- Linux-stable-mirror - lists.linaro.org

[RFC V1 PATCH mm-hotfixes 1/3] mm: introduce and use {pgd,p4d}_populate_kernel()

by Harry Yoo

Intrdocue and use {pgd,p4d}_pouplate_kernel() in core MM code when populating PGD and P4D entries corresponding to the kernel address space. The main purpose of these helpers is to ensure synchronization of the kernel portion of the top-level page tables whenever such an entry is populated. Until now, the kernel has relied on each architecture to handle synchronization of top-level page tables in an ad-hoc manner. For example, see commit 9b861528a801 ("x86-64, mem: Update all PGDs for direct mapping and vmemmap mapping changes"). However, this approach has proven fragile, as it's easy to forget to perform the necessary synchronization when introducing new changes. To address this, introduce _kernel() varients of the page table population helpers that invoke architecture-specific hooks to properly synchronize the page tables. For now, it only targets x86_64, so only PGD and P4D level helpers are introduced. In theory, PUD and PMD level helpers can be added later if needed by other architectures. Currently it is no-op as no arch defines __HAVE_ARCH_SYNC_KERNEL_PGTABLES. Cc: <stable(a)vger.kernel.org> Suggested-by: Dave Hansen <dave.hansen(a)linux.intel.com> Signed-off-by: Harry Yoo <harry.yoo(a)oracle.com> --- include/asm-generic/pgalloc.h | 4 ++++ include/linux/pgalloc.h | 0 mm/kasan/init.c | 10 +++++----- mm/percpu.c | 4 ++-- mm/sparse-vmemmap.c | 4 ++-- 5 files changed, 13 insertions(+), 9 deletions(-) create mode 100644 include/linux/pgalloc.h diff --git a/include/asm-generic/pgalloc.h b/include/asm-generic/pgalloc.h index 3c8ec3bfea44..6cac1ce64e01 100644 --- a/include/asm-generic/pgalloc.h +++ b/include/asm-generic/pgalloc.h @@ -295,6 +295,10 @@ static inline void pgd_free(struct mm_struct *mm, pgd_t *pgd) __pgd_free(mm, pgd); } #endif +#ifndef __HAVE_ARCH_SYNC_KERNEL_PGTABLE +#define pgd_populate_kernel(addr, pgd, p4d) pgd_populate(&init_mm, pgd, p4d) +#define p4d_populate_kernel(addr, p4d, pud) p4d_populate(&init_mm, p4d, pud) +#endif #endif /* CONFIG_MMU */ diff --git a/include/linux/pgalloc.h b/include/linux/pgalloc.h new file mode 100644 index 000000000000..e69de29bb2d1 diff --git a/mm/kasan/init.c b/mm/kasan/init.c index ced6b29fcf76..43de820ee282 100644 --- a/mm/kasan/init.c +++ b/mm/kasan/init.c @@ -191,7 +191,7 @@ static int __ref zero_p4d_populate(pgd_t *pgd, unsigned long addr, pud_t *pud; pmd_t *pmd; - p4d_populate(&init_mm, p4d, + p4d_populate_kernel(addr, p4d, lm_alias(kasan_early_shadow_pud)); pud = pud_offset(p4d, addr); pud_populate(&init_mm, pud, @@ -212,7 +212,7 @@ static int __ref zero_p4d_populate(pgd_t *pgd, unsigned long addr, } else { p = early_alloc(PAGE_SIZE, NUMA_NO_NODE); pud_init(p); - p4d_populate(&init_mm, p4d, p); + p4d_populate_kernel(addr, p4d, p); } } zero_pud_populate(p4d, addr, next); @@ -251,10 +251,10 @@ int __ref kasan_populate_early_shadow(const void *shadow_start, * puds,pmds, so pgd_populate(), pud_populate() * is noops. */ - pgd_populate(&init_mm, pgd, + pgd_populate_kernel(addr, pgd, lm_alias(kasan_early_shadow_p4d)); p4d = p4d_offset(pgd, addr); - p4d_populate(&init_mm, p4d, + p4d_populate_kernel(addr, p4d, lm_alias(kasan_early_shadow_pud)); pud = pud_offset(p4d, addr); pud_populate(&init_mm, pud, @@ -273,7 +273,7 @@ int __ref kasan_populate_early_shadow(const void *shadow_start, if (!p) return -ENOMEM; } else { - pgd_populate(&init_mm, pgd, + pgd_populate_kernel(addr, pgd, early_alloc(PAGE_SIZE, NUMA_NO_NODE)); } } diff --git a/mm/percpu.c b/mm/percpu.c index 782cc148b39c..57450a03c432 100644 --- a/mm/percpu.c +++ b/mm/percpu.c @@ -3134,13 +3134,13 @@ void __init __weak pcpu_populate_pte(unsigned long addr) if (pgd_none(*pgd)) { p4d = memblock_alloc_or_panic(P4D_TABLE_SIZE, P4D_TABLE_SIZE); - pgd_populate(&init_mm, pgd, p4d); + pgd_populate_kernel(addr, pgd, p4d); } p4d = p4d_offset(pgd, addr); if (p4d_none(*p4d)) { pud = memblock_alloc_or_panic(PUD_TABLE_SIZE, PUD_TABLE_SIZE); - p4d_populate(&init_mm, p4d, pud); + p4d_populate_kernel(addr, p4d, pud); } pud = pud_offset(p4d, addr); diff --git a/mm/sparse-vmemmap.c b/mm/sparse-vmemmap.c index fd2ab5118e13..e275310ac708 100644 --- a/mm/sparse-vmemmap.c +++ b/mm/sparse-vmemmap.c @@ -229,7 +229,7 @@ p4d_t * __meminit vmemmap_p4d_populate(pgd_t *pgd, unsigned long addr, int node) if (!p) return NULL; pud_init(p); - p4d_populate(&init_mm, p4d, p); + p4d_populate_kernel(addr, p4d, p); } return p4d; } @@ -241,7 +241,7 @@ pgd_t * __meminit vmemmap_pgd_populate(unsigned long addr, int node) void *p = vmemmap_alloc_block_zero(PAGE_SIZE, node); if (!p) return NULL; - pgd_populate(&init_mm, pgd, p); + pgd_populate_kernel(addr, pgd, p); } return pgd; } -- 2.43.0

3 months, 3 weeks

3
5
0 0

Linux 6.12.38

by Greg Kroah-Hartman

I'm announcing the release of the 6.12.38 kernel. Only users of AMD x86-based processors need to upgrade, all others may skip this release. The updated 6.12.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.12.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 +- arch/x86/kernel/cpu/amd.c | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) Borislav Petkov (AMD) (1): x86/CPU/AMD: Properly check the TSA microcode Greg Kroah-Hartman (1): Linux 6.12.38

3 months, 3 weeks

1
1
0 0

Linux 6.6.98

by Greg Kroah-Hartman

I'm announcing the release of the 6.6.98 kernel. Only users of AMD x86-based processors need to upgrade, all others may skip this release. The updated 6.6.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.6.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 +- arch/x86/kernel/cpu/amd.c | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) Borislav Petkov (AMD) (1): x86/CPU/AMD: Properly check the TSA microcode Greg Kroah-Hartman (1): Linux 6.6.98

3 months, 3 weeks

1
1
0 0

Linux 6.1.145

by Greg Kroah-Hartman

I'm announcing the release of the 6.1.145 kernel. Only users of AMD x86-based processors need to upgrade, all others may skip this release. The updated 6.1.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.1.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 +- arch/x86/kernel/cpu/amd.c | 5 +++-- 2 files changed, 4 insertions(+), 3 deletions(-) Borislav Petkov (AMD) (1): x86/CPU/AMD: Properly check the TSA microcode Greg Kroah-Hartman (1): Linux 6.1.145

3 months, 3 weeks

1
1
0 0

Linux 5.15.188

by Greg Kroah-Hartman

I'm announcing the release of the 5.15.188 kernel. Only users of AMD x86-based processors need to upgrade, all others may skip this release. The updated 5.15.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.15.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 +- arch/x86/kernel/cpu/amd.c | 5 +++-- 2 files changed, 4 insertions(+), 3 deletions(-) Borislav Petkov (AMD) (1): x86/CPU/AMD: Properly check the TSA microcode Greg Kroah-Hartman (1): Linux 5.15.188

3 months, 3 weeks

1
1
0 0

FAILED: patch "[PATCH] x86/mm: Disable hugetlb page table sharing on 32-bit" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 76303ee8d54bff6d9a6d55997acd88a6c2ba63cf # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025071423-imbecile-slander-d8e9@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 76303ee8d54bff6d9a6d55997acd88a6c2ba63cf Mon Sep 17 00:00:00 2001 From: Jann Horn <jannh(a)google.com> Date: Wed, 2 Jul 2025 10:32:04 +0200 Subject: [PATCH] x86/mm: Disable hugetlb page table sharing on 32-bit Only select ARCH_WANT_HUGE_PMD_SHARE on 64-bit x86. Page table sharing requires at least three levels because it involves shared references to PMD tables; 32-bit x86 has either two-level paging (without PAE) or three-level paging (with PAE), but even with three-level paging, having a dedicated PGD entry for hugetlb is only barely possible (because the PGD only has four entries), and it seems unlikely anyone's actually using PMD sharing on 32-bit. Having ARCH_WANT_HUGE_PMD_SHARE enabled on non-PAE 32-bit X86 (which has 2-level paging) became particularly problematic after commit 59d9094df3d7 ("mm: hugetlb: independent PMD page table shared count"), since that changes `struct ptdesc` such that the `pt_mm` (for PGDs) and the `pt_share_count` (for PMDs) share the same union storage - and with 2-level paging, PMDs are PGDs. (For comparison, arm64 also gates ARCH_WANT_HUGE_PMD_SHARE on the configuration of page tables such that it is never enabled with 2-level paging.) Closes: https://lore.kernel.org/r/srhpjxlqfna67blvma5frmy3aa@altlinux.org Fixes: cfe28c5d63d8 ("x86: mm: Remove x86 version of huge_pmd_share.") Reported-by: Vitaly Chikunov <vt(a)altlinux.org> Suggested-by: Dave Hansen <dave.hansen(a)intel.com> Signed-off-by: Jann Horn <jannh(a)google.com> Signed-off-by: Dave Hansen <dave.hansen(a)linux.intel.com> Acked-by: Oscar Salvador <osalvador(a)suse.de> Acked-by: David Hildenbrand <david(a)redhat.com> Tested-by: Vitaly Chikunov <vt(a)altlinux.org> Cc:stable@vger.kernel.org Link: https://lore.kernel.org/all/20250702-x86-2level-hugetlb-v2-1-1a98096edf92%4… diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 71019b3b54ea..4e0fe688cc83 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -147,7 +147,7 @@ config X86 select ARCH_WANTS_DYNAMIC_TASK_STRUCT select ARCH_WANTS_NO_INSTR select ARCH_WANT_GENERAL_HUGETLB - select ARCH_WANT_HUGE_PMD_SHARE + select ARCH_WANT_HUGE_PMD_SHARE if X86_64 select ARCH_WANT_LD_ORPHAN_WARN select ARCH_WANT_OPTIMIZE_DAX_VMEMMAP if X86_64 select ARCH_WANT_OPTIMIZE_HUGETLB_VMEMMAP if X86_64

3 months, 3 weeks

2
1
0 0

FAILED: patch "[PATCH] x86/mm: Disable hugetlb page table sharing on 32-bit" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 76303ee8d54bff6d9a6d55997acd88a6c2ba63cf # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025071422-target-professor-6f97@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 76303ee8d54bff6d9a6d55997acd88a6c2ba63cf Mon Sep 17 00:00:00 2001 From: Jann Horn <jannh(a)google.com> Date: Wed, 2 Jul 2025 10:32:04 +0200 Subject: [PATCH] x86/mm: Disable hugetlb page table sharing on 32-bit Only select ARCH_WANT_HUGE_PMD_SHARE on 64-bit x86. Page table sharing requires at least three levels because it involves shared references to PMD tables; 32-bit x86 has either two-level paging (without PAE) or three-level paging (with PAE), but even with three-level paging, having a dedicated PGD entry for hugetlb is only barely possible (because the PGD only has four entries), and it seems unlikely anyone's actually using PMD sharing on 32-bit. Having ARCH_WANT_HUGE_PMD_SHARE enabled on non-PAE 32-bit X86 (which has 2-level paging) became particularly problematic after commit 59d9094df3d7 ("mm: hugetlb: independent PMD page table shared count"), since that changes `struct ptdesc` such that the `pt_mm` (for PGDs) and the `pt_share_count` (for PMDs) share the same union storage - and with 2-level paging, PMDs are PGDs. (For comparison, arm64 also gates ARCH_WANT_HUGE_PMD_SHARE on the configuration of page tables such that it is never enabled with 2-level paging.) Closes: https://lore.kernel.org/r/srhpjxlqfna67blvma5frmy3aa@altlinux.org Fixes: cfe28c5d63d8 ("x86: mm: Remove x86 version of huge_pmd_share.") Reported-by: Vitaly Chikunov <vt(a)altlinux.org> Suggested-by: Dave Hansen <dave.hansen(a)intel.com> Signed-off-by: Jann Horn <jannh(a)google.com> Signed-off-by: Dave Hansen <dave.hansen(a)linux.intel.com> Acked-by: Oscar Salvador <osalvador(a)suse.de> Acked-by: David Hildenbrand <david(a)redhat.com> Tested-by: Vitaly Chikunov <vt(a)altlinux.org> Cc:stable@vger.kernel.org Link: https://lore.kernel.org/all/20250702-x86-2level-hugetlb-v2-1-1a98096edf92%4… diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 71019b3b54ea..4e0fe688cc83 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -147,7 +147,7 @@ config X86 select ARCH_WANTS_DYNAMIC_TASK_STRUCT select ARCH_WANTS_NO_INSTR select ARCH_WANT_GENERAL_HUGETLB - select ARCH_WANT_HUGE_PMD_SHARE + select ARCH_WANT_HUGE_PMD_SHARE if X86_64 select ARCH_WANT_LD_ORPHAN_WARN select ARCH_WANT_OPTIMIZE_DAX_VMEMMAP if X86_64 select ARCH_WANT_OPTIMIZE_HUGETLB_VMEMMAP if X86_64

3 months, 3 weeks

2
1
0 0

FAILED: patch "[PATCH] x86/mm: Disable hugetlb page table sharing on 32-bit" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 76303ee8d54bff6d9a6d55997acd88a6c2ba63cf # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025071421-molar-theme-43d7@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 76303ee8d54bff6d9a6d55997acd88a6c2ba63cf Mon Sep 17 00:00:00 2001 From: Jann Horn <jannh(a)google.com> Date: Wed, 2 Jul 2025 10:32:04 +0200 Subject: [PATCH] x86/mm: Disable hugetlb page table sharing on 32-bit Only select ARCH_WANT_HUGE_PMD_SHARE on 64-bit x86. Page table sharing requires at least three levels because it involves shared references to PMD tables; 32-bit x86 has either two-level paging (without PAE) or three-level paging (with PAE), but even with three-level paging, having a dedicated PGD entry for hugetlb is only barely possible (because the PGD only has four entries), and it seems unlikely anyone's actually using PMD sharing on 32-bit. Having ARCH_WANT_HUGE_PMD_SHARE enabled on non-PAE 32-bit X86 (which has 2-level paging) became particularly problematic after commit 59d9094df3d7 ("mm: hugetlb: independent PMD page table shared count"), since that changes `struct ptdesc` such that the `pt_mm` (for PGDs) and the `pt_share_count` (for PMDs) share the same union storage - and with 2-level paging, PMDs are PGDs. (For comparison, arm64 also gates ARCH_WANT_HUGE_PMD_SHARE on the configuration of page tables such that it is never enabled with 2-level paging.) Closes: https://lore.kernel.org/r/srhpjxlqfna67blvma5frmy3aa@altlinux.org Fixes: cfe28c5d63d8 ("x86: mm: Remove x86 version of huge_pmd_share.") Reported-by: Vitaly Chikunov <vt(a)altlinux.org> Suggested-by: Dave Hansen <dave.hansen(a)intel.com> Signed-off-by: Jann Horn <jannh(a)google.com> Signed-off-by: Dave Hansen <dave.hansen(a)linux.intel.com> Acked-by: Oscar Salvador <osalvador(a)suse.de> Acked-by: David Hildenbrand <david(a)redhat.com> Tested-by: Vitaly Chikunov <vt(a)altlinux.org> Cc:stable@vger.kernel.org Link: https://lore.kernel.org/all/20250702-x86-2level-hugetlb-v2-1-1a98096edf92%4… diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 71019b3b54ea..4e0fe688cc83 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -147,7 +147,7 @@ config X86 select ARCH_WANTS_DYNAMIC_TASK_STRUCT select ARCH_WANTS_NO_INSTR select ARCH_WANT_GENERAL_HUGETLB - select ARCH_WANT_HUGE_PMD_SHARE + select ARCH_WANT_HUGE_PMD_SHARE if X86_64 select ARCH_WANT_LD_ORPHAN_WARN select ARCH_WANT_OPTIMIZE_DAX_VMEMMAP if X86_64 select ARCH_WANT_OPTIMIZE_HUGETLB_VMEMMAP if X86_64

3 months, 3 weeks

2
1
0 0

FAILED: patch "[PATCH] x86/mm: Disable hugetlb page table sharing on 32-bit" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 76303ee8d54bff6d9a6d55997acd88a6c2ba63cf # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025071420-occupy-vowel-a8a5@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 76303ee8d54bff6d9a6d55997acd88a6c2ba63cf Mon Sep 17 00:00:00 2001 From: Jann Horn <jannh(a)google.com> Date: Wed, 2 Jul 2025 10:32:04 +0200 Subject: [PATCH] x86/mm: Disable hugetlb page table sharing on 32-bit Only select ARCH_WANT_HUGE_PMD_SHARE on 64-bit x86. Page table sharing requires at least three levels because it involves shared references to PMD tables; 32-bit x86 has either two-level paging (without PAE) or three-level paging (with PAE), but even with three-level paging, having a dedicated PGD entry for hugetlb is only barely possible (because the PGD only has four entries), and it seems unlikely anyone's actually using PMD sharing on 32-bit. Having ARCH_WANT_HUGE_PMD_SHARE enabled on non-PAE 32-bit X86 (which has 2-level paging) became particularly problematic after commit 59d9094df3d7 ("mm: hugetlb: independent PMD page table shared count"), since that changes `struct ptdesc` such that the `pt_mm` (for PGDs) and the `pt_share_count` (for PMDs) share the same union storage - and with 2-level paging, PMDs are PGDs. (For comparison, arm64 also gates ARCH_WANT_HUGE_PMD_SHARE on the configuration of page tables such that it is never enabled with 2-level paging.) Closes: https://lore.kernel.org/r/srhpjxlqfna67blvma5frmy3aa@altlinux.org Fixes: cfe28c5d63d8 ("x86: mm: Remove x86 version of huge_pmd_share.") Reported-by: Vitaly Chikunov <vt(a)altlinux.org> Suggested-by: Dave Hansen <dave.hansen(a)intel.com> Signed-off-by: Jann Horn <jannh(a)google.com> Signed-off-by: Dave Hansen <dave.hansen(a)linux.intel.com> Acked-by: Oscar Salvador <osalvador(a)suse.de> Acked-by: David Hildenbrand <david(a)redhat.com> Tested-by: Vitaly Chikunov <vt(a)altlinux.org> Cc:stable@vger.kernel.org Link: https://lore.kernel.org/all/20250702-x86-2level-hugetlb-v2-1-1a98096edf92%4… diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 71019b3b54ea..4e0fe688cc83 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -147,7 +147,7 @@ config X86 select ARCH_WANTS_DYNAMIC_TASK_STRUCT select ARCH_WANTS_NO_INSTR select ARCH_WANT_GENERAL_HUGETLB - select ARCH_WANT_HUGE_PMD_SHARE + select ARCH_WANT_HUGE_PMD_SHARE if X86_64 select ARCH_WANT_LD_ORPHAN_WARN select ARCH_WANT_OPTIMIZE_DAX_VMEMMAP if X86_64 select ARCH_WANT_OPTIMIZE_HUGETLB_VMEMMAP if X86_64

3 months, 3 weeks

2
1
0 0

[PATCH 6.6] thermal/of: Fix mask mismatch when no trips subnode

by Hsin-Te Yuan

After commit 725f31f300e3 ("thermal/of: support thermal zones w/o trips subnode") was backported on 6.6 stable branch as commit d3304dbc2d5f ("thermal/of: support thermal zones w/o trips subnode"), thermal zones w/o trips subnode still fail to register since `mask` argument is not set correctly. When number of trips subnode is 0, `mask` must be 0 to pass the check in `thermal_zone_device_register_with_trips()`. Set `mask` to 0 when there's no trips subnode. Signed-off-by: Hsin-Te Yuan <yuanhsinte(a)chromium.org> --- drivers/thermal/thermal_of.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/thermal/thermal_of.c b/drivers/thermal/thermal_of.c index 0f520cf923a1e684411a3077ad283551395eec11..97aeb869abf5179dfa512dd744725121ec7fd0d9 100644 --- a/drivers/thermal/thermal_of.c +++ b/drivers/thermal/thermal_of.c @@ -514,7 +514,7 @@ static struct thermal_zone_device *thermal_of_zone_register(struct device_node * of_ops->bind = thermal_of_bind; of_ops->unbind = thermal_of_unbind; - mask = GENMASK_ULL((ntrips) - 1, 0); + mask = ntrips ? GENMASK_ULL((ntrips) - 1, 0) : 0; tz = thermal_zone_device_register_with_trips(np->name, trips, ntrips, mask, data, of_ops, &tzp, --- base-commit: a5df3a702b2cba82bcfb066fa9f5e4a349c33924 change-id: 20250707-trip-point-73dae9fd9c74 Best regards, -- Hsin-Te Yuan <yuanhsinte(a)chromium.org>

3 months, 3 weeks

4
7
0 0

[PATCH v3 11/17] ext4: fix largest free orders lists corruption on mb_optimize_scan switch

by Baokun Li

The grp->bb_largest_free_order is updated regardless of whether mb_optimize_scan is enabled. This can lead to inconsistencies between grp->bb_largest_free_order and the actual s_mb_largest_free_orders list index when mb_optimize_scan is repeatedly enabled and disabled via remount. For example, if mb_optimize_scan is initially enabled, largest free order is 3, and the group is in s_mb_largest_free_orders[3]. Then, mb_optimize_scan is disabled via remount, block allocations occur, updating largest free order to 2. Finally, mb_optimize_scan is re-enabled via remount, more block allocations update largest free order to 1. At this point, the group would be removed from s_mb_largest_free_orders[3] under the protection of s_mb_largest_free_orders_locks[2]. This lock mismatch can lead to list corruption. To fix this, whenever grp->bb_largest_free_order changes, we now always attempt to remove the group from its old order list. However, we only insert the group into the new order list if `mb_optimize_scan` is enabled. This approach helps prevent lock inconsistencies and ensures the data in the order lists remains reliable. Fixes: 196e402adf2e ("ext4: improve cr 0 / cr 1 group scanning") CC: stable(a)vger.kernel.org Suggested-by: Jan Kara <jack(a)suse.cz> Signed-off-by: Baokun Li <libaokun1(a)huawei.com> --- fs/ext4/mballoc.c | 33 ++++++++++++++------------------- 1 file changed, 14 insertions(+), 19 deletions(-) diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c index 72b20fc52bbf..fada0d1b3fdb 100644 --- a/fs/ext4/mballoc.c +++ b/fs/ext4/mballoc.c @@ -1152,33 +1152,28 @@ static void mb_set_largest_free_order(struct super_block *sb, struct ext4_group_info *grp) { struct ext4_sb_info *sbi = EXT4_SB(sb); - int i; + int new, old = grp->bb_largest_free_order; - for (i = MB_NUM_ORDERS(sb) - 1; i >= 0; i--) - if (grp->bb_counters[i] > 0) + for (new = MB_NUM_ORDERS(sb) - 1; new >= 0; new--) + if (grp->bb_counters[new] > 0) break; + /* No need to move between order lists? */ - if (!test_opt2(sb, MB_OPTIMIZE_SCAN) || - i == grp->bb_largest_free_order) { - grp->bb_largest_free_order = i; + if (new == old) return; - } - if (grp->bb_largest_free_order >= 0) { - write_lock(&sbi->s_mb_largest_free_orders_locks[ - grp->bb_largest_free_order]); + if (old >= 0 && !list_empty(&grp->bb_largest_free_order_node)) { + write_lock(&sbi->s_mb_largest_free_orders_locks[old]); list_del_init(&grp->bb_largest_free_order_node); - write_unlock(&sbi->s_mb_largest_free_orders_locks[ - grp->bb_largest_free_order]); + write_unlock(&sbi->s_mb_largest_free_orders_locks[old]); } - grp->bb_largest_free_order = i; - if (grp->bb_largest_free_order >= 0 && grp->bb_free) { - write_lock(&sbi->s_mb_largest_free_orders_locks[ - grp->bb_largest_free_order]); + + grp->bb_largest_free_order = new; + if (test_opt2(sb, MB_OPTIMIZE_SCAN) && new >= 0 && grp->bb_free) { + write_lock(&sbi->s_mb_largest_free_orders_locks[new]); list_add_tail(&grp->bb_largest_free_order_node, - &sbi->s_mb_largest_free_orders[grp->bb_largest_free_order]); - write_unlock(&sbi->s_mb_largest_free_orders_locks[ - grp->bb_largest_free_order]); + &sbi->s_mb_largest_free_orders[new]); + write_unlock(&sbi->s_mb_largest_free_orders_locks[new]); } } -- 2.46.1

3 months, 3 weeks

1
0
0 0

[PATCH v3 10/17] ext4: fix zombie groups in average fragment size lists

by Baokun Li

Groups with no free blocks shouldn't be in any average fragment size list. However, when all blocks in a group are allocated(i.e., bb_fragments or bb_free is 0), we currently skip updating the average fragment size, which means the group isn't removed from its previous s_mb_avg_fragment_size[old] list. This created "zombie" groups that were always skipped during traversal as they couldn't satisfy any block allocation requests, negatively impacting traversal efficiency. Therefore, when a group becomes completely full, bb_avg_fragment_size_order is now set to -1. If the old order was not -1, a removal operation is performed; if the new order is not -1, an insertion is performed. Fixes: 196e402adf2e ("ext4: improve cr 0 / cr 1 group scanning") CC: stable(a)vger.kernel.org Signed-off-by: Baokun Li <libaokun1(a)huawei.com> Reviewed-by: Jan Kara <jack(a)suse.cz> --- fs/ext4/mballoc.c | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c index 6d98f2a5afc4..72b20fc52bbf 100644 --- a/fs/ext4/mballoc.c +++ b/fs/ext4/mballoc.c @@ -841,30 +841,30 @@ static void mb_update_avg_fragment_size(struct super_block *sb, struct ext4_group_info *grp) { struct ext4_sb_info *sbi = EXT4_SB(sb); - int new_order; + int new, old; - if (!test_opt2(sb, MB_OPTIMIZE_SCAN) || grp->bb_fragments == 0) + if (!test_opt2(sb, MB_OPTIMIZE_SCAN)) return; - new_order = mb_avg_fragment_size_order(sb, - grp->bb_free / grp->bb_fragments); - if (new_order == grp->bb_avg_fragment_size_order) + old = grp->bb_avg_fragment_size_order; + new = grp->bb_fragments == 0 ? -1 : + mb_avg_fragment_size_order(sb, grp->bb_free / grp->bb_fragments); + if (new == old) return; - if (grp->bb_avg_fragment_size_order != -1) { - write_lock(&sbi->s_mb_avg_fragment_size_locks[ - grp->bb_avg_fragment_size_order]); + if (old >= 0) { + write_lock(&sbi->s_mb_avg_fragment_size_locks[old]); list_del(&grp->bb_avg_fragment_size_node); - write_unlock(&sbi->s_mb_avg_fragment_size_locks[ - grp->bb_avg_fragment_size_order]); - } - grp->bb_avg_fragment_size_order = new_order; - write_lock(&sbi->s_mb_avg_fragment_size_locks[ - grp->bb_avg_fragment_size_order]); - list_add_tail(&grp->bb_avg_fragment_size_node, - &sbi->s_mb_avg_fragment_size[grp->bb_avg_fragment_size_order]); - write_unlock(&sbi->s_mb_avg_fragment_size_locks[ - grp->bb_avg_fragment_size_order]); + write_unlock(&sbi->s_mb_avg_fragment_size_locks[old]); + } + + grp->bb_avg_fragment_size_order = new; + if (new >= 0) { + write_lock(&sbi->s_mb_avg_fragment_size_locks[new]); + list_add_tail(&grp->bb_avg_fragment_size_node, + &sbi->s_mb_avg_fragment_size[new]); + write_unlock(&sbi->s_mb_avg_fragment_size_locks[new]); + } } /* -- 2.46.1

3 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] x86/its: explicitly manage permissions for ITS pages" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x a82b26451de126a5ae130361081986bc459afe9b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025071433-smugly-husked-3295@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a82b26451de126a5ae130361081986bc459afe9b Mon Sep 17 00:00:00 2001 From: "Peter Zijlstra (Intel)" <peterz(a)infradead.org> Date: Tue, 3 Jun 2025 14:14:44 +0300 Subject: [PATCH] x86/its: explicitly manage permissions for ITS pages execmem_alloc() sets permissions differently depending on the kernel configuration, CPU support for PSE and whether a page is allocated before or after mark_rodata_ro(). Add tracking for pages allocated for ITS when patching the core kernel and make sure the permissions for ITS pages are explicitly managed for both kernel and module allocations. Fixes: 872df34d7c51 ("x86/its: Use dynamic thunks for indirect branches") Signed-off-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Co-developed-by: Mike Rapoport (Microsoft) <rppt(a)kernel.org> Signed-off-by: Mike Rapoport (Microsoft) <rppt(a)kernel.org> Signed-off-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Reviewed-by: Nikolay Borisov <nik.borisov(a)suse.com> Cc: stable(a)vger.kernel.org Link: https://lkml.kernel.org/r/20250603111446.2609381-5-rppt@kernel.org diff --git a/arch/x86/kernel/alternative.c b/arch/x86/kernel/alternative.c index b50fe6ce4655..6455f7f751b3 100644 --- a/arch/x86/kernel/alternative.c +++ b/arch/x86/kernel/alternative.c @@ -116,6 +116,24 @@ static struct module *its_mod; #endif static void *its_page; static unsigned int its_offset; +struct its_array its_pages; + +static void *__its_alloc(struct its_array *pages) +{ + void *page __free(execmem) = execmem_alloc(EXECMEM_MODULE_TEXT, PAGE_SIZE); + if (!page) + return NULL; + + void *tmp = krealloc(pages->pages, (pages->num+1) * sizeof(void *), + GFP_KERNEL); + if (!tmp) + return NULL; + + pages->pages = tmp; + pages->pages[pages->num++] = page; + + return no_free_ptr(page); +} /* Initialize a thunk with the "jmp *reg; int3" instructions. */ static void *its_init_thunk(void *thunk, int reg) @@ -151,6 +169,21 @@ static void *its_init_thunk(void *thunk, int reg) return thunk + offset; } +static void its_pages_protect(struct its_array *pages) +{ + for (int i = 0; i < pages->num; i++) { + void *page = pages->pages[i]; + execmem_restore_rox(page, PAGE_SIZE); + } +} + +static void its_fini_core(void) +{ + if (IS_ENABLED(CONFIG_STRICT_KERNEL_RWX)) + its_pages_protect(&its_pages); + kfree(its_pages.pages); +} + #ifdef CONFIG_MODULES void its_init_mod(struct module *mod) { @@ -173,10 +206,8 @@ void its_fini_mod(struct module *mod) its_page = NULL; mutex_unlock(&text_mutex); - for (int i = 0; i < mod->arch.its_pages.num; i++) { - void *page = mod->arch.its_pages.pages[i]; - execmem_restore_rox(page, PAGE_SIZE); - } + if (IS_ENABLED(CONFIG_STRICT_MODULE_RWX)) + its_pages_protect(&mod->arch.its_pages); } void its_free_mod(struct module *mod) @@ -194,28 +225,23 @@ void its_free_mod(struct module *mod) static void *its_alloc(void) { - void *page __free(execmem) = execmem_alloc(EXECMEM_MODULE_TEXT, PAGE_SIZE); + struct its_array *pages = &its_pages; + void *page; +#ifdef CONFIG_MODULE + if (its_mod) + pages = &its_mod->arch.its_pages; +#endif + + page = __its_alloc(pages); if (!page) return NULL; -#ifdef CONFIG_MODULES - if (its_mod) { - struct its_array *pages = &its_mod->arch.its_pages; - void *tmp = krealloc(pages->pages, - (pages->num+1) * sizeof(void *), - GFP_KERNEL); - if (!tmp) - return NULL; + execmem_make_temp_rw(page, PAGE_SIZE); + if (pages == &its_pages) + set_memory_x((unsigned long)page, 1); - pages->pages = tmp; - pages->pages[pages->num++] = page; - - execmem_make_temp_rw(page, PAGE_SIZE); - } -#endif /* CONFIG_MODULES */ - - return no_free_ptr(page); + return page; } static void *its_allocate_thunk(int reg) @@ -269,7 +295,9 @@ u8 *its_static_thunk(int reg) return thunk; } -#endif +#else +static inline void its_fini_core(void) {} +#endif /* CONFIG_MITIGATION_ITS */ /* * Nomenclature for variable names to simplify and clarify this code and ease @@ -2339,6 +2367,8 @@ void __init alternative_instructions(void) apply_retpolines(__retpoline_sites, __retpoline_sites_end); apply_returns(__return_sites, __return_sites_end); + its_fini_core(); + /* * Adjust all CALL instructions to point to func()-10, including * those in .altinstr_replacement.

3 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] x86/its: move its_pages array to struct mod_arch_specific" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 0b0cae7119a0ec9449d7261b5e672a5fed765068 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025071415-bullpen-error-57e3@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0b0cae7119a0ec9449d7261b5e672a5fed765068 Mon Sep 17 00:00:00 2001 From: "Mike Rapoport (Microsoft)" <rppt(a)kernel.org> Date: Tue, 3 Jun 2025 14:14:43 +0300 Subject: [PATCH] x86/its: move its_pages array to struct mod_arch_specific The of pages with ITS thunks allocated for modules are tracked by an array in 'struct module'. Since this is very architecture specific data structure, move it to 'struct mod_arch_specific'. No functional changes. Fixes: 872df34d7c51 ("x86/its: Use dynamic thunks for indirect branches") Suggested-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Signed-off-by: Mike Rapoport (Microsoft) <rppt(a)kernel.org> Signed-off-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Cc: stable(a)vger.kernel.org Link: https://lkml.kernel.org/r/20250603111446.2609381-4-rppt@kernel.org diff --git a/arch/x86/include/asm/module.h b/arch/x86/include/asm/module.h index e988bac0a4a1..3c2de4ce3b10 100644 --- a/arch/x86/include/asm/module.h +++ b/arch/x86/include/asm/module.h @@ -5,12 +5,20 @@ #include <asm-generic/module.h> #include <asm/orc_types.h> +struct its_array { +#ifdef CONFIG_MITIGATION_ITS + void **pages; + int num; +#endif +}; + struct mod_arch_specific { #ifdef CONFIG_UNWINDER_ORC unsigned int num_orcs; int *orc_unwind_ip; struct orc_entry *orc_unwind; #endif + struct its_array its_pages; }; #endif /* _ASM_X86_MODULE_H */ diff --git a/arch/x86/kernel/alternative.c b/arch/x86/kernel/alternative.c index ecfe7b497cad..b50fe6ce4655 100644 --- a/arch/x86/kernel/alternative.c +++ b/arch/x86/kernel/alternative.c @@ -173,8 +173,8 @@ void its_fini_mod(struct module *mod) its_page = NULL; mutex_unlock(&text_mutex); - for (int i = 0; i < mod->its_num_pages; i++) { - void *page = mod->its_page_array[i]; + for (int i = 0; i < mod->arch.its_pages.num; i++) { + void *page = mod->arch.its_pages.pages[i]; execmem_restore_rox(page, PAGE_SIZE); } } @@ -184,11 +184,11 @@ void its_free_mod(struct module *mod) if (!cpu_feature_enabled(X86_FEATURE_INDIRECT_THUNK_ITS)) return; - for (int i = 0; i < mod->its_num_pages; i++) { - void *page = mod->its_page_array[i]; + for (int i = 0; i < mod->arch.its_pages.num; i++) { + void *page = mod->arch.its_pages.pages[i]; execmem_free(page); } - kfree(mod->its_page_array); + kfree(mod->arch.its_pages.pages); } #endif /* CONFIG_MODULES */ @@ -201,14 +201,15 @@ static void *its_alloc(void) #ifdef CONFIG_MODULES if (its_mod) { - void *tmp = krealloc(its_mod->its_page_array, - (its_mod->its_num_pages+1) * sizeof(void *), + struct its_array *pages = &its_mod->arch.its_pages; + void *tmp = krealloc(pages->pages, + (pages->num+1) * sizeof(void *), GFP_KERNEL); if (!tmp) return NULL; - its_mod->its_page_array = tmp; - its_mod->its_page_array[its_mod->its_num_pages++] = page; + pages->pages = tmp; + pages->pages[pages->num++] = page; execmem_make_temp_rw(page, PAGE_SIZE); } diff --git a/include/linux/module.h b/include/linux/module.h index 92e1420fccdf..5faa1fb1f4b4 100644 --- a/include/linux/module.h +++ b/include/linux/module.h @@ -586,11 +586,6 @@ struct module { atomic_t refcnt; #endif -#ifdef CONFIG_MITIGATION_ITS - int its_num_pages; - void **its_page_array; -#endif - #ifdef CONFIG_CONSTRUCTORS /* Constructor functions. */ ctor_fn_t *ctors;

3 months, 3 weeks

1
0
0 0

[PATCH v2] iommu/arm-smmu-qcom: Add SM6115 MDSS compatible

by Alexey Klimov

Add the SM6115 MDSS compatible to clients compatible list, as it also needs that workaround. Without this workaround, for example, QRB4210 RB2 which is based on SM4250/SM6115 generates a lot of smmu unhandled context faults during boot: arm_smmu_context_fault: 116854 callbacks suppressed arm-smmu c600000.iommu: Unhandled context fault: fsr=0x402, iova=0x5c0ec600, fsynr=0x320021, cbfrsynra=0x420, cb=5 arm-smmu c600000.iommu: FSR = 00000402 [Format=2 TF], SID=0x420 arm-smmu c600000.iommu: FSYNR0 = 00320021 [S1CBNDX=50 PNU PLVL=1] arm-smmu c600000.iommu: Unhandled context fault: fsr=0x402, iova=0x5c0d7800, fsynr=0x320021, cbfrsynra=0x420, cb=5 arm-smmu c600000.iommu: FSR = 00000402 [Format=2 TF], SID=0x420 and also failed initialisation of lontium lt9611uxc, gpu and dpu is observed: (binding MDSS components triggered by lt9611uxc have failed) ------------[ cut here ]------------ !aspace WARNING: CPU: 6 PID: 324 at drivers/gpu/drm/msm/msm_gem_vma.c:130 msm_gem_vma_init+0x150/0x18c [msm] Modules linked in: ... (long list of modules) CPU: 6 UID: 0 PID: 324 Comm: (udev-worker) Not tainted 6.15.0-03037-gaacc73ceeb8b #4 PREEMPT Hardware name: Qualcomm Technologies, Inc. QRB4210 RB2 (DT) pstate: 80000005 (Nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : msm_gem_vma_init+0x150/0x18c [msm] lr : msm_gem_vma_init+0x150/0x18c [msm] sp : ffff80008144b280 ... Call trace: msm_gem_vma_init+0x150/0x18c [msm] (P) get_vma_locked+0xc0/0x194 [msm] msm_gem_get_and_pin_iova_range+0x4c/0xdc [msm] msm_gem_kernel_new+0x48/0x160 [msm] msm_gpu_init+0x34c/0x53c [msm] adreno_gpu_init+0x1b0/0x2d8 [msm] a6xx_gpu_init+0x1e8/0x9e0 [msm] adreno_bind+0x2b8/0x348 [msm] component_bind_all+0x100/0x230 msm_drm_bind+0x13c/0x3d0 [msm] try_to_bring_up_aggregate_device+0x164/0x1d0 __component_add+0xa4/0x174 component_add+0x14/0x20 dsi_dev_attach+0x20/0x34 [msm] dsi_host_attach+0x58/0x98 [msm] devm_mipi_dsi_attach+0x34/0x90 lt9611uxc_attach_dsi.isra.0+0x94/0x124 [lontium_lt9611uxc] lt9611uxc_probe+0x540/0x5fc [lontium_lt9611uxc] i2c_device_probe+0x148/0x2a8 really_probe+0xbc/0x2c0 __driver_probe_device+0x78/0x120 driver_probe_device+0x3c/0x154 __driver_attach+0x90/0x1a0 bus_for_each_dev+0x68/0xb8 driver_attach+0x24/0x30 bus_add_driver+0xe4/0x208 driver_register+0x68/0x124 i2c_register_driver+0x48/0xcc lt9611uxc_driver_init+0x20/0x1000 [lontium_lt9611uxc] do_one_initcall+0x60/0x1d4 do_init_module+0x54/0x1fc load_module+0x1748/0x1c8c init_module_from_file+0x74/0xa0 __arm64_sys_finit_module+0x130/0x2f8 invoke_syscall+0x48/0x104 el0_svc_common.constprop.0+0xc0/0xe0 do_el0_svc+0x1c/0x28 el0_svc+0x2c/0x80 el0t_64_sync_handler+0x10c/0x138 el0t_64_sync+0x198/0x19c ---[ end trace 0000000000000000 ]--- msm_dpu 5e01000.display-controller: [drm:msm_gpu_init [msm]] *ERROR* could not allocate memptrs: -22 msm_dpu 5e01000.display-controller: failed to load adreno gpu platform a400000.remoteproc:glink-edge:apr:service@7:dais: Adding to iommu group 19 msm_dpu 5e01000.display-controller: failed to bind 5900000.gpu (ops a3xx_ops [msm]): -22 msm_dpu 5e01000.display-controller: adev bind failed: -22 lt9611uxc 0-002b: failed to attach dsi to host lt9611uxc 0-002b: probe with driver lt9611uxc failed with error -22 Suggested-by: Bjorn Andersson <andersson(a)kernel.org> Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov(a)oss.qualcomm.com> Fixes: 3581b7062cec ("drm/msm/disp/dpu1: add support for display on SM6115") Cc: <stable(a)vger.kernel.org> Signed-off-by: Alexey Klimov <alexey.klimov(a)linaro.org> --- v2: - added tags as suggested by Dmitry; - slightly updated text in the commit message. Previous version: https://lore.kernel.org/linux-arm-msm/20250528003118.214093-1-alexey.klimov… drivers/iommu/arm/arm-smmu/arm-smmu-qcom.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/iommu/arm/arm-smmu/arm-smmu-qcom.c b/drivers/iommu/arm/arm-smmu/arm-smmu-qcom.c index 62874b18f645..c75023718595 100644 --- a/drivers/iommu/arm/arm-smmu/arm-smmu-qcom.c +++ b/drivers/iommu/arm/arm-smmu/arm-smmu-qcom.c @@ -379,6 +379,7 @@ static const struct of_device_id qcom_smmu_client_of_match[] __maybe_unused = { { .compatible = "qcom,sdm670-mdss" }, { .compatible = "qcom,sdm845-mdss" }, { .compatible = "qcom,sdm845-mss-pil" }, + { .compatible = "qcom,sm6115-mdss" }, { .compatible = "qcom,sm6350-mdss" }, { .compatible = "qcom,sm6375-mdss" }, { .compatible = "qcom,sm8150-mdss" }, -- 2.47.2

3 months, 3 weeks

3
3
0 0

[PATCH] extcon: fsa9480: Avoid buffer overflow in fsa9480_handle_change()

by Vladimir Moskovkin

Bit 7 of the 'Device Type 2' (0Bh) register is reserved in the FSA9480 device, but is used by the FSA880 and TSU6111 devices. From FSA9480 datasheet, Table 18. Device Type 2: Reset Value: x0000000 =========================================================================== Bit # | Name | Size (Bits) | Description --------------------------------------------------------------------------- 7 | Reserved | 1 | NA From FSA880 datasheet, Table 13. Device Type 2: Reset Value: 0xxx0000 =========================================================================== Bit # | Name | Size (Bits) | Description --------------------------------------------------------------------------- 7 | Unknown | 1 | 1: Any accessory detected as unknown | Accessory | | or an accessory that cannot be | | | detected as being valid even | | | though ID_CON is not floating | | | 0: Unknown accessory not detected From TSU6111 datasheet, Device Type 2: Reset Value:x0000000 =========================================================================== Bit # | Name | Size (Bits) | Description --------------------------------------------------------------------------- 7 | Audio Type 3 | 1 | Audio device type 3 So the value obtained from the FSA9480_REG_DEV_T2 register in the fsa9480_detect_dev() function may have the 7th bit set. In this case, the 'dev' parameter in the fsa9480_handle_change() function will be 15. And this will cause the 'cable_types' array to overflow when accessed at this index. Extend the 'cable_types' array with a new value 'DEV_RESERVED' as specified in the FSA9480 datasheet. Do not use it as it serves for various purposes in the listed devices. Found by Linux Verification Center (linuxtesting.org) with SVACE. Fixes: bad5b5e707a5 ("extcon: Add fsa9480 extcon driver") Cc: stable(a)vger.kernel.org Signed-off-by: Vladimir Moskovkin <Vladimir.Moskovkin(a)kaspersky.com> --- drivers/extcon/extcon-fsa9480.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/extcon/extcon-fsa9480.c b/drivers/extcon/extcon-fsa9480.c index b11b43171063..30972a7214f7 100644 --- a/drivers/extcon/extcon-fsa9480.c +++ b/drivers/extcon/extcon-fsa9480.c @@ -68,6 +68,7 @@ #define DEV_T1_CHARGER_MASK (DEV_DEDICATED_CHG | DEV_USB_CHG) /* Device Type 2 */ +#define DEV_RESERVED 15 #define DEV_AV 14 #define DEV_TTY 13 #define DEV_PPD 12 @@ -133,6 +134,7 @@ static const u64 cable_types[] = { [DEV_USB] = BIT_ULL(EXTCON_USB) | BIT_ULL(EXTCON_CHG_USB_SDP), [DEV_AUDIO_2] = BIT_ULL(EXTCON_JACK_LINE_OUT), [DEV_AUDIO_1] = BIT_ULL(EXTCON_JACK_LINE_OUT), + [DEV_RESERVED] = 0, [DEV_AV] = BIT_ULL(EXTCON_JACK_LINE_OUT) | BIT_ULL(EXTCON_JACK_VIDEO_OUT), [DEV_TTY] = BIT_ULL(EXTCON_JIG), @@ -228,7 +230,7 @@ static void fsa9480_detect_dev(struct fsa9480_usbsw *usbsw) dev_err(usbsw->dev, "%s: failed to read registers", __func__); return; } - val = val2 << 8 | val1; + val = val2 << 8 | (val1 & 0xFF); dev_info(usbsw->dev, "dev1: 0x%x, dev2: 0x%x\n", val1, val2); -- 2.25.1

3 months, 3 weeks

2
1
0 0

[PATCH net v2 1/3] net: libwx: remove duplicate page_pool_put_full_page()

by Jiawen Wu

page_pool_put_full_page() should only be invoked when freeing Rx buffers or building a skb if the size is too short. At other times, the pages need to be reused. So remove the redundant page put. In the original code, double free pages cause kernel panic: [ 876.949834] __irq_exit_rcu+0xc7/0x130 [ 876.949836] common_interrupt+0xb8/0xd0 [ 876.949838] </IRQ> [ 876.949838] <TASK> [ 876.949840] asm_common_interrupt+0x22/0x40 [ 876.949841] RIP: 0010:cpuidle_enter_state+0xc2/0x420 [ 876.949843] Code: 00 00 e8 d1 1d 5e ff e8 ac f0 ff ff 49 89 c5 0f 1f 44 00 00 31 ff e8 cd fc 5c ff 45 84 ff 0f 85 40 02 00 00 fb 0f 1f 44 00 00 <45> 85 f6 0f 88 84 01 00 00 49 63 d6 48 8d 04 52 48 8d 04 82 49 8d [ 876.949844] RSP: 0018:ffffaa7340267e78 EFLAGS: 00000246 [ 876.949845] RAX: ffff9e3f135be000 RBX: 0000000000000002 RCX: 0000000000000000 [ 876.949846] RDX: 000000cc2dc4cb7c RSI: ffffffff89ee49ae RDI: ffffffff89ef9f9e [ 876.949847] RBP: ffff9e378f940800 R08: 0000000000000002 R09: 00000000000000ed [ 876.949848] R10: 000000000000afc8 R11: ffff9e3e9e5a9b6c R12: ffffffff8a6d8580 [ 876.949849] R13: 000000cc2dc4cb7c R14: 0000000000000002 R15: 0000000000000000 [ 876.949852] ? cpuidle_enter_state+0xb3/0x420 [ 876.949855] cpuidle_enter+0x29/0x40 [ 876.949857] cpuidle_idle_call+0xfd/0x170 [ 876.949859] do_idle+0x7a/0xc0 [ 876.949861] cpu_startup_entry+0x25/0x30 [ 876.949862] start_secondary+0x117/0x140 [ 876.949864] common_startup_64+0x13e/0x148 [ 876.949867] </TASK> [ 876.949868] ---[ end trace 0000000000000000 ]--- [ 876.949869] ------------[ cut here ]------------ [ 876.949870] list_del corruption, ffffead40445a348->next is NULL [ 876.949873] WARNING: CPU: 14 PID: 0 at lib/list_debug.c:52 __list_del_entry_valid_or_report+0x67/0x120 [ 876.949875] Modules linked in: snd_hrtimer(E) bnep(E) binfmt_misc(E) amdgpu(E) squashfs(E) vfat(E) loop(E) fat(E) amd_atl(E) snd_hda_codec_realtek(E) intel_rapl_msr(E) snd_hda_codec_generic(E) intel_rapl_common(E) snd_hda_scodec_component(E) snd_hda_codec_hdmi(E) snd_hda_intel(E) edac_mce_amd(E) snd_intel_dspcfg(E) snd_hda_codec(E) snd_hda_core(E) amdxcp(E) kvm_amd(E) snd_hwdep(E) gpu_sched(E) drm_panel_backlight_quirks(E) cec(E) snd_pcm(E) drm_buddy(E) snd_seq_dummy(E) drm_ttm_helper(E) btusb(E) kvm(E) snd_seq_oss(E) btrtl(E) ttm(E) btintel(E) snd_seq_midi(E) btbcm(E) drm_exec(E) snd_seq_midi_event(E) i2c_algo_bit(E) snd_rawmidi(E) bluetooth(E) drm_suballoc_helper(E) irqbypass(E) snd_seq(E) ghash_clmulni_intel(E) sha512_ssse3(E) drm_display_helper(E) aesni_intel(E) snd_seq_device(E) rfkill(E) snd_timer(E) gf128mul(E) drm_client_lib(E) drm_kms_helper(E) snd(E) i2c_piix4(E) joydev(E) soundcore(E) wmi_bmof(E) ccp(E) k10temp(E) i2c_smbus(E) gpio_amdpt(E) i2c_designware_platform(E) gpio_generic(E) sg(E) [ 876.949914] i2c_designware_core(E) sch_fq_codel(E) parport_pc(E) drm(E) ppdev(E) lp(E) parport(E) fuse(E) nfnetlink(E) ip_tables(E) ext4 crc16 mbcache jbd2 sd_mod sfp mdio_i2c i2c_core txgbe ahci ngbe pcs_xpcs libahci libwx r8169 phylink libata realtek ptp pps_core video wmi [ 876.949933] CPU: 14 UID: 0 PID: 0 Comm: swapper/14 Kdump: loaded Tainted: G W E 6.16.0-rc2+ #20 PREEMPT(voluntary) [ 876.949935] Tainted: [W]=WARN, [E]=UNSIGNED_MODULE [ 876.949936] Hardware name: Micro-Star International Co., Ltd. MS-7E16/X670E GAMING PLUS WIFI (MS-7E16), BIOS 1.90 12/31/2024 [ 876.949936] RIP: 0010:__list_del_entry_valid_or_report+0x67/0x120 [ 876.949938] Code: 00 00 00 48 39 7d 08 0f 85 a6 00 00 00 5b b8 01 00 00 00 5d 41 5c e9 73 0d 93 ff 48 89 fe 48 c7 c7 a0 31 e8 89 e8 59 7c b3 ff <0f> 0b 31 c0 5b 5d 41 5c e9 57 0d 93 ff 48 89 fe 48 c7 c7 c8 31 e8 [ 876.949940] RSP: 0018:ffffaa73405d0c60 EFLAGS: 00010282 [ 876.949941] RAX: 0000000000000000 RBX: ffffead40445a348 RCX: 0000000000000000 [ 876.949942] RDX: 0000000000000105 RSI: 0000000000000001 RDI: 00000000ffffffff [ 876.949943] RBP: 0000000000000000 R08: 000000010006dfde R09: ffffffff8a47d150 [ 876.949944] R10: ffffffff8a47d150 R11: 0000000000000003 R12: dead000000000122 [ 876.949945] R13: ffff9e3e9e5af700 R14: ffffead40445a348 R15: ffff9e3e9e5af720 [ 876.949946] FS: 0000000000000000(0000) GS:ffff9e3f135be000(0000) knlGS:0000000000000000 [ 876.949947] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 876.949948] CR2: 00007fa58b480048 CR3: 0000000156724000 CR4: 0000000000750ef0 [ 876.949949] PKRU: 55555554 [ 876.949950] Call Trace: [ 876.949951] <IRQ> [ 876.949952] __rmqueue_pcplist+0x53/0x2c0 [ 876.949955] alloc_pages_bulk_noprof+0x2e0/0x660 [ 876.949958] __page_pool_alloc_pages_slow+0xa9/0x400 [ 876.949961] page_pool_alloc_pages+0xa/0x20 [ 876.949963] wx_alloc_rx_buffers+0xd7/0x110 [libwx] [ 876.949967] wx_clean_rx_irq+0x262/0x430 [libwx] [ 876.949971] wx_poll+0x92/0x130 [libwx] [ 876.949975] __napi_poll+0x28/0x190 [ 876.949977] net_rx_action+0x301/0x3f0 [ 876.949980] ? srso_alias_return_thunk+0x5/0xfbef5 [ 876.949981] ? profile_tick+0x30/0x70 [ 876.949983] ? srso_alias_return_thunk+0x5/0xfbef5 [ 876.949984] ? srso_alias_return_thunk+0x5/0xfbef5 [ 876.949986] ? timerqueue_add+0xa3/0xc0 [ 876.949988] ? srso_alias_return_thunk+0x5/0xfbef5 [ 876.949989] ? __raise_softirq_irqoff+0x16/0x70 [ 876.949991] ? srso_alias_return_thunk+0x5/0xfbef5 [ 876.949993] ? srso_alias_return_thunk+0x5/0xfbef5 [ 876.949994] ? wx_msix_clean_rings+0x41/0x50 [libwx] [ 876.949998] handle_softirqs+0xf9/0x2c0 Fixes: 3c47e8ae113a ("net: libwx: Support to receive packets in NAPI") Cc: stable(a)vger.kernel.org Signed-off-by: Jiawen Wu <jiawenwu(a)trustnetic.com> --- drivers/net/ethernet/wangxun/libwx/wx_lib.c | 11 ----------- drivers/net/ethernet/wangxun/libwx/wx_type.h | 1 - 2 files changed, 12 deletions(-) diff --git a/drivers/net/ethernet/wangxun/libwx/wx_lib.c b/drivers/net/ethernet/wangxun/libwx/wx_lib.c index 55e252789db3..7e3d7fb61a52 100644 --- a/drivers/net/ethernet/wangxun/libwx/wx_lib.c +++ b/drivers/net/ethernet/wangxun/libwx/wx_lib.c @@ -174,10 +174,6 @@ static void wx_dma_sync_frag(struct wx_ring *rx_ring, skb_frag_off(frag), skb_frag_size(frag), DMA_FROM_DEVICE); - - /* If the page was released, just unmap it. */ - if (unlikely(WX_CB(skb)->page_released)) - page_pool_put_full_page(rx_ring->page_pool, rx_buffer->page, false); } static struct wx_rx_buffer *wx_get_rx_buffer(struct wx_ring *rx_ring, @@ -227,10 +223,6 @@ static void wx_put_rx_buffer(struct wx_ring *rx_ring, struct sk_buff *skb, int rx_buffer_pgcnt) { - if (!IS_ERR(skb) && WX_CB(skb)->dma == rx_buffer->dma) - /* the page has been released from the ring */ - WX_CB(skb)->page_released = true; - /* clear contents of rx_buffer */ rx_buffer->page = NULL; rx_buffer->skb = NULL; @@ -2423,9 +2415,6 @@ static void wx_clean_rx_ring(struct wx_ring *rx_ring) if (rx_buffer->skb) { struct sk_buff *skb = rx_buffer->skb; - if (WX_CB(skb)->page_released) - page_pool_put_full_page(rx_ring->page_pool, rx_buffer->page, false); - dev_kfree_skb(skb); } diff --git a/drivers/net/ethernet/wangxun/libwx/wx_type.h b/drivers/net/ethernet/wangxun/libwx/wx_type.h index c363379126c0..622f2bfe6cde 100644 --- a/drivers/net/ethernet/wangxun/libwx/wx_type.h +++ b/drivers/net/ethernet/wangxun/libwx/wx_type.h @@ -909,7 +909,6 @@ enum wx_reset_type { struct wx_cb { dma_addr_t dma; u16 append_cnt; /* number of skb's appended */ - bool page_released; bool dma_released; }; -- 2.48.1

3 months, 3 weeks

2
1
0 0

[PATCH] init: Handle bootloader head in kernel parameters

by Huacai Chen

BootLoader may pass a head such as "BOOT_IMAGE=/boot/vmlinuz-x.y.z" to kernel parameters. But this head is not recognized by the kernel so will be passed to user space. However, user space init program also doesn't recognized it. KEXEC may also pass a head such as "kexec" on some architectures. So the the best way is handle it by the kernel itself, which can avoid such boot warnings: Kernel command line: BOOT_IMAGE=(hd0,1)/vmlinuz-6.x root=/dev/sda3 ro console=tty Unknown kernel command line parameters "BOOT_IMAGE=(hd0,1)/vmlinuz-6.x", will be passed to user space. Cc: stable(a)vger.kernel.org Signed-off-by: Huacai Chen <chenhuacai(a)loongson.cn> --- init/main.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/init/main.c b/init/main.c index 225a58279acd..9e0a7e8913c0 100644 --- a/init/main.c +++ b/init/main.c @@ -545,6 +545,7 @@ static int __init unknown_bootoption(char *param, char *val, const char *unused, void *arg) { size_t len = strlen(param); + const char *bootloader[] = { "BOOT_IMAGE", "kexec", NULL }; /* Handle params aliased to sysctls */ if (sysctl_is_alias(param)) @@ -552,6 +553,12 @@ static int __init unknown_bootoption(char *param, char *val, repair_env_string(param, val); + /* Handle bootloader head */ + for (int i = 0; bootloader[i]; i++) { + if (!strncmp(param, bootloader[i], strlen(bootloader[i]))) + return 0; + } + /* Handle obsolete-style parameters */ if (obsolete_checksetup(param)) return 0; -- 2.47.1

3 months, 3 weeks

3
10
0 0

[PATCH v5.10] vhost-scsi: protect vq->log_used with vq->mutex

by Xinyu Zheng

From: Dongli Zhang <dongli.zhang(a)oracle.com> [ Upstream commit f591cf9fce724e5075cc67488c43c6e39e8cbe27 ] The vhost-scsi completion path may access vq->log_base when vq->log_used is already set to false. vhost-thread QEMU-thread vhost_scsi_complete_cmd_work() -> vhost_add_used() -> vhost_add_used_n() if (unlikely(vq->log_used)) QEMU disables vq->log_used via VHOST_SET_VRING_ADDR. mutex_lock(&vq->mutex); vq->log_used = false now! mutex_unlock(&vq->mutex); QEMU gfree(vq->log_base) log_used() -> log_write(vq->log_base) Assuming the VMM is QEMU. The vq->log_base is from QEMU userpace and can be reclaimed via gfree(). As a result, this causes invalid memory writes to QEMU userspace. The control queue path has the same issue. CVE-2025-38074 Cc: stable(a)vger.kernel.org#5.10.x Cc: gregkh(a)linuxfoundation.org Signed-off-by: Dongli Zhang <dongli.zhang(a)oracle.com> Acked-by: Jason Wang <jasowang(a)redhat.com> Reviewed-by: Mike Christie <michael.christie(a)oracle.com> Message-Id: <20250403063028.16045-2-dongli.zhang(a)oracle.com> Signed-off-by: Michael S. Tsirkin <mst(a)redhat.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> [ Conflicts in drivers/vhost/scsi.c bacause vhost_scsi_complete_cmd_work() has been refactored. ] Signed-off-by: Xinyu Zheng <zhengxinyu6(a)huawei.com> --- drivers/vhost/scsi.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/drivers/vhost/scsi.c b/drivers/vhost/scsi.c index a23a65e7d828..fcde3752b4f1 100644 --- a/drivers/vhost/scsi.c +++ b/drivers/vhost/scsi.c @@ -579,8 +579,10 @@ static void vhost_scsi_complete_cmd_work(struct vhost_work *work) ret = copy_to_iter(&v_rsp, sizeof(v_rsp), &iov_iter); if (likely(ret == sizeof(v_rsp))) { struct vhost_scsi_virtqueue *q; - vhost_add_used(cmd->tvc_vq, cmd->tvc_vq_desc, 0); q = container_of(cmd->tvc_vq, struct vhost_scsi_virtqueue, vq); + mutex_lock(&q->vq.mutex); + vhost_add_used(cmd->tvc_vq, cmd->tvc_vq_desc, 0); + mutex_unlock(&q->vq.mutex); vq = q - vs->vqs; __set_bit(vq, signal); } else @@ -1193,8 +1195,11 @@ static void vhost_scsi_tmf_resp_work(struct vhost_work *work) else resp_code = VIRTIO_SCSI_S_FUNCTION_REJECTED; + mutex_lock(&tmf->svq->vq.mutex); vhost_scsi_send_tmf_resp(tmf->vhost, &tmf->svq->vq, tmf->in_iovs, tmf->vq_desc, &tmf->resp_iov, resp_code); + mutex_unlock(&tmf->svq->vq.mutex); + vhost_scsi_release_tmf_res(tmf); } -- 2.34.1

3 months, 3 weeks

4
3
0 0

[PATCH] cxl/region: Balance device refcount when destroying devices

by Ma Ke

Using device_find_child() to lookup the proper device to destroy causes an unbalance in device refcount, since device_find_child() calls an implicit get_device() to increment the device's reference count before returning the pointer. cxl_port_find_switch_decoder() directly converts this pointer to a cxl_decoder and returns it without releasing the reference properly. We should call put_device() to decrement reference count. As comment of device_find_child() says, 'NOTE: you will need to drop the reference with put_device() after use'. Found by code review. Cc: stable(a)vger.kernel.org Fixes: d6879d8cfb81 ("cxl/region: Add function to find a port's switch decoder by range") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- drivers/cxl/core/region.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/cxl/core/region.c b/drivers/cxl/core/region.c index 6e5e1460068d..cae16d761261 100644 --- a/drivers/cxl/core/region.c +++ b/drivers/cxl/core/region.c @@ -3234,6 +3234,9 @@ cxl_port_find_switch_decoder(struct cxl_port *port, struct range *hpa) struct device *cxld_dev = device_find_child(&port->dev, hpa, match_decoder_by_range); + /* Drop the refcnt bumped implicitly by device_find_child */ + put_device(cxld_dev); + return cxld_dev ? to_cxl_decoder(cxld_dev) : NULL; } -- 2.25.1

3 months, 3 weeks

2
1
0 0

FAILED: patch "[PATCH] ksmbd: fix a mount write count leak in" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 277627b431a0a6401635c416a21b2a0f77a77347 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025071424-payroll-posh-4e3e@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 277627b431a0a6401635c416a21b2a0f77a77347 Mon Sep 17 00:00:00 2001 From: Al Viro <viro(a)zeniv.linux.org.uk> Date: Sun, 6 Jul 2025 02:26:45 +0100 Subject: [PATCH] ksmbd: fix a mount write count leak in ksmbd_vfs_kern_path_locked() If the call of ksmbd_vfs_lock_parent() fails, we drop the parent_path references and return an error. We need to drop the write access we just got on parent_path->mnt before we drop the mount reference - callers assume that ksmbd_vfs_kern_path_locked() returns with mount write access grabbed if and only if it has returned 0. Fixes: 864fb5d37163 ("ksmbd: fix possible deadlock in smb2_open") Signed-off-by: Al Viro <viro(a)zeniv.linux.org.uk> Acked-by: Namjae Jeon <linkinjeon(a)kernel.org> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/server/vfs.c b/fs/smb/server/vfs.c index 0f3aad12e495..d3437f6644e3 100644 --- a/fs/smb/server/vfs.c +++ b/fs/smb/server/vfs.c @@ -1282,6 +1282,7 @@ int ksmbd_vfs_kern_path_locked(struct ksmbd_work *work, char *name, err = ksmbd_vfs_lock_parent(parent_path->dentry, path->dentry); if (err) { + mnt_drop_write(parent_path->mnt); path_put(path); path_put(parent_path); }

3 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] smb: server: make use of rdma_destroy_qp()" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 0c2b53997e8f5e2ec9e0fbd17ac0436466b65488 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025071408-overarch-ashes-8fbd@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0c2b53997e8f5e2ec9e0fbd17ac0436466b65488 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher <metze(a)samba.org> Date: Wed, 2 Jul 2025 09:18:05 +0200 Subject: [PATCH] smb: server: make use of rdma_destroy_qp() The qp is created by rdma_create_qp() as t->cm_id->qp and t->qp is just a shortcut. rdma_destroy_qp() also calls ib_destroy_qp(cm_id->qp) internally, but it is protected by a mutex, clears the cm_id and also calls trace_cm_qp_destroy(). This should make the tracing more useful as both rdma_create_qp() and rdma_destroy_qp() are traces and it makes the code look more sane as functions from the same layer are used for the specific qp object. trace-cmd stream -e rdma_cma:cm_qp_create -e rdma_cma:cm_qp_destroy shows this now while doing a mount and unmount from a client: <...>-80 [002] 378.514182: cm_qp_create: cm.id=1 src=172.31.9.167:5445 dst=172.31.9.166:37113 tos=0 pd.id=0 qp_type=RC send_wr=867 recv_wr=255 qp_num=1 rc=0 <...>-6283 [001] 381.686172: cm_qp_destroy: cm.id=1 src=172.31.9.167:5445 dst=172.31.9.166:37113 tos=0 qp_num=1 Before we only saw the first line. Cc: Namjae Jeon <linkinjeon(a)kernel.org> Cc: Steve French <stfrench(a)microsoft.com> Cc: Sergey Senozhatsky <sergey.senozhatsky(a)gmail.com> Cc: Hyunchul Lee <hyc.lee(a)gmail.com> Cc: Tom Talpey <tom(a)talpey.com> Cc: linux-cifs(a)vger.kernel.org Fixes: 0626e6641f6b ("cifsd: add server handler for central processing and tranport layers") Signed-off-by: Stefan Metzmacher <metze(a)samba.org> Reviewed-by: Tom Talpey <tom(a)talpey.com> Acked-by: Namjae Jeon <linkinjeon(a)kernel.org> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/server/transport_rdma.c b/fs/smb/server/transport_rdma.c index 64a428a06ace..c6cbe0d56e32 100644 --- a/fs/smb/server/transport_rdma.c +++ b/fs/smb/server/transport_rdma.c @@ -433,7 +433,8 @@ static void free_transport(struct smb_direct_transport *t) if (t->qp) { ib_drain_qp(t->qp); ib_mr_pool_destroy(t->qp, &t->qp->rdma_mrs); - ib_destroy_qp(t->qp); + t->qp = NULL; + rdma_destroy_qp(t->cm_id); } ksmbd_debug(RDMA, "drain the reassembly queue\n"); @@ -1940,8 +1941,8 @@ static int smb_direct_create_qpair(struct smb_direct_transport *t, return 0; err: if (t->qp) { - ib_destroy_qp(t->qp); t->qp = NULL; + rdma_destroy_qp(t->cm_id); } if (t->recv_cq) { ib_destroy_cq(t->recv_cq);

3 months, 3 weeks

1
0
0 0

[PATCH 1/2] objtool/rust: add one more `noreturn` Rust function for Rust 1.89.0

by Miguel Ojeda

Starting with Rust 1.89.0 (expected 2025-08-07), under `CONFIG_RUST_DEBUG_ASSERTIONS=y`, `objtool` may report: rust/kernel.o: warning: objtool: _R..._6kernel4pageNtB5_4Page8read_raw() falls through to next function _R..._6kernel4pageNtB5_4Page9write_raw() (and many others) due to calls to the `noreturn` symbol: core::panicking::panic_nounwind_fmt Thus add the mangled one to the list so that `objtool` knows it is actually `noreturn`. See commit 56d680dd23c3 ("objtool/rust: list `noreturn` Rust functions") for more details. Cc: stable(a)vger.kernel.org # Needed in 6.12.y and later (Rust is pinned in older LTSs). Cc: Josh Poimboeuf <jpoimboe(a)kernel.org> Cc: Peter Zijlstra <peterz(a)infradead.org> Signed-off-by: Miguel Ojeda <ojeda(a)kernel.org> --- tools/objtool/check.c | 1 + 1 file changed, 1 insertion(+) diff --git a/tools/objtool/check.c b/tools/objtool/check.c index f23bdda737aa..3257eefc41ed 100644 --- a/tools/objtool/check.c +++ b/tools/objtool/check.c @@ -224,6 +224,7 @@ static bool is_rust_noreturn(const struct symbol *func) str_ends_with(func->name, "_4core9panicking14panic_explicit") || str_ends_with(func->name, "_4core9panicking14panic_nounwind") || str_ends_with(func->name, "_4core9panicking18panic_bounds_check") || + str_ends_with(func->name, "_4core9panicking18panic_nounwind_fmt") || str_ends_with(func->name, "_4core9panicking19assert_failed_inner") || str_ends_with(func->name, "_4core9panicking30panic_null_pointer_dereference") || str_ends_with(func->name, "_4core9panicking36panic_misaligned_pointer_dereference") || -- 2.50.1

3 months, 3 weeks

3
3
0 0

[PATCH 2/2] rust: use `#[used(compiler)]` to fix build and `modpost` with Rust >= 1.89.0

by Miguel Ojeda

Starting with Rust 1.89.0 (expected 2025-08-07), the Rust compiler fails to build the `rusttest` target due to undefined references such as: kernel...-cgu.0:(.text....+0x116): undefined reference to `rust_helper_kunit_get_current_test' Moreover, tooling like `modpost` gets confused: WARNING: modpost: missing MODULE_DESCRIPTION() in drivers/gpu/drm/nova/nova.o ERROR: modpost: missing MODULE_LICENSE() in drivers/gpu/nova-core/nova_core.o The reason behind both issues is that the Rust compiler will now [1] treat `#[used]` as `#[used(linker)]` instead of `#[used(compiler)]` for our targets. This means that the retain section flag (`R`, `SHF_GNU_RETAIN`) will be used and that they will be marked as `unique` too, with different IDs. In turn, that means we end up with undefined references that did not get discarded in `rusttest` and that multiple `.modinfo` sections are generated, which confuse tooling like `modpost` because they only expect one. Thus start using `#[used(compiler)]` to keep the previous behavior and to be explicit about what we want. Sadly, it is an unstable feature (`used_with_arg`) [2] -- we will talk to upstream Rust about it. The good news is that it has been available for a long time (Rust >= 1.60) [3]. The changes should also be fine for previous Rust versions, since they behave the same way as before [4]. Alternatively, we could use `#[no_mangle]` or `#[export_name = ...]` since those still behave like `#[used(compiler)]`, but of course it is not really what we want to express, and it requires other changes to avoid symbol conflicts. Cc: Björn Roy Baron <bjorn3_gh(a)protonmail.com> Cc: David Wood <david(a)davidtw.co> Cc: Wesley Wiser <wwiser(a)gmail.com> Cc: stable(a)vger.kernel.org # Needed in 6.12.y and later (Rust is pinned in older LTSs). Link: https://github.com/rust-lang/rust/pull/140872 [1] Link: https://github.com/rust-lang/rust/issues/93798 [2] Link: https://github.com/rust-lang/rust/pull/91504 [3] Link: https://godbolt.org/z/sxzWTMfzW [4] Signed-off-by: Miguel Ojeda <ojeda(a)kernel.org> --- rust/Makefile | 1 + rust/kernel/firmware.rs | 2 +- rust/kernel/kunit.rs | 2 +- rust/kernel/lib.rs | 3 +++ rust/macros/module.rs | 10 +++++----- scripts/Makefile.build | 3 ++- 6 files changed, 13 insertions(+), 8 deletions(-) diff --git a/rust/Makefile b/rust/Makefile index 27dec7904c3a..115b63b7d1e3 100644 --- a/rust/Makefile +++ b/rust/Makefile @@ -194,6 +194,7 @@ quiet_cmd_rustdoc_test = RUSTDOC T $< RUST_MODFILE=test.rs \ OBJTREE=$(abspath $(objtree)) \ $(RUSTDOC) --test $(rust_common_flags) \ + -Zcrate-attr='feature(used_with_arg)' \ @$(objtree)/include/generated/rustc_cfg \ $(rustc_target_flags) $(rustdoc_test_target_flags) \ $(rustdoc_test_quiet) \ diff --git a/rust/kernel/firmware.rs b/rust/kernel/firmware.rs index 2494c96e105f..4fe621f35716 100644 --- a/rust/kernel/firmware.rs +++ b/rust/kernel/firmware.rs @@ -202,7 +202,7 @@ macro_rules! module_firmware { }; #[link_section = ".modinfo"] - #[used] + #[used(compiler)] static __MODULE_FIRMWARE: [u8; $($builder)*::create(__MODULE_FIRMWARE_PREFIX) .build_length()] = $($builder)*::create(__MODULE_FIRMWARE_PREFIX).build(); }; diff --git a/rust/kernel/kunit.rs b/rust/kernel/kunit.rs index 4b8cdcb21e77..b9e65905e121 100644 --- a/rust/kernel/kunit.rs +++ b/rust/kernel/kunit.rs @@ -302,7 +302,7 @@ macro_rules! kunit_unsafe_test_suite { is_init: false, }; - #[used] + #[used(compiler)] #[allow(unused_unsafe)] #[cfg_attr(not(target_os = "macos"), link_section = ".kunit_test_suites")] static mut KUNIT_TEST_SUITE_ENTRY: *const ::kernel::bindings::kunit_suite = diff --git a/rust/kernel/lib.rs b/rust/kernel/lib.rs index 6b4774b2b1c3..e13d6ed88fa6 100644 --- a/rust/kernel/lib.rs +++ b/rust/kernel/lib.rs @@ -34,6 +34,9 @@ // Expected to become stable. #![feature(arbitrary_self_types)] // +// To be determined. +#![feature(used_with_arg)] +// // `feature(derive_coerce_pointee)` is expected to become stable. Before Rust // 1.84.0, it did not exist, so enable the predecessor features. #![cfg_attr(CONFIG_RUSTC_HAS_COERCE_POINTEE, feature(derive_coerce_pointee))] diff --git a/rust/macros/module.rs b/rust/macros/module.rs index 2ddd2eeb2852..75efc6eeeafc 100644 --- a/rust/macros/module.rs +++ b/rust/macros/module.rs @@ -57,7 +57,7 @@ fn emit_base(&mut self, field: &str, content: &str, builtin: bool) { {cfg} #[doc(hidden)] #[cfg_attr(not(target_os = \"macos\"), link_section = \".modinfo\")] - #[used] + #[used(compiler)] pub static __{module}_{counter}: [u8; {length}] = *{string}; ", cfg = if builtin { @@ -249,7 +249,7 @@ mod __module_init {{ // key or a new section. For the moment, keep it simple. #[cfg(MODULE)] #[doc(hidden)] - #[used] + #[used(compiler)] static __IS_RUST_MODULE: () = (); static mut __MOD: ::core::mem::MaybeUninit<{type_}> = @@ -273,7 +273,7 @@ mod __module_init {{ #[cfg(MODULE)] #[doc(hidden)] - #[used] + #[used(compiler)] #[link_section = \".init.data\"] static __UNIQUE_ID___addressable_init_module: unsafe extern \"C\" fn() -> i32 = init_module; @@ -293,7 +293,7 @@ mod __module_init {{ #[cfg(MODULE)] #[doc(hidden)] - #[used] + #[used(compiler)] #[link_section = \".exit.data\"] static __UNIQUE_ID___addressable_cleanup_module: extern \"C\" fn() = cleanup_module; @@ -303,7 +303,7 @@ mod __module_init {{ #[cfg(not(CONFIG_HAVE_ARCH_PREL32_RELOCATIONS))] #[doc(hidden)] #[link_section = \"{initcall_section}\"] - #[used] + #[used(compiler)] pub static __{ident}_initcall: extern \"C\" fn() -> ::kernel::ffi::c_int = __{ident}_init; diff --git a/scripts/Makefile.build b/scripts/Makefile.build index a6461ea411f7..ba71b27aa363 100644 --- a/scripts/Makefile.build +++ b/scripts/Makefile.build @@ -312,10 +312,11 @@ $(obj)/%.lst: $(obj)/%.c FORCE # - Stable since Rust 1.82.0: `feature(asm_const)`, `feature(raw_ref_op)`. # - Stable since Rust 1.87.0: `feature(asm_goto)`. # - Expected to become stable: `feature(arbitrary_self_types)`. +# - To be determined: `feature(used_with_arg)`. # # Please see https://github.com/Rust-for-Linux/linux/issues/2 for details on # the unstable features in use. -rust_allowed_features := asm_const,asm_goto,arbitrary_self_types,lint_reasons,raw_ref_op +rust_allowed_features := asm_const,asm_goto,arbitrary_self_types,lint_reasons,raw_ref_op,used_with_arg # `--out-dir` is required to avoid temporaries being created by `rustc` in the # current working directory, which may be not accessible in the out-of-tree -- 2.50.1

3 months, 3 weeks

2
1
0 0

[PATCH] LoongArch: Make relocate_new_kernel_size be a .quad value

by Huacai Chen

Now relocate_new_kernel_size is a .long value, which means 32bit, so its high 32bit is undefined. This causes memcpy((void *)reboot_code_buffer, relocate_new_kernel, relocate_new_kernel_size) in machine_kexec_prepare() access out of range memories in some cases, and then end up with an ADE exception. So make relocate_new_kernel_size be a .quad value, which means 64bit, to avoid such errors. Cc: stable(a)vger.kernel.org Signed-off-by: Huacai Chen <chenhuacai(a)loongson.cn> --- arch/loongarch/kernel/relocate_kernel.S | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/loongarch/kernel/relocate_kernel.S b/arch/loongarch/kernel/relocate_kernel.S index 84e6de2fd973..8b5140ac9ea1 100644 --- a/arch/loongarch/kernel/relocate_kernel.S +++ b/arch/loongarch/kernel/relocate_kernel.S @@ -109,4 +109,4 @@ SYM_CODE_END(kexec_smp_wait) relocate_new_kernel_end: .section ".data" -SYM_DATA(relocate_new_kernel_size, .long relocate_new_kernel_end - relocate_new_kernel) +SYM_DATA(relocate_new_kernel_size, .quad relocate_new_kernel_end - relocate_new_kernel) -- 2.47.1

3 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] kasan: remove kasan_find_vm_area() to prevent possible" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 6ee9b3d84775944fb8c8a447961cd01274ac671c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025071348-swizzle-utter-2496@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6ee9b3d84775944fb8c8a447961cd01274ac671c Mon Sep 17 00:00:00 2001 From: Yeoreum Yun <yeoreum.yun(a)arm.com> Date: Thu, 3 Jul 2025 19:10:18 +0100 Subject: [PATCH] kasan: remove kasan_find_vm_area() to prevent possible deadlock find_vm_area() couldn't be called in atomic_context. If find_vm_area() is called to reports vm area information, kasan can trigger deadlock like: CPU0 CPU1 vmalloc(); alloc_vmap_area(); spin_lock(&vn->busy.lock) spin_lock_bh(&some_lock); <interrupt occurs> <in softirq> spin_lock(&some_lock); <access invalid address> kasan_report(); print_report(); print_address_description(); kasan_find_vm_area(); find_vm_area(); spin_lock(&vn->busy.lock) // deadlock! To prevent possible deadlock while kasan reports, remove kasan_find_vm_area(). Link: https://lkml.kernel.org/r/20250703181018.580833-1-yeoreum.yun@arm.com Fixes: c056a364e954 ("kasan: print virtual mapping info in reports") Signed-off-by: Yeoreum Yun <yeoreum.yun(a)arm.com> Reported-by: Yunseong Kim <ysk(a)kzalloc.com> Reviewed-by: Andrey Ryabinin <ryabinin.a.a(a)gmail.com> Cc: Alexander Potapenko <glider(a)google.com> Cc: Andrey Konovalov <andreyknvl(a)gmail.com> Cc: Byungchul Park <byungchul(a)sk.com> Cc: Dmitriy Vyukov <dvyukov(a)google.com> Cc: Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> Cc: Steven Rostedt <rostedt(a)goodmis.org> Cc: Vincenzo Frascino <vincenzo.frascino(a)arm.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/kasan/report.c b/mm/kasan/report.c index 8357e1a33699..b0877035491f 100644 --- a/mm/kasan/report.c +++ b/mm/kasan/report.c @@ -370,36 +370,6 @@ static inline bool init_task_stack_addr(const void *addr) sizeof(init_thread_union.stack)); } -/* - * This function is invoked with report_lock (a raw_spinlock) held. A - * PREEMPT_RT kernel cannot call find_vm_area() as it will acquire a sleeping - * rt_spinlock. - * - * For !RT kernel, the PROVE_RAW_LOCK_NESTING config option will print a - * lockdep warning for this raw_spinlock -> spinlock dependency. This config - * option is enabled by default to ensure better test coverage to expose this - * kind of RT kernel problem. This lockdep splat, however, can be suppressed - * by using DEFINE_WAIT_OVERRIDE_MAP() if it serves a useful purpose and the - * invalid PREEMPT_RT case has been taken care of. - */ -static inline struct vm_struct *kasan_find_vm_area(void *addr) -{ - static DEFINE_WAIT_OVERRIDE_MAP(vmalloc_map, LD_WAIT_SLEEP); - struct vm_struct *va; - - if (IS_ENABLED(CONFIG_PREEMPT_RT)) - return NULL; - - /* - * Suppress lockdep warning and fetch vmalloc area of the - * offending address. - */ - lock_map_acquire_try(&vmalloc_map); - va = find_vm_area(addr); - lock_map_release(&vmalloc_map); - return va; -} - static void print_address_description(void *addr, u8 tag, struct kasan_report_info *info) { @@ -429,19 +399,8 @@ static void print_address_description(void *addr, u8 tag, } if (is_vmalloc_addr(addr)) { - struct vm_struct *va = kasan_find_vm_area(addr); - - if (va) { - pr_err("The buggy address belongs to the virtual mapping at\n" - " [%px, %px) created by:\n" - " %pS\n", - va->addr, va->addr + va->size, va->caller); - pr_err("\n"); - - page = vmalloc_to_page(addr); - } else { - pr_err("The buggy address %px belongs to a vmalloc virtual mapping\n", addr); - } + pr_err("The buggy address %px belongs to a vmalloc virtual mapping\n", addr); + page = vmalloc_to_page(addr); } if (page) {

3 months, 3 weeks

2
1
0 0

[PATCH 6.12.y 1/1] kasan: remove kasan_find_vm_area() to prevent possible deadlock

by Yeoreum Yun

find_vm_area() couldn't be called in atomic_context. If find_vm_area() is called to reports vm area information, kasan can trigger deadlock like: CPU0 CPU1 vmalloc(); alloc_vmap_area(); spin_lock(&vn->busy.lock) spin_lock_bh(&some_lock); <interrupt occurs> <in softirq> spin_lock(&some_lock); <access invalid address> kasan_report(); print_report(); print_address_description(); kasan_find_vm_area(); find_vm_area(); spin_lock(&vn->busy.lock) // deadlock! To prevent possible deadlock while kasan reports, remove kasan_find_vm_area(). Link: https://lkml.kernel.org/r/20250703181018.580833-1-yeoreum.yun@arm.com Fixes: c056a364e954 ("kasan: print virtual mapping info in reports") Signed-off-by: Yeoreum Yun <yeoreum.yun(a)arm.com> Reported-by: Yunseong Kim <ysk(a)kzalloc.com> Reviewed-by: Andrey Ryabinin <ryabinin.a.a(a)gmail.com> Cc: Alexander Potapenko <glider(a)google.com> Cc: Andrey Konovalov <andreyknvl(a)gmail.com> Cc: Byungchul Park <byungchul(a)sk.com> Cc: Dmitriy Vyukov <dvyukov(a)google.com> Cc: Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> Cc: Steven Rostedt <rostedt(a)goodmis.org> Cc: Vincenzo Frascino <vincenzo.frascino(a)arm.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> (cherry picked from commit 6ee9b3d84775944fb8c8a447961cd01274ac671c) --- mm/kasan/report.c | 13 ++----------- 1 file changed, 2 insertions(+), 11 deletions(-) diff --git a/mm/kasan/report.c b/mm/kasan/report.c index c7c0083203cb..5675d6a412ef 100644 --- a/mm/kasan/report.c +++ b/mm/kasan/report.c @@ -398,17 +398,8 @@ static void print_address_description(void *addr, u8 tag, } if (is_vmalloc_addr(addr)) { - struct vm_struct *va = find_vm_area(addr); - - if (va) { - pr_err("The buggy address belongs to the virtual mapping at\n" - " [%px, %px) created by:\n" - " %pS\n", - va->addr, va->addr + va->size, va->caller); - pr_err("\n"); - - page = vmalloc_to_page(addr); - } + pr_err("The buggy address %px belongs to a vmalloc virtual mapping\n", addr); + page = vmalloc_to_page(addr); } if (page) { -- LEVI:{C3F47F37-75D8-414A-A8BA-3980EC8A46D7}

3 months, 3 weeks

2
1
0 0

FAILED: patch "[PATCH] kasan: remove kasan_find_vm_area() to prevent possible" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 6ee9b3d84775944fb8c8a447961cd01274ac671c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025071347-pregnant-dismount-40e9@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6ee9b3d84775944fb8c8a447961cd01274ac671c Mon Sep 17 00:00:00 2001 From: Yeoreum Yun <yeoreum.yun(a)arm.com> Date: Thu, 3 Jul 2025 19:10:18 +0100 Subject: [PATCH] kasan: remove kasan_find_vm_area() to prevent possible deadlock find_vm_area() couldn't be called in atomic_context. If find_vm_area() is called to reports vm area information, kasan can trigger deadlock like: CPU0 CPU1 vmalloc(); alloc_vmap_area(); spin_lock(&vn->busy.lock) spin_lock_bh(&some_lock); <interrupt occurs> <in softirq> spin_lock(&some_lock); <access invalid address> kasan_report(); print_report(); print_address_description(); kasan_find_vm_area(); find_vm_area(); spin_lock(&vn->busy.lock) // deadlock! To prevent possible deadlock while kasan reports, remove kasan_find_vm_area(). Link: https://lkml.kernel.org/r/20250703181018.580833-1-yeoreum.yun@arm.com Fixes: c056a364e954 ("kasan: print virtual mapping info in reports") Signed-off-by: Yeoreum Yun <yeoreum.yun(a)arm.com> Reported-by: Yunseong Kim <ysk(a)kzalloc.com> Reviewed-by: Andrey Ryabinin <ryabinin.a.a(a)gmail.com> Cc: Alexander Potapenko <glider(a)google.com> Cc: Andrey Konovalov <andreyknvl(a)gmail.com> Cc: Byungchul Park <byungchul(a)sk.com> Cc: Dmitriy Vyukov <dvyukov(a)google.com> Cc: Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> Cc: Steven Rostedt <rostedt(a)goodmis.org> Cc: Vincenzo Frascino <vincenzo.frascino(a)arm.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/kasan/report.c b/mm/kasan/report.c index 8357e1a33699..b0877035491f 100644 --- a/mm/kasan/report.c +++ b/mm/kasan/report.c @@ -370,36 +370,6 @@ static inline bool init_task_stack_addr(const void *addr) sizeof(init_thread_union.stack)); } -/* - * This function is invoked with report_lock (a raw_spinlock) held. A - * PREEMPT_RT kernel cannot call find_vm_area() as it will acquire a sleeping - * rt_spinlock. - * - * For !RT kernel, the PROVE_RAW_LOCK_NESTING config option will print a - * lockdep warning for this raw_spinlock -> spinlock dependency. This config - * option is enabled by default to ensure better test coverage to expose this - * kind of RT kernel problem. This lockdep splat, however, can be suppressed - * by using DEFINE_WAIT_OVERRIDE_MAP() if it serves a useful purpose and the - * invalid PREEMPT_RT case has been taken care of. - */ -static inline struct vm_struct *kasan_find_vm_area(void *addr) -{ - static DEFINE_WAIT_OVERRIDE_MAP(vmalloc_map, LD_WAIT_SLEEP); - struct vm_struct *va; - - if (IS_ENABLED(CONFIG_PREEMPT_RT)) - return NULL; - - /* - * Suppress lockdep warning and fetch vmalloc area of the - * offending address. - */ - lock_map_acquire_try(&vmalloc_map); - va = find_vm_area(addr); - lock_map_release(&vmalloc_map); - return va; -} - static void print_address_description(void *addr, u8 tag, struct kasan_report_info *info) { @@ -429,19 +399,8 @@ static void print_address_description(void *addr, u8 tag, } if (is_vmalloc_addr(addr)) { - struct vm_struct *va = kasan_find_vm_area(addr); - - if (va) { - pr_err("The buggy address belongs to the virtual mapping at\n" - " [%px, %px) created by:\n" - " %pS\n", - va->addr, va->addr + va->size, va->caller); - pr_err("\n"); - - page = vmalloc_to_page(addr); - } else { - pr_err("The buggy address %px belongs to a vmalloc virtual mapping\n", addr); - } + pr_err("The buggy address %px belongs to a vmalloc virtual mapping\n", addr); + page = vmalloc_to_page(addr); } if (page) {

3 months, 3 weeks

2
1
0 0

FAILED: patch "[PATCH] kasan: remove kasan_find_vm_area() to prevent possible" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 6ee9b3d84775944fb8c8a447961cd01274ac671c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025071347-compel-crate-aeba@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6ee9b3d84775944fb8c8a447961cd01274ac671c Mon Sep 17 00:00:00 2001 From: Yeoreum Yun <yeoreum.yun(a)arm.com> Date: Thu, 3 Jul 2025 19:10:18 +0100 Subject: [PATCH] kasan: remove kasan_find_vm_area() to prevent possible deadlock find_vm_area() couldn't be called in atomic_context. If find_vm_area() is called to reports vm area information, kasan can trigger deadlock like: CPU0 CPU1 vmalloc(); alloc_vmap_area(); spin_lock(&vn->busy.lock) spin_lock_bh(&some_lock); <interrupt occurs> <in softirq> spin_lock(&some_lock); <access invalid address> kasan_report(); print_report(); print_address_description(); kasan_find_vm_area(); find_vm_area(); spin_lock(&vn->busy.lock) // deadlock! To prevent possible deadlock while kasan reports, remove kasan_find_vm_area(). Link: https://lkml.kernel.org/r/20250703181018.580833-1-yeoreum.yun@arm.com Fixes: c056a364e954 ("kasan: print virtual mapping info in reports") Signed-off-by: Yeoreum Yun <yeoreum.yun(a)arm.com> Reported-by: Yunseong Kim <ysk(a)kzalloc.com> Reviewed-by: Andrey Ryabinin <ryabinin.a.a(a)gmail.com> Cc: Alexander Potapenko <glider(a)google.com> Cc: Andrey Konovalov <andreyknvl(a)gmail.com> Cc: Byungchul Park <byungchul(a)sk.com> Cc: Dmitriy Vyukov <dvyukov(a)google.com> Cc: Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> Cc: Steven Rostedt <rostedt(a)goodmis.org> Cc: Vincenzo Frascino <vincenzo.frascino(a)arm.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/kasan/report.c b/mm/kasan/report.c index 8357e1a33699..b0877035491f 100644 --- a/mm/kasan/report.c +++ b/mm/kasan/report.c @@ -370,36 +370,6 @@ static inline bool init_task_stack_addr(const void *addr) sizeof(init_thread_union.stack)); } -/* - * This function is invoked with report_lock (a raw_spinlock) held. A - * PREEMPT_RT kernel cannot call find_vm_area() as it will acquire a sleeping - * rt_spinlock. - * - * For !RT kernel, the PROVE_RAW_LOCK_NESTING config option will print a - * lockdep warning for this raw_spinlock -> spinlock dependency. This config - * option is enabled by default to ensure better test coverage to expose this - * kind of RT kernel problem. This lockdep splat, however, can be suppressed - * by using DEFINE_WAIT_OVERRIDE_MAP() if it serves a useful purpose and the - * invalid PREEMPT_RT case has been taken care of. - */ -static inline struct vm_struct *kasan_find_vm_area(void *addr) -{ - static DEFINE_WAIT_OVERRIDE_MAP(vmalloc_map, LD_WAIT_SLEEP); - struct vm_struct *va; - - if (IS_ENABLED(CONFIG_PREEMPT_RT)) - return NULL; - - /* - * Suppress lockdep warning and fetch vmalloc area of the - * offending address. - */ - lock_map_acquire_try(&vmalloc_map); - va = find_vm_area(addr); - lock_map_release(&vmalloc_map); - return va; -} - static void print_address_description(void *addr, u8 tag, struct kasan_report_info *info) { @@ -429,19 +399,8 @@ static void print_address_description(void *addr, u8 tag, } if (is_vmalloc_addr(addr)) { - struct vm_struct *va = kasan_find_vm_area(addr); - - if (va) { - pr_err("The buggy address belongs to the virtual mapping at\n" - " [%px, %px) created by:\n" - " %pS\n", - va->addr, va->addr + va->size, va->caller); - pr_err("\n"); - - page = vmalloc_to_page(addr); - } else { - pr_err("The buggy address %px belongs to a vmalloc virtual mapping\n", addr); - } + pr_err("The buggy address %px belongs to a vmalloc virtual mapping\n", addr); + page = vmalloc_to_page(addr); } if (page) {

3 months, 3 weeks

2
1
0 0

FAILED: patch "[PATCH] x86/sev: Use TSC_FACTOR for Secure TSC frequency calculation" failed to apply to 6.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.15.y git checkout FETCH_HEAD git cherry-pick -x 52e1a03e6cf61ae165f59f41c44394a653a0a788 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025071203-dime-overcook-61dc@gregkh' --subject-prefix 'PATCH 6.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 52e1a03e6cf61ae165f59f41c44394a653a0a788 Mon Sep 17 00:00:00 2001 From: Nikunj A Dadhania <nikunj(a)amd.com> Date: Mon, 30 Jun 2025 13:48:58 +0530 Subject: [PATCH] x86/sev: Use TSC_FACTOR for Secure TSC frequency calculation When using Secure TSC, the GUEST_TSC_FREQ MSR reports a frequency based on the nominal P0 frequency, which deviates slightly (typically ~0.2%) from the actual mean TSC frequency due to clocking parameters. Over extended VM uptime, this discrepancy accumulates, causing clock skew between the hypervisor and a SEV-SNP VM, leading to early timer interrupts as perceived by the guest. The guest kernel relies on the reported nominal frequency for TSC-based timekeeping, while the actual frequency set during SNP_LAUNCH_START may differ. This mismatch results in inaccurate time calculations, causing the guest to perceive hrtimers as firing earlier than expected. Utilize the TSC_FACTOR from the SEV firmware's secrets page (see "Secrets Page Format" in the SNP Firmware ABI Specification) to calculate the mean TSC frequency, ensuring accurate timekeeping and mitigating clock skew in SEV-SNP VMs. Use early_ioremap_encrypted() to map the secrets page as ioremap_encrypted() uses kmalloc() which is not available during early TSC initialization and causes a panic. [ bp: Drop the silly dummy var: https://lore.kernel.org/r/20250630192726.GBaGLlHl84xIopx4Pt@fat_crate.local ] Fixes: 73bbf3b0fbba ("x86/tsc: Init the TSC for Secure TSC guests") Signed-off-by: Nikunj A Dadhania <nikunj(a)amd.com> Signed-off-by: Borislav Petkov (AMD) <bp(a)alien8.de> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/20250630081858.485187-1-nikunj@amd.com diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c index b6db4e0b936b..7543a8b52c67 100644 --- a/arch/x86/coco/sev/core.c +++ b/arch/x86/coco/sev/core.c @@ -88,7 +88,7 @@ static const char * const sev_status_feat_names[] = { */ static u64 snp_tsc_scale __ro_after_init; static u64 snp_tsc_offset __ro_after_init; -static u64 snp_tsc_freq_khz __ro_after_init; +static unsigned long snp_tsc_freq_khz __ro_after_init; DEFINE_PER_CPU(struct sev_es_runtime_data*, runtime_data); DEFINE_PER_CPU(struct sev_es_save_area *, sev_vmsa); @@ -2167,15 +2167,31 @@ static unsigned long securetsc_get_tsc_khz(void) void __init snp_secure_tsc_init(void) { - unsigned long long tsc_freq_mhz; + struct snp_secrets_page *secrets; + unsigned long tsc_freq_mhz; + void *mem; if (!cc_platform_has(CC_ATTR_GUEST_SNP_SECURE_TSC)) return; + mem = early_memremap_encrypted(sev_secrets_pa, PAGE_SIZE); + if (!mem) { + pr_err("Unable to get TSC_FACTOR: failed to map the SNP secrets page.\n"); + sev_es_terminate(SEV_TERM_SET_LINUX, GHCB_TERM_SECURE_TSC); + } + + secrets = (__force struct snp_secrets_page *)mem; + setup_force_cpu_cap(X86_FEATURE_TSC_KNOWN_FREQ); rdmsrq(MSR_AMD64_GUEST_TSC_FREQ, tsc_freq_mhz); - snp_tsc_freq_khz = (unsigned long)(tsc_freq_mhz * 1000); + + /* Extract the GUEST TSC MHZ from BIT[17:0], rest is reserved space */ + tsc_freq_mhz &= GENMASK_ULL(17, 0); + + snp_tsc_freq_khz = SNP_SCALE_TSC_FREQ(tsc_freq_mhz * 1000, secrets->tsc_factor); x86_platform.calibrate_cpu = securetsc_get_tsc_khz; x86_platform.calibrate_tsc = securetsc_get_tsc_khz; + + early_memunmap(mem, PAGE_SIZE); } diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h index 58e028d42e41..a631f7d7c0c0 100644 --- a/arch/x86/include/asm/sev.h +++ b/arch/x86/include/asm/sev.h @@ -223,6 +223,18 @@ struct snp_tsc_info_resp { u8 rsvd2[100]; } __packed; +/* + * Obtain the mean TSC frequency by decreasing the nominal TSC frequency with + * TSC_FACTOR as documented in the SNP Firmware ABI specification: + * + * GUEST_TSC_FREQ * (1 - (TSC_FACTOR * 0.00001)) + * + * which is equivalent to: + * + * GUEST_TSC_FREQ -= (GUEST_TSC_FREQ * TSC_FACTOR) / 100000; + */ +#define SNP_SCALE_TSC_FREQ(freq, factor) ((freq) - (freq) * (factor) / 100000) + struct snp_guest_req { void *req_buf; size_t req_sz; @@ -282,8 +294,11 @@ struct snp_secrets_page { u8 svsm_guest_vmpl; u8 rsvd3[3]; + /* The percentage decrease from nominal to mean TSC frequency. */ + u32 tsc_factor; + /* Remainder of page */ - u8 rsvd4[3744]; + u8 rsvd4[3740]; } __packed; struct snp_msg_desc {

3 months, 3 weeks

2
1
0 0

[PATCH 1/1] iommu/vt-d: Optimize iotlb_sync_map for non-caching/non-RWBF modes

by Lu Baolu

The iotlb_sync_map iommu ops allows drivers to perform necessary cache flushes when new mappings are established. For the Intel iommu driver, this callback specifically serves two purposes: - To flush caches when a second-stage page table is attached to a device whose iommu is operating in caching mode (CAP_REG.CM==1). - To explicitly flush internal write buffers to ensure updates to memory- resident remapping structures are visible to hardware (CAP_REG.RWBF==1). However, in scenarios where neither caching mode nor the RWBF flag is active, the cache_tag_flush_range_np() helper, which is called in the iotlb_sync_map path, effectively becomes a no-op. Despite being a no-op, cache_tag_flush_range_np() involves iterating through all cache tags of the iommu's attached to the domain, protected by a spinlock. This unnecessary execution path introduces overhead, leading to a measurable I/O performance regression. On systems with NVMes under the same bridge, performance was observed to drop from approximately ~6150 MiB/s down to ~4985 MiB/s. Introduce a flag in the dmar_domain structure. This flag will only be set when iotlb_sync_map is required (i.e., when CM or RWBF is set). The cache_tag_flush_range_np() is called only for domains where this flag is set. Reported-by: Ioanna Alifieraki <ioanna-maria.alifieraki(a)canonical.com> Closes: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2115738 Link: https://lore.kernel.org/r/20250701171154.52435-1-ioanna-maria.alifieraki@ca… Fixes: 129dab6e1286 ("iommu/vt-d: Use cache_tag_flush_range_np() in iotlb_sync_map") Cc: stable(a)vger.kernel.org Signed-off-by: Lu Baolu <baolu.lu(a)linux.intel.com> --- drivers/iommu/intel/iommu.c | 19 ++++++++++++++++++- drivers/iommu/intel/iommu.h | 3 +++ 2 files changed, 21 insertions(+), 1 deletion(-) diff --git a/drivers/iommu/intel/iommu.c b/drivers/iommu/intel/iommu.c index 7aa3932251b2..f60201ee4be0 100644 --- a/drivers/iommu/intel/iommu.c +++ b/drivers/iommu/intel/iommu.c @@ -1796,6 +1796,18 @@ static int domain_setup_first_level(struct intel_iommu *iommu, (pgd_t *)pgd, flags, old); } +static bool domain_need_iotlb_sync_map(struct dmar_domain *domain, + struct intel_iommu *iommu) +{ + if (cap_caching_mode(iommu->cap) && !domain->use_first_level) + return true; + + if (rwbf_quirk || cap_rwbf(iommu->cap)) + return true; + + return false; +} + static int dmar_domain_attach_device(struct dmar_domain *domain, struct device *dev) { @@ -1833,6 +1845,8 @@ static int dmar_domain_attach_device(struct dmar_domain *domain, if (ret) goto out_block_translation; + domain->iotlb_sync_map |= domain_need_iotlb_sync_map(domain, iommu); + return 0; out_block_translation: @@ -3945,7 +3959,10 @@ static bool risky_device(struct pci_dev *pdev) static int intel_iommu_iotlb_sync_map(struct iommu_domain *domain, unsigned long iova, size_t size) { - cache_tag_flush_range_np(to_dmar_domain(domain), iova, iova + size - 1); + struct dmar_domain *dmar_domain = to_dmar_domain(domain); + + if (dmar_domain->iotlb_sync_map) + cache_tag_flush_range_np(dmar_domain, iova, iova + size - 1); return 0; } diff --git a/drivers/iommu/intel/iommu.h b/drivers/iommu/intel/iommu.h index 3ddbcc603de2..7ab2c34a5ecc 100644 --- a/drivers/iommu/intel/iommu.h +++ b/drivers/iommu/intel/iommu.h @@ -614,6 +614,9 @@ struct dmar_domain { u8 has_mappings:1; /* Has mappings configured through * iommu_map() interface. */ + u8 iotlb_sync_map:1; /* Need to flush IOTLB cache or write + * buffer when creating mappings. + */ spinlock_t lock; /* Protect device tracking lists */ struct list_head devices; /* all devices' list */ -- 2.43.0

3 months, 3 weeks

3
3
0 0

[PATCH net v2 3/3] net: libwx: properly reset Rx ring descriptor

by Jiawen Wu

When device reset is triggered by feature changes such as toggling Rx VLAN offload, wx->do_reset() is called to reinitialize Rx rings. The hardware descriptor ring may retain stale values from previous sessions. And only set the length to 0 in rx_desc[0] would result in building malformed SKBs. Fix it to ensure a clean slate after device reset. [ 549.186435] [ C16] ------------[ cut here ]------------ [ 549.186457] [ C16] kernel BUG at net/core/skbuff.c:2814! [ 549.186468] [ C16] Oops: invalid opcode: 0000 [#1] SMP NOPTI [ 549.186472] [ C16] CPU: 16 UID: 0 PID: 0 Comm: swapper/16 Kdump: loaded Not tainted 6.16.0-rc4+ #23 PREEMPT(voluntary) [ 549.186476] [ C16] Hardware name: Micro-Star International Co., Ltd. MS-7E16/X670E GAMING PLUS WIFI (MS-7E16), BIOS 1.90 12/31/2024 [ 549.186478] [ C16] RIP: 0010:__pskb_pull_tail+0x3ff/0x510 [ 549.186484] [ C16] Code: 06 f0 ff 4f 34 74 7b 4d 8b 8c 24 c8 00 00 00 45 8b 84 24 c0 00 00 00 e9 c8 fd ff ff 48 c7 44 24 08 00 00 00 00 e9 5e fe ff ff <0f> 0b 31 c0 e9 23 90 5b ff 41 f7 c6 ff 0f 00 00 75 bf 49 8b 06 a8 [ 549.186487] [ C16] RSP: 0018:ffffb391c0640d70 EFLAGS: 00010282 [ 549.186490] [ C16] RAX: 00000000fffffff2 RBX: ffff8fe7e4d40200 RCX: 00000000fffffff2 [ 549.186492] [ C16] RDX: ffff8fe7c3a4bf8e RSI: 0000000000000180 RDI: ffff8fe7c3a4bf40 [ 549.186494] [ C16] RBP: ffffb391c0640da8 R08: ffff8fe7c3a4c0c0 R09: 000000000000000e [ 549.186496] [ C16] R10: ffffb391c0640d88 R11: 000000000000000e R12: ffff8fe7e4d40200 [ 549.186497] [ C16] R13: 00000000fffffff2 R14: ffff8fe7fa01a000 R15: 00000000fffffff2 [ 549.186499] [ C16] FS: 0000000000000000(0000) GS:ffff8fef5ae40000(0000) knlGS:0000000000000000 [ 549.186502] [ C16] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 549.186503] [ C16] CR2: 00007f77d81d6000 CR3: 000000051a032000 CR4: 0000000000750ef0 [ 549.186505] [ C16] PKRU: 55555554 [ 549.186507] [ C16] Call Trace: [ 549.186510] [ C16] <IRQ> [ 549.186513] [ C16] ? srso_alias_return_thunk+0x5/0xfbef5 [ 549.186517] [ C16] __skb_pad+0xc7/0xf0 [ 549.186523] [ C16] wx_clean_rx_irq+0x355/0x3b0 [libwx] [ 549.186533] [ C16] wx_poll+0x92/0x120 [libwx] [ 549.186540] [ C16] __napi_poll+0x28/0x190 [ 549.186544] [ C16] net_rx_action+0x301/0x3f0 [ 549.186548] [ C16] ? srso_alias_return_thunk+0x5/0xfbef5 [ 549.186551] [ C16] ? __raw_spin_lock_irqsave+0x1e/0x50 [ 549.186554] [ C16] ? srso_alias_return_thunk+0x5/0xfbef5 [ 549.186557] [ C16] ? wake_up_nohz_cpu+0x35/0x160 [ 549.186559] [ C16] ? srso_alias_return_thunk+0x5/0xfbef5 [ 549.186563] [ C16] handle_softirqs+0xf9/0x2c0 [ 549.186568] [ C16] __irq_exit_rcu+0xc7/0x130 [ 549.186572] [ C16] common_interrupt+0xb8/0xd0 [ 549.186576] [ C16] </IRQ> [ 549.186577] [ C16] <TASK> [ 549.186579] [ C16] asm_common_interrupt+0x22/0x40 [ 549.186582] [ C16] RIP: 0010:cpuidle_enter_state+0xc2/0x420 [ 549.186585] [ C16] Code: 00 00 e8 11 0e 5e ff e8 ac f0 ff ff 49 89 c5 0f 1f 44 00 00 31 ff e8 0d ed 5c ff 45 84 ff 0f 85 40 02 00 00 fb 0f 1f 44 00 00 <45> 85 f6 0f 88 84 01 00 00 49 63 d6 48 8d 04 52 48 8d 04 82 49 8d [ 549.186587] [ C16] RSP: 0018:ffffb391c0277e78 EFLAGS: 00000246 [ 549.186590] [ C16] RAX: ffff8fef5ae40000 RBX: 0000000000000003 RCX: 0000000000000000 [ 549.186591] [ C16] RDX: 0000007fde0faac5 RSI: ffffffff826e53f6 RDI: ffffffff826fa9b3 [ 549.186593] [ C16] RBP: ffff8fe7c3a20800 R08: 0000000000000002 R09: 0000000000000000 [ 549.186595] [ C16] R10: 0000000000000000 R11: 000000000000ffff R12: ffffffff82ed7a40 [ 549.186596] [ C16] R13: 0000007fde0faac5 R14: 0000000000000003 R15: 0000000000000000 [ 549.186601] [ C16] ? cpuidle_enter_state+0xb3/0x420 [ 549.186605] [ C16] cpuidle_enter+0x29/0x40 [ 549.186609] [ C16] cpuidle_idle_call+0xfd/0x170 [ 549.186613] [ C16] do_idle+0x7a/0xc0 [ 549.186616] [ C16] cpu_startup_entry+0x25/0x30 [ 549.186618] [ C16] start_secondary+0x117/0x140 [ 549.186623] [ C16] common_startup_64+0x13e/0x148 [ 549.186628] [ C16] </TASK> Fixes: 3c47e8ae113a ("net: libwx: Support to receive packets in NAPI") Cc: stable(a)vger.kernel.org Signed-off-by: Jiawen Wu <jiawenwu(a)trustnetic.com> Reviewed-by: Simon Horman <horms(a)kernel.org> --- drivers/net/ethernet/wangxun/libwx/wx_hw.c | 7 +++---- drivers/net/ethernet/wangxun/libwx/wx_lib.c | 5 +++++ 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/drivers/net/ethernet/wangxun/libwx/wx_hw.c b/drivers/net/ethernet/wangxun/libwx/wx_hw.c index 7ae3786d90b8..f0823aa1ede6 100644 --- a/drivers/net/ethernet/wangxun/libwx/wx_hw.c +++ b/drivers/net/ethernet/wangxun/libwx/wx_hw.c @@ -1912,7 +1912,6 @@ static void wx_configure_rx_ring(struct wx *wx, struct wx_ring *ring) { u16 reg_idx = ring->reg_idx; - union wx_rx_desc *rx_desc; u64 rdba = ring->dma; u32 rxdctl; @@ -1942,9 +1941,9 @@ static void wx_configure_rx_ring(struct wx *wx, memset(ring->rx_buffer_info, 0, sizeof(struct wx_rx_buffer) * ring->count); - /* initialize Rx descriptor 0 */ - rx_desc = WX_RX_DESC(ring, 0); - rx_desc->wb.upper.length = 0; + /* reset ntu and ntc to place SW in sync with hardware */ + ring->next_to_clean = 0; + ring->next_to_use = 0; /* enable receive descriptor ring */ wr32m(wx, WX_PX_RR_CFG(reg_idx), diff --git a/drivers/net/ethernet/wangxun/libwx/wx_lib.c b/drivers/net/ethernet/wangxun/libwx/wx_lib.c index c91487909811..0213ad5a6ceb 100644 --- a/drivers/net/ethernet/wangxun/libwx/wx_lib.c +++ b/drivers/net/ethernet/wangxun/libwx/wx_lib.c @@ -357,6 +357,8 @@ void wx_alloc_rx_buffers(struct wx_ring *rx_ring, u16 cleaned_count) /* clear the status bits for the next_to_use descriptor */ rx_desc->wb.upper.status_error = 0; + /* clear the length for the next_to_use descriptor */ + rx_desc->wb.upper.length = 0; cleaned_count--; } while (cleaned_count); @@ -2438,6 +2440,9 @@ static void wx_clean_rx_ring(struct wx_ring *rx_ring) } } + /* Zero out the descriptor ring */ + memset(rx_ring->desc, 0, rx_ring->size); + rx_ring->next_to_alloc = 0; rx_ring->next_to_clean = 0; rx_ring->next_to_use = 0; -- 2.48.1

3 months, 3 weeks

1
0
0 0

[PATCH net v2 2/3] net: libwx: fix the using of Rx buffer DMA

by Jiawen Wu

The wx_rx_buffer structure contained two DMA address fields: 'dma' and 'page_dma'. However, only 'page_dma' was actually initialized and used to program the Rx descriptor. But 'dma' was uninitialized and used in some paths. This could lead to undefined behavior, including DMA errors or use-after-free, if the uninitialized 'dma' was used. Althrough such error has not yet occurred, it is worth fixing in the code. Fixes: 3c47e8ae113a ("net: libwx: Support to receive packets in NAPI") Cc: stable(a)vger.kernel.org Signed-off-by: Jiawen Wu <jiawenwu(a)trustnetic.com> Reviewed-by: Simon Horman <horms(a)kernel.org> --- drivers/net/ethernet/wangxun/libwx/wx_lib.c | 4 ++-- drivers/net/ethernet/wangxun/libwx/wx_type.h | 1 - 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/drivers/net/ethernet/wangxun/libwx/wx_lib.c b/drivers/net/ethernet/wangxun/libwx/wx_lib.c index 7e3d7fb61a52..c91487909811 100644 --- a/drivers/net/ethernet/wangxun/libwx/wx_lib.c +++ b/drivers/net/ethernet/wangxun/libwx/wx_lib.c @@ -307,7 +307,7 @@ static bool wx_alloc_mapped_page(struct wx_ring *rx_ring, return false; dma = page_pool_get_dma_addr(page); - bi->page_dma = dma; + bi->dma = dma; bi->page = page; bi->page_offset = 0; @@ -344,7 +344,7 @@ void wx_alloc_rx_buffers(struct wx_ring *rx_ring, u16 cleaned_count) DMA_FROM_DEVICE); rx_desc->read.pkt_addr = - cpu_to_le64(bi->page_dma + bi->page_offset); + cpu_to_le64(bi->dma + bi->page_offset); rx_desc++; bi++; diff --git a/drivers/net/ethernet/wangxun/libwx/wx_type.h b/drivers/net/ethernet/wangxun/libwx/wx_type.h index 622f2bfe6cde..1a90fcede86b 100644 --- a/drivers/net/ethernet/wangxun/libwx/wx_type.h +++ b/drivers/net/ethernet/wangxun/libwx/wx_type.h @@ -997,7 +997,6 @@ struct wx_tx_buffer { struct wx_rx_buffer { struct sk_buff *skb; dma_addr_t dma; - dma_addr_t page_dma; struct page *page; unsigned int page_offset; }; -- 2.48.1

3 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] net: wangxun: revert the adjustment of the IRQ vector" failed to apply to 6.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.15.y git checkout FETCH_HEAD git cherry-pick -x e37546ad1f9b2c777d3a21d7e50ce265ee3dece8 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025070625-walnut-bargraph-970b@gregkh' --subject-prefix 'PATCH 6.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e37546ad1f9b2c777d3a21d7e50ce265ee3dece8 Mon Sep 17 00:00:00 2001 From: Jiawen Wu <jiawenwu(a)trustnetic.com> Date: Tue, 1 Jul 2025 14:30:29 +0800 Subject: [PATCH] net: wangxun: revert the adjustment of the IRQ vector sequence Due to hardware limitations of NGBE, queue IRQs can only be requested on vector 0 to 7. When the number of queues is set to the maximum 8, the PCI IRQ vectors are allocated from 0 to 8. The vector 0 is used by MISC interrupt, and althrough the vector 8 is used by queue interrupt, it is unable to receive packets. This will cause some packets to be dropped when RSS is enabled and they are assigned to queue 8. So revert the adjustment of the MISC IRQ location, to make it be the last one in IRQ vectors. Fixes: 937d46ecc5f9 ("net: wangxun: add ethtool_ops for channel number") Cc: stable(a)vger.kernel.org Signed-off-by: Jiawen Wu <jiawenwu(a)trustnetic.com> Reviewed-by: Larysa Zaremba <larysa.zaremba(a)intel.com> Link: https://patch.msgid.link/20250701063030.59340-3-jiawenwu@trustnetic.com Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> diff --git a/drivers/net/ethernet/wangxun/libwx/wx_lib.c b/drivers/net/ethernet/wangxun/libwx/wx_lib.c index 59840ba9c1fe..835d60bd5fbc 100644 --- a/drivers/net/ethernet/wangxun/libwx/wx_lib.c +++ b/drivers/net/ethernet/wangxun/libwx/wx_lib.c @@ -1747,7 +1747,7 @@ static void wx_set_num_queues(struct wx *wx) */ static int wx_acquire_msix_vectors(struct wx *wx) { - struct irq_affinity affd = { .pre_vectors = 1 }; + struct irq_affinity affd = { .post_vectors = 1 }; int nvecs, i; /* We start by asking for one vector per queue pair */ @@ -1784,16 +1784,17 @@ static int wx_acquire_msix_vectors(struct wx *wx) return nvecs; } - wx->msix_entry->entry = 0; - wx->msix_entry->vector = pci_irq_vector(wx->pdev, 0); nvecs -= 1; for (i = 0; i < nvecs; i++) { wx->msix_q_entries[i].entry = i; - wx->msix_q_entries[i].vector = pci_irq_vector(wx->pdev, i + 1); + wx->msix_q_entries[i].vector = pci_irq_vector(wx->pdev, i); } wx->num_q_vectors = nvecs; + wx->msix_entry->entry = nvecs; + wx->msix_entry->vector = pci_irq_vector(wx->pdev, nvecs); + return 0; } @@ -2300,8 +2301,6 @@ static void wx_set_ivar(struct wx *wx, s8 direction, wr32(wx, WX_PX_MISC_IVAR, ivar); } else { /* tx or rx causes */ - if (!(wx->mac.type == wx_mac_em && wx->num_vfs == 7)) - msix_vector += 1; /* offset for queue vectors */ msix_vector |= WX_PX_IVAR_ALLOC_VAL; index = ((16 * (queue & 1)) + (8 * direction)); ivar = rd32(wx, WX_PX_IVAR(queue >> 1)); @@ -2340,7 +2339,7 @@ void wx_write_eitr(struct wx_q_vector *q_vector) itr_reg |= WX_PX_ITR_CNT_WDIS; - wr32(wx, WX_PX_ITR(v_idx + 1), itr_reg); + wr32(wx, WX_PX_ITR(v_idx), itr_reg); } /** @@ -2393,9 +2392,9 @@ void wx_configure_vectors(struct wx *wx) wx_write_eitr(q_vector); } - wx_set_ivar(wx, -1, 0, 0); + wx_set_ivar(wx, -1, 0, v_idx); if (pdev->msix_enabled) - wr32(wx, WX_PX_ITR(0), 1950); + wr32(wx, WX_PX_ITR(v_idx), 1950); } EXPORT_SYMBOL(wx_configure_vectors); diff --git a/drivers/net/ethernet/wangxun/libwx/wx_type.h b/drivers/net/ethernet/wangxun/libwx/wx_type.h index 7730c9fc3e02..d392394791b3 100644 --- a/drivers/net/ethernet/wangxun/libwx/wx_type.h +++ b/drivers/net/ethernet/wangxun/libwx/wx_type.h @@ -1343,7 +1343,7 @@ struct wx { }; #define WX_INTR_ALL (~0ULL) -#define WX_INTR_Q(i) BIT((i) + 1) +#define WX_INTR_Q(i) BIT((i)) /* register operations */ #define wr32(a, reg, value) writel((value), ((a)->hw_addr + (reg))) diff --git a/drivers/net/ethernet/wangxun/ngbe/ngbe_main.c b/drivers/net/ethernet/wangxun/ngbe/ngbe_main.c index b5022c49dc5e..68415a7ef12f 100644 --- a/drivers/net/ethernet/wangxun/ngbe/ngbe_main.c +++ b/drivers/net/ethernet/wangxun/ngbe/ngbe_main.c @@ -161,7 +161,7 @@ static void ngbe_irq_enable(struct wx *wx, bool queues) if (queues) wx_intr_enable(wx, NGBE_INTR_ALL); else - wx_intr_enable(wx, NGBE_INTR_MISC); + wx_intr_enable(wx, NGBE_INTR_MISC(wx)); } /** diff --git a/drivers/net/ethernet/wangxun/ngbe/ngbe_type.h b/drivers/net/ethernet/wangxun/ngbe/ngbe_type.h index bb74263f0498..6eca6de475f7 100644 --- a/drivers/net/ethernet/wangxun/ngbe/ngbe_type.h +++ b/drivers/net/ethernet/wangxun/ngbe/ngbe_type.h @@ -87,7 +87,7 @@ #define NGBE_PX_MISC_IC_TIMESYNC BIT(11) /* time sync */ #define NGBE_INTR_ALL 0x1FF -#define NGBE_INTR_MISC BIT(0) +#define NGBE_INTR_MISC(A) BIT((A)->num_q_vectors) #define NGBE_PHY_CONFIG(reg_offset) (0x14000 + ((reg_offset) * 4)) #define NGBE_CFG_LAN_SPEED 0x14440 diff --git a/drivers/net/ethernet/wangxun/txgbe/txgbe_irq.c b/drivers/net/ethernet/wangxun/txgbe/txgbe_irq.c index dc468053bdf8..3885283681ec 100644 --- a/drivers/net/ethernet/wangxun/txgbe/txgbe_irq.c +++ b/drivers/net/ethernet/wangxun/txgbe/txgbe_irq.c @@ -31,7 +31,7 @@ void txgbe_irq_enable(struct wx *wx, bool queues) wr32(wx, WX_PX_MISC_IEN, misc_ien); /* unmask interrupt */ - wx_intr_enable(wx, TXGBE_INTR_MISC); + wx_intr_enable(wx, TXGBE_INTR_MISC(wx)); if (queues) wx_intr_enable(wx, TXGBE_INTR_QALL(wx)); } @@ -131,7 +131,7 @@ static irqreturn_t txgbe_misc_irq_handle(int irq, void *data) txgbe->eicr = eicr; if (eicr & TXGBE_PX_MISC_IC_VF_MBOX) { wx_msg_task(txgbe->wx); - wx_intr_enable(wx, TXGBE_INTR_MISC); + wx_intr_enable(wx, TXGBE_INTR_MISC(wx)); } return IRQ_WAKE_THREAD; } @@ -183,7 +183,7 @@ static irqreturn_t txgbe_misc_irq_thread_fn(int irq, void *data) nhandled++; } - wx_intr_enable(wx, TXGBE_INTR_MISC); + wx_intr_enable(wx, TXGBE_INTR_MISC(wx)); return (nhandled > 0 ? IRQ_HANDLED : IRQ_NONE); } diff --git a/drivers/net/ethernet/wangxun/txgbe/txgbe_type.h b/drivers/net/ethernet/wangxun/txgbe/txgbe_type.h index 42ec815159e8..41915d7dd372 100644 --- a/drivers/net/ethernet/wangxun/txgbe/txgbe_type.h +++ b/drivers/net/ethernet/wangxun/txgbe/txgbe_type.h @@ -302,8 +302,8 @@ struct txgbe_fdir_filter { #define TXGBE_DEFAULT_RX_WORK 128 #endif -#define TXGBE_INTR_MISC BIT(0) -#define TXGBE_INTR_QALL(A) GENMASK((A)->num_q_vectors, 1) +#define TXGBE_INTR_MISC(A) BIT((A)->num_q_vectors) +#define TXGBE_INTR_QALL(A) (TXGBE_INTR_MISC(A) - 1) #define TXGBE_MAX_EITR GENMASK(11, 3)

3 months, 3 weeks

2
1
0 0

FAILED: patch "[PATCH] net: wangxun: revert the adjustment of the IRQ vector" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x e37546ad1f9b2c777d3a21d7e50ce265ee3dece8 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025070626-come-nappy-3fec@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e37546ad1f9b2c777d3a21d7e50ce265ee3dece8 Mon Sep 17 00:00:00 2001 From: Jiawen Wu <jiawenwu(a)trustnetic.com> Date: Tue, 1 Jul 2025 14:30:29 +0800 Subject: [PATCH] net: wangxun: revert the adjustment of the IRQ vector sequence Due to hardware limitations of NGBE, queue IRQs can only be requested on vector 0 to 7. When the number of queues is set to the maximum 8, the PCI IRQ vectors are allocated from 0 to 8. The vector 0 is used by MISC interrupt, and althrough the vector 8 is used by queue interrupt, it is unable to receive packets. This will cause some packets to be dropped when RSS is enabled and they are assigned to queue 8. So revert the adjustment of the MISC IRQ location, to make it be the last one in IRQ vectors. Fixes: 937d46ecc5f9 ("net: wangxun: add ethtool_ops for channel number") Cc: stable(a)vger.kernel.org Signed-off-by: Jiawen Wu <jiawenwu(a)trustnetic.com> Reviewed-by: Larysa Zaremba <larysa.zaremba(a)intel.com> Link: https://patch.msgid.link/20250701063030.59340-3-jiawenwu@trustnetic.com Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> diff --git a/drivers/net/ethernet/wangxun/libwx/wx_lib.c b/drivers/net/ethernet/wangxun/libwx/wx_lib.c index 59840ba9c1fe..835d60bd5fbc 100644 --- a/drivers/net/ethernet/wangxun/libwx/wx_lib.c +++ b/drivers/net/ethernet/wangxun/libwx/wx_lib.c @@ -1747,7 +1747,7 @@ static void wx_set_num_queues(struct wx *wx) */ static int wx_acquire_msix_vectors(struct wx *wx) { - struct irq_affinity affd = { .pre_vectors = 1 }; + struct irq_affinity affd = { .post_vectors = 1 }; int nvecs, i; /* We start by asking for one vector per queue pair */ @@ -1784,16 +1784,17 @@ static int wx_acquire_msix_vectors(struct wx *wx) return nvecs; } - wx->msix_entry->entry = 0; - wx->msix_entry->vector = pci_irq_vector(wx->pdev, 0); nvecs -= 1; for (i = 0; i < nvecs; i++) { wx->msix_q_entries[i].entry = i; - wx->msix_q_entries[i].vector = pci_irq_vector(wx->pdev, i + 1); + wx->msix_q_entries[i].vector = pci_irq_vector(wx->pdev, i); } wx->num_q_vectors = nvecs; + wx->msix_entry->entry = nvecs; + wx->msix_entry->vector = pci_irq_vector(wx->pdev, nvecs); + return 0; } @@ -2300,8 +2301,6 @@ static void wx_set_ivar(struct wx *wx, s8 direction, wr32(wx, WX_PX_MISC_IVAR, ivar); } else { /* tx or rx causes */ - if (!(wx->mac.type == wx_mac_em && wx->num_vfs == 7)) - msix_vector += 1; /* offset for queue vectors */ msix_vector |= WX_PX_IVAR_ALLOC_VAL; index = ((16 * (queue & 1)) + (8 * direction)); ivar = rd32(wx, WX_PX_IVAR(queue >> 1)); @@ -2340,7 +2339,7 @@ void wx_write_eitr(struct wx_q_vector *q_vector) itr_reg |= WX_PX_ITR_CNT_WDIS; - wr32(wx, WX_PX_ITR(v_idx + 1), itr_reg); + wr32(wx, WX_PX_ITR(v_idx), itr_reg); } /** @@ -2393,9 +2392,9 @@ void wx_configure_vectors(struct wx *wx) wx_write_eitr(q_vector); } - wx_set_ivar(wx, -1, 0, 0); + wx_set_ivar(wx, -1, 0, v_idx); if (pdev->msix_enabled) - wr32(wx, WX_PX_ITR(0), 1950); + wr32(wx, WX_PX_ITR(v_idx), 1950); } EXPORT_SYMBOL(wx_configure_vectors); diff --git a/drivers/net/ethernet/wangxun/libwx/wx_type.h b/drivers/net/ethernet/wangxun/libwx/wx_type.h index 7730c9fc3e02..d392394791b3 100644 --- a/drivers/net/ethernet/wangxun/libwx/wx_type.h +++ b/drivers/net/ethernet/wangxun/libwx/wx_type.h @@ -1343,7 +1343,7 @@ struct wx { }; #define WX_INTR_ALL (~0ULL) -#define WX_INTR_Q(i) BIT((i) + 1) +#define WX_INTR_Q(i) BIT((i)) /* register operations */ #define wr32(a, reg, value) writel((value), ((a)->hw_addr + (reg))) diff --git a/drivers/net/ethernet/wangxun/ngbe/ngbe_main.c b/drivers/net/ethernet/wangxun/ngbe/ngbe_main.c index b5022c49dc5e..68415a7ef12f 100644 --- a/drivers/net/ethernet/wangxun/ngbe/ngbe_main.c +++ b/drivers/net/ethernet/wangxun/ngbe/ngbe_main.c @@ -161,7 +161,7 @@ static void ngbe_irq_enable(struct wx *wx, bool queues) if (queues) wx_intr_enable(wx, NGBE_INTR_ALL); else - wx_intr_enable(wx, NGBE_INTR_MISC); + wx_intr_enable(wx, NGBE_INTR_MISC(wx)); } /** diff --git a/drivers/net/ethernet/wangxun/ngbe/ngbe_type.h b/drivers/net/ethernet/wangxun/ngbe/ngbe_type.h index bb74263f0498..6eca6de475f7 100644 --- a/drivers/net/ethernet/wangxun/ngbe/ngbe_type.h +++ b/drivers/net/ethernet/wangxun/ngbe/ngbe_type.h @@ -87,7 +87,7 @@ #define NGBE_PX_MISC_IC_TIMESYNC BIT(11) /* time sync */ #define NGBE_INTR_ALL 0x1FF -#define NGBE_INTR_MISC BIT(0) +#define NGBE_INTR_MISC(A) BIT((A)->num_q_vectors) #define NGBE_PHY_CONFIG(reg_offset) (0x14000 + ((reg_offset) * 4)) #define NGBE_CFG_LAN_SPEED 0x14440 diff --git a/drivers/net/ethernet/wangxun/txgbe/txgbe_irq.c b/drivers/net/ethernet/wangxun/txgbe/txgbe_irq.c index dc468053bdf8..3885283681ec 100644 --- a/drivers/net/ethernet/wangxun/txgbe/txgbe_irq.c +++ b/drivers/net/ethernet/wangxun/txgbe/txgbe_irq.c @@ -31,7 +31,7 @@ void txgbe_irq_enable(struct wx *wx, bool queues) wr32(wx, WX_PX_MISC_IEN, misc_ien); /* unmask interrupt */ - wx_intr_enable(wx, TXGBE_INTR_MISC); + wx_intr_enable(wx, TXGBE_INTR_MISC(wx)); if (queues) wx_intr_enable(wx, TXGBE_INTR_QALL(wx)); } @@ -131,7 +131,7 @@ static irqreturn_t txgbe_misc_irq_handle(int irq, void *data) txgbe->eicr = eicr; if (eicr & TXGBE_PX_MISC_IC_VF_MBOX) { wx_msg_task(txgbe->wx); - wx_intr_enable(wx, TXGBE_INTR_MISC); + wx_intr_enable(wx, TXGBE_INTR_MISC(wx)); } return IRQ_WAKE_THREAD; } @@ -183,7 +183,7 @@ static irqreturn_t txgbe_misc_irq_thread_fn(int irq, void *data) nhandled++; } - wx_intr_enable(wx, TXGBE_INTR_MISC); + wx_intr_enable(wx, TXGBE_INTR_MISC(wx)); return (nhandled > 0 ? IRQ_HANDLED : IRQ_NONE); } diff --git a/drivers/net/ethernet/wangxun/txgbe/txgbe_type.h b/drivers/net/ethernet/wangxun/txgbe/txgbe_type.h index 42ec815159e8..41915d7dd372 100644 --- a/drivers/net/ethernet/wangxun/txgbe/txgbe_type.h +++ b/drivers/net/ethernet/wangxun/txgbe/txgbe_type.h @@ -302,8 +302,8 @@ struct txgbe_fdir_filter { #define TXGBE_DEFAULT_RX_WORK 128 #endif -#define TXGBE_INTR_MISC BIT(0) -#define TXGBE_INTR_QALL(A) GENMASK((A)->num_q_vectors, 1) +#define TXGBE_INTR_MISC(A) BIT((A)->num_q_vectors) +#define TXGBE_INTR_QALL(A) (TXGBE_INTR_MISC(A) - 1) #define TXGBE_MAX_EITR GENMASK(11, 3)

3 months, 3 weeks

2
1
0 0

[PATCH for 5.4 and 5.10] ACPI: PAD: fix crash in exit_round_robin()

by Nobuhiro Iwamatsu

From: Seiji Nishikawa <snishika(a)redhat.com> commit 0a2ed70a549e61c5181bad5db418d223b68ae932 upstream. The kernel occasionally crashes in cpumask_clear_cpu(), which is called within exit_round_robin(), because when executing clear_bit(nr, addr) with nr set to 0xffffffff, the address calculation may cause misalignment within the memory, leading to access to an invalid memory address. ---------- BUG: unable to handle kernel paging request at ffffffffe0740618 ... CPU: 3 PID: 2919323 Comm: acpi_pad/14 Kdump: loaded Tainted: G OE X --------- - - 4.18.0-425.19.2.el8_7.x86_64 #1 ... RIP: 0010:power_saving_thread+0x313/0x411 [acpi_pad] Code: 89 cd 48 89 d3 eb d1 48 c7 c7 55 70 72 c0 e8 64 86 b0 e4 c6 05 0d a1 02 00 01 e9 bc fd ff ff 45 89 e4 42 8b 04 a5 20 82 72 c0 <f0> 48 0f b3 05 f4 9c 01 00 42 c7 04 a5 20 82 72 c0 ff ff ff ff 31 RSP: 0018:ff72a5d51fa77ec8 EFLAGS: 00010202 RAX: 00000000ffffffff RBX: ff462981e5d8cb80 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000246 RDI: 0000000000000246 RBP: ff46297556959d80 R08: 0000000000000382 R09: ff46297c8d0f38d8 R10: 0000000000000000 R11: 0000000000000001 R12: 000000000000000e R13: 0000000000000000 R14: ffffffffffffffff R15: 000000000000000e FS: 0000000000000000(0000) GS:ff46297a800c0000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffffffe0740618 CR3: 0000007e20410004 CR4: 0000000000771ee0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: ? acpi_pad_add+0x120/0x120 [acpi_pad] kthread+0x10b/0x130 ? set_kthread_struct+0x50/0x50 ret_from_fork+0x1f/0x40 ... CR2: ffffffffe0740618 crash> dis -lr ffffffffc0726923 ... /usr/src/debug/kernel-4.18.0-425.19.2.el8_7/linux-4.18.0-425.19.2.el8_7.x86_64/./include/linux/cpumask.h: 114 0xffffffffc0726918 <power_saving_thread+776>: mov %r12d,%r12d /usr/src/debug/kernel-4.18.0-425.19.2.el8_7/linux-4.18.0-425.19.2.el8_7.x86_64/./include/linux/cpumask.h: 325 0xffffffffc072691b <power_saving_thread+779>: mov -0x3f8d7de0(,%r12,4),%eax /usr/src/debug/kernel-4.18.0-425.19.2.el8_7/linux-4.18.0-425.19.2.el8_7.x86_64/./arch/x86/include/asm/bitops.h: 80 0xffffffffc0726923 <power_saving_thread+787>: lock btr %rax,0x19cf4(%rip) # 0xffffffffc0740620 <pad_busy_cpus_bits> crash> px tsk_in_cpu[14] $66 = 0xffffffff crash> px 0xffffffffc072692c+0x19cf4 $99 = 0xffffffffc0740620 crash> sym 0xffffffffc0740620 ffffffffc0740620 (b) pad_busy_cpus_bits [acpi_pad] crash> px pad_busy_cpus_bits[0] $42 = 0xfffc0 ---------- To fix this, ensure that tsk_in_cpu[tsk_index] != -1 before calling cpumask_clear_cpu() in exit_round_robin(), just as it is done in round_robin_cpu(). Signed-off-by: Seiji Nishikawa <snishika(a)redhat.com> Link: https://patch.msgid.link/20240825141352.25280-1-snishika@redhat.com [ rjw: Subject edit, avoid updates to the same value ] Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> Link: https://nvd.nist.gov/vuln/detail/CVE-2024-49935 Signed-off-by: Nobuhiro Iwamatsu (CIP) <nobuhiro1.iwamatsu(a)toshiba.co.jp> --- drivers/acpi/acpi_pad.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/drivers/acpi/acpi_pad.c b/drivers/acpi/acpi_pad.c index 35de23ff50d6..3e7e28b7947e 100644 --- a/drivers/acpi/acpi_pad.c +++ b/drivers/acpi/acpi_pad.c @@ -128,8 +128,11 @@ static void round_robin_cpu(unsigned int tsk_index) static void exit_round_robin(unsigned int tsk_index) { struct cpumask *pad_busy_cpus = to_cpumask(pad_busy_cpus_bits); - cpumask_clear_cpu(tsk_in_cpu[tsk_index], pad_busy_cpus); - tsk_in_cpu[tsk_index] = -1; + + if (tsk_in_cpu[tsk_index] != -1) { + cpumask_clear_cpu(tsk_in_cpu[tsk_index], pad_busy_cpus); + tsk_in_cpu[tsk_index] = -1; + } } static unsigned int idle_pct = 5; /* percentage */ -- 2.25.1

3 months, 3 weeks

4
3
0 0

[merged mm-stable] samples-damon-mtier-support-boot-time-enable-setup.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: samples/damon/mtier: support boot time enable setup has been removed from the -mm tree. Its filename was samples-damon-mtier-support-boot-time-enable-setup.patch This patch was dropped because it was merged into the mm-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: SeongJae Park <sj(a)kernel.org> Subject: samples/damon/mtier: support boot time enable setup Date: Sun, 6 Jul 2025 12:32:04 -0700 If 'enable' parameter of the 'mtier' DAMON sample module is set at boot time via the kernel command line, memory allocation is tried before the slab is initialized. As a result kernel NULL pointer dereference BUG can happen. Fix it by checking the initialization status. Link: https://lkml.kernel.org/r/20250706193207.39810-4-sj@kernel.org Fixes: 82a08bde3cf7 ("samples/damon: implement a DAMON module for memory tiering") Signed-off-by: SeongJae Park <sj(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- samples/damon/mtier.c | 10 ++++++++++ 1 file changed, 10 insertions(+) --- a/samples/damon/mtier.c~samples-damon-mtier-support-boot-time-enable-setup +++ a/samples/damon/mtier.c @@ -157,6 +157,8 @@ static void damon_sample_mtier_stop(void damon_destroy_ctx(ctxs[1]); } +static bool init_called; + static int damon_sample_mtier_enable_store( const char *val, const struct kernel_param *kp) { @@ -182,6 +184,14 @@ static int damon_sample_mtier_enable_sto static int __init damon_sample_mtier_init(void) { + int err = 0; + + init_called = true; + if (enable) { + err = damon_sample_mtier_start(); + if (err) + enable = false; + } return 0; } _ Patches currently in -mm which might be from sj(a)kernel.org are samples-damon-wsse-rename-to-have-damon_sample_-prefix.patch samples-damon-prcl-rename-to-have-damon_sample_-prefix.patch samples-damon-mtier-rename-to-have-damon_sample_-prefix.patch mm-damon-sysfs-use-damon-core-api-damon_is_running.patch mm-damon-sysfs-dont-hold-kdamond_lock-in-before_terminate.patch docs-mm-damon-maintainer-profile-update-for-mm-new-tree.patch mm-damon-add-struct-damos_migrate_dests.patch mm-damon-core-add-damos-migrate_dests-field.patch mm-damon-sysfs-schemes-implement-damos-action-destinations-directory.patch mm-damon-sysfs-schemes-set-damos-migrate_dests.patch docs-abi-damon-document-schemes-dests-directory.patch docs-admin-guide-mm-damon-usage-document-dests-directory.patch mm-damon-accept-parallel-damon_call-requests.patch mm-damon-core-introduce-repeat-mode-damon_call.patch mm-damon-stat-use-damon_call-repeat-mode-instead-of-damon_callback.patch mm-damon-reclaim-use-damon_call-repeat-mode-instead-of-damon_callback.patch mm-damon-lru_sort-use-damon_call-repeat-mode-instead-of-damon_callback.patch samples-damon-prcl-use-damon_call-repeat-mode-instead-of-damon_callback.patch samples-damon-wsse-use-damon_call-repeat-mode-instead-of-damon_callback.patch mm-damon-core-do-not-call-opscleanup-when-destroying-targets.patch mm-damon-core-add-cleanup_target-ops-callback.patch mm-damon-vaddr-put-pid-in-cleanup_target.patch mm-damon-sysfs-remove-damon_sysfs_destroy_targets.patch mm-damon-core-destroy-targets-when-kdamond_fn-finish.patch mm-damon-sysfs-remove-damon_sysfs_before_terminate.patch mm-damon-core-remove-damon_callback.patch

