- Linux-stable-mirror - lists.linaro.org

FAILED: patch "[PATCH] soc: qcom: mdt_loader: Ensure we don't read past the ELF" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 9f9967fed9d066ed3dae9372b45ffa4f6fccfeef # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082135-dividable-grandma-3c11@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 9f9967fed9d066ed3dae9372b45ffa4f6fccfeef Mon Sep 17 00:00:00 2001 From: Bjorn Andersson <bjorn.andersson(a)oss.qualcomm.com> Date: Tue, 10 Jun 2025 21:58:28 -0500 Subject: [PATCH] soc: qcom: mdt_loader: Ensure we don't read past the ELF header When the MDT loader is used in remoteproc, the ELF header is sanitized beforehand, but that's not necessary the case for other clients. Validate the size of the firmware buffer to ensure that we don't read past the end as we iterate over the header. e_phentsize and e_shentsize are validated as well, to ensure that the assumptions about step size in the traversal are valid. Fixes: 2aad40d911ee ("remoteproc: Move qcom_mdt_loader into drivers/soc/qcom") Cc: stable(a)vger.kernel.org Reported-by: Doug Anderson <dianders(a)chromium.org> Signed-off-by: Bjorn Andersson <bjorn.andersson(a)oss.qualcomm.com> Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov(a)oss.qualcomm.com> Link: https://lore.kernel.org/r/20250610-mdt-loader-validation-and-fixes-v2-1-f70… Signed-off-by: Bjorn Andersson <andersson(a)kernel.org> diff --git a/drivers/soc/qcom/mdt_loader.c b/drivers/soc/qcom/mdt_loader.c index b2c0fb55d4ae..b2c9731b6f2a 100644 --- a/drivers/soc/qcom/mdt_loader.c +++ b/drivers/soc/qcom/mdt_loader.c @@ -18,6 +18,37 @@ #include <linux/slab.h> #include <linux/soc/qcom/mdt_loader.h> +static bool mdt_header_valid(const struct firmware *fw) +{ + const struct elf32_hdr *ehdr; + size_t phend; + size_t shend; + + if (fw->size < sizeof(*ehdr)) + return false; + + ehdr = (struct elf32_hdr *)fw->data; + + if (memcmp(ehdr->e_ident, ELFMAG, SELFMAG)) + return false; + + if (ehdr->e_phentsize != sizeof(struct elf32_phdr)) + return -EINVAL; + + phend = size_add(size_mul(sizeof(struct elf32_phdr), ehdr->e_phnum), ehdr->e_phoff); + if (phend > fw->size) + return false; + + if (ehdr->e_shentsize != sizeof(struct elf32_shdr)) + return -EINVAL; + + shend = size_add(size_mul(sizeof(struct elf32_shdr), ehdr->e_shnum), ehdr->e_shoff); + if (shend > fw->size) + return false; + + return true; +} + static bool mdt_phdr_valid(const struct elf32_phdr *phdr) { if (phdr->p_type != PT_LOAD) @@ -82,6 +113,9 @@ ssize_t qcom_mdt_get_size(const struct firmware *fw) phys_addr_t max_addr = 0; int i; + if (!mdt_header_valid(fw)) + return -EINVAL; + ehdr = (struct elf32_hdr *)fw->data; phdrs = (struct elf32_phdr *)(ehdr + 1); @@ -134,6 +168,9 @@ void *qcom_mdt_read_metadata(const struct firmware *fw, size_t *data_len, ssize_t ret; void *data; + if (!mdt_header_valid(fw)) + return ERR_PTR(-EINVAL); + ehdr = (struct elf32_hdr *)fw->data; phdrs = (struct elf32_phdr *)(ehdr + 1); @@ -214,6 +251,9 @@ int qcom_mdt_pas_init(struct device *dev, const struct firmware *fw, int ret; int i; + if (!mdt_header_valid(fw)) + return -EINVAL; + ehdr = (struct elf32_hdr *)fw->data; phdrs = (struct elf32_phdr *)(ehdr + 1); @@ -310,6 +350,9 @@ static int __qcom_mdt_load(struct device *dev, const struct firmware *fw, if (!fw || !mem_region || !mem_phys || !mem_size) return -EINVAL; + if (!mdt_header_valid(fw)) + return -EINVAL; + is_split = qcom_mdt_bins_are_split(fw, fw_name); ehdr = (struct elf32_hdr *)fw->data; phdrs = (struct elf32_phdr *)(ehdr + 1);

2 months, 3 weeks

2
2
0 0

FAILED: patch "[PATCH] scsi: ufs: exynos: Fix programming of HCI_UTRL_NEXUS_TYPE" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 01aad16c2257ab8ff33b152b972c9f2e1af47912 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082137-sinister-shadiness-a5da@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 01aad16c2257ab8ff33b152b972c9f2e1af47912 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20Draszik?= <andre.draszik(a)linaro.org> Date: Mon, 7 Jul 2025 18:05:27 +0100 Subject: [PATCH] scsi: ufs: exynos: Fix programming of HCI_UTRL_NEXUS_TYPE MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit On Google gs101, the number of UTP transfer request slots (nutrs) is 32, and in this case the driver ends up programming the UTRL_NEXUS_TYPE incorrectly as 0. This is because the left hand side of the shift is 1, which is of type int, i.e. 31 bits wide. Shifting by more than that width results in undefined behaviour. Fix this by switching to the BIT() macro, which applies correct type casting as required. This ensures the correct value is written to UTRL_NEXUS_TYPE (0xffffffff on gs101), and it also fixes a UBSAN shift warning: UBSAN: shift-out-of-bounds in drivers/ufs/host/ufs-exynos.c:1113:21 shift exponent 32 is too large for 32-bit type 'int' For consistency, apply the same change to the nutmrs / UTMRL_NEXUS_TYPE write. Fixes: 55f4b1f73631 ("scsi: ufs: ufs-exynos: Add UFS host support for Exynos SoCs") Cc: stable(a)vger.kernel.org Signed-off-by: André Draszik <andre.draszik(a)linaro.org> Link: https://lore.kernel.org/r/20250707-ufs-exynos-shift-v1-1-1418e161ae40@linar… Reviewed-by: Bart Van Assche <bvanassche(a)acm.org> Reviewed-by: Peter Griffin <peter.griffin(a)linaro.org> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> diff --git a/drivers/ufs/host/ufs-exynos.c b/drivers/ufs/host/ufs-exynos.c index 3e545af536e5..f0adcd9dd553 100644 --- a/drivers/ufs/host/ufs-exynos.c +++ b/drivers/ufs/host/ufs-exynos.c @@ -1110,8 +1110,8 @@ static int exynos_ufs_post_link(struct ufs_hba *hba) hci_writel(ufs, val, HCI_TXPRDT_ENTRY_SIZE); hci_writel(ufs, ilog2(DATA_UNIT_SIZE), HCI_RXPRDT_ENTRY_SIZE); - hci_writel(ufs, (1 << hba->nutrs) - 1, HCI_UTRL_NEXUS_TYPE); - hci_writel(ufs, (1 << hba->nutmrs) - 1, HCI_UTMRL_NEXUS_TYPE); + hci_writel(ufs, BIT(hba->nutrs) - 1, HCI_UTRL_NEXUS_TYPE); + hci_writel(ufs, BIT(hba->nutmrs) - 1, HCI_UTMRL_NEXUS_TYPE); hci_writel(ufs, 0xf, HCI_AXIDMA_RWDATA_BURST_LEN); if (ufs->opts & EXYNOS_UFS_OPT_SKIP_CONNECTION_ESTAB)

2 months, 3 weeks

2
1
0 0

FAILED: patch "[PATCH] scsi: mpi3mr: Serialize admin queue BAR writes on 32-bit" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x c91e140c82eb58724c435f623702e51cc7896646 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082106-padding-nucleus-d747@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c91e140c82eb58724c435f623702e51cc7896646 Mon Sep 17 00:00:00 2001 From: Ranjan Kumar <ranjan.kumar(a)broadcom.com> Date: Sat, 28 Jun 2025 01:15:38 +0530 Subject: [PATCH] scsi: mpi3mr: Serialize admin queue BAR writes on 32-bit systems On 32-bit systems, 64-bit BAR writes to admin queue registers are performed as two 32-bit writes. Without locking, this can cause partial writes when accessed concurrently. Updated per-queue spinlocks is used to serialize these writes and prevent race conditions. Fixes: 824a156633df ("scsi: mpi3mr: Base driver code") Cc: stable(a)vger.kernel.org Signed-off-by: Ranjan Kumar <ranjan.kumar(a)broadcom.com> Link: https://lore.kernel.org/r/20250627194539.48851-4-ranjan.kumar@broadcom.com Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> diff --git a/drivers/scsi/mpi3mr/mpi3mr.h b/drivers/scsi/mpi3mr/mpi3mr.h index bf272dd69d23..f2201108ea91 100644 --- a/drivers/scsi/mpi3mr/mpi3mr.h +++ b/drivers/scsi/mpi3mr/mpi3mr.h @@ -1137,6 +1137,8 @@ struct scmd_priv { * @logdata_buf: Circular buffer to store log data entries * @logdata_buf_idx: Index of entry in buffer to store * @logdata_entry_sz: log data entry size + * @adm_req_q_bar_writeq_lock: Admin request queue lock + * @adm_reply_q_bar_writeq_lock: Admin reply queue lock * @pend_large_data_sz: Counter to track pending large data * @io_throttle_data_length: I/O size to track in 512b blocks * @io_throttle_high: I/O size to start throttle in 512b blocks @@ -1339,6 +1341,8 @@ struct mpi3mr_ioc { u8 *logdata_buf; u16 logdata_buf_idx; u16 logdata_entry_sz; + spinlock_t adm_req_q_bar_writeq_lock; + spinlock_t adm_reply_q_bar_writeq_lock; atomic_t pend_large_data_sz; u32 io_throttle_data_length; diff --git a/drivers/scsi/mpi3mr/mpi3mr_fw.c b/drivers/scsi/mpi3mr/mpi3mr_fw.c index 8976582946a2..0152d31d430a 100644 --- a/drivers/scsi/mpi3mr/mpi3mr_fw.c +++ b/drivers/scsi/mpi3mr/mpi3mr_fw.c @@ -23,17 +23,22 @@ module_param(poll_queues, int, 0444); MODULE_PARM_DESC(poll_queues, "Number of queues for io_uring poll mode. (Range 1 - 126)"); #if defined(writeq) && defined(CONFIG_64BIT) -static inline void mpi3mr_writeq(__u64 b, void __iomem *addr) +static inline void mpi3mr_writeq(__u64 b, void __iomem *addr, + spinlock_t *write_queue_lock) { writeq(b, addr); } #else -static inline void mpi3mr_writeq(__u64 b, void __iomem *addr) +static inline void mpi3mr_writeq(__u64 b, void __iomem *addr, + spinlock_t *write_queue_lock) { __u64 data_out = b; + unsigned long flags; + spin_lock_irqsave(write_queue_lock, flags); writel((u32)(data_out), addr); writel((u32)(data_out >> 32), (addr + 4)); + spin_unlock_irqrestore(write_queue_lock, flags); } #endif @@ -2954,9 +2959,11 @@ static int mpi3mr_setup_admin_qpair(struct mpi3mr_ioc *mrioc) (mrioc->num_admin_req); writel(num_admin_entries, &mrioc->sysif_regs->admin_queue_num_entries); mpi3mr_writeq(mrioc->admin_req_dma, - &mrioc->sysif_regs->admin_request_queue_address); + &mrioc->sysif_regs->admin_request_queue_address, + &mrioc->adm_req_q_bar_writeq_lock); mpi3mr_writeq(mrioc->admin_reply_dma, - &mrioc->sysif_regs->admin_reply_queue_address); + &mrioc->sysif_regs->admin_reply_queue_address, + &mrioc->adm_reply_q_bar_writeq_lock); writel(mrioc->admin_req_pi, &mrioc->sysif_regs->admin_request_queue_pi); writel(mrioc->admin_reply_ci, &mrioc->sysif_regs->admin_reply_queue_ci); return retval; diff --git a/drivers/scsi/mpi3mr/mpi3mr_os.c b/drivers/scsi/mpi3mr/mpi3mr_os.c index ce444efd859e..0d1c9bbb13b5 100644 --- a/drivers/scsi/mpi3mr/mpi3mr_os.c +++ b/drivers/scsi/mpi3mr/mpi3mr_os.c @@ -5365,6 +5365,8 @@ mpi3mr_probe(struct pci_dev *pdev, const struct pci_device_id *id) spin_lock_init(&mrioc->tgtdev_lock); spin_lock_init(&mrioc->watchdog_lock); spin_lock_init(&mrioc->chain_buf_lock); + spin_lock_init(&mrioc->adm_req_q_bar_writeq_lock); + spin_lock_init(&mrioc->adm_reply_q_bar_writeq_lock); spin_lock_init(&mrioc->sas_node_lock); spin_lock_init(&mrioc->trigger_lock);

2 months, 3 weeks

2
2
0 0

FAILED: patch "[PATCH] ext4: preserve SB_I_VERSION on remount" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x f2326fd14a224e4cccbab89e14c52279ff79b7ec # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082139-grudging-earplugs-9567@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f2326fd14a224e4cccbab89e14c52279ff79b7ec Mon Sep 17 00:00:00 2001 From: Baokun Li <libaokun1(a)huawei.com> Date: Thu, 3 Jul 2025 15:39:03 +0800 Subject: [PATCH] ext4: preserve SB_I_VERSION on remount IMA testing revealed that after an ext4 remount, file accesses triggered full measurements even without modifications, instead of skipping as expected when i_version is unchanged. Debugging showed `SB_I_VERSION` was cleared in reconfigure_super() during remount due to commit 1ff20307393e ("ext4: unconditionally enable the i_version counter") removing the fix from commit 960e0ab63b2e ("ext4: fix i_version handling on remount"). To rectify this, `SB_I_VERSION` is always set for `fc->sb_flags` in ext4_init_fs_context(), instead of `sb->s_flags` in __ext4_fill_super(), ensuring it persists across all mounts. Cc: stable(a)kernel.org Fixes: 1ff20307393e ("ext4: unconditionally enable the i_version counter") Signed-off-by: Baokun Li <libaokun1(a)huawei.com> Reviewed-by: Jan Kara <jack(a)suse.cz> Link: https://patch.msgid.link/20250703073903.6952-2-libaokun@huaweicloud.com Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> diff --git a/fs/ext4/super.c b/fs/ext4/super.c index 9203518786e4..ed1b36bd51c8 100644 --- a/fs/ext4/super.c +++ b/fs/ext4/super.c @@ -1998,6 +1998,9 @@ int ext4_init_fs_context(struct fs_context *fc) fc->fs_private = ctx; fc->ops = &ext4_context_ops; + /* i_version is always enabled now */ + fc->sb_flags |= SB_I_VERSION; + return 0; } @@ -5316,9 +5319,6 @@ static int __ext4_fill_super(struct fs_context *fc, struct super_block *sb) sb->s_flags = (sb->s_flags & ~SB_POSIXACL) | (test_opt(sb, POSIX_ACL) ? SB_POSIXACL : 0); - /* i_version is always enabled now */ - sb->s_flags |= SB_I_VERSION; - /* HSM events are allowed by default. */ sb->s_iflags |= SB_I_ALLOW_HSM;

2 months, 3 weeks

2
1
0 0

FAILED: patch "[PATCH] scsi: ufs: exynos: Fix programming of HCI_UTRL_NEXUS_TYPE" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 01aad16c2257ab8ff33b152b972c9f2e1af47912 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082136-luridness-causing-3cc9@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 01aad16c2257ab8ff33b152b972c9f2e1af47912 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20Draszik?= <andre.draszik(a)linaro.org> Date: Mon, 7 Jul 2025 18:05:27 +0100 Subject: [PATCH] scsi: ufs: exynos: Fix programming of HCI_UTRL_NEXUS_TYPE MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit On Google gs101, the number of UTP transfer request slots (nutrs) is 32, and in this case the driver ends up programming the UTRL_NEXUS_TYPE incorrectly as 0. This is because the left hand side of the shift is 1, which is of type int, i.e. 31 bits wide. Shifting by more than that width results in undefined behaviour. Fix this by switching to the BIT() macro, which applies correct type casting as required. This ensures the correct value is written to UTRL_NEXUS_TYPE (0xffffffff on gs101), and it also fixes a UBSAN shift warning: UBSAN: shift-out-of-bounds in drivers/ufs/host/ufs-exynos.c:1113:21 shift exponent 32 is too large for 32-bit type 'int' For consistency, apply the same change to the nutmrs / UTMRL_NEXUS_TYPE write. Fixes: 55f4b1f73631 ("scsi: ufs: ufs-exynos: Add UFS host support for Exynos SoCs") Cc: stable(a)vger.kernel.org Signed-off-by: André Draszik <andre.draszik(a)linaro.org> Link: https://lore.kernel.org/r/20250707-ufs-exynos-shift-v1-1-1418e161ae40@linar… Reviewed-by: Bart Van Assche <bvanassche(a)acm.org> Reviewed-by: Peter Griffin <peter.griffin(a)linaro.org> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> diff --git a/drivers/ufs/host/ufs-exynos.c b/drivers/ufs/host/ufs-exynos.c index 3e545af536e5..f0adcd9dd553 100644 --- a/drivers/ufs/host/ufs-exynos.c +++ b/drivers/ufs/host/ufs-exynos.c @@ -1110,8 +1110,8 @@ static int exynos_ufs_post_link(struct ufs_hba *hba) hci_writel(ufs, val, HCI_TXPRDT_ENTRY_SIZE); hci_writel(ufs, ilog2(DATA_UNIT_SIZE), HCI_RXPRDT_ENTRY_SIZE); - hci_writel(ufs, (1 << hba->nutrs) - 1, HCI_UTRL_NEXUS_TYPE); - hci_writel(ufs, (1 << hba->nutmrs) - 1, HCI_UTMRL_NEXUS_TYPE); + hci_writel(ufs, BIT(hba->nutrs) - 1, HCI_UTRL_NEXUS_TYPE); + hci_writel(ufs, BIT(hba->nutmrs) - 1, HCI_UTMRL_NEXUS_TYPE); hci_writel(ufs, 0xf, HCI_AXIDMA_RWDATA_BURST_LEN); if (ufs->opts & EXYNOS_UFS_OPT_SKIP_CONNECTION_ESTAB)

2 months, 3 weeks

2
1
0 0

FAILED: patch "[PATCH] scsi: ufs: ufs-pci: Fix hibernate state transition for Intel" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 4428ddea832cfdb63e476eb2e5c8feb5d36057fe # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082151-ethics-sponsor-e016@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 4428ddea832cfdb63e476eb2e5c8feb5d36057fe Mon Sep 17 00:00:00 2001 From: Archana Patni <archana.patni(a)intel.com> Date: Wed, 23 Jul 2025 19:58:49 +0300 Subject: [PATCH] scsi: ufs: ufs-pci: Fix hibernate state transition for Intel MTL-like host controllers UFSHCD core disables the UIC completion interrupt when issuing UIC hibernation commands, and re-enables it afterwards if it was enabled to start with, refer ufshcd_uic_pwr_ctrl(). For Intel MTL-like host controllers, accessing the register to re-enable the interrupt disrupts the state transition. Use hibern8_notify variant operation to disable the interrupt during the entire hibernation, thereby preventing the disruption. Fixes: 4049f7acef3e ("scsi: ufs: ufs-pci: Add support for Intel MTL") Cc: stable(a)vger.kernel.org Signed-off-by: Archana Patni <archana.patni(a)intel.com> Link: https://lore.kernel.org/r/20250723165856.145750-2-adrian.hunter@intel.com Reviewed-by: Bart Van Assche <bvanassche(a)acm.org> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> diff --git a/drivers/ufs/host/ufshcd-pci.c b/drivers/ufs/host/ufshcd-pci.c index 996387906aa1..af1c272eef1c 100644 --- a/drivers/ufs/host/ufshcd-pci.c +++ b/drivers/ufs/host/ufshcd-pci.c @@ -216,6 +216,32 @@ static int ufs_intel_lkf_apply_dev_quirks(struct ufs_hba *hba) return ret; } +static void ufs_intel_ctrl_uic_compl(struct ufs_hba *hba, bool enable) +{ + u32 set = ufshcd_readl(hba, REG_INTERRUPT_ENABLE); + + if (enable) + set |= UIC_COMMAND_COMPL; + else + set &= ~UIC_COMMAND_COMPL; + ufshcd_writel(hba, set, REG_INTERRUPT_ENABLE); +} + +static void ufs_intel_mtl_h8_notify(struct ufs_hba *hba, + enum uic_cmd_dme cmd, + enum ufs_notify_change_status status) +{ + /* + * Disable UIC COMPL INTR to prevent access to UFSHCI after + * checking HCS.UPMCRS + */ + if (status == PRE_CHANGE && cmd == UIC_CMD_DME_HIBER_ENTER) + ufs_intel_ctrl_uic_compl(hba, false); + + if (status == POST_CHANGE && cmd == UIC_CMD_DME_HIBER_EXIT) + ufs_intel_ctrl_uic_compl(hba, true); +} + #define INTEL_ACTIVELTR 0x804 #define INTEL_IDLELTR 0x808 @@ -533,6 +559,7 @@ static struct ufs_hba_variant_ops ufs_intel_mtl_hba_vops = { .init = ufs_intel_mtl_init, .exit = ufs_intel_common_exit, .hce_enable_notify = ufs_intel_hce_enable_notify, + .hibern8_notify = ufs_intel_mtl_h8_notify, .link_startup_notify = ufs_intel_link_startup_notify, .resume = ufs_intel_resume, .device_reset = ufs_intel_device_reset,

2 months, 3 weeks

2
1
0 0

FAILED: patch "[PATCH] io_uring/net: commit partial buffers on retry" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 41b70df5b38bc80967d2e0ed55cc3c3896bba781 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025081548-whoops-aneurism-c7b1@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 41b70df5b38bc80967d2e0ed55cc3c3896bba781 Mon Sep 17 00:00:00 2001 From: Jens Axboe <axboe(a)kernel.dk> Date: Tue, 12 Aug 2025 08:30:11 -0600 Subject: [PATCH] io_uring/net: commit partial buffers on retry Ring provided buffers are potentially only valid within the single execution context in which they were acquired. io_uring deals with this and invalidates them on retry. But on the networking side, if MSG_WAITALL is set, or if the socket is of the streaming type and too little was processed, then it will hang on to the buffer rather than recycle or commit it. This is problematic for two reasons: 1) If someone unregisters the provided buffer ring before a later retry, then the req->buf_list will no longer be valid. 2) If multiple sockers are using the same buffer group, then multiple receives can consume the same memory. This can cause data corruption in the application, as either receive could land in the same userspace buffer. Fix this by disallowing partial retries from pinning a provided buffer across multiple executions, if ring provided buffers are used. Cc: stable(a)vger.kernel.org Reported-by: pt x <superman.xpt(a)gmail.com> Fixes: c56e022c0a27 ("io_uring: add support for user mapped provided buffer ring") Signed-off-by: Jens Axboe <axboe(a)kernel.dk> diff --git a/io_uring/net.c b/io_uring/net.c index dd96e355982f..d69f2afa4f7a 100644 --- a/io_uring/net.c +++ b/io_uring/net.c @@ -494,6 +494,15 @@ static int io_bundle_nbufs(struct io_async_msghdr *kmsg, int ret) return nbufs; } +static int io_net_kbuf_recyle(struct io_kiocb *req, + struct io_async_msghdr *kmsg, int len) +{ + req->flags |= REQ_F_BL_NO_RECYCLE; + if (req->flags & REQ_F_BUFFERS_COMMIT) + io_kbuf_commit(req, req->buf_list, len, io_bundle_nbufs(kmsg, len)); + return IOU_RETRY; +} + static inline bool io_send_finish(struct io_kiocb *req, int *ret, struct io_async_msghdr *kmsg, unsigned issue_flags) @@ -562,8 +571,7 @@ int io_sendmsg(struct io_kiocb *req, unsigned int issue_flags) kmsg->msg.msg_controllen = 0; kmsg->msg.msg_control = NULL; sr->done_io += ret; - req->flags |= REQ_F_BL_NO_RECYCLE; - return -EAGAIN; + return io_net_kbuf_recyle(req, kmsg, ret); } if (ret == -ERESTARTSYS) ret = -EINTR; @@ -674,8 +682,7 @@ int io_send(struct io_kiocb *req, unsigned int issue_flags) sr->len -= ret; sr->buf += ret; sr->done_io += ret; - req->flags |= REQ_F_BL_NO_RECYCLE; - return -EAGAIN; + return io_net_kbuf_recyle(req, kmsg, ret); } if (ret == -ERESTARTSYS) ret = -EINTR; @@ -1071,8 +1078,7 @@ int io_recvmsg(struct io_kiocb *req, unsigned int issue_flags) } if (ret > 0 && io_net_retry(sock, flags)) { sr->done_io += ret; - req->flags |= REQ_F_BL_NO_RECYCLE; - return IOU_RETRY; + return io_net_kbuf_recyle(req, kmsg, ret); } if (ret == -ERESTARTSYS) ret = -EINTR; @@ -1218,8 +1224,7 @@ int io_recv(struct io_kiocb *req, unsigned int issue_flags) sr->len -= ret; sr->buf += ret; sr->done_io += ret; - req->flags |= REQ_F_BL_NO_RECYCLE; - return -EAGAIN; + return io_net_kbuf_recyle(req, kmsg, ret); } if (ret == -ERESTARTSYS) ret = -EINTR; @@ -1500,8 +1505,7 @@ int io_send_zc(struct io_kiocb *req, unsigned int issue_flags) zc->len -= ret; zc->buf += ret; zc->done_io += ret; - req->flags |= REQ_F_BL_NO_RECYCLE; - return -EAGAIN; + return io_net_kbuf_recyle(req, kmsg, ret); } if (ret == -ERESTARTSYS) ret = -EINTR; @@ -1571,8 +1575,7 @@ int io_sendmsg_zc(struct io_kiocb *req, unsigned int issue_flags) if (ret > 0 && io_net_retry(sock, flags)) { sr->done_io += ret; - req->flags |= REQ_F_BL_NO_RECYCLE; - return -EAGAIN; + return io_net_kbuf_recyle(req, kmsg, ret); } if (ret == -ERESTARTSYS) ret = -EINTR;

2 months, 3 weeks

3
4
0 0

2a23a4e1159c to 6.12

by Alistair Delva

Dear stable maintainers, Please consider cherry-picking 2a23a4e1159c ("kvm: retrynx_huge_page_recovery_thread creation") to 6.12. It fixes a problem where some VMMs (crosvm, firecracker, others) may unnecessarily terminate a VM when -ENOMEM is returned to userspace for a non-fatal condition. Report of the change's success on 6.12 and first request: https://lore.kernel.org/all/aBOPWGPTCgnUgtw-@CMGLRV3/ Example downstream bug report from libkrun: https://github.com/containers/libkrun/issues/314 We are seeing this same flaky behavior at scale on infra machines running 6.12.38 from Debian bpo. Thanks!

2 months, 3 weeks

2
3
0 0

FAILED: patch "[PATCH] scsi: mpi3mr: Serialize admin queue BAR writes on 32-bit" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x c91e140c82eb58724c435f623702e51cc7896646 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082105-penalize-quadrant-9ad9@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c91e140c82eb58724c435f623702e51cc7896646 Mon Sep 17 00:00:00 2001 From: Ranjan Kumar <ranjan.kumar(a)broadcom.com> Date: Sat, 28 Jun 2025 01:15:38 +0530 Subject: [PATCH] scsi: mpi3mr: Serialize admin queue BAR writes on 32-bit systems On 32-bit systems, 64-bit BAR writes to admin queue registers are performed as two 32-bit writes. Without locking, this can cause partial writes when accessed concurrently. Updated per-queue spinlocks is used to serialize these writes and prevent race conditions. Fixes: 824a156633df ("scsi: mpi3mr: Base driver code") Cc: stable(a)vger.kernel.org Signed-off-by: Ranjan Kumar <ranjan.kumar(a)broadcom.com> Link: https://lore.kernel.org/r/20250627194539.48851-4-ranjan.kumar@broadcom.com Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> diff --git a/drivers/scsi/mpi3mr/mpi3mr.h b/drivers/scsi/mpi3mr/mpi3mr.h index bf272dd69d23..f2201108ea91 100644 --- a/drivers/scsi/mpi3mr/mpi3mr.h +++ b/drivers/scsi/mpi3mr/mpi3mr.h @@ -1137,6 +1137,8 @@ struct scmd_priv { * @logdata_buf: Circular buffer to store log data entries * @logdata_buf_idx: Index of entry in buffer to store * @logdata_entry_sz: log data entry size + * @adm_req_q_bar_writeq_lock: Admin request queue lock + * @adm_reply_q_bar_writeq_lock: Admin reply queue lock * @pend_large_data_sz: Counter to track pending large data * @io_throttle_data_length: I/O size to track in 512b blocks * @io_throttle_high: I/O size to start throttle in 512b blocks @@ -1339,6 +1341,8 @@ struct mpi3mr_ioc { u8 *logdata_buf; u16 logdata_buf_idx; u16 logdata_entry_sz; + spinlock_t adm_req_q_bar_writeq_lock; + spinlock_t adm_reply_q_bar_writeq_lock; atomic_t pend_large_data_sz; u32 io_throttle_data_length; diff --git a/drivers/scsi/mpi3mr/mpi3mr_fw.c b/drivers/scsi/mpi3mr/mpi3mr_fw.c index 8976582946a2..0152d31d430a 100644 --- a/drivers/scsi/mpi3mr/mpi3mr_fw.c +++ b/drivers/scsi/mpi3mr/mpi3mr_fw.c @@ -23,17 +23,22 @@ module_param(poll_queues, int, 0444); MODULE_PARM_DESC(poll_queues, "Number of queues for io_uring poll mode. (Range 1 - 126)"); #if defined(writeq) && defined(CONFIG_64BIT) -static inline void mpi3mr_writeq(__u64 b, void __iomem *addr) +static inline void mpi3mr_writeq(__u64 b, void __iomem *addr, + spinlock_t *write_queue_lock) { writeq(b, addr); } #else -static inline void mpi3mr_writeq(__u64 b, void __iomem *addr) +static inline void mpi3mr_writeq(__u64 b, void __iomem *addr, + spinlock_t *write_queue_lock) { __u64 data_out = b; + unsigned long flags; + spin_lock_irqsave(write_queue_lock, flags); writel((u32)(data_out), addr); writel((u32)(data_out >> 32), (addr + 4)); + spin_unlock_irqrestore(write_queue_lock, flags); } #endif @@ -2954,9 +2959,11 @@ static int mpi3mr_setup_admin_qpair(struct mpi3mr_ioc *mrioc) (mrioc->num_admin_req); writel(num_admin_entries, &mrioc->sysif_regs->admin_queue_num_entries); mpi3mr_writeq(mrioc->admin_req_dma, - &mrioc->sysif_regs->admin_request_queue_address); + &mrioc->sysif_regs->admin_request_queue_address, + &mrioc->adm_req_q_bar_writeq_lock); mpi3mr_writeq(mrioc->admin_reply_dma, - &mrioc->sysif_regs->admin_reply_queue_address); + &mrioc->sysif_regs->admin_reply_queue_address, + &mrioc->adm_reply_q_bar_writeq_lock); writel(mrioc->admin_req_pi, &mrioc->sysif_regs->admin_request_queue_pi); writel(mrioc->admin_reply_ci, &mrioc->sysif_regs->admin_reply_queue_ci); return retval; diff --git a/drivers/scsi/mpi3mr/mpi3mr_os.c b/drivers/scsi/mpi3mr/mpi3mr_os.c index ce444efd859e..0d1c9bbb13b5 100644 --- a/drivers/scsi/mpi3mr/mpi3mr_os.c +++ b/drivers/scsi/mpi3mr/mpi3mr_os.c @@ -5365,6 +5365,8 @@ mpi3mr_probe(struct pci_dev *pdev, const struct pci_device_id *id) spin_lock_init(&mrioc->tgtdev_lock); spin_lock_init(&mrioc->watchdog_lock); spin_lock_init(&mrioc->chain_buf_lock); + spin_lock_init(&mrioc->adm_req_q_bar_writeq_lock); + spin_lock_init(&mrioc->adm_reply_q_bar_writeq_lock); spin_lock_init(&mrioc->sas_node_lock); spin_lock_init(&mrioc->trigger_lock);

2 months, 3 weeks

2
2
0 0

FAILED: patch "[PATCH] scsi: mpi3mr: Serialize admin queue BAR writes on 32-bit" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x c91e140c82eb58724c435f623702e51cc7896646 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082105-fit-porridge-a9dc@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c91e140c82eb58724c435f623702e51cc7896646 Mon Sep 17 00:00:00 2001 From: Ranjan Kumar <ranjan.kumar(a)broadcom.com> Date: Sat, 28 Jun 2025 01:15:38 +0530 Subject: [PATCH] scsi: mpi3mr: Serialize admin queue BAR writes on 32-bit systems On 32-bit systems, 64-bit BAR writes to admin queue registers are performed as two 32-bit writes. Without locking, this can cause partial writes when accessed concurrently. Updated per-queue spinlocks is used to serialize these writes and prevent race conditions. Fixes: 824a156633df ("scsi: mpi3mr: Base driver code") Cc: stable(a)vger.kernel.org Signed-off-by: Ranjan Kumar <ranjan.kumar(a)broadcom.com> Link: https://lore.kernel.org/r/20250627194539.48851-4-ranjan.kumar@broadcom.com Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> diff --git a/drivers/scsi/mpi3mr/mpi3mr.h b/drivers/scsi/mpi3mr/mpi3mr.h index bf272dd69d23..f2201108ea91 100644 --- a/drivers/scsi/mpi3mr/mpi3mr.h +++ b/drivers/scsi/mpi3mr/mpi3mr.h @@ -1137,6 +1137,8 @@ struct scmd_priv { * @logdata_buf: Circular buffer to store log data entries * @logdata_buf_idx: Index of entry in buffer to store * @logdata_entry_sz: log data entry size + * @adm_req_q_bar_writeq_lock: Admin request queue lock + * @adm_reply_q_bar_writeq_lock: Admin reply queue lock * @pend_large_data_sz: Counter to track pending large data * @io_throttle_data_length: I/O size to track in 512b blocks * @io_throttle_high: I/O size to start throttle in 512b blocks @@ -1339,6 +1341,8 @@ struct mpi3mr_ioc { u8 *logdata_buf; u16 logdata_buf_idx; u16 logdata_entry_sz; + spinlock_t adm_req_q_bar_writeq_lock; + spinlock_t adm_reply_q_bar_writeq_lock; atomic_t pend_large_data_sz; u32 io_throttle_data_length; diff --git a/drivers/scsi/mpi3mr/mpi3mr_fw.c b/drivers/scsi/mpi3mr/mpi3mr_fw.c index 8976582946a2..0152d31d430a 100644 --- a/drivers/scsi/mpi3mr/mpi3mr_fw.c +++ b/drivers/scsi/mpi3mr/mpi3mr_fw.c @@ -23,17 +23,22 @@ module_param(poll_queues, int, 0444); MODULE_PARM_DESC(poll_queues, "Number of queues for io_uring poll mode. (Range 1 - 126)"); #if defined(writeq) && defined(CONFIG_64BIT) -static inline void mpi3mr_writeq(__u64 b, void __iomem *addr) +static inline void mpi3mr_writeq(__u64 b, void __iomem *addr, + spinlock_t *write_queue_lock) { writeq(b, addr); } #else -static inline void mpi3mr_writeq(__u64 b, void __iomem *addr) +static inline void mpi3mr_writeq(__u64 b, void __iomem *addr, + spinlock_t *write_queue_lock) { __u64 data_out = b; + unsigned long flags; + spin_lock_irqsave(write_queue_lock, flags); writel((u32)(data_out), addr); writel((u32)(data_out >> 32), (addr + 4)); + spin_unlock_irqrestore(write_queue_lock, flags); } #endif @@ -2954,9 +2959,11 @@ static int mpi3mr_setup_admin_qpair(struct mpi3mr_ioc *mrioc) (mrioc->num_admin_req); writel(num_admin_entries, &mrioc->sysif_regs->admin_queue_num_entries); mpi3mr_writeq(mrioc->admin_req_dma, - &mrioc->sysif_regs->admin_request_queue_address); + &mrioc->sysif_regs->admin_request_queue_address, + &mrioc->adm_req_q_bar_writeq_lock); mpi3mr_writeq(mrioc->admin_reply_dma, - &mrioc->sysif_regs->admin_reply_queue_address); + &mrioc->sysif_regs->admin_reply_queue_address, + &mrioc->adm_reply_q_bar_writeq_lock); writel(mrioc->admin_req_pi, &mrioc->sysif_regs->admin_request_queue_pi); writel(mrioc->admin_reply_ci, &mrioc->sysif_regs->admin_reply_queue_ci); return retval; diff --git a/drivers/scsi/mpi3mr/mpi3mr_os.c b/drivers/scsi/mpi3mr/mpi3mr_os.c index ce444efd859e..0d1c9bbb13b5 100644 --- a/drivers/scsi/mpi3mr/mpi3mr_os.c +++ b/drivers/scsi/mpi3mr/mpi3mr_os.c @@ -5365,6 +5365,8 @@ mpi3mr_probe(struct pci_dev *pdev, const struct pci_device_id *id) spin_lock_init(&mrioc->tgtdev_lock); spin_lock_init(&mrioc->watchdog_lock); spin_lock_init(&mrioc->chain_buf_lock); + spin_lock_init(&mrioc->adm_req_q_bar_writeq_lock); + spin_lock_init(&mrioc->adm_reply_q_bar_writeq_lock); spin_lock_init(&mrioc->sas_node_lock); spin_lock_init(&mrioc->trigger_lock);

2 months, 3 weeks

2
2
0 0

FAILED: patch "[PATCH] selftests: mptcp: pm: check flush doesn't reset limits" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 452690be7de2f91cc0de68cb9e95252875b33503 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082203-populate-sublease-ef51@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 452690be7de2f91cc0de68cb9e95252875b33503 Mon Sep 17 00:00:00 2001 From: "Matthieu Baerts (NGI0)" <matttbe(a)kernel.org> Date: Fri, 15 Aug 2025 19:28:21 +0200 Subject: [PATCH] selftests: mptcp: pm: check flush doesn't reset limits This modification is linked to the parent commit where the received ADD_ADDR limit was accidentally reset when the endpoints were flushed. To validate that, the test is now flushing endpoints after having set new limits, and before checking them. The 'Fixes' tag here below is the same as the one from the previous commit: this patch here is not fixing anything wrong in the selftests, but it validates the previous fix for an issue introduced by this commit ID. Fixes: 01cacb00b35c ("mptcp: add netlink-based PM") Cc: stable(a)vger.kernel.org Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Link: https://patch.msgid.link/20250815-net-mptcp-misc-fixes-6-17-rc2-v1-3-521fe9… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/tools/testing/selftests/net/mptcp/pm_netlink.sh b/tools/testing/selftests/net/mptcp/pm_netlink.sh index 2e6648a2b2c0..ac7ec6f94023 100755 --- a/tools/testing/selftests/net/mptcp/pm_netlink.sh +++ b/tools/testing/selftests/net/mptcp/pm_netlink.sh @@ -198,6 +198,7 @@ set_limits 1 9 2>/dev/null check "get_limits" "${default_limits}" "subflows above hard limit" set_limits 8 8 +flush_endpoint ## to make sure it doesn't affect the limits check "get_limits" "$(format_limits 8 8)" "set limits" flush_endpoint

2 months, 3 weeks

4
3
0 0

FAILED: patch "[PATCH] mmc: sdhci-pci-gli: GL9763e: Mask the replay timer timeout of" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 340be332e420ed37d15d4169a1b4174e912ad6cb # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082253-ashes-nutmeg-b7d8@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 340be332e420ed37d15d4169a1b4174e912ad6cb Mon Sep 17 00:00:00 2001 From: Victor Shih <victor.shih(a)genesyslogic.com.tw> Date: Thu, 31 Jul 2025 14:57:52 +0800 Subject: [PATCH] mmc: sdhci-pci-gli: GL9763e: Mask the replay timer timeout of AER Due to a flaw in the hardware design, the GL9763e replay timer frequently times out when ASPM is enabled. As a result, the warning messages will often appear in the system log when the system accesses the GL9763e PCI config. Therefore, the replay timer timeout must be masked. Signed-off-by: Victor Shih <victor.shih(a)genesyslogic.com.tw> Fixes: 1ae1d2d6e555 ("mmc: sdhci-pci-gli: Add Genesys Logic GL9763E support") Cc: stable(a)vger.kernel.org Acked-by: Adrian Hunter <adrian.hunter(a)intel.com> Link: https://lore.kernel.org/r/20250731065752.450231-4-victorshihgli@gmail.com Signed-off-by: Ulf Hansson <ulf.hansson(a)linaro.org> diff --git a/drivers/mmc/host/sdhci-pci-gli.c b/drivers/mmc/host/sdhci-pci-gli.c index 436f0460222f..3a1de477e9af 100644 --- a/drivers/mmc/host/sdhci-pci-gli.c +++ b/drivers/mmc/host/sdhci-pci-gli.c @@ -1782,6 +1782,9 @@ static void gl9763e_hw_setting(struct sdhci_pci_slot *slot) value |= FIELD_PREP(GLI_9763E_HS400_RXDLY, GLI_9763E_HS400_RXDLY_5); pci_write_config_dword(pdev, PCIE_GLI_9763E_CLKRXDLY, value); + /* mask the replay timer timeout of AER */ + sdhci_gli_mask_replay_timer_timeout(pdev); + pci_read_config_dword(pdev, PCIE_GLI_9763E_VHS, &value); value &= ~GLI_9763E_VHS_REV; value |= FIELD_PREP(GLI_9763E_VHS_REV, GLI_9763E_VHS_REV_R);

2 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] mmc: sdhci-pci-gli: GL9763e: Mask the replay timer timeout of" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 340be332e420ed37d15d4169a1b4174e912ad6cb # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082253-from-kindred-7d7e@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 340be332e420ed37d15d4169a1b4174e912ad6cb Mon Sep 17 00:00:00 2001 From: Victor Shih <victor.shih(a)genesyslogic.com.tw> Date: Thu, 31 Jul 2025 14:57:52 +0800 Subject: [PATCH] mmc: sdhci-pci-gli: GL9763e: Mask the replay timer timeout of AER Due to a flaw in the hardware design, the GL9763e replay timer frequently times out when ASPM is enabled. As a result, the warning messages will often appear in the system log when the system accesses the GL9763e PCI config. Therefore, the replay timer timeout must be masked. Signed-off-by: Victor Shih <victor.shih(a)genesyslogic.com.tw> Fixes: 1ae1d2d6e555 ("mmc: sdhci-pci-gli: Add Genesys Logic GL9763E support") Cc: stable(a)vger.kernel.org Acked-by: Adrian Hunter <adrian.hunter(a)intel.com> Link: https://lore.kernel.org/r/20250731065752.450231-4-victorshihgli@gmail.com Signed-off-by: Ulf Hansson <ulf.hansson(a)linaro.org> diff --git a/drivers/mmc/host/sdhci-pci-gli.c b/drivers/mmc/host/sdhci-pci-gli.c index 436f0460222f..3a1de477e9af 100644 --- a/drivers/mmc/host/sdhci-pci-gli.c +++ b/drivers/mmc/host/sdhci-pci-gli.c @@ -1782,6 +1782,9 @@ static void gl9763e_hw_setting(struct sdhci_pci_slot *slot) value |= FIELD_PREP(GLI_9763E_HS400_RXDLY, GLI_9763E_HS400_RXDLY_5); pci_write_config_dword(pdev, PCIE_GLI_9763E_CLKRXDLY, value); + /* mask the replay timer timeout of AER */ + sdhci_gli_mask_replay_timer_timeout(pdev); + pci_read_config_dword(pdev, PCIE_GLI_9763E_VHS, &value); value &= ~GLI_9763E_VHS_REV; value |= FIELD_PREP(GLI_9763E_VHS_REV, GLI_9763E_VHS_REV_R);

2 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] mm/mremap: fix WARN with uffd that has remap events disabled" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 772e5b4a5e8360743645b9a466842d16092c4f94 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082218-untidy-blaspheme-a9c3@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 772e5b4a5e8360743645b9a466842d16092c4f94 Mon Sep 17 00:00:00 2001 From: David Hildenbrand <david(a)redhat.com> Date: Mon, 18 Aug 2025 19:53:58 +0200 Subject: [PATCH] mm/mremap: fix WARN with uffd that has remap events disabled Registering userfaultd on a VMA that spans at least one PMD and then mremap()'ing that VMA can trigger a WARN when recovering from a failed page table move due to a page table allocation error. The code ends up doing the right thing (recurse, avoiding moving actual page tables), but triggering that WARN is unpleasant: WARNING: CPU: 2 PID: 6133 at mm/mremap.c:357 move_normal_pmd mm/mremap.c:357 [inline] WARNING: CPU: 2 PID: 6133 at mm/mremap.c:357 move_pgt_entry mm/mremap.c:595 [inline] WARNING: CPU: 2 PID: 6133 at mm/mremap.c:357 move_page_tables+0x3832/0x44a0 mm/mremap.c:852 Modules linked in: CPU: 2 UID: 0 PID: 6133 Comm: syz.0.19 Not tainted 6.17.0-rc1-syzkaller-00004-g53e760d89498 #0 PREEMPT(full) Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 RIP: 0010:move_normal_pmd mm/mremap.c:357 [inline] RIP: 0010:move_pgt_entry mm/mremap.c:595 [inline] RIP: 0010:move_page_tables+0x3832/0x44a0 mm/mremap.c:852 Code: ... RSP: 0018:ffffc900037a76d8 EFLAGS: 00010293 RAX: 0000000000000000 RBX: 0000000032930007 RCX: ffffffff820c6645 RDX: ffff88802e56a440 RSI: ffffffff820c7201 RDI: 0000000000000007 RBP: ffff888037728fc0 R08: 0000000000000007 R09: 0000000000000000 R10: 0000000032930007 R11: 0000000000000000 R12: 0000000000000000 R13: ffffc900037a79a8 R14: 0000000000000001 R15: dffffc0000000000 FS: 000055556316a500(0000) GS:ffff8880d68bc000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000001b30863fff CR3: 0000000050171000 CR4: 0000000000352ef0 Call Trace: <TASK> copy_vma_and_data+0x468/0x790 mm/mremap.c:1215 move_vma+0x548/0x1780 mm/mremap.c:1282 mremap_to+0x1b7/0x450 mm/mremap.c:1406 do_mremap+0xfad/0x1f80 mm/mremap.c:1921 __do_sys_mremap+0x119/0x170 mm/mremap.c:1977 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xcd/0x4c0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f00d0b8ebe9 Code: ... RSP: 002b:00007ffe5ea5ee98 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 RAX: ffffffffffffffda RBX: 00007f00d0db5fa0 RCX: 00007f00d0b8ebe9 RDX: 0000000000400000 RSI: 0000000000c00000 RDI: 0000200000000000 RBP: 00007ffe5ea5eef0 R08: 0000200000c00000 R09: 0000000000000000 R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000002 R13: 00007f00d0db5fa0 R14: 00007f00d0db5fa0 R15: 0000000000000005 </TASK> The underlying issue is that we recurse during the original page table move, but not during the recovery move. Fix it by checking for both VMAs and performing the check before the pmd_none() sanity check. Add a new helper where we perform+document that check for the PMD and PUD level. Thanks to Harry for bisecting. Link: https://lkml.kernel.org/r/20250818175358.1184757-1-david@redhat.com Fixes: 0cef0bb836e3 ("mm: clear uffd-wp PTE/PMD state on mremap()") Signed-off-by: David Hildenbrand <david(a)redhat.com> Reported-by: syzbot+4d9a13f0797c46a29e42(a)syzkaller.appspotmail.com Closes: https://lkml.kernel.org/r/689bb893.050a0220.7f033.013a.GAE@google.com Tested-by: Harry Yoo <harry.yoo(a)oracle.com> Cc: "Liam R. Howlett" <Liam.Howlett(a)oracle.com> Cc: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: Jann Horn <jannh(a)google.com> Cc: Pedro Falcato <pfalcato(a)suse.de> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/mremap.c b/mm/mremap.c index 33b642076205..e618a706aff5 100644 --- a/mm/mremap.c +++ b/mm/mremap.c @@ -323,6 +323,25 @@ static inline bool arch_supports_page_table_move(void) } #endif +static inline bool uffd_supports_page_table_move(struct pagetable_move_control *pmc) +{ + /* + * If we are moving a VMA that has uffd-wp registered but with + * remap events disabled (new VMA will not be registered with uffd), we + * need to ensure that the uffd-wp state is cleared from all pgtables. + * This means recursing into lower page tables in move_page_tables(). + * + * We might get called with VMAs reversed when recovering from a + * failed page table move. In that case, the + * "old"-but-actually-"originally new" VMA during recovery will not have + * a uffd context. Recursing into lower page tables during the original + * move but not during the recovery move will cause trouble, because we + * run into already-existing page tables. So check both VMAs. + */ + return !vma_has_uffd_without_event_remap(pmc->old) && + !vma_has_uffd_without_event_remap(pmc->new); +} + #ifdef CONFIG_HAVE_MOVE_PMD static bool move_normal_pmd(struct pagetable_move_control *pmc, pmd_t *old_pmd, pmd_t *new_pmd) @@ -335,6 +354,8 @@ static bool move_normal_pmd(struct pagetable_move_control *pmc, if (!arch_supports_page_table_move()) return false; + if (!uffd_supports_page_table_move(pmc)) + return false; /* * The destination pmd shouldn't be established, free_pgtables() * should have released it. @@ -361,15 +382,6 @@ static bool move_normal_pmd(struct pagetable_move_control *pmc, if (WARN_ON_ONCE(!pmd_none(*new_pmd))) return false; - /* If this pmd belongs to a uffd vma with remap events disabled, we need - * to ensure that the uffd-wp state is cleared from all pgtables. This - * means recursing into lower page tables in move_page_tables(), and we - * can reuse the existing code if we simply treat the entry as "not - * moved". - */ - if (vma_has_uffd_without_event_remap(vma)) - return false; - /* * We don't have to worry about the ordering of src and dst * ptlocks because exclusive mmap_lock prevents deadlock. @@ -418,6 +430,8 @@ static bool move_normal_pud(struct pagetable_move_control *pmc, if (!arch_supports_page_table_move()) return false; + if (!uffd_supports_page_table_move(pmc)) + return false; /* * The destination pud shouldn't be established, free_pgtables() * should have released it. @@ -425,15 +439,6 @@ static bool move_normal_pud(struct pagetable_move_control *pmc, if (WARN_ON_ONCE(!pud_none(*new_pud))) return false; - /* If this pud belongs to a uffd vma with remap events disabled, we need - * to ensure that the uffd-wp state is cleared from all pgtables. This - * means recursing into lower page tables in move_page_tables(), and we - * can reuse the existing code if we simply treat the entry as "not - * moved". - */ - if (vma_has_uffd_without_event_remap(vma)) - return false; - /* * We don't have to worry about the ordering of src and dst * ptlocks because exclusive mmap_lock prevents deadlock.

2 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] scsi: mpi3mr: Serialize admin queue BAR writes on 32-bit" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x c91e140c82eb58724c435f623702e51cc7896646 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082104-negative-wildcat-59ac@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c91e140c82eb58724c435f623702e51cc7896646 Mon Sep 17 00:00:00 2001 From: Ranjan Kumar <ranjan.kumar(a)broadcom.com> Date: Sat, 28 Jun 2025 01:15:38 +0530 Subject: [PATCH] scsi: mpi3mr: Serialize admin queue BAR writes on 32-bit systems On 32-bit systems, 64-bit BAR writes to admin queue registers are performed as two 32-bit writes. Without locking, this can cause partial writes when accessed concurrently. Updated per-queue spinlocks is used to serialize these writes and prevent race conditions. Fixes: 824a156633df ("scsi: mpi3mr: Base driver code") Cc: stable(a)vger.kernel.org Signed-off-by: Ranjan Kumar <ranjan.kumar(a)broadcom.com> Link: https://lore.kernel.org/r/20250627194539.48851-4-ranjan.kumar@broadcom.com Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> diff --git a/drivers/scsi/mpi3mr/mpi3mr.h b/drivers/scsi/mpi3mr/mpi3mr.h index bf272dd69d23..f2201108ea91 100644 --- a/drivers/scsi/mpi3mr/mpi3mr.h +++ b/drivers/scsi/mpi3mr/mpi3mr.h @@ -1137,6 +1137,8 @@ struct scmd_priv { * @logdata_buf: Circular buffer to store log data entries * @logdata_buf_idx: Index of entry in buffer to store * @logdata_entry_sz: log data entry size + * @adm_req_q_bar_writeq_lock: Admin request queue lock + * @adm_reply_q_bar_writeq_lock: Admin reply queue lock * @pend_large_data_sz: Counter to track pending large data * @io_throttle_data_length: I/O size to track in 512b blocks * @io_throttle_high: I/O size to start throttle in 512b blocks @@ -1339,6 +1341,8 @@ struct mpi3mr_ioc { u8 *logdata_buf; u16 logdata_buf_idx; u16 logdata_entry_sz; + spinlock_t adm_req_q_bar_writeq_lock; + spinlock_t adm_reply_q_bar_writeq_lock; atomic_t pend_large_data_sz; u32 io_throttle_data_length; diff --git a/drivers/scsi/mpi3mr/mpi3mr_fw.c b/drivers/scsi/mpi3mr/mpi3mr_fw.c index 8976582946a2..0152d31d430a 100644 --- a/drivers/scsi/mpi3mr/mpi3mr_fw.c +++ b/drivers/scsi/mpi3mr/mpi3mr_fw.c @@ -23,17 +23,22 @@ module_param(poll_queues, int, 0444); MODULE_PARM_DESC(poll_queues, "Number of queues for io_uring poll mode. (Range 1 - 126)"); #if defined(writeq) && defined(CONFIG_64BIT) -static inline void mpi3mr_writeq(__u64 b, void __iomem *addr) +static inline void mpi3mr_writeq(__u64 b, void __iomem *addr, + spinlock_t *write_queue_lock) { writeq(b, addr); } #else -static inline void mpi3mr_writeq(__u64 b, void __iomem *addr) +static inline void mpi3mr_writeq(__u64 b, void __iomem *addr, + spinlock_t *write_queue_lock) { __u64 data_out = b; + unsigned long flags; + spin_lock_irqsave(write_queue_lock, flags); writel((u32)(data_out), addr); writel((u32)(data_out >> 32), (addr + 4)); + spin_unlock_irqrestore(write_queue_lock, flags); } #endif @@ -2954,9 +2959,11 @@ static int mpi3mr_setup_admin_qpair(struct mpi3mr_ioc *mrioc) (mrioc->num_admin_req); writel(num_admin_entries, &mrioc->sysif_regs->admin_queue_num_entries); mpi3mr_writeq(mrioc->admin_req_dma, - &mrioc->sysif_regs->admin_request_queue_address); + &mrioc->sysif_regs->admin_request_queue_address, + &mrioc->adm_req_q_bar_writeq_lock); mpi3mr_writeq(mrioc->admin_reply_dma, - &mrioc->sysif_regs->admin_reply_queue_address); + &mrioc->sysif_regs->admin_reply_queue_address, + &mrioc->adm_reply_q_bar_writeq_lock); writel(mrioc->admin_req_pi, &mrioc->sysif_regs->admin_request_queue_pi); writel(mrioc->admin_reply_ci, &mrioc->sysif_regs->admin_reply_queue_ci); return retval; diff --git a/drivers/scsi/mpi3mr/mpi3mr_os.c b/drivers/scsi/mpi3mr/mpi3mr_os.c index ce444efd859e..0d1c9bbb13b5 100644 --- a/drivers/scsi/mpi3mr/mpi3mr_os.c +++ b/drivers/scsi/mpi3mr/mpi3mr_os.c @@ -5365,6 +5365,8 @@ mpi3mr_probe(struct pci_dev *pdev, const struct pci_device_id *id) spin_lock_init(&mrioc->tgtdev_lock); spin_lock_init(&mrioc->watchdog_lock); spin_lock_init(&mrioc->chain_buf_lock); + spin_lock_init(&mrioc->adm_req_q_bar_writeq_lock); + spin_lock_init(&mrioc->adm_reply_q_bar_writeq_lock); spin_lock_init(&mrioc->sas_node_lock); spin_lock_init(&mrioc->trigger_lock);

2 months, 3 weeks

2
2
0 0

FAILED: patch "[PATCH] NFS: Fix a race when updating an existing write" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 76d2e3890fb169168c73f2e4f8375c7cc24a765e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082226-unnerve-ripening-2dfa@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 76d2e3890fb169168c73f2e4f8375c7cc24a765e Mon Sep 17 00:00:00 2001 From: Trond Myklebust <trond.myklebust(a)hammerspace.com> Date: Sat, 16 Aug 2025 07:25:20 -0700 Subject: [PATCH] NFS: Fix a race when updating an existing write After nfs_lock_and_join_requests() tests for whether the request is still attached to the mapping, nothing prevents a call to nfs_inode_remove_request() from succeeding until we actually lock the page group. The reason is that whoever called nfs_inode_remove_request() doesn't necessarily have a lock on the page group head. So in order to avoid races, let's take the page group lock earlier in nfs_lock_and_join_requests(), and hold it across the removal of the request in nfs_inode_remove_request(). Reported-by: Jeff Layton <jlayton(a)kernel.org> Tested-by: Joe Quanaim <jdq(a)meta.com> Tested-by: Andrew Steffen <aksteffen(a)meta.com> Reviewed-by: Jeff Layton <jlayton(a)kernel.org> Fixes: bd37d6fce184 ("NFSv4: Convert nfs_lock_and_join_requests() to use nfs_page_find_head_request()") Cc: stable(a)vger.kernel.org Signed-off-by: Trond Myklebust <trond.myklebust(a)hammerspace.com> diff --git a/fs/nfs/pagelist.c b/fs/nfs/pagelist.c index 11968dcb7243..6e69ce43a13f 100644 --- a/fs/nfs/pagelist.c +++ b/fs/nfs/pagelist.c @@ -253,13 +253,14 @@ nfs_page_group_unlock(struct nfs_page *req) nfs_page_clear_headlock(req); } -/* - * nfs_page_group_sync_on_bit_locked +/** + * nfs_page_group_sync_on_bit_locked - Test if all requests have @bit set + * @req: request in page group + * @bit: PG_* bit that is used to sync page group * * must be called with page group lock held */ -static bool -nfs_page_group_sync_on_bit_locked(struct nfs_page *req, unsigned int bit) +bool nfs_page_group_sync_on_bit_locked(struct nfs_page *req, unsigned int bit) { struct nfs_page *head = req->wb_head; struct nfs_page *tmp; diff --git a/fs/nfs/write.c b/fs/nfs/write.c index fa5c41d0989a..8b7c04737967 100644 --- a/fs/nfs/write.c +++ b/fs/nfs/write.c @@ -153,20 +153,10 @@ nfs_page_set_inode_ref(struct nfs_page *req, struct inode *inode) } } -static int -nfs_cancel_remove_inode(struct nfs_page *req, struct inode *inode) +static void nfs_cancel_remove_inode(struct nfs_page *req, struct inode *inode) { - int ret; - - if (!test_bit(PG_REMOVE, &req->wb_flags)) - return 0; - ret = nfs_page_group_lock(req); - if (ret) - return ret; if (test_and_clear_bit(PG_REMOVE, &req->wb_flags)) nfs_page_set_inode_ref(req, inode); - nfs_page_group_unlock(req); - return 0; } /** @@ -585,19 +575,18 @@ retry: } } + ret = nfs_page_group_lock(head); + if (ret < 0) + goto out_unlock; + /* Ensure that nobody removed the request before we locked it */ if (head != folio->private) { + nfs_page_group_unlock(head); nfs_unlock_and_release_request(head); goto retry; } - ret = nfs_cancel_remove_inode(head, inode); - if (ret < 0) - goto out_unlock; - - ret = nfs_page_group_lock(head); - if (ret < 0) - goto out_unlock; + nfs_cancel_remove_inode(head, inode); /* lock each request in the page group */ for (subreq = head->wb_this_page; @@ -786,7 +775,8 @@ static void nfs_inode_remove_request(struct nfs_page *req) { struct nfs_inode *nfsi = NFS_I(nfs_page_to_inode(req)); - if (nfs_page_group_sync_on_bit(req, PG_REMOVE)) { + nfs_page_group_lock(req); + if (nfs_page_group_sync_on_bit_locked(req, PG_REMOVE)) { struct folio *folio = nfs_page_to_folio(req->wb_head); struct address_space *mapping = folio->mapping; @@ -798,6 +788,7 @@ static void nfs_inode_remove_request(struct nfs_page *req) } spin_unlock(&mapping->i_private_lock); } + nfs_page_group_unlock(req); if (test_and_clear_bit(PG_INODE_REF, &req->wb_flags)) { atomic_long_dec(&nfsi->nrequests); diff --git a/include/linux/nfs_page.h b/include/linux/nfs_page.h index 169b4ae30ff4..9aed39abc94b 100644 --- a/include/linux/nfs_page.h +++ b/include/linux/nfs_page.h @@ -160,6 +160,7 @@ extern void nfs_join_page_group(struct nfs_page *head, extern int nfs_page_group_lock(struct nfs_page *); extern void nfs_page_group_unlock(struct nfs_page *); extern bool nfs_page_group_sync_on_bit(struct nfs_page *, unsigned int); +extern bool nfs_page_group_sync_on_bit_locked(struct nfs_page *, unsigned int); extern int nfs_page_set_headlock(struct nfs_page *req); extern void nfs_page_clear_headlock(struct nfs_page *req); extern bool nfs_async_iocounter_wait(struct rpc_task *, struct nfs_lock_context *);

2 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] scsi: mpi3mr: Serialize admin queue BAR writes on 32-bit" failed to apply to 6.16-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.16-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.16.y git checkout FETCH_HEAD git cherry-pick -x c91e140c82eb58724c435f623702e51cc7896646 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082104-chunk-scoring-a931@gregkh' --subject-prefix 'PATCH 6.16.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c91e140c82eb58724c435f623702e51cc7896646 Mon Sep 17 00:00:00 2001 From: Ranjan Kumar <ranjan.kumar(a)broadcom.com> Date: Sat, 28 Jun 2025 01:15:38 +0530 Subject: [PATCH] scsi: mpi3mr: Serialize admin queue BAR writes on 32-bit systems On 32-bit systems, 64-bit BAR writes to admin queue registers are performed as two 32-bit writes. Without locking, this can cause partial writes when accessed concurrently. Updated per-queue spinlocks is used to serialize these writes and prevent race conditions. Fixes: 824a156633df ("scsi: mpi3mr: Base driver code") Cc: stable(a)vger.kernel.org Signed-off-by: Ranjan Kumar <ranjan.kumar(a)broadcom.com> Link: https://lore.kernel.org/r/20250627194539.48851-4-ranjan.kumar@broadcom.com Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> diff --git a/drivers/scsi/mpi3mr/mpi3mr.h b/drivers/scsi/mpi3mr/mpi3mr.h index bf272dd69d23..f2201108ea91 100644 --- a/drivers/scsi/mpi3mr/mpi3mr.h +++ b/drivers/scsi/mpi3mr/mpi3mr.h @@ -1137,6 +1137,8 @@ struct scmd_priv { * @logdata_buf: Circular buffer to store log data entries * @logdata_buf_idx: Index of entry in buffer to store * @logdata_entry_sz: log data entry size + * @adm_req_q_bar_writeq_lock: Admin request queue lock + * @adm_reply_q_bar_writeq_lock: Admin reply queue lock * @pend_large_data_sz: Counter to track pending large data * @io_throttle_data_length: I/O size to track in 512b blocks * @io_throttle_high: I/O size to start throttle in 512b blocks @@ -1339,6 +1341,8 @@ struct mpi3mr_ioc { u8 *logdata_buf; u16 logdata_buf_idx; u16 logdata_entry_sz; + spinlock_t adm_req_q_bar_writeq_lock; + spinlock_t adm_reply_q_bar_writeq_lock; atomic_t pend_large_data_sz; u32 io_throttle_data_length; diff --git a/drivers/scsi/mpi3mr/mpi3mr_fw.c b/drivers/scsi/mpi3mr/mpi3mr_fw.c index 8976582946a2..0152d31d430a 100644 --- a/drivers/scsi/mpi3mr/mpi3mr_fw.c +++ b/drivers/scsi/mpi3mr/mpi3mr_fw.c @@ -23,17 +23,22 @@ module_param(poll_queues, int, 0444); MODULE_PARM_DESC(poll_queues, "Number of queues for io_uring poll mode. (Range 1 - 126)"); #if defined(writeq) && defined(CONFIG_64BIT) -static inline void mpi3mr_writeq(__u64 b, void __iomem *addr) +static inline void mpi3mr_writeq(__u64 b, void __iomem *addr, + spinlock_t *write_queue_lock) { writeq(b, addr); } #else -static inline void mpi3mr_writeq(__u64 b, void __iomem *addr) +static inline void mpi3mr_writeq(__u64 b, void __iomem *addr, + spinlock_t *write_queue_lock) { __u64 data_out = b; + unsigned long flags; + spin_lock_irqsave(write_queue_lock, flags); writel((u32)(data_out), addr); writel((u32)(data_out >> 32), (addr + 4)); + spin_unlock_irqrestore(write_queue_lock, flags); } #endif @@ -2954,9 +2959,11 @@ static int mpi3mr_setup_admin_qpair(struct mpi3mr_ioc *mrioc) (mrioc->num_admin_req); writel(num_admin_entries, &mrioc->sysif_regs->admin_queue_num_entries); mpi3mr_writeq(mrioc->admin_req_dma, - &mrioc->sysif_regs->admin_request_queue_address); + &mrioc->sysif_regs->admin_request_queue_address, + &mrioc->adm_req_q_bar_writeq_lock); mpi3mr_writeq(mrioc->admin_reply_dma, - &mrioc->sysif_regs->admin_reply_queue_address); + &mrioc->sysif_regs->admin_reply_queue_address, + &mrioc->adm_reply_q_bar_writeq_lock); writel(mrioc->admin_req_pi, &mrioc->sysif_regs->admin_request_queue_pi); writel(mrioc->admin_reply_ci, &mrioc->sysif_regs->admin_reply_queue_ci); return retval; diff --git a/drivers/scsi/mpi3mr/mpi3mr_os.c b/drivers/scsi/mpi3mr/mpi3mr_os.c index ce444efd859e..0d1c9bbb13b5 100644 --- a/drivers/scsi/mpi3mr/mpi3mr_os.c +++ b/drivers/scsi/mpi3mr/mpi3mr_os.c @@ -5365,6 +5365,8 @@ mpi3mr_probe(struct pci_dev *pdev, const struct pci_device_id *id) spin_lock_init(&mrioc->tgtdev_lock); spin_lock_init(&mrioc->watchdog_lock); spin_lock_init(&mrioc->chain_buf_lock); + spin_lock_init(&mrioc->adm_req_q_bar_writeq_lock); + spin_lock_init(&mrioc->adm_reply_q_bar_writeq_lock); spin_lock_init(&mrioc->sas_node_lock); spin_lock_init(&mrioc->trigger_lock);

2 months, 3 weeks

2
2
0 0

FAILED: patch "[PATCH] mptcp: disable add_addr retransmission when timeout is 0" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x f5ce0714623cffd00bf2a83e890d09c609b7f50a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082243-enjoying-banknote-8250@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f5ce0714623cffd00bf2a83e890d09c609b7f50a Mon Sep 17 00:00:00 2001 From: Geliang Tang <geliang(a)kernel.org> Date: Fri, 15 Aug 2025 19:28:23 +0200 Subject: [PATCH] mptcp: disable add_addr retransmission when timeout is 0 When add_addr_timeout was set to 0, this caused the ADD_ADDR to be retransmitted immediately, which looks like a buggy behaviour. Instead, interpret 0 as "no retransmissions needed". The documentation is updated to explicitly state that setting the timeout to 0 disables retransmission. Fixes: 93f323b9cccc ("mptcp: add a new sysctl add_addr_timeout") Cc: stable(a)vger.kernel.org Suggested-by: Matthieu Baerts <matttbe(a)kernel.org> Signed-off-by: Geliang Tang <tanggeliang(a)kylinos.cn> Reviewed-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Link: https://patch.msgid.link/20250815-net-mptcp-misc-fixes-6-17-rc2-v1-5-521fe9… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/Documentation/networking/mptcp-sysctl.rst b/Documentation/networking/mptcp-sysctl.rst index 5bfab01eff5a..1683c139821e 100644 --- a/Documentation/networking/mptcp-sysctl.rst +++ b/Documentation/networking/mptcp-sysctl.rst @@ -12,6 +12,8 @@ add_addr_timeout - INTEGER (seconds) resent to an MPTCP peer that has not acknowledged a previous ADD_ADDR message. + Do not retransmit if set to 0. + The default value matches TCP_RTO_MAX. This is a per-namespace sysctl. diff --git a/net/mptcp/pm.c b/net/mptcp/pm.c index c5f6a53ce5f1..136a380602ca 100644 --- a/net/mptcp/pm.c +++ b/net/mptcp/pm.c @@ -274,6 +274,7 @@ static void mptcp_pm_add_timer(struct timer_list *timer) add_timer); struct mptcp_sock *msk = entry->sock; struct sock *sk = (struct sock *)msk; + unsigned int timeout; pr_debug("msk=%p\n", msk); @@ -291,6 +292,10 @@ static void mptcp_pm_add_timer(struct timer_list *timer) goto out; } + timeout = mptcp_get_add_addr_timeout(sock_net(sk)); + if (!timeout) + goto out; + spin_lock_bh(&msk->pm.lock); if (!mptcp_pm_should_add_signal_addr(msk)) { @@ -302,7 +307,7 @@ static void mptcp_pm_add_timer(struct timer_list *timer) if (entry->retrans_times < ADD_ADDR_RETRANS_MAX) sk_reset_timer(sk, timer, - jiffies + mptcp_get_add_addr_timeout(sock_net(sk))); + jiffies + timeout); spin_unlock_bh(&msk->pm.lock); @@ -344,6 +349,7 @@ bool mptcp_pm_alloc_anno_list(struct mptcp_sock *msk, struct mptcp_pm_add_entry *add_entry = NULL; struct sock *sk = (struct sock *)msk; struct net *net = sock_net(sk); + unsigned int timeout; lockdep_assert_held(&msk->pm.lock); @@ -368,8 +374,9 @@ bool mptcp_pm_alloc_anno_list(struct mptcp_sock *msk, timer_setup(&add_entry->add_timer, mptcp_pm_add_timer, 0); reset_timer: - sk_reset_timer(sk, &add_entry->add_timer, - jiffies + mptcp_get_add_addr_timeout(net)); + timeout = mptcp_get_add_addr_timeout(net); + if (timeout) + sk_reset_timer(sk, &add_entry->add_timer, jiffies + timeout); return true; }

2 months, 3 weeks

2
1
0 0

[STABLE] [PATCH] KVM: arm64: Fix kernel BUG() due to bad backport of FPSIMD/SVE/SME fix

by Will Deacon

Upstream commit fbc7e61195e2 ("KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state") relies on interrupts being disabled during fpsimd_save_and_flush_cpu_state() so that a softirq cannot be taken while the host floating point context is being saved and potentially try to use kernel-mode NEON. Unfortunately, stable kernels without 9b19700e623f ("arm64: fpsimd: Drop unneeded 'busy' flag") leave interrupts enabled in fpsimd_save_and_flush_cpu_state() and so the BUG_ON(!may_use_simd()) in kernel_neon_begin() has been observed to trigger in real-world usage: | kernel BUG at arch/arm64/kernel/fpsimd.c:1904! | Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP | | Call trace: | kernel_neon_begin+0xdc/0x12c | ... | crypto_aead_decrypt+0x5c/0x6c | seqiv_aead_decrypt+0x88/0x9c | crypto_aead_decrypt+0x5c/0x6c | esp_input+0x280/0x364 | xfrm_input+0x6ac/0x16f8 | ... | net_rx_action+0x13c/0x31c | handle_softirqs+0x124/0x3d0 | __do_softirq+0x14/0x20 | ____do_softirq+0x10/0x20 | call_on_irq_stack+0x3c/0x74 | do_softirq_own_stack+0x1c/0x2c | __irq_exit_rcu+0x54/0xb4 | irq_exit_rcu+0x10/0x1c | el1_interrupt+0x38/0x58 | el1h_64_irq_handler+0x18/0x24 | el1h_64_irq+0x68/0x6c | fpsimd_save+0xe4/0x130 | kvm_arch_vcpu_load_fp+0x2c/0x58 | kvm_arch_vcpu_load+0x88/0x26c | kvm_sched_in+0x2c/0x3c Given that 9b19700e623f ("arm64: fpsimd: Drop unneeded 'busy' flag") is not a fix in its own right, has non-trivial dependencies and is a reasonably invasive change to the in-kernel use of fpsimd, opt instead for a simple fix to use the softirq-safe {get,put}_cpu_fpsimd_context() helpers in fpsimd_save_and_flush_cpu_state(). Cc: Ard Biesheuvel <ardb(a)kernel.org> Cc: Lee Jones <lee(a)kernel.org> Cc: Sasha Levin <sashal(a)kernel.org> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: Mark Rutland <mark.rutland(a)arm.com> Cc: Fuad Tabba <tabba(a)google.com> Cc: Marc Zyngier <maz(a)kernel.org> Cc: <stable(a)vger.kernel.org> # 5.15.y, 6.1.y and 6.6.y Fixes: 806d5c1e1d2e ("KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state") # 6.6.y Fixes: 04c50cc23a49 ("KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state") # 6.1.y Fixes: 5289ac43b69c ("KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state") # 5.15.y Signed-off-by: Will Deacon <will(a)kernel.org> --- arch/arm64/kernel/fpsimd.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/arm64/kernel/fpsimd.c b/arch/arm64/kernel/fpsimd.c index a1e0cc5353fb..d0d836448a76 100644 --- a/arch/arm64/kernel/fpsimd.c +++ b/arch/arm64/kernel/fpsimd.c @@ -1876,10 +1876,10 @@ void fpsimd_save_and_flush_cpu_state(void) if (!system_supports_fpsimd()) return; WARN_ON(preemptible()); - __get_cpu_fpsimd_context(); + get_cpu_fpsimd_context(); fpsimd_save(); fpsimd_flush_cpu_state(); - __put_cpu_fpsimd_context(); + put_cpu_fpsimd_context(); } #ifdef CONFIG_KERNEL_MODE_NEON -- 2.51.0.rc2.233.g662b1ed5c5-goog

2 months, 3 weeks

2
1
0 0

FAILED: patch "[PATCH] mptcp: remove duplicate sk_reset_timer call" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 5d13349472ac8abcbcb94407969aa0fdc2e1f1be # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082230-dupe-going-e673@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 5d13349472ac8abcbcb94407969aa0fdc2e1f1be Mon Sep 17 00:00:00 2001 From: Geliang Tang <geliang(a)kernel.org> Date: Fri, 15 Aug 2025 19:28:22 +0200 Subject: [PATCH] mptcp: remove duplicate sk_reset_timer call sk_reset_timer() was called twice in mptcp_pm_alloc_anno_list. Simplify the code by using a 'goto' statement to eliminate the duplication. Note that this is not a fix, but it will help backporting the following patch. The same "Fixes" tag has been added for this reason. Fixes: 93f323b9cccc ("mptcp: add a new sysctl add_addr_timeout") Cc: stable(a)vger.kernel.org Signed-off-by: Geliang Tang <tanggeliang(a)kylinos.cn> Reviewed-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Link: https://patch.msgid.link/20250815-net-mptcp-misc-fixes-6-17-rc2-v1-4-521fe9… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/net/mptcp/pm.c b/net/mptcp/pm.c index 420d416e2603..c5f6a53ce5f1 100644 --- a/net/mptcp/pm.c +++ b/net/mptcp/pm.c @@ -353,9 +353,7 @@ bool mptcp_pm_alloc_anno_list(struct mptcp_sock *msk, if (WARN_ON_ONCE(mptcp_pm_is_kernel(msk))) return false; - sk_reset_timer(sk, &add_entry->add_timer, - jiffies + mptcp_get_add_addr_timeout(net)); - return true; + goto reset_timer; } add_entry = kmalloc(sizeof(*add_entry), GFP_ATOMIC); @@ -369,6 +367,7 @@ bool mptcp_pm_alloc_anno_list(struct mptcp_sock *msk, add_entry->retrans_times = 0; timer_setup(&add_entry->add_timer, mptcp_pm_add_timer, 0); +reset_timer: sk_reset_timer(sk, &add_entry->add_timer, jiffies + mptcp_get_add_addr_timeout(net));

2 months, 3 weeks

3
2
0 0

FAILED: patch "[PATCH] ext4: preserve SB_I_VERSION on remount" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x f2326fd14a224e4cccbab89e14c52279ff79b7ec # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082138-barracuda-engorge-cf38@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f2326fd14a224e4cccbab89e14c52279ff79b7ec Mon Sep 17 00:00:00 2001 From: Baokun Li <libaokun1(a)huawei.com> Date: Thu, 3 Jul 2025 15:39:03 +0800 Subject: [PATCH] ext4: preserve SB_I_VERSION on remount IMA testing revealed that after an ext4 remount, file accesses triggered full measurements even without modifications, instead of skipping as expected when i_version is unchanged. Debugging showed `SB_I_VERSION` was cleared in reconfigure_super() during remount due to commit 1ff20307393e ("ext4: unconditionally enable the i_version counter") removing the fix from commit 960e0ab63b2e ("ext4: fix i_version handling on remount"). To rectify this, `SB_I_VERSION` is always set for `fc->sb_flags` in ext4_init_fs_context(), instead of `sb->s_flags` in __ext4_fill_super(), ensuring it persists across all mounts. Cc: stable(a)kernel.org Fixes: 1ff20307393e ("ext4: unconditionally enable the i_version counter") Signed-off-by: Baokun Li <libaokun1(a)huawei.com> Reviewed-by: Jan Kara <jack(a)suse.cz> Link: https://patch.msgid.link/20250703073903.6952-2-libaokun@huaweicloud.com Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> diff --git a/fs/ext4/super.c b/fs/ext4/super.c index 9203518786e4..ed1b36bd51c8 100644 --- a/fs/ext4/super.c +++ b/fs/ext4/super.c @@ -1998,6 +1998,9 @@ int ext4_init_fs_context(struct fs_context *fc) fc->fs_private = ctx; fc->ops = &ext4_context_ops; + /* i_version is always enabled now */ + fc->sb_flags |= SB_I_VERSION; + return 0; } @@ -5316,9 +5319,6 @@ static int __ext4_fill_super(struct fs_context *fc, struct super_block *sb) sb->s_flags = (sb->s_flags & ~SB_POSIXACL) | (test_opt(sb, POSIX_ACL) ? SB_POSIXACL : 0); - /* i_version is always enabled now */ - sb->s_flags |= SB_I_VERSION; - /* HSM events are allowed by default. */ sb->s_iflags |= SB_I_ALLOW_HSM;

2 months, 3 weeks

2
1
0 0

[PATCH v2] serial: stm32: allow selecting console when the driver is module

by Raphael Gallais-Pou

Console can be enabled on the UART compile as module. Change dependency to allow console mode when the driver is built as module. Fixes: 48a6092fb41fa ("serial: stm32-usart: Add STM32 USART Driver") Cc: stable(a)vger.kernel.org Signed-off-by: Raphael Gallais-Pou <raphael.gallais-pou(a)foss.st.com> --- Changes in v2: - Cced stable tree --- drivers/tty/serial/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/tty/serial/Kconfig b/drivers/tty/serial/Kconfig index e661f5951f558..1e27a822c1cba 100644 --- a/drivers/tty/serial/Kconfig +++ b/drivers/tty/serial/Kconfig @@ -1420,7 +1420,7 @@ config SERIAL_STM32 config SERIAL_STM32_CONSOLE bool "Support for console on STM32" - depends on SERIAL_STM32=y + depends on SERIAL_STM32 select SERIAL_CORE_CONSOLE select SERIAL_EARLYCON -- 2.25.1

2 months, 3 weeks

1
0
0 0

[PATCH 5.15.y 0/2] mptcp: fix recent failed backports (20250822)

by Matthieu Baerts (NGI0)

Greg recently reported the following patches could not be applied without conflicts in this tree: - f5ce0714623c ("mptcp: disable add_addr retransmission when timeout is 0") - 452690be7de2 ("selftests: mptcp: pm: check flush doesn't reset limits") Conflicts have been resolved, and documented in each patch. Geliang Tang (1): mptcp: disable add_addr retransmission when timeout is 0 Matthieu Baerts (NGI0) (1): selftests: mptcp: pm: check flush doesn't reset limits Documentation/networking/mptcp-sysctl.rst | 2 ++ net/mptcp/pm_netlink.c | 13 ++++++++++--- tools/testing/selftests/net/mptcp/pm_netlink.sh | 1 + 3 files changed, 13 insertions(+), 3 deletions(-) -- 2.50.0

2 months, 3 weeks

1
2
0 0

FAILED: patch "[PATCH] arm64: dts: ti: k3-am62*: Move eMMC pinmux to top level board" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x a0b8da04153eb61cc2eaeeea5cc404e91e557f6b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082104-undermost-dispute-929c@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a0b8da04153eb61cc2eaeeea5cc404e91e557f6b Mon Sep 17 00:00:00 2001 From: Judith Mendez <jm(a)ti.com> Date: Mon, 7 Jul 2025 14:08:30 -0500 Subject: [PATCH] arm64: dts: ti: k3-am62*: Move eMMC pinmux to top level board file This moves pinmux child nodes for sdhci0 node from k3-am62x-sk-common to each top level board file. This is needed since we require internal pullups for AM62x SK and not for AM62 LP SK since it has external pullups on DATA 1-7. Internal pulls are required for AM62 SK as per JESD84 spec recommendation to prevent unconnected lines floating. Fixes: d19a66ae488a ("arm64: dts: ti: k3-am625-sk: Enable on board peripherals") Cc: stable(a)vger.kernel.org Signed-off-by: Judith Mendez <jm(a)ti.com> Link: https://lore.kernel.org/r/20250707190830.3951619-1-jm@ti.com Signed-off-by: Vignesh Raghavendra <vigneshr(a)ti.com> diff --git a/arch/arm64/boot/dts/ti/k3-am62-lp-sk.dts b/arch/arm64/boot/dts/ti/k3-am62-lp-sk.dts index aafdb90c0eb7..4609f366006e 100644 --- a/arch/arm64/boot/dts/ti/k3-am62-lp-sk.dts +++ b/arch/arm64/boot/dts/ti/k3-am62-lp-sk.dts @@ -74,6 +74,22 @@ vddshv_sdio: regulator-4 { }; &main_pmx0 { + main_mmc0_pins_default: main-mmc0-default-pins { + bootph-all; + pinctrl-single,pins = < + AM62X_IOPAD(0x220, PIN_INPUT, 0) /* (V3) MMC0_CMD */ + AM62X_IOPAD(0x218, PIN_INPUT, 0) /* (Y1) MMC0_CLK */ + AM62X_IOPAD(0x214, PIN_INPUT, 0) /* (V2) MMC0_DAT0 */ + AM62X_IOPAD(0x210, PIN_INPUT, 0) /* (V1) MMC0_DAT1 */ + AM62X_IOPAD(0x20c, PIN_INPUT, 0) /* (W2) MMC0_DAT2 */ + AM62X_IOPAD(0x208, PIN_INPUT, 0) /* (W1) MMC0_DAT3 */ + AM62X_IOPAD(0x204, PIN_INPUT, 0) /* (Y2) MMC0_DAT4 */ + AM62X_IOPAD(0x200, PIN_INPUT, 0) /* (W3) MMC0_DAT5 */ + AM62X_IOPAD(0x1fc, PIN_INPUT, 0) /* (W4) MMC0_DAT6 */ + AM62X_IOPAD(0x1f8, PIN_INPUT, 0) /* (V4) MMC0_DAT7 */ + >; + }; + vddshv_sdio_pins_default: vddshv-sdio-default-pins { pinctrl-single,pins = < AM62X_IOPAD(0x07c, PIN_OUTPUT, 7) /* (M19) GPMC0_CLK.GPIO0_31 */ @@ -144,6 +160,14 @@ exp2: gpio@23 { }; }; +&sdhci0 { + bootph-all; + non-removable; + pinctrl-names = "default"; + pinctrl-0 = <&main_mmc0_pins_default>; + status = "okay"; +}; + &sdhci1 { vmmc-supply = <&vdd_mmc1>; vqmmc-supply = <&vddshv_sdio>; diff --git a/arch/arm64/boot/dts/ti/k3-am625-sk.dts b/arch/arm64/boot/dts/ti/k3-am625-sk.dts index 2fbfa3719345..d240165bda9c 100644 --- a/arch/arm64/boot/dts/ti/k3-am625-sk.dts +++ b/arch/arm64/boot/dts/ti/k3-am625-sk.dts @@ -106,6 +106,22 @@ vcc_1v8: regulator-5 { }; &main_pmx0 { + main_mmc0_pins_default: main-mmc0-default-pins { + bootph-all; + pinctrl-single,pins = < + AM62X_IOPAD(0x220, PIN_INPUT, 0) /* (Y3) MMC0_CMD */ + AM62X_IOPAD(0x218, PIN_INPUT, 0) /* (AB1) MMC0_CLK */ + AM62X_IOPAD(0x214, PIN_INPUT, 0) /* (AA2) MMC0_DAT0 */ + AM62X_IOPAD(0x210, PIN_INPUT_PULLUP, 0) /* (AA1) MMC0_DAT1 */ + AM62X_IOPAD(0x20c, PIN_INPUT_PULLUP, 0) /* (AA3) MMC0_DAT2 */ + AM62X_IOPAD(0x208, PIN_INPUT_PULLUP, 0) /* (Y4) MMC0_DAT3 */ + AM62X_IOPAD(0x204, PIN_INPUT_PULLUP, 0) /* (AB2) MMC0_DAT4 */ + AM62X_IOPAD(0x200, PIN_INPUT_PULLUP, 0) /* (AC1) MMC0_DAT5 */ + AM62X_IOPAD(0x1fc, PIN_INPUT_PULLUP, 0) /* (AD2) MMC0_DAT6 */ + AM62X_IOPAD(0x1f8, PIN_INPUT_PULLUP, 0) /* (AC2) MMC0_DAT7 */ + >; + }; + main_rgmii2_pins_default: main-rgmii2-default-pins { bootph-all; pinctrl-single,pins = < @@ -195,6 +211,14 @@ exp1: gpio@22 { }; }; +&sdhci0 { + bootph-all; + non-removable; + pinctrl-names = "default"; + pinctrl-0 = <&main_mmc0_pins_default>; + status = "okay"; +}; + &sdhci1 { vmmc-supply = <&vdd_mmc1>; vqmmc-supply = <&vdd_sd_dv>; diff --git a/arch/arm64/boot/dts/ti/k3-am62x-sk-common.dtsi b/arch/arm64/boot/dts/ti/k3-am62x-sk-common.dtsi index ee8337bfbbfd..13e1d36123d5 100644 --- a/arch/arm64/boot/dts/ti/k3-am62x-sk-common.dtsi +++ b/arch/arm64/boot/dts/ti/k3-am62x-sk-common.dtsi @@ -203,22 +203,6 @@ AM62X_IOPAD(0x0b4, PIN_INPUT_PULLUP, 1) /* (K24/H19) GPMC0_CSn3.I2C2_SDA */ >; }; - main_mmc0_pins_default: main-mmc0-default-pins { - bootph-all; - pinctrl-single,pins = < - AM62X_IOPAD(0x220, PIN_INPUT, 0) /* (Y3/V3) MMC0_CMD */ - AM62X_IOPAD(0x218, PIN_INPUT, 0) /* (AB1/Y1) MMC0_CLK */ - AM62X_IOPAD(0x214, PIN_INPUT, 0) /* (AA2/V2) MMC0_DAT0 */ - AM62X_IOPAD(0x210, PIN_INPUT, 0) /* (AA1/V1) MMC0_DAT1 */ - AM62X_IOPAD(0x20c, PIN_INPUT, 0) /* (AA3/W2) MMC0_DAT2 */ - AM62X_IOPAD(0x208, PIN_INPUT, 0) /* (Y4/W1) MMC0_DAT3 */ - AM62X_IOPAD(0x204, PIN_INPUT, 0) /* (AB2/Y2) MMC0_DAT4 */ - AM62X_IOPAD(0x200, PIN_INPUT, 0) /* (AC1/W3) MMC0_DAT5 */ - AM62X_IOPAD(0x1fc, PIN_INPUT, 0) /* (AD2/W4) MMC0_DAT6 */ - AM62X_IOPAD(0x1f8, PIN_INPUT, 0) /* (AC2/V4) MMC0_DAT7 */ - >; - }; - main_mmc1_pins_default: main-mmc1-default-pins { bootph-all; pinctrl-single,pins = < @@ -457,14 +441,6 @@ &main_i2c2 { clock-frequency = <400000>; }; -&sdhci0 { - bootph-all; - status = "okay"; - non-removable; - pinctrl-names = "default"; - pinctrl-0 = <&main_mmc0_pins_default>; -}; - &sdhci1 { /* SD/MMC */ bootph-all;

2 months, 3 weeks

2
4
0 0

FAILED: patch "[PATCH] ext4: preserve SB_I_VERSION on remount" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x f2326fd14a224e4cccbab89e14c52279ff79b7ec # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082138-qualm-causation-5828@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f2326fd14a224e4cccbab89e14c52279ff79b7ec Mon Sep 17 00:00:00 2001 From: Baokun Li <libaokun1(a)huawei.com> Date: Thu, 3 Jul 2025 15:39:03 +0800 Subject: [PATCH] ext4: preserve SB_I_VERSION on remount IMA testing revealed that after an ext4 remount, file accesses triggered full measurements even without modifications, instead of skipping as expected when i_version is unchanged. Debugging showed `SB_I_VERSION` was cleared in reconfigure_super() during remount due to commit 1ff20307393e ("ext4: unconditionally enable the i_version counter") removing the fix from commit 960e0ab63b2e ("ext4: fix i_version handling on remount"). To rectify this, `SB_I_VERSION` is always set for `fc->sb_flags` in ext4_init_fs_context(), instead of `sb->s_flags` in __ext4_fill_super(), ensuring it persists across all mounts. Cc: stable(a)kernel.org Fixes: 1ff20307393e ("ext4: unconditionally enable the i_version counter") Signed-off-by: Baokun Li <libaokun1(a)huawei.com> Reviewed-by: Jan Kara <jack(a)suse.cz> Link: https://patch.msgid.link/20250703073903.6952-2-libaokun@huaweicloud.com Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> diff --git a/fs/ext4/super.c b/fs/ext4/super.c index 9203518786e4..ed1b36bd51c8 100644 --- a/fs/ext4/super.c +++ b/fs/ext4/super.c @@ -1998,6 +1998,9 @@ int ext4_init_fs_context(struct fs_context *fc) fc->fs_private = ctx; fc->ops = &ext4_context_ops; + /* i_version is always enabled now */ + fc->sb_flags |= SB_I_VERSION; + return 0; } @@ -5316,9 +5319,6 @@ static int __ext4_fill_super(struct fs_context *fc, struct super_block *sb) sb->s_flags = (sb->s_flags & ~SB_POSIXACL) | (test_opt(sb, POSIX_ACL) ? SB_POSIXACL : 0); - /* i_version is always enabled now */ - sb->s_flags |= SB_I_VERSION; - /* HSM events are allowed by default. */ sb->s_iflags |= SB_I_ALLOW_HSM;

2 months, 3 weeks

2
1
0 0

[PATCH 6.6.y 0/3] mptcp: fix recent failed backports (20250822)

by Matthieu Baerts (NGI0)

Greg recently reported the following patches could not be applied without conflicts in this tree: - 5d13349472ac ("mptcp: remove duplicate sk_reset_timer call") - f5ce0714623c ("mptcp: disable add_addr retransmission when timeout is 0") - 452690be7de2 ("selftests: mptcp: pm: check flush doesn't reset limits") Conflicts have been resolved, and documented in each patch. Geliang Tang (2): mptcp: remove duplicate sk_reset_timer call mptcp: disable add_addr retransmission when timeout is 0 Matthieu Baerts (NGI0) (1): selftests: mptcp: pm: check flush doesn't reset limits Documentation/networking/mptcp-sysctl.rst | 2 ++ net/mptcp/pm_netlink.c | 18 ++++++++++++------ .../testing/selftests/net/mptcp/pm_netlink.sh | 1 + 3 files changed, 15 insertions(+), 6 deletions(-) -- 2.50.0

2 months, 3 weeks

1
3
0 0

FAILED: patch "[PATCH] arm64: dts: ti: k3-am62-main: Remove eMMC High Speed DDR" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 265f70af805f33a0dfc90f50cc0f116f702c3811 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082119-deafness-faster-0127@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 265f70af805f33a0dfc90f50cc0f116f702c3811 Mon Sep 17 00:00:00 2001 From: Judith Mendez <jm(a)ti.com> Date: Mon, 7 Jul 2025 14:12:50 -0500 Subject: [PATCH] arm64: dts: ti: k3-am62-main: Remove eMMC High Speed DDR support For eMMC, High Speed DDR mode is not supported [0], so remove mmc-ddr-1_8v flag which adds the capability. [0] https://www.ti.com/lit/gpn/am625 Fixes: c37c58fdeb8a ("arm64: dts: ti: k3-am62: Add more peripheral nodes") Cc: stable(a)vger.kernel.org Signed-off-by: Judith Mendez <jm(a)ti.com> Link: https://lore.kernel.org/r/20250707191250.3953990-1-jm@ti.com Signed-off-by: Vignesh Raghavendra <vigneshr(a)ti.com> diff --git a/arch/arm64/boot/dts/ti/k3-am62-main.dtsi b/arch/arm64/boot/dts/ti/k3-am62-main.dtsi index 9e0b6eee9ac7..120ba8f9dd0e 100644 --- a/arch/arm64/boot/dts/ti/k3-am62-main.dtsi +++ b/arch/arm64/boot/dts/ti/k3-am62-main.dtsi @@ -553,7 +553,6 @@ sdhci0: mmc@fa10000 { clocks = <&k3_clks 57 5>, <&k3_clks 57 6>; clock-names = "clk_ahb", "clk_xin"; bus-width = <8>; - mmc-ddr-1_8v; mmc-hs200-1_8v; ti,clkbuf-sel = <0x7>; ti,otap-del-sel-legacy = <0x0>;

2 months, 3 weeks

2
1
0 0

[PATCH 6.12.y 0/2] mptcp: fix recent failed backports (20250822)

by Matthieu Baerts (NGI0)

Greg recently reported the following patches could not be applied without conflicts in this tree: - 5d13349472ac ("mptcp: remove duplicate sk_reset_timer call") - f5ce0714623c ("mptcp: disable add_addr retransmission when timeout is 0") Conflicts have been resolved, and documented in each patch. Geliang Tang (2): mptcp: remove duplicate sk_reset_timer call mptcp: disable add_addr retransmission when timeout is 0 Documentation/networking/mptcp-sysctl.rst | 2 ++ net/mptcp/pm_netlink.c | 18 ++++++++++++------ 2 files changed, 14 insertions(+), 6 deletions(-) -- 2.50.0

2 months, 3 weeks

1
2
0 0

FAILED: patch "[PATCH] mptcp: remove duplicate sk_reset_timer call" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 5d13349472ac8abcbcb94407969aa0fdc2e1f1be # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082231-attempt-trickily-0b68@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 5d13349472ac8abcbcb94407969aa0fdc2e1f1be Mon Sep 17 00:00:00 2001 From: Geliang Tang <geliang(a)kernel.org> Date: Fri, 15 Aug 2025 19:28:22 +0200 Subject: [PATCH] mptcp: remove duplicate sk_reset_timer call sk_reset_timer() was called twice in mptcp_pm_alloc_anno_list. Simplify the code by using a 'goto' statement to eliminate the duplication. Note that this is not a fix, but it will help backporting the following patch. The same "Fixes" tag has been added for this reason. Fixes: 93f323b9cccc ("mptcp: add a new sysctl add_addr_timeout") Cc: stable(a)vger.kernel.org Signed-off-by: Geliang Tang <tanggeliang(a)kylinos.cn> Reviewed-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Link: https://patch.msgid.link/20250815-net-mptcp-misc-fixes-6-17-rc2-v1-4-521fe9… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/net/mptcp/pm.c b/net/mptcp/pm.c index 420d416e2603..c5f6a53ce5f1 100644 --- a/net/mptcp/pm.c +++ b/net/mptcp/pm.c @@ -353,9 +353,7 @@ bool mptcp_pm_alloc_anno_list(struct mptcp_sock *msk, if (WARN_ON_ONCE(mptcp_pm_is_kernel(msk))) return false; - sk_reset_timer(sk, &add_entry->add_timer, - jiffies + mptcp_get_add_addr_timeout(net)); - return true; + goto reset_timer; } add_entry = kmalloc(sizeof(*add_entry), GFP_ATOMIC); @@ -369,6 +367,7 @@ bool mptcp_pm_alloc_anno_list(struct mptcp_sock *msk, add_entry->retrans_times = 0; timer_setup(&add_entry->add_timer, mptcp_pm_add_timer, 0); +reset_timer: sk_reset_timer(sk, &add_entry->add_timer, jiffies + mptcp_get_add_addr_timeout(net));

2 months, 3 weeks

2
1
0 0

FAILED: patch "[PATCH] btrfs: subpage: keep TOWRITE tag until folio is cleaned" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x b1511360c8ac882b0c52caa263620538e8d73220 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082102-scoff-lasso-16ce@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b1511360c8ac882b0c52caa263620538e8d73220 Mon Sep 17 00:00:00 2001 From: Naohiro Aota <naohiro.aota(a)wdc.com> Date: Thu, 31 Jul 2025 12:46:56 +0900 Subject: [PATCH] btrfs: subpage: keep TOWRITE tag until folio is cleaned btrfs_subpage_set_writeback() calls folio_start_writeback() the first time a folio is written back, and it also clears the PAGECACHE_TAG_TOWRITE tag even if there are still dirty blocks in the folio. This can break ordering guarantees, such as those required by btrfs_wait_ordered_extents(). That ordering breakage leads to a real failure. For example, running generic/464 on a zoned setup will hit the following ASSERT. This happens because the broken ordering fails to flush existing dirty pages before the file size is truncated. assertion failed: !list_empty(&ordered->list) :: 0, in fs/btrfs/zoned.c:1899 ------------[ cut here ]------------ kernel BUG at fs/btrfs/zoned.c:1899! Oops: invalid opcode: 0000 [#1] SMP NOPTI CPU: 2 UID: 0 PID: 1906169 Comm: kworker/u130:2 Kdump: loaded Not tainted 6.16.0-rc6-BTRFS-ZNS+ #554 PREEMPT(voluntary) Hardware name: Supermicro Super Server/H12SSL-NT, BIOS 2.0 02/22/2021 Workqueue: btrfs-endio-write btrfs_work_helper [btrfs] RIP: 0010:btrfs_finish_ordered_zoned.cold+0x50/0x52 [btrfs] RSP: 0018:ffffc9002efdbd60 EFLAGS: 00010246 RAX: 000000000000004c RBX: ffff88811923c4e0 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffff827e38b1 RDI: 00000000ffffffff RBP: ffff88810005d000 R08: 00000000ffffdfff R09: ffffffff831051c8 R10: ffffffff83055220 R11: 0000000000000000 R12: ffff8881c2458c00 R13: ffff88811923c540 R14: ffff88811923c5e8 R15: ffff8881c1bd9680 FS: 0000000000000000(0000) GS:ffff88a04acd0000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f907c7a918c CR3: 0000000004024000 CR4: 0000000000350ef0 Call Trace: <TASK> ? srso_return_thunk+0x5/0x5f btrfs_finish_ordered_io+0x4a/0x60 [btrfs] btrfs_work_helper+0xf9/0x490 [btrfs] process_one_work+0x204/0x590 ? srso_return_thunk+0x5/0x5f worker_thread+0x1d6/0x3d0 ? __pfx_worker_thread+0x10/0x10 kthread+0x118/0x230 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x205/0x260 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30 </TASK> Consider process A calling writepages() with WB_SYNC_NONE. In zoned mode or for compressed writes, it locks several folios for delalloc and starts writing them out. Let's call the last locked folio folio X. Suppose the write range only partially covers folio X, leaving some pages dirty. Process A calls btrfs_subpage_set_writeback() when building a bio. This function call clears the TOWRITE tag of folio X, whose size = 8K and the block size = 4K. It is following state. 0 4K 8K |/////|/////| (flag: DIRTY, tag: DIRTY) <-----> Process A will write this range. Now suppose process B concurrently calls writepages() with WB_SYNC_ALL. It calls tag_pages_for_writeback() to tag dirty folios with PAGECACHE_TAG_TOWRITE. Since folio X is still dirty, it gets tagged. Then, B collects tagged folios using filemap_get_folios_tag() and must wait for folio X to be written before returning from writepages(). 0 4K 8K |/////|/////| (flag: DIRTY, tag: DIRTY|TOWRITE) However, between tagging and collecting, process A may call btrfs_subpage_set_writeback() and clear folio X's TOWRITE tag. 0 4K 8K | |/////| (flag: DIRTY|WRITEBACK, tag: DIRTY) As a result, process B won't see folio X in its batch, and returns without waiting for it. This breaks the WB_SYNC_ALL ordering requirement. Fix this by using btrfs_subpage_set_writeback_keepwrite(), which retains the TOWRITE tag. We now manually clear the tag only after the folio becomes clean, via the xas operation. Fixes: 3470da3b7d87 ("btrfs: subpage: introduce helpers for writeback status") CC: stable(a)vger.kernel.org # 6.12+ Reviewed-by: Qu Wenruo <wqu(a)suse.com> Reviewed-by: Johannes Thumshirn <johannes.thumshirn(a)wdc.com> Signed-off-by: Naohiro Aota <naohiro.aota(a)wdc.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/subpage.c b/fs/btrfs/subpage.c index c9b3821957f7..cb4f97833dc3 100644 --- a/fs/btrfs/subpage.c +++ b/fs/btrfs/subpage.c @@ -448,8 +448,25 @@ void btrfs_subpage_set_writeback(const struct btrfs_fs_info *fs_info, spin_lock_irqsave(&bfs->lock, flags); bitmap_set(bfs->bitmaps, start_bit, len >> fs_info->sectorsize_bits); + + /* + * Don't clear the TOWRITE tag when starting writeback on a still-dirty + * folio. Doing so can cause WB_SYNC_ALL writepages() to overlook it, + * assume writeback is complete, and exit too early — violating sync + * ordering guarantees. + */ if (!folio_test_writeback(folio)) - folio_start_writeback(folio); + __folio_start_writeback(folio, true); + if (!folio_test_dirty(folio)) { + struct address_space *mapping = folio_mapping(folio); + XA_STATE(xas, &mapping->i_pages, folio->index); + unsigned long flags; + + xas_lock_irqsave(&xas, flags); + xas_load(&xas); + xas_clear_mark(&xas, PAGECACHE_TAG_TOWRITE); + xas_unlock_irqrestore(&xas, flags); + } spin_unlock_irqrestore(&bfs->lock, flags); }

2 months, 3 weeks

2
1
0 0

FAILED: patch "[PATCH] arm64: dts: ti: k3-am62-main: Remove eMMC High Speed DDR" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 265f70af805f33a0dfc90f50cc0f116f702c3811 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082118-blend-penniless-0629@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 265f70af805f33a0dfc90f50cc0f116f702c3811 Mon Sep 17 00:00:00 2001 From: Judith Mendez <jm(a)ti.com> Date: Mon, 7 Jul 2025 14:12:50 -0500 Subject: [PATCH] arm64: dts: ti: k3-am62-main: Remove eMMC High Speed DDR support For eMMC, High Speed DDR mode is not supported [0], so remove mmc-ddr-1_8v flag which adds the capability. [0] https://www.ti.com/lit/gpn/am625 Fixes: c37c58fdeb8a ("arm64: dts: ti: k3-am62: Add more peripheral nodes") Cc: stable(a)vger.kernel.org Signed-off-by: Judith Mendez <jm(a)ti.com> Link: https://lore.kernel.org/r/20250707191250.3953990-1-jm@ti.com Signed-off-by: Vignesh Raghavendra <vigneshr(a)ti.com> diff --git a/arch/arm64/boot/dts/ti/k3-am62-main.dtsi b/arch/arm64/boot/dts/ti/k3-am62-main.dtsi index 9e0b6eee9ac7..120ba8f9dd0e 100644 --- a/arch/arm64/boot/dts/ti/k3-am62-main.dtsi +++ b/arch/arm64/boot/dts/ti/k3-am62-main.dtsi @@ -553,7 +553,6 @@ sdhci0: mmc@fa10000 { clocks = <&k3_clks 57 5>, <&k3_clks 57 6>; clock-names = "clk_ahb", "clk_xin"; bus-width = <8>; - mmc-ddr-1_8v; mmc-hs200-1_8v; ti,clkbuf-sel = <0x7>; ti,otap-del-sel-legacy = <0x0>;

2 months, 3 weeks

2
1
0 0

FAILED: patch "[PATCH] mmc: sdhci-pci-gli: Add a new function to simplify the code" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x dec8b38be4b35cae5f7fa086daf2631e2cfa09c1 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082244-busily-doze-c8d7@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From dec8b38be4b35cae5f7fa086daf2631e2cfa09c1 Mon Sep 17 00:00:00 2001 From: Victor Shih <victor.shih(a)genesyslogic.com.tw> Date: Thu, 31 Jul 2025 14:57:50 +0800 Subject: [PATCH] mmc: sdhci-pci-gli: Add a new function to simplify the code In preparation to fix replay timer timeout, add sdhci_gli_mask_replay_timer_timeout() function to simplify some of the code, allowing it to be re-used. Signed-off-by: Victor Shih <victor.shih(a)genesyslogic.com.tw> Fixes: 1ae1d2d6e555 ("mmc: sdhci-pci-gli: Add Genesys Logic GL9763E support") Cc: stable(a)vger.kernel.org Acked-by: Adrian Hunter <adrian.hunter(a)intel.com> Link: https://lore.kernel.org/r/20250731065752.450231-2-victorshihgli@gmail.com Signed-off-by: Ulf Hansson <ulf.hansson(a)linaro.org> diff --git a/drivers/mmc/host/sdhci-pci-gli.c b/drivers/mmc/host/sdhci-pci-gli.c index 4c2ae71770f7..f678c91f8d3e 100644 --- a/drivers/mmc/host/sdhci-pci-gli.c +++ b/drivers/mmc/host/sdhci-pci-gli.c @@ -287,6 +287,20 @@ #define GLI_MAX_TUNING_LOOP 40 /* Genesys Logic chipset */ +static void sdhci_gli_mask_replay_timer_timeout(struct pci_dev *pdev) +{ + int aer; + u32 value; + + /* mask the replay timer timeout of AER */ + aer = pci_find_ext_capability(pdev, PCI_EXT_CAP_ID_ERR); + if (aer) { + pci_read_config_dword(pdev, aer + PCI_ERR_COR_MASK, &value); + value |= PCI_ERR_COR_REP_TIMER; + pci_write_config_dword(pdev, aer + PCI_ERR_COR_MASK, value); + } +} + static inline void gl9750_wt_on(struct sdhci_host *host) { u32 wt_value; @@ -607,7 +621,6 @@ static void gl9750_hw_setting(struct sdhci_host *host) { struct sdhci_pci_slot *slot = sdhci_priv(host); struct pci_dev *pdev; - int aer; u32 value; pdev = slot->chip->pdev; @@ -626,12 +639,7 @@ static void gl9750_hw_setting(struct sdhci_host *host) pci_set_power_state(pdev, PCI_D0); /* mask the replay timer timeout of AER */ - aer = pci_find_ext_capability(pdev, PCI_EXT_CAP_ID_ERR); - if (aer) { - pci_read_config_dword(pdev, aer + PCI_ERR_COR_MASK, &value); - value |= PCI_ERR_COR_REP_TIMER; - pci_write_config_dword(pdev, aer + PCI_ERR_COR_MASK, value); - } + sdhci_gli_mask_replay_timer_timeout(pdev); gl9750_wt_off(host); } @@ -806,7 +814,6 @@ static void sdhci_gl9755_set_clock(struct sdhci_host *host, unsigned int clock) static void gl9755_hw_setting(struct sdhci_pci_slot *slot) { struct pci_dev *pdev = slot->chip->pdev; - int aer; u32 value; gl9755_wt_on(pdev); @@ -841,12 +848,7 @@ static void gl9755_hw_setting(struct sdhci_pci_slot *slot) pci_set_power_state(pdev, PCI_D0); /* mask the replay timer timeout of AER */ - aer = pci_find_ext_capability(pdev, PCI_EXT_CAP_ID_ERR); - if (aer) { - pci_read_config_dword(pdev, aer + PCI_ERR_COR_MASK, &value); - value |= PCI_ERR_COR_REP_TIMER; - pci_write_config_dword(pdev, aer + PCI_ERR_COR_MASK, value); - } + sdhci_gli_mask_replay_timer_timeout(pdev); gl9755_wt_off(pdev); }

2 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] mmc: sdhci-pci-gli: Add a new function to simplify the code" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x dec8b38be4b35cae5f7fa086daf2631e2cfa09c1 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082238-plaything-untouched-6444@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From dec8b38be4b35cae5f7fa086daf2631e2cfa09c1 Mon Sep 17 00:00:00 2001 From: Victor Shih <victor.shih(a)genesyslogic.com.tw> Date: Thu, 31 Jul 2025 14:57:50 +0800 Subject: [PATCH] mmc: sdhci-pci-gli: Add a new function to simplify the code In preparation to fix replay timer timeout, add sdhci_gli_mask_replay_timer_timeout() function to simplify some of the code, allowing it to be re-used. Signed-off-by: Victor Shih <victor.shih(a)genesyslogic.com.tw> Fixes: 1ae1d2d6e555 ("mmc: sdhci-pci-gli: Add Genesys Logic GL9763E support") Cc: stable(a)vger.kernel.org Acked-by: Adrian Hunter <adrian.hunter(a)intel.com> Link: https://lore.kernel.org/r/20250731065752.450231-2-victorshihgli@gmail.com Signed-off-by: Ulf Hansson <ulf.hansson(a)linaro.org> diff --git a/drivers/mmc/host/sdhci-pci-gli.c b/drivers/mmc/host/sdhci-pci-gli.c index 4c2ae71770f7..f678c91f8d3e 100644 --- a/drivers/mmc/host/sdhci-pci-gli.c +++ b/drivers/mmc/host/sdhci-pci-gli.c @@ -287,6 +287,20 @@ #define GLI_MAX_TUNING_LOOP 40 /* Genesys Logic chipset */ +static void sdhci_gli_mask_replay_timer_timeout(struct pci_dev *pdev) +{ + int aer; + u32 value; + + /* mask the replay timer timeout of AER */ + aer = pci_find_ext_capability(pdev, PCI_EXT_CAP_ID_ERR); + if (aer) { + pci_read_config_dword(pdev, aer + PCI_ERR_COR_MASK, &value); + value |= PCI_ERR_COR_REP_TIMER; + pci_write_config_dword(pdev, aer + PCI_ERR_COR_MASK, value); + } +} + static inline void gl9750_wt_on(struct sdhci_host *host) { u32 wt_value; @@ -607,7 +621,6 @@ static void gl9750_hw_setting(struct sdhci_host *host) { struct sdhci_pci_slot *slot = sdhci_priv(host); struct pci_dev *pdev; - int aer; u32 value; pdev = slot->chip->pdev; @@ -626,12 +639,7 @@ static void gl9750_hw_setting(struct sdhci_host *host) pci_set_power_state(pdev, PCI_D0); /* mask the replay timer timeout of AER */ - aer = pci_find_ext_capability(pdev, PCI_EXT_CAP_ID_ERR); - if (aer) { - pci_read_config_dword(pdev, aer + PCI_ERR_COR_MASK, &value); - value |= PCI_ERR_COR_REP_TIMER; - pci_write_config_dword(pdev, aer + PCI_ERR_COR_MASK, value); - } + sdhci_gli_mask_replay_timer_timeout(pdev); gl9750_wt_off(host); } @@ -806,7 +814,6 @@ static void sdhci_gl9755_set_clock(struct sdhci_host *host, unsigned int clock) static void gl9755_hw_setting(struct sdhci_pci_slot *slot) { struct pci_dev *pdev = slot->chip->pdev; - int aer; u32 value; gl9755_wt_on(pdev); @@ -841,12 +848,7 @@ static void gl9755_hw_setting(struct sdhci_pci_slot *slot) pci_set_power_state(pdev, PCI_D0); /* mask the replay timer timeout of AER */ - aer = pci_find_ext_capability(pdev, PCI_EXT_CAP_ID_ERR); - if (aer) { - pci_read_config_dword(pdev, aer + PCI_ERR_COR_MASK, &value); - value |= PCI_ERR_COR_REP_TIMER; - pci_write_config_dword(pdev, aer + PCI_ERR_COR_MASK, value); - } + sdhci_gli_mask_replay_timer_timeout(pdev); gl9755_wt_off(pdev); }

2 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] mmc: sdhci-pci-gli: Add a new function to simplify the code" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x dec8b38be4b35cae5f7fa086daf2631e2cfa09c1 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082238-ember-profusely-366a@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From dec8b38be4b35cae5f7fa086daf2631e2cfa09c1 Mon Sep 17 00:00:00 2001 From: Victor Shih <victor.shih(a)genesyslogic.com.tw> Date: Thu, 31 Jul 2025 14:57:50 +0800 Subject: [PATCH] mmc: sdhci-pci-gli: Add a new function to simplify the code In preparation to fix replay timer timeout, add sdhci_gli_mask_replay_timer_timeout() function to simplify some of the code, allowing it to be re-used. Signed-off-by: Victor Shih <victor.shih(a)genesyslogic.com.tw> Fixes: 1ae1d2d6e555 ("mmc: sdhci-pci-gli: Add Genesys Logic GL9763E support") Cc: stable(a)vger.kernel.org Acked-by: Adrian Hunter <adrian.hunter(a)intel.com> Link: https://lore.kernel.org/r/20250731065752.450231-2-victorshihgli@gmail.com Signed-off-by: Ulf Hansson <ulf.hansson(a)linaro.org> diff --git a/drivers/mmc/host/sdhci-pci-gli.c b/drivers/mmc/host/sdhci-pci-gli.c index 4c2ae71770f7..f678c91f8d3e 100644 --- a/drivers/mmc/host/sdhci-pci-gli.c +++ b/drivers/mmc/host/sdhci-pci-gli.c @@ -287,6 +287,20 @@ #define GLI_MAX_TUNING_LOOP 40 /* Genesys Logic chipset */ +static void sdhci_gli_mask_replay_timer_timeout(struct pci_dev *pdev) +{ + int aer; + u32 value; + + /* mask the replay timer timeout of AER */ + aer = pci_find_ext_capability(pdev, PCI_EXT_CAP_ID_ERR); + if (aer) { + pci_read_config_dword(pdev, aer + PCI_ERR_COR_MASK, &value); + value |= PCI_ERR_COR_REP_TIMER; + pci_write_config_dword(pdev, aer + PCI_ERR_COR_MASK, value); + } +} + static inline void gl9750_wt_on(struct sdhci_host *host) { u32 wt_value; @@ -607,7 +621,6 @@ static void gl9750_hw_setting(struct sdhci_host *host) { struct sdhci_pci_slot *slot = sdhci_priv(host); struct pci_dev *pdev; - int aer; u32 value; pdev = slot->chip->pdev; @@ -626,12 +639,7 @@ static void gl9750_hw_setting(struct sdhci_host *host) pci_set_power_state(pdev, PCI_D0); /* mask the replay timer timeout of AER */ - aer = pci_find_ext_capability(pdev, PCI_EXT_CAP_ID_ERR); - if (aer) { - pci_read_config_dword(pdev, aer + PCI_ERR_COR_MASK, &value); - value |= PCI_ERR_COR_REP_TIMER; - pci_write_config_dword(pdev, aer + PCI_ERR_COR_MASK, value); - } + sdhci_gli_mask_replay_timer_timeout(pdev); gl9750_wt_off(host); } @@ -806,7 +814,6 @@ static void sdhci_gl9755_set_clock(struct sdhci_host *host, unsigned int clock) static void gl9755_hw_setting(struct sdhci_pci_slot *slot) { struct pci_dev *pdev = slot->chip->pdev; - int aer; u32 value; gl9755_wt_on(pdev); @@ -841,12 +848,7 @@ static void gl9755_hw_setting(struct sdhci_pci_slot *slot) pci_set_power_state(pdev, PCI_D0); /* mask the replay timer timeout of AER */ - aer = pci_find_ext_capability(pdev, PCI_EXT_CAP_ID_ERR); - if (aer) { - pci_read_config_dword(pdev, aer + PCI_ERR_COR_MASK, &value); - value |= PCI_ERR_COR_REP_TIMER; - pci_write_config_dword(pdev, aer + PCI_ERR_COR_MASK, value); - } + sdhci_gli_mask_replay_timer_timeout(pdev); gl9755_wt_off(pdev); }

2 months, 3 weeks

1
0
0 0

[PATCH v5.15 RESEND 0/2] x86/irq: Plug vector setup race

by Jinjie Ruan

There is a vector setup race, which overwrites the interrupt descriptor in the per CPU vector array resulting in a disfunctional device. CPU0 CPU1 interrupt is raised in APIC IRR but not handled free_irq() per_cpu(vector_irq, CPU1)[vector] = VECTOR_SHUTDOWN; request_irq() common_interrupt() d = this_cpu_read(vector_irq[vector]); per_cpu(vector_irq, CPU1)[vector] = desc; if (d == VECTOR_SHUTDOWN) this_cpu_write(vector_irq[vector], VECTOR_UNUSED); free_irq() cannot observe the pending vector in the CPU1 APIC as there is no way to query the remote CPUs APIC IRR. This requires that request_irq() uses the same vector/CPU as the one which was freed, but this also can be triggered by a spurious interrupt. Interestingly enough this problem managed to be hidden for more than a decade. Prevent this by reevaluating vector_irq under the vector lock, which is held by the interrupt activation code when vector_irq is updated. The first patch provides context for subsequent real bugfix patch. Fixes: 9345005f4eed ("x86/irq: Fix do_IRQ() interrupt warning for cpu hotplug retriggered irqs") Cc: stable(a)vger.kernel.org#5.15.x Cc: gregkh(a)linuxfoundation.org v1 -> RESEND - Add upstream commit ID. Jacob Pan (1): x86/irq: Factor out handler invocation from common_interrupt() Thomas Gleixner (1): x86/irq: Plug vector setup race arch/x86/kernel/irq.c | 70 ++++++++++++++++++++++++++++++++++--------- 1 file changed, 56 insertions(+), 14 deletions(-) -- 2.34.1

2 months, 3 weeks

2
3
0 0

stable 5.15 backport: sch_*: make *_qlen_notify() idempotent

by Hauke Mehrtens

Hi, Kernel 5.15.189 is showing a warning caused by: commit e269f29e9395527bc00c213c6b15da04ebb35070 Author: Lion Ackermann <nnamrec(a)gmail.com> Date: Mon Jun 30 15:27:30 2025 +0200 net/sched: Always pass notifications when child class becomes empty [ Upstream commit 103406b38c600fec1fe375a77b27d87e314aea09 ] See here for details: https://www.spinics.net/lists/netdev/msg1113109.html To fix this please backport the following 4 commits to 5.15 stable: commit 5ba8b837b522d7051ef81bacf3d95383ff8edce5 Author: Cong Wang <xiyou.wangcong(a)gmail.com> Date: Thu Apr 3 14:10:23 2025 -0700 sch_htb: make htb_qlen_notify() idempotent commit df008598b3a00be02a8051fde89ca0fbc416bd55 Author: Cong Wang <xiyou.wangcong(a)gmail.com> Date: Thu Apr 3 14:10:24 2025 -0700 sch_drr: make drr_qlen_notify() idempotent commit 51eb3b65544c9efd6a1026889ee5fb5aa62da3bb Author: Cong Wang <xiyou.wangcong(a)gmail.com> Date: Thu Apr 3 14:10:25 2025 -0700 sch_hfsc: make hfsc_qlen_notify() idempotent commit 55f9eca4bfe30a15d8656f915922e8c98b7f0728 Author: Cong Wang <xiyou.wangcong(a)gmail.com> Date: Thu Apr 3 14:10:26 2025 -0700 sch_qfq: make qfq_qlen_notify() idempotent Kernel 6.1 stable already contains them. Kernel 5.10 stable does not contain the patch which causes problems. Hauke

2 months, 3 weeks

2
1
0 0

[PATCH 1/2] io_uring/futex: ensure io_futex_wait() cleans up properly on failure

by Jens Axboe

The io_futex_data is allocated upfront and assigned to the io_kiocb async_data field, but the request isn't marked with REQ_F_ASYNC_DATA at that point. Those two should always go together, as the flag tells io_uring whether the field is valid or not. Additionally, on failure cleanup, the futex handler frees the data but does not clear ->async_data. Clear the data and the flag in the error path as well. Thanks to Trend Micro Zero Day Initiative and particularly ReDress for reporting this. Cc: stable(a)vger.kernel.org Fixes: 194bb58c6090 ("io_uring: add support for futex wake and wait") Signed-off-by: Jens Axboe <axboe(a)kernel.dk> --- io_uring/futex.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/io_uring/futex.c b/io_uring/futex.c index 692462d50c8c..9113a44984f3 100644 --- a/io_uring/futex.c +++ b/io_uring/futex.c @@ -288,6 +288,7 @@ int io_futex_wait(struct io_kiocb *req, unsigned int issue_flags) goto done_unlock; } + req->flags |= REQ_F_ASYNC_DATA; req->async_data = ifd; ifd->q = futex_q_init; ifd->q.bitset = iof->futex_mask; @@ -309,6 +310,8 @@ int io_futex_wait(struct io_kiocb *req, unsigned int issue_flags) if (ret < 0) req_set_fail(req); io_req_set_res(req, ret, 0); + req->async_data = NULL; + req->flags &= ~REQ_F_ASYNC_DATA; kfree(ifd); return IOU_COMPLETE; } -- 2.50.1

2 months, 3 weeks

1
0
0 0

[PATCH 6.16 000/564] 6.16.2-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.16.2 release. There are 564 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 21 Aug 2025 12:27:23 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.16.2-rc2… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.16.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.16.2-rc2 Pavel Begunkov <asml.silence(a)gmail.com> io_uring/zcrx: don't leak pages on account failure Pavel Begunkov <asml.silence(a)gmail.com> io_uring/zcrx: fix null ifq on area destruction Shin'ichiro Kawasaki <shinichiro.kawasaki(a)wdc.com> dm: split write BIOs on zone boundaries when zone append is not emulated Thomas Gleixner <tglx(a)linutronix.de> irqchip/mvebu-gicp: Use resource_size() for ioremap() Frederic Weisbecker <frederic(a)kernel.org> rcu: Fix racy re-initialization of irq_work causing hangs Ivan Lipski <ivan.lipski(a)amd.com> drm/amd/display: Allow DCN301 to clear update flags Arnd Bergmann <arnd(a)arndb.de> firmware: arm_scmi: Convert to SYSTEM_SLEEP_PM_OPS Jens Axboe <axboe(a)kernel.dk> io_uring/rw: cast rw->flags assignment to rwf_t Damien Le Moal <dlemoal(a)kernel.org> ata: libata-sata: Add link_power_management_supported sysfs attribute Maxim Levitsky <mlevitsk(a)redhat.com> KVM: VMX: Preserve host's DEBUGCTLMSR_FREEZE_IN_SMM while running the guest Maxim Levitsky <mlevitsk(a)redhat.com> KVM: VMX: Wrap all accesses to IA32_DEBUGCTL with getter/setter APIs Maxim Levitsky <mlevitsk(a)redhat.com> KVM: nVMX: Check vmcs12->guest_ia32_debugctl on nested VM-Enter Sean Christopherson <seanjc(a)google.com> KVM: VMX: Extract checking of guest's DEBUGCTL into helper Pedro Falcato <pfalcato(a)suse.de> RDMA/siw: Fix the sendmsg byte count in siw_tcp_sendpages Willy Tarreau <w(a)1wt.eu> tools/nolibc: fix spelling of FD_SETBITMASK in FD_* macros Masami Hiramatsu (Google) <mhiramat(a)kernel.org> tracing: fprobe: Fix infinite recursion using preempt_*_notrace() Benjamin Mugnier <benjamin.mugnier(a)foss.st.com> media: i2c: vd55g1: Fix return code in vd55g1_enable_streams error path Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Turn on the camera if V4L2_EVENT_SUB_FL_SEND_INITIAL Marek Szyprowski <m.szyprowski(a)samsung.com> media: v4l2: Add support for NV12M tiled variants to v4l2_format_info() Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Do not mark valid metadata as invalid Vedang Nagar <quic_vnagar(a)quicinc.com> media: venus: Fix OOB read due to missing payload bound check Youngjun Lee <yjjuny.lee(a)samsung.com> media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() Breno Leitao <leitao(a)debian.org> mm/kmemleak: avoid deadlock by moving pr_warn() outside kmemleak_lock Waiman Long <longman(a)redhat.com> mm/kmemleak: avoid soft lockup in __kmemleak_do_cleanup() Kairui Song <kasong(a)tencent.com> mm/shmem, swap: improve cached mTHP handling and fix potential hang Anshuman Khandual <anshuman.khandual(a)arm.com> mm/ptdump: take the memory hotplug lock inside ptdump_walk_pgd() David Hildenbrand <david(a)redhat.com> mm/huge_memory: don't ignore queried cachemode in vmf_insert_pfn_pud() Vlastimil Babka <vbabka(a)suse.cz> mm, slab: restore NUMA policy support for large kmalloc Randy Dunlap <rdunlap(a)infradead.org> parisc: Makefile: fix a typo in palo.conf Hans de Goede <hansg(a)kernel.org> i2c: core: Fix double-free of fwnode in i2c_unregister_device() Haiyang Zhang <haiyangz(a)microsoft.com> hv_netvsc: Fix panic during namespace deletion with VF Davide Caratti <dcaratti(a)redhat.com> net/sched: ets: use old 'nbands' while purging unused classes Lizhi Xu <lizhi.xu(a)windriver.com> ocfs2: reset folio to NULL when get folio fails Randy Dunlap <rdunlap(a)infradead.org> fbdev: nvidiafb: add depends on HAS_IOPORT Sravan Kumar Gundu <sravankumarlpu(a)gmail.com> fbdev: Fix vmalloc out-of-bounds write in fast_imageblit Suren Baghdasaryan <surenb(a)google.com> userfaultfd: fix a crash in UFFDIO_MOVE when PMD is a migration entry Andrey Albershteyn <aalbersh(a)redhat.com> xfs: fix scrub trace with null pointer in quotacheck Qu Wenruo <wqu(a)suse.com> btrfs: do not allow relocation of partially dropped subvolumes Boris Burkov <boris(a)bur.io> btrfs: fix iteration bug in __qgroup_excl_accounting() Qu Wenruo <wqu(a)suse.com> btrfs: fix wrong length parameter for btrfs_cleanup_ordered_extents() Naohiro Aota <naohiro.aota(a)wdc.com> btrfs: zoned: do not select metadata BG as finish target Filipe Manana <fdmanana(a)suse.com> btrfs: error on missing block group when unaccounting log tree extent buffers Filipe Manana <fdmanana(a)suse.com> btrfs: fix log tree replay failure due to file with 0 links and extents Filipe Manana <fdmanana(a)suse.com> btrfs: send: use fallocate for hole punching with send stream v2 Filipe Manana <fdmanana(a)suse.com> btrfs: clear dirty status from extent buffer on error at insert_new_root() Filipe Manana <fdmanana(a)suse.com> btrfs: don't skip remaining extrefs if dir not found during log replay Filipe Manana <fdmanana(a)suse.com> btrfs: qgroup: fix qgroup create ioctl returning success after quotas disabled Caleb Sander Mateos <csander(a)purestorage.com> btrfs: don't skip accounting in early ENOTTY return in btrfs_uring_encoded_read() Qu Wenruo <wqu(a)suse.com> btrfs: populate otime when logging an inode item Filipe Manana <fdmanana(a)suse.com> btrfs: qgroup: fix race between quota disable and quota rescan ioctl Boris Burkov <boris(a)bur.io> btrfs: fix ssd_spread overallocation Filipe Manana <fdmanana(a)suse.com> btrfs: don't ignore inode missing when replaying log tree Filipe Manana <fdmanana(a)suse.com> btrfs: qgroup: set quota enabled bit if quota disable fails flushing reservations Naohiro Aota <naohiro.aota(a)wdc.com> btrfs: zoned: do not remove unwritten non-data block group Naohiro Aota <naohiro.aota(a)wdc.com> btrfs: zoned: requeue to unused block group list if zone finish failed Johannes Thumshirn <johannes.thumshirn(a)wdc.com> btrfs: zoned: reserve data_reloc block group on mount Filipe Manana <fdmanana(a)suse.com> btrfs: abort transaction during log replay if walk_log_tree() failed Johannes Thumshirn <johannes.thumshirn(a)wdc.com> btrfs: zoned: use filesystem size not disk size for reclaim decision Oliver Neukum <oneukum(a)suse.com> cdc-acm: fix race between initial clearing halt and open Sebastian Reichel <sebastian.reichel(a)collabora.com> usb: typec: fusb302: cache PD RX state Eric Biggers <ebiggers(a)kernel.org> thunderbolt: Fix copy+paste error in match_service_id() Ian Abbott <abbotti(a)mev.co.uk> comedi: fix race between polling and detaching Myrrh Periwinkle <myrrhperiwinkle(a)qtmlabs.xyz> usb: typec: ucsi: Update power_supply on power role change Ricky Wu <ricky_wu(a)realtek.com> misc: rtsx: usb: Ensure mmc child device is active when card is present Xinyu Liu <katieeliu(a)tencent.com> usb: core: config: Prevent OOB read in SS endpoint companion parsing Zhang Yi <yi.zhang(a)huawei.com> ext4: initialize superblock fields in the kballoc-test.c kunit tests Baokun Li <libaokun1(a)huawei.com> ext4: fix largest free orders lists corruption on mb_optimize_scan switch Baokun Li <libaokun1(a)huawei.com> ext4: fix zombie groups in average fragment size lists Jason Gunthorpe <jgg(a)ziepe.ca> iommufd: Prevent ALIGN() overflow Nicolin Chen <nicolinc(a)nvidia.com> iommufd: Report unmapped bytes in the error path of iopt_unmap_iova_range Alexey Klimov <alexey.klimov(a)linaro.org> iommu/arm-smmu-qcom: Add SM6115 MDSS compatible Nicolin Chen <nicolinc(a)nvidia.com> iommu/arm-smmu-v3: Revert vmaster in the error path Lu Baolu <baolu.lu(a)linux.intel.com> iommu/vt-d: Optimize iotlb_sync_map for non-caching/non-RWBF modes Shyam Prasad N <sprasad(a)microsoft.com> cifs: reset iface weights when we cannot find a candidate Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> clk: qcom: dispcc-sm8750: Fix setting rate byte and pixel clocks Christian Marangi <ansuelsmth(a)gmail.com> clk: qcom: gcc-ipq8074: fix broken freq table for nss_port6_tx_clk_src Damien Le Moal <dlemoal(a)kernel.org> dm: Always split write BIOs to zoned device limits Damien Le Moal <dlemoal(a)kernel.org> block: Introduce bio_needs_zone_write_plugging() Bijan Tabatabai <bijantabatab(a)micron.com> mm/damon/core: commit damos->target_nid SeongJae Park <sj(a)kernel.org> samples/damon/mtier: support boot time enable setup SeongJae Park <sj(a)kernel.org> samples/damon/wsse: fix boot time enable handling Miguel Ojeda <ojeda(a)kernel.org> rust: workaround `rustdoc` target modifiers bug Miguel Ojeda <ojeda(a)kernel.org> rust: kbuild: clean output before running `rustdoc` Waiman Long <longman(a)redhat.com> futex: Use user_write_access_begin/_end() in futex_put_value() Tom Lendacky <thomas.lendacky(a)amd.com> x86/sev: Ensure SVSM reserved fields in a page validation entry are initialized to zero Fushuai Wang <wangfushuai(a)baidu.com> x86/fpu: Fix NULL dereference in avx512_status() Nikunj A Dadhania <nikunj(a)amd.com> x86/sev: Improve handling of writes to intercepted TSC MSRs Jack Xiao <Jack.Xiao(a)amd.com> drm/amdgpu: fix incorrect vm flags to map bo YiPeng Chai <YiPeng.Chai(a)amd.com> drm/amdgpu: fix vram reservation issue Karthik Poosa <karthik.poosa(a)intel.com> drm/xe/hwmon: Add SW clamp for power limits writes Matthew Auld <matthew.auld(a)intel.com> drm/xe/migrate: prevent potential UAF Matthew Auld <matthew.auld(a)intel.com> drm/xe/migrate: don't overflow max copy size Matthew Auld <matthew.auld(a)intel.com> drm/xe/migrate: prevent infinite recursion Jouni Högander <jouni.hogander(a)intel.com> drm/i915/psr: Do not trigger Frame Change events from frontbuffer flush Vinod Govindapillai <vinod.govindapillai(a)intel.com> drm/i915/fbc: fix the implementation of wa_18038517565 David Howells <dhowells(a)redhat.com> cifs: Fix collect_sample() to handle any iterator type Zheng Qixing <zhengqixing(a)huawei.com> block: fix kobject double initialization in add_disk Caleb Sander Mateos <csander(a)purestorage.com> ublk: check for unprivileged daemon on each I/O fetch Shengjiu Wang <shengjiu.wang(a)nxp.com> ASoC: fsl_sai: replace regmap_write with regmap_update_bits Jiasheng Jiang <jiashengjiangcool(a)gmail.com> scsi: lpfc: Remove redundant assignment to avoid memory leak Nitin Rawat <quic_nitirawa(a)quicinc.com> scsi: ufs: core: Fix interrupt handling for MCQ Mode Meagan Lloyd <meaganlloyd(a)linux.microsoft.com> rtc: ds1307: remove clear of oscillator stop flag (OSF) in probe Sergey Bashirov <sergeybashirov(a)gmail.com> pNFS: Fix uninited ptr deref in block/scsi layout Sergey Bashirov <sergeybashirov(a)gmail.com> pNFS: Handle RPC size limit for layoutcommits Sergey Bashirov <sergeybashirov(a)gmail.com> pNFS: Fix disk addr range check in block/scsi layout Sergey Bashirov <sergeybashirov(a)gmail.com> pNFS: Fix stripe mapping in block/scsi layout John Garry <john.g.garry(a)oracle.com> block: avoid possible overflow for chunk_sectors check in blk_stack_limits() Cezary Rojewski <cezary.rojewski(a)intel.com> ASoC: Intel: avs: Fix uninitialized pointer error in probe() Buday Csaba <buday.csaba(a)prolan.hu> net: phy: smsc: add proper reset flags for LAN8710A Mark Brown <broonie(a)kernel.org> regmap: irq: Free the regmap-irq mutex Peter Jakubek <peterjakubek(a)gmail.com> ASoC: Intel: sof_sdw: Add quirk for Alienware Area 51 (2025) 0CCC SKU Thomas Croft <thomasmcft(a)gmail.com> ALSA: hda/realtek: add LG gram 16Z90R-A to alc269 fixup table Elad Nachman <enachman(a)marvell.com> irqchip/mvebu-gicp: Clear pending interrupts on init Yu Kuai <yukuai3(a)huawei.com> lib/sbitmap: convert shallow_depth from one word to the whole sbitmap Stefan Metzmacher <metze(a)samba.org> smb: client: don't call init_waitqueue_head(&info->conn_wait) twice in _smbd_get_connection Calvin Owens <calvin(a)wbinvd.org> tools/power turbostat: Handle cap_get_proc() ENOSYS Calvin Owens <calvin(a)wbinvd.org> tools/power turbostat: Fix build with musl Len Brown <len.brown(a)intel.com> tools/power turbostat: Handle non-root legacy-uncore sysfs permissions Corey Minyard <corey(a)minyard.net> ipmi: Fix strcpy source and destination the same Yann E. MORIN <yann.morin.1998(a)free.fr> kconfig: lxdialog: fix 'space' to (de)select options Masahiro Yamada <masahiroy(a)kernel.org> kheaders: rebuild kheaders_data.tar.xz when a file is modified within a minute Masahiro Yamada <masahiroy(a)kernel.org> kconfig: gconf: fix potential memory leak in renderer_edited() Masahiro Yamada <masahiroy(a)kernel.org> kconfig: gconf: avoid hardcoding model2 in on_treeview2_cursor_changed() Breno Leitao <leitao(a)debian.org> ipmi: Use dev_warn_ratelimited() for incorrect message warnings Artem Sadovnikov <a.sadovnikov(a)ispras.ru> vfio/mlx5: fix possible overflow in tracking max message size John Garry <john.g.garry(a)oracle.com> scsi: aacraid: Stop using PCI_IRQ_AFFINITY Maurizio Lombardi <mlombard(a)redhat.com> scsi: target: core: Generate correct identifiers for PR OUT transport IDs Ranjan Kumar <ranjan.kumar(a)broadcom.com> scsi: Fix sas_user_scan() to handle wildcard and multi-channel scans Shankari Anand <shankari.ak0208(a)gmail.com> kconfig: nconf: Ensure null termination where strncpy is used Keith Busch <kbusch(a)kernel.org> vfio/type1: conditional rescheduling while pinning Suchit Karunakaran <suchitkarunakaran(a)gmail.com> kconfig: lxdialog: replace strcpy() with strncpy() in inputbox.c John Ogness <john.ogness(a)linutronix.de> printk: nbcon: Allow reacquire during panic Chao Yu <chao(a)kernel.org> f2fs: handle nat.blkaddr corruption in f2fs_get_node_info() Jaegeuk Kim <jaegeuk(a)kernel.org> f2fs: check the generic conditions first Yuezhang Mo <Yuezhang.Mo(a)sony.com> exfat: add cluster chain loop check for dir fangzhong.zhou <myth5(a)myth5.com> i2c: Force DLL0945 touchpad i2c freq to 100khz John Johansen <john.johansen(a)canonical.com> apparmor: fix x_table_lookup when stacking is not the first entry Mateusz Guzik <mjguzik(a)gmail.com> apparmor: use the condition in AA_BUG_FMT even with debug disabled Benjamin Marzinski <bmarzins(a)redhat.com> dm-table: fix checking for rq stackable devices Mikulas Patocka <mpatocka(a)redhat.com> dm-mpath: don't print the "loaded" message if registering fails Jorge Marques <jorge.marques(a)analog.com> i3c: master: Initialize ret in i3c_i2c_notifier_call() Wolfram Sang <wsa+renesas(a)sang-engineering.com> i3c: don't fail if GETHDRCAP is unsupported Gabriel Totev <gabriel.totev(a)zetier.com> apparmor: shift ouid when mediating hard links in userns Meagan Lloyd <meaganlloyd(a)linux.microsoft.com> rtc: ds1307: handle oscillator stop flag (OSF) for ds1341 Wolfram Sang <wsa+renesas(a)sang-engineering.com> i3c: add missing include to internal header Petr Pavlu <petr.pavlu(a)suse.com> module: Prevent silent truncation of module name in delete_module(2) Purva Yeshi <purvayeshi550(a)gmail.com> md: dm-zoned-target: Initialize return variable r to avoid uninitialized use Charles Keepax <ckeepax(a)opensource.cirrus.com> soundwire: Move handle_nested_irq outside of sdw_dev_lock Vijendar Mukunda <Vijendar.Mukunda(a)amd.com> soundwire: amd: cancel pending slave status handling workqueue during remove sequence Vijendar Mukunda <Vijendar.Mukunda(a)amd.com> soundwire: amd: serialize amd manager resume sequence during pm_prepare Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> clk: renesas: rzg2l: Postpone updating priv->clks[] Mario Limonciello <mario.limonciello(a)amd.com> crypto: ccp - Add missing bootloader info reg for pspv6 Bharat Bhushan <bbhushan2(a)marvell.com> crypto: octeontx2 - add timeout for load_fvc completion poll chenchangcheng <chenchangcheng(a)kylinos.cn> media: uvcvideo: Fix bandwidth issue for Alcor camera Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Set V4L2_CTRL_FLAG_DISABLED during queryctrl errors Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Add quirk for HP Webcam HD 2300 Alex Guo <alexguo1023(a)gmail.com> media: dvb-frontends: w7090p: fix null-ptr-deref in w7090p_tuner_write_serpar and w7090p_tuner_read_serpar Alex Guo <alexguo1023(a)gmail.com> media: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090p_rw_on_apb() Wolfram Sang <wsa+renesas(a)sang-engineering.com> media: usb: hdpvr: disable zero-length read messages Dave Stevenson <dave.stevenson(a)raspberrypi.com> media: tc358743: Increase FIFO trigger level to 374 Dave Stevenson <dave.stevenson(a)raspberrypi.com> media: tc358743: Return an appropriate colorspace from tc358743_set_fmt Dave Stevenson <dave.stevenson(a)raspberrypi.com> media: tc358743: Check I2C succeeded during probe Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> media: raspberrypi: cfe: Fix min_reqbufs_allocation Cheick Traore <cheick.traore(a)foss.st.com> pinctrl: stm32: Manage irq affinity settings Wilfred Mallawa <wilfred.mallawa(a)wdc.com> PCI: dw-rockchip: Delay link training after hot reset in EP mode Damien Le Moal <dlemoal(a)kernel.org> scsi: mpi3mr: Correctly handle ATA device errors Francisco Gutierrez <frankramirez(a)google.com> scsi: pm80xx: Free allocated tags after failure Damien Le Moal <dlemoal(a)kernel.org> scsi: mpt3sas: Correctly handle ATA device errors Li Chen <chenl311(a)chinatelecom.cn> HID: rate-limit hid_warn to prevent log flooding Abel Vesa <abel.vesa(a)linaro.org> power: supply: qcom_battmgr: Add lithium-polymer entry John Ernberg <john.ernberg(a)actia.se> crypto: caam - Support iMX8QXP and variants thereof Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Ensure HBA_SETUP flag is used only for SLI4 in dev_loss_tmo_callbk Arnd Bergmann <arnd(a)arndb.de> RDMA/core: reduce stack using in nldev_stat_get_doit() Yury Norov [NVIDIA] <yury.norov(a)gmail.com> RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() Amelie Delaunay <amelie.delaunay(a)foss.st.com> dmaengine: stm32-dma: configure next sg only if there are more than 2 sgs Johan Adolfsson <johan.adolfsson(a)axis.com> leds: leds-lp50xx: Handle reg to get correct multi_index Niklas Söderlund <niklas.soderlund+renesas(a)ragnatech.se> media: v4l2-common: Reduce warnings about missing V4L2_CID_LINK_FREQ control Daniel Scally <dan.scally(a)ideasonboard.com> media: ipu-bridge: Add _HID for OV5670 Benjamin Mugnier <benjamin.mugnier(a)foss.st.com> media: i2c: vd55g1: Fix RATE macros not being expressed in bps Benjamin Mugnier <benjamin.mugnier(a)foss.st.com> media: i2c: vd55g1: Setup sensor external clock before patching Michal Wilczynski <m.wilczynski(a)samsung.com> clk: thead: Mark essential bus clocks as CLK_IGNORE_UNUSED Dikshita Agarwal <quic_dikshita(a)quicinc.com> media: iris: Add handling for corrupt and drop frames Shiji Yang <yangshiji66(a)outlook.com> MIPS: lantiq: falcon: sysctrl: fix request memory check logic Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> MIPS: Don't crash in stack_top() for tasks without ABI or vDSO Markus Theil <theil.markus(a)gmail.com> crypto: jitter - fix intermediary handling Kalesh AP <kalesh-anakkur.purayil(a)broadcom.com> RDMA/bnxt_re: Fix size of uverbs_copy_to() in BNXT_RE_METHOD_GET_TOGGLE_MEM Hans de Goede <hansg(a)kernel.org> media: hi556: Fix reset GPIO timings Arnaud Lecomte <contact(a)arnaud-lcm.com> jfs: upper bound check of tree index in dbAllocAG Edward Adam Davis <eadavis(a)qq.com> jfs: Regular file corruption check Lizhi Xu <lizhi.xu(a)windriver.com> jfs: truncate good inode pages when hard link is 0 jackysliu <1972843537(a)qq.com> scsi: bfa: Double-free fix Zhang Yi <yi.zhang(a)huawei.com> ext4: limit the maximum folio order Ziyan Fu <fuzy5(a)lenovo.com> watchdog: iTCO_wdt: Report error if timeout configuration fails Shiji Yang <yangshiji66(a)outlook.com> MIPS: vpe-mt: add missing prototypes for vpe_{alloc,start,stop,free} George Moussalem <george.moussalem(a)outlook.com> clk: qcom: ipq5018: keep XO clock always on Florin Leotescu <florin.leotescu(a)nxp.com> hwmon: (emc2305) Set initial PWM minimum value during probe based on thermal state Sebastian Reichel <sebastian.reichel(a)collabora.com> watchdog: dw_wdt: Fix default timeout Amir Mohammad Jahangirzad <a.jahangirzad(a)gmail.com> fs/orangefs: use snprintf() instead of sprintf() Showrya M N <showrya(a)chelsio.com> scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated Valmantas Paliksa <walmis(a)gmail.com> phy: rockchip-pcie: Enable all four lanes if required Geraldo Nascimento <geraldogabriel(a)gmail.com> phy: rockchip-pcie: Properly disable TEST_WRITE strobe signal Chen-Yu Tsai <wens(a)csie.org> mfd: axp20x: Set explicit ID for AXP313 regulator Mauro Carvalho Chehab <mchehab+huawei(a)kernel.org> sphinx: kernel_abi: fix performance regression with O=<dir> Pei Xiao <xiaopei01(a)kylinos.cn> clk: tegra: periph: Fix error handling and resolve unsigned compare warning Theodore Ts'o <tytso(a)mit.edu> ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr Zhiqi Song <songzhiqi1(a)huawei.com> crypto: hisilicon/hpre - fix dma unmap sequence Yongzhen Zhang <zhangyongzhen(a)kylinos.cn> fbdev: fix potential buffer overflow in do_register_framebuffer() Paulo Alcantara <pc(a)manguebit.org> smb: client: fix session setup against servers that require SPN Pali Rohár <pali(a)kernel.org> cifs: Fix calling CIFSFindFirst() for root path without msearch Aaron Plattner <aplattner(a)nvidia.com> watchdog: sbsa: Adjust keepalive timeout to avoid MediaTek WS0 race condition Roman Li <Roman.Li(a)amd.com> drm/amd/display: Disable dsc_power_gate for dcn314 by default Mario Limonciello <mario.limonciello(a)amd.com> drm/amd/display: Avoid configuring PSR granularity if PSR-SU not supported Mario Limonciello <mario.limonciello(a)amd.com> drm/amd/display: Only finalize atomic_obj if it was initialized Jason Wang <jasowang(a)redhat.com> vhost: fail early when __vhost_add_used() fails Will Deacon <will(a)kernel.org> vsock/virtio: Resize receive buffers so that each SKB fits in a 4K page Álvaro Fernández Rojas <noltari(a)gmail.com> net: dsa: b53: fix IP_MULTICAST_CTRL on BCM5325 Joel Fernandes <joelagnelf(a)nvidia.com> rcu: Fix rcu_read_unlock() deadloop due to IRQ work Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> drm/ttm: Respect the shrinker core free target Wayne Lin <Wayne.Lin(a)amd.com> drm/amd/display: Avoid trying AUX transactions on disconnected ports Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com> drm/amd/display: Update DMCUB loading sequence for DCN3.5 Yonghong Song <yonghong.song(a)linux.dev> selftests/bpf: Fix a user_ringbuf failure with arm64 64KB page size Yonghong Song <yonghong.song(a)linux.dev> selftests/bpf: Fix ringbuf/ringbuf_write test failure with arm64 64KB page size Ihor Solodrai <isolodrai(a)meta.com> bpf: Make reg_not_null() true for CONST_PTR_TO_MAP Kuan-Chung Chen <damon.chen(a)realtek.com> wifi: rtw89: 8852c: increase beacon loss to 6 seconds Jakub Kicinski <kuba(a)kernel.org> uapi: in6: restore visibility of most IPv6 socket options Emily Deng <Emily.Deng(a)amd.com> drm/ttm: Should to return the evict error Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> drm: renesas: rz-du: mipi_dsi: Add min check for VCLK range Hari Kalavakunta <kalavakunta.hari.prasad(a)gmail.com> net: ncsi: Fix buffer overflow in fetching version id Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> drm/xe: Make dma-fences compliant with the safe access rules Shannon Nelson <sln(a)onemain.com> ionic: clean dbpage in de-init Thomas Fourier <fourier.thomas(a)gmail.com> wifi: rtlwifi: fix possible skb memory leak in _rtl_pci_init_one_rxdesc() Chih-Kang Chang <gary.chang(a)realtek.com> wifi: rtw89: scan abort when assign/unassign_vif Breno Leitao <leitao(a)debian.org> ptp: Use ratelimite for freerun error message Yuan Chen <chenyuan(a)kylinos.cn> bpftool: Fix JSON writer resource leak in version command Álvaro Fernández Rojas <noltari(a)gmail.com> net: dsa: b53: prevent SWITCH_CTRL access on BCM5325 Álvaro Fernández Rojas <noltari(a)gmail.com> net: dsa: b53: prevent DIS_LEARNING access on BCM5325 Álvaro Fernández Rojas <noltari(a)gmail.com> net: dsa: b53: prevent GMII_PORT_OVERRIDE_CTRL access on BCM5325 Álvaro Fernández Rojas <noltari(a)gmail.com> net: dsa: b53: fix b53_imp_vlan_setup for BCM5325 Álvaro Fernández Rojas <noltari(a)gmail.com> net: dsa: b53: ensure BCM5325 PHYs are enabled Alok Tiwari <alok.a.tiwari(a)oracle.com> gve: Return error for unknown admin queue command Gal Pressman <gal(a)nvidia.com> net: vlan: Replace BUG() with WARN_ON_ONCE() in vlan_dev_* stubs Gal Pressman <gal(a)nvidia.com> net: vlan: Make is_vlan_dev() a stub when VLAN is not configured ganglxie <ganglxie(a)amd.com> drm/amdgpu: clear pa and mca record counter when resetting eeprom Lijo Lazar <lijo.lazar(a)amd.com> drm/amdgpu: Suspend IH during mode-2 reset Mario Limonciello <mario.limonciello(a)amd.com> drm/amd/display: Stop storing failures into adev->dm.cached_state Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Allow printing VanGogh OD SCLK levels without setting dpm to manual Lijo Lazar <lijo.lazar(a)amd.com> drm/amd/pm: Use pointer type for typecheck() Heiner Kallweit <hkallweit1(a)gmail.com> dpaa_eth: don't use fixed_phy_change_carrier Stanislaw Gruszka <stf_xl(a)wp.pl> wifi: iwlegacy: Check rate_idx range after addition Mark Rutland <mark.rutland(a)arm.com> arm64: stacktrace: Check kretprobe_find_ret_addr() return value Mina Almasry <almasrymina(a)google.com> netmem: fix skb_frag_address_safe with unreadable skbs Thomas Fourier <fourier.thomas(a)gmail.com> powerpc: floppy: Add missing checks after DMA map Karthikeyan Kathirvel <quic_kathirve(a)quicinc.com> wifi: ath12k: Decrement TID on RX peer frag setup error handling Raj Kumar Bhagat <quic_rajkbhag(a)quicinc.com> wifi: ath12k: Enable REO queue lookup table feature on QCN9274 hw2.0 Ching-Te Ku <ku920601(a)realtek.com> wifi: rtw89: coex: Not to set slot duration to zero to avoid firmware issue Thomas Fourier <fourier.thomas(a)gmail.com> wifi: rtlwifi: fix possible skb memory leak in `_rtl_pci_rx_interrupt()`. Ramya Gnanasekar <ramya.gnanasekar(a)oss.qualcomm.com> wifi: mac80211: update radar_required in channel context after channel switch Alex Hung <alex.hung(a)amd.com> drm/amd/display: Initialize mode_select to 0 Wen Chen <Wen.Chen3(a)amd.com> drm/amd/display: Fix 'failed to blank crtc!' Lijo Lazar <lijo.lazar(a)amd.com> drm/amdgpu: Add more checks to PSP mailbox Zqiang <qiang.zhang1211(a)gmail.com> rcutorture: Fix rcutorture_one_extend_check() splat in RT kernels Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: pcie: reinit device properly during TOP reset Pagadala Yesu Anjaneyulu <pagadala.yesu.anjaneyulu(a)intel.com> wifi: iwlwifi: fw: Fix possible memory leak in iwl_fw_dbg_collect Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: mld: fix last_mlo_scan_time type Benjamin Berg <benjamin.berg(a)intel.com> wifi: iwlwifi: mld: use the correct struct size for tracing Miri Korenblit <miriam.rachel.korenblit(a)intel.com> wifi: iwlwifi: mld: don't exit EMLSR when we shouldn't Rand Deeb <rand.sec96(a)gmail.com> wifi: iwlwifi: dvm: fix potential overflow in rs_fill_link_cmd() Nathan Lynch <nathan.lynch(a)amd.com> lib: packing: Include necessary headers Daniel Braunwarth <daniel.braunwarth(a)kuka.com> net: phy: realtek: add error handling to rtl8211f_get_wol Hari Chandrakanthan <quic_haric(a)quicinc.com> wifi: ath12k: Fix station association with MBSSID Non-TX BSS Rameshkumar Sundaram <rameshkumar.sundaram(a)oss.qualcomm.com> wifi: ath12k: Fix beacon reception for sta associated to Non-TX AP Sarika Sharma <quic_sarishar(a)quicinc.com> wifi: ath12k: Add memset and update default rate value in wmi tx completion Jakub Kicinski <kuba(a)kernel.org> eth: bnxt: take page size into account for page pool recycling rings Andy Yan <andy.yan(a)rock-chips.com> drm/panel: raydium-rm67200: Move initialization from enable() to prepare stage Kang Yang <kang.yang(a)oss.qualcomm.com> wifi: ath10k: shutdown driver when hardware is unreliable Peichen Huang <PeiChen.Huang(a)amd.com> drm/amd/display: add null check Ilya Bakoulin <Ilya.Bakoulin(a)amd.com> drm/amd/display: Separate set_gsl from set_gsl_source_select Xiang Liu <xiang.liu(a)amd.com> drm/amdgpu: Use correct severity for BP threshold exceed event Jonas Rebmann <jre(a)pengutronix.de> net: fec: allow disable coalescing Wei Fang <wei.fang(a)nxp.com> net: enetc: separate 64-bit counters from enetc_port_counters RubenKelevra <rubenkelevra(a)gmail.com> net: ieee8021q: fix insufficient table-size assertion Li Chen <chenl311(a)chinatelecom.cn> ACPI: Suppress misleading SPCR console message when SPCR table is absent Eric Work <work.eric(a)gmail.com> net: atlantic: add set_power to fw_ops for atl2 to fix wol Lucien.Jheng <lucienzx159(a)gmail.com> net: phy: air_en8811h: Introduce resume/suspend and clk_restore_context to ensure correct CKO settings after network interface reinitialization. Aakash Kumar S <saakashkumar(a)marvell.com> xfrm: Duplicate SPI Handling zhangjianrong <zhangjianrong5(a)huawei.com> net: thunderbolt: Fix the parameter passing of tb_xdomain_enable_paths()/tb_xdomain_disable_paths() zhangjianrong <zhangjianrong5(a)huawei.com> net: thunderbolt: Enable end-to-end flow control also in transmit Matt Roper <matthew.d.roper(a)intel.com> drm/xe/xe_query: Use separate iterator while filling GT list Mark Brown <broonie(a)kernel.org> kselftest/arm64: Specify SVE data when testing VL set in sve-ptrace David Bauer <mail(a)david-bauer.net> wifi: mt76: mt7915: mcu: increase eeprom command timeout David Bauer <mail(a)david-bauer.net> wifi: mt76: mt7915: mcu: re-init MCU before loading FW patch Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtw89: Disable deep power saving for USB/SDIO Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtw89: Fix rtw89_mac_power_switch() for USB Alessio Belle <alessio.belle(a)imgtec.com> drm/imagination: Clear runtime PM errors while resetting the GPU Robin Murphy <robin.murphy(a)arm.com> perf/arm: Add missing .suppress_bind_attrs Yuan Chen <chenyuan(a)kylinos.cn> drm/msm: Add error handling for krealloc in metadata setup Rob Clark <robin.clark(a)oss.qualcomm.com> drm/msm: use trylock for debugfs Rob Clark <robin.clark(a)oss.qualcomm.com> drm/msm: Update register xml Thierry Reding <treding(a)nvidia.com> drm/fbdev-client: Skip DRM clients if modesetting is absent Felix Fietkau <nbd(a)nbd.name> wifi: mt76: fix vif link allocation Lorenzo Bianconi <lorenzo(a)kernel.org> wifi: mt76: mt7996: Fix mlink lookup in mt7996_tx_prepare_skb Hari Chandrakanthan <quic_haric(a)quicinc.com> wifi: mac80211: fix rx link assignment for non-MLO stations Zqiang <qiang.zhang1211(a)gmail.com> rcu/nocb: Fix possible invalid rdp's->nocb_cb_kthread pointer access Kuniyuki Iwashima <kuniyu(a)google.com> ipv6: mcast: Check inet6_dev->dead under idev->mc_lock in __ipv6_dev_mc_inc(). Thomas Fourier <fourier.thomas(a)gmail.com> (powerpc/512) Fix possible `dma_unmap_single()` on uninitialized pointer Heiko Carstens <hca(a)linux.ibm.com> s390/early: Copy last breaking event address to pt_regs Miri Korenblit <miriam.rachel.korenblit(a)intel.com> wifi: mac80211: avoid weird state in error path Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: don't complete management TX on SAE commit Chris Mason <clm(a)fb.com> sched/fair: Bump sd->max_newidle_lb_cost when newidle balance fails Nam Cao <namcao(a)linutronix.de> rv: Add #undef TRACE_INCLUDE_FILE Kamil Horák - 2N <kamilh(a)axis.com> net: phy: bcm54811: PHY initialization Sven Schnelle <svens(a)linux.ibm.com> s390/stp: Remove udelay from stp_sync_clock() Philipp Stanner <phasta(a)kernel.org> drm/sched: Avoid memory leaks with cancel_job() callback Philipp Stanner <phasta(a)kernel.org> drm/sched/tests: Add unit test for cancel_job() Miri Korenblit <miriam.rachel.korenblit(a)intel.com> wifi: iwlwifi: handle non-overlapping API ranges Avraham Stern <avraham.stern(a)intel.com> wifi: iwlwifi: mvm: fix scan request validation Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> um: Re-evaluate thread flags repeatedly Avraham Stern <avraham.stern(a)intel.com> wifi: iwlwifi: mld: fix scan request validation Miri Korenblit <miriam.rachel.korenblit(a)intel.com> wifi: iwlwifi: mvm: set gtk id also in older FWs Paul Chaignon <paul.chaignon(a)gmail.com> bpf: Forget ranges when refining tnum after JSET Juri Lelli <juri.lelli(a)redhat.com> sched/deadline: Fix accounting after global limits change Alok Tiwari <alok.a.tiwari(a)oracle.com> perf/cxlpmu: Remove unintended newline from IRQ name format string Biju Das <biju.das.jz(a)bp.renesas.com> net: phy: micrel: Add ksz9131_resume() Alok Tiwari <alok.a.tiwari(a)oracle.com> net: thunderx: Fix format-truncation warning in bgx_acpi_match_id() Oscar Maes <oscmaes92(a)gmail.com> net: ipv4: fix incorrect MTU in broadcast routes Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: don't unreserve never reserved chanctx Ilan Peer <ilan.peer(a)intel.com> wifi: cfg80211: Fix interface type validation Miri Korenblit <miriam.rachel.korenblit(a)intel.com> wifi: mac80211: handle WLAN_HT_ACTION_NOTIFY_CHANWIDTH async Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: don't use TPE data from assoc response Matt Johnston <matt(a)codeconstruct.com.au> net: mctp: Prevent duplicate binds Vincent Mailhol <mailhol.vincent(a)wanadoo.fr> can: ti_hecc: fix -Woverflow compiler warning Charlene Liu <Charlene.Liu(a)amd.com> drm/amd/display: limit clear_update_flags to dcn32 and above Paul E. McKenney <paulmck(a)kernel.org> rcu: Protect ->defer_qs_iw_pending from data race Umio Yasuno <coelacanth_dream(a)protonmail.com> drm/amd/pm: fix null pointer access Breno Leitao <leitao(a)debian.org> arm64: Mark kernel as tainted on SAE and SError panic Jack Ping CHNG <jchng(a)maxlinear.com> net: pcs: xpcs: mask readl() return value to 16 bits Leon Romanovsky <leon(a)kernel.org> net/mlx5e: Properly access RCU protected qdisc_sleeping variable Thomas Fourier <fourier.thomas(a)gmail.com> net: ag71xx: Add missing check after DMA map Thomas Fourier <fourier.thomas(a)gmail.com> et131x: Add missing check after DMA map Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtw89: Lower the timeout in rtw89_fw_read_c2h_reg() for USB Chin-Yen Lee <timlee(a)realtek.com> wifi: rtw89: wow: Add Basic Rate IE to probe request in scheduled scan mode Matteo Croce <teknoraver(a)meta.com> libbpf: Fix warning in calloc() usage Ahmed Zaki <ahmed.zaki(a)intel.com> idpf: preserve coalescing settings across resets Eduard Zingerman <eddyz87(a)gmail.com> libbpf: Verify that arena map exists when adding arena relocations Alok Tiwari <alok.a.tiwari(a)oracle.com> be2net: Use correct byte order and format string for TCP seq and ack_seq Sven Schnelle <svens(a)linux.ibm.com> s390/time: Use monotonic clock in get_cycles() Sven Schnelle <svens(a)linux.ibm.com> s390/sclp: Use monotonic clock in sclp_sync_wait() Johannes Berg <johannes.berg(a)intel.com> wifi: cfg80211: reject HTC bit for management frames Steven Rostedt <rostedt(a)goodmis.org> ktest.pl: Prevent recursion of default variable options Sarika Sharma <quic_sarishar(a)quicinc.com> wifi: ath12k: Correct tid cleanup when tid setup fails Oliver Neukum <oneukum(a)suse.com> net: usb: cdc-ncm: check for filtering capability Avraham Stern <avraham.stern(a)intel.com> wifi: iwlwifi: mvm: avoid outdated reorder buffer head_sn Avraham Stern <avraham.stern(a)intel.com> wifi: iwlwifi: mld: avoid outdated reorder buffer head_sn Miri Korenblit <miriam.rachel.korenblit(a)intel.com> wifi: iwlwifi: mld: use spec link id and not FW link id Anthoine Bourgeois <anthoine.bourgeois(a)vates.tech> xen/netfront: Fix TX response spurious interrupts Uwe Kleine-König <ukleinek(a)debian.org> Bluetooth: btusb: Add support for variant of RTL8851BE (USB ID 13d3:3601) Zijun Hu <zijun.hu(a)oss.qualcomm.com> Bluetooth: hci_sock: Reset cookie to zero in hci_sock_free_cookie() Yang Li <yang.li(a)amlogic.com> Bluetooth: hci_event: Add support for handling LE BIG Sync Lost event En-Wei Wu <en-wei.wu(a)canonical.com> Bluetooth: btusb: Add new VID/PID 0489/e14e for MT7925 Nam Cao <namcao(a)linutronix.de> verification/dot2k: Make a separate dot2k_templates/Kconfig_container Steven Rostedt <rostedt(a)goodmis.org> powerpc/thp: tracing: Hide hugepage events under CONFIG_PPC_BOOK3S_64 Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> selftests: netfilter: Enable CONFIG_INET_SCTP_DIAG Florian Westphal <fw(a)strlen.de> netfilter: nft_set_pipapo: prefer kvmalloc for scratch maps Srinivas Kandagatla <srini(a)kernel.org> ASoC: qcom: use drvdata instead of component to keep id Xinxin Wan <xinxin.wan(a)intel.com> ASoC: codecs: rt5640: Retry DEVICE_ID verification Jonathan Santos <Jonathan.Santos(a)analog.com> iio: adc: ad7768-1: Ensure SYNC_IN pulse minimum timing requirement Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> ALSA: usb-audio: Avoid precedence issues in mixer_quirks macros Christophe Leroy <christophe.leroy(a)csgroup.eu> ALSA: pcm: Rewrite recalculate_boundary() to avoid costly loop Lucy Thrun <lucy.thrun(a)digital-rabbithole.de> ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control Tomasz Michalec <tmichalec(a)google.com> platform/chrome: cros_ec_typec: Defer probe on missing EC parent Kees Cook <kees(a)kernel.org> platform/x86: thinkpad_acpi: Handle KCOV __init vs inline mismatches Bjorn Andersson <bjorn.andersson(a)oss.qualcomm.com> soc: qcom: mdt_loader: Actually use the e_phoff Krzysztof Hałasa <khalasa(a)piap.pl> imx8m-blk-ctrl: set ISI panic write hurry level Gautham R. Shenoy <gautham.shenoy(a)amd.com> pm: cpupower: Fix the snapshot-order of tsc,mperf, clock in mperf_stop() Radhey Shyam Pandey <radhey.shyam.pandey(a)amd.com> usb: dwc3: xilinx: add shutdown callback Oliver Neukum <oneukum(a)suse.com> usb: core: usb_submit_urb: downgrade type check Tomasz Michalec <tmichalec(a)google.com> usb: typec: intel_pmc_mux: Defer probe if SCU IPC isn't present Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime() Joseph Tilahun <jtilahun(a)astranis.com> tty: serial: fix print format specifiers Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: topology: Parse the dapm_widget_tokens in case of DSPless mode Markus Stockhausen <markus.stockhausen(a)gmx.de> irqchip/mips-gic: Allow forced affinity Alok Tiwari <alok.a.tiwari(a)oracle.com> ALSA: intel8x0: Fix incorrect codec index usage in mixer for ICH4 Mark Brown <broonie(a)kernel.org> ASoC: hdac_hdmi: Rate limit logging on connection and disconnection Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bugs: Avoid warning when overriding return thunk George Gaidarov <gdgaidarov+lkml(a)gmail.com> EDAC/ie31200: Enable support for Core i5-14600 and i7-14700 Takashi Iwai <tiwai(a)suse.de> ALSA: hda: Disable jack polling at shutdown Takashi Iwai <tiwai(a)suse.de> ALSA: hda: Handle the jack polling always via a work Gwendal Grignou <gwendal(a)chromium.org> platform/chrome: cros_ec_sensorhub: Retries when a sensor is not ready Haibo Chen <haibo.chen(a)nxp.com> mmc: sdhci-esdhc-imx: Don't change pinctrl in suspend if wakeup source Ulf Hansson <ulf.hansson(a)linaro.org> mmc: rtsx_usb_sdmmc: Fix error-path in sd_set_power_mode() Hans de Goede <hansg(a)kernel.org> mei: bus: Check for still connected devices in mei_cl_bus_dev_release() Zijun Hu <zijun.hu(a)oss.qualcomm.com> char: misc: Fix improper and inaccurate error code returned by misc_init() Gerd Hoffmann <kraxel(a)redhat.com> x86/sev/vc: Fix EFI runtime instruction emulation Charles Keepax <ckeepax(a)opensource.cirrus.com> ASoC: SDCA: Add flag for unused IRQs Peter Robinson <pbrobinson(a)gmail.com> reset: brcmstb: Enable reset drivers for ARCH_BCM2835 Eliav Farber <farbere(a)amazon.com> pps: clients: gpio: fix interrupt handling order in remove path Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> selftests: vDSO: vdso_test_getrandom: Always print TAP header Biju Das <biju.das.jz(a)bp.renesas.com> irqchip/renesas-rzv2h: Enable SKIP_SET_WAKE and MASK_ON_SUSPEND Breno Leitao <leitao(a)debian.org> ACPI: APEI: GHES: add TAINT_MACHINE_CHECK on GHES panic path Sarthak Garg <quic_sartgarg(a)quicinc.com> mmc: sdhci-msm: Ensure SD card power isn't ON when card removed Sebastian Ott <sebott(a)redhat.com> ACPI: processor: fix acpi_object initialization tuhaowen <tuhaowen(a)uniontech.com> PM: sleep: console: Fix the black screen issue Hsin-Te Yuan <yuanhsinte(a)chromium.org> thermal: sysfs: Return ENODATA instead of EAGAIN for reads Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PM: runtime: Clear power.needs_force_resume in pm_runtime_reinit() GalaxySnail <me(a)glxys.nl> ALSA: hda: add MODULE_FIRMWARE for cs35l41/cs35l56 Thierry Reding <treding(a)nvidia.com> firmware: tegra: Fix IVC dependency problems Peng Fan <peng.fan(a)nxp.com> firmware: arm_scmi: power_control: Ensure SCMI_SYSPOWER_IDLE is set early during resume Zhu Qiyu <qiyuzhu2(a)amd.com> ACPI: PRM: Reduce unnecessary printing to avoid user confusion Masami Hiramatsu (Google) <mhiramat(a)kernel.org> selftests: tracing: Use mutex_unlock for testing glob filter Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> tools/build: Fix s390(x) cross-compilation with clang Aaron Kling <webgeek1234(a)gmail.com> ARM: tegra: Use I/O memcpy to write to IRAM Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> gpio: tps65912: check the return value of regmap_update_bits() David Lechner <dlechner(a)baylibre.com> iio: adc: ad_sigma_delta: don't overallocate scan buffer Thomas Weißschuh <linux(a)weissschuh.net> tools/nolibc: define time_t in terms of __kernel_old_time_t David Collins <david.collins(a)oss.qualcomm.com> thermal/drivers/qcom-spmi-temp-alarm: Enable stage 2 shutdown when required Kuninori Morimoto <kuninori.morimoto.gx(a)renesas.com> ASoC: soc-dapm: set bias_level if snd_soc_dapm_set_bias_level() was successed Shubhrajyoti Datta <shubhrajyoti.datta(a)amd.com> EDAC/synopsys: Clear the ECC counters on init Lifeng Zheng <zhenglifeng1(a)huawei.com> PM / devfreq: governor: Replace sscanf() with kstrtoul() in set_freq_store() Alexander Kochetkov <al.kochet(a)gmail.com> ARM: rockchip: fix kernel hang during smp initialization Li RongQing <lirongqing(a)baidu.com> cpufreq: intel_pstate: Add Granite Rapids support in no-HWP mode Lifeng Zheng <zhenglifeng1(a)huawei.com> cpufreq: Exit governor when failed to start old governor Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> gpio: wcd934x: check the return value of regmap_update_bits() Guillaume La Roque <glaroque(a)baylibre.com> pmdomain: ti: Select PM_GENERIC_DOMAINS André Draszik <andre.draszik(a)linaro.org> usb: typec: tcpm/tcpci_maxim: fix irq wake usage Jameson Thies <jthies(a)google.com> usb: typec: ucsi: Add poll_cci operation to cros_ec_ucsi Binbin Zhou <zhoubinbin(a)loongson.cn> gpio: loongson-64bit: Extend GPIO irq support Tiffany Yang <ynaffit(a)google.com> binder: Fix selftest page indexing Hiago De Franco <hiago.franco(a)toradex.com> remoteproc: imx_rproc: skip clock enable when M-core is managed by the SCU Shuai Xue <xueshuai(a)linux.alibaba.com> ACPI: APEI: send SIGBUS to current task if synchronous memory error not recovered Maulik Shah <maulik.shah(a)oss.qualcomm.com> soc: qcom: rpmh-rsc: Add RSC version 4 support Mario Limonciello <mario.limonciello(a)amd.com> usb: xhci: Avoid showing errors during surprise removal Jay Chen <shawn2000100(a)gmail.com> usb: xhci: Set avg_trb_len = 8 for EP0 during Address Device Command Mario Limonciello <mario.limonciello(a)amd.com> usb: xhci: Avoid showing warnings for dying controller Vivek Pernamitta <quic_vpernami(a)quicinc.com> bus: mhi: host: pci_generic: Disable runtime PM for QDU100 Daniele Palmas <dnlplm(a)gmail.com> bus: mhi: host: pci_generic: Add Telit FN990B40 modem support Benson Leung <bleung(a)chromium.org> usb: typec: ucsi: psy: Set current max to 100mA for BC 1.2 and Default Cynthia Huang <cynthia(a)andestech.com> selftests/futex: Define SYS_futex on 32-bit architectures with 64-bit time_t Prashant Malani <pmalani(a)google.com> cpufreq: CPPC: Mark driver with NEED_UPDATE_LIMITS flag Mario Limonciello <mario.limonciello(a)amd.com> platform/x86/amd: pmc: Add Lenovo Yoga 6 13ALC6 to pmc quirk list Moon Hee Lee <moonhee.lee.ca(a)gmail.com> selftests/kexec: fix test_kexec_jump build Dave Penkler <dpenkler(a)gmail.com> staging: gpib: Add init response codes for new ni-usb-hs+ Su Hui <suhui(a)nfschina.com> usb: xhci: print xhci->xhc_state when queue_command failed Steven Rostedt <rostedt(a)goodmis.org> tracefs: Add d_delete to remove negative dentries Al Viro <viro(a)zeniv.linux.org.uk> securityfs: don't pin dentries twice, once is enough... Al Viro <viro(a)zeniv.linux.org.uk> fix locking in efi_secret_unlink() Wei Gao <wegao(a)suse.com> ext2: Handle fiemap on empty files to prevent EINVAL Al Viro <viro(a)zeniv.linux.org.uk> landlock: opened file never has a negative dentry Christian Brauner <brauner(a)kernel.org> pidfs: raise SB_I_NODEV and SB_I_NOEXEC Rong Zhang <ulin0208(a)gmail.com> fs/ntfs3: correctly create symlink for relative path Lizhi Xu <lizhi.xu(a)windriver.com> fs/ntfs3: Add sanity check for file name Damien Le Moal <dlemoal(a)kernel.org> ata: libata-sata: Disallow changing LPM state if not supported Damien Le Moal <dlemoal(a)kernel.org> ata: ahci: Disable DIPM if host lacks support Damien Le Moal <dlemoal(a)kernel.org> ata: ahci: Disallow LPM policy control if not supported Al Viro <viro(a)zeniv.linux.org.uk> better lockdep annotations for simple_recursive_removal() Viacheslav Dubeyko <slava(a)dubeyko.com> hfs: fix not erasing deleted b-tree node issue Sarah Newman <srn(a)prgmr.com> drbd: add missing kref_get in handle_write_conflicts Jan Kara <jack(a)suse.cz> udf: Verify partition map count Jan Kara <jack(a)suse.cz> loop: Avoid updating block size under exclusive owner Andrew Price <anprice(a)redhat.com> gfs2: Set .migrate_folio in gfs2_{rgrp,meta}_aops Andrew Price <anprice(a)redhat.com> gfs2: Validate i_depth for exhash directories Maurizio Lombardi <mlombard(a)redhat.com> nvme-tcp: log TLS handshake failures at error level John Garry <john.g.garry(a)oracle.com> md/raid10: set chunk_sectors limit John Garry <john.g.garry(a)oracle.com> dm-stripe: limit chunk_sectors to the stripe size Keith Busch <kbusch(a)kernel.org> nvme-pci: try function level reset on init failure NeilBrown <neil(a)brown.name> smb/server: avoid deadlock when linking with ReplaceIfExists Filipe Manana <fdmanana(a)suse.com> btrfs: fix -ENOSPC mmap write failure on NOCOW files/extents Yeoreum Yun <yeoreum.yun(a)arm.com> firmware: arm_ffa: Change initcall level of ffa_init() to rootfs_initcall Yeoreum Yun <yeoreum.yun(a)arm.com> tpm: tpm_crb_ffa: try to probe tpm_crb_ffa when it's built-in Jarkko Sakkinen <jarkko(a)kernel.org> tpm: Check for completion after timeout Kees Cook <kees(a)kernel.org> arm64: Handle KCOV __init vs inline mismatches Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> hfsplus: don't use BUG_ON() in hfsplus_create_attributes_file() Viacheslav Dubeyko <slava(a)dubeyko.com> hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() Viacheslav Dubeyko <slava(a)dubeyko.com> hfsplus: fix slab-out-of-bounds in hfsplus_bnode_read() Viacheslav Dubeyko <slava(a)dubeyko.com> hfs: fix slab-out-of-bounds in hfs_bnode_read() Viacheslav Dubeyko <slava(a)dubeyko.com> hfs: fix general protection fault in hfs_find_init() Sven Stegemann <sven(a)stegemann.de> net: kcm: Fix race condition in kcm_unattach() David Wei <dw(a)davidwei.uk> bnxt: fill data page pool with frags if PAGE_SIZE > BNXT_RX_PAGE_SIZE Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: reject duplicate device on updates Frederic Weisbecker <frederic(a)kernel.org> ipvs: Fix estimator kthreads preferred affinity Jakub Kicinski <kuba(a)kernel.org> tls: handle data disappearing from under the TLS ULP Jeongjun Park <aha310510(a)gmail.com> ptp: prevent possible ABBA deadlock in ptp_clock_freerun() Yao Zi <ziyao(a)disroot.org> riscv: dts: thead: Add APB clocks for TH1520 GMACs Yao Zi <ziyao(a)disroot.org> net: stmmac: thead: Get and enable APB clock on initialization Buday Csaba <buday.csaba(a)prolan.hu> net: mdiobus: release reset_gpio in mdiobus_unregister_device() Clark Wang <xiaoning.wang(a)nxp.com> net: phy: nxp-c45-tja11xx: fix the PHY ID mismatch issue when using C45 Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpuidle: governors: menu: Avoid using invalid recent intervals data Len Brown <len.brown(a)intel.com> intel_idle: Allow loading ACPI tables for any family Gao Xiang <xiang(a)kernel.org> erofs: fix block count report when 48-bit layout is on Stanislav Fomichev <sdf(a)fomichev.me> hamradio: ignore ops-locked netdevs Stanislav Fomichev <sdf(a)fomichev.me> net: lapbether: ignore ops-locked netdevs Xin Long <lucien.xin(a)gmail.com> sctp: linearize cloned gso packets in sctp_rcv Alok Tiwari <alok.a.tiwari(a)oracle.com> net: ti: icss-iep: Fix incorrect type for return value in extts_enable() Jakub Kicinski <kuba(a)kernel.org> net: page_pool: allow enabling recycling late, fix false positive warning MD Danish Anwar <danishanwar(a)ti.com> net: ti: icssg-prueth: Fix emac link speed handling Jijie Shao <shaojijie(a)huawei.com> net: hibmcge: fix the np_link_fail error reporting issue Jijie Shao <shaojijie(a)huawei.com> net: hibmcge: fix the division by zero issue Jijie Shao <shaojijie(a)huawei.com> net: hibmcge: fix rtnl deadlock issue Florian Westphal <fw(a)strlen.de> netfilter: ctnetlink: remove refcounting in expectation dumpers Florian Westphal <fw(a)strlen.de> netfilter: ctnetlink: fix refcount leak on table dump Sabrina Dubroca <sd(a)queasysnail.net> udp: also consider secpath when evaluating ipsec use for checksumming Sabrina Dubroca <sd(a)queasysnail.net> xfrm: bring back device check in validate_xmit_xfrm Sabrina Dubroca <sd(a)queasysnail.net> xfrm: restore GSO for SW crypto Sabrina Dubroca <sd(a)queasysnail.net> xfrm: flush all states in xfrm_state_fini Jinjiang Tu <tujinjiang(a)huawei.com> mm/smaps: fix race between smaps_hugetlb_range and migration Al Viro <viro(a)zeniv.linux.org.uk> habanalabs: fix UAF in export_dmabuf() Stefan Metzmacher <metze(a)samba.org> smb: client: don't wait for info->send_pending == 0 on error Stefan Metzmacher <metze(a)samba.org> smb: client: let send_done() cleanup before calling smbd_disconnect_rdma_connection() Thomas Weißschuh <linux(a)weissschuh.net> mfd: cros_ec: Separate charge-control probing from USB-PD Li Zhijian <lizhijian(a)fujitsu.com> mm/memory-tier: fix abstract distance calculation overflow Damien Le Moal <dlemoal(a)kernel.org> block: Make REQ_OP_ZONE_FINISH a write operation Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> ACPI: processor: perflib: Move problematic pr->performance check Armin Wolf <W_Armin(a)gmx.de> ACPI: EC: Relax sanity check of the ECDT ID string Lukas Wunner <lukas(a)wunner.de> PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports Jiayi Li <lijiayi(a)kylinos.cn> ACPI: processor: perflib: Fix initial _PPC limit application Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Documentation: ACPI: Fix parent device references Sasha Levin <sashal(a)kernel.org> fs: Prevent file descriptor table allocations exceeding INT_MAX Eric Biggers <ebiggers(a)kernel.org> lib/crypto: x86/poly1305: Fix performance regression on short messages Eric Biggers <ebiggers(a)kernel.org> lib/crypto: x86/poly1305: Fix register corruption in no-SIMD contexts Eric Biggers <ebiggers(a)kernel.org> fscrypt: Don't use problematic non-inline crypto engines André Draszik <andre.draszik(a)linaro.org> clk: samsung: gs101: fix alternate mout_hsi0_usb20_ref parent clock André Draszik <andre.draszik(a)linaro.org> clk: samsung: gs101: fix CLK_DOUT_CMU_G3D_BUSD André Draszik <andre.draszik(a)linaro.org> clk: samsung: exynos850: fix a comment Ma Ke <make24(a)iscas.ac.cn> sunvdc: Balance device refcount in vdc_port_mpgroup_check Wentao Guan <guanwentao(a)uniontech.com> LoongArch: vDSO: Remove -nostdlib complier flag Yao Zi <ziyao(a)disroot.org> LoongArch: Avoid in-place string operation on FDT content Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Make relocate_new_kernel_size be a .quad value Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> LoongArch: Don't use %pK through printk() in unwinder Haoran Jiang <jianghaoran(a)kylinos.cn> LoongArch: BPF: Fix jump offset calculation in tailcall Huacai Chen <chenhuacai(a)kernel.org> PCI: Extend isolated function probing to LoongArch Trond Myklebust <trond.myklebust(a)hammerspace.com> NFS: Fix the setting of capabilities when automounting a new filesystem Dai Ngo <dai.ngo(a)oracle.com> NFSD: detect mismatch of file handle and delegation stateid in OPEN op Jeff Layton <jlayton(a)kernel.org> nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() Christian Brauner <brauner(a)kernel.org> fhandle: raise FILEID_IS_DIR in handle_type Fabio Porcedda <fabio.porcedda(a)gmail.com> net: usb: qmi_wwan: add Telit Cinterion FN990A w/audio composition Xu Yang <xu.yang_2(a)nxp.com> net: usb: asix_devices: add phy_mask for ax88772 mdio bus Johan Hovold <johan(a)kernel.org> net: dpaa: fix device leak when querying time stamp info Johan Hovold <johan(a)kernel.org> net: ti: icss-iep: fix device and OF node leaks at probe Johan Hovold <johan(a)kernel.org> net: mtk_eth_soc: fix device leak at probe Johan Hovold <johan(a)kernel.org> net: enetc: fix device and OF node leak at probe Johan Hovold <johan(a)kernel.org> net: gianfar: fix device leak when querying time stamp info Heiner Kallweit <hkallweit1(a)gmail.com> net: ftgmac100: fix potential NULL pointer access in ftgmac100_phy_disconnect Florian Larysch <fl(a)n621.de> net: phy: micrel: fix KSZ8081/KSZ8091 cable test Fedor Pchelkin <pchelkin(a)ispras.ru> netlink: avoid infinite retry looping in netlink_unicast() Daniel Golle <daniel(a)makrotopia.org> Revert "leds: trigger: netdev: Configure LED blink interval for HW offload" Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> leds: flash: leds-qcom-flash: Fix registry access after re-bind David Thompson <davthompson(a)nvidia.com> gpio: mlxbf3: use platform_get_irq_optional() David Thompson <davthompson(a)nvidia.com> Revert "gpio: mlxbf3: only get IRQ for device instance 0" Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> Revert "gpio: pxa: Make irq_chip immutable" David Thompson <davthompson(a)nvidia.com> gpio: mlxbf2: use platform_get_irq_optional() Dongcheng Yan <dongcheng.yan(a)intel.com> media: i2c: set lt6911uxe's reset_gpio to GPIOD_OUT_LOW Siddharth Vadapalli <s-vadapalli(a)ti.com> arm64: dts: ti: k3-j722s-evm: Fix USB gpio-hog level for Type-C Harald Mommer <harald.mommer(a)oss.qualcomm.com> gpio: virtio: Fix config space reading. Wang Zhaolong <wangzhaolong(a)huaweicloud.com> smb: client: remove redundant lstrp update in negotiate protocol Steve French <stfrench(a)microsoft.com> smb3: fix for slab out of bounds on mount to ksmbd Christopher Eby <kreed(a)kreed.org> ALSA: hda/realtek: Add Framework Laptop 13 (AMD Ryzen AI 300) to quirks Vasiliy Kovalev <kovalev(a)altlinux.org> ALSA: hda/realtek: Fix headset mic on HONOR BRB-X Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Validate UAC3 cluster segment descriptors Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Validate UAC3 power domain descriptors, too Jens Axboe <axboe(a)kernel.dk> io_uring/net: commit partial buffers on retry Jens Axboe <axboe(a)kernel.dk> io_uring/memmap: cast nr_pages to size_t before shifting Pavel Begunkov <asml.silence(a)gmail.com> io_uring/zcrx: account area memory Pavel Begunkov <asml.silence(a)gmail.com> io_uring: export io_[un]account_mem Pavel Begunkov <asml.silence(a)gmail.com> io_uring: don't use int for ABI ------------- Diffstat: Documentation/filesystems/fscrypt.rst | 37 +- Documentation/firmware-guide/acpi/i2c-muxes.rst | 8 +- Documentation/sphinx/kernel_abi.py | 6 +- Makefile | 4 +- arch/arm/mach-rockchip/platsmp.c | 15 +- arch/arm/mach-tegra/reset.c | 2 +- arch/arm64/boot/dts/ti/k3-j722s-evm.dts | 2 +- arch/arm64/include/asm/acpi.h | 2 +- arch/arm64/kernel/acpi.c | 10 +- arch/arm64/kernel/stacktrace.c | 2 + arch/arm64/kernel/traps.c | 1 + arch/arm64/mm/fault.c | 1 + arch/arm64/mm/ptdump_debugfs.c | 3 - arch/loongarch/kernel/env.c | 13 +- arch/loongarch/kernel/relocate_kernel.S | 2 +- arch/loongarch/kernel/unwind_orc.c | 2 +- arch/loongarch/net/bpf_jit.c | 21 +- arch/loongarch/vdso/Makefile | 2 +- arch/mips/include/asm/vpe.h | 8 + arch/mips/kernel/process.c | 16 +- arch/mips/lantiq/falcon/sysctrl.c | 23 +- arch/parisc/Makefile | 2 +- arch/powerpc/include/asm/floppy.h | 5 +- arch/powerpc/platforms/512x/mpc512x_lpbfifo.c | 6 +- arch/riscv/boot/dts/thead/th1520.dtsi | 10 +- arch/riscv/mm/ptdump.c | 3 - arch/s390/include/asm/timex.h | 13 +- arch/s390/kernel/early.c | 1 + arch/s390/kernel/time.c | 2 +- arch/s390/mm/dump_pagetables.c | 2 - arch/um/include/asm/thread_info.h | 4 + arch/um/kernel/process.c | 18 +- arch/x86/boot/startup/sev-shared.c | 1 + arch/x86/coco/sev/core.c | 2 + arch/x86/coco/sev/vc-handle.c | 42 +- arch/x86/include/asm/kvm_host.h | 7 + arch/x86/kernel/cpu/bugs.c | 5 +- arch/x86/kernel/fpu/xstate.c | 19 +- arch/x86/kvm/vmx/main.c | 2 + arch/x86/kvm/vmx/nested.c | 21 +- arch/x86/kvm/vmx/pmu_intel.c | 8 +- arch/x86/kvm/vmx/vmx.c | 41 +- arch/x86/kvm/vmx/vmx.h | 26 + arch/x86/kvm/x86.c | 14 +- arch/x86/lib/crypto/poly1305_glue.c | 48 +- block/bfq-iosched.c | 35 +- block/bfq-iosched.h | 3 +- block/blk-mq.c | 6 +- block/blk-settings.c | 2 +- block/blk-sysfs.c | 12 +- block/blk-zoned.c | 20 +- block/blk.h | 1 + block/genhd.c | 2 + block/kyber-iosched.c | 9 +- block/mq-deadline.c | 16 +- crypto/jitterentropy-kcapi.c | 9 +- drivers/accel/habanalabs/common/memory.c | 23 +- drivers/acpi/acpi_processor.c | 2 +- drivers/acpi/apei/ghes.c | 13 + drivers/acpi/ec.c | 10 +- drivers/acpi/prmt.c | 26 +- drivers/acpi/processor_perflib.c | 11 + drivers/android/binder_alloc_selftest.c | 2 +- drivers/ata/ahci.c | 12 +- drivers/ata/ata_piix.c | 1 + drivers/ata/libahci.c | 1 + drivers/ata/libata-sata.c | 52 +- drivers/base/power/runtime.c | 5 + drivers/base/regmap/regmap-irq.c | 19 +- drivers/block/drbd/drbd_receiver.c | 6 +- drivers/block/loop.c | 38 +- drivers/block/sunvdc.c | 4 +- drivers/block/ublk_drv.c | 16 +- drivers/bluetooth/btusb.c | 3 + drivers/bus/mhi/host/pci_generic.c | 20 +- drivers/char/ipmi/ipmi_msghandler.c | 8 +- drivers/char/ipmi/ipmi_watchdog.c | 59 +- drivers/char/misc.c | 4 +- drivers/char/tpm/tpm-interface.c | 17 +- drivers/char/tpm/tpm_crb_ffa.c | 19 +- drivers/clk/qcom/dispcc-sm8750.c | 10 +- drivers/clk/qcom/gcc-ipq5018.c | 2 +- drivers/clk/qcom/gcc-ipq8074.c | 6 +- drivers/clk/renesas/rzg2l-cpg.c | 8 +- drivers/clk/samsung/clk-exynos850.c | 2 +- drivers/clk/samsung/clk-gs101.c | 4 +- drivers/clk/tegra/clk-periph.c | 4 +- drivers/clk/thead/clk-th1520-ap.c | 5 +- drivers/comedi/comedi_fops.c | 33 +- drivers/comedi/comedi_internal.h | 1 + drivers/comedi/drivers.c | 13 +- drivers/cpufreq/cppc_cpufreq.c | 2 +- drivers/cpufreq/cpufreq.c | 8 +- drivers/cpufreq/intel_pstate.c | 2 + drivers/cpuidle/governors/menu.c | 21 +- drivers/crypto/caam/ctrl.c | 2 +- drivers/crypto/ccp/sp-pci.c | 1 + drivers/crypto/hisilicon/hpre/hpre_crypto.c | 8 +- .../crypto/marvell/octeontx2/otx2_cptpf_ucode.c | 16 +- drivers/devfreq/governor_userspace.c | 6 +- drivers/dma/stm32/stm32-dma.c | 2 +- drivers/edac/ie31200_edac.c | 4 + drivers/edac/synopsys_edac.c | 93 +- drivers/firmware/arm_ffa/driver.c | 2 +- drivers/firmware/arm_scmi/scmi_power_control.c | 22 +- drivers/firmware/tegra/Kconfig | 5 +- drivers/gpio/gpio-loongson-64bit.c | 6 + drivers/gpio/gpio-mlxbf2.c | 2 +- drivers/gpio/gpio-mlxbf3.c | 52 +- drivers/gpio/gpio-pxa.c | 8 +- drivers/gpio/gpio-tps65912.c | 7 +- drivers/gpio/gpio-virtio.c | 9 +- drivers/gpio/gpio-wcd934x.c | 7 +- drivers/gpu/drm/amd/amdgpu/aldebaran.c | 33 +- drivers/gpu/drm/amd/amdgpu/amdgpu_cper.c | 6 +- drivers/gpu/drm/amd/amdgpu/amdgpu_csa.c | 4 +- drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c | 4 + drivers/gpu/drm/amd/amdgpu/amdgpu_psp.h | 11 + drivers/gpu/drm/amd/amdgpu/amdgpu_ras_eeprom.c | 2 + drivers/gpu/drm/amd/amdgpu/amdgpu_vram_mgr.c | 3 +- drivers/gpu/drm/amd/amdgpu/psp_v10_0.c | 4 +- drivers/gpu/drm/amd/amdgpu/psp_v11_0.c | 31 +- drivers/gpu/drm/amd/amdgpu/psp_v11_0_8.c | 25 +- drivers/gpu/drm/amd/amdgpu/psp_v12_0.c | 18 +- drivers/gpu/drm/amd/amdgpu/psp_v13_0.c | 25 +- drivers/gpu/drm/amd/amdgpu/psp_v13_0_4.c | 25 +- drivers/gpu/drm/amd/amdgpu/psp_v14_0.c | 25 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 28 +- .../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_psr.c | 6 +- drivers/gpu/drm/amd/display/dc/core/dc.c | 12 +- .../drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c | 11 +- drivers/gpu/drm/amd/display/dc/link/link_dpms.c | 3 +- .../gpu/drm/amd/display/dc/mpc/dcn401/dcn401_mpc.c | 2 +- .../display/dc/resource/dcn314/dcn314_resource.c | 1 + drivers/gpu/drm/amd/display/dmub/src/dmub_dcn35.c | 16 +- drivers/gpu/drm/amd/pm/amdgpu_pm.c | 5 + drivers/gpu/drm/amd/pm/swsmu/smu11/vangogh_ppt.c | 37 +- drivers/gpu/drm/amd/pm/swsmu/smu_cmn.h | 41 +- drivers/gpu/drm/clients/drm_client_setup.c | 5 + drivers/gpu/drm/i915/display/intel_fbc.c | 8 +- drivers/gpu/drm/i915/display/intel_psr.c | 14 +- drivers/gpu/drm/imagination/pvr_power.c | 59 +- drivers/gpu/drm/msm/Makefile | 5 + drivers/gpu/drm/msm/adreno/a6xx_catalog.c | 2 +- drivers/gpu/drm/msm/adreno/a6xx_gpu.h | 4 + drivers/gpu/drm/msm/adreno/a6xx_gpu_state.c | 2 +- drivers/gpu/drm/msm/adreno/a6xx_gpu_state.h | 2 +- drivers/gpu/drm/msm/adreno/a6xx_preempt.c | 2 +- .../gpu/drm/msm/adreno/adreno_gen7_9_0_snapshot.h | 4 +- drivers/gpu/drm/msm/msm_drv.c | 9 +- drivers/gpu/drm/msm/msm_gem.c | 3 +- drivers/gpu/drm/msm/msm_gem.h | 6 + drivers/gpu/drm/msm/registers/adreno/a6xx.xml | 3576 ++++---------------- .../drm/msm/registers/adreno/a6xx_descriptors.xml | 198 ++ .../gpu/drm/msm/registers/adreno/a6xx_enums.xml | 383 +++ .../drm/msm/registers/adreno/a6xx_perfcntrs.xml | 600 ++++ .../gpu/drm/msm/registers/adreno/a7xx_enums.xml | 223 ++ .../drm/msm/registers/adreno/a7xx_perfcntrs.xml | 1030 ++++++ .../gpu/drm/msm/registers/adreno/adreno_pm4.xml | 302 +- drivers/gpu/drm/panel/panel-raydium-rm67200.c | 22 +- drivers/gpu/drm/renesas/rz-du/rzg2l_mipi_dsi.c | 3 + drivers/gpu/drm/scheduler/sched_main.c | 34 +- drivers/gpu/drm/scheduler/tests/tests_basic.c | 42 + drivers/gpu/drm/ttm/ttm_pool.c | 8 +- drivers/gpu/drm/ttm/ttm_resource.c | 3 + drivers/gpu/drm/xe/xe_guc_exec_queue_types.h | 2 + drivers/gpu/drm/xe/xe_guc_submit.c | 7 +- drivers/gpu/drm/xe/xe_hw_fence.c | 3 + drivers/gpu/drm/xe/xe_hwmon.c | 29 + drivers/gpu/drm/xe/xe_migrate.c | 42 +- drivers/gpu/drm/xe/xe_query.c | 27 +- drivers/hid/hid-core.c | 4 +- drivers/hwmon/emc2305.c | 10 +- drivers/i2c/i2c-core-acpi.c | 1 + drivers/i2c/i2c-core-base.c | 8 +- drivers/i3c/internals.h | 1 + drivers/i3c/master.c | 4 +- drivers/idle/intel_idle.c | 2 +- drivers/iio/adc/ad7768-1.c | 23 +- drivers/iio/adc/ad_sigma_delta.c | 2 +- drivers/infiniband/core/nldev.c | 22 +- drivers/infiniband/hw/bnxt_re/ib_verbs.c | 2 +- drivers/infiniband/hw/hfi1/affinity.c | 44 +- drivers/infiniband/sw/siw/siw_qp_tx.c | 5 +- drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 7 +- drivers/iommu/arm/arm-smmu/arm-smmu-qcom.c | 1 + drivers/iommu/intel/iommu.c | 19 +- drivers/iommu/intel/iommu.h | 3 + drivers/iommu/iommufd/io_pagetable.c | 48 +- drivers/irqchip/irq-mips-gic.c | 8 +- drivers/irqchip/irq-mvebu-gicp.c | 10 + drivers/irqchip/irq-renesas-rzv2h.c | 4 +- drivers/leds/flash/leds-qcom-flash.c | 15 +- drivers/leds/leds-lp50xx.c | 11 +- drivers/leds/trigger/ledtrig-netdev.c | 16 +- drivers/md/dm-ps-historical-service-time.c | 4 +- drivers/md/dm-ps-queue-length.c | 4 +- drivers/md/dm-ps-round-robin.c | 4 +- drivers/md/dm-ps-service-time.c | 4 +- drivers/md/dm-stripe.c | 1 + drivers/md/dm-table.c | 10 +- drivers/md/dm-zoned-target.c | 2 +- drivers/md/dm.c | 37 +- drivers/md/raid10.c | 1 + drivers/media/dvb-frontends/dib7000p.c | 8 + drivers/media/i2c/hi556.c | 7 +- drivers/media/i2c/lt6911uxe.c | 2 +- drivers/media/i2c/tc358743.c | 86 +- drivers/media/i2c/vd55g1.c | 11 +- drivers/media/pci/intel/ipu-bridge.c | 2 + drivers/media/platform/qcom/iris/iris_buffer.c | 11 +- .../platform/qcom/iris/iris_hfi_gen1_defines.h | 2 + .../platform/qcom/iris/iris_hfi_gen1_response.c | 6 + drivers/media/platform/qcom/venus/hfi_msgs.c | 83 +- drivers/media/platform/raspberrypi/rp1-cfe/cfe.c | 4 +- drivers/media/usb/hdpvr/hdpvr-i2c.c | 6 + drivers/media/usb/uvc/uvc_ctrl.c | 65 +- drivers/media/usb/uvc/uvc_driver.c | 12 + drivers/media/usb/uvc/uvc_video.c | 21 +- drivers/media/usb/uvc/uvcvideo.h | 2 + drivers/media/v4l2-core/v4l2-common.c | 14 +- drivers/mfd/axp20x.c | 3 +- drivers/mfd/cros_ec_dev.c | 10 +- drivers/misc/cardreader/rtsx_usb.c | 16 +- drivers/misc/mei/bus.c | 6 + drivers/mmc/host/rtsx_usb_sdmmc.c | 4 +- drivers/mmc/host/sdhci-esdhc-imx.c | 16 +- drivers/mmc/host/sdhci-msm.c | 14 + drivers/net/can/ti_hecc.c | 2 +- drivers/net/dsa/b53/b53_common.c | 76 +- drivers/net/dsa/b53/b53_regs.h | 7 +- drivers/net/ethernet/agere/et131x.c | 36 + drivers/net/ethernet/aquantia/atlantic/aq_hw.h | 2 + .../aquantia/atlantic/hw_atl2/hw_atl2_utils_fw.c | 39 + drivers/net/ethernet/atheros/ag71xx.c | 9 + drivers/net/ethernet/broadcom/bnxt/bnxt.c | 29 +- drivers/net/ethernet/cavium/thunder/thunder_bgx.c | 4 +- drivers/net/ethernet/emulex/benet/be_main.c | 8 +- drivers/net/ethernet/faraday/ftgmac100.c | 7 +- drivers/net/ethernet/freescale/dpaa/dpaa_eth.c | 2 - drivers/net/ethernet/freescale/dpaa/dpaa_ethtool.c | 4 +- .../net/ethernet/freescale/enetc/enetc_ethtool.c | 15 +- drivers/net/ethernet/freescale/enetc/enetc_hw.h | 1 + drivers/net/ethernet/freescale/enetc/enetc_pf.c | 14 +- drivers/net/ethernet/freescale/fec_main.c | 34 +- drivers/net/ethernet/freescale/gianfar_ethtool.c | 4 +- drivers/net/ethernet/google/gve/gve_adminq.c | 1 + drivers/net/ethernet/hisilicon/hibmcge/hbg_err.c | 14 +- drivers/net/ethernet/hisilicon/hibmcge/hbg_hw.c | 15 +- drivers/net/ethernet/hisilicon/hibmcge/hbg_txrx.h | 7 +- drivers/net/ethernet/intel/idpf/idpf.h | 19 + drivers/net/ethernet/intel/idpf/idpf_ethtool.c | 36 +- drivers/net/ethernet/intel/idpf/idpf_lib.c | 18 +- drivers/net/ethernet/intel/idpf/idpf_main.c | 1 + drivers/net/ethernet/intel/idpf/idpf_txrx.c | 13 +- drivers/net/ethernet/mediatek/mtk_wed.c | 1 - drivers/net/ethernet/mellanox/mlx5/core/en/qos.c | 2 +- drivers/net/ethernet/pensando/ionic/ionic_lif.c | 7 +- drivers/net/ethernet/stmicro/stmmac/dwmac-thead.c | 14 + drivers/net/ethernet/ti/icssg/icss_iep.c | 26 +- drivers/net/ethernet/ti/icssg/icssg_prueth.c | 6 + drivers/net/hamradio/bpqether.c | 2 +- drivers/net/hyperv/hyperv_net.h | 3 + drivers/net/hyperv/netvsc_drv.c | 29 +- drivers/net/pcs/pcs-xpcs-plat.c | 4 +- drivers/net/phy/air_en8811h.c | 45 +- drivers/net/phy/broadcom.c | 25 +- drivers/net/phy/mdio_bus.c | 1 + drivers/net/phy/mdio_bus_provider.c | 3 - drivers/net/phy/micrel.c | 12 +- drivers/net/phy/nxp-c45-tja11xx.c | 23 +- drivers/net/phy/realtek/realtek_main.c | 10 +- drivers/net/phy/smsc.c | 1 + drivers/net/thunderbolt/main.c | 21 +- drivers/net/usb/asix_devices.c | 1 + drivers/net/usb/cdc_ncm.c | 20 +- drivers/net/usb/qmi_wwan.c | 1 + drivers/net/wan/lapbether.c | 2 +- drivers/net/wireless/ath/ath10k/core.c | 48 +- drivers/net/wireless/ath/ath10k/core.h | 11 +- drivers/net/wireless/ath/ath10k/mac.c | 7 +- drivers/net/wireless/ath/ath10k/wmi.c | 6 + drivers/net/wireless/ath/ath12k/dp.c | 3 +- drivers/net/wireless/ath/ath12k/hw.c | 2 +- drivers/net/wireless/ath/ath12k/mac.c | 57 +- drivers/net/wireless/ath/ath12k/wmi.c | 5 + drivers/net/wireless/intel/iwlegacy/4965-mac.c | 5 +- drivers/net/wireless/intel/iwlwifi/dvm/rs.c | 2 +- drivers/net/wireless/intel/iwlwifi/fw/dbg.c | 7 +- drivers/net/wireless/intel/iwlwifi/iwl-drv.c | 8 +- drivers/net/wireless/intel/iwlwifi/mld/agg.c | 5 + drivers/net/wireless/intel/iwlwifi/mld/iface.h | 3 + drivers/net/wireless/intel/iwlwifi/mld/link.c | 8 +- drivers/net/wireless/intel/iwlwifi/mld/mac80211.c | 1 + drivers/net/wireless/intel/iwlwifi/mld/mld.c | 2 +- drivers/net/wireless/intel/iwlwifi/mld/mlo.c | 8 +- drivers/net/wireless/intel/iwlwifi/mld/scan.c | 2 +- drivers/net/wireless/intel/iwlwifi/mld/scan.h | 2 +- drivers/net/wireless/intel/iwlwifi/mvm/d3.c | 2 + drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c | 5 + drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 2 +- drivers/net/wireless/intel/iwlwifi/pcie/internal.h | 1 + .../net/wireless/intel/iwlwifi/pcie/trans-gen2.c | 5 + drivers/net/wireless/intel/iwlwifi/pcie/trans.c | 2 +- drivers/net/wireless/mediatek/mt76/channel.c | 4 +- drivers/net/wireless/mediatek/mt76/mt76.h | 5 +- drivers/net/wireless/mediatek/mt76/mt7915/mcu.c | 28 +- drivers/net/wireless/mediatek/mt76/mt7996/mac.c | 4 +- drivers/net/wireless/realtek/rtlwifi/pci.c | 23 +- drivers/net/wireless/realtek/rtw89/chan.c | 6 + drivers/net/wireless/realtek/rtw89/coex.c | 12 +- drivers/net/wireless/realtek/rtw89/core.c | 3 + drivers/net/wireless/realtek/rtw89/fw.c | 10 +- drivers/net/wireless/realtek/rtw89/fw.h | 2 + drivers/net/wireless/realtek/rtw89/mac.c | 19 + drivers/net/wireless/realtek/rtw89/reg.h | 1 + drivers/net/wireless/realtek/rtw89/wow.c | 5 +- drivers/net/xen-netfront.c | 5 - drivers/nvme/host/pci.c | 24 +- drivers/nvme/host/tcp.c | 11 +- drivers/pci/controller/dwc/pcie-dw-rockchip.c | 15 +- drivers/pci/pci-acpi.c | 4 +- drivers/pci/pci.c | 6 +- drivers/pci/probe.c | 2 +- drivers/perf/arm-cmn.c | 1 + drivers/perf/arm-ni.c | 1 + drivers/perf/cxl_pmu.c | 2 +- drivers/phy/rockchip/phy-rockchip-pcie.c | 15 +- drivers/pinctrl/stm32/pinctrl-stm32.c | 1 + drivers/platform/chrome/cros_ec_sensorhub.c | 23 +- drivers/platform/chrome/cros_ec_typec.c | 4 +- drivers/platform/x86/amd/pmc/pmc-quirks.c | 9 + drivers/platform/x86/thinkpad_acpi.c | 4 +- drivers/pmdomain/imx/imx8m-blk-ctrl.c | 10 + drivers/pmdomain/ti/Kconfig | 2 +- drivers/power/supply/qcom_battmgr.c | 2 + drivers/pps/clients/pps-gpio.c | 5 +- drivers/ptp/ptp_clock.c | 2 +- drivers/ptp/ptp_private.h | 5 + drivers/ptp/ptp_vclock.c | 7 + drivers/remoteproc/imx_rproc.c | 4 +- drivers/reset/Kconfig | 10 +- drivers/rtc/rtc-ds1307.c | 15 +- drivers/s390/char/sclp.c | 4 +- drivers/scsi/aacraid/comminit.c | 3 +- drivers/scsi/bfa/bfad_im.c | 1 + drivers/scsi/libiscsi.c | 3 +- drivers/scsi/lpfc/lpfc_debugfs.c | 1 - drivers/scsi/lpfc/lpfc_hbadisc.c | 3 +- drivers/scsi/lpfc/lpfc_scsi.c | 4 + drivers/scsi/mpi3mr/mpi3mr_os.c | 20 +- drivers/scsi/mpt3sas/mpt3sas_scsih.c | 19 + drivers/scsi/pm8001/pm80xx_hwi.c | 12 +- drivers/scsi/scsi_scan.c | 2 +- drivers/scsi/scsi_transport_sas.c | 62 +- drivers/soc/qcom/mdt_loader.c | 10 +- drivers/soc/qcom/rpmh-rsc.c | 2 +- drivers/soundwire/amd_manager.c | 7 +- drivers/soundwire/bus.c | 6 +- drivers/staging/gpib/ni_usb/ni_usb_gpib.c | 14 +- drivers/target/target_core_fabric_lib.c | 65 +- drivers/target/target_core_internal.h | 4 +- drivers/target/target_core_pr.c | 18 +- drivers/thermal/qcom/qcom-spmi-temp-alarm.c | 43 +- drivers/thermal/thermal_sysfs.c | 9 +- drivers/thunderbolt/domain.c | 2 +- drivers/tty/serial/serial_core.c | 44 +- drivers/ufs/core/ufshcd.c | 9 +- drivers/usb/class/cdc-acm.c | 11 +- drivers/usb/core/config.c | 10 +- drivers/usb/core/urb.c | 2 +- drivers/usb/dwc3/dwc3-xilinx.c | 1 + drivers/usb/host/xhci-mem.c | 2 + drivers/usb/host/xhci-ring.c | 10 +- drivers/usb/host/xhci.c | 6 +- drivers/usb/typec/mux/intel_pmc_mux.c | 2 +- drivers/usb/typec/tcpm/fusb302.c | 8 + drivers/usb/typec/tcpm/tcpci_maxim_core.c | 46 +- drivers/usb/typec/ucsi/cros_ec_ucsi.c | 1 + drivers/usb/typec/ucsi/psy.c | 2 +- drivers/usb/typec/ucsi/ucsi.c | 1 + drivers/usb/typec/ucsi/ucsi.h | 7 +- drivers/vfio/pci/mlx5/cmd.c | 4 +- drivers/vfio/vfio_iommu_type1.c | 7 + drivers/vhost/vhost.c | 3 + drivers/video/fbdev/Kconfig | 2 +- drivers/video/fbdev/core/fbcon.c | 9 +- drivers/video/fbdev/core/fbmem.c | 3 + drivers/virt/coco/efi_secret/efi_secret.c | 10 +- drivers/watchdog/dw_wdt.c | 2 + drivers/watchdog/iTCO_wdt.c | 6 +- drivers/watchdog/sbsa_gwdt.c | 50 +- fs/btrfs/block-group.c | 31 +- fs/btrfs/ctree.c | 1 + fs/btrfs/disk-io.c | 1 + fs/btrfs/extent-tree.c | 33 +- fs/btrfs/file.c | 59 +- fs/btrfs/inode.c | 2 +- fs/btrfs/ioctl.c | 3 +- fs/btrfs/qgroup.c | 44 +- fs/btrfs/relocation.c | 19 + fs/btrfs/send.c | 33 + fs/btrfs/transaction.c | 6 +- fs/btrfs/tree-log.c | 107 +- fs/btrfs/zoned.c | 66 +- fs/btrfs/zoned.h | 3 + fs/crypto/fscrypt_private.h | 17 + fs/crypto/hkdf.c | 2 +- fs/crypto/keysetup.c | 3 +- fs/crypto/keysetup_v1.c | 3 +- fs/erofs/super.c | 4 +- fs/exfat/dir.c | 12 + fs/exfat/fatent.c | 10 + fs/exfat/namei.c | 5 + fs/exfat/super.c | 32 +- fs/ext2/inode.c | 12 +- fs/ext4/ext4.h | 2 +- fs/ext4/ialloc.c | 3 +- fs/ext4/inline.c | 19 +- fs/ext4/inode.c | 22 +- fs/ext4/mballoc-test.c | 9 + fs/ext4/mballoc.c | 69 +- fs/f2fs/file.c | 24 +- fs/f2fs/node.c | 29 +- fs/fhandle.c | 2 +- fs/file.c | 15 + fs/gfs2/dir.c | 6 +- fs/gfs2/glops.c | 6 + fs/gfs2/meta_io.c | 2 + fs/hfs/bfind.c | 3 + fs/hfs/bnode.c | 93 + fs/hfs/btree.c | 57 +- fs/hfs/extent.c | 2 +- fs/hfs/hfs_fs.h | 1 + fs/hfsplus/bnode.c | 92 + fs/hfsplus/unicode.c | 7 + fs/hfsplus/xattr.c | 6 +- fs/jfs/file.c | 3 + fs/jfs/inode.c | 2 +- fs/jfs/jfs_dmap.c | 6 + fs/libfs.c | 4 +- fs/nfs/blocklayout/blocklayout.c | 4 +- fs/nfs/blocklayout/dev.c | 5 +- fs/nfs/blocklayout/extent_tree.c | 20 +- fs/nfs/client.c | 44 +- fs/nfs/internal.h | 2 +- fs/nfs/nfs4client.c | 20 +- fs/nfs/nfs4proc.c | 2 +- fs/nfs/pnfs.c | 11 +- fs/nfsd/nfs4state.c | 34 +- fs/ntfs3/dir.c | 3 + fs/ntfs3/inode.c | 31 +- fs/ocfs2/aops.c | 1 + fs/orangefs/orangefs-debugfs.c | 2 +- fs/pidfs.c | 2 + fs/proc/task_mmu.c | 6 +- fs/smb/client/cifsencrypt.c | 79 +- fs/smb/client/cifssmb.c | 10 + fs/smb/client/compress.c | 61 +- fs/smb/client/connect.c | 1 - fs/smb/client/sess.c | 9 + fs/smb/client/smb2ops.c | 11 +- fs/smb/client/smbdirect.c | 25 +- fs/smb/server/smb2pdu.c | 16 +- fs/tracefs/inode.c | 11 + fs/udf/super.c | 13 +- fs/xfs/scrub/trace.h | 2 +- include/drm/gpu_scheduler.h | 18 + include/linux/blk_types.h | 6 +- include/linux/blkdev.h | 55 + include/linux/hid.h | 2 + include/linux/hypervisor.h | 3 + include/linux/if_vlan.h | 21 +- include/linux/libata.h | 1 + include/linux/memory-tiers.h | 2 +- include/linux/packing.h | 6 +- include/linux/pci.h | 6 + include/linux/sbitmap.h | 6 +- include/linux/skbuff.h | 8 +- include/linux/usb/cdc_ncm.h | 1 + include/linux/virtio_vsock.h | 7 +- include/net/bluetooth/hci.h | 6 + include/net/bluetooth/hci_core.h | 5 +- include/net/cfg80211.h | 2 +- include/net/ip_vs.h | 13 + include/net/kcm.h | 1 - include/net/mac80211.h | 4 + include/net/page_pool/types.h | 2 + include/sound/sdca_function.h | 2 + include/trace/events/thp.h | 2 + include/uapi/linux/in6.h | 4 +- include/uapi/linux/io_uring.h | 2 +- io_uring/memmap.c | 2 +- io_uring/net.c | 27 +- io_uring/rsrc.c | 4 +- io_uring/rsrc.h | 2 + io_uring/rw.c | 2 +- io_uring/zcrx.c | 34 +- io_uring/zcrx.h | 1 + kernel/.gitignore | 2 + kernel/Makefile | 47 +- kernel/bpf/verifier.c | 7 +- kernel/futex/futex.h | 6 +- kernel/gen_kheaders.sh | 88 +- kernel/kthread.c | 1 + kernel/module/main.c | 10 +- kernel/power/console.c | 7 +- kernel/printk/nbcon.c | 63 +- kernel/rcu/rcutorture.c | 9 +- kernel/rcu/tree.c | 2 + kernel/rcu/tree.h | 14 +- kernel/rcu/tree_nocb.h | 5 +- kernel/rcu/tree_plugin.h | 44 +- kernel/sched/deadline.c | 4 +- kernel/sched/fair.c | 19 +- kernel/sched/rt.c | 6 + kernel/trace/fprobe.c | 4 +- kernel/trace/rv/rv_trace.h | 3 +- lib/sbitmap.c | 56 +- mm/damon/core.c | 1 + mm/huge_memory.c | 7 +- mm/kmemleak.c | 10 +- mm/ptdump.c | 2 + mm/shmem.c | 39 +- mm/slub.c | 7 +- mm/userfaultfd.c | 15 +- net/bluetooth/hci_conn.c | 3 +- net/bluetooth/hci_event.c | 39 +- net/bluetooth/hci_sock.c | 2 +- net/core/ieee8021q_helpers.c | 44 +- net/core/page_pool.c | 29 + net/ipv4/route.c | 1 - net/ipv4/udp_offload.c | 2 +- net/ipv6/addrconf.c | 7 +- net/ipv6/mcast.c | 11 +- net/ipv6/xfrm6_tunnel.c | 2 +- net/kcm/kcmsock.c | 10 +- net/mac80211/chan.c | 1 + net/mac80211/ht.c | 40 +- net/mac80211/ieee80211_i.h | 6 + net/mac80211/iface.c | 29 + net/mac80211/link.c | 9 +- net/mac80211/mlme.c | 45 +- net/mac80211/rx.c | 47 +- net/mctp/af_mctp.c | 28 +- net/ncsi/internal.h | 2 +- net/ncsi/ncsi-rsp.c | 1 + net/netfilter/ipvs/ip_vs_est.c | 3 +- net/netfilter/nf_conntrack_netlink.c | 65 +- net/netfilter/nf_tables_api.c | 30 + net/netfilter/nft_set_pipapo.c | 9 +- net/netlink/af_netlink.c | 2 +- net/sched/sch_ets.c | 11 +- net/sctp/input.c | 2 +- net/tls/tls.h | 2 +- net/tls/tls_strp.c | 11 +- net/tls/tls_sw.c | 3 +- net/vmw_vsock/virtio_transport.c | 2 +- net/wireless/mlme.c | 3 +- net/xfrm/xfrm_device.c | 12 +- net/xfrm/xfrm_state.c | 76 +- rust/Makefile | 16 +- samples/damon/mtier.c | 10 + samples/damon/wsse.c | 12 +- scripts/kconfig/gconf.c | 8 +- scripts/kconfig/lxdialog/inputbox.c | 6 +- scripts/kconfig/lxdialog/menubox.c | 2 +- scripts/kconfig/nconf.c | 2 + scripts/kconfig/nconf.gui.c | 1 + security/apparmor/domain.c | 52 +- security/apparmor/file.c | 6 +- security/apparmor/include/lib.h | 6 +- security/inode.c | 2 - security/landlock/syscalls.c | 1 - sound/core/pcm_native.c | 19 +- sound/pci/hda/cs35l41_hda.c | 2 + sound/pci/hda/cs35l56_hda.c | 4 + sound/pci/hda/hda_codec.c | 44 +- sound/pci/hda/patch_ca0132.c | 2 +- sound/pci/hda/patch_realtek.c | 3 + sound/pci/intel8x0.c | 2 +- sound/soc/codecs/hdac_hdmi.c | 10 +- sound/soc/codecs/rt5640.c | 5 + sound/soc/fsl/fsl_sai.c | 20 +- sound/soc/intel/avs/core.c | 3 +- sound/soc/intel/boards/sof_sdw.c | 8 + sound/soc/qcom/lpass-platform.c | 27 +- sound/soc/sdca/sdca_functions.c | 2 + sound/soc/soc-core.c | 3 + sound/soc/soc-dapm.c | 4 + sound/soc/sof/topology.c | 15 +- sound/usb/mixer_quirks.c | 14 +- sound/usb/stream.c | 25 +- sound/usb/validate.c | 12 + tools/bpf/bpftool/main.c | 6 +- tools/include/nolibc/std.h | 4 +- tools/include/nolibc/types.h | 4 +- tools/lib/bpf/libbpf.c | 7 +- .../cpupower/utils/idle_monitor/mperf_monitor.c | 4 +- tools/power/x86/turbostat/turbostat.c | 14 +- tools/scripts/Makefile.include | 4 +- tools/testing/ktest/ktest.pl | 5 +- tools/testing/selftests/arm64/fp/sve-ptrace.c | 3 +- tools/testing/selftests/bpf/prog_tests/ringbuf.c | 4 +- .../selftests/bpf/prog_tests/user_ringbuf.c | 10 +- .../selftests/bpf/progs/test_ringbuf_write.c | 4 +- .../testing/selftests/bpf/progs/verifier_unpriv.c | 2 +- .../ftrace/test.d/ftrace/func-filter-glob.tc | 2 +- tools/testing/selftests/futex/include/futextest.h | 11 + tools/testing/selftests/kexec/Makefile | 2 +- tools/testing/selftests/net/netfilter/config | 2 +- tools/testing/selftests/vDSO/vdso_test_getrandom.c | 6 +- tools/verification/dot2/dot2k.py | 3 +- .../dot2/dot2k_templates/Kconfig_container | 5 + 614 files changed, 8815 insertions(+), 5270 deletions(-)

2 months, 3 weeks

13
15
0 0

[PATCH v3 2/3] PCI: Fix pdev_resources_assignable() disparity

by Ilpo Järvinen

pdev_sort_resources() uses pdev_resources_assignable() helper to decide if device's resources cannot be assigned. pbus_size_mem(), on the other hand, does not do the same check. This could lead into a situation where a resource ends up on realloc_head list but is not on the head list, which is turn prevents emptying the resource from the realloc_head list in __assign_resources_sorted(). A non-empty realloc_head is unacceptable because it triggers an internal sanity check as show in this log with a device that has class 0 (PCI_CLASS_NOT_DEFINED): pci 0001:01:00.0: [144d:a5a5] type 00 class 0x000000 PCIe Endpoint pci 0001:01:00.0: BAR 0 [mem 0x00000000-0x000fffff 64bit] pci 0001:01:00.0: ROM [mem 0x00000000-0x0000ffff pref] pci 0001:01:00.0: enabling Extended Tags pci 0001:01:00.0: PME# supported from D0 D3hot D3cold pci 0001:01:00.0: 15.752 Gb/s available PCIe bandwidth, limited by 8.0 GT/s PCIe x2 link at 0001:00:00.0 (capable of 31.506 Gb/s with 16.0 GT/s PCIe x2 link) pcieport 0001:00:00.0: bridge window [mem 0x00100000-0x001fffff] to [bus 01-ff] add_size 100000 add_align 100000 pcieport 0001:00:00.0: bridge window [mem 0x40000000-0x401fffff]: assigned ------------[ cut here ]------------ kernel BUG at drivers/pci/setup-bus.c:2532! Internal error: Oops - BUG: 00000000f2000800 [#1] SMP ... Call trace: pci_assign_unassigned_bus_resources+0x110/0x114 (P) pci_rescan_bus+0x28/0x48 Use pdev_resources_assignable() also within pbus_size_mem() to skip processing of non-assignable resources which removes the disparity in between what resources pdev_sort_resources() and pbus_size_mem() consider. As non-assignable resources are no longer processed, they are not added to the realloc_head list, thus the sanity check no longer triggers. This disparity problem is very old but only now became apparent after the commit 2499f5348431 ("PCI: Rework optional resource handling") that made the ROM resources optional when calculating bridge window sizes which required adding the resource to the realloc_head list. Previously, bridge windows were just sized larger than necessary. Fixes: 2499f5348431 ("PCI: Rework optional resource handling") Reported-by: Tudor Ambarus <tudor.ambarus(a)linaro.org> Closes: https://lore.kernel.org/all/5f103643-5e1c-43c6-b8fe-9617d3b5447c@linaro.org/ Signed-off-by: Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> Cc: <stable(a)vger.kernel.org> --- drivers/pci/setup-bus.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/pci/setup-bus.c b/drivers/pci/setup-bus.c index 527f0479e983..df5aec46c29d 100644 --- a/drivers/pci/setup-bus.c +++ b/drivers/pci/setup-bus.c @@ -1191,6 +1191,7 @@ static int pbus_size_mem(struct pci_bus *bus, unsigned long mask, resource_size_t r_size; if (r->parent || (r->flags & IORESOURCE_PCI_FIXED) || + !pdev_resources_assignable(dev) || ((r->flags & mask) != type && (r->flags & mask) != type2 && (r->flags & mask) != type3)) -- 2.39.5

2 months, 3 weeks

1
0
0 0

[PATCH v3 1/3] PCI: Relaxed tail alignment should never increase min_align

by Ilpo Järvinen

When using relaxed tail alignment for the bridge window, pbus_size_mem() also tries to minimize min_align, which can under certain scenarios end up increasing min_align from that found by calculate_mem_align(). Ensure min_align is not increased by the relaxed tail alignment. Eventually, it would be better to add calculate_relaxed_head_align() similar to calculate_mem_align() which finds out what alignment can be used for the head without introducing any gaps into the bridge window to give flexibility on head address too. But that looks relatively complex algorithm so it requires much more testing than fixing the immediate problem causing a regression. Fixes: 67f9085596ee ("PCI: Allow relaxed bridge window tail sizing for optional resources") Reported-by: Rio Liu <rio(a)r26.me> Closes: https://lore.kernel.org/all/o2bL8MtD_40-lf8GlslTw-AZpUPzm8nmfCnJKvS8RQ3NOzO… Tested-by: Rio Liu <rio(a)r26.me> Signed-off-by: Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> Cc: <stable(a)vger.kernel.org> --- drivers/pci/setup-bus.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/drivers/pci/setup-bus.c b/drivers/pci/setup-bus.c index 7853ac6999e2..527f0479e983 100644 --- a/drivers/pci/setup-bus.c +++ b/drivers/pci/setup-bus.c @@ -1169,6 +1169,7 @@ static int pbus_size_mem(struct pci_bus *bus, unsigned long mask, resource_size_t children_add_size = 0; resource_size_t children_add_align = 0; resource_size_t add_align = 0; + resource_size_t relaxed_align; if (!b_res) return -ENOSPC; @@ -1246,8 +1247,9 @@ static int pbus_size_mem(struct pci_bus *bus, unsigned long mask, if (bus->self && size0 && !pbus_upstream_space_available(bus, mask | IORESOURCE_PREFETCH, type, size0, min_align)) { - min_align = 1ULL << (max_order + __ffs(SZ_1M)); - min_align = max(min_align, win_align); + relaxed_align = 1ULL << (max_order + __ffs(SZ_1M)); + relaxed_align = max(relaxed_align, win_align); + min_align = min(min_align, relaxed_align); size0 = calculate_memsize(size, min_size, 0, 0, resource_size(b_res), win_align); pci_info(bus->self, "bridge window %pR to %pR requires relaxed alignment rules\n", b_res, &bus->busn_res); @@ -1261,8 +1263,9 @@ static int pbus_size_mem(struct pci_bus *bus, unsigned long mask, if (bus->self && size1 && !pbus_upstream_space_available(bus, mask | IORESOURCE_PREFETCH, type, size1, add_align)) { - min_align = 1ULL << (max_order + __ffs(SZ_1M)); - min_align = max(min_align, win_align); + relaxed_align = 1ULL << (max_order + __ffs(SZ_1M)); + relaxed_align = max(relaxed_align, win_align); + min_align = min(min_align, relaxed_align); size1 = calculate_memsize(size, min_size, add_size, children_add_size, resource_size(b_res), win_align); pci_info(bus->self, -- 2.39.5

2 months, 3 weeks

1
0
0 0

[PATCH] RISC-V: KVM: fix stack overrun when loading vlenb

by Radim Krčmář

The userspace load can put up to 2048 bits into an xlen bit stack buffer. We want only xlen bits, so check the size beforehand. Fixes: 2fa290372dfe ("RISC-V: KVM: add 'vlenb' Vector CSR") Cc: <stable(a)vger.kernel.org> Signed-off-by: Radim Krčmář <rkrcmar(a)ventanamicro.com> --- arch/riscv/kvm/vcpu_vector.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch/riscv/kvm/vcpu_vector.c b/arch/riscv/kvm/vcpu_vector.c index a5f88cb717f3..05f3cc2d8e31 100644 --- a/arch/riscv/kvm/vcpu_vector.c +++ b/arch/riscv/kvm/vcpu_vector.c @@ -182,6 +182,8 @@ int kvm_riscv_vcpu_set_reg_vector(struct kvm_vcpu *vcpu, struct kvm_cpu_context *cntx = &vcpu->arch.guest_context; unsigned long reg_val; + if (reg_size != sizeof(reg_val)) + return -EINVAL; if (copy_from_user(&reg_val, uaddr, reg_size)) return -EFAULT; if (reg_val != cntx->vector.vlenb) -- 2.50.0

2 months, 3 weeks

4
3
0 0

[PATCH 6.16.y] crypto: acomp - Fix CFI failure due to type punning

by Giovanni Cabiddu

From: Eric Biggers <ebiggers(a)kernel.org> [ Upstream commit 962ddc5a7a4b04c007bba0f3e7298cda13c62efd ] To avoid a crash when control flow integrity is enabled, make the workspace ("stream") free function use a consistent type, and call it through a function pointer that has that same type. Fixes: 42d9f6c77479 ("crypto: acomp - Move scomp stream allocation code into acomp") Cc: stable(a)vger.kernel.org Signed-off-by: Eric Biggers <ebiggers(a)kernel.org> Reviewed-by: Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> [Giovanni: Backport to 6.16.y. Removed logic in crypto/zstd.c as commit f5ad93ffb541 ("crypto: zstd - convert to acomp") is not going to be backported to stable.] Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> --- crypto/deflate.c | 7 ++++++- include/crypto/internal/acompress.h | 5 +---- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/crypto/deflate.c b/crypto/deflate.c index fe8e4ad0fee1..21404515dc77 100644 --- a/crypto/deflate.c +++ b/crypto/deflate.c @@ -48,9 +48,14 @@ static void *deflate_alloc_stream(void) return ctx; } +static void deflate_free_stream(void *ctx) +{ + kvfree(ctx); +} + static struct crypto_acomp_streams deflate_streams = { .alloc_ctx = deflate_alloc_stream, - .cfree_ctx = kvfree, + .free_ctx = deflate_free_stream, }; static int deflate_compress_one(struct acomp_req *req, diff --git a/include/crypto/internal/acompress.h b/include/crypto/internal/acompress.h index ffffd88bbbad..2d97440028ff 100644 --- a/include/crypto/internal/acompress.h +++ b/include/crypto/internal/acompress.h @@ -63,10 +63,7 @@ struct crypto_acomp_stream { struct crypto_acomp_streams { /* These must come first because of struct scomp_alg. */ void *(*alloc_ctx)(void); - union { - void (*free_ctx)(void *); - void (*cfree_ctx)(const void *); - }; + void (*free_ctx)(void *); struct crypto_acomp_stream __percpu *streams; struct work_struct stream_work; -- 2.50.0

2 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] crypto: acomp - Fix CFI failure due to type punning" failed to apply to 6.16-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.16-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.16.y git checkout FETCH_HEAD git cherry-pick -x 962ddc5a7a4b04c007bba0f3e7298cda13c62efd # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082113-buddhism-try-6476@gregkh' --subject-prefix 'PATCH 6.16.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 962ddc5a7a4b04c007bba0f3e7298cda13c62efd Mon Sep 17 00:00:00 2001 From: Eric Biggers <ebiggers(a)kernel.org> Date: Tue, 8 Jul 2025 17:59:54 -0700 Subject: [PATCH] crypto: acomp - Fix CFI failure due to type punning To avoid a crash when control flow integrity is enabled, make the workspace ("stream") free function use a consistent type, and call it through a function pointer that has that same type. Fixes: 42d9f6c77479 ("crypto: acomp - Move scomp stream allocation code into acomp") Cc: stable(a)vger.kernel.org Signed-off-by: Eric Biggers <ebiggers(a)kernel.org> Reviewed-by: Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> diff --git a/crypto/deflate.c b/crypto/deflate.c index fe8e4ad0fee1..21404515dc77 100644 --- a/crypto/deflate.c +++ b/crypto/deflate.c @@ -48,9 +48,14 @@ static void *deflate_alloc_stream(void) return ctx; } +static void deflate_free_stream(void *ctx) +{ + kvfree(ctx); +} + static struct crypto_acomp_streams deflate_streams = { .alloc_ctx = deflate_alloc_stream, - .cfree_ctx = kvfree, + .free_ctx = deflate_free_stream, }; static int deflate_compress_one(struct acomp_req *req, diff --git a/crypto/zstd.c b/crypto/zstd.c index ebeadc1f3b5f..c2a19cb0879d 100644 --- a/crypto/zstd.c +++ b/crypto/zstd.c @@ -54,9 +54,14 @@ static void *zstd_alloc_stream(void) return ctx; } +static void zstd_free_stream(void *ctx) +{ + kvfree(ctx); +} + static struct crypto_acomp_streams zstd_streams = { .alloc_ctx = zstd_alloc_stream, - .cfree_ctx = kvfree, + .free_ctx = zstd_free_stream, }; static int zstd_init(struct crypto_acomp *acomp_tfm) diff --git a/include/crypto/internal/acompress.h b/include/crypto/internal/acompress.h index ffffd88bbbad..2d97440028ff 100644 --- a/include/crypto/internal/acompress.h +++ b/include/crypto/internal/acompress.h @@ -63,10 +63,7 @@ struct crypto_acomp_stream { struct crypto_acomp_streams { /* These must come first because of struct scomp_alg. */ void *(*alloc_ctx)(void); - union { - void (*free_ctx)(void *); - void (*cfree_ctx)(const void *); - }; + void (*free_ctx)(void *); struct crypto_acomp_stream __percpu *streams; struct work_struct stream_work;

2 months, 3 weeks

5
6
0 0

[PATCH v2 1/8] ASoC: codecs: wcd937x: set the comp soundwire port correctly

by Srinivas Kandagatla

For some reason we endup with setting soundwire port for HPHL_COMP and HPHR_COMP as zero, this can potentially result in a memory corruption due to accessing and setting -1 th element of port_map array. Fixes: 82be8c62a38c ("ASoC: codecs: wcd937x: add basic controls") Cc: <Stable(a)vger.kernel.org> Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla(a)oss.qualcomm.com> --- sound/soc/codecs/wcd937x.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sound/soc/codecs/wcd937x.c b/sound/soc/codecs/wcd937x.c index ccd542033967..b78f37c582ca 100644 --- a/sound/soc/codecs/wcd937x.c +++ b/sound/soc/codecs/wcd937x.c @@ -2046,9 +2046,9 @@ static const struct snd_kcontrol_new wcd937x_snd_controls[] = { SOC_ENUM_EXT("RX HPH Mode", rx_hph_mode_mux_enum, wcd937x_rx_hph_mode_get, wcd937x_rx_hph_mode_put), - SOC_SINGLE_EXT("HPHL_COMP Switch", SND_SOC_NOPM, 0, 1, 0, + SOC_SINGLE_EXT("HPHL_COMP Switch", WCD937X_COMP_L, 0, 1, 0, wcd937x_get_compander, wcd937x_set_compander), - SOC_SINGLE_EXT("HPHR_COMP Switch", SND_SOC_NOPM, 1, 1, 0, + SOC_SINGLE_EXT("HPHR_COMP Switch", WCD937X_COMP_R, 1, 1, 0, wcd937x_get_compander, wcd937x_set_compander), SOC_SINGLE_TLV("HPHL Volume", WCD937X_HPH_L_EN, 0, 20, 1, line_gain), -- 2.50.0

2 months, 3 weeks

1
0
0 0

[PATCH] bus: mhi: ep: Fix chained transfer handling in read path

by Sumit Kumar

From: Sumit Kumar <sumk(a)qti.qualcomm.com> The current implementation of mhi_ep_read_channel, in case of chained transactions, assumes the End of Transfer(EOT) bit is received with the doorbell. As a result, it may incorrectly advance mhi_chan->rd_offset beyond wr_offset during host-to-device transfers when EOT has not yet arrived. This can lead to access of unmapped host memory, causing IOMMU faults and processing of stale TREs. This change modifies the loop condition to ensure rd_offset remains behind wr_offset, allowing the function to process only valid TREs up to the current write pointer. This prevents premature reads and ensures safe traversal of chained TREs. Fixes: 5301258899773 ("bus: mhi: ep: Add support for reading from the host") Cc: stable(a)vger.kernel.org Co-developed-by: Akhil Vinod <akhvin(a)qti.qualcomm.com> Signed-off-by: Akhil Vinod <akhvin(a)qti.qualcomm.com> Signed-off-by: Sumit Kumar <sumk(a)qti.qualcomm.com> --- drivers/bus/mhi/ep/main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/bus/mhi/ep/main.c b/drivers/bus/mhi/ep/main.c index b3eafcf2a2c50d95e3efd3afb27038ecf55552a5..2e134f44952d1070c62c24aeca9effc7fd325860 100644 --- a/drivers/bus/mhi/ep/main.c +++ b/drivers/bus/mhi/ep/main.c @@ -468,7 +468,7 @@ static int mhi_ep_read_channel(struct mhi_ep_cntrl *mhi_cntrl, mhi_chan->rd_offset = (mhi_chan->rd_offset + 1) % ring->ring_size; } - } while (buf_left && !tr_done); + } while (buf_left && !tr_done && mhi_chan->rd_offset != ring->wr_offset); return 0; --- base-commit: 4c06e63b92038fadb566b652ec3ec04e228931e8 change-id: 20250709-chained_transfer-0b95f8afa487 Best regards, -- Sumit Kumar <quic_sumk(a)quicinc.com>

2 months, 3 weeks

4
6
0 0

[PATCH 1/2] rpmsg: glink_native: fix rpmsg device leak

by srinivas.kandagatla＠oss.qualcomm.com

From: Srinivas Kandagatla <srinivas.kandagatla(a)oss.qualcomm.com> While testing rpmsg-char interface it was noticed that duplicate sysfs entries are getting created and below warning is noticed. Reason for this is that we are leaking rpmsg device pointer, setting it null without actually unregistering device. Any further attempts to unregister fail because rpdev is NULL, resulting in a leak. Fix this by unregistering rpmsg device before removing its reference from rpmsg channel. sysfs: cannot create duplicate filename '/devices/platform/soc(a)0/3700000.remot eproc/remoteproc/remoteproc1/3700000.remoteproc:glink-edge/3700000.remoteproc: glink-edge.adsp_apps.-1.-1' [ 114.115347] CPU: 0 UID: 0 PID: 9 Comm: kworker/0:0 Not tainted 6.16.0-rc4 #7 PREEMPT [ 114.115355] Hardware name: Qualcomm Technologies, Inc. Robotics RB3gen2 (DT) [ 114.115358] Workqueue: events qcom_glink_work [ 114.115371] Call trace:8 [ 114.115374] show_stack+0x18/0x24 (C) [ 114.115382] dump_stack_lvl+0x60/0x80 [ 114.115388] dump_stack+0x18/0x24 [ 114.115393] sysfs_warn_dup+0x64/0x80 [ 114.115402] sysfs_create_dir_ns+0xf4/0x120 [ 114.115409] kobject_add_internal+0x98/0x260 [ 114.115416] kobject_add+0x9c/0x108 [ 114.115421] device_add+0xc4/0x7a0 [ 114.115429] rpmsg_register_device+0x5c/0xb0 [ 114.115434] qcom_glink_work+0x4bc/0x820 [ 114.115438] process_one_work+0x148/0x284 [ 114.115446] worker_thread+0x2c4/0x3e0 [ 114.115452] kthread+0x12c/0x204 [ 114.115457] ret_from_fork+0x10/0x20 [ 114.115464] kobject: kobject_add_internal failed for 3700000.remoteproc: glink-edge.adsp_apps.-1.-1 with -EEXIST, don't try to register things with the same name in the same directory. [ 114.250045] rpmsg 3700000.remoteproc:glink-edge.adsp_apps.-1.-1: device_add failed: -17 Fixes: 835764ddd9af ("rpmsg: glink: Move the common glink protocol implementation to glink_native.c") Cc: <Stable(a)vger.kernel.org> Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla(a)oss.qualcomm.com> --- drivers/rpmsg/qcom_glink_native.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/drivers/rpmsg/qcom_glink_native.c b/drivers/rpmsg/qcom_glink_native.c index 820a6ca5b1d7..3a15d9d10808 100644 --- a/drivers/rpmsg/qcom_glink_native.c +++ b/drivers/rpmsg/qcom_glink_native.c @@ -1399,6 +1399,7 @@ static void qcom_glink_destroy_ept(struct rpmsg_endpoint *ept) { struct glink_channel *channel = to_glink_channel(ept); struct qcom_glink *glink = channel->glink; + struct rpmsg_channel_info chinfo; unsigned long flags; spin_lock_irqsave(&channel->recv_lock, flags); @@ -1406,6 +1407,13 @@ static void qcom_glink_destroy_ept(struct rpmsg_endpoint *ept) spin_unlock_irqrestore(&channel->recv_lock, flags); /* Decouple the potential rpdev from the channel */ + if (channel->rpdev) { + strscpy_pad(chinfo.name, channel->name, sizeof(chinfo.name)); + chinfo.src = RPMSG_ADDR_ANY; + chinfo.dst = RPMSG_ADDR_ANY; + + rpmsg_unregister_device(glink->dev, &chinfo); + } channel->rpdev = NULL; qcom_glink_send_close_req(glink, channel); -- 2.50.0

2 months, 3 weeks

2
1
0 0

HYSTOU Mini PC

by Britney

2 months, 3 weeks

1
0
0 0

[PATCH v6.6 RESEND 0/2] x86/irq: Plug vector setup race

by Jinjie Ruan

There is a vector setup race, which overwrites the interrupt descriptor in the per CPU vector array resulting in a disfunctional device. CPU0 CPU1 interrupt is raised in APIC IRR but not handled free_irq() per_cpu(vector_irq, CPU1)[vector] = VECTOR_SHUTDOWN; request_irq() common_interrupt() d = this_cpu_read(vector_irq[vector]); per_cpu(vector_irq, CPU1)[vector] = desc; if (d == VECTOR_SHUTDOWN) this_cpu_write(vector_irq[vector], VECTOR_UNUSED); free_irq() cannot observe the pending vector in the CPU1 APIC as there is no way to query the remote CPUs APIC IRR. This requires that request_irq() uses the same vector/CPU as the one which was freed, but this also can be triggered by a spurious interrupt. Interestingly enough this problem managed to be hidden for more than a decade. Prevent this by reevaluating vector_irq under the vector lock, which is held by the interrupt activation code when vector_irq is updated. The first patch provides context for subsequent real bugfix patch. Fixes: 9345005f4eed ("x86/irq: Fix do_IRQ() interrupt warning for cpu hotplug retriggered irqs") Cc: stable(a)vger.kernel.org#6.6.x Cc: gregkh(a)linuxfoundation.org v1 -> RESEND - Add upstream commit ID. Jacob Pan (1): x86/irq: Factor out handler invocation from common_interrupt() Thomas Gleixner (1): x86/irq: Plug vector setup race arch/x86/kernel/irq.c | 70 ++++++++++++++++++++++++++++++++++--------- 1 file changed, 56 insertions(+), 14 deletions(-) -- 2.34.1

2 months, 3 weeks

2
6
0 0

[PATCH v2 1/3] dt-bindings: reset: Scope the compatible to VO subsystem explicitly

by Yao Zi

The reset controller driver for the TH1520 was using the generic compatible string "thead,th1520-reset". However, the controller described by this compatible only manages the resets for the Video Output (VO) subsystem. Using a generic compatible is confusing as it implies control over all reset units on the SoC. This could lead to conflicts if support for other reset controllers on the TH1520 is added in the future like AP. Let's introduce a new compatible string, "thead,th1520-reset-vo", to explicitly scope the controller to VO-subsystem. The old one is marked as deprecated. Fixes: 30e7573babdc ("dt-bindings: reset: Add T-HEAD TH1520 SoC Reset Controller") Cc: stable(a)vger.kernel.org Reported-by: Icenowy Zheng <uwu(a)icenowy.me> Co-developed-by: Michal Wilczynski <m.wilczynski(a)samsung.com> Signed-off-by: Michal Wilczynski <m.wilczynski(a)samsung.com> Signed-off-by: Yao Zi <ziyao(a)disroot.org> --- .../bindings/reset/thead,th1520-reset.yaml | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/Documentation/devicetree/bindings/reset/thead,th1520-reset.yaml b/Documentation/devicetree/bindings/reset/thead,th1520-reset.yaml index f2e91d0add7a..3930475dcc04 100644 --- a/Documentation/devicetree/bindings/reset/thead,th1520-reset.yaml +++ b/Documentation/devicetree/bindings/reset/thead,th1520-reset.yaml @@ -15,8 +15,11 @@ maintainers: properties: compatible: - enum: - - thead,th1520-reset + oneOf: + - enum: + - thead,th1520-reset-vo + - const: thead,th1520-reset + deprecated: true reg: maxItems: 1 @@ -33,12 +36,8 @@ additionalProperties: false examples: - | - soc { - #address-cells = <2>; - #size-cells = <2>; - rst: reset-controller@ffef528000 { - compatible = "thead,th1520-reset"; - reg = <0xff 0xef528000 0x0 0x1000>; + reset-controller@ffef528000 { + compatible = "thead,th1520-reset-vo"; + reg = <0xef528000 0x1000>; #reset-cells = <1>; - }; }; -- 2.50.1

2 months, 3 weeks

2
3
0 0

[PATCH v2 03/16] drm/xe/vm: Clear the scratch_pt pointer on error

by Thomas Hellström

Avoid triggering a dereference of an error pointer on cleanup in xe_vm_free_scratch() by clearing any scratch_pt error pointer. Fixes: 06951c2ee72d ("drm/xe: Use NULL PTEs as scratch PTEs") Cc: Brian Welty <brian.welty(a)intel.com> Cc: Rodrigo Vivi <rodrigo.vivi(a)intel.com> Cc: Lucas De Marchi <lucas.demarchi(a)intel.com> Cc: <stable(a)vger.kernel.org> # v6.8+ Signed-off-by: Thomas Hellström <thomas.hellstrom(a)linux.intel.com> Reviewed-by: Matthew Brost <matthew.brost(a)intel.com> --- drivers/gpu/drm/xe/xe_vm.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/xe/xe_vm.c b/drivers/gpu/drm/xe/xe_vm.c index f35d69c0b4c6..529b6767caac 100644 --- a/drivers/gpu/drm/xe/xe_vm.c +++ b/drivers/gpu/drm/xe/xe_vm.c @@ -1635,8 +1635,12 @@ static int xe_vm_create_scratch(struct xe_device *xe, struct xe_tile *tile, for (i = MAX_HUGEPTE_LEVEL; i < vm->pt_root[id]->level; i++) { vm->scratch_pt[id][i] = xe_pt_create(vm, tile, i); - if (IS_ERR(vm->scratch_pt[id][i])) - return PTR_ERR(vm->scratch_pt[id][i]); + if (IS_ERR(vm->scratch_pt[id][i])) { + int err = PTR_ERR(vm->scratch_pt[id][i]); + + vm->scratch_pt[id][i] = NULL; + return err; + } xe_pt_populate_empty(tile, vm, vm->scratch_pt[id][i]); } -- 2.50.1

2 months, 3 weeks

1
0
0 0

[PATCH v2 2/2] drm/amd/display: fix leak of probed modes

by Fedor Pchelkin

amdgpu_dm_connector_ddc_get_modes() reinitializes a connector's probed modes list without cleaning it up. First time it is called during the driver's initialization phase, then via drm_mode_getconnector() ioctl. The leaks observed with Kmemleak are as following: unreferenced object 0xffff88812f91b200 (size 128): comm "(udev-worker)", pid 388, jiffies 4294695475 hex dump (first 32 bytes): ac dd 07 00 80 02 70 0b 90 0b e0 0b 00 00 e0 01 ......p......... 0b 07 10 07 5c 07 00 00 0a 00 00 00 00 00 00 00 ....\........... backtrace (crc 89db554f): __kmalloc_cache_noprof+0x3a3/0x490 drm_mode_duplicate+0x8e/0x2b0 amdgpu_dm_create_common_mode+0x40/0x150 [amdgpu] amdgpu_dm_connector_add_common_modes+0x336/0x488 [amdgpu] amdgpu_dm_connector_get_modes+0x428/0x8a0 [amdgpu] amdgpu_dm_initialize_drm_device+0x1389/0x17b4 [amdgpu] amdgpu_dm_init.cold+0x157b/0x1a1e [amdgpu] dm_hw_init+0x3f/0x110 [amdgpu] amdgpu_device_ip_init+0xcf4/0x1180 [amdgpu] amdgpu_device_init.cold+0xb84/0x1863 [amdgpu] amdgpu_driver_load_kms+0x15/0x90 [amdgpu] amdgpu_pci_probe+0x391/0xce0 [amdgpu] local_pci_probe+0xd9/0x190 pci_call_probe+0x183/0x540 pci_device_probe+0x171/0x2c0 really_probe+0x1e1/0x890 Found by Linux Verification Center (linuxtesting.org). Fixes: acc96ae0d127 ("drm/amd/display: set panel orientation before drm_dev_register") Cc: stable(a)vger.kernel.org Signed-off-by: Fedor Pchelkin <pchelkin(a)ispras.ru> --- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c index cd0e2976e268..7ec1f9afc081 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c @@ -8227,9 +8227,12 @@ static void amdgpu_dm_connector_ddc_get_modes(struct drm_connector *connector, { struct amdgpu_dm_connector *amdgpu_dm_connector = to_amdgpu_dm_connector(connector); + struct drm_display_mode *mode, *t; if (drm_edid) { /* empty probed_modes */ + list_for_each_entry_safe(mode, t, &connector->probed_modes, head) + drm_mode_remove(connector, mode); INIT_LIST_HEAD(&connector->probed_modes); amdgpu_dm_connector->num_modes = drm_edid_connector_add_modes(connector); -- 2.50.1

2 months, 3 weeks

2
2
0 0

[PATCH v6.6 0/2] x86/irq: Plug vector setup race

by Jinjie Ruan

There is a vector setup race, which overwrites the interrupt descriptor in the per CPU vector array resulting in a disfunctional device. CPU0 CPU1 interrupt is raised in APIC IRR but not handled free_irq() per_cpu(vector_irq, CPU1)[vector] = VECTOR_SHUTDOWN; request_irq() common_interrupt() d = this_cpu_read(vector_irq[vector]); per_cpu(vector_irq, CPU1)[vector] = desc; if (d == VECTOR_SHUTDOWN) this_cpu_write(vector_irq[vector], VECTOR_UNUSED); free_irq() cannot observe the pending vector in the CPU1 APIC as there is no way to query the remote CPUs APIC IRR. This requires that request_irq() uses the same vector/CPU as the one which was freed, but this also can be triggered by a spurious interrupt. Interestingly enough this problem managed to be hidden for more than a decade. Prevent this by reevaluating vector_irq under the vector lock, which is held by the interrupt activation code when vector_irq is updated. Fixes: 9345005f4eed ("x86/irq: Fix do_IRQ() interrupt warning for cpu hotplug retriggered irqs") Cc: stable(a)vger.kernel.org#6.6.x Cc: gregkh(a)linuxfoundation.org Jacob Pan (1): x86/irq: Factor out handler invocation from common_interrupt() Thomas Gleixner (1): x86/irq: Plug vector setup race arch/x86/kernel/irq.c | 70 ++++++++++++++++++++++++++++++++++--------- 1 file changed, 56 insertions(+), 14 deletions(-) -- 2.34.1

2 months, 3 weeks

3
5
0 0

FAILED: patch "[PATCH] btrfs: don't skip remaining extrefs if dir not found during" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 24e066ded45b8147b79c7455ac43a5bff7b5f378 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025081818-rimless-financial-6942@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 24e066ded45b8147b79c7455ac43a5bff7b5f378 Mon Sep 17 00:00:00 2001 From: Filipe Manana <fdmanana(a)suse.com> Date: Fri, 11 Jul 2025 20:48:23 +0100 Subject: [PATCH] btrfs: don't skip remaining extrefs if dir not found during log replay During log replay, at add_inode_ref(), if we have an extref item that contains multiple extrefs and one of them points to a directory that does not exist in the subvolume tree, we are supposed to ignore it and process the remaining extrefs encoded in the extref item, since each extref can point to a different parent inode. However when that happens we just return from the function and ignore the remaining extrefs. The problem has been around since extrefs were introduced, in commit f186373fef00 ("btrfs: extended inode refs"), but it's hard to hit in practice because getting extref items encoding multiple extref requires getting a hash collision when computing the offset of the extref's key. The offset if computed like this: key.offset = btrfs_extref_hash(dir_ino, name->name, name->len); and btrfs_extref_hash() is just a wrapper around crc32c(). Fix this by moving to next iteration of the loop when we don't find the parent directory that an extref points to. Fixes: f186373fef00 ("btrfs: extended inode refs") CC: stable(a)vger.kernel.org # 6.1+ Reviewed-by: Boris Burkov <boris(a)bur.io> Signed-off-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/tree-log.c b/fs/btrfs/tree-log.c index e3c77f3d092c..467b69a4ef3b 100644 --- a/fs/btrfs/tree-log.c +++ b/fs/btrfs/tree-log.c @@ -1433,6 +1433,8 @@ static noinline int add_inode_ref(struct btrfs_trans_handle *trans, if (log_ref_ver) { ret = extref_get_fields(eb, ref_ptr, &name, &ref_index, &parent_objectid); + if (ret) + goto out; /* * parent object can change from one array * item to another. @@ -1449,16 +1451,23 @@ static noinline int add_inode_ref(struct btrfs_trans_handle *trans, * the loop when getting the first * parent dir. */ - if (ret == -ENOENT) + if (ret == -ENOENT) { + /* + * The next extref may refer to + * another parent dir that + * exists, so continue. + */ ret = 0; + goto next; + } goto out; } } } else { ret = ref_get_fields(eb, ref_ptr, &name, &ref_index); + if (ret) + goto out; } - if (ret) - goto out; ret = inode_in_dir(root, path, btrfs_ino(dir), btrfs_ino(inode), ref_index, &name); @@ -1492,10 +1501,11 @@ static noinline int add_inode_ref(struct btrfs_trans_handle *trans, } /* Else, ret == 1, we already have a perfect match, we're done. */ +next: ref_ptr = (unsigned long)(ref_ptr + ref_struct_size) + name.len; kfree(name.name); name.name = NULL; - if (log_ref_ver) { + if (log_ref_ver && dir) { iput(&dir->vfs_inode); dir = NULL; }

2 months, 3 weeks

3
2
0 0

Re: Patch "can: ti_hecc: fix -Woverflow compiler warning" has been added to the 6.15-stable tree

by Vincent Mailhol

Hi Sasha, On Sun. 17 Aug. 2025 at 22:49, Sasha Levin <sashal(a)kernel.org> wrote: > > This is a note to let you know that I've just added the patch titled > > can: ti_hecc: fix -Woverflow compiler warning > > to the 6.15-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > can-ti_hecc-fix-woverflow-compiler-warning.patch > and it can be found in the queue-6.15 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. This only silences a compiler warning. There are no actual bugs in the original code. This is why I did not put the Fixes tag. I am not against this being backported to stable but please note that this depends on the new BIT_U32() macro which where recently added in commit 5b572e8a9f3d ("bits: introduce fixed-type BIT_U*()") Link: https://git.kernel.org/torvalds/c/5b572e8a9f3d So, unless you also backport the above patch, this will not compile. The options are: 1. drop this patch (i.e. keep that benin -Woverflow in stable) 2. backport the new BIT_U*() macros and keep the patch as-is 3. modify the patch as below: mbx_mask = ~(u32)BIT(HECC_RX_LAST_MBOX); I'll let you decide what you prefer. That comment also applies to the other backports of that patch except for the 6.16.x branch which already has the BIT_U*() macros. Yours sincerely, Vincent Mailhol > commit f37dbcbbea3844900081b44f372f2f4d4be1b5c6 > Author: Vincent Mailhol <mailhol.vincent(a)wanadoo.fr> > Date: Tue Jul 15 20:28:11 2025 +0900 > > can: ti_hecc: fix -Woverflow compiler warning > > [ Upstream commit 7cae4d04717b002cffe41169da3f239c845a0723 ] > > Fix below default (W=0) warning: > > drivers/net/can/ti_hecc.c: In function 'ti_hecc_start': > drivers/net/can/ti_hecc.c:386:20: warning: conversion from 'long unsigned int' to 'u32' {aka 'unsigned int'} changes value from '18446744073709551599' to '4294967279' [-Woverflow] > 386 | mbx_mask = ~BIT(HECC_RX_LAST_MBOX); > | ^ > > Signed-off-by: Vincent Mailhol <mailhol.vincent(a)wanadoo.fr> > Link: https://patch.msgid.link/20250715-can-compile-test-v2-1-f7fd566db86f@wanado… > Signed-off-by: Marc Kleine-Budde <mkl(a)pengutronix.de> > Signed-off-by: Sasha Levin <sashal(a)kernel.org> > > diff --git a/drivers/net/can/ti_hecc.c b/drivers/net/can/ti_hecc.c > index 644e8b8eb91e..e6d6661a908a 100644 > --- a/drivers/net/can/ti_hecc.c > +++ b/drivers/net/can/ti_hecc.c > @@ -383,7 +383,7 @@ static void ti_hecc_start(struct net_device *ndev) > * overflows instead of the hardware silently dropping the > * messages. > */ > - mbx_mask = ~BIT(HECC_RX_LAST_MBOX); > + mbx_mask = ~BIT_U32(HECC_RX_LAST_MBOX); > hecc_write(priv, HECC_CANOPC, mbx_mask); > > /* Enable interrupts */

2 months, 3 weeks

2
1
0 0

[PATCH 6.12 000/438] 6.12.43-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.12.43 release. There are 438 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 21 Aug 2025 12:27:16 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.12.43-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.12.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.12.43-rc2 Lukas Wunner <lukas(a)wunner.de> PCI: Honor Max Link Speed when determining supported speeds Shin'ichiro Kawasaki <shinichiro.kawasaki(a)wdc.com> dm: split write BIOs on zone boundaries when zone append is not emulated Frederic Weisbecker <frederic(a)kernel.org> rcu: Fix racy re-initialization of irq_work causing hangs Ivan Lipski <ivan.lipski(a)amd.com> drm/amd/display: Allow DCN301 to clear update flags Arnd Bergmann <arnd(a)arndb.de> firmware: arm_scmi: Convert to SYSTEM_SLEEP_PM_OPS Jens Axboe <axboe(a)kernel.dk> io_uring/rw: cast rw->flags assignment to rwf_t Damien Le Moal <dlemoal(a)kernel.org> ata: libata-sata: Add link_power_management_supported sysfs attribute Miguel Ojeda <ojeda(a)kernel.org> rust: workaround `rustdoc` target modifiers bug Miguel Ojeda <ojeda(a)kernel.org> rust: kbuild: clean output before running `rustdoc` Siddharth Vadapalli <s-vadapalli(a)ti.com> arm64: dts: ti: k3-j722s-evm: Fix USB gpio-hog level for Type-C Hrushikesh Salunke <h-salunke(a)ti.com> arm64: dts: ti: k3-j722s-evm: Fix USB2.0_MUX_SEL to select Type-C Lukas Wunner <lukas(a)wunner.de> PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> PCI: Allow PCI bridges to go to D3Hot on all non-x86 Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> PCI: Store all PCIe Supported Link Speeds Wang Zhaolong <wangzhaolong(a)huaweicloud.com> smb: client: fix netns refcount leak after net_passive changes Eric Dumazet <edumazet(a)google.com> net: better track kernel sockets lifetime Kuniyuki Iwashima <kuniyu(a)amazon.com> net: Add net_passive_inc() and net_passive_dec(). Thomas Weißschuh <linux(a)weissschuh.net> mfd: cros_ec: Separate charge-control probing from USB-PD Aditya Garg <gargaditya08(a)live.com> HID: apple: avoid setting up battery timer for devices without battery Naman Jain <namjain(a)linux.microsoft.com> tools/hv: fcopy: Fix irregularities with size of ring buffer Mikhail Lobanov <m.lobanov(a)rosa.ru> wifi: mac80211: check basic rates validity in sta_link_apply_parameters Aditya Garg <gargaditya08(a)live.com> HID: magicmouse: avoid setting up battery timer when not needed Pedro Falcato <pfalcato(a)suse.de> RDMA/siw: Fix the sendmsg byte count in siw_tcp_sendpages Willy Tarreau <w(a)1wt.eu> tools/nolibc: fix spelling of FD_SETBITMASK in FD_* macros Marek Szyprowski <m.szyprowski(a)samsung.com> media: v4l2: Add support for NV12M tiled variants to v4l2_format_info() Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Do not mark valid metadata as invalid Vedang Nagar <quic_vnagar(a)quicinc.com> media: venus: Fix OOB read due to missing payload bound check Youngjun Lee <yjjuny.lee(a)samsung.com> media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() Breno Leitao <leitao(a)debian.org> mm/kmemleak: avoid deadlock by moving pr_warn() outside kmemleak_lock Waiman Long <longman(a)redhat.com> mm/kmemleak: avoid soft lockup in __kmemleak_do_cleanup() Anshuman Khandual <anshuman.khandual(a)arm.com> mm/ptdump: take the memory hotplug lock inside ptdump_walk_pgd() Vlastimil Babka <vbabka(a)suse.cz> mm, slab: restore NUMA policy support for large kmalloc Randy Dunlap <rdunlap(a)infradead.org> parisc: Makefile: fix a typo in palo.conf Haiyang Zhang <haiyangz(a)microsoft.com> hv_netvsc: Fix panic during namespace deletion with VF Davide Caratti <dcaratti(a)redhat.com> net/sched: ets: use old 'nbands' while purging unused classes Sravan Kumar Gundu <sravankumarlpu(a)gmail.com> fbdev: Fix vmalloc out-of-bounds write in fast_imageblit Suren Baghdasaryan <surenb(a)google.com> userfaultfd: fix a crash in UFFDIO_MOVE when PMD is a migration entry Andrey Albershteyn <aalbersh(a)redhat.com> xfs: fix scrub trace with null pointer in quotacheck Qu Wenruo <wqu(a)suse.com> btrfs: do not allow relocation of partially dropped subvolumes Boris Burkov <boris(a)bur.io> btrfs: fix iteration bug in __qgroup_excl_accounting() Naohiro Aota <naohiro.aota(a)wdc.com> btrfs: zoned: do not select metadata BG as finish target Filipe Manana <fdmanana(a)suse.com> btrfs: error on missing block group when unaccounting log tree extent buffers Filipe Manana <fdmanana(a)suse.com> btrfs: fix log tree replay failure due to file with 0 links and extents Filipe Manana <fdmanana(a)suse.com> btrfs: clear dirty status from extent buffer on error at insert_new_root() Filipe Manana <fdmanana(a)suse.com> btrfs: don't skip remaining extrefs if dir not found during log replay Filipe Manana <fdmanana(a)suse.com> btrfs: qgroup: fix qgroup create ioctl returning success after quotas disabled Qu Wenruo <wqu(a)suse.com> btrfs: populate otime when logging an inode item Boris Burkov <boris(a)bur.io> btrfs: fix ssd_spread overallocation Filipe Manana <fdmanana(a)suse.com> btrfs: don't ignore inode missing when replaying log tree Filipe Manana <fdmanana(a)suse.com> btrfs: qgroup: set quota enabled bit if quota disable fails flushing reservations Naohiro Aota <naohiro.aota(a)wdc.com> btrfs: zoned: do not remove unwritten non-data block group Filipe Manana <fdmanana(a)suse.com> btrfs: abort transaction during log replay if walk_log_tree() failed Johannes Thumshirn <johannes.thumshirn(a)wdc.com> btrfs: zoned: use filesystem size not disk size for reclaim decision Oliver Neukum <oneukum(a)suse.com> cdc-acm: fix race between initial clearing halt and open Eric Biggers <ebiggers(a)kernel.org> thunderbolt: Fix copy+paste error in match_service_id() Ian Abbott <abbotti(a)mev.co.uk> comedi: fix race between polling and detaching Myrrh Periwinkle <myrrhperiwinkle(a)qtmlabs.xyz> usb: typec: ucsi: Update power_supply on power role change Ricky Wu <ricky_wu(a)realtek.com> misc: rtsx: usb: Ensure mmc child device is active when card is present Xinyu Liu <katieeliu(a)tencent.com> usb: core: config: Prevent OOB read in SS endpoint companion parsing Zhang Yi <yi.zhang(a)huawei.com> ext4: initialize superblock fields in the kballoc-test.c kunit tests Baokun Li <libaokun1(a)huawei.com> ext4: fix largest free orders lists corruption on mb_optimize_scan switch Baokun Li <libaokun1(a)huawei.com> ext4: fix zombie groups in average fragment size lists Jason Gunthorpe <jgg(a)ziepe.ca> iommufd: Prevent ALIGN() overflow Nicolin Chen <nicolinc(a)nvidia.com> iommufd: Report unmapped bytes in the error path of iopt_unmap_iova_range Alexey Klimov <alexey.klimov(a)linaro.org> iommu/arm-smmu-qcom: Add SM6115 MDSS compatible Lu Baolu <baolu.lu(a)linux.intel.com> iommu/vt-d: Optimize iotlb_sync_map for non-caching/non-RWBF modes Shyam Prasad N <sprasad(a)microsoft.com> cifs: reset iface weights when we cannot find a candidate Christian Marangi <ansuelsmth(a)gmail.com> clk: qcom: gcc-ipq8074: fix broken freq table for nss_port6_tx_clk_src Damien Le Moal <dlemoal(a)kernel.org> dm: Always split write BIOs to zoned device limits Damien Le Moal <dlemoal(a)kernel.org> block: Introduce bio_needs_zone_write_plugging() Bijan Tabatabai <bijantabatab(a)micron.com> mm/damon/core: commit damos->target_nid Jack Xiao <Jack.Xiao(a)amd.com> drm/amdgpu: fix incorrect vm flags to map bo YiPeng Chai <YiPeng.Chai(a)amd.com> drm/amdgpu: fix vram reservation issue David Howells <dhowells(a)redhat.com> cifs: Fix collect_sample() to handle any iterator type Shengjiu Wang <shengjiu.wang(a)nxp.com> ASoC: fsl_sai: replace regmap_write with regmap_update_bits Jiasheng Jiang <jiashengjiangcool(a)gmail.com> scsi: lpfc: Remove redundant assignment to avoid memory leak Meagan Lloyd <meaganlloyd(a)linux.microsoft.com> rtc: ds1307: remove clear of oscillator stop flag (OSF) in probe Sergey Bashirov <sergeybashirov(a)gmail.com> pNFS: Fix uninited ptr deref in block/scsi layout Sergey Bashirov <sergeybashirov(a)gmail.com> pNFS: Handle RPC size limit for layoutcommits Sergey Bashirov <sergeybashirov(a)gmail.com> pNFS: Fix disk addr range check in block/scsi layout Sergey Bashirov <sergeybashirov(a)gmail.com> pNFS: Fix stripe mapping in block/scsi layout John Garry <john.g.garry(a)oracle.com> block: avoid possible overflow for chunk_sectors check in blk_stack_limits() Cezary Rojewski <cezary.rojewski(a)intel.com> ASoC: Intel: avs: Fix uninitialized pointer error in probe() Buday Csaba <buday.csaba(a)prolan.hu> net: phy: smsc: add proper reset flags for LAN8710A Thomas Croft <thomasmcft(a)gmail.com> ALSA: hda/realtek: add LG gram 16Z90R-A to alc269 fixup table Yu Kuai <yukuai3(a)huawei.com> lib/sbitmap: convert shallow_depth from one word to the whole sbitmap Stefan Metzmacher <metze(a)samba.org> smb: client: don't call init_waitqueue_head(&info->conn_wait) twice in _smbd_get_connection Calvin Owens <calvin(a)wbinvd.org> tools/power turbostat: Handle cap_get_proc() ENOSYS Calvin Owens <calvin(a)wbinvd.org> tools/power turbostat: Fix build with musl Len Brown <len.brown(a)intel.com> tools/power turbostat: Handle non-root legacy-uncore sysfs permissions Corey Minyard <corey(a)minyard.net> ipmi: Fix strcpy source and destination the same Yann E. MORIN <yann.morin.1998(a)free.fr> kconfig: lxdialog: fix 'space' to (de)select options Masahiro Yamada <masahiroy(a)kernel.org> kconfig: gconf: fix potential memory leak in renderer_edited() Masahiro Yamada <masahiroy(a)kernel.org> kconfig: gconf: avoid hardcoding model2 in on_treeview2_cursor_changed() Breno Leitao <leitao(a)debian.org> ipmi: Use dev_warn_ratelimited() for incorrect message warnings Artem Sadovnikov <a.sadovnikov(a)ispras.ru> vfio/mlx5: fix possible overflow in tracking max message size John Garry <john.g.garry(a)oracle.com> scsi: aacraid: Stop using PCI_IRQ_AFFINITY Maurizio Lombardi <mlombard(a)redhat.com> scsi: target: core: Generate correct identifiers for PR OUT transport IDs Ranjan Kumar <ranjan.kumar(a)broadcom.com> scsi: Fix sas_user_scan() to handle wildcard and multi-channel scans Shankari Anand <shankari.ak0208(a)gmail.com> kconfig: nconf: Ensure null termination where strncpy is used Keith Busch <kbusch(a)kernel.org> vfio/type1: conditional rescheduling while pinning Suchit Karunakaran <suchitkarunakaran(a)gmail.com> kconfig: lxdialog: replace strcpy() with strncpy() in inputbox.c John Ogness <john.ogness(a)linutronix.de> printk: nbcon: Allow reacquire during panic Jaegeuk Kim <jaegeuk(a)kernel.org> f2fs: check the generic conditions first Yuezhang Mo <Yuezhang.Mo(a)sony.com> exfat: add cluster chain loop check for dir fangzhong.zhou <myth5(a)myth5.com> i2c: Force DLL0945 touchpad i2c freq to 100khz John Johansen <john.johansen(a)canonical.com> apparmor: fix x_table_lookup when stacking is not the first entry Mateusz Guzik <mjguzik(a)gmail.com> apparmor: use the condition in AA_BUG_FMT even with debug disabled Benjamin Marzinski <bmarzins(a)redhat.com> dm-table: fix checking for rq stackable devices Mikulas Patocka <mpatocka(a)redhat.com> dm-mpath: don't print the "loaded" message if registering fails Jorge Marques <jorge.marques(a)analog.com> i3c: master: Initialize ret in i3c_i2c_notifier_call() Wolfram Sang <wsa+renesas(a)sang-engineering.com> i3c: don't fail if GETHDRCAP is unsupported Gabriel Totev <gabriel.totev(a)zetier.com> apparmor: shift ouid when mediating hard links in userns Meagan Lloyd <meaganlloyd(a)linux.microsoft.com> rtc: ds1307: handle oscillator stop flag (OSF) for ds1341 Wolfram Sang <wsa+renesas(a)sang-engineering.com> i3c: add missing include to internal header Petr Pavlu <petr.pavlu(a)suse.com> module: Prevent silent truncation of module name in delete_module(2) Purva Yeshi <purvayeshi550(a)gmail.com> md: dm-zoned-target: Initialize return variable r to avoid uninitialized use Charles Keepax <ckeepax(a)opensource.cirrus.com> soundwire: Move handle_nested_irq outside of sdw_dev_lock Vijendar Mukunda <Vijendar.Mukunda(a)amd.com> soundwire: amd: cancel pending slave status handling workqueue during remove sequence Vijendar Mukunda <Vijendar.Mukunda(a)amd.com> soundwire: amd: serialize amd manager resume sequence during pm_prepare Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> clk: renesas: rzg2l: Postpone updating priv->clks[] Mario Limonciello <mario.limonciello(a)amd.com> crypto: ccp - Add missing bootloader info reg for pspv6 Bharat Bhushan <bbhushan2(a)marvell.com> crypto: octeontx2 - add timeout for load_fvc completion poll chenchangcheng <chenchangcheng(a)kylinos.cn> media: uvcvideo: Fix bandwidth issue for Alcor camera Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Add quirk for HP Webcam HD 2300 Alex Guo <alexguo1023(a)gmail.com> media: dvb-frontends: w7090p: fix null-ptr-deref in w7090p_tuner_write_serpar and w7090p_tuner_read_serpar Alex Guo <alexguo1023(a)gmail.com> media: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090p_rw_on_apb() Wolfram Sang <wsa+renesas(a)sang-engineering.com> media: usb: hdpvr: disable zero-length read messages Dave Stevenson <dave.stevenson(a)raspberrypi.com> media: tc358743: Increase FIFO trigger level to 374 Dave Stevenson <dave.stevenson(a)raspberrypi.com> media: tc358743: Return an appropriate colorspace from tc358743_set_fmt Dave Stevenson <dave.stevenson(a)raspberrypi.com> media: tc358743: Check I2C succeeded during probe Cheick Traore <cheick.traore(a)foss.st.com> pinctrl: stm32: Manage irq affinity settings Damien Le Moal <dlemoal(a)kernel.org> scsi: mpi3mr: Correctly handle ATA device errors Damien Le Moal <dlemoal(a)kernel.org> scsi: mpt3sas: Correctly handle ATA device errors Abel Vesa <abel.vesa(a)linaro.org> power: supply: qcom_battmgr: Add lithium-polymer entry Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Ensure HBA_SETUP flag is used only for SLI4 in dev_loss_tmo_callbk Arnd Bergmann <arnd(a)arndb.de> RDMA/core: reduce stack using in nldev_stat_get_doit() Yury Norov [NVIDIA] <yury.norov(a)gmail.com> RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() Amelie Delaunay <amelie.delaunay(a)foss.st.com> dmaengine: stm32-dma: configure next sg only if there are more than 2 sgs Johan Adolfsson <johan.adolfsson(a)axis.com> leds: leds-lp50xx: Handle reg to get correct multi_index Niklas Söderlund <niklas.soderlund+renesas(a)ragnatech.se> media: v4l2-common: Reduce warnings about missing V4L2_CID_LINK_FREQ control Daniel Scally <dan.scally(a)ideasonboard.com> media: ipu-bridge: Add _HID for OV5670 Michal Wilczynski <m.wilczynski(a)samsung.com> clk: thead: Mark essential bus clocks as CLK_IGNORE_UNUSED Shiji Yang <yangshiji66(a)outlook.com> MIPS: lantiq: falcon: sysctrl: fix request memory check logic Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> MIPS: Don't crash in stack_top() for tasks without ABI or vDSO Markus Theil <theil.markus(a)gmail.com> crypto: jitter - fix intermediary handling Kalesh AP <kalesh-anakkur.purayil(a)broadcom.com> RDMA/bnxt_re: Fix size of uverbs_copy_to() in BNXT_RE_METHOD_GET_TOGGLE_MEM Hans de Goede <hdegoede(a)redhat.com> media: hi556: Fix reset GPIO timings Arnaud Lecomte <contact(a)arnaud-lcm.com> jfs: upper bound check of tree index in dbAllocAG Edward Adam Davis <eadavis(a)qq.com> jfs: Regular file corruption check Lizhi Xu <lizhi.xu(a)windriver.com> jfs: truncate good inode pages when hard link is 0 jackysliu <1972843537(a)qq.com> scsi: bfa: Double-free fix Ziyan Fu <fuzy5(a)lenovo.com> watchdog: iTCO_wdt: Report error if timeout configuration fails Shiji Yang <yangshiji66(a)outlook.com> MIPS: vpe-mt: add missing prototypes for vpe_{alloc,start,stop,free} George Moussalem <george.moussalem(a)outlook.com> clk: qcom: ipq5018: keep XO clock always on Florin Leotescu <florin.leotescu(a)nxp.com> hwmon: (emc2305) Set initial PWM minimum value during probe based on thermal state Sebastian Reichel <sebastian.reichel(a)collabora.com> watchdog: dw_wdt: Fix default timeout Amir Mohammad Jahangirzad <a.jahangirzad(a)gmail.com> fs/orangefs: use snprintf() instead of sprintf() Showrya M N <showrya(a)chelsio.com> scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated Geraldo Nascimento <geraldogabriel(a)gmail.com> phy: rockchip-pcie: Properly disable TEST_WRITE strobe signal Chen-Yu Tsai <wens(a)csie.org> mfd: axp20x: Set explicit ID for AXP313 regulator Pei Xiao <xiaopei01(a)kylinos.cn> clk: tegra: periph: Fix error handling and resolve unsigned compare warning Theodore Ts'o <tytso(a)mit.edu> ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr Zhiqi Song <songzhiqi1(a)huawei.com> crypto: hisilicon/hpre - fix dma unmap sequence Yongzhen Zhang <zhangyongzhen(a)kylinos.cn> fbdev: fix potential buffer overflow in do_register_framebuffer() Pali Rohár <pali(a)kernel.org> cifs: Fix calling CIFSFindFirst() for root path without msearch Aaron Plattner <aplattner(a)nvidia.com> watchdog: sbsa: Adjust keepalive timeout to avoid MediaTek WS0 race condition Roman Li <Roman.Li(a)amd.com> drm/amd/display: Disable dsc_power_gate for dcn314 by default Mario Limonciello <mario.limonciello(a)amd.com> drm/amd/display: Avoid configuring PSR granularity if PSR-SU not supported Mario Limonciello <mario.limonciello(a)amd.com> drm/amd/display: Only finalize atomic_obj if it was initialized Jason Wang <jasowang(a)redhat.com> vhost: fail early when __vhost_add_used() fails Will Deacon <will(a)kernel.org> vsock/virtio: Resize receive buffers so that each SKB fits in a 4K page Álvaro Fernández Rojas <noltari(a)gmail.com> net: dsa: b53: fix IP_MULTICAST_CTRL on BCM5325 Joel Fernandes <joelagnelf(a)nvidia.com> rcu: Fix rcu_read_unlock() deadloop due to IRQ work Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> drm/ttm: Respect the shrinker core free target Wayne Lin <Wayne.Lin(a)amd.com> drm/amd/display: Avoid trying AUX transactions on disconnected ports Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com> drm/amd/display: Update DMCUB loading sequence for DCN3.5 Yonghong Song <yonghong.song(a)linux.dev> selftests/bpf: Fix a user_ringbuf failure with arm64 64KB page size Yonghong Song <yonghong.song(a)linux.dev> selftests/bpf: Fix ringbuf/ringbuf_write test failure with arm64 64KB page size Ihor Solodrai <isolodrai(a)meta.com> bpf: Make reg_not_null() true for CONST_PTR_TO_MAP Jakub Kicinski <kuba(a)kernel.org> uapi: in6: restore visibility of most IPv6 socket options Emily Deng <Emily.Deng(a)amd.com> drm/ttm: Should to return the evict error Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> drm: renesas: rz-du: mipi_dsi: Add min check for VCLK range Hari Kalavakunta <kalavakunta.hari.prasad(a)gmail.com> net: ncsi: Fix buffer overflow in fetching version id Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> drm/xe: Make dma-fences compliant with the safe access rules Shannon Nelson <shannon.nelson(a)amd.com> ionic: clean dbpage in de-init Thomas Fourier <fourier.thomas(a)gmail.com> wifi: rtlwifi: fix possible skb memory leak in _rtl_pci_init_one_rxdesc() Chih-Kang Chang <gary.chang(a)realtek.com> wifi: rtw89: scan abort when assign/unassign_vif Breno Leitao <leitao(a)debian.org> ptp: Use ratelimite for freerun error message Yuan Chen <chenyuan(a)kylinos.cn> bpftool: Fix JSON writer resource leak in version command Álvaro Fernández Rojas <noltari(a)gmail.com> net: dsa: b53: prevent SWITCH_CTRL access on BCM5325 Álvaro Fernández Rojas <noltari(a)gmail.com> net: dsa: b53: prevent DIS_LEARNING access on BCM5325 Álvaro Fernández Rojas <noltari(a)gmail.com> net: dsa: b53: prevent GMII_PORT_OVERRIDE_CTRL access on BCM5325 Álvaro Fernández Rojas <noltari(a)gmail.com> net: dsa: b53: fix b53_imp_vlan_setup for BCM5325 Álvaro Fernández Rojas <noltari(a)gmail.com> net: dsa: b53: ensure BCM5325 PHYs are enabled Alok Tiwari <alok.a.tiwari(a)oracle.com> gve: Return error for unknown admin queue command Gal Pressman <gal(a)nvidia.com> net: vlan: Replace BUG() with WARN_ON_ONCE() in vlan_dev_* stubs Gal Pressman <gal(a)nvidia.com> net: vlan: Make is_vlan_dev() a stub when VLAN is not configured Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Allow printing VanGogh OD SCLK levels without setting dpm to manual Heiner Kallweit <hkallweit1(a)gmail.com> dpaa_eth: don't use fixed_phy_change_carrier Nicolas Escande <nico.escande(a)gmail.com> neighbour: add support for NUD_PERMANENT proxy entries Stanislaw Gruszka <stf_xl(a)wp.pl> wifi: iwlegacy: Check rate_idx range after addition Mark Rutland <mark.rutland(a)arm.com> arm64: stacktrace: Check kretprobe_find_ret_addr() return value Mina Almasry <almasrymina(a)google.com> netmem: fix skb_frag_address_safe with unreadable skbs Thomas Fourier <fourier.thomas(a)gmail.com> powerpc: floppy: Add missing checks after DMA map Karthikeyan Kathirvel <quic_kathirve(a)quicinc.com> wifi: ath12k: Decrement TID on RX peer frag setup error handling Raj Kumar Bhagat <quic_rajkbhag(a)quicinc.com> wifi: ath12k: Enable REO queue lookup table feature on QCN9274 hw2.0 Thomas Fourier <fourier.thomas(a)gmail.com> wifi: rtlwifi: fix possible skb memory leak in `_rtl_pci_rx_interrupt()`. Ramya Gnanasekar <ramya.gnanasekar(a)oss.qualcomm.com> wifi: mac80211: update radar_required in channel context after channel switch Alex Hung <alex.hung(a)amd.com> drm/amd/display: Initialize mode_select to 0 Wen Chen <Wen.Chen3(a)amd.com> drm/amd/display: Fix 'failed to blank crtc!' Pagadala Yesu Anjaneyulu <pagadala.yesu.anjaneyulu(a)intel.com> wifi: iwlwifi: fw: Fix possible memory leak in iwl_fw_dbg_collect Rand Deeb <rand.sec96(a)gmail.com> wifi: iwlwifi: dvm: fix potential overflow in rs_fill_link_cmd() Nathan Lynch <nathan.lynch(a)amd.com> lib: packing: Include necessary headers Hari Chandrakanthan <quic_haric(a)quicinc.com> wifi: ath12k: Fix station association with MBSSID Non-TX BSS Sarika Sharma <quic_sarishar(a)quicinc.com> wifi: ath12k: Add memset and update default rate value in wmi tx completion Kang Yang <kang.yang(a)oss.qualcomm.com> wifi: ath10k: shutdown driver when hardware is unreliable Ilya Bakoulin <Ilya.Bakoulin(a)amd.com> drm/amd/display: Separate set_gsl from set_gsl_source_select Jonas Rebmann <jre(a)pengutronix.de> net: fec: allow disable coalescing RubenKelevra <rubenkelevra(a)gmail.com> net: ieee8021q: fix insufficient table-size assertion Li Chen <chenl311(a)chinatelecom.cn> ACPI: Suppress misleading SPCR console message when SPCR table is absent Eric Work <work.eric(a)gmail.com> net: atlantic: add set_power to fw_ops for atl2 to fix wol Aakash Kumar S <saakashkumar(a)marvell.com> xfrm: Duplicate SPI Handling zhangjianrong <zhangjianrong5(a)huawei.com> net: thunderbolt: Fix the parameter passing of tb_xdomain_enable_paths()/tb_xdomain_disable_paths() zhangjianrong <zhangjianrong5(a)huawei.com> net: thunderbolt: Enable end-to-end flow control also in transmit Matt Roper <matthew.d.roper(a)intel.com> drm/xe/xe_query: Use separate iterator while filling GT list Mark Brown <broonie(a)kernel.org> kselftest/arm64: Specify SVE data when testing VL set in sve-ptrace David Bauer <mail(a)david-bauer.net> wifi: mt76: mt7915: mcu: re-init MCU before loading FW patch Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtw89: Fix rtw89_mac_power_switch() for USB Alessio Belle <alessio.belle(a)imgtec.com> drm/imagination: Clear runtime PM errors while resetting the GPU Robin Murphy <robin.murphy(a)arm.com> perf/arm: Add missing .suppress_bind_attrs Yuan Chen <chenyuan(a)kylinos.cn> drm/msm: Add error handling for krealloc in metadata setup Rob Clark <robdclark(a)chromium.org> drm/msm: use trylock for debugfs Hari Chandrakanthan <quic_haric(a)quicinc.com> wifi: mac80211: fix rx link assignment for non-MLO stations Zqiang <qiang.zhang1211(a)gmail.com> rcu/nocb: Fix possible invalid rdp's->nocb_cb_kthread pointer access Kuniyuki Iwashima <kuniyu(a)google.com> ipv6: mcast: Check inet6_dev->dead under idev->mc_lock in __ipv6_dev_mc_inc(). Thomas Fourier <fourier.thomas(a)gmail.com> (powerpc/512) Fix possible `dma_unmap_single()` on uninitialized pointer Heiko Carstens <hca(a)linux.ibm.com> s390/early: Copy last breaking event address to pt_regs Miri Korenblit <miriam.rachel.korenblit(a)intel.com> wifi: mac80211: avoid weird state in error path Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: don't complete management TX on SAE commit Chris Mason <clm(a)fb.com> sched/fair: Bump sd->max_newidle_lb_cost when newidle balance fails Kamil Horák - 2N <kamilh(a)axis.com> net: phy: bcm54811: PHY initialization Sven Schnelle <svens(a)linux.ibm.com> s390/stp: Remove udelay from stp_sync_clock() Avraham Stern <avraham.stern(a)intel.com> wifi: iwlwifi: mvm: fix scan request validation Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> um: Re-evaluate thread flags repeatedly Miri Korenblit <miriam.rachel.korenblit(a)intel.com> wifi: iwlwifi: mvm: set gtk id also in older FWs Paul Chaignon <paul.chaignon(a)gmail.com> bpf: Forget ranges when refining tnum after JSET Juri Lelli <juri.lelli(a)redhat.com> sched/deadline: Fix accounting after global limits change Alok Tiwari <alok.a.tiwari(a)oracle.com> perf/cxlpmu: Remove unintended newline from IRQ name format string Biju Das <biju.das.jz(a)bp.renesas.com> net: phy: micrel: Add ksz9131_resume() Alok Tiwari <alok.a.tiwari(a)oracle.com> net: thunderx: Fix format-truncation warning in bgx_acpi_match_id() Oscar Maes <oscmaes92(a)gmail.com> net: ipv4: fix incorrect MTU in broadcast routes Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: don't unreserve never reserved chanctx Ilan Peer <ilan.peer(a)intel.com> wifi: cfg80211: Fix interface type validation Matt Johnston <matt(a)codeconstruct.com.au> net: mctp: Prevent duplicate binds Vincent Mailhol <mailhol.vincent(a)wanadoo.fr> can: ti_hecc: fix -Woverflow compiler warning Charlene Liu <Charlene.Liu(a)amd.com> drm/amd/display: limit clear_update_flags to dcn32 and above Paul E. McKenney <paulmck(a)kernel.org> rcu: Protect ->defer_qs_iw_pending from data race Umio Yasuno <coelacanth_dream(a)protonmail.com> drm/amd/pm: fix null pointer access Breno Leitao <leitao(a)debian.org> arm64: Mark kernel as tainted on SAE and SError panic Jack Ping CHNG <jchng(a)maxlinear.com> net: pcs: xpcs: mask readl() return value to 16 bits Leon Romanovsky <leon(a)kernel.org> net/mlx5e: Properly access RCU protected qdisc_sleeping variable Thomas Fourier <fourier.thomas(a)gmail.com> net: ag71xx: Add missing check after DMA map Thomas Fourier <fourier.thomas(a)gmail.com> et131x: Add missing check after DMA map Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtw89: Lower the timeout in rtw89_fw_read_c2h_reg() for USB Chin-Yen Lee <timlee(a)realtek.com> wifi: rtw89: wow: Add Basic Rate IE to probe request in scheduled scan mode Ahmed Zaki <ahmed.zaki(a)intel.com> idpf: preserve coalescing settings across resets Eduard Zingerman <eddyz87(a)gmail.com> libbpf: Verify that arena map exists when adding arena relocations Alok Tiwari <alok.a.tiwari(a)oracle.com> be2net: Use correct byte order and format string for TCP seq and ack_seq Sven Schnelle <svens(a)linux.ibm.com> s390/time: Use monotonic clock in get_cycles() Johannes Berg <johannes.berg(a)intel.com> wifi: cfg80211: reject HTC bit for management frames Steven Rostedt <rostedt(a)goodmis.org> ktest.pl: Prevent recursion of default variable options Sarika Sharma <quic_sarishar(a)quicinc.com> wifi: ath12k: Correct tid cleanup when tid setup fails Oliver Neukum <oneukum(a)suse.com> net: usb: cdc-ncm: check for filtering capability Avraham Stern <avraham.stern(a)intel.com> wifi: iwlwifi: mvm: avoid outdated reorder buffer head_sn Anthoine Bourgeois <anthoine.bourgeois(a)vates.tech> xen/netfront: Fix TX response spurious interrupts Zijun Hu <zijun.hu(a)oss.qualcomm.com> Bluetooth: hci_sock: Reset cookie to zero in hci_sock_free_cookie() En-Wei Wu <en-wei.wu(a)canonical.com> Bluetooth: btusb: Add new VID/PID 0489/e14e for MT7925 Steven Rostedt <rostedt(a)goodmis.org> powerpc/thp: tracing: Hide hugepage events under CONFIG_PPC_BOOK3S_64 Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> selftests: netfilter: Enable CONFIG_INET_SCTP_DIAG Florian Westphal <fw(a)strlen.de> netfilter: nft_set_pipapo: prefer kvmalloc for scratch maps Srinivas Kandagatla <srini(a)kernel.org> ASoC: qcom: use drvdata instead of component to keep id Xinxin Wan <xinxin.wan(a)intel.com> ASoC: codecs: rt5640: Retry DEVICE_ID verification Jonathan Santos <Jonathan.Santos(a)analog.com> iio: adc: ad7768-1: Ensure SYNC_IN pulse minimum timing requirement Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> ALSA: usb-audio: Avoid precedence issues in mixer_quirks macros Christophe Leroy <christophe.leroy(a)csgroup.eu> ALSA: pcm: Rewrite recalculate_boundary() to avoid costly loop Lucy Thrun <lucy.thrun(a)digital-rabbithole.de> ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control Tomasz Michalec <tmichalec(a)google.com> platform/chrome: cros_ec_typec: Defer probe on missing EC parent Kees Cook <kees(a)kernel.org> platform/x86: thinkpad_acpi: Handle KCOV __init vs inline mismatches Bjorn Andersson <bjorn.andersson(a)oss.qualcomm.com> soc: qcom: mdt_loader: Actually use the e_phoff Krzysztof Hałasa <khalasa(a)piap.pl> imx8m-blk-ctrl: set ISI panic write hurry level Gautham R. Shenoy <gautham.shenoy(a)amd.com> pm: cpupower: Fix the snapshot-order of tsc,mperf, clock in mperf_stop() Oliver Neukum <oneukum(a)suse.com> usb: core: usb_submit_urb: downgrade type check Tomasz Michalec <tmichalec(a)google.com> usb: typec: intel_pmc_mux: Defer probe if SCU IPC isn't present Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime() Joseph Tilahun <jtilahun(a)astranis.com> tty: serial: fix print format specifiers Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: topology: Parse the dapm_widget_tokens in case of DSPless mode Alok Tiwari <alok.a.tiwari(a)oracle.com> ALSA: intel8x0: Fix incorrect codec index usage in mixer for ICH4 Mark Brown <broonie(a)kernel.org> ASoC: hdac_hdmi: Rate limit logging on connection and disconnection Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bugs: Avoid warning when overriding return thunk Takashi Iwai <tiwai(a)suse.de> ALSA: hda: Disable jack polling at shutdown Takashi Iwai <tiwai(a)suse.de> ALSA: hda: Handle the jack polling always via a work Gwendal Grignou <gwendal(a)chromium.org> platform/chrome: cros_ec_sensorhub: Retries when a sensor is not ready Ulf Hansson <ulf.hansson(a)linaro.org> mmc: rtsx_usb_sdmmc: Fix error-path in sd_set_power_mode() Hans de Goede <hansg(a)kernel.org> mei: bus: Check for still connected devices in mei_cl_bus_dev_release() Zijun Hu <zijun.hu(a)oss.qualcomm.com> char: misc: Fix improper and inaccurate error code returned by misc_init() Peter Robinson <pbrobinson(a)gmail.com> reset: brcmstb: Enable reset drivers for ARCH_BCM2835 Eliav Farber <farbere(a)amazon.com> pps: clients: gpio: fix interrupt handling order in remove path Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> selftests: vDSO: vdso_test_getrandom: Always print TAP header Breno Leitao <leitao(a)debian.org> ACPI: APEI: GHES: add TAINT_MACHINE_CHECK on GHES panic path Sarthak Garg <quic_sartgarg(a)quicinc.com> mmc: sdhci-msm: Ensure SD card power isn't ON when card removed Sebastian Ott <sebott(a)redhat.com> ACPI: processor: fix acpi_object initialization tuhaowen <tuhaowen(a)uniontech.com> PM: sleep: console: Fix the black screen issue Hsin-Te Yuan <yuanhsinte(a)chromium.org> thermal: sysfs: Return ENODATA instead of EAGAIN for reads Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PM: runtime: Clear power.needs_force_resume in pm_runtime_reinit() Thierry Reding <treding(a)nvidia.com> firmware: tegra: Fix IVC dependency problems Peng Fan <peng.fan(a)nxp.com> firmware: arm_scmi: power_control: Ensure SCMI_SYSPOWER_IDLE is set early during resume Zhu Qiyu <qiyuzhu2(a)amd.com> ACPI: PRM: Reduce unnecessary printing to avoid user confusion Masami Hiramatsu (Google) <mhiramat(a)kernel.org> selftests: tracing: Use mutex_unlock for testing glob filter Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> tools/build: Fix s390(x) cross-compilation with clang Aaron Kling <webgeek1234(a)gmail.com> ARM: tegra: Use I/O memcpy to write to IRAM Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> gpio: tps65912: check the return value of regmap_update_bits() David Lechner <dlechner(a)baylibre.com> iio: adc: ad_sigma_delta: don't overallocate scan buffer Thomas Weißschuh <linux(a)weissschuh.net> tools/nolibc: define time_t in terms of __kernel_old_time_t David Collins <david.collins(a)oss.qualcomm.com> thermal/drivers/qcom-spmi-temp-alarm: Enable stage 2 shutdown when required Kuninori Morimoto <kuninori.morimoto.gx(a)renesas.com> ASoC: soc-dapm: set bias_level if snd_soc_dapm_set_bias_level() was successed Shubhrajyoti Datta <shubhrajyoti.datta(a)amd.com> EDAC/synopsys: Clear the ECC counters on init Lifeng Zheng <zhenglifeng1(a)huawei.com> PM / devfreq: governor: Replace sscanf() with kstrtoul() in set_freq_store() Alexander Kochetkov <al.kochet(a)gmail.com> ARM: rockchip: fix kernel hang during smp initialization Li RongQing <lirongqing(a)baidu.com> cpufreq: intel_pstate: Add Granite Rapids support in no-HWP mode Lifeng Zheng <zhenglifeng1(a)huawei.com> cpufreq: Exit governor when failed to start old governor Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> gpio: wcd934x: check the return value of regmap_update_bits() Guillaume La Roque <glaroque(a)baylibre.com> pmdomain: ti: Select PM_GENERIC_DOMAINS André Draszik <andre.draszik(a)linaro.org> usb: typec: tcpm/tcpci_maxim: fix irq wake usage Hiago De Franco <hiago.franco(a)toradex.com> remoteproc: imx_rproc: skip clock enable when M-core is managed by the SCU Shuai Xue <xueshuai(a)linux.alibaba.com> ACPI: APEI: send SIGBUS to current task if synchronous memory error not recovered Maulik Shah <maulik.shah(a)oss.qualcomm.com> soc: qcom: rpmh-rsc: Add RSC version 4 support Mario Limonciello <mario.limonciello(a)amd.com> usb: xhci: Avoid showing errors during surprise removal Jay Chen <shawn2000100(a)gmail.com> usb: xhci: Set avg_trb_len = 8 for EP0 during Address Device Command Mario Limonciello <mario.limonciello(a)amd.com> usb: xhci: Avoid showing warnings for dying controller Benson Leung <bleung(a)chromium.org> usb: typec: ucsi: psy: Set current max to 100mA for BC 1.2 and Default Cynthia Huang <cynthia(a)andestech.com> selftests/futex: Define SYS_futex on 32-bit architectures with 64-bit time_t Prashant Malani <pmalani(a)google.com> cpufreq: CPPC: Mark driver with NEED_UPDATE_LIMITS flag Mario Limonciello <mario.limonciello(a)amd.com> platform/x86/amd: pmc: Add Lenovo Yoga 6 13ALC6 to pmc quirk list Su Hui <suhui(a)nfschina.com> usb: xhci: print xhci->xhc_state when queue_command failed Steven Rostedt <rostedt(a)goodmis.org> tracefs: Add d_delete to remove negative dentries Al Viro <viro(a)zeniv.linux.org.uk> securityfs: don't pin dentries twice, once is enough... Al Viro <viro(a)zeniv.linux.org.uk> fix locking in efi_secret_unlink() Wei Gao <wegao(a)suse.com> ext2: Handle fiemap on empty files to prevent EINVAL Christian Brauner <brauner(a)kernel.org> pidfs: raise SB_I_NODEV and SB_I_NOEXEC Rong Zhang <ulin0208(a)gmail.com> fs/ntfs3: correctly create symlink for relative path Lizhi Xu <lizhi.xu(a)windriver.com> fs/ntfs3: Add sanity check for file name Damien Le Moal <dlemoal(a)kernel.org> ata: libata-sata: Disallow changing LPM state if not supported Damien Le Moal <dlemoal(a)kernel.org> ata: ahci: Disable DIPM if host lacks support Damien Le Moal <dlemoal(a)kernel.org> ata: ahci: Disallow LPM policy control if not supported Al Viro <viro(a)zeniv.linux.org.uk> better lockdep annotations for simple_recursive_removal() Viacheslav Dubeyko <slava(a)dubeyko.com> hfs: fix not erasing deleted b-tree node issue Sarah Newman <srn(a)prgmr.com> drbd: add missing kref_get in handle_write_conflicts Jan Kara <jack(a)suse.cz> udf: Verify partition map count Jan Kara <jack(a)suse.cz> loop: Avoid updating block size under exclusive owner Andrew Price <anprice(a)redhat.com> gfs2: Set .migrate_folio in gfs2_{rgrp,meta}_aops Andrew Price <anprice(a)redhat.com> gfs2: Validate i_depth for exhash directories Maurizio Lombardi <mlombard(a)redhat.com> nvme-tcp: log TLS handshake failures at error level John Garry <john.g.garry(a)oracle.com> md/raid10: set chunk_sectors limit John Garry <john.g.garry(a)oracle.com> dm-stripe: limit chunk_sectors to the stripe size Keith Busch <kbusch(a)kernel.org> nvme-pci: try function level reset on init failure NeilBrown <neil(a)brown.name> smb/server: avoid deadlock when linking with ReplaceIfExists Yeoreum Yun <yeoreum.yun(a)arm.com> firmware: arm_ffa: Change initcall level of ffa_init() to rootfs_initcall Kees Cook <kees(a)kernel.org> arm64: Handle KCOV __init vs inline mismatches Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> hfsplus: don't use BUG_ON() in hfsplus_create_attributes_file() Viacheslav Dubeyko <slava(a)dubeyko.com> hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() Viacheslav Dubeyko <slava(a)dubeyko.com> hfsplus: fix slab-out-of-bounds in hfsplus_bnode_read() Viacheslav Dubeyko <slava(a)dubeyko.com> hfs: fix slab-out-of-bounds in hfs_bnode_read() Viacheslav Dubeyko <slava(a)dubeyko.com> hfs: fix general protection fault in hfs_find_init() Sven Stegemann <sven(a)stegemann.de> net: kcm: Fix race condition in kcm_unattach() Jakub Kicinski <kuba(a)kernel.org> tls: handle data disappearing from under the TLS ULP Jeongjun Park <aha310510(a)gmail.com> ptp: prevent possible ABBA deadlock in ptp_clock_freerun() Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpuidle: governors: menu: Avoid using invalid recent intervals data Len Brown <len.brown(a)intel.com> intel_idle: Allow loading ACPI tables for any family Xin Long <lucien.xin(a)gmail.com> sctp: linearize cloned gso packets in sctp_rcv Alok Tiwari <alok.a.tiwari(a)oracle.com> net: ti: icss-iep: Fix incorrect type for return value in extts_enable() MD Danish Anwar <danishanwar(a)ti.com> net: ti: icssg-prueth: Fix emac link speed handling Florian Westphal <fw(a)strlen.de> netfilter: ctnetlink: fix refcount leak on table dump Sabrina Dubroca <sd(a)queasysnail.net> udp: also consider secpath when evaluating ipsec use for checksumming Jinjiang Tu <tujinjiang(a)huawei.com> mm/smaps: fix race between smaps_hugetlb_range and migration Al Viro <viro(a)zeniv.linux.org.uk> habanalabs: fix UAF in export_dmabuf() Maxim Levitsky <mlevitsk(a)redhat.com> KVM: VMX: Preserve host's DEBUGCTLMSR_FREEZE_IN_SMM while running the guest Maxim Levitsky <mlevitsk(a)redhat.com> KVM: VMX: Wrap all accesses to IA32_DEBUGCTL with getter/setter APIs Maxim Levitsky <mlevitsk(a)redhat.com> KVM: nVMX: Check vmcs12->guest_ia32_debugctl on nested VM-Enter Sean Christopherson <seanjc(a)google.com> KVM: VMX: Extract checking of guest's DEBUGCTL into helper Sean Christopherson <seanjc(a)google.com> KVM: VMX: Allow guest to set DEBUGCTL.RTM_DEBUG if RTM is supported Sean Christopherson <seanjc(a)google.com> KVM: x86: Drop kvm_x86_ops.set_dr6() in favor of a new KVM_RUN flag Sean Christopherson <seanjc(a)google.com> KVM: x86: Convert vcpu_run()'s immediate exit param into a generic bitmap Stefan Metzmacher <metze(a)samba.org> smb: client: don't wait for info->send_pending == 0 on error Stefan Metzmacher <metze(a)samba.org> smb: client: let send_done() cleanup before calling smbd_disconnect_rdma_connection() Li Zhijian <lizhijian(a)fujitsu.com> mm/memory-tier: fix abstract distance calculation overflow Damien Le Moal <dlemoal(a)kernel.org> block: Make REQ_OP_ZONE_FINISH a write operation Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> ACPI: processor: perflib: Move problematic pr->performance check Jiayi Li <lijiayi(a)kylinos.cn> ACPI: processor: perflib: Fix initial _PPC limit application Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Documentation: ACPI: Fix parent device references Jann Horn <jannh(a)google.com> eventpoll: Fix semi-unbounded recursion Sasha Levin <sashal(a)kernel.org> fs: Prevent file descriptor table allocations exceeding INT_MAX Eric Biggers <ebiggers(a)kernel.org> fscrypt: Don't use problematic non-inline crypto engines André Draszik <andre.draszik(a)linaro.org> clk: samsung: gs101: fix alternate mout_hsi0_usb20_ref parent clock André Draszik <andre.draszik(a)linaro.org> clk: samsung: gs101: fix CLK_DOUT_CMU_G3D_BUSD André Draszik <andre.draszik(a)linaro.org> clk: samsung: exynos850: fix a comment Ma Ke <make24(a)iscas.ac.cn> sunvdc: Balance device refcount in vdc_port_mpgroup_check Yao Zi <ziyao(a)disroot.org> LoongArch: Avoid in-place string operation on FDT content Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Make relocate_new_kernel_size be a .quad value Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> LoongArch: Don't use %pK through printk() in unwinder Haoran Jiang <jianghaoran(a)kylinos.cn> LoongArch: BPF: Fix jump offset calculation in tailcall Huacai Chen <chenhuacai(a)kernel.org> PCI: Extend isolated function probing to LoongArch Trond Myklebust <trond.myklebust(a)hammerspace.com> NFS: Fix the setting of capabilities when automounting a new filesystem Dai Ngo <dai.ngo(a)oracle.com> NFSD: detect mismatch of file handle and delegation stateid in OPEN op Jeff Layton <jlayton(a)kernel.org> nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() Xu Yang <xu.yang_2(a)nxp.com> net: usb: asix_devices: add phy_mask for ax88772 mdio bus Johan Hovold <johan(a)kernel.org> net: dpaa: fix device leak when querying time stamp info Johan Hovold <johan(a)kernel.org> net: ti: icss-iep: fix device and OF node leaks at probe Johan Hovold <johan(a)kernel.org> net: mtk_eth_soc: fix device leak at probe Johan Hovold <johan(a)kernel.org> net: enetc: fix device and OF node leak at probe Johan Hovold <johan(a)kernel.org> net: gianfar: fix device leak when querying time stamp info Heiner Kallweit <hkallweit1(a)gmail.com> net: ftgmac100: fix potential NULL pointer access in ftgmac100_phy_disconnect Florian Larysch <fl(a)n621.de> net: phy: micrel: fix KSZ8081/KSZ8091 cable test Fedor Pchelkin <pchelkin(a)ispras.ru> netlink: avoid infinite retry looping in netlink_unicast() Daniel Golle <daniel(a)makrotopia.org> Revert "leds: trigger: netdev: Configure LED blink interval for HW offload" Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> leds: flash: leds-qcom-flash: Fix registry access after re-bind David Thompson <davthompson(a)nvidia.com> gpio: mlxbf3: use platform_get_irq_optional() David Thompson <davthompson(a)nvidia.com> Revert "gpio: mlxbf3: only get IRQ for device instance 0" David Thompson <davthompson(a)nvidia.com> gpio: mlxbf2: use platform_get_irq_optional() Harald Mommer <harald.mommer(a)oss.qualcomm.com> gpio: virtio: Fix config space reading. Wang Zhaolong <wangzhaolong(a)huaweicloud.com> smb: client: remove redundant lstrp update in negotiate protocol Steve French <stfrench(a)microsoft.com> smb3: fix for slab out of bounds on mount to ksmbd Christopher Eby <kreed(a)kreed.org> ALSA: hda/realtek: Add Framework Laptop 13 (AMD Ryzen AI 300) to quirks Vasiliy Kovalev <kovalev(a)altlinux.org> ALSA: hda/realtek: Fix headset mic on HONOR BRB-X Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Validate UAC3 cluster segment descriptors Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Validate UAC3 power domain descriptors, too Pavel Begunkov <asml.silence(a)gmail.com> io_uring: don't use int for ABI ------------- Diffstat: Documentation/filesystems/fscrypt.rst | 37 +++---- Documentation/firmware-guide/acpi/i2c-muxes.rst | 8 +- Makefile | 4 +- arch/arm/mach-rockchip/platsmp.c | 15 +-- arch/arm/mach-tegra/reset.c | 2 +- arch/arm64/boot/dts/ti/k3-j722s-evm.dts | 4 +- arch/arm64/include/asm/acpi.h | 2 +- arch/arm64/kernel/acpi.c | 10 +- arch/arm64/kernel/stacktrace.c | 2 + arch/arm64/kernel/traps.c | 1 + arch/arm64/mm/fault.c | 1 + arch/arm64/mm/ptdump_debugfs.c | 3 - arch/loongarch/kernel/env.c | 13 ++- arch/loongarch/kernel/relocate_kernel.S | 2 +- arch/loongarch/kernel/unwind_orc.c | 2 +- arch/loongarch/net/bpf_jit.c | 21 +--- arch/mips/include/asm/vpe.h | 8 ++ arch/mips/kernel/process.c | 16 +-- arch/mips/lantiq/falcon/sysctrl.c | 23 ++--- arch/parisc/Makefile | 2 +- arch/powerpc/include/asm/floppy.h | 5 +- arch/powerpc/platforms/512x/mpc512x_lpbfifo.c | 6 +- arch/riscv/mm/ptdump.c | 3 - arch/s390/include/asm/timex.h | 13 ++- arch/s390/kernel/early.c | 1 + arch/s390/kernel/time.c | 2 +- arch/s390/mm/dump_pagetables.c | 2 - arch/um/include/asm/thread_info.h | 4 + arch/um/kernel/process.c | 18 ++-- arch/x86/include/asm/kvm-x86-ops.h | 1 - arch/x86/include/asm/kvm_host.h | 15 ++- arch/x86/include/asm/msr-index.h | 1 + arch/x86/kernel/cpu/bugs.c | 5 +- arch/x86/kvm/svm/svm.c | 14 +-- arch/x86/kvm/vmx/main.c | 3 +- arch/x86/kvm/vmx/nested.c | 21 +++- arch/x86/kvm/vmx/pmu_intel.c | 8 +- arch/x86/kvm/vmx/vmx.c | 57 ++++++----- arch/x86/kvm/vmx/vmx.h | 26 +++++ arch/x86/kvm/vmx/x86_ops.h | 2 +- arch/x86/kvm/x86.c | 25 ++++- block/bfq-iosched.c | 35 +++---- block/bfq-iosched.h | 3 +- block/blk-mq.c | 6 +- block/blk-settings.c | 2 +- block/blk-zoned.c | 20 +--- block/kyber-iosched.c | 9 +- block/mq-deadline.c | 16 +-- crypto/jitterentropy-kcapi.c | 9 +- drivers/accel/habanalabs/common/memory.c | 23 ++--- drivers/acpi/acpi_processor.c | 2 +- drivers/acpi/apei/ghes.c | 13 +++ drivers/acpi/prmt.c | 26 ++++- drivers/acpi/processor_perflib.c | 11 +++ drivers/ata/ahci.c | 12 ++- drivers/ata/ata_piix.c | 1 + drivers/ata/libahci.c | 1 + drivers/ata/libata-sata.c | 52 ++++++++-- drivers/base/power/runtime.c | 5 + drivers/block/drbd/drbd_receiver.c | 6 +- drivers/block/loop.c | 38 ++++++-- drivers/block/sunvdc.c | 4 +- drivers/bluetooth/btusb.c | 2 + drivers/char/ipmi/ipmi_msghandler.c | 8 +- drivers/char/ipmi/ipmi_watchdog.c | 59 ++++++++---- drivers/char/misc.c | 4 +- drivers/clk/qcom/gcc-ipq5018.c | 2 +- drivers/clk/qcom/gcc-ipq8074.c | 6 +- drivers/clk/renesas/rzg2l-cpg.c | 8 +- drivers/clk/samsung/clk-exynos850.c | 2 +- drivers/clk/samsung/clk-gs101.c | 4 +- drivers/clk/tegra/clk-periph.c | 4 +- drivers/clk/thead/clk-th1520-ap.c | 5 +- drivers/comedi/comedi_fops.c | 33 +++++-- drivers/comedi/comedi_internal.h | 1 + drivers/comedi/drivers.c | 13 ++- drivers/cpufreq/cppc_cpufreq.c | 2 +- drivers/cpufreq/cpufreq.c | 8 +- drivers/cpufreq/intel_pstate.c | 2 + drivers/cpuidle/governors/menu.c | 21 +++- drivers/crypto/ccp/sp-pci.c | 1 + drivers/crypto/hisilicon/hpre/hpre_crypto.c | 8 +- .../crypto/marvell/octeontx2/otx2_cptpf_ucode.c | 16 ++- drivers/devfreq/governor_userspace.c | 6 +- drivers/dma/stm32/stm32-dma.c | 2 +- drivers/edac/synopsys_edac.c | 93 +++++++++--------- drivers/firmware/arm_ffa/driver.c | 2 +- drivers/firmware/arm_scmi/scmi_power_control.c | 22 ++++- drivers/firmware/tegra/Kconfig | 5 +- drivers/gpio/gpio-mlxbf2.c | 2 +- drivers/gpio/gpio-mlxbf3.c | 52 ++++------ drivers/gpio/gpio-tps65912.c | 7 +- drivers/gpio/gpio-virtio.c | 9 +- drivers/gpio/gpio-wcd934x.c | 7 +- drivers/gpu/drm/amd/amdgpu/amdgpu_csa.c | 4 +- drivers/gpu/drm/amd/amdgpu/amdgpu_vram_mgr.c | 3 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 3 +- .../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_psr.c | 6 +- drivers/gpu/drm/amd/display/dc/core/dc.c | 6 +- .../drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c | 11 +-- drivers/gpu/drm/amd/display/dc/link/link_dpms.c | 3 +- .../gpu/drm/amd/display/dc/mpc/dcn401/dcn401_mpc.c | 2 +- .../display/dc/resource/dcn314/dcn314_resource.c | 1 + drivers/gpu/drm/amd/display/dmub/src/dmub_dcn35.c | 16 +-- drivers/gpu/drm/amd/pm/amdgpu_pm.c | 5 + drivers/gpu/drm/amd/pm/swsmu/smu11/vangogh_ppt.c | 37 +++---- drivers/gpu/drm/imagination/pvr_power.c | 59 +++++++++++- drivers/gpu/drm/msm/msm_drv.c | 9 +- drivers/gpu/drm/msm/msm_gem.c | 3 +- drivers/gpu/drm/msm/msm_gem.h | 6 ++ drivers/gpu/drm/renesas/rz-du/rzg2l_mipi_dsi.c | 3 + drivers/gpu/drm/ttm/ttm_pool.c | 8 +- drivers/gpu/drm/ttm/ttm_resource.c | 3 + drivers/gpu/drm/xe/xe_guc_exec_queue_types.h | 2 + drivers/gpu/drm/xe/xe_guc_submit.c | 7 +- drivers/gpu/drm/xe/xe_hw_fence.c | 3 + drivers/gpu/drm/xe/xe_query.c | 27 +++--- drivers/hid/hid-apple.c | 17 ++-- drivers/hid/hid-magicmouse.c | 56 +++++++---- drivers/hwmon/emc2305.c | 10 +- drivers/i2c/i2c-core-acpi.c | 1 + drivers/i3c/internals.h | 1 + drivers/i3c/master.c | 4 +- drivers/idle/intel_idle.c | 2 +- drivers/iio/adc/ad7768-1.c | 23 ++++- drivers/iio/adc/ad_sigma_delta.c | 2 +- drivers/infiniband/core/nldev.c | 22 +++-- drivers/infiniband/hw/bnxt_re/ib_verbs.c | 2 +- drivers/infiniband/hw/hfi1/affinity.c | 44 +++++---- drivers/infiniband/sw/siw/siw_qp_tx.c | 5 +- drivers/iommu/arm/arm-smmu/arm-smmu-qcom.c | 1 + drivers/iommu/intel/iommu.c | 19 +++- drivers/iommu/intel/iommu.h | 3 + drivers/iommu/iommufd/io_pagetable.c | 48 +++++---- drivers/leds/flash/leds-qcom-flash.c | 15 ++- drivers/leds/leds-lp50xx.c | 11 ++- drivers/leds/trigger/ledtrig-netdev.c | 16 +-- drivers/md/dm-ps-historical-service-time.c | 4 +- drivers/md/dm-ps-queue-length.c | 4 +- drivers/md/dm-ps-round-robin.c | 4 +- drivers/md/dm-ps-service-time.c | 4 +- drivers/md/dm-stripe.c | 1 + drivers/md/dm-table.c | 10 +- drivers/md/dm-zoned-target.c | 2 +- drivers/md/dm.c | 37 ++++--- drivers/md/raid10.c | 1 + drivers/media/dvb-frontends/dib7000p.c | 8 ++ drivers/media/i2c/hi556.c | 7 +- drivers/media/i2c/tc358743.c | 86 ++++++++++------- drivers/media/pci/intel/ipu-bridge.c | 2 + drivers/media/platform/qcom/venus/hfi_msgs.c | 83 +++++++++++----- drivers/media/usb/hdpvr/hdpvr-i2c.c | 6 ++ drivers/media/usb/uvc/uvc_driver.c | 12 +++ drivers/media/usb/uvc/uvc_video.c | 21 ++-- drivers/media/v4l2-core/v4l2-common.c | 14 ++- drivers/mfd/axp20x.c | 3 +- drivers/mfd/cros_ec_dev.c | 10 +- drivers/misc/cardreader/rtsx_usb.c | 16 +-- drivers/misc/mei/bus.c | 6 ++ drivers/mmc/host/rtsx_usb_sdmmc.c | 4 +- drivers/mmc/host/sdhci-msm.c | 14 +++ drivers/net/can/ti_hecc.c | 2 +- drivers/net/dsa/b53/b53_common.c | 76 ++++++++++++--- drivers/net/dsa/b53/b53_regs.h | 7 +- drivers/net/ethernet/agere/et131x.c | 36 +++++++ drivers/net/ethernet/aquantia/atlantic/aq_hw.h | 2 + .../aquantia/atlantic/hw_atl2/hw_atl2_utils_fw.c | 39 ++++++++ drivers/net/ethernet/atheros/ag71xx.c | 9 ++ drivers/net/ethernet/cavium/thunder/thunder_bgx.c | 4 +- drivers/net/ethernet/emulex/benet/be_main.c | 8 +- drivers/net/ethernet/faraday/ftgmac100.c | 7 +- drivers/net/ethernet/freescale/dpaa/dpaa_eth.c | 2 - drivers/net/ethernet/freescale/dpaa/dpaa_ethtool.c | 4 +- drivers/net/ethernet/freescale/enetc/enetc_pf.c | 14 ++- drivers/net/ethernet/freescale/fec_main.c | 34 +++---- drivers/net/ethernet/freescale/gianfar_ethtool.c | 4 +- drivers/net/ethernet/google/gve/gve_adminq.c | 1 + drivers/net/ethernet/intel/idpf/idpf.h | 19 ++++ drivers/net/ethernet/intel/idpf/idpf_ethtool.c | 36 +++++-- drivers/net/ethernet/intel/idpf/idpf_lib.c | 18 +++- drivers/net/ethernet/intel/idpf/idpf_main.c | 1 + drivers/net/ethernet/intel/idpf/idpf_txrx.c | 13 ++- drivers/net/ethernet/mediatek/mtk_wed.c | 1 - drivers/net/ethernet/mellanox/mlx5/core/en/qos.c | 2 +- drivers/net/ethernet/pensando/ionic/ionic_lif.c | 7 +- drivers/net/ethernet/ti/icssg/icss_iep.c | 26 +++-- drivers/net/ethernet/ti/icssg/icssg_prueth.c | 6 ++ drivers/net/hyperv/hyperv_net.h | 3 + drivers/net/hyperv/netvsc_drv.c | 29 +++++- drivers/net/pcs/pcs-xpcs-plat.c | 4 +- drivers/net/phy/broadcom.c | 25 ++++- drivers/net/phy/micrel.c | 12 ++- drivers/net/phy/smsc.c | 1 + drivers/net/thunderbolt/main.c | 21 ++-- drivers/net/usb/asix_devices.c | 1 + drivers/net/usb/cdc_ncm.c | 20 +++- drivers/net/wireless/ath/ath10k/core.c | 48 ++++++++- drivers/net/wireless/ath/ath10k/core.h | 11 ++- drivers/net/wireless/ath/ath10k/mac.c | 7 +- drivers/net/wireless/ath/ath10k/wmi.c | 6 ++ drivers/net/wireless/ath/ath12k/dp.c | 3 +- drivers/net/wireless/ath/ath12k/hw.c | 2 +- drivers/net/wireless/ath/ath12k/mac.c | 1 + drivers/net/wireless/ath/ath12k/wmi.c | 5 + drivers/net/wireless/intel/iwlegacy/4965-mac.c | 5 +- drivers/net/wireless/intel/iwlwifi/dvm/rs.c | 2 +- drivers/net/wireless/intel/iwlwifi/fw/dbg.c | 7 +- drivers/net/wireless/intel/iwlwifi/mvm/d3.c | 2 + drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c | 5 + drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 2 +- drivers/net/wireless/mediatek/mt76/mt7915/mcu.c | 25 +++-- drivers/net/wireless/realtek/rtlwifi/pci.c | 23 +++-- drivers/net/wireless/realtek/rtw89/chan.c | 6 ++ drivers/net/wireless/realtek/rtw89/fw.c | 9 +- drivers/net/wireless/realtek/rtw89/fw.h | 2 + drivers/net/wireless/realtek/rtw89/mac.c | 19 ++++ drivers/net/wireless/realtek/rtw89/reg.h | 1 + drivers/net/wireless/realtek/rtw89/wow.c | 5 +- drivers/net/xen-netfront.c | 5 - drivers/nvme/host/pci.c | 24 ++++- drivers/nvme/host/tcp.c | 11 ++- drivers/pci/pci-acpi.c | 4 +- drivers/pci/pci.c | 94 ++++++++++++------ drivers/pci/pci.h | 1 + drivers/pci/probe.c | 5 +- drivers/perf/arm-cmn.c | 1 + drivers/perf/arm-ni.c | 1 + drivers/perf/cxl_pmu.c | 2 +- drivers/phy/rockchip/phy-rockchip-pcie.c | 3 +- drivers/pinctrl/stm32/pinctrl-stm32.c | 1 + drivers/platform/chrome/cros_ec_sensorhub.c | 23 ++++- drivers/platform/chrome/cros_ec_typec.c | 4 +- drivers/platform/x86/amd/pmc/pmc-quirks.c | 9 ++ drivers/platform/x86/thinkpad_acpi.c | 4 +- drivers/pmdomain/imx/imx8m-blk-ctrl.c | 10 ++ drivers/pmdomain/ti/Kconfig | 2 +- drivers/power/supply/qcom_battmgr.c | 2 + drivers/pps/clients/pps-gpio.c | 5 +- drivers/ptp/ptp_clock.c | 2 +- drivers/ptp/ptp_private.h | 5 + drivers/ptp/ptp_vclock.c | 7 ++ drivers/remoteproc/imx_rproc.c | 4 +- drivers/reset/Kconfig | 10 +- drivers/rtc/rtc-ds1307.c | 15 ++- drivers/scsi/aacraid/comminit.c | 3 +- drivers/scsi/bfa/bfad_im.c | 1 + drivers/scsi/libiscsi.c | 3 +- drivers/scsi/lpfc/lpfc_debugfs.c | 1 - drivers/scsi/lpfc/lpfc_hbadisc.c | 3 +- drivers/scsi/lpfc/lpfc_scsi.c | 4 + drivers/scsi/mpi3mr/mpi3mr_os.c | 20 +++- drivers/scsi/mpt3sas/mpt3sas_scsih.c | 19 ++++ drivers/scsi/scsi_scan.c | 2 +- drivers/scsi/scsi_transport_sas.c | 62 +++++++++--- drivers/soc/qcom/mdt_loader.c | 10 +- drivers/soc/qcom/rpmh-rsc.c | 2 +- drivers/soundwire/amd_manager.c | 7 +- drivers/soundwire/bus.c | 6 +- drivers/target/target_core_fabric_lib.c | 65 ++++++++++--- drivers/target/target_core_internal.h | 4 +- drivers/target/target_core_pr.c | 18 ++-- drivers/thermal/qcom/qcom-spmi-temp-alarm.c | 43 +++++++-- drivers/thermal/thermal_sysfs.c | 9 +- drivers/thunderbolt/domain.c | 2 +- drivers/tty/serial/serial_core.c | 44 ++++----- drivers/usb/class/cdc-acm.c | 11 ++- drivers/usb/core/config.c | 10 +- drivers/usb/core/urb.c | 2 +- drivers/usb/host/xhci-mem.c | 2 + drivers/usb/host/xhci-ring.c | 10 +- drivers/usb/host/xhci.c | 6 +- drivers/usb/typec/mux/intel_pmc_mux.c | 2 +- drivers/usb/typec/tcpm/tcpci_maxim_core.c | 46 ++++++--- drivers/usb/typec/ucsi/psy.c | 2 +- drivers/usb/typec/ucsi/ucsi.c | 1 + drivers/usb/typec/ucsi/ucsi.h | 7 +- drivers/vfio/pci/mlx5/cmd.c | 4 +- drivers/vfio/vfio_iommu_type1.c | 7 ++ drivers/vhost/vhost.c | 3 + drivers/video/fbdev/core/fbcon.c | 9 +- drivers/video/fbdev/core/fbmem.c | 3 + drivers/virt/coco/efi_secret/efi_secret.c | 10 +- drivers/watchdog/dw_wdt.c | 2 + drivers/watchdog/iTCO_wdt.c | 6 +- drivers/watchdog/sbsa_gwdt.c | 50 +++++++++- fs/btrfs/block-group.c | 27 +++++- fs/btrfs/ctree.c | 1 + fs/btrfs/extent-tree.c | 33 ++++--- fs/btrfs/qgroup.c | 13 ++- fs/btrfs/relocation.c | 19 ++++ fs/btrfs/transaction.c | 6 +- fs/btrfs/tree-log.c | 107 ++++++++++++++------- fs/btrfs/zoned.c | 5 +- fs/crypto/fscrypt_private.h | 17 ++++ fs/crypto/hkdf.c | 2 +- fs/crypto/keysetup.c | 3 +- fs/crypto/keysetup_v1.c | 3 +- fs/eventpoll.c | 60 +++++++++--- fs/exfat/dir.c | 12 +++ fs/exfat/fatent.c | 10 ++ fs/exfat/namei.c | 5 + fs/exfat/super.c | 32 +++--- fs/ext2/inode.c | 12 ++- fs/ext4/inline.c | 19 +++- fs/ext4/mballoc-test.c | 9 ++ fs/ext4/mballoc.c | 69 ++++++------- fs/f2fs/file.c | 24 ++--- fs/file.c | 15 +++ fs/gfs2/dir.c | 6 +- fs/gfs2/glops.c | 6 ++ fs/gfs2/meta_io.c | 2 + fs/hfs/bfind.c | 3 + fs/hfs/bnode.c | 93 ++++++++++++++++++ fs/hfs/btree.c | 57 ++++++++--- fs/hfs/extent.c | 2 +- fs/hfs/hfs_fs.h | 1 + fs/hfsplus/bnode.c | 92 ++++++++++++++++++ fs/hfsplus/unicode.c | 7 ++ fs/hfsplus/xattr.c | 6 +- fs/jfs/file.c | 3 + fs/jfs/inode.c | 2 +- fs/jfs/jfs_dmap.c | 6 ++ fs/libfs.c | 4 +- fs/nfs/blocklayout/blocklayout.c | 4 +- fs/nfs/blocklayout/dev.c | 5 +- fs/nfs/blocklayout/extent_tree.c | 20 +++- fs/nfs/client.c | 44 ++++++++- fs/nfs/internal.h | 2 +- fs/nfs/nfs4client.c | 20 +--- fs/nfs/nfs4proc.c | 2 +- fs/nfs/pnfs.c | 11 ++- fs/nfsd/nfs4state.c | 34 ++++++- fs/ntfs3/dir.c | 3 + fs/ntfs3/inode.c | 31 +++--- fs/orangefs/orangefs-debugfs.c | 2 +- fs/pidfs.c | 2 + fs/proc/task_mmu.c | 6 +- fs/smb/client/cifssmb.c | 10 ++ fs/smb/client/compress.c | 61 +++--------- fs/smb/client/connect.c | 10 +- fs/smb/client/sess.c | 9 ++ fs/smb/client/smb2ops.c | 11 ++- fs/smb/client/smbdirect.c | 25 ++--- fs/smb/server/smb2pdu.c | 16 +-- fs/tracefs/inode.c | 11 +++ fs/udf/super.c | 13 ++- fs/xfs/scrub/trace.h | 2 +- include/linux/blk_types.h | 6 +- include/linux/blkdev.h | 55 +++++++++++ include/linux/hypervisor.h | 3 + include/linux/if_vlan.h | 21 ++-- include/linux/libata.h | 1 + include/linux/memory-tiers.h | 2 +- include/linux/packing.h | 6 +- include/linux/pci.h | 16 ++- include/linux/sbitmap.h | 6 +- include/linux/skbuff.h | 8 +- include/linux/usb/cdc_ncm.h | 1 + include/linux/virtio_vsock.h | 7 +- include/net/cfg80211.h | 2 +- include/net/kcm.h | 1 - include/net/mac80211.h | 4 + include/net/neighbour.h | 1 + include/net/net_namespace.h | 16 +++ include/net/sock.h | 1 + include/trace/events/thp.h | 2 + include/uapi/linux/in6.h | 4 +- include/uapi/linux/io_uring.h | 2 +- include/uapi/linux/pci_regs.h | 1 + io_uring/rw.c | 2 +- kernel/bpf/verifier.c | 7 +- kernel/module/main.c | 10 +- kernel/power/console.c | 7 +- kernel/printk/nbcon.c | 63 +++++++----- kernel/rcu/tree.c | 2 + kernel/rcu/tree.h | 14 ++- kernel/rcu/tree_nocb.h | 5 +- kernel/rcu/tree_plugin.h | 44 ++++++--- kernel/sched/deadline.c | 4 +- kernel/sched/fair.c | 19 +++- kernel/sched/rt.c | 6 ++ lib/sbitmap.c | 56 +++++------ mm/damon/core.c | 1 + mm/kmemleak.c | 10 +- mm/ptdump.c | 2 + mm/slub.c | 7 +- mm/userfaultfd.c | 15 +-- net/bluetooth/hci_sock.c | 2 +- net/core/ieee8021q_helpers.c | 44 +++------ net/core/neighbour.c | 12 ++- net/core/net_namespace.c | 8 +- net/core/sock.c | 27 +++++- net/ipv4/route.c | 1 - net/ipv4/udp_offload.c | 2 +- net/ipv6/addrconf.c | 7 +- net/ipv6/mcast.c | 11 +-- net/kcm/kcmsock.c | 10 +- net/mac80211/cfg.c | 12 +-- net/mac80211/chan.c | 1 + net/mac80211/link.c | 9 +- net/mac80211/mlme.c | 12 ++- net/mac80211/rx.c | 12 ++- net/mctp/af_mctp.c | 28 +++++- net/mptcp/subflow.c | 5 +- net/ncsi/internal.h | 2 +- net/ncsi/ncsi-rsp.c | 1 + net/netfilter/nf_conntrack_netlink.c | 24 ++--- net/netfilter/nft_set_pipapo.c | 9 +- net/netlink/af_netlink.c | 12 +-- net/rds/tcp.c | 8 +- net/sched/sch_ets.c | 11 ++- net/sctp/input.c | 2 +- net/smc/af_smc.c | 5 +- net/sunrpc/svcsock.c | 5 +- net/sunrpc/xprtsock.c | 8 +- net/tls/tls.h | 2 +- net/tls/tls_strp.c | 11 ++- net/tls/tls_sw.c | 3 +- net/vmw_vsock/virtio_transport.c | 2 +- net/wireless/mlme.c | 3 +- net/xfrm/xfrm_state.c | 74 ++++++++------ rust/Makefile | 13 ++- scripts/kconfig/gconf.c | 8 +- scripts/kconfig/lxdialog/inputbox.c | 6 +- scripts/kconfig/lxdialog/menubox.c | 2 +- scripts/kconfig/nconf.c | 2 + scripts/kconfig/nconf.gui.c | 1 + security/apparmor/domain.c | 52 +++++----- security/apparmor/file.c | 6 +- security/apparmor/include/lib.h | 6 +- security/inode.c | 2 - sound/core/pcm_native.c | 19 +++- sound/pci/hda/hda_codec.c | 44 +++------ sound/pci/hda/patch_ca0132.c | 2 +- sound/pci/hda/patch_realtek.c | 3 + sound/pci/intel8x0.c | 2 +- sound/soc/codecs/hdac_hdmi.c | 10 +- sound/soc/codecs/rt5640.c | 5 + sound/soc/fsl/fsl_sai.c | 20 ++-- sound/soc/intel/avs/core.c | 3 +- sound/soc/qcom/lpass-platform.c | 27 ++++-- sound/soc/soc-core.c | 3 + sound/soc/soc-dapm.c | 4 + sound/soc/sof/topology.c | 15 ++- sound/usb/mixer_quirks.c | 14 +-- sound/usb/stream.c | 25 ++++- sound/usb/validate.c | 12 +++ tools/bpf/bpftool/main.c | 6 +- tools/hv/hv_fcopy_uio_daemon.c | 91 ++++++++++++++++-- tools/include/nolibc/std.h | 4 +- tools/include/nolibc/types.h | 4 +- tools/lib/bpf/libbpf.c | 5 + .../cpupower/utils/idle_monitor/mperf_monitor.c | 4 +- tools/power/x86/turbostat/turbostat.c | 14 ++- tools/scripts/Makefile.include | 4 +- tools/testing/ktest/ktest.pl | 5 +- tools/testing/selftests/arm64/fp/sve-ptrace.c | 3 +- tools/testing/selftests/bpf/prog_tests/ringbuf.c | 4 +- .../selftests/bpf/prog_tests/user_ringbuf.c | 10 +- .../selftests/bpf/progs/test_ringbuf_write.c | 4 +- .../testing/selftests/bpf/progs/verifier_unpriv.c | 2 +- .../ftrace/test.d/ftrace/func-filter-glob.tc | 2 +- tools/testing/selftests/futex/include/futextest.h | 11 +++ tools/testing/selftests/net/netfilter/config | 2 +- tools/testing/selftests/vDSO/vdso_test_getrandom.c | 6 +- 465 files changed, 4138 insertions(+), 1792 deletions(-)

2 months, 3 weeks

12
13
0 0

[PATCH rtw-next 1/2] wifi: rtw89: fix use-after-free in rtw89_core_tx_kick_off_and_wait()

by Fedor Pchelkin

There is a bug observed when rtw89_core_tx_kick_off_and_wait() tries to access already freed skb_data: BUG: KFENCE: use-after-free write in rtw89_core_tx_kick_off_and_wait drivers/net/wireless/realtek/rtw89/core.c:1110 CPU: 6 UID: 0 PID: 41377 Comm: kworker/u64:24 Not tainted 6.17.0-rc1+ #1 PREEMPT(lazy) Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS edk2-20250523-14.fc42 05/23/2025 Workqueue: events_unbound cfg80211_wiphy_work [cfg80211] Use-after-free write at 0x0000000020309d9d (in kfence-#251): rtw89_core_tx_kick_off_and_wait drivers/net/wireless/realtek/rtw89/core.c:1110 rtw89_core_scan_complete drivers/net/wireless/realtek/rtw89/core.c:5338 rtw89_hw_scan_complete_cb drivers/net/wireless/realtek/rtw89/fw.c:7979 rtw89_chanctx_proceed_cb drivers/net/wireless/realtek/rtw89/chan.c:3165 rtw89_chanctx_proceed drivers/net/wireless/realtek/rtw89/chan.h:141 rtw89_hw_scan_complete drivers/net/wireless/realtek/rtw89/fw.c:8012 rtw89_mac_c2h_scanofld_rsp drivers/net/wireless/realtek/rtw89/mac.c:5059 rtw89_fw_c2h_work drivers/net/wireless/realtek/rtw89/fw.c:6758 process_one_work kernel/workqueue.c:3241 worker_thread kernel/workqueue.c:3400 kthread kernel/kthread.c:463 ret_from_fork arch/x86/kernel/process.c:154 ret_from_fork_asm arch/x86/entry/entry_64.S:258 kfence-#251: 0x0000000056e2393d-0x000000009943cb62, size=232, cache=skbuff_head_cache allocated by task 41377 on cpu 6 at 77869.159548s (0.009551s ago): __alloc_skb net/core/skbuff.c:659 __netdev_alloc_skb net/core/skbuff.c:734 ieee80211_nullfunc_get net/mac80211/tx.c:5844 rtw89_core_send_nullfunc drivers/net/wireless/realtek/rtw89/core.c:3431 rtw89_core_scan_complete drivers/net/wireless/realtek/rtw89/core.c:5338 rtw89_hw_scan_complete_cb drivers/net/wireless/realtek/rtw89/fw.c:7979 rtw89_chanctx_proceed_cb drivers/net/wireless/realtek/rtw89/chan.c:3165 rtw89_chanctx_proceed drivers/net/wireless/realtek/rtw89/chan.c:3194 rtw89_hw_scan_complete drivers/net/wireless/realtek/rtw89/fw.c:8012 rtw89_mac_c2h_scanofld_rsp drivers/net/wireless/realtek/rtw89/mac.c:5059 rtw89_fw_c2h_work drivers/net/wireless/realtek/rtw89/fw.c:6758 process_one_work kernel/workqueue.c:3241 worker_thread kernel/workqueue.c:3400 kthread kernel/kthread.c:463 ret_from_fork arch/x86/kernel/process.c:154 ret_from_fork_asm arch/x86/entry/entry_64.S:258 freed by task 1045 on cpu 9 at 77869.168393s (0.001557s ago): ieee80211_tx_status_skb net/mac80211/status.c:1117 rtw89_pci_release_txwd_skb drivers/net/wireless/realtek/rtw89/pci.c:564 rtw89_pci_release_tx_skbs.isra.0 drivers/net/wireless/realtek/rtw89/pci.c:651 rtw89_pci_release_tx drivers/net/wireless/realtek/rtw89/pci.c:676 rtw89_pci_napi_poll drivers/net/wireless/realtek/rtw89/pci.c:4238 __napi_poll net/core/dev.c:7495 net_rx_action net/core/dev.c:7557 net/core/dev.c:7684 handle_softirqs kernel/softirq.c:580 do_softirq.part.0 kernel/softirq.c:480 __local_bh_enable_ip kernel/softirq.c:407 rtw89_pci_interrupt_threadfn drivers/net/wireless/realtek/rtw89/pci.c:927 irq_thread_fn kernel/irq/manage.c:1133 irq_thread kernel/irq/manage.c:1257 kthread kernel/kthread.c:463 ret_from_fork arch/x86/kernel/process.c:154 ret_from_fork_asm arch/x86/entry/entry_64.S:258 It is a consequence of a race between the waiting and the signalling side of the completion: Thread 1 Thread 2 rtw89_core_tx_kick_off_and_wait() rcu_assign_pointer(skb_data->wait, wait) /* start waiting */ wait_for_completion_timeout() rtw89_pci_tx_status() rtw89_core_tx_wait_complete() rcu_read_lock() /* signals completion and * proceeds further */ complete(&wait->completion) rcu_read_unlock() ... /* frees skb_data */ ieee80211_tx_status_ni() /* returns (exit status doesn't matter) */ wait_for_completion_timeout() ... /* accesses the already freed skb_data */ rcu_assign_pointer(skb_data->wait, NULL) The signalling side might proceed and free the underlying skb even before the waiting side is fully awoken and run to execution. RCU synchronization here would work well if the signalling side didn't go on and release skb on its own. Thus the waiting side should be told somehow about what is happening on the completion side. It seems the only correct way is to use standard locking primitives with owner tracking, like was originally published in one [1] of the versions of the patch mentioned in Fixes. [1]: https://lore.kernel.org/linux-wireless/20230404025259.15503-3-pkshih@realte… Found by Linux Verification Center (linuxtesting.org). Fixes: 1ae5ca615285 ("wifi: rtw89: add function to wait for completion of TX skbs") Cc: stable(a)vger.kernel.org Signed-off-by: Fedor Pchelkin <pchelkin(a)ispras.ru> --- The bug is tricky because the waiter-completer interaction isn't simple here. I've tried to come up with something that wouldn't require taking additional locks at rtw89_core_tx_wait_complete() but these ideas don't eliminate the possible race entirely, to my mind. Though one solution that _works_ currently is to get rid of 'struct rtw89_tx_wait_info' and replace it with the only field it is used for - 'bool tx_done'. Then it can be stored at 'struct ieee80211_tx_info::status::status_driver_data' directly without the need for allocating an extra dynamic object and tracking its lifecycle. I didn't post this since then the structure won't be expandable for new fields and that's probably the reason for why it wasn't done in this manner initially. drivers/net/wireless/realtek/rtw89/core.c | 15 ++++++++--- drivers/net/wireless/realtek/rtw89/core.h | 32 ++++++++++++++--------- drivers/net/wireless/realtek/rtw89/pci.c | 6 +++-- 3 files changed, 36 insertions(+), 17 deletions(-) diff --git a/drivers/net/wireless/realtek/rtw89/core.c b/drivers/net/wireless/realtek/rtw89/core.c index 57590f5577a3..826540319027 100644 --- a/drivers/net/wireless/realtek/rtw89/core.c +++ b/drivers/net/wireless/realtek/rtw89/core.c @@ -1088,6 +1088,7 @@ int rtw89_core_tx_kick_off_and_wait(struct rtw89_dev *rtwdev, struct sk_buff *sk struct rtw89_tx_skb_data *skb_data = RTW89_TX_SKB_CB(skb); struct rtw89_tx_wait_info *wait; unsigned long time_left; + bool free_wait = true; int ret = 0; wait = kzalloc(sizeof(*wait), GFP_KERNEL); @@ -1097,7 +1098,8 @@ int rtw89_core_tx_kick_off_and_wait(struct rtw89_dev *rtwdev, struct sk_buff *sk } init_completion(&wait->completion); - rcu_assign_pointer(skb_data->wait, wait); + spin_lock_init(&wait->owner_lock); + skb_data->wait = wait; rtw89_core_tx_kick_off(rtwdev, qsel); time_left = wait_for_completion_timeout(&wait->completion, @@ -1107,8 +1109,15 @@ int rtw89_core_tx_kick_off_and_wait(struct rtw89_dev *rtwdev, struct sk_buff *sk else if (!wait->tx_done) ret = -EAGAIN; - rcu_assign_pointer(skb_data->wait, NULL); - kfree_rcu(wait, rcu_head); + spin_lock_bh(&wait->owner_lock); + if (time_left == 0 && wait->owner != RTW89_TX_WAIT_OWNER_WAIT) { + free_wait = false; + wait->owner = RTW89_TX_WAIT_OWNER_COMPLETE; + } + spin_unlock_bh(&wait->owner_lock); + + if (free_wait) + kfree(wait); return ret; } diff --git a/drivers/net/wireless/realtek/rtw89/core.h b/drivers/net/wireless/realtek/rtw89/core.h index 43e10278e14d..0117f24324d5 100644 --- a/drivers/net/wireless/realtek/rtw89/core.h +++ b/drivers/net/wireless/realtek/rtw89/core.h @@ -3506,14 +3506,21 @@ struct rtw89_phy_rate_pattern { bool enable; }; +enum rtw89_tx_wait_owner { + RTW89_TX_WAIT_OWNER_UNDET, + RTW89_TX_WAIT_OWNER_WAIT, + RTW89_TX_WAIT_OWNER_COMPLETE, +}; + struct rtw89_tx_wait_info { - struct rcu_head rcu_head; struct completion completion; bool tx_done; + spinlock_t owner_lock; /* lock to access owner */ + enum rtw89_tx_wait_owner owner; }; struct rtw89_tx_skb_data { - struct rtw89_tx_wait_info __rcu *wait; + struct rtw89_tx_wait_info *wait; u8 hci_priv[]; }; @@ -7259,22 +7266,23 @@ static inline struct sk_buff *rtw89_alloc_skb_for_rx(struct rtw89_dev *rtwdev, } static inline void rtw89_core_tx_wait_complete(struct rtw89_dev *rtwdev, - struct rtw89_tx_skb_data *skb_data, + struct rtw89_tx_wait_info *wait, bool tx_done) { - struct rtw89_tx_wait_info *wait; - - rcu_read_lock(); - - wait = rcu_dereference(skb_data->wait); - if (!wait) - goto out; + bool free_wait = true; wait->tx_done = tx_done; + + spin_lock_bh(&wait->owner_lock); complete(&wait->completion); + if (wait->owner != RTW89_TX_WAIT_OWNER_COMPLETE) { + free_wait = false; + wait->owner = RTW89_TX_WAIT_OWNER_WAIT; + } + spin_unlock_bh(&wait->owner_lock); -out: - rcu_read_unlock(); + if (free_wait) + kfree(wait); } static inline bool rtw89_is_mlo_1_1(struct rtw89_dev *rtwdev) diff --git a/drivers/net/wireless/realtek/rtw89/pci.c b/drivers/net/wireless/realtek/rtw89/pci.c index a669f2f843aa..d9d4558b21ea 100644 --- a/drivers/net/wireless/realtek/rtw89/pci.c +++ b/drivers/net/wireless/realtek/rtw89/pci.c @@ -462,9 +462,11 @@ static void rtw89_pci_tx_status(struct rtw89_dev *rtwdev, struct sk_buff *skb, u8 tx_status) { struct rtw89_tx_skb_data *skb_data = RTW89_TX_SKB_CB(skb); + struct rtw89_tx_wait_info *wait = skb_data->wait; struct ieee80211_tx_info *info; - rtw89_core_tx_wait_complete(rtwdev, skb_data, tx_status == RTW89_TX_DONE); + if (wait) + rtw89_core_tx_wait_complete(rtwdev, wait, tx_status == RTW89_TX_DONE); info = IEEE80211_SKB_CB(skb); ieee80211_tx_info_clear_status(info); @@ -1387,7 +1389,7 @@ static int rtw89_pci_txwd_submit(struct rtw89_dev *rtwdev, } tx_data->dma = dma; - rcu_assign_pointer(skb_data->wait, NULL); + skb_data->wait = NULL; txwp_len = sizeof(*txwp_info); txwd_len = chip->txwd_body_size; -- 2.50.1

2 months, 3 weeks

2
3
0 0

[PATCH] btrfs: do more strict compressed read merge check

by Qu Wenruo

[BUG] When running test case generic/457, there is a chance to hit the following error, with 64K page size and 4K btrfs block size, and "compress=zstd" mount option: FSTYP -- btrfs PLATFORM -- Linux/aarch64 btrfs-aarch64 6.17.0-rc2-custom+ #129 SMP PREEMPT_DYNAMIC Wed Aug 20 18:52:51 ACST 2025 MKFS_OPTIONS -- -s 4k /dev/mapper/test-scratch1 MOUNT_OPTIONS -- -o compress=zstd /dev/mapper/test-scratch1 /mnt/scratch generic/457 2s ... [failed, exit status 1]- output mismatch (see /home/adam/xfstests-dev/results//generic/457.out.bad) --- tests/generic/457.out 2024-04-25 18:13:45.160550980 +0930 +++ /home/adam/xfstests-dev/results//generic/457.out.bad 2025-08-22 16:09:41.039352391 +0930 @@ -1,2 +1,3 @@ QA output created by 457 -Silence is golden +testfile6 end md5sum mismatched +(see /home/adam/xfstests-dev/results//generic/457.full for details) ... (Run 'diff -u /home/adam/xfstests-dev/tests/generic/457.out /home/adam/xfstests-dev/results//generic/457.out.bad' to see the entire diff) The root problem is, after certain fsx operations the file contents change just after a mount cycle. There is a much smaller reproducer based on that test case, which I mainly used to debug the bug: workload() { mkfs.btrfs -f $dev > /dev/null dmesg -C trace-cmd clear mount -o compress=zstd $dev $mnt xfs_io -f -c "pwrite -S 0xff 0 256K" -c "sync" $mnt/base > /dev/null cp --reflink=always -p -f $mnt/base $mnt/file $fsx -N 4 -d -k -S 3746842 $mnt/file if [ $? -ne 0 ]; then echo "!!! FSX FAILURE !!!" fail fi csum_before=$(_md5_checksum $mnt/file) stop_trace umount $mnt mount $dev $mnt csum_after=$(_md5_checksum $mnt/file) umount $mnt if [ "$csum_before" != "$csum_after" ]; then echo "!!! CSUM MISMATCH !!!" fail fi } This seed value will cause 100% reproducible csum mismatch after a mount cycle. [CAUSE] With extra debug trace_printk(), the following sequence can explain the root cause: fsx-3900290 [002] ..... 161696.160966: btrfs_submit_compressed_read: r/i=5/258 file_off=131072 em start=126976 len=16384 The "r/i" is showing the root id and the ino number. In this case, my minimal reproducer is indeed using inode 258 of subvolume 5, and that's the inode with changing contents. The above trace is from the function btrfs_submit_compressed_read(), triggered by fsx to read the folio at file offset 128K. Notice that the extent map, it's at offset 124K, with a length of 16K. This means the extent map only covers the first 12K (3 blocks) of the folio 128K. fsx-3900290 [002] ..... 161696.160969: trace_dump_cb: btrfs_submit_compressed_read, r/i=5/258 file off start=131072 len=65536 bi_size=65536 This is the line I used to dump the basic info of a bbio, which shows the bi_size is 64K, aka covering the whole 64K folio at file offset 128K. But remember, the extent map only covers 3 blocks, definitely not enough to cover the whole 64K folio at 128K file offset. kworker/u19:1-3748349 [002] ..... 161696.161154: btrfs_decompress_buf2page: r/i=5/258 file_off=131072 copy_len=4096 content=ffff kworker/u19:1-3748349 [002] ..... 161696.161155: btrfs_decompress_buf2page: r/i=5/258 file_off=135168 copy_len=4096 content=ffff kworker/u19:1-3748349 [002] ..... 161696.161156: btrfs_decompress_buf2page: r/i=5/258 file_off=139264 copy_len=4096 content=ffff kworker/u19:1-3748349 [002] ..... 161696.161157: btrfs_decompress_buf2page: r/i=5/258 file_off=143360 copy_len=4096 content=ffff The above lines show that btrfs_decompress_buf2page() called by zstd decompress code is copying the decompressed content into the filemap. But notice that, the last line is already beyond the extent map range. Furthermore, there are no more compressed content copy, as the compressed bio only has the extent map to cover the first 3 blocks (the 4th block copy is already incorrect). kworker/u19:1-3748349 [002] ..... 161696.161161: trace_dump_cb: r/i=5/258 file_pos=131072 content=ffff kworker/u19:1-3748349 [002] ..... 161696.161161: trace_dump_cb: r/i=5/258 file_pos=135168 content=ffff kworker/u19:1-3748349 [002] ..... 161696.161162: trace_dump_cb: r/i=5/258 file_pos=139264 content=ffff kworker/u19:1-3748349 [002] ..... 161696.161162: trace_dump_cb: r/i=5/258 file_pos=143360 content=ffff kworker/u19:1-3748349 [002] ..... 161696.161162: trace_dump_cb: r/i=5/258 file_pos=147456 content=0000 This is the extra dumpping of the compressed bio, after file offset 140K (143360), the content is all zero, which is incorrect. The zero is there because we didn't copy anything into the folio. The root cause of the corruption is, we are submitting a compressed read for a whole folio, but the extent map we get only covers the first 3 blocks, meaning the compressed read path is merging reads that shouldn't be merged. The involved file extents are: item 19 key (258 EXTENT_DATA 126976) itemoff 15143 itemsize 53 generation 9 type 1 (regular) extent data disk byte 13635584 nr 4096 extent data offset 110592 nr 16384 ram 131072 extent compression 3 (zstd) item 20 key (258 EXTENT_DATA 143360) itemoff 15090 itemsize 53 generation 9 type 1 (regular) extent data disk byte 13635584 nr 4096 extent data offset 12288 nr 24576 ram 131072 extent compression 3 (zstd) Note that, both extents at 124K and 140K are pointing to the same compressed extent, but with different offset. This means, we reads of range [124K, 140K) and [140K, 165K) should not be merged. But read merge check function, btrfs_bio_is_contig(), is only checking the disk_bytenr of two compressed reads, as there are not enough info like the involved extent maps to do more comprehensive checks, resulting the incorrect compressed read. Unfortunately this is a long existing bug, way before subpage block size support. But subpage block size support (and experimental large folio support) makes it much easier to detect. If block size equals page size, regular page read will only read one block each time, thus no extent map sharing nor merge. (This means for bs == ps cases, it's still possible to hit the bug with readahead, just we don't have test coverage with content verification for readahead) [FIX] Save the last hit compressed extent map into btrfs_bio_ctrl, and check if the last compressed extent map is completely the same as the current one. If not, force submitting the current bio, so that the read will never be merged. And after submitting a bio, clear btrfs_bio_ctrl::last_compressed_em to avoid incorrect detection. CC: stable(a)vger.kernel.org Signed-off-by: Qu Wenruo <wqu(a)suse.com> --- fs/btrfs/extent_io.c | 48 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) diff --git a/fs/btrfs/extent_io.c b/fs/btrfs/extent_io.c index 0c12fd64a1f3..bc42b88b10ed 100644 --- a/fs/btrfs/extent_io.c +++ b/fs/btrfs/extent_io.c @@ -131,6 +131,13 @@ struct btrfs_bio_ctrl { */ unsigned long submit_bitmap; struct readahead_control *ractl; + + /* + * The extent map of the last hit compressed extent map. + * The current btrfs_bio_is_contig() doesn't have enough info to + * determine if we can really merge compressed read. + */ + struct extent_map last_compressed_em; }; /* @@ -957,6 +964,37 @@ static void btrfs_readahead_expand(struct readahead_control *ractl, readahead_expand(ractl, ra_pos, em_end - ra_pos); } +static void save_compressed_em(struct btrfs_bio_ctrl *bio_ctrl, + const struct extent_map *em) +{ + if (btrfs_extent_map_compression(em) == BTRFS_COMPRESS_NONE) + return; + memcpy(&bio_ctrl->last_compressed_em, em, sizeof(*em)); +} + +static bool is_same_compressed_em(struct btrfs_bio_ctrl *bio_ctrl, + const struct extent_map *em) +{ + const struct extent_map *cur_em = &bio_ctrl->last_compressed_em; + + /* + * Only if the em is completely the same as the previous one we cna merge + * the current folio in the read bio. + * + * If such merge happened incorrectly, we will have a bio which is + * larger than the compressed bio, resulting the tailing part not to be + * read out correctly. + */ + if (em->flags != cur_em->flags || + em->start != cur_em->start || + em->len != cur_em->len || + em->disk_bytenr != cur_em->disk_bytenr || + em->disk_num_bytes != cur_em->disk_num_bytes || + em->offset != cur_em->offset) + return false; + return true; +} + /* * basic readpage implementation. Locked extent state structs are inserted * into the tree that are removed when the IO is done (by the end_io @@ -1080,9 +1118,19 @@ static int btrfs_do_readpage(struct folio *folio, struct extent_map **em_cached, *prev_em_start != em->start) force_bio_submit = true; + /* + * We must ensure we only merge compressed read when the current + * extent map matches the previous one exactly. + */ + if (compress_type != BTRFS_COMPRESS_NONE) { + if (!is_same_compressed_em(bio_ctrl, em)) + force_bio_submit = true; + } + if (prev_em_start) *prev_em_start = em->start; + save_compressed_em(bio_ctrl, em); em_gen = em->generation; btrfs_free_extent_map(em); em = NULL; -- 2.50.1

2 months, 3 weeks

1
0
0 0

[PATCH 5.15.y 1/2] scsi: ufs: ufs-pci: Fix hibernate state transition for Intel MTL-like host controllers

by Adrian Hunter

From: Archana Patni <archana.patni(a)intel.com> commit 4428ddea832cfdb63e476eb2e5c8feb5d36057fe upstream. UFSHCD core disables the UIC completion interrupt when issuing UIC hibernation commands, and re-enables it afterwards if it was enabled to start with, refer ufshcd_uic_pwr_ctrl(). For Intel MTL-like host controllers, accessing the register to re-enable the interrupt disrupts the state transition. Use hibern8_notify variant operation to disable the interrupt during the entire hibernation, thereby preventing the disruption. Fixes: 4049f7acef3e ("scsi: ufs: ufs-pci: Add support for Intel MTL") Cc: stable(a)vger.kernel.org Signed-off-by: Archana Patni <archana.patni(a)intel.com> Link: https://lore.kernel.org/r/20250723165856.145750-2-adrian.hunter@intel.com Reviewed-by: Bart Van Assche <bvanassche(a)acm.org> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> Signed-off-by: Adrian Hunter <adrian.hunter(a)intel.com> --- drivers/scsi/ufs/ufshcd-pci.c | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/drivers/scsi/ufs/ufshcd-pci.c b/drivers/scsi/ufs/ufshcd-pci.c index 0920530a72d2..11071c132c1d 100644 --- a/drivers/scsi/ufs/ufshcd-pci.c +++ b/drivers/scsi/ufs/ufshcd-pci.c @@ -203,6 +203,32 @@ static int ufs_intel_lkf_apply_dev_quirks(struct ufs_hba *hba) return ret; } +static void ufs_intel_ctrl_uic_compl(struct ufs_hba *hba, bool enable) +{ + u32 set = ufshcd_readl(hba, REG_INTERRUPT_ENABLE); + + if (enable) + set |= UIC_COMMAND_COMPL; + else + set &= ~UIC_COMMAND_COMPL; + ufshcd_writel(hba, set, REG_INTERRUPT_ENABLE); +} + +static void ufs_intel_mtl_h8_notify(struct ufs_hba *hba, + enum uic_cmd_dme cmd, + enum ufs_notify_change_status status) +{ + /* + * Disable UIC COMPL INTR to prevent access to UFSHCI after + * checking HCS.UPMCRS + */ + if (status == PRE_CHANGE && cmd == UIC_CMD_DME_HIBER_ENTER) + ufs_intel_ctrl_uic_compl(hba, false); + + if (status == POST_CHANGE && cmd == UIC_CMD_DME_HIBER_EXIT) + ufs_intel_ctrl_uic_compl(hba, true); +} + #define INTEL_ACTIVELTR 0x804 #define INTEL_IDLELTR 0x808 @@ -476,6 +502,7 @@ static struct ufs_hba_variant_ops ufs_intel_mtl_hba_vops = { .init = ufs_intel_mtl_init, .exit = ufs_intel_common_exit, .hce_enable_notify = ufs_intel_hce_enable_notify, + .hibern8_notify = ufs_intel_mtl_h8_notify, .link_startup_notify = ufs_intel_link_startup_notify, .resume = ufs_intel_resume, .device_reset = ufs_intel_device_reset, -- 2.48.1

2 months, 3 weeks

1
1
0 0

[PATCH v2] iommu/virtio: Make instance lookup robust

by Robin Murphy

Much like arm-smmu in commit 7d835134d4e1 ("iommu/arm-smmu: Make instance lookup robust"), virtio-iommu appears to have the same issue where iommu_device_register() makes the IOMMU instance visible to other API callers (including itself) straight away, but internally the instance isn't ready to recognise itself for viommu_probe_device() to work correctly until after viommu_probe() has returned. This matters a lot more now that bus_iommu_probe() has the DT/VIOT knowledge to probe client devices the way that was always intended. Tweak the lookup and initialisation in much the same way as for arm-smmu, to ensure that what we register is functional and ready to go. Cc: stable(a)vger.kernel.org Fixes: bcb81ac6ae3c ("iommu: Get DT/ACPI parsing into the proper probe path") Signed-off-by: Robin Murphy <robin.murphy(a)arm.com> --- v2: Of course generic bus_find_device_by_fwnode() didn't work, since it's dev->parent we need to check rather than dev itself, sigh... --- drivers/iommu/virtio-iommu.c | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/drivers/iommu/virtio-iommu.c b/drivers/iommu/virtio-iommu.c index 532db1de201b..b39d6f134ab2 100644 --- a/drivers/iommu/virtio-iommu.c +++ b/drivers/iommu/virtio-iommu.c @@ -998,8 +998,7 @@ static void viommu_get_resv_regions(struct device *dev, struct list_head *head) iommu_dma_get_resv_regions(dev, head); } -static const struct iommu_ops viommu_ops; -static struct virtio_driver virtio_iommu_drv; +static const struct bus_type *virtio_bus_type; static int viommu_match_node(struct device *dev, const void *data) { @@ -1008,8 +1007,9 @@ static int viommu_match_node(struct device *dev, const void *data) static struct viommu_dev *viommu_get_by_fwnode(struct fwnode_handle *fwnode) { - struct device *dev = driver_find_device(&virtio_iommu_drv.driver, NULL, - fwnode, viommu_match_node); + struct device *dev = bus_find_device(virtio_bus_type, NULL, fwnode, + viommu_match_node); + put_device(dev); return dev ? dev_to_virtio(dev)->priv : NULL; @@ -1160,6 +1160,9 @@ static int viommu_probe(struct virtio_device *vdev) if (!viommu) return -ENOMEM; + /* Borrow this for easy lookups later */ + virtio_bus_type = dev->bus; + spin_lock_init(&viommu->request_lock); ida_init(&viommu->domain_ids); viommu->dev = dev; @@ -1229,10 +1232,10 @@ static int viommu_probe(struct virtio_device *vdev) if (ret) goto err_free_vqs; - iommu_device_register(&viommu->iommu, &viommu_ops, parent_dev); - vdev->priv = viommu; + iommu_device_register(&viommu->iommu, &viommu_ops, parent_dev); + dev_info(dev, "input address: %u bits\n", order_base_2(viommu->geometry.aperture_end)); dev_info(dev, "page mask: %#llx\n", viommu->pgsize_bitmap); -- 2.39.2.101.g768bb238c484.dirty

2 months, 3 weeks

3
3
0 0

FAILED: patch "[PATCH] selftests: mptcp: pm: check flush doesn't reset limits" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 452690be7de2f91cc0de68cb9e95252875b33503 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082203-grove-rental-5243@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 452690be7de2f91cc0de68cb9e95252875b33503 Mon Sep 17 00:00:00 2001 From: "Matthieu Baerts (NGI0)" <matttbe(a)kernel.org> Date: Fri, 15 Aug 2025 19:28:21 +0200 Subject: [PATCH] selftests: mptcp: pm: check flush doesn't reset limits This modification is linked to the parent commit where the received ADD_ADDR limit was accidentally reset when the endpoints were flushed. To validate that, the test is now flushing endpoints after having set new limits, and before checking them. The 'Fixes' tag here below is the same as the one from the previous commit: this patch here is not fixing anything wrong in the selftests, but it validates the previous fix for an issue introduced by this commit ID. Fixes: 01cacb00b35c ("mptcp: add netlink-based PM") Cc: stable(a)vger.kernel.org Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Link: https://patch.msgid.link/20250815-net-mptcp-misc-fixes-6-17-rc2-v1-3-521fe9… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/tools/testing/selftests/net/mptcp/pm_netlink.sh b/tools/testing/selftests/net/mptcp/pm_netlink.sh index 2e6648a2b2c0..ac7ec6f94023 100755 --- a/tools/testing/selftests/net/mptcp/pm_netlink.sh +++ b/tools/testing/selftests/net/mptcp/pm_netlink.sh @@ -198,6 +198,7 @@ set_limits 1 9 2>/dev/null check "get_limits" "${default_limits}" "subflows above hard limit" set_limits 8 8 +flush_endpoint ## to make sure it doesn't affect the limits check "get_limits" "$(format_limits 8 8)" "set limits" flush_endpoint

2 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] selftests: mptcp: pm: check flush doesn't reset limits" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 452690be7de2f91cc0de68cb9e95252875b33503 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082257-decal-riverboat-5ede@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 452690be7de2f91cc0de68cb9e95252875b33503 Mon Sep 17 00:00:00 2001 From: "Matthieu Baerts (NGI0)" <matttbe(a)kernel.org> Date: Fri, 15 Aug 2025 19:28:21 +0200 Subject: [PATCH] selftests: mptcp: pm: check flush doesn't reset limits This modification is linked to the parent commit where the received ADD_ADDR limit was accidentally reset when the endpoints were flushed. To validate that, the test is now flushing endpoints after having set new limits, and before checking them. The 'Fixes' tag here below is the same as the one from the previous commit: this patch here is not fixing anything wrong in the selftests, but it validates the previous fix for an issue introduced by this commit ID. Fixes: 01cacb00b35c ("mptcp: add netlink-based PM") Cc: stable(a)vger.kernel.org Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Link: https://patch.msgid.link/20250815-net-mptcp-misc-fixes-6-17-rc2-v1-3-521fe9… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/tools/testing/selftests/net/mptcp/pm_netlink.sh b/tools/testing/selftests/net/mptcp/pm_netlink.sh index 2e6648a2b2c0..ac7ec6f94023 100755 --- a/tools/testing/selftests/net/mptcp/pm_netlink.sh +++ b/tools/testing/selftests/net/mptcp/pm_netlink.sh @@ -198,6 +198,7 @@ set_limits 1 9 2>/dev/null check "get_limits" "${default_limits}" "subflows above hard limit" set_limits 8 8 +flush_endpoint ## to make sure it doesn't affect the limits check "get_limits" "$(format_limits 8 8)" "set limits" flush_endpoint

2 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] selftests: mptcp: pm: check flush doesn't reset limits" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 452690be7de2f91cc0de68cb9e95252875b33503 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082256-enable-reusable-fcbd@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 452690be7de2f91cc0de68cb9e95252875b33503 Mon Sep 17 00:00:00 2001 From: "Matthieu Baerts (NGI0)" <matttbe(a)kernel.org> Date: Fri, 15 Aug 2025 19:28:21 +0200 Subject: [PATCH] selftests: mptcp: pm: check flush doesn't reset limits This modification is linked to the parent commit where the received ADD_ADDR limit was accidentally reset when the endpoints were flushed. To validate that, the test is now flushing endpoints after having set new limits, and before checking them. The 'Fixes' tag here below is the same as the one from the previous commit: this patch here is not fixing anything wrong in the selftests, but it validates the previous fix for an issue introduced by this commit ID. Fixes: 01cacb00b35c ("mptcp: add netlink-based PM") Cc: stable(a)vger.kernel.org Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Link: https://patch.msgid.link/20250815-net-mptcp-misc-fixes-6-17-rc2-v1-3-521fe9… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/tools/testing/selftests/net/mptcp/pm_netlink.sh b/tools/testing/selftests/net/mptcp/pm_netlink.sh index 2e6648a2b2c0..ac7ec6f94023 100755 --- a/tools/testing/selftests/net/mptcp/pm_netlink.sh +++ b/tools/testing/selftests/net/mptcp/pm_netlink.sh @@ -198,6 +198,7 @@ set_limits 1 9 2>/dev/null check "get_limits" "${default_limits}" "subflows above hard limit" set_limits 8 8 +flush_endpoint ## to make sure it doesn't affect the limits check "get_limits" "$(format_limits 8 8)" "set limits" flush_endpoint

2 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] cpuidle: governors: menu: Avoid selecting states with too" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 779b1a1cb13ae17028aeddb2fbbdba97357a1e15 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082226-jab-press-6046@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 779b1a1cb13ae17028aeddb2fbbdba97357a1e15 Mon Sep 17 00:00:00 2001 From: "Rafael J. Wysocki" <rafael.j.wysocki(a)intel.com> Date: Wed, 13 Aug 2025 12:25:58 +0200 Subject: [PATCH] cpuidle: governors: menu: Avoid selecting states with too much latency Occasionally, the exit latency of the idle state selected by the menu governor may exceed the PM QoS CPU wakeup latency limit. Namely, if the scheduler tick has been stopped already and predicted_ns is greater than the tick period length, the governor may return an idle state whose exit latency exceeds latency_req because that decision is made before checking the current idle state's exit latency. For instance, say that there are 3 idle states, 0, 1, and 2. For idle states 0 and 1, the exit latency is equal to the target residency and the values are 0 and 5 us, respectively. State 2 is deeper and has the exit latency and target residency of 200 us and 2 ms (which is greater than the tick period length), respectively. Say that predicted_ns is equal to TICK_NSEC and the PM QoS latency limit is 20 us. After the first two iterations of the main loop in menu_select(), idx becomes 1 and in the third iteration of it the target residency of the current state (state 2) is greater than predicted_ns. State 2 is not a polling one and predicted_ns is not less than TICK_NSEC, so the check on whether or not the tick has been stopped is done. Say that the tick has been stopped already and there are no imminent timers (that is, delta_tick is greater than the target residency of state 2). In that case, idx becomes 2 and it is returned immediately, but the exit latency of state 2 exceeds the latency limit. Address this issue by modifying the code to compare the exit latency of the current idle state (idle state i) with the latency limit before comparing its target residency with predicted_ns, which allows one more exit_latency_ns check that becomes redundant to be dropped. However, after the above change, latency_req cannot take the predicted_ns value any more, which takes place after commit 38f83090f515 ("cpuidle: menu: Remove iowait influence"), because it may cause a polling state to be returned prematurely. In the context of the previous example say that predicted_ns is 3000 and the PM QoS latency limit is still 20 us. Additionally, say that idle state 0 is a polling one. Moving the exit_latency_ns check before the target_residency_ns one causes the loop to terminate in the second iteration, before the target_residency_ns check, so idle state 0 will be returned even though previously state 1 would be returned if there were no imminent timers. For this reason, remove the assignment of the predicted_ns value to latency_req from the code. Fixes: 5ef499cd571c ("cpuidle: menu: Handle stopped tick more aggressively") Cc: 4.17+ <stable(a)vger.kernel.org> # 4.17+ Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> Reviewed-by: Christian Loehle <christian.loehle(a)arm.com> Link: https://patch.msgid.link/5043159.31r3eYUQgx@rafael.j.wysocki diff --git a/drivers/cpuidle/governors/menu.c b/drivers/cpuidle/governors/menu.c index 81306612a5c6..b2e3d0b0a116 100644 --- a/drivers/cpuidle/governors/menu.c +++ b/drivers/cpuidle/governors/menu.c @@ -287,20 +287,15 @@ static int menu_select(struct cpuidle_driver *drv, struct cpuidle_device *dev, return 0; } - if (tick_nohz_tick_stopped()) { - /* - * If the tick is already stopped, the cost of possible short - * idle duration misprediction is much higher, because the CPU - * may be stuck in a shallow idle state for a long time as a - * result of it. In that case say we might mispredict and use - * the known time till the closest timer event for the idle - * state selection. - */ - if (predicted_ns < TICK_NSEC) - predicted_ns = data->next_timer_ns; - } else if (latency_req > predicted_ns) { - latency_req = predicted_ns; - } + /* + * If the tick is already stopped, the cost of possible short idle + * duration misprediction is much higher, because the CPU may be stuck + * in a shallow idle state for a long time as a result of it. In that + * case, say we might mispredict and use the known time till the closest + * timer event for the idle state selection. + */ + if (tick_nohz_tick_stopped() && predicted_ns < TICK_NSEC) + predicted_ns = data->next_timer_ns; /* * Find the idle state with the lowest power while satisfying @@ -316,13 +311,15 @@ static int menu_select(struct cpuidle_driver *drv, struct cpuidle_device *dev, if (idx == -1) idx = i; /* first enabled state */ + if (s->exit_latency_ns > latency_req) + break; + if (s->target_residency_ns > predicted_ns) { /* * Use a physical idle state, not busy polling, unless * a timer is going to trigger soon enough. */ if ((drv->states[idx].flags & CPUIDLE_FLAG_POLLING) && - s->exit_latency_ns <= latency_req && s->target_residency_ns <= data->next_timer_ns) { predicted_ns = s->target_residency_ns; idx = i; @@ -354,8 +351,6 @@ static int menu_select(struct cpuidle_driver *drv, struct cpuidle_device *dev, return idx; } - if (s->exit_latency_ns > latency_req) - break; idx = i; }

2 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] cpuidle: governors: menu: Avoid selecting states with too" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 779b1a1cb13ae17028aeddb2fbbdba97357a1e15 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082225-daylight-confusing-9794@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 779b1a1cb13ae17028aeddb2fbbdba97357a1e15 Mon Sep 17 00:00:00 2001 From: "Rafael J. Wysocki" <rafael.j.wysocki(a)intel.com> Date: Wed, 13 Aug 2025 12:25:58 +0200 Subject: [PATCH] cpuidle: governors: menu: Avoid selecting states with too much latency Occasionally, the exit latency of the idle state selected by the menu governor may exceed the PM QoS CPU wakeup latency limit. Namely, if the scheduler tick has been stopped already and predicted_ns is greater than the tick period length, the governor may return an idle state whose exit latency exceeds latency_req because that decision is made before checking the current idle state's exit latency. For instance, say that there are 3 idle states, 0, 1, and 2. For idle states 0 and 1, the exit latency is equal to the target residency and the values are 0 and 5 us, respectively. State 2 is deeper and has the exit latency and target residency of 200 us and 2 ms (which is greater than the tick period length), respectively. Say that predicted_ns is equal to TICK_NSEC and the PM QoS latency limit is 20 us. After the first two iterations of the main loop in menu_select(), idx becomes 1 and in the third iteration of it the target residency of the current state (state 2) is greater than predicted_ns. State 2 is not a polling one and predicted_ns is not less than TICK_NSEC, so the check on whether or not the tick has been stopped is done. Say that the tick has been stopped already and there are no imminent timers (that is, delta_tick is greater than the target residency of state 2). In that case, idx becomes 2 and it is returned immediately, but the exit latency of state 2 exceeds the latency limit. Address this issue by modifying the code to compare the exit latency of the current idle state (idle state i) with the latency limit before comparing its target residency with predicted_ns, which allows one more exit_latency_ns check that becomes redundant to be dropped. However, after the above change, latency_req cannot take the predicted_ns value any more, which takes place after commit 38f83090f515 ("cpuidle: menu: Remove iowait influence"), because it may cause a polling state to be returned prematurely. In the context of the previous example say that predicted_ns is 3000 and the PM QoS latency limit is still 20 us. Additionally, say that idle state 0 is a polling one. Moving the exit_latency_ns check before the target_residency_ns one causes the loop to terminate in the second iteration, before the target_residency_ns check, so idle state 0 will be returned even though previously state 1 would be returned if there were no imminent timers. For this reason, remove the assignment of the predicted_ns value to latency_req from the code. Fixes: 5ef499cd571c ("cpuidle: menu: Handle stopped tick more aggressively") Cc: 4.17+ <stable(a)vger.kernel.org> # 4.17+ Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> Reviewed-by: Christian Loehle <christian.loehle(a)arm.com> Link: https://patch.msgid.link/5043159.31r3eYUQgx@rafael.j.wysocki diff --git a/drivers/cpuidle/governors/menu.c b/drivers/cpuidle/governors/menu.c index 81306612a5c6..b2e3d0b0a116 100644 --- a/drivers/cpuidle/governors/menu.c +++ b/drivers/cpuidle/governors/menu.c @@ -287,20 +287,15 @@ static int menu_select(struct cpuidle_driver *drv, struct cpuidle_device *dev, return 0; } - if (tick_nohz_tick_stopped()) { - /* - * If the tick is already stopped, the cost of possible short - * idle duration misprediction is much higher, because the CPU - * may be stuck in a shallow idle state for a long time as a - * result of it. In that case say we might mispredict and use - * the known time till the closest timer event for the idle - * state selection. - */ - if (predicted_ns < TICK_NSEC) - predicted_ns = data->next_timer_ns; - } else if (latency_req > predicted_ns) { - latency_req = predicted_ns; - } + /* + * If the tick is already stopped, the cost of possible short idle + * duration misprediction is much higher, because the CPU may be stuck + * in a shallow idle state for a long time as a result of it. In that + * case, say we might mispredict and use the known time till the closest + * timer event for the idle state selection. + */ + if (tick_nohz_tick_stopped() && predicted_ns < TICK_NSEC) + predicted_ns = data->next_timer_ns; /* * Find the idle state with the lowest power while satisfying @@ -316,13 +311,15 @@ static int menu_select(struct cpuidle_driver *drv, struct cpuidle_device *dev, if (idx == -1) idx = i; /* first enabled state */ + if (s->exit_latency_ns > latency_req) + break; + if (s->target_residency_ns > predicted_ns) { /* * Use a physical idle state, not busy polling, unless * a timer is going to trigger soon enough. */ if ((drv->states[idx].flags & CPUIDLE_FLAG_POLLING) && - s->exit_latency_ns <= latency_req && s->target_residency_ns <= data->next_timer_ns) { predicted_ns = s->target_residency_ns; idx = i; @@ -354,8 +351,6 @@ static int menu_select(struct cpuidle_driver *drv, struct cpuidle_device *dev, return idx; } - if (s->exit_latency_ns > latency_req) - break; idx = i; }

2 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] cpuidle: governors: menu: Avoid selecting states with too" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 779b1a1cb13ae17028aeddb2fbbdba97357a1e15 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082218-twine-jailhouse-91b9@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 779b1a1cb13ae17028aeddb2fbbdba97357a1e15 Mon Sep 17 00:00:00 2001 From: "Rafael J. Wysocki" <rafael.j.wysocki(a)intel.com> Date: Wed, 13 Aug 2025 12:25:58 +0200 Subject: [PATCH] cpuidle: governors: menu: Avoid selecting states with too much latency Occasionally, the exit latency of the idle state selected by the menu governor may exceed the PM QoS CPU wakeup latency limit. Namely, if the scheduler tick has been stopped already and predicted_ns is greater than the tick period length, the governor may return an idle state whose exit latency exceeds latency_req because that decision is made before checking the current idle state's exit latency. For instance, say that there are 3 idle states, 0, 1, and 2. For idle states 0 and 1, the exit latency is equal to the target residency and the values are 0 and 5 us, respectively. State 2 is deeper and has the exit latency and target residency of 200 us and 2 ms (which is greater than the tick period length), respectively. Say that predicted_ns is equal to TICK_NSEC and the PM QoS latency limit is 20 us. After the first two iterations of the main loop in menu_select(), idx becomes 1 and in the third iteration of it the target residency of the current state (state 2) is greater than predicted_ns. State 2 is not a polling one and predicted_ns is not less than TICK_NSEC, so the check on whether or not the tick has been stopped is done. Say that the tick has been stopped already and there are no imminent timers (that is, delta_tick is greater than the target residency of state 2). In that case, idx becomes 2 and it is returned immediately, but the exit latency of state 2 exceeds the latency limit. Address this issue by modifying the code to compare the exit latency of the current idle state (idle state i) with the latency limit before comparing its target residency with predicted_ns, which allows one more exit_latency_ns check that becomes redundant to be dropped. However, after the above change, latency_req cannot take the predicted_ns value any more, which takes place after commit 38f83090f515 ("cpuidle: menu: Remove iowait influence"), because it may cause a polling state to be returned prematurely. In the context of the previous example say that predicted_ns is 3000 and the PM QoS latency limit is still 20 us. Additionally, say that idle state 0 is a polling one. Moving the exit_latency_ns check before the target_residency_ns one causes the loop to terminate in the second iteration, before the target_residency_ns check, so idle state 0 will be returned even though previously state 1 would be returned if there were no imminent timers. For this reason, remove the assignment of the predicted_ns value to latency_req from the code. Fixes: 5ef499cd571c ("cpuidle: menu: Handle stopped tick more aggressively") Cc: 4.17+ <stable(a)vger.kernel.org> # 4.17+ Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> Reviewed-by: Christian Loehle <christian.loehle(a)arm.com> Link: https://patch.msgid.link/5043159.31r3eYUQgx@rafael.j.wysocki diff --git a/drivers/cpuidle/governors/menu.c b/drivers/cpuidle/governors/menu.c index 81306612a5c6..b2e3d0b0a116 100644 --- a/drivers/cpuidle/governors/menu.c +++ b/drivers/cpuidle/governors/menu.c @@ -287,20 +287,15 @@ static int menu_select(struct cpuidle_driver *drv, struct cpuidle_device *dev, return 0; } - if (tick_nohz_tick_stopped()) { - /* - * If the tick is already stopped, the cost of possible short - * idle duration misprediction is much higher, because the CPU - * may be stuck in a shallow idle state for a long time as a - * result of it. In that case say we might mispredict and use - * the known time till the closest timer event for the idle - * state selection. - */ - if (predicted_ns < TICK_NSEC) - predicted_ns = data->next_timer_ns; - } else if (latency_req > predicted_ns) { - latency_req = predicted_ns; - } + /* + * If the tick is already stopped, the cost of possible short idle + * duration misprediction is much higher, because the CPU may be stuck + * in a shallow idle state for a long time as a result of it. In that + * case, say we might mispredict and use the known time till the closest + * timer event for the idle state selection. + */ + if (tick_nohz_tick_stopped() && predicted_ns < TICK_NSEC) + predicted_ns = data->next_timer_ns; /* * Find the idle state with the lowest power while satisfying @@ -316,13 +311,15 @@ static int menu_select(struct cpuidle_driver *drv, struct cpuidle_device *dev, if (idx == -1) idx = i; /* first enabled state */ + if (s->exit_latency_ns > latency_req) + break; + if (s->target_residency_ns > predicted_ns) { /* * Use a physical idle state, not busy polling, unless * a timer is going to trigger soon enough. */ if ((drv->states[idx].flags & CPUIDLE_FLAG_POLLING) && - s->exit_latency_ns <= latency_req && s->target_residency_ns <= data->next_timer_ns) { predicted_ns = s->target_residency_ns; idx = i; @@ -354,8 +351,6 @@ static int menu_select(struct cpuidle_driver *drv, struct cpuidle_device *dev, return idx; } - if (s->exit_latency_ns > latency_req) - break; idx = i; }

2 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] cpuidle: governors: menu: Avoid selecting states with too" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 779b1a1cb13ae17028aeddb2fbbdba97357a1e15 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082217-sabbath-economist-f935@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 779b1a1cb13ae17028aeddb2fbbdba97357a1e15 Mon Sep 17 00:00:00 2001 From: "Rafael J. Wysocki" <rafael.j.wysocki(a)intel.com> Date: Wed, 13 Aug 2025 12:25:58 +0200 Subject: [PATCH] cpuidle: governors: menu: Avoid selecting states with too much latency Occasionally, the exit latency of the idle state selected by the menu governor may exceed the PM QoS CPU wakeup latency limit. Namely, if the scheduler tick has been stopped already and predicted_ns is greater than the tick period length, the governor may return an idle state whose exit latency exceeds latency_req because that decision is made before checking the current idle state's exit latency. For instance, say that there are 3 idle states, 0, 1, and 2. For idle states 0 and 1, the exit latency is equal to the target residency and the values are 0 and 5 us, respectively. State 2 is deeper and has the exit latency and target residency of 200 us and 2 ms (which is greater than the tick period length), respectively. Say that predicted_ns is equal to TICK_NSEC and the PM QoS latency limit is 20 us. After the first two iterations of the main loop in menu_select(), idx becomes 1 and in the third iteration of it the target residency of the current state (state 2) is greater than predicted_ns. State 2 is not a polling one and predicted_ns is not less than TICK_NSEC, so the check on whether or not the tick has been stopped is done. Say that the tick has been stopped already and there are no imminent timers (that is, delta_tick is greater than the target residency of state 2). In that case, idx becomes 2 and it is returned immediately, but the exit latency of state 2 exceeds the latency limit. Address this issue by modifying the code to compare the exit latency of the current idle state (idle state i) with the latency limit before comparing its target residency with predicted_ns, which allows one more exit_latency_ns check that becomes redundant to be dropped. However, after the above change, latency_req cannot take the predicted_ns value any more, which takes place after commit 38f83090f515 ("cpuidle: menu: Remove iowait influence"), because it may cause a polling state to be returned prematurely. In the context of the previous example say that predicted_ns is 3000 and the PM QoS latency limit is still 20 us. Additionally, say that idle state 0 is a polling one. Moving the exit_latency_ns check before the target_residency_ns one causes the loop to terminate in the second iteration, before the target_residency_ns check, so idle state 0 will be returned even though previously state 1 would be returned if there were no imminent timers. For this reason, remove the assignment of the predicted_ns value to latency_req from the code. Fixes: 5ef499cd571c ("cpuidle: menu: Handle stopped tick more aggressively") Cc: 4.17+ <stable(a)vger.kernel.org> # 4.17+ Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> Reviewed-by: Christian Loehle <christian.loehle(a)arm.com> Link: https://patch.msgid.link/5043159.31r3eYUQgx@rafael.j.wysocki diff --git a/drivers/cpuidle/governors/menu.c b/drivers/cpuidle/governors/menu.c index 81306612a5c6..b2e3d0b0a116 100644 --- a/drivers/cpuidle/governors/menu.c +++ b/drivers/cpuidle/governors/menu.c @@ -287,20 +287,15 @@ static int menu_select(struct cpuidle_driver *drv, struct cpuidle_device *dev, return 0; } - if (tick_nohz_tick_stopped()) { - /* - * If the tick is already stopped, the cost of possible short - * idle duration misprediction is much higher, because the CPU - * may be stuck in a shallow idle state for a long time as a - * result of it. In that case say we might mispredict and use - * the known time till the closest timer event for the idle - * state selection. - */ - if (predicted_ns < TICK_NSEC) - predicted_ns = data->next_timer_ns; - } else if (latency_req > predicted_ns) { - latency_req = predicted_ns; - } + /* + * If the tick is already stopped, the cost of possible short idle + * duration misprediction is much higher, because the CPU may be stuck + * in a shallow idle state for a long time as a result of it. In that + * case, say we might mispredict and use the known time till the closest + * timer event for the idle state selection. + */ + if (tick_nohz_tick_stopped() && predicted_ns < TICK_NSEC) + predicted_ns = data->next_timer_ns; /* * Find the idle state with the lowest power while satisfying @@ -316,13 +311,15 @@ static int menu_select(struct cpuidle_driver *drv, struct cpuidle_device *dev, if (idx == -1) idx = i; /* first enabled state */ + if (s->exit_latency_ns > latency_req) + break; + if (s->target_residency_ns > predicted_ns) { /* * Use a physical idle state, not busy polling, unless * a timer is going to trigger soon enough. */ if ((drv->states[idx].flags & CPUIDLE_FLAG_POLLING) && - s->exit_latency_ns <= latency_req && s->target_residency_ns <= data->next_timer_ns) { predicted_ns = s->target_residency_ns; idx = i; @@ -354,8 +351,6 @@ static int menu_select(struct cpuidle_driver *drv, struct cpuidle_device *dev, return idx; } - if (s->exit_latency_ns > latency_req) - break; idx = i; }

2 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] ipv6: sr: Fix MAC comparison to be constant-time" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x a458b2902115b26a25d67393b12ddd57d1216aaa # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082250-legwork-enhance-f1d3@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a458b2902115b26a25d67393b12ddd57d1216aaa Mon Sep 17 00:00:00 2001 From: Eric Biggers <ebiggers(a)kernel.org> Date: Mon, 18 Aug 2025 13:27:24 -0700 Subject: [PATCH] ipv6: sr: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this. Fixes: bf355b8d2c30 ("ipv6: sr: add core files for SR HMAC support") Cc: stable(a)vger.kernel.org Signed-off-by: Eric Biggers <ebiggers(a)kernel.org> Reviewed-by: Andrea Mayer <andrea.mayer(a)uniroma2.it> Link: https://patch.msgid.link/20250818202724.15713-1-ebiggers@kernel.org Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/net/ipv6/seg6_hmac.c b/net/ipv6/seg6_hmac.c index d77b52523b6a..fd58426f222b 100644 --- a/net/ipv6/seg6_hmac.c +++ b/net/ipv6/seg6_hmac.c @@ -35,6 +35,7 @@ #include <net/xfrm.h> #include <crypto/hash.h> +#include <crypto/utils.h> #include <net/seg6.h> #include <net/genetlink.h> #include <net/seg6_hmac.h> @@ -280,7 +281,7 @@ bool seg6_hmac_validate_skb(struct sk_buff *skb) if (seg6_hmac_compute(hinfo, srh, &ipv6_hdr(skb)->saddr, hmac_output)) return false; - if (memcmp(hmac_output, tlv->hmac, SEG6_HMAC_FIELD_LEN) != 0) + if (crypto_memneq(hmac_output, tlv->hmac, SEG6_HMAC_FIELD_LEN)) return false; return true;

2 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] ipv6: sr: Fix MAC comparison to be constant-time" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x a458b2902115b26a25d67393b12ddd57d1216aaa # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082249-consumer-mortician-8ee1@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a458b2902115b26a25d67393b12ddd57d1216aaa Mon Sep 17 00:00:00 2001 From: Eric Biggers <ebiggers(a)kernel.org> Date: Mon, 18 Aug 2025 13:27:24 -0700 Subject: [PATCH] ipv6: sr: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this. Fixes: bf355b8d2c30 ("ipv6: sr: add core files for SR HMAC support") Cc: stable(a)vger.kernel.org Signed-off-by: Eric Biggers <ebiggers(a)kernel.org> Reviewed-by: Andrea Mayer <andrea.mayer(a)uniroma2.it> Link: https://patch.msgid.link/20250818202724.15713-1-ebiggers@kernel.org Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/net/ipv6/seg6_hmac.c b/net/ipv6/seg6_hmac.c index d77b52523b6a..fd58426f222b 100644 --- a/net/ipv6/seg6_hmac.c +++ b/net/ipv6/seg6_hmac.c @@ -35,6 +35,7 @@ #include <net/xfrm.h> #include <crypto/hash.h> +#include <crypto/utils.h> #include <net/seg6.h> #include <net/genetlink.h> #include <net/seg6_hmac.h> @@ -280,7 +281,7 @@ bool seg6_hmac_validate_skb(struct sk_buff *skb) if (seg6_hmac_compute(hinfo, srh, &ipv6_hdr(skb)->saddr, hmac_output)) return false; - if (memcmp(hmac_output, tlv->hmac, SEG6_HMAC_FIELD_LEN) != 0) + if (crypto_memneq(hmac_output, tlv->hmac, SEG6_HMAC_FIELD_LEN)) return false; return true;

2 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] scsi: ufs: ufs-pci: Fix default runtime and system PM levels" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 6de7435e6b81fe52c0ab4c7e181f6b5decd18eb1 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082102-levitate-simple-9760@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6de7435e6b81fe52c0ab4c7e181f6b5decd18eb1 Mon Sep 17 00:00:00 2001 From: Adrian Hunter <adrian.hunter(a)intel.com> Date: Wed, 23 Jul 2025 19:58:50 +0300 Subject: [PATCH] scsi: ufs: ufs-pci: Fix default runtime and system PM levels Intel MTL-like host controllers support auto-hibernate. Using auto-hibernate with manual (driver initiated) hibernate produces more complex operation. For example, the host controller will have to exit auto-hibernate simply to allow the driver to enter hibernate state manually. That is not recommended. The default rpm_lvl and spm_lvl is 3, which includes manual hibernate. Change the default values to 2, which does not. Note, to be simpler to backport to stable kernels, utilize the UFS PCI driver's ->late_init() call back. Recent commits have made it possible to set up a controller-specific default in the regular ->init() call back, but not all stable kernels have those changes. Fixes: 4049f7acef3e ("scsi: ufs: ufs-pci: Add support for Intel MTL") Cc: stable(a)vger.kernel.org Signed-off-by: Adrian Hunter <adrian.hunter(a)intel.com> Link: https://lore.kernel.org/r/20250723165856.145750-3-adrian.hunter@intel.com Reviewed-by: Bart Van Assche <bvanassche(a)acm.org> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> diff --git a/drivers/ufs/host/ufshcd-pci.c b/drivers/ufs/host/ufshcd-pci.c index af1c272eef1c..8aff32d7057d 100644 --- a/drivers/ufs/host/ufshcd-pci.c +++ b/drivers/ufs/host/ufshcd-pci.c @@ -468,10 +468,23 @@ static int ufs_intel_adl_init(struct ufs_hba *hba) return ufs_intel_common_init(hba); } +static void ufs_intel_mtl_late_init(struct ufs_hba *hba) +{ + hba->rpm_lvl = UFS_PM_LVL_2; + hba->spm_lvl = UFS_PM_LVL_2; +} + static int ufs_intel_mtl_init(struct ufs_hba *hba) { + struct ufs_host *ufs_host; + int err; + hba->caps |= UFSHCD_CAP_CRYPTO | UFSHCD_CAP_WB_EN; - return ufs_intel_common_init(hba); + err = ufs_intel_common_init(hba); + /* Get variant after it is set in ufs_intel_common_init() */ + ufs_host = ufshcd_get_variant(hba); + ufs_host->late_init = ufs_intel_mtl_late_init; + return err; } static int ufs_qemu_get_hba_mac(struct ufs_hba *hba)

2 months, 3 weeks

3
2
0 0

FAILED: patch "[PATCH] ext4: fix hole length calculation overflow in non-extent" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 02c7f7219ac0e2277b3379a3a0e9841ef464b6d4 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082130-hunchback-efficient-e925@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 02c7f7219ac0e2277b3379a3a0e9841ef464b6d4 Mon Sep 17 00:00:00 2001 From: Zhang Yi <yi.zhang(a)huawei.com> Date: Mon, 11 Aug 2025 14:45:32 +0800 Subject: [PATCH] ext4: fix hole length calculation overflow in non-extent inodes In a filesystem with a block size larger than 4KB, the hole length calculation for a non-extent inode in ext4_ind_map_blocks() can easily exceed INT_MAX. Then it could return a zero length hole and trigger the following waring and infinite in the iomap infrastructure. ------------[ cut here ]------------ WARNING: CPU: 3 PID: 434101 at fs/iomap/iter.c:34 iomap_iter_done+0x148/0x190 CPU: 3 UID: 0 PID: 434101 Comm: fsstress Not tainted 6.16.0-rc7+ #128 PREEMPT(voluntary) Hardware name: QEMU KVM Virtual Machine, BIOS unknown 2/2/2022 pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : iomap_iter_done+0x148/0x190 lr : iomap_iter+0x174/0x230 sp : ffff8000880af740 x29: ffff8000880af740 x28: ffff0000db8e6840 x27: 0000000000000000 x26: 0000000000000000 x25: ffff8000880af830 x24: 0000004000000000 x23: 0000000000000002 x22: 000001bfdbfa8000 x21: ffffa6a41c002e48 x20: 0000000000000001 x19: ffff8000880af808 x18: 0000000000000000 x17: 0000000000000000 x16: ffffa6a495ee6cd0 x15: 0000000000000000 x14: 00000000000003d4 x13: 00000000fa83b2da x12: 0000b236fc95f18c x11: ffffa6a4978b9c08 x10: 0000000000001da0 x9 : ffffa6a41c1a2a44 x8 : ffff8000880af5c8 x7 : 0000000001000000 x6 : 0000000000000000 x5 : 0000000000000004 x4 : 000001bfdbfa8000 x3 : 0000000000000000 x2 : 0000000000000000 x1 : 0000004004030000 x0 : 0000000000000000 Call trace: iomap_iter_done+0x148/0x190 (P) iomap_iter+0x174/0x230 iomap_fiemap+0x154/0x1d8 ext4_fiemap+0x110/0x140 [ext4] do_vfs_ioctl+0x4b8/0xbc0 __arm64_sys_ioctl+0x8c/0x120 invoke_syscall+0x6c/0x100 el0_svc_common.constprop.0+0x48/0xf0 do_el0_svc+0x24/0x38 el0_svc+0x38/0x120 el0t_64_sync_handler+0x10c/0x138 el0t_64_sync+0x198/0x1a0 ---[ end trace 0000000000000000 ]--- Cc: stable(a)kernel.org Fixes: facab4d9711e ("ext4: return hole from ext4_map_blocks()") Reported-by: Qu Wenruo <wqu(a)suse.com> Closes: https://lore.kernel.org/linux-ext4/9b650a52-9672-4604-a765-bb6be55d1e4a@gmx… Tested-by: Qu Wenruo <wqu(a)suse.com> Signed-off-by: Zhang Yi <yi.zhang(a)huawei.com> Link: https://patch.msgid.link/20250811064532.1788289-1-yi.zhang@huaweicloud.com Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> diff --git a/fs/ext4/indirect.c b/fs/ext4/indirect.c index 7de327fa7b1c..d45124318200 100644 --- a/fs/ext4/indirect.c +++ b/fs/ext4/indirect.c @@ -539,7 +539,7 @@ int ext4_ind_map_blocks(handle_t *handle, struct inode *inode, int indirect_blks; int blocks_to_boundary = 0; int depth; - int count = 0; + u64 count = 0; ext4_fsblk_t first_block = 0; trace_ext4_ind_map_blocks_enter(inode, map->m_lblk, map->m_len, flags); @@ -588,7 +588,7 @@ int ext4_ind_map_blocks(handle_t *handle, struct inode *inode, count++; /* Fill in size of a hole we found */ map->m_pblk = 0; - map->m_len = min_t(unsigned int, map->m_len, count); + map->m_len = umin(map->m_len, count); goto cleanup; }

2 months, 3 weeks

2
2
0 0

FAILED: patch "[PATCH] crypto: x86/aegis - Fix sleeping when disallowed on" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x c7f49dadfcdf27e1f747442e874e9baa52ab7674 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082102-shrug-unused-8ce2@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c7f49dadfcdf27e1f747442e874e9baa52ab7674 Mon Sep 17 00:00:00 2001 From: Eric Biggers <ebiggers(a)kernel.org> Date: Tue, 8 Jul 2025 12:38:28 -0700 Subject: [PATCH] crypto: x86/aegis - Fix sleeping when disallowed on PREEMPT_RT skcipher_walk_done() can call kfree(), which takes a spinlock, which makes it incorrect to call while preemption is disabled on PREEMPT_RT. Therefore, end the kernel-mode FPU section before calling skcipher_walk_done(), and restart it afterwards. Moreover, pass atomic=false to skcipher_walk_aead_encrypt() instead of atomic=true. The point of atomic=true was to make skcipher_walk_done() safe to call while in a kernel-mode FPU section, but that does not actually work. So just use the usual atomic=false. Fixes: 1d373d4e8e15 ("crypto: x86 - Add optimized AEGIS implementations") Cc: stable(a)vger.kernel.org Signed-off-by: Eric Biggers <ebiggers(a)kernel.org> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> diff --git a/arch/x86/crypto/aegis128-aesni-glue.c b/arch/x86/crypto/aegis128-aesni-glue.c index f1b6d40154e3..3cb5c193038b 100644 --- a/arch/x86/crypto/aegis128-aesni-glue.c +++ b/arch/x86/crypto/aegis128-aesni-glue.c @@ -119,7 +119,9 @@ crypto_aegis128_aesni_process_crypt(struct aegis_state *state, walk->dst.virt.addr, round_down(walk->nbytes, AEGIS128_BLOCK_SIZE)); + kernel_fpu_end(); skcipher_walk_done(walk, walk->nbytes % AEGIS128_BLOCK_SIZE); + kernel_fpu_begin(); } if (walk->nbytes) { @@ -131,7 +133,9 @@ crypto_aegis128_aesni_process_crypt(struct aegis_state *state, aegis128_aesni_dec_tail(state, walk->src.virt.addr, walk->dst.virt.addr, walk->nbytes); + kernel_fpu_end(); skcipher_walk_done(walk, 0); + kernel_fpu_begin(); } } @@ -176,9 +180,9 @@ crypto_aegis128_aesni_crypt(struct aead_request *req, struct aegis_state state; if (enc) - skcipher_walk_aead_encrypt(&walk, req, true); + skcipher_walk_aead_encrypt(&walk, req, false); else - skcipher_walk_aead_decrypt(&walk, req, true); + skcipher_walk_aead_decrypt(&walk, req, false); kernel_fpu_begin();

2 months, 3 weeks

3
10
0 0

FAILED: patch "[PATCH] btrfs: subpage: keep TOWRITE tag until folio is cleaned" failed to apply to 6.16-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.16-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.16.y git checkout FETCH_HEAD git cherry-pick -x b1511360c8ac882b0c52caa263620538e8d73220 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082101-survive-mannish-1c90@gregkh' --subject-prefix 'PATCH 6.16.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b1511360c8ac882b0c52caa263620538e8d73220 Mon Sep 17 00:00:00 2001 From: Naohiro Aota <naohiro.aota(a)wdc.com> Date: Thu, 31 Jul 2025 12:46:56 +0900 Subject: [PATCH] btrfs: subpage: keep TOWRITE tag until folio is cleaned btrfs_subpage_set_writeback() calls folio_start_writeback() the first time a folio is written back, and it also clears the PAGECACHE_TAG_TOWRITE tag even if there are still dirty blocks in the folio. This can break ordering guarantees, such as those required by btrfs_wait_ordered_extents(). That ordering breakage leads to a real failure. For example, running generic/464 on a zoned setup will hit the following ASSERT. This happens because the broken ordering fails to flush existing dirty pages before the file size is truncated. assertion failed: !list_empty(&ordered->list) :: 0, in fs/btrfs/zoned.c:1899 ------------[ cut here ]------------ kernel BUG at fs/btrfs/zoned.c:1899! Oops: invalid opcode: 0000 [#1] SMP NOPTI CPU: 2 UID: 0 PID: 1906169 Comm: kworker/u130:2 Kdump: loaded Not tainted 6.16.0-rc6-BTRFS-ZNS+ #554 PREEMPT(voluntary) Hardware name: Supermicro Super Server/H12SSL-NT, BIOS 2.0 02/22/2021 Workqueue: btrfs-endio-write btrfs_work_helper [btrfs] RIP: 0010:btrfs_finish_ordered_zoned.cold+0x50/0x52 [btrfs] RSP: 0018:ffffc9002efdbd60 EFLAGS: 00010246 RAX: 000000000000004c RBX: ffff88811923c4e0 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffff827e38b1 RDI: 00000000ffffffff RBP: ffff88810005d000 R08: 00000000ffffdfff R09: ffffffff831051c8 R10: ffffffff83055220 R11: 0000000000000000 R12: ffff8881c2458c00 R13: ffff88811923c540 R14: ffff88811923c5e8 R15: ffff8881c1bd9680 FS: 0000000000000000(0000) GS:ffff88a04acd0000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f907c7a918c CR3: 0000000004024000 CR4: 0000000000350ef0 Call Trace: <TASK> ? srso_return_thunk+0x5/0x5f btrfs_finish_ordered_io+0x4a/0x60 [btrfs] btrfs_work_helper+0xf9/0x490 [btrfs] process_one_work+0x204/0x590 ? srso_return_thunk+0x5/0x5f worker_thread+0x1d6/0x3d0 ? __pfx_worker_thread+0x10/0x10 kthread+0x118/0x230 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x205/0x260 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30 </TASK> Consider process A calling writepages() with WB_SYNC_NONE. In zoned mode or for compressed writes, it locks several folios for delalloc and starts writing them out. Let's call the last locked folio folio X. Suppose the write range only partially covers folio X, leaving some pages dirty. Process A calls btrfs_subpage_set_writeback() when building a bio. This function call clears the TOWRITE tag of folio X, whose size = 8K and the block size = 4K. It is following state. 0 4K 8K |/////|/////| (flag: DIRTY, tag: DIRTY) <-----> Process A will write this range. Now suppose process B concurrently calls writepages() with WB_SYNC_ALL. It calls tag_pages_for_writeback() to tag dirty folios with PAGECACHE_TAG_TOWRITE. Since folio X is still dirty, it gets tagged. Then, B collects tagged folios using filemap_get_folios_tag() and must wait for folio X to be written before returning from writepages(). 0 4K 8K |/////|/////| (flag: DIRTY, tag: DIRTY|TOWRITE) However, between tagging and collecting, process A may call btrfs_subpage_set_writeback() and clear folio X's TOWRITE tag. 0 4K 8K | |/////| (flag: DIRTY|WRITEBACK, tag: DIRTY) As a result, process B won't see folio X in its batch, and returns without waiting for it. This breaks the WB_SYNC_ALL ordering requirement. Fix this by using btrfs_subpage_set_writeback_keepwrite(), which retains the TOWRITE tag. We now manually clear the tag only after the folio becomes clean, via the xas operation. Fixes: 3470da3b7d87 ("btrfs: subpage: introduce helpers for writeback status") CC: stable(a)vger.kernel.org # 6.12+ Reviewed-by: Qu Wenruo <wqu(a)suse.com> Reviewed-by: Johannes Thumshirn <johannes.thumshirn(a)wdc.com> Signed-off-by: Naohiro Aota <naohiro.aota(a)wdc.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/subpage.c b/fs/btrfs/subpage.c index c9b3821957f7..cb4f97833dc3 100644 --- a/fs/btrfs/subpage.c +++ b/fs/btrfs/subpage.c @@ -448,8 +448,25 @@ void btrfs_subpage_set_writeback(const struct btrfs_fs_info *fs_info, spin_lock_irqsave(&bfs->lock, flags); bitmap_set(bfs->bitmaps, start_bit, len >> fs_info->sectorsize_bits); + + /* + * Don't clear the TOWRITE tag when starting writeback on a still-dirty + * folio. Doing so can cause WB_SYNC_ALL writepages() to overlook it, + * assume writeback is complete, and exit too early — violating sync + * ordering guarantees. + */ if (!folio_test_writeback(folio)) - folio_start_writeback(folio); + __folio_start_writeback(folio, true); + if (!folio_test_dirty(folio)) { + struct address_space *mapping = folio_mapping(folio); + XA_STATE(xas, &mapping->i_pages, folio->index); + unsigned long flags; + + xas_lock_irqsave(&xas, flags); + xas_load(&xas); + xas_clear_mark(&xas, PAGECACHE_TAG_TOWRITE); + xas_unlock_irqrestore(&xas, flags); + } spin_unlock_irqrestore(&bfs->lock, flags); }

2 months, 3 weeks

2
3
0 0

[PATCH v2 1/2] media: nxp: imx8-isi: m2m: Fix streaming cleanup on release

by Laurent Pinchart

From: Guoniu Zhou <guoniu.zhou(a)nxp.com> If streamon/streamoff calls are imbalanced, such as when exiting an application with Ctrl+C when streaming, the m2m usage_count will never reach zero and the ISI channel won't be freed. Besides from that, if the input line width is more than 2K, it will trigger a WARN_ON(): [ 59.222120] ------------[ cut here ]------------ [ 59.226758] WARNING: drivers/media/platform/nxp/imx8-isi/imx8-isi-hw.c:631 at mxc_isi_channel_chain+0xa4/0x120, CPU#4: v4l2-ctl/654 [ 59.238569] Modules linked in: ap1302 [ 59.242231] CPU: 4 UID: 0 PID: 654 Comm: v4l2-ctl Not tainted 6.16.0-rc4-next-20250704-06511-gff0e002d480a-dirty #258 PREEMPT [ 59.253597] Hardware name: NXP i.MX95 15X15 board (DT) [ 59.258720] pstate: 80400009 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 59.265669] pc : mxc_isi_channel_chain+0xa4/0x120 [ 59.270358] lr : mxc_isi_channel_chain+0x44/0x120 [ 59.275047] sp : ffff8000848c3b40 [ 59.278348] x29: ffff8000848c3b40 x28: ffff0000859b4c98 x27: ffff800081939f00 [ 59.285472] x26: 000000000000000a x25: ffff0000859b4cb8 x24: 0000000000000001 [ 59.292597] x23: ffff0000816f4760 x22: ffff0000816f4258 x21: ffff000084ceb780 [ 59.299720] x20: ffff000084342ff8 x19: ffff000084340000 x18: 0000000000000000 [ 59.306845] x17: 0000000000000000 x16: 0000000000000000 x15: 0000ffffdb369e1c [ 59.313969] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000 [ 59.321093] x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000 [ 59.328217] x8 : ffff8000848c3d48 x7 : ffff800081930b30 x6 : ffff800081930b30 [ 59.335340] x5 : ffff0000859b6000 x4 : ffff80008193ae80 x3 : ffff800081022420 [ 59.342464] x2 : ffff0000852f6900 x1 : 0000000000000001 x0 : ffff000084341000 [ 59.349590] Call trace: [ 59.352025] mxc_isi_channel_chain+0xa4/0x120 (P) [ 59.356722] mxc_isi_m2m_streamon+0x160/0x20c [ 59.361072] v4l_streamon+0x24/0x30 [ 59.364556] __video_do_ioctl+0x40c/0x4a0 [ 59.368560] video_usercopy+0x2bc/0x690 [ 59.372382] video_ioctl2+0x18/0x24 [ 59.375857] v4l2_ioctl+0x40/0x60 [ 59.379168] __arm64_sys_ioctl+0xac/0x104 [ 59.383172] invoke_syscall+0x48/0x104 [ 59.386916] el0_svc_common.constprop.0+0xc0/0xe0 [ 59.391613] do_el0_svc+0x1c/0x28 [ 59.394915] el0_svc+0x34/0xf4 [ 59.397966] el0t_64_sync_handler+0xa0/0xe4 [ 59.402143] el0t_64_sync+0x198/0x19c [ 59.405801] ---[ end trace 0000000000000000 ]--- Address this issue by moving the streaming preparation and cleanup to the vb2 .prepare_streaming() and .unprepare_streaming() operations. This also simplifies the driver by allowing direct usage of the v4l2_m2m_ioctl_streamon() and v4l2_m2m_ioctl_streamoff() helpers. Fixes: cf21f328fcaf ("media: nxp: Add i.MX8 ISI driver") Cc: stable(a)vger.kernel.org Signed-off-by: Guoniu Zhou <guoniu.zhou(a)nxp.com> Co-developed-by: Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> Signed-off-by: Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> --- .../platform/nxp/imx8-isi/imx8-isi-m2m.c | 224 +++++++----------- 1 file changed, 92 insertions(+), 132 deletions(-) diff --git a/drivers/media/platform/nxp/imx8-isi/imx8-isi-m2m.c b/drivers/media/platform/nxp/imx8-isi/imx8-isi-m2m.c index 6bdd13b3048f..a8b10d944d69 100644 --- a/drivers/media/platform/nxp/imx8-isi/imx8-isi-m2m.c +++ b/drivers/media/platform/nxp/imx8-isi/imx8-isi-m2m.c @@ -43,7 +43,6 @@ struct mxc_isi_m2m_ctx_queue_data { struct v4l2_pix_format_mplane format; const struct mxc_isi_format_info *info; u32 sequence; - bool streaming; }; struct mxc_isi_m2m_ctx { @@ -236,6 +235,65 @@ static void mxc_isi_m2m_vb2_buffer_queue(struct vb2_buffer *vb2) v4l2_m2m_buf_queue(ctx->fh.m2m_ctx, vbuf); } +static int mxc_isi_m2m_vb2_prepare_streaming(struct vb2_queue *q) +{ + struct mxc_isi_m2m_ctx *ctx = vb2_get_drv_priv(q); + const struct v4l2_pix_format_mplane *out_pix = &ctx->queues.out.format; + const struct v4l2_pix_format_mplane *cap_pix = &ctx->queues.cap.format; + const struct mxc_isi_format_info *cap_info = ctx->queues.cap.info; + const struct mxc_isi_format_info *out_info = ctx->queues.out.info; + struct mxc_isi_m2m *m2m = ctx->m2m; + int ret; + + guard(mutex)(&m2m->lock); + + if (m2m->usage_count == INT_MAX) + return -EOVERFLOW; + + /* + * Acquire the pipe and initialize the channel with the first user of + * the M2M device. + */ + if (m2m->usage_count == 0) { + bool bypass = cap_pix->width == out_pix->width && + cap_pix->height == out_pix->height && + cap_info->encoding == out_info->encoding; + + ret = mxc_isi_channel_acquire(m2m->pipe, + &mxc_isi_m2m_frame_write_done, + bypass); + if (ret) + return ret; + + mxc_isi_channel_get(m2m->pipe); + } + + m2m->usage_count++; + + /* + * Allocate resources for the channel, counting how many users require + * buffer chaining. + */ + if (!ctx->chained && out_pix->width > MXC_ISI_MAX_WIDTH_UNCHAINED) { + ret = mxc_isi_channel_chain(m2m->pipe); + if (ret) + goto err_deinit; + + m2m->chained_count++; + ctx->chained = true; + } + + return 0; + +err_deinit: + if (--m2m->usage_count == 0) { + mxc_isi_channel_put(m2m->pipe); + mxc_isi_channel_release(m2m->pipe); + } + + return ret; +} + static int mxc_isi_m2m_vb2_start_streaming(struct vb2_queue *q, unsigned int count) { @@ -265,13 +323,44 @@ static void mxc_isi_m2m_vb2_stop_streaming(struct vb2_queue *q) } } +static void mxc_isi_m2m_vb2_unprepare_streaming(struct vb2_queue *q) +{ + struct mxc_isi_m2m_ctx *ctx = vb2_get_drv_priv(q); + struct mxc_isi_m2m *m2m = ctx->m2m; + + guard(mutex)(&m2m->lock); + + /* + * If the last context is this one, reset it to make sure the device + * will be reconfigured when streaming is restarted. + */ + if (m2m->last_ctx == ctx) + m2m->last_ctx = NULL; + + /* Free the channel resources if this is the last chained context. */ + if (ctx->chained && --m2m->chained_count == 0) + mxc_isi_channel_unchain(m2m->pipe); + ctx->chained = false; + + /* Turn off the light with the last user. */ + if (--m2m->usage_count == 0) { + mxc_isi_channel_disable(m2m->pipe); + mxc_isi_channel_put(m2m->pipe); + mxc_isi_channel_release(m2m->pipe); + } + + WARN_ON(m2m->usage_count < 0); +} + static const struct vb2_ops mxc_isi_m2m_vb2_qops = { .queue_setup = mxc_isi_m2m_vb2_queue_setup, .buf_init = mxc_isi_m2m_vb2_buffer_init, .buf_prepare = mxc_isi_m2m_vb2_buffer_prepare, .buf_queue = mxc_isi_m2m_vb2_buffer_queue, + .prepare_streaming = mxc_isi_m2m_vb2_prepare_streaming, .start_streaming = mxc_isi_m2m_vb2_start_streaming, .stop_streaming = mxc_isi_m2m_vb2_stop_streaming, + .unprepare_streaming = mxc_isi_m2m_vb2_unprepare_streaming, }; static int mxc_isi_m2m_queue_init(void *priv, struct vb2_queue *src_vq, @@ -481,135 +570,6 @@ static int mxc_isi_m2m_s_fmt_vid(struct file *file, void *fh, return 0; } -static int mxc_isi_m2m_streamon(struct file *file, void *fh, - enum v4l2_buf_type type) -{ - struct mxc_isi_m2m_ctx *ctx = file_to_isi_m2m_ctx(file); - struct mxc_isi_m2m_ctx_queue_data *q = mxc_isi_m2m_ctx_qdata(ctx, type); - const struct v4l2_pix_format_mplane *out_pix = &ctx->queues.out.format; - const struct v4l2_pix_format_mplane *cap_pix = &ctx->queues.cap.format; - const struct mxc_isi_format_info *cap_info = ctx->queues.cap.info; - const struct mxc_isi_format_info *out_info = ctx->queues.out.info; - struct mxc_isi_m2m *m2m = ctx->m2m; - int ret; - - if (q->streaming) - return 0; - - mutex_lock(&m2m->lock); - - if (m2m->usage_count == INT_MAX) { - ret = -EOVERFLOW; - goto unlock; - } - - /* - * Acquire the pipe and initialize the channel with the first user of - * the M2M device. - */ - if (m2m->usage_count == 0) { - bool bypass = cap_pix->width == out_pix->width && - cap_pix->height == out_pix->height && - cap_info->encoding == out_info->encoding; - - ret = mxc_isi_channel_acquire(m2m->pipe, - &mxc_isi_m2m_frame_write_done, - bypass); - if (ret) - goto unlock; - - mxc_isi_channel_get(m2m->pipe); - } - - m2m->usage_count++; - - /* - * Allocate resources for the channel, counting how many users require - * buffer chaining. - */ - if (!ctx->chained && out_pix->width > MXC_ISI_MAX_WIDTH_UNCHAINED) { - ret = mxc_isi_channel_chain(m2m->pipe); - if (ret) - goto deinit; - - m2m->chained_count++; - ctx->chained = true; - } - - /* - * Drop the lock to start the stream, as the .device_run() operation - * needs to acquire it. - */ - mutex_unlock(&m2m->lock); - ret = v4l2_m2m_ioctl_streamon(file, fh, type); - if (ret) { - /* Reacquire the lock for the cleanup path. */ - mutex_lock(&m2m->lock); - goto unchain; - } - - q->streaming = true; - - return 0; - -unchain: - if (ctx->chained && --m2m->chained_count == 0) - mxc_isi_channel_unchain(m2m->pipe); - ctx->chained = false; - -deinit: - if (--m2m->usage_count == 0) { - mxc_isi_channel_put(m2m->pipe); - mxc_isi_channel_release(m2m->pipe); - } - -unlock: - mutex_unlock(&m2m->lock); - return ret; -} - -static int mxc_isi_m2m_streamoff(struct file *file, void *fh, - enum v4l2_buf_type type) -{ - struct mxc_isi_m2m_ctx *ctx = file_to_isi_m2m_ctx(file); - struct mxc_isi_m2m_ctx_queue_data *q = mxc_isi_m2m_ctx_qdata(ctx, type); - struct mxc_isi_m2m *m2m = ctx->m2m; - - v4l2_m2m_ioctl_streamoff(file, fh, type); - - if (!q->streaming) - return 0; - - mutex_lock(&m2m->lock); - - /* - * If the last context is this one, reset it to make sure the device - * will be reconfigured when streaming is restarted. - */ - if (m2m->last_ctx == ctx) - m2m->last_ctx = NULL; - - /* Free the channel resources if this is the last chained context. */ - if (ctx->chained && --m2m->chained_count == 0) - mxc_isi_channel_unchain(m2m->pipe); - ctx->chained = false; - - /* Turn off the light with the last user. */ - if (--m2m->usage_count == 0) { - mxc_isi_channel_disable(m2m->pipe); - mxc_isi_channel_put(m2m->pipe); - mxc_isi_channel_release(m2m->pipe); - } - - WARN_ON(m2m->usage_count < 0); - - mutex_unlock(&m2m->lock); - - q->streaming = false; - - return 0; -} - static const struct v4l2_ioctl_ops mxc_isi_m2m_ioctl_ops = { .vidioc_querycap = mxc_isi_m2m_querycap, @@ -630,8 +590,8 @@ static const struct v4l2_ioctl_ops mxc_isi_m2m_ioctl_ops = { .vidioc_prepare_buf = v4l2_m2m_ioctl_prepare_buf, .vidioc_create_bufs = v4l2_m2m_ioctl_create_bufs, - .vidioc_streamon = mxc_isi_m2m_streamon, - .vidioc_streamoff = mxc_isi_m2m_streamoff, + .vidioc_streamon = v4l2_m2m_ioctl_streamon, + .vidioc_streamoff = v4l2_m2m_ioctl_streamoff, .vidioc_subscribe_event = v4l2_ctrl_subscribe_event, .vidioc_unsubscribe_event = v4l2_event_unsubscribe, base-commit: a75b8d198c55e9eb5feb6f6e155496305caba2dc prerequisite-patch-id: 9581e075a75aef4b16218280c8dd5788840fad41 prerequisite-patch-id: 74bfb3e362032eae530395b10471ad86175fe592 prerequisite-patch-id: 6c7220d0c283111ab3027086f6ce2d17447e5d07 prerequisite-patch-id: ebefea609f3bd3aacb344701c9971afef5be48ad -- Regards, Laurent Pinchart

2 months, 3 weeks

3
2
0 0

FAILED: patch "[PATCH] crypto: x86/aegis - Add missing error checks" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 3d9eb180fbe8828cce43bce4c370124685b205c3 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082114-egotistic-train-159d@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 3d9eb180fbe8828cce43bce4c370124685b205c3 Mon Sep 17 00:00:00 2001 From: Eric Biggers <ebiggers(a)kernel.org> Date: Tue, 8 Jul 2025 12:38:29 -0700 Subject: [PATCH] crypto: x86/aegis - Add missing error checks The skcipher_walk functions can allocate memory and can fail, so checking for errors is necessary. Fixes: 1d373d4e8e15 ("crypto: x86 - Add optimized AEGIS implementations") Cc: stable(a)vger.kernel.org Signed-off-by: Eric Biggers <ebiggers(a)kernel.org> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> diff --git a/arch/x86/crypto/aegis128-aesni-glue.c b/arch/x86/crypto/aegis128-aesni-glue.c index 3cb5c193038b..f1adfba1a76e 100644 --- a/arch/x86/crypto/aegis128-aesni-glue.c +++ b/arch/x86/crypto/aegis128-aesni-glue.c @@ -104,10 +104,12 @@ static void crypto_aegis128_aesni_process_ad( } } -static __always_inline void +static __always_inline int crypto_aegis128_aesni_process_crypt(struct aegis_state *state, struct skcipher_walk *walk, bool enc) { + int err = 0; + while (walk->nbytes >= AEGIS128_BLOCK_SIZE) { if (enc) aegis128_aesni_enc(state, walk->src.virt.addr, @@ -120,7 +122,8 @@ crypto_aegis128_aesni_process_crypt(struct aegis_state *state, round_down(walk->nbytes, AEGIS128_BLOCK_SIZE)); kernel_fpu_end(); - skcipher_walk_done(walk, walk->nbytes % AEGIS128_BLOCK_SIZE); + err = skcipher_walk_done(walk, + walk->nbytes % AEGIS128_BLOCK_SIZE); kernel_fpu_begin(); } @@ -134,9 +137,10 @@ crypto_aegis128_aesni_process_crypt(struct aegis_state *state, walk->dst.virt.addr, walk->nbytes); kernel_fpu_end(); - skcipher_walk_done(walk, 0); + err = skcipher_walk_done(walk, 0); kernel_fpu_begin(); } + return err; } static struct aegis_ctx *crypto_aegis128_aesni_ctx(struct crypto_aead *aead) @@ -169,7 +173,7 @@ static int crypto_aegis128_aesni_setauthsize(struct crypto_aead *tfm, return 0; } -static __always_inline void +static __always_inline int crypto_aegis128_aesni_crypt(struct aead_request *req, struct aegis_block *tag_xor, unsigned int cryptlen, bool enc) @@ -178,20 +182,24 @@ crypto_aegis128_aesni_crypt(struct aead_request *req, struct aegis_ctx *ctx = crypto_aegis128_aesni_ctx(tfm); struct skcipher_walk walk; struct aegis_state state; + int err; if (enc) - skcipher_walk_aead_encrypt(&walk, req, false); + err = skcipher_walk_aead_encrypt(&walk, req, false); else - skcipher_walk_aead_decrypt(&walk, req, false); + err = skcipher_walk_aead_decrypt(&walk, req, false); + if (err) + return err; kernel_fpu_begin(); aegis128_aesni_init(&state, &ctx->key, req->iv); crypto_aegis128_aesni_process_ad(&state, req->src, req->assoclen); - crypto_aegis128_aesni_process_crypt(&state, &walk, enc); - aegis128_aesni_final(&state, tag_xor, req->assoclen, cryptlen); - + err = crypto_aegis128_aesni_process_crypt(&state, &walk, enc); + if (err == 0) + aegis128_aesni_final(&state, tag_xor, req->assoclen, cryptlen); kernel_fpu_end(); + return err; } static int crypto_aegis128_aesni_encrypt(struct aead_request *req) @@ -200,8 +208,11 @@ static int crypto_aegis128_aesni_encrypt(struct aead_request *req) struct aegis_block tag = {}; unsigned int authsize = crypto_aead_authsize(tfm); unsigned int cryptlen = req->cryptlen; + int err; - crypto_aegis128_aesni_crypt(req, &tag, cryptlen, true); + err = crypto_aegis128_aesni_crypt(req, &tag, cryptlen, true); + if (err) + return err; scatterwalk_map_and_copy(tag.bytes, req->dst, req->assoclen + cryptlen, authsize, 1); @@ -216,11 +227,14 @@ static int crypto_aegis128_aesni_decrypt(struct aead_request *req) struct aegis_block tag; unsigned int authsize = crypto_aead_authsize(tfm); unsigned int cryptlen = req->cryptlen - authsize; + int err; scatterwalk_map_and_copy(tag.bytes, req->src, req->assoclen + cryptlen, authsize, 0); - crypto_aegis128_aesni_crypt(req, &tag, cryptlen, false); + err = crypto_aegis128_aesni_crypt(req, &tag, cryptlen, false); + if (err) + return err; return crypto_memneq(tag.bytes, zeros.bytes, authsize) ? -EBADMSG : 0; }

2 months, 3 weeks

2
5
0 0

FAILED: patch "[PATCH] crypto: x86/aegis - Fix sleeping when disallowed on" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x c7f49dadfcdf27e1f747442e874e9baa52ab7674 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082103-division-stoning-2306@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c7f49dadfcdf27e1f747442e874e9baa52ab7674 Mon Sep 17 00:00:00 2001 From: Eric Biggers <ebiggers(a)kernel.org> Date: Tue, 8 Jul 2025 12:38:28 -0700 Subject: [PATCH] crypto: x86/aegis - Fix sleeping when disallowed on PREEMPT_RT skcipher_walk_done() can call kfree(), which takes a spinlock, which makes it incorrect to call while preemption is disabled on PREEMPT_RT. Therefore, end the kernel-mode FPU section before calling skcipher_walk_done(), and restart it afterwards. Moreover, pass atomic=false to skcipher_walk_aead_encrypt() instead of atomic=true. The point of atomic=true was to make skcipher_walk_done() safe to call while in a kernel-mode FPU section, but that does not actually work. So just use the usual atomic=false. Fixes: 1d373d4e8e15 ("crypto: x86 - Add optimized AEGIS implementations") Cc: stable(a)vger.kernel.org Signed-off-by: Eric Biggers <ebiggers(a)kernel.org> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> diff --git a/arch/x86/crypto/aegis128-aesni-glue.c b/arch/x86/crypto/aegis128-aesni-glue.c index f1b6d40154e3..3cb5c193038b 100644 --- a/arch/x86/crypto/aegis128-aesni-glue.c +++ b/arch/x86/crypto/aegis128-aesni-glue.c @@ -119,7 +119,9 @@ crypto_aegis128_aesni_process_crypt(struct aegis_state *state, walk->dst.virt.addr, round_down(walk->nbytes, AEGIS128_BLOCK_SIZE)); + kernel_fpu_end(); skcipher_walk_done(walk, walk->nbytes % AEGIS128_BLOCK_SIZE); + kernel_fpu_begin(); } if (walk->nbytes) { @@ -131,7 +133,9 @@ crypto_aegis128_aesni_process_crypt(struct aegis_state *state, aegis128_aesni_dec_tail(state, walk->src.virt.addr, walk->dst.virt.addr, walk->nbytes); + kernel_fpu_end(); skcipher_walk_done(walk, 0); + kernel_fpu_begin(); } } @@ -176,9 +180,9 @@ crypto_aegis128_aesni_crypt(struct aead_request *req, struct aegis_state state; if (enc) - skcipher_walk_aead_encrypt(&walk, req, true); + skcipher_walk_aead_encrypt(&walk, req, false); else - skcipher_walk_aead_decrypt(&walk, req, true); + skcipher_walk_aead_decrypt(&walk, req, false); kernel_fpu_begin();

2 months, 3 weeks

2
4
0 0

FAILED: patch "[PATCH] netfs: Fix unbuffered write error handling" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x a3de58b12ce074ec05b8741fa28d62ccb1070468 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082157-dedicator-hurled-4d65@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a3de58b12ce074ec05b8741fa28d62ccb1070468 Mon Sep 17 00:00:00 2001 From: David Howells <dhowells(a)redhat.com> Date: Thu, 14 Aug 2025 22:45:50 +0100 Subject: [PATCH] netfs: Fix unbuffered write error handling If all the subrequests in an unbuffered write stream fail, the subrequest collector doesn't update the stream->transferred value and it retains its initial LONG_MAX value. Unfortunately, if all active streams fail, then we take the smallest value of { LONG_MAX, LONG_MAX, ... } as the value to set in wreq->transferred - which is then returned from ->write_iter(). LONG_MAX was chosen as the initial value so that all the streams can be quickly assessed by taking the smallest value of all stream->transferred - but this only works if we've set any of them. Fix this by adding a flag to indicate whether the value in stream->transferred is valid and checking that when we integrate the values. stream->transferred can then be initialised to zero. This was found by running the generic/750 xfstest against cifs with cache=none. It splices data to the target file. Once (if) it has used up all the available scratch space, the writes start failing with ENOSPC. This causes ->write_iter() to fail. However, it was returning wreq->transferred, i.e. LONG_MAX, rather than an error (because it thought the amount transferred was non-zero) and iter_file_splice_write() would then try to clean up that amount of pipe bufferage - leading to an oops when it overran. The kernel log showed: CIFS: VFS: Send error in write = -28 followed by: BUG: kernel NULL pointer dereference, address: 0000000000000008 with: RIP: 0010:iter_file_splice_write+0x3a4/0x520 do_splice+0x197/0x4e0 or: RIP: 0010:pipe_buf_release (include/linux/pipe_fs_i.h:282) iter_file_splice_write (fs/splice.c:755) Also put a warning check into splice to announce if ->write_iter() returned that it had written more than it was asked to. Fixes: 288ace2f57c9 ("netfs: New writeback implementation") Reported-by: Xiaoli Feng <fengxiaoli0714(a)gmail.com> Closes: https://bugzilla.kernel.org/show_bug.cgi?id=220445 Signed-off-by: David Howells <dhowells(a)redhat.com> Link: https://lore.kernel.org/915443.1755207950@warthog.procyon.org.uk cc: Paulo Alcantara <pc(a)manguebit.org> cc: Steve French <sfrench(a)samba.org> cc: Shyam Prasad N <sprasad(a)microsoft.com> cc: netfs(a)lists.linux.dev cc: linux-cifs(a)vger.kernel.org cc: linux-fsdevel(a)vger.kernel.org cc: stable(a)vger.kernel.org Signed-off-by: Christian Brauner <brauner(a)kernel.org> diff --git a/fs/netfs/read_collect.c b/fs/netfs/read_collect.c index 3e804da1e1eb..a95e7aadafd0 100644 --- a/fs/netfs/read_collect.c +++ b/fs/netfs/read_collect.c @@ -281,8 +281,10 @@ static void netfs_collect_read_results(struct netfs_io_request *rreq) } else if (test_bit(NETFS_RREQ_SHORT_TRANSFER, &rreq->flags)) { notes |= MADE_PROGRESS; } else { - if (!stream->failed) + if (!stream->failed) { stream->transferred += transferred; + stream->transferred_valid = true; + } if (front->transferred < front->len) set_bit(NETFS_RREQ_SHORT_TRANSFER, &rreq->flags); notes |= MADE_PROGRESS; diff --git a/fs/netfs/write_collect.c b/fs/netfs/write_collect.c index 0f3a36852a4d..cbf3d9194c7b 100644 --- a/fs/netfs/write_collect.c +++ b/fs/netfs/write_collect.c @@ -254,6 +254,7 @@ static void netfs_collect_write_results(struct netfs_io_request *wreq) if (front->start + front->transferred > stream->collected_to) { stream->collected_to = front->start + front->transferred; stream->transferred = stream->collected_to - wreq->start; + stream->transferred_valid = true; notes |= MADE_PROGRESS; } if (test_bit(NETFS_SREQ_FAILED, &front->flags)) { @@ -356,6 +357,7 @@ bool netfs_write_collection(struct netfs_io_request *wreq) { struct netfs_inode *ictx = netfs_inode(wreq->inode); size_t transferred; + bool transferred_valid = false; int s; _enter("R=%x", wreq->debug_id); @@ -376,12 +378,16 @@ bool netfs_write_collection(struct netfs_io_request *wreq) continue; if (!list_empty(&stream->subrequests)) return false; - if (stream->transferred < transferred) + if (stream->transferred_valid && + stream->transferred < transferred) { transferred = stream->transferred; + transferred_valid = true; + } } /* Okay, declare that all I/O is complete. */ - wreq->transferred = transferred; + if (transferred_valid) + wreq->transferred = transferred; trace_netfs_rreq(wreq, netfs_rreq_trace_write_done); if (wreq->io_streams[1].active && diff --git a/fs/netfs/write_issue.c b/fs/netfs/write_issue.c index 50bee2c4130d..0584cba1a043 100644 --- a/fs/netfs/write_issue.c +++ b/fs/netfs/write_issue.c @@ -118,12 +118,12 @@ struct netfs_io_request *netfs_create_write_req(struct address_space *mapping, wreq->io_streams[0].prepare_write = ictx->ops->prepare_write; wreq->io_streams[0].issue_write = ictx->ops->issue_write; wreq->io_streams[0].collected_to = start; - wreq->io_streams[0].transferred = LONG_MAX; + wreq->io_streams[0].transferred = 0; wreq->io_streams[1].stream_nr = 1; wreq->io_streams[1].source = NETFS_WRITE_TO_CACHE; wreq->io_streams[1].collected_to = start; - wreq->io_streams[1].transferred = LONG_MAX; + wreq->io_streams[1].transferred = 0; if (fscache_resources_valid(&wreq->cache_resources)) { wreq->io_streams[1].avail = true; wreq->io_streams[1].active = true; diff --git a/fs/splice.c b/fs/splice.c index 4d6df083e0c0..f5094b6d00a0 100644 --- a/fs/splice.c +++ b/fs/splice.c @@ -739,6 +739,9 @@ iter_file_splice_write(struct pipe_inode_info *pipe, struct file *out, sd.pos = kiocb.ki_pos; if (ret <= 0) break; + WARN_ONCE(ret > sd.total_len - left, + "Splice Exceeded! ret=%zd tot=%zu left=%zu\n", + ret, sd.total_len, left); sd.num_spliced += ret; sd.total_len -= ret; diff --git a/include/linux/netfs.h b/include/linux/netfs.h index 185bd8196503..98c96d649bf9 100644 --- a/include/linux/netfs.h +++ b/include/linux/netfs.h @@ -150,6 +150,7 @@ struct netfs_io_stream { bool active; /* T if stream is active */ bool need_retry; /* T if this stream needs retrying */ bool failed; /* T if this stream failed */ + bool transferred_valid; /* T is ->transferred is valid */ }; /*

2 months, 3 weeks

2
1
0 0

FAILED: patch "[PATCH] crypto: x86/aegis - Add missing error checks" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 3d9eb180fbe8828cce43bce4c370124685b205c3 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082114-proofs-slideshow-5515@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 3d9eb180fbe8828cce43bce4c370124685b205c3 Mon Sep 17 00:00:00 2001 From: Eric Biggers <ebiggers(a)kernel.org> Date: Tue, 8 Jul 2025 12:38:29 -0700 Subject: [PATCH] crypto: x86/aegis - Add missing error checks The skcipher_walk functions can allocate memory and can fail, so checking for errors is necessary. Fixes: 1d373d4e8e15 ("crypto: x86 - Add optimized AEGIS implementations") Cc: stable(a)vger.kernel.org Signed-off-by: Eric Biggers <ebiggers(a)kernel.org> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> diff --git a/arch/x86/crypto/aegis128-aesni-glue.c b/arch/x86/crypto/aegis128-aesni-glue.c index 3cb5c193038b..f1adfba1a76e 100644 --- a/arch/x86/crypto/aegis128-aesni-glue.c +++ b/arch/x86/crypto/aegis128-aesni-glue.c @@ -104,10 +104,12 @@ static void crypto_aegis128_aesni_process_ad( } } -static __always_inline void +static __always_inline int crypto_aegis128_aesni_process_crypt(struct aegis_state *state, struct skcipher_walk *walk, bool enc) { + int err = 0; + while (walk->nbytes >= AEGIS128_BLOCK_SIZE) { if (enc) aegis128_aesni_enc(state, walk->src.virt.addr, @@ -120,7 +122,8 @@ crypto_aegis128_aesni_process_crypt(struct aegis_state *state, round_down(walk->nbytes, AEGIS128_BLOCK_SIZE)); kernel_fpu_end(); - skcipher_walk_done(walk, walk->nbytes % AEGIS128_BLOCK_SIZE); + err = skcipher_walk_done(walk, + walk->nbytes % AEGIS128_BLOCK_SIZE); kernel_fpu_begin(); } @@ -134,9 +137,10 @@ crypto_aegis128_aesni_process_crypt(struct aegis_state *state, walk->dst.virt.addr, walk->nbytes); kernel_fpu_end(); - skcipher_walk_done(walk, 0); + err = skcipher_walk_done(walk, 0); kernel_fpu_begin(); } + return err; } static struct aegis_ctx *crypto_aegis128_aesni_ctx(struct crypto_aead *aead) @@ -169,7 +173,7 @@ static int crypto_aegis128_aesni_setauthsize(struct crypto_aead *tfm, return 0; } -static __always_inline void +static __always_inline int crypto_aegis128_aesni_crypt(struct aead_request *req, struct aegis_block *tag_xor, unsigned int cryptlen, bool enc) @@ -178,20 +182,24 @@ crypto_aegis128_aesni_crypt(struct aead_request *req, struct aegis_ctx *ctx = crypto_aegis128_aesni_ctx(tfm); struct skcipher_walk walk; struct aegis_state state; + int err; if (enc) - skcipher_walk_aead_encrypt(&walk, req, false); + err = skcipher_walk_aead_encrypt(&walk, req, false); else - skcipher_walk_aead_decrypt(&walk, req, false); + err = skcipher_walk_aead_decrypt(&walk, req, false); + if (err) + return err; kernel_fpu_begin(); aegis128_aesni_init(&state, &ctx->key, req->iv); crypto_aegis128_aesni_process_ad(&state, req->src, req->assoclen); - crypto_aegis128_aesni_process_crypt(&state, &walk, enc); - aegis128_aesni_final(&state, tag_xor, req->assoclen, cryptlen); - + err = crypto_aegis128_aesni_process_crypt(&state, &walk, enc); + if (err == 0) + aegis128_aesni_final(&state, tag_xor, req->assoclen, cryptlen); kernel_fpu_end(); + return err; } static int crypto_aegis128_aesni_encrypt(struct aead_request *req) @@ -200,8 +208,11 @@ static int crypto_aegis128_aesni_encrypt(struct aead_request *req) struct aegis_block tag = {}; unsigned int authsize = crypto_aead_authsize(tfm); unsigned int cryptlen = req->cryptlen; + int err; - crypto_aegis128_aesni_crypt(req, &tag, cryptlen, true); + err = crypto_aegis128_aesni_crypt(req, &tag, cryptlen, true); + if (err) + return err; scatterwalk_map_and_copy(tag.bytes, req->dst, req->assoclen + cryptlen, authsize, 1); @@ -216,11 +227,14 @@ static int crypto_aegis128_aesni_decrypt(struct aead_request *req) struct aegis_block tag; unsigned int authsize = crypto_aead_authsize(tfm); unsigned int cryptlen = req->cryptlen - authsize; + int err; scatterwalk_map_and_copy(tag.bytes, req->src, req->assoclen + cryptlen, authsize, 0); - crypto_aegis128_aesni_crypt(req, &tag, cryptlen, false); + err = crypto_aegis128_aesni_crypt(req, &tag, cryptlen, false); + if (err) + return err; return crypto_memneq(tag.bytes, zeros.bytes, authsize) ? -EBADMSG : 0; }

2 months, 3 weeks

2
5
0 0

FAILED: patch "[PATCH] ata: libata-scsi: Return aborted command when missing sense" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x d2be9ea9a75550a35c5127a6c2633658bc38c76b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082134-stuck-legend-2edb@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d2be9ea9a75550a35c5127a6c2633658bc38c76b Mon Sep 17 00:00:00 2001 From: Damien Le Moal <dlemoal(a)kernel.org> Date: Tue, 29 Jul 2025 19:37:12 +0900 Subject: [PATCH] ata: libata-scsi: Return aborted command when missing sense and result TF ata_gen_ata_sense() is always called for a failed qc missing sense data so that a sense key, code and code qualifier can be generated using ata_to_sense_error() from the qc status and error fields of its result task file. However, if the qc does not have its result task file filled, ata_gen_ata_sense() returns early without setting a sense key. Improve this by defaulting to returning ABORTED COMMAND without any additional sense code, since we do not know the reason for the failure. The same fix is also applied in ata_gen_passthru_sense() with the additional check that the qc failed (qc->err_mask is set). Fixes: 816be86c7993 ("ata: libata-scsi: Check ATA_QCFLAG_RTF_FILLED before using result_tf") Cc: stable(a)vger.kernel.org Signed-off-by: Damien Le Moal <dlemoal(a)kernel.org> Reviewed-by: Hannes Reinecke <hare(a)suse.de> Reviewed-by: Martin K. Petersen <martin.petersen(a)oracle.com> diff --git a/drivers/ata/libata-scsi.c b/drivers/ata/libata-scsi.c index 9b16c0f553e0..57f674f51b0c 100644 --- a/drivers/ata/libata-scsi.c +++ b/drivers/ata/libata-scsi.c @@ -938,6 +938,8 @@ static void ata_gen_passthru_sense(struct ata_queued_cmd *qc) if (!(qc->flags & ATA_QCFLAG_RTF_FILLED)) { ata_dev_dbg(dev, "missing result TF: can't generate ATA PT sense data\n"); + if (qc->err_mask) + ata_scsi_set_sense(dev, cmd, ABORTED_COMMAND, 0, 0); return; } @@ -992,8 +994,8 @@ static void ata_gen_ata_sense(struct ata_queued_cmd *qc) if (!(qc->flags & ATA_QCFLAG_RTF_FILLED)) { ata_dev_dbg(dev, - "missing result TF: can't generate sense data\n"); - return; + "Missing result TF: reporting aborted command\n"); + goto aborted; } /* Use ata_to_sense_error() to map status register bits @@ -1004,13 +1006,15 @@ static void ata_gen_ata_sense(struct ata_queued_cmd *qc) ata_to_sense_error(tf->status, tf->error, &sense_key, &asc, &ascq); ata_scsi_set_sense(dev, cmd, sense_key, asc, ascq); - } else { - /* Could not decode error */ - ata_dev_warn(dev, "could not decode error status 0x%x err_mask 0x%x\n", - tf->status, qc->err_mask); - ata_scsi_set_sense(dev, cmd, ABORTED_COMMAND, 0, 0); return; } + + /* Could not decode error */ + ata_dev_warn(dev, + "Could not decode error 0x%x, status 0x%x (err_mask=0x%x)\n", + tf->error, tf->status, qc->err_mask); +aborted: + ata_scsi_set_sense(dev, cmd, ABORTED_COMMAND, 0, 0); } void ata_scsi_sdev_config(struct scsi_device *sdev)

2 months, 3 weeks

2
1
0 0

FAILED: patch "[PATCH] ata: libata-scsi: Return aborted command when missing sense" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x d2be9ea9a75550a35c5127a6c2633658bc38c76b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082133-excursion-pacifist-92a4@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d2be9ea9a75550a35c5127a6c2633658bc38c76b Mon Sep 17 00:00:00 2001 From: Damien Le Moal <dlemoal(a)kernel.org> Date: Tue, 29 Jul 2025 19:37:12 +0900 Subject: [PATCH] ata: libata-scsi: Return aborted command when missing sense and result TF ata_gen_ata_sense() is always called for a failed qc missing sense data so that a sense key, code and code qualifier can be generated using ata_to_sense_error() from the qc status and error fields of its result task file. However, if the qc does not have its result task file filled, ata_gen_ata_sense() returns early without setting a sense key. Improve this by defaulting to returning ABORTED COMMAND without any additional sense code, since we do not know the reason for the failure. The same fix is also applied in ata_gen_passthru_sense() with the additional check that the qc failed (qc->err_mask is set). Fixes: 816be86c7993 ("ata: libata-scsi: Check ATA_QCFLAG_RTF_FILLED before using result_tf") Cc: stable(a)vger.kernel.org Signed-off-by: Damien Le Moal <dlemoal(a)kernel.org> Reviewed-by: Hannes Reinecke <hare(a)suse.de> Reviewed-by: Martin K. Petersen <martin.petersen(a)oracle.com> diff --git a/drivers/ata/libata-scsi.c b/drivers/ata/libata-scsi.c index 9b16c0f553e0..57f674f51b0c 100644 --- a/drivers/ata/libata-scsi.c +++ b/drivers/ata/libata-scsi.c @@ -938,6 +938,8 @@ static void ata_gen_passthru_sense(struct ata_queued_cmd *qc) if (!(qc->flags & ATA_QCFLAG_RTF_FILLED)) { ata_dev_dbg(dev, "missing result TF: can't generate ATA PT sense data\n"); + if (qc->err_mask) + ata_scsi_set_sense(dev, cmd, ABORTED_COMMAND, 0, 0); return; } @@ -992,8 +994,8 @@ static void ata_gen_ata_sense(struct ata_queued_cmd *qc) if (!(qc->flags & ATA_QCFLAG_RTF_FILLED)) { ata_dev_dbg(dev, - "missing result TF: can't generate sense data\n"); - return; + "Missing result TF: reporting aborted command\n"); + goto aborted; } /* Use ata_to_sense_error() to map status register bits @@ -1004,13 +1006,15 @@ static void ata_gen_ata_sense(struct ata_queued_cmd *qc) ata_to_sense_error(tf->status, tf->error, &sense_key, &asc, &ascq); ata_scsi_set_sense(dev, cmd, sense_key, asc, ascq); - } else { - /* Could not decode error */ - ata_dev_warn(dev, "could not decode error status 0x%x err_mask 0x%x\n", - tf->status, qc->err_mask); - ata_scsi_set_sense(dev, cmd, ABORTED_COMMAND, 0, 0); return; } + + /* Could not decode error */ + ata_dev_warn(dev, + "Could not decode error 0x%x, status 0x%x (err_mask=0x%x)\n", + tf->error, tf->status, qc->err_mask); +aborted: + ata_scsi_set_sense(dev, cmd, ABORTED_COMMAND, 0, 0); } void ata_scsi_sdev_config(struct scsi_device *sdev)

2 months, 3 weeks

2
1
0 0

+ mm-damon-core-prevent-unnecessary-overflow-in-damos_set_effective_quota.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/damon/core: prevent unnecessary overflow in damos_set_effective_quota() has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-damon-core-prevent-unnecessary-overflow-in-damos_set_effective_quota.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Quanmin Yan <yanquanmin1(a)huawei.com> Subject: mm/damon/core: prevent unnecessary overflow in damos_set_effective_quota() Date: Thu, 21 Aug 2025 20:55:55 +0800 On 32-bit systems, the throughput calculation in damos_set_effective_quota() is prone to unnecessary multiplication overflow. Using mult_frac() to fix it. Andrew Paniakin also recently found and privately reported this issue, on 64 bit systems. This can also happen on 64-bit systems, once the charged size exceeds ~17 TiB. On systems running for long time in production, this issue can actually happen. More specifically, when a DAMOS scheme having the time quota run for longtime, throughput calculation can overflow and set esz too small. As a result, speed of the scheme get unexpectedly slow. Link: https://lkml.kernel.org/r/20250821125555.3020951-1-yanquanmin1@huawei.com Fixes: 1cd243030059 ("mm/damon/schemes: implement time quota") Signed-off-by: Quanmin Yan <yanquanmin1(a)huawei.com> Reported-by: Andrew Paniakin <apanyaki(a)amazon.com> Reviewed-by: SeongJae Park <sj(a)kernel.org> Cc: Kefeng Wang <wangkefeng.wang(a)huawei.com> Cc: ze zuo <zuoze1(a)huawei.com> Cc: <stable(a)vger.kernel.org> [5.16+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/damon/core.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- a/mm/damon/core.c~mm-damon-core-prevent-unnecessary-overflow-in-damos_set_effective_quota +++ a/mm/damon/core.c @@ -2073,8 +2073,8 @@ static void damos_set_effective_quota(st if (quota->ms) { if (quota->total_charged_ns) - throughput = quota->total_charged_sz * 1000000 / - quota->total_charged_ns; + throughput = mult_frac(quota->total_charged_sz, 1000000, + quota->total_charged_ns); else throughput = PAGE_SIZE * 1024; esz = min(throughput * quota->ms, esz); _ Patches currently in -mm which might be from yanquanmin1(a)huawei.com are mm-damon-core-prevent-unnecessary-overflow-in-damos_set_effective_quota.patch

2 months, 3 weeks

1
0
0 0

+ kasan-fix-gcc-mem-intrinsic-prefix-with-sw-tags.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: kasan: fix GCC mem-intrinsic prefix with sw tags has been added to the -mm mm-hotfixes-unstable branch. Its filename is kasan-fix-gcc-mem-intrinsic-prefix-with-sw-tags.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Ada Couprie Diaz <ada.coupriediaz(a)arm.com> Subject: kasan: fix GCC mem-intrinsic prefix with sw tags Date: Thu, 21 Aug 2025 13:07:35 +0100 GCC doesn't support "hwasan-kernel-mem-intrinsic-prefix", only "asan-kernel-mem-intrinsic-prefix"[0], while LLVM supports both. This is already taken into account when checking "CONFIG_CC_HAS_KASAN_MEMINTRINSIC_PREFIX", but not in the KASAN Makefile adding those parameters when "CONFIG_KASAN_SW_TAGS" is enabled. Replace the version check with "CONFIG_CC_HAS_KASAN_MEMINTRINSIC_PREFIX", which already validates that mem-intrinsic prefix parameter can be used, and choose the correct name depending on compiler. GCC 13 and above trigger "CONFIG_CC_HAS_KASAN_MEMINTRINSIC_PREFIX" which prevents `mem{cpy,move,set}()` being redefined in "mm/kasan/shadow.c" since commit 36be5cba99f6 ("kasan: treat meminstrinsic as builtins in uninstrumented files"), as we expect the compiler to prefix those calls with `__(hw)asan_` instead. But as the option passed to GCC has been incorrect, the compiler has not been emitting those prefixes, effectively never calling the instrumented versions of `mem{cpy,move,set}()` with "CONFIG_KASAN_SW_TAGS" enabled. If "CONFIG_FORTIFY_SOURCES" is enabled, this issue would be mitigated as it redefines `mem{cpy,move,set}()` and properly aliases the `__underlying_mem*()` that will be called to the instrumented versions. [0]: https://gcc.gnu.org/onlinedocs/gcc-13.4.0/gcc/Optimize-Options.html Link: https://lkml.kernel.org/r/20250821120735.156244-1-ada.coupriediaz@arm.com Signed-off-by: Ada Couprie Diaz <ada.coupriediaz(a)arm.com> Fixes: 36be5cba99f6 ("kasan: treat meminstrinsic as builtins in uninstrumented files") Reviewed-by: Yeoreum Yun <yeoreum.yun(a)arm.com> Cc: Alexander Potapenko <glider(a)google.com> Cc: Andrey Konovalov <andreyknvl(a)gmail.com> Cc: Andrey Ryabinin <ryabinin.a.a(a)gmail.com> Cc: Dmitriy Vyukov <dvyukov(a)google.com> Cc: Marco Elver <elver(a)google.com> Cc: Marc Rutland <mark.rutland(a)arm.com> Cc: Michael Ellerman <mpe(a)ellerman.id.au> Cc: Nathan Chancellor <nathan(a)kernel.org> Cc: Vincenzo Frascino <vincenzo.frascino(a)arm.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- scripts/Makefile.kasan | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) --- a/scripts/Makefile.kasan~kasan-fix-gcc-mem-intrinsic-prefix-with-sw-tags +++ a/scripts/Makefile.kasan @@ -86,10 +86,14 @@ kasan_params += hwasan-instrument-stack= hwasan-use-short-granules=0 \ hwasan-inline-all-checks=0 -# Instrument memcpy/memset/memmove calls by using instrumented __hwasan_mem*(). -ifeq ($(call clang-min-version, 150000)$(call gcc-min-version, 130000),y) - kasan_params += hwasan-kernel-mem-intrinsic-prefix=1 -endif +# Instrument memcpy/memset/memmove calls by using instrumented __(hw)asan_mem*(). +ifdef CONFIG_CC_HAS_KASAN_MEMINTRINSIC_PREFIX + ifdef CONFIG_CC_IS_GCC + kasan_params += asan-kernel-mem-intrinsic-prefix=1 + else + kasan_params += hwasan-kernel-mem-intrinsic-prefix=1 + endif +endif # CONFIG_CC_HAS_KASAN_MEMINTRINSIC_PREFIX endif # CONFIG_KASAN_SW_TAGS _ Patches currently in -mm which might be from ada.coupriediaz(a)arm.com are kasan-fix-gcc-mem-intrinsic-prefix-with-sw-tags.patch

2 months, 3 weeks

1
0
0 0

[PATCH bpf v1] bpf: Drop rqspinlock usage in ringbuf

by Kumar Kartikeya Dwivedi

We noticed potential lock ups and delays in progs running in NMI context with the rqspinlock changes, which suggests more improvements need to be made before we can support ring buffer updates in such a context safely. Revert the change for now. Reported-by: Josef Bacik <josef(a)toxicpanda.com> Cc: stable(a)vger.kernel.org Fixes: a650d38915c1 ("bpf: Convert ringbuf map to rqspinlock") Signed-off-by: Kumar Kartikeya Dwivedi <memxor(a)gmail.com> --- kernel/bpf/ringbuf.c | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/kernel/bpf/ringbuf.c b/kernel/bpf/ringbuf.c index 719d73299397..1499d8caa9a3 100644 --- a/kernel/bpf/ringbuf.c +++ b/kernel/bpf/ringbuf.c @@ -11,7 +11,6 @@ #include <linux/kmemleak.h> #include <uapi/linux/btf.h> #include <linux/btf_ids.h> -#include <asm/rqspinlock.h> #define RINGBUF_CREATE_FLAG_MASK (BPF_F_NUMA_NODE) @@ -30,7 +29,7 @@ struct bpf_ringbuf { u64 mask; struct page **pages; int nr_pages; - rqspinlock_t spinlock ____cacheline_aligned_in_smp; + raw_spinlock_t spinlock ____cacheline_aligned_in_smp; /* For user-space producer ring buffers, an atomic_t busy bit is used * to synchronize access to the ring buffers in the kernel, rather than * the spinlock that is used for kernel-producer ring buffers. This is @@ -174,7 +173,7 @@ static struct bpf_ringbuf *bpf_ringbuf_alloc(size_t data_sz, int numa_node) if (!rb) return NULL; - raw_res_spin_lock_init(&rb->spinlock); + raw_spin_lock_init(&rb->spinlock); atomic_set(&rb->busy, 0); init_waitqueue_head(&rb->waitq); init_irq_work(&rb->work, bpf_ringbuf_notify); @@ -417,8 +416,12 @@ static void *__bpf_ringbuf_reserve(struct bpf_ringbuf *rb, u64 size) cons_pos = smp_load_acquire(&rb->consumer_pos); - if (raw_res_spin_lock_irqsave(&rb->spinlock, flags)) - return NULL; + if (in_nmi()) { + if (!raw_spin_trylock_irqsave(&rb->spinlock, flags)) + return NULL; + } else { + raw_spin_lock_irqsave(&rb->spinlock, flags); + } pend_pos = rb->pending_pos; prod_pos = rb->producer_pos; @@ -443,7 +446,7 @@ static void *__bpf_ringbuf_reserve(struct bpf_ringbuf *rb, u64 size) */ if (new_prod_pos - cons_pos > rb->mask || new_prod_pos - pend_pos > rb->mask) { - raw_res_spin_unlock_irqrestore(&rb->spinlock, flags); + raw_spin_unlock_irqrestore(&rb->spinlock, flags); return NULL; } @@ -455,7 +458,7 @@ static void *__bpf_ringbuf_reserve(struct bpf_ringbuf *rb, u64 size) /* pairs with consumer's smp_load_acquire() */ smp_store_release(&rb->producer_pos, new_prod_pos); - raw_res_spin_unlock_irqrestore(&rb->spinlock, flags); + raw_spin_unlock_irqrestore(&rb->spinlock, flags); return (void *)hdr + BPF_RINGBUF_HDR_SZ; } -- 2.50.0

2 months, 3 weeks

2
1
0 0

[PATCH] media: vsp1: Export missing vsp1_isp_free_buffer symbol

by Laurent Pinchart

The vsp1_isp_free_buffer() function implemented by the vsp1 driver is part of the API exposed to the rcar-isp driver. All other symbols except that one are properly exported. Fix it. Fixes: d06c1a9f348d ("media: vsp1: Add VSPX support") Cc: stable(a)vger.kernel.org Signed-off-by: Laurent Pinchart <laurent.pinchart+renesas(a)ideasonboard.com> --- drivers/media/platform/renesas/vsp1/vsp1_vspx.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/media/platform/renesas/vsp1/vsp1_vspx.c b/drivers/media/platform/renesas/vsp1/vsp1_vspx.c index a754b92232bd..1673479be0ff 100644 --- a/drivers/media/platform/renesas/vsp1/vsp1_vspx.c +++ b/drivers/media/platform/renesas/vsp1/vsp1_vspx.c @@ -286,6 +286,7 @@ void vsp1_isp_free_buffer(struct device *dev, dma_free_coherent(bus_master, buffer_desc->size, buffer_desc->cpu_addr, buffer_desc->dma_addr); } +EXPORT_SYMBOL_GPL(vsp1_isp_free_buffer); /** * vsp1_isp_start_streaming - Start processing VSPX jobs -- Regards, Laurent Pinchart

2 months, 3 weeks

3
2
0 0

FAILED: patch "[PATCH] kbuild: userprogs: use correct linker when mixing clang and" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 936599ca514973d44a766b7376c6bbdc96b6a8cc # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082106-cheer-train-f1fd@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 936599ca514973d44a766b7376c6bbdc96b6a8cc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20Wei=C3=9Fschuh?= <thomas.weissschuh(a)linutronix.de> Date: Mon, 28 Jul 2025 15:47:37 +0200 Subject: [PATCH] kbuild: userprogs: use correct linker when mixing clang and GNU ld MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The userprogs infrastructure does not expect clang being used with GNU ld and in that case uses /usr/bin/ld for linking, not the configured $(LD). This fallback is problematic as it will break when cross-compiling. Mixing clang and GNU ld is used for example when building for SPARC64, as ld.lld is not sufficient; see Documentation/kbuild/llvm.rst. Relax the check around --ld-path so it gets used for all linkers. Fixes: dfc1b168a8c4 ("kbuild: userprogs: use correct lld when linking through clang") Cc: stable(a)vger.kernel.org Signed-off-by: Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> Reviewed-by: Nathan Chancellor <nathan(a)kernel.org> Signed-off-by: Masahiro Yamada <masahiroy(a)kernel.org> diff --git a/Makefile b/Makefile index ba0827a1fccd..f4009f7238c7 100644 --- a/Makefile +++ b/Makefile @@ -1134,7 +1134,7 @@ KBUILD_USERCFLAGS += $(filter -m32 -m64 --target=%, $(KBUILD_CPPFLAGS) $(KBUILD KBUILD_USERLDFLAGS += $(filter -m32 -m64 --target=%, $(KBUILD_CPPFLAGS) $(KBUILD_CFLAGS)) # userspace programs are linked via the compiler, use the correct linker -ifeq ($(CONFIG_CC_IS_CLANG)$(CONFIG_LD_IS_LLD),yy) +ifdef CONFIG_CC_IS_CLANG KBUILD_USERLDFLAGS += --ld-path=$(LD) endif

2 months, 3 weeks

2
1
0 0

FAILED: patch "[PATCH] kbuild: userprogs: use correct linker when mixing clang and" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 936599ca514973d44a766b7376c6bbdc96b6a8cc # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082106-geiger-canister-107c@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 936599ca514973d44a766b7376c6bbdc96b6a8cc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20Wei=C3=9Fschuh?= <thomas.weissschuh(a)linutronix.de> Date: Mon, 28 Jul 2025 15:47:37 +0200 Subject: [PATCH] kbuild: userprogs: use correct linker when mixing clang and GNU ld MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The userprogs infrastructure does not expect clang being used with GNU ld and in that case uses /usr/bin/ld for linking, not the configured $(LD). This fallback is problematic as it will break when cross-compiling. Mixing clang and GNU ld is used for example when building for SPARC64, as ld.lld is not sufficient; see Documentation/kbuild/llvm.rst. Relax the check around --ld-path so it gets used for all linkers. Fixes: dfc1b168a8c4 ("kbuild: userprogs: use correct lld when linking through clang") Cc: stable(a)vger.kernel.org Signed-off-by: Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> Reviewed-by: Nathan Chancellor <nathan(a)kernel.org> Signed-off-by: Masahiro Yamada <masahiroy(a)kernel.org> diff --git a/Makefile b/Makefile index ba0827a1fccd..f4009f7238c7 100644 --- a/Makefile +++ b/Makefile @@ -1134,7 +1134,7 @@ KBUILD_USERCFLAGS += $(filter -m32 -m64 --target=%, $(KBUILD_CPPFLAGS) $(KBUILD KBUILD_USERLDFLAGS += $(filter -m32 -m64 --target=%, $(KBUILD_CPPFLAGS) $(KBUILD_CFLAGS)) # userspace programs are linked via the compiler, use the correct linker -ifeq ($(CONFIG_CC_IS_CLANG)$(CONFIG_LD_IS_LLD),yy) +ifdef CONFIG_CC_IS_CLANG KBUILD_USERLDFLAGS += --ld-path=$(LD) endif

2 months, 3 weeks

2
1
0 0

FAILED: patch "[PATCH] kbuild: userprogs: use correct linker when mixing clang and" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 936599ca514973d44a766b7376c6bbdc96b6a8cc # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082105-sessions-superhero-9a5f@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 936599ca514973d44a766b7376c6bbdc96b6a8cc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20Wei=C3=9Fschuh?= <thomas.weissschuh(a)linutronix.de> Date: Mon, 28 Jul 2025 15:47:37 +0200 Subject: [PATCH] kbuild: userprogs: use correct linker when mixing clang and GNU ld MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The userprogs infrastructure does not expect clang being used with GNU ld and in that case uses /usr/bin/ld for linking, not the configured $(LD). This fallback is problematic as it will break when cross-compiling. Mixing clang and GNU ld is used for example when building for SPARC64, as ld.lld is not sufficient; see Documentation/kbuild/llvm.rst. Relax the check around --ld-path so it gets used for all linkers. Fixes: dfc1b168a8c4 ("kbuild: userprogs: use correct lld when linking through clang") Cc: stable(a)vger.kernel.org Signed-off-by: Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> Reviewed-by: Nathan Chancellor <nathan(a)kernel.org> Signed-off-by: Masahiro Yamada <masahiroy(a)kernel.org> diff --git a/Makefile b/Makefile index ba0827a1fccd..f4009f7238c7 100644 --- a/Makefile +++ b/Makefile @@ -1134,7 +1134,7 @@ KBUILD_USERCFLAGS += $(filter -m32 -m64 --target=%, $(KBUILD_CPPFLAGS) $(KBUILD KBUILD_USERLDFLAGS += $(filter -m32 -m64 --target=%, $(KBUILD_CPPFLAGS) $(KBUILD_CFLAGS)) # userspace programs are linked via the compiler, use the correct linker -ifeq ($(CONFIG_CC_IS_CLANG)$(CONFIG_LD_IS_LLD),yy) +ifdef CONFIG_CC_IS_CLANG KBUILD_USERLDFLAGS += --ld-path=$(LD) endif

2 months, 3 weeks

2
1
0 0

FAILED: patch "[PATCH] kbuild: userprogs: use correct linker when mixing clang and" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 936599ca514973d44a766b7376c6bbdc96b6a8cc # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082104-cosigner-parabola-3836@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 936599ca514973d44a766b7376c6bbdc96b6a8cc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20Wei=C3=9Fschuh?= <thomas.weissschuh(a)linutronix.de> Date: Mon, 28 Jul 2025 15:47:37 +0200 Subject: [PATCH] kbuild: userprogs: use correct linker when mixing clang and GNU ld MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The userprogs infrastructure does not expect clang being used with GNU ld and in that case uses /usr/bin/ld for linking, not the configured $(LD). This fallback is problematic as it will break when cross-compiling. Mixing clang and GNU ld is used for example when building for SPARC64, as ld.lld is not sufficient; see Documentation/kbuild/llvm.rst. Relax the check around --ld-path so it gets used for all linkers. Fixes: dfc1b168a8c4 ("kbuild: userprogs: use correct lld when linking through clang") Cc: stable(a)vger.kernel.org Signed-off-by: Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> Reviewed-by: Nathan Chancellor <nathan(a)kernel.org> Signed-off-by: Masahiro Yamada <masahiroy(a)kernel.org> diff --git a/Makefile b/Makefile index ba0827a1fccd..f4009f7238c7 100644 --- a/Makefile +++ b/Makefile @@ -1134,7 +1134,7 @@ KBUILD_USERCFLAGS += $(filter -m32 -m64 --target=%, $(KBUILD_CPPFLAGS) $(KBUILD KBUILD_USERLDFLAGS += $(filter -m32 -m64 --target=%, $(KBUILD_CPPFLAGS) $(KBUILD_CFLAGS)) # userspace programs are linked via the compiler, use the correct linker -ifeq ($(CONFIG_CC_IS_CLANG)$(CONFIG_LD_IS_LLD),yy) +ifdef CONFIG_CC_IS_CLANG KBUILD_USERLDFLAGS += --ld-path=$(LD) endif

2 months, 3 weeks

2
1
0 0

FAILED: patch "[PATCH] kbuild: userprogs: use correct linker when mixing clang and" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 936599ca514973d44a766b7376c6bbdc96b6a8cc # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082104-shadow-nutlike-7f81@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 936599ca514973d44a766b7376c6bbdc96b6a8cc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20Wei=C3=9Fschuh?= <thomas.weissschuh(a)linutronix.de> Date: Mon, 28 Jul 2025 15:47:37 +0200 Subject: [PATCH] kbuild: userprogs: use correct linker when mixing clang and GNU ld MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The userprogs infrastructure does not expect clang being used with GNU ld and in that case uses /usr/bin/ld for linking, not the configured $(LD). This fallback is problematic as it will break when cross-compiling. Mixing clang and GNU ld is used for example when building for SPARC64, as ld.lld is not sufficient; see Documentation/kbuild/llvm.rst. Relax the check around --ld-path so it gets used for all linkers. Fixes: dfc1b168a8c4 ("kbuild: userprogs: use correct lld when linking through clang") Cc: stable(a)vger.kernel.org Signed-off-by: Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> Reviewed-by: Nathan Chancellor <nathan(a)kernel.org> Signed-off-by: Masahiro Yamada <masahiroy(a)kernel.org> diff --git a/Makefile b/Makefile index ba0827a1fccd..f4009f7238c7 100644 --- a/Makefile +++ b/Makefile @@ -1134,7 +1134,7 @@ KBUILD_USERCFLAGS += $(filter -m32 -m64 --target=%, $(KBUILD_CPPFLAGS) $(KBUILD KBUILD_USERLDFLAGS += $(filter -m32 -m64 --target=%, $(KBUILD_CPPFLAGS) $(KBUILD_CFLAGS)) # userspace programs are linked via the compiler, use the correct linker -ifeq ($(CONFIG_CC_IS_CLANG)$(CONFIG_LD_IS_LLD),yy) +ifdef CONFIG_CC_IS_CLANG KBUILD_USERLDFLAGS += --ld-path=$(LD) endif

2 months, 3 weeks

2
1
0 0

FAILED: patch "[PATCH] ata: Fix SATA_MOBILE_LPM_POLICY description in Kconfig" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x ed62a62a18bc144f73eadf866ae46842e8f6606e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082138-collected-demeaning-2359@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ed62a62a18bc144f73eadf866ae46842e8f6606e Mon Sep 17 00:00:00 2001 From: Damien Le Moal <dlemoal(a)kernel.org> Date: Wed, 18 Jun 2025 16:25:19 +0900 Subject: [PATCH] ata: Fix SATA_MOBILE_LPM_POLICY description in Kconfig Improve the description of the possible default SATA link power management policies and add the missing description for policy 5. No functional changes. Fixes: a5ec5a7bfd1f ("ata: ahci: Support state with min power but Partial low power state") Cc: stable(a)vger.kernel.org Signed-off-by: Damien Le Moal <dlemoal(a)kernel.org> Reviewed-by: Hannes Reinecke <hare(a)suse.de> Reviewed-by: Niklas Cassel <cassel(a)kernel.org> diff --git a/drivers/ata/Kconfig b/drivers/ata/Kconfig index e00536b49552..120a2b7067fc 100644 --- a/drivers/ata/Kconfig +++ b/drivers/ata/Kconfig @@ -117,23 +117,39 @@ config SATA_AHCI config SATA_MOBILE_LPM_POLICY int "Default SATA Link Power Management policy" - range 0 4 + range 0 5 default 3 depends on SATA_AHCI help Select the Default SATA Link Power Management (LPM) policy to use for chipsets / "South Bridges" supporting low-power modes. Such chipsets are ubiquitous across laptops, desktops and servers. + Each policy combines power saving states and features: + - Partial: The Phy logic is powered but is in a reduced power + state. The exit latency from this state is no longer than + 10us). + - Slumber: The Phy logic is powered but is in an even lower power + state. The exit latency from this state is potentially + longer, but no longer than 10ms. + - DevSleep: The Phy logic may be powered down. The exit latency from + this state is no longer than 20 ms, unless otherwise + specified by DETO in the device Identify Device Data log. + - HIPM: Host Initiated Power Management (host automatically + transitions to partial and slumber). + - DIPM: Device Initiated Power Management (device automatically + transitions to partial and slumber). - The value set has the following meanings: + The possible values for the default SATA link power management + policies are: 0 => Keep firmware settings - 1 => Maximum performance - 2 => Medium power - 3 => Medium power with Device Initiated PM enabled - 4 => Minimum power + 1 => No power savings (maximum performance) + 2 => HIPM (Partial) + 3 => HIPM (Partial) and DIPM (Partial and Slumber) + 4 => HIPM (Partial and DevSleep) and DIPM (Partial and Slumber) + 5 => HIPM (Slumber and DevSleep) and DIPM (Partial and Slumber) - Note "Minimum power" is known to cause issues, including disk - corruption, with some disks and should not be used. + Excluding the value 0, higher values represent policies with higher + power savings. config SATA_AHCI_PLATFORM tristate "Platform AHCI SATA support"

2 months, 3 weeks

2
1
0 0

FAILED: patch "[PATCH] ata: Fix SATA_MOBILE_LPM_POLICY description in Kconfig" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x ed62a62a18bc144f73eadf866ae46842e8f6606e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082138-moustache-breezy-3b73@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ed62a62a18bc144f73eadf866ae46842e8f6606e Mon Sep 17 00:00:00 2001 From: Damien Le Moal <dlemoal(a)kernel.org> Date: Wed, 18 Jun 2025 16:25:19 +0900 Subject: [PATCH] ata: Fix SATA_MOBILE_LPM_POLICY description in Kconfig Improve the description of the possible default SATA link power management policies and add the missing description for policy 5. No functional changes. Fixes: a5ec5a7bfd1f ("ata: ahci: Support state with min power but Partial low power state") Cc: stable(a)vger.kernel.org Signed-off-by: Damien Le Moal <dlemoal(a)kernel.org> Reviewed-by: Hannes Reinecke <hare(a)suse.de> Reviewed-by: Niklas Cassel <cassel(a)kernel.org> diff --git a/drivers/ata/Kconfig b/drivers/ata/Kconfig index e00536b49552..120a2b7067fc 100644 --- a/drivers/ata/Kconfig +++ b/drivers/ata/Kconfig @@ -117,23 +117,39 @@ config SATA_AHCI config SATA_MOBILE_LPM_POLICY int "Default SATA Link Power Management policy" - range 0 4 + range 0 5 default 3 depends on SATA_AHCI help Select the Default SATA Link Power Management (LPM) policy to use for chipsets / "South Bridges" supporting low-power modes. Such chipsets are ubiquitous across laptops, desktops and servers. + Each policy combines power saving states and features: + - Partial: The Phy logic is powered but is in a reduced power + state. The exit latency from this state is no longer than + 10us). + - Slumber: The Phy logic is powered but is in an even lower power + state. The exit latency from this state is potentially + longer, but no longer than 10ms. + - DevSleep: The Phy logic may be powered down. The exit latency from + this state is no longer than 20 ms, unless otherwise + specified by DETO in the device Identify Device Data log. + - HIPM: Host Initiated Power Management (host automatically + transitions to partial and slumber). + - DIPM: Device Initiated Power Management (device automatically + transitions to partial and slumber). - The value set has the following meanings: + The possible values for the default SATA link power management + policies are: 0 => Keep firmware settings - 1 => Maximum performance - 2 => Medium power - 3 => Medium power with Device Initiated PM enabled - 4 => Minimum power + 1 => No power savings (maximum performance) + 2 => HIPM (Partial) + 3 => HIPM (Partial) and DIPM (Partial and Slumber) + 4 => HIPM (Partial and DevSleep) and DIPM (Partial and Slumber) + 5 => HIPM (Slumber and DevSleep) and DIPM (Partial and Slumber) - Note "Minimum power" is known to cause issues, including disk - corruption, with some disks and should not be used. + Excluding the value 0, higher values represent policies with higher + power savings. config SATA_AHCI_PLATFORM tristate "Platform AHCI SATA support"

2 months, 3 weeks

2
1
0 0

[PATCH v3] mm/damon/core: set quota->charged_from to jiffies at first charge window

by Sang-Heon Jeon

Kernel initialize "jiffies" timer as 5 minutes below zero, as shown in include/linux/jiffies.h /* * Have the 32 bit jiffies value wrap 5 minutes after boot * so jiffies wrap bugs show up earlier. */ #define INITIAL_JIFFIES ((unsigned long)(unsigned int) (-300*HZ)) And jiffies comparison help functions cast unsigned value to signed to cover wraparound #define time_after_eq(a,b) \ (typecheck(unsigned long, a) && \ typecheck(unsigned long, b) && \ ((long)((a) - (b)) >= 0)) When quota->charged_from is initialized to 0, time_after_eq() can incorrectly return FALSE even after reset_interval has elapsed. This occurs when (jiffies - reset_interval) produces a value with MSB=1, which is interpreted as negative in signed arithmetic. This issue primarily affects 32-bit systems because: On 64-bit systems: MSB=1 values occur after ~292 million years from boot (assuming HZ=1000), almost impossible. On 32-bit systems: MSB=1 values occur during the first 5 minutes after boot, and the second half of every jiffies wraparound cycle, starting from day 25 (assuming HZ=1000) When above unexpected FALSE return from time_after_eq() occurs, the charging window will not reset. The user impact depends on esz value at that time. If esz is 0, scheme ignores configured quotas and runs without any limits. If esz is not 0, scheme stops working once the quota is exhausted. It remains until the charging window finally resets. So, change quota->charged_from to jiffies at damos_adjust_quota() when it is considered as the first charge window. By this change, we can avoid unexpected FALSE return from time_after_eq() Fixes: 2b8a248d5873 ("mm/damon/schemes: implement size quota for schemes application speed control") # 5.16 Cc: stable(a)vger.kernel.org Signed-off-by: Sang-Heon Jeon <ekffu200098(a)gmail.com> --- Changes from v2 [2] - remove unnecessary example about time_after_eq() - remove description of unexpected reset of quota->charged_from - clarify user impacts and when bug happens Changes from v1 [1] - not change current default value of quota->charged_from - set quota->charged_from when it is consider first charge below - add more description of jiffies and wraparound example to commit messages [1] https://lore.kernel.org/damon/20250818183803.1450539-1-ekffu200098@gmail.co… [2] https://lore.kernel.org/damon/20250819150123.1532458-1-ekffu200098@gmail.co… --- mm/damon/core.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/mm/damon/core.c b/mm/damon/core.c index cb41fddca78c..93bad6d0da5b 100644 --- a/mm/damon/core.c +++ b/mm/damon/core.c @@ -2130,6 +2130,10 @@ static void damos_adjust_quota(struct damon_ctx *c, struct damos *s) if (!quota->ms && !quota->sz && list_empty(&quota->goals)) return; + /* First charge window */ + if (!quota->total_charged_sz && !quota->charged_from) + quota->charged_from = jiffies; + /* New charge window starts */ if (time_after_eq(jiffies, quota->charged_from + msecs_to_jiffies(quota->reset_interval))) { -- 2.43.0

2 months, 3 weeks

2
2
0 0

FAILED: patch "[PATCH] ata: Fix SATA_MOBILE_LPM_POLICY description in Kconfig" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x ed62a62a18bc144f73eadf866ae46842e8f6606e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082137-platypus-ditzy-1762@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ed62a62a18bc144f73eadf866ae46842e8f6606e Mon Sep 17 00:00:00 2001 From: Damien Le Moal <dlemoal(a)kernel.org> Date: Wed, 18 Jun 2025 16:25:19 +0900 Subject: [PATCH] ata: Fix SATA_MOBILE_LPM_POLICY description in Kconfig Improve the description of the possible default SATA link power management policies and add the missing description for policy 5. No functional changes. Fixes: a5ec5a7bfd1f ("ata: ahci: Support state with min power but Partial low power state") Cc: stable(a)vger.kernel.org Signed-off-by: Damien Le Moal <dlemoal(a)kernel.org> Reviewed-by: Hannes Reinecke <hare(a)suse.de> Reviewed-by: Niklas Cassel <cassel(a)kernel.org> diff --git a/drivers/ata/Kconfig b/drivers/ata/Kconfig index e00536b49552..120a2b7067fc 100644 --- a/drivers/ata/Kconfig +++ b/drivers/ata/Kconfig @@ -117,23 +117,39 @@ config SATA_AHCI config SATA_MOBILE_LPM_POLICY int "Default SATA Link Power Management policy" - range 0 4 + range 0 5 default 3 depends on SATA_AHCI help Select the Default SATA Link Power Management (LPM) policy to use for chipsets / "South Bridges" supporting low-power modes. Such chipsets are ubiquitous across laptops, desktops and servers. + Each policy combines power saving states and features: + - Partial: The Phy logic is powered but is in a reduced power + state. The exit latency from this state is no longer than + 10us). + - Slumber: The Phy logic is powered but is in an even lower power + state. The exit latency from this state is potentially + longer, but no longer than 10ms. + - DevSleep: The Phy logic may be powered down. The exit latency from + this state is no longer than 20 ms, unless otherwise + specified by DETO in the device Identify Device Data log. + - HIPM: Host Initiated Power Management (host automatically + transitions to partial and slumber). + - DIPM: Device Initiated Power Management (device automatically + transitions to partial and slumber). - The value set has the following meanings: + The possible values for the default SATA link power management + policies are: 0 => Keep firmware settings - 1 => Maximum performance - 2 => Medium power - 3 => Medium power with Device Initiated PM enabled - 4 => Minimum power + 1 => No power savings (maximum performance) + 2 => HIPM (Partial) + 3 => HIPM (Partial) and DIPM (Partial and Slumber) + 4 => HIPM (Partial and DevSleep) and DIPM (Partial and Slumber) + 5 => HIPM (Slumber and DevSleep) and DIPM (Partial and Slumber) - Note "Minimum power" is known to cause issues, including disk - corruption, with some disks and should not be used. + Excluding the value 0, higher values represent policies with higher + power savings. config SATA_AHCI_PLATFORM tristate "Platform AHCI SATA support"

2 months, 3 weeks

2
1
0 0

FAILED: patch "[PATCH] bus: mhi: host: Detect events pointing to unexpected TREs" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 5bd398e20f0833ae8a1267d4f343591a2dd20185 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082132-hurricane-stank-2ae5@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 5bd398e20f0833ae8a1267d4f343591a2dd20185 Mon Sep 17 00:00:00 2001 From: Youssef Samir <quic_yabdulra(a)quicinc.com> Date: Mon, 14 Jul 2025 18:30:39 +0200 Subject: [PATCH] bus: mhi: host: Detect events pointing to unexpected TREs When a remote device sends a completion event to the host, it contains a pointer to the consumed TRE. The host uses this pointer to process all of the TREs between it and the host's local copy of the ring's read pointer. This works when processing completion for chained transactions, but can lead to nasty results if the device sends an event for a single-element transaction with a read pointer that is multiple elements ahead of the host's read pointer. For instance, if the host accesses an event ring while the device is updating it, the pointer inside of the event might still point to an old TRE. If the host uses the channel's xfer_cb() to directly free the buffer pointed to by the TRE, the buffer will be double-freed. This behavior was observed on an ep that used upstream EP stack without 'commit 6f18d174b73d ("bus: mhi: ep: Update read pointer only after buffer is written")'. Where the device updated the events ring pointer before updating the event contents, so it left a window where the host was able to access the stale data the event pointed to, before the device had the chance to update them. The usual pattern was that the host received an event pointing to a TRE that is not immediately after the last processed one, so it got treated as if it was a chained transaction, processing all of the TREs in between the two read pointers. This commit aims to harden the host by ensuring transactions where the event points to a TRE that isn't local_rp + 1 are chained. Fixes: 1d3173a3bae7 ("bus: mhi: core: Add support for processing events from client device") Signed-off-by: Youssef Samir <quic_yabdulra(a)quicinc.com> [mani: added stable tag and reworded commit message] Signed-off-by: Manivannan Sadhasivam <mani(a)kernel.org> Reviewed-by: Jeff Hugo <jeff.hugo(a)oss.qualcomm.com> Cc: stable(a)vger.kernel.org Link: https://patch.msgid.link/20250714163039.3438985-1-quic_yabdulra@quicinc.com diff --git a/drivers/bus/mhi/host/main.c b/drivers/bus/mhi/host/main.c index 3041ee6747e3..52bef663e182 100644 --- a/drivers/bus/mhi/host/main.c +++ b/drivers/bus/mhi/host/main.c @@ -602,7 +602,7 @@ static int parse_xfer_event(struct mhi_controller *mhi_cntrl, { dma_addr_t ptr = MHI_TRE_GET_EV_PTR(event); struct mhi_ring_element *local_rp, *ev_tre; - void *dev_rp; + void *dev_rp, *next_rp; struct mhi_buf_info *buf_info; u16 xfer_len; @@ -621,6 +621,16 @@ static int parse_xfer_event(struct mhi_controller *mhi_cntrl, result.dir = mhi_chan->dir; local_rp = tre_ring->rp; + + next_rp = local_rp + 1; + if (next_rp >= tre_ring->base + tre_ring->len) + next_rp = tre_ring->base; + if (dev_rp != next_rp && !MHI_TRE_DATA_GET_CHAIN(local_rp)) { + dev_err(&mhi_cntrl->mhi_dev->dev, + "Event element points to an unexpected TRE\n"); + break; + } + while (local_rp != dev_rp) { buf_info = buf_ring->rp; /* If it's the last TRE, get length from the event */

2 months, 3 weeks

2
1
0 0

FAILED: patch "[PATCH] usb: dwc3: imx8mp: fix device leak at unbind" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 086a0e516f7b3844e6328a5c69e2708b66b0ce18 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082121-magician-conceal-4df0@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 086a0e516f7b3844e6328a5c69e2708b66b0ce18 Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan(a)kernel.org> Date: Thu, 24 Jul 2025 11:19:06 +0200 Subject: [PATCH] usb: dwc3: imx8mp: fix device leak at unbind Make sure to drop the reference to the dwc3 device taken by of_find_device_by_node() on probe errors and on driver unbind. Fixes: 6dd2565989b4 ("usb: dwc3: add imx8mp dwc3 glue layer driver") Cc: stable(a)vger.kernel.org # 5.12 Cc: Li Jun <jun.li(a)nxp.com> Signed-off-by: Johan Hovold <johan(a)kernel.org> Link: https://lore.kernel.org/r/20250724091910.21092-2-johan@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/dwc3/dwc3-imx8mp.c b/drivers/usb/dwc3/dwc3-imx8mp.c index 3edc5aca76f9..bce6af82f54c 100644 --- a/drivers/usb/dwc3/dwc3-imx8mp.c +++ b/drivers/usb/dwc3/dwc3-imx8mp.c @@ -244,7 +244,7 @@ static int dwc3_imx8mp_probe(struct platform_device *pdev) IRQF_ONESHOT, dev_name(dev), dwc3_imx); if (err) { dev_err(dev, "failed to request IRQ #%d --> %d\n", irq, err); - goto depopulate; + goto put_dwc3; } device_set_wakeup_capable(dev, true); @@ -252,6 +252,8 @@ static int dwc3_imx8mp_probe(struct platform_device *pdev) return 0; +put_dwc3: + put_device(&dwc3_imx->dwc3->dev); depopulate: of_platform_depopulate(dev); remove_swnode: @@ -265,8 +267,11 @@ static int dwc3_imx8mp_probe(struct platform_device *pdev) static void dwc3_imx8mp_remove(struct platform_device *pdev) { + struct dwc3_imx8mp *dwc3_imx = platform_get_drvdata(pdev); struct device *dev = &pdev->dev; + put_device(&dwc3_imx->dwc3->dev); + pm_runtime_get_sync(dev); of_platform_depopulate(dev); device_remove_software_node(dev);

2 months, 3 weeks

2
1
0 0

[PATCH v2 1/3] PCI: Relaxed tail alignment should never increase min_align

by Ilpo Järvinen

When using relaxed tail alignment for the bridge window, pbus_size_mem() also tries to minimize min_align, which can under certain scenarios end up increasing min_align from that found by calculate_mem_align(). Ensure min_align is not increased by the relaxed tail alignment. Eventually, it would be better to add calculate_relaxed_head_align() similar to calculate_mem_align() which finds out what alignment can be used for the head without introducing any gaps into the bridge window to give flexibility on head address too. But that looks relatively complex algorithm so it requires much more testing than fixing the immediate problem causing a regression. Fixes: 67f9085596ee ("PCI: Allow relaxed bridge window tail sizing for optional resources") Reported-by: Rio <rio(a)r26.me> Tested-by: Rio <rio(a)r26.me> Signed-off-by: Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> Cc: <stable(a)vger.kernel.org> --- drivers/pci/setup-bus.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/drivers/pci/setup-bus.c b/drivers/pci/setup-bus.c index 07c3d021a47e..f90d49cd07da 100644 --- a/drivers/pci/setup-bus.c +++ b/drivers/pci/setup-bus.c @@ -1169,6 +1169,7 @@ static int pbus_size_mem(struct pci_bus *bus, unsigned long mask, resource_size_t children_add_size = 0; resource_size_t children_add_align = 0; resource_size_t add_align = 0; + resource_size_t relaxed_align; if (!b_res) return -ENOSPC; @@ -1246,8 +1247,9 @@ static int pbus_size_mem(struct pci_bus *bus, unsigned long mask, if (bus->self && size0 && !pbus_upstream_space_available(bus, mask | IORESOURCE_PREFETCH, type, size0, min_align)) { - min_align = 1ULL << (max_order + __ffs(SZ_1M)); - min_align = max(min_align, win_align); + relaxed_align = 1ULL << (max_order + __ffs(SZ_1M)); + relaxed_align = max(relaxed_align, win_align); + min_align = min(min_align, relaxed_align); size0 = calculate_memsize(size, min_size, 0, 0, resource_size(b_res), win_align); pci_info(bus->self, "bridge window %pR to %pR requires relaxed alignment rules\n", b_res, &bus->busn_res); @@ -1261,8 +1263,9 @@ static int pbus_size_mem(struct pci_bus *bus, unsigned long mask, if (bus->self && size1 && !pbus_upstream_space_available(bus, mask | IORESOURCE_PREFETCH, type, size1, add_align)) { - min_align = 1ULL << (max_order + __ffs(SZ_1M)); - min_align = max(min_align, win_align); + relaxed_align = 1ULL << (max_order + __ffs(SZ_1M)); + relaxed_align = max(min_align, win_align); + min_align = min(min_align, relaxed_align); size1 = calculate_memsize(size, min_size, add_size, children_add_size, resource_size(b_res), win_align); pci_info(bus->self, -- 2.39.5

2 months, 3 weeks

3
7
0 0

[PATCH 5.10.y] gpio: rcar: Use raw_spinlock to protect register access

by Prabhakar

From: Niklas Söderlund <niklas.soderlund+renesas(a)ragnatech.se> commit f02c41f87cfe61440c18bf77d1ef0a884b9ee2b5 upstream. Use raw_spinlock in order to fix spurious messages about invalid context when spinlock debugging is enabled. The lock is only used to serialize register access. [ 4.239592] ============================= [ 4.239595] [ BUG: Invalid wait context ] [ 4.239599] 6.13.0-rc7-arm64-renesas-05496-gd088502a519f #35 Not tainted [ 4.239603] ----------------------------- [ 4.239606] kworker/u8:5/76 is trying to lock: [ 4.239609] ffff0000091898a0 (&p->lock){....}-{3:3}, at: gpio_rcar_config_interrupt_input_mode+0x34/0x164 [ 4.239641] other info that might help us debug this: [ 4.239643] context-{5:5} [ 4.239646] 5 locks held by kworker/u8:5/76: [ 4.239651] #0: ffff0000080fb148 ((wq_completion)async){+.+.}-{0:0}, at: process_one_work+0x190/0x62c [ 4.250180] OF: /soc/sound@ec500000/ports/port@0/endpoint: Read of boolean property 'frame-master' with a value. [ 4.254094] #1: ffff80008299bd80 ((work_completion)(&entry->work)){+.+.}-{0:0}, at: process_one_work+0x1b8/0x62c [ 4.254109] #2: ffff00000920c8f8 [ 4.258345] OF: /soc/sound@ec500000/ports/port@1/endpoint: Read of boolean property 'bitclock-master' with a value. [ 4.264803] (&dev->mutex){....}-{4:4}, at: __device_attach_async_helper+0x3c/0xdc [ 4.264820] #3: ffff00000a50ca40 (request_class#2){+.+.}-{4:4}, at: __setup_irq+0xa0/0x690 [ 4.264840] #4: [ 4.268872] OF: /soc/sound@ec500000/ports/port@1/endpoint: Read of boolean property 'frame-master' with a value. [ 4.273275] ffff00000a50c8c8 (lock_class){....}-{2:2}, at: __setup_irq+0xc4/0x690 [ 4.296130] renesas_sdhi_internal_dmac ee100000.mmc: mmc1 base at 0x00000000ee100000, max clock rate 200 MHz [ 4.304082] stack backtrace: [ 4.304086] CPU: 1 UID: 0 PID: 76 Comm: kworker/u8:5 Not tainted 6.13.0-rc7-arm64-renesas-05496-gd088502a519f #35 [ 4.304092] Hardware name: Renesas Salvator-X 2nd version board based on r8a77965 (DT) [ 4.304097] Workqueue: async async_run_entry_fn [ 4.304106] Call trace: [ 4.304110] show_stack+0x14/0x20 (C) [ 4.304122] dump_stack_lvl+0x6c/0x90 [ 4.304131] dump_stack+0x14/0x1c [ 4.304138] __lock_acquire+0xdfc/0x1584 [ 4.426274] lock_acquire+0x1c4/0x33c [ 4.429942] _raw_spin_lock_irqsave+0x5c/0x80 [ 4.434307] gpio_rcar_config_interrupt_input_mode+0x34/0x164 [ 4.440061] gpio_rcar_irq_set_type+0xd4/0xd8 [ 4.444422] __irq_set_trigger+0x5c/0x178 [ 4.448435] __setup_irq+0x2e4/0x690 [ 4.452012] request_threaded_irq+0xc4/0x190 [ 4.456285] devm_request_threaded_irq+0x7c/0xf4 [ 4.459398] ata1: link resume succeeded after 1 retries [ 4.460902] mmc_gpiod_request_cd_irq+0x68/0xe0 [ 4.470660] mmc_start_host+0x50/0xac [ 4.474327] mmc_add_host+0x80/0xe4 [ 4.477817] tmio_mmc_host_probe+0x2b0/0x440 [ 4.482094] renesas_sdhi_probe+0x488/0x6f4 [ 4.486281] renesas_sdhi_internal_dmac_probe+0x60/0x78 [ 4.491509] platform_probe+0x64/0xd8 [ 4.495178] really_probe+0xb8/0x2a8 [ 4.498756] __driver_probe_device+0x74/0x118 [ 4.503116] driver_probe_device+0x3c/0x154 [ 4.507303] __device_attach_driver+0xd4/0x160 [ 4.511750] bus_for_each_drv+0x84/0xe0 [ 4.515588] __device_attach_async_helper+0xb0/0xdc [ 4.520470] async_run_entry_fn+0x30/0xd8 [ 4.524481] process_one_work+0x210/0x62c [ 4.528494] worker_thread+0x1ac/0x340 [ 4.532245] kthread+0x10c/0x110 [ 4.535476] ret_from_fork+0x10/0x20 Signed-off-by: Niklas Söderlund <niklas.soderlund+renesas(a)ragnatech.se> Reviewed-by: Geert Uytterhoeven <geert+renesas(a)glider.be> Tested-by: Geert Uytterhoeven <geert+renesas(a)glider.be> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20250121135833.3769310-1-niklas.soderlund+renesas… Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> [PL: manullay applied the changes] Signed-off-by: Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> Reviewed-by: Pavel Machek <pavel(a)denx.de> # for 5.10-stable --- Hi all, Sending this patch to stable linux-5.10.y as requested by Pavel [0], so that this can be included into CIP kernel. Ive added a reviewed-by tag for Pavel which was provided here [0]. Similar patch is already present in linux-6.1.y and later: - https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/dri… - https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/dri… [0] https://lore.kernel.org/all/aKb38+2Q49y8kzBl@duo.ucw.cz/ Cheers, Prabhakar --- drivers/gpio/gpio-rcar.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/drivers/gpio/gpio-rcar.c b/drivers/gpio/gpio-rcar.c index 80bf2a84f296..d5db55d78304 100644 --- a/drivers/gpio/gpio-rcar.c +++ b/drivers/gpio/gpio-rcar.c @@ -34,7 +34,7 @@ struct gpio_rcar_bank_info { struct gpio_rcar_priv { void __iomem *base; - spinlock_t lock; + raw_spinlock_t lock; struct device *dev; struct gpio_chip gpio_chip; struct irq_chip irq_chip; @@ -114,7 +114,7 @@ static void gpio_rcar_config_interrupt_input_mode(struct gpio_rcar_priv *p, * "Setting Level-Sensitive Interrupt Input Mode" */ - spin_lock_irqsave(&p->lock, flags); + raw_spin_lock_irqsave(&p->lock, flags); /* Configure positive or negative logic in POSNEG */ gpio_rcar_modify_bit(p, POSNEG, hwirq, !active_high_rising_edge); @@ -133,7 +133,7 @@ static void gpio_rcar_config_interrupt_input_mode(struct gpio_rcar_priv *p, if (!level_trigger) gpio_rcar_write(p, INTCLR, BIT(hwirq)); - spin_unlock_irqrestore(&p->lock, flags); + raw_spin_unlock_irqrestore(&p->lock, flags); } static int gpio_rcar_irq_set_type(struct irq_data *d, unsigned int type) @@ -226,7 +226,7 @@ static void gpio_rcar_config_general_input_output_mode(struct gpio_chip *chip, * "Setting General Input Mode" */ - spin_lock_irqsave(&p->lock, flags); + raw_spin_lock_irqsave(&p->lock, flags); /* Configure positive logic in POSNEG */ gpio_rcar_modify_bit(p, POSNEG, gpio, false); @@ -241,7 +241,7 @@ static void gpio_rcar_config_general_input_output_mode(struct gpio_chip *chip, if (p->has_outdtsel && output) gpio_rcar_modify_bit(p, OUTDTSEL, gpio, false); - spin_unlock_irqrestore(&p->lock, flags); + raw_spin_unlock_irqrestore(&p->lock, flags); } static int gpio_rcar_request(struct gpio_chip *chip, unsigned offset) @@ -310,9 +310,9 @@ static void gpio_rcar_set(struct gpio_chip *chip, unsigned offset, int value) struct gpio_rcar_priv *p = gpiochip_get_data(chip); unsigned long flags; - spin_lock_irqsave(&p->lock, flags); + raw_spin_lock_irqsave(&p->lock, flags); gpio_rcar_modify_bit(p, OUTDT, offset, value); - spin_unlock_irqrestore(&p->lock, flags); + raw_spin_unlock_irqrestore(&p->lock, flags); } static void gpio_rcar_set_multiple(struct gpio_chip *chip, unsigned long *mask, @@ -329,12 +329,12 @@ static void gpio_rcar_set_multiple(struct gpio_chip *chip, unsigned long *mask, if (!bankmask) return; - spin_lock_irqsave(&p->lock, flags); + raw_spin_lock_irqsave(&p->lock, flags); val = gpio_rcar_read(p, OUTDT); val &= ~bankmask; val |= (bankmask & bits[0]); gpio_rcar_write(p, OUTDT, val); - spin_unlock_irqrestore(&p->lock, flags); + raw_spin_unlock_irqrestore(&p->lock, flags); } static int gpio_rcar_direction_output(struct gpio_chip *chip, unsigned offset, @@ -454,7 +454,7 @@ static int gpio_rcar_probe(struct platform_device *pdev) return -ENOMEM; p->dev = dev; - spin_lock_init(&p->lock); + raw_spin_lock_init(&p->lock); /* Get device configuration from DT node */ ret = gpio_rcar_parse_dt(p, &npins); -- 2.51.0

2 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] ata: Fix SATA_MOBILE_LPM_POLICY description in Kconfig" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x ed62a62a18bc144f73eadf866ae46842e8f6606e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082137-earmuff-rifling-98cf@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ed62a62a18bc144f73eadf866ae46842e8f6606e Mon Sep 17 00:00:00 2001 From: Damien Le Moal <dlemoal(a)kernel.org> Date: Wed, 18 Jun 2025 16:25:19 +0900 Subject: [PATCH] ata: Fix SATA_MOBILE_LPM_POLICY description in Kconfig Improve the description of the possible default SATA link power management policies and add the missing description for policy 5. No functional changes. Fixes: a5ec5a7bfd1f ("ata: ahci: Support state with min power but Partial low power state") Cc: stable(a)vger.kernel.org Signed-off-by: Damien Le Moal <dlemoal(a)kernel.org> Reviewed-by: Hannes Reinecke <hare(a)suse.de> Reviewed-by: Niklas Cassel <cassel(a)kernel.org> diff --git a/drivers/ata/Kconfig b/drivers/ata/Kconfig index e00536b49552..120a2b7067fc 100644 --- a/drivers/ata/Kconfig +++ b/drivers/ata/Kconfig @@ -117,23 +117,39 @@ config SATA_AHCI config SATA_MOBILE_LPM_POLICY int "Default SATA Link Power Management policy" - range 0 4 + range 0 5 default 3 depends on SATA_AHCI help Select the Default SATA Link Power Management (LPM) policy to use for chipsets / "South Bridges" supporting low-power modes. Such chipsets are ubiquitous across laptops, desktops and servers. + Each policy combines power saving states and features: + - Partial: The Phy logic is powered but is in a reduced power + state. The exit latency from this state is no longer than + 10us). + - Slumber: The Phy logic is powered but is in an even lower power + state. The exit latency from this state is potentially + longer, but no longer than 10ms. + - DevSleep: The Phy logic may be powered down. The exit latency from + this state is no longer than 20 ms, unless otherwise + specified by DETO in the device Identify Device Data log. + - HIPM: Host Initiated Power Management (host automatically + transitions to partial and slumber). + - DIPM: Device Initiated Power Management (device automatically + transitions to partial and slumber). - The value set has the following meanings: + The possible values for the default SATA link power management + policies are: 0 => Keep firmware settings - 1 => Maximum performance - 2 => Medium power - 3 => Medium power with Device Initiated PM enabled - 4 => Minimum power + 1 => No power savings (maximum performance) + 2 => HIPM (Partial) + 3 => HIPM (Partial) and DIPM (Partial and Slumber) + 4 => HIPM (Partial and DevSleep) and DIPM (Partial and Slumber) + 5 => HIPM (Slumber and DevSleep) and DIPM (Partial and Slumber) - Note "Minimum power" is known to cause issues, including disk - corruption, with some disks and should not be used. + Excluding the value 0, higher values represent policies with higher + power savings. config SATA_AHCI_PLATFORM tristate "Platform AHCI SATA support"

2 months, 3 weeks

2
1
0 0

FAILED: patch "[PATCH] usb: dwc3: imx8mp: fix device leak at unbind" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 086a0e516f7b3844e6328a5c69e2708b66b0ce18 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082120-levitator-quarry-cce6@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 086a0e516f7b3844e6328a5c69e2708b66b0ce18 Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan(a)kernel.org> Date: Thu, 24 Jul 2025 11:19:06 +0200 Subject: [PATCH] usb: dwc3: imx8mp: fix device leak at unbind Make sure to drop the reference to the dwc3 device taken by of_find_device_by_node() on probe errors and on driver unbind. Fixes: 6dd2565989b4 ("usb: dwc3: add imx8mp dwc3 glue layer driver") Cc: stable(a)vger.kernel.org # 5.12 Cc: Li Jun <jun.li(a)nxp.com> Signed-off-by: Johan Hovold <johan(a)kernel.org> Link: https://lore.kernel.org/r/20250724091910.21092-2-johan@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/dwc3/dwc3-imx8mp.c b/drivers/usb/dwc3/dwc3-imx8mp.c index 3edc5aca76f9..bce6af82f54c 100644 --- a/drivers/usb/dwc3/dwc3-imx8mp.c +++ b/drivers/usb/dwc3/dwc3-imx8mp.c @@ -244,7 +244,7 @@ static int dwc3_imx8mp_probe(struct platform_device *pdev) IRQF_ONESHOT, dev_name(dev), dwc3_imx); if (err) { dev_err(dev, "failed to request IRQ #%d --> %d\n", irq, err); - goto depopulate; + goto put_dwc3; } device_set_wakeup_capable(dev, true); @@ -252,6 +252,8 @@ static int dwc3_imx8mp_probe(struct platform_device *pdev) return 0; +put_dwc3: + put_device(&dwc3_imx->dwc3->dev); depopulate: of_platform_depopulate(dev); remove_swnode: @@ -265,8 +267,11 @@ static int dwc3_imx8mp_probe(struct platform_device *pdev) static void dwc3_imx8mp_remove(struct platform_device *pdev) { + struct dwc3_imx8mp *dwc3_imx = platform_get_drvdata(pdev); struct device *dev = &pdev->dev; + put_device(&dwc3_imx->dwc3->dev); + pm_runtime_get_sync(dev); of_platform_depopulate(dev); device_remove_software_node(dev);

2 months, 3 weeks

2
1
0 0

[PATCH 1/2] media: mc: Fix MUST_CONNECT handling for pads with no links

by Laurent Pinchart

Commit b3decc5ce7d7 ("media: mc: Expand MUST_CONNECT flag to always require an enabled link") expanded the meaning of the MUST_CONNECT flag to require an enabled link in all cases. To do so, the link exploration code was expanded to cover unconnected pads, in order to reject those that have the MUST_CONNECT flag set. The implementation was however incorrect, ignoring unconnected pads instead of ignoring connected pads. Fix it. Reported-by: Martin Kepplinger-Novaković <martink(a)posteo.de> Closes: https://lore.kernel.org/linux-media/20250205172957.182362-1-martink@posteo.… Reported-by: Maud Spierings <maudspierings(a)gocontroll.com> Closes: https://lore.kernel.org/linux-media/20250818-imx8_isi-v1-1-e9cfe994c435@goc… Fixes: b3decc5ce7d7 ("media: mc: Expand MUST_CONNECT flag to always require an enabled link") Cc: stable(a)vger.kernel.org # 6.1 Signed-off-by: Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> --- drivers/media/mc/mc-entity.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/media/mc/mc-entity.c b/drivers/media/mc/mc-entity.c index 04d69f042a0e..928613d60e8f 100644 --- a/drivers/media/mc/mc-entity.c +++ b/drivers/media/mc/mc-entity.c @@ -696,7 +696,7 @@ static int media_pipeline_explore_next_link(struct media_pipeline *pipe, * (already discovered through iterating over links) and pads * not internally connected. */ - if (origin == local || !local->num_links || + if (origin == local || local->num_links || !media_entity_has_pad_interdep(origin->entity, origin->index, local->index)) continue; -- Regards, Laurent Pinchart

2 months, 3 weeks

4
3
0 0

FAILED: patch "[PATCH] PM: runtime: Take active children into account in" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 51888393cc64dd0462d0b96c13ab94873abbc030 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082128-casually-sensuous-5677@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 51888393cc64dd0462d0b96c13ab94873abbc030 Mon Sep 17 00:00:00 2001 From: "Rafael J. Wysocki" <rafael.j.wysocki(a)intel.com> Date: Wed, 9 Jul 2025 12:41:45 +0200 Subject: [PATCH] PM: runtime: Take active children into account in pm_runtime_get_if_in_use() For all practical purposes, there is no difference between the situation in which a given device is not ignoring children and its active child count is nonzero and the situation in which its runtime PM usage counter is nonzero. However, pm_runtime_get_if_in_use() will only increment the device's usage counter and return 1 in the latter case. For consistency, make it do so in the former case either by adjusting pm_runtime_get_conditional() and update the related kerneldoc comments accordingly. Fixes: c111566bea7c ("PM: runtime: Add pm_runtime_get_if_active()") Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> Reviewed-by: Ulf Hansson <ulf.hansson(a)linaro.org> Reviewed-by: Sakari Ailus <sakari.ailus(a)linux.intel.com> Cc: 5.10+ <stable(a)vger.kernel.org> # 5.10+: c0ef3df8dbae: PM: runtime: Simplify pm_runtime_get_if_active() usage Cc: 5.10+ <stable(a)vger.kernel.org> # 5.10+ Link: https://patch.msgid.link/12700973.O9o76ZdvQC@rjwysocki.net diff --git a/drivers/base/power/runtime.c b/drivers/base/power/runtime.c index c55a7c70bc1a..2ba0dfd1de5a 100644 --- a/drivers/base/power/runtime.c +++ b/drivers/base/power/runtime.c @@ -1191,10 +1191,12 @@ EXPORT_SYMBOL_GPL(__pm_runtime_resume); * * Return -EINVAL if runtime PM is disabled for @dev. * - * Otherwise, if the runtime PM status of @dev is %RPM_ACTIVE and either - * @ign_usage_count is %true or the runtime PM usage counter of @dev is not - * zero, increment the usage counter of @dev and return 1. Otherwise, return 0 - * without changing the usage counter. + * Otherwise, if its runtime PM status is %RPM_ACTIVE and (1) @ign_usage_count + * is set, or (2) @dev is not ignoring children and its active child count is + * nonero, or (3) the runtime PM usage counter of @dev is not zero, increment + * the usage counter of @dev and return 1. + * + * Otherwise, return 0 without changing the usage counter. * * If @ign_usage_count is %true, this function can be used to prevent suspending * the device when its runtime PM status is %RPM_ACTIVE. @@ -1216,7 +1218,8 @@ static int pm_runtime_get_conditional(struct device *dev, bool ign_usage_count) retval = -EINVAL; } else if (dev->power.runtime_status != RPM_ACTIVE) { retval = 0; - } else if (ign_usage_count) { + } else if (ign_usage_count || (!dev->power.ignore_children && + atomic_read(&dev->power.child_count) > 0)) { retval = 1; atomic_inc(&dev->power.usage_count); } else { @@ -1249,10 +1252,16 @@ EXPORT_SYMBOL_GPL(pm_runtime_get_if_active); * @dev: Target device. * * Increment the runtime PM usage counter of @dev if its runtime PM status is - * %RPM_ACTIVE and its runtime PM usage counter is greater than 0, in which case - * it returns 1. If the device is in a different state or its usage_count is 0, - * 0 is returned. -EINVAL is returned if runtime PM is disabled for the device, - * in which case also the usage_count will remain unmodified. + * %RPM_ACTIVE and its runtime PM usage counter is greater than 0 or it is not + * ignoring children and its active child count is nonzero. 1 is returned in + * this case. + * + * If @dev is in a different state or it is not in use (that is, its usage + * counter is 0, or it is ignoring children, or its active child count is 0), + * 0 is returned. + * + * -EINVAL is returned if runtime PM is disabled for the device, in which case + * also the usage counter of @dev is not updated. */ int pm_runtime_get_if_in_use(struct device *dev) {

2 months, 3 weeks

2
2
0 0

FAILED: patch "[PATCH] usb: dwc3: imx8mp: fix device leak at unbind" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 086a0e516f7b3844e6328a5c69e2708b66b0ce18 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082120-canteen-quickly-68c4@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 086a0e516f7b3844e6328a5c69e2708b66b0ce18 Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan(a)kernel.org> Date: Thu, 24 Jul 2025 11:19:06 +0200 Subject: [PATCH] usb: dwc3: imx8mp: fix device leak at unbind Make sure to drop the reference to the dwc3 device taken by of_find_device_by_node() on probe errors and on driver unbind. Fixes: 6dd2565989b4 ("usb: dwc3: add imx8mp dwc3 glue layer driver") Cc: stable(a)vger.kernel.org # 5.12 Cc: Li Jun <jun.li(a)nxp.com> Signed-off-by: Johan Hovold <johan(a)kernel.org> Link: https://lore.kernel.org/r/20250724091910.21092-2-johan@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/dwc3/dwc3-imx8mp.c b/drivers/usb/dwc3/dwc3-imx8mp.c index 3edc5aca76f9..bce6af82f54c 100644 --- a/drivers/usb/dwc3/dwc3-imx8mp.c +++ b/drivers/usb/dwc3/dwc3-imx8mp.c @@ -244,7 +244,7 @@ static int dwc3_imx8mp_probe(struct platform_device *pdev) IRQF_ONESHOT, dev_name(dev), dwc3_imx); if (err) { dev_err(dev, "failed to request IRQ #%d --> %d\n", irq, err); - goto depopulate; + goto put_dwc3; } device_set_wakeup_capable(dev, true); @@ -252,6 +252,8 @@ static int dwc3_imx8mp_probe(struct platform_device *pdev) return 0; +put_dwc3: + put_device(&dwc3_imx->dwc3->dev); depopulate: of_platform_depopulate(dev); remove_swnode: @@ -265,8 +267,11 @@ static int dwc3_imx8mp_probe(struct platform_device *pdev) static void dwc3_imx8mp_remove(struct platform_device *pdev) { + struct dwc3_imx8mp *dwc3_imx = platform_get_drvdata(pdev); struct device *dev = &pdev->dev; + put_device(&dwc3_imx->dwc3->dev); + pm_runtime_get_sync(dev); of_platform_depopulate(dev); device_remove_software_node(dev);

2 months, 3 weeks

2
1
0 0

FAILED: patch "[PATCH] ata: Fix SATA_MOBILE_LPM_POLICY description in Kconfig" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x ed62a62a18bc144f73eadf866ae46842e8f6606e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082137-grandly-daytime-751f@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ed62a62a18bc144f73eadf866ae46842e8f6606e Mon Sep 17 00:00:00 2001 From: Damien Le Moal <dlemoal(a)kernel.org> Date: Wed, 18 Jun 2025 16:25:19 +0900 Subject: [PATCH] ata: Fix SATA_MOBILE_LPM_POLICY description in Kconfig Improve the description of the possible default SATA link power management policies and add the missing description for policy 5. No functional changes. Fixes: a5ec5a7bfd1f ("ata: ahci: Support state with min power but Partial low power state") Cc: stable(a)vger.kernel.org Signed-off-by: Damien Le Moal <dlemoal(a)kernel.org> Reviewed-by: Hannes Reinecke <hare(a)suse.de> Reviewed-by: Niklas Cassel <cassel(a)kernel.org> diff --git a/drivers/ata/Kconfig b/drivers/ata/Kconfig index e00536b49552..120a2b7067fc 100644 --- a/drivers/ata/Kconfig +++ b/drivers/ata/Kconfig @@ -117,23 +117,39 @@ config SATA_AHCI config SATA_MOBILE_LPM_POLICY int "Default SATA Link Power Management policy" - range 0 4 + range 0 5 default 3 depends on SATA_AHCI help Select the Default SATA Link Power Management (LPM) policy to use for chipsets / "South Bridges" supporting low-power modes. Such chipsets are ubiquitous across laptops, desktops and servers. + Each policy combines power saving states and features: + - Partial: The Phy logic is powered but is in a reduced power + state. The exit latency from this state is no longer than + 10us). + - Slumber: The Phy logic is powered but is in an even lower power + state. The exit latency from this state is potentially + longer, but no longer than 10ms. + - DevSleep: The Phy logic may be powered down. The exit latency from + this state is no longer than 20 ms, unless otherwise + specified by DETO in the device Identify Device Data log. + - HIPM: Host Initiated Power Management (host automatically + transitions to partial and slumber). + - DIPM: Device Initiated Power Management (device automatically + transitions to partial and slumber). - The value set has the following meanings: + The possible values for the default SATA link power management + policies are: 0 => Keep firmware settings - 1 => Maximum performance - 2 => Medium power - 3 => Medium power with Device Initiated PM enabled - 4 => Minimum power + 1 => No power savings (maximum performance) + 2 => HIPM (Partial) + 3 => HIPM (Partial) and DIPM (Partial and Slumber) + 4 => HIPM (Partial and DevSleep) and DIPM (Partial and Slumber) + 5 => HIPM (Slumber and DevSleep) and DIPM (Partial and Slumber) - Note "Minimum power" is known to cause issues, including disk - corruption, with some disks and should not be used. + Excluding the value 0, higher values represent policies with higher + power savings. config SATA_AHCI_PLATFORM tristate "Platform AHCI SATA support"

2 months, 3 weeks

2
1
0 0

FAILED: patch "[PATCH] usb: musb: omap2430: fix device leak at unbind" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 1473e9e7679bd4f5a62d1abccae894fb86de280f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082155-sympathy-finally-e1ad@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1473e9e7679bd4f5a62d1abccae894fb86de280f Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan(a)kernel.org> Date: Thu, 24 Jul 2025 11:19:09 +0200 Subject: [PATCH] usb: musb: omap2430: fix device leak at unbind Make sure to drop the reference to the control device taken by of_find_device_by_node() during probe when the driver is unbound. Fixes: 8934d3e4d0e7 ("usb: musb: omap2430: Don't use omap_get_control_dev()") Cc: stable(a)vger.kernel.org # 3.13 Cc: Roger Quadros <rogerq(a)kernel.org> Signed-off-by: Johan Hovold <johan(a)kernel.org> Link: https://lore.kernel.org/r/20250724091910.21092-5-johan@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/musb/omap2430.c b/drivers/usb/musb/omap2430.c index 2970967a4fd2..36f756f9b7f6 100644 --- a/drivers/usb/musb/omap2430.c +++ b/drivers/usb/musb/omap2430.c @@ -400,7 +400,7 @@ static int omap2430_probe(struct platform_device *pdev) ret = platform_device_add_resources(musb, pdev->resource, pdev->num_resources); if (ret) { dev_err(&pdev->dev, "failed to add resources\n"); - goto err2; + goto err_put_control_otghs; } if (populate_irqs) { @@ -413,7 +413,7 @@ static int omap2430_probe(struct platform_device *pdev) res = platform_get_resource(pdev, IORESOURCE_MEM, 0); if (!res) { ret = -EINVAL; - goto err2; + goto err_put_control_otghs; } musb_res[i].start = res->start; @@ -441,14 +441,14 @@ static int omap2430_probe(struct platform_device *pdev) ret = platform_device_add_resources(musb, musb_res, i); if (ret) { dev_err(&pdev->dev, "failed to add IRQ resources\n"); - goto err2; + goto err_put_control_otghs; } } ret = platform_device_add_data(musb, pdata, sizeof(*pdata)); if (ret) { dev_err(&pdev->dev, "failed to add platform_data\n"); - goto err2; + goto err_put_control_otghs; } pm_runtime_enable(glue->dev); @@ -463,7 +463,9 @@ static int omap2430_probe(struct platform_device *pdev) err3: pm_runtime_disable(glue->dev); - +err_put_control_otghs: + if (!IS_ERR(glue->control_otghs)) + put_device(glue->control_otghs); err2: platform_device_put(musb); @@ -477,6 +479,8 @@ static void omap2430_remove(struct platform_device *pdev) platform_device_unregister(glue->musb); pm_runtime_disable(glue->dev); + if (!IS_ERR(glue->control_otghs)) + put_device(glue->control_otghs); } #ifdef CONFIG_PM

2 months, 3 weeks

2
2
0 0

[PATCH v2] mm/damon/core: set quota->charged_from to jiffies at first charge window

by Sang-Heon Jeon

Kernel initialize "jiffies" timer as 5 minutes below zero, as shown in include/linux/jiffies.h /* * Have the 32 bit jiffies value wrap 5 minutes after boot * so jiffies wrap bugs show up earlier. */ #define INITIAL_JIFFIES ((unsigned long)(unsigned int) (-300*HZ)) And they cast unsigned value to signed to cover wraparound #define time_after_eq(a,b) \ (typecheck(unsigned long, a) && \ typecheck(unsigned long, b) && \ ((long)((a) - (b)) >= 0)) In 64bit system, these might not be a problem because wrapround occurs 300 million years after the boot, assuming HZ value is 1000. With same assuming, In 32bit system, wraparound occurs 5 minutues after the initial boot and every 49 days after the first wraparound. And about 25 days after first wraparound, it continues quota charging window up to next 25 days. Example 1: initial boot jiffies=0xFFFB6C20, charged_from+interval=0x000003E8 time_after_eq(jiffies, charged_from+interval)=(long)0xFFFB6838; In signed values, it is considered negative so it is false. Example 2: after about 25 days first wraparound jiffies=0x800004E8, charged_from+interval=0x000003E8 time_after_eq(jiffies, charged_from+interval)=(long)0x80000100; In signed values, it is considered negative so it is false So, change quota->charged_from to jiffies at damos_adjust_quota() when it is consider first charge window. In theory; but almost impossible; quota->total_charged_sz and qutoa->charged_from should be both zero even if it is not in first charge window. But It will only delay one reset_interval, So it is not big problem. Fixes: 2b8a248d5873 ("mm/damon/schemes: implement size quota for schemes application speed control") # 5.16 Cc: stable(a)vger.kernel.org Signed-off-by: Sang-Heon Jeon <ekffu200098(a)gmail.com> --- Changes from v1 [1] - not change current default value of quota->charged_from - set quota->charged_from when it is consider first charge below - add more description of jiffies and wraparound example to commit messages SeongJae, please re-check Fixes commit is valid. Thank you. [1] https://lore.kernel.org/damon/20250818183803.1450539-1-ekffu200098@gmail.co… --- mm/damon/core.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/mm/damon/core.c b/mm/damon/core.c index cb41fddca78c..93bad6d0da5b 100644 --- a/mm/damon/core.c +++ b/mm/damon/core.c @@ -2130,6 +2130,10 @@ static void damos_adjust_quota(struct damon_ctx *c, struct damos *s) if (!quota->ms && !quota->sz && list_empty(&quota->goals)) return; + /* First charge window */ + if (!quota->total_charged_sz && !quota->charged_from) + quota->charged_from = jiffies; + /* New charge window starts */ if (time_after_eq(jiffies, quota->charged_from + msecs_to_jiffies(quota->reset_interval))) { -- 2.43.0

2 months, 3 weeks

2
13
0 0

FAILED: patch "[PATCH] platform/chrome: cros_ec: Unregister notifier in" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x e2374953461947eee49f69b3e3204ff080ef31b1 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082112-segment-delta-e613@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e2374953461947eee49f69b3e3204ff080ef31b1 Mon Sep 17 00:00:00 2001 From: Tzung-Bi Shih <tzungbi(a)kernel.org> Date: Tue, 22 Jul 2025 12:05:13 +0000 Subject: [PATCH] platform/chrome: cros_ec: Unregister notifier in cros_ec_unregister() The blocking notifier is registered in cros_ec_register(); however, it isn't unregistered in cros_ec_unregister(). Fix it. Fixes: 42cd0ab476e2 ("platform/chrome: cros_ec: Query EC protocol version if EC transitions between RO/RW") Cc: stable(a)vger.kernel.org Reviewed-by: Benson Leung <bleung(a)chromium.org> Link: https://lore.kernel.org/r/20250722120513.234031-1-tzungbi@kernel.org Signed-off-by: Tzung-Bi Shih <tzungbi(a)kernel.org> diff --git a/drivers/platform/chrome/cros_ec.c b/drivers/platform/chrome/cros_ec.c index 110771a8645e..fd58781a2fb7 100644 --- a/drivers/platform/chrome/cros_ec.c +++ b/drivers/platform/chrome/cros_ec.c @@ -318,6 +318,9 @@ EXPORT_SYMBOL(cros_ec_register); */ void cros_ec_unregister(struct cros_ec_device *ec_dev) { + if (ec_dev->mkbp_event_supported) + blocking_notifier_chain_unregister(&ec_dev->event_notifier, + &ec_dev->notifier_ready); platform_device_unregister(ec_dev->pd); platform_device_unregister(ec_dev->ec); mutex_destroy(&ec_dev->lock);

2 months, 3 weeks

2
4
0 0

FAILED: patch "[PATCH] usb: musb: omap2430: fix device leak at unbind" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 1473e9e7679bd4f5a62d1abccae894fb86de280f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082155-easing-flavorful-b21d@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1473e9e7679bd4f5a62d1abccae894fb86de280f Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan(a)kernel.org> Date: Thu, 24 Jul 2025 11:19:09 +0200 Subject: [PATCH] usb: musb: omap2430: fix device leak at unbind Make sure to drop the reference to the control device taken by of_find_device_by_node() during probe when the driver is unbound. Fixes: 8934d3e4d0e7 ("usb: musb: omap2430: Don't use omap_get_control_dev()") Cc: stable(a)vger.kernel.org # 3.13 Cc: Roger Quadros <rogerq(a)kernel.org> Signed-off-by: Johan Hovold <johan(a)kernel.org> Link: https://lore.kernel.org/r/20250724091910.21092-5-johan@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/musb/omap2430.c b/drivers/usb/musb/omap2430.c index 2970967a4fd2..36f756f9b7f6 100644 --- a/drivers/usb/musb/omap2430.c +++ b/drivers/usb/musb/omap2430.c @@ -400,7 +400,7 @@ static int omap2430_probe(struct platform_device *pdev) ret = platform_device_add_resources(musb, pdev->resource, pdev->num_resources); if (ret) { dev_err(&pdev->dev, "failed to add resources\n"); - goto err2; + goto err_put_control_otghs; } if (populate_irqs) { @@ -413,7 +413,7 @@ static int omap2430_probe(struct platform_device *pdev) res = platform_get_resource(pdev, IORESOURCE_MEM, 0); if (!res) { ret = -EINVAL; - goto err2; + goto err_put_control_otghs; } musb_res[i].start = res->start; @@ -441,14 +441,14 @@ static int omap2430_probe(struct platform_device *pdev) ret = platform_device_add_resources(musb, musb_res, i); if (ret) { dev_err(&pdev->dev, "failed to add IRQ resources\n"); - goto err2; + goto err_put_control_otghs; } } ret = platform_device_add_data(musb, pdata, sizeof(*pdata)); if (ret) { dev_err(&pdev->dev, "failed to add platform_data\n"); - goto err2; + goto err_put_control_otghs; } pm_runtime_enable(glue->dev); @@ -463,7 +463,9 @@ static int omap2430_probe(struct platform_device *pdev) err3: pm_runtime_disable(glue->dev); - +err_put_control_otghs: + if (!IS_ERR(glue->control_otghs)) + put_device(glue->control_otghs); err2: platform_device_put(musb); @@ -477,6 +479,8 @@ static void omap2430_remove(struct platform_device *pdev) platform_device_unregister(glue->musb); pm_runtime_disable(glue->dev); + if (!IS_ERR(glue->control_otghs)) + put_device(glue->control_otghs); } #ifdef CONFIG_PM

2 months, 3 weeks

2
2
0 0

[PATCH 6.12.y] sched_ext: initialize built-in idle state before ops.init()

by Andrea Righi

commit f0c6eab5e45c529f449fbc595873719e00de6d79 upstream. A BPF scheduler may want to use the built-in idle cpumasks in ops.init() before the scheduler is fully initialized, either directly or through a BPF timer for example. However, this would result in an error, since the idle state has not been properly initialized yet. This can be easily verified by modifying scx_simple to call scx_bpf_get_idle_cpumask() in ops.init(): $ sudo scx_simple DEBUG DUMP =========================================================================== scx_simple[121] triggered exit kind 1024: runtime error (built-in idle tracking is disabled) ... Fix this by properly initializing the idle state before ops.init() is called. With this change applied: $ sudo scx_simple local=2 global=0 local=19 global=11 local=23 global=11 ... Fixes: d73249f88743d ("sched_ext: idle: Make idle static keys private") Signed-off-by: Andrea Righi <arighi(a)nvidia.com> Reviewed-by: Joel Fernandes <joelagnelf(a)nvidia.com> Signed-off-by: Tejun Heo <tj(a)kernel.org> [ Backport to 6.12: - Original commit doesn't apply cleanly to 6.12 since d73249f88743d is not present. - This backport applies the same logical fix to prevent BPF scheduler failures while accessing idle cpumasks from ops.init(). ] Signed-off-by: Andrea Righi <arighi(a)nvidia.com> Cc: stable(a)vger.kernel.org Signed-off-by: Andrea Righi <arighi(a)nvidia.com> --- kernel/sched/ext.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/kernel/sched/ext.c b/kernel/sched/ext.c index c801dd20c63d9..7eae1c64f7348 100644 --- a/kernel/sched/ext.c +++ b/kernel/sched/ext.c @@ -5220,6 +5220,13 @@ static int scx_ops_enable(struct sched_ext_ops *ops, struct bpf_link *link) for_each_possible_cpu(cpu) cpu_rq(cpu)->scx.cpuperf_target = SCX_CPUPERF_ONE; + if (!ops->update_idle || (ops->flags & SCX_OPS_KEEP_BUILTIN_IDLE)) { + reset_idle_masks(); + static_branch_enable(&scx_builtin_idle_enabled); + } else { + static_branch_disable(&scx_builtin_idle_enabled); + } + /* * Keep CPUs stable during enable so that the BPF scheduler can track * online CPUs by watching ->on/offline_cpu() after ->init(). @@ -5287,13 +5294,6 @@ static int scx_ops_enable(struct sched_ext_ops *ops, struct bpf_link *link) if (scx_ops.cpu_acquire || scx_ops.cpu_release) static_branch_enable(&scx_ops_cpu_preempt); - if (!ops->update_idle || (ops->flags & SCX_OPS_KEEP_BUILTIN_IDLE)) { - reset_idle_masks(); - static_branch_enable(&scx_builtin_idle_enabled); - } else { - static_branch_disable(&scx_builtin_idle_enabled); - } - /* * Lock out forks, cgroup on/offlining and moves before opening the * floodgate so that they don't wander into the operations prematurely. -- 2.50.1

2 months, 3 weeks

1
0
0 0

[PATCH v2 3/3] PCI: Fix failure detection during resource resize

by Ilpo Järvinen

Since the commit 96336ec70264 ("PCI: Perform reset_resource() and build fail list in sync") the failed list is always built and returned to let the caller decide what to do with the failures. The caller may want to retry resource fitting and assignment and before that can happen, the resources should be restored to their original state (a reset effectively clears the struct resource), which requires returning them on the failed list so that the original state remains stored in the associated struct pci_dev_resource. Resource resizing is different from the ordinary resource fitting and assignment in that it only considers part of the resources. This means failures for other resource types are not relevant at all and should be ignored. As resize doesn't unassign such unrelated resources, those resource ending up into the failed list implies assignment of that resource must have failed before resize too. The check in pci_reassign_bridge_resources() to decide if the whole assignment is successful, however, is based on list emptiness which will cause false negatives when the failed list has resources with an unrelated type. If the failed list is not empty, call pci_required_resource_failed() and extend it to be able to filter on specific resource types too (if provided). Calling pci_required_resource_failed() at this point is slightly problematic because the resource itself is reset when the failed list is constructed in __assign_resources_sorted(). As a result, pci_resource_is_optional() does not have access to the original resource flags. This could be worked around by restoring and re-reseting the resource around the call to pci_resource_is_optional(), however, it shouldn't cause issue as resource resizing is meant for 64-bit prefetchable resources according to Christian König (see the Link which unfortunately doesn't point directly to Christian's reply because lore didn't store that email at all). Fixes: 96336ec70264 ("PCI: Perform reset_resource() and build fail list in sync") Link: https://lore.kernel.org/all/c5d1b5d8-8669-5572-75a7-0b480f581ac1@linux.inte… Reported-by: D Scott Phillips <scott(a)os.amperecomputing.com> Tested-by: D Scott Phillips <scott(a)os.amperecomputing.com> Signed-off-by: Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> Reviewed-by: D Scott Phillips <scott(a)os.amperecomputing.com> Cc: Christian König <christian.koenig(a)amd.com> Cc: <stable(a)vger.kernel.org> --- drivers/pci/setup-bus.c | 26 ++++++++++++++++++-------- 1 file changed, 18 insertions(+), 8 deletions(-) diff --git a/drivers/pci/setup-bus.c b/drivers/pci/setup-bus.c index 24863d8d0053..dbbd80d78d3d 100644 --- a/drivers/pci/setup-bus.c +++ b/drivers/pci/setup-bus.c @@ -28,6 +28,10 @@ #include <linux/acpi.h> #include "pci.h" +#define PCI_RES_TYPE_MASK \ + (IORESOURCE_IO | IORESOURCE_MEM | IORESOURCE_PREFETCH |\ + IORESOURCE_MEM_64) + unsigned int pci_flags; EXPORT_SYMBOL_GPL(pci_flags); @@ -384,13 +388,19 @@ static bool pci_need_to_release(unsigned long mask, struct resource *res) } /* Return: @true if assignment of a required resource failed. */ -static bool pci_required_resource_failed(struct list_head *fail_head) +static bool pci_required_resource_failed(struct list_head *fail_head, + unsigned long type) { struct pci_dev_resource *fail_res; + type &= PCI_RES_TYPE_MASK; + list_for_each_entry(fail_res, fail_head, list) { int idx = pci_resource_num(fail_res->dev, fail_res->res); + if (type && (fail_res->flags & PCI_RES_TYPE_MASK) != type) + continue; + if (!pci_resource_is_optional(fail_res->dev, idx)) return true; } @@ -504,7 +514,7 @@ static void __assign_resources_sorted(struct list_head *head, } /* Without realloc_head and only optional fails, nothing more to do. */ - if (!pci_required_resource_failed(&local_fail_head) && + if (!pci_required_resource_failed(&local_fail_head, 0) && list_empty(realloc_head)) { list_for_each_entry(save_res, &save_head, list) { struct resource *res = save_res->res; @@ -1708,10 +1718,6 @@ static void __pci_bridge_assign_resources(const struct pci_dev *bridge, } } -#define PCI_RES_TYPE_MASK \ - (IORESOURCE_IO | IORESOURCE_MEM | IORESOURCE_PREFETCH |\ - IORESOURCE_MEM_64) - static void pci_bridge_release_resources(struct pci_bus *bus, unsigned long type) { @@ -2449,8 +2455,12 @@ int pci_reassign_bridge_resources(struct pci_dev *bridge, unsigned long type) free_list(&added); if (!list_empty(&failed)) { - ret = -ENOSPC; - goto cleanup; + if (pci_required_resource_failed(&failed, type)) { + ret = -ENOSPC; + goto cleanup; + } + /* Only resources with unrelated types failed (again) */ + free_list(&failed); } list_for_each_entry(dev_res, &saved, list) { -- 2.39.5

2 months, 3 weeks

2
2
0 0

[PATCH v2 2/3] PCI: Fix pdev_resources_assignable() disparity

by Ilpo Järvinen

pdev_sort_resources() uses pdev_resources_assignable() helper to decide if device's resources cannot be assigned. pbus_size_mem(), on the other hand, does not do the same check. This could lead into a situation where a resource ends up on realloc_head list but is not on the head list, which is turn prevents emptying the resource from the realloc_head list in __assign_resources_sorted(). A non-empty realloc_head is unacceptable because it triggers an internal sanity check as show in this log with a device that has class 0 (PCI_CLASS_NOT_DEFINED): pci 0001:01:00.0: [144d:a5a5] type 00 class 0x000000 PCIe Endpoint pci 0001:01:00.0: BAR 0 [mem 0x00000000-0x000fffff 64bit] pci 0001:01:00.0: ROM [mem 0x00000000-0x0000ffff pref] pci 0001:01:00.0: enabling Extended Tags pci 0001:01:00.0: PME# supported from D0 D3hot D3cold pci 0001:01:00.0: 15.752 Gb/s available PCIe bandwidth, limited by 8.0 GT/s PCIe x2 link at 0001:00:00.0 (capable of 31.506 Gb/s with 16.0 GT/s PCIe x2 link) pcieport 0001:00:00.0: bridge window [mem 0x00100000-0x001fffff] to [bus 01-ff] add_size 100000 add_align 100000 pcieport 0001:00:00.0: bridge window [mem 0x40000000-0x401fffff]: assigned ------------[ cut here ]------------ kernel BUG at drivers/pci/setup-bus.c:2532! Internal error: Oops - BUG: 00000000f2000800 [#1] SMP ... Call trace: pci_assign_unassigned_bus_resources+0x110/0x114 (P) pci_rescan_bus+0x28/0x48 Use pdev_resources_assignable() also within pbus_size_mem() to skip processing of non-assignable resources which removes the disparity in between what resources pdev_sort_resources() and pbus_size_mem() consider. As non-assignable resources are no longer processed, they are not added to the realloc_head list, thus the sanity check no longer triggers. This disparity problem is very old but only now became apparent after the commit 2499f5348431 ("PCI: Rework optional resource handling") that made the ROM resources optional when calculating bridge window sizes which required adding the resource to the realloc_head list. Previously, bridge windows were just sized larger than necessary. Fixes: 2499f5348431 ("PCI: Rework optional resource handling") Reported-by: Tudor Ambarus <tudor.ambarus(a)linaro.org> Signed-off-by: Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> Cc: <stable(a)vger.kernel.org> --- drivers/pci/setup-bus.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/pci/setup-bus.c b/drivers/pci/setup-bus.c index f90d49cd07da..24863d8d0053 100644 --- a/drivers/pci/setup-bus.c +++ b/drivers/pci/setup-bus.c @@ -1191,6 +1191,7 @@ static int pbus_size_mem(struct pci_bus *bus, unsigned long mask, resource_size_t r_size; if (r->parent || (r->flags & IORESOURCE_PCI_FIXED) || + !pdev_resources_assignable(dev) || ((r->flags & mask) != type && (r->flags & mask) != type2 && (r->flags & mask) != type3)) -- 2.39.5

2 months, 3 weeks

2
2
0 0

FAILED: patch "[PATCH] usb: musb: omap2430: fix device leak at unbind" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 1473e9e7679bd4f5a62d1abccae894fb86de280f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082154-mutate-utilize-26d0@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1473e9e7679bd4f5a62d1abccae894fb86de280f Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan(a)kernel.org> Date: Thu, 24 Jul 2025 11:19:09 +0200 Subject: [PATCH] usb: musb: omap2430: fix device leak at unbind Make sure to drop the reference to the control device taken by of_find_device_by_node() during probe when the driver is unbound. Fixes: 8934d3e4d0e7 ("usb: musb: omap2430: Don't use omap_get_control_dev()") Cc: stable(a)vger.kernel.org # 3.13 Cc: Roger Quadros <rogerq(a)kernel.org> Signed-off-by: Johan Hovold <johan(a)kernel.org> Link: https://lore.kernel.org/r/20250724091910.21092-5-johan@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/musb/omap2430.c b/drivers/usb/musb/omap2430.c index 2970967a4fd2..36f756f9b7f6 100644 --- a/drivers/usb/musb/omap2430.c +++ b/drivers/usb/musb/omap2430.c @@ -400,7 +400,7 @@ static int omap2430_probe(struct platform_device *pdev) ret = platform_device_add_resources(musb, pdev->resource, pdev->num_resources); if (ret) { dev_err(&pdev->dev, "failed to add resources\n"); - goto err2; + goto err_put_control_otghs; } if (populate_irqs) { @@ -413,7 +413,7 @@ static int omap2430_probe(struct platform_device *pdev) res = platform_get_resource(pdev, IORESOURCE_MEM, 0); if (!res) { ret = -EINVAL; - goto err2; + goto err_put_control_otghs; } musb_res[i].start = res->start; @@ -441,14 +441,14 @@ static int omap2430_probe(struct platform_device *pdev) ret = platform_device_add_resources(musb, musb_res, i); if (ret) { dev_err(&pdev->dev, "failed to add IRQ resources\n"); - goto err2; + goto err_put_control_otghs; } } ret = platform_device_add_data(musb, pdata, sizeof(*pdata)); if (ret) { dev_err(&pdev->dev, "failed to add platform_data\n"); - goto err2; + goto err_put_control_otghs; } pm_runtime_enable(glue->dev); @@ -463,7 +463,9 @@ static int omap2430_probe(struct platform_device *pdev) err3: pm_runtime_disable(glue->dev); - +err_put_control_otghs: + if (!IS_ERR(glue->control_otghs)) + put_device(glue->control_otghs); err2: platform_device_put(musb); @@ -477,6 +479,8 @@ static void omap2430_remove(struct platform_device *pdev) platform_device_unregister(glue->musb); pm_runtime_disable(glue->dev); + if (!IS_ERR(glue->control_otghs)) + put_device(glue->control_otghs); } #ifdef CONFIG_PM

2 months, 3 weeks

2
2
0 0

FAILED: patch "[PATCH] platform/chrome: cros_ec: Unregister notifier in" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x e2374953461947eee49f69b3e3204ff080ef31b1 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082112-freight-pesticide-c276@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e2374953461947eee49f69b3e3204ff080ef31b1 Mon Sep 17 00:00:00 2001 From: Tzung-Bi Shih <tzungbi(a)kernel.org> Date: Tue, 22 Jul 2025 12:05:13 +0000 Subject: [PATCH] platform/chrome: cros_ec: Unregister notifier in cros_ec_unregister() The blocking notifier is registered in cros_ec_register(); however, it isn't unregistered in cros_ec_unregister(). Fix it. Fixes: 42cd0ab476e2 ("platform/chrome: cros_ec: Query EC protocol version if EC transitions between RO/RW") Cc: stable(a)vger.kernel.org Reviewed-by: Benson Leung <bleung(a)chromium.org> Link: https://lore.kernel.org/r/20250722120513.234031-1-tzungbi@kernel.org Signed-off-by: Tzung-Bi Shih <tzungbi(a)kernel.org> diff --git a/drivers/platform/chrome/cros_ec.c b/drivers/platform/chrome/cros_ec.c index 110771a8645e..fd58781a2fb7 100644 --- a/drivers/platform/chrome/cros_ec.c +++ b/drivers/platform/chrome/cros_ec.c @@ -318,6 +318,9 @@ EXPORT_SYMBOL(cros_ec_register); */ void cros_ec_unregister(struct cros_ec_device *ec_dev) { + if (ec_dev->mkbp_event_supported) + blocking_notifier_chain_unregister(&ec_dev->event_notifier, + &ec_dev->notifier_ready); platform_device_unregister(ec_dev->pd); platform_device_unregister(ec_dev->ec); mutex_destroy(&ec_dev->lock);

2 months, 3 weeks

2
4
0 0

[PATCH 6.15 000/509] 6.15.11-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.15.11 release. There are 509 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 21 Aug 2025 12:27:20 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.15.11-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.15.11-rc2 Shin'ichiro Kawasaki <shinichiro.kawasaki(a)wdc.com> dm: split write BIOs on zone boundaries when zone append is not emulated Frederic Weisbecker <frederic(a)kernel.org> rcu: Fix racy re-initialization of irq_work causing hangs Ivan Lipski <ivan.lipski(a)amd.com> drm/amd/display: Allow DCN301 to clear update flags Arnd Bergmann <arnd(a)arndb.de> firmware: arm_scmi: Convert to SYSTEM_SLEEP_PM_OPS Jens Axboe <axboe(a)kernel.dk> io_uring/rw: cast rw->flags assignment to rwf_t Damien Le Moal <dlemoal(a)kernel.org> ata: libata-sata: Add link_power_management_supported sysfs attribute Baochen Qiang <quic_bqiang(a)quicinc.com> wifi: ath12k: install pairwise key first Aditya Garg <gargaditya08(a)live.com> HID: magicmouse: avoid setting up battery timer when not needed Sean Christopherson <seanjc(a)google.com> KVM: x86: Convert vcpu_run()'s immediate exit param into a generic bitmap Maxim Levitsky <mlevitsk(a)redhat.com> KVM: VMX: Wrap all accesses to IA32_DEBUGCTL with getter/setter APIs Maxim Levitsky <mlevitsk(a)redhat.com> KVM: nVMX: Check vmcs12->guest_ia32_debugctl on nested VM-Enter Sean Christopherson <seanjc(a)google.com> KVM: VMX: Extract checking of guest's DEBUGCTL into helper Pedro Falcato <pfalcato(a)suse.de> RDMA/siw: Fix the sendmsg byte count in siw_tcp_sendpages Willy Tarreau <w(a)1wt.eu> tools/nolibc: fix spelling of FD_SETBITMASK in FD_* macros Masami Hiramatsu (Google) <mhiramat(a)kernel.org> tracing: fprobe: Fix infinite recursion using preempt_*_notrace() Marek Szyprowski <m.szyprowski(a)samsung.com> media: v4l2: Add support for NV12M tiled variants to v4l2_format_info() Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Do not mark valid metadata as invalid Vedang Nagar <quic_vnagar(a)quicinc.com> media: venus: Fix OOB read due to missing payload bound check Youngjun Lee <yjjuny.lee(a)samsung.com> media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() Breno Leitao <leitao(a)debian.org> mm/kmemleak: avoid deadlock by moving pr_warn() outside kmemleak_lock Waiman Long <longman(a)redhat.com> mm/kmemleak: avoid soft lockup in __kmemleak_do_cleanup() Kairui Song <kasong(a)tencent.com> mm/shmem, swap: improve cached mTHP handling and fix potential hang Anshuman Khandual <anshuman.khandual(a)arm.com> mm/ptdump: take the memory hotplug lock inside ptdump_walk_pgd() David Hildenbrand <david(a)redhat.com> mm/huge_memory: don't ignore queried cachemode in vmf_insert_pfn_pud() Vlastimil Babka <vbabka(a)suse.cz> mm, slab: restore NUMA policy support for large kmalloc Randy Dunlap <rdunlap(a)infradead.org> parisc: Makefile: fix a typo in palo.conf Haiyang Zhang <haiyangz(a)microsoft.com> hv_netvsc: Fix panic during namespace deletion with VF Davide Caratti <dcaratti(a)redhat.com> net/sched: ets: use old 'nbands' while purging unused classes Lizhi Xu <lizhi.xu(a)windriver.com> ocfs2: reset folio to NULL when get folio fails Randy Dunlap <rdunlap(a)infradead.org> fbdev: nvidiafb: add depends on HAS_IOPORT Sravan Kumar Gundu <sravankumarlpu(a)gmail.com> fbdev: Fix vmalloc out-of-bounds write in fast_imageblit Suren Baghdasaryan <surenb(a)google.com> userfaultfd: fix a crash in UFFDIO_MOVE when PMD is a migration entry Andrey Albershteyn <aalbersh(a)redhat.com> xfs: fix scrub trace with null pointer in quotacheck Qu Wenruo <wqu(a)suse.com> btrfs: do not allow relocation of partially dropped subvolumes Boris Burkov <boris(a)bur.io> btrfs: fix iteration bug in __qgroup_excl_accounting() Qu Wenruo <wqu(a)suse.com> btrfs: fix wrong length parameter for btrfs_cleanup_ordered_extents() Naohiro Aota <naohiro.aota(a)wdc.com> btrfs: zoned: do not select metadata BG as finish target Filipe Manana <fdmanana(a)suse.com> btrfs: error on missing block group when unaccounting log tree extent buffers Filipe Manana <fdmanana(a)suse.com> btrfs: fix log tree replay failure due to file with 0 links and extents Filipe Manana <fdmanana(a)suse.com> btrfs: send: use fallocate for hole punching with send stream v2 Filipe Manana <fdmanana(a)suse.com> btrfs: clear dirty status from extent buffer on error at insert_new_root() Filipe Manana <fdmanana(a)suse.com> btrfs: don't skip remaining extrefs if dir not found during log replay Filipe Manana <fdmanana(a)suse.com> btrfs: qgroup: fix qgroup create ioctl returning success after quotas disabled Caleb Sander Mateos <csander(a)purestorage.com> btrfs: don't skip accounting in early ENOTTY return in btrfs_uring_encoded_read() Qu Wenruo <wqu(a)suse.com> btrfs: populate otime when logging an inode item Filipe Manana <fdmanana(a)suse.com> btrfs: qgroup: fix race between quota disable and quota rescan ioctl Boris Burkov <boris(a)bur.io> btrfs: fix ssd_spread overallocation Filipe Manana <fdmanana(a)suse.com> btrfs: don't ignore inode missing when replaying log tree Filipe Manana <fdmanana(a)suse.com> btrfs: qgroup: set quota enabled bit if quota disable fails flushing reservations Naohiro Aota <naohiro.aota(a)wdc.com> btrfs: zoned: do not remove unwritten non-data block group Naohiro Aota <naohiro.aota(a)wdc.com> btrfs: zoned: requeue to unused block group list if zone finish failed Filipe Manana <fdmanana(a)suse.com> btrfs: abort transaction during log replay if walk_log_tree() failed Johannes Thumshirn <johannes.thumshirn(a)wdc.com> btrfs: zoned: use filesystem size not disk size for reclaim decision Oliver Neukum <oneukum(a)suse.com> cdc-acm: fix race between initial clearing halt and open Sebastian Reichel <sebastian.reichel(a)collabora.com> usb: typec: fusb302: cache PD RX state Eric Biggers <ebiggers(a)kernel.org> thunderbolt: Fix copy+paste error in match_service_id() Ian Abbott <abbotti(a)mev.co.uk> comedi: fix race between polling and detaching Myrrh Periwinkle <myrrhperiwinkle(a)qtmlabs.xyz> usb: typec: ucsi: Update power_supply on power role change Ricky Wu <ricky_wu(a)realtek.com> misc: rtsx: usb: Ensure mmc child device is active when card is present Xinyu Liu <katieeliu(a)tencent.com> usb: core: config: Prevent OOB read in SS endpoint companion parsing Zhang Yi <yi.zhang(a)huawei.com> ext4: initialize superblock fields in the kballoc-test.c kunit tests Baokun Li <libaokun1(a)huawei.com> ext4: fix largest free orders lists corruption on mb_optimize_scan switch Baokun Li <libaokun1(a)huawei.com> ext4: fix zombie groups in average fragment size lists Jason Gunthorpe <jgg(a)ziepe.ca> iommufd: Prevent ALIGN() overflow Nicolin Chen <nicolinc(a)nvidia.com> iommufd: Report unmapped bytes in the error path of iopt_unmap_iova_range Alexey Klimov <alexey.klimov(a)linaro.org> iommu/arm-smmu-qcom: Add SM6115 MDSS compatible Lu Baolu <baolu.lu(a)linux.intel.com> iommu/vt-d: Optimize iotlb_sync_map for non-caching/non-RWBF modes Shyam Prasad N <sprasad(a)microsoft.com> cifs: reset iface weights when we cannot find a candidate Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> clk: qcom: dispcc-sm8750: Fix setting rate byte and pixel clocks Christian Marangi <ansuelsmth(a)gmail.com> clk: qcom: gcc-ipq8074: fix broken freq table for nss_port6_tx_clk_src Damien Le Moal <dlemoal(a)kernel.org> dm: Always split write BIOs to zoned device limits Damien Le Moal <dlemoal(a)kernel.org> block: Introduce bio_needs_zone_write_plugging() Bijan Tabatabai <bijantabatab(a)micron.com> mm/damon/core: commit damos->target_nid SeongJae Park <sj(a)kernel.org> samples/damon/wsse: fix boot time enable handling Miguel Ojeda <ojeda(a)kernel.org> rust: workaround `rustdoc` target modifiers bug Miguel Ojeda <ojeda(a)kernel.org> rust: kbuild: clean output before running `rustdoc` Jack Xiao <Jack.Xiao(a)amd.com> drm/amdgpu: fix incorrect vm flags to map bo YiPeng Chai <YiPeng.Chai(a)amd.com> drm/amdgpu: fix vram reservation issue Jouni Högander <jouni.hogander(a)intel.com> drm/i915/psr: Do not trigger Frame Change events from frontbuffer flush David Howells <dhowells(a)redhat.com> cifs: Fix collect_sample() to handle any iterator type Shengjiu Wang <shengjiu.wang(a)nxp.com> ASoC: fsl_sai: replace regmap_write with regmap_update_bits Jiasheng Jiang <jiashengjiangcool(a)gmail.com> scsi: lpfc: Remove redundant assignment to avoid memory leak Meagan Lloyd <meaganlloyd(a)linux.microsoft.com> rtc: ds1307: remove clear of oscillator stop flag (OSF) in probe Sergey Bashirov <sergeybashirov(a)gmail.com> pNFS: Fix uninited ptr deref in block/scsi layout Sergey Bashirov <sergeybashirov(a)gmail.com> pNFS: Handle RPC size limit for layoutcommits Sergey Bashirov <sergeybashirov(a)gmail.com> pNFS: Fix disk addr range check in block/scsi layout Sergey Bashirov <sergeybashirov(a)gmail.com> pNFS: Fix stripe mapping in block/scsi layout John Garry <john.g.garry(a)oracle.com> block: avoid possible overflow for chunk_sectors check in blk_stack_limits() Cezary Rojewski <cezary.rojewski(a)intel.com> ASoC: Intel: avs: Fix uninitialized pointer error in probe() Buday Csaba <buday.csaba(a)prolan.hu> net: phy: smsc: add proper reset flags for LAN8710A Peter Jakubek <peterjakubek(a)gmail.com> ASoC: Intel: sof_sdw: Add quirk for Alienware Area 51 (2025) 0CCC SKU Thomas Croft <thomasmcft(a)gmail.com> ALSA: hda/realtek: add LG gram 16Z90R-A to alc269 fixup table Yu Kuai <yukuai3(a)huawei.com> lib/sbitmap: convert shallow_depth from one word to the whole sbitmap Stefan Metzmacher <metze(a)samba.org> smb: client: don't call init_waitqueue_head(&info->conn_wait) twice in _smbd_get_connection Calvin Owens <calvin(a)wbinvd.org> tools/power turbostat: Handle cap_get_proc() ENOSYS Calvin Owens <calvin(a)wbinvd.org> tools/power turbostat: Fix build with musl Len Brown <len.brown(a)intel.com> tools/power turbostat: Handle non-root legacy-uncore sysfs permissions Corey Minyard <corey(a)minyard.net> ipmi: Fix strcpy source and destination the same Yann E. MORIN <yann.morin.1998(a)free.fr> kconfig: lxdialog: fix 'space' to (de)select options Masahiro Yamada <masahiroy(a)kernel.org> kheaders: rebuild kheaders_data.tar.xz when a file is modified within a minute Masahiro Yamada <masahiroy(a)kernel.org> kconfig: gconf: fix potential memory leak in renderer_edited() Masahiro Yamada <masahiroy(a)kernel.org> kconfig: gconf: avoid hardcoding model2 in on_treeview2_cursor_changed() Breno Leitao <leitao(a)debian.org> ipmi: Use dev_warn_ratelimited() for incorrect message warnings Artem Sadovnikov <a.sadovnikov(a)ispras.ru> vfio/mlx5: fix possible overflow in tracking max message size John Garry <john.g.garry(a)oracle.com> scsi: aacraid: Stop using PCI_IRQ_AFFINITY Maurizio Lombardi <mlombard(a)redhat.com> scsi: target: core: Generate correct identifiers for PR OUT transport IDs Ranjan Kumar <ranjan.kumar(a)broadcom.com> scsi: Fix sas_user_scan() to handle wildcard and multi-channel scans Shankari Anand <shankari.ak0208(a)gmail.com> kconfig: nconf: Ensure null termination where strncpy is used Keith Busch <kbusch(a)kernel.org> vfio/type1: conditional rescheduling while pinning Suchit Karunakaran <suchitkarunakaran(a)gmail.com> kconfig: lxdialog: replace strcpy() with strncpy() in inputbox.c John Ogness <john.ogness(a)linutronix.de> printk: nbcon: Allow reacquire during panic Jaegeuk Kim <jaegeuk(a)kernel.org> f2fs: check the generic conditions first Yuezhang Mo <Yuezhang.Mo(a)sony.com> exfat: add cluster chain loop check for dir fangzhong.zhou <myth5(a)myth5.com> i2c: Force DLL0945 touchpad i2c freq to 100khz John Johansen <john.johansen(a)canonical.com> apparmor: fix x_table_lookup when stacking is not the first entry Mateusz Guzik <mjguzik(a)gmail.com> apparmor: use the condition in AA_BUG_FMT even with debug disabled Benjamin Marzinski <bmarzins(a)redhat.com> dm-table: fix checking for rq stackable devices Mikulas Patocka <mpatocka(a)redhat.com> dm-mpath: don't print the "loaded" message if registering fails Jorge Marques <jorge.marques(a)analog.com> i3c: master: Initialize ret in i3c_i2c_notifier_call() Wolfram Sang <wsa+renesas(a)sang-engineering.com> i3c: don't fail if GETHDRCAP is unsupported Gabriel Totev <gabriel.totev(a)zetier.com> apparmor: shift ouid when mediating hard links in userns Meagan Lloyd <meaganlloyd(a)linux.microsoft.com> rtc: ds1307: handle oscillator stop flag (OSF) for ds1341 Wolfram Sang <wsa+renesas(a)sang-engineering.com> i3c: add missing include to internal header Petr Pavlu <petr.pavlu(a)suse.com> module: Prevent silent truncation of module name in delete_module(2) Purva Yeshi <purvayeshi550(a)gmail.com> md: dm-zoned-target: Initialize return variable r to avoid uninitialized use Charles Keepax <ckeepax(a)opensource.cirrus.com> soundwire: Move handle_nested_irq outside of sdw_dev_lock Vijendar Mukunda <Vijendar.Mukunda(a)amd.com> soundwire: amd: cancel pending slave status handling workqueue during remove sequence Vijendar Mukunda <Vijendar.Mukunda(a)amd.com> soundwire: amd: serialize amd manager resume sequence during pm_prepare Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> clk: renesas: rzg2l: Postpone updating priv->clks[] Mario Limonciello <mario.limonciello(a)amd.com> crypto: ccp - Add missing bootloader info reg for pspv6 Bharat Bhushan <bbhushan2(a)marvell.com> crypto: octeontx2 - add timeout for load_fvc completion poll chenchangcheng <chenchangcheng(a)kylinos.cn> media: uvcvideo: Fix bandwidth issue for Alcor camera Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Set V4L2_CTRL_FLAG_DISABLED during queryctrl errors Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Add quirk for HP Webcam HD 2300 Alex Guo <alexguo1023(a)gmail.com> media: dvb-frontends: w7090p: fix null-ptr-deref in w7090p_tuner_write_serpar and w7090p_tuner_read_serpar Alex Guo <alexguo1023(a)gmail.com> media: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090p_rw_on_apb() Wolfram Sang <wsa+renesas(a)sang-engineering.com> media: usb: hdpvr: disable zero-length read messages Dave Stevenson <dave.stevenson(a)raspberrypi.com> media: tc358743: Increase FIFO trigger level to 374 Dave Stevenson <dave.stevenson(a)raspberrypi.com> media: tc358743: Return an appropriate colorspace from tc358743_set_fmt Dave Stevenson <dave.stevenson(a)raspberrypi.com> media: tc358743: Check I2C succeeded during probe Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> media: raspberrypi: cfe: Fix min_reqbufs_allocation Cheick Traore <cheick.traore(a)foss.st.com> pinctrl: stm32: Manage irq affinity settings Damien Le Moal <dlemoal(a)kernel.org> scsi: mpi3mr: Correctly handle ATA device errors Francisco Gutierrez <frankramirez(a)google.com> scsi: pm80xx: Free allocated tags after failure Damien Le Moal <dlemoal(a)kernel.org> scsi: mpt3sas: Correctly handle ATA device errors Li Chen <chenl311(a)chinatelecom.cn> HID: rate-limit hid_warn to prevent log flooding Abel Vesa <abel.vesa(a)linaro.org> power: supply: qcom_battmgr: Add lithium-polymer entry Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Ensure HBA_SETUP flag is used only for SLI4 in dev_loss_tmo_callbk Arnd Bergmann <arnd(a)arndb.de> RDMA/core: reduce stack using in nldev_stat_get_doit() Yury Norov [NVIDIA] <yury.norov(a)gmail.com> RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() Amelie Delaunay <amelie.delaunay(a)foss.st.com> dmaengine: stm32-dma: configure next sg only if there are more than 2 sgs Johan Adolfsson <johan.adolfsson(a)axis.com> leds: leds-lp50xx: Handle reg to get correct multi_index Niklas Söderlund <niklas.soderlund+renesas(a)ragnatech.se> media: v4l2-common: Reduce warnings about missing V4L2_CID_LINK_FREQ control Daniel Scally <dan.scally(a)ideasonboard.com> media: ipu-bridge: Add _HID for OV5670 Michal Wilczynski <m.wilczynski(a)samsung.com> clk: thead: Mark essential bus clocks as CLK_IGNORE_UNUSED Dikshita Agarwal <quic_dikshita(a)quicinc.com> media: iris: Add handling for corrupt and drop frames Shiji Yang <yangshiji66(a)outlook.com> MIPS: lantiq: falcon: sysctrl: fix request memory check logic Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> MIPS: Don't crash in stack_top() for tasks without ABI or vDSO Markus Theil <theil.markus(a)gmail.com> crypto: jitter - fix intermediary handling Kalesh AP <kalesh-anakkur.purayil(a)broadcom.com> RDMA/bnxt_re: Fix size of uverbs_copy_to() in BNXT_RE_METHOD_GET_TOGGLE_MEM Hans de Goede <hdegoede(a)redhat.com> media: hi556: Fix reset GPIO timings Arnaud Lecomte <contact(a)arnaud-lcm.com> jfs: upper bound check of tree index in dbAllocAG Edward Adam Davis <eadavis(a)qq.com> jfs: Regular file corruption check Lizhi Xu <lizhi.xu(a)windriver.com> jfs: truncate good inode pages when hard link is 0 jackysliu <1972843537(a)qq.com> scsi: bfa: Double-free fix Ziyan Fu <fuzy5(a)lenovo.com> watchdog: iTCO_wdt: Report error if timeout configuration fails Shiji Yang <yangshiji66(a)outlook.com> MIPS: vpe-mt: add missing prototypes for vpe_{alloc,start,stop,free} George Moussalem <george.moussalem(a)outlook.com> clk: qcom: ipq5018: keep XO clock always on Florin Leotescu <florin.leotescu(a)nxp.com> hwmon: (emc2305) Set initial PWM minimum value during probe based on thermal state Sebastian Reichel <sebastian.reichel(a)collabora.com> watchdog: dw_wdt: Fix default timeout Amir Mohammad Jahangirzad <a.jahangirzad(a)gmail.com> fs/orangefs: use snprintf() instead of sprintf() Showrya M N <showrya(a)chelsio.com> scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated Valmantas Paliksa <walmis(a)gmail.com> phy: rockchip-pcie: Enable all four lanes if required Geraldo Nascimento <geraldogabriel(a)gmail.com> phy: rockchip-pcie: Properly disable TEST_WRITE strobe signal Chen-Yu Tsai <wens(a)csie.org> mfd: axp20x: Set explicit ID for AXP313 regulator Mauro Carvalho Chehab <mchehab+huawei(a)kernel.org> sphinx: kernel_abi: fix performance regression with O=<dir> Pei Xiao <xiaopei01(a)kylinos.cn> clk: tegra: periph: Fix error handling and resolve unsigned compare warning Theodore Ts'o <tytso(a)mit.edu> ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr Zhiqi Song <songzhiqi1(a)huawei.com> crypto: hisilicon/hpre - fix dma unmap sequence Yongzhen Zhang <zhangyongzhen(a)kylinos.cn> fbdev: fix potential buffer overflow in do_register_framebuffer() Paulo Alcantara <pc(a)manguebit.org> smb: client: fix session setup against servers that require SPN Pali Rohár <pali(a)kernel.org> cifs: Fix calling CIFSFindFirst() for root path without msearch Aaron Plattner <aplattner(a)nvidia.com> watchdog: sbsa: Adjust keepalive timeout to avoid MediaTek WS0 race condition Roman Li <Roman.Li(a)amd.com> drm/amd/display: Disable dsc_power_gate for dcn314 by default Mario Limonciello <mario.limonciello(a)amd.com> drm/amd/display: Avoid configuring PSR granularity if PSR-SU not supported Mario Limonciello <mario.limonciello(a)amd.com> drm/amd/display: Only finalize atomic_obj if it was initialized Jason Wang <jasowang(a)redhat.com> vhost: fail early when __vhost_add_used() fails Will Deacon <will(a)kernel.org> vsock/virtio: Resize receive buffers so that each SKB fits in a 4K page Álvaro Fernández Rojas <noltari(a)gmail.com> net: dsa: b53: fix IP_MULTICAST_CTRL on BCM5325 Joel Fernandes <joelagnelf(a)nvidia.com> rcu: Fix rcu_read_unlock() deadloop due to IRQ work Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> drm/ttm: Respect the shrinker core free target Wayne Lin <Wayne.Lin(a)amd.com> drm/amd/display: Avoid trying AUX transactions on disconnected ports Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com> drm/amd/display: Update DMCUB loading sequence for DCN3.5 Yonghong Song <yonghong.song(a)linux.dev> selftests/bpf: Fix a user_ringbuf failure with arm64 64KB page size Yonghong Song <yonghong.song(a)linux.dev> selftests/bpf: Fix ringbuf/ringbuf_write test failure with arm64 64KB page size Ihor Solodrai <isolodrai(a)meta.com> bpf: Make reg_not_null() true for CONST_PTR_TO_MAP Jakub Kicinski <kuba(a)kernel.org> uapi: in6: restore visibility of most IPv6 socket options Emily Deng <Emily.Deng(a)amd.com> drm/ttm: Should to return the evict error Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> drm: renesas: rz-du: mipi_dsi: Add min check for VCLK range Hari Kalavakunta <kalavakunta.hari.prasad(a)gmail.com> net: ncsi: Fix buffer overflow in fetching version id Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> drm/xe: Make dma-fences compliant with the safe access rules Shannon Nelson <shannon.nelson(a)amd.com> ionic: clean dbpage in de-init Thomas Fourier <fourier.thomas(a)gmail.com> wifi: rtlwifi: fix possible skb memory leak in _rtl_pci_init_one_rxdesc() Chih-Kang Chang <gary.chang(a)realtek.com> wifi: rtw89: scan abort when assign/unassign_vif Breno Leitao <leitao(a)debian.org> ptp: Use ratelimite for freerun error message Yuan Chen <chenyuan(a)kylinos.cn> bpftool: Fix JSON writer resource leak in version command Álvaro Fernández Rojas <noltari(a)gmail.com> net: dsa: b53: prevent SWITCH_CTRL access on BCM5325 Álvaro Fernández Rojas <noltari(a)gmail.com> net: dsa: b53: prevent DIS_LEARNING access on BCM5325 Álvaro Fernández Rojas <noltari(a)gmail.com> net: dsa: b53: prevent GMII_PORT_OVERRIDE_CTRL access on BCM5325 Álvaro Fernández Rojas <noltari(a)gmail.com> net: dsa: b53: fix b53_imp_vlan_setup for BCM5325 Álvaro Fernández Rojas <noltari(a)gmail.com> net: dsa: b53: ensure BCM5325 PHYs are enabled Alok Tiwari <alok.a.tiwari(a)oracle.com> gve: Return error for unknown admin queue command Gal Pressman <gal(a)nvidia.com> net: vlan: Replace BUG() with WARN_ON_ONCE() in vlan_dev_* stubs Gal Pressman <gal(a)nvidia.com> net: vlan: Make is_vlan_dev() a stub when VLAN is not configured ganglxie <ganglxie(a)amd.com> drm/amdgpu: clear pa and mca record counter when resetting eeprom Lijo Lazar <lijo.lazar(a)amd.com> drm/amdgpu: Suspend IH during mode-2 reset Mario Limonciello <mario.limonciello(a)amd.com> drm/amd/display: Stop storing failures into adev->dm.cached_state Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Allow printing VanGogh OD SCLK levels without setting dpm to manual Heiner Kallweit <hkallweit1(a)gmail.com> dpaa_eth: don't use fixed_phy_change_carrier Stanislaw Gruszka <stf_xl(a)wp.pl> wifi: iwlegacy: Check rate_idx range after addition Mark Rutland <mark.rutland(a)arm.com> arm64: stacktrace: Check kretprobe_find_ret_addr() return value Mina Almasry <almasrymina(a)google.com> netmem: fix skb_frag_address_safe with unreadable skbs Thomas Fourier <fourier.thomas(a)gmail.com> powerpc: floppy: Add missing checks after DMA map Karthikeyan Kathirvel <quic_kathirve(a)quicinc.com> wifi: ath12k: Decrement TID on RX peer frag setup error handling Raj Kumar Bhagat <quic_rajkbhag(a)quicinc.com> wifi: ath12k: Enable REO queue lookup table feature on QCN9274 hw2.0 Ching-Te Ku <ku920601(a)realtek.com> wifi: rtw89: coex: Not to set slot duration to zero to avoid firmware issue Thomas Fourier <fourier.thomas(a)gmail.com> wifi: rtlwifi: fix possible skb memory leak in `_rtl_pci_rx_interrupt()`. Ramya Gnanasekar <ramya.gnanasekar(a)oss.qualcomm.com> wifi: mac80211: update radar_required in channel context after channel switch Alex Hung <alex.hung(a)amd.com> drm/amd/display: Initialize mode_select to 0 Wen Chen <Wen.Chen3(a)amd.com> drm/amd/display: Fix 'failed to blank crtc!' Zqiang <qiang.zhang1211(a)gmail.com> rcutorture: Fix rcutorture_one_extend_check() splat in RT kernels Pagadala Yesu Anjaneyulu <pagadala.yesu.anjaneyulu(a)intel.com> wifi: iwlwifi: fw: Fix possible memory leak in iwl_fw_dbg_collect Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: mld: fix last_mlo_scan_time type Miri Korenblit <miriam.rachel.korenblit(a)intel.com> wifi: iwlwifi: mld: don't exit EMLSR when we shouldn't Rand Deeb <rand.sec96(a)gmail.com> wifi: iwlwifi: dvm: fix potential overflow in rs_fill_link_cmd() Nathan Lynch <nathan.lynch(a)amd.com> lib: packing: Include necessary headers Hari Chandrakanthan <quic_haric(a)quicinc.com> wifi: ath12k: Fix station association with MBSSID Non-TX BSS Sarika Sharma <quic_sarishar(a)quicinc.com> wifi: ath12k: Add memset and update default rate value in wmi tx completion Andy Yan <andy.yan(a)rock-chips.com> drm/panel: raydium-rm67200: Move initialization from enable() to prepare stage Kang Yang <kang.yang(a)oss.qualcomm.com> wifi: ath10k: shutdown driver when hardware is unreliable Peichen Huang <PeiChen.Huang(a)amd.com> drm/amd/display: add null check Ilya Bakoulin <Ilya.Bakoulin(a)amd.com> drm/amd/display: Separate set_gsl from set_gsl_source_select Xiang Liu <xiang.liu(a)amd.com> drm/amdgpu: Use correct severity for BP threshold exceed event Jonas Rebmann <jre(a)pengutronix.de> net: fec: allow disable coalescing RubenKelevra <rubenkelevra(a)gmail.com> net: ieee8021q: fix insufficient table-size assertion Li Chen <chenl311(a)chinatelecom.cn> ACPI: Suppress misleading SPCR console message when SPCR table is absent Eric Work <work.eric(a)gmail.com> net: atlantic: add set_power to fw_ops for atl2 to fix wol Aakash Kumar S <saakashkumar(a)marvell.com> xfrm: Duplicate SPI Handling zhangjianrong <zhangjianrong5(a)huawei.com> net: thunderbolt: Fix the parameter passing of tb_xdomain_enable_paths()/tb_xdomain_disable_paths() zhangjianrong <zhangjianrong5(a)huawei.com> net: thunderbolt: Enable end-to-end flow control also in transmit Matt Roper <matthew.d.roper(a)intel.com> drm/xe/xe_query: Use separate iterator while filling GT list Mark Brown <broonie(a)kernel.org> kselftest/arm64: Specify SVE data when testing VL set in sve-ptrace David Bauer <mail(a)david-bauer.net> wifi: mt76: mt7915: mcu: increase eeprom command timeout David Bauer <mail(a)david-bauer.net> wifi: mt76: mt7915: mcu: re-init MCU before loading FW patch Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtw89: Disable deep power saving for USB/SDIO Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtw89: Fix rtw89_mac_power_switch() for USB Alessio Belle <alessio.belle(a)imgtec.com> drm/imagination: Clear runtime PM errors while resetting the GPU Robin Murphy <robin.murphy(a)arm.com> perf/arm: Add missing .suppress_bind_attrs Yuan Chen <chenyuan(a)kylinos.cn> drm/msm: Add error handling for krealloc in metadata setup Rob Clark <robdclark(a)chromium.org> drm/msm: use trylock for debugfs Rob Clark <robin.clark(a)oss.qualcomm.com> drm/msm: Update register xml Thierry Reding <treding(a)nvidia.com> drm/fbdev-client: Skip DRM clients if modesetting is absent Felix Fietkau <nbd(a)nbd.name> wifi: mt76: fix vif link allocation Lorenzo Bianconi <lorenzo(a)kernel.org> wifi: mt76: mt7996: Fix mlink lookup in mt7996_tx_prepare_skb Hari Chandrakanthan <quic_haric(a)quicinc.com> wifi: mac80211: fix rx link assignment for non-MLO stations Zqiang <qiang.zhang1211(a)gmail.com> rcu/nocb: Fix possible invalid rdp's->nocb_cb_kthread pointer access Kuniyuki Iwashima <kuniyu(a)google.com> ipv6: mcast: Check inet6_dev->dead under idev->mc_lock in __ipv6_dev_mc_inc(). Thomas Fourier <fourier.thomas(a)gmail.com> (powerpc/512) Fix possible `dma_unmap_single()` on uninitialized pointer Heiko Carstens <hca(a)linux.ibm.com> s390/early: Copy last breaking event address to pt_regs Miri Korenblit <miriam.rachel.korenblit(a)intel.com> wifi: mac80211: avoid weird state in error path Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: don't complete management TX on SAE commit Chris Mason <clm(a)fb.com> sched/fair: Bump sd->max_newidle_lb_cost when newidle balance fails Nam Cao <namcao(a)linutronix.de> rv: Add #undef TRACE_INCLUDE_FILE Kamil Horák - 2N <kamilh(a)axis.com> net: phy: bcm54811: PHY initialization Sven Schnelle <svens(a)linux.ibm.com> s390/stp: Remove udelay from stp_sync_clock() Philipp Stanner <phasta(a)kernel.org> drm/sched: Avoid memory leaks with cancel_job() callback Avraham Stern <avraham.stern(a)intel.com> wifi: iwlwifi: mvm: fix scan request validation Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> um: Re-evaluate thread flags repeatedly Avraham Stern <avraham.stern(a)intel.com> wifi: iwlwifi: mld: fix scan request validation Miri Korenblit <miriam.rachel.korenblit(a)intel.com> wifi: iwlwifi: mvm: set gtk id also in older FWs Paul Chaignon <paul.chaignon(a)gmail.com> bpf: Forget ranges when refining tnum after JSET Juri Lelli <juri.lelli(a)redhat.com> sched/deadline: Fix accounting after global limits change Alok Tiwari <alok.a.tiwari(a)oracle.com> perf/cxlpmu: Remove unintended newline from IRQ name format string Biju Das <biju.das.jz(a)bp.renesas.com> net: phy: micrel: Add ksz9131_resume() Alok Tiwari <alok.a.tiwari(a)oracle.com> net: thunderx: Fix format-truncation warning in bgx_acpi_match_id() Oscar Maes <oscmaes92(a)gmail.com> net: ipv4: fix incorrect MTU in broadcast routes Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: don't unreserve never reserved chanctx Ilan Peer <ilan.peer(a)intel.com> wifi: cfg80211: Fix interface type validation Miri Korenblit <miriam.rachel.korenblit(a)intel.com> wifi: mac80211: handle WLAN_HT_ACTION_NOTIFY_CHANWIDTH async Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: don't use TPE data from assoc response Matt Johnston <matt(a)codeconstruct.com.au> net: mctp: Prevent duplicate binds Vincent Mailhol <mailhol.vincent(a)wanadoo.fr> can: ti_hecc: fix -Woverflow compiler warning Charlene Liu <Charlene.Liu(a)amd.com> drm/amd/display: limit clear_update_flags to dcn32 and above Paul E. McKenney <paulmck(a)kernel.org> rcu: Protect ->defer_qs_iw_pending from data race Umio Yasuno <coelacanth_dream(a)protonmail.com> drm/amd/pm: fix null pointer access Breno Leitao <leitao(a)debian.org> arm64: Mark kernel as tainted on SAE and SError panic Jack Ping CHNG <jchng(a)maxlinear.com> net: pcs: xpcs: mask readl() return value to 16 bits Leon Romanovsky <leon(a)kernel.org> net/mlx5e: Properly access RCU protected qdisc_sleeping variable Thomas Fourier <fourier.thomas(a)gmail.com> net: ag71xx: Add missing check after DMA map Thomas Fourier <fourier.thomas(a)gmail.com> et131x: Add missing check after DMA map Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtw89: Lower the timeout in rtw89_fw_read_c2h_reg() for USB Chin-Yen Lee <timlee(a)realtek.com> wifi: rtw89: wow: Add Basic Rate IE to probe request in scheduled scan mode Matteo Croce <teknoraver(a)meta.com> libbpf: Fix warning in calloc() usage Ahmed Zaki <ahmed.zaki(a)intel.com> idpf: preserve coalescing settings across resets Eduard Zingerman <eddyz87(a)gmail.com> libbpf: Verify that arena map exists when adding arena relocations Alok Tiwari <alok.a.tiwari(a)oracle.com> be2net: Use correct byte order and format string for TCP seq and ack_seq Sven Schnelle <svens(a)linux.ibm.com> s390/time: Use monotonic clock in get_cycles() Sven Schnelle <svens(a)linux.ibm.com> s390/sclp: Use monotonic clock in sclp_sync_wait() Johannes Berg <johannes.berg(a)intel.com> wifi: cfg80211: reject HTC bit for management frames Steven Rostedt <rostedt(a)goodmis.org> ktest.pl: Prevent recursion of default variable options Sarika Sharma <quic_sarishar(a)quicinc.com> wifi: ath12k: Correct tid cleanup when tid setup fails Oliver Neukum <oneukum(a)suse.com> net: usb: cdc-ncm: check for filtering capability Avraham Stern <avraham.stern(a)intel.com> wifi: iwlwifi: mvm: avoid outdated reorder buffer head_sn Avraham Stern <avraham.stern(a)intel.com> wifi: iwlwifi: mld: avoid outdated reorder buffer head_sn Miri Korenblit <miriam.rachel.korenblit(a)intel.com> wifi: iwlwifi: mld: use spec link id and not FW link id Anthoine Bourgeois <anthoine.bourgeois(a)vates.tech> xen/netfront: Fix TX response spurious interrupts Uwe Kleine-König <ukleinek(a)debian.org> Bluetooth: btusb: Add support for variant of RTL8851BE (USB ID 13d3:3601) Zijun Hu <zijun.hu(a)oss.qualcomm.com> Bluetooth: hci_sock: Reset cookie to zero in hci_sock_free_cookie() Yang Li <yang.li(a)amlogic.com> Bluetooth: hci_event: Add support for handling LE BIG Sync Lost event En-Wei Wu <en-wei.wu(a)canonical.com> Bluetooth: btusb: Add new VID/PID 0489/e14e for MT7925 Nam Cao <namcao(a)linutronix.de> verification/dot2k: Make a separate dot2k_templates/Kconfig_container Steven Rostedt <rostedt(a)goodmis.org> powerpc/thp: tracing: Hide hugepage events under CONFIG_PPC_BOOK3S_64 Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> selftests: netfilter: Enable CONFIG_INET_SCTP_DIAG Florian Westphal <fw(a)strlen.de> netfilter: nft_set_pipapo: prefer kvmalloc for scratch maps Srinivas Kandagatla <srini(a)kernel.org> ASoC: qcom: use drvdata instead of component to keep id Xinxin Wan <xinxin.wan(a)intel.com> ASoC: codecs: rt5640: Retry DEVICE_ID verification Jonathan Santos <Jonathan.Santos(a)analog.com> iio: adc: ad7768-1: Ensure SYNC_IN pulse minimum timing requirement Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> ALSA: usb-audio: Avoid precedence issues in mixer_quirks macros Christophe Leroy <christophe.leroy(a)csgroup.eu> ALSA: pcm: Rewrite recalculate_boundary() to avoid costly loop Lucy Thrun <lucy.thrun(a)digital-rabbithole.de> ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control Tomasz Michalec <tmichalec(a)google.com> platform/chrome: cros_ec_typec: Defer probe on missing EC parent Kees Cook <kees(a)kernel.org> platform/x86: thinkpad_acpi: Handle KCOV __init vs inline mismatches Bjorn Andersson <bjorn.andersson(a)oss.qualcomm.com> soc: qcom: mdt_loader: Actually use the e_phoff Krzysztof Hałasa <khalasa(a)piap.pl> imx8m-blk-ctrl: set ISI panic write hurry level Gautham R. Shenoy <gautham.shenoy(a)amd.com> pm: cpupower: Fix the snapshot-order of tsc,mperf, clock in mperf_stop() Radhey Shyam Pandey <radhey.shyam.pandey(a)amd.com> usb: dwc3: xilinx: add shutdown callback Oliver Neukum <oneukum(a)suse.com> usb: core: usb_submit_urb: downgrade type check Tomasz Michalec <tmichalec(a)google.com> usb: typec: intel_pmc_mux: Defer probe if SCU IPC isn't present Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime() Joseph Tilahun <jtilahun(a)astranis.com> tty: serial: fix print format specifiers Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: topology: Parse the dapm_widget_tokens in case of DSPless mode Markus Stockhausen <markus.stockhausen(a)gmx.de> irqchip/mips-gic: Allow forced affinity Alok Tiwari <alok.a.tiwari(a)oracle.com> ALSA: intel8x0: Fix incorrect codec index usage in mixer for ICH4 Mark Brown <broonie(a)kernel.org> ASoC: hdac_hdmi: Rate limit logging on connection and disconnection Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bugs: Avoid warning when overriding return thunk Takashi Iwai <tiwai(a)suse.de> ALSA: hda: Disable jack polling at shutdown Takashi Iwai <tiwai(a)suse.de> ALSA: hda: Handle the jack polling always via a work Gwendal Grignou <gwendal(a)chromium.org> platform/chrome: cros_ec_sensorhub: Retries when a sensor is not ready Ulf Hansson <ulf.hansson(a)linaro.org> mmc: rtsx_usb_sdmmc: Fix error-path in sd_set_power_mode() Hans de Goede <hansg(a)kernel.org> mei: bus: Check for still connected devices in mei_cl_bus_dev_release() Zijun Hu <zijun.hu(a)oss.qualcomm.com> char: misc: Fix improper and inaccurate error code returned by misc_init() Charles Keepax <ckeepax(a)opensource.cirrus.com> ASoC: SDCA: Add flag for unused IRQs Peter Robinson <pbrobinson(a)gmail.com> reset: brcmstb: Enable reset drivers for ARCH_BCM2835 Eliav Farber <farbere(a)amazon.com> pps: clients: gpio: fix interrupt handling order in remove path Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> selftests: vDSO: vdso_test_getrandom: Always print TAP header Biju Das <biju.das.jz(a)bp.renesas.com> irqchip/renesas-rzv2h: Enable SKIP_SET_WAKE and MASK_ON_SUSPEND Breno Leitao <leitao(a)debian.org> ACPI: APEI: GHES: add TAINT_MACHINE_CHECK on GHES panic path Sarthak Garg <quic_sartgarg(a)quicinc.com> mmc: sdhci-msm: Ensure SD card power isn't ON when card removed Sebastian Ott <sebott(a)redhat.com> ACPI: processor: fix acpi_object initialization tuhaowen <tuhaowen(a)uniontech.com> PM: sleep: console: Fix the black screen issue Hsin-Te Yuan <yuanhsinte(a)chromium.org> thermal: sysfs: Return ENODATA instead of EAGAIN for reads Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PM: runtime: Clear power.needs_force_resume in pm_runtime_reinit() GalaxySnail <me(a)glxys.nl> ALSA: hda: add MODULE_FIRMWARE for cs35l41/cs35l56 Thierry Reding <treding(a)nvidia.com> firmware: tegra: Fix IVC dependency problems Peng Fan <peng.fan(a)nxp.com> firmware: arm_scmi: power_control: Ensure SCMI_SYSPOWER_IDLE is set early during resume Zhu Qiyu <qiyuzhu2(a)amd.com> ACPI: PRM: Reduce unnecessary printing to avoid user confusion Masami Hiramatsu (Google) <mhiramat(a)kernel.org> selftests: tracing: Use mutex_unlock for testing glob filter Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> tools/build: Fix s390(x) cross-compilation with clang Aaron Kling <webgeek1234(a)gmail.com> ARM: tegra: Use I/O memcpy to write to IRAM Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> gpio: tps65912: check the return value of regmap_update_bits() David Lechner <dlechner(a)baylibre.com> iio: adc: ad_sigma_delta: don't overallocate scan buffer Thomas Weißschuh <linux(a)weissschuh.net> tools/nolibc: define time_t in terms of __kernel_old_time_t David Collins <david.collins(a)oss.qualcomm.com> thermal/drivers/qcom-spmi-temp-alarm: Enable stage 2 shutdown when required Kuninori Morimoto <kuninori.morimoto.gx(a)renesas.com> ASoC: soc-dapm: set bias_level if snd_soc_dapm_set_bias_level() was successed Shubhrajyoti Datta <shubhrajyoti.datta(a)amd.com> EDAC/synopsys: Clear the ECC counters on init Lifeng Zheng <zhenglifeng1(a)huawei.com> PM / devfreq: governor: Replace sscanf() with kstrtoul() in set_freq_store() Alexander Kochetkov <al.kochet(a)gmail.com> ARM: rockchip: fix kernel hang during smp initialization Li RongQing <lirongqing(a)baidu.com> cpufreq: intel_pstate: Add Granite Rapids support in no-HWP mode Lifeng Zheng <zhenglifeng1(a)huawei.com> cpufreq: Exit governor when failed to start old governor Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> gpio: wcd934x: check the return value of regmap_update_bits() Guillaume La Roque <glaroque(a)baylibre.com> pmdomain: ti: Select PM_GENERIC_DOMAINS André Draszik <andre.draszik(a)linaro.org> usb: typec: tcpm/tcpci_maxim: fix irq wake usage Jameson Thies <jthies(a)google.com> usb: typec: ucsi: Add poll_cci operation to cros_ec_ucsi Binbin Zhou <zhoubinbin(a)loongson.cn> gpio: loongson-64bit: Extend GPIO irq support Tiffany Yang <ynaffit(a)google.com> binder: Fix selftest page indexing Hiago De Franco <hiago.franco(a)toradex.com> remoteproc: imx_rproc: skip clock enable when M-core is managed by the SCU Shuai Xue <xueshuai(a)linux.alibaba.com> ACPI: APEI: send SIGBUS to current task if synchronous memory error not recovered Maulik Shah <maulik.shah(a)oss.qualcomm.com> soc: qcom: rpmh-rsc: Add RSC version 4 support Mario Limonciello <mario.limonciello(a)amd.com> usb: xhci: Avoid showing errors during surprise removal Jay Chen <shawn2000100(a)gmail.com> usb: xhci: Set avg_trb_len = 8 for EP0 during Address Device Command Mario Limonciello <mario.limonciello(a)amd.com> usb: xhci: Avoid showing warnings for dying controller Vivek Pernamitta <quic_vpernami(a)quicinc.com> bus: mhi: host: pci_generic: Disable runtime PM for QDU100 Daniele Palmas <dnlplm(a)gmail.com> bus: mhi: host: pci_generic: Add Telit FN990B40 modem support Benson Leung <bleung(a)chromium.org> usb: typec: ucsi: psy: Set current max to 100mA for BC 1.2 and Default Cynthia Huang <cynthia(a)andestech.com> selftests/futex: Define SYS_futex on 32-bit architectures with 64-bit time_t Prashant Malani <pmalani(a)google.com> cpufreq: CPPC: Mark driver with NEED_UPDATE_LIMITS flag Mario Limonciello <mario.limonciello(a)amd.com> platform/x86/amd: pmc: Add Lenovo Yoga 6 13ALC6 to pmc quirk list Dave Penkler <dpenkler(a)gmail.com> staging: gpib: Add init response codes for new ni-usb-hs+ Su Hui <suhui(a)nfschina.com> usb: xhci: print xhci->xhc_state when queue_command failed Steven Rostedt <rostedt(a)goodmis.org> tracefs: Add d_delete to remove negative dentries Al Viro <viro(a)zeniv.linux.org.uk> securityfs: don't pin dentries twice, once is enough... Al Viro <viro(a)zeniv.linux.org.uk> fix locking in efi_secret_unlink() Wei Gao <wegao(a)suse.com> ext2: Handle fiemap on empty files to prevent EINVAL Al Viro <viro(a)zeniv.linux.org.uk> landlock: opened file never has a negative dentry Christian Brauner <brauner(a)kernel.org> pidfs: raise SB_I_NODEV and SB_I_NOEXEC Rong Zhang <ulin0208(a)gmail.com> fs/ntfs3: correctly create symlink for relative path Lizhi Xu <lizhi.xu(a)windriver.com> fs/ntfs3: Add sanity check for file name Damien Le Moal <dlemoal(a)kernel.org> ata: libata-sata: Disallow changing LPM state if not supported Damien Le Moal <dlemoal(a)kernel.org> ata: ahci: Disable DIPM if host lacks support Damien Le Moal <dlemoal(a)kernel.org> ata: ahci: Disallow LPM policy control if not supported Al Viro <viro(a)zeniv.linux.org.uk> better lockdep annotations for simple_recursive_removal() Viacheslav Dubeyko <slava(a)dubeyko.com> hfs: fix not erasing deleted b-tree node issue Sarah Newman <srn(a)prgmr.com> drbd: add missing kref_get in handle_write_conflicts Jan Kara <jack(a)suse.cz> udf: Verify partition map count Jan Kara <jack(a)suse.cz> loop: Avoid updating block size under exclusive owner Andrew Price <anprice(a)redhat.com> gfs2: Set .migrate_folio in gfs2_{rgrp,meta}_aops Andrew Price <anprice(a)redhat.com> gfs2: Validate i_depth for exhash directories Maurizio Lombardi <mlombard(a)redhat.com> nvme-tcp: log TLS handshake failures at error level John Garry <john.g.garry(a)oracle.com> md/raid10: set chunk_sectors limit John Garry <john.g.garry(a)oracle.com> dm-stripe: limit chunk_sectors to the stripe size Keith Busch <kbusch(a)kernel.org> nvme-pci: try function level reset on init failure NeilBrown <neil(a)brown.name> smb/server: avoid deadlock when linking with ReplaceIfExists Yeoreum Yun <yeoreum.yun(a)arm.com> firmware: arm_ffa: Change initcall level of ffa_init() to rootfs_initcall Yeoreum Yun <yeoreum.yun(a)arm.com> tpm: tpm_crb_ffa: try to probe tpm_crb_ffa when it's built-in Jarkko Sakkinen <jarkko(a)kernel.org> tpm: Check for completion after timeout Kees Cook <kees(a)kernel.org> arm64: Handle KCOV __init vs inline mismatches Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> hfsplus: don't use BUG_ON() in hfsplus_create_attributes_file() Viacheslav Dubeyko <slava(a)dubeyko.com> hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() Viacheslav Dubeyko <slava(a)dubeyko.com> hfsplus: fix slab-out-of-bounds in hfsplus_bnode_read() Viacheslav Dubeyko <slava(a)dubeyko.com> hfs: fix slab-out-of-bounds in hfs_bnode_read() Viacheslav Dubeyko <slava(a)dubeyko.com> hfs: fix general protection fault in hfs_find_init() Sven Stegemann <sven(a)stegemann.de> net: kcm: Fix race condition in kcm_unattach() Frederic Weisbecker <frederic(a)kernel.org> ipvs: Fix estimator kthreads preferred affinity Jakub Kicinski <kuba(a)kernel.org> tls: handle data disappearing from under the TLS ULP Jeongjun Park <aha310510(a)gmail.com> ptp: prevent possible ABBA deadlock in ptp_clock_freerun() Yao Zi <ziyao(a)disroot.org> riscv: dts: thead: Add APB clocks for TH1520 GMACs Yao Zi <ziyao(a)disroot.org> net: stmmac: thead: Get and enable APB clock on initialization Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpuidle: governors: menu: Avoid using invalid recent intervals data Len Brown <len.brown(a)intel.com> intel_idle: Allow loading ACPI tables for any family Gao Xiang <xiang(a)kernel.org> erofs: fix block count report when 48-bit layout is on Stanislav Fomichev <sdf(a)fomichev.me> hamradio: ignore ops-locked netdevs Stanislav Fomichev <sdf(a)fomichev.me> net: lapbether: ignore ops-locked netdevs Xin Long <lucien.xin(a)gmail.com> sctp: linearize cloned gso packets in sctp_rcv Alok Tiwari <alok.a.tiwari(a)oracle.com> net: ti: icss-iep: Fix incorrect type for return value in extts_enable() Jakub Kicinski <kuba(a)kernel.org> net: page_pool: allow enabling recycling late, fix false positive warning MD Danish Anwar <danishanwar(a)ti.com> net: ti: icssg-prueth: Fix emac link speed handling Jijie Shao <shaojijie(a)huawei.com> net: hibmcge: fix the np_link_fail error reporting issue Jijie Shao <shaojijie(a)huawei.com> net: hibmcge: fix the division by zero issue Jijie Shao <shaojijie(a)huawei.com> net: hibmcge: fix rtnl deadlock issue Florian Westphal <fw(a)strlen.de> netfilter: ctnetlink: fix refcount leak on table dump Sabrina Dubroca <sd(a)queasysnail.net> udp: also consider secpath when evaluating ipsec use for checksumming Sabrina Dubroca <sd(a)queasysnail.net> xfrm: restore GSO for SW crypto Jinjiang Tu <tujinjiang(a)huawei.com> mm/smaps: fix race between smaps_hugetlb_range and migration Al Viro <viro(a)zeniv.linux.org.uk> habanalabs: fix UAF in export_dmabuf() Stefan Metzmacher <metze(a)samba.org> smb: client: don't wait for info->send_pending == 0 on error Stefan Metzmacher <metze(a)samba.org> smb: client: let send_done() cleanup before calling smbd_disconnect_rdma_connection() Thomas Weißschuh <linux(a)weissschuh.net> mfd: cros_ec: Separate charge-control probing from USB-PD Li Zhijian <lizhijian(a)fujitsu.com> mm/memory-tier: fix abstract distance calculation overflow Damien Le Moal <dlemoal(a)kernel.org> block: Make REQ_OP_ZONE_FINISH a write operation Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> ACPI: processor: perflib: Move problematic pr->performance check Lukas Wunner <lukas(a)wunner.de> PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports Jiayi Li <lijiayi(a)kylinos.cn> ACPI: processor: perflib: Fix initial _PPC limit application Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Documentation: ACPI: Fix parent device references Jann Horn <jannh(a)google.com> eventpoll: Fix semi-unbounded recursion Sasha Levin <sashal(a)kernel.org> fs: Prevent file descriptor table allocations exceeding INT_MAX Eric Biggers <ebiggers(a)kernel.org> fscrypt: Don't use problematic non-inline crypto engines André Draszik <andre.draszik(a)linaro.org> clk: samsung: gs101: fix alternate mout_hsi0_usb20_ref parent clock André Draszik <andre.draszik(a)linaro.org> clk: samsung: gs101: fix CLK_DOUT_CMU_G3D_BUSD André Draszik <andre.draszik(a)linaro.org> clk: samsung: exynos850: fix a comment Ma Ke <make24(a)iscas.ac.cn> sunvdc: Balance device refcount in vdc_port_mpgroup_check Wentao Guan <guanwentao(a)uniontech.com> LoongArch: vDSO: Remove -nostdlib complier flag Yao Zi <ziyao(a)disroot.org> LoongArch: Avoid in-place string operation on FDT content Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Make relocate_new_kernel_size be a .quad value Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> LoongArch: Don't use %pK through printk() in unwinder Haoran Jiang <jianghaoran(a)kylinos.cn> LoongArch: BPF: Fix jump offset calculation in tailcall Huacai Chen <chenhuacai(a)kernel.org> PCI: Extend isolated function probing to LoongArch Trond Myklebust <trond.myklebust(a)hammerspace.com> NFS: Fix the setting of capabilities when automounting a new filesystem Dai Ngo <dai.ngo(a)oracle.com> NFSD: detect mismatch of file handle and delegation stateid in OPEN op Jeff Layton <jlayton(a)kernel.org> nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() Christian Brauner <brauner(a)kernel.org> fhandle: raise FILEID_IS_DIR in handle_type Fabio Porcedda <fabio.porcedda(a)gmail.com> net: usb: qmi_wwan: add Telit Cinterion FN990A w/audio composition Xu Yang <xu.yang_2(a)nxp.com> net: usb: asix_devices: add phy_mask for ax88772 mdio bus Johan Hovold <johan(a)kernel.org> net: dpaa: fix device leak when querying time stamp info Johan Hovold <johan(a)kernel.org> net: ti: icss-iep: fix device and OF node leaks at probe Johan Hovold <johan(a)kernel.org> net: mtk_eth_soc: fix device leak at probe Johan Hovold <johan(a)kernel.org> net: enetc: fix device and OF node leak at probe Johan Hovold <johan(a)kernel.org> net: gianfar: fix device leak when querying time stamp info Heiner Kallweit <hkallweit1(a)gmail.com> net: ftgmac100: fix potential NULL pointer access in ftgmac100_phy_disconnect Florian Larysch <fl(a)n621.de> net: phy: micrel: fix KSZ8081/KSZ8091 cable test Fedor Pchelkin <pchelkin(a)ispras.ru> netlink: avoid infinite retry looping in netlink_unicast() Daniel Golle <daniel(a)makrotopia.org> Revert "leds: trigger: netdev: Configure LED blink interval for HW offload" Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> leds: flash: leds-qcom-flash: Fix registry access after re-bind David Thompson <davthompson(a)nvidia.com> gpio: mlxbf3: use platform_get_irq_optional() David Thompson <davthompson(a)nvidia.com> Revert "gpio: mlxbf3: only get IRQ for device instance 0" David Thompson <davthompson(a)nvidia.com> gpio: mlxbf2: use platform_get_irq_optional() Dongcheng Yan <dongcheng.yan(a)intel.com> media: i2c: set lt6911uxe's reset_gpio to GPIOD_OUT_LOW Siddharth Vadapalli <s-vadapalli(a)ti.com> arm64: dts: ti: k3-j722s-evm: Fix USB gpio-hog level for Type-C Harald Mommer <harald.mommer(a)oss.qualcomm.com> gpio: virtio: Fix config space reading. Wang Zhaolong <wangzhaolong(a)huaweicloud.com> smb: client: remove redundant lstrp update in negotiate protocol Steve French <stfrench(a)microsoft.com> smb3: fix for slab out of bounds on mount to ksmbd Christopher Eby <kreed(a)kreed.org> ALSA: hda/realtek: Add Framework Laptop 13 (AMD Ryzen AI 300) to quirks Vasiliy Kovalev <kovalev(a)altlinux.org> ALSA: hda/realtek: Fix headset mic on HONOR BRB-X Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Validate UAC3 cluster segment descriptors Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Validate UAC3 power domain descriptors, too Jens Axboe <axboe(a)kernel.dk> io_uring/net: commit partial buffers on retry Jens Axboe <axboe(a)kernel.dk> io_uring/memmap: cast nr_pages to size_t before shifting Pavel Begunkov <asml.silence(a)gmail.com> io_uring: export io_[un]account_mem Pavel Begunkov <asml.silence(a)gmail.com> io_uring: don't use int for ABI ------------- Diffstat: Documentation/filesystems/fscrypt.rst | 37 +- Documentation/firmware-guide/acpi/i2c-muxes.rst | 8 +- Documentation/sphinx/kernel_abi.py | 6 +- Makefile | 4 +- arch/arm/mach-rockchip/platsmp.c | 15 +- arch/arm/mach-tegra/reset.c | 2 +- arch/arm64/boot/dts/ti/k3-j722s-evm.dts | 2 +- arch/arm64/include/asm/acpi.h | 2 +- arch/arm64/kernel/acpi.c | 10 +- arch/arm64/kernel/stacktrace.c | 2 + arch/arm64/kernel/traps.c | 1 + arch/arm64/mm/fault.c | 1 + arch/arm64/mm/ptdump_debugfs.c | 3 - arch/loongarch/kernel/env.c | 13 +- arch/loongarch/kernel/relocate_kernel.S | 2 +- arch/loongarch/kernel/unwind_orc.c | 2 +- arch/loongarch/net/bpf_jit.c | 21 +- arch/loongarch/vdso/Makefile | 2 +- arch/mips/include/asm/vpe.h | 8 + arch/mips/kernel/process.c | 16 +- arch/mips/lantiq/falcon/sysctrl.c | 23 +- arch/parisc/Makefile | 2 +- arch/powerpc/include/asm/floppy.h | 5 +- arch/powerpc/platforms/512x/mpc512x_lpbfifo.c | 6 +- arch/riscv/boot/dts/thead/th1520.dtsi | 10 +- arch/riscv/mm/ptdump.c | 3 - arch/s390/include/asm/timex.h | 13 +- arch/s390/kernel/early.c | 1 + arch/s390/kernel/time.c | 2 +- arch/s390/mm/dump_pagetables.c | 2 - arch/um/include/asm/thread_info.h | 4 + arch/um/kernel/process.c | 18 +- arch/x86/include/asm/kvm_host.h | 6 +- arch/x86/kernel/cpu/bugs.c | 5 +- arch/x86/kvm/svm/svm.c | 4 +- arch/x86/kvm/vmx/nested.c | 18 +- arch/x86/kvm/vmx/pmu_intel.c | 8 +- arch/x86/kvm/vmx/vmx.c | 41 +- arch/x86/kvm/vmx/vmx.h | 13 + arch/x86/kvm/vmx/x86_ops.h | 2 +- arch/x86/kvm/x86.c | 11 +- block/bfq-iosched.c | 35 +- block/bfq-iosched.h | 3 +- block/blk-mq.c | 6 +- block/blk-settings.c | 2 +- block/blk-zoned.c | 20 +- block/kyber-iosched.c | 9 +- block/mq-deadline.c | 16 +- crypto/jitterentropy-kcapi.c | 9 +- drivers/accel/habanalabs/common/memory.c | 23 +- drivers/acpi/acpi_processor.c | 2 +- drivers/acpi/apei/ghes.c | 13 + drivers/acpi/prmt.c | 26 +- drivers/acpi/processor_perflib.c | 11 + drivers/android/binder_alloc_selftest.c | 2 +- drivers/ata/ahci.c | 12 +- drivers/ata/ata_piix.c | 1 + drivers/ata/libahci.c | 1 + drivers/ata/libata-sata.c | 52 +- drivers/base/power/runtime.c | 5 + drivers/block/drbd/drbd_receiver.c | 6 +- drivers/block/loop.c | 38 +- drivers/block/sunvdc.c | 4 +- drivers/bluetooth/btusb.c | 3 + drivers/bus/mhi/host/pci_generic.c | 20 +- drivers/char/ipmi/ipmi_msghandler.c | 8 +- drivers/char/ipmi/ipmi_watchdog.c | 59 +- drivers/char/misc.c | 4 +- drivers/char/tpm/tpm-interface.c | 17 +- drivers/char/tpm/tpm_crb_ffa.c | 19 +- drivers/clk/qcom/dispcc-sm8750.c | 10 +- drivers/clk/qcom/gcc-ipq5018.c | 2 +- drivers/clk/qcom/gcc-ipq8074.c | 6 +- drivers/clk/renesas/rzg2l-cpg.c | 8 +- drivers/clk/samsung/clk-exynos850.c | 2 +- drivers/clk/samsung/clk-gs101.c | 4 +- drivers/clk/tegra/clk-periph.c | 4 +- drivers/clk/thead/clk-th1520-ap.c | 5 +- drivers/comedi/comedi_fops.c | 33 +- drivers/comedi/comedi_internal.h | 1 + drivers/comedi/drivers.c | 13 +- drivers/cpufreq/cppc_cpufreq.c | 2 +- drivers/cpufreq/cpufreq.c | 8 +- drivers/cpufreq/intel_pstate.c | 2 + drivers/cpuidle/governors/menu.c | 21 +- drivers/crypto/ccp/sp-pci.c | 1 + drivers/crypto/hisilicon/hpre/hpre_crypto.c | 8 +- .../crypto/marvell/octeontx2/otx2_cptpf_ucode.c | 16 +- drivers/devfreq/governor_userspace.c | 6 +- drivers/dma/stm32/stm32-dma.c | 2 +- drivers/edac/synopsys_edac.c | 93 +- drivers/firmware/arm_ffa/driver.c | 2 +- drivers/firmware/arm_scmi/scmi_power_control.c | 22 +- drivers/firmware/tegra/Kconfig | 5 +- drivers/gpio/gpio-loongson-64bit.c | 6 + drivers/gpio/gpio-mlxbf2.c | 2 +- drivers/gpio/gpio-mlxbf3.c | 52 +- drivers/gpio/gpio-tps65912.c | 7 +- drivers/gpio/gpio-virtio.c | 9 +- drivers/gpio/gpio-wcd934x.c | 7 +- drivers/gpu/drm/amd/amdgpu/aldebaran.c | 33 +- drivers/gpu/drm/amd/amdgpu/amdgpu_cper.c | 6 +- drivers/gpu/drm/amd/amdgpu/amdgpu_csa.c | 4 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ras_eeprom.c | 2 + drivers/gpu/drm/amd/amdgpu/amdgpu_vram_mgr.c | 3 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 28 +- .../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_psr.c | 6 +- drivers/gpu/drm/amd/display/dc/core/dc.c | 12 +- .../drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c | 11 +- drivers/gpu/drm/amd/display/dc/link/link_dpms.c | 3 +- .../gpu/drm/amd/display/dc/mpc/dcn401/dcn401_mpc.c | 2 +- .../display/dc/resource/dcn314/dcn314_resource.c | 1 + drivers/gpu/drm/amd/display/dmub/src/dmub_dcn35.c | 16 +- drivers/gpu/drm/amd/pm/amdgpu_pm.c | 5 + drivers/gpu/drm/amd/pm/swsmu/smu11/vangogh_ppt.c | 37 +- drivers/gpu/drm/clients/drm_client_setup.c | 5 + drivers/gpu/drm/i915/display/intel_psr.c | 14 +- drivers/gpu/drm/imagination/pvr_power.c | 59 +- drivers/gpu/drm/msm/Makefile | 5 + drivers/gpu/drm/msm/adreno/a6xx_catalog.c | 2 +- drivers/gpu/drm/msm/adreno/a6xx_gpu.h | 4 + drivers/gpu/drm/msm/adreno/a6xx_gpu_state.c | 2 +- drivers/gpu/drm/msm/adreno/a6xx_gpu_state.h | 2 +- drivers/gpu/drm/msm/adreno/a6xx_preempt.c | 2 +- .../gpu/drm/msm/adreno/adreno_gen7_9_0_snapshot.h | 4 +- drivers/gpu/drm/msm/msm_drv.c | 9 +- drivers/gpu/drm/msm/msm_gem.c | 3 +- drivers/gpu/drm/msm/msm_gem.h | 6 + drivers/gpu/drm/msm/registers/adreno/a6xx.xml | 3576 ++++---------------- .../drm/msm/registers/adreno/a6xx_descriptors.xml | 198 ++ .../gpu/drm/msm/registers/adreno/a6xx_enums.xml | 383 +++ .../drm/msm/registers/adreno/a6xx_perfcntrs.xml | 600 ++++ .../gpu/drm/msm/registers/adreno/a7xx_enums.xml | 223 ++ .../drm/msm/registers/adreno/a7xx_perfcntrs.xml | 1030 ++++++ .../gpu/drm/msm/registers/adreno/adreno_pm4.xml | 302 +- drivers/gpu/drm/panel/panel-raydium-rm67200.c | 22 +- drivers/gpu/drm/renesas/rz-du/rzg2l_mipi_dsi.c | 3 + drivers/gpu/drm/scheduler/sched_main.c | 34 +- drivers/gpu/drm/ttm/ttm_pool.c | 8 +- drivers/gpu/drm/ttm/ttm_resource.c | 3 + drivers/gpu/drm/xe/xe_guc_exec_queue_types.h | 2 + drivers/gpu/drm/xe/xe_guc_submit.c | 7 +- drivers/gpu/drm/xe/xe_hw_fence.c | 3 + drivers/gpu/drm/xe/xe_query.c | 27 +- drivers/hid/hid-core.c | 4 +- drivers/hid/hid-magicmouse.c | 56 +- drivers/hwmon/emc2305.c | 10 +- drivers/i2c/i2c-core-acpi.c | 1 + drivers/i3c/internals.h | 1 + drivers/i3c/master.c | 4 +- drivers/idle/intel_idle.c | 2 +- drivers/iio/adc/ad7768-1.c | 23 +- drivers/iio/adc/ad_sigma_delta.c | 2 +- drivers/infiniband/core/nldev.c | 22 +- drivers/infiniband/hw/bnxt_re/ib_verbs.c | 2 +- drivers/infiniband/hw/hfi1/affinity.c | 44 +- drivers/infiniband/sw/siw/siw_qp_tx.c | 5 +- drivers/iommu/arm/arm-smmu/arm-smmu-qcom.c | 1 + drivers/iommu/intel/iommu.c | 19 +- drivers/iommu/intel/iommu.h | 3 + drivers/iommu/iommufd/io_pagetable.c | 48 +- drivers/irqchip/irq-mips-gic.c | 8 +- drivers/irqchip/irq-renesas-rzv2h.c | 4 +- drivers/leds/flash/leds-qcom-flash.c | 15 +- drivers/leds/leds-lp50xx.c | 11 +- drivers/leds/trigger/ledtrig-netdev.c | 16 +- drivers/md/dm-ps-historical-service-time.c | 4 +- drivers/md/dm-ps-queue-length.c | 4 +- drivers/md/dm-ps-round-robin.c | 4 +- drivers/md/dm-ps-service-time.c | 4 +- drivers/md/dm-stripe.c | 1 + drivers/md/dm-table.c | 10 +- drivers/md/dm-zoned-target.c | 2 +- drivers/md/dm.c | 37 +- drivers/md/raid10.c | 1 + drivers/media/dvb-frontends/dib7000p.c | 8 + drivers/media/i2c/hi556.c | 7 +- drivers/media/i2c/lt6911uxe.c | 2 +- drivers/media/i2c/tc358743.c | 86 +- drivers/media/pci/intel/ipu-bridge.c | 2 + drivers/media/platform/qcom/iris/iris_buffer.c | 11 +- .../platform/qcom/iris/iris_hfi_gen1_defines.h | 2 + .../platform/qcom/iris/iris_hfi_gen1_response.c | 6 + drivers/media/platform/qcom/venus/hfi_msgs.c | 83 +- drivers/media/platform/raspberrypi/rp1-cfe/cfe.c | 4 +- drivers/media/usb/hdpvr/hdpvr-i2c.c | 6 + drivers/media/usb/uvc/uvc_ctrl.c | 55 +- drivers/media/usb/uvc/uvc_driver.c | 12 + drivers/media/usb/uvc/uvc_video.c | 21 +- drivers/media/usb/uvc/uvcvideo.h | 2 + drivers/media/v4l2-core/v4l2-common.c | 14 +- drivers/mfd/axp20x.c | 3 +- drivers/mfd/cros_ec_dev.c | 10 +- drivers/misc/cardreader/rtsx_usb.c | 16 +- drivers/misc/mei/bus.c | 6 + drivers/mmc/host/rtsx_usb_sdmmc.c | 4 +- drivers/mmc/host/sdhci-msm.c | 14 + drivers/net/can/ti_hecc.c | 2 +- drivers/net/dsa/b53/b53_common.c | 76 +- drivers/net/dsa/b53/b53_regs.h | 7 +- drivers/net/ethernet/agere/et131x.c | 36 + drivers/net/ethernet/aquantia/atlantic/aq_hw.h | 2 + .../aquantia/atlantic/hw_atl2/hw_atl2_utils_fw.c | 39 + drivers/net/ethernet/atheros/ag71xx.c | 9 + drivers/net/ethernet/broadcom/bnxt/bnxt.c | 9 +- drivers/net/ethernet/cavium/thunder/thunder_bgx.c | 4 +- drivers/net/ethernet/emulex/benet/be_main.c | 8 +- drivers/net/ethernet/faraday/ftgmac100.c | 7 +- drivers/net/ethernet/freescale/dpaa/dpaa_eth.c | 2 - drivers/net/ethernet/freescale/dpaa/dpaa_ethtool.c | 4 +- drivers/net/ethernet/freescale/enetc/enetc_pf.c | 14 +- drivers/net/ethernet/freescale/fec_main.c | 34 +- drivers/net/ethernet/freescale/gianfar_ethtool.c | 4 +- drivers/net/ethernet/google/gve/gve_adminq.c | 1 + drivers/net/ethernet/hisilicon/hibmcge/hbg_err.c | 14 +- drivers/net/ethernet/hisilicon/hibmcge/hbg_hw.c | 15 +- drivers/net/ethernet/hisilicon/hibmcge/hbg_txrx.h | 7 +- drivers/net/ethernet/intel/idpf/idpf.h | 19 + drivers/net/ethernet/intel/idpf/idpf_ethtool.c | 36 +- drivers/net/ethernet/intel/idpf/idpf_lib.c | 18 +- drivers/net/ethernet/intel/idpf/idpf_main.c | 1 + drivers/net/ethernet/intel/idpf/idpf_txrx.c | 13 +- drivers/net/ethernet/mediatek/mtk_wed.c | 1 - drivers/net/ethernet/mellanox/mlx5/core/en/qos.c | 2 +- drivers/net/ethernet/pensando/ionic/ionic_lif.c | 7 +- drivers/net/ethernet/stmicro/stmmac/dwmac-thead.c | 14 + drivers/net/ethernet/ti/icssg/icss_iep.c | 26 +- drivers/net/ethernet/ti/icssg/icssg_prueth.c | 6 + drivers/net/hamradio/bpqether.c | 2 +- drivers/net/hyperv/hyperv_net.h | 3 + drivers/net/hyperv/netvsc_drv.c | 29 +- drivers/net/pcs/pcs-xpcs-plat.c | 4 +- drivers/net/phy/broadcom.c | 25 +- drivers/net/phy/micrel.c | 12 +- drivers/net/phy/smsc.c | 1 + drivers/net/thunderbolt/main.c | 21 +- drivers/net/usb/asix_devices.c | 1 + drivers/net/usb/cdc_ncm.c | 20 +- drivers/net/usb/qmi_wwan.c | 1 + drivers/net/wan/lapbether.c | 2 +- drivers/net/wireless/ath/ath10k/core.c | 48 +- drivers/net/wireless/ath/ath10k/core.h | 11 +- drivers/net/wireless/ath/ath10k/mac.c | 7 +- drivers/net/wireless/ath/ath10k/wmi.c | 6 + drivers/net/wireless/ath/ath12k/core.h | 4 + drivers/net/wireless/ath/ath12k/dp.c | 3 +- drivers/net/wireless/ath/ath12k/hw.c | 2 +- drivers/net/wireless/ath/ath12k/mac.c | 79 +- drivers/net/wireless/ath/ath12k/wmi.c | 5 + drivers/net/wireless/ath/ath12k/wmi.h | 1 + drivers/net/wireless/intel/iwlegacy/4965-mac.c | 5 +- drivers/net/wireless/intel/iwlwifi/dvm/rs.c | 2 +- drivers/net/wireless/intel/iwlwifi/fw/dbg.c | 7 +- drivers/net/wireless/intel/iwlwifi/mld/agg.c | 5 + drivers/net/wireless/intel/iwlwifi/mld/iface.h | 3 + drivers/net/wireless/intel/iwlwifi/mld/link.c | 8 +- drivers/net/wireless/intel/iwlwifi/mld/mac80211.c | 1 + drivers/net/wireless/intel/iwlwifi/mld/mlo.c | 8 +- drivers/net/wireless/intel/iwlwifi/mld/scan.c | 2 +- drivers/net/wireless/intel/iwlwifi/mld/scan.h | 2 +- drivers/net/wireless/intel/iwlwifi/mvm/d3.c | 2 + drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c | 5 + drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 2 +- drivers/net/wireless/mediatek/mt76/channel.c | 4 +- drivers/net/wireless/mediatek/mt76/mt76.h | 5 +- drivers/net/wireless/mediatek/mt76/mt7915/mcu.c | 28 +- drivers/net/wireless/mediatek/mt76/mt7996/mac.c | 4 +- drivers/net/wireless/realtek/rtlwifi/pci.c | 23 +- drivers/net/wireless/realtek/rtw89/chan.c | 6 + drivers/net/wireless/realtek/rtw89/coex.c | 12 +- drivers/net/wireless/realtek/rtw89/core.c | 3 + drivers/net/wireless/realtek/rtw89/fw.c | 9 +- drivers/net/wireless/realtek/rtw89/fw.h | 2 + drivers/net/wireless/realtek/rtw89/mac.c | 19 + drivers/net/wireless/realtek/rtw89/reg.h | 1 + drivers/net/wireless/realtek/rtw89/wow.c | 5 +- drivers/net/xen-netfront.c | 5 - drivers/nvme/host/pci.c | 24 +- drivers/nvme/host/tcp.c | 11 +- drivers/pci/pci-acpi.c | 4 +- drivers/pci/pci.c | 6 +- drivers/pci/probe.c | 2 +- drivers/perf/arm-cmn.c | 1 + drivers/perf/arm-ni.c | 1 + drivers/perf/cxl_pmu.c | 2 +- drivers/phy/rockchip/phy-rockchip-pcie.c | 15 +- drivers/pinctrl/stm32/pinctrl-stm32.c | 1 + drivers/platform/chrome/cros_ec_sensorhub.c | 23 +- drivers/platform/chrome/cros_ec_typec.c | 4 +- drivers/platform/x86/amd/pmc/pmc-quirks.c | 9 + drivers/platform/x86/thinkpad_acpi.c | 4 +- drivers/pmdomain/imx/imx8m-blk-ctrl.c | 10 + drivers/pmdomain/ti/Kconfig | 2 +- drivers/power/supply/qcom_battmgr.c | 2 + drivers/pps/clients/pps-gpio.c | 5 +- drivers/ptp/ptp_clock.c | 2 +- drivers/ptp/ptp_private.h | 5 + drivers/ptp/ptp_vclock.c | 7 + drivers/remoteproc/imx_rproc.c | 4 +- drivers/reset/Kconfig | 10 +- drivers/rtc/rtc-ds1307.c | 15 +- drivers/s390/char/sclp.c | 4 +- drivers/scsi/aacraid/comminit.c | 3 +- drivers/scsi/bfa/bfad_im.c | 1 + drivers/scsi/libiscsi.c | 3 +- drivers/scsi/lpfc/lpfc_debugfs.c | 1 - drivers/scsi/lpfc/lpfc_hbadisc.c | 3 +- drivers/scsi/lpfc/lpfc_scsi.c | 4 + drivers/scsi/mpi3mr/mpi3mr_os.c | 20 +- drivers/scsi/mpt3sas/mpt3sas_scsih.c | 19 + drivers/scsi/pm8001/pm80xx_hwi.c | 12 +- drivers/scsi/scsi_scan.c | 2 +- drivers/scsi/scsi_transport_sas.c | 62 +- drivers/soc/qcom/mdt_loader.c | 10 +- drivers/soc/qcom/rpmh-rsc.c | 2 +- drivers/soundwire/amd_manager.c | 7 +- drivers/soundwire/bus.c | 6 +- drivers/staging/gpib/ni_usb/ni_usb_gpib.c | 14 +- drivers/target/target_core_fabric_lib.c | 65 +- drivers/target/target_core_internal.h | 4 +- drivers/target/target_core_pr.c | 18 +- drivers/thermal/qcom/qcom-spmi-temp-alarm.c | 43 +- drivers/thermal/thermal_sysfs.c | 9 +- drivers/thunderbolt/domain.c | 2 +- drivers/tty/serial/serial_core.c | 44 +- drivers/usb/class/cdc-acm.c | 11 +- drivers/usb/core/config.c | 10 +- drivers/usb/core/urb.c | 2 +- drivers/usb/dwc3/dwc3-xilinx.c | 1 + drivers/usb/host/xhci-mem.c | 2 + drivers/usb/host/xhci-ring.c | 10 +- drivers/usb/host/xhci.c | 6 +- drivers/usb/typec/mux/intel_pmc_mux.c | 2 +- drivers/usb/typec/tcpm/fusb302.c | 8 + drivers/usb/typec/tcpm/tcpci_maxim_core.c | 46 +- drivers/usb/typec/ucsi/cros_ec_ucsi.c | 1 + drivers/usb/typec/ucsi/psy.c | 2 +- drivers/usb/typec/ucsi/ucsi.c | 1 + drivers/usb/typec/ucsi/ucsi.h | 7 +- drivers/vfio/pci/mlx5/cmd.c | 4 +- drivers/vfio/vfio_iommu_type1.c | 7 + drivers/vhost/vhost.c | 3 + drivers/video/fbdev/Kconfig | 2 +- drivers/video/fbdev/core/fbcon.c | 9 +- drivers/video/fbdev/core/fbmem.c | 3 + drivers/virt/coco/efi_secret/efi_secret.c | 10 +- drivers/watchdog/dw_wdt.c | 2 + drivers/watchdog/iTCO_wdt.c | 6 +- drivers/watchdog/sbsa_gwdt.c | 50 +- fs/btrfs/block-group.c | 31 +- fs/btrfs/ctree.c | 1 + fs/btrfs/extent-tree.c | 33 +- fs/btrfs/inode.c | 2 +- fs/btrfs/ioctl.c | 3 +- fs/btrfs/qgroup.c | 44 +- fs/btrfs/relocation.c | 19 + fs/btrfs/send.c | 33 + fs/btrfs/transaction.c | 6 +- fs/btrfs/tree-log.c | 107 +- fs/btrfs/zoned.c | 5 +- fs/crypto/fscrypt_private.h | 17 + fs/crypto/hkdf.c | 2 +- fs/crypto/keysetup.c | 3 +- fs/crypto/keysetup_v1.c | 3 +- fs/erofs/super.c | 4 +- fs/eventpoll.c | 60 +- fs/exfat/dir.c | 12 + fs/exfat/fatent.c | 10 + fs/exfat/namei.c | 5 + fs/exfat/super.c | 32 +- fs/ext2/inode.c | 12 +- fs/ext4/inline.c | 19 +- fs/ext4/mballoc-test.c | 9 + fs/ext4/mballoc.c | 69 +- fs/f2fs/file.c | 24 +- fs/fhandle.c | 2 +- fs/file.c | 15 + fs/gfs2/dir.c | 6 +- fs/gfs2/glops.c | 6 + fs/gfs2/meta_io.c | 2 + fs/hfs/bfind.c | 3 + fs/hfs/bnode.c | 93 + fs/hfs/btree.c | 57 +- fs/hfs/extent.c | 2 +- fs/hfs/hfs_fs.h | 1 + fs/hfsplus/bnode.c | 92 + fs/hfsplus/unicode.c | 7 + fs/hfsplus/xattr.c | 6 +- fs/jfs/file.c | 3 + fs/jfs/inode.c | 2 +- fs/jfs/jfs_dmap.c | 6 + fs/libfs.c | 4 +- fs/nfs/blocklayout/blocklayout.c | 4 +- fs/nfs/blocklayout/dev.c | 5 +- fs/nfs/blocklayout/extent_tree.c | 20 +- fs/nfs/client.c | 44 +- fs/nfs/internal.h | 2 +- fs/nfs/nfs4client.c | 20 +- fs/nfs/nfs4proc.c | 2 +- fs/nfs/pnfs.c | 11 +- fs/nfsd/nfs4state.c | 34 +- fs/ntfs3/dir.c | 3 + fs/ntfs3/inode.c | 31 +- fs/ocfs2/aops.c | 1 + fs/orangefs/orangefs-debugfs.c | 2 +- fs/pidfs.c | 2 + fs/proc/task_mmu.c | 6 +- fs/smb/client/cifsencrypt.c | 79 +- fs/smb/client/cifssmb.c | 10 + fs/smb/client/compress.c | 61 +- fs/smb/client/connect.c | 1 - fs/smb/client/sess.c | 9 + fs/smb/client/smb2ops.c | 11 +- fs/smb/client/smbdirect.c | 25 +- fs/smb/server/smb2pdu.c | 16 +- fs/tracefs/inode.c | 11 + fs/udf/super.c | 13 +- fs/xfs/scrub/trace.h | 2 +- include/drm/gpu_scheduler.h | 18 + include/linux/blk_types.h | 6 +- include/linux/blkdev.h | 55 + include/linux/hid.h | 2 + include/linux/hypervisor.h | 3 + include/linux/if_vlan.h | 21 +- include/linux/libata.h | 1 + include/linux/memory-tiers.h | 2 +- include/linux/packing.h | 6 +- include/linux/pci.h | 6 + include/linux/sbitmap.h | 6 +- include/linux/skbuff.h | 8 +- include/linux/usb/cdc_ncm.h | 1 + include/linux/virtio_vsock.h | 7 +- include/net/bluetooth/hci.h | 6 + include/net/bluetooth/hci_core.h | 5 +- include/net/cfg80211.h | 2 +- include/net/ip_vs.h | 13 + include/net/kcm.h | 1 - include/net/mac80211.h | 4 + include/net/page_pool/types.h | 2 + include/sound/sdca_function.h | 2 + include/trace/events/thp.h | 2 + include/uapi/linux/in6.h | 4 +- include/uapi/linux/io_uring.h | 2 +- io_uring/memmap.c | 2 +- io_uring/net.c | 27 +- io_uring/rsrc.c | 4 +- io_uring/rsrc.h | 2 + io_uring/rw.c | 2 +- kernel/.gitignore | 2 + kernel/Makefile | 47 +- kernel/bpf/verifier.c | 7 +- kernel/gen_kheaders.sh | 88 +- kernel/kthread.c | 1 + kernel/module/main.c | 10 +- kernel/power/console.c | 7 +- kernel/printk/nbcon.c | 63 +- kernel/rcu/rcutorture.c | 9 +- kernel/rcu/tree.c | 2 + kernel/rcu/tree.h | 14 +- kernel/rcu/tree_nocb.h | 5 +- kernel/rcu/tree_plugin.h | 44 +- kernel/sched/deadline.c | 4 +- kernel/sched/fair.c | 19 +- kernel/sched/rt.c | 6 + kernel/trace/fprobe.c | 4 +- kernel/trace/rv/rv_trace.h | 3 +- lib/sbitmap.c | 56 +- mm/damon/core.c | 1 + mm/huge_memory.c | 7 +- mm/kmemleak.c | 10 +- mm/ptdump.c | 2 + mm/shmem.c | 39 +- mm/slub.c | 7 +- mm/userfaultfd.c | 15 +- net/bluetooth/hci_conn.c | 3 +- net/bluetooth/hci_event.c | 39 +- net/bluetooth/hci_sock.c | 2 +- net/core/ieee8021q_helpers.c | 44 +- net/core/page_pool.c | 29 + net/ipv4/route.c | 1 - net/ipv4/udp_offload.c | 2 +- net/ipv6/addrconf.c | 7 +- net/ipv6/mcast.c | 11 +- net/kcm/kcmsock.c | 10 +- net/mac80211/chan.c | 1 + net/mac80211/ht.c | 40 +- net/mac80211/ieee80211_i.h | 6 + net/mac80211/iface.c | 29 + net/mac80211/link.c | 9 +- net/mac80211/mlme.c | 45 +- net/mac80211/rx.c | 47 +- net/mctp/af_mctp.c | 28 +- net/ncsi/internal.h | 2 +- net/ncsi/ncsi-rsp.c | 1 + net/netfilter/ipvs/ip_vs_est.c | 3 +- net/netfilter/nf_conntrack_netlink.c | 24 +- net/netfilter/nft_set_pipapo.c | 9 +- net/netlink/af_netlink.c | 2 +- net/sched/sch_ets.c | 11 +- net/sctp/input.c | 2 +- net/tls/tls.h | 2 +- net/tls/tls_strp.c | 11 +- net/tls/tls_sw.c | 3 +- net/vmw_vsock/virtio_transport.c | 2 +- net/wireless/mlme.c | 3 +- net/xfrm/xfrm_device.c | 9 +- net/xfrm/xfrm_state.c | 74 +- rust/Makefile | 16 +- samples/damon/wsse.c | 12 +- scripts/kconfig/gconf.c | 8 +- scripts/kconfig/lxdialog/inputbox.c | 6 +- scripts/kconfig/lxdialog/menubox.c | 2 +- scripts/kconfig/nconf.c | 2 + scripts/kconfig/nconf.gui.c | 1 + security/apparmor/domain.c | 52 +- security/apparmor/file.c | 6 +- security/apparmor/include/lib.h | 6 +- security/inode.c | 2 - security/landlock/syscalls.c | 1 - sound/core/pcm_native.c | 19 +- sound/pci/hda/cs35l41_hda.c | 2 + sound/pci/hda/cs35l56_hda.c | 4 + sound/pci/hda/hda_codec.c | 44 +- sound/pci/hda/patch_ca0132.c | 2 +- sound/pci/hda/patch_realtek.c | 3 + sound/pci/intel8x0.c | 2 +- sound/soc/codecs/hdac_hdmi.c | 10 +- sound/soc/codecs/rt5640.c | 5 + sound/soc/fsl/fsl_sai.c | 20 +- sound/soc/intel/avs/core.c | 3 +- sound/soc/intel/boards/sof_sdw.c | 8 + sound/soc/qcom/lpass-platform.c | 27 +- sound/soc/sdca/sdca_functions.c | 2 + sound/soc/soc-core.c | 3 + sound/soc/soc-dapm.c | 4 + sound/soc/sof/topology.c | 15 +- sound/usb/mixer_quirks.c | 14 +- sound/usb/stream.c | 25 +- sound/usb/validate.c | 12 + tools/bpf/bpftool/main.c | 6 +- tools/include/nolibc/std.h | 4 +- tools/include/nolibc/types.h | 4 +- tools/lib/bpf/libbpf.c | 7 +- .../cpupower/utils/idle_monitor/mperf_monitor.c | 4 +- tools/power/x86/turbostat/turbostat.c | 14 +- tools/scripts/Makefile.include | 4 +- tools/testing/ktest/ktest.pl | 5 +- tools/testing/selftests/arm64/fp/sve-ptrace.c | 3 +- tools/testing/selftests/bpf/prog_tests/ringbuf.c | 4 +- .../selftests/bpf/prog_tests/user_ringbuf.c | 10 +- .../selftests/bpf/progs/test_ringbuf_write.c | 4 +- .../testing/selftests/bpf/progs/verifier_unpriv.c | 2 +- .../ftrace/test.d/ftrace/func-filter-glob.tc | 2 +- tools/testing/selftests/futex/include/futextest.h | 11 + tools/testing/selftests/net/netfilter/config | 2 +- tools/testing/selftests/vDSO/vdso_test_getrandom.c | 6 +- tools/verification/dot2/dot2k.py | 3 +- .../dot2/dot2k_templates/Kconfig_container | 5 + 558 files changed, 8133 insertions(+), 5029 deletions(-)

2 months, 3 weeks

8
11
0 0

FAILED: patch "[PATCH] drm/amd/display: Fix divide by zero when calculating min ODM" failed to apply to 6.16-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.16-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.16.y git checkout FETCH_HEAD git cherry-pick -x 3556dac8289456bc8b28670546b969f543967856 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082118-unbounded-tarnish-ef1e@gregkh' --subject-prefix 'PATCH 6.16.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 3556dac8289456bc8b28670546b969f543967856 Mon Sep 17 00:00:00 2001 From: Dillon Varone <dillon.varone(a)amd.com> Date: Thu, 10 Jul 2025 20:57:37 -0400 Subject: [PATCH] drm/amd/display: Fix divide by zero when calculating min ODM factor [WHY&HOW] If the debug option is set to disable_dsc the max slice width and/or dispclk can be zero. This causes a divide by zero when calculating the min ODM combine factor. Add a check to ensure they are valid first. Reviewed-by: Wenjing Liu <wenjing.liu(a)amd.com> Signed-off-by: Dillon Varone <dillon.varone(a)amd.com> Signed-off-by: Wayne Lin <wayne.lin(a)amd.com> Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org diff --git a/drivers/gpu/drm/amd/display/dc/dsc/dc_dsc.c b/drivers/gpu/drm/amd/display/dc/dsc/dc_dsc.c index a454d16e6586..1f53a9f0c0ac 100644 --- a/drivers/gpu/drm/amd/display/dc/dsc/dc_dsc.c +++ b/drivers/gpu/drm/amd/display/dc/dsc/dc_dsc.c @@ -152,7 +152,7 @@ uint32_t dc_bandwidth_in_kbps_from_timing( } /* Forward Declerations */ -static unsigned int get_min_slice_count_for_odm( +static unsigned int get_min_dsc_slice_count_for_odm( const struct display_stream_compressor *dsc, const struct dsc_enc_caps *dsc_enc_caps, const struct dc_crtc_timing *timing); @@ -466,7 +466,7 @@ bool dc_dsc_compute_bandwidth_range( struct dc_dsc_bw_range *range) { bool is_dsc_possible = false; - unsigned int min_slice_count; + unsigned int min_dsc_slice_count; struct dsc_enc_caps dsc_enc_caps; struct dsc_enc_caps dsc_common_caps; struct dc_dsc_config config = {0}; @@ -478,14 +478,14 @@ bool dc_dsc_compute_bandwidth_range( get_dsc_enc_caps(dsc, &dsc_enc_caps, timing->pix_clk_100hz); - min_slice_count = get_min_slice_count_for_odm(dsc, &dsc_enc_caps, timing); + min_dsc_slice_count = get_min_dsc_slice_count_for_odm(dsc, &dsc_enc_caps, timing); is_dsc_possible = intersect_dsc_caps(dsc_sink_caps, &dsc_enc_caps, timing->pixel_encoding, &dsc_common_caps); if (is_dsc_possible) is_dsc_possible = setup_dsc_config(dsc_sink_caps, &dsc_enc_caps, 0, timing, - &options, link_encoding, min_slice_count, &config); + &options, link_encoding, min_dsc_slice_count, &config); if (is_dsc_possible) is_dsc_possible = decide_dsc_bandwidth_range(min_bpp_x16, max_bpp_x16, @@ -593,14 +593,12 @@ static void build_dsc_enc_caps( struct dc *dc; - memset(&single_dsc_enc_caps, 0, sizeof(struct dsc_enc_caps)); - if (!dsc || !dsc->ctx || !dsc->ctx->dc || !dsc->funcs->dsc_get_single_enc_caps) return; dc = dsc->ctx->dc; - if (!dc->clk_mgr || !dc->clk_mgr->funcs->get_max_clock_khz || !dc->res_pool) + if (!dc->clk_mgr || !dc->clk_mgr->funcs->get_max_clock_khz || !dc->res_pool || dc->debug.disable_dsc) return; /* get max DSCCLK from clk_mgr */ @@ -634,7 +632,7 @@ static inline uint32_t dsc_div_by_10_round_up(uint32_t value) return (value + 9) / 10; } -static unsigned int get_min_slice_count_for_odm( +static unsigned int get_min_dsc_slice_count_for_odm( const struct display_stream_compressor *dsc, const struct dsc_enc_caps *dsc_enc_caps, const struct dc_crtc_timing *timing) @@ -651,6 +649,10 @@ static unsigned int get_min_slice_count_for_odm( } } + /* validate parameters */ + if (max_dispclk_khz == 0 || dsc_enc_caps->max_slice_width == 0) + return 1; + /* consider minimum odm slices required due to * 1) display pipe throughput (dispclk) * 2) max image width per slice @@ -669,13 +671,12 @@ static void get_dsc_enc_caps( { memset(dsc_enc_caps, 0, sizeof(struct dsc_enc_caps)); - if (!dsc) + if (!dsc || !dsc->ctx || !dsc->ctx->dc || dsc->ctx->dc->debug.disable_dsc) return; /* check if reported cap global or only for a single DCN DSC enc */ if (dsc->funcs->dsc_get_enc_caps) { - if (!dsc->ctx->dc->debug.disable_dsc) - dsc->funcs->dsc_get_enc_caps(dsc_enc_caps, pixel_clock_100Hz); + dsc->funcs->dsc_get_enc_caps(dsc_enc_caps, pixel_clock_100Hz); } else { build_dsc_enc_caps(dsc, dsc_enc_caps); } @@ -1295,10 +1296,10 @@ bool dc_dsc_compute_config( { bool is_dsc_possible = false; struct dsc_enc_caps dsc_enc_caps; - unsigned int min_slice_count; + unsigned int min_dsc_slice_count; get_dsc_enc_caps(dsc, &dsc_enc_caps, timing->pix_clk_100hz); - min_slice_count = get_min_slice_count_for_odm(dsc, &dsc_enc_caps, timing); + min_dsc_slice_count = get_min_dsc_slice_count_for_odm(dsc, &dsc_enc_caps, timing); is_dsc_possible = setup_dsc_config(dsc_sink_caps, &dsc_enc_caps, @@ -1306,7 +1307,7 @@ bool dc_dsc_compute_config( timing, options, link_encoding, - min_slice_count, + min_dsc_slice_count, dsc_cfg); return is_dsc_possible; }

2 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/amdgpu: Add NULL check for asic_funcs" failed to apply to 6.16-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.16-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.16.y git checkout FETCH_HEAD git cherry-pick -x c2fe914d50ab22defca14ac6fca33888bfb19843 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082158-amigo-vixen-99e8@gregkh' --subject-prefix 'PATCH 6.16.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c2fe914d50ab22defca14ac6fca33888bfb19843 Mon Sep 17 00:00:00 2001 From: Lijo Lazar <lijo.lazar(a)amd.com> Date: Fri, 18 Jul 2025 09:25:21 +0530 Subject: [PATCH] drm/amdgpu: Add NULL check for asic_funcs If driver load fails too early, asic_funcs pointer remains unassigned. Add NULL check to sanitize unwind path. Signed-off-by: Lijo Lazar <lijo.lazar(a)amd.com> Acked-by: Alex Deucher <alexander.deucher(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> (cherry picked from commit 582bf7c5158dce16f7dc5b8345b7876bd8031224) Cc: stable(a)vger.kernel.org diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_nbio.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_nbio.c index e56ba93a8df6..a974265837f0 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_nbio.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_nbio.c @@ -55,7 +55,8 @@ u64 amdgpu_nbio_get_pcie_replay_count(struct amdgpu_device *adev) bool amdgpu_nbio_is_replay_cnt_supported(struct amdgpu_device *adev) { - if (amdgpu_sriov_vf(adev) || !adev->asic_funcs->get_pcie_replay_count || + if (amdgpu_sriov_vf(adev) || !adev->asic_funcs || + !adev->asic_funcs->get_pcie_replay_count || (!adev->nbio.funcs || !adev->nbio.funcs->get_pcie_replay_count)) return false;

2 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] media: venus: venc: Clamp param smaller than 1fps and bigger" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 417c01b92ec278a1118a05c6ad8a796eaa0c9c52 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082111-undesired-module-2392@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 417c01b92ec278a1118a05c6ad8a796eaa0c9c52 Mon Sep 17 00:00:00 2001 From: Ricardo Ribalda <ribalda(a)chromium.org> Date: Mon, 16 Jun 2025 15:29:15 +0000 Subject: [PATCH] media: venus: venc: Clamp param smaller than 1fps and bigger than 240 The driver uses "whole" fps in all its calculations (e.g. in load_per_instance()). Those calculation expect an fps bigger than 1, and not big enough to overflow. Clamp the param if the user provides a value that will result in an invalid fps. Reported-by: Hans Verkuil <hverkuil(a)xs4all.nl> Closes: https://lore.kernel.org/linux-media/f11653a7-bc49-48cd-9cdb-1659147453e4@xs… Fixes: aaaa93eda64b ("[media] media: venus: venc: add video encoder files") Cc: stable(a)vger.kernel.org Signed-off-by: Ricardo Ribalda <ribalda(a)chromium.org> [bod: Change "parm" to "param"] Signed-off-by: Bryan O'Donoghue <bod(a)kernel.org> Signed-off-by: Hans Verkuil <hverkuil(a)xs4all.nl> diff --git a/drivers/media/platform/qcom/venus/venc.c b/drivers/media/platform/qcom/venus/venc.c index c7f8e37dba9b..b9ccee870c3d 100644 --- a/drivers/media/platform/qcom/venus/venc.c +++ b/drivers/media/platform/qcom/venus/venc.c @@ -411,11 +411,10 @@ static int venc_s_parm(struct file *file, void *fh, struct v4l2_streamparm *a) us_per_frame = timeperframe->numerator * (u64)USEC_PER_SEC; do_div(us_per_frame, timeperframe->denominator); - if (!us_per_frame) - return -EINVAL; - + us_per_frame = clamp(us_per_frame, 1, USEC_PER_SEC); fps = (u64)USEC_PER_SEC; do_div(fps, us_per_frame); + fps = min(VENUS_MAX_FPS, fps); inst->timeperframe = *timeperframe; inst->fps = fps;

2 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] media: venus: venc: Clamp param smaller than 1fps and bigger" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 417c01b92ec278a1118a05c6ad8a796eaa0c9c52 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082122-diffused-barrette-30b6@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 417c01b92ec278a1118a05c6ad8a796eaa0c9c52 Mon Sep 17 00:00:00 2001 From: Ricardo Ribalda <ribalda(a)chromium.org> Date: Mon, 16 Jun 2025 15:29:15 +0000 Subject: [PATCH] media: venus: venc: Clamp param smaller than 1fps and bigger than 240 The driver uses "whole" fps in all its calculations (e.g. in load_per_instance()). Those calculation expect an fps bigger than 1, and not big enough to overflow. Clamp the param if the user provides a value that will result in an invalid fps. Reported-by: Hans Verkuil <hverkuil(a)xs4all.nl> Closes: https://lore.kernel.org/linux-media/f11653a7-bc49-48cd-9cdb-1659147453e4@xs… Fixes: aaaa93eda64b ("[media] media: venus: venc: add video encoder files") Cc: stable(a)vger.kernel.org Signed-off-by: Ricardo Ribalda <ribalda(a)chromium.org> [bod: Change "parm" to "param"] Signed-off-by: Bryan O'Donoghue <bod(a)kernel.org> Signed-off-by: Hans Verkuil <hverkuil(a)xs4all.nl> diff --git a/drivers/media/platform/qcom/venus/venc.c b/drivers/media/platform/qcom/venus/venc.c index c7f8e37dba9b..b9ccee870c3d 100644 --- a/drivers/media/platform/qcom/venus/venc.c +++ b/drivers/media/platform/qcom/venus/venc.c @@ -411,11 +411,10 @@ static int venc_s_parm(struct file *file, void *fh, struct v4l2_streamparm *a) us_per_frame = timeperframe->numerator * (u64)USEC_PER_SEC; do_div(us_per_frame, timeperframe->denominator); - if (!us_per_frame) - return -EINVAL; - + us_per_frame = clamp(us_per_frame, 1, USEC_PER_SEC); fps = (u64)USEC_PER_SEC; do_div(fps, us_per_frame); + fps = min(VENUS_MAX_FPS, fps); inst->timeperframe = *timeperframe; inst->fps = fps;

2 months, 3 weeks

1
0
0 0

[PATCH] drm/amdgpu: drop hw access in non-DC audio fini

by Alex Deucher

We already disable the audio pins in hw_fini so there is no need to do it again in sw_fini. Closes: https://gitlab.freedesktop.org/drm/amd/-/issues/4481 Cc: stable(a)vger.kernel.org Cc: oushixiong <oushixiong1025(a)163.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> --- drivers/gpu/drm/amd/amdgpu/dce_v10_0.c | 5 ----- drivers/gpu/drm/amd/amdgpu/dce_v11_0.c | 5 ----- drivers/gpu/drm/amd/amdgpu/dce_v6_0.c | 5 ----- drivers/gpu/drm/amd/amdgpu/dce_v8_0.c | 5 ----- 4 files changed, 20 deletions(-) diff --git a/drivers/gpu/drm/amd/amdgpu/dce_v10_0.c b/drivers/gpu/drm/amd/amdgpu/dce_v10_0.c index bf7c22f81cda3..ba73518f5cdf3 100644 --- a/drivers/gpu/drm/amd/amdgpu/dce_v10_0.c +++ b/drivers/gpu/drm/amd/amdgpu/dce_v10_0.c @@ -1462,17 +1462,12 @@ static int dce_v10_0_audio_init(struct amdgpu_device *adev) static void dce_v10_0_audio_fini(struct amdgpu_device *adev) { - int i; - if (!amdgpu_audio) return; if (!adev->mode_info.audio.enabled) return; - for (i = 0; i < adev->mode_info.audio.num_pins; i++) - dce_v10_0_audio_enable(adev, &adev->mode_info.audio.pin[i], false); - adev->mode_info.audio.enabled = false; } diff --git a/drivers/gpu/drm/amd/amdgpu/dce_v11_0.c b/drivers/gpu/drm/amd/amdgpu/dce_v11_0.c index 47e05783c4a0e..b01d88d078fa2 100644 --- a/drivers/gpu/drm/amd/amdgpu/dce_v11_0.c +++ b/drivers/gpu/drm/amd/amdgpu/dce_v11_0.c @@ -1511,17 +1511,12 @@ static int dce_v11_0_audio_init(struct amdgpu_device *adev) static void dce_v11_0_audio_fini(struct amdgpu_device *adev) { - int i; - if (!amdgpu_audio) return; if (!adev->mode_info.audio.enabled) return; - for (i = 0; i < adev->mode_info.audio.num_pins; i++) - dce_v11_0_audio_enable(adev, &adev->mode_info.audio.pin[i], false); - adev->mode_info.audio.enabled = false; } diff --git a/drivers/gpu/drm/amd/amdgpu/dce_v6_0.c b/drivers/gpu/drm/amd/amdgpu/dce_v6_0.c index 276c025c4c03d..81760a26f2ffc 100644 --- a/drivers/gpu/drm/amd/amdgpu/dce_v6_0.c +++ b/drivers/gpu/drm/amd/amdgpu/dce_v6_0.c @@ -1451,17 +1451,12 @@ static int dce_v6_0_audio_init(struct amdgpu_device *adev) static void dce_v6_0_audio_fini(struct amdgpu_device *adev) { - int i; - if (!amdgpu_audio) return; if (!adev->mode_info.audio.enabled) return; - for (i = 0; i < adev->mode_info.audio.num_pins; i++) - dce_v6_0_audio_enable(adev, &adev->mode_info.audio.pin[i], false); - adev->mode_info.audio.enabled = false; } diff --git a/drivers/gpu/drm/amd/amdgpu/dce_v8_0.c b/drivers/gpu/drm/amd/amdgpu/dce_v8_0.c index e62ccf9eb73de..19a265bd4d196 100644 --- a/drivers/gpu/drm/amd/amdgpu/dce_v8_0.c +++ b/drivers/gpu/drm/amd/amdgpu/dce_v8_0.c @@ -1443,17 +1443,12 @@ static int dce_v8_0_audio_init(struct amdgpu_device *adev) static void dce_v8_0_audio_fini(struct amdgpu_device *adev) { - int i; - if (!amdgpu_audio) return; if (!adev->mode_info.audio.enabled) return; - for (i = 0; i < adev->mode_info.audio.num_pins; i++) - dce_v8_0_audio_enable(adev, &adev->mode_info.audio.pin[i], false); - adev->mode_info.audio.enabled = false; } -- 2.50.1

2 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/xe: Strict migration policy for atomic SVM faults" failed to apply to 6.16-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.16-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.16.y git checkout FETCH_HEAD git cherry-pick -x a9ac0fa455b050d03e3032501368048fb284d318 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082138-cyclist-fedora-c07f@gregkh' --subject-prefix 'PATCH 6.16.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a9ac0fa455b050d03e3032501368048fb284d318 Mon Sep 17 00:00:00 2001 From: Matthew Brost <matthew.brost(a)intel.com> Date: Mon, 12 May 2025 06:54:56 -0700 Subject: [PATCH] drm/xe: Strict migration policy for atomic SVM faults MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Mixing GPU and CPU atomics does not work unless a strict migration policy of GPU atomics must be device memory. Enforce a policy of must be in VRAM with a retry loop of 3 attempts, if retry loop fails abort fault. Removing always_migrate_to_vram modparam as we now have real migration policy. v2: - Only retry migration on atomics - Drop alway migrate modparam v3: - Only set vram_only on DGFX (Himal) - Bail on get_pages failure if vram_only and retry count exceeded (Himal) - s/vram_only/devmem_only - Update xe_svm_range_is_valid to accept devmem_only argument v4: - Fix logic bug get_pages failure v5: - Fix commit message (Himal) - Mention removing always_migrate_to_vram in commit message (Lucas) - Fix xe_svm_range_is_valid to check for devmem pages - Bail on devmem_only && !migrate_devmem (Thomas) v6: - Add READ_ONCE barriers for opportunistic checks (Thomas) - Pair READ_ONCE with WRITE_ONCE (Thomas) v7: - Adjust comments (Thomas) Fixes: 2f118c949160 ("drm/xe: Add SVM VRAM migration") Cc: stable(a)vger.kernel.org Signed-off-by: Himal Prasad Ghimiray <himal.prasad.ghimiray(a)intel.com> Signed-off-by: Matthew Brost <matthew.brost(a)intel.com> Acked-by: Himal Prasad Ghimiray <himal.prasad.ghimiray(a)intel.com> Reviewed-by: Thomas Hellström <thomas.hellstrom(a)linux.intel.com> Link: https://lore.kernel.org/r/20250512135500.1405019-3-matthew.brost@intel.com diff --git a/drivers/gpu/drm/drm_gpusvm.c b/drivers/gpu/drm/drm_gpusvm.c index a58d03e6cac2..41f6616bcf76 100644 --- a/drivers/gpu/drm/drm_gpusvm.c +++ b/drivers/gpu/drm/drm_gpusvm.c @@ -1118,6 +1118,10 @@ static void __drm_gpusvm_range_unmap_pages(struct drm_gpusvm *gpusvm, lockdep_assert_held(&gpusvm->notifier_lock); if (range->flags.has_dma_mapping) { + struct drm_gpusvm_range_flags flags = { + .__flags = range->flags.__flags, + }; + for (i = 0, j = 0; i < npages; j++) { struct drm_pagemap_device_addr *addr = &range->dma_addr[j]; @@ -1131,8 +1135,12 @@ static void __drm_gpusvm_range_unmap_pages(struct drm_gpusvm *gpusvm, dev, *addr); i += 1 << addr->order; } - range->flags.has_devmem_pages = false; - range->flags.has_dma_mapping = false; + + /* WRITE_ONCE pairs with READ_ONCE for opportunistic checks */ + flags.has_devmem_pages = false; + flags.has_dma_mapping = false; + WRITE_ONCE(range->flags.__flags, flags.__flags); + range->dpagemap = NULL; } } @@ -1334,6 +1342,7 @@ int drm_gpusvm_range_get_pages(struct drm_gpusvm *gpusvm, int err = 0; struct dev_pagemap *pagemap; struct drm_pagemap *dpagemap; + struct drm_gpusvm_range_flags flags; retry: hmm_range.notifier_seq = mmu_interval_read_begin(notifier); @@ -1378,7 +1387,8 @@ int drm_gpusvm_range_get_pages(struct drm_gpusvm *gpusvm, */ drm_gpusvm_notifier_lock(gpusvm); - if (range->flags.unmapped) { + flags.__flags = range->flags.__flags; + if (flags.unmapped) { drm_gpusvm_notifier_unlock(gpusvm); err = -EFAULT; goto err_free; @@ -1474,14 +1484,17 @@ int drm_gpusvm_range_get_pages(struct drm_gpusvm *gpusvm, } i += 1 << order; num_dma_mapped = i; - range->flags.has_dma_mapping = true; + flags.has_dma_mapping = true; } if (zdd) { - range->flags.has_devmem_pages = true; + flags.has_devmem_pages = true; range->dpagemap = dpagemap; } + /* WRITE_ONCE pairs with READ_ONCE for opportunistic checks */ + WRITE_ONCE(range->flags.__flags, flags.__flags); + drm_gpusvm_notifier_unlock(gpusvm); kvfree(pfns); set_seqno: diff --git a/drivers/gpu/drm/xe/xe_module.c b/drivers/gpu/drm/xe/xe_module.c index 64bf46646544..e4742e27e2cd 100644 --- a/drivers/gpu/drm/xe/xe_module.c +++ b/drivers/gpu/drm/xe/xe_module.c @@ -30,9 +30,6 @@ struct xe_modparam xe_modparam = { module_param_named(svm_notifier_size, xe_modparam.svm_notifier_size, uint, 0600); MODULE_PARM_DESC(svm_notifier_size, "Set the svm notifier size(in MiB), must be power of 2"); -module_param_named(always_migrate_to_vram, xe_modparam.always_migrate_to_vram, bool, 0444); -MODULE_PARM_DESC(always_migrate_to_vram, "Always migrate to VRAM on GPU fault"); - module_param_named_unsafe(force_execlist, xe_modparam.force_execlist, bool, 0444); MODULE_PARM_DESC(force_execlist, "Force Execlist submission"); diff --git a/drivers/gpu/drm/xe/xe_module.h b/drivers/gpu/drm/xe/xe_module.h index 84339e509c80..5a3bfea8b7b4 100644 --- a/drivers/gpu/drm/xe/xe_module.h +++ b/drivers/gpu/drm/xe/xe_module.h @@ -12,7 +12,6 @@ struct xe_modparam { bool force_execlist; bool probe_display; - bool always_migrate_to_vram; u32 force_vram_bar_size; int guc_log_level; char *guc_firmware_path; diff --git a/drivers/gpu/drm/xe/xe_pt.c b/drivers/gpu/drm/xe/xe_pt.c index b42cf5d1b20c..b04756a97cdc 100644 --- a/drivers/gpu/drm/xe/xe_pt.c +++ b/drivers/gpu/drm/xe/xe_pt.c @@ -2270,11 +2270,19 @@ static void op_commit(struct xe_vm *vm, } case DRM_GPUVA_OP_DRIVER: { + /* WRITE_ONCE pairs with READ_ONCE in xe_svm.c */ + if (op->subop == XE_VMA_SUBOP_MAP_RANGE) { - op->map_range.range->tile_present |= BIT(tile->id); - op->map_range.range->tile_invalidated &= ~BIT(tile->id); + WRITE_ONCE(op->map_range.range->tile_present, + op->map_range.range->tile_present | + BIT(tile->id)); + WRITE_ONCE(op->map_range.range->tile_invalidated, + op->map_range.range->tile_invalidated & + ~BIT(tile->id)); } else if (op->subop == XE_VMA_SUBOP_UNMAP_RANGE) { - op->unmap_range.range->tile_present &= ~BIT(tile->id); + WRITE_ONCE(op->unmap_range.range->tile_present, + op->unmap_range.range->tile_present & + ~BIT(tile->id)); } break; } diff --git a/drivers/gpu/drm/xe/xe_svm.c b/drivers/gpu/drm/xe/xe_svm.c index d25f02c8d7fc..d8e15259a8df 100644 --- a/drivers/gpu/drm/xe/xe_svm.c +++ b/drivers/gpu/drm/xe/xe_svm.c @@ -16,8 +16,17 @@ static bool xe_svm_range_in_vram(struct xe_svm_range *range) { - /* Not reliable without notifier lock */ - return range->base.flags.has_devmem_pages; + /* + * Advisory only check whether the range is currently backed by VRAM + * memory. + */ + + struct drm_gpusvm_range_flags flags = { + /* Pairs with WRITE_ONCE in drm_gpusvm.c */ + .__flags = READ_ONCE(range->base.flags.__flags), + }; + + return flags.has_devmem_pages; } static bool xe_svm_range_has_vram_binding(struct xe_svm_range *range) @@ -650,9 +659,16 @@ void xe_svm_fini(struct xe_vm *vm) } static bool xe_svm_range_is_valid(struct xe_svm_range *range, - struct xe_tile *tile) + struct xe_tile *tile, + bool devmem_only) { - return (range->tile_present & ~range->tile_invalidated) & BIT(tile->id); + /* + * Advisory only check whether the range currently has a valid mapping, + * READ_ONCE pairs with WRITE_ONCE in xe_pt.c + */ + return ((READ_ONCE(range->tile_present) & + ~READ_ONCE(range->tile_invalidated)) & BIT(tile->id)) && + (!devmem_only || xe_svm_range_in_vram(range)); } #if IS_ENABLED(CONFIG_DRM_XE_DEVMEM_MIRROR) @@ -726,6 +742,36 @@ static int xe_svm_alloc_vram(struct xe_vm *vm, struct xe_tile *tile, } #endif +static bool supports_4K_migration(struct xe_device *xe) +{ + if (xe->info.vram_flags & XE_VRAM_FLAGS_NEED64K) + return false; + + return true; +} + +static bool xe_svm_range_needs_migrate_to_vram(struct xe_svm_range *range, + struct xe_vma *vma) +{ + struct xe_vm *vm = range_to_vm(&range->base); + u64 range_size = xe_svm_range_size(range); + + if (!range->base.flags.migrate_devmem) + return false; + + if (xe_svm_range_in_vram(range)) { + drm_dbg(&vm->xe->drm, "Range is already in VRAM\n"); + return false; + } + + if (range_size <= SZ_64K && !supports_4K_migration(vm->xe)) { + drm_dbg(&vm->xe->drm, "Platform doesn't support SZ_4K range migration\n"); + return false; + } + + return true; +} + /** * xe_svm_handle_pagefault() - SVM handle page fault * @vm: The VM. @@ -749,12 +795,15 @@ int xe_svm_handle_pagefault(struct xe_vm *vm, struct xe_vma *vma, IS_ENABLED(CONFIG_DRM_XE_DEVMEM_MIRROR), .check_pages_threshold = IS_DGFX(vm->xe) && IS_ENABLED(CONFIG_DRM_XE_DEVMEM_MIRROR) ? SZ_64K : 0, + .devmem_only = atomic && IS_DGFX(vm->xe) && + IS_ENABLED(CONFIG_DRM_XE_DEVMEM_MIRROR), }; struct xe_svm_range *range; struct drm_gpusvm_range *r; struct drm_exec exec; struct dma_fence *fence; struct xe_tile *tile = gt_to_tile(gt); + int migrate_try_count = ctx.devmem_only ? 3 : 1; ktime_t end = 0; int err; @@ -775,24 +824,30 @@ int xe_svm_handle_pagefault(struct xe_vm *vm, struct xe_vma *vma, if (IS_ERR(r)) return PTR_ERR(r); + if (ctx.devmem_only && !r->flags.migrate_devmem) + return -EACCES; + range = to_xe_range(r); - if (xe_svm_range_is_valid(range, tile)) + if (xe_svm_range_is_valid(range, tile, ctx.devmem_only)) return 0; range_debug(range, "PAGE FAULT"); - /* XXX: Add migration policy, for now migrate range once */ - if (!range->skip_migrate && range->base.flags.migrate_devmem && - xe_svm_range_size(range) >= SZ_64K) { - range->skip_migrate = true; - + if (--migrate_try_count >= 0 && + xe_svm_range_needs_migrate_to_vram(range, vma)) { err = xe_svm_alloc_vram(vm, tile, range, &ctx); if (err) { - drm_dbg(&vm->xe->drm, - "VRAM allocation failed, falling back to " - "retrying fault, asid=%u, errno=%pe\n", - vm->usm.asid, ERR_PTR(err)); - goto retry; + if (migrate_try_count || !ctx.devmem_only) { + drm_dbg(&vm->xe->drm, + "VRAM allocation failed, falling back to retrying fault, asid=%u, errno=%pe\n", + vm->usm.asid, ERR_PTR(err)); + goto retry; + } else { + drm_err(&vm->xe->drm, + "VRAM allocation failed, retry count exceeded, asid=%u, errno=%pe\n", + vm->usm.asid, ERR_PTR(err)); + return err; + } } } @@ -800,15 +855,22 @@ int xe_svm_handle_pagefault(struct xe_vm *vm, struct xe_vma *vma, err = drm_gpusvm_range_get_pages(&vm->svm.gpusvm, r, &ctx); /* Corner where CPU mappings have changed */ if (err == -EOPNOTSUPP || err == -EFAULT || err == -EPERM) { - if (err == -EOPNOTSUPP) { - range_debug(range, "PAGE FAULT - EVICT PAGES"); - drm_gpusvm_range_evict(&vm->svm.gpusvm, &range->base); + if (migrate_try_count > 0 || !ctx.devmem_only) { + if (err == -EOPNOTSUPP) { + range_debug(range, "PAGE FAULT - EVICT PAGES"); + drm_gpusvm_range_evict(&vm->svm.gpusvm, + &range->base); + } + drm_dbg(&vm->xe->drm, + "Get pages failed, falling back to retrying, asid=%u, gpusvm=%p, errno=%pe\n", + vm->usm.asid, &vm->svm.gpusvm, ERR_PTR(err)); + range_debug(range, "PAGE FAULT - RETRY PAGES"); + goto retry; + } else { + drm_err(&vm->xe->drm, + "Get pages failed, retry count exceeded, asid=%u, gpusvm=%p, errno=%pe\n", + vm->usm.asid, &vm->svm.gpusvm, ERR_PTR(err)); } - drm_dbg(&vm->xe->drm, - "Get pages failed, falling back to retrying, asid=%u, gpusvm=%p, errno=%pe\n", - vm->usm.asid, &vm->svm.gpusvm, ERR_PTR(err)); - range_debug(range, "PAGE FAULT - RETRY PAGES"); - goto retry; } if (err) { range_debug(range, "PAGE FAULT - FAIL PAGE COLLECT"); @@ -842,9 +904,6 @@ int xe_svm_handle_pagefault(struct xe_vm *vm, struct xe_vma *vma, } drm_exec_fini(&exec); - if (xe_modparam.always_migrate_to_vram) - range->skip_migrate = false; - dma_fence_wait(fence, false); dma_fence_put(fence); diff --git a/drivers/gpu/drm/xe/xe_svm.h b/drivers/gpu/drm/xe/xe_svm.h index 2881af1e60b2..30fc78b85b30 100644 --- a/drivers/gpu/drm/xe/xe_svm.h +++ b/drivers/gpu/drm/xe/xe_svm.h @@ -39,11 +39,6 @@ struct xe_svm_range { * range. Protected by GPU SVM notifier lock. */ u8 tile_invalidated; - /** - * @skip_migrate: Skip migration to VRAM, protected by GPU fault handler - * locking. - */ - u8 skip_migrate :1; }; /** diff --git a/include/drm/drm_gpusvm.h b/include/drm/drm_gpusvm.h index 9fd25fc880a4..653d48dbe1c1 100644 --- a/include/drm/drm_gpusvm.h +++ b/include/drm/drm_gpusvm.h @@ -185,6 +185,31 @@ struct drm_gpusvm_notifier { } flags; }; +/** + * struct drm_gpusvm_range_flags - Structure representing a GPU SVM range flags + * + * @migrate_devmem: Flag indicating whether the range can be migrated to device memory + * @unmapped: Flag indicating if the range has been unmapped + * @partial_unmap: Flag indicating if the range has been partially unmapped + * @has_devmem_pages: Flag indicating if the range has devmem pages + * @has_dma_mapping: Flag indicating if the range has a DMA mapping + * @__flags: Flags for range in u16 form (used for READ_ONCE) + */ +struct drm_gpusvm_range_flags { + union { + struct { + /* All flags below must be set upon creation */ + u16 migrate_devmem : 1; + /* All flags below must be set / cleared under notifier lock */ + u16 unmapped : 1; + u16 partial_unmap : 1; + u16 has_devmem_pages : 1; + u16 has_dma_mapping : 1; + }; + u16 __flags; + }; +}; + /** * struct drm_gpusvm_range - Structure representing a GPU SVM range * @@ -198,11 +223,6 @@ struct drm_gpusvm_notifier { * @dpagemap: The struct drm_pagemap of the device pages we're dma-mapping. * Note this is assuming only one drm_pagemap per range is allowed. * @flags: Flags for range - * @flags.migrate_devmem: Flag indicating whether the range can be migrated to device memory - * @flags.unmapped: Flag indicating if the range has been unmapped - * @flags.partial_unmap: Flag indicating if the range has been partially unmapped - * @flags.has_devmem_pages: Flag indicating if the range has devmem pages - * @flags.has_dma_mapping: Flag indicating if the range has a DMA mapping * * This structure represents a GPU SVM range used for tracking memory ranges * mapped in a DRM device. @@ -216,15 +236,7 @@ struct drm_gpusvm_range { unsigned long notifier_seq; struct drm_pagemap_device_addr *dma_addr; struct drm_pagemap *dpagemap; - struct { - /* All flags below must be set upon creation */ - u16 migrate_devmem : 1; - /* All flags below must be set / cleared under notifier lock */ - u16 unmapped : 1; - u16 partial_unmap : 1; - u16 has_devmem_pages : 1; - u16 has_dma_mapping : 1; - } flags; + struct drm_gpusvm_range_flags flags; }; /**

2 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/xe: Timeslice GPU on atomic SVM fault" failed to apply to 6.16-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.16-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.16.y git checkout FETCH_HEAD git cherry-pick -x a5d8d3be1dea8154edbbea481081469627665659 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082126-playable-viewer-a6f2@gregkh' --subject-prefix 'PATCH 6.16.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a5d8d3be1dea8154edbbea481081469627665659 Mon Sep 17 00:00:00 2001 From: Matthew Brost <matthew.brost(a)intel.com> Date: Mon, 12 May 2025 06:54:58 -0700 Subject: [PATCH] drm/xe: Timeslice GPU on atomic SVM fault Ensure GPU can make forward progress on an atomic SVM GPU fault by giving the GPU a timeslice of 5ms v2: - Reduce timeslice to 5ms - Double timeslice on retry - Split out GPU SVM changes into independent patch v5: - Double timeslice in a few more places Fixes: 2f118c949160 ("drm/xe: Add SVM VRAM migration") Cc: stable(a)vger.kernel.org Signed-off-by: Matthew Brost <matthew.brost(a)intel.com> Reviewed-by: Himal Prasad Ghimiray <himal.prasad.ghimiray(a)intel.com> Link: https://lore.kernel.org/r/20250512135500.1405019-5-matthew.brost@intel.com diff --git a/drivers/gpu/drm/xe/xe_svm.c b/drivers/gpu/drm/xe/xe_svm.c index d8e15259a8df..d934df622276 100644 --- a/drivers/gpu/drm/xe/xe_svm.c +++ b/drivers/gpu/drm/xe/xe_svm.c @@ -797,6 +797,8 @@ int xe_svm_handle_pagefault(struct xe_vm *vm, struct xe_vma *vma, IS_ENABLED(CONFIG_DRM_XE_DEVMEM_MIRROR) ? SZ_64K : 0, .devmem_only = atomic && IS_DGFX(vm->xe) && IS_ENABLED(CONFIG_DRM_XE_DEVMEM_MIRROR), + .timeslice_ms = atomic && IS_DGFX(vm->xe) && + IS_ENABLED(CONFIG_DRM_XE_DEVMEM_MIRROR) ? 5 : 0, }; struct xe_svm_range *range; struct drm_gpusvm_range *r; @@ -836,6 +838,7 @@ int xe_svm_handle_pagefault(struct xe_vm *vm, struct xe_vma *vma, if (--migrate_try_count >= 0 && xe_svm_range_needs_migrate_to_vram(range, vma)) { err = xe_svm_alloc_vram(vm, tile, range, &ctx); + ctx.timeslice_ms <<= 1; /* Double timeslice if we have to retry */ if (err) { if (migrate_try_count || !ctx.devmem_only) { drm_dbg(&vm->xe->drm, @@ -855,6 +858,7 @@ int xe_svm_handle_pagefault(struct xe_vm *vm, struct xe_vma *vma, err = drm_gpusvm_range_get_pages(&vm->svm.gpusvm, r, &ctx); /* Corner where CPU mappings have changed */ if (err == -EOPNOTSUPP || err == -EFAULT || err == -EPERM) { + ctx.timeslice_ms <<= 1; /* Double timeslice if we have to retry */ if (migrate_try_count > 0 || !ctx.devmem_only) { if (err == -EOPNOTSUPP) { range_debug(range, "PAGE FAULT - EVICT PAGES"); @@ -894,6 +898,7 @@ int xe_svm_handle_pagefault(struct xe_vm *vm, struct xe_vma *vma, drm_exec_fini(&exec); err = PTR_ERR(fence); if (err == -EAGAIN) { + ctx.timeslice_ms <<= 1; /* Double timeslice if we have to retry */ range_debug(range, "PAGE FAULT - RETRY BIND"); goto retry; }

2 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/gpusvm: Add timeslicing support to GPU SVM" failed to apply to 6.16-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.16-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.16.y git checkout FETCH_HEAD git cherry-pick -x 8dc1812b5b3a42311d28eb385eed88e2053ad3cb # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082118-unhook-drinking-9926@gregkh' --subject-prefix 'PATCH 6.16.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8dc1812b5b3a42311d28eb385eed88e2053ad3cb Mon Sep 17 00:00:00 2001 From: Matthew Brost <matthew.brost(a)intel.com> Date: Mon, 12 May 2025 06:54:57 -0700 Subject: [PATCH] drm/gpusvm: Add timeslicing support to GPU SVM Add timeslicing support to GPU SVM which will guarantee the GPU a minimum execution time on piece of physical memory before migration back to CPU. Intended to implement strict migration policies which require memory to be in a certain placement for correct execution. Required for shared CPU and GPU atomics on certain devices. Fixes: 99624bdff867 ("drm/gpusvm: Add support for GPU Shared Virtual Memory") Cc: stable(a)vger.kernel.org Signed-off-by: Matthew Brost <matthew.brost(a)intel.com> Reviewed-by: Himal Prasad Ghimiray <himal.prasad.ghimiray(a)intel.com> Link: https://lore.kernel.org/r/20250512135500.1405019-4-matthew.brost@intel.com diff --git a/drivers/gpu/drm/drm_gpusvm.c b/drivers/gpu/drm/drm_gpusvm.c index 41f6616bcf76..4b2f32889f00 100644 --- a/drivers/gpu/drm/drm_gpusvm.c +++ b/drivers/gpu/drm/drm_gpusvm.c @@ -1783,6 +1783,8 @@ int drm_gpusvm_migrate_to_devmem(struct drm_gpusvm *gpusvm, goto err_finalize; /* Upon success bind devmem allocation to range and zdd */ + devmem_allocation->timeslice_expiration = get_jiffies_64() + + msecs_to_jiffies(ctx->timeslice_ms); zdd->devmem_allocation = devmem_allocation; /* Owns ref */ err_finalize: @@ -2003,6 +2005,13 @@ static int __drm_gpusvm_migrate_to_ram(struct vm_area_struct *vas, void *buf; int i, err = 0; + if (page) { + zdd = page->zone_device_data; + if (time_before64(get_jiffies_64(), + zdd->devmem_allocation->timeslice_expiration)) + return 0; + } + start = ALIGN_DOWN(fault_addr, size); end = ALIGN(fault_addr + 1, size); diff --git a/include/drm/drm_gpusvm.h b/include/drm/drm_gpusvm.h index 653d48dbe1c1..eaf704d3d05e 100644 --- a/include/drm/drm_gpusvm.h +++ b/include/drm/drm_gpusvm.h @@ -89,6 +89,7 @@ struct drm_gpusvm_devmem_ops { * @ops: Pointer to the operations structure for GPU SVM device memory * @dpagemap: The struct drm_pagemap of the pages this allocation belongs to. * @size: Size of device memory allocation + * @timeslice_expiration: Timeslice expiration in jiffies */ struct drm_gpusvm_devmem { struct device *dev; @@ -97,6 +98,7 @@ struct drm_gpusvm_devmem { const struct drm_gpusvm_devmem_ops *ops; struct drm_pagemap *dpagemap; size_t size; + u64 timeslice_expiration; }; /** @@ -295,6 +297,8 @@ struct drm_gpusvm { * @check_pages_threshold: Check CPU pages for present if chunk is less than or * equal to threshold. If not present, reduce chunk * size. + * @timeslice_ms: The timeslice MS which in minimum time a piece of memory + * remains with either exclusive GPU or CPU access. * @in_notifier: entering from a MMU notifier * @read_only: operating on read-only memory * @devmem_possible: possible to use device memory @@ -304,6 +308,7 @@ struct drm_gpusvm { */ struct drm_gpusvm_ctx { unsigned long check_pages_threshold; + unsigned long timeslice_ms; unsigned int in_notifier :1; unsigned int read_only :1; unsigned int devmem_possible :1;

2 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/gpusvm: Introduce devmem_only flag for allocation" failed to apply to 6.16-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.16-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.16.y git checkout FETCH_HEAD git cherry-pick -x 8a9b978ebd47df9e0694c34748c2d6fa0c31eb4d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082112-ecologist-starry-b438@gregkh' --subject-prefix 'PATCH 6.16.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8a9b978ebd47df9e0694c34748c2d6fa0c31eb4d Mon Sep 17 00:00:00 2001 From: Himal Prasad Ghimiray <himal.prasad.ghimiray(a)intel.com> Date: Mon, 12 May 2025 06:54:55 -0700 Subject: [PATCH] drm/gpusvm: Introduce devmem_only flag for allocation This commit adds a new flag, devmem_only, to the drm_gpusvm structure. The purpose of this flag is to ensure that the get_pages function allocates memory exclusively from the device's memory. If the allocation from device memory fails, the function will return an -EFAULT error. Required for shared CPU and GPU atomics on certain devices. v3: - s/vram_only/devmem_only/ Fixes: 99624bdff867 ("drm/gpusvm: Add support for GPU Shared Virtual Memory") Cc: stable(a)vger.kernel.org Signed-off-by: Matthew Brost <matthew.brost(a)intel.com> Signed-off-by: Himal Prasad Ghimiray <himal.prasad.ghimiray(a)intel.com> Reviewed-by: Matthew Brost <matthew.brost(a)intel.com> Link: https://lore.kernel.org/r/20250512135500.1405019-2-matthew.brost@intel.com diff --git a/drivers/gpu/drm/drm_gpusvm.c b/drivers/gpu/drm/drm_gpusvm.c index de424e670995..a58d03e6cac2 100644 --- a/drivers/gpu/drm/drm_gpusvm.c +++ b/drivers/gpu/drm/drm_gpusvm.c @@ -1454,6 +1454,11 @@ int drm_gpusvm_range_get_pages(struct drm_gpusvm *gpusvm, goto err_unmap; } + if (ctx->devmem_only) { + err = -EFAULT; + goto err_unmap; + } + addr = dma_map_page(gpusvm->drm->dev, page, 0, PAGE_SIZE << order, diff --git a/include/drm/drm_gpusvm.h b/include/drm/drm_gpusvm.h index df120b4d1f83..9fd25fc880a4 100644 --- a/include/drm/drm_gpusvm.h +++ b/include/drm/drm_gpusvm.h @@ -286,6 +286,7 @@ struct drm_gpusvm { * @in_notifier: entering from a MMU notifier * @read_only: operating on read-only memory * @devmem_possible: possible to use device memory + * @devmem_only: use only device memory * * Context that is DRM GPUSVM is operating in (i.e. user arguments). */ @@ -294,6 +295,7 @@ struct drm_gpusvm_ctx { unsigned int in_notifier :1; unsigned int read_only :1; unsigned int devmem_possible :1; + unsigned int devmem_only :1; }; int drm_gpusvm_init(struct drm_gpusvm *gpusvm,

2 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/xe/bmg: Add one additional PCI ID" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x ccfb15b8158c11a8304204aeac354c7b1cfb18a3 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082138-spew-mardi-8760@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ccfb15b8158c11a8304204aeac354c7b1cfb18a3 Mon Sep 17 00:00:00 2001 From: "Vodapalli, Ravi Kumar" <ravi.kumar.vodapalli(a)intel.com> Date: Fri, 4 Jul 2025 16:05:27 +0530 Subject: [PATCH] drm/xe/bmg: Add one additional PCI ID One additional PCI ID is added in Bspec for BMG, Add it so that driver recognizes this device with this new ID. Bspec: 68090 Cc: stable(a)vger.kernel.org # v6.12+ Signed-off-by: Vodapalli, Ravi Kumar <ravi.kumar.vodapalli(a)intel.com> Reviewed-by: Shekhar Chauhan <shekhar.chauhan(a)intel.com> Acked-by: Matthew Auld <matthew.auld(a)intel.com> Signed-off-by: Matthew Auld <matthew.auld(a)intel.com> Link: https://lore.kernel.org/r/20250704103527.100178-1-ravi.kumar.vodapalli@inte… diff --git a/include/drm/intel/pciids.h b/include/drm/intel/pciids.h index a0180d10e260..76f8d26f9cc9 100644 --- a/include/drm/intel/pciids.h +++ b/include/drm/intel/pciids.h @@ -846,6 +846,7 @@ /* BMG */ #define INTEL_BMG_IDS(MACRO__, ...) \ MACRO__(0xE202, ## __VA_ARGS__), \ + MACRO__(0xE209, ## __VA_ARGS__), \ MACRO__(0xE20B, ## __VA_ARGS__), \ MACRO__(0xE20C, ## __VA_ARGS__), \ MACRO__(0xE20D, ## __VA_ARGS__), \

2 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/xe: Release runtime pm for error path of" failed to apply to 6.16-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.16-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.16.y git checkout FETCH_HEAD git cherry-pick -x 017ef1228d735965419ff118fe1b89089e772c42 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082107-shortcut-trough-dbf3@gregkh' --subject-prefix 'PATCH 6.16.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 017ef1228d735965419ff118fe1b89089e772c42 Mon Sep 17 00:00:00 2001 From: Shuicheng Lin <shuicheng.lin(a)intel.com> Date: Mon, 7 Jul 2025 00:49:14 +0000 Subject: [PATCH] drm/xe: Release runtime pm for error path of xe_devcoredump_read() xe_pm_runtime_put() is missed to be called for the error path in xe_devcoredump_read(). Add function description comments for xe_devcoredump_read() to help understand it. v2: more detail function comments and refine goto logic (Matt) Fixes: c4a2e5f865b7 ("drm/xe: Add devcoredump chunking") Cc: stable(a)vger.kernel.org Reviewed-by: Matthew Brost <matthew.brost(a)intel.com> Signed-off-by: Shuicheng Lin <shuicheng.lin(a)intel.com> Signed-off-by: Matthew Brost <matthew.brost(a)intel.com> Link: https://lore.kernel.org/r/20250707004911.3502904-6-shuicheng.lin@intel.com diff --git a/drivers/gpu/drm/xe/xe_devcoredump.c b/drivers/gpu/drm/xe/xe_devcoredump.c index 94625010abc4..203e3038cc81 100644 --- a/drivers/gpu/drm/xe/xe_devcoredump.c +++ b/drivers/gpu/drm/xe/xe_devcoredump.c @@ -171,14 +171,32 @@ static void xe_devcoredump_snapshot_free(struct xe_devcoredump_snapshot *ss) #define XE_DEVCOREDUMP_CHUNK_MAX (SZ_512M + SZ_1G) +/** + * xe_devcoredump_read() - Read data from the Xe device coredump snapshot + * @buffer: Destination buffer to copy the coredump data into + * @offset: Offset in the coredump data to start reading from + * @count: Number of bytes to read + * @data: Pointer to the xe_devcoredump structure + * @datalen: Length of the data (unused) + * + * Reads a chunk of the coredump snapshot data into the provided buffer. + * If the devcoredump is smaller than 1.5 GB (XE_DEVCOREDUMP_CHUNK_MAX), + * it is read directly from a pre-written buffer. For larger devcoredumps, + * the pre-written buffer must be periodically repopulated from the snapshot + * state due to kmalloc size limitations. + * + * Return: Number of bytes copied on success, or a negative error code on failure. + */ static ssize_t xe_devcoredump_read(char *buffer, loff_t offset, size_t count, void *data, size_t datalen) { struct xe_devcoredump *coredump = data; struct xe_devcoredump_snapshot *ss; - ssize_t byte_copied; + ssize_t byte_copied = 0; u32 chunk_offset; ssize_t new_chunk_position; + bool pm_needed = false; + int ret = 0; if (!coredump) return -ENODEV; @@ -188,20 +206,19 @@ static ssize_t xe_devcoredump_read(char *buffer, loff_t offset, /* Ensure delayed work is captured before continuing */ flush_work(&ss->work); - if (ss->read.size > XE_DEVCOREDUMP_CHUNK_MAX) + pm_needed = ss->read.size > XE_DEVCOREDUMP_CHUNK_MAX; + if (pm_needed) xe_pm_runtime_get(gt_to_xe(ss->gt)); mutex_lock(&coredump->lock); if (!ss->read.buffer) { - mutex_unlock(&coredump->lock); - return -ENODEV; + ret = -ENODEV; + goto unlock; } - if (offset >= ss->read.size) { - mutex_unlock(&coredump->lock); - return 0; - } + if (offset >= ss->read.size) + goto unlock; new_chunk_position = div_u64_rem(offset, XE_DEVCOREDUMP_CHUNK_MAX, @@ -221,12 +238,13 @@ static ssize_t xe_devcoredump_read(char *buffer, loff_t offset, ss->read.size - offset; memcpy(buffer, ss->read.buffer + chunk_offset, byte_copied); +unlock: mutex_unlock(&coredump->lock); - if (ss->read.size > XE_DEVCOREDUMP_CHUNK_MAX) + if (pm_needed) xe_pm_runtime_put(gt_to_xe(ss->gt)); - return byte_copied; + return byte_copied ? byte_copied : ret; } static void xe_devcoredump_free(void *data)

2 months, 3 weeks

1
0
0 0

[PATCH 5.10.y 1/2] usb: dwc3: Remove DWC3 locking during gadget suspend/resume

by Selvarasu Ganesan

From: Wesley Cheng <quic_wcheng(a)quicinc.com> [ Upstream commit 5265397f94424eaea596026fd34dc7acf474dcec ] Remove the need for making dwc3_gadget_suspend() and dwc3_gadget_resume() to be called in a spinlock, as dwc3_gadget_run_stop() could potentially take some time to complete. Signed-off-by: Wesley Cheng <quic_wcheng(a)quicinc.com> Link: https://lore.kernel.org/r/20220901193625.8727-3-quic_wcheng@quicinc.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Selvarasu Ganesan <selvarasu.g(a)samsung.com> --- drivers/usb/dwc3/core.c | 4 ---- drivers/usb/dwc3/gadget.c | 5 +++++ 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/drivers/usb/dwc3/core.c b/drivers/usb/dwc3/core.c index 1264683d45f2..9988424aa91f 100644 --- a/drivers/usb/dwc3/core.c +++ b/drivers/usb/dwc3/core.c @@ -1742,9 +1742,7 @@ static int dwc3_suspend_common(struct dwc3 *dwc, pm_message_t msg) case DWC3_GCTL_PRTCAP_DEVICE: if (pm_runtime_suspended(dwc->dev)) break; - spin_lock_irqsave(&dwc->lock, flags); dwc3_gadget_suspend(dwc); - spin_unlock_irqrestore(&dwc->lock, flags); synchronize_irq(dwc->irq_gadget); dwc3_core_exit(dwc); break; @@ -1805,9 +1803,7 @@ static int dwc3_resume_common(struct dwc3 *dwc, pm_message_t msg) return ret; dwc3_set_prtcap(dwc, DWC3_GCTL_PRTCAP_DEVICE); - spin_lock_irqsave(&dwc->lock, flags); dwc3_gadget_resume(dwc); - spin_unlock_irqrestore(&dwc->lock, flags); break; case DWC3_GCTL_PRTCAP_HOST: if (!PMSG_IS_AUTO(msg)) { diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c index e1e18a4f0d07..d0016faa4599 100644 --- a/drivers/usb/dwc3/gadget.c +++ b/drivers/usb/dwc3/gadget.c @@ -4065,12 +4065,17 @@ void dwc3_gadget_exit(struct dwc3 *dwc) int dwc3_gadget_suspend(struct dwc3 *dwc) { + unsigned long flags; + if (!dwc->gadget_driver) return 0; dwc3_gadget_run_stop(dwc, false, false); + + spin_lock_irqsave(&dwc->lock, flags); dwc3_disconnect_gadget(dwc); __dwc3_gadget_stop(dwc); + spin_unlock_irqrestore(&dwc->lock, flags); return 0; } -- 2.17.1

2 months, 3 weeks

1
1
0 0

FAILED: patch "[PATCH] PCI/portdrv: Use is_pciehp instead of is_hotplug_bridge" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 1d60796a62f327cd9e0a6a0865ded7656d2c67f9 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082144-poplar-glare-2f1c@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1d60796a62f327cd9e0a6a0865ded7656d2c67f9 Mon Sep 17 00:00:00 2001 From: Lukas Wunner <lukas(a)wunner.de> Date: Sun, 13 Jul 2025 16:31:02 +0200 Subject: [PATCH] PCI/portdrv: Use is_pciehp instead of is_hotplug_bridge The PCIe port driver erroneously creates a subdevice for hotplug on ACPI slots which are handled by the ACPI hotplug driver. Avoid by checking the is_pciehp flag instead of is_hotplug_bridge when deciding whether to create a subdevice. The latter encompasses ACPI slots whereas the former doesn't. The superfluous subdevice has no real negative impact, it occupies memory and interrupt resources but otherwise just sits there waiting for interrupts from the slot that are never signaled. Fixes: f8415222837b ("PCI: Use cached copy of PCI_EXP_SLTCAP_HPC bit") Signed-off-by: Lukas Wunner <lukas(a)wunner.de> Signed-off-by: Bjorn Helgaas <bhelgaas(a)google.com> Cc: stable(a)vger.kernel.org # v4.7+ Link: https://patch.msgid.link/40d5a5fe8d40595d505949c620a067fa110ee85e.175239010… diff --git a/drivers/pci/pcie/portdrv.c b/drivers/pci/pcie/portdrv.c index e8318fd5f6ed..d1b68c18444f 100644 --- a/drivers/pci/pcie/portdrv.c +++ b/drivers/pci/pcie/portdrv.c @@ -220,7 +220,7 @@ static int get_port_device_capability(struct pci_dev *dev) struct pci_host_bridge *host = pci_find_host_bridge(dev->bus); int services = 0; - if (dev->is_hotplug_bridge && + if (dev->is_pciehp && (pci_pcie_type(dev) == PCI_EXP_TYPE_ROOT_PORT || pci_pcie_type(dev) == PCI_EXP_TYPE_DOWNSTREAM) && (pcie_ports_native || host->native_pcie_hotplug)) {

2 months, 3 weeks

1
0
0 0

[PATCH] ovl: use I_MUTEX_PARENT when locking parent in ovl_create_temp()

by Amir Goldstein

From: NeilBrown <neil(a)brown.name> commit 5f1c8965e748c150d580a2ea8fbee1bd80d07a24 upstream. ovl_create_temp() treats "workdir" as a parent in which it creates an object so it should use I_MUTEX_PARENT. Prior to the commit identified below the lock was taken by the caller which sometimes used I_MUTEX_PARENT and sometimes used I_MUTEX_NORMAL. The use of I_MUTEX_NORMAL was incorrect but unfortunately copied into ovl_create_temp(). Note to backporters: This patch only applies after the last Fixes given below (post v6.16). To fix the bug in v6.7 and later the inode_lock() call in ovl_copy_up_workdir() needs to nest using I_MUTEX_PARENT. [Amir: backport to v6.16 when lock was taken by the callers] Link: https://lore.kernel.org/all/67a72070.050a0220.3d72c.0022.GAE@google.com/ Cc: stable(a)vger.kernel.org Reported-by: syzbot+7836a68852a10ec3d790(a)syzkaller.appspotmail.com Tested-by: syzbot+7836a68852a10ec3d790(a)syzkaller.appspotmail.com Fixes: c63e56a4a652 ("ovl: do not open/llseek lower file with upper sb_writers held") Fixes: d2c995581c7c ("ovl: Call ovl_create_temp() without lock held.") Signed-off-by: NeilBrown <neil(a)brown.name> Signed-off-by: Amir Goldstein <amir73il(a)gmail.com> --- fs/overlayfs/copy_up.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/overlayfs/copy_up.c b/fs/overlayfs/copy_up.c index d7310fcf38881..c2263148ff20a 100644 --- a/fs/overlayfs/copy_up.c +++ b/fs/overlayfs/copy_up.c @@ -779,7 +779,7 @@ static int ovl_copy_up_workdir(struct ovl_copy_up_ctx *c) return err; ovl_start_write(c->dentry); - inode_lock(wdir); + inode_lock_nested(wdir, I_MUTEX_PARENT); temp = ovl_create_temp(ofs, c->workdir, &cattr); inode_unlock(wdir); ovl_end_write(c->dentry); -- 2.50.1

2 months, 3 weeks

1
1
0 0

FAILED: patch "[PATCH] parisc: Update comments in make_insert_tlb" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x cb22f247f371bd206a88cf0e0c05d80b8b62fb26 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082133-resubmit-starlit-d1e3@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From cb22f247f371bd206a88cf0e0c05d80b8b62fb26 Mon Sep 17 00:00:00 2001 From: John David Anglin <dave.anglin(a)bell.net> Date: Mon, 21 Jul 2025 15:13:42 -0400 Subject: [PATCH] parisc: Update comments in make_insert_tlb The following testcase exposed a problem with our read access checks in get_user() and raw_copy_from_user(): #include <stdint.h> #include <stddef.h> #include <stdio.h> #include <stdlib.h> #include <string.h> #include <unistd.h> #include <errno.h> #include <sys/mman.h> #include <sys/types.h> int main(int argc, char **argv) { unsigned long page_size = sysconf(_SC_PAGESIZE); char *p = malloc(3 * page_size); char *p_aligned; /* initialize memory region. If not initialized, write syscall below will correctly return EFAULT. */ if (1) memset(p, 'X', 3 * page_size); p_aligned = (char *) ((((uintptr_t) p) + (2*page_size - 1)) & ~(page_size - 1)); /* Drop PROT_READ protection. Kernel and userspace should fault when accessing that memory region */ mprotect(p_aligned, page_size, PROT_NONE); /* the following write() should return EFAULT, since PROT_READ was dropped by previous mprotect() */ int ret = write(2, p_aligned, 1); if (!ret || errno != EFAULT) printf("\n FAILURE: write() did not returned expected EFAULT value\n"); return 0; } Because of the way _PAGE_READ is handled, kernel code never generates a read access fault when it access a page as the kernel privilege level is always less than PL1 in the PTE. This patch reworks the comments in the make_insert_tlb macro to try to make this clearer. Signed-off-by: John David Anglin <dave.anglin(a)bell.net> Signed-off-by: Helge Deller <deller(a)gmx.de> Cc: stable(a)vger.kernel.org # v5.12+ diff --git a/arch/parisc/kernel/entry.S b/arch/parisc/kernel/entry.S index ea57bcc21dc5..f4bf61a34701 100644 --- a/arch/parisc/kernel/entry.S +++ b/arch/parisc/kernel/entry.S @@ -499,6 +499,12 @@ * this happens is quite subtle, read below */ .macro make_insert_tlb spc,pte,prot,tmp space_to_prot \spc \prot /* create prot id from space */ + +#if _PAGE_SPECIAL_BIT == _PAGE_DMB_BIT + /* need to drop DMB bit, as it's used as SPECIAL flag */ + depi 0,_PAGE_SPECIAL_BIT,1,\pte +#endif + /* The following is the real subtlety. This is depositing * T <-> _PAGE_REFTRAP * D <-> _PAGE_DIRTY @@ -511,17 +517,18 @@ * Finally, _PAGE_READ goes in the top bit of PL1 (so we * trigger an access rights trap in user space if the user * tries to read an unreadable page */ -#if _PAGE_SPECIAL_BIT == _PAGE_DMB_BIT - /* need to drop DMB bit, as it's used as SPECIAL flag */ - depi 0,_PAGE_SPECIAL_BIT,1,\pte -#endif depd \pte,8,7,\prot /* PAGE_USER indicates the page can be read with user privileges, * so deposit X1|11 to PL1|PL2 (remember the upper bit of PL1 - * contains _PAGE_READ) */ + * contains _PAGE_READ). While the kernel can't directly write + * user pages which have _PAGE_WRITE zero, it can read pages + * which have _PAGE_READ zero (PL <= PL1). Thus, the kernel + * exception fault handler doesn't trigger when reading pages + * that aren't user read accessible */ extrd,u,*= \pte,_PAGE_USER_BIT+32,1,%r0 depdi 7,11,3,\prot + /* If we're a gateway page, drop PL2 back to zero for promotion * to kernel privilege (so we can execute the page as kernel). * Any privilege promotion page always denys read and write */

2 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] parisc: Try to fixup kernel exception in bad_area_nosemaphore" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x f92a5e36b0c45cd12ac0d1bc44680c0dfae34543 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082119-refining-upstream-528c@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f92a5e36b0c45cd12ac0d1bc44680c0dfae34543 Mon Sep 17 00:00:00 2001 From: John David Anglin <dave.anglin(a)bell.net> Date: Mon, 21 Jul 2025 16:13:13 -0400 Subject: [PATCH] parisc: Try to fixup kernel exception in bad_area_nosemaphore path of do_page_fault() Signed-off-by: John David Anglin <dave.anglin(a)bell.net> Signed-off-by: Helge Deller <deller(a)gmx.de> Cc: stable(a)vger.kernel.org # v5.12+ diff --git a/arch/parisc/mm/fault.c b/arch/parisc/mm/fault.c index c39de84e98b0..f1785640b049 100644 --- a/arch/parisc/mm/fault.c +++ b/arch/parisc/mm/fault.c @@ -363,6 +363,10 @@ void do_page_fault(struct pt_regs *regs, unsigned long code, mmap_read_unlock(mm); bad_area_nosemaphore: + if (!user_mode(regs) && fixup_exception(regs)) { + return; + } + if (user_mode(regs)) { int signo, si_code;

2 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] parisc: Revise gateway LWS calls to probe user read access" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x f6334f4ae9a4e962ba74b026e1d965dfdf8cbef8 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082106-pantyhose-finished-9731@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f6334f4ae9a4e962ba74b026e1d965dfdf8cbef8 Mon Sep 17 00:00:00 2001 From: John David Anglin <dave.anglin(a)bell.net> Date: Fri, 25 Jul 2025 12:12:14 -0400 Subject: [PATCH] parisc: Revise gateway LWS calls to probe user read access We use load and stbys,e instructions to trigger memory reference interruptions without writing to memory. Because of the way read access support is implemented, read access interruptions are only triggered at privilege levels 2 and 3. The kernel and gateway page execute at privilege level 0, so this code never triggers a read access interruption. Thus, it is currently possible for user code to execute a LWS compare and swap operation at an address that is read protected at privilege level 3 (PRIV_USER). Fix this by probing read access rights at privilege level 3 and branching to lws_fault if access isn't allowed. Signed-off-by: John David Anglin <dave.anglin(a)bell.net> Signed-off-by: Helge Deller <deller(a)gmx.de> Cc: stable(a)vger.kernel.org # v5.12+ diff --git a/arch/parisc/kernel/syscall.S b/arch/parisc/kernel/syscall.S index 0fa81bf1466b..f58c4bccfbce 100644 --- a/arch/parisc/kernel/syscall.S +++ b/arch/parisc/kernel/syscall.S @@ -613,6 +613,9 @@ lws_compare_and_swap32: lws_compare_and_swap: /* Trigger memory reference interruptions without writing to memory */ 1: ldw 0(%r26), %r28 + proberi (%r26), PRIV_USER, %r28 + comb,=,n %r28, %r0, lws_fault /* backwards, likely not taken */ + nop 2: stbys,e %r0, 0(%r26) /* Calculate 8-bit hash index from virtual address */ @@ -767,6 +770,9 @@ cas2_lock_start: copy %r26, %r28 depi_safe 0, 31, 2, %r28 10: ldw 0(%r28), %r1 + proberi (%r28), PRIV_USER, %r1 + comb,=,n %r1, %r0, lws_fault /* backwards, likely not taken */ + nop 11: stbys,e %r0, 0(%r28) /* Calculate 8-bit hash index from virtual address */ @@ -951,41 +957,47 @@ atomic_xchg_begin: /* 8-bit exchange */ 1: ldb 0(%r24), %r20 + proberi (%r24), PRIV_USER, %r20 + comb,=,n %r20, %r0, lws_fault /* backwards, likely not taken */ + nop copy %r23, %r20 depi_safe 0, 31, 2, %r20 b atomic_xchg_start 2: stbys,e %r0, 0(%r20) - nop - nop - nop /* 16-bit exchange */ 3: ldh 0(%r24), %r20 + proberi (%r24), PRIV_USER, %r20 + comb,=,n %r20, %r0, lws_fault /* backwards, likely not taken */ + nop copy %r23, %r20 depi_safe 0, 31, 2, %r20 b atomic_xchg_start 4: stbys,e %r0, 0(%r20) - nop - nop - nop /* 32-bit exchange */ 5: ldw 0(%r24), %r20 + proberi (%r24), PRIV_USER, %r20 + comb,=,n %r20, %r0, lws_fault /* backwards, likely not taken */ + nop b atomic_xchg_start 6: stbys,e %r0, 0(%r23) nop nop - nop - nop - nop /* 64-bit exchange */ #ifdef CONFIG_64BIT 7: ldd 0(%r24), %r20 + proberi (%r24), PRIV_USER, %r20 + comb,=,n %r20, %r0, lws_fault /* backwards, likely not taken */ + nop 8: stdby,e %r0, 0(%r23) #else 7: ldw 0(%r24), %r20 8: ldw 4(%r24), %r20 + proberi (%r24), PRIV_USER, %r20 + comb,=,n %r20, %r0, lws_fault /* backwards, likely not taken */ + nop copy %r23, %r20 depi_safe 0, 31, 2, %r20 9: stbys,e %r0, 0(%r20)

2 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] parisc: Revise __get_user() to probe user read access" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 89f686a0fb6e473a876a9a60a13aec67a62b9a7e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082155-mocker-overripe-4212@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 89f686a0fb6e473a876a9a60a13aec67a62b9a7e Mon Sep 17 00:00:00 2001 From: John David Anglin <dave.anglin(a)bell.net> Date: Fri, 25 Jul 2025 13:51:32 -0400 Subject: [PATCH] parisc: Revise __get_user() to probe user read access Because of the way read access support is implemented, read access interruptions are only triggered at privilege levels 2 and 3. The kernel executes at privilege level 0, so __get_user() never triggers a read access interruption (code 26). Thus, it is currently possible for user code to access a read protected address via a system call. Fix this by probing read access rights at privilege level 3 (PRIV_USER) and setting __gu_err to -EFAULT (-14) if access isn't allowed. Note the cmpiclr instruction does a 32-bit compare because COND macro doesn't work inside asm. Signed-off-by: John David Anglin <dave.anglin(a)bell.net> Signed-off-by: Helge Deller <deller(a)gmx.de> Cc: stable(a)vger.kernel.org # v5.12+ diff --git a/arch/parisc/include/asm/uaccess.h b/arch/parisc/include/asm/uaccess.h index 88d0ae5769dd..6c531d2c847e 100644 --- a/arch/parisc/include/asm/uaccess.h +++ b/arch/parisc/include/asm/uaccess.h @@ -42,9 +42,24 @@ __gu_err; \ }) -#define __get_user(val, ptr) \ -({ \ - __get_user_internal(SR_USER, val, ptr); \ +#define __probe_user_internal(sr, error, ptr) \ +({ \ + __asm__("\tproberi (%%sr%1,%2),%3,%0\n" \ + "\tcmpiclr,= 1,%0,%0\n" \ + "\tldi %4,%0\n" \ + : "=r"(error) \ + : "i"(sr), "r"(ptr), "i"(PRIV_USER), \ + "i"(-EFAULT)); \ +}) + +#define __get_user(val, ptr) \ +({ \ + register long __gu_err; \ + \ + __gu_err = __get_user_internal(SR_USER, val, ptr); \ + if (likely(!__gu_err)) \ + __probe_user_internal(SR_USER, __gu_err, ptr); \ + __gu_err; \ }) #define __get_user_asm(sr, val, ldx, ptr) \

2 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] parisc: Rename pte_needs_flush() to pte_needs_cache_flush()" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 52ce9406a9625c4498c4eaa51e7a7ed9dcb9db16 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082143-crafty-publisher-62f8@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 52ce9406a9625c4498c4eaa51e7a7ed9dcb9db16 Mon Sep 17 00:00:00 2001 From: John David Anglin <dave.anglin(a)bell.net> Date: Mon, 21 Jul 2025 15:56:04 -0400 Subject: [PATCH] parisc: Rename pte_needs_flush() to pte_needs_cache_flush() in cache.c The local name used in cache.c conflicts the declaration in include/asm-generic/tlb.h. Signed-off-by: John David Anglin <dave.anglin(a)bell.net> Signed-off-by: Helge Deller <deller(a)gmx.de> Cc: stable(a)vger.kernel.org # v5.12+ diff --git a/arch/parisc/kernel/cache.c b/arch/parisc/kernel/cache.c index db531e58d70e..3b37a7e7abe4 100644 --- a/arch/parisc/kernel/cache.c +++ b/arch/parisc/kernel/cache.c @@ -429,7 +429,7 @@ static inline pte_t *get_ptep(struct mm_struct *mm, unsigned long addr) return ptep; } -static inline bool pte_needs_flush(pte_t pte) +static inline bool pte_needs_cache_flush(pte_t pte) { return (pte_val(pte) & (_PAGE_PRESENT | _PAGE_ACCESSED | _PAGE_NO_CACHE)) == (_PAGE_PRESENT | _PAGE_ACCESSED); @@ -630,7 +630,7 @@ static void flush_cache_page_if_present(struct vm_area_struct *vma, ptep = get_ptep(vma->vm_mm, vmaddr); if (ptep) { pte = ptep_get(ptep); - needs_flush = pte_needs_flush(pte); + needs_flush = pte_needs_cache_flush(pte); pte_unmap(ptep); } if (needs_flush)

2 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] parisc: Rename pte_needs_flush() to pte_needs_cache_flush()" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 52ce9406a9625c4498c4eaa51e7a7ed9dcb9db16 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082143-majesty-gracious-6a56@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 52ce9406a9625c4498c4eaa51e7a7ed9dcb9db16 Mon Sep 17 00:00:00 2001 From: John David Anglin <dave.anglin(a)bell.net> Date: Mon, 21 Jul 2025 15:56:04 -0400 Subject: [PATCH] parisc: Rename pte_needs_flush() to pte_needs_cache_flush() in cache.c The local name used in cache.c conflicts the declaration in include/asm-generic/tlb.h. Signed-off-by: John David Anglin <dave.anglin(a)bell.net> Signed-off-by: Helge Deller <deller(a)gmx.de> Cc: stable(a)vger.kernel.org # v5.12+ diff --git a/arch/parisc/kernel/cache.c b/arch/parisc/kernel/cache.c index db531e58d70e..3b37a7e7abe4 100644 --- a/arch/parisc/kernel/cache.c +++ b/arch/parisc/kernel/cache.c @@ -429,7 +429,7 @@ static inline pte_t *get_ptep(struct mm_struct *mm, unsigned long addr) return ptep; } -static inline bool pte_needs_flush(pte_t pte) +static inline bool pte_needs_cache_flush(pte_t pte) { return (pte_val(pte) & (_PAGE_PRESENT | _PAGE_ACCESSED | _PAGE_NO_CACHE)) == (_PAGE_PRESENT | _PAGE_ACCESSED); @@ -630,7 +630,7 @@ static void flush_cache_page_if_present(struct vm_area_struct *vma, ptep = get_ptep(vma->vm_mm, vmaddr); if (ptep) { pte = ptep_get(ptep); - needs_flush = pte_needs_flush(pte); + needs_flush = pte_needs_cache_flush(pte); pte_unmap(ptep); } if (needs_flush)

2 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] parisc: Makefile: explain that 64BIT requires both 32-bit and" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 305ab0a748c52eeaeb01d8cff6408842d19e5cb5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082125-aqueduct-distant-3557@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 305ab0a748c52eeaeb01d8cff6408842d19e5cb5 Mon Sep 17 00:00:00 2001 From: Randy Dunlap <rdunlap(a)infradead.org> Date: Wed, 25 Jun 2025 00:30:54 -0700 Subject: [PATCH] parisc: Makefile: explain that 64BIT requires both 32-bit and 64-bit compilers For building a 64-bit kernel, both 32-bit and 64-bit VDSO binaries are built, so both 32-bit and 64-bit compilers (and tools) should be in the PATH environment variable. Signed-off-by: Randy Dunlap <rdunlap(a)infradead.org> Cc: "James E.J. Bottomley" <James.Bottomley(a)HansenPartnership.com> Cc: Helge Deller <deller(a)gmx.de> Cc: linux-parisc(a)vger.kernel.org Signed-off-by: Helge Deller <deller(a)gmx.de> Cc: stable(a)vger.kernel.org # v5.3+ diff --git a/arch/parisc/Makefile b/arch/parisc/Makefile index 9cd9aa3d16f2..48ae3c79557a 100644 --- a/arch/parisc/Makefile +++ b/arch/parisc/Makefile @@ -39,7 +39,9 @@ endif export LD_BFD -# Set default 32 bits cross compilers for vdso +# Set default 32 bits cross compilers for vdso. +# This means that for 64BIT, both the 64-bit tools and the 32-bit tools +# need to be in the path. CC_ARCHES_32 = hppa hppa2.0 hppa1.1 CC_SUFFIXES = linux linux-gnu unknown-linux-gnu suse-linux CROSS32_COMPILE := $(call cc-cross-prefix, \

2 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] parisc: Makefile: explain that 64BIT requires both 32-bit and" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 305ab0a748c52eeaeb01d8cff6408842d19e5cb5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082124-regulator-supply-7bbe@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 305ab0a748c52eeaeb01d8cff6408842d19e5cb5 Mon Sep 17 00:00:00 2001 From: Randy Dunlap <rdunlap(a)infradead.org> Date: Wed, 25 Jun 2025 00:30:54 -0700 Subject: [PATCH] parisc: Makefile: explain that 64BIT requires both 32-bit and 64-bit compilers For building a 64-bit kernel, both 32-bit and 64-bit VDSO binaries are built, so both 32-bit and 64-bit compilers (and tools) should be in the PATH environment variable. Signed-off-by: Randy Dunlap <rdunlap(a)infradead.org> Cc: "James E.J. Bottomley" <James.Bottomley(a)HansenPartnership.com> Cc: Helge Deller <deller(a)gmx.de> Cc: linux-parisc(a)vger.kernel.org Signed-off-by: Helge Deller <deller(a)gmx.de> Cc: stable(a)vger.kernel.org # v5.3+ diff --git a/arch/parisc/Makefile b/arch/parisc/Makefile index 9cd9aa3d16f2..48ae3c79557a 100644 --- a/arch/parisc/Makefile +++ b/arch/parisc/Makefile @@ -39,7 +39,9 @@ endif export LD_BFD -# Set default 32 bits cross compilers for vdso +# Set default 32 bits cross compilers for vdso. +# This means that for 64BIT, both the 64-bit tools and the 32-bit tools +# need to be in the path. CC_ARCHES_32 = hppa hppa2.0 hppa1.1 CC_SUFFIXES = linux linux-gnu unknown-linux-gnu suse-linux CROSS32_COMPILE := $(call cc-cross-prefix, \

2 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] parisc: Makefile: explain that 64BIT requires both 32-bit and" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 305ab0a748c52eeaeb01d8cff6408842d19e5cb5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082124-undocked-gamma-38fe@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 305ab0a748c52eeaeb01d8cff6408842d19e5cb5 Mon Sep 17 00:00:00 2001 From: Randy Dunlap <rdunlap(a)infradead.org> Date: Wed, 25 Jun 2025 00:30:54 -0700 Subject: [PATCH] parisc: Makefile: explain that 64BIT requires both 32-bit and 64-bit compilers For building a 64-bit kernel, both 32-bit and 64-bit VDSO binaries are built, so both 32-bit and 64-bit compilers (and tools) should be in the PATH environment variable. Signed-off-by: Randy Dunlap <rdunlap(a)infradead.org> Cc: "James E.J. Bottomley" <James.Bottomley(a)HansenPartnership.com> Cc: Helge Deller <deller(a)gmx.de> Cc: linux-parisc(a)vger.kernel.org Signed-off-by: Helge Deller <deller(a)gmx.de> Cc: stable(a)vger.kernel.org # v5.3+ diff --git a/arch/parisc/Makefile b/arch/parisc/Makefile index 9cd9aa3d16f2..48ae3c79557a 100644 --- a/arch/parisc/Makefile +++ b/arch/parisc/Makefile @@ -39,7 +39,9 @@ endif export LD_BFD -# Set default 32 bits cross compilers for vdso +# Set default 32 bits cross compilers for vdso. +# This means that for 64BIT, both the 64-bit tools and the 32-bit tools +# need to be in the path. CC_ARCHES_32 = hppa hppa2.0 hppa1.1 CC_SUFFIXES = linux linux-gnu unknown-linux-gnu suse-linux CROSS32_COMPILE := $(call cc-cross-prefix, \

2 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] parisc: Drop WARN_ON_ONCE() from flush_cache_vmap" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 4eab1c27ce1f0e89ab67b01bf1e4e4c75215708a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082107-alabaster-monotype-aac8@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 4eab1c27ce1f0e89ab67b01bf1e4e4c75215708a Mon Sep 17 00:00:00 2001 From: John David Anglin <dave.anglin(a)bell.net> Date: Mon, 21 Jul 2025 16:18:41 -0400 Subject: [PATCH] parisc: Drop WARN_ON_ONCE() from flush_cache_vmap I have observed warning to occassionally trigger. Signed-off-by: John David Anglin <dave.anglin(a)bell.net> Signed-off-by: Helge Deller <deller(a)gmx.de> Cc: stable(a)vger.kernel.org # v5.12+ diff --git a/arch/parisc/kernel/cache.c b/arch/parisc/kernel/cache.c index 3b37a7e7abe4..37ca484cc495 100644 --- a/arch/parisc/kernel/cache.c +++ b/arch/parisc/kernel/cache.c @@ -841,7 +841,7 @@ void flush_cache_vmap(unsigned long start, unsigned long end) } vm = find_vm_area((void *)start); - if (WARN_ON_ONCE(!vm)) { + if (!vm) { flush_cache_all(); return; }

2 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] parisc: Drop WARN_ON_ONCE() from flush_cache_vmap" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 4eab1c27ce1f0e89ab67b01bf1e4e4c75215708a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082107-limeade-bolt-c120@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 4eab1c27ce1f0e89ab67b01bf1e4e4c75215708a Mon Sep 17 00:00:00 2001 From: John David Anglin <dave.anglin(a)bell.net> Date: Mon, 21 Jul 2025 16:18:41 -0400 Subject: [PATCH] parisc: Drop WARN_ON_ONCE() from flush_cache_vmap I have observed warning to occassionally trigger. Signed-off-by: John David Anglin <dave.anglin(a)bell.net> Signed-off-by: Helge Deller <deller(a)gmx.de> Cc: stable(a)vger.kernel.org # v5.12+ diff --git a/arch/parisc/kernel/cache.c b/arch/parisc/kernel/cache.c index 3b37a7e7abe4..37ca484cc495 100644 --- a/arch/parisc/kernel/cache.c +++ b/arch/parisc/kernel/cache.c @@ -841,7 +841,7 @@ void flush_cache_vmap(unsigned long start, unsigned long end) } vm = find_vm_area((void *)start); - if (WARN_ON_ONCE(!vm)) { + if (!vm) { flush_cache_all(); return; }

2 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] parisc: Define and use set_pte_at()" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 802e55488bc2cc1ab6423b720255a785ccac42ce # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082153-reboot-engulf-4d64@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 802e55488bc2cc1ab6423b720255a785ccac42ce Mon Sep 17 00:00:00 2001 From: John David Anglin <dave.anglin(a)bell.net> Date: Mon, 21 Jul 2025 16:06:21 -0400 Subject: [PATCH] parisc: Define and use set_pte_at() When a PTE is changed, we need to flush the PTE. set_pte_at() was lost in the folio update. PA-RISC version is the same as the generic version. Signed-off-by: John David Anglin <dave.anglin(a)bell.net> Signed-off-by: Helge Deller <deller(a)gmx.de> Cc: stable(a)vger.kernel.org # v5.12+ diff --git a/arch/parisc/include/asm/pgtable.h b/arch/parisc/include/asm/pgtable.h index 1a86a4370b29..2c139a4dbf4b 100644 --- a/arch/parisc/include/asm/pgtable.h +++ b/arch/parisc/include/asm/pgtable.h @@ -276,7 +276,7 @@ extern unsigned long *empty_zero_page; #define pte_none(x) (pte_val(x) == 0) #define pte_present(x) (pte_val(x) & _PAGE_PRESENT) #define pte_user(x) (pte_val(x) & _PAGE_USER) -#define pte_clear(mm, addr, xp) set_pte(xp, __pte(0)) +#define pte_clear(mm, addr, xp) set_pte_at((mm), (addr), (xp), __pte(0)) #define pmd_flag(x) (pmd_val(x) & PxD_FLAG_MASK) #define pmd_address(x) ((unsigned long)(pmd_val(x) &~ PxD_FLAG_MASK) << PxD_VALUE_SHIFT) @@ -392,6 +392,7 @@ static inline void set_ptes(struct mm_struct *mm, unsigned long addr, } } #define set_ptes set_ptes +#define set_pte_at(mm, addr, ptep, pte) set_ptes(mm, addr, ptep, pte, 1) /* Used for deferring calls to flush_dcache_page() */ @@ -456,7 +457,7 @@ static inline int ptep_test_and_clear_young(struct vm_area_struct *vma, unsigned if (!pte_young(pte)) { return 0; } - set_pte(ptep, pte_mkold(pte)); + set_pte_at(vma->vm_mm, addr, ptep, pte_mkold(pte)); return 1; } @@ -466,7 +467,7 @@ pte_t ptep_clear_flush(struct vm_area_struct *vma, unsigned long addr, pte_t *pt struct mm_struct; static inline void ptep_set_wrprotect(struct mm_struct *mm, unsigned long addr, pte_t *ptep) { - set_pte(ptep, pte_wrprotect(*ptep)); + set_pte_at(mm, addr, ptep, pte_wrprotect(*ptep)); } #define pte_same(A,B) (pte_val(A) == pte_val(B))

2 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] parisc: Define and use set_pte_at()" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 802e55488bc2cc1ab6423b720255a785ccac42ce # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082153-pauper-enlarged-83c3@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 802e55488bc2cc1ab6423b720255a785ccac42ce Mon Sep 17 00:00:00 2001 From: John David Anglin <dave.anglin(a)bell.net> Date: Mon, 21 Jul 2025 16:06:21 -0400 Subject: [PATCH] parisc: Define and use set_pte_at() When a PTE is changed, we need to flush the PTE. set_pte_at() was lost in the folio update. PA-RISC version is the same as the generic version. Signed-off-by: John David Anglin <dave.anglin(a)bell.net> Signed-off-by: Helge Deller <deller(a)gmx.de> Cc: stable(a)vger.kernel.org # v5.12+ diff --git a/arch/parisc/include/asm/pgtable.h b/arch/parisc/include/asm/pgtable.h index 1a86a4370b29..2c139a4dbf4b 100644 --- a/arch/parisc/include/asm/pgtable.h +++ b/arch/parisc/include/asm/pgtable.h @@ -276,7 +276,7 @@ extern unsigned long *empty_zero_page; #define pte_none(x) (pte_val(x) == 0) #define pte_present(x) (pte_val(x) & _PAGE_PRESENT) #define pte_user(x) (pte_val(x) & _PAGE_USER) -#define pte_clear(mm, addr, xp) set_pte(xp, __pte(0)) +#define pte_clear(mm, addr, xp) set_pte_at((mm), (addr), (xp), __pte(0)) #define pmd_flag(x) (pmd_val(x) & PxD_FLAG_MASK) #define pmd_address(x) ((unsigned long)(pmd_val(x) &~ PxD_FLAG_MASK) << PxD_VALUE_SHIFT) @@ -392,6 +392,7 @@ static inline void set_ptes(struct mm_struct *mm, unsigned long addr, } } #define set_ptes set_ptes +#define set_pte_at(mm, addr, ptep, pte) set_ptes(mm, addr, ptep, pte, 1) /* Used for deferring calls to flush_dcache_page() */ @@ -456,7 +457,7 @@ static inline int ptep_test_and_clear_young(struct vm_area_struct *vma, unsigned if (!pte_young(pte)) { return 0; } - set_pte(ptep, pte_mkold(pte)); + set_pte_at(vma->vm_mm, addr, ptep, pte_mkold(pte)); return 1; } @@ -466,7 +467,7 @@ pte_t ptep_clear_flush(struct vm_area_struct *vma, unsigned long addr, pte_t *pt struct mm_struct; static inline void ptep_set_wrprotect(struct mm_struct *mm, unsigned long addr, pte_t *ptep) { - set_pte(ptep, pte_wrprotect(*ptep)); + set_pte_at(mm, addr, ptep, pte_wrprotect(*ptep)); } #define pte_same(A,B) (pte_val(A) == pte_val(B))

2 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] usb: musb: omap2430: fix device leak at unbind" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 1473e9e7679bd4f5a62d1abccae894fb86de280f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082154-deferred-sneak-f740@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1473e9e7679bd4f5a62d1abccae894fb86de280f Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan(a)kernel.org> Date: Thu, 24 Jul 2025 11:19:09 +0200 Subject: [PATCH] usb: musb: omap2430: fix device leak at unbind Make sure to drop the reference to the control device taken by of_find_device_by_node() during probe when the driver is unbound. Fixes: 8934d3e4d0e7 ("usb: musb: omap2430: Don't use omap_get_control_dev()") Cc: stable(a)vger.kernel.org # 3.13 Cc: Roger Quadros <rogerq(a)kernel.org> Signed-off-by: Johan Hovold <johan(a)kernel.org> Link: https://lore.kernel.org/r/20250724091910.21092-5-johan@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/musb/omap2430.c b/drivers/usb/musb/omap2430.c index 2970967a4fd2..36f756f9b7f6 100644 --- a/drivers/usb/musb/omap2430.c +++ b/drivers/usb/musb/omap2430.c @@ -400,7 +400,7 @@ static int omap2430_probe(struct platform_device *pdev) ret = platform_device_add_resources(musb, pdev->resource, pdev->num_resources); if (ret) { dev_err(&pdev->dev, "failed to add resources\n"); - goto err2; + goto err_put_control_otghs; } if (populate_irqs) { @@ -413,7 +413,7 @@ static int omap2430_probe(struct platform_device *pdev) res = platform_get_resource(pdev, IORESOURCE_MEM, 0); if (!res) { ret = -EINVAL; - goto err2; + goto err_put_control_otghs; } musb_res[i].start = res->start; @@ -441,14 +441,14 @@ static int omap2430_probe(struct platform_device *pdev) ret = platform_device_add_resources(musb, musb_res, i); if (ret) { dev_err(&pdev->dev, "failed to add IRQ resources\n"); - goto err2; + goto err_put_control_otghs; } } ret = platform_device_add_data(musb, pdata, sizeof(*pdata)); if (ret) { dev_err(&pdev->dev, "failed to add platform_data\n"); - goto err2; + goto err_put_control_otghs; } pm_runtime_enable(glue->dev); @@ -463,7 +463,9 @@ static int omap2430_probe(struct platform_device *pdev) err3: pm_runtime_disable(glue->dev); - +err_put_control_otghs: + if (!IS_ERR(glue->control_otghs)) + put_device(glue->control_otghs); err2: platform_device_put(musb); @@ -477,6 +479,8 @@ static void omap2430_remove(struct platform_device *pdev) platform_device_unregister(glue->musb); pm_runtime_disable(glue->dev); + if (!IS_ERR(glue->control_otghs)) + put_device(glue->control_otghs); } #ifdef CONFIG_PM

2 months, 3 weeks

2
2
0 0

FAILED: patch "[PATCH] parisc: Check region is readable by user in" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 91428ca9320edbab1211851d82429d33b9cd73ef # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082140-disburse-turf-1dcd@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 91428ca9320edbab1211851d82429d33b9cd73ef Mon Sep 17 00:00:00 2001 From: John David Anglin <dave.anglin(a)bell.net> Date: Mon, 21 Jul 2025 15:39:26 -0400 Subject: [PATCH] parisc: Check region is readable by user in raw_copy_from_user() Because of the way the _PAGE_READ is handled in the parisc PTE, an access interruption is not generated when the kernel reads from a region where the _PAGE_READ is zero. The current code was written assuming read access faults would also occur in the kernel. This change adds user access checks to raw_copy_from_user(). The prober_user() define checks whether user code has read access to a virtual address. Note that page faults are not handled in the exception support for the probe instruction. For this reason, we precede the probe by a ldb access check. Signed-off-by: John David Anglin <dave.anglin(a)bell.net> Signed-off-by: Helge Deller <deller(a)gmx.de> Cc: stable(a)vger.kernel.org # v5.12+ diff --git a/arch/parisc/include/asm/special_insns.h b/arch/parisc/include/asm/special_insns.h index 51f40eaf7780..1013eeba31e5 100644 --- a/arch/parisc/include/asm/special_insns.h +++ b/arch/parisc/include/asm/special_insns.h @@ -32,6 +32,34 @@ pa; \ }) +/** + * prober_user() - Probe user read access + * @sr: Space regster. + * @va: Virtual address. + * + * Return: Non-zero if address is accessible. + * + * Due to the way _PAGE_READ is handled in TLB entries, we need + * a special check to determine whether a user address is accessible. + * The ldb instruction does the initial access check. If it is + * successful, the probe instruction checks user access rights. + */ +#define prober_user(sr, va) ({ \ + unsigned long read_allowed; \ + __asm__ __volatile__( \ + "copy %%r0,%0\n" \ + "8:\tldb 0(%%sr%1,%2),%%r0\n" \ + "\tproberi (%%sr%1,%2),%3,%0\n" \ + "9:\n" \ + ASM_EXCEPTIONTABLE_ENTRY(8b, 9b, \ + "or %%r0,%%r0,%%r0") \ + : "=&r" (read_allowed) \ + : "i" (sr), "r" (va), "i" (PRIV_USER) \ + : "memory" \ + ); \ + read_allowed; \ +}) + #define CR_EIEM 15 /* External Interrupt Enable Mask */ #define CR_CR16 16 /* CR16 Interval Timer */ #define CR_EIRR 23 /* External Interrupt Request Register */ diff --git a/arch/parisc/lib/memcpy.c b/arch/parisc/lib/memcpy.c index 5fc0c852c84c..69d65ffab312 100644 --- a/arch/parisc/lib/memcpy.c +++ b/arch/parisc/lib/memcpy.c @@ -12,6 +12,7 @@ #include <linux/module.h> #include <linux/compiler.h> #include <linux/uaccess.h> +#include <linux/mm.h> #define get_user_space() mfsp(SR_USER) #define get_kernel_space() SR_KERNEL @@ -32,9 +33,25 @@ EXPORT_SYMBOL(raw_copy_to_user); unsigned long raw_copy_from_user(void *dst, const void __user *src, unsigned long len) { + unsigned long start = (unsigned long) src; + unsigned long end = start + len; + unsigned long newlen = len; + mtsp(get_user_space(), SR_TEMP1); mtsp(get_kernel_space(), SR_TEMP2); - return pa_memcpy(dst, (void __force *)src, len); + + /* Check region is user accessible */ + if (start) + while (start < end) { + if (!prober_user(SR_TEMP1, start)) { + newlen = (start - (unsigned long) src); + break; + } + start += PAGE_SIZE; + /* align to page boundry which may have different permission */ + start = PAGE_ALIGN_DOWN(start); + } + return len - newlen + pa_memcpy(dst, (void __force *)src, newlen); } EXPORT_SYMBOL(raw_copy_from_user);

2 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] PCI: imx6: Add IMX8MQ_EP third 64-bit BAR in epc_features" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x c523fa63ac1d452abeeb4e699560ec3365037f32 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082141-nape-sinless-0ceb@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c523fa63ac1d452abeeb4e699560ec3365037f32 Mon Sep 17 00:00:00 2001 From: Richard Zhu <hongxing.zhu(a)nxp.com> Date: Tue, 8 Jul 2025 17:10:02 +0800 Subject: [PATCH] PCI: imx6: Add IMX8MQ_EP third 64-bit BAR in epc_features IMX8MQ_EP has three 64-bit BAR0/2/4 capable and programmable BARs. For IMX8MQ_EP, use imx8q_pcie_epc_features (64-bit BARs 0, 2, 4) instead of imx8m_pcie_epc_features (64-bit BARs 0, 2). Fixes: 75c2f26da03f ("PCI: imx6: Add i.MX PCIe EP mode support") Signed-off-by: Richard Zhu <hongxing.zhu(a)nxp.com> [bhelgaas: add details in subject] Signed-off-by: Bjorn Helgaas <bhelgaas(a)google.com> Reviewed-by: Frank Li <Frank.Li(a)nxp.com> Cc: stable(a)vger.kernel.org Link: https://patch.msgid.link/20250708091003.2582846-2-hongxing.zhu@nxp.com diff --git a/drivers/pci/controller/dwc/pci-imx6.c b/drivers/pci/controller/dwc/pci-imx6.c index 5a38cfaf989b..7d15bcb7c107 100644 --- a/drivers/pci/controller/dwc/pci-imx6.c +++ b/drivers/pci/controller/dwc/pci-imx6.c @@ -1912,7 +1912,7 @@ static const struct imx_pcie_drvdata drvdata[] = { .mode_mask[0] = IMX6Q_GPR12_DEVICE_TYPE, .mode_off[1] = IOMUXC_GPR12, .mode_mask[1] = IMX8MQ_GPR12_PCIE2_CTRL_DEVICE_TYPE, - .epc_features = &imx8m_pcie_epc_features, + .epc_features = &imx8q_pcie_epc_features, .init_phy = imx8mq_pcie_init_phy, .enable_ref_clk = imx8mm_pcie_enable_ref_clk, },

2 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] PCI: rockchip: Set Target Link Speed to 5.0 GT/s before" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 114b06ee108cabc82b995fbac6672230a9776936 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082129-blimp-sludge-9fd3@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 114b06ee108cabc82b995fbac6672230a9776936 Mon Sep 17 00:00:00 2001 From: Geraldo Nascimento <geraldogabriel(a)gmail.com> Date: Mon, 30 Jun 2025 19:24:57 -0300 Subject: [PATCH] PCI: rockchip: Set Target Link Speed to 5.0 GT/s before retraining Rockchip controllers can support up to 5.0 GT/s link speed. But the driver doesn't set the Target Link Speed currently. This may cause failure in retraining the link to 5.0 GT/s if supported by the endpoint. So set the Target Link Speed to 5.0 GT/s in the Link Control and Status Register 2. Fixes: e77f847df54c ("PCI: rockchip: Add Rockchip PCIe controller support") Signed-off-by: Geraldo Nascimento <geraldogabriel(a)gmail.com> [mani: fixed whitespace warning, commit message rewording, added fixes tag] Signed-off-by: Manivannan Sadhasivam <mani(a)kernel.org> Signed-off-by: Bjorn Helgaas <bhelgaas(a)google.com> Tested-by: Robin Murphy <robin.murphy(a)arm.com> Cc: stable(a)vger.kernel.org Link: https://patch.msgid.link/0afa6bc47b7f50e2e81b0b47d51c66feb0fb565f.175132201… diff --git a/drivers/pci/controller/pcie-rockchip-host.c b/drivers/pci/controller/pcie-rockchip-host.c index 383d20f98cc3..fb9ae3f158a8 100644 --- a/drivers/pci/controller/pcie-rockchip-host.c +++ b/drivers/pci/controller/pcie-rockchip-host.c @@ -342,6 +342,10 @@ static int rockchip_pcie_host_init_port(struct rockchip_pcie *rockchip) * Enable retrain for gen2. This should be configured only after * gen1 finished. */ + status = rockchip_pcie_read(rockchip, PCIE_RC_CONFIG_CR + PCI_EXP_LNKCTL2); + status &= ~PCI_EXP_LNKCTL2_TLS; + status |= PCI_EXP_LNKCTL2_TLS_5_0GT; + rockchip_pcie_write(rockchip, status, PCIE_RC_CONFIG_CR + PCI_EXP_LNKCTL2); status = rockchip_pcie_read(rockchip, PCIE_RC_CONFIG_CR + PCI_EXP_LNKCTL); status |= PCI_EXP_LNKCTL_RL; rockchip_pcie_write(rockchip, status, PCIE_RC_CONFIG_CR + PCI_EXP_LNKCTL);

2 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] PCI: rockchip: Set Target Link Speed to 5.0 GT/s before" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 114b06ee108cabc82b995fbac6672230a9776936 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082128-affix-false-013c@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 114b06ee108cabc82b995fbac6672230a9776936 Mon Sep 17 00:00:00 2001 From: Geraldo Nascimento <geraldogabriel(a)gmail.com> Date: Mon, 30 Jun 2025 19:24:57 -0300 Subject: [PATCH] PCI: rockchip: Set Target Link Speed to 5.0 GT/s before retraining Rockchip controllers can support up to 5.0 GT/s link speed. But the driver doesn't set the Target Link Speed currently. This may cause failure in retraining the link to 5.0 GT/s if supported by the endpoint. So set the Target Link Speed to 5.0 GT/s in the Link Control and Status Register 2. Fixes: e77f847df54c ("PCI: rockchip: Add Rockchip PCIe controller support") Signed-off-by: Geraldo Nascimento <geraldogabriel(a)gmail.com> [mani: fixed whitespace warning, commit message rewording, added fixes tag] Signed-off-by: Manivannan Sadhasivam <mani(a)kernel.org> Signed-off-by: Bjorn Helgaas <bhelgaas(a)google.com> Tested-by: Robin Murphy <robin.murphy(a)arm.com> Cc: stable(a)vger.kernel.org Link: https://patch.msgid.link/0afa6bc47b7f50e2e81b0b47d51c66feb0fb565f.175132201… diff --git a/drivers/pci/controller/pcie-rockchip-host.c b/drivers/pci/controller/pcie-rockchip-host.c index 383d20f98cc3..fb9ae3f158a8 100644 --- a/drivers/pci/controller/pcie-rockchip-host.c +++ b/drivers/pci/controller/pcie-rockchip-host.c @@ -342,6 +342,10 @@ static int rockchip_pcie_host_init_port(struct rockchip_pcie *rockchip) * Enable retrain for gen2. This should be configured only after * gen1 finished. */ + status = rockchip_pcie_read(rockchip, PCIE_RC_CONFIG_CR + PCI_EXP_LNKCTL2); + status &= ~PCI_EXP_LNKCTL2_TLS; + status |= PCI_EXP_LNKCTL2_TLS_5_0GT; + rockchip_pcie_write(rockchip, status, PCIE_RC_CONFIG_CR + PCI_EXP_LNKCTL2); status = rockchip_pcie_read(rockchip, PCIE_RC_CONFIG_CR + PCI_EXP_LNKCTL); status |= PCI_EXP_LNKCTL_RL; rockchip_pcie_write(rockchip, status, PCIE_RC_CONFIG_CR + PCI_EXP_LNKCTL);

2 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] PCI: rockchip: Set Target Link Speed to 5.0 GT/s before" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 114b06ee108cabc82b995fbac6672230a9776936 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082128-ripping-poster-1b52@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 114b06ee108cabc82b995fbac6672230a9776936 Mon Sep 17 00:00:00 2001 From: Geraldo Nascimento <geraldogabriel(a)gmail.com> Date: Mon, 30 Jun 2025 19:24:57 -0300 Subject: [PATCH] PCI: rockchip: Set Target Link Speed to 5.0 GT/s before retraining Rockchip controllers can support up to 5.0 GT/s link speed. But the driver doesn't set the Target Link Speed currently. This may cause failure in retraining the link to 5.0 GT/s if supported by the endpoint. So set the Target Link Speed to 5.0 GT/s in the Link Control and Status Register 2. Fixes: e77f847df54c ("PCI: rockchip: Add Rockchip PCIe controller support") Signed-off-by: Geraldo Nascimento <geraldogabriel(a)gmail.com> [mani: fixed whitespace warning, commit message rewording, added fixes tag] Signed-off-by: Manivannan Sadhasivam <mani(a)kernel.org> Signed-off-by: Bjorn Helgaas <bhelgaas(a)google.com> Tested-by: Robin Murphy <robin.murphy(a)arm.com> Cc: stable(a)vger.kernel.org Link: https://patch.msgid.link/0afa6bc47b7f50e2e81b0b47d51c66feb0fb565f.175132201… diff --git a/drivers/pci/controller/pcie-rockchip-host.c b/drivers/pci/controller/pcie-rockchip-host.c index 383d20f98cc3..fb9ae3f158a8 100644 --- a/drivers/pci/controller/pcie-rockchip-host.c +++ b/drivers/pci/controller/pcie-rockchip-host.c @@ -342,6 +342,10 @@ static int rockchip_pcie_host_init_port(struct rockchip_pcie *rockchip) * Enable retrain for gen2. This should be configured only after * gen1 finished. */ + status = rockchip_pcie_read(rockchip, PCIE_RC_CONFIG_CR + PCI_EXP_LNKCTL2); + status &= ~PCI_EXP_LNKCTL2_TLS; + status |= PCI_EXP_LNKCTL2_TLS_5_0GT; + rockchip_pcie_write(rockchip, status, PCIE_RC_CONFIG_CR + PCI_EXP_LNKCTL2); status = rockchip_pcie_read(rockchip, PCIE_RC_CONFIG_CR + PCI_EXP_LNKCTL); status |= PCI_EXP_LNKCTL_RL; rockchip_pcie_write(rockchip, status, PCIE_RC_CONFIG_CR + PCI_EXP_LNKCTL);

2 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] platform/chrome: cros_ec: Unregister notifier in" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x e2374953461947eee49f69b3e3204ff080ef31b1 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082112-exemplary-explode-1646@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e2374953461947eee49f69b3e3204ff080ef31b1 Mon Sep 17 00:00:00 2001 From: Tzung-Bi Shih <tzungbi(a)kernel.org> Date: Tue, 22 Jul 2025 12:05:13 +0000 Subject: [PATCH] platform/chrome: cros_ec: Unregister notifier in cros_ec_unregister() The blocking notifier is registered in cros_ec_register(); however, it isn't unregistered in cros_ec_unregister(). Fix it. Fixes: 42cd0ab476e2 ("platform/chrome: cros_ec: Query EC protocol version if EC transitions between RO/RW") Cc: stable(a)vger.kernel.org Reviewed-by: Benson Leung <bleung(a)chromium.org> Link: https://lore.kernel.org/r/20250722120513.234031-1-tzungbi@kernel.org Signed-off-by: Tzung-Bi Shih <tzungbi(a)kernel.org> diff --git a/drivers/platform/chrome/cros_ec.c b/drivers/platform/chrome/cros_ec.c index 110771a8645e..fd58781a2fb7 100644 --- a/drivers/platform/chrome/cros_ec.c +++ b/drivers/platform/chrome/cros_ec.c @@ -318,6 +318,9 @@ EXPORT_SYMBOL(cros_ec_register); */ void cros_ec_unregister(struct cros_ec_device *ec_dev) { + if (ec_dev->mkbp_event_supported) + blocking_notifier_chain_unregister(&ec_dev->event_notifier, + &ec_dev->notifier_ready); platform_device_unregister(ec_dev->pd); platform_device_unregister(ec_dev->ec); mutex_destroy(&ec_dev->lock);

2 months, 3 weeks

2
3
0 0

FAILED: patch "[PATCH] PCI/portdrv: Use is_pciehp instead of is_hotplug_bridge" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 1d60796a62f327cd9e0a6a0865ded7656d2c67f9 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082102-dandelion-elsewhere-51cc@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1d60796a62f327cd9e0a6a0865ded7656d2c67f9 Mon Sep 17 00:00:00 2001 From: Lukas Wunner <lukas(a)wunner.de> Date: Sun, 13 Jul 2025 16:31:02 +0200 Subject: [PATCH] PCI/portdrv: Use is_pciehp instead of is_hotplug_bridge The PCIe port driver erroneously creates a subdevice for hotplug on ACPI slots which are handled by the ACPI hotplug driver. Avoid by checking the is_pciehp flag instead of is_hotplug_bridge when deciding whether to create a subdevice. The latter encompasses ACPI slots whereas the former doesn't. The superfluous subdevice has no real negative impact, it occupies memory and interrupt resources but otherwise just sits there waiting for interrupts from the slot that are never signaled. Fixes: f8415222837b ("PCI: Use cached copy of PCI_EXP_SLTCAP_HPC bit") Signed-off-by: Lukas Wunner <lukas(a)wunner.de> Signed-off-by: Bjorn Helgaas <bhelgaas(a)google.com> Cc: stable(a)vger.kernel.org # v4.7+ Link: https://patch.msgid.link/40d5a5fe8d40595d505949c620a067fa110ee85e.175239010… diff --git a/drivers/pci/pcie/portdrv.c b/drivers/pci/pcie/portdrv.c index e8318fd5f6ed..d1b68c18444f 100644 --- a/drivers/pci/pcie/portdrv.c +++ b/drivers/pci/pcie/portdrv.c @@ -220,7 +220,7 @@ static int get_port_device_capability(struct pci_dev *dev) struct pci_host_bridge *host = pci_find_host_bridge(dev->bus); int services = 0; - if (dev->is_hotplug_bridge && + if (dev->is_pciehp && (pci_pcie_type(dev) == PCI_EXP_TYPE_ROOT_PORT || pci_pcie_type(dev) == PCI_EXP_TYPE_DOWNSTREAM) && (pcie_ports_native || host->native_pcie_hotplug)) {

2 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] PCI/portdrv: Use is_pciehp instead of is_hotplug_bridge" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 1d60796a62f327cd9e0a6a0865ded7656d2c67f9 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082101-catsup-superman-c4f4@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1d60796a62f327cd9e0a6a0865ded7656d2c67f9 Mon Sep 17 00:00:00 2001 From: Lukas Wunner <lukas(a)wunner.de> Date: Sun, 13 Jul 2025 16:31:02 +0200 Subject: [PATCH] PCI/portdrv: Use is_pciehp instead of is_hotplug_bridge The PCIe port driver erroneously creates a subdevice for hotplug on ACPI slots which are handled by the ACPI hotplug driver. Avoid by checking the is_pciehp flag instead of is_hotplug_bridge when deciding whether to create a subdevice. The latter encompasses ACPI slots whereas the former doesn't. The superfluous subdevice has no real negative impact, it occupies memory and interrupt resources but otherwise just sits there waiting for interrupts from the slot that are never signaled. Fixes: f8415222837b ("PCI: Use cached copy of PCI_EXP_SLTCAP_HPC bit") Signed-off-by: Lukas Wunner <lukas(a)wunner.de> Signed-off-by: Bjorn Helgaas <bhelgaas(a)google.com> Cc: stable(a)vger.kernel.org # v4.7+ Link: https://patch.msgid.link/40d5a5fe8d40595d505949c620a067fa110ee85e.175239010… diff --git a/drivers/pci/pcie/portdrv.c b/drivers/pci/pcie/portdrv.c index e8318fd5f6ed..d1b68c18444f 100644 --- a/drivers/pci/pcie/portdrv.c +++ b/drivers/pci/pcie/portdrv.c @@ -220,7 +220,7 @@ static int get_port_device_capability(struct pci_dev *dev) struct pci_host_bridge *host = pci_find_host_bridge(dev->bus); int services = 0; - if (dev->is_hotplug_bridge && + if (dev->is_pciehp && (pci_pcie_type(dev) == PCI_EXP_TYPE_ROOT_PORT || pci_pcie_type(dev) == PCI_EXP_TYPE_DOWNSTREAM) && (pcie_ports_native || host->native_pcie_hotplug)) {

2 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] PCI/portdrv: Use is_pciehp instead of is_hotplug_bridge" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 1d60796a62f327cd9e0a6a0865ded7656d2c67f9 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082101-cycle-deport-76fa@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1d60796a62f327cd9e0a6a0865ded7656d2c67f9 Mon Sep 17 00:00:00 2001 From: Lukas Wunner <lukas(a)wunner.de> Date: Sun, 13 Jul 2025 16:31:02 +0200 Subject: [PATCH] PCI/portdrv: Use is_pciehp instead of is_hotplug_bridge The PCIe port driver erroneously creates a subdevice for hotplug on ACPI slots which are handled by the ACPI hotplug driver. Avoid by checking the is_pciehp flag instead of is_hotplug_bridge when deciding whether to create a subdevice. The latter encompasses ACPI slots whereas the former doesn't. The superfluous subdevice has no real negative impact, it occupies memory and interrupt resources but otherwise just sits there waiting for interrupts from the slot that are never signaled. Fixes: f8415222837b ("PCI: Use cached copy of PCI_EXP_SLTCAP_HPC bit") Signed-off-by: Lukas Wunner <lukas(a)wunner.de> Signed-off-by: Bjorn Helgaas <bhelgaas(a)google.com> Cc: stable(a)vger.kernel.org # v4.7+ Link: https://patch.msgid.link/40d5a5fe8d40595d505949c620a067fa110ee85e.175239010… diff --git a/drivers/pci/pcie/portdrv.c b/drivers/pci/pcie/portdrv.c index e8318fd5f6ed..d1b68c18444f 100644 --- a/drivers/pci/pcie/portdrv.c +++ b/drivers/pci/pcie/portdrv.c @@ -220,7 +220,7 @@ static int get_port_device_capability(struct pci_dev *dev) struct pci_host_bridge *host = pci_find_host_bridge(dev->bus); int services = 0; - if (dev->is_hotplug_bridge && + if (dev->is_pciehp && (pci_pcie_type(dev) == PCI_EXP_TYPE_ROOT_PORT || pci_pcie_type(dev) == PCI_EXP_TYPE_DOWNSTREAM) && (pcie_ports_native || host->native_pcie_hotplug)) {

2 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] PCI/portdrv: Use is_pciehp instead of is_hotplug_bridge" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 1d60796a62f327cd9e0a6a0865ded7656d2c67f9 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082100-neglector-avenge-a128@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1d60796a62f327cd9e0a6a0865ded7656d2c67f9 Mon Sep 17 00:00:00 2001 From: Lukas Wunner <lukas(a)wunner.de> Date: Sun, 13 Jul 2025 16:31:02 +0200 Subject: [PATCH] PCI/portdrv: Use is_pciehp instead of is_hotplug_bridge The PCIe port driver erroneously creates a subdevice for hotplug on ACPI slots which are handled by the ACPI hotplug driver. Avoid by checking the is_pciehp flag instead of is_hotplug_bridge when deciding whether to create a subdevice. The latter encompasses ACPI slots whereas the former doesn't. The superfluous subdevice has no real negative impact, it occupies memory and interrupt resources but otherwise just sits there waiting for interrupts from the slot that are never signaled. Fixes: f8415222837b ("PCI: Use cached copy of PCI_EXP_SLTCAP_HPC bit") Signed-off-by: Lukas Wunner <lukas(a)wunner.de> Signed-off-by: Bjorn Helgaas <bhelgaas(a)google.com> Cc: stable(a)vger.kernel.org # v4.7+ Link: https://patch.msgid.link/40d5a5fe8d40595d505949c620a067fa110ee85e.175239010… diff --git a/drivers/pci/pcie/portdrv.c b/drivers/pci/pcie/portdrv.c index e8318fd5f6ed..d1b68c18444f 100644 --- a/drivers/pci/pcie/portdrv.c +++ b/drivers/pci/pcie/portdrv.c @@ -220,7 +220,7 @@ static int get_port_device_capability(struct pci_dev *dev) struct pci_host_bridge *host = pci_find_host_bridge(dev->bus); int services = 0; - if (dev->is_hotplug_bridge && + if (dev->is_pciehp && (pci_pcie_type(dev) == PCI_EXP_TYPE_ROOT_PORT || pci_pcie_type(dev) == PCI_EXP_TYPE_DOWNSTREAM) && (pcie_ports_native || host->native_pcie_hotplug)) {

2 months, 3 weeks

1
0
0 0

[PATCH AUTOSEL 6.14 001/642] kconfig: merge_config: use an empty file as initfile

by Sasha Levin

From: Daniel Gomez <da.gomez(a)samsung.com> [ Upstream commit a26fe287eed112b4e21e854f173c8918a6a8596d ] The scripts/kconfig/merge_config.sh script requires an existing $INITFILE (or the $1 argument) as a base file for merging Kconfig fragments. However, an empty $INITFILE can serve as an initial starting point, later referenced by the KCONFIG_ALLCONFIG Makefile variable if -m is not used. This variable can point to any configuration file containing preset config symbols (the merged output) as stated in Documentation/kbuild/kconfig.rst. When -m is used $INITFILE will contain just the merge output requiring the user to run make (i.e. KCONFIG_ALLCONFIG=<$INITFILE> make <allnoconfig/alldefconfig> or make olddefconfig). Instead of failing when `$INITFILE` is missing, create an empty file and use it as the starting point for merges. Signed-off-by: Daniel Gomez <da.gomez(a)samsung.com> Signed-off-by: Masahiro Yamada <masahiroy(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- scripts/kconfig/merge_config.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/kconfig/merge_config.sh b/scripts/kconfig/merge_config.sh index 0b7952471c18f..79c09b378be81 100755 --- a/scripts/kconfig/merge_config.sh +++ b/scripts/kconfig/merge_config.sh @@ -112,8 +112,8 @@ INITFILE=$1 shift; if [ ! -r "$INITFILE" ]; then - echo "The base file '$INITFILE' does not exist. Exit." >&2 - exit 1 + echo "The base file '$INITFILE' does not exist. Creating one..." >&2 + touch "$INITFILE" fi MERGE_LIST=$* -- 2.39.5

2 months, 3 weeks

19
675
0 0

FAILED: patch "[PATCH] mfd: cros_ec: Separate charge-control probing from USB-PD" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x e40fc1160d491c3bcaf8e940ae0dde0a7c5e8e14 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082156-maturity-mutilated-6f8b@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e40fc1160d491c3bcaf8e940ae0dde0a7c5e8e14 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20Wei=C3=9Fschuh?= <linux(a)weissschuh.net> Date: Wed, 21 May 2025 16:42:51 +0200 Subject: [PATCH] mfd: cros_ec: Separate charge-control probing from USB-PD MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The charge-control subsystem in the ChromeOS EC is not strictly tied to its USB-PD subsystem. Since commit 7613bc0d116a ("mfd: cros_ec: Don't load charger with UCSI") the presence of EC_FEATURE_UCSI_PPM would inhibit the probing of the charge-control driver. Furthermore recent versions of the EC firmware in Framework laptops hard-disable EC_FEATURE_USB_PD to avoid probing cros-usbpd-charger, which then also breaks cros-charge-control. Instead use the dedicated EC_FEATURE_CHARGER. Cc: stable(a)vger.kernel.org Link: https://github.com/FrameworkComputer/EmbeddedController/commit/1d7bcf1d5013… Fixes: 555b5fcdb844 ("mfd: cros_ec: Register charge control subdevice") Signed-off-by: Thomas Weißschuh <linux(a)weissschuh.net> Reviewed-by: Tzung-Bi Shih <tzungbi(a)kernel.org> Tested-by: Tom Vincent <linux(a)tlvince.com> Link: https://lore.kernel.org/r/20250521-cros-ec-mfd-chctl-probe-v1-1-6ebfe3a6efa… Signed-off-by: Lee Jones <lee(a)kernel.org> diff --git a/drivers/mfd/cros_ec_dev.c b/drivers/mfd/cros_ec_dev.c index 9f84a52b48d6..dc80a272726b 100644 --- a/drivers/mfd/cros_ec_dev.c +++ b/drivers/mfd/cros_ec_dev.c @@ -87,7 +87,6 @@ static const struct mfd_cell cros_ec_sensorhub_cells[] = { }; static const struct mfd_cell cros_usbpd_charger_cells[] = { - { .name = "cros-charge-control", }, { .name = "cros-usbpd-charger", }, { .name = "cros-usbpd-logger", }, }; @@ -112,6 +111,10 @@ static const struct mfd_cell cros_ec_ucsi_cells[] = { { .name = "cros_ec_ucsi", }, }; +static const struct mfd_cell cros_ec_charge_control_cells[] = { + { .name = "cros-charge-control", }, +}; + static const struct cros_feature_to_cells cros_subdevices[] = { { .id = EC_FEATURE_CEC, @@ -148,6 +151,11 @@ static const struct cros_feature_to_cells cros_subdevices[] = { .mfd_cells = cros_ec_keyboard_leds_cells, .num_cells = ARRAY_SIZE(cros_ec_keyboard_leds_cells), }, + { + .id = EC_FEATURE_CHARGER, + .mfd_cells = cros_ec_charge_control_cells, + .num_cells = ARRAY_SIZE(cros_ec_charge_control_cells), + }, }; static const struct mfd_cell cros_ec_platform_cells[] = {

2 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] mfd: cros_ec: Separate charge-control probing from USB-PD" failed to apply to 6.16-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.16-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.16.y git checkout FETCH_HEAD git cherry-pick -x e40fc1160d491c3bcaf8e940ae0dde0a7c5e8e14 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082155-turf-thinly-ac0e@gregkh' --subject-prefix 'PATCH 6.16.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e40fc1160d491c3bcaf8e940ae0dde0a7c5e8e14 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20Wei=C3=9Fschuh?= <linux(a)weissschuh.net> Date: Wed, 21 May 2025 16:42:51 +0200 Subject: [PATCH] mfd: cros_ec: Separate charge-control probing from USB-PD MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The charge-control subsystem in the ChromeOS EC is not strictly tied to its USB-PD subsystem. Since commit 7613bc0d116a ("mfd: cros_ec: Don't load charger with UCSI") the presence of EC_FEATURE_UCSI_PPM would inhibit the probing of the charge-control driver. Furthermore recent versions of the EC firmware in Framework laptops hard-disable EC_FEATURE_USB_PD to avoid probing cros-usbpd-charger, which then also breaks cros-charge-control. Instead use the dedicated EC_FEATURE_CHARGER. Cc: stable(a)vger.kernel.org Link: https://github.com/FrameworkComputer/EmbeddedController/commit/1d7bcf1d5013… Fixes: 555b5fcdb844 ("mfd: cros_ec: Register charge control subdevice") Signed-off-by: Thomas Weißschuh <linux(a)weissschuh.net> Reviewed-by: Tzung-Bi Shih <tzungbi(a)kernel.org> Tested-by: Tom Vincent <linux(a)tlvince.com> Link: https://lore.kernel.org/r/20250521-cros-ec-mfd-chctl-probe-v1-1-6ebfe3a6efa… Signed-off-by: Lee Jones <lee(a)kernel.org> diff --git a/drivers/mfd/cros_ec_dev.c b/drivers/mfd/cros_ec_dev.c index 9f84a52b48d6..dc80a272726b 100644 --- a/drivers/mfd/cros_ec_dev.c +++ b/drivers/mfd/cros_ec_dev.c @@ -87,7 +87,6 @@ static const struct mfd_cell cros_ec_sensorhub_cells[] = { }; static const struct mfd_cell cros_usbpd_charger_cells[] = { - { .name = "cros-charge-control", }, { .name = "cros-usbpd-charger", }, { .name = "cros-usbpd-logger", }, }; @@ -112,6 +111,10 @@ static const struct mfd_cell cros_ec_ucsi_cells[] = { { .name = "cros_ec_ucsi", }, }; +static const struct mfd_cell cros_ec_charge_control_cells[] = { + { .name = "cros-charge-control", }, +}; + static const struct cros_feature_to_cells cros_subdevices[] = { { .id = EC_FEATURE_CEC, @@ -148,6 +151,11 @@ static const struct cros_feature_to_cells cros_subdevices[] = { .mfd_cells = cros_ec_keyboard_leds_cells, .num_cells = ARRAY_SIZE(cros_ec_keyboard_leds_cells), }, + { + .id = EC_FEATURE_CHARGER, + .mfd_cells = cros_ec_charge_control_cells, + .num_cells = ARRAY_SIZE(cros_ec_charge_control_cells), + }, }; static const struct mfd_cell cros_ec_platform_cells[] = {

2 months, 3 weeks

1
0
0 0

[PATCH v5.15 0/2] x86/irq: Plug vector setup race

by Jinjie Ruan

There is a vector setup race, which overwrites the interrupt descriptor in the per CPU vector array resulting in a disfunctional device. CPU0 CPU1 interrupt is raised in APIC IRR but not handled free_irq() per_cpu(vector_irq, CPU1)[vector] = VECTOR_SHUTDOWN; request_irq() common_interrupt() d = this_cpu_read(vector_irq[vector]); per_cpu(vector_irq, CPU1)[vector] = desc; if (d == VECTOR_SHUTDOWN) this_cpu_write(vector_irq[vector], VECTOR_UNUSED); free_irq() cannot observe the pending vector in the CPU1 APIC as there is no way to query the remote CPUs APIC IRR. This requires that request_irq() uses the same vector/CPU as the one which was freed, but this also can be triggered by a spurious interrupt. Interestingly enough this problem managed to be hidden for more than a decade. Prevent this by reevaluating vector_irq under the vector lock, which is held by the interrupt activation code when vector_irq is updated. Fixes: 9345005f4eed ("x86/irq: Fix do_IRQ() interrupt warning for cpu hotplug retriggered irqs") Cc: stable(a)vger.kernel.org#5.15.x Cc: gregkh(a)linuxfoundation.org Jacob Pan (1): x86/irq: Factor out handler invocation from common_interrupt() Thomas Gleixner (1): x86/irq: Plug vector setup race arch/x86/kernel/irq.c | 70 ++++++++++++++++++++++++++++++++++--------- 1 file changed, 56 insertions(+), 14 deletions(-) -- 2.34.1

2 months, 3 weeks

2
3
0 0

FAILED: patch "[PATCH] wifi: ath11k: fix dest ring-buffer corruption" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 8c1ba5091fa9a2d1478da63173b16a701bdf86bb # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082141-perfectly-basil-f53e@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8c1ba5091fa9a2d1478da63173b16a701bdf86bb Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan+linaro(a)kernel.org> Date: Wed, 4 Jun 2025 16:34:53 +0200 Subject: [PATCH] wifi: ath11k: fix dest ring-buffer corruption Add the missing memory barrier to make sure that destination ring descriptors are read after the head pointers to avoid using stale data on weakly ordered architectures like aarch64. The barrier is added to the ath11k_hal_srng_access_begin() helper for symmetry with follow-on fixes for source ring buffer corruption which will add barriers to ath11k_hal_srng_access_end(). Tested-on: WCN6855 hw2.1 WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.41 Fixes: d5c65159f289 ("ath11k: driver for Qualcomm IEEE 802.11ax devices") Cc: stable(a)vger.kernel.org # 5.6 Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> Reviewed-by: Baochen Qiang <quic_bqiang(a)quicinc.com> Link: https://patch.msgid.link/20250604143457.26032-2-johan+linaro@kernel.org Signed-off-by: Jeff Johnson <jeff.johnson(a)oss.qualcomm.com> diff --git a/drivers/net/wireless/ath/ath11k/ce.c b/drivers/net/wireless/ath/ath11k/ce.c index be9395f2ed8b..878ce30b307c 100644 --- a/drivers/net/wireless/ath/ath11k/ce.c +++ b/drivers/net/wireless/ath/ath11k/ce.c @@ -395,9 +395,6 @@ static int ath11k_ce_completed_recv_next(struct ath11k_ce_pipe *pipe, goto err; } - /* Make sure descriptor is read after the head pointer. */ - dma_rmb(); - *nbytes = ath11k_hal_ce_dst_status_get_length(desc); *skb = pipe->dest_ring->skb[sw_index]; diff --git a/drivers/net/wireless/ath/ath11k/dp_rx.c b/drivers/net/wireless/ath/ath11k/dp_rx.c index 9230a965f6f0..065fc40e2541 100644 --- a/drivers/net/wireless/ath/ath11k/dp_rx.c +++ b/drivers/net/wireless/ath/ath11k/dp_rx.c @@ -2650,9 +2650,6 @@ int ath11k_dp_process_rx(struct ath11k_base *ab, int ring_id, try_again: ath11k_hal_srng_access_begin(ab, srng); - /* Make sure descriptor is read after the head pointer. */ - dma_rmb(); - while (likely(desc = (struct hal_reo_dest_ring *)ath11k_hal_srng_dst_get_next_entry(ab, srng))) { diff --git a/drivers/net/wireless/ath/ath11k/hal.c b/drivers/net/wireless/ath/ath11k/hal.c index a6513aa6fbfa..0aa73774150c 100644 --- a/drivers/net/wireless/ath/ath11k/hal.c +++ b/drivers/net/wireless/ath/ath11k/hal.c @@ -825,13 +825,23 @@ u32 *ath11k_hal_srng_src_peek(struct ath11k_base *ab, struct hal_srng *srng) void ath11k_hal_srng_access_begin(struct ath11k_base *ab, struct hal_srng *srng) { + u32 hp; + lockdep_assert_held(&srng->lock); if (srng->ring_dir == HAL_SRNG_DIR_SRC) { srng->u.src_ring.cached_tp = *(volatile u32 *)srng->u.src_ring.tp_addr; } else { - srng->u.dst_ring.cached_hp = READ_ONCE(*srng->u.dst_ring.hp_addr); + hp = READ_ONCE(*srng->u.dst_ring.hp_addr); + + if (hp != srng->u.dst_ring.cached_hp) { + srng->u.dst_ring.cached_hp = hp; + /* Make sure descriptor is read after the head + * pointer. + */ + dma_rmb(); + } /* Try to prefetch the next descriptor in the ring */ if (srng->flags & HAL_SRNG_FLAGS_CACHED)

2 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] wifi: ath11k: fix dest ring-buffer corruption" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 8c1ba5091fa9a2d1478da63173b16a701bdf86bb # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082140-deuce-radiator-ccc5@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8c1ba5091fa9a2d1478da63173b16a701bdf86bb Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan+linaro(a)kernel.org> Date: Wed, 4 Jun 2025 16:34:53 +0200 Subject: [PATCH] wifi: ath11k: fix dest ring-buffer corruption Add the missing memory barrier to make sure that destination ring descriptors are read after the head pointers to avoid using stale data on weakly ordered architectures like aarch64. The barrier is added to the ath11k_hal_srng_access_begin() helper for symmetry with follow-on fixes for source ring buffer corruption which will add barriers to ath11k_hal_srng_access_end(). Tested-on: WCN6855 hw2.1 WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.41 Fixes: d5c65159f289 ("ath11k: driver for Qualcomm IEEE 802.11ax devices") Cc: stable(a)vger.kernel.org # 5.6 Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> Reviewed-by: Baochen Qiang <quic_bqiang(a)quicinc.com> Link: https://patch.msgid.link/20250604143457.26032-2-johan+linaro@kernel.org Signed-off-by: Jeff Johnson <jeff.johnson(a)oss.qualcomm.com> diff --git a/drivers/net/wireless/ath/ath11k/ce.c b/drivers/net/wireless/ath/ath11k/ce.c index be9395f2ed8b..878ce30b307c 100644 --- a/drivers/net/wireless/ath/ath11k/ce.c +++ b/drivers/net/wireless/ath/ath11k/ce.c @@ -395,9 +395,6 @@ static int ath11k_ce_completed_recv_next(struct ath11k_ce_pipe *pipe, goto err; } - /* Make sure descriptor is read after the head pointer. */ - dma_rmb(); - *nbytes = ath11k_hal_ce_dst_status_get_length(desc); *skb = pipe->dest_ring->skb[sw_index]; diff --git a/drivers/net/wireless/ath/ath11k/dp_rx.c b/drivers/net/wireless/ath/ath11k/dp_rx.c index 9230a965f6f0..065fc40e2541 100644 --- a/drivers/net/wireless/ath/ath11k/dp_rx.c +++ b/drivers/net/wireless/ath/ath11k/dp_rx.c @@ -2650,9 +2650,6 @@ int ath11k_dp_process_rx(struct ath11k_base *ab, int ring_id, try_again: ath11k_hal_srng_access_begin(ab, srng); - /* Make sure descriptor is read after the head pointer. */ - dma_rmb(); - while (likely(desc = (struct hal_reo_dest_ring *)ath11k_hal_srng_dst_get_next_entry(ab, srng))) { diff --git a/drivers/net/wireless/ath/ath11k/hal.c b/drivers/net/wireless/ath/ath11k/hal.c index a6513aa6fbfa..0aa73774150c 100644 --- a/drivers/net/wireless/ath/ath11k/hal.c +++ b/drivers/net/wireless/ath/ath11k/hal.c @@ -825,13 +825,23 @@ u32 *ath11k_hal_srng_src_peek(struct ath11k_base *ab, struct hal_srng *srng) void ath11k_hal_srng_access_begin(struct ath11k_base *ab, struct hal_srng *srng) { + u32 hp; + lockdep_assert_held(&srng->lock); if (srng->ring_dir == HAL_SRNG_DIR_SRC) { srng->u.src_ring.cached_tp = *(volatile u32 *)srng->u.src_ring.tp_addr; } else { - srng->u.dst_ring.cached_hp = READ_ONCE(*srng->u.dst_ring.hp_addr); + hp = READ_ONCE(*srng->u.dst_ring.hp_addr); + + if (hp != srng->u.dst_ring.cached_hp) { + srng->u.dst_ring.cached_hp = hp; + /* Make sure descriptor is read after the head + * pointer. + */ + dma_rmb(); + } /* Try to prefetch the next descriptor in the ring */ if (srng->flags & HAL_SRNG_FLAGS_CACHED)

2 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] iio: adc: ad_sigma_delta: change to buffer predisable" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 66d4374d97f85516b5a22418c5e798aed2606dec # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082109-mutual-easily-fafd@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 66d4374d97f85516b5a22418c5e798aed2606dec Mon Sep 17 00:00:00 2001 From: David Lechner <dlechner(a)baylibre.com> Date: Thu, 3 Jul 2025 16:07:44 -0500 Subject: [PATCH] iio: adc: ad_sigma_delta: change to buffer predisable MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Change the buffer disable callback from postdisable to predisable. This balances the existing posteanble callback. Using postdisable with posteanble can be problematic, for example, if update_scan_mode fails, it would call postdisable without ever having called posteanble, so the drivers using this would be in an unexpected state when postdisable was called. Fixes: af3008485ea0 ("iio:adc: Add common code for ADI Sigma Delta devices") Signed-off-by: David Lechner <dlechner(a)baylibre.com> Reviewed-by: Nuno Sá <nuno.sa(a)analog.com> Link: https://patch.msgid.link/20250703-iio-adc-ad_sigma_delta-buffer-predisable-… Cc: <stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> diff --git a/drivers/iio/adc/ad_sigma_delta.c b/drivers/iio/adc/ad_sigma_delta.c index 9d2dba0a0ee6..7852884703b0 100644 --- a/drivers/iio/adc/ad_sigma_delta.c +++ b/drivers/iio/adc/ad_sigma_delta.c @@ -582,7 +582,7 @@ static int ad_sd_buffer_postenable(struct iio_dev *indio_dev) return ret; } -static int ad_sd_buffer_postdisable(struct iio_dev *indio_dev) +static int ad_sd_buffer_predisable(struct iio_dev *indio_dev) { struct ad_sigma_delta *sigma_delta = iio_device_get_drvdata(indio_dev); @@ -682,7 +682,7 @@ static bool ad_sd_validate_scan_mask(struct iio_dev *indio_dev, const unsigned l static const struct iio_buffer_setup_ops ad_sd_buffer_setup_ops = { .postenable = &ad_sd_buffer_postenable, - .postdisable = &ad_sd_buffer_postdisable, + .predisable = &ad_sd_buffer_predisable, .validate_scan_mask = &ad_sd_validate_scan_mask, };

2 months, 3 weeks

1
0
0 0

[PATCH v5.10 0/2] x86/irq: Plug vector setup race

by Jinjie Ruan

There is a vector setup race, which overwrites the interrupt descriptor in the per CPU vector array resulting in a disfunctional device. CPU0 CPU1 interrupt is raised in APIC IRR but not handled free_irq() per_cpu(vector_irq, CPU1)[vector] = VECTOR_SHUTDOWN; request_irq() common_interrupt() d = this_cpu_read(vector_irq[vector]); per_cpu(vector_irq, CPU1)[vector] = desc; if (d == VECTOR_SHUTDOWN) this_cpu_write(vector_irq[vector], VECTOR_UNUSED); free_irq() cannot observe the pending vector in the CPU1 APIC as there is no way to query the remote CPUs APIC IRR. This requires that request_irq() uses the same vector/CPU as the one which was freed, but this also can be triggered by a spurious interrupt. Interestingly enough this problem managed to be hidden for more than a decade. Prevent this by reevaluating vector_irq under the vector lock, which is held by the interrupt activation code when vector_irq is updated. Fixes: 9345005f4eed ("x86/irq: Fix do_IRQ() interrupt warning for cpu hotplug retriggered irqs") Cc: stable(a)vger.kernel.org#5.10.x Cc: gregkh(a)linuxfoundation.org Jacob Pan (1): x86/irq: Factor out handler invocation from common_interrupt() Thomas Gleixner (1): x86/irq: Plug vector setup race arch/x86/kernel/irq.c | 70 ++++++++++++++++++++++++++++++++++--------- 1 file changed, 56 insertions(+), 14 deletions(-) -- 2.34.1

2 months, 3 weeks

2
3
0 0

FAILED: patch "[PATCH] ovl: use I_MUTEX_PARENT when locking parent in" failed to apply to 6.16-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.16-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.16.y git checkout FETCH_HEAD git cherry-pick -x 5f1c8965e748c150d580a2ea8fbee1bd80d07a24 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082114-donator-nursing-1c9c@gregkh' --subject-prefix 'PATCH 6.16.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 5f1c8965e748c150d580a2ea8fbee1bd80d07a24 Mon Sep 17 00:00:00 2001 From: NeilBrown <neil(a)brown.name> Date: Mon, 4 Aug 2025 22:11:28 +1000 Subject: [PATCH] ovl: use I_MUTEX_PARENT when locking parent in ovl_create_temp() ovl_create_temp() treats "workdir" as a parent in which it creates an object so it should use I_MUTEX_PARENT. Prior to the commit identified below the lock was taken by the caller which sometimes used I_MUTEX_PARENT and sometimes used I_MUTEX_NORMAL. The use of I_MUTEX_NORMAL was incorrect but unfortunately copied into ovl_create_temp(). Note to backporters: This patch only applies after the last Fixes given below (post v6.16). To fix the bug in v6.7 and later the inode_lock() call in ovl_copy_up_workdir() needs to nest using I_MUTEX_PARENT. Link: https://lore.kernel.org/all/67a72070.050a0220.3d72c.0022.GAE@google.com/ Cc: stable(a)vger.kernel.org Reported-by: syzbot+7836a68852a10ec3d790(a)syzkaller.appspotmail.com Tested-by: syzbot+7836a68852a10ec3d790(a)syzkaller.appspotmail.com Fixes: c63e56a4a652 ("ovl: do not open/llseek lower file with upper sb_writers held") Fixes: d2c995581c7c ("ovl: Call ovl_create_temp() without lock held.") Signed-off-by: NeilBrown <neil(a)brown.name> Signed-off-by: Amir Goldstein <amir73il(a)gmail.com> diff --git a/fs/overlayfs/dir.c b/fs/overlayfs/dir.c index 70b8687dc45e..dbd63a74df4b 100644 --- a/fs/overlayfs/dir.c +++ b/fs/overlayfs/dir.c @@ -225,7 +225,7 @@ struct dentry *ovl_create_temp(struct ovl_fs *ofs, struct dentry *workdir, struct ovl_cattr *attr) { struct dentry *ret; - inode_lock(workdir->d_inode); + inode_lock_nested(workdir->d_inode, I_MUTEX_PARENT); ret = ovl_create_real(ofs, workdir, ovl_lookup_temp(ofs, workdir), attr); inode_unlock(workdir->d_inode);

2 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] ovl: use I_MUTEX_PARENT when locking parent in" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 5f1c8965e748c150d580a2ea8fbee1bd80d07a24 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082114-ocelot-graceless-5693@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 5f1c8965e748c150d580a2ea8fbee1bd80d07a24 Mon Sep 17 00:00:00 2001 From: NeilBrown <neil(a)brown.name> Date: Mon, 4 Aug 2025 22:11:28 +1000 Subject: [PATCH] ovl: use I_MUTEX_PARENT when locking parent in ovl_create_temp() ovl_create_temp() treats "workdir" as a parent in which it creates an object so it should use I_MUTEX_PARENT. Prior to the commit identified below the lock was taken by the caller which sometimes used I_MUTEX_PARENT and sometimes used I_MUTEX_NORMAL. The use of I_MUTEX_NORMAL was incorrect but unfortunately copied into ovl_create_temp(). Note to backporters: This patch only applies after the last Fixes given below (post v6.16). To fix the bug in v6.7 and later the inode_lock() call in ovl_copy_up_workdir() needs to nest using I_MUTEX_PARENT. Link: https://lore.kernel.org/all/67a72070.050a0220.3d72c.0022.GAE@google.com/ Cc: stable(a)vger.kernel.org Reported-by: syzbot+7836a68852a10ec3d790(a)syzkaller.appspotmail.com Tested-by: syzbot+7836a68852a10ec3d790(a)syzkaller.appspotmail.com Fixes: c63e56a4a652 ("ovl: do not open/llseek lower file with upper sb_writers held") Fixes: d2c995581c7c ("ovl: Call ovl_create_temp() without lock held.") Signed-off-by: NeilBrown <neil(a)brown.name> Signed-off-by: Amir Goldstein <amir73il(a)gmail.com> diff --git a/fs/overlayfs/dir.c b/fs/overlayfs/dir.c index 70b8687dc45e..dbd63a74df4b 100644 --- a/fs/overlayfs/dir.c +++ b/fs/overlayfs/dir.c @@ -225,7 +225,7 @@ struct dentry *ovl_create_temp(struct ovl_fs *ofs, struct dentry *workdir, struct ovl_cattr *attr) { struct dentry *ret; - inode_lock(workdir->d_inode); + inode_lock_nested(workdir->d_inode, I_MUTEX_PARENT); ret = ovl_create_real(ofs, workdir, ovl_lookup_temp(ofs, workdir), attr); inode_unlock(workdir->d_inode);

2 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] arm64: dts: ti: k3-am62*: Move eMMC pinmux to top level board" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x a0b8da04153eb61cc2eaeeea5cc404e91e557f6b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082105-bonelike-everyone-8281@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a0b8da04153eb61cc2eaeeea5cc404e91e557f6b Mon Sep 17 00:00:00 2001 From: Judith Mendez <jm(a)ti.com> Date: Mon, 7 Jul 2025 14:08:30 -0500 Subject: [PATCH] arm64: dts: ti: k3-am62*: Move eMMC pinmux to top level board file This moves pinmux child nodes for sdhci0 node from k3-am62x-sk-common to each top level board file. This is needed since we require internal pullups for AM62x SK and not for AM62 LP SK since it has external pullups on DATA 1-7. Internal pulls are required for AM62 SK as per JESD84 spec recommendation to prevent unconnected lines floating. Fixes: d19a66ae488a ("arm64: dts: ti: k3-am625-sk: Enable on board peripherals") Cc: stable(a)vger.kernel.org Signed-off-by: Judith Mendez <jm(a)ti.com> Link: https://lore.kernel.org/r/20250707190830.3951619-1-jm@ti.com Signed-off-by: Vignesh Raghavendra <vigneshr(a)ti.com> diff --git a/arch/arm64/boot/dts/ti/k3-am62-lp-sk.dts b/arch/arm64/boot/dts/ti/k3-am62-lp-sk.dts index aafdb90c0eb7..4609f366006e 100644 --- a/arch/arm64/boot/dts/ti/k3-am62-lp-sk.dts +++ b/arch/arm64/boot/dts/ti/k3-am62-lp-sk.dts @@ -74,6 +74,22 @@ vddshv_sdio: regulator-4 { }; &main_pmx0 { + main_mmc0_pins_default: main-mmc0-default-pins { + bootph-all; + pinctrl-single,pins = < + AM62X_IOPAD(0x220, PIN_INPUT, 0) /* (V3) MMC0_CMD */ + AM62X_IOPAD(0x218, PIN_INPUT, 0) /* (Y1) MMC0_CLK */ + AM62X_IOPAD(0x214, PIN_INPUT, 0) /* (V2) MMC0_DAT0 */ + AM62X_IOPAD(0x210, PIN_INPUT, 0) /* (V1) MMC0_DAT1 */ + AM62X_IOPAD(0x20c, PIN_INPUT, 0) /* (W2) MMC0_DAT2 */ + AM62X_IOPAD(0x208, PIN_INPUT, 0) /* (W1) MMC0_DAT3 */ + AM62X_IOPAD(0x204, PIN_INPUT, 0) /* (Y2) MMC0_DAT4 */ + AM62X_IOPAD(0x200, PIN_INPUT, 0) /* (W3) MMC0_DAT5 */ + AM62X_IOPAD(0x1fc, PIN_INPUT, 0) /* (W4) MMC0_DAT6 */ + AM62X_IOPAD(0x1f8, PIN_INPUT, 0) /* (V4) MMC0_DAT7 */ + >; + }; + vddshv_sdio_pins_default: vddshv-sdio-default-pins { pinctrl-single,pins = < AM62X_IOPAD(0x07c, PIN_OUTPUT, 7) /* (M19) GPMC0_CLK.GPIO0_31 */ @@ -144,6 +160,14 @@ exp2: gpio@23 { }; }; +&sdhci0 { + bootph-all; + non-removable; + pinctrl-names = "default"; + pinctrl-0 = <&main_mmc0_pins_default>; + status = "okay"; +}; + &sdhci1 { vmmc-supply = <&vdd_mmc1>; vqmmc-supply = <&vddshv_sdio>; diff --git a/arch/arm64/boot/dts/ti/k3-am625-sk.dts b/arch/arm64/boot/dts/ti/k3-am625-sk.dts index 2fbfa3719345..d240165bda9c 100644 --- a/arch/arm64/boot/dts/ti/k3-am625-sk.dts +++ b/arch/arm64/boot/dts/ti/k3-am625-sk.dts @@ -106,6 +106,22 @@ vcc_1v8: regulator-5 { }; &main_pmx0 { + main_mmc0_pins_default: main-mmc0-default-pins { + bootph-all; + pinctrl-single,pins = < + AM62X_IOPAD(0x220, PIN_INPUT, 0) /* (Y3) MMC0_CMD */ + AM62X_IOPAD(0x218, PIN_INPUT, 0) /* (AB1) MMC0_CLK */ + AM62X_IOPAD(0x214, PIN_INPUT, 0) /* (AA2) MMC0_DAT0 */ + AM62X_IOPAD(0x210, PIN_INPUT_PULLUP, 0) /* (AA1) MMC0_DAT1 */ + AM62X_IOPAD(0x20c, PIN_INPUT_PULLUP, 0) /* (AA3) MMC0_DAT2 */ + AM62X_IOPAD(0x208, PIN_INPUT_PULLUP, 0) /* (Y4) MMC0_DAT3 */ + AM62X_IOPAD(0x204, PIN_INPUT_PULLUP, 0) /* (AB2) MMC0_DAT4 */ + AM62X_IOPAD(0x200, PIN_INPUT_PULLUP, 0) /* (AC1) MMC0_DAT5 */ + AM62X_IOPAD(0x1fc, PIN_INPUT_PULLUP, 0) /* (AD2) MMC0_DAT6 */ + AM62X_IOPAD(0x1f8, PIN_INPUT_PULLUP, 0) /* (AC2) MMC0_DAT7 */ + >; + }; + main_rgmii2_pins_default: main-rgmii2-default-pins { bootph-all; pinctrl-single,pins = < @@ -195,6 +211,14 @@ exp1: gpio@22 { }; }; +&sdhci0 { + bootph-all; + non-removable; + pinctrl-names = "default"; + pinctrl-0 = <&main_mmc0_pins_default>; + status = "okay"; +}; + &sdhci1 { vmmc-supply = <&vdd_mmc1>; vqmmc-supply = <&vdd_sd_dv>; diff --git a/arch/arm64/boot/dts/ti/k3-am62x-sk-common.dtsi b/arch/arm64/boot/dts/ti/k3-am62x-sk-common.dtsi index ee8337bfbbfd..13e1d36123d5 100644 --- a/arch/arm64/boot/dts/ti/k3-am62x-sk-common.dtsi +++ b/arch/arm64/boot/dts/ti/k3-am62x-sk-common.dtsi @@ -203,22 +203,6 @@ AM62X_IOPAD(0x0b4, PIN_INPUT_PULLUP, 1) /* (K24/H19) GPMC0_CSn3.I2C2_SDA */ >; }; - main_mmc0_pins_default: main-mmc0-default-pins { - bootph-all; - pinctrl-single,pins = < - AM62X_IOPAD(0x220, PIN_INPUT, 0) /* (Y3/V3) MMC0_CMD */ - AM62X_IOPAD(0x218, PIN_INPUT, 0) /* (AB1/Y1) MMC0_CLK */ - AM62X_IOPAD(0x214, PIN_INPUT, 0) /* (AA2/V2) MMC0_DAT0 */ - AM62X_IOPAD(0x210, PIN_INPUT, 0) /* (AA1/V1) MMC0_DAT1 */ - AM62X_IOPAD(0x20c, PIN_INPUT, 0) /* (AA3/W2) MMC0_DAT2 */ - AM62X_IOPAD(0x208, PIN_INPUT, 0) /* (Y4/W1) MMC0_DAT3 */ - AM62X_IOPAD(0x204, PIN_INPUT, 0) /* (AB2/Y2) MMC0_DAT4 */ - AM62X_IOPAD(0x200, PIN_INPUT, 0) /* (AC1/W3) MMC0_DAT5 */ - AM62X_IOPAD(0x1fc, PIN_INPUT, 0) /* (AD2/W4) MMC0_DAT6 */ - AM62X_IOPAD(0x1f8, PIN_INPUT, 0) /* (AC2/V4) MMC0_DAT7 */ - >; - }; - main_mmc1_pins_default: main-mmc1-default-pins { bootph-all; pinctrl-single,pins = < @@ -457,14 +441,6 @@ &main_i2c2 { clock-frequency = <400000>; }; -&sdhci0 { - bootph-all; - status = "okay"; - non-removable; - pinctrl-names = "default"; - pinctrl-0 = <&main_mmc0_pins_default>; -}; - &sdhci1 { /* SD/MMC */ bootph-all;

2 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] arm64: dts: ti: k3-am62*: Move eMMC pinmux to top level board" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x a0b8da04153eb61cc2eaeeea5cc404e91e557f6b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082104-stilt-flick-296a@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a0b8da04153eb61cc2eaeeea5cc404e91e557f6b Mon Sep 17 00:00:00 2001 From: Judith Mendez <jm(a)ti.com> Date: Mon, 7 Jul 2025 14:08:30 -0500 Subject: [PATCH] arm64: dts: ti: k3-am62*: Move eMMC pinmux to top level board file This moves pinmux child nodes for sdhci0 node from k3-am62x-sk-common to each top level board file. This is needed since we require internal pullups for AM62x SK and not for AM62 LP SK since it has external pullups on DATA 1-7. Internal pulls are required for AM62 SK as per JESD84 spec recommendation to prevent unconnected lines floating. Fixes: d19a66ae488a ("arm64: dts: ti: k3-am625-sk: Enable on board peripherals") Cc: stable(a)vger.kernel.org Signed-off-by: Judith Mendez <jm(a)ti.com> Link: https://lore.kernel.org/r/20250707190830.3951619-1-jm@ti.com Signed-off-by: Vignesh Raghavendra <vigneshr(a)ti.com> diff --git a/arch/arm64/boot/dts/ti/k3-am62-lp-sk.dts b/arch/arm64/boot/dts/ti/k3-am62-lp-sk.dts index aafdb90c0eb7..4609f366006e 100644 --- a/arch/arm64/boot/dts/ti/k3-am62-lp-sk.dts +++ b/arch/arm64/boot/dts/ti/k3-am62-lp-sk.dts @@ -74,6 +74,22 @@ vddshv_sdio: regulator-4 { }; &main_pmx0 { + main_mmc0_pins_default: main-mmc0-default-pins { + bootph-all; + pinctrl-single,pins = < + AM62X_IOPAD(0x220, PIN_INPUT, 0) /* (V3) MMC0_CMD */ + AM62X_IOPAD(0x218, PIN_INPUT, 0) /* (Y1) MMC0_CLK */ + AM62X_IOPAD(0x214, PIN_INPUT, 0) /* (V2) MMC0_DAT0 */ + AM62X_IOPAD(0x210, PIN_INPUT, 0) /* (V1) MMC0_DAT1 */ + AM62X_IOPAD(0x20c, PIN_INPUT, 0) /* (W2) MMC0_DAT2 */ + AM62X_IOPAD(0x208, PIN_INPUT, 0) /* (W1) MMC0_DAT3 */ + AM62X_IOPAD(0x204, PIN_INPUT, 0) /* (Y2) MMC0_DAT4 */ + AM62X_IOPAD(0x200, PIN_INPUT, 0) /* (W3) MMC0_DAT5 */ + AM62X_IOPAD(0x1fc, PIN_INPUT, 0) /* (W4) MMC0_DAT6 */ + AM62X_IOPAD(0x1f8, PIN_INPUT, 0) /* (V4) MMC0_DAT7 */ + >; + }; + vddshv_sdio_pins_default: vddshv-sdio-default-pins { pinctrl-single,pins = < AM62X_IOPAD(0x07c, PIN_OUTPUT, 7) /* (M19) GPMC0_CLK.GPIO0_31 */ @@ -144,6 +160,14 @@ exp2: gpio@23 { }; }; +&sdhci0 { + bootph-all; + non-removable; + pinctrl-names = "default"; + pinctrl-0 = <&main_mmc0_pins_default>; + status = "okay"; +}; + &sdhci1 { vmmc-supply = <&vdd_mmc1>; vqmmc-supply = <&vddshv_sdio>; diff --git a/arch/arm64/boot/dts/ti/k3-am625-sk.dts b/arch/arm64/boot/dts/ti/k3-am625-sk.dts index 2fbfa3719345..d240165bda9c 100644 --- a/arch/arm64/boot/dts/ti/k3-am625-sk.dts +++ b/arch/arm64/boot/dts/ti/k3-am625-sk.dts @@ -106,6 +106,22 @@ vcc_1v8: regulator-5 { }; &main_pmx0 { + main_mmc0_pins_default: main-mmc0-default-pins { + bootph-all; + pinctrl-single,pins = < + AM62X_IOPAD(0x220, PIN_INPUT, 0) /* (Y3) MMC0_CMD */ + AM62X_IOPAD(0x218, PIN_INPUT, 0) /* (AB1) MMC0_CLK */ + AM62X_IOPAD(0x214, PIN_INPUT, 0) /* (AA2) MMC0_DAT0 */ + AM62X_IOPAD(0x210, PIN_INPUT_PULLUP, 0) /* (AA1) MMC0_DAT1 */ + AM62X_IOPAD(0x20c, PIN_INPUT_PULLUP, 0) /* (AA3) MMC0_DAT2 */ + AM62X_IOPAD(0x208, PIN_INPUT_PULLUP, 0) /* (Y4) MMC0_DAT3 */ + AM62X_IOPAD(0x204, PIN_INPUT_PULLUP, 0) /* (AB2) MMC0_DAT4 */ + AM62X_IOPAD(0x200, PIN_INPUT_PULLUP, 0) /* (AC1) MMC0_DAT5 */ + AM62X_IOPAD(0x1fc, PIN_INPUT_PULLUP, 0) /* (AD2) MMC0_DAT6 */ + AM62X_IOPAD(0x1f8, PIN_INPUT_PULLUP, 0) /* (AC2) MMC0_DAT7 */ + >; + }; + main_rgmii2_pins_default: main-rgmii2-default-pins { bootph-all; pinctrl-single,pins = < @@ -195,6 +211,14 @@ exp1: gpio@22 { }; }; +&sdhci0 { + bootph-all; + non-removable; + pinctrl-names = "default"; + pinctrl-0 = <&main_mmc0_pins_default>; + status = "okay"; +}; + &sdhci1 { vmmc-supply = <&vdd_mmc1>; vqmmc-supply = <&vdd_sd_dv>; diff --git a/arch/arm64/boot/dts/ti/k3-am62x-sk-common.dtsi b/arch/arm64/boot/dts/ti/k3-am62x-sk-common.dtsi index ee8337bfbbfd..13e1d36123d5 100644 --- a/arch/arm64/boot/dts/ti/k3-am62x-sk-common.dtsi +++ b/arch/arm64/boot/dts/ti/k3-am62x-sk-common.dtsi @@ -203,22 +203,6 @@ AM62X_IOPAD(0x0b4, PIN_INPUT_PULLUP, 1) /* (K24/H19) GPMC0_CSn3.I2C2_SDA */ >; }; - main_mmc0_pins_default: main-mmc0-default-pins { - bootph-all; - pinctrl-single,pins = < - AM62X_IOPAD(0x220, PIN_INPUT, 0) /* (Y3/V3) MMC0_CMD */ - AM62X_IOPAD(0x218, PIN_INPUT, 0) /* (AB1/Y1) MMC0_CLK */ - AM62X_IOPAD(0x214, PIN_INPUT, 0) /* (AA2/V2) MMC0_DAT0 */ - AM62X_IOPAD(0x210, PIN_INPUT, 0) /* (AA1/V1) MMC0_DAT1 */ - AM62X_IOPAD(0x20c, PIN_INPUT, 0) /* (AA3/W2) MMC0_DAT2 */ - AM62X_IOPAD(0x208, PIN_INPUT, 0) /* (Y4/W1) MMC0_DAT3 */ - AM62X_IOPAD(0x204, PIN_INPUT, 0) /* (AB2/Y2) MMC0_DAT4 */ - AM62X_IOPAD(0x200, PIN_INPUT, 0) /* (AC1/W3) MMC0_DAT5 */ - AM62X_IOPAD(0x1fc, PIN_INPUT, 0) /* (AD2/W4) MMC0_DAT6 */ - AM62X_IOPAD(0x1f8, PIN_INPUT, 0) /* (AC2/V4) MMC0_DAT7 */ - >; - }; - main_mmc1_pins_default: main-mmc1-default-pins { bootph-all; pinctrl-single,pins = < @@ -457,14 +441,6 @@ &main_i2c2 { clock-frequency = <400000>; }; -&sdhci0 { - bootph-all; - status = "okay"; - non-removable; - pinctrl-names = "default"; - pinctrl-0 = <&main_mmc0_pins_default>; -}; - &sdhci1 { /* SD/MMC */ bootph-all;

2 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] crypto: octeontx2 - Fix address alignment issue on ucode" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x b7b88b4939e71ef2aed8238976a2bbabcb63a790 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082132-trimmer-going-5925@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b7b88b4939e71ef2aed8238976a2bbabcb63a790 Mon Sep 17 00:00:00 2001 From: Bharat Bhushan <bbhushan2(a)marvell.com> Date: Thu, 22 May 2025 15:36:25 +0530 Subject: [PATCH] crypto: octeontx2 - Fix address alignment issue on ucode loading octeontx2 crypto driver allocates memory using kmalloc/kzalloc, and uses this memory for dma (does dma_map_single()). It assumes that kmalloc/kzalloc will return 128-byte aligned address. But kmalloc/kzalloc returns 8-byte aligned address after below changes: "9382bc44b5f5 arm64: allow kmalloc() caches aligned to the smaller cache_line_size()" Completion address should be 32-Byte alignment when loading microcode. Signed-off-by: Bharat Bhushan <bbhushan2(a)marvell.com> Cc: <stable(a)vger.kernel.org> # v6.5+ Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> diff --git a/drivers/crypto/marvell/octeontx2/otx2_cptpf_ucode.c b/drivers/crypto/marvell/octeontx2/otx2_cptpf_ucode.c index 9095dea2748d..56645b3eb717 100644 --- a/drivers/crypto/marvell/octeontx2/otx2_cptpf_ucode.c +++ b/drivers/crypto/marvell/octeontx2/otx2_cptpf_ucode.c @@ -1491,12 +1491,13 @@ int otx2_cpt_discover_eng_capabilities(struct otx2_cptpf_dev *cptpf) union otx2_cpt_opcode opcode; union otx2_cpt_res_s *result; union otx2_cpt_inst_s inst; + dma_addr_t result_baddr; dma_addr_t rptr_baddr; struct pci_dev *pdev; - u32 len, compl_rlen; int timeout = 10000; + void *base, *rptr; int ret, etype; - void *rptr; + u32 len; /* * We don't get capabilities if it was already done @@ -1519,22 +1520,28 @@ int otx2_cpt_discover_eng_capabilities(struct otx2_cptpf_dev *cptpf) if (ret) goto delete_grps; - compl_rlen = ALIGN(sizeof(union otx2_cpt_res_s), OTX2_CPT_DMA_MINALIGN); - len = compl_rlen + LOADFVC_RLEN; + /* Allocate extra memory for "rptr" and "result" pointer alignment */ + len = LOADFVC_RLEN + ARCH_DMA_MINALIGN + + sizeof(union otx2_cpt_res_s) + OTX2_CPT_RES_ADDR_ALIGN; - result = kzalloc(len, GFP_KERNEL); - if (!result) { + base = kzalloc(len, GFP_KERNEL); + if (!base) { ret = -ENOMEM; goto lf_cleanup; } - rptr_baddr = dma_map_single(&pdev->dev, (void *)result, len, - DMA_BIDIRECTIONAL); + + rptr = PTR_ALIGN(base, ARCH_DMA_MINALIGN); + rptr_baddr = dma_map_single(&pdev->dev, rptr, len, DMA_BIDIRECTIONAL); if (dma_mapping_error(&pdev->dev, rptr_baddr)) { dev_err(&pdev->dev, "DMA mapping failed\n"); ret = -EFAULT; - goto free_result; + goto free_rptr; } - rptr = (u8 *)result + compl_rlen; + + result = (union otx2_cpt_res_s *)PTR_ALIGN(rptr + LOADFVC_RLEN, + OTX2_CPT_RES_ADDR_ALIGN); + result_baddr = ALIGN(rptr_baddr + LOADFVC_RLEN, + OTX2_CPT_RES_ADDR_ALIGN); /* Fill in the command */ opcode.s.major = LOADFVC_MAJOR_OP; @@ -1546,14 +1553,14 @@ int otx2_cpt_discover_eng_capabilities(struct otx2_cptpf_dev *cptpf) /* 64-bit swap for microcode data reads, not needed for addresses */ cpu_to_be64s(&iq_cmd.cmd.u); iq_cmd.dptr = 0; - iq_cmd.rptr = rptr_baddr + compl_rlen; + iq_cmd.rptr = rptr_baddr; iq_cmd.cptr.u = 0; for (etype = 1; etype < OTX2_CPT_MAX_ENG_TYPES; etype++) { result->s.compcode = OTX2_CPT_COMPLETION_CODE_INIT; iq_cmd.cptr.s.grp = otx2_cpt_get_eng_grp(&cptpf->eng_grps, etype); - otx2_cpt_fill_inst(&inst, &iq_cmd, rptr_baddr); + otx2_cpt_fill_inst(&inst, &iq_cmd, result_baddr); lfs->ops->send_cmd(&inst, 1, &cptpf->lfs.lf[0]); timeout = 10000; @@ -1576,8 +1583,8 @@ int otx2_cpt_discover_eng_capabilities(struct otx2_cptpf_dev *cptpf) error_no_response: dma_unmap_single(&pdev->dev, rptr_baddr, len, DMA_BIDIRECTIONAL); -free_result: - kfree(result); +free_rptr: + kfree(base); lf_cleanup: otx2_cptlf_shutdown(lfs); delete_grps:

2 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] ext4: fix hole length calculation overflow in non-extent" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 02c7f7219ac0e2277b3379a3a0e9841ef464b6d4 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082129-kung-accuracy-abdf@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 02c7f7219ac0e2277b3379a3a0e9841ef464b6d4 Mon Sep 17 00:00:00 2001 From: Zhang Yi <yi.zhang(a)huawei.com> Date: Mon, 11 Aug 2025 14:45:32 +0800 Subject: [PATCH] ext4: fix hole length calculation overflow in non-extent inodes In a filesystem with a block size larger than 4KB, the hole length calculation for a non-extent inode in ext4_ind_map_blocks() can easily exceed INT_MAX. Then it could return a zero length hole and trigger the following waring and infinite in the iomap infrastructure. ------------[ cut here ]------------ WARNING: CPU: 3 PID: 434101 at fs/iomap/iter.c:34 iomap_iter_done+0x148/0x190 CPU: 3 UID: 0 PID: 434101 Comm: fsstress Not tainted 6.16.0-rc7+ #128 PREEMPT(voluntary) Hardware name: QEMU KVM Virtual Machine, BIOS unknown 2/2/2022 pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : iomap_iter_done+0x148/0x190 lr : iomap_iter+0x174/0x230 sp : ffff8000880af740 x29: ffff8000880af740 x28: ffff0000db8e6840 x27: 0000000000000000 x26: 0000000000000000 x25: ffff8000880af830 x24: 0000004000000000 x23: 0000000000000002 x22: 000001bfdbfa8000 x21: ffffa6a41c002e48 x20: 0000000000000001 x19: ffff8000880af808 x18: 0000000000000000 x17: 0000000000000000 x16: ffffa6a495ee6cd0 x15: 0000000000000000 x14: 00000000000003d4 x13: 00000000fa83b2da x12: 0000b236fc95f18c x11: ffffa6a4978b9c08 x10: 0000000000001da0 x9 : ffffa6a41c1a2a44 x8 : ffff8000880af5c8 x7 : 0000000001000000 x6 : 0000000000000000 x5 : 0000000000000004 x4 : 000001bfdbfa8000 x3 : 0000000000000000 x2 : 0000000000000000 x1 : 0000004004030000 x0 : 0000000000000000 Call trace: iomap_iter_done+0x148/0x190 (P) iomap_iter+0x174/0x230 iomap_fiemap+0x154/0x1d8 ext4_fiemap+0x110/0x140 [ext4] do_vfs_ioctl+0x4b8/0xbc0 __arm64_sys_ioctl+0x8c/0x120 invoke_syscall+0x6c/0x100 el0_svc_common.constprop.0+0x48/0xf0 do_el0_svc+0x24/0x38 el0_svc+0x38/0x120 el0t_64_sync_handler+0x10c/0x138 el0t_64_sync+0x198/0x1a0 ---[ end trace 0000000000000000 ]--- Cc: stable(a)kernel.org Fixes: facab4d9711e ("ext4: return hole from ext4_map_blocks()") Reported-by: Qu Wenruo <wqu(a)suse.com> Closes: https://lore.kernel.org/linux-ext4/9b650a52-9672-4604-a765-bb6be55d1e4a@gmx… Tested-by: Qu Wenruo <wqu(a)suse.com> Signed-off-by: Zhang Yi <yi.zhang(a)huawei.com> Link: https://patch.msgid.link/20250811064532.1788289-1-yi.zhang@huaweicloud.com Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> diff --git a/fs/ext4/indirect.c b/fs/ext4/indirect.c index 7de327fa7b1c..d45124318200 100644 --- a/fs/ext4/indirect.c +++ b/fs/ext4/indirect.c @@ -539,7 +539,7 @@ int ext4_ind_map_blocks(handle_t *handle, struct inode *inode, int indirect_blks; int blocks_to_boundary = 0; int depth; - int count = 0; + u64 count = 0; ext4_fsblk_t first_block = 0; trace_ext4_ind_map_blocks_enter(inode, map->m_lblk, map->m_len, flags); @@ -588,7 +588,7 @@ int ext4_ind_map_blocks(handle_t *handle, struct inode *inode, count++; /* Fill in size of a hole we found */ map->m_pblk = 0; - map->m_len = min_t(unsigned int, map->m_len, count); + map->m_len = umin(map->m_len, count); goto cleanup; }

2 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] btrfs: subpage: keep TOWRITE tag until folio is cleaned" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x b1511360c8ac882b0c52caa263620538e8d73220 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082107-pellet-wildfire-8e45@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b1511360c8ac882b0c52caa263620538e8d73220 Mon Sep 17 00:00:00 2001 From: Naohiro Aota <naohiro.aota(a)wdc.com> Date: Thu, 31 Jul 2025 12:46:56 +0900 Subject: [PATCH] btrfs: subpage: keep TOWRITE tag until folio is cleaned btrfs_subpage_set_writeback() calls folio_start_writeback() the first time a folio is written back, and it also clears the PAGECACHE_TAG_TOWRITE tag even if there are still dirty blocks in the folio. This can break ordering guarantees, such as those required by btrfs_wait_ordered_extents(). That ordering breakage leads to a real failure. For example, running generic/464 on a zoned setup will hit the following ASSERT. This happens because the broken ordering fails to flush existing dirty pages before the file size is truncated. assertion failed: !list_empty(&ordered->list) :: 0, in fs/btrfs/zoned.c:1899 ------------[ cut here ]------------ kernel BUG at fs/btrfs/zoned.c:1899! Oops: invalid opcode: 0000 [#1] SMP NOPTI CPU: 2 UID: 0 PID: 1906169 Comm: kworker/u130:2 Kdump: loaded Not tainted 6.16.0-rc6-BTRFS-ZNS+ #554 PREEMPT(voluntary) Hardware name: Supermicro Super Server/H12SSL-NT, BIOS 2.0 02/22/2021 Workqueue: btrfs-endio-write btrfs_work_helper [btrfs] RIP: 0010:btrfs_finish_ordered_zoned.cold+0x50/0x52 [btrfs] RSP: 0018:ffffc9002efdbd60 EFLAGS: 00010246 RAX: 000000000000004c RBX: ffff88811923c4e0 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffff827e38b1 RDI: 00000000ffffffff RBP: ffff88810005d000 R08: 00000000ffffdfff R09: ffffffff831051c8 R10: ffffffff83055220 R11: 0000000000000000 R12: ffff8881c2458c00 R13: ffff88811923c540 R14: ffff88811923c5e8 R15: ffff8881c1bd9680 FS: 0000000000000000(0000) GS:ffff88a04acd0000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f907c7a918c CR3: 0000000004024000 CR4: 0000000000350ef0 Call Trace: <TASK> ? srso_return_thunk+0x5/0x5f btrfs_finish_ordered_io+0x4a/0x60 [btrfs] btrfs_work_helper+0xf9/0x490 [btrfs] process_one_work+0x204/0x590 ? srso_return_thunk+0x5/0x5f worker_thread+0x1d6/0x3d0 ? __pfx_worker_thread+0x10/0x10 kthread+0x118/0x230 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x205/0x260 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30 </TASK> Consider process A calling writepages() with WB_SYNC_NONE. In zoned mode or for compressed writes, it locks several folios for delalloc and starts writing them out. Let's call the last locked folio folio X. Suppose the write range only partially covers folio X, leaving some pages dirty. Process A calls btrfs_subpage_set_writeback() when building a bio. This function call clears the TOWRITE tag of folio X, whose size = 8K and the block size = 4K. It is following state. 0 4K 8K |/////|/////| (flag: DIRTY, tag: DIRTY) <-----> Process A will write this range. Now suppose process B concurrently calls writepages() with WB_SYNC_ALL. It calls tag_pages_for_writeback() to tag dirty folios with PAGECACHE_TAG_TOWRITE. Since folio X is still dirty, it gets tagged. Then, B collects tagged folios using filemap_get_folios_tag() and must wait for folio X to be written before returning from writepages(). 0 4K 8K |/////|/////| (flag: DIRTY, tag: DIRTY|TOWRITE) However, between tagging and collecting, process A may call btrfs_subpage_set_writeback() and clear folio X's TOWRITE tag. 0 4K 8K | |/////| (flag: DIRTY|WRITEBACK, tag: DIRTY) As a result, process B won't see folio X in its batch, and returns without waiting for it. This breaks the WB_SYNC_ALL ordering requirement. Fix this by using btrfs_subpage_set_writeback_keepwrite(), which retains the TOWRITE tag. We now manually clear the tag only after the folio becomes clean, via the xas operation. Fixes: 3470da3b7d87 ("btrfs: subpage: introduce helpers for writeback status") CC: stable(a)vger.kernel.org # 6.12+ Reviewed-by: Qu Wenruo <wqu(a)suse.com> Reviewed-by: Johannes Thumshirn <johannes.thumshirn(a)wdc.com> Signed-off-by: Naohiro Aota <naohiro.aota(a)wdc.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/subpage.c b/fs/btrfs/subpage.c index c9b3821957f7..cb4f97833dc3 100644 --- a/fs/btrfs/subpage.c +++ b/fs/btrfs/subpage.c @@ -448,8 +448,25 @@ void btrfs_subpage_set_writeback(const struct btrfs_fs_info *fs_info, spin_lock_irqsave(&bfs->lock, flags); bitmap_set(bfs->bitmaps, start_bit, len >> fs_info->sectorsize_bits); + + /* + * Don't clear the TOWRITE tag when starting writeback on a still-dirty + * folio. Doing so can cause WB_SYNC_ALL writepages() to overlook it, + * assume writeback is complete, and exit too early — violating sync + * ordering guarantees. + */ if (!folio_test_writeback(folio)) - folio_start_writeback(folio); + __folio_start_writeback(folio, true); + if (!folio_test_dirty(folio)) { + struct address_space *mapping = folio_mapping(folio); + XA_STATE(xas, &mapping->i_pages, folio->index); + unsigned long flags; + + xas_lock_irqsave(&xas, flags); + xas_load(&xas); + xas_clear_mark(&xas, PAGECACHE_TAG_TOWRITE); + xas_unlock_irqrestore(&xas, flags); + } spin_unlock_irqrestore(&bfs->lock, flags); }

2 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] btrfs: subpage: keep TOWRITE tag until folio is cleaned" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x b1511360c8ac882b0c52caa263620538e8d73220 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082105-calibrate-trombone-430c@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b1511360c8ac882b0c52caa263620538e8d73220 Mon Sep 17 00:00:00 2001 From: Naohiro Aota <naohiro.aota(a)wdc.com> Date: Thu, 31 Jul 2025 12:46:56 +0900 Subject: [PATCH] btrfs: subpage: keep TOWRITE tag until folio is cleaned btrfs_subpage_set_writeback() calls folio_start_writeback() the first time a folio is written back, and it also clears the PAGECACHE_TAG_TOWRITE tag even if there are still dirty blocks in the folio. This can break ordering guarantees, such as those required by btrfs_wait_ordered_extents(). That ordering breakage leads to a real failure. For example, running generic/464 on a zoned setup will hit the following ASSERT. This happens because the broken ordering fails to flush existing dirty pages before the file size is truncated. assertion failed: !list_empty(&ordered->list) :: 0, in fs/btrfs/zoned.c:1899 ------------[ cut here ]------------ kernel BUG at fs/btrfs/zoned.c:1899! Oops: invalid opcode: 0000 [#1] SMP NOPTI CPU: 2 UID: 0 PID: 1906169 Comm: kworker/u130:2 Kdump: loaded Not tainted 6.16.0-rc6-BTRFS-ZNS+ #554 PREEMPT(voluntary) Hardware name: Supermicro Super Server/H12SSL-NT, BIOS 2.0 02/22/2021 Workqueue: btrfs-endio-write btrfs_work_helper [btrfs] RIP: 0010:btrfs_finish_ordered_zoned.cold+0x50/0x52 [btrfs] RSP: 0018:ffffc9002efdbd60 EFLAGS: 00010246 RAX: 000000000000004c RBX: ffff88811923c4e0 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffff827e38b1 RDI: 00000000ffffffff RBP: ffff88810005d000 R08: 00000000ffffdfff R09: ffffffff831051c8 R10: ffffffff83055220 R11: 0000000000000000 R12: ffff8881c2458c00 R13: ffff88811923c540 R14: ffff88811923c5e8 R15: ffff8881c1bd9680 FS: 0000000000000000(0000) GS:ffff88a04acd0000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f907c7a918c CR3: 0000000004024000 CR4: 0000000000350ef0 Call Trace: <TASK> ? srso_return_thunk+0x5/0x5f btrfs_finish_ordered_io+0x4a/0x60 [btrfs] btrfs_work_helper+0xf9/0x490 [btrfs] process_one_work+0x204/0x590 ? srso_return_thunk+0x5/0x5f worker_thread+0x1d6/0x3d0 ? __pfx_worker_thread+0x10/0x10 kthread+0x118/0x230 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x205/0x260 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30 </TASK> Consider process A calling writepages() with WB_SYNC_NONE. In zoned mode or for compressed writes, it locks several folios for delalloc and starts writing them out. Let's call the last locked folio folio X. Suppose the write range only partially covers folio X, leaving some pages dirty. Process A calls btrfs_subpage_set_writeback() when building a bio. This function call clears the TOWRITE tag of folio X, whose size = 8K and the block size = 4K. It is following state. 0 4K 8K |/////|/////| (flag: DIRTY, tag: DIRTY) <-----> Process A will write this range. Now suppose process B concurrently calls writepages() with WB_SYNC_ALL. It calls tag_pages_for_writeback() to tag dirty folios with PAGECACHE_TAG_TOWRITE. Since folio X is still dirty, it gets tagged. Then, B collects tagged folios using filemap_get_folios_tag() and must wait for folio X to be written before returning from writepages(). 0 4K 8K |/////|/////| (flag: DIRTY, tag: DIRTY|TOWRITE) However, between tagging and collecting, process A may call btrfs_subpage_set_writeback() and clear folio X's TOWRITE tag. 0 4K 8K | |/////| (flag: DIRTY|WRITEBACK, tag: DIRTY) As a result, process B won't see folio X in its batch, and returns without waiting for it. This breaks the WB_SYNC_ALL ordering requirement. Fix this by using btrfs_subpage_set_writeback_keepwrite(), which retains the TOWRITE tag. We now manually clear the tag only after the folio becomes clean, via the xas operation. Fixes: 3470da3b7d87 ("btrfs: subpage: introduce helpers for writeback status") CC: stable(a)vger.kernel.org # 6.12+ Reviewed-by: Qu Wenruo <wqu(a)suse.com> Reviewed-by: Johannes Thumshirn <johannes.thumshirn(a)wdc.com> Signed-off-by: Naohiro Aota <naohiro.aota(a)wdc.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/subpage.c b/fs/btrfs/subpage.c index c9b3821957f7..cb4f97833dc3 100644 --- a/fs/btrfs/subpage.c +++ b/fs/btrfs/subpage.c @@ -448,8 +448,25 @@ void btrfs_subpage_set_writeback(const struct btrfs_fs_info *fs_info, spin_lock_irqsave(&bfs->lock, flags); bitmap_set(bfs->bitmaps, start_bit, len >> fs_info->sectorsize_bits); + + /* + * Don't clear the TOWRITE tag when starting writeback on a still-dirty + * folio. Doing so can cause WB_SYNC_ALL writepages() to overlook it, + * assume writeback is complete, and exit too early — violating sync + * ordering guarantees. + */ if (!folio_test_writeback(folio)) - folio_start_writeback(folio); + __folio_start_writeback(folio, true); + if (!folio_test_dirty(folio)) { + struct address_space *mapping = folio_mapping(folio); + XA_STATE(xas, &mapping->i_pages, folio->index); + unsigned long flags; + + xas_lock_irqsave(&xas, flags); + xas_load(&xas); + xas_clear_mark(&xas, PAGECACHE_TAG_TOWRITE); + xas_unlock_irqrestore(&xas, flags); + } spin_unlock_irqrestore(&bfs->lock, flags); }

2 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] btrfs: subpage: keep TOWRITE tag until folio is cleaned" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x b1511360c8ac882b0c52caa263620538e8d73220 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082104-dad-buzz-9d86@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b1511360c8ac882b0c52caa263620538e8d73220 Mon Sep 17 00:00:00 2001 From: Naohiro Aota <naohiro.aota(a)wdc.com> Date: Thu, 31 Jul 2025 12:46:56 +0900 Subject: [PATCH] btrfs: subpage: keep TOWRITE tag until folio is cleaned btrfs_subpage_set_writeback() calls folio_start_writeback() the first time a folio is written back, and it also clears the PAGECACHE_TAG_TOWRITE tag even if there are still dirty blocks in the folio. This can break ordering guarantees, such as those required by btrfs_wait_ordered_extents(). That ordering breakage leads to a real failure. For example, running generic/464 on a zoned setup will hit the following ASSERT. This happens because the broken ordering fails to flush existing dirty pages before the file size is truncated. assertion failed: !list_empty(&ordered->list) :: 0, in fs/btrfs/zoned.c:1899 ------------[ cut here ]------------ kernel BUG at fs/btrfs/zoned.c:1899! Oops: invalid opcode: 0000 [#1] SMP NOPTI CPU: 2 UID: 0 PID: 1906169 Comm: kworker/u130:2 Kdump: loaded Not tainted 6.16.0-rc6-BTRFS-ZNS+ #554 PREEMPT(voluntary) Hardware name: Supermicro Super Server/H12SSL-NT, BIOS 2.0 02/22/2021 Workqueue: btrfs-endio-write btrfs_work_helper [btrfs] RIP: 0010:btrfs_finish_ordered_zoned.cold+0x50/0x52 [btrfs] RSP: 0018:ffffc9002efdbd60 EFLAGS: 00010246 RAX: 000000000000004c RBX: ffff88811923c4e0 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffff827e38b1 RDI: 00000000ffffffff RBP: ffff88810005d000 R08: 00000000ffffdfff R09: ffffffff831051c8 R10: ffffffff83055220 R11: 0000000000000000 R12: ffff8881c2458c00 R13: ffff88811923c540 R14: ffff88811923c5e8 R15: ffff8881c1bd9680 FS: 0000000000000000(0000) GS:ffff88a04acd0000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f907c7a918c CR3: 0000000004024000 CR4: 0000000000350ef0 Call Trace: <TASK> ? srso_return_thunk+0x5/0x5f btrfs_finish_ordered_io+0x4a/0x60 [btrfs] btrfs_work_helper+0xf9/0x490 [btrfs] process_one_work+0x204/0x590 ? srso_return_thunk+0x5/0x5f worker_thread+0x1d6/0x3d0 ? __pfx_worker_thread+0x10/0x10 kthread+0x118/0x230 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x205/0x260 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30 </TASK> Consider process A calling writepages() with WB_SYNC_NONE. In zoned mode or for compressed writes, it locks several folios for delalloc and starts writing them out. Let's call the last locked folio folio X. Suppose the write range only partially covers folio X, leaving some pages dirty. Process A calls btrfs_subpage_set_writeback() when building a bio. This function call clears the TOWRITE tag of folio X, whose size = 8K and the block size = 4K. It is following state. 0 4K 8K |/////|/////| (flag: DIRTY, tag: DIRTY) <-----> Process A will write this range. Now suppose process B concurrently calls writepages() with WB_SYNC_ALL. It calls tag_pages_for_writeback() to tag dirty folios with PAGECACHE_TAG_TOWRITE. Since folio X is still dirty, it gets tagged. Then, B collects tagged folios using filemap_get_folios_tag() and must wait for folio X to be written before returning from writepages(). 0 4K 8K |/////|/////| (flag: DIRTY, tag: DIRTY|TOWRITE) However, between tagging and collecting, process A may call btrfs_subpage_set_writeback() and clear folio X's TOWRITE tag. 0 4K 8K | |/////| (flag: DIRTY|WRITEBACK, tag: DIRTY) As a result, process B won't see folio X in its batch, and returns without waiting for it. This breaks the WB_SYNC_ALL ordering requirement. Fix this by using btrfs_subpage_set_writeback_keepwrite(), which retains the TOWRITE tag. We now manually clear the tag only after the folio becomes clean, via the xas operation. Fixes: 3470da3b7d87 ("btrfs: subpage: introduce helpers for writeback status") CC: stable(a)vger.kernel.org # 6.12+ Reviewed-by: Qu Wenruo <wqu(a)suse.com> Reviewed-by: Johannes Thumshirn <johannes.thumshirn(a)wdc.com> Signed-off-by: Naohiro Aota <naohiro.aota(a)wdc.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/subpage.c b/fs/btrfs/subpage.c index c9b3821957f7..cb4f97833dc3 100644 --- a/fs/btrfs/subpage.c +++ b/fs/btrfs/subpage.c @@ -448,8 +448,25 @@ void btrfs_subpage_set_writeback(const struct btrfs_fs_info *fs_info, spin_lock_irqsave(&bfs->lock, flags); bitmap_set(bfs->bitmaps, start_bit, len >> fs_info->sectorsize_bits); + + /* + * Don't clear the TOWRITE tag when starting writeback on a still-dirty + * folio. Doing so can cause WB_SYNC_ALL writepages() to overlook it, + * assume writeback is complete, and exit too early — violating sync + * ordering guarantees. + */ if (!folio_test_writeback(folio)) - folio_start_writeback(folio); + __folio_start_writeback(folio, true); + if (!folio_test_dirty(folio)) { + struct address_space *mapping = folio_mapping(folio); + XA_STATE(xas, &mapping->i_pages, folio->index); + unsigned long flags; + + xas_lock_irqsave(&xas, flags); + xas_load(&xas); + xas_clear_mark(&xas, PAGECACHE_TAG_TOWRITE); + xas_unlock_irqrestore(&xas, flags); + } spin_unlock_irqrestore(&bfs->lock, flags); }

2 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] crypto: octeontx2 - Fix address alignment on CN10K A0/A1 and" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 2e13163b43e6bb861182ea999a80dd1d893c0cbf # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082142-trend-rind-de4e@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 2e13163b43e6bb861182ea999a80dd1d893c0cbf Mon Sep 17 00:00:00 2001 From: Bharat Bhushan <bbhushan2(a)marvell.com> Date: Thu, 22 May 2025 15:36:26 +0530 Subject: [PATCH] crypto: octeontx2 - Fix address alignment on CN10K A0/A1 and OcteonTX2 octeontx2 crypto driver allocates memory using kmalloc/kzalloc, and uses this memory for dma (does dma_map_single()). It assumes that kmalloc/kzalloc will return 128-byte aligned address. But kmalloc/kzalloc returns 8-byte aligned address after below changes: "9382bc44b5f5 arm64: allow kmalloc() caches aligned to the smaller cache_line_size() Memory allocated are used for following purpose: - Input data or scatter list address - 8-Byte alignment - Output data or gather list address - 8-Byte alignment - Completion address - 32-Byte alignment. This patch ensures all addresses are aligned as mentioned above. Signed-off-by: Bharat Bhushan <bbhushan2(a)marvell.com> Cc: <stable(a)vger.kernel.org> # v6.5+ Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> diff --git a/drivers/crypto/marvell/octeontx2/otx2_cpt_reqmgr.h b/drivers/crypto/marvell/octeontx2/otx2_cpt_reqmgr.h index e27e849b01df..98de93851ba1 100644 --- a/drivers/crypto/marvell/octeontx2/otx2_cpt_reqmgr.h +++ b/drivers/crypto/marvell/octeontx2/otx2_cpt_reqmgr.h @@ -34,6 +34,9 @@ #define SG_COMP_2 2 #define SG_COMP_1 1 +#define OTX2_CPT_DPTR_RPTR_ALIGN 8 +#define OTX2_CPT_RES_ADDR_ALIGN 32 + union otx2_cpt_opcode { u16 flags; struct { @@ -417,10 +420,9 @@ static inline struct otx2_cpt_inst_info * otx2_sg_info_create(struct pci_dev *pdev, struct otx2_cpt_req_info *req, gfp_t gfp) { - int align = OTX2_CPT_DMA_MINALIGN; struct otx2_cpt_inst_info *info; - u32 dlen, align_dlen, info_len; - u16 g_sz_bytes, s_sz_bytes; + u32 dlen, info_len; + u16 g_len, s_len; u32 total_mem_len; if (unlikely(req->in_cnt > OTX2_CPT_MAX_SG_IN_CNT || @@ -429,22 +431,54 @@ otx2_sg_info_create(struct pci_dev *pdev, struct otx2_cpt_req_info *req, return NULL; } - g_sz_bytes = ((req->in_cnt + 3) / 4) * - sizeof(struct otx2_cpt_sglist_component); - s_sz_bytes = ((req->out_cnt + 3) / 4) * - sizeof(struct otx2_cpt_sglist_component); + /* Allocate memory to meet below alignment requirement: + * ------------------------------------ + * | struct otx2_cpt_inst_info | + * | (No alignment required) | + * | --------------------------------| + * | | padding for ARCH_DMA_MINALIGN | + * | | alignment | + * |------------------------------------| + * | SG List Header of 8 Byte | + * |------------------------------------| + * | SG List Gather/Input memory | + * | Length = multiple of 32Bytes | + * | Alignment = 8Byte | + * |---------------------------------- | + * | SG List Scatter/Output memory | + * | Length = multiple of 32Bytes | + * | Alignment = 8Byte | + * | -------------------------------| + * | | padding for 32B alignment | + * |------------------------------------| + * | Result response memory | + * | Alignment = 32Byte | + * ------------------------------------ + */ - dlen = g_sz_bytes + s_sz_bytes + SG_LIST_HDR_SIZE; - align_dlen = ALIGN(dlen, align); - info_len = ALIGN(sizeof(*info), align); - total_mem_len = align_dlen + info_len + sizeof(union otx2_cpt_res_s); + info_len = sizeof(*info); + + g_len = ((req->in_cnt + 3) / 4) * + sizeof(struct otx2_cpt_sglist_component); + s_len = ((req->out_cnt + 3) / 4) * + sizeof(struct otx2_cpt_sglist_component); + + dlen = g_len + s_len + SG_LIST_HDR_SIZE; + + /* Allocate extra memory for SG and response address alignment */ + total_mem_len = ALIGN(info_len, OTX2_CPT_DPTR_RPTR_ALIGN); + total_mem_len += (ARCH_DMA_MINALIGN - 1) & + ~(OTX2_CPT_DPTR_RPTR_ALIGN - 1); + total_mem_len += ALIGN(dlen, OTX2_CPT_RES_ADDR_ALIGN); + total_mem_len += sizeof(union otx2_cpt_res_s); info = kzalloc(total_mem_len, gfp); if (unlikely(!info)) return NULL; info->dlen = dlen; - info->in_buffer = (u8 *)info + info_len; + info->in_buffer = PTR_ALIGN((u8 *)info + info_len, ARCH_DMA_MINALIGN); + info->out_buffer = info->in_buffer + SG_LIST_HDR_SIZE + g_len; ((u16 *)info->in_buffer)[0] = req->out_cnt; ((u16 *)info->in_buffer)[1] = req->in_cnt; @@ -460,7 +494,7 @@ otx2_sg_info_create(struct pci_dev *pdev, struct otx2_cpt_req_info *req, } if (setup_sgio_components(pdev, req->out, req->out_cnt, - &info->in_buffer[8 + g_sz_bytes])) { + info->out_buffer)) { dev_err(&pdev->dev, "Failed to setup scatter list\n"); goto destroy_info; } @@ -476,8 +510,10 @@ otx2_sg_info_create(struct pci_dev *pdev, struct otx2_cpt_req_info *req, * Get buffer for union otx2_cpt_res_s response * structure and its physical address */ - info->completion_addr = info->in_buffer + align_dlen; - info->comp_baddr = info->dptr_baddr + align_dlen; + info->completion_addr = PTR_ALIGN((info->in_buffer + dlen), + OTX2_CPT_RES_ADDR_ALIGN); + info->comp_baddr = ALIGN((info->dptr_baddr + dlen), + OTX2_CPT_RES_ADDR_ALIGN); return info;

2 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] crypto: x86/aegis - Add missing error checks" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 3d9eb180fbe8828cce43bce4c370124685b205c3 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082116-muck-spongy-09b0@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 3d9eb180fbe8828cce43bce4c370124685b205c3 Mon Sep 17 00:00:00 2001 From: Eric Biggers <ebiggers(a)kernel.org> Date: Tue, 8 Jul 2025 12:38:29 -0700 Subject: [PATCH] crypto: x86/aegis - Add missing error checks The skcipher_walk functions can allocate memory and can fail, so checking for errors is necessary. Fixes: 1d373d4e8e15 ("crypto: x86 - Add optimized AEGIS implementations") Cc: stable(a)vger.kernel.org Signed-off-by: Eric Biggers <ebiggers(a)kernel.org> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> diff --git a/arch/x86/crypto/aegis128-aesni-glue.c b/arch/x86/crypto/aegis128-aesni-glue.c index 3cb5c193038b..f1adfba1a76e 100644 --- a/arch/x86/crypto/aegis128-aesni-glue.c +++ b/arch/x86/crypto/aegis128-aesni-glue.c @@ -104,10 +104,12 @@ static void crypto_aegis128_aesni_process_ad( } } -static __always_inline void +static __always_inline int crypto_aegis128_aesni_process_crypt(struct aegis_state *state, struct skcipher_walk *walk, bool enc) { + int err = 0; + while (walk->nbytes >= AEGIS128_BLOCK_SIZE) { if (enc) aegis128_aesni_enc(state, walk->src.virt.addr, @@ -120,7 +122,8 @@ crypto_aegis128_aesni_process_crypt(struct aegis_state *state, round_down(walk->nbytes, AEGIS128_BLOCK_SIZE)); kernel_fpu_end(); - skcipher_walk_done(walk, walk->nbytes % AEGIS128_BLOCK_SIZE); + err = skcipher_walk_done(walk, + walk->nbytes % AEGIS128_BLOCK_SIZE); kernel_fpu_begin(); } @@ -134,9 +137,10 @@ crypto_aegis128_aesni_process_crypt(struct aegis_state *state, walk->dst.virt.addr, walk->nbytes); kernel_fpu_end(); - skcipher_walk_done(walk, 0); + err = skcipher_walk_done(walk, 0); kernel_fpu_begin(); } + return err; } static struct aegis_ctx *crypto_aegis128_aesni_ctx(struct crypto_aead *aead) @@ -169,7 +173,7 @@ static int crypto_aegis128_aesni_setauthsize(struct crypto_aead *tfm, return 0; } -static __always_inline void +static __always_inline int crypto_aegis128_aesni_crypt(struct aead_request *req, struct aegis_block *tag_xor, unsigned int cryptlen, bool enc) @@ -178,20 +182,24 @@ crypto_aegis128_aesni_crypt(struct aead_request *req, struct aegis_ctx *ctx = crypto_aegis128_aesni_ctx(tfm); struct skcipher_walk walk; struct aegis_state state; + int err; if (enc) - skcipher_walk_aead_encrypt(&walk, req, false); + err = skcipher_walk_aead_encrypt(&walk, req, false); else - skcipher_walk_aead_decrypt(&walk, req, false); + err = skcipher_walk_aead_decrypt(&walk, req, false); + if (err) + return err; kernel_fpu_begin(); aegis128_aesni_init(&state, &ctx->key, req->iv); crypto_aegis128_aesni_process_ad(&state, req->src, req->assoclen); - crypto_aegis128_aesni_process_crypt(&state, &walk, enc); - aegis128_aesni_final(&state, tag_xor, req->assoclen, cryptlen); - + err = crypto_aegis128_aesni_process_crypt(&state, &walk, enc); + if (err == 0) + aegis128_aesni_final(&state, tag_xor, req->assoclen, cryptlen); kernel_fpu_end(); + return err; } static int crypto_aegis128_aesni_encrypt(struct aead_request *req) @@ -200,8 +208,11 @@ static int crypto_aegis128_aesni_encrypt(struct aead_request *req) struct aegis_block tag = {}; unsigned int authsize = crypto_aead_authsize(tfm); unsigned int cryptlen = req->cryptlen; + int err; - crypto_aegis128_aesni_crypt(req, &tag, cryptlen, true); + err = crypto_aegis128_aesni_crypt(req, &tag, cryptlen, true); + if (err) + return err; scatterwalk_map_and_copy(tag.bytes, req->dst, req->assoclen + cryptlen, authsize, 1); @@ -216,11 +227,14 @@ static int crypto_aegis128_aesni_decrypt(struct aead_request *req) struct aegis_block tag; unsigned int authsize = crypto_aead_authsize(tfm); unsigned int cryptlen = req->cryptlen - authsize; + int err; scatterwalk_map_and_copy(tag.bytes, req->src, req->assoclen + cryptlen, authsize, 0); - crypto_aegis128_aesni_crypt(req, &tag, cryptlen, false); + err = crypto_aegis128_aesni_crypt(req, &tag, cryptlen, false); + if (err) + return err; return crypto_memneq(tag.bytes, zeros.bytes, authsize) ? -EBADMSG : 0; }

2 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] crypto: x86/aegis - Add missing error checks" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 3d9eb180fbe8828cce43bce4c370124685b205c3 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082116-patriot-perfume-1c71@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 3d9eb180fbe8828cce43bce4c370124685b205c3 Mon Sep 17 00:00:00 2001 From: Eric Biggers <ebiggers(a)kernel.org> Date: Tue, 8 Jul 2025 12:38:29 -0700 Subject: [PATCH] crypto: x86/aegis - Add missing error checks The skcipher_walk functions can allocate memory and can fail, so checking for errors is necessary. Fixes: 1d373d4e8e15 ("crypto: x86 - Add optimized AEGIS implementations") Cc: stable(a)vger.kernel.org Signed-off-by: Eric Biggers <ebiggers(a)kernel.org> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> diff --git a/arch/x86/crypto/aegis128-aesni-glue.c b/arch/x86/crypto/aegis128-aesni-glue.c index 3cb5c193038b..f1adfba1a76e 100644 --- a/arch/x86/crypto/aegis128-aesni-glue.c +++ b/arch/x86/crypto/aegis128-aesni-glue.c @@ -104,10 +104,12 @@ static void crypto_aegis128_aesni_process_ad( } } -static __always_inline void +static __always_inline int crypto_aegis128_aesni_process_crypt(struct aegis_state *state, struct skcipher_walk *walk, bool enc) { + int err = 0; + while (walk->nbytes >= AEGIS128_BLOCK_SIZE) { if (enc) aegis128_aesni_enc(state, walk->src.virt.addr, @@ -120,7 +122,8 @@ crypto_aegis128_aesni_process_crypt(struct aegis_state *state, round_down(walk->nbytes, AEGIS128_BLOCK_SIZE)); kernel_fpu_end(); - skcipher_walk_done(walk, walk->nbytes % AEGIS128_BLOCK_SIZE); + err = skcipher_walk_done(walk, + walk->nbytes % AEGIS128_BLOCK_SIZE); kernel_fpu_begin(); } @@ -134,9 +137,10 @@ crypto_aegis128_aesni_process_crypt(struct aegis_state *state, walk->dst.virt.addr, walk->nbytes); kernel_fpu_end(); - skcipher_walk_done(walk, 0); + err = skcipher_walk_done(walk, 0); kernel_fpu_begin(); } + return err; } static struct aegis_ctx *crypto_aegis128_aesni_ctx(struct crypto_aead *aead) @@ -169,7 +173,7 @@ static int crypto_aegis128_aesni_setauthsize(struct crypto_aead *tfm, return 0; } -static __always_inline void +static __always_inline int crypto_aegis128_aesni_crypt(struct aead_request *req, struct aegis_block *tag_xor, unsigned int cryptlen, bool enc) @@ -178,20 +182,24 @@ crypto_aegis128_aesni_crypt(struct aead_request *req, struct aegis_ctx *ctx = crypto_aegis128_aesni_ctx(tfm); struct skcipher_walk walk; struct aegis_state state; + int err; if (enc) - skcipher_walk_aead_encrypt(&walk, req, false); + err = skcipher_walk_aead_encrypt(&walk, req, false); else - skcipher_walk_aead_decrypt(&walk, req, false); + err = skcipher_walk_aead_decrypt(&walk, req, false); + if (err) + return err; kernel_fpu_begin(); aegis128_aesni_init(&state, &ctx->key, req->iv); crypto_aegis128_aesni_process_ad(&state, req->src, req->assoclen); - crypto_aegis128_aesni_process_crypt(&state, &walk, enc); - aegis128_aesni_final(&state, tag_xor, req->assoclen, cryptlen); - + err = crypto_aegis128_aesni_process_crypt(&state, &walk, enc); + if (err == 0) + aegis128_aesni_final(&state, tag_xor, req->assoclen, cryptlen); kernel_fpu_end(); + return err; } static int crypto_aegis128_aesni_encrypt(struct aead_request *req) @@ -200,8 +208,11 @@ static int crypto_aegis128_aesni_encrypt(struct aead_request *req) struct aegis_block tag = {}; unsigned int authsize = crypto_aead_authsize(tfm); unsigned int cryptlen = req->cryptlen; + int err; - crypto_aegis128_aesni_crypt(req, &tag, cryptlen, true); + err = crypto_aegis128_aesni_crypt(req, &tag, cryptlen, true); + if (err) + return err; scatterwalk_map_and_copy(tag.bytes, req->dst, req->assoclen + cryptlen, authsize, 1); @@ -216,11 +227,14 @@ static int crypto_aegis128_aesni_decrypt(struct aead_request *req) struct aegis_block tag; unsigned int authsize = crypto_aead_authsize(tfm); unsigned int cryptlen = req->cryptlen - authsize; + int err; scatterwalk_map_and_copy(tag.bytes, req->src, req->assoclen + cryptlen, authsize, 0); - crypto_aegis128_aesni_crypt(req, &tag, cryptlen, false); + err = crypto_aegis128_aesni_crypt(req, &tag, cryptlen, false); + if (err) + return err; return crypto_memneq(tag.bytes, zeros.bytes, authsize) ? -EBADMSG : 0; }

2 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] crypto: x86/aegis - Add missing error checks" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 3d9eb180fbe8828cce43bce4c370124685b205c3 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082115-demystify-woozy-fa5f@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 3d9eb180fbe8828cce43bce4c370124685b205c3 Mon Sep 17 00:00:00 2001 From: Eric Biggers <ebiggers(a)kernel.org> Date: Tue, 8 Jul 2025 12:38:29 -0700 Subject: [PATCH] crypto: x86/aegis - Add missing error checks The skcipher_walk functions can allocate memory and can fail, so checking for errors is necessary. Fixes: 1d373d4e8e15 ("crypto: x86 - Add optimized AEGIS implementations") Cc: stable(a)vger.kernel.org Signed-off-by: Eric Biggers <ebiggers(a)kernel.org> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> diff --git a/arch/x86/crypto/aegis128-aesni-glue.c b/arch/x86/crypto/aegis128-aesni-glue.c index 3cb5c193038b..f1adfba1a76e 100644 --- a/arch/x86/crypto/aegis128-aesni-glue.c +++ b/arch/x86/crypto/aegis128-aesni-glue.c @@ -104,10 +104,12 @@ static void crypto_aegis128_aesni_process_ad( } } -static __always_inline void +static __always_inline int crypto_aegis128_aesni_process_crypt(struct aegis_state *state, struct skcipher_walk *walk, bool enc) { + int err = 0; + while (walk->nbytes >= AEGIS128_BLOCK_SIZE) { if (enc) aegis128_aesni_enc(state, walk->src.virt.addr, @@ -120,7 +122,8 @@ crypto_aegis128_aesni_process_crypt(struct aegis_state *state, round_down(walk->nbytes, AEGIS128_BLOCK_SIZE)); kernel_fpu_end(); - skcipher_walk_done(walk, walk->nbytes % AEGIS128_BLOCK_SIZE); + err = skcipher_walk_done(walk, + walk->nbytes % AEGIS128_BLOCK_SIZE); kernel_fpu_begin(); } @@ -134,9 +137,10 @@ crypto_aegis128_aesni_process_crypt(struct aegis_state *state, walk->dst.virt.addr, walk->nbytes); kernel_fpu_end(); - skcipher_walk_done(walk, 0); + err = skcipher_walk_done(walk, 0); kernel_fpu_begin(); } + return err; } static struct aegis_ctx *crypto_aegis128_aesni_ctx(struct crypto_aead *aead) @@ -169,7 +173,7 @@ static int crypto_aegis128_aesni_setauthsize(struct crypto_aead *tfm, return 0; } -static __always_inline void +static __always_inline int crypto_aegis128_aesni_crypt(struct aead_request *req, struct aegis_block *tag_xor, unsigned int cryptlen, bool enc) @@ -178,20 +182,24 @@ crypto_aegis128_aesni_crypt(struct aead_request *req, struct aegis_ctx *ctx = crypto_aegis128_aesni_ctx(tfm); struct skcipher_walk walk; struct aegis_state state; + int err; if (enc) - skcipher_walk_aead_encrypt(&walk, req, false); + err = skcipher_walk_aead_encrypt(&walk, req, false); else - skcipher_walk_aead_decrypt(&walk, req, false); + err = skcipher_walk_aead_decrypt(&walk, req, false); + if (err) + return err; kernel_fpu_begin(); aegis128_aesni_init(&state, &ctx->key, req->iv); crypto_aegis128_aesni_process_ad(&state, req->src, req->assoclen); - crypto_aegis128_aesni_process_crypt(&state, &walk, enc); - aegis128_aesni_final(&state, tag_xor, req->assoclen, cryptlen); - + err = crypto_aegis128_aesni_process_crypt(&state, &walk, enc); + if (err == 0) + aegis128_aesni_final(&state, tag_xor, req->assoclen, cryptlen); kernel_fpu_end(); + return err; } static int crypto_aegis128_aesni_encrypt(struct aead_request *req) @@ -200,8 +208,11 @@ static int crypto_aegis128_aesni_encrypt(struct aead_request *req) struct aegis_block tag = {}; unsigned int authsize = crypto_aead_authsize(tfm); unsigned int cryptlen = req->cryptlen; + int err; - crypto_aegis128_aesni_crypt(req, &tag, cryptlen, true); + err = crypto_aegis128_aesni_crypt(req, &tag, cryptlen, true); + if (err) + return err; scatterwalk_map_and_copy(tag.bytes, req->dst, req->assoclen + cryptlen, authsize, 1); @@ -216,11 +227,14 @@ static int crypto_aegis128_aesni_decrypt(struct aead_request *req) struct aegis_block tag; unsigned int authsize = crypto_aead_authsize(tfm); unsigned int cryptlen = req->cryptlen - authsize; + int err; scatterwalk_map_and_copy(tag.bytes, req->src, req->assoclen + cryptlen, authsize, 0); - crypto_aegis128_aesni_crypt(req, &tag, cryptlen, false); + err = crypto_aegis128_aesni_crypt(req, &tag, cryptlen, false); + if (err) + return err; return crypto_memneq(tag.bytes, zeros.bytes, authsize) ? -EBADMSG : 0; }

2 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] crypto: x86/aegis - Add missing error checks" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 3d9eb180fbe8828cce43bce4c370124685b205c3 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082115-defensive-plasma-31fd@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 3d9eb180fbe8828cce43bce4c370124685b205c3 Mon Sep 17 00:00:00 2001 From: Eric Biggers <ebiggers(a)kernel.org> Date: Tue, 8 Jul 2025 12:38:29 -0700 Subject: [PATCH] crypto: x86/aegis - Add missing error checks The skcipher_walk functions can allocate memory and can fail, so checking for errors is necessary. Fixes: 1d373d4e8e15 ("crypto: x86 - Add optimized AEGIS implementations") Cc: stable(a)vger.kernel.org Signed-off-by: Eric Biggers <ebiggers(a)kernel.org> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> diff --git a/arch/x86/crypto/aegis128-aesni-glue.c b/arch/x86/crypto/aegis128-aesni-glue.c index 3cb5c193038b..f1adfba1a76e 100644 --- a/arch/x86/crypto/aegis128-aesni-glue.c +++ b/arch/x86/crypto/aegis128-aesni-glue.c @@ -104,10 +104,12 @@ static void crypto_aegis128_aesni_process_ad( } } -static __always_inline void +static __always_inline int crypto_aegis128_aesni_process_crypt(struct aegis_state *state, struct skcipher_walk *walk, bool enc) { + int err = 0; + while (walk->nbytes >= AEGIS128_BLOCK_SIZE) { if (enc) aegis128_aesni_enc(state, walk->src.virt.addr, @@ -120,7 +122,8 @@ crypto_aegis128_aesni_process_crypt(struct aegis_state *state, round_down(walk->nbytes, AEGIS128_BLOCK_SIZE)); kernel_fpu_end(); - skcipher_walk_done(walk, walk->nbytes % AEGIS128_BLOCK_SIZE); + err = skcipher_walk_done(walk, + walk->nbytes % AEGIS128_BLOCK_SIZE); kernel_fpu_begin(); } @@ -134,9 +137,10 @@ crypto_aegis128_aesni_process_crypt(struct aegis_state *state, walk->dst.virt.addr, walk->nbytes); kernel_fpu_end(); - skcipher_walk_done(walk, 0); + err = skcipher_walk_done(walk, 0); kernel_fpu_begin(); } + return err; } static struct aegis_ctx *crypto_aegis128_aesni_ctx(struct crypto_aead *aead) @@ -169,7 +173,7 @@ static int crypto_aegis128_aesni_setauthsize(struct crypto_aead *tfm, return 0; } -static __always_inline void +static __always_inline int crypto_aegis128_aesni_crypt(struct aead_request *req, struct aegis_block *tag_xor, unsigned int cryptlen, bool enc) @@ -178,20 +182,24 @@ crypto_aegis128_aesni_crypt(struct aead_request *req, struct aegis_ctx *ctx = crypto_aegis128_aesni_ctx(tfm); struct skcipher_walk walk; struct aegis_state state; + int err; if (enc) - skcipher_walk_aead_encrypt(&walk, req, false); + err = skcipher_walk_aead_encrypt(&walk, req, false); else - skcipher_walk_aead_decrypt(&walk, req, false); + err = skcipher_walk_aead_decrypt(&walk, req, false); + if (err) + return err; kernel_fpu_begin(); aegis128_aesni_init(&state, &ctx->key, req->iv); crypto_aegis128_aesni_process_ad(&state, req->src, req->assoclen); - crypto_aegis128_aesni_process_crypt(&state, &walk, enc); - aegis128_aesni_final(&state, tag_xor, req->assoclen, cryptlen); - + err = crypto_aegis128_aesni_process_crypt(&state, &walk, enc); + if (err == 0) + aegis128_aesni_final(&state, tag_xor, req->assoclen, cryptlen); kernel_fpu_end(); + return err; } static int crypto_aegis128_aesni_encrypt(struct aead_request *req) @@ -200,8 +208,11 @@ static int crypto_aegis128_aesni_encrypt(struct aead_request *req) struct aegis_block tag = {}; unsigned int authsize = crypto_aead_authsize(tfm); unsigned int cryptlen = req->cryptlen; + int err; - crypto_aegis128_aesni_crypt(req, &tag, cryptlen, true); + err = crypto_aegis128_aesni_crypt(req, &tag, cryptlen, true); + if (err) + return err; scatterwalk_map_and_copy(tag.bytes, req->dst, req->assoclen + cryptlen, authsize, 1); @@ -216,11 +227,14 @@ static int crypto_aegis128_aesni_decrypt(struct aead_request *req) struct aegis_block tag; unsigned int authsize = crypto_aead_authsize(tfm); unsigned int cryptlen = req->cryptlen - authsize; + int err; scatterwalk_map_and_copy(tag.bytes, req->src, req->assoclen + cryptlen, authsize, 0); - crypto_aegis128_aesni_crypt(req, &tag, cryptlen, false); + err = crypto_aegis128_aesni_crypt(req, &tag, cryptlen, false); + if (err) + return err; return crypto_memneq(tag.bytes, zeros.bytes, authsize) ? -EBADMSG : 0; }

2 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] crypto: x86/aegis - Fix sleeping when disallowed on" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x c7f49dadfcdf27e1f747442e874e9baa52ab7674 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082105-partridge-unboxed-5a0e@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c7f49dadfcdf27e1f747442e874e9baa52ab7674 Mon Sep 17 00:00:00 2001 From: Eric Biggers <ebiggers(a)kernel.org> Date: Tue, 8 Jul 2025 12:38:28 -0700 Subject: [PATCH] crypto: x86/aegis - Fix sleeping when disallowed on PREEMPT_RT skcipher_walk_done() can call kfree(), which takes a spinlock, which makes it incorrect to call while preemption is disabled on PREEMPT_RT. Therefore, end the kernel-mode FPU section before calling skcipher_walk_done(), and restart it afterwards. Moreover, pass atomic=false to skcipher_walk_aead_encrypt() instead of atomic=true. The point of atomic=true was to make skcipher_walk_done() safe to call while in a kernel-mode FPU section, but that does not actually work. So just use the usual atomic=false. Fixes: 1d373d4e8e15 ("crypto: x86 - Add optimized AEGIS implementations") Cc: stable(a)vger.kernel.org Signed-off-by: Eric Biggers <ebiggers(a)kernel.org> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> diff --git a/arch/x86/crypto/aegis128-aesni-glue.c b/arch/x86/crypto/aegis128-aesni-glue.c index f1b6d40154e3..3cb5c193038b 100644 --- a/arch/x86/crypto/aegis128-aesni-glue.c +++ b/arch/x86/crypto/aegis128-aesni-glue.c @@ -119,7 +119,9 @@ crypto_aegis128_aesni_process_crypt(struct aegis_state *state, walk->dst.virt.addr, round_down(walk->nbytes, AEGIS128_BLOCK_SIZE)); + kernel_fpu_end(); skcipher_walk_done(walk, walk->nbytes % AEGIS128_BLOCK_SIZE); + kernel_fpu_begin(); } if (walk->nbytes) { @@ -131,7 +133,9 @@ crypto_aegis128_aesni_process_crypt(struct aegis_state *state, aegis128_aesni_dec_tail(state, walk->src.virt.addr, walk->dst.virt.addr, walk->nbytes); + kernel_fpu_end(); skcipher_walk_done(walk, 0); + kernel_fpu_begin(); } } @@ -176,9 +180,9 @@ crypto_aegis128_aesni_crypt(struct aead_request *req, struct aegis_state state; if (enc) - skcipher_walk_aead_encrypt(&walk, req, true); + skcipher_walk_aead_encrypt(&walk, req, false); else - skcipher_walk_aead_decrypt(&walk, req, true); + skcipher_walk_aead_decrypt(&walk, req, false); kernel_fpu_begin();

2 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] crypto: x86/aegis - Fix sleeping when disallowed on" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x c7f49dadfcdf27e1f747442e874e9baa52ab7674 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082104-whooping-armband-6944@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c7f49dadfcdf27e1f747442e874e9baa52ab7674 Mon Sep 17 00:00:00 2001 From: Eric Biggers <ebiggers(a)kernel.org> Date: Tue, 8 Jul 2025 12:38:28 -0700 Subject: [PATCH] crypto: x86/aegis - Fix sleeping when disallowed on PREEMPT_RT skcipher_walk_done() can call kfree(), which takes a spinlock, which makes it incorrect to call while preemption is disabled on PREEMPT_RT. Therefore, end the kernel-mode FPU section before calling skcipher_walk_done(), and restart it afterwards. Moreover, pass atomic=false to skcipher_walk_aead_encrypt() instead of atomic=true. The point of atomic=true was to make skcipher_walk_done() safe to call while in a kernel-mode FPU section, but that does not actually work. So just use the usual atomic=false. Fixes: 1d373d4e8e15 ("crypto: x86 - Add optimized AEGIS implementations") Cc: stable(a)vger.kernel.org Signed-off-by: Eric Biggers <ebiggers(a)kernel.org> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> diff --git a/arch/x86/crypto/aegis128-aesni-glue.c b/arch/x86/crypto/aegis128-aesni-glue.c index f1b6d40154e3..3cb5c193038b 100644 --- a/arch/x86/crypto/aegis128-aesni-glue.c +++ b/arch/x86/crypto/aegis128-aesni-glue.c @@ -119,7 +119,9 @@ crypto_aegis128_aesni_process_crypt(struct aegis_state *state, walk->dst.virt.addr, round_down(walk->nbytes, AEGIS128_BLOCK_SIZE)); + kernel_fpu_end(); skcipher_walk_done(walk, walk->nbytes % AEGIS128_BLOCK_SIZE); + kernel_fpu_begin(); } if (walk->nbytes) { @@ -131,7 +133,9 @@ crypto_aegis128_aesni_process_crypt(struct aegis_state *state, aegis128_aesni_dec_tail(state, walk->src.virt.addr, walk->dst.virt.addr, walk->nbytes); + kernel_fpu_end(); skcipher_walk_done(walk, 0); + kernel_fpu_begin(); } } @@ -176,9 +180,9 @@ crypto_aegis128_aesni_crypt(struct aead_request *req, struct aegis_state state; if (enc) - skcipher_walk_aead_encrypt(&walk, req, true); + skcipher_walk_aead_encrypt(&walk, req, false); else - skcipher_walk_aead_decrypt(&walk, req, true); + skcipher_walk_aead_decrypt(&walk, req, false); kernel_fpu_begin();

2 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] crypto: x86/aegis - Fix sleeping when disallowed on" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x c7f49dadfcdf27e1f747442e874e9baa52ab7674 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082104-syrup-acquire-04a4@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c7f49dadfcdf27e1f747442e874e9baa52ab7674 Mon Sep 17 00:00:00 2001 From: Eric Biggers <ebiggers(a)kernel.org> Date: Tue, 8 Jul 2025 12:38:28 -0700 Subject: [PATCH] crypto: x86/aegis - Fix sleeping when disallowed on PREEMPT_RT skcipher_walk_done() can call kfree(), which takes a spinlock, which makes it incorrect to call while preemption is disabled on PREEMPT_RT. Therefore, end the kernel-mode FPU section before calling skcipher_walk_done(), and restart it afterwards. Moreover, pass atomic=false to skcipher_walk_aead_encrypt() instead of atomic=true. The point of atomic=true was to make skcipher_walk_done() safe to call while in a kernel-mode FPU section, but that does not actually work. So just use the usual atomic=false. Fixes: 1d373d4e8e15 ("crypto: x86 - Add optimized AEGIS implementations") Cc: stable(a)vger.kernel.org Signed-off-by: Eric Biggers <ebiggers(a)kernel.org> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> diff --git a/arch/x86/crypto/aegis128-aesni-glue.c b/arch/x86/crypto/aegis128-aesni-glue.c index f1b6d40154e3..3cb5c193038b 100644 --- a/arch/x86/crypto/aegis128-aesni-glue.c +++ b/arch/x86/crypto/aegis128-aesni-glue.c @@ -119,7 +119,9 @@ crypto_aegis128_aesni_process_crypt(struct aegis_state *state, walk->dst.virt.addr, round_down(walk->nbytes, AEGIS128_BLOCK_SIZE)); + kernel_fpu_end(); skcipher_walk_done(walk, walk->nbytes % AEGIS128_BLOCK_SIZE); + kernel_fpu_begin(); } if (walk->nbytes) { @@ -131,7 +133,9 @@ crypto_aegis128_aesni_process_crypt(struct aegis_state *state, aegis128_aesni_dec_tail(state, walk->src.virt.addr, walk->dst.virt.addr, walk->nbytes); + kernel_fpu_end(); skcipher_walk_done(walk, 0); + kernel_fpu_begin(); } } @@ -176,9 +180,9 @@ crypto_aegis128_aesni_crypt(struct aead_request *req, struct aegis_state state; if (enc) - skcipher_walk_aead_encrypt(&walk, req, true); + skcipher_walk_aead_encrypt(&walk, req, false); else - skcipher_walk_aead_decrypt(&walk, req, true); + skcipher_walk_aead_decrypt(&walk, req, false); kernel_fpu_begin();

2 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] crypto: x86/aegis - Fix sleeping when disallowed on" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x c7f49dadfcdf27e1f747442e874e9baa52ab7674 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082103-chamomile-hesitant-52e3@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c7f49dadfcdf27e1f747442e874e9baa52ab7674 Mon Sep 17 00:00:00 2001 From: Eric Biggers <ebiggers(a)kernel.org> Date: Tue, 8 Jul 2025 12:38:28 -0700 Subject: [PATCH] crypto: x86/aegis - Fix sleeping when disallowed on PREEMPT_RT skcipher_walk_done() can call kfree(), which takes a spinlock, which makes it incorrect to call while preemption is disabled on PREEMPT_RT. Therefore, end the kernel-mode FPU section before calling skcipher_walk_done(), and restart it afterwards. Moreover, pass atomic=false to skcipher_walk_aead_encrypt() instead of atomic=true. The point of atomic=true was to make skcipher_walk_done() safe to call while in a kernel-mode FPU section, but that does not actually work. So just use the usual atomic=false. Fixes: 1d373d4e8e15 ("crypto: x86 - Add optimized AEGIS implementations") Cc: stable(a)vger.kernel.org Signed-off-by: Eric Biggers <ebiggers(a)kernel.org> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> diff --git a/arch/x86/crypto/aegis128-aesni-glue.c b/arch/x86/crypto/aegis128-aesni-glue.c index f1b6d40154e3..3cb5c193038b 100644 --- a/arch/x86/crypto/aegis128-aesni-glue.c +++ b/arch/x86/crypto/aegis128-aesni-glue.c @@ -119,7 +119,9 @@ crypto_aegis128_aesni_process_crypt(struct aegis_state *state, walk->dst.virt.addr, round_down(walk->nbytes, AEGIS128_BLOCK_SIZE)); + kernel_fpu_end(); skcipher_walk_done(walk, walk->nbytes % AEGIS128_BLOCK_SIZE); + kernel_fpu_begin(); } if (walk->nbytes) { @@ -131,7 +133,9 @@ crypto_aegis128_aesni_process_crypt(struct aegis_state *state, aegis128_aesni_dec_tail(state, walk->src.virt.addr, walk->dst.virt.addr, walk->nbytes); + kernel_fpu_end(); skcipher_walk_done(walk, 0); + kernel_fpu_begin(); } } @@ -176,9 +180,9 @@ crypto_aegis128_aesni_crypt(struct aead_request *req, struct aegis_state state; if (enc) - skcipher_walk_aead_encrypt(&walk, req, true); + skcipher_walk_aead_encrypt(&walk, req, false); else - skcipher_walk_aead_decrypt(&walk, req, true); + skcipher_walk_aead_decrypt(&walk, req, false); kernel_fpu_begin();

2 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] PM: runtime: Take active children into account in" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 51888393cc64dd0462d0b96c13ab94873abbc030 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082130-droop-update-8564@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 51888393cc64dd0462d0b96c13ab94873abbc030 Mon Sep 17 00:00:00 2001 From: "Rafael J. Wysocki" <rafael.j.wysocki(a)intel.com> Date: Wed, 9 Jul 2025 12:41:45 +0200 Subject: [PATCH] PM: runtime: Take active children into account in pm_runtime_get_if_in_use() For all practical purposes, there is no difference between the situation in which a given device is not ignoring children and its active child count is nonzero and the situation in which its runtime PM usage counter is nonzero. However, pm_runtime_get_if_in_use() will only increment the device's usage counter and return 1 in the latter case. For consistency, make it do so in the former case either by adjusting pm_runtime_get_conditional() and update the related kerneldoc comments accordingly. Fixes: c111566bea7c ("PM: runtime: Add pm_runtime_get_if_active()") Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> Reviewed-by: Ulf Hansson <ulf.hansson(a)linaro.org> Reviewed-by: Sakari Ailus <sakari.ailus(a)linux.intel.com> Cc: 5.10+ <stable(a)vger.kernel.org> # 5.10+: c0ef3df8dbae: PM: runtime: Simplify pm_runtime_get_if_active() usage Cc: 5.10+ <stable(a)vger.kernel.org> # 5.10+ Link: https://patch.msgid.link/12700973.O9o76ZdvQC@rjwysocki.net diff --git a/drivers/base/power/runtime.c b/drivers/base/power/runtime.c index c55a7c70bc1a..2ba0dfd1de5a 100644 --- a/drivers/base/power/runtime.c +++ b/drivers/base/power/runtime.c @@ -1191,10 +1191,12 @@ EXPORT_SYMBOL_GPL(__pm_runtime_resume); * * Return -EINVAL if runtime PM is disabled for @dev. * - * Otherwise, if the runtime PM status of @dev is %RPM_ACTIVE and either - * @ign_usage_count is %true or the runtime PM usage counter of @dev is not - * zero, increment the usage counter of @dev and return 1. Otherwise, return 0 - * without changing the usage counter. + * Otherwise, if its runtime PM status is %RPM_ACTIVE and (1) @ign_usage_count + * is set, or (2) @dev is not ignoring children and its active child count is + * nonero, or (3) the runtime PM usage counter of @dev is not zero, increment + * the usage counter of @dev and return 1. + * + * Otherwise, return 0 without changing the usage counter. * * If @ign_usage_count is %true, this function can be used to prevent suspending * the device when its runtime PM status is %RPM_ACTIVE. @@ -1216,7 +1218,8 @@ static int pm_runtime_get_conditional(struct device *dev, bool ign_usage_count) retval = -EINVAL; } else if (dev->power.runtime_status != RPM_ACTIVE) { retval = 0; - } else if (ign_usage_count) { + } else if (ign_usage_count || (!dev->power.ignore_children && + atomic_read(&dev->power.child_count) > 0)) { retval = 1; atomic_inc(&dev->power.usage_count); } else { @@ -1249,10 +1252,16 @@ EXPORT_SYMBOL_GPL(pm_runtime_get_if_active); * @dev: Target device. * * Increment the runtime PM usage counter of @dev if its runtime PM status is - * %RPM_ACTIVE and its runtime PM usage counter is greater than 0, in which case - * it returns 1. If the device is in a different state or its usage_count is 0, - * 0 is returned. -EINVAL is returned if runtime PM is disabled for the device, - * in which case also the usage_count will remain unmodified. + * %RPM_ACTIVE and its runtime PM usage counter is greater than 0 or it is not + * ignoring children and its active child count is nonzero. 1 is returned in + * this case. + * + * If @dev is in a different state or it is not in use (that is, its usage + * counter is 0, or it is ignoring children, or its active child count is 0), + * 0 is returned. + * + * -EINVAL is returned if runtime PM is disabled for the device, in which case + * also the usage counter of @dev is not updated. */ int pm_runtime_get_if_in_use(struct device *dev) {

2 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] PM: runtime: Take active children into account in" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 51888393cc64dd0462d0b96c13ab94873abbc030 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082130-duchess-reflux-c692@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 51888393cc64dd0462d0b96c13ab94873abbc030 Mon Sep 17 00:00:00 2001 From: "Rafael J. Wysocki" <rafael.j.wysocki(a)intel.com> Date: Wed, 9 Jul 2025 12:41:45 +0200 Subject: [PATCH] PM: runtime: Take active children into account in pm_runtime_get_if_in_use() For all practical purposes, there is no difference between the situation in which a given device is not ignoring children and its active child count is nonzero and the situation in which its runtime PM usage counter is nonzero. However, pm_runtime_get_if_in_use() will only increment the device's usage counter and return 1 in the latter case. For consistency, make it do so in the former case either by adjusting pm_runtime_get_conditional() and update the related kerneldoc comments accordingly. Fixes: c111566bea7c ("PM: runtime: Add pm_runtime_get_if_active()") Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> Reviewed-by: Ulf Hansson <ulf.hansson(a)linaro.org> Reviewed-by: Sakari Ailus <sakari.ailus(a)linux.intel.com> Cc: 5.10+ <stable(a)vger.kernel.org> # 5.10+: c0ef3df8dbae: PM: runtime: Simplify pm_runtime_get_if_active() usage Cc: 5.10+ <stable(a)vger.kernel.org> # 5.10+ Link: https://patch.msgid.link/12700973.O9o76ZdvQC@rjwysocki.net diff --git a/drivers/base/power/runtime.c b/drivers/base/power/runtime.c index c55a7c70bc1a..2ba0dfd1de5a 100644 --- a/drivers/base/power/runtime.c +++ b/drivers/base/power/runtime.c @@ -1191,10 +1191,12 @@ EXPORT_SYMBOL_GPL(__pm_runtime_resume); * * Return -EINVAL if runtime PM is disabled for @dev. * - * Otherwise, if the runtime PM status of @dev is %RPM_ACTIVE and either - * @ign_usage_count is %true or the runtime PM usage counter of @dev is not - * zero, increment the usage counter of @dev and return 1. Otherwise, return 0 - * without changing the usage counter. + * Otherwise, if its runtime PM status is %RPM_ACTIVE and (1) @ign_usage_count + * is set, or (2) @dev is not ignoring children and its active child count is + * nonero, or (3) the runtime PM usage counter of @dev is not zero, increment + * the usage counter of @dev and return 1. + * + * Otherwise, return 0 without changing the usage counter. * * If @ign_usage_count is %true, this function can be used to prevent suspending * the device when its runtime PM status is %RPM_ACTIVE. @@ -1216,7 +1218,8 @@ static int pm_runtime_get_conditional(struct device *dev, bool ign_usage_count) retval = -EINVAL; } else if (dev->power.runtime_status != RPM_ACTIVE) { retval = 0; - } else if (ign_usage_count) { + } else if (ign_usage_count || (!dev->power.ignore_children && + atomic_read(&dev->power.child_count) > 0)) { retval = 1; atomic_inc(&dev->power.usage_count); } else { @@ -1249,10 +1252,16 @@ EXPORT_SYMBOL_GPL(pm_runtime_get_if_active); * @dev: Target device. * * Increment the runtime PM usage counter of @dev if its runtime PM status is - * %RPM_ACTIVE and its runtime PM usage counter is greater than 0, in which case - * it returns 1. If the device is in a different state or its usage_count is 0, - * 0 is returned. -EINVAL is returned if runtime PM is disabled for the device, - * in which case also the usage_count will remain unmodified. + * %RPM_ACTIVE and its runtime PM usage counter is greater than 0 or it is not + * ignoring children and its active child count is nonzero. 1 is returned in + * this case. + * + * If @dev is in a different state or it is not in use (that is, its usage + * counter is 0, or it is ignoring children, or its active child count is 0), + * 0 is returned. + * + * -EINVAL is returned if runtime PM is disabled for the device, in which case + * also the usage counter of @dev is not updated. */ int pm_runtime_get_if_in_use(struct device *dev) {

2 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] PM: runtime: Take active children into account in" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 51888393cc64dd0462d0b96c13ab94873abbc030 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082129-botany-headlamp-b026@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 51888393cc64dd0462d0b96c13ab94873abbc030 Mon Sep 17 00:00:00 2001 From: "Rafael J. Wysocki" <rafael.j.wysocki(a)intel.com> Date: Wed, 9 Jul 2025 12:41:45 +0200 Subject: [PATCH] PM: runtime: Take active children into account in pm_runtime_get_if_in_use() For all practical purposes, there is no difference between the situation in which a given device is not ignoring children and its active child count is nonzero and the situation in which its runtime PM usage counter is nonzero. However, pm_runtime_get_if_in_use() will only increment the device's usage counter and return 1 in the latter case. For consistency, make it do so in the former case either by adjusting pm_runtime_get_conditional() and update the related kerneldoc comments accordingly. Fixes: c111566bea7c ("PM: runtime: Add pm_runtime_get_if_active()") Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> Reviewed-by: Ulf Hansson <ulf.hansson(a)linaro.org> Reviewed-by: Sakari Ailus <sakari.ailus(a)linux.intel.com> Cc: 5.10+ <stable(a)vger.kernel.org> # 5.10+: c0ef3df8dbae: PM: runtime: Simplify pm_runtime_get_if_active() usage Cc: 5.10+ <stable(a)vger.kernel.org> # 5.10+ Link: https://patch.msgid.link/12700973.O9o76ZdvQC@rjwysocki.net diff --git a/drivers/base/power/runtime.c b/drivers/base/power/runtime.c index c55a7c70bc1a..2ba0dfd1de5a 100644 --- a/drivers/base/power/runtime.c +++ b/drivers/base/power/runtime.c @@ -1191,10 +1191,12 @@ EXPORT_SYMBOL_GPL(__pm_runtime_resume); * * Return -EINVAL if runtime PM is disabled for @dev. * - * Otherwise, if the runtime PM status of @dev is %RPM_ACTIVE and either - * @ign_usage_count is %true or the runtime PM usage counter of @dev is not - * zero, increment the usage counter of @dev and return 1. Otherwise, return 0 - * without changing the usage counter. + * Otherwise, if its runtime PM status is %RPM_ACTIVE and (1) @ign_usage_count + * is set, or (2) @dev is not ignoring children and its active child count is + * nonero, or (3) the runtime PM usage counter of @dev is not zero, increment + * the usage counter of @dev and return 1. + * + * Otherwise, return 0 without changing the usage counter. * * If @ign_usage_count is %true, this function can be used to prevent suspending * the device when its runtime PM status is %RPM_ACTIVE. @@ -1216,7 +1218,8 @@ static int pm_runtime_get_conditional(struct device *dev, bool ign_usage_count) retval = -EINVAL; } else if (dev->power.runtime_status != RPM_ACTIVE) { retval = 0; - } else if (ign_usage_count) { + } else if (ign_usage_count || (!dev->power.ignore_children && + atomic_read(&dev->power.child_count) > 0)) { retval = 1; atomic_inc(&dev->power.usage_count); } else { @@ -1249,10 +1252,16 @@ EXPORT_SYMBOL_GPL(pm_runtime_get_if_active); * @dev: Target device. * * Increment the runtime PM usage counter of @dev if its runtime PM status is - * %RPM_ACTIVE and its runtime PM usage counter is greater than 0, in which case - * it returns 1. If the device is in a different state or its usage_count is 0, - * 0 is returned. -EINVAL is returned if runtime PM is disabled for the device, - * in which case also the usage_count will remain unmodified. + * %RPM_ACTIVE and its runtime PM usage counter is greater than 0 or it is not + * ignoring children and its active child count is nonzero. 1 is returned in + * this case. + * + * If @dev is in a different state or it is not in use (that is, its usage + * counter is 0, or it is ignoring children, or its active child count is 0), + * 0 is returned. + * + * -EINVAL is returned if runtime PM is disabled for the device, in which case + * also the usage counter of @dev is not updated. */ int pm_runtime_get_if_in_use(struct device *dev) {

2 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] PM: runtime: Take active children into account in" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 51888393cc64dd0462d0b96c13ab94873abbc030 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082129-outdoors-semantic-147a@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 51888393cc64dd0462d0b96c13ab94873abbc030 Mon Sep 17 00:00:00 2001 From: "Rafael J. Wysocki" <rafael.j.wysocki(a)intel.com> Date: Wed, 9 Jul 2025 12:41:45 +0200 Subject: [PATCH] PM: runtime: Take active children into account in pm_runtime_get_if_in_use() For all practical purposes, there is no difference between the situation in which a given device is not ignoring children and its active child count is nonzero and the situation in which its runtime PM usage counter is nonzero. However, pm_runtime_get_if_in_use() will only increment the device's usage counter and return 1 in the latter case. For consistency, make it do so in the former case either by adjusting pm_runtime_get_conditional() and update the related kerneldoc comments accordingly. Fixes: c111566bea7c ("PM: runtime: Add pm_runtime_get_if_active()") Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> Reviewed-by: Ulf Hansson <ulf.hansson(a)linaro.org> Reviewed-by: Sakari Ailus <sakari.ailus(a)linux.intel.com> Cc: 5.10+ <stable(a)vger.kernel.org> # 5.10+: c0ef3df8dbae: PM: runtime: Simplify pm_runtime_get_if_active() usage Cc: 5.10+ <stable(a)vger.kernel.org> # 5.10+ Link: https://patch.msgid.link/12700973.O9o76ZdvQC@rjwysocki.net diff --git a/drivers/base/power/runtime.c b/drivers/base/power/runtime.c index c55a7c70bc1a..2ba0dfd1de5a 100644 --- a/drivers/base/power/runtime.c +++ b/drivers/base/power/runtime.c @@ -1191,10 +1191,12 @@ EXPORT_SYMBOL_GPL(__pm_runtime_resume); * * Return -EINVAL if runtime PM is disabled for @dev. * - * Otherwise, if the runtime PM status of @dev is %RPM_ACTIVE and either - * @ign_usage_count is %true or the runtime PM usage counter of @dev is not - * zero, increment the usage counter of @dev and return 1. Otherwise, return 0 - * without changing the usage counter. + * Otherwise, if its runtime PM status is %RPM_ACTIVE and (1) @ign_usage_count + * is set, or (2) @dev is not ignoring children and its active child count is + * nonero, or (3) the runtime PM usage counter of @dev is not zero, increment + * the usage counter of @dev and return 1. + * + * Otherwise, return 0 without changing the usage counter. * * If @ign_usage_count is %true, this function can be used to prevent suspending * the device when its runtime PM status is %RPM_ACTIVE. @@ -1216,7 +1218,8 @@ static int pm_runtime_get_conditional(struct device *dev, bool ign_usage_count) retval = -EINVAL; } else if (dev->power.runtime_status != RPM_ACTIVE) { retval = 0; - } else if (ign_usage_count) { + } else if (ign_usage_count || (!dev->power.ignore_children && + atomic_read(&dev->power.child_count) > 0)) { retval = 1; atomic_inc(&dev->power.usage_count); } else { @@ -1249,10 +1252,16 @@ EXPORT_SYMBOL_GPL(pm_runtime_get_if_active); * @dev: Target device. * * Increment the runtime PM usage counter of @dev if its runtime PM status is - * %RPM_ACTIVE and its runtime PM usage counter is greater than 0, in which case - * it returns 1. If the device is in a different state or its usage_count is 0, - * 0 is returned. -EINVAL is returned if runtime PM is disabled for the device, - * in which case also the usage_count will remain unmodified. + * %RPM_ACTIVE and its runtime PM usage counter is greater than 0 or it is not + * ignoring children and its active child count is nonzero. 1 is returned in + * this case. + * + * If @dev is in a different state or it is not in use (that is, its usage + * counter is 0, or it is ignoring children, or its active child count is 0), + * 0 is returned. + * + * -EINVAL is returned if runtime PM is disabled for the device, in which case + * also the usage counter of @dev is not updated. */ int pm_runtime_get_if_in_use(struct device *dev) {

2 months, 3 weeks

1
0
0 0

[PATCH v2] media: nxp: imx8-isi: Fix streamon/streamoff calls are imbalanced issue

by Guoniu Zhou

If streamon/streamoff calls are imbalanced, such as exit application with Ctrl+C when streaming, m2m usage_count will never reach to zero and ISI channel won't be freed. Besides from that, if the input line width is more 2K and exit with Ctrl+C when streaming, it will trigger kernel panic, like bellow: [ 59.222120] ------------[ cut here ]------------ [ 59.226758] WARNING: drivers/media/platform/nxp/imx8-isi/imx8-isi-hw.c:631 at mxc_isi_channel_chain+0xa4/0x120, CPU#4: v4l2-ctl/654 [ 59.238569] Modules linked in: ap1302 [ 59.242231] CPU: 4 UID: 0 PID: 654 Comm: v4l2-ctl Not tainted 6.16.0-rc4-next-20250704-06511-gff0e002d480a-dirty #258 PREEMPT [ 59.253597] Hardware name: NXP i.MX95 15X15 board (DT) [ 59.258720] pstate: 80400009 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 59.265669] pc : mxc_isi_channel_chain+0xa4/0x120 [ 59.270358] lr : mxc_isi_channel_chain+0x44/0x120 [ 59.275047] sp : ffff8000848c3b40 [ 59.278348] x29: ffff8000848c3b40 x28: ffff0000859b4c98 x27: ffff800081939f00 [ 59.285472] x26: 000000000000000a x25: ffff0000859b4cb8 x24: 0000000000000001 [ 59.292597] x23: ffff0000816f4760 x22: ffff0000816f4258 x21: ffff000084ceb780 [ 59.299720] x20: ffff000084342ff8 x19: ffff000084340000 x18: 0000000000000000 [ 59.306845] x17: 0000000000000000 x16: 0000000000000000 x15: 0000ffffdb369e1c [ 59.313969] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000 [ 59.321093] x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000 [ 59.328217] x8 : ffff8000848c3d48 x7 : ffff800081930b30 x6 : ffff800081930b30 [ 59.335340] x5 : ffff0000859b6000 x4 : ffff80008193ae80 x3 : ffff800081022420 [ 59.342464] x2 : ffff0000852f6900 x1 : 0000000000000001 x0 : ffff000084341000 [ 59.349590] Call trace: [ 59.352025] mxc_isi_channel_chain+0xa4/0x120 (P) [ 59.356722] mxc_isi_m2m_streamon+0x160/0x20c [ 59.361072] v4l_streamon+0x24/0x30 [ 59.364556] __video_do_ioctl+0x40c/0x4a0 [ 59.368560] video_usercopy+0x2bc/0x690 [ 59.372382] video_ioctl2+0x18/0x24 [ 59.375857] v4l2_ioctl+0x40/0x60 [ 59.379168] __arm64_sys_ioctl+0xac/0x104 [ 59.383172] invoke_syscall+0x48/0x104 [ 59.386916] el0_svc_common.constprop.0+0xc0/0xe0 [ 59.391613] do_el0_svc+0x1c/0x28 [ 59.394915] el0_svc+0x34/0xf4 [ 59.397966] el0t_64_sync_handler+0xa0/0xe4 [ 59.402143] el0t_64_sync+0x198/0x19c [ 59.405801] ---[ end trace 0000000000000000 ]--- VIDIOC_STREAMON returned -1 (Invalid argument) So check the queue streaming status when application close and call streamoff to fix the issue. Fixes: cf21f328fcaf ("media: nxp: Add i.MX8 ISI driver") Cc: stable(a)vger.kernel.org Reviewed-by: Frank Li <Frank.Li(a)nxp.com> Signed-off-by: Guoniu Zhou <guoniu.zhou(a)nxp.com> --- Changes in v2: - No functions changed, add Cc:stable@vger.kernel.org tag in the sign-off area - Link to v1: https://lore.kernel.org/r/20250818-isi_m2m-v1-1-bbe2b774d4bf@nxp.com --- drivers/media/platform/nxp/imx8-isi/imx8-isi-m2m.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/drivers/media/platform/nxp/imx8-isi/imx8-isi-m2m.c b/drivers/media/platform/nxp/imx8-isi/imx8-isi-m2m.c index 22e49d3a128732c077beb7ac2e2f688e0899f8e2..7650a9fe6b093e2b4e09e3e66b624c8c019c8583 100644 --- a/drivers/media/platform/nxp/imx8-isi/imx8-isi-m2m.c +++ b/drivers/media/platform/nxp/imx8-isi/imx8-isi-m2m.c @@ -709,6 +709,14 @@ static int mxc_isi_m2m_release(struct file *file) struct mxc_isi_m2m *m2m = video_drvdata(file); struct mxc_isi_m2m_ctx *ctx = to_isi_m2m_ctx(file->private_data); + if (ctx->queues.out.streaming) + mxc_isi_m2m_streamoff(file, &ctx->fh, + V4L2_BUF_TYPE_VIDEO_OUTPUT_MPLANE); + + if (ctx->queues.cap.streaming) + mxc_isi_m2m_streamoff(file, &ctx->fh, + V4L2_BUF_TYPE_VIDEO_CAPTURE_MPLANE); + v4l2_m2m_ctx_release(ctx->fh.m2m_ctx); mxc_isi_m2m_ctx_ctrls_delete(ctx); --- base-commit: 8f5ae30d69d7543eee0d70083daf4de8fe15d585 change-id: 20250818-isi_m2m-ac52338ae925 Best regards, -- Guoniu Zhou <guoniu.zhou(a)nxp.com>

2 months, 3 weeks

2
1
0 0

Fwd: [Bug 220457] Using -march=native on linux 6.16.1 causes: can't find jump dest instruction error.

by SMF Linux

https://bugzilla.kernel.org/show_bug.cgi?id=220457 --- Comment #4 from Artem S. Tashkinov (aros(a)gmx.com) --- Send this to LKML. This bug report will die here unattended.

2 months, 3 weeks

1
0
0 0

[PATCH v4] mm: Fix possible deadlock in kmemleak

by Gu Bowen

Our syztester report the lockdep WARNING [1], which was identified in stable kernel version 5.10. However, this deadlock path no longer exists due to the refactoring of console_lock in v6.2-rc1 [2]. Coincidentally, there are two types of deadlocks that we have found here. One is the ABBA deadlock, as mentioned above [1], and the other is the AA deadlock was reported by Breno [3]. The latter's deadlock issue persists. To solve this problem, switch to printk_safe mode before printing warning message, this will redirect all printk()-s to a special per-CPU buffer, which will be flushed later from a safe context (irq work), and this deadlock problem can be avoided. The proper API to use should be printk_deferred_enter()/printk_deferred_exit() [4]. [1] https://lore.kernel.org/all/20250730094914.566582-1-gubowen5@huawei.com/ [2] https://lore.kernel.org/all/20221116162152.193147-1-john.ogness@linutronix.… [3] https://lore.kernel.org/all/20250731-kmemleak_lock-v1-1-728fd470198f@debian… [4] https://lore.kernel.org/all/5ca375cd-4a20-4807-b897-68b289626550@redhat.com/ ==================== Signed-off-by: Gu Bowen <gubowen5(a)huawei.com> --- mm/kmemleak.c | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/mm/kmemleak.c b/mm/kmemleak.c index 84265983f239..26113b89d09b 100644 --- a/mm/kmemleak.c +++ b/mm/kmemleak.c @@ -437,9 +437,15 @@ static struct kmemleak_object *__lookup_object(unsigned long ptr, int alias, else if (untagged_objp == untagged_ptr || alias) return object; else { + /* + * Printk deferring due to the kmemleak_lock held. + * This is done to avoid deadlock. + */ + printk_deferred_enter(); kmemleak_warn("Found object by alias at 0x%08lx\n", ptr); dump_object_info(object); + printk_deferred_exit(); break; } } @@ -736,6 +742,11 @@ static int __link_object(struct kmemleak_object *object, unsigned long ptr, else if (untagged_objp + parent->size <= untagged_ptr) link = &parent->rb_node.rb_right; else { + /* + * Printk deferring due to the kmemleak_lock held. + * This is done to avoid deadlock. + */ + printk_deferred_enter(); kmemleak_stop("Cannot insert 0x%lx into the object search tree (overlaps existing)\n", ptr); /* @@ -743,6 +754,7 @@ static int __link_object(struct kmemleak_object *object, unsigned long ptr, * be freed while the kmemleak_lock is held. */ dump_object_info(parent); + printk_deferred_exit(); return -EEXIST; } } @@ -858,8 +870,14 @@ static void delete_object_part(unsigned long ptr, size_t size, object = __find_and_remove_object(ptr, 1, objflags); if (!object) { #ifdef DEBUG + /* + * Printk deferring due to the kmemleak_lock held. + * This is done to avoid deadlock. + */ + printk_deferred_enter(); kmemleak_warn("Partially freeing unknown object at 0x%08lx (size %zu)\n", ptr, size); + printk_deferred_exit(); #endif goto unlock; } -- 2.43.0

2 months, 3 weeks

5
9
0 0

[PATCH v4] tty: serial: qcom_geni_serial: Improve error handling for RS485 mode

by Anup Kulkarni

Fix error handling issues of `uart_get_rs485_mode()` function by reordering resources_init() to occur after uart_get_rs485_mode. Remove multiple goto paths and use dev_err_probe to simplify error paths. Fixes: 4fcc287f3c69 ("serial: qcom-geni: Enable support for half-duplex mode") Cc: stable(a)vger.kernel.org Signed-off-by: Anup Kulkarni <quic_anupkulk(a)quicinc.com> --- v3->v4 - Added Fixes and Cc tag. v2->v3 - Reordered the function resources_init. - Removed goto. - Added dev_err_probe. v1->v2 - Updated commit message. --- drivers/tty/serial/qcom_geni_serial.c | 38 ++++++++++----------------- 1 file changed, 14 insertions(+), 24 deletions(-) diff --git a/drivers/tty/serial/qcom_geni_serial.c b/drivers/tty/serial/qcom_geni_serial.c index 32ec632fd080..be998dd45968 100644 --- a/drivers/tty/serial/qcom_geni_serial.c +++ b/drivers/tty/serial/qcom_geni_serial.c @@ -1882,15 +1882,9 @@ static int qcom_geni_serial_probe(struct platform_device *pdev) port->se.dev = &pdev->dev; port->se.wrapper = dev_get_drvdata(pdev->dev.parent); - ret = port->dev_data->resources_init(uport); - if (ret) - return ret; - res = platform_get_resource(pdev, IORESOURCE_MEM, 0); - if (!res) { - ret = -EINVAL; - goto error; - } + if (!res) + return -EINVAL; uport->mapbase = res->start; @@ -1903,25 +1897,19 @@ static int qcom_geni_serial_probe(struct platform_device *pdev) if (!data->console) { port->rx_buf = devm_kzalloc(uport->dev, DMA_RX_BUF_SIZE, GFP_KERNEL); - if (!port->rx_buf) { - ret = -ENOMEM; - goto error; - } + if (!port->rx_buf) + return -ENOMEM; } port->name = devm_kasprintf(uport->dev, GFP_KERNEL, "qcom_geni_serial_%s%d", uart_console(uport) ? "console" : "uart", uport->line); - if (!port->name) { - ret = -ENOMEM; - goto error; - } + if (!port->name) + return -ENOMEM; irq = platform_get_irq(pdev, 0); - if (irq < 0) { - ret = irq; - goto error; - } + if (irq < 0) + return irq; uport->irq = irq; uport->has_sysrq = IS_ENABLED(CONFIG_SERIAL_QCOM_GENI_CONSOLE); @@ -1942,12 +1930,14 @@ static int qcom_geni_serial_probe(struct platform_device *pdev) irq_set_status_flags(uport->irq, IRQ_NOAUTOEN); ret = devm_request_irq(uport->dev, uport->irq, qcom_geni_serial_isr, IRQF_TRIGGER_HIGH, port->name, uport); - if (ret) { - dev_err(uport->dev, "Failed to get IRQ ret %d\n", ret); - goto error; - } + if (ret) + return dev_err_probe(uport->dev, ret, "Failed to get IRQ\n"); ret = uart_get_rs485_mode(uport); + if (ret) + return dev_err_probe(uport->dev, ret, "Failed to get rs485 mode\n"); + + ret = port->dev_data->resources_init(uport); if (ret) return ret; -- 2.34.1

2 months, 3 weeks

2
2
0 0

[PATCH 6.16.y 1/2] erofs: fix build error with CONFIG_EROFS_FS_ZIP_ACCEL=y

by Gao Xiang

From: "Bo Liu (OpenAnolis)" <liubo03(a)inspur.com> commit 5e0bf36fd156b8d9b09f8481ee6daa6cdba1b064 upstream. fix build err: ld.lld: error: undefined symbol: crypto_req_done referenced by decompressor_crypto.c fs/erofs/decompressor_crypto.o:(z_erofs_crypto_decompress) in archive vmlinux.a referenced by decompressor_crypto.c fs/erofs/decompressor_crypto.o:(z_erofs_crypto_decompress) in archive vmlinux.a ld.lld: error: undefined symbol: crypto_acomp_decompress referenced by decompressor_crypto.c fs/erofs/decompressor_crypto.o:(z_erofs_crypto_decompress) in archive vmlinux.a ld.lld: error: undefined symbol: crypto_alloc_acomp referenced by decompressor_crypto.c fs/erofs/decompressor_crypto.o:(z_erofs_crypto_enable_engine) in archive vmlinux.a Reported-by: kernel test robot <lkp(a)intel.com> Closes: https://lore.kernel.org/oe-kbuild-all/202507161032.QholMPtn-lkp@intel.com/ Fixes: b4a29efc5146 ("erofs: support DEFLATE decompression by using Intel QAT") Signed-off-by: Bo Liu (OpenAnolis) <liubo03(a)inspur.com> Link: https://lore.kernel.org/r/20250718033039.3609-1-liubo03@inspur.com Reviewed-by: Gao Xiang <hsiangkao(a)linux.alibaba.com> Signed-off-by: Gao Xiang <hsiangkao(a)linux.alibaba.com> --- Also backport commit 74da24f0ac9b to address: https://lore.kernel.org/r/ca432b9e-e016-4d2d-b137-79def0aaca85@kernel.org fs/erofs/Kconfig | 2 ++ 1 file changed, 2 insertions(+) diff --git a/fs/erofs/Kconfig b/fs/erofs/Kconfig index 6beeb7063871..7b26efc271ee 100644 --- a/fs/erofs/Kconfig +++ b/fs/erofs/Kconfig @@ -147,6 +147,8 @@ config EROFS_FS_ZIP_ZSTD config EROFS_FS_ZIP_ACCEL bool "EROFS hardware decompression support" depends on EROFS_FS_ZIP + select CRYPTO + select CRYPTO_DEFLATE help Saying Y here includes hardware accelerator support for reading EROFS file systems containing compressed data. It gives better -- 2.43.5

2 months, 3 weeks

1
1
0 0

[PATCH RESEND v2] proc: fix missing pde_set_flags() for net proc files

by wangzijie

To avoid potential UAF issues during module removal races, we use pde_set_flags() to save proc_ops flags in PDE itself before proc_register(), and then use pde_has_proc_*() helpers instead of directly dereferencing pde->proc_ops->*. However, the pde_set_flags() call was missing when creating net related proc files. This omission caused incorrect behavior which FMODE_LSEEK was being cleared inappropriately in proc_reg_open() for net proc files. Lars reported it in this link[1]. Fix this by ensuring pde_set_flags() is called when register proc entry, and add NULL check for proc_ops in pde_set_flags(). [1]: https://lore.kernel.org/all/20250815195616.64497967@chagall.paradoxon.rec/ Fixes: ff7ec8dc1b64 ("proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al) Cc: stable(a)vger.kernel.org Reported-by: Lars Wendler <polynomial-c(a)gmx.de> Signed-off-by: wangzijie <wangzijie1(a)honor.com> --- v2: - followed by Jiri's suggestion to refractor code and reformat commit message --- fs/proc/generic.c | 36 +++++++++++++++++++----------------- 1 file changed, 19 insertions(+), 17 deletions(-) diff --git a/fs/proc/generic.c b/fs/proc/generic.c index 76e800e38..003031839 100644 --- a/fs/proc/generic.c +++ b/fs/proc/generic.c @@ -367,6 +367,23 @@ static const struct inode_operations proc_dir_inode_operations = { .setattr = proc_notify_change, }; +static void pde_set_flags(struct proc_dir_entry *pde) +{ + if (!pde->proc_ops) + return; + + if (pde->proc_ops->proc_flags & PROC_ENTRY_PERMANENT) + pde->flags |= PROC_ENTRY_PERMANENT; + if (pde->proc_ops->proc_read_iter) + pde->flags |= PROC_ENTRY_proc_read_iter; +#ifdef CONFIG_COMPAT + if (pde->proc_ops->proc_compat_ioctl) + pde->flags |= PROC_ENTRY_proc_compat_ioctl; +#endif + if (pde->proc_ops->proc_lseek) + pde->flags |= PROC_ENTRY_proc_lseek; +} + /* returns the registered entry, or frees dp and returns NULL on failure */ struct proc_dir_entry *proc_register(struct proc_dir_entry *dir, struct proc_dir_entry *dp) @@ -374,6 +391,8 @@ struct proc_dir_entry *proc_register(struct proc_dir_entry *dir, if (proc_alloc_inum(&dp->low_ino)) goto out_free_entry; + pde_set_flags(dp); + write_lock(&proc_subdir_lock); dp->parent = dir; if (pde_subdir_insert(dir, dp) == false) { @@ -561,20 +580,6 @@ struct proc_dir_entry *proc_create_reg(const char *name, umode_t mode, return p; } -static void pde_set_flags(struct proc_dir_entry *pde) -{ - if (pde->proc_ops->proc_flags & PROC_ENTRY_PERMANENT) - pde->flags |= PROC_ENTRY_PERMANENT; - if (pde->proc_ops->proc_read_iter) - pde->flags |= PROC_ENTRY_proc_read_iter; -#ifdef CONFIG_COMPAT - if (pde->proc_ops->proc_compat_ioctl) - pde->flags |= PROC_ENTRY_proc_compat_ioctl; -#endif - if (pde->proc_ops->proc_lseek) - pde->flags |= PROC_ENTRY_proc_lseek; -} - struct proc_dir_entry *proc_create_data(const char *name, umode_t mode, struct proc_dir_entry *parent, const struct proc_ops *proc_ops, void *data) @@ -585,7 +590,6 @@ struct proc_dir_entry *proc_create_data(const char *name, umode_t mode, if (!p) return NULL; p->proc_ops = proc_ops; - pde_set_flags(p); return proc_register(parent, p); } EXPORT_SYMBOL(proc_create_data); @@ -636,7 +640,6 @@ struct proc_dir_entry *proc_create_seq_private(const char *name, umode_t mode, p->proc_ops = &proc_seq_ops; p->seq_ops = ops; p->state_size = state_size; - pde_set_flags(p); return proc_register(parent, p); } EXPORT_SYMBOL(proc_create_seq_private); @@ -667,7 +670,6 @@ struct proc_dir_entry *proc_create_single_data(const char *name, umode_t mode, return NULL; p->proc_ops = &proc_single_ops; p->single_show = show; - pde_set_flags(p); return proc_register(parent, p); } EXPORT_SYMBOL(proc_create_single_data); -- 2.25.1

2 months, 3 weeks

3
3
0 0

[PATCH v2 0/2] Fixes for maxim tcpc contaminant detection logic

by Amit Sunil Dhamne via B4 Relay

Add fixes to the CC contaminant/connection detection logic to improve reliability and stability of the maxim tcpc driver. This patchset has been tested on a PD Tester. --- Changes in v2: - Fix improperly formatted patch for stable inclusion. Tagged every patch in patchset for stable. - Link to v1: https://lore.kernel.org/r/20250814-fix-upstream-contaminant-v1-0-801ce80890… --- Amit Sunil Dhamne (2): usb: typec: maxim_contaminant: disable low power mode when reading comparator values usb: typec: maxim_contaminant: re-enable cc toggle if cc is open and port is clean drivers/usb/typec/tcpm/maxim_contaminant.c | 58 ++++++++++++++++++++++++++++++ drivers/usb/typec/tcpm/tcpci_maxim.h | 1 + 2 files changed, 59 insertions(+) --- base-commit: 89be9a83ccf1f88522317ce02f854f30d6115c41 change-id: 20250802-fix-upstream-contaminant-16910e2762ca Best regards, -- Amit Sunil Dhamne <amitsd(a)google.com>

2 months, 3 weeks

2
5
0 0

[PATCH stable 5.10] usb: dwc3: Remove DWC3 locking during gadget suspend/resume

by Selvarasu Ganesan

Dear stable team, Patch : usb: dwc3: Remove DWC3 locking during gadget suspend/resume Commit id:5265397f94424eaea596026fd34dc7acf474dcec This patch fixes a critical bug in the dwc3 driver that was introduced by commit (https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/dri… <https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/dri…>) in the 5.10 kernel series. The bug causes the below kernel crash (Added usleep in atomic context as part of above patch) under dwc3 suspend/resume scenarios. 35.829644] [6: kworker/6:1: 68] BUG: scheduling while atomic: kworker/6:1/68/0x00000002 [ 35.829946] [6: kworker/6:1: 68] CPU: 6 PID: 68 Comm: kworker/6:1 Tainted: G C E 5.10.236-android13-4 #1 [ 35.830010] [6: kworker/6:1: 68] Call trace: [ 35.830024] [6: kworker/6:1: 68] dump_backtrace.cfi_jt+0x0/0x8 [ 35.830034] [6: kworker/6:1: 68] show_stack+0x1c/0x2c [ 35.830044] [6: kworker/6:1: 68] dump_stack_lvl+0xd8/0x134 [ 35.830053] [6: kworker/6:1: 68] __schedule_bug+0x80/0xbc [ 35.830062] [6: kworker/6:1: 68] __schedule+0x55c/0x7e8 [ 35.830068] [6: kworker/6:1: 68] schedule+0x80/0x100 [ 35.830077] [6: kworker/6:1: 68] schedule_hrtimeout_range_clock+0xa8/0x11c [ 35.830083] [6: kworker/6:1: 68] usleep_range+0x68/0xa4 [ 35.830093] [6: kworker/6:1: 68] dwc3_gadget_run_stop+0x170/0x448 [ 35.830099] [6: kworker/6:1: 68] dwc3_gadget_resume+0x4c/0xdc [ 35.830108] [6: kworker/6:1: 68] dwc3_resume_common+0x6c/0x23c [ 35.830115] [6: kworker/6:1: 68] dwc3_runtime_resume+0x40/0xcc [ 35.830123] [6: kworker/6:1: 68] pm_generic_runtime_resume+0x48/0x88 [ 35.830131] [6: kworker/6:1: 68] __rpm_callback+0x94/0x420 The patch(5265397f9442) for this fix was originally merged in the below commit: https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/… <https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/…> Please apply this patch to the stable 5.10 kernel to prevent this BUG. Additionally the below patch also required to avoid dead lock that introduced by the abovepatch (5265397f9442) in 5.10 stable kernel. Patch:usb: dwc3: core: remove lock of otg mode during gadget suspend/resume to avoid deadlock Commit id:7838de15bb700c2898a7d741db9b1f3cbc86c136 https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/… <https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/…> Thanks, Selva

2 months, 3 weeks

2
2
0 0

[to-be-updated] mm-damon-core-set-quota-charged_from-to-jiffies-at-first-charge-window.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/damon/core: set quota->charged_from to jiffies at first charge window has been removed from the -mm tree. Its filename was mm-damon-core-set-quota-charged_from-to-jiffies-at-first-charge-window.patch This patch was dropped because an updated version will be issued ------------------------------------------------------ From: Sang-Heon Jeon <ekffu200098(a)gmail.com> Subject: mm/damon/core: set quota->charged_from to jiffies at first charge window Date: Wed, 20 Aug 2025 00:01:23 +0900 Kernel initializes "jiffies" timer as 5 minutes below zero, as shown in include/linux/jiffies.h /* * Have the 32 bit jiffies value wrap 5 minutes after boot * so jiffies wrap bugs show up earlier. */ #define INITIAL_JIFFIES ((unsigned long)(unsigned int) (-300*HZ)) And they cast unsigned value to signed to cover wraparound #define time_after_eq(a,b) \ (typecheck(unsigned long, a) && \ typecheck(unsigned long, b) && \ ((long)((a) - (b)) >= 0)) In 64bit systems, these might not be a problem because wrapround occurs 300 million years after the boot, assuming HZ value is 1000. With same assuming, In 32bit system, wraparound occurs 5 minutues after the initial boot and every 49 days after the first wraparound. And about 25 days after first wraparound, it continues quota charging window up to next 25 days. Example 1: initial boot jiffies=0xFFFB6C20, charged_from+interval=0x000003E8 time_after_eq(jiffies, charged_from+interval)=(long)0xFFFB6838; In signed values, it is considered negative so it is false. Example 2: after about 25 days first wraparound jiffies=0x800004E8, charged_from+interval=0x000003E8 time_after_eq(jiffies, charged_from+interval)=(long)0x80000100; In signed values, it is considered negative so it is false So, change quota->charged_from to jiffies at damos_adjust_quota() when it is consider first charge window. In theory; but almost impossible; quota->total_charged_sz and qutoa->charged_from should be both zero even if it is not in first charge window. But It will only delay one reset_interval, So it is not big problem. Link: https://lkml.kernel.org/r/20250819150123.1532458-1-ekffu200098@gmail.com Fixes: 2b8a248d5873 ("mm/damon/schemes: implement size quota for schemes application speed control") [5.16] Signed-off-by: Sang-Heon Jeon <ekffu200098(a)gmail.com> Reviewed-by: SeongJae Park <sj(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/damon/core.c | 4 ++++ 1 file changed, 4 insertions(+) --- a/mm/damon/core.c~mm-damon-core-set-quota-charged_from-to-jiffies-at-first-charge-window +++ a/mm/damon/core.c @@ -2111,6 +2111,10 @@ static void damos_adjust_quota(struct da if (!quota->ms && !quota->sz && list_empty(&quota->goals)) return; + /* First charge window */ + if (!quota->total_charged_sz && !quota->charged_from) + quota->charged_from = jiffies; + /* New charge window starts */ if (time_after_eq(jiffies, quota->charged_from + msecs_to_jiffies(quota->reset_interval))) { _ Patches currently in -mm which might be from ekffu200098(a)gmail.com are mm-damon-update-expired-description-of-damos_action.patch docs-mm-damon-design-fix-typo-s-sz_trtied-sz_tried.patch selftests-damon-test-no-op-commit-broke-damon-status.patch selftests-damon-test-no-op-commit-broke-damon-status-fix.patch mm-damon-tests-core-kunit-add-damos_commit_filter-test.patch

2 months, 3 weeks

1
0
0 0

[PATCH net v2] ipv6: sr: Fix MAC comparison to be constant-time

by Eric Biggers

To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this. Fixes: bf355b8d2c30 ("ipv6: sr: add core files for SR HMAC support") Cc: stable(a)vger.kernel.org Signed-off-by: Eric Biggers <ebiggers(a)kernel.org> --- v2: sent as standalone patch targeting net instead of net-next. net/ipv6/seg6_hmac.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/net/ipv6/seg6_hmac.c b/net/ipv6/seg6_hmac.c index f78ecb6ad8383..5dae892bbc73b 100644 --- a/net/ipv6/seg6_hmac.c +++ b/net/ipv6/seg6_hmac.c @@ -33,10 +33,11 @@ #include <net/ip6_route.h> #include <net/addrconf.h> #include <net/xfrm.h> #include <crypto/hash.h> +#include <crypto/utils.h> #include <net/seg6.h> #include <net/genetlink.h> #include <net/seg6_hmac.h> #include <linux/random.h> @@ -278,11 +279,11 @@ bool seg6_hmac_validate_skb(struct sk_buff *skb) return false; if (seg6_hmac_compute(hinfo, srh, &ipv6_hdr(skb)->saddr, hmac_output)) return false; - if (memcmp(hmac_output, tlv->hmac, SEG6_HMAC_FIELD_LEN) != 0) + if (crypto_memneq(hmac_output, tlv->hmac, SEG6_HMAC_FIELD_LEN)) return false; return true; } EXPORT_SYMBOL(seg6_hmac_validate_skb); base-commit: 715c7a36d59f54162a26fac1d1ed8dc087a24cf1 -- 2.50.1

2 months, 3 weeks

3
2
0 0

[STATUS] stable/linux-6.12.y - 9becd7c25c61ae7e5b6fbfc3c226b1f23af7638c

by KernelCI bot

Hello, Status summary for stable/linux-6.12.y Dashboard: https://d.kernelci.org/c/stable/linux-6.12.y/9becd7c25c61ae7e5b6fbfc3c226b1… giturl: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git branch: linux-6.12.y commit hash: 9becd7c25c61ae7e5b6fbfc3c226b1f23af7638c origin: maestro test start time: 2025-08-20 17:11:31.947000+00:00 Builds: 44 ✅ 1 ❌ 0 ⚠️ Boots: 155 ✅ 0 ❌ 47 ⚠️ Tests: 9449 ✅ 4714 ❌ 2785 ⚠️ ### POSSIBLE REGRESSIONS Hardware: imx6q-udoo - kselftest.alsa.alsa_mixer-test_name_fslimx6qudooac9_22 (multi_v7_defconfig) last run: https://d.kernelci.org/test/maestro:68a62a9b233e484a3fa3644a history: > ✅ > ❌ - kselftest.alsa.alsa_mixer-test_name_fslimx6qudooac9_9 (multi_v7_defconfig) last run: https://d.kernelci.org/test/maestro:68a62a9b233e484a3fa363ef history: > ✅ > ❌ Hardware: sun50i-a64-pine64-plus - kselftest.kvm.kvm_memslot_perf_test (defconfig+arm64-chromebook+kselftest) last run: https://d.kernelci.org/test/maestro:68a6103e233e484a3fa3221d history: > ✅ > ❌ Hardware: sun50i-h5-libretech-all-h3-cc - kselftest.uevent (defconfig+arm64-chromebook+kselftest) last run: https://d.kernelci.org/test/maestro:68a60df0233e484a3fa31411 history: > ✅ > ❌ - kselftest.uevent.uevent_uevent_filtering (defconfig+arm64-chromebook+kselftest) last run: https://d.kernelci.org/test/maestro:68a60f02233e484a3fa31730 history: > ✅ > ❌ - kselftest.uevent.uevent_uevent_filtering_global_uevent_filtering (defconfig+arm64-chromebook+kselftest) last run: https://d.kernelci.org/test/maestro:68a60f02233e484a3fa31731 history: > ✅ > ❌ ### FIXED REGRESSIONS Hardware: imx6q-udoo - kselftest.alsa.alsa_mixer-test_name_fslimx6qudooac9_10 (multi_v7_defconfig) last run: https://d.kernelci.org/test/maestro:68a62a9b233e484a3fa363f6 history: > ❌ > ✅ Hardware: imx8mp-evk - kselftest.kvm.kvm_memslot_perf_test (defconfig+arm64-chromebook+kselftest) last run: https://d.kernelci.org/test/maestro:68a649db233e484a3fa3d412 history: > ❌ > ✅ Hardware: k3-am625-verdin-wifi-mallow - kselftest.kvm.kvm_memslot_perf_test (defconfig+arm64-chromebook+kselftest) last run: https://d.kernelci.org/test/maestro:68a60fbb233e484a3fa319f0 history: > ❌ > ✅ ### UNSTABLE TESTS Hardware: acer-cb317-1h-c3z6-dedede - kernelci_wifi_basic (x86_64_defconfig+lab-setup+x86-board+kselftest) last run: https://d.kernelci.org/test/maestro:68a60ea1233e484a3fa3168c history: > ⚠️ > ❌ > ⚠️ - kselftest.iommu (x86_64_defconfig+lab-setup+x86-board+kselftest) last run: https://d.kernelci.org/test/maestro:68a60e92233e484a3fa3160d history: > ❌ > ⚠️ Hardware: acer-chromebox-cxi4-puff - tast (cros://chromeos-6.6/x86_64/chromeos-intel-pineview.flavour.config+lab-setup+x86-board+CONFIG_MODULE_COMPRESS=n+CONFIG_MODULE_COMPRESS_NONE=y) last run: https://d.kernelci.org/test/maestro:68a60d3b233e484a3fa31218 history: > ⚠️ > ⚠️ > ⚠️ > ⚠️ > ⚠️ Hardware: acer-chromebox-cxi5-brask - boot (x86_64_defconfig+lab-setup+x86-board+kselftest) last run: https://d.kernelci.org/test/maestro:68a60e6a233e484a3fa314bd history: > ✅ > ⚠️ Hardware: acer-cp514-2h-1160g7-volteer - boot (defconfig+kcidebug+x86-board) last run: https://d.kernelci.org/test/maestro:68a61133233e484a3fa32a5a history: > ⚠️ > ⚠️ Hardware: acer-R721T-grunt - kselftest.cpufreq.suspend (x86_64_defconfig+lab-setup+x86-board+kselftest) last run: https://d.kernelci.org/test/maestro:68a60e80233e484a3fa3156e history: > ✅ > ✅ > ⚠️ Hardware: at91sam9g20ek - ltp (multi_v5_defconfig) last run: https://d.kernelci.org/test/maestro:68a60958233e484a3fa306a5 history: > ⚠️ > ⚠️ Hardware: bcm2711-rpi-4-b - boot (defconfig+lab-setup+kselftest) last run: https://d.kernelci.org/test/maestro:68a61238233e484a3fa33008 history: > ✅ > ⚠️ > ✅ > ⚠️ > ⚠️ - kselftest.acct (defconfig+lab-setup+kselftest) last run: https://d.kernelci.org/test/maestro:68a61239233e484a3fa33010 history: > ❌ > ⚠️ - kselftest.alsa (defconfig+lab-setup+kselftest) last run: https://d.kernelci.org/test/maestro:68a61239233e484a3fa33013 history: > ❌ > ⚠️ - kselftest.arm64 (defconfig+lab-setup+kselftest) last run: https://d.kernelci.org/test/maestro:68a6123d233e484a3fa33031 history: > ✅ > ⚠️ - kselftest.breakpoints (defconfig+lab-setup+kselftest) last run: https://d.kernelci.org/test/maestro:68a61244233e484a3fa3305f history: > ⚠️ > ⚠️ - kselftest.device_error_logs (defconfig+lab-setup+kselftest) last run: https://d.kernelci.org/test/maestro:68a61248233e484a3fa33077 history: > ✅ > ⚠️ - kselftest.dt (defconfig+lab-setup+kselftest) last run: https://d.kernelci.org/test/maestro:68a6125c233e484a3fa330ed history: > ❌ > ❌ > ⚠️ > ❌ - kselftest.timers (defconfig+lab-setup+kselftest) last run: https://d.kernelci.org/test/maestro:68a61262233e484a3fa3310e history: > ❌ > ⚠️ - kselftest.ftrace (defconfig+arm64-chromebook+kselftest) last run: https://d.kernelci.org/test/maestro:68a60de2233e484a3fa313b6 history: > ✅ > ⚠️ - kselftest.kvm (defconfig+arm64-chromebook+kselftest) last run: https://d.kernelci.org/test/maestro:68a60de3233e484a3fa313c2 history: > ❌ > ⚠️ - kselftest.landlock (defconfig+arm64-chromebook+kselftest) last run: https://d.kernelci.org/test/maestro:68a60de8233e484a3fa313e0 history: > ❌ > ⚠️ - kselftest.lsm (defconfig+arm64-chromebook+kselftest) last run: https://d.kernelci.org/test/maestro:68a60de8233e484a3fa313e3 history: > ✅ > ⚠️ - kselftest.perf_events (defconfig+arm64-chromebook+kselftest) last run: https://d.kernelci.org/test/maestro:68a60dea233e484a3fa313f0 history: > ⚠️ > ⚠️ - kselftest.zram (defconfig+arm64-chromebook+kselftest) last run: https://d.kernelci.org/test/maestro:68a60df1233e484a3fa31417 history: > ✅ > ⚠️ Hardware: beaglebone-black - boot (multi_v7_defconfig) last run: https://d.kernelci.org/test/maestro:68a60735233e484a3fa2ffff history: > ✅ > ⚠️ - kselftest.acct (multi_v7_defconfig) last run: https://d.kernelci.org/test/maestro:68a6073f233e484a3fa30016 history: > ❌ > ⚠️ - kselftest.alsa (multi_v7_defconfig) last run: https://d.kernelci.org/test/maestro:68a60740233e484a3fa30019 history: > ❌ > ⚠️ - kselftest.breakpoints (multi_v7_defconfig) last run: https://d.kernelci.org/test/maestro:68a60745233e484a3fa30026 history: > ❌ > ⚠️ - kselftest.capabilities (multi_v7_defconfig) last run: https://d.kernelci.org/test/maestro:68a60746233e484a3fa30029 history: > ✅ > ⚠️ - kselftest.clone3 (multi_v7_defconfig) last run: https://d.kernelci.org/test/maestro:68a60747233e484a3fa3002c history: > ❌ > ⚠️ - kselftest.coredump (multi_v7_defconfig) last run: https://d.kernelci.org/test/maestro:68a60748233e484a3fa3002f history: > ❌ > ⚠️ - kselftest.device_error_logs (multi_v7_defconfig) last run: https://d.kernelci.org/test/maestro:68a60749233e484a3fa30032 history: > ❌ > ⚠️ - kselftest.dt (multi_v7_defconfig) last run: https://d.kernelci.org/test/maestro:68a60753233e484a3fa30051 history: > ❌ > ❌ > ⚠️ > ⚠️ - kselftest.fchmodat2 (multi_v7_defconfig) last run: https://d.kernelci.org/test/maestro:68a60758233e484a3fa30061 history: > ❌ > ⚠️ - kselftest.futex (multi_v7_defconfig) last run: https://d.kernelci.org/test/maestro:68a60759233e484a3fa30064 history: > ❌ > ⚠️ - kselftest.kcmp (multi_v7_defconfig) last run: https://d.kernelci.org/test/maestro:68a6075a233e484a3fa30067 history: > ✅ > ⚠️ - kselftest.mqueue (multi_v7_defconfig) last run: https://d.kernelci.org/test/maestro:68a6075b233e484a3fa3006a history: > ❌ > ⚠️ - kselftest.proc (multi_v7_defconfig) last run: https://d.kernelci.org/test/maestro:68a6075e233e484a3fa30070 history: > ❌ > ⚠️ - kselftest.ptrace (multi_v7_defconfig) last run: https://d.kernelci.org/test/maestro:68a6075c233e484a3fa3006d history: > ❌ > ⚠️ - kselftest.signal (multi_v7_defconfig) last run: https://d.kernelci.org/test/maestro:68a60762233e484a3fa30079 history: > ❌ > ⚠️ - kselftest.timers (multi_v7_defconfig) last run: https://d.kernelci.org/test/maestro:68a6075f233e484a3fa30073 history: > ❌ > ⚠️ - kselftest.tmpfs (multi_v7_defconfig) last run: https://d.kernelci.org/test/maestro:68a60760233e484a3fa30076 history: > ✅ > ⚠️ - kselftest.vdso (multi_v7_defconfig) last run: https://d.kernelci.org/test/maestro:68a60763233e484a3fa3007c history: > ✅ > ⚠️ - kselftest.gpio (multi_v7_defconfig+kselftest) last run: https://d.kernelci.org/test/maestro:68a60ca0233e484a3fa30ccd history: > ❌ > ⚠️ - kselftest.ipc (multi_v7_defconfig+kselftest) last run: https://d.kernelci.org/test/maestro:68a60ca2233e484a3fa30cd0 history: > ❌ > ⚠️ - kselftest.landlock (multi_v7_defconfig+kselftest) last run: https://d.kernelci.org/test/maestro:68a60ca3233e484a3fa30cd3 history: > ❌ > ⚠️ - kselftest.lsm (multi_v7_defconfig+kselftest) last run: https://d.kernelci.org/test/maestro:68a60ca5233e484a3fa30cd6 history: > ❌ > ⚠️ - kselftest.memfd (multi_v7_defconfig+kselftest) last run: https://d.kernelci.org/test/maestro:68a60ca7233e484a3fa30cd9 history: > ❌ > ⚠️ - kselftest.perf_events (multi_v7_defconfig+kselftest) last run: https://d.kernelci.org/test/maestro:68a60cab233e484a3fa30cdf history: > ❌ > ⚠️ - kselftest.ring-buffer (multi_v7_defconfig+kselftest) last run: https://d.kernelci.org/test/maestro:68a60cad233e484a3fa30ce9 history: > ❌ > ⚠️ - kselftest.rlimits (multi_v7_defconfig+kselftest) last run: https://d.kernelci.org/test/maestro:68a60caf233e484a3fa30cfb history: > ❌ > ⚠️ - kselftest.seccomp (multi_v7_defconfig+kselftest) last run: https://d.kernelci.org/test/maestro:68a60cb7233e484a3fa30d13 history: > ❌ > ⚠️ - kselftest.splce (multi_v7_defconfig+kselftest) last run: https://d.kernelci.org/test/maestro:68a60cb1233e484a3fa30cfe history: > ❌ > ⚠️ - kselftest.sync (multi_v7_defconfig+kselftest) last run: https://d.kernelci.org/test/maestro:68a60cb3233e484a3fa30d09 history: > ✅ > ⚠️ - kselftest.timens (multi_v7_defconfig+kselftest) last run: https://d.kernelci.org/test/maestro:68a60cb5233e484a3fa30d10 history: > ✅ > ⚠️ - kselftest.ublk (multi_v7_defconfig+kselftest) last run: https://d.kernelci.org/test/maestro:68a60cba233e484a3fa30d16 history: > ❌ > ⚠️ - kselftest.uevent (multi_v7_defconfig+kselftest) last run: https://d.kernelci.org/test/maestro:68a60cbb233e484a3fa30d1f history: > ❌ > ⚠️ - kselftest.user_events (multi_v7_defconfig+kselftest) last run: https://d.kernelci.org/test/maestro:68a60cbd233e484a3fa30d22 history: > ✅ > ⚠️ Hardware: cd8180-orion-o6 - boot (defconfig+lab-setup+kselftest) last run: https://d.kernelci.org/test/maestro:68a61231233e484a3fa32fdd history: > ✅ > ⚠️ - kselftest.arm64 (defconfig+lab-setup+kselftest) last run: https://d.kernelci.org/test/maestro:68a6123f233e484a3fa3303b history: > ⚠️ > ⚠️ - kselftest.breakpoints (defconfig+lab-setup+kselftest) last run: https://d.kernelci.org/test/maestro:68a61245233e484a3fa33065 history: > ⚠️ > ⚠️ - kselftest.device_error_logs (defconfig+lab-setup+kselftest) last run: https://d.kernelci.org/test/maestro:68a6124a233e484a3fa33087 history: > ⚠️ > ⚠️ - kselftest.dt (defconfig+lab-setup+kselftest) last run: https://d.kernelci.org/test/maestro:68a61255233e484a3fa330c2 history: > ⚠️ > ⚠️ - kselftest.futex (defconfig+lab-setup+kselftest) last run: https://d.kernelci.org/test/maestro:68a6125f233e484a3fa330ff history: > ⚠️ > ⚠️ - kselftest.signal (defconfig+lab-setup+kselftest) last run: https://d.kernelci.org/test/maestro:68a61265233e484a3fa33120 history: > ⚠️ > ⚠️ - kselftest.timers (defconfig+lab-setup+kselftest) last run: https://d.kernelci.org/test/maestro:68a61263233e484a3fa33115 history: > ⚠️ > ⚠️ - kselftest.efivars (defconfig+arm64-chromebook+kselftest) last run: https://d.kernelci.org/test/maestro:68a60de1233e484a3fa313b3 history: > ⚠️ > ⚠️ - kselftest.ftrace (defconfig+arm64-chromebook+kselftest) last run: https://d.kernelci.org/test/maestro:68a60de2233e484a3fa313b9 history: > ⚠️ > ⚠️ - kselftest.mm (defconfig+arm64-chromebook+kselftest) last run: https://d.kernelci.org/test/maestro:68a60de9233e484a3fa313e9 history: > ⚠️ > ⚠️ - kselftest.perf_events (defconfig+arm64-chromebook+kselftest) last run: https://d.kernelci.org/test/maestro:68a60deb233e484a3fa313f3 history: > ⚠️ > ⚠️ Hardware: dell-latitude-3445-7520c-skyrim - boot (cros://chromeos-6.6/x86_64/chromeos-amd-stoneyridge.flavour.config+lab-setup+x86-board+CONFIG_MODULE_COMPRESS=n+CONFIG_MODULE_COMPRESS_NONE=y) last run: https://d.kernelci.org/test/maestro:68a606eb233e484a3fa2ff10 history: > ⚠️ > ⚠️ > ⚠️ > ⚠️ Hardware: dell-latitude-5400-8665U-sarien - tast (cros://chromeos-6.6/x86_64/chromeos-intel-pineview.flavour.config+lab-setup+x86-board+CONFIG_MODULE_COMPRESS=n+CONFIG_MODULE_COMPRESS_NONE=y) last run: https://d.kernelci.org/test/maestro:68a60d3e233e484a3fa31230 history: > ⚠️ > ⚠️ > ⚠️ > ⚠️ > ❌ - boot (defconfig+kcidebug+x86-board) last run: https://d.kernelci.org/test/maestro:68a61135233e484a3fa32a6c history: > ❌ > ⚠️ Hardware: hp-14b-na0052xx-zork - kselftest.cpufreq.suspend (x86_64_defconfig+lab-setup+x86-board+kselftest) last run: https://d.kernelci.org/test/maestro:68a60e82233e484a3fa31580 history: > ✅ > ⚠️ Hardware: hp-14-db0003na-grunt - kselftest.cpufreq.suspend (x86_64_defconfig+lab-setup+x86-board+kselftest) last run: https://d.kernelci.org/test/maestro:68a60e81233e484a3fa3157a history: > ⚠️ > ✅ Hardware: imx8mp-evk - kselftest.alsa (defconfig+lab-setup+kselftest) last run: https://d.kernelci.org/test/maestro:68a6123a233e484a3fa33019 history: > ⚠️ > ❌ Hardware: imx8mp-verdin-nonwifi-dahlia - boot (defconfig+lab-setup+kselftest) last run: https://d.kernelci.org/test/maestro:68a61232233e484a3fa32fe3 history: > ✅ > ⚠️ - kselftest.alsa (defconfig+lab-setup+kselftest) last run: https://d.kernelci.org/test/maestro:68a6123a233e484a3fa3301c history: > ❌ > ⚠️ - kselftest.arm64 (defconfig+lab-setup+kselftest) last run: https://d.kernelci.org/test/maestro:68a61240233e484a3fa33041 history: > ✅ > ⚠️ - kselftest.device_error_logs (defconfig+lab-setup+kselftest) last run: https://d.kernelci.org/test/maestro:68a6124b233e484a3fa3308d history: > ❌ > ⚠️ - kselftest.dt (defconfig+lab-setup+kselftest) last run: https://d.kernelci.org/test/maestro:68a61256233e484a3fa330cf history: > ❌ > ⚠️ - kselftest.kvm (defconfig+arm64-chromebook+kselftest) last run: https://d.kernelci.org/test/maestro:68a60de4233e484a3fa313cb history: > ❌ > ⚠️ - kselftest.pkvm (defconfig+arm64-chromebook+kselftest) last run: https://d.kernelci.org/test/maestro:68a60de7233e484a3fa313da history: > ❌ > ⚠️ Hardware: lenovo-TPad-C13-Yoga-zork - tast (cros://chromeos-6.6/x86_64/chromeos-amd-stoneyridge.flavour.config+lab-setup+x86-board+CONFIG_MODULE_COMPRESS=n+CONFIG_MODULE_COMPRESS_NONE=y) last run: https://d.kernelci.org/test/maestro:68a60703233e484a3fa2ffec history: > ⚠️ > ⚠️ > ⚠️ > ⚠️ > ⚠️ Hardware: meson-g12b-a311d-libretech-cc - boot (defconfig+lab-setup+kselftest) last run: https://d.kernelci.org/test/maestro:68a61233233e484a3fa32fed history: > ✅ > ⚠️ Hardware: meson-sm1-s905d3-libretech-cc - boot (defconfig+lab-setup+kselftest) last run: https://d.kernelci.org/test/maestro:68a61234233e484a3fa32ff5 history: > ✅ > ⚠️ - kselftest.device_error_logs (defconfig+lab-setup+kselftest) last run: https://d.kernelci.org/test/maestro:68a6124f233e484a3fa3309f history: > ❌ > ⚠️ - kselftest.dt (defconfig+lab-setup+kselftest) last run: https://d.kernelci.org/test/maestro:68a61259233e484a3fa330e1 history: > ⚠️ > ❌ Hardware: mt8183-kukui-jacuzzi-juniper-sku16 - boot.nfs (defconfig+lab-setup+arm64-chromebook+CONFIG_MODULE_COMPRESS=n+CONFIG_MODULE_COMPRESS_NONE=y) last run: https://d.kernelci.org/test/maestro:68a60b88233e484a3fa3089d history: > ✅ > ⚠️ - kernelci_watchdog_reset (defconfig+lab-setup+arm64-chromebook+CONFIG_MODULE_COMPRESS=n+CONFIG_MODULE_COMPRESS_NONE=y) last run: https://d.kernelci.org/test/maestro:68a60c18233e484a3fa30965 history: > ⚠️ > ✅ - kselftest.cpufreq.hibernate (defconfig+lab-setup+arm64-chromebook+CONFIG_MODULE_COMPRESS=n+CONFIG_MODULE_COMPRESS_NONE=y) last run: https://d.kernelci.org/test/maestro:68a60bc9233e484a3fa30905 history: > ⚠️ > ✅ - kselftest.devices-probe (defconfig+lab-setup+arm64-chromebook+CONFIG_MODULE_COMPRESS=n+CONFIG_MODULE_COMPRESS_NONE=y) last run: https://d.kernelci.org/test/maestro:68a60bab233e484a3fa308d8 history: > ⚠️ > ✅ - kselftest.exec (defconfig+lab-setup+arm64-chromebook+CONFIG_MODULE_COMPRESS=n+CONFIG_MODULE_COMPRESS_NONE=y) last run: https://d.kernelci.org/test/maestro:68a60bfa233e484a3fa3093b history: > ⚠️ > ✅ Hardware: mt8395-genio-1200-evk - kselftest.dt (defconfig+lab-setup+kselftest) last run: https://d.kernelci.org/test/maestro:68a6125d233e484a3fa330f4 history: > ❌ > ⚠️ Hardware: rk3399-roc-pc - boot (defconfig+lab-setup+kselftest) last run: https://d.kernelci.org/test/maestro:68a61234233e484a3fa32ff8 history: > ⚠️ > ✅ - kselftest.arm64 (defconfig+lab-setup+kselftest) last run: https://d.kernelci.org/test/maestro:68a61243233e484a3fa33056 history: > ⚠️ > ⚠️ - kselftest.dt (defconfig+lab-setup+kselftest) last run: https://d.kernelci.org/test/maestro:68a6125a233e484a3fa330e4 history: > ⚠️ > ⚠️ Hardware: sc7180-trogdor-kingoftown - kselftest.cpufreq.suspend (defconfig+lab-setup+arm64-chromebook+CONFIG_MODULE_COMPRESS=n+CONFIG_MODULE_COMPRESS_NONE=y) last run: https://d.kernelci.org/test/maestro:68a60bd3233e484a3fa30911 history: > ✅ > ⚠️ Hardware: sun50i-h5-libretech-all-h3-cc - kselftest.alsa (defconfig+lab-setup+kselftest) last run: https://d.kernelci.org/test/maestro:68a6123d233e484a3fa3302c history: > ❌ > ⚠️ Sent every day if there were changes in the past 24 hours. Legend: ✅ PASS ❌ FAIL ⚠️ INCONCLUSIVE -- This is an experimental report format. Please send feedback in! Talk to us at kernelci(a)lists.linux.dev Made with love by the KernelCI team - https://kernelci.org

2 months, 3 weeks

1
0
0 0

[for-linus][PATCH 6/6] ftrace: Also allocate and copy hash for reading of filter files

by Steven Rostedt

From: Steven Rostedt <rostedt(a)goodmis.org> Currently the reader of set_ftrace_filter and set_ftrace_notrace just adds the pointer to the global tracer hash to its iterator. Unlike the writer that allocates a copy of the hash, the reader keeps the pointer to the filter hashes. This is problematic because this pointer is static across function calls that release the locks that can update the global tracer hashes. This can cause UAF and similar bugs. Allocate and copy the hash for reading the filter files like it is done for the writers. This not only fixes UAF bugs, but also makes the code a bit simpler as it doesn't have to differentiate when to free the iterator's hash between writers and readers. Cc: stable(a)vger.kernel.org Cc: Masami Hiramatsu <mhiramat(a)kernel.org> Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Link: https://lore.kernel.org/20250820091913.146b77ea@gandalf.local.home Fixes: c20489dad156 ("ftrace: Assign iter->hash to filter or notrace hashes on seq read") Closes: https://lore.kernel.org/all/20250813023044.2121943-1-wutengda@huaweicloud.c… Reported-by: Tengda Wu <wutengda(a)huaweicloud.com> Tested-by: Tengda Wu <wutengda(a)huaweicloud.com> Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- kernel/trace/ftrace.c | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c index 00b76d450a89..f992a5eb878e 100644 --- a/kernel/trace/ftrace.c +++ b/kernel/trace/ftrace.c @@ -4661,13 +4661,14 @@ ftrace_regex_open(struct ftrace_ops *ops, int flag, } else { iter->hash = alloc_and_copy_ftrace_hash(size_bits, hash); } + } else { + iter->hash = alloc_and_copy_ftrace_hash(hash->size_bits, hash); + } - if (!iter->hash) { - trace_parser_put(&iter->parser); - goto out_unlock; - } - } else - iter->hash = hash; + if (!iter->hash) { + trace_parser_put(&iter->parser); + goto out_unlock; + } ret = 0; @@ -6543,9 +6544,6 @@ int ftrace_regex_release(struct inode *inode, struct file *file) ftrace_hash_move_and_update_ops(iter->ops, orig_hash, iter->hash, filter_hash); mutex_unlock(&ftrace_lock); - } else { - /* For read only, the hash is the ops hash */ - iter->hash = NULL; } mutex_unlock(&iter->ops->func_hash->regex_lock); -- 2.50.1

2 months, 3 weeks

1
0
0 0

[for-linus][PATCH 3/6] tracing: Limit access to parser->buffer when trace_get_user failed

by Steven Rostedt

From: Pu Lehui <pulehui(a)huawei.com> When the length of the string written to set_ftrace_filter exceeds FTRACE_BUFF_MAX, the following KASAN alarm will be triggered: BUG: KASAN: slab-out-of-bounds in strsep+0x18c/0x1b0 Read of size 1 at addr ffff0000d00bd5ba by task ash/165 CPU: 1 UID: 0 PID: 165 Comm: ash Not tainted 6.16.0-g6bcdbd62bd56-dirty Hardware name: linux,dummy-virt (DT) Call trace: show_stack+0x34/0x50 (C) dump_stack_lvl+0xa0/0x158 print_address_description.constprop.0+0x88/0x398 print_report+0xb0/0x280 kasan_report+0xa4/0xf0 __asan_report_load1_noabort+0x20/0x30 strsep+0x18c/0x1b0 ftrace_process_regex.isra.0+0x100/0x2d8 ftrace_regex_release+0x484/0x618 __fput+0x364/0xa58 ____fput+0x28/0x40 task_work_run+0x154/0x278 do_notify_resume+0x1f0/0x220 el0_svc+0xec/0xf0 el0t_64_sync_handler+0xa0/0xe8 el0t_64_sync+0x1ac/0x1b0 The reason is that trace_get_user will fail when processing a string longer than FTRACE_BUFF_MAX, but not set the end of parser->buffer to 0. Then an OOB access will be triggered in ftrace_regex_release-> ftrace_process_regex->strsep->strpbrk. We can solve this problem by limiting access to parser->buffer when trace_get_user failed. Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/20250813040232.1344527-1-pulehui@huaweicloud.com Fixes: 8c9af478c06b ("ftrace: Handle commands when closing set_ftrace_filter file") Signed-off-by: Pu Lehui <pulehui(a)huawei.com> Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- kernel/trace/trace.c | 18 ++++++++++++------ kernel/trace/trace.h | 8 +++++++- 2 files changed, 19 insertions(+), 7 deletions(-) diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c index 4283ed4e8f59..8d8935ed416d 100644 --- a/kernel/trace/trace.c +++ b/kernel/trace/trace.c @@ -1816,7 +1816,7 @@ int trace_get_user(struct trace_parser *parser, const char __user *ubuf, ret = get_user(ch, ubuf++); if (ret) - return ret; + goto fail; read++; cnt--; @@ -1830,7 +1830,7 @@ int trace_get_user(struct trace_parser *parser, const char __user *ubuf, while (cnt && isspace(ch)) { ret = get_user(ch, ubuf++); if (ret) - return ret; + goto fail; read++; cnt--; } @@ -1848,12 +1848,14 @@ int trace_get_user(struct trace_parser *parser, const char __user *ubuf, while (cnt && !isspace(ch) && ch) { if (parser->idx < parser->size - 1) parser->buffer[parser->idx++] = ch; - else - return -EINVAL; + else { + ret = -EINVAL; + goto fail; + } ret = get_user(ch, ubuf++); if (ret) - return ret; + goto fail; read++; cnt--; } @@ -1868,11 +1870,15 @@ int trace_get_user(struct trace_parser *parser, const char __user *ubuf, /* Make sure the parsed string always terminates with '\0'. */ parser->buffer[parser->idx] = 0; } else { - return -EINVAL; + ret = -EINVAL; + goto fail; } *ppos += read; return read; +fail: + trace_parser_fail(parser); + return ret; } /* TODO add a seq_buf_to_buffer() */ diff --git a/kernel/trace/trace.h b/kernel/trace/trace.h index 1dbf1d3cf2f1..be6654899cae 100644 --- a/kernel/trace/trace.h +++ b/kernel/trace/trace.h @@ -1292,6 +1292,7 @@ bool ftrace_event_is_function(struct trace_event_call *call); */ struct trace_parser { bool cont; + bool fail; char *buffer; unsigned idx; unsigned size; @@ -1299,7 +1300,7 @@ struct trace_parser { static inline bool trace_parser_loaded(struct trace_parser *parser) { - return (parser->idx != 0); + return !parser->fail && parser->idx != 0; } static inline bool trace_parser_cont(struct trace_parser *parser) @@ -1313,6 +1314,11 @@ static inline void trace_parser_clear(struct trace_parser *parser) parser->idx = 0; } +static inline void trace_parser_fail(struct trace_parser *parser) +{ + parser->fail = true; +} + extern int trace_parser_get_init(struct trace_parser *parser, int size); extern void trace_parser_put(struct trace_parser *parser); extern int trace_get_user(struct trace_parser *parser, const char __user *ubuf, -- 2.50.1

2 months, 3 weeks

1
0
0 0

+ ocfs2-prevent-release-journal-inode-after-journal-shutdown.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: ocfs2: prevent release journal inode after journal shutdown has been added to the -mm mm-hotfixes-unstable branch. Its filename is ocfs2-prevent-release-journal-inode-after-journal-shutdown.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Edward Adam Davis <eadavis(a)qq.com> Subject: ocfs2: prevent release journal inode after journal shutdown Date: Tue, 19 Aug 2025 21:41:02 +0800 Before calling ocfs2_delete_osb(), ocfs2_journal_shutdown() has already been executed in ocfs2_dismount_volume(), so osb->journal must be NULL. Therefore, the following calltrace will inevitably fail when it reaches jbd2_journal_release_jbd_inode(). ocfs2_dismount_volume()-> ocfs2_delete_osb()-> ocfs2_free_slot_info()-> __ocfs2_free_slot_info()-> evict()-> ocfs2_evict_inode()-> ocfs2_clear_inode()-> jbd2_journal_release_jbd_inode(osb->journal->j_journal, Adding osb->journal checks will prevent null-ptr-deref during the above execution path. Link: https://lkml.kernel.org/r/tencent_357489BEAEE4AED74CBD67D246DBD2C4C606@qq.c… Fixes: da5e7c87827e ("ocfs2: cleanup journal init and shutdown") Signed-off-by: Edward Adam Davis <eadavis(a)qq.com> Reported-by: syzbot+47d8cb2f2cc1517e515a(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=47d8cb2f2cc1517e515a Tested-by: syzbot+47d8cb2f2cc1517e515a(a)syzkaller.appspotmail.com Reviewed-by: Mark Tinguely <mark.tinguely(a)oracle.com> Reviewed-by: Joseph Qi <joseph.qi(a)linux.alibaba.com> Cc: Mark Fasheh <mark(a)fasheh.com> Cc: Joel Becker <jlbec(a)evilplan.org> Cc: Junxiao Bi <junxiao.bi(a)oracle.com> Cc: Changwei Ge <gechangwei(a)live.cn> Cc: Jun Piao <piaojun(a)huawei.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/ocfs2/inode.c | 3 +++ 1 file changed, 3 insertions(+) --- a/fs/ocfs2/inode.c~ocfs2-prevent-release-journal-inode-after-journal-shutdown +++ a/fs/ocfs2/inode.c @@ -1281,6 +1281,9 @@ static void ocfs2_clear_inode(struct ino * the journal is flushed before journal shutdown. Thus it is safe to * have inodes get cleaned up after journal shutdown. */ + if (!osb->journal) + return; + jbd2_journal_release_jbd_inode(osb->journal->j_journal, &oi->ip_jinode); } _ Patches currently in -mm which might be from eadavis(a)qq.com are ocfs2-prevent-release-journal-inode-after-journal-shutdown.patch

2 months, 3 weeks

1
0
0 0

Re: Patch "rtc: ds1307: remove clear of oscillator stop flag (OSF) in probe" has been added to the 5.4-stable tree

by Meagan Lloyd

On 8/17/2025 8:48 AM, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > rtc: ds1307: remove clear of oscillator stop flag (OSF) in probe > > to the 5.4-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… Hi Sasha, FYI, patch 2/2 of the series wasn't applied to 5.4, but was applied to all the other trees. "rtc: ds1307: handle oscillator stop flag (OSF) for ds1341" [PATCH 2/2] rtc: ds1307: handle oscillator stop flag (OSF) for ds1341 - Meagan Lloyd <https://lore.kernel.org/all/1749665656-30108-3-git-send-email-meaganlloyd@l…> (upstream commit 523923cfd5d622b8f4ba893fdaf29fa6adeb8c3e) Thank you, Meagan

2 months, 3 weeks

2
2
0 0

Linux 6.15.11

by Greg Kroah-Hartman

Note, this is the LAST 6.15.y kernel release, this branch is now end-of-life. Please move to the 6.16.y kernel branch at this point in time. I'm announcing the release of the 6.15.11 kernel. All users of the 6.15 kernel series must upgrade. The updated 6.15.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.15.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/filesystems/fscrypt.rst | 37 Documentation/firmware-guide/acpi/i2c-muxes.rst | 8 Documentation/sphinx/kernel_abi.py | 6 Makefile | 2 arch/arm/mach-rockchip/platsmp.c | 15 arch/arm/mach-tegra/reset.c | 2 arch/arm64/boot/dts/ti/k3-j722s-evm.dts | 2 arch/arm64/include/asm/acpi.h | 2 arch/arm64/kernel/acpi.c | 10 arch/arm64/kernel/stacktrace.c | 2 arch/arm64/kernel/traps.c | 1 arch/arm64/mm/fault.c | 1 arch/arm64/mm/ptdump_debugfs.c | 3 arch/loongarch/kernel/env.c | 13 arch/loongarch/kernel/relocate_kernel.S | 2 arch/loongarch/kernel/unwind_orc.c | 2 arch/loongarch/net/bpf_jit.c | 21 arch/loongarch/vdso/Makefile | 2 arch/mips/include/asm/vpe.h | 8 arch/mips/kernel/process.c | 16 arch/mips/lantiq/falcon/sysctrl.c | 23 arch/parisc/Makefile | 2 arch/powerpc/include/asm/floppy.h | 5 arch/powerpc/platforms/512x/mpc512x_lpbfifo.c | 6 arch/riscv/boot/dts/thead/th1520.dtsi | 10 arch/riscv/mm/ptdump.c | 3 arch/s390/include/asm/timex.h | 13 arch/s390/kernel/early.c | 1 arch/s390/kernel/time.c | 2 arch/s390/mm/dump_pagetables.c | 2 arch/um/include/asm/thread_info.h | 4 arch/um/kernel/process.c | 20 arch/x86/include/asm/kvm_host.h | 6 arch/x86/kernel/cpu/bugs.c | 5 arch/x86/kvm/svm/svm.c | 4 arch/x86/kvm/vmx/nested.c | 18 arch/x86/kvm/vmx/pmu_intel.c | 8 arch/x86/kvm/vmx/vmx.c | 41 arch/x86/kvm/vmx/vmx.h | 13 arch/x86/kvm/vmx/x86_ops.h | 2 arch/x86/kvm/x86.c | 11 block/bfq-iosched.c | 35 block/bfq-iosched.h | 3 block/blk-mq.c | 6 block/blk-settings.c | 2 block/blk-zoned.c | 20 block/kyber-iosched.c | 9 block/mq-deadline.c | 16 crypto/jitterentropy-kcapi.c | 9 drivers/accel/habanalabs/common/memory.c | 23 drivers/acpi/acpi_processor.c | 2 drivers/acpi/apei/ghes.c | 13 drivers/acpi/prmt.c | 26 drivers/acpi/processor_perflib.c | 11 drivers/android/binder_alloc_selftest.c | 2 drivers/ata/ahci.c | 12 drivers/ata/ata_piix.c | 1 drivers/ata/libahci.c | 1 drivers/ata/libata-sata.c | 52 drivers/base/power/runtime.c | 5 drivers/block/drbd/drbd_receiver.c | 6 drivers/block/loop.c | 38 drivers/block/sunvdc.c | 4 drivers/bluetooth/btusb.c | 3 drivers/bus/mhi/host/pci_generic.c | 20 drivers/char/ipmi/ipmi_msghandler.c | 8 drivers/char/ipmi/ipmi_watchdog.c | 59 drivers/char/misc.c | 4 drivers/char/tpm/tpm-interface.c | 17 drivers/char/tpm/tpm_crb_ffa.c | 19 drivers/clk/qcom/dispcc-sm8750.c | 10 drivers/clk/qcom/gcc-ipq5018.c | 2 drivers/clk/qcom/gcc-ipq8074.c | 6 drivers/clk/renesas/rzg2l-cpg.c | 8 drivers/clk/samsung/clk-exynos850.c | 2 drivers/clk/samsung/clk-gs101.c | 4 drivers/clk/tegra/clk-periph.c | 4 drivers/clk/thead/clk-th1520-ap.c | 5 drivers/comedi/comedi_fops.c | 31 drivers/comedi/comedi_internal.h | 1 drivers/comedi/drivers.c | 13 drivers/cpufreq/cppc_cpufreq.c | 2 drivers/cpufreq/cpufreq.c | 8 drivers/cpufreq/intel_pstate.c | 2 drivers/cpuidle/governors/menu.c | 21 drivers/crypto/ccp/sp-pci.c | 1 drivers/crypto/hisilicon/hpre/hpre_crypto.c | 8 drivers/crypto/marvell/octeontx2/otx2_cptpf_ucode.c | 16 drivers/devfreq/governor_userspace.c | 6 drivers/dma/stm32/stm32-dma.c | 2 drivers/edac/synopsys_edac.c | 97 drivers/firmware/arm_ffa/driver.c | 2 drivers/firmware/arm_scmi/scmi_power_control.c | 22 drivers/firmware/tegra/Kconfig | 5 drivers/gpio/gpio-loongson-64bit.c | 6 drivers/gpio/gpio-mlxbf2.c | 2 drivers/gpio/gpio-mlxbf3.c | 54 drivers/gpio/gpio-tps65912.c | 7 drivers/gpio/gpio-virtio.c | 9 drivers/gpio/gpio-wcd934x.c | 7 drivers/gpu/drm/amd/amdgpu/aldebaran.c | 33 drivers/gpu/drm/amd/amdgpu/amdgpu_cper.c | 6 drivers/gpu/drm/amd/amdgpu/amdgpu_csa.c | 4 drivers/gpu/drm/amd/amdgpu/amdgpu_ras_eeprom.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_vram_mgr.c | 3 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 28 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_psr.c | 6 drivers/gpu/drm/amd/display/dc/core/dc.c | 12 drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c | 11 drivers/gpu/drm/amd/display/dc/link/link_dpms.c | 3 drivers/gpu/drm/amd/display/dc/mpc/dcn401/dcn401_mpc.c | 2 drivers/gpu/drm/amd/display/dc/resource/dcn314/dcn314_resource.c | 1 drivers/gpu/drm/amd/display/dmub/src/dmub_dcn35.c | 16 drivers/gpu/drm/amd/pm/amdgpu_pm.c | 5 drivers/gpu/drm/amd/pm/swsmu/smu11/vangogh_ppt.c | 37 drivers/gpu/drm/clients/drm_client_setup.c | 5 drivers/gpu/drm/i915/display/intel_psr.c | 14 drivers/gpu/drm/imagination/pvr_power.c | 59 drivers/gpu/drm/msm/Makefile | 5 drivers/gpu/drm/msm/adreno/a6xx_catalog.c | 2 drivers/gpu/drm/msm/adreno/a6xx_gpu.h | 4 drivers/gpu/drm/msm/adreno/a6xx_gpu_state.c | 2 drivers/gpu/drm/msm/adreno/a6xx_gpu_state.h | 2 drivers/gpu/drm/msm/adreno/a6xx_preempt.c | 2 drivers/gpu/drm/msm/adreno/adreno_gen7_9_0_snapshot.h | 4 drivers/gpu/drm/msm/msm_drv.c | 9 drivers/gpu/drm/msm/msm_gem.c | 3 drivers/gpu/drm/msm/msm_gem.h | 6 drivers/gpu/drm/msm/registers/adreno/a6xx.xml | 3582 +--------- drivers/gpu/drm/msm/registers/adreno/a6xx_descriptors.xml | 198 drivers/gpu/drm/msm/registers/adreno/a6xx_enums.xml | 383 + drivers/gpu/drm/msm/registers/adreno/a6xx_perfcntrs.xml | 600 + drivers/gpu/drm/msm/registers/adreno/a7xx_enums.xml | 223 drivers/gpu/drm/msm/registers/adreno/a7xx_perfcntrs.xml | 1030 ++ drivers/gpu/drm/msm/registers/adreno/adreno_pm4.xml | 302 drivers/gpu/drm/panel/panel-raydium-rm67200.c | 22 drivers/gpu/drm/renesas/rz-du/rzg2l_mipi_dsi.c | 3 drivers/gpu/drm/scheduler/sched_main.c | 34 drivers/gpu/drm/ttm/ttm_pool.c | 8 drivers/gpu/drm/ttm/ttm_resource.c | 3 drivers/gpu/drm/xe/xe_guc_exec_queue_types.h | 2 drivers/gpu/drm/xe/xe_guc_submit.c | 7 drivers/gpu/drm/xe/xe_hw_fence.c | 3 drivers/gpu/drm/xe/xe_query.c | 27 drivers/hid/hid-core.c | 4 drivers/hid/hid-magicmouse.c | 56 drivers/hwmon/emc2305.c | 10 drivers/i2c/i2c-core-acpi.c | 1 drivers/i3c/internals.h | 1 drivers/i3c/master.c | 4 drivers/idle/intel_idle.c | 2 drivers/iio/adc/ad7768-1.c | 23 drivers/iio/adc/ad_sigma_delta.c | 2 drivers/infiniband/core/nldev.c | 22 drivers/infiniband/hw/bnxt_re/ib_verbs.c | 2 drivers/infiniband/hw/hfi1/affinity.c | 44 drivers/infiniband/sw/siw/siw_qp_tx.c | 5 drivers/iommu/arm/arm-smmu/arm-smmu-qcom.c | 1 drivers/iommu/intel/iommu.c | 19 drivers/iommu/intel/iommu.h | 3 drivers/iommu/iommufd/io_pagetable.c | 48 drivers/irqchip/irq-mips-gic.c | 8 drivers/irqchip/irq-renesas-rzv2h.c | 4 drivers/leds/flash/leds-qcom-flash.c | 15 drivers/leds/leds-lp50xx.c | 11 drivers/leds/trigger/ledtrig-netdev.c | 16 drivers/md/dm-ps-historical-service-time.c | 4 drivers/md/dm-ps-queue-length.c | 4 drivers/md/dm-ps-round-robin.c | 4 drivers/md/dm-ps-service-time.c | 4 drivers/md/dm-stripe.c | 1 drivers/md/dm-table.c | 10 drivers/md/dm-zoned-target.c | 2 drivers/md/dm.c | 37 drivers/md/raid10.c | 1 drivers/media/dvb-frontends/dib7000p.c | 8 drivers/media/i2c/hi556.c | 7 drivers/media/i2c/lt6911uxe.c | 2 drivers/media/i2c/tc358743.c | 86 drivers/media/pci/intel/ipu-bridge.c | 2 drivers/media/platform/qcom/iris/iris_buffer.c | 11 drivers/media/platform/qcom/iris/iris_hfi_gen1_defines.h | 2 drivers/media/platform/qcom/iris/iris_hfi_gen1_response.c | 6 drivers/media/platform/qcom/venus/hfi_msgs.c | 83 drivers/media/platform/raspberrypi/rp1-cfe/cfe.c | 4 drivers/media/usb/hdpvr/hdpvr-i2c.c | 6 drivers/media/usb/uvc/uvc_ctrl.c | 55 drivers/media/usb/uvc/uvc_driver.c | 12 drivers/media/usb/uvc/uvc_video.c | 21 drivers/media/usb/uvc/uvcvideo.h | 2 drivers/media/v4l2-core/v4l2-common.c | 14 drivers/mfd/axp20x.c | 3 drivers/mfd/cros_ec_dev.c | 10 drivers/misc/cardreader/rtsx_usb.c | 16 drivers/misc/mei/bus.c | 6 drivers/mmc/host/rtsx_usb_sdmmc.c | 4 drivers/mmc/host/sdhci-msm.c | 14 drivers/net/can/ti_hecc.c | 2 drivers/net/dsa/b53/b53_common.c | 78 drivers/net/dsa/b53/b53_regs.h | 7 drivers/net/ethernet/agere/et131x.c | 36 drivers/net/ethernet/aquantia/atlantic/aq_hw.h | 2 drivers/net/ethernet/aquantia/atlantic/hw_atl2/hw_atl2_utils_fw.c | 39 drivers/net/ethernet/atheros/ag71xx.c | 9 drivers/net/ethernet/broadcom/bnxt/bnxt.c | 9 drivers/net/ethernet/cavium/thunder/thunder_bgx.c | 4 drivers/net/ethernet/emulex/benet/be_main.c | 8 drivers/net/ethernet/faraday/ftgmac100.c | 7 drivers/net/ethernet/freescale/dpaa/dpaa_eth.c | 2 drivers/net/ethernet/freescale/dpaa/dpaa_ethtool.c | 4 drivers/net/ethernet/freescale/enetc/enetc_pf.c | 14 drivers/net/ethernet/freescale/fec_main.c | 34 drivers/net/ethernet/freescale/gianfar_ethtool.c | 4 drivers/net/ethernet/google/gve/gve_adminq.c | 1 drivers/net/ethernet/hisilicon/hibmcge/hbg_err.c | 14 drivers/net/ethernet/hisilicon/hibmcge/hbg_hw.c | 15 drivers/net/ethernet/hisilicon/hibmcge/hbg_txrx.h | 7 drivers/net/ethernet/intel/idpf/idpf.h | 19 drivers/net/ethernet/intel/idpf/idpf_ethtool.c | 36 drivers/net/ethernet/intel/idpf/idpf_lib.c | 18 drivers/net/ethernet/intel/idpf/idpf_main.c | 1 drivers/net/ethernet/intel/idpf/idpf_txrx.c | 13 drivers/net/ethernet/mediatek/mtk_wed.c | 1 drivers/net/ethernet/mellanox/mlx5/core/en/qos.c | 2 drivers/net/ethernet/pensando/ionic/ionic_lif.c | 7 drivers/net/ethernet/stmicro/stmmac/dwmac-thead.c | 14 drivers/net/ethernet/ti/icssg/icss_iep.c | 26 drivers/net/ethernet/ti/icssg/icssg_prueth.c | 6 drivers/net/hamradio/bpqether.c | 2 drivers/net/hyperv/hyperv_net.h | 3 drivers/net/hyperv/netvsc_drv.c | 29 drivers/net/pcs/pcs-xpcs-plat.c | 4 drivers/net/phy/broadcom.c | 25 drivers/net/phy/micrel.c | 12 drivers/net/phy/smsc.c | 1 drivers/net/thunderbolt/main.c | 21 drivers/net/usb/asix_devices.c | 1 drivers/net/usb/cdc_ncm.c | 20 drivers/net/usb/qmi_wwan.c | 1 drivers/net/wan/lapbether.c | 2 drivers/net/wireless/ath/ath10k/core.c | 48 drivers/net/wireless/ath/ath10k/core.h | 11 drivers/net/wireless/ath/ath10k/mac.c | 7 drivers/net/wireless/ath/ath10k/wmi.c | 6 drivers/net/wireless/ath/ath12k/core.h | 4 drivers/net/wireless/ath/ath12k/dp.c | 3 drivers/net/wireless/ath/ath12k/hw.c | 2 drivers/net/wireless/ath/ath12k/mac.c | 77 drivers/net/wireless/ath/ath12k/wmi.c | 5 drivers/net/wireless/ath/ath12k/wmi.h | 1 drivers/net/wireless/intel/iwlegacy/4965-mac.c | 5 drivers/net/wireless/intel/iwlwifi/dvm/rs.c | 2 drivers/net/wireless/intel/iwlwifi/fw/dbg.c | 7 drivers/net/wireless/intel/iwlwifi/mld/agg.c | 5 drivers/net/wireless/intel/iwlwifi/mld/iface.h | 3 drivers/net/wireless/intel/iwlwifi/mld/link.c | 8 drivers/net/wireless/intel/iwlwifi/mld/mac80211.c | 1 drivers/net/wireless/intel/iwlwifi/mld/mlo.c | 8 drivers/net/wireless/intel/iwlwifi/mld/scan.c | 2 drivers/net/wireless/intel/iwlwifi/mld/scan.h | 2 drivers/net/wireless/intel/iwlwifi/mvm/d3.c | 2 drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c | 5 drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 2 drivers/net/wireless/mediatek/mt76/channel.c | 4 drivers/net/wireless/mediatek/mt76/mt76.h | 5 drivers/net/wireless/mediatek/mt76/mt7915/mcu.c | 28 drivers/net/wireless/mediatek/mt76/mt7996/mac.c | 4 drivers/net/wireless/realtek/rtlwifi/pci.c | 23 drivers/net/wireless/realtek/rtw89/chan.c | 6 drivers/net/wireless/realtek/rtw89/coex.c | 12 drivers/net/wireless/realtek/rtw89/core.c | 3 drivers/net/wireless/realtek/rtw89/fw.c | 9 drivers/net/wireless/realtek/rtw89/fw.h | 2 drivers/net/wireless/realtek/rtw89/mac.c | 19 drivers/net/wireless/realtek/rtw89/reg.h | 1 drivers/net/wireless/realtek/rtw89/wow.c | 5 drivers/net/xen-netfront.c | 5 drivers/nvme/host/pci.c | 24 drivers/nvme/host/tcp.c | 11 drivers/pci/pci-acpi.c | 4 drivers/pci/pci.c | 6 drivers/pci/probe.c | 2 drivers/perf/arm-cmn.c | 1 drivers/perf/arm-ni.c | 1 drivers/perf/cxl_pmu.c | 2 drivers/phy/rockchip/phy-rockchip-pcie.c | 15 drivers/pinctrl/stm32/pinctrl-stm32.c | 1 drivers/platform/chrome/cros_ec_sensorhub.c | 23 drivers/platform/chrome/cros_ec_typec.c | 4 drivers/platform/x86/amd/pmc/pmc-quirks.c | 9 drivers/platform/x86/thinkpad_acpi.c | 4 drivers/pmdomain/imx/imx8m-blk-ctrl.c | 10 drivers/pmdomain/ti/Kconfig | 2 drivers/power/supply/qcom_battmgr.c | 2 drivers/pps/clients/pps-gpio.c | 5 drivers/ptp/ptp_clock.c | 2 drivers/ptp/ptp_private.h | 5 drivers/ptp/ptp_vclock.c | 7 drivers/remoteproc/imx_rproc.c | 4 drivers/reset/Kconfig | 10 drivers/rtc/rtc-ds1307.c | 15 drivers/s390/char/sclp.c | 4 drivers/scsi/aacraid/comminit.c | 3 drivers/scsi/bfa/bfad_im.c | 1 drivers/scsi/libiscsi.c | 3 drivers/scsi/lpfc/lpfc_debugfs.c | 1 drivers/scsi/lpfc/lpfc_hbadisc.c | 3 drivers/scsi/lpfc/lpfc_scsi.c | 4 drivers/scsi/mpi3mr/mpi3mr_os.c | 20 drivers/scsi/mpt3sas/mpt3sas_scsih.c | 19 drivers/scsi/pm8001/pm80xx_hwi.c | 12 drivers/scsi/scsi_scan.c | 2 drivers/scsi/scsi_transport_sas.c | 60 drivers/soc/qcom/mdt_loader.c | 10 drivers/soc/qcom/rpmh-rsc.c | 2 drivers/soundwire/amd_manager.c | 7 drivers/soundwire/bus.c | 6 drivers/staging/gpib/ni_usb/ni_usb_gpib.c | 14 drivers/target/target_core_fabric_lib.c | 63 drivers/target/target_core_internal.h | 4 drivers/target/target_core_pr.c | 18 drivers/thermal/qcom/qcom-spmi-temp-alarm.c | 43 drivers/thermal/thermal_sysfs.c | 9 drivers/thunderbolt/domain.c | 2 drivers/tty/serial/serial_core.c | 44 drivers/usb/class/cdc-acm.c | 11 drivers/usb/core/config.c | 10 drivers/usb/core/urb.c | 2 drivers/usb/dwc3/dwc3-xilinx.c | 1 drivers/usb/host/xhci-mem.c | 2 drivers/usb/host/xhci-ring.c | 10 drivers/usb/host/xhci.c | 6 drivers/usb/typec/mux/intel_pmc_mux.c | 2 drivers/usb/typec/tcpm/fusb302.c | 8 drivers/usb/typec/tcpm/tcpci_maxim_core.c | 46 drivers/usb/typec/ucsi/cros_ec_ucsi.c | 1 drivers/usb/typec/ucsi/psy.c | 2 drivers/usb/typec/ucsi/ucsi.c | 1 drivers/usb/typec/ucsi/ucsi.h | 7 drivers/vfio/pci/mlx5/cmd.c | 4 drivers/vfio/vfio_iommu_type1.c | 7 drivers/vhost/vhost.c | 3 drivers/video/fbdev/Kconfig | 2 drivers/video/fbdev/core/fbcon.c | 9 drivers/video/fbdev/core/fbmem.c | 3 drivers/virt/coco/efi_secret/efi_secret.c | 10 drivers/watchdog/dw_wdt.c | 2 drivers/watchdog/iTCO_wdt.c | 6 drivers/watchdog/sbsa_gwdt.c | 50 fs/btrfs/block-group.c | 31 fs/btrfs/ctree.c | 1 fs/btrfs/extent-tree.c | 33 fs/btrfs/inode.c | 2 fs/btrfs/ioctl.c | 3 fs/btrfs/qgroup.c | 44 fs/btrfs/relocation.c | 19 fs/btrfs/send.c | 33 fs/btrfs/transaction.c | 6 fs/btrfs/tree-log.c | 107 fs/btrfs/zoned.c | 5 fs/crypto/fscrypt_private.h | 17 fs/crypto/hkdf.c | 2 fs/crypto/keysetup.c | 3 fs/crypto/keysetup_v1.c | 3 fs/erofs/super.c | 4 fs/eventpoll.c | 60 fs/exfat/dir.c | 12 fs/exfat/fatent.c | 10 fs/exfat/namei.c | 5 fs/exfat/super.c | 32 fs/ext2/inode.c | 12 fs/ext4/inline.c | 19 fs/ext4/mballoc-test.c | 9 fs/ext4/mballoc.c | 67 fs/f2fs/file.c | 24 fs/fhandle.c | 2 fs/file.c | 15 fs/gfs2/dir.c | 6 fs/gfs2/glops.c | 6 fs/gfs2/meta_io.c | 2 fs/hfs/bfind.c | 3 fs/hfs/bnode.c | 93 fs/hfs/btree.c | 57 fs/hfs/extent.c | 2 fs/hfs/hfs_fs.h | 1 fs/hfsplus/bnode.c | 92 fs/hfsplus/unicode.c | 7 fs/hfsplus/xattr.c | 6 fs/jfs/file.c | 3 fs/jfs/inode.c | 2 fs/jfs/jfs_dmap.c | 6 fs/libfs.c | 4 fs/nfs/blocklayout/blocklayout.c | 4 fs/nfs/blocklayout/dev.c | 5 fs/nfs/blocklayout/extent_tree.c | 20 fs/nfs/client.c | 44 fs/nfs/internal.h | 2 fs/nfs/nfs4client.c | 20 fs/nfs/nfs4proc.c | 2 fs/nfs/pnfs.c | 11 fs/nfsd/nfs4state.c | 34 fs/ntfs3/dir.c | 3 fs/ntfs3/inode.c | 31 fs/ocfs2/aops.c | 1 fs/orangefs/orangefs-debugfs.c | 2 fs/pidfs.c | 2 fs/proc/task_mmu.c | 6 fs/smb/client/cifsencrypt.c | 79 fs/smb/client/cifssmb.c | 10 fs/smb/client/compress.c | 71 fs/smb/client/connect.c | 1 fs/smb/client/sess.c | 9 fs/smb/client/smb2ops.c | 11 fs/smb/client/smbdirect.c | 25 fs/smb/server/smb2pdu.c | 16 fs/tracefs/inode.c | 11 fs/udf/super.c | 13 fs/xfs/scrub/trace.h | 2 include/drm/gpu_scheduler.h | 18 include/linux/acpi.h | 2 include/linux/blk_types.h | 6 include/linux/blkdev.h | 55 include/linux/hid.h | 2 include/linux/hypervisor.h | 3 include/linux/if_vlan.h | 21 include/linux/libata.h | 1 include/linux/memory-tiers.h | 2 include/linux/packing.h | 6 include/linux/pci.h | 6 include/linux/sbitmap.h | 6 include/linux/skbuff.h | 8 include/linux/usb/cdc_ncm.h | 1 include/linux/virtio_vsock.h | 7 include/net/bluetooth/hci.h | 6 include/net/bluetooth/hci_core.h | 5 include/net/cfg80211.h | 2 include/net/ip_vs.h | 13 include/net/kcm.h | 1 include/net/mac80211.h | 4 include/net/page_pool/types.h | 2 include/sound/sdca_function.h | 2 include/trace/events/thp.h | 2 include/uapi/linux/in6.h | 4 include/uapi/linux/io_uring.h | 2 io_uring/memmap.c | 2 io_uring/net.c | 27 io_uring/rsrc.c | 4 io_uring/rsrc.h | 2 io_uring/rw.c | 2 kernel/.gitignore | 2 kernel/Makefile | 47 kernel/bpf/verifier.c | 7 kernel/gen_kheaders.sh | 94 kernel/kthread.c | 1 kernel/module/main.c | 10 kernel/power/console.c | 7 kernel/printk/nbcon.c | 63 kernel/rcu/rcutorture.c | 9 kernel/rcu/tree.c | 2 kernel/rcu/tree.h | 14 kernel/rcu/tree_nocb.h | 5 kernel/rcu/tree_plugin.h | 44 kernel/sched/deadline.c | 4 kernel/sched/fair.c | 19 kernel/sched/rt.c | 6 kernel/trace/fprobe.c | 4 kernel/trace/rv/rv_trace.h | 3 lib/sbitmap.c | 56 mm/damon/core.c | 1 mm/huge_memory.c | 7 mm/kmemleak.c | 10 mm/ptdump.c | 2 mm/shmem.c | 39 mm/slub.c | 7 mm/userfaultfd.c | 17 net/bluetooth/hci_conn.c | 3 net/bluetooth/hci_event.c | 39 net/bluetooth/hci_sock.c | 2 net/core/ieee8021q_helpers.c | 44 net/core/page_pool.c | 29 net/ipv4/route.c | 1 net/ipv4/udp_offload.c | 2 net/ipv6/addrconf.c | 7 net/ipv6/mcast.c | 11 net/kcm/kcmsock.c | 10 net/mac80211/chan.c | 1 net/mac80211/ht.c | 40 net/mac80211/ieee80211_i.h | 6 net/mac80211/iface.c | 29 net/mac80211/link.c | 9 net/mac80211/mlme.c | 45 net/mac80211/rx.c | 47 net/mctp/af_mctp.c | 26 net/ncsi/internal.h | 2 net/ncsi/ncsi-rsp.c | 1 net/netfilter/ipvs/ip_vs_est.c | 3 net/netfilter/nf_conntrack_netlink.c | 24 net/netfilter/nft_set_pipapo.c | 9 net/netlink/af_netlink.c | 2 net/sched/sch_ets.c | 11 net/sctp/input.c | 2 net/tls/tls.h | 2 net/tls/tls_strp.c | 11 net/tls/tls_sw.c | 3 net/vmw_vsock/virtio_transport.c | 2 net/wireless/mlme.c | 3 net/xfrm/xfrm_device.c | 9 net/xfrm/xfrm_state.c | 72 rust/Makefile | 16 samples/damon/wsse.c | 12 scripts/kconfig/gconf.c | 8 scripts/kconfig/lxdialog/inputbox.c | 6 scripts/kconfig/lxdialog/menubox.c | 2 scripts/kconfig/nconf.c | 2 scripts/kconfig/nconf.gui.c | 1 security/apparmor/domain.c | 52 security/apparmor/file.c | 6 security/apparmor/include/lib.h | 6 security/inode.c | 2 security/landlock/syscalls.c | 1 sound/core/pcm_native.c | 19 sound/pci/hda/cs35l41_hda.c | 2 sound/pci/hda/cs35l56_hda.c | 4 sound/pci/hda/hda_codec.c | 42 sound/pci/hda/patch_ca0132.c | 2 sound/pci/hda/patch_realtek.c | 3 sound/pci/intel8x0.c | 2 sound/soc/codecs/hdac_hdmi.c | 10 sound/soc/codecs/rt5640.c | 5 sound/soc/fsl/fsl_sai.c | 20 sound/soc/intel/avs/core.c | 3 sound/soc/intel/boards/sof_sdw.c | 8 sound/soc/qcom/lpass-platform.c | 27 sound/soc/sdca/sdca_functions.c | 2 sound/soc/soc-core.c | 3 sound/soc/soc-dapm.c | 4 sound/soc/sof/topology.c | 15 sound/usb/mixer_quirks.c | 14 sound/usb/stream.c | 25 sound/usb/validate.c | 12 tools/bpf/bpftool/main.c | 6 tools/include/nolibc/std.h | 4 tools/include/nolibc/types.h | 4 tools/lib/bpf/libbpf.c | 7 tools/power/cpupower/utils/idle_monitor/mperf_monitor.c | 4 tools/power/x86/turbostat/turbostat.c | 14 tools/scripts/Makefile.include | 4 tools/testing/ktest/ktest.pl | 5 tools/testing/selftests/arm64/fp/sve-ptrace.c | 3 tools/testing/selftests/bpf/prog_tests/ringbuf.c | 4 tools/testing/selftests/bpf/prog_tests/user_ringbuf.c | 10 tools/testing/selftests/bpf/progs/test_ringbuf_write.c | 4 tools/testing/selftests/bpf/progs/verifier_unpriv.c | 2 tools/testing/selftests/ftrace/test.d/ftrace/func-filter-glob.tc | 2 tools/testing/selftests/futex/include/futextest.h | 11 tools/testing/selftests/net/netfilter/config | 2 tools/testing/selftests/vDSO/vdso_test_getrandom.c | 6 tools/verification/dot2/dot2k.py | 3 tools/verification/dot2/dot2k_templates/Kconfig_container | 5 559 files changed, 8142 insertions(+), 5038 deletions(-) Aakash Kumar S (1): xfrm: Duplicate SPI Handling Aaron Kling (1): ARM: tegra: Use I/O memcpy to write to IRAM Aaron Plattner (1): watchdog: sbsa: Adjust keepalive timeout to avoid MediaTek WS0 race condition Abel Vesa (1): power: supply: qcom_battmgr: Add lithium-polymer entry Aditya Garg (1): HID: magicmouse: avoid setting up battery timer when not needed Ahmed Zaki (1): idpf: preserve coalescing settings across resets Al Viro (5): habanalabs: fix UAF in export_dmabuf() better lockdep annotations for simple_recursive_removal() landlock: opened file never has a negative dentry fix locking in efi_secret_unlink() securityfs: don't pin dentries twice, once is enough... Alessio Belle (1): drm/imagination: Clear runtime PM errors while resetting the GPU Alex Guo (2): media: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090p_rw_on_apb() media: dvb-frontends: w7090p: fix null-ptr-deref in w7090p_tuner_write_serpar and w7090p_tuner_read_serpar Alex Hung (1): drm/amd/display: Initialize mode_select to 0 Alexander Kochetkov (1): ARM: rockchip: fix kernel hang during smp initialization Alexey Klimov (1): iommu/arm-smmu-qcom: Add SM6115 MDSS compatible Alok Tiwari (6): net: ti: icss-iep: Fix incorrect type for return value in extts_enable() ALSA: intel8x0: Fix incorrect codec index usage in mixer for ICH4 be2net: Use correct byte order and format string for TCP seq and ack_seq net: thunderx: Fix format-truncation warning in bgx_acpi_match_id() perf/cxlpmu: Remove unintended newline from IRQ name format string gve: Return error for unknown admin queue command Amelie Delaunay (1): dmaengine: stm32-dma: configure next sg only if there are more than 2 sgs Amir Mohammad Jahangirzad (1): fs/orangefs: use snprintf() instead of sprintf() Andrew Price (2): gfs2: Validate i_depth for exhash directories gfs2: Set .migrate_folio in gfs2_{rgrp,meta}_aops Andrey Albershteyn (1): xfs: fix scrub trace with null pointer in quotacheck André Draszik (4): clk: samsung: exynos850: fix a comment clk: samsung: gs101: fix CLK_DOUT_CMU_G3D_BUSD clk: samsung: gs101: fix alternate mout_hsi0_usb20_ref parent clock usb: typec: tcpm/tcpci_maxim: fix irq wake usage Andy Shevchenko (1): Documentation: ACPI: Fix parent device references Andy Yan (1): drm/panel: raydium-rm67200: Move initialization from enable() to prepare stage Anshuman Khandual (1): mm/ptdump: take the memory hotplug lock inside ptdump_walk_pgd() Anthoine Bourgeois (1): xen/netfront: Fix TX response spurious interrupts Arnaud Lecomte (1): jfs: upper bound check of tree index in dbAllocAG Arnd Bergmann (2): RDMA/core: reduce stack using in nldev_stat_get_doit() firmware: arm_scmi: Convert to SYSTEM_SLEEP_PM_OPS Artem Sadovnikov (1): vfio/mlx5: fix possible overflow in tracking max message size Avraham Stern (4): wifi: iwlwifi: mld: avoid outdated reorder buffer head_sn wifi: iwlwifi: mvm: avoid outdated reorder buffer head_sn wifi: iwlwifi: mld: fix scan request validation wifi: iwlwifi: mvm: fix scan request validation Baochen Qiang (1): wifi: ath12k: install pairwise key first Baokun Li (2): ext4: fix zombie groups in average fragment size lists ext4: fix largest free orders lists corruption on mb_optimize_scan switch Bartosz Golaszewski (2): gpio: wcd934x: check the return value of regmap_update_bits() gpio: tps65912: check the return value of regmap_update_bits() Benjamin Marzinski (1): dm-table: fix checking for rq stackable devices Benson Leung (1): usb: typec: ucsi: psy: Set current max to 100mA for BC 1.2 and Default Bharat Bhushan (1): crypto: octeontx2 - add timeout for load_fvc completion poll Bijan Tabatabai (1): mm/damon/core: commit damos->target_nid Biju Das (2): irqchip/renesas-rzv2h: Enable SKIP_SET_WAKE and MASK_ON_SUSPEND net: phy: micrel: Add ksz9131_resume() Binbin Zhou (1): gpio: loongson-64bit: Extend GPIO irq support Bitterblue Smith (3): wifi: rtw89: Lower the timeout in rtw89_fw_read_c2h_reg() for USB wifi: rtw89: Fix rtw89_mac_power_switch() for USB wifi: rtw89: Disable deep power saving for USB/SDIO Bjorn Andersson (1): soc: qcom: mdt_loader: Actually use the e_phoff Boris Burkov (2): btrfs: fix ssd_spread overallocation btrfs: fix iteration bug in __qgroup_excl_accounting() Breno Leitao (5): ACPI: APEI: GHES: add TAINT_MACHINE_CHECK on GHES panic path arm64: Mark kernel as tainted on SAE and SError panic ptp: Use ratelimite for freerun error message ipmi: Use dev_warn_ratelimited() for incorrect message warnings mm/kmemleak: avoid deadlock by moving pr_warn() outside kmemleak_lock Buday Csaba (1): net: phy: smsc: add proper reset flags for LAN8710A Caleb Sander Mateos (1): btrfs: don't skip accounting in early ENOTTY return in btrfs_uring_encoded_read() Calvin Owens (2): tools/power turbostat: Fix build with musl tools/power turbostat: Handle cap_get_proc() ENOSYS Cezary Rojewski (1): ASoC: Intel: avs: Fix uninitialized pointer error in probe() Charlene Liu (1): drm/amd/display: limit clear_update_flags to dcn32 and above Charles Keepax (2): ASoC: SDCA: Add flag for unused IRQs soundwire: Move handle_nested_irq outside of sdw_dev_lock Cheick Traore (1): pinctrl: stm32: Manage irq affinity settings Chen-Yu Tsai (1): mfd: axp20x: Set explicit ID for AXP313 regulator Chih-Kang Chang (1): wifi: rtw89: scan abort when assign/unassign_vif Chin-Yen Lee (1): wifi: rtw89: wow: Add Basic Rate IE to probe request in scheduled scan mode Ching-Te Ku (1): wifi: rtw89: coex: Not to set slot duration to zero to avoid firmware issue Chris Mason (1): sched/fair: Bump sd->max_newidle_lb_cost when newidle balance fails Christian Brauner (2): fhandle: raise FILEID_IS_DIR in handle_type pidfs: raise SB_I_NODEV and SB_I_NOEXEC Christian Marangi (1): clk: qcom: gcc-ipq8074: fix broken freq table for nss_port6_tx_clk_src Christophe Leroy (1): ALSA: pcm: Rewrite recalculate_boundary() to avoid costly loop Christopher Eby (1): ALSA: hda/realtek: Add Framework Laptop 13 (AMD Ryzen AI 300) to quirks Claudiu Beznea (1): clk: renesas: rzg2l: Postpone updating priv->clks[] Corey Minyard (1): ipmi: Fix strcpy source and destination the same Cristian Ciocaltea (1): ALSA: usb-audio: Avoid precedence issues in mixer_quirks macros Cynthia Huang (1): selftests/futex: Define SYS_futex on 32-bit architectures with 64-bit time_t Dai Ngo (1): NFSD: detect mismatch of file handle and delegation stateid in OPEN op Damien Le Moal (9): block: Make REQ_OP_ZONE_FINISH a write operation ata: ahci: Disallow LPM policy control if not supported ata: ahci: Disable DIPM if host lacks support ata: libata-sata: Disallow changing LPM state if not supported scsi: mpt3sas: Correctly handle ATA device errors scsi: mpi3mr: Correctly handle ATA device errors block: Introduce bio_needs_zone_write_plugging() dm: Always split write BIOs to zoned device limits ata: libata-sata: Add link_power_management_supported sysfs attribute Daniel Golle (1): Revert "leds: trigger: netdev: Configure LED blink interval for HW offload" Daniel Scally (1): media: ipu-bridge: Add _HID for OV5670 Daniele Palmas (1): bus: mhi: host: pci_generic: Add Telit FN990B40 modem support Dave Penkler (1): staging: gpib: Add init response codes for new ni-usb-hs+ Dave Stevenson (3): media: tc358743: Check I2C succeeded during probe media: tc358743: Return an appropriate colorspace from tc358743_set_fmt media: tc358743: Increase FIFO trigger level to 374 David Bauer (2): wifi: mt76: mt7915: mcu: re-init MCU before loading FW patch wifi: mt76: mt7915: mcu: increase eeprom command timeout David Collins (1): thermal/drivers/qcom-spmi-temp-alarm: Enable stage 2 shutdown when required David Hildenbrand (1): mm/huge_memory: don't ignore queried cachemode in vmf_insert_pfn_pud() David Howells (1): cifs: Fix collect_sample() to handle any iterator type David Lechner (1): iio: adc: ad_sigma_delta: don't overallocate scan buffer David Thompson (3): gpio: mlxbf2: use platform_get_irq_optional() Revert "gpio: mlxbf3: only get IRQ for device instance 0" gpio: mlxbf3: use platform_get_irq_optional() Davide Caratti (1): net/sched: ets: use old 'nbands' while purging unused classes Dikshita Agarwal (1): media: iris: Add handling for corrupt and drop frames Dongcheng Yan (1): media: i2c: set lt6911uxe's reset_gpio to GPIOD_OUT_LOW Eduard Zingerman (1): libbpf: Verify that arena map exists when adding arena relocations Edward Adam Davis (1): jfs: Regular file corruption check Eliav Farber (1): pps: clients: gpio: fix interrupt handling order in remove path Emily Deng (1): drm/ttm: Should to return the evict error En-Wei Wu (1): Bluetooth: btusb: Add new VID/PID 0489/e14e for MT7925 Eric Biggers (2): fscrypt: Don't use problematic non-inline crypto engines thunderbolt: Fix copy+paste error in match_service_id() Eric Work (1): net: atlantic: add set_power to fw_ops for atl2 to fix wol Fabio Porcedda (1): net: usb: qmi_wwan: add Telit Cinterion FN990A w/audio composition Fedor Pchelkin (1): netlink: avoid infinite retry looping in netlink_unicast() Felix Fietkau (1): wifi: mt76: fix vif link allocation Filipe Manana (10): btrfs: abort transaction during log replay if walk_log_tree() failed btrfs: qgroup: set quota enabled bit if quota disable fails flushing reservations btrfs: don't ignore inode missing when replaying log tree btrfs: qgroup: fix race between quota disable and quota rescan ioctl btrfs: qgroup: fix qgroup create ioctl returning success after quotas disabled btrfs: don't skip remaining extrefs if dir not found during log replay btrfs: clear dirty status from extent buffer on error at insert_new_root() btrfs: send: use fallocate for hole punching with send stream v2 btrfs: fix log tree replay failure due to file with 0 links and extents btrfs: error on missing block group when unaccounting log tree extent buffers Florian Larysch (1): net: phy: micrel: fix KSZ8081/KSZ8091 cable test Florian Westphal (2): netfilter: ctnetlink: fix refcount leak on table dump netfilter: nft_set_pipapo: prefer kvmalloc for scratch maps Florin Leotescu (1): hwmon: (emc2305) Set initial PWM minimum value during probe based on thermal state Francisco Gutierrez (1): scsi: pm80xx: Free allocated tags after failure Frederic Weisbecker (2): ipvs: Fix estimator kthreads preferred affinity rcu: Fix racy re-initialization of irq_work causing hangs Gabriel Totev (1): apparmor: shift ouid when mediating hard links in userns Gal Pressman (2): net: vlan: Make is_vlan_dev() a stub when VLAN is not configured net: vlan: Replace BUG() with WARN_ON_ONCE() in vlan_dev_* stubs GalaxySnail (1): ALSA: hda: add MODULE_FIRMWARE for cs35l41/cs35l56 Gao Xiang (1): erofs: fix block count report when 48-bit layout is on Gautham R. Shenoy (1): pm: cpupower: Fix the snapshot-order of tsc,mperf, clock in mperf_stop() George Moussalem (1): clk: qcom: ipq5018: keep XO clock always on Geraldo Nascimento (1): phy: rockchip-pcie: Properly disable TEST_WRITE strobe signal Greg Kroah-Hartman (1): Linux 6.15.11 Guillaume La Roque (1): pmdomain: ti: Select PM_GENERIC_DOMAINS Gwendal Grignou (1): platform/chrome: cros_ec_sensorhub: Retries when a sensor is not ready Haiyang Zhang (1): hv_netvsc: Fix panic during namespace deletion with VF Hans de Goede (2): mei: bus: Check for still connected devices in mei_cl_bus_dev_release() media: hi556: Fix reset GPIO timings Haoran Jiang (1): LoongArch: BPF: Fix jump offset calculation in tailcall Harald Mommer (1): gpio: virtio: Fix config space reading. Hari Chandrakanthan (2): wifi: mac80211: fix rx link assignment for non-MLO stations wifi: ath12k: Fix station association with MBSSID Non-TX BSS Hari Kalavakunta (1): net: ncsi: Fix buffer overflow in fetching version id Heiko Carstens (1): s390/early: Copy last breaking event address to pt_regs Heiner Kallweit (2): net: ftgmac100: fix potential NULL pointer access in ftgmac100_phy_disconnect dpaa_eth: don't use fixed_phy_change_carrier Hiago De Franco (1): remoteproc: imx_rproc: skip clock enable when M-core is managed by the SCU Hsin-Te Yuan (1): thermal: sysfs: Return ENODATA instead of EAGAIN for reads Huacai Chen (2): PCI: Extend isolated function probing to LoongArch LoongArch: Make relocate_new_kernel_size be a .quad value Ian Abbott (1): comedi: fix race between polling and detaching Ihor Solodrai (1): bpf: Make reg_not_null() true for CONST_PTR_TO_MAP Ilan Peer (1): wifi: cfg80211: Fix interface type validation Ilya Bakoulin (1): drm/amd/display: Separate set_gsl from set_gsl_source_select Ivan Lipski (1): drm/amd/display: Allow DCN301 to clear update flags Jack Ping CHNG (1): net: pcs: xpcs: mask readl() return value to 16 bits Jack Xiao (1): drm/amdgpu: fix incorrect vm flags to map bo Jaegeuk Kim (1): f2fs: check the generic conditions first Jakub Kicinski (3): net: page_pool: allow enabling recycling late, fix false positive warning tls: handle data disappearing from under the TLS ULP uapi: in6: restore visibility of most IPv6 socket options Jameson Thies (1): usb: typec: ucsi: Add poll_cci operation to cros_ec_ucsi Jan Kara (2): loop: Avoid updating block size under exclusive owner udf: Verify partition map count Jann Horn (1): eventpoll: Fix semi-unbounded recursion Jarkko Sakkinen (1): tpm: Check for completion after timeout Jason Gunthorpe (1): iommufd: Prevent ALIGN() overflow Jason Wang (1): vhost: fail early when __vhost_add_used() fails Jay Chen (1): usb: xhci: Set avg_trb_len = 8 for EP0 during Address Device Command Jeff Layton (1): nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() Jens Axboe (3): io_uring/memmap: cast nr_pages to size_t before shifting io_uring/net: commit partial buffers on retry io_uring/rw: cast rw->flags assignment to rwf_t Jeongjun Park (1): ptp: prevent possible ABBA deadlock in ptp_clock_freerun() Jiasheng Jiang (1): scsi: lpfc: Remove redundant assignment to avoid memory leak Jiayi Li (1): ACPI: processor: perflib: Fix initial _PPC limit application Jijie Shao (3): net: hibmcge: fix rtnl deadlock issue net: hibmcge: fix the division by zero issue net: hibmcge: fix the np_link_fail error reporting issue Jinjiang Tu (1): mm/smaps: fix race between smaps_hugetlb_range and migration Joel Fernandes (1): rcu: Fix rcu_read_unlock() deadloop due to IRQ work Johan Adolfsson (1): leds: leds-lp50xx: Handle reg to get correct multi_index Johan Hovold (5): net: gianfar: fix device leak when querying time stamp info net: enetc: fix device and OF node leak at probe net: mtk_eth_soc: fix device leak at probe net: ti: icss-iep: fix device and OF node leaks at probe net: dpaa: fix device leak when querying time stamp info Johannes Berg (5): wifi: cfg80211: reject HTC bit for management frames wifi: mac80211: don't use TPE data from assoc response wifi: mac80211: don't unreserve never reserved chanctx wifi: mac80211: don't complete management TX on SAE commit wifi: iwlwifi: mld: fix last_mlo_scan_time type Johannes Thumshirn (1): btrfs: zoned: use filesystem size not disk size for reclaim decision John Garry (4): dm-stripe: limit chunk_sectors to the stripe size md/raid10: set chunk_sectors limit scsi: aacraid: Stop using PCI_IRQ_AFFINITY block: avoid possible overflow for chunk_sectors check in blk_stack_limits() John Johansen (1): apparmor: fix x_table_lookup when stacking is not the first entry John Ogness (1): printk: nbcon: Allow reacquire during panic Jonas Rebmann (1): net: fec: allow disable coalescing Jonathan Santos (1): iio: adc: ad7768-1: Ensure SYNC_IN pulse minimum timing requirement Jorge Marques (1): i3c: master: Initialize ret in i3c_i2c_notifier_call() Joseph Tilahun (1): tty: serial: fix print format specifiers Jouni Högander (1): drm/i915/psr: Do not trigger Frame Change events from frontbuffer flush Juri Lelli (1): sched/deadline: Fix accounting after global limits change Justin Tee (2): scsi: lpfc: Ensure HBA_SETUP flag is used only for SLI4 in dev_loss_tmo_callbk scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure Kairui Song (1): mm/shmem, swap: improve cached mTHP handling and fix potential hang Kalesh AP (1): RDMA/bnxt_re: Fix size of uverbs_copy_to() in BNXT_RE_METHOD_GET_TOGGLE_MEM Kamil Horák - 2N (1): net: phy: bcm54811: PHY initialization Kang Yang (1): wifi: ath10k: shutdown driver when hardware is unreliable Karthikeyan Kathirvel (1): wifi: ath12k: Decrement TID on RX peer frag setup error handling Kees Cook (2): arm64: Handle KCOV __init vs inline mismatches platform/x86: thinkpad_acpi: Handle KCOV __init vs inline mismatches Keith Busch (2): nvme-pci: try function level reset on init failure vfio/type1: conditional rescheduling while pinning Krzysztof Hałasa (1): imx8m-blk-ctrl: set ISI panic write hurry level Krzysztof Kozlowski (2): leds: flash: leds-qcom-flash: Fix registry access after re-bind clk: qcom: dispcc-sm8750: Fix setting rate byte and pixel clocks Kuninori Morimoto (1): ASoC: soc-dapm: set bias_level if snd_soc_dapm_set_bias_level() was successed Kuniyuki Iwashima (1): ipv6: mcast: Check inet6_dev->dead under idev->mc_lock in __ipv6_dev_mc_inc(). Lad Prabhakar (1): drm: renesas: rz-du: mipi_dsi: Add min check for VCLK range Len Brown (2): intel_idle: Allow loading ACPI tables for any family tools/power turbostat: Handle non-root legacy-uncore sysfs permissions Leon Romanovsky (1): net/mlx5e: Properly access RCU protected qdisc_sleeping variable Li Chen (3): ACPI: Suppress misleading SPCR console message when SPCR table is absent HID: rate-limit hid_warn to prevent log flooding ACPI: Return -ENODEV from acpi_parse_spcr() when SPCR support is disabled Li RongQing (1): cpufreq: intel_pstate: Add Granite Rapids support in no-HWP mode Li Zhijian (1): mm/memory-tier: fix abstract distance calculation overflow Lifeng Zheng (2): cpufreq: Exit governor when failed to start old governor PM / devfreq: governor: Replace sscanf() with kstrtoul() in set_freq_store() Lijo Lazar (1): drm/amdgpu: Suspend IH during mode-2 reset Lizhi Xu (3): fs/ntfs3: Add sanity check for file name jfs: truncate good inode pages when hard link is 0 ocfs2: reset folio to NULL when get folio fails Lorenzo Bianconi (1): wifi: mt76: mt7996: Fix mlink lookup in mt7996_tx_prepare_skb Lu Baolu (1): iommu/vt-d: Optimize iotlb_sync_map for non-caching/non-RWBF modes Lucy Thrun (1): ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control Lukas Wunner (1): PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports MD Danish Anwar (1): net: ti: icssg-prueth: Fix emac link speed handling Ma Ke (1): sunvdc: Balance device refcount in vdc_port_mpgroup_check Marek Szyprowski (1): media: v4l2: Add support for NV12M tiled variants to v4l2_format_info() Mario Limonciello (8): platform/x86/amd: pmc: Add Lenovo Yoga 6 13ALC6 to pmc quirk list usb: xhci: Avoid showing warnings for dying controller usb: xhci: Avoid showing errors during surprise removal drm/amd: Allow printing VanGogh OD SCLK levels without setting dpm to manual drm/amd/display: Stop storing failures into adev->dm.cached_state drm/amd/display: Only finalize atomic_obj if it was initialized drm/amd/display: Avoid configuring PSR granularity if PSR-SU not supported crypto: ccp - Add missing bootloader info reg for pspv6 Mark Brown (2): ASoC: hdac_hdmi: Rate limit logging on connection and disconnection kselftest/arm64: Specify SVE data when testing VL set in sve-ptrace Mark Rutland (1): arm64: stacktrace: Check kretprobe_find_ret_addr() return value Markus Stockhausen (1): irqchip/mips-gic: Allow forced affinity Markus Theil (1): crypto: jitter - fix intermediary handling Masahiro Yamada (3): kconfig: gconf: avoid hardcoding model2 in on_treeview2_cursor_changed() kconfig: gconf: fix potential memory leak in renderer_edited() kheaders: rebuild kheaders_data.tar.xz when a file is modified within a minute Masami Hiramatsu (Google) (2): selftests: tracing: Use mutex_unlock for testing glob filter tracing: fprobe: Fix infinite recursion using preempt_*_notrace() Mateusz Guzik (1): apparmor: use the condition in AA_BUG_FMT even with debug disabled Matt Johnston (1): net: mctp: Prevent duplicate binds Matt Roper (1): drm/xe/xe_query: Use separate iterator while filling GT list Matteo Croce (1): libbpf: Fix warning in calloc() usage Maulik Shah (1): soc: qcom: rpmh-rsc: Add RSC version 4 support Maurizio Lombardi (2): nvme-tcp: log TLS handshake failures at error level scsi: target: core: Generate correct identifiers for PR OUT transport IDs Mauro Carvalho Chehab (1): sphinx: kernel_abi: fix performance regression with O=<dir> Maxim Levitsky (2): KVM: nVMX: Check vmcs12->guest_ia32_debugctl on nested VM-Enter KVM: VMX: Wrap all accesses to IA32_DEBUGCTL with getter/setter APIs Meagan Lloyd (2): rtc: ds1307: handle oscillator stop flag (OSF) for ds1341 rtc: ds1307: remove clear of oscillator stop flag (OSF) in probe Michal Wilczynski (1): clk: thead: Mark essential bus clocks as CLK_IGNORE_UNUSED Miguel Ojeda (2): rust: kbuild: clean output before running `rustdoc` rust: workaround `rustdoc` target modifiers bug Mikulas Patocka (1): dm-mpath: don't print the "loaded" message if registering fails Mina Almasry (1): netmem: fix skb_frag_address_safe with unreadable skbs Miri Korenblit (5): wifi: iwlwifi: mld: use spec link id and not FW link id wifi: mac80211: handle WLAN_HT_ACTION_NOTIFY_CHANWIDTH async wifi: iwlwifi: mvm: set gtk id also in older FWs wifi: mac80211: avoid weird state in error path wifi: iwlwifi: mld: don't exit EMLSR when we shouldn't Myrrh Periwinkle (1): usb: typec: ucsi: Update power_supply on power role change Nam Cao (2): verification/dot2k: Make a separate dot2k_templates/Kconfig_container rv: Add #undef TRACE_INCLUDE_FILE Naohiro Aota (3): btrfs: zoned: requeue to unused block group list if zone finish failed btrfs: zoned: do not remove unwritten non-data block group btrfs: zoned: do not select metadata BG as finish target Nathan Lynch (1): lib: packing: Include necessary headers NeilBrown (1): smb/server: avoid deadlock when linking with ReplaceIfExists Nicholas Kazlauskas (1): drm/amd/display: Update DMCUB loading sequence for DCN3.5 Nicolin Chen (1): iommufd: Report unmapped bytes in the error path of iopt_unmap_iova_range Niklas Söderlund (1): media: v4l2-common: Reduce warnings about missing V4L2_CID_LINK_FREQ control Oliver Neukum (3): usb: core: usb_submit_urb: downgrade type check net: usb: cdc-ncm: check for filtering capability cdc-acm: fix race between initial clearing halt and open Oscar Maes (1): net: ipv4: fix incorrect MTU in broadcast routes Pagadala Yesu Anjaneyulu (1): wifi: iwlwifi: fw: Fix possible memory leak in iwl_fw_dbg_collect Pali Rohár (1): cifs: Fix calling CIFSFindFirst() for root path without msearch Paul Chaignon (1): bpf: Forget ranges when refining tnum after JSET Paul E. McKenney (1): rcu: Protect ->defer_qs_iw_pending from data race Paulo Alcantara (1): smb: client: fix session setup against servers that require SPN Pavel Begunkov (2): io_uring: don't use int for ABI io_uring: export io_[un]account_mem Pawan Gupta (1): x86/bugs: Avoid warning when overriding return thunk Pedro Falcato (1): RDMA/siw: Fix the sendmsg byte count in siw_tcp_sendpages Pei Xiao (1): clk: tegra: periph: Fix error handling and resolve unsigned compare warning Peichen Huang (1): drm/amd/display: add null check Peng Fan (1): firmware: arm_scmi: power_control: Ensure SCMI_SYSPOWER_IDLE is set early during resume Peter Jakubek (1): ASoC: Intel: sof_sdw: Add quirk for Alienware Area 51 (2025) 0CCC SKU Peter Robinson (1): reset: brcmstb: Enable reset drivers for ARCH_BCM2835 Peter Ujfalusi (2): ASoC: SOF: topology: Parse the dapm_widget_tokens in case of DSPless mode ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime() Petr Pavlu (1): module: Prevent silent truncation of module name in delete_module(2) Philipp Stanner (1): drm/sched: Avoid memory leaks with cancel_job() callback Prashant Malani (1): cpufreq: CPPC: Mark driver with NEED_UPDATE_LIMITS flag Purva Yeshi (1): md: dm-zoned-target: Initialize return variable r to avoid uninitialized use Qu Wenruo (3): btrfs: populate otime when logging an inode item btrfs: fix wrong length parameter for btrfs_cleanup_ordered_extents() btrfs: do not allow relocation of partially dropped subvolumes Radhey Shyam Pandey (1): usb: dwc3: xilinx: add shutdown callback Rafael J. Wysocki (3): ACPI: processor: perflib: Move problematic pr->performance check cpuidle: governors: menu: Avoid using invalid recent intervals data PM: runtime: Clear power.needs_force_resume in pm_runtime_reinit() Raj Kumar Bhagat (1): wifi: ath12k: Enable REO queue lookup table feature on QCN9274 hw2.0 Ramya Gnanasekar (1): wifi: mac80211: update radar_required in channel context after channel switch Rand Deeb (1): wifi: iwlwifi: dvm: fix potential overflow in rs_fill_link_cmd() Randy Dunlap (2): fbdev: nvidiafb: add depends on HAS_IOPORT parisc: Makefile: fix a typo in palo.conf Ranjan Kumar (1): scsi: Fix sas_user_scan() to handle wildcard and multi-channel scans Ricardo Ribalda (3): media: uvcvideo: Add quirk for HP Webcam HD 2300 media: uvcvideo: Set V4L2_CTRL_FLAG_DISABLED during queryctrl errors media: uvcvideo: Do not mark valid metadata as invalid Ricky Wu (1): misc: rtsx: usb: Ensure mmc child device is active when card is present Rob Clark (2): drm/msm: Update register xml drm/msm: use trylock for debugfs Robin Murphy (1): perf/arm: Add missing .suppress_bind_attrs Roman Li (1): drm/amd/display: Disable dsc_power_gate for dcn314 by default Rong Zhang (1): fs/ntfs3: correctly create symlink for relative path RubenKelevra (1): net: ieee8021q: fix insufficient table-size assertion Sabrina Dubroca (2): xfrm: restore GSO for SW crypto udp: also consider secpath when evaluating ipsec use for checksumming Sarah Newman (1): drbd: add missing kref_get in handle_write_conflicts Sarika Sharma (2): wifi: ath12k: Correct tid cleanup when tid setup fails wifi: ath12k: Add memset and update default rate value in wmi tx completion Sarthak Garg (1): mmc: sdhci-msm: Ensure SD card power isn't ON when card removed Sasha Levin (1): fs: Prevent file descriptor table allocations exceeding INT_MAX Sean Christopherson (2): KVM: VMX: Extract checking of guest's DEBUGCTL into helper KVM: x86: Convert vcpu_run()'s immediate exit param into a generic bitmap Sebastian Andrzej Siewior (1): selftests: netfilter: Enable CONFIG_INET_SCTP_DIAG Sebastian Ott (1): ACPI: processor: fix acpi_object initialization Sebastian Reichel (2): watchdog: dw_wdt: Fix default timeout usb: typec: fusb302: cache PD RX state SeongJae Park (1): samples/damon/wsse: fix boot time enable handling Sergey Bashirov (4): pNFS: Fix stripe mapping in block/scsi layout pNFS: Fix disk addr range check in block/scsi layout pNFS: Handle RPC size limit for layoutcommits pNFS: Fix uninited ptr deref in block/scsi layout Shankari Anand (1): kconfig: nconf: Ensure null termination where strncpy is used Shannon Nelson (1): ionic: clean dbpage in de-init Shengjiu Wang (1): ASoC: fsl_sai: replace regmap_write with regmap_update_bits Shiji Yang (2): MIPS: vpe-mt: add missing prototypes for vpe_{alloc,start,stop,free} MIPS: lantiq: falcon: sysctrl: fix request memory check logic Shin'ichiro Kawasaki (1): dm: split write BIOs on zone boundaries when zone append is not emulated Showrya M N (1): scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated Shuai Xue (1): ACPI: APEI: send SIGBUS to current task if synchronous memory error not recovered Shubhrajyoti Datta (1): EDAC/synopsys: Clear the ECC counters on init Shyam Prasad N (1): cifs: reset iface weights when we cannot find a candidate Siddharth Vadapalli (1): arm64: dts: ti: k3-j722s-evm: Fix USB gpio-hog level for Type-C Sravan Kumar Gundu (1): fbdev: Fix vmalloc out-of-bounds write in fast_imageblit Srinivas Kandagatla (1): ASoC: qcom: use drvdata instead of component to keep id Stanislav Fomichev (2): net: lapbether: ignore ops-locked netdevs hamradio: ignore ops-locked netdevs Stanislaw Gruszka (1): wifi: iwlegacy: Check rate_idx range after addition Stefan Metzmacher (3): smb: client: let send_done() cleanup before calling smbd_disconnect_rdma_connection() smb: client: don't wait for info->send_pending == 0 on error smb: client: don't call init_waitqueue_head(&info->conn_wait) twice in _smbd_get_connection Steve French (1): smb3: fix for slab out of bounds on mount to ksmbd Steven Rostedt (3): tracefs: Add d_delete to remove negative dentries powerpc/thp: tracing: Hide hugepage events under CONFIG_PPC_BOOK3S_64 ktest.pl: Prevent recursion of default variable options Su Hui (1): usb: xhci: print xhci->xhc_state when queue_command failed Suchit Karunakaran (1): kconfig: lxdialog: replace strcpy() with strncpy() in inputbox.c Suren Baghdasaryan (1): userfaultfd: fix a crash in UFFDIO_MOVE when PMD is a migration entry Sven Schnelle (3): s390/sclp: Use monotonic clock in sclp_sync_wait() s390/time: Use monotonic clock in get_cycles() s390/stp: Remove udelay from stp_sync_clock() Sven Stegemann (1): net: kcm: Fix race condition in kcm_unattach() Takashi Iwai (4): ALSA: usb-audio: Validate UAC3 power domain descriptors, too ALSA: usb-audio: Validate UAC3 cluster segment descriptors ALSA: hda: Handle the jack polling always via a work ALSA: hda: Disable jack polling at shutdown Tetsuo Handa (1): hfsplus: don't use BUG_ON() in hfsplus_create_attributes_file() Theodore Ts'o (1): ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr Thierry Reding (2): firmware: tegra: Fix IVC dependency problems drm/fbdev-client: Skip DRM clients if modesetting is absent Thomas Croft (1): ALSA: hda/realtek: add LG gram 16Z90R-A to alc269 fixup table Thomas Fourier (6): et131x: Add missing check after DMA map net: ag71xx: Add missing check after DMA map (powerpc/512) Fix possible `dma_unmap_single()` on uninitialized pointer wifi: rtlwifi: fix possible skb memory leak in `_rtl_pci_rx_interrupt()`. powerpc: floppy: Add missing checks after DMA map wifi: rtlwifi: fix possible skb memory leak in _rtl_pci_init_one_rxdesc() Thomas Weißschuh (7): LoongArch: Don't use %pK through printk() in unwinder mfd: cros_ec: Separate charge-control probing from USB-PD tools/nolibc: define time_t in terms of __kernel_old_time_t tools/build: Fix s390(x) cross-compilation with clang selftests: vDSO: vdso_test_getrandom: Always print TAP header um: Re-evaluate thread flags repeatedly MIPS: Don't crash in stack_top() for tasks without ABI or vDSO Tiffany Yang (1): binder: Fix selftest page indexing Tomasz Michalec (2): usb: typec: intel_pmc_mux: Defer probe if SCU IPC isn't present platform/chrome: cros_ec_typec: Defer probe on missing EC parent Tomi Valkeinen (1): media: raspberrypi: cfe: Fix min_reqbufs_allocation Trond Myklebust (1): NFS: Fix the setting of capabilities when automounting a new filesystem Tvrtko Ursulin (2): drm/xe: Make dma-fences compliant with the safe access rules drm/ttm: Respect the shrinker core free target Ulf Hansson (1): mmc: rtsx_usb_sdmmc: Fix error-path in sd_set_power_mode() Umio Yasuno (1): drm/amd/pm: fix null pointer access Uwe Kleine-König (1): Bluetooth: btusb: Add support for variant of RTL8851BE (USB ID 13d3:3601) Valmantas Paliksa (1): phy: rockchip-pcie: Enable all four lanes if required Vasiliy Kovalev (1): ALSA: hda/realtek: Fix headset mic on HONOR BRB-X Vedang Nagar (1): media: venus: Fix OOB read due to missing payload bound check Viacheslav Dubeyko (5): hfs: fix general protection fault in hfs_find_init() hfs: fix slab-out-of-bounds in hfs_bnode_read() hfsplus: fix slab-out-of-bounds in hfsplus_bnode_read() hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() hfs: fix not erasing deleted b-tree node issue Vijendar Mukunda (2): soundwire: amd: serialize amd manager resume sequence during pm_prepare soundwire: amd: cancel pending slave status handling workqueue during remove sequence Vincent Mailhol (1): can: ti_hecc: fix -Woverflow compiler warning Vivek Pernamitta (1): bus: mhi: host: pci_generic: Disable runtime PM for QDU100 Vlastimil Babka (1): mm, slab: restore NUMA policy support for large kmalloc Waiman Long (1): mm/kmemleak: avoid soft lockup in __kmemleak_do_cleanup() Wang Zhaolong (1): smb: client: remove redundant lstrp update in negotiate protocol Wayne Lin (1): drm/amd/display: Avoid trying AUX transactions on disconnected ports Wei Gao (1): ext2: Handle fiemap on empty files to prevent EINVAL Wen Chen (1): drm/amd/display: Fix 'failed to blank crtc!' Wentao Guan (1): LoongArch: vDSO: Remove -nostdlib complier flag Will Deacon (1): vsock/virtio: Resize receive buffers so that each SKB fits in a 4K page Willy Tarreau (1): tools/nolibc: fix spelling of FD_SETBITMASK in FD_* macros Wolfram Sang (3): media: usb: hdpvr: disable zero-length read messages i3c: add missing include to internal header i3c: don't fail if GETHDRCAP is unsupported Xiang Liu (1): drm/amdgpu: Use correct severity for BP threshold exceed event Xin Long (1): sctp: linearize cloned gso packets in sctp_rcv Xinxin Wan (1): ASoC: codecs: rt5640: Retry DEVICE_ID verification Xinyu Liu (1): usb: core: config: Prevent OOB read in SS endpoint companion parsing Xu Yang (1): net: usb: asix_devices: add phy_mask for ax88772 mdio bus Yang Li (1): Bluetooth: hci_event: Add support for handling LE BIG Sync Lost event Yann E. MORIN (1): kconfig: lxdialog: fix 'space' to (de)select options Yao Zi (3): LoongArch: Avoid in-place string operation on FDT content net: stmmac: thead: Get and enable APB clock on initialization riscv: dts: thead: Add APB clocks for TH1520 GMACs Yeoreum Yun (2): tpm: tpm_crb_ffa: try to probe tpm_crb_ffa when it's built-in firmware: arm_ffa: Change initcall level of ffa_init() to rootfs_initcall YiPeng Chai (1): drm/amdgpu: fix vram reservation issue Yonghong Song (2): selftests/bpf: Fix ringbuf/ringbuf_write test failure with arm64 64KB page size selftests/bpf: Fix a user_ringbuf failure with arm64 64KB page size Yongzhen Zhang (1): fbdev: fix potential buffer overflow in do_register_framebuffer() Youngjun Lee (1): media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() Yu Kuai (1): lib/sbitmap: convert shallow_depth from one word to the whole sbitmap Yuan Chen (2): drm/msm: Add error handling for krealloc in metadata setup bpftool: Fix JSON writer resource leak in version command Yuezhang Mo (1): exfat: add cluster chain loop check for dir Yury Norov [NVIDIA] (1): RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() Zhang Yi (1): ext4: initialize superblock fields in the kballoc-test.c kunit tests Zhiqi Song (1): crypto: hisilicon/hpre - fix dma unmap sequence Zhu Qiyu (1): ACPI: PRM: Reduce unnecessary printing to avoid user confusion Zijun Hu (2): char: misc: Fix improper and inaccurate error code returned by misc_init() Bluetooth: hci_sock: Reset cookie to zero in hci_sock_free_cookie() Ziyan Fu (1): watchdog: iTCO_wdt: Report error if timeout configuration fails Zqiang (2): rcu/nocb: Fix possible invalid rdp's->nocb_cb_kthread pointer access rcutorture: Fix rcutorture_one_extend_check() splat in RT kernels chenchangcheng (1): media: uvcvideo: Fix bandwidth issue for Alcor camera fangzhong.zhou (1): i2c: Force DLL0945 touchpad i2c freq to 100khz ganglxie (1): drm/amdgpu: clear pa and mca record counter when resetting eeprom jackysliu (1): scsi: bfa: Double-free fix tuhaowen (1): PM: sleep: console: Fix the black screen issue zhangjianrong (2): net: thunderbolt: Enable end-to-end flow control also in transmit net: thunderbolt: Fix the parameter passing of tb_xdomain_enable_paths()/tb_xdomain_disable_paths() Álvaro Fernández Rojas (6): net: dsa: b53: ensure BCM5325 PHYs are enabled net: dsa: b53: fix b53_imp_vlan_setup for BCM5325 net: dsa: b53: prevent GMII_PORT_OVERRIDE_CTRL access on BCM5325 net: dsa: b53: prevent DIS_LEARNING access on BCM5325 net: dsa: b53: prevent SWITCH_CTRL access on BCM5325 net: dsa: b53: fix IP_MULTICAST_CTRL on BCM5325

2 months, 3 weeks

1
1
0 0

Linux 6.16.2

by Greg Kroah-Hartman

I'm announcing the release of the 6.16.2 kernel. All users of the 6.16 kernel series must upgrade. The updated 6.16.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.16.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/filesystems/fscrypt.rst | 37 Documentation/firmware-guide/acpi/i2c-muxes.rst | 8 Documentation/sphinx/kernel_abi.py | 6 Makefile | 2 arch/arm/mach-rockchip/platsmp.c | 15 arch/arm/mach-tegra/reset.c | 2 arch/arm64/boot/dts/ti/k3-j722s-evm.dts | 2 arch/arm64/include/asm/acpi.h | 2 arch/arm64/kernel/acpi.c | 10 arch/arm64/kernel/stacktrace.c | 2 arch/arm64/kernel/traps.c | 1 arch/arm64/mm/fault.c | 1 arch/arm64/mm/ptdump_debugfs.c | 3 arch/loongarch/kernel/env.c | 13 arch/loongarch/kernel/relocate_kernel.S | 2 arch/loongarch/kernel/unwind_orc.c | 2 arch/loongarch/net/bpf_jit.c | 21 arch/loongarch/vdso/Makefile | 2 arch/mips/include/asm/vpe.h | 8 arch/mips/kernel/process.c | 16 arch/mips/lantiq/falcon/sysctrl.c | 23 arch/parisc/Makefile | 2 arch/powerpc/include/asm/floppy.h | 5 arch/powerpc/platforms/512x/mpc512x_lpbfifo.c | 6 arch/riscv/boot/dts/thead/th1520.dtsi | 10 arch/riscv/mm/ptdump.c | 3 arch/s390/include/asm/timex.h | 13 arch/s390/kernel/early.c | 1 arch/s390/kernel/time.c | 2 arch/s390/mm/dump_pagetables.c | 2 arch/um/include/asm/thread_info.h | 4 arch/um/kernel/process.c | 20 arch/x86/boot/startup/sev-shared.c | 1 arch/x86/coco/sev/core.c | 2 arch/x86/coco/sev/vc-handle.c | 40 arch/x86/include/asm/kvm_host.h | 7 arch/x86/kernel/cpu/bugs.c | 5 arch/x86/kernel/fpu/xstate.c | 19 arch/x86/kvm/vmx/main.c | 2 arch/x86/kvm/vmx/nested.c | 21 arch/x86/kvm/vmx/pmu_intel.c | 8 arch/x86/kvm/vmx/vmx.c | 41 arch/x86/kvm/vmx/vmx.h | 26 arch/x86/kvm/x86.c | 14 arch/x86/lib/crypto/poly1305_glue.c | 48 block/bfq-iosched.c | 35 block/bfq-iosched.h | 3 block/blk-mq.c | 6 block/blk-settings.c | 2 block/blk-sysfs.c | 12 block/blk-zoned.c | 20 block/blk.h | 1 block/genhd.c | 2 block/kyber-iosched.c | 9 block/mq-deadline.c | 16 crypto/jitterentropy-kcapi.c | 9 drivers/accel/habanalabs/common/memory.c | 23 drivers/acpi/acpi_processor.c | 2 drivers/acpi/apei/ghes.c | 13 drivers/acpi/ec.c | 10 drivers/acpi/prmt.c | 26 drivers/acpi/processor_perflib.c | 11 drivers/android/binder_alloc_selftest.c | 2 drivers/ata/ahci.c | 12 drivers/ata/ata_piix.c | 1 drivers/ata/libahci.c | 1 drivers/ata/libata-sata.c | 52 drivers/base/power/runtime.c | 5 drivers/base/regmap/regmap-irq.c | 19 drivers/block/drbd/drbd_receiver.c | 6 drivers/block/loop.c | 38 drivers/block/sunvdc.c | 4 drivers/block/ublk_drv.c | 16 drivers/bluetooth/btusb.c | 3 drivers/bus/mhi/host/pci_generic.c | 20 drivers/char/ipmi/ipmi_msghandler.c | 8 drivers/char/ipmi/ipmi_watchdog.c | 59 drivers/char/misc.c | 4 drivers/char/tpm/tpm-interface.c | 17 drivers/char/tpm/tpm_crb_ffa.c | 19 drivers/clk/qcom/dispcc-sm8750.c | 10 drivers/clk/qcom/gcc-ipq5018.c | 2 drivers/clk/qcom/gcc-ipq8074.c | 6 drivers/clk/renesas/rzg2l-cpg.c | 8 drivers/clk/samsung/clk-exynos850.c | 2 drivers/clk/samsung/clk-gs101.c | 4 drivers/clk/tegra/clk-periph.c | 4 drivers/clk/thead/clk-th1520-ap.c | 5 drivers/comedi/comedi_fops.c | 31 drivers/comedi/comedi_internal.h | 1 drivers/comedi/drivers.c | 13 drivers/cpufreq/cppc_cpufreq.c | 2 drivers/cpufreq/cpufreq.c | 8 drivers/cpufreq/intel_pstate.c | 2 drivers/cpuidle/governors/menu.c | 21 drivers/crypto/caam/ctrl.c | 2 drivers/crypto/ccp/sp-pci.c | 1 drivers/crypto/hisilicon/hpre/hpre_crypto.c | 8 drivers/crypto/marvell/octeontx2/otx2_cptpf_ucode.c | 16 drivers/devfreq/governor_userspace.c | 6 drivers/dma/stm32/stm32-dma.c | 2 drivers/edac/ie31200_edac.c | 4 drivers/edac/synopsys_edac.c | 97 drivers/firmware/arm_ffa/driver.c | 2 drivers/firmware/arm_scmi/scmi_power_control.c | 22 drivers/firmware/tegra/Kconfig | 5 drivers/gpio/gpio-loongson-64bit.c | 6 drivers/gpio/gpio-mlxbf2.c | 2 drivers/gpio/gpio-mlxbf3.c | 54 drivers/gpio/gpio-pxa.c | 8 drivers/gpio/gpio-tps65912.c | 7 drivers/gpio/gpio-virtio.c | 9 drivers/gpio/gpio-wcd934x.c | 7 drivers/gpu/drm/amd/amdgpu/aldebaran.c | 33 drivers/gpu/drm/amd/amdgpu/amdgpu_cper.c | 6 drivers/gpu/drm/amd/amdgpu/amdgpu_csa.c | 4 drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c | 4 drivers/gpu/drm/amd/amdgpu/amdgpu_psp.h | 11 drivers/gpu/drm/amd/amdgpu/amdgpu_ras_eeprom.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_vram_mgr.c | 3 drivers/gpu/drm/amd/amdgpu/psp_v10_0.c | 4 drivers/gpu/drm/amd/amdgpu/psp_v11_0.c | 31 drivers/gpu/drm/amd/amdgpu/psp_v11_0_8.c | 25 drivers/gpu/drm/amd/amdgpu/psp_v12_0.c | 18 drivers/gpu/drm/amd/amdgpu/psp_v13_0.c | 25 drivers/gpu/drm/amd/amdgpu/psp_v13_0_4.c | 25 drivers/gpu/drm/amd/amdgpu/psp_v14_0.c | 25 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 28 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_psr.c | 6 drivers/gpu/drm/amd/display/dc/core/dc.c | 12 drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c | 11 drivers/gpu/drm/amd/display/dc/link/link_dpms.c | 3 drivers/gpu/drm/amd/display/dc/mpc/dcn401/dcn401_mpc.c | 2 drivers/gpu/drm/amd/display/dc/resource/dcn314/dcn314_resource.c | 1 drivers/gpu/drm/amd/display/dmub/src/dmub_dcn35.c | 16 drivers/gpu/drm/amd/pm/amdgpu_pm.c | 5 drivers/gpu/drm/amd/pm/swsmu/smu11/vangogh_ppt.c | 37 drivers/gpu/drm/amd/pm/swsmu/smu_cmn.h | 41 drivers/gpu/drm/clients/drm_client_setup.c | 5 drivers/gpu/drm/i915/display/intel_fbc.c | 8 drivers/gpu/drm/i915/display/intel_psr.c | 14 drivers/gpu/drm/imagination/pvr_power.c | 59 drivers/gpu/drm/msm/Makefile | 5 drivers/gpu/drm/msm/adreno/a6xx_catalog.c | 2 drivers/gpu/drm/msm/adreno/a6xx_gpu.h | 4 drivers/gpu/drm/msm/adreno/a6xx_gpu_state.c | 2 drivers/gpu/drm/msm/adreno/a6xx_gpu_state.h | 2 drivers/gpu/drm/msm/adreno/a6xx_preempt.c | 2 drivers/gpu/drm/msm/adreno/adreno_gen7_9_0_snapshot.h | 4 drivers/gpu/drm/msm/msm_drv.c | 9 drivers/gpu/drm/msm/msm_gem.c | 3 drivers/gpu/drm/msm/msm_gem.h | 6 drivers/gpu/drm/msm/registers/adreno/a6xx.xml | 3582 +--------- drivers/gpu/drm/msm/registers/adreno/a6xx_descriptors.xml | 198 drivers/gpu/drm/msm/registers/adreno/a6xx_enums.xml | 383 + drivers/gpu/drm/msm/registers/adreno/a6xx_perfcntrs.xml | 600 + drivers/gpu/drm/msm/registers/adreno/a7xx_enums.xml | 223 drivers/gpu/drm/msm/registers/adreno/a7xx_perfcntrs.xml | 1030 ++ drivers/gpu/drm/msm/registers/adreno/adreno_pm4.xml | 302 drivers/gpu/drm/panel/panel-raydium-rm67200.c | 22 drivers/gpu/drm/renesas/rz-du/rzg2l_mipi_dsi.c | 3 drivers/gpu/drm/scheduler/sched_main.c | 34 drivers/gpu/drm/scheduler/tests/tests_basic.c | 42 drivers/gpu/drm/ttm/ttm_pool.c | 8 drivers/gpu/drm/ttm/ttm_resource.c | 3 drivers/gpu/drm/xe/xe_guc_exec_queue_types.h | 2 drivers/gpu/drm/xe/xe_guc_submit.c | 7 drivers/gpu/drm/xe/xe_hw_fence.c | 3 drivers/gpu/drm/xe/xe_hwmon.c | 29 drivers/gpu/drm/xe/xe_migrate.c | 42 drivers/gpu/drm/xe/xe_query.c | 27 drivers/hid/hid-core.c | 4 drivers/hwmon/emc2305.c | 10 drivers/i2c/i2c-core-acpi.c | 1 drivers/i2c/i2c-core-base.c | 8 drivers/i3c/internals.h | 1 drivers/i3c/master.c | 4 drivers/idle/intel_idle.c | 2 drivers/iio/adc/ad7768-1.c | 23 drivers/iio/adc/ad_sigma_delta.c | 2 drivers/infiniband/core/nldev.c | 22 drivers/infiniband/hw/bnxt_re/ib_verbs.c | 2 drivers/infiniband/hw/hfi1/affinity.c | 44 drivers/infiniband/sw/siw/siw_qp_tx.c | 5 drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 7 drivers/iommu/arm/arm-smmu/arm-smmu-qcom.c | 1 drivers/iommu/intel/iommu.c | 19 drivers/iommu/intel/iommu.h | 3 drivers/iommu/iommufd/io_pagetable.c | 48 drivers/irqchip/irq-mips-gic.c | 8 drivers/irqchip/irq-mvebu-gicp.c | 10 drivers/irqchip/irq-renesas-rzv2h.c | 4 drivers/leds/flash/leds-qcom-flash.c | 15 drivers/leds/leds-lp50xx.c | 11 drivers/leds/trigger/ledtrig-netdev.c | 16 drivers/md/dm-ps-historical-service-time.c | 4 drivers/md/dm-ps-queue-length.c | 4 drivers/md/dm-ps-round-robin.c | 4 drivers/md/dm-ps-service-time.c | 4 drivers/md/dm-stripe.c | 1 drivers/md/dm-table.c | 10 drivers/md/dm-zoned-target.c | 2 drivers/md/dm.c | 37 drivers/md/raid10.c | 1 drivers/media/dvb-frontends/dib7000p.c | 8 drivers/media/i2c/hi556.c | 7 drivers/media/i2c/lt6911uxe.c | 2 drivers/media/i2c/tc358743.c | 86 drivers/media/i2c/vd55g1.c | 11 drivers/media/pci/intel/ipu-bridge.c | 2 drivers/media/platform/qcom/iris/iris_buffer.c | 11 drivers/media/platform/qcom/iris/iris_hfi_gen1_defines.h | 2 drivers/media/platform/qcom/iris/iris_hfi_gen1_response.c | 6 drivers/media/platform/qcom/venus/hfi_msgs.c | 83 drivers/media/platform/raspberrypi/rp1-cfe/cfe.c | 4 drivers/media/usb/hdpvr/hdpvr-i2c.c | 6 drivers/media/usb/uvc/uvc_ctrl.c | 65 drivers/media/usb/uvc/uvc_driver.c | 12 drivers/media/usb/uvc/uvc_video.c | 21 drivers/media/usb/uvc/uvcvideo.h | 2 drivers/media/v4l2-core/v4l2-common.c | 14 drivers/mfd/axp20x.c | 3 drivers/mfd/cros_ec_dev.c | 10 drivers/misc/cardreader/rtsx_usb.c | 16 drivers/misc/mei/bus.c | 6 drivers/mmc/host/rtsx_usb_sdmmc.c | 4 drivers/mmc/host/sdhci-esdhc-imx.c | 16 drivers/mmc/host/sdhci-msm.c | 14 drivers/net/can/ti_hecc.c | 2 drivers/net/dsa/b53/b53_common.c | 78 drivers/net/dsa/b53/b53_regs.h | 7 drivers/net/ethernet/agere/et131x.c | 36 drivers/net/ethernet/aquantia/atlantic/aq_hw.h | 2 drivers/net/ethernet/aquantia/atlantic/hw_atl2/hw_atl2_utils_fw.c | 39 drivers/net/ethernet/atheros/ag71xx.c | 9 drivers/net/ethernet/broadcom/bnxt/bnxt.c | 29 drivers/net/ethernet/cavium/thunder/thunder_bgx.c | 4 drivers/net/ethernet/emulex/benet/be_main.c | 8 drivers/net/ethernet/faraday/ftgmac100.c | 7 drivers/net/ethernet/freescale/dpaa/dpaa_eth.c | 2 drivers/net/ethernet/freescale/dpaa/dpaa_ethtool.c | 4 drivers/net/ethernet/freescale/enetc/enetc_ethtool.c | 15 drivers/net/ethernet/freescale/enetc/enetc_hw.h | 1 drivers/net/ethernet/freescale/enetc/enetc_pf.c | 14 drivers/net/ethernet/freescale/fec_main.c | 34 drivers/net/ethernet/freescale/gianfar_ethtool.c | 4 drivers/net/ethernet/google/gve/gve_adminq.c | 1 drivers/net/ethernet/hisilicon/hibmcge/hbg_err.c | 14 drivers/net/ethernet/hisilicon/hibmcge/hbg_hw.c | 15 drivers/net/ethernet/hisilicon/hibmcge/hbg_txrx.h | 7 drivers/net/ethernet/intel/idpf/idpf.h | 19 drivers/net/ethernet/intel/idpf/idpf_ethtool.c | 36 drivers/net/ethernet/intel/idpf/idpf_lib.c | 18 drivers/net/ethernet/intel/idpf/idpf_main.c | 1 drivers/net/ethernet/intel/idpf/idpf_txrx.c | 13 drivers/net/ethernet/mediatek/mtk_wed.c | 1 drivers/net/ethernet/mellanox/mlx5/core/en/qos.c | 2 drivers/net/ethernet/pensando/ionic/ionic_lif.c | 7 drivers/net/ethernet/stmicro/stmmac/dwmac-thead.c | 14 drivers/net/ethernet/ti/icssg/icss_iep.c | 26 drivers/net/ethernet/ti/icssg/icssg_prueth.c | 6 drivers/net/hamradio/bpqether.c | 2 drivers/net/hyperv/hyperv_net.h | 3 drivers/net/hyperv/netvsc_drv.c | 29 drivers/net/pcs/pcs-xpcs-plat.c | 4 drivers/net/phy/air_en8811h.c | 45 drivers/net/phy/broadcom.c | 25 drivers/net/phy/mdio_bus.c | 1 drivers/net/phy/mdio_bus_provider.c | 3 drivers/net/phy/micrel.c | 12 drivers/net/phy/nxp-c45-tja11xx.c | 23 drivers/net/phy/realtek/realtek_main.c | 10 drivers/net/phy/smsc.c | 1 drivers/net/thunderbolt/main.c | 21 drivers/net/usb/asix_devices.c | 1 drivers/net/usb/cdc_ncm.c | 20 drivers/net/usb/qmi_wwan.c | 1 drivers/net/wan/lapbether.c | 2 drivers/net/wireless/ath/ath10k/core.c | 48 drivers/net/wireless/ath/ath10k/core.h | 11 drivers/net/wireless/ath/ath10k/mac.c | 7 drivers/net/wireless/ath/ath10k/wmi.c | 6 drivers/net/wireless/ath/ath12k/dp.c | 3 drivers/net/wireless/ath/ath12k/hw.c | 2 drivers/net/wireless/ath/ath12k/mac.c | 57 drivers/net/wireless/ath/ath12k/wmi.c | 5 drivers/net/wireless/intel/iwlegacy/4965-mac.c | 5 drivers/net/wireless/intel/iwlwifi/dvm/rs.c | 2 drivers/net/wireless/intel/iwlwifi/fw/dbg.c | 7 drivers/net/wireless/intel/iwlwifi/iwl-drv.c | 8 drivers/net/wireless/intel/iwlwifi/mld/agg.c | 5 drivers/net/wireless/intel/iwlwifi/mld/iface.h | 3 drivers/net/wireless/intel/iwlwifi/mld/link.c | 8 drivers/net/wireless/intel/iwlwifi/mld/mac80211.c | 1 drivers/net/wireless/intel/iwlwifi/mld/mld.c | 2 drivers/net/wireless/intel/iwlwifi/mld/mlo.c | 8 drivers/net/wireless/intel/iwlwifi/mld/scan.c | 2 drivers/net/wireless/intel/iwlwifi/mld/scan.h | 2 drivers/net/wireless/intel/iwlwifi/mvm/d3.c | 2 drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c | 5 drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 2 drivers/net/wireless/intel/iwlwifi/pcie/internal.h | 1 drivers/net/wireless/intel/iwlwifi/pcie/trans-gen2.c | 5 drivers/net/wireless/intel/iwlwifi/pcie/trans.c | 2 drivers/net/wireless/mediatek/mt76/channel.c | 4 drivers/net/wireless/mediatek/mt76/mt76.h | 5 drivers/net/wireless/mediatek/mt76/mt7915/mcu.c | 28 drivers/net/wireless/mediatek/mt76/mt7996/mac.c | 4 drivers/net/wireless/realtek/rtlwifi/pci.c | 23 drivers/net/wireless/realtek/rtw89/chan.c | 6 drivers/net/wireless/realtek/rtw89/coex.c | 12 drivers/net/wireless/realtek/rtw89/core.c | 3 drivers/net/wireless/realtek/rtw89/fw.c | 10 drivers/net/wireless/realtek/rtw89/fw.h | 2 drivers/net/wireless/realtek/rtw89/mac.c | 19 drivers/net/wireless/realtek/rtw89/reg.h | 1 drivers/net/wireless/realtek/rtw89/wow.c | 5 drivers/net/xen-netfront.c | 5 drivers/nvme/host/pci.c | 24 drivers/nvme/host/tcp.c | 11 drivers/pci/controller/dwc/pcie-dw-rockchip.c | 15 drivers/pci/pci-acpi.c | 4 drivers/pci/pci.c | 6 drivers/pci/probe.c | 2 drivers/perf/arm-cmn.c | 1 drivers/perf/arm-ni.c | 1 drivers/perf/cxl_pmu.c | 2 drivers/phy/rockchip/phy-rockchip-pcie.c | 15 drivers/pinctrl/stm32/pinctrl-stm32.c | 1 drivers/platform/chrome/cros_ec_sensorhub.c | 23 drivers/platform/chrome/cros_ec_typec.c | 4 drivers/platform/x86/amd/pmc/pmc-quirks.c | 9 drivers/platform/x86/thinkpad_acpi.c | 4 drivers/pmdomain/imx/imx8m-blk-ctrl.c | 10 drivers/pmdomain/ti/Kconfig | 2 drivers/power/supply/qcom_battmgr.c | 2 drivers/pps/clients/pps-gpio.c | 5 drivers/ptp/ptp_clock.c | 2 drivers/ptp/ptp_private.h | 5 drivers/ptp/ptp_vclock.c | 7 drivers/remoteproc/imx_rproc.c | 4 drivers/reset/Kconfig | 10 drivers/rtc/rtc-ds1307.c | 15 drivers/s390/char/sclp.c | 4 drivers/scsi/aacraid/comminit.c | 3 drivers/scsi/bfa/bfad_im.c | 1 drivers/scsi/libiscsi.c | 3 drivers/scsi/lpfc/lpfc_debugfs.c | 1 drivers/scsi/lpfc/lpfc_hbadisc.c | 3 drivers/scsi/lpfc/lpfc_scsi.c | 4 drivers/scsi/mpi3mr/mpi3mr_os.c | 20 drivers/scsi/mpt3sas/mpt3sas_scsih.c | 19 drivers/scsi/pm8001/pm80xx_hwi.c | 12 drivers/scsi/scsi_scan.c | 2 drivers/scsi/scsi_transport_sas.c | 60 drivers/soc/qcom/mdt_loader.c | 10 drivers/soc/qcom/rpmh-rsc.c | 2 drivers/soundwire/amd_manager.c | 7 drivers/soundwire/bus.c | 6 drivers/staging/gpib/ni_usb/ni_usb_gpib.c | 14 drivers/target/target_core_fabric_lib.c | 63 drivers/target/target_core_internal.h | 4 drivers/target/target_core_pr.c | 18 drivers/thermal/qcom/qcom-spmi-temp-alarm.c | 43 drivers/thermal/thermal_sysfs.c | 9 drivers/thunderbolt/domain.c | 2 drivers/tty/serial/serial_core.c | 44 drivers/ufs/core/ufshcd.c | 9 drivers/usb/class/cdc-acm.c | 11 drivers/usb/core/config.c | 10 drivers/usb/core/urb.c | 2 drivers/usb/dwc3/dwc3-xilinx.c | 1 drivers/usb/host/xhci-mem.c | 2 drivers/usb/host/xhci-ring.c | 10 drivers/usb/host/xhci.c | 6 drivers/usb/typec/mux/intel_pmc_mux.c | 2 drivers/usb/typec/tcpm/fusb302.c | 8 drivers/usb/typec/tcpm/tcpci_maxim_core.c | 46 drivers/usb/typec/ucsi/cros_ec_ucsi.c | 1 drivers/usb/typec/ucsi/psy.c | 2 drivers/usb/typec/ucsi/ucsi.c | 1 drivers/usb/typec/ucsi/ucsi.h | 7 drivers/vfio/pci/mlx5/cmd.c | 4 drivers/vfio/vfio_iommu_type1.c | 7 drivers/vhost/vhost.c | 3 drivers/video/fbdev/Kconfig | 2 drivers/video/fbdev/core/fbcon.c | 9 drivers/video/fbdev/core/fbmem.c | 3 drivers/virt/coco/efi_secret/efi_secret.c | 10 drivers/watchdog/dw_wdt.c | 2 drivers/watchdog/iTCO_wdt.c | 6 drivers/watchdog/sbsa_gwdt.c | 50 fs/btrfs/block-group.c | 31 fs/btrfs/ctree.c | 1 fs/btrfs/disk-io.c | 1 fs/btrfs/extent-tree.c | 33 fs/btrfs/file.c | 59 fs/btrfs/inode.c | 2 fs/btrfs/ioctl.c | 3 fs/btrfs/qgroup.c | 44 fs/btrfs/relocation.c | 19 fs/btrfs/send.c | 33 fs/btrfs/transaction.c | 6 fs/btrfs/tree-log.c | 107 fs/btrfs/zoned.c | 66 fs/btrfs/zoned.h | 3 fs/crypto/fscrypt_private.h | 17 fs/crypto/hkdf.c | 2 fs/crypto/keysetup.c | 3 fs/crypto/keysetup_v1.c | 3 fs/erofs/super.c | 4 fs/exfat/dir.c | 12 fs/exfat/fatent.c | 10 fs/exfat/namei.c | 5 fs/exfat/super.c | 32 fs/ext2/inode.c | 12 fs/ext4/ext4.h | 2 fs/ext4/ialloc.c | 3 fs/ext4/inline.c | 19 fs/ext4/inode.c | 22 fs/ext4/mballoc-test.c | 9 fs/ext4/mballoc.c | 67 fs/f2fs/file.c | 24 fs/f2fs/node.c | 29 fs/fhandle.c | 2 fs/file.c | 15 fs/gfs2/dir.c | 6 fs/gfs2/glops.c | 6 fs/gfs2/meta_io.c | 2 fs/hfs/bfind.c | 3 fs/hfs/bnode.c | 93 fs/hfs/btree.c | 57 fs/hfs/extent.c | 2 fs/hfs/hfs_fs.h | 1 fs/hfsplus/bnode.c | 92 fs/hfsplus/unicode.c | 7 fs/hfsplus/xattr.c | 6 fs/jfs/file.c | 3 fs/jfs/inode.c | 2 fs/jfs/jfs_dmap.c | 6 fs/libfs.c | 4 fs/nfs/blocklayout/blocklayout.c | 4 fs/nfs/blocklayout/dev.c | 5 fs/nfs/blocklayout/extent_tree.c | 20 fs/nfs/client.c | 44 fs/nfs/internal.h | 2 fs/nfs/nfs4client.c | 20 fs/nfs/nfs4proc.c | 2 fs/nfs/pnfs.c | 11 fs/nfsd/nfs4state.c | 34 fs/ntfs3/dir.c | 3 fs/ntfs3/inode.c | 31 fs/ocfs2/aops.c | 1 fs/orangefs/orangefs-debugfs.c | 2 fs/pidfs.c | 2 fs/proc/task_mmu.c | 6 fs/smb/client/cifsencrypt.c | 79 fs/smb/client/cifssmb.c | 10 fs/smb/client/compress.c | 71 fs/smb/client/connect.c | 1 fs/smb/client/sess.c | 9 fs/smb/client/smb2ops.c | 11 fs/smb/client/smbdirect.c | 25 fs/smb/server/smb2pdu.c | 16 fs/tracefs/inode.c | 11 fs/udf/super.c | 13 fs/xfs/scrub/trace.h | 2 include/drm/gpu_scheduler.h | 18 include/linux/acpi.h | 2 include/linux/blk_types.h | 6 include/linux/blkdev.h | 55 include/linux/hid.h | 2 include/linux/hypervisor.h | 3 include/linux/if_vlan.h | 21 include/linux/libata.h | 1 include/linux/memory-tiers.h | 2 include/linux/packing.h | 6 include/linux/pci.h | 6 include/linux/sbitmap.h | 6 include/linux/skbuff.h | 8 include/linux/usb/cdc_ncm.h | 1 include/linux/virtio_vsock.h | 7 include/net/bluetooth/hci.h | 6 include/net/bluetooth/hci_core.h | 5 include/net/cfg80211.h | 2 include/net/ip_vs.h | 13 include/net/kcm.h | 1 include/net/mac80211.h | 4 include/net/page_pool/types.h | 2 include/sound/sdca_function.h | 2 include/trace/events/thp.h | 2 include/uapi/linux/in6.h | 4 include/uapi/linux/io_uring.h | 2 io_uring/memmap.c | 2 io_uring/net.c | 27 io_uring/rsrc.c | 4 io_uring/rsrc.h | 2 io_uring/rw.c | 2 io_uring/zcrx.c | 34 io_uring/zcrx.h | 1 kernel/.gitignore | 2 kernel/Makefile | 47 kernel/bpf/verifier.c | 7 kernel/futex/futex.h | 6 kernel/gen_kheaders.sh | 94 kernel/kthread.c | 1 kernel/module/main.c | 10 kernel/power/console.c | 7 kernel/printk/nbcon.c | 63 kernel/rcu/rcutorture.c | 9 kernel/rcu/tree.c | 2 kernel/rcu/tree.h | 14 kernel/rcu/tree_nocb.h | 5 kernel/rcu/tree_plugin.h | 44 kernel/sched/deadline.c | 4 kernel/sched/fair.c | 19 kernel/sched/rt.c | 6 kernel/trace/fprobe.c | 4 kernel/trace/rv/rv_trace.h | 3 lib/sbitmap.c | 56 mm/damon/core.c | 1 mm/huge_memory.c | 7 mm/kmemleak.c | 10 mm/ptdump.c | 2 mm/shmem.c | 39 mm/slub.c | 7 mm/userfaultfd.c | 17 net/bluetooth/hci_conn.c | 3 net/bluetooth/hci_event.c | 39 net/bluetooth/hci_sock.c | 2 net/core/ieee8021q_helpers.c | 44 net/core/page_pool.c | 29 net/ipv4/route.c | 1 net/ipv4/udp_offload.c | 2 net/ipv6/addrconf.c | 7 net/ipv6/mcast.c | 11 net/ipv6/xfrm6_tunnel.c | 2 net/kcm/kcmsock.c | 10 net/mac80211/chan.c | 1 net/mac80211/ht.c | 40 net/mac80211/ieee80211_i.h | 6 net/mac80211/iface.c | 29 net/mac80211/link.c | 9 net/mac80211/mlme.c | 45 net/mac80211/rx.c | 47 net/mctp/af_mctp.c | 26 net/ncsi/internal.h | 2 net/ncsi/ncsi-rsp.c | 1 net/netfilter/ipvs/ip_vs_est.c | 3 net/netfilter/nf_conntrack_netlink.c | 65 net/netfilter/nf_tables_api.c | 30 net/netfilter/nft_set_pipapo.c | 9 net/netlink/af_netlink.c | 2 net/sched/sch_ets.c | 11 net/sctp/input.c | 2 net/tls/tls.h | 2 net/tls/tls_strp.c | 11 net/tls/tls_sw.c | 3 net/vmw_vsock/virtio_transport.c | 2 net/wireless/mlme.c | 3 net/xfrm/xfrm_device.c | 12 net/xfrm/xfrm_state.c | 74 rust/Makefile | 16 samples/damon/mtier.c | 10 samples/damon/wsse.c | 12 scripts/kconfig/gconf.c | 8 scripts/kconfig/lxdialog/inputbox.c | 6 scripts/kconfig/lxdialog/menubox.c | 2 scripts/kconfig/nconf.c | 2 scripts/kconfig/nconf.gui.c | 1 security/apparmor/domain.c | 52 security/apparmor/file.c | 6 security/apparmor/include/lib.h | 6 security/inode.c | 2 security/landlock/syscalls.c | 1 sound/core/pcm_native.c | 19 sound/pci/hda/cs35l41_hda.c | 2 sound/pci/hda/cs35l56_hda.c | 4 sound/pci/hda/hda_codec.c | 42 sound/pci/hda/patch_ca0132.c | 2 sound/pci/hda/patch_realtek.c | 3 sound/pci/intel8x0.c | 2 sound/soc/codecs/hdac_hdmi.c | 10 sound/soc/codecs/rt5640.c | 5 sound/soc/fsl/fsl_sai.c | 20 sound/soc/intel/avs/core.c | 3 sound/soc/intel/boards/sof_sdw.c | 8 sound/soc/qcom/lpass-platform.c | 27 sound/soc/sdca/sdca_functions.c | 2 sound/soc/soc-core.c | 3 sound/soc/soc-dapm.c | 4 sound/soc/sof/topology.c | 15 sound/usb/mixer_quirks.c | 14 sound/usb/stream.c | 25 sound/usb/validate.c | 12 tools/bpf/bpftool/main.c | 6 tools/include/nolibc/std.h | 4 tools/include/nolibc/types.h | 4 tools/lib/bpf/libbpf.c | 7 tools/power/cpupower/utils/idle_monitor/mperf_monitor.c | 4 tools/power/x86/turbostat/turbostat.c | 14 tools/scripts/Makefile.include | 4 tools/testing/ktest/ktest.pl | 5 tools/testing/selftests/arm64/fp/sve-ptrace.c | 3 tools/testing/selftests/bpf/prog_tests/ringbuf.c | 4 tools/testing/selftests/bpf/prog_tests/user_ringbuf.c | 10 tools/testing/selftests/bpf/progs/test_ringbuf_write.c | 4 tools/testing/selftests/bpf/progs/verifier_unpriv.c | 2 tools/testing/selftests/ftrace/test.d/ftrace/func-filter-glob.tc | 2 tools/testing/selftests/futex/include/futextest.h | 11 tools/testing/selftests/kexec/Makefile | 2 tools/testing/selftests/net/netfilter/config | 2 tools/testing/selftests/vDSO/vdso_test_getrandom.c | 6 tools/verification/dot2/dot2k.py | 3 tools/verification/dot2/dot2k_templates/Kconfig_container | 5 615 files changed, 8824 insertions(+), 5279 deletions(-) Aakash Kumar S (1): xfrm: Duplicate SPI Handling Aaron Kling (1): ARM: tegra: Use I/O memcpy to write to IRAM Aaron Plattner (1): watchdog: sbsa: Adjust keepalive timeout to avoid MediaTek WS0 race condition Abel Vesa (1): power: supply: qcom_battmgr: Add lithium-polymer entry Ahmed Zaki (1): idpf: preserve coalescing settings across resets Al Viro (5): habanalabs: fix UAF in export_dmabuf() better lockdep annotations for simple_recursive_removal() landlock: opened file never has a negative dentry fix locking in efi_secret_unlink() securityfs: don't pin dentries twice, once is enough... Alessio Belle (1): drm/imagination: Clear runtime PM errors while resetting the GPU Alex Guo (2): media: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090p_rw_on_apb() media: dvb-frontends: w7090p: fix null-ptr-deref in w7090p_tuner_write_serpar and w7090p_tuner_read_serpar Alex Hung (1): drm/amd/display: Initialize mode_select to 0 Alexander Kochetkov (1): ARM: rockchip: fix kernel hang during smp initialization Alexey Klimov (1): iommu/arm-smmu-qcom: Add SM6115 MDSS compatible Alok Tiwari (6): net: ti: icss-iep: Fix incorrect type for return value in extts_enable() ALSA: intel8x0: Fix incorrect codec index usage in mixer for ICH4 be2net: Use correct byte order and format string for TCP seq and ack_seq net: thunderx: Fix format-truncation warning in bgx_acpi_match_id() perf/cxlpmu: Remove unintended newline from IRQ name format string gve: Return error for unknown admin queue command Amelie Delaunay (1): dmaengine: stm32-dma: configure next sg only if there are more than 2 sgs Amir Mohammad Jahangirzad (1): fs/orangefs: use snprintf() instead of sprintf() Andrew Price (2): gfs2: Validate i_depth for exhash directories gfs2: Set .migrate_folio in gfs2_{rgrp,meta}_aops Andrey Albershteyn (1): xfs: fix scrub trace with null pointer in quotacheck André Draszik (4): clk: samsung: exynos850: fix a comment clk: samsung: gs101: fix CLK_DOUT_CMU_G3D_BUSD clk: samsung: gs101: fix alternate mout_hsi0_usb20_ref parent clock usb: typec: tcpm/tcpci_maxim: fix irq wake usage Andy Shevchenko (1): Documentation: ACPI: Fix parent device references Andy Yan (1): drm/panel: raydium-rm67200: Move initialization from enable() to prepare stage Anshuman Khandual (1): mm/ptdump: take the memory hotplug lock inside ptdump_walk_pgd() Anthoine Bourgeois (1): xen/netfront: Fix TX response spurious interrupts Armin Wolf (1): ACPI: EC: Relax sanity check of the ECDT ID string Arnaud Lecomte (1): jfs: upper bound check of tree index in dbAllocAG Arnd Bergmann (2): RDMA/core: reduce stack using in nldev_stat_get_doit() firmware: arm_scmi: Convert to SYSTEM_SLEEP_PM_OPS Artem Sadovnikov (1): vfio/mlx5: fix possible overflow in tracking max message size Avraham Stern (4): wifi: iwlwifi: mld: avoid outdated reorder buffer head_sn wifi: iwlwifi: mvm: avoid outdated reorder buffer head_sn wifi: iwlwifi: mld: fix scan request validation wifi: iwlwifi: mvm: fix scan request validation Baokun Li (2): ext4: fix zombie groups in average fragment size lists ext4: fix largest free orders lists corruption on mb_optimize_scan switch Bartosz Golaszewski (3): Revert "gpio: pxa: Make irq_chip immutable" gpio: wcd934x: check the return value of regmap_update_bits() gpio: tps65912: check the return value of regmap_update_bits() Benjamin Berg (1): wifi: iwlwifi: mld: use the correct struct size for tracing Benjamin Marzinski (1): dm-table: fix checking for rq stackable devices Benjamin Mugnier (3): media: i2c: vd55g1: Setup sensor external clock before patching media: i2c: vd55g1: Fix RATE macros not being expressed in bps media: i2c: vd55g1: Fix return code in vd55g1_enable_streams error path Benson Leung (1): usb: typec: ucsi: psy: Set current max to 100mA for BC 1.2 and Default Bharat Bhushan (1): crypto: octeontx2 - add timeout for load_fvc completion poll Bijan Tabatabai (1): mm/damon/core: commit damos->target_nid Biju Das (2): irqchip/renesas-rzv2h: Enable SKIP_SET_WAKE and MASK_ON_SUSPEND net: phy: micrel: Add ksz9131_resume() Binbin Zhou (1): gpio: loongson-64bit: Extend GPIO irq support Bitterblue Smith (3): wifi: rtw89: Lower the timeout in rtw89_fw_read_c2h_reg() for USB wifi: rtw89: Fix rtw89_mac_power_switch() for USB wifi: rtw89: Disable deep power saving for USB/SDIO Bjorn Andersson (1): soc: qcom: mdt_loader: Actually use the e_phoff Boris Burkov (2): btrfs: fix ssd_spread overallocation btrfs: fix iteration bug in __qgroup_excl_accounting() Breno Leitao (5): ACPI: APEI: GHES: add TAINT_MACHINE_CHECK on GHES panic path arm64: Mark kernel as tainted on SAE and SError panic ptp: Use ratelimite for freerun error message ipmi: Use dev_warn_ratelimited() for incorrect message warnings mm/kmemleak: avoid deadlock by moving pr_warn() outside kmemleak_lock Buday Csaba (2): net: mdiobus: release reset_gpio in mdiobus_unregister_device() net: phy: smsc: add proper reset flags for LAN8710A Caleb Sander Mateos (2): ublk: check for unprivileged daemon on each I/O fetch btrfs: don't skip accounting in early ENOTTY return in btrfs_uring_encoded_read() Calvin Owens (2): tools/power turbostat: Fix build with musl tools/power turbostat: Handle cap_get_proc() ENOSYS Cezary Rojewski (1): ASoC: Intel: avs: Fix uninitialized pointer error in probe() Chao Yu (1): f2fs: handle nat.blkaddr corruption in f2fs_get_node_info() Charlene Liu (1): drm/amd/display: limit clear_update_flags to dcn32 and above Charles Keepax (2): ASoC: SDCA: Add flag for unused IRQs soundwire: Move handle_nested_irq outside of sdw_dev_lock Cheick Traore (1): pinctrl: stm32: Manage irq affinity settings Chen-Yu Tsai (1): mfd: axp20x: Set explicit ID for AXP313 regulator Chih-Kang Chang (1): wifi: rtw89: scan abort when assign/unassign_vif Chin-Yen Lee (1): wifi: rtw89: wow: Add Basic Rate IE to probe request in scheduled scan mode Ching-Te Ku (1): wifi: rtw89: coex: Not to set slot duration to zero to avoid firmware issue Chris Mason (1): sched/fair: Bump sd->max_newidle_lb_cost when newidle balance fails Christian Brauner (2): fhandle: raise FILEID_IS_DIR in handle_type pidfs: raise SB_I_NODEV and SB_I_NOEXEC Christian Marangi (1): clk: qcom: gcc-ipq8074: fix broken freq table for nss_port6_tx_clk_src Christophe Leroy (1): ALSA: pcm: Rewrite recalculate_boundary() to avoid costly loop Christopher Eby (1): ALSA: hda/realtek: Add Framework Laptop 13 (AMD Ryzen AI 300) to quirks Clark Wang (1): net: phy: nxp-c45-tja11xx: fix the PHY ID mismatch issue when using C45 Claudiu Beznea (1): clk: renesas: rzg2l: Postpone updating priv->clks[] Corey Minyard (1): ipmi: Fix strcpy source and destination the same Cristian Ciocaltea (1): ALSA: usb-audio: Avoid precedence issues in mixer_quirks macros Cynthia Huang (1): selftests/futex: Define SYS_futex on 32-bit architectures with 64-bit time_t Dai Ngo (1): NFSD: detect mismatch of file handle and delegation stateid in OPEN op Damien Le Moal (9): block: Make REQ_OP_ZONE_FINISH a write operation ata: ahci: Disallow LPM policy control if not supported ata: ahci: Disable DIPM if host lacks support ata: libata-sata: Disallow changing LPM state if not supported scsi: mpt3sas: Correctly handle ATA device errors scsi: mpi3mr: Correctly handle ATA device errors block: Introduce bio_needs_zone_write_plugging() dm: Always split write BIOs to zoned device limits ata: libata-sata: Add link_power_management_supported sysfs attribute Daniel Braunwarth (1): net: phy: realtek: add error handling to rtl8211f_get_wol Daniel Golle (1): Revert "leds: trigger: netdev: Configure LED blink interval for HW offload" Daniel Scally (1): media: ipu-bridge: Add _HID for OV5670 Daniele Palmas (1): bus: mhi: host: pci_generic: Add Telit FN990B40 modem support Dave Penkler (1): staging: gpib: Add init response codes for new ni-usb-hs+ Dave Stevenson (3): media: tc358743: Check I2C succeeded during probe media: tc358743: Return an appropriate colorspace from tc358743_set_fmt media: tc358743: Increase FIFO trigger level to 374 David Bauer (2): wifi: mt76: mt7915: mcu: re-init MCU before loading FW patch wifi: mt76: mt7915: mcu: increase eeprom command timeout David Collins (1): thermal/drivers/qcom-spmi-temp-alarm: Enable stage 2 shutdown when required David Hildenbrand (1): mm/huge_memory: don't ignore queried cachemode in vmf_insert_pfn_pud() David Howells (1): cifs: Fix collect_sample() to handle any iterator type David Lechner (1): iio: adc: ad_sigma_delta: don't overallocate scan buffer David Thompson (3): gpio: mlxbf2: use platform_get_irq_optional() Revert "gpio: mlxbf3: only get IRQ for device instance 0" gpio: mlxbf3: use platform_get_irq_optional() David Wei (1): bnxt: fill data page pool with frags if PAGE_SIZE > BNXT_RX_PAGE_SIZE Davide Caratti (1): net/sched: ets: use old 'nbands' while purging unused classes Dikshita Agarwal (1): media: iris: Add handling for corrupt and drop frames Dongcheng Yan (1): media: i2c: set lt6911uxe's reset_gpio to GPIOD_OUT_LOW Eduard Zingerman (1): libbpf: Verify that arena map exists when adding arena relocations Edward Adam Davis (1): jfs: Regular file corruption check Elad Nachman (1): irqchip/mvebu-gicp: Clear pending interrupts on init Eliav Farber (1): pps: clients: gpio: fix interrupt handling order in remove path Emily Deng (1): drm/ttm: Should to return the evict error En-Wei Wu (1): Bluetooth: btusb: Add new VID/PID 0489/e14e for MT7925 Eric Biggers (4): fscrypt: Don't use problematic non-inline crypto engines lib/crypto: x86/poly1305: Fix register corruption in no-SIMD contexts lib/crypto: x86/poly1305: Fix performance regression on short messages thunderbolt: Fix copy+paste error in match_service_id() Eric Work (1): net: atlantic: add set_power to fw_ops for atl2 to fix wol Fabio Porcedda (1): net: usb: qmi_wwan: add Telit Cinterion FN990A w/audio composition Fedor Pchelkin (1): netlink: avoid infinite retry looping in netlink_unicast() Felix Fietkau (1): wifi: mt76: fix vif link allocation Filipe Manana (11): btrfs: fix -ENOSPC mmap write failure on NOCOW files/extents btrfs: abort transaction during log replay if walk_log_tree() failed btrfs: qgroup: set quota enabled bit if quota disable fails flushing reservations btrfs: don't ignore inode missing when replaying log tree btrfs: qgroup: fix race between quota disable and quota rescan ioctl btrfs: qgroup: fix qgroup create ioctl returning success after quotas disabled btrfs: don't skip remaining extrefs if dir not found during log replay btrfs: clear dirty status from extent buffer on error at insert_new_root() btrfs: send: use fallocate for hole punching with send stream v2 btrfs: fix log tree replay failure due to file with 0 links and extents btrfs: error on missing block group when unaccounting log tree extent buffers Florian Larysch (1): net: phy: micrel: fix KSZ8081/KSZ8091 cable test Florian Westphal (3): netfilter: ctnetlink: fix refcount leak on table dump netfilter: ctnetlink: remove refcounting in expectation dumpers netfilter: nft_set_pipapo: prefer kvmalloc for scratch maps Florin Leotescu (1): hwmon: (emc2305) Set initial PWM minimum value during probe based on thermal state Francisco Gutierrez (1): scsi: pm80xx: Free allocated tags after failure Frederic Weisbecker (2): ipvs: Fix estimator kthreads preferred affinity rcu: Fix racy re-initialization of irq_work causing hangs Fushuai Wang (1): x86/fpu: Fix NULL dereference in avx512_status() Gabriel Totev (1): apparmor: shift ouid when mediating hard links in userns Gal Pressman (2): net: vlan: Make is_vlan_dev() a stub when VLAN is not configured net: vlan: Replace BUG() with WARN_ON_ONCE() in vlan_dev_* stubs GalaxySnail (1): ALSA: hda: add MODULE_FIRMWARE for cs35l41/cs35l56 Gao Xiang (1): erofs: fix block count report when 48-bit layout is on Gautham R. Shenoy (1): pm: cpupower: Fix the snapshot-order of tsc,mperf, clock in mperf_stop() George Gaidarov (1): EDAC/ie31200: Enable support for Core i5-14600 and i7-14700 George Moussalem (1): clk: qcom: ipq5018: keep XO clock always on Geraldo Nascimento (1): phy: rockchip-pcie: Properly disable TEST_WRITE strobe signal Gerd Hoffmann (1): x86/sev/vc: Fix EFI runtime instruction emulation Greg Kroah-Hartman (1): Linux 6.16.2 Guillaume La Roque (1): pmdomain: ti: Select PM_GENERIC_DOMAINS Gwendal Grignou (1): platform/chrome: cros_ec_sensorhub: Retries when a sensor is not ready Haibo Chen (1): mmc: sdhci-esdhc-imx: Don't change pinctrl in suspend if wakeup source Haiyang Zhang (1): hv_netvsc: Fix panic during namespace deletion with VF Hans de Goede (3): mei: bus: Check for still connected devices in mei_cl_bus_dev_release() media: hi556: Fix reset GPIO timings i2c: core: Fix double-free of fwnode in i2c_unregister_device() Haoran Jiang (1): LoongArch: BPF: Fix jump offset calculation in tailcall Harald Mommer (1): gpio: virtio: Fix config space reading. Hari Chandrakanthan (2): wifi: mac80211: fix rx link assignment for non-MLO stations wifi: ath12k: Fix station association with MBSSID Non-TX BSS Hari Kalavakunta (1): net: ncsi: Fix buffer overflow in fetching version id Heiko Carstens (1): s390/early: Copy last breaking event address to pt_regs Heiner Kallweit (2): net: ftgmac100: fix potential NULL pointer access in ftgmac100_phy_disconnect dpaa_eth: don't use fixed_phy_change_carrier Hiago De Franco (1): remoteproc: imx_rproc: skip clock enable when M-core is managed by the SCU Hsin-Te Yuan (1): thermal: sysfs: Return ENODATA instead of EAGAIN for reads Huacai Chen (2): PCI: Extend isolated function probing to LoongArch LoongArch: Make relocate_new_kernel_size be a .quad value Ian Abbott (1): comedi: fix race between polling and detaching Ihor Solodrai (1): bpf: Make reg_not_null() true for CONST_PTR_TO_MAP Ilan Peer (1): wifi: cfg80211: Fix interface type validation Ilya Bakoulin (1): drm/amd/display: Separate set_gsl from set_gsl_source_select Ivan Lipski (1): drm/amd/display: Allow DCN301 to clear update flags Jack Ping CHNG (1): net: pcs: xpcs: mask readl() return value to 16 bits Jack Xiao (1): drm/amdgpu: fix incorrect vm flags to map bo Jaegeuk Kim (1): f2fs: check the generic conditions first Jakub Kicinski (4): net: page_pool: allow enabling recycling late, fix false positive warning tls: handle data disappearing from under the TLS ULP eth: bnxt: take page size into account for page pool recycling rings uapi: in6: restore visibility of most IPv6 socket options Jameson Thies (1): usb: typec: ucsi: Add poll_cci operation to cros_ec_ucsi Jan Kara (2): loop: Avoid updating block size under exclusive owner udf: Verify partition map count Jarkko Sakkinen (1): tpm: Check for completion after timeout Jason Gunthorpe (1): iommufd: Prevent ALIGN() overflow Jason Wang (1): vhost: fail early when __vhost_add_used() fails Jay Chen (1): usb: xhci: Set avg_trb_len = 8 for EP0 during Address Device Command Jeff Layton (1): nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() Jens Axboe (3): io_uring/memmap: cast nr_pages to size_t before shifting io_uring/net: commit partial buffers on retry io_uring/rw: cast rw->flags assignment to rwf_t Jeongjun Park (1): ptp: prevent possible ABBA deadlock in ptp_clock_freerun() Jiasheng Jiang (1): scsi: lpfc: Remove redundant assignment to avoid memory leak Jiayi Li (1): ACPI: processor: perflib: Fix initial _PPC limit application Jijie Shao (3): net: hibmcge: fix rtnl deadlock issue net: hibmcge: fix the division by zero issue net: hibmcge: fix the np_link_fail error reporting issue Jinjiang Tu (1): mm/smaps: fix race between smaps_hugetlb_range and migration Joel Fernandes (1): rcu: Fix rcu_read_unlock() deadloop due to IRQ work Johan Adolfsson (1): leds: leds-lp50xx: Handle reg to get correct multi_index Johan Hovold (5): net: gianfar: fix device leak when querying time stamp info net: enetc: fix device and OF node leak at probe net: mtk_eth_soc: fix device leak at probe net: ti: icss-iep: fix device and OF node leaks at probe net: dpaa: fix device leak when querying time stamp info Johannes Berg (6): wifi: cfg80211: reject HTC bit for management frames wifi: mac80211: don't use TPE data from assoc response wifi: mac80211: don't unreserve never reserved chanctx wifi: mac80211: don't complete management TX on SAE commit wifi: iwlwifi: mld: fix last_mlo_scan_time type wifi: iwlwifi: pcie: reinit device properly during TOP reset Johannes Thumshirn (2): btrfs: zoned: use filesystem size not disk size for reclaim decision btrfs: zoned: reserve data_reloc block group on mount John Ernberg (1): crypto: caam - Support iMX8QXP and variants thereof John Garry (4): dm-stripe: limit chunk_sectors to the stripe size md/raid10: set chunk_sectors limit scsi: aacraid: Stop using PCI_IRQ_AFFINITY block: avoid possible overflow for chunk_sectors check in blk_stack_limits() John Johansen (1): apparmor: fix x_table_lookup when stacking is not the first entry John Ogness (1): printk: nbcon: Allow reacquire during panic Jonas Rebmann (1): net: fec: allow disable coalescing Jonathan Santos (1): iio: adc: ad7768-1: Ensure SYNC_IN pulse minimum timing requirement Jorge Marques (1): i3c: master: Initialize ret in i3c_i2c_notifier_call() Joseph Tilahun (1): tty: serial: fix print format specifiers Jouni Högander (1): drm/i915/psr: Do not trigger Frame Change events from frontbuffer flush Juri Lelli (1): sched/deadline: Fix accounting after global limits change Justin Tee (2): scsi: lpfc: Ensure HBA_SETUP flag is used only for SLI4 in dev_loss_tmo_callbk scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure Kairui Song (1): mm/shmem, swap: improve cached mTHP handling and fix potential hang Kalesh AP (1): RDMA/bnxt_re: Fix size of uverbs_copy_to() in BNXT_RE_METHOD_GET_TOGGLE_MEM Kamil Horák - 2N (1): net: phy: bcm54811: PHY initialization Kang Yang (1): wifi: ath10k: shutdown driver when hardware is unreliable Karthik Poosa (1): drm/xe/hwmon: Add SW clamp for power limits writes Karthikeyan Kathirvel (1): wifi: ath12k: Decrement TID on RX peer frag setup error handling Kees Cook (2): arm64: Handle KCOV __init vs inline mismatches platform/x86: thinkpad_acpi: Handle KCOV __init vs inline mismatches Keith Busch (2): nvme-pci: try function level reset on init failure vfio/type1: conditional rescheduling while pinning Krzysztof Hałasa (1): imx8m-blk-ctrl: set ISI panic write hurry level Krzysztof Kozlowski (2): leds: flash: leds-qcom-flash: Fix registry access after re-bind clk: qcom: dispcc-sm8750: Fix setting rate byte and pixel clocks Kuan-Chung Chen (1): wifi: rtw89: 8852c: increase beacon loss to 6 seconds Kuninori Morimoto (1): ASoC: soc-dapm: set bias_level if snd_soc_dapm_set_bias_level() was successed Kuniyuki Iwashima (1): ipv6: mcast: Check inet6_dev->dead under idev->mc_lock in __ipv6_dev_mc_inc(). Lad Prabhakar (1): drm: renesas: rz-du: mipi_dsi: Add min check for VCLK range Len Brown (2): intel_idle: Allow loading ACPI tables for any family tools/power turbostat: Handle non-root legacy-uncore sysfs permissions Leon Romanovsky (1): net/mlx5e: Properly access RCU protected qdisc_sleeping variable Li Chen (3): ACPI: Suppress misleading SPCR console message when SPCR table is absent HID: rate-limit hid_warn to prevent log flooding ACPI: Return -ENODEV from acpi_parse_spcr() when SPCR support is disabled Li RongQing (1): cpufreq: intel_pstate: Add Granite Rapids support in no-HWP mode Li Zhijian (1): mm/memory-tier: fix abstract distance calculation overflow Lifeng Zheng (2): cpufreq: Exit governor when failed to start old governor PM / devfreq: governor: Replace sscanf() with kstrtoul() in set_freq_store() Lijo Lazar (3): drm/amdgpu: Add more checks to PSP mailbox drm/amd/pm: Use pointer type for typecheck() drm/amdgpu: Suspend IH during mode-2 reset Lizhi Xu (3): fs/ntfs3: Add sanity check for file name jfs: truncate good inode pages when hard link is 0 ocfs2: reset folio to NULL when get folio fails Lorenzo Bianconi (1): wifi: mt76: mt7996: Fix mlink lookup in mt7996_tx_prepare_skb Lu Baolu (1): iommu/vt-d: Optimize iotlb_sync_map for non-caching/non-RWBF modes Lucien.Jheng (1): net: phy: air_en8811h: Introduce resume/suspend and clk_restore_context to ensure correct CKO settings after network interface reinitialization. Lucy Thrun (1): ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control Lukas Wunner (1): PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports MD Danish Anwar (1): net: ti: icssg-prueth: Fix emac link speed handling Ma Ke (1): sunvdc: Balance device refcount in vdc_port_mpgroup_check Marek Szyprowski (1): media: v4l2: Add support for NV12M tiled variants to v4l2_format_info() Mario Limonciello (8): platform/x86/amd: pmc: Add Lenovo Yoga 6 13ALC6 to pmc quirk list usb: xhci: Avoid showing warnings for dying controller usb: xhci: Avoid showing errors during surprise removal drm/amd: Allow printing VanGogh OD SCLK levels without setting dpm to manual drm/amd/display: Stop storing failures into adev->dm.cached_state drm/amd/display: Only finalize atomic_obj if it was initialized drm/amd/display: Avoid configuring PSR granularity if PSR-SU not supported crypto: ccp - Add missing bootloader info reg for pspv6 Mark Brown (3): ASoC: hdac_hdmi: Rate limit logging on connection and disconnection kselftest/arm64: Specify SVE data when testing VL set in sve-ptrace regmap: irq: Free the regmap-irq mutex Mark Rutland (1): arm64: stacktrace: Check kretprobe_find_ret_addr() return value Markus Stockhausen (1): irqchip/mips-gic: Allow forced affinity Markus Theil (1): crypto: jitter - fix intermediary handling Masahiro Yamada (3): kconfig: gconf: avoid hardcoding model2 in on_treeview2_cursor_changed() kconfig: gconf: fix potential memory leak in renderer_edited() kheaders: rebuild kheaders_data.tar.xz when a file is modified within a minute Masami Hiramatsu (Google) (2): selftests: tracing: Use mutex_unlock for testing glob filter tracing: fprobe: Fix infinite recursion using preempt_*_notrace() Mateusz Guzik (1): apparmor: use the condition in AA_BUG_FMT even with debug disabled Matt Johnston (1): net: mctp: Prevent duplicate binds Matt Roper (1): drm/xe/xe_query: Use separate iterator while filling GT list Matteo Croce (1): libbpf: Fix warning in calloc() usage Matthew Auld (3): drm/xe/migrate: prevent infinite recursion drm/xe/migrate: don't overflow max copy size drm/xe/migrate: prevent potential UAF Maulik Shah (1): soc: qcom: rpmh-rsc: Add RSC version 4 support Maurizio Lombardi (2): nvme-tcp: log TLS handshake failures at error level scsi: target: core: Generate correct identifiers for PR OUT transport IDs Mauro Carvalho Chehab (1): sphinx: kernel_abi: fix performance regression with O=<dir> Maxim Levitsky (3): KVM: nVMX: Check vmcs12->guest_ia32_debugctl on nested VM-Enter KVM: VMX: Wrap all accesses to IA32_DEBUGCTL with getter/setter APIs KVM: VMX: Preserve host's DEBUGCTLMSR_FREEZE_IN_SMM while running the guest Meagan Lloyd (2): rtc: ds1307: handle oscillator stop flag (OSF) for ds1341 rtc: ds1307: remove clear of oscillator stop flag (OSF) in probe Michal Wilczynski (1): clk: thead: Mark essential bus clocks as CLK_IGNORE_UNUSED Miguel Ojeda (2): rust: kbuild: clean output before running `rustdoc` rust: workaround `rustdoc` target modifiers bug Mikulas Patocka (1): dm-mpath: don't print the "loaded" message if registering fails Mina Almasry (1): netmem: fix skb_frag_address_safe with unreadable skbs Miri Korenblit (6): wifi: iwlwifi: mld: use spec link id and not FW link id wifi: mac80211: handle WLAN_HT_ACTION_NOTIFY_CHANWIDTH async wifi: iwlwifi: mvm: set gtk id also in older FWs wifi: iwlwifi: handle non-overlapping API ranges wifi: mac80211: avoid weird state in error path wifi: iwlwifi: mld: don't exit EMLSR when we shouldn't Moon Hee Lee (1): selftests/kexec: fix test_kexec_jump build Myrrh Periwinkle (1): usb: typec: ucsi: Update power_supply on power role change Nam Cao (2): verification/dot2k: Make a separate dot2k_templates/Kconfig_container rv: Add #undef TRACE_INCLUDE_FILE Naohiro Aota (3): btrfs: zoned: requeue to unused block group list if zone finish failed btrfs: zoned: do not remove unwritten non-data block group btrfs: zoned: do not select metadata BG as finish target Nathan Lynch (1): lib: packing: Include necessary headers NeilBrown (1): smb/server: avoid deadlock when linking with ReplaceIfExists Nicholas Kazlauskas (1): drm/amd/display: Update DMCUB loading sequence for DCN3.5 Nicolin Chen (2): iommu/arm-smmu-v3: Revert vmaster in the error path iommufd: Report unmapped bytes in the error path of iopt_unmap_iova_range Niklas Söderlund (1): media: v4l2-common: Reduce warnings about missing V4L2_CID_LINK_FREQ control Nikunj A Dadhania (1): x86/sev: Improve handling of writes to intercepted TSC MSRs Nitin Rawat (1): scsi: ufs: core: Fix interrupt handling for MCQ Mode Oliver Neukum (3): usb: core: usb_submit_urb: downgrade type check net: usb: cdc-ncm: check for filtering capability cdc-acm: fix race between initial clearing halt and open Oscar Maes (1): net: ipv4: fix incorrect MTU in broadcast routes Pablo Neira Ayuso (1): netfilter: nf_tables: reject duplicate device on updates Pagadala Yesu Anjaneyulu (1): wifi: iwlwifi: fw: Fix possible memory leak in iwl_fw_dbg_collect Pali Rohár (1): cifs: Fix calling CIFSFindFirst() for root path without msearch Paul Chaignon (1): bpf: Forget ranges when refining tnum after JSET Paul E. McKenney (1): rcu: Protect ->defer_qs_iw_pending from data race Paulo Alcantara (1): smb: client: fix session setup against servers that require SPN Pavel Begunkov (5): io_uring: don't use int for ABI io_uring: export io_[un]account_mem io_uring/zcrx: account area memory io_uring/zcrx: fix null ifq on area destruction io_uring/zcrx: don't leak pages on account failure Pawan Gupta (1): x86/bugs: Avoid warning when overriding return thunk Pedro Falcato (1): RDMA/siw: Fix the sendmsg byte count in siw_tcp_sendpages Pei Xiao (1): clk: tegra: periph: Fix error handling and resolve unsigned compare warning Peichen Huang (1): drm/amd/display: add null check Peng Fan (1): firmware: arm_scmi: power_control: Ensure SCMI_SYSPOWER_IDLE is set early during resume Peter Jakubek (1): ASoC: Intel: sof_sdw: Add quirk for Alienware Area 51 (2025) 0CCC SKU Peter Robinson (1): reset: brcmstb: Enable reset drivers for ARCH_BCM2835 Peter Ujfalusi (2): ASoC: SOF: topology: Parse the dapm_widget_tokens in case of DSPless mode ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime() Petr Pavlu (1): module: Prevent silent truncation of module name in delete_module(2) Philipp Stanner (2): drm/sched/tests: Add unit test for cancel_job() drm/sched: Avoid memory leaks with cancel_job() callback Prashant Malani (1): cpufreq: CPPC: Mark driver with NEED_UPDATE_LIMITS flag Purva Yeshi (1): md: dm-zoned-target: Initialize return variable r to avoid uninitialized use Qu Wenruo (3): btrfs: populate otime when logging an inode item btrfs: fix wrong length parameter for btrfs_cleanup_ordered_extents() btrfs: do not allow relocation of partially dropped subvolumes Radhey Shyam Pandey (1): usb: dwc3: xilinx: add shutdown callback Rafael J. Wysocki (3): ACPI: processor: perflib: Move problematic pr->performance check cpuidle: governors: menu: Avoid using invalid recent intervals data PM: runtime: Clear power.needs_force_resume in pm_runtime_reinit() Raj Kumar Bhagat (1): wifi: ath12k: Enable REO queue lookup table feature on QCN9274 hw2.0 Rameshkumar Sundaram (1): wifi: ath12k: Fix beacon reception for sta associated to Non-TX AP Ramya Gnanasekar (1): wifi: mac80211: update radar_required in channel context after channel switch Rand Deeb (1): wifi: iwlwifi: dvm: fix potential overflow in rs_fill_link_cmd() Randy Dunlap (2): fbdev: nvidiafb: add depends on HAS_IOPORT parisc: Makefile: fix a typo in palo.conf Ranjan Kumar (1): scsi: Fix sas_user_scan() to handle wildcard and multi-channel scans Ricardo Ribalda (4): media: uvcvideo: Add quirk for HP Webcam HD 2300 media: uvcvideo: Set V4L2_CTRL_FLAG_DISABLED during queryctrl errors media: uvcvideo: Do not mark valid metadata as invalid media: uvcvideo: Turn on the camera if V4L2_EVENT_SUB_FL_SEND_INITIAL Ricky Wu (1): misc: rtsx: usb: Ensure mmc child device is active when card is present Rob Clark (2): drm/msm: Update register xml drm/msm: use trylock for debugfs Robin Murphy (1): perf/arm: Add missing .suppress_bind_attrs Roman Li (1): drm/amd/display: Disable dsc_power_gate for dcn314 by default Rong Zhang (1): fs/ntfs3: correctly create symlink for relative path RubenKelevra (1): net: ieee8021q: fix insufficient table-size assertion Sabrina Dubroca (4): xfrm: flush all states in xfrm_state_fini xfrm: restore GSO for SW crypto xfrm: bring back device check in validate_xmit_xfrm udp: also consider secpath when evaluating ipsec use for checksumming Sarah Newman (1): drbd: add missing kref_get in handle_write_conflicts Sarika Sharma (2): wifi: ath12k: Correct tid cleanup when tid setup fails wifi: ath12k: Add memset and update default rate value in wmi tx completion Sarthak Garg (1): mmc: sdhci-msm: Ensure SD card power isn't ON when card removed Sasha Levin (1): fs: Prevent file descriptor table allocations exceeding INT_MAX Sean Christopherson (1): KVM: VMX: Extract checking of guest's DEBUGCTL into helper Sebastian Andrzej Siewior (1): selftests: netfilter: Enable CONFIG_INET_SCTP_DIAG Sebastian Ott (1): ACPI: processor: fix acpi_object initialization Sebastian Reichel (2): watchdog: dw_wdt: Fix default timeout usb: typec: fusb302: cache PD RX state SeongJae Park (2): samples/damon/wsse: fix boot time enable handling samples/damon/mtier: support boot time enable setup Sergey Bashirov (4): pNFS: Fix stripe mapping in block/scsi layout pNFS: Fix disk addr range check in block/scsi layout pNFS: Handle RPC size limit for layoutcommits pNFS: Fix uninited ptr deref in block/scsi layout Shankari Anand (1): kconfig: nconf: Ensure null termination where strncpy is used Shannon Nelson (1): ionic: clean dbpage in de-init Shengjiu Wang (1): ASoC: fsl_sai: replace regmap_write with regmap_update_bits Shiji Yang (2): MIPS: vpe-mt: add missing prototypes for vpe_{alloc,start,stop,free} MIPS: lantiq: falcon: sysctrl: fix request memory check logic Shin'ichiro Kawasaki (1): dm: split write BIOs on zone boundaries when zone append is not emulated Showrya M N (1): scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated Shuai Xue (1): ACPI: APEI: send SIGBUS to current task if synchronous memory error not recovered Shubhrajyoti Datta (1): EDAC/synopsys: Clear the ECC counters on init Shyam Prasad N (1): cifs: reset iface weights when we cannot find a candidate Siddharth Vadapalli (1): arm64: dts: ti: k3-j722s-evm: Fix USB gpio-hog level for Type-C Sravan Kumar Gundu (1): fbdev: Fix vmalloc out-of-bounds write in fast_imageblit Srinivas Kandagatla (1): ASoC: qcom: use drvdata instead of component to keep id Stanislav Fomichev (2): net: lapbether: ignore ops-locked netdevs hamradio: ignore ops-locked netdevs Stanislaw Gruszka (1): wifi: iwlegacy: Check rate_idx range after addition Stefan Metzmacher (3): smb: client: let send_done() cleanup before calling smbd_disconnect_rdma_connection() smb: client: don't wait for info->send_pending == 0 on error smb: client: don't call init_waitqueue_head(&info->conn_wait) twice in _smbd_get_connection Steve French (1): smb3: fix for slab out of bounds on mount to ksmbd Steven Rostedt (3): tracefs: Add d_delete to remove negative dentries powerpc/thp: tracing: Hide hugepage events under CONFIG_PPC_BOOK3S_64 ktest.pl: Prevent recursion of default variable options Su Hui (1): usb: xhci: print xhci->xhc_state when queue_command failed Suchit Karunakaran (1): kconfig: lxdialog: replace strcpy() with strncpy() in inputbox.c Suren Baghdasaryan (1): userfaultfd: fix a crash in UFFDIO_MOVE when PMD is a migration entry Sven Schnelle (3): s390/sclp: Use monotonic clock in sclp_sync_wait() s390/time: Use monotonic clock in get_cycles() s390/stp: Remove udelay from stp_sync_clock() Sven Stegemann (1): net: kcm: Fix race condition in kcm_unattach() Takashi Iwai (4): ALSA: usb-audio: Validate UAC3 power domain descriptors, too ALSA: usb-audio: Validate UAC3 cluster segment descriptors ALSA: hda: Handle the jack polling always via a work ALSA: hda: Disable jack polling at shutdown Tetsuo Handa (1): hfsplus: don't use BUG_ON() in hfsplus_create_attributes_file() Theodore Ts'o (1): ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr Thierry Reding (2): firmware: tegra: Fix IVC dependency problems drm/fbdev-client: Skip DRM clients if modesetting is absent Thomas Croft (1): ALSA: hda/realtek: add LG gram 16Z90R-A to alc269 fixup table Thomas Fourier (6): et131x: Add missing check after DMA map net: ag71xx: Add missing check after DMA map (powerpc/512) Fix possible `dma_unmap_single()` on uninitialized pointer wifi: rtlwifi: fix possible skb memory leak in `_rtl_pci_rx_interrupt()`. powerpc: floppy: Add missing checks after DMA map wifi: rtlwifi: fix possible skb memory leak in _rtl_pci_init_one_rxdesc() Thomas Gleixner (1): irqchip/mvebu-gicp: Use resource_size() for ioremap() Thomas Weißschuh (7): LoongArch: Don't use %pK through printk() in unwinder mfd: cros_ec: Separate charge-control probing from USB-PD tools/nolibc: define time_t in terms of __kernel_old_time_t tools/build: Fix s390(x) cross-compilation with clang selftests: vDSO: vdso_test_getrandom: Always print TAP header um: Re-evaluate thread flags repeatedly MIPS: Don't crash in stack_top() for tasks without ABI or vDSO Tiffany Yang (1): binder: Fix selftest page indexing Tom Lendacky (1): x86/sev: Ensure SVSM reserved fields in a page validation entry are initialized to zero Tomasz Michalec (2): usb: typec: intel_pmc_mux: Defer probe if SCU IPC isn't present platform/chrome: cros_ec_typec: Defer probe on missing EC parent Tomi Valkeinen (1): media: raspberrypi: cfe: Fix min_reqbufs_allocation Trond Myklebust (1): NFS: Fix the setting of capabilities when automounting a new filesystem Tvrtko Ursulin (2): drm/xe: Make dma-fences compliant with the safe access rules drm/ttm: Respect the shrinker core free target Ulf Hansson (1): mmc: rtsx_usb_sdmmc: Fix error-path in sd_set_power_mode() Umio Yasuno (1): drm/amd/pm: fix null pointer access Uwe Kleine-König (1): Bluetooth: btusb: Add support for variant of RTL8851BE (USB ID 13d3:3601) Valmantas Paliksa (1): phy: rockchip-pcie: Enable all four lanes if required Vasiliy Kovalev (1): ALSA: hda/realtek: Fix headset mic on HONOR BRB-X Vedang Nagar (1): media: venus: Fix OOB read due to missing payload bound check Viacheslav Dubeyko (5): hfs: fix general protection fault in hfs_find_init() hfs: fix slab-out-of-bounds in hfs_bnode_read() hfsplus: fix slab-out-of-bounds in hfsplus_bnode_read() hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() hfs: fix not erasing deleted b-tree node issue Vijendar Mukunda (2): soundwire: amd: serialize amd manager resume sequence during pm_prepare soundwire: amd: cancel pending slave status handling workqueue during remove sequence Vincent Mailhol (1): can: ti_hecc: fix -Woverflow compiler warning Vinod Govindapillai (1): drm/i915/fbc: fix the implementation of wa_18038517565 Vivek Pernamitta (1): bus: mhi: host: pci_generic: Disable runtime PM for QDU100 Vlastimil Babka (1): mm, slab: restore NUMA policy support for large kmalloc Waiman Long (2): futex: Use user_write_access_begin/_end() in futex_put_value() mm/kmemleak: avoid soft lockup in __kmemleak_do_cleanup() Wang Zhaolong (1): smb: client: remove redundant lstrp update in negotiate protocol Wayne Lin (1): drm/amd/display: Avoid trying AUX transactions on disconnected ports Wei Fang (1): net: enetc: separate 64-bit counters from enetc_port_counters Wei Gao (1): ext2: Handle fiemap on empty files to prevent EINVAL Wen Chen (1): drm/amd/display: Fix 'failed to blank crtc!' Wentao Guan (1): LoongArch: vDSO: Remove -nostdlib complier flag Wilfred Mallawa (1): PCI: dw-rockchip: Delay link training after hot reset in EP mode Will Deacon (1): vsock/virtio: Resize receive buffers so that each SKB fits in a 4K page Willy Tarreau (1): tools/nolibc: fix spelling of FD_SETBITMASK in FD_* macros Wolfram Sang (3): media: usb: hdpvr: disable zero-length read messages i3c: add missing include to internal header i3c: don't fail if GETHDRCAP is unsupported Xiang Liu (1): drm/amdgpu: Use correct severity for BP threshold exceed event Xin Long (1): sctp: linearize cloned gso packets in sctp_rcv Xinxin Wan (1): ASoC: codecs: rt5640: Retry DEVICE_ID verification Xinyu Liu (1): usb: core: config: Prevent OOB read in SS endpoint companion parsing Xu Yang (1): net: usb: asix_devices: add phy_mask for ax88772 mdio bus Yang Li (1): Bluetooth: hci_event: Add support for handling LE BIG Sync Lost event Yann E. MORIN (1): kconfig: lxdialog: fix 'space' to (de)select options Yao Zi (3): LoongArch: Avoid in-place string operation on FDT content net: stmmac: thead: Get and enable APB clock on initialization riscv: dts: thead: Add APB clocks for TH1520 GMACs Yeoreum Yun (2): tpm: tpm_crb_ffa: try to probe tpm_crb_ffa when it's built-in firmware: arm_ffa: Change initcall level of ffa_init() to rootfs_initcall YiPeng Chai (1): drm/amdgpu: fix vram reservation issue Yonghong Song (2): selftests/bpf: Fix ringbuf/ringbuf_write test failure with arm64 64KB page size selftests/bpf: Fix a user_ringbuf failure with arm64 64KB page size Yongzhen Zhang (1): fbdev: fix potential buffer overflow in do_register_framebuffer() Youngjun Lee (1): media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() Yu Kuai (1): lib/sbitmap: convert shallow_depth from one word to the whole sbitmap Yuan Chen (2): drm/msm: Add error handling for krealloc in metadata setup bpftool: Fix JSON writer resource leak in version command Yuezhang Mo (1): exfat: add cluster chain loop check for dir Yury Norov [NVIDIA] (1): RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() Zhang Yi (2): ext4: limit the maximum folio order ext4: initialize superblock fields in the kballoc-test.c kunit tests Zheng Qixing (1): block: fix kobject double initialization in add_disk Zhiqi Song (1): crypto: hisilicon/hpre - fix dma unmap sequence Zhu Qiyu (1): ACPI: PRM: Reduce unnecessary printing to avoid user confusion Zijun Hu (2): char: misc: Fix improper and inaccurate error code returned by misc_init() Bluetooth: hci_sock: Reset cookie to zero in hci_sock_free_cookie() Ziyan Fu (1): watchdog: iTCO_wdt: Report error if timeout configuration fails Zqiang (2): rcu/nocb: Fix possible invalid rdp's->nocb_cb_kthread pointer access rcutorture: Fix rcutorture_one_extend_check() splat in RT kernels chenchangcheng (1): media: uvcvideo: Fix bandwidth issue for Alcor camera fangzhong.zhou (1): i2c: Force DLL0945 touchpad i2c freq to 100khz ganglxie (1): drm/amdgpu: clear pa and mca record counter when resetting eeprom jackysliu (1): scsi: bfa: Double-free fix tuhaowen (1): PM: sleep: console: Fix the black screen issue zhangjianrong (2): net: thunderbolt: Enable end-to-end flow control also in transmit net: thunderbolt: Fix the parameter passing of tb_xdomain_enable_paths()/tb_xdomain_disable_paths() Álvaro Fernández Rojas (6): net: dsa: b53: ensure BCM5325 PHYs are enabled net: dsa: b53: fix b53_imp_vlan_setup for BCM5325 net: dsa: b53: prevent GMII_PORT_OVERRIDE_CTRL access on BCM5325 net: dsa: b53: prevent DIS_LEARNING access on BCM5325 net: dsa: b53: prevent SWITCH_CTRL access on BCM5325 net: dsa: b53: fix IP_MULTICAST_CTRL on BCM5325

2 months, 3 weeks

1
1
0 0

Linux 6.12.43

by Greg Kroah-Hartman

I'm announcing the release of the 6.12.43 kernel. All users of the 6.12 kernel series must upgrade. The updated 6.12.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.12.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/filesystems/fscrypt.rst | 37 +-- Documentation/firmware-guide/acpi/i2c-muxes.rst | 8 Makefile | 2 arch/arm/mach-rockchip/platsmp.c | 15 - arch/arm/mach-tegra/reset.c | 2 arch/arm64/boot/dts/ti/k3-j722s-evm.dts | 4 arch/arm64/include/asm/acpi.h | 2 arch/arm64/kernel/acpi.c | 10 arch/arm64/kernel/stacktrace.c | 2 arch/arm64/kernel/traps.c | 1 arch/arm64/mm/fault.c | 1 arch/arm64/mm/ptdump_debugfs.c | 3 arch/loongarch/kernel/env.c | 13 - arch/loongarch/kernel/relocate_kernel.S | 2 arch/loongarch/kernel/unwind_orc.c | 2 arch/loongarch/net/bpf_jit.c | 21 - arch/mips/include/asm/vpe.h | 8 arch/mips/kernel/process.c | 16 - arch/mips/lantiq/falcon/sysctrl.c | 23 -- arch/parisc/Makefile | 2 arch/powerpc/include/asm/floppy.h | 5 arch/powerpc/platforms/512x/mpc512x_lpbfifo.c | 6 arch/riscv/mm/ptdump.c | 3 arch/s390/include/asm/timex.h | 13 - arch/s390/kernel/early.c | 1 arch/s390/kernel/time.c | 2 arch/s390/mm/dump_pagetables.c | 2 arch/um/include/asm/thread_info.h | 4 arch/um/kernel/process.c | 20 + arch/x86/include/asm/kvm-x86-ops.h | 1 arch/x86/include/asm/kvm_host.h | 15 + arch/x86/include/asm/msr-index.h | 1 arch/x86/kernel/cpu/bugs.c | 5 arch/x86/kvm/svm/svm.c | 14 - arch/x86/kvm/vmx/main.c | 3 arch/x86/kvm/vmx/nested.c | 21 + arch/x86/kvm/vmx/pmu_intel.c | 8 arch/x86/kvm/vmx/vmx.c | 57 +++-- arch/x86/kvm/vmx/vmx.h | 26 ++ arch/x86/kvm/vmx/x86_ops.h | 2 arch/x86/kvm/x86.c | 25 +- block/bfq-iosched.c | 35 +-- block/bfq-iosched.h | 3 block/blk-mq.c | 6 block/blk-settings.c | 2 block/blk-zoned.c | 20 - block/kyber-iosched.c | 9 block/mq-deadline.c | 16 - crypto/jitterentropy-kcapi.c | 9 drivers/accel/habanalabs/common/memory.c | 23 -- drivers/acpi/acpi_processor.c | 2 drivers/acpi/apei/ghes.c | 13 + drivers/acpi/prmt.c | 26 ++ drivers/acpi/processor_perflib.c | 11 + drivers/ata/ahci.c | 12 + drivers/ata/ata_piix.c | 1 drivers/ata/libahci.c | 1 drivers/ata/libata-sata.c | 52 ++++ drivers/base/power/runtime.c | 5 drivers/block/drbd/drbd_receiver.c | 6 drivers/block/loop.c | 38 ++- drivers/block/sunvdc.c | 4 drivers/bluetooth/btusb.c | 2 drivers/char/ipmi/ipmi_msghandler.c | 8 drivers/char/ipmi/ipmi_watchdog.c | 59 +++-- drivers/char/misc.c | 4 drivers/clk/qcom/gcc-ipq5018.c | 2 drivers/clk/qcom/gcc-ipq8074.c | 6 drivers/clk/renesas/rzg2l-cpg.c | 8 drivers/clk/samsung/clk-exynos850.c | 2 drivers/clk/samsung/clk-gs101.c | 4 drivers/clk/tegra/clk-periph.c | 4 drivers/clk/thead/clk-th1520-ap.c | 5 drivers/comedi/comedi_fops.c | 31 ++ drivers/comedi/comedi_internal.h | 1 drivers/comedi/drivers.c | 13 - drivers/cpufreq/cppc_cpufreq.c | 2 drivers/cpufreq/cpufreq.c | 8 drivers/cpufreq/intel_pstate.c | 2 drivers/cpuidle/governors/menu.c | 21 + drivers/crypto/ccp/sp-pci.c | 1 drivers/crypto/hisilicon/hpre/hpre_crypto.c | 8 drivers/crypto/marvell/octeontx2/otx2_cptpf_ucode.c | 16 + drivers/devfreq/governor_userspace.c | 6 drivers/dma/stm32/stm32-dma.c | 2 drivers/edac/synopsys_edac.c | 97 ++++----- drivers/firmware/arm_ffa/driver.c | 2 drivers/firmware/arm_scmi/scmi_power_control.c | 22 +- drivers/firmware/tegra/Kconfig | 5 drivers/gpio/gpio-mlxbf2.c | 2 drivers/gpio/gpio-mlxbf3.c | 54 +---- drivers/gpio/gpio-tps65912.c | 7 drivers/gpio/gpio-virtio.c | 9 drivers/gpio/gpio-wcd934x.c | 7 drivers/gpu/drm/amd/amdgpu/amdgpu_csa.c | 4 drivers/gpu/drm/amd/amdgpu/amdgpu_vram_mgr.c | 3 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 3 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_psr.c | 6 drivers/gpu/drm/amd/display/dc/core/dc.c | 6 drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c | 11 - drivers/gpu/drm/amd/display/dc/link/link_dpms.c | 3 drivers/gpu/drm/amd/display/dc/mpc/dcn401/dcn401_mpc.c | 2 drivers/gpu/drm/amd/display/dc/resource/dcn314/dcn314_resource.c | 1 drivers/gpu/drm/amd/display/dmub/src/dmub_dcn35.c | 16 - drivers/gpu/drm/amd/pm/amdgpu_pm.c | 5 drivers/gpu/drm/amd/pm/swsmu/smu11/vangogh_ppt.c | 37 +-- drivers/gpu/drm/imagination/pvr_power.c | 59 +++++ drivers/gpu/drm/msm/msm_drv.c | 9 drivers/gpu/drm/msm/msm_gem.c | 3 drivers/gpu/drm/msm/msm_gem.h | 6 drivers/gpu/drm/renesas/rz-du/rzg2l_mipi_dsi.c | 3 drivers/gpu/drm/ttm/ttm_pool.c | 8 drivers/gpu/drm/ttm/ttm_resource.c | 3 drivers/gpu/drm/xe/xe_guc_exec_queue_types.h | 2 drivers/gpu/drm/xe/xe_guc_submit.c | 7 drivers/gpu/drm/xe/xe_hw_fence.c | 3 drivers/gpu/drm/xe/xe_query.c | 27 +- drivers/hid/hid-apple.c | 17 + drivers/hid/hid-magicmouse.c | 56 +++-- drivers/hwmon/emc2305.c | 10 drivers/i2c/i2c-core-acpi.c | 1 drivers/i3c/internals.h | 1 drivers/i3c/master.c | 4 drivers/idle/intel_idle.c | 2 drivers/iio/adc/ad7768-1.c | 23 +- drivers/iio/adc/ad_sigma_delta.c | 2 drivers/infiniband/core/nldev.c | 22 +- drivers/infiniband/hw/bnxt_re/ib_verbs.c | 2 drivers/infiniband/hw/hfi1/affinity.c | 44 ++-- drivers/infiniband/sw/siw/siw_qp_tx.c | 5 drivers/iommu/arm/arm-smmu/arm-smmu-qcom.c | 1 drivers/iommu/intel/iommu.c | 19 + drivers/iommu/intel/iommu.h | 3 drivers/iommu/iommufd/io_pagetable.c | 48 ++-- drivers/leds/flash/leds-qcom-flash.c | 15 + drivers/leds/leds-lp50xx.c | 11 - drivers/leds/trigger/ledtrig-netdev.c | 16 - drivers/md/dm-ps-historical-service-time.c | 4 drivers/md/dm-ps-queue-length.c | 4 drivers/md/dm-ps-round-robin.c | 4 drivers/md/dm-ps-service-time.c | 4 drivers/md/dm-stripe.c | 1 drivers/md/dm-table.c | 10 drivers/md/dm-zoned-target.c | 2 drivers/md/dm.c | 37 ++- drivers/md/raid10.c | 1 drivers/media/dvb-frontends/dib7000p.c | 8 drivers/media/i2c/hi556.c | 7 drivers/media/i2c/tc358743.c | 86 ++++---- drivers/media/pci/intel/ipu-bridge.c | 2 drivers/media/platform/qcom/venus/hfi_msgs.c | 83 +++++-- drivers/media/usb/hdpvr/hdpvr-i2c.c | 6 drivers/media/usb/uvc/uvc_driver.c | 12 + drivers/media/usb/uvc/uvc_video.c | 21 + drivers/media/v4l2-core/v4l2-common.c | 14 - drivers/mfd/axp20x.c | 3 drivers/mfd/cros_ec_dev.c | 10 drivers/misc/cardreader/rtsx_usb.c | 16 - drivers/misc/mei/bus.c | 6 drivers/mmc/host/rtsx_usb_sdmmc.c | 4 drivers/mmc/host/sdhci-msm.c | 14 + drivers/net/can/ti_hecc.c | 2 drivers/net/dsa/b53/b53_common.c | 78 +++++-- drivers/net/dsa/b53/b53_regs.h | 7 drivers/net/ethernet/agere/et131x.c | 36 +++ drivers/net/ethernet/aquantia/atlantic/aq_hw.h | 2 drivers/net/ethernet/aquantia/atlantic/hw_atl2/hw_atl2_utils_fw.c | 39 +++ drivers/net/ethernet/atheros/ag71xx.c | 9 drivers/net/ethernet/cavium/thunder/thunder_bgx.c | 4 drivers/net/ethernet/emulex/benet/be_main.c | 8 drivers/net/ethernet/faraday/ftgmac100.c | 7 drivers/net/ethernet/freescale/dpaa/dpaa_eth.c | 2 drivers/net/ethernet/freescale/dpaa/dpaa_ethtool.c | 4 drivers/net/ethernet/freescale/enetc/enetc_pf.c | 14 + drivers/net/ethernet/freescale/fec_main.c | 34 +-- drivers/net/ethernet/freescale/gianfar_ethtool.c | 4 drivers/net/ethernet/google/gve/gve_adminq.c | 1 drivers/net/ethernet/intel/idpf/idpf.h | 19 + drivers/net/ethernet/intel/idpf/idpf_ethtool.c | 36 ++- drivers/net/ethernet/intel/idpf/idpf_lib.c | 18 + drivers/net/ethernet/intel/idpf/idpf_main.c | 1 drivers/net/ethernet/intel/idpf/idpf_txrx.c | 13 - drivers/net/ethernet/mediatek/mtk_wed.c | 1 drivers/net/ethernet/mellanox/mlx5/core/en/qos.c | 2 drivers/net/ethernet/pensando/ionic/ionic_lif.c | 7 drivers/net/ethernet/ti/icssg/icss_iep.c | 26 +- drivers/net/ethernet/ti/icssg/icssg_prueth.c | 6 drivers/net/hyperv/hyperv_net.h | 3 drivers/net/hyperv/netvsc_drv.c | 29 ++ drivers/net/pcs/pcs-xpcs-plat.c | 4 drivers/net/phy/broadcom.c | 25 +- drivers/net/phy/micrel.c | 12 + drivers/net/phy/smsc.c | 1 drivers/net/thunderbolt/main.c | 21 - drivers/net/usb/asix_devices.c | 1 drivers/net/usb/cdc_ncm.c | 20 + drivers/net/wireless/ath/ath10k/core.c | 48 ++++ drivers/net/wireless/ath/ath10k/core.h | 11 - drivers/net/wireless/ath/ath10k/mac.c | 7 drivers/net/wireless/ath/ath10k/wmi.c | 6 drivers/net/wireless/ath/ath12k/dp.c | 3 drivers/net/wireless/ath/ath12k/hw.c | 2 drivers/net/wireless/ath/ath12k/mac.c | 1 drivers/net/wireless/ath/ath12k/wmi.c | 5 drivers/net/wireless/intel/iwlegacy/4965-mac.c | 5 drivers/net/wireless/intel/iwlwifi/dvm/rs.c | 2 drivers/net/wireless/intel/iwlwifi/fw/dbg.c | 7 drivers/net/wireless/intel/iwlwifi/mvm/d3.c | 2 drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c | 5 drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 2 drivers/net/wireless/mediatek/mt76/mt7915/mcu.c | 25 +- drivers/net/wireless/realtek/rtlwifi/pci.c | 23 +- drivers/net/wireless/realtek/rtw89/chan.c | 6 drivers/net/wireless/realtek/rtw89/fw.c | 9 drivers/net/wireless/realtek/rtw89/fw.h | 2 drivers/net/wireless/realtek/rtw89/mac.c | 19 + drivers/net/wireless/realtek/rtw89/reg.h | 1 drivers/net/wireless/realtek/rtw89/wow.c | 5 drivers/net/xen-netfront.c | 5 drivers/nvme/host/pci.c | 24 ++ drivers/nvme/host/tcp.c | 11 - drivers/pci/pci-acpi.c | 4 drivers/pci/pci.c | 76 +++++-- drivers/pci/pci.h | 1 drivers/pci/probe.c | 5 drivers/perf/arm-cmn.c | 1 drivers/perf/arm-ni.c | 1 drivers/perf/cxl_pmu.c | 2 drivers/phy/rockchip/phy-rockchip-pcie.c | 3 drivers/pinctrl/stm32/pinctrl-stm32.c | 1 drivers/platform/chrome/cros_ec_sensorhub.c | 23 +- drivers/platform/chrome/cros_ec_typec.c | 4 drivers/platform/x86/amd/pmc/pmc-quirks.c | 9 drivers/platform/x86/thinkpad_acpi.c | 4 drivers/pmdomain/imx/imx8m-blk-ctrl.c | 10 drivers/pmdomain/ti/Kconfig | 2 drivers/power/supply/qcom_battmgr.c | 2 drivers/pps/clients/pps-gpio.c | 5 drivers/ptp/ptp_clock.c | 2 drivers/ptp/ptp_private.h | 5 drivers/ptp/ptp_vclock.c | 7 drivers/remoteproc/imx_rproc.c | 4 drivers/reset/Kconfig | 10 drivers/rtc/rtc-ds1307.c | 15 + drivers/scsi/aacraid/comminit.c | 3 drivers/scsi/bfa/bfad_im.c | 1 drivers/scsi/libiscsi.c | 3 drivers/scsi/lpfc/lpfc_debugfs.c | 1 drivers/scsi/lpfc/lpfc_hbadisc.c | 3 drivers/scsi/lpfc/lpfc_scsi.c | 4 drivers/scsi/mpi3mr/mpi3mr_os.c | 20 + drivers/scsi/mpt3sas/mpt3sas_scsih.c | 19 + drivers/scsi/scsi_scan.c | 2 drivers/scsi/scsi_transport_sas.c | 60 ++++- drivers/soc/qcom/mdt_loader.c | 10 drivers/soc/qcom/rpmh-rsc.c | 2 drivers/soundwire/amd_manager.c | 7 drivers/soundwire/bus.c | 6 drivers/target/target_core_fabric_lib.c | 63 ++++- drivers/target/target_core_internal.h | 4 drivers/target/target_core_pr.c | 18 - drivers/thermal/qcom/qcom-spmi-temp-alarm.c | 43 +++- drivers/thermal/thermal_sysfs.c | 9 drivers/thunderbolt/domain.c | 2 drivers/tty/serial/serial_core.c | 44 ++-- drivers/usb/class/cdc-acm.c | 11 - drivers/usb/core/config.c | 10 drivers/usb/core/urb.c | 2 drivers/usb/host/xhci-mem.c | 2 drivers/usb/host/xhci-ring.c | 10 drivers/usb/host/xhci.c | 6 drivers/usb/typec/mux/intel_pmc_mux.c | 2 drivers/usb/typec/tcpm/tcpci_maxim_core.c | 46 ++-- drivers/usb/typec/ucsi/psy.c | 2 drivers/usb/typec/ucsi/ucsi.c | 1 drivers/usb/typec/ucsi/ucsi.h | 7 drivers/vfio/pci/mlx5/cmd.c | 4 drivers/vfio/vfio_iommu_type1.c | 7 drivers/vhost/vhost.c | 3 drivers/video/fbdev/core/fbcon.c | 9 drivers/video/fbdev/core/fbmem.c | 3 drivers/virt/coco/efi_secret/efi_secret.c | 10 drivers/watchdog/dw_wdt.c | 2 drivers/watchdog/iTCO_wdt.c | 6 drivers/watchdog/sbsa_gwdt.c | 50 ++++ fs/btrfs/block-group.c | 27 ++ fs/btrfs/ctree.c | 1 fs/btrfs/extent-tree.c | 33 +-- fs/btrfs/qgroup.c | 13 - fs/btrfs/relocation.c | 19 + fs/btrfs/transaction.c | 6 fs/btrfs/tree-log.c | 107 ++++++---- fs/btrfs/zoned.c | 5 fs/crypto/fscrypt_private.h | 17 + fs/crypto/hkdf.c | 2 fs/crypto/keysetup.c | 3 fs/crypto/keysetup_v1.c | 3 fs/eventpoll.c | 60 ++++- fs/exfat/dir.c | 12 + fs/exfat/fatent.c | 10 fs/exfat/namei.c | 5 fs/exfat/super.c | 32 +- fs/ext2/inode.c | 12 + fs/ext4/inline.c | 19 + fs/ext4/mballoc-test.c | 9 fs/ext4/mballoc.c | 67 ++---- fs/f2fs/file.c | 24 +- fs/file.c | 15 + fs/gfs2/dir.c | 6 fs/gfs2/glops.c | 6 fs/gfs2/meta_io.c | 2 fs/hfs/bfind.c | 3 fs/hfs/bnode.c | 93 ++++++++ fs/hfs/btree.c | 57 ++++- fs/hfs/extent.c | 2 fs/hfs/hfs_fs.h | 1 fs/hfsplus/bnode.c | 92 ++++++++ fs/hfsplus/unicode.c | 7 fs/hfsplus/xattr.c | 6 fs/jfs/file.c | 3 fs/jfs/inode.c | 2 fs/jfs/jfs_dmap.c | 6 fs/libfs.c | 4 fs/nfs/blocklayout/blocklayout.c | 4 fs/nfs/blocklayout/dev.c | 5 fs/nfs/blocklayout/extent_tree.c | 20 + fs/nfs/client.c | 44 +++- fs/nfs/internal.h | 2 fs/nfs/nfs4client.c | 20 - fs/nfs/nfs4proc.c | 2 fs/nfs/pnfs.c | 11 - fs/nfsd/nfs4state.c | 34 ++- fs/ntfs3/dir.c | 3 fs/ntfs3/inode.c | 31 +- fs/orangefs/orangefs-debugfs.c | 2 fs/pidfs.c | 2 fs/proc/task_mmu.c | 6 fs/smb/client/cifssmb.c | 10 fs/smb/client/compress.c | 71 +----- fs/smb/client/connect.c | 10 fs/smb/client/sess.c | 9 fs/smb/client/smb2ops.c | 11 - fs/smb/client/smbdirect.c | 25 +- fs/smb/server/smb2pdu.c | 16 - fs/tracefs/inode.c | 11 + fs/udf/super.c | 13 + fs/xfs/scrub/trace.h | 2 include/linux/acpi.h | 2 include/linux/blk_types.h | 6 include/linux/blkdev.h | 55 +++++ include/linux/hypervisor.h | 3 include/linux/if_vlan.h | 21 + include/linux/libata.h | 1 include/linux/memory-tiers.h | 2 include/linux/packing.h | 6 include/linux/pci.h | 16 + include/linux/sbitmap.h | 6 include/linux/skbuff.h | 8 include/linux/usb/cdc_ncm.h | 1 include/linux/virtio_vsock.h | 7 include/net/cfg80211.h | 2 include/net/kcm.h | 1 include/net/mac80211.h | 4 include/net/neighbour.h | 1 include/net/net_namespace.h | 16 + include/net/sock.h | 1 include/trace/events/thp.h | 2 include/uapi/linux/in6.h | 4 include/uapi/linux/io_uring.h | 2 include/uapi/linux/pci_regs.h | 1 io_uring/rw.c | 2 kernel/bpf/verifier.c | 7 kernel/module/main.c | 10 kernel/power/console.c | 7 kernel/printk/nbcon.c | 63 +++-- kernel/rcu/tree.c | 2 kernel/rcu/tree.h | 14 + kernel/rcu/tree_nocb.h | 5 kernel/rcu/tree_plugin.h | 44 +++- kernel/sched/deadline.c | 4 kernel/sched/fair.c | 19 + kernel/sched/rt.c | 6 lib/sbitmap.c | 56 ++--- mm/damon/core.c | 1 mm/kmemleak.c | 10 mm/ptdump.c | 2 mm/slub.c | 7 mm/userfaultfd.c | 17 - net/bluetooth/hci_sock.c | 2 net/core/ieee8021q_helpers.c | 44 +--- net/core/neighbour.c | 12 - net/core/net_namespace.c | 8 net/core/sock.c | 27 ++ net/ipv4/route.c | 1 net/ipv4/udp_offload.c | 2 net/ipv6/addrconf.c | 7 net/ipv6/mcast.c | 11 - net/kcm/kcmsock.c | 10 net/mac80211/cfg.c | 12 - net/mac80211/chan.c | 1 net/mac80211/link.c | 9 net/mac80211/mlme.c | 12 - net/mac80211/rx.c | 12 - net/mctp/af_mctp.c | 26 ++ net/mptcp/subflow.c | 5 net/ncsi/internal.h | 2 net/ncsi/ncsi-rsp.c | 1 net/netfilter/nf_conntrack_netlink.c | 24 +- net/netfilter/nft_set_pipapo.c | 9 net/netlink/af_netlink.c | 12 - net/rds/tcp.c | 8 net/sched/sch_ets.c | 11 - net/sctp/input.c | 2 net/smc/af_smc.c | 5 net/sunrpc/svcsock.c | 5 net/sunrpc/xprtsock.c | 8 net/tls/tls.h | 2 net/tls/tls_strp.c | 11 - net/tls/tls_sw.c | 3 net/vmw_vsock/virtio_transport.c | 2 net/wireless/mlme.c | 3 net/xfrm/xfrm_state.c | 72 ++++-- rust/Makefile | 13 + scripts/kconfig/gconf.c | 8 scripts/kconfig/lxdialog/inputbox.c | 6 scripts/kconfig/lxdialog/menubox.c | 2 scripts/kconfig/nconf.c | 2 scripts/kconfig/nconf.gui.c | 1 security/apparmor/domain.c | 52 ++-- security/apparmor/file.c | 6 security/apparmor/include/lib.h | 6 security/inode.c | 2 sound/core/pcm_native.c | 19 + sound/pci/hda/hda_codec.c | 42 +-- sound/pci/hda/patch_ca0132.c | 2 sound/pci/hda/patch_realtek.c | 3 sound/pci/intel8x0.c | 2 sound/soc/codecs/hdac_hdmi.c | 10 sound/soc/codecs/rt5640.c | 5 sound/soc/fsl/fsl_sai.c | 20 - sound/soc/intel/avs/core.c | 3 sound/soc/qcom/lpass-platform.c | 27 +- sound/soc/soc-core.c | 3 sound/soc/soc-dapm.c | 4 sound/soc/sof/topology.c | 15 + sound/usb/mixer_quirks.c | 14 - sound/usb/stream.c | 25 ++ sound/usb/validate.c | 12 + tools/bpf/bpftool/main.c | 6 tools/hv/hv_fcopy_uio_daemon.c | 91 +++++++- tools/include/nolibc/std.h | 4 tools/include/nolibc/types.h | 4 tools/lib/bpf/libbpf.c | 5 tools/power/cpupower/utils/idle_monitor/mperf_monitor.c | 4 tools/power/x86/turbostat/turbostat.c | 14 + tools/scripts/Makefile.include | 4 tools/testing/ktest/ktest.pl | 5 tools/testing/selftests/arm64/fp/sve-ptrace.c | 3 tools/testing/selftests/bpf/prog_tests/ringbuf.c | 4 tools/testing/selftests/bpf/prog_tests/user_ringbuf.c | 10 tools/testing/selftests/bpf/progs/test_ringbuf_write.c | 4 tools/testing/selftests/bpf/progs/verifier_unpriv.c | 2 tools/testing/selftests/ftrace/test.d/ftrace/func-filter-glob.tc | 2 tools/testing/selftests/futex/include/futextest.h | 11 + tools/testing/selftests/net/netfilter/config | 2 tools/testing/selftests/vDSO/vdso_test_getrandom.c | 6 466 files changed, 4133 insertions(+), 1787 deletions(-) Aakash Kumar S (1): xfrm: Duplicate SPI Handling Aaron Kling (1): ARM: tegra: Use I/O memcpy to write to IRAM Aaron Plattner (1): watchdog: sbsa: Adjust keepalive timeout to avoid MediaTek WS0 race condition Abel Vesa (1): power: supply: qcom_battmgr: Add lithium-polymer entry Aditya Garg (2): HID: magicmouse: avoid setting up battery timer when not needed HID: apple: avoid setting up battery timer for devices without battery Ahmed Zaki (1): idpf: preserve coalescing settings across resets Al Viro (4): habanalabs: fix UAF in export_dmabuf() better lockdep annotations for simple_recursive_removal() fix locking in efi_secret_unlink() securityfs: don't pin dentries twice, once is enough... Alessio Belle (1): drm/imagination: Clear runtime PM errors while resetting the GPU Alex Guo (2): media: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090p_rw_on_apb() media: dvb-frontends: w7090p: fix null-ptr-deref in w7090p_tuner_write_serpar and w7090p_tuner_read_serpar Alex Hung (1): drm/amd/display: Initialize mode_select to 0 Alexander Kochetkov (1): ARM: rockchip: fix kernel hang during smp initialization Alexey Klimov (1): iommu/arm-smmu-qcom: Add SM6115 MDSS compatible Alok Tiwari (6): net: ti: icss-iep: Fix incorrect type for return value in extts_enable() ALSA: intel8x0: Fix incorrect codec index usage in mixer for ICH4 be2net: Use correct byte order and format string for TCP seq and ack_seq net: thunderx: Fix format-truncation warning in bgx_acpi_match_id() perf/cxlpmu: Remove unintended newline from IRQ name format string gve: Return error for unknown admin queue command Amelie Delaunay (1): dmaengine: stm32-dma: configure next sg only if there are more than 2 sgs Amir Mohammad Jahangirzad (1): fs/orangefs: use snprintf() instead of sprintf() Andrew Price (2): gfs2: Validate i_depth for exhash directories gfs2: Set .migrate_folio in gfs2_{rgrp,meta}_aops Andrey Albershteyn (1): xfs: fix scrub trace with null pointer in quotacheck André Draszik (4): clk: samsung: exynos850: fix a comment clk: samsung: gs101: fix CLK_DOUT_CMU_G3D_BUSD clk: samsung: gs101: fix alternate mout_hsi0_usb20_ref parent clock usb: typec: tcpm/tcpci_maxim: fix irq wake usage Andy Shevchenko (1): Documentation: ACPI: Fix parent device references Anshuman Khandual (1): mm/ptdump: take the memory hotplug lock inside ptdump_walk_pgd() Anthoine Bourgeois (1): xen/netfront: Fix TX response spurious interrupts Arnaud Lecomte (1): jfs: upper bound check of tree index in dbAllocAG Arnd Bergmann (2): RDMA/core: reduce stack using in nldev_stat_get_doit() firmware: arm_scmi: Convert to SYSTEM_SLEEP_PM_OPS Artem Sadovnikov (1): vfio/mlx5: fix possible overflow in tracking max message size Avraham Stern (2): wifi: iwlwifi: mvm: avoid outdated reorder buffer head_sn wifi: iwlwifi: mvm: fix scan request validation Baokun Li (2): ext4: fix zombie groups in average fragment size lists ext4: fix largest free orders lists corruption on mb_optimize_scan switch Bartosz Golaszewski (2): gpio: wcd934x: check the return value of regmap_update_bits() gpio: tps65912: check the return value of regmap_update_bits() Benjamin Marzinski (1): dm-table: fix checking for rq stackable devices Benson Leung (1): usb: typec: ucsi: psy: Set current max to 100mA for BC 1.2 and Default Bharat Bhushan (1): crypto: octeontx2 - add timeout for load_fvc completion poll Bijan Tabatabai (1): mm/damon/core: commit damos->target_nid Biju Das (1): net: phy: micrel: Add ksz9131_resume() Bitterblue Smith (2): wifi: rtw89: Lower the timeout in rtw89_fw_read_c2h_reg() for USB wifi: rtw89: Fix rtw89_mac_power_switch() for USB Bjorn Andersson (1): soc: qcom: mdt_loader: Actually use the e_phoff Boris Burkov (2): btrfs: fix ssd_spread overallocation btrfs: fix iteration bug in __qgroup_excl_accounting() Breno Leitao (5): ACPI: APEI: GHES: add TAINT_MACHINE_CHECK on GHES panic path arm64: Mark kernel as tainted on SAE and SError panic ptp: Use ratelimite for freerun error message ipmi: Use dev_warn_ratelimited() for incorrect message warnings mm/kmemleak: avoid deadlock by moving pr_warn() outside kmemleak_lock Buday Csaba (1): net: phy: smsc: add proper reset flags for LAN8710A Calvin Owens (2): tools/power turbostat: Fix build with musl tools/power turbostat: Handle cap_get_proc() ENOSYS Cezary Rojewski (1): ASoC: Intel: avs: Fix uninitialized pointer error in probe() Charlene Liu (1): drm/amd/display: limit clear_update_flags to dcn32 and above Charles Keepax (1): soundwire: Move handle_nested_irq outside of sdw_dev_lock Cheick Traore (1): pinctrl: stm32: Manage irq affinity settings Chen-Yu Tsai (1): mfd: axp20x: Set explicit ID for AXP313 regulator Chih-Kang Chang (1): wifi: rtw89: scan abort when assign/unassign_vif Chin-Yen Lee (1): wifi: rtw89: wow: Add Basic Rate IE to probe request in scheduled scan mode Chris Mason (1): sched/fair: Bump sd->max_newidle_lb_cost when newidle balance fails Christian Brauner (1): pidfs: raise SB_I_NODEV and SB_I_NOEXEC Christian Marangi (1): clk: qcom: gcc-ipq8074: fix broken freq table for nss_port6_tx_clk_src Christophe Leroy (1): ALSA: pcm: Rewrite recalculate_boundary() to avoid costly loop Christopher Eby (1): ALSA: hda/realtek: Add Framework Laptop 13 (AMD Ryzen AI 300) to quirks Claudiu Beznea (1): clk: renesas: rzg2l: Postpone updating priv->clks[] Corey Minyard (1): ipmi: Fix strcpy source and destination the same Cristian Ciocaltea (1): ALSA: usb-audio: Avoid precedence issues in mixer_quirks macros Cynthia Huang (1): selftests/futex: Define SYS_futex on 32-bit architectures with 64-bit time_t Dai Ngo (1): NFSD: detect mismatch of file handle and delegation stateid in OPEN op Damien Le Moal (9): block: Make REQ_OP_ZONE_FINISH a write operation ata: ahci: Disallow LPM policy control if not supported ata: ahci: Disable DIPM if host lacks support ata: libata-sata: Disallow changing LPM state if not supported scsi: mpt3sas: Correctly handle ATA device errors scsi: mpi3mr: Correctly handle ATA device errors block: Introduce bio_needs_zone_write_plugging() dm: Always split write BIOs to zoned device limits ata: libata-sata: Add link_power_management_supported sysfs attribute Daniel Golle (1): Revert "leds: trigger: netdev: Configure LED blink interval for HW offload" Daniel Scally (1): media: ipu-bridge: Add _HID for OV5670 Dave Stevenson (3): media: tc358743: Check I2C succeeded during probe media: tc358743: Return an appropriate colorspace from tc358743_set_fmt media: tc358743: Increase FIFO trigger level to 374 David Bauer (1): wifi: mt76: mt7915: mcu: re-init MCU before loading FW patch David Collins (1): thermal/drivers/qcom-spmi-temp-alarm: Enable stage 2 shutdown when required David Howells (1): cifs: Fix collect_sample() to handle any iterator type David Lechner (1): iio: adc: ad_sigma_delta: don't overallocate scan buffer David Thompson (3): gpio: mlxbf2: use platform_get_irq_optional() Revert "gpio: mlxbf3: only get IRQ for device instance 0" gpio: mlxbf3: use platform_get_irq_optional() Davide Caratti (1): net/sched: ets: use old 'nbands' while purging unused classes Eduard Zingerman (1): libbpf: Verify that arena map exists when adding arena relocations Edward Adam Davis (1): jfs: Regular file corruption check Eliav Farber (1): pps: clients: gpio: fix interrupt handling order in remove path Emily Deng (1): drm/ttm: Should to return the evict error En-Wei Wu (1): Bluetooth: btusb: Add new VID/PID 0489/e14e for MT7925 Eric Biggers (2): fscrypt: Don't use problematic non-inline crypto engines thunderbolt: Fix copy+paste error in match_service_id() Eric Dumazet (1): net: better track kernel sockets lifetime Eric Work (1): net: atlantic: add set_power to fw_ops for atl2 to fix wol Fedor Pchelkin (1): netlink: avoid infinite retry looping in netlink_unicast() Filipe Manana (8): btrfs: abort transaction during log replay if walk_log_tree() failed btrfs: qgroup: set quota enabled bit if quota disable fails flushing reservations btrfs: don't ignore inode missing when replaying log tree btrfs: qgroup: fix qgroup create ioctl returning success after quotas disabled btrfs: don't skip remaining extrefs if dir not found during log replay btrfs: clear dirty status from extent buffer on error at insert_new_root() btrfs: fix log tree replay failure due to file with 0 links and extents btrfs: error on missing block group when unaccounting log tree extent buffers Florian Larysch (1): net: phy: micrel: fix KSZ8081/KSZ8091 cable test Florian Westphal (2): netfilter: ctnetlink: fix refcount leak on table dump netfilter: nft_set_pipapo: prefer kvmalloc for scratch maps Florin Leotescu (1): hwmon: (emc2305) Set initial PWM minimum value during probe based on thermal state Frederic Weisbecker (1): rcu: Fix racy re-initialization of irq_work causing hangs Gabriel Totev (1): apparmor: shift ouid when mediating hard links in userns Gal Pressman (2): net: vlan: Make is_vlan_dev() a stub when VLAN is not configured net: vlan: Replace BUG() with WARN_ON_ONCE() in vlan_dev_* stubs Gautham R. Shenoy (1): pm: cpupower: Fix the snapshot-order of tsc,mperf, clock in mperf_stop() George Moussalem (1): clk: qcom: ipq5018: keep XO clock always on Geraldo Nascimento (1): phy: rockchip-pcie: Properly disable TEST_WRITE strobe signal Greg Kroah-Hartman (1): Linux 6.12.43 Guillaume La Roque (1): pmdomain: ti: Select PM_GENERIC_DOMAINS Gwendal Grignou (1): platform/chrome: cros_ec_sensorhub: Retries when a sensor is not ready Haiyang Zhang (1): hv_netvsc: Fix panic during namespace deletion with VF Hans de Goede (2): mei: bus: Check for still connected devices in mei_cl_bus_dev_release() media: hi556: Fix reset GPIO timings Haoran Jiang (1): LoongArch: BPF: Fix jump offset calculation in tailcall Harald Mommer (1): gpio: virtio: Fix config space reading. Hari Chandrakanthan (2): wifi: mac80211: fix rx link assignment for non-MLO stations wifi: ath12k: Fix station association with MBSSID Non-TX BSS Hari Kalavakunta (1): net: ncsi: Fix buffer overflow in fetching version id Heiko Carstens (1): s390/early: Copy last breaking event address to pt_regs Heiner Kallweit (2): net: ftgmac100: fix potential NULL pointer access in ftgmac100_phy_disconnect dpaa_eth: don't use fixed_phy_change_carrier Hiago De Franco (1): remoteproc: imx_rproc: skip clock enable when M-core is managed by the SCU Hrushikesh Salunke (1): arm64: dts: ti: k3-j722s-evm: Fix USB2.0_MUX_SEL to select Type-C Hsin-Te Yuan (1): thermal: sysfs: Return ENODATA instead of EAGAIN for reads Huacai Chen (2): PCI: Extend isolated function probing to LoongArch LoongArch: Make relocate_new_kernel_size be a .quad value Ian Abbott (1): comedi: fix race between polling and detaching Ihor Solodrai (1): bpf: Make reg_not_null() true for CONST_PTR_TO_MAP Ilan Peer (1): wifi: cfg80211: Fix interface type validation Ilpo Järvinen (1): PCI: Store all PCIe Supported Link Speeds Ilya Bakoulin (1): drm/amd/display: Separate set_gsl from set_gsl_source_select Ivan Lipski (1): drm/amd/display: Allow DCN301 to clear update flags Jack Ping CHNG (1): net: pcs: xpcs: mask readl() return value to 16 bits Jack Xiao (1): drm/amdgpu: fix incorrect vm flags to map bo Jaegeuk Kim (1): f2fs: check the generic conditions first Jakub Kicinski (2): tls: handle data disappearing from under the TLS ULP uapi: in6: restore visibility of most IPv6 socket options Jan Kara (2): loop: Avoid updating block size under exclusive owner udf: Verify partition map count Jann Horn (1): eventpoll: Fix semi-unbounded recursion Jason Gunthorpe (1): iommufd: Prevent ALIGN() overflow Jason Wang (1): vhost: fail early when __vhost_add_used() fails Jay Chen (1): usb: xhci: Set avg_trb_len = 8 for EP0 during Address Device Command Jeff Layton (1): nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() Jens Axboe (1): io_uring/rw: cast rw->flags assignment to rwf_t Jeongjun Park (1): ptp: prevent possible ABBA deadlock in ptp_clock_freerun() Jiasheng Jiang (1): scsi: lpfc: Remove redundant assignment to avoid memory leak Jiayi Li (1): ACPI: processor: perflib: Fix initial _PPC limit application Jinjiang Tu (1): mm/smaps: fix race between smaps_hugetlb_range and migration Joel Fernandes (1): rcu: Fix rcu_read_unlock() deadloop due to IRQ work Johan Adolfsson (1): leds: leds-lp50xx: Handle reg to get correct multi_index Johan Hovold (5): net: gianfar: fix device leak when querying time stamp info net: enetc: fix device and OF node leak at probe net: mtk_eth_soc: fix device leak at probe net: ti: icss-iep: fix device and OF node leaks at probe net: dpaa: fix device leak when querying time stamp info Johannes Berg (3): wifi: cfg80211: reject HTC bit for management frames wifi: mac80211: don't unreserve never reserved chanctx wifi: mac80211: don't complete management TX on SAE commit Johannes Thumshirn (1): btrfs: zoned: use filesystem size not disk size for reclaim decision John Garry (4): dm-stripe: limit chunk_sectors to the stripe size md/raid10: set chunk_sectors limit scsi: aacraid: Stop using PCI_IRQ_AFFINITY block: avoid possible overflow for chunk_sectors check in blk_stack_limits() John Johansen (1): apparmor: fix x_table_lookup when stacking is not the first entry John Ogness (1): printk: nbcon: Allow reacquire during panic Jonas Rebmann (1): net: fec: allow disable coalescing Jonathan Santos (1): iio: adc: ad7768-1: Ensure SYNC_IN pulse minimum timing requirement Jorge Marques (1): i3c: master: Initialize ret in i3c_i2c_notifier_call() Joseph Tilahun (1): tty: serial: fix print format specifiers Juri Lelli (1): sched/deadline: Fix accounting after global limits change Justin Tee (2): scsi: lpfc: Ensure HBA_SETUP flag is used only for SLI4 in dev_loss_tmo_callbk scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure Kalesh AP (1): RDMA/bnxt_re: Fix size of uverbs_copy_to() in BNXT_RE_METHOD_GET_TOGGLE_MEM Kamil Horák - 2N (1): net: phy: bcm54811: PHY initialization Kang Yang (1): wifi: ath10k: shutdown driver when hardware is unreliable Karthikeyan Kathirvel (1): wifi: ath12k: Decrement TID on RX peer frag setup error handling Kees Cook (2): arm64: Handle KCOV __init vs inline mismatches platform/x86: thinkpad_acpi: Handle KCOV __init vs inline mismatches Keith Busch (2): nvme-pci: try function level reset on init failure vfio/type1: conditional rescheduling while pinning Krzysztof Hałasa (1): imx8m-blk-ctrl: set ISI panic write hurry level Krzysztof Kozlowski (1): leds: flash: leds-qcom-flash: Fix registry access after re-bind Kuninori Morimoto (1): ASoC: soc-dapm: set bias_level if snd_soc_dapm_set_bias_level() was successed Kuniyuki Iwashima (2): ipv6: mcast: Check inet6_dev->dead under idev->mc_lock in __ipv6_dev_mc_inc(). net: Add net_passive_inc() and net_passive_dec(). Lad Prabhakar (1): drm: renesas: rz-du: mipi_dsi: Add min check for VCLK range Len Brown (2): intel_idle: Allow loading ACPI tables for any family tools/power turbostat: Handle non-root legacy-uncore sysfs permissions Leon Romanovsky (1): net/mlx5e: Properly access RCU protected qdisc_sleeping variable Li Chen (2): ACPI: Suppress misleading SPCR console message when SPCR table is absent ACPI: Return -ENODEV from acpi_parse_spcr() when SPCR support is disabled Li RongQing (1): cpufreq: intel_pstate: Add Granite Rapids support in no-HWP mode Li Zhijian (1): mm/memory-tier: fix abstract distance calculation overflow Lifeng Zheng (2): cpufreq: Exit governor when failed to start old governor PM / devfreq: governor: Replace sscanf() with kstrtoul() in set_freq_store() Lizhi Xu (2): fs/ntfs3: Add sanity check for file name jfs: truncate good inode pages when hard link is 0 Lu Baolu (1): iommu/vt-d: Optimize iotlb_sync_map for non-caching/non-RWBF modes Lucy Thrun (1): ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control Lukas Wunner (2): PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports PCI: Honor Max Link Speed when determining supported speeds MD Danish Anwar (1): net: ti: icssg-prueth: Fix emac link speed handling Ma Ke (1): sunvdc: Balance device refcount in vdc_port_mpgroup_check Manivannan Sadhasivam (1): PCI: Allow PCI bridges to go to D3Hot on all non-x86 Marek Szyprowski (1): media: v4l2: Add support for NV12M tiled variants to v4l2_format_info() Mario Limonciello (7): platform/x86/amd: pmc: Add Lenovo Yoga 6 13ALC6 to pmc quirk list usb: xhci: Avoid showing warnings for dying controller usb: xhci: Avoid showing errors during surprise removal drm/amd: Allow printing VanGogh OD SCLK levels without setting dpm to manual drm/amd/display: Only finalize atomic_obj if it was initialized drm/amd/display: Avoid configuring PSR granularity if PSR-SU not supported crypto: ccp - Add missing bootloader info reg for pspv6 Mark Brown (2): ASoC: hdac_hdmi: Rate limit logging on connection and disconnection kselftest/arm64: Specify SVE data when testing VL set in sve-ptrace Mark Rutland (1): arm64: stacktrace: Check kretprobe_find_ret_addr() return value Markus Theil (1): crypto: jitter - fix intermediary handling Masahiro Yamada (2): kconfig: gconf: avoid hardcoding model2 in on_treeview2_cursor_changed() kconfig: gconf: fix potential memory leak in renderer_edited() Masami Hiramatsu (Google) (1): selftests: tracing: Use mutex_unlock for testing glob filter Mateusz Guzik (1): apparmor: use the condition in AA_BUG_FMT even with debug disabled Matt Johnston (1): net: mctp: Prevent duplicate binds Matt Roper (1): drm/xe/xe_query: Use separate iterator while filling GT list Maulik Shah (1): soc: qcom: rpmh-rsc: Add RSC version 4 support Maurizio Lombardi (2): nvme-tcp: log TLS handshake failures at error level scsi: target: core: Generate correct identifiers for PR OUT transport IDs Maxim Levitsky (3): KVM: nVMX: Check vmcs12->guest_ia32_debugctl on nested VM-Enter KVM: VMX: Wrap all accesses to IA32_DEBUGCTL with getter/setter APIs KVM: VMX: Preserve host's DEBUGCTLMSR_FREEZE_IN_SMM while running the guest Meagan Lloyd (2): rtc: ds1307: handle oscillator stop flag (OSF) for ds1341 rtc: ds1307: remove clear of oscillator stop flag (OSF) in probe Michal Wilczynski (1): clk: thead: Mark essential bus clocks as CLK_IGNORE_UNUSED Miguel Ojeda (2): rust: kbuild: clean output before running `rustdoc` rust: workaround `rustdoc` target modifiers bug Mikhail Lobanov (1): wifi: mac80211: check basic rates validity in sta_link_apply_parameters Mikulas Patocka (1): dm-mpath: don't print the "loaded" message if registering fails Mina Almasry (1): netmem: fix skb_frag_address_safe with unreadable skbs Miri Korenblit (2): wifi: iwlwifi: mvm: set gtk id also in older FWs wifi: mac80211: avoid weird state in error path Myrrh Periwinkle (1): usb: typec: ucsi: Update power_supply on power role change Naman Jain (1): tools/hv: fcopy: Fix irregularities with size of ring buffer Naohiro Aota (2): btrfs: zoned: do not remove unwritten non-data block group btrfs: zoned: do not select metadata BG as finish target Nathan Lynch (1): lib: packing: Include necessary headers NeilBrown (1): smb/server: avoid deadlock when linking with ReplaceIfExists Nicholas Kazlauskas (1): drm/amd/display: Update DMCUB loading sequence for DCN3.5 Nicolas Escande (1): neighbour: add support for NUD_PERMANENT proxy entries Nicolin Chen (1): iommufd: Report unmapped bytes in the error path of iopt_unmap_iova_range Niklas Söderlund (1): media: v4l2-common: Reduce warnings about missing V4L2_CID_LINK_FREQ control Oliver Neukum (3): usb: core: usb_submit_urb: downgrade type check net: usb: cdc-ncm: check for filtering capability cdc-acm: fix race between initial clearing halt and open Oscar Maes (1): net: ipv4: fix incorrect MTU in broadcast routes Pagadala Yesu Anjaneyulu (1): wifi: iwlwifi: fw: Fix possible memory leak in iwl_fw_dbg_collect Pali Rohár (1): cifs: Fix calling CIFSFindFirst() for root path without msearch Paul Chaignon (1): bpf: Forget ranges when refining tnum after JSET Paul E. McKenney (1): rcu: Protect ->defer_qs_iw_pending from data race Pavel Begunkov (1): io_uring: don't use int for ABI Pawan Gupta (1): x86/bugs: Avoid warning when overriding return thunk Pedro Falcato (1): RDMA/siw: Fix the sendmsg byte count in siw_tcp_sendpages Pei Xiao (1): clk: tegra: periph: Fix error handling and resolve unsigned compare warning Peng Fan (1): firmware: arm_scmi: power_control: Ensure SCMI_SYSPOWER_IDLE is set early during resume Peter Robinson (1): reset: brcmstb: Enable reset drivers for ARCH_BCM2835 Peter Ujfalusi (2): ASoC: SOF: topology: Parse the dapm_widget_tokens in case of DSPless mode ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime() Petr Pavlu (1): module: Prevent silent truncation of module name in delete_module(2) Prashant Malani (1): cpufreq: CPPC: Mark driver with NEED_UPDATE_LIMITS flag Purva Yeshi (1): md: dm-zoned-target: Initialize return variable r to avoid uninitialized use Qu Wenruo (2): btrfs: populate otime when logging an inode item btrfs: do not allow relocation of partially dropped subvolumes Rafael J. Wysocki (3): ACPI: processor: perflib: Move problematic pr->performance check cpuidle: governors: menu: Avoid using invalid recent intervals data PM: runtime: Clear power.needs_force_resume in pm_runtime_reinit() Raj Kumar Bhagat (1): wifi: ath12k: Enable REO queue lookup table feature on QCN9274 hw2.0 Ramya Gnanasekar (1): wifi: mac80211: update radar_required in channel context after channel switch Rand Deeb (1): wifi: iwlwifi: dvm: fix potential overflow in rs_fill_link_cmd() Randy Dunlap (1): parisc: Makefile: fix a typo in palo.conf Ranjan Kumar (1): scsi: Fix sas_user_scan() to handle wildcard and multi-channel scans Ricardo Ribalda (2): media: uvcvideo: Add quirk for HP Webcam HD 2300 media: uvcvideo: Do not mark valid metadata as invalid Ricky Wu (1): misc: rtsx: usb: Ensure mmc child device is active when card is present Rob Clark (1): drm/msm: use trylock for debugfs Robin Murphy (1): perf/arm: Add missing .suppress_bind_attrs Roman Li (1): drm/amd/display: Disable dsc_power_gate for dcn314 by default Rong Zhang (1): fs/ntfs3: correctly create symlink for relative path RubenKelevra (1): net: ieee8021q: fix insufficient table-size assertion Sabrina Dubroca (1): udp: also consider secpath when evaluating ipsec use for checksumming Sarah Newman (1): drbd: add missing kref_get in handle_write_conflicts Sarika Sharma (2): wifi: ath12k: Correct tid cleanup when tid setup fails wifi: ath12k: Add memset and update default rate value in wmi tx completion Sarthak Garg (1): mmc: sdhci-msm: Ensure SD card power isn't ON when card removed Sasha Levin (1): fs: Prevent file descriptor table allocations exceeding INT_MAX Sean Christopherson (4): KVM: x86: Convert vcpu_run()'s immediate exit param into a generic bitmap KVM: x86: Drop kvm_x86_ops.set_dr6() in favor of a new KVM_RUN flag KVM: VMX: Allow guest to set DEBUGCTL.RTM_DEBUG if RTM is supported KVM: VMX: Extract checking of guest's DEBUGCTL into helper Sebastian Andrzej Siewior (1): selftests: netfilter: Enable CONFIG_INET_SCTP_DIAG Sebastian Ott (1): ACPI: processor: fix acpi_object initialization Sebastian Reichel (1): watchdog: dw_wdt: Fix default timeout Sergey Bashirov (4): pNFS: Fix stripe mapping in block/scsi layout pNFS: Fix disk addr range check in block/scsi layout pNFS: Handle RPC size limit for layoutcommits pNFS: Fix uninited ptr deref in block/scsi layout Shankari Anand (1): kconfig: nconf: Ensure null termination where strncpy is used Shannon Nelson (1): ionic: clean dbpage in de-init Shengjiu Wang (1): ASoC: fsl_sai: replace regmap_write with regmap_update_bits Shiji Yang (2): MIPS: vpe-mt: add missing prototypes for vpe_{alloc,start,stop,free} MIPS: lantiq: falcon: sysctrl: fix request memory check logic Shin'ichiro Kawasaki (1): dm: split write BIOs on zone boundaries when zone append is not emulated Showrya M N (1): scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated Shuai Xue (1): ACPI: APEI: send SIGBUS to current task if synchronous memory error not recovered Shubhrajyoti Datta (1): EDAC/synopsys: Clear the ECC counters on init Shyam Prasad N (1): cifs: reset iface weights when we cannot find a candidate Siddharth Vadapalli (1): arm64: dts: ti: k3-j722s-evm: Fix USB gpio-hog level for Type-C Sravan Kumar Gundu (1): fbdev: Fix vmalloc out-of-bounds write in fast_imageblit Srinivas Kandagatla (1): ASoC: qcom: use drvdata instead of component to keep id Stanislaw Gruszka (1): wifi: iwlegacy: Check rate_idx range after addition Stefan Metzmacher (3): smb: client: let send_done() cleanup before calling smbd_disconnect_rdma_connection() smb: client: don't wait for info->send_pending == 0 on error smb: client: don't call init_waitqueue_head(&info->conn_wait) twice in _smbd_get_connection Steve French (1): smb3: fix for slab out of bounds on mount to ksmbd Steven Rostedt (3): tracefs: Add d_delete to remove negative dentries powerpc/thp: tracing: Hide hugepage events under CONFIG_PPC_BOOK3S_64 ktest.pl: Prevent recursion of default variable options Su Hui (1): usb: xhci: print xhci->xhc_state when queue_command failed Suchit Karunakaran (1): kconfig: lxdialog: replace strcpy() with strncpy() in inputbox.c Suren Baghdasaryan (1): userfaultfd: fix a crash in UFFDIO_MOVE when PMD is a migration entry Sven Schnelle (2): s390/time: Use monotonic clock in get_cycles() s390/stp: Remove udelay from stp_sync_clock() Sven Stegemann (1): net: kcm: Fix race condition in kcm_unattach() Takashi Iwai (4): ALSA: usb-audio: Validate UAC3 power domain descriptors, too ALSA: usb-audio: Validate UAC3 cluster segment descriptors ALSA: hda: Handle the jack polling always via a work ALSA: hda: Disable jack polling at shutdown Tetsuo Handa (1): hfsplus: don't use BUG_ON() in hfsplus_create_attributes_file() Theodore Ts'o (1): ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr Thierry Reding (1): firmware: tegra: Fix IVC dependency problems Thomas Croft (1): ALSA: hda/realtek: add LG gram 16Z90R-A to alc269 fixup table Thomas Fourier (6): et131x: Add missing check after DMA map net: ag71xx: Add missing check after DMA map (powerpc/512) Fix possible `dma_unmap_single()` on uninitialized pointer wifi: rtlwifi: fix possible skb memory leak in `_rtl_pci_rx_interrupt()`. powerpc: floppy: Add missing checks after DMA map wifi: rtlwifi: fix possible skb memory leak in _rtl_pci_init_one_rxdesc() Thomas Weißschuh (7): LoongArch: Don't use %pK through printk() in unwinder tools/nolibc: define time_t in terms of __kernel_old_time_t tools/build: Fix s390(x) cross-compilation with clang selftests: vDSO: vdso_test_getrandom: Always print TAP header um: Re-evaluate thread flags repeatedly MIPS: Don't crash in stack_top() for tasks without ABI or vDSO mfd: cros_ec: Separate charge-control probing from USB-PD Tomasz Michalec (2): usb: typec: intel_pmc_mux: Defer probe if SCU IPC isn't present platform/chrome: cros_ec_typec: Defer probe on missing EC parent Trond Myklebust (1): NFS: Fix the setting of capabilities when automounting a new filesystem Tvrtko Ursulin (2): drm/xe: Make dma-fences compliant with the safe access rules drm/ttm: Respect the shrinker core free target Ulf Hansson (1): mmc: rtsx_usb_sdmmc: Fix error-path in sd_set_power_mode() Umio Yasuno (1): drm/amd/pm: fix null pointer access Vasiliy Kovalev (1): ALSA: hda/realtek: Fix headset mic on HONOR BRB-X Vedang Nagar (1): media: venus: Fix OOB read due to missing payload bound check Viacheslav Dubeyko (5): hfs: fix general protection fault in hfs_find_init() hfs: fix slab-out-of-bounds in hfs_bnode_read() hfsplus: fix slab-out-of-bounds in hfsplus_bnode_read() hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() hfs: fix not erasing deleted b-tree node issue Vijendar Mukunda (2): soundwire: amd: serialize amd manager resume sequence during pm_prepare soundwire: amd: cancel pending slave status handling workqueue during remove sequence Vincent Mailhol (1): can: ti_hecc: fix -Woverflow compiler warning Vlastimil Babka (1): mm, slab: restore NUMA policy support for large kmalloc Waiman Long (1): mm/kmemleak: avoid soft lockup in __kmemleak_do_cleanup() Wang Zhaolong (2): smb: client: remove redundant lstrp update in negotiate protocol smb: client: fix netns refcount leak after net_passive changes Wayne Lin (1): drm/amd/display: Avoid trying AUX transactions on disconnected ports Wei Gao (1): ext2: Handle fiemap on empty files to prevent EINVAL Wen Chen (1): drm/amd/display: Fix 'failed to blank crtc!' Will Deacon (1): vsock/virtio: Resize receive buffers so that each SKB fits in a 4K page Willy Tarreau (1): tools/nolibc: fix spelling of FD_SETBITMASK in FD_* macros Wolfram Sang (3): media: usb: hdpvr: disable zero-length read messages i3c: add missing include to internal header i3c: don't fail if GETHDRCAP is unsupported Xin Long (1): sctp: linearize cloned gso packets in sctp_rcv Xinxin Wan (1): ASoC: codecs: rt5640: Retry DEVICE_ID verification Xinyu Liu (1): usb: core: config: Prevent OOB read in SS endpoint companion parsing Xu Yang (1): net: usb: asix_devices: add phy_mask for ax88772 mdio bus Yann E. MORIN (1): kconfig: lxdialog: fix 'space' to (de)select options Yao Zi (1): LoongArch: Avoid in-place string operation on FDT content Yeoreum Yun (1): firmware: arm_ffa: Change initcall level of ffa_init() to rootfs_initcall YiPeng Chai (1): drm/amdgpu: fix vram reservation issue Yonghong Song (2): selftests/bpf: Fix ringbuf/ringbuf_write test failure with arm64 64KB page size selftests/bpf: Fix a user_ringbuf failure with arm64 64KB page size Yongzhen Zhang (1): fbdev: fix potential buffer overflow in do_register_framebuffer() Youngjun Lee (1): media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() Yu Kuai (1): lib/sbitmap: convert shallow_depth from one word to the whole sbitmap Yuan Chen (2): drm/msm: Add error handling for krealloc in metadata setup bpftool: Fix JSON writer resource leak in version command Yuezhang Mo (1): exfat: add cluster chain loop check for dir Yury Norov [NVIDIA] (1): RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() Zhang Yi (1): ext4: initialize superblock fields in the kballoc-test.c kunit tests Zhiqi Song (1): crypto: hisilicon/hpre - fix dma unmap sequence Zhu Qiyu (1): ACPI: PRM: Reduce unnecessary printing to avoid user confusion Zijun Hu (2): char: misc: Fix improper and inaccurate error code returned by misc_init() Bluetooth: hci_sock: Reset cookie to zero in hci_sock_free_cookie() Ziyan Fu (1): watchdog: iTCO_wdt: Report error if timeout configuration fails Zqiang (1): rcu/nocb: Fix possible invalid rdp's->nocb_cb_kthread pointer access chenchangcheng (1): media: uvcvideo: Fix bandwidth issue for Alcor camera fangzhong.zhou (1): i2c: Force DLL0945 touchpad i2c freq to 100khz jackysliu (1): scsi: bfa: Double-free fix tuhaowen (1): PM: sleep: console: Fix the black screen issue zhangjianrong (2): net: thunderbolt: Enable end-to-end flow control also in transmit net: thunderbolt: Fix the parameter passing of tb_xdomain_enable_paths()/tb_xdomain_disable_paths() Álvaro Fernández Rojas (6): net: dsa: b53: ensure BCM5325 PHYs are enabled net: dsa: b53: fix b53_imp_vlan_setup for BCM5325 net: dsa: b53: prevent GMII_PORT_OVERRIDE_CTRL access on BCM5325 net: dsa: b53: prevent DIS_LEARNING access on BCM5325 net: dsa: b53: prevent SWITCH_CTRL access on BCM5325 net: dsa: b53: fix IP_MULTICAST_CTRL on BCM5325

2 months, 3 weeks

1
1
0 0

[PATCH] x86: XOP prefix instructions decoder support

by Masami Hiramatsu (Google)

From: Masami Hiramatsu (Google) <mhiramat(a)kernel.org> Support decoding AMD's XOP prefix encoded instructions. These instructions are introduced for Bulldozer micro architecture, and not supported on Intel's processors. But when compiling kernel with CONFIG_X86_NATIVE_CPU on some AMD processor (e.g. -march=bdver2), these instructions can be used. Reported-by: Alan J. Wylie <alan(a)wylie.me.uk> Closes: https://lore.kernel.org/all/871pq06728.fsf@wylie.me.uk/ Signed-off-by: Masami Hiramatsu (Google) <mhiramat(a)kernel.org> --- arch/x86/include/asm/inat.h | 15 +++ arch/x86/include/asm/insn.h | 51 +++++++++ arch/x86/lib/inat.c | 13 ++ arch/x86/lib/insn.c | 35 +++++- arch/x86/lib/x86-opcode-map.txt | 111 ++++++++++++++++++++ arch/x86/tools/gen-insn-attr-x86.awk | 44 ++++++++ tools/arch/x86/include/asm/inat.h | 15 +++ tools/arch/x86/include/asm/insn.h | 51 +++++++++ tools/arch/x86/lib/inat.c | 13 ++ tools/arch/x86/lib/insn.c | 35 +++++- tools/arch/x86/lib/x86-opcode-map.txt | 111 ++++++++++++++++++++ tools/arch/x86/tools/gen-insn-attr-x86.awk | 44 ++++++++ .../util/intel-pt-decoder/intel-pt-insn-decoder.c | 2 13 files changed, 513 insertions(+), 27 deletions(-) diff --git a/arch/x86/include/asm/inat.h b/arch/x86/include/asm/inat.h index 97f341777db5..1b3060a3425c 100644 --- a/arch/x86/include/asm/inat.h +++ b/arch/x86/include/asm/inat.h @@ -37,6 +37,8 @@ #define INAT_PFX_EVEX 15 /* EVEX prefix */ /* x86-64 REX2 prefix */ #define INAT_PFX_REX2 16 /* 0xD5 */ +/* AMD XOP prefix */ +#define INAT_PFX_XOP 17 /* 0x8F */ #define INAT_LSTPFX_MAX 3 #define INAT_LGCPFX_MAX 11 @@ -77,6 +79,7 @@ #define INAT_MOFFSET (1 << (INAT_FLAG_OFFS + 3)) #define INAT_VARIANT (1 << (INAT_FLAG_OFFS + 4)) #define INAT_VEXOK (1 << (INAT_FLAG_OFFS + 5)) +#define INAT_XOPOK INAT_VEXOK #define INAT_VEXONLY (1 << (INAT_FLAG_OFFS + 6)) #define INAT_EVEXONLY (1 << (INAT_FLAG_OFFS + 7)) #define INAT_NO_REX2 (1 << (INAT_FLAG_OFFS + 8)) @@ -111,6 +114,8 @@ extern insn_attr_t inat_get_group_attribute(insn_byte_t modrm, extern insn_attr_t inat_get_avx_attribute(insn_byte_t opcode, insn_byte_t vex_m, insn_byte_t vex_pp); +extern insn_attr_t inat_get_xop_attribute(insn_byte_t opcode, + insn_byte_t map_select); /* Attribute checking functions */ static inline int inat_is_legacy_prefix(insn_attr_t attr) @@ -164,6 +169,11 @@ static inline int inat_is_vex3_prefix(insn_attr_t attr) return (attr & INAT_PFX_MASK) == INAT_PFX_VEX3; } +static inline int inat_is_xop_prefix(insn_attr_t attr) +{ + return (attr & INAT_PFX_MASK) == INAT_PFX_XOP; +} + static inline int inat_is_escape(insn_attr_t attr) { return attr & INAT_ESC_MASK; @@ -229,6 +239,11 @@ static inline int inat_accept_vex(insn_attr_t attr) return attr & INAT_VEXOK; } +static inline int inat_accept_xop(insn_attr_t attr) +{ + return attr & INAT_XOPOK; +} + static inline int inat_must_vex(insn_attr_t attr) { return attr & (INAT_VEXONLY | INAT_EVEXONLY); diff --git a/arch/x86/include/asm/insn.h b/arch/x86/include/asm/insn.h index 7152ea809e6a..091f88c8254d 100644 --- a/arch/x86/include/asm/insn.h +++ b/arch/x86/include/asm/insn.h @@ -71,7 +71,10 @@ struct insn { * prefixes.bytes[3]: last prefix */ struct insn_field rex_prefix; /* REX prefix */ - struct insn_field vex_prefix; /* VEX prefix */ + union { + struct insn_field vex_prefix; /* VEX prefix */ + struct insn_field xop_prefix; /* XOP prefix */ + }; struct insn_field opcode; /* * opcode.bytes[0]: opcode1 * opcode.bytes[1]: opcode2 @@ -135,6 +138,17 @@ struct insn { #define X86_VEX_V(vex) (((vex) & 0x78) >> 3) /* VEX3 Byte2, VEX2 Byte1 */ #define X86_VEX_P(vex) ((vex) & 0x03) /* VEX3 Byte2, VEX2 Byte1 */ #define X86_VEX_M_MAX 0x1f /* VEX3.M Maximum value */ +/* XOP bit fields */ +#define X86_XOP_R(xop) ((xop) & 0x80) /* XOP Byte2 */ +#define X86_XOP_X(xop) ((xop) & 0x40) /* XOP Byte2 */ +#define X86_XOP_B(xop) ((xop) & 0x20) /* XOP Byte2 */ +#define X86_XOP_M(xop) ((xop) & 0x1f) /* XOP Byte2 */ +#define X86_XOP_W(xop) ((xop) & 0x80) /* XOP Byte3 */ +#define X86_XOP_V(xop) ((xop) & 0x78) /* XOP Byte3 */ +#define X86_XOP_L(xop) ((xop) & 0x04) /* XOP Byte3 */ +#define X86_XOP_P(xop) ((xop) & 0x03) /* XOP Byte3 */ +#define X86_XOP_M_MIN 0x08 /* Min of XOP.M */ +#define X86_XOP_M_MAX 0x1f /* Max of XOP.M */ extern void insn_init(struct insn *insn, const void *kaddr, int buf_len, int x86_64); extern int insn_get_prefixes(struct insn *insn); @@ -178,7 +192,7 @@ static inline insn_byte_t insn_rex2_m_bit(struct insn *insn) return X86_REX2_M(insn->rex_prefix.bytes[1]); } -static inline int insn_is_avx(struct insn *insn) +static inline int insn_is_avx_or_xop(struct insn *insn) { if (!insn->prefixes.got) insn_get_prefixes(insn); @@ -192,6 +206,22 @@ static inline int insn_is_evex(struct insn *insn) return (insn->vex_prefix.nbytes == 4); } +/* If we already know this is AVX/XOP encoded */ +static inline int avx_insn_is_xop(struct insn *insn) +{ + insn_attr_t attr = inat_get_opcode_attribute(insn->vex_prefix.bytes[0]); + + return inat_is_xop_prefix(attr); +} + +static inline int insn_is_xop(struct insn *insn) +{ + if (!insn_is_avx_or_xop(insn)) + return 0; + + return avx_insn_is_xop(insn); +} + static inline int insn_has_emulate_prefix(struct insn *insn) { return !!insn->emulate_prefix_size; @@ -222,11 +252,26 @@ static inline insn_byte_t insn_vex_w_bit(struct insn *insn) return X86_VEX_W(insn->vex_prefix.bytes[2]); } +static inline insn_byte_t insn_xop_map_bits(struct insn *insn) +{ + if (insn->xop_prefix.nbytes < 3) /* XOP is 3 bytes */ + return 0; + return X86_XOP_M(insn->xop_prefix.bytes[1]); +} + +static inline insn_byte_t insn_xop_p_bits(struct insn *insn) +{ + return X86_XOP_P(insn->vex_prefix.bytes[2]); +} + /* Get the last prefix id from last prefix or VEX prefix */ static inline int insn_last_prefix_id(struct insn *insn) { - if (insn_is_avx(insn)) + if (insn_is_avx_or_xop(insn)) { + if (avx_insn_is_xop(insn)) + return insn_xop_p_bits(insn); return insn_vex_p_bits(insn); /* VEX_p is a SIMD prefix id */ + } if (insn->prefixes.bytes[3]) return inat_get_last_prefix_id(insn->prefixes.bytes[3]); diff --git a/arch/x86/lib/inat.c b/arch/x86/lib/inat.c index b0f3b2a62ae2..a5cafd402cfd 100644 --- a/arch/x86/lib/inat.c +++ b/arch/x86/lib/inat.c @@ -81,3 +81,16 @@ insn_attr_t inat_get_avx_attribute(insn_byte_t opcode, insn_byte_t vex_m, return table[opcode]; } +insn_attr_t inat_get_xop_attribute(insn_byte_t opcode, insn_byte_t map_select) +{ + const insn_attr_t *table; + + if (map_select < X86_XOP_M_MIN || map_select > X86_XOP_M_MAX) + return 0; + map_select -= X86_XOP_M_MIN; + /* At first, this checks the master table */ + table = inat_xop_tables[map_select]; + if (!table) + return 0; + return table[opcode]; +} diff --git a/arch/x86/lib/insn.c b/arch/x86/lib/insn.c index 149a57e334ab..225af1399c9d 100644 --- a/arch/x86/lib/insn.c +++ b/arch/x86/lib/insn.c @@ -200,12 +200,15 @@ int insn_get_prefixes(struct insn *insn) } insn->rex_prefix.got = 1; - /* Decode VEX prefix */ + /* Decode VEX/XOP prefix */ b = peek_next(insn_byte_t, insn); - attr = inat_get_opcode_attribute(b); - if (inat_is_vex_prefix(attr)) { + if (inat_is_vex_prefix(attr) || inat_is_xop_prefix(attr)) { insn_byte_t b2 = peek_nbyte_next(insn_byte_t, insn, 1); - if (!insn->x86_64) { + + if (inat_is_xop_prefix(attr) && X86_MODRM_REG(b2) == 0) { + /* Grp1A.0 is always POP Ev */ + goto vex_end; + } else if (!insn->x86_64) { /* * In 32-bits mode, if the [7:6] bits (mod bits of * ModRM) on the second byte are not 11b, it is @@ -226,13 +229,13 @@ int insn_get_prefixes(struct insn *insn) if (insn->x86_64 && X86_VEX_W(b2)) /* VEX.W overrides opnd_size */ insn->opnd_bytes = 8; - } else if (inat_is_vex3_prefix(attr)) { + } else if (inat_is_vex3_prefix(attr) || inat_is_xop_prefix(attr)) { b2 = peek_nbyte_next(insn_byte_t, insn, 2); insn_set_byte(&insn->vex_prefix, 2, b2); insn->vex_prefix.nbytes = 3; insn->next_byte += 3; if (insn->x86_64 && X86_VEX_W(b2)) - /* VEX.W overrides opnd_size */ + /* VEX.W/XOP.W overrides opnd_size */ insn->opnd_bytes = 8; } else { /* @@ -288,9 +291,22 @@ int insn_get_opcode(struct insn *insn) insn_set_byte(opcode, 0, op); opcode->nbytes = 1; - /* Check if there is VEX prefix or not */ - if (insn_is_avx(insn)) { + /* Check if there is VEX/XOP prefix or not */ + if (insn_is_avx_or_xop(insn)) { insn_byte_t m, p; + + /* XOP prefix has different encoding */ + if (unlikely(avx_insn_is_xop(insn))) { + m = insn_xop_map_bits(insn); + insn->attr = inat_get_xop_attribute(op, m); + if (!inat_accept_xop(insn->attr)) { + insn->attr = 0; + return -EINVAL; + } + /* XOP has only 1 byte for opcode */ + goto end; + } + m = insn_vex_m_bits(insn); p = insn_vex_p_bits(insn); insn->attr = inat_get_avx_attribute(op, m, p); @@ -383,7 +399,8 @@ int insn_get_modrm(struct insn *insn) pfx_id = insn_last_prefix_id(insn); insn->attr = inat_get_group_attribute(mod, pfx_id, insn->attr); - if (insn_is_avx(insn) && !inat_accept_vex(insn->attr)) { + if (insn_is_avx_or_xop(insn) && !inat_accept_vex(insn->attr) && + !inat_accept_xop(insn->attr)) { /* Bad insn */ insn->attr = 0; return -EINVAL; diff --git a/arch/x86/lib/x86-opcode-map.txt b/arch/x86/lib/x86-opcode-map.txt index 262f7ca1fb95..2a4e69ecc2de 100644 --- a/arch/x86/lib/x86-opcode-map.txt +++ b/arch/x86/lib/x86-opcode-map.txt @@ -27,6 +27,11 @@ # (evo): this opcode is changed by EVEX prefix (EVEX opcode) # (v): this opcode requires VEX prefix. # (v1): this opcode only supports 128bit VEX. +# (xop): this opcode accepts XOP prefix. +# +# XOP Superscripts +# (W=0): this opcode requires XOP.W == 0 +# (W=1): this opcode requires XOP.W == 1 # # Last Prefix Superscripts # - (66): the last prefix is 0x66 @@ -194,7 +199,7 @@ AVXcode: 8c: MOV Ev,Sw 8d: LEA Gv,M 8e: MOV Sw,Ew -8f: Grp1A (1A) | POP Ev (d64) +8f: Grp1A (1A) | POP Ev (d64) | XOP (Prefix) # 0x90 - 0x9f 90: NOP | PAUSE (F3) | XCHG r8,rAX 91: XCHG rCX/r9,rAX @@ -1106,6 +1111,84 @@ AVXcode: 7 f8: URDMSR Rq,Id (F2),(v1),(11B) | UWRMSR Id,Rq (F3),(v1),(11B) EndTable +# From AMD64 Architecture Programmer's Manual Vol3, Appendix A.1.5 +Table: XOP map 8h +Referrer: +XOPcode: 0 +85: VPMACSSWW Vo,Ho,Wo,Lo +86: VPMACSSWD Vo,Ho,Wo,Lo +87: VPMACSSDQL Vo,Ho,Wo,Lo +8e: VPMACSSDD Vo,Ho,Wo,Lo +8f: VPMACSSDQH Vo,Ho,Wo,Lo +95: VPMACSWW Vo,Ho,Wo,Lo +96: VPMACSWD Vo,Ho,Wo,Lo +97: VPMACSDQL Vo,Ho,Wo,Lo +9e: VPMACSDD Vo,Ho,Wo,Lo +9f: VPMACSDQH Vo,Ho,Wo,Lo +a2: VPCMOV Vx,Hx,Wx,Lx (W=0) | VPCMOV Vx,Hx,Lx,Wx (W=1) +a3: VPPERM Vo,Ho,Wo,Lo (W=0) | VPPERM Vo,Ho,Lo,Wo (W=1) +a6: VPMADCSSWD Vo,Ho,Wo,Lo +b6: VPMADCSWD Vo,Ho,Wo,Lo +c0: VPROTB Vo,Wo,Ib +c1: VPROTW Vo,Wo,Ib +c2: VPROTD Vo,Wo,Ib +c3: VPROTQ Vo,Wo,Ib +cc: VPCOMccB Vo,Ho,Wo,Ib +cd: VPCOMccW Vo,Ho,Wo,Ib +ce: VPCOMccD Vo,Ho,Wo,Ib +cf: VPCOMccQ Vo,Ho,Wo,Ib +ec: VPCOMccUB Vo,Ho,Wo,Ib +ed: VPCOMccUW Vo,Ho,Wo,Ib +ee: VPCOMccUD Vo,Ho,Wo,Ib +ef: VPCOMccUQ Vo,Ho,Wo,Ib +EndTable + +Table: XOP map 9h +Referrer: +XOPcode: 1 +01: GrpXOP1 +02: GrpXOP2 +12: GrpXOP3 +80: VFRCZPS Vx,Wx +81: VFRCZPD Vx,Wx +82: VFRCZSS Vq,Wss +83: VFRCZSD Vq,Wsd +90: VPROTB Vo,Wo,Ho (W=0) | VPROTB Vo,Ho,Wo (W=1) +91: VPROTW Vo,Wo,Ho (W=0) | VPROTB Vo,Ho,Wo (W=1) +92: VPROTD Vo,Wo,Ho (W=0) | VPROTB Vo,Ho,Wo (W=1) +93: VPROTQ Vo,Wo,Ho (W=0) | VPROTB Vo,Ho,Wo (W=1) +94: VPSHLB Vo,Wo,Ho (W=0) | VPSHLB Vo,Ho,Wo (W=1) +95: VPSHLW Vo,Wo,Ho (W=0) | VPSHLW Vo,Ho,Wo (W=1) +96: VPSHLD Vo,Wo,Ho (W=0) | VPSHLD Vo,Ho,Wo (W=1) +97: VPSHLQ Vo,Wo,Ho (W=0) | VPSHLQ Vo,Ho,Wo (W=1) +98: VPSHAB Vo,Wo,Ho (W=0) | VPSHAB Vo,Ho,Wo (W=1) +99: VPSHAW Vo,Wo,Ho (W=0) | VPSHAW Vo,Ho,Wo (W=1) +9a: VPSHAD Vo,Wo,Ho (W=0) | VPSHAD Vo,Ho,Wo (W=1) +9b: VPSHAQ Vo,Wo,Ho (W=0) | VPSHAQ Vo,Ho,Wo (W=1) +c1: VPHADDBW Vo,Wo +c2: VPHADDBD Vo,Wo +c3: VPHADDBQ Vo,Wo +c6: VPHADDWD Vo,Wo +c7: VPHADDWQ Vo,Wo +cb: VPHADDDQ Vo,Wo +d1: VPHADDUBWD Vo,Wo +d2: VPHADDUBD Vo,Wo +d3: VPHADDUBQ Vo,Wo +d6: VPHADDUWD Vo,Wo +d7: VPHADDUWQ Vo,Wo +db: VPHADDUDQ Vo,Wo +e1: VPHSUBBW Vo,Wo +e2: VPHSUBWD Vo,Wo +e3: VPHSUBDQ Vo,Wo +EndTable + +Table: XOP map Ah +Referrer: +XOPcode: 2 +10: BEXTR Gy,Ey,Id +12: GrpXOP4 +EndTable + GrpTable: Grp1 0: ADD 1: OR @@ -1320,3 +1403,29 @@ GrpTable: GrpRNG 4: xcrypt-cfb 5: xcrypt-ofb EndTable + +# GrpXOP1-4 is shown in AMD APM Vol.3 Appendix A as XOP group #1-4 +GrpTable: GrpXOP1 +1: BLCFILL By,Ey (xop) +2: BLSFILL By,Ey (xop) +3: BLCS By,Ey (xop) +4: TZMSK By,Ey (xop) +5: BLCIC By,Ey (xop) +6: BLSIC By,Ey (xop) +7: T1MSKC By,Ey (xop) +EndTable + +GrpTable: GrpXOP2 +1: BLCMSK By,Ey (xop) +6: BLCI By,Ey (xop) +EndTable + +GrpTable: GrpXOP3 +0: LLWPCB Ry (xop) +1: SLWPCB Ry (xop) +EndTable + +GrpTable: GrpXOP4 +0: LWPINS By,Ed,Id (xop) +1: LWPVAL By,Ed,Id (xop) +EndTable diff --git a/arch/x86/tools/gen-insn-attr-x86.awk b/arch/x86/tools/gen-insn-attr-x86.awk index 2c19d7fc8a85..7ea1b75e59b7 100644 --- a/arch/x86/tools/gen-insn-attr-x86.awk +++ b/arch/x86/tools/gen-insn-attr-x86.awk @@ -21,6 +21,7 @@ function clear_vars() { eid = -1 # escape id gid = -1 # group id aid = -1 # AVX id + xopid = -1 # XOP id tname = "" } @@ -39,9 +40,11 @@ BEGIN { ggid = 1 geid = 1 gaid = 0 + gxopid = 0 delete etable delete gtable delete atable + delete xoptable opnd_expr = "^[A-Za-z/]" ext_expr = "^\$" @@ -61,6 +64,7 @@ BEGIN { imm_flag["Ob"] = "INAT_MOFFSET" imm_flag["Ov"] = "INAT_MOFFSET" imm_flag["Lx"] = "INAT_MAKE_IMM(INAT_IMM_BYTE)" + imm_flag["Lo"] = "INAT_MAKE_IMM(INAT_IMM_BYTE)" modrm_expr = "^([CDEGMNPQRSUVW/][a-z]+|NTA|T[012])" force64_expr = "\\([df]64\$" @@ -87,6 +91,8 @@ BEGIN { evexonly_expr = "\$ev\$" # (es) is the same as (ev) but also "SCALABLE" i.e. W and pp determine operand size evex_scalable_expr = "\$es\$" + # All opcodes in XOP table or with (xop) superscript accept XOP prefix + xopok_expr = "\$xop\$" prefix_expr = "\$Prefix\$" prefix_num["Operand-Size"] = "INAT_PFX_OPNDSZ" @@ -106,6 +112,7 @@ BEGIN { prefix_num["VEX+2byte"] = "INAT_PFX_VEX3" prefix_num["EVEX"] = "INAT_PFX_EVEX" prefix_num["REX2"] = "INAT_PFX_REX2" + prefix_num["XOP"] = "INAT_PFX_XOP" clear_vars() } @@ -147,6 +154,7 @@ function array_size(arr, i,c) { if (NF != 1) { # AVX/escape opcode table aid = $2 + xopid = -1 if (gaid <= aid) gaid = aid + 1 if (tname == "") # AVX only opcode table @@ -156,6 +164,20 @@ function array_size(arr, i,c) { tname = "inat_primary_table" } +/^XOPcode:/ { + if (NF != 1) { + # XOP opcode table + xopid = $2 + aid = -1 + if (gxopid <= xopid) + gxopid = xopid + 1 + if (tname == "") # XOP only opcode table + tname = sprintf("inat_xop_table_%d", $2) + } + if (xopid == -1 && eid == -1) # primary opcode table + tname = "inat_primary_table" +} + /^GrpTable:/ { print "/* " $0 " */" if (!($2 in group)) @@ -206,6 +228,8 @@ function print_table(tbl,name,fmt,n) etable[eid,0] = tname if (aid >= 0) atable[aid,0] = tname + else if (xopid >= 0) + xoptable[xopid] = tname } if (array_size(lptable1) != 0) { print_table(lptable1,tname "_1[INAT_OPCODE_TABLE_SIZE]", @@ -347,6 +371,8 @@ function convert_operands(count,opnd, i,j,imm,mod) flags = add_flags(flags, "INAT_VEXOK | INAT_VEXONLY") else if (match(ext, vexok_expr) || match(opcode, vexok_opcode_expr)) flags = add_flags(flags, "INAT_VEXOK") + else if (match(ext, xopok_expr) || xopid >= 0) + flags = add_flags(flags, "INAT_XOPOK") # check prefixes if (match(ext, prefix_expr)) { @@ -413,6 +439,14 @@ END { print " ["i"]["j"] = "atable[i,j]"," print "};\n" + print "/* XOP opcode map array */" + print "const insn_attr_t * const inat_xop_tables[X86_XOP_M_MAX - X86_XOP_M_MIN + 1]" \ + " = {" + for (i = 0; i < gxopid; i++) + if (xoptable[i]) + print " ["i"] = "xoptable[i]"," + print "};" + print "#else /* !__BOOT_COMPRESSED */\n" print "/* Escape opcode map array */" @@ -430,6 +464,10 @@ END { "[INAT_LSTPFX_MAX + 1];" print "" + print "/* XOP opcode map array */" + print "static const insn_attr_t *inat_xop_tables[X86_XOP_M_MAX - X86_XOP_M_MIN + 1];" + print "" + print "static void inat_init_tables(void)" print "{" @@ -455,6 +493,12 @@ END { if (atable[i,j]) print "\tinat_avx_tables["i"]["j"] = "atable[i,j]";" + print "" + print "\t/* Print XOP opcode map array */" + for (i = 0; i < gxopid; i++) + if (xoptable[i]) + print "\tinat_xop_tables["i"] = "xoptable[i]";" + print "}" print "#endif" } diff --git a/tools/arch/x86/include/asm/inat.h b/tools/arch/x86/include/asm/inat.h index 183aa662b165..099e926595bd 100644 --- a/tools/arch/x86/include/asm/inat.h +++ b/tools/arch/x86/include/asm/inat.h @@ -37,6 +37,8 @@ #define INAT_PFX_EVEX 15 /* EVEX prefix */ /* x86-64 REX2 prefix */ #define INAT_PFX_REX2 16 /* 0xD5 */ +/* AMD XOP prefix */ +#define INAT_PFX_XOP 17 /* 0x8F */ #define INAT_LSTPFX_MAX 3 #define INAT_LGCPFX_MAX 11 @@ -77,6 +79,7 @@ #define INAT_MOFFSET (1 << (INAT_FLAG_OFFS + 3)) #define INAT_VARIANT (1 << (INAT_FLAG_OFFS + 4)) #define INAT_VEXOK (1 << (INAT_FLAG_OFFS + 5)) +#define INAT_XOPOK INAT_VEXOK #define INAT_VEXONLY (1 << (INAT_FLAG_OFFS + 6)) #define INAT_EVEXONLY (1 << (INAT_FLAG_OFFS + 7)) #define INAT_NO_REX2 (1 << (INAT_FLAG_OFFS + 8)) @@ -111,6 +114,8 @@ extern insn_attr_t inat_get_group_attribute(insn_byte_t modrm, extern insn_attr_t inat_get_avx_attribute(insn_byte_t opcode, insn_byte_t vex_m, insn_byte_t vex_pp); +extern insn_attr_t inat_get_xop_attribute(insn_byte_t opcode, + insn_byte_t map_select); /* Attribute checking functions */ static inline int inat_is_legacy_prefix(insn_attr_t attr) @@ -164,6 +169,11 @@ static inline int inat_is_vex3_prefix(insn_attr_t attr) return (attr & INAT_PFX_MASK) == INAT_PFX_VEX3; } +static inline int inat_is_xop_prefix(insn_attr_t attr) +{ + return (attr & INAT_PFX_MASK) == INAT_PFX_XOP; +} + static inline int inat_is_escape(insn_attr_t attr) { return attr & INAT_ESC_MASK; @@ -229,6 +239,11 @@ static inline int inat_accept_vex(insn_attr_t attr) return attr & INAT_VEXOK; } +static inline int inat_accept_xop(insn_attr_t attr) +{ + return attr & INAT_XOPOK; +} + static inline int inat_must_vex(insn_attr_t attr) { return attr & (INAT_VEXONLY | INAT_EVEXONLY); diff --git a/tools/arch/x86/include/asm/insn.h b/tools/arch/x86/include/asm/insn.h index 0e5abd896ad4..c683d609934b 100644 --- a/tools/arch/x86/include/asm/insn.h +++ b/tools/arch/x86/include/asm/insn.h @@ -71,7 +71,10 @@ struct insn { * prefixes.bytes[3]: last prefix */ struct insn_field rex_prefix; /* REX prefix */ - struct insn_field vex_prefix; /* VEX prefix */ + union { + struct insn_field vex_prefix; /* VEX prefix */ + struct insn_field xop_prefix; /* XOP prefix */ + }; struct insn_field opcode; /* * opcode.bytes[0]: opcode1 * opcode.bytes[1]: opcode2 @@ -135,6 +138,17 @@ struct insn { #define X86_VEX_V(vex) (((vex) & 0x78) >> 3) /* VEX3 Byte2, VEX2 Byte1 */ #define X86_VEX_P(vex) ((vex) & 0x03) /* VEX3 Byte2, VEX2 Byte1 */ #define X86_VEX_M_MAX 0x1f /* VEX3.M Maximum value */ +/* XOP bit fields */ +#define X86_XOP_R(xop) ((xop) & 0x80) /* XOP Byte2 */ +#define X86_XOP_X(xop) ((xop) & 0x40) /* XOP Byte2 */ +#define X86_XOP_B(xop) ((xop) & 0x20) /* XOP Byte2 */ +#define X86_XOP_M(xop) ((xop) & 0x1f) /* XOP Byte2 */ +#define X86_XOP_W(xop) ((xop) & 0x80) /* XOP Byte3 */ +#define X86_XOP_V(xop) ((xop) & 0x78) /* XOP Byte3 */ +#define X86_XOP_L(xop) ((xop) & 0x04) /* XOP Byte3 */ +#define X86_XOP_P(xop) ((xop) & 0x03) /* XOP Byte3 */ +#define X86_XOP_M_MIN 0x08 /* Min of XOP.M */ +#define X86_XOP_M_MAX 0x1f /* Max of XOP.M */ extern void insn_init(struct insn *insn, const void *kaddr, int buf_len, int x86_64); extern int insn_get_prefixes(struct insn *insn); @@ -178,7 +192,7 @@ static inline insn_byte_t insn_rex2_m_bit(struct insn *insn) return X86_REX2_M(insn->rex_prefix.bytes[1]); } -static inline int insn_is_avx(struct insn *insn) +static inline int insn_is_avx_or_xop(struct insn *insn) { if (!insn->prefixes.got) insn_get_prefixes(insn); @@ -192,6 +206,22 @@ static inline int insn_is_evex(struct insn *insn) return (insn->vex_prefix.nbytes == 4); } +/* If we already know this is AVX/XOP encoded */ +static inline int avx_insn_is_xop(struct insn *insn) +{ + insn_attr_t attr = inat_get_opcode_attribute(insn->vex_prefix.bytes[0]); + + return inat_is_xop_prefix(attr); +} + +static inline int insn_is_xop(struct insn *insn) +{ + if (!insn_is_avx_or_xop(insn)) + return 0; + + return avx_insn_is_xop(insn); +} + static inline int insn_has_emulate_prefix(struct insn *insn) { return !!insn->emulate_prefix_size; @@ -222,11 +252,26 @@ static inline insn_byte_t insn_vex_w_bit(struct insn *insn) return X86_VEX_W(insn->vex_prefix.bytes[2]); } +static inline insn_byte_t insn_xop_map_bits(struct insn *insn) +{ + if (insn->xop_prefix.nbytes < 3) /* XOP is 3 bytes */ + return 0; + return X86_XOP_M(insn->xop_prefix.bytes[1]); +} + +static inline insn_byte_t insn_xop_p_bits(struct insn *insn) +{ + return X86_XOP_P(insn->vex_prefix.bytes[2]); +} + /* Get the last prefix id from last prefix or VEX prefix */ static inline int insn_last_prefix_id(struct insn *insn) { - if (insn_is_avx(insn)) + if (insn_is_avx_or_xop(insn)) { + if (avx_insn_is_xop(insn)) + return insn_xop_p_bits(insn); return insn_vex_p_bits(insn); /* VEX_p is a SIMD prefix id */ + } if (insn->prefixes.bytes[3]) return inat_get_last_prefix_id(insn->prefixes.bytes[3]); diff --git a/tools/arch/x86/lib/inat.c b/tools/arch/x86/lib/inat.c index dfbcc6405941..ffcb0e27453b 100644 --- a/tools/arch/x86/lib/inat.c +++ b/tools/arch/x86/lib/inat.c @@ -81,3 +81,16 @@ insn_attr_t inat_get_avx_attribute(insn_byte_t opcode, insn_byte_t vex_m, return table[opcode]; } +insn_attr_t inat_get_xop_attribute(insn_byte_t opcode, insn_byte_t map_select) +{ + const insn_attr_t *table; + + if (map_select < X86_XOP_M_MIN || map_select > X86_XOP_M_MAX) + return 0; + map_select -= X86_XOP_M_MIN; + /* At first, this checks the master table */ + table = inat_xop_tables[map_select]; + if (!table) + return 0; + return table[opcode]; +} diff --git a/tools/arch/x86/lib/insn.c b/tools/arch/x86/lib/insn.c index bce69c6bfa69..1d1c57c74d1f 100644 --- a/tools/arch/x86/lib/insn.c +++ b/tools/arch/x86/lib/insn.c @@ -200,12 +200,15 @@ int insn_get_prefixes(struct insn *insn) } insn->rex_prefix.got = 1; - /* Decode VEX prefix */ + /* Decode VEX/XOP prefix */ b = peek_next(insn_byte_t, insn); - attr = inat_get_opcode_attribute(b); - if (inat_is_vex_prefix(attr)) { + if (inat_is_vex_prefix(attr) || inat_is_xop_prefix(attr)) { insn_byte_t b2 = peek_nbyte_next(insn_byte_t, insn, 1); - if (!insn->x86_64) { + + if (inat_is_xop_prefix(attr) && X86_MODRM_REG(b2) == 0) { + /* Grp1A.0 is always POP Ev */ + goto vex_end; + } else if (!insn->x86_64) { /* * In 32-bits mode, if the [7:6] bits (mod bits of * ModRM) on the second byte are not 11b, it is @@ -226,13 +229,13 @@ int insn_get_prefixes(struct insn *insn) if (insn->x86_64 && X86_VEX_W(b2)) /* VEX.W overrides opnd_size */ insn->opnd_bytes = 8; - } else if (inat_is_vex3_prefix(attr)) { + } else if (inat_is_vex3_prefix(attr) || inat_is_xop_prefix(attr)) { b2 = peek_nbyte_next(insn_byte_t, insn, 2); insn_set_byte(&insn->vex_prefix, 2, b2); insn->vex_prefix.nbytes = 3; insn->next_byte += 3; if (insn->x86_64 && X86_VEX_W(b2)) - /* VEX.W overrides opnd_size */ + /* VEX.W/XOP.W overrides opnd_size */ insn->opnd_bytes = 8; } else { /* @@ -288,9 +291,22 @@ int insn_get_opcode(struct insn *insn) insn_set_byte(opcode, 0, op); opcode->nbytes = 1; - /* Check if there is VEX prefix or not */ - if (insn_is_avx(insn)) { + /* Check if there is VEX/XOP prefix or not */ + if (insn_is_avx_or_xop(insn)) { insn_byte_t m, p; + + /* XOP prefix has different encoding */ + if (unlikely(avx_insn_is_xop(insn))) { + m = insn_xop_map_bits(insn); + insn->attr = inat_get_xop_attribute(op, m); + if (!inat_accept_xop(insn->attr)) { + insn->attr = 0; + return -EINVAL; + } + /* XOP has only 1 byte for opcode */ + goto end; + } + m = insn_vex_m_bits(insn); p = insn_vex_p_bits(insn); insn->attr = inat_get_avx_attribute(op, m, p); @@ -383,7 +399,8 @@ int insn_get_modrm(struct insn *insn) pfx_id = insn_last_prefix_id(insn); insn->attr = inat_get_group_attribute(mod, pfx_id, insn->attr); - if (insn_is_avx(insn) && !inat_accept_vex(insn->attr)) { + if (insn_is_avx_or_xop(insn) && !inat_accept_vex(insn->attr) && + !inat_accept_xop(insn->attr)) { /* Bad insn */ insn->attr = 0; return -EINVAL; diff --git a/tools/arch/x86/lib/x86-opcode-map.txt b/tools/arch/x86/lib/x86-opcode-map.txt index 262f7ca1fb95..2a4e69ecc2de 100644 --- a/tools/arch/x86/lib/x86-opcode-map.txt +++ b/tools/arch/x86/lib/x86-opcode-map.txt @@ -27,6 +27,11 @@ # (evo): this opcode is changed by EVEX prefix (EVEX opcode) # (v): this opcode requires VEX prefix. # (v1): this opcode only supports 128bit VEX. +# (xop): this opcode accepts XOP prefix. +# +# XOP Superscripts +# (W=0): this opcode requires XOP.W == 0 +# (W=1): this opcode requires XOP.W == 1 # # Last Prefix Superscripts # - (66): the last prefix is 0x66 @@ -194,7 +199,7 @@ AVXcode: 8c: MOV Ev,Sw 8d: LEA Gv,M 8e: MOV Sw,Ew -8f: Grp1A (1A) | POP Ev (d64) +8f: Grp1A (1A) | POP Ev (d64) | XOP (Prefix) # 0x90 - 0x9f 90: NOP | PAUSE (F3) | XCHG r8,rAX 91: XCHG rCX/r9,rAX @@ -1106,6 +1111,84 @@ AVXcode: 7 f8: URDMSR Rq,Id (F2),(v1),(11B) | UWRMSR Id,Rq (F3),(v1),(11B) EndTable +# From AMD64 Architecture Programmer's Manual Vol3, Appendix A.1.5 +Table: XOP map 8h +Referrer: +XOPcode: 0 +85: VPMACSSWW Vo,Ho,Wo,Lo +86: VPMACSSWD Vo,Ho,Wo,Lo +87: VPMACSSDQL Vo,Ho,Wo,Lo +8e: VPMACSSDD Vo,Ho,Wo,Lo +8f: VPMACSSDQH Vo,Ho,Wo,Lo +95: VPMACSWW Vo,Ho,Wo,Lo +96: VPMACSWD Vo,Ho,Wo,Lo +97: VPMACSDQL Vo,Ho,Wo,Lo +9e: VPMACSDD Vo,Ho,Wo,Lo +9f: VPMACSDQH Vo,Ho,Wo,Lo +a2: VPCMOV Vx,Hx,Wx,Lx (W=0) | VPCMOV Vx,Hx,Lx,Wx (W=1) +a3: VPPERM Vo,Ho,Wo,Lo (W=0) | VPPERM Vo,Ho,Lo,Wo (W=1) +a6: VPMADCSSWD Vo,Ho,Wo,Lo +b6: VPMADCSWD Vo,Ho,Wo,Lo +c0: VPROTB Vo,Wo,Ib +c1: VPROTW Vo,Wo,Ib +c2: VPROTD Vo,Wo,Ib +c3: VPROTQ Vo,Wo,Ib +cc: VPCOMccB Vo,Ho,Wo,Ib +cd: VPCOMccW Vo,Ho,Wo,Ib +ce: VPCOMccD Vo,Ho,Wo,Ib +cf: VPCOMccQ Vo,Ho,Wo,Ib +ec: VPCOMccUB Vo,Ho,Wo,Ib +ed: VPCOMccUW Vo,Ho,Wo,Ib +ee: VPCOMccUD Vo,Ho,Wo,Ib +ef: VPCOMccUQ Vo,Ho,Wo,Ib +EndTable + +Table: XOP map 9h +Referrer: +XOPcode: 1 +01: GrpXOP1 +02: GrpXOP2 +12: GrpXOP3 +80: VFRCZPS Vx,Wx +81: VFRCZPD Vx,Wx +82: VFRCZSS Vq,Wss +83: VFRCZSD Vq,Wsd +90: VPROTB Vo,Wo,Ho (W=0) | VPROTB Vo,Ho,Wo (W=1) +91: VPROTW Vo,Wo,Ho (W=0) | VPROTB Vo,Ho,Wo (W=1) +92: VPROTD Vo,Wo,Ho (W=0) | VPROTB Vo,Ho,Wo (W=1) +93: VPROTQ Vo,Wo,Ho (W=0) | VPROTB Vo,Ho,Wo (W=1) +94: VPSHLB Vo,Wo,Ho (W=0) | VPSHLB Vo,Ho,Wo (W=1) +95: VPSHLW Vo,Wo,Ho (W=0) | VPSHLW Vo,Ho,Wo (W=1) +96: VPSHLD Vo,Wo,Ho (W=0) | VPSHLD Vo,Ho,Wo (W=1) +97: VPSHLQ Vo,Wo,Ho (W=0) | VPSHLQ Vo,Ho,Wo (W=1) +98: VPSHAB Vo,Wo,Ho (W=0) | VPSHAB Vo,Ho,Wo (W=1) +99: VPSHAW Vo,Wo,Ho (W=0) | VPSHAW Vo,Ho,Wo (W=1) +9a: VPSHAD Vo,Wo,Ho (W=0) | VPSHAD Vo,Ho,Wo (W=1) +9b: VPSHAQ Vo,Wo,Ho (W=0) | VPSHAQ Vo,Ho,Wo (W=1) +c1: VPHADDBW Vo,Wo +c2: VPHADDBD Vo,Wo +c3: VPHADDBQ Vo,Wo +c6: VPHADDWD Vo,Wo +c7: VPHADDWQ Vo,Wo +cb: VPHADDDQ Vo,Wo +d1: VPHADDUBWD Vo,Wo +d2: VPHADDUBD Vo,Wo +d3: VPHADDUBQ Vo,Wo +d6: VPHADDUWD Vo,Wo +d7: VPHADDUWQ Vo,Wo +db: VPHADDUDQ Vo,Wo +e1: VPHSUBBW Vo,Wo +e2: VPHSUBWD Vo,Wo +e3: VPHSUBDQ Vo,Wo +EndTable + +Table: XOP map Ah +Referrer: +XOPcode: 2 +10: BEXTR Gy,Ey,Id +12: GrpXOP4 +EndTable + GrpTable: Grp1 0: ADD 1: OR @@ -1320,3 +1403,29 @@ GrpTable: GrpRNG 4: xcrypt-cfb 5: xcrypt-ofb EndTable + +# GrpXOP1-4 is shown in AMD APM Vol.3 Appendix A as XOP group #1-4 +GrpTable: GrpXOP1 +1: BLCFILL By,Ey (xop) +2: BLSFILL By,Ey (xop) +3: BLCS By,Ey (xop) +4: TZMSK By,Ey (xop) +5: BLCIC By,Ey (xop) +6: BLSIC By,Ey (xop) +7: T1MSKC By,Ey (xop) +EndTable + +GrpTable: GrpXOP2 +1: BLCMSK By,Ey (xop) +6: BLCI By,Ey (xop) +EndTable + +GrpTable: GrpXOP3 +0: LLWPCB Ry (xop) +1: SLWPCB Ry (xop) +EndTable + +GrpTable: GrpXOP4 +0: LWPINS By,Ed,Id (xop) +1: LWPVAL By,Ed,Id (xop) +EndTable diff --git a/tools/arch/x86/tools/gen-insn-attr-x86.awk b/tools/arch/x86/tools/gen-insn-attr-x86.awk index 2c19d7fc8a85..7ea1b75e59b7 100644 --- a/tools/arch/x86/tools/gen-insn-attr-x86.awk +++ b/tools/arch/x86/tools/gen-insn-attr-x86.awk @@ -21,6 +21,7 @@ function clear_vars() { eid = -1 # escape id gid = -1 # group id aid = -1 # AVX id + xopid = -1 # XOP id tname = "" } @@ -39,9 +40,11 @@ BEGIN { ggid = 1 geid = 1 gaid = 0 + gxopid = 0 delete etable delete gtable delete atable + delete xoptable opnd_expr = "^[A-Za-z/]" ext_expr = "^\$" @@ -61,6 +64,7 @@ BEGIN { imm_flag["Ob"] = "INAT_MOFFSET" imm_flag["Ov"] = "INAT_MOFFSET" imm_flag["Lx"] = "INAT_MAKE_IMM(INAT_IMM_BYTE)" + imm_flag["Lo"] = "INAT_MAKE_IMM(INAT_IMM_BYTE)" modrm_expr = "^([CDEGMNPQRSUVW/][a-z]+|NTA|T[012])" force64_expr = "\\([df]64\$" @@ -87,6 +91,8 @@ BEGIN { evexonly_expr = "\$ev\$" # (es) is the same as (ev) but also "SCALABLE" i.e. W and pp determine operand size evex_scalable_expr = "\$es\$" + # All opcodes in XOP table or with (xop) superscript accept XOP prefix + xopok_expr = "\$xop\$" prefix_expr = "\$Prefix\$" prefix_num["Operand-Size"] = "INAT_PFX_OPNDSZ" @@ -106,6 +112,7 @@ BEGIN { prefix_num["VEX+2byte"] = "INAT_PFX_VEX3" prefix_num["EVEX"] = "INAT_PFX_EVEX" prefix_num["REX2"] = "INAT_PFX_REX2" + prefix_num["XOP"] = "INAT_PFX_XOP" clear_vars() } @@ -147,6 +154,7 @@ function array_size(arr, i,c) { if (NF != 1) { # AVX/escape opcode table aid = $2 + xopid = -1 if (gaid <= aid) gaid = aid + 1 if (tname == "") # AVX only opcode table @@ -156,6 +164,20 @@ function array_size(arr, i,c) { tname = "inat_primary_table" } +/^XOPcode:/ { + if (NF != 1) { + # XOP opcode table + xopid = $2 + aid = -1 + if (gxopid <= xopid) + gxopid = xopid + 1 + if (tname == "") # XOP only opcode table + tname = sprintf("inat_xop_table_%d", $2) + } + if (xopid == -1 && eid == -1) # primary opcode table + tname = "inat_primary_table" +} + /^GrpTable:/ { print "/* " $0 " */" if (!($2 in group)) @@ -206,6 +228,8 @@ function print_table(tbl,name,fmt,n) etable[eid,0] = tname if (aid >= 0) atable[aid,0] = tname + else if (xopid >= 0) + xoptable[xopid] = tname } if (array_size(lptable1) != 0) { print_table(lptable1,tname "_1[INAT_OPCODE_TABLE_SIZE]", @@ -347,6 +371,8 @@ function convert_operands(count,opnd, i,j,imm,mod) flags = add_flags(flags, "INAT_VEXOK | INAT_VEXONLY") else if (match(ext, vexok_expr) || match(opcode, vexok_opcode_expr)) flags = add_flags(flags, "INAT_VEXOK") + else if (match(ext, xopok_expr) || xopid >= 0) + flags = add_flags(flags, "INAT_XOPOK") # check prefixes if (match(ext, prefix_expr)) { @@ -413,6 +439,14 @@ END { print " ["i"]["j"] = "atable[i,j]"," print "};\n" + print "/* XOP opcode map array */" + print "const insn_attr_t * const inat_xop_tables[X86_XOP_M_MAX - X86_XOP_M_MIN + 1]" \ + " = {" + for (i = 0; i < gxopid; i++) + if (xoptable[i]) + print " ["i"] = "xoptable[i]"," + print "};" + print "#else /* !__BOOT_COMPRESSED */\n" print "/* Escape opcode map array */" @@ -430,6 +464,10 @@ END { "[INAT_LSTPFX_MAX + 1];" print "" + print "/* XOP opcode map array */" + print "static const insn_attr_t *inat_xop_tables[X86_XOP_M_MAX - X86_XOP_M_MIN + 1];" + print "" + print "static void inat_init_tables(void)" print "{" @@ -455,6 +493,12 @@ END { if (atable[i,j]) print "\tinat_avx_tables["i"]["j"] = "atable[i,j]";" + print "" + print "\t/* Print XOP opcode map array */" + for (i = 0; i < gxopid; i++) + if (xoptable[i]) + print "\tinat_xop_tables["i"] = "xoptable[i]";" + print "}" print "#endif" } diff --git a/tools/perf/util/intel-pt-decoder/intel-pt-insn-decoder.c b/tools/perf/util/intel-pt-decoder/intel-pt-insn-decoder.c index 8fabddc1c0da..72c7a4e15d61 100644 --- a/tools/perf/util/intel-pt-decoder/intel-pt-insn-decoder.c +++ b/tools/perf/util/intel-pt-decoder/intel-pt-insn-decoder.c @@ -32,7 +32,7 @@ static void intel_pt_insn_decoder(struct insn *insn, intel_pt_insn->rel = 0; intel_pt_insn->emulated_ptwrite = false; - if (insn_is_avx(insn)) { + if (insn_is_avx_or_xop(insn)) { intel_pt_insn->op = INTEL_PT_OP_OTHER; intel_pt_insn->branch = INTEL_PT_BR_NO_BRANCH; intel_pt_insn->length = insn->length;

2 months, 3 weeks

5
7
0 0

patch "iio: pressure: bmp280: Use IS_ERR() in bmp280_common_probe()" added to char-misc-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: pressure: bmp280: Use IS_ERR() in bmp280_common_probe() to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. From 43c0f6456f801181a80b73d95def0e0fd134e1cc Mon Sep 17 00:00:00 2001 From: Salah Triki <salah.triki(a)gmail.com> Date: Mon, 18 Aug 2025 10:27:30 +0100 Subject: iio: pressure: bmp280: Use IS_ERR() in bmp280_common_probe() `devm_gpiod_get_optional()` may return non-NULL error pointer on failure. Check its return value using `IS_ERR()` and propagate the error if necessary. Fixes: df6e71256c84 ("iio: pressure: bmp280: Explicitly mark GPIO optional") Signed-off-by: Salah Triki <salah.triki(a)gmail.com> Reviewed-by: David Lechner <dlechner(a)baylibre.com> Link: https://patch.msgid.link/20250818092740.545379-2-salah.triki@gmail.com Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/pressure/bmp280-core.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/drivers/iio/pressure/bmp280-core.c b/drivers/iio/pressure/bmp280-core.c index 74505c9ec1a0..6cdc8ed53520 100644 --- a/drivers/iio/pressure/bmp280-core.c +++ b/drivers/iio/pressure/bmp280-core.c @@ -3213,11 +3213,12 @@ int bmp280_common_probe(struct device *dev, /* Bring chip out of reset if there is an assigned GPIO line */ gpiod = devm_gpiod_get_optional(dev, "reset", GPIOD_OUT_HIGH); + if (IS_ERR(gpiod)) + return dev_err_probe(dev, PTR_ERR(gpiod), "failed to get reset GPIO\n"); + /* Deassert the signal */ - if (gpiod) { - dev_info(dev, "release reset\n"); - gpiod_set_value(gpiod, 0); - } + dev_info(dev, "release reset\n"); + gpiod_set_value(gpiod, 0); data->regmap = regmap; -- 2.50.1

2 months, 3 weeks

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror