ * an error, cleanup non-async successfully created delalloc ranges.
+ */
+ if (unlikely(ret < 0)) {
+ unsigned int bitmap_size = min(
+ (last_finished_delalloc_end - page_start) >>
+ fs_info->sectorsize_bits,
+ fs_info->sectors_per_page);
+
+ for_each_set_bit(bit, &bio_ctrl->submit_bitmap, bitmap_size)
+ btrfs_mark_ordered_io_finished(inode, folio,
+ page_start + (bit << fs_info->sectorsize_bits),
+ fs_info->sectorsize, false);
return ret;
+ }
out:
if (last_delalloc_end)
delalloc_end = last_delalloc_end;
@@ -1501,13 +1538,13 @@ static int extent_writepage(struct folio *folio, struct btrfs_bio_ctrl *bio_ctrl
bio_ctrl->wbc->nr_to_write--;
-done:
- if (ret) {
+ if (ret)
btrfs_mark_ordered_io_finished(inode, folio,
page_start, PAGE_SIZE, !ret);
- mapping_set_error(folio->mapping, ret);
- }
+done:
+ if (ret < 0)
+ mapping_set_error(folio->mapping, ret);
/*
* Only unlock ranges that are submitted. As there can be some async
* submitted ranges inside the folio.
diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c
index 1546f341f9a4..b81afe757f64 100644
--- a/fs/btrfs/inode.c
+++ b/fs/btrfs/inode.c
@@ -2301,8 +2301,7 @@ int btrfs_run_delalloc_range(struct btrfs_inode *inode, struct folio *locked_fol
out:
if (ret < 0)
- btrfs_cleanup_ordered_extents(inode, locked_folio, start,
- end - start + 1);
+ btrfs_cleanup_ordered_extents(inode, NULL, start, end - start + 1);
return ret;
}
2 months, 3 weeks
- 1
- 0
FAILED: patch "[PATCH] btrfs: fix double accounting race when" failed to apply to 5.15-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 5.15-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y
git checkout FETCH_HEAD
git cherry-pick -x 72dad8e377afa50435940adfb697e070d3556670
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025020557-faucet-engross-c54a@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 72dad8e377afa50435940adfb697e070d3556670 Mon Sep 17 00:00:00 2001
From: Qu Wenruo <wqu(a)suse.com>
Date: Thu, 12 Dec 2024 16:43:55 +1030
Subject: [PATCH] btrfs: fix double accounting race when
btrfs_run_delalloc_range() failed
[BUG]
When running btrfs with block size (4K) smaller than page size (64K,
aarch64), there is a very high chance to crash the kernel at
generic/750, with the following messages:
(before the call traces, there are 3 extra debug messages added)
BTRFS warning (device dm-3): read-write for sector size 4096 with page size 65536 is experimental
BTRFS info (device dm-3): checking UUID tree
hrtimer: interrupt took 5451385 ns
BTRFS error (device dm-3): cow_file_range failed, root=4957 inode=257 start=1605632 len=69632: -28
BTRFS error (device dm-3): run_delalloc_nocow failed, root=4957 inode=257 start=1605632 len=69632: -28
BTRFS error (device dm-3): failed to run delalloc range, root=4957 ino=257 folio=1572864 submit_bitmap=8-15 start=1605632 len=69632: -28
------------[ cut here ]------------
WARNING: CPU: 2 PID: 3020984 at ordered-data.c:360 can_finish_ordered_extent+0x370/0x3b8 [btrfs]
CPU: 2 UID: 0 PID: 3020984 Comm: kworker/u24:1 Tainted: G OE 6.13.0-rc1-custom+ #89
Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE
Hardware name: QEMU KVM Virtual Machine, BIOS unknown 2/2/2022
Workqueue: events_unbound btrfs_async_reclaim_data_space [btrfs]
pc : can_finish_ordered_extent+0x370/0x3b8 [btrfs]
lr : can_finish_ordered_extent+0x1ec/0x3b8 [btrfs]
Call trace:
can_finish_ordered_extent+0x370/0x3b8 [btrfs] (P)
can_finish_ordered_extent+0x1ec/0x3b8 [btrfs] (L)
btrfs_mark_ordered_io_finished+0x130/0x2b8 [btrfs]
extent_writepage+0x10c/0x3b8 [btrfs]
extent_write_cache_pages+0x21c/0x4e8 [btrfs]
btrfs_writepages+0x94/0x160 [btrfs]
do_writepages+0x74/0x190
filemap_fdatawrite_wbc+0x74/0xa0
start_delalloc_inodes+0x17c/0x3b0 [btrfs]
btrfs_start_delalloc_roots+0x17c/0x288 [btrfs]
shrink_delalloc+0x11c/0x280 [btrfs]
flush_space+0x288/0x328 [btrfs]
btrfs_async_reclaim_data_space+0x180/0x228 [btrfs]
process_one_work+0x228/0x680
worker_thread+0x1bc/0x360
kthread+0x100/0x118
ret_from_fork+0x10/0x20
---[ end trace 0000000000000000 ]---
BTRFS critical (device dm-3): bad ordered extent accounting, root=4957 ino=257 OE offset=1605632 OE len=16384 to_dec=16384 left=0
BTRFS critical (device dm-3): bad ordered extent accounting, root=4957 ino=257 OE offset=1622016 OE len=12288 to_dec=12288 left=0
Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008
BTRFS critical (device dm-3): bad ordered extent accounting, root=4957 ino=257 OE offset=1634304 OE len=8192 to_dec=4096 left=0
CPU: 1 UID: 0 PID: 3286940 Comm: kworker/u24:3 Tainted: G W OE 6.13.0-rc1-custom+ #89
Hardware name: QEMU KVM Virtual Machine, BIOS unknown 2/2/2022
Workqueue: btrfs_work_helper [btrfs] (btrfs-endio-write)
pstate: 404000c5 (nZcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : process_one_work+0x110/0x680
lr : worker_thread+0x1bc/0x360
Call trace:
process_one_work+0x110/0x680 (P)
worker_thread+0x1bc/0x360 (L)
worker_thread+0x1bc/0x360
kthread+0x100/0x118
ret_from_fork+0x10/0x20
Code: f84086a1 f9000fe1 53041c21 b9003361 (f9400661)
---[ end trace 0000000000000000 ]---
Kernel panic - not syncing: Oops: Fatal exception
SMP: stopping secondary CPUs
SMP: failed to stop secondary CPUs 2-3
Dumping ftrace buffer:
(ftrace buffer empty)
Kernel Offset: 0x275bb9540000 from 0xffff800080000000
PHYS_OFFSET: 0xffff8fbba0000000
CPU features: 0x100,00000070,00801250,8201720b
[CAUSE]
The above warning is triggered immediately after the delalloc range
failure, this happens in the following sequence:
- Range [1568K, 1636K) is dirty
1536K 1568K 1600K 1636K 1664K
| |/////////|////////| |
Where 1536K, 1600K and 1664K are page boundaries (64K page size)
- Enter extent_writepage() for page 1536K
- Enter run_delalloc_nocow() with locked page 1536K and range
[1568K, 1636K)
This is due to the inode having preallocated extents.
- Enter cow_file_range() with locked page 1536K and range
[1568K, 1636K)
- btrfs_reserve_extent() only reserved two extents
The main loop of cow_file_range() only reserved two data extents,
Now we have:
1536K 1568K 1600K 1636K 1664K
| |<-->|<--->|/|///////| |
1584K 1596K
Range [1568K, 1596K) has an ordered extent reserved.
- btrfs_reserve_extent() failed inside cow_file_range() for file offset
1596K
This is already a bug in our space reservation code, but for now let's
focus on the error handling path.
Now cow_file_range() returned -ENOSPC.
- btrfs_run_delalloc_range() do error cleanup <<< ROOT CAUSE
Call btrfs_cleanup_ordered_extents() with locked folio 1536K and range
[1568K, 1636K)
Function btrfs_cleanup_ordered_extents() normally needs to skip the
ranges inside the folio, as it will normally be cleaned up by
extent_writepage().
Such split error handling is already problematic in the first place.
What's worse is the folio range skipping itself, which is not taking
subpage cases into consideration at all, it will only skip the range
if the page start >= the range start.
In our case, the page start < the range start, since for subpage cases
we can have delalloc ranges inside the folio but not covering the
folio.
So it doesn't skip the page range at all.
This means all the ordered extents, both [1568K, 1584K) and
[1584K, 1596K) will be marked as IOERR.
And these two ordered extents have no more pending ios, they are marked
finished, and *QUEUED* to be deleted from the io tree.
- extent_writepage() do error cleanup
Call btrfs_mark_ordered_io_finished() for the range [1536K, 1600K).
Although ranges [1568K, 1584K) and [1584K, 1596K) are finished, the
deletion from io tree is async, it may or may not happen at this
time.
If the ranges have not yet been removed, we will do double cleaning on
those ranges, triggering the above ordered extent warnings.
In theory there are other bugs, like the cleanup in extent_writepage()
can cause double accounting on ranges that are submitted asynchronously
(compression for example).
But that's much harder to trigger because normally we do not mix regular
and compression delalloc ranges.
[FIX]
The folio range split is already buggy and not subpage compatible, it
was introduced a long time ago where subpage support was not even considered.
So instead of splitting the ordered extents cleanup into the folio range
and out of folio range, do all the cleanup inside writepage_delalloc().
- Pass @NULL as locked_folio for btrfs_cleanup_ordered_extents() in
btrfs_run_delalloc_range()
- Skip the btrfs_cleanup_ordered_extents() if writepage_delalloc()
failed
So all ordered extents are only cleaned up by
btrfs_run_delalloc_range().
- Handle the ranges that already have ordered extents allocated
If part of the folio already has ordered extent allocated, and
btrfs_run_delalloc_range() failed, we also need to cleanup that range.
Now we have a concentrated error handling for ordered extents during
btrfs_run_delalloc_range().
Fixes: d1051d6ebf8e ("btrfs: Fix error handling in btrfs_cleanup_ordered_extents")
CC: stable(a)vger.kernel.org # 5.15+
Reviewed-by: Boris Burkov <boris(a)bur.io>
Signed-off-by: Qu Wenruo <wqu(a)suse.com>
Signed-off-by: David Sterba <dsterba(a)suse.com>
diff --git a/fs/btrfs/extent_io.c b/fs/btrfs/extent_io.c
index c068a442753c..bc2bd103c8cc 100644
--- a/fs/btrfs/extent_io.c
+++ b/fs/btrfs/extent_io.c
@@ -1134,14 +1134,19 @@ static bool find_next_delalloc_bitmap(struct folio *folio,
}
/*
- * helper for extent_writepage(), doing all of the delayed allocation setup.
+ * Do all of the delayed allocation setup.
*
- * This returns 1 if btrfs_run_delalloc_range function did all the work required
- * to write the page (copy into inline extent). In this case the IO has
- * been started and the page is already unlocked.
+ * Return >0 if all the dirty blocks are submitted async (compression) or inlined.
+ * The @folio should no longer be touched (treat it as already unlocked).
*
- * This returns 0 if all went well (page still locked)
- * This returns < 0 if there were errors (page still locked)
+ * Return 0 if there is still dirty block that needs to be submitted through
+ * extent_writepage_io().
+ * bio_ctrl->submit_bitmap will indicate which blocks of the folio should be
+ * submitted, and @folio is still kept locked.
+ *
+ * Return <0 if there is any error hit.
+ * Any allocated ordered extent range covering this folio will be marked
+ * finished (IOERR), and @folio is still kept locked.
*/
static noinline_for_stack int writepage_delalloc(struct btrfs_inode *inode,
struct folio *folio,
@@ -1159,6 +1164,16 @@ static noinline_for_stack int writepage_delalloc(struct btrfs_inode *inode,
* last delalloc end.
*/
u64 last_delalloc_end = 0;
+ /*
+ * The range end (exclusive) of the last successfully finished delalloc
+ * range.
+ * Any range covered by ordered extent must either be manually marked
+ * finished (error handling), or has IO submitted (and finish the
+ * ordered extent normally).
+ *
+ * This records the end of ordered extent cleanup if we hit an error.
+ */
+ u64 last_finished_delalloc_end = page_start;
u64 delalloc_start = page_start;
u64 delalloc_end = page_end;
u64 delalloc_to_write = 0;
@@ -1227,11 +1242,19 @@ static noinline_for_stack int writepage_delalloc(struct btrfs_inode *inode,
found_len = last_delalloc_end + 1 - found_start;
if (ret >= 0) {
+ /*
+ * Some delalloc range may be created by previous folios.
+ * Thus we still need to clean up this range during error
+ * handling.
+ */
+ last_finished_delalloc_end = found_start;
/* No errors hit so far, run the current delalloc range. */
ret = btrfs_run_delalloc_range(inode, folio,
found_start,
found_start + found_len - 1,
wbc);
+ if (ret >= 0)
+ last_finished_delalloc_end = found_start + found_len;
} else {
/*
* We've hit an error during previous delalloc range,
@@ -1266,8 +1289,22 @@ static noinline_for_stack int writepage_delalloc(struct btrfs_inode *inode,
delalloc_start = found_start + found_len;
}
- if (ret < 0)
+ /*
+ * It's possible we had some ordered extents created before we hit
+ * an error, cleanup non-async successfully created delalloc ranges.
+ */
+ if (unlikely(ret < 0)) {
+ unsigned int bitmap_size = min(
+ (last_finished_delalloc_end - page_start) >>
+ fs_info->sectorsize_bits,
+ fs_info->sectors_per_page);
+
+ for_each_set_bit(bit, &bio_ctrl->submit_bitmap, bitmap_size)
+ btrfs_mark_ordered_io_finished(inode, folio,
+ page_start + (bit << fs_info->sectorsize_bits),
+ fs_info->sectorsize, false);
return ret;
+ }
out:
if (last_delalloc_end)
delalloc_end = last_delalloc_end;
@@ -1501,13 +1538,13 @@ static int extent_writepage(struct folio *folio, struct btrfs_bio_ctrl *bio_ctrl
bio_ctrl->wbc->nr_to_write--;
-done:
- if (ret) {
+ if (ret)
btrfs_mark_ordered_io_finished(inode, folio,
page_start, PAGE_SIZE, !ret);
- mapping_set_error(folio->mapping, ret);
- }
+done:
+ if (ret < 0)
+ mapping_set_error(folio->mapping, ret);
/*
* Only unlock ranges that are submitted. As there can be some async
* submitted ranges inside the folio.
diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c
index 1546f341f9a4..b81afe757f64 100644
--- a/fs/btrfs/inode.c
+++ b/fs/btrfs/inode.c
@@ -2301,8 +2301,7 @@ int btrfs_run_delalloc_range(struct btrfs_inode *inode, struct folio *locked_fol
out:
if (ret < 0)
- btrfs_cleanup_ordered_extents(inode, locked_folio, start,
- end - start + 1);
+ btrfs_cleanup_ordered_extents(inode, NULL, start, end - start + 1);
return ret;
}
2 months, 3 weeks
- 1
- 0
FAILED: patch "[PATCH] btrfs: fix double accounting race when" failed to apply to 6.1-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.1-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y
git checkout FETCH_HEAD
git cherry-pick -x 72dad8e377afa50435940adfb697e070d3556670
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025020552-lark-replica-ce84@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 72dad8e377afa50435940adfb697e070d3556670 Mon Sep 17 00:00:00 2001
From: Qu Wenruo <wqu(a)suse.com>
Date: Thu, 12 Dec 2024 16:43:55 +1030
Subject: [PATCH] btrfs: fix double accounting race when
btrfs_run_delalloc_range() failed
[BUG]
When running btrfs with block size (4K) smaller than page size (64K,
aarch64), there is a very high chance to crash the kernel at
generic/750, with the following messages:
(before the call traces, there are 3 extra debug messages added)
BTRFS warning (device dm-3): read-write for sector size 4096 with page size 65536 is experimental
BTRFS info (device dm-3): checking UUID tree
hrtimer: interrupt took 5451385 ns
BTRFS error (device dm-3): cow_file_range failed, root=4957 inode=257 start=1605632 len=69632: -28
BTRFS error (device dm-3): run_delalloc_nocow failed, root=4957 inode=257 start=1605632 len=69632: -28
BTRFS error (device dm-3): failed to run delalloc range, root=4957 ino=257 folio=1572864 submit_bitmap=8-15 start=1605632 len=69632: -28
------------[ cut here ]------------
WARNING: CPU: 2 PID: 3020984 at ordered-data.c:360 can_finish_ordered_extent+0x370/0x3b8 [btrfs]
CPU: 2 UID: 0 PID: 3020984 Comm: kworker/u24:1 Tainted: G OE 6.13.0-rc1-custom+ #89
Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE
Hardware name: QEMU KVM Virtual Machine, BIOS unknown 2/2/2022
Workqueue: events_unbound btrfs_async_reclaim_data_space [btrfs]
pc : can_finish_ordered_extent+0x370/0x3b8 [btrfs]
lr : can_finish_ordered_extent+0x1ec/0x3b8 [btrfs]
Call trace:
can_finish_ordered_extent+0x370/0x3b8 [btrfs] (P)
can_finish_ordered_extent+0x1ec/0x3b8 [btrfs] (L)
btrfs_mark_ordered_io_finished+0x130/0x2b8 [btrfs]
extent_writepage+0x10c/0x3b8 [btrfs]
extent_write_cache_pages+0x21c/0x4e8 [btrfs]
btrfs_writepages+0x94/0x160 [btrfs]
do_writepages+0x74/0x190
filemap_fdatawrite_wbc+0x74/0xa0
start_delalloc_inodes+0x17c/0x3b0 [btrfs]
btrfs_start_delalloc_roots+0x17c/0x288 [btrfs]
shrink_delalloc+0x11c/0x280 [btrfs]
flush_space+0x288/0x328 [btrfs]
btrfs_async_reclaim_data_space+0x180/0x228 [btrfs]
process_one_work+0x228/0x680
worker_thread+0x1bc/0x360
kthread+0x100/0x118
ret_from_fork+0x10/0x20
---[ end trace 0000000000000000 ]---
BTRFS critical (device dm-3): bad ordered extent accounting, root=4957 ino=257 OE offset=1605632 OE len=16384 to_dec=16384 left=0
BTRFS critical (device dm-3): bad ordered extent accounting, root=4957 ino=257 OE offset=1622016 OE len=12288 to_dec=12288 left=0
Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008
BTRFS critical (device dm-3): bad ordered extent accounting, root=4957 ino=257 OE offset=1634304 OE len=8192 to_dec=4096 left=0
CPU: 1 UID: 0 PID: 3286940 Comm: kworker/u24:3 Tainted: G W OE 6.13.0-rc1-custom+ #89
Hardware name: QEMU KVM Virtual Machine, BIOS unknown 2/2/2022
Workqueue: btrfs_work_helper [btrfs] (btrfs-endio-write)
pstate: 404000c5 (nZcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : process_one_work+0x110/0x680
lr : worker_thread+0x1bc/0x360
Call trace:
process_one_work+0x110/0x680 (P)
worker_thread+0x1bc/0x360 (L)
worker_thread+0x1bc/0x360
kthread+0x100/0x118
ret_from_fork+0x10/0x20
Code: f84086a1 f9000fe1 53041c21 b9003361 (f9400661)
---[ end trace 0000000000000000 ]---
Kernel panic - not syncing: Oops: Fatal exception
SMP: stopping secondary CPUs
SMP: failed to stop secondary CPUs 2-3
Dumping ftrace buffer:
(ftrace buffer empty)
Kernel Offset: 0x275bb9540000 from 0xffff800080000000
PHYS_OFFSET: 0xffff8fbba0000000
CPU features: 0x100,00000070,00801250,8201720b
[CAUSE]
The above warning is triggered immediately after the delalloc range
failure, this happens in the following sequence:
- Range [1568K, 1636K) is dirty
1536K 1568K 1600K 1636K 1664K
| |/////////|////////| |
Where 1536K, 1600K and 1664K are page boundaries (64K page size)
- Enter extent_writepage() for page 1536K
- Enter run_delalloc_nocow() with locked page 1536K and range
[1568K, 1636K)
This is due to the inode having preallocated extents.
- Enter cow_file_range() with locked page 1536K and range
[1568K, 1636K)
- btrfs_reserve_extent() only reserved two extents
The main loop of cow_file_range() only reserved two data extents,
Now we have:
1536K 1568K 1600K 1636K 1664K
| |<-->|<--->|/|///////| |
1584K 1596K
Range [1568K, 1596K) has an ordered extent reserved.
- btrfs_reserve_extent() failed inside cow_file_range() for file offset
1596K
This is already a bug in our space reservation code, but for now let's
focus on the error handling path.
Now cow_file_range() returned -ENOSPC.
- btrfs_run_delalloc_range() do error cleanup <<< ROOT CAUSE
Call btrfs_cleanup_ordered_extents() with locked folio 1536K and range
[1568K, 1636K)
Function btrfs_cleanup_ordered_extents() normally needs to skip the
ranges inside the folio, as it will normally be cleaned up by
extent_writepage().
Such split error handling is already problematic in the first place.
What's worse is the folio range skipping itself, which is not taking
subpage cases into consideration at all, it will only skip the range
if the page start >= the range start.
In our case, the page start < the range start, since for subpage cases
we can have delalloc ranges inside the folio but not covering the
folio.
So it doesn't skip the page range at all.
This means all the ordered extents, both [1568K, 1584K) and
[1584K, 1596K) will be marked as IOERR.
And these two ordered extents have no more pending ios, they are marked
finished, and *QUEUED* to be deleted from the io tree.
- extent_writepage() do error cleanup
Call btrfs_mark_ordered_io_finished() for the range [1536K, 1600K).
Although ranges [1568K, 1584K) and [1584K, 1596K) are finished, the
deletion from io tree is async, it may or may not happen at this
time.
If the ranges have not yet been removed, we will do double cleaning on
those ranges, triggering the above ordered extent warnings.
In theory there are other bugs, like the cleanup in extent_writepage()
can cause double accounting on ranges that are submitted asynchronously
(compression for example).
But that's much harder to trigger because normally we do not mix regular
and compression delalloc ranges.
[FIX]
The folio range split is already buggy and not subpage compatible, it
was introduced a long time ago where subpage support was not even considered.
So instead of splitting the ordered extents cleanup into the folio range
and out of folio range, do all the cleanup inside writepage_delalloc().
- Pass @NULL as locked_folio for btrfs_cleanup_ordered_extents() in
btrfs_run_delalloc_range()
- Skip the btrfs_cleanup_ordered_extents() if writepage_delalloc()
failed
So all ordered extents are only cleaned up by
btrfs_run_delalloc_range().
- Handle the ranges that already have ordered extents allocated
If part of the folio already has ordered extent allocated, and
btrfs_run_delalloc_range() failed, we also need to cleanup that range.
Now we have a concentrated error handling for ordered extents during
btrfs_run_delalloc_range().
Fixes: d1051d6ebf8e ("btrfs: Fix error handling in btrfs_cleanup_ordered_extents")
CC: stable(a)vger.kernel.org # 5.15+
Reviewed-by: Boris Burkov <boris(a)bur.io>
Signed-off-by: Qu Wenruo <wqu(a)suse.com>
Signed-off-by: David Sterba <dsterba(a)suse.com>
diff --git a/fs/btrfs/extent_io.c b/fs/btrfs/extent_io.c
index c068a442753c..bc2bd103c8cc 100644
--- a/fs/btrfs/extent_io.c
+++ b/fs/btrfs/extent_io.c
@@ -1134,14 +1134,19 @@ static bool find_next_delalloc_bitmap(struct folio *folio,
}
/*
- * helper for extent_writepage(), doing all of the delayed allocation setup.
+ * Do all of the delayed allocation setup.
*
- * This returns 1 if btrfs_run_delalloc_range function did all the work required
- * to write the page (copy into inline extent). In this case the IO has
- * been started and the page is already unlocked.
+ * Return >0 if all the dirty blocks are submitted async (compression) or inlined.
+ * The @folio should no longer be touched (treat it as already unlocked).
*
- * This returns 0 if all went well (page still locked)
- * This returns < 0 if there were errors (page still locked)
+ * Return 0 if there is still dirty block that needs to be submitted through
+ * extent_writepage_io().
+ * bio_ctrl->submit_bitmap will indicate which blocks of the folio should be
+ * submitted, and @folio is still kept locked.
+ *
+ * Return <0 if there is any error hit.
+ * Any allocated ordered extent range covering this folio will be marked
+ * finished (IOERR), and @folio is still kept locked.
*/
static noinline_for_stack int writepage_delalloc(struct btrfs_inode *inode,
struct folio *folio,
@@ -1159,6 +1164,16 @@ static noinline_for_stack int writepage_delalloc(struct btrfs_inode *inode,
* last delalloc end.
*/
u64 last_delalloc_end = 0;
+ /*
+ * The range end (exclusive) of the last successfully finished delalloc
+ * range.
+ * Any range covered by ordered extent must either be manually marked
+ * finished (error handling), or has IO submitted (and finish the
+ * ordered extent normally).
+ *
+ * This records the end of ordered extent cleanup if we hit an error.
+ */
+ u64 last_finished_delalloc_end = page_start;
u64 delalloc_start = page_start;
u64 delalloc_end = page_end;
u64 delalloc_to_write = 0;
@@ -1227,11 +1242,19 @@ static noinline_for_stack int writepage_delalloc(struct btrfs_inode *inode,
found_len = last_delalloc_end + 1 - found_start;
if (ret >= 0) {
+ /*
+ * Some delalloc range may be created by previous folios.
+ * Thus we still need to clean up this range during error
+ * handling.
+ */
+ last_finished_delalloc_end = found_start;
/* No errors hit so far, run the current delalloc range. */
ret = btrfs_run_delalloc_range(inode, folio,
found_start,
found_start + found_len - 1,
wbc);
+ if (ret >= 0)
+ last_finished_delalloc_end = found_start + found_len;
} else {
/*
* We've hit an error during previous delalloc range,
@@ -1266,8 +1289,22 @@ static noinline_for_stack int writepage_delalloc(struct btrfs_inode *inode,
delalloc_start = found_start + found_len;
}
- if (ret < 0)
+ /*
+ * It's possible we had some ordered extents created before we hit
+ * an error, cleanup non-async successfully created delalloc ranges.
+ */
+ if (unlikely(ret < 0)) {
+ unsigned int bitmap_size = min(
+ (last_finished_delalloc_end - page_start) >>
+ fs_info->sectorsize_bits,
+ fs_info->sectors_per_page);
+
+ for_each_set_bit(bit, &bio_ctrl->submit_bitmap, bitmap_size)
+ btrfs_mark_ordered_io_finished(inode, folio,
+ page_start + (bit << fs_info->sectorsize_bits),
+ fs_info->sectorsize, false);
return ret;
+ }
out:
if (last_delalloc_end)
delalloc_end = last_delalloc_end;
@@ -1501,13 +1538,13 @@ static int extent_writepage(struct folio *folio, struct btrfs_bio_ctrl *bio_ctrl
bio_ctrl->wbc->nr_to_write--;
-done:
- if (ret) {
+ if (ret)
btrfs_mark_ordered_io_finished(inode, folio,
page_start, PAGE_SIZE, !ret);
- mapping_set_error(folio->mapping, ret);
- }
+done:
+ if (ret < 0)
+ mapping_set_error(folio->mapping, ret);
/*
* Only unlock ranges that are submitted. As there can be some async
* submitted ranges inside the folio.
diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c
index 1546f341f9a4..b81afe757f64 100644
--- a/fs/btrfs/inode.c
+++ b/fs/btrfs/inode.c
@@ -2301,8 +2301,7 @@ int btrfs_run_delalloc_range(struct btrfs_inode *inode, struct folio *locked_fol
out:
if (ret < 0)
- btrfs_cleanup_ordered_extents(inode, locked_folio, start,
- end - start + 1);
+ btrfs_cleanup_ordered_extents(inode, NULL, start, end - start + 1);
return ret;
}
2 months, 3 weeks
- 1
- 0
FAILED: patch "[PATCH] btrfs: fix double accounting race when" failed to apply to 6.6-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.6-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y
git checkout FETCH_HEAD
git cherry-pick -x 72dad8e377afa50435940adfb697e070d3556670
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025020549-blast-sports-fb0a@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 72dad8e377afa50435940adfb697e070d3556670 Mon Sep 17 00:00:00 2001
From: Qu Wenruo <wqu(a)suse.com>
Date: Thu, 12 Dec 2024 16:43:55 +1030
Subject: [PATCH] btrfs: fix double accounting race when
btrfs_run_delalloc_range() failed
[BUG]
When running btrfs with block size (4K) smaller than page size (64K,
aarch64), there is a very high chance to crash the kernel at
generic/750, with the following messages:
(before the call traces, there are 3 extra debug messages added)
BTRFS warning (device dm-3): read-write for sector size 4096 with page size 65536 is experimental
BTRFS info (device dm-3): checking UUID tree
hrtimer: interrupt took 5451385 ns
BTRFS error (device dm-3): cow_file_range failed, root=4957 inode=257 start=1605632 len=69632: -28
BTRFS error (device dm-3): run_delalloc_nocow failed, root=4957 inode=257 start=1605632 len=69632: -28
BTRFS error (device dm-3): failed to run delalloc range, root=4957 ino=257 folio=1572864 submit_bitmap=8-15 start=1605632 len=69632: -28
------------[ cut here ]------------
WARNING: CPU: 2 PID: 3020984 at ordered-data.c:360 can_finish_ordered_extent+0x370/0x3b8 [btrfs]
CPU: 2 UID: 0 PID: 3020984 Comm: kworker/u24:1 Tainted: G OE 6.13.0-rc1-custom+ #89
Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE
Hardware name: QEMU KVM Virtual Machine, BIOS unknown 2/2/2022
Workqueue: events_unbound btrfs_async_reclaim_data_space [btrfs]
pc : can_finish_ordered_extent+0x370/0x3b8 [btrfs]
lr : can_finish_ordered_extent+0x1ec/0x3b8 [btrfs]
Call trace:
can_finish_ordered_extent+0x370/0x3b8 [btrfs] (P)
can_finish_ordered_extent+0x1ec/0x3b8 [btrfs] (L)
btrfs_mark_ordered_io_finished+0x130/0x2b8 [btrfs]
extent_writepage+0x10c/0x3b8 [btrfs]
extent_write_cache_pages+0x21c/0x4e8 [btrfs]
btrfs_writepages+0x94/0x160 [btrfs]
do_writepages+0x74/0x190
filemap_fdatawrite_wbc+0x74/0xa0
start_delalloc_inodes+0x17c/0x3b0 [btrfs]
btrfs_start_delalloc_roots+0x17c/0x288 [btrfs]
shrink_delalloc+0x11c/0x280 [btrfs]
flush_space+0x288/0x328 [btrfs]
btrfs_async_reclaim_data_space+0x180/0x228 [btrfs]
process_one_work+0x228/0x680
worker_thread+0x1bc/0x360
kthread+0x100/0x118
ret_from_fork+0x10/0x20
---[ end trace 0000000000000000 ]---
BTRFS critical (device dm-3): bad ordered extent accounting, root=4957 ino=257 OE offset=1605632 OE len=16384 to_dec=16384 left=0
BTRFS critical (device dm-3): bad ordered extent accounting, root=4957 ino=257 OE offset=1622016 OE len=12288 to_dec=12288 left=0
Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008
BTRFS critical (device dm-3): bad ordered extent accounting, root=4957 ino=257 OE offset=1634304 OE len=8192 to_dec=4096 left=0
CPU: 1 UID: 0 PID: 3286940 Comm: kworker/u24:3 Tainted: G W OE 6.13.0-rc1-custom+ #89
Hardware name: QEMU KVM Virtual Machine, BIOS unknown 2/2/2022
Workqueue: btrfs_work_helper [btrfs] (btrfs-endio-write)
pstate: 404000c5 (nZcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : process_one_work+0x110/0x680
lr : worker_thread+0x1bc/0x360
Call trace:
process_one_work+0x110/0x680 (P)
worker_thread+0x1bc/0x360 (L)
worker_thread+0x1bc/0x360
kthread+0x100/0x118
ret_from_fork+0x10/0x20
Code: f84086a1 f9000fe1 53041c21 b9003361 (f9400661)
---[ end trace 0000000000000000 ]---
Kernel panic - not syncing: Oops: Fatal exception
SMP: stopping secondary CPUs
SMP: failed to stop secondary CPUs 2-3
Dumping ftrace buffer:
(ftrace buffer empty)
Kernel Offset: 0x275bb9540000 from 0xffff800080000000
PHYS_OFFSET: 0xffff8fbba0000000
CPU features: 0x100,00000070,00801250,8201720b
[CAUSE]
The above warning is triggered immediately after the delalloc range
failure, this happens in the following sequence:
- Range [1568K, 1636K) is dirty
1536K 1568K 1600K 1636K 1664K
| |/////////|////////| |
Where 1536K, 1600K and 1664K are page boundaries (64K page size)
- Enter extent_writepage() for page 1536K
- Enter run_delalloc_nocow() with locked page 1536K and range
[1568K, 1636K)
This is due to the inode having preallocated extents.
- Enter cow_file_range() with locked page 1536K and range
[1568K, 1636K)
- btrfs_reserve_extent() only reserved two extents
The main loop of cow_file_range() only reserved two data extents,
Now we have:
1536K 1568K 1600K 1636K 1664K
| |<-->|<--->|/|///////| |
1584K 1596K
Range [1568K, 1596K) has an ordered extent reserved.
- btrfs_reserve_extent() failed inside cow_file_range() for file offset
1596K
This is already a bug in our space reservation code, but for now let's
focus on the error handling path.
Now cow_file_range() returned -ENOSPC.
- btrfs_run_delalloc_range() do error cleanup <<< ROOT CAUSE
Call btrfs_cleanup_ordered_extents() with locked folio 1536K and range
[1568K, 1636K)
Function btrfs_cleanup_ordered_extents() normally needs to skip the
ranges inside the folio, as it will normally be cleaned up by
extent_writepage().
Such split error handling is already problematic in the first place.
What's worse is the folio range skipping itself, which is not taking
subpage cases into consideration at all, it will only skip the range
if the page start >= the range start.
In our case, the page start < the range start, since for subpage cases
we can have delalloc ranges inside the folio but not covering the
folio.
So it doesn't skip the page range at all.
This means all the ordered extents, both [1568K, 1584K) and
[1584K, 1596K) will be marked as IOERR.
And these two ordered extents have no more pending ios, they are marked
finished, and *QUEUED* to be deleted from the io tree.
- extent_writepage() do error cleanup
Call btrfs_mark_ordered_io_finished() for the range [1536K, 1600K).
Although ranges [1568K, 1584K) and [1584K, 1596K) are finished, the
deletion from io tree is async, it may or may not happen at this
time.
If the ranges have not yet been removed, we will do double cleaning on
those ranges, triggering the above ordered extent warnings.
In theory there are other bugs, like the cleanup in extent_writepage()
can cause double accounting on ranges that are submitted asynchronously
(compression for example).
But that's much harder to trigger because normally we do not mix regular
and compression delalloc ranges.
[FIX]
The folio range split is already buggy and not subpage compatible, it
was introduced a long time ago where subpage support was not even considered.
So instead of splitting the ordered extents cleanup into the folio range
and out of folio range, do all the cleanup inside writepage_delalloc().
- Pass @NULL as locked_folio for btrfs_cleanup_ordered_extents() in
btrfs_run_delalloc_range()
- Skip the btrfs_cleanup_ordered_extents() if writepage_delalloc()
failed
So all ordered extents are only cleaned up by
btrfs_run_delalloc_range().
- Handle the ranges that already have ordered extents allocated
If part of the folio already has ordered extent allocated, and
btrfs_run_delalloc_range() failed, we also need to cleanup that range.
Now we have a concentrated error handling for ordered extents during
btrfs_run_delalloc_range().
Fixes: d1051d6ebf8e ("btrfs: Fix error handling in btrfs_cleanup_ordered_extents")
CC: stable(a)vger.kernel.org # 5.15+
Reviewed-by: Boris Burkov <boris(a)bur.io>
Signed-off-by: Qu Wenruo <wqu(a)suse.com>
Signed-off-by: David Sterba <dsterba(a)suse.com>
diff --git a/fs/btrfs/extent_io.c b/fs/btrfs/extent_io.c
index c068a442753c..bc2bd103c8cc 100644
--- a/fs/btrfs/extent_io.c
+++ b/fs/btrfs/extent_io.c
@@ -1134,14 +1134,19 @@ static bool find_next_delalloc_bitmap(struct folio *folio,
}
/*
- * helper for extent_writepage(), doing all of the delayed allocation setup.
+ * Do all of the delayed allocation setup.
*
- * This returns 1 if btrfs_run_delalloc_range function did all the work required
- * to write the page (copy into inline extent). In this case the IO has
- * been started and the page is already unlocked.
+ * Return >0 if all the dirty blocks are submitted async (compression) or inlined.
+ * The @folio should no longer be touched (treat it as already unlocked).
*
- * This returns 0 if all went well (page still locked)
- * This returns < 0 if there were errors (page still locked)
+ * Return 0 if there is still dirty block that needs to be submitted through
+ * extent_writepage_io().
+ * bio_ctrl->submit_bitmap will indicate which blocks of the folio should be
+ * submitted, and @folio is still kept locked.
+ *
+ * Return <0 if there is any error hit.
+ * Any allocated ordered extent range covering this folio will be marked
+ * finished (IOERR), and @folio is still kept locked.
*/
static noinline_for_stack int writepage_delalloc(struct btrfs_inode *inode,
struct folio *folio,
@@ -1159,6 +1164,16 @@ static noinline_for_stack int writepage_delalloc(struct btrfs_inode *inode,
* last delalloc end.
*/
u64 last_delalloc_end = 0;
+ /*
+ * The range end (exclusive) of the last successfully finished delalloc
+ * range.
+ * Any range covered by ordered extent must either be manually marked
+ * finished (error handling), or has IO submitted (and finish the
+ * ordered extent normally).
+ *
+ * This records the end of ordered extent cleanup if we hit an error.
+ */
+ u64 last_finished_delalloc_end = page_start;
u64 delalloc_start = page_start;
u64 delalloc_end = page_end;
u64 delalloc_to_write = 0;
@@ -1227,11 +1242,19 @@ static noinline_for_stack int writepage_delalloc(struct btrfs_inode *inode,
found_len = last_delalloc_end + 1 - found_start;
if (ret >= 0) {
+ /*
+ * Some delalloc range may be created by previous folios.
+ * Thus we still need to clean up this range during error
+ * handling.
+ */
+ last_finished_delalloc_end = found_start;
/* No errors hit so far, run the current delalloc range. */
ret = btrfs_run_delalloc_range(inode, folio,
found_start,
found_start + found_len - 1,
wbc);
+ if (ret >= 0)
+ last_finished_delalloc_end = found_start + found_len;
} else {
/*
* We've hit an error during previous delalloc range,
@@ -1266,8 +1289,22 @@ static noinline_for_stack int writepage_delalloc(struct btrfs_inode *inode,
delalloc_start = found_start + found_len;
}
- if (ret < 0)
+ /*
+ * It's possible we had some ordered extents created before we hit
+ * an error, cleanup non-async successfully created delalloc ranges.
+ */
+ if (unlikely(ret < 0)) {
+ unsigned int bitmap_size = min(
+ (last_finished_delalloc_end - page_start) >>
+ fs_info->sectorsize_bits,
+ fs_info->sectors_per_page);
+
+ for_each_set_bit(bit, &bio_ctrl->submit_bitmap, bitmap_size)
+ btrfs_mark_ordered_io_finished(inode, folio,
+ page_start + (bit << fs_info->sectorsize_bits),
+ fs_info->sectorsize, false);
return ret;
+ }
out:
if (last_delalloc_end)
delalloc_end = last_delalloc_end;
@@ -1501,13 +1538,13 @@ static int extent_writepage(struct folio *folio, struct btrfs_bio_ctrl *bio_ctrl
bio_ctrl->wbc->nr_to_write--;
-done:
- if (ret) {
+ if (ret)
btrfs_mark_ordered_io_finished(inode, folio,
page_start, PAGE_SIZE, !ret);
- mapping_set_error(folio->mapping, ret);
- }
+done:
+ if (ret < 0)
+ mapping_set_error(folio->mapping, ret);
/*
* Only unlock ranges that are submitted. As there can be some async
* submitted ranges inside the folio.
diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c
index 1546f341f9a4..b81afe757f64 100644
--- a/fs/btrfs/inode.c
+++ b/fs/btrfs/inode.c
@@ -2301,8 +2301,7 @@ int btrfs_run_delalloc_range(struct btrfs_inode *inode, struct folio *locked_fol
out:
if (ret < 0)
- btrfs_cleanup_ordered_extents(inode, locked_folio, start,
- end - start + 1);
+ btrfs_cleanup_ordered_extents(inode, NULL, start, end - start + 1);
return ret;
}
2 months, 3 weeks
- 1
- 0
FAILED: patch "[PATCH] btrfs: fix double accounting race when" failed to apply to 6.12-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.12-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y
git checkout FETCH_HEAD
git cherry-pick -x 72dad8e377afa50435940adfb697e070d3556670
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025020547-navigator-sesame-819a@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 72dad8e377afa50435940adfb697e070d3556670 Mon Sep 17 00:00:00 2001
From: Qu Wenruo <wqu(a)suse.com>
Date: Thu, 12 Dec 2024 16:43:55 +1030
Subject: [PATCH] btrfs: fix double accounting race when
btrfs_run_delalloc_range() failed
[BUG]
When running btrfs with block size (4K) smaller than page size (64K,
aarch64), there is a very high chance to crash the kernel at
generic/750, with the following messages:
(before the call traces, there are 3 extra debug messages added)
BTRFS warning (device dm-3): read-write for sector size 4096 with page size 65536 is experimental
BTRFS info (device dm-3): checking UUID tree
hrtimer: interrupt took 5451385 ns
BTRFS error (device dm-3): cow_file_range failed, root=4957 inode=257 start=1605632 len=69632: -28
BTRFS error (device dm-3): run_delalloc_nocow failed, root=4957 inode=257 start=1605632 len=69632: -28
BTRFS error (device dm-3): failed to run delalloc range, root=4957 ino=257 folio=1572864 submit_bitmap=8-15 start=1605632 len=69632: -28
------------[ cut here ]------------
WARNING: CPU: 2 PID: 3020984 at ordered-data.c:360 can_finish_ordered_extent+0x370/0x3b8 [btrfs]
CPU: 2 UID: 0 PID: 3020984 Comm: kworker/u24:1 Tainted: G OE 6.13.0-rc1-custom+ #89
Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE
Hardware name: QEMU KVM Virtual Machine, BIOS unknown 2/2/2022
Workqueue: events_unbound btrfs_async_reclaim_data_space [btrfs]
pc : can_finish_ordered_extent+0x370/0x3b8 [btrfs]
lr : can_finish_ordered_extent+0x1ec/0x3b8 [btrfs]
Call trace:
can_finish_ordered_extent+0x370/0x3b8 [btrfs] (P)
can_finish_ordered_extent+0x1ec/0x3b8 [btrfs] (L)
btrfs_mark_ordered_io_finished+0x130/0x2b8 [btrfs]
extent_writepage+0x10c/0x3b8 [btrfs]
extent_write_cache_pages+0x21c/0x4e8 [btrfs]
btrfs_writepages+0x94/0x160 [btrfs]
do_writepages+0x74/0x190
filemap_fdatawrite_wbc+0x74/0xa0
start_delalloc_inodes+0x17c/0x3b0 [btrfs]
btrfs_start_delalloc_roots+0x17c/0x288 [btrfs]
shrink_delalloc+0x11c/0x280 [btrfs]
flush_space+0x288/0x328 [btrfs]
btrfs_async_reclaim_data_space+0x180/0x228 [btrfs]
process_one_work+0x228/0x680
worker_thread+0x1bc/0x360
kthread+0x100/0x118
ret_from_fork+0x10/0x20
---[ end trace 0000000000000000 ]---
BTRFS critical (device dm-3): bad ordered extent accounting, root=4957 ino=257 OE offset=1605632 OE len=16384 to_dec=16384 left=0
BTRFS critical (device dm-3): bad ordered extent accounting, root=4957 ino=257 OE offset=1622016 OE len=12288 to_dec=12288 left=0
Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008
BTRFS critical (device dm-3): bad ordered extent accounting, root=4957 ino=257 OE offset=1634304 OE len=8192 to_dec=4096 left=0
CPU: 1 UID: 0 PID: 3286940 Comm: kworker/u24:3 Tainted: G W OE 6.13.0-rc1-custom+ #89
Hardware name: QEMU KVM Virtual Machine, BIOS unknown 2/2/2022
Workqueue: btrfs_work_helper [btrfs] (btrfs-endio-write)
pstate: 404000c5 (nZcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : process_one_work+0x110/0x680
lr : worker_thread+0x1bc/0x360
Call trace:
process_one_work+0x110/0x680 (P)
worker_thread+0x1bc/0x360 (L)
worker_thread+0x1bc/0x360
kthread+0x100/0x118
ret_from_fork+0x10/0x20
Code: f84086a1 f9000fe1 53041c21 b9003361 (f9400661)
---[ end trace 0000000000000000 ]---
Kernel panic - not syncing: Oops: Fatal exception
SMP: stopping secondary CPUs
SMP: failed to stop secondary CPUs 2-3
Dumping ftrace buffer:
(ftrace buffer empty)
Kernel Offset: 0x275bb9540000 from 0xffff800080000000
PHYS_OFFSET: 0xffff8fbba0000000
CPU features: 0x100,00000070,00801250,8201720b
[CAUSE]
The above warning is triggered immediately after the delalloc range
failure, this happens in the following sequence:
- Range [1568K, 1636K) is dirty
1536K 1568K 1600K 1636K 1664K
| |/////////|////////| |
Where 1536K, 1600K and 1664K are page boundaries (64K page size)
- Enter extent_writepage() for page 1536K
- Enter run_delalloc_nocow() with locked page 1536K and range
[1568K, 1636K)
This is due to the inode having preallocated extents.
- Enter cow_file_range() with locked page 1536K and range
[1568K, 1636K)
- btrfs_reserve_extent() only reserved two extents
The main loop of cow_file_range() only reserved two data extents,
Now we have:
1536K 1568K 1600K 1636K 1664K
| |<-->|<--->|/|///////| |
1584K 1596K
Range [1568K, 1596K) has an ordered extent reserved.
- btrfs_reserve_extent() failed inside cow_file_range() for file offset
1596K
This is already a bug in our space reservation code, but for now let's
focus on the error handling path.
Now cow_file_range() returned -ENOSPC.
- btrfs_run_delalloc_range() do error cleanup <<< ROOT CAUSE
Call btrfs_cleanup_ordered_extents() with locked folio 1536K and range
[1568K, 1636K)
Function btrfs_cleanup_ordered_extents() normally needs to skip the
ranges inside the folio, as it will normally be cleaned up by
extent_writepage().
Such split error handling is already problematic in the first place.
What's worse is the folio range skipping itself, which is not taking
subpage cases into consideration at all, it will only skip the range
if the page start >= the range start.
In our case, the page start < the range start, since for subpage cases
we can have delalloc ranges inside the folio but not covering the
folio.
So it doesn't skip the page range at all.
This means all the ordered extents, both [1568K, 1584K) and
[1584K, 1596K) will be marked as IOERR.
And these two ordered extents have no more pending ios, they are marked
finished, and *QUEUED* to be deleted from the io tree.
- extent_writepage() do error cleanup
Call btrfs_mark_ordered_io_finished() for the range [1536K, 1600K).
Although ranges [1568K, 1584K) and [1584K, 1596K) are finished, the
deletion from io tree is async, it may or may not happen at this
time.
If the ranges have not yet been removed, we will do double cleaning on
those ranges, triggering the above ordered extent warnings.
In theory there are other bugs, like the cleanup in extent_writepage()
can cause double accounting on ranges that are submitted asynchronously
(compression for example).
But that's much harder to trigger because normally we do not mix regular
and compression delalloc ranges.
[FIX]
The folio range split is already buggy and not subpage compatible, it
was introduced a long time ago where subpage support was not even considered.
So instead of splitting the ordered extents cleanup into the folio range
and out of folio range, do all the cleanup inside writepage_delalloc().
- Pass @NULL as locked_folio for btrfs_cleanup_ordered_extents() in
btrfs_run_delalloc_range()
- Skip the btrfs_cleanup_ordered_extents() if writepage_delalloc()
failed
So all ordered extents are only cleaned up by
btrfs_run_delalloc_range().
- Handle the ranges that already have ordered extents allocated
If part of the folio already has ordered extent allocated, and
btrfs_run_delalloc_range() failed, we also need to cleanup that range.
Now we have a concentrated error handling for ordered extents during
btrfs_run_delalloc_range().
Fixes: d1051d6ebf8e ("btrfs: Fix error handling in btrfs_cleanup_ordered_extents")
CC: stable(a)vger.kernel.org # 5.15+
Reviewed-by: Boris Burkov <boris(a)bur.io>
Signed-off-by: Qu Wenruo <wqu(a)suse.com>
Signed-off-by: David Sterba <dsterba(a)suse.com>
diff --git a/fs/btrfs/extent_io.c b/fs/btrfs/extent_io.c
index c068a442753c..bc2bd103c8cc 100644
--- a/fs/btrfs/extent_io.c
+++ b/fs/btrfs/extent_io.c
@@ -1134,14 +1134,19 @@ static bool find_next_delalloc_bitmap(struct folio *folio,
}
/*
- * helper for extent_writepage(), doing all of the delayed allocation setup.
+ * Do all of the delayed allocation setup.
*
- * This returns 1 if btrfs_run_delalloc_range function did all the work required
- * to write the page (copy into inline extent). In this case the IO has
- * been started and the page is already unlocked.
+ * Return >0 if all the dirty blocks are submitted async (compression) or inlined.
+ * The @folio should no longer be touched (treat it as already unlocked).
*
- * This returns 0 if all went well (page still locked)
- * This returns < 0 if there were errors (page still locked)
+ * Return 0 if there is still dirty block that needs to be submitted through
+ * extent_writepage_io().
+ * bio_ctrl->submit_bitmap will indicate which blocks of the folio should be
+ * submitted, and @folio is still kept locked.
+ *
+ * Return <0 if there is any error hit.
+ * Any allocated ordered extent range covering this folio will be marked
+ * finished (IOERR), and @folio is still kept locked.
*/
static noinline_for_stack int writepage_delalloc(struct btrfs_inode *inode,
struct folio *folio,
@@ -1159,6 +1164,16 @@ static noinline_for_stack int writepage_delalloc(struct btrfs_inode *inode,
* last delalloc end.
*/
u64 last_delalloc_end = 0;
+ /*
+ * The range end (exclusive) of the last successfully finished delalloc
+ * range.
+ * Any range covered by ordered extent must either be manually marked
+ * finished (error handling), or has IO submitted (and finish the
+ * ordered extent normally).
+ *
+ * This records the end of ordered extent cleanup if we hit an error.
+ */
+ u64 last_finished_delalloc_end = page_start;
u64 delalloc_start = page_start;
u64 delalloc_end = page_end;
u64 delalloc_to_write = 0;
@@ -1227,11 +1242,19 @@ static noinline_for_stack int writepage_delalloc(struct btrfs_inode *inode,
found_len = last_delalloc_end + 1 - found_start;
if (ret >= 0) {
+ /*
+ * Some delalloc range may be created by previous folios.
+ * Thus we still need to clean up this range during error
+ * handling.
+ */
+ last_finished_delalloc_end = found_start;
/* No errors hit so far, run the current delalloc range. */
ret = btrfs_run_delalloc_range(inode, folio,
found_start,
found_start + found_len - 1,
wbc);
+ if (ret >= 0)
+ last_finished_delalloc_end = found_start + found_len;
} else {
/*
* We've hit an error during previous delalloc range,
@@ -1266,8 +1289,22 @@ static noinline_for_stack int writepage_delalloc(struct btrfs_inode *inode,
delalloc_start = found_start + found_len;
}
- if (ret < 0)
+ /*
+ * It's possible we had some ordered extents created before we hit
+ * an error, cleanup non-async successfully created delalloc ranges.
+ */
+ if (unlikely(ret < 0)) {
+ unsigned int bitmap_size = min(
+ (last_finished_delalloc_end - page_start) >>
+ fs_info->sectorsize_bits,
+ fs_info->sectors_per_page);
+
+ for_each_set_bit(bit, &bio_ctrl->submit_bitmap, bitmap_size)
+ btrfs_mark_ordered_io_finished(inode, folio,
+ page_start + (bit << fs_info->sectorsize_bits),
+ fs_info->sectorsize, false);
return ret;
+ }
out:
if (last_delalloc_end)
delalloc_end = last_delalloc_end;
@@ -1501,13 +1538,13 @@ static int extent_writepage(struct folio *folio, struct btrfs_bio_ctrl *bio_ctrl
bio_ctrl->wbc->nr_to_write--;
-done:
- if (ret) {
+ if (ret)
btrfs_mark_ordered_io_finished(inode, folio,
page_start, PAGE_SIZE, !ret);
- mapping_set_error(folio->mapping, ret);
- }
+done:
+ if (ret < 0)
+ mapping_set_error(folio->mapping, ret);
/*
* Only unlock ranges that are submitted. As there can be some async
* submitted ranges inside the folio.
diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c
index 1546f341f9a4..b81afe757f64 100644
--- a/fs/btrfs/inode.c
+++ b/fs/btrfs/inode.c
@@ -2301,8 +2301,7 @@ int btrfs_run_delalloc_range(struct btrfs_inode *inode, struct folio *locked_fol
out:
if (ret < 0)
- btrfs_cleanup_ordered_extents(inode, locked_folio, start,
- end - start + 1);
+ btrfs_cleanup_ordered_extents(inode, NULL, start, end - start + 1);
return ret;
}
2 months, 3 weeks
- 1
- 0
FAILED: patch "[PATCH] btrfs: fix double accounting race when" failed to apply to 6.13-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.13-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.13.y
git checkout FETCH_HEAD
git cherry-pick -x 72dad8e377afa50435940adfb697e070d3556670
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025020544-aftermath-monkhood-1fa2@gregkh' --subject-prefix 'PATCH 6.13.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 72dad8e377afa50435940adfb697e070d3556670 Mon Sep 17 00:00:00 2001
From: Qu Wenruo <wqu(a)suse.com>
Date: Thu, 12 Dec 2024 16:43:55 +1030
Subject: [PATCH] btrfs: fix double accounting race when
btrfs_run_delalloc_range() failed
[BUG]
When running btrfs with block size (4K) smaller than page size (64K,
aarch64), there is a very high chance to crash the kernel at
generic/750, with the following messages:
(before the call traces, there are 3 extra debug messages added)
BTRFS warning (device dm-3): read-write for sector size 4096 with page size 65536 is experimental
BTRFS info (device dm-3): checking UUID tree
hrtimer: interrupt took 5451385 ns
BTRFS error (device dm-3): cow_file_range failed, root=4957 inode=257 start=1605632 len=69632: -28
BTRFS error (device dm-3): run_delalloc_nocow failed, root=4957 inode=257 start=1605632 len=69632: -28
BTRFS error (device dm-3): failed to run delalloc range, root=4957 ino=257 folio=1572864 submit_bitmap=8-15 start=1605632 len=69632: -28
------------[ cut here ]------------
WARNING: CPU: 2 PID: 3020984 at ordered-data.c:360 can_finish_ordered_extent+0x370/0x3b8 [btrfs]
CPU: 2 UID: 0 PID: 3020984 Comm: kworker/u24:1 Tainted: G OE 6.13.0-rc1-custom+ #89
Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE
Hardware name: QEMU KVM Virtual Machine, BIOS unknown 2/2/2022
Workqueue: events_unbound btrfs_async_reclaim_data_space [btrfs]
pc : can_finish_ordered_extent+0x370/0x3b8 [btrfs]
lr : can_finish_ordered_extent+0x1ec/0x3b8 [btrfs]
Call trace:
can_finish_ordered_extent+0x370/0x3b8 [btrfs] (P)
can_finish_ordered_extent+0x1ec/0x3b8 [btrfs] (L)
btrfs_mark_ordered_io_finished+0x130/0x2b8 [btrfs]
extent_writepage+0x10c/0x3b8 [btrfs]
extent_write_cache_pages+0x21c/0x4e8 [btrfs]
btrfs_writepages+0x94/0x160 [btrfs]
do_writepages+0x74/0x190
filemap_fdatawrite_wbc+0x74/0xa0
start_delalloc_inodes+0x17c/0x3b0 [btrfs]
btrfs_start_delalloc_roots+0x17c/0x288 [btrfs]
shrink_delalloc+0x11c/0x280 [btrfs]
flush_space+0x288/0x328 [btrfs]
btrfs_async_reclaim_data_space+0x180/0x228 [btrfs]
process_one_work+0x228/0x680
worker_thread+0x1bc/0x360
kthread+0x100/0x118
ret_from_fork+0x10/0x20
---[ end trace 0000000000000000 ]---
BTRFS critical (device dm-3): bad ordered extent accounting, root=4957 ino=257 OE offset=1605632 OE len=16384 to_dec=16384 left=0
BTRFS critical (device dm-3): bad ordered extent accounting, root=4957 ino=257 OE offset=1622016 OE len=12288 to_dec=12288 left=0
Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008
BTRFS critical (device dm-3): bad ordered extent accounting, root=4957 ino=257 OE offset=1634304 OE len=8192 to_dec=4096 left=0
CPU: 1 UID: 0 PID: 3286940 Comm: kworker/u24:3 Tainted: G W OE 6.13.0-rc1-custom+ #89
Hardware name: QEMU KVM Virtual Machine, BIOS unknown 2/2/2022
Workqueue: btrfs_work_helper [btrfs] (btrfs-endio-write)
pstate: 404000c5 (nZcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : process_one_work+0x110/0x680
lr : worker_thread+0x1bc/0x360
Call trace:
process_one_work+0x110/0x680 (P)
worker_thread+0x1bc/0x360 (L)
worker_thread+0x1bc/0x360
kthread+0x100/0x118
ret_from_fork+0x10/0x20
Code: f84086a1 f9000fe1 53041c21 b9003361 (f9400661)
---[ end trace 0000000000000000 ]---
Kernel panic - not syncing: Oops: Fatal exception
SMP: stopping secondary CPUs
SMP: failed to stop secondary CPUs 2-3
Dumping ftrace buffer:
(ftrace buffer empty)
Kernel Offset: 0x275bb9540000 from 0xffff800080000000
PHYS_OFFSET: 0xffff8fbba0000000
CPU features: 0x100,00000070,00801250,8201720b
[CAUSE]
The above warning is triggered immediately after the delalloc range
failure, this happens in the following sequence:
- Range [1568K, 1636K) is dirty
1536K 1568K 1600K 1636K 1664K
| |/////////|////////| |
Where 1536K, 1600K and 1664K are page boundaries (64K page size)
- Enter extent_writepage() for page 1536K
- Enter run_delalloc_nocow() with locked page 1536K and range
[1568K, 1636K)
This is due to the inode having preallocated extents.
- Enter cow_file_range() with locked page 1536K and range
[1568K, 1636K)
- btrfs_reserve_extent() only reserved two extents
The main loop of cow_file_range() only reserved two data extents,
Now we have:
1536K 1568K 1600K 1636K 1664K
| |<-->|<--->|/|///////| |
1584K 1596K
Range [1568K, 1596K) has an ordered extent reserved.
- btrfs_reserve_extent() failed inside cow_file_range() for file offset
1596K
This is already a bug in our space reservation code, but for now let's
focus on the error handling path.
Now cow_file_range() returned -ENOSPC.
- btrfs_run_delalloc_range() do error cleanup <<< ROOT CAUSE
Call btrfs_cleanup_ordered_extents() with locked folio 1536K and range
[1568K, 1636K)
Function btrfs_cleanup_ordered_extents() normally needs to skip the
ranges inside the folio, as it will normally be cleaned up by
extent_writepage().
Such split error handling is already problematic in the first place.
What's worse is the folio range skipping itself, which is not taking
subpage cases into consideration at all, it will only skip the range
if the page start >= the range start.
In our case, the page start < the range start, since for subpage cases
we can have delalloc ranges inside the folio but not covering the
folio.
So it doesn't skip the page range at all.
This means all the ordered extents, both [1568K, 1584K) and
[1584K, 1596K) will be marked as IOERR.
And these two ordered extents have no more pending ios, they are marked
finished, and *QUEUED* to be deleted from the io tree.
- extent_writepage() do error cleanup
Call btrfs_mark_ordered_io_finished() for the range [1536K, 1600K).
Although ranges [1568K, 1584K) and [1584K, 1596K) are finished, the
deletion from io tree is async, it may or may not happen at this
time.
If the ranges have not yet been removed, we will do double cleaning on
those ranges, triggering the above ordered extent warnings.
In theory there are other bugs, like the cleanup in extent_writepage()
can cause double accounting on ranges that are submitted asynchronously
(compression for example).
But that's much harder to trigger because normally we do not mix regular
and compression delalloc ranges.
[FIX]
The folio range split is already buggy and not subpage compatible, it
was introduced a long time ago where subpage support was not even considered.
So instead of splitting the ordered extents cleanup into the folio range
and out of folio range, do all the cleanup inside writepage_delalloc().
- Pass @NULL as locked_folio for btrfs_cleanup_ordered_extents() in
btrfs_run_delalloc_range()
- Skip the btrfs_cleanup_ordered_extents() if writepage_delalloc()
failed
So all ordered extents are only cleaned up by
btrfs_run_delalloc_range().
- Handle the ranges that already have ordered extents allocated
If part of the folio already has ordered extent allocated, and
btrfs_run_delalloc_range() failed, we also need to cleanup that range.
Now we have a concentrated error handling for ordered extents during
btrfs_run_delalloc_range().
Fixes: d1051d6ebf8e ("btrfs: Fix error handling in btrfs_cleanup_ordered_extents")
CC: stable(a)vger.kernel.org # 5.15+
Reviewed-by: Boris Burkov <boris(a)bur.io>
Signed-off-by: Qu Wenruo <wqu(a)suse.com>
Signed-off-by: David Sterba <dsterba(a)suse.com>
diff --git a/fs/btrfs/extent_io.c b/fs/btrfs/extent_io.c
index c068a442753c..bc2bd103c8cc 100644
--- a/fs/btrfs/extent_io.c
+++ b/fs/btrfs/extent_io.c
@@ -1134,14 +1134,19 @@ static bool find_next_delalloc_bitmap(struct folio *folio,
}
/*
- * helper for extent_writepage(), doing all of the delayed allocation setup.
+ * Do all of the delayed allocation setup.
*
- * This returns 1 if btrfs_run_delalloc_range function did all the work required
- * to write the page (copy into inline extent). In this case the IO has
- * been started and the page is already unlocked.
+ * Return >0 if all the dirty blocks are submitted async (compression) or inlined.
+ * The @folio should no longer be touched (treat it as already unlocked).
*
- * This returns 0 if all went well (page still locked)
- * This returns < 0 if there were errors (page still locked)
+ * Return 0 if there is still dirty block that needs to be submitted through
+ * extent_writepage_io().
+ * bio_ctrl->submit_bitmap will indicate which blocks of the folio should be
+ * submitted, and @folio is still kept locked.
+ *
+ * Return <0 if there is any error hit.
+ * Any allocated ordered extent range covering this folio will be marked
+ * finished (IOERR), and @folio is still kept locked.
*/
static noinline_for_stack int writepage_delalloc(struct btrfs_inode *inode,
struct folio *folio,
@@ -1159,6 +1164,16 @@ static noinline_for_stack int writepage_delalloc(struct btrfs_inode *inode,
* last delalloc end.
*/
u64 last_delalloc_end = 0;
+ /*
+ * The range end (exclusive) of the last successfully finished delalloc
+ * range.
+ * Any range covered by ordered extent must either be manually marked
+ * finished (error handling), or has IO submitted (and finish the
+ * ordered extent normally).
+ *
+ * This records the end of ordered extent cleanup if we hit an error.
+ */
+ u64 last_finished_delalloc_end = page_start;
u64 delalloc_start = page_start;
u64 delalloc_end = page_end;
u64 delalloc_to_write = 0;
@@ -1227,11 +1242,19 @@ static noinline_for_stack int writepage_delalloc(struct btrfs_inode *inode,
found_len = last_delalloc_end + 1 - found_start;
if (ret >= 0) {
+ /*
+ * Some delalloc range may be created by previous folios.
+ * Thus we still need to clean up this range during error
+ * handling.
+ */
+ last_finished_delalloc_end = found_start;
/* No errors hit so far, run the current delalloc range. */
ret = btrfs_run_delalloc_range(inode, folio,
found_start,
found_start + found_len - 1,
wbc);
+ if (ret >= 0)
+ last_finished_delalloc_end = found_start + found_len;
} else {
/*
* We've hit an error during previous delalloc range,
@@ -1266,8 +1289,22 @@ static noinline_for_stack int writepage_delalloc(struct btrfs_inode *inode,
delalloc_start = found_start + found_len;
}
- if (ret < 0)
+ /*
+ * It's possible we had some ordered extents created before we hit
+ * an error, cleanup non-async successfully created delalloc ranges.
+ */
+ if (unlikely(ret < 0)) {
+ unsigned int bitmap_size = min(
+ (last_finished_delalloc_end - page_start) >>
+ fs_info->sectorsize_bits,
+ fs_info->sectors_per_page);
+
+ for_each_set_bit(bit, &bio_ctrl->submit_bitmap, bitmap_size)
+ btrfs_mark_ordered_io_finished(inode, folio,
+ page_start + (bit << fs_info->sectorsize_bits),
+ fs_info->sectorsize, false);
return ret;
+ }
out:
if (last_delalloc_end)
delalloc_end = last_delalloc_end;
@@ -1501,13 +1538,13 @@ static int extent_writepage(struct folio *folio, struct btrfs_bio_ctrl *bio_ctrl
bio_ctrl->wbc->nr_to_write--;
-done:
- if (ret) {
+ if (ret)
btrfs_mark_ordered_io_finished(inode, folio,
page_start, PAGE_SIZE, !ret);
- mapping_set_error(folio->mapping, ret);
- }
+done:
+ if (ret < 0)
+ mapping_set_error(folio->mapping, ret);
/*
* Only unlock ranges that are submitted. As there can be some async
* submitted ranges inside the folio.
diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c
index 1546f341f9a4..b81afe757f64 100644
--- a/fs/btrfs/inode.c
+++ b/fs/btrfs/inode.c
@@ -2301,8 +2301,7 @@ int btrfs_run_delalloc_range(struct btrfs_inode *inode, struct folio *locked_fol
out:
if (ret < 0)
- btrfs_cleanup_ordered_extents(inode, locked_folio, start,
- end - start + 1);
+ btrfs_cleanup_ordered_extents(inode, NULL, start, end - start + 1);
return ret;
}
2 months, 3 weeks
- 1
- 0
FAILED: patch "[PATCH] btrfs: fix double accounting race when extent_writepage_io()" failed to apply to 5.4-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 5.4-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y
git checkout FETCH_HEAD
git cherry-pick -x 8bf334beb3496da3c3fbf3daf3856f7eec70dacc
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025020538-unmoving-shelving-20de@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 8bf334beb3496da3c3fbf3daf3856f7eec70dacc Mon Sep 17 00:00:00 2001
From: Qu Wenruo <wqu(a)suse.com>
Date: Thu, 12 Dec 2024 16:43:56 +1030
Subject: [PATCH] btrfs: fix double accounting race when extent_writepage_io()
failed
[BUG]
If submit_one_sector() failed inside extent_writepage_io() for sector
size < page size cases (e.g. 4K sector size and 64K page size), then
we can hit double ordered extent accounting error.
This should be very rare, as submit_one_sector() only fails when we
failed to grab the extent map, and such extent map should exist inside
the memory and has been pinned.
[CAUSE]
For example we have the following folio layout:
0 4K 32K 48K 60K 64K
|//| |//////| |///|
Where |///| is the dirty range we need to writeback. The 3 different
dirty ranges are submitted for regular COW.
Now we hit the following sequence:
- submit_one_sector() returned 0 for [0, 4K)
- submit_one_sector() returned 0 for [32K, 48K)
- submit_one_sector() returned error for [60K, 64K)
- btrfs_mark_ordered_io_finished() called for the whole folio
This will mark the following ranges as finished:
* [0, 4K)
* [32K, 48K)
Both ranges have their IO already submitted, this cleanup will
lead to double accounting.
* [60K, 64K)
That's the correct cleanup.
The only good news is, this error is only theoretical, as the target
extent map is always pinned, thus we should directly grab it from
memory, other than reading it from the disk.
[FIX]
Instead of calling btrfs_mark_ordered_io_finished() for the whole folio
range, which can touch ranges we should not touch, instead
move the error handling inside extent_writepage_io().
So that we can cleanup exact sectors that ought to be submitted but failed.
This provides much more accurate cleanup, avoiding the double accounting.
CC: stable(a)vger.kernel.org # 5.15+
Signed-off-by: Qu Wenruo <wqu(a)suse.com>
Signed-off-by: David Sterba <dsterba(a)suse.com>
diff --git a/fs/btrfs/extent_io.c b/fs/btrfs/extent_io.c
index bc2bd103c8cc..5014134b9aa2 100644
--- a/fs/btrfs/extent_io.c
+++ b/fs/btrfs/extent_io.c
@@ -1420,6 +1420,7 @@ static noinline_for_stack int extent_writepage_io(struct btrfs_inode *inode,
struct btrfs_fs_info *fs_info = inode->root->fs_info;
unsigned long range_bitmap = 0;
bool submitted_io = false;
+ bool error = false;
const u64 folio_start = folio_pos(folio);
u64 cur;
int bit;
@@ -1462,11 +1463,26 @@ static noinline_for_stack int extent_writepage_io(struct btrfs_inode *inode,
break;
}
ret = submit_one_sector(inode, folio, cur, bio_ctrl, i_size);
- if (ret < 0)
- goto out;
+ if (unlikely(ret < 0)) {
+ /*
+ * bio_ctrl may contain a bio crossing several folios.
+ * Submit it immediately so that the bio has a chance
+ * to finish normally, other than marked as error.
+ */
+ submit_one_bio(bio_ctrl);
+ /*
+ * Failed to grab the extent map which should be very rare.
+ * Since there is no bio submitted to finish the ordered
+ * extent, we have to manually finish this sector.
+ */
+ btrfs_mark_ordered_io_finished(inode, folio, cur,
+ fs_info->sectorsize, false);
+ error = true;
+ continue;
+ }
submitted_io = true;
}
-out:
+
/*
* If we didn't submitted any sector (>= i_size), folio dirty get
* cleared but PAGECACHE_TAG_DIRTY is not cleared (only cleared
@@ -1474,8 +1490,11 @@ static noinline_for_stack int extent_writepage_io(struct btrfs_inode *inode,
*
* Here we set writeback and clear for the range. If the full folio
* is no longer dirty then we clear the PAGECACHE_TAG_DIRTY tag.
+ *
+ * If we hit any error, the corresponding sector will still be dirty
+ * thus no need to clear PAGECACHE_TAG_DIRTY.
*/
- if (!submitted_io) {
+ if (!submitted_io && !error) {
btrfs_folio_set_writeback(fs_info, folio, start, len);
btrfs_folio_clear_writeback(fs_info, folio, start, len);
}
@@ -1495,7 +1514,6 @@ static int extent_writepage(struct folio *folio, struct btrfs_bio_ctrl *bio_ctrl
{
struct btrfs_inode *inode = BTRFS_I(folio->mapping->host);
struct btrfs_fs_info *fs_info = inode->root->fs_info;
- const u64 page_start = folio_pos(folio);
int ret;
size_t pg_offset;
loff_t i_size = i_size_read(&inode->vfs_inode);
@@ -1538,10 +1556,6 @@ static int extent_writepage(struct folio *folio, struct btrfs_bio_ctrl *bio_ctrl
bio_ctrl->wbc->nr_to_write--;
- if (ret)
- btrfs_mark_ordered_io_finished(inode, folio,
- page_start, PAGE_SIZE, !ret);
-
done:
if (ret < 0)
mapping_set_error(folio->mapping, ret);
@@ -2314,11 +2328,8 @@ void extent_write_locked_range(struct inode *inode, const struct folio *locked_f
if (ret == 1)
goto next_page;
- if (ret) {
- btrfs_mark_ordered_io_finished(BTRFS_I(inode), folio,
- cur, cur_len, !ret);
+ if (ret)
mapping_set_error(mapping, ret);
- }
btrfs_folio_end_lock(fs_info, folio, cur, cur_len);
if (ret < 0)
found_error = true;
2 months, 3 weeks
- 1
- 0
FAILED: patch "[PATCH] btrfs: fix double accounting race when extent_writepage_io()" failed to apply to 5.10-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 5.10-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y
git checkout FETCH_HEAD
git cherry-pick -x 8bf334beb3496da3c3fbf3daf3856f7eec70dacc
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025020537-dominoes-catty-42c4@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 8bf334beb3496da3c3fbf3daf3856f7eec70dacc Mon Sep 17 00:00:00 2001
From: Qu Wenruo <wqu(a)suse.com>
Date: Thu, 12 Dec 2024 16:43:56 +1030
Subject: [PATCH] btrfs: fix double accounting race when extent_writepage_io()
failed
[BUG]
If submit_one_sector() failed inside extent_writepage_io() for sector
size < page size cases (e.g. 4K sector size and 64K page size), then
we can hit double ordered extent accounting error.
This should be very rare, as submit_one_sector() only fails when we
failed to grab the extent map, and such extent map should exist inside
the memory and has been pinned.
[CAUSE]
For example we have the following folio layout:
0 4K 32K 48K 60K 64K
|//| |//////| |///|
Where |///| is the dirty range we need to writeback. The 3 different
dirty ranges are submitted for regular COW.
Now we hit the following sequence:
- submit_one_sector() returned 0 for [0, 4K)
- submit_one_sector() returned 0 for [32K, 48K)
- submit_one_sector() returned error for [60K, 64K)
- btrfs_mark_ordered_io_finished() called for the whole folio
This will mark the following ranges as finished:
* [0, 4K)
* [32K, 48K)
Both ranges have their IO already submitted, this cleanup will
lead to double accounting.
* [60K, 64K)
That's the correct cleanup.
The only good news is, this error is only theoretical, as the target
extent map is always pinned, thus we should directly grab it from
memory, other than reading it from the disk.
[FIX]
Instead of calling btrfs_mark_ordered_io_finished() for the whole folio
range, which can touch ranges we should not touch, instead
move the error handling inside extent_writepage_io().
So that we can cleanup exact sectors that ought to be submitted but failed.
This provides much more accurate cleanup, avoiding the double accounting.
CC: stable(a)vger.kernel.org # 5.15+
Signed-off-by: Qu Wenruo <wqu(a)suse.com>
Signed-off-by: David Sterba <dsterba(a)suse.com>
diff --git a/fs/btrfs/extent_io.c b/fs/btrfs/extent_io.c
index bc2bd103c8cc..5014134b9aa2 100644
--- a/fs/btrfs/extent_io.c
+++ b/fs/btrfs/extent_io.c
@@ -1420,6 +1420,7 @@ static noinline_for_stack int extent_writepage_io(struct btrfs_inode *inode,
struct btrfs_fs_info *fs_info = inode->root->fs_info;
unsigned long range_bitmap = 0;
bool submitted_io = false;
+ bool error = false;
const u64 folio_start = folio_pos(folio);
u64 cur;
int bit;
@@ -1462,11 +1463,26 @@ static noinline_for_stack int extent_writepage_io(struct btrfs_inode *inode,
break;
}
ret = submit_one_sector(inode, folio, cur, bio_ctrl, i_size);
- if (ret < 0)
- goto out;
+ if (unlikely(ret < 0)) {
+ /*
+ * bio_ctrl may contain a bio crossing several folios.
+ * Submit it immediately so that the bio has a chance
+ * to finish normally, other than marked as error.
+ */
+ submit_one_bio(bio_ctrl);
+ /*
+ * Failed to grab the extent map which should be very rare.
+ * Since there is no bio submitted to finish the ordered
+ * extent, we have to manually finish this sector.
+ */
+ btrfs_mark_ordered_io_finished(inode, folio, cur,
+ fs_info->sectorsize, false);
+ error = true;
+ continue;
+ }
submitted_io = true;
}
-out:
+
/*
* If we didn't submitted any sector (>= i_size), folio dirty get
* cleared but PAGECACHE_TAG_DIRTY is not cleared (only cleared
@@ -1474,8 +1490,11 @@ static noinline_for_stack int extent_writepage_io(struct btrfs_inode *inode,
*
* Here we set writeback and clear for the range. If the full folio
* is no longer dirty then we clear the PAGECACHE_TAG_DIRTY tag.
+ *
+ * If we hit any error, the corresponding sector will still be dirty
+ * thus no need to clear PAGECACHE_TAG_DIRTY.
*/
- if (!submitted_io) {
+ if (!submitted_io && !error) {
btrfs_folio_set_writeback(fs_info, folio, start, len);
btrfs_folio_clear_writeback(fs_info, folio, start, len);
}
@@ -1495,7 +1514,6 @@ static int extent_writepage(struct folio *folio, struct btrfs_bio_ctrl *bio_ctrl
{
struct btrfs_inode *inode = BTRFS_I(folio->mapping->host);
struct btrfs_fs_info *fs_info = inode->root->fs_info;
- const u64 page_start = folio_pos(folio);
int ret;
size_t pg_offset;
loff_t i_size = i_size_read(&inode->vfs_inode);
@@ -1538,10 +1556,6 @@ static int extent_writepage(struct folio *folio, struct btrfs_bio_ctrl *bio_ctrl
bio_ctrl->wbc->nr_to_write--;
- if (ret)
- btrfs_mark_ordered_io_finished(inode, folio,
- page_start, PAGE_SIZE, !ret);
-
done:
if (ret < 0)
mapping_set_error(folio->mapping, ret);
@@ -2314,11 +2328,8 @@ void extent_write_locked_range(struct inode *inode, const struct folio *locked_f
if (ret == 1)
goto next_page;
- if (ret) {
- btrfs_mark_ordered_io_finished(BTRFS_I(inode), folio,
- cur, cur_len, !ret);
+ if (ret)
mapping_set_error(mapping, ret);
- }
btrfs_folio_end_lock(fs_info, folio, cur, cur_len);
if (ret < 0)
found_error = true;
2 months, 3 weeks
- 1
- 0
FAILED: patch "[PATCH] btrfs: fix double accounting race when extent_writepage_io()" failed to apply to 5.15-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 5.15-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y
git checkout FETCH_HEAD
git cherry-pick -x 8bf334beb3496da3c3fbf3daf3856f7eec70dacc
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025020535-spender-graveness-c15e@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 8bf334beb3496da3c3fbf3daf3856f7eec70dacc Mon Sep 17 00:00:00 2001
From: Qu Wenruo <wqu(a)suse.com>
Date: Thu, 12 Dec 2024 16:43:56 +1030
Subject: [PATCH] btrfs: fix double accounting race when extent_writepage_io()
failed
[BUG]
If submit_one_sector() failed inside extent_writepage_io() for sector
size < page size cases (e.g. 4K sector size and 64K page size), then
we can hit double ordered extent accounting error.
This should be very rare, as submit_one_sector() only fails when we
failed to grab the extent map, and such extent map should exist inside
the memory and has been pinned.
[CAUSE]
For example we have the following folio layout:
0 4K 32K 48K 60K 64K
|//| |//////| |///|
Where |///| is the dirty range we need to writeback. The 3 different
dirty ranges are submitted for regular COW.
Now we hit the following sequence:
- submit_one_sector() returned 0 for [0, 4K)
- submit_one_sector() returned 0 for [32K, 48K)
- submit_one_sector() returned error for [60K, 64K)
- btrfs_mark_ordered_io_finished() called for the whole folio
This will mark the following ranges as finished:
* [0, 4K)
* [32K, 48K)
Both ranges have their IO already submitted, this cleanup will
lead to double accounting.
* [60K, 64K)
That's the correct cleanup.
The only good news is, this error is only theoretical, as the target
extent map is always pinned, thus we should directly grab it from
memory, other than reading it from the disk.
[FIX]
Instead of calling btrfs_mark_ordered_io_finished() for the whole folio
range, which can touch ranges we should not touch, instead
move the error handling inside extent_writepage_io().
So that we can cleanup exact sectors that ought to be submitted but failed.
This provides much more accurate cleanup, avoiding the double accounting.
CC: stable(a)vger.kernel.org # 5.15+
Signed-off-by: Qu Wenruo <wqu(a)suse.com>
Signed-off-by: David Sterba <dsterba(a)suse.com>
diff --git a/fs/btrfs/extent_io.c b/fs/btrfs/extent_io.c
index bc2bd103c8cc..5014134b9aa2 100644
--- a/fs/btrfs/extent_io.c
+++ b/fs/btrfs/extent_io.c
@@ -1420,6 +1420,7 @@ static noinline_for_stack int extent_writepage_io(struct btrfs_inode *inode,
struct btrfs_fs_info *fs_info = inode->root->fs_info;
unsigned long range_bitmap = 0;
bool submitted_io = false;
+ bool error = false;
const u64 folio_start = folio_pos(folio);
u64 cur;
int bit;
@@ -1462,11 +1463,26 @@ static noinline_for_stack int extent_writepage_io(struct btrfs_inode *inode,
break;
}
ret = submit_one_sector(inode, folio, cur, bio_ctrl, i_size);
- if (ret < 0)
- goto out;
+ if (unlikely(ret < 0)) {
+ /*
+ * bio_ctrl may contain a bio crossing several folios.
+ * Submit it immediately so that the bio has a chance
+ * to finish normally, other than marked as error.
+ */
+ submit_one_bio(bio_ctrl);
+ /*
+ * Failed to grab the extent map which should be very rare.
+ * Since there is no bio submitted to finish the ordered
+ * extent, we have to manually finish this sector.
+ */
+ btrfs_mark_ordered_io_finished(inode, folio, cur,
+ fs_info->sectorsize, false);
+ error = true;
+ continue;
+ }
submitted_io = true;
}
-out:
+
/*
* If we didn't submitted any sector (>= i_size), folio dirty get
* cleared but PAGECACHE_TAG_DIRTY is not cleared (only cleared
@@ -1474,8 +1490,11 @@ static noinline_for_stack int extent_writepage_io(struct btrfs_inode *inode,
*
* Here we set writeback and clear for the range. If the full folio
* is no longer dirty then we clear the PAGECACHE_TAG_DIRTY tag.
+ *
+ * If we hit any error, the corresponding sector will still be dirty
+ * thus no need to clear PAGECACHE_TAG_DIRTY.
*/
- if (!submitted_io) {
+ if (!submitted_io && !error) {
btrfs_folio_set_writeback(fs_info, folio, start, len);
btrfs_folio_clear_writeback(fs_info, folio, start, len);
}
@@ -1495,7 +1514,6 @@ static int extent_writepage(struct folio *folio, struct btrfs_bio_ctrl *bio_ctrl
{
struct btrfs_inode *inode = BTRFS_I(folio->mapping->host);
struct btrfs_fs_info *fs_info = inode->root->fs_info;
- const u64 page_start = folio_pos(folio);
int ret;
size_t pg_offset;
loff_t i_size = i_size_read(&inode->vfs_inode);
@@ -1538,10 +1556,6 @@ static int extent_writepage(struct folio *folio, struct btrfs_bio_ctrl *bio_ctrl
bio_ctrl->wbc->nr_to_write--;
- if (ret)
- btrfs_mark_ordered_io_finished(inode, folio,
- page_start, PAGE_SIZE, !ret);
-
done:
if (ret < 0)
mapping_set_error(folio->mapping, ret);
@@ -2314,11 +2328,8 @@ void extent_write_locked_range(struct inode *inode, const struct folio *locked_f
if (ret == 1)
goto next_page;
- if (ret) {
- btrfs_mark_ordered_io_finished(BTRFS_I(inode), folio,
- cur, cur_len, !ret);
+ if (ret)
mapping_set_error(mapping, ret);
- }
btrfs_folio_end_lock(fs_info, folio, cur, cur_len);
if (ret < 0)
found_error = true;
2 months, 3 weeks
- 1
- 0
FAILED: patch "[PATCH] btrfs: fix double accounting race when extent_writepage_io()" failed to apply to 6.1-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.1-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y
git checkout FETCH_HEAD
git cherry-pick -x 8bf334beb3496da3c3fbf3daf3856f7eec70dacc
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025020534-imposing-hacksaw-eff6@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 8bf334beb3496da3c3fbf3daf3856f7eec70dacc Mon Sep 17 00:00:00 2001
From: Qu Wenruo <wqu(a)suse.com>
Date: Thu, 12 Dec 2024 16:43:56 +1030
Subject: [PATCH] btrfs: fix double accounting race when extent_writepage_io()
failed
[BUG]
If submit_one_sector() failed inside extent_writepage_io() for sector
size < page size cases (e.g. 4K sector size and 64K page size), then
we can hit double ordered extent accounting error.
This should be very rare, as submit_one_sector() only fails when we
failed to grab the extent map, and such extent map should exist inside
the memory and has been pinned.
[CAUSE]
For example we have the following folio layout:
0 4K 32K 48K 60K 64K
|//| |//////| |///|
Where |///| is the dirty range we need to writeback. The 3 different
dirty ranges are submitted for regular COW.
Now we hit the following sequence:
- submit_one_sector() returned 0 for [0, 4K)
- submit_one_sector() returned 0 for [32K, 48K)
- submit_one_sector() returned error for [60K, 64K)
- btrfs_mark_ordered_io_finished() called for the whole folio
This will mark the following ranges as finished:
* [0, 4K)
* [32K, 48K)
Both ranges have their IO already submitted, this cleanup will
lead to double accounting.
* [60K, 64K)
That's the correct cleanup.
The only good news is, this error is only theoretical, as the target
extent map is always pinned, thus we should directly grab it from
memory, other than reading it from the disk.
[FIX]
Instead of calling btrfs_mark_ordered_io_finished() for the whole folio
range, which can touch ranges we should not touch, instead
move the error handling inside extent_writepage_io().
So that we can cleanup exact sectors that ought to be submitted but failed.
This provides much more accurate cleanup, avoiding the double accounting.
CC: stable(a)vger.kernel.org # 5.15+
Signed-off-by: Qu Wenruo <wqu(a)suse.com>
Signed-off-by: David Sterba <dsterba(a)suse.com>
diff --git a/fs/btrfs/extent_io.c b/fs/btrfs/extent_io.c
index bc2bd103c8cc..5014134b9aa2 100644
--- a/fs/btrfs/extent_io.c
+++ b/fs/btrfs/extent_io.c
@@ -1420,6 +1420,7 @@ static noinline_for_stack int extent_writepage_io(struct btrfs_inode *inode,
struct btrfs_fs_info *fs_info = inode->root->fs_info;
unsigned long range_bitmap = 0;
bool submitted_io = false;
+ bool error = false;
const u64 folio_start = folio_pos(folio);
u64 cur;
int bit;
@@ -1462,11 +1463,26 @@ static noinline_for_stack int extent_writepage_io(struct btrfs_inode *inode,
break;
}
ret = submit_one_sector(inode, folio, cur, bio_ctrl, i_size);
- if (ret < 0)
- goto out;
+ if (unlikely(ret < 0)) {
+ /*
+ * bio_ctrl may contain a bio crossing several folios.
+ * Submit it immediately so that the bio has a chance
+ * to finish normally, other than marked as error.
+ */
+ submit_one_bio(bio_ctrl);
+ /*
+ * Failed to grab the extent map which should be very rare.
+ * Since there is no bio submitted to finish the ordered
+ * extent, we have to manually finish this sector.
+ */
+ btrfs_mark_ordered_io_finished(inode, folio, cur,
+ fs_info->sectorsize, false);
+ error = true;
+ continue;
+ }
submitted_io = true;
}
-out:
+
/*
* If we didn't submitted any sector (>= i_size), folio dirty get
* cleared but PAGECACHE_TAG_DIRTY is not cleared (only cleared
@@ -1474,8 +1490,11 @@ static noinline_for_stack int extent_writepage_io(struct btrfs_inode *inode,
*
* Here we set writeback and clear for the range. If the full folio
* is no longer dirty then we clear the PAGECACHE_TAG_DIRTY tag.
+ *
+ * If we hit any error, the corresponding sector will still be dirty
+ * thus no need to clear PAGECACHE_TAG_DIRTY.
*/
- if (!submitted_io) {
+ if (!submitted_io && !error) {
btrfs_folio_set_writeback(fs_info, folio, start, len);
btrfs_folio_clear_writeback(fs_info, folio, start, len);
}
@@ -1495,7 +1514,6 @@ static int extent_writepage(struct folio *folio, struct btrfs_bio_ctrl *bio_ctrl
{
struct btrfs_inode *inode = BTRFS_I(folio->mapping->host);
struct btrfs_fs_info *fs_info = inode->root->fs_info;
- const u64 page_start = folio_pos(folio);
int ret;
size_t pg_offset;
loff_t i_size = i_size_read(&inode->vfs_inode);
@@ -1538,10 +1556,6 @@ static int extent_writepage(struct folio *folio, struct btrfs_bio_ctrl *bio_ctrl
bio_ctrl->wbc->nr_to_write--;
- if (ret)
- btrfs_mark_ordered_io_finished(inode, folio,
- page_start, PAGE_SIZE, !ret);
-
done:
if (ret < 0)
mapping_set_error(folio->mapping, ret);
@@ -2314,11 +2328,8 @@ void extent_write_locked_range(struct inode *inode, const struct folio *locked_f
if (ret == 1)
goto next_page;
- if (ret) {
- btrfs_mark_ordered_io_finished(BTRFS_I(inode), folio,
- cur, cur_len, !ret);
+ if (ret)
mapping_set_error(mapping, ret);
- }
btrfs_folio_end_lock(fs_info, folio, cur, cur_len);
if (ret < 0)
found_error = true;
2 months, 3 weeks
- 1
- 0
FAILED: patch "[PATCH] btrfs: fix double accounting race when extent_writepage_io()" failed to apply to 6.6-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.6-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y
git checkout FETCH_HEAD
git cherry-pick -x 8bf334beb3496da3c3fbf3daf3856f7eec70dacc
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025020533-maturity-audacious-3a1f@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 8bf334beb3496da3c3fbf3daf3856f7eec70dacc Mon Sep 17 00:00:00 2001
From: Qu Wenruo <wqu(a)suse.com>
Date: Thu, 12 Dec 2024 16:43:56 +1030
Subject: [PATCH] btrfs: fix double accounting race when extent_writepage_io()
failed
[BUG]
If submit_one_sector() failed inside extent_writepage_io() for sector
size < page size cases (e.g. 4K sector size and 64K page size), then
we can hit double ordered extent accounting error.
This should be very rare, as submit_one_sector() only fails when we
failed to grab the extent map, and such extent map should exist inside
the memory and has been pinned.
[CAUSE]
For example we have the following folio layout:
0 4K 32K 48K 60K 64K
|//| |//////| |///|
Where |///| is the dirty range we need to writeback. The 3 different
dirty ranges are submitted for regular COW.
Now we hit the following sequence:
- submit_one_sector() returned 0 for [0, 4K)
- submit_one_sector() returned 0 for [32K, 48K)
- submit_one_sector() returned error for [60K, 64K)
- btrfs_mark_ordered_io_finished() called for the whole folio
This will mark the following ranges as finished:
* [0, 4K)
* [32K, 48K)
Both ranges have their IO already submitted, this cleanup will
lead to double accounting.
* [60K, 64K)
That's the correct cleanup.
The only good news is, this error is only theoretical, as the target
extent map is always pinned, thus we should directly grab it from
memory, other than reading it from the disk.
[FIX]
Instead of calling btrfs_mark_ordered_io_finished() for the whole folio
range, which can touch ranges we should not touch, instead
move the error handling inside extent_writepage_io().
So that we can cleanup exact sectors that ought to be submitted but failed.
This provides much more accurate cleanup, avoiding the double accounting.
CC: stable(a)vger.kernel.org # 5.15+
Signed-off-by: Qu Wenruo <wqu(a)suse.com>
Signed-off-by: David Sterba <dsterba(a)suse.com>
diff --git a/fs/btrfs/extent_io.c b/fs/btrfs/extent_io.c
index bc2bd103c8cc..5014134b9aa2 100644
--- a/fs/btrfs/extent_io.c
+++ b/fs/btrfs/extent_io.c
@@ -1420,6 +1420,7 @@ static noinline_for_stack int extent_writepage_io(struct btrfs_inode *inode,
struct btrfs_fs_info *fs_info = inode->root->fs_info;
unsigned long range_bitmap = 0;
bool submitted_io = false;
+ bool error = false;
const u64 folio_start = folio_pos(folio);
u64 cur;
int bit;
@@ -1462,11 +1463,26 @@ static noinline_for_stack int extent_writepage_io(struct btrfs_inode *inode,
break;
}
ret = submit_one_sector(inode, folio, cur, bio_ctrl, i_size);
- if (ret < 0)
- goto out;
+ if (unlikely(ret < 0)) {
+ /*
+ * bio_ctrl may contain a bio crossing several folios.
+ * Submit it immediately so that the bio has a chance
+ * to finish normally, other than marked as error.
+ */
+ submit_one_bio(bio_ctrl);
+ /*
+ * Failed to grab the extent map which should be very rare.
+ * Since there is no bio submitted to finish the ordered
+ * extent, we have to manually finish this sector.
+ */
+ btrfs_mark_ordered_io_finished(inode, folio, cur,
+ fs_info->sectorsize, false);
+ error = true;
+ continue;
+ }
submitted_io = true;
}
-out:
+
/*
* If we didn't submitted any sector (>= i_size), folio dirty get
* cleared but PAGECACHE_TAG_DIRTY is not cleared (only cleared
@@ -1474,8 +1490,11 @@ static noinline_for_stack int extent_writepage_io(struct btrfs_inode *inode,
*
* Here we set writeback and clear for the range. If the full folio
* is no longer dirty then we clear the PAGECACHE_TAG_DIRTY tag.
+ *
+ * If we hit any error, the corresponding sector will still be dirty
+ * thus no need to clear PAGECACHE_TAG_DIRTY.
*/
- if (!submitted_io) {
+ if (!submitted_io && !error) {
btrfs_folio_set_writeback(fs_info, folio, start, len);
btrfs_folio_clear_writeback(fs_info, folio, start, len);
}
@@ -1495,7 +1514,6 @@ static int extent_writepage(struct folio *folio, struct btrfs_bio_ctrl *bio_ctrl
{
struct btrfs_inode *inode = BTRFS_I(folio->mapping->host);
struct btrfs_fs_info *fs_info = inode->root->fs_info;
- const u64 page_start = folio_pos(folio);
int ret;
size_t pg_offset;
loff_t i_size = i_size_read(&inode->vfs_inode);
@@ -1538,10 +1556,6 @@ static int extent_writepage(struct folio *folio, struct btrfs_bio_ctrl *bio_ctrl
bio_ctrl->wbc->nr_to_write--;
- if (ret)
- btrfs_mark_ordered_io_finished(inode, folio,
- page_start, PAGE_SIZE, !ret);
-
done:
if (ret < 0)
mapping_set_error(folio->mapping, ret);
@@ -2314,11 +2328,8 @@ void extent_write_locked_range(struct inode *inode, const struct folio *locked_f
if (ret == 1)
goto next_page;
- if (ret) {
- btrfs_mark_ordered_io_finished(BTRFS_I(inode), folio,
- cur, cur_len, !ret);
+ if (ret)
mapping_set_error(mapping, ret);
- }
btrfs_folio_end_lock(fs_info, folio, cur, cur_len);
if (ret < 0)
found_error = true;
2 months, 3 weeks
- 1
- 0
FAILED: patch "[PATCH] btrfs: fix double accounting race when extent_writepage_io()" failed to apply to 6.12-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.12-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y
git checkout FETCH_HEAD
git cherry-pick -x 8bf334beb3496da3c3fbf3daf3856f7eec70dacc
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025020532-component-gratified-8153@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 8bf334beb3496da3c3fbf3daf3856f7eec70dacc Mon Sep 17 00:00:00 2001
From: Qu Wenruo <wqu(a)suse.com>
Date: Thu, 12 Dec 2024 16:43:56 +1030
Subject: [PATCH] btrfs: fix double accounting race when extent_writepage_io()
failed
[BUG]
If submit_one_sector() failed inside extent_writepage_io() for sector
size < page size cases (e.g. 4K sector size and 64K page size), then
we can hit double ordered extent accounting error.
This should be very rare, as submit_one_sector() only fails when we
failed to grab the extent map, and such extent map should exist inside
the memory and has been pinned.
[CAUSE]
For example we have the following folio layout:
0 4K 32K 48K 60K 64K
|//| |//////| |///|
Where |///| is the dirty range we need to writeback. The 3 different
dirty ranges are submitted for regular COW.
Now we hit the following sequence:
- submit_one_sector() returned 0 for [0, 4K)
- submit_one_sector() returned 0 for [32K, 48K)
- submit_one_sector() returned error for [60K, 64K)
- btrfs_mark_ordered_io_finished() called for the whole folio
This will mark the following ranges as finished:
* [0, 4K)
* [32K, 48K)
Both ranges have their IO already submitted, this cleanup will
lead to double accounting.
* [60K, 64K)
That's the correct cleanup.
The only good news is, this error is only theoretical, as the target
extent map is always pinned, thus we should directly grab it from
memory, other than reading it from the disk.
[FIX]
Instead of calling btrfs_mark_ordered_io_finished() for the whole folio
range, which can touch ranges we should not touch, instead
move the error handling inside extent_writepage_io().
So that we can cleanup exact sectors that ought to be submitted but failed.
This provides much more accurate cleanup, avoiding the double accounting.
CC: stable(a)vger.kernel.org # 5.15+
Signed-off-by: Qu Wenruo <wqu(a)suse.com>
Signed-off-by: David Sterba <dsterba(a)suse.com>
diff --git a/fs/btrfs/extent_io.c b/fs/btrfs/extent_io.c
index bc2bd103c8cc..5014134b9aa2 100644
--- a/fs/btrfs/extent_io.c
+++ b/fs/btrfs/extent_io.c
@@ -1420,6 +1420,7 @@ static noinline_for_stack int extent_writepage_io(struct btrfs_inode *inode,
struct btrfs_fs_info *fs_info = inode->root->fs_info;
unsigned long range_bitmap = 0;
bool submitted_io = false;
+ bool error = false;
const u64 folio_start = folio_pos(folio);
u64 cur;
int bit;
@@ -1462,11 +1463,26 @@ static noinline_for_stack int extent_writepage_io(struct btrfs_inode *inode,
break;
}
ret = submit_one_sector(inode, folio, cur, bio_ctrl, i_size);
- if (ret < 0)
- goto out;
+ if (unlikely(ret < 0)) {
+ /*
+ * bio_ctrl may contain a bio crossing several folios.
+ * Submit it immediately so that the bio has a chance
+ * to finish normally, other than marked as error.
+ */
+ submit_one_bio(bio_ctrl);
+ /*
+ * Failed to grab the extent map which should be very rare.
+ * Since there is no bio submitted to finish the ordered
+ * extent, we have to manually finish this sector.
+ */
+ btrfs_mark_ordered_io_finished(inode, folio, cur,
+ fs_info->sectorsize, false);
+ error = true;
+ continue;
+ }
submitted_io = true;
}
-out:
+
/*
* If we didn't submitted any sector (>= i_size), folio dirty get
* cleared but PAGECACHE_TAG_DIRTY is not cleared (only cleared
@@ -1474,8 +1490,11 @@ static noinline_for_stack int extent_writepage_io(struct btrfs_inode *inode,
*
* Here we set writeback and clear for the range. If the full folio
* is no longer dirty then we clear the PAGECACHE_TAG_DIRTY tag.
+ *
+ * If we hit any error, the corresponding sector will still be dirty
+ * thus no need to clear PAGECACHE_TAG_DIRTY.
*/
- if (!submitted_io) {
+ if (!submitted_io && !error) {
btrfs_folio_set_writeback(fs_info, folio, start, len);
btrfs_folio_clear_writeback(fs_info, folio, start, len);
}
@@ -1495,7 +1514,6 @@ static int extent_writepage(struct folio *folio, struct btrfs_bio_ctrl *bio_ctrl
{
struct btrfs_inode *inode = BTRFS_I(folio->mapping->host);
struct btrfs_fs_info *fs_info = inode->root->fs_info;
- const u64 page_start = folio_pos(folio);
int ret;
size_t pg_offset;
loff_t i_size = i_size_read(&inode->vfs_inode);
@@ -1538,10 +1556,6 @@ static int extent_writepage(struct folio *folio, struct btrfs_bio_ctrl *bio_ctrl
bio_ctrl->wbc->nr_to_write--;
- if (ret)
- btrfs_mark_ordered_io_finished(inode, folio,
- page_start, PAGE_SIZE, !ret);
-
done:
if (ret < 0)
mapping_set_error(folio->mapping, ret);
@@ -2314,11 +2328,8 @@ void extent_write_locked_range(struct inode *inode, const struct folio *locked_f
if (ret == 1)
goto next_page;
- if (ret) {
- btrfs_mark_ordered_io_finished(BTRFS_I(inode), folio,
- cur, cur_len, !ret);
+ if (ret)
mapping_set_error(mapping, ret);
- }
btrfs_folio_end_lock(fs_info, folio, cur, cur_len);
if (ret < 0)
found_error = true;
2 months, 3 weeks
- 1
- 0
FAILED: patch "[PATCH] btrfs: fix double accounting race when extent_writepage_io()" failed to apply to 6.13-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.13-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.13.y
git checkout FETCH_HEAD
git cherry-pick -x 8bf334beb3496da3c3fbf3daf3856f7eec70dacc
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025020531-uneasily-twitch-9e6b@gregkh' --subject-prefix 'PATCH 6.13.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 8bf334beb3496da3c3fbf3daf3856f7eec70dacc Mon Sep 17 00:00:00 2001
From: Qu Wenruo <wqu(a)suse.com>
Date: Thu, 12 Dec 2024 16:43:56 +1030
Subject: [PATCH] btrfs: fix double accounting race when extent_writepage_io()
failed
[BUG]
If submit_one_sector() failed inside extent_writepage_io() for sector
size < page size cases (e.g. 4K sector size and 64K page size), then
we can hit double ordered extent accounting error.
This should be very rare, as submit_one_sector() only fails when we
failed to grab the extent map, and such extent map should exist inside
the memory and has been pinned.
[CAUSE]
For example we have the following folio layout:
0 4K 32K 48K 60K 64K
|//| |//////| |///|
Where |///| is the dirty range we need to writeback. The 3 different
dirty ranges are submitted for regular COW.
Now we hit the following sequence:
- submit_one_sector() returned 0 for [0, 4K)
- submit_one_sector() returned 0 for [32K, 48K)
- submit_one_sector() returned error for [60K, 64K)
- btrfs_mark_ordered_io_finished() called for the whole folio
This will mark the following ranges as finished:
* [0, 4K)
* [32K, 48K)
Both ranges have their IO already submitted, this cleanup will
lead to double accounting.
* [60K, 64K)
That's the correct cleanup.
The only good news is, this error is only theoretical, as the target
extent map is always pinned, thus we should directly grab it from
memory, other than reading it from the disk.
[FIX]
Instead of calling btrfs_mark_ordered_io_finished() for the whole folio
range, which can touch ranges we should not touch, instead
move the error handling inside extent_writepage_io().
So that we can cleanup exact sectors that ought to be submitted but failed.
This provides much more accurate cleanup, avoiding the double accounting.
CC: stable(a)vger.kernel.org # 5.15+
Signed-off-by: Qu Wenruo <wqu(a)suse.com>
Signed-off-by: David Sterba <dsterba(a)suse.com>
diff --git a/fs/btrfs/extent_io.c b/fs/btrfs/extent_io.c
index bc2bd103c8cc..5014134b9aa2 100644
--- a/fs/btrfs/extent_io.c
+++ b/fs/btrfs/extent_io.c
@@ -1420,6 +1420,7 @@ static noinline_for_stack int extent_writepage_io(struct btrfs_inode *inode,
struct btrfs_fs_info *fs_info = inode->root->fs_info;
unsigned long range_bitmap = 0;
bool submitted_io = false;
+ bool error = false;
const u64 folio_start = folio_pos(folio);
u64 cur;
int bit;
@@ -1462,11 +1463,26 @@ static noinline_for_stack int extent_writepage_io(struct btrfs_inode *inode,
break;
}
ret = submit_one_sector(inode, folio, cur, bio_ctrl, i_size);
- if (ret < 0)
- goto out;
+ if (unlikely(ret < 0)) {
+ /*
+ * bio_ctrl may contain a bio crossing several folios.
+ * Submit it immediately so that the bio has a chance
+ * to finish normally, other than marked as error.
+ */
+ submit_one_bio(bio_ctrl);
+ /*
+ * Failed to grab the extent map which should be very rare.
+ * Since there is no bio submitted to finish the ordered
+ * extent, we have to manually finish this sector.
+ */
+ btrfs_mark_ordered_io_finished(inode, folio, cur,
+ fs_info->sectorsize, false);
+ error = true;
+ continue;
+ }
submitted_io = true;
}
-out:
+
/*
* If we didn't submitted any sector (>= i_size), folio dirty get
* cleared but PAGECACHE_TAG_DIRTY is not cleared (only cleared
@@ -1474,8 +1490,11 @@ static noinline_for_stack int extent_writepage_io(struct btrfs_inode *inode,
*
* Here we set writeback and clear for the range. If the full folio
* is no longer dirty then we clear the PAGECACHE_TAG_DIRTY tag.
+ *
+ * If we hit any error, the corresponding sector will still be dirty
+ * thus no need to clear PAGECACHE_TAG_DIRTY.
*/
- if (!submitted_io) {
+ if (!submitted_io && !error) {
btrfs_folio_set_writeback(fs_info, folio, start, len);
btrfs_folio_clear_writeback(fs_info, folio, start, len);
}
@@ -1495,7 +1514,6 @@ static int extent_writepage(struct folio *folio, struct btrfs_bio_ctrl *bio_ctrl
{
struct btrfs_inode *inode = BTRFS_I(folio->mapping->host);
struct btrfs_fs_info *fs_info = inode->root->fs_info;
- const u64 page_start = folio_pos(folio);
int ret;
size_t pg_offset;
loff_t i_size = i_size_read(&inode->vfs_inode);
@@ -1538,10 +1556,6 @@ static int extent_writepage(struct folio *folio, struct btrfs_bio_ctrl *bio_ctrl
bio_ctrl->wbc->nr_to_write--;
- if (ret)
- btrfs_mark_ordered_io_finished(inode, folio,
- page_start, PAGE_SIZE, !ret);
-
done:
if (ret < 0)
mapping_set_error(folio->mapping, ret);
@@ -2314,11 +2328,8 @@ void extent_write_locked_range(struct inode *inode, const struct folio *locked_f
if (ret == 1)
goto next_page;
- if (ret) {
- btrfs_mark_ordered_io_finished(BTRFS_I(inode), folio,
- cur, cur_len, !ret);
+ if (ret)
mapping_set_error(mapping, ret);
- }
btrfs_folio_end_lock(fs_info, folio, cur, cur_len);
if (ret < 0)
found_error = true;
2 months, 3 weeks
- 1
- 0
FAILED: patch "[PATCH] memcg: fix soft lockup in the OOM process" failed to apply to 5.4-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 5.4-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y
git checkout FETCH_HEAD
git cherry-pick -x ade81479c7dda1ce3eedb215c78bc615bbd04f06
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025020518-carnage-deflator-99f2@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From ade81479c7dda1ce3eedb215c78bc615bbd04f06 Mon Sep 17 00:00:00 2001
From: Chen Ridong <chenridong(a)huawei.com>
Date: Tue, 24 Dec 2024 02:52:38 +0000
Subject: [PATCH] memcg: fix soft lockup in the OOM process
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
A soft lockup issue was found in the product with about 56,000 tasks were
in the OOM cgroup, it was traversing them when the soft lockup was
triggered.
watchdog: BUG: soft lockup - CPU#2 stuck for 23s! [VM Thread:1503066]
CPU: 2 PID: 1503066 Comm: VM Thread Kdump: loaded Tainted: G
Hardware name: Huawei Cloud OpenStack Nova, BIOS
RIP: 0010:console_unlock+0x343/0x540
RSP: 0000:ffffb751447db9a0 EFLAGS: 00000247 ORIG_RAX: ffffffffffffff13
RAX: 0000000000000001 RBX: 0000000000000000 RCX: 00000000ffffffff
RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000247
RBP: ffffffffafc71f90 R08: 0000000000000000 R09: 0000000000000040
R10: 0000000000000080 R11: 0000000000000000 R12: ffffffffafc74bd0
R13: ffffffffaf60a220 R14: 0000000000000247 R15: 0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f2fe6ad91f0 CR3: 00000004b2076003 CR4: 0000000000360ee0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
vprintk_emit+0x193/0x280
printk+0x52/0x6e
dump_task+0x114/0x130
mem_cgroup_scan_tasks+0x76/0x100
dump_header+0x1fe/0x210
oom_kill_process+0xd1/0x100
out_of_memory+0x125/0x570
mem_cgroup_out_of_memory+0xb5/0xd0
try_charge+0x720/0x770
mem_cgroup_try_charge+0x86/0x180
mem_cgroup_try_charge_delay+0x1c/0x40
do_anonymous_page+0xb5/0x390
handle_mm_fault+0xc4/0x1f0
This is because thousands of processes are in the OOM cgroup, it takes a
long time to traverse all of them. As a result, this lead to soft lockup
in the OOM process.
To fix this issue, call 'cond_resched' in the 'mem_cgroup_scan_tasks'
function per 1000 iterations. For global OOM, call
'touch_softlockup_watchdog' per 1000 iterations to avoid this issue.
Link: https://lkml.kernel.org/r/20241224025238.3768787-1-chenridong@huaweicloud.c…
Fixes: 9cbb78bb3143 ("mm, memcg: introduce own oom handler to iterate only over its own threads")
Signed-off-by: Chen Ridong <chenridong(a)huawei.com>
Acked-by: Michal Hocko <mhocko(a)suse.com>
Cc: Roman Gushchin <roman.gushchin(a)linux.dev>
Cc: Johannes Weiner <hannes(a)cmpxchg.org>
Cc: Shakeel Butt <shakeelb(a)google.com>
Cc: Muchun Song <songmuchun(a)bytedance.com>
Cc: Michal Koutný <mkoutny(a)suse.com>
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org>
diff --git a/mm/memcontrol.c b/mm/memcontrol.c
index 65fb5eee1466..46f8b372d212 100644
--- a/mm/memcontrol.c
+++ b/mm/memcontrol.c
@@ -1161,6 +1161,7 @@ void mem_cgroup_scan_tasks(struct mem_cgroup *memcg,
{
struct mem_cgroup *iter;
int ret = 0;
+ int i = 0;
BUG_ON(mem_cgroup_is_root(memcg));
@@ -1169,8 +1170,12 @@ void mem_cgroup_scan_tasks(struct mem_cgroup *memcg,
struct task_struct *task;
css_task_iter_start(&iter->css, CSS_TASK_ITER_PROCS, &it);
- while (!ret && (task = css_task_iter_next(&it)))
+ while (!ret && (task = css_task_iter_next(&it))) {
+ /* Avoid potential softlockup warning */
+ if ((++i & 1023) == 0)
+ cond_resched();
ret = fn(task, arg);
+ }
css_task_iter_end(&it);
if (ret) {
mem_cgroup_iter_break(memcg, iter);
diff --git a/mm/oom_kill.c b/mm/oom_kill.c
index 1c485beb0b93..044ebab2c941 100644
--- a/mm/oom_kill.c
+++ b/mm/oom_kill.c
@@ -44,6 +44,7 @@
#include <linux/init.h>
#include <linux/mmu_notifier.h>
#include <linux/cred.h>
+#include <linux/nmi.h>
#include <asm/tlb.h>
#include "internal.h"
@@ -430,10 +431,15 @@ static void dump_tasks(struct oom_control *oc)
mem_cgroup_scan_tasks(oc->memcg, dump_task, oc);
else {
struct task_struct *p;
+ int i = 0;
rcu_read_lock();
- for_each_process(p)
+ for_each_process(p) {
+ /* Avoid potential softlockup warning */
+ if ((++i & 1023) == 0)
+ touch_softlockup_watchdog();
dump_task(p, oc);
+ }
rcu_read_unlock();
}
}
2 months, 3 weeks
- 1
- 0
FAILED: patch "[PATCH] memcg: fix soft lockup in the OOM process" failed to apply to 5.10-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 5.10-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y
git checkout FETCH_HEAD
git cherry-pick -x ade81479c7dda1ce3eedb215c78bc615bbd04f06
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025020517-confident-sterile-7acb@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From ade81479c7dda1ce3eedb215c78bc615bbd04f06 Mon Sep 17 00:00:00 2001
From: Chen Ridong <chenridong(a)huawei.com>
Date: Tue, 24 Dec 2024 02:52:38 +0000
Subject: [PATCH] memcg: fix soft lockup in the OOM process
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
A soft lockup issue was found in the product with about 56,000 tasks were
in the OOM cgroup, it was traversing them when the soft lockup was
triggered.
watchdog: BUG: soft lockup - CPU#2 stuck for 23s! [VM Thread:1503066]
CPU: 2 PID: 1503066 Comm: VM Thread Kdump: loaded Tainted: G
Hardware name: Huawei Cloud OpenStack Nova, BIOS
RIP: 0010:console_unlock+0x343/0x540
RSP: 0000:ffffb751447db9a0 EFLAGS: 00000247 ORIG_RAX: ffffffffffffff13
RAX: 0000000000000001 RBX: 0000000000000000 RCX: 00000000ffffffff
RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000247
RBP: ffffffffafc71f90 R08: 0000000000000000 R09: 0000000000000040
R10: 0000000000000080 R11: 0000000000000000 R12: ffffffffafc74bd0
R13: ffffffffaf60a220 R14: 0000000000000247 R15: 0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f2fe6ad91f0 CR3: 00000004b2076003 CR4: 0000000000360ee0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
vprintk_emit+0x193/0x280
printk+0x52/0x6e
dump_task+0x114/0x130
mem_cgroup_scan_tasks+0x76/0x100
dump_header+0x1fe/0x210
oom_kill_process+0xd1/0x100
out_of_memory+0x125/0x570
mem_cgroup_out_of_memory+0xb5/0xd0
try_charge+0x720/0x770
mem_cgroup_try_charge+0x86/0x180
mem_cgroup_try_charge_delay+0x1c/0x40
do_anonymous_page+0xb5/0x390
handle_mm_fault+0xc4/0x1f0
This is because thousands of processes are in the OOM cgroup, it takes a
long time to traverse all of them. As a result, this lead to soft lockup
in the OOM process.
To fix this issue, call 'cond_resched' in the 'mem_cgroup_scan_tasks'
function per 1000 iterations. For global OOM, call
'touch_softlockup_watchdog' per 1000 iterations to avoid this issue.
Link: https://lkml.kernel.org/r/20241224025238.3768787-1-chenridong@huaweicloud.c…
Fixes: 9cbb78bb3143 ("mm, memcg: introduce own oom handler to iterate only over its own threads")
Signed-off-by: Chen Ridong <chenridong(a)huawei.com>
Acked-by: Michal Hocko <mhocko(a)suse.com>
Cc: Roman Gushchin <roman.gushchin(a)linux.dev>
Cc: Johannes Weiner <hannes(a)cmpxchg.org>
Cc: Shakeel Butt <shakeelb(a)google.com>
Cc: Muchun Song <songmuchun(a)bytedance.com>
Cc: Michal Koutný <mkoutny(a)suse.com>
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org>
diff --git a/mm/memcontrol.c b/mm/memcontrol.c
index 65fb5eee1466..46f8b372d212 100644
--- a/mm/memcontrol.c
+++ b/mm/memcontrol.c
@@ -1161,6 +1161,7 @@ void mem_cgroup_scan_tasks(struct mem_cgroup *memcg,
{
struct mem_cgroup *iter;
int ret = 0;
+ int i = 0;
BUG_ON(mem_cgroup_is_root(memcg));
@@ -1169,8 +1170,12 @@ void mem_cgroup_scan_tasks(struct mem_cgroup *memcg,
struct task_struct *task;
css_task_iter_start(&iter->css, CSS_TASK_ITER_PROCS, &it);
- while (!ret && (task = css_task_iter_next(&it)))
+ while (!ret && (task = css_task_iter_next(&it))) {
+ /* Avoid potential softlockup warning */
+ if ((++i & 1023) == 0)
+ cond_resched();
ret = fn(task, arg);
+ }
css_task_iter_end(&it);
if (ret) {
mem_cgroup_iter_break(memcg, iter);
diff --git a/mm/oom_kill.c b/mm/oom_kill.c
index 1c485beb0b93..044ebab2c941 100644
--- a/mm/oom_kill.c
+++ b/mm/oom_kill.c
@@ -44,6 +44,7 @@
#include <linux/init.h>
#include <linux/mmu_notifier.h>
#include <linux/cred.h>
+#include <linux/nmi.h>
#include <asm/tlb.h>
#include "internal.h"
@@ -430,10 +431,15 @@ static void dump_tasks(struct oom_control *oc)
mem_cgroup_scan_tasks(oc->memcg, dump_task, oc);
else {
struct task_struct *p;
+ int i = 0;
rcu_read_lock();
- for_each_process(p)
+ for_each_process(p) {
+ /* Avoid potential softlockup warning */
+ if ((++i & 1023) == 0)
+ touch_softlockup_watchdog();
dump_task(p, oc);
+ }
rcu_read_unlock();
}
}
2 months, 3 weeks
- 1
- 0
FAILED: patch "[PATCH] memcg: fix soft lockup in the OOM process" failed to apply to 5.15-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 5.15-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y
git checkout FETCH_HEAD
git cherry-pick -x ade81479c7dda1ce3eedb215c78bc615bbd04f06
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025020516-fable-crane-ab09@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From ade81479c7dda1ce3eedb215c78bc615bbd04f06 Mon Sep 17 00:00:00 2001
From: Chen Ridong <chenridong(a)huawei.com>
Date: Tue, 24 Dec 2024 02:52:38 +0000
Subject: [PATCH] memcg: fix soft lockup in the OOM process
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
A soft lockup issue was found in the product with about 56,000 tasks were
in the OOM cgroup, it was traversing them when the soft lockup was
triggered.
watchdog: BUG: soft lockup - CPU#2 stuck for 23s! [VM Thread:1503066]
CPU: 2 PID: 1503066 Comm: VM Thread Kdump: loaded Tainted: G
Hardware name: Huawei Cloud OpenStack Nova, BIOS
RIP: 0010:console_unlock+0x343/0x540
RSP: 0000:ffffb751447db9a0 EFLAGS: 00000247 ORIG_RAX: ffffffffffffff13
RAX: 0000000000000001 RBX: 0000000000000000 RCX: 00000000ffffffff
RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000247
RBP: ffffffffafc71f90 R08: 0000000000000000 R09: 0000000000000040
R10: 0000000000000080 R11: 0000000000000000 R12: ffffffffafc74bd0
R13: ffffffffaf60a220 R14: 0000000000000247 R15: 0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f2fe6ad91f0 CR3: 00000004b2076003 CR4: 0000000000360ee0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
vprintk_emit+0x193/0x280
printk+0x52/0x6e
dump_task+0x114/0x130
mem_cgroup_scan_tasks+0x76/0x100
dump_header+0x1fe/0x210
oom_kill_process+0xd1/0x100
out_of_memory+0x125/0x570
mem_cgroup_out_of_memory+0xb5/0xd0
try_charge+0x720/0x770
mem_cgroup_try_charge+0x86/0x180
mem_cgroup_try_charge_delay+0x1c/0x40
do_anonymous_page+0xb5/0x390
handle_mm_fault+0xc4/0x1f0
This is because thousands of processes are in the OOM cgroup, it takes a
long time to traverse all of them. As a result, this lead to soft lockup
in the OOM process.
To fix this issue, call 'cond_resched' in the 'mem_cgroup_scan_tasks'
function per 1000 iterations. For global OOM, call
'touch_softlockup_watchdog' per 1000 iterations to avoid this issue.
Link: https://lkml.kernel.org/r/20241224025238.3768787-1-chenridong@huaweicloud.c…
Fixes: 9cbb78bb3143 ("mm, memcg: introduce own oom handler to iterate only over its own threads")
Signed-off-by: Chen Ridong <chenridong(a)huawei.com>
Acked-by: Michal Hocko <mhocko(a)suse.com>
Cc: Roman Gushchin <roman.gushchin(a)linux.dev>
Cc: Johannes Weiner <hannes(a)cmpxchg.org>
Cc: Shakeel Butt <shakeelb(a)google.com>
Cc: Muchun Song <songmuchun(a)bytedance.com>
Cc: Michal Koutný <mkoutny(a)suse.com>
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org>
diff --git a/mm/memcontrol.c b/mm/memcontrol.c
index 65fb5eee1466..46f8b372d212 100644
--- a/mm/memcontrol.c
+++ b/mm/memcontrol.c
@@ -1161,6 +1161,7 @@ void mem_cgroup_scan_tasks(struct mem_cgroup *memcg,
{
struct mem_cgroup *iter;
int ret = 0;
+ int i = 0;
BUG_ON(mem_cgroup_is_root(memcg));
@@ -1169,8 +1170,12 @@ void mem_cgroup_scan_tasks(struct mem_cgroup *memcg,
struct task_struct *task;
css_task_iter_start(&iter->css, CSS_TASK_ITER_PROCS, &it);
- while (!ret && (task = css_task_iter_next(&it)))
+ while (!ret && (task = css_task_iter_next(&it))) {
+ /* Avoid potential softlockup warning */
+ if ((++i & 1023) == 0)
+ cond_resched();
ret = fn(task, arg);
+ }
css_task_iter_end(&it);
if (ret) {
mem_cgroup_iter_break(memcg, iter);
diff --git a/mm/oom_kill.c b/mm/oom_kill.c
index 1c485beb0b93..044ebab2c941 100644
--- a/mm/oom_kill.c
+++ b/mm/oom_kill.c
@@ -44,6 +44,7 @@
#include <linux/init.h>
#include <linux/mmu_notifier.h>
#include <linux/cred.h>
+#include <linux/nmi.h>
#include <asm/tlb.h>
#include "internal.h"
@@ -430,10 +431,15 @@ static void dump_tasks(struct oom_control *oc)
mem_cgroup_scan_tasks(oc->memcg, dump_task, oc);
else {
struct task_struct *p;
+ int i = 0;
rcu_read_lock();
- for_each_process(p)
+ for_each_process(p) {
+ /* Avoid potential softlockup warning */
+ if ((++i & 1023) == 0)
+ touch_softlockup_watchdog();
dump_task(p, oc);
+ }
rcu_read_unlock();
}
}
2 months, 3 weeks
- 1
- 0
FAILED: patch "[PATCH] memcg: fix soft lockup in the OOM process" failed to apply to 6.1-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.1-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y
git checkout FETCH_HEAD
git cherry-pick -x ade81479c7dda1ce3eedb215c78bc615bbd04f06
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025020515-nebulizer-gentleman-d288@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From ade81479c7dda1ce3eedb215c78bc615bbd04f06 Mon Sep 17 00:00:00 2001
From: Chen Ridong <chenridong(a)huawei.com>
Date: Tue, 24 Dec 2024 02:52:38 +0000
Subject: [PATCH] memcg: fix soft lockup in the OOM process
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
A soft lockup issue was found in the product with about 56,000 tasks were
in the OOM cgroup, it was traversing them when the soft lockup was
triggered.
watchdog: BUG: soft lockup - CPU#2 stuck for 23s! [VM Thread:1503066]
CPU: 2 PID: 1503066 Comm: VM Thread Kdump: loaded Tainted: G
Hardware name: Huawei Cloud OpenStack Nova, BIOS
RIP: 0010:console_unlock+0x343/0x540
RSP: 0000:ffffb751447db9a0 EFLAGS: 00000247 ORIG_RAX: ffffffffffffff13
RAX: 0000000000000001 RBX: 0000000000000000 RCX: 00000000ffffffff
RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000247
RBP: ffffffffafc71f90 R08: 0000000000000000 R09: 0000000000000040
R10: 0000000000000080 R11: 0000000000000000 R12: ffffffffafc74bd0
R13: ffffffffaf60a220 R14: 0000000000000247 R15: 0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f2fe6ad91f0 CR3: 00000004b2076003 CR4: 0000000000360ee0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
vprintk_emit+0x193/0x280
printk+0x52/0x6e
dump_task+0x114/0x130
mem_cgroup_scan_tasks+0x76/0x100
dump_header+0x1fe/0x210
oom_kill_process+0xd1/0x100
out_of_memory+0x125/0x570
mem_cgroup_out_of_memory+0xb5/0xd0
try_charge+0x720/0x770
mem_cgroup_try_charge+0x86/0x180
mem_cgroup_try_charge_delay+0x1c/0x40
do_anonymous_page+0xb5/0x390
handle_mm_fault+0xc4/0x1f0
This is because thousands of processes are in the OOM cgroup, it takes a
long time to traverse all of them. As a result, this lead to soft lockup
in the OOM process.
To fix this issue, call 'cond_resched' in the 'mem_cgroup_scan_tasks'
function per 1000 iterations. For global OOM, call
'touch_softlockup_watchdog' per 1000 iterations to avoid this issue.
Link: https://lkml.kernel.org/r/20241224025238.3768787-1-chenridong@huaweicloud.c…
Fixes: 9cbb78bb3143 ("mm, memcg: introduce own oom handler to iterate only over its own threads")
Signed-off-by: Chen Ridong <chenridong(a)huawei.com>
Acked-by: Michal Hocko <mhocko(a)suse.com>
Cc: Roman Gushchin <roman.gushchin(a)linux.dev>
Cc: Johannes Weiner <hannes(a)cmpxchg.org>
Cc: Shakeel Butt <shakeelb(a)google.com>
Cc: Muchun Song <songmuchun(a)bytedance.com>
Cc: Michal Koutný <mkoutny(a)suse.com>
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org>
diff --git a/mm/memcontrol.c b/mm/memcontrol.c
index 65fb5eee1466..46f8b372d212 100644
--- a/mm/memcontrol.c
+++ b/mm/memcontrol.c
@@ -1161,6 +1161,7 @@ void mem_cgroup_scan_tasks(struct mem_cgroup *memcg,
{
struct mem_cgroup *iter;
int ret = 0;
+ int i = 0;
BUG_ON(mem_cgroup_is_root(memcg));
@@ -1169,8 +1170,12 @@ void mem_cgroup_scan_tasks(struct mem_cgroup *memcg,
struct task_struct *task;
css_task_iter_start(&iter->css, CSS_TASK_ITER_PROCS, &it);
- while (!ret && (task = css_task_iter_next(&it)))
+ while (!ret && (task = css_task_iter_next(&it))) {
+ /* Avoid potential softlockup warning */
+ if ((++i & 1023) == 0)
+ cond_resched();
ret = fn(task, arg);
+ }
css_task_iter_end(&it);
if (ret) {
mem_cgroup_iter_break(memcg, iter);
diff --git a/mm/oom_kill.c b/mm/oom_kill.c
index 1c485beb0b93..044ebab2c941 100644
--- a/mm/oom_kill.c
+++ b/mm/oom_kill.c
@@ -44,6 +44,7 @@
#include <linux/init.h>
#include <linux/mmu_notifier.h>
#include <linux/cred.h>
+#include <linux/nmi.h>
#include <asm/tlb.h>
#include "internal.h"
@@ -430,10 +431,15 @@ static void dump_tasks(struct oom_control *oc)
mem_cgroup_scan_tasks(oc->memcg, dump_task, oc);
else {
struct task_struct *p;
+ int i = 0;
rcu_read_lock();
- for_each_process(p)
+ for_each_process(p) {
+ /* Avoid potential softlockup warning */
+ if ((++i & 1023) == 0)
+ touch_softlockup_watchdog();
dump_task(p, oc);
+ }
rcu_read_unlock();
}
}
2 months, 3 weeks
- 1
- 0
FAILED: patch "[PATCH] memcg: fix soft lockup in the OOM process" failed to apply to 6.6-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.6-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y
git checkout FETCH_HEAD
git cherry-pick -x ade81479c7dda1ce3eedb215c78bc615bbd04f06
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025020514-hacker-slouching-58c8@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From ade81479c7dda1ce3eedb215c78bc615bbd04f06 Mon Sep 17 00:00:00 2001
From: Chen Ridong <chenridong(a)huawei.com>
Date: Tue, 24 Dec 2024 02:52:38 +0000
Subject: [PATCH] memcg: fix soft lockup in the OOM process
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
A soft lockup issue was found in the product with about 56,000 tasks were
in the OOM cgroup, it was traversing them when the soft lockup was
triggered.
watchdog: BUG: soft lockup - CPU#2 stuck for 23s! [VM Thread:1503066]
CPU: 2 PID: 1503066 Comm: VM Thread Kdump: loaded Tainted: G
Hardware name: Huawei Cloud OpenStack Nova, BIOS
RIP: 0010:console_unlock+0x343/0x540
RSP: 0000:ffffb751447db9a0 EFLAGS: 00000247 ORIG_RAX: ffffffffffffff13
RAX: 0000000000000001 RBX: 0000000000000000 RCX: 00000000ffffffff
RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000247
RBP: ffffffffafc71f90 R08: 0000000000000000 R09: 0000000000000040
R10: 0000000000000080 R11: 0000000000000000 R12: ffffffffafc74bd0
R13: ffffffffaf60a220 R14: 0000000000000247 R15: 0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f2fe6ad91f0 CR3: 00000004b2076003 CR4: 0000000000360ee0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
vprintk_emit+0x193/0x280
printk+0x52/0x6e
dump_task+0x114/0x130
mem_cgroup_scan_tasks+0x76/0x100
dump_header+0x1fe/0x210
oom_kill_process+0xd1/0x100
out_of_memory+0x125/0x570
mem_cgroup_out_of_memory+0xb5/0xd0
try_charge+0x720/0x770
mem_cgroup_try_charge+0x86/0x180
mem_cgroup_try_charge_delay+0x1c/0x40
do_anonymous_page+0xb5/0x390
handle_mm_fault+0xc4/0x1f0
This is because thousands of processes are in the OOM cgroup, it takes a
long time to traverse all of them. As a result, this lead to soft lockup
in the OOM process.
To fix this issue, call 'cond_resched' in the 'mem_cgroup_scan_tasks'
function per 1000 iterations. For global OOM, call
'touch_softlockup_watchdog' per 1000 iterations to avoid this issue.
Link: https://lkml.kernel.org/r/20241224025238.3768787-1-chenridong@huaweicloud.c…
Fixes: 9cbb78bb3143 ("mm, memcg: introduce own oom handler to iterate only over its own threads")
Signed-off-by: Chen Ridong <chenridong(a)huawei.com>
Acked-by: Michal Hocko <mhocko(a)suse.com>
Cc: Roman Gushchin <roman.gushchin(a)linux.dev>
Cc: Johannes Weiner <hannes(a)cmpxchg.org>
Cc: Shakeel Butt <shakeelb(a)google.com>
Cc: Muchun Song <songmuchun(a)bytedance.com>
Cc: Michal Koutný <mkoutny(a)suse.com>
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org>
diff --git a/mm/memcontrol.c b/mm/memcontrol.c
index 65fb5eee1466..46f8b372d212 100644
--- a/mm/memcontrol.c
+++ b/mm/memcontrol.c
@@ -1161,6 +1161,7 @@ void mem_cgroup_scan_tasks(struct mem_cgroup *memcg,
{
struct mem_cgroup *iter;
int ret = 0;
+ int i = 0;
BUG_ON(mem_cgroup_is_root(memcg));
@@ -1169,8 +1170,12 @@ void mem_cgroup_scan_tasks(struct mem_cgroup *memcg,
struct task_struct *task;
css_task_iter_start(&iter->css, CSS_TASK_ITER_PROCS, &it);
- while (!ret && (task = css_task_iter_next(&it)))
+ while (!ret && (task = css_task_iter_next(&it))) {
+ /* Avoid potential softlockup warning */
+ if ((++i & 1023) == 0)
+ cond_resched();
ret = fn(task, arg);
+ }
css_task_iter_end(&it);
if (ret) {
mem_cgroup_iter_break(memcg, iter);
diff --git a/mm/oom_kill.c b/mm/oom_kill.c
index 1c485beb0b93..044ebab2c941 100644
--- a/mm/oom_kill.c
+++ b/mm/oom_kill.c
@@ -44,6 +44,7 @@
#include <linux/init.h>
#include <linux/mmu_notifier.h>
#include <linux/cred.h>
+#include <linux/nmi.h>
#include <asm/tlb.h>
#include "internal.h"
@@ -430,10 +431,15 @@ static void dump_tasks(struct oom_control *oc)
mem_cgroup_scan_tasks(oc->memcg, dump_task, oc);
else {
struct task_struct *p;
+ int i = 0;
rcu_read_lock();
- for_each_process(p)
+ for_each_process(p) {
+ /* Avoid potential softlockup warning */
+ if ((++i & 1023) == 0)
+ touch_softlockup_watchdog();
dump_task(p, oc);
+ }
rcu_read_unlock();
}
}
2 months, 3 weeks
- 1
- 0
[PATCH V10 1/4] perf/x86/intel: Apply static call for drain_pebs
by kan.liang@linux.intel.com
From: "Peter Zijlstra (Intel)" <peterz(a)infradead.org>
The x86_pmu_drain_pebs static call was introduced in commit 7c9903c9bf71
("x86/perf, static_call: Optimize x86_pmu methods"), but it's not really
used to replace the old method.
Apply the static call for drain_pebs.
Fixes: 7c9903c9bf71 ("x86/perf, static_call: Optimize x86_pmu methods")
Signed-off-by: Kan Liang <kan.liang(a)linux.intel.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz(a)infradead.org>
Cc: stable(a)vger.kernel.org
---
New for V10
arch/x86/events/intel/core.c | 2 +-
arch/x86/events/intel/ds.c | 2 +-
arch/x86/events/perf_event.h | 1 +
3 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/arch/x86/events/intel/core.c b/arch/x86/events/intel/core.c
index 2a2824e9c50d..4daa45ae9bd2 100644
--- a/arch/x86/events/intel/core.c
+++ b/arch/x86/events/intel/core.c
@@ -3066,7 +3066,7 @@ static int handle_pmi_common(struct pt_regs *regs, u64 status)
handled++;
x86_pmu_handle_guest_pebs(regs, &data);
- x86_pmu.drain_pebs(regs, &data);
+ static_call(x86_pmu_drain_pebs)(regs, &data);
status &= intel_ctrl | GLOBAL_STATUS_TRACE_TOPAPMI;
/*
diff --git a/arch/x86/events/intel/ds.c b/arch/x86/events/intel/ds.c
index ba74e1198328..322963b02a91 100644
--- a/arch/x86/events/intel/ds.c
+++ b/arch/x86/events/intel/ds.c
@@ -957,7 +957,7 @@ static inline void intel_pmu_drain_pebs_buffer(void)
{
struct perf_sample_data data;
- x86_pmu.drain_pebs(NULL, &data);
+ static_call(x86_pmu_drain_pebs)(NULL, &data);
}
/*
diff --git a/arch/x86/events/perf_event.h b/arch/x86/events/perf_event.h
index 31c2771545a6..084e9196b458 100644
--- a/arch/x86/events/perf_event.h
+++ b/arch/x86/events/perf_event.h
@@ -1107,6 +1107,7 @@ extern struct x86_pmu x86_pmu __read_mostly;
DECLARE_STATIC_CALL(x86_pmu_set_period, *x86_pmu.set_period);
DECLARE_STATIC_CALL(x86_pmu_update, *x86_pmu.update);
+DECLARE_STATIC_CALL(x86_pmu_drain_pebs, *x86_pmu.drain_pebs);
static __always_inline struct x86_perf_task_context_opt *task_context_opt(void *ctx)
{
--
2.38.1
2 months, 3 weeks
- 3
- 5
[PATCH v1 1/2] regulator: qcom_smd: Add l2, l5 sub-node to mp5496 regulator
by Varadarajan Narayanan
Adding l2, l5 sub-node entry to mp5496 regulator node.
Cc: stable(a)vger.kernel.org
Acked-by: Rob Herring <robh(a)kernel.org>
Signed-off-by: Varadarajan Narayanan <quic_varada(a)quicinc.com>
---
.../devicetree/bindings/regulator/qcom,smd-rpm-regulator.yaml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Documentation/devicetree/bindings/regulator/qcom,smd-rpm-regulator.yaml b/Documentation/devicetree/bindings/regulator/qcom,smd-rpm-regulator.yaml
index f2fd2df68a9e..b7241ce975b9 100644
--- a/Documentation/devicetree/bindings/regulator/qcom,smd-rpm-regulator.yaml
+++ b/Documentation/devicetree/bindings/regulator/qcom,smd-rpm-regulator.yaml
@@ -22,7 +22,7 @@ description:
Each sub-node is identified using the node's name, with valid values listed
for each of the pmics below.
- For mp5496, s1, s2
+ For mp5496, s1, s2, l2, l5
For pm2250, s1, s2, s3, s4, l1, l2, l3, l4, l5, l6, l7, l8, l9, l10, l11,
l12, l13, l14, l15, l16, l17, l18, l19, l20, l21, l22
--
2.34.1
2 months, 3 weeks
- 1
- 0
[PATCH v3 0/2] Tegra ADMA fixes
by Mohan Kumar D
- Fix build error due to 64-by-32 division
- Additional check for adma max page
Mohan Kumar D (2):
dmaengine: tegra210-adma: Fix build error due to 64-by-32 division
dmaengine: tegra210-adma: check for adma max page
drivers/dma/tegra210-adma.c | 19 ++++++++++++++++---
1 file changed, 16 insertions(+), 3 deletions(-)
--
2.25.1
2 months, 3 weeks
- 4
- 11
[PATCH] ima: Reset IMA_NONACTION_RULE_FLAGS after post_setattr
by Roberto Sassu
From: Roberto Sassu <roberto.sassu(a)huawei.com>
Commit 0d73a55208e9 ("ima: re-introduce own integrity cache lock")
mistakenly reverted the performance improvement introduced in commit
42a4c603198f0 ("ima: fix ima_inode_post_setattr"). The unused bit mask was
subsequently removed by commit 11c60f23ed13 ("integrity: Remove unused
macro IMA_ACTION_RULE_FLAGS").
Restore the performance improvement by introducing the new mask
IMA_NONACTION_RULE_FLAGS, equal to IMA_NONACTION_FLAGS without
IMA_NEW_FILE, which is not a rule-specific flag.
Finally, reset IMA_NONACTION_RULE_FLAGS instead of IMA_NONACTION_FLAGS in
process_measurement(), if the IMA_CHANGE_ATTR atomic flag is set (after
file metadata modification).
With this patch, new files for which metadata were modified while they are
still open, can be reopened before the last file close (when security.ima
is written), since the IMA_NEW_FILE flag is not cleared anymore. Otherwise,
appraisal fails because security.ima is missing (files with IMA_NEW_FILE
set are an exception).
Cc: stable(a)vger.kernel.org # v4.16.x
Fixes: 0d73a55208e9 ("ima: re-introduce own integrity cache lock")
Signed-off-by: Roberto Sassu <roberto.sassu(a)huawei.com>
---
security/integrity/ima/ima.h | 3 +++
security/integrity/ima/ima_main.c | 7 +++++--
2 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h
index 24d09ea91b87..a4f284bd846c 100644
--- a/security/integrity/ima/ima.h
+++ b/security/integrity/ima/ima.h
@@ -149,6 +149,9 @@ struct ima_kexec_hdr {
#define IMA_CHECK_BLACKLIST 0x40000000
#define IMA_VERITY_REQUIRED 0x80000000
+/* Exclude non-action flags which are not rule-specific. */
+#define IMA_NONACTION_RULE_FLAGS (IMA_NONACTION_FLAGS & ~IMA_NEW_FILE)
+
#define IMA_DO_MASK (IMA_MEASURE | IMA_APPRAISE | IMA_AUDIT | \
IMA_HASH | IMA_APPRAISE_SUBMASK)
#define IMA_DONE_MASK (IMA_MEASURED | IMA_APPRAISED | IMA_AUDITED | \
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
index 9b87556b03a7..b028c501949c 100644
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -269,10 +269,13 @@ static int process_measurement(struct file *file, const struct cred *cred,
mutex_lock(&iint->mutex);
if (test_and_clear_bit(IMA_CHANGE_ATTR, &iint->atomic_flags))
- /* reset appraisal flags if ima_inode_post_setattr was called */
+ /*
+ * Reset appraisal flags (action and non-action rule-specific)
+ * if ima_inode_post_setattr was called.
+ */
iint->flags &= ~(IMA_APPRAISE | IMA_APPRAISED |
IMA_APPRAISE_SUBMASK | IMA_APPRAISED_SUBMASK |
- IMA_NONACTION_FLAGS);
+ IMA_NONACTION_RULE_FLAGS);
/*
* Re-evaulate the file if either the xattr has changed or the
--
2.34.1
2 months, 3 weeks
- 2
- 1
[PATCH RESEND v3 1/2] scsi: qedf: Replace kmalloc_array() with kcalloc()
by Jiasheng Jiang
Replace kmalloc_array() with kcalloc() to avoid old (dirty) data being
used/freed.
Fixes: 61d8658b4a43 ("scsi: qedf: Add QLogic FastLinQ offload FCoE driver framework.")
Cc: <stable(a)vger.kernel.org> # v5.10+
Signed-off-by: Jiasheng Jiang <jiashengjiangcool(a)gmail.com>
---
Changelog:
v2 -> v3:
1. Remove the check for bdt_info.
v1 -> v2:
1. Replace kzalloc() with kcalloc().
---
drivers/scsi/qedf/qedf_io.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/drivers/scsi/qedf/qedf_io.c b/drivers/scsi/qedf/qedf_io.c
index fcfc3bed02c6..d52057b97a4f 100644
--- a/drivers/scsi/qedf/qedf_io.c
+++ b/drivers/scsi/qedf/qedf_io.c
@@ -254,9 +254,7 @@ struct qedf_cmd_mgr *qedf_cmd_mgr_alloc(struct qedf_ctx *qedf)
}
/* Allocate pool of io_bdts - one for each qedf_ioreq */
- cmgr->io_bdt_pool = kmalloc_array(num_ios, sizeof(struct io_bdt *),
- GFP_KERNEL);
-
+ cmgr->io_bdt_pool = kcalloc(num_ios, sizeof(*cmgr->io_bdt_pool), GFP_KERNEL);
if (!cmgr->io_bdt_pool) {
QEDF_WARN(&(qedf->dbg_ctx), "Failed to alloc io_bdt_pool.\n");
goto mem_err;
--
2.25.1
2 months, 3 weeks
- 1
- 1
[PATCH v3 2/2] scsi: qedf: Add check for bdt_info
by Jiasheng Jiang
Add a check for "bdt_info". Otherwise, if one of the allocations
for "cmgr->io_bdt_pool[i]" fails, "bdt_info->bd_tbl" will cause a NULL
pointer dereference.
Fixes: 61d8658b4a43 ("scsi: qedf: Add QLogic FastLinQ offload FCoE driver framework.")
Cc: <stable(a)vger.kernel.org> # v5.10+
Signed-off-by: Jiasheng Jiang <jiashengjiangcool(a)gmail.com>
---
Changelog:
v2 -> v3:
1. No change.
v1 -> v2:
1. No change.
---
drivers/scsi/qedf/qedf_io.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/scsi/qedf/qedf_io.c b/drivers/scsi/qedf/qedf_io.c
index d52057b97a4f..1ed0ee4f8dde 100644
--- a/drivers/scsi/qedf/qedf_io.c
+++ b/drivers/scsi/qedf/qedf_io.c
@@ -125,7 +125,7 @@ void qedf_cmd_mgr_free(struct qedf_cmd_mgr *cmgr)
bd_tbl_sz = QEDF_MAX_BDS_PER_CMD * sizeof(struct scsi_sge);
for (i = 0; i < num_ios; i++) {
bdt_info = cmgr->io_bdt_pool[i];
- if (bdt_info->bd_tbl) {
+ if (bdt_info && bdt_info->bd_tbl) {
dma_free_coherent(&qedf->pdev->dev, bd_tbl_sz,
bdt_info->bd_tbl, bdt_info->bd_tbl_dma);
bdt_info->bd_tbl = NULL;
--
2.25.1
2 months, 3 weeks
- 1
- 0