3 months, 3 weeks

1
0
0 0

[merged mm-stable] samples-damon-wsse-fix-boot-time-enable-handling.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: samples/damon/wsse: fix boot time enable handling has been removed from the -mm tree. Its filename was samples-damon-wsse-fix-boot-time-enable-handling.patch This patch was dropped because it was merged into the mm-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: SeongJae Park <sj(a)kernel.org> Subject: samples/damon/wsse: fix boot time enable handling Date: Sun, 6 Jul 2025 12:32:02 -0700 Patch series "mm/damon: fix misc bugs in DAMON modules". From manual code review, I found below bugs in DAMON modules. DAMON sample modules crash if those are enabled at boot time, via kernel command line. A similar issue was found and fixed on DAMON non-sample modules in the past, but we didn't check that for sample modules. DAMON non-sample modules are not setting 'enabled' parameters accordingly when real enabling is failed. Honggyu found and fixed[1] this type of bugs in DAMON sample modules, and my inspection was motivated by the great work. Kudos to Honggyu. Finally, DAMON_RECLIAM is mistakenly losing scheme internal status due to misuse of damon_commit_ctx(). DAMON_LRU_SORT has a similar misuse, but fortunately it is not causing real status loss. Fix the bugs. Since these are similar patterns of bugs that were found in the past, it would be better to add tests or refactor the code, in future. This patch (of 6): If 'enable' parameter of the 'wsse' DAMON sample module is set at boot time via the kernel command line, memory allocation is tried before the slab is initialized. As a result kernel NULL pointer dereference BUG can happen. Fix it by checking the initialization status. Link: https://lkml.kernel.org/r/20250706193207.39810-1-sj@kernel.org Link: https://lkml.kernel.org/r/20250706193207.39810-2-sj@kernel.org Link: https://lore.kernel.org/20250702000205.1921-1-honggyu.kim@sk.com [1] Fixes: b757c6cfc696 ("samples/damon/wsse: start and stop DAMON as the user requests") Signed-off-by: SeongJae Park <sj(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- samples/damon/wsse.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) --- a/samples/damon/wsse.c~samples-damon-wsse-fix-boot-time-enable-handling +++ a/samples/damon/wsse.c @@ -89,6 +89,8 @@ static void damon_sample_wsse_stop(void) put_pid(target_pidp); } +static bool init_called; + static int damon_sample_wsse_enable_store( const char *val, const struct kernel_param *kp) { @@ -114,7 +116,15 @@ static int damon_sample_wsse_enable_stor static int __init damon_sample_wsse_init(void) { - return 0; + int err = 0; + + init_called = true; + if (enable) { + err = damon_sample_wsse_start(); + if (err) + enable = false; + } + return err; } module_init(damon_sample_wsse_init); _ Patches currently in -mm which might be from sj(a)kernel.org are samples-damon-wsse-rename-to-have-damon_sample_-prefix.patch samples-damon-prcl-rename-to-have-damon_sample_-prefix.patch samples-damon-mtier-rename-to-have-damon_sample_-prefix.patch mm-damon-sysfs-use-damon-core-api-damon_is_running.patch mm-damon-sysfs-dont-hold-kdamond_lock-in-before_terminate.patch docs-mm-damon-maintainer-profile-update-for-mm-new-tree.patch mm-damon-add-struct-damos_migrate_dests.patch mm-damon-core-add-damos-migrate_dests-field.patch mm-damon-sysfs-schemes-implement-damos-action-destinations-directory.patch mm-damon-sysfs-schemes-set-damos-migrate_dests.patch docs-abi-damon-document-schemes-dests-directory.patch docs-admin-guide-mm-damon-usage-document-dests-directory.patch mm-damon-accept-parallel-damon_call-requests.patch mm-damon-core-introduce-repeat-mode-damon_call.patch mm-damon-stat-use-damon_call-repeat-mode-instead-of-damon_callback.patch mm-damon-reclaim-use-damon_call-repeat-mode-instead-of-damon_callback.patch mm-damon-lru_sort-use-damon_call-repeat-mode-instead-of-damon_callback.patch samples-damon-prcl-use-damon_call-repeat-mode-instead-of-damon_callback.patch samples-damon-wsse-use-damon_call-repeat-mode-instead-of-damon_callback.patch mm-damon-core-do-not-call-opscleanup-when-destroying-targets.patch mm-damon-core-add-cleanup_target-ops-callback.patch mm-damon-vaddr-put-pid-in-cleanup_target.patch mm-damon-sysfs-remove-damon_sysfs_destroy_targets.patch mm-damon-core-destroy-targets-when-kdamond_fn-finish.patch mm-damon-sysfs-remove-damon_sysfs_before_terminate.patch mm-damon-core-remove-damon_callback.patch

3 months, 3 weeks

1
0
0 0

Follow up: Your response [Q3]

by Elena Fernanda

Hello, Could you kindly respond to me? I am Elena Victoria fernanda from Bradford and I'd like to share something very important with you right now. Provide your names to help me verify I m addressing the correct contact. I would be pleased to receive your swift response. Best wishes E1ena V!ct0ria F3rnanda

3 months, 3 weeks

1
0
0 0

[PATCH v8 01/13] platform/x86/intel/pmt: fix a crashlog NULL pointer access

by Michael J. Ruhl

Usage of the intel_pmt_read() for binary sysfs, requires a pcidev. The current use of the endpoint value is only valid for telemetry endpoint usage. Without the ep, the crashlog usage causes the following NULL pointer exception: BUG: kernel NULL pointer dereference, address: 0000000000000000 Oops: Oops: 0000 [#1] SMP NOPTI RIP: 0010:intel_pmt_read+0x3b/0x70 [pmt_class] Code: Call Trace: <TASK> ? sysfs_kf_bin_read+0xc0/0xe0 kernfs_fop_read_iter+0xac/0x1a0 vfs_read+0x26d/0x350 ksys_read+0x6b/0xe0 __x64_sys_read+0x1d/0x30 x64_sys_call+0x1bc8/0x1d70 do_syscall_64+0x6d/0x110 Augment struct intel_pmt_entry with a pointer to the pcidev to avoid the NULL pointer exception. Reviewed-by: David E. Box <david.e.box(a)linux.intel.com> Reviewed-by: Tejas Upadhyay <tejas.upadhyay(a)intel.com> Fixes: 045a513040cc ("platform/x86/intel/pmt: Use PMT callbacks") Cc: <stable(a)vger.kernel.org> Signed-off-by: Michael J. Ruhl <michael.j.ruhl(a)intel.com> --- drivers/platform/x86/intel/pmt/class.c | 3 ++- drivers/platform/x86/intel/pmt/class.h | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/platform/x86/intel/pmt/class.c b/drivers/platform/x86/intel/pmt/class.c index 7233b654bbad..d046e8752173 100644 --- a/drivers/platform/x86/intel/pmt/class.c +++ b/drivers/platform/x86/intel/pmt/class.c @@ -97,7 +97,7 @@ intel_pmt_read(struct file *filp, struct kobject *kobj, if (count > entry->size - off) count = entry->size - off; - count = pmt_telem_read_mmio(entry->ep->pcidev, entry->cb, entry->header.guid, buf, + count = pmt_telem_read_mmio(entry->pcidev, entry->cb, entry->header.guid, buf, entry->base, off, count); return count; @@ -252,6 +252,7 @@ static int intel_pmt_populate_entry(struct intel_pmt_entry *entry, return -EINVAL; } + entry->pcidev = pci_dev; entry->guid = header->guid; entry->size = header->size; entry->cb = ivdev->priv_data; diff --git a/drivers/platform/x86/intel/pmt/class.h b/drivers/platform/x86/intel/pmt/class.h index b2006d57779d..f6ce80c4e051 100644 --- a/drivers/platform/x86/intel/pmt/class.h +++ b/drivers/platform/x86/intel/pmt/class.h @@ -39,6 +39,7 @@ struct intel_pmt_header { struct intel_pmt_entry { struct telem_endpoint *ep; + struct pci_dev *pcidev; struct intel_pmt_header header; struct bin_attribute pmt_bin_attr; struct kobject *kobj; -- 2.50.0

3 months, 3 weeks

1
0
0 0

[PATCH] usb: gadget: max3420_udc: Fix out-of-bounds endpoint index access

by Seungjin Bae

In the max3420_set_clear_feature() function, the endpoint index `id` can have a value from 0 to 15. However, the udc->ep array is initialized with a maximum of 4 endpoints in max3420_eps_init(). If host sends a request with a wIndex greater than 3, the access to `udc->ep[id]` will go out-of-bounds, leading to memory corruption or a potential kernel crash. This bug was found by code inspection and has not been tested on hardware. Fixes: 48ba02b2e2b1a ("usb: gadget: add udc driver for max3420") Cc: stable(a)vger.kernel.org Signed-off-by: Seungjin Bae <eeodqql09(a)gmail.com> --- drivers/usb/gadget/udc/max3420_udc.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/usb/gadget/udc/max3420_udc.c b/drivers/usb/gadget/udc/max3420_udc.c index 7349ea774adf..e4ecc7f7f3be 100644 --- a/drivers/usb/gadget/udc/max3420_udc.c +++ b/drivers/usb/gadget/udc/max3420_udc.c @@ -596,6 +596,8 @@ static void max3420_set_clear_feature(struct max3420_udc *udc) break; id = udc->setup.wIndex & USB_ENDPOINT_NUMBER_MASK; + if (id >= MAX3420_MAX_EPS) + break; ep = &udc->ep[id]; spin_lock_irqsave(&ep->lock, flags); -- 2.43.0

3 months, 3 weeks

3
4
0 0

[REGRESSION] v6.12.35: (build) kallsyms.h:21:10: fatal error: execinfo.h: No such file or directory

by Natanael Copa

Hi! I bumped into a build regression when building Alpine Linux kernel 6.12.35 on x86_64: In file included from ../arch/x86/tools/insn_decoder_test.c:13: ../tools/include/linux/kallsyms.h:21:10: fatal error: execinfo.h: No such file or directory 21 | #include <execinfo.h> | ^~~~~~~~~~~~ compilation terminated. The 6.12.34 kernel built just fine. I bisected it to: commit b8abcba6e4aec53868dfe44f97270fc4dee0df2a (HEAD) Author: Sergio Gonz_lez Collado <sergio.collado(a)gmail.com> Date: Sun Mar 2 23:15:18 2025 +0100 Kunit to check the longest symbol length commit c104c16073b7fdb3e4eae18f66f4009f6b073d6f upstream. which has this hunk: diff --git a/arch/x86/tools/insn_decoder_test.c b/arch/x86/tools/insn_decoder_test.c index 472540aeabc2..6c2986d2ad11 100644 --- a/arch/x86/tools/insn_decoder_test.c +++ b/arch/x86/tools/insn_decoder_test.c @@ -10,6 +10,7 @@ #include <assert.h> #include <unistd.h> #include <stdarg.h> +#include <linux/kallsyms.h> #define unlikely(cond) (cond) @@ -106,7 +107,7 @@ static void parse_args(int argc, char **argv) } } -#define BUFSIZE 256 +#define BUFSIZE (256 + KSYM_NAME_LEN) int main(int argc, char **argv) { It looks like the linux/kallsyms.h was included to get KSYM_NAME_LEN. Unfortunately it also introduced the include of execinfo.h, which does not exist on musl libc. This has previously been reported to and tried fixed: https://lore.kernel.org/stable/DB0OSTC6N4TL.2NK75K2CWE9JV@pwned.life/T/#t Would it be an idea to revert commit b8abcba6e4ae til we have a proper solution for this? Thanks! -nc

3 months, 3 weeks

4
7
0 0

[PATCH 6.12.y] rust: init: allow `dead_code` warnings for Rust >= 1.89.0

by Miguel Ojeda

Starting with Rust 1.89.0 (expected 2025-08-07), the Rust compiler may warn: error: trait `MustNotImplDrop` is never used --> rust/kernel/init/macros.rs:927:15 | 927 | trait MustNotImplDrop {} | ^^^^^^^^^^^^^^^ | ::: rust/kernel/sync/arc.rs:133:1 | 133 | #[pin_data] | ----------- in this procedural macro expansion | = note: `-D dead-code` implied by `-D warnings` = help: to override `-D warnings` add `#[allow(dead_code)]` = note: this error originates in the macro `$crate::__pin_data` which comes from the expansion of the attribute macro `pin_data` (in Nightly builds, run with -Z macro-backtrace for more info) Thus `allow` it to clean it up. This does not happen in mainline nor 6.15.y, because there the macro was moved out of the `kernel` crate, and `dead_code` warnings are not emitted if the macro is foreign to the crate. Thus this patch is directly sent to stable and intended for 6.12.y only. Similarly, it is not needed in previous LTSs, because there the Rust version is pinned. Cc: Benno Lossin <lossin(a)kernel.org> Signed-off-by: Miguel Ojeda <ojeda(a)kernel.org> --- Greg, Sasha: please note that an equivalent patch is _not_ in mainline. We could put these `allow`s in mainline (they wouldn't hurt), but it isn't a good idea to add things in mainline for the only reason of backporting them, thus I am sending this directly to stable. The patch is pretty safe -- there is no actual code change. rust/kernel/init/macros.rs | 2 ++ 1 file changed, 2 insertions(+) diff --git a/rust/kernel/init/macros.rs b/rust/kernel/init/macros.rs index b7213962a6a5..e530028bb9ed 100644 --- a/rust/kernel/init/macros.rs +++ b/rust/kernel/init/macros.rs @@ -924,6 +924,7 @@ impl<'__pin, $($impl_generics)*> ::core::marker::Unpin for $name<$($ty_generics) // We prevent this by creating a trait that will be implemented for all types implementing // `Drop`. Additionally we will implement this trait for the struct leading to a conflict, // if it also implements `Drop` + #[allow(dead_code)] trait MustNotImplDrop {} #[expect(drop_bounds)] impl<T: ::core::ops::Drop> MustNotImplDrop for T {} @@ -932,6 +933,7 @@ impl<$($impl_generics)*> MustNotImplDrop for $name<$($ty_generics)*> // We also take care to prevent users from writing a useless `PinnedDrop` implementation. // They might implement `PinnedDrop` correctly for the struct, but forget to give // `PinnedDrop` as the parameter to `#[pin_data]`. + #[allow(dead_code)] #[expect(non_camel_case_types)] trait UselessPinnedDropImpl_you_need_to_specify_PinnedDrop {} impl<T: $crate::init::PinnedDrop> base-commit: fbad404f04d758c52bae79ca20d0e7fe5fef91d3 -- 2.50.1

3 months, 3 weeks

3
2
0 0

FAILED: patch "[PATCH] pwm: mediatek: Ensure to disable clocks in error path" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 505b730ede7f5c4083ff212aa955155b5b92e574 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025071236-generous-jazz-41e4@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 505b730ede7f5c4083ff212aa955155b5b92e574 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Uwe=20Kleine-K=C3=B6nig?= <u.kleine-koenig(a)baylibre.com> Date: Fri, 4 Jul 2025 19:27:27 +0200 Subject: [PATCH] pwm: mediatek: Ensure to disable clocks in error path MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit After enabling the clocks each error path must disable the clocks again. One of them failed to do so. Unify the error paths to use goto to make it harder for future changes to add a similar bug. Fixes: 7ca59947b5fc ("pwm: mediatek: Prevent divide-by-zero in pwm_mediatek_config()") Signed-off-by: Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> Link: https://lore.kernel.org/r/20250704172728.626815-2-u.kleine-koenig@baylibre.… Cc: stable(a)vger.kernel.org Signed-off-by: Uwe Kleine-König <ukleinek(a)kernel.org> diff --git a/drivers/pwm/pwm-mediatek.c b/drivers/pwm/pwm-mediatek.c index 7eaab5831499..33d3554b9197 100644 --- a/drivers/pwm/pwm-mediatek.c +++ b/drivers/pwm/pwm-mediatek.c @@ -130,8 +130,10 @@ static int pwm_mediatek_config(struct pwm_chip *chip, struct pwm_device *pwm, return ret; clk_rate = clk_get_rate(pc->clk_pwms[pwm->hwpwm]); - if (!clk_rate) - return -EINVAL; + if (!clk_rate) { + ret = -EINVAL; + goto out; + } /* Make sure we use the bus clock and not the 26MHz clock */ if (pc->soc->has_ck_26m_sel) @@ -150,9 +152,9 @@ static int pwm_mediatek_config(struct pwm_chip *chip, struct pwm_device *pwm, } if (clkdiv > PWM_CLK_DIV_MAX) { - pwm_mediatek_clk_disable(chip, pwm); dev_err(pwmchip_parent(chip), "period of %d ns not supported\n", period_ns); - return -EINVAL; + ret = -EINVAL; + goto out; } if (pc->soc->pwm45_fixup && pwm->hwpwm > 2) { @@ -169,9 +171,10 @@ static int pwm_mediatek_config(struct pwm_chip *chip, struct pwm_device *pwm, pwm_mediatek_writel(pc, pwm->hwpwm, reg_width, cnt_period); pwm_mediatek_writel(pc, pwm->hwpwm, reg_thres, cnt_duty); +out: pwm_mediatek_clk_disable(chip, pwm); - return 0; + return ret; } static int pwm_mediatek_enable(struct pwm_chip *chip, struct pwm_device *pwm)

3 months, 3 weeks

3
2
0 0

TSA-mitigation not working: "no microcode" although microcode-revision should suffice

by Rainer Fiebig

Built 6.12.37 with CONFIG_MITIGATION_TSA=y on a Ryzen 5700G system. According to [1] the minimum BIOS revision should be ComboAM4v2PI 1.2.0.E which is installed. According to [2] the minimum microcode revision required for that CPU is 0x0A500012. Installed is 0x0A500014. So I think the mitigating should work. But this is not the case: ~> dmesg | grep -Ei 'ryzen|microcode' [ 0.171006] Transient Scheduler Attacks: Vulnerable: Clear CPU buffers attempted, no microcode [ 0.288006] smpboot: CPU0: AMD Ryzen 7 5700G with Radeon Graphics (family: 0x19, model: 0x50, stepping: 0x0) [ 0.480729] microcode: Current revision: 0x0a500014 I'm wondering why the mitigation isn't working. Thanks. Rainer [1] https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7029.html [2] https://www.amd.com/content/dam/amd/en/documents/resources/bulletin/technic… -- The truth always turns out to be simpler than you thought. Richard Feynman

3 months, 3 weeks

2
1
0 0

FAILED: patch "[PATCH] pwm: mediatek: Ensure to disable clocks in error path" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 505b730ede7f5c4083ff212aa955155b5b92e574 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025071235-ebook-definite-e54a@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 505b730ede7f5c4083ff212aa955155b5b92e574 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Uwe=20Kleine-K=C3=B6nig?= <u.kleine-koenig(a)baylibre.com> Date: Fri, 4 Jul 2025 19:27:27 +0200 Subject: [PATCH] pwm: mediatek: Ensure to disable clocks in error path MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit After enabling the clocks each error path must disable the clocks again. One of them failed to do so. Unify the error paths to use goto to make it harder for future changes to add a similar bug. Fixes: 7ca59947b5fc ("pwm: mediatek: Prevent divide-by-zero in pwm_mediatek_config()") Signed-off-by: Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> Link: https://lore.kernel.org/r/20250704172728.626815-2-u.kleine-koenig@baylibre.… Cc: stable(a)vger.kernel.org Signed-off-by: Uwe Kleine-König <ukleinek(a)kernel.org> diff --git a/drivers/pwm/pwm-mediatek.c b/drivers/pwm/pwm-mediatek.c index 7eaab5831499..33d3554b9197 100644 --- a/drivers/pwm/pwm-mediatek.c +++ b/drivers/pwm/pwm-mediatek.c @@ -130,8 +130,10 @@ static int pwm_mediatek_config(struct pwm_chip *chip, struct pwm_device *pwm, return ret; clk_rate = clk_get_rate(pc->clk_pwms[pwm->hwpwm]); - if (!clk_rate) - return -EINVAL; + if (!clk_rate) { + ret = -EINVAL; + goto out; + } /* Make sure we use the bus clock and not the 26MHz clock */ if (pc->soc->has_ck_26m_sel) @@ -150,9 +152,9 @@ static int pwm_mediatek_config(struct pwm_chip *chip, struct pwm_device *pwm, } if (clkdiv > PWM_CLK_DIV_MAX) { - pwm_mediatek_clk_disable(chip, pwm); dev_err(pwmchip_parent(chip), "period of %d ns not supported\n", period_ns); - return -EINVAL; + ret = -EINVAL; + goto out; } if (pc->soc->pwm45_fixup && pwm->hwpwm > 2) { @@ -169,9 +171,10 @@ static int pwm_mediatek_config(struct pwm_chip *chip, struct pwm_device *pwm, pwm_mediatek_writel(pc, pwm->hwpwm, reg_width, cnt_period); pwm_mediatek_writel(pc, pwm->hwpwm, reg_thres, cnt_duty); +out: pwm_mediatek_clk_disable(chip, pwm); - return 0; + return ret; } static int pwm_mediatek_enable(struct pwm_chip *chip, struct pwm_device *pwm)

3 months, 3 weeks

3
2
0 0

FAILED: patch "[PATCH] pwm: mediatek: Ensure to disable clocks in error path" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 505b730ede7f5c4083ff212aa955155b5b92e574 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025071234-appealing-unless-4a54@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 505b730ede7f5c4083ff212aa955155b5b92e574 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Uwe=20Kleine-K=C3=B6nig?= <u.kleine-koenig(a)baylibre.com> Date: Fri, 4 Jul 2025 19:27:27 +0200 Subject: [PATCH] pwm: mediatek: Ensure to disable clocks in error path MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit After enabling the clocks each error path must disable the clocks again. One of them failed to do so. Unify the error paths to use goto to make it harder for future changes to add a similar bug. Fixes: 7ca59947b5fc ("pwm: mediatek: Prevent divide-by-zero in pwm_mediatek_config()") Signed-off-by: Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> Link: https://lore.kernel.org/r/20250704172728.626815-2-u.kleine-koenig@baylibre.… Cc: stable(a)vger.kernel.org Signed-off-by: Uwe Kleine-König <ukleinek(a)kernel.org> diff --git a/drivers/pwm/pwm-mediatek.c b/drivers/pwm/pwm-mediatek.c index 7eaab5831499..33d3554b9197 100644 --- a/drivers/pwm/pwm-mediatek.c +++ b/drivers/pwm/pwm-mediatek.c @@ -130,8 +130,10 @@ static int pwm_mediatek_config(struct pwm_chip *chip, struct pwm_device *pwm, return ret; clk_rate = clk_get_rate(pc->clk_pwms[pwm->hwpwm]); - if (!clk_rate) - return -EINVAL; + if (!clk_rate) { + ret = -EINVAL; + goto out; + } /* Make sure we use the bus clock and not the 26MHz clock */ if (pc->soc->has_ck_26m_sel) @@ -150,9 +152,9 @@ static int pwm_mediatek_config(struct pwm_chip *chip, struct pwm_device *pwm, } if (clkdiv > PWM_CLK_DIV_MAX) { - pwm_mediatek_clk_disable(chip, pwm); dev_err(pwmchip_parent(chip), "period of %d ns not supported\n", period_ns); - return -EINVAL; + ret = -EINVAL; + goto out; } if (pc->soc->pwm45_fixup && pwm->hwpwm > 2) { @@ -169,9 +171,10 @@ static int pwm_mediatek_config(struct pwm_chip *chip, struct pwm_device *pwm, pwm_mediatek_writel(pc, pwm->hwpwm, reg_width, cnt_period); pwm_mediatek_writel(pc, pwm->hwpwm, reg_thres, cnt_duty); +out: pwm_mediatek_clk_disable(chip, pwm); - return 0; + return ret; } static int pwm_mediatek_enable(struct pwm_chip *chip, struct pwm_device *pwm)

3 months, 3 weeks

3
2
0 0

[PATCH 6.6.y] smb: client: support kvec iterators in async read path

by Henrique Carvalho

commit 3ee1a1fc39819906f04d6c62c180e760cd3a689d upstream. Add cifs_limit_kvec_subset() and select the appropriate limiter in cifs_send_async_read() to handle kvec iterators in async read path, fixing the EIO bug when running executables in cifs shares mounted with nolease. This patch -- or equivalent patch, does not exist upstream, as the upstream code has suffered considerable API changes. The affected path is currently handled by netfs lib and located under netfs/direct_read.c. Reproducer: $ mount.cifs //server/share /mnt -o nolease $ cat - > /mnt/test.sh <<EOL echo hallo EOL $ chmod +x /mnt/test.sh $ /mnt/test.sh bash: /mnt/test.sh: /bin/bash: Defekter Interpreter: Eingabe-/Ausgabefehler $ rm -f /mnt/test.sh Fixes: d08089f649a0 ("cifs: Change the I/O paths to use an iterator rather than a page list") Reported-by: Laura Kerner <laura.kerner(a)ichaus.de> Closes: https://bugzilla.suse.com/show_bug.cgi?id=1245449 Signed-off-by: Henrique Carvalho <henrique.carvalho(a)suse.com> --- fs/smb/client/file.c | 46 ++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 44 insertions(+), 2 deletions(-) diff --git a/fs/smb/client/file.c b/fs/smb/client/file.c index d883ed75022c..4878c74bae6f 100644 --- a/fs/smb/client/file.c +++ b/fs/smb/client/file.c @@ -3527,6 +3527,42 @@ static size_t cifs_limit_bvec_subset(const struct iov_iter *iter, size_t max_siz return span; } +static size_t cifs_limit_kvec_subset(const struct iov_iter *iter, size_t max_size, + size_t max_segs, unsigned int *_nsegs) +{ + const struct kvec *kvecs = iter->kvec; + unsigned int nkv = iter->nr_segs, ix = 0, nsegs = 0; + size_t len, span = 0, n = iter->count; + size_t skip = iter->iov_offset; + + if (WARN_ON(!iov_iter_is_kvec(iter)) || n == 0) + return 0; + + while (n && ix < nkv && skip) { + len = kvecs[ix].iov_len; + if (skip < len) + break; + skip -= len; + n -= len; + ix++; + } + + while (n && ix < nkv) { + len = min3(n, kvecs[ix].iov_len - skip, max_size); + span += len; + max_size -= len; + nsegs++; + ix++; + if (max_size == 0 || nsegs >= max_segs) + break; + skip = 0; + n -= len; + } + + *_nsegs = nsegs; + return span; +} + static int cifs_write_from_iter(loff_t fpos, size_t len, struct iov_iter *from, struct cifsFileInfo *open_file, @@ -4079,6 +4115,13 @@ cifs_send_async_read(loff_t fpos, size_t len, struct cifsFileInfo *open_file, int rc; pid_t pid; struct TCP_Server_Info *server; + size_t (*limit_iov_subset)(const struct iov_iter *iter, size_t max_size, + size_t max_segs, unsigned int *_nsegs); + + if (iov_iter_is_kvec(&ctx->iter)) + limit_iov_subset = cifs_limit_kvec_subset; + else + limit_iov_subset = cifs_limit_bvec_subset; server = cifs_pick_channel(tlink_tcon(open_file->tlink)->ses); @@ -4113,8 +4156,7 @@ cifs_send_async_read(loff_t fpos, size_t len, struct cifsFileInfo *open_file, max_len = min_t(size_t, len, rsize); - cur_len = cifs_limit_bvec_subset(&ctx->iter, max_len, - max_segs, &nsegs); + cur_len = limit_iov_subset(&ctx->iter, max_len, max_segs, &nsegs); cifs_dbg(FYI, "read-to-iter len=%zx/%zx nsegs=%u/%lu/%u\n", cur_len, max_len, nsegs, ctx->iter.nr_segs, max_segs); if (cur_len == 0) { -- 2.47.0

3 months, 3 weeks

3
3
0 0

[PATCH] arm64: dts: fsl-lx2160a: define pinctrl for iic2 sd-cd/-wp functions

by Josua Mayer

LX2160 SoC uses a densely packed configuration area in memory for pin muxing - configuring a variable number of IOs at a time. Since pinctrl nodes were added for the i2c signals of LX2160 SoC, boot errors have been observed on SolidRun LX2162A Clearfog board when rootfs is located on SD-Card (esdhc0): [ 1.961035] mmc0: new ultra high speed SDR104 SDHC card at address aaaa ... [ 5.220655] i2c i2c-1: using pinctrl states for GPIO recovery [ 5.226425] i2c i2c-1: using generic GPIOs for recovery ... [ 5.440471] mmc0: card aaaa removed The card-detect and write-protect signals of esdhc0 are an alternate function of IIC2 (in dts i2c1 - on lx2162 clearfog status disabled). By use of u-boot "md", and linux "devmem" command it was confirmed that RCWSR12 (at 0x01e0012c) with IIC2_PMUX (at bits 0-2) changes from 0x08000006 to 0x0000000 after starting Linux. This means that the card-detect pin function has changed to i2c function - which will cause the controller to detect card removal. The respective i2c1-scl-pins node is only linked to i2c1 node that has status disabled in device-tree for the solidrun boards. How the memory is changed has not been investigated. As a workaround add a new pinctrl definition for the card-detect/write-protect function of IIC2 pins. It seems unwise to link this directly from the SoC dtsi as boards may rely on other functions such as flextimer. Instead add the pinctrl to each board's esdhc0 node if it is known to rely on native card-detect function. These boards have esdhc0 node enabled and do not define broken-cd property: - fsl-lx2160a-bluebox3.dts - fsl-lx2160a-clearfog-itx.dtsi - fsl-lx2160a-qds.dts - fsl-lx2160a-rdb.dts - fsl-lx2160a-tqmlx2160a-mblx2160a.dts - fsl-lx2162a-clearfog.dts - fsl-lx2162a-qds.dts This was tested on the SolidRun LX2162 Clearfog with Linux v6.12.33. Fixes: 8a1365c7bbc1 ("arm64: dts: lx2160a: add pinmux and i2c gpio to support bus recovery") Cc: stable(a)vger.kernel.org Signed-off-by: Josua Mayer <josua(a)solid-run.com> --- arch/arm64/boot/dts/freescale/fsl-lx2160a-bluebox3.dts | 2 ++ arch/arm64/boot/dts/freescale/fsl-lx2160a-clearfog-itx.dtsi | 2 ++ arch/arm64/boot/dts/freescale/fsl-lx2160a-qds.dts | 2 ++ arch/arm64/boot/dts/freescale/fsl-lx2160a-rdb.dts | 2 ++ arch/arm64/boot/dts/freescale/fsl-lx2160a-tqmlx2160a-mblx2160a.dts | 2 ++ arch/arm64/boot/dts/freescale/fsl-lx2160a.dtsi | 4 ++++ arch/arm64/boot/dts/freescale/fsl-lx2162a-clearfog.dts | 2 ++ arch/arm64/boot/dts/freescale/fsl-lx2162a-qds.dts | 2 ++ 8 files changed, 18 insertions(+) diff --git a/arch/arm64/boot/dts/freescale/fsl-lx2160a-bluebox3.dts b/arch/arm64/boot/dts/freescale/fsl-lx2160a-bluebox3.dts index 042c486bdda2..298fcdce6c6b 100644 --- a/arch/arm64/boot/dts/freescale/fsl-lx2160a-bluebox3.dts +++ b/arch/arm64/boot/dts/freescale/fsl-lx2160a-bluebox3.dts @@ -152,6 +152,8 @@ &esdhc0 { sd-uhs-sdr50; sd-uhs-sdr25; sd-uhs-sdr12; + pinctrl-0 = <&i2c1_sdhc_cdwp>; + pinctrl-names = "default"; status = "okay"; }; diff --git a/arch/arm64/boot/dts/freescale/fsl-lx2160a-clearfog-itx.dtsi b/arch/arm64/boot/dts/freescale/fsl-lx2160a-clearfog-itx.dtsi index a7dcbecc1f41..67ffe2e1b0bc 100644 --- a/arch/arm64/boot/dts/freescale/fsl-lx2160a-clearfog-itx.dtsi +++ b/arch/arm64/boot/dts/freescale/fsl-lx2160a-clearfog-itx.dtsi @@ -93,6 +93,8 @@ &esdhc0 { sd-uhs-sdr50; sd-uhs-sdr25; sd-uhs-sdr12; + pinctrl-0 = <&i2c1_sdhc_cdwp>; + pinctrl-names = "default"; status = "okay"; }; diff --git a/arch/arm64/boot/dts/freescale/fsl-lx2160a-qds.dts b/arch/arm64/boot/dts/freescale/fsl-lx2160a-qds.dts index 4d721197d837..17fe4a8fd35e 100644 --- a/arch/arm64/boot/dts/freescale/fsl-lx2160a-qds.dts +++ b/arch/arm64/boot/dts/freescale/fsl-lx2160a-qds.dts @@ -214,6 +214,8 @@ &emdio2 { }; &esdhc0 { + pinctrl-0 = <&i2c1_sdhc_cdwp>; + pinctrl-names = "default"; status = "okay"; }; diff --git a/arch/arm64/boot/dts/freescale/fsl-lx2160a-rdb.dts b/arch/arm64/boot/dts/freescale/fsl-lx2160a-rdb.dts index 0c44b3cbef77..faa486d6a5b1 100644 --- a/arch/arm64/boot/dts/freescale/fsl-lx2160a-rdb.dts +++ b/arch/arm64/boot/dts/freescale/fsl-lx2160a-rdb.dts @@ -131,6 +131,8 @@ &esdhc0 { sd-uhs-sdr50; sd-uhs-sdr25; sd-uhs-sdr12; + pinctrl-0 = <&i2c1_sdhc_cdwp>; + pinctrl-names = "default"; status = "okay"; }; diff --git a/arch/arm64/boot/dts/freescale/fsl-lx2160a-tqmlx2160a-mblx2160a.dts b/arch/arm64/boot/dts/freescale/fsl-lx2160a-tqmlx2160a-mblx2160a.dts index f6a4f8d54301..4ba55feb18b2 100644 --- a/arch/arm64/boot/dts/freescale/fsl-lx2160a-tqmlx2160a-mblx2160a.dts +++ b/arch/arm64/boot/dts/freescale/fsl-lx2160a-tqmlx2160a-mblx2160a.dts @@ -177,6 +177,8 @@ &esdhc0 { no-sdio; wp-gpios = <&gpio0 30 GPIO_ACTIVE_LOW>; cd-gpios = <&gpio0 31 GPIO_ACTIVE_LOW>; + pinctrl-0 = <&i2c1_scl_gpio>; + pinctrl-names = "default"; status = "okay"; }; diff --git a/arch/arm64/boot/dts/freescale/fsl-lx2160a.dtsi b/arch/arm64/boot/dts/freescale/fsl-lx2160a.dtsi index c9541403bcd8..555a191b0bb4 100644 --- a/arch/arm64/boot/dts/freescale/fsl-lx2160a.dtsi +++ b/arch/arm64/boot/dts/freescale/fsl-lx2160a.dtsi @@ -1717,6 +1717,10 @@ i2c1_scl_gpio: i2c1-scl-gpio-pins { pinctrl-single,bits = <0x0 0x1 0x7>; }; + i2c1_sdhc_cdwp: i2c1-esdhc0-cd-wp-pins { + pinctrl-single,bits = <0x0 0x6 0x7>; + }; + i2c2_scl: i2c2-scl-pins { pinctrl-single,bits = <0x0 0 (0x7 << 3)>; }; diff --git a/arch/arm64/boot/dts/freescale/fsl-lx2162a-clearfog.dts b/arch/arm64/boot/dts/freescale/fsl-lx2162a-clearfog.dts index eafef8718a0f..4b58105c3ffa 100644 --- a/arch/arm64/boot/dts/freescale/fsl-lx2162a-clearfog.dts +++ b/arch/arm64/boot/dts/freescale/fsl-lx2162a-clearfog.dts @@ -227,6 +227,8 @@ &esdhc0 { sd-uhs-sdr50; sd-uhs-sdr25; sd-uhs-sdr12; + pinctrl-0 = <&i2c1_sdhc_cdwp>; + pinctrl-names = "default"; status = "okay"; }; diff --git a/arch/arm64/boot/dts/freescale/fsl-lx2162a-qds.dts b/arch/arm64/boot/dts/freescale/fsl-lx2162a-qds.dts index 9f5ff1ffe7d5..caa079df35f6 100644 --- a/arch/arm64/boot/dts/freescale/fsl-lx2162a-qds.dts +++ b/arch/arm64/boot/dts/freescale/fsl-lx2162a-qds.dts @@ -238,6 +238,8 @@ &esdhc0 { sd-uhs-sdr50; sd-uhs-sdr25; sd-uhs-sdr12; + pinctrl-0 = <&i2c1_sdhc_cdwp>; + pinctrl-names = "default"; status = "okay"; }; --- base-commit: 19272b37aa4f83ca52bdf9c16d5d81bdd1354494 change-id: 20250710-lx2160-sd-cd-00bf38ae169e Best regards, -- Josua Mayer <josua(a)solid-run.com>

3 months, 3 weeks

1
2
0 0

[PATCH v2 0/4] HID: core: fix __hid_request when no report ID is used

by Benjamin Tissoires

New version (unchanged for patches 1-3), with a test added so we can detect this. Followup of https://lore.kernel.org/linux-input/c75433e0-9b47-4072-bbe8-b1d14ea97b13@ro… This initial series attempt at fixing the various bugs discovered by Alan regarding __hid_request(). Syzbot managed to create a report descriptor which presents a feature request of size 0 (still trying to extract it) and this exposed the fact that __hid_request() was incorrectly handling the case when the report ID is not used. Send a first batch of fixes now so we get the feedback from syzbot ASAP. Note: in the series, I also mentioned that the report of size 0 should be stripped out of the HID device, but I'm not entirely sure this would be a good idea in the end. Signed-off-by: Benjamin Tissoires <bentiss(a)kernel.org> --- Changes in v2: - added Tested-by from syzbot (https://lore.kernel.org/r/686e9113.050a0220.385921.0008.GAE@google.com) - added a python test for it - Link to v1: https://lore.kernel.org/r/20250709-report-size-null-v1-0-194912215cbc@kerne… --- Benjamin Tissoires (4): HID: core: ensure the allocated report buffer can contain the reserved report ID HID: core: ensure __hid_request reserves the report ID as the first byte HID: core: do not bypass hid_hw_raw_request selftests/hid: add a test case for the recent syzbot underflow drivers/hid/hid-core.c | 19 +++++-- tools/testing/selftests/hid/tests/test_mouse.py | 70 +++++++++++++++++++++++++ 2 files changed, 84 insertions(+), 5 deletions(-) --- base-commit: 1f988d0788f50d8464f957e793fab356e2937369 change-id: 20250709-report-size-null-37619ea20288 Best regards, -- Benjamin Tissoires <bentiss(a)kernel.org>

3 months, 3 weeks

1
4
0 0

FAILED: patch "[PATCH] pwm: mediatek: Ensure to disable clocks in error path" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 505b730ede7f5c4083ff212aa955155b5b92e574 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025071235-disagree-dolly-ab52@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 505b730ede7f5c4083ff212aa955155b5b92e574 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Uwe=20Kleine-K=C3=B6nig?= <u.kleine-koenig(a)baylibre.com> Date: Fri, 4 Jul 2025 19:27:27 +0200 Subject: [PATCH] pwm: mediatek: Ensure to disable clocks in error path MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit After enabling the clocks each error path must disable the clocks again. One of them failed to do so. Unify the error paths to use goto to make it harder for future changes to add a similar bug. Fixes: 7ca59947b5fc ("pwm: mediatek: Prevent divide-by-zero in pwm_mediatek_config()") Signed-off-by: Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> Link: https://lore.kernel.org/r/20250704172728.626815-2-u.kleine-koenig@baylibre.… Cc: stable(a)vger.kernel.org Signed-off-by: Uwe Kleine-König <ukleinek(a)kernel.org> diff --git a/drivers/pwm/pwm-mediatek.c b/drivers/pwm/pwm-mediatek.c index 7eaab5831499..33d3554b9197 100644 --- a/drivers/pwm/pwm-mediatek.c +++ b/drivers/pwm/pwm-mediatek.c @@ -130,8 +130,10 @@ static int pwm_mediatek_config(struct pwm_chip *chip, struct pwm_device *pwm, return ret; clk_rate = clk_get_rate(pc->clk_pwms[pwm->hwpwm]); - if (!clk_rate) - return -EINVAL; + if (!clk_rate) { + ret = -EINVAL; + goto out; + } /* Make sure we use the bus clock and not the 26MHz clock */ if (pc->soc->has_ck_26m_sel) @@ -150,9 +152,9 @@ static int pwm_mediatek_config(struct pwm_chip *chip, struct pwm_device *pwm, } if (clkdiv > PWM_CLK_DIV_MAX) { - pwm_mediatek_clk_disable(chip, pwm); dev_err(pwmchip_parent(chip), "period of %d ns not supported\n", period_ns); - return -EINVAL; + ret = -EINVAL; + goto out; } if (pc->soc->pwm45_fixup && pwm->hwpwm > 2) { @@ -169,9 +171,10 @@ static int pwm_mediatek_config(struct pwm_chip *chip, struct pwm_device *pwm, pwm_mediatek_writel(pc, pwm->hwpwm, reg_width, cnt_period); pwm_mediatek_writel(pc, pwm->hwpwm, reg_thres, cnt_duty); +out: pwm_mediatek_clk_disable(chip, pwm); - return 0; + return ret; } static int pwm_mediatek_enable(struct pwm_chip *chip, struct pwm_device *pwm)

3 months, 3 weeks

2
1
0 0

FAILED: patch "[PATCH] pwm: mediatek: Ensure to disable clocks in error path" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 505b730ede7f5c4083ff212aa955155b5b92e574 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025071236-propeller-quality-54b9@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 505b730ede7f5c4083ff212aa955155b5b92e574 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Uwe=20Kleine-K=C3=B6nig?= <u.kleine-koenig(a)baylibre.com> Date: Fri, 4 Jul 2025 19:27:27 +0200 Subject: [PATCH] pwm: mediatek: Ensure to disable clocks in error path MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit After enabling the clocks each error path must disable the clocks again. One of them failed to do so. Unify the error paths to use goto to make it harder for future changes to add a similar bug. Fixes: 7ca59947b5fc ("pwm: mediatek: Prevent divide-by-zero in pwm_mediatek_config()") Signed-off-by: Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> Link: https://lore.kernel.org/r/20250704172728.626815-2-u.kleine-koenig@baylibre.… Cc: stable(a)vger.kernel.org Signed-off-by: Uwe Kleine-König <ukleinek(a)kernel.org> diff --git a/drivers/pwm/pwm-mediatek.c b/drivers/pwm/pwm-mediatek.c index 7eaab5831499..33d3554b9197 100644 --- a/drivers/pwm/pwm-mediatek.c +++ b/drivers/pwm/pwm-mediatek.c @@ -130,8 +130,10 @@ static int pwm_mediatek_config(struct pwm_chip *chip, struct pwm_device *pwm, return ret; clk_rate = clk_get_rate(pc->clk_pwms[pwm->hwpwm]); - if (!clk_rate) - return -EINVAL; + if (!clk_rate) { + ret = -EINVAL; + goto out; + } /* Make sure we use the bus clock and not the 26MHz clock */ if (pc->soc->has_ck_26m_sel) @@ -150,9 +152,9 @@ static int pwm_mediatek_config(struct pwm_chip *chip, struct pwm_device *pwm, } if (clkdiv > PWM_CLK_DIV_MAX) { - pwm_mediatek_clk_disable(chip, pwm); dev_err(pwmchip_parent(chip), "period of %d ns not supported\n", period_ns); - return -EINVAL; + ret = -EINVAL; + goto out; } if (pc->soc->pwm45_fixup && pwm->hwpwm > 2) { @@ -169,9 +171,10 @@ static int pwm_mediatek_config(struct pwm_chip *chip, struct pwm_device *pwm, pwm_mediatek_writel(pc, pwm->hwpwm, reg_width, cnt_period); pwm_mediatek_writel(pc, pwm->hwpwm, reg_thres, cnt_duty); +out: pwm_mediatek_clk_disable(chip, pwm); - return 0; + return ret; } static int pwm_mediatek_enable(struct pwm_chip *chip, struct pwm_device *pwm)

3 months, 3 weeks

2
1
0 0

[PATCH 2/2] nvmem: imx-ocotp: fix MAC address byte length

by srini＠kernel.org

From: Steffen Bätz <steffen(a)innosonix.de> The commit "13bcd440f2ff nvmem: core: verify cell's raw_len" caused an extension of the "mac-address" cell from 6 to 8 bytes due to word_size of 4 bytes. This led to a required byte swap of the full buffer length, which caused truncation of the mac-address when read. Previously, the mac-address was incorrectly truncated from 70:B3:D5:14:E9:0E to 00:00:70:B3:D5:14. Fix the issue by swapping only the first 6 bytes to correctly pass the mac-address to the upper layers. Fixes: 13bcd440f2ff ("nvmem: core: verify cell's raw_len") Cc: stable(a)vger.kernel.org Signed-off-by: Steffen Bätz <steffen(a)innosonix.de> Tested-by: Alexander Stein <alexander.stein(a)ew.tq-group.com> Signed-off-by: Srinivas Kandagatla <srini(a)kernel.org> --- drivers/nvmem/imx-ocotp-ele.c | 5 ++++- drivers/nvmem/imx-ocotp.c | 5 ++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/drivers/nvmem/imx-ocotp-ele.c b/drivers/nvmem/imx-ocotp-ele.c index ca6dd71d8a2e..7807ec0e2d18 100644 --- a/drivers/nvmem/imx-ocotp-ele.c +++ b/drivers/nvmem/imx-ocotp-ele.c @@ -12,6 +12,7 @@ #include <linux/of.h> #include <linux/platform_device.h> #include <linux/slab.h> +#include <linux/if_ether.h> /* ETH_ALEN */ enum fuse_type { FUSE_FSB = BIT(0), @@ -118,9 +119,11 @@ static int imx_ocotp_cell_pp(void *context, const char *id, int index, int i; /* Deal with some post processing of nvmem cell data */ - if (id && !strcmp(id, "mac-address")) + if (id && !strcmp(id, "mac-address")) { + bytes = min(bytes, ETH_ALEN); for (i = 0; i < bytes / 2; i++) swap(buf[i], buf[bytes - i - 1]); + } return 0; } diff --git a/drivers/nvmem/imx-ocotp.c b/drivers/nvmem/imx-ocotp.c index 79dd4fda0329..7bf7656d4f96 100644 --- a/drivers/nvmem/imx-ocotp.c +++ b/drivers/nvmem/imx-ocotp.c @@ -23,6 +23,7 @@ #include <linux/platform_device.h> #include <linux/slab.h> #include <linux/delay.h> +#include <linux/if_ether.h> /* ETH_ALEN */ #define IMX_OCOTP_OFFSET_B0W0 0x400 /* Offset from base address of the * OTP Bank0 Word0 @@ -227,9 +228,11 @@ static int imx_ocotp_cell_pp(void *context, const char *id, int index, int i; /* Deal with some post processing of nvmem cell data */ - if (id && !strcmp(id, "mac-address")) + if (id && !strcmp(id, "mac-address")) { + bytes = min(bytes, ETH_ALEN); for (i = 0; i < bytes / 2; i++) swap(buf[i], buf[bytes - i - 1]); + } return 0; } -- 2.43.0

3 months, 3 weeks

1
0
0 0

[PATCH 5.15.y] ocfs2: fix deadlock in ocfs2_get_system_file_inode

by Pranav Tyagi

From: Mohammed Anees <pvmohammedanees2003(a)gmail.com> [ Upstream commit 7bf1823e010e8db2fb649c790bd1b449a75f52d8 ] syzbot has found a possible deadlock in ocfs2_get_system_file_inode [1]. The scenario is depicted here, CPU0 CPU1 lock(&ocfs2_file_ip_alloc_sem_key); lock(&osb->system_file_mutex); lock(&ocfs2_file_ip_alloc_sem_key); lock(&osb->system_file_mutex); The function calls which could lead to this are: CPU0 ocfs2_mknod - lock(&ocfs2_file_ip_alloc_sem_key); . . . ocfs2_get_system_file_inode - lock(&osb->system_file_mutex); CPU1 - ocfs2_fill_super - lock(&osb->system_file_mutex); . . . ocfs2_read_virt_blocks - lock(&ocfs2_file_ip_alloc_sem_key); This issue can be resolved by making the down_read -> down_read_try in the ocfs2_read_virt_blocks. [1] https://syzkaller.appspot.com/bug?extid=e0055ea09f1f5e6fabdd [ Backport to 5.15: context cleanly applied with no semantic changes. Build-tested. ] Link: https://lkml.kernel.org/r/20240924093257.7181-1-pvmohammedanees2003@gmail.c… Signed-off-by: Mohammed Anees <pvmohammedanees2003(a)gmail.com> Reviewed-by: Joseph Qi <joseph.qi(a)linux.alibaba.com> Reported-by: <syzbot+e0055ea09f1f5e6fabdd(a)syzkaller.appspotmail.com> Closes: https://syzkaller.appspot.com/bug?extid=e0055ea09f1f5e6fabdd Tested-by: syzbot+e0055ea09f1f5e6fabdd(a)syzkaller.appspotmail.com Cc: Mark Fasheh <mark(a)fasheh.com> Cc: Joel Becker <jlbec(a)evilplan.org> Cc: Junxiao Bi <junxiao.bi(a)oracle.com> Cc: Changwei Ge <gechangwei(a)live.cn> Cc: Gang He <ghe(a)suse.com> Cc: Jun Piao <piaojun(a)huawei.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Signed-off-by: Pranav Tyagi <pranav.tyagi03(a)gmail.com> --- fs/ocfs2/extent_map.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/fs/ocfs2/extent_map.c b/fs/ocfs2/extent_map.c index 70a768b623cf..f7672472fa82 100644 --- a/fs/ocfs2/extent_map.c +++ b/fs/ocfs2/extent_map.c @@ -973,7 +973,13 @@ int ocfs2_read_virt_blocks(struct inode *inode, u64 v_block, int nr, } while (done < nr) { - down_read(&OCFS2_I(inode)->ip_alloc_sem); + if (!down_read_trylock(&OCFS2_I(inode)->ip_alloc_sem)) { + rc = -EAGAIN; + mlog(ML_ERROR, + "Inode #%llu ip_alloc_sem is temporarily unavailable\n", + (unsigned long long)OCFS2_I(inode)->ip_blkno); + break; + } rc = ocfs2_extent_map_get_blocks(inode, v_block + done, &p_block, &p_count, NULL); up_read(&OCFS2_I(inode)->ip_alloc_sem); -- 2.49.0

3 months, 3 weeks

3
3
0 0

[stable 6.12+] x86/pkeys: Simplify PKRU update in signal frame

by Ben Hutchings

Hi stable maintainers, Please apply commit d1e420772cd1 ("x86/pkeys: Simplify PKRU update in signal frame") to the stable branches for 6.12 and later. This fixes a regression introduced in 6.13 by commit ae6012d72fa6 ("x86/pkeys: Ensure updated PKRU value is XRSTOR'd"), which was also backported in 6.12.5. Ben. -- Ben Hutchings 73.46% of all statistics are made up.

3 months, 3 weeks

3
5
0 0

FAILED: patch "[PATCH] KVM: x86/hyper-v: Skip non-canonical addresses during PV TLB" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x fa787ac07b3ceb56dd88a62d1866038498e96230 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025071240-smugly-detergent-14e4@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From fa787ac07b3ceb56dd88a62d1866038498e96230 Mon Sep 17 00:00:00 2001 From: Manuel Andreas <manuel.andreas(a)tum.de> Date: Wed, 25 Jun 2025 15:53:19 +0200 Subject: [PATCH] KVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush In KVM guests with Hyper-V hypercalls enabled, the hypercalls HVCALL_FLUSH_VIRTUAL_ADDRESS_LIST and HVCALL_FLUSH_VIRTUAL_ADDRESS_LIST_EX allow a guest to request invalidation of portions of a virtual TLB. For this, the hypercall parameter includes a list of GVAs that are supposed to be invalidated. However, when non-canonical GVAs are passed, there is currently no filtering in place and they are eventually passed to checked invocations of INVVPID on Intel / INVLPGA on AMD. While AMD's INVLPGA silently ignores non-canonical addresses (effectively a no-op), Intel's INVVPID explicitly signals VM-Fail and ultimately triggers the WARN_ONCE in invvpid_error(): invvpid failed: ext=0x0 vpid=1 gva=0xaaaaaaaaaaaaa000 WARNING: CPU: 6 PID: 326 at arch/x86/kvm/vmx/vmx.c:482 invvpid_error+0x91/0xa0 [kvm_intel] Modules linked in: kvm_intel kvm 9pnet_virtio irqbypass fuse CPU: 6 UID: 0 PID: 326 Comm: kvm-vm Not tainted 6.15.0 #14 PREEMPT(voluntary) RIP: 0010:invvpid_error+0x91/0xa0 [kvm_intel] Call Trace: vmx_flush_tlb_gva+0x320/0x490 [kvm_intel] kvm_hv_vcpu_flush_tlb+0x24f/0x4f0 [kvm] kvm_arch_vcpu_ioctl_run+0x3013/0x5810 [kvm] Hyper-V documents that invalid GVAs (those that are beyond a partition's GVA space) are to be ignored. While not completely clear whether this ruling also applies to non-canonical GVAs, it is likely fine to make that assumption, and manual testing on Azure confirms "real" Hyper-V interprets the specification in the same way. Skip non-canonical GVAs when processing the list of address to avoid tripping the INVVPID failure. Alternatively, KVM could filter out "bad" GVAs before inserting into the FIFO, but practically speaking the only downside of pushing validation to the final processing is that doing so is suboptimal for the guest, and no well-behaved guest will request TLB flushes for non-canonical addresses. Fixes: 260970862c88 ("KVM: x86: hyper-v: Handle HVCALL_FLUSH_VIRTUAL_ADDRESS_LIST{,EX} calls gently") Cc: stable(a)vger.kernel.org Signed-off-by: Manuel Andreas <manuel.andreas(a)tum.de> Suggested-by: Vitaly Kuznetsov <vkuznets(a)redhat.com> Link: https://lore.kernel.org/r/c090efb3-ef82-499f-a5e0-360fc8420fb7@tum.de Signed-off-by: Sean Christopherson <seanjc(a)google.com> diff --git a/arch/x86/kvm/hyperv.c b/arch/x86/kvm/hyperv.c index 75221a11e15e..ee27064dd72f 100644 --- a/arch/x86/kvm/hyperv.c +++ b/arch/x86/kvm/hyperv.c @@ -1979,6 +1979,9 @@ int kvm_hv_vcpu_flush_tlb(struct kvm_vcpu *vcpu) if (entries[i] == KVM_HV_TLB_FLUSHALL_ENTRY) goto out_flush_all; + if (is_noncanonical_invlpg_address(entries[i], vcpu)) + continue; + /* * Lower 12 bits of 'address' encode the number of additional * pages to flush.

3 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/amdkfd: Don't call mmput from MMU notifier callback" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x cf234231fcbc7d391e2135b9518613218cc5347f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025071246-carol-kung-5103@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From cf234231fcbc7d391e2135b9518613218cc5347f Mon Sep 17 00:00:00 2001 From: Philip Yang <Philip.Yang(a)amd.com> Date: Fri, 20 Jun 2025 18:32:32 -0400 Subject: [PATCH] drm/amdkfd: Don't call mmput from MMU notifier callback If the process is exiting, the mmput inside mmu notifier callback from compactd or fork or numa balancing could release the last reference of mm struct to call exit_mmap and free_pgtable, this triggers deadlock with below backtrace. The deadlock will leak kfd process as mmu notifier release is not called and cause VRAM leaking. The fix is to take mm reference mmget_non_zero when adding prange to the deferred list to pair with mmput in deferred list work. If prange split and add into pchild list, the pchild work_item.mm is not used, so remove the mm parameter from svm_range_unmap_split and svm_range_add_child. The backtrace of hung task: INFO: task python:348105 blocked for more than 64512 seconds. Call Trace: __schedule+0x1c3/0x550 schedule+0x46/0xb0 rwsem_down_write_slowpath+0x24b/0x4c0 unlink_anon_vmas+0xb1/0x1c0 free_pgtables+0xa9/0x130 exit_mmap+0xbc/0x1a0 mmput+0x5a/0x140 svm_range_cpu_invalidate_pagetables+0x2b/0x40 [amdgpu] mn_itree_invalidate+0x72/0xc0 __mmu_notifier_invalidate_range_start+0x48/0x60 try_to_unmap_one+0x10fa/0x1400 rmap_walk_anon+0x196/0x460 try_to_unmap+0xbb/0x210 migrate_page_unmap+0x54d/0x7e0 migrate_pages_batch+0x1c3/0xae0 migrate_pages_sync+0x98/0x240 migrate_pages+0x25c/0x520 compact_zone+0x29d/0x590 compact_zone_order+0xb6/0xf0 try_to_compact_pages+0xbe/0x220 __alloc_pages_direct_compact+0x96/0x1a0 __alloc_pages_slowpath+0x410/0x930 __alloc_pages_nodemask+0x3a9/0x3e0 do_huge_pmd_anonymous_page+0xd7/0x3e0 __handle_mm_fault+0x5e3/0x5f0 handle_mm_fault+0xf7/0x2e0 hmm_vma_fault.isra.0+0x4d/0xa0 walk_pmd_range.isra.0+0xa8/0x310 walk_pud_range+0x167/0x240 walk_pgd_range+0x55/0x100 __walk_page_range+0x87/0x90 walk_page_range+0xf6/0x160 hmm_range_fault+0x4f/0x90 amdgpu_hmm_range_get_pages+0x123/0x230 [amdgpu] amdgpu_ttm_tt_get_user_pages+0xb1/0x150 [amdgpu] init_user_pages+0xb1/0x2a0 [amdgpu] amdgpu_amdkfd_gpuvm_alloc_memory_of_gpu+0x543/0x7d0 [amdgpu] kfd_ioctl_alloc_memory_of_gpu+0x24c/0x4e0 [amdgpu] kfd_ioctl+0x29d/0x500 [amdgpu] Fixes: fa582c6f3684 ("drm/amdkfd: Use mmget_not_zero in MMU notifier") Signed-off-by: Philip Yang <Philip.Yang(a)amd.com> Reviewed-by: Felix Kuehling <felix.kuehling(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> (cherry picked from commit a29e067bd38946f752b0ef855f3dfff87e77bec7) Cc: stable(a)vger.kernel.org diff --git a/drivers/gpu/drm/amd/amdkfd/kfd_svm.c b/drivers/gpu/drm/amd/amdkfd/kfd_svm.c index 7763e4742080..a0f22ea6d15a 100644 --- a/drivers/gpu/drm/amd/amdkfd/kfd_svm.c +++ b/drivers/gpu/drm/amd/amdkfd/kfd_svm.c @@ -1171,13 +1171,12 @@ svm_range_split_head(struct svm_range *prange, uint64_t new_start, } static void -svm_range_add_child(struct svm_range *prange, struct mm_struct *mm, - struct svm_range *pchild, enum svm_work_list_ops op) +svm_range_add_child(struct svm_range *prange, struct svm_range *pchild, enum svm_work_list_ops op) { pr_debug("add child 0x%p [0x%lx 0x%lx] to prange 0x%p child list %d\n", pchild, pchild->start, pchild->last, prange, op); - pchild->work_item.mm = mm; + pchild->work_item.mm = NULL; pchild->work_item.op = op; list_add_tail(&pchild->child_list, &prange->child_list); } @@ -2394,15 +2393,17 @@ svm_range_add_list_work(struct svm_range_list *svms, struct svm_range *prange, prange->work_item.op != SVM_OP_UNMAP_RANGE) prange->work_item.op = op; } else { - prange->work_item.op = op; - - /* Pairs with mmput in deferred_list_work */ - mmget(mm); - prange->work_item.mm = mm; - list_add_tail(&prange->deferred_list, - &prange->svms->deferred_range_list); - pr_debug("add prange 0x%p [0x%lx 0x%lx] to work list op %d\n", - prange, prange->start, prange->last, op); + /* Pairs with mmput in deferred_list_work. + * If process is exiting and mm is gone, don't update mmu notifier. + */ + if (mmget_not_zero(mm)) { + prange->work_item.mm = mm; + prange->work_item.op = op; + list_add_tail(&prange->deferred_list, + &prange->svms->deferred_range_list); + pr_debug("add prange 0x%p [0x%lx 0x%lx] to work list op %d\n", + prange, prange->start, prange->last, op); + } } spin_unlock(&svms->deferred_list_lock); } @@ -2416,8 +2417,7 @@ void schedule_deferred_list_work(struct svm_range_list *svms) } static void -svm_range_unmap_split(struct mm_struct *mm, struct svm_range *parent, - struct svm_range *prange, unsigned long start, +svm_range_unmap_split(struct svm_range *parent, struct svm_range *prange, unsigned long start, unsigned long last) { struct svm_range *head; @@ -2438,12 +2438,12 @@ svm_range_unmap_split(struct mm_struct *mm, struct svm_range *parent, svm_range_split(tail, last + 1, tail->last, &head); if (head != prange && tail != prange) { - svm_range_add_child(parent, mm, head, SVM_OP_UNMAP_RANGE); - svm_range_add_child(parent, mm, tail, SVM_OP_ADD_RANGE); + svm_range_add_child(parent, head, SVM_OP_UNMAP_RANGE); + svm_range_add_child(parent, tail, SVM_OP_ADD_RANGE); } else if (tail != prange) { - svm_range_add_child(parent, mm, tail, SVM_OP_UNMAP_RANGE); + svm_range_add_child(parent, tail, SVM_OP_UNMAP_RANGE); } else if (head != prange) { - svm_range_add_child(parent, mm, head, SVM_OP_UNMAP_RANGE); + svm_range_add_child(parent, head, SVM_OP_UNMAP_RANGE); } else if (parent != prange) { prange->work_item.op = SVM_OP_UNMAP_RANGE; } @@ -2520,14 +2520,14 @@ svm_range_unmap_from_cpu(struct mm_struct *mm, struct svm_range *prange, l = min(last, pchild->last); if (l >= s) svm_range_unmap_from_gpus(pchild, s, l, trigger); - svm_range_unmap_split(mm, prange, pchild, start, last); + svm_range_unmap_split(prange, pchild, start, last); mutex_unlock(&pchild->lock); } s = max(start, prange->start); l = min(last, prange->last); if (l >= s) svm_range_unmap_from_gpus(prange, s, l, trigger); - svm_range_unmap_split(mm, prange, prange, start, last); + svm_range_unmap_split(prange, prange, start, last); if (unmap_parent) svm_range_add_list_work(svms, prange, mm, SVM_OP_UNMAP_RANGE); @@ -2570,8 +2570,6 @@ svm_range_cpu_invalidate_pagetables(struct mmu_interval_notifier *mni, if (range->event == MMU_NOTIFY_RELEASE) return true; - if (!mmget_not_zero(mni->mm)) - return true; start = mni->interval_tree.start; last = mni->interval_tree.last; @@ -2598,7 +2596,6 @@ svm_range_cpu_invalidate_pagetables(struct mmu_interval_notifier *mni, } svm_range_unlock(prange); - mmput(mni->mm); return true; }

3 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] ALSA: hda: Add missing NVIDIA HDA codec IDs" failed to apply to 6.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.15.y git checkout FETCH_HEAD git cherry-pick -x e0a911ac86857a73182edde9e50d9b4b949b7f01 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025071242-dropout-seldom-e04a@gregkh' --subject-prefix 'PATCH 6.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e0a911ac86857a73182edde9e50d9b4b949b7f01 Mon Sep 17 00:00:00 2001 From: Daniel Dadap <ddadap(a)nvidia.com> Date: Thu, 26 Jun 2025 16:16:30 -0500 Subject: [PATCH] ALSA: hda: Add missing NVIDIA HDA codec IDs Add codec IDs for several NVIDIA products with HDA controllers to the snd_hda_id_hdmi[] patch table. Signed-off-by: Daniel Dadap <ddadap(a)nvidia.com> Cc: <stable(a)vger.kernel.org> Link: https://patch.msgid.link/aF24rqwMKFWoHu12@ddadap-lakeline.nvidia.com Signed-off-by: Takashi Iwai <tiwai(a)suse.de> diff --git a/sound/pci/hda/patch_hdmi.c b/sound/pci/hda/patch_hdmi.c index 08308231b4ed..9a7793eb16e9 100644 --- a/sound/pci/hda/patch_hdmi.c +++ b/sound/pci/hda/patch_hdmi.c @@ -4551,7 +4551,9 @@ HDA_CODEC_ENTRY(0x10de002e, "Tegra186 HDMI/DP1", patch_tegra_hdmi), HDA_CODEC_ENTRY(0x10de002f, "Tegra194 HDMI/DP2", patch_tegra_hdmi), HDA_CODEC_ENTRY(0x10de0030, "Tegra194 HDMI/DP3", patch_tegra_hdmi), HDA_CODEC_ENTRY(0x10de0031, "Tegra234 HDMI/DP", patch_tegra234_hdmi), +HDA_CODEC_ENTRY(0x10de0033, "SoC 33 HDMI/DP", patch_tegra234_hdmi), HDA_CODEC_ENTRY(0x10de0034, "Tegra264 HDMI/DP", patch_tegra234_hdmi), +HDA_CODEC_ENTRY(0x10de0035, "SoC 35 HDMI/DP", patch_tegra234_hdmi), HDA_CODEC_ENTRY(0x10de0040, "GPU 40 HDMI/DP", patch_nvhdmi), HDA_CODEC_ENTRY(0x10de0041, "GPU 41 HDMI/DP", patch_nvhdmi), HDA_CODEC_ENTRY(0x10de0042, "GPU 42 HDMI/DP", patch_nvhdmi), @@ -4590,15 +4592,32 @@ HDA_CODEC_ENTRY(0x10de0097, "GPU 97 HDMI/DP", patch_nvhdmi), HDA_CODEC_ENTRY(0x10de0098, "GPU 98 HDMI/DP", patch_nvhdmi), HDA_CODEC_ENTRY(0x10de0099, "GPU 99 HDMI/DP", patch_nvhdmi), HDA_CODEC_ENTRY(0x10de009a, "GPU 9a HDMI/DP", patch_nvhdmi), +HDA_CODEC_ENTRY(0x10de009b, "GPU 9b HDMI/DP", patch_nvhdmi), +HDA_CODEC_ENTRY(0x10de009c, "GPU 9c HDMI/DP", patch_nvhdmi), HDA_CODEC_ENTRY(0x10de009d, "GPU 9d HDMI/DP", patch_nvhdmi), HDA_CODEC_ENTRY(0x10de009e, "GPU 9e HDMI/DP", patch_nvhdmi), HDA_CODEC_ENTRY(0x10de009f, "GPU 9f HDMI/DP", patch_nvhdmi), HDA_CODEC_ENTRY(0x10de00a0, "GPU a0 HDMI/DP", patch_nvhdmi), +HDA_CODEC_ENTRY(0x10de00a1, "GPU a1 HDMI/DP", patch_nvhdmi), HDA_CODEC_ENTRY(0x10de00a3, "GPU a3 HDMI/DP", patch_nvhdmi), HDA_CODEC_ENTRY(0x10de00a4, "GPU a4 HDMI/DP", patch_nvhdmi), HDA_CODEC_ENTRY(0x10de00a5, "GPU a5 HDMI/DP", patch_nvhdmi), HDA_CODEC_ENTRY(0x10de00a6, "GPU a6 HDMI/DP", patch_nvhdmi), HDA_CODEC_ENTRY(0x10de00a7, "GPU a7 HDMI/DP", patch_nvhdmi), +HDA_CODEC_ENTRY(0x10de00a8, "GPU a8 HDMI/DP", patch_nvhdmi), +HDA_CODEC_ENTRY(0x10de00a9, "GPU a9 HDMI/DP", patch_nvhdmi), +HDA_CODEC_ENTRY(0x10de00aa, "GPU aa HDMI/DP", patch_nvhdmi), +HDA_CODEC_ENTRY(0x10de00ab, "GPU ab HDMI/DP", patch_nvhdmi), +HDA_CODEC_ENTRY(0x10de00ad, "GPU ad HDMI/DP", patch_nvhdmi), +HDA_CODEC_ENTRY(0x10de00ae, "GPU ae HDMI/DP", patch_nvhdmi), +HDA_CODEC_ENTRY(0x10de00af, "GPU af HDMI/DP", patch_nvhdmi), +HDA_CODEC_ENTRY(0x10de00b0, "GPU b0 HDMI/DP", patch_nvhdmi), +HDA_CODEC_ENTRY(0x10de00b1, "GPU b1 HDMI/DP", patch_nvhdmi), +HDA_CODEC_ENTRY(0x10de00c0, "GPU c0 HDMI/DP", patch_nvhdmi), +HDA_CODEC_ENTRY(0x10de00c1, "GPU c1 HDMI/DP", patch_nvhdmi), +HDA_CODEC_ENTRY(0x10de00c3, "GPU c3 HDMI/DP", patch_nvhdmi), +HDA_CODEC_ENTRY(0x10de00c4, "GPU c4 HDMI/DP", patch_nvhdmi), +HDA_CODEC_ENTRY(0x10de00c5, "GPU c5 HDMI/DP", patch_nvhdmi), HDA_CODEC_ENTRY(0x10de8001, "MCP73 HDMI", patch_nvhdmi_2ch), HDA_CODEC_ENTRY(0x10de8067, "MCP67/68 HDMI", patch_nvhdmi_2ch), HDA_CODEC_ENTRY(0x67663d82, "Arise 82 HDMI/DP", patch_gf_hdmi),

3 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] arm64: Filter out SME hwcaps when FEAT_SME isn't implemented" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x a75ad2fc76a2ab70817c7eed3163b66ea84ca6ac # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025071235-marbling-sizably-bdbb@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a75ad2fc76a2ab70817c7eed3163b66ea84ca6ac Mon Sep 17 00:00:00 2001 From: Mark Brown <broonie(a)kernel.org> Date: Fri, 20 Jun 2025 12:28:48 +0100 Subject: [PATCH] arm64: Filter out SME hwcaps when FEAT_SME isn't implemented We have a number of hwcaps for various SME subfeatures enumerated via ID_AA64SMFR0_EL1. Currently we advertise these without cross checking against the main SME feature, advertised in ID_AA64PFR1_EL1.SME which means that if the two are out of sync userspace can see a confusing situation where SME subfeatures are advertised without the base SME hwcap. This can be readily triggered by using the arm64.nosme override which only masks out ID_AA64PFR1_EL1.SME, and there have also been reports of VMMs which do the same thing. Fix this as we did previously for SVE in 064737920bdb ("arm64: Filter out SVE hwcaps when FEAT_SVE isn't implemented") by filtering out the SME subfeature hwcaps when FEAT_SME is not present. Fixes: 5e64b862c482 ("arm64/sme: Basic enumeration support") Reported-by: Yury Khrustalev <yury.khrustalev(a)arm.com> Signed-off-by: Mark Brown <broonie(a)kernel.org> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20250620-arm64-sme-filter-hwcaps-v1-1-02b9d3c2d8e… Signed-off-by: Will Deacon <will(a)kernel.org> diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c index b34044e20128..e151585c6cca 100644 --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -3135,6 +3135,13 @@ static bool has_sve_feature(const struct arm64_cpu_capabilities *cap, int scope) } #endif +#ifdef CONFIG_ARM64_SME +static bool has_sme_feature(const struct arm64_cpu_capabilities *cap, int scope) +{ + return system_supports_sme() && has_user_cpuid_feature(cap, scope); +} +#endif + static const struct arm64_cpu_capabilities arm64_elf_hwcaps[] = { HWCAP_CAP(ID_AA64ISAR0_EL1, AES, PMULL, CAP_HWCAP, KERNEL_HWCAP_PMULL), HWCAP_CAP(ID_AA64ISAR0_EL1, AES, AES, CAP_HWCAP, KERNEL_HWCAP_AES), @@ -3223,31 +3230,31 @@ static const struct arm64_cpu_capabilities arm64_elf_hwcaps[] = { HWCAP_CAP(ID_AA64ISAR2_EL1, BC, IMP, CAP_HWCAP, KERNEL_HWCAP_HBC), #ifdef CONFIG_ARM64_SME HWCAP_CAP(ID_AA64PFR1_EL1, SME, IMP, CAP_HWCAP, KERNEL_HWCAP_SME), - HWCAP_CAP(ID_AA64SMFR0_EL1, FA64, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_FA64), - HWCAP_CAP(ID_AA64SMFR0_EL1, LUTv2, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_LUTV2), - HWCAP_CAP(ID_AA64SMFR0_EL1, SMEver, SME2p2, CAP_HWCAP, KERNEL_HWCAP_SME2P2), - HWCAP_CAP(ID_AA64SMFR0_EL1, SMEver, SME2p1, CAP_HWCAP, KERNEL_HWCAP_SME2P1), - HWCAP_CAP(ID_AA64SMFR0_EL1, SMEver, SME2, CAP_HWCAP, KERNEL_HWCAP_SME2), - HWCAP_CAP(ID_AA64SMFR0_EL1, I16I64, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_I16I64), - HWCAP_CAP(ID_AA64SMFR0_EL1, F64F64, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_F64F64), - HWCAP_CAP(ID_AA64SMFR0_EL1, I16I32, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_I16I32), - HWCAP_CAP(ID_AA64SMFR0_EL1, B16B16, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_B16B16), - HWCAP_CAP(ID_AA64SMFR0_EL1, F16F16, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_F16F16), - HWCAP_CAP(ID_AA64SMFR0_EL1, F8F16, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_F8F16), - HWCAP_CAP(ID_AA64SMFR0_EL1, F8F32, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_F8F32), - HWCAP_CAP(ID_AA64SMFR0_EL1, I8I32, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_I8I32), - HWCAP_CAP(ID_AA64SMFR0_EL1, F16F32, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_F16F32), - HWCAP_CAP(ID_AA64SMFR0_EL1, B16F32, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_B16F32), - HWCAP_CAP(ID_AA64SMFR0_EL1, BI32I32, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_BI32I32), - HWCAP_CAP(ID_AA64SMFR0_EL1, F32F32, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_F32F32), - HWCAP_CAP(ID_AA64SMFR0_EL1, SF8FMA, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_SF8FMA), - HWCAP_CAP(ID_AA64SMFR0_EL1, SF8DP4, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_SF8DP4), - HWCAP_CAP(ID_AA64SMFR0_EL1, SF8DP2, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_SF8DP2), - HWCAP_CAP(ID_AA64SMFR0_EL1, SBitPerm, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_SBITPERM), - HWCAP_CAP(ID_AA64SMFR0_EL1, AES, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_AES), - HWCAP_CAP(ID_AA64SMFR0_EL1, SFEXPA, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_SFEXPA), - HWCAP_CAP(ID_AA64SMFR0_EL1, STMOP, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_STMOP), - HWCAP_CAP(ID_AA64SMFR0_EL1, SMOP4, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_SMOP4), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, FA64, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_FA64), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, LUTv2, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_LUTV2), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, SMEver, SME2p2, CAP_HWCAP, KERNEL_HWCAP_SME2P2), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, SMEver, SME2p1, CAP_HWCAP, KERNEL_HWCAP_SME2P1), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, SMEver, SME2, CAP_HWCAP, KERNEL_HWCAP_SME2), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, I16I64, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_I16I64), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, F64F64, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_F64F64), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, I16I32, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_I16I32), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, B16B16, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_B16B16), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, F16F16, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_F16F16), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, F8F16, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_F8F16), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, F8F32, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_F8F32), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, I8I32, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_I8I32), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, F16F32, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_F16F32), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, B16F32, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_B16F32), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, BI32I32, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_BI32I32), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, F32F32, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_F32F32), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, SF8FMA, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_SF8FMA), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, SF8DP4, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_SF8DP4), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, SF8DP2, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_SF8DP2), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, SBitPerm, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_SBITPERM), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, AES, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_AES), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, SFEXPA, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_SFEXPA), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, STMOP, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_STMOP), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, SMOP4, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_SMOP4), #endif /* CONFIG_ARM64_SME */ HWCAP_CAP(ID_AA64FPFR0_EL1, F8CVT, IMP, CAP_HWCAP, KERNEL_HWCAP_F8CVT), HWCAP_CAP(ID_AA64FPFR0_EL1, F8FMA, IMP, CAP_HWCAP, KERNEL_HWCAP_F8FMA),

3 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] arm64: Filter out SME hwcaps when FEAT_SME isn't implemented" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x a75ad2fc76a2ab70817c7eed3163b66ea84ca6ac # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025071235-trowel-void-fe33@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a75ad2fc76a2ab70817c7eed3163b66ea84ca6ac Mon Sep 17 00:00:00 2001 From: Mark Brown <broonie(a)kernel.org> Date: Fri, 20 Jun 2025 12:28:48 +0100 Subject: [PATCH] arm64: Filter out SME hwcaps when FEAT_SME isn't implemented We have a number of hwcaps for various SME subfeatures enumerated via ID_AA64SMFR0_EL1. Currently we advertise these without cross checking against the main SME feature, advertised in ID_AA64PFR1_EL1.SME which means that if the two are out of sync userspace can see a confusing situation where SME subfeatures are advertised without the base SME hwcap. This can be readily triggered by using the arm64.nosme override which only masks out ID_AA64PFR1_EL1.SME, and there have also been reports of VMMs which do the same thing. Fix this as we did previously for SVE in 064737920bdb ("arm64: Filter out SVE hwcaps when FEAT_SVE isn't implemented") by filtering out the SME subfeature hwcaps when FEAT_SME is not present. Fixes: 5e64b862c482 ("arm64/sme: Basic enumeration support") Reported-by: Yury Khrustalev <yury.khrustalev(a)arm.com> Signed-off-by: Mark Brown <broonie(a)kernel.org> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20250620-arm64-sme-filter-hwcaps-v1-1-02b9d3c2d8e… Signed-off-by: Will Deacon <will(a)kernel.org> diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c index b34044e20128..e151585c6cca 100644 --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -3135,6 +3135,13 @@ static bool has_sve_feature(const struct arm64_cpu_capabilities *cap, int scope) } #endif +#ifdef CONFIG_ARM64_SME +static bool has_sme_feature(const struct arm64_cpu_capabilities *cap, int scope) +{ + return system_supports_sme() && has_user_cpuid_feature(cap, scope); +} +#endif + static const struct arm64_cpu_capabilities arm64_elf_hwcaps[] = { HWCAP_CAP(ID_AA64ISAR0_EL1, AES, PMULL, CAP_HWCAP, KERNEL_HWCAP_PMULL), HWCAP_CAP(ID_AA64ISAR0_EL1, AES, AES, CAP_HWCAP, KERNEL_HWCAP_AES), @@ -3223,31 +3230,31 @@ static const struct arm64_cpu_capabilities arm64_elf_hwcaps[] = { HWCAP_CAP(ID_AA64ISAR2_EL1, BC, IMP, CAP_HWCAP, KERNEL_HWCAP_HBC), #ifdef CONFIG_ARM64_SME HWCAP_CAP(ID_AA64PFR1_EL1, SME, IMP, CAP_HWCAP, KERNEL_HWCAP_SME), - HWCAP_CAP(ID_AA64SMFR0_EL1, FA64, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_FA64), - HWCAP_CAP(ID_AA64SMFR0_EL1, LUTv2, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_LUTV2), - HWCAP_CAP(ID_AA64SMFR0_EL1, SMEver, SME2p2, CAP_HWCAP, KERNEL_HWCAP_SME2P2), - HWCAP_CAP(ID_AA64SMFR0_EL1, SMEver, SME2p1, CAP_HWCAP, KERNEL_HWCAP_SME2P1), - HWCAP_CAP(ID_AA64SMFR0_EL1, SMEver, SME2, CAP_HWCAP, KERNEL_HWCAP_SME2), - HWCAP_CAP(ID_AA64SMFR0_EL1, I16I64, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_I16I64), - HWCAP_CAP(ID_AA64SMFR0_EL1, F64F64, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_F64F64), - HWCAP_CAP(ID_AA64SMFR0_EL1, I16I32, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_I16I32), - HWCAP_CAP(ID_AA64SMFR0_EL1, B16B16, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_B16B16), - HWCAP_CAP(ID_AA64SMFR0_EL1, F16F16, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_F16F16), - HWCAP_CAP(ID_AA64SMFR0_EL1, F8F16, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_F8F16), - HWCAP_CAP(ID_AA64SMFR0_EL1, F8F32, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_F8F32), - HWCAP_CAP(ID_AA64SMFR0_EL1, I8I32, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_I8I32), - HWCAP_CAP(ID_AA64SMFR0_EL1, F16F32, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_F16F32), - HWCAP_CAP(ID_AA64SMFR0_EL1, B16F32, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_B16F32), - HWCAP_CAP(ID_AA64SMFR0_EL1, BI32I32, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_BI32I32), - HWCAP_CAP(ID_AA64SMFR0_EL1, F32F32, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_F32F32), - HWCAP_CAP(ID_AA64SMFR0_EL1, SF8FMA, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_SF8FMA), - HWCAP_CAP(ID_AA64SMFR0_EL1, SF8DP4, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_SF8DP4), - HWCAP_CAP(ID_AA64SMFR0_EL1, SF8DP2, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_SF8DP2), - HWCAP_CAP(ID_AA64SMFR0_EL1, SBitPerm, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_SBITPERM), - HWCAP_CAP(ID_AA64SMFR0_EL1, AES, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_AES), - HWCAP_CAP(ID_AA64SMFR0_EL1, SFEXPA, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_SFEXPA), - HWCAP_CAP(ID_AA64SMFR0_EL1, STMOP, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_STMOP), - HWCAP_CAP(ID_AA64SMFR0_EL1, SMOP4, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_SMOP4), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, FA64, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_FA64), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, LUTv2, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_LUTV2), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, SMEver, SME2p2, CAP_HWCAP, KERNEL_HWCAP_SME2P2), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, SMEver, SME2p1, CAP_HWCAP, KERNEL_HWCAP_SME2P1), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, SMEver, SME2, CAP_HWCAP, KERNEL_HWCAP_SME2), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, I16I64, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_I16I64), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, F64F64, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_F64F64), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, I16I32, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_I16I32), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, B16B16, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_B16B16), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, F16F16, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_F16F16), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, F8F16, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_F8F16), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, F8F32, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_F8F32), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, I8I32, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_I8I32), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, F16F32, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_F16F32), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, B16F32, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_B16F32), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, BI32I32, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_BI32I32), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, F32F32, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_F32F32), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, SF8FMA, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_SF8FMA), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, SF8DP4, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_SF8DP4), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, SF8DP2, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_SF8DP2), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, SBitPerm, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_SBITPERM), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, AES, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_AES), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, SFEXPA, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_SFEXPA), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, STMOP, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_STMOP), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, SMOP4, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_SMOP4), #endif /* CONFIG_ARM64_SME */ HWCAP_CAP(ID_AA64FPFR0_EL1, F8CVT, IMP, CAP_HWCAP, KERNEL_HWCAP_F8CVT), HWCAP_CAP(ID_AA64FPFR0_EL1, F8FMA, IMP, CAP_HWCAP, KERNEL_HWCAP_F8FMA),

3 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] arm64: Filter out SME hwcaps when FEAT_SME isn't implemented" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x a75ad2fc76a2ab70817c7eed3163b66ea84ca6ac # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025071234-upturned-graves-62a7@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a75ad2fc76a2ab70817c7eed3163b66ea84ca6ac Mon Sep 17 00:00:00 2001 From: Mark Brown <broonie(a)kernel.org> Date: Fri, 20 Jun 2025 12:28:48 +0100 Subject: [PATCH] arm64: Filter out SME hwcaps when FEAT_SME isn't implemented We have a number of hwcaps for various SME subfeatures enumerated via ID_AA64SMFR0_EL1. Currently we advertise these without cross checking against the main SME feature, advertised in ID_AA64PFR1_EL1.SME which means that if the two are out of sync userspace can see a confusing situation where SME subfeatures are advertised without the base SME hwcap. This can be readily triggered by using the arm64.nosme override which only masks out ID_AA64PFR1_EL1.SME, and there have also been reports of VMMs which do the same thing. Fix this as we did previously for SVE in 064737920bdb ("arm64: Filter out SVE hwcaps when FEAT_SVE isn't implemented") by filtering out the SME subfeature hwcaps when FEAT_SME is not present. Fixes: 5e64b862c482 ("arm64/sme: Basic enumeration support") Reported-by: Yury Khrustalev <yury.khrustalev(a)arm.com> Signed-off-by: Mark Brown <broonie(a)kernel.org> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20250620-arm64-sme-filter-hwcaps-v1-1-02b9d3c2d8e… Signed-off-by: Will Deacon <will(a)kernel.org> diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c index b34044e20128..e151585c6cca 100644 --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -3135,6 +3135,13 @@ static bool has_sve_feature(const struct arm64_cpu_capabilities *cap, int scope) } #endif +#ifdef CONFIG_ARM64_SME +static bool has_sme_feature(const struct arm64_cpu_capabilities *cap, int scope) +{ + return system_supports_sme() && has_user_cpuid_feature(cap, scope); +} +#endif + static const struct arm64_cpu_capabilities arm64_elf_hwcaps[] = { HWCAP_CAP(ID_AA64ISAR0_EL1, AES, PMULL, CAP_HWCAP, KERNEL_HWCAP_PMULL), HWCAP_CAP(ID_AA64ISAR0_EL1, AES, AES, CAP_HWCAP, KERNEL_HWCAP_AES), @@ -3223,31 +3230,31 @@ static const struct arm64_cpu_capabilities arm64_elf_hwcaps[] = { HWCAP_CAP(ID_AA64ISAR2_EL1, BC, IMP, CAP_HWCAP, KERNEL_HWCAP_HBC), #ifdef CONFIG_ARM64_SME HWCAP_CAP(ID_AA64PFR1_EL1, SME, IMP, CAP_HWCAP, KERNEL_HWCAP_SME), - HWCAP_CAP(ID_AA64SMFR0_EL1, FA64, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_FA64), - HWCAP_CAP(ID_AA64SMFR0_EL1, LUTv2, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_LUTV2), - HWCAP_CAP(ID_AA64SMFR0_EL1, SMEver, SME2p2, CAP_HWCAP, KERNEL_HWCAP_SME2P2), - HWCAP_CAP(ID_AA64SMFR0_EL1, SMEver, SME2p1, CAP_HWCAP, KERNEL_HWCAP_SME2P1), - HWCAP_CAP(ID_AA64SMFR0_EL1, SMEver, SME2, CAP_HWCAP, KERNEL_HWCAP_SME2), - HWCAP_CAP(ID_AA64SMFR0_EL1, I16I64, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_I16I64), - HWCAP_CAP(ID_AA64SMFR0_EL1, F64F64, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_F64F64), - HWCAP_CAP(ID_AA64SMFR0_EL1, I16I32, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_I16I32), - HWCAP_CAP(ID_AA64SMFR0_EL1, B16B16, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_B16B16), - HWCAP_CAP(ID_AA64SMFR0_EL1, F16F16, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_F16F16), - HWCAP_CAP(ID_AA64SMFR0_EL1, F8F16, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_F8F16), - HWCAP_CAP(ID_AA64SMFR0_EL1, F8F32, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_F8F32), - HWCAP_CAP(ID_AA64SMFR0_EL1, I8I32, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_I8I32), - HWCAP_CAP(ID_AA64SMFR0_EL1, F16F32, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_F16F32), - HWCAP_CAP(ID_AA64SMFR0_EL1, B16F32, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_B16F32), - HWCAP_CAP(ID_AA64SMFR0_EL1, BI32I32, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_BI32I32), - HWCAP_CAP(ID_AA64SMFR0_EL1, F32F32, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_F32F32), - HWCAP_CAP(ID_AA64SMFR0_EL1, SF8FMA, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_SF8FMA), - HWCAP_CAP(ID_AA64SMFR0_EL1, SF8DP4, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_SF8DP4), - HWCAP_CAP(ID_AA64SMFR0_EL1, SF8DP2, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_SF8DP2), - HWCAP_CAP(ID_AA64SMFR0_EL1, SBitPerm, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_SBITPERM), - HWCAP_CAP(ID_AA64SMFR0_EL1, AES, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_AES), - HWCAP_CAP(ID_AA64SMFR0_EL1, SFEXPA, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_SFEXPA), - HWCAP_CAP(ID_AA64SMFR0_EL1, STMOP, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_STMOP), - HWCAP_CAP(ID_AA64SMFR0_EL1, SMOP4, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_SMOP4), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, FA64, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_FA64), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, LUTv2, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_LUTV2), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, SMEver, SME2p2, CAP_HWCAP, KERNEL_HWCAP_SME2P2), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, SMEver, SME2p1, CAP_HWCAP, KERNEL_HWCAP_SME2P1), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, SMEver, SME2, CAP_HWCAP, KERNEL_HWCAP_SME2), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, I16I64, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_I16I64), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, F64F64, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_F64F64), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, I16I32, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_I16I32), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, B16B16, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_B16B16), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, F16F16, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_F16F16), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, F8F16, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_F8F16), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, F8F32, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_F8F32), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, I8I32, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_I8I32), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, F16F32, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_F16F32), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, B16F32, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_B16F32), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, BI32I32, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_BI32I32), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, F32F32, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_F32F32), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, SF8FMA, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_SF8FMA), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, SF8DP4, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_SF8DP4), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, SF8DP2, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_SF8DP2), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, SBitPerm, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_SBITPERM), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, AES, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_AES), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, SFEXPA, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_SFEXPA), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, STMOP, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_STMOP), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, SMOP4, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_SMOP4), #endif /* CONFIG_ARM64_SME */ HWCAP_CAP(ID_AA64FPFR0_EL1, F8CVT, IMP, CAP_HWCAP, KERNEL_HWCAP_F8CVT), HWCAP_CAP(ID_AA64FPFR0_EL1, F8FMA, IMP, CAP_HWCAP, KERNEL_HWCAP_F8FMA),

3 months, 3 weeks

1
0
0 0

[PATCH 5.10 v2 00/16] ITS mitigation for 5.10

by Pawan Gupta

v2: - Fixed the sign-offs. v1: https://lore.kernel.org/stable/20250610-its-5-10-v1-0-64f0ae98c98d@linux.in… This is the backport for Indirect Target Selection(ITS) mitigation for 5.10. This is only boot tested, so sending it as an RFC for now. I hope some bot picks this up for some at-scale testing. Meanwhile I am doing basic tests around ITS mitigation. In addition to commits in 5.15 ITS backport, below commits are required to make the ITS mitigation work on 5.10. These are the prime target of scrutiny: x86/alternatives: Teach text_poke_bp() to patch Jcc.d32 instructions x86/alternatives: Introduce int3_emulate_jcc() x86/bhi: Define SPEC_CTRL_BHI_DIS_S --- Borislav Petkov (AMD) (1): x86/alternative: Optimize returns patching Daniel Sneddon (1): x86/bhi: Define SPEC_CTRL_BHI_DIS_S Eric Biggers (1): x86/its: Fix build errors when CONFIG_MODULES=n Josh Poimboeuf (1): x86/alternatives: Remove faulty optimization Pawan Gupta (7): Documentation: x86/bugs/its: Add ITS documentation x86/its: Enumerate Indirect Target Selection (ITS) bug x86/its: Add support for ITS-safe indirect thunk x86/its: Add support for ITS-safe return thunk x86/its: Fix undefined reference to cpu_wants_rethunk_at() x86/its: Enable Indirect Target Selection mitigation x86/its: Add "vmexit" option to skip mitigation on some CPUs Peter Zijlstra (4): x86/alternatives: Introduce int3_emulate_jcc() x86/alternatives: Teach text_poke_bp() to patch Jcc.d32 instructions x86/its: Use dynamic thunks for indirect branches x86/its: FineIBT-paranoid vs ITS Thomas Gleixner (1): x86/modules: Set VM_FLUSH_RESET_PERMS in module_alloc() Documentation/ABI/testing/sysfs-devices-system-cpu | 1 + Documentation/admin-guide/hw-vuln/index.rst | 1 + .../hw-vuln/indirect-target-selection.rst | 156 +++++++++++ Documentation/admin-guide/kernel-parameters.txt | 15 + arch/x86/Kconfig | 11 + arch/x86/include/asm/alternative.h | 26 ++ arch/x86/include/asm/cpufeatures.h | 6 +- arch/x86/include/asm/msr-index.h | 13 +- arch/x86/include/asm/nospec-branch.h | 11 + arch/x86/include/asm/text-patching.h | 31 +++ arch/x86/kernel/alternative.c | 308 ++++++++++++++++++++- arch/x86/kernel/cpu/bugs.c | 139 +++++++++- arch/x86/kernel/cpu/common.c | 63 ++++- arch/x86/kernel/cpu/scattered.c | 1 + arch/x86/kernel/ftrace.c | 4 +- arch/x86/kernel/kprobes/core.c | 39 +-- arch/x86/kernel/module.c | 14 +- arch/x86/kernel/static_call.c | 2 +- arch/x86/kernel/vmlinux.lds.S | 8 + arch/x86/kvm/x86.c | 4 +- arch/x86/lib/retpoline.S | 39 +++ arch/x86/net/bpf_jit_comp.c | 8 +- drivers/base/cpu.c | 8 + include/linux/cpu.h | 2 + include/linux/module.h | 5 + 25 files changed, 842 insertions(+), 73 deletions(-) --- base-commit: 01e7e36b8606e5d4fddf795938010f7bfa3aa277 change-id: 20250617-its-5-10-43d1e195b345

3 months, 3 weeks

3
36
0 0

6.12 drm/amdgpu ip discovery for legacy asics

by Jonathan Gray

After 6.12.36, amdgpu on a picasso apu prints an error: "get invalid ip discovery binary signature". Both with and without picasso_ip_discovery.bin from linux-firmware 20250708. The error is avoided by backporting more ip discovery patches. 25f602fbbcc8 drm/amdgpu/discovery: use specific ip_discovery.bin for legacy asics 2f6dd741cdcd drm/amdgpu/ip_discovery: add missing ip_discovery fw second is a fix for the first

3 months, 3 weeks

2
1
0 0

[PATCH 1/2] netfs: Fix copy-to-cache so that it performs collection with ceph+fscache

by David Howells

The netfs copy-to-cache that is used by Ceph with local caching sets up a new request to write data just read to the cache. The request is started and then left to look after itself whilst the app continues. The request gets notified by the backing fs upon completion of the async DIO write, but then tries to wake up the app because NETFS_RREQ_OFFLOAD_COLLECTION isn't set - but the app isn't waiting there, and so the request just hangs. Fix this by setting NETFS_RREQ_OFFLOAD_COLLECTION which causes the notification from the backing filesystem to put the collection onto a work queue instead. Fixes: e2d46f2ec332 ("netfs: Change the read result collector to only use one work item") Reported-by: Max Kellermann <max.kellermann(a)ionos.com> Link: https://lore.kernel.org/r/CAKPOu+8z_ijTLHdiCYGU_Uk7yYD=shxyGLwfe-L7AV3DhebS… Signed-off-by: David Howells <dhowells(a)redhat.com> cc: Paulo Alcantara <pc(a)manguebit.org> cc: Viacheslav Dubeyko <slava(a)dubeyko.com> cc: Alex Markuze <amarkuze(a)redhat.com> cc: Ilya Dryomov <idryomov(a)gmail.com> cc: netfs(a)lists.linux.dev cc: ceph-devel(a)vger.kernel.org cc: linux-fsdevel(a)vger.kernel.org cc: stable(a)vger.kernel.org --- fs/netfs/read_pgpriv2.c | 1 + 1 file changed, 1 insertion(+) diff --git a/fs/netfs/read_pgpriv2.c b/fs/netfs/read_pgpriv2.c index 5bbe906a551d..080d2a6a51d9 100644 --- a/fs/netfs/read_pgpriv2.c +++ b/fs/netfs/read_pgpriv2.c @@ -110,6 +110,7 @@ static struct netfs_io_request *netfs_pgpriv2_begin_copy_to_cache( if (!creq->io_streams[1].avail) goto cancel_put; + __set_bit(NETFS_RREQ_OFFLOAD_COLLECTION, &creq->flags); trace_netfs_write(creq, netfs_write_trace_copy_to_cache); netfs_stat(&netfs_n_wh_copy_to_cache); rreq->copy_to_cache = creq;

3 months, 3 weeks

2
1
0 0

[PATCH V5] efi/tpm: Fix the issue where the CC platforms event log header can't be correctly identified

by yangge1116＠126.com

From: Ge Yang <yangge1116(a)126.com> Since commit d228814b1913 ("efi/libstub: Add get_event_log() support for CC platforms") reuses TPM2 support code for the CC platforms, when launching a TDX virtual machine with coco measurement enabled, the following error log is generated: [Firmware Bug]: Failed to parse event in TPM Final Events Log Call Trace: efi_config_parse_tables() efi_tpm_eventlog_init() tpm2_calc_event_log_size() __calc_tpm2_event_size() The pcr_idx value in the Intel TDX log header is 1, causing the function __calc_tpm2_event_size() to fail to recognize the log header, ultimately leading to the "Failed to parse event in TPM Final Events Log" error. According to UEFI Specification 2.10, Section 38.4.1: For TDX, TPM PCR 0 maps to MRTD, so the log header uses TPM PCR 1 instead. To successfully parse the TDX event log header, the check for a pcr_idx value of 0 must be skipped. There's no danger of this causing problems because we check for the TCG_SPECID_SIG signature as the next thing. Link: https://uefi.org/specs/UEFI/2.10/38_Confidential_Computing.html#intel-trust… Fixes: d228814b1913 ("efi/libstub: Add get_event_log() support for CC platforms") Signed-off-by: Ge Yang <yangge1116(a)126.com> Cc: stable(a)vger.kernel.org --- V5: - remove the pcr_index check without adding any replacement checks suggested by James and Sathyanarayanan V4: - remove cc_platform_has(CC_ATTR_GUEST_STATE_ENCRYPT) suggested by Ard V3: - fix build error V2: - limit the fix for CC only suggested by Jarkko and Sathyanarayanan include/linux/tpm_eventlog.h | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/include/linux/tpm_eventlog.h b/include/linux/tpm_eventlog.h index 891368e..05c0ae5 100644 --- a/include/linux/tpm_eventlog.h +++ b/include/linux/tpm_eventlog.h @@ -202,8 +202,7 @@ static __always_inline u32 __calc_tpm2_event_size(struct tcg_pcr_event2_head *ev event_type = event->event_type; /* Verify that it's the log header */ - if (event_header->pcr_idx != 0 || - event_header->event_type != NO_ACTION || + if (event_header->event_type != NO_ACTION || memcmp(event_header->digest, zero_digest, sizeof(zero_digest))) { size = 0; goto out; -- 2.7.4

3 months, 3 weeks

3
2
0 0

[PATCH V4] efi/tpm: Fix the issue where the CC platforms event log header can't be correctly identified

by yangge1116＠126.com

From: Ge Yang <yangge1116(a)126.com> Since commit d228814b1913 ("efi/libstub: Add get_event_log() support for CC platforms") reuses TPM2 support code for the CC platforms, when launching a TDX virtual machine with coco measurement enabled, the following error log is generated: [Firmware Bug]: Failed to parse event in TPM Final Events Log Call Trace: efi_config_parse_tables() efi_tpm_eventlog_init() tpm2_calc_event_log_size() __calc_tpm2_event_size() The pcr_idx value in the Intel TDX log header is 1, causing the function __calc_tpm2_event_size() to fail to recognize the log header, ultimately leading to the "Failed to parse event in TPM Final Events Log" error. According to UEFI Specification 2.10, Section 38.4.1: For TDX, TPM PCR 0 maps to MRTD, so the log header uses TPM PCR 1 instead. To successfully parse the TDX event log header, the check for a pcr_idx value of 0 must be skipped. According to Table 6 in Section 10.2.1 of the TCG PC Client Specification, the index field does not require the PCR index to be fixed at zero. Therefore, skipping the check for a pcr_idx value of 0 for CC platforms is safe. Link: https://uefi.org/specs/UEFI/2.10/38_Confidential_Computing.html#intel-trust… Link: https://trustedcomputinggroup.org/wp-content/uploads/TCG_PCClient_PFP_r1p05… Fixes: d228814b1913 ("efi/libstub: Add get_event_log() support for CC platforms") Signed-off-by: Ge Yang <yangge1116(a)126.com> Cc: stable(a)vger.kernel.org --- V4: - remove cc_platform_has(CC_ATTR_GUEST_STATE_ENCRYPT) suggested by Ard V3: - fix build error V2: - limit the fix for CC only suggested by Jarkko and Sathyanarayanan drivers/char/tpm/eventlog/tpm2.c | 6 +++++- drivers/firmware/efi/efi.c | 8 ++++++-- drivers/firmware/efi/libstub/tpm.c | 13 +++++++++---- drivers/firmware/efi/tpm.c | 36 ++++++++++++++++++++---------------- include/linux/efi.h | 4 +++- include/linux/tpm_eventlog.h | 14 +++++++++++--- 6 files changed, 54 insertions(+), 27 deletions(-) diff --git a/drivers/char/tpm/eventlog/tpm2.c b/drivers/char/tpm/eventlog/tpm2.c index 37a0580..e9484fd 100644 --- a/drivers/char/tpm/eventlog/tpm2.c +++ b/drivers/char/tpm/eventlog/tpm2.c @@ -36,7 +36,11 @@ static size_t calc_tpm2_event_size(struct tcg_pcr_event2_head *event, struct tcg_pcr_event *event_header) { - return __calc_tpm2_event_size(event, event_header, false); + /* + * This function is only used by TPM2 and will not be used by CC. + * Therefore, the argument is_cc_event is set to 0. + */ + return __calc_tpm2_event_size(event, event_header, false, 0); } static void *tpm2_bios_measurements_start(struct seq_file *m, loff_t *pos) diff --git a/drivers/firmware/efi/efi.c b/drivers/firmware/efi/efi.c index e57bff7..954b8f7 100644 --- a/drivers/firmware/efi/efi.c +++ b/drivers/firmware/efi/efi.c @@ -45,6 +45,7 @@ struct efi __read_mostly efi = { .esrt = EFI_INVALID_TABLE_ADDR, .tpm_log = EFI_INVALID_TABLE_ADDR, .tpm_final_log = EFI_INVALID_TABLE_ADDR, + .cc_final_log = EFI_INVALID_TABLE_ADDR, #ifdef CONFIG_LOAD_UEFI_KEYS .mokvar_table = EFI_INVALID_TABLE_ADDR, #endif @@ -613,7 +614,7 @@ static const efi_config_table_type_t common_tables[] __initconst = { {LINUX_EFI_RANDOM_SEED_TABLE_GUID, &efi_rng_seed, "RNG" }, {LINUX_EFI_TPM_EVENT_LOG_GUID, &efi.tpm_log, "TPMEventLog" }, {EFI_TCG2_FINAL_EVENTS_TABLE_GUID, &efi.tpm_final_log, "TPMFinalLog" }, - {EFI_CC_FINAL_EVENTS_TABLE_GUID, &efi.tpm_final_log, "CCFinalLog" }, + {EFI_CC_FINAL_EVENTS_TABLE_GUID, &efi.cc_final_log, "CCFinalLog" }, {LINUX_EFI_MEMRESERVE_TABLE_GUID, &mem_reserve, "MEMRESERVE" }, {LINUX_EFI_INITRD_MEDIA_GUID, &initrd, "INITRD" }, {EFI_RT_PROPERTIES_TABLE_GUID, &rt_prop, "RTPROP" }, @@ -752,7 +753,10 @@ int __init efi_config_parse_tables(const efi_config_table_t *config_tables, if (!IS_ENABLED(CONFIG_X86_32) && efi_enabled(EFI_MEMMAP)) efi_memattr_init(); - efi_tpm_eventlog_init(); + if (efi.tpm_final_log != EFI_INVALID_TABLE_ADDR) + efi_tcg2_eventlog_init(&efi.tpm_log, &efi.tpm_final_log, 0); + else if (efi.cc_final_log != EFI_INVALID_TABLE_ADDR) + efi_tcg2_eventlog_init(&efi.tpm_log, &efi.cc_final_log, 1); if (mem_reserve != EFI_INVALID_TABLE_ADDR) { unsigned long prsv = mem_reserve; diff --git a/drivers/firmware/efi/libstub/tpm.c b/drivers/firmware/efi/libstub/tpm.c index a5c6c4f..9728060 100644 --- a/drivers/firmware/efi/libstub/tpm.c +++ b/drivers/firmware/efi/libstub/tpm.c @@ -50,7 +50,8 @@ void efi_enable_reset_attack_mitigation(void) static void efi_retrieve_tcg2_eventlog(int version, efi_physical_addr_t log_location, efi_physical_addr_t log_last_entry, efi_bool_t truncated, - struct efi_tcg2_final_events_table *final_events_table) + struct efi_tcg2_final_events_table *final_events_table, + bool is_cc_event) { efi_guid_t linux_eventlog_guid = LINUX_EFI_TPM_EVENT_LOG_GUID; efi_status_t status; @@ -87,7 +88,8 @@ static void efi_retrieve_tcg2_eventlog(int version, efi_physical_addr_t log_loca last_entry_size = __calc_tpm2_event_size((void *)last_entry_addr, (void *)(long)log_location, - false); + false, + is_cc_event); } else { last_entry_size = sizeof(struct tcpa_event) + ((struct tcpa_event *) last_entry_addr)->event_size; @@ -123,7 +125,8 @@ static void efi_retrieve_tcg2_eventlog(int version, efi_physical_addr_t log_loca header = data + offset + final_events_size; event_size = __calc_tpm2_event_size(header, (void *)(long)log_location, - false); + false, + is_cc_event); /* If calc fails this is a malformed log */ if (!event_size) break; @@ -157,6 +160,7 @@ void efi_retrieve_eventlog(void) efi_tcg2_protocol_t *tpm2 = NULL; efi_bool_t truncated; efi_status_t status; + bool is_cc_event = false; status = efi_bs_call(locate_protocol, &tpm2_guid, NULL, (void **)&tpm2); if (status == EFI_SUCCESS) { @@ -186,11 +190,12 @@ void efi_retrieve_eventlog(void) final_events_table = get_efi_config_table(EFI_CC_FINAL_EVENTS_TABLE_GUID); + is_cc_event = true; } if (status != EFI_SUCCESS || !log_location) return; efi_retrieve_tcg2_eventlog(version, log_location, log_last_entry, - truncated, final_events_table); + truncated, final_events_table, is_cc_event); } diff --git a/drivers/firmware/efi/tpm.c b/drivers/firmware/efi/tpm.c index cdd4310..d79291d 100644 --- a/drivers/firmware/efi/tpm.c +++ b/drivers/firmware/efi/tpm.c @@ -16,14 +16,16 @@ int efi_tpm_final_log_size; EXPORT_SYMBOL(efi_tpm_final_log_size); -static int __init tpm2_calc_event_log_size(void *data, int count, void *size_info) +static int __init tpm2_calc_event_log_size(void *data, int count, + void *size_info, bool is_cc_event) { struct tcg_pcr_event2_head *header; u32 event_size, size = 0; while (count > 0) { header = data + size; - event_size = __calc_tpm2_event_size(header, size_info, true); + event_size = __calc_tpm2_event_size(header, size_info, true, + is_cc_event); if (event_size == 0) return -1; size += event_size; @@ -36,7 +38,8 @@ static int __init tpm2_calc_event_log_size(void *data, int count, void *size_inf /* * Reserve the memory associated with the TPM Event Log configuration table. */ -int __init efi_tpm_eventlog_init(void) +int __init efi_tcg2_eventlog_init(unsigned long *log, unsigned long *final_log, + bool is_cc_event) { struct linux_efi_tpm_eventlog *log_tbl; struct efi_tcg2_final_events_table *final_tbl; @@ -44,7 +47,7 @@ int __init efi_tpm_eventlog_init(void) int final_tbl_size; int ret = 0; - if (efi.tpm_log == EFI_INVALID_TABLE_ADDR) { + if (*log == EFI_INVALID_TABLE_ADDR) { /* * We can't calculate the size of the final events without the * first entry in the TPM log, so bail here. @@ -52,23 +55,23 @@ int __init efi_tpm_eventlog_init(void) return 0; } - log_tbl = early_memremap(efi.tpm_log, sizeof(*log_tbl)); + log_tbl = early_memremap(*log, sizeof(*log_tbl)); if (!log_tbl) { pr_err("Failed to map TPM Event Log table @ 0x%lx\n", - efi.tpm_log); - efi.tpm_log = EFI_INVALID_TABLE_ADDR; + *log); + *log = EFI_INVALID_TABLE_ADDR; return -ENOMEM; } tbl_size = sizeof(*log_tbl) + log_tbl->size; - if (memblock_reserve(efi.tpm_log, tbl_size)) { + if (memblock_reserve(*log, tbl_size)) { pr_err("TPM Event Log memblock reserve fails (0x%lx, 0x%x)\n", - efi.tpm_log, tbl_size); + *log, tbl_size); ret = -ENOMEM; goto out; } - if (efi.tpm_final_log == EFI_INVALID_TABLE_ADDR) { + if (*final_log == EFI_INVALID_TABLE_ADDR) { pr_info("TPM Final Events table not present\n"); goto out; } else if (log_tbl->version != EFI_TCG2_EVENT_LOG_FORMAT_TCG_2) { @@ -76,25 +79,26 @@ int __init efi_tpm_eventlog_init(void) goto out; } - final_tbl = early_memremap(efi.tpm_final_log, sizeof(*final_tbl)); + final_tbl = early_memremap(*final_log, sizeof(*final_tbl)); if (!final_tbl) { pr_err("Failed to map TPM Final Event Log table @ 0x%lx\n", - efi.tpm_final_log); - efi.tpm_final_log = EFI_INVALID_TABLE_ADDR; + *final_log); + *final_log = EFI_INVALID_TABLE_ADDR; ret = -ENOMEM; goto out; } final_tbl_size = 0; if (final_tbl->nr_events != 0) { - void *events = (void *)efi.tpm_final_log + void *events = (void *)*final_log + sizeof(final_tbl->version) + sizeof(final_tbl->nr_events); final_tbl_size = tpm2_calc_event_log_size(events, final_tbl->nr_events, - log_tbl->log); + log_tbl->log, + is_cc_event); } if (final_tbl_size < 0) { @@ -103,7 +107,7 @@ int __init efi_tpm_eventlog_init(void) goto out_calc; } - memblock_reserve(efi.tpm_final_log, + memblock_reserve(*final_log, final_tbl_size + sizeof(*final_tbl)); efi_tpm_final_log_size = final_tbl_size; diff --git a/include/linux/efi.h b/include/linux/efi.h index 7d63d1d..71efec0 100644 --- a/include/linux/efi.h +++ b/include/linux/efi.h @@ -642,6 +642,7 @@ extern struct efi { unsigned long esrt; /* ESRT table */ unsigned long tpm_log; /* TPM2 Event Log table */ unsigned long tpm_final_log; /* TPM2 Final Events Log table */ + unsigned long cc_final_log; /* CC Final Events Log table */ unsigned long mokvar_table; /* MOK variable config table */ unsigned long coco_secret; /* Confidential computing secret table */ unsigned long unaccepted; /* Unaccepted memory table */ @@ -1209,7 +1210,8 @@ struct linux_efi_tpm_eventlog { u8 log[]; }; -extern int efi_tpm_eventlog_init(void); +extern int efi_tcg2_eventlog_init(unsigned long *log, unsigned long *final_log, + bool is_cc_event); struct efi_tcg2_final_events_table { u64 version; diff --git a/include/linux/tpm_eventlog.h b/include/linux/tpm_eventlog.h index 891368e..b3380c9 100644 --- a/include/linux/tpm_eventlog.h +++ b/include/linux/tpm_eventlog.h @@ -143,6 +143,7 @@ struct tcg_algorithm_info { * @event: Pointer to the event whose size should be calculated * @event_header: Pointer to the initial event containing the digest lengths * @do_mapping: Whether or not the event needs to be mapped + * @is_cc_event: Whether or not the event is from a CC platform * * The TPM2 event log format can contain multiple digests corresponding to * separate PCR banks, and also contains a variable length of the data that @@ -159,7 +160,8 @@ struct tcg_algorithm_info { static __always_inline u32 __calc_tpm2_event_size(struct tcg_pcr_event2_head *event, struct tcg_pcr_event *event_header, - bool do_mapping) + bool do_mapping, + bool is_cc_event) { struct tcg_efi_specid_event_head *efispecid; struct tcg_event_field *event_field; @@ -201,8 +203,14 @@ static __always_inline u32 __calc_tpm2_event_size(struct tcg_pcr_event2_head *ev count = event->count; event_type = event->event_type; - /* Verify that it's the log header */ - if (event_header->pcr_idx != 0 || + /* + * Verify that it's the log header. According to the TCG PC Client + * Specification, when identifying a log header, the check for a + * pcr_idx value of 0 is not required. For CC platforms, skipping + * this check during log header is necessary; otherwise, the CC + * platform's log header may fail to be recognized. + */ + if ((!is_cc_event && event_header->pcr_idx != 0) || event_header->event_type != NO_ACTION || memcmp(event_header->digest, zero_digest, sizeof(zero_digest))) { size = 0; -- 2.7.4

3 months, 3 weeks

4
3
0 0

[PATCH v7 01/12] platform/x86/intel/pmt: fix a crashlog NULL pointer access

by Michael J. Ruhl

Usage of the intel_pmt_read() for binary sysfs, requires a pcidev. The current use of the endpoint value is only valid for telemetry endpoint usage. Without the ep, the crashlog usage causes the following NULL pointer exception: BUG: kernel NULL pointer dereference, address: 0000000000000000 Oops: Oops: 0000 [#1] SMP NOPTI RIP: 0010:intel_pmt_read+0x3b/0x70 [pmt_class] Code: Call Trace: <TASK> ? sysfs_kf_bin_read+0xc0/0xe0 kernfs_fop_read_iter+0xac/0x1a0 vfs_read+0x26d/0x350 ksys_read+0x6b/0xe0 __x64_sys_read+0x1d/0x30 x64_sys_call+0x1bc8/0x1d70 do_syscall_64+0x6d/0x110 Augment struct intel_pmt_entry with a pointer to the pcidev to avoid the NULL pointer exception. Reviewed-by: Tejas Upadhyay <tejas.upadhyay(a)intel.com> Fixes: 045a513040cc ("platform/x86/intel/pmt: Use PMT callbacks") Cc: <stable(a)vger.kernel.org> Signed-off-by: Michael J. Ruhl <michael.j.ruhl(a)intel.com> --- drivers/platform/x86/intel/pmt/class.c | 3 ++- drivers/platform/x86/intel/pmt/class.h | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/platform/x86/intel/pmt/class.c b/drivers/platform/x86/intel/pmt/class.c index 7233b654bbad..d046e8752173 100644 --- a/drivers/platform/x86/intel/pmt/class.c +++ b/drivers/platform/x86/intel/pmt/class.c @@ -97,7 +97,7 @@ intel_pmt_read(struct file *filp, struct kobject *kobj, if (count > entry->size - off) count = entry->size - off; - count = pmt_telem_read_mmio(entry->ep->pcidev, entry->cb, entry->header.guid, buf, + count = pmt_telem_read_mmio(entry->pcidev, entry->cb, entry->header.guid, buf, entry->base, off, count); return count; @@ -252,6 +252,7 @@ static int intel_pmt_populate_entry(struct intel_pmt_entry *entry, return -EINVAL; } + entry->pcidev = pci_dev; entry->guid = header->guid; entry->size = header->size; entry->cb = ivdev->priv_data; diff --git a/drivers/platform/x86/intel/pmt/class.h b/drivers/platform/x86/intel/pmt/class.h index b2006d57779d..f6ce80c4e051 100644 --- a/drivers/platform/x86/intel/pmt/class.h +++ b/drivers/platform/x86/intel/pmt/class.h @@ -39,6 +39,7 @@ struct intel_pmt_header { struct intel_pmt_entry { struct telem_endpoint *ep; + struct pci_dev *pcidev; struct intel_pmt_header header; struct bin_attribute pmt_bin_attr; struct kobject *kobj; -- 2.50.0

3 months, 3 weeks

2
1
0 0

[PATCH v4] nvmem: imx-ocotp: fix MAC address byte length

by Steffen Bätz

The commit "13bcd440f2ff nvmem: core: verify cell's raw_len" caused an extension of the "mac-address" cell from 6 to 8 bytes due to word_size of 4 bytes. This led to a required byte swap of the full buffer length, which caused truncation of the mac-address when read. Previously, the mac-address was incorrectly truncated from 70:B3:D5:14:E9:0E to 00:00:70:B3:D5:14. Fix the issue by swapping only the first 6 bytes to correctly pass the mac-address to the upper layers. Fixes: 13bcd440f2ff ("nvmem: core: verify cell's raw_len") Cc: stable(a)vger.kernel.org Signed-off-by: Steffen Bätz <steffen(a)innosonix.de> Tested-by: Alexander Stein <alexander.stein(a)ew.tq-group.com> --- v4: - Adopted the commit message wording recommended by Frank.li(a)nxp.com to improve clarity. - Simplified byte count determination by using min() instead of an explicit conditional statement. - Kept the Tested-by tag from the previous patch as the change remains trivial but tested. v3: - replace magic number 6 with ETH_ALEN - Fix misleading indentation and properly group 'mac-address' statements v2: - Add Cc: stable(a)vger.kernel.org as requested by Greg KH's patch bot drivers/nvmem/imx-ocotp-ele.c | 5 ++++- drivers/nvmem/imx-ocotp.c | 5 ++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/drivers/nvmem/imx-ocotp-ele.c b/drivers/nvmem/imx-ocotp-ele.c index ca6dd71d8a2e..7807ec0e2d18 100644 --- a/drivers/nvmem/imx-ocotp-ele.c +++ b/drivers/nvmem/imx-ocotp-ele.c @@ -12,6 +12,7 @@ #include <linux/of.h> #include <linux/platform_device.h> #include <linux/slab.h> +#include <linux/if_ether.h> /* ETH_ALEN */ enum fuse_type { FUSE_FSB = BIT(0), @@ -118,9 +119,11 @@ static int imx_ocotp_cell_pp(void *context, const char *id, int index, int i; /* Deal with some post processing of nvmem cell data */ - if (id && !strcmp(id, "mac-address")) + if (id && !strcmp(id, "mac-address")) { + bytes = min(bytes, ETH_ALEN); for (i = 0; i < bytes / 2; i++) swap(buf[i], buf[bytes - i - 1]); + } return 0; } diff --git a/drivers/nvmem/imx-ocotp.c b/drivers/nvmem/imx-ocotp.c index 79dd4fda0329..7bf7656d4f96 100644 --- a/drivers/nvmem/imx-ocotp.c +++ b/drivers/nvmem/imx-ocotp.c @@ -23,6 +23,7 @@ #include <linux/platform_device.h> #include <linux/slab.h> #include <linux/delay.h> +#include <linux/if_ether.h> /* ETH_ALEN */ #define IMX_OCOTP_OFFSET_B0W0 0x400 /* Offset from base address of the * OTP Bank0 Word0 @@ -227,9 +228,11 @@ static int imx_ocotp_cell_pp(void *context, const char *id, int index, int i; /* Deal with some post processing of nvmem cell data */ - if (id && !strcmp(id, "mac-address")) + if (id && !strcmp(id, "mac-address")) { + bytes = min(bytes, ETH_ALEN); for (i = 0; i < bytes / 2; i++) swap(buf[i], buf[bytes - i - 1]); + } return 0; } -- 2.43.0 -- *innosonix GmbH* Hauptstr. 35 96482 Ahorn central: +49 9561 7459980 www.innosonix.de <http://www.innosonix.de> innosonix GmbH Geschäftsführer: Markus Bätz, Steffen Bätz USt.-IdNr / VAT-Nr.: DE266020313 EORI-Nr.: DE240121536680271 HRB 5192 Coburg WEEE-Reg.-Nr. DE88021242

3 months, 3 weeks

2
1
0 0

[PATCH] Revert "leds: trigger: netdev: Configure LED blink interval for HW offload"

by Daniel Golle

This reverts commit c629c972b310af41e9e072febb6dae9a299edde6. Fixes: c629c972b310a ("leds: trigger: netdev: Configure LED blink interval for HW offload") Suggested-by: Andrew Lunn <andrew(a)lunn.ch> Cc: stable(a)vger.kernel.org Signed-off-by: Daniel Golle <daniel(a)makrotopia.org> --- drivers/leds/trigger/ledtrig-netdev.c | 16 +++------------- 1 file changed, 3 insertions(+), 13 deletions(-) diff --git a/drivers/leds/trigger/ledtrig-netdev.c b/drivers/leds/trigger/ledtrig-netdev.c index 4e048e08c4fde..c15efe3e50780 100644 --- a/drivers/leds/trigger/ledtrig-netdev.c +++ b/drivers/leds/trigger/ledtrig-netdev.c @@ -68,7 +68,6 @@ struct led_netdev_data { unsigned int last_activity; unsigned long mode; - unsigned long blink_delay; int link_speed; __ETHTOOL_DECLARE_LINK_MODE_MASK(supported_link_modes); u8 duplex; @@ -87,10 +86,6 @@ static void set_baseline_state(struct led_netdev_data *trigger_data) /* Already validated, hw control is possible with the requested mode */ if (trigger_data->hw_control) { led_cdev->hw_control_set(led_cdev, trigger_data->mode); - if (led_cdev->blink_set) { - led_cdev->blink_set(led_cdev, &trigger_data->blink_delay, - &trigger_data->blink_delay); - } return; } @@ -459,11 +454,10 @@ static ssize_t interval_store(struct device *dev, size_t size) { struct led_netdev_data *trigger_data = led_trigger_get_drvdata(dev); - struct led_classdev *led_cdev = trigger_data->led_cdev; unsigned long value; int ret; - if (trigger_data->hw_control && !led_cdev->blink_set) + if (trigger_data->hw_control) return -EINVAL; ret = kstrtoul(buf, 0, &value); @@ -472,13 +466,9 @@ static ssize_t interval_store(struct device *dev, /* impose some basic bounds on the timer interval */ if (value >= 5 && value <= 10000) { - if (trigger_data->hw_control) { - trigger_data->blink_delay = value; - } else { - cancel_delayed_work_sync(&trigger_data->work); + cancel_delayed_work_sync(&trigger_data->work); - atomic_set(&trigger_data->interval, msecs_to_jiffies(value)); - } + atomic_set(&trigger_data->interval, msecs_to_jiffies(value)); set_baseline_state(trigger_data); /* resets timer */ } -- 2.50.0

3 months, 3 weeks

2
1
0 0

[PATCH 2/2] netfs: Fix race between cache write completion and ALL_QUEUED being set

by David Howells

When netfslib is issuing subrequests, the subrequests start processing immediately and may complete before we reach the end of the issuing function. At the end of the issuing function we set NETFS_RREQ_ALL_QUEUED to indicate to the collector that we aren't going to issue any more subreqs and that it can do the final notifications and cleanup. Now, this isn't a problem if the request is synchronous (NETFS_RREQ_OFFLOAD_COLLECTION is unset) as the result collection will be done in-thread and we're guaranteed an opportunity to run the collector. However, if the request is asynchronous, collection is primarily triggered by the termination of subrequests queuing it on a workqueue. Now, a race can occur here if the app thread sets ALL_QUEUED after the last subrequest terminates. This can happen most easily with the copy2cache code (as used by Ceph) where, in the collection routine of a read request, an asynchronous write request is spawned to copy data to the cache. Folios are added to the write request as they're unlocked, but there may be a delay before ALL_QUEUED is set as the write subrequests may complete before we get there. If all the write subreqs have finished by the ALL_QUEUED point, no further events happen and the collection never happens, leaving the request hanging. Fix this by queuing the collector after setting ALL_QUEUED. This is a bit heavy-handed and it may be sufficient to do it only if there are no extant subreqs. Also add a tracepoint to cross-reference both requests in a copy-to-request operation and add a trace to the netfs_rreq tracepoint to indicate the setting of ALL_QUEUED. Fixes: e2d46f2ec332 ("netfs: Change the read result collector to only use one work item") Reported-by: Max Kellermann <max.kellermann(a)ionos.com> Link: https://lore.kernel.org/r/CAKPOu+8z_ijTLHdiCYGU_Uk7yYD=shxyGLwfe-L7AV3DhebS… Signed-off-by: David Howells <dhowells(a)redhat.com> cc: Paulo Alcantara <pc(a)manguebit.org> cc: Viacheslav Dubeyko <slava(a)dubeyko.com> cc: Alex Markuze <amarkuze(a)redhat.com> cc: Ilya Dryomov <idryomov(a)gmail.com> cc: netfs(a)lists.linux.dev cc: ceph-devel(a)vger.kernel.org cc: linux-fsdevel(a)vger.kernel.org cc: stable(a)vger.kernel.org --- fs/netfs/read_pgpriv2.c | 4 ++++ include/trace/events/netfs.h | 30 ++++++++++++++++++++++++++++++ 2 files changed, 34 insertions(+) diff --git a/fs/netfs/read_pgpriv2.c b/fs/netfs/read_pgpriv2.c index 080d2a6a51d9..8097bc069c1d 100644 --- a/fs/netfs/read_pgpriv2.c +++ b/fs/netfs/read_pgpriv2.c @@ -111,6 +111,7 @@ static struct netfs_io_request *netfs_pgpriv2_begin_copy_to_cache( goto cancel_put; __set_bit(NETFS_RREQ_OFFLOAD_COLLECTION, &creq->flags); + trace_netfs_copy2cache(rreq, creq); trace_netfs_write(creq, netfs_write_trace_copy_to_cache); netfs_stat(&netfs_n_wh_copy_to_cache); rreq->copy_to_cache = creq; @@ -155,6 +156,9 @@ void netfs_pgpriv2_end_copy_to_cache(struct netfs_io_request *rreq) netfs_issue_write(creq, &creq->io_streams[1]); smp_wmb(); /* Write lists before ALL_QUEUED. */ set_bit(NETFS_RREQ_ALL_QUEUED, &creq->flags); + trace_netfs_rreq(rreq, netfs_rreq_trace_end_copy_to_cache); + if (list_empty_careful(&creq->io_streams[1].subrequests)) + netfs_wake_collector(creq); netfs_put_request(creq, netfs_rreq_trace_put_return); creq->copy_to_cache = NULL; diff --git a/include/trace/events/netfs.h b/include/trace/events/netfs.h index 73e96ccbe830..64a382fbc31a 100644 --- a/include/trace/events/netfs.h +++ b/include/trace/events/netfs.h @@ -55,6 +55,7 @@ EM(netfs_rreq_trace_copy, "COPY ") \ EM(netfs_rreq_trace_dirty, "DIRTY ") \ EM(netfs_rreq_trace_done, "DONE ") \ + EM(netfs_rreq_trace_end_copy_to_cache, "END-C2C") \ EM(netfs_rreq_trace_free, "FREE ") \ EM(netfs_rreq_trace_ki_complete, "KI-CMPL") \ EM(netfs_rreq_trace_recollect, "RECLLCT") \ @@ -559,6 +560,35 @@ TRACE_EVENT(netfs_write, __entry->start, __entry->start + __entry->len - 1) ); +TRACE_EVENT(netfs_copy2cache, + TP_PROTO(const struct netfs_io_request *rreq, + const struct netfs_io_request *creq), + + TP_ARGS(rreq, creq), + + TP_STRUCT__entry( + __field(unsigned int, rreq) + __field(unsigned int, creq) + __field(unsigned int, cookie) + __field(unsigned int, ino) + ), + + TP_fast_assign( + struct netfs_inode *__ctx = netfs_inode(rreq->inode); + struct fscache_cookie *__cookie = netfs_i_cookie(__ctx); + __entry->rreq = rreq->debug_id; + __entry->creq = creq->debug_id; + __entry->cookie = __cookie ? __cookie->debug_id : 0; + __entry->ino = rreq->inode->i_ino; + ), + + TP_printk("R=%08x CR=%08x c=%08x i=%x ", + __entry->rreq, + __entry->creq, + __entry->cookie, + __entry->ino) + ); + TRACE_EVENT(netfs_collect, TP_PROTO(const struct netfs_io_request *wreq),

3 months, 3 weeks

1
0
0 0

[PATCH V3] efi/tpm: Fix the issue where the CC platforms event log header can't be correctly identified

by yangge1116＠126.com

From: Ge Yang <yangge1116(a)126.com> Since commit d228814b1913 ("efi/libstub: Add get_event_log() support for CC platforms") reuses TPM2 support code for the CC platforms, when launching a TDX virtual machine with coco measurement enabled, the following error log is generated: [Firmware Bug]: Failed to parse event in TPM Final Events Log Call Trace: efi_config_parse_tables() efi_tpm_eventlog_init() tpm2_calc_event_log_size() __calc_tpm2_event_size() The pcr_idx value in the Intel TDX log header is 1, causing the function __calc_tpm2_event_size() to fail to recognize the log header, ultimately leading to the "Failed to parse event in TPM Final Events Log" error. According to UEFI Specification 2.10, Section 38.4.1: For TDX, TPM PCR 0 maps to MRTD, so the log header uses TPM PCR 1 instead. To successfully parse the TDX event log header, the check for a pcr_idx value of 0 must be skipped. According to Table 6 in Section 10.2.1 of the TCG PC Client Specification, the index field does not require the PCR index to be fixed at zero. Therefore, skipping the check for a pcr_idx value of 0 for CC platforms is safe. Link: https://uefi.org/specs/UEFI/2.10/38_Confidential_Computing.html#intel-trust… Link: https://trustedcomputinggroup.org/wp-content/uploads/TCG_PCClient_PFP_r1p05… Fixes: d228814b1913 ("efi/libstub: Add get_event_log() support for CC platforms") Signed-off-by: Ge Yang <yangge1116(a)126.com> Cc: stable(a)vger.kernel.org --- V3: - fix build error V2: - limit the fix for CC only suggested by Jarkko and Sathyanarayanan drivers/char/tpm/eventlog/tpm2.c | 4 +++- drivers/firmware/efi/libstub/tpm.c | 13 +++++++++---- drivers/firmware/efi/tpm.c | 4 +++- include/linux/tpm_eventlog.h | 14 +++++++++++--- 4 files changed, 26 insertions(+), 9 deletions(-) diff --git a/drivers/char/tpm/eventlog/tpm2.c b/drivers/char/tpm/eventlog/tpm2.c index 37a0580..30ef47c 100644 --- a/drivers/char/tpm/eventlog/tpm2.c +++ b/drivers/char/tpm/eventlog/tpm2.c @@ -18,6 +18,7 @@ #include <linux/module.h> #include <linux/slab.h> #include <linux/tpm_eventlog.h> +#include <linux/cc_platform.h> #include "../tpm.h" #include "common.h" @@ -36,7 +37,8 @@ static size_t calc_tpm2_event_size(struct tcg_pcr_event2_head *event, struct tcg_pcr_event *event_header) { - return __calc_tpm2_event_size(event, event_header, false); + return __calc_tpm2_event_size(event, event_header, false, + cc_platform_has(CC_ATTR_GUEST_STATE_ENCRYPT)); } static void *tpm2_bios_measurements_start(struct seq_file *m, loff_t *pos) diff --git a/drivers/firmware/efi/libstub/tpm.c b/drivers/firmware/efi/libstub/tpm.c index a5c6c4f..9728060 100644 --- a/drivers/firmware/efi/libstub/tpm.c +++ b/drivers/firmware/efi/libstub/tpm.c @@ -50,7 +50,8 @@ void efi_enable_reset_attack_mitigation(void) static void efi_retrieve_tcg2_eventlog(int version, efi_physical_addr_t log_location, efi_physical_addr_t log_last_entry, efi_bool_t truncated, - struct efi_tcg2_final_events_table *final_events_table) + struct efi_tcg2_final_events_table *final_events_table, + bool is_cc_event) { efi_guid_t linux_eventlog_guid = LINUX_EFI_TPM_EVENT_LOG_GUID; efi_status_t status; @@ -87,7 +88,8 @@ static void efi_retrieve_tcg2_eventlog(int version, efi_physical_addr_t log_loca last_entry_size = __calc_tpm2_event_size((void *)last_entry_addr, (void *)(long)log_location, - false); + false, + is_cc_event); } else { last_entry_size = sizeof(struct tcpa_event) + ((struct tcpa_event *) last_entry_addr)->event_size; @@ -123,7 +125,8 @@ static void efi_retrieve_tcg2_eventlog(int version, efi_physical_addr_t log_loca header = data + offset + final_events_size; event_size = __calc_tpm2_event_size(header, (void *)(long)log_location, - false); + false, + is_cc_event); /* If calc fails this is a malformed log */ if (!event_size) break; @@ -157,6 +160,7 @@ void efi_retrieve_eventlog(void) efi_tcg2_protocol_t *tpm2 = NULL; efi_bool_t truncated; efi_status_t status; + bool is_cc_event = false; status = efi_bs_call(locate_protocol, &tpm2_guid, NULL, (void **)&tpm2); if (status == EFI_SUCCESS) { @@ -186,11 +190,12 @@ void efi_retrieve_eventlog(void) final_events_table = get_efi_config_table(EFI_CC_FINAL_EVENTS_TABLE_GUID); + is_cc_event = true; } if (status != EFI_SUCCESS || !log_location) return; efi_retrieve_tcg2_eventlog(version, log_location, log_last_entry, - truncated, final_events_table); + truncated, final_events_table, is_cc_event); } diff --git a/drivers/firmware/efi/tpm.c b/drivers/firmware/efi/tpm.c index cdd4310..ca8535d 100644 --- a/drivers/firmware/efi/tpm.c +++ b/drivers/firmware/efi/tpm.c @@ -12,6 +12,7 @@ #include <linux/init.h> #include <linux/memblock.h> #include <linux/tpm_eventlog.h> +#include <linux/cc_platform.h> int efi_tpm_final_log_size; EXPORT_SYMBOL(efi_tpm_final_log_size); @@ -23,7 +24,8 @@ static int __init tpm2_calc_event_log_size(void *data, int count, void *size_inf while (count > 0) { header = data + size; - event_size = __calc_tpm2_event_size(header, size_info, true); + event_size = __calc_tpm2_event_size(header, size_info, true, + cc_platform_has(CC_ATTR_GUEST_STATE_ENCRYPT)); if (event_size == 0) return -1; size += event_size; diff --git a/include/linux/tpm_eventlog.h b/include/linux/tpm_eventlog.h index 891368e..b3380c9 100644 --- a/include/linux/tpm_eventlog.h +++ b/include/linux/tpm_eventlog.h @@ -143,6 +143,7 @@ struct tcg_algorithm_info { * @event: Pointer to the event whose size should be calculated * @event_header: Pointer to the initial event containing the digest lengths * @do_mapping: Whether or not the event needs to be mapped + * @is_cc_event: Whether or not the event is from a CC platform * * The TPM2 event log format can contain multiple digests corresponding to * separate PCR banks, and also contains a variable length of the data that @@ -159,7 +160,8 @@ struct tcg_algorithm_info { static __always_inline u32 __calc_tpm2_event_size(struct tcg_pcr_event2_head *event, struct tcg_pcr_event *event_header, - bool do_mapping) + bool do_mapping, + bool is_cc_event) { struct tcg_efi_specid_event_head *efispecid; struct tcg_event_field *event_field; @@ -201,8 +203,14 @@ static __always_inline u32 __calc_tpm2_event_size(struct tcg_pcr_event2_head *ev count = event->count; event_type = event->event_type; - /* Verify that it's the log header */ - if (event_header->pcr_idx != 0 || + /* + * Verify that it's the log header. According to the TCG PC Client + * Specification, when identifying a log header, the check for a + * pcr_idx value of 0 is not required. For CC platforms, skipping + * this check during log header is necessary; otherwise, the CC + * platform's log header may fail to be recognized. + */ + if ((!is_cc_event && event_header->pcr_idx != 0) || event_header->event_type != NO_ACTION || memcmp(event_header->digest, zero_digest, sizeof(zero_digest))) { size = 0; -- 2.7.4

3 months, 3 weeks

4
5
0 0

[PATCH 2/2] nvmem: imx: Swap only the first 6 bytes of the MAC address

by Christian Eggers

Since commit 55d4980ce55b ("nvmem: core: support specifying both: cell raw data & post read lengths"), the aligned length (e.g. '8' instead of '6') is passed to the read_post_process callback. This causes that the 2 bytes following the MAC address in the ocotp are swapped to the beginning of the address. As a result, an invalid MAC address is returned and to make it even worse, this address can be equal on boards with the same OUI vendor prefix. Fixes: 55d4980ce55b ("nvmem: core: support specifying both: cell raw data & post read lengths") Signed-off-by: Christian Eggers <ceggers(a)arri.de> Cc: stable(a)vger.kernel.org --- Tested on i.MX6ULL, but I assume that this is also required for. imx-ocotp-ele.c (i.MX93). drivers/nvmem/imx-ocotp-ele.c | 5 +++-- drivers/nvmem/imx-ocotp.c | 5 +++-- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/drivers/nvmem/imx-ocotp-ele.c b/drivers/nvmem/imx-ocotp-ele.c index 83617665c8d7..07830785ebf1 100644 --- a/drivers/nvmem/imx-ocotp-ele.c +++ b/drivers/nvmem/imx-ocotp-ele.c @@ -6,6 +6,7 @@ */ #include <linux/device.h> +#include <linux/if_ether.h> #include <linux/io.h> #include <linux/module.h> #include <linux/nvmem-provider.h> @@ -119,8 +120,8 @@ static int imx_ocotp_cell_pp(void *context, const char *id, int index, /* Deal with some post processing of nvmem cell data */ if (id && !strcmp(id, "mac-address")) - for (i = 0; i < bytes / 2; i++) - swap(buf[i], buf[bytes - i - 1]); + for (i = 0; i < ETH_ALEN / 2; i++) + swap(buf[i], buf[ETH_ALEN - i - 1]); return 0; } diff --git a/drivers/nvmem/imx-ocotp.c b/drivers/nvmem/imx-ocotp.c index 22cc77908018..4dd3b0f94de2 100644 --- a/drivers/nvmem/imx-ocotp.c +++ b/drivers/nvmem/imx-ocotp.c @@ -16,6 +16,7 @@ #include <linux/clk.h> #include <linux/device.h> +#include <linux/if_ether.h> #include <linux/io.h> #include <linux/module.h> #include <linux/nvmem-provider.h> @@ -228,8 +229,8 @@ static int imx_ocotp_cell_pp(void *context, const char *id, int index, /* Deal with some post processing of nvmem cell data */ if (id && !strcmp(id, "mac-address")) - for (i = 0; i < bytes / 2; i++) - swap(buf[i], buf[bytes - i - 1]); + for (i = 0; i < ETH_ALEN / 2; i++) + swap(buf[i], buf[ETH_ALEN - i - 1]); return 0; } -- 2.43.0

3 months, 3 weeks

2
2
0 0

[PATCH 1/2] nvmem: imx: assign nvmem_cell_info::raw_len

by Christian Eggers

Avoid getting error messages at startup like the following on i.MX6ULL: nvmem imx-ocotp0: cell mac-addr raw len 6 unaligned to nvmem word size 4 nvmem imx-ocotp0: cell mac-addr raw len 6 unaligned to nvmem word size 4 This shouldn't cause any functional change as this alignment would otherwise be done in nvmem_cell_info_to_nvmem_cell_entry_nodup(). Fixes: 4327479e559c ("nvmem: core: verify cell's raw_len") Signed-off-by: Christian Eggers <ceggers(a)arri.de> Cc: stable(a)vger.kernel.org --- Tested on i.MX6ULL, but I assume that this is also required for imx-ocotp-ele.c (i.MX93). drivers/nvmem/imx-ocotp-ele.c | 1 + drivers/nvmem/imx-ocotp.c | 1 + 2 files changed, 2 insertions(+) diff --git a/drivers/nvmem/imx-ocotp-ele.c b/drivers/nvmem/imx-ocotp-ele.c index ca6dd71d8a2e..83617665c8d7 100644 --- a/drivers/nvmem/imx-ocotp-ele.c +++ b/drivers/nvmem/imx-ocotp-ele.c @@ -128,6 +128,7 @@ static int imx_ocotp_cell_pp(void *context, const char *id, int index, static void imx_ocotp_fixup_dt_cell_info(struct nvmem_device *nvmem, struct nvmem_cell_info *cell) { + cell->raw_len = round_up(cell->bytes, 4); cell->read_post_process = imx_ocotp_cell_pp; } diff --git a/drivers/nvmem/imx-ocotp.c b/drivers/nvmem/imx-ocotp.c index 79dd4fda0329..22cc77908018 100644 --- a/drivers/nvmem/imx-ocotp.c +++ b/drivers/nvmem/imx-ocotp.c @@ -586,6 +586,7 @@ MODULE_DEVICE_TABLE(of, imx_ocotp_dt_ids); static void imx_ocotp_fixup_dt_cell_info(struct nvmem_device *nvmem, struct nvmem_cell_info *cell) { + cell->raw_len = round_up(cell->bytes, 4); cell->read_post_process = imx_ocotp_cell_pp; } -- 2.43.0

3 months, 3 weeks

1
0
0 0

[PATCH] isofs: Verify inode mode when loading from disk

by Jan Kara

Verify that the inode mode is sane when loading it from the disk to avoid complaints from VFS about setting up invalid inodes. Reported-by: syzbot+895c23f6917da440ed0d(a)syzkaller.appspotmail.com CC: stable(a)vger.kernel.org Signed-off-by: Jan Kara <jack(a)suse.cz> --- fs/isofs/inode.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) I plan to merge this fix through my tree. diff --git a/fs/isofs/inode.c b/fs/isofs/inode.c index d5da9817df9b..33e6a620c103 100644 --- a/fs/isofs/inode.c +++ b/fs/isofs/inode.c @@ -1440,9 +1440,16 @@ static int isofs_read_inode(struct inode *inode, int relocated) inode->i_op = &page_symlink_inode_operations; inode_nohighmem(inode); inode->i_data.a_ops = &isofs_symlink_aops; - } else + } else if (S_ISCHR(inode->i_mode) || S_ISBLK(inode->i_mode) || + S_ISFIFO(inode->i_mode) || S_ISSOCK(inode->i_mode)) { /* XXX - parse_rock_ridge_inode() had already set i_rdev. */ init_special_inode(inode, inode->i_mode, inode->i_rdev); + } else { + printk(KERN_DEBUG "ISOFS: Invalid file type 0%04o for inode %lu.\n", + inode->i_mode, inode->i_ino); + ret = -EIO; + goto fail; + } ret = 0; out: -- 2.43.0

3 months, 3 weeks

2
3
0 0

[PATCH v1 1/1] Documentation: ACPI: Fix parent device references

by Andy Shevchenko

The _CRS resources in many cases want to have ResourceSource field to be a type of ACPI String. This means that to compile properly we need to enclosure the name path into double quotes. This will in practice defer the interpretation to a run-time stage, However, this may be interpreted differently on different OSes and ACPI interpreter implementations. In particular ACPICA might not correctly recognize the leading '^' (caret) character and will not resolve the relative name path properly. On top of that, this piece may be used in SSDTs which are loaded after the DSDT and on itself may also not resolve relative name paths outside of their own scopes. With this all said, fix documentation to use fully-qualified name paths always to avoid any misinterpretations, which is proven to work. Fixes: 8eb5c87a92c0 ("i2c: add ACPI support for I2C mux ports") Reported-by: Yevhen Kondrashyn <e.kondrashyn(a)gmail.com> Cc: stable(a)vger.kernel.org Signed-off-by: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> --- Rafael, I prefer, if no objections, to push this as v6.16-rc6 material since the reported issue was detected on old (v5.10.y) and still LTS kernel. Would be nice for people to not trap to it in older kernels. Documentation/firmware-guide/acpi/i2c-muxes.rst | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Documentation/firmware-guide/acpi/i2c-muxes.rst b/Documentation/firmware-guide/acpi/i2c-muxes.rst index 3a8997ccd7c4..f366539acd79 100644 --- a/Documentation/firmware-guide/acpi/i2c-muxes.rst +++ b/Documentation/firmware-guide/acpi/i2c-muxes.rst @@ -14,7 +14,7 @@ Consider this topology:: | | | 0x70 |--CH01--> i2c client B (0x50) +------+ +------+ -which corresponds to the following ASL:: +which corresponds to the following ASL (in the scope of \_SB):: Device (SMB1) { @@ -24,7 +24,7 @@ which corresponds to the following ASL:: Name (_HID, ...) Name (_CRS, ResourceTemplate () { I2cSerialBus (0x70, ControllerInitiated, I2C_SPEED, - AddressingMode7Bit, "^SMB1", 0x00, + AddressingMode7Bit, "\\_SB.SMB1", 0x00, ResourceConsumer,,) } @@ -37,7 +37,7 @@ which corresponds to the following ASL:: Name (_HID, ...) Name (_CRS, ResourceTemplate () { I2cSerialBus (0x50, ControllerInitiated, I2C_SPEED, - AddressingMode7Bit, "^CH00", 0x00, + AddressingMode7Bit, "\\_SB.SMB1.CH00", 0x00, ResourceConsumer,,) } } @@ -52,7 +52,7 @@ which corresponds to the following ASL:: Name (_HID, ...) Name (_CRS, ResourceTemplate () { I2cSerialBus (0x50, ControllerInitiated, I2C_SPEED, - AddressingMode7Bit, "^CH01", 0x00, + AddressingMode7Bit, "\\_SB.SMB1.CH01", 0x00, ResourceConsumer,,) } } -- 2.47.2

3 months, 3 weeks

2
1
0 0

[PATCH 1/7] arm64: dts: imx8mm-venice-gw700x: Increase HS400 USDHC clock speed

by Tim Harvey

The IMX8M reference manuals indicate in the USDHC Clock generator section that the clock rate for DDR is 1/2 the input clock therefore HS400 rates clocked at 200Mhz require a 400Mhz SDHC clock. This showed about a 1.5x improvement in read performance for the eMMC's used on the various imx8m{m,n,p}-venice boards. Fixes: 6f30b27c5ef5 ("arm64: dts: imx8mm: Add Gateworks i.MX 8M Mini Development Kits") Signed-off-by: Tim Harvey <tharvey(a)gateworks.com> --- arch/arm64/boot/dts/freescale/imx8mm-venice-gw700x.dtsi | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch/arm64/boot/dts/freescale/imx8mm-venice-gw700x.dtsi b/arch/arm64/boot/dts/freescale/imx8mm-venice-gw700x.dtsi index 5a3b1142ddf4..37db4f0dd505 100644 --- a/arch/arm64/boot/dts/freescale/imx8mm-venice-gw700x.dtsi +++ b/arch/arm64/boot/dts/freescale/imx8mm-venice-gw700x.dtsi @@ -418,6 +418,8 @@ &usdhc3 { pinctrl-0 = <&pinctrl_usdhc3>; pinctrl-1 = <&pinctrl_usdhc3_100mhz>; pinctrl-2 = <&pinctrl_usdhc3_200mhz>; + assigned-clocks = <&clk IMX8MM_CLK_USDHC3>; + assigned-clock-rates = <400000000>; bus-width = <8>; non-removable; status = "okay"; -- 2.25.1

3 months, 3 weeks

3
8
0 0

[PATCH] arm64: dts: ti: k3-am62a7-sk: fix pinmux for main_uart1

by Bryan Brattlof

From: Hong Guan <hguan(a)ti.com> The &main_uart1, which is reserved for TIFS firmware traces, is routed to the onboard FT4232 via a FET swich which is connected to pin A21 and B21 of the SoC and not E17 and C17. Fix it. Fixes: cf39ff15cc01a ("arm64: dts: ti: k3-am62a7-sk: Describe main_uart1 and wkup_uart") Cc: stable(a)vger.kernel.org Signed-off-by: Hong Guan <hguan(a)ti.com> [bb(a)ti.com: expanded commit message] Signed-off-by: Bryan Brattlof <bb(a)ti.com> --- arch/arm64/boot/dts/ti/k3-am62a7-sk.dts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/arm64/boot/dts/ti/k3-am62a7-sk.dts b/arch/arm64/boot/dts/ti/k3-am62a7-sk.dts index 3a8b45272526037b364e6e39886fcc9199114105..f11284b3fe8e23b4c48d8d2f3a7202e80dc57370 100644 --- a/arch/arm64/boot/dts/ti/k3-am62a7-sk.dts +++ b/arch/arm64/boot/dts/ti/k3-am62a7-sk.dts @@ -301,8 +301,8 @@ AM62AX_IOPAD(0x1cc, PIN_OUTPUT, 0) /* (D15) UART0_TXD */ main_uart1_pins_default: main-uart1-default-pins { pinctrl-single,pins = < - AM62AX_IOPAD(0x01e8, PIN_INPUT, 1) /* (C17) I2C1_SCL.UART1_RXD */ - AM62AX_IOPAD(0x01ec, PIN_OUTPUT, 1) /* (E17) I2C1_SDA.UART1_TXD */ + AM62AX_IOPAD(0x01ac, PIN_INPUT, 2) /* (B21) MCASP0_AFSR.UART1_RXD */ + AM62AX_IOPAD(0x01b0, PIN_OUTPUT, 2) /* (A21) MCASP0_ACLKR.UART1_TXD */ AM62AX_IOPAD(0x0194, PIN_INPUT, 2) /* (C19) MCASP0_AXR3.UART1_CTSn */ AM62AX_IOPAD(0x0198, PIN_OUTPUT, 2) /* (B19) MCASP0_AXR2.UART1_RTSn */ >; --- base-commit: 036cc33070b35754f45da50d81f8c3c85191c8b7 change-id: 20250707-uart-fixes-6efe27a1afe4 Best regards, -- Bryan Brattlof <bb(a)ti.com>

3 months, 3 weeks

2
1
0 0

[PATCH v2] ext4: inline: convert when mmap is called, not when page is written

by Thadeu Lima de Souza Cascardo

inline data handling has a race between writing and writing to a memory map. When ext4_page_mkwrite is called, it calls ext4_convert_inline_data, which destroys the inline data, but if block allocation fails, restores the inline data. In that process, we could have: CPU1 CPU2 destroy_inline_data write_begin (does not see inline data) restory_inline_data write_end (sees inline data) This leads to bugs like the one below, as write_begin did not prepare for the case of inline data, which is expected by the write_end side of it. ------------[ cut here ]------------ kernel BUG at fs/ext4/inline.c:235! Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI CPU: 1 UID: 0 PID: 5838 Comm: syz-executor110 Not tainted 6.13.0-rc3-syzkaller-00209-g499551201b5f #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 RIP: 0010:ext4_write_inline_data fs/ext4/inline.c:235 [inline] RIP: 0010:ext4_write_inline_data_end+0xdc7/0xdd0 fs/ext4/inline.c:774 Code: 47 1d 8c e8 4b 3a 91 ff 90 0f 0b e8 63 7a 47 ff 48 8b 7c 24 10 48 c7 c6 e0 47 1d 8c e8 32 3a 91 ff 90 0f 0b e8 4a 7a 47 ff 90 <0f> 0b 0f 1f 80 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 RSP: 0018:ffffc900031c7320 EFLAGS: 00010293 RAX: ffffffff8257f9a6 RBX: 000000000000005a RCX: ffff888012968000 RDX: 0000000000000000 RSI: 000000000000005a RDI: 000000000000005b RBP: ffffc900031c7448 R08: ffffffff8257ef87 R09: 1ffff11006806070 R10: dffffc0000000000 R11: ffffed1006806071 R12: 000000000000005a R13: dffffc0000000000 R14: ffff888076b65bd8 R15: 000000000000005b FS: 00007f5c6bacf6c0(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020000a00 CR3: 0000000073fb6000 CR4: 0000000000350ef0 Call Trace: <TASK> generic_perform_write+0x6f8/0x990 mm/filemap.c:4070 ext4_buffered_write_iter+0xc5/0x350 fs/ext4/file.c:299 ext4_file_write_iter+0x892/0x1c50 iter_file_splice_write+0xbfc/0x1510 fs/splice.c:743 do_splice_from fs/splice.c:941 [inline] direct_splice_actor+0x11d/0x220 fs/splice.c:1164 splice_direct_to_actor+0x588/0xc80 fs/splice.c:1108 do_splice_direct_actor fs/splice.c:1207 [inline] do_splice_direct+0x289/0x3e0 fs/splice.c:1233 do_sendfile+0x564/0x8a0 fs/read_write.c:1363 __do_sys_sendfile64 fs/read_write.c:1424 [inline] __se_sys_sendfile64+0x17c/0x1e0 fs/read_write.c:1410 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f5c6bb18d09 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f5c6bacf218 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 RAX: ffffffffffffffda RBX: 00007f5c6bba0708 RCX: 00007f5c6bb18d09 RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000004 RBP: 00007f5c6bba0700 R08: 0000000000000000 R09: 0000000000000000 R10: 000080001d00c0d0 R11: 0000000000000246 R12: 00007f5c6bb6d620 R13: 00007f5c6bb6d0c0 R14: 0031656c69662f2e R15: 8088e3ad122bc192 </TASK> Modules linked in: ---[ end trace 0000000000000000 ]--- This happens because ext4_page_mkwrite is not protected by the inode_lock. The xattr semaphore is not sufficient to protect inline data handling in a sane way, so we need to rely on the inode_lock. Adding the inode_lock to ext4_page_mkwrite is not an option, otherwise lock-ordering problems with mmap_lock may arise. The conversion inside ext4_page_mkwrite was introduced at commit 7b4cc9787fe3 ("ext4: evict inline data when writing to memory map"). This fixes a documented bug in the commit message, which suggests some alternative fixes. Convert inline data when mmap is called, instead of doing it only when the mmapped page is written to. Using the inode_lock there does not lead to lock-ordering issues. The drawback is that inline conversion will happen when the file is mmapped, even though the page will not be written to. Fixes: 7b4cc9787fe3 ("ext4: evict inline data when writing to memory map") Reported-by: syzbot+0c89d865531d053abb2d(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=0c89d865531d053abb2d Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> Cc: stable(a)vger.kernel.org --- Changes in v2: - Convert inline data at mmap time, avoiding data loss. - Link to v1: https://lore.kernel.org/r/20250519-ext4_inline_page_mkwrite-v1-1-865d9a62b5… --- fs/ext4/file.c | 6 ++++++ fs/ext4/inode.c | 4 ---- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/fs/ext4/file.c b/fs/ext4/file.c index beb078ee4811d6092e362e37307e7d87e5276cbc..f2380471df5d99500e49fdc639fa3e56143c328f 100644 --- a/fs/ext4/file.c +++ b/fs/ext4/file.c @@ -819,6 +819,12 @@ static int ext4_file_mmap(struct file *file, struct vm_area_struct *vma) if (!daxdev_mapping_supported(vma, dax_dev)) return -EOPNOTSUPP; + inode_lock(inode); + ret = ext4_convert_inline_data(inode); + inode_unlock(inode); + if (ret) + return ret; + file_accessed(file); if (IS_DAX(file_inode(file))) { vma->vm_ops = &ext4_dax_vm_ops; diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c index 94c7d2d828a64e42ded09c82497ed7617071aa19..895ecda786194b29d32c9c49785d56a1a84e2096 100644 --- a/fs/ext4/inode.c +++ b/fs/ext4/inode.c @@ -6222,10 +6222,6 @@ vm_fault_t ext4_page_mkwrite(struct vm_fault *vmf) filemap_invalidate_lock_shared(mapping); - err = ext4_convert_inline_data(inode); - if (err) - goto out_ret; - /* * On data journalling we skip straight to the transaction handle: * there's no delalloc; page truncated will be checked later; the --- base-commit: 4a95bc121ccdaee04c4d72f84dbfa6b880a514b6 change-id: 20250519-ext4_inline_page_mkwrite-c42ca1f02295 Best regards, -- Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>

3 months, 3 weeks

3
2
0 0

[RFC V1 PATCH mm-hotfixes 2/3] x86/mm: define p*d_populate_kernel() and top-level page table sync

by Harry Yoo

During our internal testing, we started observing intermittent boot failures when the machine uses 4-level paging and has a large amount of persistent memory: BUG: unable to handle page fault for address: ffffe70000000034 #PF: supervisor write access in kernel mode #PF: error_code(0x0002) - not-present page PGD 0 P4D 0 Oops: 0002 [#1] SMP NOPTI RIP: 0010:__init_single_page+0x9/0x6d Call Trace: <TASK> __init_zone_device_page+0x17/0x5d memmap_init_zone_device+0x154/0x1bb pagemap_range+0x2e0/0x40f memremap_pages+0x10b/0x2f0 devm_memremap_pages+0x1e/0x60 dev_dax_probe+0xce/0x2ec [device_dax] dax_bus_probe+0x6d/0xc9 [... snip ...] </TASK> It turns out that the kernel panics while initializing vmemmap (struct page array) when the vmemmap region spans two PGD entries, because the new PGD entry is only installed in init_mm.pgd, but not in the page tables of other tasks. And looking at __populate_section_memmap(): if (vmemmap_can_optimize(altmap, pgmap)) // does not sync top level page tables r = vmemmap_populate_compound_pages(pfn, start, end, nid, pgmap); else // sync top level page tables in x86 r = vmemmap_populate(start, end, nid, altmap); In the normal path, vmemmap_populate() in arch/x86/mm/init_64.c synchronizes the top level page table (See commit 9b861528a801 ("x86-64, mem: Update all PGDs for direct mapping and vmemmap mapping changes")) so that all tasks in the system can see the new vmemmap area. However, when vmemmap_can_optimize() returns true, the optimized path skips synchronization of top-level page tables. This is because vmemmap_populate_compound_pages() is implemented in core MM code, which does not handle synchronization of the top-level page tables. Instead, the core MM has historically relied on each architecture to perform this synchronization manually. It turns out that current approach of relying on each arch to handle the page table sync manually is fragile because 1) it's easy to forget to sync the top level page table, and 2) it's also easy to overlook that the kernel should not access vmemmap / direct mapping area before the sync. As suggested by Dave Hansen, define x86_64 versions of {pgd,p4d}_populate_kernel() and arch_sync_kernel_pagetables(), and explicitly perform top-level page table synchronization in {pgd,p4d}_populate_kernel(). Top level page tables are synchronized in pgd_pouplate_kernel() for 5-level paging and in p4d_populate_kernel() for 4-level paging. arch_sync_kernel_pagetables(addr) synchronizes the top level page table entry for address. It calls sync_kernel_pagetables_{l4,l5} depending on the page table levels and installs the page entry in all page tables in the system to make it visible to all tasks. Note that sync_kernel_pagetables_{l4,l5} are simply versions of sync_global_pgds_{l4,l5} that synchronizes only a single page table entry for specified address, instead of for all page table entries corresponding to a range. No functional difference intended between sync_global_pgds_* and sync_kernel_pagetables_* other than that. This also fixes a crash in vmemmap_set_pmd() caused by accessing vmemmap before sync_global_pgds() [1]: BUG: unable to handle page fault for address: ffffeb3ff1200000 #PF: supervisor write access in kernel mode #PF: error_code(0x0002) - not-present page PGD 0 P4D 0 Oops: Oops: 0002 [#1] PREEMPT SMP NOPTI Tainted: [W]=WARN RIP: 0010:vmemmap_set_pmd+0xff/0x230 <TASK> vmemmap_populate_hugepages+0x176/0x180 vmemmap_populate+0x34/0x80 __populate_section_memmap+0x41/0x90 sparse_add_section+0x121/0x3e0 __add_pages+0xba/0x150 add_pages+0x1d/0x70 memremap_pages+0x3dc/0x810 devm_memremap_pages+0x1c/0x60 xe_devm_add+0x8b/0x100 [xe] xe_tile_init_noalloc+0x6a/0x70 [xe] xe_device_probe+0x48c/0x740 [xe] [... snip ...] Cc: <stable(a)vger.kernel.org> Fixes: 4917f55b4ef9 ("mm/sparse-vmemmap: improve memory savings for compound devmaps") Fixes: faf1c0008a33 ("x86/vmemmap: optimize for consecutive sections in partial populated PMDs") Closes: https://lore.kernel.org/linux-mm/20250311114420.240341-1-gwan-gyeong.mun@in… [1] Suggested-by: Dave Hansen <dave.hansen(a)linux.intel.com> Signed-off-by: Harry Yoo <harry.yoo(a)oracle.com> --- arch/x86/include/asm/pgalloc.h | 22 ++++++++++ arch/x86/mm/init_64.c | 80 ++++++++++++++++++++++++++++++++++ 2 files changed, 102 insertions(+) diff --git a/arch/x86/include/asm/pgalloc.h b/arch/x86/include/asm/pgalloc.h index c88691b15f3c..d66f2db54b16 100644 --- a/arch/x86/include/asm/pgalloc.h +++ b/arch/x86/include/asm/pgalloc.h @@ -10,6 +10,7 @@ #define __HAVE_ARCH_PTE_ALLOC_ONE #define __HAVE_ARCH_PGD_FREE +#define __HAVE_ARCH_SYNC_KERNEL_PGTABLE #include <asm-generic/pgalloc.h> static inline int __paravirt_pgd_alloc(struct mm_struct *mm) { return 0; } @@ -114,6 +115,17 @@ static inline void p4d_populate(struct mm_struct *mm, p4d_t *p4d, pud_t *pud) set_p4d(p4d, __p4d(_PAGE_TABLE | __pa(pud))); } +void arch_sync_kernel_pagetables(unsigned long addr); + +static inline void p4d_populate_kernel(unsigned long addr, + p4d_t *p4d, pud_t *pud) +{ + paravirt_alloc_pud(&init_mm, __pa(pud) >> PAGE_SHIFT); + set_p4d(p4d, __p4d(_PAGE_TABLE | __pa(pud))); + if (!pgtable_l5_enabled()) + arch_sync_kernel_pagetables(addr); +} + static inline void p4d_populate_safe(struct mm_struct *mm, p4d_t *p4d, pud_t *pud) { paravirt_alloc_pud(mm, __pa(pud) >> PAGE_SHIFT); @@ -137,6 +149,16 @@ static inline void pgd_populate(struct mm_struct *mm, pgd_t *pgd, p4d_t *p4d) set_pgd(pgd, __pgd(_PAGE_TABLE | __pa(p4d))); } +static inline void pgd_populate_kernel(unsigned long addr, + pgd_t *pgd, p4d_t *p4d) +{ + if (!pgtable_l5_enabled()) + return; + paravirt_alloc_p4d(&init_mm, __pa(p4d) >> PAGE_SHIFT); + set_pgd(pgd, __pgd(_PAGE_TABLE | __pa(p4d))); + arch_sync_kernel_pagetables(addr); +} + static inline void pgd_populate_safe(struct mm_struct *mm, pgd_t *pgd, p4d_t *p4d) { if (!pgtable_l5_enabled()) diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c index fdb6cab524f0..cbddbef434d5 100644 --- a/arch/x86/mm/init_64.c +++ b/arch/x86/mm/init_64.c @@ -223,6 +223,86 @@ static void sync_global_pgds(unsigned long start, unsigned long end) sync_global_pgds_l4(start, end); } +static void sync_kernel_pagetables_l4(unsigned long addr) +{ + pgd_t *pgd_ref = pgd_offset_k(addr); + const p4d_t *p4d_ref; + struct page *page; + + VM_WARN_ON_ONCE(pgtable_l5_enabled()); + /* + * With folded p4d, pgd_none() is always false, we need to + * handle synchronization on p4d level. + */ + MAYBE_BUILD_BUG_ON(pgd_none(*pgd_ref)); + p4d_ref = p4d_offset(pgd_ref, addr); + + if (p4d_none(*p4d_ref)) + return; + + spin_lock(&pgd_lock); + list_for_each_entry(page, &pgd_list, lru) { + pgd_t *pgd; + p4d_t *p4d; + spinlock_t *pgt_lock; + + pgd = (pgd_t *)page_address(page) + pgd_index(addr); + p4d = p4d_offset(pgd, addr); + /* the pgt_lock only for Xen */ + pgt_lock = &pgd_page_get_mm(page)->page_table_lock; + spin_lock(pgt_lock); + + if (!p4d_none(*p4d_ref) && !p4d_none(*p4d)) + BUG_ON(p4d_pgtable(*p4d) + != p4d_pgtable(*p4d_ref)); + + if (p4d_none(*p4d)) + set_p4d(p4d, *p4d_ref); + + spin_unlock(pgt_lock); + } + spin_unlock(&pgd_lock); +} + +static void sync_kernel_pagetables_l5(unsigned long addr) +{ + const pgd_t *pgd_ref = pgd_offset_k(addr); + struct page *page; + + VM_WARN_ON_ONCE(!pgtable_l5_enabled()); + + if (pgd_none(*pgd_ref)) + return; + + spin_lock(&pgd_lock); + list_for_each_entry(page, &pgd_list, lru) { + pgd_t *pgd; + spinlock_t *pgt_lock; + + pgd = (pgd_t *)page_address(page) + pgd_index(addr); + /* the pgt_lock only for Xen */ + pgt_lock = &pgd_page_get_mm(page)->page_table_lock; + spin_lock(pgt_lock); + + if (!pgd_none(*pgd_ref) && !pgd_none(*pgd)) + BUG_ON(pgd_page_vaddr(*pgd) != pgd_page_vaddr(*pgd_ref)); + + if (pgd_none(*pgd)) + set_pgd(pgd, *pgd_ref); + + spin_unlock(pgt_lock); + } + spin_unlock(&pgd_lock); +} + +void arch_sync_kernel_pagetables(unsigned long addr) +{ + if (pgtable_l5_enabled()) + sync_kernel_pagetables_l5(addr); + else + sync_kernel_pagetables_l4(addr); +} + /* * NOTE: This function is marked __ref because it calls __init function * (alloc_bootmem_pages). It's safe to do it ONLY when after_bootmem == 0. -- 2.43.0

3 months, 3 weeks

2
4
0 0

+ mm-hmm-move-pmd_to_hmm_pfn_flags-to-the-respective-ifdeffery.patch added to mm-new branch

by Andrew Morton

The patch titled Subject: mm/hmm: move pmd_to_hmm_pfn_flags() to the respective #ifdeffery has been added to the -mm mm-new branch. Its filename is mm-hmm-move-pmd_to_hmm_pfn_flags-to-the-respective-ifdeffery.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-new branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Note, mm-new is a provisional staging ground for work-in-progress patches, and acceptance into mm-new is a notification for others take notice and to finish up reviews. Please do not hesitate to respond to review feedback and post updated versions to replace or incrementally fixup patches in mm-new. Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Subject: mm/hmm: move pmd_to_hmm_pfn_flags() to the respective #ifdeffery Date: Thu, 10 Jul 2025 11:23:53 +0300 When pmd_to_hmm_pfn_flags() is unused, it prevents kernel builds with clang, `make W=1` and CONFIG_TRANSPARENT_HUGEPAGE=n: mm/hmm.c:186:29: warning: unused function 'pmd_to_hmm_pfn_flags' [-Wunused-function] Fix this by moving the function to the respective existing ifdeffery for its the only user. See also: 6863f5643dd7 ("kbuild: allow Clang to find unused static inline functions for W=1 build") Link: https://lkml.kernel.org/r/20250710082403.664093-1-andriy.shevchenko@linux.i… Fixes: 9d3973d60f0a ("mm/hmm: cleanup the hmm_vma_handle_pmd stub") Signed-off-by: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Reviewed-by: Leon Romanovsky <leonro(a)nvidia.com> Cc: Andriy Shevchenko <andriy.shevchenko(a)linux.intel.com> Cc: Bill Wendling <morbo(a)google.com> Cc: Jerome Glisse <jglisse(a)redhat.com> Cc: Justin Stitt <justinstitt(a)google.com> Cc: Nathan Chancellor <nathan(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/hmm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/mm/hmm.c~mm-hmm-move-pmd_to_hmm_pfn_flags-to-the-respective-ifdeffery +++ a/mm/hmm.c @@ -183,6 +183,7 @@ static inline unsigned long hmm_pfn_flag return order << HMM_PFN_ORDER_SHIFT; } +#ifdef CONFIG_TRANSPARENT_HUGEPAGE static inline unsigned long pmd_to_hmm_pfn_flags(struct hmm_range *range, pmd_t pmd) { @@ -193,7 +194,6 @@ static inline unsigned long pmd_to_hmm_p hmm_pfn_flags_order(PMD_SHIFT - PAGE_SHIFT); } -#ifdef CONFIG_TRANSPARENT_HUGEPAGE static int hmm_vma_handle_pmd(struct mm_walk *walk, unsigned long addr, unsigned long end, unsigned long hmm_pfns[], pmd_t pmd) _ Patches currently in -mm which might be from andriy.shevchenko(a)linux.intel.com are mm-hmm-move-pmd_to_hmm_pfn_flags-to-the-respective-ifdeffery.patch panic-add-panic_sys_info-sysctl-to-take-human-readable-string-parameter-fix.patch

3 months, 3 weeks

1
0
0 0

+ nilfs2-reject-invalid-file-types-when-reading-inodes.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: nilfs2: reject invalid file types when reading inodes has been added to the -mm mm-hotfixes-unstable branch. Its filename is nilfs2-reject-invalid-file-types-when-reading-inodes.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Subject: nilfs2: reject invalid file types when reading inodes Date: Thu, 10 Jul 2025 22:49:08 +0900 To prevent inodes with invalid file types from tripping through the vfs and causing malfunctions or assertion failures, add a missing sanity check when reading an inode from a block device. If the file type is not valid, treat it as a filesystem error. Link: https://lkml.kernel.org/r/20250710134952.29862-1-konishi.ryusuke@gmail.com Fixes: 05fe58fdc10d ("nilfs2: inode operations") Signed-off-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Reported-by: syzbot+895c23f6917da440ed0d(a)syzkaller.appspotmail.com Link: https://syzkaller.appspot.com/bug?extid=895c23f6917da440ed0d Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/nilfs2/inode.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) --- a/fs/nilfs2/inode.c~nilfs2-reject-invalid-file-types-when-reading-inodes +++ a/fs/nilfs2/inode.c @@ -472,11 +472,18 @@ static int __nilfs_read_inode(struct sup inode->i_op = &nilfs_symlink_inode_operations; inode_nohighmem(inode); inode->i_mapping->a_ops = &nilfs_aops; - } else { + } else if (S_ISCHR(inode->i_mode) || S_ISBLK(inode->i_mode) || + S_ISFIFO(inode->i_mode) || S_ISSOCK(inode->i_mode)) { inode->i_op = &nilfs_special_inode_operations; init_special_inode( inode, inode->i_mode, huge_decode_dev(le64_to_cpu(raw_inode->i_device_code))); + } else { + nilfs_error(sb, + "invalid file type bits in mode 0%o for inode %lu", + inode->i_mode, ino); + err = -EIO; + goto failed_unmap; } nilfs_ifile_unmap_inode(raw_inode); brelse(bh); _ Patches currently in -mm which might be from konishi.ryusuke(a)gmail.com are nilfs2-reject-invalid-file-types-when-reading-inodes.patch

3 months, 3 weeks

1
0
0 0

Re: [PATCH 00/13] netfs, cifs: Fixes to retry-related code

by Max Kellermann

David Howells <dhowells(a)redhat.com> wrote: > Here are some miscellaneous fixes and changes for netfslib and cifs, if you > could consider pulling them. All the bugs fixed were observed in cifs, so > they should probably go through the cifs tree unless Christian would much > prefer for them to go through the VFS tree. Hi David, your commit 2b1424cd131c ("netfs: Fix wait/wake to be consistent about the waitqueue used") has given me serious headaches; it has caused outages in our web hosting clusters (yet again - all Linux versions since 6.9 had serious netfs regressions). Your patch was backported to 6.15 as commit 329ba1cb402a in 6.15.3 (why oh why??), and therefore the bugs it has caused will be "available" to all Linux stable users. The problem we had is that writing to certain files never finishes. It looks like it has to do with the cachefiles subrequest never reporting completion. (We use Ceph with cachefiles) I have tried applying the fixes in this pull request, which sounded promising, but the problem is still there. The only thing that helps is reverting 2b1424cd131c completely - everything is fine with 6.15.5 plus the revert. What do you need from me in order to analyze the bug? Max

3 months, 3 weeks

2
9
0 0

[PATCH 6.12.y] drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV

by jetlan9＠163.com

From: Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> [ Upstream commit dc0297f3198bd60108ccbd167ee5d9fa4af31ed0 ] RLCG Register Access is a way for virtual functions to safely access GPU registers in a virtualized environment., including TLB flushes and register reads. When multiple threads or VFs try to access the same registers simultaneously, it can lead to race conditions. By using the RLCG interface, the driver can serialize access to the registers. This means that only one thread can access the registers at a time, preventing conflicts and ensuring that operations are performed correctly. Additionally, when a low-priority task holds a mutex that a high-priority task needs, ie., If a thread holding a spinlock tries to acquire a mutex, it can lead to priority inversion. register access in amdgpu_virt_rlcg_reg_rw especially in a fast code path is critical. The call stack shows that the function amdgpu_virt_rlcg_reg_rw is being called, which attempts to acquire the mutex. This function is invoked from amdgpu_sriov_wreg, which in turn is called from gmc_v11_0_flush_gpu_tlb. The [ BUG: Invalid wait context ] indicates that a thread is trying to acquire a mutex while it is in a context that does not allow it to sleep (like holding a spinlock). Fixes the below: [ 253.013423] ============================= [ 253.013434] [ BUG: Invalid wait context ] [ 253.013446] 6.12.0-amdstaging-drm-next-lol-050225 #14 Tainted: G U OE [ 253.013464] ----------------------------- [ 253.013475] kworker/0:1/10 is trying to lock: [ 253.013487] ffff9f30542e3cf8 (&adev->virt.rlcg_reg_lock){+.+.}-{3:3}, at: amdgpu_virt_rlcg_reg_rw+0xf6/0x330 [amdgpu] [ 253.013815] other info that might help us debug this: [ 253.013827] context-{4:4} [ 253.013835] 3 locks held by kworker/0:1/10: [ 253.013847] #0: ffff9f3040050f58 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x3f5/0x680 [ 253.013877] #1: ffffb789c008be40 ((work_completion)(&wfc.work)){+.+.}-{0:0}, at: process_one_work+0x1d6/0x680 [ 253.013905] #2: ffff9f3054281838 (&adev->gmc.invalidate_lock){+.+.}-{2:2}, at: gmc_v11_0_flush_gpu_tlb+0x198/0x4f0 [amdgpu] [ 253.014154] stack backtrace: [ 253.014164] CPU: 0 UID: 0 PID: 10 Comm: kworker/0:1 Tainted: G U OE 6.12.0-amdstaging-drm-next-lol-050225 #14 [ 253.014189] Tainted: [U]=USER, [O]=OOT_MODULE, [E]=UNSIGNED_MODULE [ 253.014203] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.1 11/18/2024 [ 253.014224] Workqueue: events work_for_cpu_fn [ 253.014241] Call Trace: [ 253.014250] <TASK> [ 253.014260] dump_stack_lvl+0x9b/0xf0 [ 253.014275] dump_stack+0x10/0x20 [ 253.014287] __lock_acquire+0xa47/0x2810 [ 253.014303] ? srso_alias_return_thunk+0x5/0xfbef5 [ 253.014321] lock_acquire+0xd1/0x300 [ 253.014333] ? amdgpu_virt_rlcg_reg_rw+0xf6/0x330 [amdgpu] [ 253.014562] ? __lock_acquire+0xa6b/0x2810 [ 253.014578] __mutex_lock+0x85/0xe20 [ 253.014591] ? amdgpu_virt_rlcg_reg_rw+0xf6/0x330 [amdgpu] [ 253.014782] ? sched_clock_noinstr+0x9/0x10 [ 253.014795] ? srso_alias_return_thunk+0x5/0xfbef5 [ 253.014808] ? local_clock_noinstr+0xe/0xc0 [ 253.014822] ? amdgpu_virt_rlcg_reg_rw+0xf6/0x330 [amdgpu] [ 253.015012] ? srso_alias_return_thunk+0x5/0xfbef5 [ 253.015029] mutex_lock_nested+0x1b/0x30 [ 253.015044] ? mutex_lock_nested+0x1b/0x30 [ 253.015057] amdgpu_virt_rlcg_reg_rw+0xf6/0x330 [amdgpu] [ 253.015249] amdgpu_sriov_wreg+0xc5/0xd0 [amdgpu] [ 253.015435] gmc_v11_0_flush_gpu_tlb+0x44b/0x4f0 [amdgpu] [ 253.015667] gfx_v11_0_hw_init+0x499/0x29c0 [amdgpu] [ 253.015901] ? __pfx_smu_v13_0_update_pcie_parameters+0x10/0x10 [amdgpu] [ 253.016159] ? srso_alias_return_thunk+0x5/0xfbef5 [ 253.016173] ? smu_hw_init+0x18d/0x300 [amdgpu] [ 253.016403] amdgpu_device_init+0x29ad/0x36a0 [amdgpu] [ 253.016614] amdgpu_driver_load_kms+0x1a/0xc0 [amdgpu] [ 253.017057] amdgpu_pci_probe+0x1c2/0x660 [amdgpu] [ 253.017493] local_pci_probe+0x4b/0xb0 [ 253.017746] work_for_cpu_fn+0x1a/0x30 [ 253.017995] process_one_work+0x21e/0x680 [ 253.018248] worker_thread+0x190/0x330 [ 253.018500] ? __pfx_worker_thread+0x10/0x10 [ 253.018746] kthread+0xe7/0x120 [ 253.018988] ? __pfx_kthread+0x10/0x10 [ 253.019231] ret_from_fork+0x3c/0x60 [ 253.019468] ? __pfx_kthread+0x10/0x10 [ 253.019701] ret_from_fork_asm+0x1a/0x30 [ 253.019939] </TASK> v2: s/spin_trylock/spin_lock_irqsave to be safe (Christian). Fixes: e864180ee49b ("drm/amdgpu: Add lock around VF RLCG interface") Cc: lin cao <lin.cao(a)amd.com> Cc: Jingwen Chen <Jingwen.Chen2(a)amd.com> Cc: Victor Skvortsov <victor.skvortsov(a)amd.com> Cc: Zhigang Luo <zhigang.luo(a)amd.com> Cc: Christian König <christian.koenig(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Signed-off-by: Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> Suggested-by: Alex Deucher <alexander.deucher(a)amd.com> Reviewed-by: Christian König <christian.koenig(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> [ Minor context change fixed. ] Signed-off-by: Wenshan Lan <jetlan9(a)163.com> --- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_virt.c | 5 +++-- drivers/gpu/drm/amd/amdgpu/amdgpu_virt.h | 3 ++- 3 files changed, 6 insertions(+), 4 deletions(-) diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c index a55e611605fc..24e41b42c638 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c @@ -4144,7 +4144,6 @@ int amdgpu_device_init(struct amdgpu_device *adev, mutex_init(&adev->grbm_idx_mutex); mutex_init(&adev->mn_lock); mutex_init(&adev->virt.vf_errors.lock); - mutex_init(&adev->virt.rlcg_reg_lock); hash_init(adev->mn_hash); mutex_init(&adev->psp.mutex); mutex_init(&adev->notifier_lock); @@ -4170,6 +4169,7 @@ int amdgpu_device_init(struct amdgpu_device *adev, spin_lock_init(&adev->se_cac_idx_lock); spin_lock_init(&adev->audio_endpt_idx_lock); spin_lock_init(&adev->mm_stats.lock); + spin_lock_init(&adev->virt.rlcg_reg_lock); spin_lock_init(&adev->wb.lock); INIT_LIST_HEAD(&adev->reset_list); diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_virt.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_virt.c index b6397d3229e1..01dccd489a80 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_virt.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_virt.c @@ -1010,6 +1010,7 @@ u32 amdgpu_virt_rlcg_reg_rw(struct amdgpu_device *adev, u32 offset, u32 v, u32 f void *scratch_reg2; void *scratch_reg3; void *spare_int; + unsigned long flags; if (!adev->gfx.rlc.rlcg_reg_access_supported) { dev_err(adev->dev, @@ -1031,7 +1032,7 @@ u32 amdgpu_virt_rlcg_reg_rw(struct amdgpu_device *adev, u32 offset, u32 v, u32 f scratch_reg2 = (void __iomem *)adev->rmmio + 4 * reg_access_ctrl->scratch_reg2; scratch_reg3 = (void __iomem *)adev->rmmio + 4 * reg_access_ctrl->scratch_reg3; - mutex_lock(&adev->virt.rlcg_reg_lock); + spin_lock_irqsave(&adev->virt.rlcg_reg_lock, flags); if (reg_access_ctrl->spare_int) spare_int = (void __iomem *)adev->rmmio + 4 * reg_access_ctrl->spare_int; @@ -1090,7 +1091,7 @@ u32 amdgpu_virt_rlcg_reg_rw(struct amdgpu_device *adev, u32 offset, u32 v, u32 f ret = readl(scratch_reg0); - mutex_unlock(&adev->virt.rlcg_reg_lock); + spin_unlock_irqrestore(&adev->virt.rlcg_reg_lock, flags); return ret; } diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_virt.h b/drivers/gpu/drm/amd/amdgpu/amdgpu_virt.h index b650a2032c42..6a2087abfb7e 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_virt.h +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_virt.h @@ -275,7 +275,8 @@ struct amdgpu_virt { /* the ucode id to signal the autoload */ uint32_t autoload_ucode_id; - struct mutex rlcg_reg_lock; + /* Spinlock to protect access to the RLCG register interface */ + spinlock_t rlcg_reg_lock; }; struct amdgpu_video_codec_info; -- 2.34.1

3 months, 3 weeks

2
1
0 0

Re: [PATCH 5.15] fs/proc: do_task_stat: use __for_each_thread()

by Sasha Levin

[ Sasha's backport helper bot ] Hi, ✅ All tests passed successfully. No issues detected. No action required from the submitter. The upstream commit SHA1 provided is correct: 7904e53ed5a20fc678c01d5d1b07ec486425bb6a WARNING: Author mismatch between patch and upstream commit: Backport author: "Heyne, Maximilian"<mheyne(a)amazon.de> Commit author: Oleg Nesterov<oleg(a)redhat.com> Status in newer kernel trees: 6.15.y | Present (exact SHA1) 6.12.y | Present (exact SHA1) 6.6.y | Not found 6.1.y | Present (different SHA1: d95ef75162f4) Note: The patch differs from the upstream commit: --- 1: 7904e53ed5a20 < -: ------------- fs/proc: do_task_stat: use __for_each_thread() -: ------------- > 1: acb7f8c64955e fs/proc: do_task_stat: use __for_each_thread() --- Results of testing on various branches: | Branch | Patch Apply | Build Test | |---------------------------|-------------|------------| | stable/linux-5.15.y | Success | Success |

3 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] Bluetooth: HCI: Set extended advertising data synchronously" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 89fb8acc38852116d38d721ad394aad7f2871670 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025070625-wafer-speed-20c1@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 89fb8acc38852116d38d721ad394aad7f2871670 Mon Sep 17 00:00:00 2001 From: Christian Eggers <ceggers(a)arri.de> Date: Fri, 27 Jun 2025 09:05:08 +0200 Subject: [PATCH] Bluetooth: HCI: Set extended advertising data synchronously Currently, for controllers with extended advertising, the advertising data is set in the asynchronous response handler for extended adverstising params. As most advertising settings are performed in a synchronous context, the (asynchronous) setting of the advertising data is done too late (after enabling the advertising). Move setting of adverstising data from asynchronous response handler into synchronous context to fix ordering of HCI commands. Signed-off-by: Christian Eggers <ceggers(a)arri.de> Fixes: a0fb3726ba55 ("Bluetooth: Use Set ext adv/scan rsp data if controller supports") Cc: stable(a)vger.kernel.org v2: https://lore.kernel.org/linux-bluetooth/20250626115209.17839-1-ceggers@arri… Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c index 66052d6aaa1d..4d5ace9d245d 100644 --- a/net/bluetooth/hci_event.c +++ b/net/bluetooth/hci_event.c @@ -2150,40 +2150,6 @@ static u8 hci_cc_set_adv_param(struct hci_dev *hdev, void *data, return rp->status; } -static u8 hci_cc_set_ext_adv_param(struct hci_dev *hdev, void *data, - struct sk_buff *skb) -{ - struct hci_rp_le_set_ext_adv_params *rp = data; - struct hci_cp_le_set_ext_adv_params *cp; - struct adv_info *adv_instance; - - bt_dev_dbg(hdev, "status 0x%2.2x", rp->status); - - if (rp->status) - return rp->status; - - cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_EXT_ADV_PARAMS); - if (!cp) - return rp->status; - - hci_dev_lock(hdev); - hdev->adv_addr_type = cp->own_addr_type; - if (!cp->handle) { - /* Store in hdev for instance 0 */ - hdev->adv_tx_power = rp->tx_power; - } else { - adv_instance = hci_find_adv_instance(hdev, cp->handle); - if (adv_instance) - adv_instance->tx_power = rp->tx_power; - } - /* Update adv data as tx power is known now */ - hci_update_adv_data(hdev, cp->handle); - - hci_dev_unlock(hdev); - - return rp->status; -} - static u8 hci_cc_read_rssi(struct hci_dev *hdev, void *data, struct sk_buff *skb) { @@ -4164,8 +4130,6 @@ static const struct hci_cc { HCI_CC(HCI_OP_LE_READ_NUM_SUPPORTED_ADV_SETS, hci_cc_le_read_num_adv_sets, sizeof(struct hci_rp_le_read_num_supported_adv_sets)), - HCI_CC(HCI_OP_LE_SET_EXT_ADV_PARAMS, hci_cc_set_ext_adv_param, - sizeof(struct hci_rp_le_set_ext_adv_params)), HCI_CC_STATUS(HCI_OP_LE_SET_EXT_ADV_ENABLE, hci_cc_le_set_ext_adv_enable), HCI_CC_STATUS(HCI_OP_LE_SET_ADV_SET_RAND_ADDR, diff --git a/net/bluetooth/hci_sync.c b/net/bluetooth/hci_sync.c index 106862d47964..77b3691f3423 100644 --- a/net/bluetooth/hci_sync.c +++ b/net/bluetooth/hci_sync.c @@ -1205,9 +1205,126 @@ static int hci_set_adv_set_random_addr_sync(struct hci_dev *hdev, u8 instance, sizeof(cp), &cp, HCI_CMD_TIMEOUT); } +static int +hci_set_ext_adv_params_sync(struct hci_dev *hdev, struct adv_info *adv, + const struct hci_cp_le_set_ext_adv_params *cp, + struct hci_rp_le_set_ext_adv_params *rp) +{ + struct sk_buff *skb; + + skb = __hci_cmd_sync(hdev, HCI_OP_LE_SET_EXT_ADV_PARAMS, sizeof(*cp), + cp, HCI_CMD_TIMEOUT); + + /* If command return a status event, skb will be set to -ENODATA */ + if (skb == ERR_PTR(-ENODATA)) + return 0; + + if (IS_ERR(skb)) { + bt_dev_err(hdev, "Opcode 0x%4.4x failed: %ld", + HCI_OP_LE_SET_EXT_ADV_PARAMS, PTR_ERR(skb)); + return PTR_ERR(skb); + } + + if (skb->len != sizeof(*rp)) { + bt_dev_err(hdev, "Invalid response length for 0x%4.4x: %u", + HCI_OP_LE_SET_EXT_ADV_PARAMS, skb->len); + kfree_skb(skb); + return -EIO; + } + + memcpy(rp, skb->data, sizeof(*rp)); + kfree_skb(skb); + + if (!rp->status) { + hdev->adv_addr_type = cp->own_addr_type; + if (!cp->handle) { + /* Store in hdev for instance 0 */ + hdev->adv_tx_power = rp->tx_power; + } else if (adv) { + adv->tx_power = rp->tx_power; + } + } + + return rp->status; +} + +static int hci_set_ext_adv_data_sync(struct hci_dev *hdev, u8 instance) +{ + DEFINE_FLEX(struct hci_cp_le_set_ext_adv_data, pdu, data, length, + HCI_MAX_EXT_AD_LENGTH); + u8 len; + struct adv_info *adv = NULL; + int err; + + if (instance) { + adv = hci_find_adv_instance(hdev, instance); + if (!adv || !adv->adv_data_changed) + return 0; + } + + len = eir_create_adv_data(hdev, instance, pdu->data, + HCI_MAX_EXT_AD_LENGTH); + + pdu->length = len; + pdu->handle = adv ? adv->handle : instance; + pdu->operation = LE_SET_ADV_DATA_OP_COMPLETE; + pdu->frag_pref = LE_SET_ADV_DATA_NO_FRAG; + + err = __hci_cmd_sync_status(hdev, HCI_OP_LE_SET_EXT_ADV_DATA, + struct_size(pdu, data, len), pdu, + HCI_CMD_TIMEOUT); + if (err) + return err; + + /* Update data if the command succeed */ + if (adv) { + adv->adv_data_changed = false; + } else { + memcpy(hdev->adv_data, pdu->data, len); + hdev->adv_data_len = len; + } + + return 0; +} + +static int hci_set_adv_data_sync(struct hci_dev *hdev, u8 instance) +{ + struct hci_cp_le_set_adv_data cp; + u8 len; + + memset(&cp, 0, sizeof(cp)); + + len = eir_create_adv_data(hdev, instance, cp.data, sizeof(cp.data)); + + /* There's nothing to do if the data hasn't changed */ + if (hdev->adv_data_len == len && + memcmp(cp.data, hdev->adv_data, len) == 0) + return 0; + + memcpy(hdev->adv_data, cp.data, sizeof(cp.data)); + hdev->adv_data_len = len; + + cp.length = len; + + return __hci_cmd_sync_status(hdev, HCI_OP_LE_SET_ADV_DATA, + sizeof(cp), &cp, HCI_CMD_TIMEOUT); +} + +int hci_update_adv_data_sync(struct hci_dev *hdev, u8 instance) +{ + if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED)) + return 0; + + if (ext_adv_capable(hdev)) + return hci_set_ext_adv_data_sync(hdev, instance); + + return hci_set_adv_data_sync(hdev, instance); +} + int hci_setup_ext_adv_instance_sync(struct hci_dev *hdev, u8 instance) { struct hci_cp_le_set_ext_adv_params cp; + struct hci_rp_le_set_ext_adv_params rp; bool connectable; u32 flags; bdaddr_t random_addr; @@ -1316,8 +1433,12 @@ int hci_setup_ext_adv_instance_sync(struct hci_dev *hdev, u8 instance) cp.secondary_phy = HCI_ADV_PHY_1M; } - err = __hci_cmd_sync_status(hdev, HCI_OP_LE_SET_EXT_ADV_PARAMS, - sizeof(cp), &cp, HCI_CMD_TIMEOUT); + err = hci_set_ext_adv_params_sync(hdev, adv, &cp, &rp); + if (err) + return err; + + /* Update adv data as tx power is known now */ + err = hci_set_ext_adv_data_sync(hdev, cp.handle); if (err) return err; @@ -1822,79 +1943,6 @@ int hci_le_terminate_big_sync(struct hci_dev *hdev, u8 handle, u8 reason) sizeof(cp), &cp, HCI_CMD_TIMEOUT); } -static int hci_set_ext_adv_data_sync(struct hci_dev *hdev, u8 instance) -{ - DEFINE_FLEX(struct hci_cp_le_set_ext_adv_data, pdu, data, length, - HCI_MAX_EXT_AD_LENGTH); - u8 len; - struct adv_info *adv = NULL; - int err; - - if (instance) { - adv = hci_find_adv_instance(hdev, instance); - if (!adv || !adv->adv_data_changed) - return 0; - } - - len = eir_create_adv_data(hdev, instance, pdu->data, - HCI_MAX_EXT_AD_LENGTH); - - pdu->length = len; - pdu->handle = adv ? adv->handle : instance; - pdu->operation = LE_SET_ADV_DATA_OP_COMPLETE; - pdu->frag_pref = LE_SET_ADV_DATA_NO_FRAG; - - err = __hci_cmd_sync_status(hdev, HCI_OP_LE_SET_EXT_ADV_DATA, - struct_size(pdu, data, len), pdu, - HCI_CMD_TIMEOUT); - if (err) - return err; - - /* Update data if the command succeed */ - if (adv) { - adv->adv_data_changed = false; - } else { - memcpy(hdev->adv_data, pdu->data, len); - hdev->adv_data_len = len; - } - - return 0; -} - -static int hci_set_adv_data_sync(struct hci_dev *hdev, u8 instance) -{ - struct hci_cp_le_set_adv_data cp; - u8 len; - - memset(&cp, 0, sizeof(cp)); - - len = eir_create_adv_data(hdev, instance, cp.data, sizeof(cp.data)); - - /* There's nothing to do if the data hasn't changed */ - if (hdev->adv_data_len == len && - memcmp(cp.data, hdev->adv_data, len) == 0) - return 0; - - memcpy(hdev->adv_data, cp.data, sizeof(cp.data)); - hdev->adv_data_len = len; - - cp.length = len; - - return __hci_cmd_sync_status(hdev, HCI_OP_LE_SET_ADV_DATA, - sizeof(cp), &cp, HCI_CMD_TIMEOUT); -} - -int hci_update_adv_data_sync(struct hci_dev *hdev, u8 instance) -{ - if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED)) - return 0; - - if (ext_adv_capable(hdev)) - return hci_set_ext_adv_data_sync(hdev, instance); - - return hci_set_adv_data_sync(hdev, instance); -} - int hci_schedule_adv_instance_sync(struct hci_dev *hdev, u8 instance, bool force) { @@ -6273,6 +6321,7 @@ static int hci_le_ext_directed_advertising_sync(struct hci_dev *hdev, struct hci_conn *conn) { struct hci_cp_le_set_ext_adv_params cp; + struct hci_rp_le_set_ext_adv_params rp; int err; bdaddr_t random_addr; u8 own_addr_type; @@ -6314,8 +6363,12 @@ static int hci_le_ext_directed_advertising_sync(struct hci_dev *hdev, if (err) return err; - err = __hci_cmd_sync_status(hdev, HCI_OP_LE_SET_EXT_ADV_PARAMS, - sizeof(cp), &cp, HCI_CMD_TIMEOUT); + err = hci_set_ext_adv_params_sync(hdev, NULL, &cp, &rp); + if (err) + return err; + + /* Update adv data as tx power is known now */ + err = hci_set_ext_adv_data_sync(hdev, cp.handle); if (err) return err;

3 months, 3 weeks

5
9
0 0

[PATCH v3 1/3] drm/amdgpu: Add WARN_ON to the resource clear function

by Arunpravin Paneer Selvam

Set the dirty bit when the memory resource is not cleared during BO release. v2(Christian): - Drop the cleared flag set to false. - Improve the amdgpu_vram_mgr_set_clear_state() function. v3: - Add back the resource clear flag set function call after being wiped during eviction (Christian). - Modified the patch subject name. Signed-off-by: Arunpravin Paneer Selvam <Arunpravin.PaneerSelvam(a)amd.com> Suggested-by: Christian König <christian.koenig(a)amd.com> Cc: stable(a)vger.kernel.org Fixes: a68c7eaa7a8f ("drm/amdgpu: Enable clear page functionality") --- drivers/gpu/drm/amd/amdgpu/amdgpu_vram_mgr.h | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_vram_mgr.h b/drivers/gpu/drm/amd/amdgpu/amdgpu_vram_mgr.h index b256cbc2bc27..2c88d5fd87da 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_vram_mgr.h +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_vram_mgr.h @@ -66,7 +66,10 @@ to_amdgpu_vram_mgr_resource(struct ttm_resource *res) static inline void amdgpu_vram_mgr_set_cleared(struct ttm_resource *res) { - to_amdgpu_vram_mgr_resource(res)->flags |= DRM_BUDDY_CLEARED; + struct amdgpu_vram_mgr_resource *ares = to_amdgpu_vram_mgr_resource(res); + + WARN_ON(ares->flags & DRM_BUDDY_CLEARED); + ares->flags |= DRM_BUDDY_CLEARED; } #endif -- 2.43.0

3 months, 3 weeks

4
7
0 0

Linux 6.15.6

by Greg Kroah-Hartman

I'm announcing the release of the 6.15.6 kernel. All users of the 6.15 kernel series must upgrade. The updated 6.15.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.15.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/ABI/testing/sysfs-devices-system-cpu | 1 Documentation/ABI/testing/sysfs-driver-ufs | 2 Documentation/admin-guide/hw-vuln/processor_mmio_stale_data.rst | 4 Documentation/admin-guide/kernel-parameters.txt | 13 Documentation/arch/x86/mds.rst | 8 Documentation/core-api/symbol-namespaces.rst | 22 Documentation/devicetree/bindings/i2c/realtek,rtl9301-i2c.yaml | 3 Documentation/devicetree/bindings/net/sophgo,sg2044-dwmac.yaml | 3 Makefile | 2 arch/arm64/boot/dts/apple/spi1-nvram.dtsi | 2 arch/arm64/boot/dts/apple/t8103-j293.dts | 2 arch/arm64/boot/dts/apple/t8103-jxxx.dtsi | 2 arch/arm64/boot/dts/apple/t8103.dtsi | 2 arch/arm64/boot/dts/apple/t8112-j493.dts | 2 arch/arm64/boot/dts/apple/t8112.dtsi | 2 arch/powerpc/include/uapi/asm/ioctls.h | 8 arch/riscv/kernel/cpu_ops_sbi.c | 6 arch/s390/pci/pci_event.c | 15 arch/x86/Kconfig | 9 arch/x86/entry/entry.S | 8 arch/x86/include/asm/cpufeatures.h | 5 arch/x86/include/asm/irqflags.h | 4 arch/x86/include/asm/kvm_host.h | 1 arch/x86/include/asm/mwait.h | 28 - arch/x86/include/asm/nospec-branch.h | 37 - arch/x86/kernel/cpu/amd.c | 44 + arch/x86/kernel/cpu/bugs.c | 133 +++++ arch/x86/kernel/cpu/common.c | 14 arch/x86/kernel/cpu/microcode/amd_shas.c | 112 ++++ arch/x86/kernel/cpu/scattered.c | 2 arch/x86/kernel/process.c | 16 arch/x86/kvm/cpuid.c | 15 arch/x86/kvm/reverse_cpuid.h | 7 arch/x86/kvm/svm/vmenter.S | 6 arch/x86/kvm/vmx/vmx.c | 2 drivers/acpi/acpica/dsmethod.c | 7 drivers/ata/libata-acpi.c | 24 drivers/ata/pata_cs5536.c | 2 drivers/ata/pata_via.c | 6 drivers/base/cpu.c | 3 drivers/block/aoe/aoe.h | 1 drivers/block/aoe/aoecmd.c | 8 drivers/block/aoe/aoedev.c | 5 drivers/dma-buf/dma-resv.c | 12 drivers/firmware/arm_ffa/driver.c | 71 +- drivers/firmware/samsung/exynos-acpm.c | 25 - drivers/gpu/drm/bridge/aux-hpd-bridge.c | 3 drivers/gpu/drm/bridge/panel.c | 5 drivers/gpu/drm/exynos/exynos_drm_fimd.c | 12 drivers/gpu/drm/i915/gt/intel_gsc.c | 2 drivers/gpu/drm/i915/gt/intel_ring_submission.c | 3 drivers/gpu/drm/i915/selftests/i915_request.c | 20 drivers/gpu/drm/i915/selftests/mock_request.c | 2 drivers/gpu/drm/msm/msm_gem_submit.c | 17 drivers/gpu/drm/v3d/v3d_drv.h | 8 drivers/gpu/drm/v3d/v3d_gem.c | 2 drivers/gpu/drm/v3d/v3d_irq.c | 37 + drivers/gpu/drm/vmwgfx/vmwgfx_drv.c | 2 drivers/gpu/drm/xe/Kconfig | 3 drivers/gpu/drm/xe/abi/guc_klvs_abi.h | 1 drivers/gpu/drm/xe/xe_device.c | 72 +- drivers/gpu/drm/xe/xe_guc_ads.c | 5 drivers/gpu/drm/xe/xe_guc_pc.c | 249 +++++++--- drivers/gpu/drm/xe/xe_guc_pc.h | 2 drivers/gpu/drm/xe/xe_guc_pc_types.h | 2 drivers/gpu/drm/xe/xe_migrate.c | 18 drivers/gpu/drm/xe/xe_wa_oob.rules | 6 drivers/hid/hid-appletb-kbd.c | 14 drivers/i2c/busses/i2c-designware-master.c | 1 drivers/infiniband/hw/mlx5/counters.c | 4 drivers/infiniband/hw/mlx5/devx.c | 10 drivers/infiniband/hw/mlx5/main.c | 33 + drivers/infiniband/hw/mlx5/mr.c | 61 +- drivers/infiniband/hw/mlx5/odp.c | 8 drivers/input/joystick/xpad.c | 2 drivers/input/misc/cs40l50-vibra.c | 2 drivers/input/misc/iqs7222.c | 7 drivers/iommu/intel/cache.c | 5 drivers/iommu/intel/iommu.c | 11 drivers/iommu/intel/iommu.h | 2 drivers/iommu/rockchip-iommu.c | 3 drivers/mmc/core/quirks.h | 12 drivers/mmc/core/sd_uhs2.c | 4 drivers/mmc/host/mtk-sd.c | 21 drivers/mmc/host/sdhci-uhs2.c | 20 drivers/mmc/host/sdhci.c | 9 drivers/mmc/host/sdhci.h | 16 drivers/mtd/nand/spi/core.c | 1 drivers/net/ethernet/amd/xgbe/xgbe-common.h | 2 drivers/net/ethernet/amd/xgbe/xgbe-mdio.c | 13 drivers/net/ethernet/amd/xgbe/xgbe-phy-v2.c | 24 drivers/net/ethernet/amd/xgbe/xgbe.h | 4 drivers/net/ethernet/atheros/atlx/atl1.c | 79 ++- drivers/net/ethernet/cisco/enic/enic_main.c | 4 drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 26 - drivers/net/ethernet/intel/idpf/idpf_controlq.c | 23 drivers/net/ethernet/intel/idpf/idpf_controlq_api.h | 2 drivers/net/ethernet/intel/idpf/idpf_ethtool.c | 4 drivers/net/ethernet/intel/idpf/idpf_lib.c | 12 drivers/net/ethernet/intel/igc/igc_main.c | 10 drivers/net/ethernet/sun/niu.c | 31 + drivers/net/ethernet/sun/niu.h | 4 drivers/net/ethernet/wangxun/libwx/wx_lib.c | 1 drivers/net/ethernet/wangxun/txgbe/txgbe_irq.c | 2 drivers/net/ethernet/wangxun/txgbe/txgbe_main.c | 22 drivers/net/usb/lan78xx.c | 2 drivers/net/virtio_net.c | 60 ++ drivers/net/wireless/ath/ath6kl/bmi.c | 4 drivers/nvme/host/core.c | 2 drivers/nvme/host/multipath.c | 3 drivers/nvme/host/pci.c | 6 drivers/nvme/target/nvmet.h | 2 drivers/platform/mellanox/mlxbf-pmc.c | 2 drivers/platform/mellanox/mlxbf-tmfifo.c | 3 drivers/platform/mellanox/mlxreg-lc.c | 2 drivers/platform/mellanox/nvsw-sn2201.c | 2 drivers/platform/x86/amd/hsmp/hsmp.c | 6 drivers/platform/x86/amd/pmc/pmc-quirks.c | 9 drivers/platform/x86/dell/dell-wmi-sysman/dell-wmi-sysman.h | 5 drivers/platform/x86/dell/dell-wmi-sysman/enum-attributes.c | 5 drivers/platform/x86/dell/dell-wmi-sysman/int-attributes.c | 5 drivers/platform/x86/dell/dell-wmi-sysman/passobj-attributes.c | 5 drivers/platform/x86/dell/dell-wmi-sysman/string-attributes.c | 5 drivers/platform/x86/dell/dell-wmi-sysman/sysman.c | 12 drivers/platform/x86/hp/hp-bioscfg/bioscfg.c | 4 drivers/platform/x86/think-lmi.c | 94 +-- drivers/platform/x86/wmi.c | 16 drivers/powercap/intel_rapl_common.c | 18 drivers/regulator/fan53555.c | 14 drivers/regulator/gpio-regulator.c | 8 drivers/rtc/rtc-cmos.c | 10 drivers/rtc/rtc-pcf2127.c | 7 drivers/scsi/hosts.c | 18 drivers/scsi/qla2xxx/qla_mbx.c | 2 drivers/scsi/qla4xxx/ql4_os.c | 2 drivers/scsi/sd.c | 2 drivers/spi/spi-fsl-dspi.c | 11 drivers/spi/spi-qpic-snand.c | 16 drivers/target/target_core_pr.c | 4 drivers/tee/optee/ffa_abi.c | 41 + drivers/tee/optee/optee_private.h | 2 drivers/ufs/core/ufs-sysfs.c | 4 drivers/usb/cdns3/cdnsp-debug.h | 5 drivers/usb/cdns3/cdnsp-ep0.c | 18 drivers/usb/cdns3/cdnsp-gadget.h | 6 drivers/usb/cdns3/cdnsp-ring.c | 7 drivers/usb/chipidea/udc.c | 7 drivers/usb/core/hub.c | 3 drivers/usb/core/quirks.c | 3 drivers/usb/core/usb-acpi.c | 4 drivers/usb/dwc3/core.c | 9 drivers/usb/dwc3/gadget.c | 24 drivers/usb/host/xhci-dbgcap.c | 4 drivers/usb/host/xhci-dbgtty.c | 1 drivers/usb/host/xhci-mem.c | 4 drivers/usb/host/xhci-pci.c | 25 + drivers/usb/host/xhci-plat.c | 3 drivers/usb/host/xhci-ring.c | 5 drivers/usb/host/xhci.c | 31 - drivers/usb/host/xhci.h | 3 drivers/usb/typec/altmodes/displayport.c | 5 fs/anon_inodes.c | 23 fs/btrfs/block-group.h | 2 fs/btrfs/free-space-tree.c | 40 + fs/btrfs/inode.c | 36 - fs/btrfs/ioctl.c | 4 fs/btrfs/tree-log.c | 137 ++--- fs/exec.c | 9 fs/libfs.c | 8 fs/namei.c | 2 fs/netfs/buffered_write.c | 2 fs/netfs/direct_write.c | 8 fs/netfs/misc.c | 26 - fs/netfs/write_retry.c | 2 fs/nfs/flexfilelayout/flexfilelayout.c | 120 +++- fs/nfs/inode.c | 17 fs/nfs/pnfs.c | 4 fs/smb/client/cifsglob.h | 2 fs/smb/client/cifsproto.h | 1 fs/smb/client/cifssmb.c | 2 fs/smb/client/connect.c | 15 fs/smb/client/fs_context.c | 17 fs/smb/client/misc.c | 6 fs/smb/client/readdir.c | 2 fs/smb/client/reparse.c | 22 fs/smb/client/smb2pdu.c | 11 fs/xfs/xfs_rtalloc.c | 2 include/linux/arm_ffa.h | 1 include/linux/cpu.h | 1 include/linux/export.h | 12 include/linux/fs.h | 2 include/linux/libata.h | 7 include/linux/usb.h | 2 include/linux/usb/typec_dp.h | 1 include/trace/events/netfs.h | 1 kernel/irq/irq_sim.c | 2 kernel/rcu/tree.c | 4 lib/test_objagg.c | 4 mm/secretmem.c | 9 mm/vmalloc.c | 63 +- net/bluetooth/hci_event.c | 36 - net/bluetooth/hci_sync.c | 227 +++++---- net/bluetooth/mgmt.c | 25 - net/ipv4/ip_input.c | 7 net/mac80211/rx.c | 4 net/rose/rose_route.c | 15 net/sched/sch_api.c | 19 net/vmw_vsock/vmci_transport.c | 4 sound/isa/sb/sb16_main.c | 7 sound/soc/amd/yc/acp6x-mach.c | 14 tools/testing/selftests/iommu/iommufd.c | 32 - tools/testing/selftests/iommu/iommufd_utils.h | 9 212 files changed, 2310 insertions(+), 984 deletions(-) Ahmed Zaki (1): idpf: convert control queue mutex to a spinlock Alok Tiwari (5): platform/mellanox: mlxbf-pmc: Fix duplicate event ID for CACHE_DATA1 platform/mellanox: nvsw-sn2201: Fix bus number in adapter error message nvme: Fix incorrect cdw15 value in passthru error logging platform/mellanox: mlxreg-lc: Fix logic error in power state check enic: fix incorrect MTU comparison in enic_change_mtu() Andrei Kuchynski (1): usb: typec: displayport: Fix potential deadlock Antoine Tenart (1): net: ipv4: fix stat increase when udp early demux drops the packet Armin Wolf (1): platform/x86: wmi: Fix WMI event enablement Arnd Bergmann (1): RDMA/mlx5: reduce stack usage in mlx5_ib_ufile_hw_cleanup Avri Altman (1): mmc: core: sd: Apply BROKEN_SD_DISCARD quirk earlier Bart Van Assche (1): scsi: ufs: core: Fix spelling of a sysfs attribute name Benjamin Coddington (1): NFSv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN Borislav Petkov (1): KVM: x86: Sort CPUID_8000_0021_EAX leaf bits properly Borislav Petkov (AMD) (5): x86/bugs: Rename MDS machinery to something more generic x86/bugs: Add a Transient Scheduler Attacks mitigation KVM: SVM: Advertise TSA CPUID bits to guests x86/microcode/AMD: Add TSA microcode SHAs x86/process: Move the buffer clearing before MONITOR Bui Quang Minh (2): virtio-net: xsk: rx: fix the frame's length check virtio-net: ensure the received length does not exceed allocated size Christian Brauner (1): anon_inode: rework assertions Christian Eggers (4): Bluetooth: HCI: Set extended advertising data synchronously Bluetooth: hci_sync: revert some mesh modifications Bluetooth: MGMT: set_mesh: update LE scan interval and window Bluetooth: MGMT: mesh_send: check instances prior disabling advertising Christian König (1): dma-buf: fix timeout handling in dma_resv_wait_timeout v2 Christoph Hellwig (1): scsi: core: Enforce unlimited max_segment_size when virt_boundary_mask is set Dan Carpenter (2): drm/i915/selftests: Change mock_request() to return error pointers lib: test_objagg: Set error message in check_expect_hints_stats() Darrick J. Wong (1): xfs: actually use the xfs_growfs_check_rtgeom tracepoint David Howells (5): netfs: Fix hang due to missing case in final DIO read result collection netfs: Fix looping in wait functions netfs: Fix ref leak on inserted extra subreq in write retry netfs: Fix i_size updating netfs: Fix double put of request David Thompson (1): platform/mellanox: mlxbf-tmfifo: fix vring_desc.len assignment Dmitry Baryshkov (2): drm/bridge: panel: move prepare_prev_first handling to drm_panel_bridge_add_typed drm/bridge: aux-hpd-bridge: fix assignment of the of_node Dmitry Bogdanov (1): nvmet: fix memory leak of bio integrity Elena Popa (1): rtc: pcf2127: fix SPI command byte for PCF2131 Eugen Hristev (1): nvme-pci: refresh visible attrs after being checked Filipe Manana (7): btrfs: fix failure to rebuild free space tree using multiple transactions btrfs: fix missing error handling when searching for inode refs during log replay btrfs: fix iteration of extrefs during log replay btrfs: fix inode lookup error handling during log replay btrfs: record new subvolume in parent dir earlier to avoid dir logging races btrfs: propagate last_unlink_trans earlier when doing a rmdir btrfs: use btrfs_record_snapshot_destroy() during rmdir Fushuai Wang (1): dpaa2-eth: fix xdp_rxq_info leak Gabor Juhos (1): spi: spi-qpic-snand: reallocate BAM transactions Gabriel Santese (1): ASoC: amd: yc: Add quirk for MSI Bravo 17 D7VF internal mic Geliang Tang (1): nvme-multipath: fix suspicious RCU usage warning Greg Kroah-Hartman (1): Linux 6.15.6 Gyeyoung Baek (1): genirq/irq_sim: Initialize work context pointers properly Harry Austen (1): drm/xe: Allow dropping kunit dependency as built-in HarshaVardhana S A (1): vsock/vmci: Clear the vmci transport packet properly when initializing it Heikki Krogerus (1): usb: acpi: fix device link removal Heiko Stuebner (1): regulator: fan53555: add enable_time support and soft-start times Hongyu Xie (1): xhci: Disable stream for xHC controller with XHCI_BROKEN_STREAMS Hugo Villeneuve (1): rtc: pcf2127: add missing semicolon after statement Jake Hillion (1): x86/platform/amd: move final timeout check to after final sleep James Clark (1): spi: spi-fsl-dspi: Clear completion counter before initiating transfer Janne Grunau (1): arm64: dts: apple: t8103: Fix PCIe BCM4377 nodename Janusz Krzysztofik (1): drm/i915/gt: Fix timeline left held on VMA alloc error Jeff LaBundy (1): Input: iqs7222 - explicitly define number of external channels Jens Wiklander (1): optee: ffa: fix sleep in atomic context Jeongjun Park (1): mm/vmalloc: fix data race in show_numa_info() Jia Yao (1): drm/xe: Fix out-of-bounds field write in MI_STORE_DATA_IMM Jiawen Wu (2): net: txgbe: request MISC IRQ in ndo_open net: libwx: fix the incorrect display of the queue number Johannes Berg (3): ata: pata_cs5536: fix build on 32-bit UML wifi: mac80211: drop invalid source address OCB frames wifi: ath6kl: remove WARN on bad firmware input John Harrison (1): drm/xe/guc: Enable w/a 16026508708 Junxiao Chang (1): drm/i915/gsc: mei interrupt top half should be in irq disabled context Justin Sanders (1): aoe: defer rexmit timer downdev work to workqueue Kohei Enju (1): rose: fix dangling neighbour pointers in rose_rt_device_down() Krzysztof Kozlowski (2): dt-bindings: net: sophgo,sg2044-dwmac: Drop status from the example dt-bindings: i2c: realtek,rtl9301: Fix missing 'reg' constraint Kuen-Han Tsai (1): usb: dwc3: Abort suspend on soft disconnect failure Kuniyuki Iwashima (1): nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails. Kurt Borja (7): platform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks platform/x86: hp-bioscfg: Fix class device unregistration platform/x86: think-lmi: Fix class device unregistration platform/x86: dell-wmi-sysman: Fix class device unregistration platform/x86: think-lmi: Create ksets consecutively platform/x86: think-lmi: Fix kobject cleanup platform/x86: think-lmi: Fix sysfs group cleanup Lion Ackermann (1): net/sched: Always pass notifications when child class becomes empty Lu Baolu (1): iommu/vt-d: Assign devtlb cache tag on ATS enablement Lucas De Marchi (2): drm/xe/guc_pc: Add _locked variant for min/max freq drm/xe: Split xe_device_td_flush() Madhavan Srinivasan (1): powerpc: Fix struct termio related ioctl macros Manivannan Sadhasivam (1): regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods Marek Szyprowski (1): drm/exynos: fimd: Guard display clock control with runtime PM calls Mario Limonciello (1): platform/x86/amd/pmc: Add PCSpecialist Lafite Pro V 14M to 8042 quirks list Mark Zhang (1): RDMA/mlx5: Initialize obj_event->obj_sub_list before xa_insert Marko Kiiskila (1): drm/vmwgfx: Fix guests running with TDX/SEV Masami Hiramatsu (Google) (2): mtk-sd: Fix a pagefault in dma_unmap_sg() for not prepared data mtk-sd: Prevent memory corruption from DMA map failure Mateusz Jończyk (1): rtc: cmos: use spin_lock_irqsave in cmos_interrupt Mathias Nyman (1): xhci: dbc: Flush queued requests before stopping dbc Maurizio Lombardi (1): scsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port() Maíra Canal (1): drm/v3d: Disable interrupts before resetting the GPU Michael J. Ruhl (1): i2c/designware: Fix an initialization issue Michal Swiatkowski (1): idpf: return 0 size for RSS key if not supported Nicolin Chen (3): iommufd/selftest: Add missing close(mfd) in memfd_mmap() iommufd/selftest: Add asserts testing global mfd iommufd/selftest: Fix iommufd_dirty_tracking with large hugepage sizes Niklas Schnelle (2): s390/pci: Fix stale function handles in error handling s390/pci: Do not try re-enabling load/store if device is disabled Nilton Perim Neto (1): Input: xpad - support Acer NGR 200 Controller Oleksij Rempel (1): net: usb: lan78xx: fix WARN in __netif_napi_del_locked on disconnect Oliver Neukum (1): Logitech C-270 even more broken Or Har-Toov (2): RDMA/mlx5: Fix unsafe xarray access in implicit ODP handling IB/mlx5: Fix potential deadlock in MR deregistration Pablo Martin-Gomez (1): mtd: spinand: fix memory leak of ECC engine conf Patrisious Haddad (3): RDMA/mlx5: Fix HW counters query for non-representor devices RDMA/mlx5: Fix CC counters query for MPV RDMA/mlx5: Fix vport loopback for MPV device Paulo Alcantara (5): smb: client: fix warning when reconnecting channel smb: client: set missing retry flag in smb2_writev_callback() smb: client: set missing retry flag in cifs_readv_callback() smb: client: set missing retry flag in cifs_writev_callback() smb: client: fix native SMB symlink traversal Pawel Laszczak (1): usb: cdnsp: Fix issue with CV Bad Descriptor test Peter Chen (1): usb: cdnsp: do not disable slot for disabled slot Peter Zijlstra (1): module: Provide EXPORT_SYMBOL_GPL_FOR_MODULES() helper Philipp Kerling (1): smb: client: fix readdir returning wrong type with POSIX extensions Qasim Ijaz (2): HID: appletb-kbd: fix memory corruption of input_handler_list HID: appletb-kbd: fix slab use-after-free bug in appletb_kbd_probe RD Babiera (1): usb: typec: altmodes/displayport: do not index invalid pin_assignments Rafael J. Wysocki (1): ACPICA: Refuse to evaluate a method if arguments are missing Raju Rangoju (3): amd-xgbe: align CL37 AN sequence as per databook amd-xgbe: do not double read link status usb: xhci: quirk for data loss in ISOC transfers Raven Black (1): ASoC: amd: yc: update quirk data for HP Victus Rob Clark (2): drm/msm: Fix a fence leak in submit error path drm/msm: Fix another leak in the submit error path Roy Luo (2): usb: xhci: Skip xhci_reset in xhci_resume if xhci is being removed Revert "usb: xhci: Implement xhci_handshake_check_state() helper" SCHNEIDER Johannes (1): usb: dwc3: gadget: Fix TRB reclaim logic for short transfers and ZLPs Sergey Senozhatsky (1): mtk-sd: reset host->mrq on prepare_data() error Shivank Garg (1): fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass Shyam Prasad N (1): cifs: all initializations for tcon should happen in tcon_info_alloc Simon Xue (1): iommu/rockchip: prevent iommus dead loop when two masters share one IOMMU Sudeep Holla (3): firmware: arm_ffa: Fix memory leak by freeing notifier callback node firmware: arm_ffa: Move memory allocation outside the mutex locking firmware: arm_ffa: Replace mutex with rwlock to avoid sleep in atomic context Sven Peter (2): arm64: dts: apple: Drop {address,size}-cells from SPI NOR arm64: dts: apple: Move touchbar mipi {address,size}-cells from dtsi to dts Takashi Iwai (2): ALSA: sb: Don't allow changing the DMA mode during operations ALSA: sb: Force to disable DMAs once when DMA mode is changed Tasos Sahanidis (1): ata: libata-acpi: Do not assume 40 wire cable if no devices are enabled Thomas Fourier (4): scsi: qla2xxx: Fix DMA mapping test in qla24xx_get_port_database() scsi: qla4xxx: Fix missing DMA mapping error in qla4xxx_alloc_pdu() ethernet: atl1: Add missing DMA mapping error checks and count errors nui: Fix dma_mapping_error() check Tigran Mkrtchyan (1): flexfiles/pNFS: update stats on NFS4ERR_DELAY for v4.1 DSes Trond Myklebust (1): NFSv4/flexfiles: Fix handling of NFS level errors in I/O Tudor Ambarus (1): firmware: exynos-acpm: fix timeouts on xfers handling Uladzislau Rezki (Sony) (1): rcu: Return early if callback is not specified Ulf Hansson (1): Revert "mmc: sdhci: Disable SD card clock before changing parameters" Victor Shih (3): mmc: sdhci: Add a helper function for dump register in dynamic debug mode mmc: sdhci-uhs2: Adjust some error messages and register dump for SD UHS-II card mmc: core: Adjust some error messages for SD UHS-II cards Vinay Belgaumkar (2): drm/xe/bmg: Update Wa_14022085890 drm/xe/bmg: Update Wa_22019338487 Viresh Kumar (1): firmware: arm_ffa: Fix the missing entry in struct ffa_indirect_msg_hdr Vitaly Lifshits (1): igc: disable L1.2 PCI-E link substate to avoid performance issue Vivian Wang (1): riscv: cpu_ops_sbi: Use static array for boot_data Wang Zhaolong (1): smb: client: fix race condition in negotiate timeout by using more precise timing Xu Yang (1): usb: chipidea: udc: disconnect/reconnect from host when do suspend/resume Yang Li (1): Bluetooth: Prevent unintended pause by checking if advertising is active Yunshui Jiang (1): Input: cs40l50-vibra - fix potential NULL dereference in cs40l50_upload_owt() Zhang Rui (1): powercap: intel_rapl: Do not change CLAMPING bit if ENABLE bit cannot be changed jackysliu (1): scsi: sd: Fix VPD page 0xb7 length check Łukasz Bartosik (1): xhci: dbctty: disable ECHO flag by default

3 months, 3 weeks

1
1
0 0

Linux 6.12.37

by Greg Kroah-Hartman

I'm announcing the release of the 6.12.37 kernel. All users of the 6.12 kernel series must upgrade. The updated 6.12.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.12.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/ABI/testing/sysfs-devices-system-cpu | 1 Documentation/ABI/testing/sysfs-driver-ufs | 2 Documentation/admin-guide/hw-vuln/processor_mmio_stale_data.rst | 4 Documentation/admin-guide/kernel-parameters.txt | 13 Documentation/arch/x86/mds.rst | 8 Documentation/core-api/symbol-namespaces.rst | 22 Makefile | 2 arch/arm64/boot/dts/apple/t8103-jxxx.dtsi | 2 arch/arm64/boot/dts/qcom/sm8650.dtsi | 163 - arch/arm64/boot/dts/qcom/x1e80100-crd.dts | 2 arch/arm64/boot/dts/renesas/beacon-renesom-som.dtsi | 3 arch/arm64/boot/dts/renesas/cat875.dtsi | 3 arch/arm64/boot/dts/renesas/condor-common.dtsi | 3 arch/arm64/boot/dts/renesas/draak.dtsi | 3 arch/arm64/boot/dts/renesas/ebisu.dtsi | 3 arch/arm64/boot/dts/renesas/hihope-rzg2-ex.dtsi | 3 arch/arm64/boot/dts/renesas/r8a77970-eagle.dts | 3 arch/arm64/boot/dts/renesas/r8a77970-v3msk.dts | 3 arch/arm64/boot/dts/renesas/r8a77980-v3hsk.dts | 3 arch/arm64/boot/dts/renesas/r8a779a0-falcon.dts | 3 arch/arm64/boot/dts/renesas/r8a779f0-spider-ethernet.dtsi | 9 arch/arm64/boot/dts/renesas/r8a779f4-s4sk.dts | 6 arch/arm64/boot/dts/renesas/r8a779g2-white-hawk-single.dts | 63 arch/arm64/boot/dts/renesas/r8a779h0-gray-hawk-single.dts | 3 arch/arm64/boot/dts/renesas/rzg2l-smarc-som.dtsi | 6 arch/arm64/boot/dts/renesas/rzg2lc-smarc-som.dtsi | 3 arch/arm64/boot/dts/renesas/rzg2ul-smarc-som.dtsi | 6 arch/arm64/boot/dts/renesas/rzg3s-smarc-som.dtsi | 6 arch/arm64/boot/dts/renesas/salvator-common.dtsi | 3 arch/arm64/boot/dts/renesas/ulcb.dtsi | 3 arch/arm64/boot/dts/renesas/white-hawk-cpu-common.dtsi | 3 arch/arm64/boot/dts/renesas/white-hawk-ethernet.dtsi | 6 arch/arm64/boot/dts/renesas/white-hawk-single.dtsi | 77 arch/arm64/boot/dts/rockchip/rk3399-puma.dtsi | 42 arch/powerpc/include/uapi/asm/ioctls.h | 8 arch/powerpc/kernel/Makefile | 2 arch/riscv/kernel/cpu_ops_sbi.c | 6 arch/s390/pci/pci_event.c | 15 arch/x86/Kconfig | 9 arch/x86/entry/entry.S | 8 arch/x86/include/asm/cpu.h | 12 arch/x86/include/asm/cpufeatures.h | 6 arch/x86/include/asm/irqflags.h | 4 arch/x86/include/asm/mwait.h | 28 arch/x86/include/asm/nospec-branch.h | 37 arch/x86/kernel/cpu/amd.c | 60 arch/x86/kernel/cpu/bugs.c | 133 arch/x86/kernel/cpu/common.c | 14 arch/x86/kernel/cpu/microcode/amd.c | 12 arch/x86/kernel/cpu/microcode/amd_shas.c | 112 arch/x86/kernel/cpu/scattered.c | 2 arch/x86/kernel/process.c | 16 arch/x86/kvm/cpuid.c | 8 arch/x86/kvm/reverse_cpuid.h | 8 arch/x86/kvm/svm/vmenter.S | 6 arch/x86/kvm/vmx/vmx.c | 2 drivers/acpi/acpica/dsmethod.c | 7 drivers/acpi/thermal.c | 12 drivers/ata/libata-acpi.c | 24 drivers/ata/pata_cs5536.c | 2 drivers/ata/pata_via.c | 6 drivers/base/cpu.c | 3 drivers/block/aoe/aoe.h | 1 drivers/block/aoe/aoecmd.c | 8 drivers/block/aoe/aoedev.c | 5 drivers/crypto/intel/iaa/iaa_crypto_main.c | 140 drivers/crypto/xilinx/zynqmp-sha.c | 18 drivers/dma-buf/dma-resv.c | 12 drivers/firmware/arm_ffa/driver.c | 59 drivers/gpu/drm/amd/amdgpu/amdgpu_mes.c | 14 drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c | 10 drivers/gpu/drm/amd/amdgpu/gfx_v11_0.c | 4 drivers/gpu/drm/amd/amdgpu/imu_v11_0.c | 6 drivers/gpu/drm/amd/amdgpu/psp_v13_0.c | 2 drivers/gpu/drm/amd/amdgpu/vcn_v5_0_1.c | 1624 ++++++++++ drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c | 35 drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0.c | 8 drivers/gpu/drm/bridge/aux-hpd-bridge.c | 3 drivers/gpu/drm/exynos/exynos_drm_fimd.c | 12 drivers/gpu/drm/i915/display/intel_dp.c | 18 drivers/gpu/drm/i915/gt/intel_gsc.c | 2 drivers/gpu/drm/i915/gt/intel_ring_submission.c | 3 drivers/gpu/drm/i915/selftests/i915_request.c | 20 drivers/gpu/drm/i915/selftests/mock_request.c | 2 drivers/gpu/drm/msm/msm_gem_submit.c | 17 drivers/gpu/drm/tiny/simpledrm.c | 4 drivers/gpu/drm/v3d/v3d_drv.h | 8 drivers/gpu/drm/v3d/v3d_gem.c | 2 drivers/gpu/drm/v3d/v3d_irq.c | 37 drivers/gpu/drm/xe/Kconfig | 3 drivers/gpu/drm/xe/abi/guc_communication_ctb_abi.h | 1 drivers/gpu/drm/xe/compat-i915-headers/gem/i915_gem_stolen.h | 2 drivers/gpu/drm/xe/display/xe_dsb_buffer.c | 18 drivers/gpu/drm/xe/display/xe_fb_pin.c | 17 drivers/gpu/drm/xe/regs/xe_reg_defs.h | 2 drivers/gpu/drm/xe/xe_bo.c | 78 drivers/gpu/drm/xe/xe_bo.h | 40 drivers/gpu/drm/xe/xe_bo_evict.c | 14 drivers/gpu/drm/xe/xe_bo_types.h | 10 drivers/gpu/drm/xe/xe_device.c | 55 drivers/gpu/drm/xe/xe_ggtt.c | 35 drivers/gpu/drm/xe/xe_guc.c | 4 drivers/gpu/drm/xe/xe_guc_ct.c | 350 +- drivers/gpu/drm/xe/xe_guc_ct.h | 2 drivers/gpu/drm/xe/xe_guc_ct_types.h | 23 drivers/gpu/drm/xe/xe_guc_pc.c | 144 drivers/gpu/drm/xe/xe_guc_pc.h | 2 drivers/gpu/drm/xe/xe_guc_pc_types.h | 2 drivers/gpu/drm/xe/xe_irq.c | 4 drivers/gpu/drm/xe/xe_trace_bo.h | 2 drivers/i2c/busses/i2c-designware-master.c | 1 drivers/infiniband/hw/mlx5/counters.c | 4 drivers/infiniband/hw/mlx5/devx.c | 2 drivers/infiniband/hw/mlx5/main.c | 33 drivers/infiniband/hw/mlx5/mr.c | 63 drivers/infiniband/hw/mlx5/odp.c | 8 drivers/infiniband/sw/rxe/rxe_qp.c | 7 drivers/input/joystick/xpad.c | 2 drivers/input/misc/cs40l50-vibra.c | 2 drivers/input/misc/iqs7222.c | 7 drivers/iommu/ipmmu-vmsa.c | 2 drivers/iommu/rockchip-iommu.c | 3 drivers/mfd/exynos-lpass.c | 25 drivers/mmc/core/quirks.h | 12 drivers/mmc/host/mtk-sd.c | 21 drivers/mmc/host/sdhci.c | 9 drivers/mmc/host/sdhci.h | 16 drivers/mtd/nand/spi/core.c | 1 drivers/net/bonding/bond_main.c | 8 drivers/net/ethernet/amd/xgbe/xgbe-common.h | 2 drivers/net/ethernet/amd/xgbe/xgbe-mdio.c | 13 drivers/net/ethernet/amd/xgbe/xgbe-phy-v2.c | 24 drivers/net/ethernet/amd/xgbe/xgbe.h | 4 drivers/net/ethernet/atheros/atlx/atl1.c | 79 drivers/net/ethernet/cisco/enic/enic_main.c | 4 drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 26 drivers/net/ethernet/intel/idpf/idpf_controlq.c | 23 drivers/net/ethernet/intel/idpf/idpf_controlq_api.h | 2 drivers/net/ethernet/intel/idpf/idpf_ethtool.c | 4 drivers/net/ethernet/intel/idpf/idpf_lib.c | 12 drivers/net/ethernet/intel/igc/igc_main.c | 10 drivers/net/ethernet/sun/niu.c | 31 drivers/net/ethernet/sun/niu.h | 4 drivers/net/ethernet/wangxun/libwx/wx_lib.c | 1 drivers/net/ethernet/wangxun/txgbe/txgbe_irq.c | 2 drivers/net/ethernet/wangxun/txgbe/txgbe_main.c | 22 drivers/net/usb/lan78xx.c | 2 drivers/net/virtio_net.c | 60 drivers/net/wireless/ath/ath12k/dp_rx.c | 3 drivers/net/wireless/ath/ath12k/dp_rx.h | 3 drivers/net/wireless/ath/ath12k/dp_tx.c | 21 drivers/net/wireless/ath/ath12k/mac.c | 16 drivers/net/wireless/ath/ath6kl/bmi.c | 4 drivers/nvme/host/core.c | 2 drivers/nvme/target/nvmet.h | 2 drivers/platform/mellanox/mlxbf-pmc.c | 2 drivers/platform/mellanox/mlxbf-tmfifo.c | 3 drivers/platform/mellanox/mlxreg-lc.c | 2 drivers/platform/mellanox/nvsw-sn2201.c | 2 drivers/platform/x86/amd/pmc/pmc-quirks.c | 9 drivers/platform/x86/dell/dell-wmi-sysman/dell-wmi-sysman.h | 5 drivers/platform/x86/dell/dell-wmi-sysman/enum-attributes.c | 5 drivers/platform/x86/dell/dell-wmi-sysman/int-attributes.c | 5 drivers/platform/x86/dell/dell-wmi-sysman/passobj-attributes.c | 5 drivers/platform/x86/dell/dell-wmi-sysman/string-attributes.c | 5 drivers/platform/x86/dell/dell-wmi-sysman/sysman.c | 25 drivers/platform/x86/firmware_attributes_class.c | 41 drivers/platform/x86/firmware_attributes_class.h | 3 drivers/platform/x86/hp/hp-bioscfg/bioscfg.c | 14 drivers/platform/x86/think-lmi.c | 103 drivers/powercap/intel_rapl_common.c | 18 drivers/regulator/fan53555.c | 14 drivers/regulator/gpio-regulator.c | 8 drivers/remoteproc/ti_k3_dsp_remoteproc.c | 6 drivers/remoteproc/ti_k3_m4_remoteproc.c | 6 drivers/remoteproc/ti_k3_r5_remoteproc.c | 180 - drivers/rtc/rtc-cmos.c | 10 drivers/rtc/rtc-pcf2127.c | 7 drivers/scsi/lpfc/lpfc_bsg.c | 6 drivers/scsi/lpfc/lpfc_crtn.h | 2 drivers/scsi/lpfc/lpfc_ct.c | 18 drivers/scsi/lpfc/lpfc_debugfs.c | 4 drivers/scsi/lpfc/lpfc_disc.h | 60 drivers/scsi/lpfc/lpfc_els.c | 437 +- drivers/scsi/lpfc/lpfc_hbadisc.c | 305 - drivers/scsi/lpfc/lpfc_init.c | 58 drivers/scsi/lpfc/lpfc_nportdisc.c | 329 -- drivers/scsi/lpfc/lpfc_nvme.c | 9 drivers/scsi/lpfc/lpfc_nvmet.c | 2 drivers/scsi/lpfc/lpfc_scsi.c | 8 drivers/scsi/lpfc/lpfc_sli.c | 78 drivers/scsi/lpfc/lpfc_vport.c | 6 drivers/scsi/qla2xxx/qla_mbx.c | 2 drivers/scsi/qla4xxx/ql4_os.c | 2 drivers/scsi/sd.c | 2 drivers/spi/spi-fsl-dspi.c | 11 drivers/target/target_core_pr.c | 4 drivers/tee/optee/ffa_abi.c | 41 drivers/tee/optee/optee_private.h | 2 drivers/ufs/core/ufs-sysfs.c | 4 drivers/usb/cdns3/cdnsp-debug.h | 5 drivers/usb/cdns3/cdnsp-ep0.c | 18 drivers/usb/cdns3/cdnsp-gadget.h | 6 drivers/usb/cdns3/cdnsp-ring.c | 7 drivers/usb/chipidea/udc.c | 7 drivers/usb/core/hub.c | 3 drivers/usb/core/quirks.c | 3 drivers/usb/core/usb-acpi.c | 4 drivers/usb/dwc3/core.c | 9 drivers/usb/dwc3/gadget.c | 22 drivers/usb/host/xhci-dbgcap.c | 4 drivers/usb/host/xhci-dbgtty.c | 1 drivers/usb/host/xhci-mem.c | 4 drivers/usb/host/xhci-pci.c | 25 drivers/usb/host/xhci-plat.c | 3 drivers/usb/host/xhci-ring.c | 5 drivers/usb/host/xhci.c | 31 drivers/usb/host/xhci.h | 3 drivers/usb/typec/altmodes/displayport.c | 5 drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.c | 14 fs/anon_inodes.c | 27 fs/bcachefs/fsck.c | 2 fs/bcachefs/recovery.c | 2 fs/bcachefs/util.h | 2 fs/btrfs/file.c | 21 fs/btrfs/inode.c | 36 fs/btrfs/ioctl.c | 4 fs/btrfs/tree-log.c | 377 +- fs/erofs/xattr.c | 2 fs/f2fs/data.c | 2 fs/f2fs/f2fs.h | 35 fs/f2fs/file.c | 3 fs/f2fs/gc.h | 1 fs/f2fs/segment.c | 11 fs/f2fs/segment.h | 10 fs/f2fs/super.c | 42 fs/file_table.c | 4 fs/gfs2/aops.c | 54 fs/gfs2/aops.h | 3 fs/gfs2/bmap.c | 3 fs/gfs2/glock.c | 19 fs/gfs2/glops.c | 9 fs/gfs2/incore.h | 3 fs/gfs2/inode.c | 96 fs/gfs2/inode.h | 1 fs/gfs2/log.c | 7 fs/gfs2/super.c | 114 fs/gfs2/trace_gfs2.h | 9 fs/gfs2/trans.c | 21 fs/gfs2/trans.h | 2 fs/gfs2/xattr.c | 11 fs/gfs2/xattr.h | 2 fs/kernfs/file.c | 2 fs/netfs/buffered_write.c | 2 fs/netfs/direct_write.c | 8 fs/netfs/write_collect.c | 5 fs/nfs/flexfilelayout/flexfilelayout.c | 121 fs/nfs/inode.c | 17 fs/nfs/pnfs.c | 4 fs/smb/client/cifsglob.h | 2 fs/smb/client/cifsproto.h | 1 fs/smb/client/cifssmb.c | 2 fs/smb/client/connect.c | 15 fs/smb/client/misc.c | 6 fs/smb/client/readdir.c | 2 fs/smb/client/smb2pdu.c | 11 include/linux/bpf_verifier.h | 31 include/linux/cpu.h | 1 include/linux/dcache.h | 1 include/linux/export.h | 12 include/linux/fs.h | 2 include/linux/libata.h | 7 include/linux/spinlock.h | 13 include/linux/usb.h | 2 include/linux/usb/typec_dp.h | 1 kernel/bpf/verifier.c | 125 kernel/irq/irq_sim.c | 2 kernel/rcu/tree.c | 4 kernel/sched/core.c | 4 kernel/sched/debug.c | 7 kernel/sched/ext.c | 12 kernel/sched/fair.c | 117 kernel/sched/pelt.c | 4 kernel/sched/sched.h | 5 lib/Kconfig.ubsan | 2 lib/test_objagg.c | 4 mm/secretmem.c | 10 mm/userfaultfd.c | 33 mm/vmalloc.c | 63 net/bluetooth/hci_event.c | 36 net/bluetooth/hci_sync.c | 227 - net/bluetooth/mgmt.c | 25 net/mac80211/rx.c | 4 net/rose/rose_route.c | 15 net/sched/sch_api.c | 19 net/sunrpc/rpc_pipe.c | 14 net/vmw_vsock/vmci_transport.c | 4 security/selinux/ss/services.c | 16 sound/isa/sb/sb16_main.c | 7 sound/soc/amd/yc/acp6x-mach.c | 14 sound/soc/codecs/tas2764.c | 46 sound/soc/codecs/tas2764.h | 3 tools/testing/kunit/qemu_configs/sparc.py | 7 tools/testing/selftests/iommu/iommufd.c | 30 304 files changed, 5903 insertions(+), 2737 deletions(-) Ahmed Zaki (1): idpf: convert control queue mutex to a spinlock Al Viro (1): add a string-to-qstr constructor Alex Deucher (1): drm/amdgpu/mes: add missing locking in helper functions Alok Tiwari (5): platform/mellanox: mlxbf-pmc: Fix duplicate event ID for CACHE_DATA1 platform/mellanox: nvsw-sn2201: Fix bus number in adapter error message nvme: Fix incorrect cdw15 value in passthru error logging platform/mellanox: mlxreg-lc: Fix logic error in power state check enic: fix incorrect MTU comparison in enic_change_mtu() Andreas Gruenbacher (12): gfs2: Initialize gl_no_formal_ino earlier gfs2: Rename GIF_{DEFERRED -> DEFER}_DELETE gfs2: Rename dinode_demise to evict_behavior gfs2: Prevent inode creation race gfs2: Decode missing glock flags in tracepoints gfs2: Add GLF_PENDING_REPLY flag gfs2: Replace GIF_DEFER_DELETE with GLF_DEFER_DELETE gfs2: Move gfs2_dinode_dealloc gfs2: Move GIF_ALLOC_FAILED check out of gfs2_ea_dealloc gfs2: deallocate inodes in gfs2_create_inode gfs2: Move gfs2_trans_add_databufs gfs2: Don't start unnecessary transactions during log flush Andrei Kuchynski (1): usb: typec: displayport: Fix potential deadlock Andrii Nakryiko (1): bpf: use common instruction history across all states Armin Wolf (1): ACPI: thermal: Execute _SCP before reading trip points Arnd Bergmann (1): iommu: ipmmu-vmsa: avoid Wformat-security warning Avri Altman (1): mmc: core: sd: Apply BROKEN_SD_DISCARD quirk earlier Bart Van Assche (1): scsi: ufs: core: Fix spelling of a sysfs attribute name Beleswar Padhi (5): remoteproc: k3-r5: Add devm action to release reserved memory remoteproc: k3-r5: Use devm_kcalloc() helper remoteproc: k3-r5: Use devm_ioremap_wc() helper remoteproc: k3-r5: Use devm_rproc_add() helper remoteproc: k3-r5: Refactor sequential core power up/down operations Benjamin Coddington (1): NFSv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN Borislav Petkov (AMD) (5): x86/bugs: Rename MDS machinery to something more generic x86/bugs: Add a Transient Scheduler Attacks mitigation KVM: SVM: Advertise TSA CPUID bits to guests x86/microcode/AMD: Add TSA microcode SHAs x86/process: Move the buffer clearing before MONITOR Bui Quang Minh (2): virtio-net: xsk: rx: fix the frame's length check virtio-net: ensure the received length does not exceed allocated size Chao Yu (2): f2fs: zone: introduce first_zoned_segno in f2fs_sb_info f2fs: zone: fix to calculate first_zoned_segno correctly Christian Eggers (4): Bluetooth: HCI: Set extended advertising data synchronously Bluetooth: hci_sync: revert some mesh modifications Bluetooth: MGMT: set_mesh: update LE scan interval and window Bluetooth: MGMT: mesh_send: check instances prior disabling advertising Christian König (1): dma-buf: fix timeout handling in dma_resv_wait_timeout v2 Christian Marangi (1): spinlock: extend guard with spinlock_bh variants Christophe JAILLET (1): mfd: exynos-lpass: Fix another error handling path in exynos_lpass_probe() Cosmin Ratiu (1): bonding: Mark active offloaded xfrm_states Daeho Jeong (1): f2fs: decrease spare area for pinned files for zoned devices Dan Carpenter (2): drm/i915/selftests: Change mock_request() to return error pointers lib: test_objagg: Set error message in check_expect_hints_stats() David Gow (1): kunit: qemu_configs: Disable faulting tests on 32-bit SPARC David Howells (2): netfs: Fix i_size updating netfs: Fix oops in write-retry from mis-resetting the subreq iterator David Thompson (1): platform/mellanox: mlxbf-tmfifo: fix vring_desc.len assignment Dmitry Baryshkov (1): drm/bridge: aux-hpd-bridge: fix assignment of the of_node Dmitry Bogdanov (1): nvmet: fix memory leak of bio integrity Elena Popa (1): rtc: pcf2127: fix SPI command byte for PCF2131 Ewan D. Milne (1): scsi: lpfc: Restore clearing of NLP_UNREG_INP in ndlp->nlp_flag Filipe Manana (10): btrfs: fix missing error handling when searching for inode refs during log replay btrfs: fix iteration of extrefs during log replay btrfs: return a btrfs_inode from btrfs_iget_logging() btrfs: return a btrfs_inode from read_one_inode() btrfs: fix invalid inode pointer dereferences during log replay btrfs: fix inode lookup error handling during log replay btrfs: record new subvolume in parent dir earlier to avoid dir logging races btrfs: propagate last_unlink_trans earlier when doing a rmdir btrfs: use btrfs_record_snapshot_destroy() during rmdir btrfs: fix wrong start offset for delalloc space release during mmap write Frank Min (1): drm/amdgpu: add kicker fws loading for gfx11/smu13/psp13 Fushuai Wang (1): dpaa2-eth: fix xdp_rxq_info leak Gabriel Santese (1): ASoC: amd: yc: Add quirk for MSI Bravo 17 D7VF internal mic Geert Uytterhoeven (3): arm64: dts: renesas: Use interrupts-extended for Ethernet PHYs arm64: dts: renesas: Factor out White Hawk Single board support arm64: dts: renesas: white-hawk-single: Improve Ethernet TSN description Greg Kroah-Hartman (1): Linux 6.12.37 Gyeyoung Baek (1): genirq/irq_sim: Initialize work context pointers properly Harry Austen (1): drm/xe: Allow dropping kunit dependency as built-in HarshaVardhana S A (1): vsock/vmci: Clear the vmci transport packet properly when initializing it Heikki Krogerus (1): usb: acpi: fix device link removal Heiko Stuebner (1): regulator: fan53555: add enable_time support and soft-start times Herbert Xu (3): crypto: iaa - Remove dst_null support crypto: iaa - Do not clobber req->base.data crypto: zynqmp-sha - Add locking Hongyu Xie (1): xhci: Disable stream for xHC controller with XHCI_BROKEN_STREAMS Hugo Villeneuve (1): rtc: pcf2127: add missing semicolon after statement Imre Deak (1): drm/i915/dp_mst: Work around Thunderbolt sink disconnect after SINK_COUNT_ESI read James Clark (1): spi: spi-fsl-dspi: Clear completion counter before initiating transfer Janne Grunau (1): arm64: dts: apple: t8103: Fix PCIe BCM4377 nodename Janusz Krzysztofik (1): drm/i915/gt: Fix timeline left held on VMA alloc error Jeff LaBundy (1): Input: iqs7222 - explicitly define number of external channels Jens Wiklander (1): optee: ffa: fix sleep in atomic context Jeongjun Park (1): mm/vmalloc: fix data race in show_numa_info() Jiawen Wu (2): net: txgbe: request MISC IRQ in ndo_open net: libwx: fix the incorrect display of the queue number Johan Hovold (1): arm64: dts: qcom: x1e80100-crd: mark l12b and l15b always-on Johannes Berg (3): ata: pata_cs5536: fix build on 32-bit UML wifi: mac80211: drop invalid source address OCB frames wifi: ath6kl: remove WARN on bad firmware input John Harrison (1): drm/xe/guc: Dead CT helper Juha-Pekka Heikkila (1): drm/xe: add interface to request physical alignment for buffer objects Junxiao Chang (1): drm/i915/gsc: mei interrupt top half should be in irq disabled context Justin Sanders (1): aoe: defer rexmit timer downdev work to workqueue Justin Tee (3): scsi: lpfc: Remove NLP_RELEASE_RPI flag from nodelist structure scsi: lpfc: Change lpfc_nodelist nlp_flag member into a bitmask scsi: lpfc: Avoid potential ndlp use-after-free in dev_loss_tmo_callbk Kairui Song (1): mm: userfaultfd: fix race of userfaultfd_move and swap cache Kees Cook (1): ubsan: integer-overflow: depend on BROKEN to keep this out of CI Kohei Enju (1): rose: fix dangling neighbour pointers in rose_rt_device_down() Krzysztof Kozlowski (1): arm64: dts: qcom: sm8650: change labels to lower-case Kuen-Han Tsai (1): usb: dwc3: Abort suspend on soft disconnect failure Kuniyuki Iwashima (1): nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails. Kurt Borja (7): platform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks platform/x86: hp-bioscfg: Fix class device unregistration platform/x86: think-lmi: Fix class device unregistration platform/x86: dell-wmi-sysman: Fix class device unregistration platform/x86: think-lmi: Create ksets consecutively platform/x86: think-lmi: Fix kobject cleanup platform/x86: think-lmi: Fix sysfs group cleanup Lion Ackermann (1): net/sched: Always pass notifications when child class becomes empty Longfang Liu (2): hisi_acc_vfio_pci: bugfix cache write-back issue hisi_acc_vfio_pci: bugfix the problem of uninstalling driver Luca Weiss (1): arm64: dts: qcom: sm8650: Fix domain-idle-state for CPU2 Lukasz Czechowski (1): arm64: dts: rockchip: fix internal USB hub instability on RK3399 Puma Maarten Lankhorst (2): drm/xe: Fix DSB buffer coherency drm/xe: Move DSB l2 flush to a more sensible place Madhavan Srinivasan (2): powerpc: Fix struct termio related ioctl macros powerpc/kernel: Fix ppc_save_regs inclusion in build Manivannan Sadhasivam (1): regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods Marek Szyprowski (1): drm/exynos: fimd: Guard display clock control with runtime PM calls Mario Limonciello (1): platform/x86/amd/pmc: Add PCSpecialist Lafite Pro V 14M to 8042 quirks list Mark Zhang (1): RDMA/mlx5: Initialize obj_event->obj_sub_list before xa_insert Markus Elfring (1): remoteproc: k3: Call of_node_put(rmem_np) only once in three functions Martin Povišer (2): ASoC: tas2764: Extend driver to SN012776 ASoC: tas2764: Reinit cache on part reset Masami Hiramatsu (Google) (2): mtk-sd: Fix a pagefault in dma_unmap_sg() for not prepared data mtk-sd: Prevent memory corruption from DMA map failure Mateusz Jończyk (1): rtc: cmos: use spin_lock_irqsave in cmos_interrupt Mathias Nyman (1): xhci: dbc: Flush queued requests before stopping dbc Matthew Auld (1): drm/xe: move DPT l2 flush to a more sensible place Maurizio Lombardi (1): scsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port() Maíra Canal (1): drm/v3d: Disable interrupts before resetting the GPU Michael Guralnik (1): RDMA/mlx5: Fix cache entry update on dereg error Michael J. Ruhl (1): i2c/designware: Fix an initialization issue Michal Swiatkowski (1): idpf: return 0 size for RSS key if not supported Michal Wajdeczko (1): drm/xe/guc: Explicitly exit CT safe mode on unwind Nicholas Kazlauskas (1): drm/amd/display: Add more checks for DSC / HUBP ONO guarantees Nicolas Escande (1): wifi: ath12k: fix skb_ext_desc leak in ath12k_dp_tx() error path Nicolin Chen (1): iommufd/selftest: Fix iommufd_dirty_tracking with large hugepage sizes Niklas Schnelle (2): s390/pci: Fix stale function handles in error handling s390/pci: Do not try re-enabling load/store if device is disabled Nilton Perim Neto (1): Input: xpad - support Acer NGR 200 Controller Niranjana Vishwanathapura (1): drm/xe: Allow bo mapping on multiple ggtts Nitin Gote (1): drm/xe: Replace double space with single space after comma Oleksij Rempel (1): net: usb: lan78xx: fix WARN in __netif_napi_del_locked on disconnect Oliver Neukum (1): Logitech C-270 even more broken Or Har-Toov (2): RDMA/mlx5: Fix unsafe xarray access in implicit ODP handling IB/mlx5: Fix potential deadlock in MR deregistration P Praneesh (1): wifi: ath12k: Handle error cases during extended skb allocation Pablo Martin-Gomez (1): mtd: spinand: fix memory leak of ECC engine conf Patrisious Haddad (3): RDMA/mlx5: Fix HW counters query for non-representor devices RDMA/mlx5: Fix CC counters query for MPV RDMA/mlx5: Fix vport loopback for MPV device Paulo Alcantara (4): smb: client: fix warning when reconnecting channel smb: client: set missing retry flag in smb2_writev_callback() smb: client: set missing retry flag in cifs_readv_callback() smb: client: set missing retry flag in cifs_writev_callback() Pawel Laszczak (1): usb: cdnsp: Fix issue with CV Bad Descriptor test Pengyu Luo (1): arm64: dts: qcom: sm8650: add the missing l2 cache node Peter Chen (1): usb: cdnsp: do not disable slot for disabled slot Peter Zijlstra (1): module: Provide EXPORT_SYMBOL_GPL_FOR_MODULES() helper Philipp Kerling (1): smb: client: fix readdir returning wrong type with POSIX extensions Qu Wenruo (1): btrfs: prepare btrfs_page_mkwrite() for large folios RD Babiera (1): usb: typec: altmodes/displayport: do not index invalid pin_assignments Rafael J. Wysocki (1): ACPICA: Refuse to evaluate a method if arguments are missing Raju Rangoju (3): amd-xgbe: align CL37 AN sequence as per databook amd-xgbe: do not double read link status usb: xhci: quirk for data loss in ISOC transfers Rameshkumar Sundaram (1): wifi: ath12k: fix wrong handling of CCMP256 and GCMP ciphers Raven Black (1): ASoC: amd: yc: update quirk data for HP Victus Rob Clark (2): drm/msm: Fix a fence leak in submit error path drm/msm: Fix another leak in the submit error path Roy Luo (2): usb: xhci: Skip xhci_reset in xhci_resume if xhci is being removed Revert "usb: xhci: Implement xhci_handshake_check_state() helper" Sergey Senozhatsky (1): mtk-sd: reset host->mrq on prepare_data() error Shivank Garg (1): fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass Shyam Prasad N (1): cifs: all initializations for tcon should happen in tcon_info_alloc Simon Xue (1): iommu/rockchip: prevent iommus dead loop when two masters share one IOMMU Sonny Jiang (1): drm/amdgpu: VCN v5_0_1 to prevent FW checking RB during DPG pause Stephen Smalley (1): selinux: change security_compute_sid to return the ssid or tsid on match Sudeep Holla (3): firmware: arm_ffa: Fix memory leak by freeing notifier callback node firmware: arm_ffa: Move memory allocation outside the mutex locking firmware: arm_ffa: Replace mutex with rwlock to avoid sleep in atomic context Takashi Iwai (2): ALSA: sb: Don't allow changing the DMA mode during operations ALSA: sb: Force to disable DMAs once when DMA mode is changed Tasos Sahanidis (1): ata: libata-acpi: Do not assume 40 wire cable if no devices are enabled Tejun Heo (1): sched_ext: Make scx_group_set_weight() always update tg->scx.weight Thomas Fourier (4): scsi: qla2xxx: Fix DMA mapping test in qla24xx_get_port_database() scsi: qla4xxx: Fix missing DMA mapping error in qla4xxx_alloc_pdu() ethernet: atl1: Add missing DMA mapping error checks and count errors nui: Fix dma_mapping_error() check Thomas Weißschuh (7): platform/x86: hp-bioscfg: Directly use firmware_attributes_class platform/x86: firmware_attributes_class: Move include linux/device/class.h platform/x86: firmware_attributes_class: Simplify API platform/x86: think-lmi: Directly use firmware_attributes_class platform/x86: dell-sysman: Directly use firmware_attributes_class kunit: qemu_configs: sparc: use Zilog console kunit: qemu_configs: sparc: Explicitly enable CONFIG_SPARC32=y Thomas Zimmermann (1): drm/simpledrm: Do not upcast in release helpers Trond Myklebust (1): NFSv4/flexfiles: Fix handling of NFS level errors in I/O Uladzislau Rezki (Sony) (1): rcu: Return early if callback is not specified Ulf Hansson (1): Revert "mmc: sdhci: Disable SD card clock before changing parameters" Victor Shih (1): mmc: sdhci: Add a helper function for dump register in dynamic debug mode Vinay Belgaumkar (1): drm/xe/bmg: Update Wa_22019338487 Vincent Guittot (2): sched/fair: Rename h_nr_running into h_nr_queued sched/fair: Add new cfs_rq.h_nr_runnable Vitaly Lifshits (1): igc: disable L1.2 PCI-E link substate to avoid performance issue Vivian Wang (1): riscv: cpu_ops_sbi: Use static array for boot_data Wang Zhaolong (1): smb: client: fix race condition in negotiate timeout by using more precise timing Xu Yang (1): usb: chipidea: udc: disconnect/reconnect from host when do suspend/resume Xuewen Yan (1): sched/fair: Fixup wake_up_sync() vs DELAYED_DEQUEUE Yang Li (1): Bluetooth: Prevent unintended pause by checking if advertising is active Yonghong Song (1): bpf: Do not include stack ptr register in precision backtracking bookkeeping Yunshui Jiang (1): Input: cs40l50-vibra - fix potential NULL dereference in cs40l50_upload_owt() Zhang Rui (1): powercap: intel_rapl: Do not change CLAMPING bit if ENABLE bit cannot be changed Zhu Yanjun (1): RDMA/rxe: Fix "trying to register non-static key in rxe_qp_do_cleanup" bug jackysliu (1): scsi: sd: Fix VPD page 0xb7 length check xueqin Luo (1): ACPI: thermal: Fix stale comment regarding trip points Łukasz Bartosik (1): xhci: dbctty: disable ECHO flag by default

3 months, 3 weeks

1
1
0 0

Linux 6.6.97

by Greg Kroah-Hartman

I'm announcing the release of the 6.6.97 kernel. All users of the 6.6 kernel series must upgrade. The updated 6.6.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.6.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/ABI/testing/sysfs-devices-system-cpu | 1 Documentation/ABI/testing/sysfs-driver-ufs | 2 Documentation/admin-guide/hw-vuln/processor_mmio_stale_data.rst | 4 Documentation/admin-guide/kernel-parameters.txt | 13 Documentation/arch/x86/mds.rst | 8 Documentation/core-api/symbol-namespaces.rst | 22 + Makefile | 2 arch/arm64/boot/dts/apple/t8103-jxxx.dtsi | 2 arch/arm64/boot/dts/qcom/sm8550.dtsi | 30 + arch/powerpc/include/uapi/asm/ioctls.h | 8 arch/powerpc/kernel/Makefile | 2 arch/s390/pci/pci_event.c | 4 arch/x86/Kconfig | 9 arch/x86/entry/entry.S | 8 arch/x86/include/asm/cpu.h | 12 arch/x86/include/asm/cpufeatures.h | 6 arch/x86/include/asm/irqflags.h | 4 arch/x86/include/asm/mwait.h | 28 + arch/x86/include/asm/nospec-branch.h | 37 +- arch/x86/include/uapi/asm/debugreg.h | 21 + arch/x86/kernel/cpu/amd.c | 60 +++ arch/x86/kernel/cpu/bugs.c | 133 +++++++- arch/x86/kernel/cpu/common.c | 38 +- arch/x86/kernel/cpu/microcode/amd.c | 12 arch/x86/kernel/cpu/microcode/amd_shas.c | 112 +++++++ arch/x86/kernel/cpu/scattered.c | 2 arch/x86/kernel/process.c | 16 - arch/x86/kernel/traps.c | 32 +- arch/x86/kvm/cpuid.c | 8 arch/x86/kvm/reverse_cpuid.h | 8 arch/x86/kvm/svm/vmenter.S | 6 arch/x86/kvm/vmx/vmx.c | 2 drivers/acpi/acpica/dsmethod.c | 7 drivers/ata/libata-acpi.c | 24 + drivers/ata/pata_cs5536.c | 2 drivers/ata/pata_via.c | 6 drivers/base/cpu.c | 3 drivers/block/aoe/aoe.h | 1 drivers/block/aoe/aoecmd.c | 8 drivers/block/aoe/aoedev.c | 5 drivers/dma-buf/dma-resv.c | 12 drivers/gpu/drm/exynos/exynos_drm_fimd.c | 12 drivers/gpu/drm/i915/gem/i915_gem_execbuffer.c | 2 drivers/gpu/drm/i915/gt/intel_gsc.c | 2 drivers/gpu/drm/i915/gt/intel_ring_submission.c | 3 drivers/gpu/drm/i915/selftests/i915_request.c | 20 - drivers/gpu/drm/i915/selftests/mock_request.c | 2 drivers/gpu/drm/msm/msm_gem_submit.c | 17 - drivers/gpu/drm/tiny/simpledrm.c | 4 drivers/gpu/drm/v3d/v3d_drv.h | 8 drivers/gpu/drm/v3d/v3d_gem.c | 2 drivers/gpu/drm/v3d/v3d_irq.c | 37 +- drivers/i2c/busses/i2c-designware-master.c | 1 drivers/infiniband/hw/mlx5/counters.c | 4 drivers/infiniband/hw/mlx5/devx.c | 2 drivers/infiniband/hw/mlx5/main.c | 33 ++ drivers/input/joystick/xpad.c | 2 drivers/input/misc/iqs7222.c | 7 drivers/iommu/rockchip-iommu.c | 3 drivers/mmc/core/quirks.h | 12 drivers/mmc/host/mtk-sd.c | 21 + drivers/mmc/host/sdhci.c | 9 drivers/mmc/host/sdhci.h | 16 + drivers/mtd/nand/spi/core.c | 1 drivers/net/ethernet/amd/xgbe/xgbe-common.h | 2 drivers/net/ethernet/amd/xgbe/xgbe-mdio.c | 13 drivers/net/ethernet/amd/xgbe/xgbe-phy-v2.c | 24 - drivers/net/ethernet/amd/xgbe/xgbe.h | 4 drivers/net/ethernet/atheros/atlx/atl1.c | 79 +++- drivers/net/ethernet/broadcom/bnxt/bnxt.c | 7 drivers/net/ethernet/cisco/enic/enic_main.c | 4 drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 26 + drivers/net/ethernet/intel/igc/igc_main.c | 10 drivers/net/ethernet/sun/niu.c | 31 + drivers/net/ethernet/sun/niu.h | 4 drivers/net/usb/lan78xx.c | 2 drivers/net/virtio_net.c | 38 ++ drivers/net/wireless/ath/ath6kl/bmi.c | 4 drivers/platform/mellanox/mlxbf-tmfifo.c | 3 drivers/platform/mellanox/mlxreg-lc.c | 2 drivers/platform/mellanox/nvsw-sn2201.c | 2 drivers/platform/x86/amd/pmc/pmc-quirks.c | 9 drivers/platform/x86/dell/dell-wmi-sysman/dell-wmi-sysman.h | 5 drivers/platform/x86/dell/dell-wmi-sysman/enum-attributes.c | 5 drivers/platform/x86/dell/dell-wmi-sysman/int-attributes.c | 5 drivers/platform/x86/dell/dell-wmi-sysman/passobj-attributes.c | 5 drivers/platform/x86/dell/dell-wmi-sysman/string-attributes.c | 5 drivers/platform/x86/dell/dell-wmi-sysman/sysman.c | 25 - drivers/platform/x86/firmware_attributes_class.c | 43 -- drivers/platform/x86/firmware_attributes_class.h | 5 drivers/platform/x86/hp/hp-bioscfg/bioscfg.c | 14 drivers/platform/x86/think-lmi.c | 103 ++---- drivers/powercap/intel_rapl_common.c | 18 + drivers/regulator/fan53555.c | 14 drivers/regulator/gpio-regulator.c | 8 drivers/rtc/rtc-cmos.c | 10 drivers/rtc/rtc-pcf2127.c | 7 drivers/scsi/qla2xxx/qla_mbx.c | 2 drivers/scsi/qla4xxx/ql4_os.c | 2 drivers/spi/spi-fsl-dspi.c | 11 drivers/target/target_core_pr.c | 4 drivers/ufs/core/ufs-sysfs.c | 4 drivers/ufs/core/ufshcd.c | 160 +++++++--- drivers/usb/cdns3/cdnsp-ring.c | 4 drivers/usb/chipidea/udc.c | 7 drivers/usb/core/quirks.c | 3 drivers/usb/host/xhci-dbgcap.c | 4 drivers/usb/host/xhci-dbgtty.c | 1 drivers/usb/host/xhci-mem.c | 4 drivers/usb/host/xhci-pci.c | 25 + drivers/usb/host/xhci-plat.c | 3 drivers/usb/host/xhci.h | 1 drivers/usb/typec/altmodes/displayport.c | 5 fs/anon_inodes.c | 23 + fs/btrfs/inode.c | 56 +-- fs/btrfs/ordered-data.c | 12 fs/btrfs/tree-log.c | 8 fs/f2fs/file.c | 119 +++++-- fs/nfs/flexfilelayout/flexfilelayout.c | 121 +++++-- fs/nfs/inode.c | 17 - fs/nfs/pnfs.c | 4 fs/smb/client/cifsglob.h | 2 fs/smb/client/connect.c | 7 fs/smb/client/readdir.c | 2 fs/smb/client/smb2pdu.c | 10 fs/smb/client/trace.h | 18 - include/linux/cpu.h | 1 include/linux/export.h | 12 include/linux/fs.h | 2 include/linux/libata.h | 7 include/linux/usb/typec_dp.h | 1 include/net/bluetooth/hci_core.h | 2 include/trace/events/f2fs.h | 39 +- include/ufs/ufshcd.h | 4 kernel/rcu/tree.c | 4 lib/test_objagg.c | 4 mm/secretmem.c | 11 net/bluetooth/hci_core.c | 34 +- net/bluetooth/hci_sync.c | 20 - net/bluetooth/mgmt.c | 25 + net/mac80211/chan.c | 6 net/mac80211/ieee80211_i.h | 9 net/mac80211/link.c | 15 net/mac80211/rx.c | 4 net/rose/rose_route.c | 15 net/sched/sch_api.c | 19 - net/vmw_vsock/vmci_transport.c | 4 sound/isa/sb/sb16_main.c | 7 sound/soc/amd/yc/acp6x-mach.c | 14 149 files changed, 1745 insertions(+), 629 deletions(-) Alok Tiwari (3): platform/mellanox: nvsw-sn2201: Fix bus number in adapter error message platform/mellanox: mlxreg-lc: Fix logic error in power state check enic: fix incorrect MTU comparison in enic_change_mtu() Anand Jain (1): btrfs: rename err to ret in btrfs_rmdir() Andrei Kuchynski (1): usb: typec: displayport: Fix potential deadlock Avri Altman (1): mmc: core: sd: Apply BROKEN_SD_DISCARD quirk earlier Bart Van Assche (1): scsi: ufs: core: Fix spelling of a sysfs attribute name Benjamin Coddington (1): NFSv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN Borislav Petkov (AMD) (5): x86/bugs: Rename MDS machinery to something more generic x86/bugs: Add a Transient Scheduler Attacks mitigation KVM: SVM: Advertise TSA CPUID bits to guests x86/microcode/AMD: Add TSA microcode SHAs x86/process: Move the buffer clearing before MONITOR Bui Quang Minh (1): virtio-net: ensure the received length does not exceed allocated size Chao Yu (4): f2fs: add tracepoint for f2fs_vm_page_mkwrite() f2fs: convert f2fs_vm_page_mkwrite() to use folio f2fs: fix to zero post-eof page f2fs: fix to avoid use-after-free issue in f2fs_filemap_fault Christian Eggers (3): Bluetooth: hci_sync: revert some mesh modifications Bluetooth: MGMT: set_mesh: update LE scan interval and window Bluetooth: MGMT: mesh_send: check instances prior disabling advertising Christian König (1): dma-buf: fix timeout handling in dma_resv_wait_timeout v2 Daeho Jeong (1): f2fs: prevent writing without fallocate() for pinned files Dan Carpenter (2): drm/i915/selftests: Change mock_request() to return error pointers lib: test_objagg: Set error message in check_expect_hints_stats() David Thompson (1): platform/mellanox: mlxbf-tmfifo: fix vring_desc.len assignment Elena Popa (1): rtc: pcf2127: fix SPI command byte for PCF2131 Filipe Manana (5): btrfs: fix missing error handling when searching for inode refs during log replay btrfs: fix iteration of extrefs during log replay btrfs: propagate last_unlink_trans earlier when doing a rmdir btrfs: use btrfs_record_snapshot_destroy() during rmdir btrfs: fix qgroup reservation leak on failure to allocate ordered extent Fushuai Wang (1): dpaa2-eth: fix xdp_rxq_info leak Gabriel Santese (1): ASoC: amd: yc: Add quirk for MSI Bravo 17 D7VF internal mic Greg Kroah-Hartman (1): Linux 6.6.97 HarshaVardhana S A (1): vsock/vmci: Clear the vmci transport packet properly when initializing it Heiko Stuebner (1): regulator: fan53555: add enable_time support and soft-start times Hongyu Xie (1): xhci: Disable stream for xHC controller with XHCI_BROKEN_STREAMS Hugo Villeneuve (1): rtc: pcf2127: add missing semicolon after statement James Clark (1): spi: spi-fsl-dspi: Clear completion counter before initiating transfer Janne Grunau (1): arm64: dts: apple: t8103: Fix PCIe BCM4377 nodename Janusz Krzysztofik (1): drm/i915/gt: Fix timeline left held on VMA alloc error Jeff LaBundy (1): Input: iqs7222 - explicitly define number of external channels Johannes Berg (5): wifi: mac80211: chan: chandef is non-NULL for reserved wifi: mac80211: finish link init before RCU publish ata: pata_cs5536: fix build on 32-bit UML wifi: mac80211: drop invalid source address OCB frames wifi: ath6kl: remove WARN on bad firmware input Joonas Lahtinen (1): Revert "drm/i915/gem: Allow EXEC_CAPTURE on recoverable contexts on DG1" Junxiao Chang (1): drm/i915/gsc: mei interrupt top half should be in irq disabled context Justin Sanders (1): aoe: defer rexmit timer downdev work to workqueue Kohei Enju (1): rose: fix dangling neighbour pointers in rose_rt_device_down() Kuniyuki Iwashima (2): nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails. Bluetooth: hci_core: Fix use-after-free in vhci_flush() Kurt Borja (7): platform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks platform/x86: think-lmi: Fix class device unregistration platform/x86: dell-wmi-sysman: Fix class device unregistration platform/x86: hp-bioscfg: Fix class device unregistration platform/x86: think-lmi: Create ksets consecutively platform/x86: think-lmi: Fix kobject cleanup platform/x86: think-lmi: Fix sysfs group cleanup Lion Ackermann (1): net/sched: Always pass notifications when child class becomes empty Madhavan Srinivasan (2): powerpc: Fix struct termio related ioctl macros powerpc/kernel: Fix ppc_save_regs inclusion in build Manivannan Sadhasivam (2): regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods scsi: ufs: core: Add OPP support for scaling clocks and regulators Marek Szyprowski (1): drm/exynos: fimd: Guard display clock control with runtime PM calls Mario Limonciello (1): platform/x86/amd/pmc: Add PCSpecialist Lafite Pro V 14M to 8042 quirks list Mark Zhang (1): RDMA/mlx5: Initialize obj_event->obj_sub_list before xa_insert Masami Hiramatsu (Google) (2): mtk-sd: Fix a pagefault in dma_unmap_sg() for not prepared data mtk-sd: Prevent memory corruption from DMA map failure Mateusz Jończyk (1): rtc: cmos: use spin_lock_irqsave in cmos_interrupt Mathias Nyman (1): xhci: dbc: Flush queued requests before stopping dbc Maurizio Lombardi (1): scsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port() Maíra Canal (1): drm/v3d: Disable interrupts before resetting the GPU Michael J. Ruhl (1): i2c/designware: Fix an initialization issue Muna Sinada (1): wifi: mac80211: Add link iteration macro for link data Neil Armstrong (1): arm64: dts: qcom: sm8550: add UART14 nodes Niklas Schnelle (1): s390/pci: Do not try re-enabling load/store if device is disabled Nilton Perim Neto (1): Input: xpad - support Acer NGR 200 Controller Oleksij Rempel (1): net: usb: lan78xx: fix WARN in __netif_napi_del_locked on disconnect Oliver Neukum (1): Logitech C-270 even more broken Pablo Martin-Gomez (1): mtd: spinand: fix memory leak of ECC engine conf Patrisious Haddad (3): RDMA/mlx5: Fix HW counters query for non-representor devices RDMA/mlx5: Fix CC counters query for MPV RDMA/mlx5: Fix vport loopback for MPV device Paulo Alcantara (1): smb: client: fix warning when reconnecting channel Peter Chen (1): usb: cdnsp: do not disable slot for disabled slot Peter Wang (1): scsi: ufs: core: Fix abnormal scale up after last cmd finish Peter Zijlstra (1): module: Provide EXPORT_SYMBOL_GPL_FOR_MODULES() helper Philipp Kerling (1): smb: client: fix readdir returning wrong type with POSIX extensions RD Babiera (1): usb: typec: altmodes/displayport: do not index invalid pin_assignments Rafael J. Wysocki (1): ACPICA: Refuse to evaluate a method if arguments are missing Raju Rangoju (3): amd-xgbe: align CL37 AN sequence as per databook amd-xgbe: do not double read link status usb: xhci: quirk for data loss in ISOC transfers Raven Black (1): ASoC: amd: yc: update quirk data for HP Victus Ricardo B. Marliere (1): platform/x86: make fw_attr_class constant Rob Clark (2): drm/msm: Fix a fence leak in submit error path drm/msm: Fix another leak in the submit error path Sergey Senozhatsky (1): mtk-sd: reset host->mrq on prepare_data() error Shivank Garg (1): fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass Simon Xue (1): iommu/rockchip: prevent iommus dead loop when two masters share one IOMMU Stefan Metzmacher (1): smb: client: remove \t from TP_printk statements Takashi Iwai (2): ALSA: sb: Don't allow changing the DMA mode during operations ALSA: sb: Force to disable DMAs once when DMA mode is changed Tasos Sahanidis (1): ata: libata-acpi: Do not assume 40 wire cable if no devices are enabled Thomas Fourier (4): scsi: qla2xxx: Fix DMA mapping test in qla24xx_get_port_database() scsi: qla4xxx: Fix missing DMA mapping error in qla4xxx_alloc_pdu() ethernet: atl1: Add missing DMA mapping error checks and count errors nui: Fix dma_mapping_error() check Thomas Weißschuh (5): platform/x86: firmware_attributes_class: Move include linux/device/class.h platform/x86: firmware_attributes_class: Simplify API platform/x86: think-lmi: Directly use firmware_attributes_class platform/x86: dell-sysman: Directly use firmware_attributes_class platform/x86: hp-bioscfg: Directly use firmware_attributes_class Thomas Zimmermann (1): drm/simpledrm: Do not upcast in release helpers Trond Myklebust (1): NFSv4/flexfiles: Fix handling of NFS level errors in I/O Uladzislau Rezki (Sony) (1): rcu: Return early if callback is not specified Ulf Hansson (1): Revert "mmc: sdhci: Disable SD card clock before changing parameters" Victor Shih (1): mmc: sdhci: Add a helper function for dump register in dynamic debug mode Vitaly Lifshits (1): igc: disable L1.2 PCI-E link substate to avoid performance issue Wang Zhaolong (1): smb: client: fix race condition in negotiate timeout by using more precise timing Xin Li (Intel) (2): x86/traps: Initialize DR6 by writing its architectural reset value drm/i915/dp_mst: Work around Thunderbolt sink disconnect after SINK_COUNT_ESI read Xu Yang (1): usb: chipidea: udc: disconnect/reconnect from host when do suspend/resume Yan Zhai (1): bnxt: properly flush XDP redirect lists Yang Li (1): Bluetooth: Prevent unintended pause by checking if advertising is active Zhang Rui (1): powercap: intel_rapl: Do not change CLAMPING bit if ENABLE bit cannot be changed anvithdosapati (1): scsi: ufs: core: Fix clk scaling to be conditional in reset and restore Łukasz Bartosik (1): xhci: dbctty: disable ECHO flag by default

3 months, 3 weeks

1
1
0 0

Linux 6.1.144

by Greg Kroah-Hartman

I'm announcing the release of the 6.1.144 kernel. All users of the 6.1 kernel series must upgrade. The updated 6.1.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.1.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/ABI/testing/sysfs-devices-system-cpu | 1 Documentation/ABI/testing/sysfs-driver-ufs | 2 Documentation/admin-guide/hw-vuln/processor_mmio_stale_data.rst | 4 Documentation/admin-guide/kernel-parameters.txt | 13 Makefile | 2 arch/arm64/boot/dts/apple/t8103-jxxx.dtsi | 2 arch/powerpc/include/uapi/asm/ioctls.h | 8 arch/s390/pci/pci_event.c | 4 arch/x86/Kconfig | 9 arch/x86/entry/entry.S | 8 arch/x86/include/asm/cpu.h | 12 arch/x86/include/asm/cpufeatures.h | 6 arch/x86/include/asm/irqflags.h | 4 arch/x86/include/asm/mwait.h | 19 - arch/x86/include/asm/nospec-branch.h | 39 +- arch/x86/kernel/cpu/amd.c | 58 ++++ arch/x86/kernel/cpu/bugs.c | 133 +++++++++- arch/x86/kernel/cpu/common.c | 14 - arch/x86/kernel/cpu/scattered.c | 2 arch/x86/kernel/process.c | 15 - arch/x86/kvm/cpuid.c | 9 arch/x86/kvm/reverse_cpuid.h | 8 arch/x86/kvm/svm/vmenter.S | 6 arch/x86/kvm/vmx/vmx.c | 2 drivers/acpi/acpica/dsmethod.c | 7 drivers/ata/libata-acpi.c | 24 + drivers/ata/pata_cs5536.c | 2 drivers/ata/pata_via.c | 6 drivers/base/cpu.c | 7 drivers/block/aoe/aoe.h | 1 drivers/block/aoe/aoecmd.c | 8 drivers/block/aoe/aoedev.c | 5 drivers/dma-buf/dma-resv.c | 12 drivers/gpu/drm/exynos/exynos_drm_fimd.c | 12 drivers/gpu/drm/i915/gt/intel_gsc.c | 2 drivers/gpu/drm/i915/gt/intel_ring_submission.c | 3 drivers/gpu/drm/i915/selftests/i915_request.c | 20 - drivers/gpu/drm/i915/selftests/mock_request.c | 2 drivers/gpu/drm/msm/msm_gem_submit.c | 17 + drivers/gpu/drm/v3d/v3d_drv.h | 8 drivers/gpu/drm/v3d/v3d_gem.c | 2 drivers/gpu/drm/v3d/v3d_irq.c | 37 ++ drivers/i2c/busses/i2c-designware-master.c | 1 drivers/infiniband/hw/mlx5/counters.c | 2 drivers/infiniband/hw/mlx5/devx.c | 2 drivers/mmc/core/quirks.h | 12 drivers/mmc/host/mtk-sd.c | 21 + drivers/mmc/host/sdhci.c | 9 drivers/mmc/host/sdhci.h | 16 + drivers/mtd/nand/spi/core.c | 1 drivers/net/ethernet/amd/xgbe/xgbe-common.h | 2 drivers/net/ethernet/amd/xgbe/xgbe-mdio.c | 9 drivers/net/ethernet/amd/xgbe/xgbe.h | 4 drivers/net/ethernet/atheros/atlx/atl1.c | 79 ++++- drivers/net/ethernet/cisco/enic/enic_main.c | 4 drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 26 + drivers/net/ethernet/intel/igc/igc_main.c | 10 drivers/net/ethernet/sun/niu.c | 31 ++ drivers/net/ethernet/sun/niu.h | 4 drivers/net/usb/lan78xx.c | 2 drivers/net/virtio_net.c | 38 ++ drivers/net/wireless/ath/ath6kl/bmi.c | 4 drivers/platform/mellanox/mlxbf-tmfifo.c | 3 drivers/platform/mellanox/mlxreg-lc.c | 2 drivers/platform/mellanox/nvsw-sn2201.c | 2 drivers/platform/x86/dell/dell-wmi-sysman/dell-wmi-sysman.h | 5 drivers/platform/x86/dell/dell-wmi-sysman/enum-attributes.c | 5 drivers/platform/x86/dell/dell-wmi-sysman/int-attributes.c | 5 drivers/platform/x86/dell/dell-wmi-sysman/passobj-attributes.c | 5 drivers/platform/x86/dell/dell-wmi-sysman/string-attributes.c | 5 drivers/platform/x86/dell/dell-wmi-sysman/sysman.c | 12 drivers/platform/x86/think-lmi.c | 53 ++- drivers/regulator/gpio-regulator.c | 8 drivers/rtc/rtc-cmos.c | 10 drivers/scsi/qla2xxx/qla_mbx.c | 2 drivers/scsi/qla4xxx/ql4_os.c | 2 drivers/spi/spi-fsl-dspi.c | 11 drivers/target/target_core_pr.c | 4 drivers/ufs/core/ufs-sysfs.c | 4 drivers/usb/cdns3/cdnsp-ring.c | 4 drivers/usb/core/quirks.c | 3 drivers/usb/host/xhci-dbgcap.c | 4 drivers/usb/host/xhci-dbgtty.c | 1 drivers/usb/host/xhci-plat.c | 3 drivers/usb/typec/altmodes/displayport.c | 5 fs/btrfs/inode.c | 7 fs/btrfs/tree-log.c | 8 fs/nfs/flexfilelayout/flexfilelayout.c | 121 ++++++--- fs/nfs/inode.c | 17 + fs/nfs/pnfs.c | 4 fs/smb/client/cifsglob.h | 1 fs/smb/client/connect.c | 7 include/linux/cpu.h | 1 include/linux/libata.h | 7 include/linux/usb/typec_dp.h | 1 kernel/rcu/tree.c | 4 lib/test_objagg.c | 4 net/bluetooth/hci_sync.c | 20 - net/bluetooth/mgmt.c | 25 + net/mac80211/rx.c | 4 net/rose/rose_route.c | 15 - net/sched/sch_api.c | 19 - net/vmw_vsock/vmci_transport.c | 4 sound/isa/sb/sb16_main.c | 7 sound/soc/amd/yc/acp6x-mach.c | 7 105 files changed, 970 insertions(+), 303 deletions(-) Alok Tiwari (3): platform/mellanox: nvsw-sn2201: Fix bus number in adapter error message platform/mellanox: mlxreg-lc: Fix logic error in power state check enic: fix incorrect MTU comparison in enic_change_mtu() Andrei Kuchynski (1): usb: typec: displayport: Fix potential deadlock Avri Altman (1): mmc: core: sd: Apply BROKEN_SD_DISCARD quirk earlier Bart Van Assche (1): scsi: ufs: core: Fix spelling of a sysfs attribute name Benjamin Coddington (1): NFSv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN Borislav Petkov (AMD) (4): x86/bugs: Rename MDS machinery to something more generic x86/bugs: Add a Transient Scheduler Attacks mitigation KVM: SVM: Advertise TSA CPUID bits to guests x86/process: Move the buffer clearing before MONITOR Bui Quang Minh (1): virtio-net: ensure the received length does not exceed allocated size Christian Eggers (3): Bluetooth: hci_sync: revert some mesh modifications Bluetooth: MGMT: set_mesh: update LE scan interval and window Bluetooth: MGMT: mesh_send: check instances prior disabling advertising Christian König (1): dma-buf: fix timeout handling in dma_resv_wait_timeout v2 Dan Carpenter (2): drm/i915/selftests: Change mock_request() to return error pointers lib: test_objagg: Set error message in check_expect_hints_stats() David Thompson (1): platform/mellanox: mlxbf-tmfifo: fix vring_desc.len assignment Filipe Manana (3): btrfs: fix missing error handling when searching for inode refs during log replay btrfs: fix iteration of extrefs during log replay btrfs: use btrfs_record_snapshot_destroy() during rmdir Fushuai Wang (1): dpaa2-eth: fix xdp_rxq_info leak Greg Kroah-Hartman (1): Linux 6.1.144 HarshaVardhana S A (1): vsock/vmci: Clear the vmci transport packet properly when initializing it Hongyu Xie (1): xhci: Disable stream for xHC controller with XHCI_BROKEN_STREAMS James Clark (1): spi: spi-fsl-dspi: Clear completion counter before initiating transfer Janne Grunau (1): arm64: dts: apple: t8103: Fix PCIe BCM4377 nodename Janusz Krzysztofik (1): drm/i915/gt: Fix timeline left held on VMA alloc error Johannes Berg (3): ata: pata_cs5536: fix build on 32-bit UML wifi: mac80211: drop invalid source address OCB frames wifi: ath6kl: remove WARN on bad firmware input Junxiao Chang (1): drm/i915/gsc: mei interrupt top half should be in irq disabled context Justin Sanders (1): aoe: defer rexmit timer downdev work to workqueue Kohei Enju (1): rose: fix dangling neighbour pointers in rose_rt_device_down() Kuniyuki Iwashima (1): nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails. Kurt Borja (5): platform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks platform/x86: think-lmi: Fix class device unregistration platform/x86: dell-wmi-sysman: Fix class device unregistration platform/x86: think-lmi: Create ksets consecutively platform/x86: think-lmi: Fix kobject cleanup Lion Ackermann (1): net/sched: Always pass notifications when child class becomes empty Madhavan Srinivasan (1): powerpc: Fix struct termio related ioctl macros Manivannan Sadhasivam (1): regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods Marek Szyprowski (1): drm/exynos: fimd: Guard display clock control with runtime PM calls Mark Zhang (1): RDMA/mlx5: Initialize obj_event->obj_sub_list before xa_insert Masami Hiramatsu (Google) (2): mtk-sd: Fix a pagefault in dma_unmap_sg() for not prepared data mtk-sd: Prevent memory corruption from DMA map failure Mateusz Jończyk (1): rtc: cmos: use spin_lock_irqsave in cmos_interrupt Mathias Nyman (1): xhci: dbc: Flush queued requests before stopping dbc Maurizio Lombardi (1): scsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port() Maíra Canal (1): drm/v3d: Disable interrupts before resetting the GPU Michael J. Ruhl (1): i2c/designware: Fix an initialization issue Niklas Schnelle (1): s390/pci: Do not try re-enabling load/store if device is disabled Oleksij Rempel (1): net: usb: lan78xx: fix WARN in __netif_napi_del_locked on disconnect Oliver Neukum (1): Logitech C-270 even more broken Pablo Martin-Gomez (1): mtd: spinand: fix memory leak of ECC engine conf Patrisious Haddad (1): RDMA/mlx5: Fix CC counters query for MPV Peter Chen (1): usb: cdnsp: do not disable slot for disabled slot RD Babiera (1): usb: typec: altmodes/displayport: do not index invalid pin_assignments Rafael J. Wysocki (1): ACPICA: Refuse to evaluate a method if arguments are missing Raju Rangoju (1): amd-xgbe: align CL37 AN sequence as per databook Raven Black (1): ASoC: amd: yc: update quirk data for HP Victus Rob Clark (2): drm/msm: Fix a fence leak in submit error path drm/msm: Fix another leak in the submit error path Sergey Senozhatsky (1): mtk-sd: reset host->mrq on prepare_data() error Takashi Iwai (2): ALSA: sb: Don't allow changing the DMA mode during operations ALSA: sb: Force to disable DMAs once when DMA mode is changed Tasos Sahanidis (1): ata: libata-acpi: Do not assume 40 wire cable if no devices are enabled Thomas Fourier (4): scsi: qla2xxx: Fix DMA mapping test in qla24xx_get_port_database() scsi: qla4xxx: Fix missing DMA mapping error in qla4xxx_alloc_pdu() ethernet: atl1: Add missing DMA mapping error checks and count errors nui: Fix dma_mapping_error() check Trond Myklebust (1): NFSv4/flexfiles: Fix handling of NFS level errors in I/O Uladzislau Rezki (Sony) (1): rcu: Return early if callback is not specified Ulf Hansson (1): Revert "mmc: sdhci: Disable SD card clock before changing parameters" Victor Shih (1): mmc: sdhci: Add a helper function for dump register in dynamic debug mode Vitaly Lifshits (1): igc: disable L1.2 PCI-E link substate to avoid performance issue Wang Zhaolong (1): smb: client: fix race condition in negotiate timeout by using more precise timing Yang Li (1): Bluetooth: Prevent unintended pause by checking if advertising is active Łukasz Bartosik (1): xhci: dbctty: disable ECHO flag by default

3 months, 3 weeks

1
1
0 0

Linux 5.15.187

by Greg Kroah-Hartman

I'm announcing the release of the 5.15.187 kernel. All users of the 5.15 kernel series must upgrade. The updated 5.15.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.15.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/ABI/testing/sysfs-devices-system-cpu | 1 Documentation/ABI/testing/sysfs-driver-ufs | 2 Documentation/admin-guide/hw-vuln/processor_mmio_stale_data.rst | 4 Documentation/admin-guide/kernel-parameters.txt | 13 Documentation/devicetree/bindings/serial/8250.yaml | 2 Makefile | 2 arch/arm/include/asm/ptrace.h | 5 arch/arm64/mm/mmu.c | 3 arch/powerpc/include/uapi/asm/ioctls.h | 8 arch/s390/Makefile | 2 arch/s390/kernel/entry.S | 2 arch/s390/purgatory/Makefile | 2 arch/um/drivers/ubd_user.c | 2 arch/um/include/asm/asm-prototypes.h | 5 arch/x86/Kconfig | 9 arch/x86/entry/entry.S | 8 arch/x86/include/asm/cpu.h | 13 arch/x86/include/asm/cpufeatures.h | 6 arch/x86/include/asm/irqflags.h | 4 arch/x86/include/asm/mwait.h | 19 - arch/x86/include/asm/nospec-branch.h | 39 +- arch/x86/kernel/cpu/amd.c | 58 ++++ arch/x86/kernel/cpu/bugs.c | 133 +++++++++- arch/x86/kernel/cpu/common.c | 14 - arch/x86/kernel/cpu/scattered.c | 2 arch/x86/kernel/process.c | 15 - arch/x86/kvm/cpuid.c | 25 + arch/x86/kvm/reverse_cpuid.h | 8 arch/x86/kvm/svm/vmenter.S | 6 arch/x86/kvm/vmx/vmx.c | 2 arch/x86/um/asm/checksum.h | 3 drivers/acpi/acpica/dsmethod.c | 7 drivers/ata/pata_cs5536.c | 2 drivers/base/cpu.c | 7 drivers/clk/ti/clk-43xx.c | 1 drivers/dma/xilinx/xilinx_dma.c | 2 drivers/gpu/drm/amd/amdkfd/kfd_packet_manager_v9.c | 2 drivers/gpu/drm/amd/display/modules/hdcp/hdcp_psp.c | 3 drivers/gpu/drm/bridge/cdns-dsi.c | 27 +- drivers/gpu/drm/exynos/exynos_drm_fimd.c | 12 drivers/gpu/drm/i915/gt/intel_ring_submission.c | 3 drivers/gpu/drm/i915/selftests/i915_request.c | 20 - drivers/gpu/drm/i915/selftests/mock_request.c | 2 drivers/gpu/drm/msm/msm_gem_submit.c | 9 drivers/gpu/drm/tegra/dc.c | 17 - drivers/gpu/drm/tegra/hub.c | 4 drivers/gpu/drm/tegra/hub.h | 3 drivers/gpu/drm/udl/udl_drv.c | 2 drivers/gpu/drm/v3d/v3d_drv.h | 8 drivers/gpu/drm/v3d/v3d_gem.c | 2 drivers/gpu/drm/v3d/v3d_irq.c | 39 ++ drivers/hid/wacom_sys.c | 6 drivers/hv/channel_mgmt.c | 33 +- drivers/hv/hyperv_vmbus.h | 19 - drivers/hv/vmbus_drv.c | 2 drivers/hwmon/pmbus/max34440.c | 48 +++ drivers/hwtracing/coresight/coresight-core.c | 3 drivers/hwtracing/coresight/coresight-priv.h | 1 drivers/i2c/busses/i2c-designware-master.c | 1 drivers/i2c/busses/i2c-robotfuzz-osif.c | 6 drivers/i2c/busses/i2c-tiny-usb.c | 6 drivers/iio/pressure/zpa2326.c | 2 drivers/infiniband/hw/mlx5/counters.c | 2 drivers/infiniband/hw/mlx5/devx.c | 2 drivers/leds/led-class-multicolor.c | 3 drivers/mailbox/mailbox.c | 2 drivers/md/bcache/super.c | 7 drivers/md/dm-raid.c | 2 drivers/md/md-bitmap.c | 2 drivers/media/platform/davinci/vpif.c | 4 drivers/media/platform/imx-jpeg/mxc-jpeg.c | 12 drivers/media/platform/omap3isp/ispccdc.c | 8 drivers/media/platform/omap3isp/ispstat.c | 6 drivers/media/usb/uvc/uvc_ctrl.c | 40 +-- drivers/mfd/max14577.c | 1 drivers/mmc/core/quirks.h | 16 - drivers/mmc/host/mtk-sd.c | 21 + drivers/mmc/host/sdhci.c | 9 drivers/mmc/host/sdhci.h | 16 + drivers/mtd/nand/spi/core.c | 1 drivers/net/ethernet/amd/xgbe/xgbe-common.h | 2 drivers/net/ethernet/amd/xgbe/xgbe-mdio.c | 9 drivers/net/ethernet/amd/xgbe/xgbe.h | 4 drivers/net/ethernet/atheros/atlx/atl1.c | 78 ++++- drivers/net/ethernet/cisco/enic/enic_main.c | 4 drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 115 +++++++- drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.h | 14 - drivers/net/ethernet/freescale/dpaa2/dpaa2-ethtool.c | 18 - drivers/net/ethernet/freescale/dpaa2/dpni-cmd.h | 6 drivers/net/ethernet/freescale/dpaa2/dpni.c | 2 drivers/net/ethernet/freescale/dpaa2/dpni.h | 6 drivers/net/ethernet/freescale/enetc/enetc_hw.h | 2 drivers/net/ethernet/intel/igc/igc_main.c | 10 drivers/net/ethernet/sun/niu.c | 31 ++ drivers/net/ethernet/sun/niu.h | 4 drivers/net/wireless/ath/ath6kl/bmi.c | 4 drivers/pci/controller/pci-hyperv.c | 17 - drivers/platform/mellanox/mlxbf-tmfifo.c | 3 drivers/platform/x86/dell/dell-wmi-sysman/dell-wmi-sysman.h | 5 drivers/platform/x86/dell/dell-wmi-sysman/enum-attributes.c | 5 drivers/platform/x86/dell/dell-wmi-sysman/int-attributes.c | 5 drivers/platform/x86/dell/dell-wmi-sysman/passobj-attributes.c | 5 drivers/platform/x86/dell/dell-wmi-sysman/string-attributes.c | 5 drivers/platform/x86/dell/dell-wmi-sysman/sysman.c | 12 drivers/platform/x86/ideapad-laptop.c | 19 + drivers/platform/x86/think-lmi.c | 18 - drivers/regulator/gpio-regulator.c | 19 + drivers/rtc/rtc-cmos.c | 10 drivers/s390/crypto/pkey_api.c | 2 drivers/scsi/qla2xxx/qla_mbx.c | 2 drivers/scsi/qla4xxx/ql4_os.c | 2 drivers/scsi/ufs/ufs-sysfs.c | 4 drivers/spi/spi-fsl-dspi.c | 11 drivers/staging/rtl8723bs/core/rtw_security.c | 44 +-- drivers/target/target_core_pr.c | 4 drivers/tty/serial/uartlite.c | 25 - drivers/tty/vt/consolemap.c | 47 ++- drivers/tty/vt/vt.c | 12 drivers/uio/uio_hv_generic.c | 10 drivers/usb/cdns3/cdnsp-ring.c | 4 drivers/usb/class/cdc-wdm.c | 23 - drivers/usb/common/usb-conn-gpio.c | 25 + drivers/usb/core/quirks.c | 3 drivers/usb/core/usb.c | 14 - drivers/usb/dwc2/gadget.c | 6 drivers/usb/gadget/function/f_tcm.c | 4 drivers/usb/host/xhci-dbgcap.c | 4 drivers/usb/host/xhci-dbgtty.c | 1 drivers/usb/typec/altmodes/displayport.c | 5 drivers/video/console/dummycon.c | 24 + drivers/video/console/mdacon.c | 21 - drivers/video/console/newport_con.c | 12 drivers/video/console/sticon.c | 14 - drivers/video/console/vgacon.c | 38 +- drivers/video/fbdev/core/fbcon.c | 57 +--- fs/btrfs/inode.c | 19 + fs/btrfs/tree-log.c | 4 fs/btrfs/volumes.c | 6 fs/ceph/file.c | 2 fs/cifs/misc.c | 8 fs/f2fs/super.c | 30 +- fs/jfs/jfs_dmap.c | 41 --- fs/ksmbd/smb2pdu.c | 53 ++- fs/namespace.c | 8 fs/nfs/flexfilelayout/flexfilelayout.c | 121 ++++++--- fs/nfs/inode.c | 19 + fs/nfs/nfs4proc.c | 12 fs/nfs/pnfs.c | 4 fs/overlayfs/util.c | 4 include/dt-bindings/clock/am4.h | 1 include/linux/console.h | 13 include/linux/console_struct.h | 6 include/linux/cpu.h | 1 include/linux/hyperv.h | 2 include/linux/ipv6.h | 1 include/linux/regulator/gpio-regulator.h | 2 include/linux/usb/typec_dp.h | 1 include/uapi/linux/vm_sockets.h | 4 kernel/rcu/tree.c | 4 lib/test_objagg.c | 4 net/atm/clip.c | 11 net/atm/resources.c | 3 net/bluetooth/l2cap_core.c | 9 net/core/selftests.c | 5 net/ipv6/ip6_output.c | 9 net/mac80211/rx.c | 4 net/mac80211/util.c | 2 net/rose/rose_route.c | 15 - net/sched/sch_api.c | 19 - net/unix/af_unix.c | 18 - net/vmw_vsock/vmci_transport.c | 4 sound/isa/sb/sb16_main.c | 7 sound/pci/hda/hda_bind.c | 2 sound/pci/hda/hda_intel.c | 3 sound/usb/quirks.c | 2 sound/usb/stream.c | 2 tools/lib/bpf/btf_dump.c | 3 177 files changed, 1582 insertions(+), 626 deletions(-) Al Viro (1): attach_recursive_mnt(): do not lock the covering tree when sliding something under it Alexis Czezar Torreno (1): hwmon: (pmbus/max34440) Fix support for max34451 Alok Tiwari (1): enic: fix incorrect MTU comparison in enic_change_mtu() Andrei Kuchynski (1): usb: typec: displayport: Fix potential deadlock Andy Shevchenko (1): usb: Add checks for snprintf() calls in usb_alloc_dev() Aradhya Bhatia (4): drm/bridge: cdns-dsi: Fix the clock variable for mode_valid() drm/bridge: cdns-dsi: Fix connecting to next bridge drm/bridge: cdns-dsi: Check return value when getting default PHY config drm/bridge: cdns-dsi: Wait for Clk and Data Lanes to be ready Avri Altman (1): mmc: core: sd: Apply BROKEN_SD_DISCARD quirk earlier Bart Van Assche (1): scsi: ufs: core: Fix spelling of a sysfs attribute name Benjamin Coddington (1): NFSv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN Borislav Petkov (AMD) (4): x86/bugs: Rename MDS machinery to something more generic x86/bugs: Add a Transient Scheduler Attacks mitigation KVM: SVM: Advertise TSA CPUID bits to guests x86/process: Move the buffer clearing before MONITOR Brett A C Sheffield (Librecast) (1): Revert "ipv6: save dontfrag in cork" Cezary Rojewski (1): ALSA: hda: Ignore unsol events for cards being shut down Chance Yang (1): usb: common: usb-conn-gpio: use a unique name for usb connector device Chao Yu (1): f2fs: don't over-report free space or inodes in statvfs Chen Yufeng (1): usb: potential integer overflow in usbg_make_tpg() Dan Carpenter (2): drm/i915/selftests: Change mock_request() to return error pointers lib: test_objagg: Set error message in check_expect_hints_stats() Daniel Vetter (1): fbcon: delete a few unneeded forward decl Dave Kleikamp (1): fs/jfs: consolidate sanity checking in dbMount David Thompson (1): platform/mellanox: mlxbf-tmfifo: fix vring_desc.len assignment Dev Jain (1): arm64: Restrict pagetable teardown to avoid false warning Dexuan Cui (1): PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time Dmitry Kandybka (1): ceph: fix possible integer overflow in ceph_zero_objects() Dmitry Nikiforov (1): media: davinci: vpif: Fix memory leak in probe error path Eric Dumazet (1): atm: clip: prevent NULL deref in clip_push() Fedor Pchelkin (1): s390/pkey: Prevent overflow in size calculation for memdup_user() Filipe Manana (1): btrfs: fix missing error handling when searching for inode refs during log replay Frédéric Danis (1): Bluetooth: L2CAP: Fix L2CAP MTU negotiation Fushuai Wang (1): dpaa2-eth: fix xdp_rxq_info leak Geert Uytterhoeven (1): ARM: 9354/1: ptrace: Use bitfield helpers Greg Kroah-Hartman (1): Linux 5.15.187 Han Young (1): NFSv4: Always set NLINK even if the server doesn't support it HarshaVardhana S A (1): vsock/vmci: Clear the vmci transport packet properly when initializing it Heiko Carstens (1): s390/entry: Fix last breaking event handling in case of stack corruption Heinz Mauelshagen (1): dm-raid: fix variable in journal device check Ioana Ciornei (1): net: dpaa2-eth: rearrange variable in dpaa2_eth_get_ethtool_stats Jakub Kicinski (1): net: selftests: fix TCP packet checksum Jakub Lewalski (1): tty: serial: uartlite: register uart driver in init James Clark (2): coresight: Only check bottom two claim bits spi: spi-fsl-dspi: Clear completion counter before initiating transfer Janusz Krzysztofik (1): drm/i915/gt: Fix timeline left held on VMA alloc error Jay Cornwall (1): drm/amdkfd: Fix race in GWS queue scheduling Jerome Neanne (1): regulator: gpio: Add input_supply support in gpio_regulator_config Jiri Slaby (1): tty/vt: consolemap: rename and document struct uni_pagedir Jiri Slaby (SUSE) (5): vgacon: switch vgacon_scrolldelta() and vgacon_restore_screen() vgacon: remove unneeded forward declarations tty: vt: make init parameter of consw::con_init() a bool tty: vt: sanitize arguments of consw::con_clear() tty: vt: make consw::con_switch() return a bool Johannes Berg (3): ata: pata_cs5536: fix build on 32-bit UML wifi: mac80211: drop invalid source address OCB frames wifi: ath6kl: remove WARN on bad firmware input Jonathan Cameron (1): iio: pressure: zpa2326: Use aligned_s64 for the timestamp Jos Wang (1): usb: typec: displayport: Receive DP Status Update NAK request exit dp altmode Josef Bacik (1): btrfs: don't drop extent_map for free space inode on write error Kees Cook (1): ovl: Check for NULL d_inode() in ovl_dentry_upper() Kohei Enju (1): rose: fix dangling neighbour pointers in rose_rt_device_down() Krzysztof Kozlowski (1): mfd: max14577: Fix wakeup source leaks on device unbind Kuniyuki Iwashima (3): af_unix: Don't set -ECONNRESET for consumed OOB skb. atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister(). nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails. Kurt Borja (4): platform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks platform/x86: think-lmi: Fix class device unregistration platform/x86: dell-wmi-sysman: Fix class device unregistration platform/x86: think-lmi: Create ksets consecutively Lachlan Hodges (1): wifi: mac80211: fix beacon interval calculation overflow Linggang Zeng (1): bcache: fix NULL pointer in cache_set_flush() Lion Ackermann (1): net/sched: Always pass notifications when child class becomes empty Long Li (1): uio_hv_generic: Align ring size to system page Madhavan Srinivasan (1): powerpc: Fix struct termio related ioctl macros Manivannan Sadhasivam (1): regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods Marek Szyprowski (2): media: omap3isp: use sgtable-based scatterlist wrappers drm/exynos: fimd: Guard display clock control with runtime PM calls Mario Limonciello (1): ALSA: usb-audio: Add a quirk for Lenovo Thinkpad Thunderbolt 3 dock Mark Harmstone (1): btrfs: update superblock's device bytes_used when dropping chunk Mark Zhang (1): RDMA/mlx5: Initialize obj_event->obj_sub_list before xa_insert Masami Hiramatsu (Google) (2): mtk-sd: Fix a pagefault in dma_unmap_sg() for not prepared data mtk-sd: Prevent memory corruption from DMA map failure Mateusz Jończyk (1): rtc: cmos: use spin_lock_irqsave in cmos_interrupt Mathias Nyman (1): xhci: dbc: Flush queued requests before stopping dbc Maurizio Lombardi (1): scsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port() Maíra Canal (1): drm/v3d: Disable interrupts before resetting the GPU Michael Grzeschik (1): usb: dwc2: also exit clock_gating when stopping udc while suspended Michael J. Ruhl (1): i2c/designware: Fix an initialization issue Ming Qian (1): media: imx-jpeg: Drop the first error frames Miquel Raynal (1): clk: ti: am43xx: Add clkctrl data for am43xx ADC1 Namjae Jeon (1): ksmbd: allow a filename to contain special characters on SMB3.1.1 posix extension Nathan Chancellor (2): staging: rtl8723bs: Avoid memset() in aes_cipher() and aes_decipher() s390: Add '-std=gnu11' to decompressor and purgatory CFLAGS Olga Kornievskaia (1): NFSv4.2: fix listxattr to return selinux security label Oliver Neukum (1): Logitech C-270 even more broken Pablo Martin-Gomez (1): mtd: spinand: fix memory leak of ECC engine conf Pali Rohár (1): cifs: Fix cifs_query_path_info() for Windows NT servers Paolo Bonzini (1): KVM: x86: add support for CPUID leaf 0x80000021 Patrisious Haddad (1): RDMA/mlx5: Fix CC counters query for MPV Peng Fan (1): mailbox: Not protect module_put with spin_lock_irqsave Peter Chen (1): usb: cdnsp: do not disable slot for disabled slot Qasim Ijaz (3): HID: wacom: fix memory leak on kobject creation failure HID: wacom: fix memory leak on sysfs attribute creation failure HID: wacom: fix kobject reference count leak Qiu-ji Chen (1): drm/tegra: Fix a possible null pointer dereference RD Babiera (1): usb: typec: altmodes/displayport: do not index invalid pin_assignments Radu Bulie (2): dpaa2-eth: Update dpni_get_single_step_cfg command dpaa2-eth: Update SINGLE_STEP register access Rafael J. Wysocki (1): ACPICA: Refuse to evaluate a method if arguments are missing Raju Rangoju (1): amd-xgbe: align CL37 AN sequence as per databook Ricardo Ribalda (1): media: uvcvideo: Rollback non processed entities on error Rob Clark (1): drm/msm: Fix a fence leak in submit error path Robert Hodaszi (1): usb: cdc-wdm: avoid setting WDM_READ for ZLP-s Rong Zhang (1): platform/x86: ideapad-laptop: use usleep_range() for EC polling Sami Tolvanen (1): um: Add cmpxchg8b_emu and checksum functions to asm-prototypes.h Saurabh Sengar (2): Drivers: hv: vmbus: Add utility function for querying ring size uio_hv_generic: Query the ringbuffer size for device Sergey Senozhatsky (1): mtk-sd: reset host->mrq on prepare_data() error Simon Horman (1): net: enetc: Correct endianness handling in _enetc_rd_reg64 Stefano Garzarella (1): vsock/uapi: fix linux/vm_sockets.h userspace compilation errors Sven Schwermer (1): leds: multicolor: Fix intensity setting while SW blinking Takashi Iwai (2): ALSA: sb: Don't allow changing the DMA mode during operations ALSA: sb: Force to disable DMAs once when DMA mode is changed Thierry Reding (1): drm/tegra: Assign plane type before registration Thomas Fourier (4): scsi: qla2xxx: Fix DMA mapping test in qla24xx_get_port_database() scsi: qla4xxx: Fix missing DMA mapping error in qla4xxx_alloc_pdu() nui: Fix dma_mapping_error() check ethernet: atl1: Add missing DMA mapping error checks and count errors Thomas Gessler (1): dmaengine: xilinx_dma: Set dma_device directions Thomas Zimmermann (2): dummycon: Trigger redraw when switching consoles with deferred takeover drm/udl: Unregister device before cleaning up on disconnect Tiwei Bie (1): um: ubd: Add missing error check in start_io_thread() Trond Myklebust (1): NFSv4/flexfiles: Fix handling of NFS level errors in I/O Uladzislau Rezki (Sony) (1): rcu: Return early if callback is not specified Ulf Hansson (1): Revert "mmc: sdhci: Disable SD card clock before changing parameters" Vasiliy Kovalev (1): jfs: validate AG parameters in dbMount() to prevent crashes Victor Shih (1): mmc: sdhci: Add a helper function for dump register in dynamic debug mode Vijendar Mukunda (1): ALSA: hda: Add new pci id for AMD GPU display HD audio controller Vitaly Kuznetsov (1): Drivers: hv: Rename 'alloced' to 'allocated' Vitaly Lifshits (1): igc: disable L1.2 PCI-E link substate to avoid performance issue Wentao Liang (1): drm/amd/display: Add null pointer check for get_first_active_display() Wolfram Sang (2): i2c: tiny-usb: disable zero-length read messages i2c: robotfuzz-osif: disable zero-length read messages Yao Zi (1): dt-bindings: serial: 8250: Make clocks and clock-frequency exclusive Youngjun Lee (1): ALSA: usb-audio: Fix out-of-bounds read in snd_usb_get_audioformat_uac3() Yu Kuai (1): md/md-bitmap: fix dm-raid max_write_behind setting Yuan Chen (1): libbpf: Fix null pointer dereference in btf_dump__free on allocation failure Łukasz Bartosik (1): xhci: dbctty: disable ECHO flag by default

3 months, 3 weeks

1
1
0 0

[PATCH] USB: serial: option: add Telit Cinterion FE910C04 (ECM) composition

by Fabio Porcedda

Add Telit Cinterion FE910C04 (ECM) composition: 0x10c7: ECM + tty (AT) + tty (AT) + tty (diag) usb-devices output: T: Bus=01 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#= 7 Spd=480 MxCh= 0 D: Ver= 2.00 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs= 1 P: Vendor=1bc7 ProdID=10c7 Rev=05.15 S: Manufacturer=Telit Cinterion S: Product=FE910 S: SerialNumber=f71b8b32 C: #Ifs= 5 Cfg#= 1 Atr=e0 MxPwr=500mA I: If#= 0 Alt= 0 #EPs= 1 Cls=02(commc) Sub=06 Prot=00 Driver=cdc_ether E: Ad=82(I) Atr=03(Int.) MxPS= 16 Ivl=32ms I: If#= 1 Alt= 1 #EPs= 2 Cls=0a(data ) Sub=00 Prot=00 Driver=cdc_ether E: Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=81(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms I: If#= 2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=40 Driver=option E: Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=83(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=84(I) Atr=03(Int.) MxPS= 10 Ivl=32ms I: If#= 3 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=40 Driver=option E: Ad=03(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=85(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=86(I) Atr=03(Int.) MxPS= 10 Ivl=32ms I: If#= 4 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=30 Driver=option E: Ad=04(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=87(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms Cc: stable(a)vger.kernel.org Signed-off-by: Fabio Porcedda <fabio.porcedda(a)gmail.com> --- drivers/usb/serial/option.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/usb/serial/option.c b/drivers/usb/serial/option.c index c0c44e594d36..58b02a09b315 100644 --- a/drivers/usb/serial/option.c +++ b/drivers/usb/serial/option.c @@ -627,6 +627,7 @@ static void option_instat_callback(struct urb *urb); /* Interface does not support modem-control requests */ #define NCTRL(ifnum) ((BIT(ifnum) & 0xff) << 8) +#define NCTRL_ALL (0xff << 8) /* Interface is reserved */ #define RSVD(ifnum) ((BIT(ifnum) & 0xff) << 0) @@ -1415,6 +1416,9 @@ static const struct usb_device_id option_ids[] = { .driver_info = NCTRL(5) }, { USB_DEVICE_AND_INTERFACE_INFO(TELIT_VENDOR_ID, 0x10d0, 0xff, 0xff, 0x40) }, { USB_DEVICE_AND_INTERFACE_INFO(TELIT_VENDOR_ID, 0x10d0, 0xff, 0xff, 0x60) }, + { USB_DEVICE_AND_INTERFACE_INFO(TELIT_VENDOR_ID, 0x10c7, 0xff, 0xff, 0x30), /* Telit FE910C04 (ECM) */ + .driver_info = NCTRL_ALL }, + { USB_DEVICE_AND_INTERFACE_INFO(TELIT_VENDOR_ID, 0x10c7, 0xff, 0xff, 0x40) }, { USB_DEVICE_AND_INTERFACE_INFO(TELIT_VENDOR_ID, 0x10d1, 0xff, 0xff, 0x30), /* Telit FN990B (MBIM) */ .driver_info = NCTRL(6) }, { USB_DEVICE_AND_INTERFACE_INFO(TELIT_VENDOR_ID, 0x10d1, 0xff, 0xff, 0x40) }, -- 2.49.0

3 months, 3 weeks

2
3
0 0

[PATCH] ALSA: hda/realtek - Fix mute LED for HP Victus 16-r0xxx

by edip＠medip.dev

From: Edip Hazuri <edip(a)medip.dev> The mute led on this laptop is using ALC245 but requires a quirk to work This patch enables the existing quirk for the device. Tested on Victus 16-r0xxx Laptop. The LED behaviour works as intended. Cc: <stable(a)vger.kernel.org> Signed-off-by: Edip Hazuri <edip(a)medip.dev> --- sound/pci/hda/patch_realtek.c | 1 + 1 file changed, 1 insertion(+) diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c index 060db37ea..132cef8fa 100644 --- a/sound/pci/hda/patch_realtek.c +++ b/sound/pci/hda/patch_realtek.c @@ -10814,6 +10814,7 @@ static const struct hda_quirk alc269_fixup_tbl[] = { SND_PCI_QUIRK(0x103c, 0x8b97, "HP", ALC236_FIXUP_HP_MUTE_LED_MICMUTE_VREF), SND_PCI_QUIRK(0x103c, 0x8bb3, "HP Slim OMEN", ALC287_FIXUP_CS35L41_I2C_2), SND_PCI_QUIRK(0x103c, 0x8bb4, "HP Slim OMEN", ALC287_FIXUP_CS35L41_I2C_2), + SND_PCI_QUIRK(0x103c, 0x8bbe, "HP Victus 16-r0xxx (MB 8BBE)", ALC245_FIXUP_HP_MUTE_LED_COEFBIT), SND_PCI_QUIRK(0x103c, 0x8bc8, "HP Victus 15-fa1xxx", ALC245_FIXUP_HP_MUTE_LED_COEFBIT), SND_PCI_QUIRK(0x103c, 0x8bcd, "HP Omen 16-xd0xxx", ALC245_FIXUP_HP_MUTE_LED_V1_COEFBIT), SND_PCI_QUIRK(0x103c, 0x8bdd, "HP Envy 17", ALC287_FIXUP_CS35L41_I2C_2), -- 2.50.1

3 months, 3 weeks

2
1
0 0

[PATCH net v2 1/2] net: ipv4: fix incorrect MTU in broadcast routes

by Oscar Maes

Currently, __mkroute_output overrules the MTU value configured for broadcast routes. This buggy behaviour can be reproduced with: ip link set dev eth1 mtu 9000 ip route del broadcast 192.168.0.255 dev eth1 proto kernel scope link src 192.168.0.2 ip route add broadcast 192.168.0.255 dev eth1 proto kernel scope link src 192.168.0.2 mtu 1500 The maximum packet size should be 1500, but it is actually 8000: ping -b 192.168.0.255 -s 8000 Fix __mkroute_output to allow MTU values to be configured for for broadcast routes (to support a mixed-MTU local-area-network). Signed-off-by: Oscar Maes <oscmaes92(a)gmail.com> --- net/ipv4/route.c | 1 - 1 file changed, 1 deletion(-) diff --git a/net/ipv4/route.c b/net/ipv4/route.c index fccb05fb3..a2a3b6482 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c @@ -2585,7 +2585,6 @@ static struct rtable *__mkroute_output(const struct fib_result *res, do_cache = true; if (type == RTN_BROADCAST) { flags |= RTCF_BROADCAST | RTCF_LOCAL; - fi = NULL; } else if (type == RTN_MULTICAST) { flags |= RTCF_MULTICAST | RTCF_LOCAL; if (!ip_check_mc_rcu(in_dev, fl4->daddr, fl4->saddr, -- 2.39.5

3 months, 3 weeks

3
4
0 0

[PATCH v3] USB: serial: option: add Telit Cinterion FE910C04 (ECM) composition

by Fabio Porcedda

Add Telit Cinterion FE910C04 (ECM) composition: 0x10c7: ECM + tty (AT) + tty (AT) + tty (diag) usb-devices output: T: Bus=01 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#= 7 Spd=480 MxCh= 0 D: Ver= 2.00 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs= 1 P: Vendor=1bc7 ProdID=10c7 Rev=05.15 S: Manufacturer=Telit Cinterion S: Product=FE910 S: SerialNumber=f71b8b32 C: #Ifs= 5 Cfg#= 1 Atr=e0 MxPwr=500mA I: If#= 0 Alt= 0 #EPs= 1 Cls=02(commc) Sub=06 Prot=00 Driver=cdc_ether E: Ad=82(I) Atr=03(Int.) MxPS= 16 Ivl=32ms I: If#= 1 Alt= 1 #EPs= 2 Cls=0a(data ) Sub=00 Prot=00 Driver=cdc_ether E: Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=81(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms I: If#= 2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=40 Driver=option E: Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=83(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=84(I) Atr=03(Int.) MxPS= 10 Ivl=32ms I: If#= 3 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=40 Driver=option E: Ad=03(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=85(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=86(I) Atr=03(Int.) MxPS= 10 Ivl=32ms I: If#= 4 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=30 Driver=option E: Ad=04(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=87(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms Cc: stable(a)vger.kernel.org Signed-off-by: Fabio Porcedda <fabio.porcedda(a)gmail.com> --- v3: * Add missing change history v2: * https://lore.kernel.org/linux-usb/20250710115952.120835-1-fabio.porcedda@gm… * NCTRL_ALL -> NCTRL(4) v1: * https://lore.kernel.org/linux-usb/20250708120004.100254-1-fabio.porcedda@gm… drivers/usb/serial/option.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/usb/serial/option.c b/drivers/usb/serial/option.c index c0c44e594d36..147ca50c94be 100644 --- a/drivers/usb/serial/option.c +++ b/drivers/usb/serial/option.c @@ -1415,6 +1415,9 @@ static const struct usb_device_id option_ids[] = { .driver_info = NCTRL(5) }, { USB_DEVICE_AND_INTERFACE_INFO(TELIT_VENDOR_ID, 0x10d0, 0xff, 0xff, 0x40) }, { USB_DEVICE_AND_INTERFACE_INFO(TELIT_VENDOR_ID, 0x10d0, 0xff, 0xff, 0x60) }, + { USB_DEVICE_AND_INTERFACE_INFO(TELIT_VENDOR_ID, 0x10c7, 0xff, 0xff, 0x30), /* Telit FE910C04 (ECM) */ + .driver_info = NCTRL(4) }, + { USB_DEVICE_AND_INTERFACE_INFO(TELIT_VENDOR_ID, 0x10c7, 0xff, 0xff, 0x40) }, { USB_DEVICE_AND_INTERFACE_INFO(TELIT_VENDOR_ID, 0x10d1, 0xff, 0xff, 0x30), /* Telit FN990B (MBIM) */ .driver_info = NCTRL(6) }, { USB_DEVICE_AND_INTERFACE_INFO(TELIT_VENDOR_ID, 0x10d1, 0xff, 0xff, 0x40) }, -- 2.49.0

3 months, 3 weeks

2
1
0 0

[RESEND PATCH 5.10] fs/proc: do_task_stat: use __for_each_thread()

by Heyne, Maximilian

From: Oleg Nesterov <oleg(a)redhat.com> [ Upstream commit 7904e53ed5a20fc678c01d5d1b07ec486425bb6a ] do/while_each_thread should be avoided when possible. Link: https://lkml.kernel.org/r/20230909164501.GA11581@redhat.com Signed-off-by: Oleg Nesterov <oleg(a)redhat.com> Cc: Eric W. Biederman <ebiederm(a)xmission.com> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Stable-dep-of: 7601df8031fd ("fs/proc: do_task_stat: use sig->stats_lock to gather the threads/children stats") Cc: stable(a)vger.kernel.org [mheyne: adjusted context] Signed-off-by: Maximilian Heyne <mheyne(a)amazon.de> --- Compile-tested only. We're seeing soft lock-ups with 5.10.237 because of the backport of commit 4fe85bdaabd6 ("fs/proc: do_task_stat: use sig->stats_lock to gather the threads/children stats"). --- fs/proc/array.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/fs/proc/array.c b/fs/proc/array.c index 8fba6d39e776..77b94c04e4af 100644 --- a/fs/proc/array.c +++ b/fs/proc/array.c @@ -512,18 +512,18 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, cgtime = sig->cgtime; if (whole) { - struct task_struct *t = task; + struct task_struct *t; min_flt = sig->min_flt; maj_flt = sig->maj_flt; gtime = sig->gtime; rcu_read_lock(); - do { + __for_each_thread(sig, t) { min_flt += t->min_flt; maj_flt += t->maj_flt; gtime += task_gtime(t); - } while_each_thread(task, t); + } rcu_read_unlock(); thread_group_cputime_adjusted(task, &utime, &stime); -- 2.47.1 Amazon Web Services Development Center Germany GmbH Tamara-Danz-Str. 13 10243 Berlin Geschaeftsfuehrung: Christian Schlaeger, Jonathan Weiss Eingetragen am Amtsgericht Charlottenburg unter HRB 257764 B Sitz: Berlin Ust-ID: DE 365 538 597

3 months, 3 weeks

3
2
0 0

[PATCH 6.15 000/263] 6.15.5-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.15.5 release. There are 263 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 05 Jul 2025 14:39:10 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.15.5-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.15.5-rc1 Cyril Bur <cyrilbur(a)tenstorrent.com> riscv: uaccess: Only restore the CSR_STATUS SUM bit Jens Axboe <axboe(a)kernel.dk> io_uring: gate REQ_F_ISREG on !S_ANON_INODE as well Jens Axboe <axboe(a)kernel.dk> io_uring/kbuf: flag partial buffer mappings Heiko Carstens <hca(a)linux.ibm.com> s390/ptrace: Fix pointer dereferencing in regs_get_kernel_stack_nth() Chang S. Bae <chang.seok.bae(a)intel.com> x86/pkeys: Simplify PKRU update in signal frame Chang S. Bae <chang.seok.bae(a)intel.com> x86/fpu: Refactor xfeature bitmask update code for sigframe XSAVE Danilo Krummrich <dakr(a)kernel.org> rust: devres: do not dereference to the internal Revocable Danilo Krummrich <dakr(a)kernel.org> rust: devres: fix race in Devres::drop() Danilo Krummrich <dakr(a)kernel.org> rust: revocable: indicate whether `data` has been revoked already Danilo Krummrich <dakr(a)kernel.org> rust: completion: implement initial abstraction Mario Limonciello <mario.limonciello(a)amd.com> drm/amd/display: Export full brightness range to userspace Mario Limonciello <mario.limonciello(a)amd.com> drm/amd/display: Optimize custom brightness curve Mario Limonciello <mario.limonciello(a)amd.com> drm/amd/display: Only read ACPI backlight caps once Mario Limonciello <mario.limonciello(a)amd.com> drm/amd/display: Fix default DC and AC levels Michael Strauss <michael.strauss(a)amd.com> drm/amd/display: Get LTTPR IEEE OUI/Device ID From Closest LTTPR To Host Michael Strauss <michael.strauss(a)amd.com> drm/amd/display: Add early 8b/10b channel equalization test pattern sequence Sasha Levin <sashal(a)kernel.org> sched_ext: Make scx_group_set_weight() always update tg->scx.weight Sasha Levin <sashal(a)kernel.org> arm64: dts: qcom: x1e78100-t14s: fix missing HID supplies Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/mes: add missing locking in helper functions Eric Biggers <ebiggers(a)google.com> crypto: powerpc/poly1305 - add depends on BROKEN for now Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: x1-crd: Fix vreg_l2j_1p2 voltage Sasha Levin <sashal(a)kernel.org> arm64: dts: qcom: x1e78100-t14s: mark l12b and l15b always-on Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: x1e80100-crd: mark l12b and l15b always-on Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com> arm64: dts: qcom: Commonize X1 CRD DTSI Alex Hung <alex.hung(a)amd.com> drm/amd/display: Fix mpv playback corruption on weston Peichen Huang <PeiChen.Huang(a)amd.com> drm/amd/display: Add dc cap for dp tunneling Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com> drm/amd/display: Add more checks for DSC / HUBP ONO guarantees Frank Min <Frank.Min(a)amd.com> drm/amdgpu: add kicker fws loading for gfx11/smu13/psp13 Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: switch job hw_fence to amdgpu_fence Jesse Zhang <jesse.zhang(a)amd.com> drm/amdgpu: Fix SDMA UTC_L1 handling during start/stop sequences Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915/dsi: Fix off by one in BXT_MIPI_TRANS_VTOTAL Daniele Ceraolo Spurio <daniele.ceraolospurio(a)intel.com> drm/xe: Fix early wedge on GuC load failure Lucas De Marchi <lucas.demarchi(a)intel.com> drm/xe: Fix taking invalid lock on wedge Lucas De Marchi <lucas.demarchi(a)intel.com> drm/xe: Fix memset on iomem Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check dce_hwseq before dereferencing it Frank Min <Frank.Min(a)amd.com> drm/amdgpu: Add kicker device detection Sonny Jiang <sonny.jiang(a)amd.com> drm/amdgpu: VCN v5_0_1 to prevent FW checking RB during DPG pause Yihan Zhu <Yihan.Zhu(a)amd.com> drm/amd/display: Fix RMCM programming seq errors Matthew Auld <matthew.auld(a)intel.com> drm/xe/guc_submit: add back fix Matthew Auld <matthew.auld(a)intel.com> drm/xe/sched: stop re-submitting signalled jobs Matthew Auld <matthew.auld(a)intel.com> drm/xe/vm: move rebind_work init earlier Zhongwei Zhang <Zhongwei.Zhang(a)amd.com> drm/amd/display: Correct non-OLED pre_T11_delay. Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: disable workload profile switching when OD is enabled John Olender <john.olender(a)gmail.com> drm/amdgpu: amdgpu_vram_mgr_new(): Clamp lpfn to total vram Wentao Liang <vulab(a)iscas.ac.cn> drm/amd/display: Add null pointer check for get_first_active_display() Aradhya Bhatia <a-bhatia1(a)ti.com> drm/bridge: cdns-dsi: Wait for Clk and Data Lanes to be ready Aradhya Bhatia <a-bhatia1(a)ti.com> drm/bridge: cdns-dsi: Check return value when getting default PHY config Aradhya Bhatia <a-bhatia1(a)ti.com> drm/bridge: cdns-dsi: Fix connecting to next bridge Aradhya Bhatia <a-bhatia1(a)ti.com> drm/bridge: cdns-dsi: Fix phy de-init and flag it so Aradhya Bhatia <a-bhatia1(a)ti.com> drm/bridge: cdns-dsi: Fix the clock variable for mode_valid() Imre Deak <imre.deak(a)intel.com> drm/i915/dp_mst: Work around Thunderbolt sink disconnect after SINK_COUNT_ESI read Imre Deak <imre.deak(a)intel.com> drm/i915/ptl: Use everywhere the correct DDI port clock select mask Jay Cornwall <jay.cornwall(a)amd.com> drm/amdkfd: Fix race in GWS queue scheduling Stephan Gerhold <stephan.gerhold(a)linaro.org> drm/msm/gpu: Fix crash when throttling GPU immediately during boot Thomas Zimmermann <tzimmermann(a)suse.de> drm/udl: Unregister device before cleaning up on disconnect Qiu-ji Chen <chenqiuji666(a)gmail.com> drm/tegra: Fix a possible null pointer dereference Thierry Reding <treding(a)nvidia.com> drm/tegra: Assign plane type before registration Thomas Zimmermann <tzimmermann(a)suse.de> drm/simpledrm: Do not upcast in release helpers Luca Ceresoli <luca.ceresoli(a)bootlin.com> drm/panel: simple: Tianma TM070JDHG34-00: add delays Maíra Canal <mcanal(a)igalia.com> drm/etnaviv: Protect the scheduler's pending list with its lock Thomas Zimmermann <tzimmermann(a)suse.de> drm/cirrus-qemu: Fix pitch programming Thomas Zimmermann <tzimmermann(a)suse.de> drm/ast: Fix comment on modeset lock Karan Tilak Kumar <kartilak(a)cisco.com> scsi: fnic: Turn off FDMI ACTIVE flags on link down Karan Tilak Kumar <kartilak(a)cisco.com> scsi: fnic: Fix crash in fnic_wq_cmpl_handler when FDMI times out anvithdosapati <anvithdosapati(a)google.com> scsi: ufs: core: Fix clk scaling to be conditional in reset and restore Chen Yu <yu.c.chen(a)intel.com> scsi: megaraid_sas: Fix invalid node index Qasim Ijaz <qasdev00(a)gmail.com> HID: wacom: fix kobject reference count leak Qasim Ijaz <qasdev00(a)gmail.com> HID: wacom: fix memory leak on sysfs attribute creation failure Qasim Ijaz <qasdev00(a)gmail.com> HID: wacom: fix memory leak on kobject creation failure Iusico Maxim <iusico.maxim(a)libero.it> HID: lenovo: Restrict F7/9/11 mode to compact keyboards only Qasim Ijaz <qasdev00(a)gmail.com> HID: appletb-kbd: fix "appletb_backlight" backlight device reference counting Chao Yu <chao(a)kernel.org> f2fs: fix to zero post-eof page David Hildenbrand <david(a)redhat.com> mm/gup: revert "mm: gup: fix infinite loop within __get_longterm_locked" Kairui Song <kasong(a)tencent.com> mm/shmem, swap: fix softlockup with mTHP swapin Kairui Song <kasong(a)tencent.com> mm: userfaultfd: fix race of userfaultfd_move and swap cache Liam R. Howlett <Liam.Howlett(a)oracle.com> maple_tree: fix MA_STATE_PREALLOC flag in mas_preallocate() Jiawen Wu <jiawenwu(a)trustnetic.com> net: libwx: fix the creation of page_pool Khairul Anuar Romli <khairul.anuar.romli(a)altera.com> spi: spi-cadence-quadspi: Fix pm runtime unbalance Stephen Smalley <stephen.smalley.work(a)gmail.com> selinux: change security_compute_sid to return the ssid or tsid on match Kuan-Wei Chiu <visitorckw(a)gmail.com> Revert "bcache: remove heap-related macros and switch to generic min_heap" Kuan-Wei Chiu <visitorckw(a)gmail.com> Revert "bcache: update min_heap_callbacks to use default builtin swap" Filipe Manana <fdmanana(a)suse.com> btrfs: fix invalid inode pointer dereferences during log replay Mark Harmstone <maharmstone(a)fb.com> btrfs: update superblock's device bytes_used when dropping chunk Filipe Manana <fdmanana(a)suse.com> btrfs: fix a race between renames and directory logging Kuan-Wei Chiu <visitorckw(a)gmail.com> bcache: remove unnecessary select MIN_HEAP Heinz Mauelshagen <heinzm(a)redhat.com> dm-raid: fix variable in journal device check Frédéric Danis <frederic.danis(a)collabora.com> Bluetooth: L2CAP: Fix L2CAP MTU negotiation Fabio Estevam <festevam(a)gmail.com> serial: imx: Restore original RXTL for console to fix data loss Aidan Stewart <astewart(a)tektelic.com> serial: core: restore of_node information in sysfs Yao Zi <ziyao(a)disroot.org> dt-bindings: serial: 8250: Make clocks and clock-frequency exclusive Nathan Chancellor <nathan(a)kernel.org> staging: rtl8723bs: Avoid memset() in aes_cipher() and aes_decipher() Xin Li (Intel) <xin(a)zytor.com> x86/traps: Initialize DR6 by writing its architectural reset value Avadhut Naik <avadhut.naik(a)amd.com> EDAC/amd64: Fix size calculation for Non-Power-of-Two DIMMs Paulo Alcantara <pc(a)manguebit.org> smb: client: fix potential deadlock when reconnecting channels Michal Wajdeczko <michal.wajdeczko(a)intel.com> drm/xe: Process deferred GGTT node removals on device unwind Michal Wajdeczko <michal.wajdeczko(a)intel.com> drm/xe/guc: Explicitly exit CT safe mode on unwind Jayesh Choudhary <j-choudhary(a)ti.com> drm/bridge: ti-sn65dsi86: Add HPD for DisplayPort connector type Wolfram Sang <wsa+renesas(a)sang-engineering.com> drm/bridge: ti-sn65dsi86: make use of debugfs_init callback Arnd Bergmann <arnd(a)arndb.de> drm/i915: fix build error some more Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Adjust output for discovery error handling Louis Chauvet <louis.chauvet(a)bootlin.com> drm: writeback: Fix drm_writeback_connector_cleanup signature Charles Mirabile <cmirabil(a)redhat.com> riscv: fix runtime constant support for nommu kernels Christoph Hellwig <hch(a)lst.de> nvme: fix atomic write size validation Christoph Hellwig <hch(a)lst.de> nvme: refactor the atomic write unit detection Jakub Kicinski <kuba(a)kernel.org> net: selftests: fix TCP packet checksum Salvatore Bonaccorso <carnil(a)debian.org> ALSA: hda/realtek: Fix built-in mic on ASUS VivoBook X507UAR Kuniyuki Iwashima <kuniyu(a)google.com> atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister(). Jakub Kicinski <kuba(a)kernel.org> netlink: specs: tc: replace underscores with dashes in names Simon Horman <horms(a)kernel.org> net: enetc: Correct endianness handling in _enetc_rd_reg64 Adin Scannell <amscanne(a)meta.com> libbpf: Fix possible use-after-free for externs Jens Axboe <axboe(a)kernel.dk> io_uring/net: mark iov as dynamically allocated even for single segments Tiwei Bie <tiwei.btw(a)antgroup.com> um: ubd: Add missing error check in start_io_thread() Yan Zhai <yan(a)cloudflare.com> bnxt: properly flush XDP redirect lists Stefano Garzarella <sgarzare(a)redhat.com> vsock/uapi: fix linux/vm_sockets.h userspace compilation errors Al Viro <viro(a)zeniv.linux.org.uk> userns and mnt_idmap leak in open_tree_attr(2) Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: finish link init before RCU publish Muna Sinada <muna.sinada(a)oss.qualcomm.com> wifi: mac80211: Create separate links for VLAN interfaces Muna Sinada <muna.sinada(a)oss.qualcomm.com> wifi: mac80211: Add link iteration macro for link data Kuniyuki Iwashima <kuniyu(a)google.com> af_unix: Don't set -ECONNRESET for consumed OOB skb. Lachlan Hodges <lachlan.hodges(a)morsemicro.com> wifi: mac80211: fix beacon interval calculation overflow Ido Schimmel <idosch(a)nvidia.com> bridge: mcast: Fix use-after-free during router port configuration Thomas Fourier <fourier.thomas(a)gmail.com> ethernet: ionic: Fix DMA mapping tests Breno Leitao <leitao(a)debian.org> net: netpoll: Initialize UDP checksum field before checksumming Yuan Chen <chenyuan(a)kylinos.cn> libbpf: Fix null pointer dereference in btf_dump__free on allocation failure Al Viro <viro(a)zeniv.linux.org.uk> attach_recursive_mnt(): do not lock the covering tree when sliding something under it Youngjun Lee <yjjuny.lee(a)samsung.com> ALSA: usb-audio: Fix out-of-bounds read in snd_usb_get_audioformat_uac3() Kuniyuki Iwashima <kuniyu(a)google.com> Bluetooth: hci_core: Fix use-after-free in vhci_flush() Vijendar Mukunda <Vijendar.Mukunda(a)amd.com> ASoC: amd: ps: fix for soundwire failures during hibernation exit sequence Eric Dumazet <edumazet(a)google.com> atm: clip: prevent NULL deref in clip_push() Thomas Fourier <fourier.thomas(a)gmail.com> scsi: fnic: Fix missing DMA mapping error in fnic_send_frame() Dan Williams <dan.j.williams(a)intel.com> cxl/ras: Fix CPER handler device confusion Thomas Zeitlhofer <thomas.zeitlhofer+lkml(a)ze-it.at> HID: wacom: fix crash in wacom_aes_battery_handler() Even Xu <even.xu(a)intel.com> HID: Intel-thc-hid: Intel-quicki2c: Enhance QuickI2C reset flow Matthew Auld <matthew.auld(a)intel.com> drm/xe: move DPT l2 flush to a more sensible place Maarten Lankhorst <maarten.lankhorst(a)linux.intel.com> drm/xe: Move DSB l2 flush to a more sensible place Ankit Nautiyal <ankit.k.nautiyal(a)intel.com> drm/i915/snps_hdmi_pll: Fix 64-bit divisor truncation by using div64_u64 Haoxiang Li <haoxiang_li2024(a)163.com> drm/xe/display: Add check for alloc_ordered_workqueue() Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/mes: add compatibility checks for set_hw_resource_1 Takashi Iwai <tiwai(a)suse.de> drm/amd/display: Add sanity checks for drm_edid_raw() Imre Deak <imre.deak(a)intel.com> drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS Nam Cao <namcao(a)linutronix.de> Revert "riscv: misaligned: fix sleeping function called during misaligned access handling" Nam Cao <namcao(a)linutronix.de> Revert "riscv: Define TASK_SIZE_MAX for __access_ok()" Yu Kuai <yukuai3(a)huawei.com> lib/group_cpus: fix NULL pointer dereference from group_cpus_evenly() David Hildenbrand <david(a)redhat.com> fs/proc/task_mmu: fix PAGE_IS_PFNZERO detection for the huge zero folio Pavel Begunkov <asml.silence(a)gmail.com> io_uring: don't assume uaddr alignment in io_vec_fill_bvec Pavel Begunkov <asml.silence(a)gmail.com> io_uring/rsrc: don't rely on user vaddr alignment Pavel Begunkov <asml.silence(a)gmail.com> io_uring/rsrc: fix folio unpinning Fedor Pchelkin <pchelkin(a)ispras.ru> s390/pkey: Prevent overflow in size calculation for memdup_user() Klara Modin <klarasmodin(a)gmail.com> riscv: export boot_cpu_hartid Oliver Schramm <oliver.schramm97(a)gmail.com> ASoC: amd: yc: Add DMI quirk for Lenovo IdeaPad Slim 5 15 Han Gao <rabenda.cn(a)gmail.com> riscv: vector: Fix context save/restore with xtheadvector Paulo Alcantara <pc(a)manguebit.org> smb: client: fix regression with native SMB symlinks SeongJae Park <sj(a)kernel.org> mm/damon/sysfs-schemes: free old damon_sysfs_scheme_filter->memcg_path on write Stefan Metzmacher <metze(a)samba.org> smb: client: remove \t from TP_printk statements Niklas Cassel <cassel(a)kernel.org> ata: ahci: Use correct DMI identifier for ASUSPRO-D840SA LPM quirk Florian Fainelli <florian.fainelli(a)broadcom.com> scripts/gdb: fix dentry_name() lookup Haiyue Wang <haiyuewa(a)163.com> fuse: fix runtime warning on truncate_folio_batch_exceptionals() Bibo Mao <maobibo(a)loongson.cn> LoongArch: KVM: Check interrupt route from physical CPU Bibo Mao <maobibo(a)loongson.cn> LoongArch: KVM: Fix interrupt route update with EIOINTC Bibo Mao <maobibo(a)loongson.cn> LoongArch: KVM: Add address alignment check for IOCSR emulation Bibo Mao <maobibo(a)loongson.cn> LoongArch: KVM: Disable updating of "num_cpu" and "feature" Bibo Mao <maobibo(a)loongson.cn> LoongArch: KVM: Check validity of "num_cpu" from user space Bibo Mao <maobibo(a)loongson.cn> LoongArch: KVM: Avoid overflow with array index Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: robotfuzz-osif: disable zero-length read messages Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: tiny-usb: disable zero-length read messages Lukasz Kucharczyk <lukasz.kucharczyk(a)leica-geosystems.com> i2c: imx: fix emulated smbus block read Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> i2c: omap: Fix an error handling path in omap_i2c_probe() Kuniyuki Iwashima <kuniyu(a)google.com> af_unix: Don't leave consecutive consumed OOB skbs. Haoxiang Li <haoxiang_li2024(a)163.com> drm/i915/display: Add check for alloc_ordered_workqueue() and alloc_workqueue() Pavel Begunkov <asml.silence(a)gmail.com> io_uring/zcrx: fix area release on registration failure Pavel Begunkov <asml.silence(a)gmail.com> io_uring/zcrx: split out memory holders from area Pavel Begunkov <asml.silence(a)gmail.com> io_uring/zcrx: improve area validation Pavel Begunkov <asml.silence(a)gmail.com> io_uring/zcrx: move io_zcrx_iov_page Chao Yu <chao(a)kernel.org> f2fs: don't over-report free space or inodes in statvfs Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ASoC: codecs: wcd9335: Fix missing free of regulator supplies Peng Fan <peng.fan(a)nxp.com> ASoC: codec: wcd9335: Convert to GPIO descriptors Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Rollback non processed entities on error Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Increase/decrease the PM counter per IOCTL Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Create uvc_pm_(get|put) functions Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Keep streaming state in the file handle Filipe Manana <fdmanana(a)suse.com> btrfs: fix qgroup reservation leak on failure to allocate ordered extent David Sterba <dsterba(a)suse.com> btrfs: use unsigned types for constants defined as bit shifts Joonas Lahtinen <joonas.lahtinen(a)linux.intel.com> Revert "drm/i915/gem: Allow EXEC_CAPTURE on recoverable contexts on DG1" Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915/gem: Allow EXEC_CAPTURE on recoverable contexts on DG1 Qu Wenruo <wqu(a)suse.com> btrfs: handle csum tree error with rescue=ibadroots correctly Filipe Manana <fdmanana(a)suse.com> btrfs: fix race between async reclaim worker and close_ctree() Kees Cook <kees(a)kernel.org> ovl: Check for NULL d_inode() in ovl_dentry_upper() Ben Dooks <ben.dooks(a)codethink.co.uk> riscv: save the SR_SUM status over switches Ziqi Chen <quic_ziqichen(a)quicinc.com> scsi: ufs: core: Don't perform UFS clkscaling during host async scan Dmitry Kandybka <d.kandybka(a)gmail.com> ceph: fix possible integer overflow in ceph_zero_objects() Shuming Fan <shumingf(a)realtek.com> ASoC: rt1320: fix speaker noise when volume bar is 100% Mario Limonciello <mario.limonciello(a)amd.com> ALSA: usb-audio: Add a quirk for Lenovo Thinkpad Thunderbolt 3 dock Vijendar Mukunda <Vijendar.Mukunda(a)amd.com> ALSA: hda: Add new pci id for AMD GPU display HD audio controller Cezary Rojewski <cezary.rojewski(a)intel.com> ALSA: hda: Ignore unsol events for cards being shut down Clément Léger <cleger(a)rivosinc.com> riscv: misaligned: declare misaligned_access_speed under CONFIG_RISCV_MISALIGNED Heiko Carstens <hca(a)linux.ibm.com> s390/mm: Fix in_atomic() handling in do_secure_storage_access() Andy Chiu <andybnac(a)gmail.com> riscv: add a data fence for CMODX in the kernel mode Michael Grzeschik <m.grzeschik(a)pengutronix.de> usb: typec: mux: do not return on EOPNOTSUPP in {mux, switch}_set Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> usb: typec: tipd: Fix wakeup source leaks on device unbind Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> usb: typec: tcpci: Fix wakeup source leaks on device unbind Jos Wang <joswang(a)lenovo.com> usb: typec: displayport: Receive DP Status Update NAK request exit dp altmode Peter Korsgaard <peter(a)korsgaard.com> usb: gadget: f_hid: wake up readers on disable/unbind Robert Hodaszi <robert.hodaszi(a)digi.com> usb: cdc-wdm: avoid setting WDM_READ for ZLP-s Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> usb: Add checks for snprintf() calls in usb_alloc_dev() Chance Yang <chance.yang(a)kneron.us> usb: common: usb-conn-gpio: use a unique name for usb connector device Jakub Lewalski <jakub.lewalski(a)nokia.com> tty: serial: uartlite: register uart driver in init Chen Yufeng <chenyufeng(a)iie.ac.cn> usb: potential integer overflow in usbg_make_tpg() Chenyuan Yang <chenyuan0y(a)gmail.com> misc: tps6594-pfsm: Add NULL pointer check in tps6594_pfsm_probe() Zhang Lixu <lixu.zhang(a)intel.com> iio: hid-sensor-prox: Add support for 16-bit report size David Lechner <dlechner(a)baylibre.com> iio: adc: ad7606_spi: check error in ad7606B_sw_mode_config() David Heidelberg <david(a)ixit.cz> iio: light: al3000a: Fix an error handling path in al3000a_probe() Angelo Dureghello <adureghello(a)baylibre.com> iio: dac: adi-axi-dac: add cntrl chan check Purva Yeshi <purvayeshi550(a)gmail.com> iio: adc: ad_sigma_delta: Fix use of uninitialized status_pos Michael Grzeschik <m.grzeschik(a)pengutronix.de> usb: dwc2: also exit clock_gating when stopping udc while suspended James Clark <james.clark(a)linaro.org> coresight: Only check bottom two claim bits Rengarajan S <rengarajan.s(a)microchip.com> 8250: microchip: pci1xxxx: Add PCIe Hot reset disable support for Rev C0 and later devices Benjamin Berg <benjamin.berg(a)intel.com> um: use proper care when taking mmap lock during segfault Sami Tolvanen <samitolvanen(a)google.com> um: Add cmpxchg8b_emu and checksum functions to asm-prototypes.h Daniele Palmas <dnlplm(a)gmail.com> bus: mhi: host: pci_generic: Add Telit FN920C04 modem support Jonathan Cameron <Jonathan.Cameron(a)huawei.com> iio: pressure: zpa2326: Use aligned_s64 for the timestamp Lin.Cao <lincao12(a)amd.com> drm/scheduler: signal scheduled fence when kill job Philip Yang <Philip.Yang(a)amd.com> drm/amdgpu: seq64 memory unmap uses uninterruptible lock Linggang Zeng <linggang.zeng(a)easystack.cn> bcache: fix NULL pointer in cache_set_flush() David (Ming Qiang) Wu <David.Wu3(a)amd.com> drm/amdgpu/vcn2.5: read back register after written David (Ming Qiang) Wu <David.Wu3(a)amd.com> drm/amdgpu/vcn3: read back register after written David (Ming Qiang) Wu <David.Wu3(a)amd.com> drm/amdgpu/vcn4: read back register after written David (Ming Qiang) Wu <David.Wu3(a)amd.com> drm/amdgpu/vcn5.0.1: read back register after written Yifan Zhang <yifan1.zhang(a)amd.com> amd/amdkfd: fix a kfd_process ref leak Yu Kuai <yukuai3(a)huawei.com> md/md-bitmap: fix dm-raid max_write_behind setting Hannes Reinecke <hare(a)kernel.org> nvme-tcp: sanitize request list handling Hannes Reinecke <hare(a)kernel.org> nvme-tcp: fix I/O stalls on congested sockets Ilan Peer <ilan.peer(a)intel.com> wifi: iwlwifi: mld: Move regulatory domain initialization Richard Zhu <hongxing.zhu(a)nxp.com> PCI: imx6: Add workaround for errata ERR051624 Hector Martin <marcan(a)marcan.st> PCI: apple: Fix missing OF node reference in apple_pcie_setup_port Wenbin Yao <quic_wenbyao(a)quicinc.com> PCI: dwc: Make link training more robust by setting PORT_LOGIC_LINK_WIDTH to one lane Thomas Gessler <thomas.gessler(a)brueckmann-gmbh.de> dmaengine: xilinx_dma: Set dma_device directions Yi Sun <yi.sun(a)intel.com> dmaengine: idxd: Check availability of workqueue allocated by idxd wq driver before using Lukas Wunner <lukas(a)wunner.de> Revert "iommu/amd: Prevent binding other PCI drivers to IOMMU PCI devices" Rudraksha Gupta <guptarud(a)gmail.com> rust: arm: fix unknown (to Clang) argument '-mno-fdpic' FUJITA Tomonori <fujita.tomonori(a)gmail.com> rust: module: place cleanup_module() in .exit.text section Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: provide zero as a unique ID to the Mac client Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: allow a filename to contain special characters on SMB3.1.1 posix extension Alexis Czezar Torreno <alexisczezar.torreno(a)analog.com> hwmon: (pmbus/max34440) Fix support for max34451 Scott Mayhew <smayhew(a)redhat.com> NFSv4: xattr handlers should check for absent nfs filehandles Gregory Price <gourry(a)gourry.net> cxl: core/region - ignore interleave granularity when ways=1 Robert Richter <rrichter(a)amd.com> cxl/region: Add a dev_err() on missing target list entries Guang Yuan Wu <gwu(a)ddn.com> fuse: fix race between concurrent setattrs from multiple nodes Sven Schwermer <sven.schwermer(a)disruptive-technologies.com> leds: multicolor: Fix intensity setting while SW blinking Matthew Sakai <msakai(a)redhat.com> dm vdo indexer: don't read request structure after enqueuing Yikai Tsai <yikai.tsai.wiwynn(a)gmail.com> hwmon: (isl28022) Fix current reading calculation Nikhil Jha <njha(a)janestreet.com> sunrpc: don't immediately retransmit on seqno miss Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> mfd: sprd-sc27xx: Fix wakeup source leaks on device unbind Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> mfd: 88pm886: Fix wakeup source leaks on device unbind Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> mfd: max77705: Fix wakeup source leaks on device unbind Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> mfd: max14577: Fix wakeup source leaks on device unbind Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> mfd: max77541: Fix wakeup source leaks on device unbind Peng Fan <peng.fan(a)nxp.com> mailbox: Not protect module_put with spin_lock_irqsave Sagi Grimberg <sagi(a)grimberg.me> NFSv4.2: fix setattr caching of TIME_[MODIFY|ACCESS]_SET when timestamps are delegated Olga Kornievskaia <okorniev(a)redhat.com> NFSv4.2: fix listxattr to return selinux security label Han Young <hanyang.tony(a)bytedance.com> NFSv4: Always set NLINK even if the server doesn't support it Pali Rohár <pali(a)kernel.org> cifs: Fix encoding of SMB1 Session Setup NTLMSSP Request in non-UNICODE mode Pali Rohár <pali(a)kernel.org> cifs: Fix cifs_query_path_info() for Windows NT servers Pali Rohár <pali(a)kernel.org> cifs: Correctly set SMB1 SessionKey field in Session Setup Request ------------- Diffstat: Documentation/devicetree/bindings/serial/8250.yaml | 2 +- Documentation/netlink/specs/tc.yaml | 4 +- Makefile | 4 +- arch/arm64/boot/dts/qcom/x1-crd.dtsi | 1277 ++++++++++++++++++++ .../dts/qcom/x1e78100-lenovo-thinkpad-t14s.dts | 45 + arch/arm64/boot/dts/qcom/x1e80100-crd.dts | 1270 +------------------ arch/arm64/boot/dts/qcom/x1e80100.dtsi | 2 +- arch/loongarch/kvm/intc/eiointc.c | 89 +- arch/powerpc/crypto/Kconfig | 1 + arch/riscv/include/asm/cpufeature.h | 5 +- arch/riscv/include/asm/pgtable.h | 1 - arch/riscv/include/asm/processor.h | 1 + arch/riscv/include/asm/runtime-const.h | 2 +- arch/riscv/include/asm/vector.h | 12 +- arch/riscv/kernel/asm-offsets.c | 5 + arch/riscv/kernel/entry.S | 9 + arch/riscv/kernel/setup.c | 1 + arch/riscv/kernel/traps_misaligned.c | 6 +- arch/riscv/mm/cacheflush.c | 15 +- arch/s390/kernel/ptrace.c | 2 +- arch/s390/mm/fault.c | 2 + arch/um/drivers/ubd_user.c | 2 +- arch/um/include/asm/asm-prototypes.h | 5 + arch/um/kernel/trap.c | 129 +- arch/x86/include/uapi/asm/debugreg.h | 21 +- arch/x86/kernel/cpu/common.c | 24 +- arch/x86/kernel/fpu/signal.c | 11 +- arch/x86/kernel/fpu/xstate.h | 22 +- arch/x86/kernel/traps.c | 34 +- arch/x86/um/asm/checksum.h | 3 + drivers/ata/ahci.c | 2 +- drivers/bus/mhi/host/pci_generic.c | 39 + drivers/cxl/core/ras.c | 47 +- drivers/cxl/core/region.c | 9 +- drivers/dma/idxd/cdev.c | 4 +- drivers/dma/xilinx/xilinx_dma.c | 2 + drivers/edac/amd64_edac.c | 57 +- drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c | 28 +- drivers/gpu/drm/amd/amdgpu/amdgpu_fence.c | 30 +- drivers/gpu/drm/amd/amdgpu/amdgpu_gfx.c | 8 + drivers/gpu/drm/amd/amdgpu/amdgpu_job.c | 12 +- drivers/gpu/drm/amd/amdgpu/amdgpu_job.h | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_mes.c | 16 + drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c | 16 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ring.h | 16 + drivers/gpu/drm/amd/amdgpu/amdgpu_seq64.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ucode.c | 17 + drivers/gpu/drm/amd/amdgpu/amdgpu_ucode.h | 6 + drivers/gpu/drm/amd/amdgpu/amdgpu_vram_mgr.c | 2 +- drivers/gpu/drm/amd/amdgpu/gfx_v11_0.c | 5 + drivers/gpu/drm/amd/amdgpu/imu_v11_0.c | 9 +- drivers/gpu/drm/amd/amdgpu/mes_v11_0.c | 10 +- drivers/gpu/drm/amd/amdgpu/mes_v12_0.c | 3 +- drivers/gpu/drm/amd/amdgpu/psp_v13_0.c | 2 + drivers/gpu/drm/amd/amdgpu/sdma_v4_4_2.c | 6 +- drivers/gpu/drm/amd/amdgpu/vcn_v2_5.c | 19 + drivers/gpu/drm/amd/amdgpu/vcn_v3_0.c | 20 + drivers/gpu/drm/amd/amdgpu/vcn_v4_0.c | 20 + drivers/gpu/drm/amd/amdgpu/vcn_v5_0_1.c | 21 +- drivers/gpu/drm/amd/amdkfd/kfd_events.c | 1 + drivers/gpu/drm/amd/amdkfd/kfd_packet_manager_v9.c | 2 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 97 +- .../drm/amd/display/amdgpu_dm/amdgpu_dm_helpers.c | 4 + drivers/gpu/drm/amd/display/dc/core/dc.c | 33 + drivers/gpu/drm/amd/display/dc/dc.h | 8 +- drivers/gpu/drm/amd/display/dc/dc_dp_types.h | 4 +- .../dc/dml2/dml21/dml21_translation_helper.c | 1 + .../dml21/src/dml2_core/dml2_core_dcn4_calcs.c | 5 +- .../amd/display/dc/dml2/dml2_translation_helper.c | 1 + .../drm/amd/display/dc/hwss/dce110/dce110_hwseq.c | 9 +- .../drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c | 28 + .../display/dc/link/protocols/link_dp_capability.c | 46 +- .../display/dc/link/protocols/link_dp_capability.h | 3 + .../display/dc/link/protocols/link_dp_training.c | 1 - .../dc/link/protocols/link_dp_training_8b_10b.c | 52 +- .../amd/display/dc/resource/dcn31/dcn31_resource.c | 3 + .../display/dc/resource/dcn314/dcn314_resource.c | 3 + .../amd/display/dc/resource/dcn35/dcn35_resource.c | 3 + .../display/dc/resource/dcn351/dcn351_resource.c | 3 + .../amd/display/dc/resource/dcn36/dcn36_resource.c | 3 + .../drm/amd/display/include/link_service_types.h | 2 + .../gpu/drm/amd/display/modules/hdcp/hdcp_psp.c | 3 + drivers/gpu/drm/amd/pm/amdgpu_dpm.c | 22 + drivers/gpu/drm/amd/pm/inc/amdgpu_dpm.h | 1 + drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0.c | 12 +- drivers/gpu/drm/ast/ast_mode.c | 6 +- drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c | 32 +- drivers/gpu/drm/bridge/ti-sn65dsi86.c | 109 +- drivers/gpu/drm/display/drm_dp_helper.c | 2 +- drivers/gpu/drm/drm_writeback.c | 7 +- drivers/gpu/drm/etnaviv/etnaviv_sched.c | 5 +- drivers/gpu/drm/i915/display/intel_cx0_phy.c | 27 +- drivers/gpu/drm/i915/display/intel_cx0_phy_regs.h | 15 +- .../gpu/drm/i915/display/intel_display_driver.c | 30 +- drivers/gpu/drm/i915/display/intel_dp.c | 17 + drivers/gpu/drm/i915/display/intel_snps_hdmi_pll.c | 4 +- drivers/gpu/drm/i915/display/vlv_dsi.c | 4 +- drivers/gpu/drm/i915/i915_pmu.c | 2 +- drivers/gpu/drm/msm/msm_gpu_devfreq.c | 1 + drivers/gpu/drm/panel/panel-simple.c | 6 + drivers/gpu/drm/scheduler/sched_entity.c | 1 + drivers/gpu/drm/tegra/dc.c | 17 +- drivers/gpu/drm/tegra/hub.c | 4 +- drivers/gpu/drm/tegra/hub.h | 3 +- drivers/gpu/drm/tiny/cirrus-qemu.c | 1 - drivers/gpu/drm/tiny/simpledrm.c | 4 +- drivers/gpu/drm/udl/udl_drv.c | 2 +- drivers/gpu/drm/xe/display/xe_display.c | 2 + drivers/gpu/drm/xe/display/xe_dsb_buffer.c | 11 +- drivers/gpu/drm/xe/display/xe_fb_pin.c | 5 +- drivers/gpu/drm/xe/xe_ggtt.c | 11 + drivers/gpu/drm/xe/xe_gpu_scheduler.h | 10 +- drivers/gpu/drm/xe/xe_gt_tlb_invalidation.c | 8 + drivers/gpu/drm/xe/xe_guc_ct.c | 17 +- drivers/gpu/drm/xe/xe_guc_ct.h | 5 + drivers/gpu/drm/xe/xe_guc_pc.c | 2 +- drivers/gpu/drm/xe/xe_guc_submit.c | 23 + drivers/gpu/drm/xe/xe_guc_types.h | 5 + drivers/gpu/drm/xe/xe_vm.c | 8 +- drivers/hid/hid-appletb-kbd.c | 5 + drivers/hid/hid-lenovo.c | 11 +- .../intel-quicki2c/quicki2c-protocol.c | 26 +- drivers/hid/wacom_sys.c | 7 +- drivers/hwmon/isl28022.c | 6 +- drivers/hwmon/pmbus/max34440.c | 48 +- drivers/hwtracing/coresight/coresight-core.c | 3 +- drivers/hwtracing/coresight/coresight-priv.h | 1 + drivers/i2c/busses/i2c-imx.c | 3 +- drivers/i2c/busses/i2c-omap.c | 7 +- drivers/i2c/busses/i2c-robotfuzz-osif.c | 6 + drivers/i2c/busses/i2c-tiny-usb.c | 6 + drivers/iio/adc/ad7606_spi.c | 8 +- drivers/iio/adc/ad_sigma_delta.c | 4 + drivers/iio/dac/adi-axi-dac.c | 24 + drivers/iio/light/al3000a.c | 9 +- drivers/iio/light/hid-sensor-prox.c | 3 + drivers/iio/pressure/zpa2326.c | 2 +- drivers/iommu/amd/init.c | 3 - drivers/leds/led-class-multicolor.c | 3 +- drivers/mailbox/mailbox.c | 2 +- drivers/md/bcache/Kconfig | 1 - drivers/md/bcache/alloc.c | 57 +- drivers/md/bcache/bcache.h | 2 +- drivers/md/bcache/bset.c | 116 +- drivers/md/bcache/bset.h | 40 +- drivers/md/bcache/btree.c | 69 +- drivers/md/bcache/extents.c | 43 +- drivers/md/bcache/movinggc.c | 33 +- drivers/md/bcache/super.c | 10 +- drivers/md/bcache/sysfs.c | 4 +- drivers/md/bcache/util.h | 67 +- drivers/md/bcache/writeback.c | 13 +- drivers/md/dm-raid.c | 2 +- drivers/md/dm-vdo/indexer/volume.c | 24 +- drivers/md/md-bitmap.c | 2 +- drivers/media/usb/uvc/uvc_ctrl.c | 70 +- drivers/media/usb/uvc/uvc_v4l2.c | 93 +- drivers/media/usb/uvc/uvcvideo.h | 5 + drivers/mfd/88pm886.c | 6 +- drivers/mfd/max14577.c | 1 + drivers/mfd/max77541.c | 2 +- drivers/mfd/max77705.c | 4 +- drivers/mfd/sprd-sc27xx-spi.c | 5 +- drivers/misc/tps6594-pfsm.c | 3 + drivers/net/ethernet/broadcom/bnxt/bnxt.c | 5 +- drivers/net/ethernet/freescale/enetc/enetc_hw.h | 2 +- drivers/net/ethernet/pensando/ionic/ionic_txrx.c | 12 +- drivers/net/ethernet/wangxun/libwx/wx_lib.c | 2 +- drivers/net/wireless/intel/iwlwifi/mld/fw.c | 8 +- drivers/nvme/host/core.c | 83 +- drivers/nvme/host/nvme.h | 3 +- drivers/nvme/host/tcp.c | 22 +- drivers/pci/controller/dwc/pci-imx6.c | 15 + drivers/pci/controller/dwc/pcie-designware.c | 5 +- drivers/pci/controller/pcie-apple.c | 3 + drivers/s390/crypto/pkey_api.c | 2 +- drivers/scsi/fnic/fdls_disc.c | 122 +- drivers/scsi/fnic/fnic.h | 2 +- drivers/scsi/fnic/fnic_fcs.c | 2 + drivers/scsi/fnic/fnic_fdls.h | 1 + drivers/scsi/megaraid/megaraid_sas_base.c | 6 +- drivers/spi/spi-cadence-quadspi.c | 12 +- drivers/staging/rtl8723bs/core/rtw_security.c | 44 +- drivers/tty/serial/8250/8250_pci1xxxx.c | 10 + drivers/tty/serial/imx.c | 17 +- drivers/tty/serial/serial_base_bus.c | 1 + drivers/tty/serial/uartlite.c | 25 +- drivers/ufs/core/ufshcd.c | 6 +- drivers/usb/class/cdc-wdm.c | 23 +- drivers/usb/common/usb-conn-gpio.c | 25 +- drivers/usb/core/usb.c | 14 +- drivers/usb/dwc2/gadget.c | 6 + drivers/usb/gadget/function/f_hid.c | 19 +- drivers/usb/gadget/function/f_tcm.c | 4 +- drivers/usb/typec/altmodes/displayport.c | 4 + drivers/usb/typec/mux.c | 4 +- drivers/usb/typec/tcpm/tcpci_maxim_core.c | 5 +- drivers/usb/typec/tipd/core.c | 2 +- fs/btrfs/backref.h | 4 +- fs/btrfs/direct-io.c | 4 +- fs/btrfs/disk-io.c | 25 +- fs/btrfs/extent_io.h | 2 +- fs/btrfs/inode.c | 95 +- fs/btrfs/ordered-data.c | 14 +- fs/btrfs/raid56.c | 5 +- fs/btrfs/tests/extent-io-tests.c | 6 +- fs/btrfs/tree-log.c | 14 +- fs/btrfs/volumes.c | 6 + fs/btrfs/zstd.c | 2 +- fs/ceph/file.c | 2 +- fs/f2fs/file.c | 38 + fs/f2fs/super.c | 30 +- fs/fuse/dir.c | 11 + fs/fuse/inode.c | 4 + fs/namespace.c | 18 +- fs/nfs/inode.c | 51 +- fs/nfs/nfs4proc.c | 25 +- fs/overlayfs/util.c | 4 +- fs/proc/task_mmu.c | 2 +- fs/smb/client/cifsglob.h | 2 + fs/smb/client/cifspdu.h | 6 +- fs/smb/client/cifssmb.c | 1 + fs/smb/client/connect.c | 58 +- fs/smb/client/misc.c | 8 + fs/smb/client/reparse.c | 20 +- fs/smb/client/sess.c | 21 +- fs/smb/client/trace.h | 24 +- fs/smb/server/connection.h | 1 + fs/smb/server/smb2pdu.c | 72 +- fs/smb/server/smb2pdu.h | 3 + include/net/bluetooth/hci_core.h | 2 + include/uapi/linux/vm_sockets.h | 4 + io_uring/io_uring.c | 3 +- io_uring/kbuf.c | 1 + io_uring/kbuf.h | 1 + io_uring/net.c | 34 +- io_uring/rsrc.c | 57 +- io_uring/rsrc.h | 3 +- io_uring/zcrx.c | 101 +- io_uring/zcrx.h | 11 +- kernel/sched/ext.c | 12 +- lib/group_cpus.c | 9 +- lib/maple_tree.c | 4 +- mm/damon/sysfs-schemes.c | 1 + mm/gup.c | 14 +- mm/memory.c | 20 - mm/shmem.c | 6 +- mm/swap.h | 23 + mm/userfaultfd.c | 33 +- net/atm/clip.c | 11 +- net/atm/resources.c | 3 +- net/bluetooth/hci_core.c | 34 +- net/bluetooth/l2cap_core.c | 9 +- net/bridge/br_multicast.c | 9 + net/core/netpoll.c | 2 +- net/core/selftests.c | 5 +- net/mac80211/chan.c | 3 + net/mac80211/ieee80211_i.h | 12 + net/mac80211/iface.c | 12 +- net/mac80211/link.c | 94 +- net/mac80211/util.c | 2 +- net/sunrpc/clnt.c | 9 +- net/unix/af_unix.c | 31 +- rust/Makefile | 2 +- rust/bindings/bindings_helper.h | 1 + rust/helpers/completion.c | 8 + rust/helpers/helpers.c | 1 + rust/kernel/devres.rs | 53 +- rust/kernel/revocable.rs | 18 +- rust/kernel/sync.rs | 2 + rust/kernel/sync/completion.rs | 112 ++ rust/macros/module.rs | 1 + scripts/gdb/linux/vfs.py | 2 +- security/selinux/ss/services.c | 16 +- sound/pci/hda/hda_bind.c | 2 +- sound/pci/hda/hda_intel.c | 3 + sound/pci/hda/patch_realtek.c | 1 + sound/soc/amd/ps/acp63.h | 4 + sound/soc/amd/ps/ps-common.c | 18 + sound/soc/amd/yc/acp6x-mach.c | 7 + sound/soc/codecs/rt1320-sdw.c | 17 +- sound/soc/codecs/wcd9335.c | 40 +- sound/usb/quirks.c | 2 + sound/usb/stream.c | 2 + tools/lib/bpf/btf_dump.c | 3 + tools/lib/bpf/libbpf.c | 10 +- .../selftests/bpf/progs/test_global_map_resize.c | 16 + 289 files changed, 4527 insertions(+), 2538 deletions(-)

3 months, 3 weeks

17
285
0 0

[PATCH 6.6 000/132] 6.6.97-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.6.97 release. There are 132 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 10 Jul 2025 16:22:09 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.97-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.6.97-rc1 Borislav Petkov (AMD) <bp(a)alien8.de> x86/process: Move the buffer clearing before MONITOR Borislav Petkov (AMD) <bp(a)alien8.de> x86/microcode/AMD: Add TSA microcode SHAs Borislav Petkov (AMD) <bp(a)alien8.de> KVM: SVM: Advertise TSA CPUID bits to guests Borislav Petkov (AMD) <bp(a)alien8.de> x86/bugs: Add a Transient Scheduler Attacks mitigation Borislav Petkov (AMD) <bp(a)alien8.de> x86/bugs: Rename MDS machinery to something more generic Madhavan Srinivasan <maddy(a)linux.ibm.com> powerpc/kernel: Fix ppc_save_regs inclusion in build Andrei Kuchynski <akuchynski(a)chromium.org> usb: typec: displayport: Fix potential deadlock Kurt Borja <kuurtb(a)gmail.com> platform/x86: think-lmi: Fix sysfs group cleanup Kurt Borja <kuurtb(a)gmail.com> platform/x86: think-lmi: Fix kobject cleanup Kurt Borja <kuurtb(a)gmail.com> platform/x86: think-lmi: Create ksets consecutively Zhang Rui <rui.zhang(a)intel.com> powercap: intel_rapl: Do not change CLAMPING bit if ENABLE bit cannot be changed Simon Xue <xxm(a)rock-chips.com> iommu/rockchip: prevent iommus dead loop when two masters share one IOMMU Oliver Neukum <oneukum(a)suse.com> Logitech C-270 even more broken Michael J. Ruhl <michael.j.ruhl(a)intel.com> i2c/designware: Fix an initialization issue Christian König <christian.koenig(a)amd.com> dma-buf: fix timeout handling in dma_resv_wait_timeout v2 Philipp Kerling <pkerling(a)casix.org> smb: client: fix readdir returning wrong type with POSIX extensions Xu Yang <xu.yang_2(a)nxp.com> usb: chipidea: udc: disconnect/reconnect from host when do suspend/resume Peter Chen <peter.chen(a)cixtech.com> usb: cdnsp: do not disable slot for disabled slot Jeff LaBundy <jeff(a)labundy.com> Input: iqs7222 - explicitly define number of external channels Nilton Perim Neto <niltonperimneto(a)gmail.com> Input: xpad - support Acer NGR 200 Controller Hongyu Xie <xiehongyu1(a)kylinos.cn> xhci: Disable stream for xHC controller with XHCI_BROKEN_STREAMS Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: dbc: Flush queued requests before stopping dbc Łukasz Bartosik <ukaszb(a)chromium.org> xhci: dbctty: disable ECHO flag by default Raju Rangoju <Raju.Rangoju(a)amd.com> usb: xhci: quirk for data loss in ISOC transfers Niklas Schnelle <schnelle(a)linux.ibm.com> s390/pci: Fix stale function handles in error handling Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4/flexfiles: Fix handling of NFS level errors in I/O Shivank Garg <shivankg(a)amd.com> fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass Peter Zijlstra <peterz(a)infradead.org> module: Provide EXPORT_SYMBOL_GPL_FOR_MODULES() helper Niklas Schnelle <schnelle(a)linux.ibm.com> iommu: Allow .iotlb_sync_map to fail and handle s390's -ENOMEM return Jason Gunthorpe <jgg(a)ziepe.ca> iommu: Add IOMMU_DOMAIN_PLATFORM for S390 Kurt Borja <kuurtb(a)gmail.com> platform/x86: hp-bioscfg: Fix class device unregistration Thomas Weißschuh <linux(a)weissschuh.net> platform/x86: hp-bioscfg: Directly use firmware_attributes_class Maíra Canal <mcanal(a)igalia.com> drm/v3d: Disable interrupts before resetting the GPU Uladzislau Rezki (Sony) <urezki(a)gmail.com> rcu: Return early if callback is not specified Pablo Martin-Gomez <pmartin-gomez(a)freebox.fr> mtd: spinand: fix memory leak of ECC engine conf Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> ACPICA: Refuse to evaluate a method if arguments are missing Johannes Berg <johannes.berg(a)intel.com> wifi: ath6kl: remove WARN on bad firmware input Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: drop invalid source address OCB frames Justin Sanders <jsanders.devel(a)gmail.com> aoe: defer rexmit timer downdev work to workqueue Maurizio Lombardi <mlombard(a)redhat.com> scsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port() Heiko Stuebner <heiko(a)sntech.de> regulator: fan53555: add enable_time support and soft-start times Raven Black <ravenblack(a)gmail.com> ASoC: amd: yc: update quirk data for HP Victus Madhavan Srinivasan <maddy(a)linux.ibm.com> powerpc: Fix struct termio related ioctl macros Mario Limonciello <mario.limonciello(a)amd.com> platform/x86/amd/pmc: Add PCSpecialist Lafite Pro V 14M to 8042 quirks list Gabriel Santese <santesegabriel(a)gmail.com> ASoC: amd: yc: Add quirk for MSI Bravo 17 D7VF internal mic Johannes Berg <johannes.berg(a)intel.com> ata: pata_cs5536: fix build on 32-bit UML Tasos Sahanidis <tasos(a)tasossah.com> ata: libata-acpi: Do not assume 40 wire cable if no devices are enabled Takashi Iwai <tiwai(a)suse.de> ALSA: sb: Force to disable DMAs once when DMA mode is changed Takashi Iwai <tiwai(a)suse.de> ALSA: sb: Don't allow changing the DMA mode during operations Rob Clark <robdclark(a)chromium.org> drm/msm: Fix another leak in the submit error path Rob Clark <robdclark(a)chromium.org> drm/msm: Fix a fence leak in submit error path Xin Li (Intel) <xin(a)zytor.com> drm/i915/dp_mst: Work around Thunderbolt sink disconnect after SINK_COUNT_ESI read Thomas Zimmermann <tzimmermann(a)suse.de> drm/simpledrm: Do not upcast in release helpers anvithdosapati <anvithdosapati(a)google.com> scsi: ufs: core: Fix clk scaling to be conditional in reset and restore Manivannan Sadhasivam <mani(a)kernel.org> scsi: ufs: core: Add OPP support for scaling clocks and regulators Peter Wang <peter.wang(a)mediatek.com> scsi: ufs: core: Fix abnormal scale up after last cmd finish Chao Yu <chao(a)kernel.org> f2fs: fix to zero post-eof page Chao Yu <chao(a)kernel.org> f2fs: convert f2fs_vm_page_mkwrite() to use folio Daeho Jeong <daehojeong(a)google.com> f2fs: prevent writing without fallocate() for pinned files Chao Yu <chao(a)kernel.org> f2fs: add tracepoint for f2fs_vm_page_mkwrite() Xin Li (Intel) <xin(a)zytor.com> x86/traps: Initialize DR6 by writing its architectural reset value Yan Zhai <yan(a)cloudflare.com> bnxt: properly flush XDP redirect lists Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: finish link init before RCU publish Muna Sinada <muna.sinada(a)oss.qualcomm.com> wifi: mac80211: Add link iteration macro for link data Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: chan: chandef is non-NULL for reserved Kuniyuki Iwashima <kuniyu(a)google.com> Bluetooth: hci_core: Fix use-after-free in vhci_flush() Stefan Metzmacher <metze(a)samba.org> smb: client: remove \t from TP_printk statements Filipe Manana <fdmanana(a)suse.com> btrfs: fix qgroup reservation leak on failure to allocate ordered extent Joonas Lahtinen <joonas.lahtinen(a)linux.intel.com> Revert "drm/i915/gem: Allow EXEC_CAPTURE on recoverable contexts on DG1" Wang Zhaolong <wangzhaolong(a)huaweicloud.com> smb: client: fix race condition in negotiate timeout by using more precise timing Raju Rangoju <Raju.Rangoju(a)amd.com> amd-xgbe: do not double read link status Lion Ackermann <nnamrec(a)gmail.com> net/sched: Always pass notifications when child class becomes empty Thomas Fourier <fourier.thomas(a)gmail.com> nui: Fix dma_mapping_error() check Kohei Enju <enjuk(a)amazon.com> rose: fix dangling neighbour pointers in rose_rt_device_down() Alok Tiwari <alok.a.tiwari(a)oracle.com> enic: fix incorrect MTU comparison in enic_change_mtu() Raju Rangoju <Raju.Rangoju(a)amd.com> amd-xgbe: align CL37 AN sequence as per databook Dan Carpenter <dan.carpenter(a)linaro.org> lib: test_objagg: Set error message in check_expect_hints_stats() Vitaly Lifshits <vitaly.lifshits(a)intel.com> igc: disable L1.2 PCI-E link substate to avoid performance issue Junxiao Chang <junxiao.chang(a)intel.com> drm/i915/gsc: mei interrupt top half should be in irq disabled context Janusz Krzysztofik <janusz.krzysztofik(a)linux.intel.com> drm/i915/gt: Fix timeline left held on VMA alloc error Oleksij Rempel <o.rempel(a)pengutronix.de> net: usb: lan78xx: fix WARN in __netif_napi_del_locked on disconnect Paulo Alcantara <pc(a)manguebit.org> smb: client: fix warning when reconnecting channel Alok Tiwari <alok.a.tiwari(a)oracle.com> platform/mellanox: mlxreg-lc: Fix logic error in power state check Kurt Borja <kuurtb(a)gmail.com> platform/x86: dell-wmi-sysman: Fix class device unregistration Thomas Weißschuh <linux(a)weissschuh.net> platform/x86: dell-sysman: Directly use firmware_attributes_class Kurt Borja <kuurtb(a)gmail.com> platform/x86: think-lmi: Fix class device unregistration Thomas Weißschuh <linux(a)weissschuh.net> platform/x86: think-lmi: Directly use firmware_attributes_class Thomas Weißschuh <linux(a)weissschuh.net> platform/x86: firmware_attributes_class: Simplify API Thomas Weißschuh <linux(a)weissschuh.net> platform/x86: firmware_attributes_class: Move include linux/device/class.h Ricardo B. Marliere <ricardo(a)marliere.net> platform/x86: make fw_attr_class constant Neil Armstrong <neil.armstrong(a)linaro.org> arm64: dts: qcom: sm8550: add UART14 nodes Kurt Borja <kuurtb(a)gmail.com> platform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks Dan Carpenter <dan.carpenter(a)linaro.org> drm/i915/selftests: Change mock_request() to return error pointers James Clark <james.clark(a)linaro.org> spi: spi-fsl-dspi: Clear completion counter before initiating transfer Marek Szyprowski <m.szyprowski(a)samsung.com> drm/exynos: fimd: Guard display clock control with runtime PM calls Fushuai Wang <wangfushuai(a)baidu.com> dpaa2-eth: fix xdp_rxq_info leak Thomas Fourier <fourier.thomas(a)gmail.com> ethernet: atl1: Add missing DMA mapping error checks and count errors Filipe Manana <fdmanana(a)suse.com> btrfs: use btrfs_record_snapshot_destroy() during rmdir Filipe Manana <fdmanana(a)suse.com> btrfs: propagate last_unlink_trans earlier when doing a rmdir Anand Jain <anand.jain(a)oracle.com> btrfs: rename err to ret in btrfs_rmdir() Filipe Manana <fdmanana(a)suse.com> btrfs: fix iteration of extrefs during log replay Filipe Manana <fdmanana(a)suse.com> btrfs: fix missing error handling when searching for inode refs during log replay Yang Li <yang.li(a)amlogic.com> Bluetooth: Prevent unintended pause by checking if advertising is active Alok Tiwari <alok.a.tiwari(a)oracle.com> platform/mellanox: nvsw-sn2201: Fix bus number in adapter error message Patrisious Haddad <phaddad(a)nvidia.com> RDMA/mlx5: Fix vport loopback for MPV device Patrisious Haddad <phaddad(a)nvidia.com> RDMA/mlx5: Fix CC counters query for MPV Patrisious Haddad <phaddad(a)nvidia.com> RDMA/mlx5: Fix HW counters query for non-representor devices Bart Van Assche <bvanassche(a)acm.org> scsi: ufs: core: Fix spelling of a sysfs attribute name Thomas Fourier <fourier.thomas(a)gmail.com> scsi: qla4xxx: Fix missing DMA mapping error in qla4xxx_alloc_pdu() Thomas Fourier <fourier.thomas(a)gmail.com> scsi: qla2xxx: Fix DMA mapping test in qla24xx_get_port_database() Benjamin Coddington <bcodding(a)redhat.com> NFSv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN Kuniyuki Iwashima <kuniyu(a)google.com> nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails. Mark Zhang <markzhang(a)nvidia.com> RDMA/mlx5: Initialize obj_event->obj_sub_list before xa_insert David Thompson <davthompson(a)nvidia.com> platform/mellanox: mlxbf-tmfifo: fix vring_desc.len assignment Janne Grunau <j(a)jannau.net> arm64: dts: apple: t8103: Fix PCIe BCM4377 nodename Sergey Senozhatsky <senozhatsky(a)chromium.org> mtk-sd: reset host->mrq on prepare_data() error Masami Hiramatsu (Google) <mhiramat(a)kernel.org> mtk-sd: Prevent memory corruption from DMA map failure Masami Hiramatsu (Google) <mhiramat(a)kernel.org> mtk-sd: Fix a pagefault in dma_unmap_sg() for not prepared data RD Babiera <rdbabiera(a)google.com> usb: typec: altmodes/displayport: do not index invalid pin_assignments Manivannan Sadhasivam <mani(a)kernel.org> regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods Christian Eggers <ceggers(a)arri.de> Bluetooth: MGMT: mesh_send: check instances prior disabling advertising Christian Eggers <ceggers(a)arri.de> Bluetooth: MGMT: set_mesh: update LE scan interval and window Christian Eggers <ceggers(a)arri.de> Bluetooth: hci_sync: revert some mesh modifications Avri Altman <avri.altman(a)sandisk.com> mmc: core: sd: Apply BROKEN_SD_DISCARD quirk earlier Ulf Hansson <ulf.hansson(a)linaro.org> Revert "mmc: sdhci: Disable SD card clock before changing parameters" Victor Shih <victor.shih(a)genesyslogic.com.tw> mmc: sdhci: Add a helper function for dump register in dynamic debug mode HarshaVardhana S A <harshavardhana.sa(a)broadcom.com> vsock/vmci: Clear the vmci transport packet properly when initializing it Niklas Schnelle <schnelle(a)linux.ibm.com> s390/pci: Do not try re-enabling load/store if device is disabled Bui Quang Minh <minhquangbui99(a)gmail.com> virtio-net: ensure the received length does not exceed allocated size Mateusz Jończyk <mat.jonczyk(a)o2.pl> rtc: cmos: use spin_lock_irqsave in cmos_interrupt Elena Popa <elena.popa(a)nxp.com> rtc: pcf2127: fix SPI command byte for PCF2131 Hugo Villeneuve <hvilleneuve(a)dimonoff.com> rtc: pcf2127: add missing semicolon after statement ------------- Diffstat: Documentation/ABI/testing/sysfs-devices-system-cpu | 1 + Documentation/ABI/testing/sysfs-driver-ufs | 2 +- .../hw-vuln/processor_mmio_stale_data.rst | 4 +- Documentation/admin-guide/kernel-parameters.txt | 13 ++ Documentation/arch/x86/mds.rst | 8 +- Documentation/core-api/symbol-namespaces.rst | 22 +++ Makefile | 4 +- arch/arm64/boot/dts/apple/t8103-jxxx.dtsi | 2 +- arch/arm64/boot/dts/qcom/sm8550.dtsi | 30 ++++ arch/powerpc/include/uapi/asm/ioctls.h | 8 +- arch/powerpc/kernel/Makefile | 2 - arch/s390/pci/pci_event.c | 18 +++ arch/x86/Kconfig | 9 ++ arch/x86/entry/entry.S | 8 +- arch/x86/include/asm/cpu.h | 12 ++ arch/x86/include/asm/cpufeatures.h | 6 + arch/x86/include/asm/irqflags.h | 4 +- arch/x86/include/asm/mwait.h | 28 ++-- arch/x86/include/asm/nospec-branch.h | 37 +++-- arch/x86/include/uapi/asm/debugreg.h | 21 ++- arch/x86/kernel/cpu/amd.c | 60 ++++++++ arch/x86/kernel/cpu/bugs.c | 133 ++++++++++++++++- arch/x86/kernel/cpu/common.c | 38 +++-- arch/x86/kernel/cpu/microcode/amd.c | 12 -- arch/x86/kernel/cpu/microcode/amd_shas.c | 112 +++++++++++++++ arch/x86/kernel/cpu/scattered.c | 2 + arch/x86/kernel/process.c | 16 ++- arch/x86/kernel/traps.c | 32 +++-- arch/x86/kvm/cpuid.c | 8 +- arch/x86/kvm/reverse_cpuid.h | 8 ++ arch/x86/kvm/svm/vmenter.S | 6 + arch/x86/kvm/vmx/vmx.c | 2 +- drivers/acpi/acpica/dsmethod.c | 7 + drivers/ata/libata-acpi.c | 24 ++-- drivers/ata/pata_cs5536.c | 2 +- drivers/ata/pata_via.c | 6 +- drivers/base/cpu.c | 3 + drivers/block/aoe/aoe.h | 1 + drivers/block/aoe/aoecmd.c | 8 +- drivers/block/aoe/aoedev.c | 5 +- drivers/dma-buf/dma-resv.c | 12 +- drivers/gpu/drm/exynos/exynos_drm_fimd.c | 12 ++ drivers/gpu/drm/i915/gem/i915_gem_execbuffer.c | 2 +- drivers/gpu/drm/i915/gt/intel_gsc.c | 2 +- drivers/gpu/drm/i915/gt/intel_ring_submission.c | 3 +- drivers/gpu/drm/i915/selftests/i915_request.c | 20 +-- drivers/gpu/drm/i915/selftests/mock_request.c | 2 +- drivers/gpu/drm/msm/msm_gem_submit.c | 17 ++- drivers/gpu/drm/tiny/simpledrm.c | 4 +- drivers/gpu/drm/v3d/v3d_drv.h | 8 ++ drivers/gpu/drm/v3d/v3d_gem.c | 2 + drivers/gpu/drm/v3d/v3d_irq.c | 37 +++-- drivers/i2c/busses/i2c-designware-master.c | 1 + drivers/infiniband/hw/mlx5/counters.c | 4 +- drivers/infiniband/hw/mlx5/devx.c | 2 +- drivers/infiniband/hw/mlx5/main.c | 33 +++++ drivers/input/joystick/xpad.c | 2 + drivers/input/misc/iqs7222.c | 7 +- drivers/iommu/amd/iommu.c | 5 +- drivers/iommu/apple-dart.c | 5 +- drivers/iommu/intel/iommu.c | 5 +- drivers/iommu/iommu.c | 20 ++- drivers/iommu/msm_iommu.c | 5 +- drivers/iommu/mtk_iommu.c | 5 +- drivers/iommu/rockchip-iommu.c | 3 +- drivers/iommu/s390-iommu.c | 50 +++++-- drivers/iommu/sprd-iommu.c | 5 +- drivers/iommu/sun50i-iommu.c | 6 +- drivers/mmc/core/quirks.h | 12 +- drivers/mmc/host/mtk-sd.c | 21 ++- drivers/mmc/host/sdhci.c | 9 +- drivers/mmc/host/sdhci.h | 16 +++ drivers/mtd/nand/spi/core.c | 1 + drivers/net/ethernet/amd/xgbe/xgbe-common.h | 2 + drivers/net/ethernet/amd/xgbe/xgbe-mdio.c | 13 ++ drivers/net/ethernet/amd/xgbe/xgbe-phy-v2.c | 24 ++-- drivers/net/ethernet/amd/xgbe/xgbe.h | 4 +- drivers/net/ethernet/atheros/atlx/atl1.c | 79 +++++++--- drivers/net/ethernet/broadcom/bnxt/bnxt.c | 7 +- drivers/net/ethernet/cisco/enic/enic_main.c | 4 +- drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 26 +++- drivers/net/ethernet/intel/igc/igc_main.c | 10 ++ drivers/net/ethernet/sun/niu.c | 31 +++- drivers/net/ethernet/sun/niu.h | 4 + drivers/net/usb/lan78xx.c | 2 - drivers/net/virtio_net.c | 38 ++++- drivers/net/wireless/ath/ath6kl/bmi.c | 4 +- drivers/platform/mellanox/mlxbf-tmfifo.c | 3 +- drivers/platform/mellanox/mlxreg-lc.c | 2 +- drivers/platform/mellanox/nvsw-sn2201.c | 2 +- drivers/platform/x86/amd/pmc/pmc-quirks.c | 9 ++ .../x86/dell/dell-wmi-sysman/dell-wmi-sysman.h | 5 + .../x86/dell/dell-wmi-sysman/enum-attributes.c | 5 +- .../x86/dell/dell-wmi-sysman/int-attributes.c | 5 +- .../x86/dell/dell-wmi-sysman/passobj-attributes.c | 5 +- .../x86/dell/dell-wmi-sysman/string-attributes.c | 5 +- drivers/platform/x86/dell/dell-wmi-sysman/sysman.c | 25 ++-- drivers/platform/x86/firmware_attributes_class.c | 41 ++---- drivers/platform/x86/firmware_attributes_class.h | 5 +- drivers/platform/x86/hp/hp-bioscfg/bioscfg.c | 14 +- drivers/platform/x86/think-lmi.c | 103 +++++-------- drivers/powercap/intel_rapl_common.c | 18 ++- drivers/regulator/fan53555.c | 14 ++ drivers/regulator/gpio-regulator.c | 8 +- drivers/rtc/rtc-cmos.c | 10 +- drivers/rtc/rtc-pcf2127.c | 7 +- drivers/scsi/qla2xxx/qla_mbx.c | 2 +- drivers/scsi/qla4xxx/ql4_os.c | 2 + drivers/spi/spi-fsl-dspi.c | 11 +- drivers/target/target_core_pr.c | 4 +- drivers/ufs/core/ufs-sysfs.c | 4 +- drivers/ufs/core/ufshcd.c | 160 +++++++++++++++------ drivers/usb/cdns3/cdnsp-ring.c | 4 +- drivers/usb/chipidea/udc.c | 7 + drivers/usb/core/quirks.c | 3 +- drivers/usb/host/xhci-dbgcap.c | 4 + drivers/usb/host/xhci-dbgtty.c | 1 + drivers/usb/host/xhci-mem.c | 4 + drivers/usb/host/xhci-pci.c | 25 ++++ drivers/usb/host/xhci-plat.c | 3 +- drivers/usb/host/xhci.h | 1 + drivers/usb/typec/altmodes/displayport.c | 5 +- fs/anon_inodes.c | 23 ++- fs/btrfs/inode.c | 56 ++++---- fs/btrfs/ordered-data.c | 12 +- fs/btrfs/tree-log.c | 8 +- fs/f2fs/file.c | 118 ++++++++++----- fs/nfs/flexfilelayout/flexfilelayout.c | 121 +++++++++++----- fs/nfs/inode.c | 17 ++- fs/nfs/pnfs.c | 4 +- fs/smb/client/cifsglob.h | 2 + fs/smb/client/connect.c | 7 +- fs/smb/client/readdir.c | 2 +- fs/smb/client/smb2pdu.c | 10 +- fs/smb/client/trace.h | 18 +-- include/linux/cpu.h | 1 + include/linux/export.h | 12 +- include/linux/fs.h | 2 + include/linux/iommu.h | 4 +- include/linux/libata.h | 7 +- include/linux/usb/typec_dp.h | 1 + include/net/bluetooth/hci_core.h | 2 + include/trace/events/f2fs.h | 39 +++-- include/ufs/ufshcd.h | 4 + kernel/rcu/tree.c | 4 + lib/test_objagg.c | 4 +- mm/secretmem.c | 11 +- net/bluetooth/hci_core.c | 34 ++++- net/bluetooth/hci_sync.c | 20 ++- net/bluetooth/mgmt.c | 25 +++- net/mac80211/chan.c | 6 +- net/mac80211/ieee80211_i.h | 9 ++ net/mac80211/link.c | 15 +- net/mac80211/rx.c | 4 + net/rose/rose_route.c | 15 +- net/sched/sch_api.c | 19 +-- net/vmw_vsock/vmci_transport.c | 4 +- sound/isa/sb/sb16_main.c | 7 + sound/soc/amd/yc/acp6x-mach.c | 14 ++ 159 files changed, 1840 insertions(+), 657 deletions(-)

3 months, 3 weeks

3
135
0 0

[PATCH 6.1 00/81] 6.1.144-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.1.144 release. There are 81 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 10 Jul 2025 16:22:09 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.144-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.1.144-rc1 Borislav Petkov (AMD) <bp(a)alien8.de> x86/process: Move the buffer clearing before MONITOR Borislav Petkov (AMD) <bp(a)alien8.de> KVM: SVM: Advertise TSA CPUID bits to guests Borislav Petkov (AMD) <bp(a)alien8.de> x86/bugs: Add a Transient Scheduler Attacks mitigation Borislav Petkov (AMD) <bp(a)alien8.de> x86/bugs: Rename MDS machinery to something more generic Andrei Kuchynski <akuchynski(a)chromium.org> usb: typec: displayport: Fix potential deadlock Kurt Borja <kuurtb(a)gmail.com> platform/x86: think-lmi: Fix kobject cleanup Kurt Borja <kuurtb(a)gmail.com> platform/x86: think-lmi: Create ksets consecutively Oliver Neukum <oneukum(a)suse.com> Logitech C-270 even more broken Michael J. Ruhl <michael.j.ruhl(a)intel.com> i2c/designware: Fix an initialization issue Christian König <christian.koenig(a)amd.com> dma-buf: fix timeout handling in dma_resv_wait_timeout v2 Peter Chen <peter.chen(a)cixtech.com> usb: cdnsp: do not disable slot for disabled slot Hongyu Xie <xiehongyu1(a)kylinos.cn> xhci: Disable stream for xHC controller with XHCI_BROKEN_STREAMS Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: dbc: Flush queued requests before stopping dbc Łukasz Bartosik <ukaszb(a)chromium.org> xhci: dbctty: disable ECHO flag by default Oleksij Rempel <linux(a)rempel-privat.de> net: usb: lan78xx: fix WARN in __netif_napi_del_locked on disconnect Kurt Borja <kuurtb(a)gmail.com> platform/x86: dell-wmi-sysman: Fix class device unregistration Kurt Borja <kuurtb(a)gmail.com> platform/x86: think-lmi: Fix class device unregistration Fushuai Wang <wangfushuai(a)baidu.com> dpaa2-eth: fix xdp_rxq_info leak Filipe Manana <fdmanana(a)suse.com> btrfs: use btrfs_record_snapshot_destroy() during rmdir Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4/flexfiles: Fix handling of NFS level errors in I/O Maíra Canal <mcanal(a)igalia.com> drm/v3d: Disable interrupts before resetting the GPU Niklas Schnelle <schnelle(a)linux.ibm.com> s390/pci: Fix stale function handles in error handling Bui Quang Minh <minhquangbui99(a)gmail.com> virtio-net: ensure the received length does not exceed allocated size Uladzislau Rezki (Sony) <urezki(a)gmail.com> rcu: Return early if callback is not specified Pablo Martin-Gomez <pmartin-gomez(a)freebox.fr> mtd: spinand: fix memory leak of ECC engine conf Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> ACPICA: Refuse to evaluate a method if arguments are missing Johannes Berg <johannes.berg(a)intel.com> wifi: ath6kl: remove WARN on bad firmware input Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: drop invalid source address OCB frames Justin Sanders <jsanders.devel(a)gmail.com> aoe: defer rexmit timer downdev work to workqueue Maurizio Lombardi <mlombard(a)redhat.com> scsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port() Raven Black <ravenblack(a)gmail.com> ASoC: amd: yc: update quirk data for HP Victus Madhavan Srinivasan <maddy(a)linux.ibm.com> powerpc: Fix struct termio related ioctl macros Johannes Berg <johannes.berg(a)intel.com> ata: pata_cs5536: fix build on 32-bit UML Tasos Sahanidis <tasos(a)tasossah.com> ata: libata-acpi: Do not assume 40 wire cable if no devices are enabled Takashi Iwai <tiwai(a)suse.de> ALSA: sb: Force to disable DMAs once when DMA mode is changed Takashi Iwai <tiwai(a)suse.de> ALSA: sb: Don't allow changing the DMA mode during operations Rob Clark <robdclark(a)chromium.org> drm/msm: Fix another leak in the submit error path Rob Clark <robdclark(a)chromium.org> drm/msm: Fix a fence leak in submit error path Wang Zhaolong <wangzhaolong(a)huaweicloud.com> smb: client: fix race condition in negotiate timeout by using more precise timing Lion Ackermann <nnamrec(a)gmail.com> net/sched: Always pass notifications when child class becomes empty Thomas Fourier <fourier.thomas(a)gmail.com> nui: Fix dma_mapping_error() check Kohei Enju <enjuk(a)amazon.com> rose: fix dangling neighbour pointers in rose_rt_device_down() Alok Tiwari <alok.a.tiwari(a)oracle.com> enic: fix incorrect MTU comparison in enic_change_mtu() Raju Rangoju <Raju.Rangoju(a)amd.com> amd-xgbe: align CL37 AN sequence as per databook Dan Carpenter <dan.carpenter(a)linaro.org> lib: test_objagg: Set error message in check_expect_hints_stats() Vitaly Lifshits <vitaly.lifshits(a)intel.com> igc: disable L1.2 PCI-E link substate to avoid performance issue Junxiao Chang <junxiao.chang(a)intel.com> drm/i915/gsc: mei interrupt top half should be in irq disabled context Janusz Krzysztofik <janusz.krzysztofik(a)linux.intel.com> drm/i915/gt: Fix timeline left held on VMA alloc error Alok Tiwari <alok.a.tiwari(a)oracle.com> platform/mellanox: mlxreg-lc: Fix logic error in power state check Kurt Borja <kuurtb(a)gmail.com> platform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks Dan Carpenter <dan.carpenter(a)linaro.org> drm/i915/selftests: Change mock_request() to return error pointers James Clark <james.clark(a)linaro.org> spi: spi-fsl-dspi: Clear completion counter before initiating transfer Marek Szyprowski <m.szyprowski(a)samsung.com> drm/exynos: fimd: Guard display clock control with runtime PM calls Thomas Fourier <fourier.thomas(a)gmail.com> ethernet: atl1: Add missing DMA mapping error checks and count errors Filipe Manana <fdmanana(a)suse.com> btrfs: fix iteration of extrefs during log replay Filipe Manana <fdmanana(a)suse.com> btrfs: fix missing error handling when searching for inode refs during log replay Yang Li <yang.li(a)amlogic.com> Bluetooth: Prevent unintended pause by checking if advertising is active Alok Tiwari <alok.a.tiwari(a)oracle.com> platform/mellanox: nvsw-sn2201: Fix bus number in adapter error message Patrisious Haddad <phaddad(a)nvidia.com> RDMA/mlx5: Fix CC counters query for MPV Bart Van Assche <bvanassche(a)acm.org> scsi: ufs: core: Fix spelling of a sysfs attribute name Thomas Fourier <fourier.thomas(a)gmail.com> scsi: qla4xxx: Fix missing DMA mapping error in qla4xxx_alloc_pdu() Thomas Fourier <fourier.thomas(a)gmail.com> scsi: qla2xxx: Fix DMA mapping test in qla24xx_get_port_database() Benjamin Coddington <bcodding(a)redhat.com> NFSv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN Kuniyuki Iwashima <kuniyu(a)google.com> nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails. Mark Zhang <markzhang(a)nvidia.com> RDMA/mlx5: Initialize obj_event->obj_sub_list before xa_insert David Thompson <davthompson(a)nvidia.com> platform/mellanox: mlxbf-tmfifo: fix vring_desc.len assignment Janne Grunau <j(a)jannau.net> arm64: dts: apple: t8103: Fix PCIe BCM4377 nodename Sergey Senozhatsky <senozhatsky(a)chromium.org> mtk-sd: reset host->mrq on prepare_data() error Masami Hiramatsu (Google) <mhiramat(a)kernel.org> mtk-sd: Prevent memory corruption from DMA map failure Masami Hiramatsu (Google) <mhiramat(a)kernel.org> mtk-sd: Fix a pagefault in dma_unmap_sg() for not prepared data RD Babiera <rdbabiera(a)google.com> usb: typec: altmodes/displayport: do not index invalid pin_assignments Manivannan Sadhasivam <mani(a)kernel.org> regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods Christian Eggers <ceggers(a)arri.de> Bluetooth: MGMT: mesh_send: check instances prior disabling advertising Christian Eggers <ceggers(a)arri.de> Bluetooth: MGMT: set_mesh: update LE scan interval and window Christian Eggers <ceggers(a)arri.de> Bluetooth: hci_sync: revert some mesh modifications Avri Altman <avri.altman(a)sandisk.com> mmc: core: sd: Apply BROKEN_SD_DISCARD quirk earlier Ulf Hansson <ulf.hansson(a)linaro.org> Revert "mmc: sdhci: Disable SD card clock before changing parameters" Victor Shih <victor.shih(a)genesyslogic.com.tw> mmc: sdhci: Add a helper function for dump register in dynamic debug mode HarshaVardhana S A <harshavardhana.sa(a)broadcom.com> vsock/vmci: Clear the vmci transport packet properly when initializing it Niklas Schnelle <schnelle(a)linux.ibm.com> s390/pci: Do not try re-enabling load/store if device is disabled Mateusz Jończyk <mat.jonczyk(a)o2.pl> rtc: cmos: use spin_lock_irqsave in cmos_interrupt ------------- Diffstat: Documentation/ABI/testing/sysfs-devices-system-cpu | 1 + Documentation/ABI/testing/sysfs-driver-ufs | 2 +- .../hw-vuln/processor_mmio_stale_data.rst | 4 +- Documentation/admin-guide/kernel-parameters.txt | 13 ++ Makefile | 4 +- arch/arm64/boot/dts/apple/t8103-jxxx.dtsi | 2 +- arch/powerpc/include/uapi/asm/ioctls.h | 8 +- arch/s390/pci/pci_event.c | 20 ++++ arch/x86/Kconfig | 9 ++ arch/x86/entry/entry.S | 8 +- arch/x86/include/asm/cpu.h | 12 ++ arch/x86/include/asm/cpufeatures.h | 6 + arch/x86/include/asm/irqflags.h | 4 +- arch/x86/include/asm/mwait.h | 19 ++- arch/x86/include/asm/nospec-branch.h | 39 +++--- arch/x86/kernel/cpu/amd.c | 58 +++++++++ arch/x86/kernel/cpu/bugs.c | 133 ++++++++++++++++++++- arch/x86/kernel/cpu/common.c | 14 ++- arch/x86/kernel/cpu/scattered.c | 2 + arch/x86/kernel/process.c | 15 ++- arch/x86/kvm/cpuid.c | 9 +- arch/x86/kvm/reverse_cpuid.h | 8 ++ arch/x86/kvm/svm/vmenter.S | 6 + arch/x86/kvm/vmx/vmx.c | 2 +- drivers/acpi/acpica/dsmethod.c | 7 ++ drivers/ata/libata-acpi.c | 24 ++-- drivers/ata/pata_cs5536.c | 2 +- drivers/ata/pata_via.c | 6 +- drivers/base/cpu.c | 2 + drivers/block/aoe/aoe.h | 1 + drivers/block/aoe/aoecmd.c | 8 +- drivers/block/aoe/aoedev.c | 5 +- drivers/dma-buf/dma-resv.c | 12 +- drivers/gpu/drm/exynos/exynos_drm_fimd.c | 12 ++ drivers/gpu/drm/i915/gt/intel_gsc.c | 2 +- drivers/gpu/drm/i915/gt/intel_ring_submission.c | 3 +- drivers/gpu/drm/i915/selftests/i915_request.c | 20 ++-- drivers/gpu/drm/i915/selftests/mock_request.c | 2 +- drivers/gpu/drm/msm/msm_gem_submit.c | 17 ++- drivers/gpu/drm/v3d/v3d_drv.h | 8 ++ drivers/gpu/drm/v3d/v3d_gem.c | 2 + drivers/gpu/drm/v3d/v3d_irq.c | 37 ++++-- drivers/i2c/busses/i2c-designware-master.c | 1 + drivers/infiniband/hw/mlx5/counters.c | 2 +- drivers/infiniband/hw/mlx5/devx.c | 2 +- drivers/mmc/core/quirks.h | 12 +- drivers/mmc/host/mtk-sd.c | 21 +++- drivers/mmc/host/sdhci.c | 9 +- drivers/mmc/host/sdhci.h | 16 +++ drivers/mtd/nand/spi/core.c | 1 + drivers/net/ethernet/amd/xgbe/xgbe-common.h | 2 + drivers/net/ethernet/amd/xgbe/xgbe-mdio.c | 9 ++ drivers/net/ethernet/amd/xgbe/xgbe.h | 4 +- drivers/net/ethernet/atheros/atlx/atl1.c | 79 ++++++++---- drivers/net/ethernet/cisco/enic/enic_main.c | 4 +- drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 26 +++- drivers/net/ethernet/intel/igc/igc_main.c | 10 ++ drivers/net/ethernet/sun/niu.c | 31 ++++- drivers/net/ethernet/sun/niu.h | 4 + drivers/net/usb/lan78xx.c | 2 - drivers/net/virtio_net.c | 38 +++++- drivers/net/wireless/ath/ath6kl/bmi.c | 4 +- drivers/platform/mellanox/mlxbf-tmfifo.c | 3 +- drivers/platform/mellanox/mlxreg-lc.c | 2 +- drivers/platform/mellanox/nvsw-sn2201.c | 2 +- .../x86/dell/dell-wmi-sysman/dell-wmi-sysman.h | 5 + .../x86/dell/dell-wmi-sysman/enum-attributes.c | 5 +- .../x86/dell/dell-wmi-sysman/int-attributes.c | 5 +- .../x86/dell/dell-wmi-sysman/passobj-attributes.c | 5 +- .../x86/dell/dell-wmi-sysman/string-attributes.c | 5 +- drivers/platform/x86/dell/dell-wmi-sysman/sysman.c | 12 +- drivers/platform/x86/think-lmi.c | 53 ++++---- drivers/regulator/gpio-regulator.c | 8 +- drivers/rtc/rtc-cmos.c | 10 +- drivers/scsi/qla2xxx/qla_mbx.c | 2 +- drivers/scsi/qla4xxx/ql4_os.c | 2 + drivers/spi/spi-fsl-dspi.c | 11 +- drivers/target/target_core_pr.c | 4 +- drivers/ufs/core/ufs-sysfs.c | 4 +- drivers/usb/cdns3/cdnsp-ring.c | 4 +- drivers/usb/core/quirks.c | 3 +- drivers/usb/host/xhci-dbgcap.c | 4 + drivers/usb/host/xhci-dbgtty.c | 1 + drivers/usb/host/xhci-plat.c | 3 +- drivers/usb/typec/altmodes/displayport.c | 5 +- fs/btrfs/inode.c | 7 +- fs/btrfs/tree-log.c | 8 +- fs/nfs/flexfilelayout/flexfilelayout.c | 121 +++++++++++++------ fs/nfs/inode.c | 17 ++- fs/nfs/pnfs.c | 4 +- fs/smb/client/cifsglob.h | 1 + fs/smb/client/connect.c | 7 +- include/linux/cpu.h | 1 + include/linux/libata.h | 7 +- include/linux/usb/typec_dp.h | 1 + kernel/rcu/tree.c | 4 + lib/test_objagg.c | 4 +- net/bluetooth/hci_sync.c | 20 ++-- net/bluetooth/mgmt.c | 25 +++- net/mac80211/rx.c | 4 + net/rose/rose_route.c | 15 +-- net/sched/sch_api.c | 19 +-- net/vmw_vsock/vmci_transport.c | 4 +- sound/isa/sb/sb16_main.c | 7 ++ sound/soc/amd/yc/acp6x-mach.c | 7 ++ 105 files changed, 982 insertions(+), 304 deletions(-)

3 months, 3 weeks

5
88
0 0

[RESEND PATCH 5.15] fs/proc: do_task_stat: use __for_each_thread()

by Heyne, Maximilian

From: Oleg Nesterov <oleg(a)redhat.com> [ Upstream commit 7904e53ed5a20fc678c01d5d1b07ec486425bb6a ] do/while_each_thread should be avoided when possible. Link: https://lkml.kernel.org/r/20230909164501.GA11581@redhat.com Signed-off-by: Oleg Nesterov <oleg(a)redhat.com> Cc: Eric W. Biederman <ebiederm(a)xmission.com> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Stable-dep-of: 7601df8031fd ("fs/proc: do_task_stat: use sig->stats_lock to gather the threads/children stats") Cc: stable(a)vger.kernel.org [mheyne: adjusted context] Signed-off-by: Maximilian Heyne <mheyne(a)amazon.de> --- Compile-tested only. We're seeing soft lock-ups with 5.10.237 because of the backport of commit 4fe85bdaabd6 ("fs/proc: do_task_stat: use sig->stats_lock to gather the threads/children stats"). I'm assuming this is broken on 5.15 too. --- fs/proc/array.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/fs/proc/array.c b/fs/proc/array.c index 2cb01aaa6718..2ff568dc5838 100644 --- a/fs/proc/array.c +++ b/fs/proc/array.c @@ -530,18 +530,18 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, cgtime = sig->cgtime; if (whole) { - struct task_struct *t = task; + struct task_struct *t; min_flt = sig->min_flt; maj_flt = sig->maj_flt; gtime = sig->gtime; rcu_read_lock(); - do { + __for_each_thread(sig, t) { min_flt += t->min_flt; maj_flt += t->maj_flt; gtime += task_gtime(t); - } while_each_thread(task, t); + } rcu_read_unlock(); } } while (need_seqretry(&sig->stats_lock, seq)); -- 2.47.1 Amazon Web Services Development Center Germany GmbH Tamara-Danz-Str. 13 10243 Berlin Geschaeftsfuehrung: Christian Schlaeger, Jonathan Weiss Eingetragen am Amtsgericht Charlottenburg unter HRB 257764 B Sitz: Berlin Ust-ID: DE 365 538 597

3 months, 3 weeks

2
1
0 0

[PATCH v4 1/8] drm/panfrost: Fix scheduler workqueue bug

by Philipp Stanner

When the GPU scheduler was ported to using a struct for its initialization parameters, it was overlooked that panfrost creates a distinct workqueue for timeout handling. The pointer to this new workqueue is not initialized to the struct, resulting in NULL being passed to the scheduler, which then uses the system_wq for timeout handling. Set the correct workqueue to the init args struct. Cc: stable(a)vger.kernel.org # 6.15+ Fixes: 796a9f55a8d1 ("drm/sched: Use struct for drm_sched_init() params") Reported-by: Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> Closes: https://lore.kernel.org/dri-devel/b5d0921c-7cbf-4d55-aa47-c35cd7861c02@igal… Signed-off-by: Philipp Stanner <phasta(a)kernel.org> --- drivers/gpu/drm/panfrost/panfrost_job.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/panfrost/panfrost_job.c b/drivers/gpu/drm/panfrost/panfrost_job.c index 5657106c2f7d..15e2d505550f 100644 --- a/drivers/gpu/drm/panfrost/panfrost_job.c +++ b/drivers/gpu/drm/panfrost/panfrost_job.c @@ -841,7 +841,6 @@ int panfrost_job_init(struct panfrost_device *pfdev) .num_rqs = DRM_SCHED_PRIORITY_COUNT, .credit_limit = 2, .timeout = msecs_to_jiffies(JOB_TIMEOUT_MS), - .timeout_wq = pfdev->reset.wq, .name = "pan_js", .dev = pfdev->dev, }; @@ -879,6 +878,7 @@ int panfrost_job_init(struct panfrost_device *pfdev) pfdev->reset.wq = alloc_ordered_workqueue("panfrost-reset", 0); if (!pfdev->reset.wq) return -ENOMEM; + args.timeout_wq = pfdev->reset.wq; for (j = 0; j < NUM_JOB_SLOTS; j++) { js->queue[j].fence_context = dma_fence_context_alloc(1); -- 2.49.0

3 months, 3 weeks

2
1
0 0

[PATCH v2] USB: serial: option: add Telit Cinterion FE910C04 (ECM) composition

by Fabio Porcedda

Add Telit Cinterion FE910C04 (ECM) composition: 0x10c7: ECM + tty (AT) + tty (AT) + tty (diag) usb-devices output: T: Bus=01 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#= 7 Spd=480 MxCh= 0 D: Ver= 2.00 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs= 1 P: Vendor=1bc7 ProdID=10c7 Rev=05.15 S: Manufacturer=Telit Cinterion S: Product=FE910 S: SerialNumber=f71b8b32 C: #Ifs= 5 Cfg#= 1 Atr=e0 MxPwr=500mA I: If#= 0 Alt= 0 #EPs= 1 Cls=02(commc) Sub=06 Prot=00 Driver=cdc_ether E: Ad=82(I) Atr=03(Int.) MxPS= 16 Ivl=32ms I: If#= 1 Alt= 1 #EPs= 2 Cls=0a(data ) Sub=00 Prot=00 Driver=cdc_ether E: Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=81(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms I: If#= 2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=40 Driver=option E: Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=83(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=84(I) Atr=03(Int.) MxPS= 10 Ivl=32ms I: If#= 3 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=40 Driver=option E: Ad=03(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=85(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=86(I) Atr=03(Int.) MxPS= 10 Ivl=32ms I: If#= 4 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=30 Driver=option E: Ad=04(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=87(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms Cc: stable(a)vger.kernel.org Signed-off-by: Fabio Porcedda <fabio.porcedda(a)gmail.com> --- drivers/usb/serial/option.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/usb/serial/option.c b/drivers/usb/serial/option.c index c0c44e594d36..147ca50c94be 100644 --- a/drivers/usb/serial/option.c +++ b/drivers/usb/serial/option.c @@ -1415,6 +1415,9 @@ static const struct usb_device_id option_ids[] = { .driver_info = NCTRL(5) }, { USB_DEVICE_AND_INTERFACE_INFO(TELIT_VENDOR_ID, 0x10d0, 0xff, 0xff, 0x40) }, { USB_DEVICE_AND_INTERFACE_INFO(TELIT_VENDOR_ID, 0x10d0, 0xff, 0xff, 0x60) }, + { USB_DEVICE_AND_INTERFACE_INFO(TELIT_VENDOR_ID, 0x10c7, 0xff, 0xff, 0x30), /* Telit FE910C04 (ECM) */ + .driver_info = NCTRL(4) }, + { USB_DEVICE_AND_INTERFACE_INFO(TELIT_VENDOR_ID, 0x10c7, 0xff, 0xff, 0x40) }, { USB_DEVICE_AND_INTERFACE_INFO(TELIT_VENDOR_ID, 0x10d1, 0xff, 0xff, 0x30), /* Telit FN990B (MBIM) */ .driver_info = NCTRL(6) }, { USB_DEVICE_AND_INTERFACE_INFO(TELIT_VENDOR_ID, 0x10d1, 0xff, 0xff, 0x40) }, -- 2.49.0

3 months, 4 weeks

2
1
0 0

[PATCH 2/2] mmc: core: sd: Fix and simplify SD card current limit handling

by Avri Altman

The SD spec says: "In UHS-I mode, after selecting one of SDR50, SDR104, or DDR50 mode by Function Group 1, host needs to change the Power Limit to enable the card to operate in higher performance". The driver previously determined SD card current limits incorrectly by checking capability bits before bus speed was established, and by using support bits in function group 4 (bytes 6 & 7) rather than the actual current requirement (bytes 0 & 1). This is wrong because the card responds for a given bus speed. This patch queries the card's current requirement after setting the bus speed, and uses the reported value to select the appropriate current limit. while at it, remove some unused constants and the misleading comment in the code. Fixes: d9812780a020 ("mmc: sd: limit SD card power limit according to cards capabilities") Signed-off-by: Avri Altman <avri.altman(a)sandisk.com> Cc: stable(a)vger.kernel.org --- drivers/mmc/core/sd.c | 36 +++++++++++++----------------------- include/linux/mmc/card.h | 6 ------ 2 files changed, 13 insertions(+), 29 deletions(-) diff --git a/drivers/mmc/core/sd.c b/drivers/mmc/core/sd.c index cf92c5b2059a..357edfb910df 100644 --- a/drivers/mmc/core/sd.c +++ b/drivers/mmc/core/sd.c @@ -365,7 +365,6 @@ static int mmc_read_switch(struct mmc_card *card) card->sw_caps.sd3_bus_mode = status[13]; /* Driver Strengths supported by the card */ card->sw_caps.sd3_drv_type = status[9]; - card->sw_caps.sd3_curr_limit = status[7] | status[6] << 8; } out: @@ -556,7 +555,7 @@ static int sd_set_current_limit(struct mmc_card *card, u8 *status) { int current_limit = SD_SET_CURRENT_LIMIT_200; int err; - u32 max_current; + u32 max_current, card_needs; /* * Current limit switch is only defined for SDR50, SDR104, and DDR50 @@ -575,33 +574,24 @@ static int sd_set_current_limit(struct mmc_card *card, u8 *status) max_current = sd_get_host_max_current(card->host); /* - * We only check host's capability here, if we set a limit that is - * higher than the card's maximum current, the card will be using its - * maximum current, e.g. if the card's maximum current is 300ma, and - * when we set current limit to 200ma, the card will draw 200ma, and - * when we set current limit to 400/600/800ma, the card will draw its - * maximum 300ma from the host. - * - * The above is incorrect: if we try to set a current limit that is - * not supported by the card, the card can rightfully error out the - * attempt, and remain at the default current limit. This results - * in a 300mA card being limited to 200mA even though the host - * supports 800mA. Failures seen with SanDisk 8GB UHS cards with - * an iMX6 host. --rmk + * query the card of its maximun current/power consumption given the + * bus speed mode */ - if (max_current >= 800 && - card->sw_caps.sd3_curr_limit & SD_MAX_CURRENT_800) + err = mmc_sd_switch(card, 0, 0, card->sd_bus_speed, status); + if (err) + return err; + + card_needs = status[1] | status[0] << 8; + + if (max_current >= 800 && card_needs > 600) current_limit = SD_SET_CURRENT_LIMIT_800; - else if (max_current >= 600 && - card->sw_caps.sd3_curr_limit & SD_MAX_CURRENT_600) + else if (max_current >= 600 && card_needs > 400) current_limit = SD_SET_CURRENT_LIMIT_600; - else if (max_current >= 400 && - card->sw_caps.sd3_curr_limit & SD_MAX_CURRENT_400) + else if (max_current >= 400 && card_needs > 200) current_limit = SD_SET_CURRENT_LIMIT_400; if (current_limit != SD_SET_CURRENT_LIMIT_200) { - err = mmc_sd_switch(card, SD_SWITCH_SET, 3, - current_limit, status); + err = mmc_sd_switch(card, SD_SWITCH_SET, 3, current_limit, status); if (err) return err; diff --git a/include/linux/mmc/card.h b/include/linux/mmc/card.h index e9e964c20e53..67c1386ca574 100644 --- a/include/linux/mmc/card.h +++ b/include/linux/mmc/card.h @@ -177,17 +177,11 @@ struct sd_switch_caps { #define SD_DRIVER_TYPE_A 0x02 #define SD_DRIVER_TYPE_C 0x04 #define SD_DRIVER_TYPE_D 0x08 - unsigned int sd3_curr_limit; #define SD_SET_CURRENT_LIMIT_200 0 #define SD_SET_CURRENT_LIMIT_400 1 #define SD_SET_CURRENT_LIMIT_600 2 #define SD_SET_CURRENT_LIMIT_800 3 -#define SD_MAX_CURRENT_200 (1 << SD_SET_CURRENT_LIMIT_200) -#define SD_MAX_CURRENT_400 (1 << SD_SET_CURRENT_LIMIT_400) -#define SD_MAX_CURRENT_600 (1 << SD_SET_CURRENT_LIMIT_600) -#define SD_MAX_CURRENT_800 (1 << SD_SET_CURRENT_LIMIT_800) - #define SD4_SET_POWER_LIMIT_0_72W 0 #define SD4_SET_POWER_LIMIT_1_44W 1 #define SD4_SET_POWER_LIMIT_2_16W 2 -- 2.25.1

3 months, 4 weeks

3
6
0 0

[PATCH net] net: libwx: fix multicast packets received count

by Jiawen Wu

Multicast good packets received by PF rings that pass ethternet MAC address filtering are counted for rtnl_link_stats64.multicast. The counter is not cleared on read. Fix the duplicate counting on updating statistics. Fixes: 46b92e10d631 ("net: libwx: support hardware statistics") Cc: stable(a)vger.kernel.org Signed-off-by: Jiawen Wu <jiawenwu(a)trustnetic.com> --- drivers/net/ethernet/wangxun/libwx/wx_hw.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/net/ethernet/wangxun/libwx/wx_hw.c b/drivers/net/ethernet/wangxun/libwx/wx_hw.c index 0f4be72116b8..a9519997286b 100644 --- a/drivers/net/ethernet/wangxun/libwx/wx_hw.c +++ b/drivers/net/ethernet/wangxun/libwx/wx_hw.c @@ -2778,6 +2778,7 @@ void wx_update_stats(struct wx *wx) hwstats->fdirmiss += rd32(wx, WX_RDB_FDIR_MISS); } + hwstats->qmprc = 0; for (i = wx->num_vfs * wx->num_rx_queues_per_pool; i < wx->mac.max_rx_queues; i++) hwstats->qmprc += rd32(wx, WX_PX_MPRC(i)); -- 2.48.1

3 months, 4 weeks

2
3
0 0

[PATCH 5.15 000/149] 5.15.187-rc3 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.15.187 release. There are 149 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 10 Jul 2025 18:32:32 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.187-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.15.187-rc3 Borislav Petkov (AMD) <bp(a)alien8.de> x86/process: Move the buffer clearing before MONITOR Borislav Petkov (AMD) <bp(a)alien8.de> KVM: SVM: Advertise TSA CPUID bits to guests Paolo Bonzini <pbonzini(a)redhat.com> KVM: x86: add support for CPUID leaf 0x80000021 Borislav Petkov (AMD) <bp(a)alien8.de> x86/bugs: Add a Transient Scheduler Attacks mitigation Borislav Petkov (AMD) <bp(a)alien8.de> x86/bugs: Rename MDS machinery to something more generic Andrei Kuchynski <akuchynski(a)chromium.org> usb: typec: displayport: Fix potential deadlock Kurt Borja <kuurtb(a)gmail.com> platform/x86: think-lmi: Create ksets consecutively Oliver Neukum <oneukum(a)suse.com> Logitech C-270 even more broken Michael J. Ruhl <michael.j.ruhl(a)intel.com> i2c/designware: Fix an initialization issue Peter Chen <peter.chen(a)cixtech.com> usb: cdnsp: do not disable slot for disabled slot Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: dbc: Flush queued requests before stopping dbc Łukasz Bartosik <ukaszb(a)chromium.org> xhci: dbctty: disable ECHO flag by default Kurt Borja <kuurtb(a)gmail.com> platform/x86: dell-wmi-sysman: Fix class device unregistration Kurt Borja <kuurtb(a)gmail.com> platform/x86: think-lmi: Fix class device unregistration Fushuai Wang <wangfushuai(a)baidu.com> dpaa2-eth: fix xdp_rxq_info leak Ioana Ciornei <ioana.ciornei(a)nxp.com> net: dpaa2-eth: rearrange variable in dpaa2_eth_get_ethtool_stats Radu Bulie <radu-andrei.bulie(a)nxp.com> dpaa2-eth: Update SINGLE_STEP register access Radu Bulie <radu-andrei.bulie(a)nxp.com> dpaa2-eth: Update dpni_get_single_step_cfg command Thomas Fourier <fourier.thomas(a)gmail.com> ethernet: atl1: Add missing DMA mapping error checks and count errors Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4/flexfiles: Fix handling of NFS level errors in I/O Maíra Canal <mcanal(a)igalia.com> drm/v3d: Disable interrupts before resetting the GPU Manivannan Sadhasivam <mani(a)kernel.org> regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods Jerome Neanne <jneanne(a)baylibre.com> regulator: gpio: Add input_supply support in gpio_regulator_config Avri Altman <avri.altman(a)sandisk.com> mmc: core: sd: Apply BROKEN_SD_DISCARD quirk earlier Uladzislau Rezki (Sony) <urezki(a)gmail.com> rcu: Return early if callback is not specified Pablo Martin-Gomez <pmartin-gomez(a)freebox.fr> mtd: spinand: fix memory leak of ECC engine conf Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> ACPICA: Refuse to evaluate a method if arguments are missing Johannes Berg <johannes.berg(a)intel.com> wifi: ath6kl: remove WARN on bad firmware input Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: drop invalid source address OCB frames Maurizio Lombardi <mlombard(a)redhat.com> scsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port() Madhavan Srinivasan <maddy(a)linux.ibm.com> powerpc: Fix struct termio related ioctl macros Johannes Berg <johannes.berg(a)intel.com> ata: pata_cs5536: fix build on 32-bit UML Takashi Iwai <tiwai(a)suse.de> ALSA: sb: Force to disable DMAs once when DMA mode is changed Takashi Iwai <tiwai(a)suse.de> ALSA: sb: Don't allow changing the DMA mode during operations Rob Clark <robdclark(a)chromium.org> drm/msm: Fix a fence leak in submit error path Lion Ackermann <nnamrec(a)gmail.com> net/sched: Always pass notifications when child class becomes empty Thomas Fourier <fourier.thomas(a)gmail.com> nui: Fix dma_mapping_error() check Kohei Enju <enjuk(a)amazon.com> rose: fix dangling neighbour pointers in rose_rt_device_down() Alok Tiwari <alok.a.tiwari(a)oracle.com> enic: fix incorrect MTU comparison in enic_change_mtu() Raju Rangoju <Raju.Rangoju(a)amd.com> amd-xgbe: align CL37 AN sequence as per databook Dan Carpenter <dan.carpenter(a)linaro.org> lib: test_objagg: Set error message in check_expect_hints_stats() Vitaly Lifshits <vitaly.lifshits(a)intel.com> igc: disable L1.2 PCI-E link substate to avoid performance issue Janusz Krzysztofik <janusz.krzysztofik(a)linux.intel.com> drm/i915/gt: Fix timeline left held on VMA alloc error Kurt Borja <kuurtb(a)gmail.com> platform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks Dan Carpenter <dan.carpenter(a)linaro.org> drm/i915/selftests: Change mock_request() to return error pointers James Clark <james.clark(a)linaro.org> spi: spi-fsl-dspi: Clear completion counter before initiating transfer Marek Szyprowski <m.szyprowski(a)samsung.com> drm/exynos: fimd: Guard display clock control with runtime PM calls Filipe Manana <fdmanana(a)suse.com> btrfs: fix missing error handling when searching for inode refs during log replay Patrisious Haddad <phaddad(a)nvidia.com> RDMA/mlx5: Fix CC counters query for MPV Bart Van Assche <bvanassche(a)acm.org> scsi: ufs: core: Fix spelling of a sysfs attribute name Thomas Fourier <fourier.thomas(a)gmail.com> scsi: qla4xxx: Fix missing DMA mapping error in qla4xxx_alloc_pdu() Thomas Fourier <fourier.thomas(a)gmail.com> scsi: qla2xxx: Fix DMA mapping test in qla24xx_get_port_database() Benjamin Coddington <bcodding(a)redhat.com> NFSv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN Kuniyuki Iwashima <kuniyu(a)google.com> nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails. Mark Zhang <markzhang(a)nvidia.com> RDMA/mlx5: Initialize obj_event->obj_sub_list before xa_insert David Thompson <davthompson(a)nvidia.com> platform/mellanox: mlxbf-tmfifo: fix vring_desc.len assignment Sergey Senozhatsky <senozhatsky(a)chromium.org> mtk-sd: reset host->mrq on prepare_data() error Masami Hiramatsu (Google) <mhiramat(a)kernel.org> mtk-sd: Prevent memory corruption from DMA map failure Masami Hiramatsu (Google) <mhiramat(a)kernel.org> mtk-sd: Fix a pagefault in dma_unmap_sg() for not prepared data RD Babiera <rdbabiera(a)google.com> usb: typec: altmodes/displayport: do not index invalid pin_assignments Ulf Hansson <ulf.hansson(a)linaro.org> Revert "mmc: sdhci: Disable SD card clock before changing parameters" Victor Shih <victor.shih(a)genesyslogic.com.tw> mmc: sdhci: Add a helper function for dump register in dynamic debug mode HarshaVardhana S A <harshavardhana.sa(a)broadcom.com> vsock/vmci: Clear the vmci transport packet properly when initializing it Mateusz Jończyk <mat.jonczyk(a)o2.pl> rtc: cmos: use spin_lock_irqsave in cmos_interrupt Geert Uytterhoeven <geert+renesas(a)glider.be> ARM: 9354/1: ptrace: Use bitfield helpers Josef Bacik <josef(a)toxicpanda.com> btrfs: don't drop extent_map for free space inode on write error Dev Jain <dev.jain(a)arm.com> arm64: Restrict pagetable teardown to avoid false warning Brett A C Sheffield (Librecast) <bacs(a)librecast.net> Revert "ipv6: save dontfrag in cork" Nathan Chancellor <nathan(a)kernel.org> s390: Add '-std=gnu11' to decompressor and purgatory CFLAGS Heiko Carstens <hca(a)linux.ibm.com> s390/entry: Fix last breaking event handling in case of stack corruption Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Rollback non processed entities on error Dexuan Cui <decui(a)microsoft.com> PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time Wentao Liang <vulab(a)iscas.ac.cn> drm/amd/display: Add null pointer check for get_first_active_display() Aradhya Bhatia <a-bhatia1(a)ti.com> drm/bridge: cdns-dsi: Wait for Clk and Data Lanes to be ready Aradhya Bhatia <a-bhatia1(a)ti.com> drm/bridge: cdns-dsi: Check return value when getting default PHY config Aradhya Bhatia <a-bhatia1(a)ti.com> drm/bridge: cdns-dsi: Fix connecting to next bridge Aradhya Bhatia <a-bhatia1(a)ti.com> drm/bridge: cdns-dsi: Fix the clock variable for mode_valid() Jay Cornwall <jay.cornwall(a)amd.com> drm/amdkfd: Fix race in GWS queue scheduling Thomas Zimmermann <tzimmermann(a)suse.de> drm/udl: Unregister device before cleaning up on disconnect Qiu-ji Chen <chenqiuji666(a)gmail.com> drm/tegra: Fix a possible null pointer dereference Thierry Reding <treding(a)nvidia.com> drm/tegra: Assign plane type before registration Qasim Ijaz <qasdev00(a)gmail.com> HID: wacom: fix kobject reference count leak Qasim Ijaz <qasdev00(a)gmail.com> HID: wacom: fix memory leak on sysfs attribute creation failure Qasim Ijaz <qasdev00(a)gmail.com> HID: wacom: fix memory leak on kobject creation failure Mark Harmstone <maharmstone(a)fb.com> btrfs: update superblock's device bytes_used when dropping chunk Heinz Mauelshagen <heinzm(a)redhat.com> dm-raid: fix variable in journal device check Frédéric Danis <frederic.danis(a)collabora.com> Bluetooth: L2CAP: Fix L2CAP MTU negotiation Yao Zi <ziyao(a)disroot.org> dt-bindings: serial: 8250: Make clocks and clock-frequency exclusive Nathan Chancellor <nathan(a)kernel.org> staging: rtl8723bs: Avoid memset() in aes_cipher() and aes_decipher() Jakub Kicinski <kuba(a)kernel.org> net: selftests: fix TCP packet checksum Kuniyuki Iwashima <kuniyu(a)google.com> atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister(). Simon Horman <horms(a)kernel.org> net: enetc: Correct endianness handling in _enetc_rd_reg64 Tiwei Bie <tiwei.btw(a)antgroup.com> um: ubd: Add missing error check in start_io_thread() Stefano Garzarella <sgarzare(a)redhat.com> vsock/uapi: fix linux/vm_sockets.h userspace compilation errors Kuniyuki Iwashima <kuniyu(a)google.com> af_unix: Don't set -ECONNRESET for consumed OOB skb. Lachlan Hodges <lachlan.hodges(a)morsemicro.com> wifi: mac80211: fix beacon interval calculation overflow Yuan Chen <chenyuan(a)kylinos.cn> libbpf: Fix null pointer dereference in btf_dump__free on allocation failure Al Viro <viro(a)zeniv.linux.org.uk> attach_recursive_mnt(): do not lock the covering tree when sliding something under it Youngjun Lee <yjjuny.lee(a)samsung.com> ALSA: usb-audio: Fix out-of-bounds read in snd_usb_get_audioformat_uac3() Eric Dumazet <edumazet(a)google.com> atm: clip: prevent NULL deref in clip_push() Fedor Pchelkin <pchelkin(a)ispras.ru> s390/pkey: Prevent overflow in size calculation for memdup_user() Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: robotfuzz-osif: disable zero-length read messages Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: tiny-usb: disable zero-length read messages Rong Zhang <i(a)rong.moe> platform/x86: ideapad-laptop: use usleep_range() for EC polling Thomas Zimmermann <tzimmermann(a)suse.de> dummycon: Trigger redraw when switching consoles with deferred takeover Jiri Slaby (SUSE) <jirislaby(a)kernel.org> tty: vt: make consw::con_switch() return a bool Jiri Slaby (SUSE) <jirislaby(a)kernel.org> tty: vt: sanitize arguments of consw::con_clear() Jiri Slaby (SUSE) <jirislaby(a)kernel.org> tty: vt: make init parameter of consw::con_init() a bool Jiri Slaby (SUSE) <jirislaby(a)kernel.org> vgacon: remove unneeded forward declarations Jiri Slaby (SUSE) <jirislaby(a)kernel.org> vgacon: switch vgacon_scrolldelta() and vgacon_restore_screen() Jiri Slaby <jirislaby(a)kernel.org> tty/vt: consolemap: rename and document struct uni_pagedir Daniel Vetter <daniel.vetter(a)ffwll.ch> fbcon: delete a few unneeded forward decl Long Li <longli(a)microsoft.com> uio_hv_generic: Align ring size to system page Saurabh Sengar <ssengar(a)linux.microsoft.com> uio_hv_generic: Query the ringbuffer size for device Saurabh Sengar <ssengar(a)linux.microsoft.com> Drivers: hv: vmbus: Add utility function for querying ring size Vitaly Kuznetsov <vkuznets(a)redhat.com> Drivers: hv: Rename 'alloced' to 'allocated' Chao Yu <chao(a)kernel.org> f2fs: don't over-report free space or inodes in statvfs Ming Qian <ming.qian(a)oss.nxp.com> media: imx-jpeg: Drop the first error frames Miquel Raynal <miquel.raynal(a)bootlin.com> clk: ti: am43xx: Add clkctrl data for am43xx ADC1 Marek Szyprowski <m.szyprowski(a)samsung.com> media: omap3isp: use sgtable-based scatterlist wrappers Dmitry Nikiforov <Dm1tryNk(a)yandex.ru> media: davinci: vpif: Fix memory leak in probe error path Vasiliy Kovalev <kovalev(a)altlinux.org> jfs: validate AG parameters in dbMount() to prevent crashes Dave Kleikamp <dave.kleikamp(a)oracle.com> fs/jfs: consolidate sanity checking in dbMount Kees Cook <kees(a)kernel.org> ovl: Check for NULL d_inode() in ovl_dentry_upper() Dmitry Kandybka <d.kandybka(a)gmail.com> ceph: fix possible integer overflow in ceph_zero_objects() Mario Limonciello <mario.limonciello(a)amd.com> ALSA: usb-audio: Add a quirk for Lenovo Thinkpad Thunderbolt 3 dock Vijendar Mukunda <Vijendar.Mukunda(a)amd.com> ALSA: hda: Add new pci id for AMD GPU display HD audio controller Cezary Rojewski <cezary.rojewski(a)intel.com> ALSA: hda: Ignore unsol events for cards being shut down Jos Wang <joswang(a)lenovo.com> usb: typec: displayport: Receive DP Status Update NAK request exit dp altmode Robert Hodaszi <robert.hodaszi(a)digi.com> usb: cdc-wdm: avoid setting WDM_READ for ZLP-s Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> usb: Add checks for snprintf() calls in usb_alloc_dev() Chance Yang <chance.yang(a)kneron.us> usb: common: usb-conn-gpio: use a unique name for usb connector device Jakub Lewalski <jakub.lewalski(a)nokia.com> tty: serial: uartlite: register uart driver in init Chen Yufeng <chenyufeng(a)iie.ac.cn> usb: potential integer overflow in usbg_make_tpg() Michael Grzeschik <m.grzeschik(a)pengutronix.de> usb: dwc2: also exit clock_gating when stopping udc while suspended James Clark <james.clark(a)linaro.org> coresight: Only check bottom two claim bits Sami Tolvanen <samitolvanen(a)google.com> um: Add cmpxchg8b_emu and checksum functions to asm-prototypes.h Jonathan Cameron <Jonathan.Cameron(a)huawei.com> iio: pressure: zpa2326: Use aligned_s64 for the timestamp Linggang Zeng <linggang.zeng(a)easystack.cn> bcache: fix NULL pointer in cache_set_flush() Yu Kuai <yukuai3(a)huawei.com> md/md-bitmap: fix dm-raid max_write_behind setting Thomas Gessler <thomas.gessler(a)brueckmann-gmbh.de> dmaengine: xilinx_dma: Set dma_device directions Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: allow a filename to contain special characters on SMB3.1.1 posix extension Alexis Czezar Torreno <alexisczezar.torreno(a)analog.com> hwmon: (pmbus/max34440) Fix support for max34451 Sven Schwermer <sven.schwermer(a)disruptive-technologies.com> leds: multicolor: Fix intensity setting while SW blinking Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> mfd: max14577: Fix wakeup source leaks on device unbind Peng Fan <peng.fan(a)nxp.com> mailbox: Not protect module_put with spin_lock_irqsave Olga Kornievskaia <okorniev(a)redhat.com> NFSv4.2: fix listxattr to return selinux security label Han Young <hanyang.tony(a)bytedance.com> NFSv4: Always set NLINK even if the server doesn't support it Pali Rohár <pali(a)kernel.org> cifs: Fix cifs_query_path_info() for Windows NT servers ------------- Diffstat: Documentation/ABI/testing/sysfs-devices-system-cpu | 1 + Documentation/ABI/testing/sysfs-driver-ufs | 2 +- .../hw-vuln/processor_mmio_stale_data.rst | 4 +- Documentation/admin-guide/kernel-parameters.txt | 13 ++ Documentation/devicetree/bindings/serial/8250.yaml | 2 +- Makefile | 4 +- arch/arm/include/asm/ptrace.h | 5 +- arch/arm64/mm/mmu.c | 3 +- arch/powerpc/include/uapi/asm/ioctls.h | 8 +- arch/s390/Makefile | 2 +- arch/s390/kernel/entry.S | 2 +- arch/s390/purgatory/Makefile | 2 +- arch/um/drivers/ubd_user.c | 2 +- arch/um/include/asm/asm-prototypes.h | 5 + arch/x86/Kconfig | 9 ++ arch/x86/entry/entry.S | 8 +- arch/x86/include/asm/cpu.h | 13 ++ arch/x86/include/asm/cpufeatures.h | 6 + arch/x86/include/asm/irqflags.h | 4 +- arch/x86/include/asm/mwait.h | 19 ++- arch/x86/include/asm/nospec-branch.h | 39 +++--- arch/x86/kernel/cpu/amd.c | 58 +++++++++ arch/x86/kernel/cpu/bugs.c | 133 ++++++++++++++++++++- arch/x86/kernel/cpu/common.c | 14 ++- arch/x86/kernel/cpu/scattered.c | 2 + arch/x86/kernel/process.c | 15 ++- arch/x86/kvm/cpuid.c | 25 +++- arch/x86/kvm/reverse_cpuid.h | 8 ++ arch/x86/kvm/svm/vmenter.S | 6 + arch/x86/kvm/vmx/vmx.c | 2 +- arch/x86/um/asm/checksum.h | 3 + drivers/acpi/acpica/dsmethod.c | 7 ++ drivers/ata/pata_cs5536.c | 2 +- drivers/base/cpu.c | 7 ++ drivers/clk/ti/clk-43xx.c | 1 + drivers/dma/xilinx/xilinx_dma.c | 2 + drivers/gpu/drm/amd/amdkfd/kfd_packet_manager_v9.c | 2 +- .../gpu/drm/amd/display/modules/hdcp/hdcp_psp.c | 3 + drivers/gpu/drm/bridge/cdns-dsi.c | 27 ++++- drivers/gpu/drm/exynos/exynos_drm_fimd.c | 12 ++ drivers/gpu/drm/i915/gt/intel_ring_submission.c | 3 +- drivers/gpu/drm/i915/selftests/i915_request.c | 20 ++-- drivers/gpu/drm/i915/selftests/mock_request.c | 2 +- drivers/gpu/drm/msm/msm_gem_submit.c | 9 ++ drivers/gpu/drm/tegra/dc.c | 17 ++- drivers/gpu/drm/tegra/hub.c | 4 +- drivers/gpu/drm/tegra/hub.h | 3 +- drivers/gpu/drm/udl/udl_drv.c | 2 +- drivers/gpu/drm/v3d/v3d_drv.h | 8 ++ drivers/gpu/drm/v3d/v3d_gem.c | 2 + drivers/gpu/drm/v3d/v3d_irq.c | 39 ++++-- drivers/hid/wacom_sys.c | 6 +- drivers/hv/channel_mgmt.c | 33 +++-- drivers/hv/hyperv_vmbus.h | 19 +-- drivers/hv/vmbus_drv.c | 2 +- drivers/hwmon/pmbus/max34440.c | 48 +++++++- drivers/hwtracing/coresight/coresight-core.c | 3 +- drivers/hwtracing/coresight/coresight-priv.h | 1 + drivers/i2c/busses/i2c-designware-master.c | 1 + drivers/i2c/busses/i2c-robotfuzz-osif.c | 6 + drivers/i2c/busses/i2c-tiny-usb.c | 6 + drivers/iio/pressure/zpa2326.c | 2 +- drivers/infiniband/hw/mlx5/counters.c | 2 +- drivers/infiniband/hw/mlx5/devx.c | 2 +- drivers/leds/led-class-multicolor.c | 3 +- drivers/mailbox/mailbox.c | 2 +- drivers/md/bcache/super.c | 7 +- drivers/md/dm-raid.c | 2 +- drivers/md/md-bitmap.c | 2 +- drivers/media/platform/davinci/vpif.c | 4 +- drivers/media/platform/imx-jpeg/mxc-jpeg.c | 12 +- drivers/media/platform/omap3isp/ispccdc.c | 8 +- drivers/media/platform/omap3isp/ispstat.c | 6 +- drivers/media/usb/uvc/uvc_ctrl.c | 42 ++++--- drivers/mfd/max14577.c | 1 + drivers/mmc/core/quirks.h | 16 +-- drivers/mmc/host/mtk-sd.c | 21 +++- drivers/mmc/host/sdhci.c | 9 +- drivers/mmc/host/sdhci.h | 16 +++ drivers/mtd/nand/spi/core.c | 1 + drivers/net/ethernet/amd/xgbe/xgbe-common.h | 2 + drivers/net/ethernet/amd/xgbe/xgbe-mdio.c | 9 ++ drivers/net/ethernet/amd/xgbe/xgbe.h | 4 +- drivers/net/ethernet/atheros/atlx/atl1.c | 78 ++++++++---- drivers/net/ethernet/cisco/enic/enic_main.c | 4 +- drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 115 ++++++++++++++++-- drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.h | 14 ++- .../net/ethernet/freescale/dpaa2/dpaa2-ethtool.c | 18 ++- drivers/net/ethernet/freescale/dpaa2/dpni-cmd.h | 6 +- drivers/net/ethernet/freescale/dpaa2/dpni.c | 2 + drivers/net/ethernet/freescale/dpaa2/dpni.h | 6 + drivers/net/ethernet/freescale/enetc/enetc_hw.h | 2 +- drivers/net/ethernet/intel/igc/igc_main.c | 10 ++ drivers/net/ethernet/sun/niu.c | 31 ++++- drivers/net/ethernet/sun/niu.h | 4 + drivers/net/wireless/ath/ath6kl/bmi.c | 4 +- drivers/pci/controller/pci-hyperv.c | 17 ++- drivers/platform/mellanox/mlxbf-tmfifo.c | 3 +- .../x86/dell/dell-wmi-sysman/dell-wmi-sysman.h | 5 + .../x86/dell/dell-wmi-sysman/enum-attributes.c | 5 +- .../x86/dell/dell-wmi-sysman/int-attributes.c | 5 +- .../x86/dell/dell-wmi-sysman/passobj-attributes.c | 5 +- .../x86/dell/dell-wmi-sysman/string-attributes.c | 5 +- drivers/platform/x86/dell/dell-wmi-sysman/sysman.c | 12 +- drivers/platform/x86/ideapad-laptop.c | 19 ++- drivers/platform/x86/think-lmi.c | 18 +-- drivers/regulator/gpio-regulator.c | 19 ++- drivers/rtc/rtc-cmos.c | 10 +- drivers/s390/crypto/pkey_api.c | 2 +- drivers/scsi/qla2xxx/qla_mbx.c | 2 +- drivers/scsi/qla4xxx/ql4_os.c | 2 + drivers/scsi/ufs/ufs-sysfs.c | 4 +- drivers/spi/spi-fsl-dspi.c | 11 +- drivers/staging/rtl8723bs/core/rtw_security.c | 44 +++---- drivers/target/target_core_pr.c | 4 +- drivers/tty/serial/uartlite.c | 25 ++-- drivers/tty/vt/consolemap.c | 47 +++++--- drivers/tty/vt/vt.c | 12 +- drivers/uio/uio_hv_generic.c | 10 +- drivers/usb/cdns3/cdnsp-ring.c | 4 +- drivers/usb/class/cdc-wdm.c | 23 ++-- drivers/usb/common/usb-conn-gpio.c | 25 +++- drivers/usb/core/quirks.c | 3 +- drivers/usb/core/usb.c | 14 ++- drivers/usb/dwc2/gadget.c | 6 + drivers/usb/gadget/function/f_tcm.c | 4 +- drivers/usb/host/xhci-dbgcap.c | 4 + drivers/usb/host/xhci-dbgtty.c | 1 + drivers/usb/typec/altmodes/displayport.c | 5 +- drivers/video/console/dummycon.c | 24 ++-- drivers/video/console/mdacon.c | 21 ++-- drivers/video/console/newport_con.c | 12 +- drivers/video/console/sticon.c | 14 +-- drivers/video/console/vgacon.c | 38 +++--- drivers/video/fbdev/core/fbcon.c | 57 ++++----- fs/btrfs/inode.c | 19 ++- fs/btrfs/tree-log.c | 4 +- fs/btrfs/volumes.c | 6 + fs/ceph/file.c | 2 +- fs/cifs/misc.c | 8 ++ fs/f2fs/super.c | 30 +++-- fs/jfs/jfs_dmap.c | 41 ++----- fs/ksmbd/smb2pdu.c | 53 ++++---- fs/namespace.c | 8 +- fs/nfs/flexfilelayout/flexfilelayout.c | 121 +++++++++++++------ fs/nfs/inode.c | 19 ++- fs/nfs/nfs4proc.c | 12 +- fs/nfs/pnfs.c | 4 +- fs/overlayfs/util.c | 4 +- include/dt-bindings/clock/am4.h | 1 + include/linux/console.h | 13 +- include/linux/console_struct.h | 6 +- include/linux/cpu.h | 1 + include/linux/hyperv.h | 2 + include/linux/ipv6.h | 1 - include/linux/regulator/gpio-regulator.h | 2 + include/linux/usb/typec_dp.h | 1 + include/uapi/linux/vm_sockets.h | 4 + kernel/rcu/tree.c | 4 + lib/test_objagg.c | 4 +- net/atm/clip.c | 11 +- net/atm/resources.c | 3 +- net/bluetooth/l2cap_core.c | 9 +- net/core/selftests.c | 5 +- net/ipv6/ip6_output.c | 9 +- net/mac80211/rx.c | 4 + net/mac80211/util.c | 2 +- net/rose/rose_route.c | 15 +-- net/sched/sch_api.c | 19 +-- net/unix/af_unix.c | 18 ++- net/vmw_vsock/vmci_transport.c | 4 +- sound/isa/sb/sb16_main.c | 7 ++ sound/pci/hda/hda_bind.c | 2 +- sound/pci/hda/hda_intel.c | 3 + sound/usb/quirks.c | 2 + sound/usb/stream.c | 2 + tools/lib/bpf/btf_dump.c | 3 + 177 files changed, 1584 insertions(+), 628 deletions(-)

3 months, 4 weeks

6
5
0 0

[PATCH 6.1 00/81] 6.1.144-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.1.144 release. There are 81 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 10 Jul 2025 18:08:50 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.144-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.1.144-rc2 Borislav Petkov (AMD) <bp(a)alien8.de> x86/process: Move the buffer clearing before MONITOR Borislav Petkov (AMD) <bp(a)alien8.de> KVM: SVM: Advertise TSA CPUID bits to guests Borislav Petkov (AMD) <bp(a)alien8.de> x86/bugs: Add a Transient Scheduler Attacks mitigation Borislav Petkov (AMD) <bp(a)alien8.de> x86/bugs: Rename MDS machinery to something more generic Andrei Kuchynski <akuchynski(a)chromium.org> usb: typec: displayport: Fix potential deadlock Kurt Borja <kuurtb(a)gmail.com> platform/x86: think-lmi: Fix kobject cleanup Kurt Borja <kuurtb(a)gmail.com> platform/x86: think-lmi: Create ksets consecutively Oliver Neukum <oneukum(a)suse.com> Logitech C-270 even more broken Michael J. Ruhl <michael.j.ruhl(a)intel.com> i2c/designware: Fix an initialization issue Christian König <christian.koenig(a)amd.com> dma-buf: fix timeout handling in dma_resv_wait_timeout v2 Peter Chen <peter.chen(a)cixtech.com> usb: cdnsp: do not disable slot for disabled slot Hongyu Xie <xiehongyu1(a)kylinos.cn> xhci: Disable stream for xHC controller with XHCI_BROKEN_STREAMS Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: dbc: Flush queued requests before stopping dbc Łukasz Bartosik <ukaszb(a)chromium.org> xhci: dbctty: disable ECHO flag by default Oleksij Rempel <linux(a)rempel-privat.de> net: usb: lan78xx: fix WARN in __netif_napi_del_locked on disconnect Kurt Borja <kuurtb(a)gmail.com> platform/x86: dell-wmi-sysman: Fix class device unregistration Kurt Borja <kuurtb(a)gmail.com> platform/x86: think-lmi: Fix class device unregistration Fushuai Wang <wangfushuai(a)baidu.com> dpaa2-eth: fix xdp_rxq_info leak Filipe Manana <fdmanana(a)suse.com> btrfs: use btrfs_record_snapshot_destroy() during rmdir Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4/flexfiles: Fix handling of NFS level errors in I/O Maíra Canal <mcanal(a)igalia.com> drm/v3d: Disable interrupts before resetting the GPU Niklas Schnelle <schnelle(a)linux.ibm.com> s390/pci: Fix stale function handles in error handling Bui Quang Minh <minhquangbui99(a)gmail.com> virtio-net: ensure the received length does not exceed allocated size Uladzislau Rezki (Sony) <urezki(a)gmail.com> rcu: Return early if callback is not specified Pablo Martin-Gomez <pmartin-gomez(a)freebox.fr> mtd: spinand: fix memory leak of ECC engine conf Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> ACPICA: Refuse to evaluate a method if arguments are missing Johannes Berg <johannes.berg(a)intel.com> wifi: ath6kl: remove WARN on bad firmware input Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: drop invalid source address OCB frames Justin Sanders <jsanders.devel(a)gmail.com> aoe: defer rexmit timer downdev work to workqueue Maurizio Lombardi <mlombard(a)redhat.com> scsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port() Raven Black <ravenblack(a)gmail.com> ASoC: amd: yc: update quirk data for HP Victus Madhavan Srinivasan <maddy(a)linux.ibm.com> powerpc: Fix struct termio related ioctl macros Johannes Berg <johannes.berg(a)intel.com> ata: pata_cs5536: fix build on 32-bit UML Tasos Sahanidis <tasos(a)tasossah.com> ata: libata-acpi: Do not assume 40 wire cable if no devices are enabled Takashi Iwai <tiwai(a)suse.de> ALSA: sb: Force to disable DMAs once when DMA mode is changed Takashi Iwai <tiwai(a)suse.de> ALSA: sb: Don't allow changing the DMA mode during operations Rob Clark <robdclark(a)chromium.org> drm/msm: Fix another leak in the submit error path Rob Clark <robdclark(a)chromium.org> drm/msm: Fix a fence leak in submit error path Wang Zhaolong <wangzhaolong(a)huaweicloud.com> smb: client: fix race condition in negotiate timeout by using more precise timing Lion Ackermann <nnamrec(a)gmail.com> net/sched: Always pass notifications when child class becomes empty Thomas Fourier <fourier.thomas(a)gmail.com> nui: Fix dma_mapping_error() check Kohei Enju <enjuk(a)amazon.com> rose: fix dangling neighbour pointers in rose_rt_device_down() Alok Tiwari <alok.a.tiwari(a)oracle.com> enic: fix incorrect MTU comparison in enic_change_mtu() Raju Rangoju <Raju.Rangoju(a)amd.com> amd-xgbe: align CL37 AN sequence as per databook Dan Carpenter <dan.carpenter(a)linaro.org> lib: test_objagg: Set error message in check_expect_hints_stats() Vitaly Lifshits <vitaly.lifshits(a)intel.com> igc: disable L1.2 PCI-E link substate to avoid performance issue Junxiao Chang <junxiao.chang(a)intel.com> drm/i915/gsc: mei interrupt top half should be in irq disabled context Janusz Krzysztofik <janusz.krzysztofik(a)linux.intel.com> drm/i915/gt: Fix timeline left held on VMA alloc error Alok Tiwari <alok.a.tiwari(a)oracle.com> platform/mellanox: mlxreg-lc: Fix logic error in power state check Kurt Borja <kuurtb(a)gmail.com> platform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks Dan Carpenter <dan.carpenter(a)linaro.org> drm/i915/selftests: Change mock_request() to return error pointers James Clark <james.clark(a)linaro.org> spi: spi-fsl-dspi: Clear completion counter before initiating transfer Marek Szyprowski <m.szyprowski(a)samsung.com> drm/exynos: fimd: Guard display clock control with runtime PM calls Thomas Fourier <fourier.thomas(a)gmail.com> ethernet: atl1: Add missing DMA mapping error checks and count errors Filipe Manana <fdmanana(a)suse.com> btrfs: fix iteration of extrefs during log replay Filipe Manana <fdmanana(a)suse.com> btrfs: fix missing error handling when searching for inode refs during log replay Yang Li <yang.li(a)amlogic.com> Bluetooth: Prevent unintended pause by checking if advertising is active Alok Tiwari <alok.a.tiwari(a)oracle.com> platform/mellanox: nvsw-sn2201: Fix bus number in adapter error message Patrisious Haddad <phaddad(a)nvidia.com> RDMA/mlx5: Fix CC counters query for MPV Bart Van Assche <bvanassche(a)acm.org> scsi: ufs: core: Fix spelling of a sysfs attribute name Thomas Fourier <fourier.thomas(a)gmail.com> scsi: qla4xxx: Fix missing DMA mapping error in qla4xxx_alloc_pdu() Thomas Fourier <fourier.thomas(a)gmail.com> scsi: qla2xxx: Fix DMA mapping test in qla24xx_get_port_database() Benjamin Coddington <bcodding(a)redhat.com> NFSv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN Kuniyuki Iwashima <kuniyu(a)google.com> nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails. Mark Zhang <markzhang(a)nvidia.com> RDMA/mlx5: Initialize obj_event->obj_sub_list before xa_insert David Thompson <davthompson(a)nvidia.com> platform/mellanox: mlxbf-tmfifo: fix vring_desc.len assignment Janne Grunau <j(a)jannau.net> arm64: dts: apple: t8103: Fix PCIe BCM4377 nodename Sergey Senozhatsky <senozhatsky(a)chromium.org> mtk-sd: reset host->mrq on prepare_data() error Masami Hiramatsu (Google) <mhiramat(a)kernel.org> mtk-sd: Prevent memory corruption from DMA map failure Masami Hiramatsu (Google) <mhiramat(a)kernel.org> mtk-sd: Fix a pagefault in dma_unmap_sg() for not prepared data RD Babiera <rdbabiera(a)google.com> usb: typec: altmodes/displayport: do not index invalid pin_assignments Manivannan Sadhasivam <mani(a)kernel.org> regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods Christian Eggers <ceggers(a)arri.de> Bluetooth: MGMT: mesh_send: check instances prior disabling advertising Christian Eggers <ceggers(a)arri.de> Bluetooth: MGMT: set_mesh: update LE scan interval and window Christian Eggers <ceggers(a)arri.de> Bluetooth: hci_sync: revert some mesh modifications Avri Altman <avri.altman(a)sandisk.com> mmc: core: sd: Apply BROKEN_SD_DISCARD quirk earlier Ulf Hansson <ulf.hansson(a)linaro.org> Revert "mmc: sdhci: Disable SD card clock before changing parameters" Victor Shih <victor.shih(a)genesyslogic.com.tw> mmc: sdhci: Add a helper function for dump register in dynamic debug mode HarshaVardhana S A <harshavardhana.sa(a)broadcom.com> vsock/vmci: Clear the vmci transport packet properly when initializing it Niklas Schnelle <schnelle(a)linux.ibm.com> s390/pci: Do not try re-enabling load/store if device is disabled Mateusz Jończyk <mat.jonczyk(a)o2.pl> rtc: cmos: use spin_lock_irqsave in cmos_interrupt ------------- Diffstat: Documentation/ABI/testing/sysfs-devices-system-cpu | 1 + Documentation/ABI/testing/sysfs-driver-ufs | 2 +- .../hw-vuln/processor_mmio_stale_data.rst | 4 +- Documentation/admin-guide/kernel-parameters.txt | 13 ++ Makefile | 4 +- arch/arm64/boot/dts/apple/t8103-jxxx.dtsi | 2 +- arch/powerpc/include/uapi/asm/ioctls.h | 8 +- arch/s390/pci/pci_event.c | 20 ++++ arch/x86/Kconfig | 9 ++ arch/x86/entry/entry.S | 8 +- arch/x86/include/asm/cpu.h | 12 ++ arch/x86/include/asm/cpufeatures.h | 6 + arch/x86/include/asm/irqflags.h | 4 +- arch/x86/include/asm/mwait.h | 19 ++- arch/x86/include/asm/nospec-branch.h | 39 +++--- arch/x86/kernel/cpu/amd.c | 58 +++++++++ arch/x86/kernel/cpu/bugs.c | 133 ++++++++++++++++++++- arch/x86/kernel/cpu/common.c | 14 ++- arch/x86/kernel/cpu/scattered.c | 2 + arch/x86/kernel/process.c | 15 ++- arch/x86/kvm/cpuid.c | 9 +- arch/x86/kvm/reverse_cpuid.h | 8 ++ arch/x86/kvm/svm/vmenter.S | 6 + arch/x86/kvm/vmx/vmx.c | 2 +- drivers/acpi/acpica/dsmethod.c | 7 ++ drivers/ata/libata-acpi.c | 24 ++-- drivers/ata/pata_cs5536.c | 2 +- drivers/ata/pata_via.c | 6 +- drivers/base/cpu.c | 7 ++ drivers/block/aoe/aoe.h | 1 + drivers/block/aoe/aoecmd.c | 8 +- drivers/block/aoe/aoedev.c | 5 +- drivers/dma-buf/dma-resv.c | 12 +- drivers/gpu/drm/exynos/exynos_drm_fimd.c | 12 ++ drivers/gpu/drm/i915/gt/intel_gsc.c | 2 +- drivers/gpu/drm/i915/gt/intel_ring_submission.c | 3 +- drivers/gpu/drm/i915/selftests/i915_request.c | 20 ++-- drivers/gpu/drm/i915/selftests/mock_request.c | 2 +- drivers/gpu/drm/msm/msm_gem_submit.c | 17 ++- drivers/gpu/drm/v3d/v3d_drv.h | 8 ++ drivers/gpu/drm/v3d/v3d_gem.c | 2 + drivers/gpu/drm/v3d/v3d_irq.c | 37 ++++-- drivers/i2c/busses/i2c-designware-master.c | 1 + drivers/infiniband/hw/mlx5/counters.c | 2 +- drivers/infiniband/hw/mlx5/devx.c | 2 +- drivers/mmc/core/quirks.h | 12 +- drivers/mmc/host/mtk-sd.c | 21 +++- drivers/mmc/host/sdhci.c | 9 +- drivers/mmc/host/sdhci.h | 16 +++ drivers/mtd/nand/spi/core.c | 1 + drivers/net/ethernet/amd/xgbe/xgbe-common.h | 2 + drivers/net/ethernet/amd/xgbe/xgbe-mdio.c | 9 ++ drivers/net/ethernet/amd/xgbe/xgbe.h | 4 +- drivers/net/ethernet/atheros/atlx/atl1.c | 79 ++++++++---- drivers/net/ethernet/cisco/enic/enic_main.c | 4 +- drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 26 +++- drivers/net/ethernet/intel/igc/igc_main.c | 10 ++ drivers/net/ethernet/sun/niu.c | 31 ++++- drivers/net/ethernet/sun/niu.h | 4 + drivers/net/usb/lan78xx.c | 2 - drivers/net/virtio_net.c | 38 +++++- drivers/net/wireless/ath/ath6kl/bmi.c | 4 +- drivers/platform/mellanox/mlxbf-tmfifo.c | 3 +- drivers/platform/mellanox/mlxreg-lc.c | 2 +- drivers/platform/mellanox/nvsw-sn2201.c | 2 +- .../x86/dell/dell-wmi-sysman/dell-wmi-sysman.h | 5 + .../x86/dell/dell-wmi-sysman/enum-attributes.c | 5 +- .../x86/dell/dell-wmi-sysman/int-attributes.c | 5 +- .../x86/dell/dell-wmi-sysman/passobj-attributes.c | 5 +- .../x86/dell/dell-wmi-sysman/string-attributes.c | 5 +- drivers/platform/x86/dell/dell-wmi-sysman/sysman.c | 12 +- drivers/platform/x86/think-lmi.c | 53 ++++---- drivers/regulator/gpio-regulator.c | 8 +- drivers/rtc/rtc-cmos.c | 10 +- drivers/scsi/qla2xxx/qla_mbx.c | 2 +- drivers/scsi/qla4xxx/ql4_os.c | 2 + drivers/spi/spi-fsl-dspi.c | 11 +- drivers/target/target_core_pr.c | 4 +- drivers/ufs/core/ufs-sysfs.c | 4 +- drivers/usb/cdns3/cdnsp-ring.c | 4 +- drivers/usb/core/quirks.c | 3 +- drivers/usb/host/xhci-dbgcap.c | 4 + drivers/usb/host/xhci-dbgtty.c | 1 + drivers/usb/host/xhci-plat.c | 3 +- drivers/usb/typec/altmodes/displayport.c | 5 +- fs/btrfs/inode.c | 7 +- fs/btrfs/tree-log.c | 8 +- fs/nfs/flexfilelayout/flexfilelayout.c | 121 +++++++++++++------ fs/nfs/inode.c | 17 ++- fs/nfs/pnfs.c | 4 +- fs/smb/client/cifsglob.h | 1 + fs/smb/client/connect.c | 7 +- include/linux/cpu.h | 1 + include/linux/libata.h | 7 +- include/linux/usb/typec_dp.h | 1 + kernel/rcu/tree.c | 4 + lib/test_objagg.c | 4 +- net/bluetooth/hci_sync.c | 20 ++-- net/bluetooth/mgmt.c | 25 +++- net/mac80211/rx.c | 4 + net/rose/rose_route.c | 15 +-- net/sched/sch_api.c | 19 +-- net/vmw_vsock/vmci_transport.c | 4 +- sound/isa/sb/sb16_main.c | 7 ++ sound/soc/amd/yc/acp6x-mach.c | 7 ++ 105 files changed, 987 insertions(+), 304 deletions(-)

3 months, 4 weeks

9
8
0 0

[merged mm-nonmm-stable] ocfs2-reset-folio-to-null-when-get-folio-fails.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: ocfs2: reset folio to NULL when get folio fails has been removed from the -mm tree. Its filename was ocfs2-reset-folio-to-null-when-get-folio-fails.patch This patch was dropped because it was merged into the mm-nonmm-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Lizhi Xu <lizhi.xu(a)windriver.com> Subject: ocfs2: reset folio to NULL when get folio fails Date: Mon, 16 Jun 2025 09:31:40 +0800 The reproducer uses FAULT_INJECTION to make memory allocation fail, which causes __filemap_get_folio() to fail, when initializing w_folios[i] in ocfs2_grab_folios_for_write(), it only returns an error code and the value of w_folios[i] is the error code, which causes ocfs2_unlock_and_free_folios() to recycle the invalid w_folios[i] when releasing folios. Link: https://lkml.kernel.org/r/20250616013140.3602219-1-lizhi.xu@windriver.com Reported-by: syzbot+c2ea94ae47cd7e3881ec(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=c2ea94ae47cd7e3881ec Signed-off-by: Lizhi Xu <lizhi.xu(a)windriver.com> Reviewed-by: Joseph Qi <joseph.qi(a)linux.alibaba.com> Cc: Mark Fasheh <mark(a)fasheh.com> Cc: Joel Becker <jlbec(a)evilplan.org> Cc: Junxiao Bi <junxiao.bi(a)oracle.com> Cc: Changwei Ge <gechangwei(a)live.cn> Cc: Jun Piao <piaojun(a)huawei.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/ocfs2/aops.c | 1 + 1 file changed, 1 insertion(+) --- a/fs/ocfs2/aops.c~ocfs2-reset-folio-to-null-when-get-folio-fails +++ a/fs/ocfs2/aops.c @@ -1071,6 +1071,7 @@ static int ocfs2_grab_folios_for_write(s if (IS_ERR(wc->w_folios[i])) { ret = PTR_ERR(wc->w_folios[i]); mlog_errno(ret); + wc->w_folios[i] = NULL; goto out; } } _ Patches currently in -mm which might be from lizhi.xu(a)windriver.com are

3 months, 4 weeks

1
0
0 0

[merged mm-stable] mm-ptdump-take-the-memory-hotplug-lock-inside-ptdump_walk_pgd.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/ptdump: take the memory hotplug lock inside ptdump_walk_pgd() has been removed from the -mm tree. Its filename was mm-ptdump-take-the-memory-hotplug-lock-inside-ptdump_walk_pgd.patch This patch was dropped because it was merged into the mm-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Anshuman Khandual <anshuman.khandual(a)arm.com> Subject: mm/ptdump: take the memory hotplug lock inside ptdump_walk_pgd() Date: Fri, 20 Jun 2025 10:54:27 +0530 Memory hot remove unmaps and tears down various kernel page table regions as required. The ptdump code can race with concurrent modifications of the kernel page tables. When leaf entries are modified concurrently, the dump code may log stale or inconsistent information for a VA range, but this is otherwise not harmful. But when intermediate levels of kernel page table are freed, the dump code will continue to use memory that has been freed and potentially reallocated for another purpose. In such cases, the ptdump code may dereference bogus addresses, leading to a number of potential problems. To avoid the above mentioned race condition, platforms such as arm64, riscv and s390 take memory hotplug lock, while dumping kernel page table via the sysfs interface /sys/kernel/debug/kernel_page_tables. Similar race condition exists while checking for pages that might have been marked W+X via /sys/kernel/debug/kernel_page_tables/check_wx_pages which in turn calls ptdump_check_wx(). Instead of solving this race condition again, let's just move the memory hotplug lock inside generic ptdump_check_wx() which will benefit both the scenarios. Drop get_online_mems() and put_online_mems() combination from all existing platform ptdump code paths. Link: https://lkml.kernel.org/r/20250620052427.2092093-1-anshuman.khandual@arm.com Fixes: bbd6ec605c0f ("arm64/mm: Enable memory hot remove") Signed-off-by: Anshuman Khandual <anshuman.khandual(a)arm.com> Acked-by: David Hildenbrand <david(a)redhat.com> Reviewed-by: Dev Jain <dev.jain(a)arm.com> Acked-by: Alexander Gordeev <agordeev(a)linux.ibm.com> [s390] Cc: Catalin Marinas <catalin.marinas(a)arm.com> Cc: Will Deacon <will(a)kernel.org> Cc: Ryan Roberts <ryan.roberts(a)arm.com> Cc: Paul Walmsley <paul.walmsley(a)sifive.com> Cc: Palmer Dabbelt <palmer(a)dabbelt.com> Cc: Alexander Gordeev <agordeev(a)linux.ibm.com> Cc: Gerald Schaefer <gerald.schaefer(a)linux.ibm.com> Cc: Heiko Carstens <hca(a)linux.ibm.com> Cc: Vasily Gorbik <gor(a)linux.ibm.com> Cc: Christian Borntraeger <borntraeger(a)linux.ibm.com> Cc: Sven Schnelle <svens(a)linux.ibm.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- arch/arm64/mm/ptdump_debugfs.c | 3 --- arch/riscv/mm/ptdump.c | 3 --- arch/s390/mm/dump_pagetables.c | 2 -- mm/ptdump.c | 2 ++ 4 files changed, 2 insertions(+), 8 deletions(-) --- a/arch/arm64/mm/ptdump_debugfs.c~mm-ptdump-take-the-memory-hotplug-lock-inside-ptdump_walk_pgd +++ a/arch/arm64/mm/ptdump_debugfs.c @@ -1,6 +1,5 @@ // SPDX-License-Identifier: GPL-2.0 #include <linux/debugfs.h> -#include <linux/memory_hotplug.h> #include <linux/seq_file.h> #include <asm/ptdump.h> @@ -9,9 +8,7 @@ static int ptdump_show(struct seq_file * { struct ptdump_info *info = m->private; - get_online_mems(); ptdump_walk(m, info); - put_online_mems(); return 0; } DEFINE_SHOW_ATTRIBUTE(ptdump); --- a/arch/riscv/mm/ptdump.c~mm-ptdump-take-the-memory-hotplug-lock-inside-ptdump_walk_pgd +++ a/arch/riscv/mm/ptdump.c @@ -6,7 +6,6 @@ #include <linux/efi.h> #include <linux/init.h> #include <linux/debugfs.h> -#include <linux/memory_hotplug.h> #include <linux/seq_file.h> #include <linux/ptdump.h> @@ -413,9 +412,7 @@ bool ptdump_check_wx(void) static int ptdump_show(struct seq_file *m, void *v) { - get_online_mems(); ptdump_walk(m, m->private); - put_online_mems(); return 0; } --- a/arch/s390/mm/dump_pagetables.c~mm-ptdump-take-the-memory-hotplug-lock-inside-ptdump_walk_pgd +++ a/arch/s390/mm/dump_pagetables.c @@ -247,11 +247,9 @@ static int ptdump_show(struct seq_file * .marker = markers, }; - get_online_mems(); mutex_lock(&cpa_mutex); ptdump_walk_pgd(&st.ptdump, &init_mm, NULL); mutex_unlock(&cpa_mutex); - put_online_mems(); return 0; } DEFINE_SHOW_ATTRIBUTE(ptdump); --- a/mm/ptdump.c~mm-ptdump-take-the-memory-hotplug-lock-inside-ptdump_walk_pgd +++ a/mm/ptdump.c @@ -176,6 +176,7 @@ void ptdump_walk_pgd(struct ptdump_state { const struct ptdump_range *range = st->range; + get_online_mems(); mmap_write_lock(mm); while (range->start != range->end) { walk_page_range_debug(mm, range->start, range->end, @@ -183,6 +184,7 @@ void ptdump_walk_pgd(struct ptdump_state range++; } mmap_write_unlock(mm); + put_online_mems(); /* Flush out the last page */ st->note_page_flush(st); _ Patches currently in -mm which might be from anshuman.khandual(a)arm.com are

3 months, 4 weeks

1
0
0 0

[merged mm-stable] mm-huge_memory-dont-ignore-queried-cachemode-in-vmf_insert_pfn_pud.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/huge_memory: don't ignore queried cachemode in vmf_insert_pfn_pud() has been removed from the -mm tree. Its filename was mm-huge_memory-dont-ignore-queried-cachemode-in-vmf_insert_pfn_pud.patch This patch was dropped because it was merged into the mm-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: David Hildenbrand <david(a)redhat.com> Subject: mm/huge_memory: don't ignore queried cachemode in vmf_insert_pfn_pud() Date: Fri, 13 Jun 2025 11:27:00 +0200 Patch series "mm/huge_memory: vmf_insert_folio_*() and vmf_insert_pfn_pud() fixes", v3. While working on improving vm_normal_page() and friends, I stumbled over this issues: refcounted "normal" folios must not be marked using pmd_special() / pud_special(). Otherwise, we're effectively telling the system that these folios are no "normal", violating the rules we documented for vm_normal_page(). Fortunately, there are not many pmd_special()/pud_special() users yet. So far there doesn't seem to be serious damage. Tested using the ndctl tests ("ndctl:dax" suite). This patch (of 3): We set up the cache mode but ... don't forward the updated pgprot to insert_pfn_pud(). Only a problem on x86-64 PAT when mapping PFNs using PUDs that require a special cachemode. Fix it by using the proper pgprot where the cachemode was setup. It is unclear in which configurations we would get the cachemode wrong: through vfio seems possible. Getting cachemodes wrong is usually ... bad. As the fix is easy, let's backport it to stable. Identified by code inspection. Link: https://lkml.kernel.org/r/20250613092702.1943533-1-david@redhat.com Link: https://lkml.kernel.org/r/20250613092702.1943533-2-david@redhat.com Fixes: 7b806d229ef1 ("mm: remove vmf_insert_pfn_xxx_prot() for huge page-table entries") Signed-off-by: David Hildenbrand <david(a)redhat.com> Reviewed-by: Dan Williams <dan.j.williams(a)intel.com> Reviewed-by: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Reviewed-by: Jason Gunthorpe <jgg(a)nvidia.com> Reviewed-by: Oscar Salvador <osalvador(a)suse.de> Tested-by: Dan Williams <dan.j.williams(a)intel.com> Cc: Alistair Popple <apopple(a)nvidia.com> Cc: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: Dev Jain <dev.jain(a)arm.com> Cc: Liam Howlett <liam.howlett(a)oracle.com> Cc: Mariano Pache <npache(a)redhat.com> Cc: Michal Hocko <mhocko(a)suse.com> Cc: Mike Rapoport <rppt(a)kernel.org> Cc: Ryan Roberts <ryan.roberts(a)arm.com> Cc: Suren Baghdasaryan <surenb(a)google.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: Zi Yan <ziy(a)nvidia.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/huge_memory.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) --- a/mm/huge_memory.c~mm-huge_memory-dont-ignore-queried-cachemode-in-vmf_insert_pfn_pud +++ a/mm/huge_memory.c @@ -1516,10 +1516,9 @@ static pud_t maybe_pud_mkwrite(pud_t pud } static void insert_pfn_pud(struct vm_area_struct *vma, unsigned long addr, - pud_t *pud, pfn_t pfn, bool write) + pud_t *pud, pfn_t pfn, pgprot_t prot, bool write) { struct mm_struct *mm = vma->vm_mm; - pgprot_t prot = vma->vm_page_prot; pud_t entry; if (!pud_none(*pud)) { @@ -1581,7 +1580,7 @@ vm_fault_t vmf_insert_pfn_pud(struct vm_ pfnmap_setup_cachemode_pfn(pfn_t_to_pfn(pfn), &pgprot); ptl = pud_lock(vma->vm_mm, vmf->pud); - insert_pfn_pud(vma, addr, vmf->pud, pfn, write); + insert_pfn_pud(vma, addr, vmf->pud, pfn, pgprot, write); spin_unlock(ptl); return VM_FAULT_NOPAGE; @@ -1625,7 +1624,7 @@ vm_fault_t vmf_insert_folio_pud(struct v add_mm_counter(mm, mm_counter_file(folio), HPAGE_PUD_NR); } insert_pfn_pud(vma, addr, vmf->pud, pfn_to_pfn_t(folio_pfn(folio)), - write); + vma->vm_page_prot, write); spin_unlock(ptl); return VM_FAULT_NOPAGE; _ Patches currently in -mm which might be from david(a)redhat.com are mm-balloon_compaction-we-cannot-have-isolated-pages-in-the-balloon-list.patch mm-balloon_compaction-convert-balloon_page_delete-to-balloon_page_finalize.patch mm-zsmalloc-drop-pageisolated-related-vm_bug_ons.patch mm-page_alloc-let-page-freeing-clear-any-set-page-type.patch mm-balloon_compaction-make-pageoffline-sticky-until-the-page-is-freed.patch mm-zsmalloc-make-pagezsmalloc-sticky-until-the-page-is-freed.patch mm-migrate-rename-isolate_movable_page-to-isolate_movable_ops_page.patch mm-migrate-rename-putback_movable_folio-to-putback_movable_ops_page.patch mm-migrate-factor-out-movable_ops-page-handling-into-migrate_movable_ops_page.patch mm-migrate-remove-folio_test_movable-and-folio_movable_ops.patch mm-migrate-move-movable_ops-page-handling-out-of-move_to_new_folio.patch mm-zsmalloc-stop-using-__clearpagemovable.patch mm-balloon_compaction-stop-using-__clearpagemovable.patch mm-migrate-remove-__clearpagemovable.patch mm-migration-remove-pagemovable.patch mm-rename-__pagemovable-to-page_has_movable_ops.patch mm-page_isolation-drop-__folio_test_movable-check-for-large-folios.patch mm-remove-__folio_test_movable.patch mm-stop-storing-migration_ops-in-page-mapping.patch mm-convert-movable-flag-in-page-mapping-to-a-page-flag.patch mm-rename-pg_isolated-to-pg_movable_ops_isolated.patch mm-page-flags-rename-page_mapping_movable-to-page_mapping_anon_ksm.patch mm-page-alloc-remove-pagemappingflags.patch mm-page-flags-remove-folio_mapping_flags.patch mm-simplify-folio_expected_ref_count.patch mm-rename-page_mapping_-to-folio_mapping_.patch docs-mm-convert-from-non-lru-page-migration-to-movable_ops-page-migration.patch mm-balloon_compaction-movable_ops-doc-updates.patch mm-balloon_compaction-provide-single-balloon_page_insert-and-balloon_mapping_gfp_mask.patch mm-convert-fpb_ignore_-into-fpb_respect_.patch mm-smaller-folio_pte_batch-improvements.patch mm-split-folio_pte_batch-into-folio_pte_batch-and-folio_pte_batch_flags.patch mm-remove-boolean-output-parameters-from-folio_pte_batch_ext.patch mm-memory-introduce-is_huge_zero_pfn-and-use-it-in-vm_normal_page_pmd.patch

3 months, 4 weeks

1
0
0 0

[merged mm-stable] mm-memory-tier-fix-abstract-distance-calculation-overflow.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/memory-tier: fix abstract distance calculation overflow has been removed from the -mm tree. Its filename was mm-memory-tier-fix-abstract-distance-calculation-overflow.patch This patch was dropped because it was merged into the mm-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Li Zhijian <lizhijian(a)fujitsu.com> Subject: mm/memory-tier: fix abstract distance calculation overflow Date: Tue, 10 Jun 2025 14:27:51 +0800 In mt_perf_to_adistance(), the calculation of abstract distance (adist) involves multiplying several int values including MEMTIER_ADISTANCE_DRAM. *adist = MEMTIER_ADISTANCE_DRAM * (perf->read_latency + perf->write_latency) / (default_dram_perf.read_latency + default_dram_perf.write_latency) * (default_dram_perf.read_bandwidth + default_dram_perf.write_bandwidth) / (perf->read_bandwidth + perf->write_bandwidth); Since these values can be large, the multiplication may exceed the maximum value of an int (INT_MAX) and overflow (Our platform did), leading to an incorrect adist. User-visible impact: The memory tiering subsystem will misinterpret slow memory (like CXL) as faster than DRAM, causing inappropriate demotion of pages from CXL (slow memory) to DRAM (fast memory). For example, we will see the following demotion chains from the dmesg, where Node0,1 are DRAM, and Node2,3 are CXL node: Demotion targets for Node 0: null Demotion targets for Node 1: null Demotion targets for Node 2: preferred: 0-1, fallback: 0-1 Demotion targets for Node 3: preferred: 0-1, fallback: 0-1 Change MEMTIER_ADISTANCE_DRAM to be a long constant by writing it with the 'L' suffix. This prevents the overflow because the multiplication will then be done in the long type which has a larger range. Link: https://lkml.kernel.org/r/20250611023439.2845785-1-lizhijian@fujitsu.com Link: https://lkml.kernel.org/r/20250610062751.2365436-1-lizhijian@fujitsu.com Fixes: 3718c02dbd4c ("acpi, hmat: calculate abstract distance with HMAT") Signed-off-by: Li Zhijian <lizhijian(a)fujitsu.com> Reviewed-by: Huang Ying <ying.huang(a)linux.alibaba.com> Acked-by: Balbir Singh <balbirs(a)nvidia.com> Reviewed-by: Donet Tom <donettom(a)linux.ibm.com> Reviewed-by: Oscar Salvador <osalvador(a)suse.de> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/memory-tiers.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/include/linux/memory-tiers.h~mm-memory-tier-fix-abstract-distance-calculation-overflow +++ a/include/linux/memory-tiers.h @@ -18,7 +18,7 @@ * adistance value (slightly faster) than default DRAM adistance to be part of * the same memory tier. */ -#define MEMTIER_ADISTANCE_DRAM ((4 * MEMTIER_CHUNK_SIZE) + (MEMTIER_CHUNK_SIZE >> 1)) +#define MEMTIER_ADISTANCE_DRAM ((4L * MEMTIER_CHUNK_SIZE) + (MEMTIER_CHUNK_SIZE >> 1)) struct memory_tier; struct memory_dev_type { _ Patches currently in -mm which might be from lizhijian(a)fujitsu.com are

3 months, 4 weeks

1
0
0 0

[merged mm-stable] readahead-fix-return-value-of-page_cache_next_miss-when-no-hole-is-found.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: readahead: fix return value of page_cache_next_miss() when no hole is found has been removed from the -mm tree. Its filename was readahead-fix-return-value-of-page_cache_next_miss-when-no-hole-is-found.patch This patch was dropped because it was merged into the mm-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Chi Zhiling <chizhiling(a)kylinos.cn> Subject: readahead: fix return value of page_cache_next_miss() when no hole is found Date: Thu, 5 Jun 2025 13:49:35 +0800 max_scan in page_cache_next_miss always decreases to zero when no hole is found, causing the return value to be index + 0. Fix this by preserving the max_scan value throughout the loop. Jan said "From what I know and have seen in the past, wrong responses from page_cache_next_miss() can lead to readahead window reduction and thus reduced read speeds." Link: https://lkml.kernel.org/r/20250605054935.2323451-1-chizhiling@163.com Fixes: 901a269ff3d5 ("filemap: fix page_cache_next_miss() when no hole found") Signed-off-by: Chi Zhiling <chizhiling(a)kylinos.cn> Reviewed-by: Jan Kara <jack(a)suse.cz> Cc: Josef Bacik <josef(a)toxicpanda.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/filemap.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/mm/filemap.c~readahead-fix-return-value-of-page_cache_next_miss-when-no-hole-is-found +++ a/mm/filemap.c @@ -1778,8 +1778,9 @@ pgoff_t page_cache_next_miss(struct addr pgoff_t index, unsigned long max_scan) { XA_STATE(xas, &mapping->i_pages, index); + unsigned long nr = max_scan; - while (max_scan--) { + while (nr--) { void *entry = xas_next(&xas); if (!entry || xa_is_value(entry)) return xas.xa_index; _ Patches currently in -mm which might be from chizhiling(a)kylinos.cn are

3 months, 4 weeks

1
0
0 0

VMware Workstation Pro w/ recent Kernel-6.15.4

by Christopher Turcotte

Good morning I'm hoping for a resolution to an issue I'm currently having with the latest kernel release and Workstation Pro (Free Edition). Every time I try to open Workstation, it's prompting me to reinstall modules that ultimately fail (see screenshots). Also see the attached log file. After doing some research, I see the issue is that several header files are missing. I've tried to manually compile and install original modules, but with no success. I'm still faced with an incompatibility issue and the latest kernel. This problem does not occur when I switch back to kernel 6.14. I'm currently running the latest kernel (6.15.4) on Fedora 42. My hardware specs: CPU: AMD Ryzen 7840U Memory: Crucial 96 GB 5600 DDR5 [Screenshot From 2025-07-08 16-53-52.png][Screenshot From 2025-07-08 16-54-06.png],

3 months, 4 weeks

3
2
0 0

[PATCH 6.15 000/178] 6.15.6-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.15.6 release. There are 178 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 10 Jul 2025 16:22:09 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.15.6-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.15.6-rc1 Borislav Petkov (AMD) <bp(a)alien8.de> x86/process: Move the buffer clearing before MONITOR Borislav Petkov (AMD) <bp(a)alien8.de> x86/microcode/AMD: Add TSA microcode SHAs Borislav Petkov (AMD) <bp(a)alien8.de> KVM: SVM: Advertise TSA CPUID bits to guests Borislav Petkov <bp(a)alien8.de> KVM: x86: Sort CPUID_8000_0021_EAX leaf bits properly Borislav Petkov (AMD) <bp(a)alien8.de> x86/bugs: Add a Transient Scheduler Attacks mitigation Borislav Petkov (AMD) <bp(a)alien8.de> x86/bugs: Rename MDS machinery to something more generic Jeongjun Park <aha310510(a)gmail.com> mm/vmalloc: fix data race in show_numa_info() Andrei Kuchynski <akuchynski(a)chromium.org> usb: typec: displayport: Fix potential deadlock Kurt Borja <kuurtb(a)gmail.com> platform/x86: think-lmi: Fix sysfs group cleanup Kurt Borja <kuurtb(a)gmail.com> platform/x86: think-lmi: Fix kobject cleanup Kurt Borja <kuurtb(a)gmail.com> platform/x86: think-lmi: Create ksets consecutively Vivian Wang <wangruikang(a)iscas.ac.cn> riscv: cpu_ops_sbi: Use static array for boot_data Zhang Rui <rui.zhang(a)intel.com> powercap: intel_rapl: Do not change CLAMPING bit if ENABLE bit cannot be changed Lu Baolu <baolu.lu(a)linux.intel.com> iommu/vt-d: Assign devtlb cache tag on ATS enablement Simon Xue <xxm(a)rock-chips.com> iommu/rockchip: prevent iommus dead loop when two masters share one IOMMU Jens Wiklander <jens.wiklander(a)linaro.org> optee: ffa: fix sleep in atomic context Oliver Neukum <oneukum(a)suse.com> Logitech C-270 even more broken Michael J. Ruhl <michael.j.ruhl(a)intel.com> i2c/designware: Fix an initialization issue Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> dt-bindings: i2c: realtek,rtl9301: Fix missing 'reg' constraint Qasim Ijaz <qasdev00(a)gmail.com> HID: appletb-kbd: fix slab use-after-free bug in appletb_kbd_probe Christian König <christian.koenig(a)amd.com> dma-buf: fix timeout handling in dma_resv_wait_timeout v2 Shyam Prasad N <sprasad(a)microsoft.com> cifs: all initializations for tcon should happen in tcon_info_alloc Philipp Kerling <pkerling(a)casix.org> smb: client: fix readdir returning wrong type with POSIX extensions Heikki Krogerus <heikki.krogerus(a)linux.intel.com> usb: acpi: fix device link removal Xu Yang <xu.yang_2(a)nxp.com> usb: chipidea: udc: disconnect/reconnect from host when do suspend/resume SCHNEIDER Johannes <johannes.schneider(a)leica-geosystems.com> usb: dwc3: gadget: Fix TRB reclaim logic for short transfers and ZLPs Kuen-Han Tsai <khtsai(a)google.com> usb: dwc3: Abort suspend on soft disconnect failure Pawel Laszczak <pawell(a)cadence.com> usb: cdnsp: Fix issue with CV Bad Descriptor test Peter Chen <peter.chen(a)cixtech.com> usb: cdnsp: do not disable slot for disabled slot Jeff LaBundy <jeff(a)labundy.com> Input: iqs7222 - explicitly define number of external channels Nilton Perim Neto <niltonperimneto(a)gmail.com> Input: xpad - support Acer NGR 200 Controller Qasim Ijaz <qasdev00(a)gmail.com> HID: appletb-kbd: fix memory corruption of input_handler_list Hongyu Xie <xiehongyu1(a)kylinos.cn> xhci: Disable stream for xHC controller with XHCI_BROKEN_STREAMS Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: dbc: Flush queued requests before stopping dbc Łukasz Bartosik <ukaszb(a)chromium.org> xhci: dbctty: disable ECHO flag by default Raju Rangoju <Raju.Rangoju(a)amd.com> usb: xhci: quirk for data loss in ISOC transfers Roy Luo <royluo(a)google.com> Revert "usb: xhci: Implement xhci_handshake_check_state() helper" Roy Luo <royluo(a)google.com> usb: xhci: Skip xhci_reset in xhci_resume if xhci is being removed Uladzislau Rezki (Sony) <urezki(a)gmail.com> rcu: Return early if callback is not specified Pablo Martin-Gomez <pmartin-gomez(a)freebox.fr> mtd: spinand: fix memory leak of ECC engine conf Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> ACPICA: Refuse to evaluate a method if arguments are missing Johannes Berg <johannes.berg(a)intel.com> wifi: ath6kl: remove WARN on bad firmware input Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: drop invalid source address OCB frames Justin Sanders <jsanders.devel(a)gmail.com> aoe: defer rexmit timer downdev work to workqueue Maurizio Lombardi <mlombard(a)redhat.com> scsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port() Heiko Stuebner <heiko(a)sntech.de> regulator: fan53555: add enable_time support and soft-start times Raven Black <ravenblack(a)gmail.com> ASoC: amd: yc: update quirk data for HP Victus Madhavan Srinivasan <maddy(a)linux.ibm.com> powerpc: Fix struct termio related ioctl macros Gyeyoung Baek <gye976(a)gmail.com> genirq/irq_sim: Initialize work context pointers properly Mario Limonciello <mario.limonciello(a)amd.com> platform/x86/amd/pmc: Add PCSpecialist Lafite Pro V 14M to 8042 quirks list Gabriel Santese <santesegabriel(a)gmail.com> ASoC: amd: yc: Add quirk for MSI Bravo 17 D7VF internal mic Johannes Berg <johannes.berg(a)intel.com> ata: pata_cs5536: fix build on 32-bit UML Tasos Sahanidis <tasos(a)tasossah.com> ata: libata-acpi: Do not assume 40 wire cable if no devices are enabled Takashi Iwai <tiwai(a)suse.de> ALSA: sb: Force to disable DMAs once when DMA mode is changed Takashi Iwai <tiwai(a)suse.de> ALSA: sb: Don't allow changing the DMA mode during operations Rob Clark <robdclark(a)chromium.org> drm/msm: Fix another leak in the submit error path Rob Clark <robdclark(a)chromium.org> drm/msm: Fix a fence leak in submit error path Jake Hillion <jake(a)hillion.co.uk> x86/platform/amd: move final timeout check to after final sleep Harry Austen <hpausten(a)protonmail.com> drm/xe: Allow dropping kunit dependency as built-in David Howells <dhowells(a)redhat.com> netfs: Fix double put of request Paulo Alcantara <pc(a)manguebit.org> smb: client: fix native SMB symlink traversal Wang Zhaolong <wangzhaolong(a)huaweicloud.com> smb: client: fix race condition in negotiate timeout by using more precise timing Antoine Tenart <atenart(a)kernel.org> net: ipv4: fix stat increase when udp early demux drops the packet Raju Rangoju <Raju.Rangoju(a)amd.com> amd-xgbe: do not double read link status Lion Ackermann <nnamrec(a)gmail.com> net/sched: Always pass notifications when child class becomes empty Thomas Fourier <fourier.thomas(a)gmail.com> nui: Fix dma_mapping_error() check Kohei Enju <enjuk(a)amazon.com> rose: fix dangling neighbour pointers in rose_rt_device_down() Alok Tiwari <alok.a.tiwari(a)oracle.com> enic: fix incorrect MTU comparison in enic_change_mtu() Raju Rangoju <Raju.Rangoju(a)amd.com> amd-xgbe: align CL37 AN sequence as per databook Dan Carpenter <dan.carpenter(a)linaro.org> lib: test_objagg: Set error message in check_expect_hints_stats() Vinay Belgaumkar <vinay.belgaumkar(a)intel.com> drm/xe/bmg: Update Wa_22019338487 Vinay Belgaumkar <vinay.belgaumkar(a)intel.com> drm/xe/bmg: Update Wa_14022085890 Lucas De Marchi <lucas.demarchi(a)intel.com> drm/xe: Split xe_device_td_flush() Lucas De Marchi <lucas.demarchi(a)intel.com> drm/xe/guc_pc: Add _locked variant for min/max freq John Harrison <John.C.Harrison(a)Intel.com> drm/xe/guc: Enable w/a 16026508708 David Howells <dhowells(a)redhat.com> netfs: Fix i_size updating Paulo Alcantara <pc(a)manguebit.org> smb: client: set missing retry flag in cifs_writev_callback() Paulo Alcantara <pc(a)manguebit.org> smb: client: set missing retry flag in cifs_readv_callback() Paulo Alcantara <pc(a)manguebit.org> smb: client: set missing retry flag in smb2_writev_callback() David Howells <dhowells(a)redhat.com> netfs: Fix ref leak on inserted extra subreq in write retry David Howells <dhowells(a)redhat.com> netfs: Fix looping in wait functions David Howells <dhowells(a)redhat.com> netfs: Fix hang due to missing case in final DIO read result collection Jia Yao <jia.yao(a)intel.com> drm/xe: Fix out-of-bounds field write in MI_STORE_DATA_IMM Vitaly Lifshits <vitaly.lifshits(a)intel.com> igc: disable L1.2 PCI-E link substate to avoid performance issue Ahmed Zaki <ahmed.zaki(a)intel.com> idpf: convert control queue mutex to a spinlock Michal Swiatkowski <michal.swiatkowski(a)linux.intel.com> idpf: return 0 size for RSS key if not supported Geliang Tang <geliang(a)kernel.org> nvme-multipath: fix suspicious RCU usage warning Junxiao Chang <junxiao.chang(a)intel.com> drm/i915/gsc: mei interrupt top half should be in irq disabled context Janusz Krzysztofik <janusz.krzysztofik(a)linux.intel.com> drm/i915/gt: Fix timeline left held on VMA alloc error Marko Kiiskila <marko.kiiskila(a)broadcom.com> drm/vmwgfx: Fix guests running with TDX/SEV Oleksij Rempel <o.rempel(a)pengutronix.de> net: usb: lan78xx: fix WARN in __netif_napi_del_locked on disconnect Paulo Alcantara <pc(a)manguebit.org> smb: client: fix warning when reconnecting channel Dmitry Baryshkov <dmitry.baryshkov(a)oss.qualcomm.com> drm/bridge: aux-hpd-bridge: fix assignment of the of_node Dmitry Baryshkov <lumag(a)kernel.org> drm/bridge: panel: move prepare_prev_first handling to drm_panel_bridge_add_typed Alok Tiwari <alok.a.tiwari(a)oracle.com> platform/mellanox: mlxreg-lc: Fix logic error in power state check Kurt Borja <kuurtb(a)gmail.com> platform/x86: dell-wmi-sysman: Fix class device unregistration Kurt Borja <kuurtb(a)gmail.com> platform/x86: think-lmi: Fix class device unregistration Kurt Borja <kuurtb(a)gmail.com> platform/x86: hp-bioscfg: Fix class device unregistration Kurt Borja <kuurtb(a)gmail.com> platform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks Eugen Hristev <eugen.hristev(a)linaro.org> nvme-pci: refresh visible attrs after being checked Dmitry Bogdanov <d.bogdanov(a)yadro.com> nvmet: fix memory leak of bio integrity Alok Tiwari <alok.a.tiwari(a)oracle.com> nvme: Fix incorrect cdw15 value in passthru error logging Dan Carpenter <dan.carpenter(a)linaro.org> drm/i915/selftests: Change mock_request() to return error pointers James Clark <james.clark(a)linaro.org> spi: spi-fsl-dspi: Clear completion counter before initiating transfer Gabor Juhos <j4g8y7(a)gmail.com> spi: spi-qpic-snand: reallocate BAM transactions Marek Szyprowski <m.szyprowski(a)samsung.com> drm/exynos: fimd: Guard display clock control with runtime PM calls Fushuai Wang <wangfushuai(a)baidu.com> dpaa2-eth: fix xdp_rxq_info leak Thomas Fourier <fourier.thomas(a)gmail.com> ethernet: atl1: Add missing DMA mapping error checks and count errors Filipe Manana <fdmanana(a)suse.com> btrfs: use btrfs_record_snapshot_destroy() during rmdir Filipe Manana <fdmanana(a)suse.com> btrfs: propagate last_unlink_trans earlier when doing a rmdir Filipe Manana <fdmanana(a)suse.com> btrfs: record new subvolume in parent dir earlier to avoid dir logging races Filipe Manana <fdmanana(a)suse.com> btrfs: fix inode lookup error handling during log replay Filipe Manana <fdmanana(a)suse.com> btrfs: fix iteration of extrefs during log replay Filipe Manana <fdmanana(a)suse.com> btrfs: fix missing error handling when searching for inode refs during log replay Filipe Manana <fdmanana(a)suse.com> btrfs: fix failure to rebuild free space tree using multiple transactions Yang Li <yang.li(a)amlogic.com> Bluetooth: Prevent unintended pause by checking if advertising is active Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4/flexfiles: Fix handling of NFS level errors in I/O Tigran Mkrtchyan <tigran.mkrtchyan(a)desy.de> flexfiles/pNFS: update stats on NFS4ERR_DELAY for v4.1 DSes Armin Wolf <W_Armin(a)gmx.de> platform/x86: wmi: Fix WMI event enablement Alok Tiwari <alok.a.tiwari(a)oracle.com> platform/mellanox: nvsw-sn2201: Fix bus number in adapter error message Alok Tiwari <alok.a.tiwari(a)oracle.com> platform/mellanox: mlxbf-pmc: Fix duplicate event ID for CACHE_DATA1 Patrisious Haddad <phaddad(a)nvidia.com> RDMA/mlx5: Fix vport loopback for MPV device Patrisious Haddad <phaddad(a)nvidia.com> RDMA/mlx5: Fix CC counters query for MPV Patrisious Haddad <phaddad(a)nvidia.com> RDMA/mlx5: Fix HW counters query for non-representor devices Or Har-Toov <ohartoov(a)nvidia.com> IB/mlx5: Fix potential deadlock in MR deregistration Bart Van Assche <bvanassche(a)acm.org> scsi: ufs: core: Fix spelling of a sysfs attribute name Christoph Hellwig <hch(a)lst.de> scsi: core: Enforce unlimited max_segment_size when virt_boundary_mask is set jackysliu <1972843537(a)qq.com> scsi: sd: Fix VPD page 0xb7 length check Thomas Fourier <fourier.thomas(a)gmail.com> scsi: qla4xxx: Fix missing DMA mapping error in qla4xxx_alloc_pdu() Thomas Fourier <fourier.thomas(a)gmail.com> scsi: qla2xxx: Fix DMA mapping test in qla24xx_get_port_database() Benjamin Coddington <bcodding(a)redhat.com> NFSv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN Kuniyuki Iwashima <kuniyu(a)google.com> nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails. Shivank Garg <shivankg(a)amd.com> fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass Peter Zijlstra <peterz(a)infradead.org> module: Provide EXPORT_SYMBOL_GPL_FOR_MODULES() helper Mark Zhang <markzhang(a)nvidia.com> RDMA/mlx5: Initialize obj_event->obj_sub_list before xa_insert Or Har-Toov <ohartoov(a)nvidia.com> RDMA/mlx5: Fix unsafe xarray access in implicit ODP handling David Thompson <davthompson(a)nvidia.com> platform/mellanox: mlxbf-tmfifo: fix vring_desc.len assignment Sven Peter <sven(a)kernel.org> arm64: dts: apple: Move touchbar mipi {address,size}-cells from dtsi to dts Sven Peter <sven(a)kernel.org> arm64: dts: apple: Drop {address,size}-cells from SPI NOR Janne Grunau <j(a)jannau.net> arm64: dts: apple: t8103: Fix PCIe BCM4377 nodename Arnd Bergmann <arnd(a)arndb.de> RDMA/mlx5: reduce stack usage in mlx5_ib_ufile_hw_cleanup Tudor Ambarus <tudor.ambarus(a)linaro.org> firmware: exynos-acpm: fix timeouts on xfers handling Viresh Kumar <viresh.kumar(a)linaro.org> firmware: arm_ffa: Fix the missing entry in struct ffa_indirect_msg_hdr Sudeep Holla <sudeep.holla(a)arm.com> firmware: arm_ffa: Replace mutex with rwlock to avoid sleep in atomic context Sudeep Holla <sudeep.holla(a)arm.com> firmware: arm_ffa: Move memory allocation outside the mutex locking Sudeep Holla <sudeep.holla(a)arm.com> firmware: arm_ffa: Fix memory leak by freeing notifier callback node Maíra Canal <mcanal(a)igalia.com> drm/v3d: Disable interrupts before resetting the GPU Sergey Senozhatsky <senozhatsky(a)chromium.org> mtk-sd: reset host->mrq on prepare_data() error Masami Hiramatsu (Google) <mhiramat(a)kernel.org> mtk-sd: Prevent memory corruption from DMA map failure Masami Hiramatsu (Google) <mhiramat(a)kernel.org> mtk-sd: Fix a pagefault in dma_unmap_sg() for not prepared data RD Babiera <rdbabiera(a)google.com> usb: typec: altmodes/displayport: do not index invalid pin_assignments Christian Brauner <brauner(a)kernel.org> anon_inode: rework assertions Yunshui Jiang <jiangyunshui(a)kylinos.cn> Input: cs40l50-vibra - fix potential NULL dereference in cs40l50_upload_owt() Manivannan Sadhasivam <mani(a)kernel.org> regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods Nicolin Chen <nicolinc(a)nvidia.com> iommufd/selftest: Fix iommufd_dirty_tracking with large hugepage sizes Christian Eggers <ceggers(a)arri.de> Bluetooth: MGMT: mesh_send: check instances prior disabling advertising Christian Eggers <ceggers(a)arri.de> Bluetooth: MGMT: set_mesh: update LE scan interval and window Christian Eggers <ceggers(a)arri.de> Bluetooth: hci_sync: revert some mesh modifications Christian Eggers <ceggers(a)arri.de> Bluetooth: HCI: Set extended advertising data synchronously Victor Shih <victor.shih(a)genesyslogic.com.tw> mmc: core: Adjust some error messages for SD UHS-II cards Avri Altman <avri.altman(a)sandisk.com> mmc: core: sd: Apply BROKEN_SD_DISCARD quirk earlier Victor Shih <victor.shih(a)genesyslogic.com.tw> mmc: sdhci-uhs2: Adjust some error messages and register dump for SD UHS-II card Ulf Hansson <ulf.hansson(a)linaro.org> Revert "mmc: sdhci: Disable SD card clock before changing parameters" Darrick J. Wong <djwong(a)kernel.org> xfs: actually use the xfs_growfs_check_rtgeom tracepoint Victor Shih <victor.shih(a)genesyslogic.com.tw> mmc: sdhci: Add a helper function for dump register in dynamic debug mode Jiawen Wu <jiawenwu(a)trustnetic.com> net: libwx: fix the incorrect display of the queue number Nicolin Chen <nicolinc(a)nvidia.com> iommufd/selftest: Add asserts testing global mfd Nicolin Chen <nicolinc(a)nvidia.com> iommufd/selftest: Add missing close(mfd) in memfd_mmap() HarshaVardhana S A <harshavardhana.sa(a)broadcom.com> vsock/vmci: Clear the vmci transport packet properly when initializing it Jiawen Wu <jiawenwu(a)trustnetic.com> net: txgbe: request MISC IRQ in ndo_open Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> dt-bindings: net: sophgo,sg2044-dwmac: Drop status from the example Niklas Schnelle <schnelle(a)linux.ibm.com> s390/pci: Do not try re-enabling load/store if device is disabled Niklas Schnelle <schnelle(a)linux.ibm.com> s390/pci: Fix stale function handles in error handling Bui Quang Minh <minhquangbui99(a)gmail.com> virtio-net: ensure the received length does not exceed allocated size Bui Quang Minh <minhquangbui99(a)gmail.com> virtio-net: xsk: rx: fix the frame's length check Mateusz Jończyk <mat.jonczyk(a)o2.pl> rtc: cmos: use spin_lock_irqsave in cmos_interrupt Elena Popa <elena.popa(a)nxp.com> rtc: pcf2127: fix SPI command byte for PCF2131 Hugo Villeneuve <hvilleneuve(a)dimonoff.com> rtc: pcf2127: add missing semicolon after statement ------------- Diffstat: Documentation/ABI/testing/sysfs-devices-system-cpu | 1 + Documentation/ABI/testing/sysfs-driver-ufs | 2 +- .../hw-vuln/processor_mmio_stale_data.rst | 4 +- Documentation/admin-guide/kernel-parameters.txt | 13 ++ Documentation/arch/x86/mds.rst | 8 +- Documentation/core-api/symbol-namespaces.rst | 22 ++ .../bindings/i2c/realtek,rtl9301-i2c.yaml | 3 +- .../bindings/net/sophgo,sg2044-dwmac.yaml | 3 +- Makefile | 4 +- arch/arm64/boot/dts/apple/spi1-nvram.dtsi | 2 - arch/arm64/boot/dts/apple/t8103-j293.dts | 2 + arch/arm64/boot/dts/apple/t8103-jxxx.dtsi | 2 +- arch/arm64/boot/dts/apple/t8103.dtsi | 2 - arch/arm64/boot/dts/apple/t8112-j493.dts | 2 + arch/arm64/boot/dts/apple/t8112.dtsi | 2 - arch/powerpc/include/uapi/asm/ioctls.h | 8 +- arch/riscv/kernel/cpu_ops_sbi.c | 6 +- arch/s390/pci/pci_event.c | 15 ++ arch/x86/Kconfig | 9 + arch/x86/entry/entry.S | 8 +- arch/x86/include/asm/cpufeatures.h | 5 + arch/x86/include/asm/irqflags.h | 4 +- arch/x86/include/asm/kvm_host.h | 1 + arch/x86/include/asm/mwait.h | 28 ++- arch/x86/include/asm/nospec-branch.h | 37 +-- arch/x86/kernel/cpu/amd.c | 44 ++++ arch/x86/kernel/cpu/bugs.c | 133 ++++++++++- arch/x86/kernel/cpu/common.c | 14 +- arch/x86/kernel/cpu/microcode/amd_shas.c | 112 +++++++++ arch/x86/kernel/cpu/scattered.c | 2 + arch/x86/kernel/process.c | 16 +- arch/x86/kvm/cpuid.c | 15 +- arch/x86/kvm/reverse_cpuid.h | 7 + arch/x86/kvm/svm/vmenter.S | 6 + arch/x86/kvm/vmx/vmx.c | 2 +- drivers/acpi/acpica/dsmethod.c | 7 + drivers/ata/libata-acpi.c | 24 +- drivers/ata/pata_cs5536.c | 2 +- drivers/ata/pata_via.c | 6 +- drivers/base/cpu.c | 3 + drivers/block/aoe/aoe.h | 1 + drivers/block/aoe/aoecmd.c | 8 +- drivers/block/aoe/aoedev.c | 5 +- drivers/dma-buf/dma-resv.c | 12 +- drivers/firmware/arm_ffa/driver.c | 71 +++--- drivers/firmware/samsung/exynos-acpm.c | 27 +-- drivers/gpu/drm/bridge/aux-hpd-bridge.c | 3 +- drivers/gpu/drm/bridge/panel.c | 5 +- drivers/gpu/drm/exynos/exynos_drm_fimd.c | 12 + drivers/gpu/drm/i915/gt/intel_gsc.c | 2 +- drivers/gpu/drm/i915/gt/intel_ring_submission.c | 3 +- drivers/gpu/drm/i915/selftests/i915_request.c | 20 +- drivers/gpu/drm/i915/selftests/mock_request.c | 2 +- drivers/gpu/drm/msm/msm_gem_submit.c | 17 +- drivers/gpu/drm/v3d/v3d_drv.h | 8 + drivers/gpu/drm/v3d/v3d_gem.c | 2 + drivers/gpu/drm/v3d/v3d_irq.c | 37 ++- drivers/gpu/drm/vmwgfx/vmwgfx_drv.c | 2 +- drivers/gpu/drm/xe/Kconfig | 3 +- drivers/gpu/drm/xe/abi/guc_klvs_abi.h | 1 + drivers/gpu/drm/xe/xe_device.c | 72 +++--- drivers/gpu/drm/xe/xe_guc_ads.c | 5 + drivers/gpu/drm/xe/xe_guc_pc.c | 249 ++++++++++++++++----- drivers/gpu/drm/xe/xe_guc_pc.h | 2 + drivers/gpu/drm/xe/xe_guc_pc_types.h | 2 + drivers/gpu/drm/xe/xe_migrate.c | 18 +- drivers/gpu/drm/xe/xe_wa_oob.rules | 6 + drivers/hid/hid-appletb-kbd.c | 14 +- drivers/i2c/busses/i2c-designware-master.c | 1 + drivers/infiniband/hw/mlx5/counters.c | 4 +- drivers/infiniband/hw/mlx5/devx.c | 10 +- drivers/infiniband/hw/mlx5/main.c | 33 +++ drivers/infiniband/hw/mlx5/mr.c | 61 +++-- drivers/infiniband/hw/mlx5/odp.c | 8 +- drivers/input/joystick/xpad.c | 2 + drivers/input/misc/cs40l50-vibra.c | 2 + drivers/input/misc/iqs7222.c | 7 +- drivers/iommu/intel/cache.c | 5 +- drivers/iommu/intel/iommu.c | 11 +- drivers/iommu/intel/iommu.h | 2 + drivers/iommu/rockchip-iommu.c | 3 +- drivers/mmc/core/quirks.h | 12 +- drivers/mmc/core/sd_uhs2.c | 4 +- drivers/mmc/host/mtk-sd.c | 21 +- drivers/mmc/host/sdhci-uhs2.c | 20 +- drivers/mmc/host/sdhci.c | 9 +- drivers/mmc/host/sdhci.h | 16 ++ drivers/mtd/nand/spi/core.c | 1 + drivers/net/ethernet/amd/xgbe/xgbe-common.h | 2 + drivers/net/ethernet/amd/xgbe/xgbe-mdio.c | 13 ++ drivers/net/ethernet/amd/xgbe/xgbe-phy-v2.c | 24 +- drivers/net/ethernet/amd/xgbe/xgbe.h | 4 +- drivers/net/ethernet/atheros/atlx/atl1.c | 79 +++++-- drivers/net/ethernet/cisco/enic/enic_main.c | 4 +- drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 26 ++- drivers/net/ethernet/intel/idpf/idpf_controlq.c | 23 +- .../net/ethernet/intel/idpf/idpf_controlq_api.h | 2 +- drivers/net/ethernet/intel/idpf/idpf_ethtool.c | 4 +- drivers/net/ethernet/intel/idpf/idpf_lib.c | 12 +- drivers/net/ethernet/intel/igc/igc_main.c | 10 + drivers/net/ethernet/sun/niu.c | 31 ++- drivers/net/ethernet/sun/niu.h | 4 + drivers/net/ethernet/wangxun/libwx/wx_lib.c | 1 + drivers/net/ethernet/wangxun/txgbe/txgbe_irq.c | 2 +- drivers/net/ethernet/wangxun/txgbe/txgbe_main.c | 22 +- drivers/net/usb/lan78xx.c | 2 - drivers/net/virtio_net.c | 60 ++++- drivers/net/wireless/ath/ath6kl/bmi.c | 4 +- drivers/nvme/host/core.c | 2 +- drivers/nvme/host/multipath.c | 3 +- drivers/nvme/host/pci.c | 6 +- drivers/nvme/target/nvmet.h | 2 + drivers/platform/mellanox/mlxbf-pmc.c | 2 +- drivers/platform/mellanox/mlxbf-tmfifo.c | 3 +- drivers/platform/mellanox/mlxreg-lc.c | 2 +- drivers/platform/mellanox/nvsw-sn2201.c | 2 +- drivers/platform/x86/amd/hsmp/hsmp.c | 6 +- drivers/platform/x86/amd/pmc/pmc-quirks.c | 9 + .../x86/dell/dell-wmi-sysman/dell-wmi-sysman.h | 5 + .../x86/dell/dell-wmi-sysman/enum-attributes.c | 5 +- .../x86/dell/dell-wmi-sysman/int-attributes.c | 5 +- .../x86/dell/dell-wmi-sysman/passobj-attributes.c | 5 +- .../x86/dell/dell-wmi-sysman/string-attributes.c | 5 +- drivers/platform/x86/dell/dell-wmi-sysman/sysman.c | 12 +- drivers/platform/x86/hp/hp-bioscfg/bioscfg.c | 4 +- drivers/platform/x86/think-lmi.c | 94 +++----- drivers/platform/x86/wmi.c | 16 +- drivers/powercap/intel_rapl_common.c | 18 +- drivers/regulator/fan53555.c | 14 ++ drivers/regulator/gpio-regulator.c | 8 +- drivers/rtc/rtc-cmos.c | 10 +- drivers/rtc/rtc-pcf2127.c | 7 +- drivers/scsi/hosts.c | 18 +- drivers/scsi/qla2xxx/qla_mbx.c | 2 +- drivers/scsi/qla4xxx/ql4_os.c | 2 + drivers/scsi/sd.c | 2 +- drivers/spi/spi-fsl-dspi.c | 11 +- drivers/spi/spi-qpic-snand.c | 16 ++ drivers/target/target_core_pr.c | 4 +- drivers/tee/optee/ffa_abi.c | 41 +++- drivers/tee/optee/optee_private.h | 2 + drivers/ufs/core/ufs-sysfs.c | 4 +- drivers/usb/cdns3/cdnsp-debug.h | 5 +- drivers/usb/cdns3/cdnsp-ep0.c | 18 +- drivers/usb/cdns3/cdnsp-gadget.h | 6 + drivers/usb/cdns3/cdnsp-ring.c | 7 +- drivers/usb/chipidea/udc.c | 7 + drivers/usb/core/hub.c | 3 + drivers/usb/core/quirks.c | 3 +- drivers/usb/core/usb-acpi.c | 4 +- drivers/usb/dwc3/core.c | 9 +- drivers/usb/dwc3/gadget.c | 24 +- drivers/usb/host/xhci-dbgcap.c | 4 + drivers/usb/host/xhci-dbgtty.c | 1 + drivers/usb/host/xhci-mem.c | 4 + drivers/usb/host/xhci-pci.c | 25 +++ drivers/usb/host/xhci-plat.c | 3 +- drivers/usb/host/xhci-ring.c | 5 +- drivers/usb/host/xhci.c | 31 +-- drivers/usb/host/xhci.h | 3 +- drivers/usb/typec/altmodes/displayport.c | 5 +- fs/anon_inodes.c | 23 +- fs/btrfs/block-group.h | 2 + fs/btrfs/free-space-tree.c | 40 ++++ fs/btrfs/inode.c | 36 +-- fs/btrfs/ioctl.c | 4 +- fs/btrfs/tree-log.c | 137 ++++++------ fs/exec.c | 9 +- fs/libfs.c | 8 +- fs/namei.c | 2 +- fs/netfs/buffered_write.c | 2 + fs/netfs/direct_write.c | 8 +- fs/netfs/misc.c | 26 ++- fs/netfs/write_retry.c | 2 +- fs/nfs/flexfilelayout/flexfilelayout.c | 120 +++++++--- fs/nfs/inode.c | 17 +- fs/nfs/pnfs.c | 4 +- fs/smb/client/cifsglob.h | 2 + fs/smb/client/cifsproto.h | 1 + fs/smb/client/cifssmb.c | 2 + fs/smb/client/connect.c | 15 +- fs/smb/client/fs_context.c | 17 +- fs/smb/client/misc.c | 6 + fs/smb/client/readdir.c | 2 +- fs/smb/client/reparse.c | 22 +- fs/smb/client/smb2pdu.c | 11 +- fs/xfs/xfs_rtalloc.c | 2 + include/linux/arm_ffa.h | 1 + include/linux/cpu.h | 1 + include/linux/export.h | 12 +- include/linux/fs.h | 2 + include/linux/libata.h | 7 +- include/linux/usb.h | 2 + include/linux/usb/typec_dp.h | 1 + include/trace/events/netfs.h | 1 + kernel/irq/irq_sim.c | 2 +- kernel/rcu/tree.c | 4 + lib/test_objagg.c | 4 +- mm/secretmem.c | 9 +- mm/vmalloc.c | 63 +++--- net/bluetooth/hci_event.c | 36 --- net/bluetooth/hci_sync.c | 227 +++++++++++-------- net/bluetooth/mgmt.c | 25 ++- net/ipv4/ip_input.c | 7 +- net/mac80211/rx.c | 4 + net/rose/rose_route.c | 15 +- net/sched/sch_api.c | 19 +- net/vmw_vsock/vmci_transport.c | 4 +- sound/isa/sb/sb16_main.c | 7 + sound/soc/amd/yc/acp6x-mach.c | 14 ++ tools/testing/selftests/iommu/iommufd.c | 32 ++- tools/testing/selftests/iommu/iommufd_utils.h | 9 +- 212 files changed, 2312 insertions(+), 986 deletions(-)

3 months, 4 weeks

14
194
0 0

[merged mm-hotfixes-stable] mm-fix-the-inaccurate-memory-statistics-issue-for-users.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm: fix the inaccurate memory statistics issue for users has been removed from the -mm tree. Its filename was mm-fix-the-inaccurate-memory-statistics-issue-for-users.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Baolin Wang <baolin.wang(a)linux.alibaba.com> Subject: mm: fix the inaccurate memory statistics issue for users Date: Thu, 5 Jun 2025 20:58:29 +0800 On some large machines with a high number of CPUs running a 64K pagesize kernel, we found that the 'RES' field is always 0 displayed by the top command for some processes, which will cause a lot of confusion for users. PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 875525 root 20 0 12480 0 0 R 0.3 0.0 0:00.08 top 1 root 20 0 172800 0 0 S 0.0 0.0 0:04.52 systemd The main reason is that the batch size of the percpu counter is quite large on these machines, caching a significant percpu value, since converting mm's rss stats into percpu_counter by commit f1a7941243c1 ("mm: convert mm's rss stats into percpu_counter"). Intuitively, the batch number should be optimized, but on some paths, performance may take precedence over statistical accuracy. Therefore, introducing a new interface to add the percpu statistical count and display it to users, which can remove the confusion. In addition, this change is not expected to be on a performance-critical path, so the modification should be acceptable. In addition, the 'mm->rss_stat' is updated by using add_mm_counter() and dec/inc_mm_counter(), which are all wrappers around percpu_counter_add_batch(). In percpu_counter_add_batch(), there is percpu batch caching to avoid 'fbc->lock' contention. This patch changes task_mem() and task_statm() to get the accurate mm counters under the 'fbc->lock', but this should not exacerbate kernel 'mm->rss_stat' lock contention due to the percpu batch caching of the mm counters. The following test also confirm the theoretical analysis. I run the stress-ng that stresses anon page faults in 32 threads on my 32 cores machine, while simultaneously running a script that starts 32 threads to busy-loop pread each stress-ng thread's /proc/pid/status interface. From the following data, I did not observe any obvious impact of this patch on the stress-ng tests. w/o patch: stress-ng: info: [6848] 4,399,219,085,152 CPU Cycles 67.327 B/sec stress-ng: info: [6848] 1,616,524,844,832 Instructions 24.740 B/sec (0.367 instr. per cycle) stress-ng: info: [6848] 39,529,792 Page Faults Total 0.605 M/sec stress-ng: info: [6848] 39,529,792 Page Faults Minor 0.605 M/sec w/patch: stress-ng: info: [2485] 4,462,440,381,856 CPU Cycles 68.382 B/sec stress-ng: info: [2485] 1,615,101,503,296 Instructions 24.750 B/sec (0.362 instr. per cycle) stress-ng: info: [2485] 39,439,232 Page Faults Total 0.604 M/sec stress-ng: info: [2485] 39,439,232 Page Faults Minor 0.604 M/sec On comparing a very simple app which just allocates & touches some memory against v6.1 (which doesn't have f1a7941243c1) and latest Linus tree (4c06e63b9203) I can see that on latest Linus tree the values for VmRSS, RssAnon and RssFile from /proc/self/status are all zeroes while they do report values on v6.1 and a Linus tree with this patch. Link: https://lkml.kernel.org/r/f4586b17f66f97c174f7fd1f8647374fdb53de1c.17491190… Fixes: f1a7941243c1 ("mm: convert mm's rss stats into percpu_counter") Signed-off-by: Baolin Wang <baolin.wang(a)linux.alibaba.com> Reviewed-by: Aboorva Devarajan <aboorvad(a)linux.ibm.com> Tested-by: Aboorva Devarajan <aboorvad(a)linux.ibm.com> Tested-by Donet Tom <donettom(a)linux.ibm.com> Acked-by: Shakeel Butt <shakeel.butt(a)linux.dev> Acked-by: SeongJae Park <sj(a)kernel.org> Acked-by: Michal Hocko <mhocko(a)suse.com> Reviewed-by: Vlastimil Babka <vbabka(a)suse.cz> Cc: David Hildenbrand <david(a)redhat.com> Cc: Liam Howlett <liam.howlett(a)oracle.com> Cc: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Cc: Mike Rapoport <rppt(a)kernel.org> Cc: Suren Baghdasaryan <surenb(a)google.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/proc/task_mmu.c | 14 +++++++------- include/linux/mm.h | 5 +++++ 2 files changed, 12 insertions(+), 7 deletions(-) --- a/fs/proc/task_mmu.c~mm-fix-the-inaccurate-memory-statistics-issue-for-users +++ a/fs/proc/task_mmu.c @@ -36,9 +36,9 @@ void task_mem(struct seq_file *m, struct unsigned long text, lib, swap, anon, file, shmem; unsigned long hiwater_vm, total_vm, hiwater_rss, total_rss; - anon = get_mm_counter(mm, MM_ANONPAGES); - file = get_mm_counter(mm, MM_FILEPAGES); - shmem = get_mm_counter(mm, MM_SHMEMPAGES); + anon = get_mm_counter_sum(mm, MM_ANONPAGES); + file = get_mm_counter_sum(mm, MM_FILEPAGES); + shmem = get_mm_counter_sum(mm, MM_SHMEMPAGES); /* * Note: to minimize their overhead, mm maintains hiwater_vm and @@ -59,7 +59,7 @@ void task_mem(struct seq_file *m, struct text = min(text, mm->exec_vm << PAGE_SHIFT); lib = (mm->exec_vm << PAGE_SHIFT) - text; - swap = get_mm_counter(mm, MM_SWAPENTS); + swap = get_mm_counter_sum(mm, MM_SWAPENTS); SEQ_PUT_DEC("VmPeak:\t", hiwater_vm); SEQ_PUT_DEC(" kB\nVmSize:\t", total_vm); SEQ_PUT_DEC(" kB\nVmLck:\t", mm->locked_vm); @@ -92,12 +92,12 @@ unsigned long task_statm(struct mm_struc unsigned long *shared, unsigned long *text, unsigned long *data, unsigned long *resident) { - *shared = get_mm_counter(mm, MM_FILEPAGES) + - get_mm_counter(mm, MM_SHMEMPAGES); + *shared = get_mm_counter_sum(mm, MM_FILEPAGES) + + get_mm_counter_sum(mm, MM_SHMEMPAGES); *text = (PAGE_ALIGN(mm->end_code) - (mm->start_code & PAGE_MASK)) >> PAGE_SHIFT; *data = mm->data_vm + mm->stack_vm; - *resident = *shared + get_mm_counter(mm, MM_ANONPAGES); + *resident = *shared + get_mm_counter_sum(mm, MM_ANONPAGES); return mm->total_vm; } --- a/include/linux/mm.h~mm-fix-the-inaccurate-memory-statistics-issue-for-users +++ a/include/linux/mm.h @@ -2568,6 +2568,11 @@ static inline unsigned long get_mm_count return percpu_counter_read_positive(&mm->rss_stat[member]); } +static inline unsigned long get_mm_counter_sum(struct mm_struct *mm, int member) +{ + return percpu_counter_sum_positive(&mm->rss_stat[member]); +} + void mm_trace_rss_stat(struct mm_struct *mm, int member); static inline void add_mm_counter(struct mm_struct *mm, int member, long value) _ Patches currently in -mm which might be from baolin.wang(a)linux.alibaba.com are selftests-khugepaged-fix-the-shmem-collapse-failure.patch selftests-mm-add-shmem-collapse-as-a-default-test-item.patch mm-huge_memory-fix-the-check-for-allowed-huge-orders-in-shmem.patch khugepaged-allow-khugepaged-to-check-all-anonymous-mthp-orders.patch khugepaged-kick-khugepaged-for-enabling-none-pmd-sized-mthps.patch mm-fault-in-complete-folios-instead-of-individual-pages-for-tmpfs.patch

3 months, 4 weeks

1
0
0 0

[merged mm-hotfixes-stable] mm-damon-fix-divide-by-zero-in-damon_get_intervals_score.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/damon: fix divide by zero in damon_get_intervals_score() has been removed from the -mm tree. Its filename was mm-damon-fix-divide-by-zero-in-damon_get_intervals_score.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Honggyu Kim <honggyu.kim(a)sk.com> Subject: mm/damon: fix divide by zero in damon_get_intervals_score() Date: Wed, 2 Jul 2025 09:02:04 +0900 The current implementation allows having zero size regions with no special reasons, but damon_get_intervals_score() gets crashed by divide by zero when the region size is zero. [ 29.403950] Oops: divide error: 0000 [#1] SMP NOPTI This patch fixes the bug, but does not disallow zero size regions to keep the backward compatibility since disallowing zero size regions might be a breaking change for some users. In addition, the same crash can happen when intervals_goal.access_bp is zero so this should be fixed in stable trees as well. Link: https://lkml.kernel.org/r/20250702000205.1921-5-honggyu.kim@sk.com Fixes: f04b0fedbe71 ("mm/damon/core: implement intervals auto-tuning") Signed-off-by: Honggyu Kim <honggyu.kim(a)sk.com> Reviewed-by: SeongJae Park <sj(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/damon/core.c | 1 + 1 file changed, 1 insertion(+) --- a/mm/damon/core.c~mm-damon-fix-divide-by-zero-in-damon_get_intervals_score +++ a/mm/damon/core.c @@ -1449,6 +1449,7 @@ static unsigned long damon_get_intervals } } target_access_events = max_access_events * goal_bp / 10000; + target_access_events = target_access_events ? : 1; return access_events * 10000 / target_access_events; } _ Patches currently in -mm which might be from honggyu.kim(a)sk.com are samples-damon-change-enable-parameters-to-enabled.patch

3 months, 4 weeks

1
0
0 0

[merged mm-hotfixes-stable] samples-damon-fix-damon-sample-mtier-for-start-failure.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: samples/damon: fix damon sample mtier for start failure has been removed from the -mm tree. Its filename was samples-damon-fix-damon-sample-mtier-for-start-failure.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Honggyu Kim <honggyu.kim(a)sk.com> Subject: samples/damon: fix damon sample mtier for start failure Date: Wed, 2 Jul 2025 09:02:03 +0900 The damon_sample_mtier_start() can fail so we must reset the "enable" parameter to "false" again for proper rollback. In such cases, setting Y to "enable" then N triggers the similar crash with mtier because damon sample start failed but the "enable" stays as Y. Link: https://lkml.kernel.org/r/20250702000205.1921-4-honggyu.kim@sk.com Fixes: 82a08bde3cf7 ("samples/damon: implement a DAMON module for memory tiering") Signed-off-by: Honggyu Kim <honggyu.kim(a)sk.com> Reviewed-by: SeongJae Park <sj(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- samples/damon/mtier.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) --- a/samples/damon/mtier.c~samples-damon-fix-damon-sample-mtier-for-start-failure +++ a/samples/damon/mtier.c @@ -164,8 +164,12 @@ static int damon_sample_mtier_enable_sto if (enable == enabled) return 0; - if (enable) - return damon_sample_mtier_start(); + if (enable) { + err = damon_sample_mtier_start(); + if (err) + enable = false; + return err; + } damon_sample_mtier_stop(); return 0; } _ Patches currently in -mm which might be from honggyu.kim(a)sk.com are samples-damon-change-enable-parameters-to-enabled.patch

3 months, 4 weeks

1
0
0 0

[merged mm-hotfixes-stable] samples-damon-fix-damon-sample-wsse-for-start-failure.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: samples/damon: fix damon sample wsse for start failure has been removed from the -mm tree. Its filename was samples-damon-fix-damon-sample-wsse-for-start-failure.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Honggyu Kim <honggyu.kim(a)sk.com> Subject: samples/damon: fix damon sample wsse for start failure Date: Wed, 2 Jul 2025 09:02:02 +0900 The damon_sample_wsse_start() can fail so we must reset the "enable" parameter to "false" again for proper rollback. In such cases, setting Y to "enable" then N triggers the similar crash with wsse because damon sample start failed but the "enable" stays as Y. Link: https://lkml.kernel.org/r/20250702000205.1921-3-honggyu.kim@sk.com Fixes: b757c6cfc696 ("samples/damon/wsse: start and stop DAMON as the user requests") Signed-off-by: Honggyu Kim <honggyu.kim(a)sk.com> Reviewed-by: SeongJae Park <sj(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- samples/damon/wsse.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) --- a/samples/damon/wsse.c~samples-damon-fix-damon-sample-wsse-for-start-failure +++ a/samples/damon/wsse.c @@ -102,8 +102,12 @@ static int damon_sample_wsse_enable_stor if (enable == enabled) return 0; - if (enable) - return damon_sample_wsse_start(); + if (enable) { + err = damon_sample_wsse_start(); + if (err) + enable = false; + return err; + } damon_sample_wsse_stop(); return 0; } _ Patches currently in -mm which might be from honggyu.kim(a)sk.com are samples-damon-change-enable-parameters-to-enabled.patch

3 months, 4 weeks

1
0
0 0

[merged mm-hotfixes-stable] samples-damon-fix-damon-sample-prcl-for-start-failure.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: samples/damon: fix damon sample prcl for start failure has been removed from the -mm tree. Its filename was samples-damon-fix-damon-sample-prcl-for-start-failure.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Honggyu Kim <honggyu.kim(a)sk.com> Subject: samples/damon: fix damon sample prcl for start failure Date: Wed, 2 Jul 2025 09:02:01 +0900 Patch series "mm/damon: fix divide by zero and its samples", v3. This series includes fixes against damon and its samples to make it safer when damon sample starting fails. It includes the following changes. - fix unexpected divide by zero crash for zero size regions - fix bugs for damon samples in case of start failures This patch (of 4): The damon_sample_prcl_start() can fail so we must reset the "enable" parameter to "false" again for proper rollback. In such cases, setting Y to "enable" then N triggers the following crash because damon sample start failed but the "enable" stays as Y. [ 2441.419649] damon_sample_prcl: start [ 2454.146817] damon_sample_prcl: stop [ 2454.146862] ------------[ cut here ]------------ [ 2454.146865] kernel BUG at mm/slub.c:546! [ 2454.148183] Oops: invalid opcode: 0000 [#1] SMP NOPTI ... [ 2454.167555] Call Trace: [ 2454.167822] <TASK> [ 2454.168061] damon_destroy_ctx+0x78/0x140 [ 2454.168454] damon_sample_prcl_enable_store+0x8d/0xd0 [ 2454.168932] param_attr_store+0xa1/0x120 [ 2454.169315] module_attr_store+0x20/0x50 [ 2454.169695] sysfs_kf_write+0x72/0x90 [ 2454.170065] kernfs_fop_write_iter+0x150/0x1e0 [ 2454.170491] vfs_write+0x315/0x440 [ 2454.170833] ksys_write+0x69/0xf0 [ 2454.171162] __x64_sys_write+0x19/0x30 [ 2454.171525] x64_sys_call+0x18b2/0x2700 [ 2454.171900] do_syscall_64+0x7f/0x680 [ 2454.172258] ? exit_to_user_mode_loop+0xf6/0x180 [ 2454.172694] ? clear_bhb_loop+0x30/0x80 [ 2454.173067] ? clear_bhb_loop+0x30/0x80 [ 2454.173439] entry_SYSCALL_64_after_hwframe+0x76/0x7e Link: https://lkml.kernel.org/r/20250702000205.1921-1-honggyu.kim@sk.com Link: https://lkml.kernel.org/r/20250702000205.1921-2-honggyu.kim@sk.com Fixes: 2aca254620a8 ("samples/damon: introduce a skeleton of a smaple DAMON module for proactive reclamation") Signed-off-by: Honggyu Kim <honggyu.kim(a)sk.com> Reviewed-by: SeongJae Park <sj(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- samples/damon/prcl.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) --- a/samples/damon/prcl.c~samples-damon-fix-damon-sample-prcl-for-start-failure +++ a/samples/damon/prcl.c @@ -122,8 +122,12 @@ static int damon_sample_prcl_enable_stor if (enable == enabled) return 0; - if (enable) - return damon_sample_prcl_start(); + if (enable) { + err = damon_sample_prcl_start(); + if (err) + enable = false; + return err; + } damon_sample_prcl_stop(); return 0; } _ Patches currently in -mm which might be from honggyu.kim(a)sk.com are samples-damon-change-enable-parameters-to-enabled.patch

3 months, 4 weeks

1
0
0 0

[merged mm-hotfixes-stable] kasan-remove-kasan_find_vm_area-to-prevent-possible-deadlock.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: kasan: remove kasan_find_vm_area() to prevent possible deadlock has been removed from the -mm tree. Its filename was kasan-remove-kasan_find_vm_area-to-prevent-possible-deadlock.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Yeoreum Yun <yeoreum.yun(a)arm.com> Subject: kasan: remove kasan_find_vm_area() to prevent possible deadlock Date: Thu, 3 Jul 2025 19:10:18 +0100 find_vm_area() couldn't be called in atomic_context. If find_vm_area() is called to reports vm area information, kasan can trigger deadlock like: CPU0 CPU1 vmalloc(); alloc_vmap_area(); spin_lock(&vn->busy.lock) spin_lock_bh(&some_lock); <interrupt occurs> <in softirq> spin_lock(&some_lock); <access invalid address> kasan_report(); print_report(); print_address_description(); kasan_find_vm_area(); find_vm_area(); spin_lock(&vn->busy.lock) // deadlock! To prevent possible deadlock while kasan reports, remove kasan_find_vm_area(). Link: https://lkml.kernel.org/r/20250703181018.580833-1-yeoreum.yun@arm.com Fixes: c056a364e954 ("kasan: print virtual mapping info in reports") Signed-off-by: Yeoreum Yun <yeoreum.yun(a)arm.com> Reported-by: Yunseong Kim <ysk(a)kzalloc.com> Reviewed-by: Andrey Ryabinin <ryabinin.a.a(a)gmail.com> Cc: Alexander Potapenko <glider(a)google.com> Cc: Andrey Konovalov <andreyknvl(a)gmail.com> Cc: Byungchul Park <byungchul(a)sk.com> Cc: Dmitriy Vyukov <dvyukov(a)google.com> Cc: Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> Cc: Steven Rostedt <rostedt(a)goodmis.org> Cc: Vincenzo Frascino <vincenzo.frascino(a)arm.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/kasan/report.c | 45 +------------------------------------------- 1 file changed, 2 insertions(+), 43 deletions(-) --- a/mm/kasan/report.c~kasan-remove-kasan_find_vm_area-to-prevent-possible-deadlock +++ a/mm/kasan/report.c @@ -370,36 +370,6 @@ static inline bool init_task_stack_addr( sizeof(init_thread_union.stack)); } -/* - * This function is invoked with report_lock (a raw_spinlock) held. A - * PREEMPT_RT kernel cannot call find_vm_area() as it will acquire a sleeping - * rt_spinlock. - * - * For !RT kernel, the PROVE_RAW_LOCK_NESTING config option will print a - * lockdep warning for this raw_spinlock -> spinlock dependency. This config - * option is enabled by default to ensure better test coverage to expose this - * kind of RT kernel problem. This lockdep splat, however, can be suppressed - * by using DEFINE_WAIT_OVERRIDE_MAP() if it serves a useful purpose and the - * invalid PREEMPT_RT case has been taken care of. - */ -static inline struct vm_struct *kasan_find_vm_area(void *addr) -{ - static DEFINE_WAIT_OVERRIDE_MAP(vmalloc_map, LD_WAIT_SLEEP); - struct vm_struct *va; - - if (IS_ENABLED(CONFIG_PREEMPT_RT)) - return NULL; - - /* - * Suppress lockdep warning and fetch vmalloc area of the - * offending address. - */ - lock_map_acquire_try(&vmalloc_map); - va = find_vm_area(addr); - lock_map_release(&vmalloc_map); - return va; -} - static void print_address_description(void *addr, u8 tag, struct kasan_report_info *info) { @@ -429,19 +399,8 @@ static void print_address_description(vo } if (is_vmalloc_addr(addr)) { - struct vm_struct *va = kasan_find_vm_area(addr); - - if (va) { - pr_err("The buggy address belongs to the virtual mapping at\n" - " [%px, %px) created by:\n" - " %pS\n", - va->addr, va->addr + va->size, va->caller); - pr_err("\n"); - - page = vmalloc_to_page(addr); - } else { - pr_err("The buggy address %px belongs to a vmalloc virtual mapping\n", addr); - } + pr_err("The buggy address %px belongs to a vmalloc virtual mapping\n", addr); + page = vmalloc_to_page(addr); } if (page) { _ Patches currently in -mm which might be from yeoreum.yun(a)arm.com are

3 months, 4 weeks

1
0
0 0

[merged mm-hotfixes-stable] scripts-gdb-vfs-support-external-dentry-names.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: scripts: gdb: vfs: support external dentry names has been removed from the -mm tree. Its filename was scripts-gdb-vfs-support-external-dentry-names.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Illia Ostapyshyn <illia(a)yshyn.com> Subject: scripts: gdb: vfs: support external dentry names Date: Sun, 29 Jun 2025 02:38:11 +0200 d_shortname of struct dentry only reserves D_NAME_INLINE_LEN characters and contains garbage for longer names. Use d_name instead, which always references the valid name. Link: https://lore.kernel.org/all/20250525213709.878287-2-illia@yshyn.com/ Link: https://lkml.kernel.org/r/20250629003811.2420418-1-illia@yshyn.com Fixes: 79300ac805b6 ("scripts/gdb: fix dentry_name() lookup") Signed-off-by: Illia Ostapyshyn <illia(a)yshyn.com> Tested-by: Florian Fainelli <florian.fainelli(a)broadcom.com> Reviewed-by: Florian Fainelli <florian.fainelli(a)broadcom.com> Cc: Al Viro <viro(a)zeniv.linux.org.uk> Cc: Christian Brauner <brauner(a)kernel.org> Cc: Jan Kara <jack(a)suse.cz> Cc: Jan Kiszka <jan.kiszka(a)siemens.com> Cc: Kieran Bingham <kbingham(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- scripts/gdb/linux/vfs.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/scripts/gdb/linux/vfs.py~scripts-gdb-vfs-support-external-dentry-names +++ a/scripts/gdb/linux/vfs.py @@ -22,7 +22,7 @@ def dentry_name(d): if parent == d or parent == 0: return "" p = dentry_name(d['d_parent']) + "/" - return p + d['d_shortname']['string'].string() + return p + d['d_name']['name'].string() class DentryName(gdb.Function): """Return string of the full path of a dentry. _ Patches currently in -mm which might be from illia(a)yshyn.com are

3 months, 4 weeks

1
0
0 0

[merged mm-hotfixes-stable] mm-damon-core-handle-damon_call_control-as-normal-under-kdmond-deactivation.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/damon/core: handle damon_call_control as normal under kdmond deactivation has been removed from the -mm tree. Its filename was mm-damon-core-handle-damon_call_control-as-normal-under-kdmond-deactivation.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: SeongJae Park <sj(a)kernel.org> Subject: mm/damon/core: handle damon_call_control as normal under kdmond deactivation Date: Sun, 29 Jun 2025 13:49:14 -0700 DAMON sysfs interface internally uses damon_call() to update DAMON parameters as users requested, online. However, DAMON core cancels any damon_call() requests when it is deactivated by DAMOS watermarks. As a result, users cannot change DAMON parameters online while DAMON is deactivated. Note that users can turn DAMON off and on with different watermarks to work around. Since deactivated DAMON is nearly same to stopped DAMON, the work around should have no big problem. Anyway, a bug is a bug. There is no real good reason to cancel the damon_call() request under DAMOS deactivation. Fix it by simply handling the request as normal, rather than cancelling under the situation. Link: https://lkml.kernel.org/r/20250629204914.54114-1-sj@kernel.org Fixes: 42b7491af14c ("mm/damon/core: introduce damon_call()") Signed-off-by: SeongJae Park <sj(a)kernel.org> Cc: <stable(a)vger.kernel.org> [6.14+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/damon/core.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) --- a/mm/damon/core.c~mm-damon-core-handle-damon_call_control-as-normal-under-kdmond-deactivation +++ a/mm/damon/core.c @@ -2355,9 +2355,8 @@ static void kdamond_usleep(unsigned long * * If there is a &struct damon_call_control request that registered via * &damon_call() on @ctx, do or cancel the invocation of the function depending - * on @cancel. @cancel is set when the kdamond is deactivated by DAMOS - * watermarks, or the kdamond is already out of the main loop and therefore - * will be terminated. + * on @cancel. @cancel is set when the kdamond is already out of the main loop + * and therefore will be terminated. */ static void kdamond_call(struct damon_ctx *ctx, bool cancel) { @@ -2405,7 +2404,7 @@ static int kdamond_wait_activation(struc if (ctx->callback.after_wmarks_check && ctx->callback.after_wmarks_check(ctx)) break; - kdamond_call(ctx, true); + kdamond_call(ctx, false); damos_walk_cancel(ctx); } return -EBUSY; _ Patches currently in -mm which might be from sj(a)kernel.org are mm-damon-introduce-damon_stat-module.patch mm-damon-introduce-damon_stat-module-fix.patch mm-damon-introduce-damon_stat-module-fix-2.patch mm-damon-stat-calculate-and-expose-estimated-memory-bandwidth.patch mm-damon-stat-calculate-and-expose-idle-time-percentiles.patch docs-admin-guide-mm-damon-add-damon_stat-usage-document.patch mm-damon-paddr-use-alloc_migartion_target-with-no-migration-fallback-nodemask.patch revert-mm-rename-alloc_demote_folio-to-alloc_migrate_folio.patch revert-mm-make-alloc_demote_folio-externally-invokable-for-migration.patch selftets-damon-add-a-test-for-memcg_path-leak.patch mm-damon-sysfs-schemes-decouple-from-damos_quota_goal_metric.patch mm-damon-sysfs-schemes-decouple-from-damos_action.patch mm-damon-sysfs-schemes-decouple-from-damos_wmark_metric.patch mm-damon-sysfs-schemes-decouple-from-damos_filter_type.patch mm-damon-sysfs-decouple-from-damon_ops_id.patch selftests-damon-add-drgn-script-for-extracting-damon-status.patch selftests-damon-_damon_sysfs-set-kdamondpid-in-start.patch selftests-damon-add-python-and-drgn-based-damon-sysfs-test.patch selftests-damon-sysfspy-test-monitoring-attribute-parameters.patch selftests-damon-sysfspy-test-adaptive-targets-parameter.patch selftests-damon-sysfspy-test-damos-schemes-parameters-setup.patch mm-damon-add-trace-event-for-auto-tuned-monitoring-intervals.patch mm-damon-add-trace-event-for-effective-size-quota.patch mm-damon-add-trace-event-for-effective-size-quota-fix.patch mm-damon-add-trace-event-for-effective-size-quota-fix-2.patch samples-damon-wsse-fix-boot-time-enable-handling.patch samples-damon-prcl-fix-boot-time-enable-crash.patch samples-damon-mtier-support-boot-time-enable-setup.patch mm-damon-reclaim-reset-enabled-when-damon-start-failed.patch mm-damon-lru_sort-reset-enabled-when-damon-start-failed.patch mm-damon-reclaim-use-parameter-context-correctly.patch samples-damon-wsse-rename-to-have-damon_sample_-prefix.patch samples-damon-prcl-rename-to-have-damon_sample_-prefix.patch samples-damon-mtier-rename-to-have-damon_sample_-prefix.patch mm-damon-sysfs-use-damon-core-api-damon_is_running.patch mm-damon-sysfs-dont-hold-kdamond_lock-in-before_terminate.patch docs-mm-damon-maintainer-profile-update-for-mm-new-tree.patch mm-damon-add-struct-damos_migrate_dests.patch mm-damon-core-add-damos-migrate_dests-field.patch mm-damon-sysfs-schemes-implement-damos-action-destinations-directory.patch mm-damon-sysfs-schemes-set-damos-migrate_dests.patch docs-abi-damon-document-schemes-dests-directory.patch docs-admin-guide-mm-damon-usage-document-dests-directory.patch

3 months, 4 weeks

1
0
0 0

[merged mm-hotfixes-stable] mm-rmap-fix-potential-out-of-bounds-page-table-access-during-batched-unmap.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/rmap: fix potential out-of-bounds page table access during batched unmap has been removed from the -mm tree. Its filename was mm-rmap-fix-potential-out-of-bounds-page-table-access-during-batched-unmap.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Lance Yang <lance.yang(a)linux.dev> Subject: mm/rmap: fix potential out-of-bounds page table access during batched unmap Date: Fri, 27 Jun 2025 14:23:19 +0800 As pointed out by David[1], the batched unmap logic in try_to_unmap_one() may read past the end of a PTE table when a large folio's PTE mappings are not fully contained within a single page table. While this scenario might be rare, an issue triggerable from userspace must be fixed regardless of its likelihood. This patch fixes the out-of-bounds access by refactoring the logic into a new helper, folio_unmap_pte_batch(). The new helper correctly calculates the safe batch size by capping the scan at both the VMA and PMD boundaries. To simplify the code, it also supports partial batching (i.e., any number of pages from 1 up to the calculated safe maximum), as there is no strong reason to special-case for fully mapped folios. Link: https://lkml.kernel.org/r/20250701143100.6970-1-lance.yang@linux.dev Link: https://lkml.kernel.org/r/20250630011305.23754-1-lance.yang@linux.dev Link: https://lkml.kernel.org/r/20250627062319.84936-1-lance.yang@linux.dev Link: https://lore.kernel.org/linux-mm/a694398c-9f03-4737-81b9-7e49c857fcbe@redha… [1] Fixes: 354dffd29575 ("mm: support batched unmap for lazyfree large folios during reclamation") Signed-off-by: Lance Yang <lance.yang(a)linux.dev> Suggested-by: David Hildenbrand <david(a)redhat.com> Reported-by: David Hildenbrand <david(a)redhat.com> Closes: https://lore.kernel.org/linux-mm/a694398c-9f03-4737-81b9-7e49c857fcbe@redha… Suggested-by: Barry Song <baohua(a)kernel.org> Acked-by: Barry Song <baohua(a)kernel.org> Reviewed-by: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Acked-by: David Hildenbrand <david(a)redhat.com> Reviewed-by: Harry Yoo <harry.yoo(a)oracle.com> Cc: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: Chris Li <chrisl(a)kernel.org> Cc: "Huang, Ying" <huang.ying.caritas(a)gmail.com> Cc: Kairui Song <kasong(a)tencent.com> Cc: Lance Yang <lance.yang(a)linux.dev> Cc: Liam Howlett <liam.howlett(a)oracle.com> Cc: Mingzhe Yang <mingzhe.yang(a)ly.com> Cc: Rik van Riel <riel(a)surriel.com> Cc: Ryan Roberts <ryan.roberts(a)arm.com> Cc: Tangquan Zheng <zhengtangquan(a)oppo.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/rmap.c | 46 ++++++++++++++++++++++++++++------------------ 1 file changed, 28 insertions(+), 18 deletions(-) --- a/mm/rmap.c~mm-rmap-fix-potential-out-of-bounds-page-table-access-during-batched-unmap +++ a/mm/rmap.c @@ -1845,23 +1845,32 @@ void folio_remove_rmap_pud(struct folio #endif } -/* We support batch unmapping of PTEs for lazyfree large folios */ -static inline bool can_batch_unmap_folio_ptes(unsigned long addr, - struct folio *folio, pte_t *ptep) +static inline unsigned int folio_unmap_pte_batch(struct folio *folio, + struct page_vma_mapped_walk *pvmw, + enum ttu_flags flags, pte_t pte) { const fpb_t fpb_flags = FPB_IGNORE_DIRTY | FPB_IGNORE_SOFT_DIRTY; - int max_nr = folio_nr_pages(folio); - pte_t pte = ptep_get(ptep); + unsigned long end_addr, addr = pvmw->address; + struct vm_area_struct *vma = pvmw->vma; + unsigned int max_nr; + + if (flags & TTU_HWPOISON) + return 1; + if (!folio_test_large(folio)) + return 1; + + /* We may only batch within a single VMA and a single page table. */ + end_addr = pmd_addr_end(addr, vma->vm_end); + max_nr = (end_addr - addr) >> PAGE_SHIFT; + /* We only support lazyfree batching for now ... */ if (!folio_test_anon(folio) || folio_test_swapbacked(folio)) - return false; + return 1; if (pte_unused(pte)) - return false; - if (pte_pfn(pte) != folio_pfn(folio)) - return false; + return 1; - return folio_pte_batch(folio, addr, ptep, pte, max_nr, fpb_flags, NULL, - NULL, NULL) == max_nr; + return folio_pte_batch(folio, addr, pvmw->pte, pte, max_nr, fpb_flags, + NULL, NULL, NULL); } /* @@ -2024,9 +2033,7 @@ static bool try_to_unmap_one(struct foli if (pte_dirty(pteval)) folio_mark_dirty(folio); } else if (likely(pte_present(pteval))) { - if (folio_test_large(folio) && !(flags & TTU_HWPOISON) && - can_batch_unmap_folio_ptes(address, folio, pvmw.pte)) - nr_pages = folio_nr_pages(folio); + nr_pages = folio_unmap_pte_batch(folio, &pvmw, flags, pteval); end_addr = address + nr_pages * PAGE_SIZE; flush_cache_range(vma, address, end_addr); @@ -2206,13 +2213,16 @@ discard: hugetlb_remove_rmap(folio); } else { folio_remove_rmap_ptes(folio, subpage, nr_pages, vma); - folio_ref_sub(folio, nr_pages - 1); } if (vma->vm_flags & VM_LOCKED) mlock_drain_local(); - folio_put(folio); - /* We have already batched the entire folio */ - if (nr_pages > 1) + folio_put_refs(folio, nr_pages); + + /* + * If we are sure that we batched the entire folio and cleared + * all PTEs, we can just optimize and stop right here. + */ + if (nr_pages == folio_nr_pages(folio)) goto walk_done; continue; walk_abort: _ Patches currently in -mm which might be from lance.yang(a)linux.dev are locking-rwsem-make-owner-helpers-globally-available.patch hung_task-extend-hung-task-blocker-tracking-to-rwsems.patch

3 months, 4 weeks

1
0
0 0

[merged mm-hotfixes-stable] scripts-gdb-de-reference-per-cpu-mce-interrupts.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: scripts/gdb: de-reference per-CPU MCE interrupts has been removed from the -mm tree. Its filename was scripts-gdb-de-reference-per-cpu-mce-interrupts.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Florian Fainelli <florian.fainelli(a)broadcom.com> Subject: scripts/gdb: de-reference per-CPU MCE interrupts Date: Mon, 23 Jun 2025 20:00:19 -0700 The per-CPU MCE interrupts are looked up by reference and need to be de-referenced before printing, otherwise we print the addresses of the variables instead of their contents: MCE: 18379471554386948492 Machine check exceptions MCP: 18379471554386948488 Machine check polls The corrected output looks like this instead now: MCE: 0 Machine check exceptions MCP: 1 Machine check polls Link: https://lkml.kernel.org/r/20250625021109.1057046-1-florian.fainelli@broadco… Link: https://lkml.kernel.org/r/20250624030020.882472-1-florian.fainelli@broadcom… Fixes: b0969d7687a7 ("scripts/gdb: print interrupts") Signed-off-by: Florian Fainelli <florian.fainelli(a)broadcom.com> Cc: Jan Kiszka <jan.kiszka(a)siemens.com> Cc: Kieran Bingham <kbingham(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- scripts/gdb/linux/interrupts.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/scripts/gdb/linux/interrupts.py~scripts-gdb-de-reference-per-cpu-mce-interrupts +++ a/scripts/gdb/linux/interrupts.py @@ -110,7 +110,7 @@ def x86_show_mce(prec, var, pfx, desc): pvar = gdb.parse_and_eval(var) text = "%*s: " % (prec, pfx) for cpu in cpus.each_online_cpu(): - text += "%10u " % (cpus.per_cpu(pvar, cpu)) + text += "%10u " % (cpus.per_cpu(pvar, cpu).dereference()) text += " %s\n" % (desc) return text _ Patches currently in -mm which might be from florian.fainelli(a)broadcom.com are

3 months, 4 weeks

1
0
0 0

[merged mm-hotfixes-stable] scripts-gdb-fix-interruptspy-after-maple-tree-conversion.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: scripts/gdb: fix interrupts.py after maple tree conversion has been removed from the -mm tree. Its filename was scripts-gdb-fix-interruptspy-after-maple-tree-conversion.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Florian Fainelli <florian.fainelli(a)broadcom.com> Subject: scripts/gdb: fix interrupts.py after maple tree conversion Date: Tue, 24 Jun 2025 19:10:20 -0700 In commit 721255b9826b ("genirq: Use a maple tree for interrupt descriptor management"), the irq_desc_tree was replaced with a sparse_irqs tree using a maple tree structure. Since the script looked for the irq_desc_tree symbol which is no longer available, no interrupts would be printed and the script output would not be useful anymore. In addition to looking up the correct symbol (sparse_irqs), a new module (mapletree.py) is added whose mtree_load() implementation is largely copied after the C version and uses the same variable and intermediate function names wherever possible to ensure that both the C and Python version be updated in the future. This restores the scripts' output to match that of /proc/interrupts. Link: https://lkml.kernel.org/r/20250625021020.1056930-1-florian.fainelli@broadco… Fixes: 721255b9826b ("genirq: Use a maple tree for interrupt descriptor management") Signed-off-by: Florian Fainelli <florian.fainelli(a)broadcom.com> Cc: Jan Kiszka <jan.kiszka(a)siemens.com> Cc: Kieran Bingham <kbingham(a)kernel.org> Cc: Shanker Donthineni <sdonthineni(a)nvidia.com> Cc: Thomas Gleinxer <tglx(a)linutronix.de> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- scripts/gdb/linux/constants.py.in | 7 scripts/gdb/linux/interrupts.py | 12 - scripts/gdb/linux/mapletree.py | 252 ++++++++++++++++++++++++++++ scripts/gdb/linux/xarray.py | 28 +++ 4 files changed, 293 insertions(+), 6 deletions(-) --- a/scripts/gdb/linux/constants.py.in~scripts-gdb-fix-interruptspy-after-maple-tree-conversion +++ a/scripts/gdb/linux/constants.py.in @@ -20,6 +20,7 @@ #include <linux/of_fdt.h> #include <linux/page_ext.h> #include <linux/radix-tree.h> +#include <linux/maple_tree.h> #include <linux/slab.h> #include <linux/threads.h> #include <linux/vmalloc.h> @@ -93,6 +94,12 @@ LX_GDBPARSED(RADIX_TREE_MAP_SIZE) LX_GDBPARSED(RADIX_TREE_MAP_SHIFT) LX_GDBPARSED(RADIX_TREE_MAP_MASK) +/* linux/maple_tree.h */ +LX_VALUE(MAPLE_NODE_SLOTS) +LX_VALUE(MAPLE_RANGE64_SLOTS) +LX_VALUE(MAPLE_ARANGE64_SLOTS) +LX_GDBPARSED(MAPLE_NODE_MASK) + /* linux/vmalloc.h */ LX_VALUE(VM_IOREMAP) LX_VALUE(VM_ALLOC) --- a/scripts/gdb/linux/interrupts.py~scripts-gdb-fix-interruptspy-after-maple-tree-conversion +++ a/scripts/gdb/linux/interrupts.py @@ -7,7 +7,7 @@ import gdb from linux import constants from linux import cpus from linux import utils -from linux import radixtree +from linux import mapletree irq_desc_type = utils.CachedType("struct irq_desc") @@ -23,12 +23,12 @@ def irqd_is_level(desc): def show_irq_desc(prec, irq): text = "" - desc = radixtree.lookup(gdb.parse_and_eval("&irq_desc_tree"), irq) + desc = mapletree.mtree_load(gdb.parse_and_eval("&sparse_irqs"), irq) if desc is None: return text - desc = desc.cast(irq_desc_type.get_type()) - if desc is None: + desc = desc.cast(irq_desc_type.get_type().pointer()) + if desc == 0: return text if irq_settings_is_hidden(desc): @@ -221,8 +221,8 @@ class LxInterruptList(gdb.Command): gdb.write("CPU%-8d" % cpu) gdb.write("\n") - if utils.gdb_eval_or_none("&irq_desc_tree") is None: - return + if utils.gdb_eval_or_none("&sparse_irqs") is None: + raise gdb.GdbError("Unable to find the sparse IRQ tree, is CONFIG_SPARSE_IRQ enabled?") for irq in range(nr_irqs): gdb.write(show_irq_desc(prec, irq)) diff --git a/scripts/gdb/linux/mapletree.py a/scripts/gdb/linux/mapletree.py new file mode 100644 --- /dev/null +++ a/scripts/gdb/linux/mapletree.py @@ -0,0 +1,252 @@ +# SPDX-License-Identifier: GPL-2.0 +# +# Maple tree helpers +# +# Copyright (c) 2025 Broadcom +# +# Authors: +# Florian Fainelli <florian.fainelli(a)broadcom.com> + +import gdb + +from linux import utils +from linux import constants +from linux import xarray + +maple_tree_root_type = utils.CachedType("struct maple_tree") +maple_node_type = utils.CachedType("struct maple_node") +maple_enode_type = utils.CachedType("void") + +maple_dense = 0 +maple_leaf_64 = 1 +maple_range_64 = 2 +maple_arange_64 = 3 + +class Mas(object): + ma_active = 0 + ma_start = 1 + ma_root = 2 + ma_none = 3 + ma_pause = 4 + ma_overflow = 5 + ma_underflow = 6 + ma_error = 7 + + def __init__(self, mt, first, end): + if mt.type == maple_tree_root_type.get_type().pointer(): + self.tree = mt.dereference() + elif mt.type != maple_tree_root_type.get_type(): + raise gdb.GdbError("must be {} not {}" + .format(maple_tree_root_type.get_type().pointer(), mt.type)) + self.tree = mt + self.index = first + self.last = end + self.node = None + self.status = self.ma_start + self.min = 0 + self.max = -1 + + def is_start(self): + # mas_is_start() + return self.status == self.ma_start + + def is_ptr(self): + # mas_is_ptr() + return self.status == self.ma_root + + def is_none(self): + # mas_is_none() + return self.status == self.ma_none + + def root(self): + # mas_root() + return self.tree['ma_root'].cast(maple_enode_type.get_type().pointer()) + + def start(self): + # mas_start() + if self.is_start() is False: + return None + + self.min = 0 + self.max = ~0 + + while True: + self.depth = 0 + root = self.root() + if xarray.xa_is_node(root): + self.depth = 0 + self.status = self.ma_active + self.node = mte_safe_root(root) + self.offset = 0 + if mte_dead_node(self.node) is True: + continue + + return None + + self.node = None + # Empty tree + if root is None: + self.status = self.ma_none + self.offset = constants.LX_MAPLE_NODE_SLOTS + return None + + # Single entry tree + self.status = self.ma_root + self.offset = constants.LX_MAPLE_NODE_SLOTS + + if self.index != 0: + return None + + return root + + return None + + def reset(self): + # mas_reset() + self.status = self.ma_start + self.node = None + +def mte_safe_root(node): + if node.type != maple_enode_type.get_type().pointer(): + raise gdb.GdbError("{} must be {} not {}" + .format(mte_safe_root.__name__, maple_enode_type.get_type().pointer(), node.type)) + ulong_type = utils.get_ulong_type() + indirect_ptr = node.cast(ulong_type) & ~0x2 + val = indirect_ptr.cast(maple_enode_type.get_type().pointer()) + return val + +def mte_node_type(entry): + ulong_type = utils.get_ulong_type() + val = None + if entry.type == maple_enode_type.get_type().pointer(): + val = entry.cast(ulong_type) + elif entry.type == ulong_type: + val = entry + else: + raise gdb.GdbError("{} must be {} not {}" + .format(mte_node_type.__name__, maple_enode_type.get_type().pointer(), entry.type)) + return (val >> 0x3) & 0xf + +def ma_dead_node(node): + if node.type != maple_node_type.get_type().pointer(): + raise gdb.GdbError("{} must be {} not {}" + .format(ma_dead_node.__name__, maple_node_type.get_type().pointer(), node.type)) + ulong_type = utils.get_ulong_type() + parent = node['parent'] + indirect_ptr = node['parent'].cast(ulong_type) & ~constants.LX_MAPLE_NODE_MASK + return indirect_ptr == node + +def mte_to_node(enode): + ulong_type = utils.get_ulong_type() + if enode.type == maple_enode_type.get_type().pointer(): + indirect_ptr = enode.cast(ulong_type) + elif enode.type == ulong_type: + indirect_ptr = enode + else: + raise gdb.GdbError("{} must be {} not {}" + .format(mte_to_node.__name__, maple_enode_type.get_type().pointer(), enode.type)) + indirect_ptr = indirect_ptr & ~constants.LX_MAPLE_NODE_MASK + return indirect_ptr.cast(maple_node_type.get_type().pointer()) + +def mte_dead_node(enode): + if enode.type != maple_enode_type.get_type().pointer(): + raise gdb.GdbError("{} must be {} not {}" + .format(mte_dead_node.__name__, maple_enode_type.get_type().pointer(), enode.type)) + node = mte_to_node(enode) + return ma_dead_node(node) + +def ma_is_leaf(tp): + result = tp < maple_range_64 + return tp < maple_range_64 + +def mt_pivots(t): + if t == maple_dense: + return 0 + elif t == maple_leaf_64 or t == maple_range_64: + return constants.LX_MAPLE_RANGE64_SLOTS - 1 + elif t == maple_arange_64: + return constants.LX_MAPLE_ARANGE64_SLOTS - 1 + +def ma_pivots(node, t): + if node.type != maple_node_type.get_type().pointer(): + raise gdb.GdbError("{}: must be {} not {}" + .format(ma_pivots.__name__, maple_node_type.get_type().pointer(), node.type)) + if t == maple_arange_64: + return node['ma64']['pivot'] + elif t == maple_leaf_64 or t == maple_range_64: + return node['mr64']['pivot'] + else: + return None + +def ma_slots(node, tp): + if node.type != maple_node_type.get_type().pointer(): + raise gdb.GdbError("{}: must be {} not {}" + .format(ma_slots.__name__, maple_node_type.get_type().pointer(), node.type)) + if tp == maple_arange_64: + return node['ma64']['slot'] + elif tp == maple_range_64 or tp == maple_leaf_64: + return node['mr64']['slot'] + elif tp == maple_dense: + return node['slot'] + else: + return None + +def mt_slot(mt, slots, offset): + ulong_type = utils.get_ulong_type() + return slots[offset].cast(ulong_type) + +def mtree_lookup_walk(mas): + ulong_type = utils.get_ulong_type() + n = mas.node + + while True: + node = mte_to_node(n) + tp = mte_node_type(n) + pivots = ma_pivots(node, tp) + end = mt_pivots(tp) + offset = 0 + while True: + if pivots[offset] >= mas.index: + break + if offset >= end: + break + offset += 1 + + slots = ma_slots(node, tp) + n = mt_slot(mas.tree, slots, offset) + if ma_dead_node(node) is True: + mas.reset() + return None + break + + if ma_is_leaf(tp) is True: + break + + return n + +def mtree_load(mt, index): + ulong_type = utils.get_ulong_type() + # MT_STATE(...) + mas = Mas(mt, index, index) + entry = None + + while True: + entry = mas.start() + if mas.is_none(): + return None + + if mas.is_ptr(): + if index != 0: + entry = None + return entry + + entry = mtree_lookup_walk(mas) + if entry is None and mas.is_start(): + continue + else: + break + + if xarray.xa_is_zero(entry): + return None + + return entry diff --git a/scripts/gdb/linux/xarray.py a/scripts/gdb/linux/xarray.py new file mode 100644 --- /dev/null +++ a/scripts/gdb/linux/xarray.py @@ -0,0 +1,28 @@ +# SPDX-License-Identifier: GPL-2.0 +# +# Xarray helpers +# +# Copyright (c) 2025 Broadcom +# +# Authors: +# Florian Fainelli <florian.fainelli(a)broadcom.com> + +import gdb + +from linux import utils +from linux import constants + +def xa_is_internal(entry): + ulong_type = utils.get_ulong_type() + return ((entry.cast(ulong_type) & 3) == 2) + +def xa_mk_internal(v): + return ((v << 2) | 2) + +def xa_is_zero(entry): + ulong_type = utils.get_ulong_type() + return entry.cast(ulong_type) == xa_mk_internal(257) + +def xa_is_node(entry): + ulong_type = utils.get_ulong_type() + return xa_is_internal(entry) and (entry.cast(ulong_type) > 4096) _ Patches currently in -mm which might be from florian.fainelli(a)broadcom.com are

3 months, 4 weeks

1
0
0 0

[merged mm-hotfixes-stable] maple_tree-fix-mt_destroy_walk-on-root-leaf-node.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: maple_tree: fix mt_destroy_walk() on root leaf node has been removed from the -mm tree. Its filename was maple_tree-fix-mt_destroy_walk-on-root-leaf-node.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Wei Yang <richard.weiyang(a)gmail.com> Subject: maple_tree: fix mt_destroy_walk() on root leaf node Date: Tue, 24 Jun 2025 15:18:40 -0400 On destroy, we should set each node dead. But current code miss this when the maple tree has only the root node. The reason is mt_destroy_walk() leverage mte_destroy_descend() to set node dead, but this is skipped since the only root node is a leaf. Fixes this by setting the node dead if it is a leaf. Link: https://lore.kernel.org/all/20250407231354.11771-1-richard.weiyang@gmail.co… Link: https://lkml.kernel.org/r/20250624191841.64682-1-Liam.Howlett@oracle.com Fixes: 54a611b60590 ("Maple Tree: add new data structure") Signed-off-by: Wei Yang <richard.weiyang(a)gmail.com> Signed-off-by: Liam R. Howlett <Liam.Howlett(a)oracle.com> Reviewed-by: Dev Jain <dev.jain(a)arm.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- lib/maple_tree.c | 1 + 1 file changed, 1 insertion(+) --- a/lib/maple_tree.c~maple_tree-fix-mt_destroy_walk-on-root-leaf-node +++ a/lib/maple_tree.c @@ -5319,6 +5319,7 @@ static void mt_destroy_walk(struct maple struct maple_enode *start; if (mte_is_leaf(enode)) { + mte_set_node_dead(enode); node->type = mte_node_type(enode); goto free_leaf; } _ Patches currently in -mm which might be from richard.weiyang(a)gmail.com are mm-migrate-remove-the-eexist-conversion-for-move_pages.patch

3 months, 4 weeks

1
0
0 0

[merged mm-hotfixes-stable] mm-vmalloc-leave-lazy-mmu-mode-on-pte-mapping-error.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/vmalloc: leave lazy MMU mode on PTE mapping error has been removed from the -mm tree. Its filename was mm-vmalloc-leave-lazy-mmu-mode-on-pte-mapping-error.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Alexander Gordeev <agordeev(a)linux.ibm.com> Subject: mm/vmalloc: leave lazy MMU mode on PTE mapping error Date: Mon, 23 Jun 2025 09:57:21 +0200 vmap_pages_pte_range() enters the lazy MMU mode, but fails to leave it in case an error is encountered. Link: https://lkml.kernel.org/r/20250623075721.2817094-1-agordeev@linux.ibm.com Fixes: 2ba3e6947aed ("mm/vmalloc: track which page-table levels were modified") Signed-off-by: Alexander Gordeev <agordeev(a)linux.ibm.com> Reported-by: kernel test robot <lkp(a)intel.com> Reported-by: Dan Carpenter <dan.carpenter(a)linaro.org> Closes: https://lore.kernel.org/r/202506132017.T1l1l6ME-lkp@intel.com/ Reviewed-by: Ryan Roberts <ryan.roberts(a)arm.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/vmalloc.c | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) --- a/mm/vmalloc.c~mm-vmalloc-leave-lazy-mmu-mode-on-pte-mapping-error +++ a/mm/vmalloc.c @@ -514,6 +514,7 @@ static int vmap_pages_pte_range(pmd_t *p unsigned long end, pgprot_t prot, struct page **pages, int *nr, pgtbl_mod_mask *mask) { + int err = 0; pte_t *pte; /* @@ -530,12 +531,18 @@ static int vmap_pages_pte_range(pmd_t *p do { struct page *page = pages[*nr]; - if (WARN_ON(!pte_none(ptep_get(pte)))) - return -EBUSY; - if (WARN_ON(!page)) - return -ENOMEM; - if (WARN_ON(!pfn_valid(page_to_pfn(page)))) - return -EINVAL; + if (WARN_ON(!pte_none(ptep_get(pte)))) { + err = -EBUSY; + break; + } + if (WARN_ON(!page)) { + err = -ENOMEM; + break; + } + if (WARN_ON(!pfn_valid(page_to_pfn(page)))) { + err = -EINVAL; + break; + } set_pte_at(&init_mm, addr, pte, mk_pte(page, prot)); (*nr)++; @@ -543,7 +550,8 @@ static int vmap_pages_pte_range(pmd_t *p arch_leave_lazy_mmu_mode(); *mask |= PGTBL_PTE_MODIFIED; - return 0; + + return err; } static int vmap_pages_pmd_range(pud_t *pud, unsigned long addr, _ Patches currently in -mm which might be from agordeev(a)linux.ibm.com are

3 months, 4 weeks

1
0
0 0

[merged mm-hotfixes-stable] scripts-gdb-fix-interrupts-display-after-mcp-on-x86.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: scripts/gdb: fix interrupts display after MCP on x86 has been removed from the -mm tree. Its filename was scripts-gdb-fix-interrupts-display-after-mcp-on-x86.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Florian Fainelli <florian.fainelli(a)broadcom.com> Subject: scripts/gdb: fix interrupts display after MCP on x86 Date: Mon, 23 Jun 2025 09:41:52 -0700 The text line would not be appended to as it should have, it should have been a '+=' but ended up being a '==', fix that. Link: https://lkml.kernel.org/r/20250623164153.746359-1-florian.fainelli@broadcom… Fixes: b0969d7687a7 ("scripts/gdb: print interrupts") Signed-off-by: Florian Fainelli <florian.fainelli(a)broadcom.com> Cc: Jan Kiszka <jan.kiszka(a)siemens.com> Cc: Kieran Bingham <kbingham(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- scripts/gdb/linux/interrupts.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/scripts/gdb/linux/interrupts.py~scripts-gdb-fix-interrupts-display-after-mcp-on-x86 +++ a/scripts/gdb/linux/interrupts.py @@ -142,7 +142,7 @@ def x86_show_interupts(prec): if constants.LX_CONFIG_X86_MCE: text += x86_show_mce(prec, "&mce_exception_count", "MCE", "Machine check exceptions") - text == x86_show_mce(prec, "&mce_poll_count", "MCP", "Machine check polls") + text += x86_show_mce(prec, "&mce_poll_count", "MCP", "Machine check polls") text += show_irq_err_count(prec) _ Patches currently in -mm which might be from florian.fainelli(a)broadcom.com are

3 months, 4 weeks

1
0
0 0

[merged mm-hotfixes-stable] lib-alloc_tag-do-not-acquire-non-existent-lock-in-alloc_tag_top_users.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: lib/alloc_tag: do not acquire non-existent lock in alloc_tag_top_users() has been removed from the -mm tree. Its filename was lib-alloc_tag-do-not-acquire-non-existent-lock-in-alloc_tag_top_users.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Harry Yoo <harry.yoo(a)oracle.com> Subject: lib/alloc_tag: do not acquire non-existent lock in alloc_tag_top_users() Date: Sat, 21 Jun 2025 04:53:05 +0900 alloc_tag_top_users() attempts to lock alloc_tag_cttype->mod_lock even when the alloc_tag_cttype is not allocated because: 1) alloc tagging is disabled because mem profiling is disabled (!alloc_tag_cttype) 2) alloc tagging is enabled, but not yet initialized (!alloc_tag_cttype) 3) alloc tagging is enabled, but failed initialization (!alloc_tag_cttype or IS_ERR(alloc_tag_cttype)) In all cases, alloc_tag_cttype is not allocated, and therefore alloc_tag_top_users() should not attempt to acquire the semaphore. This leads to a crash on memory allocation failure by attempting to acquire a non-existent semaphore: Oops: general protection fault, probably for non-canonical address 0xdffffc000000001b: 0000 [#3] SMP KASAN NOPTI KASAN: null-ptr-deref in range [0x00000000000000d8-0x00000000000000df] CPU: 2 UID: 0 PID: 1 Comm: systemd Tainted: G D 6.16.0-rc2 #1 VOLUNTARY Tainted: [D]=DIE Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014 RIP: 0010:down_read_trylock+0xaa/0x3b0 Code: d0 7c 08 84 d2 0f 85 a0 02 00 00 8b 0d df 31 dd 04 85 c9 75 29 48 b8 00 00 00 00 00 fc ff df 48 8d 6b 68 48 89 ea 48 c1 ea 03 <80> 3c 02 00 0f 85 88 02 00 00 48 3b 5b 68 0f 85 53 01 00 00 65 ff RSP: 0000:ffff8881002ce9b8 EFLAGS: 00010016 RAX: dffffc0000000000 RBX: 0000000000000070 RCX: 0000000000000000 RDX: 000000000000001b RSI: 000000000000000a RDI: 0000000000000070 RBP: 00000000000000d8 R08: 0000000000000001 R09: ffffed107dde49d1 R10: ffff8883eef24e8b R11: ffff8881002cec20 R12: 1ffff11020059d37 R13: 00000000003fff7b R14: ffff8881002cec20 R15: dffffc0000000000 FS: 00007f963f21d940(0000) GS:ffff888458ca6000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f963f5edf71 CR3: 000000010672c000 CR4: 0000000000350ef0 Call Trace: <TASK> codetag_trylock_module_list+0xd/0x20 alloc_tag_top_users+0x369/0x4b0 __show_mem+0x1cd/0x6e0 warn_alloc+0x2b1/0x390 __alloc_frozen_pages_noprof+0x12b9/0x21a0 alloc_pages_mpol+0x135/0x3e0 alloc_slab_page+0x82/0xe0 new_slab+0x212/0x240 ___slab_alloc+0x82a/0xe00 </TASK> As David Wang points out, this issue became easier to trigger after commit 780138b12381 ("alloc_tag: check mem_profiling_support in alloc_tag_init"). Before the commit, the issue occurred only when it failed to allocate and initialize alloc_tag_cttype or if a memory allocation fails before alloc_tag_init() is called. After the commit, it can be easily triggered when memory profiling is compiled but disabled at boot. To properly determine whether alloc_tag_init() has been called and its data structures initialized, verify that alloc_tag_cttype is a valid pointer before acquiring the semaphore. If the variable is NULL or an error value, it has not been properly initialized. In such a case, just skip and do not attempt to acquire the semaphore. [harry.yoo(a)oracle.com: v3] Link: https://lkml.kernel.org/r/20250624072513.84219-1-harry.yoo@oracle.com Link: https://lkml.kernel.org/r/20250620195305.1115151-1-harry.yoo@oracle.com Fixes: 780138b12381 ("alloc_tag: check mem_profiling_support in alloc_tag_init") Fixes: 1438d349d16b ("lib: add memory allocations report in show_mem()") Signed-off-by: Harry Yoo <harry.yoo(a)oracle.com> Reported-by: kernel test robot <oliver.sang(a)intel.com> Closes: https://lore.kernel.org/oe-lkp/202506181351.bba867dd-lkp@intel.com Acked-by: Suren Baghdasaryan <surenb(a)google.com> Tested-by: Raghavendra K T <raghavendra.kt(a)amd.com> Cc: Casey Chen <cachen(a)purestorage.com> Cc: David Wang <00107082(a)163.com> Cc: Kent Overstreet <kent.overstreet(a)linux.dev> Cc: Yuanyuan Zhong <yzhong(a)purestorage.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- lib/alloc_tag.c | 3 +++ 1 file changed, 3 insertions(+) --- a/lib/alloc_tag.c~lib-alloc_tag-do-not-acquire-non-existent-lock-in-alloc_tag_top_users +++ a/lib/alloc_tag.c @@ -135,6 +135,9 @@ size_t alloc_tag_top_users(struct codeta struct codetag_bytes n; unsigned int i, nr = 0; + if (IS_ERR_OR_NULL(alloc_tag_cttype)) + return 0; + if (can_sleep) codetag_lock_module_list(alloc_tag_cttype, true); else if (!codetag_trylock_module_list(alloc_tag_cttype)) _ Patches currently in -mm which might be from harry.yoo(a)oracle.com are mm-zsmalloc-do-not-pass-__gfp_movable-if-config_compaction=n.patch mm-check-if-folio-has-valid-mapcount-before-folio_test_anonksm-when-necessary.patch

3 months, 4 weeks

1
0
0 0

[merged mm-hotfixes-stable] kallsyms-fix-build-without-execinfo.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: kallsyms: fix build without execinfo has been removed from the -mm tree. Its filename was kallsyms-fix-build-without-execinfo.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Achill Gilgenast <fossdd(a)pwned.life> Subject: kallsyms: fix build without execinfo Date: Sun, 22 Jun 2025 03:45:49 +0200 Some libc's like musl libc don't provide execinfo.h since it's not part of POSIX. In order to fix compilation on musl, only include execinfo.h if available (HAVE_BACKTRACE_SUPPORT) This was discovered with c104c16073b7 ("Kunit to check the longest symbol length") which starts to include linux/kallsyms.h with Alpine Linux' configs. Link: https://lkml.kernel.org/r/20250622014608.448718-1-fossdd@pwned.life Fixes: c104c16073b7 ("Kunit to check the longest symbol length") Signed-off-by: Achill Gilgenast <fossdd(a)pwned.life> Cc: Luis Henriques <luis(a)igalia.com> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- tools/include/linux/kallsyms.h | 4 ++++ 1 file changed, 4 insertions(+) --- a/tools/include/linux/kallsyms.h~kallsyms-fix-build-without-execinfo +++ a/tools/include/linux/kallsyms.h @@ -18,6 +18,7 @@ static inline const char *kallsyms_looku return NULL; } +#ifdef HAVE_BACKTRACE_SUPPORT #include <execinfo.h> #include <stdlib.h> static inline void print_ip_sym(const char *loglvl, unsigned long ip) @@ -30,5 +31,8 @@ static inline void print_ip_sym(const ch free(name); } +#else +static inline void print_ip_sym(const char *loglvl, unsigned long ip) {} +#endif #endif _ Patches currently in -mm which might be from fossdd(a)pwned.life are

3 months, 4 weeks

1
0
0 0

[folded-merged] lib-alloc_tag-do-not-acquire-non-existent-lock-in-alloc_tag_top_users-v3.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: lib-alloc_tag-do-not-acquire-non-existent-lock-in-alloc_tag_top_users-v3 has been removed from the -mm tree. Its filename was lib-alloc_tag-do-not-acquire-non-existent-lock-in-alloc_tag_top_users-v3.patch This patch was dropped because it was folded into lib-alloc_tag-do-not-acquire-non-existent-lock-in-alloc_tag_top_users.patch ------------------------------------------------------ From: Harry Yoo <harry.yoo(a)oracle.com> Subject: lib-alloc_tag-do-not-acquire-non-existent-lock-in-alloc_tag_top_users-v3 Date: Tue, 24 Jun 2025 16:25:13 +0900 Link: https://lkml.kernel.org/r/20250624072513.84219-1-harry.yoo@oracle.com Reported-by: kernel test robot <oliver.sang(a)intel.com> Closes: https://lore.kernel.org/oe-lkp/202506181351.bba867dd-lkp@intel.com Closes: https://lore.kernel.org/oe-lkp/202506131711.5b41931c-lkp@intel.com Fixes: 780138b12381 ("alloc_tag: check mem_profiling_support in alloc_tag_init") Fixes: 1438d349d16b ("lib: add memory allocations report in show_mem()") Signed-off-by: Harry Yoo <harry.yoo(a)oracle.com> Cc: Casey Chen <cachen(a)purestorage.com> Cc: David Wang <00107082(a)163.com> Cc: Kent Overstreet <kent.overstreet(a)linux.dev> Cc: Suren Baghdasaryan <surenb(a)google.com> Cc: Yuanyuan Zhong <yzhong(a)purestorage.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- lib/alloc_tag.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/lib/alloc_tag.c~lib-alloc_tag-do-not-acquire-non-existent-lock-in-alloc_tag_top_users-v3 +++ a/lib/alloc_tag.c @@ -137,7 +137,8 @@ size_t alloc_tag_top_users(struct codeta if (IS_ERR_OR_NULL(alloc_tag_cttype)) return 0; - else if (can_sleep) + + if (can_sleep) codetag_lock_module_list(alloc_tag_cttype, true); else if (!codetag_trylock_module_list(alloc_tag_cttype)) return 0; _ Patches currently in -mm which might be from harry.yoo(a)oracle.com are lib-alloc_tag-do-not-acquire-non-existent-lock-in-alloc_tag_top_users.patch mm-zsmalloc-do-not-pass-__gfp_movable-if-config_compaction=n.patch mm-check-if-folio-has-valid-mapcount-before-folio_test_anonksm-when-necessary.patch

3 months, 4 weeks

1
0
0 0

+ mm-shmem-swap-improve-cached-mthp-handling-and-fix-potential-hung.patch added to mm-new branch

by Andrew Morton

The patch titled Subject: mm/shmem, swap: improve cached mTHP handling and fix potential hung has been added to the -mm mm-new branch. Its filename is mm-shmem-swap-improve-cached-mthp-handling-and-fix-potential-hung.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-new branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Note, mm-new is a provisional staging ground for work-in-progress patches, and acceptance into mm-new is a notification for others take notice and to finish up reviews. Please do not hesitate to respond to review feedback and post updated versions to replace or incrementally fixup patches in mm-new. Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Kairui Song <kasong(a)tencent.com> Subject: mm/shmem, swap: improve cached mTHP handling and fix potential hung Date: Thu, 10 Jul 2025 11:36:59 +0800 Patch series "mm/shmem, swap: bugfix and improvement of mTHP swap in", v5. The current mTHP swapin path have several problems. It may potentially hang, may cause redundant faults due to false positive swap cache lookup, and it will involve at least 4 Xarray tree walks (get order, get order again, confirm swap, insert folio). And for !CONFIG_TRANSPARENT_HUGEPAGE builds, it will performs some mTHP related checks. This series fixes all of the mentioned issues, and the code should be more robust and prepared for the swap table series. Now tree walks is reduced to twice (get order & confirm, insert folio), !CONFIG_TRANSPARENT_HUGEPAGE build overhead is also minimized, and comes with a sanity check now. The performance is slightly better after this series, sequential swap in of 24G data from ZRAM, using transparent_hugepage_tmpfs=always (24 samples each): Before: Avg: 10.67s, stddev: 0.04 After patch 1: Avg: 10.49s, stddev: 0.04 After patch 2: Avg: 10.42s, stddev: 0.05 After patch 3: Avg: 10.45s, stddev: 0.05 After patch 4: Avg: 10.49s, stddev: 0.04 After patch 5: Avg: 9.67s, stddev: 0.03 After patch 6: Avg: 9.67s, stddev: 0.04 After patch 7: Avg: 9.68s, stddev: 0.05 After patch 8: Avg: 9.66s, stddev: 0.04 Several patches improve the performance by a little, which is about ~10% faster in total. Build kernel test showed very slightly improvement, testing with make -j48 with defconfig in a 768M memcg also using ZRAM as swap, and transparent_hugepage_tmpfs=always (6 test runs): Before: avg: 3353.66s, stddev: 33.73 After patch 1: avg: 3354.19s, stddev: 42.54 After patch 2: avg: 3364.16s, stddev: 52.74 After patch 3: avg: 3355.73s, stddev: 36.17 After patch 4: avg: 3352.78s, stddev: 39.80 After patch 5: avg: 3355.19s, stddev: 50.78 After patch 6: avg: 3333.63s, stddev: 32.50 After patch 7: avg: 3297.70s, stddev: 38.93 After patch 8: avg: 3302.35s, stddev: 50.61 This patch (of 8): The current swap-in code assumes that, when a swap entry in shmem mapping is order 0, its cached folios (if present) must be order 0 too, which turns out not always correct. The problem is shmem_split_large_entry is called before verifying the folio will eventually be swapped in, one possible race is: CPU1 CPU2 shmem_swapin_folio /* swap in of order > 0 swap entry S1 */ folio = swap_cache_get_folio /* folio = NULL */ order = xa_get_order /* order > 0 */ folio = shmem_swap_alloc_folio /* mTHP alloc failure, folio = NULL */ <... Interrupted ...> shmem_swapin_folio /* S1 is swapped in */ shmem_writeout /* S1 is swapped out, folio cached */ shmem_split_large_entry(..., S1) /* S1 is split, but the folio covering it has order > 0 now */ Now any following swapin of S1 will hang: `xa_get_order` returns 0, and folio lookup will return a folio with order > 0. The `xa_get_order(&mapping->i_pages, index) != folio_order(folio)` will always return false causing swap-in to return -EEXIST. And this looks fragile. So fix this up by allowing seeing a larger folio in swap cache, and check the whole shmem mapping range covered by the swapin have the right swap value upon inserting the folio. And drop the redundant tree walks before the insertion. This will actually improve performance, as it avoids two redundant Xarray tree walks in the hot path, and the only side effect is that in the failure path, shmem may redundantly reallocate a few folios causing temporary slight memory pressure. And worth noting, it may seems the order and value check before inserting might help reducing the lock contention, which is not true. The swap cache layer ensures raced swapin will either see a swap cache folio or failed to do a swapin (we have SWAP_HAS_CACHE bit even if swap cache is bypassed), so holding the folio lock and checking the folio flag is already good enough for avoiding the lock contention. The chance that a folio passes the swap entry value check but the shmem mapping slot has changed should be very low. Link: https://lkml.kernel.org/r/20250710033706.71042-1-ryncsn@gmail.com Link: https://lkml.kernel.org/r/20250710033706.71042-2-ryncsn@gmail.com Fixes: 809bc86517cc ("mm: shmem: support large folio swap out") Signed-off-by: Kairui Song <kasong(a)tencent.com> Reviewed-by: Kemeng Shi <shikemeng(a)huaweicloud.com> Reviewed-by: Baolin Wang <baolin.wang(a)linux.alibaba.com> Tested-by: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: <stable(a)vger.kernel.org> Cc: Baoquan He <bhe(a)redhat.com> Cc: Chris Li <chrisl(a)kernel.org> Cc: Hugh Dickins <hughd(a)google.com> Cc: Kairui Song <kasong(a)tencent.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Nhat Pham <nphamcs(a)gmail.com> Cc: Dev Jain <dev.jain(a)arm.com> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/shmem.c | 30 +++++++++++++++++++++--------- 1 file changed, 21 insertions(+), 9 deletions(-) --- a/mm/shmem.c~mm-shmem-swap-improve-cached-mthp-handling-and-fix-potential-hung +++ a/mm/shmem.c @@ -884,7 +884,9 @@ static int shmem_add_to_page_cache(struc pgoff_t index, void *expected, gfp_t gfp) { XA_STATE_ORDER(xas, &mapping->i_pages, index, folio_order(folio)); - long nr = folio_nr_pages(folio); + unsigned long nr = folio_nr_pages(folio); + swp_entry_t iter, swap; + void *entry; VM_BUG_ON_FOLIO(index != round_down(index, nr), folio); VM_BUG_ON_FOLIO(!folio_test_locked(folio), folio); @@ -896,14 +898,24 @@ static int shmem_add_to_page_cache(struc gfp &= GFP_RECLAIM_MASK; folio_throttle_swaprate(folio, gfp); + swap = iter = radix_to_swp_entry(expected); do { xas_lock_irq(&xas); - if (expected != xas_find_conflict(&xas)) { - xas_set_err(&xas, -EEXIST); - goto unlock; + xas_for_each_conflict(&xas, entry) { + /* + * The range must either be empty, or filled with + * expected swap entries. Shmem swap entries are never + * partially freed without split of both entry and + * folio, so there shouldn't be any holes. + */ + if (!expected || entry != swp_to_radix_entry(iter)) { + xas_set_err(&xas, -EEXIST); + goto unlock; + } + iter.val += 1 << xas_get_order(&xas); } - if (expected && xas_find_conflict(&xas)) { + if (expected && iter.val - nr != swap.val) { xas_set_err(&xas, -EEXIST); goto unlock; } @@ -2323,7 +2335,7 @@ static int shmem_swapin_folio(struct ino error = -ENOMEM; goto failed; } - } else if (order != folio_order(folio)) { + } else if (order > folio_order(folio)) { /* * Swap readahead may swap in order 0 folios into swapcache * asynchronously, while the shmem mapping can still stores @@ -2348,15 +2360,15 @@ static int shmem_swapin_folio(struct ino swap = swp_entry(swp_type(swap), swp_offset(swap) + offset); } + } else if (order < folio_order(folio)) { + swap.val = round_down(swap.val, 1 << folio_order(folio)); } alloced: /* We have to do this with folio locked to prevent races */ folio_lock(folio); if ((!skip_swapcache && !folio_test_swapcache(folio)) || - folio->swap.val != swap.val || - !shmem_confirm_swap(mapping, index, swap) || - xa_get_order(&mapping->i_pages, index) != folio_order(folio)) { + folio->swap.val != swap.val) { error = -EEXIST; goto unlock; } _ Patches currently in -mm which might be from kasong(a)tencent.com are mm-list_lru-refactor-the-locking-code.patch mm-shmem-swap-improve-cached-mthp-handling-and-fix-potential-hung.patch mm-shmem-swap-avoid-redundant-xarray-lookup-during-swapin.patch mm-shmem-swap-tidy-up-thp-swapin-checks.patch mm-shmem-swap-tidy-up-swap-entry-splitting.patch mm-shmem-swap-never-use-swap-cache-and-readahead-for-swp_synchronous_io.patch mm-shmem-swap-simplify-swapin-path-and-result-handling.patch mm-shmem-swap-rework-swap-entry-and-index-calculation-for-large-swapin.patch mm-shmem-swap-fix-major-fault-counting.patch

3 months, 4 weeks

1
0
0 0

[PATCH v2] zynq_fpga: use sgtable-based scatterlist wrappers

by Marek Szyprowski

Use common wrappers operating directly on the struct sg_table objects to fix incorrect use of statterlists related calls. dma_unmap_sg() function has to be called with the number of elements originally passed to the dma_map_sg() function, not the one returned in sgtable's nents. CC: stable(a)vger.kernel.org Fixes: 425902f5c8e3 ("fpga zynq: Use the scatterlist interface") Signed-off-by: Marek Szyprowski <m.szyprowski(a)samsung.com> --- v2: - fixed build break (missing flags parameter) --- drivers/fpga/zynq-fpga.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git drivers/fpga/zynq-fpga.c drivers/fpga/zynq-fpga.c index f7e08f7ea9ef..0be0d569589d 100644 --- drivers/fpga/zynq-fpga.c +++ drivers/fpga/zynq-fpga.c @@ -406,7 +406,7 @@ static int zynq_fpga_ops_write(struct fpga_manager *mgr, struct sg_table *sgt) } priv->dma_nelms = - dma_map_sg(mgr->dev.parent, sgt->sgl, sgt->nents, DMA_TO_DEVICE); + dma_map_sgtable(mgr->dev.parent, sgt, DMA_TO_DEVICE, 0); if (priv->dma_nelms == 0) { dev_err(&mgr->dev, "Unable to DMA map (TO_DEVICE)\n"); return -ENOMEM; @@ -478,7 +478,7 @@ static int zynq_fpga_ops_write(struct fpga_manager *mgr, struct sg_table *sgt) clk_disable(priv->clk); out_free: - dma_unmap_sg(mgr->dev.parent, sgt->sgl, sgt->nents, DMA_TO_DEVICE); + dma_unmap_sgtable(mgr->dev.parent, sgt, DMA_TO_DEVICE, 0); return err; } -- 2.34.1

3 months, 4 weeks

2
1
0 0

[PATCH v2 wireless-next] wifi: mt76: mt7925u: Add VID/PID for Netgear A9000

by Nick Morrow

From 17bf632a10e843af7a5f80d9e1449c5c26bb8486 Mon Sep 17 00:00:00 2001 From: Nick Morrow <morrownr(a)gmail.com> Date: Tue, 8 Jul 2025 16:40:42 -0500 Subject: [PATCH v2 wireless-next] wifi: mt76: mt7925u: Add VID/PID for Netgear A9000 Add VID/PID 0846/9072 for recently released Netgear A9000. Signed-off-by: Nick Morrow <morrownr(a)gmail.com> Cc: stable(a)vger.kernel.org --- v2: - No change. --- drivers/net/wireless/mediatek/mt76/mt7925/usb.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/net/wireless/mediatek/mt76/mt7925/usb.c b/drivers/net/wireless/mediatek/mt76/mt7925/usb.c index 4dfbc1b6cfdd..bf040f34e4b9 100644 --- a/drivers/net/wireless/mediatek/mt76/mt7925/usb.c +++ b/drivers/net/wireless/mediatek/mt76/mt7925/usb.c @@ -12,6 +12,9 @@ static const struct usb_device_id mt7925u_device_table[] = { { USB_DEVICE_AND_INTERFACE_INFO(0x0e8d, 0x7925, 0xff, 0xff, 0xff), .driver_info = (kernel_ulong_t)MT7925_FIRMWARE_WM }, + /* Netgear, Inc. A9000 */ + { USB_DEVICE_AND_INTERFACE_INFO(0x0846, 0x9072, 0xff, 0xff, 0xff), + .driver_info = (kernel_ulong_t)MT7925_FIRMWARE_WM }, { }, }; -- 2.48.1

3 months, 4 weeks

1
0
0 0

[PATCH 1/1] Drivers: hv: Select CONFIG_SYSFB only if EFI is enabled

by mhkelley58＠gmail.com

From: Michael Kelley <mhklinux(a)outlook.com> Commit 96959283a58d ("Drivers: hv: Always select CONFIG_SYSFB for Hyper-V guests") selects CONFIG_SYSFB for Hyper-V guests so that screen_info is available to the VMBus driver to get the location of the framebuffer in Generation 2 VMs. However, if CONFIG_HYPERV is enabled but CONFIG_EFI is not, a kernel link error results in ARM64 builds because screen_info is provided by the EFI firmware interface. While configuring an ARM64 Hyper-V guest without EFI isn't useful since EFI is required to boot, the configuration is still possible and the link error should be prevented. Fix this by making the selection of CONFIG_SYSFB conditional on CONFIG_EFI being defined. For Generation 1 VMs on x86/x64, which don't use EFI, the additional condition is OK because such VMs get the framebuffer information via a mechanism that doesn't use screen_info. Fixes: 96959283a58d ("Drivers: hv: Always select CONFIG_SYSFB for Hyper-V guests") Reported-by: Arnd Bergmann <arnd(a)arndb.de> Closes: https://lore.kernel.org/linux-hyperv/20250610091810.2638058-1-arnd@kernel.o… Reported-by: kernel test robot <lkp(a)intel.com> Closes: https://lore.kernel.org/oe-kbuild-all/202506080820.1wmkQufc-lkp@intel.com/ Signed-off-by: Michael Kelley <mhklinux(a)outlook.com> --- drivers/hv/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/hv/Kconfig b/drivers/hv/Kconfig index 1cd188b73b74..57623ca7f350 100644 --- a/drivers/hv/Kconfig +++ b/drivers/hv/Kconfig @@ -9,7 +9,7 @@ config HYPERV select PARAVIRT select X86_HV_CALLBACK_VECTOR if X86 select OF_EARLY_FLATTREE if OF - select SYSFB if !HYPERV_VTL_MODE + select SYSFB if EFI && !HYPERV_VTL_MODE help Select this option to run Linux as a Hyper-V client operating system. -- 2.25.1

3 months, 4 weeks

5
4
0 0

[PATCH wireless-next] wifi: mt76: mt7925u: Add VID/PID for Netgear A9000

by Nick Morrow

From 17bf632a10e843af7a5f80d9e1449c5c26bb8486 Mon Sep 17 00:00:00 2001 From: Nick Morrow <morrownr(a)gmail.com> Date: Tue, 8 Jul 2025 16:40:42 -0500 Subject: [PATCH wireless-next] wifi: mt76: mt7925u: Add VID/PID for Netgear A9000 Add VID/PID 0846/9072 for recently released Netgear A9000. Signed-off-by: Nick Morrow <morrownr(a)gmail.com> Cc: stable(a)vger.kernel.org --- drivers/net/wireless/mediatek/mt76/mt7925/usb.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/net/wireless/mediatek/mt76/mt7925/usb.c b/drivers/net/wireless/mediatek/mt76/mt7925/usb.c index 4dfbc1b6cfdd..bf040f34e4b9 100644 --- a/drivers/net/wireless/mediatek/mt76/mt7925/usb.c +++ b/drivers/net/wireless/mediatek/mt76/mt7925/usb.c @@ -12,6 +12,9 @@ static const struct usb_device_id mt7925u_device_table[] = { { USB_DEVICE_AND_INTERFACE_INFO(0x0e8d, 0x7925, 0xff, 0xff, 0xff), .driver_info = (kernel_ulong_t)MT7925_FIRMWARE_WM }, + /* Netgear, Inc. A9000 */ + { USB_DEVICE_AND_INTERFACE_INFO(0x0846, 0x9072, 0xff, 0xff, 0xff), + .driver_info = (kernel_ulong_t)MT7925_FIRMWARE_WM }, { }, }; -- 2.48.1

3 months, 4 weeks

1
0
0 0

[PATCH 5.15 000/160] 5.15.187-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.15.187 release. There are 160 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 10 Jul 2025 16:22:09 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.187-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.15.187-rc1 Borislav Petkov (AMD) <bp(a)alien8.de> x86/process: Move the buffer clearing before MONITOR Borislav Petkov (AMD) <bp(a)alien8.de> KVM: SVM: Advertise TSA CPUID bits to guests Paolo Bonzini <pbonzini(a)redhat.com> KVM: x86: add support for CPUID leaf 0x80000021 Borislav Petkov (AMD) <bp(a)alien8.de> x86/bugs: Add a Transient Scheduler Attacks mitigation Borislav Petkov (AMD) <bp(a)alien8.de> x86/bugs: Rename MDS machinery to something more generic Andrei Kuchynski <akuchynski(a)chromium.org> usb: typec: displayport: Fix potential deadlock Kurt Borja <kuurtb(a)gmail.com> platform/x86: think-lmi: Create ksets consecutively Oliver Neukum <oneukum(a)suse.com> Logitech C-270 even more broken Michael J. Ruhl <michael.j.ruhl(a)intel.com> i2c/designware: Fix an initialization issue Peter Chen <peter.chen(a)cixtech.com> usb: cdnsp: do not disable slot for disabled slot Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: dbc: Flush queued requests before stopping dbc Łukasz Bartosik <ukaszb(a)chromium.org> xhci: dbctty: disable ECHO flag by default Kurt Borja <kuurtb(a)gmail.com> platform/x86: dell-wmi-sysman: Fix class device unregistration Kurt Borja <kuurtb(a)gmail.com> platform/x86: think-lmi: Fix class device unregistration Fushuai Wang <wangfushuai(a)baidu.com> dpaa2-eth: fix xdp_rxq_info leak Ioana Ciornei <ioana.ciornei(a)nxp.com> net: dpaa2-eth: rearrange variable in dpaa2_eth_get_ethtool_stats Radu Bulie <radu-andrei.bulie(a)nxp.com> dpaa2-eth: Update SINGLE_STEP register access Radu Bulie <radu-andrei.bulie(a)nxp.com> dpaa2-eth: Update dpni_get_single_step_cfg command Thomas Fourier <fourier.thomas(a)gmail.com> ethernet: atl1: Add missing DMA mapping error checks and count errors Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4/flexfiles: Fix handling of NFS level errors in I/O Maíra Canal <mcanal(a)igalia.com> drm/v3d: Disable interrupts before resetting the GPU Manivannan Sadhasivam <mani(a)kernel.org> regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods Jerome Neanne <jneanne(a)baylibre.com> regulator: gpio: Add input_supply support in gpio_regulator_config Avri Altman <avri.altman(a)sandisk.com> mmc: core: sd: Apply BROKEN_SD_DISCARD quirk earlier Uladzislau Rezki (Sony) <urezki(a)gmail.com> rcu: Return early if callback is not specified Pablo Martin-Gomez <pmartin-gomez(a)freebox.fr> mtd: spinand: fix memory leak of ECC engine conf Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> ACPICA: Refuse to evaluate a method if arguments are missing Johannes Berg <johannes.berg(a)intel.com> wifi: ath6kl: remove WARN on bad firmware input Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: drop invalid source address OCB frames Maurizio Lombardi <mlombard(a)redhat.com> scsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port() Madhavan Srinivasan <maddy(a)linux.ibm.com> powerpc: Fix struct termio related ioctl macros Johannes Berg <johannes.berg(a)intel.com> ata: pata_cs5536: fix build on 32-bit UML Takashi Iwai <tiwai(a)suse.de> ALSA: sb: Force to disable DMAs once when DMA mode is changed Takashi Iwai <tiwai(a)suse.de> ALSA: sb: Don't allow changing the DMA mode during operations Rob Clark <robdclark(a)chromium.org> drm/msm: Fix a fence leak in submit error path Lion Ackermann <nnamrec(a)gmail.com> net/sched: Always pass notifications when child class becomes empty Thomas Fourier <fourier.thomas(a)gmail.com> nui: Fix dma_mapping_error() check Kohei Enju <enjuk(a)amazon.com> rose: fix dangling neighbour pointers in rose_rt_device_down() Alok Tiwari <alok.a.tiwari(a)oracle.com> enic: fix incorrect MTU comparison in enic_change_mtu() Raju Rangoju <Raju.Rangoju(a)amd.com> amd-xgbe: align CL37 AN sequence as per databook Dan Carpenter <dan.carpenter(a)linaro.org> lib: test_objagg: Set error message in check_expect_hints_stats() Vitaly Lifshits <vitaly.lifshits(a)intel.com> igc: disable L1.2 PCI-E link substate to avoid performance issue Janusz Krzysztofik <janusz.krzysztofik(a)linux.intel.com> drm/i915/gt: Fix timeline left held on VMA alloc error Kurt Borja <kuurtb(a)gmail.com> platform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks Dan Carpenter <dan.carpenter(a)linaro.org> drm/i915/selftests: Change mock_request() to return error pointers James Clark <james.clark(a)linaro.org> spi: spi-fsl-dspi: Clear completion counter before initiating transfer Marek Szyprowski <m.szyprowski(a)samsung.com> drm/exynos: fimd: Guard display clock control with runtime PM calls Filipe Manana <fdmanana(a)suse.com> btrfs: fix missing error handling when searching for inode refs during log replay Patrisious Haddad <phaddad(a)nvidia.com> RDMA/mlx5: Fix CC counters query for MPV Bart Van Assche <bvanassche(a)acm.org> scsi: ufs: core: Fix spelling of a sysfs attribute name Thomas Fourier <fourier.thomas(a)gmail.com> scsi: qla4xxx: Fix missing DMA mapping error in qla4xxx_alloc_pdu() Thomas Fourier <fourier.thomas(a)gmail.com> scsi: qla2xxx: Fix DMA mapping test in qla24xx_get_port_database() Benjamin Coddington <bcodding(a)redhat.com> NFSv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN Kuniyuki Iwashima <kuniyu(a)google.com> nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails. Mark Zhang <markzhang(a)nvidia.com> RDMA/mlx5: Initialize obj_event->obj_sub_list before xa_insert David Thompson <davthompson(a)nvidia.com> platform/mellanox: mlxbf-tmfifo: fix vring_desc.len assignment Sergey Senozhatsky <senozhatsky(a)chromium.org> mtk-sd: reset host->mrq on prepare_data() error Masami Hiramatsu (Google) <mhiramat(a)kernel.org> mtk-sd: Prevent memory corruption from DMA map failure Masami Hiramatsu (Google) <mhiramat(a)kernel.org> mtk-sd: Fix a pagefault in dma_unmap_sg() for not prepared data RD Babiera <rdbabiera(a)google.com> usb: typec: altmodes/displayport: do not index invalid pin_assignments Ulf Hansson <ulf.hansson(a)linaro.org> Revert "mmc: sdhci: Disable SD card clock before changing parameters" Victor Shih <victor.shih(a)genesyslogic.com.tw> mmc: sdhci: Add a helper function for dump register in dynamic debug mode HarshaVardhana S A <harshavardhana.sa(a)broadcom.com> vsock/vmci: Clear the vmci transport packet properly when initializing it Mateusz Jończyk <mat.jonczyk(a)o2.pl> rtc: cmos: use spin_lock_irqsave in cmos_interrupt Geert Uytterhoeven <geert+renesas(a)glider.be> ARM: 9354/1: ptrace: Use bitfield helpers Josef Bacik <josef(a)toxicpanda.com> btrfs: don't drop extent_map for free space inode on write error Dev Jain <dev.jain(a)arm.com> arm64: Restrict pagetable teardown to avoid false warning Brett A C Sheffield (Librecast) <bacs(a)librecast.net> Revert "ipv6: save dontfrag in cork" Nathan Chancellor <nathan(a)kernel.org> s390: Add '-std=gnu11' to decompressor and purgatory CFLAGS Heiko Carstens <hca(a)linux.ibm.com> s390/entry: Fix last breaking event handling in case of stack corruption Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Rollback non processed entities on error Dexuan Cui <decui(a)microsoft.com> PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time Wentao Liang <vulab(a)iscas.ac.cn> drm/amd/display: Add null pointer check for get_first_active_display() Aradhya Bhatia <a-bhatia1(a)ti.com> drm/bridge: cdns-dsi: Wait for Clk and Data Lanes to be ready Aradhya Bhatia <a-bhatia1(a)ti.com> drm/bridge: cdns-dsi: Check return value when getting default PHY config Aradhya Bhatia <a-bhatia1(a)ti.com> drm/bridge: cdns-dsi: Fix connecting to next bridge Aradhya Bhatia <a-bhatia1(a)ti.com> drm/bridge: cdns-dsi: Fix the clock variable for mode_valid() Jay Cornwall <jay.cornwall(a)amd.com> drm/amdkfd: Fix race in GWS queue scheduling Thomas Zimmermann <tzimmermann(a)suse.de> drm/udl: Unregister device before cleaning up on disconnect Qiu-ji Chen <chenqiuji666(a)gmail.com> drm/tegra: Fix a possible null pointer dereference Thierry Reding <treding(a)nvidia.com> drm/tegra: Assign plane type before registration Qasim Ijaz <qasdev00(a)gmail.com> HID: wacom: fix kobject reference count leak Qasim Ijaz <qasdev00(a)gmail.com> HID: wacom: fix memory leak on sysfs attribute creation failure Qasim Ijaz <qasdev00(a)gmail.com> HID: wacom: fix memory leak on kobject creation failure Mark Harmstone <maharmstone(a)fb.com> btrfs: update superblock's device bytes_used when dropping chunk Heinz Mauelshagen <heinzm(a)redhat.com> dm-raid: fix variable in journal device check Frédéric Danis <frederic.danis(a)collabora.com> Bluetooth: L2CAP: Fix L2CAP MTU negotiation Yao Zi <ziyao(a)disroot.org> dt-bindings: serial: 8250: Make clocks and clock-frequency exclusive Nathan Chancellor <nathan(a)kernel.org> staging: rtl8723bs: Avoid memset() in aes_cipher() and aes_decipher() Jakub Kicinski <kuba(a)kernel.org> net: selftests: fix TCP packet checksum Kuniyuki Iwashima <kuniyu(a)google.com> atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister(). Simon Horman <horms(a)kernel.org> net: enetc: Correct endianness handling in _enetc_rd_reg64 Tiwei Bie <tiwei.btw(a)antgroup.com> um: ubd: Add missing error check in start_io_thread() Stefano Garzarella <sgarzare(a)redhat.com> vsock/uapi: fix linux/vm_sockets.h userspace compilation errors Kuniyuki Iwashima <kuniyu(a)google.com> af_unix: Don't set -ECONNRESET for consumed OOB skb. Lachlan Hodges <lachlan.hodges(a)morsemicro.com> wifi: mac80211: fix beacon interval calculation overflow Yuan Chen <chenyuan(a)kylinos.cn> libbpf: Fix null pointer dereference in btf_dump__free on allocation failure Al Viro <viro(a)zeniv.linux.org.uk> attach_recursive_mnt(): do not lock the covering tree when sliding something under it Youngjun Lee <yjjuny.lee(a)samsung.com> ALSA: usb-audio: Fix out-of-bounds read in snd_usb_get_audioformat_uac3() Eric Dumazet <edumazet(a)google.com> atm: clip: prevent NULL deref in clip_push() Fedor Pchelkin <pchelkin(a)ispras.ru> s390/pkey: Prevent overflow in size calculation for memdup_user() Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: robotfuzz-osif: disable zero-length read messages Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: tiny-usb: disable zero-length read messages Rong Zhang <i(a)rong.moe> platform/x86: ideapad-laptop: use usleep_range() for EC polling Thomas Zimmermann <tzimmermann(a)suse.de> dummycon: Trigger redraw when switching consoles with deferred takeover Jiri Slaby (SUSE) <jirislaby(a)kernel.org> tty: vt: make consw::con_switch() return a bool Jiri Slaby (SUSE) <jirislaby(a)kernel.org> tty: vt: sanitize arguments of consw::con_clear() Jiri Slaby (SUSE) <jirislaby(a)kernel.org> tty: vt: make init parameter of consw::con_init() a bool Jiri Slaby (SUSE) <jirislaby(a)kernel.org> vgacon: remove unneeded forward declarations Jiri Slaby (SUSE) <jirislaby(a)kernel.org> vgacon: switch vgacon_scrolldelta() and vgacon_restore_screen() Jiri Slaby <jirislaby(a)kernel.org> tty/vt: consolemap: rename and document struct uni_pagedir Daniel Vetter <daniel.vetter(a)ffwll.ch> fbcon: delete a few unneeded forward decl Long Li <longli(a)microsoft.com> uio_hv_generic: Align ring size to system page Saurabh Sengar <ssengar(a)linux.microsoft.com> uio_hv_generic: Query the ringbuffer size for device Saurabh Sengar <ssengar(a)linux.microsoft.com> Drivers: hv: vmbus: Add utility function for querying ring size Vitaly Kuznetsov <vkuznets(a)redhat.com> Drivers: hv: Rename 'alloced' to 'allocated' Murad Masimov <m.masimov(a)mt-integration.ru> fbdev: Fix do_register_framebuffer to prevent null-ptr-deref in fb_videomode_to_var Daniel Vetter <daniel.vetter(a)ffwll.ch> fbcon: Move console_lock for register/unlink/unregister Daniel Vetter <daniel.vetter(a)ffwll.ch> fbcon: use lock_fb_info in fbcon_open/release Daniel Vetter <daniel.vetter(a)ffwll.ch> fbcon: move more common code into fb_open() Daniel Vetter <daniel.vetter(a)ffwll.ch> fbcon: Extract fbcon_open/release helpers Daniel Vetter <daniel.vetter(a)ffwll.ch> fbcon: Use delayed work for cursor Chao Yu <chao(a)kernel.org> f2fs: don't over-report free space or inodes in statvfs Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ASoC: codecs: wcd9335: Fix missing free of regulator supplies Peng Fan <peng.fan(a)nxp.com> ASoC: codec: wcd9335: Convert to GPIO descriptors Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ASoC: codecs: wcd9335: Handle nicer probe deferral and simplify with dev_err_probe() Matti Vaittinen <mazziesaccount(a)gmail.com> regulator: Add devm helpers for get and enable Douglas Anderson <dianders(a)chromium.org> regulator: core: Allow drivers to define their init data as const Ming Qian <ming.qian(a)oss.nxp.com> media: imx-jpeg: Drop the first error frames Miquel Raynal <miquel.raynal(a)bootlin.com> clk: ti: am43xx: Add clkctrl data for am43xx ADC1 Marek Szyprowski <m.szyprowski(a)samsung.com> media: omap3isp: use sgtable-based scatterlist wrappers Dmitry Nikiforov <Dm1tryNk(a)yandex.ru> media: davinci: vpif: Fix memory leak in probe error path Vasiliy Kovalev <kovalev(a)altlinux.org> jfs: validate AG parameters in dbMount() to prevent crashes Dave Kleikamp <dave.kleikamp(a)oracle.com> fs/jfs: consolidate sanity checking in dbMount Kees Cook <kees(a)kernel.org> ovl: Check for NULL d_inode() in ovl_dentry_upper() Dmitry Kandybka <d.kandybka(a)gmail.com> ceph: fix possible integer overflow in ceph_zero_objects() Mario Limonciello <mario.limonciello(a)amd.com> ALSA: usb-audio: Add a quirk for Lenovo Thinkpad Thunderbolt 3 dock Vijendar Mukunda <Vijendar.Mukunda(a)amd.com> ALSA: hda: Add new pci id for AMD GPU display HD audio controller Cezary Rojewski <cezary.rojewski(a)intel.com> ALSA: hda: Ignore unsol events for cards being shut down Jos Wang <joswang(a)lenovo.com> usb: typec: displayport: Receive DP Status Update NAK request exit dp altmode Robert Hodaszi <robert.hodaszi(a)digi.com> usb: cdc-wdm: avoid setting WDM_READ for ZLP-s Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> usb: Add checks for snprintf() calls in usb_alloc_dev() Chance Yang <chance.yang(a)kneron.us> usb: common: usb-conn-gpio: use a unique name for usb connector device Jakub Lewalski <jakub.lewalski(a)nokia.com> tty: serial: uartlite: register uart driver in init Chen Yufeng <chenyufeng(a)iie.ac.cn> usb: potential integer overflow in usbg_make_tpg() Michael Grzeschik <m.grzeschik(a)pengutronix.de> usb: dwc2: also exit clock_gating when stopping udc while suspended James Clark <james.clark(a)linaro.org> coresight: Only check bottom two claim bits Sami Tolvanen <samitolvanen(a)google.com> um: Add cmpxchg8b_emu and checksum functions to asm-prototypes.h Jonathan Cameron <Jonathan.Cameron(a)huawei.com> iio: pressure: zpa2326: Use aligned_s64 for the timestamp Linggang Zeng <linggang.zeng(a)easystack.cn> bcache: fix NULL pointer in cache_set_flush() Yu Kuai <yukuai3(a)huawei.com> md/md-bitmap: fix dm-raid max_write_behind setting Thomas Gessler <thomas.gessler(a)brueckmann-gmbh.de> dmaengine: xilinx_dma: Set dma_device directions Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: allow a filename to contain special characters on SMB3.1.1 posix extension Alexis Czezar Torreno <alexisczezar.torreno(a)analog.com> hwmon: (pmbus/max34440) Fix support for max34451 Sven Schwermer <sven.schwermer(a)disruptive-technologies.com> leds: multicolor: Fix intensity setting while SW blinking Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> mfd: max14577: Fix wakeup source leaks on device unbind Peng Fan <peng.fan(a)nxp.com> mailbox: Not protect module_put with spin_lock_irqsave Olga Kornievskaia <okorniev(a)redhat.com> NFSv4.2: fix listxattr to return selinux security label Han Young <hanyang.tony(a)bytedance.com> NFSv4: Always set NLINK even if the server doesn't support it Pali Rohár <pali(a)kernel.org> cifs: Fix cifs_query_path_info() for Windows NT servers ------------- Diffstat: Documentation/ABI/testing/sysfs-devices-system-cpu | 1 + Documentation/ABI/testing/sysfs-driver-ufs | 2 +- .../hw-vuln/processor_mmio_stale_data.rst | 4 +- Documentation/admin-guide/kernel-parameters.txt | 13 + Documentation/devicetree/bindings/serial/8250.yaml | 2 +- Makefile | 4 +- arch/arm/include/asm/ptrace.h | 5 +- arch/arm64/mm/mmu.c | 3 +- arch/powerpc/include/uapi/asm/ioctls.h | 8 +- arch/s390/Makefile | 2 +- arch/s390/kernel/entry.S | 2 +- arch/s390/purgatory/Makefile | 2 +- arch/um/drivers/ubd_user.c | 2 +- arch/um/include/asm/asm-prototypes.h | 5 + arch/x86/Kconfig | 9 + arch/x86/entry/entry.S | 8 +- arch/x86/include/asm/cpu.h | 13 + arch/x86/include/asm/cpufeatures.h | 6 + arch/x86/include/asm/irqflags.h | 4 +- arch/x86/include/asm/mwait.h | 19 +- arch/x86/include/asm/nospec-branch.h | 39 ++- arch/x86/kernel/cpu/amd.c | 58 ++++ arch/x86/kernel/cpu/bugs.c | 133 +++++++- arch/x86/kernel/cpu/common.c | 14 +- arch/x86/kernel/cpu/scattered.c | 2 + arch/x86/kernel/process.c | 15 +- arch/x86/kvm/cpuid.c | 25 +- arch/x86/kvm/reverse_cpuid.h | 8 + arch/x86/kvm/svm/vmenter.S | 6 + arch/x86/kvm/vmx/vmx.c | 2 +- arch/x86/um/asm/checksum.h | 3 + drivers/acpi/acpica/dsmethod.c | 7 + drivers/ata/pata_cs5536.c | 2 +- drivers/base/cpu.c | 2 + drivers/clk/ti/clk-43xx.c | 1 + drivers/dma/xilinx/xilinx_dma.c | 2 + drivers/gpu/drm/amd/amdkfd/kfd_packet_manager_v9.c | 2 +- .../gpu/drm/amd/display/modules/hdcp/hdcp_psp.c | 3 + drivers/gpu/drm/bridge/cdns-dsi.c | 27 +- drivers/gpu/drm/exynos/exynos_drm_fimd.c | 12 + drivers/gpu/drm/i915/gt/intel_ring_submission.c | 3 +- drivers/gpu/drm/i915/selftests/i915_request.c | 20 +- drivers/gpu/drm/i915/selftests/mock_request.c | 2 +- drivers/gpu/drm/msm/msm_gem_submit.c | 9 + drivers/gpu/drm/tegra/dc.c | 17 +- drivers/gpu/drm/tegra/hub.c | 4 +- drivers/gpu/drm/tegra/hub.h | 3 +- drivers/gpu/drm/udl/udl_drv.c | 2 +- drivers/gpu/drm/v3d/v3d_drv.h | 8 + drivers/gpu/drm/v3d/v3d_gem.c | 2 + drivers/gpu/drm/v3d/v3d_irq.c | 39 ++- drivers/hid/wacom_sys.c | 6 +- drivers/hv/channel_mgmt.c | 33 +- drivers/hv/hyperv_vmbus.h | 19 +- drivers/hv/vmbus_drv.c | 2 +- drivers/hwmon/pmbus/max34440.c | 48 ++- drivers/hwtracing/coresight/coresight-core.c | 3 +- drivers/hwtracing/coresight/coresight-priv.h | 1 + drivers/i2c/busses/i2c-designware-master.c | 1 + drivers/i2c/busses/i2c-robotfuzz-osif.c | 6 + drivers/i2c/busses/i2c-tiny-usb.c | 6 + drivers/iio/pressure/zpa2326.c | 2 +- drivers/infiniband/hw/mlx5/counters.c | 2 +- drivers/infiniband/hw/mlx5/devx.c | 2 +- drivers/leds/led-class-multicolor.c | 3 +- drivers/mailbox/mailbox.c | 2 +- drivers/md/bcache/super.c | 7 +- drivers/md/dm-raid.c | 2 +- drivers/md/md-bitmap.c | 2 +- drivers/media/platform/davinci/vpif.c | 4 +- drivers/media/platform/imx-jpeg/mxc-jpeg.c | 12 +- drivers/media/platform/omap3isp/ispccdc.c | 8 +- drivers/media/platform/omap3isp/ispstat.c | 6 +- drivers/media/usb/uvc/uvc_ctrl.c | 42 ++- drivers/mfd/max14577.c | 1 + drivers/mmc/core/quirks.h | 16 +- drivers/mmc/host/mtk-sd.c | 21 +- drivers/mmc/host/sdhci.c | 9 +- drivers/mmc/host/sdhci.h | 16 + drivers/mtd/nand/spi/core.c | 1 + drivers/net/ethernet/amd/xgbe/xgbe-common.h | 2 + drivers/net/ethernet/amd/xgbe/xgbe-mdio.c | 9 + drivers/net/ethernet/amd/xgbe/xgbe.h | 4 +- drivers/net/ethernet/atheros/atlx/atl1.c | 78 +++-- drivers/net/ethernet/cisco/enic/enic_main.c | 4 +- drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 115 ++++++- drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.h | 14 +- .../net/ethernet/freescale/dpaa2/dpaa2-ethtool.c | 18 +- drivers/net/ethernet/freescale/dpaa2/dpni-cmd.h | 6 +- drivers/net/ethernet/freescale/dpaa2/dpni.c | 2 + drivers/net/ethernet/freescale/dpaa2/dpni.h | 6 + drivers/net/ethernet/freescale/enetc/enetc_hw.h | 2 +- drivers/net/ethernet/intel/igc/igc_main.c | 10 + drivers/net/ethernet/sun/niu.c | 31 +- drivers/net/ethernet/sun/niu.h | 4 + drivers/net/wireless/ath/ath6kl/bmi.c | 4 +- drivers/pci/controller/pci-hyperv.c | 17 +- drivers/platform/mellanox/mlxbf-tmfifo.c | 3 +- .../x86/dell/dell-wmi-sysman/dell-wmi-sysman.h | 5 + .../x86/dell/dell-wmi-sysman/enum-attributes.c | 5 +- .../x86/dell/dell-wmi-sysman/int-attributes.c | 5 +- .../x86/dell/dell-wmi-sysman/passobj-attributes.c | 5 +- .../x86/dell/dell-wmi-sysman/string-attributes.c | 5 +- drivers/platform/x86/dell/dell-wmi-sysman/sysman.c | 12 +- drivers/platform/x86/ideapad-laptop.c | 19 +- drivers/platform/x86/think-lmi.c | 18 +- drivers/regulator/devres.c | 192 ++++++++++++ drivers/regulator/gpio-regulator.c | 19 +- drivers/rtc/rtc-cmos.c | 10 +- drivers/s390/crypto/pkey_api.c | 2 +- drivers/scsi/qla2xxx/qla_mbx.c | 2 +- drivers/scsi/qla4xxx/ql4_os.c | 2 + drivers/scsi/ufs/ufs-sysfs.c | 4 +- drivers/spi/spi-fsl-dspi.c | 11 +- drivers/staging/rtl8723bs/core/rtw_security.c | 44 +-- drivers/target/target_core_pr.c | 4 +- drivers/tty/serial/uartlite.c | 25 +- drivers/tty/vt/consolemap.c | 47 +-- drivers/tty/vt/vt.c | 12 +- drivers/uio/uio_hv_generic.c | 10 +- drivers/usb/cdns3/cdnsp-ring.c | 4 +- drivers/usb/class/cdc-wdm.c | 23 +- drivers/usb/common/usb-conn-gpio.c | 25 +- drivers/usb/core/quirks.c | 3 +- drivers/usb/core/usb.c | 14 +- drivers/usb/dwc2/gadget.c | 6 + drivers/usb/gadget/function/f_tcm.c | 4 +- drivers/usb/host/xhci-dbgcap.c | 4 + drivers/usb/host/xhci-dbgtty.c | 1 + drivers/usb/typec/altmodes/displayport.c | 5 +- drivers/video/console/dummycon.c | 24 +- drivers/video/console/mdacon.c | 21 +- drivers/video/console/newport_con.c | 12 +- drivers/video/console/sticon.c | 14 +- drivers/video/console/vgacon.c | 38 +-- drivers/video/fbdev/core/fbcon.c | 336 ++++++++++----------- drivers/video/fbdev/core/fbcon.h | 4 +- drivers/video/fbdev/core/fbmem.c | 43 +-- fs/btrfs/inode.c | 19 +- fs/btrfs/tree-log.c | 4 +- fs/btrfs/volumes.c | 6 + fs/ceph/file.c | 2 +- fs/cifs/misc.c | 8 + fs/f2fs/super.c | 30 +- fs/jfs/jfs_dmap.c | 41 +-- fs/ksmbd/smb2pdu.c | 53 ++-- fs/namespace.c | 8 +- fs/nfs/flexfilelayout/flexfilelayout.c | 121 +++++--- fs/nfs/inode.c | 19 +- fs/nfs/nfs4proc.c | 12 +- fs/nfs/pnfs.c | 4 +- fs/overlayfs/util.c | 4 +- include/dt-bindings/clock/am4.h | 1 + include/linux/console.h | 13 +- include/linux/console_struct.h | 6 +- include/linux/cpu.h | 1 + include/linux/hyperv.h | 2 + include/linux/ipv6.h | 1 - include/linux/regulator/consumer.h | 31 ++ include/linux/regulator/gpio-regulator.h | 2 + include/linux/usb/typec_dp.h | 1 + include/uapi/linux/vm_sockets.h | 4 + kernel/rcu/tree.c | 4 + lib/test_objagg.c | 4 +- net/atm/clip.c | 11 +- net/atm/resources.c | 3 +- net/bluetooth/l2cap_core.c | 9 +- net/core/selftests.c | 5 +- net/ipv6/ip6_output.c | 9 +- net/mac80211/rx.c | 4 + net/mac80211/util.c | 2 +- net/rose/rose_route.c | 15 +- net/sched/sch_api.c | 19 +- net/unix/af_unix.c | 18 +- net/vmw_vsock/vmci_transport.c | 4 +- sound/isa/sb/sb16_main.c | 7 + sound/pci/hda/hda_bind.c | 2 +- sound/pci/hda/hda_intel.c | 3 + sound/soc/codecs/wcd9335.c | 62 ++-- sound/usb/quirks.c | 2 + sound/usb/stream.c | 2 + tools/lib/bpf/btf_dump.c | 3 + 182 files changed, 1971 insertions(+), 847 deletions(-)

3 months, 4 weeks

4
171
0 0

[PATCH 6.12 000/232] 6.12.37-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.12.37 release. There are 232 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 10 Jul 2025 16:22:09 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.12.37-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.12.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.12.37-rc1 Borislav Petkov (AMD) <bp(a)alien8.de> x86/process: Move the buffer clearing before MONITOR Borislav Petkov (AMD) <bp(a)alien8.de> x86/microcode/AMD: Add TSA microcode SHAs Borislav Petkov (AMD) <bp(a)alien8.de> KVM: SVM: Advertise TSA CPUID bits to guests Borislav Petkov (AMD) <bp(a)alien8.de> x86/bugs: Add a Transient Scheduler Attacks mitigation Borislav Petkov (AMD) <bp(a)alien8.de> x86/bugs: Rename MDS machinery to something more generic Kairui Song <kasong(a)tencent.com> mm: userfaultfd: fix race of userfaultfd_move and swap cache Jeongjun Park <aha310510(a)gmail.com> mm/vmalloc: fix data race in show_numa_info() Madhavan Srinivasan <maddy(a)linux.ibm.com> powerpc/kernel: Fix ppc_save_regs inclusion in build Andrei Kuchynski <akuchynski(a)chromium.org> usb: typec: displayport: Fix potential deadlock Kurt Borja <kuurtb(a)gmail.com> platform/x86: think-lmi: Fix sysfs group cleanup Kurt Borja <kuurtb(a)gmail.com> platform/x86: think-lmi: Fix kobject cleanup Kurt Borja <kuurtb(a)gmail.com> platform/x86: think-lmi: Create ksets consecutively Vivian Wang <wangruikang(a)iscas.ac.cn> riscv: cpu_ops_sbi: Use static array for boot_data Zhang Rui <rui.zhang(a)intel.com> powercap: intel_rapl: Do not change CLAMPING bit if ENABLE bit cannot be changed Simon Xue <xxm(a)rock-chips.com> iommu/rockchip: prevent iommus dead loop when two masters share one IOMMU Jens Wiklander <jens.wiklander(a)linaro.org> optee: ffa: fix sleep in atomic context Oliver Neukum <oneukum(a)suse.com> Logitech C-270 even more broken Michael J. Ruhl <michael.j.ruhl(a)intel.com> i2c/designware: Fix an initialization issue Christian König <christian.koenig(a)amd.com> dma-buf: fix timeout handling in dma_resv_wait_timeout v2 Shyam Prasad N <sprasad(a)microsoft.com> cifs: all initializations for tcon should happen in tcon_info_alloc Philipp Kerling <pkerling(a)casix.org> smb: client: fix readdir returning wrong type with POSIX extensions Heikki Krogerus <heikki.krogerus(a)linux.intel.com> usb: acpi: fix device link removal Xu Yang <xu.yang_2(a)nxp.com> usb: chipidea: udc: disconnect/reconnect from host when do suspend/resume Kuen-Han Tsai <khtsai(a)google.com> usb: dwc3: Abort suspend on soft disconnect failure Pawel Laszczak <pawell(a)cadence.com> usb: cdnsp: Fix issue with CV Bad Descriptor test Peter Chen <peter.chen(a)cixtech.com> usb: cdnsp: do not disable slot for disabled slot Jeff LaBundy <jeff(a)labundy.com> Input: iqs7222 - explicitly define number of external channels Nilton Perim Neto <niltonperimneto(a)gmail.com> Input: xpad - support Acer NGR 200 Controller Hongyu Xie <xiehongyu1(a)kylinos.cn> xhci: Disable stream for xHC controller with XHCI_BROKEN_STREAMS Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: dbc: Flush queued requests before stopping dbc Łukasz Bartosik <ukaszb(a)chromium.org> xhci: dbctty: disable ECHO flag by default Raju Rangoju <Raju.Rangoju(a)amd.com> usb: xhci: quirk for data loss in ISOC transfers Roy Luo <royluo(a)google.com> Revert "usb: xhci: Implement xhci_handshake_check_state() helper" Roy Luo <royluo(a)google.com> usb: xhci: Skip xhci_reset in xhci_resume if xhci is being removed Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4/flexfiles: Fix handling of NFS level errors in I/O Harry Austen <hpausten(a)protonmail.com> drm/xe: Allow dropping kunit dependency as built-in Vinay Belgaumkar <vinay.belgaumkar(a)intel.com> drm/xe/bmg: Update Wa_22019338487 Or Har-Toov <ohartoov(a)nvidia.com> IB/mlx5: Fix potential deadlock in MR deregistration Michael Guralnik <michaelgur(a)nvidia.com> RDMA/mlx5: Fix cache entry update on dereg error Shivank Garg <shivankg(a)amd.com> fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass Peter Zijlstra <peterz(a)infradead.org> module: Provide EXPORT_SYMBOL_GPL_FOR_MODULES() helper Al Viro <viro(a)zeniv.linux.org.uk> add a string-to-qstr constructor Sudeep Holla <sudeep.holla(a)arm.com> firmware: arm_ffa: Replace mutex with rwlock to avoid sleep in atomic context Uladzislau Rezki (Sony) <urezki(a)gmail.com> rcu: Return early if callback is not specified Pablo Martin-Gomez <pmartin-gomez(a)freebox.fr> mtd: spinand: fix memory leak of ECC engine conf Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> ACPICA: Refuse to evaluate a method if arguments are missing Johannes Berg <johannes.berg(a)intel.com> wifi: ath6kl: remove WARN on bad firmware input Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: drop invalid source address OCB frames Justin Sanders <jsanders.devel(a)gmail.com> aoe: defer rexmit timer downdev work to workqueue Maurizio Lombardi <mlombard(a)redhat.com> scsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port() Heiko Stuebner <heiko(a)sntech.de> regulator: fan53555: add enable_time support and soft-start times Raven Black <ravenblack(a)gmail.com> ASoC: amd: yc: update quirk data for HP Victus Madhavan Srinivasan <maddy(a)linux.ibm.com> powerpc: Fix struct termio related ioctl macros Gyeyoung Baek <gye976(a)gmail.com> genirq/irq_sim: Initialize work context pointers properly Mario Limonciello <mario.limonciello(a)amd.com> platform/x86/amd/pmc: Add PCSpecialist Lafite Pro V 14M to 8042 quirks list Gabriel Santese <santesegabriel(a)gmail.com> ASoC: amd: yc: Add quirk for MSI Bravo 17 D7VF internal mic Johannes Berg <johannes.berg(a)intel.com> ata: pata_cs5536: fix build on 32-bit UML Tasos Sahanidis <tasos(a)tasossah.com> ata: libata-acpi: Do not assume 40 wire cable if no devices are enabled Takashi Iwai <tiwai(a)suse.de> ALSA: sb: Force to disable DMAs once when DMA mode is changed Takashi Iwai <tiwai(a)suse.de> ALSA: sb: Don't allow changing the DMA mode during operations Rob Clark <robdclark(a)chromium.org> drm/msm: Fix another leak in the submit error path Rob Clark <robdclark(a)chromium.org> drm/msm: Fix a fence leak in submit error path Ewan D. Milne <emilne(a)redhat.com> scsi: lpfc: Restore clearing of NLP_UNREG_INP in ndlp->nlp_flag Tejun Heo <tj(a)kernel.org> sched_ext: Make scx_group_set_weight() always update tg->scx.weight Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/mes: add missing locking in helper functions Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: x1e80100-crd: mark l12b and l15b always-on Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com> drm/amd/display: Add more checks for DSC / HUBP ONO guarantees Frank Min <Frank.Min(a)amd.com> drm/amdgpu: add kicker fws loading for gfx11/smu13/psp13 Imre Deak <imre.deak(a)intel.com> drm/i915/dp_mst: Work around Thunderbolt sink disconnect after SINK_COUNT_ESI read Sonny Jiang <sonny.jiang(a)amd.com> drm/amdgpu: VCN v5_0_1 to prevent FW checking RB during DPG pause Thomas Zimmermann <tzimmermann(a)suse.de> drm/simpledrm: Do not upcast in release helpers Stephen Smalley <stephen.smalley.work(a)gmail.com> selinux: change security_compute_sid to return the ssid or tsid on match Michal Wajdeczko <michal.wajdeczko(a)intel.com> drm/xe/guc: Explicitly exit CT safe mode on unwind John Harrison <John.C.Harrison(a)Intel.com> drm/xe/guc: Dead CT helper Nitin Gote <nitin.r.gote(a)intel.com> drm/xe: Replace double space with single space after comma Matthew Auld <matthew.auld(a)intel.com> drm/xe: move DPT l2 flush to a more sensible place Niranjana Vishwanathapura <niranjana.vishwanathapura(a)intel.com> drm/xe: Allow bo mapping on multiple ggtts Juha-Pekka Heikkila <juhapekka.heikkila(a)gmail.com> drm/xe: add interface to request physical alignment for buffer objects Maarten Lankhorst <maarten.lankhorst(a)linux.intel.com> drm/xe: Move DSB l2 flush to a more sensible place Maarten Lankhorst <maarten.lankhorst(a)linux.intel.com> drm/xe: Fix DSB buffer coherency Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> mfd: exynos-lpass: Fix another error handling path in exynos_lpass_probe() David Howells <dhowells(a)redhat.com> netfs: Fix oops in write-retry from mis-resetting the subreq iterator Beleswar Padhi <b-padhi(a)ti.com> remoteproc: k3-r5: Refactor sequential core power up/down operations Beleswar Padhi <b-padhi(a)ti.com> remoteproc: k3-r5: Use devm_rproc_add() helper Beleswar Padhi <b-padhi(a)ti.com> remoteproc: k3-r5: Use devm_ioremap_wc() helper Beleswar Padhi <b-padhi(a)ti.com> remoteproc: k3-r5: Use devm_kcalloc() helper Beleswar Padhi <b-padhi(a)ti.com> remoteproc: k3-r5: Add devm action to release reserved memory Markus Elfring <elfring(a)users.sourceforge.net> remoteproc: k3: Call of_node_put(rmem_np) only once in three functions Kees Cook <kees(a)kernel.org> ubsan: integer-overflow: depend on BROKEN to keep this out of CI Pengyu Luo <mitltlatltl(a)gmail.com> arm64: dts: qcom: sm8650: add the missing l2 cache node Geert Uytterhoeven <geert+renesas(a)glider.be> arm64: dts: renesas: white-hawk-single: Improve Ethernet TSN description Geert Uytterhoeven <geert+renesas(a)glider.be> arm64: dts: renesas: Factor out White Hawk Single board support Geert Uytterhoeven <geert+renesas(a)glider.be> arm64: dts: renesas: Use interrupts-extended for Ethernet PHYs Luca Weiss <luca.weiss(a)fairphone.com> arm64: dts: qcom: sm8650: Fix domain-idle-state for CPU2 Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8650: change labels to lower-case Yonghong Song <yonghong.song(a)linux.dev> bpf: Do not include stack ptr register in precision backtracking bookkeeping Andrii Nakryiko <andrii(a)kernel.org> bpf: use common instruction history across all states Longfang Liu <liulongfang(a)huawei.com> hisi_acc_vfio_pci: bugfix the problem of uninstalling driver Longfang Liu <liulongfang(a)huawei.com> hisi_acc_vfio_pci: bugfix cache write-back issue Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Avoid potential ndlp use-after-free in dev_loss_tmo_callbk Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Change lpfc_nodelist nlp_flag member into a bitmask Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Remove NLP_RELEASE_RPI flag from nodelist structure Chao Yu <chao(a)kernel.org> f2fs: zone: fix to calculate first_zoned_segno correctly Chao Yu <chao(a)kernel.org> f2fs: zone: introduce first_zoned_segno in f2fs_sb_info Daeho Jeong <daehojeong(a)google.com> f2fs: decrease spare area for pinned files for zoned devices Arnd Bergmann <arnd(a)arndb.de> iommu: ipmmu-vmsa: avoid Wformat-security warning Zhu Yanjun <yanjun.zhu(a)linux.dev> RDMA/rxe: Fix "trying to register non-static key in rxe_qp_do_cleanup" bug Rameshkumar Sundaram <rameshkumar.sundaram(a)oss.qualcomm.com> wifi: ath12k: fix wrong handling of CCMP256 and GCMP ciphers P Praneesh <praneesh.p(a)oss.qualcomm.com> wifi: ath12k: Handle error cases during extended skb allocation Nicolas Escande <nico.escande(a)gmail.com> wifi: ath12k: fix skb_ext_desc leak in ath12k_dp_tx() error path Cosmin Ratiu <cratiu(a)nvidia.com> bonding: Mark active offloaded xfrm_states Armin Wolf <W_Armin(a)gmx.de> ACPI: thermal: Execute _SCP before reading trip points xueqin Luo <luoxueqin(a)kylinos.cn> ACPI: thermal: Fix stale comment regarding trip points Martin Povišer <povik+lin(a)cutebit.org> ASoC: tas2764: Reinit cache on part reset Martin Povišer <povik+lin(a)cutebit.org> ASoC: tas2764: Extend driver to SN012776 Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Don't start unnecessary transactions during log flush Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Move gfs2_trans_add_databufs Xuewen Yan <xuewen.yan(a)unisoc.com> sched/fair: Fixup wake_up_sync() vs DELAYED_DEQUEUE Vincent Guittot <vincent.guittot(a)linaro.org> sched/fair: Add new cfs_rq.h_nr_runnable Vincent Guittot <vincent.guittot(a)linaro.org> sched/fair: Rename h_nr_running into h_nr_queued Filipe Manana <fdmanana(a)suse.com> btrfs: fix wrong start offset for delalloc space release during mmap write Qu Wenruo <wqu(a)suse.com> btrfs: prepare btrfs_page_mkwrite() for large folios Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: deallocate inodes in gfs2_create_inode Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Move GIF_ALLOC_FAILED check out of gfs2_ea_dealloc Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Move gfs2_dinode_dealloc Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Replace GIF_DEFER_DELETE with GLF_DEFER_DELETE Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Add GLF_PENDING_REPLY flag Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Decode missing glock flags in tracepoints Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Prevent inode creation race Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Rename dinode_demise to evict_behavior Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Rename GIF_{DEFERRED -> DEFER}_DELETE Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Initialize gl_no_formal_ino earlier David Gow <davidgow(a)google.com> kunit: qemu_configs: Disable faulting tests on 32-bit SPARC Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> kunit: qemu_configs: sparc: Explicitly enable CONFIG_SPARC32=y Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> kunit: qemu_configs: sparc: use Zilog console Herbert Xu <herbert(a)gondor.apana.org.au> crypto: zynqmp-sha - Add locking Christian Marangi <ansuelsmth(a)gmail.com> spinlock: extend guard with spinlock_bh variants Herbert Xu <herbert(a)gondor.apana.org.au> crypto: iaa - Do not clobber req->base.data Herbert Xu <herbert(a)gondor.apana.org.au> crypto: iaa - Remove dst_null support Lukasz Czechowski <lukasz.czechowski(a)thaumatec.com> arm64: dts: rockchip: fix internal USB hub instability on RK3399 Puma Wang Zhaolong <wangzhaolong(a)huaweicloud.com> smb: client: fix race condition in negotiate timeout by using more precise timing Raju Rangoju <Raju.Rangoju(a)amd.com> amd-xgbe: do not double read link status Lion Ackermann <nnamrec(a)gmail.com> net/sched: Always pass notifications when child class becomes empty Thomas Fourier <fourier.thomas(a)gmail.com> nui: Fix dma_mapping_error() check Kohei Enju <enjuk(a)amazon.com> rose: fix dangling neighbour pointers in rose_rt_device_down() Alok Tiwari <alok.a.tiwari(a)oracle.com> enic: fix incorrect MTU comparison in enic_change_mtu() Raju Rangoju <Raju.Rangoju(a)amd.com> amd-xgbe: align CL37 AN sequence as per databook Dan Carpenter <dan.carpenter(a)linaro.org> lib: test_objagg: Set error message in check_expect_hints_stats() David Howells <dhowells(a)redhat.com> netfs: Fix i_size updating Paulo Alcantara <pc(a)manguebit.org> smb: client: set missing retry flag in cifs_writev_callback() Paulo Alcantara <pc(a)manguebit.org> smb: client: set missing retry flag in cifs_readv_callback() Paulo Alcantara <pc(a)manguebit.org> smb: client: set missing retry flag in smb2_writev_callback() Vitaly Lifshits <vitaly.lifshits(a)intel.com> igc: disable L1.2 PCI-E link substate to avoid performance issue Ahmed Zaki <ahmed.zaki(a)intel.com> idpf: convert control queue mutex to a spinlock Michal Swiatkowski <michal.swiatkowski(a)linux.intel.com> idpf: return 0 size for RSS key if not supported Junxiao Chang <junxiao.chang(a)intel.com> drm/i915/gsc: mei interrupt top half should be in irq disabled context Janusz Krzysztofik <janusz.krzysztofik(a)linux.intel.com> drm/i915/gt: Fix timeline left held on VMA alloc error Oleksij Rempel <o.rempel(a)pengutronix.de> net: usb: lan78xx: fix WARN in __netif_napi_del_locked on disconnect Paulo Alcantara <pc(a)manguebit.org> smb: client: fix warning when reconnecting channel Dmitry Baryshkov <dmitry.baryshkov(a)oss.qualcomm.com> drm/bridge: aux-hpd-bridge: fix assignment of the of_node Alok Tiwari <alok.a.tiwari(a)oracle.com> platform/mellanox: mlxreg-lc: Fix logic error in power state check Kurt Borja <kuurtb(a)gmail.com> platform/x86: dell-wmi-sysman: Fix class device unregistration Thomas Weißschuh <linux(a)weissschuh.net> platform/x86: dell-sysman: Directly use firmware_attributes_class Kurt Borja <kuurtb(a)gmail.com> platform/x86: think-lmi: Fix class device unregistration Thomas Weißschuh <linux(a)weissschuh.net> platform/x86: think-lmi: Directly use firmware_attributes_class Thomas Weißschuh <linux(a)weissschuh.net> platform/x86: firmware_attributes_class: Simplify API Thomas Weißschuh <linux(a)weissschuh.net> platform/x86: firmware_attributes_class: Move include linux/device/class.h Kurt Borja <kuurtb(a)gmail.com> platform/x86: hp-bioscfg: Fix class device unregistration Thomas Weißschuh <linux(a)weissschuh.net> platform/x86: hp-bioscfg: Directly use firmware_attributes_class Kurt Borja <kuurtb(a)gmail.com> platform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks Dmitry Bogdanov <d.bogdanov(a)yadro.com> nvmet: fix memory leak of bio integrity Alok Tiwari <alok.a.tiwari(a)oracle.com> nvme: Fix incorrect cdw15 value in passthru error logging Dan Carpenter <dan.carpenter(a)linaro.org> drm/i915/selftests: Change mock_request() to return error pointers James Clark <james.clark(a)linaro.org> spi: spi-fsl-dspi: Clear completion counter before initiating transfer Marek Szyprowski <m.szyprowski(a)samsung.com> drm/exynos: fimd: Guard display clock control with runtime PM calls Fushuai Wang <wangfushuai(a)baidu.com> dpaa2-eth: fix xdp_rxq_info leak Thomas Fourier <fourier.thomas(a)gmail.com> ethernet: atl1: Add missing DMA mapping error checks and count errors Filipe Manana <fdmanana(a)suse.com> btrfs: use btrfs_record_snapshot_destroy() during rmdir Filipe Manana <fdmanana(a)suse.com> btrfs: propagate last_unlink_trans earlier when doing a rmdir Filipe Manana <fdmanana(a)suse.com> btrfs: record new subvolume in parent dir earlier to avoid dir logging races Filipe Manana <fdmanana(a)suse.com> btrfs: fix inode lookup error handling during log replay Filipe Manana <fdmanana(a)suse.com> btrfs: fix invalid inode pointer dereferences during log replay Filipe Manana <fdmanana(a)suse.com> btrfs: return a btrfs_inode from read_one_inode() Filipe Manana <fdmanana(a)suse.com> btrfs: return a btrfs_inode from btrfs_iget_logging() Filipe Manana <fdmanana(a)suse.com> btrfs: fix iteration of extrefs during log replay Filipe Manana <fdmanana(a)suse.com> btrfs: fix missing error handling when searching for inode refs during log replay Yang Li <yang.li(a)amlogic.com> Bluetooth: Prevent unintended pause by checking if advertising is active Alok Tiwari <alok.a.tiwari(a)oracle.com> platform/mellanox: nvsw-sn2201: Fix bus number in adapter error message Alok Tiwari <alok.a.tiwari(a)oracle.com> platform/mellanox: mlxbf-pmc: Fix duplicate event ID for CACHE_DATA1 Patrisious Haddad <phaddad(a)nvidia.com> RDMA/mlx5: Fix vport loopback for MPV device Patrisious Haddad <phaddad(a)nvidia.com> RDMA/mlx5: Fix CC counters query for MPV Patrisious Haddad <phaddad(a)nvidia.com> RDMA/mlx5: Fix HW counters query for non-representor devices Bart Van Assche <bvanassche(a)acm.org> scsi: ufs: core: Fix spelling of a sysfs attribute name jackysliu <1972843537(a)qq.com> scsi: sd: Fix VPD page 0xb7 length check Thomas Fourier <fourier.thomas(a)gmail.com> scsi: qla4xxx: Fix missing DMA mapping error in qla4xxx_alloc_pdu() Thomas Fourier <fourier.thomas(a)gmail.com> scsi: qla2xxx: Fix DMA mapping test in qla24xx_get_port_database() Benjamin Coddington <bcodding(a)redhat.com> NFSv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN Kuniyuki Iwashima <kuniyu(a)google.com> nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails. Mark Zhang <markzhang(a)nvidia.com> RDMA/mlx5: Initialize obj_event->obj_sub_list before xa_insert Or Har-Toov <ohartoov(a)nvidia.com> RDMA/mlx5: Fix unsafe xarray access in implicit ODP handling David Thompson <davthompson(a)nvidia.com> platform/mellanox: mlxbf-tmfifo: fix vring_desc.len assignment Janne Grunau <j(a)jannau.net> arm64: dts: apple: t8103: Fix PCIe BCM4377 nodename Sudeep Holla <sudeep.holla(a)arm.com> firmware: arm_ffa: Move memory allocation outside the mutex locking Sudeep Holla <sudeep.holla(a)arm.com> firmware: arm_ffa: Add support for {un,}registration of framework notifications Sudeep Holla <sudeep.holla(a)arm.com> firmware: arm_ffa: Stash ffa_device instead of notify_type in notifier_cb_info Sudeep Holla <sudeep.holla(a)arm.com> firmware: arm_ffa: Refactoring to prepare for framework notification support Sudeep Holla <sudeep.holla(a)arm.com> firmware: arm_ffa: Fix memory leak by freeing notifier callback node Maíra Canal <mcanal(a)igalia.com> drm/v3d: Disable interrupts before resetting the GPU Sergey Senozhatsky <senozhatsky(a)chromium.org> mtk-sd: reset host->mrq on prepare_data() error Masami Hiramatsu (Google) <mhiramat(a)kernel.org> mtk-sd: Prevent memory corruption from DMA map failure Masami Hiramatsu (Google) <mhiramat(a)kernel.org> mtk-sd: Fix a pagefault in dma_unmap_sg() for not prepared data RD Babiera <rdbabiera(a)google.com> usb: typec: altmodes/displayport: do not index invalid pin_assignments Yunshui Jiang <jiangyunshui(a)kylinos.cn> Input: cs40l50-vibra - fix potential NULL dereference in cs40l50_upload_owt() Manivannan Sadhasivam <mani(a)kernel.org> regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods Nicolin Chen <nicolinc(a)nvidia.com> iommufd/selftest: Fix iommufd_dirty_tracking with large hugepage sizes Christian Eggers <ceggers(a)arri.de> Bluetooth: MGMT: mesh_send: check instances prior disabling advertising Christian Eggers <ceggers(a)arri.de> Bluetooth: MGMT: set_mesh: update LE scan interval and window Christian Eggers <ceggers(a)arri.de> Bluetooth: hci_sync: revert some mesh modifications Christian Eggers <ceggers(a)arri.de> Bluetooth: HCI: Set extended advertising data synchronously Avri Altman <avri.altman(a)sandisk.com> mmc: core: sd: Apply BROKEN_SD_DISCARD quirk earlier Ulf Hansson <ulf.hansson(a)linaro.org> Revert "mmc: sdhci: Disable SD card clock before changing parameters" Victor Shih <victor.shih(a)genesyslogic.com.tw> mmc: sdhci: Add a helper function for dump register in dynamic debug mode Jiawen Wu <jiawenwu(a)trustnetic.com> net: libwx: fix the incorrect display of the queue number HarshaVardhana S A <harshavardhana.sa(a)broadcom.com> vsock/vmci: Clear the vmci transport packet properly when initializing it Jiawen Wu <jiawenwu(a)trustnetic.com> net: txgbe: request MISC IRQ in ndo_open Niklas Schnelle <schnelle(a)linux.ibm.com> s390/pci: Do not try re-enabling load/store if device is disabled Niklas Schnelle <schnelle(a)linux.ibm.com> s390/pci: Fix stale function handles in error handling Bui Quang Minh <minhquangbui99(a)gmail.com> virtio-net: ensure the received length does not exceed allocated size Bui Quang Minh <minhquangbui99(a)gmail.com> virtio-net: xsk: rx: fix the frame's length check Mateusz Jończyk <mat.jonczyk(a)o2.pl> rtc: cmos: use spin_lock_irqsave in cmos_interrupt Elena Popa <elena.popa(a)nxp.com> rtc: pcf2127: fix SPI command byte for PCF2131 Hugo Villeneuve <hvilleneuve(a)dimonoff.com> rtc: pcf2127: add missing semicolon after statement ------------- Diffstat: Documentation/ABI/testing/sysfs-devices-system-cpu | 1 + Documentation/ABI/testing/sysfs-driver-ufs | 2 +- .../hw-vuln/processor_mmio_stale_data.rst | 4 +- Documentation/admin-guide/kernel-parameters.txt | 13 + Documentation/arch/x86/mds.rst | 8 +- Documentation/core-api/symbol-namespaces.rst | 22 + Makefile | 4 +- arch/arm64/boot/dts/apple/t8103-jxxx.dtsi | 2 +- arch/arm64/boot/dts/qcom/sm8650.dtsi | 163 +- arch/arm64/boot/dts/qcom/x1e80100-crd.dts | 2 + .../arm64/boot/dts/renesas/beacon-renesom-som.dtsi | 3 +- arch/arm64/boot/dts/renesas/cat875.dtsi | 3 +- arch/arm64/boot/dts/renesas/condor-common.dtsi | 3 +- arch/arm64/boot/dts/renesas/draak.dtsi | 3 +- arch/arm64/boot/dts/renesas/ebisu.dtsi | 3 +- arch/arm64/boot/dts/renesas/hihope-rzg2-ex.dtsi | 3 +- arch/arm64/boot/dts/renesas/r8a77970-eagle.dts | 3 +- arch/arm64/boot/dts/renesas/r8a77970-v3msk.dts | 3 +- arch/arm64/boot/dts/renesas/r8a77980-v3hsk.dts | 3 +- arch/arm64/boot/dts/renesas/r8a779a0-falcon.dts | 3 +- .../boot/dts/renesas/r8a779f0-spider-ethernet.dtsi | 9 +- arch/arm64/boot/dts/renesas/r8a779f4-s4sk.dts | 6 +- .../dts/renesas/r8a779g2-white-hawk-single.dts | 63 +- .../boot/dts/renesas/r8a779h0-gray-hawk-single.dts | 3 +- arch/arm64/boot/dts/renesas/rzg2l-smarc-som.dtsi | 6 +- arch/arm64/boot/dts/renesas/rzg2lc-smarc-som.dtsi | 3 +- arch/arm64/boot/dts/renesas/rzg2ul-smarc-som.dtsi | 6 +- arch/arm64/boot/dts/renesas/rzg3s-smarc-som.dtsi | 6 +- arch/arm64/boot/dts/renesas/salvator-common.dtsi | 3 +- arch/arm64/boot/dts/renesas/ulcb.dtsi | 3 +- .../boot/dts/renesas/white-hawk-cpu-common.dtsi | 3 +- .../boot/dts/renesas/white-hawk-ethernet.dtsi | 6 +- arch/arm64/boot/dts/renesas/white-hawk-single.dtsi | 77 + arch/arm64/boot/dts/rockchip/rk3399-puma.dtsi | 42 +- arch/powerpc/include/uapi/asm/ioctls.h | 8 +- arch/powerpc/kernel/Makefile | 2 - arch/riscv/kernel/cpu_ops_sbi.c | 6 +- arch/s390/pci/pci_event.c | 15 + arch/x86/Kconfig | 9 + arch/x86/entry/entry.S | 8 +- arch/x86/include/asm/cpu.h | 12 + arch/x86/include/asm/cpufeatures.h | 6 + arch/x86/include/asm/irqflags.h | 4 +- arch/x86/include/asm/mwait.h | 28 +- arch/x86/include/asm/nospec-branch.h | 37 +- arch/x86/kernel/cpu/amd.c | 60 + arch/x86/kernel/cpu/bugs.c | 133 +- arch/x86/kernel/cpu/common.c | 14 +- arch/x86/kernel/cpu/microcode/amd.c | 12 - arch/x86/kernel/cpu/microcode/amd_shas.c | 112 ++ arch/x86/kernel/cpu/scattered.c | 2 + arch/x86/kernel/process.c | 16 +- arch/x86/kvm/cpuid.c | 8 +- arch/x86/kvm/reverse_cpuid.h | 8 + arch/x86/kvm/svm/vmenter.S | 6 + arch/x86/kvm/vmx/vmx.c | 2 +- drivers/acpi/acpica/dsmethod.c | 7 + drivers/acpi/thermal.c | 12 +- drivers/ata/libata-acpi.c | 24 +- drivers/ata/pata_cs5536.c | 2 +- drivers/ata/pata_via.c | 6 +- drivers/base/cpu.c | 3 + drivers/block/aoe/aoe.h | 1 + drivers/block/aoe/aoecmd.c | 8 +- drivers/block/aoe/aoedev.c | 5 +- drivers/crypto/intel/iaa/iaa_crypto_main.c | 140 +- drivers/crypto/xilinx/zynqmp-sha.c | 18 +- drivers/dma-buf/dma-resv.c | 12 +- drivers/firmware/arm_ffa/driver.c | 284 ++-- drivers/gpu/drm/amd/amdgpu/amdgpu_mes.c | 14 + drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c | 10 +- drivers/gpu/drm/amd/amdgpu/gfx_v11_0.c | 4 + drivers/gpu/drm/amd/amdgpu/imu_v11_0.c | 6 +- drivers/gpu/drm/amd/amdgpu/psp_v13_0.c | 2 + drivers/gpu/drm/amd/amdgpu/vcn_v5_0_1.c | 1624 ++++++++++++++++++++ .../drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c | 35 +- drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0.c | 8 +- drivers/gpu/drm/bridge/aux-hpd-bridge.c | 3 +- drivers/gpu/drm/exynos/exynos_drm_fimd.c | 12 + drivers/gpu/drm/i915/display/intel_dp.c | 18 + drivers/gpu/drm/i915/gt/intel_gsc.c | 2 +- drivers/gpu/drm/i915/gt/intel_ring_submission.c | 3 +- drivers/gpu/drm/i915/selftests/i915_request.c | 20 +- drivers/gpu/drm/i915/selftests/mock_request.c | 2 +- drivers/gpu/drm/msm/msm_gem_submit.c | 17 +- drivers/gpu/drm/tiny/simpledrm.c | 4 +- drivers/gpu/drm/v3d/v3d_drv.h | 8 + drivers/gpu/drm/v3d/v3d_gem.c | 2 + drivers/gpu/drm/v3d/v3d_irq.c | 37 +- drivers/gpu/drm/xe/Kconfig | 3 +- drivers/gpu/drm/xe/abi/guc_communication_ctb_abi.h | 1 + .../xe/compat-i915-headers/gem/i915_gem_stolen.h | 2 +- drivers/gpu/drm/xe/display/xe_dsb_buffer.c | 18 +- drivers/gpu/drm/xe/display/xe_fb_pin.c | 17 +- drivers/gpu/drm/xe/regs/xe_reg_defs.h | 2 +- drivers/gpu/drm/xe/xe_bo.c | 78 +- drivers/gpu/drm/xe/xe_bo.h | 40 +- drivers/gpu/drm/xe/xe_bo_evict.c | 14 +- drivers/gpu/drm/xe/xe_bo_types.h | 10 +- drivers/gpu/drm/xe/xe_device.c | 49 +- drivers/gpu/drm/xe/xe_ggtt.c | 35 +- drivers/gpu/drm/xe/xe_guc.c | 4 +- drivers/gpu/drm/xe/xe_guc_ct.c | 350 ++++- drivers/gpu/drm/xe/xe_guc_ct.h | 2 +- drivers/gpu/drm/xe/xe_guc_ct_types.h | 23 + drivers/gpu/drm/xe/xe_guc_pc.c | 144 ++ drivers/gpu/drm/xe/xe_guc_pc.h | 2 + drivers/gpu/drm/xe/xe_guc_pc_types.h | 2 + drivers/gpu/drm/xe/xe_irq.c | 4 +- drivers/gpu/drm/xe/xe_trace_bo.h | 2 +- drivers/i2c/busses/i2c-designware-master.c | 1 + drivers/infiniband/hw/mlx5/counters.c | 4 +- drivers/infiniband/hw/mlx5/devx.c | 2 +- drivers/infiniband/hw/mlx5/main.c | 33 + drivers/infiniband/hw/mlx5/mr.c | 95 +- drivers/infiniband/hw/mlx5/odp.c | 8 +- drivers/infiniband/sw/rxe/rxe_qp.c | 7 +- drivers/input/joystick/xpad.c | 2 + drivers/input/misc/cs40l50-vibra.c | 2 + drivers/input/misc/iqs7222.c | 7 +- drivers/iommu/ipmmu-vmsa.c | 2 +- drivers/iommu/rockchip-iommu.c | 3 +- drivers/mfd/exynos-lpass.c | 25 +- drivers/mmc/core/quirks.h | 12 +- drivers/mmc/host/mtk-sd.c | 21 +- drivers/mmc/host/sdhci.c | 9 +- drivers/mmc/host/sdhci.h | 16 + drivers/mtd/nand/spi/core.c | 1 + drivers/net/bonding/bond_main.c | 8 +- drivers/net/ethernet/amd/xgbe/xgbe-common.h | 2 + drivers/net/ethernet/amd/xgbe/xgbe-mdio.c | 13 + drivers/net/ethernet/amd/xgbe/xgbe-phy-v2.c | 24 +- drivers/net/ethernet/amd/xgbe/xgbe.h | 4 +- drivers/net/ethernet/atheros/atlx/atl1.c | 79 +- drivers/net/ethernet/cisco/enic/enic_main.c | 4 +- drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 26 +- drivers/net/ethernet/intel/idpf/idpf_controlq.c | 23 +- .../net/ethernet/intel/idpf/idpf_controlq_api.h | 2 +- drivers/net/ethernet/intel/idpf/idpf_ethtool.c | 4 +- drivers/net/ethernet/intel/idpf/idpf_lib.c | 12 +- drivers/net/ethernet/intel/igc/igc_main.c | 10 + drivers/net/ethernet/sun/niu.c | 31 +- drivers/net/ethernet/sun/niu.h | 4 + drivers/net/ethernet/wangxun/libwx/wx_lib.c | 1 + drivers/net/ethernet/wangxun/txgbe/txgbe_irq.c | 2 +- drivers/net/ethernet/wangxun/txgbe/txgbe_main.c | 22 +- drivers/net/usb/lan78xx.c | 2 - drivers/net/virtio_net.c | 60 +- drivers/net/wireless/ath/ath12k/dp_rx.c | 3 +- drivers/net/wireless/ath/ath12k/dp_rx.h | 3 + drivers/net/wireless/ath/ath12k/dp_tx.c | 21 +- drivers/net/wireless/ath/ath12k/mac.c | 16 +- drivers/net/wireless/ath/ath6kl/bmi.c | 4 +- drivers/nvme/host/core.c | 2 +- drivers/nvme/target/nvmet.h | 2 + drivers/platform/mellanox/mlxbf-pmc.c | 2 +- drivers/platform/mellanox/mlxbf-tmfifo.c | 3 +- drivers/platform/mellanox/mlxreg-lc.c | 2 +- drivers/platform/mellanox/nvsw-sn2201.c | 2 +- drivers/platform/x86/amd/pmc/pmc-quirks.c | 9 + .../x86/dell/dell-wmi-sysman/dell-wmi-sysman.h | 5 + .../x86/dell/dell-wmi-sysman/enum-attributes.c | 5 +- .../x86/dell/dell-wmi-sysman/int-attributes.c | 5 +- .../x86/dell/dell-wmi-sysman/passobj-attributes.c | 5 +- .../x86/dell/dell-wmi-sysman/string-attributes.c | 5 +- drivers/platform/x86/dell/dell-wmi-sysman/sysman.c | 25 +- drivers/platform/x86/firmware_attributes_class.c | 41 +- drivers/platform/x86/firmware_attributes_class.h | 3 + drivers/platform/x86/hp/hp-bioscfg/bioscfg.c | 14 +- drivers/platform/x86/think-lmi.c | 103 +- drivers/powercap/intel_rapl_common.c | 18 +- drivers/regulator/fan53555.c | 14 + drivers/regulator/gpio-regulator.c | 8 +- drivers/remoteproc/ti_k3_dsp_remoteproc.c | 6 +- drivers/remoteproc/ti_k3_m4_remoteproc.c | 6 +- drivers/remoteproc/ti_k3_r5_remoteproc.c | 180 ++- drivers/rtc/rtc-cmos.c | 10 +- drivers/rtc/rtc-pcf2127.c | 7 +- drivers/scsi/lpfc/lpfc_bsg.c | 6 +- drivers/scsi/lpfc/lpfc_crtn.h | 2 +- drivers/scsi/lpfc/lpfc_ct.c | 18 +- drivers/scsi/lpfc/lpfc_debugfs.c | 4 +- drivers/scsi/lpfc/lpfc_disc.h | 60 +- drivers/scsi/lpfc/lpfc_els.c | 441 +++--- drivers/scsi/lpfc/lpfc_hbadisc.c | 305 ++-- drivers/scsi/lpfc/lpfc_init.c | 58 +- drivers/scsi/lpfc/lpfc_nportdisc.c | 329 ++-- drivers/scsi/lpfc/lpfc_nvme.c | 9 +- drivers/scsi/lpfc/lpfc_nvmet.c | 2 +- drivers/scsi/lpfc/lpfc_scsi.c | 8 +- drivers/scsi/lpfc/lpfc_sli.c | 78 +- drivers/scsi/lpfc/lpfc_vport.c | 6 +- drivers/scsi/qla2xxx/qla_mbx.c | 2 +- drivers/scsi/qla4xxx/ql4_os.c | 2 + drivers/scsi/sd.c | 2 +- drivers/spi/spi-fsl-dspi.c | 11 +- drivers/target/target_core_pr.c | 4 +- drivers/tee/optee/ffa_abi.c | 41 +- drivers/tee/optee/optee_private.h | 2 + drivers/ufs/core/ufs-sysfs.c | 4 +- drivers/usb/cdns3/cdnsp-debug.h | 5 +- drivers/usb/cdns3/cdnsp-ep0.c | 18 +- drivers/usb/cdns3/cdnsp-gadget.h | 6 + drivers/usb/cdns3/cdnsp-ring.c | 7 +- drivers/usb/chipidea/udc.c | 7 + drivers/usb/core/hub.c | 3 + drivers/usb/core/quirks.c | 3 +- drivers/usb/core/usb-acpi.c | 4 +- drivers/usb/dwc3/core.c | 9 +- drivers/usb/dwc3/gadget.c | 22 +- drivers/usb/host/xhci-dbgcap.c | 4 + drivers/usb/host/xhci-dbgtty.c | 1 + drivers/usb/host/xhci-mem.c | 4 + drivers/usb/host/xhci-pci.c | 25 + drivers/usb/host/xhci-plat.c | 3 +- drivers/usb/host/xhci-ring.c | 5 +- drivers/usb/host/xhci.c | 31 +- drivers/usb/host/xhci.h | 3 +- drivers/usb/typec/altmodes/displayport.c | 5 +- drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.c | 14 +- fs/anon_inodes.c | 27 +- fs/bcachefs/fsck.c | 2 +- fs/bcachefs/recovery.c | 2 - fs/bcachefs/util.h | 2 - fs/btrfs/file.c | 21 +- fs/btrfs/inode.c | 36 +- fs/btrfs/ioctl.c | 4 +- fs/btrfs/tree-log.c | 377 +++-- fs/erofs/xattr.c | 2 +- fs/f2fs/data.c | 2 +- fs/f2fs/f2fs.h | 35 +- fs/f2fs/file.c | 3 +- fs/f2fs/gc.h | 1 + fs/f2fs/segment.c | 11 +- fs/f2fs/segment.h | 10 - fs/f2fs/super.c | 42 + fs/file_table.c | 4 +- fs/gfs2/aops.c | 54 +- fs/gfs2/aops.h | 3 +- fs/gfs2/bmap.c | 3 +- fs/gfs2/glock.c | 19 +- fs/gfs2/glops.c | 9 +- fs/gfs2/incore.h | 3 +- fs/gfs2/inode.c | 96 +- fs/gfs2/inode.h | 1 + fs/gfs2/log.c | 7 +- fs/gfs2/super.c | 114 +- fs/gfs2/trace_gfs2.h | 9 +- fs/gfs2/trans.c | 21 + fs/gfs2/trans.h | 2 + fs/gfs2/xattr.c | 11 +- fs/gfs2/xattr.h | 2 +- fs/kernfs/file.c | 2 +- fs/netfs/buffered_write.c | 2 + fs/netfs/direct_write.c | 8 +- fs/netfs/write_collect.c | 5 +- fs/nfs/flexfilelayout/flexfilelayout.c | 121 +- fs/nfs/inode.c | 17 +- fs/nfs/pnfs.c | 4 +- fs/smb/client/cifsglob.h | 2 + fs/smb/client/cifsproto.h | 1 + fs/smb/client/cifssmb.c | 2 + fs/smb/client/connect.c | 15 +- fs/smb/client/misc.c | 6 + fs/smb/client/readdir.c | 2 +- fs/smb/client/smb2pdu.c | 11 +- include/linux/arm_ffa.h | 5 + include/linux/bpf_verifier.h | 31 +- include/linux/cpu.h | 1 + include/linux/dcache.h | 1 + include/linux/export.h | 12 +- include/linux/fs.h | 2 + include/linux/libata.h | 7 +- include/linux/spinlock.h | 13 + include/linux/usb.h | 2 + include/linux/usb/typec_dp.h | 1 + kernel/bpf/verifier.c | 125 +- kernel/irq/irq_sim.c | 2 +- kernel/rcu/tree.c | 4 + kernel/sched/core.c | 4 +- kernel/sched/debug.c | 7 +- kernel/sched/ext.c | 12 +- kernel/sched/fair.c | 117 +- kernel/sched/pelt.c | 4 +- kernel/sched/sched.h | 5 +- lib/Kconfig.ubsan | 2 + lib/test_objagg.c | 4 +- mm/secretmem.c | 10 +- mm/userfaultfd.c | 33 +- mm/vmalloc.c | 63 +- net/bluetooth/hci_event.c | 36 - net/bluetooth/hci_sync.c | 227 +-- net/bluetooth/mgmt.c | 25 +- net/mac80211/rx.c | 4 + net/rose/rose_route.c | 15 +- net/sched/sch_api.c | 19 +- net/sunrpc/rpc_pipe.c | 14 +- net/vmw_vsock/vmci_transport.c | 4 +- security/selinux/ss/services.c | 16 +- sound/isa/sb/sb16_main.c | 7 + sound/soc/amd/yc/acp6x-mach.c | 14 + sound/soc/codecs/tas2764.c | 46 +- sound/soc/codecs/tas2764.h | 3 + tools/testing/kunit/qemu_configs/sparc.py | 7 +- tools/testing/selftests/iommu/iommufd.c | 30 +- 305 files changed, 6076 insertions(+), 2826 deletions(-)

3 months, 4 weeks

10
242
0 0

[PATCH 6.6 000/130] 6.6.97-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.6.97 release. There are 130 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 10 Jul 2025 18:32:37 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.97-rc2… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.6.97-rc2 Chao Yu <chao(a)kernel.org> f2fs: fix to avoid use-after-free issue in f2fs_filemap_fault Borislav Petkov (AMD) <bp(a)alien8.de> x86/process: Move the buffer clearing before MONITOR Borislav Petkov (AMD) <bp(a)alien8.de> x86/microcode/AMD: Add TSA microcode SHAs Borislav Petkov (AMD) <bp(a)alien8.de> KVM: SVM: Advertise TSA CPUID bits to guests Borislav Petkov (AMD) <bp(a)alien8.de> x86/bugs: Add a Transient Scheduler Attacks mitigation Borislav Petkov (AMD) <bp(a)alien8.de> x86/bugs: Rename MDS machinery to something more generic Madhavan Srinivasan <maddy(a)linux.ibm.com> powerpc/kernel: Fix ppc_save_regs inclusion in build Andrei Kuchynski <akuchynski(a)chromium.org> usb: typec: displayport: Fix potential deadlock Kurt Borja <kuurtb(a)gmail.com> platform/x86: think-lmi: Fix sysfs group cleanup Kurt Borja <kuurtb(a)gmail.com> platform/x86: think-lmi: Fix kobject cleanup Kurt Borja <kuurtb(a)gmail.com> platform/x86: think-lmi: Create ksets consecutively Zhang Rui <rui.zhang(a)intel.com> powercap: intel_rapl: Do not change CLAMPING bit if ENABLE bit cannot be changed Simon Xue <xxm(a)rock-chips.com> iommu/rockchip: prevent iommus dead loop when two masters share one IOMMU Oliver Neukum <oneukum(a)suse.com> Logitech C-270 even more broken Michael J. Ruhl <michael.j.ruhl(a)intel.com> i2c/designware: Fix an initialization issue Christian König <christian.koenig(a)amd.com> dma-buf: fix timeout handling in dma_resv_wait_timeout v2 Philipp Kerling <pkerling(a)casix.org> smb: client: fix readdir returning wrong type with POSIX extensions Xu Yang <xu.yang_2(a)nxp.com> usb: chipidea: udc: disconnect/reconnect from host when do suspend/resume Peter Chen <peter.chen(a)cixtech.com> usb: cdnsp: do not disable slot for disabled slot Jeff LaBundy <jeff(a)labundy.com> Input: iqs7222 - explicitly define number of external channels Nilton Perim Neto <niltonperimneto(a)gmail.com> Input: xpad - support Acer NGR 200 Controller Hongyu Xie <xiehongyu1(a)kylinos.cn> xhci: Disable stream for xHC controller with XHCI_BROKEN_STREAMS Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: dbc: Flush queued requests before stopping dbc Łukasz Bartosik <ukaszb(a)chromium.org> xhci: dbctty: disable ECHO flag by default Raju Rangoju <Raju.Rangoju(a)amd.com> usb: xhci: quirk for data loss in ISOC transfers Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4/flexfiles: Fix handling of NFS level errors in I/O Shivank Garg <shivankg(a)amd.com> fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass Peter Zijlstra <peterz(a)infradead.org> module: Provide EXPORT_SYMBOL_GPL_FOR_MODULES() helper Kurt Borja <kuurtb(a)gmail.com> platform/x86: hp-bioscfg: Fix class device unregistration Thomas Weißschuh <linux(a)weissschuh.net> platform/x86: hp-bioscfg: Directly use firmware_attributes_class Maíra Canal <mcanal(a)igalia.com> drm/v3d: Disable interrupts before resetting the GPU Uladzislau Rezki (Sony) <urezki(a)gmail.com> rcu: Return early if callback is not specified Pablo Martin-Gomez <pmartin-gomez(a)freebox.fr> mtd: spinand: fix memory leak of ECC engine conf Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> ACPICA: Refuse to evaluate a method if arguments are missing Johannes Berg <johannes.berg(a)intel.com> wifi: ath6kl: remove WARN on bad firmware input Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: drop invalid source address OCB frames Justin Sanders <jsanders.devel(a)gmail.com> aoe: defer rexmit timer downdev work to workqueue Maurizio Lombardi <mlombard(a)redhat.com> scsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port() Heiko Stuebner <heiko(a)sntech.de> regulator: fan53555: add enable_time support and soft-start times Raven Black <ravenblack(a)gmail.com> ASoC: amd: yc: update quirk data for HP Victus Madhavan Srinivasan <maddy(a)linux.ibm.com> powerpc: Fix struct termio related ioctl macros Mario Limonciello <mario.limonciello(a)amd.com> platform/x86/amd/pmc: Add PCSpecialist Lafite Pro V 14M to 8042 quirks list Gabriel Santese <santesegabriel(a)gmail.com> ASoC: amd: yc: Add quirk for MSI Bravo 17 D7VF internal mic Johannes Berg <johannes.berg(a)intel.com> ata: pata_cs5536: fix build on 32-bit UML Tasos Sahanidis <tasos(a)tasossah.com> ata: libata-acpi: Do not assume 40 wire cable if no devices are enabled Takashi Iwai <tiwai(a)suse.de> ALSA: sb: Force to disable DMAs once when DMA mode is changed Takashi Iwai <tiwai(a)suse.de> ALSA: sb: Don't allow changing the DMA mode during operations Rob Clark <robdclark(a)chromium.org> drm/msm: Fix another leak in the submit error path Rob Clark <robdclark(a)chromium.org> drm/msm: Fix a fence leak in submit error path Xin Li (Intel) <xin(a)zytor.com> drm/i915/dp_mst: Work around Thunderbolt sink disconnect after SINK_COUNT_ESI read Thomas Zimmermann <tzimmermann(a)suse.de> drm/simpledrm: Do not upcast in release helpers anvithdosapati <anvithdosapati(a)google.com> scsi: ufs: core: Fix clk scaling to be conditional in reset and restore Manivannan Sadhasivam <mani(a)kernel.org> scsi: ufs: core: Add OPP support for scaling clocks and regulators Peter Wang <peter.wang(a)mediatek.com> scsi: ufs: core: Fix abnormal scale up after last cmd finish Chao Yu <chao(a)kernel.org> f2fs: fix to zero post-eof page Chao Yu <chao(a)kernel.org> f2fs: convert f2fs_vm_page_mkwrite() to use folio Daeho Jeong <daehojeong(a)google.com> f2fs: prevent writing without fallocate() for pinned files Chao Yu <chao(a)kernel.org> f2fs: add tracepoint for f2fs_vm_page_mkwrite() Xin Li (Intel) <xin(a)zytor.com> x86/traps: Initialize DR6 by writing its architectural reset value Yan Zhai <yan(a)cloudflare.com> bnxt: properly flush XDP redirect lists Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: finish link init before RCU publish Muna Sinada <muna.sinada(a)oss.qualcomm.com> wifi: mac80211: Add link iteration macro for link data Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: chan: chandef is non-NULL for reserved Kuniyuki Iwashima <kuniyu(a)google.com> Bluetooth: hci_core: Fix use-after-free in vhci_flush() Stefan Metzmacher <metze(a)samba.org> smb: client: remove \t from TP_printk statements Filipe Manana <fdmanana(a)suse.com> btrfs: fix qgroup reservation leak on failure to allocate ordered extent Joonas Lahtinen <joonas.lahtinen(a)linux.intel.com> Revert "drm/i915/gem: Allow EXEC_CAPTURE on recoverable contexts on DG1" Wang Zhaolong <wangzhaolong(a)huaweicloud.com> smb: client: fix race condition in negotiate timeout by using more precise timing Raju Rangoju <Raju.Rangoju(a)amd.com> amd-xgbe: do not double read link status Lion Ackermann <nnamrec(a)gmail.com> net/sched: Always pass notifications when child class becomes empty Thomas Fourier <fourier.thomas(a)gmail.com> nui: Fix dma_mapping_error() check Kohei Enju <enjuk(a)amazon.com> rose: fix dangling neighbour pointers in rose_rt_device_down() Alok Tiwari <alok.a.tiwari(a)oracle.com> enic: fix incorrect MTU comparison in enic_change_mtu() Raju Rangoju <Raju.Rangoju(a)amd.com> amd-xgbe: align CL37 AN sequence as per databook Dan Carpenter <dan.carpenter(a)linaro.org> lib: test_objagg: Set error message in check_expect_hints_stats() Vitaly Lifshits <vitaly.lifshits(a)intel.com> igc: disable L1.2 PCI-E link substate to avoid performance issue Junxiao Chang <junxiao.chang(a)intel.com> drm/i915/gsc: mei interrupt top half should be in irq disabled context Janusz Krzysztofik <janusz.krzysztofik(a)linux.intel.com> drm/i915/gt: Fix timeline left held on VMA alloc error Oleksij Rempel <o.rempel(a)pengutronix.de> net: usb: lan78xx: fix WARN in __netif_napi_del_locked on disconnect Paulo Alcantara <pc(a)manguebit.org> smb: client: fix warning when reconnecting channel Alok Tiwari <alok.a.tiwari(a)oracle.com> platform/mellanox: mlxreg-lc: Fix logic error in power state check Kurt Borja <kuurtb(a)gmail.com> platform/x86: dell-wmi-sysman: Fix class device unregistration Thomas Weißschuh <linux(a)weissschuh.net> platform/x86: dell-sysman: Directly use firmware_attributes_class Kurt Borja <kuurtb(a)gmail.com> platform/x86: think-lmi: Fix class device unregistration Thomas Weißschuh <linux(a)weissschuh.net> platform/x86: think-lmi: Directly use firmware_attributes_class Thomas Weißschuh <linux(a)weissschuh.net> platform/x86: firmware_attributes_class: Simplify API Thomas Weißschuh <linux(a)weissschuh.net> platform/x86: firmware_attributes_class: Move include linux/device/class.h Ricardo B. Marliere <ricardo(a)marliere.net> platform/x86: make fw_attr_class constant Neil Armstrong <neil.armstrong(a)linaro.org> arm64: dts: qcom: sm8550: add UART14 nodes Kurt Borja <kuurtb(a)gmail.com> platform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks Dan Carpenter <dan.carpenter(a)linaro.org> drm/i915/selftests: Change mock_request() to return error pointers James Clark <james.clark(a)linaro.org> spi: spi-fsl-dspi: Clear completion counter before initiating transfer Marek Szyprowski <m.szyprowski(a)samsung.com> drm/exynos: fimd: Guard display clock control with runtime PM calls Fushuai Wang <wangfushuai(a)baidu.com> dpaa2-eth: fix xdp_rxq_info leak Thomas Fourier <fourier.thomas(a)gmail.com> ethernet: atl1: Add missing DMA mapping error checks and count errors Filipe Manana <fdmanana(a)suse.com> btrfs: use btrfs_record_snapshot_destroy() during rmdir Filipe Manana <fdmanana(a)suse.com> btrfs: propagate last_unlink_trans earlier when doing a rmdir Anand Jain <anand.jain(a)oracle.com> btrfs: rename err to ret in btrfs_rmdir() Filipe Manana <fdmanana(a)suse.com> btrfs: fix iteration of extrefs during log replay Filipe Manana <fdmanana(a)suse.com> btrfs: fix missing error handling when searching for inode refs during log replay Yang Li <yang.li(a)amlogic.com> Bluetooth: Prevent unintended pause by checking if advertising is active Alok Tiwari <alok.a.tiwari(a)oracle.com> platform/mellanox: nvsw-sn2201: Fix bus number in adapter error message Patrisious Haddad <phaddad(a)nvidia.com> RDMA/mlx5: Fix vport loopback for MPV device Patrisious Haddad <phaddad(a)nvidia.com> RDMA/mlx5: Fix CC counters query for MPV Patrisious Haddad <phaddad(a)nvidia.com> RDMA/mlx5: Fix HW counters query for non-representor devices Bart Van Assche <bvanassche(a)acm.org> scsi: ufs: core: Fix spelling of a sysfs attribute name Thomas Fourier <fourier.thomas(a)gmail.com> scsi: qla4xxx: Fix missing DMA mapping error in qla4xxx_alloc_pdu() Thomas Fourier <fourier.thomas(a)gmail.com> scsi: qla2xxx: Fix DMA mapping test in qla24xx_get_port_database() Benjamin Coddington <bcodding(a)redhat.com> NFSv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN Kuniyuki Iwashima <kuniyu(a)google.com> nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails. Mark Zhang <markzhang(a)nvidia.com> RDMA/mlx5: Initialize obj_event->obj_sub_list before xa_insert David Thompson <davthompson(a)nvidia.com> platform/mellanox: mlxbf-tmfifo: fix vring_desc.len assignment Janne Grunau <j(a)jannau.net> arm64: dts: apple: t8103: Fix PCIe BCM4377 nodename Sergey Senozhatsky <senozhatsky(a)chromium.org> mtk-sd: reset host->mrq on prepare_data() error Masami Hiramatsu (Google) <mhiramat(a)kernel.org> mtk-sd: Prevent memory corruption from DMA map failure Masami Hiramatsu (Google) <mhiramat(a)kernel.org> mtk-sd: Fix a pagefault in dma_unmap_sg() for not prepared data RD Babiera <rdbabiera(a)google.com> usb: typec: altmodes/displayport: do not index invalid pin_assignments Manivannan Sadhasivam <mani(a)kernel.org> regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods Christian Eggers <ceggers(a)arri.de> Bluetooth: MGMT: mesh_send: check instances prior disabling advertising Christian Eggers <ceggers(a)arri.de> Bluetooth: MGMT: set_mesh: update LE scan interval and window Christian Eggers <ceggers(a)arri.de> Bluetooth: hci_sync: revert some mesh modifications Avri Altman <avri.altman(a)sandisk.com> mmc: core: sd: Apply BROKEN_SD_DISCARD quirk earlier Ulf Hansson <ulf.hansson(a)linaro.org> Revert "mmc: sdhci: Disable SD card clock before changing parameters" Victor Shih <victor.shih(a)genesyslogic.com.tw> mmc: sdhci: Add a helper function for dump register in dynamic debug mode HarshaVardhana S A <harshavardhana.sa(a)broadcom.com> vsock/vmci: Clear the vmci transport packet properly when initializing it Niklas Schnelle <schnelle(a)linux.ibm.com> s390/pci: Do not try re-enabling load/store if device is disabled Bui Quang Minh <minhquangbui99(a)gmail.com> virtio-net: ensure the received length does not exceed allocated size Mateusz Jończyk <mat.jonczyk(a)o2.pl> rtc: cmos: use spin_lock_irqsave in cmos_interrupt Elena Popa <elena.popa(a)nxp.com> rtc: pcf2127: fix SPI command byte for PCF2131 Hugo Villeneuve <hvilleneuve(a)dimonoff.com> rtc: pcf2127: add missing semicolon after statement ------------- Diffstat: Documentation/ABI/testing/sysfs-devices-system-cpu | 1 + Documentation/ABI/testing/sysfs-driver-ufs | 2 +- .../hw-vuln/processor_mmio_stale_data.rst | 4 +- Documentation/admin-guide/kernel-parameters.txt | 13 ++ Documentation/arch/x86/mds.rst | 8 +- Documentation/core-api/symbol-namespaces.rst | 22 +++ Makefile | 4 +- arch/arm64/boot/dts/apple/t8103-jxxx.dtsi | 2 +- arch/arm64/boot/dts/qcom/sm8550.dtsi | 30 ++++ arch/powerpc/include/uapi/asm/ioctls.h | 8 +- arch/powerpc/kernel/Makefile | 2 - arch/s390/pci/pci_event.c | 4 + arch/x86/Kconfig | 9 ++ arch/x86/entry/entry.S | 8 +- arch/x86/include/asm/cpu.h | 12 ++ arch/x86/include/asm/cpufeatures.h | 6 + arch/x86/include/asm/irqflags.h | 4 +- arch/x86/include/asm/mwait.h | 28 ++-- arch/x86/include/asm/nospec-branch.h | 37 +++-- arch/x86/include/uapi/asm/debugreg.h | 21 ++- arch/x86/kernel/cpu/amd.c | 60 ++++++++ arch/x86/kernel/cpu/bugs.c | 133 ++++++++++++++++- arch/x86/kernel/cpu/common.c | 38 +++-- arch/x86/kernel/cpu/microcode/amd.c | 12 -- arch/x86/kernel/cpu/microcode/amd_shas.c | 112 +++++++++++++++ arch/x86/kernel/cpu/scattered.c | 2 + arch/x86/kernel/process.c | 16 ++- arch/x86/kernel/traps.c | 32 +++-- arch/x86/kvm/cpuid.c | 8 +- arch/x86/kvm/reverse_cpuid.h | 8 ++ arch/x86/kvm/svm/vmenter.S | 6 + arch/x86/kvm/vmx/vmx.c | 2 +- drivers/acpi/acpica/dsmethod.c | 7 + drivers/ata/libata-acpi.c | 24 ++-- drivers/ata/pata_cs5536.c | 2 +- drivers/ata/pata_via.c | 6 +- drivers/base/cpu.c | 3 + drivers/block/aoe/aoe.h | 1 + drivers/block/aoe/aoecmd.c | 8 +- drivers/block/aoe/aoedev.c | 5 +- drivers/dma-buf/dma-resv.c | 12 +- drivers/gpu/drm/exynos/exynos_drm_fimd.c | 12 ++ drivers/gpu/drm/i915/gem/i915_gem_execbuffer.c | 2 +- drivers/gpu/drm/i915/gt/intel_gsc.c | 2 +- drivers/gpu/drm/i915/gt/intel_ring_submission.c | 3 +- drivers/gpu/drm/i915/selftests/i915_request.c | 20 +-- drivers/gpu/drm/i915/selftests/mock_request.c | 2 +- drivers/gpu/drm/msm/msm_gem_submit.c | 17 ++- drivers/gpu/drm/tiny/simpledrm.c | 4 +- drivers/gpu/drm/v3d/v3d_drv.h | 8 ++ drivers/gpu/drm/v3d/v3d_gem.c | 2 + drivers/gpu/drm/v3d/v3d_irq.c | 37 +++-- drivers/i2c/busses/i2c-designware-master.c | 1 + drivers/infiniband/hw/mlx5/counters.c | 4 +- drivers/infiniband/hw/mlx5/devx.c | 2 +- drivers/infiniband/hw/mlx5/main.c | 33 +++++ drivers/input/joystick/xpad.c | 2 + drivers/input/misc/iqs7222.c | 7 +- drivers/iommu/rockchip-iommu.c | 3 +- drivers/mmc/core/quirks.h | 12 +- drivers/mmc/host/mtk-sd.c | 21 ++- drivers/mmc/host/sdhci.c | 9 +- drivers/mmc/host/sdhci.h | 16 +++ drivers/mtd/nand/spi/core.c | 1 + drivers/net/ethernet/amd/xgbe/xgbe-common.h | 2 + drivers/net/ethernet/amd/xgbe/xgbe-mdio.c | 13 ++ drivers/net/ethernet/amd/xgbe/xgbe-phy-v2.c | 24 ++-- drivers/net/ethernet/amd/xgbe/xgbe.h | 4 +- drivers/net/ethernet/atheros/atlx/atl1.c | 79 +++++++--- drivers/net/ethernet/broadcom/bnxt/bnxt.c | 7 +- drivers/net/ethernet/cisco/enic/enic_main.c | 4 +- drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 26 +++- drivers/net/ethernet/intel/igc/igc_main.c | 10 ++ drivers/net/ethernet/sun/niu.c | 31 +++- drivers/net/ethernet/sun/niu.h | 4 + drivers/net/usb/lan78xx.c | 2 - drivers/net/virtio_net.c | 38 ++++- drivers/net/wireless/ath/ath6kl/bmi.c | 4 +- drivers/platform/mellanox/mlxbf-tmfifo.c | 3 +- drivers/platform/mellanox/mlxreg-lc.c | 2 +- drivers/platform/mellanox/nvsw-sn2201.c | 2 +- drivers/platform/x86/amd/pmc/pmc-quirks.c | 9 ++ .../x86/dell/dell-wmi-sysman/dell-wmi-sysman.h | 5 + .../x86/dell/dell-wmi-sysman/enum-attributes.c | 5 +- .../x86/dell/dell-wmi-sysman/int-attributes.c | 5 +- .../x86/dell/dell-wmi-sysman/passobj-attributes.c | 5 +- .../x86/dell/dell-wmi-sysman/string-attributes.c | 5 +- drivers/platform/x86/dell/dell-wmi-sysman/sysman.c | 25 ++-- drivers/platform/x86/firmware_attributes_class.c | 41 ++---- drivers/platform/x86/firmware_attributes_class.h | 5 +- drivers/platform/x86/hp/hp-bioscfg/bioscfg.c | 14 +- drivers/platform/x86/think-lmi.c | 103 +++++-------- drivers/powercap/intel_rapl_common.c | 18 ++- drivers/regulator/fan53555.c | 14 ++ drivers/regulator/gpio-regulator.c | 8 +- drivers/rtc/rtc-cmos.c | 10 +- drivers/rtc/rtc-pcf2127.c | 7 +- drivers/scsi/qla2xxx/qla_mbx.c | 2 +- drivers/scsi/qla4xxx/ql4_os.c | 2 + drivers/spi/spi-fsl-dspi.c | 11 +- drivers/target/target_core_pr.c | 4 +- drivers/ufs/core/ufs-sysfs.c | 4 +- drivers/ufs/core/ufshcd.c | 160 +++++++++++++++------ drivers/usb/cdns3/cdnsp-ring.c | 4 +- drivers/usb/chipidea/udc.c | 7 + drivers/usb/core/quirks.c | 3 +- drivers/usb/host/xhci-dbgcap.c | 4 + drivers/usb/host/xhci-dbgtty.c | 1 + drivers/usb/host/xhci-mem.c | 4 + drivers/usb/host/xhci-pci.c | 25 ++++ drivers/usb/host/xhci-plat.c | 3 +- drivers/usb/host/xhci.h | 1 + drivers/usb/typec/altmodes/displayport.c | 5 +- fs/anon_inodes.c | 23 ++- fs/btrfs/inode.c | 56 ++++---- fs/btrfs/ordered-data.c | 12 +- fs/btrfs/tree-log.c | 8 +- fs/f2fs/file.c | 119 ++++++++++----- fs/nfs/flexfilelayout/flexfilelayout.c | 121 +++++++++++----- fs/nfs/inode.c | 17 ++- fs/nfs/pnfs.c | 4 +- fs/smb/client/cifsglob.h | 2 + fs/smb/client/connect.c | 7 +- fs/smb/client/readdir.c | 2 +- fs/smb/client/smb2pdu.c | 10 +- fs/smb/client/trace.h | 18 +-- include/linux/cpu.h | 1 + include/linux/export.h | 12 +- include/linux/fs.h | 2 + include/linux/libata.h | 7 +- include/linux/usb/typec_dp.h | 1 + include/net/bluetooth/hci_core.h | 2 + include/trace/events/f2fs.h | 39 +++-- include/ufs/ufshcd.h | 4 + kernel/rcu/tree.c | 4 + lib/test_objagg.c | 4 +- mm/secretmem.c | 11 +- net/bluetooth/hci_core.c | 34 ++++- net/bluetooth/hci_sync.c | 20 ++- net/bluetooth/mgmt.c | 25 +++- net/mac80211/chan.c | 6 +- net/mac80211/ieee80211_i.h | 9 ++ net/mac80211/link.c | 15 +- net/mac80211/rx.c | 4 + net/rose/rose_route.c | 15 +- net/sched/sch_api.c | 19 +-- net/vmw_vsock/vmci_transport.c | 4 +- sound/isa/sb/sb16_main.c | 7 + sound/soc/amd/yc/acp6x-mach.c | 14 ++ 149 files changed, 1745 insertions(+), 629 deletions(-)

3 months, 4 weeks

8
7
0 0

[PATCH AUTOSEL 6.15 1/8] Revert "ACPI: battery: negate current when discharging"

by Sasha Levin

From: "Rafael J. Wysocki" <rafael.j.wysocki(a)intel.com> [ Upstream commit de1675de39aa945bad5937d1fde4df3682670639 ] Revert commit 234f71555019 ("ACPI: battery: negate current when discharging") breaks not one but several userspace implementations of battery monitoring: Steam and MangoHud. Perhaps it breaks more, but those are the two that have been tested. Reported-by: Matthew Schwartz <matthew.schwartz(a)linux.dev> Closes: https://lore.kernel.org/linux-acpi/87C1B2AF-D430-4568-B620-14B941A8ABA4@lin… Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- **YES**, this commit should be backported to stable kernel trees. ## Extensive Explanation: ### 1. **Critical Userspace Regression Fix** This revert fixes a critical regression that breaks userspace applications. The commit message explicitly states that the original change "breaks not one but several userspace implementations of battery monitoring: Steam and MangoHud." This is a clear violation of the kernel's "no userspace regressions" rule, which is one of the most fundamental principles in kernel development. ### 2. **Code Analysis Shows ABI Change** Looking at the code changes: ```c // The problematic code that was added (and is now being removed): if (psp == POWER_SUPPLY_PROP_CURRENT_NOW && (battery->state & ACPI_BATTERY_STATE_DISCHARGING) && acpi_battery_handle_discharging(battery) == POWER_SUPPLY_STATUS_DISCHARGING) val->intval = -val->intval; ``` This code was changing the sign of the current value when discharging, which altered the userspace-visible ABI. Even if the original behavior didn't match documentation, changing it broke existing applications that depended on the long-standing behavior. ### 3. **Simple and Safe Revert** The commit is a clean revert that: - Removes the problematic sign negation logic - Restores the original behavior that userspace applications expect - Is self-contained to the `acpi_battery_get_property()` function - Has minimal risk of introducing new issues ### 4. **Meets Stable Kernel Criteria** According to stable kernel rules, this commit qualifies because it: - **Fixes a real bug** that users are hitting (broken battery monitoring in Steam and MangoHud) - **Is obviously correct** (it's a revert of a change that broke userspace) - **Is small and contained** (only affects the ACPI battery property reporting) - **Has been tested** (the reporter confirmed the issue) - **Fixes a regression** (restores previous working behavior) ### 5. **Comparison to Similar Commits** Looking at the historical commits marked with "Backport Status: YES", they share similar characteristics: - Fix actual problems affecting users - Are relatively small and contained changes - Don't introduce new features or architectural changes - Focus on fixing specific issues This revert fits perfectly into this pattern as it's fixing a specific userspace compatibility issue without introducing any new functionality. ### 6. **Timing Considerations** The original problematic commit (234f71555019) was from May 8, 2025, and this revert is from July 3, 2025. If the original commit made it into any stable releases, those stable trees would need this revert to prevent userspace breakage. ### Conclusion: This is a textbook example of a commit that should be backported to stable kernels. It fixes a userspace regression, is minimal in scope, carries very low risk, and restores previously working behavior that applications depend on. The fact that it's a revert of a problematic change makes it even more suitable for stable backporting. drivers/acpi/battery.c | 19 +++---------------- 1 file changed, 3 insertions(+), 16 deletions(-) diff --git a/drivers/acpi/battery.c b/drivers/acpi/battery.c index 93bb1f7d90986..6760330a8af55 100644 --- a/drivers/acpi/battery.c +++ b/drivers/acpi/battery.c @@ -243,23 +243,10 @@ static int acpi_battery_get_property(struct power_supply *psy, break; case POWER_SUPPLY_PROP_CURRENT_NOW: case POWER_SUPPLY_PROP_POWER_NOW: - if (battery->rate_now == ACPI_BATTERY_VALUE_UNKNOWN) { + if (battery->rate_now == ACPI_BATTERY_VALUE_UNKNOWN) ret = -ENODEV; - break; - } - - val->intval = battery->rate_now * 1000; - /* - * When discharging, the current should be reported as a - * negative number as per the power supply class interface - * definition. - */ - if (psp == POWER_SUPPLY_PROP_CURRENT_NOW && - (battery->state & ACPI_BATTERY_STATE_DISCHARGING) && - acpi_battery_handle_discharging(battery) - == POWER_SUPPLY_STATUS_DISCHARGING) - val->intval = -val->intval; - + else + val->intval = battery->rate_now * 1000; break; case POWER_SUPPLY_PROP_CHARGE_FULL_DESIGN: case POWER_SUPPLY_PROP_ENERGY_FULL_DESIGN: -- 2.39.5

3 months, 4 weeks

6
28
0 0

[tip: x86/urgent] x86/mm: Disable hugetlb page table sharing on 32-bit

by tip-bot2 for Jann Horn

The following commit has been merged into the x86/urgent branch of tip: Commit-ID: 76303ee8d54bff6d9a6d55997acd88a6c2ba63cf Gitweb: https://git.kernel.org/tip/76303ee8d54bff6d9a6d55997acd88a6c2ba63cf Author: Jann Horn <jannh(a)google.com> AuthorDate: Wed, 02 Jul 2025 10:32:04 +02:00 Committer: Dave Hansen <dave.hansen(a)linux.intel.com> CommitterDate: Wed, 09 Jul 2025 07:46:36 -07:00 x86/mm: Disable hugetlb page table sharing on 32-bit Only select ARCH_WANT_HUGE_PMD_SHARE on 64-bit x86. Page table sharing requires at least three levels because it involves shared references to PMD tables; 32-bit x86 has either two-level paging (without PAE) or three-level paging (with PAE), but even with three-level paging, having a dedicated PGD entry for hugetlb is only barely possible (because the PGD only has four entries), and it seems unlikely anyone's actually using PMD sharing on 32-bit. Having ARCH_WANT_HUGE_PMD_SHARE enabled on non-PAE 32-bit X86 (which has 2-level paging) became particularly problematic after commit 59d9094df3d7 ("mm: hugetlb: independent PMD page table shared count"), since that changes `struct ptdesc` such that the `pt_mm` (for PGDs) and the `pt_share_count` (for PMDs) share the same union storage - and with 2-level paging, PMDs are PGDs. (For comparison, arm64 also gates ARCH_WANT_HUGE_PMD_SHARE on the configuration of page tables such that it is never enabled with 2-level paging.) Closes: https://lore.kernel.org/r/srhpjxlqfna67blvma5frmy3aa@altlinux.org Fixes: cfe28c5d63d8 ("x86: mm: Remove x86 version of huge_pmd_share.") Reported-by: Vitaly Chikunov <vt(a)altlinux.org> Suggested-by: Dave Hansen <dave.hansen(a)intel.com> Signed-off-by: Jann Horn <jannh(a)google.com> Signed-off-by: Dave Hansen <dave.hansen(a)linux.intel.com> Acked-by: Oscar Salvador <osalvador(a)suse.de> Acked-by: David Hildenbrand <david(a)redhat.com> Tested-by: Vitaly Chikunov <vt(a)altlinux.org> Cc:stable@vger.kernel.org Link: https://lore.kernel.org/all/20250702-x86-2level-hugetlb-v2-1-1a98096edf92%4… --- arch/x86/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 71019b3..4e0fe68 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -147,7 +147,7 @@ config X86 select ARCH_WANTS_DYNAMIC_TASK_STRUCT select ARCH_WANTS_NO_INSTR select ARCH_WANT_GENERAL_HUGETLB - select ARCH_WANT_HUGE_PMD_SHARE + select ARCH_WANT_HUGE_PMD_SHARE if X86_64 select ARCH_WANT_LD_ORPHAN_WARN select ARCH_WANT_OPTIMIZE_DAX_VMEMMAP if X86_64 select ARCH_WANT_OPTIMIZE_HUGETLB_VMEMMAP if X86_64

3 months, 4 weeks

1
0
0 0

[PATCH 0/3] HID: core: fix __hid_request when no report ID is used

by Benjamin Tissoires

[Ideally I'd like to have tests in selftests, but I couldn't extract them out of the syzbot reproducer, so sending that first series to check against syzbot] Followup of https://lore.kernel.org/linux-input/c75433e0-9b47-4072-bbe8-b1d14ea97b13@ro… This initial series attempt at fixing the various bugs discovered by Alan regarding __hid_request(). Syzbot managed to create a report descriptor which presents a feature request of size 0 (still trying to extract it) and this exposed the fact that __hid_request() was incorrectly handling the case when the report ID is not used. Send a first batch of fixes now so we get the feedback from syzbot ASAP. Note: in the series, I also mentioned that the report of size 0 should be stripped out of the HID device, but without a local reproducer this is going to be difficult to implement. Signed-off-by: Benjamin Tissoires <bentiss(a)kernel.org> --- Benjamin Tissoires (3): HID: core: ensure the allocated report buffer can contain the reserved report ID HID: core: ensure __hid_request reserves the report ID as the first byte HID: core: do not bypass hid_hw_raw_request drivers/hid/hid-core.c | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) --- base-commit: 1f988d0788f50d8464f957e793fab356e2937369 change-id: 20250709-report-size-null-37619ea20288 Best regards, -- Benjamin Tissoires <bentiss(a)kernel.org>

3 months, 4 weeks

2
4
0 0

[PATCH 1/2] drm/gem: Fix race in drm_gem_handle_create_tail()

by Simona Vetter

Object creation is a careful dance where we must guarantee that the object is fully constructed before it is visible to other threads, and GEM buffer objects are no difference. Final publishing happens by calling drm_gem_handle_create(). After that the only allowed thing to do is call drm_gem_object_put() because a concurrent call to the GEM_CLOSE ioctl with a correctly guessed id (which is trivial since we have a linear allocator) can already tear down the object again. Luckily most drivers get this right, the very few exceptions I've pinged the relevant maintainers for. Unfortunately we also need drm_gem_handle_create() when creating additional handles for an already existing object (e.g. GETFB ioctl or the various bo import ioctl), and hence we cannot have a drm_gem_handle_create_and_put() as the only exported function to stop these issues from happening. Now unfortunately the implementation of drm_gem_handle_create() isn't living up to standards: It does correctly finishe object initialization at the global level, and hence is safe against a concurrent tear down. But it also sets up the file-private aspects of the handle, and that part goes wrong: We fully register the object in the drm_file.object_idr before calling drm_vma_node_allow() or obj->funcs->open, which opens up races against concurrent removal of that handle in drm_gem_handle_delete(). Fix this with the usual two-stage approach of first reserving the handle id, and then only registering the object after we've completed the file-private setup. Jacek reported this with a testcase of concurrently calling GEM_CLOSE on a freshly-created object (which also destroys the object), but it should be possible to hit this with just additional handles created through import or GETFB without completed destroying the underlying object with the concurrent GEM_CLOSE ioctl calls. Note that the close-side of this race was fixed in f6cd7daecff5 ("drm: Release driver references to handle before making it available again"), which means a cool 9 years have passed until someone noticed that we need to make this symmetry or there's still gaps left :-/ Without the 2-stage close approach we'd still have a race, therefore that's an integral part of this bugfix. More importantly, this means we can have NULL pointers behind allocated id in our drm_file.object_idr. We need to check for that now: - drm_gem_handle_delete() checks for ERR_OR_NULL already - drm_gem.c:object_lookup() also chekcs for NULL - drm_gem_release() should never be called if there's another thread still existing that could call into an IOCTL that creates a new handle, so cannot race. For paranoia I added a NULL check to drm_gem_object_release_handle() though. - most drivers (etnaviv, i915, msm) are find because they use idr_find(), which maps both ENOENT and NULL to NULL. - drivers using idr_for_each_entry() should also be fine, because idr_get_next does filter out NULL entries and continues the iteration. - The same holds for drm_show_memory_stats(). v2: Use drm_WARN_ON (Thomas) Reported-by: Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com> Tested-by: Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com> Reviewed-by: Thomas Zimmermann <tzimmermann(a)suse.de> Cc: stable(a)vger.kernel.org Cc: Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com> Cc: Maarten Lankhorst <maarten.lankhorst(a)linux.intel.com> Cc: Maxime Ripard <mripard(a)kernel.org> Cc: Thomas Zimmermann <tzimmermann(a)suse.de> Cc: David Airlie <airlied(a)gmail.com> Cc: Simona Vetter <simona(a)ffwll.ch> Signed-off-by: Simona Vetter <simona.vetter(a)intel.com> Signed-off-by: Simona Vetter <simona.vetter(a)ffwll.ch> --- drivers/gpu/drm/drm_gem.c | 10 +++++++++- include/drm/drm_file.h | 3 +++ 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/drm_gem.c b/drivers/gpu/drm/drm_gem.c index bc505d938b3e..1aa9192c4cc6 100644 --- a/drivers/gpu/drm/drm_gem.c +++ b/drivers/gpu/drm/drm_gem.c @@ -316,6 +316,9 @@ drm_gem_object_release_handle(int id, void *ptr, void *data) struct drm_file *file_priv = data; struct drm_gem_object *obj = ptr; + if (drm_WARN_ON(obj->dev, !data)) + return 0; + if (obj->funcs->close) obj->funcs->close(obj, file_priv); @@ -436,7 +439,7 @@ drm_gem_handle_create_tail(struct drm_file *file_priv, idr_preload(GFP_KERNEL); spin_lock(&file_priv->table_lock); - ret = idr_alloc(&file_priv->object_idr, obj, 1, 0, GFP_NOWAIT); + ret = idr_alloc(&file_priv->object_idr, NULL, 1, 0, GFP_NOWAIT); spin_unlock(&file_priv->table_lock); idr_preload_end(); @@ -457,6 +460,11 @@ drm_gem_handle_create_tail(struct drm_file *file_priv, goto err_revoke; } + /* mirrors drm_gem_handle_delete to avoid races */ + spin_lock(&file_priv->table_lock); + obj = idr_replace(&file_priv->object_idr, obj, handle); + WARN_ON(obj != NULL); + spin_unlock(&file_priv->table_lock); *handlep = handle; return 0; diff --git a/include/drm/drm_file.h b/include/drm/drm_file.h index eab7546aad79..115763799625 100644 --- a/include/drm/drm_file.h +++ b/include/drm/drm_file.h @@ -300,6 +300,9 @@ struct drm_file { * * Mapping of mm object handles to object pointers. Used by the GEM * subsystem. Protected by @table_lock. + * + * Note that allocated entries might be NULL as a transient state when + * creating or deleting a handle. */ struct idr object_idr; -- 2.49.0

3 months, 4 weeks

1
1
0 0

Backport perf makefile fix to linux-6.6.y

by Alexis Lothoré

Hello stable team, could you please backport commit 440cf77625e3 ("perf: build: Setup PKG_CONFIG_LIBDIR for cross compilation") to linux-6.6.y ? Its absence prevents some people from building the perf tool in cross-compile environment with this kernel. The patch applies cleanly on linux-6.6.y Thanks, Alexis -- Alexis Lothoré, Bootlin Embedded Linux and Kernel engineering https://bootlin.com

3 months, 4 weeks

2
3
0 0

[RFC V1 PATCH mm-hotfixes 3/3] x86/mm: convert {pgd,p4d}_populate{,_init} to _kernel variant

by Harry Yoo

Introduce {pgd,p4d}_populate_kernel_safe() and convert {pgd,p4d}_populate{,_init}() to {pgd,p4d}_populate_kernel{,_init}(). By converting them, we no longer need to worry about forgetting to synchronize top level page tables. With all {pgd,p4d}_populate{,_init}() converted to {pgd,p4d}_populate_kernel{,_init}(), it is now safe to drop sync_global_pgds(). Let's remove it. Cc: <stable(a)vger.kernel.org> Suggested-by: Dave Hansen <dave.hansen(a)linux.intel.com> Signed-off-by: Harry Yoo <harry.yoo(a)oracle.com> --- arch/x86/include/asm/pgalloc.h | 19 +++++ arch/x86/mm/init_64.c | 129 ++++++--------------------------- arch/x86/mm/kasan_init_64.c | 8 +- 3 files changed, 46 insertions(+), 110 deletions(-) diff --git a/arch/x86/include/asm/pgalloc.h b/arch/x86/include/asm/pgalloc.h index d66f2db54b16..98439b9ca293 100644 --- a/arch/x86/include/asm/pgalloc.h +++ b/arch/x86/include/asm/pgalloc.h @@ -132,6 +132,15 @@ static inline void p4d_populate_safe(struct mm_struct *mm, p4d_t *p4d, pud_t *pu set_p4d_safe(p4d, __p4d(_PAGE_TABLE | __pa(pud))); } +static inline void p4d_populate_kernel_safe(unsigned long addr, + p4d_t *p4d, pud_t *pud) +{ + paravirt_alloc_pud(&init_mm, __pa(pud) >> PAGE_SHIFT); + set_p4d_safe(p4d, __p4d(_PAGE_TABLE | __pa(pud))); + if (!pgtable_l5_enabled()) + arch_sync_kernel_pagetables(addr); +} + extern void ___pud_free_tlb(struct mmu_gather *tlb, pud_t *pud); static inline void __pud_free_tlb(struct mmu_gather *tlb, pud_t *pud, @@ -167,6 +176,16 @@ static inline void pgd_populate_safe(struct mm_struct *mm, pgd_t *pgd, p4d_t *p4 set_pgd_safe(pgd, __pgd(_PAGE_TABLE | __pa(p4d))); } +static inline void pgd_populate_kernel_safe(unsigned long addr, + pgd_t *pgd, p4d_t *p4d) +{ + if (!pgtable_l5_enabled()) + return; + paravirt_alloc_p4d(&init_mm, __pa(p4d) >> PAGE_SHIFT); + set_pgd_safe(pgd, __pgd(_PAGE_TABLE | __pa(p4d))); + arch_sync_kernel_pagetables(addr); +} + extern void ___p4d_free_tlb(struct mmu_gather *tlb, p4d_t *p4d); static inline void __p4d_free_tlb(struct mmu_gather *tlb, p4d_t *p4d, diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c index cbddbef434d5..00608ab36936 100644 --- a/arch/x86/mm/init_64.c +++ b/arch/x86/mm/init_64.c @@ -75,6 +75,19 @@ DEFINE_POPULATE(pgd_populate, pgd, p4d, init) DEFINE_POPULATE(pud_populate, pud, pmd, init) DEFINE_POPULATE(pmd_populate_kernel, pmd, pte, init) +#define DEFINE_POPULATE_KERNEL(fname, type1, type2, init) \ +static inline void fname##_init(unsigned long addr, \ + type1##_t *arg1, type2##_t *arg2, bool init) \ +{ \ + if (init) \ + fname##_safe(addr, arg1, arg2); \ + else \ + fname(addr, arg1, arg2); \ +} + +DEFINE_POPULATE_KERNEL(pgd_populate_kernel, pgd, p4d, init) +DEFINE_POPULATE_KERNEL(p4d_populate_kernel, p4d, pud, init) + #define DEFINE_ENTRY(type1, type2, init) \ static inline void set_##type1##_init(type1##_t *arg1, \ type2##_t arg2, bool init) \ @@ -130,99 +143,6 @@ static int __init nonx32_setup(char *str) } __setup("noexec32=", nonx32_setup); -static void sync_global_pgds_l5(unsigned long start, unsigned long end) -{ - unsigned long addr; - - for (addr = start; addr <= end; addr = ALIGN(addr + 1, PGDIR_SIZE)) { - const pgd_t *pgd_ref = pgd_offset_k(addr); - struct page *page; - - /* Check for overflow */ - if (addr < start) - break; - - if (pgd_none(*pgd_ref)) - continue; - - spin_lock(&pgd_lock); - list_for_each_entry(page, &pgd_list, lru) { - pgd_t *pgd; - spinlock_t *pgt_lock; - - pgd = (pgd_t *)page_address(page) + pgd_index(addr); - /* the pgt_lock only for Xen */ - pgt_lock = &pgd_page_get_mm(page)->page_table_lock; - spin_lock(pgt_lock); - - if (!pgd_none(*pgd_ref) && !pgd_none(*pgd)) - BUG_ON(pgd_page_vaddr(*pgd) != pgd_page_vaddr(*pgd_ref)); - - if (pgd_none(*pgd)) - set_pgd(pgd, *pgd_ref); - - spin_unlock(pgt_lock); - } - spin_unlock(&pgd_lock); - } -} - -static void sync_global_pgds_l4(unsigned long start, unsigned long end) -{ - unsigned long addr; - - for (addr = start; addr <= end; addr = ALIGN(addr + 1, PGDIR_SIZE)) { - pgd_t *pgd_ref = pgd_offset_k(addr); - const p4d_t *p4d_ref; - struct page *page; - - /* - * With folded p4d, pgd_none() is always false, we need to - * handle synchronization on p4d level. - */ - MAYBE_BUILD_BUG_ON(pgd_none(*pgd_ref)); - p4d_ref = p4d_offset(pgd_ref, addr); - - if (p4d_none(*p4d_ref)) - continue; - - spin_lock(&pgd_lock); - list_for_each_entry(page, &pgd_list, lru) { - pgd_t *pgd; - p4d_t *p4d; - spinlock_t *pgt_lock; - - pgd = (pgd_t *)page_address(page) + pgd_index(addr); - p4d = p4d_offset(pgd, addr); - /* the pgt_lock only for Xen */ - pgt_lock = &pgd_page_get_mm(page)->page_table_lock; - spin_lock(pgt_lock); - - if (!p4d_none(*p4d_ref) && !p4d_none(*p4d)) - BUG_ON(p4d_pgtable(*p4d) - != p4d_pgtable(*p4d_ref)); - - if (p4d_none(*p4d)) - set_p4d(p4d, *p4d_ref); - - spin_unlock(pgt_lock); - } - spin_unlock(&pgd_lock); - } -} - -/* - * When memory was added make sure all the processes MM have - * suitable PGD entries in the local PGD level page. - */ -static void sync_global_pgds(unsigned long start, unsigned long end) -{ - if (pgtable_l5_enabled()) - sync_global_pgds_l5(start, end); - else - sync_global_pgds_l4(start, end); -} - static void sync_kernel_pagetables_l4(unsigned long addr) { pgd_t *pgd_ref = pgd_offset_k(addr); @@ -295,6 +215,10 @@ static void sync_kernel_pagetables_l5(unsigned long addr) spin_unlock(&pgd_lock); } +/* + * When memory was added make sure all the processes MM have + * suitable PGD entries in the local PGD level page. + */ void arch_sync_kernel_pagetables(unsigned long addr) { if (pgtable_l5_enabled()) @@ -330,7 +254,7 @@ static p4d_t *fill_p4d(pgd_t *pgd, unsigned long vaddr) { if (pgd_none(*pgd)) { p4d_t *p4d = (p4d_t *)spp_getpage(); - pgd_populate(&init_mm, pgd, p4d); + pgd_populate_kernel(vaddr, pgd, p4d); if (p4d != p4d_offset(pgd, 0)) printk(KERN_ERR "PAGETABLE BUG #00! %p <-> %p\n", p4d, p4d_offset(pgd, 0)); @@ -342,7 +266,7 @@ static pud_t *fill_pud(p4d_t *p4d, unsigned long vaddr) { if (p4d_none(*p4d)) { pud_t *pud = (pud_t *)spp_getpage(); - p4d_populate(&init_mm, p4d, pud); + p4d_populate_kernel(vaddr, p4d, pud); if (pud != pud_offset(p4d, 0)) printk(KERN_ERR "PAGETABLE BUG #01! %p <-> %p\n", pud, pud_offset(p4d, 0)); @@ -795,7 +719,7 @@ phys_p4d_init(p4d_t *p4d_page, unsigned long paddr, unsigned long paddr_end, page_size_mask, prot, init); spin_lock(&init_mm.page_table_lock); - p4d_populate_init(&init_mm, p4d, pud, init); + p4d_populate_kernel_init(vaddr, p4d, pud, init); spin_unlock(&init_mm.page_table_lock); } @@ -808,7 +732,6 @@ __kernel_physical_mapping_init(unsigned long paddr_start, unsigned long page_size_mask, pgprot_t prot, bool init) { - bool pgd_changed = false; unsigned long vaddr, vaddr_start, vaddr_end, vaddr_next, paddr_last; paddr_last = paddr_end; @@ -837,18 +760,14 @@ __kernel_physical_mapping_init(unsigned long paddr_start, spin_lock(&init_mm.page_table_lock); if (pgtable_l5_enabled()) - pgd_populate_init(&init_mm, pgd, p4d, init); + pgd_populate_kernel_init(vaddr, pgd, p4d, init); else - p4d_populate_init(&init_mm, p4d_offset(pgd, vaddr), - (pud_t *) p4d, init); + p4d_populate_kernel_init(vaddr, p4d_offset(pgd, vaddr), + (pud_t *) p4d, init); spin_unlock(&init_mm.page_table_lock); - pgd_changed = true; } - if (pgd_changed) - sync_global_pgds(vaddr_start, vaddr_end - 1); - return paddr_last; } @@ -1642,8 +1561,6 @@ int __meminit vmemmap_populate(unsigned long start, unsigned long end, int node, err = -ENOMEM; } else err = vmemmap_populate_basepages(start, end, node, NULL); - if (!err) - sync_global_pgds(start, end - 1); return err; } diff --git a/arch/x86/mm/kasan_init_64.c b/arch/x86/mm/kasan_init_64.c index 0539efd0d216..e825952d25b2 100644 --- a/arch/x86/mm/kasan_init_64.c +++ b/arch/x86/mm/kasan_init_64.c @@ -108,7 +108,7 @@ static void __init kasan_populate_p4d(p4d_t *p4d, unsigned long addr, if (p4d_none(*p4d)) { void *p = early_alloc(PAGE_SIZE, nid, true); - p4d_populate(&init_mm, p4d, p); + p4d_populate_kernel(addr, p4d, p); } pud = pud_offset(p4d, addr); @@ -128,7 +128,7 @@ static void __init kasan_populate_pgd(pgd_t *pgd, unsigned long addr, if (pgd_none(*pgd)) { p = early_alloc(PAGE_SIZE, nid, true); - pgd_populate(&init_mm, pgd, p); + pgd_populate_kernel(addr, pgd, p); } p4d = p4d_offset(pgd, addr); @@ -255,7 +255,7 @@ static void __init kasan_shallow_populate_p4ds(pgd_t *pgd, if (p4d_none(*p4d)) { p = early_alloc(PAGE_SIZE, NUMA_NO_NODE, true); - p4d_populate(&init_mm, p4d, p); + p4d_populate_kernel(addr, p4d, p); } } while (p4d++, addr = next, addr != end); } @@ -273,7 +273,7 @@ static void __init kasan_shallow_populate_pgds(void *start, void *end) if (pgd_none(*pgd)) { p = early_alloc(PAGE_SIZE, NUMA_NO_NODE, true); - pgd_populate(&init_mm, pgd, p); + pgd_populate_kernel(addr, pgd, p); } /* -- 2.43.0

3 months, 4 weeks

1
0
0 0

Re: [PATCH 5.15] fs/proc: do_task_stat: use __for_each_thread()

by Harshit Mogalapalli

Hi, + stable On 05/06/25 19:37, Heyne, Maximilian wrote: > From: Oleg Nesterov <oleg(a)redhat.com> > > [ Upstream commit 7904e53ed5a20fc678c01d5d1b07ec486425bb6a ] > > do/while_each_thread should be avoided when possible. > > Link: https://lkml.kernel.org/r/20230909164501.GA11581@redhat.com > Signed-off-by: Oleg Nesterov <oleg(a)redhat.com> > Cc: Eric W. Biederman <ebiederm(a)xmission.com> > Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> > Stable-dep-of: 7601df8031fd ("fs/proc: do_task_stat: use sig->stats_lock to=ather the threads/children stats") > [mheyne: adjusted context] > Signed-off-by: Maximilian Heyne <mheyne(a)amazon.de> > --- > > Compile-tested only. > We're seeing soft lock-ups with 5.10.237 because of the backport of > commit 4fe85bdaabd6 ("fs/proc: do_task_stat: use sig->stats_lock to > gather the threads/children stats"). I'm assuming this is broken on 5.15 > too. > Note: We saw this as well after backporting the above mentioned commit from 5.15.y and your backport resolves it for us as well on 5.15.y based branch. Thanks, Harshit > --- > fs/proc/array.c | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) > > diff --git a/fs/proc/array.c b/fs/proc/array.c > index 2cb01aaa67187..2ff568dc58387 100644 > --- a/fs/proc/array.c > +++ b/fs/proc/array.c > @@ -530,18 +530,18 @@ static int do_task_stat(struct seq_file *m, struct pi=_namespace *ns, > cgtime = sig->cgtime; > = if (whole) { > - struct task_struct *t = task; > + struct task_struct *t; > = min_flt = sig->min_flt; > maj_flt = sig->maj_flt; > gtime = sig->gtime; > = rcu_read_lock(); > - do { > + __for_each_thread(sig, t) { > min_flt += t->min_flt; > maj_flt += t->maj_flt; > gtime += task_gtime(t); > - } while_each_thread(task, t); > + } > rcu_read_unlock(); > } > } while (need_seqretry(&sig->stats_lock, seq)); > -- =2.47.1 > > > > > Amazon Web Services Development Center Germany GmbH > Tamara-Danz-Str. 13 > 10243 Berlin > Geschaeftsfuehrung: Christian Schlaeger, Jonathan Weiss > Eingetragen am Amtsgericht Charlottenburg unter HRB 257764 B > Sitz: Berlin > Ust-ID: DE 365 538 597 > >

3 months, 4 weeks

2
1
0 0

v6.16-rc5: ttys: auto login failed Login incorrect

by Naresh Kamboju

Approximately 20% of devices are experiencing intermittent boot failures with this kernel version. The issue appears to be related to auto login failures, where an incorrect password is being detected on the serial console during the login process. This intermittent regression is noticed on stable-rc 6.15.5-rc2 and Linux mainline master v6.16-rc5. This regressions is only specific to the devices not on the qemu's. Test environments: - dragonboard-410c - dragonboard-845c - e850-96 - juno-r2 - rk3399-rock-pi-4b - x86 Regression Analysis: - New regression? Yes - Reproducibility? 20% only Test regression: 6.15.5-rc2 v6.16-rc5 auto login failed Login incorrect Reported-by: Linux Kernel Functional Testing <lkft(a)linaro.org> ## log in problem runner-ns46nmmj-project-40964107-concurrent-0 login: # Password: Login incorrect runner-ns46nmmj-project-40964107-concurrent-0 login: ## Investigation The following three patches were reverted and the system was re-tested. The previously reported issues are no longer observed after applying the reverts. serial: imx: Restore original RXTL for console to fix data loss commit f23c52aafb1675ab1d1f46914556d8e29cbbf7b3 upstream. serial: core: restore of_node information in sysfs commit d36f0e9a0002f04f4d6dd9be908d58fe5bd3a279 upstream. tty: serial: uartlite: register uart driver in init [ Upstream commit 6bd697b5fc39fd24e2aa418c7b7d14469f550a93 ] Reference bug report lore link, - https://lore.kernel.org/stable/CA+G9fYvidpyHTQ179dAJ4TSdhthC-Mtjuks5iQjMf+o… ## Test links * log 1: https://qa-reports.linaro.org/lkft/linux-stable-rc-linux-6.15.y/build/v6.15… * log 2: https://qa-reports.linaro.org/api/testruns/29021720/log_file/ * log 3: https://qa-reports.linaro.org/lkft/linux-mainline-master/build/v6.16-rc5/te… * Boot test: https://regressions.linaro.org/lkft/linux-stable-rc-linux-6.15.y/v6.15.4-26… * LAVA jobs 1: https://lkft.validation.linaro.org/scheduler/job/8344153#L1186 * LAVA jobs 2: https://lkft.validation.linaro.org/scheduler/job/8343870#L1266 ## Build * kernel: 6.15.5-rc2 * git: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git * git commit: f6977c36decb0875e78bdb8599749bce1e84c753 * git describe: v6.15.4-264-gf6977c36decb * test details: https://qa-reports.linaro.org/lkft/linux-stable-rc-linux-6.15.y/build/v6.15… ## Test Regressions (compared to v6.15.3-590-gd93bc5feded1) * dragonboard-410c, boot - clang-20-lkftconfig - clang-nightly-lkftconfig-kselftest - gcc-13-lkftconfig-debug * dragonboard-845c, boot - clang-20-lkftconfig - korg-clang-20-lkftconfig-lto-thing * dragonboard-845c-compat, boot - gcc-13-lkftconfig-compat * e850-96, boot - gcc-13-lkftconfig-no-kselftest-frag * juno-r2, boot - clang-20-lkftconfig - gcc-13-lkftconfig-debug - gcc-13-lkftconfig-kselftest * rk3399-rock-pi-4b, boot - clang-20-lkftconfig * x86, boot - clang-20-lkftconfig - clang-20-lkftconfig-no-kselftest-frag - clang-nightly-lkftconfig-kselftest - clang-nightly-lkftconfig-lto-thing - gcc-13-defconfig-preempt_rt - gcc-13-lkftconfig-no-kselftest-frag -- Linaro LKFT https://lkft.linaro.org

3 months, 4 weeks

2
2
0 0

[PATCH v2 1/2] KVM: arm64: Fix enforcement of upper bound on MDCR_EL2.HPMN

by Ben Horgan

Previously, u64_replace_bits() was used to no effect as the return value was ignored. Convert to u64p_replace_bits() so the value is updated in place. Reviewed-by: Zenghui Yu <yuzenghui(a)huawei.com> Signed-off-by: Ben Horgan <ben.horgan(a)arm.com> Fixes: efff9dd2fee7 ("KVM: arm64: Handle out-of-bound write to MDCR_EL2.HPMN") Cc: Marc Zyngier <maz(a)kernel.org> Cc: stable(a)vger.kernel.org --- arch/arm64/kvm/sys_regs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm64/kvm/sys_regs.c b/arch/arm64/kvm/sys_regs.c index 76c2f0da821f..c20bd6f21e60 100644 --- a/arch/arm64/kvm/sys_regs.c +++ b/arch/arm64/kvm/sys_regs.c @@ -2624,7 +2624,7 @@ static bool access_mdcr(struct kvm_vcpu *vcpu, */ if (hpmn > vcpu->kvm->arch.nr_pmu_counters) { hpmn = vcpu->kvm->arch.nr_pmu_counters; - u64_replace_bits(val, hpmn, MDCR_EL2_HPMN); + u64p_replace_bits(&val, hpmn, MDCR_EL2_HPMN); } __vcpu_assign_sys_reg(vcpu, MDCR_EL2, val); -- 2.43.0

3 months, 4 weeks

2
1
0 0

[PATCH net 1/3] net: libwx: remove duplicate page_pool_put_full_page()

by Jiawen Wu

page_pool_put_full_page() should only be invoked when freeing Rx buffers or building a skb if the size is too short. At other times, the pages need to be reused. So remove the redundant page put. In the original code, double free pages cause kernel panic: [ 876.949834] __irq_exit_rcu+0xc7/0x130 [ 876.949836] common_interrupt+0xb8/0xd0 [ 876.949838] </IRQ> [ 876.949838] <TASK> [ 876.949840] asm_common_interrupt+0x22/0x40 [ 876.949841] RIP: 0010:cpuidle_enter_state+0xc2/0x420 [ 876.949843] Code: 00 00 e8 d1 1d 5e ff e8 ac f0 ff ff 49 89 c5 0f 1f 44 00 00 31 ff e8 cd fc 5c ff 45 84 ff 0f 85 40 02 00 00 fb 0f 1f 44 00 00 <45> 85 f6 0f 88 84 01 00 00 49 63 d6 48 8d 04 52 48 8d 04 82 49 8d [ 876.949844] RSP: 0018:ffffaa7340267e78 EFLAGS: 00000246 [ 876.949845] RAX: ffff9e3f135be000 RBX: 0000000000000002 RCX: 0000000000000000 [ 876.949846] RDX: 000000cc2dc4cb7c RSI: ffffffff89ee49ae RDI: ffffffff89ef9f9e [ 876.949847] RBP: ffff9e378f940800 R08: 0000000000000002 R09: 00000000000000ed [ 876.949848] R10: 000000000000afc8 R11: ffff9e3e9e5a9b6c R12: ffffffff8a6d8580 [ 876.949849] R13: 000000cc2dc4cb7c R14: 0000000000000002 R15: 0000000000000000 [ 876.949852] ? cpuidle_enter_state+0xb3/0x420 [ 876.949855] cpuidle_enter+0x29/0x40 [ 876.949857] cpuidle_idle_call+0xfd/0x170 [ 876.949859] do_idle+0x7a/0xc0 [ 876.949861] cpu_startup_entry+0x25/0x30 [ 876.949862] start_secondary+0x117/0x140 [ 876.949864] common_startup_64+0x13e/0x148 [ 876.949867] </TASK> [ 876.949868] ---[ end trace 0000000000000000 ]--- [ 876.949869] ------------[ cut here ]------------ [ 876.949870] list_del corruption, ffffead40445a348->next is NULL [ 876.949873] WARNING: CPU: 14 PID: 0 at lib/list_debug.c:52 __list_del_entry_valid_or_report+0x67/0x120 [ 876.949875] Modules linked in: snd_hrtimer(E) bnep(E) binfmt_misc(E) amdgpu(E) squashfs(E) vfat(E) loop(E) fat(E) amd_atl(E) snd_hda_codec_realtek(E) intel_rapl_msr(E) snd_hda_codec_generic(E) intel_rapl_common(E) snd_hda_scodec_component(E) snd_hda_codec_hdmi(E) snd_hda_intel(E) edac_mce_amd(E) snd_intel_dspcfg(E) snd_hda_codec(E) snd_hda_core(E) amdxcp(E) kvm_amd(E) snd_hwdep(E) gpu_sched(E) drm_panel_backlight_quirks(E) cec(E) snd_pcm(E) drm_buddy(E) snd_seq_dummy(E) drm_ttm_helper(E) btusb(E) kvm(E) snd_seq_oss(E) btrtl(E) ttm(E) btintel(E) snd_seq_midi(E) btbcm(E) drm_exec(E) snd_seq_midi_event(E) i2c_algo_bit(E) snd_rawmidi(E) bluetooth(E) drm_suballoc_helper(E) irqbypass(E) snd_seq(E) ghash_clmulni_intel(E) sha512_ssse3(E) drm_display_helper(E) aesni_intel(E) snd_seq_device(E) rfkill(E) snd_timer(E) gf128mul(E) drm_client_lib(E) drm_kms_helper(E) snd(E) i2c_piix4(E) joydev(E) soundcore(E) wmi_bmof(E) ccp(E) k10temp(E) i2c_smbus(E) gpio_amdpt(E) i2c_designware_platform(E) gpio_generic(E) sg(E) [ 876.949914] i2c_designware_core(E) sch_fq_codel(E) parport_pc(E) drm(E) ppdev(E) lp(E) parport(E) fuse(E) nfnetlink(E) ip_tables(E) ext4 crc16 mbcache jbd2 sd_mod sfp mdio_i2c i2c_core txgbe ahci ngbe pcs_xpcs libahci libwx r8169 phylink libata realtek ptp pps_core video wmi [ 876.949933] CPU: 14 UID: 0 PID: 0 Comm: swapper/14 Kdump: loaded Tainted: G W E 6.16.0-rc2+ #20 PREEMPT(voluntary) [ 876.949935] Tainted: [W]=WARN, [E]=UNSIGNED_MODULE [ 876.949936] Hardware name: Micro-Star International Co., Ltd. MS-7E16/X670E GAMING PLUS WIFI (MS-7E16), BIOS 1.90 12/31/2024 [ 876.949936] RIP: 0010:__list_del_entry_valid_or_report+0x67/0x120 [ 876.949938] Code: 00 00 00 48 39 7d 08 0f 85 a6 00 00 00 5b b8 01 00 00 00 5d 41 5c e9 73 0d 93 ff 48 89 fe 48 c7 c7 a0 31 e8 89 e8 59 7c b3 ff <0f> 0b 31 c0 5b 5d 41 5c e9 57 0d 93 ff 48 89 fe 48 c7 c7 c8 31 e8 [ 876.949940] RSP: 0018:ffffaa73405d0c60 EFLAGS: 00010282 [ 876.949941] RAX: 0000000000000000 RBX: ffffead40445a348 RCX: 0000000000000000 [ 876.949942] RDX: 0000000000000105 RSI: 0000000000000001 RDI: 00000000ffffffff [ 876.949943] RBP: 0000000000000000 R08: 000000010006dfde R09: ffffffff8a47d150 [ 876.949944] R10: ffffffff8a47d150 R11: 0000000000000003 R12: dead000000000122 [ 876.949945] R13: ffff9e3e9e5af700 R14: ffffead40445a348 R15: ffff9e3e9e5af720 [ 876.949946] FS: 0000000000000000(0000) GS:ffff9e3f135be000(0000) knlGS:0000000000000000 [ 876.949947] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 876.949948] CR2: 00007fa58b480048 CR3: 0000000156724000 CR4: 0000000000750ef0 [ 876.949949] PKRU: 55555554 [ 876.949950] Call Trace: [ 876.949951] <IRQ> [ 876.949952] __rmqueue_pcplist+0x53/0x2c0 [ 876.949955] alloc_pages_bulk_noprof+0x2e0/0x660 [ 876.949958] __page_pool_alloc_pages_slow+0xa9/0x400 [ 876.949961] page_pool_alloc_pages+0xa/0x20 [ 876.949963] wx_alloc_rx_buffers+0xd7/0x110 [libwx] [ 876.949967] wx_clean_rx_irq+0x262/0x430 [libwx] [ 876.949971] wx_poll+0x92/0x130 [libwx] [ 876.949975] __napi_poll+0x28/0x190 [ 876.949977] net_rx_action+0x301/0x3f0 [ 876.949980] ? srso_alias_return_thunk+0x5/0xfbef5 [ 876.949981] ? profile_tick+0x30/0x70 [ 876.949983] ? srso_alias_return_thunk+0x5/0xfbef5 [ 876.949984] ? srso_alias_return_thunk+0x5/0xfbef5 [ 876.949986] ? timerqueue_add+0xa3/0xc0 [ 876.949988] ? srso_alias_return_thunk+0x5/0xfbef5 [ 876.949989] ? __raise_softirq_irqoff+0x16/0x70 [ 876.949991] ? srso_alias_return_thunk+0x5/0xfbef5 [ 876.949993] ? srso_alias_return_thunk+0x5/0xfbef5 [ 876.949994] ? wx_msix_clean_rings+0x41/0x50 [libwx] [ 876.949998] handle_softirqs+0xf9/0x2c0 Fixes: 3c47e8ae113a ("net: libwx: Support to receive packets in NAPI") Cc: stable(a)vger.kernel.org Signed-off-by: Jiawen Wu <jiawenwu(a)trustnetic.com> --- drivers/net/ethernet/wangxun/libwx/wx_lib.c | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/drivers/net/ethernet/wangxun/libwx/wx_lib.c b/drivers/net/ethernet/wangxun/libwx/wx_lib.c index 55e252789db3..7e3d7fb61a52 100644 --- a/drivers/net/ethernet/wangxun/libwx/wx_lib.c +++ b/drivers/net/ethernet/wangxun/libwx/wx_lib.c @@ -174,10 +174,6 @@ static void wx_dma_sync_frag(struct wx_ring *rx_ring, skb_frag_off(frag), skb_frag_size(frag), DMA_FROM_DEVICE); - - /* If the page was released, just unmap it. */ - if (unlikely(WX_CB(skb)->page_released)) - page_pool_put_full_page(rx_ring->page_pool, rx_buffer->page, false); } static struct wx_rx_buffer *wx_get_rx_buffer(struct wx_ring *rx_ring, @@ -227,10 +223,6 @@ static void wx_put_rx_buffer(struct wx_ring *rx_ring, struct sk_buff *skb, int rx_buffer_pgcnt) { - if (!IS_ERR(skb) && WX_CB(skb)->dma == rx_buffer->dma) - /* the page has been released from the ring */ - WX_CB(skb)->page_released = true; - /* clear contents of rx_buffer */ rx_buffer->page = NULL; rx_buffer->skb = NULL; @@ -2423,9 +2415,6 @@ static void wx_clean_rx_ring(struct wx_ring *rx_ring) if (rx_buffer->skb) { struct sk_buff *skb = rx_buffer->skb; - if (WX_CB(skb)->page_released) - page_pool_put_full_page(rx_ring->page_pool, rx_buffer->page, false); - dev_kfree_skb(skb); } -- 2.48.1

3 months, 4 weeks

2
1
0 0

[PATCH net 3/3] net: libwx: properly reset Rx ring descriptor

by Jiawen Wu

When device reset is triggered by feature changes such as toggling Rx VLAN offload, wx->do_reset() is called to reinitialize Rx rings. The hardware descriptor ring may retain stale values from previous sessions. And only set the length to 0 in rx_desc[0] would result in building malformed SKBs. Fix it to ensure a clean slate after device reset. [ 549.186435] [ C16] ------------[ cut here ]------------ [ 549.186457] [ C16] kernel BUG at net/core/skbuff.c:2814! [ 549.186468] [ C16] Oops: invalid opcode: 0000 [#1] SMP NOPTI [ 549.186472] [ C16] CPU: 16 UID: 0 PID: 0 Comm: swapper/16 Kdump: loaded Not tainted 6.16.0-rc4+ #23 PREEMPT(voluntary) [ 549.186476] [ C16] Hardware name: Micro-Star International Co., Ltd. MS-7E16/X670E GAMING PLUS WIFI (MS-7E16), BIOS 1.90 12/31/2024 [ 549.186478] [ C16] RIP: 0010:__pskb_pull_tail+0x3ff/0x510 [ 549.186484] [ C16] Code: 06 f0 ff 4f 34 74 7b 4d 8b 8c 24 c8 00 00 00 45 8b 84 24 c0 00 00 00 e9 c8 fd ff ff 48 c7 44 24 08 00 00 00 00 e9 5e fe ff ff <0f> 0b 31 c0 e9 23 90 5b ff 41 f7 c6 ff 0f 00 00 75 bf 49 8b 06 a8 [ 549.186487] [ C16] RSP: 0018:ffffb391c0640d70 EFLAGS: 00010282 [ 549.186490] [ C16] RAX: 00000000fffffff2 RBX: ffff8fe7e4d40200 RCX: 00000000fffffff2 [ 549.186492] [ C16] RDX: ffff8fe7c3a4bf8e RSI: 0000000000000180 RDI: ffff8fe7c3a4bf40 [ 549.186494] [ C16] RBP: ffffb391c0640da8 R08: ffff8fe7c3a4c0c0 R09: 000000000000000e [ 549.186496] [ C16] R10: ffffb391c0640d88 R11: 000000000000000e R12: ffff8fe7e4d40200 [ 549.186497] [ C16] R13: 00000000fffffff2 R14: ffff8fe7fa01a000 R15: 00000000fffffff2 [ 549.186499] [ C16] FS: 0000000000000000(0000) GS:ffff8fef5ae40000(0000) knlGS:0000000000000000 [ 549.186502] [ C16] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 549.186503] [ C16] CR2: 00007f77d81d6000 CR3: 000000051a032000 CR4: 0000000000750ef0 [ 549.186505] [ C16] PKRU: 55555554 [ 549.186507] [ C16] Call Trace: [ 549.186510] [ C16] <IRQ> [ 549.186513] [ C16] ? srso_alias_return_thunk+0x5/0xfbef5 [ 549.186517] [ C16] __skb_pad+0xc7/0xf0 [ 549.186523] [ C16] wx_clean_rx_irq+0x355/0x3b0 [libwx] [ 549.186533] [ C16] wx_poll+0x92/0x120 [libwx] [ 549.186540] [ C16] __napi_poll+0x28/0x190 [ 549.186544] [ C16] net_rx_action+0x301/0x3f0 [ 549.186548] [ C16] ? srso_alias_return_thunk+0x5/0xfbef5 [ 549.186551] [ C16] ? __raw_spin_lock_irqsave+0x1e/0x50 [ 549.186554] [ C16] ? srso_alias_return_thunk+0x5/0xfbef5 [ 549.186557] [ C16] ? wake_up_nohz_cpu+0x35/0x160 [ 549.186559] [ C16] ? srso_alias_return_thunk+0x5/0xfbef5 [ 549.186563] [ C16] handle_softirqs+0xf9/0x2c0 [ 549.186568] [ C16] __irq_exit_rcu+0xc7/0x130 [ 549.186572] [ C16] common_interrupt+0xb8/0xd0 [ 549.186576] [ C16] </IRQ> [ 549.186577] [ C16] <TASK> [ 549.186579] [ C16] asm_common_interrupt+0x22/0x40 [ 549.186582] [ C16] RIP: 0010:cpuidle_enter_state+0xc2/0x420 [ 549.186585] [ C16] Code: 00 00 e8 11 0e 5e ff e8 ac f0 ff ff 49 89 c5 0f 1f 44 00 00 31 ff e8 0d ed 5c ff 45 84 ff 0f 85 40 02 00 00 fb 0f 1f 44 00 00 <45> 85 f6 0f 88 84 01 00 00 49 63 d6 48 8d 04 52 48 8d 04 82 49 8d [ 549.186587] [ C16] RSP: 0018:ffffb391c0277e78 EFLAGS: 00000246 [ 549.186590] [ C16] RAX: ffff8fef5ae40000 RBX: 0000000000000003 RCX: 0000000000000000 [ 549.186591] [ C16] RDX: 0000007fde0faac5 RSI: ffffffff826e53f6 RDI: ffffffff826fa9b3 [ 549.186593] [ C16] RBP: ffff8fe7c3a20800 R08: 0000000000000002 R09: 0000000000000000 [ 549.186595] [ C16] R10: 0000000000000000 R11: 000000000000ffff R12: ffffffff82ed7a40 [ 549.186596] [ C16] R13: 0000007fde0faac5 R14: 0000000000000003 R15: 0000000000000000 [ 549.186601] [ C16] ? cpuidle_enter_state+0xb3/0x420 [ 549.186605] [ C16] cpuidle_enter+0x29/0x40 [ 549.186609] [ C16] cpuidle_idle_call+0xfd/0x170 [ 549.186613] [ C16] do_idle+0x7a/0xc0 [ 549.186616] [ C16] cpu_startup_entry+0x25/0x30 [ 549.186618] [ C16] start_secondary+0x117/0x140 [ 549.186623] [ C16] common_startup_64+0x13e/0x148 [ 549.186628] [ C16] </TASK> Fixes: 3c47e8ae113a ("net: libwx: Support to receive packets in NAPI") Cc: stable(a)vger.kernel.org Signed-off-by: Jiawen Wu <jiawenwu(a)trustnetic.com> --- drivers/net/ethernet/wangxun/libwx/wx_hw.c | 7 +++---- drivers/net/ethernet/wangxun/libwx/wx_lib.c | 5 +++++ 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/drivers/net/ethernet/wangxun/libwx/wx_hw.c b/drivers/net/ethernet/wangxun/libwx/wx_hw.c index a9519997286b..9002b97e148e 100644 --- a/drivers/net/ethernet/wangxun/libwx/wx_hw.c +++ b/drivers/net/ethernet/wangxun/libwx/wx_hw.c @@ -1912,7 +1912,6 @@ static void wx_configure_rx_ring(struct wx *wx, struct wx_ring *ring) { u16 reg_idx = ring->reg_idx; - union wx_rx_desc *rx_desc; u64 rdba = ring->dma; u32 rxdctl; @@ -1942,9 +1941,9 @@ static void wx_configure_rx_ring(struct wx *wx, memset(ring->rx_buffer_info, 0, sizeof(struct wx_rx_buffer) * ring->count); - /* initialize Rx descriptor 0 */ - rx_desc = WX_RX_DESC(ring, 0); - rx_desc->wb.upper.length = 0; + /* reset ntu and ntc to place SW in sync with hardwdare */ + ring->next_to_clean = 0; + ring->next_to_use = 0; /* enable receive descriptor ring */ wr32m(wx, WX_PX_RR_CFG(reg_idx), diff --git a/drivers/net/ethernet/wangxun/libwx/wx_lib.c b/drivers/net/ethernet/wangxun/libwx/wx_lib.c index c91487909811..0213ad5a6ceb 100644 --- a/drivers/net/ethernet/wangxun/libwx/wx_lib.c +++ b/drivers/net/ethernet/wangxun/libwx/wx_lib.c @@ -357,6 +357,8 @@ void wx_alloc_rx_buffers(struct wx_ring *rx_ring, u16 cleaned_count) /* clear the status bits for the next_to_use descriptor */ rx_desc->wb.upper.status_error = 0; + /* clear the length for the next_to_use descriptor */ + rx_desc->wb.upper.length = 0; cleaned_count--; } while (cleaned_count); @@ -2438,6 +2440,9 @@ static void wx_clean_rx_ring(struct wx_ring *rx_ring) } } + /* Zero out the descriptor ring */ + memset(rx_ring->desc, 0, rx_ring->size); + rx_ring->next_to_alloc = 0; rx_ring->next_to_clean = 0; rx_ring->next_to_use = 0; -- 2.48.1

3 months, 4 weeks

2
1
0 0

[PATCH net 2/3] net: libwx: fix the using of Rx buffer DMA

by Jiawen Wu

The wx_rx_buffer structure contained two DMA address fields: 'dma' and 'page_dma'. However, only 'page_dma' was actually initialized and used to program the Rx descriptor. But 'dma' was uninitialized and used in some paths. This could lead to undefined behavior, including DMA errors or use-after-free, if the uninitialized 'dma' was used. Althrough such error has not yet occurred, it is worth fixing in the code. Fixes: 3c47e8ae113a ("net: libwx: Support to receive packets in NAPI") Cc: stable(a)vger.kernel.org Signed-off-by: Jiawen Wu <jiawenwu(a)trustnetic.com> --- drivers/net/ethernet/wangxun/libwx/wx_lib.c | 4 ++-- drivers/net/ethernet/wangxun/libwx/wx_type.h | 1 - 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/drivers/net/ethernet/wangxun/libwx/wx_lib.c b/drivers/net/ethernet/wangxun/libwx/wx_lib.c index 7e3d7fb61a52..c91487909811 100644 --- a/drivers/net/ethernet/wangxun/libwx/wx_lib.c +++ b/drivers/net/ethernet/wangxun/libwx/wx_lib.c @@ -307,7 +307,7 @@ static bool wx_alloc_mapped_page(struct wx_ring *rx_ring, return false; dma = page_pool_get_dma_addr(page); - bi->page_dma = dma; + bi->dma = dma; bi->page = page; bi->page_offset = 0; @@ -344,7 +344,7 @@ void wx_alloc_rx_buffers(struct wx_ring *rx_ring, u16 cleaned_count) DMA_FROM_DEVICE); rx_desc->read.pkt_addr = - cpu_to_le64(bi->page_dma + bi->page_offset); + cpu_to_le64(bi->dma + bi->page_offset); rx_desc++; bi++; diff --git a/drivers/net/ethernet/wangxun/libwx/wx_type.h b/drivers/net/ethernet/wangxun/libwx/wx_type.h index c363379126c0..f5a8ce681a68 100644 --- a/drivers/net/ethernet/wangxun/libwx/wx_type.h +++ b/drivers/net/ethernet/wangxun/libwx/wx_type.h @@ -998,7 +998,6 @@ struct wx_tx_buffer { struct wx_rx_buffer { struct sk_buff *skb; dma_addr_t dma; - dma_addr_t page_dma; struct page *page; unsigned int page_offset; }; -- 2.48.1

3 months, 4 weeks

2
1
0 0

[PATCH 04/12] drm/amdkfd: fix MQD settings for GFX12

by Lijo Lazar

From: Alex Deucher <alexander.deucher(a)amd.com> User queues should not set the priv bit. Fixes: 48f0bdf4e38e ("drm/amdkfd: Added MQD manager files for GFX12.") Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager_v12.c | 1 - 1 file changed, 1 deletion(-) diff --git a/drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager_v12.c b/drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager_v12.c index 565858b9044d..2db0b78da294 100644 --- a/drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager_v12.c +++ b/drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager_v12.c @@ -123,7 +123,6 @@ static void init_mqd(struct mqd_manager *mm, void **mqd, m->cp_hqd_pq_control = 5 << CP_HQD_PQ_CONTROL__RPTR_BLOCK_SIZE__SHIFT; m->cp_hqd_pq_control |= CP_HQD_PQ_CONTROL__UNORD_DISPATCH_MASK; - m->cp_mqd_control = 1 << CP_MQD_CONTROL__PRIV_STATE__SHIFT; m->cp_mqd_base_addr_lo = lower_32_bits(addr); m->cp_mqd_base_addr_hi = upper_32_bits(addr); -- 2.49.0

3 months, 4 weeks

1
0
0 0

[BACKPORT][PATCH 6.12.y 1/2] firmware: arm_ffa: Move memory allocation outside the mutex locking

by Sudeep Holla

[ Upstream commit 27e850c88df0e25474a8caeb2903e2e90b62c1dc ] The notifier callback node allocation is currently done while holding the notify_lock mutex. While this is safe even if memory allocation may sleep, we need to move the allocation outside the locked region in preparation to move from using muxtes to rwlocks. Move the memory allocation to avoid potential sleeping in atomic context once the locks are moved from mutex to rwlocks. Fixes: e0573444edbf ("firmware: arm_ffa: Add interfaces to request notification callbacks") Message-Id: <20250528-ffa_notif_fix-v1-2-5ed7bc7f8437(a)arm.com> Reviewed-by: Jens Wiklander <jens.wiklander(a)linaro.org> Signed-off-by: Sudeep Holla <sudeep.holla(a)arm.com> --- drivers/firmware/arm_ffa/driver.c | 40 ++++++++++++++++--------------- 1 file changed, 21 insertions(+), 19 deletions(-) diff --git a/drivers/firmware/arm_ffa/driver.c b/drivers/firmware/arm_ffa/driver.c index c0f3b7cdb6ed..b0d92f411334 100644 --- a/drivers/firmware/arm_ffa/driver.c +++ b/drivers/firmware/arm_ffa/driver.c @@ -1141,12 +1141,11 @@ notifier_hash_node_get(u16 notify_id, enum notify_type type) return NULL; } -static int -update_notifier_cb(int notify_id, enum notify_type type, ffa_notifier_cb cb, - void *cb_data, bool is_registration) +static int update_notifier_cb(int notify_id, enum notify_type type, + struct notifier_cb_info *cb) { struct notifier_cb_info *cb_info = NULL; - bool cb_found; + bool cb_found, is_registration = !!cb; cb_info = notifier_hash_node_get(notify_id, type); cb_found = !!cb_info; @@ -1155,15 +1154,7 @@ update_notifier_cb(int notify_id, enum notify_type type, ffa_notifier_cb cb, return -EINVAL; if (is_registration) { - cb_info = kzalloc(sizeof(*cb_info), GFP_KERNEL); - if (!cb_info) - return -ENOMEM; - - cb_info->type = type; - cb_info->cb = cb; - cb_info->cb_data = cb_data; - - hash_add(drv_info->notifier_hash, &cb_info->hnode, notify_id); + hash_add(drv_info->notifier_hash, &cb->hnode, notify_id); } else { hash_del(&cb_info->hnode); kfree(cb_info); @@ -1193,7 +1184,7 @@ static int ffa_notify_relinquish(struct ffa_device *dev, int notify_id) mutex_lock(&drv_info->notify_lock); - rc = update_notifier_cb(notify_id, type, NULL, NULL, false); + rc = update_notifier_cb(notify_id, type, NULL); if (rc) { pr_err("Could not unregister notification callback\n"); mutex_unlock(&drv_info->notify_lock); @@ -1212,6 +1203,7 @@ static int ffa_notify_request(struct ffa_device *dev, bool is_per_vcpu, { int rc; u32 flags = 0; + struct notifier_cb_info *cb_info = NULL; enum notify_type type = ffa_notify_type_get(dev->vm_id); if (ffa_notifications_disabled()) @@ -1220,24 +1212,34 @@ static int ffa_notify_request(struct ffa_device *dev, bool is_per_vcpu, if (notify_id >= FFA_MAX_NOTIFICATIONS) return -EINVAL; + cb_info = kzalloc(sizeof(*cb_info), GFP_KERNEL); + if (!cb_info) + return -ENOMEM; + + cb_info->type = type; + cb_info->cb_data = cb_data; + cb_info->cb = cb; + mutex_lock(&drv_info->notify_lock); if (is_per_vcpu) flags = PER_VCPU_NOTIFICATION_FLAG; rc = ffa_notification_bind(dev->vm_id, BIT(notify_id), flags); - if (rc) { - mutex_unlock(&drv_info->notify_lock); - return rc; - } + if (rc) + goto out_unlock_free; - rc = update_notifier_cb(notify_id, type, cb, cb_data, true); + rc = update_notifier_cb(notify_id, type, cb_info); if (rc) { pr_err("Failed to register callback for %d - %d\n", notify_id, rc); ffa_notification_unbind(dev->vm_id, BIT(notify_id)); } + +out_unlock_free: mutex_unlock(&drv_info->notify_lock); + if (rc) + kfree(cb_info); return rc; } -- 2.34.1

3 months, 4 weeks

2
3
0 0

[PATCH 6.12,6.15] crypto: s390/sha - Fix uninitialized variable in SHA-1 and SHA-2

by Eric Biggers

commit 68279380266a5fa70e664de754503338e2ec3f43 upstream. Commit 88c02b3f79a6 ("s390/sha3: Support sha3 performance enhancements") added the field s390_sha_ctx::first_message_part and made it be used by s390_sha_update() (now s390_sha_update_blocks()). At the time, s390_sha_update() was used by all the s390 SHA-1, SHA-2, and SHA-3 algorithms. However, only the initialization functions for SHA-3 were updated, leaving SHA-1 and SHA-2 using first_message_part uninitialized. This could cause e.g. the function code CPACF_KIMD_SHA_512 | CPACF_KIMD_NIP to be used instead of just CPACF_KIMD_SHA_512. This apparently was harmless, as the SHA-1 and SHA-2 function codes ignore CPACF_KIMD_NIP; it is recognized only by the SHA-3 function codes (https://lore.kernel.org/r/73477fe9-a1dc-4e38-98a6-eba9921e8afa@linux.ibm.co…). Therefore, this bug was found only when first_message_part was later converted to a boolean and UBSAN detected its uninitialized use. Regardless, let's fix this by just initializing to zero. Note: in 6.16, we need to patch SHA-1, SHA-384, and SHA-512. In 6.15 and earlier, we'll also need to patch SHA-224 and SHA-256, as they hadn't yet been librarified (which incidentally fixed this bug). Fixes: 88c02b3f79a6 ("s390/sha3: Support sha3 performance enhancements") Cc: stable(a)vger.kernel.org Reported-by: Ingo Franzki <ifranzki(a)linux.ibm.com> Closes: https://lore.kernel.org/r/12740696-595c-4604-873e-aefe8b405fbf@linux.ibm.com Acked-by: Heiko Carstens <hca(a)linux.ibm.com> Link: https://lore.kernel.org/r/20250703172316.7914-1-ebiggers@kernel.org Signed-off-by: Eric Biggers <ebiggers(a)kernel.org> --- arch/s390/crypto/sha1_s390.c | 2 ++ arch/s390/crypto/sha256_s390.c | 3 +++ arch/s390/crypto/sha512_s390.c | 3 +++ 3 files changed, 8 insertions(+) diff --git a/arch/s390/crypto/sha1_s390.c b/arch/s390/crypto/sha1_s390.c index bc3a22704e09..10950953429e 100644 --- a/arch/s390/crypto/sha1_s390.c +++ b/arch/s390/crypto/sha1_s390.c @@ -36,10 +36,11 @@ static int s390_sha1_init(struct shash_desc *desc) sctx->state[2] = SHA1_H2; sctx->state[3] = SHA1_H3; sctx->state[4] = SHA1_H4; sctx->count = 0; sctx->func = CPACF_KIMD_SHA_1; + sctx->first_message_part = 0; return 0; } static int s390_sha1_export(struct shash_desc *desc, void *out) @@ -60,10 +61,11 @@ static int s390_sha1_import(struct shash_desc *desc, const void *in) sctx->count = ictx->count; memcpy(sctx->state, ictx->state, sizeof(ictx->state)); memcpy(sctx->buf, ictx->buffer, sizeof(ictx->buffer)); sctx->func = CPACF_KIMD_SHA_1; + sctx->first_message_part = 0; return 0; } static struct shash_alg alg = { .digestsize = SHA1_DIGEST_SIZE, diff --git a/arch/s390/crypto/sha256_s390.c b/arch/s390/crypto/sha256_s390.c index 6f1ccdf93d3e..0204d4bca340 100644 --- a/arch/s390/crypto/sha256_s390.c +++ b/arch/s390/crypto/sha256_s390.c @@ -29,10 +29,11 @@ static int s390_sha256_init(struct shash_desc *desc) sctx->state[5] = SHA256_H5; sctx->state[6] = SHA256_H6; sctx->state[7] = SHA256_H7; sctx->count = 0; sctx->func = CPACF_KIMD_SHA_256; + sctx->first_message_part = 0; return 0; } static int sha256_export(struct shash_desc *desc, void *out) @@ -53,10 +54,11 @@ static int sha256_import(struct shash_desc *desc, const void *in) sctx->count = ictx->count; memcpy(sctx->state, ictx->state, sizeof(ictx->state)); memcpy(sctx->buf, ictx->buf, sizeof(ictx->buf)); sctx->func = CPACF_KIMD_SHA_256; + sctx->first_message_part = 0; return 0; } static struct shash_alg sha256_alg = { .digestsize = SHA256_DIGEST_SIZE, @@ -88,10 +90,11 @@ static int s390_sha224_init(struct shash_desc *desc) sctx->state[5] = SHA224_H5; sctx->state[6] = SHA224_H6; sctx->state[7] = SHA224_H7; sctx->count = 0; sctx->func = CPACF_KIMD_SHA_256; + sctx->first_message_part = 0; return 0; } static struct shash_alg sha224_alg = { diff --git a/arch/s390/crypto/sha512_s390.c b/arch/s390/crypto/sha512_s390.c index 04f11c407763..b53a7793bd24 100644 --- a/arch/s390/crypto/sha512_s390.c +++ b/arch/s390/crypto/sha512_s390.c @@ -30,10 +30,11 @@ static int sha512_init(struct shash_desc *desc) *(__u64 *)&ctx->state[10] = SHA512_H5; *(__u64 *)&ctx->state[12] = SHA512_H6; *(__u64 *)&ctx->state[14] = SHA512_H7; ctx->count = 0; ctx->func = CPACF_KIMD_SHA_512; + ctx->first_message_part = 0; return 0; } static int sha512_export(struct shash_desc *desc, void *out) @@ -58,10 +59,11 @@ static int sha512_import(struct shash_desc *desc, const void *in) sctx->count = ictx->count[0]; memcpy(sctx->state, ictx->state, sizeof(ictx->state)); memcpy(sctx->buf, ictx->buf, sizeof(ictx->buf)); sctx->func = CPACF_KIMD_SHA_512; + sctx->first_message_part = 0; return 0; } static struct shash_alg sha512_alg = { .digestsize = SHA512_DIGEST_SIZE, @@ -95,10 +97,11 @@ static int sha384_init(struct shash_desc *desc) *(__u64 *)&ctx->state[10] = SHA384_H5; *(__u64 *)&ctx->state[12] = SHA384_H6; *(__u64 *)&ctx->state[14] = SHA384_H7; ctx->count = 0; ctx->func = CPACF_KIMD_SHA_512; + ctx->first_message_part = 0; return 0; } static struct shash_alg sha384_alg = { base-commit: 7b59ab988c01c190f1b528cf750d6f33b738d1e2 -- 2.50.0.727.gbf7dc18ff4-goog

3 months, 4 weeks

2
1
0 0

[PATCH] arm64: dts: ti: k3-j722s-evm: Fix USB gpio-hog level for Type-C

by Siddharth Vadapalli

According to the "GPIO Expander Map / Table" section of the J722S EVM Schematic within the Evaluation Module Design Files package [0], the GPIO Pin P05 located on the GPIO Expander 1 (I2C0/0x23) has to be pulled down to select the Type-C interface. Since commit under Fixes claims to enable the Type-C interface, update the property within "p05-hog" from "output-high" to "output-low", thereby switching from the Type-A interface to the Type-C interface. [0]: https://www.ti.com/lit/zip/sprr495 Cc: <stable(a)vger.kernel.org> Fixes: 485705df5d5f ("arm64: dts: ti: k3-j722s: Enable PCIe and USB support on J722S-EVM") Signed-off-by: Siddharth Vadapalli <s-vadapalli(a)ti.com> --- Hello, This patch is based on commit 86731a2a651e Linux 6.16-rc3 of Mainline Linux. Regards, Siddharth. arch/arm64/boot/dts/ti/k3-j722s-evm.dts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm64/boot/dts/ti/k3-j722s-evm.dts b/arch/arm64/boot/dts/ti/k3-j722s-evm.dts index a47852fdca70..d0533723412a 100644 --- a/arch/arm64/boot/dts/ti/k3-j722s-evm.dts +++ b/arch/arm64/boot/dts/ti/k3-j722s-evm.dts @@ -634,7 +634,7 @@ p05-hog { /* P05 - USB2.0_MUX_SEL */ gpio-hog; gpios = <5 GPIO_ACTIVE_LOW>; - output-high; + output-low; }; p01_hog: p01-hog { -- 2.34.1

3 months, 4 weeks

2
1
0 0

[PATCH] drm/panfrost: Fix scheduler workqueue bug

by Philipp Stanner

When the GPU scheduler was ported to using a struct for its initialization parameters, it was overlooked that panfrost creates a distinct workqueue for timeout handling. The pointer to this new workqueue is not initialized to the struct, resulting in NULL being passed to the scheduler, which then uses the system_wq for timeout handling. Set the correct workqueue to the init args struct. Cc: stable(a)vger.kernel.org # 6.15+ Fixes: 796a9f55a8d1 ("drm/sched: Use struct for drm_sched_init() params") Reported-by: Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> Closes: https://lore.kernel.org/dri-devel/b5d0921c-7cbf-4d55-aa47-c35cd7861c02@igal… Signed-off-by: Philipp Stanner <phasta(a)kernel.org> --- drivers/gpu/drm/panfrost/panfrost_job.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/panfrost/panfrost_job.c b/drivers/gpu/drm/panfrost/panfrost_job.c index 5657106c2f7d..15e2d505550f 100644 --- a/drivers/gpu/drm/panfrost/panfrost_job.c +++ b/drivers/gpu/drm/panfrost/panfrost_job.c @@ -841,7 +841,6 @@ int panfrost_job_init(struct panfrost_device *pfdev) .num_rqs = DRM_SCHED_PRIORITY_COUNT, .credit_limit = 2, .timeout = msecs_to_jiffies(JOB_TIMEOUT_MS), - .timeout_wq = pfdev->reset.wq, .name = "pan_js", .dev = pfdev->dev, }; @@ -879,6 +878,7 @@ int panfrost_job_init(struct panfrost_device *pfdev) pfdev->reset.wq = alloc_ordered_workqueue("panfrost-reset", 0); if (!pfdev->reset.wq) return -ENOMEM; + args.timeout_wq = pfdev->reset.wq; for (j = 0; j < NUM_JOB_SLOTS; j++) { js->queue[j].fence_context = dma_fence_context_alloc(1); -- 2.49.0

3 months, 4 weeks

3
2
0 0

[PATCH wireless v1] wifi: mwifiex: discard erroneous disassoc frames on STA interface

by Vitor Soares

From: Vitor Soares <vitor.soares(a)toradex.com> When operating in concurrent STA/AP mode with host MLME enabled, the firmware incorrectly sends disassociation frames to the STA interface when clients disconnect from the AP interface. This causes kernel warnings as the STA interface processes disconnect events that don't apply to it: [ 1303.240540] WARNING: CPU: 0 PID: 513 at net/wireless/mlme.c:141 cfg80211_process_disassoc+0x78/0xec [cfg80211] [ 1303.250861] Modules linked in: 8021q garp stp mrp llc rfcomm bnep btnxpuart nls_iso8859_1 nls_cp437 onboard_us [ 1303.327651] CPU: 0 UID: 0 PID: 513 Comm: kworker/u9:2 Not tainted 6.16.0-rc1+ #3 PREEMPT [ 1303.335937] Hardware name: Toradex Verdin AM62 WB on Verdin Development Board (DT) [ 1303.343588] Workqueue: MWIFIEX_RX_WORK_QUEUE mwifiex_rx_work_queue [mwifiex] [ 1303.350856] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 1303.357904] pc : cfg80211_process_disassoc+0x78/0xec [cfg80211] [ 1303.364065] lr : cfg80211_process_disassoc+0x70/0xec [cfg80211] [ 1303.370221] sp : ffff800083053be0 [ 1303.373590] x29: ffff800083053be0 x28: 0000000000000000 x27: 0000000000000000 [ 1303.380855] x26: 0000000000000000 x25: 00000000ffffffff x24: ffff000002c5b8ae [ 1303.388120] x23: ffff000002c5b884 x22: 0000000000000001 x21: 0000000000000008 [ 1303.395382] x20: ffff000002c5b8ae x19: ffff0000064dd408 x18: 0000000000000006 [ 1303.402646] x17: 3a36333a61623a30 x16: 32206d6f72662063 x15: ffff800080bfe048 [ 1303.409910] x14: ffff000003625300 x13: 0000000000000001 x12: 0000000000000000 [ 1303.417173] x11: 0000000000000002 x10: ffff000003958600 x9 : ffff000003625300 [ 1303.424434] x8 : ffff00003fd9ef40 x7 : ffff0000039fc280 x6 : 0000000000000002 [ 1303.431695] x5 : ffff0000038976d4 x4 : 0000000000000000 x3 : 0000000000003186 [ 1303.438956] x2 : 000000004836ba20 x1 : 0000000000006986 x0 : 00000000d00479de [ 1303.446221] Call trace: [ 1303.448722] cfg80211_process_disassoc+0x78/0xec [cfg80211] (P) [ 1303.454894] cfg80211_rx_mlme_mgmt+0x64/0xf8 [cfg80211] [ 1303.460362] mwifiex_process_mgmt_packet+0x1ec/0x460 [mwifiex] [ 1303.466380] mwifiex_process_sta_rx_packet+0x1bc/0x2a0 [mwifiex] [ 1303.472573] mwifiex_handle_rx_packet+0xb4/0x13c [mwifiex] [ 1303.478243] mwifiex_rx_work_queue+0x158/0x198 [mwifiex] [ 1303.483734] process_one_work+0x14c/0x28c [ 1303.487845] worker_thread+0x2cc/0x3d4 [ 1303.491680] kthread+0x12c/0x208 [ 1303.495014] ret_from_fork+0x10/0x20 Add validation in the STA receive path to verify that disassoc/deauth frames originate from the connected AP. Frames that fail this check are discarded early, preventing them from reaching the MLME layer and triggering WARN_ON(). This filtering logic is similar with that used in the ieee80211_rx_mgmt_disassoc() function in mac80211, which drops disassoc frames that don't match the current BSSID (!ether_addr_equal(mgmt->bssid, sdata->vif.cfg.ap_addr)), ensuring only relevant frames are processed. Tested on: - 8997 with FW 16.68.1.p197 Fixes: 36995892c271 ("wifi: mwifiex: add host mlme for client mode") Cc: stable(a)vger.kernel.org Signed-off-by: Vitor Soares <vitor.soares(a)toradex.com> --- drivers/net/wireless/marvell/mwifiex/util.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/net/wireless/marvell/mwifiex/util.c b/drivers/net/wireless/marvell/mwifiex/util.c index 4c5b1de0e936..6882e90e90b2 100644 --- a/drivers/net/wireless/marvell/mwifiex/util.c +++ b/drivers/net/wireless/marvell/mwifiex/util.c @@ -459,7 +459,9 @@ mwifiex_process_mgmt_packet(struct mwifiex_private *priv, "auth: receive authentication from %pM\n", ieee_hdr->addr3); } else { - if (!priv->wdev.connected) + if (!priv->wdev.connected || + !ether_addr_equal(ieee_hdr->addr3, + priv->curr_bss_params.bss_descriptor.mac_address)) return 0; if (ieee80211_is_deauth(ieee_hdr->frame_control)) { -- 2.34.1

3 months, 4 weeks

4
4
0 0

[PATCH 6.15 000/263] 6.15.5-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.15.5 release. There are 263 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sun, 06 Jul 2025 12:55:09 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.15.5-rc2… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.15.5-rc2 Mario Limonciello <mario.limonciello(a)amd.com> drm/amd/display: Fix AMDGPU_MAX_BL_LEVEL value Mario Limonciello <mario.limonciello(a)amd.com> drm/amd/display: Export full brightness range to userspace Mario Limonciello <mario.limonciello(a)amd.com> drm/amd/display: Optimize custom brightness curve Mario Limonciello <mario.limonciello(a)amd.com> drm/amd/display: Only read ACPI backlight caps once Mario Limonciello <mario.limonciello(a)amd.com> drm/amd/display: Fix default DC and AC levels Mario Limonciello <mario.limonciello(a)amd.com> drm/amd/display: Add debugging message for brightness caps Cyril Bur <cyrilbur(a)tenstorrent.com> riscv: uaccess: Only restore the CSR_STATUS SUM bit Jens Axboe <axboe(a)kernel.dk> io_uring: gate REQ_F_ISREG on !S_ANON_INODE as well Jens Axboe <axboe(a)kernel.dk> io_uring/kbuf: flag partial buffer mappings Heiko Carstens <hca(a)linux.ibm.com> s390/ptrace: Fix pointer dereferencing in regs_get_kernel_stack_nth() Chang S. Bae <chang.seok.bae(a)intel.com> x86/pkeys: Simplify PKRU update in signal frame Chang S. Bae <chang.seok.bae(a)intel.com> x86/fpu: Refactor xfeature bitmask update code for sigframe XSAVE Danilo Krummrich <dakr(a)kernel.org> rust: devres: do not dereference to the internal Revocable Danilo Krummrich <dakr(a)kernel.org> rust: devres: fix race in Devres::drop() Danilo Krummrich <dakr(a)kernel.org> rust: revocable: indicate whether `data` has been revoked already Danilo Krummrich <dakr(a)kernel.org> rust: completion: implement initial abstraction Michael Strauss <michael.strauss(a)amd.com> drm/amd/display: Get LTTPR IEEE OUI/Device ID From Closest LTTPR To Host Michael Strauss <michael.strauss(a)amd.com> drm/amd/display: Add early 8b/10b channel equalization test pattern sequence Sasha Levin <sashal(a)kernel.org> sched_ext: Make scx_group_set_weight() always update tg->scx.weight Sasha Levin <sashal(a)kernel.org> arm64: dts: qcom: x1e78100-t14s: fix missing HID supplies Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/mes: add missing locking in helper functions Eric Biggers <ebiggers(a)google.com> crypto: powerpc/poly1305 - add depends on BROKEN for now Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: x1-crd: Fix vreg_l2j_1p2 voltage Sasha Levin <sashal(a)kernel.org> arm64: dts: qcom: x1e78100-t14s: mark l12b and l15b always-on Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: x1e80100-crd: mark l12b and l15b always-on Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com> arm64: dts: qcom: Commonize X1 CRD DTSI Alex Hung <alex.hung(a)amd.com> drm/amd/display: Fix mpv playback corruption on weston Peichen Huang <PeiChen.Huang(a)amd.com> drm/amd/display: Add dc cap for dp tunneling Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com> drm/amd/display: Add more checks for DSC / HUBP ONO guarantees Frank Min <Frank.Min(a)amd.com> drm/amdgpu: add kicker fws loading for gfx11/smu13/psp13 Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: switch job hw_fence to amdgpu_fence Jesse Zhang <jesse.zhang(a)amd.com> drm/amdgpu: Fix SDMA UTC_L1 handling during start/stop sequences Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915/dsi: Fix off by one in BXT_MIPI_TRANS_VTOTAL Daniele Ceraolo Spurio <daniele.ceraolospurio(a)intel.com> drm/xe: Fix early wedge on GuC load failure Lucas De Marchi <lucas.demarchi(a)intel.com> drm/xe: Fix taking invalid lock on wedge Lucas De Marchi <lucas.demarchi(a)intel.com> drm/xe: Fix memset on iomem Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check dce_hwseq before dereferencing it Frank Min <Frank.Min(a)amd.com> drm/amdgpu: Add kicker device detection Sonny Jiang <sonny.jiang(a)amd.com> drm/amdgpu: VCN v5_0_1 to prevent FW checking RB during DPG pause Yihan Zhu <Yihan.Zhu(a)amd.com> drm/amd/display: Fix RMCM programming seq errors Matthew Auld <matthew.auld(a)intel.com> drm/xe/guc_submit: add back fix Matthew Auld <matthew.auld(a)intel.com> drm/xe/sched: stop re-submitting signalled jobs Matthew Auld <matthew.auld(a)intel.com> drm/xe/vm: move rebind_work init earlier Zhongwei Zhang <Zhongwei.Zhang(a)amd.com> drm/amd/display: Correct non-OLED pre_T11_delay. Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: disable workload profile switching when OD is enabled John Olender <john.olender(a)gmail.com> drm/amdgpu: amdgpu_vram_mgr_new(): Clamp lpfn to total vram Wentao Liang <vulab(a)iscas.ac.cn> drm/amd/display: Add null pointer check for get_first_active_display() Aradhya Bhatia <a-bhatia1(a)ti.com> drm/bridge: cdns-dsi: Wait for Clk and Data Lanes to be ready Aradhya Bhatia <a-bhatia1(a)ti.com> drm/bridge: cdns-dsi: Check return value when getting default PHY config Aradhya Bhatia <a-bhatia1(a)ti.com> drm/bridge: cdns-dsi: Fix connecting to next bridge Aradhya Bhatia <a-bhatia1(a)ti.com> drm/bridge: cdns-dsi: Fix phy de-init and flag it so Aradhya Bhatia <a-bhatia1(a)ti.com> drm/bridge: cdns-dsi: Fix the clock variable for mode_valid() Imre Deak <imre.deak(a)intel.com> drm/i915/dp_mst: Work around Thunderbolt sink disconnect after SINK_COUNT_ESI read Imre Deak <imre.deak(a)intel.com> drm/i915/ptl: Use everywhere the correct DDI port clock select mask Jay Cornwall <jay.cornwall(a)amd.com> drm/amdkfd: Fix race in GWS queue scheduling Stephan Gerhold <stephan.gerhold(a)linaro.org> drm/msm/gpu: Fix crash when throttling GPU immediately during boot Thomas Zimmermann <tzimmermann(a)suse.de> drm/udl: Unregister device before cleaning up on disconnect Qiu-ji Chen <chenqiuji666(a)gmail.com> drm/tegra: Fix a possible null pointer dereference Thierry Reding <treding(a)nvidia.com> drm/tegra: Assign plane type before registration Thomas Zimmermann <tzimmermann(a)suse.de> drm/simpledrm: Do not upcast in release helpers Luca Ceresoli <luca.ceresoli(a)bootlin.com> drm/panel: simple: Tianma TM070JDHG34-00: add delays Maíra Canal <mcanal(a)igalia.com> drm/etnaviv: Protect the scheduler's pending list with its lock Thomas Zimmermann <tzimmermann(a)suse.de> drm/cirrus-qemu: Fix pitch programming Thomas Zimmermann <tzimmermann(a)suse.de> drm/ast: Fix comment on modeset lock Karan Tilak Kumar <kartilak(a)cisco.com> scsi: fnic: Turn off FDMI ACTIVE flags on link down Karan Tilak Kumar <kartilak(a)cisco.com> scsi: fnic: Fix crash in fnic_wq_cmpl_handler when FDMI times out anvithdosapati <anvithdosapati(a)google.com> scsi: ufs: core: Fix clk scaling to be conditional in reset and restore Chen Yu <yu.c.chen(a)intel.com> scsi: megaraid_sas: Fix invalid node index Qasim Ijaz <qasdev00(a)gmail.com> HID: wacom: fix kobject reference count leak Qasim Ijaz <qasdev00(a)gmail.com> HID: wacom: fix memory leak on sysfs attribute creation failure Qasim Ijaz <qasdev00(a)gmail.com> HID: wacom: fix memory leak on kobject creation failure Iusico Maxim <iusico.maxim(a)libero.it> HID: lenovo: Restrict F7/9/11 mode to compact keyboards only Qasim Ijaz <qasdev00(a)gmail.com> HID: appletb-kbd: fix "appletb_backlight" backlight device reference counting Chao Yu <chao(a)kernel.org> f2fs: fix to zero post-eof page David Hildenbrand <david(a)redhat.com> mm/gup: revert "mm: gup: fix infinite loop within __get_longterm_locked" Kairui Song <kasong(a)tencent.com> mm/shmem, swap: fix softlockup with mTHP swapin Kairui Song <kasong(a)tencent.com> mm: userfaultfd: fix race of userfaultfd_move and swap cache Liam R. Howlett <Liam.Howlett(a)oracle.com> maple_tree: fix MA_STATE_PREALLOC flag in mas_preallocate() Jiawen Wu <jiawenwu(a)trustnetic.com> net: libwx: fix the creation of page_pool Khairul Anuar Romli <khairul.anuar.romli(a)altera.com> spi: spi-cadence-quadspi: Fix pm runtime unbalance Stephen Smalley <stephen.smalley.work(a)gmail.com> selinux: change security_compute_sid to return the ssid or tsid on match Kuan-Wei Chiu <visitorckw(a)gmail.com> Revert "bcache: remove heap-related macros and switch to generic min_heap" Kuan-Wei Chiu <visitorckw(a)gmail.com> Revert "bcache: update min_heap_callbacks to use default builtin swap" Filipe Manana <fdmanana(a)suse.com> btrfs: fix invalid inode pointer dereferences during log replay Mark Harmstone <maharmstone(a)fb.com> btrfs: update superblock's device bytes_used when dropping chunk Filipe Manana <fdmanana(a)suse.com> btrfs: fix a race between renames and directory logging Kuan-Wei Chiu <visitorckw(a)gmail.com> bcache: remove unnecessary select MIN_HEAP Heinz Mauelshagen <heinzm(a)redhat.com> dm-raid: fix variable in journal device check Frédéric Danis <frederic.danis(a)collabora.com> Bluetooth: L2CAP: Fix L2CAP MTU negotiation Fabio Estevam <festevam(a)gmail.com> serial: imx: Restore original RXTL for console to fix data loss Aidan Stewart <astewart(a)tektelic.com> serial: core: restore of_node information in sysfs Yao Zi <ziyao(a)disroot.org> dt-bindings: serial: 8250: Make clocks and clock-frequency exclusive Nathan Chancellor <nathan(a)kernel.org> staging: rtl8723bs: Avoid memset() in aes_cipher() and aes_decipher() Xin Li (Intel) <xin(a)zytor.com> x86/traps: Initialize DR6 by writing its architectural reset value Avadhut Naik <avadhut.naik(a)amd.com> EDAC/amd64: Fix size calculation for Non-Power-of-Two DIMMs Paulo Alcantara <pc(a)manguebit.org> smb: client: fix potential deadlock when reconnecting channels Michal Wajdeczko <michal.wajdeczko(a)intel.com> drm/xe: Process deferred GGTT node removals on device unwind Michal Wajdeczko <michal.wajdeczko(a)intel.com> drm/xe/guc: Explicitly exit CT safe mode on unwind Jayesh Choudhary <j-choudhary(a)ti.com> drm/bridge: ti-sn65dsi86: Add HPD for DisplayPort connector type Wolfram Sang <wsa+renesas(a)sang-engineering.com> drm/bridge: ti-sn65dsi86: make use of debugfs_init callback Arnd Bergmann <arnd(a)arndb.de> drm/i915: fix build error some more Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Adjust output for discovery error handling Louis Chauvet <louis.chauvet(a)bootlin.com> drm: writeback: Fix drm_writeback_connector_cleanup signature Charles Mirabile <cmirabil(a)redhat.com> riscv: fix runtime constant support for nommu kernels Christoph Hellwig <hch(a)lst.de> nvme: fix atomic write size validation Christoph Hellwig <hch(a)lst.de> nvme: refactor the atomic write unit detection Jakub Kicinski <kuba(a)kernel.org> net: selftests: fix TCP packet checksum Salvatore Bonaccorso <carnil(a)debian.org> ALSA: hda/realtek: Fix built-in mic on ASUS VivoBook X507UAR Kuniyuki Iwashima <kuniyu(a)google.com> atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister(). Jakub Kicinski <kuba(a)kernel.org> netlink: specs: tc: replace underscores with dashes in names Simon Horman <horms(a)kernel.org> net: enetc: Correct endianness handling in _enetc_rd_reg64 Adin Scannell <amscanne(a)meta.com> libbpf: Fix possible use-after-free for externs Jens Axboe <axboe(a)kernel.dk> io_uring/net: mark iov as dynamically allocated even for single segments Tiwei Bie <tiwei.btw(a)antgroup.com> um: ubd: Add missing error check in start_io_thread() Yan Zhai <yan(a)cloudflare.com> bnxt: properly flush XDP redirect lists Stefano Garzarella <sgarzare(a)redhat.com> vsock/uapi: fix linux/vm_sockets.h userspace compilation errors Al Viro <viro(a)zeniv.linux.org.uk> userns and mnt_idmap leak in open_tree_attr(2) Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: finish link init before RCU publish Muna Sinada <muna.sinada(a)oss.qualcomm.com> wifi: mac80211: Create separate links for VLAN interfaces Muna Sinada <muna.sinada(a)oss.qualcomm.com> wifi: mac80211: Add link iteration macro for link data Kuniyuki Iwashima <kuniyu(a)google.com> af_unix: Don't set -ECONNRESET for consumed OOB skb. Lachlan Hodges <lachlan.hodges(a)morsemicro.com> wifi: mac80211: fix beacon interval calculation overflow Ido Schimmel <idosch(a)nvidia.com> bridge: mcast: Fix use-after-free during router port configuration Thomas Fourier <fourier.thomas(a)gmail.com> ethernet: ionic: Fix DMA mapping tests Breno Leitao <leitao(a)debian.org> net: netpoll: Initialize UDP checksum field before checksumming Yuan Chen <chenyuan(a)kylinos.cn> libbpf: Fix null pointer dereference in btf_dump__free on allocation failure Al Viro <viro(a)zeniv.linux.org.uk> attach_recursive_mnt(): do not lock the covering tree when sliding something under it Youngjun Lee <yjjuny.lee(a)samsung.com> ALSA: usb-audio: Fix out-of-bounds read in snd_usb_get_audioformat_uac3() Kuniyuki Iwashima <kuniyu(a)google.com> Bluetooth: hci_core: Fix use-after-free in vhci_flush() Vijendar Mukunda <Vijendar.Mukunda(a)amd.com> ASoC: amd: ps: fix for soundwire failures during hibernation exit sequence Eric Dumazet <edumazet(a)google.com> atm: clip: prevent NULL deref in clip_push() Thomas Fourier <fourier.thomas(a)gmail.com> scsi: fnic: Fix missing DMA mapping error in fnic_send_frame() Dan Williams <dan.j.williams(a)intel.com> cxl/ras: Fix CPER handler device confusion Thomas Zeitlhofer <thomas.zeitlhofer+lkml(a)ze-it.at> HID: wacom: fix crash in wacom_aes_battery_handler() Even Xu <even.xu(a)intel.com> HID: Intel-thc-hid: Intel-quicki2c: Enhance QuickI2C reset flow Matthew Auld <matthew.auld(a)intel.com> drm/xe: move DPT l2 flush to a more sensible place Maarten Lankhorst <maarten.lankhorst(a)linux.intel.com> drm/xe: Move DSB l2 flush to a more sensible place Ankit Nautiyal <ankit.k.nautiyal(a)intel.com> drm/i915/snps_hdmi_pll: Fix 64-bit divisor truncation by using div64_u64 Haoxiang Li <haoxiang_li2024(a)163.com> drm/xe/display: Add check for alloc_ordered_workqueue() Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/mes: add compatibility checks for set_hw_resource_1 Takashi Iwai <tiwai(a)suse.de> drm/amd/display: Add sanity checks for drm_edid_raw() Nam Cao <namcao(a)linutronix.de> Revert "riscv: misaligned: fix sleeping function called during misaligned access handling" Nam Cao <namcao(a)linutronix.de> Revert "riscv: Define TASK_SIZE_MAX for __access_ok()" Yu Kuai <yukuai3(a)huawei.com> lib/group_cpus: fix NULL pointer dereference from group_cpus_evenly() David Hildenbrand <david(a)redhat.com> fs/proc/task_mmu: fix PAGE_IS_PFNZERO detection for the huge zero folio Pavel Begunkov <asml.silence(a)gmail.com> io_uring: don't assume uaddr alignment in io_vec_fill_bvec Pavel Begunkov <asml.silence(a)gmail.com> io_uring/rsrc: don't rely on user vaddr alignment Pavel Begunkov <asml.silence(a)gmail.com> io_uring/rsrc: fix folio unpinning Fedor Pchelkin <pchelkin(a)ispras.ru> s390/pkey: Prevent overflow in size calculation for memdup_user() Klara Modin <klarasmodin(a)gmail.com> riscv: export boot_cpu_hartid Oliver Schramm <oliver.schramm97(a)gmail.com> ASoC: amd: yc: Add DMI quirk for Lenovo IdeaPad Slim 5 15 Han Gao <rabenda.cn(a)gmail.com> riscv: vector: Fix context save/restore with xtheadvector Paulo Alcantara <pc(a)manguebit.org> smb: client: fix regression with native SMB symlinks SeongJae Park <sj(a)kernel.org> mm/damon/sysfs-schemes: free old damon_sysfs_scheme_filter->memcg_path on write Stefan Metzmacher <metze(a)samba.org> smb: client: remove \t from TP_printk statements Niklas Cassel <cassel(a)kernel.org> ata: ahci: Use correct DMI identifier for ASUSPRO-D840SA LPM quirk Florian Fainelli <florian.fainelli(a)broadcom.com> scripts/gdb: fix dentry_name() lookup Haiyue Wang <haiyuewa(a)163.com> fuse: fix runtime warning on truncate_folio_batch_exceptionals() Bibo Mao <maobibo(a)loongson.cn> LoongArch: KVM: Check interrupt route from physical CPU Bibo Mao <maobibo(a)loongson.cn> LoongArch: KVM: Fix interrupt route update with EIOINTC Bibo Mao <maobibo(a)loongson.cn> LoongArch: KVM: Add address alignment check for IOCSR emulation Bibo Mao <maobibo(a)loongson.cn> LoongArch: KVM: Disable updating of "num_cpu" and "feature" Bibo Mao <maobibo(a)loongson.cn> LoongArch: KVM: Check validity of "num_cpu" from user space Bibo Mao <maobibo(a)loongson.cn> LoongArch: KVM: Avoid overflow with array index Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: robotfuzz-osif: disable zero-length read messages Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: tiny-usb: disable zero-length read messages Lukasz Kucharczyk <lukasz.kucharczyk(a)leica-geosystems.com> i2c: imx: fix emulated smbus block read Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> i2c: omap: Fix an error handling path in omap_i2c_probe() Kuniyuki Iwashima <kuniyu(a)google.com> af_unix: Don't leave consecutive consumed OOB skbs. Haoxiang Li <haoxiang_li2024(a)163.com> drm/i915/display: Add check for alloc_ordered_workqueue() and alloc_workqueue() Pavel Begunkov <asml.silence(a)gmail.com> io_uring/zcrx: fix area release on registration failure Pavel Begunkov <asml.silence(a)gmail.com> io_uring/zcrx: split out memory holders from area Pavel Begunkov <asml.silence(a)gmail.com> io_uring/zcrx: improve area validation Pavel Begunkov <asml.silence(a)gmail.com> io_uring/zcrx: move io_zcrx_iov_page Chao Yu <chao(a)kernel.org> f2fs: don't over-report free space or inodes in statvfs Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ASoC: codecs: wcd9335: Fix missing free of regulator supplies Peng Fan <peng.fan(a)nxp.com> ASoC: codec: wcd9335: Convert to GPIO descriptors Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Rollback non processed entities on error Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Increase/decrease the PM counter per IOCTL Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Create uvc_pm_(get|put) functions Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Keep streaming state in the file handle Filipe Manana <fdmanana(a)suse.com> btrfs: fix qgroup reservation leak on failure to allocate ordered extent David Sterba <dsterba(a)suse.com> btrfs: use unsigned types for constants defined as bit shifts Joonas Lahtinen <joonas.lahtinen(a)linux.intel.com> Revert "drm/i915/gem: Allow EXEC_CAPTURE on recoverable contexts on DG1" Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915/gem: Allow EXEC_CAPTURE on recoverable contexts on DG1 Qu Wenruo <wqu(a)suse.com> btrfs: handle csum tree error with rescue=ibadroots correctly Filipe Manana <fdmanana(a)suse.com> btrfs: fix race between async reclaim worker and close_ctree() Kees Cook <kees(a)kernel.org> ovl: Check for NULL d_inode() in ovl_dentry_upper() Ben Dooks <ben.dooks(a)codethink.co.uk> riscv: save the SR_SUM status over switches Ziqi Chen <quic_ziqichen(a)quicinc.com> scsi: ufs: core: Don't perform UFS clkscaling during host async scan Dmitry Kandybka <d.kandybka(a)gmail.com> ceph: fix possible integer overflow in ceph_zero_objects() Shuming Fan <shumingf(a)realtek.com> ASoC: rt1320: fix speaker noise when volume bar is 100% Mario Limonciello <mario.limonciello(a)amd.com> ALSA: usb-audio: Add a quirk for Lenovo Thinkpad Thunderbolt 3 dock Vijendar Mukunda <Vijendar.Mukunda(a)amd.com> ALSA: hda: Add new pci id for AMD GPU display HD audio controller Cezary Rojewski <cezary.rojewski(a)intel.com> ALSA: hda: Ignore unsol events for cards being shut down Clément Léger <cleger(a)rivosinc.com> riscv: misaligned: declare misaligned_access_speed under CONFIG_RISCV_MISALIGNED Heiko Carstens <hca(a)linux.ibm.com> s390/mm: Fix in_atomic() handling in do_secure_storage_access() Andy Chiu <andybnac(a)gmail.com> riscv: add a data fence for CMODX in the kernel mode Michael Grzeschik <m.grzeschik(a)pengutronix.de> usb: typec: mux: do not return on EOPNOTSUPP in {mux, switch}_set Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> usb: typec: tipd: Fix wakeup source leaks on device unbind Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> usb: typec: tcpci: Fix wakeup source leaks on device unbind Jos Wang <joswang(a)lenovo.com> usb: typec: displayport: Receive DP Status Update NAK request exit dp altmode Peter Korsgaard <peter(a)korsgaard.com> usb: gadget: f_hid: wake up readers on disable/unbind Robert Hodaszi <robert.hodaszi(a)digi.com> usb: cdc-wdm: avoid setting WDM_READ for ZLP-s Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> usb: Add checks for snprintf() calls in usb_alloc_dev() Chance Yang <chance.yang(a)kneron.us> usb: common: usb-conn-gpio: use a unique name for usb connector device Jakub Lewalski <jakub.lewalski(a)nokia.com> tty: serial: uartlite: register uart driver in init Chen Yufeng <chenyufeng(a)iie.ac.cn> usb: potential integer overflow in usbg_make_tpg() Chenyuan Yang <chenyuan0y(a)gmail.com> misc: tps6594-pfsm: Add NULL pointer check in tps6594_pfsm_probe() Zhang Lixu <lixu.zhang(a)intel.com> iio: hid-sensor-prox: Add support for 16-bit report size David Lechner <dlechner(a)baylibre.com> iio: adc: ad7606_spi: check error in ad7606B_sw_mode_config() David Heidelberg <david(a)ixit.cz> iio: light: al3000a: Fix an error handling path in al3000a_probe() Angelo Dureghello <adureghello(a)baylibre.com> iio: dac: adi-axi-dac: add cntrl chan check Purva Yeshi <purvayeshi550(a)gmail.com> iio: adc: ad_sigma_delta: Fix use of uninitialized status_pos Michael Grzeschik <m.grzeschik(a)pengutronix.de> usb: dwc2: also exit clock_gating when stopping udc while suspended James Clark <james.clark(a)linaro.org> coresight: Only check bottom two claim bits Rengarajan S <rengarajan.s(a)microchip.com> 8250: microchip: pci1xxxx: Add PCIe Hot reset disable support for Rev C0 and later devices Benjamin Berg <benjamin.berg(a)intel.com> um: use proper care when taking mmap lock during segfault Sami Tolvanen <samitolvanen(a)google.com> um: Add cmpxchg8b_emu and checksum functions to asm-prototypes.h Daniele Palmas <dnlplm(a)gmail.com> bus: mhi: host: pci_generic: Add Telit FN920C04 modem support Jonathan Cameron <Jonathan.Cameron(a)huawei.com> iio: pressure: zpa2326: Use aligned_s64 for the timestamp Lin.Cao <lincao12(a)amd.com> drm/scheduler: signal scheduled fence when kill job Philip Yang <Philip.Yang(a)amd.com> drm/amdgpu: seq64 memory unmap uses uninterruptible lock Linggang Zeng <linggang.zeng(a)easystack.cn> bcache: fix NULL pointer in cache_set_flush() David (Ming Qiang) Wu <David.Wu3(a)amd.com> drm/amdgpu/vcn2.5: read back register after written David (Ming Qiang) Wu <David.Wu3(a)amd.com> drm/amdgpu/vcn3: read back register after written David (Ming Qiang) Wu <David.Wu3(a)amd.com> drm/amdgpu/vcn4: read back register after written David (Ming Qiang) Wu <David.Wu3(a)amd.com> drm/amdgpu/vcn5.0.1: read back register after written Yifan Zhang <yifan1.zhang(a)amd.com> amd/amdkfd: fix a kfd_process ref leak Yu Kuai <yukuai3(a)huawei.com> md/md-bitmap: fix dm-raid max_write_behind setting Hannes Reinecke <hare(a)kernel.org> nvme-tcp: sanitize request list handling Hannes Reinecke <hare(a)kernel.org> nvme-tcp: fix I/O stalls on congested sockets Ilan Peer <ilan.peer(a)intel.com> wifi: iwlwifi: mld: Move regulatory domain initialization Richard Zhu <hongxing.zhu(a)nxp.com> PCI: imx6: Add workaround for errata ERR051624 Hector Martin <marcan(a)marcan.st> PCI: apple: Fix missing OF node reference in apple_pcie_setup_port Wenbin Yao <quic_wenbyao(a)quicinc.com> PCI: dwc: Make link training more robust by setting PORT_LOGIC_LINK_WIDTH to one lane Thomas Gessler <thomas.gessler(a)brueckmann-gmbh.de> dmaengine: xilinx_dma: Set dma_device directions Yi Sun <yi.sun(a)intel.com> dmaengine: idxd: Check availability of workqueue allocated by idxd wq driver before using Rudraksha Gupta <guptarud(a)gmail.com> rust: arm: fix unknown (to Clang) argument '-mno-fdpic' FUJITA Tomonori <fujita.tomonori(a)gmail.com> rust: module: place cleanup_module() in .exit.text section Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: provide zero as a unique ID to the Mac client Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: allow a filename to contain special characters on SMB3.1.1 posix extension Alexis Czezar Torreno <alexisczezar.torreno(a)analog.com> hwmon: (pmbus/max34440) Fix support for max34451 Scott Mayhew <smayhew(a)redhat.com> NFSv4: xattr handlers should check for absent nfs filehandles Gregory Price <gourry(a)gourry.net> cxl: core/region - ignore interleave granularity when ways=1 Robert Richter <rrichter(a)amd.com> cxl/region: Add a dev_err() on missing target list entries Guang Yuan Wu <gwu(a)ddn.com> fuse: fix race between concurrent setattrs from multiple nodes Sven Schwermer <sven.schwermer(a)disruptive-technologies.com> leds: multicolor: Fix intensity setting while SW blinking Matthew Sakai <msakai(a)redhat.com> dm vdo indexer: don't read request structure after enqueuing Yikai Tsai <yikai.tsai.wiwynn(a)gmail.com> hwmon: (isl28022) Fix current reading calculation Nikhil Jha <njha(a)janestreet.com> sunrpc: don't immediately retransmit on seqno miss Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> mfd: sprd-sc27xx: Fix wakeup source leaks on device unbind Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> mfd: 88pm886: Fix wakeup source leaks on device unbind Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> mfd: max77705: Fix wakeup source leaks on device unbind Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> mfd: max14577: Fix wakeup source leaks on device unbind Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> mfd: max77541: Fix wakeup source leaks on device unbind Peng Fan <peng.fan(a)nxp.com> mailbox: Not protect module_put with spin_lock_irqsave Sagi Grimberg <sagi(a)grimberg.me> NFSv4.2: fix setattr caching of TIME_[MODIFY|ACCESS]_SET when timestamps are delegated Olga Kornievskaia <okorniev(a)redhat.com> NFSv4.2: fix listxattr to return selinux security label Han Young <hanyang.tony(a)bytedance.com> NFSv4: Always set NLINK even if the server doesn't support it Pali Rohár <pali(a)kernel.org> cifs: Fix encoding of SMB1 Session Setup NTLMSSP Request in non-UNICODE mode Pali Rohár <pali(a)kernel.org> cifs: Fix cifs_query_path_info() for Windows NT servers Pali Rohár <pali(a)kernel.org> cifs: Correctly set SMB1 SessionKey field in Session Setup Request ------------- Diffstat: Documentation/devicetree/bindings/serial/8250.yaml | 2 +- Documentation/netlink/specs/tc.yaml | 4 +- Makefile | 4 +- arch/arm64/boot/dts/qcom/x1-crd.dtsi | 1277 ++++++++++++++++++++ .../dts/qcom/x1e78100-lenovo-thinkpad-t14s.dts | 45 + arch/arm64/boot/dts/qcom/x1e80100-crd.dts | 1270 +------------------ arch/arm64/boot/dts/qcom/x1e80100.dtsi | 2 +- arch/loongarch/kvm/intc/eiointc.c | 89 +- arch/powerpc/crypto/Kconfig | 1 + arch/riscv/include/asm/cpufeature.h | 5 +- arch/riscv/include/asm/pgtable.h | 1 - arch/riscv/include/asm/processor.h | 1 + arch/riscv/include/asm/runtime-const.h | 2 +- arch/riscv/include/asm/vector.h | 12 +- arch/riscv/kernel/asm-offsets.c | 5 + arch/riscv/kernel/entry.S | 9 + arch/riscv/kernel/setup.c | 1 + arch/riscv/kernel/traps_misaligned.c | 6 +- arch/riscv/mm/cacheflush.c | 15 +- arch/s390/kernel/ptrace.c | 2 +- arch/s390/mm/fault.c | 2 + arch/um/drivers/ubd_user.c | 2 +- arch/um/include/asm/asm-prototypes.h | 5 + arch/um/kernel/trap.c | 129 +- arch/x86/include/uapi/asm/debugreg.h | 21 +- arch/x86/kernel/cpu/common.c | 24 +- arch/x86/kernel/fpu/signal.c | 11 +- arch/x86/kernel/fpu/xstate.h | 22 +- arch/x86/kernel/traps.c | 34 +- arch/x86/um/asm/checksum.h | 3 + drivers/ata/ahci.c | 2 +- drivers/bus/mhi/host/pci_generic.c | 39 + drivers/cxl/core/ras.c | 47 +- drivers/cxl/core/region.c | 9 +- drivers/dma/idxd/cdev.c | 4 +- drivers/dma/xilinx/xilinx_dma.c | 2 + drivers/edac/amd64_edac.c | 57 +- drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c | 28 +- drivers/gpu/drm/amd/amdgpu/amdgpu_fence.c | 30 +- drivers/gpu/drm/amd/amdgpu/amdgpu_gfx.c | 8 + drivers/gpu/drm/amd/amdgpu/amdgpu_job.c | 12 +- drivers/gpu/drm/amd/amdgpu/amdgpu_job.h | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_mes.c | 16 + drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c | 16 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ring.h | 16 + drivers/gpu/drm/amd/amdgpu/amdgpu_seq64.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ucode.c | 17 + drivers/gpu/drm/amd/amdgpu/amdgpu_ucode.h | 6 + drivers/gpu/drm/amd/amdgpu/amdgpu_vram_mgr.c | 2 +- drivers/gpu/drm/amd/amdgpu/gfx_v11_0.c | 5 + drivers/gpu/drm/amd/amdgpu/imu_v11_0.c | 9 +- drivers/gpu/drm/amd/amdgpu/mes_v11_0.c | 10 +- drivers/gpu/drm/amd/amdgpu/mes_v12_0.c | 3 +- drivers/gpu/drm/amd/amdgpu/psp_v13_0.c | 2 + drivers/gpu/drm/amd/amdgpu/sdma_v4_4_2.c | 6 +- drivers/gpu/drm/amd/amdgpu/vcn_v2_5.c | 19 + drivers/gpu/drm/amd/amdgpu/vcn_v3_0.c | 20 + drivers/gpu/drm/amd/amdgpu/vcn_v4_0.c | 20 + drivers/gpu/drm/amd/amdgpu/vcn_v5_0_1.c | 21 +- drivers/gpu/drm/amd/amdkfd/kfd_events.c | 1 + drivers/gpu/drm/amd/amdkfd/kfd_packet_manager_v9.c | 2 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 97 +- .../drm/amd/display/amdgpu_dm/amdgpu_dm_helpers.c | 4 + drivers/gpu/drm/amd/display/dc/core/dc.c | 33 + drivers/gpu/drm/amd/display/dc/dc.h | 8 +- drivers/gpu/drm/amd/display/dc/dc_dp_types.h | 4 +- .../dc/dml2/dml21/dml21_translation_helper.c | 1 + .../dml21/src/dml2_core/dml2_core_dcn4_calcs.c | 5 +- .../amd/display/dc/dml2/dml2_translation_helper.c | 1 + .../drm/amd/display/dc/hwss/dce110/dce110_hwseq.c | 9 +- .../drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c | 28 + .../display/dc/link/protocols/link_dp_capability.c | 46 +- .../display/dc/link/protocols/link_dp_capability.h | 3 + .../display/dc/link/protocols/link_dp_training.c | 1 - .../dc/link/protocols/link_dp_training_8b_10b.c | 52 +- .../amd/display/dc/resource/dcn31/dcn31_resource.c | 3 + .../display/dc/resource/dcn314/dcn314_resource.c | 3 + .../amd/display/dc/resource/dcn35/dcn35_resource.c | 3 + .../display/dc/resource/dcn351/dcn351_resource.c | 3 + .../amd/display/dc/resource/dcn36/dcn36_resource.c | 3 + .../drm/amd/display/include/link_service_types.h | 2 + .../gpu/drm/amd/display/modules/hdcp/hdcp_psp.c | 3 + drivers/gpu/drm/amd/pm/amdgpu_dpm.c | 22 + drivers/gpu/drm/amd/pm/inc/amdgpu_dpm.h | 1 + drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0.c | 12 +- drivers/gpu/drm/ast/ast_mode.c | 6 +- drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c | 32 +- drivers/gpu/drm/bridge/ti-sn65dsi86.c | 109 +- drivers/gpu/drm/drm_writeback.c | 7 +- drivers/gpu/drm/etnaviv/etnaviv_sched.c | 5 +- drivers/gpu/drm/i915/display/intel_cx0_phy.c | 27 +- drivers/gpu/drm/i915/display/intel_cx0_phy_regs.h | 15 +- .../gpu/drm/i915/display/intel_display_driver.c | 30 +- drivers/gpu/drm/i915/display/intel_dp.c | 17 + drivers/gpu/drm/i915/display/intel_snps_hdmi_pll.c | 4 +- drivers/gpu/drm/i915/display/vlv_dsi.c | 4 +- drivers/gpu/drm/i915/i915_pmu.c | 2 +- drivers/gpu/drm/msm/msm_gpu_devfreq.c | 1 + drivers/gpu/drm/panel/panel-simple.c | 6 + drivers/gpu/drm/scheduler/sched_entity.c | 1 + drivers/gpu/drm/tegra/dc.c | 17 +- drivers/gpu/drm/tegra/hub.c | 4 +- drivers/gpu/drm/tegra/hub.h | 3 +- drivers/gpu/drm/tiny/cirrus-qemu.c | 1 - drivers/gpu/drm/tiny/simpledrm.c | 4 +- drivers/gpu/drm/udl/udl_drv.c | 2 +- drivers/gpu/drm/xe/display/xe_display.c | 2 + drivers/gpu/drm/xe/display/xe_dsb_buffer.c | 11 +- drivers/gpu/drm/xe/display/xe_fb_pin.c | 5 +- drivers/gpu/drm/xe/xe_ggtt.c | 11 + drivers/gpu/drm/xe/xe_gpu_scheduler.h | 10 +- drivers/gpu/drm/xe/xe_gt_tlb_invalidation.c | 8 + drivers/gpu/drm/xe/xe_guc_ct.c | 17 +- drivers/gpu/drm/xe/xe_guc_ct.h | 5 + drivers/gpu/drm/xe/xe_guc_pc.c | 2 +- drivers/gpu/drm/xe/xe_guc_submit.c | 23 + drivers/gpu/drm/xe/xe_guc_types.h | 5 + drivers/gpu/drm/xe/xe_vm.c | 8 +- drivers/hid/hid-appletb-kbd.c | 5 + drivers/hid/hid-lenovo.c | 11 +- .../intel-quicki2c/quicki2c-protocol.c | 26 +- drivers/hid/wacom_sys.c | 7 +- drivers/hwmon/isl28022.c | 6 +- drivers/hwmon/pmbus/max34440.c | 48 +- drivers/hwtracing/coresight/coresight-core.c | 3 +- drivers/hwtracing/coresight/coresight-priv.h | 1 + drivers/i2c/busses/i2c-imx.c | 3 +- drivers/i2c/busses/i2c-omap.c | 7 +- drivers/i2c/busses/i2c-robotfuzz-osif.c | 6 + drivers/i2c/busses/i2c-tiny-usb.c | 6 + drivers/iio/adc/ad7606_spi.c | 8 +- drivers/iio/adc/ad_sigma_delta.c | 4 + drivers/iio/dac/adi-axi-dac.c | 24 + drivers/iio/light/al3000a.c | 9 +- drivers/iio/light/hid-sensor-prox.c | 3 + drivers/iio/pressure/zpa2326.c | 2 +- drivers/leds/led-class-multicolor.c | 3 +- drivers/mailbox/mailbox.c | 2 +- drivers/md/bcache/Kconfig | 1 - drivers/md/bcache/alloc.c | 57 +- drivers/md/bcache/bcache.h | 2 +- drivers/md/bcache/bset.c | 116 +- drivers/md/bcache/bset.h | 40 +- drivers/md/bcache/btree.c | 69 +- drivers/md/bcache/extents.c | 43 +- drivers/md/bcache/movinggc.c | 33 +- drivers/md/bcache/super.c | 10 +- drivers/md/bcache/sysfs.c | 4 +- drivers/md/bcache/util.h | 67 +- drivers/md/bcache/writeback.c | 13 +- drivers/md/dm-raid.c | 2 +- drivers/md/dm-vdo/indexer/volume.c | 24 +- drivers/md/md-bitmap.c | 2 +- drivers/media/usb/uvc/uvc_ctrl.c | 70 +- drivers/media/usb/uvc/uvc_v4l2.c | 93 +- drivers/media/usb/uvc/uvcvideo.h | 5 + drivers/mfd/88pm886.c | 6 +- drivers/mfd/max14577.c | 1 + drivers/mfd/max77541.c | 2 +- drivers/mfd/max77705.c | 4 +- drivers/mfd/sprd-sc27xx-spi.c | 5 +- drivers/misc/tps6594-pfsm.c | 3 + drivers/net/ethernet/broadcom/bnxt/bnxt.c | 5 +- drivers/net/ethernet/freescale/enetc/enetc_hw.h | 2 +- drivers/net/ethernet/pensando/ionic/ionic_txrx.c | 12 +- drivers/net/ethernet/wangxun/libwx/wx_lib.c | 2 +- drivers/net/wireless/intel/iwlwifi/mld/fw.c | 8 +- drivers/nvme/host/core.c | 83 +- drivers/nvme/host/nvme.h | 3 +- drivers/nvme/host/tcp.c | 22 +- drivers/pci/controller/dwc/pci-imx6.c | 15 + drivers/pci/controller/dwc/pcie-designware.c | 5 +- drivers/pci/controller/pcie-apple.c | 3 + drivers/s390/crypto/pkey_api.c | 2 +- drivers/scsi/fnic/fdls_disc.c | 122 +- drivers/scsi/fnic/fnic.h | 2 +- drivers/scsi/fnic/fnic_fcs.c | 2 + drivers/scsi/fnic/fnic_fdls.h | 1 + drivers/scsi/megaraid/megaraid_sas_base.c | 6 +- drivers/spi/spi-cadence-quadspi.c | 12 +- drivers/staging/rtl8723bs/core/rtw_security.c | 44 +- drivers/tty/serial/8250/8250_pci1xxxx.c | 10 + drivers/tty/serial/imx.c | 17 +- drivers/tty/serial/serial_base_bus.c | 1 + drivers/tty/serial/uartlite.c | 25 +- drivers/ufs/core/ufshcd.c | 6 +- drivers/usb/class/cdc-wdm.c | 23 +- drivers/usb/common/usb-conn-gpio.c | 25 +- drivers/usb/core/usb.c | 14 +- drivers/usb/dwc2/gadget.c | 6 + drivers/usb/gadget/function/f_hid.c | 19 +- drivers/usb/gadget/function/f_tcm.c | 4 +- drivers/usb/typec/altmodes/displayport.c | 4 + drivers/usb/typec/mux.c | 4 +- drivers/usb/typec/tcpm/tcpci_maxim_core.c | 5 +- drivers/usb/typec/tipd/core.c | 2 +- fs/btrfs/backref.h | 4 +- fs/btrfs/direct-io.c | 4 +- fs/btrfs/disk-io.c | 25 +- fs/btrfs/extent_io.h | 2 +- fs/btrfs/inode.c | 95 +- fs/btrfs/ordered-data.c | 14 +- fs/btrfs/raid56.c | 5 +- fs/btrfs/tests/extent-io-tests.c | 6 +- fs/btrfs/tree-log.c | 14 +- fs/btrfs/volumes.c | 6 + fs/btrfs/zstd.c | 2 +- fs/ceph/file.c | 2 +- fs/f2fs/file.c | 38 + fs/f2fs/super.c | 30 +- fs/fuse/dir.c | 11 + fs/fuse/inode.c | 4 + fs/namespace.c | 18 +- fs/nfs/inode.c | 51 +- fs/nfs/nfs4proc.c | 25 +- fs/overlayfs/util.c | 4 +- fs/proc/task_mmu.c | 2 +- fs/smb/client/cifsglob.h | 2 + fs/smb/client/cifspdu.h | 6 +- fs/smb/client/cifssmb.c | 1 + fs/smb/client/connect.c | 58 +- fs/smb/client/misc.c | 8 + fs/smb/client/reparse.c | 20 +- fs/smb/client/sess.c | 21 +- fs/smb/client/trace.h | 24 +- fs/smb/server/connection.h | 1 + fs/smb/server/smb2pdu.c | 72 +- fs/smb/server/smb2pdu.h | 3 + include/net/bluetooth/hci_core.h | 2 + include/uapi/linux/vm_sockets.h | 4 + io_uring/io_uring.c | 3 +- io_uring/kbuf.c | 1 + io_uring/kbuf.h | 1 + io_uring/net.c | 34 +- io_uring/rsrc.c | 57 +- io_uring/rsrc.h | 3 +- io_uring/zcrx.c | 101 +- io_uring/zcrx.h | 11 +- kernel/sched/ext.c | 12 +- lib/group_cpus.c | 9 +- lib/maple_tree.c | 4 +- mm/damon/sysfs-schemes.c | 1 + mm/gup.c | 14 +- mm/memory.c | 20 - mm/shmem.c | 6 +- mm/swap.h | 23 + mm/userfaultfd.c | 33 +- net/atm/clip.c | 11 +- net/atm/resources.c | 3 +- net/bluetooth/hci_core.c | 34 +- net/bluetooth/l2cap_core.c | 9 +- net/bridge/br_multicast.c | 9 + net/core/netpoll.c | 2 +- net/core/selftests.c | 5 +- net/mac80211/chan.c | 3 + net/mac80211/ieee80211_i.h | 12 + net/mac80211/iface.c | 12 +- net/mac80211/link.c | 94 +- net/mac80211/util.c | 2 +- net/sunrpc/clnt.c | 9 +- net/unix/af_unix.c | 31 +- rust/Makefile | 2 +- rust/bindings/bindings_helper.h | 1 + rust/helpers/completion.c | 8 + rust/helpers/helpers.c | 1 + rust/kernel/devres.rs | 53 +- rust/kernel/revocable.rs | 18 +- rust/kernel/sync.rs | 2 + rust/kernel/sync/completion.rs | 112 ++ rust/macros/module.rs | 1 + scripts/gdb/linux/vfs.py | 2 +- security/selinux/ss/services.c | 16 +- sound/pci/hda/hda_bind.c | 2 +- sound/pci/hda/hda_intel.c | 3 + sound/pci/hda/patch_realtek.c | 1 + sound/soc/amd/ps/acp63.h | 4 + sound/soc/amd/ps/ps-common.c | 18 + sound/soc/amd/yc/acp6x-mach.c | 7 + sound/soc/codecs/rt1320-sdw.c | 17 +- sound/soc/codecs/wcd9335.c | 40 +- sound/usb/quirks.c | 2 + sound/usb/stream.c | 2 + tools/lib/bpf/btf_dump.c | 3 + tools/lib/bpf/libbpf.c | 10 +- .../selftests/bpf/progs/test_global_map_resize.c | 16 + 287 files changed, 4526 insertions(+), 2534 deletions(-)

3 months, 4 weeks

13
15
0 0

[PATCH v4 2/2] PCI: imx6: Align EP link start behavior with documentation

by Richard Zhu

According to PCI/endpoint/pci-endpoint-cfs.rst, the endpoint (EP) should only link up after `echo 1 > start` is executed. To match the documented behavior, do not start the link automatically when adding the EP controller. Fixes: 75c2f26da03f ("PCI: imx6: Add i.MX PCIe EP mode support") Cc: stable(a)vger.kernel.org Signed-off-by: Richard Zhu <hongxing.zhu(a)nxp.com> Reviewed-by: Frank Li <Frank.Li(a)nxp.com> --- drivers/pci/controller/dwc/pci-imx6.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/drivers/pci/controller/dwc/pci-imx6.c b/drivers/pci/controller/dwc/pci-imx6.c index f5f2ac638f4b..fda03512944d 100644 --- a/drivers/pci/controller/dwc/pci-imx6.c +++ b/drivers/pci/controller/dwc/pci-imx6.c @@ -1468,9 +1468,6 @@ static int imx_add_pcie_ep(struct imx_pcie *imx_pcie, pci_epc_init_notify(ep->epc); - /* Start LTSSM. */ - imx_pcie_ltssm_enable(dev); - return 0; } -- 2.37.1

3 months, 4 weeks

1
0
0 0

[PATCH v4 1/2] PCI: imx6: Remove apps_reset toggle in _core_reset functions

by Richard Zhu

apps_reset is LTSSM_EN on i.MX7, i.MX8MQ, i.MX8MM and i.MX8MP platforms. Since the assertion/de-assertion of apps_reset(LTSSM_EN bit) had been wrappered in imx_pcie_ltssm_enable() and imx_pcie_ltssm_disable(); Remove apps_reset toggle in imx_pcie_assert_core_reset() and imx_pcie_deassert_core_reset() functions. Use imx_pcie_ltssm_enable() and imx_pcie_ltssm_disable() to configure apps_reset directly. Fix fail to enumerate reliably PI7C9X2G608GP (hotplug) at i.MX8MM, which reported By Tim. Only i.MX7D, i.MX8MQ, i.MX8MM, and i.MX8MP have the apps_reset. With this change, the assertion/deassertion of LTSSM_EN bit are unified into imx_pcie_ltssm_enable() and imx_pcie_ltssm_disable() functions, and aligned with other i.MX platforms. Reported-by: Tim Harvey <tharvey(a)gateworks.com> Closes: https://lore.kernel.org/all/CAJ+vNU3ohR2YKTwC4xoYrc1z-neDoH2TTZcMHDy+poj9=j… Fixes: ef61c7d8d032 ("PCI: imx6: Deassert apps_reset in imx_pcie_deassert_core_reset()") Cc: stable(a)vger.kernel.org Signed-off-by: Richard Zhu <hongxing.zhu(a)nxp.com> Reviewed-by: Frank Li <Frank.Li(a)nxp.com> Tested-by: Tim Harvey <tharvey(a)gateworks.com> # imx8mp-venice-gw74xx (i.MX8MP + hotplug capable switch) --- drivers/pci/controller/dwc/pci-imx6.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/drivers/pci/controller/dwc/pci-imx6.c b/drivers/pci/controller/dwc/pci-imx6.c index 9754cc6e09b9..f5f2ac638f4b 100644 --- a/drivers/pci/controller/dwc/pci-imx6.c +++ b/drivers/pci/controller/dwc/pci-imx6.c @@ -860,7 +860,6 @@ static int imx95_pcie_core_reset(struct imx_pcie *imx_pcie, bool assert) static void imx_pcie_assert_core_reset(struct imx_pcie *imx_pcie) { reset_control_assert(imx_pcie->pciephy_reset); - reset_control_assert(imx_pcie->apps_reset); if (imx_pcie->drvdata->core_reset) imx_pcie->drvdata->core_reset(imx_pcie, true); @@ -872,7 +871,6 @@ static void imx_pcie_assert_core_reset(struct imx_pcie *imx_pcie) static int imx_pcie_deassert_core_reset(struct imx_pcie *imx_pcie) { reset_control_deassert(imx_pcie->pciephy_reset); - reset_control_deassert(imx_pcie->apps_reset); if (imx_pcie->drvdata->core_reset) imx_pcie->drvdata->core_reset(imx_pcie, false); @@ -1247,6 +1245,9 @@ static int imx_pcie_host_init(struct dw_pcie_rp *pp) } } + /* Make sure that PCIe LTSSM is cleared */ + imx_pcie_ltssm_disable(dev); + ret = imx_pcie_deassert_core_reset(imx_pcie); if (ret < 0) { dev_err(dev, "pcie deassert core reset failed: %d\n", ret); -- 2.37.1

3 months, 4 weeks

1
0
0 0

+ mm-damon-core-commit-damos-target_nid.patch added to mm-new branch

by Andrew Morton

The patch titled Subject: mm/damon/core: commit damos->target_nid has been added to the -mm mm-new branch. Its filename is mm-damon-core-commit-damos-target_nid.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-new branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Note, mm-new is a provisional staging ground for work-in-progress patches, and acceptance into mm-new is a notification for others take notice and to finish up reviews. Please do not hesitate to respond to review feedback and post updated versions to replace or incrementally fixup patches in mm-new. Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Bijan Tabatabai <bijantabatab(a)micron.com> Subject: mm/damon/core: commit damos->target_nid Date: Tue, 8 Jul 2025 19:47:29 -0500 When committing new scheme parameters from the sysfs, the target_nid field of the damos struct would not be copied. This would result in the target_nid field to retain its original value, despite being updated in the sysfs interface. This patch fixes this issue by copying target_nid in damos_commit(). Link: https://lkml.kernel.org/r/20250709004729.17252-1-bijan311@gmail.com Fixes: 83dc7bbaecae ("mm/damon/sysfs: use damon_commit_ctx()") Signed-off-by: Bijan Tabatabai <bijantabatab(a)micron.com> Cc: Jonathan Corbet <corbet(a)lwn.net> Cc: Ravi Shankar Jonnalagadda <ravis.opensrc(a)micron.com> Cc: SeongJae Park <sj(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/damon/core.c | 1 + 1 file changed, 1 insertion(+) --- a/mm/damon/core.c~mm-damon-core-commit-damos-target_nid +++ a/mm/damon/core.c @@ -978,6 +978,7 @@ static int damos_commit(struct damos *ds return err; dst->wmarks = src->wmarks; + dst->target_nid = src->target_nid; err = damos_commit_filters(dst, src); return err; _ Patches currently in -mm which might be from bijantabatab(a)micron.com are mm-damon-core-commit-damos-target_nid.patch mm-damon-core-commit-damos-migrate_dests.patch mm-damon-move-migration-helpers-from-paddr-to-ops-common.patch mm-damon-vaddr-add-vaddr-versions-of-migrate_hotcold.patch docs-mm-damon-design-document-vaddr-support-for-migrate_hotcold.patch mm-damon-vaddr-use-damos-migrate_dests-in-migrate_hotcold.patch mm-damon-move-folio-filtering-from-paddr-to-ops-common.patch mm-damon-vaddr-apply-filters-in-migrate_hot-cold.patch

3 months, 4 weeks

1
0
0 0

[PATCH] mm/damon/core: Commit damos->target_nid

by Bijan Tabatabai

From: Bijan Tabatabai <bijantabatab(a)micron.com> When committing new scheme parameters from the sysfs, the target_nid field of the damos struct would not be copied. This would result in the target_nid field to retain its original value, despite being updated in the sysfs interface. This patch fixes this issue by copying target_nid in damos_commit(). Cc: stable(a)vger.kernel.org Fixes: 83dc7bbaecae ("mm/damon/sysfs: use damon_commit_ctx()") Signed-off-by: Bijan Tabatabai <bijantabatab(a)micron.com> --- mm/damon/core.c | 1 + 1 file changed, 1 insertion(+) diff --git a/mm/damon/core.c b/mm/damon/core.c index 5357a18066b0..ab28ab5d08f6 100644 --- a/mm/damon/core.c +++ b/mm/damon/core.c @@ -978,6 +978,7 @@ static int damos_commit(struct damos *dst, struct damos *src) return err; dst->wmarks = src->wmarks; + dst->target_nid = src->target_nid; err = damos_commit_filters(dst, src); return err; -- 2.43.0

3 months, 4 weeks

2
1
0 0

+ selftests-mm-fix-split_huge_page_test-for-folio_split-tests.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: selftests/mm: fix split_huge_page_test for folio_split() tests. has been added to the -mm mm-hotfixes-unstable branch. Its filename is selftests-mm-fix-split_huge_page_test-for-folio_split-tests.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Zi Yan <ziy(a)nvidia.com> Subject: selftests/mm: fix split_huge_page_test for folio_split() tests. Date: Tue, 8 Jul 2025 21:27:59 -0400 PID_FMT does not have an offset field, so folio_split() tests are not performed. Add PID_FMT_OFFSET with an offset field and use it to perform folio_split() tests. Link: https://lkml.kernel.org/r/20250709012800.3225727-1-ziy@nvidia.com Fixes: 80a5c494c89f ("selftests/mm: add tests for folio_split(), buddy allocator like split") Signed-off-by: Zi Yan <ziy(a)nvidia.com> Cc: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: Barry Song <baohua(a)kernel.org> Cc: David Hildenbrand <david(a)redhat.com> Cc: Dev Jain <dev.jain(a)arm.com> Cc: Liam Howlett <liam.howlett(a)oracle.com> Cc: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Cc: Mariano Pache <npache(a)redhat.com> Cc: Ryan Roberts <ryan.roberts(a)arm.com> Cc: Shuah Khan <shuah(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- tools/testing/selftests/mm/split_huge_page_test.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/tools/testing/selftests/mm/split_huge_page_test.c~selftests-mm-fix-split_huge_page_test-for-folio_split-tests +++ a/tools/testing/selftests/mm/split_huge_page_test.c @@ -31,6 +31,7 @@ uint64_t pmd_pagesize; #define INPUT_MAX 80 #define PID_FMT "%d,0x%lx,0x%lx,%d" +#define PID_FMT_OFFSET "%d,0x%lx,0x%lx,%d,%d" #define PATH_FMT "%s,0x%lx,0x%lx,%d" #define PFN_MASK ((1UL<<55)-1) @@ -483,7 +484,7 @@ void split_thp_in_pagecache_to_order_at( write_debugfs(PID_FMT, getpid(), (uint64_t)addr, (uint64_t)addr + fd_size, order); else - write_debugfs(PID_FMT, getpid(), (uint64_t)addr, + write_debugfs(PID_FMT_OFFSET, getpid(), (uint64_t)addr, (uint64_t)addr + fd_size, order, offset); for (i = 0; i < fd_size; i++) _ Patches currently in -mm which might be from ziy(a)nvidia.com are selftests-mm-fix-split_huge_page_test-for-folio_split-tests.patch mm-rename-config_page_block_order-to-config_page_block_max_order.patch mm-page_alloc-pageblock-flags-functions-clean-up.patch mm-page_isolation-make-page-isolation-a-standalone-bit.patch mm-page_alloc-add-support-for-initializing-pageblock-as-isolated.patch mm-page_isolation-remove-migratetype-from-move_freepages_block_isolate.patch mm-page_isolation-remove-migratetype-from-undo_isolate_page_range.patch mm-page_isolation-remove-migratetype-parameter-from-more-functions.patch

3 months, 4 weeks

1
0
0 0

FAILED: patch "[PATCH] mm: userfaultfd: fix race of userfaultfd_move and swap cache" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 0ea148a799198518d8ebab63ddd0bb6114a103bc # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025063052-strive-fabulous-239b@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0ea148a799198518d8ebab63ddd0bb6114a103bc Mon Sep 17 00:00:00 2001 From: Kairui Song <kasong(a)tencent.com> Date: Wed, 4 Jun 2025 23:10:38 +0800 Subject: [PATCH] mm: userfaultfd: fix race of userfaultfd_move and swap cache This commit fixes two kinds of races, they may have different results: Barry reported a BUG_ON in commit c50f8e6053b0, we may see the same BUG_ON if the filemap lookup returned NULL and folio is added to swap cache after that. If another kind of race is triggered (folio changed after lookup) we may see RSS counter is corrupted: [ 406.893936] BUG: Bad rss-counter state mm:ffff0000c5a9ddc0 type:MM_ANONPAGES val:-1 [ 406.894071] BUG: Bad rss-counter state mm:ffff0000c5a9ddc0 type:MM_SHMEMPAGES val:1 Because the folio is being accounted to the wrong VMA. I'm not sure if there will be any data corruption though, seems no. The issues above are critical already. On seeing a swap entry PTE, userfaultfd_move does a lockless swap cache lookup, and tries to move the found folio to the faulting vma. Currently, it relies on checking the PTE value to ensure that the moved folio still belongs to the src swap entry and that no new folio has been added to the swap cache, which turns out to be unreliable. While working and reviewing the swap table series with Barry, following existing races are observed and reproduced [1]: In the example below, move_pages_pte is moving src_pte to dst_pte, where src_pte is a swap entry PTE holding swap entry S1, and S1 is not in the swap cache: CPU1 CPU2 userfaultfd_move move_pages_pte() entry = pte_to_swp_entry(orig_src_pte); // Here it got entry = S1 ... < interrupted> ... <swapin src_pte, alloc and use folio A> // folio A is a new allocated folio // and get installed into src_pte <frees swap entry S1> // src_pte now points to folio A, S1 // has swap count == 0, it can be freed // by folio_swap_swap or swap // allocator's reclaim. <try to swap out another folio B> // folio B is a folio in another VMA. <put folio B to swap cache using S1 > // S1 is freed, folio B can use it // for swap out with no problem. ... folio = filemap_get_folio(S1) // Got folio B here !!! ... < interrupted again> ... <swapin folio B and free S1> // Now S1 is free to be used again. <swapout src_pte & folio A using S1> // Now src_pte is a swap entry PTE // holding S1 again. folio_trylock(folio) move_swap_pte double_pt_lock is_pte_pages_stable // Check passed because src_pte == S1 folio_move_anon_rmap(...) // Moved invalid folio B here !!! The race window is very short and requires multiple collisions of multiple rare events, so it's very unlikely to happen, but with a deliberately constructed reproducer and increased time window, it can be reproduced easily. This can be fixed by checking if the folio returned by filemap is the valid swap cache folio after acquiring the folio lock. Another similar race is possible: filemap_get_folio may return NULL, but folio (A) could be swapped in and then swapped out again using the same swap entry after the lookup. In such a case, folio (A) may remain in the swap cache, so it must be moved too: CPU1 CPU2 userfaultfd_move move_pages_pte() entry = pte_to_swp_entry(orig_src_pte); // Here it got entry = S1, and S1 is not in swap cache folio = filemap_get_folio(S1) // Got NULL ... < interrupted again> ... <swapin folio A and free S1> <swapout folio A re-using S1> move_swap_pte double_pt_lock is_pte_pages_stable // Check passed because src_pte == S1 folio_move_anon_rmap(...) // folio A is ignored !!! Fix this by checking the swap cache again after acquiring the src_pte lock. And to avoid the filemap overhead, we check swap_map directly [2]. The SWP_SYNCHRONOUS_IO path does make the problem more complex, but so far we don't need to worry about that, since folios can only be exposed to the swap cache in the swap out path, and this is covered in this patch by checking the swap cache again after acquiring the src_pte lock. Testing with a simple C program that allocates and moves several GB of memory did not show any observable performance change. Link: https://lkml.kernel.org/r/20250604151038.21968-1-ryncsn@gmail.com Fixes: adef440691ba ("userfaultfd: UFFDIO_MOVE uABI") Signed-off-by: Kairui Song <kasong(a)tencent.com> Closes: https://lore.kernel.org/linux-mm/CAMgjq7B1K=6OOrK2OUZ0-tqCzi+EJt+2_K97TPGoS… [1] Link: https://lore.kernel.org/all/CAGsJ_4yJhJBo16XhiC-nUzSheyX-V3-nFE+tAi=8Y560K8… [2] Reviewed-by: Lokesh Gidra <lokeshgidra(a)google.com> Acked-by: Peter Xu <peterx(a)redhat.com> Reviewed-by: Suren Baghdasaryan <surenb(a)google.com> Reviewed-by: Barry Song <baohua(a)kernel.org> Reviewed-by: Chris Li <chrisl(a)kernel.org> Cc: Andrea Arcangeli <aarcange(a)redhat.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: Kairui Song <kasong(a)tencent.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/userfaultfd.c b/mm/userfaultfd.c index bc473ad21202..8253978ee0fb 100644 --- a/mm/userfaultfd.c +++ b/mm/userfaultfd.c @@ -1084,8 +1084,18 @@ static int move_swap_pte(struct mm_struct *mm, struct vm_area_struct *dst_vma, pte_t orig_dst_pte, pte_t orig_src_pte, pmd_t *dst_pmd, pmd_t dst_pmdval, spinlock_t *dst_ptl, spinlock_t *src_ptl, - struct folio *src_folio) + struct folio *src_folio, + struct swap_info_struct *si, swp_entry_t entry) { + /* + * Check if the folio still belongs to the target swap entry after + * acquiring the lock. Folio can be freed in the swap cache while + * not locked. + */ + if (src_folio && unlikely(!folio_test_swapcache(src_folio) || + entry.val != src_folio->swap.val)) + return -EAGAIN; + double_pt_lock(dst_ptl, src_ptl); if (!is_pte_pages_stable(dst_pte, src_pte, orig_dst_pte, orig_src_pte, @@ -1102,6 +1112,25 @@ static int move_swap_pte(struct mm_struct *mm, struct vm_area_struct *dst_vma, if (src_folio) { folio_move_anon_rmap(src_folio, dst_vma); src_folio->index = linear_page_index(dst_vma, dst_addr); + } else { + /* + * Check if the swap entry is cached after acquiring the src_pte + * lock. Otherwise, we might miss a newly loaded swap cache folio. + * + * Check swap_map directly to minimize overhead, READ_ONCE is sufficient. + * We are trying to catch newly added swap cache, the only possible case is + * when a folio is swapped in and out again staying in swap cache, using the + * same entry before the PTE check above. The PTL is acquired and released + * twice, each time after updating the swap_map's flag. So holding + * the PTL here ensures we see the updated value. False positive is possible, + * e.g. SWP_SYNCHRONOUS_IO swapin may set the flag without touching the + * cache, or during the tiny synchronization window between swap cache and + * swap_map, but it will be gone very quickly, worst result is retry jitters. + */ + if (READ_ONCE(si->swap_map[swp_offset(entry)]) & SWAP_HAS_CACHE) { + double_pt_unlock(dst_ptl, src_ptl); + return -EAGAIN; + } } orig_src_pte = ptep_get_and_clear(mm, src_addr, src_pte); @@ -1412,7 +1441,7 @@ static int move_pages_pte(struct mm_struct *mm, pmd_t *dst_pmd, pmd_t *src_pmd, } err = move_swap_pte(mm, dst_vma, dst_addr, src_addr, dst_pte, src_pte, orig_dst_pte, orig_src_pte, dst_pmd, dst_pmdval, - dst_ptl, src_ptl, src_folio); + dst_ptl, src_ptl, src_folio, si, entry); } out:

3 months, 4 weeks

3
2
0 0

Online support team

by hdhdjsgshsjs222＠gmail.com

Hello stable(a)vger.kernel.org Here is your Invoice details.

3 months, 4 weeks

1
0
0 0

[PATCH 2/2] crypto: x86/aegis - Add missing error checks

by Eric Biggers

The skcipher_walk functions can allocate memory and can fail, so checking for errors is necessary. Fixes: 1d373d4e8e15 ("crypto: x86 - Add optimized AEGIS implementations") Cc: stable(a)vger.kernel.org Signed-off-by: Eric Biggers <ebiggers(a)kernel.org> --- arch/x86/crypto/aegis128-aesni-glue.c | 36 +++++++++++++++++++-------- 1 file changed, 25 insertions(+), 11 deletions(-) diff --git a/arch/x86/crypto/aegis128-aesni-glue.c b/arch/x86/crypto/aegis128-aesni-glue.c index 3cb5c193038bb..f1adfba1a76ea 100644 --- a/arch/x86/crypto/aegis128-aesni-glue.c +++ b/arch/x86/crypto/aegis128-aesni-glue.c @@ -102,14 +102,16 @@ static void crypto_aegis128_aesni_process_ad( memset(buf.bytes + pos, 0, AEGIS128_BLOCK_SIZE - pos); aegis128_aesni_ad(state, buf.bytes, AEGIS128_BLOCK_SIZE); } } -static __always_inline void +static __always_inline int crypto_aegis128_aesni_process_crypt(struct aegis_state *state, struct skcipher_walk *walk, bool enc) { + int err = 0; + while (walk->nbytes >= AEGIS128_BLOCK_SIZE) { if (enc) aegis128_aesni_enc(state, walk->src.virt.addr, walk->dst.virt.addr, round_down(walk->nbytes, @@ -118,11 +120,12 @@ crypto_aegis128_aesni_process_crypt(struct aegis_state *state, aegis128_aesni_dec(state, walk->src.virt.addr, walk->dst.virt.addr, round_down(walk->nbytes, AEGIS128_BLOCK_SIZE)); kernel_fpu_end(); - skcipher_walk_done(walk, walk->nbytes % AEGIS128_BLOCK_SIZE); + err = skcipher_walk_done(walk, + walk->nbytes % AEGIS128_BLOCK_SIZE); kernel_fpu_begin(); } if (walk->nbytes) { if (enc) @@ -132,13 +135,14 @@ crypto_aegis128_aesni_process_crypt(struct aegis_state *state, else aegis128_aesni_dec_tail(state, walk->src.virt.addr, walk->dst.virt.addr, walk->nbytes); kernel_fpu_end(); - skcipher_walk_done(walk, 0); + err = skcipher_walk_done(walk, 0); kernel_fpu_begin(); } + return err; } static struct aegis_ctx *crypto_aegis128_aesni_ctx(struct crypto_aead *aead) { u8 *ctx = crypto_aead_ctx(aead); @@ -167,43 +171,50 @@ static int crypto_aegis128_aesni_setauthsize(struct crypto_aead *tfm, if (authsize < AEGIS128_MIN_AUTH_SIZE) return -EINVAL; return 0; } -static __always_inline void +static __always_inline int crypto_aegis128_aesni_crypt(struct aead_request *req, struct aegis_block *tag_xor, unsigned int cryptlen, bool enc) { struct crypto_aead *tfm = crypto_aead_reqtfm(req); struct aegis_ctx *ctx = crypto_aegis128_aesni_ctx(tfm); struct skcipher_walk walk; struct aegis_state state; + int err; if (enc) - skcipher_walk_aead_encrypt(&walk, req, false); + err = skcipher_walk_aead_encrypt(&walk, req, false); else - skcipher_walk_aead_decrypt(&walk, req, false); + err = skcipher_walk_aead_decrypt(&walk, req, false); + if (err) + return err; kernel_fpu_begin(); aegis128_aesni_init(&state, &ctx->key, req->iv); crypto_aegis128_aesni_process_ad(&state, req->src, req->assoclen); - crypto_aegis128_aesni_process_crypt(&state, &walk, enc); - aegis128_aesni_final(&state, tag_xor, req->assoclen, cryptlen); - + err = crypto_aegis128_aesni_process_crypt(&state, &walk, enc); + if (err == 0) + aegis128_aesni_final(&state, tag_xor, req->assoclen, cryptlen); kernel_fpu_end(); + return err; } static int crypto_aegis128_aesni_encrypt(struct aead_request *req) { struct crypto_aead *tfm = crypto_aead_reqtfm(req); struct aegis_block tag = {}; unsigned int authsize = crypto_aead_authsize(tfm); unsigned int cryptlen = req->cryptlen; + int err; - crypto_aegis128_aesni_crypt(req, &tag, cryptlen, true); + err = crypto_aegis128_aesni_crypt(req, &tag, cryptlen, true); + if (err) + return err; scatterwalk_map_and_copy(tag.bytes, req->dst, req->assoclen + cryptlen, authsize, 1); return 0; } @@ -214,15 +225,18 @@ static int crypto_aegis128_aesni_decrypt(struct aead_request *req) struct crypto_aead *tfm = crypto_aead_reqtfm(req); struct aegis_block tag; unsigned int authsize = crypto_aead_authsize(tfm); unsigned int cryptlen = req->cryptlen - authsize; + int err; scatterwalk_map_and_copy(tag.bytes, req->src, req->assoclen + cryptlen, authsize, 0); - crypto_aegis128_aesni_crypt(req, &tag, cryptlen, false); + err = crypto_aegis128_aesni_crypt(req, &tag, cryptlen, false); + if (err) + return err; return crypto_memneq(tag.bytes, zeros.bytes, authsize) ? -EBADMSG : 0; } static struct aead_alg crypto_aegis128_aesni_alg = { -- 2.50.0

3 months, 4 weeks

1
0
0 0

[PATCH 1/2] crypto: x86/aegis - Fix sleeping when disallowed on PREEMPT_RT

by Eric Biggers

skcipher_walk_done() can call kfree(), which takes a spinlock, which makes it incorrect to call while preemption is disabled on PREEMPT_RT. Therefore, end the kernel-mode FPU section before calling skcipher_walk_done(), and restart it afterwards. Moreover, pass atomic=false to skcipher_walk_aead_encrypt() instead of atomic=true. The point of atomic=true was to make skcipher_walk_done() safe to call while in a kernel-mode FPU section, but that does not actually work. So just use the usual atomic=false. Fixes: 1d373d4e8e15 ("crypto: x86 - Add optimized AEGIS implementations") Cc: stable(a)vger.kernel.org Signed-off-by: Eric Biggers <ebiggers(a)kernel.org> --- arch/x86/crypto/aegis128-aesni-glue.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/arch/x86/crypto/aegis128-aesni-glue.c b/arch/x86/crypto/aegis128-aesni-glue.c index f1b6d40154e35..3cb5c193038bb 100644 --- a/arch/x86/crypto/aegis128-aesni-glue.c +++ b/arch/x86/crypto/aegis128-aesni-glue.c @@ -117,11 +117,13 @@ crypto_aegis128_aesni_process_crypt(struct aegis_state *state, else aegis128_aesni_dec(state, walk->src.virt.addr, walk->dst.virt.addr, round_down(walk->nbytes, AEGIS128_BLOCK_SIZE)); + kernel_fpu_end(); skcipher_walk_done(walk, walk->nbytes % AEGIS128_BLOCK_SIZE); + kernel_fpu_begin(); } if (walk->nbytes) { if (enc) aegis128_aesni_enc_tail(state, walk->src.virt.addr, @@ -129,11 +131,13 @@ crypto_aegis128_aesni_process_crypt(struct aegis_state *state, walk->nbytes); else aegis128_aesni_dec_tail(state, walk->src.virt.addr, walk->dst.virt.addr, walk->nbytes); + kernel_fpu_end(); skcipher_walk_done(walk, 0); + kernel_fpu_begin(); } } static struct aegis_ctx *crypto_aegis128_aesni_ctx(struct crypto_aead *aead) { @@ -174,13 +178,13 @@ crypto_aegis128_aesni_crypt(struct aead_request *req, struct aegis_ctx *ctx = crypto_aegis128_aesni_ctx(tfm); struct skcipher_walk walk; struct aegis_state state; if (enc) - skcipher_walk_aead_encrypt(&walk, req, true); + skcipher_walk_aead_encrypt(&walk, req, false); else - skcipher_walk_aead_decrypt(&walk, req, true); + skcipher_walk_aead_decrypt(&walk, req, false); kernel_fpu_begin(); aegis128_aesni_init(&state, &ctx->key, req->iv); crypto_aegis128_aesni_process_ad(&state, req->src, req->assoclen); -- 2.50.0

3 months, 4 weeks

1
0
0 0

[REGRESSION] stable-rc/linux-5.15.y: (build) undefined reference to `cpu_show_tsa' in drivers/base/cpu (drivers...

by KernelCI bot

Hello, New build issue found on stable-rc/linux-5.15.y: --- undefined reference to `cpu_show_tsa' in drivers/base/cpu (drivers/base/cpu.c) [logspec:kbuild,kbuild.compiler.linker_error] --- - dashboard: https://d.kernelci.org/i/maestro:64dffa8d7ec37a4cc39ef1929ca500d06c7d1ab1 - giturl: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git - commit HEAD: 57a10c76a9922f216165558513b1e0f5a2eae559 Log excerpt: ===================================================== arm-linux-gnueabihf-ld: drivers/base/cpu.o: in function `.LANCHOR2': cpu.c:(.data+0xbc): undefined reference to `cpu_show_tsa' ===================================================== # Builds where the incident occurred: ## multi_v7_defconfig on (arm): - compiler: gcc-12 - dashboard: https://d.kernelci.org/build/maestro:686d492434612746bbb51ead #kernelci issue maestro:64dffa8d7ec37a4cc39ef1929ca500d06c7d1ab1 Reported-by: kernelci.org bot <bot(a)kernelci.org> -- This is an experimental report format. Please send feedback in! Talk to us at kernelci(a)lists.linux.dev Made with love by the KernelCI team - https://kernelci.org

3 months, 4 weeks

1
0
0 0

[PATCH 5.15 000/160] 5.15.187-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.15.187 release. There are 160 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 10 Jul 2025 18:08:52 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.187-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.15.187-rc2 Borislav Petkov (AMD) <bp(a)alien8.de> x86/process: Move the buffer clearing before MONITOR Borislav Petkov (AMD) <bp(a)alien8.de> KVM: SVM: Advertise TSA CPUID bits to guests Paolo Bonzini <pbonzini(a)redhat.com> KVM: x86: add support for CPUID leaf 0x80000021 Borislav Petkov (AMD) <bp(a)alien8.de> x86/bugs: Add a Transient Scheduler Attacks mitigation Borislav Petkov (AMD) <bp(a)alien8.de> x86/bugs: Rename MDS machinery to something more generic Andrei Kuchynski <akuchynski(a)chromium.org> usb: typec: displayport: Fix potential deadlock Kurt Borja <kuurtb(a)gmail.com> platform/x86: think-lmi: Create ksets consecutively Oliver Neukum <oneukum(a)suse.com> Logitech C-270 even more broken Michael J. Ruhl <michael.j.ruhl(a)intel.com> i2c/designware: Fix an initialization issue Peter Chen <peter.chen(a)cixtech.com> usb: cdnsp: do not disable slot for disabled slot Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: dbc: Flush queued requests before stopping dbc Łukasz Bartosik <ukaszb(a)chromium.org> xhci: dbctty: disable ECHO flag by default Kurt Borja <kuurtb(a)gmail.com> platform/x86: dell-wmi-sysman: Fix class device unregistration Kurt Borja <kuurtb(a)gmail.com> platform/x86: think-lmi: Fix class device unregistration Fushuai Wang <wangfushuai(a)baidu.com> dpaa2-eth: fix xdp_rxq_info leak Ioana Ciornei <ioana.ciornei(a)nxp.com> net: dpaa2-eth: rearrange variable in dpaa2_eth_get_ethtool_stats Radu Bulie <radu-andrei.bulie(a)nxp.com> dpaa2-eth: Update SINGLE_STEP register access Radu Bulie <radu-andrei.bulie(a)nxp.com> dpaa2-eth: Update dpni_get_single_step_cfg command Thomas Fourier <fourier.thomas(a)gmail.com> ethernet: atl1: Add missing DMA mapping error checks and count errors Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4/flexfiles: Fix handling of NFS level errors in I/O Maíra Canal <mcanal(a)igalia.com> drm/v3d: Disable interrupts before resetting the GPU Manivannan Sadhasivam <mani(a)kernel.org> regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods Jerome Neanne <jneanne(a)baylibre.com> regulator: gpio: Add input_supply support in gpio_regulator_config Avri Altman <avri.altman(a)sandisk.com> mmc: core: sd: Apply BROKEN_SD_DISCARD quirk earlier Uladzislau Rezki (Sony) <urezki(a)gmail.com> rcu: Return early if callback is not specified Pablo Martin-Gomez <pmartin-gomez(a)freebox.fr> mtd: spinand: fix memory leak of ECC engine conf Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> ACPICA: Refuse to evaluate a method if arguments are missing Johannes Berg <johannes.berg(a)intel.com> wifi: ath6kl: remove WARN on bad firmware input Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: drop invalid source address OCB frames Maurizio Lombardi <mlombard(a)redhat.com> scsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port() Madhavan Srinivasan <maddy(a)linux.ibm.com> powerpc: Fix struct termio related ioctl macros Johannes Berg <johannes.berg(a)intel.com> ata: pata_cs5536: fix build on 32-bit UML Takashi Iwai <tiwai(a)suse.de> ALSA: sb: Force to disable DMAs once when DMA mode is changed Takashi Iwai <tiwai(a)suse.de> ALSA: sb: Don't allow changing the DMA mode during operations Rob Clark <robdclark(a)chromium.org> drm/msm: Fix a fence leak in submit error path Lion Ackermann <nnamrec(a)gmail.com> net/sched: Always pass notifications when child class becomes empty Thomas Fourier <fourier.thomas(a)gmail.com> nui: Fix dma_mapping_error() check Kohei Enju <enjuk(a)amazon.com> rose: fix dangling neighbour pointers in rose_rt_device_down() Alok Tiwari <alok.a.tiwari(a)oracle.com> enic: fix incorrect MTU comparison in enic_change_mtu() Raju Rangoju <Raju.Rangoju(a)amd.com> amd-xgbe: align CL37 AN sequence as per databook Dan Carpenter <dan.carpenter(a)linaro.org> lib: test_objagg: Set error message in check_expect_hints_stats() Vitaly Lifshits <vitaly.lifshits(a)intel.com> igc: disable L1.2 PCI-E link substate to avoid performance issue Janusz Krzysztofik <janusz.krzysztofik(a)linux.intel.com> drm/i915/gt: Fix timeline left held on VMA alloc error Kurt Borja <kuurtb(a)gmail.com> platform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks Dan Carpenter <dan.carpenter(a)linaro.org> drm/i915/selftests: Change mock_request() to return error pointers James Clark <james.clark(a)linaro.org> spi: spi-fsl-dspi: Clear completion counter before initiating transfer Marek Szyprowski <m.szyprowski(a)samsung.com> drm/exynos: fimd: Guard display clock control with runtime PM calls Filipe Manana <fdmanana(a)suse.com> btrfs: fix missing error handling when searching for inode refs during log replay Patrisious Haddad <phaddad(a)nvidia.com> RDMA/mlx5: Fix CC counters query for MPV Bart Van Assche <bvanassche(a)acm.org> scsi: ufs: core: Fix spelling of a sysfs attribute name Thomas Fourier <fourier.thomas(a)gmail.com> scsi: qla4xxx: Fix missing DMA mapping error in qla4xxx_alloc_pdu() Thomas Fourier <fourier.thomas(a)gmail.com> scsi: qla2xxx: Fix DMA mapping test in qla24xx_get_port_database() Benjamin Coddington <bcodding(a)redhat.com> NFSv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN Kuniyuki Iwashima <kuniyu(a)google.com> nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails. Mark Zhang <markzhang(a)nvidia.com> RDMA/mlx5: Initialize obj_event->obj_sub_list before xa_insert David Thompson <davthompson(a)nvidia.com> platform/mellanox: mlxbf-tmfifo: fix vring_desc.len assignment Sergey Senozhatsky <senozhatsky(a)chromium.org> mtk-sd: reset host->mrq on prepare_data() error Masami Hiramatsu (Google) <mhiramat(a)kernel.org> mtk-sd: Prevent memory corruption from DMA map failure Masami Hiramatsu (Google) <mhiramat(a)kernel.org> mtk-sd: Fix a pagefault in dma_unmap_sg() for not prepared data RD Babiera <rdbabiera(a)google.com> usb: typec: altmodes/displayport: do not index invalid pin_assignments Ulf Hansson <ulf.hansson(a)linaro.org> Revert "mmc: sdhci: Disable SD card clock before changing parameters" Victor Shih <victor.shih(a)genesyslogic.com.tw> mmc: sdhci: Add a helper function for dump register in dynamic debug mode HarshaVardhana S A <harshavardhana.sa(a)broadcom.com> vsock/vmci: Clear the vmci transport packet properly when initializing it Mateusz Jończyk <mat.jonczyk(a)o2.pl> rtc: cmos: use spin_lock_irqsave in cmos_interrupt Geert Uytterhoeven <geert+renesas(a)glider.be> ARM: 9354/1: ptrace: Use bitfield helpers Josef Bacik <josef(a)toxicpanda.com> btrfs: don't drop extent_map for free space inode on write error Dev Jain <dev.jain(a)arm.com> arm64: Restrict pagetable teardown to avoid false warning Brett A C Sheffield (Librecast) <bacs(a)librecast.net> Revert "ipv6: save dontfrag in cork" Nathan Chancellor <nathan(a)kernel.org> s390: Add '-std=gnu11' to decompressor and purgatory CFLAGS Heiko Carstens <hca(a)linux.ibm.com> s390/entry: Fix last breaking event handling in case of stack corruption Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Rollback non processed entities on error Dexuan Cui <decui(a)microsoft.com> PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time Wentao Liang <vulab(a)iscas.ac.cn> drm/amd/display: Add null pointer check for get_first_active_display() Aradhya Bhatia <a-bhatia1(a)ti.com> drm/bridge: cdns-dsi: Wait for Clk and Data Lanes to be ready Aradhya Bhatia <a-bhatia1(a)ti.com> drm/bridge: cdns-dsi: Check return value when getting default PHY config Aradhya Bhatia <a-bhatia1(a)ti.com> drm/bridge: cdns-dsi: Fix connecting to next bridge Aradhya Bhatia <a-bhatia1(a)ti.com> drm/bridge: cdns-dsi: Fix the clock variable for mode_valid() Jay Cornwall <jay.cornwall(a)amd.com> drm/amdkfd: Fix race in GWS queue scheduling Thomas Zimmermann <tzimmermann(a)suse.de> drm/udl: Unregister device before cleaning up on disconnect Qiu-ji Chen <chenqiuji666(a)gmail.com> drm/tegra: Fix a possible null pointer dereference Thierry Reding <treding(a)nvidia.com> drm/tegra: Assign plane type before registration Qasim Ijaz <qasdev00(a)gmail.com> HID: wacom: fix kobject reference count leak Qasim Ijaz <qasdev00(a)gmail.com> HID: wacom: fix memory leak on sysfs attribute creation failure Qasim Ijaz <qasdev00(a)gmail.com> HID: wacom: fix memory leak on kobject creation failure Mark Harmstone <maharmstone(a)fb.com> btrfs: update superblock's device bytes_used when dropping chunk Heinz Mauelshagen <heinzm(a)redhat.com> dm-raid: fix variable in journal device check Frédéric Danis <frederic.danis(a)collabora.com> Bluetooth: L2CAP: Fix L2CAP MTU negotiation Yao Zi <ziyao(a)disroot.org> dt-bindings: serial: 8250: Make clocks and clock-frequency exclusive Nathan Chancellor <nathan(a)kernel.org> staging: rtl8723bs: Avoid memset() in aes_cipher() and aes_decipher() Jakub Kicinski <kuba(a)kernel.org> net: selftests: fix TCP packet checksum Kuniyuki Iwashima <kuniyu(a)google.com> atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister(). Simon Horman <horms(a)kernel.org> net: enetc: Correct endianness handling in _enetc_rd_reg64 Tiwei Bie <tiwei.btw(a)antgroup.com> um: ubd: Add missing error check in start_io_thread() Stefano Garzarella <sgarzare(a)redhat.com> vsock/uapi: fix linux/vm_sockets.h userspace compilation errors Kuniyuki Iwashima <kuniyu(a)google.com> af_unix: Don't set -ECONNRESET for consumed OOB skb. Lachlan Hodges <lachlan.hodges(a)morsemicro.com> wifi: mac80211: fix beacon interval calculation overflow Yuan Chen <chenyuan(a)kylinos.cn> libbpf: Fix null pointer dereference in btf_dump__free on allocation failure Al Viro <viro(a)zeniv.linux.org.uk> attach_recursive_mnt(): do not lock the covering tree when sliding something under it Youngjun Lee <yjjuny.lee(a)samsung.com> ALSA: usb-audio: Fix out-of-bounds read in snd_usb_get_audioformat_uac3() Eric Dumazet <edumazet(a)google.com> atm: clip: prevent NULL deref in clip_push() Fedor Pchelkin <pchelkin(a)ispras.ru> s390/pkey: Prevent overflow in size calculation for memdup_user() Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: robotfuzz-osif: disable zero-length read messages Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: tiny-usb: disable zero-length read messages Rong Zhang <i(a)rong.moe> platform/x86: ideapad-laptop: use usleep_range() for EC polling Thomas Zimmermann <tzimmermann(a)suse.de> dummycon: Trigger redraw when switching consoles with deferred takeover Jiri Slaby (SUSE) <jirislaby(a)kernel.org> tty: vt: make consw::con_switch() return a bool Jiri Slaby (SUSE) <jirislaby(a)kernel.org> tty: vt: sanitize arguments of consw::con_clear() Jiri Slaby (SUSE) <jirislaby(a)kernel.org> tty: vt: make init parameter of consw::con_init() a bool Jiri Slaby (SUSE) <jirislaby(a)kernel.org> vgacon: remove unneeded forward declarations Jiri Slaby (SUSE) <jirislaby(a)kernel.org> vgacon: switch vgacon_scrolldelta() and vgacon_restore_screen() Jiri Slaby <jirislaby(a)kernel.org> tty/vt: consolemap: rename and document struct uni_pagedir Daniel Vetter <daniel.vetter(a)ffwll.ch> fbcon: delete a few unneeded forward decl Long Li <longli(a)microsoft.com> uio_hv_generic: Align ring size to system page Saurabh Sengar <ssengar(a)linux.microsoft.com> uio_hv_generic: Query the ringbuffer size for device Saurabh Sengar <ssengar(a)linux.microsoft.com> Drivers: hv: vmbus: Add utility function for querying ring size Vitaly Kuznetsov <vkuznets(a)redhat.com> Drivers: hv: Rename 'alloced' to 'allocated' Murad Masimov <m.masimov(a)mt-integration.ru> fbdev: Fix do_register_framebuffer to prevent null-ptr-deref in fb_videomode_to_var Daniel Vetter <daniel.vetter(a)ffwll.ch> fbcon: Move console_lock for register/unlink/unregister Daniel Vetter <daniel.vetter(a)ffwll.ch> fbcon: use lock_fb_info in fbcon_open/release Daniel Vetter <daniel.vetter(a)ffwll.ch> fbcon: move more common code into fb_open() Daniel Vetter <daniel.vetter(a)ffwll.ch> fbcon: Extract fbcon_open/release helpers Daniel Vetter <daniel.vetter(a)ffwll.ch> fbcon: Use delayed work for cursor Chao Yu <chao(a)kernel.org> f2fs: don't over-report free space or inodes in statvfs Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ASoC: codecs: wcd9335: Fix missing free of regulator supplies Peng Fan <peng.fan(a)nxp.com> ASoC: codec: wcd9335: Convert to GPIO descriptors Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ASoC: codecs: wcd9335: Handle nicer probe deferral and simplify with dev_err_probe() Matti Vaittinen <mazziesaccount(a)gmail.com> regulator: Add devm helpers for get and enable Douglas Anderson <dianders(a)chromium.org> regulator: core: Allow drivers to define their init data as const Ming Qian <ming.qian(a)oss.nxp.com> media: imx-jpeg: Drop the first error frames Miquel Raynal <miquel.raynal(a)bootlin.com> clk: ti: am43xx: Add clkctrl data for am43xx ADC1 Marek Szyprowski <m.szyprowski(a)samsung.com> media: omap3isp: use sgtable-based scatterlist wrappers Dmitry Nikiforov <Dm1tryNk(a)yandex.ru> media: davinci: vpif: Fix memory leak in probe error path Vasiliy Kovalev <kovalev(a)altlinux.org> jfs: validate AG parameters in dbMount() to prevent crashes Dave Kleikamp <dave.kleikamp(a)oracle.com> fs/jfs: consolidate sanity checking in dbMount Kees Cook <kees(a)kernel.org> ovl: Check for NULL d_inode() in ovl_dentry_upper() Dmitry Kandybka <d.kandybka(a)gmail.com> ceph: fix possible integer overflow in ceph_zero_objects() Mario Limonciello <mario.limonciello(a)amd.com> ALSA: usb-audio: Add a quirk for Lenovo Thinkpad Thunderbolt 3 dock Vijendar Mukunda <Vijendar.Mukunda(a)amd.com> ALSA: hda: Add new pci id for AMD GPU display HD audio controller Cezary Rojewski <cezary.rojewski(a)intel.com> ALSA: hda: Ignore unsol events for cards being shut down Jos Wang <joswang(a)lenovo.com> usb: typec: displayport: Receive DP Status Update NAK request exit dp altmode Robert Hodaszi <robert.hodaszi(a)digi.com> usb: cdc-wdm: avoid setting WDM_READ for ZLP-s Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> usb: Add checks for snprintf() calls in usb_alloc_dev() Chance Yang <chance.yang(a)kneron.us> usb: common: usb-conn-gpio: use a unique name for usb connector device Jakub Lewalski <jakub.lewalski(a)nokia.com> tty: serial: uartlite: register uart driver in init Chen Yufeng <chenyufeng(a)iie.ac.cn> usb: potential integer overflow in usbg_make_tpg() Michael Grzeschik <m.grzeschik(a)pengutronix.de> usb: dwc2: also exit clock_gating when stopping udc while suspended James Clark <james.clark(a)linaro.org> coresight: Only check bottom two claim bits Sami Tolvanen <samitolvanen(a)google.com> um: Add cmpxchg8b_emu and checksum functions to asm-prototypes.h Jonathan Cameron <Jonathan.Cameron(a)huawei.com> iio: pressure: zpa2326: Use aligned_s64 for the timestamp Linggang Zeng <linggang.zeng(a)easystack.cn> bcache: fix NULL pointer in cache_set_flush() Yu Kuai <yukuai3(a)huawei.com> md/md-bitmap: fix dm-raid max_write_behind setting Thomas Gessler <thomas.gessler(a)brueckmann-gmbh.de> dmaengine: xilinx_dma: Set dma_device directions Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: allow a filename to contain special characters on SMB3.1.1 posix extension Alexis Czezar Torreno <alexisczezar.torreno(a)analog.com> hwmon: (pmbus/max34440) Fix support for max34451 Sven Schwermer <sven.schwermer(a)disruptive-technologies.com> leds: multicolor: Fix intensity setting while SW blinking Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> mfd: max14577: Fix wakeup source leaks on device unbind Peng Fan <peng.fan(a)nxp.com> mailbox: Not protect module_put with spin_lock_irqsave Olga Kornievskaia <okorniev(a)redhat.com> NFSv4.2: fix listxattr to return selinux security label Han Young <hanyang.tony(a)bytedance.com> NFSv4: Always set NLINK even if the server doesn't support it Pali Rohár <pali(a)kernel.org> cifs: Fix cifs_query_path_info() for Windows NT servers ------------- Diffstat: Documentation/ABI/testing/sysfs-devices-system-cpu | 1 + Documentation/ABI/testing/sysfs-driver-ufs | 2 +- .../hw-vuln/processor_mmio_stale_data.rst | 4 +- Documentation/admin-guide/kernel-parameters.txt | 13 + Documentation/devicetree/bindings/serial/8250.yaml | 2 +- Makefile | 4 +- arch/arm/include/asm/ptrace.h | 5 +- arch/arm64/mm/mmu.c | 3 +- arch/powerpc/include/uapi/asm/ioctls.h | 8 +- arch/s390/Makefile | 2 +- arch/s390/kernel/entry.S | 2 +- arch/s390/purgatory/Makefile | 2 +- arch/um/drivers/ubd_user.c | 2 +- arch/um/include/asm/asm-prototypes.h | 5 + arch/x86/Kconfig | 9 + arch/x86/entry/entry.S | 8 +- arch/x86/include/asm/cpu.h | 13 + arch/x86/include/asm/cpufeatures.h | 6 + arch/x86/include/asm/irqflags.h | 4 +- arch/x86/include/asm/mwait.h | 19 +- arch/x86/include/asm/nospec-branch.h | 39 ++- arch/x86/kernel/cpu/amd.c | 58 ++++ arch/x86/kernel/cpu/bugs.c | 133 +++++++- arch/x86/kernel/cpu/common.c | 14 +- arch/x86/kernel/cpu/scattered.c | 2 + arch/x86/kernel/process.c | 15 +- arch/x86/kvm/cpuid.c | 25 +- arch/x86/kvm/reverse_cpuid.h | 8 + arch/x86/kvm/svm/vmenter.S | 6 + arch/x86/kvm/vmx/vmx.c | 2 +- arch/x86/um/asm/checksum.h | 3 + drivers/acpi/acpica/dsmethod.c | 7 + drivers/ata/pata_cs5536.c | 2 +- drivers/base/cpu.c | 7 + drivers/clk/ti/clk-43xx.c | 1 + drivers/dma/xilinx/xilinx_dma.c | 2 + drivers/gpu/drm/amd/amdkfd/kfd_packet_manager_v9.c | 2 +- .../gpu/drm/amd/display/modules/hdcp/hdcp_psp.c | 3 + drivers/gpu/drm/bridge/cdns-dsi.c | 27 +- drivers/gpu/drm/exynos/exynos_drm_fimd.c | 12 + drivers/gpu/drm/i915/gt/intel_ring_submission.c | 3 +- drivers/gpu/drm/i915/selftests/i915_request.c | 20 +- drivers/gpu/drm/i915/selftests/mock_request.c | 2 +- drivers/gpu/drm/msm/msm_gem_submit.c | 9 + drivers/gpu/drm/tegra/dc.c | 17 +- drivers/gpu/drm/tegra/hub.c | 4 +- drivers/gpu/drm/tegra/hub.h | 3 +- drivers/gpu/drm/udl/udl_drv.c | 2 +- drivers/gpu/drm/v3d/v3d_drv.h | 8 + drivers/gpu/drm/v3d/v3d_gem.c | 2 + drivers/gpu/drm/v3d/v3d_irq.c | 39 ++- drivers/hid/wacom_sys.c | 6 +- drivers/hv/channel_mgmt.c | 33 +- drivers/hv/hyperv_vmbus.h | 19 +- drivers/hv/vmbus_drv.c | 2 +- drivers/hwmon/pmbus/max34440.c | 48 ++- drivers/hwtracing/coresight/coresight-core.c | 3 +- drivers/hwtracing/coresight/coresight-priv.h | 1 + drivers/i2c/busses/i2c-designware-master.c | 1 + drivers/i2c/busses/i2c-robotfuzz-osif.c | 6 + drivers/i2c/busses/i2c-tiny-usb.c | 6 + drivers/iio/pressure/zpa2326.c | 2 +- drivers/infiniband/hw/mlx5/counters.c | 2 +- drivers/infiniband/hw/mlx5/devx.c | 2 +- drivers/leds/led-class-multicolor.c | 3 +- drivers/mailbox/mailbox.c | 2 +- drivers/md/bcache/super.c | 7 +- drivers/md/dm-raid.c | 2 +- drivers/md/md-bitmap.c | 2 +- drivers/media/platform/davinci/vpif.c | 4 +- drivers/media/platform/imx-jpeg/mxc-jpeg.c | 12 +- drivers/media/platform/omap3isp/ispccdc.c | 8 +- drivers/media/platform/omap3isp/ispstat.c | 6 +- drivers/media/usb/uvc/uvc_ctrl.c | 42 ++- drivers/mfd/max14577.c | 1 + drivers/mmc/core/quirks.h | 16 +- drivers/mmc/host/mtk-sd.c | 21 +- drivers/mmc/host/sdhci.c | 9 +- drivers/mmc/host/sdhci.h | 16 + drivers/mtd/nand/spi/core.c | 1 + drivers/net/ethernet/amd/xgbe/xgbe-common.h | 2 + drivers/net/ethernet/amd/xgbe/xgbe-mdio.c | 9 + drivers/net/ethernet/amd/xgbe/xgbe.h | 4 +- drivers/net/ethernet/atheros/atlx/atl1.c | 78 +++-- drivers/net/ethernet/cisco/enic/enic_main.c | 4 +- drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 115 ++++++- drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.h | 14 +- .../net/ethernet/freescale/dpaa2/dpaa2-ethtool.c | 18 +- drivers/net/ethernet/freescale/dpaa2/dpni-cmd.h | 6 +- drivers/net/ethernet/freescale/dpaa2/dpni.c | 2 + drivers/net/ethernet/freescale/dpaa2/dpni.h | 6 + drivers/net/ethernet/freescale/enetc/enetc_hw.h | 2 +- drivers/net/ethernet/intel/igc/igc_main.c | 10 + drivers/net/ethernet/sun/niu.c | 31 +- drivers/net/ethernet/sun/niu.h | 4 + drivers/net/wireless/ath/ath6kl/bmi.c | 4 +- drivers/pci/controller/pci-hyperv.c | 17 +- drivers/platform/mellanox/mlxbf-tmfifo.c | 3 +- .../x86/dell/dell-wmi-sysman/dell-wmi-sysman.h | 5 + .../x86/dell/dell-wmi-sysman/enum-attributes.c | 5 +- .../x86/dell/dell-wmi-sysman/int-attributes.c | 5 +- .../x86/dell/dell-wmi-sysman/passobj-attributes.c | 5 +- .../x86/dell/dell-wmi-sysman/string-attributes.c | 5 +- drivers/platform/x86/dell/dell-wmi-sysman/sysman.c | 12 +- drivers/platform/x86/ideapad-laptop.c | 19 +- drivers/platform/x86/think-lmi.c | 18 +- drivers/regulator/devres.c | 192 ++++++++++++ drivers/regulator/gpio-regulator.c | 19 +- drivers/rtc/rtc-cmos.c | 10 +- drivers/s390/crypto/pkey_api.c | 2 +- drivers/scsi/qla2xxx/qla_mbx.c | 2 +- drivers/scsi/qla4xxx/ql4_os.c | 2 + drivers/scsi/ufs/ufs-sysfs.c | 4 +- drivers/spi/spi-fsl-dspi.c | 11 +- drivers/staging/rtl8723bs/core/rtw_security.c | 44 +-- drivers/target/target_core_pr.c | 4 +- drivers/tty/serial/uartlite.c | 25 +- drivers/tty/vt/consolemap.c | 47 +-- drivers/tty/vt/vt.c | 12 +- drivers/uio/uio_hv_generic.c | 10 +- drivers/usb/cdns3/cdnsp-ring.c | 4 +- drivers/usb/class/cdc-wdm.c | 23 +- drivers/usb/common/usb-conn-gpio.c | 25 +- drivers/usb/core/quirks.c | 3 +- drivers/usb/core/usb.c | 14 +- drivers/usb/dwc2/gadget.c | 6 + drivers/usb/gadget/function/f_tcm.c | 4 +- drivers/usb/host/xhci-dbgcap.c | 4 + drivers/usb/host/xhci-dbgtty.c | 1 + drivers/usb/typec/altmodes/displayport.c | 5 +- drivers/video/console/dummycon.c | 24 +- drivers/video/console/mdacon.c | 21 +- drivers/video/console/newport_con.c | 12 +- drivers/video/console/sticon.c | 14 +- drivers/video/console/vgacon.c | 38 +-- drivers/video/fbdev/core/fbcon.c | 336 ++++++++++----------- drivers/video/fbdev/core/fbcon.h | 4 +- drivers/video/fbdev/core/fbmem.c | 43 +-- fs/btrfs/inode.c | 19 +- fs/btrfs/tree-log.c | 4 +- fs/btrfs/volumes.c | 6 + fs/ceph/file.c | 2 +- fs/cifs/misc.c | 8 + fs/f2fs/super.c | 30 +- fs/jfs/jfs_dmap.c | 41 +-- fs/ksmbd/smb2pdu.c | 53 ++-- fs/namespace.c | 8 +- fs/nfs/flexfilelayout/flexfilelayout.c | 121 +++++--- fs/nfs/inode.c | 19 +- fs/nfs/nfs4proc.c | 12 +- fs/nfs/pnfs.c | 4 +- fs/overlayfs/util.c | 4 +- include/dt-bindings/clock/am4.h | 1 + include/linux/console.h | 13 +- include/linux/console_struct.h | 6 +- include/linux/cpu.h | 1 + include/linux/hyperv.h | 2 + include/linux/ipv6.h | 1 - include/linux/regulator/consumer.h | 31 ++ include/linux/regulator/gpio-regulator.h | 2 + include/linux/usb/typec_dp.h | 1 + include/uapi/linux/vm_sockets.h | 4 + kernel/rcu/tree.c | 4 + lib/test_objagg.c | 4 +- net/atm/clip.c | 11 +- net/atm/resources.c | 3 +- net/bluetooth/l2cap_core.c | 9 +- net/core/selftests.c | 5 +- net/ipv6/ip6_output.c | 9 +- net/mac80211/rx.c | 4 + net/mac80211/util.c | 2 +- net/rose/rose_route.c | 15 +- net/sched/sch_api.c | 19 +- net/unix/af_unix.c | 18 +- net/vmw_vsock/vmci_transport.c | 4 +- sound/isa/sb/sb16_main.c | 7 + sound/pci/hda/hda_bind.c | 2 +- sound/pci/hda/hda_intel.c | 3 + sound/soc/codecs/wcd9335.c | 62 ++-- sound/usb/quirks.c | 2 + sound/usb/stream.c | 2 + tools/lib/bpf/btf_dump.c | 3 + 182 files changed, 1976 insertions(+), 847 deletions(-)

3 months, 4 weeks

1
0
0 0

[REGRESSION] stable-rc/linux-5.15.y: (build) undefined reference to `cpu_show_tsa' in drivers/base/cpu (drivers...

by KernelCI bot

Hello, New build issue found on stable-rc/linux-5.15.y: --- undefined reference to `cpu_show_tsa' in drivers/base/cpu (drivers/base/cpu.c) [logspec:kbuild,kbuild.compiler.linker_error] --- - dashboard: https://d.kernelci.org/i/maestro:ed59ade8431fd2103ddcaa4aecf2bf1e5a305aa2 - giturl: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git - commit HEAD: 57a10c76a9922f216165558513b1e0f5a2eae559 Log excerpt: ===================================================== arm-linux-gnueabihf-ld: drivers/base/cpu.o: in function `.LANCHOR2': cpu.c:(.data+0xac): undefined reference to `cpu_show_tsa' ===================================================== # Builds where the incident occurred: ## vexpress_defconfig on (arm): - compiler: gcc-12 - dashboard: https://d.kernelci.org/build/maestro:686d532134612746bbb53941 #kernelci issue maestro:ed59ade8431fd2103ddcaa4aecf2bf1e5a305aa2 Reported-by: kernelci.org bot <bot(a)kernelci.org> -- This is an experimental report format. Please send feedback in! Talk to us at kernelci(a)lists.linux.dev Made with love by the KernelCI team - https://kernelci.org

3 months, 4 weeks

1
0
0 0

[REGRESSION] stable-rc/linux-5.15.y: (build) in vmlinux (Makefile:1246) [logspec:kbuild,kbuild.other]

by KernelCI bot

Hello, New build issue found on stable-rc/linux-5.15.y: --- in vmlinux (Makefile:1246) [logspec:kbuild,kbuild.other] --- - dashboard: https://d.kernelci.org/i/maestro:16639fda313460b17cc53ce3fe28a6a8157c0596 - giturl: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git - commit HEAD: 57a10c76a9922f216165558513b1e0f5a2eae559 Log excerpt: ===================================================== .lds aarch64-linux-gnu-ld: drivers/base/cpu.o:(.data+0x178): undefined reference to `cpu_show_tsa' ===================================================== # Builds where the incident occurred: ## defconfig+arm64-chromebook+kcidebug+lab-setup on (arm64): - compiler: gcc-12 - dashboard: https://d.kernelci.org/build/maestro:686d533334612746bbb53969 ## defconfig+lab-setup+arm64-chromebook+CONFIG_MODULE_COMPRESS=n+CONFIG_MODULE_COMPRESS_NONE=y on (arm64): - compiler: gcc-12 - dashboard: https://d.kernelci.org/build/maestro:686d52c134612746bbb538ca ## defconfig+lab-setup+kselftest on (arm64): - compiler: gcc-12 - dashboard: https://d.kernelci.org/build/maestro:686d494334612746bbb51edf ## imx_v6_v7_defconfig on (arm): - compiler: gcc-12 - dashboard: https://d.kernelci.org/build/maestro:686d492934612746bbb51eb3 #kernelci issue maestro:16639fda313460b17cc53ce3fe28a6a8157c0596 Reported-by: kernelci.org bot <bot(a)kernelci.org> -- This is an experimental report format. Please send feedback in! Talk to us at kernelci(a)lists.linux.dev Made with love by the KernelCI team - https://kernelci.org

3 months, 4 weeks

1
0
0 0

[REGRESSION] stable-rc/linux-6.6.y: (build) initialization of ‘int (*)(struct iommu_domain *, long unsigned in...

by KernelCI bot

Hello, New build issue found on stable-rc/linux-6.6.y: --- initialization of ‘int (*)(struct iommu_domain *, long unsigned int, size_t)’ {aka ‘int (*)(struct iommu_domain *, long unsigned int, unsigned int)’} from incompatible pointer type ‘void (*)(struct iommu_domain *, long unsigned int, size_t)’ {aka ‘void (*)(struct iommu_domain *, long unsigned int, unsigned int)’} [-Werror=incompatible-pointer-types] in drivers/iommu/tegra-gart.o (drivers/iommu/tegra-gart.c) [logspec:kbuild,kbuild.compiler.error] --- - dashboard: https://d.kernelci.org/i/maestro:09d85088a9b9d1ca7627ec9c7a3e1ea69a47f790 - giturl: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git - commit HEAD: b5872ed076bddad62df34a0ff4cbe4bbdfe45a67 Log excerpt: ===================================================== drivers/iommu/tegra-gart.c:281:35: error: initialization of ‘int (*)(struct iommu_domain *, long unsigned int, size_t)’ {aka ‘int (*)(struct iommu_domain *, long unsigned int, unsigned int)’} from incompatible pointer type ‘void (*)(struct iommu_domain *, long unsigned int, size_t)’ {aka ‘void (*)(struct iommu_domain *, long unsigned int, unsigned int)’} [-Werror=incompatible-pointer-types] 281 | .iotlb_sync_map = gart_iommu_sync_map, | ^~~~~~~~~~~~~~~~~~~ drivers/iommu/tegra-gart.c:281:35: note: (near initialization for ‘(anonymous).iotlb_sync_map’) CC drivers/gpu/host1x/hw/host1x05.o AR drivers/tty/serial/8250/built-in.a CC drivers/tty/serial/serial_core.o cc1: some warnings being treated as errors ===================================================== # Builds where the incident occurred: ## multi_v7_defconfig on (arm): - compiler: gcc-12 - dashboard: https://d.kernelci.org/build/maestro:686d54c434612746bbb54a0f #kernelci issue maestro:09d85088a9b9d1ca7627ec9c7a3e1ea69a47f790 Reported-by: kernelci.org bot <bot(a)kernelci.org> -- This is an experimental report format. Please send feedback in! Talk to us at kernelci(a)lists.linux.dev Made with love by the KernelCI team - https://kernelci.org

3 months, 4 weeks

1
0
0 0

[REGRESSION] stable-rc/linux-6.6.y: (build) incompatible function pointer types initializing 'int (*)(struct i...

by KernelCI bot

Hello, New build issue found on stable-rc/linux-6.6.y: --- incompatible function pointer types initializing 'int (*)(struct iommu_domain *, unsigned long, size_t)' (aka 'int (*)(struct iommu_domain *, unsigned long, unsigned int)') with an expression of type 'void (struct iommu_domain *, unsigned long, size_t)' (aka 'void (struct iommu_domain *, unsigned long, unsigned int)') [-Wincompatible-function-pointer-types] in drivers/iommu/tegra-gart.o (drivers/iommu/tegra-gart.c) [logspec:kbuild,kbuild.compiler.error] --- - dashboard: https://d.kernelci.org/i/maestro:387fac999fdadaaca0ca80ad07047ef2d702c09a - giturl: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git - commit HEAD: b5872ed076bddad62df34a0ff4cbe4bbdfe45a67 Log excerpt: ===================================================== drivers/iommu/tegra-gart.c:281:21: error: incompatible function pointer types initializing 'int (*)(struct iommu_domain *, unsigned long, size_t)' (aka 'int (*)(struct iommu_domain *, unsigned long, unsigned int)') with an expression of type 'void (struct iommu_domain *, unsigned long, size_t)' (aka 'void (struct iommu_domain *, unsigned long, unsigned int)') [-Wincompatible-function-pointer-types] 281 | .iotlb_sync_map = gart_iommu_sync_map, | ^~~~~~~~~~~~~~~~~~~ 1 error generated. ===================================================== # Builds where the incident occurred: ## defconfig+allmodconfig+CONFIG_FRAME_WARN=2048 on (arm): - compiler: clang-17 - dashboard: https://d.kernelci.org/build/maestro:686d4a9e34612746bbb52198 #kernelci issue maestro:387fac999fdadaaca0ca80ad07047ef2d702c09a Reported-by: kernelci.org bot <bot(a)kernelci.org> -- This is an experimental report format. Please send feedback in! Talk to us at kernelci(a)lists.linux.dev Made with love by the KernelCI team - https://kernelci.org

3 months, 4 weeks

1
0
0 0

[REGRESSION] stable-rc/linux-6.1.y: (build) undefined reference to `cpu_show_tsa' in drivers/base/cpu (drivers...

by KernelCI bot

Hello, New build issue found on stable-rc/linux-6.1.y: --- undefined reference to `cpu_show_tsa' in drivers/base/cpu (drivers/base/cpu.c) [logspec:kbuild,kbuild.compiler.linker_error] --- - dashboard: https://d.kernelci.org/i/maestro:634dca9c0041633c75d4d5ce3cb61da4d05029f1 - giturl: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git - commit HEAD: 16a0c0f862e842e4269c2142fabfece05c2380b1 Log excerpt: ===================================================== arm-linux-gnueabihf-ld: drivers/base/cpu.o: in function `.LANCHOR2': cpu.c:(.data+0xc0): undefined reference to `cpu_show_tsa' ===================================================== # Builds where the incident occurred: ## multi_v7_defconfig on (arm): - compiler: gcc-12 - dashboard: https://d.kernelci.org/build/maestro:686d53f934612746bbb53f15 ## multi_v7_defconfig+kselftest on (arm): - compiler: gcc-12 - dashboard: https://d.kernelci.org/build/maestro:686d49fc34612746bbb51ff1 #kernelci issue maestro:634dca9c0041633c75d4d5ce3cb61da4d05029f1 Reported-by: kernelci.org bot <bot(a)kernelci.org> -- This is an experimental report format. Please send feedback in! Talk to us at kernelci(a)lists.linux.dev Made with love by the KernelCI team - https://kernelci.org

3 months, 4 weeks

1
0
0 0

[REGRESSION] stable-rc/linux-6.1.y: (build) undefined reference to `cpu_show_tsa' in drivers/base/cpu (drivers...

by KernelCI bot

Hello, New build issue found on stable-rc/linux-6.1.y: --- undefined reference to `cpu_show_tsa' in drivers/base/cpu (drivers/base/cpu.c) [logspec:kbuild,kbuild.compiler.linker_error] --- - dashboard: https://d.kernelci.org/i/maestro:320f186cf70d8d6a8155682d995d1860d2ef3445 - giturl: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git - commit HEAD: 16a0c0f862e842e4269c2142fabfece05c2380b1 Log excerpt: ===================================================== arm-linux-gnueabihf-ld: drivers/base/cpu.o: in function `.LANCHOR2': cpu.c:(.data+0xb0): undefined reference to `cpu_show_tsa' ===================================================== # Builds where the incident occurred: ## vexpress_defconfig on (arm): - compiler: gcc-12 - dashboard: https://d.kernelci.org/build/maestro:686d4a0d34612746bbb52003 #kernelci issue maestro:320f186cf70d8d6a8155682d995d1860d2ef3445 Reported-by: kernelci.org bot <bot(a)kernelci.org> -- This is an experimental report format. Please send feedback in! Talk to us at kernelci(a)lists.linux.dev Made with love by the KernelCI team - https://kernelci.org

3 months, 4 weeks

1
0
0 0

[REGRESSION] stable-rc/linux-6.1.y: (build) ld.lld: error: undefined symbol: cpu_show_tsa in vmlinux (scripts/...

by KernelCI bot

Hello, New build issue found on stable-rc/linux-6.1.y: --- ld.lld: error: undefined symbol: cpu_show_tsa in vmlinux (scripts/Makefile.vmlinux:34) [logspec:kbuild,kbuild.other] --- - dashboard: https://d.kernelci.org/i/maestro:6b1157158f4d95650fb3e4447503581fbc3320c8 - giturl: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git - commit HEAD: 16a0c0f862e842e4269c2142fabfece05c2380b1 Log excerpt: ===================================================== .lds ....+...+..+. HDRTEST usr/include/linux/if_x25.h .............. CC arch/arm64/kernel/debug-monitors.o +......... HDRTEST usr/include/linux/msg.h ....+.....+.......+.. HDRTEST usr/include/linux/sonypi.h .+........+...+ CC mm/kasan/generic.o .+.. HDRTEST usr/include/linux/const.h ...+...+.............. HDRTEST usr/include/linux/affs_hardblocks.h ..+...........+...+.... HDRTEST usr/include/linux/loadpin.h ........+.+............ HDRTEST usr/include/linux/route.h +.....+.+..+............ HDRTEST usr/include/linux/v4l2-subdev.h +.+..+....+...+.. HDRTEST usr/include/linux/if_eql.h .........+....+..+.... HDRTEST usr/include/linux/netfilter_ipv4.h .....+.......+........+... HDRTEST usr/include/linux/smiapp.h ......+......+.......+ HDRTEST usr/include/linux/bsg.h ...+..+............+. HDRTEST usr/include/linux/agpgart.h .........+..+............ HDRTEST usr/include/linux/aspeed-p2a-ctrl.h .........+.............+..... CC init/do_mounts_initrd.o + HDRTEST usr/include/linux/media-bus-format.h ..........+..+...+.... HDRTEST usr/include/linux/fiemap.h ..+...+............+.... HDRTEST usr/include/linux/vfio_zdev.h ..+.........+......+..................+.+ HDRTEST usr/include/linux/socket.h ........+.......+...+.. HDRTEST usr/include/linux/lp.h .+..............+.+..... HDRTEST usr/include/linux/serio.h ...............+...+....+ HDRTEST usr/include/linux/vbox_vmmdev_types.h ..+.+...+.....+..... HDRTEST usr/include/linux/seg6_genl.h ..............+......+.. HDRTEST usr/include/linux/netfilter_ipv4/ipt_CLUSTERIP.h ........................+... HDRTEST usr/include/linux/netfilter_ipv4/ipt_ah.h +.+.....+.+...........+ HDRTEST usr/include/linux/netfilter_ipv4/ipt_TTL.h .......+..+......+... HDRTEST usr/include/linux/netfilter_ipv4/ipt_ecn.h .+...+..+.............. HDRTEST usr/include/linux/netfilter_ipv4/ipt_LOG.h .....+..+....+.....+ HDRTEST usr/include/linux/netfilter_ipv4/ipt_ECN.h ............................+ HDRTEST usr/include/linux/netfilter_ipv4/ipt_REJECT.h ..+...+......+....... HDRTEST usr/include/linux/netfilter_ipv4/ipt_ttl.h ........................+......+........... HDRTEST usr/include/linux/netfilter_ipv4/ip_tables.h ....+...+..+ AR fs/notify/fanotify/built-in.a ....+...+. CC fs/notify/fsnotify.o ....+ HDRTEST usr/include/linux/serial.h ......+.+........+..... HDRTEST usr/include/linux/btf.h .+.......+.........+... HDRTEST usr/include/linux/batadv_packet.h ...+..+...+...+......... HDRTEST usr/include/linux/filter.h ...........................+ HDRTEST usr/include/linux/fsi.h ...............+....+.. HDRTEST usr/include/linux/sysctl.h ...+++++++++++ HDRTEST usr/include/linux/smc.h +++ AS arch/arm64/kernel/entry.o ++++++ HDRTEST usr/include/linux/dqblk_xfs.h ++++++++++++++++++++++ HDRTEST usr/include/linux/apm_bios.h ++++++++++ HDRTEST usr/include/linux/virtio_bt.h ++++++++++ HDRTEST usr/include/linux/major.h +++ ......+....+.....+.+........+.+......+........+....+.....+.......+...+......+.....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*............+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+......... HDRTEST usr/include/linux/loop.h ...... CC arch/arm64/kernel/irq.o ..........+..+ CC init/initramfs.o ...... HDRTEST usr/include/linux/if_macsec.h ....+...+......+..+... HDRTEST usr/include/linux/misc/bcm_vk.h .......+.....+...............+...+....+. HDRTEST usr/include/linux/kcmp.h ..+.........+.... CC ipc/shm.o ..+.........+..............+.+. HDRTEST usr/include/linux/fsverity.h .....+............+......+.........+ HDRTEST usr/include/linux/fsmap.h .....+.+..+.........+....+..............+.......+ HDRTEST usr/include/linux/ip_vs.h .....+..........+.....+ HDRTEST usr/include/linux/fdreg.h ......+.......+........+ HDRTEST usr/include/linux/virtio_input.h .............+......... HDRTEST usr/include/linux/rseq.h ...+...+..+.......+... CC kernel/sched/fair.o .. HDRTEST usr/include/linux/veth.h .....................+... HDRTEST usr/include/linux/reboot.h ............+......+.. HDRTEST usr/include/linux/nsfs.h ..+..+....+.......... HDRTEST usr/include/linux/nfc.h ........+..+ CC mm/kasan/report_generic.o .+........ HDRTEST usr/include/linux/nfs4_mount.h ....+..+...............+... HDRTEST usr/include/linux/nfsd/debug.h .+.....+....+............+. HDRTEST usr/include/linux/nfsd/cld.h ..+...+....................+ HDRTEST usr/include/linux/nfsd/stats.h ...............+...............+. HDRTEST usr/include/linux/nfsd/export.h ......+............+.........+ HDRTEST usr/include/linux/utime.h ..+...+..........+..+ HDRTEST usr/include/linux/bt-bmc.h .......+...+........+ HDRTEST usr/include/linux/oom.h .+........+........ HDRTEST usr/include/linux/ioam6.h .....+..+............+. HDRTEST usr/include/linux/wmi.h ...............+........ HDRTEST usr/include/linux/gameport.h ....+......+++++++++++++ HDRTEST usr/include/linux/rxrpc.h ++++++++++++ HDRTEST usr/include/linux/surface_aggregator/dtx.h +++++++++ HDRTEST usr/include/linux/surface_aggregator/cdev.h +++++++++ HDRTEST usr/include/linux/if_link.h ++++++ CC arch/arm64/kernel/fpsimd.o ++++ HDRTEST usr/include/linux/fib_rules.h ++++++++++ HDRTEST usr/include/linux/zorro.h ++ ----- ld.lld: error: undefined symbol: cpu_show_tsa >>> referenced by cpu.c >>> drivers/base/cpu.o:(dev_attr_tsa) in archive vmlinux.a ===================================================== # Builds where the incident occurred: ## defconfig+allmodconfig on (arm64): - compiler: clang-17 - dashboard: https://d.kernelci.org/build/maestro:686d49d034612746bbb51fb8 ## defconfig+allmodconfig+CONFIG_FRAME_WARN=2048 on (arm): - compiler: clang-17 - dashboard: https://d.kernelci.org/build/maestro:686d49cb34612746bbb51fb2 #kernelci issue maestro:6b1157158f4d95650fb3e4447503581fbc3320c8 Reported-by: kernelci.org bot <bot(a)kernelci.org> -- This is an experimental report format. Please send feedback in! Talk to us at kernelci(a)lists.linux.dev Made with love by the KernelCI team - https://kernelci.org

3 months, 4 weeks

1
0
0 0

[REGRESSION] stable-rc/linux-5.15.y: (build) ld.lld: error: undefined symbol: cpu_show_tsa in vmlinux (Makefile...

by KernelCI bot

Hello, New build issue found on stable-rc/linux-5.15.y: --- ld.lld: error: undefined symbol: cpu_show_tsa in vmlinux (Makefile:1246) [logspec:kbuild,kbuild.other] --- - dashboard: https://d.kernelci.org/i/maestro:37759c63a97e01566b3769ef90482ca5ec2daa9f - giturl: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git - commit HEAD: 57a10c76a9922f216165558513b1e0f5a2eae559 Log excerpt: ===================================================== .lds ld.lld: error: undefined symbol: cpu_show_tsa >>> referenced by cpu.c >>> base/cpu.o:(dev_attr_tsa) in archive drivers/built-in.a ===================================================== # Builds where the incident occurred: ## defconfig+arm64-chromebook+kselftest on (arm64): - compiler: clang-17 - dashboard: https://d.kernelci.org/build/maestro:686d490a34612746bbb51e76 #kernelci issue maestro:37759c63a97e01566b3769ef90482ca5ec2daa9f Reported-by: kernelci.org bot <bot(a)kernelci.org> -- This is an experimental report format. Please send feedback in! Talk to us at kernelci(a)lists.linux.dev Made with love by the KernelCI team - https://kernelci.org

3 months, 4 weeks

1
0
0 0

[PATCH v5 1/4] scsi: fnic: Fix crash in fnic_wq_cmpl_handler when FDMI times out

by Karan Tilak Kumar

When both the RHBA and RPA FDMI requests time out, fnic reuses a frame to send ABTS for each of them. On send completion, this causes an attempt to free the same frame twice that leads to a crash. Fix crash by allocating separate frames for RHBA and RPA, and modify ABTS logic accordingly. Tested by checking MDS for FDMI information. Tested by using instrumented driver to: Drop PLOGI response Drop RHBA response Drop RPA response Drop RHBA and RPA response Drop PLOGI response + ABTS response Drop RHBA response + ABTS response Drop RPA response + ABTS response Drop RHBA and RPA response + ABTS response for both of them Fixes: 09c1e6ab4ab2 ("scsi: fnic: Add and integrate support for FDMI") Reviewed-by: Sesidhar Baddela <sebaddel(a)cisco.com> Reviewed-by: Arulprabhu Ponnusamy <arulponn(a)cisco.com> Reviewed-by: Gian Carlo Boffa <gcboffa(a)cisco.com> Tested-by: Arun Easi <aeasi(a)cisco.com> Co-developed-by: Arun Easi <aeasi(a)cisco.com> Signed-off-by: Arun Easi <aeasi(a)cisco.com> Tested-by: Karan Tilak Kumar <kartilak(a)cisco.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Karan Tilak Kumar <kartilak(a)cisco.com> --- Changes between v4 and v5: - Incorporate review comments from John: - Refactor patches Changes between v3 and v4: - Incorporate review comments from Dan: - Remove comments from Cc tag Changes between v2 and v3: - Incorporate review comments from Dan: - Add Cc to stable Changes between v1 and v2: - Incorporate review comments from Dan: - Add Fixes tag --- drivers/scsi/fnic/fdls_disc.c | 113 +++++++++++++++++++++++++--------- drivers/scsi/fnic/fnic.h | 2 +- drivers/scsi/fnic/fnic_fdls.h | 1 + 3 files changed, 87 insertions(+), 29 deletions(-) diff --git a/drivers/scsi/fnic/fdls_disc.c b/drivers/scsi/fnic/fdls_disc.c index c2b6f4eb338e..0ee1b74967b9 100644 --- a/drivers/scsi/fnic/fdls_disc.c +++ b/drivers/scsi/fnic/fdls_disc.c @@ -763,47 +763,69 @@ static void fdls_send_fabric_abts(struct fnic_iport_s *iport) iport->fabric.timer_pending = 1; } -static void fdls_send_fdmi_abts(struct fnic_iport_s *iport) +static uint8_t *fdls_alloc_init_fdmi_abts_frame(struct fnic_iport_s *iport, + uint16_t oxid) { - uint8_t *frame; + struct fc_frame_header *pfdmi_abts; uint8_t d_id[3]; + uint8_t *frame; struct fnic *fnic = iport->fnic; - struct fc_frame_header *pfabric_abts; - unsigned long fdmi_tov; - uint16_t oxid; - uint16_t frame_size = FNIC_ETH_FCOE_HDRS_OFFSET + - sizeof(struct fc_frame_header); frame = fdls_alloc_frame(iport); if (frame == NULL) { FNIC_FCS_DBG(KERN_ERR, fnic->host, fnic->fnic_num, "Failed to allocate frame to send FDMI ABTS"); - return; + return NULL; } - pfabric_abts = (struct fc_frame_header *) (frame + FNIC_ETH_FCOE_HDRS_OFFSET); + pfdmi_abts = (struct fc_frame_header *) (frame + FNIC_ETH_FCOE_HDRS_OFFSET); fdls_init_fabric_abts_frame(frame, iport); hton24(d_id, FC_FID_MGMT_SERV); - FNIC_STD_SET_D_ID(*pfabric_abts, d_id); + FNIC_STD_SET_D_ID(*pfdmi_abts, d_id); + FNIC_STD_SET_OX_ID(*pfdmi_abts, oxid); + + return frame; +} + +static void fdls_send_fdmi_abts(struct fnic_iport_s *iport) +{ + uint8_t *frame; + unsigned long fdmi_tov; + uint16_t frame_size = FNIC_ETH_FCOE_HDRS_OFFSET + + sizeof(struct fc_frame_header); if (iport->fabric.fdmi_pending & FDLS_FDMI_PLOGI_PENDING) { - oxid = iport->active_oxid_fdmi_plogi; - FNIC_STD_SET_OX_ID(*pfabric_abts, oxid); + frame = fdls_alloc_init_fdmi_abts_frame(iport, + iport->active_oxid_fdmi_plogi); + if (frame == NULL) + return; + fnic_send_fcoe_frame(iport, frame, frame_size); } else { if (iport->fabric.fdmi_pending & FDLS_FDMI_REG_HBA_PENDING) { - oxid = iport->active_oxid_fdmi_rhba; - FNIC_STD_SET_OX_ID(*pfabric_abts, oxid); + frame = fdls_alloc_init_fdmi_abts_frame(iport, + iport->active_oxid_fdmi_rhba); + if (frame == NULL) + return; + fnic_send_fcoe_frame(iport, frame, frame_size); } if (iport->fabric.fdmi_pending & FDLS_FDMI_RPA_PENDING) { - oxid = iport->active_oxid_fdmi_rpa; - FNIC_STD_SET_OX_ID(*pfabric_abts, oxid); + frame = fdls_alloc_init_fdmi_abts_frame(iport, + iport->active_oxid_fdmi_rpa); + if (frame == NULL) { + if (iport->fabric.fdmi_pending & FDLS_FDMI_REG_HBA_PENDING) + goto arm_timer; + else + return; + } + fnic_send_fcoe_frame(iport, frame, frame_size); } } +arm_timer: fdmi_tov = jiffies + msecs_to_jiffies(2 * iport->e_d_tov); mod_timer(&iport->fabric.fdmi_timer, round_jiffies(fdmi_tov)); iport->fabric.fdmi_pending |= FDLS_FDMI_ABORT_PENDING; @@ -2244,6 +2266,21 @@ void fdls_fabric_timer_callback(struct timer_list *t) spin_unlock_irqrestore(&fnic->fnic_lock, flags); } +void fdls_fdmi_retry_plogi(struct fnic_iport_s *iport) +{ + struct fnic *fnic = iport->fnic; + + iport->fabric.fdmi_pending = 0; + /* If max retries not exhausted, start over from fdmi plogi */ + if (iport->fabric.fdmi_retry < FDLS_FDMI_MAX_RETRY) { + iport->fabric.fdmi_retry++; + FNIC_FCS_DBG(KERN_INFO, fnic->host, fnic->fnic_num, + "Retry FDMI PLOGI. FDMI retry: %d", + iport->fabric.fdmi_retry); + fdls_send_fdmi_plogi(iport); + } +} + void fdls_fdmi_timer_callback(struct timer_list *t) { struct fnic_fdls_fabric_s *fabric = from_timer(fabric, t, fdmi_timer); @@ -2289,14 +2326,7 @@ void fdls_fdmi_timer_callback(struct timer_list *t) FNIC_FCS_DBG(KERN_INFO, fnic->host, fnic->fnic_num, "fdmi timer callback : 0x%x\n", iport->fabric.fdmi_pending); - iport->fabric.fdmi_pending = 0; - /* If max retries not exhaused, start over from fdmi plogi */ - if (iport->fabric.fdmi_retry < FDLS_FDMI_MAX_RETRY) { - iport->fabric.fdmi_retry++; - FNIC_FCS_DBG(KERN_INFO, fnic->host, fnic->fnic_num, - "retry fdmi timer %d", iport->fabric.fdmi_retry); - fdls_send_fdmi_plogi(iport); - } + fdls_fdmi_retry_plogi(iport); FNIC_FCS_DBG(KERN_INFO, fnic->host, fnic->fnic_num, "fdmi timer callback : 0x%x\n", iport->fabric.fdmi_pending); spin_unlock_irqrestore(&fnic->fnic_lock, flags); @@ -3714,11 +3744,32 @@ static void fdls_process_fdmi_abts_rsp(struct fnic_iport_s *iport, switch (FNIC_FRAME_TYPE(oxid)) { case FNIC_FRAME_TYPE_FDMI_PLOGI: fdls_free_oxid(iport, oxid, &iport->active_oxid_fdmi_plogi); + + iport->fabric.fdmi_pending &= ~FDLS_FDMI_PLOGI_PENDING; + iport->fabric.fdmi_pending &= ~FDLS_FDMI_ABORT_PENDING; break; case FNIC_FRAME_TYPE_FDMI_RHBA: + iport->fabric.fdmi_pending &= ~FDLS_FDMI_REG_HBA_PENDING; + + /* If RPA is still pending, don't turn off ABORT PENDING. + * We count on the timer to detect the ABTS timeout and take + * corrective action. + */ + if (!(iport->fabric.fdmi_pending & FDLS_FDMI_RPA_PENDING)) + iport->fabric.fdmi_pending &= ~FDLS_FDMI_ABORT_PENDING; + fdls_free_oxid(iport, oxid, &iport->active_oxid_fdmi_rhba); break; case FNIC_FRAME_TYPE_FDMI_RPA: + iport->fabric.fdmi_pending &= ~FDLS_FDMI_RPA_PENDING; + + /* If RHBA is still pending, don't turn off ABORT PENDING. + * We count on the timer to detect the ABTS timeout and take + * corrective action. + */ + if (!(iport->fabric.fdmi_pending & FDLS_FDMI_REG_HBA_PENDING)) + iport->fabric.fdmi_pending &= ~FDLS_FDMI_ABORT_PENDING; + fdls_free_oxid(iport, oxid, &iport->active_oxid_fdmi_rpa); break; default: @@ -3728,10 +3779,16 @@ static void fdls_process_fdmi_abts_rsp(struct fnic_iport_s *iport, break; } - timer_delete_sync(&iport->fabric.fdmi_timer); - iport->fabric.fdmi_pending &= ~FDLS_FDMI_ABORT_PENDING; - - fdls_send_fdmi_plogi(iport); + /* + * Only if ABORT PENDING is off, delete the timer, and if no other + * operations are pending, retry FDMI. + * Otherwise, let the timer pop and take the appropriate action. + */ + if (!(iport->fabric.fdmi_pending & FDLS_FDMI_ABORT_PENDING)) { + timer_delete_sync(&iport->fabric.fdmi_timer); + if (!iport->fabric.fdmi_pending) + fdls_fdmi_retry_plogi(iport); + } } static void diff --git a/drivers/scsi/fnic/fnic.h b/drivers/scsi/fnic/fnic.h index 6c5f6046b1f5..86e293ce530d 100644 --- a/drivers/scsi/fnic/fnic.h +++ b/drivers/scsi/fnic/fnic.h @@ -30,7 +30,7 @@ #define DRV_NAME "fnic" #define DRV_DESCRIPTION "Cisco FCoE HBA Driver" -#define DRV_VERSION "1.8.0.0" +#define DRV_VERSION "1.8.0.1" #define PFX DRV_NAME ": " #define DFX DRV_NAME "%d: " diff --git a/drivers/scsi/fnic/fnic_fdls.h b/drivers/scsi/fnic/fnic_fdls.h index 8e610b65ad57..531d0b37e450 100644 --- a/drivers/scsi/fnic/fnic_fdls.h +++ b/drivers/scsi/fnic/fnic_fdls.h @@ -394,6 +394,7 @@ void fdls_send_tport_abts(struct fnic_iport_s *iport, bool fdls_delete_tport(struct fnic_iport_s *iport, struct fnic_tport_s *tport); void fdls_fdmi_timer_callback(struct timer_list *t); +void fdls_fdmi_retry_plogi(struct fnic_iport_s *iport); /* fnic_fcs.c */ void fnic_fdls_init(struct fnic *fnic, int usefip); -- 2.47.1

3 months, 4 weeks

3
3
0 0

[PATCH v2] net: ethernet: rtsn: Fix a null pointer dereference in rtsn_probe()

by Haoxiang Li

Add check for the return value of rcar_gen4_ptp_alloc() to prevent potential null pointer dereference. Fixes: b0d3969d2b4d ("net: ethernet: rtsn: Add support for Renesas Ethernet-TSN") Cc: stable(a)vger.kernel.org Signed-off-by: Haoxiang Li <haoxiang_li2024(a)163.com> --- Changes in v2: - Add a blank line to make the grouping similar to the style of other error checks in probe. Thanks, Niklas! --- drivers/net/ethernet/renesas/rtsn.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/net/ethernet/renesas/rtsn.c b/drivers/net/ethernet/renesas/rtsn.c index 6b3f7fca8d15..05c4b6c8c9c3 100644 --- a/drivers/net/ethernet/renesas/rtsn.c +++ b/drivers/net/ethernet/renesas/rtsn.c @@ -1259,7 +1259,12 @@ static int rtsn_probe(struct platform_device *pdev) priv = netdev_priv(ndev); priv->pdev = pdev; priv->ndev = ndev; + priv->ptp_priv = rcar_gen4_ptp_alloc(pdev); + if (!priv->ptp_priv) { + ret = -ENOMEM; + goto error_free; + } spin_lock_init(&priv->lock); platform_set_drvdata(pdev, priv); -- 2.25.1

3 months, 4 weeks

3
2
0 0

Re: Patch "crypto: powerpc/poly1305 - add depends on BROKEN for now" has been added to the 6.12-stable tree

by Eric Biggers

On Mon, Jul 07, 2025 at 12:34:45AM -0400, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > crypto: powerpc/poly1305 - add depends on BROKEN for now > > to the 6.12-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… You forgot to Cc the relevant mailing lists. > diff --git a/arch/powerpc/lib/crypto/Kconfig b/arch/powerpc/lib/crypto/Kconfig > new file mode 100644 > index 0000000000000..3f9e1bbd9905b > --- /dev/null > +++ b/arch/powerpc/lib/crypto/Kconfig > @@ -0,0 +1,22 @@ > +# SPDX-License-Identifier: GPL-2.0-only > + > +config CRYPTO_CHACHA20_P10 > + tristate > + depends on PPC64 && CPU_LITTLE_ENDIAN && VSX > + default CRYPTO_LIB_CHACHA > + select CRYPTO_LIB_CHACHA_GENERIC > + select CRYPTO_ARCH_HAVE_LIB_CHACHA > + > +config CRYPTO_POLY1305_P10 > + tristate > + depends on PPC64 && CPU_LITTLE_ENDIAN && VSX > + depends on BROKEN # Needs to be fixed to work in softirq context > + default CRYPTO_LIB_POLY1305 > + select CRYPTO_ARCH_HAVE_LIB_POLY1305 > + select CRYPTO_LIB_POLY1305_GENERIC > + > +config CRYPTO_SHA256_PPC_SPE > + tristate > + depends on SPE > + default CRYPTO_LIB_SHA256 > + select CRYPTO_ARCH_HAVE_LIB_SHA256 Really? - Eric

3 months, 4 weeks

2
2
0 0

Please apply commit 93bd4a80efeb to v6.6.y and v6.12.y

by Guenter Roeck

Hi Greg, v6.6.y and v6.12.y fail to build corenet64_smp_defconfig. powerpc64-linux-ld: arch/powerpc/kernel/irq_64.o: in function `__replay_soft_interrupts': /opt/buildbot/slave/qemu-ppc64/build/arch/powerpc/kernel/irq_64.c:119:(.text+0x50): undefined reference to `ppc_save_regs' This is caused by the backport of upstream commit 497b7794aef0 ("powerpc: do not build ppc_save_regs.o always"). That commit made some wrong assumptions and causes the build failure. Please apply commit 93bd4a80efeb ("powerpc/kernel: Fix ppc_save_regs inclusion in build") to both branches to fix the problem. Thanks, Guenter --- bisect: # bad: [a5df3a702b2cba82bcfb066fa9f5e4a349c33924] Linux 6.6.96 # good: [c2603c511feb427b2b09f74b57816a81272932a1] Linux 6.6.93 git bisect start 'HEAD' 'c2603c511feb' # bad: [36318ff3d6bf94ea01b2caa0967f2b366c7daea6] media: venus: Fix probe error handling git bisect bad 36318ff3d6bf94ea01b2caa0967f2b366c7daea6 # bad: [c64a16344c5258dcaaa6caf2bbe2298e6e3e469c] randstruct: gcc-plugin: Remove bogus void member git bisect bad c64a16344c5258dcaaa6caf2bbe2298e6e3e469c # bad: [cb4b9369463eb6f6d0f4bdeaf35d183a935c2573] Use thread-safe function pointer in libbpf_print git bisect bad cb4b9369463eb6f6d0f4bdeaf35d183a935c2573 # bad: [aa7b90057bc3f8d9ddf50e7397facdd613de5610] x86/mtrr: Check if fixed-range MTRRs exist in mtrr_save_fixed_ranges() git bisect bad aa7b90057bc3f8d9ddf50e7397facdd613de5610 # good: [cb1e26f53e598a3946dd9b3014d6bcddd8609a47] crypto: sun8i-ss - do not use sg_dma_len before calling DMA functions git bisect good cb1e26f53e598a3946dd9b3014d6bcddd8609a47 # bad: [5810e9d402c43a63c16ce949f9d9ff59fe6832e7] crypto: sun8i-ce - move fallback ahash_request to the end of the struct git bisect bad 5810e9d402c43a63c16ce949f9d9ff59fe6832e7 # bad: [3cf4d9cae4356c2a0610d82c13c957e4a88d6d94] crypto: marvell/cesa - Avoid empty transfer descriptor git bisect bad 3cf4d9cae4356c2a0610d82c13c957e4a88d6d94 # bad: [ce167ff4cd172bb85b834d671f37151b0f7f734a] x86/microcode/AMD: Do not return error when microcode update is not necessary git bisect bad ce167ff4cd172bb85b834d671f37151b0f7f734a # bad: [4fb22310892c9bba3a170d0873e95886fbadf064] powerpc/crash: Fix non-smp kexec preparation git bisect bad 4fb22310892c9bba3a170d0873e95886fbadf064 # bad: [fdc39b3ad8a7791792408212507683bfae9f2dc5] powerpc: do not build ppc_save_regs.o always git bisect bad fdc39b3ad8a7791792408212507683bfae9f2dc5 # first bad commit: [fdc39b3ad8a7791792408212507683bfae9f2dc5] powerpc: do not build ppc_save_regs.o always

3 months, 4 weeks

2
1
0 0

[PATCH 1/1] drm/i915/dp: Refine TPS4-based HBR3 rejection and add quirk to limit eDP to HBR2

by Ankit Nautiyal

Refine the logic introduced in commit 584cf613c24a ("drm/i915/dp: Reject HBR3 when sink doesn't support TPS4") to allow HBR3 on eDP panels that report DPCD revision 1.4, even if TPS4 is not supported. This aligns with the DisplayPort specification, which does not mandate TPS4 support for eDP with DPCD rev 1.4. This change avoids regressions on panels that require HBR3 to operate at their native resolution but do not advertise TPS4 support. Additionally, some ICL/TGL platforms with combo PHY ports suffer from signal integrity issues at HBR3. While certain systems include a Parade PS8461 mux to mitigate this, its presence cannot be reliably detected. Furthermore, broken or missing VBT entries make it unsafe to rely on VBT for enforcing link rate limits. To address the HBR3-related issues on such platforms and eDP panels, introduce a device specific quirk to cap the eDP link rate to HBR2 (540000 kHz). This will override any higher advertised rates from the sink or DPCD for specific devices. Currently, the quirk is added for Dell XPS 13 7390 2-in-1 which is reported in gitlab issue #5969 [1]. [1] https://gitlab.freedesktop.org/drm/i915/kernel/-/issues/5969 [2] https://gitlab.freedesktop.org/drm/i915/kernel/-/issues/14517 Fixes: 584cf613c24a ("drm/i915/dp: Reject HBR3 when sink doesn't support TPS4") Cc: Jani Nikula <jani.nikula(a)linux.intel.com> Cc: Ville Syrj_l_ <ville.syrjala(a)linux.intel.com> Cc: <stable(a)vger.kernel.org> # v6.15+ Closes: https://gitlab.freedesktop.org/drm/i915/kernel/-/issues/5969 Closes: https://gitlab.freedesktop.org/drm/i915/kernel/-/issues/14517 Signed-off-by: Ankit Nautiyal <ankit.k.nautiyal(a)intel.com> --- drivers/gpu/drm/i915/display/intel_dp.c | 31 +++++++++++++++++++-- drivers/gpu/drm/i915/display/intel_quirks.c | 9 ++++++ drivers/gpu/drm/i915/display/intel_quirks.h | 1 + 3 files changed, 39 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/i915/display/intel_dp.c b/drivers/gpu/drm/i915/display/intel_dp.c index f48912f308df..362e376fca27 100644 --- a/drivers/gpu/drm/i915/display/intel_dp.c +++ b/drivers/gpu/drm/i915/display/intel_dp.c @@ -171,6 +171,15 @@ int intel_dp_link_symbol_clock(int rate) return DIV_ROUND_CLOSEST(rate * 10, intel_dp_link_symbol_size(rate)); } +static bool intel_dp_reject_hbr3_due_to_tps4(struct intel_dp *intel_dp) +{ + /* TPS4 is not mandatory for eDP with DPCD rev 1.4 */ + if (intel_dp_is_edp(intel_dp) && intel_dp->dpcd[DP_DPCD_REV] == 0x14) + return false; + + return !drm_dp_tps4_supported(intel_dp->dpcd); +} + static int max_dprx_rate(struct intel_dp *intel_dp) { struct intel_display *display = to_intel_display(intel_dp); @@ -187,13 +196,22 @@ static int max_dprx_rate(struct intel_dp *intel_dp) * HBR3 without TPS4, and are unable to produce a stable * output. Reject HBR3 when TPS4 is not available. */ - if (max_rate >= 810000 && !drm_dp_tps4_supported(intel_dp->dpcd)) { + if (max_rate >= 810000 && intel_dp_reject_hbr3_due_to_tps4(intel_dp)) { drm_dbg_kms(display->drm, "[ENCODER:%d:%s] Rejecting HBR3 due to missing TPS4 support\n", encoder->base.base.id, encoder->base.name); max_rate = 540000; } + /* + * Some platforms + eDP panels may not reliably support HBR3 + * due to signal integrity limitations, despite advertising it. + * Cap the link rate to HBR2 to avoid unstable configurations for the + * known machines. + */ + if (intel_dp_is_edp(intel_dp) && intel_has_quirk(display, QUIRK_EDP_LIMIT_RATE_HBR2)) + max_rate = min(max_rate, 540000); + return max_rate; } @@ -4304,13 +4322,22 @@ intel_edp_set_sink_rates(struct intel_dp *intel_dp) * HBR3 without TPS4, and are unable to produce a stable * output. Reject HBR3 when TPS4 is not available. */ - if (rate >= 810000 && !drm_dp_tps4_supported(intel_dp->dpcd)) { + if (rate >= 810000 && intel_dp_reject_hbr3_due_to_tps4(intel_dp)) { drm_dbg_kms(display->drm, "[ENCODER:%d:%s] Rejecting HBR3 due to missing TPS4 support\n", encoder->base.base.id, encoder->base.name); break; } + /* + * Some platforms cannot reliably drive HBR3 rates due to PHY limitations, + * even if the sink advertises support. Reject any sink rates above HBR2 on + * the known machines for stable output. + */ + if (rate >= 810000 && + intel_has_quirk(display, QUIRK_EDP_LIMIT_RATE_HBR2)) + break; + intel_dp->sink_rates[i] = rate; } intel_dp->num_sink_rates = i; diff --git a/drivers/gpu/drm/i915/display/intel_quirks.c b/drivers/gpu/drm/i915/display/intel_quirks.c index a32fae510ed2..d2e16b79d6be 100644 --- a/drivers/gpu/drm/i915/display/intel_quirks.c +++ b/drivers/gpu/drm/i915/display/intel_quirks.c @@ -80,6 +80,12 @@ static void quirk_fw_sync_len(struct intel_dp *intel_dp) drm_info(display->drm, "Applying Fast Wake sync pulse count quirk\n"); } +static void quirk_edp_limit_rate_hbr2(struct intel_display *display) +{ + intel_set_quirk(display, QUIRK_EDP_LIMIT_RATE_HBR2); + drm_info(display->drm, "Applying eDP Limit rate to HBR2 quirk\n"); +} + struct intel_quirk { int device; int subsystem_vendor; @@ -231,6 +237,9 @@ static struct intel_quirk intel_quirks[] = { { 0x3184, 0x1019, 0xa94d, quirk_increase_ddi_disabled_time }, /* HP Notebook - 14-r206nv */ { 0x0f31, 0x103c, 0x220f, quirk_invert_brightness }, + + /* Dell XPS 13 7390 2-in-1 */ + { 0x8a12, 0x1028, 0x08b0, quirk_edp_limit_rate_hbr2 }, }; static const struct intel_dpcd_quirk intel_dpcd_quirks[] = { diff --git a/drivers/gpu/drm/i915/display/intel_quirks.h b/drivers/gpu/drm/i915/display/intel_quirks.h index cafdebda7535..06da0e286c67 100644 --- a/drivers/gpu/drm/i915/display/intel_quirks.h +++ b/drivers/gpu/drm/i915/display/intel_quirks.h @@ -20,6 +20,7 @@ enum intel_quirk_id { QUIRK_LVDS_SSC_DISABLE, QUIRK_NO_PPS_BACKLIGHT_POWER_HOOK, QUIRK_FW_SYNC_LEN, + QUIRK_EDP_LIMIT_RATE_HBR2, }; void intel_init_quirks(struct intel_display *display); -- 2.45.2

3 months, 4 weeks

3
5
0 0

FAILED: patch "[PATCH] cifs: all initializations for tcon should happen in" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 74ebd02163fde05baa23129e06dde4b8f0f2377a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025070801-extended-myspace-c081@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 74ebd02163fde05baa23129e06dde4b8f0f2377a Mon Sep 17 00:00:00 2001 From: Shyam Prasad N <sprasad(a)microsoft.com> Date: Mon, 30 Jun 2025 23:09:34 +0530 Subject: [PATCH] cifs: all initializations for tcon should happen in tcon_info_alloc Today, a few work structs inside tcon are initialized inside cifs_get_tcon and not in tcon_info_alloc. As a result, if a tcon is obtained from tcon_info_alloc, but not called as a part of cifs_get_tcon, we may trip over. Cc: <stable(a)vger.kernel.org> Signed-off-by: Shyam Prasad N <sprasad(a)microsoft.com> Reviewed-by: Paulo Alcantara (Red Hat) <pc(a)manguebit.org> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/client/cifsproto.h b/fs/smb/client/cifsproto.h index 66093fa78aed..045227ed4efc 100644 --- a/fs/smb/client/cifsproto.h +++ b/fs/smb/client/cifsproto.h @@ -136,6 +136,7 @@ extern int SendReceiveBlockingLock(const unsigned int xid, struct smb_hdr *out_buf, int *bytes_returned); +void smb2_query_server_interfaces(struct work_struct *work); void cifs_signal_cifsd_for_reconnect(struct TCP_Server_Info *server, bool all_channels); diff --git a/fs/smb/client/connect.c b/fs/smb/client/connect.c index 685c65dcb8c4..484b677143fd 100644 --- a/fs/smb/client/connect.c +++ b/fs/smb/client/connect.c @@ -97,7 +97,7 @@ static int reconn_set_ipaddr_from_hostname(struct TCP_Server_Info *server) return rc; } -static void smb2_query_server_interfaces(struct work_struct *work) +void smb2_query_server_interfaces(struct work_struct *work) { int rc; int xid; @@ -2880,20 +2880,14 @@ cifs_get_tcon(struct cifs_ses *ses, struct smb3_fs_context *ctx) tcon->max_cached_dirs = ctx->max_cached_dirs; tcon->nodelete = ctx->nodelete; tcon->local_lease = ctx->local_lease; - INIT_LIST_HEAD(&tcon->pending_opens); tcon->status = TID_GOOD; - INIT_DELAYED_WORK(&tcon->query_interfaces, - smb2_query_server_interfaces); if (ses->server->dialect >= SMB30_PROT_ID && (ses->server->capabilities & SMB2_GLOBAL_CAP_MULTI_CHANNEL)) { /* schedule query interfaces poll */ queue_delayed_work(cifsiod_wq, &tcon->query_interfaces, (SMB_INTERFACE_POLL_INTERVAL * HZ)); } -#ifdef CONFIG_CIFS_DFS_UPCALL - INIT_DELAYED_WORK(&tcon->dfs_cache_work, dfs_cache_refresh); -#endif spin_lock(&cifs_tcp_ses_lock); list_add(&tcon->tcon_list, &ses->tcon_list); spin_unlock(&cifs_tcp_ses_lock); diff --git a/fs/smb/client/misc.c b/fs/smb/client/misc.c index e77017f47084..da23cc12a52c 100644 --- a/fs/smb/client/misc.c +++ b/fs/smb/client/misc.c @@ -151,6 +151,12 @@ tcon_info_alloc(bool dir_leases_enabled, enum smb3_tcon_ref_trace trace) #ifdef CONFIG_CIFS_DFS_UPCALL INIT_LIST_HEAD(&ret_buf->dfs_ses_list); #endif + INIT_LIST_HEAD(&ret_buf->pending_opens); + INIT_DELAYED_WORK(&ret_buf->query_interfaces, + smb2_query_server_interfaces); +#ifdef CONFIG_CIFS_DFS_UPCALL + INIT_DELAYED_WORK(&ret_buf->dfs_cache_work, dfs_cache_refresh); +#endif return ret_buf; }

3 months, 4 weeks

1
0
0 0

FAILED: patch "[PATCH] usb: typec: tcpm: apply vbus before data bringup in" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x bec15191d52300defa282e3fd83820f69e447116 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025070816-impatient-condiment-51e9@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From bec15191d52300defa282e3fd83820f69e447116 Mon Sep 17 00:00:00 2001 From: RD Babiera <rdbabiera(a)google.com> Date: Wed, 18 Jun 2025 23:06:04 +0000 Subject: [PATCH] usb: typec: tcpm: apply vbus before data bringup in tcpm_src_attach This patch fixes Type-C compliance test TD 4.7.6 - Try.SNK DRP Connect SNKAS. tVbusON has a limit of 275ms when entering SRC_ATTACHED. Compliance testers can interpret the TryWait.Src to Attached.Src transition after Try.Snk as being in Attached.Src the entire time, so ~170ms is lost to the debounce timer. Setting the data role can be a costly operation in host mode, and when completed after 100ms can cause Type-C compliance test check TD 4.7.5.V.4 to fail. Turn VBUS on before tcpm_set_roles to meet timing requirement. Fixes: f0690a25a140 ("staging: typec: USB Type-C Port Manager (tcpm)") Cc: stable <stable(a)kernel.org> Signed-off-by: RD Babiera <rdbabiera(a)google.com> Reviewed-by: Badhri Jagan Sridharan <badhri(a)google.com> Reviewed-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Link: https://lore.kernel.org/r/20250618230606.3272497-2-rdbabiera@google.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/typec/tcpm/tcpm.c b/drivers/usb/typec/tcpm/tcpm.c index 1a1f9e1f8e4e..1f6fdfaa34bf 100644 --- a/drivers/usb/typec/tcpm/tcpm.c +++ b/drivers/usb/typec/tcpm/tcpm.c @@ -4410,17 +4410,6 @@ static int tcpm_src_attach(struct tcpm_port *port) tcpm_enable_auto_vbus_discharge(port, true); - ret = tcpm_set_roles(port, true, TYPEC_STATE_USB, - TYPEC_SOURCE, tcpm_data_role_for_source(port)); - if (ret < 0) - return ret; - - if (port->pd_supported) { - ret = port->tcpc->set_pd_rx(port->tcpc, true); - if (ret < 0) - goto out_disable_mux; - } - /* * USB Type-C specification, version 1.2, * chapter 4.5.2.2.8.1 (Attached.SRC Requirements) @@ -4430,13 +4419,24 @@ static int tcpm_src_attach(struct tcpm_port *port) (polarity == TYPEC_POLARITY_CC2 && port->cc1 == TYPEC_CC_RA)) { ret = tcpm_set_vconn(port, true); if (ret < 0) - goto out_disable_pd; + return ret; } ret = tcpm_set_vbus(port, true); if (ret < 0) goto out_disable_vconn; + ret = tcpm_set_roles(port, true, TYPEC_STATE_USB, TYPEC_SOURCE, + tcpm_data_role_for_source(port)); + if (ret < 0) + goto out_disable_vbus; + + if (port->pd_supported) { + ret = port->tcpc->set_pd_rx(port->tcpc, true); + if (ret < 0) + goto out_disable_mux; + } + port->pd_capable = false; port->partner = NULL; @@ -4447,14 +4447,14 @@ static int tcpm_src_attach(struct tcpm_port *port) return 0; -out_disable_vconn: - tcpm_set_vconn(port, false); -out_disable_pd: - if (port->pd_supported) - port->tcpc->set_pd_rx(port->tcpc, false); out_disable_mux: tcpm_mux_set(port, TYPEC_STATE_SAFE, USB_ROLE_NONE, TYPEC_ORIENTATION_NONE); +out_disable_vbus: + tcpm_set_vbus(port, false); +out_disable_vconn: + tcpm_set_vconn(port, false); + return ret; }

3 months, 4 weeks

1
0
0 0

FAILED: patch "[PATCH] usb: typec: tcpm: apply vbus before data bringup in" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x bec15191d52300defa282e3fd83820f69e447116 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025070816-transpose-wharf-eb6a@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From bec15191d52300defa282e3fd83820f69e447116 Mon Sep 17 00:00:00 2001 From: RD Babiera <rdbabiera(a)google.com> Date: Wed, 18 Jun 2025 23:06:04 +0000 Subject: [PATCH] usb: typec: tcpm: apply vbus before data bringup in tcpm_src_attach This patch fixes Type-C compliance test TD 4.7.6 - Try.SNK DRP Connect SNKAS. tVbusON has a limit of 275ms when entering SRC_ATTACHED. Compliance testers can interpret the TryWait.Src to Attached.Src transition after Try.Snk as being in Attached.Src the entire time, so ~170ms is lost to the debounce timer. Setting the data role can be a costly operation in host mode, and when completed after 100ms can cause Type-C compliance test check TD 4.7.5.V.4 to fail. Turn VBUS on before tcpm_set_roles to meet timing requirement. Fixes: f0690a25a140 ("staging: typec: USB Type-C Port Manager (tcpm)") Cc: stable <stable(a)kernel.org> Signed-off-by: RD Babiera <rdbabiera(a)google.com> Reviewed-by: Badhri Jagan Sridharan <badhri(a)google.com> Reviewed-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Link: https://lore.kernel.org/r/20250618230606.3272497-2-rdbabiera@google.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/typec/tcpm/tcpm.c b/drivers/usb/typec/tcpm/tcpm.c index 1a1f9e1f8e4e..1f6fdfaa34bf 100644 --- a/drivers/usb/typec/tcpm/tcpm.c +++ b/drivers/usb/typec/tcpm/tcpm.c @@ -4410,17 +4410,6 @@ static int tcpm_src_attach(struct tcpm_port *port) tcpm_enable_auto_vbus_discharge(port, true); - ret = tcpm_set_roles(port, true, TYPEC_STATE_USB, - TYPEC_SOURCE, tcpm_data_role_for_source(port)); - if (ret < 0) - return ret; - - if (port->pd_supported) { - ret = port->tcpc->set_pd_rx(port->tcpc, true); - if (ret < 0) - goto out_disable_mux; - } - /* * USB Type-C specification, version 1.2, * chapter 4.5.2.2.8.1 (Attached.SRC Requirements) @@ -4430,13 +4419,24 @@ static int tcpm_src_attach(struct tcpm_port *port) (polarity == TYPEC_POLARITY_CC2 && port->cc1 == TYPEC_CC_RA)) { ret = tcpm_set_vconn(port, true); if (ret < 0) - goto out_disable_pd; + return ret; } ret = tcpm_set_vbus(port, true); if (ret < 0) goto out_disable_vconn; + ret = tcpm_set_roles(port, true, TYPEC_STATE_USB, TYPEC_SOURCE, + tcpm_data_role_for_source(port)); + if (ret < 0) + goto out_disable_vbus; + + if (port->pd_supported) { + ret = port->tcpc->set_pd_rx(port->tcpc, true); + if (ret < 0) + goto out_disable_mux; + } + port->pd_capable = false; port->partner = NULL; @@ -4447,14 +4447,14 @@ static int tcpm_src_attach(struct tcpm_port *port) return 0; -out_disable_vconn: - tcpm_set_vconn(port, false); -out_disable_pd: - if (port->pd_supported) - port->tcpc->set_pd_rx(port->tcpc, false); out_disable_mux: tcpm_mux_set(port, TYPEC_STATE_SAFE, USB_ROLE_NONE, TYPEC_ORIENTATION_NONE); +out_disable_vbus: + tcpm_set_vbus(port, false); +out_disable_vconn: + tcpm_set_vconn(port, false); + return ret; }

3 months, 4 weeks

1
0
0 0

FAILED: patch "[PATCH] platform/x86: think-lmi: Fix sysfs group cleanup" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 4f30f946f27b7f044cf8f3f1f353dee1dcd3517a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025070829-barometer-imagines-9277@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 4f30f946f27b7f044cf8f3f1f353dee1dcd3517a Mon Sep 17 00:00:00 2001 From: Kurt Borja <kuurtb(a)gmail.com> Date: Mon, 30 Jun 2025 14:31:21 -0300 Subject: [PATCH] platform/x86: think-lmi: Fix sysfs group cleanup MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Many error paths in tlmi_sysfs_init() lead to sysfs groups being removed when they were not even created. Fix this by letting the kobject core manage these groups through their kobj_type's defult_groups. Fixes: a40cd7ef22fb ("platform/x86: think-lmi: Add WMI interface support on Lenovo platforms") Cc: stable(a)vger.kernel.org Reviewed-by: Mark Pearson <mpearson-lenovo(a)squebb.ca> Reviewed-by: Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> Signed-off-by: Kurt Borja <kuurtb(a)gmail.com> Link: https://lore.kernel.org/r/20250630-lmi-fix-v3-3-ce4f81c9c481@gmail.com Signed-off-by: Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> diff --git a/drivers/platform/x86/think-lmi.c b/drivers/platform/x86/think-lmi.c index 69f361f21f0f..b73b84fdb15e 100644 --- a/drivers/platform/x86/think-lmi.c +++ b/drivers/platform/x86/think-lmi.c @@ -973,6 +973,7 @@ static const struct attribute_group auth_attr_group = { .is_visible = auth_attr_is_visible, .attrs = auth_attrs, }; +__ATTRIBUTE_GROUPS(auth_attr); /* ---- Attributes sysfs --------------------------------------------------------- */ static ssize_t display_name_show(struct kobject *kobj, struct kobj_attribute *attr, @@ -1188,6 +1189,7 @@ static const struct attribute_group tlmi_attr_group = { .is_visible = attr_is_visible, .attrs = tlmi_attrs, }; +__ATTRIBUTE_GROUPS(tlmi_attr); static void tlmi_attr_setting_release(struct kobject *kobj) { @@ -1207,11 +1209,13 @@ static void tlmi_pwd_setting_release(struct kobject *kobj) static const struct kobj_type tlmi_attr_setting_ktype = { .release = &tlmi_attr_setting_release, .sysfs_ops = &kobj_sysfs_ops, + .default_groups = tlmi_attr_groups, }; static const struct kobj_type tlmi_pwd_setting_ktype = { .release = &tlmi_pwd_setting_release, .sysfs_ops = &kobj_sysfs_ops, + .default_groups = auth_attr_groups, }; static ssize_t pending_reboot_show(struct kobject *kobj, struct kobj_attribute *attr, @@ -1381,14 +1385,8 @@ static struct kobj_attribute debug_cmd = __ATTR_WO(debug_cmd); static void tlmi_release_attr(void) { struct kobject *pos, *n; - int i; /* Attribute structures */ - for (i = 0; i < TLMI_SETTINGS_COUNT; i++) { - if (tlmi_priv.setting[i]) { - sysfs_remove_group(&tlmi_priv.setting[i]->kobj, &tlmi_attr_group); - } - } sysfs_remove_file(&tlmi_priv.attribute_kset->kobj, &pending_reboot.attr); sysfs_remove_file(&tlmi_priv.attribute_kset->kobj, &save_settings.attr); @@ -1405,15 +1403,6 @@ static void tlmi_release_attr(void) kfree(tlmi_priv.pwd_admin->save_signature); /* Authentication structures */ - sysfs_remove_group(&tlmi_priv.pwd_admin->kobj, &auth_attr_group); - sysfs_remove_group(&tlmi_priv.pwd_power->kobj, &auth_attr_group); - - if (tlmi_priv.opcode_support) { - sysfs_remove_group(&tlmi_priv.pwd_system->kobj, &auth_attr_group); - sysfs_remove_group(&tlmi_priv.pwd_hdd->kobj, &auth_attr_group); - sysfs_remove_group(&tlmi_priv.pwd_nvme->kobj, &auth_attr_group); - } - list_for_each_entry_safe(pos, n, &tlmi_priv.authentication_kset->list, entry) kobject_put(pos); @@ -1484,10 +1473,6 @@ static int tlmi_sysfs_init(void) NULL, "%s", tlmi_priv.setting[i]->display_name); if (ret) goto fail_create_attr; - - ret = sysfs_create_group(&tlmi_priv.setting[i]->kobj, &tlmi_attr_group); - if (ret) - goto fail_create_attr; } ret = sysfs_create_file(&tlmi_priv.attribute_kset->kobj, &pending_reboot.attr); @@ -1511,20 +1496,12 @@ static int tlmi_sysfs_init(void) if (ret) goto fail_create_attr; - ret = sysfs_create_group(&tlmi_priv.pwd_admin->kobj, &auth_attr_group); - if (ret) - goto fail_create_attr; - tlmi_priv.pwd_power->kobj.kset = tlmi_priv.authentication_kset; ret = kobject_init_and_add(&tlmi_priv.pwd_power->kobj, &tlmi_pwd_setting_ktype, NULL, "%s", "Power-on"); if (ret) goto fail_create_attr; - ret = sysfs_create_group(&tlmi_priv.pwd_power->kobj, &auth_attr_group); - if (ret) - goto fail_create_attr; - if (tlmi_priv.opcode_support) { tlmi_priv.pwd_system->kobj.kset = tlmi_priv.authentication_kset; ret = kobject_init_and_add(&tlmi_priv.pwd_system->kobj, &tlmi_pwd_setting_ktype, @@ -1532,29 +1509,17 @@ static int tlmi_sysfs_init(void) if (ret) goto fail_create_attr; - ret = sysfs_create_group(&tlmi_priv.pwd_system->kobj, &auth_attr_group); - if (ret) - goto fail_create_attr; - tlmi_priv.pwd_hdd->kobj.kset = tlmi_priv.authentication_kset; ret = kobject_init_and_add(&tlmi_priv.pwd_hdd->kobj, &tlmi_pwd_setting_ktype, NULL, "%s", "HDD"); if (ret) goto fail_create_attr; - ret = sysfs_create_group(&tlmi_priv.pwd_hdd->kobj, &auth_attr_group); - if (ret) - goto fail_create_attr; - tlmi_priv.pwd_nvme->kobj.kset = tlmi_priv.authentication_kset; ret = kobject_init_and_add(&tlmi_priv.pwd_nvme->kobj, &tlmi_pwd_setting_ktype, NULL, "%s", "NVMe"); if (ret) goto fail_create_attr; - - ret = sysfs_create_group(&tlmi_priv.pwd_nvme->kobj, &auth_attr_group); - if (ret) - goto fail_create_attr; } return ret;

3 months, 4 weeks

1
0
0 0

FAILED: patch "[PATCH] platform/x86: think-lmi: Fix sysfs group cleanup" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 4f30f946f27b7f044cf8f3f1f353dee1dcd3517a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025070828-depose-reaffirm-f1ea@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 4f30f946f27b7f044cf8f3f1f353dee1dcd3517a Mon Sep 17 00:00:00 2001 From: Kurt Borja <kuurtb(a)gmail.com> Date: Mon, 30 Jun 2025 14:31:21 -0300 Subject: [PATCH] platform/x86: think-lmi: Fix sysfs group cleanup MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Many error paths in tlmi_sysfs_init() lead to sysfs groups being removed when they were not even created. Fix this by letting the kobject core manage these groups through their kobj_type's defult_groups. Fixes: a40cd7ef22fb ("platform/x86: think-lmi: Add WMI interface support on Lenovo platforms") Cc: stable(a)vger.kernel.org Reviewed-by: Mark Pearson <mpearson-lenovo(a)squebb.ca> Reviewed-by: Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> Signed-off-by: Kurt Borja <kuurtb(a)gmail.com> Link: https://lore.kernel.org/r/20250630-lmi-fix-v3-3-ce4f81c9c481@gmail.com Signed-off-by: Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> diff --git a/drivers/platform/x86/think-lmi.c b/drivers/platform/x86/think-lmi.c index 69f361f21f0f..b73b84fdb15e 100644 --- a/drivers/platform/x86/think-lmi.c +++ b/drivers/platform/x86/think-lmi.c @@ -973,6 +973,7 @@ static const struct attribute_group auth_attr_group = { .is_visible = auth_attr_is_visible, .attrs = auth_attrs, }; +__ATTRIBUTE_GROUPS(auth_attr); /* ---- Attributes sysfs --------------------------------------------------------- */ static ssize_t display_name_show(struct kobject *kobj, struct kobj_attribute *attr, @@ -1188,6 +1189,7 @@ static const struct attribute_group tlmi_attr_group = { .is_visible = attr_is_visible, .attrs = tlmi_attrs, }; +__ATTRIBUTE_GROUPS(tlmi_attr); static void tlmi_attr_setting_release(struct kobject *kobj) { @@ -1207,11 +1209,13 @@ static void tlmi_pwd_setting_release(struct kobject *kobj) static const struct kobj_type tlmi_attr_setting_ktype = { .release = &tlmi_attr_setting_release, .sysfs_ops = &kobj_sysfs_ops, + .default_groups = tlmi_attr_groups, }; static const struct kobj_type tlmi_pwd_setting_ktype = { .release = &tlmi_pwd_setting_release, .sysfs_ops = &kobj_sysfs_ops, + .default_groups = auth_attr_groups, }; static ssize_t pending_reboot_show(struct kobject *kobj, struct kobj_attribute *attr, @@ -1381,14 +1385,8 @@ static struct kobj_attribute debug_cmd = __ATTR_WO(debug_cmd); static void tlmi_release_attr(void) { struct kobject *pos, *n; - int i; /* Attribute structures */ - for (i = 0; i < TLMI_SETTINGS_COUNT; i++) { - if (tlmi_priv.setting[i]) { - sysfs_remove_group(&tlmi_priv.setting[i]->kobj, &tlmi_attr_group); - } - } sysfs_remove_file(&tlmi_priv.attribute_kset->kobj, &pending_reboot.attr); sysfs_remove_file(&tlmi_priv.attribute_kset->kobj, &save_settings.attr); @@ -1405,15 +1403,6 @@ static void tlmi_release_attr(void) kfree(tlmi_priv.pwd_admin->save_signature); /* Authentication structures */ - sysfs_remove_group(&tlmi_priv.pwd_admin->kobj, &auth_attr_group); - sysfs_remove_group(&tlmi_priv.pwd_power->kobj, &auth_attr_group); - - if (tlmi_priv.opcode_support) { - sysfs_remove_group(&tlmi_priv.pwd_system->kobj, &auth_attr_group); - sysfs_remove_group(&tlmi_priv.pwd_hdd->kobj, &auth_attr_group); - sysfs_remove_group(&tlmi_priv.pwd_nvme->kobj, &auth_attr_group); - } - list_for_each_entry_safe(pos, n, &tlmi_priv.authentication_kset->list, entry) kobject_put(pos); @@ -1484,10 +1473,6 @@ static int tlmi_sysfs_init(void) NULL, "%s", tlmi_priv.setting[i]->display_name); if (ret) goto fail_create_attr; - - ret = sysfs_create_group(&tlmi_priv.setting[i]->kobj, &tlmi_attr_group); - if (ret) - goto fail_create_attr; } ret = sysfs_create_file(&tlmi_priv.attribute_kset->kobj, &pending_reboot.attr); @@ -1511,20 +1496,12 @@ static int tlmi_sysfs_init(void) if (ret) goto fail_create_attr; - ret = sysfs_create_group(&tlmi_priv.pwd_admin->kobj, &auth_attr_group); - if (ret) - goto fail_create_attr; - tlmi_priv.pwd_power->kobj.kset = tlmi_priv.authentication_kset; ret = kobject_init_and_add(&tlmi_priv.pwd_power->kobj, &tlmi_pwd_setting_ktype, NULL, "%s", "Power-on"); if (ret) goto fail_create_attr; - ret = sysfs_create_group(&tlmi_priv.pwd_power->kobj, &auth_attr_group); - if (ret) - goto fail_create_attr; - if (tlmi_priv.opcode_support) { tlmi_priv.pwd_system->kobj.kset = tlmi_priv.authentication_kset; ret = kobject_init_and_add(&tlmi_priv.pwd_system->kobj, &tlmi_pwd_setting_ktype, @@ -1532,29 +1509,17 @@ static int tlmi_sysfs_init(void) if (ret) goto fail_create_attr; - ret = sysfs_create_group(&tlmi_priv.pwd_system->kobj, &auth_attr_group); - if (ret) - goto fail_create_attr; - tlmi_priv.pwd_hdd->kobj.kset = tlmi_priv.authentication_kset; ret = kobject_init_and_add(&tlmi_priv.pwd_hdd->kobj, &tlmi_pwd_setting_ktype, NULL, "%s", "HDD"); if (ret) goto fail_create_attr; - ret = sysfs_create_group(&tlmi_priv.pwd_hdd->kobj, &auth_attr_group); - if (ret) - goto fail_create_attr; - tlmi_priv.pwd_nvme->kobj.kset = tlmi_priv.authentication_kset; ret = kobject_init_and_add(&tlmi_priv.pwd_nvme->kobj, &tlmi_pwd_setting_ktype, NULL, "%s", "NVMe"); if (ret) goto fail_create_attr; - - ret = sysfs_create_group(&tlmi_priv.pwd_nvme->kobj, &auth_attr_group); - if (ret) - goto fail_create_attr; } return ret;

3 months, 4 weeks

1
0
0 0

FAILED: patch "[PATCH] powercap: intel_rapl: Do not change CLAMPING bit if ENABLE" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 964209202ebe1569c858337441e87ef0f9d71416 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025070819-upturned-grope-5b8e@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 964209202ebe1569c858337441e87ef0f9d71416 Mon Sep 17 00:00:00 2001 From: Zhang Rui <rui.zhang(a)intel.com> Date: Thu, 19 Jun 2025 15:13:40 +0800 Subject: [PATCH] powercap: intel_rapl: Do not change CLAMPING bit if ENABLE bit cannot be changed PL1 cannot be disabled on some platforms. The ENABLE bit is still set after software clears it. This behavior leads to a scenario where, upon user request to disable the Power Limit through the powercap sysfs, the ENABLE bit remains set while the CLAMPING bit is inadvertently cleared. According to the Intel Software Developer's Manual, the CLAMPING bit, "When set, allows the processor to go below the OS requested P states in order to maintain the power below specified Platform Power Limit value." Thus this means the system may operate at higher power levels than intended on such platforms. Enhance the code to check ENABLE bit after writing to it, and stop further processing if ENABLE bit cannot be changed. Reported-by: Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> Fixes: 2d281d8196e3 ("PowerCap: Introduce Intel RAPL power capping driver") Cc: All applicable <stable(a)vger.kernel.org> Signed-off-by: Zhang Rui <rui.zhang(a)intel.com> Link: https://patch.msgid.link/20250619071340.384782-1-rui.zhang@intel.com [ rjw: Use str_enabled_disabled() instead of open-coded equivalent ] Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> diff --git a/drivers/powercap/intel_rapl_common.c b/drivers/powercap/intel_rapl_common.c index e3be40adc0d7..faa0b6bc5b53 100644 --- a/drivers/powercap/intel_rapl_common.c +++ b/drivers/powercap/intel_rapl_common.c @@ -341,12 +341,28 @@ static int set_domain_enable(struct powercap_zone *power_zone, bool mode) { struct rapl_domain *rd = power_zone_to_rapl_domain(power_zone); struct rapl_defaults *defaults = get_defaults(rd->rp); + u64 val; int ret; cpus_read_lock(); ret = rapl_write_pl_data(rd, POWER_LIMIT1, PL_ENABLE, mode); - if (!ret && defaults->set_floor_freq) + if (ret) + goto end; + + ret = rapl_read_pl_data(rd, POWER_LIMIT1, PL_ENABLE, false, &val); + if (ret) + goto end; + + if (mode != val) { + pr_debug("%s cannot be %s\n", power_zone->name, + str_enabled_disabled(mode)); + goto end; + } + + if (defaults->set_floor_freq) defaults->set_floor_freq(rd, mode); + +end: cpus_read_unlock(); return ret;

3 months, 4 weeks

1
0
0 0

FAILED: patch "[PATCH] powercap: intel_rapl: Do not change CLAMPING bit if ENABLE" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 964209202ebe1569c858337441e87ef0f9d71416 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025070819-mourner-tingling-cd53@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 964209202ebe1569c858337441e87ef0f9d71416 Mon Sep 17 00:00:00 2001 From: Zhang Rui <rui.zhang(a)intel.com> Date: Thu, 19 Jun 2025 15:13:40 +0800 Subject: [PATCH] powercap: intel_rapl: Do not change CLAMPING bit if ENABLE bit cannot be changed PL1 cannot be disabled on some platforms. The ENABLE bit is still set after software clears it. This behavior leads to a scenario where, upon user request to disable the Power Limit through the powercap sysfs, the ENABLE bit remains set while the CLAMPING bit is inadvertently cleared. According to the Intel Software Developer's Manual, the CLAMPING bit, "When set, allows the processor to go below the OS requested P states in order to maintain the power below specified Platform Power Limit value." Thus this means the system may operate at higher power levels than intended on such platforms. Enhance the code to check ENABLE bit after writing to it, and stop further processing if ENABLE bit cannot be changed. Reported-by: Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> Fixes: 2d281d8196e3 ("PowerCap: Introduce Intel RAPL power capping driver") Cc: All applicable <stable(a)vger.kernel.org> Signed-off-by: Zhang Rui <rui.zhang(a)intel.com> Link: https://patch.msgid.link/20250619071340.384782-1-rui.zhang@intel.com [ rjw: Use str_enabled_disabled() instead of open-coded equivalent ] Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> diff --git a/drivers/powercap/intel_rapl_common.c b/drivers/powercap/intel_rapl_common.c index e3be40adc0d7..faa0b6bc5b53 100644 --- a/drivers/powercap/intel_rapl_common.c +++ b/drivers/powercap/intel_rapl_common.c @@ -341,12 +341,28 @@ static int set_domain_enable(struct powercap_zone *power_zone, bool mode) { struct rapl_domain *rd = power_zone_to_rapl_domain(power_zone); struct rapl_defaults *defaults = get_defaults(rd->rp); + u64 val; int ret; cpus_read_lock(); ret = rapl_write_pl_data(rd, POWER_LIMIT1, PL_ENABLE, mode); - if (!ret && defaults->set_floor_freq) + if (ret) + goto end; + + ret = rapl_read_pl_data(rd, POWER_LIMIT1, PL_ENABLE, false, &val); + if (ret) + goto end; + + if (mode != val) { + pr_debug("%s cannot be %s\n", power_zone->name, + str_enabled_disabled(mode)); + goto end; + } + + if (defaults->set_floor_freq) defaults->set_floor_freq(rd, mode); + +end: cpus_read_unlock(); return ret;

3 months, 4 weeks

1
0
0 0

[PATCH v3] drm/framebuffer: Acquire internal references on GEM handles

by Thomas Zimmermann

Acquire GEM handles in drm_framebuffer_init() and release them in the corresponding drm_framebuffer_cleanup(). Ties the handle's lifetime to the framebuffer. Not all GEM buffer objects have GEM handles. If not set, no refcounting takes place. This is the case for some fbdev emulation. This is not a problem as these GEM objects do not use dma-bufs and drivers will not release them while fbdev emulation is running. Framebuffer flags keep a bit per color plane of which the framebuffer holds a GEM handle reference. As all drivers use drm_framebuffer_init(), they will now all hold dma-buf references as fixed in commit 5307dce878d4 ("drm/gem: Acquire references on GEM handles for framebuffers"). In the GEM framebuffer helpers, restore the original ref counting on buffer objects. As the helpers for handle refcounting are now no longer called from outside the DRM core, unexport the symbols. v3: - don't mix internal flags with mode flags (Christian) v2: - track framebuffer handle refs by flag - drop gma500 cleanup (Christian) Signed-off-by: Thomas Zimmermann <tzimmermann(a)suse.de> Fixes: 5307dce878d4 ("drm/gem: Acquire references on GEM handles for framebuffers") Reported-by: Bert Karwatzki <spasswolf(a)web.de> Closes: https://lore.kernel.org/dri-devel/20250703115915.3096-1-spasswolf@web.de/ Tested-by: Bert Karwatzki <spasswolf(a)web.de> Tested-by: Mario Limonciello <superm1(a)kernel.org> Cc: Thomas Zimmermann <tzimmermann(a)suse.de> Cc: Anusha Srivatsa <asrivats(a)redhat.com> Cc: Christian König <christian.koenig(a)amd.com> Cc: Maarten Lankhorst <maarten.lankhorst(a)linux.intel.com> Cc: Maxime Ripard <mripard(a)kernel.org> Cc: Sumit Semwal <sumit.semwal(a)linaro.org> Cc: "Christian König" <christian.koenig(a)amd.com> Cc: linux-media(a)vger.kernel.org Cc: dri-devel(a)lists.freedesktop.org Cc: linaro-mm-sig(a)lists.linaro.org Cc: <stable(a)vger.kernel.org> --- drivers/gpu/drm/drm_framebuffer.c | 31 ++++++++++++++-- drivers/gpu/drm/drm_gem.c | 38 ++++++++++++-------- drivers/gpu/drm/drm_gem_framebuffer_helper.c | 16 ++++----- drivers/gpu/drm/drm_internal.h | 2 +- include/drm/drm_framebuffer.h | 7 ++++ 5 files changed, 68 insertions(+), 26 deletions(-) diff --git a/drivers/gpu/drm/drm_framebuffer.c b/drivers/gpu/drm/drm_framebuffer.c index b781601946db..63a70f285cce 100644 --- a/drivers/gpu/drm/drm_framebuffer.c +++ b/drivers/gpu/drm/drm_framebuffer.c @@ -862,11 +862,23 @@ EXPORT_SYMBOL_FOR_TESTS_ONLY(drm_framebuffer_free); int drm_framebuffer_init(struct drm_device *dev, struct drm_framebuffer *fb, const struct drm_framebuffer_funcs *funcs) { + unsigned int i; int ret; + bool exists; if (WARN_ON_ONCE(fb->dev != dev || !fb->format)) return -EINVAL; + for (i = 0; i < fb->format->num_planes; i++) { + if (drm_WARN_ON_ONCE(dev, fb->internal_flags & DRM_FRAMEBUFFER_HAS_HANDLE_REF(i))) + fb->internal_flags &= ~DRM_FRAMEBUFFER_HAS_HANDLE_REF(i); + if (fb->obj[i]) { + exists = drm_gem_object_handle_get_if_exists_unlocked(fb->obj[i]); + if (exists) + fb->internal_flags |= DRM_FRAMEBUFFER_HAS_HANDLE_REF(i); + } + } + INIT_LIST_HEAD(&fb->filp_head); fb->funcs = funcs; @@ -875,7 +887,7 @@ int drm_framebuffer_init(struct drm_device *dev, struct drm_framebuffer *fb, ret = __drm_mode_object_add(dev, &fb->base, DRM_MODE_OBJECT_FB, false, drm_framebuffer_free); if (ret) - goto out; + goto err; mutex_lock(&dev->mode_config.fb_lock); dev->mode_config.num_fb++; @@ -883,7 +895,16 @@ int drm_framebuffer_init(struct drm_device *dev, struct drm_framebuffer *fb, mutex_unlock(&dev->mode_config.fb_lock); drm_mode_object_register(dev, &fb->base); -out: + + return 0; + +err: + for (i = 0; i < fb->format->num_planes; i++) { + if (fb->internal_flags & DRM_FRAMEBUFFER_HAS_HANDLE_REF(i)) { + drm_gem_object_handle_put_unlocked(fb->obj[i]); + fb->internal_flags &= ~DRM_FRAMEBUFFER_HAS_HANDLE_REF(i); + } + } return ret; } EXPORT_SYMBOL(drm_framebuffer_init); @@ -960,6 +981,12 @@ EXPORT_SYMBOL(drm_framebuffer_unregister_private); void drm_framebuffer_cleanup(struct drm_framebuffer *fb) { struct drm_device *dev = fb->dev; + unsigned int i; + + for (i = 0; i < fb->format->num_planes; i++) { + if (fb->internal_flags & DRM_FRAMEBUFFER_HAS_HANDLE_REF(i)) + drm_gem_object_handle_put_unlocked(fb->obj[i]); + } mutex_lock(&dev->mode_config.fb_lock); list_del(&fb->head); diff --git a/drivers/gpu/drm/drm_gem.c b/drivers/gpu/drm/drm_gem.c index bc505d938b3e..41cdab6088ae 100644 --- a/drivers/gpu/drm/drm_gem.c +++ b/drivers/gpu/drm/drm_gem.c @@ -224,23 +224,34 @@ static void drm_gem_object_handle_get(struct drm_gem_object *obj) } /** - * drm_gem_object_handle_get_unlocked - acquire reference on user-space handles + * drm_gem_object_handle_get_if_exists_unlocked - acquire reference on user-space handle, if any * @obj: GEM object * - * Acquires a reference on the GEM buffer object's handle. Required - * to keep the GEM object alive. Call drm_gem_object_handle_put_unlocked() - * to release the reference. + * Acquires a reference on the GEM buffer object's handle. Required to keep + * the GEM object alive. Call drm_gem_object_handle_put_if_exists_unlocked() + * to release the reference. Does nothing if the buffer object has no handle. + * + * Returns: + * True if a handle exists, or false otherwise */ -void drm_gem_object_handle_get_unlocked(struct drm_gem_object *obj) +bool drm_gem_object_handle_get_if_exists_unlocked(struct drm_gem_object *obj) { struct drm_device *dev = obj->dev; guard(mutex)(&dev->object_name_lock); - drm_WARN_ON(dev, !obj->handle_count); /* first ref taken in create-tail helper */ + /* + * First ref taken during GEM object creation, if any. Some + * drivers set up internal framebuffers with GEM objects that + * do not have a GEM handle. Hence, this counter can be zero. + */ + if (!obj->handle_count) + return false; + drm_gem_object_handle_get(obj); + + return true; } -EXPORT_SYMBOL(drm_gem_object_handle_get_unlocked); /** * drm_gem_object_handle_free - release resources bound to userspace handles @@ -273,7 +284,7 @@ static void drm_gem_object_exported_dma_buf_free(struct drm_gem_object *obj) } /** - * drm_gem_object_handle_put_unlocked - releases reference on user-space handles + * drm_gem_object_handle_put_unlocked - releases reference on user-space handle * @obj: GEM object * * Releases a reference on the GEM buffer object's handle. Possibly releases @@ -284,14 +295,14 @@ void drm_gem_object_handle_put_unlocked(struct drm_gem_object *obj) struct drm_device *dev = obj->dev; bool final = false; - if (WARN_ON(READ_ONCE(obj->handle_count) == 0)) + if (drm_WARN_ON(dev, READ_ONCE(obj->handle_count) == 0)) return; /* - * Must bump handle count first as this may be the last - * ref, in which case the object would disappear before we - * checked for a name - */ + * Must bump handle count first as this may be the last + * ref, in which case the object would disappear before + * we checked for a name. + */ mutex_lock(&dev->object_name_lock); if (--obj->handle_count == 0) { @@ -304,7 +315,6 @@ void drm_gem_object_handle_put_unlocked(struct drm_gem_object *obj) if (final) drm_gem_object_put(obj); } -EXPORT_SYMBOL(drm_gem_object_handle_put_unlocked); /* * Called at device or object close to release the file's diff --git a/drivers/gpu/drm/drm_gem_framebuffer_helper.c b/drivers/gpu/drm/drm_gem_framebuffer_helper.c index c60d0044d036..618ce725cd75 100644 --- a/drivers/gpu/drm/drm_gem_framebuffer_helper.c +++ b/drivers/gpu/drm/drm_gem_framebuffer_helper.c @@ -100,7 +100,7 @@ void drm_gem_fb_destroy(struct drm_framebuffer *fb) unsigned int i; for (i = 0; i < fb->format->num_planes; i++) - drm_gem_object_handle_put_unlocked(fb->obj[i]); + drm_gem_object_put(fb->obj[i]); drm_framebuffer_cleanup(fb); kfree(fb); @@ -183,10 +183,8 @@ int drm_gem_fb_init_with_funcs(struct drm_device *dev, if (!objs[i]) { drm_dbg_kms(dev, "Failed to lookup GEM object\n"); ret = -ENOENT; - goto err_gem_object_handle_put_unlocked; + goto err_gem_object_put; } - drm_gem_object_handle_get_unlocked(objs[i]); - drm_gem_object_put(objs[i]); min_size = (height - 1) * mode_cmd->pitches[i] + drm_format_info_min_pitch(info, i, width) @@ -196,22 +194,22 @@ int drm_gem_fb_init_with_funcs(struct drm_device *dev, drm_dbg_kms(dev, "GEM object size (%zu) smaller than minimum size (%u) for plane %d\n", objs[i]->size, min_size, i); - drm_gem_object_handle_put_unlocked(objs[i]); + drm_gem_object_put(objs[i]); ret = -EINVAL; - goto err_gem_object_handle_put_unlocked; + goto err_gem_object_put; } } ret = drm_gem_fb_init(dev, fb, mode_cmd, objs, i, funcs); if (ret) - goto err_gem_object_handle_put_unlocked; + goto err_gem_object_put; return 0; -err_gem_object_handle_put_unlocked: +err_gem_object_put: while (i > 0) { --i; - drm_gem_object_handle_put_unlocked(objs[i]); + drm_gem_object_put(objs[i]); } return ret; } diff --git a/drivers/gpu/drm/drm_internal.h b/drivers/gpu/drm/drm_internal.h index f921cc73f8b8..e79c3c623c9a 100644 --- a/drivers/gpu/drm/drm_internal.h +++ b/drivers/gpu/drm/drm_internal.h @@ -161,7 +161,7 @@ void drm_sysfs_lease_event(struct drm_device *dev); /* drm_gem.c */ int drm_gem_init(struct drm_device *dev); -void drm_gem_object_handle_get_unlocked(struct drm_gem_object *obj); +bool drm_gem_object_handle_get_if_exists_unlocked(struct drm_gem_object *obj); void drm_gem_object_handle_put_unlocked(struct drm_gem_object *obj); int drm_gem_handle_create_tail(struct drm_file *file_priv, struct drm_gem_object *obj, diff --git a/include/drm/drm_framebuffer.h b/include/drm/drm_framebuffer.h index 668077009fce..38b24fc8978d 100644 --- a/include/drm/drm_framebuffer.h +++ b/include/drm/drm_framebuffer.h @@ -23,6 +23,7 @@ #ifndef __DRM_FRAMEBUFFER_H__ #define __DRM_FRAMEBUFFER_H__ +#include <linux/bits.h> #include <linux/ctype.h> #include <linux/list.h> #include <linux/sched.h> @@ -100,6 +101,8 @@ struct drm_framebuffer_funcs { unsigned num_clips); }; +#define DRM_FRAMEBUFFER_HAS_HANDLE_REF(_i) BIT(0u + (_i)) + /** * struct drm_framebuffer - frame buffer object * @@ -188,6 +191,10 @@ struct drm_framebuffer { * DRM_MODE_FB_MODIFIERS. */ int flags; + /** + * @internal_flags: Framebuffer flags like DRM_FRAMEBUFFER_HAS_HANDLE_REF. + */ + unsigned int internal_flags; /** * @filp_head: Placed on &drm_file.fbs, protected by &drm_file.fbs_lock. */ -- 2.50.0

3 months, 4 weeks

3
3
0 0

[PATCH] comedi: comedi_test: Fix possible deletion of uninitialized timers

by Ian Abbott

In `waveform_common_attach()`, the two timers `&devpriv->ai_timer` and `&devpriv->ao_timer` are initialized after the allocation of the device private data by `comedi_alloc_devpriv()` and the subdevices by `comedi_alloc_subdevices()`. The function may return with an error between those function calls. In that case, `waveform_detach()` will be called by the Comedi core to clean up. The check that `waveform_detach()` uses to decide whether to delete the timers is incorrect. It only checks that the device private data was allocated, but that does not guarantee that the timers were initialized. It also needs to check that the subdevices were allocated. Fix it. Fixes: 73e0e4dfed4c ("staging: comedi: comedi_test: fix timer lock-up") Cc: <stable(a)vger.kernel.org> # 6.15+ Signed-off-by: Ian Abbott <abbotti(a)mev.co.uk> --- Patch fails to apply to kernels before 6.15, requiring backports. --- drivers/comedi/drivers/comedi_test.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/comedi/drivers/comedi_test.c b/drivers/comedi/drivers/comedi_test.c index 9747e6d1f6eb..7984950f0f99 100644 --- a/drivers/comedi/drivers/comedi_test.c +++ b/drivers/comedi/drivers/comedi_test.c @@ -792,7 +792,7 @@ static void waveform_detach(struct comedi_device *dev) { struct waveform_private *devpriv = dev->private; - if (devpriv) { + if (devpriv && dev->n_subdevices) { timer_delete_sync(&devpriv->ai_timer); timer_delete_sync(&devpriv->ao_timer); } -- 2.47.2

3 months, 4 weeks

1
0
0 0

[PATCH 5.10/5.15] mm/hugetlb: fix assertion splat in hugetlb_split()

by Fedor Pchelkin

No upstream commit exists for this patch. The following assertion is firing on 5.10 to 6.1 stable kernels after backport of upstream commit 081056dc00a2 ("mm/hugetlb: unshare page tables during VMA split, not before"): WARNING: CPU: 0 PID: 11489 at include/linux/fs.h:503 i_mmap_assert_write_locked include/linux/fs.h:503 [inline] WARNING: CPU: 0 PID: 11489 at include/linux/fs.h:503 hugetlb_split+0x267/0x300 mm/hugetlb.c:4917 Modules linked in: CPU: 0 PID: 11489 Comm: syz-executor.4 Not tainted 6.1.142-syzkaller-00296-gfd0df5221577 #0 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 RIP: 0010:i_mmap_assert_write_locked include/linux/fs.h:503 [inline] RIP: 0010:hugetlb_split+0x267/0x300 mm/hugetlb.c:4917 Call Trace: <TASK> __vma_adjust+0xd73/0x1c10 mm/mmap.c:736 vma_adjust include/linux/mm.h:2745 [inline] __split_vma+0x459/0x540 mm/mmap.c:2385 do_mas_align_munmap+0x5f2/0xf10 mm/mmap.c:2497 do_mas_munmap+0x26c/0x2c0 mm/mmap.c:2646 __mmap_region mm/mmap.c:2694 [inline] mmap_region+0x19f/0x1770 mm/mmap.c:2912 do_mmap+0x84b/0xf20 mm/mmap.c:1432 vm_mmap_pgoff+0x1af/0x280 mm/util.c:520 ksys_mmap_pgoff+0x41f/0x5a0 mm/mmap.c:1478 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x35/0x80 arch/x86/entry/common.c:81 entry_SYSCALL_64_after_hwframe+0x6e/0xd8 RIP: 0033:0x46a269 </TASK> Those branches lack commit ccf1d78d8b86 ("mm/mmap: move vma_prepare before vma_adjust_trans_huge") so the needed locks are taken just after the newly added hugetlb_split(). Adjust the position of vma_adjust_trans_huge() blocks with the lock-taking code. Found by Linux Verification Center (linuxtesting.org) with Syzkaller. Fixes: 081056dc00a2 ("mm/hugetlb: unshare page tables during VMA split, not before") Signed-off-by: Fedor Pchelkin <pchelkin(a)ispras.ru> --- Tested with testcases/kernel/mem/hugetlb/hugemmap suite provided by LTP. For the report see: https://lore.kernel.org/stable/CAG48ez3LqUwXxhRY56tqQCpfGJsJ-GeXFG9FCcTZEBo… mm/mmap.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/mm/mmap.c b/mm/mmap.c index 8c188ed3738a..13669a33a515 100644 --- a/mm/mmap.c +++ b/mm/mmap.c @@ -832,16 +832,6 @@ int __vma_adjust(struct vm_area_struct *vma, unsigned long start, } } again: - /* - * Get rid of huge pages and shared page tables straddling the split - * boundary. - */ - vma_adjust_trans_huge(orig_vma, start, end, adjust_next); - if (is_vm_hugetlb_page(orig_vma)) { - hugetlb_split(orig_vma, start); - hugetlb_split(orig_vma, end); - } - if (file) { mapping = file->f_mapping; root = &mapping->i_mmap; @@ -881,6 +871,16 @@ int __vma_adjust(struct vm_area_struct *vma, unsigned long start, vma_interval_tree_remove(next, root); } + /* + * Get rid of huge pages and shared page tables straddling the split + * boundary. + */ + vma_adjust_trans_huge(orig_vma, start, end, adjust_next); + if (is_vm_hugetlb_page(orig_vma)) { + hugetlb_split(orig_vma, start); + hugetlb_split(orig_vma, end); + } + if (start != vma->vm_start) { vma->vm_start = start; start_changed = true; -- 2.50.0

3 months, 4 weeks

1
0
0 0

[PATCH 6.1] mm/hugetlb: fix assertion splat in hugetlb_split()

by Fedor Pchelkin

No upstream commit exists for this patch. The following assertion is firing on 5.10 to 6.1 stable kernels after backport of upstream commit 081056dc00a2 ("mm/hugetlb: unshare page tables during VMA split, not before"): WARNING: CPU: 0 PID: 11489 at include/linux/fs.h:503 i_mmap_assert_write_locked include/linux/fs.h:503 [inline] WARNING: CPU: 0 PID: 11489 at include/linux/fs.h:503 hugetlb_split+0x267/0x300 mm/hugetlb.c:4917 Modules linked in: CPU: 0 PID: 11489 Comm: syz-executor.4 Not tainted 6.1.142-syzkaller-00296-gfd0df5221577 #0 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 RIP: 0010:i_mmap_assert_write_locked include/linux/fs.h:503 [inline] RIP: 0010:hugetlb_split+0x267/0x300 mm/hugetlb.c:4917 Call Trace: <TASK> __vma_adjust+0xd73/0x1c10 mm/mmap.c:736 vma_adjust include/linux/mm.h:2745 [inline] __split_vma+0x459/0x540 mm/mmap.c:2385 do_mas_align_munmap+0x5f2/0xf10 mm/mmap.c:2497 do_mas_munmap+0x26c/0x2c0 mm/mmap.c:2646 __mmap_region mm/mmap.c:2694 [inline] mmap_region+0x19f/0x1770 mm/mmap.c:2912 do_mmap+0x84b/0xf20 mm/mmap.c:1432 vm_mmap_pgoff+0x1af/0x280 mm/util.c:520 ksys_mmap_pgoff+0x41f/0x5a0 mm/mmap.c:1478 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x35/0x80 arch/x86/entry/common.c:81 entry_SYSCALL_64_after_hwframe+0x6e/0xd8 RIP: 0033:0x46a269 </TASK> Those branches lack commit ccf1d78d8b86 ("mm/mmap: move vma_prepare before vma_adjust_trans_huge") so the needed locks are taken just after the newly added hugetlb_split(). Adjust the position of vma_adjust_trans_huge() blocks with the lock-taking code. Found by Linux Verification Center (linuxtesting.org) with Syzkaller. Fixes: 081056dc00a2 ("mm/hugetlb: unshare page tables during VMA split, not before") Signed-off-by: Fedor Pchelkin <pchelkin(a)ispras.ru> --- Tested with testcases/kernel/mem/hugetlb/hugemmap suite provided by LTP. For the report see: https://lore.kernel.org/stable/CAG48ez3LqUwXxhRY56tqQCpfGJsJ-GeXFG9FCcTZEBo… mm/mmap.c | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/mm/mmap.c b/mm/mmap.c index 0f303dc8425a..941880ed62d7 100644 --- a/mm/mmap.c +++ b/mm/mmap.c @@ -543,8 +543,6 @@ inline int vma_expand(struct ma_state *mas, struct vm_area_struct *vma, if (mas_preallocate(mas, vma, GFP_KERNEL)) goto nomem; - vma_adjust_trans_huge(vma, start, end, 0); - if (file) { mapping = file->f_mapping; root = &mapping->i_mmap; @@ -562,6 +560,8 @@ inline int vma_expand(struct ma_state *mas, struct vm_area_struct *vma, vma_interval_tree_remove(vma, root); } + vma_adjust_trans_huge(vma, start, end, 0); + vma->vm_start = start; vma->vm_end = end; vma->vm_pgoff = pgoff; @@ -727,15 +727,6 @@ int __vma_adjust(struct vm_area_struct *vma, unsigned long start, return -ENOMEM; } - /* - * Get rid of huge pages and shared page tables straddling the split - * boundary. - */ - vma_adjust_trans_huge(orig_vma, start, end, adjust_next); - if (is_vm_hugetlb_page(orig_vma)) { - hugetlb_split(orig_vma, start); - hugetlb_split(orig_vma, end); - } if (file) { mapping = file->f_mapping; root = &mapping->i_mmap; @@ -775,6 +766,16 @@ int __vma_adjust(struct vm_area_struct *vma, unsigned long start, vma_interval_tree_remove(next, root); } + /* + * Get rid of huge pages and shared page tables straddling the split + * boundary. + */ + vma_adjust_trans_huge(orig_vma, start, end, adjust_next); + if (is_vm_hugetlb_page(orig_vma)) { + hugetlb_split(orig_vma, start); + hugetlb_split(orig_vma, end); + } + if (start != vma->vm_start) { if ((vma->vm_start < start) && (!insert || (insert->vm_end != start))) { -- 2.50.0

3 months, 4 weeks

1
0
0 0

[PATCH v3] wifi: wilc1000: Add error handling for wilc_sdio_cmd52()

by Wentao Liang

The wilc_sdio_read_size() calls wilc_sdio_cmd52() but does not check the return value. This could lead to execution with potentially invalid data if wilc_sdio_cmd52() fails. A proper implementation can be found in wilc_sdio_read_reg(). Add error handling for wilc_sdio_cmd52(). If wilc_sdio_cmd52() fails, log an error message via dev_err(). Fixes: ea5779b4fbc7 ("staging: wilc1000: wilc_sdio_cmd52: pass struct wilc") Cc: stable(a)vger.kernel.org # v4.5 Signed-off-by: Wentao Liang <vulab(a)iscas.ac.cn> --- v3: Remove redundant error log. Fix code error. Fix fixes flag error. v2: Fix code error. drivers/net/wireless/microchip/wilc1000/sdio.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/drivers/net/wireless/microchip/wilc1000/sdio.c b/drivers/net/wireless/microchip/wilc1000/sdio.c index 5262c8846c13..d77f88996250 100644 --- a/drivers/net/wireless/microchip/wilc1000/sdio.c +++ b/drivers/net/wireless/microchip/wilc1000/sdio.c @@ -771,6 +771,7 @@ static int wilc_sdio_read_size(struct wilc *wilc, u32 *size) { u32 tmp; struct sdio_cmd52 cmd; + int ret; /** * Read DMA count in words @@ -780,12 +781,16 @@ static int wilc_sdio_read_size(struct wilc *wilc, u32 *size) cmd.raw = 0; cmd.address = WILC_SDIO_INTERRUPT_DATA_SZ_REG; cmd.data = 0; - wilc_sdio_cmd52(wilc, &cmd); + ret = wilc_sdio_cmd52(wilc, &cmd); + if (ret) + return ret; tmp = cmd.data; cmd.address = WILC_SDIO_INTERRUPT_DATA_SZ_REG + 1; cmd.data = 0; - wilc_sdio_cmd52(wilc, &cmd); + ret = wilc_sdio_cmd52(wilc, &cmd); + if (ret) + return ret; tmp |= (cmd.data << 8); *size = tmp; -- 2.42.0.windows.2

4 months

2
1
0 0

FAILED: patch "[PATCH] usb: dwc3: Abort suspend on soft disconnect failure" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 630a1dec3b0eba2a695b9063f1c205d585cbfec9 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025070816-untoasted-wooing-3f93@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 630a1dec3b0eba2a695b9063f1c205d585cbfec9 Mon Sep 17 00:00:00 2001 From: Kuen-Han Tsai <khtsai(a)google.com> Date: Wed, 28 May 2025 18:03:11 +0800 Subject: [PATCH] usb: dwc3: Abort suspend on soft disconnect failure When dwc3_gadget_soft_disconnect() fails, dwc3_suspend_common() keeps going with the suspend, resulting in a period where the power domain is off, but the gadget driver remains connected. Within this time frame, invoking vbus_event_work() will cause an error as it attempts to access DWC3 registers for endpoint disabling after the power domain has been completely shut down. Abort the suspend sequence when dwc3_gadget_suspend() cannot halt the controller and proceeds with a soft connect. Fixes: 9f8a67b65a49 ("usb: dwc3: gadget: fix gadget suspend/resume") Cc: stable <stable(a)kernel.org> Acked-by: Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> Signed-off-by: Kuen-Han Tsai <khtsai(a)google.com> Link: https://lore.kernel.org/r/20250528100315.2162699-1-khtsai@google.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/dwc3/core.c b/drivers/usb/dwc3/core.c index 2bc775a747f2..8002c23a5a02 100644 --- a/drivers/usb/dwc3/core.c +++ b/drivers/usb/dwc3/core.c @@ -2422,6 +2422,7 @@ static int dwc3_suspend_common(struct dwc3 *dwc, pm_message_t msg) { u32 reg; int i; + int ret; if (!pm_runtime_suspended(dwc->dev) && !PMSG_IS_AUTO(msg)) { dwc->susphy_state = (dwc3_readl(dwc->regs, DWC3_GUSB2PHYCFG(0)) & @@ -2440,7 +2441,9 @@ static int dwc3_suspend_common(struct dwc3 *dwc, pm_message_t msg) case DWC3_GCTL_PRTCAP_DEVICE: if (pm_runtime_suspended(dwc->dev)) break; - dwc3_gadget_suspend(dwc); + ret = dwc3_gadget_suspend(dwc); + if (ret) + return ret; synchronize_irq(dwc->irq_gadget); dwc3_core_exit(dwc); break; @@ -2475,7 +2478,9 @@ static int dwc3_suspend_common(struct dwc3 *dwc, pm_message_t msg) break; if (dwc->current_otg_role == DWC3_OTG_ROLE_DEVICE) { - dwc3_gadget_suspend(dwc); + ret = dwc3_gadget_suspend(dwc); + if (ret) + return ret; synchronize_irq(dwc->irq_gadget); } diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c index 321361288935..b6b63b530148 100644 --- a/drivers/usb/dwc3/gadget.c +++ b/drivers/usb/dwc3/gadget.c @@ -4821,8 +4821,15 @@ int dwc3_gadget_suspend(struct dwc3 *dwc) int ret; ret = dwc3_gadget_soft_disconnect(dwc); - if (ret) - goto err; + /* + * Attempt to reset the controller's state. Likely no + * communication can be established until the host + * performs a port reset. + */ + if (ret && dwc->softconnect) { + dwc3_gadget_soft_connect(dwc); + return -EAGAIN; + } spin_lock_irqsave(&dwc->lock, flags); if (dwc->gadget_driver) @@ -4830,17 +4837,6 @@ int dwc3_gadget_suspend(struct dwc3 *dwc) spin_unlock_irqrestore(&dwc->lock, flags); return 0; - -err: - /* - * Attempt to reset the controller's state. Likely no - * communication can be established until the host - * performs a port reset. - */ - if (dwc->softconnect) - dwc3_gadget_soft_connect(dwc); - - return ret; } int dwc3_gadget_resume(struct dwc3 *dwc)

4 months

1
0
0 0

FAILED: patch "[PATCH] usb: dwc3: Abort suspend on soft disconnect failure" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 630a1dec3b0eba2a695b9063f1c205d585cbfec9 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025070814-edginess-essence-e135@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 630a1dec3b0eba2a695b9063f1c205d585cbfec9 Mon Sep 17 00:00:00 2001 From: Kuen-Han Tsai <khtsai(a)google.com> Date: Wed, 28 May 2025 18:03:11 +0800 Subject: [PATCH] usb: dwc3: Abort suspend on soft disconnect failure When dwc3_gadget_soft_disconnect() fails, dwc3_suspend_common() keeps going with the suspend, resulting in a period where the power domain is off, but the gadget driver remains connected. Within this time frame, invoking vbus_event_work() will cause an error as it attempts to access DWC3 registers for endpoint disabling after the power domain has been completely shut down. Abort the suspend sequence when dwc3_gadget_suspend() cannot halt the controller and proceeds with a soft connect. Fixes: 9f8a67b65a49 ("usb: dwc3: gadget: fix gadget suspend/resume") Cc: stable <stable(a)kernel.org> Acked-by: Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> Signed-off-by: Kuen-Han Tsai <khtsai(a)google.com> Link: https://lore.kernel.org/r/20250528100315.2162699-1-khtsai@google.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/dwc3/core.c b/drivers/usb/dwc3/core.c index 2bc775a747f2..8002c23a5a02 100644 --- a/drivers/usb/dwc3/core.c +++ b/drivers/usb/dwc3/core.c @@ -2422,6 +2422,7 @@ static int dwc3_suspend_common(struct dwc3 *dwc, pm_message_t msg) { u32 reg; int i; + int ret; if (!pm_runtime_suspended(dwc->dev) && !PMSG_IS_AUTO(msg)) { dwc->susphy_state = (dwc3_readl(dwc->regs, DWC3_GUSB2PHYCFG(0)) & @@ -2440,7 +2441,9 @@ static int dwc3_suspend_common(struct dwc3 *dwc, pm_message_t msg) case DWC3_GCTL_PRTCAP_DEVICE: if (pm_runtime_suspended(dwc->dev)) break; - dwc3_gadget_suspend(dwc); + ret = dwc3_gadget_suspend(dwc); + if (ret) + return ret; synchronize_irq(dwc->irq_gadget); dwc3_core_exit(dwc); break; @@ -2475,7 +2478,9 @@ static int dwc3_suspend_common(struct dwc3 *dwc, pm_message_t msg) break; if (dwc->current_otg_role == DWC3_OTG_ROLE_DEVICE) { - dwc3_gadget_suspend(dwc); + ret = dwc3_gadget_suspend(dwc); + if (ret) + return ret; synchronize_irq(dwc->irq_gadget); } diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c index 321361288935..b6b63b530148 100644 --- a/drivers/usb/dwc3/gadget.c +++ b/drivers/usb/dwc3/gadget.c @@ -4821,8 +4821,15 @@ int dwc3_gadget_suspend(struct dwc3 *dwc) int ret; ret = dwc3_gadget_soft_disconnect(dwc); - if (ret) - goto err; + /* + * Attempt to reset the controller's state. Likely no + * communication can be established until the host + * performs a port reset. + */ + if (ret && dwc->softconnect) { + dwc3_gadget_soft_connect(dwc); + return -EAGAIN; + } spin_lock_irqsave(&dwc->lock, flags); if (dwc->gadget_driver) @@ -4830,17 +4837,6 @@ int dwc3_gadget_suspend(struct dwc3 *dwc) spin_unlock_irqrestore(&dwc->lock, flags); return 0; - -err: - /* - * Attempt to reset the controller's state. Likely no - * communication can be established until the host - * performs a port reset. - */ - if (dwc->softconnect) - dwc3_gadget_soft_connect(dwc); - - return ret; } int dwc3_gadget_resume(struct dwc3 *dwc)

4 months

1
0
0 0

FAILED: patch "[PATCH] usb: dwc3: Abort suspend on soft disconnect failure" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 630a1dec3b0eba2a695b9063f1c205d585cbfec9 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025070843-mammal-recapture-b529@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 630a1dec3b0eba2a695b9063f1c205d585cbfec9 Mon Sep 17 00:00:00 2001 From: Kuen-Han Tsai <khtsai(a)google.com> Date: Wed, 28 May 2025 18:03:11 +0800 Subject: [PATCH] usb: dwc3: Abort suspend on soft disconnect failure When dwc3_gadget_soft_disconnect() fails, dwc3_suspend_common() keeps going with the suspend, resulting in a period where the power domain is off, but the gadget driver remains connected. Within this time frame, invoking vbus_event_work() will cause an error as it attempts to access DWC3 registers for endpoint disabling after the power domain has been completely shut down. Abort the suspend sequence when dwc3_gadget_suspend() cannot halt the controller and proceeds with a soft connect. Fixes: 9f8a67b65a49 ("usb: dwc3: gadget: fix gadget suspend/resume") Cc: stable <stable(a)kernel.org> Acked-by: Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> Signed-off-by: Kuen-Han Tsai <khtsai(a)google.com> Link: https://lore.kernel.org/r/20250528100315.2162699-1-khtsai@google.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/dwc3/core.c b/drivers/usb/dwc3/core.c index 2bc775a747f2..8002c23a5a02 100644 --- a/drivers/usb/dwc3/core.c +++ b/drivers/usb/dwc3/core.c @@ -2422,6 +2422,7 @@ static int dwc3_suspend_common(struct dwc3 *dwc, pm_message_t msg) { u32 reg; int i; + int ret; if (!pm_runtime_suspended(dwc->dev) && !PMSG_IS_AUTO(msg)) { dwc->susphy_state = (dwc3_readl(dwc->regs, DWC3_GUSB2PHYCFG(0)) & @@ -2440,7 +2441,9 @@ static int dwc3_suspend_common(struct dwc3 *dwc, pm_message_t msg) case DWC3_GCTL_PRTCAP_DEVICE: if (pm_runtime_suspended(dwc->dev)) break; - dwc3_gadget_suspend(dwc); + ret = dwc3_gadget_suspend(dwc); + if (ret) + return ret; synchronize_irq(dwc->irq_gadget); dwc3_core_exit(dwc); break; @@ -2475,7 +2478,9 @@ static int dwc3_suspend_common(struct dwc3 *dwc, pm_message_t msg) break; if (dwc->current_otg_role == DWC3_OTG_ROLE_DEVICE) { - dwc3_gadget_suspend(dwc); + ret = dwc3_gadget_suspend(dwc); + if (ret) + return ret; synchronize_irq(dwc->irq_gadget); } diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c index 321361288935..b6b63b530148 100644 --- a/drivers/usb/dwc3/gadget.c +++ b/drivers/usb/dwc3/gadget.c @@ -4821,8 +4821,15 @@ int dwc3_gadget_suspend(struct dwc3 *dwc) int ret; ret = dwc3_gadget_soft_disconnect(dwc); - if (ret) - goto err; + /* + * Attempt to reset the controller's state. Likely no + * communication can be established until the host + * performs a port reset. + */ + if (ret && dwc->softconnect) { + dwc3_gadget_soft_connect(dwc); + return -EAGAIN; + } spin_lock_irqsave(&dwc->lock, flags); if (dwc->gadget_driver) @@ -4830,17 +4837,6 @@ int dwc3_gadget_suspend(struct dwc3 *dwc) spin_unlock_irqrestore(&dwc->lock, flags); return 0; - -err: - /* - * Attempt to reset the controller's state. Likely no - * communication can be established until the host - * performs a port reset. - */ - if (dwc->softconnect) - dwc3_gadget_soft_connect(dwc); - - return ret; } int dwc3_gadget_resume(struct dwc3 *dwc)

4 months

1
0
0 0

[PATCH v3 2/2] PCI: imx6: Correct the epc_features of IMX8MM_EP and IMX8MP_EP

by Richard Zhu

For IMX8MM_EP and IMX8MP_EP, add fixed 256-byte BAR 4 and reserved BAR 5 in imx8m_pcie_epc_features. Fixes: 75c2f26da03f ("PCI: imx6: Add i.MX PCIe EP mode support") Cc: stable(a)vger.kernel.org Signed-off-by: Richard Zhu <hongxing.zhu(a)nxp.com> Reviewed-by: Frank Li <Frank.Li(a)nxp.com> --- drivers/pci/controller/dwc/pci-imx6.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/pci/controller/dwc/pci-imx6.c b/drivers/pci/controller/dwc/pci-imx6.c index 7d15bcb7c107..9754cc6e09b9 100644 --- a/drivers/pci/controller/dwc/pci-imx6.c +++ b/drivers/pci/controller/dwc/pci-imx6.c @@ -1385,6 +1385,8 @@ static const struct pci_epc_features imx8m_pcie_epc_features = { .msix_capable = false, .bar[BAR_1] = { .type = BAR_RESERVED, }, .bar[BAR_3] = { .type = BAR_RESERVED, }, + .bar[BAR_4] = { .type = BAR_FIXED, .fixed_size = SZ_256, }, + .bar[BAR_5] = { .type = BAR_RESERVED, }, .align = SZ_64K, }; -- 2.37.1

4 months

1
0
0 0

[PATCH v3 1/2] PCI: imx6: Correct the epc_features of IMX8MQ_EP

by Richard Zhu

IMX8MQ_EP has three 64-bit BAR0/2/4 capable and programmable BARs. For IMX8MQ_EP, use imx8q_pcie_epc_features (64-bit BARs 0, 2, 4) instead of imx8m_pcie_epc_features (64-bit BARs 0, 2). Fixes: 75c2f26da03f ("PCI: imx6: Add i.MX PCIe EP mode support") Cc: stable(a)vger.kernel.org Signed-off-by: Richard Zhu <hongxing.zhu(a)nxp.com> Reviewed-by: Frank Li <Frank.Li(a)nxp.com> --- drivers/pci/controller/dwc/pci-imx6.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/pci/controller/dwc/pci-imx6.c b/drivers/pci/controller/dwc/pci-imx6.c index 5a38cfaf989b..7d15bcb7c107 100644 --- a/drivers/pci/controller/dwc/pci-imx6.c +++ b/drivers/pci/controller/dwc/pci-imx6.c @@ -1912,7 +1912,7 @@ static const struct imx_pcie_drvdata drvdata[] = { .mode_mask[0] = IMX6Q_GPR12_DEVICE_TYPE, .mode_off[1] = IOMUXC_GPR12, .mode_mask[1] = IMX8MQ_GPR12_PCIE2_CTRL_DEVICE_TYPE, - .epc_features = &imx8m_pcie_epc_features, + .epc_features = &imx8q_pcie_epc_features, .init_phy = imx8mq_pcie_init_phy, .enable_ref_clk = imx8mm_pcie_enable_ref_clk, }, -- 2.37.1

4 months

1
0
0 0

[PATCH v2 1/5] scsi: fnic: Set appropriate logging level for log message

by Karan Tilak Kumar

Replace KERN_INFO with KERN_DEBUG for a log message. Reviewed-by: Sesidhar Baddela <sebaddel(a)cisco.com> Reviewed-by: Arulprabhu Ponnusamy <arulponn(a)cisco.com> Reviewed-by: Gian Carlo Boffa <gcboffa(a)cisco.com> Reviewed-by: Arun Easi <aeasi(a)cisco.com> Signed-off-by: Karan Tilak Kumar <kartilak(a)cisco.com> --- drivers/scsi/fnic/fnic_scsi.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/scsi/fnic/fnic_scsi.c b/drivers/scsi/fnic/fnic_scsi.c index 7133b254cbe4..75b29a018d1f 100644 --- a/drivers/scsi/fnic/fnic_scsi.c +++ b/drivers/scsi/fnic/fnic_scsi.c @@ -1046,7 +1046,7 @@ static void fnic_fcpio_icmnd_cmpl_handler(struct fnic *fnic, unsigned int cq_ind if (icmnd_cmpl->scsi_status == SAM_STAT_TASK_SET_FULL) atomic64_inc(&fnic_stats->misc_stats.queue_fulls); - FNIC_SCSI_DBG(KERN_INFO, fnic->host, fnic->fnic_num, + FNIC_SCSI_DBG(KERN_DEBUG, fnic->host, fnic->fnic_num, "xfer_len: %llu", xfer_len); break; -- 2.47.1

4 months

3
8
0 0

FAILED: patch "[PATCH] usb: dwc3: Abort suspend on soft disconnect failure" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 630a1dec3b0eba2a695b9063f1c205d585cbfec9 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025070842-boondocks-tint-f86c@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 630a1dec3b0eba2a695b9063f1c205d585cbfec9 Mon Sep 17 00:00:00 2001 From: Kuen-Han Tsai <khtsai(a)google.com> Date: Wed, 28 May 2025 18:03:11 +0800 Subject: [PATCH] usb: dwc3: Abort suspend on soft disconnect failure When dwc3_gadget_soft_disconnect() fails, dwc3_suspend_common() keeps going with the suspend, resulting in a period where the power domain is off, but the gadget driver remains connected. Within this time frame, invoking vbus_event_work() will cause an error as it attempts to access DWC3 registers for endpoint disabling after the power domain has been completely shut down. Abort the suspend sequence when dwc3_gadget_suspend() cannot halt the controller and proceeds with a soft connect. Fixes: 9f8a67b65a49 ("usb: dwc3: gadget: fix gadget suspend/resume") Cc: stable <stable(a)kernel.org> Acked-by: Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> Signed-off-by: Kuen-Han Tsai <khtsai(a)google.com> Link: https://lore.kernel.org/r/20250528100315.2162699-1-khtsai@google.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/dwc3/core.c b/drivers/usb/dwc3/core.c index 2bc775a747f2..8002c23a5a02 100644 --- a/drivers/usb/dwc3/core.c +++ b/drivers/usb/dwc3/core.c @@ -2422,6 +2422,7 @@ static int dwc3_suspend_common(struct dwc3 *dwc, pm_message_t msg) { u32 reg; int i; + int ret; if (!pm_runtime_suspended(dwc->dev) && !PMSG_IS_AUTO(msg)) { dwc->susphy_state = (dwc3_readl(dwc->regs, DWC3_GUSB2PHYCFG(0)) & @@ -2440,7 +2441,9 @@ static int dwc3_suspend_common(struct dwc3 *dwc, pm_message_t msg) case DWC3_GCTL_PRTCAP_DEVICE: if (pm_runtime_suspended(dwc->dev)) break; - dwc3_gadget_suspend(dwc); + ret = dwc3_gadget_suspend(dwc); + if (ret) + return ret; synchronize_irq(dwc->irq_gadget); dwc3_core_exit(dwc); break; @@ -2475,7 +2478,9 @@ static int dwc3_suspend_common(struct dwc3 *dwc, pm_message_t msg) break; if (dwc->current_otg_role == DWC3_OTG_ROLE_DEVICE) { - dwc3_gadget_suspend(dwc); + ret = dwc3_gadget_suspend(dwc); + if (ret) + return ret; synchronize_irq(dwc->irq_gadget); } diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c index 321361288935..b6b63b530148 100644 --- a/drivers/usb/dwc3/gadget.c +++ b/drivers/usb/dwc3/gadget.c @@ -4821,8 +4821,15 @@ int dwc3_gadget_suspend(struct dwc3 *dwc) int ret; ret = dwc3_gadget_soft_disconnect(dwc); - if (ret) - goto err; + /* + * Attempt to reset the controller's state. Likely no + * communication can be established until the host + * performs a port reset. + */ + if (ret && dwc->softconnect) { + dwc3_gadget_soft_connect(dwc); + return -EAGAIN; + } spin_lock_irqsave(&dwc->lock, flags); if (dwc->gadget_driver) @@ -4830,17 +4837,6 @@ int dwc3_gadget_suspend(struct dwc3 *dwc) spin_unlock_irqrestore(&dwc->lock, flags); return 0; - -err: - /* - * Attempt to reset the controller's state. Likely no - * communication can be established until the host - * performs a port reset. - */ - if (dwc->softconnect) - dwc3_gadget_soft_connect(dwc); - - return ret; } int dwc3_gadget_resume(struct dwc3 *dwc)

4 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror