- Linux-stable-mirror - lists.linaro.org

FAILED: patch "[PATCH] tty: xilinx_uartps: split sysrq handling" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x b06f388994500297bb91be60ffaf6825ecfd2afe # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025020949-press-evolve-b900@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b06f388994500297bb91be60ffaf6825ecfd2afe Mon Sep 17 00:00:00 2001 From: Sean Anderson <sean.anderson(a)linux.dev> Date: Fri, 10 Jan 2025 16:38:22 -0500 Subject: [PATCH] tty: xilinx_uartps: split sysrq handling lockdep detects the following circular locking dependency: CPU 0 CPU 1 ========================== ============================ cdns_uart_isr() printk() uart_port_lock(port) console_lock() cdns_uart_console_write() if (!port->sysrq) uart_port_lock(port) uart_handle_break() port->sysrq = ... uart_handle_sysrq_char() printk() console_lock() The fixed commit attempts to avoid this situation by only taking the port lock in cdns_uart_console_write if port->sysrq unset. However, if (as shown above) cdns_uart_console_write runs before port->sysrq is set, then it will try to take the port lock anyway. This may result in a deadlock. Fix this by splitting sysrq handling into two parts. We use the prepare helper under the port lock and defer handling until we release the lock. Fixes: 74ea66d4ca06 ("tty: xuartps: Improve sysrq handling") Signed-off-by: Sean Anderson <sean.anderson(a)linux.dev> Cc: stable(a)vger.kernel.org # c980248179d: serial: xilinx_uartps: Use port lock wrappers Acked-by: John Ogness <john.ogness(a)linutronix.de> Link: https://lore.kernel.org/r/20250110213822.2107462-1-sean.anderson@linux.dev Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/serial/xilinx_uartps.c b/drivers/tty/serial/xilinx_uartps.c index beb151be4d32..92ec51870d1d 100644 --- a/drivers/tty/serial/xilinx_uartps.c +++ b/drivers/tty/serial/xilinx_uartps.c @@ -287,7 +287,7 @@ static void cdns_uart_handle_rx(void *dev_id, unsigned int isrstatus) continue; } - if (uart_handle_sysrq_char(port, data)) + if (uart_prepare_sysrq_char(port, data)) continue; if (is_rxbs_support) { @@ -495,7 +495,7 @@ static irqreturn_t cdns_uart_isr(int irq, void *dev_id) !(readl(port->membase + CDNS_UART_CR) & CDNS_UART_CR_RX_DIS)) cdns_uart_handle_rx(dev_id, isrstatus); - uart_port_unlock(port); + uart_unlock_and_check_sysrq(port); return IRQ_HANDLED; } @@ -1380,9 +1380,7 @@ static void cdns_uart_console_write(struct console *co, const char *s, unsigned int imr, ctrl; int locked = 1; - if (port->sysrq) - locked = 0; - else if (oops_in_progress) + if (oops_in_progress) locked = uart_port_trylock_irqsave(port, &flags); else uart_port_lock_irqsave(port, &flags);

4 months, 1 week

2
2
0 0

[PATCH v3 0/3] mtd: rawnand: cadence: improvement and fixes

by niravkumar.l.rabara＠intel.com

From: Niravkumar L Rabara <niravkumar.l.rabara(a)intel.com> This patchset introduces improvements and fixes for cadence nand driver. The changes include: 1. Replace dma_request_channel() with dma_request_chan_by_mask() and use helper functions to return proper error code instead of fixed -EBUSY. 2. Remap the slave DMA I/O resources to enhance driver portability. 3. Fixed dma_unmap_single to use correct physical/bus device. v3 changes:- * Update commit message based on v2 review feedback for better clarity. * Use dma_request_chan_by_mask() and helper functions to return proper error code instead of fixed -EBUSY error code. link to v2: - https://lore.kernel.org/all/20250116032154.3976447-1-niravkumar.l.rabara@in… v2 changes:- * Added the missing Fixes and Cc: stable tags to the patches. link to v1: - https://lore.kernel.org/all/20250108135234.3107502-1-niravkumar.l.rabara@in… Niravkumar L Rabara (3): mtd: rawnand: cadence: fix error code in cadence_nand_init() mtd: rawnand: cadence: use dma_map_resource for sdma address mtd: rawnand: cadence: fix incorrect device in dma_unmap_single .../mtd/nand/raw/cadence-nand-controller.c | 42 ++++++++++++++----- 1 file changed, 31 insertions(+), 11 deletions(-) -- 2.25.1

4 months, 1 week

2
4
0 0

FAILED: patch "[PATCH] mm: gup: fix infinite loop within __get_longterm_locked" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 1aaf8c122918aa8897605a9aa1e8ed6600d6f930 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021008-nemeses-footwork-0f1d@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1aaf8c122918aa8897605a9aa1e8ed6600d6f930 Mon Sep 17 00:00:00 2001 From: Zhaoyang Huang <zhaoyang.huang(a)unisoc.com> Date: Tue, 21 Jan 2025 10:01:59 +0800 Subject: [PATCH] mm: gup: fix infinite loop within __get_longterm_locked We can run into an infinite loop in __get_longterm_locked() when collect_longterm_unpinnable_folios() finds only folios that are isolated from the LRU or were never added to the LRU. This can happen when all folios to be pinned are never added to the LRU, for example when vm_ops->fault allocated pages using cma_alloc() and never added them to the LRU. Fix it by simply taking a look at the list in the single caller, to see if anything was added. [zhaoyang.huang(a)unisoc.com: move definition of local] Link: https://lkml.kernel.org/r/20250122012604.3654667-1-zhaoyang.huang@unisoc.com Link: https://lkml.kernel.org/r/20250121020159.3636477-1-zhaoyang.huang@unisoc.com Fixes: 67e139b02d99 ("mm/gup.c: refactor check_and_migrate_movable_pages()") Signed-off-by: Zhaoyang Huang <zhaoyang.huang(a)unisoc.com> Reviewed-by: John Hubbard <jhubbard(a)nvidia.com> Reviewed-by: David Hildenbrand <david(a)redhat.com> Suggested-by: David Hildenbrand <david(a)redhat.com> Acked-by: David Hildenbrand <david(a)redhat.com> Cc: Aijun Sun <aijun.sun(a)unisoc.com> Cc: Alistair Popple <apopple(a)nvidia.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/gup.c b/mm/gup.c index 9aaf338cc1f4..3883b307780e 100644 --- a/mm/gup.c +++ b/mm/gup.c @@ -2320,13 +2320,13 @@ static void pofs_unpin(struct pages_or_folios *pofs) /* * Returns the number of collected folios. Return value is always >= 0. */ -static unsigned long collect_longterm_unpinnable_folios( +static void collect_longterm_unpinnable_folios( struct list_head *movable_folio_list, struct pages_or_folios *pofs) { - unsigned long i, collected = 0; struct folio *prev_folio = NULL; bool drain_allow = true; + unsigned long i; for (i = 0; i < pofs->nr_entries; i++) { struct folio *folio = pofs_get_folio(pofs, i); @@ -2338,8 +2338,6 @@ static unsigned long collect_longterm_unpinnable_folios( if (folio_is_longterm_pinnable(folio)) continue; - collected++; - if (folio_is_device_coherent(folio)) continue; @@ -2361,8 +2359,6 @@ static unsigned long collect_longterm_unpinnable_folios( NR_ISOLATED_ANON + folio_is_file_lru(folio), folio_nr_pages(folio)); } - - return collected; } /* @@ -2439,11 +2435,9 @@ static long check_and_migrate_movable_pages_or_folios(struct pages_or_folios *pofs) { LIST_HEAD(movable_folio_list); - unsigned long collected; - collected = collect_longterm_unpinnable_folios(&movable_folio_list, - pofs); - if (!collected) + collect_longterm_unpinnable_folios(&movable_folio_list, pofs); + if (list_empty(&movable_folio_list)) return 0; return migrate_longterm_unpinnable_folios(&movable_folio_list, pofs);

4 months, 1 week

1
0
0 0

[PATCH] drm/xe: Carve out wopcm portion from the stolen memory

by Nirmoy Das

Top of stolen memory is wopcm which shouldn't be accessed so remove that portion of memory from the stolen memory. Fixes: d8b52a02cb40 ("drm/xe: Implement stolen memory.") Cc: Maarten Lankhorst <maarten.lankhorst(a)linux.intel.com> Cc: Matthew Auld <matthew.auld(a)intel.com> Cc: Lucas De Marchi <lucas.demarchi(a)intel.com> Cc: <stable(a)vger.kernel.org> # v6.8+ Signed-off-by: Nirmoy Das <nirmoy.das(a)intel.com> --- drivers/gpu/drm/xe/xe_ttm_stolen_mgr.c | 54 ++++++++++++++------------ 1 file changed, 30 insertions(+), 24 deletions(-) diff --git a/drivers/gpu/drm/xe/xe_ttm_stolen_mgr.c b/drivers/gpu/drm/xe/xe_ttm_stolen_mgr.c index 423856cc18d4..d414421f8c13 100644 --- a/drivers/gpu/drm/xe/xe_ttm_stolen_mgr.c +++ b/drivers/gpu/drm/xe/xe_ttm_stolen_mgr.c @@ -57,12 +57,35 @@ bool xe_ttm_stolen_cpu_access_needs_ggtt(struct xe_device *xe) return GRAPHICS_VERx100(xe) < 1270 && !IS_DGFX(xe); } +static u32 get_wopcm_size(struct xe_device *xe) +{ + u32 wopcm_size; + u64 val; + + val = xe_mmio_read64_2x32(xe_root_tile_mmio(xe), STOLEN_RESERVED); + val = REG_FIELD_GET64(WOPCM_SIZE_MASK, val); + + switch (val) { + case 0x5 ... 0x6: + val--; + fallthrough; + case 0x0 ... 0x3: + wopcm_size = (1U << val) * SZ_1M; + break; + default: + WARN(1, "Missing case wopcm_size=%llx\n", val); + wopcm_size = 0; + } + + return wopcm_size; +} + static s64 detect_bar2_dgfx(struct xe_device *xe, struct xe_ttm_stolen_mgr *mgr) { struct xe_tile *tile = xe_device_get_root_tile(xe); struct xe_mmio *mmio = xe_root_tile_mmio(xe); struct pci_dev *pdev = to_pci_dev(xe->drm.dev); - u64 stolen_size; + u64 stolen_size, wopcm_size; u64 tile_offset; u64 tile_size; @@ -74,7 +97,13 @@ static s64 detect_bar2_dgfx(struct xe_device *xe, struct xe_ttm_stolen_mgr *mgr) if (drm_WARN_ON(&xe->drm, tile_size < mgr->stolen_base)) return 0; + /* Carve out the top of DSM as it contains the reserved WOPCM region */ + wopcm_size = get_wopcm_size(xe); + if (drm_WARN_ON(&xe->drm, !wopcm_size)) + return 0; + stolen_size = tile_size - mgr->stolen_base; + stolen_size -= wopcm_size; /* Verify usage fits in the actual resource available */ if (mgr->stolen_base + stolen_size <= pci_resource_len(pdev, LMEM_BAR)) @@ -89,29 +118,6 @@ static s64 detect_bar2_dgfx(struct xe_device *xe, struct xe_ttm_stolen_mgr *mgr) return ALIGN_DOWN(stolen_size, SZ_1M); } -static u32 get_wopcm_size(struct xe_device *xe) -{ - u32 wopcm_size; - u64 val; - - val = xe_mmio_read64_2x32(xe_root_tile_mmio(xe), STOLEN_RESERVED); - val = REG_FIELD_GET64(WOPCM_SIZE_MASK, val); - - switch (val) { - case 0x5 ... 0x6: - val--; - fallthrough; - case 0x0 ... 0x3: - wopcm_size = (1U << val) * SZ_1M; - break; - default: - WARN(1, "Missing case wopcm_size=%llx\n", val); - wopcm_size = 0; - } - - return wopcm_size; -} - static u32 detect_bar2_integrated(struct xe_device *xe, struct xe_ttm_stolen_mgr *mgr) { struct pci_dev *pdev = to_pci_dev(xe->drm.dev); -- 2.46.0

4 months, 1 week

3
2
0 0

FAILED: patch "[PATCH] soc: mediatek: mtk-devapc: Fix leaking IO map on driver" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x c9c0036c1990da8d2dd33563e327e05a775fcf10 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021013-unveiled-grazing-b8ac@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c9c0036c1990da8d2dd33563e327e05a775fcf10 Mon Sep 17 00:00:00 2001 From: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Date: Sat, 4 Jan 2025 15:20:12 +0100 Subject: [PATCH] soc: mediatek: mtk-devapc: Fix leaking IO map on driver remove Driver removal should fully clean up - unmap the memory. Fixes: 0890beb22618 ("soc: mediatek: add mt6779 devapc driver") Cc: stable(a)vger.kernel.org Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Link: https://lore.kernel.org/r/20250104142012.115974-2-krzysztof.kozlowski@linar… Signed-off-by: AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> diff --git a/drivers/soc/mediatek/mtk-devapc.c b/drivers/soc/mediatek/mtk-devapc.c index 500847b41b16..f54c966138b5 100644 --- a/drivers/soc/mediatek/mtk-devapc.c +++ b/drivers/soc/mediatek/mtk-devapc.c @@ -305,6 +305,7 @@ static void mtk_devapc_remove(struct platform_device *pdev) struct mtk_devapc_context *ctx = platform_get_drvdata(pdev); stop_devapc(ctx); + iounmap(ctx->infra_base); } static struct platform_driver mtk_devapc_driver = {

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] soc: mediatek: mtk-devapc: Fix leaking IO map on driver" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x c9c0036c1990da8d2dd33563e327e05a775fcf10 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021013-trinity-yearling-c7bf@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c9c0036c1990da8d2dd33563e327e05a775fcf10 Mon Sep 17 00:00:00 2001 From: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Date: Sat, 4 Jan 2025 15:20:12 +0100 Subject: [PATCH] soc: mediatek: mtk-devapc: Fix leaking IO map on driver remove Driver removal should fully clean up - unmap the memory. Fixes: 0890beb22618 ("soc: mediatek: add mt6779 devapc driver") Cc: stable(a)vger.kernel.org Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Link: https://lore.kernel.org/r/20250104142012.115974-2-krzysztof.kozlowski@linar… Signed-off-by: AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> diff --git a/drivers/soc/mediatek/mtk-devapc.c b/drivers/soc/mediatek/mtk-devapc.c index 500847b41b16..f54c966138b5 100644 --- a/drivers/soc/mediatek/mtk-devapc.c +++ b/drivers/soc/mediatek/mtk-devapc.c @@ -305,6 +305,7 @@ static void mtk_devapc_remove(struct platform_device *pdev) struct mtk_devapc_context *ctx = platform_get_drvdata(pdev); stop_devapc(ctx); + iounmap(ctx->infra_base); } static struct platform_driver mtk_devapc_driver = {

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] soc: mediatek: mtk-devapc: Fix leaking IO map on driver" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x c9c0036c1990da8d2dd33563e327e05a775fcf10 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021012-busybody-undertook-fce1@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c9c0036c1990da8d2dd33563e327e05a775fcf10 Mon Sep 17 00:00:00 2001 From: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Date: Sat, 4 Jan 2025 15:20:12 +0100 Subject: [PATCH] soc: mediatek: mtk-devapc: Fix leaking IO map on driver remove Driver removal should fully clean up - unmap the memory. Fixes: 0890beb22618 ("soc: mediatek: add mt6779 devapc driver") Cc: stable(a)vger.kernel.org Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Link: https://lore.kernel.org/r/20250104142012.115974-2-krzysztof.kozlowski@linar… Signed-off-by: AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> diff --git a/drivers/soc/mediatek/mtk-devapc.c b/drivers/soc/mediatek/mtk-devapc.c index 500847b41b16..f54c966138b5 100644 --- a/drivers/soc/mediatek/mtk-devapc.c +++ b/drivers/soc/mediatek/mtk-devapc.c @@ -305,6 +305,7 @@ static void mtk_devapc_remove(struct platform_device *pdev) struct mtk_devapc_context *ctx = platform_get_drvdata(pdev); stop_devapc(ctx); + iounmap(ctx->infra_base); } static struct platform_driver mtk_devapc_driver = {

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] soc: mediatek: mtk-devapc: Fix leaking IO map on error paths" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x c0eb059a4575ed57f265d9883a5203799c19982c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021059-repulsive-savor-1f9d@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c0eb059a4575ed57f265d9883a5203799c19982c Mon Sep 17 00:00:00 2001 From: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Date: Sat, 4 Jan 2025 15:20:11 +0100 Subject: [PATCH] soc: mediatek: mtk-devapc: Fix leaking IO map on error paths Error paths of mtk_devapc_probe() should unmap the memory. Reported by Smatch: drivers/soc/mediatek/mtk-devapc.c:292 mtk_devapc_probe() warn: 'ctx->infra_base' from of_iomap() not released on lines: 277,281,286. Fixes: 0890beb22618 ("soc: mediatek: add mt6779 devapc driver") Cc: stable(a)vger.kernel.org Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Link: https://lore.kernel.org/r/20250104142012.115974-1-krzysztof.kozlowski@linar… Signed-off-by: AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> diff --git a/drivers/soc/mediatek/mtk-devapc.c b/drivers/soc/mediatek/mtk-devapc.c index 2a1adcb87d4e..500847b41b16 100644 --- a/drivers/soc/mediatek/mtk-devapc.c +++ b/drivers/soc/mediatek/mtk-devapc.c @@ -273,23 +273,31 @@ static int mtk_devapc_probe(struct platform_device *pdev) return -EINVAL; devapc_irq = irq_of_parse_and_map(node, 0); - if (!devapc_irq) - return -EINVAL; + if (!devapc_irq) { + ret = -EINVAL; + goto err; + } ctx->infra_clk = devm_clk_get_enabled(&pdev->dev, "devapc-infra-clock"); - if (IS_ERR(ctx->infra_clk)) - return -EINVAL; + if (IS_ERR(ctx->infra_clk)) { + ret = -EINVAL; + goto err; + } ret = devm_request_irq(&pdev->dev, devapc_irq, devapc_violation_irq, IRQF_TRIGGER_NONE, "devapc", ctx); if (ret) - return ret; + goto err; platform_set_drvdata(pdev, ctx); start_devapc(ctx); return 0; + +err: + iounmap(ctx->infra_base); + return ret; } static void mtk_devapc_remove(struct platform_device *pdev)

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] soc: mediatek: mtk-devapc: Fix leaking IO map on error paths" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x c0eb059a4575ed57f265d9883a5203799c19982c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021049-womanlike-crouch-8a65@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c0eb059a4575ed57f265d9883a5203799c19982c Mon Sep 17 00:00:00 2001 From: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Date: Sat, 4 Jan 2025 15:20:11 +0100 Subject: [PATCH] soc: mediatek: mtk-devapc: Fix leaking IO map on error paths Error paths of mtk_devapc_probe() should unmap the memory. Reported by Smatch: drivers/soc/mediatek/mtk-devapc.c:292 mtk_devapc_probe() warn: 'ctx->infra_base' from of_iomap() not released on lines: 277,281,286. Fixes: 0890beb22618 ("soc: mediatek: add mt6779 devapc driver") Cc: stable(a)vger.kernel.org Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Link: https://lore.kernel.org/r/20250104142012.115974-1-krzysztof.kozlowski@linar… Signed-off-by: AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> diff --git a/drivers/soc/mediatek/mtk-devapc.c b/drivers/soc/mediatek/mtk-devapc.c index 2a1adcb87d4e..500847b41b16 100644 --- a/drivers/soc/mediatek/mtk-devapc.c +++ b/drivers/soc/mediatek/mtk-devapc.c @@ -273,23 +273,31 @@ static int mtk_devapc_probe(struct platform_device *pdev) return -EINVAL; devapc_irq = irq_of_parse_and_map(node, 0); - if (!devapc_irq) - return -EINVAL; + if (!devapc_irq) { + ret = -EINVAL; + goto err; + } ctx->infra_clk = devm_clk_get_enabled(&pdev->dev, "devapc-infra-clock"); - if (IS_ERR(ctx->infra_clk)) - return -EINVAL; + if (IS_ERR(ctx->infra_clk)) { + ret = -EINVAL; + goto err; + } ret = devm_request_irq(&pdev->dev, devapc_irq, devapc_violation_irq, IRQF_TRIGGER_NONE, "devapc", ctx); if (ret) - return ret; + goto err; platform_set_drvdata(pdev, ctx); start_devapc(ctx); return 0; + +err: + iounmap(ctx->infra_base); + return ret; } static void mtk_devapc_remove(struct platform_device *pdev)

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] iio: dac: ad3552r-common: fix ad3541/2r ranges" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 1e758b613212b6964518a67939535910b5aee831 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021011-ending-obliged-c11e@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1e758b613212b6964518a67939535910b5aee831 Mon Sep 17 00:00:00 2001 From: Angelo Dureghello <adureghello(a)baylibre.com> Date: Wed, 8 Jan 2025 18:29:15 +0100 Subject: [PATCH] iio: dac: ad3552r-common: fix ad3541/2r ranges Fix ad3541/2r voltage ranges to be as per ad3542r datasheet, rev. C, table 38 (page 57). The wrong ad354xr ranges was generating erroneous Vpp output. In more details: - fix wrong number of ranges, they are 5 ranges, not 6, - remove non-existent 0-3V range, - adjust order, since ad3552r_find_range() get a wrong index, producing a wrong Vpp as output. Retested all the ranges on real hardware, EVALAD3542RFMCZ: adi,output-range-microvolt (fdt): <(000000) (2500000)>; ok (Rfbx1, switch 10) <(000000) (5000000)>; ok (Rfbx1, switch 10) <(000000) (10000000)>; ok (Rfbx1, switch 10) <(-5000000) (5000000)>; ok (Rfbx2, switch +/- 5) <(-2500000) (7500000)>; ok (Rfbx2, switch -2.5/7.5) Fixes: 8f2b54824b28 ("drivers:iio:dac: Add AD3552R driver support") Signed-off-by: Angelo Dureghello <adureghello(a)baylibre.com> Reviewed-by: David Lechner <dlechner(a)baylibre.com> Link: https://patch.msgid.link/20250108-wip-bl-ad3552r-axi-v0-iio-testing-carlos-… Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> diff --git a/drivers/iio/dac/ad3552r-common.c b/drivers/iio/dac/ad3552r-common.c index 0f495df2e5ce..03e0864f5084 100644 --- a/drivers/iio/dac/ad3552r-common.c +++ b/drivers/iio/dac/ad3552r-common.c @@ -22,11 +22,10 @@ EXPORT_SYMBOL_NS_GPL(ad3552r_ch_ranges, "IIO_AD3552R"); const s32 ad3542r_ch_ranges[AD3542R_MAX_RANGES][2] = { [AD3542R_CH_OUTPUT_RANGE_0__2P5V] = { 0, 2500 }, - [AD3542R_CH_OUTPUT_RANGE_0__3V] = { 0, 3000 }, [AD3542R_CH_OUTPUT_RANGE_0__5V] = { 0, 5000 }, [AD3542R_CH_OUTPUT_RANGE_0__10V] = { 0, 10000 }, - [AD3542R_CH_OUTPUT_RANGE_NEG_2P5__7P5V] = { -2500, 7500 }, - [AD3542R_CH_OUTPUT_RANGE_NEG_5__5V] = { -5000, 5000 } + [AD3542R_CH_OUTPUT_RANGE_NEG_5__5V] = { -5000, 5000 }, + [AD3542R_CH_OUTPUT_RANGE_NEG_2P5__7P5V] = { -2500, 7500 } }; EXPORT_SYMBOL_NS_GPL(ad3542r_ch_ranges, "IIO_AD3552R"); diff --git a/drivers/iio/dac/ad3552r.h b/drivers/iio/dac/ad3552r.h index fd5a3dfd1d1c..4b5581039ae9 100644 --- a/drivers/iio/dac/ad3552r.h +++ b/drivers/iio/dac/ad3552r.h @@ -131,7 +131,7 @@ #define AD3552R_CH1_ACTIVE BIT(1) #define AD3552R_MAX_RANGES 5 -#define AD3542R_MAX_RANGES 6 +#define AD3542R_MAX_RANGES 5 #define AD3552R_QUAD_SPI 2 extern const s32 ad3552r_ch_ranges[AD3552R_MAX_RANGES][2]; @@ -189,16 +189,14 @@ enum ad3552r_ch_vref_select { enum ad3542r_ch_output_range { /* Range from 0 V to 2.5 V. Requires Rfb1x connection */ AD3542R_CH_OUTPUT_RANGE_0__2P5V, - /* Range from 0 V to 3 V. Requires Rfb1x connection */ - AD3542R_CH_OUTPUT_RANGE_0__3V, /* Range from 0 V to 5 V. Requires Rfb1x connection */ AD3542R_CH_OUTPUT_RANGE_0__5V, /* Range from 0 V to 10 V. Requires Rfb2x connection */ AD3542R_CH_OUTPUT_RANGE_0__10V, - /* Range from -2.5 V to 7.5 V. Requires Rfb2x connection */ - AD3542R_CH_OUTPUT_RANGE_NEG_2P5__7P5V, /* Range from -5 V to 5 V. Requires Rfb2x connection */ AD3542R_CH_OUTPUT_RANGE_NEG_5__5V, + /* Range from -2.5 V to 7.5 V. Requires Rfb2x connection */ + AD3542R_CH_OUTPUT_RANGE_NEG_2P5__7P5V, }; enum ad3552r_ch_output_range {

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] iio: dac: ad3552r-common: fix ad3541/2r ranges" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 1e758b613212b6964518a67939535910b5aee831 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021011-gully-stillness-9d82@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1e758b613212b6964518a67939535910b5aee831 Mon Sep 17 00:00:00 2001 From: Angelo Dureghello <adureghello(a)baylibre.com> Date: Wed, 8 Jan 2025 18:29:15 +0100 Subject: [PATCH] iio: dac: ad3552r-common: fix ad3541/2r ranges Fix ad3541/2r voltage ranges to be as per ad3542r datasheet, rev. C, table 38 (page 57). The wrong ad354xr ranges was generating erroneous Vpp output. In more details: - fix wrong number of ranges, they are 5 ranges, not 6, - remove non-existent 0-3V range, - adjust order, since ad3552r_find_range() get a wrong index, producing a wrong Vpp as output. Retested all the ranges on real hardware, EVALAD3542RFMCZ: adi,output-range-microvolt (fdt): <(000000) (2500000)>; ok (Rfbx1, switch 10) <(000000) (5000000)>; ok (Rfbx1, switch 10) <(000000) (10000000)>; ok (Rfbx1, switch 10) <(-5000000) (5000000)>; ok (Rfbx2, switch +/- 5) <(-2500000) (7500000)>; ok (Rfbx2, switch -2.5/7.5) Fixes: 8f2b54824b28 ("drivers:iio:dac: Add AD3552R driver support") Signed-off-by: Angelo Dureghello <adureghello(a)baylibre.com> Reviewed-by: David Lechner <dlechner(a)baylibre.com> Link: https://patch.msgid.link/20250108-wip-bl-ad3552r-axi-v0-iio-testing-carlos-… Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> diff --git a/drivers/iio/dac/ad3552r-common.c b/drivers/iio/dac/ad3552r-common.c index 0f495df2e5ce..03e0864f5084 100644 --- a/drivers/iio/dac/ad3552r-common.c +++ b/drivers/iio/dac/ad3552r-common.c @@ -22,11 +22,10 @@ EXPORT_SYMBOL_NS_GPL(ad3552r_ch_ranges, "IIO_AD3552R"); const s32 ad3542r_ch_ranges[AD3542R_MAX_RANGES][2] = { [AD3542R_CH_OUTPUT_RANGE_0__2P5V] = { 0, 2500 }, - [AD3542R_CH_OUTPUT_RANGE_0__3V] = { 0, 3000 }, [AD3542R_CH_OUTPUT_RANGE_0__5V] = { 0, 5000 }, [AD3542R_CH_OUTPUT_RANGE_0__10V] = { 0, 10000 }, - [AD3542R_CH_OUTPUT_RANGE_NEG_2P5__7P5V] = { -2500, 7500 }, - [AD3542R_CH_OUTPUT_RANGE_NEG_5__5V] = { -5000, 5000 } + [AD3542R_CH_OUTPUT_RANGE_NEG_5__5V] = { -5000, 5000 }, + [AD3542R_CH_OUTPUT_RANGE_NEG_2P5__7P5V] = { -2500, 7500 } }; EXPORT_SYMBOL_NS_GPL(ad3542r_ch_ranges, "IIO_AD3552R"); diff --git a/drivers/iio/dac/ad3552r.h b/drivers/iio/dac/ad3552r.h index fd5a3dfd1d1c..4b5581039ae9 100644 --- a/drivers/iio/dac/ad3552r.h +++ b/drivers/iio/dac/ad3552r.h @@ -131,7 +131,7 @@ #define AD3552R_CH1_ACTIVE BIT(1) #define AD3552R_MAX_RANGES 5 -#define AD3542R_MAX_RANGES 6 +#define AD3542R_MAX_RANGES 5 #define AD3552R_QUAD_SPI 2 extern const s32 ad3552r_ch_ranges[AD3552R_MAX_RANGES][2]; @@ -189,16 +189,14 @@ enum ad3552r_ch_vref_select { enum ad3542r_ch_output_range { /* Range from 0 V to 2.5 V. Requires Rfb1x connection */ AD3542R_CH_OUTPUT_RANGE_0__2P5V, - /* Range from 0 V to 3 V. Requires Rfb1x connection */ - AD3542R_CH_OUTPUT_RANGE_0__3V, /* Range from 0 V to 5 V. Requires Rfb1x connection */ AD3542R_CH_OUTPUT_RANGE_0__5V, /* Range from 0 V to 10 V. Requires Rfb2x connection */ AD3542R_CH_OUTPUT_RANGE_0__10V, - /* Range from -2.5 V to 7.5 V. Requires Rfb2x connection */ - AD3542R_CH_OUTPUT_RANGE_NEG_2P5__7P5V, /* Range from -5 V to 5 V. Requires Rfb2x connection */ AD3542R_CH_OUTPUT_RANGE_NEG_5__5V, + /* Range from -2.5 V to 7.5 V. Requires Rfb2x connection */ + AD3542R_CH_OUTPUT_RANGE_NEG_2P5__7P5V, }; enum ad3552r_ch_output_range {

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] mm/hugetlb: fix avoid_reserve to allow taking folio from" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 58db7c5fbe7daa42098d4965133a864f98ba90ba # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021036-joyride-vitality-e81d@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 58db7c5fbe7daa42098d4965133a864f98ba90ba Mon Sep 17 00:00:00 2001 From: Peter Xu <peterx(a)redhat.com> Date: Tue, 7 Jan 2025 15:39:56 -0500 Subject: [PATCH] mm/hugetlb: fix avoid_reserve to allow taking folio from subpool Patch series "mm/hugetlb: Refactor hugetlb allocation resv accounting", v2. This is a follow up on Ackerley's series here as replacement: https://lore.kernel.org/r/cover.1728684491.git.ackerleytng@google.com The goal of this series is to cleanup hugetlb resv accounting, especially during folio allocation, to decouple a few things: - Hugetlb folios v.s. Hugetlbfs: IOW, the hope is in the future hugetlb folios can be allocated completely without hugetlbfs. - Decouple VMA v.s. hugetlb folio allocations: allocating a hugetlb folio should not always require a hugetlbfs VMA. For example, either it got allocated from the inode level (see hugetlbfs_fallocate() where it used a pesudo VMA for allocation), or it can be allocated by other kernel subsystems. It paves way for other users to allocate hugetlb folios out of either system reservations, or subpools (instead of hugetlbfs, as a file system). For longer term, this prepares hugetlb as a separate concept versus hugetlbfs, so that hugetlb folios can be allocated by not only hugetlbfs and other things. Tests I've done: - I had a reproducer in patch 1 for the bug I found, this will start to work after patch 1 or the whole set applied. - Hugetlb regression tests (on x86_64 2MBs), includes: - All vmtests on hugetlbfs - libhugetlbfs test suite (which may fail some tests, but no new failures will be introduced by this series, so all such failures happen before this series so shouldn't be relevant). This patch (of 7): Since commit 04f2cbe35699 ("hugetlb: guarantee that COW faults for a process that called mmap(MAP_PRIVATE) on hugetlbfs will succeed"), avoid_reserve was introduced for a special case of CoW on hugetlb private mappings, and only if the owner VMA is trying to allocate yet another hugetlb folio that is not reserved within the private vma reserved map. Later on, in commit d85f69b0b533 ("mm/hugetlb: alloc_huge_page handle areas hole punched by fallocate"), alloc_huge_page() enforced to not consume any global reservation as long as avoid_reserve=true. This operation doesn't look correct, because even if it will enforce the allocation to not use global reservation at all, it will still try to take one reservation from the spool (if the subpool existed). Then since the spool reserved pages take from global reservation, it'll also take one reservation globally. Logically it can cause global reservation to go wrong. I wrote a reproducer below, trigger this special path, and every run of such program will cause global reservation count to increment by one, until it hits the number of free pages: #define _GNU_SOURCE /* See feature_test_macros(7) */ #include <stdio.h> #include <fcntl.h> #include <errno.h> #include <unistd.h> #include <stdlib.h> #include <sys/mman.h> #define MSIZE (2UL << 20) int main(int argc, char *argv[]) { const char *path; int *buf; int fd, ret; pid_t child; if (argc < 2) { printf("usage: %s <hugetlb_file>\n", argv[0]); return -1; } path = argv[1]; fd = open(path, O_RDWR | O_CREAT, 0666); if (fd < 0) { perror("open failed"); return -1; } ret = fallocate(fd, 0, 0, MSIZE); if (ret != 0) { perror("fallocate"); return -1; } buf = mmap(NULL, MSIZE, PROT_READ|PROT_WRITE, MAP_PRIVATE, fd, 0); if (buf == MAP_FAILED) { perror("mmap() failed"); return -1; } /* Allocate a page */ *buf = 1; child = fork(); if (child == 0) { /* child doesn't need to do anything */ exit(0); } /* Trigger CoW from owner */ *buf = 2; munmap(buf, MSIZE); close(fd); unlink(path); return 0; } It can only reproduce with a sub-mount when there're reserved pages on the spool, like: # sysctl vm.nr_hugepages=128 # mkdir ./hugetlb-pool # mount -t hugetlbfs -o min_size=8M,pagesize=2M none ./hugetlb-pool Then run the reproducer on the mountpoint: # ./reproducer ./hugetlb-pool/test Fix it by taking the reservation from spool if available. In general, avoid_reserve is IMHO more about "avoid vma resv map", not spool's. I copied stable, however I have no intention for backporting if it's not a clean cherry-pick, because private hugetlb mapping, and then fork() on top is too rare to hit. Link: https://lkml.kernel.org/r/20250107204002.2683356-1-peterx@redhat.com Link: https://lkml.kernel.org/r/20250107204002.2683356-2-peterx@redhat.com Fixes: d85f69b0b533 ("mm/hugetlb: alloc_huge_page handle areas hole punched by fallocate") Signed-off-by: Peter Xu <peterx(a)redhat.com> Reviewed-by: Ackerley Tng <ackerleytng(a)google.com> Tested-by: Ackerley Tng <ackerleytng(a)google.com> Reviewed-by: Oscar Salvador <osalvador(a)suse.de> Cc: Breno Leitao <leitao(a)debian.org> Cc: Muchun Song <muchun.song(a)linux.dev> Cc: Naoya Horiguchi <nao.horiguchi(a)gmail.com> Cc: Rik van Riel <riel(a)surriel.com> Cc: Roman Gushchin <roman.gushchin(a)linux.dev> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/hugetlb.c b/mm/hugetlb.c index 312ed27b9721..a10d376cb1a8 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c @@ -1398,8 +1398,7 @@ static unsigned long available_huge_pages(struct hstate *h) static struct folio *dequeue_hugetlb_folio_vma(struct hstate *h, struct vm_area_struct *vma, - unsigned long address, int avoid_reserve, - long chg) + unsigned long address, long chg) { struct folio *folio = NULL; struct mempolicy *mpol; @@ -1415,10 +1414,6 @@ static struct folio *dequeue_hugetlb_folio_vma(struct hstate *h, if (!vma_has_reserves(vma, chg) && !available_huge_pages(h)) goto err; - /* If reserves cannot be used, ensure enough pages are in the pool */ - if (avoid_reserve && !available_huge_pages(h)) - goto err; - gfp_mask = htlb_alloc_mask(h); nid = huge_node(vma, address, gfp_mask, &mpol, &nodemask); @@ -1434,7 +1429,7 @@ static struct folio *dequeue_hugetlb_folio_vma(struct hstate *h, folio = dequeue_hugetlb_folio_nodemask(h, gfp_mask, nid, nodemask); - if (folio && !avoid_reserve && vma_has_reserves(vma, chg)) { + if (folio && vma_has_reserves(vma, chg)) { folio_set_hugetlb_restore_reserve(folio); h->resv_huge_pages--; } @@ -3051,17 +3046,6 @@ struct folio *alloc_hugetlb_folio(struct vm_area_struct *vma, gbl_chg = hugepage_subpool_get_pages(spool, 1); if (gbl_chg < 0) goto out_end_reservation; - - /* - * Even though there was no reservation in the region/reserve - * map, there could be reservations associated with the - * subpool that can be used. This would be indicated if the - * return value of hugepage_subpool_get_pages() is zero. - * However, if avoid_reserve is specified we still avoid even - * the subpool reservations. - */ - if (avoid_reserve) - gbl_chg = 1; } /* If this allocation is not consuming a reservation, charge it now. @@ -3084,7 +3068,7 @@ struct folio *alloc_hugetlb_folio(struct vm_area_struct *vma, * from the global free pool (global change). gbl_chg == 0 indicates * a reservation exists for the allocation. */ - folio = dequeue_hugetlb_folio_vma(h, vma, addr, avoid_reserve, gbl_chg); + folio = dequeue_hugetlb_folio_vma(h, vma, addr, gbl_chg); if (!folio) { spin_unlock_irq(&hugetlb_lock); folio = alloc_buddy_hugetlb_folio_with_mpol(h, vma, addr);

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] mm/hugetlb: fix avoid_reserve to allow taking folio from" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 58db7c5fbe7daa42098d4965133a864f98ba90ba # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021033-cupcake-spud-c04d@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 58db7c5fbe7daa42098d4965133a864f98ba90ba Mon Sep 17 00:00:00 2001 From: Peter Xu <peterx(a)redhat.com> Date: Tue, 7 Jan 2025 15:39:56 -0500 Subject: [PATCH] mm/hugetlb: fix avoid_reserve to allow taking folio from subpool Patch series "mm/hugetlb: Refactor hugetlb allocation resv accounting", v2. This is a follow up on Ackerley's series here as replacement: https://lore.kernel.org/r/cover.1728684491.git.ackerleytng@google.com The goal of this series is to cleanup hugetlb resv accounting, especially during folio allocation, to decouple a few things: - Hugetlb folios v.s. Hugetlbfs: IOW, the hope is in the future hugetlb folios can be allocated completely without hugetlbfs. - Decouple VMA v.s. hugetlb folio allocations: allocating a hugetlb folio should not always require a hugetlbfs VMA. For example, either it got allocated from the inode level (see hugetlbfs_fallocate() where it used a pesudo VMA for allocation), or it can be allocated by other kernel subsystems. It paves way for other users to allocate hugetlb folios out of either system reservations, or subpools (instead of hugetlbfs, as a file system). For longer term, this prepares hugetlb as a separate concept versus hugetlbfs, so that hugetlb folios can be allocated by not only hugetlbfs and other things. Tests I've done: - I had a reproducer in patch 1 for the bug I found, this will start to work after patch 1 or the whole set applied. - Hugetlb regression tests (on x86_64 2MBs), includes: - All vmtests on hugetlbfs - libhugetlbfs test suite (which may fail some tests, but no new failures will be introduced by this series, so all such failures happen before this series so shouldn't be relevant). This patch (of 7): Since commit 04f2cbe35699 ("hugetlb: guarantee that COW faults for a process that called mmap(MAP_PRIVATE) on hugetlbfs will succeed"), avoid_reserve was introduced for a special case of CoW on hugetlb private mappings, and only if the owner VMA is trying to allocate yet another hugetlb folio that is not reserved within the private vma reserved map. Later on, in commit d85f69b0b533 ("mm/hugetlb: alloc_huge_page handle areas hole punched by fallocate"), alloc_huge_page() enforced to not consume any global reservation as long as avoid_reserve=true. This operation doesn't look correct, because even if it will enforce the allocation to not use global reservation at all, it will still try to take one reservation from the spool (if the subpool existed). Then since the spool reserved pages take from global reservation, it'll also take one reservation globally. Logically it can cause global reservation to go wrong. I wrote a reproducer below, trigger this special path, and every run of such program will cause global reservation count to increment by one, until it hits the number of free pages: #define _GNU_SOURCE /* See feature_test_macros(7) */ #include <stdio.h> #include <fcntl.h> #include <errno.h> #include <unistd.h> #include <stdlib.h> #include <sys/mman.h> #define MSIZE (2UL << 20) int main(int argc, char *argv[]) { const char *path; int *buf; int fd, ret; pid_t child; if (argc < 2) { printf("usage: %s <hugetlb_file>\n", argv[0]); return -1; } path = argv[1]; fd = open(path, O_RDWR | O_CREAT, 0666); if (fd < 0) { perror("open failed"); return -1; } ret = fallocate(fd, 0, 0, MSIZE); if (ret != 0) { perror("fallocate"); return -1; } buf = mmap(NULL, MSIZE, PROT_READ|PROT_WRITE, MAP_PRIVATE, fd, 0); if (buf == MAP_FAILED) { perror("mmap() failed"); return -1; } /* Allocate a page */ *buf = 1; child = fork(); if (child == 0) { /* child doesn't need to do anything */ exit(0); } /* Trigger CoW from owner */ *buf = 2; munmap(buf, MSIZE); close(fd); unlink(path); return 0; } It can only reproduce with a sub-mount when there're reserved pages on the spool, like: # sysctl vm.nr_hugepages=128 # mkdir ./hugetlb-pool # mount -t hugetlbfs -o min_size=8M,pagesize=2M none ./hugetlb-pool Then run the reproducer on the mountpoint: # ./reproducer ./hugetlb-pool/test Fix it by taking the reservation from spool if available. In general, avoid_reserve is IMHO more about "avoid vma resv map", not spool's. I copied stable, however I have no intention for backporting if it's not a clean cherry-pick, because private hugetlb mapping, and then fork() on top is too rare to hit. Link: https://lkml.kernel.org/r/20250107204002.2683356-1-peterx@redhat.com Link: https://lkml.kernel.org/r/20250107204002.2683356-2-peterx@redhat.com Fixes: d85f69b0b533 ("mm/hugetlb: alloc_huge_page handle areas hole punched by fallocate") Signed-off-by: Peter Xu <peterx(a)redhat.com> Reviewed-by: Ackerley Tng <ackerleytng(a)google.com> Tested-by: Ackerley Tng <ackerleytng(a)google.com> Reviewed-by: Oscar Salvador <osalvador(a)suse.de> Cc: Breno Leitao <leitao(a)debian.org> Cc: Muchun Song <muchun.song(a)linux.dev> Cc: Naoya Horiguchi <nao.horiguchi(a)gmail.com> Cc: Rik van Riel <riel(a)surriel.com> Cc: Roman Gushchin <roman.gushchin(a)linux.dev> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/hugetlb.c b/mm/hugetlb.c index 312ed27b9721..a10d376cb1a8 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c @@ -1398,8 +1398,7 @@ static unsigned long available_huge_pages(struct hstate *h) static struct folio *dequeue_hugetlb_folio_vma(struct hstate *h, struct vm_area_struct *vma, - unsigned long address, int avoid_reserve, - long chg) + unsigned long address, long chg) { struct folio *folio = NULL; struct mempolicy *mpol; @@ -1415,10 +1414,6 @@ static struct folio *dequeue_hugetlb_folio_vma(struct hstate *h, if (!vma_has_reserves(vma, chg) && !available_huge_pages(h)) goto err; - /* If reserves cannot be used, ensure enough pages are in the pool */ - if (avoid_reserve && !available_huge_pages(h)) - goto err; - gfp_mask = htlb_alloc_mask(h); nid = huge_node(vma, address, gfp_mask, &mpol, &nodemask); @@ -1434,7 +1429,7 @@ static struct folio *dequeue_hugetlb_folio_vma(struct hstate *h, folio = dequeue_hugetlb_folio_nodemask(h, gfp_mask, nid, nodemask); - if (folio && !avoid_reserve && vma_has_reserves(vma, chg)) { + if (folio && vma_has_reserves(vma, chg)) { folio_set_hugetlb_restore_reserve(folio); h->resv_huge_pages--; } @@ -3051,17 +3046,6 @@ struct folio *alloc_hugetlb_folio(struct vm_area_struct *vma, gbl_chg = hugepage_subpool_get_pages(spool, 1); if (gbl_chg < 0) goto out_end_reservation; - - /* - * Even though there was no reservation in the region/reserve - * map, there could be reservations associated with the - * subpool that can be used. This would be indicated if the - * return value of hugepage_subpool_get_pages() is zero. - * However, if avoid_reserve is specified we still avoid even - * the subpool reservations. - */ - if (avoid_reserve) - gbl_chg = 1; } /* If this allocation is not consuming a reservation, charge it now. @@ -3084,7 +3068,7 @@ struct folio *alloc_hugetlb_folio(struct vm_area_struct *vma, * from the global free pool (global change). gbl_chg == 0 indicates * a reservation exists for the allocation. */ - folio = dequeue_hugetlb_folio_vma(h, vma, addr, avoid_reserve, gbl_chg); + folio = dequeue_hugetlb_folio_vma(h, vma, addr, gbl_chg); if (!folio) { spin_unlock_irq(&hugetlb_lock); folio = alloc_buddy_hugetlb_folio_with_mpol(h, vma, addr);

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] mm/hugetlb: fix avoid_reserve to allow taking folio from" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 58db7c5fbe7daa42098d4965133a864f98ba90ba # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021025-deflector-judge-df07@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 58db7c5fbe7daa42098d4965133a864f98ba90ba Mon Sep 17 00:00:00 2001 From: Peter Xu <peterx(a)redhat.com> Date: Tue, 7 Jan 2025 15:39:56 -0500 Subject: [PATCH] mm/hugetlb: fix avoid_reserve to allow taking folio from subpool Patch series "mm/hugetlb: Refactor hugetlb allocation resv accounting", v2. This is a follow up on Ackerley's series here as replacement: https://lore.kernel.org/r/cover.1728684491.git.ackerleytng@google.com The goal of this series is to cleanup hugetlb resv accounting, especially during folio allocation, to decouple a few things: - Hugetlb folios v.s. Hugetlbfs: IOW, the hope is in the future hugetlb folios can be allocated completely without hugetlbfs. - Decouple VMA v.s. hugetlb folio allocations: allocating a hugetlb folio should not always require a hugetlbfs VMA. For example, either it got allocated from the inode level (see hugetlbfs_fallocate() where it used a pesudo VMA for allocation), or it can be allocated by other kernel subsystems. It paves way for other users to allocate hugetlb folios out of either system reservations, or subpools (instead of hugetlbfs, as a file system). For longer term, this prepares hugetlb as a separate concept versus hugetlbfs, so that hugetlb folios can be allocated by not only hugetlbfs and other things. Tests I've done: - I had a reproducer in patch 1 for the bug I found, this will start to work after patch 1 or the whole set applied. - Hugetlb regression tests (on x86_64 2MBs), includes: - All vmtests on hugetlbfs - libhugetlbfs test suite (which may fail some tests, but no new failures will be introduced by this series, so all such failures happen before this series so shouldn't be relevant). This patch (of 7): Since commit 04f2cbe35699 ("hugetlb: guarantee that COW faults for a process that called mmap(MAP_PRIVATE) on hugetlbfs will succeed"), avoid_reserve was introduced for a special case of CoW on hugetlb private mappings, and only if the owner VMA is trying to allocate yet another hugetlb folio that is not reserved within the private vma reserved map. Later on, in commit d85f69b0b533 ("mm/hugetlb: alloc_huge_page handle areas hole punched by fallocate"), alloc_huge_page() enforced to not consume any global reservation as long as avoid_reserve=true. This operation doesn't look correct, because even if it will enforce the allocation to not use global reservation at all, it will still try to take one reservation from the spool (if the subpool existed). Then since the spool reserved pages take from global reservation, it'll also take one reservation globally. Logically it can cause global reservation to go wrong. I wrote a reproducer below, trigger this special path, and every run of such program will cause global reservation count to increment by one, until it hits the number of free pages: #define _GNU_SOURCE /* See feature_test_macros(7) */ #include <stdio.h> #include <fcntl.h> #include <errno.h> #include <unistd.h> #include <stdlib.h> #include <sys/mman.h> #define MSIZE (2UL << 20) int main(int argc, char *argv[]) { const char *path; int *buf; int fd, ret; pid_t child; if (argc < 2) { printf("usage: %s <hugetlb_file>\n", argv[0]); return -1; } path = argv[1]; fd = open(path, O_RDWR | O_CREAT, 0666); if (fd < 0) { perror("open failed"); return -1; } ret = fallocate(fd, 0, 0, MSIZE); if (ret != 0) { perror("fallocate"); return -1; } buf = mmap(NULL, MSIZE, PROT_READ|PROT_WRITE, MAP_PRIVATE, fd, 0); if (buf == MAP_FAILED) { perror("mmap() failed"); return -1; } /* Allocate a page */ *buf = 1; child = fork(); if (child == 0) { /* child doesn't need to do anything */ exit(0); } /* Trigger CoW from owner */ *buf = 2; munmap(buf, MSIZE); close(fd); unlink(path); return 0; } It can only reproduce with a sub-mount when there're reserved pages on the spool, like: # sysctl vm.nr_hugepages=128 # mkdir ./hugetlb-pool # mount -t hugetlbfs -o min_size=8M,pagesize=2M none ./hugetlb-pool Then run the reproducer on the mountpoint: # ./reproducer ./hugetlb-pool/test Fix it by taking the reservation from spool if available. In general, avoid_reserve is IMHO more about "avoid vma resv map", not spool's. I copied stable, however I have no intention for backporting if it's not a clean cherry-pick, because private hugetlb mapping, and then fork() on top is too rare to hit. Link: https://lkml.kernel.org/r/20250107204002.2683356-1-peterx@redhat.com Link: https://lkml.kernel.org/r/20250107204002.2683356-2-peterx@redhat.com Fixes: d85f69b0b533 ("mm/hugetlb: alloc_huge_page handle areas hole punched by fallocate") Signed-off-by: Peter Xu <peterx(a)redhat.com> Reviewed-by: Ackerley Tng <ackerleytng(a)google.com> Tested-by: Ackerley Tng <ackerleytng(a)google.com> Reviewed-by: Oscar Salvador <osalvador(a)suse.de> Cc: Breno Leitao <leitao(a)debian.org> Cc: Muchun Song <muchun.song(a)linux.dev> Cc: Naoya Horiguchi <nao.horiguchi(a)gmail.com> Cc: Rik van Riel <riel(a)surriel.com> Cc: Roman Gushchin <roman.gushchin(a)linux.dev> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/hugetlb.c b/mm/hugetlb.c index 312ed27b9721..a10d376cb1a8 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c @@ -1398,8 +1398,7 @@ static unsigned long available_huge_pages(struct hstate *h) static struct folio *dequeue_hugetlb_folio_vma(struct hstate *h, struct vm_area_struct *vma, - unsigned long address, int avoid_reserve, - long chg) + unsigned long address, long chg) { struct folio *folio = NULL; struct mempolicy *mpol; @@ -1415,10 +1414,6 @@ static struct folio *dequeue_hugetlb_folio_vma(struct hstate *h, if (!vma_has_reserves(vma, chg) && !available_huge_pages(h)) goto err; - /* If reserves cannot be used, ensure enough pages are in the pool */ - if (avoid_reserve && !available_huge_pages(h)) - goto err; - gfp_mask = htlb_alloc_mask(h); nid = huge_node(vma, address, gfp_mask, &mpol, &nodemask); @@ -1434,7 +1429,7 @@ static struct folio *dequeue_hugetlb_folio_vma(struct hstate *h, folio = dequeue_hugetlb_folio_nodemask(h, gfp_mask, nid, nodemask); - if (folio && !avoid_reserve && vma_has_reserves(vma, chg)) { + if (folio && vma_has_reserves(vma, chg)) { folio_set_hugetlb_restore_reserve(folio); h->resv_huge_pages--; } @@ -3051,17 +3046,6 @@ struct folio *alloc_hugetlb_folio(struct vm_area_struct *vma, gbl_chg = hugepage_subpool_get_pages(spool, 1); if (gbl_chg < 0) goto out_end_reservation; - - /* - * Even though there was no reservation in the region/reserve - * map, there could be reservations associated with the - * subpool that can be used. This would be indicated if the - * return value of hugepage_subpool_get_pages() is zero. - * However, if avoid_reserve is specified we still avoid even - * the subpool reservations. - */ - if (avoid_reserve) - gbl_chg = 1; } /* If this allocation is not consuming a reservation, charge it now. @@ -3084,7 +3068,7 @@ struct folio *alloc_hugetlb_folio(struct vm_area_struct *vma, * from the global free pool (global change). gbl_chg == 0 indicates * a reservation exists for the allocation. */ - folio = dequeue_hugetlb_folio_vma(h, vma, addr, avoid_reserve, gbl_chg); + folio = dequeue_hugetlb_folio_vma(h, vma, addr, gbl_chg); if (!folio) { spin_unlock_irq(&hugetlb_lock); folio = alloc_buddy_hugetlb_folio_with_mpol(h, vma, addr);

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] mm/hugetlb: fix avoid_reserve to allow taking folio from" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 58db7c5fbe7daa42098d4965133a864f98ba90ba # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021023-plank-tribesman-b3f2@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 58db7c5fbe7daa42098d4965133a864f98ba90ba Mon Sep 17 00:00:00 2001 From: Peter Xu <peterx(a)redhat.com> Date: Tue, 7 Jan 2025 15:39:56 -0500 Subject: [PATCH] mm/hugetlb: fix avoid_reserve to allow taking folio from subpool Patch series "mm/hugetlb: Refactor hugetlb allocation resv accounting", v2. This is a follow up on Ackerley's series here as replacement: https://lore.kernel.org/r/cover.1728684491.git.ackerleytng@google.com The goal of this series is to cleanup hugetlb resv accounting, especially during folio allocation, to decouple a few things: - Hugetlb folios v.s. Hugetlbfs: IOW, the hope is in the future hugetlb folios can be allocated completely without hugetlbfs. - Decouple VMA v.s. hugetlb folio allocations: allocating a hugetlb folio should not always require a hugetlbfs VMA. For example, either it got allocated from the inode level (see hugetlbfs_fallocate() where it used a pesudo VMA for allocation), or it can be allocated by other kernel subsystems. It paves way for other users to allocate hugetlb folios out of either system reservations, or subpools (instead of hugetlbfs, as a file system). For longer term, this prepares hugetlb as a separate concept versus hugetlbfs, so that hugetlb folios can be allocated by not only hugetlbfs and other things. Tests I've done: - I had a reproducer in patch 1 for the bug I found, this will start to work after patch 1 or the whole set applied. - Hugetlb regression tests (on x86_64 2MBs), includes: - All vmtests on hugetlbfs - libhugetlbfs test suite (which may fail some tests, but no new failures will be introduced by this series, so all such failures happen before this series so shouldn't be relevant). This patch (of 7): Since commit 04f2cbe35699 ("hugetlb: guarantee that COW faults for a process that called mmap(MAP_PRIVATE) on hugetlbfs will succeed"), avoid_reserve was introduced for a special case of CoW on hugetlb private mappings, and only if the owner VMA is trying to allocate yet another hugetlb folio that is not reserved within the private vma reserved map. Later on, in commit d85f69b0b533 ("mm/hugetlb: alloc_huge_page handle areas hole punched by fallocate"), alloc_huge_page() enforced to not consume any global reservation as long as avoid_reserve=true. This operation doesn't look correct, because even if it will enforce the allocation to not use global reservation at all, it will still try to take one reservation from the spool (if the subpool existed). Then since the spool reserved pages take from global reservation, it'll also take one reservation globally. Logically it can cause global reservation to go wrong. I wrote a reproducer below, trigger this special path, and every run of such program will cause global reservation count to increment by one, until it hits the number of free pages: #define _GNU_SOURCE /* See feature_test_macros(7) */ #include <stdio.h> #include <fcntl.h> #include <errno.h> #include <unistd.h> #include <stdlib.h> #include <sys/mman.h> #define MSIZE (2UL << 20) int main(int argc, char *argv[]) { const char *path; int *buf; int fd, ret; pid_t child; if (argc < 2) { printf("usage: %s <hugetlb_file>\n", argv[0]); return -1; } path = argv[1]; fd = open(path, O_RDWR | O_CREAT, 0666); if (fd < 0) { perror("open failed"); return -1; } ret = fallocate(fd, 0, 0, MSIZE); if (ret != 0) { perror("fallocate"); return -1; } buf = mmap(NULL, MSIZE, PROT_READ|PROT_WRITE, MAP_PRIVATE, fd, 0); if (buf == MAP_FAILED) { perror("mmap() failed"); return -1; } /* Allocate a page */ *buf = 1; child = fork(); if (child == 0) { /* child doesn't need to do anything */ exit(0); } /* Trigger CoW from owner */ *buf = 2; munmap(buf, MSIZE); close(fd); unlink(path); return 0; } It can only reproduce with a sub-mount when there're reserved pages on the spool, like: # sysctl vm.nr_hugepages=128 # mkdir ./hugetlb-pool # mount -t hugetlbfs -o min_size=8M,pagesize=2M none ./hugetlb-pool Then run the reproducer on the mountpoint: # ./reproducer ./hugetlb-pool/test Fix it by taking the reservation from spool if available. In general, avoid_reserve is IMHO more about "avoid vma resv map", not spool's. I copied stable, however I have no intention for backporting if it's not a clean cherry-pick, because private hugetlb mapping, and then fork() on top is too rare to hit. Link: https://lkml.kernel.org/r/20250107204002.2683356-1-peterx@redhat.com Link: https://lkml.kernel.org/r/20250107204002.2683356-2-peterx@redhat.com Fixes: d85f69b0b533 ("mm/hugetlb: alloc_huge_page handle areas hole punched by fallocate") Signed-off-by: Peter Xu <peterx(a)redhat.com> Reviewed-by: Ackerley Tng <ackerleytng(a)google.com> Tested-by: Ackerley Tng <ackerleytng(a)google.com> Reviewed-by: Oscar Salvador <osalvador(a)suse.de> Cc: Breno Leitao <leitao(a)debian.org> Cc: Muchun Song <muchun.song(a)linux.dev> Cc: Naoya Horiguchi <nao.horiguchi(a)gmail.com> Cc: Rik van Riel <riel(a)surriel.com> Cc: Roman Gushchin <roman.gushchin(a)linux.dev> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/hugetlb.c b/mm/hugetlb.c index 312ed27b9721..a10d376cb1a8 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c @@ -1398,8 +1398,7 @@ static unsigned long available_huge_pages(struct hstate *h) static struct folio *dequeue_hugetlb_folio_vma(struct hstate *h, struct vm_area_struct *vma, - unsigned long address, int avoid_reserve, - long chg) + unsigned long address, long chg) { struct folio *folio = NULL; struct mempolicy *mpol; @@ -1415,10 +1414,6 @@ static struct folio *dequeue_hugetlb_folio_vma(struct hstate *h, if (!vma_has_reserves(vma, chg) && !available_huge_pages(h)) goto err; - /* If reserves cannot be used, ensure enough pages are in the pool */ - if (avoid_reserve && !available_huge_pages(h)) - goto err; - gfp_mask = htlb_alloc_mask(h); nid = huge_node(vma, address, gfp_mask, &mpol, &nodemask); @@ -1434,7 +1429,7 @@ static struct folio *dequeue_hugetlb_folio_vma(struct hstate *h, folio = dequeue_hugetlb_folio_nodemask(h, gfp_mask, nid, nodemask); - if (folio && !avoid_reserve && vma_has_reserves(vma, chg)) { + if (folio && vma_has_reserves(vma, chg)) { folio_set_hugetlb_restore_reserve(folio); h->resv_huge_pages--; } @@ -3051,17 +3046,6 @@ struct folio *alloc_hugetlb_folio(struct vm_area_struct *vma, gbl_chg = hugepage_subpool_get_pages(spool, 1); if (gbl_chg < 0) goto out_end_reservation; - - /* - * Even though there was no reservation in the region/reserve - * map, there could be reservations associated with the - * subpool that can be used. This would be indicated if the - * return value of hugepage_subpool_get_pages() is zero. - * However, if avoid_reserve is specified we still avoid even - * the subpool reservations. - */ - if (avoid_reserve) - gbl_chg = 1; } /* If this allocation is not consuming a reservation, charge it now. @@ -3084,7 +3068,7 @@ struct folio *alloc_hugetlb_folio(struct vm_area_struct *vma, * from the global free pool (global change). gbl_chg == 0 indicates * a reservation exists for the allocation. */ - folio = dequeue_hugetlb_folio_vma(h, vma, addr, avoid_reserve, gbl_chg); + folio = dequeue_hugetlb_folio_vma(h, vma, addr, gbl_chg); if (!folio) { spin_unlock_irq(&hugetlb_lock); folio = alloc_buddy_hugetlb_folio_with_mpol(h, vma, addr);

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] mm/hugetlb: fix avoid_reserve to allow taking folio from" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 58db7c5fbe7daa42098d4965133a864f98ba90ba # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021020-copper-visibly-e6a9@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 58db7c5fbe7daa42098d4965133a864f98ba90ba Mon Sep 17 00:00:00 2001 From: Peter Xu <peterx(a)redhat.com> Date: Tue, 7 Jan 2025 15:39:56 -0500 Subject: [PATCH] mm/hugetlb: fix avoid_reserve to allow taking folio from subpool Patch series "mm/hugetlb: Refactor hugetlb allocation resv accounting", v2. This is a follow up on Ackerley's series here as replacement: https://lore.kernel.org/r/cover.1728684491.git.ackerleytng@google.com The goal of this series is to cleanup hugetlb resv accounting, especially during folio allocation, to decouple a few things: - Hugetlb folios v.s. Hugetlbfs: IOW, the hope is in the future hugetlb folios can be allocated completely without hugetlbfs. - Decouple VMA v.s. hugetlb folio allocations: allocating a hugetlb folio should not always require a hugetlbfs VMA. For example, either it got allocated from the inode level (see hugetlbfs_fallocate() where it used a pesudo VMA for allocation), or it can be allocated by other kernel subsystems. It paves way for other users to allocate hugetlb folios out of either system reservations, or subpools (instead of hugetlbfs, as a file system). For longer term, this prepares hugetlb as a separate concept versus hugetlbfs, so that hugetlb folios can be allocated by not only hugetlbfs and other things. Tests I've done: - I had a reproducer in patch 1 for the bug I found, this will start to work after patch 1 or the whole set applied. - Hugetlb regression tests (on x86_64 2MBs), includes: - All vmtests on hugetlbfs - libhugetlbfs test suite (which may fail some tests, but no new failures will be introduced by this series, so all such failures happen before this series so shouldn't be relevant). This patch (of 7): Since commit 04f2cbe35699 ("hugetlb: guarantee that COW faults for a process that called mmap(MAP_PRIVATE) on hugetlbfs will succeed"), avoid_reserve was introduced for a special case of CoW on hugetlb private mappings, and only if the owner VMA is trying to allocate yet another hugetlb folio that is not reserved within the private vma reserved map. Later on, in commit d85f69b0b533 ("mm/hugetlb: alloc_huge_page handle areas hole punched by fallocate"), alloc_huge_page() enforced to not consume any global reservation as long as avoid_reserve=true. This operation doesn't look correct, because even if it will enforce the allocation to not use global reservation at all, it will still try to take one reservation from the spool (if the subpool existed). Then since the spool reserved pages take from global reservation, it'll also take one reservation globally. Logically it can cause global reservation to go wrong. I wrote a reproducer below, trigger this special path, and every run of such program will cause global reservation count to increment by one, until it hits the number of free pages: #define _GNU_SOURCE /* See feature_test_macros(7) */ #include <stdio.h> #include <fcntl.h> #include <errno.h> #include <unistd.h> #include <stdlib.h> #include <sys/mman.h> #define MSIZE (2UL << 20) int main(int argc, char *argv[]) { const char *path; int *buf; int fd, ret; pid_t child; if (argc < 2) { printf("usage: %s <hugetlb_file>\n", argv[0]); return -1; } path = argv[1]; fd = open(path, O_RDWR | O_CREAT, 0666); if (fd < 0) { perror("open failed"); return -1; } ret = fallocate(fd, 0, 0, MSIZE); if (ret != 0) { perror("fallocate"); return -1; } buf = mmap(NULL, MSIZE, PROT_READ|PROT_WRITE, MAP_PRIVATE, fd, 0); if (buf == MAP_FAILED) { perror("mmap() failed"); return -1; } /* Allocate a page */ *buf = 1; child = fork(); if (child == 0) { /* child doesn't need to do anything */ exit(0); } /* Trigger CoW from owner */ *buf = 2; munmap(buf, MSIZE); close(fd); unlink(path); return 0; } It can only reproduce with a sub-mount when there're reserved pages on the spool, like: # sysctl vm.nr_hugepages=128 # mkdir ./hugetlb-pool # mount -t hugetlbfs -o min_size=8M,pagesize=2M none ./hugetlb-pool Then run the reproducer on the mountpoint: # ./reproducer ./hugetlb-pool/test Fix it by taking the reservation from spool if available. In general, avoid_reserve is IMHO more about "avoid vma resv map", not spool's. I copied stable, however I have no intention for backporting if it's not a clean cherry-pick, because private hugetlb mapping, and then fork() on top is too rare to hit. Link: https://lkml.kernel.org/r/20250107204002.2683356-1-peterx@redhat.com Link: https://lkml.kernel.org/r/20250107204002.2683356-2-peterx@redhat.com Fixes: d85f69b0b533 ("mm/hugetlb: alloc_huge_page handle areas hole punched by fallocate") Signed-off-by: Peter Xu <peterx(a)redhat.com> Reviewed-by: Ackerley Tng <ackerleytng(a)google.com> Tested-by: Ackerley Tng <ackerleytng(a)google.com> Reviewed-by: Oscar Salvador <osalvador(a)suse.de> Cc: Breno Leitao <leitao(a)debian.org> Cc: Muchun Song <muchun.song(a)linux.dev> Cc: Naoya Horiguchi <nao.horiguchi(a)gmail.com> Cc: Rik van Riel <riel(a)surriel.com> Cc: Roman Gushchin <roman.gushchin(a)linux.dev> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/hugetlb.c b/mm/hugetlb.c index 312ed27b9721..a10d376cb1a8 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c @@ -1398,8 +1398,7 @@ static unsigned long available_huge_pages(struct hstate *h) static struct folio *dequeue_hugetlb_folio_vma(struct hstate *h, struct vm_area_struct *vma, - unsigned long address, int avoid_reserve, - long chg) + unsigned long address, long chg) { struct folio *folio = NULL; struct mempolicy *mpol; @@ -1415,10 +1414,6 @@ static struct folio *dequeue_hugetlb_folio_vma(struct hstate *h, if (!vma_has_reserves(vma, chg) && !available_huge_pages(h)) goto err; - /* If reserves cannot be used, ensure enough pages are in the pool */ - if (avoid_reserve && !available_huge_pages(h)) - goto err; - gfp_mask = htlb_alloc_mask(h); nid = huge_node(vma, address, gfp_mask, &mpol, &nodemask); @@ -1434,7 +1429,7 @@ static struct folio *dequeue_hugetlb_folio_vma(struct hstate *h, folio = dequeue_hugetlb_folio_nodemask(h, gfp_mask, nid, nodemask); - if (folio && !avoid_reserve && vma_has_reserves(vma, chg)) { + if (folio && vma_has_reserves(vma, chg)) { folio_set_hugetlb_restore_reserve(folio); h->resv_huge_pages--; } @@ -3051,17 +3046,6 @@ struct folio *alloc_hugetlb_folio(struct vm_area_struct *vma, gbl_chg = hugepage_subpool_get_pages(spool, 1); if (gbl_chg < 0) goto out_end_reservation; - - /* - * Even though there was no reservation in the region/reserve - * map, there could be reservations associated with the - * subpool that can be used. This would be indicated if the - * return value of hugepage_subpool_get_pages() is zero. - * However, if avoid_reserve is specified we still avoid even - * the subpool reservations. - */ - if (avoid_reserve) - gbl_chg = 1; } /* If this allocation is not consuming a reservation, charge it now. @@ -3084,7 +3068,7 @@ struct folio *alloc_hugetlb_folio(struct vm_area_struct *vma, * from the global free pool (global change). gbl_chg == 0 indicates * a reservation exists for the allocation. */ - folio = dequeue_hugetlb_folio_vma(h, vma, addr, avoid_reserve, gbl_chg); + folio = dequeue_hugetlb_folio_vma(h, vma, addr, gbl_chg); if (!folio) { spin_unlock_irq(&hugetlb_lock); folio = alloc_buddy_hugetlb_folio_with_mpol(h, vma, addr);

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] kfence: skip __GFP_THISNODE allocations on NUMA systems" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x e64f81946adf68cd75e2207dd9a51668348a4af8 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021058-paramount-dance-41da@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e64f81946adf68cd75e2207dd9a51668348a4af8 Mon Sep 17 00:00:00 2001 From: Marco Elver <elver(a)google.com> Date: Fri, 24 Jan 2025 13:01:38 +0100 Subject: [PATCH] kfence: skip __GFP_THISNODE allocations on NUMA systems On NUMA systems, __GFP_THISNODE indicates that an allocation _must_ be on a particular node, and failure to allocate on the desired node will result in a failed allocation. Skip __GFP_THISNODE allocations if we are running on a NUMA system, since KFENCE can't guarantee which node its pool pages are allocated on. Link: https://lkml.kernel.org/r/20250124120145.410066-1-elver@google.com Fixes: 236e9f153852 ("kfence: skip all GFP_ZONEMASK allocations") Signed-off-by: Marco Elver <elver(a)google.com> Reported-by: Vlastimil Babka <vbabka(a)suse.cz> Acked-by: Vlastimil Babka <vbabka(a)suse.cz> Cc: Christoph Lameter <cl(a)linux.com> Cc: Alexander Potapenko <glider(a)google.com> Cc: Chistoph Lameter <cl(a)linux.com> Cc: Dmitriy Vyukov <dvyukov(a)google.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/kfence/core.c b/mm/kfence/core.c index 67fc321db79b..102048821c22 100644 --- a/mm/kfence/core.c +++ b/mm/kfence/core.c @@ -21,6 +21,7 @@ #include <linux/log2.h> #include <linux/memblock.h> #include <linux/moduleparam.h> +#include <linux/nodemask.h> #include <linux/notifier.h> #include <linux/panic_notifier.h> #include <linux/random.h> @@ -1084,6 +1085,7 @@ void *__kfence_alloc(struct kmem_cache *s, size_t size, gfp_t flags) * properties (e.g. reside in DMAable memory). */ if ((flags & GFP_ZONEMASK) || + ((flags & __GFP_THISNODE) && num_online_nodes() > 1) || (s->flags & (SLAB_CACHE_DMA | SLAB_CACHE_DMA32))) { atomic_long_inc(&counters[KFENCE_COUNTER_SKIP_INCOMPAT]); return NULL;

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] xfs: Add error handling for xfs_reflink_cancel_cow_range" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 26b63bee2f6e711c5a169997fd126fddcfb90848 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021019-constrain-diligent-85b6@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 26b63bee2f6e711c5a169997fd126fddcfb90848 Mon Sep 17 00:00:00 2001 From: Wentao Liang <vulab(a)iscas.ac.cn> Date: Fri, 24 Jan 2025 11:45:09 +0800 Subject: [PATCH] xfs: Add error handling for xfs_reflink_cancel_cow_range In xfs_inactive(), xfs_reflink_cancel_cow_range() is called without error handling, risking unnoticed failures and inconsistent behavior compared to other parts of the code. Fix this issue by adding an error handling for the xfs_reflink_cancel_cow_range(), improving code robustness. Fixes: 6231848c3aa5 ("xfs: check for cow blocks before trying to clear them") Cc: stable(a)vger.kernel.org # v4.17 Reviewed-by: Darrick J. Wong <djwong(a)kernel.org> Signed-off-by: Wentao Liang <vulab(a)iscas.ac.cn> Signed-off-by: Carlos Maiolino <cem(a)kernel.org> diff --git a/fs/xfs/xfs_inode.c b/fs/xfs/xfs_inode.c index c95fe1b1de4e..b1f9f156ec88 100644 --- a/fs/xfs/xfs_inode.c +++ b/fs/xfs/xfs_inode.c @@ -1404,8 +1404,11 @@ xfs_inactive( goto out; /* Try to clean out the cow blocks if there are any. */ - if (xfs_inode_has_cow_data(ip)) - xfs_reflink_cancel_cow_range(ip, 0, NULLFILEOFF, true); + if (xfs_inode_has_cow_data(ip)) { + error = xfs_reflink_cancel_cow_range(ip, 0, NULLFILEOFF, true); + if (error) + goto out; + } if (VFS_I(ip)->i_nlink != 0) { /*

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] xfs: Add error handling for xfs_reflink_cancel_cow_range" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 26b63bee2f6e711c5a169997fd126fddcfb90848 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021014-dedicate-recycled-1738@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 26b63bee2f6e711c5a169997fd126fddcfb90848 Mon Sep 17 00:00:00 2001 From: Wentao Liang <vulab(a)iscas.ac.cn> Date: Fri, 24 Jan 2025 11:45:09 +0800 Subject: [PATCH] xfs: Add error handling for xfs_reflink_cancel_cow_range In xfs_inactive(), xfs_reflink_cancel_cow_range() is called without error handling, risking unnoticed failures and inconsistent behavior compared to other parts of the code. Fix this issue by adding an error handling for the xfs_reflink_cancel_cow_range(), improving code robustness. Fixes: 6231848c3aa5 ("xfs: check for cow blocks before trying to clear them") Cc: stable(a)vger.kernel.org # v4.17 Reviewed-by: Darrick J. Wong <djwong(a)kernel.org> Signed-off-by: Wentao Liang <vulab(a)iscas.ac.cn> Signed-off-by: Carlos Maiolino <cem(a)kernel.org> diff --git a/fs/xfs/xfs_inode.c b/fs/xfs/xfs_inode.c index c95fe1b1de4e..b1f9f156ec88 100644 --- a/fs/xfs/xfs_inode.c +++ b/fs/xfs/xfs_inode.c @@ -1404,8 +1404,11 @@ xfs_inactive( goto out; /* Try to clean out the cow blocks if there are any. */ - if (xfs_inode_has_cow_data(ip)) - xfs_reflink_cancel_cow_range(ip, 0, NULLFILEOFF, true); + if (xfs_inode_has_cow_data(ip)) { + error = xfs_reflink_cancel_cow_range(ip, 0, NULLFILEOFF, true); + if (error) + goto out; + } if (VFS_I(ip)->i_nlink != 0) { /*

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] hrtimers: Force migrate away hrtimers queued after" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 53dac345395c0d2493cbc2f4c85fe38aef5b63f5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021056-sincere-reformist-1cc5@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 53dac345395c0d2493cbc2f4c85fe38aef5b63f5 Mon Sep 17 00:00:00 2001 From: Frederic Weisbecker <frederic(a)kernel.org> Date: Sat, 18 Jan 2025 00:24:33 +0100 Subject: [PATCH] hrtimers: Force migrate away hrtimers queued after CPUHP_AP_HRTIMERS_DYING hrtimers are migrated away from the dying CPU to any online target at the CPUHP_AP_HRTIMERS_DYING stage in order not to delay bandwidth timers handling tasks involved in the CPU hotplug forward progress. However wakeups can still be performed by the outgoing CPU after CPUHP_AP_HRTIMERS_DYING. Those can result again in bandwidth timers being armed. Depending on several considerations (crystal ball power management based election, earliest timer already enqueued, timer migration enabled or not), the target may eventually be the current CPU even if offline. If that happens, the timer is eventually ignored. The most notable example is RCU which had to deal with each and every of those wake-ups by deferring them to an online CPU, along with related workarounds: _ e787644caf76 (rcu: Defer RCU kthreads wakeup when CPU is dying) _ 9139f93209d1 (rcu/nocb: Fix RT throttling hrtimer armed from offline CPU) _ f7345ccc62a4 (rcu/nocb: Fix rcuog wake-up from offline softirq) The problem isn't confined to RCU though as the stop machine kthread (which runs CPUHP_AP_HRTIMERS_DYING) reports its completion at the end of its work through cpu_stop_signal_done() and performs a wake up that eventually arms the deadline server timer: WARNING: CPU: 94 PID: 588 at kernel/time/hrtimer.c:1086 hrtimer_start_range_ns+0x289/0x2d0 CPU: 94 UID: 0 PID: 588 Comm: migration/94 Not tainted Stopper: multi_cpu_stop+0x0/0x120 <- stop_machine_cpuslocked+0x66/0xc0 RIP: 0010:hrtimer_start_range_ns+0x289/0x2d0 Call Trace: <TASK> start_dl_timer enqueue_dl_entity dl_server_start enqueue_task_fair enqueue_task ttwu_do_activate try_to_wake_up complete cpu_stopper_thread Instead of providing yet another bandaid to work around the situation, fix it in the hrtimers infrastructure instead: always migrate away a timer to an online target whenever it is enqueued from an offline CPU. This will also allow to revert all the above RCU disgraceful hacks. Fixes: 5c0930ccaad5 ("hrtimers: Push pending hrtimers away from outgoing CPU earlier") Reported-by: Vlad Poenaru <vlad.wing(a)gmail.com> Reported-by: Usama Arif <usamaarif642(a)gmail.com> Signed-off-by: Frederic Weisbecker <frederic(a)kernel.org> Signed-off-by: Paul E. McKenney <paulmck(a)kernel.org> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: stable(a)vger.kernel.org Tested-by: Paul E. McKenney <paulmck(a)kernel.org> Link: https://lore.kernel.org/all/20250117232433.24027-1-frederic@kernel.org Closes: 20241213203739.1519801-1-usamaarif642(a)gmail.com diff --git a/include/linux/hrtimer_defs.h b/include/linux/hrtimer_defs.h index c3b4b7ed7c16..84a5045f80f3 100644 --- a/include/linux/hrtimer_defs.h +++ b/include/linux/hrtimer_defs.h @@ -125,6 +125,7 @@ struct hrtimer_cpu_base { ktime_t softirq_expires_next; struct hrtimer *softirq_next_timer; struct hrtimer_clock_base clock_base[HRTIMER_MAX_CLOCK_BASES]; + call_single_data_t csd; } ____cacheline_aligned; diff --git a/kernel/time/hrtimer.c b/kernel/time/hrtimer.c index 4fb81f8c6f1c..deb1aa32814e 100644 --- a/kernel/time/hrtimer.c +++ b/kernel/time/hrtimer.c @@ -58,6 +58,8 @@ #define HRTIMER_ACTIVE_SOFT (HRTIMER_ACTIVE_HARD << MASK_SHIFT) #define HRTIMER_ACTIVE_ALL (HRTIMER_ACTIVE_SOFT | HRTIMER_ACTIVE_HARD) +static void retrigger_next_event(void *arg); + /* * The timer bases: * @@ -111,7 +113,8 @@ DEFINE_PER_CPU(struct hrtimer_cpu_base, hrtimer_bases) = .clockid = CLOCK_TAI, .get_time = &ktime_get_clocktai, }, - } + }, + .csd = CSD_INIT(retrigger_next_event, NULL) }; static const int hrtimer_clock_to_base_table[MAX_CLOCKS] = { @@ -124,6 +127,14 @@ static const int hrtimer_clock_to_base_table[MAX_CLOCKS] = { [CLOCK_TAI] = HRTIMER_BASE_TAI, }; +static inline bool hrtimer_base_is_online(struct hrtimer_cpu_base *base) +{ + if (!IS_ENABLED(CONFIG_HOTPLUG_CPU)) + return true; + else + return likely(base->online); +} + /* * Functions and macros which are different for UP/SMP systems are kept in a * single place @@ -178,27 +189,54 @@ struct hrtimer_clock_base *lock_hrtimer_base(const struct hrtimer *timer, } /* - * We do not migrate the timer when it is expiring before the next - * event on the target cpu. When high resolution is enabled, we cannot - * reprogram the target cpu hardware and we would cause it to fire - * late. To keep it simple, we handle the high resolution enabled and - * disabled case similar. + * Check if the elected target is suitable considering its next + * event and the hotplug state of the current CPU. + * + * If the elected target is remote and its next event is after the timer + * to queue, then a remote reprogram is necessary. However there is no + * guarantee the IPI handling the operation would arrive in time to meet + * the high resolution deadline. In this case the local CPU becomes a + * preferred target, unless it is offline. + * + * High and low resolution modes are handled the same way for simplicity. * * Called with cpu_base->lock of target cpu held. */ -static int -hrtimer_check_target(struct hrtimer *timer, struct hrtimer_clock_base *new_base) +static bool hrtimer_suitable_target(struct hrtimer *timer, struct hrtimer_clock_base *new_base, + struct hrtimer_cpu_base *new_cpu_base, + struct hrtimer_cpu_base *this_cpu_base) { ktime_t expires; + /* + * The local CPU clockevent can be reprogrammed. Also get_target_base() + * guarantees it is online. + */ + if (new_cpu_base == this_cpu_base) + return true; + + /* + * The offline local CPU can't be the default target if the + * next remote target event is after this timer. Keep the + * elected new base. An IPI will we issued to reprogram + * it as a last resort. + */ + if (!hrtimer_base_is_online(this_cpu_base)) + return true; + expires = ktime_sub(hrtimer_get_expires(timer), new_base->offset); - return expires < new_base->cpu_base->expires_next; + + return expires >= new_base->cpu_base->expires_next; } -static inline -struct hrtimer_cpu_base *get_target_base(struct hrtimer_cpu_base *base, - int pinned) +static inline struct hrtimer_cpu_base *get_target_base(struct hrtimer_cpu_base *base, int pinned) { + if (!hrtimer_base_is_online(base)) { + int cpu = cpumask_any_and(cpu_online_mask, housekeeping_cpumask(HK_TYPE_TIMER)); + + return &per_cpu(hrtimer_bases, cpu); + } + #if defined(CONFIG_SMP) && defined(CONFIG_NO_HZ_COMMON) if (static_branch_likely(&timers_migration_enabled) && !pinned) return &per_cpu(hrtimer_bases, get_nohz_timer_target()); @@ -249,8 +287,8 @@ switch_hrtimer_base(struct hrtimer *timer, struct hrtimer_clock_base *base, raw_spin_unlock(&base->cpu_base->lock); raw_spin_lock(&new_base->cpu_base->lock); - if (new_cpu_base != this_cpu_base && - hrtimer_check_target(timer, new_base)) { + if (!hrtimer_suitable_target(timer, new_base, new_cpu_base, + this_cpu_base)) { raw_spin_unlock(&new_base->cpu_base->lock); raw_spin_lock(&base->cpu_base->lock); new_cpu_base = this_cpu_base; @@ -259,8 +297,7 @@ switch_hrtimer_base(struct hrtimer *timer, struct hrtimer_clock_base *base, } WRITE_ONCE(timer->base, new_base); } else { - if (new_cpu_base != this_cpu_base && - hrtimer_check_target(timer, new_base)) { + if (!hrtimer_suitable_target(timer, new_base, new_cpu_base, this_cpu_base)) { new_cpu_base = this_cpu_base; goto again; } @@ -706,8 +743,6 @@ static inline int hrtimer_is_hres_enabled(void) return hrtimer_hres_enabled; } -static void retrigger_next_event(void *arg); - /* * Switch to high resolution mode */ @@ -1195,6 +1230,7 @@ static int __hrtimer_start_range_ns(struct hrtimer *timer, ktime_t tim, u64 delta_ns, const enum hrtimer_mode mode, struct hrtimer_clock_base *base) { + struct hrtimer_cpu_base *this_cpu_base = this_cpu_ptr(&hrtimer_bases); struct hrtimer_clock_base *new_base; bool force_local, first; @@ -1206,9 +1242,15 @@ static int __hrtimer_start_range_ns(struct hrtimer *timer, ktime_t tim, * and enforce reprogramming after it is queued no matter whether * it is the new first expiring timer again or not. */ - force_local = base->cpu_base == this_cpu_ptr(&hrtimer_bases); + force_local = base->cpu_base == this_cpu_base; force_local &= base->cpu_base->next_timer == timer; + /* + * Don't force local queuing if this enqueue happens on a unplugged + * CPU after hrtimer_cpu_dying() has been invoked. + */ + force_local &= this_cpu_base->online; + /* * Remove an active timer from the queue. In case it is not queued * on the current CPU, make sure that remove_hrtimer() updates the @@ -1238,8 +1280,27 @@ static int __hrtimer_start_range_ns(struct hrtimer *timer, ktime_t tim, } first = enqueue_hrtimer(timer, new_base, mode); - if (!force_local) - return first; + if (!force_local) { + /* + * If the current CPU base is online, then the timer is + * never queued on a remote CPU if it would be the first + * expiring timer there. + */ + if (hrtimer_base_is_online(this_cpu_base)) + return first; + + /* + * Timer was enqueued remote because the current base is + * already offline. If the timer is the first to expire, + * kick the remote CPU to reprogram the clock event. + */ + if (first) { + struct hrtimer_cpu_base *new_cpu_base = new_base->cpu_base; + + smp_call_function_single_async(new_cpu_base->cpu, &new_cpu_base->csd); + } + return 0; + } /* * Timer was forced to stay on the current CPU to avoid

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] hrtimers: Force migrate away hrtimers queued after" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 53dac345395c0d2493cbc2f4c85fe38aef5b63f5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021055-chimp-kinswoman-da90@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 53dac345395c0d2493cbc2f4c85fe38aef5b63f5 Mon Sep 17 00:00:00 2001 From: Frederic Weisbecker <frederic(a)kernel.org> Date: Sat, 18 Jan 2025 00:24:33 +0100 Subject: [PATCH] hrtimers: Force migrate away hrtimers queued after CPUHP_AP_HRTIMERS_DYING hrtimers are migrated away from the dying CPU to any online target at the CPUHP_AP_HRTIMERS_DYING stage in order not to delay bandwidth timers handling tasks involved in the CPU hotplug forward progress. However wakeups can still be performed by the outgoing CPU after CPUHP_AP_HRTIMERS_DYING. Those can result again in bandwidth timers being armed. Depending on several considerations (crystal ball power management based election, earliest timer already enqueued, timer migration enabled or not), the target may eventually be the current CPU even if offline. If that happens, the timer is eventually ignored. The most notable example is RCU which had to deal with each and every of those wake-ups by deferring them to an online CPU, along with related workarounds: _ e787644caf76 (rcu: Defer RCU kthreads wakeup when CPU is dying) _ 9139f93209d1 (rcu/nocb: Fix RT throttling hrtimer armed from offline CPU) _ f7345ccc62a4 (rcu/nocb: Fix rcuog wake-up from offline softirq) The problem isn't confined to RCU though as the stop machine kthread (which runs CPUHP_AP_HRTIMERS_DYING) reports its completion at the end of its work through cpu_stop_signal_done() and performs a wake up that eventually arms the deadline server timer: WARNING: CPU: 94 PID: 588 at kernel/time/hrtimer.c:1086 hrtimer_start_range_ns+0x289/0x2d0 CPU: 94 UID: 0 PID: 588 Comm: migration/94 Not tainted Stopper: multi_cpu_stop+0x0/0x120 <- stop_machine_cpuslocked+0x66/0xc0 RIP: 0010:hrtimer_start_range_ns+0x289/0x2d0 Call Trace: <TASK> start_dl_timer enqueue_dl_entity dl_server_start enqueue_task_fair enqueue_task ttwu_do_activate try_to_wake_up complete cpu_stopper_thread Instead of providing yet another bandaid to work around the situation, fix it in the hrtimers infrastructure instead: always migrate away a timer to an online target whenever it is enqueued from an offline CPU. This will also allow to revert all the above RCU disgraceful hacks. Fixes: 5c0930ccaad5 ("hrtimers: Push pending hrtimers away from outgoing CPU earlier") Reported-by: Vlad Poenaru <vlad.wing(a)gmail.com> Reported-by: Usama Arif <usamaarif642(a)gmail.com> Signed-off-by: Frederic Weisbecker <frederic(a)kernel.org> Signed-off-by: Paul E. McKenney <paulmck(a)kernel.org> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: stable(a)vger.kernel.org Tested-by: Paul E. McKenney <paulmck(a)kernel.org> Link: https://lore.kernel.org/all/20250117232433.24027-1-frederic@kernel.org Closes: 20241213203739.1519801-1-usamaarif642(a)gmail.com diff --git a/include/linux/hrtimer_defs.h b/include/linux/hrtimer_defs.h index c3b4b7ed7c16..84a5045f80f3 100644 --- a/include/linux/hrtimer_defs.h +++ b/include/linux/hrtimer_defs.h @@ -125,6 +125,7 @@ struct hrtimer_cpu_base { ktime_t softirq_expires_next; struct hrtimer *softirq_next_timer; struct hrtimer_clock_base clock_base[HRTIMER_MAX_CLOCK_BASES]; + call_single_data_t csd; } ____cacheline_aligned; diff --git a/kernel/time/hrtimer.c b/kernel/time/hrtimer.c index 4fb81f8c6f1c..deb1aa32814e 100644 --- a/kernel/time/hrtimer.c +++ b/kernel/time/hrtimer.c @@ -58,6 +58,8 @@ #define HRTIMER_ACTIVE_SOFT (HRTIMER_ACTIVE_HARD << MASK_SHIFT) #define HRTIMER_ACTIVE_ALL (HRTIMER_ACTIVE_SOFT | HRTIMER_ACTIVE_HARD) +static void retrigger_next_event(void *arg); + /* * The timer bases: * @@ -111,7 +113,8 @@ DEFINE_PER_CPU(struct hrtimer_cpu_base, hrtimer_bases) = .clockid = CLOCK_TAI, .get_time = &ktime_get_clocktai, }, - } + }, + .csd = CSD_INIT(retrigger_next_event, NULL) }; static const int hrtimer_clock_to_base_table[MAX_CLOCKS] = { @@ -124,6 +127,14 @@ static const int hrtimer_clock_to_base_table[MAX_CLOCKS] = { [CLOCK_TAI] = HRTIMER_BASE_TAI, }; +static inline bool hrtimer_base_is_online(struct hrtimer_cpu_base *base) +{ + if (!IS_ENABLED(CONFIG_HOTPLUG_CPU)) + return true; + else + return likely(base->online); +} + /* * Functions and macros which are different for UP/SMP systems are kept in a * single place @@ -178,27 +189,54 @@ struct hrtimer_clock_base *lock_hrtimer_base(const struct hrtimer *timer, } /* - * We do not migrate the timer when it is expiring before the next - * event on the target cpu. When high resolution is enabled, we cannot - * reprogram the target cpu hardware and we would cause it to fire - * late. To keep it simple, we handle the high resolution enabled and - * disabled case similar. + * Check if the elected target is suitable considering its next + * event and the hotplug state of the current CPU. + * + * If the elected target is remote and its next event is after the timer + * to queue, then a remote reprogram is necessary. However there is no + * guarantee the IPI handling the operation would arrive in time to meet + * the high resolution deadline. In this case the local CPU becomes a + * preferred target, unless it is offline. + * + * High and low resolution modes are handled the same way for simplicity. * * Called with cpu_base->lock of target cpu held. */ -static int -hrtimer_check_target(struct hrtimer *timer, struct hrtimer_clock_base *new_base) +static bool hrtimer_suitable_target(struct hrtimer *timer, struct hrtimer_clock_base *new_base, + struct hrtimer_cpu_base *new_cpu_base, + struct hrtimer_cpu_base *this_cpu_base) { ktime_t expires; + /* + * The local CPU clockevent can be reprogrammed. Also get_target_base() + * guarantees it is online. + */ + if (new_cpu_base == this_cpu_base) + return true; + + /* + * The offline local CPU can't be the default target if the + * next remote target event is after this timer. Keep the + * elected new base. An IPI will we issued to reprogram + * it as a last resort. + */ + if (!hrtimer_base_is_online(this_cpu_base)) + return true; + expires = ktime_sub(hrtimer_get_expires(timer), new_base->offset); - return expires < new_base->cpu_base->expires_next; + + return expires >= new_base->cpu_base->expires_next; } -static inline -struct hrtimer_cpu_base *get_target_base(struct hrtimer_cpu_base *base, - int pinned) +static inline struct hrtimer_cpu_base *get_target_base(struct hrtimer_cpu_base *base, int pinned) { + if (!hrtimer_base_is_online(base)) { + int cpu = cpumask_any_and(cpu_online_mask, housekeeping_cpumask(HK_TYPE_TIMER)); + + return &per_cpu(hrtimer_bases, cpu); + } + #if defined(CONFIG_SMP) && defined(CONFIG_NO_HZ_COMMON) if (static_branch_likely(&timers_migration_enabled) && !pinned) return &per_cpu(hrtimer_bases, get_nohz_timer_target()); @@ -249,8 +287,8 @@ switch_hrtimer_base(struct hrtimer *timer, struct hrtimer_clock_base *base, raw_spin_unlock(&base->cpu_base->lock); raw_spin_lock(&new_base->cpu_base->lock); - if (new_cpu_base != this_cpu_base && - hrtimer_check_target(timer, new_base)) { + if (!hrtimer_suitable_target(timer, new_base, new_cpu_base, + this_cpu_base)) { raw_spin_unlock(&new_base->cpu_base->lock); raw_spin_lock(&base->cpu_base->lock); new_cpu_base = this_cpu_base; @@ -259,8 +297,7 @@ switch_hrtimer_base(struct hrtimer *timer, struct hrtimer_clock_base *base, } WRITE_ONCE(timer->base, new_base); } else { - if (new_cpu_base != this_cpu_base && - hrtimer_check_target(timer, new_base)) { + if (!hrtimer_suitable_target(timer, new_base, new_cpu_base, this_cpu_base)) { new_cpu_base = this_cpu_base; goto again; } @@ -706,8 +743,6 @@ static inline int hrtimer_is_hres_enabled(void) return hrtimer_hres_enabled; } -static void retrigger_next_event(void *arg); - /* * Switch to high resolution mode */ @@ -1195,6 +1230,7 @@ static int __hrtimer_start_range_ns(struct hrtimer *timer, ktime_t tim, u64 delta_ns, const enum hrtimer_mode mode, struct hrtimer_clock_base *base) { + struct hrtimer_cpu_base *this_cpu_base = this_cpu_ptr(&hrtimer_bases); struct hrtimer_clock_base *new_base; bool force_local, first; @@ -1206,9 +1242,15 @@ static int __hrtimer_start_range_ns(struct hrtimer *timer, ktime_t tim, * and enforce reprogramming after it is queued no matter whether * it is the new first expiring timer again or not. */ - force_local = base->cpu_base == this_cpu_ptr(&hrtimer_bases); + force_local = base->cpu_base == this_cpu_base; force_local &= base->cpu_base->next_timer == timer; + /* + * Don't force local queuing if this enqueue happens on a unplugged + * CPU after hrtimer_cpu_dying() has been invoked. + */ + force_local &= this_cpu_base->online; + /* * Remove an active timer from the queue. In case it is not queued * on the current CPU, make sure that remove_hrtimer() updates the @@ -1238,8 +1280,27 @@ static int __hrtimer_start_range_ns(struct hrtimer *timer, ktime_t tim, } first = enqueue_hrtimer(timer, new_base, mode); - if (!force_local) - return first; + if (!force_local) { + /* + * If the current CPU base is online, then the timer is + * never queued on a remote CPU if it would be the first + * expiring timer there. + */ + if (hrtimer_base_is_online(this_cpu_base)) + return first; + + /* + * Timer was enqueued remote because the current base is + * already offline. If the timer is the first to expire, + * kick the remote CPU to reprogram the clock event. + */ + if (first) { + struct hrtimer_cpu_base *new_cpu_base = new_base->cpu_base; + + smp_call_function_single_async(new_cpu_base->cpu, &new_cpu_base->csd); + } + return 0; + } /* * Timer was forced to stay on the current CPU to avoid

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] hrtimers: Force migrate away hrtimers queued after" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 53dac345395c0d2493cbc2f4c85fe38aef5b63f5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021054-crushing-bluff-d330@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 53dac345395c0d2493cbc2f4c85fe38aef5b63f5 Mon Sep 17 00:00:00 2001 From: Frederic Weisbecker <frederic(a)kernel.org> Date: Sat, 18 Jan 2025 00:24:33 +0100 Subject: [PATCH] hrtimers: Force migrate away hrtimers queued after CPUHP_AP_HRTIMERS_DYING hrtimers are migrated away from the dying CPU to any online target at the CPUHP_AP_HRTIMERS_DYING stage in order not to delay bandwidth timers handling tasks involved in the CPU hotplug forward progress. However wakeups can still be performed by the outgoing CPU after CPUHP_AP_HRTIMERS_DYING. Those can result again in bandwidth timers being armed. Depending on several considerations (crystal ball power management based election, earliest timer already enqueued, timer migration enabled or not), the target may eventually be the current CPU even if offline. If that happens, the timer is eventually ignored. The most notable example is RCU which had to deal with each and every of those wake-ups by deferring them to an online CPU, along with related workarounds: _ e787644caf76 (rcu: Defer RCU kthreads wakeup when CPU is dying) _ 9139f93209d1 (rcu/nocb: Fix RT throttling hrtimer armed from offline CPU) _ f7345ccc62a4 (rcu/nocb: Fix rcuog wake-up from offline softirq) The problem isn't confined to RCU though as the stop machine kthread (which runs CPUHP_AP_HRTIMERS_DYING) reports its completion at the end of its work through cpu_stop_signal_done() and performs a wake up that eventually arms the deadline server timer: WARNING: CPU: 94 PID: 588 at kernel/time/hrtimer.c:1086 hrtimer_start_range_ns+0x289/0x2d0 CPU: 94 UID: 0 PID: 588 Comm: migration/94 Not tainted Stopper: multi_cpu_stop+0x0/0x120 <- stop_machine_cpuslocked+0x66/0xc0 RIP: 0010:hrtimer_start_range_ns+0x289/0x2d0 Call Trace: <TASK> start_dl_timer enqueue_dl_entity dl_server_start enqueue_task_fair enqueue_task ttwu_do_activate try_to_wake_up complete cpu_stopper_thread Instead of providing yet another bandaid to work around the situation, fix it in the hrtimers infrastructure instead: always migrate away a timer to an online target whenever it is enqueued from an offline CPU. This will also allow to revert all the above RCU disgraceful hacks. Fixes: 5c0930ccaad5 ("hrtimers: Push pending hrtimers away from outgoing CPU earlier") Reported-by: Vlad Poenaru <vlad.wing(a)gmail.com> Reported-by: Usama Arif <usamaarif642(a)gmail.com> Signed-off-by: Frederic Weisbecker <frederic(a)kernel.org> Signed-off-by: Paul E. McKenney <paulmck(a)kernel.org> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: stable(a)vger.kernel.org Tested-by: Paul E. McKenney <paulmck(a)kernel.org> Link: https://lore.kernel.org/all/20250117232433.24027-1-frederic@kernel.org Closes: 20241213203739.1519801-1-usamaarif642(a)gmail.com diff --git a/include/linux/hrtimer_defs.h b/include/linux/hrtimer_defs.h index c3b4b7ed7c16..84a5045f80f3 100644 --- a/include/linux/hrtimer_defs.h +++ b/include/linux/hrtimer_defs.h @@ -125,6 +125,7 @@ struct hrtimer_cpu_base { ktime_t softirq_expires_next; struct hrtimer *softirq_next_timer; struct hrtimer_clock_base clock_base[HRTIMER_MAX_CLOCK_BASES]; + call_single_data_t csd; } ____cacheline_aligned; diff --git a/kernel/time/hrtimer.c b/kernel/time/hrtimer.c index 4fb81f8c6f1c..deb1aa32814e 100644 --- a/kernel/time/hrtimer.c +++ b/kernel/time/hrtimer.c @@ -58,6 +58,8 @@ #define HRTIMER_ACTIVE_SOFT (HRTIMER_ACTIVE_HARD << MASK_SHIFT) #define HRTIMER_ACTIVE_ALL (HRTIMER_ACTIVE_SOFT | HRTIMER_ACTIVE_HARD) +static void retrigger_next_event(void *arg); + /* * The timer bases: * @@ -111,7 +113,8 @@ DEFINE_PER_CPU(struct hrtimer_cpu_base, hrtimer_bases) = .clockid = CLOCK_TAI, .get_time = &ktime_get_clocktai, }, - } + }, + .csd = CSD_INIT(retrigger_next_event, NULL) }; static const int hrtimer_clock_to_base_table[MAX_CLOCKS] = { @@ -124,6 +127,14 @@ static const int hrtimer_clock_to_base_table[MAX_CLOCKS] = { [CLOCK_TAI] = HRTIMER_BASE_TAI, }; +static inline bool hrtimer_base_is_online(struct hrtimer_cpu_base *base) +{ + if (!IS_ENABLED(CONFIG_HOTPLUG_CPU)) + return true; + else + return likely(base->online); +} + /* * Functions and macros which are different for UP/SMP systems are kept in a * single place @@ -178,27 +189,54 @@ struct hrtimer_clock_base *lock_hrtimer_base(const struct hrtimer *timer, } /* - * We do not migrate the timer when it is expiring before the next - * event on the target cpu. When high resolution is enabled, we cannot - * reprogram the target cpu hardware and we would cause it to fire - * late. To keep it simple, we handle the high resolution enabled and - * disabled case similar. + * Check if the elected target is suitable considering its next + * event and the hotplug state of the current CPU. + * + * If the elected target is remote and its next event is after the timer + * to queue, then a remote reprogram is necessary. However there is no + * guarantee the IPI handling the operation would arrive in time to meet + * the high resolution deadline. In this case the local CPU becomes a + * preferred target, unless it is offline. + * + * High and low resolution modes are handled the same way for simplicity. * * Called with cpu_base->lock of target cpu held. */ -static int -hrtimer_check_target(struct hrtimer *timer, struct hrtimer_clock_base *new_base) +static bool hrtimer_suitable_target(struct hrtimer *timer, struct hrtimer_clock_base *new_base, + struct hrtimer_cpu_base *new_cpu_base, + struct hrtimer_cpu_base *this_cpu_base) { ktime_t expires; + /* + * The local CPU clockevent can be reprogrammed. Also get_target_base() + * guarantees it is online. + */ + if (new_cpu_base == this_cpu_base) + return true; + + /* + * The offline local CPU can't be the default target if the + * next remote target event is after this timer. Keep the + * elected new base. An IPI will we issued to reprogram + * it as a last resort. + */ + if (!hrtimer_base_is_online(this_cpu_base)) + return true; + expires = ktime_sub(hrtimer_get_expires(timer), new_base->offset); - return expires < new_base->cpu_base->expires_next; + + return expires >= new_base->cpu_base->expires_next; } -static inline -struct hrtimer_cpu_base *get_target_base(struct hrtimer_cpu_base *base, - int pinned) +static inline struct hrtimer_cpu_base *get_target_base(struct hrtimer_cpu_base *base, int pinned) { + if (!hrtimer_base_is_online(base)) { + int cpu = cpumask_any_and(cpu_online_mask, housekeeping_cpumask(HK_TYPE_TIMER)); + + return &per_cpu(hrtimer_bases, cpu); + } + #if defined(CONFIG_SMP) && defined(CONFIG_NO_HZ_COMMON) if (static_branch_likely(&timers_migration_enabled) && !pinned) return &per_cpu(hrtimer_bases, get_nohz_timer_target()); @@ -249,8 +287,8 @@ switch_hrtimer_base(struct hrtimer *timer, struct hrtimer_clock_base *base, raw_spin_unlock(&base->cpu_base->lock); raw_spin_lock(&new_base->cpu_base->lock); - if (new_cpu_base != this_cpu_base && - hrtimer_check_target(timer, new_base)) { + if (!hrtimer_suitable_target(timer, new_base, new_cpu_base, + this_cpu_base)) { raw_spin_unlock(&new_base->cpu_base->lock); raw_spin_lock(&base->cpu_base->lock); new_cpu_base = this_cpu_base; @@ -259,8 +297,7 @@ switch_hrtimer_base(struct hrtimer *timer, struct hrtimer_clock_base *base, } WRITE_ONCE(timer->base, new_base); } else { - if (new_cpu_base != this_cpu_base && - hrtimer_check_target(timer, new_base)) { + if (!hrtimer_suitable_target(timer, new_base, new_cpu_base, this_cpu_base)) { new_cpu_base = this_cpu_base; goto again; } @@ -706,8 +743,6 @@ static inline int hrtimer_is_hres_enabled(void) return hrtimer_hres_enabled; } -static void retrigger_next_event(void *arg); - /* * Switch to high resolution mode */ @@ -1195,6 +1230,7 @@ static int __hrtimer_start_range_ns(struct hrtimer *timer, ktime_t tim, u64 delta_ns, const enum hrtimer_mode mode, struct hrtimer_clock_base *base) { + struct hrtimer_cpu_base *this_cpu_base = this_cpu_ptr(&hrtimer_bases); struct hrtimer_clock_base *new_base; bool force_local, first; @@ -1206,9 +1242,15 @@ static int __hrtimer_start_range_ns(struct hrtimer *timer, ktime_t tim, * and enforce reprogramming after it is queued no matter whether * it is the new first expiring timer again or not. */ - force_local = base->cpu_base == this_cpu_ptr(&hrtimer_bases); + force_local = base->cpu_base == this_cpu_base; force_local &= base->cpu_base->next_timer == timer; + /* + * Don't force local queuing if this enqueue happens on a unplugged + * CPU after hrtimer_cpu_dying() has been invoked. + */ + force_local &= this_cpu_base->online; + /* * Remove an active timer from the queue. In case it is not queued * on the current CPU, make sure that remove_hrtimer() updates the @@ -1238,8 +1280,27 @@ static int __hrtimer_start_range_ns(struct hrtimer *timer, ktime_t tim, } first = enqueue_hrtimer(timer, new_base, mode); - if (!force_local) - return first; + if (!force_local) { + /* + * If the current CPU base is online, then the timer is + * never queued on a remote CPU if it would be the first + * expiring timer there. + */ + if (hrtimer_base_is_online(this_cpu_base)) + return first; + + /* + * Timer was enqueued remote because the current base is + * already offline. If the timer is the first to expire, + * kick the remote CPU to reprogram the clock event. + */ + if (first) { + struct hrtimer_cpu_base *new_cpu_base = new_base->cpu_base; + + smp_call_function_single_async(new_cpu_base->cpu, &new_cpu_base->csd); + } + return 0; + } /* * Timer was forced to stay on the current CPU to avoid

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] tpm: Change to kvalloc() in eventlog/acpi.c" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x a3a860bc0fd6c07332e4911cf9a238d20de90173 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021026-scribing-driven-fe23@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a3a860bc0fd6c07332e4911cf9a238d20de90173 Mon Sep 17 00:00:00 2001 From: Jarkko Sakkinen <jarkko(a)kernel.org> Date: Fri, 27 Dec 2024 17:39:09 +0200 Subject: [PATCH] tpm: Change to kvalloc() in eventlog/acpi.c The following failure was reported on HPE ProLiant D320: [ 10.693310][ T1] tpm_tis STM0925:00: 2.0 TPM (device-id 0x3, rev-id 0) [ 10.848132][ T1] ------------[ cut here ]------------ [ 10.853559][ T1] WARNING: CPU: 59 PID: 1 at mm/page_alloc.c:4727 __alloc_pages_noprof+0x2ca/0x330 [ 10.862827][ T1] Modules linked in: [ 10.866671][ T1] CPU: 59 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.12.0-lp155.2.g52785e2-default #1 openSUSE Tumbleweed (unreleased) 588cd98293a7c9eba9013378d807364c088c9375 [ 10.882741][ T1] Hardware name: HPE ProLiant DL320 Gen12/ProLiant DL320 Gen12, BIOS 1.20 10/28/2024 [ 10.892170][ T1] RIP: 0010:__alloc_pages_noprof+0x2ca/0x330 [ 10.898103][ T1] Code: 24 08 e9 4a fe ff ff e8 34 36 fa ff e9 88 fe ff ff 83 fe 0a 0f 86 b3 fd ff ff 80 3d 01 e7 ce 01 00 75 09 c6 05 f8 e6 ce 01 01 <0f> 0b 45 31 ff e9 e5 fe ff ff f7 c2 00 00 08 00 75 42 89 d9 80 e1 [ 10.917750][ T1] RSP: 0000:ffffb7cf40077980 EFLAGS: 00010246 [ 10.923777][ T1] RAX: 0000000000000000 RBX: 0000000000040cc0 RCX: 0000000000000000 [ 10.931727][ T1] RDX: 0000000000000000 RSI: 000000000000000c RDI: 0000000000040cc0 The above transcript shows that ACPI pointed a 16 MiB buffer for the log events because RSI maps to the 'order' parameter of __alloc_pages_noprof(). Address the bug by moving from devm_kmalloc() to devm_add_action() and kvmalloc() and devm_add_action(). Suggested-by: Ard Biesheuvel <ardb(a)kernel.org> Cc: stable(a)vger.kernel.org # v2.6.16+ Fixes: 55a82ab3181b ("[PATCH] tpm: add bios measurement log") Reported-by: Andy Liang <andy.liang(a)hpe.com> Closes: https://bugzilla.kernel.org/show_bug.cgi?id=219495 Reviewed-by: Ard Biesheuvel <ardb(a)kernel.org> Reviewed-by: Stefan Berger <stefanb(a)linux.ibm.com> Reviewed-by: Takashi Iwai <tiwai(a)suse.de> Tested-by: Andy Liang <andy.liang(a)hpe.com> Signed-off-by: Jarkko Sakkinen <jarkko(a)kernel.org> diff --git a/drivers/char/tpm/eventlog/acpi.c b/drivers/char/tpm/eventlog/acpi.c index 69533d0bfb51..cf02ec646f46 100644 --- a/drivers/char/tpm/eventlog/acpi.c +++ b/drivers/char/tpm/eventlog/acpi.c @@ -63,6 +63,11 @@ static bool tpm_is_tpm2_log(void *bios_event_log, u64 len) return n == 0; } +static void tpm_bios_log_free(void *data) +{ + kvfree(data); +} + /* read binary bios log */ int tpm_read_log_acpi(struct tpm_chip *chip) { @@ -136,7 +141,7 @@ int tpm_read_log_acpi(struct tpm_chip *chip) } /* malloc EventLog space */ - log->bios_event_log = devm_kmalloc(&chip->dev, len, GFP_KERNEL); + log->bios_event_log = kvmalloc(len, GFP_KERNEL); if (!log->bios_event_log) return -ENOMEM; @@ -161,10 +166,16 @@ int tpm_read_log_acpi(struct tpm_chip *chip) goto err; } + ret = devm_add_action(&chip->dev, tpm_bios_log_free, log->bios_event_log); + if (ret) { + log->bios_event_log = NULL; + goto err; + } + return format; err: - devm_kfree(&chip->dev, log->bios_event_log); + tpm_bios_log_free(log->bios_event_log); log->bios_event_log = NULL; return ret; }

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] tpm: Change to kvalloc() in eventlog/acpi.c" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x a3a860bc0fd6c07332e4911cf9a238d20de90173 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021024-rash-smugly-e182@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a3a860bc0fd6c07332e4911cf9a238d20de90173 Mon Sep 17 00:00:00 2001 From: Jarkko Sakkinen <jarkko(a)kernel.org> Date: Fri, 27 Dec 2024 17:39:09 +0200 Subject: [PATCH] tpm: Change to kvalloc() in eventlog/acpi.c The following failure was reported on HPE ProLiant D320: [ 10.693310][ T1] tpm_tis STM0925:00: 2.0 TPM (device-id 0x3, rev-id 0) [ 10.848132][ T1] ------------[ cut here ]------------ [ 10.853559][ T1] WARNING: CPU: 59 PID: 1 at mm/page_alloc.c:4727 __alloc_pages_noprof+0x2ca/0x330 [ 10.862827][ T1] Modules linked in: [ 10.866671][ T1] CPU: 59 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.12.0-lp155.2.g52785e2-default #1 openSUSE Tumbleweed (unreleased) 588cd98293a7c9eba9013378d807364c088c9375 [ 10.882741][ T1] Hardware name: HPE ProLiant DL320 Gen12/ProLiant DL320 Gen12, BIOS 1.20 10/28/2024 [ 10.892170][ T1] RIP: 0010:__alloc_pages_noprof+0x2ca/0x330 [ 10.898103][ T1] Code: 24 08 e9 4a fe ff ff e8 34 36 fa ff e9 88 fe ff ff 83 fe 0a 0f 86 b3 fd ff ff 80 3d 01 e7 ce 01 00 75 09 c6 05 f8 e6 ce 01 01 <0f> 0b 45 31 ff e9 e5 fe ff ff f7 c2 00 00 08 00 75 42 89 d9 80 e1 [ 10.917750][ T1] RSP: 0000:ffffb7cf40077980 EFLAGS: 00010246 [ 10.923777][ T1] RAX: 0000000000000000 RBX: 0000000000040cc0 RCX: 0000000000000000 [ 10.931727][ T1] RDX: 0000000000000000 RSI: 000000000000000c RDI: 0000000000040cc0 The above transcript shows that ACPI pointed a 16 MiB buffer for the log events because RSI maps to the 'order' parameter of __alloc_pages_noprof(). Address the bug by moving from devm_kmalloc() to devm_add_action() and kvmalloc() and devm_add_action(). Suggested-by: Ard Biesheuvel <ardb(a)kernel.org> Cc: stable(a)vger.kernel.org # v2.6.16+ Fixes: 55a82ab3181b ("[PATCH] tpm: add bios measurement log") Reported-by: Andy Liang <andy.liang(a)hpe.com> Closes: https://bugzilla.kernel.org/show_bug.cgi?id=219495 Reviewed-by: Ard Biesheuvel <ardb(a)kernel.org> Reviewed-by: Stefan Berger <stefanb(a)linux.ibm.com> Reviewed-by: Takashi Iwai <tiwai(a)suse.de> Tested-by: Andy Liang <andy.liang(a)hpe.com> Signed-off-by: Jarkko Sakkinen <jarkko(a)kernel.org> diff --git a/drivers/char/tpm/eventlog/acpi.c b/drivers/char/tpm/eventlog/acpi.c index 69533d0bfb51..cf02ec646f46 100644 --- a/drivers/char/tpm/eventlog/acpi.c +++ b/drivers/char/tpm/eventlog/acpi.c @@ -63,6 +63,11 @@ static bool tpm_is_tpm2_log(void *bios_event_log, u64 len) return n == 0; } +static void tpm_bios_log_free(void *data) +{ + kvfree(data); +} + /* read binary bios log */ int tpm_read_log_acpi(struct tpm_chip *chip) { @@ -136,7 +141,7 @@ int tpm_read_log_acpi(struct tpm_chip *chip) } /* malloc EventLog space */ - log->bios_event_log = devm_kmalloc(&chip->dev, len, GFP_KERNEL); + log->bios_event_log = kvmalloc(len, GFP_KERNEL); if (!log->bios_event_log) return -ENOMEM; @@ -161,10 +166,16 @@ int tpm_read_log_acpi(struct tpm_chip *chip) goto err; } + ret = devm_add_action(&chip->dev, tpm_bios_log_free, log->bios_event_log); + if (ret) { + log->bios_event_log = NULL; + goto err; + } + return format; err: - devm_kfree(&chip->dev, log->bios_event_log); + tpm_bios_log_free(log->bios_event_log); log->bios_event_log = NULL; return ret; }

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] tpm: Change to kvalloc() in eventlog/acpi.c" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x a3a860bc0fd6c07332e4911cf9a238d20de90173 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021025-wrench-yearling-19f5@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a3a860bc0fd6c07332e4911cf9a238d20de90173 Mon Sep 17 00:00:00 2001 From: Jarkko Sakkinen <jarkko(a)kernel.org> Date: Fri, 27 Dec 2024 17:39:09 +0200 Subject: [PATCH] tpm: Change to kvalloc() in eventlog/acpi.c The following failure was reported on HPE ProLiant D320: [ 10.693310][ T1] tpm_tis STM0925:00: 2.0 TPM (device-id 0x3, rev-id 0) [ 10.848132][ T1] ------------[ cut here ]------------ [ 10.853559][ T1] WARNING: CPU: 59 PID: 1 at mm/page_alloc.c:4727 __alloc_pages_noprof+0x2ca/0x330 [ 10.862827][ T1] Modules linked in: [ 10.866671][ T1] CPU: 59 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.12.0-lp155.2.g52785e2-default #1 openSUSE Tumbleweed (unreleased) 588cd98293a7c9eba9013378d807364c088c9375 [ 10.882741][ T1] Hardware name: HPE ProLiant DL320 Gen12/ProLiant DL320 Gen12, BIOS 1.20 10/28/2024 [ 10.892170][ T1] RIP: 0010:__alloc_pages_noprof+0x2ca/0x330 [ 10.898103][ T1] Code: 24 08 e9 4a fe ff ff e8 34 36 fa ff e9 88 fe ff ff 83 fe 0a 0f 86 b3 fd ff ff 80 3d 01 e7 ce 01 00 75 09 c6 05 f8 e6 ce 01 01 <0f> 0b 45 31 ff e9 e5 fe ff ff f7 c2 00 00 08 00 75 42 89 d9 80 e1 [ 10.917750][ T1] RSP: 0000:ffffb7cf40077980 EFLAGS: 00010246 [ 10.923777][ T1] RAX: 0000000000000000 RBX: 0000000000040cc0 RCX: 0000000000000000 [ 10.931727][ T1] RDX: 0000000000000000 RSI: 000000000000000c RDI: 0000000000040cc0 The above transcript shows that ACPI pointed a 16 MiB buffer for the log events because RSI maps to the 'order' parameter of __alloc_pages_noprof(). Address the bug by moving from devm_kmalloc() to devm_add_action() and kvmalloc() and devm_add_action(). Suggested-by: Ard Biesheuvel <ardb(a)kernel.org> Cc: stable(a)vger.kernel.org # v2.6.16+ Fixes: 55a82ab3181b ("[PATCH] tpm: add bios measurement log") Reported-by: Andy Liang <andy.liang(a)hpe.com> Closes: https://bugzilla.kernel.org/show_bug.cgi?id=219495 Reviewed-by: Ard Biesheuvel <ardb(a)kernel.org> Reviewed-by: Stefan Berger <stefanb(a)linux.ibm.com> Reviewed-by: Takashi Iwai <tiwai(a)suse.de> Tested-by: Andy Liang <andy.liang(a)hpe.com> Signed-off-by: Jarkko Sakkinen <jarkko(a)kernel.org> diff --git a/drivers/char/tpm/eventlog/acpi.c b/drivers/char/tpm/eventlog/acpi.c index 69533d0bfb51..cf02ec646f46 100644 --- a/drivers/char/tpm/eventlog/acpi.c +++ b/drivers/char/tpm/eventlog/acpi.c @@ -63,6 +63,11 @@ static bool tpm_is_tpm2_log(void *bios_event_log, u64 len) return n == 0; } +static void tpm_bios_log_free(void *data) +{ + kvfree(data); +} + /* read binary bios log */ int tpm_read_log_acpi(struct tpm_chip *chip) { @@ -136,7 +141,7 @@ int tpm_read_log_acpi(struct tpm_chip *chip) } /* malloc EventLog space */ - log->bios_event_log = devm_kmalloc(&chip->dev, len, GFP_KERNEL); + log->bios_event_log = kvmalloc(len, GFP_KERNEL); if (!log->bios_event_log) return -ENOMEM; @@ -161,10 +166,16 @@ int tpm_read_log_acpi(struct tpm_chip *chip) goto err; } + ret = devm_add_action(&chip->dev, tpm_bios_log_free, log->bios_event_log); + if (ret) { + log->bios_event_log = NULL; + goto err; + } + return format; err: - devm_kfree(&chip->dev, log->bios_event_log); + tpm_bios_log_free(log->bios_event_log); log->bios_event_log = NULL; return ret; }

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] accel/ivpu: Fix error handling in recovery/reset" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 41a2d8286c905614f29007f1bc8e652d54654b82 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021056-earlobe-epidural-b92d@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 41a2d8286c905614f29007f1bc8e652d54654b82 Mon Sep 17 00:00:00 2001 From: Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com> Date: Wed, 29 Jan 2025 13:40:09 +0100 Subject: [PATCH] accel/ivpu: Fix error handling in recovery/reset MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Disable runtime PM for the duration of reset/recovery so it is possible to set the correct runtime PM state depending on the outcome of the `ivpu_resume()`. Don’t suspend or reset the HW if the NPU is suspended when the reset/recovery is requested. Also, move common reset/recovery code to separate functions for better code readability. Fixes: 27d19268cf39 ("accel/ivpu: Improve recovery and reset support") Cc: stable(a)vger.kernel.org # v6.8+ Reviewed-by: Maciej Falkowski <maciej.falkowski(a)linux.intel.com> Reviewed-by: Jeffrey Hugo <quic_jhugo(a)quicinc.com> Signed-off-by: Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20250129124009.1039982-4-jace… diff --git a/drivers/accel/ivpu/ivpu_pm.c b/drivers/accel/ivpu/ivpu_pm.c index c3774d222132..8b2b050cc41a 100644 --- a/drivers/accel/ivpu/ivpu_pm.c +++ b/drivers/accel/ivpu/ivpu_pm.c @@ -115,41 +115,57 @@ static int ivpu_resume(struct ivpu_device *vdev) return ret; } -static void ivpu_pm_recovery_work(struct work_struct *work) +static void ivpu_pm_reset_begin(struct ivpu_device *vdev) { - struct ivpu_pm_info *pm = container_of(work, struct ivpu_pm_info, recovery_work); - struct ivpu_device *vdev = pm->vdev; - char *evt[2] = {"IVPU_PM_EVENT=IVPU_RECOVER", NULL}; - int ret; - - ivpu_err(vdev, "Recovering the NPU (reset #%d)\n", atomic_read(&vdev->pm->reset_counter)); - - ret = pm_runtime_resume_and_get(vdev->drm.dev); - if (ret) - ivpu_err(vdev, "Failed to resume NPU: %d\n", ret); - - ivpu_jsm_state_dump(vdev); - ivpu_dev_coredump(vdev); + pm_runtime_disable(vdev->drm.dev); atomic_inc(&vdev->pm->reset_counter); atomic_set(&vdev->pm->reset_pending, 1); down_write(&vdev->pm->reset_lock); +} + +static void ivpu_pm_reset_complete(struct ivpu_device *vdev) +{ + int ret; - ivpu_suspend(vdev); ivpu_pm_prepare_cold_boot(vdev); ivpu_jobs_abort_all(vdev); ivpu_ms_cleanup_all(vdev); ret = ivpu_resume(vdev); - if (ret) + if (ret) { ivpu_err(vdev, "Failed to resume NPU: %d\n", ret); + pm_runtime_set_suspended(vdev->drm.dev); + } else { + pm_runtime_set_active(vdev->drm.dev); + } up_write(&vdev->pm->reset_lock); atomic_set(&vdev->pm->reset_pending, 0); - kobject_uevent_env(&vdev->drm.dev->kobj, KOBJ_CHANGE, evt); pm_runtime_mark_last_busy(vdev->drm.dev); - pm_runtime_put_autosuspend(vdev->drm.dev); + pm_runtime_enable(vdev->drm.dev); +} + +static void ivpu_pm_recovery_work(struct work_struct *work) +{ + struct ivpu_pm_info *pm = container_of(work, struct ivpu_pm_info, recovery_work); + struct ivpu_device *vdev = pm->vdev; + char *evt[2] = {"IVPU_PM_EVENT=IVPU_RECOVER", NULL}; + + ivpu_err(vdev, "Recovering the NPU (reset #%d)\n", atomic_read(&vdev->pm->reset_counter)); + + ivpu_pm_reset_begin(vdev); + + if (!pm_runtime_status_suspended(vdev->drm.dev)) { + ivpu_jsm_state_dump(vdev); + ivpu_dev_coredump(vdev); + ivpu_suspend(vdev); + } + + ivpu_pm_reset_complete(vdev); + + kobject_uevent_env(&vdev->drm.dev->kobj, KOBJ_CHANGE, evt); } void ivpu_pm_trigger_recovery(struct ivpu_device *vdev, const char *reason) @@ -328,16 +344,13 @@ void ivpu_pm_reset_prepare_cb(struct pci_dev *pdev) struct ivpu_device *vdev = pci_get_drvdata(pdev); ivpu_dbg(vdev, PM, "Pre-reset..\n"); - atomic_inc(&vdev->pm->reset_counter); - atomic_set(&vdev->pm->reset_pending, 1); - pm_runtime_get_sync(vdev->drm.dev); - down_write(&vdev->pm->reset_lock); - ivpu_prepare_for_reset(vdev); - ivpu_hw_reset(vdev); - ivpu_pm_prepare_cold_boot(vdev); - ivpu_jobs_abort_all(vdev); - ivpu_ms_cleanup_all(vdev); + ivpu_pm_reset_begin(vdev); + + if (!pm_runtime_status_suspended(vdev->drm.dev)) { + ivpu_prepare_for_reset(vdev); + ivpu_hw_reset(vdev); + } ivpu_dbg(vdev, PM, "Pre-reset done.\n"); } @@ -345,18 +358,12 @@ void ivpu_pm_reset_prepare_cb(struct pci_dev *pdev) void ivpu_pm_reset_done_cb(struct pci_dev *pdev) { struct ivpu_device *vdev = pci_get_drvdata(pdev); - int ret; ivpu_dbg(vdev, PM, "Post-reset..\n"); - ret = ivpu_resume(vdev); - if (ret) - ivpu_err(vdev, "Failed to set RESUME state: %d\n", ret); - up_write(&vdev->pm->reset_lock); - atomic_set(&vdev->pm->reset_pending, 0); - ivpu_dbg(vdev, PM, "Post-reset done.\n"); - pm_runtime_mark_last_busy(vdev->drm.dev); - pm_runtime_put_autosuspend(vdev->drm.dev); + ivpu_pm_reset_complete(vdev); + + ivpu_dbg(vdev, PM, "Post-reset done.\n"); } void ivpu_pm_init(struct ivpu_device *vdev)

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] crypto: qce - fix priority to be less than ARMv8 CE" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 49b9258b05b97c6464e1964b6a2fddb3ddb65d17 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021000-backboned-mumble-2daa@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 49b9258b05b97c6464e1964b6a2fddb3ddb65d17 Mon Sep 17 00:00:00 2001 From: Eric Biggers <ebiggers(a)google.com> Date: Tue, 3 Dec 2024 10:05:53 -0800 Subject: [PATCH] crypto: qce - fix priority to be less than ARMv8 CE As QCE is an order of magnitude slower than the ARMv8 Crypto Extensions on the CPU, and is also less well tested, give it a lower priority. Previously the QCE SHA algorithms had higher priority than the ARMv8 CE equivalents, and the ciphers such as AES-XTS had the same priority which meant the QCE versions were chosen if they happened to be loaded later. Fixes: ec8f5d8f6f76 ("crypto: qce - Qualcomm crypto engine driver") Cc: stable(a)vger.kernel.org Cc: Bartosz Golaszewski <brgl(a)bgdev.pl> Cc: Neil Armstrong <neil.armstrong(a)linaro.org> Cc: Thara Gopinath <thara.gopinath(a)gmail.com> Signed-off-by: Eric Biggers <ebiggers(a)google.com> Reviewed-by: Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> Reviewed-by: Ard Biesheuvel <ardb(a)kernel.org> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> diff --git a/drivers/crypto/qce/aead.c b/drivers/crypto/qce/aead.c index 7d811728f047..97b56e92ea33 100644 --- a/drivers/crypto/qce/aead.c +++ b/drivers/crypto/qce/aead.c @@ -786,7 +786,7 @@ static int qce_aead_register_one(const struct qce_aead_def *def, struct qce_devi alg->init = qce_aead_init; alg->exit = qce_aead_exit; - alg->base.cra_priority = 300; + alg->base.cra_priority = 275; alg->base.cra_flags = CRYPTO_ALG_ASYNC | CRYPTO_ALG_ALLOCATES_MEMORY | CRYPTO_ALG_KERN_DRIVER_ONLY | diff --git a/drivers/crypto/qce/sha.c b/drivers/crypto/qce/sha.c index 916908c04b63..c4ddc3b265ee 100644 --- a/drivers/crypto/qce/sha.c +++ b/drivers/crypto/qce/sha.c @@ -482,7 +482,7 @@ static int qce_ahash_register_one(const struct qce_ahash_def *def, base = &alg->halg.base; base->cra_blocksize = def->blocksize; - base->cra_priority = 300; + base->cra_priority = 175; base->cra_flags = CRYPTO_ALG_ASYNC | CRYPTO_ALG_KERN_DRIVER_ONLY; base->cra_ctxsize = sizeof(struct qce_sha_ctx); base->cra_alignmask = 0; diff --git a/drivers/crypto/qce/skcipher.c b/drivers/crypto/qce/skcipher.c index 5b493fdc1e74..ffb334eb5b34 100644 --- a/drivers/crypto/qce/skcipher.c +++ b/drivers/crypto/qce/skcipher.c @@ -461,7 +461,7 @@ static int qce_skcipher_register_one(const struct qce_skcipher_def *def, alg->encrypt = qce_skcipher_encrypt; alg->decrypt = qce_skcipher_decrypt; - alg->base.cra_priority = 300; + alg->base.cra_priority = 275; alg->base.cra_flags = CRYPTO_ALG_ASYNC | CRYPTO_ALG_ALLOCATES_MEMORY | CRYPTO_ALG_KERN_DRIVER_ONLY;

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] crypto: qce - fix priority to be less than ARMv8 CE" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 49b9258b05b97c6464e1964b6a2fddb3ddb65d17 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021059-drinking-september-98ee@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 49b9258b05b97c6464e1964b6a2fddb3ddb65d17 Mon Sep 17 00:00:00 2001 From: Eric Biggers <ebiggers(a)google.com> Date: Tue, 3 Dec 2024 10:05:53 -0800 Subject: [PATCH] crypto: qce - fix priority to be less than ARMv8 CE As QCE is an order of magnitude slower than the ARMv8 Crypto Extensions on the CPU, and is also less well tested, give it a lower priority. Previously the QCE SHA algorithms had higher priority than the ARMv8 CE equivalents, and the ciphers such as AES-XTS had the same priority which meant the QCE versions were chosen if they happened to be loaded later. Fixes: ec8f5d8f6f76 ("crypto: qce - Qualcomm crypto engine driver") Cc: stable(a)vger.kernel.org Cc: Bartosz Golaszewski <brgl(a)bgdev.pl> Cc: Neil Armstrong <neil.armstrong(a)linaro.org> Cc: Thara Gopinath <thara.gopinath(a)gmail.com> Signed-off-by: Eric Biggers <ebiggers(a)google.com> Reviewed-by: Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> Reviewed-by: Ard Biesheuvel <ardb(a)kernel.org> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> diff --git a/drivers/crypto/qce/aead.c b/drivers/crypto/qce/aead.c index 7d811728f047..97b56e92ea33 100644 --- a/drivers/crypto/qce/aead.c +++ b/drivers/crypto/qce/aead.c @@ -786,7 +786,7 @@ static int qce_aead_register_one(const struct qce_aead_def *def, struct qce_devi alg->init = qce_aead_init; alg->exit = qce_aead_exit; - alg->base.cra_priority = 300; + alg->base.cra_priority = 275; alg->base.cra_flags = CRYPTO_ALG_ASYNC | CRYPTO_ALG_ALLOCATES_MEMORY | CRYPTO_ALG_KERN_DRIVER_ONLY | diff --git a/drivers/crypto/qce/sha.c b/drivers/crypto/qce/sha.c index 916908c04b63..c4ddc3b265ee 100644 --- a/drivers/crypto/qce/sha.c +++ b/drivers/crypto/qce/sha.c @@ -482,7 +482,7 @@ static int qce_ahash_register_one(const struct qce_ahash_def *def, base = &alg->halg.base; base->cra_blocksize = def->blocksize; - base->cra_priority = 300; + base->cra_priority = 175; base->cra_flags = CRYPTO_ALG_ASYNC | CRYPTO_ALG_KERN_DRIVER_ONLY; base->cra_ctxsize = sizeof(struct qce_sha_ctx); base->cra_alignmask = 0; diff --git a/drivers/crypto/qce/skcipher.c b/drivers/crypto/qce/skcipher.c index 5b493fdc1e74..ffb334eb5b34 100644 --- a/drivers/crypto/qce/skcipher.c +++ b/drivers/crypto/qce/skcipher.c @@ -461,7 +461,7 @@ static int qce_skcipher_register_one(const struct qce_skcipher_def *def, alg->encrypt = qce_skcipher_encrypt; alg->decrypt = qce_skcipher_decrypt; - alg->base.cra_priority = 300; + alg->base.cra_priority = 275; alg->base.cra_flags = CRYPTO_ALG_ASYNC | CRYPTO_ALG_ALLOCATES_MEMORY | CRYPTO_ALG_KERN_DRIVER_ONLY;

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] arm64: dts: qcom: sm8550: Fix ADSP memory base and length" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x a6a8f54bc2af555738322783ba1e990c2ae7f443 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021034-thumping-portable-f242@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a6a8f54bc2af555738322783ba1e990c2ae7f443 Mon Sep 17 00:00:00 2001 From: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Date: Fri, 13 Dec 2024 15:53:56 +0100 Subject: [PATCH] arm64: dts: qcom: sm8550: Fix ADSP memory base and length The address space in ADSP PAS (Peripheral Authentication Service) remoteproc node should point to the QDSP PUB address space (QDSP6...SS_PUB): 0x0680_0000 with length of 0x10000. 0x3000_0000, value used so far, is the main region of CDSP. Downstream DTS uses 0x0300_0000, which is oddly similar to 0x3000_0000, yet quite different and points to unused area. Correct the base address and length, which also moves the node to different place to keep things sorted by unit address. The diff looks big, but only the unit address and "reg" property were changed. This should have no functional impact on Linux users, because PAS loader does not use this address space at all. Fixes: d0c061e366ed ("arm64: dts: qcom: sm8550: add adsp, cdsp & mdss nodes") Cc: stable(a)vger.kernel.org Reviewed-by: Neil Armstrong <neil.armstrong(a)linaro.org> Reviewed-by: Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com> Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Link: https://lore.kernel.org/r/20241213-dts-qcom-cdsp-mpss-base-address-v3-7-2e0… Signed-off-by: Bjorn Andersson <andersson(a)kernel.org> diff --git a/arch/arm64/boot/dts/qcom/sm8550.dtsi b/arch/arm64/boot/dts/qcom/sm8550.dtsi index f01af4af1f94..00a8c417c68a 100644 --- a/arch/arm64/boot/dts/qcom/sm8550.dtsi +++ b/arch/arm64/boot/dts/qcom/sm8550.dtsi @@ -2367,6 +2367,137 @@ IPCC_MPROC_SIGNAL_GLINK_QMP }; }; + remoteproc_adsp: remoteproc@6800000 { + compatible = "qcom,sm8550-adsp-pas"; + reg = <0x0 0x06800000 0x0 0x10000>; + + interrupts-extended = <&pdc 6 IRQ_TYPE_EDGE_RISING>, + <&smp2p_adsp_in 0 IRQ_TYPE_EDGE_RISING>, + <&smp2p_adsp_in 1 IRQ_TYPE_EDGE_RISING>, + <&smp2p_adsp_in 2 IRQ_TYPE_EDGE_RISING>, + <&smp2p_adsp_in 3 IRQ_TYPE_EDGE_RISING>; + interrupt-names = "wdog", "fatal", "ready", + "handover", "stop-ack"; + + clocks = <&rpmhcc RPMH_CXO_CLK>; + clock-names = "xo"; + + power-domains = <&rpmhpd RPMHPD_LCX>, + <&rpmhpd RPMHPD_LMX>; + power-domain-names = "lcx", "lmx"; + + interconnects = <&lpass_lpicx_noc MASTER_LPASS_PROC 0 &mc_virt SLAVE_EBI1 0>; + + memory-region = <&adspslpi_mem>, <&q6_adsp_dtb_mem>; + + qcom,qmp = <&aoss_qmp>; + + qcom,smem-states = <&smp2p_adsp_out 0>; + qcom,smem-state-names = "stop"; + + status = "disabled"; + + remoteproc_adsp_glink: glink-edge { + interrupts-extended = <&ipcc IPCC_CLIENT_LPASS + IPCC_MPROC_SIGNAL_GLINK_QMP + IRQ_TYPE_EDGE_RISING>; + mboxes = <&ipcc IPCC_CLIENT_LPASS + IPCC_MPROC_SIGNAL_GLINK_QMP>; + + label = "lpass"; + qcom,remote-pid = <2>; + + fastrpc { + compatible = "qcom,fastrpc"; + qcom,glink-channels = "fastrpcglink-apps-dsp"; + label = "adsp"; + qcom,non-secure-domain; + #address-cells = <1>; + #size-cells = <0>; + + compute-cb@3 { + compatible = "qcom,fastrpc-compute-cb"; + reg = <3>; + iommus = <&apps_smmu 0x1003 0x80>, + <&apps_smmu 0x1063 0x0>; + dma-coherent; + }; + + compute-cb@4 { + compatible = "qcom,fastrpc-compute-cb"; + reg = <4>; + iommus = <&apps_smmu 0x1004 0x80>, + <&apps_smmu 0x1064 0x0>; + dma-coherent; + }; + + compute-cb@5 { + compatible = "qcom,fastrpc-compute-cb"; + reg = <5>; + iommus = <&apps_smmu 0x1005 0x80>, + <&apps_smmu 0x1065 0x0>; + dma-coherent; + }; + + compute-cb@6 { + compatible = "qcom,fastrpc-compute-cb"; + reg = <6>; + iommus = <&apps_smmu 0x1006 0x80>, + <&apps_smmu 0x1066 0x0>; + dma-coherent; + }; + + compute-cb@7 { + compatible = "qcom,fastrpc-compute-cb"; + reg = <7>; + iommus = <&apps_smmu 0x1007 0x80>, + <&apps_smmu 0x1067 0x0>; + dma-coherent; + }; + }; + + gpr { + compatible = "qcom,gpr"; + qcom,glink-channels = "adsp_apps"; + qcom,domain = <GPR_DOMAIN_ID_ADSP>; + qcom,intents = <512 20>; + #address-cells = <1>; + #size-cells = <0>; + + q6apm: service@1 { + compatible = "qcom,q6apm"; + reg = <GPR_APM_MODULE_IID>; + #sound-dai-cells = <0>; + qcom,protection-domain = "avs/audio", + "msm/adsp/audio_pd"; + + q6apmdai: dais { + compatible = "qcom,q6apm-dais"; + iommus = <&apps_smmu 0x1001 0x80>, + <&apps_smmu 0x1061 0x0>; + }; + + q6apmbedai: bedais { + compatible = "qcom,q6apm-lpass-dais"; + #sound-dai-cells = <1>; + }; + }; + + q6prm: service@2 { + compatible = "qcom,q6prm"; + reg = <GPR_PRM_MODULE_IID>; + qcom,protection-domain = "avs/audio", + "msm/adsp/audio_pd"; + + q6prmcc: clock-controller { + compatible = "qcom,q6prm-lpass-clocks"; + #clock-cells = <2>; + }; + }; + }; + }; + }; + lpass_wsa2macro: codec@6aa0000 { compatible = "qcom,sm8550-lpass-wsa-macro"; reg = <0 0x06aa0000 0 0x1000>; @@ -4588,137 +4719,6 @@ system-cache-controller@25000000 { interrupts = <GIC_SPI 266 IRQ_TYPE_LEVEL_HIGH>; }; - remoteproc_adsp: remoteproc@30000000 { - compatible = "qcom,sm8550-adsp-pas"; - reg = <0x0 0x30000000 0x0 0x100>; - - interrupts-extended = <&pdc 6 IRQ_TYPE_EDGE_RISING>, - <&smp2p_adsp_in 0 IRQ_TYPE_EDGE_RISING>, - <&smp2p_adsp_in 1 IRQ_TYPE_EDGE_RISING>, - <&smp2p_adsp_in 2 IRQ_TYPE_EDGE_RISING>, - <&smp2p_adsp_in 3 IRQ_TYPE_EDGE_RISING>; - interrupt-names = "wdog", "fatal", "ready", - "handover", "stop-ack"; - - clocks = <&rpmhcc RPMH_CXO_CLK>; - clock-names = "xo"; - - power-domains = <&rpmhpd RPMHPD_LCX>, - <&rpmhpd RPMHPD_LMX>; - power-domain-names = "lcx", "lmx"; - - interconnects = <&lpass_lpicx_noc MASTER_LPASS_PROC 0 &mc_virt SLAVE_EBI1 0>; - - memory-region = <&adspslpi_mem>, <&q6_adsp_dtb_mem>; - - qcom,qmp = <&aoss_qmp>; - - qcom,smem-states = <&smp2p_adsp_out 0>; - qcom,smem-state-names = "stop"; - - status = "disabled"; - - remoteproc_adsp_glink: glink-edge { - interrupts-extended = <&ipcc IPCC_CLIENT_LPASS - IPCC_MPROC_SIGNAL_GLINK_QMP - IRQ_TYPE_EDGE_RISING>; - mboxes = <&ipcc IPCC_CLIENT_LPASS - IPCC_MPROC_SIGNAL_GLINK_QMP>; - - label = "lpass"; - qcom,remote-pid = <2>; - - fastrpc { - compatible = "qcom,fastrpc"; - qcom,glink-channels = "fastrpcglink-apps-dsp"; - label = "adsp"; - qcom,non-secure-domain; - #address-cells = <1>; - #size-cells = <0>; - - compute-cb@3 { - compatible = "qcom,fastrpc-compute-cb"; - reg = <3>; - iommus = <&apps_smmu 0x1003 0x80>, - <&apps_smmu 0x1063 0x0>; - dma-coherent; - }; - - compute-cb@4 { - compatible = "qcom,fastrpc-compute-cb"; - reg = <4>; - iommus = <&apps_smmu 0x1004 0x80>, - <&apps_smmu 0x1064 0x0>; - dma-coherent; - }; - - compute-cb@5 { - compatible = "qcom,fastrpc-compute-cb"; - reg = <5>; - iommus = <&apps_smmu 0x1005 0x80>, - <&apps_smmu 0x1065 0x0>; - dma-coherent; - }; - - compute-cb@6 { - compatible = "qcom,fastrpc-compute-cb"; - reg = <6>; - iommus = <&apps_smmu 0x1006 0x80>, - <&apps_smmu 0x1066 0x0>; - dma-coherent; - }; - - compute-cb@7 { - compatible = "qcom,fastrpc-compute-cb"; - reg = <7>; - iommus = <&apps_smmu 0x1007 0x80>, - <&apps_smmu 0x1067 0x0>; - dma-coherent; - }; - }; - - gpr { - compatible = "qcom,gpr"; - qcom,glink-channels = "adsp_apps"; - qcom,domain = <GPR_DOMAIN_ID_ADSP>; - qcom,intents = <512 20>; - #address-cells = <1>; - #size-cells = <0>; - - q6apm: service@1 { - compatible = "qcom,q6apm"; - reg = <GPR_APM_MODULE_IID>; - #sound-dai-cells = <0>; - qcom,protection-domain = "avs/audio", - "msm/adsp/audio_pd"; - - q6apmdai: dais { - compatible = "qcom,q6apm-dais"; - iommus = <&apps_smmu 0x1001 0x80>, - <&apps_smmu 0x1061 0x0>; - }; - - q6apmbedai: bedais { - compatible = "qcom,q6apm-lpass-dais"; - #sound-dai-cells = <1>; - }; - }; - - q6prm: service@2 { - compatible = "qcom,q6prm"; - reg = <GPR_PRM_MODULE_IID>; - qcom,protection-domain = "avs/audio", - "msm/adsp/audio_pd"; - - q6prmcc: clock-controller { - compatible = "qcom,q6prm-lpass-clocks"; - #clock-cells = <2>; - }; - }; - }; - }; - }; - nsp_noc: interconnect@320c0000 { compatible = "qcom,sm8550-nsp-noc"; reg = <0 0x320c0000 0 0xe080>;

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] arm64: dts: qcom: sm8450: Fix CDSP memory length" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 3751fe2cba2a9fba2204ef62102bc4bb027cec7b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021001-outflank-broken-2dd7@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 3751fe2cba2a9fba2204ef62102bc4bb027cec7b Mon Sep 17 00:00:00 2001 From: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Date: Fri, 13 Dec 2024 15:53:54 +0100 Subject: [PATCH] arm64: dts: qcom: sm8450: Fix CDSP memory length The address space in CDSP PAS (Peripheral Authentication Service) remoteproc node should point to the QDSP PUB address space (QDSP6...SS_PUB) which has a length of 0x10000. Value of 0x1400000 was copied from older DTS, but it does not look accurate at all. This should have no functional impact on Linux users, because PAS loader does not use this address space at all. Fixes: 1172729576fb ("arm64: dts: qcom: sm8450: Add remoteproc enablers and instances") Cc: stable(a)vger.kernel.org Reviewed-by: Neil Armstrong <neil.armstrong(a)linaro.org> Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Link: https://lore.kernel.org/r/20241213-dts-qcom-cdsp-mpss-base-address-v3-5-2e0… Signed-off-by: Bjorn Andersson <andersson(a)kernel.org> diff --git a/arch/arm64/boot/dts/qcom/sm8450.dtsi b/arch/arm64/boot/dts/qcom/sm8450.dtsi index 962023331ac4..b57edfbaf784 100644 --- a/arch/arm64/boot/dts/qcom/sm8450.dtsi +++ b/arch/arm64/boot/dts/qcom/sm8450.dtsi @@ -2800,7 +2800,7 @@ vamacro: codec@33f0000 { remoteproc_cdsp: remoteproc@32300000 { compatible = "qcom,sm8450-cdsp-pas"; - reg = <0 0x32300000 0 0x1400000>; + reg = <0 0x32300000 0 0x10000>; interrupts-extended = <&intc GIC_SPI 578 IRQ_TYPE_EDGE_RISING>, <&smp2p_cdsp_in 0 IRQ_TYPE_EDGE_RISING>,

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] arm64: dts: qcom: sm8450: Fix ADSP memory base and length" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 13c96bee5d5e5b61a9d8d000c9bb37bb9a2a0551 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021049-undertake-carload-8523@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 13c96bee5d5e5b61a9d8d000c9bb37bb9a2a0551 Mon Sep 17 00:00:00 2001 From: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Date: Fri, 13 Dec 2024 15:53:53 +0100 Subject: [PATCH] arm64: dts: qcom: sm8450: Fix ADSP memory base and length The address space in ADSP PAS (Peripheral Authentication Service) remoteproc node should point to the QDSP PUB address space (QDSP6...SS_PUB): 0x0300_0000 with length of 0x10000, which also matches downstream DTS. 0x3000_0000, value used so far, was in datasheet is the region of CDSP. Correct the base address and length, which also moves the node to different place to keep things sorted by unit address. The diff looks big, but only the unit address and "reg" property were changed. This should have no functional impact on Linux users, because PAS loader does not use this address space at all. Fixes: 1172729576fb ("arm64: dts: qcom: sm8450: Add remoteproc enablers and instances") Cc: stable(a)vger.kernel.org Reviewed-by: Neil Armstrong <neil.armstrong(a)linaro.org> Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Link: https://lore.kernel.org/r/20241213-dts-qcom-cdsp-mpss-base-address-v3-4-2e0… Signed-off-by: Bjorn Andersson <andersson(a)kernel.org> diff --git a/arch/arm64/boot/dts/qcom/sm8450.dtsi b/arch/arm64/boot/dts/qcom/sm8450.dtsi index fbc3c025e96a..962023331ac4 100644 --- a/arch/arm64/boot/dts/qcom/sm8450.dtsi +++ b/arch/arm64/boot/dts/qcom/sm8450.dtsi @@ -2496,6 +2496,112 @@ compute-cb@3 { }; }; + remoteproc_adsp: remoteproc@3000000 { + compatible = "qcom,sm8450-adsp-pas"; + reg = <0x0 0x03000000 0x0 0x10000>; + + interrupts-extended = <&pdc 6 IRQ_TYPE_EDGE_RISING>, + <&smp2p_adsp_in 0 IRQ_TYPE_EDGE_RISING>, + <&smp2p_adsp_in 1 IRQ_TYPE_EDGE_RISING>, + <&smp2p_adsp_in 2 IRQ_TYPE_EDGE_RISING>, + <&smp2p_adsp_in 3 IRQ_TYPE_EDGE_RISING>; + interrupt-names = "wdog", "fatal", "ready", + "handover", "stop-ack"; + + clocks = <&rpmhcc RPMH_CXO_CLK>; + clock-names = "xo"; + + power-domains = <&rpmhpd RPMHPD_LCX>, + <&rpmhpd RPMHPD_LMX>; + power-domain-names = "lcx", "lmx"; + + memory-region = <&adsp_mem>; + + qcom,qmp = <&aoss_qmp>; + + qcom,smem-states = <&smp2p_adsp_out 0>; + qcom,smem-state-names = "stop"; + + status = "disabled"; + + remoteproc_adsp_glink: glink-edge { + interrupts-extended = <&ipcc IPCC_CLIENT_LPASS + IPCC_MPROC_SIGNAL_GLINK_QMP + IRQ_TYPE_EDGE_RISING>; + mboxes = <&ipcc IPCC_CLIENT_LPASS + IPCC_MPROC_SIGNAL_GLINK_QMP>; + + label = "lpass"; + qcom,remote-pid = <2>; + + gpr { + compatible = "qcom,gpr"; + qcom,glink-channels = "adsp_apps"; + qcom,domain = <GPR_DOMAIN_ID_ADSP>; + qcom,intents = <512 20>; + #address-cells = <1>; + #size-cells = <0>; + + q6apm: service@1 { + compatible = "qcom,q6apm"; + reg = <GPR_APM_MODULE_IID>; + #sound-dai-cells = <0>; + qcom,protection-domain = "avs/audio", + "msm/adsp/audio_pd"; + + q6apmdai: dais { + compatible = "qcom,q6apm-dais"; + iommus = <&apps_smmu 0x1801 0x0>; + }; + + q6apmbedai: bedais { + compatible = "qcom,q6apm-lpass-dais"; + #sound-dai-cells = <1>; + }; + }; + + q6prm: service@2 { + compatible = "qcom,q6prm"; + reg = <GPR_PRM_MODULE_IID>; + qcom,protection-domain = "avs/audio", + "msm/adsp/audio_pd"; + + q6prmcc: clock-controller { + compatible = "qcom,q6prm-lpass-clocks"; + #clock-cells = <2>; + }; + }; + }; + + fastrpc { + compatible = "qcom,fastrpc"; + qcom,glink-channels = "fastrpcglink-apps-dsp"; + label = "adsp"; + qcom,non-secure-domain; + #address-cells = <1>; + #size-cells = <0>; + + compute-cb@3 { + compatible = "qcom,fastrpc-compute-cb"; + reg = <3>; + iommus = <&apps_smmu 0x1803 0x0>; + }; + + compute-cb@4 { + compatible = "qcom,fastrpc-compute-cb"; + reg = <4>; + iommus = <&apps_smmu 0x1804 0x0>; + }; + + compute-cb@5 { + compatible = "qcom,fastrpc-compute-cb"; + reg = <5>; + iommus = <&apps_smmu 0x1805 0x0>; + }; + }; + }; + }; + wsa2macro: codec@31e0000 { compatible = "qcom,sm8450-lpass-wsa-macro"; reg = <0 0x031e0000 0 0x1000>; @@ -2692,112 +2798,6 @@ vamacro: codec@33f0000 { status = "disabled"; }; - remoteproc_adsp: remoteproc@30000000 { - compatible = "qcom,sm8450-adsp-pas"; - reg = <0 0x30000000 0 0x100>; - - interrupts-extended = <&pdc 6 IRQ_TYPE_EDGE_RISING>, - <&smp2p_adsp_in 0 IRQ_TYPE_EDGE_RISING>, - <&smp2p_adsp_in 1 IRQ_TYPE_EDGE_RISING>, - <&smp2p_adsp_in 2 IRQ_TYPE_EDGE_RISING>, - <&smp2p_adsp_in 3 IRQ_TYPE_EDGE_RISING>; - interrupt-names = "wdog", "fatal", "ready", - "handover", "stop-ack"; - - clocks = <&rpmhcc RPMH_CXO_CLK>; - clock-names = "xo"; - - power-domains = <&rpmhpd RPMHPD_LCX>, - <&rpmhpd RPMHPD_LMX>; - power-domain-names = "lcx", "lmx"; - - memory-region = <&adsp_mem>; - - qcom,qmp = <&aoss_qmp>; - - qcom,smem-states = <&smp2p_adsp_out 0>; - qcom,smem-state-names = "stop"; - - status = "disabled"; - - remoteproc_adsp_glink: glink-edge { - interrupts-extended = <&ipcc IPCC_CLIENT_LPASS - IPCC_MPROC_SIGNAL_GLINK_QMP - IRQ_TYPE_EDGE_RISING>; - mboxes = <&ipcc IPCC_CLIENT_LPASS - IPCC_MPROC_SIGNAL_GLINK_QMP>; - - label = "lpass"; - qcom,remote-pid = <2>; - - gpr { - compatible = "qcom,gpr"; - qcom,glink-channels = "adsp_apps"; - qcom,domain = <GPR_DOMAIN_ID_ADSP>; - qcom,intents = <512 20>; - #address-cells = <1>; - #size-cells = <0>; - - q6apm: service@1 { - compatible = "qcom,q6apm"; - reg = <GPR_APM_MODULE_IID>; - #sound-dai-cells = <0>; - qcom,protection-domain = "avs/audio", - "msm/adsp/audio_pd"; - - q6apmdai: dais { - compatible = "qcom,q6apm-dais"; - iommus = <&apps_smmu 0x1801 0x0>; - }; - - q6apmbedai: bedais { - compatible = "qcom,q6apm-lpass-dais"; - #sound-dai-cells = <1>; - }; - }; - - q6prm: service@2 { - compatible = "qcom,q6prm"; - reg = <GPR_PRM_MODULE_IID>; - qcom,protection-domain = "avs/audio", - "msm/adsp/audio_pd"; - - q6prmcc: clock-controller { - compatible = "qcom,q6prm-lpass-clocks"; - #clock-cells = <2>; - }; - }; - }; - - fastrpc { - compatible = "qcom,fastrpc"; - qcom,glink-channels = "fastrpcglink-apps-dsp"; - label = "adsp"; - qcom,non-secure-domain; - #address-cells = <1>; - #size-cells = <0>; - - compute-cb@3 { - compatible = "qcom,fastrpc-compute-cb"; - reg = <3>; - iommus = <&apps_smmu 0x1803 0x0>; - }; - - compute-cb@4 { - compatible = "qcom,fastrpc-compute-cb"; - reg = <4>; - iommus = <&apps_smmu 0x1804 0x0>; - }; - - compute-cb@5 { - compatible = "qcom,fastrpc-compute-cb"; - reg = <5>; - iommus = <&apps_smmu 0x1805 0x0>; - }; - }; - }; - }; - remoteproc_cdsp: remoteproc@32300000 { compatible = "qcom,sm8450-cdsp-pas"; reg = <0 0x32300000 0 0x1400000>;

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] arm64: dts: qcom: sm8450: Fix ADSP memory base and length" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 13c96bee5d5e5b61a9d8d000c9bb37bb9a2a0551 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021048-hacked-audible-e53e@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 13c96bee5d5e5b61a9d8d000c9bb37bb9a2a0551 Mon Sep 17 00:00:00 2001 From: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Date: Fri, 13 Dec 2024 15:53:53 +0100 Subject: [PATCH] arm64: dts: qcom: sm8450: Fix ADSP memory base and length The address space in ADSP PAS (Peripheral Authentication Service) remoteproc node should point to the QDSP PUB address space (QDSP6...SS_PUB): 0x0300_0000 with length of 0x10000, which also matches downstream DTS. 0x3000_0000, value used so far, was in datasheet is the region of CDSP. Correct the base address and length, which also moves the node to different place to keep things sorted by unit address. The diff looks big, but only the unit address and "reg" property were changed. This should have no functional impact on Linux users, because PAS loader does not use this address space at all. Fixes: 1172729576fb ("arm64: dts: qcom: sm8450: Add remoteproc enablers and instances") Cc: stable(a)vger.kernel.org Reviewed-by: Neil Armstrong <neil.armstrong(a)linaro.org> Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Link: https://lore.kernel.org/r/20241213-dts-qcom-cdsp-mpss-base-address-v3-4-2e0… Signed-off-by: Bjorn Andersson <andersson(a)kernel.org> diff --git a/arch/arm64/boot/dts/qcom/sm8450.dtsi b/arch/arm64/boot/dts/qcom/sm8450.dtsi index fbc3c025e96a..962023331ac4 100644 --- a/arch/arm64/boot/dts/qcom/sm8450.dtsi +++ b/arch/arm64/boot/dts/qcom/sm8450.dtsi @@ -2496,6 +2496,112 @@ compute-cb@3 { }; }; + remoteproc_adsp: remoteproc@3000000 { + compatible = "qcom,sm8450-adsp-pas"; + reg = <0x0 0x03000000 0x0 0x10000>; + + interrupts-extended = <&pdc 6 IRQ_TYPE_EDGE_RISING>, + <&smp2p_adsp_in 0 IRQ_TYPE_EDGE_RISING>, + <&smp2p_adsp_in 1 IRQ_TYPE_EDGE_RISING>, + <&smp2p_adsp_in 2 IRQ_TYPE_EDGE_RISING>, + <&smp2p_adsp_in 3 IRQ_TYPE_EDGE_RISING>; + interrupt-names = "wdog", "fatal", "ready", + "handover", "stop-ack"; + + clocks = <&rpmhcc RPMH_CXO_CLK>; + clock-names = "xo"; + + power-domains = <&rpmhpd RPMHPD_LCX>, + <&rpmhpd RPMHPD_LMX>; + power-domain-names = "lcx", "lmx"; + + memory-region = <&adsp_mem>; + + qcom,qmp = <&aoss_qmp>; + + qcom,smem-states = <&smp2p_adsp_out 0>; + qcom,smem-state-names = "stop"; + + status = "disabled"; + + remoteproc_adsp_glink: glink-edge { + interrupts-extended = <&ipcc IPCC_CLIENT_LPASS + IPCC_MPROC_SIGNAL_GLINK_QMP + IRQ_TYPE_EDGE_RISING>; + mboxes = <&ipcc IPCC_CLIENT_LPASS + IPCC_MPROC_SIGNAL_GLINK_QMP>; + + label = "lpass"; + qcom,remote-pid = <2>; + + gpr { + compatible = "qcom,gpr"; + qcom,glink-channels = "adsp_apps"; + qcom,domain = <GPR_DOMAIN_ID_ADSP>; + qcom,intents = <512 20>; + #address-cells = <1>; + #size-cells = <0>; + + q6apm: service@1 { + compatible = "qcom,q6apm"; + reg = <GPR_APM_MODULE_IID>; + #sound-dai-cells = <0>; + qcom,protection-domain = "avs/audio", + "msm/adsp/audio_pd"; + + q6apmdai: dais { + compatible = "qcom,q6apm-dais"; + iommus = <&apps_smmu 0x1801 0x0>; + }; + + q6apmbedai: bedais { + compatible = "qcom,q6apm-lpass-dais"; + #sound-dai-cells = <1>; + }; + }; + + q6prm: service@2 { + compatible = "qcom,q6prm"; + reg = <GPR_PRM_MODULE_IID>; + qcom,protection-domain = "avs/audio", + "msm/adsp/audio_pd"; + + q6prmcc: clock-controller { + compatible = "qcom,q6prm-lpass-clocks"; + #clock-cells = <2>; + }; + }; + }; + + fastrpc { + compatible = "qcom,fastrpc"; + qcom,glink-channels = "fastrpcglink-apps-dsp"; + label = "adsp"; + qcom,non-secure-domain; + #address-cells = <1>; + #size-cells = <0>; + + compute-cb@3 { + compatible = "qcom,fastrpc-compute-cb"; + reg = <3>; + iommus = <&apps_smmu 0x1803 0x0>; + }; + + compute-cb@4 { + compatible = "qcom,fastrpc-compute-cb"; + reg = <4>; + iommus = <&apps_smmu 0x1804 0x0>; + }; + + compute-cb@5 { + compatible = "qcom,fastrpc-compute-cb"; + reg = <5>; + iommus = <&apps_smmu 0x1805 0x0>; + }; + }; + }; + }; + wsa2macro: codec@31e0000 { compatible = "qcom,sm8450-lpass-wsa-macro"; reg = <0 0x031e0000 0 0x1000>; @@ -2692,112 +2798,6 @@ vamacro: codec@33f0000 { status = "disabled"; }; - remoteproc_adsp: remoteproc@30000000 { - compatible = "qcom,sm8450-adsp-pas"; - reg = <0 0x30000000 0 0x100>; - - interrupts-extended = <&pdc 6 IRQ_TYPE_EDGE_RISING>, - <&smp2p_adsp_in 0 IRQ_TYPE_EDGE_RISING>, - <&smp2p_adsp_in 1 IRQ_TYPE_EDGE_RISING>, - <&smp2p_adsp_in 2 IRQ_TYPE_EDGE_RISING>, - <&smp2p_adsp_in 3 IRQ_TYPE_EDGE_RISING>; - interrupt-names = "wdog", "fatal", "ready", - "handover", "stop-ack"; - - clocks = <&rpmhcc RPMH_CXO_CLK>; - clock-names = "xo"; - - power-domains = <&rpmhpd RPMHPD_LCX>, - <&rpmhpd RPMHPD_LMX>; - power-domain-names = "lcx", "lmx"; - - memory-region = <&adsp_mem>; - - qcom,qmp = <&aoss_qmp>; - - qcom,smem-states = <&smp2p_adsp_out 0>; - qcom,smem-state-names = "stop"; - - status = "disabled"; - - remoteproc_adsp_glink: glink-edge { - interrupts-extended = <&ipcc IPCC_CLIENT_LPASS - IPCC_MPROC_SIGNAL_GLINK_QMP - IRQ_TYPE_EDGE_RISING>; - mboxes = <&ipcc IPCC_CLIENT_LPASS - IPCC_MPROC_SIGNAL_GLINK_QMP>; - - label = "lpass"; - qcom,remote-pid = <2>; - - gpr { - compatible = "qcom,gpr"; - qcom,glink-channels = "adsp_apps"; - qcom,domain = <GPR_DOMAIN_ID_ADSP>; - qcom,intents = <512 20>; - #address-cells = <1>; - #size-cells = <0>; - - q6apm: service@1 { - compatible = "qcom,q6apm"; - reg = <GPR_APM_MODULE_IID>; - #sound-dai-cells = <0>; - qcom,protection-domain = "avs/audio", - "msm/adsp/audio_pd"; - - q6apmdai: dais { - compatible = "qcom,q6apm-dais"; - iommus = <&apps_smmu 0x1801 0x0>; - }; - - q6apmbedai: bedais { - compatible = "qcom,q6apm-lpass-dais"; - #sound-dai-cells = <1>; - }; - }; - - q6prm: service@2 { - compatible = "qcom,q6prm"; - reg = <GPR_PRM_MODULE_IID>; - qcom,protection-domain = "avs/audio", - "msm/adsp/audio_pd"; - - q6prmcc: clock-controller { - compatible = "qcom,q6prm-lpass-clocks"; - #clock-cells = <2>; - }; - }; - }; - - fastrpc { - compatible = "qcom,fastrpc"; - qcom,glink-channels = "fastrpcglink-apps-dsp"; - label = "adsp"; - qcom,non-secure-domain; - #address-cells = <1>; - #size-cells = <0>; - - compute-cb@3 { - compatible = "qcom,fastrpc-compute-cb"; - reg = <3>; - iommus = <&apps_smmu 0x1803 0x0>; - }; - - compute-cb@4 { - compatible = "qcom,fastrpc-compute-cb"; - reg = <4>; - iommus = <&apps_smmu 0x1804 0x0>; - }; - - compute-cb@5 { - compatible = "qcom,fastrpc-compute-cb"; - reg = <5>; - iommus = <&apps_smmu 0x1805 0x0>; - }; - }; - }; - }; - remoteproc_cdsp: remoteproc@32300000 { compatible = "qcom,sm8450-cdsp-pas"; reg = <0 0x32300000 0 0x1400000>;

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] arm64: dts: qcom: sm8350: Fix CDSP memory base and length" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x f4afd8ba453b6e82245b9068868c72c831aec84e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021022-bullfrog-reversal-4d80@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f4afd8ba453b6e82245b9068868c72c831aec84e Mon Sep 17 00:00:00 2001 From: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Date: Fri, 13 Dec 2024 15:53:51 +0100 Subject: [PATCH] arm64: dts: qcom: sm8350: Fix CDSP memory base and length The address space in CDSP PAS (Peripheral Authentication Service) remoteproc node should point to the QDSP PUB address space (QDSP6...SS_PUB): 0x0a30_0000 with length of 0x10000. 0x9890_0000, value used so far, was copied from downstream DTS, is in the middle of RAM/DDR space and downstream DTS describes the PIL loader, which is a bit different interface. Datasheet says that one of the main CDSP address spaces is 0x0980_0000, which is oddly similar to 0x9890_0000, but quite different. Assume existing value (thus downstream DTS) is not really describing the intended CDSP PAS region. Correct the base address and length, which also moves the node to different place to keep things sorted by unit address. The diff looks big, but only the unit address and "reg" property were changed. This should have no functional impact on Linux users, because PAS loader does not use this address space at all. Fixes: 177fcf0aeda2 ("arm64: dts: qcom: sm8350: Add remoteprocs") Cc: stable(a)vger.kernel.org Reviewed-by: Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com> Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Link: https://lore.kernel.org/r/20241213-dts-qcom-cdsp-mpss-base-address-v3-2-2e0… Signed-off-by: Bjorn Andersson <andersson(a)kernel.org> diff --git a/arch/arm64/boot/dts/qcom/sm8350.dtsi b/arch/arm64/boot/dts/qcom/sm8350.dtsi index f6cedfef7ebd..aabf5ea1c0f1 100644 --- a/arch/arm64/boot/dts/qcom/sm8350.dtsi +++ b/arch/arm64/boot/dts/qcom/sm8350.dtsi @@ -2496,6 +2496,115 @@ compute_noc: interconnect@a0c0000 { qcom,bcm-voters = <&apps_bcm_voter>; }; + cdsp: remoteproc@a300000 { + compatible = "qcom,sm8350-cdsp-pas"; + reg = <0x0 0x0a300000 0x0 0x10000>; + + interrupts-extended = <&intc GIC_SPI 578 IRQ_TYPE_EDGE_RISING>, + <&smp2p_cdsp_in 0 IRQ_TYPE_EDGE_RISING>, + <&smp2p_cdsp_in 1 IRQ_TYPE_EDGE_RISING>, + <&smp2p_cdsp_in 2 IRQ_TYPE_EDGE_RISING>, + <&smp2p_cdsp_in 3 IRQ_TYPE_EDGE_RISING>; + interrupt-names = "wdog", "fatal", "ready", + "handover", "stop-ack"; + + clocks = <&rpmhcc RPMH_CXO_CLK>; + clock-names = "xo"; + + power-domains = <&rpmhpd RPMHPD_CX>, + <&rpmhpd RPMHPD_MXC>; + power-domain-names = "cx", "mxc"; + + interconnects = <&compute_noc MASTER_CDSP_PROC 0 &mc_virt SLAVE_EBI1 0>; + + memory-region = <&pil_cdsp_mem>; + + qcom,qmp = <&aoss_qmp>; + + qcom,smem-states = <&smp2p_cdsp_out 0>; + qcom,smem-state-names = "stop"; + + status = "disabled"; + + glink-edge { + interrupts-extended = <&ipcc IPCC_CLIENT_CDSP + IPCC_MPROC_SIGNAL_GLINK_QMP + IRQ_TYPE_EDGE_RISING>; + mboxes = <&ipcc IPCC_CLIENT_CDSP + IPCC_MPROC_SIGNAL_GLINK_QMP>; + + label = "cdsp"; + qcom,remote-pid = <5>; + + fastrpc { + compatible = "qcom,fastrpc"; + qcom,glink-channels = "fastrpcglink-apps-dsp"; + label = "cdsp"; + qcom,non-secure-domain; + #address-cells = <1>; + #size-cells = <0>; + + compute-cb@1 { + compatible = "qcom,fastrpc-compute-cb"; + reg = <1>; + iommus = <&apps_smmu 0x2161 0x0400>, + <&apps_smmu 0x1181 0x0420>; + }; + + compute-cb@2 { + compatible = "qcom,fastrpc-compute-cb"; + reg = <2>; + iommus = <&apps_smmu 0x2162 0x0400>, + <&apps_smmu 0x1182 0x0420>; + }; + + compute-cb@3 { + compatible = "qcom,fastrpc-compute-cb"; + reg = <3>; + iommus = <&apps_smmu 0x2163 0x0400>, + <&apps_smmu 0x1183 0x0420>; + }; + + compute-cb@4 { + compatible = "qcom,fastrpc-compute-cb"; + reg = <4>; + iommus = <&apps_smmu 0x2164 0x0400>, + <&apps_smmu 0x1184 0x0420>; + }; + + compute-cb@5 { + compatible = "qcom,fastrpc-compute-cb"; + reg = <5>; + iommus = <&apps_smmu 0x2165 0x0400>, + <&apps_smmu 0x1185 0x0420>; + }; + + compute-cb@6 { + compatible = "qcom,fastrpc-compute-cb"; + reg = <6>; + iommus = <&apps_smmu 0x2166 0x0400>, + <&apps_smmu 0x1186 0x0420>; + }; + + compute-cb@7 { + compatible = "qcom,fastrpc-compute-cb"; + reg = <7>; + iommus = <&apps_smmu 0x2167 0x0400>, + <&apps_smmu 0x1187 0x0420>; + }; + + compute-cb@8 { + compatible = "qcom,fastrpc-compute-cb"; + reg = <8>; + iommus = <&apps_smmu 0x2168 0x0400>, + <&apps_smmu 0x1188 0x0420>; + }; + + /* note: secure cb9 in downstream */ + }; + }; + }; + usb_1: usb@a6f8800 { compatible = "qcom,sm8350-dwc3", "qcom,dwc3"; reg = <0 0x0a6f8800 0 0x400>; @@ -3593,115 +3702,6 @@ cpufreq_hw: cpufreq@18591000 { #freq-domain-cells = <1>; #clock-cells = <1>; }; - - cdsp: remoteproc@98900000 { - compatible = "qcom,sm8350-cdsp-pas"; - reg = <0 0x98900000 0 0x1400000>; - - interrupts-extended = <&intc GIC_SPI 578 IRQ_TYPE_EDGE_RISING>, - <&smp2p_cdsp_in 0 IRQ_TYPE_EDGE_RISING>, - <&smp2p_cdsp_in 1 IRQ_TYPE_EDGE_RISING>, - <&smp2p_cdsp_in 2 IRQ_TYPE_EDGE_RISING>, - <&smp2p_cdsp_in 3 IRQ_TYPE_EDGE_RISING>; - interrupt-names = "wdog", "fatal", "ready", - "handover", "stop-ack"; - - clocks = <&rpmhcc RPMH_CXO_CLK>; - clock-names = "xo"; - - power-domains = <&rpmhpd RPMHPD_CX>, - <&rpmhpd RPMHPD_MXC>; - power-domain-names = "cx", "mxc"; - - interconnects = <&compute_noc MASTER_CDSP_PROC 0 &mc_virt SLAVE_EBI1 0>; - - memory-region = <&pil_cdsp_mem>; - - qcom,qmp = <&aoss_qmp>; - - qcom,smem-states = <&smp2p_cdsp_out 0>; - qcom,smem-state-names = "stop"; - - status = "disabled"; - - glink-edge { - interrupts-extended = <&ipcc IPCC_CLIENT_CDSP - IPCC_MPROC_SIGNAL_GLINK_QMP - IRQ_TYPE_EDGE_RISING>; - mboxes = <&ipcc IPCC_CLIENT_CDSP - IPCC_MPROC_SIGNAL_GLINK_QMP>; - - label = "cdsp"; - qcom,remote-pid = <5>; - - fastrpc { - compatible = "qcom,fastrpc"; - qcom,glink-channels = "fastrpcglink-apps-dsp"; - label = "cdsp"; - qcom,non-secure-domain; - #address-cells = <1>; - #size-cells = <0>; - - compute-cb@1 { - compatible = "qcom,fastrpc-compute-cb"; - reg = <1>; - iommus = <&apps_smmu 0x2161 0x0400>, - <&apps_smmu 0x1181 0x0420>; - }; - - compute-cb@2 { - compatible = "qcom,fastrpc-compute-cb"; - reg = <2>; - iommus = <&apps_smmu 0x2162 0x0400>, - <&apps_smmu 0x1182 0x0420>; - }; - - compute-cb@3 { - compatible = "qcom,fastrpc-compute-cb"; - reg = <3>; - iommus = <&apps_smmu 0x2163 0x0400>, - <&apps_smmu 0x1183 0x0420>; - }; - - compute-cb@4 { - compatible = "qcom,fastrpc-compute-cb"; - reg = <4>; - iommus = <&apps_smmu 0x2164 0x0400>, - <&apps_smmu 0x1184 0x0420>; - }; - - compute-cb@5 { - compatible = "qcom,fastrpc-compute-cb"; - reg = <5>; - iommus = <&apps_smmu 0x2165 0x0400>, - <&apps_smmu 0x1185 0x0420>; - }; - - compute-cb@6 { - compatible = "qcom,fastrpc-compute-cb"; - reg = <6>; - iommus = <&apps_smmu 0x2166 0x0400>, - <&apps_smmu 0x1186 0x0420>; - }; - - compute-cb@7 { - compatible = "qcom,fastrpc-compute-cb"; - reg = <7>; - iommus = <&apps_smmu 0x2167 0x0400>, - <&apps_smmu 0x1187 0x0420>; - }; - - compute-cb@8 { - compatible = "qcom,fastrpc-compute-cb"; - reg = <8>; - iommus = <&apps_smmu 0x2168 0x0400>, - <&apps_smmu 0x1188 0x0420>; - }; - - /* note: secure cb9 in downstream */ - }; - }; - }; }; thermal_zones: thermal-zones {

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] arm64: dts: qcom: sm8350: Fix CDSP memory base and length" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x f4afd8ba453b6e82245b9068868c72c831aec84e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021021-uninsured-ivy-aa7e@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f4afd8ba453b6e82245b9068868c72c831aec84e Mon Sep 17 00:00:00 2001 From: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Date: Fri, 13 Dec 2024 15:53:51 +0100 Subject: [PATCH] arm64: dts: qcom: sm8350: Fix CDSP memory base and length The address space in CDSP PAS (Peripheral Authentication Service) remoteproc node should point to the QDSP PUB address space (QDSP6...SS_PUB): 0x0a30_0000 with length of 0x10000. 0x9890_0000, value used so far, was copied from downstream DTS, is in the middle of RAM/DDR space and downstream DTS describes the PIL loader, which is a bit different interface. Datasheet says that one of the main CDSP address spaces is 0x0980_0000, which is oddly similar to 0x9890_0000, but quite different. Assume existing value (thus downstream DTS) is not really describing the intended CDSP PAS region. Correct the base address and length, which also moves the node to different place to keep things sorted by unit address. The diff looks big, but only the unit address and "reg" property were changed. This should have no functional impact on Linux users, because PAS loader does not use this address space at all. Fixes: 177fcf0aeda2 ("arm64: dts: qcom: sm8350: Add remoteprocs") Cc: stable(a)vger.kernel.org Reviewed-by: Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com> Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Link: https://lore.kernel.org/r/20241213-dts-qcom-cdsp-mpss-base-address-v3-2-2e0… Signed-off-by: Bjorn Andersson <andersson(a)kernel.org> diff --git a/arch/arm64/boot/dts/qcom/sm8350.dtsi b/arch/arm64/boot/dts/qcom/sm8350.dtsi index f6cedfef7ebd..aabf5ea1c0f1 100644 --- a/arch/arm64/boot/dts/qcom/sm8350.dtsi +++ b/arch/arm64/boot/dts/qcom/sm8350.dtsi @@ -2496,6 +2496,115 @@ compute_noc: interconnect@a0c0000 { qcom,bcm-voters = <&apps_bcm_voter>; }; + cdsp: remoteproc@a300000 { + compatible = "qcom,sm8350-cdsp-pas"; + reg = <0x0 0x0a300000 0x0 0x10000>; + + interrupts-extended = <&intc GIC_SPI 578 IRQ_TYPE_EDGE_RISING>, + <&smp2p_cdsp_in 0 IRQ_TYPE_EDGE_RISING>, + <&smp2p_cdsp_in 1 IRQ_TYPE_EDGE_RISING>, + <&smp2p_cdsp_in 2 IRQ_TYPE_EDGE_RISING>, + <&smp2p_cdsp_in 3 IRQ_TYPE_EDGE_RISING>; + interrupt-names = "wdog", "fatal", "ready", + "handover", "stop-ack"; + + clocks = <&rpmhcc RPMH_CXO_CLK>; + clock-names = "xo"; + + power-domains = <&rpmhpd RPMHPD_CX>, + <&rpmhpd RPMHPD_MXC>; + power-domain-names = "cx", "mxc"; + + interconnects = <&compute_noc MASTER_CDSP_PROC 0 &mc_virt SLAVE_EBI1 0>; + + memory-region = <&pil_cdsp_mem>; + + qcom,qmp = <&aoss_qmp>; + + qcom,smem-states = <&smp2p_cdsp_out 0>; + qcom,smem-state-names = "stop"; + + status = "disabled"; + + glink-edge { + interrupts-extended = <&ipcc IPCC_CLIENT_CDSP + IPCC_MPROC_SIGNAL_GLINK_QMP + IRQ_TYPE_EDGE_RISING>; + mboxes = <&ipcc IPCC_CLIENT_CDSP + IPCC_MPROC_SIGNAL_GLINK_QMP>; + + label = "cdsp"; + qcom,remote-pid = <5>; + + fastrpc { + compatible = "qcom,fastrpc"; + qcom,glink-channels = "fastrpcglink-apps-dsp"; + label = "cdsp"; + qcom,non-secure-domain; + #address-cells = <1>; + #size-cells = <0>; + + compute-cb@1 { + compatible = "qcom,fastrpc-compute-cb"; + reg = <1>; + iommus = <&apps_smmu 0x2161 0x0400>, + <&apps_smmu 0x1181 0x0420>; + }; + + compute-cb@2 { + compatible = "qcom,fastrpc-compute-cb"; + reg = <2>; + iommus = <&apps_smmu 0x2162 0x0400>, + <&apps_smmu 0x1182 0x0420>; + }; + + compute-cb@3 { + compatible = "qcom,fastrpc-compute-cb"; + reg = <3>; + iommus = <&apps_smmu 0x2163 0x0400>, + <&apps_smmu 0x1183 0x0420>; + }; + + compute-cb@4 { + compatible = "qcom,fastrpc-compute-cb"; + reg = <4>; + iommus = <&apps_smmu 0x2164 0x0400>, + <&apps_smmu 0x1184 0x0420>; + }; + + compute-cb@5 { + compatible = "qcom,fastrpc-compute-cb"; + reg = <5>; + iommus = <&apps_smmu 0x2165 0x0400>, + <&apps_smmu 0x1185 0x0420>; + }; + + compute-cb@6 { + compatible = "qcom,fastrpc-compute-cb"; + reg = <6>; + iommus = <&apps_smmu 0x2166 0x0400>, + <&apps_smmu 0x1186 0x0420>; + }; + + compute-cb@7 { + compatible = "qcom,fastrpc-compute-cb"; + reg = <7>; + iommus = <&apps_smmu 0x2167 0x0400>, + <&apps_smmu 0x1187 0x0420>; + }; + + compute-cb@8 { + compatible = "qcom,fastrpc-compute-cb"; + reg = <8>; + iommus = <&apps_smmu 0x2168 0x0400>, + <&apps_smmu 0x1188 0x0420>; + }; + + /* note: secure cb9 in downstream */ + }; + }; + }; + usb_1: usb@a6f8800 { compatible = "qcom,sm8350-dwc3", "qcom,dwc3"; reg = <0 0x0a6f8800 0 0x400>; @@ -3593,115 +3702,6 @@ cpufreq_hw: cpufreq@18591000 { #freq-domain-cells = <1>; #clock-cells = <1>; }; - - cdsp: remoteproc@98900000 { - compatible = "qcom,sm8350-cdsp-pas"; - reg = <0 0x98900000 0 0x1400000>; - - interrupts-extended = <&intc GIC_SPI 578 IRQ_TYPE_EDGE_RISING>, - <&smp2p_cdsp_in 0 IRQ_TYPE_EDGE_RISING>, - <&smp2p_cdsp_in 1 IRQ_TYPE_EDGE_RISING>, - <&smp2p_cdsp_in 2 IRQ_TYPE_EDGE_RISING>, - <&smp2p_cdsp_in 3 IRQ_TYPE_EDGE_RISING>; - interrupt-names = "wdog", "fatal", "ready", - "handover", "stop-ack"; - - clocks = <&rpmhcc RPMH_CXO_CLK>; - clock-names = "xo"; - - power-domains = <&rpmhpd RPMHPD_CX>, - <&rpmhpd RPMHPD_MXC>; - power-domain-names = "cx", "mxc"; - - interconnects = <&compute_noc MASTER_CDSP_PROC 0 &mc_virt SLAVE_EBI1 0>; - - memory-region = <&pil_cdsp_mem>; - - qcom,qmp = <&aoss_qmp>; - - qcom,smem-states = <&smp2p_cdsp_out 0>; - qcom,smem-state-names = "stop"; - - status = "disabled"; - - glink-edge { - interrupts-extended = <&ipcc IPCC_CLIENT_CDSP - IPCC_MPROC_SIGNAL_GLINK_QMP - IRQ_TYPE_EDGE_RISING>; - mboxes = <&ipcc IPCC_CLIENT_CDSP - IPCC_MPROC_SIGNAL_GLINK_QMP>; - - label = "cdsp"; - qcom,remote-pid = <5>; - - fastrpc { - compatible = "qcom,fastrpc"; - qcom,glink-channels = "fastrpcglink-apps-dsp"; - label = "cdsp"; - qcom,non-secure-domain; - #address-cells = <1>; - #size-cells = <0>; - - compute-cb@1 { - compatible = "qcom,fastrpc-compute-cb"; - reg = <1>; - iommus = <&apps_smmu 0x2161 0x0400>, - <&apps_smmu 0x1181 0x0420>; - }; - - compute-cb@2 { - compatible = "qcom,fastrpc-compute-cb"; - reg = <2>; - iommus = <&apps_smmu 0x2162 0x0400>, - <&apps_smmu 0x1182 0x0420>; - }; - - compute-cb@3 { - compatible = "qcom,fastrpc-compute-cb"; - reg = <3>; - iommus = <&apps_smmu 0x2163 0x0400>, - <&apps_smmu 0x1183 0x0420>; - }; - - compute-cb@4 { - compatible = "qcom,fastrpc-compute-cb"; - reg = <4>; - iommus = <&apps_smmu 0x2164 0x0400>, - <&apps_smmu 0x1184 0x0420>; - }; - - compute-cb@5 { - compatible = "qcom,fastrpc-compute-cb"; - reg = <5>; - iommus = <&apps_smmu 0x2165 0x0400>, - <&apps_smmu 0x1185 0x0420>; - }; - - compute-cb@6 { - compatible = "qcom,fastrpc-compute-cb"; - reg = <6>; - iommus = <&apps_smmu 0x2166 0x0400>, - <&apps_smmu 0x1186 0x0420>; - }; - - compute-cb@7 { - compatible = "qcom,fastrpc-compute-cb"; - reg = <7>; - iommus = <&apps_smmu 0x2167 0x0400>, - <&apps_smmu 0x1187 0x0420>; - }; - - compute-cb@8 { - compatible = "qcom,fastrpc-compute-cb"; - reg = <8>; - iommus = <&apps_smmu 0x2168 0x0400>, - <&apps_smmu 0x1188 0x0420>; - }; - - /* note: secure cb9 in downstream */ - }; - }; - }; }; thermal_zones: thermal-zones {

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] arm64: dts: qcom: sm8350: Fix ADSP memory base and length" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x f9ba85566ddd5a3db8fa291aaecd70c4e55a3732 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021009-talon-rounding-d974@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f9ba85566ddd5a3db8fa291aaecd70c4e55a3732 Mon Sep 17 00:00:00 2001 From: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Date: Fri, 13 Dec 2024 15:53:50 +0100 Subject: [PATCH] arm64: dts: qcom: sm8350: Fix ADSP memory base and length The address space in ADSP PAS (Peripheral Authentication Service) remoteproc node should point to the QDSP PUB address space (QDSP6...SS_PUB): 0x0300_0000 with length of 0x10000. 0x1730_0000, value used so far, was copied from downstream DTS, is in the middle of unused space and downstream DTS describes the PIL loader, which is a bit different interface. Assume existing value (thus downstream DTS) is not really describing the intended ADSP PAS region. Correct the base address and length, which also moves the node to different place to keep things sorted by unit address. The diff looks big, but only the unit address and "reg" property were changed. This should have no functional impact on Linux users, because PAS loader does not use this address space at all. Fixes: 177fcf0aeda2 ("arm64: dts: qcom: sm8350: Add remoteprocs") Cc: stable(a)vger.kernel.org Reviewed-by: Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com> Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Link: https://lore.kernel.org/r/20241213-dts-qcom-cdsp-mpss-base-address-v3-1-2e0… Signed-off-by: Bjorn Andersson <andersson(a)kernel.org> diff --git a/arch/arm64/boot/dts/qcom/sm8350.dtsi b/arch/arm64/boot/dts/qcom/sm8350.dtsi index 1be259605cae..f6cedfef7ebd 100644 --- a/arch/arm64/boot/dts/qcom/sm8350.dtsi +++ b/arch/arm64/boot/dts/qcom/sm8350.dtsi @@ -1876,6 +1876,142 @@ tcsr: syscon@1fc0000 { reg = <0x0 0x1fc0000 0x0 0x30000>; }; + adsp: remoteproc@3000000 { + compatible = "qcom,sm8350-adsp-pas"; + reg = <0x0 0x03000000 0x0 0x10000>; + + interrupts-extended = <&pdc 6 IRQ_TYPE_EDGE_RISING>, + <&smp2p_adsp_in 0 IRQ_TYPE_EDGE_RISING>, + <&smp2p_adsp_in 1 IRQ_TYPE_EDGE_RISING>, + <&smp2p_adsp_in 2 IRQ_TYPE_EDGE_RISING>, + <&smp2p_adsp_in 3 IRQ_TYPE_EDGE_RISING>; + interrupt-names = "wdog", "fatal", "ready", + "handover", "stop-ack"; + + clocks = <&rpmhcc RPMH_CXO_CLK>; + clock-names = "xo"; + + power-domains = <&rpmhpd RPMHPD_LCX>, + <&rpmhpd RPMHPD_LMX>; + power-domain-names = "lcx", "lmx"; + + memory-region = <&pil_adsp_mem>; + + qcom,qmp = <&aoss_qmp>; + + qcom,smem-states = <&smp2p_adsp_out 0>; + qcom,smem-state-names = "stop"; + + status = "disabled"; + + glink-edge { + interrupts-extended = <&ipcc IPCC_CLIENT_LPASS + IPCC_MPROC_SIGNAL_GLINK_QMP + IRQ_TYPE_EDGE_RISING>; + mboxes = <&ipcc IPCC_CLIENT_LPASS + IPCC_MPROC_SIGNAL_GLINK_QMP>; + + label = "lpass"; + qcom,remote-pid = <2>; + + apr { + compatible = "qcom,apr-v2"; + qcom,glink-channels = "apr_audio_svc"; + qcom,domain = <APR_DOMAIN_ADSP>; + #address-cells = <1>; + #size-cells = <0>; + + service@3 { + reg = <APR_SVC_ADSP_CORE>; + compatible = "qcom,q6core"; + qcom,protection-domain = "avs/audio", "msm/adsp/audio_pd"; + }; + + q6afe: service@4 { + compatible = "qcom,q6afe"; + reg = <APR_SVC_AFE>; + qcom,protection-domain = "avs/audio", "msm/adsp/audio_pd"; + + q6afedai: dais { + compatible = "qcom,q6afe-dais"; + #address-cells = <1>; + #size-cells = <0>; + #sound-dai-cells = <1>; + }; + + q6afecc: clock-controller { + compatible = "qcom,q6afe-clocks"; + #clock-cells = <2>; + }; + }; + + q6asm: service@7 { + compatible = "qcom,q6asm"; + reg = <APR_SVC_ASM>; + qcom,protection-domain = "avs/audio", "msm/adsp/audio_pd"; + + q6asmdai: dais { + compatible = "qcom,q6asm-dais"; + #address-cells = <1>; + #size-cells = <0>; + #sound-dai-cells = <1>; + iommus = <&apps_smmu 0x1801 0x0>; + + dai@0 { + reg = <0>; + }; + + dai@1 { + reg = <1>; + }; + + dai@2 { + reg = <2>; + }; + }; + }; + + q6adm: service@8 { + compatible = "qcom,q6adm"; + reg = <APR_SVC_ADM>; + qcom,protection-domain = "avs/audio", "msm/adsp/audio_pd"; + + q6routing: routing { + compatible = "qcom,q6adm-routing"; + #sound-dai-cells = <0>; + }; + }; + }; + + fastrpc { + compatible = "qcom,fastrpc"; + qcom,glink-channels = "fastrpcglink-apps-dsp"; + label = "adsp"; + qcom,non-secure-domain; + #address-cells = <1>; + #size-cells = <0>; + + compute-cb@3 { + compatible = "qcom,fastrpc-compute-cb"; + reg = <3>; + iommus = <&apps_smmu 0x1803 0x0>; + }; + + compute-cb@4 { + compatible = "qcom,fastrpc-compute-cb"; + reg = <4>; + iommus = <&apps_smmu 0x1804 0x0>; + }; + + compute-cb@5 { + compatible = "qcom,fastrpc-compute-cb"; + reg = <5>; + iommus = <&apps_smmu 0x1805 0x0>; + }; + }; + }; + }; + lpass_tlmm: pinctrl@33c0000 { compatible = "qcom,sm8350-lpass-lpi-pinctrl"; reg = <0 0x033c0000 0 0x20000>, @@ -3289,142 +3425,6 @@ apps_smmu: iommu@15000000 { dma-coherent; }; - adsp: remoteproc@17300000 { - compatible = "qcom,sm8350-adsp-pas"; - reg = <0 0x17300000 0 0x100>; - - interrupts-extended = <&pdc 6 IRQ_TYPE_EDGE_RISING>, - <&smp2p_adsp_in 0 IRQ_TYPE_EDGE_RISING>, - <&smp2p_adsp_in 1 IRQ_TYPE_EDGE_RISING>, - <&smp2p_adsp_in 2 IRQ_TYPE_EDGE_RISING>, - <&smp2p_adsp_in 3 IRQ_TYPE_EDGE_RISING>; - interrupt-names = "wdog", "fatal", "ready", - "handover", "stop-ack"; - - clocks = <&rpmhcc RPMH_CXO_CLK>; - clock-names = "xo"; - - power-domains = <&rpmhpd RPMHPD_LCX>, - <&rpmhpd RPMHPD_LMX>; - power-domain-names = "lcx", "lmx"; - - memory-region = <&pil_adsp_mem>; - - qcom,qmp = <&aoss_qmp>; - - qcom,smem-states = <&smp2p_adsp_out 0>; - qcom,smem-state-names = "stop"; - - status = "disabled"; - - glink-edge { - interrupts-extended = <&ipcc IPCC_CLIENT_LPASS - IPCC_MPROC_SIGNAL_GLINK_QMP - IRQ_TYPE_EDGE_RISING>; - mboxes = <&ipcc IPCC_CLIENT_LPASS - IPCC_MPROC_SIGNAL_GLINK_QMP>; - - label = "lpass"; - qcom,remote-pid = <2>; - - apr { - compatible = "qcom,apr-v2"; - qcom,glink-channels = "apr_audio_svc"; - qcom,domain = <APR_DOMAIN_ADSP>; - #address-cells = <1>; - #size-cells = <0>; - - service@3 { - reg = <APR_SVC_ADSP_CORE>; - compatible = "qcom,q6core"; - qcom,protection-domain = "avs/audio", "msm/adsp/audio_pd"; - }; - - q6afe: service@4 { - compatible = "qcom,q6afe"; - reg = <APR_SVC_AFE>; - qcom,protection-domain = "avs/audio", "msm/adsp/audio_pd"; - - q6afedai: dais { - compatible = "qcom,q6afe-dais"; - #address-cells = <1>; - #size-cells = <0>; - #sound-dai-cells = <1>; - }; - - q6afecc: clock-controller { - compatible = "qcom,q6afe-clocks"; - #clock-cells = <2>; - }; - }; - - q6asm: service@7 { - compatible = "qcom,q6asm"; - reg = <APR_SVC_ASM>; - qcom,protection-domain = "avs/audio", "msm/adsp/audio_pd"; - - q6asmdai: dais { - compatible = "qcom,q6asm-dais"; - #address-cells = <1>; - #size-cells = <0>; - #sound-dai-cells = <1>; - iommus = <&apps_smmu 0x1801 0x0>; - - dai@0 { - reg = <0>; - }; - - dai@1 { - reg = <1>; - }; - - dai@2 { - reg = <2>; - }; - }; - }; - - q6adm: service@8 { - compatible = "qcom,q6adm"; - reg = <APR_SVC_ADM>; - qcom,protection-domain = "avs/audio", "msm/adsp/audio_pd"; - - q6routing: routing { - compatible = "qcom,q6adm-routing"; - #sound-dai-cells = <0>; - }; - }; - }; - - fastrpc { - compatible = "qcom,fastrpc"; - qcom,glink-channels = "fastrpcglink-apps-dsp"; - label = "adsp"; - qcom,non-secure-domain; - #address-cells = <1>; - #size-cells = <0>; - - compute-cb@3 { - compatible = "qcom,fastrpc-compute-cb"; - reg = <3>; - iommus = <&apps_smmu 0x1803 0x0>; - }; - - compute-cb@4 { - compatible = "qcom,fastrpc-compute-cb"; - reg = <4>; - iommus = <&apps_smmu 0x1804 0x0>; - }; - - compute-cb@5 { - compatible = "qcom,fastrpc-compute-cb"; - reg = <5>; - iommus = <&apps_smmu 0x1805 0x0>; - }; - }; - }; - }; - intc: interrupt-controller@17a00000 { compatible = "arm,gic-v3"; #interrupt-cells = <3>;

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] arm64: dts: qcom: sm8350: Fix ADSP memory base and length" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x f9ba85566ddd5a3db8fa291aaecd70c4e55a3732 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021008-whacky-bankroll-9014@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f9ba85566ddd5a3db8fa291aaecd70c4e55a3732 Mon Sep 17 00:00:00 2001 From: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Date: Fri, 13 Dec 2024 15:53:50 +0100 Subject: [PATCH] arm64: dts: qcom: sm8350: Fix ADSP memory base and length The address space in ADSP PAS (Peripheral Authentication Service) remoteproc node should point to the QDSP PUB address space (QDSP6...SS_PUB): 0x0300_0000 with length of 0x10000. 0x1730_0000, value used so far, was copied from downstream DTS, is in the middle of unused space and downstream DTS describes the PIL loader, which is a bit different interface. Assume existing value (thus downstream DTS) is not really describing the intended ADSP PAS region. Correct the base address and length, which also moves the node to different place to keep things sorted by unit address. The diff looks big, but only the unit address and "reg" property were changed. This should have no functional impact on Linux users, because PAS loader does not use this address space at all. Fixes: 177fcf0aeda2 ("arm64: dts: qcom: sm8350: Add remoteprocs") Cc: stable(a)vger.kernel.org Reviewed-by: Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com> Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Link: https://lore.kernel.org/r/20241213-dts-qcom-cdsp-mpss-base-address-v3-1-2e0… Signed-off-by: Bjorn Andersson <andersson(a)kernel.org> diff --git a/arch/arm64/boot/dts/qcom/sm8350.dtsi b/arch/arm64/boot/dts/qcom/sm8350.dtsi index 1be259605cae..f6cedfef7ebd 100644 --- a/arch/arm64/boot/dts/qcom/sm8350.dtsi +++ b/arch/arm64/boot/dts/qcom/sm8350.dtsi @@ -1876,6 +1876,142 @@ tcsr: syscon@1fc0000 { reg = <0x0 0x1fc0000 0x0 0x30000>; }; + adsp: remoteproc@3000000 { + compatible = "qcom,sm8350-adsp-pas"; + reg = <0x0 0x03000000 0x0 0x10000>; + + interrupts-extended = <&pdc 6 IRQ_TYPE_EDGE_RISING>, + <&smp2p_adsp_in 0 IRQ_TYPE_EDGE_RISING>, + <&smp2p_adsp_in 1 IRQ_TYPE_EDGE_RISING>, + <&smp2p_adsp_in 2 IRQ_TYPE_EDGE_RISING>, + <&smp2p_adsp_in 3 IRQ_TYPE_EDGE_RISING>; + interrupt-names = "wdog", "fatal", "ready", + "handover", "stop-ack"; + + clocks = <&rpmhcc RPMH_CXO_CLK>; + clock-names = "xo"; + + power-domains = <&rpmhpd RPMHPD_LCX>, + <&rpmhpd RPMHPD_LMX>; + power-domain-names = "lcx", "lmx"; + + memory-region = <&pil_adsp_mem>; + + qcom,qmp = <&aoss_qmp>; + + qcom,smem-states = <&smp2p_adsp_out 0>; + qcom,smem-state-names = "stop"; + + status = "disabled"; + + glink-edge { + interrupts-extended = <&ipcc IPCC_CLIENT_LPASS + IPCC_MPROC_SIGNAL_GLINK_QMP + IRQ_TYPE_EDGE_RISING>; + mboxes = <&ipcc IPCC_CLIENT_LPASS + IPCC_MPROC_SIGNAL_GLINK_QMP>; + + label = "lpass"; + qcom,remote-pid = <2>; + + apr { + compatible = "qcom,apr-v2"; + qcom,glink-channels = "apr_audio_svc"; + qcom,domain = <APR_DOMAIN_ADSP>; + #address-cells = <1>; + #size-cells = <0>; + + service@3 { + reg = <APR_SVC_ADSP_CORE>; + compatible = "qcom,q6core"; + qcom,protection-domain = "avs/audio", "msm/adsp/audio_pd"; + }; + + q6afe: service@4 { + compatible = "qcom,q6afe"; + reg = <APR_SVC_AFE>; + qcom,protection-domain = "avs/audio", "msm/adsp/audio_pd"; + + q6afedai: dais { + compatible = "qcom,q6afe-dais"; + #address-cells = <1>; + #size-cells = <0>; + #sound-dai-cells = <1>; + }; + + q6afecc: clock-controller { + compatible = "qcom,q6afe-clocks"; + #clock-cells = <2>; + }; + }; + + q6asm: service@7 { + compatible = "qcom,q6asm"; + reg = <APR_SVC_ASM>; + qcom,protection-domain = "avs/audio", "msm/adsp/audio_pd"; + + q6asmdai: dais { + compatible = "qcom,q6asm-dais"; + #address-cells = <1>; + #size-cells = <0>; + #sound-dai-cells = <1>; + iommus = <&apps_smmu 0x1801 0x0>; + + dai@0 { + reg = <0>; + }; + + dai@1 { + reg = <1>; + }; + + dai@2 { + reg = <2>; + }; + }; + }; + + q6adm: service@8 { + compatible = "qcom,q6adm"; + reg = <APR_SVC_ADM>; + qcom,protection-domain = "avs/audio", "msm/adsp/audio_pd"; + + q6routing: routing { + compatible = "qcom,q6adm-routing"; + #sound-dai-cells = <0>; + }; + }; + }; + + fastrpc { + compatible = "qcom,fastrpc"; + qcom,glink-channels = "fastrpcglink-apps-dsp"; + label = "adsp"; + qcom,non-secure-domain; + #address-cells = <1>; + #size-cells = <0>; + + compute-cb@3 { + compatible = "qcom,fastrpc-compute-cb"; + reg = <3>; + iommus = <&apps_smmu 0x1803 0x0>; + }; + + compute-cb@4 { + compatible = "qcom,fastrpc-compute-cb"; + reg = <4>; + iommus = <&apps_smmu 0x1804 0x0>; + }; + + compute-cb@5 { + compatible = "qcom,fastrpc-compute-cb"; + reg = <5>; + iommus = <&apps_smmu 0x1805 0x0>; + }; + }; + }; + }; + lpass_tlmm: pinctrl@33c0000 { compatible = "qcom,sm8350-lpass-lpi-pinctrl"; reg = <0 0x033c0000 0 0x20000>, @@ -3289,142 +3425,6 @@ apps_smmu: iommu@15000000 { dma-coherent; }; - adsp: remoteproc@17300000 { - compatible = "qcom,sm8350-adsp-pas"; - reg = <0 0x17300000 0 0x100>; - - interrupts-extended = <&pdc 6 IRQ_TYPE_EDGE_RISING>, - <&smp2p_adsp_in 0 IRQ_TYPE_EDGE_RISING>, - <&smp2p_adsp_in 1 IRQ_TYPE_EDGE_RISING>, - <&smp2p_adsp_in 2 IRQ_TYPE_EDGE_RISING>, - <&smp2p_adsp_in 3 IRQ_TYPE_EDGE_RISING>; - interrupt-names = "wdog", "fatal", "ready", - "handover", "stop-ack"; - - clocks = <&rpmhcc RPMH_CXO_CLK>; - clock-names = "xo"; - - power-domains = <&rpmhpd RPMHPD_LCX>, - <&rpmhpd RPMHPD_LMX>; - power-domain-names = "lcx", "lmx"; - - memory-region = <&pil_adsp_mem>; - - qcom,qmp = <&aoss_qmp>; - - qcom,smem-states = <&smp2p_adsp_out 0>; - qcom,smem-state-names = "stop"; - - status = "disabled"; - - glink-edge { - interrupts-extended = <&ipcc IPCC_CLIENT_LPASS - IPCC_MPROC_SIGNAL_GLINK_QMP - IRQ_TYPE_EDGE_RISING>; - mboxes = <&ipcc IPCC_CLIENT_LPASS - IPCC_MPROC_SIGNAL_GLINK_QMP>; - - label = "lpass"; - qcom,remote-pid = <2>; - - apr { - compatible = "qcom,apr-v2"; - qcom,glink-channels = "apr_audio_svc"; - qcom,domain = <APR_DOMAIN_ADSP>; - #address-cells = <1>; - #size-cells = <0>; - - service@3 { - reg = <APR_SVC_ADSP_CORE>; - compatible = "qcom,q6core"; - qcom,protection-domain = "avs/audio", "msm/adsp/audio_pd"; - }; - - q6afe: service@4 { - compatible = "qcom,q6afe"; - reg = <APR_SVC_AFE>; - qcom,protection-domain = "avs/audio", "msm/adsp/audio_pd"; - - q6afedai: dais { - compatible = "qcom,q6afe-dais"; - #address-cells = <1>; - #size-cells = <0>; - #sound-dai-cells = <1>; - }; - - q6afecc: clock-controller { - compatible = "qcom,q6afe-clocks"; - #clock-cells = <2>; - }; - }; - - q6asm: service@7 { - compatible = "qcom,q6asm"; - reg = <APR_SVC_ASM>; - qcom,protection-domain = "avs/audio", "msm/adsp/audio_pd"; - - q6asmdai: dais { - compatible = "qcom,q6asm-dais"; - #address-cells = <1>; - #size-cells = <0>; - #sound-dai-cells = <1>; - iommus = <&apps_smmu 0x1801 0x0>; - - dai@0 { - reg = <0>; - }; - - dai@1 { - reg = <1>; - }; - - dai@2 { - reg = <2>; - }; - }; - }; - - q6adm: service@8 { - compatible = "qcom,q6adm"; - reg = <APR_SVC_ADM>; - qcom,protection-domain = "avs/audio", "msm/adsp/audio_pd"; - - q6routing: routing { - compatible = "qcom,q6adm-routing"; - #sound-dai-cells = <0>; - }; - }; - }; - - fastrpc { - compatible = "qcom,fastrpc"; - qcom,glink-channels = "fastrpcglink-apps-dsp"; - label = "adsp"; - qcom,non-secure-domain; - #address-cells = <1>; - #size-cells = <0>; - - compute-cb@3 { - compatible = "qcom,fastrpc-compute-cb"; - reg = <3>; - iommus = <&apps_smmu 0x1803 0x0>; - }; - - compute-cb@4 { - compatible = "qcom,fastrpc-compute-cb"; - reg = <4>; - iommus = <&apps_smmu 0x1804 0x0>; - }; - - compute-cb@5 { - compatible = "qcom,fastrpc-compute-cb"; - reg = <5>; - iommus = <&apps_smmu 0x1805 0x0>; - }; - }; - }; - }; - intc: interrupt-controller@17a00000 { compatible = "arm,gic-v3"; #interrupt-cells = <3>;

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] arm64: dts: qcom: sa8775p: Fix the size of 'addr_space'" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x ec2f548e1a92f49f765e2bce14ceed34698514fc # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021003-kennel-gnarly-379b@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ec2f548e1a92f49f765e2bce14ceed34698514fc Mon Sep 17 00:00:00 2001 From: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> Date: Tue, 31 Dec 2024 18:32:23 +0530 Subject: [PATCH] arm64: dts: qcom: sa8775p: Fix the size of 'addr_space' regions For both the controller instances, size of the 'addr_space' region should be 0x1fe00000 as per the hardware memory layout. Otherwise, endpoint drivers cannot request even reasonable BAR size of 1MB. Cc: stable(a)vger.kernel.org # 6.11 Fixes: c5f5de8434ec ("arm64: dts: qcom: sa8775p: Add ep pcie1 controller node") Fixes: 1924f5518224 ("arm64: dts: qcom: sa8775p: Add ep pcie0 controller node") Reviewed-by: Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com> Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> Link: https://lore.kernel.org/r/20241231130224.38206-2-manivannan.sadhasivam@lina… Signed-off-by: Bjorn Andersson <andersson(a)kernel.org> diff --git a/arch/arm64/boot/dts/qcom/sa8775p.dtsi b/arch/arm64/boot/dts/qcom/sa8775p.dtsi index 2429733ee36e..406698dfaf3c 100644 --- a/arch/arm64/boot/dts/qcom/sa8775p.dtsi +++ b/arch/arm64/boot/dts/qcom/sa8775p.dtsi @@ -6478,7 +6478,7 @@ pcie0_ep: pcie-ep@1c00000 { <0x0 0x40000000 0x0 0xf20>, <0x0 0x40000f20 0x0 0xa8>, <0x0 0x40001000 0x0 0x4000>, - <0x0 0x40200000 0x0 0x100000>, + <0x0 0x40200000 0x0 0x1fe00000>, <0x0 0x01c03000 0x0 0x1000>, <0x0 0x40005000 0x0 0x2000>; reg-names = "parf", "dbi", "elbi", "atu", "addr_space", @@ -6636,7 +6636,7 @@ pcie1_ep: pcie-ep@1c10000 { <0x0 0x60000000 0x0 0xf20>, <0x0 0x60000f20 0x0 0xa8>, <0x0 0x60001000 0x0 0x4000>, - <0x0 0x60200000 0x0 0x100000>, + <0x0 0x60200000 0x0 0x1fe00000>, <0x0 0x01c13000 0x0 0x1000>, <0x0 0x60005000 0x0 0x2000>; reg-names = "parf", "dbi", "elbi", "atu", "addr_space",

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] arm64: dts: qcom: sa8775p: Fix the size of 'addr_space'" failed to apply to 6.13-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.13-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.13.y git checkout FETCH_HEAD git cherry-pick -x ec2f548e1a92f49f765e2bce14ceed34698514fc # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021002-fruit-finlike-25b0@gregkh' --subject-prefix 'PATCH 6.13.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ec2f548e1a92f49f765e2bce14ceed34698514fc Mon Sep 17 00:00:00 2001 From: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> Date: Tue, 31 Dec 2024 18:32:23 +0530 Subject: [PATCH] arm64: dts: qcom: sa8775p: Fix the size of 'addr_space' regions For both the controller instances, size of the 'addr_space' region should be 0x1fe00000 as per the hardware memory layout. Otherwise, endpoint drivers cannot request even reasonable BAR size of 1MB. Cc: stable(a)vger.kernel.org # 6.11 Fixes: c5f5de8434ec ("arm64: dts: qcom: sa8775p: Add ep pcie1 controller node") Fixes: 1924f5518224 ("arm64: dts: qcom: sa8775p: Add ep pcie0 controller node") Reviewed-by: Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com> Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> Link: https://lore.kernel.org/r/20241231130224.38206-2-manivannan.sadhasivam@lina… Signed-off-by: Bjorn Andersson <andersson(a)kernel.org> diff --git a/arch/arm64/boot/dts/qcom/sa8775p.dtsi b/arch/arm64/boot/dts/qcom/sa8775p.dtsi index 2429733ee36e..406698dfaf3c 100644 --- a/arch/arm64/boot/dts/qcom/sa8775p.dtsi +++ b/arch/arm64/boot/dts/qcom/sa8775p.dtsi @@ -6478,7 +6478,7 @@ pcie0_ep: pcie-ep@1c00000 { <0x0 0x40000000 0x0 0xf20>, <0x0 0x40000f20 0x0 0xa8>, <0x0 0x40001000 0x0 0x4000>, - <0x0 0x40200000 0x0 0x100000>, + <0x0 0x40200000 0x0 0x1fe00000>, <0x0 0x01c03000 0x0 0x1000>, <0x0 0x40005000 0x0 0x2000>; reg-names = "parf", "dbi", "elbi", "atu", "addr_space", @@ -6636,7 +6636,7 @@ pcie1_ep: pcie-ep@1c10000 { <0x0 0x60000000 0x0 0xf20>, <0x0 0x60000f20 0x0 0xa8>, <0x0 0x60001000 0x0 0x4000>, - <0x0 0x60200000 0x0 0x100000>, + <0x0 0x60200000 0x0 0x1fe00000>, <0x0 0x01c13000 0x0 0x1000>, <0x0 0x60005000 0x0 0x2000>; reg-names = "parf", "dbi", "elbi", "atu", "addr_space",

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] arm64: dts: mediatek: mt8183: Disable DSI display output by" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 26f6e91fa29a58fdc76b47f94f8f6027944a490c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021032-pregnant-oat-1b18@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 26f6e91fa29a58fdc76b47f94f8f6027944a490c Mon Sep 17 00:00:00 2001 From: Chen-Yu Tsai <wenst(a)chromium.org> Date: Fri, 25 Oct 2024 15:56:28 +0800 Subject: [PATCH] arm64: dts: mediatek: mt8183: Disable DSI display output by default Most SoC dtsi files have the display output interfaces disabled by default, and only enabled on boards that utilize them. The MT8183 has it backwards: the display outputs are left enabled by default, and only disabled at the board level. Reverse the situation for the DSI output so that it follows the normal scheme. For ease of backporting the DPI output is handled in a separate patch. Fixes: 88ec840270e6 ("arm64: dts: mt8183: Add dsi node") Fixes: 19b6403f1e2a ("arm64: dts: mt8183: add mt8183 pumpkin board") Cc: stable(a)vger.kernel.org Signed-off-by: Chen-Yu Tsai <wenst(a)chromium.org> Reviewed-by: Fei Shao <fshao(a)chromium.org> Link: https://lore.kernel.org/r/20241025075630.3917458-2-wenst@chromium.org Signed-off-by: AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> diff --git a/arch/arm64/boot/dts/mediatek/mt8183-pumpkin.dts b/arch/arm64/boot/dts/mediatek/mt8183-pumpkin.dts index 61a6f66914b8..dbdee604edab 100644 --- a/arch/arm64/boot/dts/mediatek/mt8183-pumpkin.dts +++ b/arch/arm64/boot/dts/mediatek/mt8183-pumpkin.dts @@ -522,10 +522,6 @@ &scp { status = "okay"; }; -&dsi0 { - status = "disabled"; -}; - &dpi0 { pinctrl-names = "default", "sleep"; pinctrl-0 = <&dpi_func_pins>; diff --git a/arch/arm64/boot/dts/mediatek/mt8183.dtsi b/arch/arm64/boot/dts/mediatek/mt8183.dtsi index 8f31fc9050ec..c7008bb8a81d 100644 --- a/arch/arm64/boot/dts/mediatek/mt8183.dtsi +++ b/arch/arm64/boot/dts/mediatek/mt8183.dtsi @@ -1834,6 +1834,7 @@ dsi0: dsi@14014000 { resets = <&mmsys MT8183_MMSYS_SW0_RST_B_DISP_DSI0>; phys = <&mipi_tx0>; phy-names = "dphy"; + status = "disabled"; }; dpi0: dpi@14015000 {

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] arm64: dts: mediatek: mt8183: Disable DSI display output by" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 26f6e91fa29a58fdc76b47f94f8f6027944a490c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021032-nanny-finishing-f853@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 26f6e91fa29a58fdc76b47f94f8f6027944a490c Mon Sep 17 00:00:00 2001 From: Chen-Yu Tsai <wenst(a)chromium.org> Date: Fri, 25 Oct 2024 15:56:28 +0800 Subject: [PATCH] arm64: dts: mediatek: mt8183: Disable DSI display output by default Most SoC dtsi files have the display output interfaces disabled by default, and only enabled on boards that utilize them. The MT8183 has it backwards: the display outputs are left enabled by default, and only disabled at the board level. Reverse the situation for the DSI output so that it follows the normal scheme. For ease of backporting the DPI output is handled in a separate patch. Fixes: 88ec840270e6 ("arm64: dts: mt8183: Add dsi node") Fixes: 19b6403f1e2a ("arm64: dts: mt8183: add mt8183 pumpkin board") Cc: stable(a)vger.kernel.org Signed-off-by: Chen-Yu Tsai <wenst(a)chromium.org> Reviewed-by: Fei Shao <fshao(a)chromium.org> Link: https://lore.kernel.org/r/20241025075630.3917458-2-wenst@chromium.org Signed-off-by: AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> diff --git a/arch/arm64/boot/dts/mediatek/mt8183-pumpkin.dts b/arch/arm64/boot/dts/mediatek/mt8183-pumpkin.dts index 61a6f66914b8..dbdee604edab 100644 --- a/arch/arm64/boot/dts/mediatek/mt8183-pumpkin.dts +++ b/arch/arm64/boot/dts/mediatek/mt8183-pumpkin.dts @@ -522,10 +522,6 @@ &scp { status = "okay"; }; -&dsi0 { - status = "disabled"; -}; - &dpi0 { pinctrl-names = "default", "sleep"; pinctrl-0 = <&dpi_func_pins>; diff --git a/arch/arm64/boot/dts/mediatek/mt8183.dtsi b/arch/arm64/boot/dts/mediatek/mt8183.dtsi index 8f31fc9050ec..c7008bb8a81d 100644 --- a/arch/arm64/boot/dts/mediatek/mt8183.dtsi +++ b/arch/arm64/boot/dts/mediatek/mt8183.dtsi @@ -1834,6 +1834,7 @@ dsi0: dsi@14014000 { resets = <&mmsys MT8183_MMSYS_SW0_RST_B_DISP_DSI0>; phys = <&mipi_tx0>; phy-names = "dphy"; + status = "disabled"; }; dpi0: dpi@14015000 {

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] arm64: dts: mediatek: mt8183: Disable DSI display output by" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 26f6e91fa29a58fdc76b47f94f8f6027944a490c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021031-unhappily-scribble-5cef@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 26f6e91fa29a58fdc76b47f94f8f6027944a490c Mon Sep 17 00:00:00 2001 From: Chen-Yu Tsai <wenst(a)chromium.org> Date: Fri, 25 Oct 2024 15:56:28 +0800 Subject: [PATCH] arm64: dts: mediatek: mt8183: Disable DSI display output by default Most SoC dtsi files have the display output interfaces disabled by default, and only enabled on boards that utilize them. The MT8183 has it backwards: the display outputs are left enabled by default, and only disabled at the board level. Reverse the situation for the DSI output so that it follows the normal scheme. For ease of backporting the DPI output is handled in a separate patch. Fixes: 88ec840270e6 ("arm64: dts: mt8183: Add dsi node") Fixes: 19b6403f1e2a ("arm64: dts: mt8183: add mt8183 pumpkin board") Cc: stable(a)vger.kernel.org Signed-off-by: Chen-Yu Tsai <wenst(a)chromium.org> Reviewed-by: Fei Shao <fshao(a)chromium.org> Link: https://lore.kernel.org/r/20241025075630.3917458-2-wenst@chromium.org Signed-off-by: AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> diff --git a/arch/arm64/boot/dts/mediatek/mt8183-pumpkin.dts b/arch/arm64/boot/dts/mediatek/mt8183-pumpkin.dts index 61a6f66914b8..dbdee604edab 100644 --- a/arch/arm64/boot/dts/mediatek/mt8183-pumpkin.dts +++ b/arch/arm64/boot/dts/mediatek/mt8183-pumpkin.dts @@ -522,10 +522,6 @@ &scp { status = "okay"; }; -&dsi0 { - status = "disabled"; -}; - &dpi0 { pinctrl-names = "default", "sleep"; pinctrl-0 = <&dpi_func_pins>; diff --git a/arch/arm64/boot/dts/mediatek/mt8183.dtsi b/arch/arm64/boot/dts/mediatek/mt8183.dtsi index 8f31fc9050ec..c7008bb8a81d 100644 --- a/arch/arm64/boot/dts/mediatek/mt8183.dtsi +++ b/arch/arm64/boot/dts/mediatek/mt8183.dtsi @@ -1834,6 +1834,7 @@ dsi0: dsi@14014000 { resets = <&mmsys MT8183_MMSYS_SW0_RST_B_DISP_DSI0>; phys = <&mipi_tx0>; phy-names = "dphy"; + status = "disabled"; }; dpi0: dpi@14015000 {

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] arm64: dts: mediatek: mt8183: Disable DSI display output by" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 26f6e91fa29a58fdc76b47f94f8f6027944a490c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021031-uniquely-everglade-75eb@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 26f6e91fa29a58fdc76b47f94f8f6027944a490c Mon Sep 17 00:00:00 2001 From: Chen-Yu Tsai <wenst(a)chromium.org> Date: Fri, 25 Oct 2024 15:56:28 +0800 Subject: [PATCH] arm64: dts: mediatek: mt8183: Disable DSI display output by default Most SoC dtsi files have the display output interfaces disabled by default, and only enabled on boards that utilize them. The MT8183 has it backwards: the display outputs are left enabled by default, and only disabled at the board level. Reverse the situation for the DSI output so that it follows the normal scheme. For ease of backporting the DPI output is handled in a separate patch. Fixes: 88ec840270e6 ("arm64: dts: mt8183: Add dsi node") Fixes: 19b6403f1e2a ("arm64: dts: mt8183: add mt8183 pumpkin board") Cc: stable(a)vger.kernel.org Signed-off-by: Chen-Yu Tsai <wenst(a)chromium.org> Reviewed-by: Fei Shao <fshao(a)chromium.org> Link: https://lore.kernel.org/r/20241025075630.3917458-2-wenst@chromium.org Signed-off-by: AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> diff --git a/arch/arm64/boot/dts/mediatek/mt8183-pumpkin.dts b/arch/arm64/boot/dts/mediatek/mt8183-pumpkin.dts index 61a6f66914b8..dbdee604edab 100644 --- a/arch/arm64/boot/dts/mediatek/mt8183-pumpkin.dts +++ b/arch/arm64/boot/dts/mediatek/mt8183-pumpkin.dts @@ -522,10 +522,6 @@ &scp { status = "okay"; }; -&dsi0 { - status = "disabled"; -}; - &dpi0 { pinctrl-names = "default", "sleep"; pinctrl-0 = <&dpi_func_pins>; diff --git a/arch/arm64/boot/dts/mediatek/mt8183.dtsi b/arch/arm64/boot/dts/mediatek/mt8183.dtsi index 8f31fc9050ec..c7008bb8a81d 100644 --- a/arch/arm64/boot/dts/mediatek/mt8183.dtsi +++ b/arch/arm64/boot/dts/mediatek/mt8183.dtsi @@ -1834,6 +1834,7 @@ dsi0: dsi@14014000 { resets = <&mmsys MT8183_MMSYS_SW0_RST_B_DISP_DSI0>; phys = <&mipi_tx0>; phy-names = "dphy"; + status = "disabled"; }; dpi0: dpi@14015000 {

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] ARM: dts: ti/omap: gta04: fix pm issues caused by spi module" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 0cfbd7805fe13406500e6a6f2aa08f198d5db4bd # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021051-ricotta-everybody-4e43@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0cfbd7805fe13406500e6a6f2aa08f198d5db4bd Mon Sep 17 00:00:00 2001 From: Andreas Kemnade <andreas(a)kemnade.info> Date: Wed, 4 Dec 2024 18:41:52 +0100 Subject: [PATCH] ARM: dts: ti/omap: gta04: fix pm issues caused by spi module Despite CM_IDLEST1_CORE and CM_FCLKEN1_CORE behaving normal, disabling SPI leads to messages like when suspending: Powerdomain (core_pwrdm) didn't enter target state 0 and according to /sys/kernel/debug/pm_debug/count off state is not entered. That was not connected to SPI during the discussion of disabling SPI. See: https://lore.kernel.org/linux-omap/20230122100852.32ae082c@aktux/ The reason is that SPI is per default in slave mode. Linux driver will turn it to master per default. It slave mode, the powerdomain seems to be kept active if active chip select input is sensed. Fix that by explicitly disabling the SPI3 pins which used to be muxed by the bootloader since they are available on an optionally fitted header which would require dtb overlays anyways. Fixes: a622310f7f01 ("ARM: dts: gta04: fix excess dma channel usage") CC: stable(a)vger.kernel.org Signed-off-by: Andreas Kemnade <andreas(a)kemnade.info> Reviewed-by: Roger Quadros <rogerq(a)kernel.org> Link: https://lore.kernel.org/r/20241204174152.2360431-1-andreas@kemnade.info Signed-off-by: Kevin Hilman <khilman(a)baylibre.com> diff --git a/arch/arm/boot/dts/ti/omap/omap3-gta04.dtsi b/arch/arm/boot/dts/ti/omap/omap3-gta04.dtsi index 2ee3ddd64020..536070e80b2c 100644 --- a/arch/arm/boot/dts/ti/omap/omap3-gta04.dtsi +++ b/arch/arm/boot/dts/ti/omap/omap3-gta04.dtsi @@ -446,6 +446,7 @@ &omap3_pmx_core2 { pinctrl-names = "default"; pinctrl-0 = < &hsusb2_2_pins + &mcspi3hog_pins >; hsusb2_2_pins: hsusb2-2-pins { @@ -459,6 +460,15 @@ OMAP3630_CORE2_IOPAD(0x25fa, PIN_INPUT_PULLDOWN | MUX_MODE3) /* etk_d15.hsusb2_d >; }; + mcspi3hog_pins: mcspi3hog-pins { + pinctrl-single,pins = < + OMAP3630_CORE2_IOPAD(0x25dc, PIN_OUTPUT_PULLDOWN | MUX_MODE4) /* etk_d0 */ + OMAP3630_CORE2_IOPAD(0x25de, PIN_OUTPUT_PULLDOWN | MUX_MODE4) /* etk_d1 */ + OMAP3630_CORE2_IOPAD(0x25e0, PIN_OUTPUT_PULLDOWN | MUX_MODE4) /* etk_d2 */ + OMAP3630_CORE2_IOPAD(0x25e2, PIN_OUTPUT_PULLDOWN | MUX_MODE4) /* etk_d3 */ + >; + }; + spi_gpio_pins: spi-gpio-pinmux-pins { pinctrl-single,pins = < OMAP3630_CORE2_IOPAD(0x25d8, PIN_OUTPUT | MUX_MODE4) /* clk */

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] ARM: dts: ti/omap: gta04: fix pm issues caused by spi module" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 0cfbd7805fe13406500e6a6f2aa08f198d5db4bd # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021051-patriarch-epidermis-967b@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0cfbd7805fe13406500e6a6f2aa08f198d5db4bd Mon Sep 17 00:00:00 2001 From: Andreas Kemnade <andreas(a)kemnade.info> Date: Wed, 4 Dec 2024 18:41:52 +0100 Subject: [PATCH] ARM: dts: ti/omap: gta04: fix pm issues caused by spi module Despite CM_IDLEST1_CORE and CM_FCLKEN1_CORE behaving normal, disabling SPI leads to messages like when suspending: Powerdomain (core_pwrdm) didn't enter target state 0 and according to /sys/kernel/debug/pm_debug/count off state is not entered. That was not connected to SPI during the discussion of disabling SPI. See: https://lore.kernel.org/linux-omap/20230122100852.32ae082c@aktux/ The reason is that SPI is per default in slave mode. Linux driver will turn it to master per default. It slave mode, the powerdomain seems to be kept active if active chip select input is sensed. Fix that by explicitly disabling the SPI3 pins which used to be muxed by the bootloader since they are available on an optionally fitted header which would require dtb overlays anyways. Fixes: a622310f7f01 ("ARM: dts: gta04: fix excess dma channel usage") CC: stable(a)vger.kernel.org Signed-off-by: Andreas Kemnade <andreas(a)kemnade.info> Reviewed-by: Roger Quadros <rogerq(a)kernel.org> Link: https://lore.kernel.org/r/20241204174152.2360431-1-andreas@kemnade.info Signed-off-by: Kevin Hilman <khilman(a)baylibre.com> diff --git a/arch/arm/boot/dts/ti/omap/omap3-gta04.dtsi b/arch/arm/boot/dts/ti/omap/omap3-gta04.dtsi index 2ee3ddd64020..536070e80b2c 100644 --- a/arch/arm/boot/dts/ti/omap/omap3-gta04.dtsi +++ b/arch/arm/boot/dts/ti/omap/omap3-gta04.dtsi @@ -446,6 +446,7 @@ &omap3_pmx_core2 { pinctrl-names = "default"; pinctrl-0 = < &hsusb2_2_pins + &mcspi3hog_pins >; hsusb2_2_pins: hsusb2-2-pins { @@ -459,6 +460,15 @@ OMAP3630_CORE2_IOPAD(0x25fa, PIN_INPUT_PULLDOWN | MUX_MODE3) /* etk_d15.hsusb2_d >; }; + mcspi3hog_pins: mcspi3hog-pins { + pinctrl-single,pins = < + OMAP3630_CORE2_IOPAD(0x25dc, PIN_OUTPUT_PULLDOWN | MUX_MODE4) /* etk_d0 */ + OMAP3630_CORE2_IOPAD(0x25de, PIN_OUTPUT_PULLDOWN | MUX_MODE4) /* etk_d1 */ + OMAP3630_CORE2_IOPAD(0x25e0, PIN_OUTPUT_PULLDOWN | MUX_MODE4) /* etk_d2 */ + OMAP3630_CORE2_IOPAD(0x25e2, PIN_OUTPUT_PULLDOWN | MUX_MODE4) /* etk_d3 */ + >; + }; + spi_gpio_pins: spi-gpio-pinmux-pins { pinctrl-single,pins = < OMAP3630_CORE2_IOPAD(0x25d8, PIN_OUTPUT | MUX_MODE4) /* clk */

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] ARM: dts: ti/omap: gta04: fix pm issues caused by spi module" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 0cfbd7805fe13406500e6a6f2aa08f198d5db4bd # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021050-talon-glowing-ad64@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0cfbd7805fe13406500e6a6f2aa08f198d5db4bd Mon Sep 17 00:00:00 2001 From: Andreas Kemnade <andreas(a)kemnade.info> Date: Wed, 4 Dec 2024 18:41:52 +0100 Subject: [PATCH] ARM: dts: ti/omap: gta04: fix pm issues caused by spi module Despite CM_IDLEST1_CORE and CM_FCLKEN1_CORE behaving normal, disabling SPI leads to messages like when suspending: Powerdomain (core_pwrdm) didn't enter target state 0 and according to /sys/kernel/debug/pm_debug/count off state is not entered. That was not connected to SPI during the discussion of disabling SPI. See: https://lore.kernel.org/linux-omap/20230122100852.32ae082c@aktux/ The reason is that SPI is per default in slave mode. Linux driver will turn it to master per default. It slave mode, the powerdomain seems to be kept active if active chip select input is sensed. Fix that by explicitly disabling the SPI3 pins which used to be muxed by the bootloader since they are available on an optionally fitted header which would require dtb overlays anyways. Fixes: a622310f7f01 ("ARM: dts: gta04: fix excess dma channel usage") CC: stable(a)vger.kernel.org Signed-off-by: Andreas Kemnade <andreas(a)kemnade.info> Reviewed-by: Roger Quadros <rogerq(a)kernel.org> Link: https://lore.kernel.org/r/20241204174152.2360431-1-andreas@kemnade.info Signed-off-by: Kevin Hilman <khilman(a)baylibre.com> diff --git a/arch/arm/boot/dts/ti/omap/omap3-gta04.dtsi b/arch/arm/boot/dts/ti/omap/omap3-gta04.dtsi index 2ee3ddd64020..536070e80b2c 100644 --- a/arch/arm/boot/dts/ti/omap/omap3-gta04.dtsi +++ b/arch/arm/boot/dts/ti/omap/omap3-gta04.dtsi @@ -446,6 +446,7 @@ &omap3_pmx_core2 { pinctrl-names = "default"; pinctrl-0 = < &hsusb2_2_pins + &mcspi3hog_pins >; hsusb2_2_pins: hsusb2-2-pins { @@ -459,6 +460,15 @@ OMAP3630_CORE2_IOPAD(0x25fa, PIN_INPUT_PULLDOWN | MUX_MODE3) /* etk_d15.hsusb2_d >; }; + mcspi3hog_pins: mcspi3hog-pins { + pinctrl-single,pins = < + OMAP3630_CORE2_IOPAD(0x25dc, PIN_OUTPUT_PULLDOWN | MUX_MODE4) /* etk_d0 */ + OMAP3630_CORE2_IOPAD(0x25de, PIN_OUTPUT_PULLDOWN | MUX_MODE4) /* etk_d1 */ + OMAP3630_CORE2_IOPAD(0x25e0, PIN_OUTPUT_PULLDOWN | MUX_MODE4) /* etk_d2 */ + OMAP3630_CORE2_IOPAD(0x25e2, PIN_OUTPUT_PULLDOWN | MUX_MODE4) /* etk_d3 */ + >; + }; + spi_gpio_pins: spi-gpio-pinmux-pins { pinctrl-single,pins = < OMAP3630_CORE2_IOPAD(0x25d8, PIN_OUTPUT | MUX_MODE4) /* clk */

4 months, 1 week

1
0
0 0

[PATCH v2] drm/xe: Carve out wopcm portion from the stolen memory

by Nirmoy Das

The top of stolen memory is WOPCM, which shouldn't be accessed. Remove this portion from the stolen memory region for discrete platforms. This was already done for integrated, but was missing for discrete platforms. This also moves get_wopcm_size() so detect_bar2_dgfx() and detect_bar2_integrated can use the same function. v2: Improve commit message and suitable stable version tag(Lucas) Fixes: d8b52a02cb40 ("drm/xe: Implement stolen memory.") Cc: Maarten Lankhorst <maarten.lankhorst(a)linux.intel.com> Cc: Matthew Auld <matthew.auld(a)intel.com> Cc: Lucas De Marchi <lucas.demarchi(a)intel.com> Cc: <stable(a)vger.kernel.org> # v6.11+ Reviewed-by: Lucas De Marchi <lucas.demarchi(a)intel.com> Signed-off-by: Nirmoy Das <nirmoy.das(a)intel.com> --- drivers/gpu/drm/xe/xe_ttm_stolen_mgr.c | 54 ++++++++++++++------------ 1 file changed, 30 insertions(+), 24 deletions(-) diff --git a/drivers/gpu/drm/xe/xe_ttm_stolen_mgr.c b/drivers/gpu/drm/xe/xe_ttm_stolen_mgr.c index 423856cc18d4..d414421f8c13 100644 --- a/drivers/gpu/drm/xe/xe_ttm_stolen_mgr.c +++ b/drivers/gpu/drm/xe/xe_ttm_stolen_mgr.c @@ -57,12 +57,35 @@ bool xe_ttm_stolen_cpu_access_needs_ggtt(struct xe_device *xe) return GRAPHICS_VERx100(xe) < 1270 && !IS_DGFX(xe); } +static u32 get_wopcm_size(struct xe_device *xe) +{ + u32 wopcm_size; + u64 val; + + val = xe_mmio_read64_2x32(xe_root_tile_mmio(xe), STOLEN_RESERVED); + val = REG_FIELD_GET64(WOPCM_SIZE_MASK, val); + + switch (val) { + case 0x5 ... 0x6: + val--; + fallthrough; + case 0x0 ... 0x3: + wopcm_size = (1U << val) * SZ_1M; + break; + default: + WARN(1, "Missing case wopcm_size=%llx\n", val); + wopcm_size = 0; + } + + return wopcm_size; +} + static s64 detect_bar2_dgfx(struct xe_device *xe, struct xe_ttm_stolen_mgr *mgr) { struct xe_tile *tile = xe_device_get_root_tile(xe); struct xe_mmio *mmio = xe_root_tile_mmio(xe); struct pci_dev *pdev = to_pci_dev(xe->drm.dev); - u64 stolen_size; + u64 stolen_size, wopcm_size; u64 tile_offset; u64 tile_size; @@ -74,7 +97,13 @@ static s64 detect_bar2_dgfx(struct xe_device *xe, struct xe_ttm_stolen_mgr *mgr) if (drm_WARN_ON(&xe->drm, tile_size < mgr->stolen_base)) return 0; + /* Carve out the top of DSM as it contains the reserved WOPCM region */ + wopcm_size = get_wopcm_size(xe); + if (drm_WARN_ON(&xe->drm, !wopcm_size)) + return 0; + stolen_size = tile_size - mgr->stolen_base; + stolen_size -= wopcm_size; /* Verify usage fits in the actual resource available */ if (mgr->stolen_base + stolen_size <= pci_resource_len(pdev, LMEM_BAR)) @@ -89,29 +118,6 @@ static s64 detect_bar2_dgfx(struct xe_device *xe, struct xe_ttm_stolen_mgr *mgr) return ALIGN_DOWN(stolen_size, SZ_1M); } -static u32 get_wopcm_size(struct xe_device *xe) -{ - u32 wopcm_size; - u64 val; - - val = xe_mmio_read64_2x32(xe_root_tile_mmio(xe), STOLEN_RESERVED); - val = REG_FIELD_GET64(WOPCM_SIZE_MASK, val); - - switch (val) { - case 0x5 ... 0x6: - val--; - fallthrough; - case 0x0 ... 0x3: - wopcm_size = (1U << val) * SZ_1M; - break; - default: - WARN(1, "Missing case wopcm_size=%llx\n", val); - wopcm_size = 0; - } - - return wopcm_size; -} - static u32 detect_bar2_integrated(struct xe_device *xe, struct xe_ttm_stolen_mgr *mgr) { struct pci_dev *pdev = to_pci_dev(xe->drm.dev); -- 2.46.0

4 months, 1 week

1
0
0 0

[PATCH v5 0/2] Tegra ADMA fixes

by Mohan Kumar D

- Kernel test robot reported the build errors on 32-bit platforms due to plain 64-by-32 division. Fix build error by using div_u64() - Additional check for adma max page Changelog ========= v1 -> v2: * Used lower_32_bits() to truncate the 64-bit address space for division * Included additional patch to check for adma max page v2 -> v3: * Removed unwanter file change v3 -> v4: * Used div_u64() to perform the 64-bit division of adma address differences v4 -> v5: * Updated commit message of the patchsets Mohan Kumar D (2): dmaengine: tegra210-adma: Use div_u64 for 64 bit division dmaengine: tegra210-adma: check for adma max page drivers/dma/tegra210-adma.c | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) -- 2.25.1

4 months, 1 week

2
3
0 0

[PATCH 2/3] maple_tree: restart walk on correct status

by Wei Yang

Commit a8091f039c1e ("maple_tree: add MAS_UNDERFLOW and MAS_OVERFLOW states") adds more status during maple tree walk. But it introduce a typo on the status check during walk. It expects to mean neither active nor start, we would restart the walk, while current code means we would always restart the walk. Fixes: a8091f039c1e ("maple_tree: add MAS_UNDERFLOW and MAS_OVERFLOW states") Signed-off-by: Wei Yang <richard.weiyang(a)gmail.com> CC: Liam R. Howlett <Liam.Howlett(a)Oracle.com> CC: <stable(a)vger.kernel.org> --- lib/maple_tree.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/maple_tree.c b/lib/maple_tree.c index d31f0a2858f7..e64ffa5b9970 100644 --- a/lib/maple_tree.c +++ b/lib/maple_tree.c @@ -4899,7 +4899,7 @@ void *mas_walk(struct ma_state *mas) { void *entry; - if (!mas_is_active(mas) || !mas_is_start(mas)) + if (!mas_is_active(mas) && !mas_is_start(mas)) mas->status = ma_start; retry: entry = mas_state_walk(mas); -- 2.34.1

4 months, 1 week

2
1
0 0

Hematologists and Lab Directors Contact

by Debbie McCoy

Hello, I have a quick question for you - would you be interested in receiving* Hematologists and Lab Directors Contact* If so, please let me know your *target geography,* and I'll be happy to provide you with relevant counts and pricing. Just a note that we can customize the lists to meet any specific requirements based on your criteria. Wishing you a fantastic day! Debbie McCoy Manager, Demand Generation If you ever feel like opting out, simply reply with "remove me" in the subject line

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] scsi: core: Do not retry I/Os during depopulation" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 9ff7c383b8ac0c482a1da7989f703406d78445c6 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021014-siesta-undrafted-af95@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 9ff7c383b8ac0c482a1da7989f703406d78445c6 Mon Sep 17 00:00:00 2001 From: Igor Pylypiv <ipylypiv(a)google.com> Date: Fri, 31 Jan 2025 10:44:07 -0800 Subject: [PATCH] scsi: core: Do not retry I/Os during depopulation Fail I/Os instead of retry to prevent user space processes from being blocked on the I/O completion for several minutes. Retrying I/Os during "depopulation in progress" or "depopulation restore in progress" results in a continuous retry loop until the depopulation completes or until the I/O retry loop is aborted due to a timeout by the scsi_cmd_runtime_exceeced(). Depopulation is slow and can take 24+ hours to complete on 20+ TB HDDs. Most I/Os in the depopulation retry loop end up taking several minutes before returning the failure to user space. Cc: stable(a)vger.kernel.org # 4.18.x: 2bbeb8d scsi: core: Handle depopulation and restoration in progress Cc: stable(a)vger.kernel.org # 4.18.x Fixes: e37c7d9a0341 ("scsi: core: sanitize++ in progress") Signed-off-by: Igor Pylypiv <ipylypiv(a)google.com> Link: https://lore.kernel.org/r/20250131184408.859579-1-ipylypiv@google.com Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c index d776f13cd160..be0890e4e706 100644 --- a/drivers/scsi/scsi_lib.c +++ b/drivers/scsi/scsi_lib.c @@ -872,13 +872,18 @@ static void scsi_io_completion_action(struct scsi_cmnd *cmd, int result) case 0x1a: /* start stop unit in progress */ case 0x1b: /* sanitize in progress */ case 0x1d: /* configuration in progress */ - case 0x24: /* depopulation in progress */ - case 0x25: /* depopulation restore in progress */ action = ACTION_DELAYED_RETRY; break; case 0x0a: /* ALUA state transition */ action = ACTION_DELAYED_REPREP; break; + /* + * Depopulation might take many hours, + * thus it is not worthwhile to retry. + */ + case 0x24: /* depopulation in progress */ + case 0x25: /* depopulation restore in progress */ + fallthrough; default: action = ACTION_FAIL; break;

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] scsi: core: Do not retry I/Os during depopulation" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 9ff7c383b8ac0c482a1da7989f703406d78445c6 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021014-unspoiled-possible-d3ea@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 9ff7c383b8ac0c482a1da7989f703406d78445c6 Mon Sep 17 00:00:00 2001 From: Igor Pylypiv <ipylypiv(a)google.com> Date: Fri, 31 Jan 2025 10:44:07 -0800 Subject: [PATCH] scsi: core: Do not retry I/Os during depopulation Fail I/Os instead of retry to prevent user space processes from being blocked on the I/O completion for several minutes. Retrying I/Os during "depopulation in progress" or "depopulation restore in progress" results in a continuous retry loop until the depopulation completes or until the I/O retry loop is aborted due to a timeout by the scsi_cmd_runtime_exceeced(). Depopulation is slow and can take 24+ hours to complete on 20+ TB HDDs. Most I/Os in the depopulation retry loop end up taking several minutes before returning the failure to user space. Cc: stable(a)vger.kernel.org # 4.18.x: 2bbeb8d scsi: core: Handle depopulation and restoration in progress Cc: stable(a)vger.kernel.org # 4.18.x Fixes: e37c7d9a0341 ("scsi: core: sanitize++ in progress") Signed-off-by: Igor Pylypiv <ipylypiv(a)google.com> Link: https://lore.kernel.org/r/20250131184408.859579-1-ipylypiv@google.com Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c index d776f13cd160..be0890e4e706 100644 --- a/drivers/scsi/scsi_lib.c +++ b/drivers/scsi/scsi_lib.c @@ -872,13 +872,18 @@ static void scsi_io_completion_action(struct scsi_cmnd *cmd, int result) case 0x1a: /* start stop unit in progress */ case 0x1b: /* sanitize in progress */ case 0x1d: /* configuration in progress */ - case 0x24: /* depopulation in progress */ - case 0x25: /* depopulation restore in progress */ action = ACTION_DELAYED_RETRY; break; case 0x0a: /* ALUA state transition */ action = ACTION_DELAYED_REPREP; break; + /* + * Depopulation might take many hours, + * thus it is not worthwhile to retry. + */ + case 0x24: /* depopulation in progress */ + case 0x25: /* depopulation restore in progress */ + fallthrough; default: action = ACTION_FAIL; break;

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] scsi: core: Do not retry I/Os during depopulation" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 9ff7c383b8ac0c482a1da7989f703406d78445c6 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021013-krypton-salutary-f084@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 9ff7c383b8ac0c482a1da7989f703406d78445c6 Mon Sep 17 00:00:00 2001 From: Igor Pylypiv <ipylypiv(a)google.com> Date: Fri, 31 Jan 2025 10:44:07 -0800 Subject: [PATCH] scsi: core: Do not retry I/Os during depopulation Fail I/Os instead of retry to prevent user space processes from being blocked on the I/O completion for several minutes. Retrying I/Os during "depopulation in progress" or "depopulation restore in progress" results in a continuous retry loop until the depopulation completes or until the I/O retry loop is aborted due to a timeout by the scsi_cmd_runtime_exceeced(). Depopulation is slow and can take 24+ hours to complete on 20+ TB HDDs. Most I/Os in the depopulation retry loop end up taking several minutes before returning the failure to user space. Cc: stable(a)vger.kernel.org # 4.18.x: 2bbeb8d scsi: core: Handle depopulation and restoration in progress Cc: stable(a)vger.kernel.org # 4.18.x Fixes: e37c7d9a0341 ("scsi: core: sanitize++ in progress") Signed-off-by: Igor Pylypiv <ipylypiv(a)google.com> Link: https://lore.kernel.org/r/20250131184408.859579-1-ipylypiv@google.com Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c index d776f13cd160..be0890e4e706 100644 --- a/drivers/scsi/scsi_lib.c +++ b/drivers/scsi/scsi_lib.c @@ -872,13 +872,18 @@ static void scsi_io_completion_action(struct scsi_cmnd *cmd, int result) case 0x1a: /* start stop unit in progress */ case 0x1b: /* sanitize in progress */ case 0x1d: /* configuration in progress */ - case 0x24: /* depopulation in progress */ - case 0x25: /* depopulation restore in progress */ action = ACTION_DELAYED_RETRY; break; case 0x0a: /* ALUA state transition */ action = ACTION_DELAYED_REPREP; break; + /* + * Depopulation might take many hours, + * thus it is not worthwhile to retry. + */ + case 0x24: /* depopulation in progress */ + case 0x25: /* depopulation restore in progress */ + fallthrough; default: action = ACTION_FAIL; break;

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] scsi: core: Do not retry I/Os during depopulation" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 9ff7c383b8ac0c482a1da7989f703406d78445c6 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021013-spendable-stranger-885b@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 9ff7c383b8ac0c482a1da7989f703406d78445c6 Mon Sep 17 00:00:00 2001 From: Igor Pylypiv <ipylypiv(a)google.com> Date: Fri, 31 Jan 2025 10:44:07 -0800 Subject: [PATCH] scsi: core: Do not retry I/Os during depopulation Fail I/Os instead of retry to prevent user space processes from being blocked on the I/O completion for several minutes. Retrying I/Os during "depopulation in progress" or "depopulation restore in progress" results in a continuous retry loop until the depopulation completes or until the I/O retry loop is aborted due to a timeout by the scsi_cmd_runtime_exceeced(). Depopulation is slow and can take 24+ hours to complete on 20+ TB HDDs. Most I/Os in the depopulation retry loop end up taking several minutes before returning the failure to user space. Cc: stable(a)vger.kernel.org # 4.18.x: 2bbeb8d scsi: core: Handle depopulation and restoration in progress Cc: stable(a)vger.kernel.org # 4.18.x Fixes: e37c7d9a0341 ("scsi: core: sanitize++ in progress") Signed-off-by: Igor Pylypiv <ipylypiv(a)google.com> Link: https://lore.kernel.org/r/20250131184408.859579-1-ipylypiv@google.com Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c index d776f13cd160..be0890e4e706 100644 --- a/drivers/scsi/scsi_lib.c +++ b/drivers/scsi/scsi_lib.c @@ -872,13 +872,18 @@ static void scsi_io_completion_action(struct scsi_cmnd *cmd, int result) case 0x1a: /* start stop unit in progress */ case 0x1b: /* sanitize in progress */ case 0x1d: /* configuration in progress */ - case 0x24: /* depopulation in progress */ - case 0x25: /* depopulation restore in progress */ action = ACTION_DELAYED_RETRY; break; case 0x0a: /* ALUA state transition */ action = ACTION_DELAYED_REPREP; break; + /* + * Depopulation might take many hours, + * thus it is not worthwhile to retry. + */ + case 0x24: /* depopulation in progress */ + case 0x25: /* depopulation restore in progress */ + fallthrough; default: action = ACTION_FAIL; break;

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] scsi: core: Do not retry I/Os during depopulation" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 9ff7c383b8ac0c482a1da7989f703406d78445c6 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021012-engross-wildcat-b35d@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 9ff7c383b8ac0c482a1da7989f703406d78445c6 Mon Sep 17 00:00:00 2001 From: Igor Pylypiv <ipylypiv(a)google.com> Date: Fri, 31 Jan 2025 10:44:07 -0800 Subject: [PATCH] scsi: core: Do not retry I/Os during depopulation Fail I/Os instead of retry to prevent user space processes from being blocked on the I/O completion for several minutes. Retrying I/Os during "depopulation in progress" or "depopulation restore in progress" results in a continuous retry loop until the depopulation completes or until the I/O retry loop is aborted due to a timeout by the scsi_cmd_runtime_exceeced(). Depopulation is slow and can take 24+ hours to complete on 20+ TB HDDs. Most I/Os in the depopulation retry loop end up taking several minutes before returning the failure to user space. Cc: stable(a)vger.kernel.org # 4.18.x: 2bbeb8d scsi: core: Handle depopulation and restoration in progress Cc: stable(a)vger.kernel.org # 4.18.x Fixes: e37c7d9a0341 ("scsi: core: sanitize++ in progress") Signed-off-by: Igor Pylypiv <ipylypiv(a)google.com> Link: https://lore.kernel.org/r/20250131184408.859579-1-ipylypiv@google.com Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c index d776f13cd160..be0890e4e706 100644 --- a/drivers/scsi/scsi_lib.c +++ b/drivers/scsi/scsi_lib.c @@ -872,13 +872,18 @@ static void scsi_io_completion_action(struct scsi_cmnd *cmd, int result) case 0x1a: /* start stop unit in progress */ case 0x1b: /* sanitize in progress */ case 0x1d: /* configuration in progress */ - case 0x24: /* depopulation in progress */ - case 0x25: /* depopulation restore in progress */ action = ACTION_DELAYED_RETRY; break; case 0x0a: /* ALUA state transition */ action = ACTION_DELAYED_REPREP; break; + /* + * Depopulation might take many hours, + * thus it is not worthwhile to retry. + */ + case 0x24: /* depopulation in progress */ + case 0x25: /* depopulation restore in progress */ + fallthrough; default: action = ACTION_FAIL; break;

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] scsi: ufs: core: Fix use-after free in init error and remove" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x f8fb2403ddebb5eea0033d90d9daae4c88749ada # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021044-crying-depose-dd2a@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f8fb2403ddebb5eea0033d90d9daae4c88749ada Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20Draszik?= <andre.draszik(a)linaro.org> Date: Fri, 24 Jan 2025 15:09:00 +0000 Subject: [PATCH] scsi: ufs: core: Fix use-after free in init error and remove paths MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit devm_blk_crypto_profile_init() registers a cleanup handler to run when the associated (platform-) device is being released. For UFS, the crypto private data and pointers are stored as part of the ufs_hba's data structure 'struct ufs_hba::crypto_profile'. This structure is allocated as part of the underlying ufshcd and therefore Scsi_host allocation. During driver release or during error handling in ufshcd_pltfrm_init(), this structure is released as part of ufshcd_dealloc_host() before the (platform-) device associated with the crypto call above is released. Once this device is released, the crypto cleanup code will run, using the just-released 'struct ufs_hba::crypto_profile'. This causes a use-after-free situation: Call trace: kfree+0x60/0x2d8 (P) kvfree+0x44/0x60 blk_crypto_profile_destroy_callback+0x28/0x70 devm_action_release+0x1c/0x30 release_nodes+0x6c/0x108 devres_release_all+0x98/0x100 device_unbind_cleanup+0x20/0x70 really_probe+0x218/0x2d0 In other words, the initialisation code flow is: platform-device probe ufshcd_pltfrm_init() ufshcd_alloc_host() scsi_host_alloc() allocation of struct ufs_hba creation of scsi-host devices devm_blk_crypto_profile_init() devm registration of cleanup handler using platform-device and during error handling of ufshcd_pltfrm_init() or during driver removal: ufshcd_dealloc_host() scsi_host_put() put_device(scsi-host) release of struct ufs_hba put_device(platform-device) crypto cleanup handler To fix this use-after free, change ufshcd_alloc_host() to register a devres action to automatically cleanup the underlying SCSI device on ufshcd destruction, without requiring explicit calls to ufshcd_dealloc_host(). This way: * the crypto profile and all other ufs_hba-owned resources are destroyed before SCSI (as they've been registered after) * a memleak is plugged in tc-dwc-g210-pci.c remove() as a side-effect * EXPORT_SYMBOL_GPL(ufshcd_dealloc_host) can be removed fully as it's not needed anymore * no future drivers using ufshcd_alloc_host() could ever forget adding the cleanup Fixes: cb77cb5abe1f ("blk-crypto: rename blk_keyslot_manager to blk_crypto_profile") Fixes: d76d9d7d1009 ("scsi: ufs: use devm_blk_ksm_init()") Cc: stable(a)vger.kernel.org Signed-off-by: André Draszik <andre.draszik(a)linaro.org> Link: https://lore.kernel.org/r/20250124-ufshcd-fix-v4-1-c5d0144aae59@linaro.org Reviewed-by: Bean Huo <beanhuo(a)micron.com> Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> Acked-by: Eric Biggers <ebiggers(a)kernel.org> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> diff --git a/drivers/ufs/core/ufshcd.c b/drivers/ufs/core/ufshcd.c index d3741b1f4382..d2de80b2bba4 100644 --- a/drivers/ufs/core/ufshcd.c +++ b/drivers/ufs/core/ufshcd.c @@ -10226,16 +10226,6 @@ int ufshcd_system_thaw(struct device *dev) EXPORT_SYMBOL_GPL(ufshcd_system_thaw); #endif /* CONFIG_PM_SLEEP */ -/** - * ufshcd_dealloc_host - deallocate Host Bus Adapter (HBA) - * @hba: pointer to Host Bus Adapter (HBA) - */ -void ufshcd_dealloc_host(struct ufs_hba *hba) -{ - scsi_host_put(hba->host); -} -EXPORT_SYMBOL_GPL(ufshcd_dealloc_host); - /** * ufshcd_set_dma_mask - Set dma mask based on the controller * addressing capability @@ -10254,12 +10244,26 @@ static int ufshcd_set_dma_mask(struct ufs_hba *hba) return dma_set_mask_and_coherent(hba->dev, DMA_BIT_MASK(32)); } +/** + * ufshcd_devres_release - devres cleanup handler, invoked during release of + * hba->dev + * @host: pointer to SCSI host + */ +static void ufshcd_devres_release(void *host) +{ + scsi_host_put(host); +} + /** * ufshcd_alloc_host - allocate Host Bus Adapter (HBA) * @dev: pointer to device handle * @hba_handle: driver private handle * * Return: 0 on success, non-zero value on failure. + * + * NOTE: There is no corresponding ufshcd_dealloc_host() because this function + * keeps track of its allocations using devres and deallocates everything on + * device removal automatically. */ int ufshcd_alloc_host(struct device *dev, struct ufs_hba **hba_handle) { @@ -10281,6 +10285,13 @@ int ufshcd_alloc_host(struct device *dev, struct ufs_hba **hba_handle) err = -ENOMEM; goto out_error; } + + err = devm_add_action_or_reset(dev, ufshcd_devres_release, + host); + if (err) + return dev_err_probe(dev, err, + "failed to add ufshcd dealloc action\n"); + host->nr_maps = HCTX_TYPE_POLL + 1; hba = shost_priv(host); hba->host = host; diff --git a/drivers/ufs/host/ufshcd-pci.c b/drivers/ufs/host/ufshcd-pci.c index ea39c5d5b8cf..9cfcaad23cf9 100644 --- a/drivers/ufs/host/ufshcd-pci.c +++ b/drivers/ufs/host/ufshcd-pci.c @@ -562,7 +562,6 @@ static void ufshcd_pci_remove(struct pci_dev *pdev) pm_runtime_forbid(&pdev->dev); pm_runtime_get_noresume(&pdev->dev); ufshcd_remove(hba); - ufshcd_dealloc_host(hba); } /** @@ -605,7 +604,6 @@ ufshcd_pci_probe(struct pci_dev *pdev, const struct pci_device_id *id) err = ufshcd_init(hba, mmio_base, pdev->irq); if (err) { dev_err(&pdev->dev, "Initialization failed\n"); - ufshcd_dealloc_host(hba); return err; } diff --git a/drivers/ufs/host/ufshcd-pltfrm.c b/drivers/ufs/host/ufshcd-pltfrm.c index 505572d4fa87..ffe5d1d2b215 100644 --- a/drivers/ufs/host/ufshcd-pltfrm.c +++ b/drivers/ufs/host/ufshcd-pltfrm.c @@ -465,21 +465,17 @@ int ufshcd_pltfrm_init(struct platform_device *pdev, struct device *dev = &pdev->dev; mmio_base = devm_platform_ioremap_resource(pdev, 0); - if (IS_ERR(mmio_base)) { - err = PTR_ERR(mmio_base); - goto out; - } + if (IS_ERR(mmio_base)) + return PTR_ERR(mmio_base); irq = platform_get_irq(pdev, 0); - if (irq < 0) { - err = irq; - goto out; - } + if (irq < 0) + return irq; err = ufshcd_alloc_host(dev, &hba); if (err) { dev_err(dev, "Allocation failed\n"); - goto out; + return err; } hba->vops = vops; @@ -488,13 +484,13 @@ int ufshcd_pltfrm_init(struct platform_device *pdev, if (err) { dev_err(dev, "%s: clock parse failed %d\n", __func__, err); - goto dealloc_host; + return err; } err = ufshcd_parse_regulator_info(hba); if (err) { dev_err(dev, "%s: regulator init failed %d\n", __func__, err); - goto dealloc_host; + return err; } ufshcd_init_lanes_per_dir(hba); @@ -502,25 +498,20 @@ int ufshcd_pltfrm_init(struct platform_device *pdev, err = ufshcd_parse_operating_points(hba); if (err) { dev_err(dev, "%s: OPP parse failed %d\n", __func__, err); - goto dealloc_host; + return err; } err = ufshcd_init(hba, mmio_base, irq); if (err) { dev_err_probe(dev, err, "Initialization failed with error %d\n", err); - goto dealloc_host; + return err; } pm_runtime_set_active(dev); pm_runtime_enable(dev); return 0; - -dealloc_host: - ufshcd_dealloc_host(hba); -out: - return err; } EXPORT_SYMBOL_GPL(ufshcd_pltfrm_init); @@ -534,7 +525,6 @@ void ufshcd_pltfrm_remove(struct platform_device *pdev) pm_runtime_get_sync(&pdev->dev); ufshcd_remove(hba); - ufshcd_dealloc_host(hba); pm_runtime_disable(&pdev->dev); pm_runtime_put_noidle(&pdev->dev); } diff --git a/include/ufs/ufshcd.h b/include/ufs/ufshcd.h index 650ff238cd74..8bf31e6ca4e5 100644 --- a/include/ufs/ufshcd.h +++ b/include/ufs/ufshcd.h @@ -1309,7 +1309,6 @@ static inline void ufshcd_rmwl(struct ufs_hba *hba, u32 mask, u32 val, u32 reg) void ufshcd_enable_irq(struct ufs_hba *hba); void ufshcd_disable_irq(struct ufs_hba *hba); int ufshcd_alloc_host(struct device *, struct ufs_hba **); -void ufshcd_dealloc_host(struct ufs_hba *); int ufshcd_hba_enable(struct ufs_hba *hba); int ufshcd_init(struct ufs_hba *, void __iomem *, unsigned int); int ufshcd_link_recovery(struct ufs_hba *hba);

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] scsi: ufs: core: Fix use-after free in init error and remove" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x f8fb2403ddebb5eea0033d90d9daae4c88749ada # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021043-exodus-juice-1f35@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f8fb2403ddebb5eea0033d90d9daae4c88749ada Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20Draszik?= <andre.draszik(a)linaro.org> Date: Fri, 24 Jan 2025 15:09:00 +0000 Subject: [PATCH] scsi: ufs: core: Fix use-after free in init error and remove paths MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit devm_blk_crypto_profile_init() registers a cleanup handler to run when the associated (platform-) device is being released. For UFS, the crypto private data and pointers are stored as part of the ufs_hba's data structure 'struct ufs_hba::crypto_profile'. This structure is allocated as part of the underlying ufshcd and therefore Scsi_host allocation. During driver release or during error handling in ufshcd_pltfrm_init(), this structure is released as part of ufshcd_dealloc_host() before the (platform-) device associated with the crypto call above is released. Once this device is released, the crypto cleanup code will run, using the just-released 'struct ufs_hba::crypto_profile'. This causes a use-after-free situation: Call trace: kfree+0x60/0x2d8 (P) kvfree+0x44/0x60 blk_crypto_profile_destroy_callback+0x28/0x70 devm_action_release+0x1c/0x30 release_nodes+0x6c/0x108 devres_release_all+0x98/0x100 device_unbind_cleanup+0x20/0x70 really_probe+0x218/0x2d0 In other words, the initialisation code flow is: platform-device probe ufshcd_pltfrm_init() ufshcd_alloc_host() scsi_host_alloc() allocation of struct ufs_hba creation of scsi-host devices devm_blk_crypto_profile_init() devm registration of cleanup handler using platform-device and during error handling of ufshcd_pltfrm_init() or during driver removal: ufshcd_dealloc_host() scsi_host_put() put_device(scsi-host) release of struct ufs_hba put_device(platform-device) crypto cleanup handler To fix this use-after free, change ufshcd_alloc_host() to register a devres action to automatically cleanup the underlying SCSI device on ufshcd destruction, without requiring explicit calls to ufshcd_dealloc_host(). This way: * the crypto profile and all other ufs_hba-owned resources are destroyed before SCSI (as they've been registered after) * a memleak is plugged in tc-dwc-g210-pci.c remove() as a side-effect * EXPORT_SYMBOL_GPL(ufshcd_dealloc_host) can be removed fully as it's not needed anymore * no future drivers using ufshcd_alloc_host() could ever forget adding the cleanup Fixes: cb77cb5abe1f ("blk-crypto: rename blk_keyslot_manager to blk_crypto_profile") Fixes: d76d9d7d1009 ("scsi: ufs: use devm_blk_ksm_init()") Cc: stable(a)vger.kernel.org Signed-off-by: André Draszik <andre.draszik(a)linaro.org> Link: https://lore.kernel.org/r/20250124-ufshcd-fix-v4-1-c5d0144aae59@linaro.org Reviewed-by: Bean Huo <beanhuo(a)micron.com> Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> Acked-by: Eric Biggers <ebiggers(a)kernel.org> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> diff --git a/drivers/ufs/core/ufshcd.c b/drivers/ufs/core/ufshcd.c index d3741b1f4382..d2de80b2bba4 100644 --- a/drivers/ufs/core/ufshcd.c +++ b/drivers/ufs/core/ufshcd.c @@ -10226,16 +10226,6 @@ int ufshcd_system_thaw(struct device *dev) EXPORT_SYMBOL_GPL(ufshcd_system_thaw); #endif /* CONFIG_PM_SLEEP */ -/** - * ufshcd_dealloc_host - deallocate Host Bus Adapter (HBA) - * @hba: pointer to Host Bus Adapter (HBA) - */ -void ufshcd_dealloc_host(struct ufs_hba *hba) -{ - scsi_host_put(hba->host); -} -EXPORT_SYMBOL_GPL(ufshcd_dealloc_host); - /** * ufshcd_set_dma_mask - Set dma mask based on the controller * addressing capability @@ -10254,12 +10244,26 @@ static int ufshcd_set_dma_mask(struct ufs_hba *hba) return dma_set_mask_and_coherent(hba->dev, DMA_BIT_MASK(32)); } +/** + * ufshcd_devres_release - devres cleanup handler, invoked during release of + * hba->dev + * @host: pointer to SCSI host + */ +static void ufshcd_devres_release(void *host) +{ + scsi_host_put(host); +} + /** * ufshcd_alloc_host - allocate Host Bus Adapter (HBA) * @dev: pointer to device handle * @hba_handle: driver private handle * * Return: 0 on success, non-zero value on failure. + * + * NOTE: There is no corresponding ufshcd_dealloc_host() because this function + * keeps track of its allocations using devres and deallocates everything on + * device removal automatically. */ int ufshcd_alloc_host(struct device *dev, struct ufs_hba **hba_handle) { @@ -10281,6 +10285,13 @@ int ufshcd_alloc_host(struct device *dev, struct ufs_hba **hba_handle) err = -ENOMEM; goto out_error; } + + err = devm_add_action_or_reset(dev, ufshcd_devres_release, + host); + if (err) + return dev_err_probe(dev, err, + "failed to add ufshcd dealloc action\n"); + host->nr_maps = HCTX_TYPE_POLL + 1; hba = shost_priv(host); hba->host = host; diff --git a/drivers/ufs/host/ufshcd-pci.c b/drivers/ufs/host/ufshcd-pci.c index ea39c5d5b8cf..9cfcaad23cf9 100644 --- a/drivers/ufs/host/ufshcd-pci.c +++ b/drivers/ufs/host/ufshcd-pci.c @@ -562,7 +562,6 @@ static void ufshcd_pci_remove(struct pci_dev *pdev) pm_runtime_forbid(&pdev->dev); pm_runtime_get_noresume(&pdev->dev); ufshcd_remove(hba); - ufshcd_dealloc_host(hba); } /** @@ -605,7 +604,6 @@ ufshcd_pci_probe(struct pci_dev *pdev, const struct pci_device_id *id) err = ufshcd_init(hba, mmio_base, pdev->irq); if (err) { dev_err(&pdev->dev, "Initialization failed\n"); - ufshcd_dealloc_host(hba); return err; } diff --git a/drivers/ufs/host/ufshcd-pltfrm.c b/drivers/ufs/host/ufshcd-pltfrm.c index 505572d4fa87..ffe5d1d2b215 100644 --- a/drivers/ufs/host/ufshcd-pltfrm.c +++ b/drivers/ufs/host/ufshcd-pltfrm.c @@ -465,21 +465,17 @@ int ufshcd_pltfrm_init(struct platform_device *pdev, struct device *dev = &pdev->dev; mmio_base = devm_platform_ioremap_resource(pdev, 0); - if (IS_ERR(mmio_base)) { - err = PTR_ERR(mmio_base); - goto out; - } + if (IS_ERR(mmio_base)) + return PTR_ERR(mmio_base); irq = platform_get_irq(pdev, 0); - if (irq < 0) { - err = irq; - goto out; - } + if (irq < 0) + return irq; err = ufshcd_alloc_host(dev, &hba); if (err) { dev_err(dev, "Allocation failed\n"); - goto out; + return err; } hba->vops = vops; @@ -488,13 +484,13 @@ int ufshcd_pltfrm_init(struct platform_device *pdev, if (err) { dev_err(dev, "%s: clock parse failed %d\n", __func__, err); - goto dealloc_host; + return err; } err = ufshcd_parse_regulator_info(hba); if (err) { dev_err(dev, "%s: regulator init failed %d\n", __func__, err); - goto dealloc_host; + return err; } ufshcd_init_lanes_per_dir(hba); @@ -502,25 +498,20 @@ int ufshcd_pltfrm_init(struct platform_device *pdev, err = ufshcd_parse_operating_points(hba); if (err) { dev_err(dev, "%s: OPP parse failed %d\n", __func__, err); - goto dealloc_host; + return err; } err = ufshcd_init(hba, mmio_base, irq); if (err) { dev_err_probe(dev, err, "Initialization failed with error %d\n", err); - goto dealloc_host; + return err; } pm_runtime_set_active(dev); pm_runtime_enable(dev); return 0; - -dealloc_host: - ufshcd_dealloc_host(hba); -out: - return err; } EXPORT_SYMBOL_GPL(ufshcd_pltfrm_init); @@ -534,7 +525,6 @@ void ufshcd_pltfrm_remove(struct platform_device *pdev) pm_runtime_get_sync(&pdev->dev); ufshcd_remove(hba); - ufshcd_dealloc_host(hba); pm_runtime_disable(&pdev->dev); pm_runtime_put_noidle(&pdev->dev); } diff --git a/include/ufs/ufshcd.h b/include/ufs/ufshcd.h index 650ff238cd74..8bf31e6ca4e5 100644 --- a/include/ufs/ufshcd.h +++ b/include/ufs/ufshcd.h @@ -1309,7 +1309,6 @@ static inline void ufshcd_rmwl(struct ufs_hba *hba, u32 mask, u32 val, u32 reg) void ufshcd_enable_irq(struct ufs_hba *hba); void ufshcd_disable_irq(struct ufs_hba *hba); int ufshcd_alloc_host(struct device *, struct ufs_hba **); -void ufshcd_dealloc_host(struct ufs_hba *); int ufshcd_hba_enable(struct ufs_hba *hba); int ufshcd_init(struct ufs_hba *, void __iomem *, unsigned int); int ufshcd_link_recovery(struct ufs_hba *hba);

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] scsi: ufs: core: Fix use-after free in init error and remove" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x f8fb2403ddebb5eea0033d90d9daae4c88749ada # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021041-mouth-gumdrop-827e@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f8fb2403ddebb5eea0033d90d9daae4c88749ada Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20Draszik?= <andre.draszik(a)linaro.org> Date: Fri, 24 Jan 2025 15:09:00 +0000 Subject: [PATCH] scsi: ufs: core: Fix use-after free in init error and remove paths MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit devm_blk_crypto_profile_init() registers a cleanup handler to run when the associated (platform-) device is being released. For UFS, the crypto private data and pointers are stored as part of the ufs_hba's data structure 'struct ufs_hba::crypto_profile'. This structure is allocated as part of the underlying ufshcd and therefore Scsi_host allocation. During driver release or during error handling in ufshcd_pltfrm_init(), this structure is released as part of ufshcd_dealloc_host() before the (platform-) device associated with the crypto call above is released. Once this device is released, the crypto cleanup code will run, using the just-released 'struct ufs_hba::crypto_profile'. This causes a use-after-free situation: Call trace: kfree+0x60/0x2d8 (P) kvfree+0x44/0x60 blk_crypto_profile_destroy_callback+0x28/0x70 devm_action_release+0x1c/0x30 release_nodes+0x6c/0x108 devres_release_all+0x98/0x100 device_unbind_cleanup+0x20/0x70 really_probe+0x218/0x2d0 In other words, the initialisation code flow is: platform-device probe ufshcd_pltfrm_init() ufshcd_alloc_host() scsi_host_alloc() allocation of struct ufs_hba creation of scsi-host devices devm_blk_crypto_profile_init() devm registration of cleanup handler using platform-device and during error handling of ufshcd_pltfrm_init() or during driver removal: ufshcd_dealloc_host() scsi_host_put() put_device(scsi-host) release of struct ufs_hba put_device(platform-device) crypto cleanup handler To fix this use-after free, change ufshcd_alloc_host() to register a devres action to automatically cleanup the underlying SCSI device on ufshcd destruction, without requiring explicit calls to ufshcd_dealloc_host(). This way: * the crypto profile and all other ufs_hba-owned resources are destroyed before SCSI (as they've been registered after) * a memleak is plugged in tc-dwc-g210-pci.c remove() as a side-effect * EXPORT_SYMBOL_GPL(ufshcd_dealloc_host) can be removed fully as it's not needed anymore * no future drivers using ufshcd_alloc_host() could ever forget adding the cleanup Fixes: cb77cb5abe1f ("blk-crypto: rename blk_keyslot_manager to blk_crypto_profile") Fixes: d76d9d7d1009 ("scsi: ufs: use devm_blk_ksm_init()") Cc: stable(a)vger.kernel.org Signed-off-by: André Draszik <andre.draszik(a)linaro.org> Link: https://lore.kernel.org/r/20250124-ufshcd-fix-v4-1-c5d0144aae59@linaro.org Reviewed-by: Bean Huo <beanhuo(a)micron.com> Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> Acked-by: Eric Biggers <ebiggers(a)kernel.org> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> diff --git a/drivers/ufs/core/ufshcd.c b/drivers/ufs/core/ufshcd.c index d3741b1f4382..d2de80b2bba4 100644 --- a/drivers/ufs/core/ufshcd.c +++ b/drivers/ufs/core/ufshcd.c @@ -10226,16 +10226,6 @@ int ufshcd_system_thaw(struct device *dev) EXPORT_SYMBOL_GPL(ufshcd_system_thaw); #endif /* CONFIG_PM_SLEEP */ -/** - * ufshcd_dealloc_host - deallocate Host Bus Adapter (HBA) - * @hba: pointer to Host Bus Adapter (HBA) - */ -void ufshcd_dealloc_host(struct ufs_hba *hba) -{ - scsi_host_put(hba->host); -} -EXPORT_SYMBOL_GPL(ufshcd_dealloc_host); - /** * ufshcd_set_dma_mask - Set dma mask based on the controller * addressing capability @@ -10254,12 +10244,26 @@ static int ufshcd_set_dma_mask(struct ufs_hba *hba) return dma_set_mask_and_coherent(hba->dev, DMA_BIT_MASK(32)); } +/** + * ufshcd_devres_release - devres cleanup handler, invoked during release of + * hba->dev + * @host: pointer to SCSI host + */ +static void ufshcd_devres_release(void *host) +{ + scsi_host_put(host); +} + /** * ufshcd_alloc_host - allocate Host Bus Adapter (HBA) * @dev: pointer to device handle * @hba_handle: driver private handle * * Return: 0 on success, non-zero value on failure. + * + * NOTE: There is no corresponding ufshcd_dealloc_host() because this function + * keeps track of its allocations using devres and deallocates everything on + * device removal automatically. */ int ufshcd_alloc_host(struct device *dev, struct ufs_hba **hba_handle) { @@ -10281,6 +10285,13 @@ int ufshcd_alloc_host(struct device *dev, struct ufs_hba **hba_handle) err = -ENOMEM; goto out_error; } + + err = devm_add_action_or_reset(dev, ufshcd_devres_release, + host); + if (err) + return dev_err_probe(dev, err, + "failed to add ufshcd dealloc action\n"); + host->nr_maps = HCTX_TYPE_POLL + 1; hba = shost_priv(host); hba->host = host; diff --git a/drivers/ufs/host/ufshcd-pci.c b/drivers/ufs/host/ufshcd-pci.c index ea39c5d5b8cf..9cfcaad23cf9 100644 --- a/drivers/ufs/host/ufshcd-pci.c +++ b/drivers/ufs/host/ufshcd-pci.c @@ -562,7 +562,6 @@ static void ufshcd_pci_remove(struct pci_dev *pdev) pm_runtime_forbid(&pdev->dev); pm_runtime_get_noresume(&pdev->dev); ufshcd_remove(hba); - ufshcd_dealloc_host(hba); } /** @@ -605,7 +604,6 @@ ufshcd_pci_probe(struct pci_dev *pdev, const struct pci_device_id *id) err = ufshcd_init(hba, mmio_base, pdev->irq); if (err) { dev_err(&pdev->dev, "Initialization failed\n"); - ufshcd_dealloc_host(hba); return err; } diff --git a/drivers/ufs/host/ufshcd-pltfrm.c b/drivers/ufs/host/ufshcd-pltfrm.c index 505572d4fa87..ffe5d1d2b215 100644 --- a/drivers/ufs/host/ufshcd-pltfrm.c +++ b/drivers/ufs/host/ufshcd-pltfrm.c @@ -465,21 +465,17 @@ int ufshcd_pltfrm_init(struct platform_device *pdev, struct device *dev = &pdev->dev; mmio_base = devm_platform_ioremap_resource(pdev, 0); - if (IS_ERR(mmio_base)) { - err = PTR_ERR(mmio_base); - goto out; - } + if (IS_ERR(mmio_base)) + return PTR_ERR(mmio_base); irq = platform_get_irq(pdev, 0); - if (irq < 0) { - err = irq; - goto out; - } + if (irq < 0) + return irq; err = ufshcd_alloc_host(dev, &hba); if (err) { dev_err(dev, "Allocation failed\n"); - goto out; + return err; } hba->vops = vops; @@ -488,13 +484,13 @@ int ufshcd_pltfrm_init(struct platform_device *pdev, if (err) { dev_err(dev, "%s: clock parse failed %d\n", __func__, err); - goto dealloc_host; + return err; } err = ufshcd_parse_regulator_info(hba); if (err) { dev_err(dev, "%s: regulator init failed %d\n", __func__, err); - goto dealloc_host; + return err; } ufshcd_init_lanes_per_dir(hba); @@ -502,25 +498,20 @@ int ufshcd_pltfrm_init(struct platform_device *pdev, err = ufshcd_parse_operating_points(hba); if (err) { dev_err(dev, "%s: OPP parse failed %d\n", __func__, err); - goto dealloc_host; + return err; } err = ufshcd_init(hba, mmio_base, irq); if (err) { dev_err_probe(dev, err, "Initialization failed with error %d\n", err); - goto dealloc_host; + return err; } pm_runtime_set_active(dev); pm_runtime_enable(dev); return 0; - -dealloc_host: - ufshcd_dealloc_host(hba); -out: - return err; } EXPORT_SYMBOL_GPL(ufshcd_pltfrm_init); @@ -534,7 +525,6 @@ void ufshcd_pltfrm_remove(struct platform_device *pdev) pm_runtime_get_sync(&pdev->dev); ufshcd_remove(hba); - ufshcd_dealloc_host(hba); pm_runtime_disable(&pdev->dev); pm_runtime_put_noidle(&pdev->dev); } diff --git a/include/ufs/ufshcd.h b/include/ufs/ufshcd.h index 650ff238cd74..8bf31e6ca4e5 100644 --- a/include/ufs/ufshcd.h +++ b/include/ufs/ufshcd.h @@ -1309,7 +1309,6 @@ static inline void ufshcd_rmwl(struct ufs_hba *hba, u32 mask, u32 val, u32 reg) void ufshcd_enable_irq(struct ufs_hba *hba); void ufshcd_disable_irq(struct ufs_hba *hba); int ufshcd_alloc_host(struct device *, struct ufs_hba **); -void ufshcd_dealloc_host(struct ufs_hba *); int ufshcd_hba_enable(struct ufs_hba *hba); int ufshcd_init(struct ufs_hba *, void __iomem *, unsigned int); int ufshcd_link_recovery(struct ufs_hba *hba);

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] scsi: qla2xxx: Move FCE Trace buffer allocation to user" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 841df27d619ee1f5ca6473e15227b39d6136562d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021020-sappiness-encode-393a@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 841df27d619ee1f5ca6473e15227b39d6136562d Mon Sep 17 00:00:00 2001 From: Quinn Tran <qutran(a)marvell.com> Date: Fri, 15 Nov 2024 18:33:09 +0530 Subject: [PATCH] scsi: qla2xxx: Move FCE Trace buffer allocation to user control Currently FCE Tracing is enabled to log additional ELS events. Instead, user will enable or disable this feature through debugfs. Modify existing DFS knob to allow user to enable or disable this feature. echo [1 | 0] > /sys/kernel/debug/qla2xxx/qla2xxx_??/fce cat /sys/kernel/debug/qla2xxx/qla2xxx_??/fce Cc: stable(a)vger.kernel.org Fixes: df613b96077c ("[SCSI] qla2xxx: Add Fibre Channel Event (FCE) tracing support.") Signed-off-by: Quinn Tran <qutran(a)marvell.com> Signed-off-by: Nilesh Javali <njavali(a)marvell.com> Link: https://lore.kernel.org/r/20241115130313.46826-4-njavali@marvell.com Reviewed-by: Himanshu Madhani <himanshu.madhani(a)oracle.com> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> diff --git a/drivers/scsi/qla2xxx/qla_def.h b/drivers/scsi/qla2xxx/qla_def.h index 15066c112817..cb95b7b12051 100644 --- a/drivers/scsi/qla2xxx/qla_def.h +++ b/drivers/scsi/qla2xxx/qla_def.h @@ -4098,6 +4098,8 @@ struct qla_hw_data { uint32_t npiv_supported :1; uint32_t pci_channel_io_perm_failure :1; uint32_t fce_enabled :1; + uint32_t user_enabled_fce :1; + uint32_t fce_dump_buf_alloced :1; uint32_t fac_supported :1; uint32_t chip_reset_done :1; diff --git a/drivers/scsi/qla2xxx/qla_dfs.c b/drivers/scsi/qla2xxx/qla_dfs.c index a1545dad0c0c..08273520c777 100644 --- a/drivers/scsi/qla2xxx/qla_dfs.c +++ b/drivers/scsi/qla2xxx/qla_dfs.c @@ -409,27 +409,32 @@ qla2x00_dfs_fce_show(struct seq_file *s, void *unused) mutex_lock(&ha->fce_mutex); - seq_puts(s, "FCE Trace Buffer\n"); - seq_printf(s, "In Pointer = %llx\n\n", (unsigned long long)ha->fce_wr); - seq_printf(s, "Base = %llx\n\n", (unsigned long long) ha->fce_dma); - seq_puts(s, "FCE Enable Registers\n"); - seq_printf(s, "%08x %08x %08x %08x %08x %08x\n", - ha->fce_mb[0], ha->fce_mb[2], ha->fce_mb[3], ha->fce_mb[4], - ha->fce_mb[5], ha->fce_mb[6]); + if (ha->flags.user_enabled_fce) { + seq_puts(s, "FCE Trace Buffer\n"); + seq_printf(s, "In Pointer = %llx\n\n", (unsigned long long)ha->fce_wr); + seq_printf(s, "Base = %llx\n\n", (unsigned long long)ha->fce_dma); + seq_puts(s, "FCE Enable Registers\n"); + seq_printf(s, "%08x %08x %08x %08x %08x %08x\n", + ha->fce_mb[0], ha->fce_mb[2], ha->fce_mb[3], ha->fce_mb[4], + ha->fce_mb[5], ha->fce_mb[6]); - fce = (uint32_t *) ha->fce; - fce_start = (unsigned long long) ha->fce_dma; - for (cnt = 0; cnt < fce_calc_size(ha->fce_bufs) / 4; cnt++) { - if (cnt % 8 == 0) - seq_printf(s, "\n%llx: ", - (unsigned long long)((cnt * 4) + fce_start)); - else - seq_putc(s, ' '); - seq_printf(s, "%08x", *fce++); + fce = (uint32_t *)ha->fce; + fce_start = (unsigned long long)ha->fce_dma; + for (cnt = 0; cnt < fce_calc_size(ha->fce_bufs) / 4; cnt++) { + if (cnt % 8 == 0) + seq_printf(s, "\n%llx: ", + (unsigned long long)((cnt * 4) + fce_start)); + else + seq_putc(s, ' '); + seq_printf(s, "%08x", *fce++); + } + + seq_puts(s, "\nEnd\n"); + } else { + seq_puts(s, "FCE Trace is currently not enabled\n"); + seq_puts(s, "\techo [ 1 | 0 ] > fce\n"); } - seq_puts(s, "\nEnd\n"); - mutex_unlock(&ha->fce_mutex); return 0; @@ -467,7 +472,7 @@ qla2x00_dfs_fce_release(struct inode *inode, struct file *file) struct qla_hw_data *ha = vha->hw; int rval; - if (ha->flags.fce_enabled) + if (ha->flags.fce_enabled || !ha->fce) goto out; mutex_lock(&ha->fce_mutex); @@ -488,11 +493,88 @@ qla2x00_dfs_fce_release(struct inode *inode, struct file *file) return single_release(inode, file); } +static ssize_t +qla2x00_dfs_fce_write(struct file *file, const char __user *buffer, + size_t count, loff_t *pos) +{ + struct seq_file *s = file->private_data; + struct scsi_qla_host *vha = s->private; + struct qla_hw_data *ha = vha->hw; + char *buf; + int rc = 0; + unsigned long enable; + + if (!IS_QLA25XX(ha) && !IS_QLA81XX(ha) && !IS_QLA83XX(ha) && + !IS_QLA27XX(ha) && !IS_QLA28XX(ha)) { + ql_dbg(ql_dbg_user, vha, 0xd034, + "this adapter does not support FCE."); + return -EINVAL; + } + + buf = memdup_user_nul(buffer, count); + if (IS_ERR(buf)) { + ql_dbg(ql_dbg_user, vha, 0xd037, + "fail to copy user buffer."); + return PTR_ERR(buf); + } + + enable = kstrtoul(buf, 0, 0); + rc = count; + + mutex_lock(&ha->fce_mutex); + + if (enable) { + if (ha->flags.user_enabled_fce) { + mutex_unlock(&ha->fce_mutex); + goto out_free; + } + ha->flags.user_enabled_fce = 1; + if (!ha->fce) { + rc = qla2x00_alloc_fce_trace(vha); + if (rc) { + ha->flags.user_enabled_fce = 0; + mutex_unlock(&ha->fce_mutex); + goto out_free; + } + + /* adjust fw dump buffer to take into account of this feature */ + if (!ha->flags.fce_dump_buf_alloced) + qla2x00_alloc_fw_dump(vha); + } + + if (!ha->flags.fce_enabled) + qla_enable_fce_trace(vha); + + ql_dbg(ql_dbg_user, vha, 0xd045, "User enabled FCE .\n"); + } else { + if (!ha->flags.user_enabled_fce) { + mutex_unlock(&ha->fce_mutex); + goto out_free; + } + ha->flags.user_enabled_fce = 0; + if (ha->flags.fce_enabled) { + qla2x00_disable_fce_trace(vha, NULL, NULL); + ha->flags.fce_enabled = 0; + } + + qla2x00_free_fce_trace(ha); + /* no need to re-adjust fw dump buffer */ + + ql_dbg(ql_dbg_user, vha, 0xd04f, "User disabled FCE .\n"); + } + + mutex_unlock(&ha->fce_mutex); +out_free: + kfree(buf); + return rc; +} + static const struct file_operations dfs_fce_ops = { .open = qla2x00_dfs_fce_open, .read = seq_read, .llseek = seq_lseek, .release = qla2x00_dfs_fce_release, + .write = qla2x00_dfs_fce_write, }; static int @@ -626,8 +708,6 @@ qla2x00_dfs_setup(scsi_qla_host_t *vha) if (!IS_QLA25XX(ha) && !IS_QLA81XX(ha) && !IS_QLA83XX(ha) && !IS_QLA27XX(ha) && !IS_QLA28XX(ha)) goto out; - if (!ha->fce) - goto out; if (qla2x00_dfs_root) goto create_dir; diff --git a/drivers/scsi/qla2xxx/qla_gbl.h b/drivers/scsi/qla2xxx/qla_gbl.h index cededfda9d0e..e556f57c91af 100644 --- a/drivers/scsi/qla2xxx/qla_gbl.h +++ b/drivers/scsi/qla2xxx/qla_gbl.h @@ -11,6 +11,9 @@ /* * Global Function Prototypes in qla_init.c source file. */ +int qla2x00_alloc_fce_trace(scsi_qla_host_t *); +void qla2x00_free_fce_trace(struct qla_hw_data *ha); +void qla_enable_fce_trace(scsi_qla_host_t *); extern int qla2x00_initialize_adapter(scsi_qla_host_t *); extern int qla24xx_post_prli_work(struct scsi_qla_host *vha, fc_port_t *fcport); diff --git a/drivers/scsi/qla2xxx/qla_init.c b/drivers/scsi/qla2xxx/qla_init.c index 31fc6a0eca3e..79cdfec2bca3 100644 --- a/drivers/scsi/qla2xxx/qla_init.c +++ b/drivers/scsi/qla2xxx/qla_init.c @@ -2681,7 +2681,7 @@ qla83xx_nic_core_fw_load(scsi_qla_host_t *vha) return rval; } -static void qla_enable_fce_trace(scsi_qla_host_t *vha) +void qla_enable_fce_trace(scsi_qla_host_t *vha) { int rval; struct qla_hw_data *ha = vha->hw; @@ -3717,25 +3717,24 @@ qla24xx_chip_diag(scsi_qla_host_t *vha) return rval; } -static void -qla2x00_alloc_fce_trace(scsi_qla_host_t *vha) +int qla2x00_alloc_fce_trace(scsi_qla_host_t *vha) { dma_addr_t tc_dma; void *tc; struct qla_hw_data *ha = vha->hw; if (!IS_FWI2_CAPABLE(ha)) - return; + return -EINVAL; if (!IS_QLA25XX(ha) && !IS_QLA81XX(ha) && !IS_QLA83XX(ha) && !IS_QLA27XX(ha) && !IS_QLA28XX(ha)) - return; + return -EINVAL; if (ha->fce) { ql_dbg(ql_dbg_init, vha, 0x00bd, "%s: FCE Mem is already allocated.\n", __func__); - return; + return -EIO; } /* Allocate memory for Fibre Channel Event Buffer. */ @@ -3745,7 +3744,7 @@ qla2x00_alloc_fce_trace(scsi_qla_host_t *vha) ql_log(ql_log_warn, vha, 0x00be, "Unable to allocate (%d KB) for FCE.\n", FCE_SIZE / 1024); - return; + return -ENOMEM; } ql_dbg(ql_dbg_init, vha, 0x00c0, @@ -3754,6 +3753,16 @@ qla2x00_alloc_fce_trace(scsi_qla_host_t *vha) ha->fce_dma = tc_dma; ha->fce = tc; ha->fce_bufs = FCE_NUM_BUFFERS; + return 0; +} + +void qla2x00_free_fce_trace(struct qla_hw_data *ha) +{ + if (!ha->fce) + return; + dma_free_coherent(&ha->pdev->dev, FCE_SIZE, ha->fce, ha->fce_dma); + ha->fce = NULL; + ha->fce_dma = 0; } static void @@ -3844,9 +3853,10 @@ qla2x00_alloc_fw_dump(scsi_qla_host_t *vha) if (ha->tgt.atio_ring) mq_size += ha->tgt.atio_q_length * sizeof(request_t); - qla2x00_alloc_fce_trace(vha); - if (ha->fce) + if (ha->fce) { fce_size = sizeof(struct qla2xxx_fce_chain) + FCE_SIZE; + ha->flags.fce_dump_buf_alloced = 1; + } qla2x00_alloc_eft_trace(vha); if (ha->eft) eft_size = EFT_SIZE;

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] PCI: Restore original INTX_DISABLE bit by pcim_intx()" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x d555ed45a5a10a813528c7685f432369d536ae3d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021022-broadness-afflicted-47d6@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d555ed45a5a10a813528c7685f432369d536ae3d Mon Sep 17 00:00:00 2001 From: Takashi Iwai <tiwai(a)suse.de> Date: Thu, 31 Oct 2024 14:42:56 +0100 Subject: [PATCH] PCI: Restore original INTX_DISABLE bit by pcim_intx() pcim_intx() tries to restore the INTx bit at removal via devres, but there is a chance that it restores a wrong value. Because the value to be restored is blindly assumed to be the negative of the enable argument, when a driver calls pcim_intx() unnecessarily for the already enabled state, it'll restore to the disabled state in turn. That is, the function assumes the case like: // INTx == 1 pcim_intx(pdev, 0); // old INTx value assumed to be 1 -> correct but it might be like the following, too: // INTx == 0 pcim_intx(pdev, 0); // old INTx value assumed to be 1 -> wrong Also, when a driver calls pcim_intx() multiple times with different enable argument values, the last one will win no matter what value it is. This can lead to inconsistency, e.g. // INTx == 1 pcim_intx(pdev, 0); // OK ... pcim_intx(pdev, 1); // now old INTx wrongly assumed to be 0 This patch addresses those inconsistencies by saving the original INTx state at the first pcim_intx() call. For that, get_or_create_intx_devres() is folded into pcim_intx() caller side; it allows us to simply check the already allocated devres and record the original INTx along with the devres_alloc() call. Link: https://lore.kernel.org/r/20241031134300.10296-1-tiwai@suse.de Fixes: 25216afc9db5 ("PCI: Add managed pcim_intx()") Link: https://lore.kernel.org/87v7xk2ps5.wl-tiwai@suse.de Signed-off-by: Takashi Iwai <tiwai(a)suse.de> Signed-off-by: Bjorn Helgaas <bhelgaas(a)google.com> Reviewed-by: Philipp Stanner <pstanner(a)redhat.com> Cc: stable(a)vger.kernel.org # v6.11+ diff --git a/drivers/pci/devres.c b/drivers/pci/devres.c index d1d97a4bb36d..3431a7df3e0d 100644 --- a/drivers/pci/devres.c +++ b/drivers/pci/devres.c @@ -419,19 +419,12 @@ static void pcim_intx_restore(struct device *dev, void *data) pci_intx(pdev, res->orig_intx); } -static struct pcim_intx_devres *get_or_create_intx_devres(struct device *dev) +static void save_orig_intx(struct pci_dev *pdev, struct pcim_intx_devres *res) { - struct pcim_intx_devres *res; + u16 pci_command; - res = devres_find(dev, pcim_intx_restore, NULL, NULL); - if (res) - return res; - - res = devres_alloc(pcim_intx_restore, sizeof(*res), GFP_KERNEL); - if (res) - devres_add(dev, res); - - return res; + pci_read_config_word(pdev, PCI_COMMAND, &pci_command); + res->orig_intx = !(pci_command & PCI_COMMAND_INTX_DISABLE); } /** @@ -447,12 +440,23 @@ static struct pcim_intx_devres *get_or_create_intx_devres(struct device *dev) int pcim_intx(struct pci_dev *pdev, int enable) { struct pcim_intx_devres *res; + struct device *dev = &pdev->dev; - res = get_or_create_intx_devres(&pdev->dev); - if (!res) - return -ENOMEM; + /* + * pcim_intx() must only restore the INTx value that existed before the + * driver was loaded, i.e., before it called pcim_intx() for the + * first time. + */ + res = devres_find(dev, pcim_intx_restore, NULL, NULL); + if (!res) { + res = devres_alloc(pcim_intx_restore, sizeof(*res), GFP_KERNEL); + if (!res) + return -ENOMEM; + + save_orig_intx(pdev, res); + devres_add(dev, res); + } - res->orig_intx = !enable; pci_intx(pdev, enable); return 0;

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] PCI: Restore original INTX_DISABLE bit by pcim_intx()" failed to apply to 6.13-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.13-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.13.y git checkout FETCH_HEAD git cherry-pick -x d555ed45a5a10a813528c7685f432369d536ae3d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021021-recast-wrinkly-f4a0@gregkh' --subject-prefix 'PATCH 6.13.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d555ed45a5a10a813528c7685f432369d536ae3d Mon Sep 17 00:00:00 2001 From: Takashi Iwai <tiwai(a)suse.de> Date: Thu, 31 Oct 2024 14:42:56 +0100 Subject: [PATCH] PCI: Restore original INTX_DISABLE bit by pcim_intx() pcim_intx() tries to restore the INTx bit at removal via devres, but there is a chance that it restores a wrong value. Because the value to be restored is blindly assumed to be the negative of the enable argument, when a driver calls pcim_intx() unnecessarily for the already enabled state, it'll restore to the disabled state in turn. That is, the function assumes the case like: // INTx == 1 pcim_intx(pdev, 0); // old INTx value assumed to be 1 -> correct but it might be like the following, too: // INTx == 0 pcim_intx(pdev, 0); // old INTx value assumed to be 1 -> wrong Also, when a driver calls pcim_intx() multiple times with different enable argument values, the last one will win no matter what value it is. This can lead to inconsistency, e.g. // INTx == 1 pcim_intx(pdev, 0); // OK ... pcim_intx(pdev, 1); // now old INTx wrongly assumed to be 0 This patch addresses those inconsistencies by saving the original INTx state at the first pcim_intx() call. For that, get_or_create_intx_devres() is folded into pcim_intx() caller side; it allows us to simply check the already allocated devres and record the original INTx along with the devres_alloc() call. Link: https://lore.kernel.org/r/20241031134300.10296-1-tiwai@suse.de Fixes: 25216afc9db5 ("PCI: Add managed pcim_intx()") Link: https://lore.kernel.org/87v7xk2ps5.wl-tiwai@suse.de Signed-off-by: Takashi Iwai <tiwai(a)suse.de> Signed-off-by: Bjorn Helgaas <bhelgaas(a)google.com> Reviewed-by: Philipp Stanner <pstanner(a)redhat.com> Cc: stable(a)vger.kernel.org # v6.11+ diff --git a/drivers/pci/devres.c b/drivers/pci/devres.c index d1d97a4bb36d..3431a7df3e0d 100644 --- a/drivers/pci/devres.c +++ b/drivers/pci/devres.c @@ -419,19 +419,12 @@ static void pcim_intx_restore(struct device *dev, void *data) pci_intx(pdev, res->orig_intx); } -static struct pcim_intx_devres *get_or_create_intx_devres(struct device *dev) +static void save_orig_intx(struct pci_dev *pdev, struct pcim_intx_devres *res) { - struct pcim_intx_devres *res; + u16 pci_command; - res = devres_find(dev, pcim_intx_restore, NULL, NULL); - if (res) - return res; - - res = devres_alloc(pcim_intx_restore, sizeof(*res), GFP_KERNEL); - if (res) - devres_add(dev, res); - - return res; + pci_read_config_word(pdev, PCI_COMMAND, &pci_command); + res->orig_intx = !(pci_command & PCI_COMMAND_INTX_DISABLE); } /** @@ -447,12 +440,23 @@ static struct pcim_intx_devres *get_or_create_intx_devres(struct device *dev) int pcim_intx(struct pci_dev *pdev, int enable) { struct pcim_intx_devres *res; + struct device *dev = &pdev->dev; - res = get_or_create_intx_devres(&pdev->dev); - if (!res) - return -ENOMEM; + /* + * pcim_intx() must only restore the INTx value that existed before the + * driver was loaded, i.e., before it called pcim_intx() for the + * first time. + */ + res = devres_find(dev, pcim_intx_restore, NULL, NULL); + if (!res) { + res = devres_alloc(pcim_intx_restore, sizeof(*res), GFP_KERNEL); + if (!res) + return -ENOMEM; + + save_orig_intx(pdev, res); + devres_add(dev, res); + } - res->orig_intx = !enable; pci_intx(pdev, enable); return 0;

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] PCI: dwc: ep: Prevent changing BAR size/flags in" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 3708acbd5f169ebafe1faa519cb28adc56295546 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021045-feline-frolic-1768@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 3708acbd5f169ebafe1faa519cb28adc56295546 Mon Sep 17 00:00:00 2001 From: Niklas Cassel <cassel(a)kernel.org> Date: Fri, 13 Dec 2024 15:33:03 +0100 Subject: [PATCH] PCI: dwc: ep: Prevent changing BAR size/flags in pci_epc_set_bar() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit In commit 4284c88fff0e ("PCI: designware-ep: Allow pci_epc_set_bar() update inbound map address") set_bar() was modified to support dynamically changing the backing physical address of a BAR that was already configured. This means that set_bar() can be called twice, without ever calling clear_bar() (as calling clear_bar() would clear the BAR's PCI address assigned by the host). This can only be done if the new BAR size/flags does not differ from the existing BAR configuration. Add these missing checks. If we allow set_bar() to set e.g. a new BAR size that differs from the existing BAR size, the new address translation range will be smaller than the BAR size already determined by the host, which would mean that a read past the new BAR size would pass the iATU untranslated, which could allow the host to read memory not belonging to the new struct pci_epf_bar. While at it, add comments which clarifies the support for dynamically changing the physical address of a BAR. (Which was also missing.) Fixes: 4284c88fff0e ("PCI: designware-ep: Allow pci_epc_set_bar() update inbound map address") Link: https://lore.kernel.org/r/20241213143301.4158431-10-cassel@kernel.org Signed-off-by: Niklas Cassel <cassel(a)kernel.org> Signed-off-by: Krzysztof Wilczyński <kwilczynski(a)kernel.org> Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> Cc: stable(a)vger.kernel.org diff --git a/drivers/pci/controller/dwc/pcie-designware-ep.c b/drivers/pci/controller/dwc/pcie-designware-ep.c index bad588ef69a4..44a617d54b15 100644 --- a/drivers/pci/controller/dwc/pcie-designware-ep.c +++ b/drivers/pci/controller/dwc/pcie-designware-ep.c @@ -222,8 +222,28 @@ static int dw_pcie_ep_set_bar(struct pci_epc *epc, u8 func_no, u8 vfunc_no, if ((flags & PCI_BASE_ADDRESS_MEM_TYPE_64) && (bar & 1)) return -EINVAL; - if (ep->epf_bar[bar]) + /* + * Certain EPF drivers dynamically change the physical address of a BAR + * (i.e. they call set_bar() twice, without ever calling clear_bar(), as + * calling clear_bar() would clear the BAR's PCI address assigned by the + * host). + */ + if (ep->epf_bar[bar]) { + /* + * We can only dynamically change a BAR if the new BAR size and + * BAR flags do not differ from the existing configuration. + */ + if (ep->epf_bar[bar]->barno != bar || + ep->epf_bar[bar]->size != size || + ep->epf_bar[bar]->flags != flags) + return -EINVAL; + + /* + * When dynamically changing a BAR, skip writing the BAR reg, as + * that would clear the BAR's PCI address assigned by the host. + */ goto config_atu; + } reg = PCI_BASE_ADDRESS_0 + (4 * bar);

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] PCI: dwc: ep: Prevent changing BAR size/flags in" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 3708acbd5f169ebafe1faa519cb28adc56295546 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021044-cruelly-backpack-4cb2@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 3708acbd5f169ebafe1faa519cb28adc56295546 Mon Sep 17 00:00:00 2001 From: Niklas Cassel <cassel(a)kernel.org> Date: Fri, 13 Dec 2024 15:33:03 +0100 Subject: [PATCH] PCI: dwc: ep: Prevent changing BAR size/flags in pci_epc_set_bar() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit In commit 4284c88fff0e ("PCI: designware-ep: Allow pci_epc_set_bar() update inbound map address") set_bar() was modified to support dynamically changing the backing physical address of a BAR that was already configured. This means that set_bar() can be called twice, without ever calling clear_bar() (as calling clear_bar() would clear the BAR's PCI address assigned by the host). This can only be done if the new BAR size/flags does not differ from the existing BAR configuration. Add these missing checks. If we allow set_bar() to set e.g. a new BAR size that differs from the existing BAR size, the new address translation range will be smaller than the BAR size already determined by the host, which would mean that a read past the new BAR size would pass the iATU untranslated, which could allow the host to read memory not belonging to the new struct pci_epf_bar. While at it, add comments which clarifies the support for dynamically changing the physical address of a BAR. (Which was also missing.) Fixes: 4284c88fff0e ("PCI: designware-ep: Allow pci_epc_set_bar() update inbound map address") Link: https://lore.kernel.org/r/20241213143301.4158431-10-cassel@kernel.org Signed-off-by: Niklas Cassel <cassel(a)kernel.org> Signed-off-by: Krzysztof Wilczyński <kwilczynski(a)kernel.org> Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> Cc: stable(a)vger.kernel.org diff --git a/drivers/pci/controller/dwc/pcie-designware-ep.c b/drivers/pci/controller/dwc/pcie-designware-ep.c index bad588ef69a4..44a617d54b15 100644 --- a/drivers/pci/controller/dwc/pcie-designware-ep.c +++ b/drivers/pci/controller/dwc/pcie-designware-ep.c @@ -222,8 +222,28 @@ static int dw_pcie_ep_set_bar(struct pci_epc *epc, u8 func_no, u8 vfunc_no, if ((flags & PCI_BASE_ADDRESS_MEM_TYPE_64) && (bar & 1)) return -EINVAL; - if (ep->epf_bar[bar]) + /* + * Certain EPF drivers dynamically change the physical address of a BAR + * (i.e. they call set_bar() twice, without ever calling clear_bar(), as + * calling clear_bar() would clear the BAR's PCI address assigned by the + * host). + */ + if (ep->epf_bar[bar]) { + /* + * We can only dynamically change a BAR if the new BAR size and + * BAR flags do not differ from the existing configuration. + */ + if (ep->epf_bar[bar]->barno != bar || + ep->epf_bar[bar]->size != size || + ep->epf_bar[bar]->flags != flags) + return -EINVAL; + + /* + * When dynamically changing a BAR, skip writing the BAR reg, as + * that would clear the BAR's PCI address assigned by the host. + */ goto config_atu; + } reg = PCI_BASE_ADDRESS_0 + (4 * bar);

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] PCI: dwc: ep: Write BAR_MASK before iATU registers in" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 33a6938e0c3373f2d11f92d098f337668cd64fdd # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021037-hardcover-preflight-fd62@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 33a6938e0c3373f2d11f92d098f337668cd64fdd Mon Sep 17 00:00:00 2001 From: Niklas Cassel <cassel(a)kernel.org> Date: Fri, 13 Dec 2024 15:33:02 +0100 Subject: [PATCH] PCI: dwc: ep: Write BAR_MASK before iATU registers in pci_epc_set_bar() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The "DesignWare Cores PCI Express Controller Register Descriptions, Version 4.60a", section "1.21.70 IATU_LWR_TARGET_ADDR_OFF_INBOUND_i", fields LWR_TARGET_RW and LWR_TARGET_HW both state that: "Field size depends on log2(BAR_MASK+1) in BAR match mode." I.e. only the upper bits are writable, and the number of writable bits is dependent on the configured BAR_MASK. If we do not write the BAR_MASK before writing the iATU registers, we are relying the reset value of the BAR_MASK being larger than the requested BAR size (which is supplied in the struct pci_epf_bar which is passed to pci_epc_set_bar()). The reset value of the BAR_MASK is SoC dependent. Thus, if the struct pci_epf_bar requests a BAR size that is larger than the reset value of the BAR_MASK, the iATU will try to write to read-only bits, which will cause the iATU to end up redirecting to a physical address that is different from the address that was intended. Thus, we should always write the iATU registers after writing the BAR_MASK. Fixes: f8aed6ec624f ("PCI: dwc: designware: Add EP mode support") Link: https://lore.kernel.org/r/20241213143301.4158431-9-cassel@kernel.org Signed-off-by: Niklas Cassel <cassel(a)kernel.org> Signed-off-by: Krzysztof Wilczyński <kwilczynski(a)kernel.org> Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> Cc: stable(a)vger.kernel.org diff --git a/drivers/pci/controller/dwc/pcie-designware-ep.c b/drivers/pci/controller/dwc/pcie-designware-ep.c index f3ac7d46a855..bad588ef69a4 100644 --- a/drivers/pci/controller/dwc/pcie-designware-ep.c +++ b/drivers/pci/controller/dwc/pcie-designware-ep.c @@ -222,19 +222,10 @@ static int dw_pcie_ep_set_bar(struct pci_epc *epc, u8 func_no, u8 vfunc_no, if ((flags & PCI_BASE_ADDRESS_MEM_TYPE_64) && (bar & 1)) return -EINVAL; - reg = PCI_BASE_ADDRESS_0 + (4 * bar); - - if (!(flags & PCI_BASE_ADDRESS_SPACE)) - type = PCIE_ATU_TYPE_MEM; - else - type = PCIE_ATU_TYPE_IO; - - ret = dw_pcie_ep_inbound_atu(ep, func_no, type, epf_bar->phys_addr, bar); - if (ret) - return ret; - if (ep->epf_bar[bar]) - return 0; + goto config_atu; + + reg = PCI_BASE_ADDRESS_0 + (4 * bar); dw_pcie_dbi_ro_wr_en(pci); @@ -246,9 +237,20 @@ static int dw_pcie_ep_set_bar(struct pci_epc *epc, u8 func_no, u8 vfunc_no, dw_pcie_ep_writel_dbi(ep, func_no, reg + 4, 0); } - ep->epf_bar[bar] = epf_bar; dw_pcie_dbi_ro_wr_dis(pci); +config_atu: + if (!(flags & PCI_BASE_ADDRESS_SPACE)) + type = PCIE_ATU_TYPE_MEM; + else + type = PCIE_ATU_TYPE_IO; + + ret = dw_pcie_ep_inbound_atu(ep, func_no, type, epf_bar->phys_addr, bar); + if (ret) + return ret; + + ep->epf_bar[bar] = epf_bar; + return 0; }

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] PCI: dwc: ep: Write BAR_MASK before iATU registers in" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 33a6938e0c3373f2d11f92d098f337668cd64fdd # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021036-overjoyed-caliber-20a9@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 33a6938e0c3373f2d11f92d098f337668cd64fdd Mon Sep 17 00:00:00 2001 From: Niklas Cassel <cassel(a)kernel.org> Date: Fri, 13 Dec 2024 15:33:02 +0100 Subject: [PATCH] PCI: dwc: ep: Write BAR_MASK before iATU registers in pci_epc_set_bar() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The "DesignWare Cores PCI Express Controller Register Descriptions, Version 4.60a", section "1.21.70 IATU_LWR_TARGET_ADDR_OFF_INBOUND_i", fields LWR_TARGET_RW and LWR_TARGET_HW both state that: "Field size depends on log2(BAR_MASK+1) in BAR match mode." I.e. only the upper bits are writable, and the number of writable bits is dependent on the configured BAR_MASK. If we do not write the BAR_MASK before writing the iATU registers, we are relying the reset value of the BAR_MASK being larger than the requested BAR size (which is supplied in the struct pci_epf_bar which is passed to pci_epc_set_bar()). The reset value of the BAR_MASK is SoC dependent. Thus, if the struct pci_epf_bar requests a BAR size that is larger than the reset value of the BAR_MASK, the iATU will try to write to read-only bits, which will cause the iATU to end up redirecting to a physical address that is different from the address that was intended. Thus, we should always write the iATU registers after writing the BAR_MASK. Fixes: f8aed6ec624f ("PCI: dwc: designware: Add EP mode support") Link: https://lore.kernel.org/r/20241213143301.4158431-9-cassel@kernel.org Signed-off-by: Niklas Cassel <cassel(a)kernel.org> Signed-off-by: Krzysztof Wilczyński <kwilczynski(a)kernel.org> Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> Cc: stable(a)vger.kernel.org diff --git a/drivers/pci/controller/dwc/pcie-designware-ep.c b/drivers/pci/controller/dwc/pcie-designware-ep.c index f3ac7d46a855..bad588ef69a4 100644 --- a/drivers/pci/controller/dwc/pcie-designware-ep.c +++ b/drivers/pci/controller/dwc/pcie-designware-ep.c @@ -222,19 +222,10 @@ static int dw_pcie_ep_set_bar(struct pci_epc *epc, u8 func_no, u8 vfunc_no, if ((flags & PCI_BASE_ADDRESS_MEM_TYPE_64) && (bar & 1)) return -EINVAL; - reg = PCI_BASE_ADDRESS_0 + (4 * bar); - - if (!(flags & PCI_BASE_ADDRESS_SPACE)) - type = PCIE_ATU_TYPE_MEM; - else - type = PCIE_ATU_TYPE_IO; - - ret = dw_pcie_ep_inbound_atu(ep, func_no, type, epf_bar->phys_addr, bar); - if (ret) - return ret; - if (ep->epf_bar[bar]) - return 0; + goto config_atu; + + reg = PCI_BASE_ADDRESS_0 + (4 * bar); dw_pcie_dbi_ro_wr_en(pci); @@ -246,9 +237,20 @@ static int dw_pcie_ep_set_bar(struct pci_epc *epc, u8 func_no, u8 vfunc_no, dw_pcie_ep_writel_dbi(ep, func_no, reg + 4, 0); } - ep->epf_bar[bar] = epf_bar; dw_pcie_dbi_ro_wr_dis(pci); +config_atu: + if (!(flags & PCI_BASE_ADDRESS_SPACE)) + type = PCIE_ATU_TYPE_MEM; + else + type = PCIE_ATU_TYPE_IO; + + ret = dw_pcie_ep_inbound_atu(ep, func_no, type, epf_bar->phys_addr, bar); + if (ret) + return ret; + + ep->epf_bar[bar] = epf_bar; + return 0; }

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] PCI: dwc: ep: Write BAR_MASK before iATU registers in" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 33a6938e0c3373f2d11f92d098f337668cd64fdd # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021035-election-probably-7886@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 33a6938e0c3373f2d11f92d098f337668cd64fdd Mon Sep 17 00:00:00 2001 From: Niklas Cassel <cassel(a)kernel.org> Date: Fri, 13 Dec 2024 15:33:02 +0100 Subject: [PATCH] PCI: dwc: ep: Write BAR_MASK before iATU registers in pci_epc_set_bar() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The "DesignWare Cores PCI Express Controller Register Descriptions, Version 4.60a", section "1.21.70 IATU_LWR_TARGET_ADDR_OFF_INBOUND_i", fields LWR_TARGET_RW and LWR_TARGET_HW both state that: "Field size depends on log2(BAR_MASK+1) in BAR match mode." I.e. only the upper bits are writable, and the number of writable bits is dependent on the configured BAR_MASK. If we do not write the BAR_MASK before writing the iATU registers, we are relying the reset value of the BAR_MASK being larger than the requested BAR size (which is supplied in the struct pci_epf_bar which is passed to pci_epc_set_bar()). The reset value of the BAR_MASK is SoC dependent. Thus, if the struct pci_epf_bar requests a BAR size that is larger than the reset value of the BAR_MASK, the iATU will try to write to read-only bits, which will cause the iATU to end up redirecting to a physical address that is different from the address that was intended. Thus, we should always write the iATU registers after writing the BAR_MASK. Fixes: f8aed6ec624f ("PCI: dwc: designware: Add EP mode support") Link: https://lore.kernel.org/r/20241213143301.4158431-9-cassel@kernel.org Signed-off-by: Niklas Cassel <cassel(a)kernel.org> Signed-off-by: Krzysztof Wilczyński <kwilczynski(a)kernel.org> Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> Cc: stable(a)vger.kernel.org diff --git a/drivers/pci/controller/dwc/pcie-designware-ep.c b/drivers/pci/controller/dwc/pcie-designware-ep.c index f3ac7d46a855..bad588ef69a4 100644 --- a/drivers/pci/controller/dwc/pcie-designware-ep.c +++ b/drivers/pci/controller/dwc/pcie-designware-ep.c @@ -222,19 +222,10 @@ static int dw_pcie_ep_set_bar(struct pci_epc *epc, u8 func_no, u8 vfunc_no, if ((flags & PCI_BASE_ADDRESS_MEM_TYPE_64) && (bar & 1)) return -EINVAL; - reg = PCI_BASE_ADDRESS_0 + (4 * bar); - - if (!(flags & PCI_BASE_ADDRESS_SPACE)) - type = PCIE_ATU_TYPE_MEM; - else - type = PCIE_ATU_TYPE_IO; - - ret = dw_pcie_ep_inbound_atu(ep, func_no, type, epf_bar->phys_addr, bar); - if (ret) - return ret; - if (ep->epf_bar[bar]) - return 0; + goto config_atu; + + reg = PCI_BASE_ADDRESS_0 + (4 * bar); dw_pcie_dbi_ro_wr_en(pci); @@ -246,9 +237,20 @@ static int dw_pcie_ep_set_bar(struct pci_epc *epc, u8 func_no, u8 vfunc_no, dw_pcie_ep_writel_dbi(ep, func_no, reg + 4, 0); } - ep->epf_bar[bar] = epf_bar; dw_pcie_dbi_ro_wr_dis(pci); +config_atu: + if (!(flags & PCI_BASE_ADDRESS_SPACE)) + type = PCIE_ATU_TYPE_MEM; + else + type = PCIE_ATU_TYPE_IO; + + ret = dw_pcie_ep_inbound_atu(ep, func_no, type, epf_bar->phys_addr, bar); + if (ret) + return ret; + + ep->epf_bar[bar] = epf_bar; + return 0; }

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] PCI: dwc: ep: Write BAR_MASK before iATU registers in" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 33a6938e0c3373f2d11f92d098f337668cd64fdd # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021035-theme-scarcity-f244@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 33a6938e0c3373f2d11f92d098f337668cd64fdd Mon Sep 17 00:00:00 2001 From: Niklas Cassel <cassel(a)kernel.org> Date: Fri, 13 Dec 2024 15:33:02 +0100 Subject: [PATCH] PCI: dwc: ep: Write BAR_MASK before iATU registers in pci_epc_set_bar() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The "DesignWare Cores PCI Express Controller Register Descriptions, Version 4.60a", section "1.21.70 IATU_LWR_TARGET_ADDR_OFF_INBOUND_i", fields LWR_TARGET_RW and LWR_TARGET_HW both state that: "Field size depends on log2(BAR_MASK+1) in BAR match mode." I.e. only the upper bits are writable, and the number of writable bits is dependent on the configured BAR_MASK. If we do not write the BAR_MASK before writing the iATU registers, we are relying the reset value of the BAR_MASK being larger than the requested BAR size (which is supplied in the struct pci_epf_bar which is passed to pci_epc_set_bar()). The reset value of the BAR_MASK is SoC dependent. Thus, if the struct pci_epf_bar requests a BAR size that is larger than the reset value of the BAR_MASK, the iATU will try to write to read-only bits, which will cause the iATU to end up redirecting to a physical address that is different from the address that was intended. Thus, we should always write the iATU registers after writing the BAR_MASK. Fixes: f8aed6ec624f ("PCI: dwc: designware: Add EP mode support") Link: https://lore.kernel.org/r/20241213143301.4158431-9-cassel@kernel.org Signed-off-by: Niklas Cassel <cassel(a)kernel.org> Signed-off-by: Krzysztof Wilczyński <kwilczynski(a)kernel.org> Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> Cc: stable(a)vger.kernel.org diff --git a/drivers/pci/controller/dwc/pcie-designware-ep.c b/drivers/pci/controller/dwc/pcie-designware-ep.c index f3ac7d46a855..bad588ef69a4 100644 --- a/drivers/pci/controller/dwc/pcie-designware-ep.c +++ b/drivers/pci/controller/dwc/pcie-designware-ep.c @@ -222,19 +222,10 @@ static int dw_pcie_ep_set_bar(struct pci_epc *epc, u8 func_no, u8 vfunc_no, if ((flags & PCI_BASE_ADDRESS_MEM_TYPE_64) && (bar & 1)) return -EINVAL; - reg = PCI_BASE_ADDRESS_0 + (4 * bar); - - if (!(flags & PCI_BASE_ADDRESS_SPACE)) - type = PCIE_ATU_TYPE_MEM; - else - type = PCIE_ATU_TYPE_IO; - - ret = dw_pcie_ep_inbound_atu(ep, func_no, type, epf_bar->phys_addr, bar); - if (ret) - return ret; - if (ep->epf_bar[bar]) - return 0; + goto config_atu; + + reg = PCI_BASE_ADDRESS_0 + (4 * bar); dw_pcie_dbi_ro_wr_en(pci); @@ -246,9 +237,20 @@ static int dw_pcie_ep_set_bar(struct pci_epc *epc, u8 func_no, u8 vfunc_no, dw_pcie_ep_writel_dbi(ep, func_no, reg + 4, 0); } - ep->epf_bar[bar] = epf_bar; dw_pcie_dbi_ro_wr_dis(pci); +config_atu: + if (!(flags & PCI_BASE_ADDRESS_SPACE)) + type = PCIE_ATU_TYPE_MEM; + else + type = PCIE_ATU_TYPE_IO; + + ret = dw_pcie_ep_inbound_atu(ep, func_no, type, epf_bar->phys_addr, bar); + if (ret) + return ret; + + ep->epf_bar[bar] = epf_bar; + return 0; }

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] PCI: dwc: ep: Write BAR_MASK before iATU registers in" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 33a6938e0c3373f2d11f92d098f337668cd64fdd # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021034-upheaval-hydration-0e42@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 33a6938e0c3373f2d11f92d098f337668cd64fdd Mon Sep 17 00:00:00 2001 From: Niklas Cassel <cassel(a)kernel.org> Date: Fri, 13 Dec 2024 15:33:02 +0100 Subject: [PATCH] PCI: dwc: ep: Write BAR_MASK before iATU registers in pci_epc_set_bar() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The "DesignWare Cores PCI Express Controller Register Descriptions, Version 4.60a", section "1.21.70 IATU_LWR_TARGET_ADDR_OFF_INBOUND_i", fields LWR_TARGET_RW and LWR_TARGET_HW both state that: "Field size depends on log2(BAR_MASK+1) in BAR match mode." I.e. only the upper bits are writable, and the number of writable bits is dependent on the configured BAR_MASK. If we do not write the BAR_MASK before writing the iATU registers, we are relying the reset value of the BAR_MASK being larger than the requested BAR size (which is supplied in the struct pci_epf_bar which is passed to pci_epc_set_bar()). The reset value of the BAR_MASK is SoC dependent. Thus, if the struct pci_epf_bar requests a BAR size that is larger than the reset value of the BAR_MASK, the iATU will try to write to read-only bits, which will cause the iATU to end up redirecting to a physical address that is different from the address that was intended. Thus, we should always write the iATU registers after writing the BAR_MASK. Fixes: f8aed6ec624f ("PCI: dwc: designware: Add EP mode support") Link: https://lore.kernel.org/r/20241213143301.4158431-9-cassel@kernel.org Signed-off-by: Niklas Cassel <cassel(a)kernel.org> Signed-off-by: Krzysztof Wilczyński <kwilczynski(a)kernel.org> Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> Cc: stable(a)vger.kernel.org diff --git a/drivers/pci/controller/dwc/pcie-designware-ep.c b/drivers/pci/controller/dwc/pcie-designware-ep.c index f3ac7d46a855..bad588ef69a4 100644 --- a/drivers/pci/controller/dwc/pcie-designware-ep.c +++ b/drivers/pci/controller/dwc/pcie-designware-ep.c @@ -222,19 +222,10 @@ static int dw_pcie_ep_set_bar(struct pci_epc *epc, u8 func_no, u8 vfunc_no, if ((flags & PCI_BASE_ADDRESS_MEM_TYPE_64) && (bar & 1)) return -EINVAL; - reg = PCI_BASE_ADDRESS_0 + (4 * bar); - - if (!(flags & PCI_BASE_ADDRESS_SPACE)) - type = PCIE_ATU_TYPE_MEM; - else - type = PCIE_ATU_TYPE_IO; - - ret = dw_pcie_ep_inbound_atu(ep, func_no, type, epf_bar->phys_addr, bar); - if (ret) - return ret; - if (ep->epf_bar[bar]) - return 0; + goto config_atu; + + reg = PCI_BASE_ADDRESS_0 + (4 * bar); dw_pcie_dbi_ro_wr_en(pci); @@ -246,9 +237,20 @@ static int dw_pcie_ep_set_bar(struct pci_epc *epc, u8 func_no, u8 vfunc_no, dw_pcie_ep_writel_dbi(ep, func_no, reg + 4, 0); } - ep->epf_bar[bar] = epf_bar; dw_pcie_dbi_ro_wr_dis(pci); +config_atu: + if (!(flags & PCI_BASE_ADDRESS_SPACE)) + type = PCIE_ATU_TYPE_MEM; + else + type = PCIE_ATU_TYPE_IO; + + ret = dw_pcie_ep_inbound_atu(ep, func_no, type, epf_bar->phys_addr, bar); + if (ret) + return ret; + + ep->epf_bar[bar] = epf_bar; + return 0; }

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] PCI: Avoid putting some root ports into D3 on TUXEDO Sirius" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x b1049f2d68693c80a576c4578d96774a68df2bad # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021011-blade-viselike-e35c@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b1049f2d68693c80a576c4578d96774a68df2bad Mon Sep 17 00:00:00 2001 From: Werner Sembach <wse(a)tuxedocomputers.com> Date: Tue, 14 Jan 2025 23:23:54 +0100 Subject: [PATCH] PCI: Avoid putting some root ports into D3 on TUXEDO Sirius Gen1 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit commit 9d26d3a8f1b0 ("PCI: Put PCIe ports into D3 during suspend") sets the policy that all PCIe ports are allowed to use D3. When the system is suspended if the port is not power manageable by the platform and won't be used for wakeup via a PME this sets up the policy for these ports to go into D3hot. This policy generally makes sense from an OSPM perspective but it leads to problems with wakeup from suspend on the TUXEDO Sirius 16 Gen 1 with a specific old BIOS. This manifests as a system hang. On the affected Device + BIOS combination, add a quirk for the root port of the problematic controller to ensure that these root ports are not put into D3hot at suspend. This patch is based on https://lore.kernel.org/linux-pci/20230708214457.1229-2-mario.limonciello@a… but with the added condition both in the documentation and in the code to apply only to the TUXEDO Sirius 16 Gen 1 with a specific old BIOS and only the affected root ports. Fixes: 9d26d3a8f1b0 ("PCI: Put PCIe ports into D3 during suspend") Suggested-by: Mario Limonciello <mario.limonciello(a)amd.com> Link: https://lore.kernel.org/r/20250114222436.1075456-1-wse@tuxedocomputers.com Co-developed-by: Georg Gottleuber <ggo(a)tuxedocomputers.com> Signed-off-by: Georg Gottleuber <ggo(a)tuxedocomputers.com> Signed-off-by: Werner Sembach <wse(a)tuxedocomputers.com> Signed-off-by: Krzysztof Wilczyński <kwilczynski(a)kernel.org> Cc: <stable(a)vger.kernel.org> # 6.1+ diff --git a/arch/x86/pci/fixup.c b/arch/x86/pci/fixup.c index 0681ecfe3430..f348a3179b2d 100644 --- a/arch/x86/pci/fixup.c +++ b/arch/x86/pci/fixup.c @@ -1010,4 +1010,34 @@ DECLARE_PCI_FIXUP_SUSPEND(PCI_VENDOR_ID_AMD, 0x1668, amd_rp_pme_suspend); DECLARE_PCI_FIXUP_RESUME(PCI_VENDOR_ID_AMD, 0x1668, amd_rp_pme_resume); DECLARE_PCI_FIXUP_SUSPEND(PCI_VENDOR_ID_AMD, 0x1669, amd_rp_pme_suspend); DECLARE_PCI_FIXUP_RESUME(PCI_VENDOR_ID_AMD, 0x1669, amd_rp_pme_resume); + +/* + * Putting PCIe root ports on Ryzen SoCs with USB4 controllers into D3hot + * may cause problems when the system attempts wake up from s2idle. + * + * On the TUXEDO Sirius 16 Gen 1 with a specific old BIOS this manifests as + * a system hang. + */ +static const struct dmi_system_id quirk_tuxeo_rp_d3_dmi_table[] = { + { + .matches = { + DMI_EXACT_MATCH(DMI_SYS_VENDOR, "TUXEDO"), + DMI_EXACT_MATCH(DMI_BOARD_NAME, "APX958"), + DMI_EXACT_MATCH(DMI_BIOS_VERSION, "V1.00A00_20240108"), + }, + }, + {} +}; + +static void quirk_tuxeo_rp_d3(struct pci_dev *pdev) +{ + struct pci_dev *root_pdev; + + if (dmi_check_system(quirk_tuxeo_rp_d3_dmi_table)) { + root_pdev = pcie_find_root_port(pdev); + if (root_pdev) + root_pdev->dev_flags |= PCI_DEV_FLAGS_NO_D3; + } +} +DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_AMD, 0x1502, quirk_tuxeo_rp_d3); #endif /* CONFIG_SUSPEND */

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] firmware: qcom: scm: Fix missing read barrier in" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 0a744cceebd0480cb39587b3b1339d66a9d14063 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021032-maturing-punctuate-10e5@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0a744cceebd0480cb39587b3b1339d66a9d14063 Mon Sep 17 00:00:00 2001 From: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Date: Mon, 9 Dec 2024 15:27:54 +0100 Subject: [PATCH] firmware: qcom: scm: Fix missing read barrier in qcom_scm_is_available() Commit 2e4955167ec5 ("firmware: qcom: scm: Fix __scm and waitq completion variable initialization") introduced a write barrier in probe function to store global '__scm' variable. It also claimed that it added a read barrier, because as we all known barriers are paired (see memory-barriers.txt: "Note that write barriers should normally be paired with read or address-dependency barriers"), however it did not really add it. The offending commit used READ_ONCE() to access '__scm' global which is not a barrier. The barrier is needed so the store to '__scm' will be properly visible. This is most likely not fatal in current driver design, because missing read barrier would mean qcom_scm_is_available() callers will access old value, NULL. Driver does not support unbinding and does not correctly handle probe failures, thus there is no risk of stale or old pointer in '__scm' variable. However for code correctness, readability and to be sure that we did not mess up something in this tricky topic of SMP barriers, add a read barrier for accessing '__scm'. Change also comment from useless/obvious what does barrier do, to what is expected: which other parts of the code are involved here. Fixes: 2e4955167ec5 ("firmware: qcom: scm: Fix __scm and waitq completion variable initialization") Cc: stable(a)vger.kernel.org Reviewed-by: Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Link: https://lore.kernel.org/r/20241209-qcom-scm-missing-barriers-and-all-sort-o… Signed-off-by: Bjorn Andersson <andersson(a)kernel.org> diff --git a/drivers/firmware/qcom/qcom_scm.c b/drivers/firmware/qcom/qcom_scm.c index e736b4b46ea4..cde60566c793 100644 --- a/drivers/firmware/qcom/qcom_scm.c +++ b/drivers/firmware/qcom/qcom_scm.c @@ -1872,7 +1872,8 @@ static int qcom_scm_qseecom_init(struct qcom_scm *scm) */ bool qcom_scm_is_available(void) { - return !!READ_ONCE(__scm); + /* Paired with smp_store_release() in qcom_scm_probe */ + return !!smp_load_acquire(&__scm); } EXPORT_SYMBOL_GPL(qcom_scm_is_available); @@ -2029,7 +2030,7 @@ static int qcom_scm_probe(struct platform_device *pdev) if (ret) return ret; - /* Let all above stores be available after this */ + /* Paired with smp_load_acquire() in qcom_scm_is_available(). */ smp_store_release(&__scm, scm); irq = platform_get_irq_optional(pdev, 0);

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] dm-crypt: don't update io->sector after" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 9fdbbdbbc92b1474a87b89f8b964892a63734492 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021037-walk-outmatch-5872@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 9fdbbdbbc92b1474a87b89f8b964892a63734492 Mon Sep 17 00:00:00 2001 From: Hou Tao <houtao1(a)huawei.com> Date: Mon, 20 Jan 2025 16:29:49 +0800 Subject: [PATCH] dm-crypt: don't update io->sector after kcryptd_crypt_write_io_submit() The updates of io->sector are the leftovers when dm-crypt allocated pages for partial write request. However, since commit cf2f1abfbd0db ("dm crypt: don't allocate pages for a partial request"), there is no partial request anymore. After the introduction of write request rb-tree, the updates of io->sectors may interfere the insertion procedure, because ->sectors of these write requests which have already been added in the rb-tree may be changed during the insertion of new write request. Fix it by removing these buggy updates of io->sectors. Considering these updates only effect the write request rb-tree, the commit which introduces the write request rb-tree is used as the fix tag. Fixes: b3c5fd305249 ("dm crypt: sort writes") Cc: stable(a)vger.kernel.org Signed-off-by: Hou Tao <houtao1(a)huawei.com> Signed-off-by: Mikulas Patocka <mpatocka(a)redhat.com> diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c index 8a4c24d4ee02..605859ef01b5 100644 --- a/drivers/md/dm-crypt.c +++ b/drivers/md/dm-crypt.c @@ -2090,7 +2090,6 @@ static void kcryptd_crypt_write_continue(struct work_struct *work) struct crypt_config *cc = io->cc; struct convert_context *ctx = &io->ctx; int crypt_finished; - sector_t sector = io->sector; blk_status_t r; wait_for_completion(&ctx->restart); @@ -2107,10 +2106,8 @@ static void kcryptd_crypt_write_continue(struct work_struct *work) } /* Encryption was already finished, submit io now */ - if (crypt_finished) { + if (crypt_finished) kcryptd_crypt_write_io_submit(io, 0); - io->sector = sector; - } crypt_dec_pending(io); } @@ -2121,14 +2118,13 @@ static void kcryptd_crypt_write_convert(struct dm_crypt_io *io) struct convert_context *ctx = &io->ctx; struct bio *clone; int crypt_finished; - sector_t sector = io->sector; blk_status_t r; /* * Prevent io from disappearing until this function completes. */ crypt_inc_pending(io); - crypt_convert_init(cc, ctx, NULL, io->base_bio, sector); + crypt_convert_init(cc, ctx, NULL, io->base_bio, io->sector); clone = crypt_alloc_buffer(io, io->base_bio->bi_iter.bi_size); if (unlikely(!clone)) { @@ -2145,8 +2141,6 @@ static void kcryptd_crypt_write_convert(struct dm_crypt_io *io) io->ctx.iter_in = clone->bi_iter; } - sector += bio_sectors(clone); - crypt_inc_pending(io); r = crypt_convert(cc, ctx, test_bit(DM_CRYPT_NO_WRITE_WORKQUEUE, &cc->flags), true); @@ -2170,10 +2164,8 @@ static void kcryptd_crypt_write_convert(struct dm_crypt_io *io) } /* Encryption was already finished, submit io now */ - if (crypt_finished) { + if (crypt_finished) kcryptd_crypt_write_io_submit(io, 0); - io->sector = sector; - } dec: crypt_dec_pending(io);

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] serial: sh-sci: Clean sci_ports[0] after at earlycon exit" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 5f1017069933489add0c08659673443c9905659e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021033-riverbed-unadvised-a92e@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 5f1017069933489add0c08659673443c9905659e Mon Sep 17 00:00:00 2001 From: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> Date: Thu, 16 Jan 2025 20:22:48 +0200 Subject: [PATCH] serial: sh-sci: Clean sci_ports[0] after at earlycon exit The early_console_setup() function initializes sci_ports[0].port with an object of type struct uart_port obtained from the struct earlycon_device passed as an argument to early_console_setup(). Later, during serial port probing, the serial port used as earlycon (e.g., port A) might be remapped to a different position in the sci_ports[] array, and a different serial port (e.g., port B) might be assigned to slot 0. For example: sci_ports[0] = port B sci_ports[X] = port A In this scenario, the new port mapped at index zero (port B) retains the data associated with the earlycon configuration. Consequently, after the Linux boot process, any access to the serial port now mapped to sci_ports[0] (port B) will block the original earlycon port (port A). To address this, introduce an early_console_exit() function to clean up sci_ports[0] when earlycon is exited. To prevent the cleanup of sci_ports[0] while the serial device is still being used by earlycon, introduce the struct sci_port::probing flag and account for it in early_console_exit(). Fixes: 0b0cced19ab1 ("serial: sh-sci: Add CONFIG_SERIAL_EARLYCON support") Cc: stable(a)vger.kernel.org Signed-off-by: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> Link: https://lore.kernel.org/r/20250116182249.3828577-5-claudiu.beznea.uj@bp.ren… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/serial/sh-sci.c b/drivers/tty/serial/sh-sci.c index b85a9d425f7e..e64d59888ecd 100644 --- a/drivers/tty/serial/sh-sci.c +++ b/drivers/tty/serial/sh-sci.c @@ -166,6 +166,7 @@ static struct sci_port sci_ports[SCI_NPORTS]; static unsigned long sci_ports_in_use; static struct uart_driver sci_uart_driver; static bool sci_uart_earlycon; +static bool sci_uart_earlycon_dev_probing; static inline struct sci_port * to_sci_port(struct uart_port *uart) @@ -3386,7 +3387,8 @@ static struct plat_sci_port *sci_parse_dt(struct platform_device *pdev, static int sci_probe_single(struct platform_device *dev, unsigned int index, struct plat_sci_port *p, - struct sci_port *sciport) + struct sci_port *sciport, + struct resource *sci_res) { int ret; @@ -3433,6 +3435,14 @@ static int sci_probe_single(struct platform_device *dev, sciport->port.flags |= UPF_HARD_FLOW; } + if (sci_uart_earlycon && sci_ports[0].port.mapbase == sci_res->start) { + /* + * Skip cleanup the sci_port[0] in early_console_exit(), this + * port is the same as the earlycon one. + */ + sci_uart_earlycon_dev_probing = true; + } + return uart_add_one_port(&sci_uart_driver, &sciport->port); } @@ -3491,7 +3501,7 @@ static int sci_probe(struct platform_device *dev) platform_set_drvdata(dev, sp); - ret = sci_probe_single(dev, dev_id, p, sp); + ret = sci_probe_single(dev, dev_id, p, sp, res); if (ret) return ret; @@ -3574,6 +3584,22 @@ sh_early_platform_init_buffer("earlyprintk", &sci_driver, #ifdef CONFIG_SERIAL_SH_SCI_EARLYCON static struct plat_sci_port port_cfg; +static int early_console_exit(struct console *co) +{ + struct sci_port *sci_port = &sci_ports[0]; + + /* + * Clean the slot used by earlycon. A new SCI device might + * map to this slot. + */ + if (!sci_uart_earlycon_dev_probing) { + memset(sci_port, 0, sizeof(*sci_port)); + sci_uart_earlycon = false; + } + + return 0; +} + static int __init early_console_setup(struct earlycon_device *device, int type) { @@ -3591,6 +3617,8 @@ static int __init early_console_setup(struct earlycon_device *device, SCSCR_RE | SCSCR_TE | port_cfg.scscr); device->con->write = serial_console_write; + device->con->exit = early_console_exit; + return 0; } static int __init sci_early_console_setup(struct earlycon_device *device,

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] serial: sh-sci: Clean sci_ports[0] after at earlycon exit" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 5f1017069933489add0c08659673443c9905659e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021032-graceless-hundredth-40fb@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 5f1017069933489add0c08659673443c9905659e Mon Sep 17 00:00:00 2001 From: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> Date: Thu, 16 Jan 2025 20:22:48 +0200 Subject: [PATCH] serial: sh-sci: Clean sci_ports[0] after at earlycon exit The early_console_setup() function initializes sci_ports[0].port with an object of type struct uart_port obtained from the struct earlycon_device passed as an argument to early_console_setup(). Later, during serial port probing, the serial port used as earlycon (e.g., port A) might be remapped to a different position in the sci_ports[] array, and a different serial port (e.g., port B) might be assigned to slot 0. For example: sci_ports[0] = port B sci_ports[X] = port A In this scenario, the new port mapped at index zero (port B) retains the data associated with the earlycon configuration. Consequently, after the Linux boot process, any access to the serial port now mapped to sci_ports[0] (port B) will block the original earlycon port (port A). To address this, introduce an early_console_exit() function to clean up sci_ports[0] when earlycon is exited. To prevent the cleanup of sci_ports[0] while the serial device is still being used by earlycon, introduce the struct sci_port::probing flag and account for it in early_console_exit(). Fixes: 0b0cced19ab1 ("serial: sh-sci: Add CONFIG_SERIAL_EARLYCON support") Cc: stable(a)vger.kernel.org Signed-off-by: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> Link: https://lore.kernel.org/r/20250116182249.3828577-5-claudiu.beznea.uj@bp.ren… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/serial/sh-sci.c b/drivers/tty/serial/sh-sci.c index b85a9d425f7e..e64d59888ecd 100644 --- a/drivers/tty/serial/sh-sci.c +++ b/drivers/tty/serial/sh-sci.c @@ -166,6 +166,7 @@ static struct sci_port sci_ports[SCI_NPORTS]; static unsigned long sci_ports_in_use; static struct uart_driver sci_uart_driver; static bool sci_uart_earlycon; +static bool sci_uart_earlycon_dev_probing; static inline struct sci_port * to_sci_port(struct uart_port *uart) @@ -3386,7 +3387,8 @@ static struct plat_sci_port *sci_parse_dt(struct platform_device *pdev, static int sci_probe_single(struct platform_device *dev, unsigned int index, struct plat_sci_port *p, - struct sci_port *sciport) + struct sci_port *sciport, + struct resource *sci_res) { int ret; @@ -3433,6 +3435,14 @@ static int sci_probe_single(struct platform_device *dev, sciport->port.flags |= UPF_HARD_FLOW; } + if (sci_uart_earlycon && sci_ports[0].port.mapbase == sci_res->start) { + /* + * Skip cleanup the sci_port[0] in early_console_exit(), this + * port is the same as the earlycon one. + */ + sci_uart_earlycon_dev_probing = true; + } + return uart_add_one_port(&sci_uart_driver, &sciport->port); } @@ -3491,7 +3501,7 @@ static int sci_probe(struct platform_device *dev) platform_set_drvdata(dev, sp); - ret = sci_probe_single(dev, dev_id, p, sp); + ret = sci_probe_single(dev, dev_id, p, sp, res); if (ret) return ret; @@ -3574,6 +3584,22 @@ sh_early_platform_init_buffer("earlyprintk", &sci_driver, #ifdef CONFIG_SERIAL_SH_SCI_EARLYCON static struct plat_sci_port port_cfg; +static int early_console_exit(struct console *co) +{ + struct sci_port *sci_port = &sci_ports[0]; + + /* + * Clean the slot used by earlycon. A new SCI device might + * map to this slot. + */ + if (!sci_uart_earlycon_dev_probing) { + memset(sci_port, 0, sizeof(*sci_port)); + sci_uart_earlycon = false; + } + + return 0; +} + static int __init early_console_setup(struct earlycon_device *device, int type) { @@ -3591,6 +3617,8 @@ static int __init early_console_setup(struct earlycon_device *device, SCSCR_RE | SCSCR_TE | port_cfg.scscr); device->con->write = serial_console_write; + device->con->exit = early_console_exit; + return 0; } static int __init sci_early_console_setup(struct earlycon_device *device,

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] serial: sh-sci: Clean sci_ports[0] after at earlycon exit" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 5f1017069933489add0c08659673443c9905659e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021031-retouch-blush-7454@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 5f1017069933489add0c08659673443c9905659e Mon Sep 17 00:00:00 2001 From: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> Date: Thu, 16 Jan 2025 20:22:48 +0200 Subject: [PATCH] serial: sh-sci: Clean sci_ports[0] after at earlycon exit The early_console_setup() function initializes sci_ports[0].port with an object of type struct uart_port obtained from the struct earlycon_device passed as an argument to early_console_setup(). Later, during serial port probing, the serial port used as earlycon (e.g., port A) might be remapped to a different position in the sci_ports[] array, and a different serial port (e.g., port B) might be assigned to slot 0. For example: sci_ports[0] = port B sci_ports[X] = port A In this scenario, the new port mapped at index zero (port B) retains the data associated with the earlycon configuration. Consequently, after the Linux boot process, any access to the serial port now mapped to sci_ports[0] (port B) will block the original earlycon port (port A). To address this, introduce an early_console_exit() function to clean up sci_ports[0] when earlycon is exited. To prevent the cleanup of sci_ports[0] while the serial device is still being used by earlycon, introduce the struct sci_port::probing flag and account for it in early_console_exit(). Fixes: 0b0cced19ab1 ("serial: sh-sci: Add CONFIG_SERIAL_EARLYCON support") Cc: stable(a)vger.kernel.org Signed-off-by: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> Link: https://lore.kernel.org/r/20250116182249.3828577-5-claudiu.beznea.uj@bp.ren… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/serial/sh-sci.c b/drivers/tty/serial/sh-sci.c index b85a9d425f7e..e64d59888ecd 100644 --- a/drivers/tty/serial/sh-sci.c +++ b/drivers/tty/serial/sh-sci.c @@ -166,6 +166,7 @@ static struct sci_port sci_ports[SCI_NPORTS]; static unsigned long sci_ports_in_use; static struct uart_driver sci_uart_driver; static bool sci_uart_earlycon; +static bool sci_uart_earlycon_dev_probing; static inline struct sci_port * to_sci_port(struct uart_port *uart) @@ -3386,7 +3387,8 @@ static struct plat_sci_port *sci_parse_dt(struct platform_device *pdev, static int sci_probe_single(struct platform_device *dev, unsigned int index, struct plat_sci_port *p, - struct sci_port *sciport) + struct sci_port *sciport, + struct resource *sci_res) { int ret; @@ -3433,6 +3435,14 @@ static int sci_probe_single(struct platform_device *dev, sciport->port.flags |= UPF_HARD_FLOW; } + if (sci_uart_earlycon && sci_ports[0].port.mapbase == sci_res->start) { + /* + * Skip cleanup the sci_port[0] in early_console_exit(), this + * port is the same as the earlycon one. + */ + sci_uart_earlycon_dev_probing = true; + } + return uart_add_one_port(&sci_uart_driver, &sciport->port); } @@ -3491,7 +3501,7 @@ static int sci_probe(struct platform_device *dev) platform_set_drvdata(dev, sp); - ret = sci_probe_single(dev, dev_id, p, sp); + ret = sci_probe_single(dev, dev_id, p, sp, res); if (ret) return ret; @@ -3574,6 +3584,22 @@ sh_early_platform_init_buffer("earlyprintk", &sci_driver, #ifdef CONFIG_SERIAL_SH_SCI_EARLYCON static struct plat_sci_port port_cfg; +static int early_console_exit(struct console *co) +{ + struct sci_port *sci_port = &sci_ports[0]; + + /* + * Clean the slot used by earlycon. A new SCI device might + * map to this slot. + */ + if (!sci_uart_earlycon_dev_probing) { + memset(sci_port, 0, sizeof(*sci_port)); + sci_uart_earlycon = false; + } + + return 0; +} + static int __init early_console_setup(struct earlycon_device *device, int type) { @@ -3591,6 +3617,8 @@ static int __init early_console_setup(struct earlycon_device *device, SCSCR_RE | SCSCR_TE | port_cfg.scscr); device->con->write = serial_console_write; + device->con->exit = early_console_exit; + return 0; } static int __init sci_early_console_setup(struct earlycon_device *device,

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] serial: sh-sci: Clean sci_ports[0] after at earlycon exit" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 5f1017069933489add0c08659673443c9905659e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021031-setback-playmate-b9f0@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 5f1017069933489add0c08659673443c9905659e Mon Sep 17 00:00:00 2001 From: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> Date: Thu, 16 Jan 2025 20:22:48 +0200 Subject: [PATCH] serial: sh-sci: Clean sci_ports[0] after at earlycon exit The early_console_setup() function initializes sci_ports[0].port with an object of type struct uart_port obtained from the struct earlycon_device passed as an argument to early_console_setup(). Later, during serial port probing, the serial port used as earlycon (e.g., port A) might be remapped to a different position in the sci_ports[] array, and a different serial port (e.g., port B) might be assigned to slot 0. For example: sci_ports[0] = port B sci_ports[X] = port A In this scenario, the new port mapped at index zero (port B) retains the data associated with the earlycon configuration. Consequently, after the Linux boot process, any access to the serial port now mapped to sci_ports[0] (port B) will block the original earlycon port (port A). To address this, introduce an early_console_exit() function to clean up sci_ports[0] when earlycon is exited. To prevent the cleanup of sci_ports[0] while the serial device is still being used by earlycon, introduce the struct sci_port::probing flag and account for it in early_console_exit(). Fixes: 0b0cced19ab1 ("serial: sh-sci: Add CONFIG_SERIAL_EARLYCON support") Cc: stable(a)vger.kernel.org Signed-off-by: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> Link: https://lore.kernel.org/r/20250116182249.3828577-5-claudiu.beznea.uj@bp.ren… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/serial/sh-sci.c b/drivers/tty/serial/sh-sci.c index b85a9d425f7e..e64d59888ecd 100644 --- a/drivers/tty/serial/sh-sci.c +++ b/drivers/tty/serial/sh-sci.c @@ -166,6 +166,7 @@ static struct sci_port sci_ports[SCI_NPORTS]; static unsigned long sci_ports_in_use; static struct uart_driver sci_uart_driver; static bool sci_uart_earlycon; +static bool sci_uart_earlycon_dev_probing; static inline struct sci_port * to_sci_port(struct uart_port *uart) @@ -3386,7 +3387,8 @@ static struct plat_sci_port *sci_parse_dt(struct platform_device *pdev, static int sci_probe_single(struct platform_device *dev, unsigned int index, struct plat_sci_port *p, - struct sci_port *sciport) + struct sci_port *sciport, + struct resource *sci_res) { int ret; @@ -3433,6 +3435,14 @@ static int sci_probe_single(struct platform_device *dev, sciport->port.flags |= UPF_HARD_FLOW; } + if (sci_uart_earlycon && sci_ports[0].port.mapbase == sci_res->start) { + /* + * Skip cleanup the sci_port[0] in early_console_exit(), this + * port is the same as the earlycon one. + */ + sci_uart_earlycon_dev_probing = true; + } + return uart_add_one_port(&sci_uart_driver, &sciport->port); } @@ -3491,7 +3501,7 @@ static int sci_probe(struct platform_device *dev) platform_set_drvdata(dev, sp); - ret = sci_probe_single(dev, dev_id, p, sp); + ret = sci_probe_single(dev, dev_id, p, sp, res); if (ret) return ret; @@ -3574,6 +3584,22 @@ sh_early_platform_init_buffer("earlyprintk", &sci_driver, #ifdef CONFIG_SERIAL_SH_SCI_EARLYCON static struct plat_sci_port port_cfg; +static int early_console_exit(struct console *co) +{ + struct sci_port *sci_port = &sci_ports[0]; + + /* + * Clean the slot used by earlycon. A new SCI device might + * map to this slot. + */ + if (!sci_uart_earlycon_dev_probing) { + memset(sci_port, 0, sizeof(*sci_port)); + sci_uart_earlycon = false; + } + + return 0; +} + static int __init early_console_setup(struct earlycon_device *device, int type) { @@ -3591,6 +3617,8 @@ static int __init early_console_setup(struct earlycon_device *device, SCSCR_RE | SCSCR_TE | port_cfg.scscr); device->con->write = serial_console_write; + device->con->exit = early_console_exit; + return 0; } static int __init sci_early_console_setup(struct earlycon_device *device,

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] serial: sh-sci: Clean sci_ports[0] after at earlycon exit" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 5f1017069933489add0c08659673443c9905659e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021030-proud-overdrawn-f611@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 5f1017069933489add0c08659673443c9905659e Mon Sep 17 00:00:00 2001 From: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> Date: Thu, 16 Jan 2025 20:22:48 +0200 Subject: [PATCH] serial: sh-sci: Clean sci_ports[0] after at earlycon exit The early_console_setup() function initializes sci_ports[0].port with an object of type struct uart_port obtained from the struct earlycon_device passed as an argument to early_console_setup(). Later, during serial port probing, the serial port used as earlycon (e.g., port A) might be remapped to a different position in the sci_ports[] array, and a different serial port (e.g., port B) might be assigned to slot 0. For example: sci_ports[0] = port B sci_ports[X] = port A In this scenario, the new port mapped at index zero (port B) retains the data associated with the earlycon configuration. Consequently, after the Linux boot process, any access to the serial port now mapped to sci_ports[0] (port B) will block the original earlycon port (port A). To address this, introduce an early_console_exit() function to clean up sci_ports[0] when earlycon is exited. To prevent the cleanup of sci_ports[0] while the serial device is still being used by earlycon, introduce the struct sci_port::probing flag and account for it in early_console_exit(). Fixes: 0b0cced19ab1 ("serial: sh-sci: Add CONFIG_SERIAL_EARLYCON support") Cc: stable(a)vger.kernel.org Signed-off-by: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> Link: https://lore.kernel.org/r/20250116182249.3828577-5-claudiu.beznea.uj@bp.ren… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/serial/sh-sci.c b/drivers/tty/serial/sh-sci.c index b85a9d425f7e..e64d59888ecd 100644 --- a/drivers/tty/serial/sh-sci.c +++ b/drivers/tty/serial/sh-sci.c @@ -166,6 +166,7 @@ static struct sci_port sci_ports[SCI_NPORTS]; static unsigned long sci_ports_in_use; static struct uart_driver sci_uart_driver; static bool sci_uart_earlycon; +static bool sci_uart_earlycon_dev_probing; static inline struct sci_port * to_sci_port(struct uart_port *uart) @@ -3386,7 +3387,8 @@ static struct plat_sci_port *sci_parse_dt(struct platform_device *pdev, static int sci_probe_single(struct platform_device *dev, unsigned int index, struct plat_sci_port *p, - struct sci_port *sciport) + struct sci_port *sciport, + struct resource *sci_res) { int ret; @@ -3433,6 +3435,14 @@ static int sci_probe_single(struct platform_device *dev, sciport->port.flags |= UPF_HARD_FLOW; } + if (sci_uart_earlycon && sci_ports[0].port.mapbase == sci_res->start) { + /* + * Skip cleanup the sci_port[0] in early_console_exit(), this + * port is the same as the earlycon one. + */ + sci_uart_earlycon_dev_probing = true; + } + return uart_add_one_port(&sci_uart_driver, &sciport->port); } @@ -3491,7 +3501,7 @@ static int sci_probe(struct platform_device *dev) platform_set_drvdata(dev, sp); - ret = sci_probe_single(dev, dev_id, p, sp); + ret = sci_probe_single(dev, dev_id, p, sp, res); if (ret) return ret; @@ -3574,6 +3584,22 @@ sh_early_platform_init_buffer("earlyprintk", &sci_driver, #ifdef CONFIG_SERIAL_SH_SCI_EARLYCON static struct plat_sci_port port_cfg; +static int early_console_exit(struct console *co) +{ + struct sci_port *sci_port = &sci_ports[0]; + + /* + * Clean the slot used by earlycon. A new SCI device might + * map to this slot. + */ + if (!sci_uart_earlycon_dev_probing) { + memset(sci_port, 0, sizeof(*sci_port)); + sci_uart_earlycon = false; + } + + return 0; +} + static int __init early_console_setup(struct earlycon_device *device, int type) { @@ -3591,6 +3617,8 @@ static int __init early_console_setup(struct earlycon_device *device, SCSCR_RE | SCSCR_TE | port_cfg.scscr); device->con->write = serial_console_write; + device->con->exit = early_console_exit; + return 0; } static int __init sci_early_console_setup(struct earlycon_device *device,

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] serial: sh-sci: Clean sci_ports[0] after at earlycon exit" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 5f1017069933489add0c08659673443c9905659e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021029-hunger-quizzical-9965@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 5f1017069933489add0c08659673443c9905659e Mon Sep 17 00:00:00 2001 From: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> Date: Thu, 16 Jan 2025 20:22:48 +0200 Subject: [PATCH] serial: sh-sci: Clean sci_ports[0] after at earlycon exit The early_console_setup() function initializes sci_ports[0].port with an object of type struct uart_port obtained from the struct earlycon_device passed as an argument to early_console_setup(). Later, during serial port probing, the serial port used as earlycon (e.g., port A) might be remapped to a different position in the sci_ports[] array, and a different serial port (e.g., port B) might be assigned to slot 0. For example: sci_ports[0] = port B sci_ports[X] = port A In this scenario, the new port mapped at index zero (port B) retains the data associated with the earlycon configuration. Consequently, after the Linux boot process, any access to the serial port now mapped to sci_ports[0] (port B) will block the original earlycon port (port A). To address this, introduce an early_console_exit() function to clean up sci_ports[0] when earlycon is exited. To prevent the cleanup of sci_ports[0] while the serial device is still being used by earlycon, introduce the struct sci_port::probing flag and account for it in early_console_exit(). Fixes: 0b0cced19ab1 ("serial: sh-sci: Add CONFIG_SERIAL_EARLYCON support") Cc: stable(a)vger.kernel.org Signed-off-by: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> Link: https://lore.kernel.org/r/20250116182249.3828577-5-claudiu.beznea.uj@bp.ren… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/serial/sh-sci.c b/drivers/tty/serial/sh-sci.c index b85a9d425f7e..e64d59888ecd 100644 --- a/drivers/tty/serial/sh-sci.c +++ b/drivers/tty/serial/sh-sci.c @@ -166,6 +166,7 @@ static struct sci_port sci_ports[SCI_NPORTS]; static unsigned long sci_ports_in_use; static struct uart_driver sci_uart_driver; static bool sci_uart_earlycon; +static bool sci_uart_earlycon_dev_probing; static inline struct sci_port * to_sci_port(struct uart_port *uart) @@ -3386,7 +3387,8 @@ static struct plat_sci_port *sci_parse_dt(struct platform_device *pdev, static int sci_probe_single(struct platform_device *dev, unsigned int index, struct plat_sci_port *p, - struct sci_port *sciport) + struct sci_port *sciport, + struct resource *sci_res) { int ret; @@ -3433,6 +3435,14 @@ static int sci_probe_single(struct platform_device *dev, sciport->port.flags |= UPF_HARD_FLOW; } + if (sci_uart_earlycon && sci_ports[0].port.mapbase == sci_res->start) { + /* + * Skip cleanup the sci_port[0] in early_console_exit(), this + * port is the same as the earlycon one. + */ + sci_uart_earlycon_dev_probing = true; + } + return uart_add_one_port(&sci_uart_driver, &sciport->port); } @@ -3491,7 +3501,7 @@ static int sci_probe(struct platform_device *dev) platform_set_drvdata(dev, sp); - ret = sci_probe_single(dev, dev_id, p, sp); + ret = sci_probe_single(dev, dev_id, p, sp, res); if (ret) return ret; @@ -3574,6 +3584,22 @@ sh_early_platform_init_buffer("earlyprintk", &sci_driver, #ifdef CONFIG_SERIAL_SH_SCI_EARLYCON static struct plat_sci_port port_cfg; +static int early_console_exit(struct console *co) +{ + struct sci_port *sci_port = &sci_ports[0]; + + /* + * Clean the slot used by earlycon. A new SCI device might + * map to this slot. + */ + if (!sci_uart_earlycon_dev_probing) { + memset(sci_port, 0, sizeof(*sci_port)); + sci_uart_earlycon = false; + } + + return 0; +} + static int __init early_console_setup(struct earlycon_device *device, int type) { @@ -3591,6 +3617,8 @@ static int __init early_console_setup(struct earlycon_device *device, SCSCR_RE | SCSCR_TE | port_cfg.scscr); device->con->write = serial_console_write; + device->con->exit = early_console_exit; + return 0; } static int __init sci_early_console_setup(struct earlycon_device *device,

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] serial: sh-sci: Clean sci_ports[0] after at earlycon exit" failed to apply to 6.13-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.13-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.13.y git checkout FETCH_HEAD git cherry-pick -x 5f1017069933489add0c08659673443c9905659e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021028-ibuprofen-gnat-01d0@gregkh' --subject-prefix 'PATCH 6.13.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 5f1017069933489add0c08659673443c9905659e Mon Sep 17 00:00:00 2001 From: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> Date: Thu, 16 Jan 2025 20:22:48 +0200 Subject: [PATCH] serial: sh-sci: Clean sci_ports[0] after at earlycon exit The early_console_setup() function initializes sci_ports[0].port with an object of type struct uart_port obtained from the struct earlycon_device passed as an argument to early_console_setup(). Later, during serial port probing, the serial port used as earlycon (e.g., port A) might be remapped to a different position in the sci_ports[] array, and a different serial port (e.g., port B) might be assigned to slot 0. For example: sci_ports[0] = port B sci_ports[X] = port A In this scenario, the new port mapped at index zero (port B) retains the data associated with the earlycon configuration. Consequently, after the Linux boot process, any access to the serial port now mapped to sci_ports[0] (port B) will block the original earlycon port (port A). To address this, introduce an early_console_exit() function to clean up sci_ports[0] when earlycon is exited. To prevent the cleanup of sci_ports[0] while the serial device is still being used by earlycon, introduce the struct sci_port::probing flag and account for it in early_console_exit(). Fixes: 0b0cced19ab1 ("serial: sh-sci: Add CONFIG_SERIAL_EARLYCON support") Cc: stable(a)vger.kernel.org Signed-off-by: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> Link: https://lore.kernel.org/r/20250116182249.3828577-5-claudiu.beznea.uj@bp.ren… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/serial/sh-sci.c b/drivers/tty/serial/sh-sci.c index b85a9d425f7e..e64d59888ecd 100644 --- a/drivers/tty/serial/sh-sci.c +++ b/drivers/tty/serial/sh-sci.c @@ -166,6 +166,7 @@ static struct sci_port sci_ports[SCI_NPORTS]; static unsigned long sci_ports_in_use; static struct uart_driver sci_uart_driver; static bool sci_uart_earlycon; +static bool sci_uart_earlycon_dev_probing; static inline struct sci_port * to_sci_port(struct uart_port *uart) @@ -3386,7 +3387,8 @@ static struct plat_sci_port *sci_parse_dt(struct platform_device *pdev, static int sci_probe_single(struct platform_device *dev, unsigned int index, struct plat_sci_port *p, - struct sci_port *sciport) + struct sci_port *sciport, + struct resource *sci_res) { int ret; @@ -3433,6 +3435,14 @@ static int sci_probe_single(struct platform_device *dev, sciport->port.flags |= UPF_HARD_FLOW; } + if (sci_uart_earlycon && sci_ports[0].port.mapbase == sci_res->start) { + /* + * Skip cleanup the sci_port[0] in early_console_exit(), this + * port is the same as the earlycon one. + */ + sci_uart_earlycon_dev_probing = true; + } + return uart_add_one_port(&sci_uart_driver, &sciport->port); } @@ -3491,7 +3501,7 @@ static int sci_probe(struct platform_device *dev) platform_set_drvdata(dev, sp); - ret = sci_probe_single(dev, dev_id, p, sp); + ret = sci_probe_single(dev, dev_id, p, sp, res); if (ret) return ret; @@ -3574,6 +3584,22 @@ sh_early_platform_init_buffer("earlyprintk", &sci_driver, #ifdef CONFIG_SERIAL_SH_SCI_EARLYCON static struct plat_sci_port port_cfg; +static int early_console_exit(struct console *co) +{ + struct sci_port *sci_port = &sci_ports[0]; + + /* + * Clean the slot used by earlycon. A new SCI device might + * map to this slot. + */ + if (!sci_uart_earlycon_dev_probing) { + memset(sci_port, 0, sizeof(*sci_port)); + sci_uart_earlycon = false; + } + + return 0; +} + static int __init early_console_setup(struct earlycon_device *device, int type) { @@ -3591,6 +3617,8 @@ static int __init early_console_setup(struct earlycon_device *device, SCSCR_RE | SCSCR_TE | port_cfg.scscr); device->con->write = serial_console_write; + device->con->exit = early_console_exit; + return 0; } static int __init sci_early_console_setup(struct earlycon_device *device,

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] serial: sh-sci: Increment the runtime usage counter for the" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 651dee03696e1dfde6d9a7e8664bbdcd9a10ea7f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021024-stoop-renewed-a942@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 651dee03696e1dfde6d9a7e8664bbdcd9a10ea7f Mon Sep 17 00:00:00 2001 From: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> Date: Thu, 16 Jan 2025 20:22:49 +0200 Subject: [PATCH] serial: sh-sci: Increment the runtime usage counter for the earlycon device In the sh-sci driver, serial ports are mapped to the sci_ports[] array, with earlycon mapped at index zero. The uart_add_one_port() function eventually calls __device_attach(), which, in turn, calls pm_request_idle(). The identified code path is as follows: uart_add_one_port() -> serial_ctrl_register_port() -> serial_core_register_port() -> serial_core_port_device_add() -> serial_base_port_add() -> device_add() -> bus_probe_device() -> device_initial_probe() -> __device_attach() -> // ... if (dev->p->dead) { // ... } else if (dev->driver) { // ... } else { // ... pm_request_idle(dev); // ... } The earlycon device clocks are enabled by the bootloader. However, the pm_request_idle() call in __device_attach() disables the SCI port clocks while earlycon is still active. The earlycon write function, serial_console_write(), calls sci_poll_put_char() via serial_console_putchar(). If the SCI port clocks are disabled, writing to earlycon may sometimes cause the SR.TDFE bit to remain unset indefinitely, causing the while loop in sci_poll_put_char() to never exit. On single-core SoCs, this can result in the system being blocked during boot when this issue occurs. To resolve this, increment the runtime PM usage counter for the earlycon SCI device before registering the UART port. Fixes: 0b0cced19ab1 ("serial: sh-sci: Add CONFIG_SERIAL_EARLYCON support") Cc: stable(a)vger.kernel.org Signed-off-by: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> Link: https://lore.kernel.org/r/20250116182249.3828577-6-claudiu.beznea.uj@bp.ren… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/serial/sh-sci.c b/drivers/tty/serial/sh-sci.c index e64d59888ecd..b1ea48f38248 100644 --- a/drivers/tty/serial/sh-sci.c +++ b/drivers/tty/serial/sh-sci.c @@ -3436,6 +3436,22 @@ static int sci_probe_single(struct platform_device *dev, } if (sci_uart_earlycon && sci_ports[0].port.mapbase == sci_res->start) { + /* + * In case: + * - this is the earlycon port (mapped on index 0 in sci_ports[]) and + * - it now maps to an alias other than zero and + * - the earlycon is still alive (e.g., "earlycon keep_bootcon" is + * available in bootargs) + * + * we need to avoid disabling clocks and PM domains through the runtime + * PM APIs called in __device_attach(). For this, increment the runtime + * PM reference counter (the clocks and PM domains were already enabled + * by the bootloader). Otherwise the earlycon may access the HW when it + * has no clocks enabled leading to failures (infinite loop in + * sci_poll_put_char()). + */ + pm_runtime_get_noresume(&dev->dev); + /* * Skip cleanup the sci_port[0] in early_console_exit(), this * port is the same as the earlycon one.

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] serial: sh-sci: Increment the runtime usage counter for the" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 651dee03696e1dfde6d9a7e8664bbdcd9a10ea7f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021018-eaten-speech-f2c6@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 651dee03696e1dfde6d9a7e8664bbdcd9a10ea7f Mon Sep 17 00:00:00 2001 From: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> Date: Thu, 16 Jan 2025 20:22:49 +0200 Subject: [PATCH] serial: sh-sci: Increment the runtime usage counter for the earlycon device In the sh-sci driver, serial ports are mapped to the sci_ports[] array, with earlycon mapped at index zero. The uart_add_one_port() function eventually calls __device_attach(), which, in turn, calls pm_request_idle(). The identified code path is as follows: uart_add_one_port() -> serial_ctrl_register_port() -> serial_core_register_port() -> serial_core_port_device_add() -> serial_base_port_add() -> device_add() -> bus_probe_device() -> device_initial_probe() -> __device_attach() -> // ... if (dev->p->dead) { // ... } else if (dev->driver) { // ... } else { // ... pm_request_idle(dev); // ... } The earlycon device clocks are enabled by the bootloader. However, the pm_request_idle() call in __device_attach() disables the SCI port clocks while earlycon is still active. The earlycon write function, serial_console_write(), calls sci_poll_put_char() via serial_console_putchar(). If the SCI port clocks are disabled, writing to earlycon may sometimes cause the SR.TDFE bit to remain unset indefinitely, causing the while loop in sci_poll_put_char() to never exit. On single-core SoCs, this can result in the system being blocked during boot when this issue occurs. To resolve this, increment the runtime PM usage counter for the earlycon SCI device before registering the UART port. Fixes: 0b0cced19ab1 ("serial: sh-sci: Add CONFIG_SERIAL_EARLYCON support") Cc: stable(a)vger.kernel.org Signed-off-by: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> Link: https://lore.kernel.org/r/20250116182249.3828577-6-claudiu.beznea.uj@bp.ren… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/serial/sh-sci.c b/drivers/tty/serial/sh-sci.c index e64d59888ecd..b1ea48f38248 100644 --- a/drivers/tty/serial/sh-sci.c +++ b/drivers/tty/serial/sh-sci.c @@ -3436,6 +3436,22 @@ static int sci_probe_single(struct platform_device *dev, } if (sci_uart_earlycon && sci_ports[0].port.mapbase == sci_res->start) { + /* + * In case: + * - this is the earlycon port (mapped on index 0 in sci_ports[]) and + * - it now maps to an alias other than zero and + * - the earlycon is still alive (e.g., "earlycon keep_bootcon" is + * available in bootargs) + * + * we need to avoid disabling clocks and PM domains through the runtime + * PM APIs called in __device_attach(). For this, increment the runtime + * PM reference counter (the clocks and PM domains were already enabled + * by the bootloader). Otherwise the earlycon may access the HW when it + * has no clocks enabled leading to failures (infinite loop in + * sci_poll_put_char()). + */ + pm_runtime_get_noresume(&dev->dev); + /* * Skip cleanup the sci_port[0] in early_console_exit(), this * port is the same as the earlycon one.

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] serial: sh-sci: Increment the runtime usage counter for the" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 651dee03696e1dfde6d9a7e8664bbdcd9a10ea7f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021018-cultural-gossip-22ea@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 651dee03696e1dfde6d9a7e8664bbdcd9a10ea7f Mon Sep 17 00:00:00 2001 From: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> Date: Thu, 16 Jan 2025 20:22:49 +0200 Subject: [PATCH] serial: sh-sci: Increment the runtime usage counter for the earlycon device In the sh-sci driver, serial ports are mapped to the sci_ports[] array, with earlycon mapped at index zero. The uart_add_one_port() function eventually calls __device_attach(), which, in turn, calls pm_request_idle(). The identified code path is as follows: uart_add_one_port() -> serial_ctrl_register_port() -> serial_core_register_port() -> serial_core_port_device_add() -> serial_base_port_add() -> device_add() -> bus_probe_device() -> device_initial_probe() -> __device_attach() -> // ... if (dev->p->dead) { // ... } else if (dev->driver) { // ... } else { // ... pm_request_idle(dev); // ... } The earlycon device clocks are enabled by the bootloader. However, the pm_request_idle() call in __device_attach() disables the SCI port clocks while earlycon is still active. The earlycon write function, serial_console_write(), calls sci_poll_put_char() via serial_console_putchar(). If the SCI port clocks are disabled, writing to earlycon may sometimes cause the SR.TDFE bit to remain unset indefinitely, causing the while loop in sci_poll_put_char() to never exit. On single-core SoCs, this can result in the system being blocked during boot when this issue occurs. To resolve this, increment the runtime PM usage counter for the earlycon SCI device before registering the UART port. Fixes: 0b0cced19ab1 ("serial: sh-sci: Add CONFIG_SERIAL_EARLYCON support") Cc: stable(a)vger.kernel.org Signed-off-by: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> Link: https://lore.kernel.org/r/20250116182249.3828577-6-claudiu.beznea.uj@bp.ren… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/serial/sh-sci.c b/drivers/tty/serial/sh-sci.c index e64d59888ecd..b1ea48f38248 100644 --- a/drivers/tty/serial/sh-sci.c +++ b/drivers/tty/serial/sh-sci.c @@ -3436,6 +3436,22 @@ static int sci_probe_single(struct platform_device *dev, } if (sci_uart_earlycon && sci_ports[0].port.mapbase == sci_res->start) { + /* + * In case: + * - this is the earlycon port (mapped on index 0 in sci_ports[]) and + * - it now maps to an alias other than zero and + * - the earlycon is still alive (e.g., "earlycon keep_bootcon" is + * available in bootargs) + * + * we need to avoid disabling clocks and PM domains through the runtime + * PM APIs called in __device_attach(). For this, increment the runtime + * PM reference counter (the clocks and PM domains were already enabled + * by the bootloader). Otherwise the earlycon may access the HW when it + * has no clocks enabled leading to failures (infinite loop in + * sci_poll_put_char()). + */ + pm_runtime_get_noresume(&dev->dev); + /* * Skip cleanup the sci_port[0] in early_console_exit(), this * port is the same as the earlycon one.

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] serial: sh-sci: Increment the runtime usage counter for the" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 651dee03696e1dfde6d9a7e8664bbdcd9a10ea7f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021017-turbulent-unpopular-11f3@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 651dee03696e1dfde6d9a7e8664bbdcd9a10ea7f Mon Sep 17 00:00:00 2001 From: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> Date: Thu, 16 Jan 2025 20:22:49 +0200 Subject: [PATCH] serial: sh-sci: Increment the runtime usage counter for the earlycon device In the sh-sci driver, serial ports are mapped to the sci_ports[] array, with earlycon mapped at index zero. The uart_add_one_port() function eventually calls __device_attach(), which, in turn, calls pm_request_idle(). The identified code path is as follows: uart_add_one_port() -> serial_ctrl_register_port() -> serial_core_register_port() -> serial_core_port_device_add() -> serial_base_port_add() -> device_add() -> bus_probe_device() -> device_initial_probe() -> __device_attach() -> // ... if (dev->p->dead) { // ... } else if (dev->driver) { // ... } else { // ... pm_request_idle(dev); // ... } The earlycon device clocks are enabled by the bootloader. However, the pm_request_idle() call in __device_attach() disables the SCI port clocks while earlycon is still active. The earlycon write function, serial_console_write(), calls sci_poll_put_char() via serial_console_putchar(). If the SCI port clocks are disabled, writing to earlycon may sometimes cause the SR.TDFE bit to remain unset indefinitely, causing the while loop in sci_poll_put_char() to never exit. On single-core SoCs, this can result in the system being blocked during boot when this issue occurs. To resolve this, increment the runtime PM usage counter for the earlycon SCI device before registering the UART port. Fixes: 0b0cced19ab1 ("serial: sh-sci: Add CONFIG_SERIAL_EARLYCON support") Cc: stable(a)vger.kernel.org Signed-off-by: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> Link: https://lore.kernel.org/r/20250116182249.3828577-6-claudiu.beznea.uj@bp.ren… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/serial/sh-sci.c b/drivers/tty/serial/sh-sci.c index e64d59888ecd..b1ea48f38248 100644 --- a/drivers/tty/serial/sh-sci.c +++ b/drivers/tty/serial/sh-sci.c @@ -3436,6 +3436,22 @@ static int sci_probe_single(struct platform_device *dev, } if (sci_uart_earlycon && sci_ports[0].port.mapbase == sci_res->start) { + /* + * In case: + * - this is the earlycon port (mapped on index 0 in sci_ports[]) and + * - it now maps to an alias other than zero and + * - the earlycon is still alive (e.g., "earlycon keep_bootcon" is + * available in bootargs) + * + * we need to avoid disabling clocks and PM domains through the runtime + * PM APIs called in __device_attach(). For this, increment the runtime + * PM reference counter (the clocks and PM domains were already enabled + * by the bootloader). Otherwise the earlycon may access the HW when it + * has no clocks enabled leading to failures (infinite loop in + * sci_poll_put_char()). + */ + pm_runtime_get_noresume(&dev->dev); + /* * Skip cleanup the sci_port[0] in early_console_exit(), this * port is the same as the earlycon one.

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] serial: sh-sci: Increment the runtime usage counter for the" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 651dee03696e1dfde6d9a7e8664bbdcd9a10ea7f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021016-jackknife-duplicity-3312@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 651dee03696e1dfde6d9a7e8664bbdcd9a10ea7f Mon Sep 17 00:00:00 2001 From: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> Date: Thu, 16 Jan 2025 20:22:49 +0200 Subject: [PATCH] serial: sh-sci: Increment the runtime usage counter for the earlycon device In the sh-sci driver, serial ports are mapped to the sci_ports[] array, with earlycon mapped at index zero. The uart_add_one_port() function eventually calls __device_attach(), which, in turn, calls pm_request_idle(). The identified code path is as follows: uart_add_one_port() -> serial_ctrl_register_port() -> serial_core_register_port() -> serial_core_port_device_add() -> serial_base_port_add() -> device_add() -> bus_probe_device() -> device_initial_probe() -> __device_attach() -> // ... if (dev->p->dead) { // ... } else if (dev->driver) { // ... } else { // ... pm_request_idle(dev); // ... } The earlycon device clocks are enabled by the bootloader. However, the pm_request_idle() call in __device_attach() disables the SCI port clocks while earlycon is still active. The earlycon write function, serial_console_write(), calls sci_poll_put_char() via serial_console_putchar(). If the SCI port clocks are disabled, writing to earlycon may sometimes cause the SR.TDFE bit to remain unset indefinitely, causing the while loop in sci_poll_put_char() to never exit. On single-core SoCs, this can result in the system being blocked during boot when this issue occurs. To resolve this, increment the runtime PM usage counter for the earlycon SCI device before registering the UART port. Fixes: 0b0cced19ab1 ("serial: sh-sci: Add CONFIG_SERIAL_EARLYCON support") Cc: stable(a)vger.kernel.org Signed-off-by: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> Link: https://lore.kernel.org/r/20250116182249.3828577-6-claudiu.beznea.uj@bp.ren… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/serial/sh-sci.c b/drivers/tty/serial/sh-sci.c index e64d59888ecd..b1ea48f38248 100644 --- a/drivers/tty/serial/sh-sci.c +++ b/drivers/tty/serial/sh-sci.c @@ -3436,6 +3436,22 @@ static int sci_probe_single(struct platform_device *dev, } if (sci_uart_earlycon && sci_ports[0].port.mapbase == sci_res->start) { + /* + * In case: + * - this is the earlycon port (mapped on index 0 in sci_ports[]) and + * - it now maps to an alias other than zero and + * - the earlycon is still alive (e.g., "earlycon keep_bootcon" is + * available in bootargs) + * + * we need to avoid disabling clocks and PM domains through the runtime + * PM APIs called in __device_attach(). For this, increment the runtime + * PM reference counter (the clocks and PM domains were already enabled + * by the bootloader). Otherwise the earlycon may access the HW when it + * has no clocks enabled leading to failures (infinite loop in + * sci_poll_put_char()). + */ + pm_runtime_get_noresume(&dev->dev); + /* * Skip cleanup the sci_port[0] in early_console_exit(), this * port is the same as the earlycon one.

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] serial: sh-sci: Increment the runtime usage counter for the" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 651dee03696e1dfde6d9a7e8664bbdcd9a10ea7f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021015-endowment-ungraded-dbc0@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 651dee03696e1dfde6d9a7e8664bbdcd9a10ea7f Mon Sep 17 00:00:00 2001 From: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> Date: Thu, 16 Jan 2025 20:22:49 +0200 Subject: [PATCH] serial: sh-sci: Increment the runtime usage counter for the earlycon device In the sh-sci driver, serial ports are mapped to the sci_ports[] array, with earlycon mapped at index zero. The uart_add_one_port() function eventually calls __device_attach(), which, in turn, calls pm_request_idle(). The identified code path is as follows: uart_add_one_port() -> serial_ctrl_register_port() -> serial_core_register_port() -> serial_core_port_device_add() -> serial_base_port_add() -> device_add() -> bus_probe_device() -> device_initial_probe() -> __device_attach() -> // ... if (dev->p->dead) { // ... } else if (dev->driver) { // ... } else { // ... pm_request_idle(dev); // ... } The earlycon device clocks are enabled by the bootloader. However, the pm_request_idle() call in __device_attach() disables the SCI port clocks while earlycon is still active. The earlycon write function, serial_console_write(), calls sci_poll_put_char() via serial_console_putchar(). If the SCI port clocks are disabled, writing to earlycon may sometimes cause the SR.TDFE bit to remain unset indefinitely, causing the while loop in sci_poll_put_char() to never exit. On single-core SoCs, this can result in the system being blocked during boot when this issue occurs. To resolve this, increment the runtime PM usage counter for the earlycon SCI device before registering the UART port. Fixes: 0b0cced19ab1 ("serial: sh-sci: Add CONFIG_SERIAL_EARLYCON support") Cc: stable(a)vger.kernel.org Signed-off-by: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> Link: https://lore.kernel.org/r/20250116182249.3828577-6-claudiu.beznea.uj@bp.ren… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/serial/sh-sci.c b/drivers/tty/serial/sh-sci.c index e64d59888ecd..b1ea48f38248 100644 --- a/drivers/tty/serial/sh-sci.c +++ b/drivers/tty/serial/sh-sci.c @@ -3436,6 +3436,22 @@ static int sci_probe_single(struct platform_device *dev, } if (sci_uart_earlycon && sci_ports[0].port.mapbase == sci_res->start) { + /* + * In case: + * - this is the earlycon port (mapped on index 0 in sci_ports[]) and + * - it now maps to an alias other than zero and + * - the earlycon is still alive (e.g., "earlycon keep_bootcon" is + * available in bootargs) + * + * we need to avoid disabling clocks and PM domains through the runtime + * PM APIs called in __device_attach(). For this, increment the runtime + * PM reference counter (the clocks and PM domains were already enabled + * by the bootloader). Otherwise the earlycon may access the HW when it + * has no clocks enabled leading to failures (infinite loop in + * sci_poll_put_char()). + */ + pm_runtime_get_noresume(&dev->dev); + /* * Skip cleanup the sci_port[0] in early_console_exit(), this * port is the same as the earlycon one.

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] serial: sh-sci: Increment the runtime usage counter for the" failed to apply to 6.13-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.13-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.13.y git checkout FETCH_HEAD git cherry-pick -x 651dee03696e1dfde6d9a7e8664bbdcd9a10ea7f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021014-overrule-trimmer-2e06@gregkh' --subject-prefix 'PATCH 6.13.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 651dee03696e1dfde6d9a7e8664bbdcd9a10ea7f Mon Sep 17 00:00:00 2001 From: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> Date: Thu, 16 Jan 2025 20:22:49 +0200 Subject: [PATCH] serial: sh-sci: Increment the runtime usage counter for the earlycon device In the sh-sci driver, serial ports are mapped to the sci_ports[] array, with earlycon mapped at index zero. The uart_add_one_port() function eventually calls __device_attach(), which, in turn, calls pm_request_idle(). The identified code path is as follows: uart_add_one_port() -> serial_ctrl_register_port() -> serial_core_register_port() -> serial_core_port_device_add() -> serial_base_port_add() -> device_add() -> bus_probe_device() -> device_initial_probe() -> __device_attach() -> // ... if (dev->p->dead) { // ... } else if (dev->driver) { // ... } else { // ... pm_request_idle(dev); // ... } The earlycon device clocks are enabled by the bootloader. However, the pm_request_idle() call in __device_attach() disables the SCI port clocks while earlycon is still active. The earlycon write function, serial_console_write(), calls sci_poll_put_char() via serial_console_putchar(). If the SCI port clocks are disabled, writing to earlycon may sometimes cause the SR.TDFE bit to remain unset indefinitely, causing the while loop in sci_poll_put_char() to never exit. On single-core SoCs, this can result in the system being blocked during boot when this issue occurs. To resolve this, increment the runtime PM usage counter for the earlycon SCI device before registering the UART port. Fixes: 0b0cced19ab1 ("serial: sh-sci: Add CONFIG_SERIAL_EARLYCON support") Cc: stable(a)vger.kernel.org Signed-off-by: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> Link: https://lore.kernel.org/r/20250116182249.3828577-6-claudiu.beznea.uj@bp.ren… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/serial/sh-sci.c b/drivers/tty/serial/sh-sci.c index e64d59888ecd..b1ea48f38248 100644 --- a/drivers/tty/serial/sh-sci.c +++ b/drivers/tty/serial/sh-sci.c @@ -3436,6 +3436,22 @@ static int sci_probe_single(struct platform_device *dev, } if (sci_uart_earlycon && sci_ports[0].port.mapbase == sci_res->start) { + /* + * In case: + * - this is the earlycon port (mapped on index 0 in sci_ports[]) and + * - it now maps to an alias other than zero and + * - the earlycon is still alive (e.g., "earlycon keep_bootcon" is + * available in bootargs) + * + * we need to avoid disabling clocks and PM domains through the runtime + * PM APIs called in __device_attach(). For this, increment the runtime + * PM reference counter (the clocks and PM domains were already enabled + * by the bootloader). Otherwise the earlycon may access the HW when it + * has no clocks enabled leading to failures (infinite loop in + * sci_poll_put_char()). + */ + pm_runtime_get_noresume(&dev->dev); + /* * Skip cleanup the sci_port[0] in early_console_exit(), this * port is the same as the earlycon one.

4 months, 1 week

1
0
0 0

[PATCH 1/1] iommu: Fix potential memory leak in iopf_queue_remove_device()

by Lu Baolu

The iopf_queue_remove_device() helper removes a device from the per-iommu iopf queue when PRI is disabled on the device. It responds to all outstanding iopf's with an IOMMU_PAGE_RESP_INVALID code and detaches the device from the queue. However, it fails to release the group structure that represents a group of iopf's awaiting for a response after responding to the hardware. This can cause a memory leak if iopf_queue_remove_device() is called with pending iopf's. Fix it by calling iopf_free_group() after the iopf group is responded. Fixes: 199112327135 ("iommu: Track iopf group instead of last fault") Cc: stable(a)vger.kernel.org Suggested-by: Kevin Tian <kevin.tian(a)intel.com> Signed-off-by: Lu Baolu <baolu.lu(a)linux.intel.com> --- drivers/iommu/io-pgfault.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/iommu/io-pgfault.c b/drivers/iommu/io-pgfault.c index 4674e618797c..8b5926c1452e 100644 --- a/drivers/iommu/io-pgfault.c +++ b/drivers/iommu/io-pgfault.c @@ -478,6 +478,7 @@ void iopf_queue_remove_device(struct iopf_queue *queue, struct device *dev) ops->page_response(dev, iopf, &resp); list_del_init(&group->pending_node); + iopf_free_group(group); } mutex_unlock(&fault_param->lock); -- 2.43.0

4 months, 1 week

4
3
0 0

FAILED: patch "[PATCH] ASoC: renesas: rz-ssi: Add a check for negative sample_space" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 82a0a3e6f8c02b3236b55e784a083fa4ee07c321 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021054-entangled-amuser-e6ea@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 82a0a3e6f8c02b3236b55e784a083fa4ee07c321 Mon Sep 17 00:00:00 2001 From: Dan Carpenter <dan.carpenter(a)linaro.org> Date: Wed, 8 Jan 2025 12:28:46 +0300 Subject: [PATCH] ASoC: renesas: rz-ssi: Add a check for negative sample_space My static checker rule complains about this code. The concern is that if "sample_space" is negative then the "sample_space >= runtime->channels" condition will not work as intended because it will be type promoted to a high unsigned int value. strm->fifo_sample_size is SSI_FIFO_DEPTH (32). The SSIFSR_TDC_MASK is 0x3f. Without any further context it does seem like a reasonable warning and it can't hurt to add a check for negatives. Cc: stable(a)vger.kernel.org Fixes: 03e786bd4341 ("ASoC: sh: Add RZ/G2L SSIF-2 driver") Signed-off-by: Dan Carpenter <dan.carpenter(a)linaro.org> Reviewed-by: Geert Uytterhoeven <geert+renesas(a)glider.be> Link: https://patch.msgid.link/e07c3dc5-d885-4b04-a742-71f42243f4fd@stanley.mount… Signed-off-by: Mark Brown <broonie(a)kernel.org> diff --git a/sound/soc/renesas/rz-ssi.c b/sound/soc/renesas/rz-ssi.c index d48e2e7356b6..3a0af4ca7ab6 100644 --- a/sound/soc/renesas/rz-ssi.c +++ b/sound/soc/renesas/rz-ssi.c @@ -521,6 +521,8 @@ static int rz_ssi_pio_send(struct rz_ssi_priv *ssi, struct rz_ssi_stream *strm) sample_space = strm->fifo_sample_size; ssifsr = rz_ssi_reg_readl(ssi, SSIFSR); sample_space -= (ssifsr >> SSIFSR_TDC_SHIFT) & SSIFSR_TDC_MASK; + if (sample_space < 0) + return -EINVAL; /* Only add full frames at a time */ while (frames_left && (sample_space >= runtime->channels)) {

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] ASoC: renesas: rz-ssi: Add a check for negative sample_space" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 82a0a3e6f8c02b3236b55e784a083fa4ee07c321 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021053-entourage-retinal-b994@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 82a0a3e6f8c02b3236b55e784a083fa4ee07c321 Mon Sep 17 00:00:00 2001 From: Dan Carpenter <dan.carpenter(a)linaro.org> Date: Wed, 8 Jan 2025 12:28:46 +0300 Subject: [PATCH] ASoC: renesas: rz-ssi: Add a check for negative sample_space My static checker rule complains about this code. The concern is that if "sample_space" is negative then the "sample_space >= runtime->channels" condition will not work as intended because it will be type promoted to a high unsigned int value. strm->fifo_sample_size is SSI_FIFO_DEPTH (32). The SSIFSR_TDC_MASK is 0x3f. Without any further context it does seem like a reasonable warning and it can't hurt to add a check for negatives. Cc: stable(a)vger.kernel.org Fixes: 03e786bd4341 ("ASoC: sh: Add RZ/G2L SSIF-2 driver") Signed-off-by: Dan Carpenter <dan.carpenter(a)linaro.org> Reviewed-by: Geert Uytterhoeven <geert+renesas(a)glider.be> Link: https://patch.msgid.link/e07c3dc5-d885-4b04-a742-71f42243f4fd@stanley.mount… Signed-off-by: Mark Brown <broonie(a)kernel.org> diff --git a/sound/soc/renesas/rz-ssi.c b/sound/soc/renesas/rz-ssi.c index d48e2e7356b6..3a0af4ca7ab6 100644 --- a/sound/soc/renesas/rz-ssi.c +++ b/sound/soc/renesas/rz-ssi.c @@ -521,6 +521,8 @@ static int rz_ssi_pio_send(struct rz_ssi_priv *ssi, struct rz_ssi_stream *strm) sample_space = strm->fifo_sample_size; ssifsr = rz_ssi_reg_readl(ssi, SSIFSR); sample_space -= (ssifsr >> SSIFSR_TDC_SHIFT) & SSIFSR_TDC_MASK; + if (sample_space < 0) + return -EINVAL; /* Only add full frames at a time */ while (frames_left && (sample_space >= runtime->channels)) {

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] ASoC: renesas: rz-ssi: Add a check for negative sample_space" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 82a0a3e6f8c02b3236b55e784a083fa4ee07c321 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021053-rifling-cannon-4ee2@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 82a0a3e6f8c02b3236b55e784a083fa4ee07c321 Mon Sep 17 00:00:00 2001 From: Dan Carpenter <dan.carpenter(a)linaro.org> Date: Wed, 8 Jan 2025 12:28:46 +0300 Subject: [PATCH] ASoC: renesas: rz-ssi: Add a check for negative sample_space My static checker rule complains about this code. The concern is that if "sample_space" is negative then the "sample_space >= runtime->channels" condition will not work as intended because it will be type promoted to a high unsigned int value. strm->fifo_sample_size is SSI_FIFO_DEPTH (32). The SSIFSR_TDC_MASK is 0x3f. Without any further context it does seem like a reasonable warning and it can't hurt to add a check for negatives. Cc: stable(a)vger.kernel.org Fixes: 03e786bd4341 ("ASoC: sh: Add RZ/G2L SSIF-2 driver") Signed-off-by: Dan Carpenter <dan.carpenter(a)linaro.org> Reviewed-by: Geert Uytterhoeven <geert+renesas(a)glider.be> Link: https://patch.msgid.link/e07c3dc5-d885-4b04-a742-71f42243f4fd@stanley.mount… Signed-off-by: Mark Brown <broonie(a)kernel.org> diff --git a/sound/soc/renesas/rz-ssi.c b/sound/soc/renesas/rz-ssi.c index d48e2e7356b6..3a0af4ca7ab6 100644 --- a/sound/soc/renesas/rz-ssi.c +++ b/sound/soc/renesas/rz-ssi.c @@ -521,6 +521,8 @@ static int rz_ssi_pio_send(struct rz_ssi_priv *ssi, struct rz_ssi_stream *strm) sample_space = strm->fifo_sample_size; ssifsr = rz_ssi_reg_readl(ssi, SSIFSR); sample_space -= (ssifsr >> SSIFSR_TDC_SHIFT) & SSIFSR_TDC_MASK; + if (sample_space < 0) + return -EINVAL; /* Only add full frames at a time */ while (frames_left && (sample_space >= runtime->channels)) {

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] ASoC: renesas: rz-ssi: Add a check for negative sample_space" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 82a0a3e6f8c02b3236b55e784a083fa4ee07c321 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021052-bubble-recycled-bf7b@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 82a0a3e6f8c02b3236b55e784a083fa4ee07c321 Mon Sep 17 00:00:00 2001 From: Dan Carpenter <dan.carpenter(a)linaro.org> Date: Wed, 8 Jan 2025 12:28:46 +0300 Subject: [PATCH] ASoC: renesas: rz-ssi: Add a check for negative sample_space My static checker rule complains about this code. The concern is that if "sample_space" is negative then the "sample_space >= runtime->channels" condition will not work as intended because it will be type promoted to a high unsigned int value. strm->fifo_sample_size is SSI_FIFO_DEPTH (32). The SSIFSR_TDC_MASK is 0x3f. Without any further context it does seem like a reasonable warning and it can't hurt to add a check for negatives. Cc: stable(a)vger.kernel.org Fixes: 03e786bd4341 ("ASoC: sh: Add RZ/G2L SSIF-2 driver") Signed-off-by: Dan Carpenter <dan.carpenter(a)linaro.org> Reviewed-by: Geert Uytterhoeven <geert+renesas(a)glider.be> Link: https://patch.msgid.link/e07c3dc5-d885-4b04-a742-71f42243f4fd@stanley.mount… Signed-off-by: Mark Brown <broonie(a)kernel.org> diff --git a/sound/soc/renesas/rz-ssi.c b/sound/soc/renesas/rz-ssi.c index d48e2e7356b6..3a0af4ca7ab6 100644 --- a/sound/soc/renesas/rz-ssi.c +++ b/sound/soc/renesas/rz-ssi.c @@ -521,6 +521,8 @@ static int rz_ssi_pio_send(struct rz_ssi_priv *ssi, struct rz_ssi_stream *strm) sample_space = strm->fifo_sample_size; ssifsr = rz_ssi_reg_readl(ssi, SSIFSR); sample_space -= (ssifsr >> SSIFSR_TDC_SHIFT) & SSIFSR_TDC_MASK; + if (sample_space < 0) + return -EINVAL; /* Only add full frames at a time */ while (frames_left && (sample_space >= runtime->channels)) {

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] ASoC: renesas: rz-ssi: Terminate all the DMA transactions" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 541011dc2d7c4c82523706f726f422a5e23cc86f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021036-humorist-voltage-3645@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 541011dc2d7c4c82523706f726f422a5e23cc86f Mon Sep 17 00:00:00 2001 From: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> Date: Tue, 10 Dec 2024 19:09:33 +0200 Subject: [PATCH] ASoC: renesas: rz-ssi: Terminate all the DMA transactions The stop trigger invokes rz_ssi_stop() and rz_ssi_stream_quit(). - The purpose of rz_ssi_stop() is to disable TX/RX, terminate DMA transactions, and set the controller to idle. - The purpose of rz_ssi_stream_quit() is to reset the substream-specific software data by setting strm->running and strm->substream appropriately. The function rz_ssi_is_stream_running() checks if both strm->substream and strm->running are valid and returns true if so. Its implementation is as follows: static inline bool rz_ssi_is_stream_running(struct rz_ssi_stream *strm) { return strm->substream && strm->running; } When the controller is configured in full-duplex mode (with both playback and capture active), the rz_ssi_stop() function does not modify the controller settings when called for the first substream in the full-duplex setup. Instead, it simply sets strm->running = 0 and returns if the companion substream is still running. The following code illustrates this: static int rz_ssi_stop(struct rz_ssi_priv *ssi, struct rz_ssi_stream *strm) { strm->running = 0; if (rz_ssi_is_stream_running(&ssi->playback) || rz_ssi_is_stream_running(&ssi->capture)) return 0; // ... } The controller settings, along with the DMA termination (for the last stopped substream), are only applied when the last substream in the full-duplex setup is stopped. While applying the controller settings only when the last substream stops is not problematic, terminating the DMA operations for only one substream causes failures when starting and stopping full-duplex operations multiple times in a loop. To address this issue, call dmaengine_terminate_async() for both substreams involved in the full-duplex setup when the last substream in the setup is stopped. Fixes: 4f8cd05a4305 ("ASoC: sh: rz-ssi: Add full duplex support") Cc: stable(a)vger.kernel.org Reviewed-by: Biju Das <biju.das.jz(a)bp.renesas.com> Signed-off-by: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> Reviewed-by: Geert Uytterhoeven <geert+renesas(a)glider.be> Link: https://patch.msgid.link/20241210170953.2936724-5-claudiu.beznea.uj@bp.rene… Signed-off-by: Mark Brown <broonie(a)kernel.org> diff --git a/sound/soc/renesas/rz-ssi.c b/sound/soc/renesas/rz-ssi.c index 6efd017aaa7f..2d8721156099 100644 --- a/sound/soc/renesas/rz-ssi.c +++ b/sound/soc/renesas/rz-ssi.c @@ -415,8 +415,12 @@ static int rz_ssi_stop(struct rz_ssi_priv *ssi, struct rz_ssi_stream *strm) rz_ssi_reg_mask_setl(ssi, SSICR, SSICR_TEN | SSICR_REN, 0); /* Cancel all remaining DMA transactions */ - if (rz_ssi_is_dma_enabled(ssi)) - dmaengine_terminate_async(strm->dma_ch); + if (rz_ssi_is_dma_enabled(ssi)) { + if (ssi->playback.dma_ch) + dmaengine_terminate_async(ssi->playback.dma_ch); + if (ssi->capture.dma_ch) + dmaengine_terminate_async(ssi->capture.dma_ch); + } rz_ssi_set_idle(ssi);

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] wifi: mt76: mt7915: add module param to select 5 GHz or 6 GHz" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 57af267d2b8f5d88485c6372761386d79c5e6a1a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021037-retype-jaunt-6b0b@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 57af267d2b8f5d88485c6372761386d79c5e6a1a Mon Sep 17 00:00:00 2001 From: Shayne Chen <shayne.chen(a)mediatek.com> Date: Thu, 10 Oct 2024 10:38:16 +0200 Subject: [PATCH] wifi: mt76: mt7915: add module param to select 5 GHz or 6 GHz on MT7916 Due to a limitation in available memory, the MT7916 firmware can only handle either 5 GHz or 6 GHz at a time. It does not support runtime switching without a full restart. On older firmware, this accidentally worked to some degree due to missing checks, but couldn't be supported properly, because it left the 6 GHz channels uncalibrated. Newer firmware refuses to start on either band if the passed EEPROM data indicates support for both. Deal with this limitation by using a module parameter to specify the preferred band in case both are supported. Fixes: b4d093e321bd ("mt76: mt7915: add 6 GHz support") Cc: stable(a)vger.kernel.org Signed-off-by: Shayne Chen <shayne.chen(a)mediatek.com> Link: https://patch.msgid.link/20241010083816.51880-1-nbd@nbd.name Signed-off-by: Felix Fietkau <nbd(a)nbd.name> diff --git a/drivers/net/wireless/mediatek/mt76/mt7915/eeprom.c b/drivers/net/wireless/mediatek/mt76/mt7915/eeprom.c index bfdbc15abaa9..928e0b07a9bf 100644 --- a/drivers/net/wireless/mediatek/mt76/mt7915/eeprom.c +++ b/drivers/net/wireless/mediatek/mt76/mt7915/eeprom.c @@ -2,9 +2,14 @@ /* Copyright (C) 2020 MediaTek Inc. */ #include <linux/firmware.h> +#include <linux/moduleparam.h> #include "mt7915.h" #include "eeprom.h" +static bool enable_6ghz; +module_param(enable_6ghz, bool, 0644); +MODULE_PARM_DESC(enable_6ghz, "Enable 6 GHz instead of 5 GHz on hardware that supports both"); + static int mt7915_eeprom_load_precal(struct mt7915_dev *dev) { struct mt76_dev *mdev = &dev->mt76; @@ -170,8 +175,20 @@ static void mt7915_eeprom_parse_band_config(struct mt7915_phy *phy) phy->mt76->cap.has_6ghz = true; return; case MT_EE_V2_BAND_SEL_5GHZ_6GHZ: - phy->mt76->cap.has_5ghz = true; - phy->mt76->cap.has_6ghz = true; + if (enable_6ghz) { + phy->mt76->cap.has_6ghz = true; + u8p_replace_bits(&eeprom[MT_EE_WIFI_CONF + band], + MT_EE_V2_BAND_SEL_6GHZ, + MT_EE_WIFI_CONF0_BAND_SEL); + } else { + phy->mt76->cap.has_5ghz = true; + u8p_replace_bits(&eeprom[MT_EE_WIFI_CONF + band], + MT_EE_V2_BAND_SEL_5GHZ, + MT_EE_WIFI_CONF0_BAND_SEL); + } + /* force to buffer mode */ + dev->flash_mode = true; + return; default: phy->mt76->cap.has_2ghz = true; diff --git a/drivers/net/wireless/mediatek/mt76/mt7915/init.c b/drivers/net/wireless/mediatek/mt76/mt7915/init.c index 6bef96e3d2a3..f82216d1bda0 100644 --- a/drivers/net/wireless/mediatek/mt76/mt7915/init.c +++ b/drivers/net/wireless/mediatek/mt76/mt7915/init.c @@ -1239,14 +1239,14 @@ int mt7915_register_device(struct mt7915_dev *dev) if (ret) goto unreg_dev; - ieee80211_queue_work(mt76_hw(dev), &dev->init_work); - if (phy2) { ret = mt7915_register_ext_phy(dev, phy2); if (ret) goto unreg_thermal; } + ieee80211_queue_work(mt76_hw(dev), &dev->init_work); + dev->recovery.hw_init_done = true; ret = mt7915_init_debugfs(&dev->phy);

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] Input: bbnsm_pwrkey - add remove hook" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 55b75306c3edf369285ce22ba1ced45e335094c2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021047-wiry-tweed-c09f@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 55b75306c3edf369285ce22ba1ced45e335094c2 Mon Sep 17 00:00:00 2001 From: Peng Fan <peng.fan(a)nxp.com> Date: Thu, 12 Dec 2024 11:03:22 +0800 Subject: [PATCH] Input: bbnsm_pwrkey - add remove hook Without remove hook to clear wake irq, there will be kernel dump when doing module test. "bbnsm_pwrkey 44440000.bbnsm:pwrkey: wake irq already initialized" Add remove hook to clear wake irq and set wakeup to false. Signed-off-by: Peng Fan <peng.fan(a)nxp.com> Fixes: 40e40fdfec3f ("Input: bbnsm_pwrkey - add bbnsm power key support") Link: https://lore.kernel.org/r/20241212030322.3110017-1-peng.fan@oss.nxp.com Cc: stable(a)vger.kernel.org Signed-off-by: Dmitry Torokhov <dmitry.torokhov(a)gmail.com> diff --git a/drivers/input/misc/nxp-bbnsm-pwrkey.c b/drivers/input/misc/nxp-bbnsm-pwrkey.c index eb4173f9c820..7ba8d166d68c 100644 --- a/drivers/input/misc/nxp-bbnsm-pwrkey.c +++ b/drivers/input/misc/nxp-bbnsm-pwrkey.c @@ -187,6 +187,12 @@ static int bbnsm_pwrkey_probe(struct platform_device *pdev) return 0; } +static void bbnsm_pwrkey_remove(struct platform_device *pdev) +{ + dev_pm_clear_wake_irq(&pdev->dev); + device_init_wakeup(&pdev->dev, false); +} + static int __maybe_unused bbnsm_pwrkey_suspend(struct device *dev) { struct platform_device *pdev = to_platform_device(dev); @@ -223,6 +229,8 @@ static struct platform_driver bbnsm_pwrkey_driver = { .of_match_table = bbnsm_pwrkey_ids, }, .probe = bbnsm_pwrkey_probe, + .remove = bbnsm_pwrkey_remove, + }; module_platform_driver(bbnsm_pwrkey_driver);

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] Input: synaptics - fix crash when enabling pass-through port" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 08bd5b7c9a2401faabdaa1472d45c7de0755fd7e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021059-splice-blush-823b@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 08bd5b7c9a2401faabdaa1472d45c7de0755fd7e Mon Sep 17 00:00:00 2001 From: Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Date: Fri, 17 Jan 2025 09:23:40 -0800 Subject: [PATCH] Input: synaptics - fix crash when enabling pass-through port When enabling a pass-through port an interrupt might come before psmouse driver binds to the pass-through port. However synaptics sub-driver tries to access psmouse instance presumably associated with the pass-through port to figure out if only 1 byte of response or entire protocol packet needs to be forwarded to the pass-through port and may crash if psmouse instance has not been attached to the port yet. Fix the crash by introducing open() and close() methods for the port and check if the port is open before trying to access psmouse instance. Because psmouse calls serio_open() only after attaching psmouse instance to serio port instance this prevents the potential crash. Reported-by: Takashi Iwai <tiwai(a)suse.de> Fixes: 100e16959c3c ("Input: libps2 - attach ps2dev instances as serio port's drvdata") Link: https://bugzilla.suse.com/show_bug.cgi?id=1219522 Cc: stable(a)vger.kernel.org Reviewed-by: Takashi Iwai <tiwai(a)suse.de> Link: https://lore.kernel.org/r/Z4qSHORvPn7EU2j1@google.com Signed-off-by: Dmitry Torokhov <dmitry.torokhov(a)gmail.com> diff --git a/drivers/input/mouse/synaptics.c b/drivers/input/mouse/synaptics.c index 2735f86c23cc..aba57abe6978 100644 --- a/drivers/input/mouse/synaptics.c +++ b/drivers/input/mouse/synaptics.c @@ -665,23 +665,50 @@ static void synaptics_pt_stop(struct serio *serio) priv->pt_port = NULL; } +static int synaptics_pt_open(struct serio *serio) +{ + struct psmouse *parent = psmouse_from_serio(serio->parent); + struct synaptics_data *priv = parent->private; + + guard(serio_pause_rx)(parent->ps2dev.serio); + priv->pt_port_open = true; + + return 0; +} + +static void synaptics_pt_close(struct serio *serio) +{ + struct psmouse *parent = psmouse_from_serio(serio->parent); + struct synaptics_data *priv = parent->private; + + guard(serio_pause_rx)(parent->ps2dev.serio); + priv->pt_port_open = false; +} + static int synaptics_is_pt_packet(u8 *buf) { return (buf[0] & 0xFC) == 0x84 && (buf[3] & 0xCC) == 0xC4; } -static void synaptics_pass_pt_packet(struct serio *ptport, u8 *packet) +static void synaptics_pass_pt_packet(struct synaptics_data *priv, u8 *packet) { - struct psmouse *child = psmouse_from_serio(ptport); + struct serio *ptport; - if (child && child->state == PSMOUSE_ACTIVATED) { - serio_interrupt(ptport, packet[1], 0); - serio_interrupt(ptport, packet[4], 0); - serio_interrupt(ptport, packet[5], 0); - if (child->pktsize == 4) - serio_interrupt(ptport, packet[2], 0); - } else { - serio_interrupt(ptport, packet[1], 0); + ptport = priv->pt_port; + if (!ptport) + return; + + serio_interrupt(ptport, packet[1], 0); + + if (priv->pt_port_open) { + struct psmouse *child = psmouse_from_serio(ptport); + + if (child->state == PSMOUSE_ACTIVATED) { + serio_interrupt(ptport, packet[4], 0); + serio_interrupt(ptport, packet[5], 0); + if (child->pktsize == 4) + serio_interrupt(ptport, packet[2], 0); + } } } @@ -720,6 +747,8 @@ static void synaptics_pt_create(struct psmouse *psmouse) serio->write = synaptics_pt_write; serio->start = synaptics_pt_start; serio->stop = synaptics_pt_stop; + serio->open = synaptics_pt_open; + serio->close = synaptics_pt_close; serio->parent = psmouse->ps2dev.serio; psmouse->pt_activate = synaptics_pt_activate; @@ -1216,11 +1245,10 @@ static psmouse_ret_t synaptics_process_byte(struct psmouse *psmouse) if (SYN_CAP_PASS_THROUGH(priv->info.capabilities) && synaptics_is_pt_packet(psmouse->packet)) { - if (priv->pt_port) - synaptics_pass_pt_packet(priv->pt_port, - psmouse->packet); - } else + synaptics_pass_pt_packet(priv, psmouse->packet); + } else { synaptics_process_packet(psmouse); + } return PSMOUSE_FULL_PACKET; } diff --git a/drivers/input/mouse/synaptics.h b/drivers/input/mouse/synaptics.h index 899aee598632..3853165b6b3a 100644 --- a/drivers/input/mouse/synaptics.h +++ b/drivers/input/mouse/synaptics.h @@ -188,6 +188,7 @@ struct synaptics_data { bool disable_gesture; /* disable gestures */ struct serio *pt_port; /* Pass-through serio port */ + bool pt_port_open; /* * Last received Advanced Gesture Mode (AGM) packet. An AGM packet

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] Input: synaptics - fix crash when enabling pass-through port" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 08bd5b7c9a2401faabdaa1472d45c7de0755fd7e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021058-unthread-acutely-f430@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 08bd5b7c9a2401faabdaa1472d45c7de0755fd7e Mon Sep 17 00:00:00 2001 From: Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Date: Fri, 17 Jan 2025 09:23:40 -0800 Subject: [PATCH] Input: synaptics - fix crash when enabling pass-through port When enabling a pass-through port an interrupt might come before psmouse driver binds to the pass-through port. However synaptics sub-driver tries to access psmouse instance presumably associated with the pass-through port to figure out if only 1 byte of response or entire protocol packet needs to be forwarded to the pass-through port and may crash if psmouse instance has not been attached to the port yet. Fix the crash by introducing open() and close() methods for the port and check if the port is open before trying to access psmouse instance. Because psmouse calls serio_open() only after attaching psmouse instance to serio port instance this prevents the potential crash. Reported-by: Takashi Iwai <tiwai(a)suse.de> Fixes: 100e16959c3c ("Input: libps2 - attach ps2dev instances as serio port's drvdata") Link: https://bugzilla.suse.com/show_bug.cgi?id=1219522 Cc: stable(a)vger.kernel.org Reviewed-by: Takashi Iwai <tiwai(a)suse.de> Link: https://lore.kernel.org/r/Z4qSHORvPn7EU2j1@google.com Signed-off-by: Dmitry Torokhov <dmitry.torokhov(a)gmail.com> diff --git a/drivers/input/mouse/synaptics.c b/drivers/input/mouse/synaptics.c index 2735f86c23cc..aba57abe6978 100644 --- a/drivers/input/mouse/synaptics.c +++ b/drivers/input/mouse/synaptics.c @@ -665,23 +665,50 @@ static void synaptics_pt_stop(struct serio *serio) priv->pt_port = NULL; } +static int synaptics_pt_open(struct serio *serio) +{ + struct psmouse *parent = psmouse_from_serio(serio->parent); + struct synaptics_data *priv = parent->private; + + guard(serio_pause_rx)(parent->ps2dev.serio); + priv->pt_port_open = true; + + return 0; +} + +static void synaptics_pt_close(struct serio *serio) +{ + struct psmouse *parent = psmouse_from_serio(serio->parent); + struct synaptics_data *priv = parent->private; + + guard(serio_pause_rx)(parent->ps2dev.serio); + priv->pt_port_open = false; +} + static int synaptics_is_pt_packet(u8 *buf) { return (buf[0] & 0xFC) == 0x84 && (buf[3] & 0xCC) == 0xC4; } -static void synaptics_pass_pt_packet(struct serio *ptport, u8 *packet) +static void synaptics_pass_pt_packet(struct synaptics_data *priv, u8 *packet) { - struct psmouse *child = psmouse_from_serio(ptport); + struct serio *ptport; - if (child && child->state == PSMOUSE_ACTIVATED) { - serio_interrupt(ptport, packet[1], 0); - serio_interrupt(ptport, packet[4], 0); - serio_interrupt(ptport, packet[5], 0); - if (child->pktsize == 4) - serio_interrupt(ptport, packet[2], 0); - } else { - serio_interrupt(ptport, packet[1], 0); + ptport = priv->pt_port; + if (!ptport) + return; + + serio_interrupt(ptport, packet[1], 0); + + if (priv->pt_port_open) { + struct psmouse *child = psmouse_from_serio(ptport); + + if (child->state == PSMOUSE_ACTIVATED) { + serio_interrupt(ptport, packet[4], 0); + serio_interrupt(ptport, packet[5], 0); + if (child->pktsize == 4) + serio_interrupt(ptport, packet[2], 0); + } } } @@ -720,6 +747,8 @@ static void synaptics_pt_create(struct psmouse *psmouse) serio->write = synaptics_pt_write; serio->start = synaptics_pt_start; serio->stop = synaptics_pt_stop; + serio->open = synaptics_pt_open; + serio->close = synaptics_pt_close; serio->parent = psmouse->ps2dev.serio; psmouse->pt_activate = synaptics_pt_activate; @@ -1216,11 +1245,10 @@ static psmouse_ret_t synaptics_process_byte(struct psmouse *psmouse) if (SYN_CAP_PASS_THROUGH(priv->info.capabilities) && synaptics_is_pt_packet(psmouse->packet)) { - if (priv->pt_port) - synaptics_pass_pt_packet(priv->pt_port, - psmouse->packet); - } else + synaptics_pass_pt_packet(priv, psmouse->packet); + } else { synaptics_process_packet(psmouse); + } return PSMOUSE_FULL_PACKET; } diff --git a/drivers/input/mouse/synaptics.h b/drivers/input/mouse/synaptics.h index 899aee598632..3853165b6b3a 100644 --- a/drivers/input/mouse/synaptics.h +++ b/drivers/input/mouse/synaptics.h @@ -188,6 +188,7 @@ struct synaptics_data { bool disable_gesture; /* disable gestures */ struct serio *pt_port; /* Pass-through serio port */ + bool pt_port_open; /* * Last received Advanced Gesture Mode (AGM) packet. An AGM packet

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] clk: mediatek: mt2701-img: add missing dummy clk" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 366640868ccb4a7991aebe8442b01340fab218e2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021028-sanctity-giving-9e31@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 366640868ccb4a7991aebe8442b01340fab218e2 Mon Sep 17 00:00:00 2001 From: Daniel Golle <daniel(a)makrotopia.org> Date: Sun, 15 Dec 2024 22:14:48 +0000 Subject: [PATCH] clk: mediatek: mt2701-img: add missing dummy clk Add dummy clk for index 0 which was missed during the conversion to mtk_clk_simple_probe(). Fixes: 973d1607d936 ("clk: mediatek: mt2701: use mtk_clk_simple_probe to simplify driver") Cc: stable(a)vger.kernel.org Signed-off-by: Daniel Golle <daniel(a)makrotopia.org> Link: https://lore.kernel.org/r/d677486a5c563fe5c47aa995841adc2aaa183b8a.17343006… Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> Signed-off-by: Stephen Boyd <sboyd(a)kernel.org> diff --git a/drivers/clk/mediatek/clk-mt2701-img.c b/drivers/clk/mediatek/clk-mt2701-img.c index 875594bc9dcb..c158e54c4652 100644 --- a/drivers/clk/mediatek/clk-mt2701-img.c +++ b/drivers/clk/mediatek/clk-mt2701-img.c @@ -22,6 +22,7 @@ static const struct mtk_gate_regs img_cg_regs = { GATE_MTK(_id, _name, _parent, &img_cg_regs, _shift, &mtk_clk_gate_ops_setclr) static const struct mtk_gate img_clks[] = { + GATE_DUMMY(CLK_DUMMY, "img_dummy"), GATE_IMG(CLK_IMG_SMI_COMM, "img_smi_comm", "mm_sel", 0), GATE_IMG(CLK_IMG_RESZ, "img_resz", "mm_sel", 1), GATE_IMG(CLK_IMG_JPGDEC_SMI, "img_jpgdec_smi", "mm_sel", 5),

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] clk: mediatek: mt2701-bdp: add missing dummy clk" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x fd291adc5e9a4ee6cd91e57f148f3b427f80647b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021017-tyke-stiffness-35bf@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From fd291adc5e9a4ee6cd91e57f148f3b427f80647b Mon Sep 17 00:00:00 2001 From: Daniel Golle <daniel(a)makrotopia.org> Date: Sun, 15 Dec 2024 22:14:24 +0000 Subject: [PATCH] clk: mediatek: mt2701-bdp: add missing dummy clk Add dummy clk for index 0 which was missed during the conversion to mtk_clk_simple_probe(). Fixes: 973d1607d936 ("clk: mediatek: mt2701: use mtk_clk_simple_probe to simplify driver") Cc: stable(a)vger.kernel.org Signed-off-by: Daniel Golle <daniel(a)makrotopia.org> Link: https://lore.kernel.org/r/b8526c882a50f2b158df0eccb4a165956fd8fa13.17343006… Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> Signed-off-by: Stephen Boyd <sboyd(a)kernel.org> diff --git a/drivers/clk/mediatek/clk-mt2701-bdp.c b/drivers/clk/mediatek/clk-mt2701-bdp.c index 5da3eabffd3e..f11c7a4fa37b 100644 --- a/drivers/clk/mediatek/clk-mt2701-bdp.c +++ b/drivers/clk/mediatek/clk-mt2701-bdp.c @@ -31,6 +31,7 @@ static const struct mtk_gate_regs bdp1_cg_regs = { GATE_MTK(_id, _name, _parent, &bdp1_cg_regs, _shift, &mtk_clk_gate_ops_setclr_inv) static const struct mtk_gate bdp_clks[] = { + GATE_DUMMY(CLK_DUMMY, "bdp_dummy"), GATE_BDP0(CLK_BDP_BRG_BA, "brg_baclk", "mm_sel", 0), GATE_BDP0(CLK_BDP_BRG_DRAM, "brg_dram", "mm_sel", 1), GATE_BDP0(CLK_BDP_LARB_DRAM, "larb_dram", "mm_sel", 2),

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] clk: mediatek: mt2701-vdec: fix conversion to" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 7c8746126a4e256fcf1af9174ee7d92cc3f3bc31 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021049-dipper-royal-a0b9@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 7c8746126a4e256fcf1af9174ee7d92cc3f3bc31 Mon Sep 17 00:00:00 2001 From: Daniel Golle <daniel(a)makrotopia.org> Date: Sun, 15 Dec 2024 22:13:49 +0000 Subject: [PATCH] clk: mediatek: mt2701-vdec: fix conversion to mtk_clk_simple_probe Commit 973d1607d936 ("clk: mediatek: mt2701: use mtk_clk_simple_probe to simplify driver") broke DT bindings as the highest index was reduced by 1 because the id count starts from 1 and not from 0. Fix this, like for other drivers which had the same issue, by adding a dummy clk at index 0. Fixes: 973d1607d936 ("clk: mediatek: mt2701: use mtk_clk_simple_probe to simplify driver") Cc: stable(a)vger.kernel.org Signed-off-by: Daniel Golle <daniel(a)makrotopia.org> Link: https://lore.kernel.org/r/b126a5577f3667ef19b1b5feea5e70174084fb03.17343006… Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> Signed-off-by: Stephen Boyd <sboyd(a)kernel.org> diff --git a/drivers/clk/mediatek/clk-mt2701-vdec.c b/drivers/clk/mediatek/clk-mt2701-vdec.c index 94db86f8d0a4..5299d92f3aba 100644 --- a/drivers/clk/mediatek/clk-mt2701-vdec.c +++ b/drivers/clk/mediatek/clk-mt2701-vdec.c @@ -31,6 +31,7 @@ static const struct mtk_gate_regs vdec1_cg_regs = { GATE_MTK(_id, _name, _parent, &vdec1_cg_regs, _shift, &mtk_clk_gate_ops_setclr_inv) static const struct mtk_gate vdec_clks[] = { + GATE_DUMMY(CLK_DUMMY, "vdec_dummy"), GATE_VDEC0(CLK_VDEC_CKGEN, "vdec_cken", "vdec_sel", 0), GATE_VDEC1(CLK_VDEC_LARB, "vdec_larb_cken", "mm_sel", 0), };

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] Bluetooth: qca: Fix poor RF performance for WCN6855" failed to apply to 6.13-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.13-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.13.y git checkout FETCH_HEAD git cherry-pick -x a2fad248947d702ed3dcb52b8377c1a3ae201e44 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021049-during-buddhist-0ffa@gregkh' --subject-prefix 'PATCH 6.13.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a2fad248947d702ed3dcb52b8377c1a3ae201e44 Mon Sep 17 00:00:00 2001 From: Zijun Hu <quic_zijuhu(a)quicinc.com> Date: Mon, 13 Jan 2025 22:43:23 +0800 Subject: [PATCH] Bluetooth: qca: Fix poor RF performance for WCN6855 For WCN6855, board ID specific NVM needs to be downloaded once board ID is available, but the default NVM is always downloaded currently. The wrong NVM causes poor RF performance, and effects user experience for several types of laptop with WCN6855 on the market. Fix by downloading board ID specific NVM if board ID is available. Fixes: 095327fede00 ("Bluetooth: hci_qca: Add support for QTI Bluetooth chip wcn6855") Cc: stable(a)vger.kernel.org # 6.4 Signed-off-by: Zijun Hu <quic_zijuhu(a)quicinc.com> Tested-by: Johan Hovold <johan+linaro(a)kernel.org> Reviewed-by: Johan Hovold <johan+linaro(a)kernel.org> Tested-by: Steev Klimaszewski <steev(a)kali.org> #Thinkpad X13s Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> diff --git a/drivers/bluetooth/btqca.c b/drivers/bluetooth/btqca.c index a6b53d1f23db..cdf09d9a9ad2 100644 --- a/drivers/bluetooth/btqca.c +++ b/drivers/bluetooth/btqca.c @@ -909,8 +909,9 @@ int qca_uart_setup(struct hci_dev *hdev, uint8_t baudrate, "qca/msnv%02x.bin", rom_ver); break; case QCA_WCN6855: - snprintf(config.fwname, sizeof(config.fwname), - "qca/hpnv%02x.bin", rom_ver); + qca_read_fw_board_id(hdev, &boardid); + qca_get_nvm_name_by_board(config.fwname, sizeof(config.fwname), + "hpnv", soc_type, ver, rom_ver, boardid); break; case QCA_WCN7850: qca_get_nvm_name_by_board(config.fwname, sizeof(config.fwname),

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] Bluetooth: qca: Fix poor RF performance for WCN6855" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x a2fad248947d702ed3dcb52b8377c1a3ae201e44 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021049-unrated-entering-7761@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a2fad248947d702ed3dcb52b8377c1a3ae201e44 Mon Sep 17 00:00:00 2001 From: Zijun Hu <quic_zijuhu(a)quicinc.com> Date: Mon, 13 Jan 2025 22:43:23 +0800 Subject: [PATCH] Bluetooth: qca: Fix poor RF performance for WCN6855 For WCN6855, board ID specific NVM needs to be downloaded once board ID is available, but the default NVM is always downloaded currently. The wrong NVM causes poor RF performance, and effects user experience for several types of laptop with WCN6855 on the market. Fix by downloading board ID specific NVM if board ID is available. Fixes: 095327fede00 ("Bluetooth: hci_qca: Add support for QTI Bluetooth chip wcn6855") Cc: stable(a)vger.kernel.org # 6.4 Signed-off-by: Zijun Hu <quic_zijuhu(a)quicinc.com> Tested-by: Johan Hovold <johan+linaro(a)kernel.org> Reviewed-by: Johan Hovold <johan+linaro(a)kernel.org> Tested-by: Steev Klimaszewski <steev(a)kali.org> #Thinkpad X13s Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> diff --git a/drivers/bluetooth/btqca.c b/drivers/bluetooth/btqca.c index a6b53d1f23db..cdf09d9a9ad2 100644 --- a/drivers/bluetooth/btqca.c +++ b/drivers/bluetooth/btqca.c @@ -909,8 +909,9 @@ int qca_uart_setup(struct hci_dev *hdev, uint8_t baudrate, "qca/msnv%02x.bin", rom_ver); break; case QCA_WCN6855: - snprintf(config.fwname, sizeof(config.fwname), - "qca/hpnv%02x.bin", rom_ver); + qca_read_fw_board_id(hdev, &boardid); + qca_get_nvm_name_by_board(config.fwname, sizeof(config.fwname), + "hpnv", soc_type, ver, rom_ver, boardid); break; case QCA_WCN7850: qca_get_nvm_name_by_board(config.fwname, sizeof(config.fwname),

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] drm/rockchip: cdn-dp: Use" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 666e1960464140cc4bc9203c203097e70b54c95a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021026-surfboard-eskimo-5c01@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 666e1960464140cc4bc9203c203097e70b54c95a Mon Sep 17 00:00:00 2001 From: Thomas Zimmermann <tzimmermann(a)suse.de> Date: Tue, 5 Nov 2024 14:38:16 +0100 Subject: [PATCH] drm/rockchip: cdn-dp: Use drm_connector_helper_hpd_irq_event() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The code for detecting and updating the connector status in cdn_dp_pd_event_work() has a number of problems. - It does not aquire the locks to call the detect helper and update the connector status. These are struct drm_mode_config.connection_mutex and struct drm_mode_config.mutex. - It does not use drm_helper_probe_detect(), which helps with the details of locking and detection. - It uses the connector's status field to determine a change to the connector status. The epoch_counter field is the correct one. The field signals a change even if the connector status' value did not change. Replace the code with a call to drm_connector_helper_hpd_irq_event(), which fixes all these problems. Signed-off-by: Thomas Zimmermann <tzimmermann(a)suse.de> Fixes: 81632df69772 ("drm/rockchip: cdn-dp: do not use drm_helper_hpd_irq_event") Cc: Chris Zhong <zyw(a)rock-chips.com> Cc: Guenter Roeck <groeck(a)chromium.org> Cc: Sandy Huang <hjc(a)rock-chips.com> Cc: "Heiko Stübner" <heiko(a)sntech.de> Cc: Andy Yan <andy.yan(a)rock-chips.com> Cc: dri-devel(a)lists.freedesktop.org Cc: linux-arm-kernel(a)lists.infradead.org Cc: linux-rockchip(a)lists.infradead.org Cc: <stable(a)vger.kernel.org> # v4.11+ Signed-off-by: Heiko Stuebner <heiko(a)sntech.de> Link: https://patchwork.freedesktop.org/patch/msgid/20241105133848.480407-1-tzimm… diff --git a/drivers/gpu/drm/rockchip/cdn-dp-core.c b/drivers/gpu/drm/rockchip/cdn-dp-core.c index b04538907f95..f576b1aa86d1 100644 --- a/drivers/gpu/drm/rockchip/cdn-dp-core.c +++ b/drivers/gpu/drm/rockchip/cdn-dp-core.c @@ -947,9 +947,6 @@ static void cdn_dp_pd_event_work(struct work_struct *work) { struct cdn_dp_device *dp = container_of(work, struct cdn_dp_device, event_work); - struct drm_connector *connector = &dp->connector; - enum drm_connector_status old_status; - int ret; mutex_lock(&dp->lock); @@ -1009,11 +1006,7 @@ static void cdn_dp_pd_event_work(struct work_struct *work) out: mutex_unlock(&dp->lock); - - old_status = connector->status; - connector->status = connector->funcs->detect(connector, false); - if (old_status != connector->status) - drm_kms_helper_hotplug_event(dp->drm_dev); + drm_connector_helper_hpd_irq_event(&dp->connector); } static int cdn_dp_pd_event(struct notifier_block *nb,

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] drm/rockchip: cdn-dp: Use" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 666e1960464140cc4bc9203c203097e70b54c95a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021025-abdomen-glass-2533@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 666e1960464140cc4bc9203c203097e70b54c95a Mon Sep 17 00:00:00 2001 From: Thomas Zimmermann <tzimmermann(a)suse.de> Date: Tue, 5 Nov 2024 14:38:16 +0100 Subject: [PATCH] drm/rockchip: cdn-dp: Use drm_connector_helper_hpd_irq_event() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The code for detecting and updating the connector status in cdn_dp_pd_event_work() has a number of problems. - It does not aquire the locks to call the detect helper and update the connector status. These are struct drm_mode_config.connection_mutex and struct drm_mode_config.mutex. - It does not use drm_helper_probe_detect(), which helps with the details of locking and detection. - It uses the connector's status field to determine a change to the connector status. The epoch_counter field is the correct one. The field signals a change even if the connector status' value did not change. Replace the code with a call to drm_connector_helper_hpd_irq_event(), which fixes all these problems. Signed-off-by: Thomas Zimmermann <tzimmermann(a)suse.de> Fixes: 81632df69772 ("drm/rockchip: cdn-dp: do not use drm_helper_hpd_irq_event") Cc: Chris Zhong <zyw(a)rock-chips.com> Cc: Guenter Roeck <groeck(a)chromium.org> Cc: Sandy Huang <hjc(a)rock-chips.com> Cc: "Heiko Stübner" <heiko(a)sntech.de> Cc: Andy Yan <andy.yan(a)rock-chips.com> Cc: dri-devel(a)lists.freedesktop.org Cc: linux-arm-kernel(a)lists.infradead.org Cc: linux-rockchip(a)lists.infradead.org Cc: <stable(a)vger.kernel.org> # v4.11+ Signed-off-by: Heiko Stuebner <heiko(a)sntech.de> Link: https://patchwork.freedesktop.org/patch/msgid/20241105133848.480407-1-tzimm… diff --git a/drivers/gpu/drm/rockchip/cdn-dp-core.c b/drivers/gpu/drm/rockchip/cdn-dp-core.c index b04538907f95..f576b1aa86d1 100644 --- a/drivers/gpu/drm/rockchip/cdn-dp-core.c +++ b/drivers/gpu/drm/rockchip/cdn-dp-core.c @@ -947,9 +947,6 @@ static void cdn_dp_pd_event_work(struct work_struct *work) { struct cdn_dp_device *dp = container_of(work, struct cdn_dp_device, event_work); - struct drm_connector *connector = &dp->connector; - enum drm_connector_status old_status; - int ret; mutex_lock(&dp->lock); @@ -1009,11 +1006,7 @@ static void cdn_dp_pd_event_work(struct work_struct *work) out: mutex_unlock(&dp->lock); - - old_status = connector->status; - connector->status = connector->funcs->detect(connector, false); - if (old_status != connector->status) - drm_kms_helper_hotplug_event(dp->drm_dev); + drm_connector_helper_hpd_irq_event(&dp->connector); } static int cdn_dp_pd_event(struct notifier_block *nb,

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] drm/amd/display: Correct register address in dcn35" failed to apply to 6.13-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.13-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.13.y git checkout FETCH_HEAD git cherry-pick -x f88192d2335b5a911fcfa09338cc00624571ec5e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021028-primp-darkening-0a43@gregkh' --subject-prefix 'PATCH 6.13.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f88192d2335b5a911fcfa09338cc00624571ec5e Mon Sep 17 00:00:00 2001 From: loanchen <lo-an.chen(a)amd.com> Date: Wed, 15 Jan 2025 17:43:29 +0800 Subject: [PATCH] drm/amd/display: Correct register address in dcn35 [Why] the offset address of mmCLK5_spll_field_8 was incorrect for dcn35 which causes SSC not to be enabled. Reviewed-by: Charlene Liu <charlene.liu(a)amd.com> Signed-off-by: Lo-An Chen <lo-an.chen(a)amd.com> Signed-off-by: Zaeem Mohamed <zaeem.mohamed(a)amd.com> Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org diff --git a/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c b/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c index 1f974ea3b0c6..1648226586e2 100644 --- a/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c +++ b/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c @@ -89,7 +89,7 @@ #define mmCLK1_CLK4_ALLOW_DS 0x16EA8 #define mmCLK1_CLK5_ALLOW_DS 0x16EB1 -#define mmCLK5_spll_field_8 0x1B04B +#define mmCLK5_spll_field_8 0x1B24B #define mmDENTIST_DISPCLK_CNTL 0x0124 #define regDENTIST_DISPCLK_CNTL 0x0064 #define regDENTIST_DISPCLK_CNTL_BASE_IDX 1

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] drm/amd/display: Correct register address in dcn35" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x f88192d2335b5a911fcfa09338cc00624571ec5e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021028-chooser-popcorn-29ee@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f88192d2335b5a911fcfa09338cc00624571ec5e Mon Sep 17 00:00:00 2001 From: loanchen <lo-an.chen(a)amd.com> Date: Wed, 15 Jan 2025 17:43:29 +0800 Subject: [PATCH] drm/amd/display: Correct register address in dcn35 [Why] the offset address of mmCLK5_spll_field_8 was incorrect for dcn35 which causes SSC not to be enabled. Reviewed-by: Charlene Liu <charlene.liu(a)amd.com> Signed-off-by: Lo-An Chen <lo-an.chen(a)amd.com> Signed-off-by: Zaeem Mohamed <zaeem.mohamed(a)amd.com> Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org diff --git a/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c b/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c index 1f974ea3b0c6..1648226586e2 100644 --- a/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c +++ b/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c @@ -89,7 +89,7 @@ #define mmCLK1_CLK4_ALLOW_DS 0x16EA8 #define mmCLK1_CLK5_ALLOW_DS 0x16EB1 -#define mmCLK5_spll_field_8 0x1B04B +#define mmCLK5_spll_field_8 0x1B24B #define mmDENTIST_DISPCLK_CNTL 0x0124 #define regDENTIST_DISPCLK_CNTL 0x0064 #define regDENTIST_DISPCLK_CNTL_BASE_IDX 1

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] drm/i915/guc: Debug print LRC state entries only if the" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 57965269896313e1629a518d3971ad55f599b792 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021048-majority-stature-58b1@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 57965269896313e1629a518d3971ad55f599b792 Mon Sep 17 00:00:00 2001 From: Daniele Ceraolo Spurio <daniele.ceraolospurio(a)intel.com> Date: Tue, 14 Jan 2025 16:13:34 -0800 Subject: [PATCH] drm/i915/guc: Debug print LRC state entries only if the context is pinned After the context is unpinned the backing memory can also be unpinned, so any accesses via the lrc_reg_state pointer can end up in unmapped memory. To avoid that, make sure to only access that memory if the context is pinned when printing its info. v2: fix newline alignment Fixes: 28ff6520a34d ("drm/i915/guc: Update GuC debugfs to support new GuC") Signed-off-by: Daniele Ceraolo Spurio <daniele.ceraolospurio(a)intel.com> Cc: John Harrison <John.C.Harrison(a)Intel.com> Cc: Matthew Brost <matthew.brost(a)intel.com> Cc: <stable(a)vger.kernel.org> # v5.15+ Reviewed-by: John Harrison <John.C.Harrison(a)Intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20250115001334.3875347-1-dani… (cherry picked from commit 5bea40687c5cf2a33bf04e9110eb2e2b80222ef5) Signed-off-by: Rodrigo Vivi <rodrigo.vivi(a)intel.com> diff --git a/drivers/gpu/drm/i915/gt/uc/intel_guc_submission.c b/drivers/gpu/drm/i915/gt/uc/intel_guc_submission.c index bd4b3d2470e4..cc05bd9e43b4 100644 --- a/drivers/gpu/drm/i915/gt/uc/intel_guc_submission.c +++ b/drivers/gpu/drm/i915/gt/uc/intel_guc_submission.c @@ -5535,12 +5535,20 @@ static inline void guc_log_context(struct drm_printer *p, { drm_printf(p, "GuC lrc descriptor %u:\n", ce->guc_id.id); drm_printf(p, "\tHW Context Desc: 0x%08x\n", ce->lrc.lrca); - drm_printf(p, "\t\tLRC Head: Internal %u, Memory %u\n", - ce->ring->head, - ce->lrc_reg_state[CTX_RING_HEAD]); - drm_printf(p, "\t\tLRC Tail: Internal %u, Memory %u\n", - ce->ring->tail, - ce->lrc_reg_state[CTX_RING_TAIL]); + if (intel_context_pin_if_active(ce)) { + drm_printf(p, "\t\tLRC Head: Internal %u, Memory %u\n", + ce->ring->head, + ce->lrc_reg_state[CTX_RING_HEAD]); + drm_printf(p, "\t\tLRC Tail: Internal %u, Memory %u\n", + ce->ring->tail, + ce->lrc_reg_state[CTX_RING_TAIL]); + intel_context_unpin(ce); + } else { + drm_printf(p, "\t\tLRC Head: Internal %u, Memory not pinned\n", + ce->ring->head); + drm_printf(p, "\t\tLRC Tail: Internal %u, Memory not pinned\n", + ce->ring->tail); + } drm_printf(p, "\t\tContext Pin Count: %u\n", atomic_read(&ce->pin_count)); drm_printf(p, "\t\tGuC ID Ref Count: %u\n",

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] ksmbd: fix integer overflows on 32 bit systems" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x aab98e2dbd648510f8f51b83fbf4721206ccae45 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021018-blurry-lukewarm-5d5d@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From aab98e2dbd648510f8f51b83fbf4721206ccae45 Mon Sep 17 00:00:00 2001 From: Dan Carpenter <dan.carpenter(a)linaro.org> Date: Wed, 15 Jan 2025 09:28:35 +0900 Subject: [PATCH] ksmbd: fix integer overflows on 32 bit systems On 32bit systems the addition operations in ipc_msg_alloc() can potentially overflow leading to memory corruption. Add bounds checking using KSMBD_IPC_MAX_PAYLOAD to avoid overflow. Fixes: 0626e6641f6b ("cifsd: add server handler for central processing and tranport layers") Cc: stable(a)vger.kernel.org Signed-off-by: Dan Carpenter <dan.carpenter(a)linaro.org> Signed-off-by: Namjae Jeon <linkinjeon(a)kernel.org> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/server/transport_ipc.c b/fs/smb/server/transport_ipc.c index c0bb8c7722d7..0460ebea6ff0 100644 --- a/fs/smb/server/transport_ipc.c +++ b/fs/smb/server/transport_ipc.c @@ -627,6 +627,9 @@ ksmbd_ipc_spnego_authen_request(const char *spnego_blob, int blob_len) struct ksmbd_spnego_authen_request *req; struct ksmbd_spnego_authen_response *resp; + if (blob_len > KSMBD_IPC_MAX_PAYLOAD) + return NULL; + msg = ipc_msg_alloc(sizeof(struct ksmbd_spnego_authen_request) + blob_len + 1); if (!msg) @@ -806,6 +809,9 @@ struct ksmbd_rpc_command *ksmbd_rpc_write(struct ksmbd_session *sess, int handle struct ksmbd_rpc_command *req; struct ksmbd_rpc_command *resp; + if (payload_sz > KSMBD_IPC_MAX_PAYLOAD) + return NULL; + msg = ipc_msg_alloc(sizeof(struct ksmbd_rpc_command) + payload_sz + 1); if (!msg) return NULL; @@ -854,6 +860,9 @@ struct ksmbd_rpc_command *ksmbd_rpc_ioctl(struct ksmbd_session *sess, int handle struct ksmbd_rpc_command *req; struct ksmbd_rpc_command *resp; + if (payload_sz > KSMBD_IPC_MAX_PAYLOAD) + return NULL; + msg = ipc_msg_alloc(sizeof(struct ksmbd_rpc_command) + payload_sz + 1); if (!msg) return NULL;

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] KVM: nVMX: Defer SVI update to vmcs01 on EOI when L2 is" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 04bc93cf49d16d01753b95ddb5d4f230b809a991 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021054-arbitrary-dilation-d2cd@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 04bc93cf49d16d01753b95ddb5d4f230b809a991 Mon Sep 17 00:00:00 2001 From: Chao Gao <chao.gao(a)intel.com> Date: Wed, 27 Nov 2024 16:00:10 -0800 Subject: [PATCH] KVM: nVMX: Defer SVI update to vmcs01 on EOI when L2 is active w/o VID MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit If KVM emulates an EOI for L1's virtual APIC while L2 is active, defer updating GUEST_INTERUPT_STATUS.SVI, i.e. the VMCS's cache of the highest in-service IRQ, until L1 is active, as vmcs01, not vmcs02, needs to track vISR. The missed SVI update for vmcs01 can result in L1 interrupts being incorrectly blocked, e.g. if there is a pending interrupt with lower priority than the interrupt that was EOI'd. This bug only affects use cases where L1's vAPIC is effectively passed through to L2, e.g. in a pKVM scenario where L2 is L1's depriveleged host, as KVM will only emulate an EOI for L1's vAPIC if Virtual Interrupt Delivery (VID) is disabled in vmc12, and L1 isn't intercepting L2 accesses to its (virtual) APIC page (or if x2APIC is enabled, the EOI MSR). WARN() if KVM updates L1's ISR while L2 is active with VID enabled, as an EOI from L2 is supposed to affect L2's vAPIC, but still defer the update, to try to keep L1 alive. Specifically, KVM forwards all APICv-related VM-Exits to L1 via nested_vmx_l1_wants_exit(): case EXIT_REASON_APIC_ACCESS: case EXIT_REASON_APIC_WRITE: case EXIT_REASON_EOI_INDUCED: /* * The controls for "virtualize APIC accesses," "APIC- * register virtualization," and "virtual-interrupt * delivery" only come from vmcs12. */ return true; Fixes: c7c9c56ca26f ("x86, apicv: add virtual interrupt delivery support") Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/kvm/20230312180048.1778187-1-jason.cj.chen@intel.com Reported-by: Markku Ahvenjärvi <mankku(a)gmail.com> Closes: https://lore.kernel.org/all/20240920080012.74405-1-mankku@gmail.com Cc: Janne Karhunen <janne.karhunen(a)gmail.com> Signed-off-by: Chao Gao <chao.gao(a)intel.com> [sean: drop request, handle in VMX, write changelog] Tested-by: Chao Gao <chao.gao(a)intel.com> Link: https://lore.kernel.org/r/20241128000010.4051275-3-seanjc@google.com Signed-off-by: Sean Christopherson <seanjc(a)google.com> diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c index 39ae2f5f9866..d0913aceeae4 100644 --- a/arch/x86/kvm/lapic.c +++ b/arch/x86/kvm/lapic.c @@ -816,6 +816,17 @@ static inline void apic_clear_isr(int vec, struct kvm_lapic *apic) } } +void kvm_apic_update_hwapic_isr(struct kvm_vcpu *vcpu) +{ + struct kvm_lapic *apic = vcpu->arch.apic; + + if (WARN_ON_ONCE(!lapic_in_kernel(vcpu)) || !apic->apicv_active) + return; + + kvm_x86_call(hwapic_isr_update)(vcpu, apic_find_highest_isr(apic)); +} +EXPORT_SYMBOL_GPL(kvm_apic_update_hwapic_isr); + int kvm_lapic_find_highest_irr(struct kvm_vcpu *vcpu) { /* This may race with setting of irr in __apic_accept_irq() and diff --git a/arch/x86/kvm/lapic.h b/arch/x86/kvm/lapic.h index 24add38beaf0..1a8553ebdb42 100644 --- a/arch/x86/kvm/lapic.h +++ b/arch/x86/kvm/lapic.h @@ -118,6 +118,7 @@ void kvm_apic_send_ipi(struct kvm_lapic *apic, u32 icr_low, u32 icr_high); int kvm_apic_set_base(struct kvm_vcpu *vcpu, u64 value, bool host_initiated); int kvm_apic_get_state(struct kvm_vcpu *vcpu, struct kvm_lapic_state *s); int kvm_apic_set_state(struct kvm_vcpu *vcpu, struct kvm_lapic_state *s); +void kvm_apic_update_hwapic_isr(struct kvm_vcpu *vcpu); int kvm_lapic_find_highest_irr(struct kvm_vcpu *vcpu); u64 kvm_get_lapic_tscdeadline_msr(struct kvm_vcpu *vcpu); diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c index aa78b6f38dfe..103baa8e4cf8 100644 --- a/arch/x86/kvm/vmx/nested.c +++ b/arch/x86/kvm/vmx/nested.c @@ -5050,6 +5050,11 @@ void nested_vmx_vmexit(struct kvm_vcpu *vcpu, u32 vm_exit_reason, kvm_make_request(KVM_REQ_APICV_UPDATE, vcpu); } + if (vmx->nested.update_vmcs01_hwapic_isr) { + vmx->nested.update_vmcs01_hwapic_isr = false; + kvm_apic_update_hwapic_isr(vcpu); + } + if ((vm_exit_reason != -1) && (enable_shadow_vmcs || nested_vmx_is_evmptr12_valid(vmx))) vmx->nested.need_vmcs12_to_shadow_sync = true; diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index 22cb11ab8709..01abcdcbbf70 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -6867,6 +6867,27 @@ void vmx_hwapic_isr_update(struct kvm_vcpu *vcpu, int max_isr) u16 status; u8 old; + /* + * If L2 is active, defer the SVI update until vmcs01 is loaded, as SVI + * is only relevant for if and only if Virtual Interrupt Delivery is + * enabled in vmcs12, and if VID is enabled then L2 EOIs affect L2's + * vAPIC, not L1's vAPIC. KVM must update vmcs01 on the next nested + * VM-Exit, otherwise L1 with run with a stale SVI. + */ + if (is_guest_mode(vcpu)) { + /* + * KVM is supposed to forward intercepted L2 EOIs to L1 if VID + * is enabled in vmcs12; as above, the EOIs affect L2's vAPIC. + * Note, userspace can stuff state while L2 is active; assert + * that VID is disabled if and only if the vCPU is in KVM_RUN + * to avoid false positives if userspace is setting APIC state. + */ + WARN_ON_ONCE(vcpu->wants_to_run && + nested_cpu_has_vid(get_vmcs12(vcpu))); + to_vmx(vcpu)->nested.update_vmcs01_hwapic_isr = true; + return; + } + if (max_isr == -1) max_isr = 0; diff --git a/arch/x86/kvm/vmx/vmx.h b/arch/x86/kvm/vmx/vmx.h index 43f573f6ca46..892302022094 100644 --- a/arch/x86/kvm/vmx/vmx.h +++ b/arch/x86/kvm/vmx/vmx.h @@ -176,6 +176,7 @@ struct nested_vmx { bool reload_vmcs01_apic_access_page; bool update_vmcs01_cpu_dirty_logging; bool update_vmcs01_apicv_status; + bool update_vmcs01_hwapic_isr; /* * Enlightened VMCS has been enabled. It does not mean that L1 has to

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] KVM: nVMX: Defer SVI update to vmcs01 on EOI when L2 is" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 04bc93cf49d16d01753b95ddb5d4f230b809a991 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021053-trout-supreme-8b3f@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 04bc93cf49d16d01753b95ddb5d4f230b809a991 Mon Sep 17 00:00:00 2001 From: Chao Gao <chao.gao(a)intel.com> Date: Wed, 27 Nov 2024 16:00:10 -0800 Subject: [PATCH] KVM: nVMX: Defer SVI update to vmcs01 on EOI when L2 is active w/o VID MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit If KVM emulates an EOI for L1's virtual APIC while L2 is active, defer updating GUEST_INTERUPT_STATUS.SVI, i.e. the VMCS's cache of the highest in-service IRQ, until L1 is active, as vmcs01, not vmcs02, needs to track vISR. The missed SVI update for vmcs01 can result in L1 interrupts being incorrectly blocked, e.g. if there is a pending interrupt with lower priority than the interrupt that was EOI'd. This bug only affects use cases where L1's vAPIC is effectively passed through to L2, e.g. in a pKVM scenario where L2 is L1's depriveleged host, as KVM will only emulate an EOI for L1's vAPIC if Virtual Interrupt Delivery (VID) is disabled in vmc12, and L1 isn't intercepting L2 accesses to its (virtual) APIC page (or if x2APIC is enabled, the EOI MSR). WARN() if KVM updates L1's ISR while L2 is active with VID enabled, as an EOI from L2 is supposed to affect L2's vAPIC, but still defer the update, to try to keep L1 alive. Specifically, KVM forwards all APICv-related VM-Exits to L1 via nested_vmx_l1_wants_exit(): case EXIT_REASON_APIC_ACCESS: case EXIT_REASON_APIC_WRITE: case EXIT_REASON_EOI_INDUCED: /* * The controls for "virtualize APIC accesses," "APIC- * register virtualization," and "virtual-interrupt * delivery" only come from vmcs12. */ return true; Fixes: c7c9c56ca26f ("x86, apicv: add virtual interrupt delivery support") Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/kvm/20230312180048.1778187-1-jason.cj.chen@intel.com Reported-by: Markku Ahvenjärvi <mankku(a)gmail.com> Closes: https://lore.kernel.org/all/20240920080012.74405-1-mankku@gmail.com Cc: Janne Karhunen <janne.karhunen(a)gmail.com> Signed-off-by: Chao Gao <chao.gao(a)intel.com> [sean: drop request, handle in VMX, write changelog] Tested-by: Chao Gao <chao.gao(a)intel.com> Link: https://lore.kernel.org/r/20241128000010.4051275-3-seanjc@google.com Signed-off-by: Sean Christopherson <seanjc(a)google.com> diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c index 39ae2f5f9866..d0913aceeae4 100644 --- a/arch/x86/kvm/lapic.c +++ b/arch/x86/kvm/lapic.c @@ -816,6 +816,17 @@ static inline void apic_clear_isr(int vec, struct kvm_lapic *apic) } } +void kvm_apic_update_hwapic_isr(struct kvm_vcpu *vcpu) +{ + struct kvm_lapic *apic = vcpu->arch.apic; + + if (WARN_ON_ONCE(!lapic_in_kernel(vcpu)) || !apic->apicv_active) + return; + + kvm_x86_call(hwapic_isr_update)(vcpu, apic_find_highest_isr(apic)); +} +EXPORT_SYMBOL_GPL(kvm_apic_update_hwapic_isr); + int kvm_lapic_find_highest_irr(struct kvm_vcpu *vcpu) { /* This may race with setting of irr in __apic_accept_irq() and diff --git a/arch/x86/kvm/lapic.h b/arch/x86/kvm/lapic.h index 24add38beaf0..1a8553ebdb42 100644 --- a/arch/x86/kvm/lapic.h +++ b/arch/x86/kvm/lapic.h @@ -118,6 +118,7 @@ void kvm_apic_send_ipi(struct kvm_lapic *apic, u32 icr_low, u32 icr_high); int kvm_apic_set_base(struct kvm_vcpu *vcpu, u64 value, bool host_initiated); int kvm_apic_get_state(struct kvm_vcpu *vcpu, struct kvm_lapic_state *s); int kvm_apic_set_state(struct kvm_vcpu *vcpu, struct kvm_lapic_state *s); +void kvm_apic_update_hwapic_isr(struct kvm_vcpu *vcpu); int kvm_lapic_find_highest_irr(struct kvm_vcpu *vcpu); u64 kvm_get_lapic_tscdeadline_msr(struct kvm_vcpu *vcpu); diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c index aa78b6f38dfe..103baa8e4cf8 100644 --- a/arch/x86/kvm/vmx/nested.c +++ b/arch/x86/kvm/vmx/nested.c @@ -5050,6 +5050,11 @@ void nested_vmx_vmexit(struct kvm_vcpu *vcpu, u32 vm_exit_reason, kvm_make_request(KVM_REQ_APICV_UPDATE, vcpu); } + if (vmx->nested.update_vmcs01_hwapic_isr) { + vmx->nested.update_vmcs01_hwapic_isr = false; + kvm_apic_update_hwapic_isr(vcpu); + } + if ((vm_exit_reason != -1) && (enable_shadow_vmcs || nested_vmx_is_evmptr12_valid(vmx))) vmx->nested.need_vmcs12_to_shadow_sync = true; diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index 22cb11ab8709..01abcdcbbf70 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -6867,6 +6867,27 @@ void vmx_hwapic_isr_update(struct kvm_vcpu *vcpu, int max_isr) u16 status; u8 old; + /* + * If L2 is active, defer the SVI update until vmcs01 is loaded, as SVI + * is only relevant for if and only if Virtual Interrupt Delivery is + * enabled in vmcs12, and if VID is enabled then L2 EOIs affect L2's + * vAPIC, not L1's vAPIC. KVM must update vmcs01 on the next nested + * VM-Exit, otherwise L1 with run with a stale SVI. + */ + if (is_guest_mode(vcpu)) { + /* + * KVM is supposed to forward intercepted L2 EOIs to L1 if VID + * is enabled in vmcs12; as above, the EOIs affect L2's vAPIC. + * Note, userspace can stuff state while L2 is active; assert + * that VID is disabled if and only if the vCPU is in KVM_RUN + * to avoid false positives if userspace is setting APIC state. + */ + WARN_ON_ONCE(vcpu->wants_to_run && + nested_cpu_has_vid(get_vmcs12(vcpu))); + to_vmx(vcpu)->nested.update_vmcs01_hwapic_isr = true; + return; + } + if (max_isr == -1) max_isr = 0; diff --git a/arch/x86/kvm/vmx/vmx.h b/arch/x86/kvm/vmx/vmx.h index 43f573f6ca46..892302022094 100644 --- a/arch/x86/kvm/vmx/vmx.h +++ b/arch/x86/kvm/vmx/vmx.h @@ -176,6 +176,7 @@ struct nested_vmx { bool reload_vmcs01_apic_access_page; bool update_vmcs01_cpu_dirty_logging; bool update_vmcs01_apicv_status; + bool update_vmcs01_hwapic_isr; /* * Enlightened VMCS has been enabled. It does not mean that L1 has to

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] KVM: nVMX: Defer SVI update to vmcs01 on EOI when L2 is" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 04bc93cf49d16d01753b95ddb5d4f230b809a991 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021051-gender-figure-95e1@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 04bc93cf49d16d01753b95ddb5d4f230b809a991 Mon Sep 17 00:00:00 2001 From: Chao Gao <chao.gao(a)intel.com> Date: Wed, 27 Nov 2024 16:00:10 -0800 Subject: [PATCH] KVM: nVMX: Defer SVI update to vmcs01 on EOI when L2 is active w/o VID MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit If KVM emulates an EOI for L1's virtual APIC while L2 is active, defer updating GUEST_INTERUPT_STATUS.SVI, i.e. the VMCS's cache of the highest in-service IRQ, until L1 is active, as vmcs01, not vmcs02, needs to track vISR. The missed SVI update for vmcs01 can result in L1 interrupts being incorrectly blocked, e.g. if there is a pending interrupt with lower priority than the interrupt that was EOI'd. This bug only affects use cases where L1's vAPIC is effectively passed through to L2, e.g. in a pKVM scenario where L2 is L1's depriveleged host, as KVM will only emulate an EOI for L1's vAPIC if Virtual Interrupt Delivery (VID) is disabled in vmc12, and L1 isn't intercepting L2 accesses to its (virtual) APIC page (or if x2APIC is enabled, the EOI MSR). WARN() if KVM updates L1's ISR while L2 is active with VID enabled, as an EOI from L2 is supposed to affect L2's vAPIC, but still defer the update, to try to keep L1 alive. Specifically, KVM forwards all APICv-related VM-Exits to L1 via nested_vmx_l1_wants_exit(): case EXIT_REASON_APIC_ACCESS: case EXIT_REASON_APIC_WRITE: case EXIT_REASON_EOI_INDUCED: /* * The controls for "virtualize APIC accesses," "APIC- * register virtualization," and "virtual-interrupt * delivery" only come from vmcs12. */ return true; Fixes: c7c9c56ca26f ("x86, apicv: add virtual interrupt delivery support") Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/kvm/20230312180048.1778187-1-jason.cj.chen@intel.com Reported-by: Markku Ahvenjärvi <mankku(a)gmail.com> Closes: https://lore.kernel.org/all/20240920080012.74405-1-mankku@gmail.com Cc: Janne Karhunen <janne.karhunen(a)gmail.com> Signed-off-by: Chao Gao <chao.gao(a)intel.com> [sean: drop request, handle in VMX, write changelog] Tested-by: Chao Gao <chao.gao(a)intel.com> Link: https://lore.kernel.org/r/20241128000010.4051275-3-seanjc@google.com Signed-off-by: Sean Christopherson <seanjc(a)google.com> diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c index 39ae2f5f9866..d0913aceeae4 100644 --- a/arch/x86/kvm/lapic.c +++ b/arch/x86/kvm/lapic.c @@ -816,6 +816,17 @@ static inline void apic_clear_isr(int vec, struct kvm_lapic *apic) } } +void kvm_apic_update_hwapic_isr(struct kvm_vcpu *vcpu) +{ + struct kvm_lapic *apic = vcpu->arch.apic; + + if (WARN_ON_ONCE(!lapic_in_kernel(vcpu)) || !apic->apicv_active) + return; + + kvm_x86_call(hwapic_isr_update)(vcpu, apic_find_highest_isr(apic)); +} +EXPORT_SYMBOL_GPL(kvm_apic_update_hwapic_isr); + int kvm_lapic_find_highest_irr(struct kvm_vcpu *vcpu) { /* This may race with setting of irr in __apic_accept_irq() and diff --git a/arch/x86/kvm/lapic.h b/arch/x86/kvm/lapic.h index 24add38beaf0..1a8553ebdb42 100644 --- a/arch/x86/kvm/lapic.h +++ b/arch/x86/kvm/lapic.h @@ -118,6 +118,7 @@ void kvm_apic_send_ipi(struct kvm_lapic *apic, u32 icr_low, u32 icr_high); int kvm_apic_set_base(struct kvm_vcpu *vcpu, u64 value, bool host_initiated); int kvm_apic_get_state(struct kvm_vcpu *vcpu, struct kvm_lapic_state *s); int kvm_apic_set_state(struct kvm_vcpu *vcpu, struct kvm_lapic_state *s); +void kvm_apic_update_hwapic_isr(struct kvm_vcpu *vcpu); int kvm_lapic_find_highest_irr(struct kvm_vcpu *vcpu); u64 kvm_get_lapic_tscdeadline_msr(struct kvm_vcpu *vcpu); diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c index aa78b6f38dfe..103baa8e4cf8 100644 --- a/arch/x86/kvm/vmx/nested.c +++ b/arch/x86/kvm/vmx/nested.c @@ -5050,6 +5050,11 @@ void nested_vmx_vmexit(struct kvm_vcpu *vcpu, u32 vm_exit_reason, kvm_make_request(KVM_REQ_APICV_UPDATE, vcpu); } + if (vmx->nested.update_vmcs01_hwapic_isr) { + vmx->nested.update_vmcs01_hwapic_isr = false; + kvm_apic_update_hwapic_isr(vcpu); + } + if ((vm_exit_reason != -1) && (enable_shadow_vmcs || nested_vmx_is_evmptr12_valid(vmx))) vmx->nested.need_vmcs12_to_shadow_sync = true; diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index 22cb11ab8709..01abcdcbbf70 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -6867,6 +6867,27 @@ void vmx_hwapic_isr_update(struct kvm_vcpu *vcpu, int max_isr) u16 status; u8 old; + /* + * If L2 is active, defer the SVI update until vmcs01 is loaded, as SVI + * is only relevant for if and only if Virtual Interrupt Delivery is + * enabled in vmcs12, and if VID is enabled then L2 EOIs affect L2's + * vAPIC, not L1's vAPIC. KVM must update vmcs01 on the next nested + * VM-Exit, otherwise L1 with run with a stale SVI. + */ + if (is_guest_mode(vcpu)) { + /* + * KVM is supposed to forward intercepted L2 EOIs to L1 if VID + * is enabled in vmcs12; as above, the EOIs affect L2's vAPIC. + * Note, userspace can stuff state while L2 is active; assert + * that VID is disabled if and only if the vCPU is in KVM_RUN + * to avoid false positives if userspace is setting APIC state. + */ + WARN_ON_ONCE(vcpu->wants_to_run && + nested_cpu_has_vid(get_vmcs12(vcpu))); + to_vmx(vcpu)->nested.update_vmcs01_hwapic_isr = true; + return; + } + if (max_isr == -1) max_isr = 0; diff --git a/arch/x86/kvm/vmx/vmx.h b/arch/x86/kvm/vmx/vmx.h index 43f573f6ca46..892302022094 100644 --- a/arch/x86/kvm/vmx/vmx.h +++ b/arch/x86/kvm/vmx/vmx.h @@ -176,6 +176,7 @@ struct nested_vmx { bool reload_vmcs01_apic_access_page; bool update_vmcs01_cpu_dirty_logging; bool update_vmcs01_apicv_status; + bool update_vmcs01_hwapic_isr; /* * Enlightened VMCS has been enabled. It does not mean that L1 has to

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] KVM: nVMX: Defer SVI update to vmcs01 on EOI when L2 is" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 04bc93cf49d16d01753b95ddb5d4f230b809a991 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021050-undertone-outlying-d78e@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 04bc93cf49d16d01753b95ddb5d4f230b809a991 Mon Sep 17 00:00:00 2001 From: Chao Gao <chao.gao(a)intel.com> Date: Wed, 27 Nov 2024 16:00:10 -0800 Subject: [PATCH] KVM: nVMX: Defer SVI update to vmcs01 on EOI when L2 is active w/o VID MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit If KVM emulates an EOI for L1's virtual APIC while L2 is active, defer updating GUEST_INTERUPT_STATUS.SVI, i.e. the VMCS's cache of the highest in-service IRQ, until L1 is active, as vmcs01, not vmcs02, needs to track vISR. The missed SVI update for vmcs01 can result in L1 interrupts being incorrectly blocked, e.g. if there is a pending interrupt with lower priority than the interrupt that was EOI'd. This bug only affects use cases where L1's vAPIC is effectively passed through to L2, e.g. in a pKVM scenario where L2 is L1's depriveleged host, as KVM will only emulate an EOI for L1's vAPIC if Virtual Interrupt Delivery (VID) is disabled in vmc12, and L1 isn't intercepting L2 accesses to its (virtual) APIC page (or if x2APIC is enabled, the EOI MSR). WARN() if KVM updates L1's ISR while L2 is active with VID enabled, as an EOI from L2 is supposed to affect L2's vAPIC, but still defer the update, to try to keep L1 alive. Specifically, KVM forwards all APICv-related VM-Exits to L1 via nested_vmx_l1_wants_exit(): case EXIT_REASON_APIC_ACCESS: case EXIT_REASON_APIC_WRITE: case EXIT_REASON_EOI_INDUCED: /* * The controls for "virtualize APIC accesses," "APIC- * register virtualization," and "virtual-interrupt * delivery" only come from vmcs12. */ return true; Fixes: c7c9c56ca26f ("x86, apicv: add virtual interrupt delivery support") Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/kvm/20230312180048.1778187-1-jason.cj.chen@intel.com Reported-by: Markku Ahvenjärvi <mankku(a)gmail.com> Closes: https://lore.kernel.org/all/20240920080012.74405-1-mankku@gmail.com Cc: Janne Karhunen <janne.karhunen(a)gmail.com> Signed-off-by: Chao Gao <chao.gao(a)intel.com> [sean: drop request, handle in VMX, write changelog] Tested-by: Chao Gao <chao.gao(a)intel.com> Link: https://lore.kernel.org/r/20241128000010.4051275-3-seanjc@google.com Signed-off-by: Sean Christopherson <seanjc(a)google.com> diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c index 39ae2f5f9866..d0913aceeae4 100644 --- a/arch/x86/kvm/lapic.c +++ b/arch/x86/kvm/lapic.c @@ -816,6 +816,17 @@ static inline void apic_clear_isr(int vec, struct kvm_lapic *apic) } } +void kvm_apic_update_hwapic_isr(struct kvm_vcpu *vcpu) +{ + struct kvm_lapic *apic = vcpu->arch.apic; + + if (WARN_ON_ONCE(!lapic_in_kernel(vcpu)) || !apic->apicv_active) + return; + + kvm_x86_call(hwapic_isr_update)(vcpu, apic_find_highest_isr(apic)); +} +EXPORT_SYMBOL_GPL(kvm_apic_update_hwapic_isr); + int kvm_lapic_find_highest_irr(struct kvm_vcpu *vcpu) { /* This may race with setting of irr in __apic_accept_irq() and diff --git a/arch/x86/kvm/lapic.h b/arch/x86/kvm/lapic.h index 24add38beaf0..1a8553ebdb42 100644 --- a/arch/x86/kvm/lapic.h +++ b/arch/x86/kvm/lapic.h @@ -118,6 +118,7 @@ void kvm_apic_send_ipi(struct kvm_lapic *apic, u32 icr_low, u32 icr_high); int kvm_apic_set_base(struct kvm_vcpu *vcpu, u64 value, bool host_initiated); int kvm_apic_get_state(struct kvm_vcpu *vcpu, struct kvm_lapic_state *s); int kvm_apic_set_state(struct kvm_vcpu *vcpu, struct kvm_lapic_state *s); +void kvm_apic_update_hwapic_isr(struct kvm_vcpu *vcpu); int kvm_lapic_find_highest_irr(struct kvm_vcpu *vcpu); u64 kvm_get_lapic_tscdeadline_msr(struct kvm_vcpu *vcpu); diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c index aa78b6f38dfe..103baa8e4cf8 100644 --- a/arch/x86/kvm/vmx/nested.c +++ b/arch/x86/kvm/vmx/nested.c @@ -5050,6 +5050,11 @@ void nested_vmx_vmexit(struct kvm_vcpu *vcpu, u32 vm_exit_reason, kvm_make_request(KVM_REQ_APICV_UPDATE, vcpu); } + if (vmx->nested.update_vmcs01_hwapic_isr) { + vmx->nested.update_vmcs01_hwapic_isr = false; + kvm_apic_update_hwapic_isr(vcpu); + } + if ((vm_exit_reason != -1) && (enable_shadow_vmcs || nested_vmx_is_evmptr12_valid(vmx))) vmx->nested.need_vmcs12_to_shadow_sync = true; diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index 22cb11ab8709..01abcdcbbf70 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -6867,6 +6867,27 @@ void vmx_hwapic_isr_update(struct kvm_vcpu *vcpu, int max_isr) u16 status; u8 old; + /* + * If L2 is active, defer the SVI update until vmcs01 is loaded, as SVI + * is only relevant for if and only if Virtual Interrupt Delivery is + * enabled in vmcs12, and if VID is enabled then L2 EOIs affect L2's + * vAPIC, not L1's vAPIC. KVM must update vmcs01 on the next nested + * VM-Exit, otherwise L1 with run with a stale SVI. + */ + if (is_guest_mode(vcpu)) { + /* + * KVM is supposed to forward intercepted L2 EOIs to L1 if VID + * is enabled in vmcs12; as above, the EOIs affect L2's vAPIC. + * Note, userspace can stuff state while L2 is active; assert + * that VID is disabled if and only if the vCPU is in KVM_RUN + * to avoid false positives if userspace is setting APIC state. + */ + WARN_ON_ONCE(vcpu->wants_to_run && + nested_cpu_has_vid(get_vmcs12(vcpu))); + to_vmx(vcpu)->nested.update_vmcs01_hwapic_isr = true; + return; + } + if (max_isr == -1) max_isr = 0; diff --git a/arch/x86/kvm/vmx/vmx.h b/arch/x86/kvm/vmx/vmx.h index 43f573f6ca46..892302022094 100644 --- a/arch/x86/kvm/vmx/vmx.h +++ b/arch/x86/kvm/vmx/vmx.h @@ -176,6 +176,7 @@ struct nested_vmx { bool reload_vmcs01_apic_access_page; bool update_vmcs01_cpu_dirty_logging; bool update_vmcs01_apicv_status; + bool update_vmcs01_hwapic_isr; /* * Enlightened VMCS has been enabled. It does not mean that L1 has to

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] KVM: nVMX: Defer SVI update to vmcs01 on EOI when L2 is" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 04bc93cf49d16d01753b95ddb5d4f230b809a991 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021049-sprinkler-amaretto-8596@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 04bc93cf49d16d01753b95ddb5d4f230b809a991 Mon Sep 17 00:00:00 2001 From: Chao Gao <chao.gao(a)intel.com> Date: Wed, 27 Nov 2024 16:00:10 -0800 Subject: [PATCH] KVM: nVMX: Defer SVI update to vmcs01 on EOI when L2 is active w/o VID MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit If KVM emulates an EOI for L1's virtual APIC while L2 is active, defer updating GUEST_INTERUPT_STATUS.SVI, i.e. the VMCS's cache of the highest in-service IRQ, until L1 is active, as vmcs01, not vmcs02, needs to track vISR. The missed SVI update for vmcs01 can result in L1 interrupts being incorrectly blocked, e.g. if there is a pending interrupt with lower priority than the interrupt that was EOI'd. This bug only affects use cases where L1's vAPIC is effectively passed through to L2, e.g. in a pKVM scenario where L2 is L1's depriveleged host, as KVM will only emulate an EOI for L1's vAPIC if Virtual Interrupt Delivery (VID) is disabled in vmc12, and L1 isn't intercepting L2 accesses to its (virtual) APIC page (or if x2APIC is enabled, the EOI MSR). WARN() if KVM updates L1's ISR while L2 is active with VID enabled, as an EOI from L2 is supposed to affect L2's vAPIC, but still defer the update, to try to keep L1 alive. Specifically, KVM forwards all APICv-related VM-Exits to L1 via nested_vmx_l1_wants_exit(): case EXIT_REASON_APIC_ACCESS: case EXIT_REASON_APIC_WRITE: case EXIT_REASON_EOI_INDUCED: /* * The controls for "virtualize APIC accesses," "APIC- * register virtualization," and "virtual-interrupt * delivery" only come from vmcs12. */ return true; Fixes: c7c9c56ca26f ("x86, apicv: add virtual interrupt delivery support") Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/kvm/20230312180048.1778187-1-jason.cj.chen@intel.com Reported-by: Markku Ahvenjärvi <mankku(a)gmail.com> Closes: https://lore.kernel.org/all/20240920080012.74405-1-mankku@gmail.com Cc: Janne Karhunen <janne.karhunen(a)gmail.com> Signed-off-by: Chao Gao <chao.gao(a)intel.com> [sean: drop request, handle in VMX, write changelog] Tested-by: Chao Gao <chao.gao(a)intel.com> Link: https://lore.kernel.org/r/20241128000010.4051275-3-seanjc@google.com Signed-off-by: Sean Christopherson <seanjc(a)google.com> diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c index 39ae2f5f9866..d0913aceeae4 100644 --- a/arch/x86/kvm/lapic.c +++ b/arch/x86/kvm/lapic.c @@ -816,6 +816,17 @@ static inline void apic_clear_isr(int vec, struct kvm_lapic *apic) } } +void kvm_apic_update_hwapic_isr(struct kvm_vcpu *vcpu) +{ + struct kvm_lapic *apic = vcpu->arch.apic; + + if (WARN_ON_ONCE(!lapic_in_kernel(vcpu)) || !apic->apicv_active) + return; + + kvm_x86_call(hwapic_isr_update)(vcpu, apic_find_highest_isr(apic)); +} +EXPORT_SYMBOL_GPL(kvm_apic_update_hwapic_isr); + int kvm_lapic_find_highest_irr(struct kvm_vcpu *vcpu) { /* This may race with setting of irr in __apic_accept_irq() and diff --git a/arch/x86/kvm/lapic.h b/arch/x86/kvm/lapic.h index 24add38beaf0..1a8553ebdb42 100644 --- a/arch/x86/kvm/lapic.h +++ b/arch/x86/kvm/lapic.h @@ -118,6 +118,7 @@ void kvm_apic_send_ipi(struct kvm_lapic *apic, u32 icr_low, u32 icr_high); int kvm_apic_set_base(struct kvm_vcpu *vcpu, u64 value, bool host_initiated); int kvm_apic_get_state(struct kvm_vcpu *vcpu, struct kvm_lapic_state *s); int kvm_apic_set_state(struct kvm_vcpu *vcpu, struct kvm_lapic_state *s); +void kvm_apic_update_hwapic_isr(struct kvm_vcpu *vcpu); int kvm_lapic_find_highest_irr(struct kvm_vcpu *vcpu); u64 kvm_get_lapic_tscdeadline_msr(struct kvm_vcpu *vcpu); diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c index aa78b6f38dfe..103baa8e4cf8 100644 --- a/arch/x86/kvm/vmx/nested.c +++ b/arch/x86/kvm/vmx/nested.c @@ -5050,6 +5050,11 @@ void nested_vmx_vmexit(struct kvm_vcpu *vcpu, u32 vm_exit_reason, kvm_make_request(KVM_REQ_APICV_UPDATE, vcpu); } + if (vmx->nested.update_vmcs01_hwapic_isr) { + vmx->nested.update_vmcs01_hwapic_isr = false; + kvm_apic_update_hwapic_isr(vcpu); + } + if ((vm_exit_reason != -1) && (enable_shadow_vmcs || nested_vmx_is_evmptr12_valid(vmx))) vmx->nested.need_vmcs12_to_shadow_sync = true; diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index 22cb11ab8709..01abcdcbbf70 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -6867,6 +6867,27 @@ void vmx_hwapic_isr_update(struct kvm_vcpu *vcpu, int max_isr) u16 status; u8 old; + /* + * If L2 is active, defer the SVI update until vmcs01 is loaded, as SVI + * is only relevant for if and only if Virtual Interrupt Delivery is + * enabled in vmcs12, and if VID is enabled then L2 EOIs affect L2's + * vAPIC, not L1's vAPIC. KVM must update vmcs01 on the next nested + * VM-Exit, otherwise L1 with run with a stale SVI. + */ + if (is_guest_mode(vcpu)) { + /* + * KVM is supposed to forward intercepted L2 EOIs to L1 if VID + * is enabled in vmcs12; as above, the EOIs affect L2's vAPIC. + * Note, userspace can stuff state while L2 is active; assert + * that VID is disabled if and only if the vCPU is in KVM_RUN + * to avoid false positives if userspace is setting APIC state. + */ + WARN_ON_ONCE(vcpu->wants_to_run && + nested_cpu_has_vid(get_vmcs12(vcpu))); + to_vmx(vcpu)->nested.update_vmcs01_hwapic_isr = true; + return; + } + if (max_isr == -1) max_isr = 0; diff --git a/arch/x86/kvm/vmx/vmx.h b/arch/x86/kvm/vmx/vmx.h index 43f573f6ca46..892302022094 100644 --- a/arch/x86/kvm/vmx/vmx.h +++ b/arch/x86/kvm/vmx/vmx.h @@ -176,6 +176,7 @@ struct nested_vmx { bool reload_vmcs01_apic_access_page; bool update_vmcs01_cpu_dirty_logging; bool update_vmcs01_apicv_status; + bool update_vmcs01_hwapic_isr; /* * Enlightened VMCS has been enabled. It does not mean that L1 has to

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] KVM: nVMX: Defer SVI update to vmcs01 on EOI when L2 is" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 04bc93cf49d16d01753b95ddb5d4f230b809a991 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021048-giggly-device-2286@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 04bc93cf49d16d01753b95ddb5d4f230b809a991 Mon Sep 17 00:00:00 2001 From: Chao Gao <chao.gao(a)intel.com> Date: Wed, 27 Nov 2024 16:00:10 -0800 Subject: [PATCH] KVM: nVMX: Defer SVI update to vmcs01 on EOI when L2 is active w/o VID MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit If KVM emulates an EOI for L1's virtual APIC while L2 is active, defer updating GUEST_INTERUPT_STATUS.SVI, i.e. the VMCS's cache of the highest in-service IRQ, until L1 is active, as vmcs01, not vmcs02, needs to track vISR. The missed SVI update for vmcs01 can result in L1 interrupts being incorrectly blocked, e.g. if there is a pending interrupt with lower priority than the interrupt that was EOI'd. This bug only affects use cases where L1's vAPIC is effectively passed through to L2, e.g. in a pKVM scenario where L2 is L1's depriveleged host, as KVM will only emulate an EOI for L1's vAPIC if Virtual Interrupt Delivery (VID) is disabled in vmc12, and L1 isn't intercepting L2 accesses to its (virtual) APIC page (or if x2APIC is enabled, the EOI MSR). WARN() if KVM updates L1's ISR while L2 is active with VID enabled, as an EOI from L2 is supposed to affect L2's vAPIC, but still defer the update, to try to keep L1 alive. Specifically, KVM forwards all APICv-related VM-Exits to L1 via nested_vmx_l1_wants_exit(): case EXIT_REASON_APIC_ACCESS: case EXIT_REASON_APIC_WRITE: case EXIT_REASON_EOI_INDUCED: /* * The controls for "virtualize APIC accesses," "APIC- * register virtualization," and "virtual-interrupt * delivery" only come from vmcs12. */ return true; Fixes: c7c9c56ca26f ("x86, apicv: add virtual interrupt delivery support") Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/kvm/20230312180048.1778187-1-jason.cj.chen@intel.com Reported-by: Markku Ahvenjärvi <mankku(a)gmail.com> Closes: https://lore.kernel.org/all/20240920080012.74405-1-mankku@gmail.com Cc: Janne Karhunen <janne.karhunen(a)gmail.com> Signed-off-by: Chao Gao <chao.gao(a)intel.com> [sean: drop request, handle in VMX, write changelog] Tested-by: Chao Gao <chao.gao(a)intel.com> Link: https://lore.kernel.org/r/20241128000010.4051275-3-seanjc@google.com Signed-off-by: Sean Christopherson <seanjc(a)google.com> diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c index 39ae2f5f9866..d0913aceeae4 100644 --- a/arch/x86/kvm/lapic.c +++ b/arch/x86/kvm/lapic.c @@ -816,6 +816,17 @@ static inline void apic_clear_isr(int vec, struct kvm_lapic *apic) } } +void kvm_apic_update_hwapic_isr(struct kvm_vcpu *vcpu) +{ + struct kvm_lapic *apic = vcpu->arch.apic; + + if (WARN_ON_ONCE(!lapic_in_kernel(vcpu)) || !apic->apicv_active) + return; + + kvm_x86_call(hwapic_isr_update)(vcpu, apic_find_highest_isr(apic)); +} +EXPORT_SYMBOL_GPL(kvm_apic_update_hwapic_isr); + int kvm_lapic_find_highest_irr(struct kvm_vcpu *vcpu) { /* This may race with setting of irr in __apic_accept_irq() and diff --git a/arch/x86/kvm/lapic.h b/arch/x86/kvm/lapic.h index 24add38beaf0..1a8553ebdb42 100644 --- a/arch/x86/kvm/lapic.h +++ b/arch/x86/kvm/lapic.h @@ -118,6 +118,7 @@ void kvm_apic_send_ipi(struct kvm_lapic *apic, u32 icr_low, u32 icr_high); int kvm_apic_set_base(struct kvm_vcpu *vcpu, u64 value, bool host_initiated); int kvm_apic_get_state(struct kvm_vcpu *vcpu, struct kvm_lapic_state *s); int kvm_apic_set_state(struct kvm_vcpu *vcpu, struct kvm_lapic_state *s); +void kvm_apic_update_hwapic_isr(struct kvm_vcpu *vcpu); int kvm_lapic_find_highest_irr(struct kvm_vcpu *vcpu); u64 kvm_get_lapic_tscdeadline_msr(struct kvm_vcpu *vcpu); diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c index aa78b6f38dfe..103baa8e4cf8 100644 --- a/arch/x86/kvm/vmx/nested.c +++ b/arch/x86/kvm/vmx/nested.c @@ -5050,6 +5050,11 @@ void nested_vmx_vmexit(struct kvm_vcpu *vcpu, u32 vm_exit_reason, kvm_make_request(KVM_REQ_APICV_UPDATE, vcpu); } + if (vmx->nested.update_vmcs01_hwapic_isr) { + vmx->nested.update_vmcs01_hwapic_isr = false; + kvm_apic_update_hwapic_isr(vcpu); + } + if ((vm_exit_reason != -1) && (enable_shadow_vmcs || nested_vmx_is_evmptr12_valid(vmx))) vmx->nested.need_vmcs12_to_shadow_sync = true; diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index 22cb11ab8709..01abcdcbbf70 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -6867,6 +6867,27 @@ void vmx_hwapic_isr_update(struct kvm_vcpu *vcpu, int max_isr) u16 status; u8 old; + /* + * If L2 is active, defer the SVI update until vmcs01 is loaded, as SVI + * is only relevant for if and only if Virtual Interrupt Delivery is + * enabled in vmcs12, and if VID is enabled then L2 EOIs affect L2's + * vAPIC, not L1's vAPIC. KVM must update vmcs01 on the next nested + * VM-Exit, otherwise L1 with run with a stale SVI. + */ + if (is_guest_mode(vcpu)) { + /* + * KVM is supposed to forward intercepted L2 EOIs to L1 if VID + * is enabled in vmcs12; as above, the EOIs affect L2's vAPIC. + * Note, userspace can stuff state while L2 is active; assert + * that VID is disabled if and only if the vCPU is in KVM_RUN + * to avoid false positives if userspace is setting APIC state. + */ + WARN_ON_ONCE(vcpu->wants_to_run && + nested_cpu_has_vid(get_vmcs12(vcpu))); + to_vmx(vcpu)->nested.update_vmcs01_hwapic_isr = true; + return; + } + if (max_isr == -1) max_isr = 0; diff --git a/arch/x86/kvm/vmx/vmx.h b/arch/x86/kvm/vmx/vmx.h index 43f573f6ca46..892302022094 100644 --- a/arch/x86/kvm/vmx/vmx.h +++ b/arch/x86/kvm/vmx/vmx.h @@ -176,6 +176,7 @@ struct nested_vmx { bool reload_vmcs01_apic_access_page; bool update_vmcs01_cpu_dirty_logging; bool update_vmcs01_apicv_status; + bool update_vmcs01_hwapic_isr; /* * Enlightened VMCS has been enabled. It does not mean that L1 has to

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] arm64/sme: Move storage of reg_smidr to __cpuinfo_store_cpu()" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x d3c7c48d004f6c8d892f39b5d69884fd0fe98c81 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021015-natural-sleek-dde1@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d3c7c48d004f6c8d892f39b5d69884fd0fe98c81 Mon Sep 17 00:00:00 2001 From: Mark Brown <broonie(a)kernel.org> Date: Tue, 17 Dec 2024 21:59:48 +0000 Subject: [PATCH] arm64/sme: Move storage of reg_smidr to __cpuinfo_store_cpu() In commit 892f7237b3ff ("arm64: Delay initialisation of cpuinfo_arm64::reg_{zcr,smcr}") we moved access to ZCR, SMCR and SMIDR later in the boot process in order to ensure that we don't attempt to interact with them if SVE or SME is disabled on the command line. Unfortunately when initialising the boot CPU in init_cpu_features() we work on a copy of the struct cpuinfo_arm64 for the boot CPU used only during boot, not the percpu copy used by the sysfs code. The expectation of the feature identification code was that the ID registers would be read in __cpuinfo_store_cpu() and the values not modified by init_cpu_features(). The main reason for the original change was to avoid early accesses to ZCR on practical systems that were seen shipping with SVE reported in ID registers but traps enabled at EL3 and handled as fatal errors, SME was rolled in due to the similarity with SVE. Since then we have removed the early accesses to ZCR and SMCR in commits: abef0695f9665c3d ("arm64/sve: Remove ZCR pseudo register from cpufeature code") 391208485c3ad50f ("arm64/sve: Remove SMCR pseudo register from cpufeature code") so only the SMIDR_EL1 part of the change remains. Since SMIDR_EL1 is only trapped via FEAT_IDST and not the SME trap it is less likely to be affected by similar issues, and the factors that lead to issues with SVE are less likely to apply to SME. Since we have not yet seen practical SME systems that need to use a command line override (and are only just beginning to see SME systems at all) and the ID register read is much more likely to be safe let's just store SMIDR_EL1 along with all the other ID register reads in __cpuinfo_store_cpu(). This issue wasn't apparent when testing on emulated platforms that do not report values in SMIDR_EL1. Fixes: 892f7237b3ff ("arm64: Delay initialisation of cpuinfo_arm64::reg_{zcr,smcr}") Signed-off-by: Mark Brown <broonie(a)kernel.org> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20241217-arm64-fix-boot-cpu-smidr-v3-1-7be278a856… Signed-off-by: Will Deacon <will(a)kernel.org> diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c index 13de0c7af053..b105e6683571 100644 --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -1166,12 +1166,6 @@ void __init init_cpu_features(struct cpuinfo_arm64 *info) id_aa64pfr1_sme(read_sanitised_ftr_reg(SYS_ID_AA64PFR1_EL1))) { unsigned long cpacr = cpacr_save_enable_kernel_sme(); - /* - * We mask out SMPS since even if the hardware - * supports priorities the kernel does not at present - * and we block access to them. - */ - info->reg_smidr = read_cpuid(SMIDR_EL1) & ~SMIDR_EL1_SMPS; vec_init_vq_map(ARM64_VEC_SME); cpacr_restore(cpacr); @@ -1422,13 +1416,6 @@ void update_cpu_features(int cpu, id_aa64pfr1_sme(read_sanitised_ftr_reg(SYS_ID_AA64PFR1_EL1))) { unsigned long cpacr = cpacr_save_enable_kernel_sme(); - /* - * We mask out SMPS since even if the hardware - * supports priorities the kernel does not at present - * and we block access to them. - */ - info->reg_smidr = read_cpuid(SMIDR_EL1) & ~SMIDR_EL1_SMPS; - /* Probe vector lengths */ if (!system_capabilities_finalized()) vec_update_vq_map(ARM64_VEC_SME); diff --git a/arch/arm64/kernel/cpuinfo.c b/arch/arm64/kernel/cpuinfo.c index d79e88fccdfc..c45633b5ae23 100644 --- a/arch/arm64/kernel/cpuinfo.c +++ b/arch/arm64/kernel/cpuinfo.c @@ -482,6 +482,16 @@ static void __cpuinfo_store_cpu(struct cpuinfo_arm64 *info) if (id_aa64pfr0_mpam(info->reg_id_aa64pfr0)) info->reg_mpamidr = read_cpuid(MPAMIDR_EL1); + if (IS_ENABLED(CONFIG_ARM64_SME) && + id_aa64pfr1_sme(info->reg_id_aa64pfr1)) { + /* + * We mask out SMPS since even if the hardware + * supports priorities the kernel does not at present + * and we block access to them. + */ + info->reg_smidr = read_cpuid(SMIDR_EL1) & ~SMIDR_EL1_SMPS; + } + cpuinfo_detect_icache_policy(info); }

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] arm64/sme: Move storage of reg_smidr to __cpuinfo_store_cpu()" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x d3c7c48d004f6c8d892f39b5d69884fd0fe98c81 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021014-landscape-stencil-2aa9@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d3c7c48d004f6c8d892f39b5d69884fd0fe98c81 Mon Sep 17 00:00:00 2001 From: Mark Brown <broonie(a)kernel.org> Date: Tue, 17 Dec 2024 21:59:48 +0000 Subject: [PATCH] arm64/sme: Move storage of reg_smidr to __cpuinfo_store_cpu() In commit 892f7237b3ff ("arm64: Delay initialisation of cpuinfo_arm64::reg_{zcr,smcr}") we moved access to ZCR, SMCR and SMIDR later in the boot process in order to ensure that we don't attempt to interact with them if SVE or SME is disabled on the command line. Unfortunately when initialising the boot CPU in init_cpu_features() we work on a copy of the struct cpuinfo_arm64 for the boot CPU used only during boot, not the percpu copy used by the sysfs code. The expectation of the feature identification code was that the ID registers would be read in __cpuinfo_store_cpu() and the values not modified by init_cpu_features(). The main reason for the original change was to avoid early accesses to ZCR on practical systems that were seen shipping with SVE reported in ID registers but traps enabled at EL3 and handled as fatal errors, SME was rolled in due to the similarity with SVE. Since then we have removed the early accesses to ZCR and SMCR in commits: abef0695f9665c3d ("arm64/sve: Remove ZCR pseudo register from cpufeature code") 391208485c3ad50f ("arm64/sve: Remove SMCR pseudo register from cpufeature code") so only the SMIDR_EL1 part of the change remains. Since SMIDR_EL1 is only trapped via FEAT_IDST and not the SME trap it is less likely to be affected by similar issues, and the factors that lead to issues with SVE are less likely to apply to SME. Since we have not yet seen practical SME systems that need to use a command line override (and are only just beginning to see SME systems at all) and the ID register read is much more likely to be safe let's just store SMIDR_EL1 along with all the other ID register reads in __cpuinfo_store_cpu(). This issue wasn't apparent when testing on emulated platforms that do not report values in SMIDR_EL1. Fixes: 892f7237b3ff ("arm64: Delay initialisation of cpuinfo_arm64::reg_{zcr,smcr}") Signed-off-by: Mark Brown <broonie(a)kernel.org> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20241217-arm64-fix-boot-cpu-smidr-v3-1-7be278a856… Signed-off-by: Will Deacon <will(a)kernel.org> diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c index 13de0c7af053..b105e6683571 100644 --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -1166,12 +1166,6 @@ void __init init_cpu_features(struct cpuinfo_arm64 *info) id_aa64pfr1_sme(read_sanitised_ftr_reg(SYS_ID_AA64PFR1_EL1))) { unsigned long cpacr = cpacr_save_enable_kernel_sme(); - /* - * We mask out SMPS since even if the hardware - * supports priorities the kernel does not at present - * and we block access to them. - */ - info->reg_smidr = read_cpuid(SMIDR_EL1) & ~SMIDR_EL1_SMPS; vec_init_vq_map(ARM64_VEC_SME); cpacr_restore(cpacr); @@ -1422,13 +1416,6 @@ void update_cpu_features(int cpu, id_aa64pfr1_sme(read_sanitised_ftr_reg(SYS_ID_AA64PFR1_EL1))) { unsigned long cpacr = cpacr_save_enable_kernel_sme(); - /* - * We mask out SMPS since even if the hardware - * supports priorities the kernel does not at present - * and we block access to them. - */ - info->reg_smidr = read_cpuid(SMIDR_EL1) & ~SMIDR_EL1_SMPS; - /* Probe vector lengths */ if (!system_capabilities_finalized()) vec_update_vq_map(ARM64_VEC_SME); diff --git a/arch/arm64/kernel/cpuinfo.c b/arch/arm64/kernel/cpuinfo.c index d79e88fccdfc..c45633b5ae23 100644 --- a/arch/arm64/kernel/cpuinfo.c +++ b/arch/arm64/kernel/cpuinfo.c @@ -482,6 +482,16 @@ static void __cpuinfo_store_cpu(struct cpuinfo_arm64 *info) if (id_aa64pfr0_mpam(info->reg_id_aa64pfr0)) info->reg_mpamidr = read_cpuid(MPAMIDR_EL1); + if (IS_ENABLED(CONFIG_ARM64_SME) && + id_aa64pfr1_sme(info->reg_id_aa64pfr1)) { + /* + * We mask out SMPS since even if the hardware + * supports priorities the kernel does not at present + * and we block access to them. + */ + info->reg_smidr = read_cpuid(SMIDR_EL1) & ~SMIDR_EL1_SMPS; + } + cpuinfo_detect_icache_policy(info); }

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] arm64: Filter out SVE hwcaps when FEAT_SVE isn't implemented" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 064737920bdbca86df91b96aed256e88018fef3a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021017-pardon-unpeeled-1e81@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 064737920bdbca86df91b96aed256e88018fef3a Mon Sep 17 00:00:00 2001 From: Marc Zyngier <maz(a)kernel.org> Date: Tue, 7 Jan 2025 22:59:41 +0000 Subject: [PATCH] arm64: Filter out SVE hwcaps when FEAT_SVE isn't implemented The hwcaps code that exposes SVE features to userspace only considers ID_AA64ZFR0_EL1, while this is only valid when ID_AA64PFR0_EL1.SVE advertises that SVE is actually supported. The expectations are that when ID_AA64PFR0_EL1.SVE is 0, the ID_AA64ZFR0_EL1 register is also 0. So far, so good. Things become a bit more interesting if the HW implements SME. In this case, a few ID_AA64ZFR0_EL1 fields indicate *SME* features. And these fields overlap with their SVE interpretations. But the architecture says that the SME and SVE feature sets must match, so we're still hunky-dory. This goes wrong if the HW implements SME, but not SVE. In this case, we end-up advertising some SVE features to userspace, even if the HW has none. That's because we never consider whether SVE is actually implemented. Oh well. Fix it by restricting all SVE capabilities to ID_AA64PFR0_EL1.SVE being non-zero. The HWCAPS documentation is amended to reflect the actually checks performed by the kernel. Fixes: 06a916feca2b ("arm64: Expose SVE2 features for userspace") Reported-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Marc Zyngier <maz(a)kernel.org> Signed-off-by: Mark Brown <broonie(a)kernel.org> Cc: Will Deacon <will(a)kernel.org> Cc: Mark Rutland <mark.rutland(a)arm.com> Cc: stable(a)vger.kernel.org Reviewed-by: Mark Brown <broonie(a)kernel.org> Link: https://lore.kernel.org/r/20250107-arm64-2024-dpisa-v5-1-7578da51fc3d@kerne… Signed-off-by: Will Deacon <will(a)kernel.org> diff --git a/Documentation/arch/arm64/elf_hwcaps.rst b/Documentation/arch/arm64/elf_hwcaps.rst index 2ff922a406ad..1a31723e79fd 100644 --- a/Documentation/arch/arm64/elf_hwcaps.rst +++ b/Documentation/arch/arm64/elf_hwcaps.rst @@ -178,22 +178,28 @@ HWCAP2_DCPODP Functionality implied by ID_AA64ISAR1_EL1.DPB == 0b0010. HWCAP2_SVE2 - Functionality implied by ID_AA64ZFR0_EL1.SVEver == 0b0001. + Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and + ID_AA64ZFR0_EL1.SVEver == 0b0001. HWCAP2_SVEAES - Functionality implied by ID_AA64ZFR0_EL1.AES == 0b0001. + Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and + ID_AA64ZFR0_EL1.AES == 0b0001. HWCAP2_SVEPMULL - Functionality implied by ID_AA64ZFR0_EL1.AES == 0b0010. + Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and + ID_AA64ZFR0_EL1.AES == 0b0010. HWCAP2_SVEBITPERM - Functionality implied by ID_AA64ZFR0_EL1.BitPerm == 0b0001. + Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and + ID_AA64ZFR0_EL1.BitPerm == 0b0001. HWCAP2_SVESHA3 - Functionality implied by ID_AA64ZFR0_EL1.SHA3 == 0b0001. + Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and + ID_AA64ZFR0_EL1.SHA3 == 0b0001. HWCAP2_SVESM4 - Functionality implied by ID_AA64ZFR0_EL1.SM4 == 0b0001. + Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and + ID_AA64ZFR0_EL1.SM4 == 0b0001. HWCAP2_FLAGM2 Functionality implied by ID_AA64ISAR0_EL1.TS == 0b0010. @@ -202,16 +208,20 @@ HWCAP2_FRINT Functionality implied by ID_AA64ISAR1_EL1.FRINTTS == 0b0001. HWCAP2_SVEI8MM - Functionality implied by ID_AA64ZFR0_EL1.I8MM == 0b0001. + Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and + ID_AA64ZFR0_EL1.I8MM == 0b0001. HWCAP2_SVEF32MM - Functionality implied by ID_AA64ZFR0_EL1.F32MM == 0b0001. + Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and + ID_AA64ZFR0_EL1.F32MM == 0b0001. HWCAP2_SVEF64MM - Functionality implied by ID_AA64ZFR0_EL1.F64MM == 0b0001. + Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and + ID_AA64ZFR0_EL1.F64MM == 0b0001. HWCAP2_SVEBF16 - Functionality implied by ID_AA64ZFR0_EL1.BF16 == 0b0001. + Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and + ID_AA64ZFR0_EL1.BF16 == 0b0001. HWCAP2_I8MM Functionality implied by ID_AA64ISAR1_EL1.I8MM == 0b0001. @@ -277,7 +287,8 @@ HWCAP2_EBF16 Functionality implied by ID_AA64ISAR1_EL1.BF16 == 0b0010. HWCAP2_SVE_EBF16 - Functionality implied by ID_AA64ZFR0_EL1.BF16 == 0b0010. + Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and + ID_AA64ZFR0_EL1.BF16 == 0b0010. HWCAP2_CSSC Functionality implied by ID_AA64ISAR2_EL1.CSSC == 0b0001. @@ -286,7 +297,8 @@ HWCAP2_RPRFM Functionality implied by ID_AA64ISAR2_EL1.RPRFM == 0b0001. HWCAP2_SVE2P1 - Functionality implied by ID_AA64ZFR0_EL1.SVEver == 0b0010. + Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and + ID_AA64ZFR0_EL1.SVEver == 0b0010. HWCAP2_SME2 Functionality implied by ID_AA64SMFR0_EL1.SMEver == 0b0001. @@ -313,7 +325,8 @@ HWCAP2_HBC Functionality implied by ID_AA64ISAR2_EL1.BC == 0b0001. HWCAP2_SVE_B16B16 - Functionality implied by ID_AA64ZFR0_EL1.B16B16 == 0b0001. + Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and + ID_AA64ZFR0_EL1.B16B16 == 0b0001. HWCAP2_LRCPC3 Functionality implied by ID_AA64ISAR1_EL1.LRCPC == 0b0011. diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c index b105e6683571..678da3ffaef9 100644 --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -3008,6 +3008,13 @@ static const struct arm64_cpu_capabilities arm64_features[] = { .matches = match, \ } +#define HWCAP_CAP_MATCH_ID(match, reg, field, min_value, cap_type, cap) \ + { \ + __HWCAP_CAP(#cap, cap_type, cap) \ + HWCAP_CPUID_MATCH(reg, field, min_value) \ + .matches = match, \ + } + #ifdef CONFIG_ARM64_PTR_AUTH static const struct arm64_cpu_capabilities ptr_auth_hwcap_addr_matches[] = { { @@ -3036,6 +3043,13 @@ static const struct arm64_cpu_capabilities ptr_auth_hwcap_gen_matches[] = { }; #endif +#ifdef CONFIG_ARM64_SVE +static bool has_sve_feature(const struct arm64_cpu_capabilities *cap, int scope) +{ + return system_supports_sve() && has_user_cpuid_feature(cap, scope); +} +#endif + static const struct arm64_cpu_capabilities arm64_elf_hwcaps[] = { HWCAP_CAP(ID_AA64ISAR0_EL1, AES, PMULL, CAP_HWCAP, KERNEL_HWCAP_PMULL), HWCAP_CAP(ID_AA64ISAR0_EL1, AES, AES, CAP_HWCAP, KERNEL_HWCAP_AES), @@ -3078,19 +3092,19 @@ static const struct arm64_cpu_capabilities arm64_elf_hwcaps[] = { HWCAP_CAP(ID_AA64MMFR2_EL1, AT, IMP, CAP_HWCAP, KERNEL_HWCAP_USCAT), #ifdef CONFIG_ARM64_SVE HWCAP_CAP(ID_AA64PFR0_EL1, SVE, IMP, CAP_HWCAP, KERNEL_HWCAP_SVE), - HWCAP_CAP(ID_AA64ZFR0_EL1, SVEver, SVE2p1, CAP_HWCAP, KERNEL_HWCAP_SVE2P1), - HWCAP_CAP(ID_AA64ZFR0_EL1, SVEver, SVE2, CAP_HWCAP, KERNEL_HWCAP_SVE2), - HWCAP_CAP(ID_AA64ZFR0_EL1, AES, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEAES), - HWCAP_CAP(ID_AA64ZFR0_EL1, AES, PMULL128, CAP_HWCAP, KERNEL_HWCAP_SVEPMULL), - HWCAP_CAP(ID_AA64ZFR0_EL1, BitPerm, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEBITPERM), - HWCAP_CAP(ID_AA64ZFR0_EL1, B16B16, IMP, CAP_HWCAP, KERNEL_HWCAP_SVE_B16B16), - HWCAP_CAP(ID_AA64ZFR0_EL1, BF16, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEBF16), - HWCAP_CAP(ID_AA64ZFR0_EL1, BF16, EBF16, CAP_HWCAP, KERNEL_HWCAP_SVE_EBF16), - HWCAP_CAP(ID_AA64ZFR0_EL1, SHA3, IMP, CAP_HWCAP, KERNEL_HWCAP_SVESHA3), - HWCAP_CAP(ID_AA64ZFR0_EL1, SM4, IMP, CAP_HWCAP, KERNEL_HWCAP_SVESM4), - HWCAP_CAP(ID_AA64ZFR0_EL1, I8MM, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEI8MM), - HWCAP_CAP(ID_AA64ZFR0_EL1, F32MM, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEF32MM), - HWCAP_CAP(ID_AA64ZFR0_EL1, F64MM, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEF64MM), + HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, SVEver, SVE2p1, CAP_HWCAP, KERNEL_HWCAP_SVE2P1), + HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, SVEver, SVE2, CAP_HWCAP, KERNEL_HWCAP_SVE2), + HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, AES, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEAES), + HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, AES, PMULL128, CAP_HWCAP, KERNEL_HWCAP_SVEPMULL), + HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, BitPerm, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEBITPERM), + HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, B16B16, IMP, CAP_HWCAP, KERNEL_HWCAP_SVE_B16B16), + HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, BF16, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEBF16), + HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, BF16, EBF16, CAP_HWCAP, KERNEL_HWCAP_SVE_EBF16), + HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, SHA3, IMP, CAP_HWCAP, KERNEL_HWCAP_SVESHA3), + HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, SM4, IMP, CAP_HWCAP, KERNEL_HWCAP_SVESM4), + HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, I8MM, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEI8MM), + HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, F32MM, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEF32MM), + HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, F64MM, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEF64MM), #endif #ifdef CONFIG_ARM64_GCS HWCAP_CAP(ID_AA64PFR1_EL1, GCS, IMP, CAP_HWCAP, KERNEL_HWCAP_GCS),

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] arm64: Filter out SVE hwcaps when FEAT_SVE isn't implemented" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 064737920bdbca86df91b96aed256e88018fef3a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021012-straw-unsterile-169b@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 064737920bdbca86df91b96aed256e88018fef3a Mon Sep 17 00:00:00 2001 From: Marc Zyngier <maz(a)kernel.org> Date: Tue, 7 Jan 2025 22:59:41 +0000 Subject: [PATCH] arm64: Filter out SVE hwcaps when FEAT_SVE isn't implemented The hwcaps code that exposes SVE features to userspace only considers ID_AA64ZFR0_EL1, while this is only valid when ID_AA64PFR0_EL1.SVE advertises that SVE is actually supported. The expectations are that when ID_AA64PFR0_EL1.SVE is 0, the ID_AA64ZFR0_EL1 register is also 0. So far, so good. Things become a bit more interesting if the HW implements SME. In this case, a few ID_AA64ZFR0_EL1 fields indicate *SME* features. And these fields overlap with their SVE interpretations. But the architecture says that the SME and SVE feature sets must match, so we're still hunky-dory. This goes wrong if the HW implements SME, but not SVE. In this case, we end-up advertising some SVE features to userspace, even if the HW has none. That's because we never consider whether SVE is actually implemented. Oh well. Fix it by restricting all SVE capabilities to ID_AA64PFR0_EL1.SVE being non-zero. The HWCAPS documentation is amended to reflect the actually checks performed by the kernel. Fixes: 06a916feca2b ("arm64: Expose SVE2 features for userspace") Reported-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Marc Zyngier <maz(a)kernel.org> Signed-off-by: Mark Brown <broonie(a)kernel.org> Cc: Will Deacon <will(a)kernel.org> Cc: Mark Rutland <mark.rutland(a)arm.com> Cc: stable(a)vger.kernel.org Reviewed-by: Mark Brown <broonie(a)kernel.org> Link: https://lore.kernel.org/r/20250107-arm64-2024-dpisa-v5-1-7578da51fc3d@kerne… Signed-off-by: Will Deacon <will(a)kernel.org> diff --git a/Documentation/arch/arm64/elf_hwcaps.rst b/Documentation/arch/arm64/elf_hwcaps.rst index 2ff922a406ad..1a31723e79fd 100644 --- a/Documentation/arch/arm64/elf_hwcaps.rst +++ b/Documentation/arch/arm64/elf_hwcaps.rst @@ -178,22 +178,28 @@ HWCAP2_DCPODP Functionality implied by ID_AA64ISAR1_EL1.DPB == 0b0010. HWCAP2_SVE2 - Functionality implied by ID_AA64ZFR0_EL1.SVEver == 0b0001. + Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and + ID_AA64ZFR0_EL1.SVEver == 0b0001. HWCAP2_SVEAES - Functionality implied by ID_AA64ZFR0_EL1.AES == 0b0001. + Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and + ID_AA64ZFR0_EL1.AES == 0b0001. HWCAP2_SVEPMULL - Functionality implied by ID_AA64ZFR0_EL1.AES == 0b0010. + Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and + ID_AA64ZFR0_EL1.AES == 0b0010. HWCAP2_SVEBITPERM - Functionality implied by ID_AA64ZFR0_EL1.BitPerm == 0b0001. + Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and + ID_AA64ZFR0_EL1.BitPerm == 0b0001. HWCAP2_SVESHA3 - Functionality implied by ID_AA64ZFR0_EL1.SHA3 == 0b0001. + Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and + ID_AA64ZFR0_EL1.SHA3 == 0b0001. HWCAP2_SVESM4 - Functionality implied by ID_AA64ZFR0_EL1.SM4 == 0b0001. + Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and + ID_AA64ZFR0_EL1.SM4 == 0b0001. HWCAP2_FLAGM2 Functionality implied by ID_AA64ISAR0_EL1.TS == 0b0010. @@ -202,16 +208,20 @@ HWCAP2_FRINT Functionality implied by ID_AA64ISAR1_EL1.FRINTTS == 0b0001. HWCAP2_SVEI8MM - Functionality implied by ID_AA64ZFR0_EL1.I8MM == 0b0001. + Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and + ID_AA64ZFR0_EL1.I8MM == 0b0001. HWCAP2_SVEF32MM - Functionality implied by ID_AA64ZFR0_EL1.F32MM == 0b0001. + Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and + ID_AA64ZFR0_EL1.F32MM == 0b0001. HWCAP2_SVEF64MM - Functionality implied by ID_AA64ZFR0_EL1.F64MM == 0b0001. + Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and + ID_AA64ZFR0_EL1.F64MM == 0b0001. HWCAP2_SVEBF16 - Functionality implied by ID_AA64ZFR0_EL1.BF16 == 0b0001. + Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and + ID_AA64ZFR0_EL1.BF16 == 0b0001. HWCAP2_I8MM Functionality implied by ID_AA64ISAR1_EL1.I8MM == 0b0001. @@ -277,7 +287,8 @@ HWCAP2_EBF16 Functionality implied by ID_AA64ISAR1_EL1.BF16 == 0b0010. HWCAP2_SVE_EBF16 - Functionality implied by ID_AA64ZFR0_EL1.BF16 == 0b0010. + Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and + ID_AA64ZFR0_EL1.BF16 == 0b0010. HWCAP2_CSSC Functionality implied by ID_AA64ISAR2_EL1.CSSC == 0b0001. @@ -286,7 +297,8 @@ HWCAP2_RPRFM Functionality implied by ID_AA64ISAR2_EL1.RPRFM == 0b0001. HWCAP2_SVE2P1 - Functionality implied by ID_AA64ZFR0_EL1.SVEver == 0b0010. + Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and + ID_AA64ZFR0_EL1.SVEver == 0b0010. HWCAP2_SME2 Functionality implied by ID_AA64SMFR0_EL1.SMEver == 0b0001. @@ -313,7 +325,8 @@ HWCAP2_HBC Functionality implied by ID_AA64ISAR2_EL1.BC == 0b0001. HWCAP2_SVE_B16B16 - Functionality implied by ID_AA64ZFR0_EL1.B16B16 == 0b0001. + Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and + ID_AA64ZFR0_EL1.B16B16 == 0b0001. HWCAP2_LRCPC3 Functionality implied by ID_AA64ISAR1_EL1.LRCPC == 0b0011. diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c index b105e6683571..678da3ffaef9 100644 --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -3008,6 +3008,13 @@ static const struct arm64_cpu_capabilities arm64_features[] = { .matches = match, \ } +#define HWCAP_CAP_MATCH_ID(match, reg, field, min_value, cap_type, cap) \ + { \ + __HWCAP_CAP(#cap, cap_type, cap) \ + HWCAP_CPUID_MATCH(reg, field, min_value) \ + .matches = match, \ + } + #ifdef CONFIG_ARM64_PTR_AUTH static const struct arm64_cpu_capabilities ptr_auth_hwcap_addr_matches[] = { { @@ -3036,6 +3043,13 @@ static const struct arm64_cpu_capabilities ptr_auth_hwcap_gen_matches[] = { }; #endif +#ifdef CONFIG_ARM64_SVE +static bool has_sve_feature(const struct arm64_cpu_capabilities *cap, int scope) +{ + return system_supports_sve() && has_user_cpuid_feature(cap, scope); +} +#endif + static const struct arm64_cpu_capabilities arm64_elf_hwcaps[] = { HWCAP_CAP(ID_AA64ISAR0_EL1, AES, PMULL, CAP_HWCAP, KERNEL_HWCAP_PMULL), HWCAP_CAP(ID_AA64ISAR0_EL1, AES, AES, CAP_HWCAP, KERNEL_HWCAP_AES), @@ -3078,19 +3092,19 @@ static const struct arm64_cpu_capabilities arm64_elf_hwcaps[] = { HWCAP_CAP(ID_AA64MMFR2_EL1, AT, IMP, CAP_HWCAP, KERNEL_HWCAP_USCAT), #ifdef CONFIG_ARM64_SVE HWCAP_CAP(ID_AA64PFR0_EL1, SVE, IMP, CAP_HWCAP, KERNEL_HWCAP_SVE), - HWCAP_CAP(ID_AA64ZFR0_EL1, SVEver, SVE2p1, CAP_HWCAP, KERNEL_HWCAP_SVE2P1), - HWCAP_CAP(ID_AA64ZFR0_EL1, SVEver, SVE2, CAP_HWCAP, KERNEL_HWCAP_SVE2), - HWCAP_CAP(ID_AA64ZFR0_EL1, AES, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEAES), - HWCAP_CAP(ID_AA64ZFR0_EL1, AES, PMULL128, CAP_HWCAP, KERNEL_HWCAP_SVEPMULL), - HWCAP_CAP(ID_AA64ZFR0_EL1, BitPerm, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEBITPERM), - HWCAP_CAP(ID_AA64ZFR0_EL1, B16B16, IMP, CAP_HWCAP, KERNEL_HWCAP_SVE_B16B16), - HWCAP_CAP(ID_AA64ZFR0_EL1, BF16, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEBF16), - HWCAP_CAP(ID_AA64ZFR0_EL1, BF16, EBF16, CAP_HWCAP, KERNEL_HWCAP_SVE_EBF16), - HWCAP_CAP(ID_AA64ZFR0_EL1, SHA3, IMP, CAP_HWCAP, KERNEL_HWCAP_SVESHA3), - HWCAP_CAP(ID_AA64ZFR0_EL1, SM4, IMP, CAP_HWCAP, KERNEL_HWCAP_SVESM4), - HWCAP_CAP(ID_AA64ZFR0_EL1, I8MM, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEI8MM), - HWCAP_CAP(ID_AA64ZFR0_EL1, F32MM, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEF32MM), - HWCAP_CAP(ID_AA64ZFR0_EL1, F64MM, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEF64MM), + HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, SVEver, SVE2p1, CAP_HWCAP, KERNEL_HWCAP_SVE2P1), + HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, SVEver, SVE2, CAP_HWCAP, KERNEL_HWCAP_SVE2), + HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, AES, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEAES), + HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, AES, PMULL128, CAP_HWCAP, KERNEL_HWCAP_SVEPMULL), + HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, BitPerm, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEBITPERM), + HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, B16B16, IMP, CAP_HWCAP, KERNEL_HWCAP_SVE_B16B16), + HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, BF16, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEBF16), + HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, BF16, EBF16, CAP_HWCAP, KERNEL_HWCAP_SVE_EBF16), + HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, SHA3, IMP, CAP_HWCAP, KERNEL_HWCAP_SVESHA3), + HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, SM4, IMP, CAP_HWCAP, KERNEL_HWCAP_SVESM4), + HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, I8MM, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEI8MM), + HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, F32MM, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEF32MM), + HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, F64MM, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEF64MM), #endif #ifdef CONFIG_ARM64_GCS HWCAP_CAP(ID_AA64PFR1_EL1, GCS, IMP, CAP_HWCAP, KERNEL_HWCAP_GCS),

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] arm64: Filter out SVE hwcaps when FEAT_SVE isn't implemented" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 064737920bdbca86df91b96aed256e88018fef3a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021006-unclog-unlearned-af9c@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 064737920bdbca86df91b96aed256e88018fef3a Mon Sep 17 00:00:00 2001 From: Marc Zyngier <maz(a)kernel.org> Date: Tue, 7 Jan 2025 22:59:41 +0000 Subject: [PATCH] arm64: Filter out SVE hwcaps when FEAT_SVE isn't implemented The hwcaps code that exposes SVE features to userspace only considers ID_AA64ZFR0_EL1, while this is only valid when ID_AA64PFR0_EL1.SVE advertises that SVE is actually supported. The expectations are that when ID_AA64PFR0_EL1.SVE is 0, the ID_AA64ZFR0_EL1 register is also 0. So far, so good. Things become a bit more interesting if the HW implements SME. In this case, a few ID_AA64ZFR0_EL1 fields indicate *SME* features. And these fields overlap with their SVE interpretations. But the architecture says that the SME and SVE feature sets must match, so we're still hunky-dory. This goes wrong if the HW implements SME, but not SVE. In this case, we end-up advertising some SVE features to userspace, even if the HW has none. That's because we never consider whether SVE is actually implemented. Oh well. Fix it by restricting all SVE capabilities to ID_AA64PFR0_EL1.SVE being non-zero. The HWCAPS documentation is amended to reflect the actually checks performed by the kernel. Fixes: 06a916feca2b ("arm64: Expose SVE2 features for userspace") Reported-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Marc Zyngier <maz(a)kernel.org> Signed-off-by: Mark Brown <broonie(a)kernel.org> Cc: Will Deacon <will(a)kernel.org> Cc: Mark Rutland <mark.rutland(a)arm.com> Cc: stable(a)vger.kernel.org Reviewed-by: Mark Brown <broonie(a)kernel.org> Link: https://lore.kernel.org/r/20250107-arm64-2024-dpisa-v5-1-7578da51fc3d@kerne… Signed-off-by: Will Deacon <will(a)kernel.org> diff --git a/Documentation/arch/arm64/elf_hwcaps.rst b/Documentation/arch/arm64/elf_hwcaps.rst index 2ff922a406ad..1a31723e79fd 100644 --- a/Documentation/arch/arm64/elf_hwcaps.rst +++ b/Documentation/arch/arm64/elf_hwcaps.rst @@ -178,22 +178,28 @@ HWCAP2_DCPODP Functionality implied by ID_AA64ISAR1_EL1.DPB == 0b0010. HWCAP2_SVE2 - Functionality implied by ID_AA64ZFR0_EL1.SVEver == 0b0001. + Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and + ID_AA64ZFR0_EL1.SVEver == 0b0001. HWCAP2_SVEAES - Functionality implied by ID_AA64ZFR0_EL1.AES == 0b0001. + Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and + ID_AA64ZFR0_EL1.AES == 0b0001. HWCAP2_SVEPMULL - Functionality implied by ID_AA64ZFR0_EL1.AES == 0b0010. + Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and + ID_AA64ZFR0_EL1.AES == 0b0010. HWCAP2_SVEBITPERM - Functionality implied by ID_AA64ZFR0_EL1.BitPerm == 0b0001. + Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and + ID_AA64ZFR0_EL1.BitPerm == 0b0001. HWCAP2_SVESHA3 - Functionality implied by ID_AA64ZFR0_EL1.SHA3 == 0b0001. + Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and + ID_AA64ZFR0_EL1.SHA3 == 0b0001. HWCAP2_SVESM4 - Functionality implied by ID_AA64ZFR0_EL1.SM4 == 0b0001. + Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and + ID_AA64ZFR0_EL1.SM4 == 0b0001. HWCAP2_FLAGM2 Functionality implied by ID_AA64ISAR0_EL1.TS == 0b0010. @@ -202,16 +208,20 @@ HWCAP2_FRINT Functionality implied by ID_AA64ISAR1_EL1.FRINTTS == 0b0001. HWCAP2_SVEI8MM - Functionality implied by ID_AA64ZFR0_EL1.I8MM == 0b0001. + Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and + ID_AA64ZFR0_EL1.I8MM == 0b0001. HWCAP2_SVEF32MM - Functionality implied by ID_AA64ZFR0_EL1.F32MM == 0b0001. + Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and + ID_AA64ZFR0_EL1.F32MM == 0b0001. HWCAP2_SVEF64MM - Functionality implied by ID_AA64ZFR0_EL1.F64MM == 0b0001. + Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and + ID_AA64ZFR0_EL1.F64MM == 0b0001. HWCAP2_SVEBF16 - Functionality implied by ID_AA64ZFR0_EL1.BF16 == 0b0001. + Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and + ID_AA64ZFR0_EL1.BF16 == 0b0001. HWCAP2_I8MM Functionality implied by ID_AA64ISAR1_EL1.I8MM == 0b0001. @@ -277,7 +287,8 @@ HWCAP2_EBF16 Functionality implied by ID_AA64ISAR1_EL1.BF16 == 0b0010. HWCAP2_SVE_EBF16 - Functionality implied by ID_AA64ZFR0_EL1.BF16 == 0b0010. + Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and + ID_AA64ZFR0_EL1.BF16 == 0b0010. HWCAP2_CSSC Functionality implied by ID_AA64ISAR2_EL1.CSSC == 0b0001. @@ -286,7 +297,8 @@ HWCAP2_RPRFM Functionality implied by ID_AA64ISAR2_EL1.RPRFM == 0b0001. HWCAP2_SVE2P1 - Functionality implied by ID_AA64ZFR0_EL1.SVEver == 0b0010. + Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and + ID_AA64ZFR0_EL1.SVEver == 0b0010. HWCAP2_SME2 Functionality implied by ID_AA64SMFR0_EL1.SMEver == 0b0001. @@ -313,7 +325,8 @@ HWCAP2_HBC Functionality implied by ID_AA64ISAR2_EL1.BC == 0b0001. HWCAP2_SVE_B16B16 - Functionality implied by ID_AA64ZFR0_EL1.B16B16 == 0b0001. + Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and + ID_AA64ZFR0_EL1.B16B16 == 0b0001. HWCAP2_LRCPC3 Functionality implied by ID_AA64ISAR1_EL1.LRCPC == 0b0011. diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c index b105e6683571..678da3ffaef9 100644 --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -3008,6 +3008,13 @@ static const struct arm64_cpu_capabilities arm64_features[] = { .matches = match, \ } +#define HWCAP_CAP_MATCH_ID(match, reg, field, min_value, cap_type, cap) \ + { \ + __HWCAP_CAP(#cap, cap_type, cap) \ + HWCAP_CPUID_MATCH(reg, field, min_value) \ + .matches = match, \ + } + #ifdef CONFIG_ARM64_PTR_AUTH static const struct arm64_cpu_capabilities ptr_auth_hwcap_addr_matches[] = { { @@ -3036,6 +3043,13 @@ static const struct arm64_cpu_capabilities ptr_auth_hwcap_gen_matches[] = { }; #endif +#ifdef CONFIG_ARM64_SVE +static bool has_sve_feature(const struct arm64_cpu_capabilities *cap, int scope) +{ + return system_supports_sve() && has_user_cpuid_feature(cap, scope); +} +#endif + static const struct arm64_cpu_capabilities arm64_elf_hwcaps[] = { HWCAP_CAP(ID_AA64ISAR0_EL1, AES, PMULL, CAP_HWCAP, KERNEL_HWCAP_PMULL), HWCAP_CAP(ID_AA64ISAR0_EL1, AES, AES, CAP_HWCAP, KERNEL_HWCAP_AES), @@ -3078,19 +3092,19 @@ static const struct arm64_cpu_capabilities arm64_elf_hwcaps[] = { HWCAP_CAP(ID_AA64MMFR2_EL1, AT, IMP, CAP_HWCAP, KERNEL_HWCAP_USCAT), #ifdef CONFIG_ARM64_SVE HWCAP_CAP(ID_AA64PFR0_EL1, SVE, IMP, CAP_HWCAP, KERNEL_HWCAP_SVE), - HWCAP_CAP(ID_AA64ZFR0_EL1, SVEver, SVE2p1, CAP_HWCAP, KERNEL_HWCAP_SVE2P1), - HWCAP_CAP(ID_AA64ZFR0_EL1, SVEver, SVE2, CAP_HWCAP, KERNEL_HWCAP_SVE2), - HWCAP_CAP(ID_AA64ZFR0_EL1, AES, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEAES), - HWCAP_CAP(ID_AA64ZFR0_EL1, AES, PMULL128, CAP_HWCAP, KERNEL_HWCAP_SVEPMULL), - HWCAP_CAP(ID_AA64ZFR0_EL1, BitPerm, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEBITPERM), - HWCAP_CAP(ID_AA64ZFR0_EL1, B16B16, IMP, CAP_HWCAP, KERNEL_HWCAP_SVE_B16B16), - HWCAP_CAP(ID_AA64ZFR0_EL1, BF16, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEBF16), - HWCAP_CAP(ID_AA64ZFR0_EL1, BF16, EBF16, CAP_HWCAP, KERNEL_HWCAP_SVE_EBF16), - HWCAP_CAP(ID_AA64ZFR0_EL1, SHA3, IMP, CAP_HWCAP, KERNEL_HWCAP_SVESHA3), - HWCAP_CAP(ID_AA64ZFR0_EL1, SM4, IMP, CAP_HWCAP, KERNEL_HWCAP_SVESM4), - HWCAP_CAP(ID_AA64ZFR0_EL1, I8MM, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEI8MM), - HWCAP_CAP(ID_AA64ZFR0_EL1, F32MM, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEF32MM), - HWCAP_CAP(ID_AA64ZFR0_EL1, F64MM, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEF64MM), + HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, SVEver, SVE2p1, CAP_HWCAP, KERNEL_HWCAP_SVE2P1), + HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, SVEver, SVE2, CAP_HWCAP, KERNEL_HWCAP_SVE2), + HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, AES, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEAES), + HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, AES, PMULL128, CAP_HWCAP, KERNEL_HWCAP_SVEPMULL), + HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, BitPerm, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEBITPERM), + HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, B16B16, IMP, CAP_HWCAP, KERNEL_HWCAP_SVE_B16B16), + HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, BF16, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEBF16), + HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, BF16, EBF16, CAP_HWCAP, KERNEL_HWCAP_SVE_EBF16), + HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, SHA3, IMP, CAP_HWCAP, KERNEL_HWCAP_SVESHA3), + HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, SM4, IMP, CAP_HWCAP, KERNEL_HWCAP_SVESM4), + HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, I8MM, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEI8MM), + HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, F32MM, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEF32MM), + HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, F64MM, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEF64MM), #endif #ifdef CONFIG_ARM64_GCS HWCAP_CAP(ID_AA64PFR1_EL1, GCS, IMP, CAP_HWCAP, KERNEL_HWCAP_GCS),

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] arm64: Filter out SVE hwcaps when FEAT_SVE isn't implemented" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 064737920bdbca86df91b96aed256e88018fef3a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021005-riding-underfeed-c095@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 064737920bdbca86df91b96aed256e88018fef3a Mon Sep 17 00:00:00 2001 From: Marc Zyngier <maz(a)kernel.org> Date: Tue, 7 Jan 2025 22:59:41 +0000 Subject: [PATCH] arm64: Filter out SVE hwcaps when FEAT_SVE isn't implemented The hwcaps code that exposes SVE features to userspace only considers ID_AA64ZFR0_EL1, while this is only valid when ID_AA64PFR0_EL1.SVE advertises that SVE is actually supported. The expectations are that when ID_AA64PFR0_EL1.SVE is 0, the ID_AA64ZFR0_EL1 register is also 0. So far, so good. Things become a bit more interesting if the HW implements SME. In this case, a few ID_AA64ZFR0_EL1 fields indicate *SME* features. And these fields overlap with their SVE interpretations. But the architecture says that the SME and SVE feature sets must match, so we're still hunky-dory. This goes wrong if the HW implements SME, but not SVE. In this case, we end-up advertising some SVE features to userspace, even if the HW has none. That's because we never consider whether SVE is actually implemented. Oh well. Fix it by restricting all SVE capabilities to ID_AA64PFR0_EL1.SVE being non-zero. The HWCAPS documentation is amended to reflect the actually checks performed by the kernel. Fixes: 06a916feca2b ("arm64: Expose SVE2 features for userspace") Reported-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Marc Zyngier <maz(a)kernel.org> Signed-off-by: Mark Brown <broonie(a)kernel.org> Cc: Will Deacon <will(a)kernel.org> Cc: Mark Rutland <mark.rutland(a)arm.com> Cc: stable(a)vger.kernel.org Reviewed-by: Mark Brown <broonie(a)kernel.org> Link: https://lore.kernel.org/r/20250107-arm64-2024-dpisa-v5-1-7578da51fc3d@kerne… Signed-off-by: Will Deacon <will(a)kernel.org> diff --git a/Documentation/arch/arm64/elf_hwcaps.rst b/Documentation/arch/arm64/elf_hwcaps.rst index 2ff922a406ad..1a31723e79fd 100644 --- a/Documentation/arch/arm64/elf_hwcaps.rst +++ b/Documentation/arch/arm64/elf_hwcaps.rst @@ -178,22 +178,28 @@ HWCAP2_DCPODP Functionality implied by ID_AA64ISAR1_EL1.DPB == 0b0010. HWCAP2_SVE2 - Functionality implied by ID_AA64ZFR0_EL1.SVEver == 0b0001. + Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and + ID_AA64ZFR0_EL1.SVEver == 0b0001. HWCAP2_SVEAES - Functionality implied by ID_AA64ZFR0_EL1.AES == 0b0001. + Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and + ID_AA64ZFR0_EL1.AES == 0b0001. HWCAP2_SVEPMULL - Functionality implied by ID_AA64ZFR0_EL1.AES == 0b0010. + Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and + ID_AA64ZFR0_EL1.AES == 0b0010. HWCAP2_SVEBITPERM - Functionality implied by ID_AA64ZFR0_EL1.BitPerm == 0b0001. + Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and + ID_AA64ZFR0_EL1.BitPerm == 0b0001. HWCAP2_SVESHA3 - Functionality implied by ID_AA64ZFR0_EL1.SHA3 == 0b0001. + Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and + ID_AA64ZFR0_EL1.SHA3 == 0b0001. HWCAP2_SVESM4 - Functionality implied by ID_AA64ZFR0_EL1.SM4 == 0b0001. + Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and + ID_AA64ZFR0_EL1.SM4 == 0b0001. HWCAP2_FLAGM2 Functionality implied by ID_AA64ISAR0_EL1.TS == 0b0010. @@ -202,16 +208,20 @@ HWCAP2_FRINT Functionality implied by ID_AA64ISAR1_EL1.FRINTTS == 0b0001. HWCAP2_SVEI8MM - Functionality implied by ID_AA64ZFR0_EL1.I8MM == 0b0001. + Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and + ID_AA64ZFR0_EL1.I8MM == 0b0001. HWCAP2_SVEF32MM - Functionality implied by ID_AA64ZFR0_EL1.F32MM == 0b0001. + Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and + ID_AA64ZFR0_EL1.F32MM == 0b0001. HWCAP2_SVEF64MM - Functionality implied by ID_AA64ZFR0_EL1.F64MM == 0b0001. + Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and + ID_AA64ZFR0_EL1.F64MM == 0b0001. HWCAP2_SVEBF16 - Functionality implied by ID_AA64ZFR0_EL1.BF16 == 0b0001. + Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and + ID_AA64ZFR0_EL1.BF16 == 0b0001. HWCAP2_I8MM Functionality implied by ID_AA64ISAR1_EL1.I8MM == 0b0001. @@ -277,7 +287,8 @@ HWCAP2_EBF16 Functionality implied by ID_AA64ISAR1_EL1.BF16 == 0b0010. HWCAP2_SVE_EBF16 - Functionality implied by ID_AA64ZFR0_EL1.BF16 == 0b0010. + Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and + ID_AA64ZFR0_EL1.BF16 == 0b0010. HWCAP2_CSSC Functionality implied by ID_AA64ISAR2_EL1.CSSC == 0b0001. @@ -286,7 +297,8 @@ HWCAP2_RPRFM Functionality implied by ID_AA64ISAR2_EL1.RPRFM == 0b0001. HWCAP2_SVE2P1 - Functionality implied by ID_AA64ZFR0_EL1.SVEver == 0b0010. + Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and + ID_AA64ZFR0_EL1.SVEver == 0b0010. HWCAP2_SME2 Functionality implied by ID_AA64SMFR0_EL1.SMEver == 0b0001. @@ -313,7 +325,8 @@ HWCAP2_HBC Functionality implied by ID_AA64ISAR2_EL1.BC == 0b0001. HWCAP2_SVE_B16B16 - Functionality implied by ID_AA64ZFR0_EL1.B16B16 == 0b0001. + Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and + ID_AA64ZFR0_EL1.B16B16 == 0b0001. HWCAP2_LRCPC3 Functionality implied by ID_AA64ISAR1_EL1.LRCPC == 0b0011. diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c index b105e6683571..678da3ffaef9 100644 --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -3008,6 +3008,13 @@ static const struct arm64_cpu_capabilities arm64_features[] = { .matches = match, \ } +#define HWCAP_CAP_MATCH_ID(match, reg, field, min_value, cap_type, cap) \ + { \ + __HWCAP_CAP(#cap, cap_type, cap) \ + HWCAP_CPUID_MATCH(reg, field, min_value) \ + .matches = match, \ + } + #ifdef CONFIG_ARM64_PTR_AUTH static const struct arm64_cpu_capabilities ptr_auth_hwcap_addr_matches[] = { { @@ -3036,6 +3043,13 @@ static const struct arm64_cpu_capabilities ptr_auth_hwcap_gen_matches[] = { }; #endif +#ifdef CONFIG_ARM64_SVE +static bool has_sve_feature(const struct arm64_cpu_capabilities *cap, int scope) +{ + return system_supports_sve() && has_user_cpuid_feature(cap, scope); +} +#endif + static const struct arm64_cpu_capabilities arm64_elf_hwcaps[] = { HWCAP_CAP(ID_AA64ISAR0_EL1, AES, PMULL, CAP_HWCAP, KERNEL_HWCAP_PMULL), HWCAP_CAP(ID_AA64ISAR0_EL1, AES, AES, CAP_HWCAP, KERNEL_HWCAP_AES), @@ -3078,19 +3092,19 @@ static const struct arm64_cpu_capabilities arm64_elf_hwcaps[] = { HWCAP_CAP(ID_AA64MMFR2_EL1, AT, IMP, CAP_HWCAP, KERNEL_HWCAP_USCAT), #ifdef CONFIG_ARM64_SVE HWCAP_CAP(ID_AA64PFR0_EL1, SVE, IMP, CAP_HWCAP, KERNEL_HWCAP_SVE), - HWCAP_CAP(ID_AA64ZFR0_EL1, SVEver, SVE2p1, CAP_HWCAP, KERNEL_HWCAP_SVE2P1), - HWCAP_CAP(ID_AA64ZFR0_EL1, SVEver, SVE2, CAP_HWCAP, KERNEL_HWCAP_SVE2), - HWCAP_CAP(ID_AA64ZFR0_EL1, AES, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEAES), - HWCAP_CAP(ID_AA64ZFR0_EL1, AES, PMULL128, CAP_HWCAP, KERNEL_HWCAP_SVEPMULL), - HWCAP_CAP(ID_AA64ZFR0_EL1, BitPerm, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEBITPERM), - HWCAP_CAP(ID_AA64ZFR0_EL1, B16B16, IMP, CAP_HWCAP, KERNEL_HWCAP_SVE_B16B16), - HWCAP_CAP(ID_AA64ZFR0_EL1, BF16, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEBF16), - HWCAP_CAP(ID_AA64ZFR0_EL1, BF16, EBF16, CAP_HWCAP, KERNEL_HWCAP_SVE_EBF16), - HWCAP_CAP(ID_AA64ZFR0_EL1, SHA3, IMP, CAP_HWCAP, KERNEL_HWCAP_SVESHA3), - HWCAP_CAP(ID_AA64ZFR0_EL1, SM4, IMP, CAP_HWCAP, KERNEL_HWCAP_SVESM4), - HWCAP_CAP(ID_AA64ZFR0_EL1, I8MM, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEI8MM), - HWCAP_CAP(ID_AA64ZFR0_EL1, F32MM, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEF32MM), - HWCAP_CAP(ID_AA64ZFR0_EL1, F64MM, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEF64MM), + HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, SVEver, SVE2p1, CAP_HWCAP, KERNEL_HWCAP_SVE2P1), + HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, SVEver, SVE2, CAP_HWCAP, KERNEL_HWCAP_SVE2), + HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, AES, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEAES), + HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, AES, PMULL128, CAP_HWCAP, KERNEL_HWCAP_SVEPMULL), + HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, BitPerm, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEBITPERM), + HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, B16B16, IMP, CAP_HWCAP, KERNEL_HWCAP_SVE_B16B16), + HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, BF16, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEBF16), + HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, BF16, EBF16, CAP_HWCAP, KERNEL_HWCAP_SVE_EBF16), + HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, SHA3, IMP, CAP_HWCAP, KERNEL_HWCAP_SVESHA3), + HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, SM4, IMP, CAP_HWCAP, KERNEL_HWCAP_SVESM4), + HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, I8MM, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEI8MM), + HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, F32MM, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEF32MM), + HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, F64MM, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEF64MM), #endif #ifdef CONFIG_ARM64_GCS HWCAP_CAP(ID_AA64PFR1_EL1, GCS, IMP, CAP_HWCAP, KERNEL_HWCAP_GCS),

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] spi: atmel-qspi: Memory barriers after memory-mapped I/O" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x be92ab2de0ee1a13291c3b47b2d7eb24d80c0a2c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021005-grain-faucet-6a4d@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From be92ab2de0ee1a13291c3b47b2d7eb24d80c0a2c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Cs=C3=B3k=C3=A1s?= <csokas.bence(a)prolan.hu> Date: Thu, 19 Dec 2024 10:12:58 +0100 Subject: [PATCH] spi: atmel-qspi: Memory barriers after memory-mapped I/O MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The QSPI peripheral control and status registers are accessible via the SoC's APB bus, whereas MMIO transactions' data travels on the AHB bus. Microchip documentation and even sample code from Atmel emphasises the need for a memory barrier before the first MMIO transaction to the AHB-connected QSPI, and before the last write to its registers via APB. This is achieved by the following lines in `atmel_qspi_transfer()`: /* Dummy read of QSPI_IFR to synchronize APB and AHB accesses */ (void)atmel_qspi_read(aq, QSPI_IFR); However, the current documentation makes no mention to synchronization requirements in the other direction, i.e. after the last data written via AHB, and before the first register access on APB. In our case, we were facing an issue where the QSPI peripheral would cease to send any new CSR (nCS Rise) interrupts, leading to a timeout in `atmel_qspi_wait_for_completion()` and ultimately this panic in higher levels: ubi0 error: ubi_io_write: error -110 while writing 63108 bytes to PEB 491:128, written 63104 bytes After months of extensive research of the codebase, fiddling around the debugger with kgdb, and back-and-forth with Microchip, we came to the conclusion that the issue is probably that the peripheral is still busy receiving on AHB when the LASTXFER bit is written to its Control Register on APB, therefore this write gets lost, and the peripheral still thinks there is more data to come in the MMIO transfer. This was first formulated when we noticed that doubling the write() of QSPI_CR_LASTXFER seemed to solve the problem. Ultimately, the solution is to introduce memory barriers after the AHB-mapped MMIO transfers, to ensure ordering. Fixes: d5433def3153 ("mtd: spi-nor: atmel-quadspi: Add spi-mem support to atmel-quadspi") Cc: Hari.PrasathGE(a)microchip.com Cc: Mahesh.Abotula(a)microchip.com Cc: Marco.Cardellini(a)microchip.com Cc: stable(a)vger.kernel.org # c0a0203cf579: ("spi: atmel-quadspi: Create `atmel_qspi_ops`"...) Cc: stable(a)vger.kernel.org # 6.x.y Signed-off-by: Bence Csókás <csokas.bence(a)prolan.hu> Link: https://patch.msgid.link/20241219091258.395187-1-csokas.bence@prolan.hu Signed-off-by: Mark Brown <broonie(a)kernel.org> diff --git a/drivers/spi/atmel-quadspi.c b/drivers/spi/atmel-quadspi.c index f46da363574f..8fdc9d27a95e 100644 --- a/drivers/spi/atmel-quadspi.c +++ b/drivers/spi/atmel-quadspi.c @@ -661,13 +661,20 @@ static int atmel_qspi_transfer(struct spi_mem *mem, (void)atmel_qspi_read(aq, QSPI_IFR); /* Send/Receive data */ - if (op->data.dir == SPI_MEM_DATA_IN) + if (op->data.dir == SPI_MEM_DATA_IN) { memcpy_fromio(op->data.buf.in, aq->mem + offset, op->data.nbytes); - else + + /* Synchronize AHB and APB accesses again */ + rmb(); + } else { memcpy_toio(aq->mem + offset, op->data.buf.out, op->data.nbytes); + /* Synchronize AHB and APB accesses again */ + wmb(); + } + /* Release the chip-select */ atmel_qspi_write(QSPI_CR_LASTXFER, aq, QSPI_CR);

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] spi: atmel-qspi: Memory barriers after memory-mapped I/O" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x be92ab2de0ee1a13291c3b47b2d7eb24d80c0a2c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021004-crank-detonate-a1d2@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From be92ab2de0ee1a13291c3b47b2d7eb24d80c0a2c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Cs=C3=B3k=C3=A1s?= <csokas.bence(a)prolan.hu> Date: Thu, 19 Dec 2024 10:12:58 +0100 Subject: [PATCH] spi: atmel-qspi: Memory barriers after memory-mapped I/O MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The QSPI peripheral control and status registers are accessible via the SoC's APB bus, whereas MMIO transactions' data travels on the AHB bus. Microchip documentation and even sample code from Atmel emphasises the need for a memory barrier before the first MMIO transaction to the AHB-connected QSPI, and before the last write to its registers via APB. This is achieved by the following lines in `atmel_qspi_transfer()`: /* Dummy read of QSPI_IFR to synchronize APB and AHB accesses */ (void)atmel_qspi_read(aq, QSPI_IFR); However, the current documentation makes no mention to synchronization requirements in the other direction, i.e. after the last data written via AHB, and before the first register access on APB. In our case, we were facing an issue where the QSPI peripheral would cease to send any new CSR (nCS Rise) interrupts, leading to a timeout in `atmel_qspi_wait_for_completion()` and ultimately this panic in higher levels: ubi0 error: ubi_io_write: error -110 while writing 63108 bytes to PEB 491:128, written 63104 bytes After months of extensive research of the codebase, fiddling around the debugger with kgdb, and back-and-forth with Microchip, we came to the conclusion that the issue is probably that the peripheral is still busy receiving on AHB when the LASTXFER bit is written to its Control Register on APB, therefore this write gets lost, and the peripheral still thinks there is more data to come in the MMIO transfer. This was first formulated when we noticed that doubling the write() of QSPI_CR_LASTXFER seemed to solve the problem. Ultimately, the solution is to introduce memory barriers after the AHB-mapped MMIO transfers, to ensure ordering. Fixes: d5433def3153 ("mtd: spi-nor: atmel-quadspi: Add spi-mem support to atmel-quadspi") Cc: Hari.PrasathGE(a)microchip.com Cc: Mahesh.Abotula(a)microchip.com Cc: Marco.Cardellini(a)microchip.com Cc: stable(a)vger.kernel.org # c0a0203cf579: ("spi: atmel-quadspi: Create `atmel_qspi_ops`"...) Cc: stable(a)vger.kernel.org # 6.x.y Signed-off-by: Bence Csókás <csokas.bence(a)prolan.hu> Link: https://patch.msgid.link/20241219091258.395187-1-csokas.bence@prolan.hu Signed-off-by: Mark Brown <broonie(a)kernel.org> diff --git a/drivers/spi/atmel-quadspi.c b/drivers/spi/atmel-quadspi.c index f46da363574f..8fdc9d27a95e 100644 --- a/drivers/spi/atmel-quadspi.c +++ b/drivers/spi/atmel-quadspi.c @@ -661,13 +661,20 @@ static int atmel_qspi_transfer(struct spi_mem *mem, (void)atmel_qspi_read(aq, QSPI_IFR); /* Send/Receive data */ - if (op->data.dir == SPI_MEM_DATA_IN) + if (op->data.dir == SPI_MEM_DATA_IN) { memcpy_fromio(op->data.buf.in, aq->mem + offset, op->data.nbytes); - else + + /* Synchronize AHB and APB accesses again */ + rmb(); + } else { memcpy_toio(aq->mem + offset, op->data.buf.out, op->data.nbytes); + /* Synchronize AHB and APB accesses again */ + wmb(); + } + /* Release the chip-select */ atmel_qspi_write(QSPI_CR_LASTXFER, aq, QSPI_CR);

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] spi: atmel-qspi: Memory barriers after memory-mapped I/O" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x be92ab2de0ee1a13291c3b47b2d7eb24d80c0a2c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021003-crewmate-marxism-a03e@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From be92ab2de0ee1a13291c3b47b2d7eb24d80c0a2c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Cs=C3=B3k=C3=A1s?= <csokas.bence(a)prolan.hu> Date: Thu, 19 Dec 2024 10:12:58 +0100 Subject: [PATCH] spi: atmel-qspi: Memory barriers after memory-mapped I/O MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The QSPI peripheral control and status registers are accessible via the SoC's APB bus, whereas MMIO transactions' data travels on the AHB bus. Microchip documentation and even sample code from Atmel emphasises the need for a memory barrier before the first MMIO transaction to the AHB-connected QSPI, and before the last write to its registers via APB. This is achieved by the following lines in `atmel_qspi_transfer()`: /* Dummy read of QSPI_IFR to synchronize APB and AHB accesses */ (void)atmel_qspi_read(aq, QSPI_IFR); However, the current documentation makes no mention to synchronization requirements in the other direction, i.e. after the last data written via AHB, and before the first register access on APB. In our case, we were facing an issue where the QSPI peripheral would cease to send any new CSR (nCS Rise) interrupts, leading to a timeout in `atmel_qspi_wait_for_completion()` and ultimately this panic in higher levels: ubi0 error: ubi_io_write: error -110 while writing 63108 bytes to PEB 491:128, written 63104 bytes After months of extensive research of the codebase, fiddling around the debugger with kgdb, and back-and-forth with Microchip, we came to the conclusion that the issue is probably that the peripheral is still busy receiving on AHB when the LASTXFER bit is written to its Control Register on APB, therefore this write gets lost, and the peripheral still thinks there is more data to come in the MMIO transfer. This was first formulated when we noticed that doubling the write() of QSPI_CR_LASTXFER seemed to solve the problem. Ultimately, the solution is to introduce memory barriers after the AHB-mapped MMIO transfers, to ensure ordering. Fixes: d5433def3153 ("mtd: spi-nor: atmel-quadspi: Add spi-mem support to atmel-quadspi") Cc: Hari.PrasathGE(a)microchip.com Cc: Mahesh.Abotula(a)microchip.com Cc: Marco.Cardellini(a)microchip.com Cc: stable(a)vger.kernel.org # c0a0203cf579: ("spi: atmel-quadspi: Create `atmel_qspi_ops`"...) Cc: stable(a)vger.kernel.org # 6.x.y Signed-off-by: Bence Csókás <csokas.bence(a)prolan.hu> Link: https://patch.msgid.link/20241219091258.395187-1-csokas.bence@prolan.hu Signed-off-by: Mark Brown <broonie(a)kernel.org> diff --git a/drivers/spi/atmel-quadspi.c b/drivers/spi/atmel-quadspi.c index f46da363574f..8fdc9d27a95e 100644 --- a/drivers/spi/atmel-quadspi.c +++ b/drivers/spi/atmel-quadspi.c @@ -661,13 +661,20 @@ static int atmel_qspi_transfer(struct spi_mem *mem, (void)atmel_qspi_read(aq, QSPI_IFR); /* Send/Receive data */ - if (op->data.dir == SPI_MEM_DATA_IN) + if (op->data.dir == SPI_MEM_DATA_IN) { memcpy_fromio(op->data.buf.in, aq->mem + offset, op->data.nbytes); - else + + /* Synchronize AHB and APB accesses again */ + rmb(); + } else { memcpy_toio(aq->mem + offset, op->data.buf.out, op->data.nbytes); + /* Synchronize AHB and APB accesses again */ + wmb(); + } + /* Release the chip-select */ atmel_qspi_write(QSPI_CR_LASTXFER, aq, QSPI_CR);

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] spi: atmel-qspi: Memory barriers after memory-mapped I/O" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x be92ab2de0ee1a13291c3b47b2d7eb24d80c0a2c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021002-capitol-dribble-d5f7@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From be92ab2de0ee1a13291c3b47b2d7eb24d80c0a2c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Cs=C3=B3k=C3=A1s?= <csokas.bence(a)prolan.hu> Date: Thu, 19 Dec 2024 10:12:58 +0100 Subject: [PATCH] spi: atmel-qspi: Memory barriers after memory-mapped I/O MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The QSPI peripheral control and status registers are accessible via the SoC's APB bus, whereas MMIO transactions' data travels on the AHB bus. Microchip documentation and even sample code from Atmel emphasises the need for a memory barrier before the first MMIO transaction to the AHB-connected QSPI, and before the last write to its registers via APB. This is achieved by the following lines in `atmel_qspi_transfer()`: /* Dummy read of QSPI_IFR to synchronize APB and AHB accesses */ (void)atmel_qspi_read(aq, QSPI_IFR); However, the current documentation makes no mention to synchronization requirements in the other direction, i.e. after the last data written via AHB, and before the first register access on APB. In our case, we were facing an issue where the QSPI peripheral would cease to send any new CSR (nCS Rise) interrupts, leading to a timeout in `atmel_qspi_wait_for_completion()` and ultimately this panic in higher levels: ubi0 error: ubi_io_write: error -110 while writing 63108 bytes to PEB 491:128, written 63104 bytes After months of extensive research of the codebase, fiddling around the debugger with kgdb, and back-and-forth with Microchip, we came to the conclusion that the issue is probably that the peripheral is still busy receiving on AHB when the LASTXFER bit is written to its Control Register on APB, therefore this write gets lost, and the peripheral still thinks there is more data to come in the MMIO transfer. This was first formulated when we noticed that doubling the write() of QSPI_CR_LASTXFER seemed to solve the problem. Ultimately, the solution is to introduce memory barriers after the AHB-mapped MMIO transfers, to ensure ordering. Fixes: d5433def3153 ("mtd: spi-nor: atmel-quadspi: Add spi-mem support to atmel-quadspi") Cc: Hari.PrasathGE(a)microchip.com Cc: Mahesh.Abotula(a)microchip.com Cc: Marco.Cardellini(a)microchip.com Cc: stable(a)vger.kernel.org # c0a0203cf579: ("spi: atmel-quadspi: Create `atmel_qspi_ops`"...) Cc: stable(a)vger.kernel.org # 6.x.y Signed-off-by: Bence Csókás <csokas.bence(a)prolan.hu> Link: https://patch.msgid.link/20241219091258.395187-1-csokas.bence@prolan.hu Signed-off-by: Mark Brown <broonie(a)kernel.org> diff --git a/drivers/spi/atmel-quadspi.c b/drivers/spi/atmel-quadspi.c index f46da363574f..8fdc9d27a95e 100644 --- a/drivers/spi/atmel-quadspi.c +++ b/drivers/spi/atmel-quadspi.c @@ -661,13 +661,20 @@ static int atmel_qspi_transfer(struct spi_mem *mem, (void)atmel_qspi_read(aq, QSPI_IFR); /* Send/Receive data */ - if (op->data.dir == SPI_MEM_DATA_IN) + if (op->data.dir == SPI_MEM_DATA_IN) { memcpy_fromio(op->data.buf.in, aq->mem + offset, op->data.nbytes); - else + + /* Synchronize AHB and APB accesses again */ + rmb(); + } else { memcpy_toio(aq->mem + offset, op->data.buf.out, op->data.nbytes); + /* Synchronize AHB and APB accesses again */ + wmb(); + } + /* Release the chip-select */ atmel_qspi_write(QSPI_CR_LASTXFER, aq, QSPI_CR);

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] spi: atmel-qspi: Memory barriers after memory-mapped I/O" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x be92ab2de0ee1a13291c3b47b2d7eb24d80c0a2c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021001-swinging-ashes-6c0f@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From be92ab2de0ee1a13291c3b47b2d7eb24d80c0a2c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Cs=C3=B3k=C3=A1s?= <csokas.bence(a)prolan.hu> Date: Thu, 19 Dec 2024 10:12:58 +0100 Subject: [PATCH] spi: atmel-qspi: Memory barriers after memory-mapped I/O MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The QSPI peripheral control and status registers are accessible via the SoC's APB bus, whereas MMIO transactions' data travels on the AHB bus. Microchip documentation and even sample code from Atmel emphasises the need for a memory barrier before the first MMIO transaction to the AHB-connected QSPI, and before the last write to its registers via APB. This is achieved by the following lines in `atmel_qspi_transfer()`: /* Dummy read of QSPI_IFR to synchronize APB and AHB accesses */ (void)atmel_qspi_read(aq, QSPI_IFR); However, the current documentation makes no mention to synchronization requirements in the other direction, i.e. after the last data written via AHB, and before the first register access on APB. In our case, we were facing an issue where the QSPI peripheral would cease to send any new CSR (nCS Rise) interrupts, leading to a timeout in `atmel_qspi_wait_for_completion()` and ultimately this panic in higher levels: ubi0 error: ubi_io_write: error -110 while writing 63108 bytes to PEB 491:128, written 63104 bytes After months of extensive research of the codebase, fiddling around the debugger with kgdb, and back-and-forth with Microchip, we came to the conclusion that the issue is probably that the peripheral is still busy receiving on AHB when the LASTXFER bit is written to its Control Register on APB, therefore this write gets lost, and the peripheral still thinks there is more data to come in the MMIO transfer. This was first formulated when we noticed that doubling the write() of QSPI_CR_LASTXFER seemed to solve the problem. Ultimately, the solution is to introduce memory barriers after the AHB-mapped MMIO transfers, to ensure ordering. Fixes: d5433def3153 ("mtd: spi-nor: atmel-quadspi: Add spi-mem support to atmel-quadspi") Cc: Hari.PrasathGE(a)microchip.com Cc: Mahesh.Abotula(a)microchip.com Cc: Marco.Cardellini(a)microchip.com Cc: stable(a)vger.kernel.org # c0a0203cf579: ("spi: atmel-quadspi: Create `atmel_qspi_ops`"...) Cc: stable(a)vger.kernel.org # 6.x.y Signed-off-by: Bence Csókás <csokas.bence(a)prolan.hu> Link: https://patch.msgid.link/20241219091258.395187-1-csokas.bence@prolan.hu Signed-off-by: Mark Brown <broonie(a)kernel.org> diff --git a/drivers/spi/atmel-quadspi.c b/drivers/spi/atmel-quadspi.c index f46da363574f..8fdc9d27a95e 100644 --- a/drivers/spi/atmel-quadspi.c +++ b/drivers/spi/atmel-quadspi.c @@ -661,13 +661,20 @@ static int atmel_qspi_transfer(struct spi_mem *mem, (void)atmel_qspi_read(aq, QSPI_IFR); /* Send/Receive data */ - if (op->data.dir == SPI_MEM_DATA_IN) + if (op->data.dir == SPI_MEM_DATA_IN) { memcpy_fromio(op->data.buf.in, aq->mem + offset, op->data.nbytes); - else + + /* Synchronize AHB and APB accesses again */ + rmb(); + } else { memcpy_toio(aq->mem + offset, op->data.buf.out, op->data.nbytes); + /* Synchronize AHB and APB accesses again */ + wmb(); + } + /* Release the chip-select */ atmel_qspi_write(QSPI_CR_LASTXFER, aq, QSPI_CR);

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] spi: atmel-qspi: Memory barriers after memory-mapped I/O" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x be92ab2de0ee1a13291c3b47b2d7eb24d80c0a2c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021000-onslaught-gumming-8c6b@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From be92ab2de0ee1a13291c3b47b2d7eb24d80c0a2c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Cs=C3=B3k=C3=A1s?= <csokas.bence(a)prolan.hu> Date: Thu, 19 Dec 2024 10:12:58 +0100 Subject: [PATCH] spi: atmel-qspi: Memory barriers after memory-mapped I/O MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The QSPI peripheral control and status registers are accessible via the SoC's APB bus, whereas MMIO transactions' data travels on the AHB bus. Microchip documentation and even sample code from Atmel emphasises the need for a memory barrier before the first MMIO transaction to the AHB-connected QSPI, and before the last write to its registers via APB. This is achieved by the following lines in `atmel_qspi_transfer()`: /* Dummy read of QSPI_IFR to synchronize APB and AHB accesses */ (void)atmel_qspi_read(aq, QSPI_IFR); However, the current documentation makes no mention to synchronization requirements in the other direction, i.e. after the last data written via AHB, and before the first register access on APB. In our case, we were facing an issue where the QSPI peripheral would cease to send any new CSR (nCS Rise) interrupts, leading to a timeout in `atmel_qspi_wait_for_completion()` and ultimately this panic in higher levels: ubi0 error: ubi_io_write: error -110 while writing 63108 bytes to PEB 491:128, written 63104 bytes After months of extensive research of the codebase, fiddling around the debugger with kgdb, and back-and-forth with Microchip, we came to the conclusion that the issue is probably that the peripheral is still busy receiving on AHB when the LASTXFER bit is written to its Control Register on APB, therefore this write gets lost, and the peripheral still thinks there is more data to come in the MMIO transfer. This was first formulated when we noticed that doubling the write() of QSPI_CR_LASTXFER seemed to solve the problem. Ultimately, the solution is to introduce memory barriers after the AHB-mapped MMIO transfers, to ensure ordering. Fixes: d5433def3153 ("mtd: spi-nor: atmel-quadspi: Add spi-mem support to atmel-quadspi") Cc: Hari.PrasathGE(a)microchip.com Cc: Mahesh.Abotula(a)microchip.com Cc: Marco.Cardellini(a)microchip.com Cc: stable(a)vger.kernel.org # c0a0203cf579: ("spi: atmel-quadspi: Create `atmel_qspi_ops`"...) Cc: stable(a)vger.kernel.org # 6.x.y Signed-off-by: Bence Csókás <csokas.bence(a)prolan.hu> Link: https://patch.msgid.link/20241219091258.395187-1-csokas.bence@prolan.hu Signed-off-by: Mark Brown <broonie(a)kernel.org> diff --git a/drivers/spi/atmel-quadspi.c b/drivers/spi/atmel-quadspi.c index f46da363574f..8fdc9d27a95e 100644 --- a/drivers/spi/atmel-quadspi.c +++ b/drivers/spi/atmel-quadspi.c @@ -661,13 +661,20 @@ static int atmel_qspi_transfer(struct spi_mem *mem, (void)atmel_qspi_read(aq, QSPI_IFR); /* Send/Receive data */ - if (op->data.dir == SPI_MEM_DATA_IN) + if (op->data.dir == SPI_MEM_DATA_IN) { memcpy_fromio(op->data.buf.in, aq->mem + offset, op->data.nbytes); - else + + /* Synchronize AHB and APB accesses again */ + rmb(); + } else { memcpy_toio(aq->mem + offset, op->data.buf.out, op->data.nbytes); + /* Synchronize AHB and APB accesses again */ + wmb(); + } + /* Release the chip-select */ atmel_qspi_write(QSPI_CR_LASTXFER, aq, QSPI_CR);

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] cpufreq: fix using cpufreq-dt as module" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x f1f010c9d9c62c865d9f54e94075800ba764b4d9 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021010-liquefy-pointer-8122@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f1f010c9d9c62c865d9f54e94075800ba764b4d9 Mon Sep 17 00:00:00 2001 From: Andreas Kemnade <andreas(a)kemnade.info> Date: Sun, 3 Nov 2024 22:02:51 +0100 Subject: [PATCH] cpufreq: fix using cpufreq-dt as module This driver can be built as a module since commit 3b062a086984 ("cpufreq: dt-platdev: Support building as module"), but unfortunately this caused a regression because the cputfreq-dt-platdev.ko module does not autoload. Usually, this is solved by just using the MODULE_DEVICE_TABLE() macro to export all the device IDs as module aliases. But this driver is special due how matches with devices and decides what platform supports. There are two of_device_id lists, an allow list that are for CPU devices that always match and a deny list that's for devices that must not match. The driver registers a cpufreq-dt platform device for all the CPU device nodes that either are in the allow list or contain an operating-points-v2 property and are not in the deny list. Enforce builtin compile of cpufreq-dt-platdev to make autoload work. Fixes: 3b062a086984 ("cpufreq: dt-platdev: Support building as module") Link: https://lore.kernel.org/all/20241104201424.2a42efdd@akair/ Link: https://lore.kernel.org/all/20241119111918.1732531-1-javierm@redhat.com/ Cc: stable(a)vger.kernel.org Signed-off-by: Andreas Kemnade <andreas(a)kemnade.info> Reported-by: Radu Rendec <rrendec(a)redhat.com> Reported-by: Javier Martinez Canillas <javierm(a)redhat.com> [ Viresh: Picked commit log from Javier, updated tags ] Signed-off-by: Viresh Kumar <viresh.kumar(a)linaro.org> diff --git a/drivers/cpufreq/Kconfig b/drivers/cpufreq/Kconfig index 92a83a9bb2e1..ea9afdc119fb 100644 --- a/drivers/cpufreq/Kconfig +++ b/drivers/cpufreq/Kconfig @@ -232,7 +232,7 @@ config CPUFREQ_VIRT If in doubt, say N. config CPUFREQ_DT_PLATDEV - tristate "Generic DT based cpufreq platdev driver" + bool "Generic DT based cpufreq platdev driver" depends on OF help This adds a generic DT based cpufreq platdev driver for frequency diff --git a/drivers/cpufreq/cpufreq-dt-platdev.c b/drivers/cpufreq/cpufreq-dt-platdev.c index 2a3e8bd317c9..9c198bd4f7e9 100644 --- a/drivers/cpufreq/cpufreq-dt-platdev.c +++ b/drivers/cpufreq/cpufreq-dt-platdev.c @@ -235,5 +235,3 @@ static int __init cpufreq_dt_platdev_init(void) sizeof(struct cpufreq_dt_platform_data))); } core_initcall(cpufreq_dt_platdev_init); -MODULE_DESCRIPTION("Generic DT based cpufreq platdev driver"); -MODULE_LICENSE("GPL");

4 months, 1 week

1
0
0 0

[PATCH v4 0/2] Tegra ADMA fixes

by Mohan Kumar D

- Fix build error due to 64-by-32 division - Additional check for adma max page Mohan Kumar D (2): dmaengine: tegra210-adma: Fix build error due to 64-by-32 division dmaengine: tegra210-adma: check for adma max page drivers/dma/tegra210-adma.c | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) -- 2.25.1

4 months, 1 week

4
13
0 0

[PATCH] USB: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk

by Marek Vasut

Add Renesas R-Car D3 USB Download mode quirk and update comments on all the other Renesas R-Car USB Download mode quirks to discern them from each other. This follows R-Car Series, 3rd Generation reference manual Rev.2.00 chapter 19.2.8 USB download mode . Fixes: 6d853c9e4104 ("usb: cdc-acm: Add DISABLE_ECHO for Renesas USB Download mode") Signed-off-by: Marek Vasut <marek.vasut+renesas(a)mailbox.org> --- Cc: Chris Brandt <chris.brandt(a)renesas.com> Cc: Geert Uytterhoeven <geert+renesas(a)glider.be> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: Oliver Neukum <oneukum(a)suse.com> Cc: linux-renesas-soc(a)vger.kernel.org Cc: linux-usb(a)vger.kernel.org Cc: stable(a)vger.kernel.org --- drivers/usb/class/cdc-acm.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/drivers/usb/class/cdc-acm.c b/drivers/usb/class/cdc-acm.c index 6b37d1c47fce1..06c7d86c5449e 100644 --- a/drivers/usb/class/cdc-acm.c +++ b/drivers/usb/class/cdc-acm.c @@ -1727,13 +1727,16 @@ static const struct usb_device_id acm_ids[] = { { USB_DEVICE(0x0870, 0x0001), /* Metricom GS Modem */ .driver_info = NO_UNION_NORMAL, /* has no union descriptor */ }, - { USB_DEVICE(0x045b, 0x023c), /* Renesas USB Download mode */ + { USB_DEVICE(0x045b, 0x023c), /* Renesas R-Car H3 USB Download mode */ .driver_info = DISABLE_ECHO, /* Don't echo banner */ }, - { USB_DEVICE(0x045b, 0x0248), /* Renesas USB Download mode */ + { USB_DEVICE(0x045b, 0x0247), /* Renesas R-Car D3 USB Download mode */ .driver_info = DISABLE_ECHO, /* Don't echo banner */ }, - { USB_DEVICE(0x045b, 0x024D), /* Renesas USB Download mode */ + { USB_DEVICE(0x045b, 0x0248), /* Renesas R-Car M3-N USB Download mode */ + .driver_info = DISABLE_ECHO, /* Don't echo banner */ + }, + { USB_DEVICE(0x045b, 0x024D), /* Renesas R-Car E3 USB Download mode */ .driver_info = DISABLE_ECHO, /* Don't echo banner */ }, { USB_DEVICE(0x0e8d, 0x0003), /* FIREFLY, MediaTek Inc; andrey.arapov(a)gmail.com */ -- 2.47.2

4 months, 1 week

4
4
0 0

[PATCH v5.15-v5.4] lib/generic-radix-tree.c: Don't overflow in peek()

by hsimeliere.opensource＠witekio.com

From: Kent Overstreet <kent.overstreet(a)gmail.com> [ Upstream commit 9492261ff2460252cf2d8de89cdf854c7e2b28a0 ] When we started spreading new inode numbers throughout most of the 64 bit inode space, that triggered some corner case bugs, in particular some integer overflows related to the radix tree code. Oops. Signed-off-by: Kent Overstreet <kent.overstreet(a)gmail.com> Signed-off-by: Bruno VERNAY <bruno.vernay(a)se.com> Signed-off-by: Hugo SIMELIERE <hsimeliere.opensource(a)witekio.com> --- include/linux/generic-radix-tree.h | 7 +++++++ lib/generic-radix-tree.c | 17 ++++++++++++++--- 2 files changed, 21 insertions(+), 3 deletions(-) diff --git a/include/linux/generic-radix-tree.h b/include/linux/generic-radix-tree.h index bfd00320c7f3..0e7abc635e5f 100644 --- a/include/linux/generic-radix-tree.h +++ b/include/linux/generic-radix-tree.h @@ -39,6 +39,7 @@ #include <asm/page.h> #include <linux/bug.h> #include <linux/kernel.h> +#include <linux/limits.h> #include <linux/log2.h> struct genradix_root; @@ -183,6 +184,12 @@ void *__genradix_iter_peek(struct genradix_iter *, struct __genradix *, size_t); static inline void __genradix_iter_advance(struct genradix_iter *iter, size_t obj_size) { + if (iter->offset + obj_size < iter->offset) { + iter->offset = SIZE_MAX; + iter->pos = SIZE_MAX; + return; + } + iter->offset += obj_size; if (!is_power_of_2(obj_size) && diff --git a/lib/generic-radix-tree.c b/lib/generic-radix-tree.c index 34d3ac52de89..78f081d695d0 100644 --- a/lib/generic-radix-tree.c +++ b/lib/generic-radix-tree.c @@ -168,6 +168,10 @@ void *__genradix_iter_peek(struct genradix_iter *iter, struct genradix_root *r; struct genradix_node *n; unsigned level, i; + + if (iter->offset == SIZE_MAX) + return NULL; + restart: r = READ_ONCE(radix->root); if (!r) @@ -186,10 +190,17 @@ void *__genradix_iter_peek(struct genradix_iter *iter, (GENRADIX_ARY - 1); while (!n->children[i]) { + size_t objs_per_ptr = genradix_depth_size(level); + + if (iter->offset + objs_per_ptr < iter->offset) { + iter->offset = SIZE_MAX; + iter->pos = SIZE_MAX; + return NULL; + } + i++; - iter->offset = round_down(iter->offset + - genradix_depth_size(level), - genradix_depth_size(level)); + iter->offset = round_down(iter->offset + objs_per_ptr, + objs_per_ptr); iter->pos = (iter->offset >> PAGE_SHIFT) * objs_per_page; if (i == GENRADIX_ARY) -- 2.43.0

4 months, 1 week

2
3
0 0

[PATCH] fuse: prevent folio use-after-free in readahead

by Vlastimil Babka

There have been crash reports in 6.13+ kernels related to FUSE and Flatpak, such as from Christian: BUG: Bad page state in process rnote pfn:67587 page: refcount:-1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x67587 flags: 0xfffffc8000020(lru|node=0|zone=1|lastcpupid=0x1fffff) raw: 000fffffc8000020 dead000000000100 dead000000000122 0000000000000000 raw: 0000000000000000 0000000000000000 ffffffffffffffff 0000000000000000 page dumped because: PAGE_FLAGS_CHECK_AT_PREP flag(s) set CPU: 0 UID: 1000 PID: 1962 Comm: rnote Not tainted 6.14.0-rc1-1-mainline #1 715c0460cf5d3cc18e3178ef3209cee42e97ae1c Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS unknown 02/02/2022 Call Trace: dump_stack_lvl+0x5d/0x80 bad_page.cold+0x7a/0x91 __rmqueue_pcplist+0x200/0xc50 get_page_from_freelist+0x2ae/0x1740 ? srso_return_thunk+0x5/0x5f ? __pm_runtime_suspend+0x69/0xc0 ? srso_return_thunk+0x5/0x5f ? __seccomp_filter+0x303/0x520 ? srso_return_thunk+0x5/0x5f __alloc_frozen_pages_noprof+0x184/0x330 alloc_pages_mpol+0x7d/0x160 folio_alloc_mpol_noprof+0x14/0x40 vma_alloc_folio_noprof+0x69/0xb0 do_anonymous_page+0x32a/0x8b0 ? srso_return_thunk+0x5/0x5f ? ___pte_offset_map+0x1b/0x180 __handle_mm_fault+0xb5e/0xfe0 handle_mm_fault+0xe2/0x2c0 do_user_addr_fault+0x217/0x620 exc_page_fault+0x81/0x1b0 asm_exc_page_fault+0x26/0x30 RIP: 0033:0x7fcfc31c8cf9 Or Mantas: list_add corruption. next->prev should be prev (ffff889c8f5bd5f0), but was ffff889940066a10. (next=ffffe3ce8b683548). WARNING: CPU: 3 PID: 2184 at lib/list_debug.c:29 __list_add_valid_or_report+0x62/0xb0 spi_intel_pci soundcore nvme_core spi_intel rfkill rtsx_pci nvme_auth cec i8042 video serio wmi CPU: 3 UID: 1000 PID: 2184 Comm: fuse mainloop Tainted: G U OE 6.13.1-arch1-1 #1 c1258adae10e6ad423427764ae6ad3679b7d8e8a Tainted: [U]=USER, [O]=OOT_MODULE, [E]=UNSIGNED_MODULE Hardware name: LENOVO 20S6003QPB/20S6003QPB, BIOS N2XET42W (1.32 ) 06/12/2024 RIP: 0010:__list_add_valid_or_report+0x62/0xb0 Call Trace: <TASK> ? __list_add_valid_or_report+0x62/0xb0 ? __warn.cold+0x93/0xf6 ? __list_add_valid_or_report+0x62/0xb0 ? report_bug+0xff/0x140 ? handle_bug+0x58/0x90 ? exc_invalid_op+0x17/0x70 ? asm_exc_invalid_op+0x1a/0x20 ? __list_add_valid_or_report+0x62/0xb0 free_unref_page_commit.cold+0x9/0x12 free_unref_page+0x46e/0x570 fuse_copy_page+0x37e/0x6c0 fuse_copy_args+0x186/0x210 fuse_dev_do_write+0x796/0x12a0 fuse_dev_splice_write+0x29d/0x380 do_splice+0x308/0x890 __do_splice+0x204/0x220 __x64_sys_splice+0x84/0xf0 do_syscall_64+0x82/0x190 entry_SYSCALL_64_after_hwframe+0x76/0x7e RIP: 0033:0x77e0dde36e56 Christian bisected the issue to 3eab9d7bc2f4 ("fuse: convert readahead to use folios"). The bug reports suggest a refcount underflow on struct page due to a use after free or double free. The bisected commit switches fuse_readahead() to readahead_folio() which includes a folio_put() and removes folio_put() from fuse_readpages_end(). As a result folios on the ap->folios (previously ap->pages) don't have an elevated refcount. According to Matthew the folio lock should protect them from being freed prematurely. It's unclear why not, but before this is fully resolved we can stop the kernels from crashing by having the refcount relevated again. Thus switch to __readahead_folio() that does not drop the refcount, and reinstate folio_put() in fuse_readpages_end(). Fixes: 3eab9d7bc2f4 ("fuse: convert readahead to use folios") Reported-by: Christian Heusel <christian(a)heusel.eu> Closes: https://lore.kernel.org/all/2f681f48-00f5-4e09-8431-2b3dbfaa881e@heusel.eu/ Closes: https://gitlab.archlinux.org/archlinux/packaging/packages/linux/-/issues/110 Reported-by: Mantas Mikulėnas <grawity(a)gmail.com> Closes: https://lore.kernel.org/all/34feb867-09e2-46e4-aa31-d9660a806d1a@gmail.com/ Closes: https://bugzilla.opensuse.org/show_bug.cgi?id=1236660 Tested-by: Joanne Koong <joannelkoong(a)gmail.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: Matthew Wilcox <willy(a)infradead.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Vlastimil Babka <vbabka(a)suse.cz> --- Given the impact on users and positive testing feedback, this is the proper patch in case Miklos decides to mainline and stable it before the full picture is known. fs/fuse/file.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/fs/fuse/file.c b/fs/fuse/file.c index 7d92a5479998..a40d65ffb94d 100644 --- a/fs/fuse/file.c +++ b/fs/fuse/file.c @@ -955,8 +955,10 @@ static void fuse_readpages_end(struct fuse_mount *fm, struct fuse_args *args, fuse_invalidate_atime(inode); } - for (i = 0; i < ap->num_folios; i++) + for (i = 0; i < ap->num_folios; i++) { folio_end_read(ap->folios[i], !err); + folio_put(ap->folios[i]); + } if (ia->ff) fuse_file_put(ia->ff, false); @@ -1048,7 +1050,7 @@ static void fuse_readahead(struct readahead_control *rac) ap = &ia->ap; while (ap->num_folios < cur_pages) { - folio = readahead_folio(rac); + folio = __readahead_folio(rac); ap->folios[ap->num_folios] = folio; ap->descs[ap->num_folios].length = folio_size(folio); ap->num_folios++; -- 2.48.1

4 months, 1 week

1
0
0 0

[PATCH] mm/cma: add an API to enable/disable concurrent memory allocation for the CMA

by yangge1116＠126.com

From: yangge <yangge1116(a)126.com> Commit 60a60e32cf91 ("Revert "mm/cma.c: remove redundant cma_mutex lock"") simply reverts to the original method of using the cma_mutex to ensure that alloc_contig_range() runs sequentially. This change was made to avoid concurrency allocation failures. However, it can negatively impact performance when concurrent allocation of CMA memory is required. To address this issue, we could introduce an API for concurrency settings, allowing users to decide whether their CMA can perform concurrent memory allocations or not. Fixes: 60a60e32cf91 ("Revert "mm/cma.c: remove redundant cma_mutex lock"") Signed-off-by: yangge <yangge1116(a)126.com> Cc: <stable(a)vger.kernel.org> --- include/linux/cma.h | 2 ++ mm/cma.c | 22 ++++++++++++++++++++-- mm/cma.h | 1 + 3 files changed, 23 insertions(+), 2 deletions(-) diff --git a/include/linux/cma.h b/include/linux/cma.h index d15b64f..2384624 100644 --- a/include/linux/cma.h +++ b/include/linux/cma.h @@ -53,6 +53,8 @@ extern int cma_for_each_area(int (*it)(struct cma *cma, void *data), void *data) extern void cma_reserve_pages_on_error(struct cma *cma); +extern bool cma_set_concurrency(struct cma *cma, bool concurrency); + #ifdef CONFIG_CMA struct folio *cma_alloc_folio(struct cma *cma, int order, gfp_t gfp); bool cma_free_folio(struct cma *cma, const struct folio *folio); diff --git a/mm/cma.c b/mm/cma.c index de5bc0c..49a7186 100644 --- a/mm/cma.c +++ b/mm/cma.c @@ -460,9 +460,17 @@ static struct page *__cma_alloc(struct cma *cma, unsigned long count, spin_unlock_irq(&cma->lock); pfn = cma->base_pfn + (bitmap_no << cma->order_per_bit); - mutex_lock(&cma_mutex); + + /* + * If the user sets the concurr_alloc of CMA to true, concurrent + * memory allocation is allowed. If the user sets it to false or + * does not set it, concurrent memory allocation is not allowed. + */ + if (!cma->concurr_alloc) + mutex_lock(&cma_mutex); ret = alloc_contig_range(pfn, pfn + count, MIGRATE_CMA, gfp); - mutex_unlock(&cma_mutex); + if (!cma->concurr_alloc) + mutex_unlock(&cma_mutex); if (ret == 0) { page = pfn_to_page(pfn); break; @@ -610,3 +618,13 @@ int cma_for_each_area(int (*it)(struct cma *cma, void *data), void *data) return 0; } + +bool cma_set_concurrency(struct cma *cma, bool concurrency) +{ + if (!cma) + return false; + + cma->concurr_alloc = concurrency; + + return true; +} diff --git a/mm/cma.h b/mm/cma.h index 8485ef8..30f489d 100644 --- a/mm/cma.h +++ b/mm/cma.h @@ -16,6 +16,7 @@ struct cma { unsigned long *bitmap; unsigned int order_per_bit; /* Order of pages represented by one bit */ spinlock_t lock; + bool concurr_alloc; #ifdef CONFIG_CMA_DEBUGFS struct hlist_head mem_head; spinlock_t mem_head_lock; -- 2.7.4

4 months, 1 week

6
8
0 0

[PATCH v3 2/5] misc: pci_endpoint_test: Fix disyplaying irq_type after request_irq error

by Kunihiko Hayashi

There are two variables that indicate the interrupt type to be used in the next test execution, global "irq_type" and test->irq_type. The former is referenced from pci_endpoint_test_get_irq() to preserve the current type for ioctl(PCITEST_GET_IRQTYPE). In pci_endpoint_test_request_irq(), since this global variable is referenced when an error occurs, the unintended error message is displayed. For example, the following message shows "MSI 3" even if the current irq type becomes "MSI-X". # pcitest -i 2 pci-endpoint-test 0000:01:00.0: Failed to request IRQ 30 for MSI 3 SET IRQ TYPE TO MSI-X: NOT OKAY Fix this issue by using test->irq_type instead of global "irq_type". Cc: stable(a)vger.kernel.org Fixes: b2ba9225e031 ("misc: pci_endpoint_test: Avoid using module parameter to determine irqtype") Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> Signed-off-by: Kunihiko Hayashi <hayashi.kunihiko(a)socionext.com> --- drivers/misc/pci_endpoint_test.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/misc/pci_endpoint_test.c b/drivers/misc/pci_endpoint_test.c index bbcccd425700..f13fa32ef91a 100644 --- a/drivers/misc/pci_endpoint_test.c +++ b/drivers/misc/pci_endpoint_test.c @@ -242,7 +242,7 @@ static int pci_endpoint_test_request_irq(struct pci_endpoint_test *test) return 0; fail: - switch (irq_type) { + switch (test->irq_type) { case IRQ_TYPE_INTX: dev_err(dev, "Failed to request IRQ %d for Legacy\n", pci_irq_vector(pdev, i)); -- 2.25.1

4 months, 1 week

1
0
0 0

[PATCH 6.6 v2 0/6] md/md-bitmap: move bitmap_{start, end}write to md upper layer

by Yu Kuai

From: Yu Kuai <yukuai3(a)huawei.com> Changes in v2: - Add descriptions about chagnes from the original commits, in order to fix conflicts. This set is actually a refactor, we're bacporting this set because following problems can be fixed: https://lore.kernel.org/all/CAJpMwyjmHQLvm6zg1cmQErttNNQPDAAXPKM3xgTjMhbfts… https://lore.kernel.org/all/ADF7D720-5764-4AF3-B68E-1845988737AA@flyingcirc… See details in patch 6. I'll suggest people to upgrade their kernel to v6.6+, please let me know if anyone really want this set for lower version. Benjamin Marzinski (1): md/raid5: recheck if reshape has finished with device_lock held Yu Kuai (5): md/md-bitmap: factor behind write counters out from bitmap_{start/end}write() md/md-bitmap: remove the last parameter for bimtap_ops->endwrite() md: add a new callback pers->bitmap_sector() md/raid5: implement pers->bitmap_sector() md/md-bitmap: move bitmap_{start, end}write to md upper layer drivers/md/md-bitmap.c | 75 ++++++++++------- drivers/md/md-bitmap.h | 6 +- drivers/md/md.c | 26 ++++++ drivers/md/md.h | 5 ++ drivers/md/raid1.c | 35 ++------ drivers/md/raid1.h | 1 - drivers/md/raid10.c | 26 +----- drivers/md/raid10.h | 1 - drivers/md/raid5-cache.c | 4 - drivers/md/raid5.c | 174 ++++++++++++++++++++++----------------- drivers/md/raid5.h | 4 - 11 files changed, 185 insertions(+), 172 deletions(-) -- 2.39.2

4 months, 1 week

1
6
0 0

[PATCH v2 1/3] misc: pci_endpoint_test: Avoid issue of interrupts remaining after request_irq error

by Kunihiko Hayashi

After devm_request_irq() fails with error, pci_endpoint_test_free_irq_vectors() is called to free allocated vectors with pci_free_irq_vectors(). However some requested IRQs are still allocated, so there are still /proc/irq/* entries remaining and we encounters WARN() with the following message: remove_proc_entry: removing non-empty directory 'irq/30', leaking at least 'pci-endpoint-test.0' WARNING: CPU: 0 PID: 80 at fs/proc/generic.c:717 remove_proc_entry +0x190/0x19c To solve this issue, set the number of remaining IRQs and release the IRQs in advance by calling pci_endpoint_test_release_irq(). Cc: stable(a)vger.kernel.org Fixes: e03327122e2c ("pci_endpoint_test: Add 2 ioctl commands") Signed-off-by: Kunihiko Hayashi <hayashi.kunihiko(a)socionext.com> --- drivers/misc/pci_endpoint_test.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/misc/pci_endpoint_test.c b/drivers/misc/pci_endpoint_test.c index 3702dcc89ab7..302955c20979 100644 --- a/drivers/misc/pci_endpoint_test.c +++ b/drivers/misc/pci_endpoint_test.c @@ -252,6 +252,9 @@ static bool pci_endpoint_test_request_irq(struct pci_endpoint_test *test) break; } + test->num_irqs = i; + pci_endpoint_test_release_irq(test); + return false; } -- 2.25.1

4 months, 1 week

2
4
0 0

Re: [PATCH] wifi: brcmfmac: cfg80211: Handle SSID based pmksa deletion

by Aditya Garg

Hi wpa_supplicant 2.11 broke Wi-Fi on T2 Macs as well, but this patch doesn't seem to be fixing Wi-Fi. Instead, it's breaking it even on older 2.10 wpa_supplicant. Tested by a user on bcm4364b2 wifi chip with a WPA2-PSK [AES] network. dmesg output: However dmesg outputs more info [ 5.852978] usbcore: registered new interface driver brcmfmac [ 5.853114] brcmfmac 0000:01:00.0: enabling device (0000 -> 0002) [ 5.992212] brcmfmac: brcmf_fw_alloc_request: using brcm/brcmfmac4364b2-pcie for chip BCM4364/3 [ 5.993923] brcmfmac 0000:01:00.0: Direct firmware load for brcm/brcmfmac4364b2-pcie.apple,maui-HRPN-u-7.5-X0.bin failed with error -2 [ 5.993968] brcmfmac 0000:01:00.0: Direct firmware load for brcm/brcmfmac4364b2-pcie.apple,maui-HRPN-u-7.5.bin failed with error -2 [ 5.994004] brcmfmac 0000:01:00.0: Direct firmware load for brcm/brcmfmac4364b2-pcie.apple,maui-HRPN-u.bin failed with error -2 [ 5.994041] brcmfmac 0000:01:00.0: Direct firmware load for brcm/brcmfmac4364b2-pcie.apple,maui-HRPN.bin failed with error -2 [ 5.994076] brcmfmac 0000:01:00.0: Direct firmware load for brcm/brcmfmac4364b2-pcie.apple,maui-X0.bin failed with error -2 [ 6.162830] Bluetooth: hci0: BCM: 'brcm/BCM.hcd' [ 6.796637] brcmfmac: brcmf_c_process_txcap_blob: TxCap blob found, loading [ 6.798396] brcmfmac: brcmf_c_preinit_dcmds: Firmware: BCM4364/3 wl0: Jul 10 2023 12:30:19 version 9.30.503.0.32.5.92 FWID 01-88a8883 [ 6.885876] brcmfmac 0000:01:00.0 wlp1s0: renamed from wlan0 [ 8.195243] ieee80211 phy0: brcmf_p2p_set_firmware: failed to update device address ret -52 [ 8.196584] ieee80211 phy0: brcmf_p2p_create_p2pdev: set p2p_disc error [ 8.196588] ieee80211 phy0: brcmf_cfg80211_add_iface: add iface p2p-dev-wlp1s0 type 10 failed: err=-52

4 months, 1 week

3
7
0 0

[PATCH 6.12.y] mptcp: prevent excessive coalescing on receive

by Matthieu Baerts (NGI0)

From: Paolo Abeni <pabeni(a)redhat.com> commit 56b824eb49d6258aa0bad09a406ceac3f643cdae upstream. Currently the skb size after coalescing is only limited by the skb layout (the skb must not carry frag_list). A single coalesced skb covering several MSS can potentially fill completely the receive buffer. In such a case, the snd win will zero until the receive buffer will be empty again, affecting tput badly. Fixes: 8268ed4c9d19 ("mptcp: introduce and use mptcp_try_coalesce()") Cc: stable(a)vger.kernel.org # please delay 2 weeks after 6.13-final release Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Link: https://patch.msgid.link/20241230-net-mptcp-rbuf-fixes-v1-3-8608af434ceb@ke… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> --- Notes: - We asked to delay the patch. There were no conflicts. --- net/mptcp/protocol.c | 1 + 1 file changed, 1 insertion(+) diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index fac774825aff..42b239d9b2b3 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -136,6 +136,7 @@ static bool mptcp_try_coalesce(struct sock *sk, struct sk_buff *to, int delta; if (MPTCP_SKB_CB(from)->offset || + ((to->len + from->len) > (sk->sk_rcvbuf >> 3)) || !skb_try_coalesce(to, from, &fragstolen, &delta)) return false; -- 2.47.1

4 months, 1 week

1
0
0 0

[PATCH 5.10.y] mptcp: prevent excessive coalescing on receive

by Matthieu Baerts (NGI0)

From: Paolo Abeni <pabeni(a)redhat.com> commit 56b824eb49d6258aa0bad09a406ceac3f643cdae upstream. Currently the skb size after coalescing is only limited by the skb layout (the skb must not carry frag_list). A single coalesced skb covering several MSS can potentially fill completely the receive buffer. In such a case, the snd win will zero until the receive buffer will be empty again, affecting tput badly. Fixes: 8268ed4c9d19 ("mptcp: introduce and use mptcp_try_coalesce()") Cc: stable(a)vger.kernel.org # please delay 2 weeks after 6.13-final release Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Link: https://patch.msgid.link/20241230-net-mptcp-rbuf-fixes-v1-3-8608af434ceb@ke… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> --- Notes: - We asked to delay the patch. There were no conflicts. --- net/mptcp/protocol.c | 1 + 1 file changed, 1 insertion(+) diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index 8558309a2d3f..51b552fa392a 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -125,6 +125,7 @@ static bool mptcp_try_coalesce(struct sock *sk, struct sk_buff *to, int delta; if (MPTCP_SKB_CB(from)->offset || + ((to->len + from->len) > (sk->sk_rcvbuf >> 3)) || !skb_try_coalesce(to, from, &fragstolen, &delta)) return false; -- 2.47.1

4 months, 1 week

1
0
0 0

[PATCH 5.15.y] mptcp: prevent excessive coalescing on receive

by Matthieu Baerts (NGI0)

From: Paolo Abeni <pabeni(a)redhat.com> commit 56b824eb49d6258aa0bad09a406ceac3f643cdae upstream. Currently the skb size after coalescing is only limited by the skb layout (the skb must not carry frag_list). A single coalesced skb covering several MSS can potentially fill completely the receive buffer. In such a case, the snd win will zero until the receive buffer will be empty again, affecting tput badly. Fixes: 8268ed4c9d19 ("mptcp: introduce and use mptcp_try_coalesce()") Cc: stable(a)vger.kernel.org # please delay 2 weeks after 6.13-final release Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Link: https://patch.msgid.link/20241230-net-mptcp-rbuf-fixes-v1-3-8608af434ceb@ke… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> --- Notes: - We asked to delay the patch. There were no conflicts. --- net/mptcp/protocol.c | 1 + 1 file changed, 1 insertion(+) diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index f337dd3323a0..c6a11d6df516 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -133,6 +133,7 @@ static bool mptcp_try_coalesce(struct sock *sk, struct sk_buff *to, int delta; if (MPTCP_SKB_CB(from)->offset || + ((to->len + from->len) > (sk->sk_rcvbuf >> 3)) || !skb_try_coalesce(to, from, &fragstolen, &delta)) return false; -- 2.47.1

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] mptcp: pm: only set fullmesh for subflow endp" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 1bb0d1348546ad059f55c93def34e67cb2a034a6 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025020435-eagle-precision-e8dd@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1bb0d1348546ad059f55c93def34e67cb2a034a6 Mon Sep 17 00:00:00 2001 From: "Matthieu Baerts (NGI0)" <matttbe(a)kernel.org> Date: Thu, 23 Jan 2025 19:05:55 +0100 Subject: [PATCH] mptcp: pm: only set fullmesh for subflow endp With the in-kernel path-manager, it is possible to change the 'fullmesh' flag. The code in mptcp_pm_nl_fullmesh() expects to change it only on 'subflow' endpoints, to recreate more or less subflows using the linked address. Unfortunately, the set_flags() hook was a bit more permissive, and allowed 'implicit' endpoints to get the 'fullmesh' flag while it is not allowed before. That's what syzbot found, triggering the following warning: WARNING: CPU: 0 PID: 6499 at net/mptcp/pm_netlink.c:1496 __mark_subflow_endp_available net/mptcp/pm_netlink.c:1496 [inline] WARNING: CPU: 0 PID: 6499 at net/mptcp/pm_netlink.c:1496 mptcp_pm_nl_fullmesh net/mptcp/pm_netlink.c:1980 [inline] WARNING: CPU: 0 PID: 6499 at net/mptcp/pm_netlink.c:1496 mptcp_nl_set_flags net/mptcp/pm_netlink.c:2003 [inline] WARNING: CPU: 0 PID: 6499 at net/mptcp/pm_netlink.c:1496 mptcp_pm_nl_set_flags+0x974/0xdc0 net/mptcp/pm_netlink.c:2064 Modules linked in: CPU: 0 UID: 0 PID: 6499 Comm: syz.1.413 Not tainted 6.13.0-rc5-syzkaller-00172-gd1bf27c4e176 #0 Hardware name: Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 RIP: 0010:__mark_subflow_endp_available net/mptcp/pm_netlink.c:1496 [inline] RIP: 0010:mptcp_pm_nl_fullmesh net/mptcp/pm_netlink.c:1980 [inline] RIP: 0010:mptcp_nl_set_flags net/mptcp/pm_netlink.c:2003 [inline] RIP: 0010:mptcp_pm_nl_set_flags+0x974/0xdc0 net/mptcp/pm_netlink.c:2064 Code: 01 00 00 49 89 c5 e8 fb 45 e8 f5 e9 b8 fc ff ff e8 f1 45 e8 f5 4c 89 f7 be 03 00 00 00 e8 44 1d 0b f9 eb a0 e8 dd 45 e8 f5 90 <0f> 0b 90 e9 17 ff ff ff 89 d9 80 e1 07 38 c1 0f 8c c9 fc ff ff 48 RSP: 0018:ffffc9000d307240 EFLAGS: 00010293 RAX: ffffffff8bb72e03 RBX: 0000000000000000 RCX: ffff88807da88000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffffc9000d307430 R08: ffffffff8bb72cf0 R09: 1ffff1100b842a5e R10: dffffc0000000000 R11: ffffed100b842a5f R12: ffff88801e2e5ac0 R13: ffff88805c214800 R14: ffff88805c2152e8 R15: 1ffff1100b842a5d FS: 00005555619f6500(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020002840 CR3: 00000000247e6000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> genl_family_rcv_msg_doit net/netlink/genetlink.c:1115 [inline] genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline] genl_rcv_msg+0xb14/0xec0 net/netlink/genetlink.c:1210 netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2542 genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219 netlink_unicast_kernel net/netlink/af_netlink.c:1321 [inline] netlink_unicast+0x7f6/0x990 net/netlink/af_netlink.c:1347 netlink_sendmsg+0x8e4/0xcb0 net/netlink/af_netlink.c:1891 sock_sendmsg_nosec net/socket.c:711 [inline] __sock_sendmsg+0x221/0x270 net/socket.c:726 ____sys_sendmsg+0x52a/0x7e0 net/socket.c:2583 ___sys_sendmsg net/socket.c:2637 [inline] __sys_sendmsg+0x269/0x350 net/socket.c:2669 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f5fe8785d29 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fff571f5558 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007f5fe8975fa0 RCX: 00007f5fe8785d29 RDX: 0000000000000000 RSI: 0000000020000480 RDI: 0000000000000007 RBP: 00007f5fe8801b08 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007f5fe8975fa0 R14: 00007f5fe8975fa0 R15: 00000000000011f4 </TASK> Here, syzbot managed to set the 'fullmesh' flag on an 'implicit' and used -- according to 'id_avail_bitmap' -- endpoint, causing the PM to try decrement the local_addr_used counter which is only incremented for the 'subflow' endpoint. Note that 'no type' endpoints -- not 'subflow', 'signal', 'implicit' -- are fine, because their ID will not be marked as used in the 'id_avail' bitmap, and setting 'fullmesh' can help forcing the creation of subflow when receiving an ADD_ADDR. Fixes: 73c762c1f07d ("mptcp: set fullmesh flag in pm_netlink") Cc: stable(a)vger.kernel.org Reported-by: syzbot+cd16e79c1e45f3fe0377(a)syzkaller.appspotmail.com Closes: https://lore.kernel.org/6786ac51.050a0220.216c54.00a6.GAE@google.com Closes: https://github.com/multipath-tcp/mptcp_net-next/issues/540 Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Link: https://patch.msgid.link/20250123-net-mptcp-syzbot-issues-v1-2-af73258a726f… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/net/mptcp/pm_netlink.c b/net/mptcp/pm_netlink.c index 98ac73938bd8..572d160edca3 100644 --- a/net/mptcp/pm_netlink.c +++ b/net/mptcp/pm_netlink.c @@ -2020,7 +2020,8 @@ int mptcp_pm_nl_set_flags(struct sk_buff *skb, struct genl_info *info) return -EINVAL; } if ((addr.flags & MPTCP_PM_ADDR_FLAG_FULLMESH) && - (entry->flags & MPTCP_PM_ADDR_FLAG_SIGNAL)) { + (entry->flags & (MPTCP_PM_ADDR_FLAG_SIGNAL | + MPTCP_PM_ADDR_FLAG_IMPLICIT))) { spin_unlock_bh(&pernet->lock); GENL_SET_ERR_MSG(info, "invalid addr flags"); return -EINVAL;

4 months, 1 week

2
3
0 0

FAILED: patch "[PATCH] mptcp: pm: only set fullmesh for subflow endp" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 1bb0d1348546ad059f55c93def34e67cb2a034a6 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025020428-unashamed-delicate-248c@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1bb0d1348546ad059f55c93def34e67cb2a034a6 Mon Sep 17 00:00:00 2001 From: "Matthieu Baerts (NGI0)" <matttbe(a)kernel.org> Date: Thu, 23 Jan 2025 19:05:55 +0100 Subject: [PATCH] mptcp: pm: only set fullmesh for subflow endp With the in-kernel path-manager, it is possible to change the 'fullmesh' flag. The code in mptcp_pm_nl_fullmesh() expects to change it only on 'subflow' endpoints, to recreate more or less subflows using the linked address. Unfortunately, the set_flags() hook was a bit more permissive, and allowed 'implicit' endpoints to get the 'fullmesh' flag while it is not allowed before. That's what syzbot found, triggering the following warning: WARNING: CPU: 0 PID: 6499 at net/mptcp/pm_netlink.c:1496 __mark_subflow_endp_available net/mptcp/pm_netlink.c:1496 [inline] WARNING: CPU: 0 PID: 6499 at net/mptcp/pm_netlink.c:1496 mptcp_pm_nl_fullmesh net/mptcp/pm_netlink.c:1980 [inline] WARNING: CPU: 0 PID: 6499 at net/mptcp/pm_netlink.c:1496 mptcp_nl_set_flags net/mptcp/pm_netlink.c:2003 [inline] WARNING: CPU: 0 PID: 6499 at net/mptcp/pm_netlink.c:1496 mptcp_pm_nl_set_flags+0x974/0xdc0 net/mptcp/pm_netlink.c:2064 Modules linked in: CPU: 0 UID: 0 PID: 6499 Comm: syz.1.413 Not tainted 6.13.0-rc5-syzkaller-00172-gd1bf27c4e176 #0 Hardware name: Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 RIP: 0010:__mark_subflow_endp_available net/mptcp/pm_netlink.c:1496 [inline] RIP: 0010:mptcp_pm_nl_fullmesh net/mptcp/pm_netlink.c:1980 [inline] RIP: 0010:mptcp_nl_set_flags net/mptcp/pm_netlink.c:2003 [inline] RIP: 0010:mptcp_pm_nl_set_flags+0x974/0xdc0 net/mptcp/pm_netlink.c:2064 Code: 01 00 00 49 89 c5 e8 fb 45 e8 f5 e9 b8 fc ff ff e8 f1 45 e8 f5 4c 89 f7 be 03 00 00 00 e8 44 1d 0b f9 eb a0 e8 dd 45 e8 f5 90 <0f> 0b 90 e9 17 ff ff ff 89 d9 80 e1 07 38 c1 0f 8c c9 fc ff ff 48 RSP: 0018:ffffc9000d307240 EFLAGS: 00010293 RAX: ffffffff8bb72e03 RBX: 0000000000000000 RCX: ffff88807da88000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffffc9000d307430 R08: ffffffff8bb72cf0 R09: 1ffff1100b842a5e R10: dffffc0000000000 R11: ffffed100b842a5f R12: ffff88801e2e5ac0 R13: ffff88805c214800 R14: ffff88805c2152e8 R15: 1ffff1100b842a5d FS: 00005555619f6500(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020002840 CR3: 00000000247e6000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> genl_family_rcv_msg_doit net/netlink/genetlink.c:1115 [inline] genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline] genl_rcv_msg+0xb14/0xec0 net/netlink/genetlink.c:1210 netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2542 genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219 netlink_unicast_kernel net/netlink/af_netlink.c:1321 [inline] netlink_unicast+0x7f6/0x990 net/netlink/af_netlink.c:1347 netlink_sendmsg+0x8e4/0xcb0 net/netlink/af_netlink.c:1891 sock_sendmsg_nosec net/socket.c:711 [inline] __sock_sendmsg+0x221/0x270 net/socket.c:726 ____sys_sendmsg+0x52a/0x7e0 net/socket.c:2583 ___sys_sendmsg net/socket.c:2637 [inline] __sys_sendmsg+0x269/0x350 net/socket.c:2669 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f5fe8785d29 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fff571f5558 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007f5fe8975fa0 RCX: 00007f5fe8785d29 RDX: 0000000000000000 RSI: 0000000020000480 RDI: 0000000000000007 RBP: 00007f5fe8801b08 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007f5fe8975fa0 R14: 00007f5fe8975fa0 R15: 00000000000011f4 </TASK> Here, syzbot managed to set the 'fullmesh' flag on an 'implicit' and used -- according to 'id_avail_bitmap' -- endpoint, causing the PM to try decrement the local_addr_used counter which is only incremented for the 'subflow' endpoint. Note that 'no type' endpoints -- not 'subflow', 'signal', 'implicit' -- are fine, because their ID will not be marked as used in the 'id_avail' bitmap, and setting 'fullmesh' can help forcing the creation of subflow when receiving an ADD_ADDR. Fixes: 73c762c1f07d ("mptcp: set fullmesh flag in pm_netlink") Cc: stable(a)vger.kernel.org Reported-by: syzbot+cd16e79c1e45f3fe0377(a)syzkaller.appspotmail.com Closes: https://lore.kernel.org/6786ac51.050a0220.216c54.00a6.GAE@google.com Closes: https://github.com/multipath-tcp/mptcp_net-next/issues/540 Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Link: https://patch.msgid.link/20250123-net-mptcp-syzbot-issues-v1-2-af73258a726f… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/net/mptcp/pm_netlink.c b/net/mptcp/pm_netlink.c index 98ac73938bd8..572d160edca3 100644 --- a/net/mptcp/pm_netlink.c +++ b/net/mptcp/pm_netlink.c @@ -2020,7 +2020,8 @@ int mptcp_pm_nl_set_flags(struct sk_buff *skb, struct genl_info *info) return -EINVAL; } if ((addr.flags & MPTCP_PM_ADDR_FLAG_FULLMESH) && - (entry->flags & MPTCP_PM_ADDR_FLAG_SIGNAL)) { + (entry->flags & (MPTCP_PM_ADDR_FLAG_SIGNAL | + MPTCP_PM_ADDR_FLAG_IMPLICIT))) { spin_unlock_bh(&pernet->lock); GENL_SET_ERR_MSG(info, "invalid addr flags"); return -EINVAL;

4 months, 1 week

2
4
0 0

Please Apply: Revert "drm/amd/display: Fix green screen issue after suspend"

by Mingcong Bai

The display on Lenovo Xiaoxin Pro 13 2019 (Lenovo XiaoXinPro-13API 2019) briefly shows a garbled screen upon wakeup from S3 with kernel v6.13.2, but not with v6.14-rc1. I have bisected to 04d6273faed083e619fc39a738ab0372b6a4db20 ("Revert "drm/amd/display: Fix green screen issue after suspend"") as the fix to this issue. However, it is quite strange that the title indicated a revert to the fix for the exact issue I was experiencing - despite the commit claiming that the maintainers "cannot see the issue" any more. It seems that I'm running into some sort of unexpected issue that is outside of AMD's test case. In any case, this commit fixes the issue on the device I have tested and applies cleanly on 6.13. I would therefore like to request for this commit to be backported to 6.13 (and maybe other branches, but I think the maintainers may have a better idea on this). Reported-By: Yang Wu <harico(a)yurier.net> Tested-by: Yang Wu <harico(a)yurier.net> Suggested-by: Mingcong Bai <jeffbai(a)aosc.io>

4 months, 1 week

1
0
0 0

Re: The business loan-

by David Song

Hello, My name is David Song, at AA4 FS, we are a consultancy and brokerage Firm specializing in Growth Financial Loan and joint partnership venture. We specialize in investments in all Private and public sectors in a broad range of areas within our Financial Investment Services. We are experts in financial and operational management, due diligence and capital planning in all markets and industries. Our Investors wish to invest in any viable Project presented by your Management after reviews on your Business Project Presentation Plan. We look forward to your Swift response. We also offer commission to consultants and brokers for any partnership referrals. Regards, David Song Senior Broker AA4 Financial Services 13 Wonersh Way, Cheam, Sutton, Surrey, SM2 7LX Email: dsong(a)aa4financialservice.com

4 months, 1 week

1
0
0 0

[PATCH v9 05/13] drm/bridge: cdns-dsi: Wait for Clk and Data Lanes to be ready

by Aradhya Bhatia

From: Aradhya Bhatia <a-bhatia1(a)ti.com> Once the DSI Link and DSI Phy are initialized, the code needs to wait for Clk and Data Lanes to be ready, before continuing configuration. This is in accordance with the DSI Start-up procedure, found in the Technical Reference Manual of Texas Instrument's J721E SoC[0] which houses this DSI TX controller. If the previous bridge (or crtc/encoder) are configured pre-maturely, the input signal FIFO gets corrupt. This introduces a color-shift on the display. Allow the driver to wait for the clk and data lanes to get ready during DSI enable. [0]: See section 12.6.5.7.3 "Start-up Procedure" in J721E SoC TRM TRM Link: http://www.ti.com/lit/pdf/spruil1 Fixes: e19233955d9e ("drm/bridge: Add Cadence DSI driver") Cc: stable(a)vger.kernel.org Tested-by: Dominik Haller <d.haller(a)phytec.de> Reviewed-by: Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> Signed-off-by: Aradhya Bhatia <a-bhatia1(a)ti.com> Signed-off-by: Aradhya Bhatia <aradhya.bhatia(a)linux.dev> --- drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c b/drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c index 87921a748cdb..6a77ca36cb9d 100644 --- a/drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c +++ b/drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c @@ -769,7 +769,7 @@ static void cdns_dsi_bridge_enable(struct drm_bridge *bridge) struct phy_configure_opts_mipi_dphy *phy_cfg = &output->phy_opts.mipi_dphy; unsigned long tx_byte_period; struct cdns_dsi_cfg dsi_cfg; - u32 tmp, reg_wakeup, div; + u32 tmp, reg_wakeup, div, status; int nlanes; if (WARN_ON(pm_runtime_get_sync(dsi->base.dev) < 0)) @@ -786,6 +786,19 @@ static void cdns_dsi_bridge_enable(struct drm_bridge *bridge) cdns_dsi_hs_init(dsi); cdns_dsi_init_link(dsi); + /* + * Now that the DSI Link and DSI Phy are initialized, + * wait for the CLK and Data Lanes to be ready. + */ + tmp = CLK_LANE_RDY; + for (int i = 0; i < nlanes; i++) + tmp |= DATA_LANE_RDY(i); + + if (readl_poll_timeout(dsi->regs + MCTL_MAIN_STS, status, + (tmp == (status & tmp)), 100, 500000)) + dev_err(dsi->base.dev, + "Timed Out: DSI-DPhy Clock and Data Lanes not ready.\n"); + writel(HBP_LEN(dsi_cfg.hbp) | HSA_LEN(dsi_cfg.hsa), dsi->regs + VID_HSIZE1); writel(HFP_LEN(dsi_cfg.hfp) | HACT_LEN(dsi_cfg.hact), -- 2.34.1

4 months, 1 week

1
0
0 0

[PATCH v9 04/13] drm/bridge: cdns-dsi: Check return value when getting default PHY config

by Aradhya Bhatia

From: Aradhya Bhatia <a-bhatia1(a)ti.com> Check for the return value of the phy_mipi_dphy_get_default_config() call, and in case of an error, return back the same. Fixes: fced5a364dee ("drm/bridge: cdns: Convert to phy framework") Cc: stable(a)vger.kernel.org Reviewed-by: Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Signed-off-by: Aradhya Bhatia <a-bhatia1(a)ti.com> Signed-off-by: Aradhya Bhatia <aradhya.bhatia(a)linux.dev> --- drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c b/drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c index 19cc8734a4c8..87921a748cdb 100644 --- a/drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c +++ b/drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c @@ -575,9 +575,11 @@ static int cdns_dsi_check_conf(struct cdns_dsi *dsi, if (ret) return ret; - phy_mipi_dphy_get_default_config(mode_clock * 1000, - mipi_dsi_pixel_format_to_bpp(output->dev->format), - nlanes, phy_cfg); + ret = phy_mipi_dphy_get_default_config(mode_clock * 1000, + mipi_dsi_pixel_format_to_bpp(output->dev->format), + nlanes, phy_cfg); + if (ret) + return ret; ret = cdns_dsi_adjust_phy_config(dsi, dsi_cfg, phy_cfg, mode, mode_valid_check); if (ret) -- 2.34.1

4 months, 1 week

1
0
0 0

[PATCH v9 03/13] drm/bridge: cdns-dsi: Fix the clock variable for mode_valid()

by Aradhya Bhatia

From: Aradhya Bhatia <a-bhatia1(a)ti.com> The crtc_* mode parameters do not get generated (duplicated in this case) from the regular parameters before the mode validation phase begins. The rest of the code conditionally uses the crtc_* parameters only during the bridge enable phase, but sticks to the regular parameters for mode validation. In this singular instance, however, the driver tries to use the crtc_clock parameter even during the mode validation, causing the validation to fail. Allow the D-Phy config checks to use mode->clock instead of mode->crtc_clock during mode_valid checks, like everywhere else in the driver. Fixes: fced5a364dee ("drm/bridge: cdns: Convert to phy framework") Cc: stable(a)vger.kernel.org Reviewed-by: Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Signed-off-by: Aradhya Bhatia <a-bhatia1(a)ti.com> Signed-off-by: Aradhya Bhatia <aradhya.bhatia(a)linux.dev> --- drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c b/drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c index b0a1a6774ea6..19cc8734a4c8 100644 --- a/drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c +++ b/drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c @@ -568,13 +568,14 @@ static int cdns_dsi_check_conf(struct cdns_dsi *dsi, struct phy_configure_opts_mipi_dphy *phy_cfg = &output->phy_opts.mipi_dphy; unsigned long dsi_hss_hsa_hse_hbp; unsigned int nlanes = output->dev->lanes; + int mode_clock = (mode_valid_check ? mode->clock : mode->crtc_clock); int ret; ret = cdns_dsi_mode2cfg(dsi, mode, dsi_cfg, mode_valid_check); if (ret) return ret; - phy_mipi_dphy_get_default_config(mode->crtc_clock * 1000, + phy_mipi_dphy_get_default_config(mode_clock * 1000, mipi_dsi_pixel_format_to_bpp(output->dev->format), nlanes, phy_cfg); -- 2.34.1

4 months, 1 week

1
0
0 0

[PATCH v9 02/13] drm/bridge: cdns-dsi: Fix phy de-init and flag it so

by Aradhya Bhatia

From: Aradhya Bhatia <a-bhatia1(a)ti.com> The driver code doesn't have a Phy de-initialization path as yet, and so it does not clear the phy_initialized flag while suspending. This is a problem because after resume the driver looks at this flag to determine if a Phy re-initialization is required or not. It is in fact required because the hardware is resuming from a suspend, but the driver does not carry out any re-initialization causing the D-Phy to not work at all. Call the counterparts of phy_init() and phy_power_on(), that are phy_exit() and phy_power_off(), from _bridge_post_disable(), and clear the flags so that the Phy can be initialized again when required. Fixes: fced5a364dee ("drm/bridge: cdns: Convert to phy framework") Cc: stable(a)vger.kernel.org Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Reviewed-by: Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> Signed-off-by: Aradhya Bhatia <a-bhatia1(a)ti.com> Signed-off-by: Aradhya Bhatia <aradhya.bhatia(a)linux.dev> --- drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c b/drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c index 2f897ea5e80a..b0a1a6774ea6 100644 --- a/drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c +++ b/drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c @@ -680,6 +680,11 @@ static void cdns_dsi_bridge_post_disable(struct drm_bridge *bridge) struct cdns_dsi_input *input = bridge_to_cdns_dsi_input(bridge); struct cdns_dsi *dsi = input_to_dsi(input); + dsi->phy_initialized = false; + dsi->link_initialized = false; + phy_power_off(dsi->dphy); + phy_exit(dsi->dphy); + pm_runtime_put(dsi->base.dev); } @@ -1152,7 +1157,6 @@ static int __maybe_unused cdns_dsi_suspend(struct device *dev) clk_disable_unprepare(dsi->dsi_sys_clk); clk_disable_unprepare(dsi->dsi_p_clk); reset_control_assert(dsi->dsi_p_rst); - dsi->link_initialized = false; return 0; } -- 2.34.1

4 months, 1 week

1
0
0 0

[PATCH v9 01/13] drm/bridge: cdns-dsi: Fix connecting to next bridge

by Aradhya Bhatia

From: Aradhya Bhatia <a-bhatia1(a)ti.com> Fix the OF node pointer passed to the of_drm_find_bridge() call to find the next bridge in the display chain. The code to find the next panel (and create its panel-bridge) works fine, but to find the next (non-panel) bridge does not. To find the next bridge in the pipeline, we need to pass "np" - the OF node pointer of the next entity in the devicetree chain. Passing "of_node" to of_drm_find_bridge (which is what the code does currently) will fetch the bridge for the cdns-dsi which is not what's required. Fix that. Fixes: e19233955d9e ("drm/bridge: Add Cadence DSI driver") Cc: stable(a)vger.kernel.org Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Reviewed-by: Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> Signed-off-by: Aradhya Bhatia <a-bhatia1(a)ti.com> Signed-off-by: Aradhya Bhatia <aradhya.bhatia(a)linux.dev> --- drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c b/drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c index c7a0247e06ad..2f897ea5e80a 100644 --- a/drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c +++ b/drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c @@ -952,7 +952,7 @@ static int cdns_dsi_attach(struct mipi_dsi_host *host, bridge = drm_panel_bridge_add_typed(panel, DRM_MODE_CONNECTOR_DSI); } else { - bridge = of_drm_find_bridge(dev->dev.of_node); + bridge = of_drm_find_bridge(np); if (!bridge) bridge = ERR_PTR(-EINVAL); } -- 2.34.1

4 months, 1 week

1
0
0 0

[char-misc] mei: me: add panther lake P DID

by Alexander Usyskin

Add Panther Lake P device id. Cc: <stable(a)vger.kernel.org> Co-developed-by: Tomas Winkler <tomasw(a)gmail.com> Signed-off-by: Tomas Winkler <tomasw(a)gmail.com> Signed-off-by: Alexander Usyskin <alexander.usyskin(a)intel.com> --- drivers/misc/mei/hw-me-regs.h | 2 ++ drivers/misc/mei/pci-me.c | 2 ++ 2 files changed, 4 insertions(+) diff --git a/drivers/misc/mei/hw-me-regs.h b/drivers/misc/mei/hw-me-regs.h index c3a6657dcd4a..a5f88ec97df7 100644 --- a/drivers/misc/mei/hw-me-regs.h +++ b/drivers/misc/mei/hw-me-regs.h @@ -117,6 +117,8 @@ #define MEI_DEV_ID_LNL_M 0xA870 /* Lunar Lake Point M */ +#define MEI_DEV_ID_PTL_P 0xE470 /* Panther Lake P */ + /* * MEI HW Section */ diff --git a/drivers/misc/mei/pci-me.c b/drivers/misc/mei/pci-me.c index 6589635f8ba3..d6ff9d82ae94 100644 --- a/drivers/misc/mei/pci-me.c +++ b/drivers/misc/mei/pci-me.c @@ -124,6 +124,8 @@ static const struct pci_device_id mei_me_pci_tbl[] = { {MEI_PCI_DEVICE(MEI_DEV_ID_LNL_M, MEI_ME_PCH15_CFG)}, + {MEI_PCI_DEVICE(MEI_DEV_ID_PTL_P, MEI_ME_PCH15_CFG)}, + /* required last entry */ {0, } }; -- 2.43.0

4 months, 1 week

1
0
0 0

[PATCH] crypto: ccp - Fix check for the primary ASP device

by Tom Lendacky

Currently, the ASP primary device check does not have support for PCI domains, and, as a result, when the system is configured with PCI domains (PCI segments) the wrong device can be selected as primary. This results in commands submitted to the device timing out and failing. The device check also relies on specific device and function assignments that may not hold in the future. Fix the primary ASP device check to include support for PCI domains and to perform proper checking of the Bus/Device/Function positions. Fixes: 2a6170dfe755 ("crypto: ccp: Add Platform Security Processor (PSP) device support") Cc: stable(a)vger.kernel.org Signed-off-by: Tom Lendacky <thomas.lendacky(a)amd.com> --- drivers/crypto/ccp/sp-pci.c | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/drivers/crypto/ccp/sp-pci.c b/drivers/crypto/ccp/sp-pci.c index 248d98fd8c48..157f9a9ed636 100644 --- a/drivers/crypto/ccp/sp-pci.c +++ b/drivers/crypto/ccp/sp-pci.c @@ -189,14 +189,17 @@ static bool sp_pci_is_master(struct sp_device *sp) pdev_new = to_pci_dev(dev_new); pdev_cur = to_pci_dev(dev_cur); - if (pdev_new->bus->number < pdev_cur->bus->number) - return true; + if (pci_domain_nr(pdev_new->bus) != pci_domain_nr(pdev_cur->bus)) + return pci_domain_nr(pdev_new->bus) < pci_domain_nr(pdev_cur->bus); - if (PCI_SLOT(pdev_new->devfn) < PCI_SLOT(pdev_cur->devfn)) - return true; + if (pdev_new->bus->number != pdev_cur->bus->number) + return pdev_new->bus->number < pdev_cur->bus->number; - if (PCI_FUNC(pdev_new->devfn) < PCI_FUNC(pdev_cur->devfn)) - return true; + if (PCI_SLOT(pdev_new->devfn) != PCI_SLOT(pdev_cur->devfn)) + return PCI_SLOT(pdev_new->devfn) < PCI_SLOT(pdev_cur->devfn); + + if (PCI_FUNC(pdev_new->devfn) != PCI_FUNC(pdev_cur->devfn)) + return PCI_FUNC(pdev_new->devfn) < PCI_FUNC(pdev_cur->devfn); return false; } base-commit: cd26cd65476711e2c69e0a049c0eeef4b743f5ac -- 2.46.2

4 months, 1 week

2
1
0 0

FAILED: patch "[PATCH] tty: xilinx_uartps: split sysrq handling" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x b06f388994500297bb91be60ffaf6825ecfd2afe # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025020900-irritate-payphone-afbb@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b06f388994500297bb91be60ffaf6825ecfd2afe Mon Sep 17 00:00:00 2001 From: Sean Anderson <sean.anderson(a)linux.dev> Date: Fri, 10 Jan 2025 16:38:22 -0500 Subject: [PATCH] tty: xilinx_uartps: split sysrq handling lockdep detects the following circular locking dependency: CPU 0 CPU 1 ========================== ============================ cdns_uart_isr() printk() uart_port_lock(port) console_lock() cdns_uart_console_write() if (!port->sysrq) uart_port_lock(port) uart_handle_break() port->sysrq = ... uart_handle_sysrq_char() printk() console_lock() The fixed commit attempts to avoid this situation by only taking the port lock in cdns_uart_console_write if port->sysrq unset. However, if (as shown above) cdns_uart_console_write runs before port->sysrq is set, then it will try to take the port lock anyway. This may result in a deadlock. Fix this by splitting sysrq handling into two parts. We use the prepare helper under the port lock and defer handling until we release the lock. Fixes: 74ea66d4ca06 ("tty: xuartps: Improve sysrq handling") Signed-off-by: Sean Anderson <sean.anderson(a)linux.dev> Cc: stable(a)vger.kernel.org # c980248179d: serial: xilinx_uartps: Use port lock wrappers Acked-by: John Ogness <john.ogness(a)linutronix.de> Link: https://lore.kernel.org/r/20250110213822.2107462-1-sean.anderson@linux.dev Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/serial/xilinx_uartps.c b/drivers/tty/serial/xilinx_uartps.c index beb151be4d32..92ec51870d1d 100644 --- a/drivers/tty/serial/xilinx_uartps.c +++ b/drivers/tty/serial/xilinx_uartps.c @@ -287,7 +287,7 @@ static void cdns_uart_handle_rx(void *dev_id, unsigned int isrstatus) continue; } - if (uart_handle_sysrq_char(port, data)) + if (uart_prepare_sysrq_char(port, data)) continue; if (is_rxbs_support) { @@ -495,7 +495,7 @@ static irqreturn_t cdns_uart_isr(int irq, void *dev_id) !(readl(port->membase + CDNS_UART_CR) & CDNS_UART_CR_RX_DIS)) cdns_uart_handle_rx(dev_id, isrstatus); - uart_port_unlock(port); + uart_unlock_and_check_sysrq(port); return IRQ_HANDLED; } @@ -1380,9 +1380,7 @@ static void cdns_uart_console_write(struct console *co, const char *s, unsigned int imr, ctrl; int locked = 1; - if (port->sysrq) - locked = 0; - else if (oops_in_progress) + if (oops_in_progress) locked = uart_port_trylock_irqsave(port, &flags); else uart_port_lock_irqsave(port, &flags);

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] tty: xilinx_uartps: split sysrq handling" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x b06f388994500297bb91be60ffaf6825ecfd2afe # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025020957-proofs-smilingly-7fac@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b06f388994500297bb91be60ffaf6825ecfd2afe Mon Sep 17 00:00:00 2001 From: Sean Anderson <sean.anderson(a)linux.dev> Date: Fri, 10 Jan 2025 16:38:22 -0500 Subject: [PATCH] tty: xilinx_uartps: split sysrq handling lockdep detects the following circular locking dependency: CPU 0 CPU 1 ========================== ============================ cdns_uart_isr() printk() uart_port_lock(port) console_lock() cdns_uart_console_write() if (!port->sysrq) uart_port_lock(port) uart_handle_break() port->sysrq = ... uart_handle_sysrq_char() printk() console_lock() The fixed commit attempts to avoid this situation by only taking the port lock in cdns_uart_console_write if port->sysrq unset. However, if (as shown above) cdns_uart_console_write runs before port->sysrq is set, then it will try to take the port lock anyway. This may result in a deadlock. Fix this by splitting sysrq handling into two parts. We use the prepare helper under the port lock and defer handling until we release the lock. Fixes: 74ea66d4ca06 ("tty: xuartps: Improve sysrq handling") Signed-off-by: Sean Anderson <sean.anderson(a)linux.dev> Cc: stable(a)vger.kernel.org # c980248179d: serial: xilinx_uartps: Use port lock wrappers Acked-by: John Ogness <john.ogness(a)linutronix.de> Link: https://lore.kernel.org/r/20250110213822.2107462-1-sean.anderson@linux.dev Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/serial/xilinx_uartps.c b/drivers/tty/serial/xilinx_uartps.c index beb151be4d32..92ec51870d1d 100644 --- a/drivers/tty/serial/xilinx_uartps.c +++ b/drivers/tty/serial/xilinx_uartps.c @@ -287,7 +287,7 @@ static void cdns_uart_handle_rx(void *dev_id, unsigned int isrstatus) continue; } - if (uart_handle_sysrq_char(port, data)) + if (uart_prepare_sysrq_char(port, data)) continue; if (is_rxbs_support) { @@ -495,7 +495,7 @@ static irqreturn_t cdns_uart_isr(int irq, void *dev_id) !(readl(port->membase + CDNS_UART_CR) & CDNS_UART_CR_RX_DIS)) cdns_uart_handle_rx(dev_id, isrstatus); - uart_port_unlock(port); + uart_unlock_and_check_sysrq(port); return IRQ_HANDLED; } @@ -1380,9 +1380,7 @@ static void cdns_uart_console_write(struct console *co, const char *s, unsigned int imr, ctrl; int locked = 1; - if (port->sysrq) - locked = 0; - else if (oops_in_progress) + if (oops_in_progress) locked = uart_port_trylock_irqsave(port, &flags); else uart_port_lock_irqsave(port, &flags);

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] tty: xilinx_uartps: split sysrq handling" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x b06f388994500297bb91be60ffaf6825ecfd2afe # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025020955-handbook-simplify-cf71@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b06f388994500297bb91be60ffaf6825ecfd2afe Mon Sep 17 00:00:00 2001 From: Sean Anderson <sean.anderson(a)linux.dev> Date: Fri, 10 Jan 2025 16:38:22 -0500 Subject: [PATCH] tty: xilinx_uartps: split sysrq handling lockdep detects the following circular locking dependency: CPU 0 CPU 1 ========================== ============================ cdns_uart_isr() printk() uart_port_lock(port) console_lock() cdns_uart_console_write() if (!port->sysrq) uart_port_lock(port) uart_handle_break() port->sysrq = ... uart_handle_sysrq_char() printk() console_lock() The fixed commit attempts to avoid this situation by only taking the port lock in cdns_uart_console_write if port->sysrq unset. However, if (as shown above) cdns_uart_console_write runs before port->sysrq is set, then it will try to take the port lock anyway. This may result in a deadlock. Fix this by splitting sysrq handling into two parts. We use the prepare helper under the port lock and defer handling until we release the lock. Fixes: 74ea66d4ca06 ("tty: xuartps: Improve sysrq handling") Signed-off-by: Sean Anderson <sean.anderson(a)linux.dev> Cc: stable(a)vger.kernel.org # c980248179d: serial: xilinx_uartps: Use port lock wrappers Acked-by: John Ogness <john.ogness(a)linutronix.de> Link: https://lore.kernel.org/r/20250110213822.2107462-1-sean.anderson@linux.dev Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/serial/xilinx_uartps.c b/drivers/tty/serial/xilinx_uartps.c index beb151be4d32..92ec51870d1d 100644 --- a/drivers/tty/serial/xilinx_uartps.c +++ b/drivers/tty/serial/xilinx_uartps.c @@ -287,7 +287,7 @@ static void cdns_uart_handle_rx(void *dev_id, unsigned int isrstatus) continue; } - if (uart_handle_sysrq_char(port, data)) + if (uart_prepare_sysrq_char(port, data)) continue; if (is_rxbs_support) { @@ -495,7 +495,7 @@ static irqreturn_t cdns_uart_isr(int irq, void *dev_id) !(readl(port->membase + CDNS_UART_CR) & CDNS_UART_CR_RX_DIS)) cdns_uart_handle_rx(dev_id, isrstatus); - uart_port_unlock(port); + uart_unlock_and_check_sysrq(port); return IRQ_HANDLED; } @@ -1380,9 +1380,7 @@ static void cdns_uart_console_write(struct console *co, const char *s, unsigned int imr, ctrl; int locked = 1; - if (port->sysrq) - locked = 0; - else if (oops_in_progress) + if (oops_in_progress) locked = uart_port_trylock_irqsave(port, &flags); else uart_port_lock_irqsave(port, &flags);

4 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] tty: xilinx_uartps: split sysrq handling" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x b06f388994500297bb91be60ffaf6825ecfd2afe # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025020952-saline-reprimand-8184@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b06f388994500297bb91be60ffaf6825ecfd2afe Mon Sep 17 00:00:00 2001 From: Sean Anderson <sean.anderson(a)linux.dev> Date: Fri, 10 Jan 2025 16:38:22 -0500 Subject: [PATCH] tty: xilinx_uartps: split sysrq handling lockdep detects the following circular locking dependency: CPU 0 CPU 1 ========================== ============================ cdns_uart_isr() printk() uart_port_lock(port) console_lock() cdns_uart_console_write() if (!port->sysrq) uart_port_lock(port) uart_handle_break() port->sysrq = ... uart_handle_sysrq_char() printk() console_lock() The fixed commit attempts to avoid this situation by only taking the port lock in cdns_uart_console_write if port->sysrq unset. However, if (as shown above) cdns_uart_console_write runs before port->sysrq is set, then it will try to take the port lock anyway. This may result in a deadlock. Fix this by splitting sysrq handling into two parts. We use the prepare helper under the port lock and defer handling until we release the lock. Fixes: 74ea66d4ca06 ("tty: xuartps: Improve sysrq handling") Signed-off-by: Sean Anderson <sean.anderson(a)linux.dev> Cc: stable(a)vger.kernel.org # c980248179d: serial: xilinx_uartps: Use port lock wrappers Acked-by: John Ogness <john.ogness(a)linutronix.de> Link: https://lore.kernel.org/r/20250110213822.2107462-1-sean.anderson@linux.dev Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/serial/xilinx_uartps.c b/drivers/tty/serial/xilinx_uartps.c index beb151be4d32..92ec51870d1d 100644 --- a/drivers/tty/serial/xilinx_uartps.c +++ b/drivers/tty/serial/xilinx_uartps.c @@ -287,7 +287,7 @@ static void cdns_uart_handle_rx(void *dev_id, unsigned int isrstatus) continue; } - if (uart_handle_sysrq_char(port, data)) + if (uart_prepare_sysrq_char(port, data)) continue; if (is_rxbs_support) { @@ -495,7 +495,7 @@ static irqreturn_t cdns_uart_isr(int irq, void *dev_id) !(readl(port->membase + CDNS_UART_CR) & CDNS_UART_CR_RX_DIS)) cdns_uart_handle_rx(dev_id, isrstatus); - uart_port_unlock(port); + uart_unlock_and_check_sysrq(port); return IRQ_HANDLED; } @@ -1380,9 +1380,7 @@ static void cdns_uart_console_write(struct console *co, const char *s, unsigned int imr, ctrl; int locked = 1; - if (port->sysrq) - locked = 0; - else if (oops_in_progress) + if (oops_in_progress) locked = uart_port_trylock_irqsave(port, &flags); else uart_port_lock_irqsave(port, &flags);

4 months, 1 week

1
0
0 0

Re: The business loan-

by David Song

Hello, My name is David Song, at AA4 FS, we are a consultancy and brokerage Firm specializing in Growth Financial Loan and joint partnership venture. We specialize in investments in all Private and public sectors in a broad range of areas within our Financial Investment Services. We are experts in financial and operational management, due diligence and capital planning in all markets and industries. Our Investors wish to invest in any viable Project presented by your Management after reviews on your Business Project Presentation Plan. We look forward to your Swift response. We also offer commission to consultants and brokers for any partnership referrals. Regards, David Song Senior Broker AA4 Financial Services 13 Wonersh Way, Cheam, Sutton, Surrey, SM2 7LX Email: dsong(a)aa4financialservice.com

4 months, 1 week

1
0
0 0

[PATCH v2] tpm: do not start chip while suspended

by Thadeu Lima de Souza Cascardo

Checking TPM_CHIP_FLAG_SUSPENDED after the call to tpm_find_get_ops() can lead to a spurious tpm_chip_start() call: [35985.503771] i2c i2c-1: Transfer while suspended [35985.503796] WARNING: CPU: 0 PID: 74 at drivers/i2c/i2c-core.h:56 __i2c_transfer+0xbe/0x810 [35985.503802] Modules linked in: [35985.503808] CPU: 0 UID: 0 PID: 74 Comm: hwrng Tainted: G W 6.13.0-next-20250203-00005-gfa0cb5642941 #19 9c3d7f78192f2d38e32010ac9c90fdc71109ef6f [35985.503814] Tainted: [W]=WARN [35985.503817] Hardware name: Google Morphius/Morphius, BIOS Google_Morphius.13434.858.0 10/26/2023 [35985.503819] RIP: 0010:__i2c_transfer+0xbe/0x810 [35985.503825] Code: 30 01 00 00 4c 89 f7 e8 40 fe d8 ff 48 8b 93 80 01 00 00 48 85 d2 75 03 49 8b 16 48 c7 c7 0a fb 7c a7 48 89 c6 e8 32 ad b0 fe <0f> 0b b8 94 ff ff ff e9 33 04 00 00 be 02 00 00 00 83 fd 02 0f 5 [35985.503828] RSP: 0018:ffffa106c0333d30 EFLAGS: 00010246 [35985.503833] RAX: 074ba64aa20f7000 RBX: ffff8aa4c1167120 RCX: 0000000000000000 [35985.503836] RDX: 0000000000000000 RSI: ffffffffa77ab0e4 RDI: 0000000000000001 [35985.503838] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000 [35985.503841] R10: 0000000000000004 R11: 00000001000313d5 R12: ffff8aa4c10f1820 [35985.503843] R13: ffff8aa4c0e243c0 R14: ffff8aa4c1167250 R15: ffff8aa4c1167120 [35985.503846] FS: 0000000000000000(0000) GS:ffff8aa4eae00000(0000) knlGS:0000000000000000 [35985.503849] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [35985.503852] CR2: 00007fab0aaf1000 CR3: 0000000105328000 CR4: 00000000003506f0 [35985.503855] Call Trace: [35985.503859] <TASK> [35985.503863] ? __warn+0xd4/0x260 [35985.503868] ? __i2c_transfer+0xbe/0x810 [35985.503874] ? report_bug+0xf3/0x210 [35985.503882] ? handle_bug+0x63/0xb0 [35985.503887] ? exc_invalid_op+0x16/0x50 [35985.503892] ? asm_exc_invalid_op+0x16/0x20 [35985.503904] ? __i2c_transfer+0xbe/0x810 [35985.503913] tpm_cr50_i2c_transfer_message+0x24/0xf0 [35985.503920] tpm_cr50_i2c_read+0x8e/0x120 [35985.503928] tpm_cr50_request_locality+0x75/0x170 [35985.503935] tpm_chip_start+0x116/0x160 [35985.503942] tpm_try_get_ops+0x57/0x90 [35985.503948] tpm_find_get_ops+0x26/0xd0 [35985.503955] tpm_get_random+0x2d/0x80 Don't move forward with tpm_chip_start() inside tpm_try_get_ops(), unless TPM_CHIP_FLAG_SUSPENDED is not set. tpm_find_get_ops() will return NULL in such a failure case. Fixes: 9265fed6db60 ("tpm: Lock TPM chip in tpm_pm_suspend() first") Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> Cc: stable(a)vger.kernel.org Cc: Jerry Snitselaar <jsnitsel(a)redhat.com> Cc: Mike Seo <mikeseohyungjin(a)gmail.com> Cc: Jarkko Sakkinen <jarkko(a)kernel.org> --- Changes in v2: - Improve commit message as suggested by Jarkko Sakkinen. - Link to v1: https://lore.kernel.org/r/20250205-tpm-suspend-v1-1-fb89a29c0b69@igalia.com --- drivers/char/tpm/tpm-chip.c | 5 +++++ drivers/char/tpm/tpm-interface.c | 7 ------- 2 files changed, 5 insertions(+), 7 deletions(-) diff --git a/drivers/char/tpm/tpm-chip.c b/drivers/char/tpm/tpm-chip.c index 7df7abaf3e526bf7e85ac9dfbaa1087a51d2ab7e..6db864696a583bf59c534ec8714900a6be7b5156 100644 --- a/drivers/char/tpm/tpm-chip.c +++ b/drivers/char/tpm/tpm-chip.c @@ -168,6 +168,11 @@ int tpm_try_get_ops(struct tpm_chip *chip) goto out_ops; mutex_lock(&chip->tpm_mutex); + + /* tmp_chip_start may issue IO that is denied while suspended */ + if (chip->flags & TPM_CHIP_FLAG_SUSPENDED) + goto out_lock; + rc = tpm_chip_start(chip); if (rc) goto out_lock; diff --git a/drivers/char/tpm/tpm-interface.c b/drivers/char/tpm/tpm-interface.c index b1daa0d7b341b1a4c71a200115f0d29d2e87512d..f62f7871edbdb0181fad8af3367878308fa8a454 100644 --- a/drivers/char/tpm/tpm-interface.c +++ b/drivers/char/tpm/tpm-interface.c @@ -445,18 +445,11 @@ int tpm_get_random(struct tpm_chip *chip, u8 *out, size_t max) if (!chip) return -ENODEV; - /* Give back zero bytes, as TPM chip has not yet fully resumed: */ - if (chip->flags & TPM_CHIP_FLAG_SUSPENDED) { - rc = 0; - goto out; - } - if (chip->flags & TPM_CHIP_FLAG_TPM2) rc = tpm2_get_random(chip, out, max); else rc = tpm1_get_random(chip, out, max); -out: tpm_put_ops(chip); return rc; } --- base-commit: 2014c95afecee3e76ca4a56956a936e23283f05b change-id: 20250205-tpm-suspend-b22f745f3124 Best regards, -- Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>

4 months, 1 week

3
2
0 0

[PATCH 5.10.y 1/2] netdevsim: print human readable IP address

by Harshit Mogalapalli

From: Hangbin Liu <liuhangbin(a)gmail.com> [ Upstream commit c71bc6da6198a6d88df86094f1052bb581951d65 ] Currently, IPSec addresses are printed in hexadecimal format, which is not user-friendly. e.g. # cat /sys/kernel/debug/netdevsim/netdevsim0/ports/0/ipsec SA count=2 tx=20 sa[0] rx ipaddr=0x00000000 00000000 00000000 0100a8c0 sa[0] spi=0x00000101 proto=0x32 salt=0x0adecc3a crypt=1 sa[0] key=0x3167608a ca4f1397 43565909 941fa627 sa[1] tx ipaddr=0x00000000 00000000 00000000 00000000 sa[1] spi=0x00000100 proto=0x32 salt=0x0adecc3a crypt=1 sa[1] key=0x3167608a ca4f1397 43565909 941fa627 This patch updates the code to print the IPSec address in a human-readable format for easier debug. e.g. # cat /sys/kernel/debug/netdevsim/netdevsim0/ports/0/ipsec SA count=4 tx=40 sa[0] tx ipaddr=0.0.0.0 sa[0] spi=0x00000100 proto=0x32 salt=0x0adecc3a crypt=1 sa[0] key=0x3167608a ca4f1397 43565909 941fa627 sa[1] rx ipaddr=192.168.0.1 sa[1] spi=0x00000101 proto=0x32 salt=0x0adecc3a crypt=1 sa[1] key=0x3167608a ca4f1397 43565909 941fa627 sa[2] tx ipaddr=:: sa[2] spi=0x00000100 proto=0x32 salt=0x0adecc3a crypt=1 sa[2] key=0x3167608a ca4f1397 43565909 941fa627 sa[3] rx ipaddr=2000::1 sa[3] spi=0x00000101 proto=0x32 salt=0x0adecc3a crypt=1 sa[3] key=0x3167608a ca4f1397 43565909 941fa627 Reviewed-by: Simon Horman <horms(a)kernel.org> Signed-off-by: Hangbin Liu <liuhangbin(a)gmail.com> Link: https://patch.msgid.link/20241010040027.21440-2-liuhangbin@gmail.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> (cherry picked from commit c71bc6da6198a6d88df86094f1052bb581951d65) [Harshit: backport to stable kernels] Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli(a)oracle.com> --- drivers/net/netdevsim/ipsec.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/drivers/net/netdevsim/ipsec.c b/drivers/net/netdevsim/ipsec.c index feca55eef993..ec1fc1d3ea36 100644 --- a/drivers/net/netdevsim/ipsec.c +++ b/drivers/net/netdevsim/ipsec.c @@ -39,10 +39,14 @@ static ssize_t nsim_dbg_netdev_ops_read(struct file *filp, if (!sap->used) continue; - p += scnprintf(p, bufsize - (p - buf), - "sa[%i] %cx ipaddr=0x%08x %08x %08x %08x\n", - i, (sap->rx ? 'r' : 't'), sap->ipaddr[0], - sap->ipaddr[1], sap->ipaddr[2], sap->ipaddr[3]); + if (sap->xs->props.family == AF_INET6) + p += scnprintf(p, bufsize - (p - buf), + "sa[%i] %cx ipaddr=%pI6c\n", + i, (sap->rx ? 'r' : 't'), &sap->ipaddr); + else + p += scnprintf(p, bufsize - (p - buf), + "sa[%i] %cx ipaddr=%pI4\n", + i, (sap->rx ? 'r' : 't'), &sap->ipaddr[3]); p += scnprintf(p, bufsize - (p - buf), "sa[%i] spi=0x%08x proto=0x%x salt=0x%08x crypt=%d\n", i, be32_to_cpu(sap->xs->id.spi), -- 2.46.0

4 months, 1 week

1
1
0 0

[PATCH 5.15.y 1/2] netdevsim: print human readable IP address

by Harshit Mogalapalli

From: Hangbin Liu <liuhangbin(a)gmail.com> [ Upstream commit c71bc6da6198a6d88df86094f1052bb581951d65 ] Currently, IPSec addresses are printed in hexadecimal format, which is not user-friendly. e.g. # cat /sys/kernel/debug/netdevsim/netdevsim0/ports/0/ipsec SA count=2 tx=20 sa[0] rx ipaddr=0x00000000 00000000 00000000 0100a8c0 sa[0] spi=0x00000101 proto=0x32 salt=0x0adecc3a crypt=1 sa[0] key=0x3167608a ca4f1397 43565909 941fa627 sa[1] tx ipaddr=0x00000000 00000000 00000000 00000000 sa[1] spi=0x00000100 proto=0x32 salt=0x0adecc3a crypt=1 sa[1] key=0x3167608a ca4f1397 43565909 941fa627 This patch updates the code to print the IPSec address in a human-readable format for easier debug. e.g. # cat /sys/kernel/debug/netdevsim/netdevsim0/ports/0/ipsec SA count=4 tx=40 sa[0] tx ipaddr=0.0.0.0 sa[0] spi=0x00000100 proto=0x32 salt=0x0adecc3a crypt=1 sa[0] key=0x3167608a ca4f1397 43565909 941fa627 sa[1] rx ipaddr=192.168.0.1 sa[1] spi=0x00000101 proto=0x32 salt=0x0adecc3a crypt=1 sa[1] key=0x3167608a ca4f1397 43565909 941fa627 sa[2] tx ipaddr=:: sa[2] spi=0x00000100 proto=0x32 salt=0x0adecc3a crypt=1 sa[2] key=0x3167608a ca4f1397 43565909 941fa627 sa[3] rx ipaddr=2000::1 sa[3] spi=0x00000101 proto=0x32 salt=0x0adecc3a crypt=1 sa[3] key=0x3167608a ca4f1397 43565909 941fa627 Reviewed-by: Simon Horman <horms(a)kernel.org> Signed-off-by: Hangbin Liu <liuhangbin(a)gmail.com> Link: https://patch.msgid.link/20241010040027.21440-2-liuhangbin@gmail.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> (cherry picked from commit c71bc6da6198a6d88df86094f1052bb581951d65) [Harshit: backport to stable kernels] Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli(a)oracle.com> --- drivers/net/netdevsim/ipsec.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/drivers/net/netdevsim/ipsec.c b/drivers/net/netdevsim/ipsec.c index feca55eef993..ec1fc1d3ea36 100644 --- a/drivers/net/netdevsim/ipsec.c +++ b/drivers/net/netdevsim/ipsec.c @@ -39,10 +39,14 @@ static ssize_t nsim_dbg_netdev_ops_read(struct file *filp, if (!sap->used) continue; - p += scnprintf(p, bufsize - (p - buf), - "sa[%i] %cx ipaddr=0x%08x %08x %08x %08x\n", - i, (sap->rx ? 'r' : 't'), sap->ipaddr[0], - sap->ipaddr[1], sap->ipaddr[2], sap->ipaddr[3]); + if (sap->xs->props.family == AF_INET6) + p += scnprintf(p, bufsize - (p - buf), + "sa[%i] %cx ipaddr=%pI6c\n", + i, (sap->rx ? 'r' : 't'), &sap->ipaddr); + else + p += scnprintf(p, bufsize - (p - buf), + "sa[%i] %cx ipaddr=%pI4\n", + i, (sap->rx ? 'r' : 't'), &sap->ipaddr[3]); p += scnprintf(p, bufsize - (p - buf), "sa[%i] spi=0x%08x proto=0x%x salt=0x%08x crypt=%d\n", i, be32_to_cpu(sap->xs->id.spi), -- 2.46.0

4 months, 1 week

1
1
0 0

[PATCH] mtd: rawnand: qcom: fix broken config in qcom_param_page_type_exec

by Christian Marangi

Fix broken config in qcom_param_page_type_exec caused by copy-paste error from commit 0c08080fd71c ("mtd: rawnand: qcom: use FIELD_PREP and GENMASK") In qcom_param_page_type_exec the value needs to be set to nandc->regs->cfg0 instead of host->cfg0. This wrong configuration caused the Qcom NANDC driver to malfunction on any device that makes use of it (IPQ806x, IPQ40xx, IPQ807x, IPQ60xx) with the following error: [ 0.885369] nand: device found, Manufacturer ID: 0x2c, Chip ID: 0xaa [ 0.885909] nand: Micron NAND 256MiB 1,8V 8-bit [ 0.892499] nand: 256 MiB, SLC, erase size: 128 KiB, page size: 2048, OOB size: 64 [ 0.896823] nand: ECC (step, strength) = (512, 8) does not fit in OOB [ 0.896836] qcom-nandc 79b0000.nand-controller: No valid ECC settings possible [ 0.910996] bam-dma-engine 7984000.dma-controller: Cannot free busy channel [ 0.918070] qcom-nandc: probe of 79b0000.nand-controller failed with error -28 Restore original configuration fix the problem and makes the driver work again. Cc: stable(a)vger.kernel.org Fixes: 0c08080fd71c ("mtd: rawnand: qcom: use FIELD_PREP and GENMASK") Signed-off-by: Christian Marangi <ansuelsmth(a)gmail.com> --- drivers/mtd/nand/raw/qcom_nandc.c | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/drivers/mtd/nand/raw/qcom_nandc.c b/drivers/mtd/nand/raw/qcom_nandc.c index d2d2aeee42a7..4e3a3e049d9d 100644 --- a/drivers/mtd/nand/raw/qcom_nandc.c +++ b/drivers/mtd/nand/raw/qcom_nandc.c @@ -1881,18 +1881,18 @@ static int qcom_param_page_type_exec(struct nand_chip *chip, const struct nand_ nandc->regs->addr0 = 0; nandc->regs->addr1 = 0; - host->cfg0 = FIELD_PREP(CW_PER_PAGE_MASK, 0) | - FIELD_PREP(UD_SIZE_BYTES_MASK, 512) | - FIELD_PREP(NUM_ADDR_CYCLES_MASK, 5) | - FIELD_PREP(SPARE_SIZE_BYTES_MASK, 0); - - host->cfg1 = FIELD_PREP(NAND_RECOVERY_CYCLES_MASK, 7) | - FIELD_PREP(BAD_BLOCK_BYTE_NUM_MASK, 17) | - FIELD_PREP(CS_ACTIVE_BSY, 0) | - FIELD_PREP(BAD_BLOCK_IN_SPARE_AREA, 1) | - FIELD_PREP(WR_RD_BSY_GAP_MASK, 2) | - FIELD_PREP(WIDE_FLASH, 0) | - FIELD_PREP(DEV0_CFG1_ECC_DISABLE, 1); + nandc->regs->cfg0 = FIELD_PREP(CW_PER_PAGE_MASK, 0) | + FIELD_PREP(UD_SIZE_BYTES_MASK, 512) | + FIELD_PREP(NUM_ADDR_CYCLES_MASK, 5) | + FIELD_PREP(SPARE_SIZE_BYTES_MASK, 0); + + nandc->regs->cfg1 = FIELD_PREP(NAND_RECOVERY_CYCLES_MASK, 7) | + FIELD_PREP(BAD_BLOCK_BYTE_NUM_MASK, 17) | + FIELD_PREP(CS_ACTIVE_BSY, 0) | + FIELD_PREP(BAD_BLOCK_IN_SPARE_AREA, 1) | + FIELD_PREP(WR_RD_BSY_GAP_MASK, 2) | + FIELD_PREP(WIDE_FLASH, 0) | + FIELD_PREP(DEV0_CFG1_ECC_DISABLE, 1); if (!nandc->props->qpic_version2) nandc->regs->ecc_buf_cfg = cpu_to_le32(ECC_CFG_ECC_DISABLE); -- 2.47.1

4 months, 1 week

3
2
0 0

[PATCH 6.1.y 1/2] netdevsim: print human readable IP address

by Harshit Mogalapalli

From: Hangbin Liu <liuhangbin(a)gmail.com> [ Upstream commit c71bc6da6198a6d88df86094f1052bb581951d65 ] Currently, IPSec addresses are printed in hexadecimal format, which is not user-friendly. e.g. # cat /sys/kernel/debug/netdevsim/netdevsim0/ports/0/ipsec SA count=2 tx=20 sa[0] rx ipaddr=0x00000000 00000000 00000000 0100a8c0 sa[0] spi=0x00000101 proto=0x32 salt=0x0adecc3a crypt=1 sa[0] key=0x3167608a ca4f1397 43565909 941fa627 sa[1] tx ipaddr=0x00000000 00000000 00000000 00000000 sa[1] spi=0x00000100 proto=0x32 salt=0x0adecc3a crypt=1 sa[1] key=0x3167608a ca4f1397 43565909 941fa627 This patch updates the code to print the IPSec address in a human-readable format for easier debug. e.g. # cat /sys/kernel/debug/netdevsim/netdevsim0/ports/0/ipsec SA count=4 tx=40 sa[0] tx ipaddr=0.0.0.0 sa[0] spi=0x00000100 proto=0x32 salt=0x0adecc3a crypt=1 sa[0] key=0x3167608a ca4f1397 43565909 941fa627 sa[1] rx ipaddr=192.168.0.1 sa[1] spi=0x00000101 proto=0x32 salt=0x0adecc3a crypt=1 sa[1] key=0x3167608a ca4f1397 43565909 941fa627 sa[2] tx ipaddr=:: sa[2] spi=0x00000100 proto=0x32 salt=0x0adecc3a crypt=1 sa[2] key=0x3167608a ca4f1397 43565909 941fa627 sa[3] rx ipaddr=2000::1 sa[3] spi=0x00000101 proto=0x32 salt=0x0adecc3a crypt=1 sa[3] key=0x3167608a ca4f1397 43565909 941fa627 Reviewed-by: Simon Horman <horms(a)kernel.org> Signed-off-by: Hangbin Liu <liuhangbin(a)gmail.com> Link: https://patch.msgid.link/20241010040027.21440-2-liuhangbin@gmail.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> (cherry picked from commit c71bc6da6198a6d88df86094f1052bb581951d65) [Harshit: backport to stable kernels] Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli(a)oracle.com> --- drivers/net/netdevsim/ipsec.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/drivers/net/netdevsim/ipsec.c b/drivers/net/netdevsim/ipsec.c index feca55eef993..ec1fc1d3ea36 100644 --- a/drivers/net/netdevsim/ipsec.c +++ b/drivers/net/netdevsim/ipsec.c @@ -39,10 +39,14 @@ static ssize_t nsim_dbg_netdev_ops_read(struct file *filp, if (!sap->used) continue; - p += scnprintf(p, bufsize - (p - buf), - "sa[%i] %cx ipaddr=0x%08x %08x %08x %08x\n", - i, (sap->rx ? 'r' : 't'), sap->ipaddr[0], - sap->ipaddr[1], sap->ipaddr[2], sap->ipaddr[3]); + if (sap->xs->props.family == AF_INET6) + p += scnprintf(p, bufsize - (p - buf), + "sa[%i] %cx ipaddr=%pI6c\n", + i, (sap->rx ? 'r' : 't'), &sap->ipaddr); + else + p += scnprintf(p, bufsize - (p - buf), + "sa[%i] %cx ipaddr=%pI4\n", + i, (sap->rx ? 'r' : 't'), &sap->ipaddr[3]); p += scnprintf(p, bufsize - (p - buf), "sa[%i] spi=0x%08x proto=0x%x salt=0x%08x crypt=%d\n", i, be32_to_cpu(sap->xs->id.spi), -- 2.46.0

4 months, 1 week

1
1
0 0

[PATCH 6.6.y 1/2] netdevsim: print human readable IP address

by Harshit Mogalapalli

From: Hangbin Liu <liuhangbin(a)gmail.com> [ Upstream commit c71bc6da6198a6d88df86094f1052bb581951d65 ] Currently, IPSec addresses are printed in hexadecimal format, which is not user-friendly. e.g. # cat /sys/kernel/debug/netdevsim/netdevsim0/ports/0/ipsec SA count=2 tx=20 sa[0] rx ipaddr=0x00000000 00000000 00000000 0100a8c0 sa[0] spi=0x00000101 proto=0x32 salt=0x0adecc3a crypt=1 sa[0] key=0x3167608a ca4f1397 43565909 941fa627 sa[1] tx ipaddr=0x00000000 00000000 00000000 00000000 sa[1] spi=0x00000100 proto=0x32 salt=0x0adecc3a crypt=1 sa[1] key=0x3167608a ca4f1397 43565909 941fa627 This patch updates the code to print the IPSec address in a human-readable format for easier debug. e.g. # cat /sys/kernel/debug/netdevsim/netdevsim0/ports/0/ipsec SA count=4 tx=40 sa[0] tx ipaddr=0.0.0.0 sa[0] spi=0x00000100 proto=0x32 salt=0x0adecc3a crypt=1 sa[0] key=0x3167608a ca4f1397 43565909 941fa627 sa[1] rx ipaddr=192.168.0.1 sa[1] spi=0x00000101 proto=0x32 salt=0x0adecc3a crypt=1 sa[1] key=0x3167608a ca4f1397 43565909 941fa627 sa[2] tx ipaddr=:: sa[2] spi=0x00000100 proto=0x32 salt=0x0adecc3a crypt=1 sa[2] key=0x3167608a ca4f1397 43565909 941fa627 sa[3] rx ipaddr=2000::1 sa[3] spi=0x00000101 proto=0x32 salt=0x0adecc3a crypt=1 sa[3] key=0x3167608a ca4f1397 43565909 941fa627 Reviewed-by: Simon Horman <horms(a)kernel.org> Signed-off-by: Hangbin Liu <liuhangbin(a)gmail.com> Link: https://patch.msgid.link/20241010040027.21440-2-liuhangbin@gmail.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> (cherry picked from commit c71bc6da6198a6d88df86094f1052bb581951d65) [Harshit: backport to stable kernels] Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli(a)oracle.com> --- drivers/net/netdevsim/ipsec.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/drivers/net/netdevsim/ipsec.c b/drivers/net/netdevsim/ipsec.c index 3612b0633bd1..88187dd4eb2d 100644 --- a/drivers/net/netdevsim/ipsec.c +++ b/drivers/net/netdevsim/ipsec.c @@ -39,10 +39,14 @@ static ssize_t nsim_dbg_netdev_ops_read(struct file *filp, if (!sap->used) continue; - p += scnprintf(p, bufsize - (p - buf), - "sa[%i] %cx ipaddr=0x%08x %08x %08x %08x\n", - i, (sap->rx ? 'r' : 't'), sap->ipaddr[0], - sap->ipaddr[1], sap->ipaddr[2], sap->ipaddr[3]); + if (sap->xs->props.family == AF_INET6) + p += scnprintf(p, bufsize - (p - buf), + "sa[%i] %cx ipaddr=%pI6c\n", + i, (sap->rx ? 'r' : 't'), &sap->ipaddr); + else + p += scnprintf(p, bufsize - (p - buf), + "sa[%i] %cx ipaddr=%pI4\n", + i, (sap->rx ? 'r' : 't'), &sap->ipaddr[3]); p += scnprintf(p, bufsize - (p - buf), "sa[%i] spi=0x%08x proto=0x%x salt=0x%08x crypt=%d\n", i, be32_to_cpu(sap->xs->id.spi), -- 2.46.0

4 months, 1 week

1
1
0 0

[PATCH net 6/6] can: rockchip: rkcanfd_handle_rx_fifo_overflow_int(): bail out if skb cannot be allocated

by Marc Kleine-Budde

From: Robin van der Gracht <robin(a)protonic.nl> Fix NULL pointer check in rkcanfd_handle_rx_fifo_overflow_int() to bail out if skb cannot be allocated. Fixes: ff60bfbaf67f ("can: rockchip_canfd: add driver for Rockchip CAN-FD controller") Cc: stable(a)vger.kernel.org Signed-off-by: Robin van der Gracht <robin(a)protonic.nl> Link: https://patch.msgid.link/20250208-fix-rockchip-canfd-v1-1-ec533c8a9895@peng… Signed-off-by: Marc Kleine-Budde <mkl(a)pengutronix.de> --- drivers/net/can/rockchip/rockchip_canfd-core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/can/rockchip/rockchip_canfd-core.c b/drivers/net/can/rockchip/rockchip_canfd-core.c index df18c85fc078..d9a937ba126c 100644 --- a/drivers/net/can/rockchip/rockchip_canfd-core.c +++ b/drivers/net/can/rockchip/rockchip_canfd-core.c @@ -622,7 +622,7 @@ rkcanfd_handle_rx_fifo_overflow_int(struct rkcanfd_priv *priv) netdev_dbg(priv->ndev, "RX-FIFO overflow\n"); skb = rkcanfd_alloc_can_err_skb(priv, &cf, &timestamp); - if (skb) + if (!skb) return 0; rkcanfd_get_berr_counter_corrected(priv, &bec); -- 2.47.2

4 months, 1 week

1
0
0 0

[PATCH net 5/6] can: etas_es58x: fix potential NULL pointer dereference on udev->serial

by Marc Kleine-Budde

From: Vincent Mailhol <mailhol.vincent(a)wanadoo.fr> The driver assumed that es58x_dev->udev->serial could never be NULL. While this is true on commercially available devices, an attacker could spoof the device identity providing a NULL USB serial number. That would trigger a NULL pointer dereference. Add a check on es58x_dev->udev->serial before accessing it. Reported-by: yan kang <kangyan91(a)outlook.com> Reported-by: yue sun <samsun1006219(a)gmail.com> Closes: https://lore.kernel.org/linux-can/SY8P300MB0421E0013C0EBD2AA46BA709A1F42@SY… Fixes: 9f06631c3f1f ("can: etas_es58x: export product information through devlink_ops::info_get()") Signed-off-by: Vincent Mailhol <mailhol.vincent(a)wanadoo.fr> Link: https://patch.msgid.link/20250204154859.9797-2-mailhol.vincent@wanadoo.fr Cc: stable(a)vger.kernel.org Signed-off-by: Marc Kleine-Budde <mkl(a)pengutronix.de> --- drivers/net/can/usb/etas_es58x/es58x_devlink.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/drivers/net/can/usb/etas_es58x/es58x_devlink.c b/drivers/net/can/usb/etas_es58x/es58x_devlink.c index eee20839d96f..0d155eb1b9e9 100644 --- a/drivers/net/can/usb/etas_es58x/es58x_devlink.c +++ b/drivers/net/can/usb/etas_es58x/es58x_devlink.c @@ -248,7 +248,11 @@ static int es58x_devlink_info_get(struct devlink *devlink, return ret; } - return devlink_info_serial_number_put(req, es58x_dev->udev->serial); + if (es58x_dev->udev->serial) + ret = devlink_info_serial_number_put(req, + es58x_dev->udev->serial); + + return ret; } const struct devlink_ops es58x_dl_ops = { -- 2.47.2

4 months, 1 week

1
0
0 0

[PATCH net 4/6] can: c_can: fix unbalanced runtime PM disable in error path

by Marc Kleine-Budde

From: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Runtime PM is enabled as one of the last steps of probe(), so all earlier gotos to "exit_free_device" label were not correct and were leading to unbalanced runtime PM disable depth. Fixes: 6e2fe01dd6f9 ("can: c_can: move runtime PM enable/disable to c_can_platform") Cc: stable(a)vger.kernel.org Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Reviewed-by: Vincent Mailhol <mailhol.vincent(a)wanadoo.fr> Link: https://patch.msgid.link/20250112-syscon-phandle-args-can-v1-1-314d9549906f… Signed-off-by: Marc Kleine-Budde <mkl(a)pengutronix.de> --- drivers/net/can/c_can/c_can_platform.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/drivers/net/can/c_can/c_can_platform.c b/drivers/net/can/c_can/c_can_platform.c index 6cba9717a6d8..399844809bbe 100644 --- a/drivers/net/can/c_can/c_can_platform.c +++ b/drivers/net/can/c_can/c_can_platform.c @@ -385,15 +385,16 @@ static int c_can_plat_probe(struct platform_device *pdev) if (ret) { dev_err(&pdev->dev, "registering %s failed (err=%d)\n", KBUILD_MODNAME, ret); - goto exit_free_device; + goto exit_pm_runtime; } dev_info(&pdev->dev, "%s device registered (regs=%p, irq=%d)\n", KBUILD_MODNAME, priv->base, dev->irq); return 0; -exit_free_device: +exit_pm_runtime: pm_runtime_disable(priv->device); +exit_free_device: free_c_can_dev(dev); exit: dev_err(&pdev->dev, "probe failed\n"); -- 2.47.2

4 months, 1 week

1
0
0 0

[PATCH net 3/6] can: ctucanfd: handle skb allocation failure

by Marc Kleine-Budde

From: Fedor Pchelkin <pchelkin(a)ispras.ru> If skb allocation fails, the pointer to struct can_frame is NULL. This is actually handled everywhere inside ctucan_err_interrupt() except for the only place. Add the missed NULL check. Found by Linux Verification Center (linuxtesting.org) with SVACE static analysis tool. Fixes: 2dcb8e8782d8 ("can: ctucanfd: add support for CTU CAN FD open-source IP core - bus independent part.") Cc: stable(a)vger.kernel.org Signed-off-by: Fedor Pchelkin <pchelkin(a)ispras.ru> Acked-by: Pavel Pisa <pisa(a)cmp.felk.cvut.cz> Reviewed-by: Vincent Mailhol <mailhol.vincent(a)wanadoo.fr> Link: https://patch.msgid.link/20250114152138.139580-1-pchelkin@ispras.ru Signed-off-by: Marc Kleine-Budde <mkl(a)pengutronix.de> --- drivers/net/can/ctucanfd/ctucanfd_base.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/drivers/net/can/ctucanfd/ctucanfd_base.c b/drivers/net/can/ctucanfd/ctucanfd_base.c index 64c349fd4600..f65c1a1e05cc 100644 --- a/drivers/net/can/ctucanfd/ctucanfd_base.c +++ b/drivers/net/can/ctucanfd/ctucanfd_base.c @@ -867,10 +867,12 @@ static void ctucan_err_interrupt(struct net_device *ndev, u32 isr) } break; case CAN_STATE_ERROR_ACTIVE: - cf->can_id |= CAN_ERR_CNT; - cf->data[1] = CAN_ERR_CRTL_ACTIVE; - cf->data[6] = bec.txerr; - cf->data[7] = bec.rxerr; + if (skb) { + cf->can_id |= CAN_ERR_CNT; + cf->data[1] = CAN_ERR_CRTL_ACTIVE; + cf->data[6] = bec.txerr; + cf->data[7] = bec.rxerr; + } break; default: netdev_warn(ndev, "unhandled error state (%d:%s)!\n", -- 2.47.2

4 months, 1 week

1
0
0 0

[PATCH net 2/6] can: j1939: j1939_sk_send_loop(): fix unable to send messages with data length zero

by Marc Kleine-Budde

From: Alexander Hölzl <alexander.hoelzl(a)gmx.net> The J1939 standard requires the transmission of messages of length 0. For example proprietary messages are specified with a data length of 0 to 1785. The transmission of such messages is not possible. Sending results in no error being returned but no corresponding can frame being generated. Enable the transmission of zero length J1939 messages. In order to facilitate this two changes are necessary: 1) If the transmission of a new message is requested from user space the message is segmented in j1939_sk_send_loop(). Let the segmentation take into account zero length messages, do not terminate immediately, queue the corresponding skb. 2) j1939_session_skb_get_by_offset() selects the next skb to transmit for a session. Take into account that there might be zero length skbs in the queue. Signed-off-by: Alexander Hölzl <alexander.hoelzl(a)gmx.net> Acked-by: Oleksij Rempel <o.rempel(a)pengutronix.de> Link: https://patch.msgid.link/20250205174651.103238-1-alexander.hoelzl@gmx.net Fixes: 9d71dd0c7009 ("can: add support of SAE J1939 protocol") Cc: stable(a)vger.kernel.org [mkl: commit message rephrased] Signed-off-by: Marc Kleine-Budde <mkl(a)pengutronix.de> --- net/can/j1939/socket.c | 4 ++-- net/can/j1939/transport.c | 5 +++-- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/net/can/j1939/socket.c b/net/can/j1939/socket.c index 305dd72c844c..17226b2341d0 100644 --- a/net/can/j1939/socket.c +++ b/net/can/j1939/socket.c @@ -1132,7 +1132,7 @@ static int j1939_sk_send_loop(struct j1939_priv *priv, struct sock *sk, todo_size = size; - while (todo_size) { + do { struct j1939_sk_buff_cb *skcb; segment_size = min_t(size_t, J1939_MAX_TP_PACKET_SIZE, @@ -1177,7 +1177,7 @@ static int j1939_sk_send_loop(struct j1939_priv *priv, struct sock *sk, todo_size -= segment_size; session->total_queued_size += segment_size; - } + } while (todo_size); switch (ret) { case 0: /* OK */ diff --git a/net/can/j1939/transport.c b/net/can/j1939/transport.c index 95f7a7e65a73..9b72d118d756 100644 --- a/net/can/j1939/transport.c +++ b/net/can/j1939/transport.c @@ -382,8 +382,9 @@ sk_buff *j1939_session_skb_get_by_offset(struct j1939_session *session, skb_queue_walk(&session->skb_queue, do_skb) { do_skcb = j1939_skb_to_cb(do_skb); - if (offset_start >= do_skcb->offset && - offset_start < (do_skcb->offset + do_skb->len)) { + if ((offset_start >= do_skcb->offset && + offset_start < (do_skcb->offset + do_skb->len)) || + (offset_start == 0 && do_skcb->offset == 0 && do_skb->len == 0)) { skb = do_skb; } } -- 2.47.2

4 months, 1 week

1
0
0 0

[PATCH] can: rockchip: rkcanfd_handle_rx_fifo_overflow_int(): bail out if skb cannot be allocated

by Marc Kleine-Budde

From: Robin van der Gracht <robin(a)protonic.nl> Fix NULL pointer check in rkcanfd_handle_rx_fifo_overflow_int() to bail out if skb cannot be allocated. Fixes: ff60bfbaf67f ("can: rockchip_canfd: add driver for Rockchip CAN-FD controller") Cc: stable(a)vger.kernel.org Signed-off-by: Robin van der Gracht <robin(a)protonic.nl> Signed-off-by: Marc Kleine-Budde <mkl(a)pengutronix.de> --- drivers/net/can/rockchip/rockchip_canfd-core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/can/rockchip/rockchip_canfd-core.c b/drivers/net/can/rockchip/rockchip_canfd-core.c index df18c85fc078..d9a937ba126c 100644 --- a/drivers/net/can/rockchip/rockchip_canfd-core.c +++ b/drivers/net/can/rockchip/rockchip_canfd-core.c @@ -622,7 +622,7 @@ rkcanfd_handle_rx_fifo_overflow_int(struct rkcanfd_priv *priv) netdev_dbg(priv->ndev, "RX-FIFO overflow\n"); skb = rkcanfd_alloc_can_err_skb(priv, &cf, &timestamp); - if (skb) + if (!skb) return 0; rkcanfd_get_berr_counter_corrected(priv, &bec); --- base-commit: 1438f5d07b9a7afb15e1d0e26df04a6fd4e56a3c change-id: 20250208-fix-rockchip-canfd-ce09e1e424ce Best regards, -- Marc Kleine-Budde <mkl(a)pengutronix.de>

4 months, 1 week

1
0
0 0

Linux 6.13.2

by Greg Kroah-Hartman

I'm announcing the release of the 6.13.2 kernel. All users of the 6.13 kernel series must upgrade. The updated 6.13.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.13.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/devicetree/bindings/display/msm/qcom,sa8775p-mdss.yaml | 3 Documentation/devicetree/bindings/leds/leds-class-multicolor.yaml | 2 Documentation/devicetree/bindings/mfd/rohm,bd71815-pmic.yaml | 20 - Documentation/devicetree/bindings/mmc/mmc-controller.yaml | 2 Documentation/devicetree/bindings/regulator/mt6315-regulator.yaml | 6 Documentation/driver-api/crypto/iaa/iaa-crypto.rst | 9 Makefile | 2 arch/arm/boot/dts/aspeed/aspeed-bmc-facebook-yosemite4.dts | 24 - arch/arm/boot/dts/intel/socfpga/socfpga_arria10.dtsi | 6 arch/arm/boot/dts/mediatek/mt7623.dtsi | 2 arch/arm/boot/dts/microchip/at91-sama5d27_wlsom1_ek.dts | 1 arch/arm/boot/dts/microchip/at91-sama5d29_curiosity.dts | 1 arch/arm/boot/dts/nxp/imx/imx7-tqma7.dtsi | 1 arch/arm/boot/dts/st/stm32mp13xx-dhcor-som.dtsi | 16 arch/arm/boot/dts/st/stm32mp151.dtsi | 2 arch/arm/boot/dts/st/stm32mp15xx-dhcom-drc02.dtsi | 12 arch/arm/boot/dts/st/stm32mp15xx-dhcom-pdk2.dtsi | 10 arch/arm/boot/dts/st/stm32mp15xx-dhcom-picoitx.dtsi | 10 arch/arm/boot/dts/st/stm32mp15xx-dhcom-som.dtsi | 7 arch/arm/mach-at91/pm.c | 31 + arch/arm/mach-omap1/board-nokia770.c | 2 arch/arm64/boot/dts/freescale/imx93.dtsi | 2 arch/arm64/boot/dts/marvell/cn9131-cf-solidwan.dts | 4 arch/arm64/boot/dts/mediatek/mt7988a.dtsi | 3 arch/arm64/boot/dts/mediatek/mt8173-elm.dtsi | 29 - arch/arm64/boot/dts/mediatek/mt8173-evb.dts | 25 - arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi-damu.dts | 4 arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi-kenzo.dts | 15 arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi-willow.dtsi | 15 arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi.dtsi | 2 arch/arm64/boot/dts/mediatek/mt8183.dtsi | 3 arch/arm64/boot/dts/mediatek/mt8186.dtsi | 8 arch/arm64/boot/dts/mediatek/mt8188.dtsi | 2 arch/arm64/boot/dts/mediatek/mt8192-asurada.dtsi | 3 arch/arm64/boot/dts/mediatek/mt8195-cherry.dtsi | 2 arch/arm64/boot/dts/mediatek/mt8195-demo.dts | 9 arch/arm64/boot/dts/mediatek/mt8195.dtsi | 5 arch/arm64/boot/dts/mediatek/mt8365.dtsi | 3 arch/arm64/boot/dts/mediatek/mt8395-genio-1200-evk.dts | 2 arch/arm64/boot/dts/mediatek/mt8395-radxa-nio-12l.dts | 2 arch/arm64/boot/dts/mediatek/mt8516.dtsi | 11 arch/arm64/boot/dts/mediatek/pumpkin-common.dtsi | 2 arch/arm64/boot/dts/nvidia/tegra234.dtsi | 2 arch/arm64/boot/dts/qcom/msm8916.dtsi | 2 arch/arm64/boot/dts/qcom/msm8939.dtsi | 2 arch/arm64/boot/dts/qcom/msm8994.dtsi | 11 arch/arm64/boot/dts/qcom/msm8996-xiaomi-gemini.dts | 2 arch/arm64/boot/dts/qcom/msm8996.dtsi | 9 arch/arm64/boot/dts/qcom/qcm6490-shift-otter.dts | 2 arch/arm64/boot/dts/qcom/qcs404.dtsi | 2 arch/arm64/boot/dts/qcom/qcs8550-aim300.dtsi | 2 arch/arm64/boot/dts/qcom/qdu1000-idp.dts | 2 arch/arm64/boot/dts/qcom/qrb4210-rb2.dts | 2 arch/arm64/boot/dts/qcom/qru1000-idp.dts | 2 arch/arm64/boot/dts/qcom/sa8775p-ride.dtsi | 2 arch/arm64/boot/dts/qcom/sa8775p.dtsi | 32 + arch/arm64/boot/dts/qcom/sc7180-trogdor-pompom.dtsi | 4 arch/arm64/boot/dts/qcom/sc7180-trogdor-quackingstick.dtsi | 1 arch/arm64/boot/dts/qcom/sc7180.dtsi | 18 - arch/arm64/boot/dts/qcom/sc7280.dtsi | 2 arch/arm64/boot/dts/qcom/sc8280xp.dtsi | 46 +- arch/arm64/boot/dts/qcom/sdm845-db845c-navigation-mezzanine.dtso | 42 -- arch/arm64/boot/dts/qcom/sdm845.dtsi | 20 - arch/arm64/boot/dts/qcom/sdx75.dtsi | 2 arch/arm64/boot/dts/qcom/sm4450.dtsi | 2 arch/arm64/boot/dts/qcom/sm6125.dtsi | 2 arch/arm64/boot/dts/qcom/sm6375.dtsi | 2 arch/arm64/boot/dts/qcom/sm7225-fairphone-fp4.dts | 2 arch/arm64/boot/dts/qcom/sm8150-microsoft-surface-duo.dts | 4 arch/arm64/boot/dts/qcom/sm8250.dtsi | 30 - arch/arm64/boot/dts/qcom/sm8350.dtsi | 2 arch/arm64/boot/dts/qcom/sm8450.dtsi | 2 arch/arm64/boot/dts/qcom/sm8550-hdk.dts | 2 arch/arm64/boot/dts/qcom/sm8550-mtp.dts | 2 arch/arm64/boot/dts/qcom/sm8550-qrd.dts | 2 arch/arm64/boot/dts/qcom/sm8550-samsung-q5q.dts | 2 arch/arm64/boot/dts/qcom/sm8550-sony-xperia-yodo-pdx234.dts | 2 arch/arm64/boot/dts/qcom/sm8650-hdk.dts | 2 arch/arm64/boot/dts/qcom/sm8650-mtp.dts | 2 arch/arm64/boot/dts/qcom/sm8650-qrd.dts | 2 arch/arm64/boot/dts/qcom/sm8650.dtsi | 6 arch/arm64/boot/dts/qcom/x1e80100-microsoft-romulus.dtsi | 4 arch/arm64/boot/dts/qcom/x1e80100.dtsi | 2 arch/arm64/boot/dts/renesas/rzg3s-smarc-som.dtsi | 5 arch/arm64/boot/dts/renesas/rzg3s-smarc.dtsi | 7 arch/arm64/boot/dts/rockchip/rk3308-rock-s0.dts | 25 + arch/arm64/boot/dts/rockchip/rk3568-wolfvision-pf5.dts | 2 arch/arm64/boot/dts/rockchip/rk3588-edgeble-neu6a-io.dtsi | 81 +++- arch/arm64/boot/dts/ti/Makefile | 6 arch/arm64/boot/dts/ti/k3-am62-main.dtsi | 1 arch/arm64/boot/dts/ti/k3-am62a-main.dtsi | 1 arch/arm64/boot/dts/ti/k3-am642-hummingboard-t-pcie.dts | 47 ++ arch/arm64/boot/dts/ti/k3-am642-hummingboard-t-pcie.dtso | 45 -- arch/arm64/boot/dts/ti/k3-am642-hummingboard-t-usb3.dts | 47 ++ arch/arm64/boot/dts/ti/k3-am642-hummingboard-t-usb3.dtso | 44 -- arch/arm64/configs/defconfig | 1 arch/hexagon/include/asm/cmpxchg.h | 2 arch/hexagon/kernel/traps.c | 4 arch/loongarch/include/asm/hw_breakpoint.h | 4 arch/loongarch/include/asm/loongarch.h | 60 +++ arch/loongarch/kernel/hw_breakpoint.c | 16 arch/loongarch/power/platform.c | 2 arch/powerpc/include/asm/hugetlb.h | 9 arch/powerpc/kernel/iommu.c | 2 arch/powerpc/platforms/pseries/iommu.c | 12 arch/riscv/kernel/vector.c | 2 arch/s390/Kconfig | 1 arch/s390/Makefile | 2 arch/s390/boot/vmem.c | 74 ++-- arch/s390/include/asm/sclp.h | 1 arch/s390/kernel/perf_cpum_cf.c | 2 arch/s390/kernel/perf_pai_crypto.c | 2 arch/s390/kernel/perf_pai_ext.c | 2 arch/s390/kernel/setup.c | 5 arch/s390/purgatory/Makefile | 2 arch/x86/events/amd/ibs.c | 2 arch/x86/include/asm/kvm_host.h | 2 arch/x86/kernel/smpboot.c | 11 arch/x86/kvm/lapic.c | 11 arch/x86/kvm/vmx/vmx.c | 2 arch/x86/kvm/vmx/x86_ops.h | 2 block/bio-integrity.c | 15 block/blk-core.c | 21 - block/blk-integrity.c | 4 block/blk-mq.c | 34 - block/blk-mq.h | 6 block/blk-settings.c | 31 + block/blk-sysfs.c | 137 +++---- block/blk-zoned.c | 7 block/genhd.c | 22 - block/partitions/ldm.h | 2 crypto/algapi.c | 4 drivers/acpi/acpica/achware.h | 2 drivers/acpi/fan_core.c | 10 drivers/base/class.c | 9 drivers/block/nbd.c | 1 drivers/block/ps3disk.c | 4 drivers/block/virtio_blk.c | 4 drivers/bluetooth/btbcm.c | 3 drivers/bluetooth/btnxpuart.c | 3 drivers/bluetooth/btrtl.c | 4 drivers/bluetooth/btusb.c | 7 drivers/char/ipmi/ipmb_dev_int.c | 3 drivers/char/ipmi/ssif_bmc.c | 5 drivers/clk/analogbits/wrpll-cln28hpc.c | 2 drivers/clk/clk.c | 4 drivers/clk/imx/clk-imx8mp.c | 5 drivers/clk/imx/clk-imx93.c | 32 - drivers/clk/mmp/clk-pxa1908-apbc.c | 4 drivers/clk/mmp/clk-pxa1908-apbcp.c | 4 drivers/clk/mmp/clk-pxa1908-mpmu.c | 4 drivers/clk/qcom/camcc-x1e80100.c | 7 drivers/clk/qcom/gcc-sdm845.c | 32 - drivers/clk/qcom/gcc-x1e80100.c | 2 drivers/clk/ralink/clk-mtmips.c | 1 drivers/clk/renesas/renesas-cpg-mssr.c | 2 drivers/clk/sunxi-ng/ccu-sun50i-a64.c | 13 drivers/clk/thead/clk-th1520-ap.c | 13 drivers/cpufreq/acpi-cpufreq.c | 36 +- drivers/cpufreq/amd-pstate.c | 2 drivers/cpufreq/qcom-cpufreq-hw.c | 34 + drivers/crypto/caam/blob_gen.c | 3 drivers/crypto/hisilicon/sec2/sec.h | 3 drivers/crypto/hisilicon/sec2/sec_crypto.c | 161 ++++----- drivers/crypto/hisilicon/sec2/sec_crypto.h | 11 drivers/crypto/intel/iaa/iaa_crypto_main.c | 2 drivers/crypto/intel/ixp4xx/ixp4xx_crypto.c | 3 drivers/crypto/tegra/tegra-se-aes.c | 7 drivers/crypto/tegra/tegra-se-hash.c | 7 drivers/dma/ti/edma.c | 3 drivers/firewire/device-attribute-test.c | 2 drivers/firmware/efi/sysfb_efi.c | 2 drivers/firmware/qcom/qcom_scm.c | 42 +- drivers/gpio/gpio-mxc.c | 3 drivers/gpio/gpio-pca953x.c | 3 drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gfx_v9.c | 6 drivers/gpu/drm/amd/amdgpu/amdgpu_gfx.c | 8 drivers/gpu/drm/amd/amdgpu/amdgpu_sdma.c | 4 drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 1 drivers/gpu/drm/amd/amdgpu/vcn_v4_0_3.c | 2 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 12 drivers/gpu/drm/amd/display/dc/dpp/dcn10/dcn10_dpp.c | 3 drivers/gpu/drm/amd/display/dc/hubp/dcn10/dcn10_hubp.c | 10 drivers/gpu/drm/amd/display/dc/hubp/dcn10/dcn10_hubp.h | 2 drivers/gpu/drm/amd/display/dc/hubp/dcn20/dcn20_hubp.c | 1 drivers/gpu/drm/amd/display/dc/hubp/dcn201/dcn201_hubp.c | 1 drivers/gpu/drm/amd/display/dc/hubp/dcn21/dcn21_hubp.c | 3 drivers/gpu/drm/amd/display/dc/hubp/dcn30/dcn30_hubp.c | 3 drivers/gpu/drm/amd/display/dc/hubp/dcn31/dcn31_hubp.c | 1 drivers/gpu/drm/amd/display/dc/hubp/dcn32/dcn32_hubp.c | 1 drivers/gpu/drm/amd/display/dc/hubp/dcn35/dcn35_hubp.c | 1 drivers/gpu/drm/amd/display/dc/hubp/dcn401/dcn401_hubp.c | 3 drivers/gpu/drm/amd/display/dc/hwss/dcn10/dcn10_hwseq.c | 2 drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c | 2 drivers/gpu/drm/amd/display/dc/inc/hw/hubp.h | 2 drivers/gpu/drm/amd/pm/powerplay/hwmgr/ppatomctrl.c | 2 drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega10_powertune.c | 5 drivers/gpu/drm/bridge/ite-it6505.c | 2 drivers/gpu/drm/display/drm_hdmi_state_helper.c | 8 drivers/gpu/drm/etnaviv/etnaviv_gem.c | 16 drivers/gpu/drm/i915/display/intel_crt.c | 10 drivers/gpu/drm/msm/adreno/a6xx_gmu.c | 8 drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_10_0_sm8650.h | 2 drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_4_1_sdm670.h | 54 ++- drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_5_0_sm8150.h | 2 drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_5_1_sc8180x.h | 2 drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_6_0_sm8250.h | 2 drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_7_0_sm8350.h | 2 drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_9_0_sm8550.h | 2 drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_9_2_x1e80100.h | 2 drivers/gpu/drm/msm/disp/dpu1/dpu_plane.c | 15 drivers/gpu/drm/msm/disp/mdp4/mdp4_lcdc_encoder.c | 2 drivers/gpu/drm/msm/dp/dp_audio.c | 2 drivers/gpu/drm/msm/dp/dp_catalog.c | 1 drivers/gpu/drm/msm/dp/dp_ctrl.c | 2 drivers/gpu/drm/msm/dp/dp_utils.c | 10 drivers/gpu/drm/msm/dp/dp_utils.h | 2 drivers/gpu/drm/msm/hdmi/hdmi_phy_8998.c | 2 drivers/gpu/drm/msm/msm_kms.c | 1 drivers/gpu/drm/panthor/panthor_device.c | 4 drivers/gpu/drm/rockchip/rockchip_drm_vop2.c | 115 +++++- drivers/gpu/drm/rockchip/rockchip_drm_vop2.h | 10 drivers/gpu/drm/rockchip/rockchip_vop2_reg.c | 26 + drivers/gpu/drm/v3d/v3d_debugfs.c | 4 drivers/gpu/drm/v3d/v3d_perfmon.c | 15 drivers/gpu/drm/v3d/v3d_regs.h | 29 - drivers/hid/hid-core.c | 2 drivers/hid/hid-input.c | 37 -- drivers/hid/hid-multitouch.c | 2 drivers/hid/hid-thrustmaster.c | 8 drivers/hwmon/Kconfig | 4 drivers/hwmon/nct6775-core.c | 6 drivers/i2c/busses/i2c-designware-common.c | 5 drivers/i2c/busses/i2c-designware-master.c | 5 drivers/i2c/busses/i2c-designware-slave.c | 5 drivers/i3c/master/dw-i3c-master.c | 1 drivers/infiniband/hw/Makefile | 2 drivers/infiniband/hw/bnxt_re/ib_verbs.c | 7 drivers/infiniband/hw/cxgb4/device.c | 6 drivers/infiniband/hw/cxgb4/qp.c | 8 drivers/infiniband/hw/hns/Kconfig | 20 - drivers/infiniband/hw/hns/Makefile | 9 drivers/infiniband/hw/mlx4/main.c | 8 drivers/infiniband/hw/mlx5/odp.c | 62 ++- drivers/infiniband/sw/rxe/rxe_param.h | 2 drivers/infiniband/sw/rxe/rxe_pool.c | 11 drivers/infiniband/sw/rxe/rxe_verbs.c | 5 drivers/infiniband/ulp/rtrs/rtrs.c | 3 drivers/infiniband/ulp/srp/ib_srp.c | 1 drivers/iommu/amd/amd_iommu.h | 5 drivers/iommu/amd/init.c | 14 drivers/iommu/amd/iommu.c | 132 ++----- drivers/iommu/amd/pasid.c | 3 drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 17 drivers/iommu/intel/pasid.c | 22 + drivers/iommu/intel/pasid.h | 6 drivers/iommu/iommufd/iova_bitmap.c | 2 drivers/iommu/iommufd/main.c | 2 drivers/iommu/riscv/iommu.c | 2 drivers/leds/leds-cht-wcove.c | 6 drivers/leds/leds-netxbig.c | 1 drivers/mailbox/mailbox-mpfs.c | 2 drivers/mailbox/mailbox-th1520.c | 6 drivers/md/md-bitmap.c | 79 ++-- drivers/md/md-bitmap.h | 7 drivers/md/md.c | 34 + drivers/md/md.h | 5 drivers/md/raid1.c | 34 - drivers/md/raid1.h | 1 drivers/md/raid10.c | 26 - drivers/md/raid10.h | 1 drivers/md/raid5-cache.c | 4 drivers/md/raid5.c | 111 +++--- drivers/md/raid5.h | 4 drivers/media/i2c/imx290.c | 3 drivers/media/i2c/imx412.c | 42 +- drivers/media/i2c/ov9282.c | 2 drivers/media/platform/marvell/mcam-core.c | 7 drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c | 7 drivers/media/platform/nxp/imx8-isi/imx8-isi-video.c | 3 drivers/media/platform/samsung/exynos4-is/mipi-csis.c | 10 drivers/media/platform/samsung/s3c-camif/camif-core.c | 13 drivers/media/rc/iguanair.c | 4 drivers/media/usb/dvb-usb-v2/af9035.c | 18 - drivers/media/usb/dvb-usb-v2/lmedm04.c | 12 drivers/media/usb/uvc/uvc_queue.c | 3 drivers/media/usb/uvc/uvc_status.c | 4 drivers/memory/tegra/tegra20-emc.c | 8 drivers/mfd/syscon.c | 19 - drivers/misc/cardreader/rtsx_usb.c | 15 drivers/mtd/hyperbus/hbmc-am654.c | 19 - drivers/mtd/nand/raw/brcmnand/brcmnand.c | 5 drivers/mtd/ubi/ubi.h | 2 drivers/mtd/ubi/wl.c | 21 - drivers/net/bonding/bond_main.c | 19 - drivers/net/ethernet/broadcom/bgmac.h | 3 drivers/net/ethernet/davicom/dm9000.c | 3 drivers/net/ethernet/freescale/fec_main.c | 31 + drivers/net/ethernet/hisilicon/hns3/hnae3.c | 15 drivers/net/ethernet/hisilicon/hns3/hnae3.h | 2 drivers/net/ethernet/hisilicon/hns3/hns3_enet.c | 2 drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 2 drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 2 drivers/net/ethernet/intel/iavf/iavf_main.c | 19 - drivers/net/ethernet/intel/ice/ice_adminq_cmd.h | 1 drivers/net/ethernet/intel/ice/ice_ethtool.c | 1 drivers/net/ethernet/intel/ice/ice_ethtool.h | 1 drivers/net/ethernet/intel/ice/ice_parser.h | 6 drivers/net/ethernet/intel/ice/ice_parser_rt.c | 12 drivers/net/ethernet/intel/idpf/idpf_controlq.c | 6 drivers/net/ethernet/intel/idpf/idpf_main.c | 15 drivers/net/ethernet/intel/idpf/idpf_virtchnl.c | 14 drivers/net/ethernet/marvell/octeon_ep/octep_main.c | 10 drivers/net/ethernet/marvell/octeon_ep_vf/octep_vf_main.c | 8 drivers/net/ethernet/mediatek/airoha_eth.c | 37 +- drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 2 drivers/net/ethernet/mellanox/mlx5/core/steering/hws/definer.c | 2 drivers/net/ethernet/mellanox/mlxfw/mlxfw_fsm.c | 2 drivers/net/ethernet/mellanox/mlxsw/spectrum_mr.c | 8 drivers/net/ethernet/renesas/ravb_main.c | 22 - drivers/net/ethernet/renesas/sh_eth.c | 4 drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 30 + drivers/net/ethernet/ti/am65-cpsw-nuss.c | 2 drivers/net/netdevsim/netdevsim.h | 1 drivers/net/netdevsim/udp_tunnels.c | 23 - drivers/net/phy/marvell-88q2xxx.c | 33 + drivers/net/phy/realtek.c | 29 - drivers/net/tap.c | 6 drivers/net/team/team_core.c | 7 drivers/net/tun.c | 6 drivers/net/usb/rtl8150.c | 22 + drivers/net/vxlan/vxlan_vnifilter.c | 5 drivers/net/wireless/ath/ath11k/dp_rx.c | 1 drivers/net/wireless/ath/ath11k/hal_rx.c | 3 drivers/net/wireless/ath/ath12k/mac.c | 42 +- drivers/net/wireless/ath/wcn36xx/main.c | 5 drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwil.h | 2 drivers/net/wireless/intel/iwlwifi/fw/uefi.c | 44 +- drivers/net/wireless/intel/iwlwifi/mvm/coex.c | 9 drivers/net/wireless/intel/iwlwifi/mvm/d3.c | 18 - drivers/net/wireless/intel/iwlwifi/mvm/tx.c | 4 drivers/net/wireless/mediatek/mt76/mac80211.c | 2 drivers/net/wireless/mediatek/mt76/mt7615/mcu.c | 2 drivers/net/wireless/mediatek/mt76/mt76_connac_mcu.c | 2 drivers/net/wireless/mediatek/mt76/mt76_connac_mcu.h | 1 drivers/net/wireless/mediatek/mt76/mt7915/init.c | 2 drivers/net/wireless/mediatek/mt76/mt7915/mac.c | 7 drivers/net/wireless/mediatek/mt76/mt7915/main.c | 9 drivers/net/wireless/mediatek/mt76/mt7915/mmio.c | 2 drivers/net/wireless/mediatek/mt76/mt7915/mt7915.h | 1 drivers/net/wireless/mediatek/mt76/mt7915/pci.c | 1 drivers/net/wireless/mediatek/mt76/mt7921/mac.c | 1 drivers/net/wireless/mediatek/mt76/mt7921/main.c | 9 drivers/net/wireless/mediatek/mt76/mt7925/mac.c | 6 drivers/net/wireless/mediatek/mt76/mt7925/main.c | 109 ++++-- drivers/net/wireless/mediatek/mt76/mt7925/mcu.c | 142 +++++--- drivers/net/wireless/mediatek/mt76/mt7925/mcu.h | 5 drivers/net/wireless/mediatek/mt76/mt7925/mt7925.h | 2 drivers/net/wireless/mediatek/mt76/mt792x.h | 7 drivers/net/wireless/mediatek/mt76/mt792x_core.c | 3 drivers/net/wireless/mediatek/mt76/mt792x_mac.c | 2 drivers/net/wireless/mediatek/mt76/mt7996/init.c | 20 - drivers/net/wireless/mediatek/mt76/mt7996/mac.c | 5 drivers/net/wireless/mediatek/mt76/mt7996/main.c | 3 drivers/net/wireless/mediatek/mt76/mt7996/mcu.c | 47 +- drivers/net/wireless/mediatek/mt76/mt7996/mmio.c | 2 drivers/net/wireless/mediatek/mt76/usb.c | 4 drivers/net/wireless/microchip/wilc1000/netdev.c | 2 drivers/net/wireless/microchip/wilc1000/sdio.c | 9 drivers/net/wireless/microchip/wilc1000/spi.c | 9 drivers/net/wireless/realtek/rtlwifi/base.c | 13 drivers/net/wireless/realtek/rtlwifi/base.h | 1 drivers/net/wireless/realtek/rtlwifi/pci.c | 61 --- drivers/net/wireless/realtek/rtlwifi/rtl8192se/sw.c | 7 drivers/net/wireless/realtek/rtlwifi/rtl8821ae/phy.c | 4 drivers/net/wireless/realtek/rtlwifi/usb.c | 12 drivers/net/wireless/realtek/rtlwifi/wifi.h | 12 drivers/net/wireless/realtek/rtw89/chan.c | 31 + drivers/net/wireless/realtek/rtw89/chan.h | 9 drivers/net/wireless/realtek/rtw89/core.c | 11 drivers/net/wireless/realtek/rtw89/core.h | 3 drivers/net/wireless/realtek/rtw89/fw.c | 40 +- drivers/net/wireless/realtek/rtw89/mac80211.c | 12 drivers/net/wireless/ti/wlcore/main.c | 10 drivers/nvme/host/core.c | 34 + drivers/nvme/host/tcp.c | 70 +++ drivers/of/fdt.c | 10 drivers/of/of_reserved_mem.c | 3 drivers/of/property.c | 2 drivers/opp/core.c | 57 ++- drivers/opp/of.c | 4 drivers/pci/controller/dwc/pci-imx6.c | 30 - drivers/pci/controller/dwc/pcie-designware-host.c | 1 drivers/pci/controller/dwc/pcie-qcom.c | 2 drivers/pci/controller/pcie-rcar-ep.c | 2 drivers/pci/controller/pcie-rockchip-ep.c | 5 drivers/pci/controller/plda/pcie-microchip-host.c | 96 +++++ drivers/pci/controller/plda/pcie-plda-host.c | 17 drivers/pci/controller/plda/pcie-plda.h | 6 drivers/pci/endpoint/functions/pci-epf-test.c | 6 drivers/pci/endpoint/pci-epc-core.c | 2 drivers/pinctrl/nomadik/pinctrl-nomadik.c | 35 + drivers/pinctrl/pinctrl-amd.c | 27 + drivers/pinctrl/pinctrl-amd.h | 7 drivers/pinctrl/samsung/pinctrl-exynos.c | 3 drivers/pinctrl/stm32/pinctrl-stm32.c | 76 ++-- drivers/platform/mellanox/mlxbf-pmc.c | 6 drivers/platform/x86/x86-android-tablets/core.c | 4 drivers/platform/x86/x86-android-tablets/lenovo.c | 4 drivers/platform/x86/x86-android-tablets/other.c | 4 drivers/pps/clients/pps-gpio.c | 4 drivers/pps/clients/pps-ktimer.c | 4 drivers/pps/clients/pps-ldisc.c | 6 drivers/pps/clients/pps_parport.c | 4 drivers/pps/kapi.c | 10 drivers/pps/kc.c | 10 drivers/pps/pps.c | 127 +++---- drivers/ptp/ptp_chardev.c | 4 drivers/ptp/ptp_ocp.c | 2 drivers/pwm/core.c | 13 drivers/pwm/pwm-stm32-lp.c | 8 drivers/pwm/pwm-stm32.c | 7 drivers/regulator/core.c | 2 drivers/regulator/of_regulator.c | 14 drivers/remoteproc/mtk_scp.c | 12 drivers/remoteproc/remoteproc_core.c | 14 drivers/rtc/rtc-loongson.c | 13 drivers/rtc/rtc-pcf85063.c | 11 drivers/rtc/rtc-tps6594.c | 2 drivers/s390/char/sclp.c | 12 drivers/scsi/mpi3mr/mpi3mr_app.c | 8 drivers/scsi/mpt3sas/mpt3sas_base.c | 3 drivers/scsi/sd.c | 17 drivers/scsi/sr.c | 5 drivers/soc/atmel/soc.c | 2 drivers/spi/spi-omap2-mcspi.c | 11 drivers/spi/spi-zynq-qspi.c | 13 drivers/staging/media/imx/imx-media-of.c | 8 drivers/staging/media/max96712/max96712.c | 4 drivers/tty/mips_ejtag_fdc.c | 4 drivers/tty/serial/8250/8250_port.c | 32 + drivers/ufs/core/ufs_bsg.c | 1 drivers/usb/dwc3/core.c | 35 + drivers/usb/dwc3/dwc3-am62.c | 1 drivers/usb/gadget/function/f_tcm.c | 14 drivers/usb/host/xhci-ring.c | 3 drivers/usb/typec/tcpm/tcpci.c | 13 drivers/usb/typec/tcpm/tcpm.c | 10 drivers/video/fbdev/omap2/omapfb/dss/dss-of.c | 1 drivers/watchdog/rti_wdt.c | 1 fs/afs/dir.c | 7 fs/afs/internal.h | 9 fs/afs/rxrpc.c | 12 fs/afs/xdr_fs.h | 2 fs/afs/yfsclient.c | 5 fs/btrfs/inode.c | 158 ++++++-- fs/btrfs/qgroup.c | 21 - fs/btrfs/subpage.c | 6 fs/btrfs/subpage.h | 13 fs/btrfs/super.c | 2 fs/dlm/lock.c | 46 +- fs/dlm/lowcomms.c | 3 fs/erofs/zdata.c | 3 fs/f2fs/dir.c | 53 ++ fs/f2fs/f2fs.h | 6 fs/f2fs/inline.c | 5 fs/file_table.c | 2 fs/hostfs/hostfs_kern.c | 27 - fs/nfs/localio.c | 4 fs/nfs/nfs42proc.c | 2 fs/nfs/nfs42xdr.c | 2 fs/nfs_common/common.c | 89 ++++- fs/nilfs2/dir.c | 13 fs/nilfs2/namei.c | 29 - fs/nilfs2/nilfs.h | 4 fs/nilfs2/page.c | 31 + fs/nilfs2/segment.c | 4 fs/ocfs2/quota_global.c | 5 fs/pstore/blk.c | 4 fs/select.c | 4 fs/smb/client/cifsacl.c | 25 - fs/smb/client/cifsproto.h | 2 fs/smb/client/cifssmb.c | 4 fs/smb/client/readdir.c | 2 fs/smb/client/reparse.c | 22 + fs/smb/client/smb2ops.c | 3 fs/ubifs/debug.c | 22 - fs/xfs/xfs_buf.c | 3 fs/xfs/xfs_buf_item_recover.c | 11 fs/xfs/xfs_dquot.c | 12 fs/xfs/xfs_notify_failure.c | 121 ++++-- fs/xfs/xfs_qm_bhv.c | 27 - include/acpi/acpixf.h | 1 include/dt-bindings/clock/imx93-clock.h | 1 include/linux/alloc_tag.h | 11 include/linux/blkdev.h | 23 - include/linux/btf.h | 5 include/linux/coredump.h | 4 include/linux/hid.h | 1 include/linux/ieee80211.h | 11 include/linux/kallsyms.h | 2 include/linux/mroute_base.h | 6 include/linux/netdevice.h | 2 include/linux/nfs_common.h | 3 include/linux/perf_event.h | 6 include/linux/pps_kernel.h | 3 include/linux/ptr_ring.h | 21 - include/linux/pwm.h | 17 include/linux/sched.h | 1 include/linux/skb_array.h | 17 include/linux/usb/tcpm.h | 3 include/net/ax25.h | 10 include/net/inetpeer.h | 12 include/net/netfilter/nf_tables.h | 6 include/net/page_pool/types.h | 1 include/net/pkt_cls.h | 13 include/net/sch_generic.h | 5 include/net/xfrm.h | 16 include/sound/hdaudio_ext.h | 45 -- include/trace/events/afs.h | 2 include/trace/events/rxrpc.h | 25 + io_uring/io_uring.c | 1 io_uring/msg_ring.c | 4 io_uring/register.c | 2 io_uring/uring_cmd.c | 2 kernel/bpf/arena.c | 8 kernel/bpf/bpf_local_storage.c | 8 kernel/bpf/bpf_struct_ops.c | 21 + kernel/bpf/btf.c | 5 kernel/bpf/helpers.c | 18 - kernel/events/core.c | 35 + kernel/events/uprobes.c | 4 kernel/fork.c | 17 kernel/irq/internals.h | 9 kernel/module/main.c | 7 kernel/padata.c | 45 ++ kernel/power/hibernate.c | 7 kernel/printk/internal.h | 6 kernel/printk/printk.c | 5 kernel/printk/printk_safe.c | 7 kernel/sched/core.c | 6 kernel/sched/cpufreq_schedutil.c | 4 kernel/sched/ext.c | 114 ++++-- kernel/sched/fair.c | 21 - kernel/sched/features.h | 9 kernel/sched/stats.h | 4 kernel/sched/syscalls.c | 2 kernel/trace/bpf_trace.c | 13 lib/alloc_tag.c | 2 lib/rhashtable.c | 12 mm/memcontrol.c | 7 mm/oom_kill.c | 8 net/ax25/af_ax25.c | 12 net/ax25/ax25_dev.c | 4 net/ax25/ax25_ip.c | 3 net/ax25/ax25_out.c | 22 - net/ax25/ax25_route.c | 2 net/core/dev.c | 23 - net/core/filter.c | 2 net/core/page_pool.c | 2 net/core/page_pool_priv.h | 2 net/core/page_pool_user.c | 15 net/core/sysctl_net_core.c | 5 net/ethtool/ioctl.c | 2 net/ethtool/netlink.c | 2 net/hsr/hsr_forward.c | 7 net/ipv4/icmp.c | 9 net/ipv4/inetpeer.c | 31 - net/ipv4/ip_fragment.c | 15 net/ipv4/ipmr.c | 28 - net/ipv4/ipmr_base.c | 9 net/ipv4/route.c | 17 net/ipv4/tcp_cubic.c | 8 net/ipv4/tcp_output.c | 9 net/ipv4/udp.c | 56 +++ net/ipv6/icmp.c | 6 net/ipv6/ip6_output.c | 6 net/ipv6/ip6mr.c | 28 - net/ipv6/ndisc.c | 8 net/ipv6/udp.c | 50 ++ net/mac80211/debugfs_netdev.c | 2 net/mac80211/driver-ops.h | 3 net/mac80211/rx.c | 1 net/mptcp/ctrl.c | 4 net/mptcp/options.c | 13 net/mptcp/pm_netlink.c | 3 net/mptcp/protocol.c | 4 net/mptcp/protocol.h | 30 - net/ncsi/ncsi-rsp.c | 18 - net/netfilter/nf_tables_api.c | 57 ++- net/netfilter/nft_flow_offload.c | 16 net/netfilter/nft_set_rbtree.c | 43 ++ net/rose/af_rose.c | 16 net/rose/rose_timer.c | 15 net/rxrpc/conn_event.c | 12 net/rxrpc/peer_event.c | 16 net/rxrpc/peer_object.c | 12 net/sched/cls_api.c | 57 +-- net/sched/cls_bpf.c | 2 net/sched/cls_flower.c | 2 net/sched/cls_matchall.c | 2 net/sched/cls_u32.c | 4 net/sched/sch_api.c | 4 net/sched/sch_generic.c | 4 net/sched/sch_sfq.c | 4 net/smc/af_smc.c | 2 net/smc/smc_rx.c | 37 +- net/smc/smc_rx.h | 8 net/sunrpc/svcsock.c | 12 net/vmw_vsock/af_vsock.c | 5 net/wireless/scan.c | 7 net/wireless/tests/scan.c | 2 net/xfrm/xfrm_replay.c | 10 net/xfrm/xfrm_state.c | 93 ++++- samples/landlock/sandboxer.c | 7 scripts/Makefile.build | 2 scripts/Makefile.lib | 10 scripts/Makefile.modinst | 2 scripts/genksyms/genksyms.c | 11 scripts/genksyms/genksyms.h | 2 scripts/genksyms/parse.y | 18 - scripts/kconfig/confdata.c | 6 scripts/kconfig/symbol.c | 1 security/landlock/fs.c | 11 sound/core/seq/Kconfig | 4 sound/pci/hda/patch_realtek.c | 1 sound/soc/amd/acp/acp-i2s.c | 1 sound/soc/codecs/Makefile | 8 sound/soc/codecs/da7213.c | 2 sound/soc/intel/avs/apl.c | 3 sound/soc/intel/avs/cnl.c | 1 sound/soc/intel/avs/core.c | 14 sound/soc/intel/avs/loader.c | 2 sound/soc/intel/avs/registers.h | 45 ++ sound/soc/intel/avs/skl.c | 1 sound/soc/intel/avs/topology.c | 4 sound/soc/intel/boards/sof_sdw.c | 47 +- sound/soc/mediatek/mt8365/Makefile | 2 sound/soc/renesas/rz-ssi.c | 3 sound/soc/rockchip/rockchip_i2s_tdm.c | 31 + sound/soc/sdca/Makefile | 2 sound/soc/sunxi/sun4i-spdif.c | 7 sound/usb/quirks.c | 2 tools/bootconfig/main.c | 4 tools/build/Makefile.feature | 7 tools/build/feature/test-all.c | 5 tools/include/uapi/linux/if_xdp.h | 4 tools/lib/bpf/btf.c | 1 tools/lib/bpf/btf_relocate.c | 2 tools/lib/bpf/linker.c | 22 - tools/lib/bpf/usdt.c | 2 tools/net/ynl/lib/ynl.c | 2 tools/perf/MANIFEST | 1 tools/perf/Makefile.config | 83 ++-- tools/perf/builtin-inject.c | 8 tools/perf/builtin-lock.c | 66 ++- tools/perf/builtin-report.c | 2 tools/perf/builtin-top.c | 2 tools/perf/builtin-trace.c | 6 tools/perf/tests/shell/lib/perf_json_output_lint.py | 14 tools/perf/tests/shell/stat.sh | 6 tools/perf/tests/shell/trace_btf_enum.sh | 8 tools/perf/util/annotate.c | 76 ++++ tools/perf/util/annotate.h | 15 tools/perf/util/bpf-event.c | 10 tools/perf/util/bpf_skel/augmented_raw_syscalls.bpf.c | 11 tools/perf/util/disasm.c | 83 ---- tools/perf/util/env.c | 13 tools/perf/util/env.h | 4 tools/perf/util/expr.c | 5 tools/perf/util/header.c | 8 tools/perf/util/machine.c | 2 tools/perf/util/maps.c | 7 tools/perf/util/namespaces.c | 7 tools/perf/util/namespaces.h | 3 tools/perf/util/stat-display.c | 177 +++++----- tools/perf/util/symbol.c | 9 tools/power/cpupower/utils/idle_monitor/mperf_monitor.c | 15 tools/power/x86/turbostat/turbostat.c | 58 +++ tools/testing/ktest/ktest.pl | 7 tools/testing/selftests/bpf/Makefile | 4 tools/testing/selftests/bpf/prog_tests/btf_distill.c | 4 tools/testing/selftests/bpf/prog_tests/fill_link_info.c | 4 tools/testing/selftests/bpf/progs/test_fill_link_info.c | 13 tools/testing/selftests/bpf/test_tc_tunnel.sh | 1 tools/testing/selftests/bpf/veristat.c | 1 tools/testing/selftests/bpf/xdp_hw_metadata.c | 2 tools/testing/selftests/drivers/net/netdevsim/udp_tunnel_nic.sh | 16 tools/testing/selftests/ftrace/test.d/00basic/mount_options.tc | 8 tools/testing/selftests/kselftest/ktap_helpers.sh | 2 tools/testing/selftests/kselftest_harness.h | 24 - tools/testing/selftests/landlock/Makefile | 4 tools/testing/selftests/landlock/fs_test.c | 3 tools/testing/selftests/mm/Makefile | 9 tools/testing/selftests/net/lib/Makefile | 2 tools/testing/selftests/net/mptcp/Makefile | 2 tools/testing/selftests/net/openvswitch/Makefile | 2 tools/testing/selftests/powerpc/benchmarks/gettimeofday.c | 2 tools/testing/selftests/rseq/rseq.c | 32 + tools/testing/selftests/rseq/rseq.h | 9 tools/testing/selftests/timers/clocksource-switch.c | 6 701 files changed, 5743 insertions(+), 3312 deletions(-) Aaro Koskinen (1): ARM: omap1: Fix up the Retu IRQ on Nokia 770 Abel Vesa (1): clk: qcom: gcc-x1e80100: Do not turn off usb_2 controller GDSC Abhinav Kumar (4): drm/msm/dp: do not touch the MMSS_DP_INTF_CONFIG for tpg drm/msm/dp: dont call dp_catalog_ctrl_mainlink_ctrl in dp_ctrl_configure_source_params() drm/msm/dp: disable the opp table request even for dp_ctrl_off_link() drm/msm/dpu: check dpu_plane_atomic_print_state() for valid sspp Aditya Kumar Singh (2): wifi: ath12k: fix read pointer after free in ath12k_mac_assign_vif_to_vdev() wifi: ath12k: fix key cache handling Ahmad Fatoum (1): gpio: mxc: remove dead code after switch to DT-only Akhil R (1): arm64: tegra: Fix DMA ID for SPI2 Al Viro (1): hostfs: fix string handling in __dentry_name() Alan Stern (1): HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections Alejandro Jimenez (1): iommu/amd: Remove unused amd_iommu_domain_update() Alexander Aring (2): dlm: fix removal of rsb struct that is master and dir record dlm: fix srcu_read_lock() return type to int Alexander Stein (2): ARM: dts: imx7-tqma7: add missing vs-supply for LM75A (rev. 01xxx) regulator: core: Add missing newline character Alexandre Cassen (1): xfrm: delete intermediate secpath entry in packet offload mode Alexis Lothoré (2): wifi: wilc1000: unregister wiphy only if it has been registered wifi: wilc1000: unregister wiphy only after netdev registration Amadeusz Sławiński (1): ASoC: Intel: avs: Fix init-config parsing Amit Pundir (1): clk: qcom: gcc-sdm845: Do not use shared clk_ops for QUPs Andrea Righi (1): sched_ext: Use the NUMA scheduling domain for NUMA optimizations Andreas Kemnade (1): wifi: wlcore: fix unbalanced pm_runtime calls Andrii Nakryiko (1): libbpf: don't adjust USDT semaphore address if .stapsdt.base addr is missing Andy Strohman (1): wifi: mac80211: fix tid removal during mesh forwarding Andy Yan (7): drm/rockchip: vop2: Fix cluster windows alpha ctrl regsiters offset drm/rockchip: vop2: Fix the mixer alpha setup for layer 0 drm/rockchip: vop2: Fix the windows switch between different layers drm/rockchip: vop2: Set AXI id for rk3588 drm/rockchip: vop2: Setup delay cycle for Esmart2/3 drm/rockchip: vop2: Check linear format for Cluster windows on rk3566/8 drm/rockchip: vop2: Add check for 32 bpp format for rk3588 Antoine Tenart (1): net: avoid race between device unregistration and ethnl ops Anumula Murali Mohan Reddy (1): RDMA/cxgb4: Notify rdma stack for IB_EVENT_QP_LAST_WQE_REACHED event Aric Cyr (1): drm/amd/display: Add hubp cache reset when powergating Arnaldo Carvalho de Melo (6): tools features: Don't check for libunwind devel files by default tools build: Remove the libunwind feature tests from the ones detected when test-all.o builds perf top: Don't complain about lack of vmlinux when not resolving some kernel samples perf namespaces: Introduce nsinfo__set_in_pidns() perf namespaces: Fixup the nsinfo__in_pidns() return type, its bool perf MANIFEST: Add arch/*/include/uapi/asm/bpf_perf_event.h to the perf tarball Arnaud Pouliquen (2): ARM: dts: stm32: Fix IPCC EXTI declaration on stm32mp151 remoteproc: core: Fix ida_free call while not allocated Ba Jing (1): ktest.pl: Remove unused declarations in run_bisect_test function Balaji Pothunoori (1): wifi: ath11k: Fix unexpected return buffer manager error for WCN6750/WCN6855 Bard Liao (1): ASoC: Intel: sof_sdw: correct mach_params->dmic_num Barnabás Czémán (1): wifi: wcn36xx: fix channel survey memory allocation size Benjamin Lin (2): wifi: mt76: mt7996: fix incorrect indexing of MIB FW event wifi: mt76: mt7996: fix definition of tx descriptor Bo Gan (1): clk: analogbits: Fix incorrect calculation of vco rate delta Bokun Zhang (1): drm/amdgpu/vcn: reset fw_shared under SRIOV Boris Brezillon (1): drm/panthor: Preserve the result returned by panthor_fw_resume() Breno Leitao (1): rhashtable: Fix potential deadlock by moving schedule_work outside lock Bryan Brattlof (2): arm64: dts: ti: k3-am62: Remove duplicate GICR reg arm64: dts: ti: k3-am62a: Remove duplicate GICR reg Bryan O'Donoghue (1): clk: qcom: camcc-x1e80100: Set titan_top_gdsc as the parent GDSC of subordinate GDSCs Calvin Owens (1): pps: Fix a use-after-free Cezary Rojewski (4): ASoC: Intel: avs: Do not readq() u32 registers ASoC: Intel: avs: Fix the minimum firmware version numbers ASoC: Intel: avs: Fix theoretical infinite loop ALSA: hda: Fix compilation of snd_hdac_adsp_xxx() helpers Charles Han (4): ipmi: ipmb: Add check devm_kasprintf() returned value wifi: mt76: mt7925: fix NULL deref check in mt7925_change_vif_links Bluetooth: btbcm: Fix NULL deref in btbcm_get_board_name() firewire: test: Fix potential null dereference in firewire kunit test Chen Ni (1): media: lmedm04: Handle errors for lme2510_int_read Chen Ridong (5): crypto: tegra - do not transfer req when tegra init fails padata: fix UAF in padata_reorder padata: add pd get/put refcnt helper padata: avoid UAF for reorder_work memcg: fix soft lockup in the OOM process Chen-Yu Tsai (12): regulator: dt-bindings: mt6315: Drop regulator-compatible property arm64: dts: mediatek: mt8173-evb: Drop regulator-compatible property arm64: dts: mediatek: mt8173-elm: Drop regulator-compatible property arm64: dts: mediatek: mt8192-asurada: Drop regulator-compatible property arm64: dts: mediatek: mt8195-cherry: Drop regulator-compatible property arm64: dts: mediatek: mt8195-demo: Drop regulator-compatible property arm64: dts: medaitek: mt8395-nio-12l: Drop regulator-compatible property arm64: dts: mediatek: mt8395-genio-1200-evk: Drop regulator-compatible property arm64: dts: mediatek: mt8173-elm: Fix MT6397 PMIC sub-node names arm64: dts: mediatek: mt8173-evb: Fix MT6397 PMIC sub-node names arm64: dts: mediatek: mt8183-kukui-jacuzzi: Drop pp3300_panel voltage settings remoteproc: mtk_scp: Only populate devices for SCP cores Chengming Zhou (1): psi: Fix race when task wakes up before psi_sched_switch() adjusts flags Chenyuan Yang (1): net: davicom: fix UAF in dm9000_drv_remove Chih-Kang Chang (1): wifi: rtw89: avoid to init mgnt_entry list twice when WoWLAN failed Christian Marangi (1): net: airoha: Fix wrong GDM4 register definition Christoph Hellwig (7): block: copy back bounce buffer to user-space correctly in case of split block: check BLK_FEAT_POLL under q_usage_count block: don't update BLK_FEAT_POLL in __blk_mq_update_nr_hw_queues block: add a queue_limits_commit_update_frozen helper block: add a store_limit operations for sysfs entries block: fix queue freeze vs limits lock order in sysfs store methods xfs: check for dead buffers in xfs_buf_find_insert Christophe JAILLET (3): drm/amd/pm: Fix an error handling path in vega10_enable_se_edc_force_stall_config() wifi: mt76: mt7915: Fix an error handling path in mt7915_add_interface() pinctrl: samsung: Fix irq handling if an error occurs in exynos_irq_demux_eint16_31() Christophe Leroy (4): select: Fix unbalanced user_access_end() perf maps: Fix display of kernel symbols perf machine: Don't ignore _etext when not a text symbol module: Don't fail module loading when setting ro_after_init section RO failed Chuck Lever (1): Revert "SUNRPC: Reduce thread wake-up rate when receiving large RPC messages" Chun-Tse Shao (1): perf lock: Fix parse_lock_type which only retrieve one lock flag Claudiu Beznea (3): ASoC: renesas: rz-ssi: Use only the proper amount of dividers arm64: dts: renesas: rzg3s-smarc: Fix the debug serial alias ASoC: da7213: Initialize the mutex Colin Ian King (1): wifi: rtlwifi: rtl8821ae: phy: restore removed code to fix infinite loop Cosmin Ratiu (1): bonding: Correctly support GSO ESP offload Cristian Birsan (2): ARM: dts: microchip: sama5d29_curiosity: Add no-1-8-v property to sdmmc0 node ARM: dts: microchip: sama5d27_wlsom1_ek: Add no-1-8-v property to sdmmc0 node Daire McNamara (1): PCI: microchip: Set inbound address translation for coherent or non-coherent mode Damien Le Moal (1): PCI: rockchip: Add missing fields descriptions for struct rockchip_pcie_ep Dan Carpenter (11): drm/amdgpu: Fix shift type in amdgpu_debugfs_sdma_sched_mask_set() clk: mmp: pxa1908-mpmu: Fix a NULL vs IS_ERR() check clk: mmp: pxa1908-apbcp: Fix a NULL vs IS_ERR() check clk: mmp: pxa1908-apbc: Fix NULL vs IS_ERR() check wifi: mt76: mt7925: fix off by one in mt7925_load_clc() rdma/cxgb4: Prevent potential integer overflow on 32bit mailbox: th1520: Fix a NULL vs IS_ERR() bug mailbox: mpfs: fix copy and paste bug in probe PCI: rockchip-ep: Fix error code in rockchip_pcie_ep_init_ob_mem() rtc: tps6594: Fix integer overflow on 32bit systems media: imx-jpeg: Fix potential error pointer dereference in detach_pm() Daniel Baluta (1): ASoC: amd: acp: Fix possible deadlock Daniel Gabay (1): wifi: iwlwifi: mvm: don't count mgmt frames as MPDU Daniel Golle (3): net: phy: realtek: clear 1000Base-T lpa if link is down net: phy: realtek: clear master_slave_state if link is down net: phy: realtek: always clear NBase-T lpa Daniel Lee (1): f2fs: Introduce linear search for dentries Daniel Xu (1): bpf: tcp: Mark bpf_load_hdr_opt() arg2 as read-write Darrick J. Wong (3): xfs: don't over-report free space or inodes in statvfs xfs: release the dquot buf outside of qli_lock xfs: don't shut down the filesystem for media failures beyond end of log Dave Stevenson (2): media: i2c: imx290: Register 0x3011 varies between imx327 and imx290 media: i2c: ov9282: Correct the exposure offset David Howells (6): afs: Fix EEXIST error returned from afs_rmdir() to be ENOTEMPTY afs: Fix directory format encoding struct afs: Fix cleanup of immediately failed async calls afs: Fix the fallback handling for the YFS.RemoveFile2 RPC call rxrpc: Fix handling of received connection abort rxrpc, afs: Fix peer hash locking vs RCU callback Derek Foreman (1): drm/connector: Allow clearing HDMI infoframes Desnes Nunes (1): media: dvb-usb-v2: af9035: fix ISO C90 compilation error on af9035_i2c_master_xfer Detlev Casanova (1): ASoC: rockchip: i2s_tdm: Re-add the set_sysclk callback Dheeraj Reddy Jonnalagadda (1): net: fec: implement TSO descriptor cleanup Dimitri Fedrau (1): net: phy: marvell-88q2xxx: Fix temperature measurement with reset-gpios Dmitry Antipov (1): wifi: cfg80211: adjust allocation of colocated AP data Dmitry Baryshkov (30): drm/msm/dp: set safe_to_exit_level before printing it drm/msm/dp: fix msm_dp_utils_pack_sdp_header interface dt-bindings: display/msm: qcom,sa8775p-mdss: fix the example drm/msm/dpu: provide DSPP and correct LM config for SDM670 drm/msm/dpu: link DSPP_2/_3 blocks on SM8150 drm/msm/dpu: link DSPP_2/_3 blocks on SC8180X drm/msm/dpu: link DSPP_2/_3 blocks on SM8250 drm/msm/dpu: link DSPP_2/_3 blocks on SM8350 drm/msm/dpu: link DSPP_2/_3 blocks on SM8550 drm/msm/dpu: link DSPP_2/_3 blocks on SM8650 drm/msm/dpu: link DSPP_2/_3 blocks on X1E80100 drm/msm: don't clean up priv->kms prematurely drm/msm/mdp4: correct LCDC regulator name arm64: dts: qcom: msm8916: correct sleep clock frequency arm64: dts: qcom: msm8939: correct sleep clock frequency arm64: dts: qcom: msm8994: correct sleep clock frequency arm64: dts: qcom: qcs404: correct sleep clock frequency arm64: dts: qcom: q[dr]u1000: correct sleep clock frequency arm64: dts: qcom: qrb4210-rb2: correct sleep clock frequency arm64: dts: qcom: sc7280: correct sleep clock frequency arm64: dts: qcom: sdx75: correct sleep clock frequency arm64: dts: qcom: sm4450: correct sleep clock frequency arm64: dts: qcom: sm6125: correct sleep clock frequency arm64: dts: qcom: sm6375: correct sleep clock frequency arm64: dts: qcom: sm8250: correct sleep clock frequency arm64: dts: qcom: sm8350: correct sleep clock frequency arm64: dts: qcom: sm8450: correct sleep clock frequency arm64: dts: qcom: sm8550: correct sleep clock frequency arm64: dts: qcom: sm8650: correct sleep clock frequency arm64: dts: qcom: x1e80100: correct sleep clock frequency Dmitry V. Levin (1): selftests: harness: fix printing of mismatch values in __EXPECT() Dmytro Maluka (1): of/fdt: Restore possibility to use both ACPI and FDT from bootloader Douglas Anderson (1): Bluetooth: btusb: mediatek: Add locks for usb_driver_claim_interface() Drew Fustini (3): clk: thead: Fix clk gate registration to pass flags clk: thead: Add CLK_IGNORE_UNUSED to fix TH1520 boot clk: thead: Fix cpu2vp_clk for TH1520 AP_SUBSYS clocks Emil Tantilov (2): idpf: add read memory barrier when checking descriptor done bit idpf: fix transaction timeouts on reset Emmanuel Grumbach (1): wifi: iwlwifi: mvm: remove unneeded NULL pointer checks Eric Dumazet (10): inetpeer: remove create argument of inet_getpeer_v[46]() inetpeer: remove create argument of inet_getpeer() inetpeer: update inetpeer timestamp in inet_getpeer() inetpeer: do not get a refcount in inet_getpeer() ptr_ring: do not block hard interrupts in ptr_ring_resize_multiple() ax25: rcu protect dev->ax25_ptr inet: ipmr: fix data-races ipmr: do not call mr_mfc_uses_dev() for unres entries net: rose: fix timer races against user threads net: hsr: fix fill_frame_info() regression vs VLAN packets Eric-SY Chang (1): wifi: mt76: mt7925: fix wrong band_idx setting when enable sniffer mode Eugen Hristev (1): pstore/blk: trivial typo fixes Felix Fietkau (4): wifi: mt76: mt7996: fix rx filter setting for bfee functionality wifi: mt76: only enable tx worker after setting the channel wifi: mt76: mt7915: firmware restart on devices with a second pcie link wifi: mt76: mt7915: fix omac index assignment after hardware reset Florian Westphal (2): netfilter: nft_flow_offload: update tcp state flags under lock xfrm: state: fix out-of-bounds read during lookup Frank Li (1): PCI: imx6: Configure PHY based on Root Complex or Endpoint mode Frank Wunderlich (1): arm64: dts: mediatek: mt7988: Add missing clock-div property for i2c Gal Pressman (1): ethtool: Fix set RXNFC command with symmetric RSS hash Gao Xiang (1): erofs: fix potential return value overflow of z_erofs_shrink_scan() Gaurav Batra (1): powerpc/pseries/iommu: IOMMU incorrectly marks MMIO range in DDW Gaurav Jain (1): crypto: caam - use JobR's space to access page 0 regs Gautham R. Shenoy (1): cpufreq: ACPI: Fix max-frequency computation Geert Uytterhoeven (3): ps3disk: Do not use dev->bounce_size before it is set dt-bindings: leds: class-multicolor: Fix path to color definitions selftests: timers: clocksource-switch: Adapt progress to kselftest framework George Lander (1): ASoC: sun4i-spdif: Add clock multiplier settings Greg Kroah-Hartman (1): Linux 6.13.2 Guangguan Wang (1): net/smc: fix data error when recvmsg with MSG_PEEK flag Guixin Liu (2): scsi: ufs: bsg: Delete bsg_dev when setting up bsg fails scsi: mpi3mr: Fix possible crash when setting up bsg fails Guo Ren (1): iommu/riscv: Fixup compile warning Hans de Goede (2): platform/x86: x86-android-tablets: Add missing __init to get_i2c_adap_by_*() platform/x86: x86-android-tablets: Make variables only used locally static He Rongguang (1): cpupower: fix TSC MHz calculation Heiko Carstens (1): s390/sclp: Initialize sclp subsystem via arch_cpu_finalize_init() Heiko Stuebner (1): drm/rockchip: vop2: fix rk3588 dp+dsi maxclk verification Herbert Xu (2): crypto: api - Fix boot-up self-test race rhashtable: Fix rhashtable_try_insert test Hermes Wu (1): drm/bridge: it6505: Change definition of AUX_FIFO_MAX_SIZE Hou Tao (1): bpf: Cancel the running bpf_timer through kworker for PREEMPT_RT Howard Chu (2): perf trace: Fix BPF loading failure (-E2BIG) perf trace: Fix runtime error of index out of bounds Howard Hsu (2): wifi: mt76: mt7996: fix the capability of reception of EHT MU PPDU wifi: mt76: mt7996: fix HE Phy capability Hsin-Te Yuan (2): arm64: dts: mediatek: mt8183: kenzo: Support second source touchscreen arm64: dts: mediatek: mt8183: willow: Support second source touchscreen Hsin-Yi Wang (1): arm64: dts: mt8183: set DMIC one-wire mode on Damu Huacai Chen (1): LoongArch: Fix warnings during S3 suspend Ian Rogers (3): perf test stat: Avoid hybrid assumption when virtualized perf inject: Fix use without initialization of local variables perf annotate: Use an array for the disassembler preference Ilan Peer (1): wifi: mac80211: Fix common size calculation for ML element Ivan Stepchenko (1): drm/amdgpu: Fix potential NULL pointer dereference in atomctrl_get_smc_sclk_range_table Jagan Teki (1): arm64: dts: rockchip: Fix PCIe3 handling for Edgeble-6TOPS Modules Jakub Kicinski (3): net: netdevsim: try to close UDP port harness races tools: ynl: c: correct reverse decode of empty attrs net: page_pool: don't try to stash the napi id Jamal Hadi Salim (1): net: sched: Disallow replacing of child qdisc from one parent to another James Clark (1): perf stat: Fix trailing comma when there is no metric unit Jan Stancek (2): selftests: mptcp: extend CFLAGS to keep options from environment selftests: net/{lib,openvswitch}: extend CFLAGS to keep options from environment Jason Gunthorpe (6): iommu/arm-smmuv3: Update comments about ATS and bypass iommu/amd: Remove domain_alloc() iommu/amd: Remove dev == NULL checks iommu/amd: Remove type argument from do_iommu_domain_alloc() and related iommu/amd: Change amd_iommu_pgtable to use enum protection_domain_mode iommu/amd: Fully decode all combinations of alloc_paging_flags Jason-JH.Lin (2): dts: arm64: mediatek: mt8188: Update OVL compatible from MT8183 to MT8195 dts: arm64: mediatek: mt8195: Remove MT8183 compatible for OVL Javier Carrasco (2): clk: renesas: cpg-mssr: Fix 'soc' node handling in cpg_mssr_reserved_init() soc: atmel: fix device_node release in atmel_soc_device_init() Jens Axboe (4): nvme: fix bogus kzalloc() return check in nvme_init_effects_log() io_uring/msg_ring: don't leave potentially dangling ->tctx pointer io_uring/uring_cmd: use cached cmd_op in io_uring_cmd_sock() io_uring/register: use atomic_read/write for sq_flags migration Jiachen Zhang (1): perf report: Fix misleading help message about --demangle Jian Shen (1): net: hns3: fix oops when unload drivers paralleling Jianbo Liu (1): xfrm: replay: Fix the update of replay_esn->oseq_hi for GSO Jiang Liu (1): drm/amdgpu: tear down ttm range manager for doorbell in amdgpu_ttm_fini() Jiasheng Jiang (3): media: marvell: Add check for clk_enable() media: mipi-csis: Add check for clk_enable() media: camif-core: Add check for clk_enable() Jiayuan Chen (1): selftests/bpf: Avoid generating untracked files when running bpf selftests Jinliang Zheng (1): fs: fix proc_handler for sysctl_nr_open Jiri Kosina (1): HID: multitouch: fix support for Goodix PID 0x01e9 Jiri Slaby (SUSE) (1): tty: mips_ejtag_fdc: fix one more u8 warning Joe Hattori (14): clk: fix an OF node reference leak in of_clk_get_parent_name() ACPI: fan: cleanup resources in the error path of .probe() leds: netxbig: Fix an OF node reference leak in netxbig_leds_get_of_pdata() regulator: of: Implement the unwind path of of_regulator_match() OPP: OF: Fix an OF node leak in _opp_add_static_v2() leds: cht-wcove: Use devm_led_classdev_register() to avoid memory leak crypto: ixp4xx - fix OF node reference leaks in init_ixp_crypto() memory: tegra20-emc: fix an OF node reference bug in tegra_emc_find_node_by_ram_code() fbdev: omapfb: Fix an OF node leak in dss_of_port_get_parent_device() mtd: hyperbus: hbmc-am654: fix an OF node reference leak watchdog: rti_wdt: Fix an OF node leak in rti_wdt_probe() staging: media: imx: fix OF node leak in imx_media_add_of_subdevs() dmaengine: ti: edma: fix OF node reference leaks in edma_driver usb: dwc3-am62: Fix an OF node leak in phy_syscon_pll_refclk() Joel Stanley (2): hwmon: Fix help text for aspeed-g6-pwm-tach arm64: dts: qcom: x1e80100-romulus: Update firmware nodes Johannes Berg (3): wifi: iwlwifi: fw: read STEP table from correct UEFI var wifi: mac80211: prohibit deactivating all links wifi: mac80211: don't flush non-uploaded STAs John Garry (1): block: Ensure start sector is aligned for stacking atomic writes John Ogness (2): printk: Defer legacy printing when holding printk_cpu_sync serial: 8250: Adjust the timeout for FIFO mode Jon Maloy (1): tcp: correct handling of extreme memory squeeze Jonas Karlman (1): arm64: dts: rockchip: Fix sdmmc access on rk3308-rock-s0 v1.1 boards Jonathan Kim (1): drm/amdgpu: fix gpu recovery disable with per queue reset Jos Wang (1): usb: typec: tcpm: set SRC_SEND_CAPABILITIES timeout to PD_T_SENDER_RESPONSE Josua Mayer (2): arm64: dts: marvell: cn9131-cf-solidwan: fix cp1 comphy links arm64: dts: ti: k3-am642-hummingboard-t: Convert overlay to board dts Junxian Huang (1): RDMA/hns: Clean up the legacy CONFIG_INFINIBAND_HNS K Prateek Nayak (1): x86/topology: Use x86_sched_itmt_flags for PKG domain unconditionally Kailang Yang (1): ALSA: hda/realtek - Fixed headphone distorted sound on Acer Aspire A115-31 laptop Kalesh AP (1): RDMA/bnxt_re: Fix to drop reference to the mmap entry in case of error Kanchana P Sridhar (1): crypto: iaa - Fix IAA disabling that occurs when sync_mode is set to 'async' Karol Przybylski (2): drm/amdgpu: Fix potential integer overflow in scheduler mask calculations HID: hid-thrustmaster: Fix warning in thrustmaster_probe by adding endpoint check Kees Cook (2): coredump: Do not lock during 'comm' reporting wifi: cfg80211: Move cfg80211_scan_req_add_chan() n_channels increment earlier Keisuke Nishimura (2): nvme: Add error check for xa_store in nvme_get_effects_log nvme: Add error path for xa_store in nvme_init_effects Kevin Brodsky (1): selftests/mm: build with -O2 King Dix (1): PCI: rcar-ep: Fix incorrect variable used when calling devm_request_mem_region() Konrad Dybcio (5): arm64: dts: qcom: sa8775p: Use a SoC-specific compatible for GPI DMA arm64: dts: qcom: sa8775p: Use valid node names for GPI DMAs arm64: dts: qcom: msm8996: Fix up USB3 interrupts arm64: dts: qcom: msm8994: Describe USB interrupts arm64: dts: qcom: sc8280xp: Fix up remoteproc register space sizes Kory Maincent (2): net: ravb: Fix missing rtnl lock in suspend/resume path net: sh_eth: Fix missing rtnl lock in suspend/resume path Krishna chaitanya chundru (1): PCI: qcom: Update ICC and OPP values after Link Up event Krzysztof Kozlowski (2): arm64: dts: qcom: sm8650: Fix CDSP context banks unit addresses firmware: qcom: scm: Cleanup global '__scm' on probe failures Kunihiko Hayashi (2): net: stmmac: Limit the number of MTL queues to hardware capability net: stmmac: Limit FIFO size by hardware capability Kuniyuki Iwashima (1): dev: Acquire netdev_rename_lock before restoring dev->name in dev_change_name(). Kyle Tso (2): usb: dwc3: core: Defer the probe until USB power supply ready usb: typec: tcpci: Prevent Sink disconnection before vPpsShutdown in SPR PPS Laurent Pinchart (1): media: uvcvideo: Fix double free in error path Laurentiu Palcu (2): media: nxp: imx8-isi: fix v4l2-compliance test errors staging: media: max96712: fix kernel oops when removing module Len Brown (1): tools/power turbostat: Fix forked child affinity regression Leon Romanovsky (1): RDMA/mlx4: Avoid false error about access to uninitialized gids array Leon Yen (1): wifi: mt76: mt7925: Fix CNM Timeout with Single Active Link in MLO Levi Yun (1): perf expr: Initialize is_test value in expr__ctx_new() Li Zhijian (1): RDMA/rtrs: Add missing deinit() call Liam R. Howlett (1): kernel: be more careful about dup_mmap() failures and uprobe registering Lianqin Hu (1): ALSA: usb-audio: Add delay quirk for iBasso DC07 Pro Lin Yujun (1): hexagon: Fix unbalanced spinlock in die() Liu Jian (1): net: let net.core.dev_weight always be non-zero Long Li (1): xfs: fix mount hang during primary superblock recovery failure Lorenzo Bianconi (1): net: airoha: Fix error path in airoha_probe() Lu Baolu (1): iommu/vt-d: Draining PRQ in sva unbind path when FPD bit set Luca Ceresoli (1): gpio: pca953x: log an error when failing to get the reset GPIO Luca Weiss (2): arm64: dts: qcom: sm7225-fairphone-fp4: Drop extra qcom,msm-id value media: i2c: imx412: Add missing newline to prints Luo Yifan (1): tools/bootconfig: Fix the wrong format specifier Ma Ke (1): RDMA/srp: Fix error handling in srp_add_port Maciej S. Szmigiero (1): pinctrl: amd: Take suspend type into consideration which pins are non-wake Mahdi Arghavani (1): tcp_cubic: fix incorrect HyStart round start detection Maher Sanalla (1): net/mlxfw: Drop hard coded max FW flash image size Mamta Shukla (1): arm: dts: socfpga: use reset-name "stmmaceth-ocp" instead of "ahb" Manivannan Sadhasivam (3): cpufreq: qcom: Fix qcom_cpufreq_hw_recalc_rate() to query LUT if LMh IRQ is not available cpufreq: qcom: Implement clk_ops::determine_rate() for qcom_cpufreq* clocks PCI: endpoint: pci-epf-test: Fix check for DMA MEMCPY test Manoj Vishwanathan (1): idpf: Acquire the lock before accessing the xn->salt Marcel Hamer (1): wifi: brcmfmac: add missing header include for brcmf_dbg Marco Leogrande (2): tools/testing/selftests/bpf/test_tc_tunnel.sh: Fix wait for server bind idpf: convert workqueues to unbound Marek Vasut (6): clk: imx8mp: Fix clkout1/2 support ARM: dts: stm32: Increase CPU core voltage on STM32MP13xx DHCOR SoM ARM: dts: stm32: Sort M24256E write-lockable page in DH STM32MP13xx DHCOR SoM DT ARM: dts: stm32: Deduplicate serial aliases and chosen node for STM32MP15xx DHCOM SoM ARM: dts: stm32: Swap USART3 and UART8 alias on STM32MP15xx DHCOM SoM arm64: dts: qcom: msm8996-xiaomi-gemini: Fix LP5562 LED1 reg property Mario Limonciello (1): cpufreq/amd-pstate: Fix prefcore rankings Mark Brown (1): spi: omap2-mcspi: Correctly handle devm_clk_get_optional() errors Martin KaFai Lau (2): bpf: bpf_local_storage: Always use bpf_mem_alloc in PREEMPT_RT bpf: Reject struct_ops registration that uses module ptr and the module btf_id is missing Masahiro Yamada (5): genksyms: fix memory leak when the same symbol is added from source genksyms: fix memory leak when the same symbol is read from *.symref file kconfig: fix file name in warnings when loading KCONFIG_DEFCONFIG_LIST kconfig: fix memory leak in sym_warn_unmet_dep() kbuild: fix Clang LTO with CONFIG_OBJTOOL=n Masami Hiramatsu (Google) (1): selftests/ftrace: Fix to use remount when testing mount GID option Mateusz Polchlopek (1): ice: remove invalid parameter of equalizer Mathieu Desnoyers (1): selftests/rseq: Fix handling of glibc without rseq support Matthieu Baerts (NGI0) (2): mptcp: pm: only set fullmesh for subflow endp mptcp: blackhole only if 1st SYN retrans w/o MPC is accepted Matti Vaittinen (1): dt-bindings: mfd: bd71815: Fix rsense and typos Maulik Shah (1): arm64: dts: qcom: sa8775p: Add CPUs to psci power domain Max Chou (1): Bluetooth: btrtl: check for NULL in btrtl_setup_realtek() Maíra Canal (1): drm/v3d: Fix performance counter source settings on V3D 7.x Melissa Wen (1): drm/amd/display: restore invalid MSA timing check for freesync Michael Ellerman (1): selftests/powerpc: Fix argument order to timer_sub() Michael Guralnik (1): RDMA/mlx5: Fix indirect mkey ODP page count Michael Lo (1): wifi: mt76: mt7921: fix using incorrect group cipher after disconnection. Michael Riesch (1): arm64: dts: rockchip: fix num-channels property of wolfvision pf5 mic Michal Luczaj (1): vsock: Allow retrying on connect() failure Michal Pecio (1): usb: xhci: Fix NULL pointer dereference on certain command aborts Michal Swiatkowski (1): iavf: allow changing VLAN state without calling PF Michal Wilczynski (1): mailbox: th1520: Fix memory corruption due to incorrect array size Mickaël Salaün (4): selftests: ktap_helpers: Fix uninitialized variable landlock: Handle weird files selftests/landlock: Fix build with non-default pthread linking selftests/landlock: Fix error message Mike Snitzer (1): nfs: fix incorrect error handling in LOCALIO Min-Hua Chen (1): drm/rockchip: vop2: include rockchip_drm_drv.h Ming Wang (1): rtc: loongson: clear TOY_MATCH0_REG in loongson_rtc_isr() Ming Yen Hsieh (15): wifi: mt76: mt7925: fix get wrong chip cap from incorrect pointer wifi: mt76: mt7925: fix the invalid ip address for arp offload wifi: mt76: mt7925: Fix incorrect MLD address in bss_mld_tlv for MLO support wifi: mt76: mt7925: Fix incorrect WCID assignment for MLO wifi: mt76: mt7925: fix wrong parameter for related cmd of chan info wifi: mt76: mt7925: Enhance mt7925_mac_link_bss_add to support MLO wifi: mt76: Enhance mt7925_mac_link_sta_add to support MLO wifi: mt76: mt7925: Update mt7925_mcu_sta_update for BC in ASSOC state wifi: mt76: mt7925: Update mt792x_rx_get_wcid for per-link STA wifi: mt76: mt7925: Update mt7925_unassign_vif_chanctx for per-link BSS wifi: mt76: mt7925: Update secondary link PS flow wifi: mt76: mt7925: Init secondary link PM state wifi: mt76: mt7925: Update mt7925_mcu_uni_[tx,rx]_ba for MLO wifi: mt76: mt7925: Cleanup MLO settings post-disconnection wifi: mt76: mt7925: Properly handle responses for commands with events Mingwei Zheng (5): spi: zynq-qspi: Add check for clk_enable() pwm: stm32-lp: Add check for clk_enable() pwm: stm32: Add check for clk_enable() pinctrl: nomadik: Add check for clk_enable() pinctrl: stm32: Add check for clk_enable() Miri Korenblit (1): wifi: iwlwifi: mvm: avoid NULL pointer dereference Mohamed Khalfella (1): PCI: endpoint: pci-epf-test: Set dma_chan_rx pointer to NULL on error Namhyung Kim (2): perf symbol: Prefer non-label symbols with same address perf test: Skip syscall enum test if no landlock syscall Nathan Chancellor (1): s390: Add '-std=gnu11' to decompressor and purgatory CFLAGS Neeraj Sanjay Kale (1): Bluetooth: btnxpuart: Fix glitches seen in dual A2DP streaming Neil Armstrong (9): OPP: add index check to assert to avoid buffer overflow in _read_freq() OPP: fix dev_pm_opp_find_bw_*() when bandwidth table not initialized dt-bindings: mmc: controller: clarify the address-cells description arm64: dts: qcom: qcm6490-shift-otter: remove invalid orientation-switch arm64: dts: qcom: sdm845-db845c-navigation-mezzanine: remove disabled ov7251 camera arm64: dts: qcom: sc7180-trogdor-quackingstick: add missing avee-supply arm64: dts: qcom: sc7180-trogdor-pompom: rename 5v-choke thermal zone arm64: dts: qcom: sc7180: fix psci power domain node names arm64: dts: qcom: sm8150-microsoft-surface-duo: fix typos in da7280 properties Nicolas Cavallari (1): wifi: mt76: mt7915: Fix mesh scan on MT7916 DBDC Nicolas Ferre (1): ARM: at91: pm: change BU Power Switch to automatic mode Nikita Zhandarovich (2): net/rose: prevent integer overflows in rose_setsockopt() net: usb: rtl8150: enable basic endpoint checking Nícolas F. R. A. Prado (2): arm64: dts: mediatek: mt8186: Move wakeup to MTU3 to get working suspend arm64: dts: mediatek: mt8195: Remove suspend-breaking reset from pcie1 Octavian Purdila (2): net_sched: sch_sfq: don't allow 1 packet limit team: prevent adding a device which is already a team device lower Oleksij Rempel (1): rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read Olga Kornievskaia (2): NFSv4.2: fix COPY_NOTIFY xdr buf size calculation NFSv4.2: mark OFFLOAD_CANCEL MOVEABLE Oliver Neukum (1): media: rc: iguanair: handle timeouts Pablo Neira Ayuso (2): netfilter: nf_tables: fix set size with rbtree backend netfilter: nf_tables: reject mismatching sum of field_len with set key length Pali Rohár (3): cifs: Use cifs_autodisable_serverino() for disabling CIFS_MOUNT_SERVER_INUM in readdir.c cifs: Validate EAs for WSL reparse points cifs: Fix getting and setting SACLs over SMB1 Palmer Dabbelt (1): RISC-V: Mark riscv_v_init() as __init Paolo Abeni (2): mptcp: consolidate suboption status mptcp: handle fastopen disconnect correctly Patrisious Haddad (1): RDMA/mlx5: Fix implicit ODP use after free Patryk Wlazlyn (1): tools/power turbostat: Fix PMT mmaped file size rounding Paul Fertser (1): net/ncsi: use dev_set_mac_address() for Get MC MAC Address handling Paul Menzel (1): scsi: mpt3sas: Set ioc->manu_pg11.EEDPTagMode directly to 1 Paulo Alcantara (1): smb: client: fix oops due to unset link speed Pavel Begunkov (1): io_uring: prevent reg-wait speculations Pei Xiao (4): platform/mellanox: mlxbf-pmc: incorrect type in assignment platform/x86: x86-android-tablets: make platform data be static bpf: Use refcount_t instead of atomic_t for mmap_count i3c: dw: Fix use-after-free in dw_i3c_master driver due to race condition Peng Fan (1): clk: imx: Apply some clks only for i.MX93 Peter Chiu (4): wifi: mt76: mt7915: fix register mapping wifi: mt76: mt7996: fix register mapping wifi: mt76: mt7996: add max mpdu len capability wifi: mt76: mt7996: fix ldpc setting Peter Zijlstra (2): sched/fair: Untangle NEXT_BUDDY and pick_next_task() sched/fair: Fix value reported by hot tasks pulled in /proc/schedstat Ping-Ke Shih (1): wifi: rtw89: fix race between cancel_hw_scan and hw_scan completion Po-Hao Huang (1): wifi: rtw89: correct header conversion rule for MLO only Przemek Kitszel (1): ice: fix ice_parser_rt::bst_key array size Pu Lehui (3): selftests/bpf: Fix btf leak on new btf alloc failure in btf_distill test libbpf: Fix return zero when elf_begin failed libbpf: Fix incorrect traversal end type ID when marking BTF_IS_EMBEDDED Puranjay Mohan (1): bpf: Send signals asynchronously if !preemptible Qasim Ijaz (1): iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index() Qu Wenruo (5): btrfs: improve the warning and error message for btrfs_remove_qgroup() btrfs: subpage: fix the bitmap dump of the locked flags btrfs: output the reason for open_ctree() failure btrfs: do proper folio cleanup when cow_file_range() failed btrfs: do proper folio cleanup when run_delalloc_nocow() failed Quan Nguyen (1): ipmi: ssif_bmc: Fix new request loss when bmc ready for a response Quentin Monnet (1): libbpf: Fix segfault due to libelf functions not setting errno Rafał Miłecki (2): ARM: dts: mediatek: mt7623: fix IR nodename bgmac: reduce max frame size to support just MTU 1500 Randy Dunlap (2): partitions: ldm: remove the initial kernel-doc notation efi: sysfb_efi: fix W=1 warnings when EFI is not set Ray Chi (1): usb: dwc3: Skip resume if pm_runtime_set_active() fails Rex Nie (1): drm/msm/hdmi: simplify code in pll_get_integloop_gain Ricardo B. Marliere (1): ktest.pl: Check kernelrelease return in get_version Ricardo Ribalda (2): media: uvcvideo: Fix deadlock during uvc_probe media: uvcvideo: Propagate buf->error to userspace Richard Zhu (4): PCI: imx6: Skip controller_id generation logic for i.MX7D PCI: imx6: Deassert apps_reset in imx_pcie_deassert_core_reset() PCI: imx6: Add missing reference clock disable logic PCI: dwc: Always stop link in the dw_pcie_suspend_noirq Ricky CX Wu (3): ARM: dts: aspeed: yosemite4: correct the compatible string of adm1272 ARM: dts: aspeed: yosemite4: Add required properties for IOE on fan boards ARM: dts: aspeed: yosemite4: correct the compatible string for max31790 Rob Herring (Arm) (1): mfd: syscon: Fix race in device_node_get_regmap() Roger Quadros (1): net: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns() Ross Burton (1): arm64: defconfig: remove obsolete CONFIG_SM_DISPCC_8650 Ryusuke Konishi (3): nilfs2: do not force clear folio if buffer is referenced nilfs2: protect access to buffers with no active references nilfs2: handle errors that nilfs_prepare_chunk() may return Sagi Grimberg (1): nvme-tcp: Fix I/O queue cpu spreading for multiple controllers Saket Kumar Bhaskar (1): selftests/bpf: Fix fill_link_info selftest on powerpc Sathishkumar Muruganandam (1): wifi: ath12k: fix tx power, max reg power update to firmware Sean Christopherson (1): KVM: x86: Plumb in the vCPU to kvm_x86_ops.hwapic_isr_update() Sean Rhodes (1): drivers/card_reader/rtsx_usb: Restore interrupt based detection Sean Wang (1): wifi: mt76: connac: Extend mt76_connac_mcu_uni_add_dev for MLO Sebastian Andrzej Siewior (1): module: Extend the preempt disabled section in dereference_symbol_descriptor(). Sebastian Sewior (1): xfrm: Don't disable preemption while looking up cache state. Sergio Paracuellos (1): clk: ralink: mtmips: remove duplicated 'xtal' clock for Ralink SoC RT3883 Shayne Chen (1): wifi: mt76: mt7996: fix invalid interface combinations Shengjiu Wang (3): dt-bindings: clock: imx93: Add SPDIF IPG clk clk: imx93: Add IMX93_CLK_SPDIF_IPG clock arm64: dts: imx93: Use IMX93_CLK_SPDIF_IPG as SPDIF IPG clock Shigeru Yoshida (1): vxlan: Fix uninit-value in vxlan_vnifilter_dump() Shinas Rasheed (2): octeon_ep: remove firmware stats fetch in ndo_get_stats64 octeon_ep_vf: remove firmware stats fetch in ndo_get_stats64 Shivaprasad G Bhat (1): powerpc/pseries/iommu: Don't unset window if it was never set Siddharth Vadapalli (1): arm64: dts: ti: Makefile: Fix typo "k3-j7200-evm-pcie1-ep.dtbo" Simon Trimmer (2): ASoC: Intel: sof_sdw: Fix DMI match for Lenovo 83LC ASoC: Intel: sof_sdw: Fix DMI match for Lenovo 83JX, 83MC and 83NM Song Yoong Siang (1): selftests/bpf: Actuate tx_metadata_len in xdp_hw_metadata Sourabh Jain (1): powerpc/book3s64/hugetlb: Fix disabling hugetlb when fadump is active Stanislav Fomichev (1): net/mlx5e: add missing cpu_to_node to kvzalloc_node in mlx5e_open_xdpredirect_sq Stefano Brivio (1): udp: Deal with race between UDP socket address change and rehash Su Yue (1): ocfs2: mark dquot as inactive if failed to start trans while releasing dquot Sui Jingfeng (2): drm/etnaviv: Fix page property being used for non writecombine buffers drm/msm: Check return value of of_dma_configure() Sultan Alsawaf (unemployed) (1): cpufreq: schedutil: Fix superfluous updates caused by need_freq_update Suraj Sonawane (1): iommu: iommufd: fix WARNING in iommufd_device_unbind Suren Baghdasaryan (1): alloc_tag: avoid current->alloc_tag manipulations when profiling is disabled Takashi Iwai (6): ASoC: cs40l50: Use *-y for Makefile ASoC: mediatek: mt8365: Use *-y for Makefile ASoC: SDCA: Use *-y for Makefile ASoC: cs42l84: Use *-y for Makefile ASoC: wcd937x: Use *-y for Makefile ALSA: seq: Make dependency on UMP clearer Taniya Das (1): arm64: dts: qcom: sa8775p: Update sleep_clk frequency Terry Tritton (1): HID: fix generic desktop D-Pad controls Thadeu Lima de Souza Cascardo (9): wifi: rtlwifi: do not complete firmware loading needlessly wifi: rtlwifi: rtl8192se: rise completion of firmware loading as last step wifi: rtlwifi: wait for firmware loading before releasing memory wifi: rtlwifi: fix init_sw_vars leak when probe fails wifi: rtlwifi: usb: fix workqueue leak when probe fails wifi: rtlwifi: remove unused check_buddy_priv wifi: rtlwifi: destroy workqueue at rtl_deinit_core wifi: rtlwifi: fix memory leaks and invalid access at probe error path wifi: rtlwifi: pci: wait for firmware loading before releasing memory Thinh Nguyen (2): usb: gadget: f_tcm: Fix Get/SetInterface return value usb: gadget: f_tcm: Don't free command immediately Thomas Gleixner (1): genirq: Make handle_enforce_irqctx() unconditionally available Thomas Weißschuh (2): padata: fix sysfs store callback check ptp: Properly handle compat ioctls Tianchen Ding (1): sched: Fix race between yield_to() and try_to_wake_up() Tiezhu Yang (1): LoongArch: Change 8 to 14 for LOONGARCH_MAX_{BRP,WRP} Toke Høiland-Jørgensen (1): net: xdp: Disallow attaching device-bound programs in generic mode Tony Ambardar (1): selftests/bpf: Fix undefined UINT_MAX in veristat.c Torsten Hilbrich (1): kbuild: Fix signing issue for external modules Uwe Kleine-König (3): hwmon: (nct6775): Actually make use of the HWMON_NCT6775 symbol namespace i2c: designware: Actually make use of the I2C_DW_COMMON and I2C_DW symbol namespaces pwm: Ensure callbacks exist before calling them Val Packett (5): arm64: dts: mediatek: mt8516: fix GICv2 range arm64: dts: mediatek: mt8516: fix wdt irq type arm64: dts: mediatek: mt8516: add i2c clock-div property arm64: dts: mediatek: mt8516: reserve 192 KiB for TF-A arm64: dts: mediatek: add per-SoC compatibles for keypad nodes Vasily Gorbik (1): s390/mm: Allow large pages for KASAN shadow mapping Vasily Khoruzhick (1): clk: sunxi-ng: a64: stop force-selecting PLL-MIPI as TCON0 parent Ville Syrjälä (1): drm/i915: Grab intel_display from the encoder to avoid potential oopsies Vishal Chourasia (1): tools: Sync if_xdp.h uapi tooling header Vladimir Zapolskiy (3): arm64: dts: qcom: sc8280xp: Fix interrupt type of camss interrupts arm64: dts: qcom: sdm845: Fix interrupt types of camss interrupts arm64: dts: qcom: sm8250: Fix interrupt types of camss interrupts WangYuli (1): wifi: mt76: mt76u_vendor_request: Do not print error messages when -EPROTO Wenkai Lin (2): crypto: hisilicon/sec2 - fix for aead icv error crypto: hisilicon/sec2 - fix for aead invalid authsize Wentao Liang (1): PM: hibernate: Add error handling for syscore_suspend() Willem de Bruijn (1): hexagon: fix using plain integer as NULL pointer warning in cmpxchg Xin Long (1): net: sched: refine software bypass handling in tc_run Yabin Cui (1): perf/core: Save raw sample data conditionally based on sample type Yang Erkun (1): block: retry call probe after request_module in blk_request_module Yevgeny Kliteynik (1): net/mlx5: HWS, fix definer's HWS_SET32 macro for negative offset Yu Kuai (7): nbd: don't allow reconnect after disconnect md/md-bitmap: factor behind write counters out from bitmap_{start/end}write() md/md-bitmap: remove the last parameter for bimtap_ops->endwrite() md: add a new callback pers->bitmap_sector() md/raid5: implement pers->bitmap_sector() md/md-bitmap: move bitmap_{start, end}write to md upper layer md/md-bitmap: Synchronize bitmap_get_stats() with bitmap lifetime Zhihao Cheng (1): ubi: Revert "ubi: wl: Close down wear-leveling before nand is suspended" Zhongqiu Han (3): perf header: Fix one memory leakage in process_bpf_btf() perf header: Fix one memory leakage in process_bpf_prog_info() perf bpf: Fix two memory leakages when calling perf_env__insert_bpf_prog_info() Zhu Yanjun (1): RDMA/rxe: Fix the warning "__rxe_cleanup+0x12c/0x170 [rdma_rxe]" Zichen Xie (2): wifi: cfg80211: tests: Fix potential NULL dereference in test_cfg80211_parse_colocated_ap() samples/landlock: Fix possible NULL dereference in parse_path() Zijun Hu (4): of: property: Avoiding using uninitialized variable @imaplen in parse_interrupt_map() of: reserved-memory: Do not make kmemleak ignore freed address PCI: endpoint: Destroy the EPC device in devm_pci_epc_destroy() driver core: class: Fix wild pointer dereferences in API class_dev_iter_next() Zong-Zhe Yang (3): wifi: rtw89: fix proceeding MCC with wrong scanning state after sequence changes wifi: rtw89: chan: fix soft lockup in rtw89_entity_recalc_mgnt_roles() wifi: rtw89: mcc: consider time limits not divisible by 1024 allan.wang (1): wifi: mt76: mt7925: Fix incorrect WCID phy_idx assignment david regan (1): mtd: rawnand: brcmnand: fix status read of brcmnand_waitfunc pangliyuan (1): ubifs: skip dumping tnc tree when zroot is null xueqin Luo (2): wifi: mt76: mt7996: fix overflows seen when writing limit attributes wifi: mt76: mt7915: fix overflows seen when writing limit attributes zhenwei pi (1): RDMA/rxe: Fix mismatched max_msg_sz

4 months, 1 week

1
1
0 0

Linux 6.12.13

by Greg Kroah-Hartman

I'm announcing the release of the 6.12.13 kernel. All users of the 6.12 kernel series must upgrade. The updated 6.12.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.12.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/core-api/symbol-namespaces.rst | 4 Documentation/devicetree/bindings/clock/imx93-clock.yaml | 1 Documentation/devicetree/bindings/leds/leds-class-multicolor.yaml | 2 Documentation/devicetree/bindings/mfd/rohm,bd71815-pmic.yaml | 20 Documentation/devicetree/bindings/mmc/mmc-controller.yaml | 2 Documentation/devicetree/bindings/regulator/mt6315-regulator.yaml | 6 Documentation/driver-api/crypto/iaa/iaa-crypto.rst | 9 Documentation/translations/it_IT/core-api/symbol-namespaces.rst | 4 Documentation/translations/zh_CN/core-api/symbol-namespaces.rst | 4 Makefile | 4 arch/arm/boot/dts/aspeed/aspeed-bmc-facebook-yosemite4.dts | 24 arch/arm/boot/dts/intel/socfpga/socfpga_arria10.dtsi | 6 arch/arm/boot/dts/mediatek/mt7623.dtsi | 2 arch/arm/boot/dts/microchip/at91-sama5d27_wlsom1_ek.dts | 1 arch/arm/boot/dts/microchip/at91-sama5d29_curiosity.dts | 1 arch/arm/boot/dts/nxp/imx/imx7-tqma7.dtsi | 1 arch/arm/boot/dts/st/stm32mp13xx-dhcor-som.dtsi | 4 arch/arm/boot/dts/st/stm32mp151.dtsi | 2 arch/arm/boot/dts/st/stm32mp15xx-dhcom-drc02.dtsi | 12 arch/arm/boot/dts/st/stm32mp15xx-dhcom-pdk2.dtsi | 10 arch/arm/boot/dts/st/stm32mp15xx-dhcom-picoitx.dtsi | 10 arch/arm/boot/dts/st/stm32mp15xx-dhcom-som.dtsi | 7 arch/arm/mach-at91/pm.c | 31 arch/arm/mach-omap1/board-nokia770.c | 2 arch/arm64/boot/dts/allwinner/sun50i-a64-pinebook.dts | 2 arch/arm64/boot/dts/allwinner/sun50i-a64-teres-i.dts | 2 arch/arm64/boot/dts/allwinner/sun50i-a64.dtsi | 2 arch/arm64/boot/dts/freescale/imx93.dtsi | 2 arch/arm64/boot/dts/marvell/cn9131-cf-solidwan.dts | 4 arch/arm64/boot/dts/mediatek/mt7988a.dtsi | 3 arch/arm64/boot/dts/mediatek/mt8173-elm.dtsi | 29 arch/arm64/boot/dts/mediatek/mt8173-evb.dts | 25 arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi-damu.dts | 4 arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi-kenzo.dts | 15 arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi-willow.dtsi | 15 arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi.dtsi | 2 arch/arm64/boot/dts/mediatek/mt8183.dtsi | 3 arch/arm64/boot/dts/mediatek/mt8186.dtsi | 8 arch/arm64/boot/dts/mediatek/mt8192-asurada.dtsi | 3 arch/arm64/boot/dts/mediatek/mt8195-cherry.dtsi | 2 arch/arm64/boot/dts/mediatek/mt8195-demo.dts | 9 arch/arm64/boot/dts/mediatek/mt8195.dtsi | 5 arch/arm64/boot/dts/mediatek/mt8365.dtsi | 3 arch/arm64/boot/dts/mediatek/mt8395-genio-1200-evk.dts | 2 arch/arm64/boot/dts/mediatek/mt8395-radxa-nio-12l.dts | 2 arch/arm64/boot/dts/mediatek/mt8516.dtsi | 11 arch/arm64/boot/dts/mediatek/pumpkin-common.dtsi | 2 arch/arm64/boot/dts/nvidia/tegra234.dtsi | 2 arch/arm64/boot/dts/qcom/Makefile | 3 arch/arm64/boot/dts/qcom/msm8916.dtsi | 2 arch/arm64/boot/dts/qcom/msm8939.dtsi | 2 arch/arm64/boot/dts/qcom/msm8994.dtsi | 11 arch/arm64/boot/dts/qcom/msm8996-xiaomi-gemini.dts | 2 arch/arm64/boot/dts/qcom/msm8996.dtsi | 9 arch/arm64/boot/dts/qcom/qcm6490-shift-otter.dts | 2 arch/arm64/boot/dts/qcom/qcs404.dtsi | 2 arch/arm64/boot/dts/qcom/qcs8550-aim300.dtsi | 2 arch/arm64/boot/dts/qcom/qdu1000-idp.dts | 2 arch/arm64/boot/dts/qcom/qrb4210-rb2.dts | 2 arch/arm64/boot/dts/qcom/qru1000-idp.dts | 2 arch/arm64/boot/dts/qcom/sa8775p-ride.dtsi | 2 arch/arm64/boot/dts/qcom/sc7180-firmware-tfa.dtsi | 84 +- arch/arm64/boot/dts/qcom/sc7180-trogdor-coachz.dtsi | 8 arch/arm64/boot/dts/qcom/sc7180-trogdor-homestar.dtsi | 8 arch/arm64/boot/dts/qcom/sc7180-trogdor-pompom.dtsi | 4 arch/arm64/boot/dts/qcom/sc7180-trogdor-quackingstick.dtsi | 1 arch/arm64/boot/dts/qcom/sc7180-trogdor-wormdingler.dtsi | 8 arch/arm64/boot/dts/qcom/sc7180.dtsi | 362 +++++----- arch/arm64/boot/dts/qcom/sc7280.dtsi | 2 arch/arm64/boot/dts/qcom/sc8280xp.dtsi | 46 - arch/arm64/boot/dts/qcom/sdm845-db845c-navigation-mezzanine.dts | 104 -- arch/arm64/boot/dts/qcom/sdm845-db845c-navigation-mezzanine.dtso | 70 + arch/arm64/boot/dts/qcom/sdm845.dtsi | 20 arch/arm64/boot/dts/qcom/sdx75.dtsi | 2 arch/arm64/boot/dts/qcom/sm4450.dtsi | 2 arch/arm64/boot/dts/qcom/sm6125.dtsi | 2 arch/arm64/boot/dts/qcom/sm6375.dtsi | 2 arch/arm64/boot/dts/qcom/sm7125.dtsi | 16 arch/arm64/boot/dts/qcom/sm7225-fairphone-fp4.dts | 2 arch/arm64/boot/dts/qcom/sm8150-microsoft-surface-duo.dts | 4 arch/arm64/boot/dts/qcom/sm8250.dtsi | 30 arch/arm64/boot/dts/qcom/sm8350.dtsi | 2 arch/arm64/boot/dts/qcom/sm8450.dtsi | 2 arch/arm64/boot/dts/qcom/sm8550-hdk.dts | 2 arch/arm64/boot/dts/qcom/sm8550-mtp.dts | 2 arch/arm64/boot/dts/qcom/sm8550-qrd.dts | 2 arch/arm64/boot/dts/qcom/sm8550-samsung-q5q.dts | 2 arch/arm64/boot/dts/qcom/sm8550-sony-xperia-yodo-pdx234.dts | 2 arch/arm64/boot/dts/qcom/sm8650-hdk.dts | 2 arch/arm64/boot/dts/qcom/sm8650-mtp.dts | 2 arch/arm64/boot/dts/qcom/sm8650-qrd.dts | 2 arch/arm64/boot/dts/qcom/sm8650.dtsi | 6 arch/arm64/boot/dts/qcom/x1e80100-microsoft-romulus.dtsi | 4 arch/arm64/boot/dts/qcom/x1e80100.dtsi | 2 arch/arm64/boot/dts/renesas/rzg3s-smarc-som.dtsi | 5 arch/arm64/boot/dts/renesas/rzg3s-smarc.dtsi | 7 arch/arm64/boot/dts/rockchip/rk3308-rock-s0.dts | 25 arch/arm64/boot/dts/rockchip/rk3568-wolfvision-pf5.dts | 2 arch/arm64/boot/dts/ti/Makefile | 4 arch/arm64/boot/dts/ti/k3-am62-main.dtsi | 1 arch/arm64/boot/dts/ti/k3-am62a-main.dtsi | 1 arch/arm64/boot/dts/ti/k3-am642-hummingboard-t-pcie.dts | 47 + arch/arm64/boot/dts/ti/k3-am642-hummingboard-t-pcie.dtso | 45 - arch/arm64/boot/dts/ti/k3-am642-hummingboard-t-usb3.dts | 47 + arch/arm64/boot/dts/ti/k3-am642-hummingboard-t-usb3.dtso | 44 - arch/arm64/configs/defconfig | 1 arch/hexagon/include/asm/cmpxchg.h | 2 arch/hexagon/kernel/traps.c | 4 arch/loongarch/include/asm/hw_breakpoint.h | 4 arch/loongarch/include/asm/loongarch.h | 60 + arch/loongarch/kernel/hw_breakpoint.c | 16 arch/loongarch/power/platform.c | 2 arch/powerpc/include/asm/hugetlb.h | 9 arch/powerpc/kernel/iommu.c | 2 arch/powerpc/platforms/pseries/iommu.c | 12 arch/riscv/kernel/vector.c | 2 arch/s390/Kconfig | 1 arch/s390/Makefile | 2 arch/s390/include/asm/sclp.h | 1 arch/s390/kernel/perf_cpum_cf.c | 2 arch/s390/kernel/perf_pai_crypto.c | 2 arch/s390/kernel/perf_pai_ext.c | 2 arch/s390/kernel/setup.c | 5 arch/s390/purgatory/Makefile | 2 arch/x86/events/amd/ibs.c | 2 arch/x86/include/asm/kvm_host.h | 2 arch/x86/kernel/smpboot.c | 10 arch/x86/kvm/lapic.c | 11 arch/x86/kvm/vmx/vmx.c | 2 arch/x86/kvm/vmx/x86_ops.h | 2 block/bio-integrity.c | 15 block/blk-core.c | 21 block/blk-mq.c | 34 block/blk-mq.h | 6 block/blk-sysfs.c | 9 block/genhd.c | 22 block/partitions/ldm.h | 2 crypto/algapi.c | 4 drivers/acpi/acpica/achware.h | 2 drivers/acpi/fan_core.c | 10 drivers/base/class.c | 9 drivers/block/nbd.c | 1 drivers/block/ps3disk.c | 4 drivers/bluetooth/btbcm.c | 3 drivers/bluetooth/btnxpuart.c | 3 drivers/bluetooth/btrtl.c | 4 drivers/bluetooth/btusb.c | 7 drivers/cdx/Makefile | 2 drivers/char/ipmi/ipmb_dev_int.c | 3 drivers/char/ipmi/ssif_bmc.c | 5 drivers/clk/analogbits/wrpll-cln28hpc.c | 2 drivers/clk/clk.c | 4 drivers/clk/imx/clk-imx8mp.c | 5 drivers/clk/imx/clk-imx93.c | 89 +- drivers/clk/qcom/camcc-x1e80100.c | 7 drivers/clk/qcom/gcc-sdm845.c | 32 drivers/clk/qcom/gcc-x1e80100.c | 2 drivers/clk/ralink/clk-mtmips.c | 1 drivers/clk/renesas/renesas-cpg-mssr.c | 2 drivers/clk/sunxi-ng/ccu-sun50i-a64.c | 13 drivers/clk/sunxi-ng/ccu-sun50i-a64.h | 2 drivers/clk/thead/clk-th1520-ap.c | 13 drivers/cpufreq/acpi-cpufreq.c | 36 drivers/cpufreq/qcom-cpufreq-hw.c | 34 drivers/crypto/caam/blob_gen.c | 3 drivers/crypto/hisilicon/sec2/sec.h | 3 drivers/crypto/hisilicon/sec2/sec_crypto.c | 161 ++-- drivers/crypto/hisilicon/sec2/sec_crypto.h | 11 drivers/crypto/intel/iaa/Makefile | 2 drivers/crypto/intel/iaa/iaa_crypto_main.c | 2 drivers/crypto/intel/ixp4xx/ixp4xx_crypto.c | 3 drivers/crypto/intel/qat/qat_common/Makefile | 2 drivers/crypto/tegra/tegra-se-aes.c | 7 drivers/crypto/tegra/tegra-se-hash.c | 7 drivers/dma/idxd/Makefile | 2 drivers/dma/ti/edma.c | 3 drivers/firewire/device-attribute-test.c | 2 drivers/firmware/efi/sysfb_efi.c | 2 drivers/firmware/qcom/qcom_scm.c | 42 - drivers/gpio/gpio-idio-16.c | 2 drivers/gpio/gpio-mxc.c | 3 drivers/gpio/gpio-pca953x.c | 3 drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gfx_v9.c | 6 drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 1 drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c | 4 drivers/gpu/drm/amd/amdgpu/gfx_v9_4_3.c | 6 drivers/gpu/drm/amd/amdgpu/vcn_v4_0_3.c | 2 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.h | 2 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 34 drivers/gpu/drm/amd/display/dc/dpp/dcn10/dcn10_dpp.c | 3 drivers/gpu/drm/amd/display/dc/hubp/dcn10/dcn10_hubp.c | 10 drivers/gpu/drm/amd/display/dc/hubp/dcn10/dcn10_hubp.h | 2 drivers/gpu/drm/amd/display/dc/hubp/dcn20/dcn20_hubp.c | 1 drivers/gpu/drm/amd/display/dc/hubp/dcn201/dcn201_hubp.c | 1 drivers/gpu/drm/amd/display/dc/hubp/dcn21/dcn21_hubp.c | 3 drivers/gpu/drm/amd/display/dc/hubp/dcn30/dcn30_hubp.c | 3 drivers/gpu/drm/amd/display/dc/hubp/dcn31/dcn31_hubp.c | 1 drivers/gpu/drm/amd/display/dc/hubp/dcn32/dcn32_hubp.c | 1 drivers/gpu/drm/amd/display/dc/hubp/dcn35/dcn35_hubp.c | 1 drivers/gpu/drm/amd/display/dc/hubp/dcn401/dcn401_hubp.c | 3 drivers/gpu/drm/amd/display/dc/hwss/dcn10/dcn10_hwseq.c | 2 drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c | 2 drivers/gpu/drm/amd/display/dc/inc/hw/hubp.h | 2 drivers/gpu/drm/amd/pm/powerplay/hwmgr/ppatomctrl.c | 2 drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega10_powertune.c | 5 drivers/gpu/drm/bridge/ite-it6505.c | 2 drivers/gpu/drm/display/drm_hdmi_state_helper.c | 8 drivers/gpu/drm/etnaviv/etnaviv_gem.c | 16 drivers/gpu/drm/msm/adreno/a6xx_gmu.c | 8 drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_10_0_sm8650.h | 2 drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_4_1_sdm670.h | 54 + drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_5_0_sm8150.h | 2 drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_5_1_sc8180x.h | 2 drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_6_0_sm8250.h | 2 drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_7_0_sm8350.h | 2 drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_9_0_sm8550.h | 2 drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_9_2_x1e80100.h | 2 drivers/gpu/drm/msm/disp/mdp4/mdp4_lcdc_encoder.c | 2 drivers/gpu/drm/msm/dp/dp_audio.c | 2 drivers/gpu/drm/msm/hdmi/hdmi_phy_8998.c | 2 drivers/gpu/drm/msm/msm_kms.c | 1 drivers/gpu/drm/panthor/panthor_device.c | 4 drivers/gpu/drm/rockchip/rockchip_drm_vop2.c | 115 ++- drivers/gpu/drm/rockchip/rockchip_drm_vop2.h | 10 drivers/gpu/drm/rockchip/rockchip_vop2_reg.c | 26 drivers/gpu/drm/v3d/v3d_debugfs.c | 4 drivers/gpu/drm/v3d/v3d_perfmon.c | 15 drivers/gpu/drm/v3d/v3d_regs.h | 29 drivers/hid/hid-core.c | 2 drivers/hid/hid-input.c | 37 - drivers/hid/hid-multitouch.c | 2 drivers/hid/hid-thrustmaster.c | 8 drivers/hwmon/Kconfig | 4 drivers/hwmon/nct6775-core.c | 6 drivers/i2c/busses/i2c-designware-common.c | 5 drivers/i2c/busses/i2c-designware-master.c | 5 drivers/i2c/busses/i2c-designware-slave.c | 5 drivers/i3c/master/dw-i3c-master.c | 1 drivers/infiniband/hw/Makefile | 2 drivers/infiniband/hw/bnxt_re/ib_verbs.c | 7 drivers/infiniband/hw/cxgb4/device.c | 6 drivers/infiniband/hw/cxgb4/qp.c | 8 drivers/infiniband/hw/hns/Kconfig | 20 drivers/infiniband/hw/hns/Makefile | 9 drivers/infiniband/hw/mlx4/main.c | 8 drivers/infiniband/hw/mlx5/odp.c | 62 + drivers/infiniband/sw/rxe/rxe_param.h | 2 drivers/infiniband/sw/rxe/rxe_pool.c | 11 drivers/infiniband/sw/rxe/rxe_verbs.c | 5 drivers/infiniband/ulp/rtrs/rtrs.c | 3 drivers/infiniband/ulp/srp/ib_srp.c | 1 drivers/iommu/amd/amd_iommu.h | 1 drivers/iommu/amd/iommu.c | 9 drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 17 drivers/iommu/iommufd/iova_bitmap.c | 2 drivers/iommu/iommufd/main.c | 2 drivers/leds/leds-cht-wcove.c | 6 drivers/leds/leds-netxbig.c | 1 drivers/md/md-bitmap.c | 79 +- drivers/md/md-bitmap.h | 7 drivers/md/md.c | 34 drivers/md/md.h | 5 drivers/md/raid1.c | 34 drivers/md/raid1.h | 1 drivers/md/raid10.c | 26 drivers/md/raid10.h | 1 drivers/md/raid5-cache.c | 4 drivers/md/raid5.c | 111 +-- drivers/md/raid5.h | 4 drivers/media/i2c/imx290.c | 3 drivers/media/i2c/imx412.c | 42 - drivers/media/i2c/ov9282.c | 2 drivers/media/platform/marvell/mcam-core.c | 7 drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c | 7 drivers/media/platform/nxp/imx8-isi/imx8-isi-video.c | 3 drivers/media/platform/samsung/exynos4-is/mipi-csis.c | 10 drivers/media/platform/samsung/s3c-camif/camif-core.c | 13 drivers/media/rc/iguanair.c | 4 drivers/media/usb/dvb-usb-v2/af9035.c | 18 drivers/media/usb/dvb-usb-v2/lmedm04.c | 12 drivers/media/usb/uvc/uvc_queue.c | 3 drivers/media/usb/uvc/uvc_status.c | 1 drivers/memory/tegra/tegra20-emc.c | 8 drivers/mfd/syscon.c | 19 drivers/misc/cardreader/rtsx_usb.c | 15 drivers/mtd/hyperbus/hbmc-am654.c | 19 drivers/mtd/nand/raw/brcmnand/brcmnand.c | 5 drivers/net/ethernet/broadcom/bgmac.h | 3 drivers/net/ethernet/davicom/dm9000.c | 3 drivers/net/ethernet/freescale/fec_main.c | 31 drivers/net/ethernet/hisilicon/hns3/hnae3.c | 15 drivers/net/ethernet/hisilicon/hns3/hnae3.h | 2 drivers/net/ethernet/hisilicon/hns3/hns3_enet.c | 2 drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 2 drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 2 drivers/net/ethernet/intel/iavf/iavf_main.c | 19 drivers/net/ethernet/intel/ice/ice_adminq_cmd.h | 18 drivers/net/ethernet/intel/ice/ice_ethtool.c | 109 +-- drivers/net/ethernet/intel/ice/ice_ethtool.h | 38 - drivers/net/ethernet/intel/ice/ice_parser.h | 6 drivers/net/ethernet/intel/ice/ice_parser_rt.c | 12 drivers/net/ethernet/intel/idpf/idpf_controlq.c | 6 drivers/net/ethernet/intel/idpf/idpf_main.c | 15 drivers/net/ethernet/intel/idpf/idpf_virtchnl.c | 14 drivers/net/ethernet/marvell/octeon_ep/octep_main.c | 10 drivers/net/ethernet/marvell/octeon_ep_vf/octep_vf_main.c | 8 drivers/net/ethernet/mediatek/airoha_eth.c | 37 - drivers/net/ethernet/mellanox/mlx5/core/steering/hws/mlx5hws_definer.c | 2 drivers/net/ethernet/mellanox/mlxfw/mlxfw_fsm.c | 2 drivers/net/ethernet/mellanox/mlxsw/spectrum_mr.c | 8 drivers/net/ethernet/renesas/ravb_main.c | 22 drivers/net/ethernet/renesas/sh_eth.c | 4 drivers/net/ethernet/sfc/ef100_ethtool.c | 1 drivers/net/ethernet/sfc/ethtool.c | 1 drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 30 drivers/net/ethernet/ti/am65-cpsw-nuss.c | 2 drivers/net/netdevsim/netdevsim.h | 1 drivers/net/netdevsim/udp_tunnels.c | 23 drivers/net/phy/marvell-88q2xxx.c | 33 drivers/net/tap.c | 6 drivers/net/team/team_core.c | 7 drivers/net/tun.c | 6 drivers/net/usb/rtl8150.c | 22 drivers/net/vxlan/vxlan_vnifilter.c | 5 drivers/net/wireless/ath/ath11k/dp_rx.c | 1 drivers/net/wireless/ath/ath11k/hal_rx.c | 3 drivers/net/wireless/ath/ath12k/mac.c | 6 drivers/net/wireless/ath/wcn36xx/main.c | 5 drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwil.h | 2 drivers/net/wireless/intel/iwlwifi/fw/uefi.c | 44 - drivers/net/wireless/intel/iwlwifi/mvm/coex.c | 9 drivers/net/wireless/intel/iwlwifi/mvm/tx.c | 4 drivers/net/wireless/mediatek/mt76/mac80211.c | 2 drivers/net/wireless/mediatek/mt76/mt7615/mcu.c | 2 drivers/net/wireless/mediatek/mt76/mt76_connac_mcu.c | 2 drivers/net/wireless/mediatek/mt76/mt76_connac_mcu.h | 1 drivers/net/wireless/mediatek/mt76/mt7915/init.c | 2 drivers/net/wireless/mediatek/mt76/mt7915/mac.c | 7 drivers/net/wireless/mediatek/mt76/mt7915/main.c | 9 drivers/net/wireless/mediatek/mt76/mt7915/mmio.c | 2 drivers/net/wireless/mediatek/mt76/mt7915/mt7915.h | 1 drivers/net/wireless/mediatek/mt76/mt7915/pci.c | 1 drivers/net/wireless/mediatek/mt76/mt7921/mac.c | 1 drivers/net/wireless/mediatek/mt76/mt7921/main.c | 9 drivers/net/wireless/mediatek/mt76/mt7925/mac.c | 6 drivers/net/wireless/mediatek/mt76/mt7925/main.c | 109 ++- drivers/net/wireless/mediatek/mt76/mt7925/mcu.c | 142 ++- drivers/net/wireless/mediatek/mt76/mt7925/mcu.h | 5 drivers/net/wireless/mediatek/mt76/mt7925/mt7925.h | 2 drivers/net/wireless/mediatek/mt76/mt792x.h | 7 drivers/net/wireless/mediatek/mt76/mt792x_core.c | 3 drivers/net/wireless/mediatek/mt76/mt792x_mac.c | 2 drivers/net/wireless/mediatek/mt76/mt7996/init.c | 20 drivers/net/wireless/mediatek/mt76/mt7996/mac.c | 5 drivers/net/wireless/mediatek/mt76/mt7996/main.c | 3 drivers/net/wireless/mediatek/mt76/mt7996/mcu.c | 47 - drivers/net/wireless/mediatek/mt76/mt7996/mmio.c | 2 drivers/net/wireless/mediatek/mt76/usb.c | 4 drivers/net/wireless/realtek/rtlwifi/base.c | 13 drivers/net/wireless/realtek/rtlwifi/base.h | 1 drivers/net/wireless/realtek/rtlwifi/pci.c | 61 - drivers/net/wireless/realtek/rtlwifi/rtl8192se/sw.c | 7 drivers/net/wireless/realtek/rtlwifi/rtl8821ae/phy.c | 4 drivers/net/wireless/realtek/rtlwifi/usb.c | 12 drivers/net/wireless/realtek/rtlwifi/wifi.h | 12 drivers/net/wireless/realtek/rtw89/chan.c | 212 +++++ drivers/net/wireless/realtek/rtw89/chan.h | 28 drivers/net/wireless/realtek/rtw89/core.c | 122 +-- drivers/net/wireless/realtek/rtw89/core.h | 27 drivers/net/wireless/realtek/rtw89/fw.c | 40 - drivers/net/wireless/realtek/rtw89/mac.c | 3 drivers/net/wireless/realtek/rtw89/mac80211.c | 10 drivers/net/wireless/ti/wlcore/main.c | 10 drivers/nvme/host/core.c | 34 drivers/nvme/host/tcp.c | 70 + drivers/of/fdt.c | 13 drivers/of/of_private.h | 3 drivers/of/of_reserved_mem.c | 176 +++- drivers/of/property.c | 2 drivers/opp/core.c | 57 + drivers/opp/of.c | 4 drivers/pci/controller/dwc/pci-imx6.c | 30 drivers/pci/controller/dwc/pcie-designware-host.c | 1 drivers/pci/controller/dwc/pcie-qcom.c | 2 drivers/pci/controller/pcie-rcar-ep.c | 2 drivers/pci/controller/plda/pcie-microchip-host.c | 222 ++++-- drivers/pci/controller/plda/pcie-plda-host.c | 17 drivers/pci/controller/plda/pcie-plda.h | 6 drivers/pci/endpoint/functions/pci-epf-test.c | 6 drivers/pci/endpoint/pci-epc-core.c | 2 drivers/pinctrl/nomadik/pinctrl-nomadik.c | 35 drivers/pinctrl/pinctrl-amd.c | 27 drivers/pinctrl/pinctrl-amd.h | 7 drivers/pinctrl/samsung/pinctrl-exynos.c | 3 drivers/pinctrl/stm32/pinctrl-stm32.c | 76 +- drivers/platform/mellanox/mlxbf-pmc.c | 6 drivers/platform/x86/x86-android-tablets/lenovo.c | 4 drivers/pps/clients/pps-gpio.c | 4 drivers/pps/clients/pps-ktimer.c | 4 drivers/pps/clients/pps-ldisc.c | 6 drivers/pps/clients/pps_parport.c | 4 drivers/pps/kapi.c | 10 drivers/pps/kc.c | 10 drivers/pps/pps.c | 127 +-- drivers/ptp/ptp_chardev.c | 4 drivers/ptp/ptp_ocp.c | 2 drivers/pwm/core.c | 2 drivers/pwm/pwm-dwc-core.c | 2 drivers/pwm/pwm-lpss.c | 2 drivers/pwm/pwm-stm32-lp.c | 8 drivers/pwm/pwm-stm32.c | 7 drivers/regulator/core.c | 2 drivers/regulator/of_regulator.c | 14 drivers/remoteproc/mtk_scp.c | 12 drivers/remoteproc/remoteproc_core.c | 14 drivers/rtc/rtc-loongson.c | 13 drivers/rtc/rtc-pcf85063.c | 11 drivers/rtc/rtc-tps6594.c | 2 drivers/s390/char/sclp.c | 12 drivers/scsi/mpi3mr/mpi3mr_app.c | 8 drivers/scsi/mpt3sas/mpt3sas_base.c | 3 drivers/soc/atmel/soc.c | 2 drivers/spi/spi-omap2-mcspi.c | 11 drivers/spi/spi-zynq-qspi.c | 13 drivers/staging/media/imx/imx-media-of.c | 8 drivers/staging/media/max96712/max96712.c | 4 drivers/tty/mips_ejtag_fdc.c | 4 drivers/tty/serial/8250/8250_port.c | 32 drivers/tty/serial/sc16is7xx.c | 2 drivers/ufs/core/ufs_bsg.c | 1 drivers/usb/dwc3/core.c | 35 drivers/usb/dwc3/dwc3-am62.c | 1 drivers/usb/gadget/function/f_tcm.c | 14 drivers/usb/host/xhci-ring.c | 3 drivers/usb/storage/Makefile | 2 drivers/usb/typec/tcpm/tcpci.c | 13 drivers/usb/typec/tcpm/tcpm.c | 10 drivers/video/fbdev/omap2/omapfb/dss/dss-of.c | 1 drivers/watchdog/rti_wdt.c | 1 fs/afs/dir.c | 7 fs/afs/internal.h | 9 fs/afs/rxrpc.c | 12 fs/afs/xdr_fs.h | 2 fs/afs/yfsclient.c | 5 fs/btrfs/inode.c | 95 ++ fs/btrfs/qgroup.c | 21 fs/btrfs/subpage.c | 6 fs/btrfs/subpage.h | 13 fs/btrfs/super.c | 2 fs/dlm/lock.c | 46 - fs/dlm/lowcomms.c | 3 fs/erofs/internal.h | 17 fs/erofs/zdata.c | 190 +++-- fs/erofs/zutil.c | 155 ---- fs/f2fs/dir.c | 53 + fs/f2fs/f2fs.h | 6 fs/f2fs/inline.c | 5 fs/file_table.c | 2 fs/hostfs/hostfs_kern.c | 27 fs/nfs/localio.c | 4 fs/nfs/nfs42proc.c | 2 fs/nfs/nfs42xdr.c | 2 fs/nfs_common/common.c | 89 ++ fs/nilfs2/dir.c | 13 fs/nilfs2/namei.c | 29 fs/nilfs2/nilfs.h | 4 fs/nilfs2/page.c | 31 fs/nilfs2/segment.c | 4 fs/ocfs2/quota_global.c | 5 fs/pstore/blk.c | 4 fs/select.c | 4 fs/smb/client/cifsacl.c | 25 fs/smb/client/cifsproto.h | 2 fs/smb/client/cifssmb.c | 4 fs/smb/client/readdir.c | 2 fs/smb/client/reparse.c | 22 fs/smb/client/smb2ops.c | 3 fs/ubifs/debug.c | 22 fs/xfs/xfs_buf.c | 3 fs/xfs/xfs_notify_failure.c | 121 ++- include/acpi/acpixf.h | 1 include/dt-bindings/clock/imx93-clock.h | 7 include/dt-bindings/clock/sun50i-a64-ccu.h | 2 include/linux/btf.h | 5 include/linux/coredump.h | 4 include/linux/ethtool.h | 4 include/linux/export.h | 2 include/linux/hid.h | 1 include/linux/ieee80211.h | 11 include/linux/kallsyms.h | 2 include/linux/mroute_base.h | 6 include/linux/netdevice.h | 2 include/linux/nfs_common.h | 3 include/linux/perf_event.h | 6 include/linux/pps_kernel.h | 3 include/linux/ptr_ring.h | 21 include/linux/sched.h | 1 include/linux/skb_array.h | 17 include/linux/usb/tcpm.h | 3 include/net/ax25.h | 10 include/net/inetpeer.h | 12 include/net/netfilter/nf_tables.h | 6 include/net/netns/xfrm.h | 1 include/net/pkt_cls.h | 13 include/net/sch_generic.h | 5 include/net/xfrm.h | 30 include/sound/hdaudio_ext.h | 45 - include/trace/events/afs.h | 2 include/trace/events/rxrpc.h | 25 include/uapi/linux/xfrm.h | 2 io_uring/uring_cmd.c | 2 kernel/bpf/arena.c | 8 kernel/bpf/bpf_local_storage.c | 8 kernel/bpf/bpf_struct_ops.c | 21 kernel/bpf/btf.c | 5 kernel/bpf/helpers.c | 18 kernel/dma/coherent.c | 14 kernel/events/core.c | 35 kernel/irq/internals.h | 9 kernel/module/main.c | 7 kernel/padata.c | 45 - kernel/power/hibernate.c | 7 kernel/printk/internal.h | 6 kernel/printk/printk.c | 5 kernel/printk/printk_safe.c | 7 kernel/sched/core.c | 83 +- kernel/sched/cpufreq_schedutil.c | 4 kernel/sched/fair.c | 21 kernel/sched/features.h | 9 kernel/sched/sched.h | 56 - kernel/sched/stats.h | 33 kernel/sched/syscalls.c | 2 kernel/trace/bpf_trace.c | 13 lib/rhashtable.c | 12 mm/memcontrol.c | 7 mm/oom_kill.c | 8 net/ax25/af_ax25.c | 12 net/ax25/ax25_dev.c | 4 net/ax25/ax25_ip.c | 3 net/ax25/ax25_out.c | 22 net/ax25/ax25_route.c | 2 net/core/dev.c | 21 net/core/filter.c | 2 net/core/sysctl_net_core.c | 5 net/ethtool/ioctl.c | 8 net/ethtool/netlink.c | 2 net/hsr/hsr_forward.c | 7 net/ipv4/esp4_offload.c | 6 net/ipv4/icmp.c | 9 net/ipv4/inetpeer.c | 31 net/ipv4/ip_fragment.c | 15 net/ipv4/ipmr.c | 28 net/ipv4/ipmr_base.c | 9 net/ipv4/route.c | 17 net/ipv4/tcp_cubic.c | 8 net/ipv4/tcp_output.c | 9 net/ipv4/udp.c | 56 + net/ipv6/esp6_offload.c | 6 net/ipv6/icmp.c | 6 net/ipv6/ip6_output.c | 6 net/ipv6/ip6mr.c | 28 net/ipv6/ndisc.c | 8 net/ipv6/udp.c | 50 + net/key/af_key.c | 7 net/mac80211/debugfs_netdev.c | 2 net/mac80211/driver-ops.h | 3 net/mac80211/rx.c | 1 net/mptcp/ctrl.c | 4 net/mptcp/options.c | 13 net/mptcp/pm_netlink.c | 3 net/mptcp/protocol.c | 4 net/mptcp/protocol.h | 30 net/ncsi/ncsi-rsp.c | 18 net/netfilter/nf_tables_api.c | 57 + net/netfilter/nft_flow_offload.c | 16 net/netfilter/nft_set_rbtree.c | 43 + net/rose/af_rose.c | 16 net/rose/rose_timer.c | 15 net/rxrpc/conn_event.c | 12 net/rxrpc/peer_event.c | 16 net/rxrpc/peer_object.c | 12 net/sched/cls_api.c | 57 - net/sched/cls_bpf.c | 2 net/sched/cls_flower.c | 2 net/sched/cls_matchall.c | 2 net/sched/cls_u32.c | 4 net/sched/sch_api.c | 4 net/sched/sch_generic.c | 4 net/sched/sch_sfq.c | 43 - net/smc/af_smc.c | 2 net/smc/smc_rx.c | 37 - net/smc/smc_rx.h | 8 net/sunrpc/svcsock.c | 12 net/vmw_vsock/af_vsock.c | 5 net/wireless/scan.c | 7 net/wireless/tests/scan.c | 2 net/xfrm/xfrm_compat.c | 6 net/xfrm/xfrm_input.c | 2 net/xfrm/xfrm_policy.c | 12 net/xfrm/xfrm_replay.c | 10 net/xfrm/xfrm_state.c | 256 ++++++- net/xfrm/xfrm_user.c | 59 + samples/landlock/sandboxer.c | 7 scripts/Makefile.lib | 4 scripts/genksyms/genksyms.c | 11 scripts/genksyms/genksyms.h | 2 scripts/genksyms/parse.y | 18 scripts/kconfig/confdata.c | 6 scripts/kconfig/symbol.c | 1 security/landlock/fs.c | 11 sound/core/seq/Kconfig | 4 sound/pci/hda/patch_realtek.c | 1 sound/soc/amd/acp/acp-i2s.c | 1 sound/soc/codecs/Makefile | 6 sound/soc/codecs/da7213.c | 2 sound/soc/intel/avs/apl.c | 3 sound/soc/intel/avs/cnl.c | 1 sound/soc/intel/avs/core.c | 14 sound/soc/intel/avs/loader.c | 2 sound/soc/intel/avs/registers.h | 45 + sound/soc/intel/avs/skl.c | 1 sound/soc/intel/avs/topology.c | 4 sound/soc/intel/boards/sof_sdw.c | 47 - sound/soc/mediatek/mt8365/Makefile | 2 sound/soc/rockchip/rockchip_i2s_tdm.c | 31 sound/soc/sh/rz-ssi.c | 3 sound/soc/sunxi/sun4i-spdif.c | 7 sound/usb/quirks.c | 2 tools/bootconfig/main.c | 4 tools/include/uapi/linux/if_xdp.h | 4 tools/lib/bpf/btf.c | 1 tools/lib/bpf/btf_relocate.c | 2 tools/lib/bpf/linker.c | 22 tools/lib/bpf/usdt.c | 2 tools/net/ynl/lib/ynl.c | 2 tools/perf/MANIFEST | 1 tools/perf/builtin-inject.c | 8 tools/perf/builtin-lock.c | 66 + tools/perf/builtin-report.c | 2 tools/perf/builtin-top.c | 2 tools/perf/builtin-trace.c | 6 tools/perf/tests/shell/trace_btf_enum.sh | 8 tools/perf/util/bpf-event.c | 10 tools/perf/util/bpf_skel/augmented_raw_syscalls.bpf.c | 11 tools/perf/util/env.c | 13 tools/perf/util/env.h | 4 tools/perf/util/expr.c | 5 tools/perf/util/header.c | 8 tools/perf/util/machine.c | 2 tools/perf/util/maps.c | 7 tools/perf/util/namespaces.c | 7 tools/perf/util/namespaces.h | 3 tools/power/cpupower/utils/idle_monitor/mperf_monitor.c | 15 tools/power/x86/turbostat/turbostat.8 | 25 tools/power/x86/turbostat/turbostat.c | 163 ++++ tools/testing/ktest/ktest.pl | 7 tools/testing/selftests/bpf/Makefile | 4 tools/testing/selftests/bpf/prog_tests/btf_distill.c | 4 tools/testing/selftests/bpf/prog_tests/fill_link_info.c | 4 tools/testing/selftests/bpf/prog_tests/tailcalls.c | 120 ++- tools/testing/selftests/bpf/progs/tc_bpf2bpf.c | 5 tools/testing/selftests/bpf/progs/test_fill_link_info.c | 13 tools/testing/selftests/bpf/test_tc_tunnel.sh | 1 tools/testing/selftests/bpf/xdp_hw_metadata.c | 2 tools/testing/selftests/drivers/net/netdevsim/udp_tunnel_nic.sh | 16 tools/testing/selftests/ftrace/test.d/00basic/mount_options.tc | 8 tools/testing/selftests/kselftest/ktap_helpers.sh | 2 tools/testing/selftests/kselftest_harness.h | 24 tools/testing/selftests/landlock/Makefile | 4 tools/testing/selftests/landlock/fs_test.c | 3 tools/testing/selftests/net/lib/Makefile | 2 tools/testing/selftests/net/mptcp/Makefile | 2 tools/testing/selftests/net/openvswitch/Makefile | 2 tools/testing/selftests/powerpc/benchmarks/gettimeofday.c | 2 tools/testing/selftests/rseq/rseq.c | 32 tools/testing/selftests/rseq/rseq.h | 9 tools/testing/selftests/timers/clocksource-switch.c | 6 677 files changed, 6485 insertions(+), 3583 deletions(-) Aaro Koskinen (1): ARM: omap1: Fix up the Retu IRQ on Nokia 770 Abel Vesa (1): clk: qcom: gcc-x1e80100: Do not turn off usb_2 controller GDSC Ahmad Fatoum (1): gpio: mxc: remove dead code after switch to DT-only Akhil R (1): arm64: tegra: Fix DMA ID for SPI2 Al Viro (1): hostfs: fix string handling in __dentry_name() Alan Stern (1): HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections Alejandro Jimenez (1): iommu/amd: Remove unused amd_iommu_domain_update() Alex Deucher (1): Revert "drm/amdgpu/gfx9: put queue resets behind a debug option" Alexander Aring (2): dlm: fix removal of rsb struct that is master and dir record dlm: fix srcu_read_lock() return type to int Alexander Stein (2): ARM: dts: imx7-tqma7: add missing vs-supply for LM75A (rev. 01xxx) regulator: core: Add missing newline character Alexandre Cassen (1): xfrm: delete intermediate secpath entry in packet offload mode Amadeusz Sławiński (1): ASoC: Intel: avs: Fix init-config parsing Amit Pundir (1): clk: qcom: gcc-sdm845: Do not use shared clk_ops for QUPs Andreas Kemnade (1): wifi: wlcore: fix unbalanced pm_runtime calls Andrii Nakryiko (1): libbpf: don't adjust USDT semaphore address if .stapsdt.base addr is missing Andy Strohman (1): wifi: mac80211: fix tid removal during mesh forwarding Andy Yan (7): drm/rockchip: vop2: Fix cluster windows alpha ctrl regsiters offset drm/rockchip: vop2: Fix the mixer alpha setup for layer 0 drm/rockchip: vop2: Fix the windows switch between different layers drm/rockchip: vop2: Set AXI id for rk3588 drm/rockchip: vop2: Setup delay cycle for Esmart2/3 drm/rockchip: vop2: Check linear format for Cluster windows on rk3566/8 drm/rockchip: vop2: Add check for 32 bpp format for rk3588 Antoine Tenart (1): net: avoid race between device unregistration and ethnl ops Anumula Murali Mohan Reddy (1): RDMA/cxgb4: Notify rdma stack for IB_EVENT_QP_LAST_WQE_REACHED event Aric Cyr (1): drm/amd/display: Add hubp cache reset when powergating Arnaldo Carvalho de Melo (4): perf top: Don't complain about lack of vmlinux when not resolving some kernel samples perf namespaces: Introduce nsinfo__set_in_pidns() perf namespaces: Fixup the nsinfo__in_pidns() return type, its bool perf MANIFEST: Add arch/*/include/uapi/asm/bpf_perf_event.h to the perf tarball Arnaud Pouliquen (2): ARM: dts: stm32: Fix IPCC EXTI declaration on stm32mp151 remoteproc: core: Fix ida_free call while not allocated Ba Jing (1): ktest.pl: Remove unused declarations in run_bisect_test function Balaji Pothunoori (1): wifi: ath11k: Fix unexpected return buffer manager error for WCN6750/WCN6855 Bard Liao (1): ASoC: Intel: sof_sdw: correct mach_params->dmic_num Barnabás Czémán (1): wifi: wcn36xx: fix channel survey memory allocation size Benjamin Lin (2): wifi: mt76: mt7996: fix incorrect indexing of MIB FW event wifi: mt76: mt7996: fix definition of tx descriptor Bo Gan (1): clk: analogbits: Fix incorrect calculation of vco rate delta Bokun Zhang (1): drm/amdgpu/vcn: reset fw_shared under SRIOV Boris Brezillon (1): drm/panthor: Preserve the result returned by panthor_fw_resume() Breno Leitao (1): rhashtable: Fix potential deadlock by moving schedule_work outside lock Bryan Brattlof (2): arm64: dts: ti: k3-am62: Remove duplicate GICR reg arm64: dts: ti: k3-am62a: Remove duplicate GICR reg Bryan O'Donoghue (2): clk: qcom: camcc-x1e80100: Set titan_top_gdsc as the parent GDSC of subordinate GDSCs arm64: dts: qcom: sdm845-db845c-navigation-mezzanine: Convert mezzanine riser to dtso Calvin Owens (1): pps: Fix a use-after-free Cezary Rojewski (4): ASoC: Intel: avs: Do not readq() u32 registers ASoC: Intel: avs: Fix the minimum firmware version numbers ASoC: Intel: avs: Fix theoretical infinite loop ALSA: hda: Fix compilation of snd_hdac_adsp_xxx() helpers Charles Han (4): ipmi: ipmb: Add check devm_kasprintf() returned value wifi: mt76: mt7925: fix NULL deref check in mt7925_change_vif_links Bluetooth: btbcm: Fix NULL deref in btbcm_get_board_name() firewire: test: Fix potential null dereference in firewire kunit test Chen Ni (1): media: lmedm04: Handle errors for lme2510_int_read Chen Ridong (5): crypto: tegra - do not transfer req when tegra init fails padata: fix UAF in padata_reorder padata: add pd get/put refcnt helper padata: avoid UAF for reorder_work memcg: fix soft lockup in the OOM process Chen-Yu Tsai (12): regulator: dt-bindings: mt6315: Drop regulator-compatible property arm64: dts: mediatek: mt8173-evb: Drop regulator-compatible property arm64: dts: mediatek: mt8173-elm: Drop regulator-compatible property arm64: dts: mediatek: mt8192-asurada: Drop regulator-compatible property arm64: dts: mediatek: mt8195-cherry: Drop regulator-compatible property arm64: dts: mediatek: mt8195-demo: Drop regulator-compatible property arm64: dts: medaitek: mt8395-nio-12l: Drop regulator-compatible property arm64: dts: mediatek: mt8395-genio-1200-evk: Drop regulator-compatible property arm64: dts: mediatek: mt8173-elm: Fix MT6397 PMIC sub-node names arm64: dts: mediatek: mt8173-evb: Fix MT6397 PMIC sub-node names arm64: dts: mediatek: mt8183-kukui-jacuzzi: Drop pp3300_panel voltage settings remoteproc: mtk_scp: Only populate devices for SCP cores Chengming Zhou (1): psi: Fix race when task wakes up before psi_sched_switch() adjusts flags Chenyuan Yang (1): net: davicom: fix UAF in dm9000_drv_remove Chih-Kang Chang (1): wifi: rtw89: avoid to init mgnt_entry list twice when WoWLAN failed Christian Marangi (1): net: airoha: Fix wrong GDM4 register definition Christoph Hellwig (4): block: copy back bounce buffer to user-space correctly in case of split block: check BLK_FEAT_POLL under q_usage_count block: don't update BLK_FEAT_POLL in __blk_mq_update_nr_hw_queues xfs: check for dead buffers in xfs_buf_find_insert Christophe JAILLET (3): drm/amd/pm: Fix an error handling path in vega10_enable_se_edc_force_stall_config() wifi: mt76: mt7915: Fix an error handling path in mt7915_add_interface() pinctrl: samsung: Fix irq handling if an error occurs in exynos_irq_demux_eint16_31() Christophe Leroy (4): select: Fix unbalanced user_access_end() perf maps: Fix display of kernel symbols perf machine: Don't ignore _etext when not a text symbol module: Don't fail module loading when setting ro_after_init section RO failed Chuck Lever (1): Revert "SUNRPC: Reduce thread wake-up rate when receiving large RPC messages" Chun-Tse Shao (1): perf lock: Fix parse_lock_type which only retrieve one lock flag Claudiu Beznea (3): ASoC: renesas: rz-ssi: Use only the proper amount of dividers arm64: dts: renesas: rzg3s-smarc: Fix the debug serial alias ASoC: da7213: Initialize the mutex Colin Ian King (1): wifi: rtlwifi: rtl8821ae: phy: restore removed code to fix infinite loop Conor Dooley (1): PCI: microchip: Add support for using either Root Port 1 or 2 Cristian Birsan (2): ARM: dts: microchip: sama5d29_curiosity: Add no-1-8-v property to sdmmc0 node ARM: dts: microchip: sama5d27_wlsom1_ek: Add no-1-8-v property to sdmmc0 node Daire McNamara (1): PCI: microchip: Set inbound address translation for coherent or non-coherent mode Dan Carpenter (4): wifi: mt76: mt7925: fix off by one in mt7925_load_clc() rdma/cxgb4: Prevent potential integer overflow on 32bit rtc: tps6594: Fix integer overflow on 32bit systems media: imx-jpeg: Fix potential error pointer dereference in detach_pm() Daniel Baluta (1): ASoC: amd: acp: Fix possible deadlock Daniel Gabay (1): wifi: iwlwifi: mvm: don't count mgmt frames as MPDU Daniel Lee (1): f2fs: Introduce linear search for dentries Daniel Xu (1): bpf: tcp: Mark bpf_load_hdr_opt() arg2 as read-write Darrick J. Wong (1): xfs: don't shut down the filesystem for media failures beyond end of log Dave Stevenson (2): media: i2c: imx290: Register 0x3011 varies between imx327 and imx290 media: i2c: ov9282: Correct the exposure offset David Howells (6): afs: Fix EEXIST error returned from afs_rmdir() to be ENOTEMPTY afs: Fix directory format encoding struct afs: Fix cleanup of immediately failed async calls afs: Fix the fallback handling for the YFS.RemoveFile2 RPC call rxrpc: Fix handling of received connection abort rxrpc, afs: Fix peer hash locking vs RCU callback Derek Foreman (1): drm/connector: Allow clearing HDMI infoframes Desnes Nunes (1): media: dvb-usb-v2: af9035: fix ISO C90 compilation error on af9035_i2c_master_xfer Detlev Casanova (1): ASoC: rockchip: i2s_tdm: Re-add the set_sysclk callback Dheeraj Reddy Jonnalagadda (1): net: fec: implement TSO descriptor cleanup Dimitri Fedrau (1): net: phy: marvell-88q2xxx: Fix temperature measurement with reset-gpios Dmitry Antipov (1): wifi: cfg80211: adjust allocation of colocated AP data Dmitry Baryshkov (28): drm/msm/dp: set safe_to_exit_level before printing it drm/msm/dpu: provide DSPP and correct LM config for SDM670 drm/msm/dpu: link DSPP_2/_3 blocks on SM8150 drm/msm/dpu: link DSPP_2/_3 blocks on SC8180X drm/msm/dpu: link DSPP_2/_3 blocks on SM8250 drm/msm/dpu: link DSPP_2/_3 blocks on SM8350 drm/msm/dpu: link DSPP_2/_3 blocks on SM8550 drm/msm/dpu: link DSPP_2/_3 blocks on SM8650 drm/msm/dpu: link DSPP_2/_3 blocks on X1E80100 drm/msm: don't clean up priv->kms prematurely drm/msm/mdp4: correct LCDC regulator name arm64: dts: qcom: msm8916: correct sleep clock frequency arm64: dts: qcom: msm8939: correct sleep clock frequency arm64: dts: qcom: msm8994: correct sleep clock frequency arm64: dts: qcom: qcs404: correct sleep clock frequency arm64: dts: qcom: q[dr]u1000: correct sleep clock frequency arm64: dts: qcom: qrb4210-rb2: correct sleep clock frequency arm64: dts: qcom: sc7280: correct sleep clock frequency arm64: dts: qcom: sdx75: correct sleep clock frequency arm64: dts: qcom: sm4450: correct sleep clock frequency arm64: dts: qcom: sm6125: correct sleep clock frequency arm64: dts: qcom: sm6375: correct sleep clock frequency arm64: dts: qcom: sm8250: correct sleep clock frequency arm64: dts: qcom: sm8350: correct sleep clock frequency arm64: dts: qcom: sm8450: correct sleep clock frequency arm64: dts: qcom: sm8550: correct sleep clock frequency arm64: dts: qcom: sm8650: correct sleep clock frequency arm64: dts: qcom: x1e80100: correct sleep clock frequency Dmitry V. Levin (1): selftests: harness: fix printing of mismatch values in __EXPECT() Dmytro Maluka (1): of/fdt: Restore possibility to use both ACPI and FDT from bootloader Douglas Anderson (1): Bluetooth: btusb: mediatek: Add locks for usb_driver_claim_interface() Drew Fustini (3): clk: thead: Fix clk gate registration to pass flags clk: thead: Add CLK_IGNORE_UNUSED to fix TH1520 boot clk: thead: Fix cpu2vp_clk for TH1520 AP_SUBSYS clocks Edward Cree (1): net: ethtool: only allow set_rxnfc with rss + ring_cookie if driver opts in Emil Tantilov (2): idpf: add read memory barrier when checking descriptor done bit idpf: fix transaction timeouts on reset Eric Dumazet (11): net_sched: sch_sfq: handle bigger packets inetpeer: remove create argument of inet_getpeer_v[46]() inetpeer: remove create argument of inet_getpeer() inetpeer: update inetpeer timestamp in inet_getpeer() inetpeer: do not get a refcount in inet_getpeer() ptr_ring: do not block hard interrupts in ptr_ring_resize_multiple() ax25: rcu protect dev->ax25_ptr inet: ipmr: fix data-races ipmr: do not call mr_mfc_uses_dev() for unres entries net: rose: fix timer races against user threads net: hsr: fix fill_frame_info() regression vs VLAN packets Eric-SY Chang (1): wifi: mt76: mt7925: fix wrong band_idx setting when enable sniffer mode Eugen Hristev (1): pstore/blk: trivial typo fixes Everest K.C (1): xfrm: Add error handling when nla_put_u32() returns an error Felix Fietkau (4): wifi: mt76: mt7996: fix rx filter setting for bfee functionality wifi: mt76: only enable tx worker after setting the channel wifi: mt76: mt7915: firmware restart on devices with a second pcie link wifi: mt76: mt7915: fix omac index assignment after hardware reset Florian Westphal (2): netfilter: nft_flow_offload: update tcp state flags under lock xfrm: state: fix out-of-bounds read during lookup Frank Li (1): PCI: imx6: Configure PHY based on Root Complex or Endpoint mode Frank Wunderlich (1): arm64: dts: mediatek: mt7988: Add missing clock-div property for i2c Gal Pressman (2): ethtool: Fix set RXNFC command with symmetric RSS hash ethtool: Fix access to uninitialized fields in set RXNFC command Gao Xiang (4): erofs: get rid of erofs_{find,insert}_workgroup erofs: move erofs_workgroup operations into zdata.c erofs: sunset `struct erofs_workgroup` erofs: fix potential return value overflow of z_erofs_shrink_scan() Gaurav Batra (1): powerpc/pseries/iommu: IOMMU incorrectly marks MMIO range in DDW Gaurav Jain (1): crypto: caam - use JobR's space to access page 0 regs Gautham R. Shenoy (1): cpufreq: ACPI: Fix max-frequency computation Geert Uytterhoeven (4): ps3disk: Do not use dev->bounce_size before it is set dt-bindings: leds: class-multicolor: Fix path to color definitions selftests: timers: clocksource-switch: Adapt progress to kselftest framework dma-mapping: save base/size instead of pointer to shared DMA pool George Lander (1): ASoC: sun4i-spdif: Add clock multiplier settings Greg Kroah-Hartman (1): Linux 6.12.13 Guangguan Wang (1): net/smc: fix data error when recvmsg with MSG_PEEK flag Guixin Liu (2): scsi: ufs: bsg: Delete bsg_dev when setting up bsg fails scsi: mpi3mr: Fix possible crash when setting up bsg fails He Rongguang (1): cpupower: fix TSC MHz calculation Heiko Carstens (1): s390/sclp: Initialize sclp subsystem via arch_cpu_finalize_init() Heiko Stuebner (1): drm/rockchip: vop2: fix rk3588 dp+dsi maxclk verification Herbert Xu (2): crypto: api - Fix boot-up self-test race rhashtable: Fix rhashtable_try_insert test Hermes Wu (1): drm/bridge: it6505: Change definition of AUX_FIFO_MAX_SIZE Hou Tao (1): bpf: Cancel the running bpf_timer through kworker for PREEMPT_RT Howard Chu (2): perf trace: Fix BPF loading failure (-E2BIG) perf trace: Fix runtime error of index out of bounds Howard Hsu (2): wifi: mt76: mt7996: fix the capability of reception of EHT MU PPDU wifi: mt76: mt7996: fix HE Phy capability Hsin-Te Yuan (2): arm64: dts: mediatek: mt8183: kenzo: Support second source touchscreen arm64: dts: mediatek: mt8183: willow: Support second source touchscreen Hsin-Yi Wang (1): arm64: dts: mt8183: set DMIC one-wire mode on Damu Huacai Chen (1): LoongArch: Fix warnings during S3 suspend Ian Rogers (1): perf inject: Fix use without initialization of local variables Ilan Peer (1): wifi: mac80211: Fix common size calculation for ML element Ivan Stepchenko (1): drm/amdgpu: Fix potential NULL pointer dereference in atomctrl_get_smc_sclk_range_table Jakub Kicinski (3): net: netdevsim: try to close UDP port harness races tools: ynl: c: correct reverse decode of empty attrs ethtool: ntuple: fix rss + ring_cookie check Jamal Hadi Salim (1): net: sched: Disallow replacing of child qdisc from one parent to another Jan Stancek (2): selftests: mptcp: extend CFLAGS to keep options from environment selftests: net/{lib,openvswitch}: extend CFLAGS to keep options from environment Jason Gunthorpe (1): iommu/arm-smmuv3: Update comments about ATS and bypass Jason-JH.Lin (1): dts: arm64: mediatek: mt8195: Remove MT8183 compatible for OVL Javier Carrasco (2): clk: renesas: cpg-mssr: Fix 'soc' node handling in cpg_mssr_reserved_init() soc: atmel: fix device_node release in atmel_soc_device_init() Jens Axboe (2): nvme: fix bogus kzalloc() return check in nvme_init_effects_log() io_uring/uring_cmd: use cached cmd_op in io_uring_cmd_sock() Jiachen Zhang (1): perf report: Fix misleading help message about --demangle Jian Shen (1): net: hns3: fix oops when unload drivers paralleling Jianbo Liu (1): xfrm: replay: Fix the update of replay_esn->oseq_hi for GSO Jiang Liu (1): drm/amdgpu: tear down ttm range manager for doorbell in amdgpu_ttm_fini() Jiasheng Jiang (3): media: marvell: Add check for clk_enable() media: mipi-csis: Add check for clk_enable() media: camif-core: Add check for clk_enable() Jiayuan Chen (1): selftests/bpf: Avoid generating untracked files when running bpf selftests Jinliang Zheng (1): fs: fix proc_handler for sysctl_nr_open Jiri Kosina (1): HID: multitouch: fix support for Goodix PID 0x01e9 Jiri Slaby (SUSE) (1): tty: mips_ejtag_fdc: fix one more u8 warning Joe Hattori (14): clk: fix an OF node reference leak in of_clk_get_parent_name() ACPI: fan: cleanup resources in the error path of .probe() leds: netxbig: Fix an OF node reference leak in netxbig_leds_get_of_pdata() regulator: of: Implement the unwind path of of_regulator_match() OPP: OF: Fix an OF node leak in _opp_add_static_v2() leds: cht-wcove: Use devm_led_classdev_register() to avoid memory leak crypto: ixp4xx - fix OF node reference leaks in init_ixp_crypto() memory: tegra20-emc: fix an OF node reference bug in tegra_emc_find_node_by_ram_code() fbdev: omapfb: Fix an OF node leak in dss_of_port_get_parent_device() mtd: hyperbus: hbmc-am654: fix an OF node reference leak watchdog: rti_wdt: Fix an OF node leak in rti_wdt_probe() staging: media: imx: fix OF node leak in imx_media_add_of_subdevs() dmaengine: ti: edma: fix OF node reference leaks in edma_driver usb: dwc3-am62: Fix an OF node leak in phy_syscon_pll_refclk() Joel Stanley (2): hwmon: Fix help text for aspeed-g6-pwm-tach arm64: dts: qcom: x1e80100-romulus: Update firmware nodes Johannes Berg (3): wifi: iwlwifi: fw: read STEP table from correct UEFI var wifi: mac80211: prohibit deactivating all links wifi: mac80211: don't flush non-uploaded STAs Johannes Weiner (1): sched: psi: pass enqueue/dequeue flags to psi callbacks directly John Ogness (2): printk: Defer legacy printing when holding printk_cpu_sync serial: 8250: Adjust the timeout for FIFO mode John Stultz (1): sched: Split out __schedule() deactivate task logic into a helper Jon Maloy (1): tcp: correct handling of extreme memory squeeze Jonas Karlman (1): arm64: dts: rockchip: Fix sdmmc access on rk3308-rock-s0 v1.1 boards Jonathan Kim (1): drm/amdgpu: fix gpu recovery disable with per queue reset Jos Wang (1): usb: typec: tcpm: set SRC_SEND_CAPABILITIES timeout to PD_T_SENDER_RESPONSE Josua Mayer (2): arm64: dts: marvell: cn9131-cf-solidwan: fix cp1 comphy links arm64: dts: ti: k3-am642-hummingboard-t: Convert overlay to board dts Junxian Huang (1): RDMA/hns: Clean up the legacy CONFIG_INFINIBAND_HNS K Prateek Nayak (1): x86/topology: Use x86_sched_itmt_flags for PKG domain unconditionally Kailang Yang (1): ALSA: hda/realtek - Fixed headphone distorted sound on Acer Aspire A115-31 laptop Kalesh AP (1): RDMA/bnxt_re: Fix to drop reference to the mmap entry in case of error Kanchana P Sridhar (1): crypto: iaa - Fix IAA disabling that occurs when sync_mode is set to 'async' Karol Przybylski (1): HID: hid-thrustmaster: Fix warning in thrustmaster_probe by adding endpoint check Kees Cook (2): coredump: Do not lock during 'comm' reporting wifi: cfg80211: Move cfg80211_scan_req_add_chan() n_channels increment earlier Keisuke Nishimura (2): nvme: Add error check for xa_store in nvme_get_effects_log nvme: Add error path for xa_store in nvme_init_effects King Dix (1): PCI: rcar-ep: Fix incorrect variable used when calling devm_request_mem_region() Konrad Dybcio (3): arm64: dts: qcom: msm8996: Fix up USB3 interrupts arm64: dts: qcom: msm8994: Describe USB interrupts arm64: dts: qcom: sc8280xp: Fix up remoteproc register space sizes Kory Maincent (2): net: ravb: Fix missing rtnl lock in suspend/resume path net: sh_eth: Fix missing rtnl lock in suspend/resume path Krishna chaitanya chundru (1): PCI: qcom: Update ICC and OPP values after Link Up event Krzysztof Kozlowski (3): arm64: dts: qcom: sm8650: Fix CDSP context banks unit addresses arm64: dts: qcom: sc7180: change labels to lower-case firmware: qcom: scm: Cleanup global '__scm' on probe failures Kunihiko Hayashi (2): net: stmmac: Limit the number of MTL queues to hardware capability net: stmmac: Limit FIFO size by hardware capability Kuniyuki Iwashima (1): dev: Acquire netdev_rename_lock before restoring dev->name in dev_change_name(). Kyle Tso (2): usb: dwc3: core: Defer the probe until USB power supply ready usb: typec: tcpci: Prevent Sink disconnection before vPpsShutdown in SPR PPS Laurent Pinchart (1): media: uvcvideo: Fix double free in error path Laurentiu Palcu (2): media: nxp: imx8-isi: fix v4l2-compliance test errors staging: media: max96712: fix kernel oops when removing module Len Brown (1): tools/power turbostat: Fix forked child affinity regression Leon Hwang (1): selftests/bpf: Add test to verify tailcall and freplace restrictions Leon Romanovsky (1): RDMA/mlx4: Avoid false error about access to uninitialized gids array Leon Yen (1): wifi: mt76: mt7925: Fix CNM Timeout with Single Active Link in MLO Levi Yun (1): perf expr: Initialize is_test value in expr__ctx_new() Li Zhijian (1): RDMA/rtrs: Add missing deinit() call Lianqin Hu (1): ALSA: usb-audio: Add delay quirk for iBasso DC07 Pro Lin Yujun (1): hexagon: Fix unbalanced spinlock in die() Liu Jian (1): net: let net.core.dev_weight always be non-zero Lorenzo Bianconi (1): net: airoha: Fix error path in airoha_probe() Luca Ceresoli (1): gpio: pca953x: log an error when failing to get the reset GPIO Luca Weiss (2): arm64: dts: qcom: sm7225-fairphone-fp4: Drop extra qcom,msm-id value media: i2c: imx412: Add missing newline to prints Luo Yifan (1): tools/bootconfig: Fix the wrong format specifier Ma Ke (1): RDMA/srp: Fix error handling in srp_add_port Maciej S. Szmigiero (1): pinctrl: amd: Take suspend type into consideration which pins are non-wake Mahdi Arghavani (1): tcp_cubic: fix incorrect HyStart round start detection Maher Sanalla (1): net/mlxfw: Drop hard coded max FW flash image size Mamta Shukla (1): arm: dts: socfpga: use reset-name "stmmaceth-ocp" instead of "ahb" Manivannan Sadhasivam (3): cpufreq: qcom: Fix qcom_cpufreq_hw_recalc_rate() to query LUT if LMh IRQ is not available cpufreq: qcom: Implement clk_ops::determine_rate() for qcom_cpufreq* clocks PCI: endpoint: pci-epf-test: Fix check for DMA MEMCPY test Manoj Vishwanathan (1): idpf: Acquire the lock before accessing the xn->salt Marcel Hamer (1): wifi: brcmfmac: add missing header include for brcmf_dbg Marco Leogrande (2): tools/testing/selftests/bpf/test_tc_tunnel.sh: Fix wait for server bind idpf: convert workqueues to unbound Marek Vasut (5): clk: imx8mp: Fix clkout1/2 support ARM: dts: stm32: Increase CPU core voltage on STM32MP13xx DHCOR SoM ARM: dts: stm32: Deduplicate serial aliases and chosen node for STM32MP15xx DHCOM SoM ARM: dts: stm32: Swap USART3 and UART8 alias on STM32MP15xx DHCOM SoM arm64: dts: qcom: msm8996-xiaomi-gemini: Fix LP5562 LED1 reg property Mark Brown (1): spi: omap2-mcspi: Correctly handle devm_clk_get_optional() errors Martin KaFai Lau (2): bpf: bpf_local_storage: Always use bpf_mem_alloc in PREEMPT_RT bpf: Reject struct_ops registration that uses module ptr and the module btf_id is missing Masahiro Yamada (5): module: Convert default symbol namespace to string literal genksyms: fix memory leak when the same symbol is added from source genksyms: fix memory leak when the same symbol is read from *.symref file kconfig: fix file name in warnings when loading KCONFIG_DEFCONFIG_LIST kconfig: fix memory leak in sym_warn_unmet_dep() Masami Hiramatsu (Google) (1): selftests/ftrace: Fix to use remount when testing mount GID option Mateusz Polchlopek (3): ice: rework of dump serdes equalizer values feature ice: extend dump serdes equalizer values feature ice: remove invalid parameter of equalizer Mathieu Desnoyers (1): selftests/rseq: Fix handling of glibc without rseq support Matthieu Baerts (NGI0) (2): mptcp: pm: only set fullmesh for subflow endp mptcp: blackhole only if 1st SYN retrans w/o MPC is accepted Matti Vaittinen (1): dt-bindings: mfd: bd71815: Fix rsense and typos Max Chou (1): Bluetooth: btrtl: check for NULL in btrtl_setup_realtek() Maíra Canal (1): drm/v3d: Fix performance counter source settings on V3D 7.x Michael Ellerman (1): selftests/powerpc: Fix argument order to timer_sub() Michael Guralnik (1): RDMA/mlx5: Fix indirect mkey ODP page count Michael Lo (1): wifi: mt76: mt7921: fix using incorrect group cipher after disconnection. Michael Riesch (1): arm64: dts: rockchip: fix num-channels property of wolfvision pf5 mic Michal Luczaj (1): vsock: Allow retrying on connect() failure Michal Pecio (1): usb: xhci: Fix NULL pointer dereference on certain command aborts Michal Swiatkowski (1): iavf: allow changing VLAN state without calling PF Mickaël Salaün (4): selftests: ktap_helpers: Fix uninitialized variable landlock: Handle weird files selftests/landlock: Fix build with non-default pthread linking selftests/landlock: Fix error message Mike Snitzer (1): nfs: fix incorrect error handling in LOCALIO Min-Hua Chen (1): drm/rockchip: vop2: include rockchip_drm_drv.h Ming Wang (1): rtc: loongson: clear TOY_MATCH0_REG in loongson_rtc_isr() Ming Yen Hsieh (15): wifi: mt76: mt7925: fix get wrong chip cap from incorrect pointer wifi: mt76: mt7925: fix the invalid ip address for arp offload wifi: mt76: mt7925: Fix incorrect MLD address in bss_mld_tlv for MLO support wifi: mt76: mt7925: Fix incorrect WCID assignment for MLO wifi: mt76: mt7925: fix wrong parameter for related cmd of chan info wifi: mt76: mt7925: Enhance mt7925_mac_link_bss_add to support MLO wifi: mt76: Enhance mt7925_mac_link_sta_add to support MLO wifi: mt76: mt7925: Update mt7925_mcu_sta_update for BC in ASSOC state wifi: mt76: mt7925: Update mt792x_rx_get_wcid for per-link STA wifi: mt76: mt7925: Update mt7925_unassign_vif_chanctx for per-link BSS wifi: mt76: mt7925: Update secondary link PS flow wifi: mt76: mt7925: Init secondary link PM state wifi: mt76: mt7925: Update mt7925_mcu_uni_[tx,rx]_ba for MLO wifi: mt76: mt7925: Cleanup MLO settings post-disconnection wifi: mt76: mt7925: Properly handle responses for commands with events Mingwei Zheng (5): spi: zynq-qspi: Add check for clk_enable() pwm: stm32-lp: Add check for clk_enable() pwm: stm32: Add check for clk_enable() pinctrl: nomadik: Add check for clk_enable() pinctrl: stm32: Add check for clk_enable() Miri Korenblit (1): wifi: iwlwifi: mvm: avoid NULL pointer dereference Mohamed Khalfella (1): PCI: endpoint: pci-epf-test: Set dma_chan_rx pointer to NULL on error Namhyung Kim (1): perf test: Skip syscall enum test if no landlock syscall Nathan Chancellor (1): s390: Add '-std=gnu11' to decompressor and purgatory CFLAGS Neeraj Sanjay Kale (1): Bluetooth: btnxpuart: Fix glitches seen in dual A2DP streaming Neil Armstrong (9): OPP: add index check to assert to avoid buffer overflow in _read_freq() OPP: fix dev_pm_opp_find_bw_*() when bandwidth table not initialized dt-bindings: mmc: controller: clarify the address-cells description arm64: dts: qcom: qcm6490-shift-otter: remove invalid orientation-switch arm64: dts: qcom: sdm845-db845c-navigation-mezzanine: remove disabled ov7251 camera arm64: dts: qcom: sc7180-trogdor-quackingstick: add missing avee-supply arm64: dts: qcom: sc7180-trogdor-pompom: rename 5v-choke thermal zone arm64: dts: qcom: sc7180: fix psci power domain node names arm64: dts: qcom: sm8150-microsoft-surface-duo: fix typos in da7280 properties Nicolas Cavallari (1): wifi: mt76: mt7915: Fix mesh scan on MT7916 DBDC Nicolas Ferre (1): ARM: at91: pm: change BU Power Switch to automatic mode Nikita Zhandarovich (2): net/rose: prevent integer overflows in rose_setsockopt() net: usb: rtl8150: enable basic endpoint checking Nícolas F. R. A. Prado (2): arm64: dts: mediatek: mt8186: Move wakeup to MTU3 to get working suspend arm64: dts: mediatek: mt8195: Remove suspend-breaking reset from pcie1 Octavian Purdila (2): net_sched: sch_sfq: don't allow 1 packet limit team: prevent adding a device which is already a team device lower Oleksij Rempel (1): rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read Olga Kornievskaia (2): NFSv4.2: fix COPY_NOTIFY xdr buf size calculation NFSv4.2: mark OFFLOAD_CANCEL MOVEABLE Oliver Neukum (1): media: rc: iguanair: handle timeouts Oreoluwa Babatunde (1): of: reserved_mem: Restructure how the reserved memory regions are processed Pablo Neira Ayuso (2): netfilter: nf_tables: fix set size with rbtree backend netfilter: nf_tables: reject mismatching sum of field_len with set key length Pali Rohár (3): cifs: Use cifs_autodisable_serverino() for disabling CIFS_MOUNT_SERVER_INUM in readdir.c cifs: Validate EAs for WSL reparse points cifs: Fix getting and setting SACLs over SMB1 Palmer Dabbelt (1): RISC-V: Mark riscv_v_init() as __init Paolo Abeni (2): mptcp: consolidate suboption status mptcp: handle fastopen disconnect correctly Parth Pancholi (1): kbuild: switch from lz4c to lz4 for compression Patrisious Haddad (1): RDMA/mlx5: Fix implicit ODP use after free Patryk Wlazlyn (2): tools/power turbostat: Allow using cpu device in perf counters on hybrid platforms tools/power turbostat: Fix PMT mmaped file size rounding Paul Fertser (1): net/ncsi: use dev_set_mac_address() for Get MC MAC Address handling Paul Menzel (1): scsi: mpt3sas: Set ioc->manu_pg11.EEDPTagMode directly to 1 Paulo Alcantara (1): smb: client: fix oops due to unset link speed Pei Xiao (4): platform/mellanox: mlxbf-pmc: incorrect type in assignment platform/x86: x86-android-tablets: make platform data be static bpf: Use refcount_t instead of atomic_t for mmap_count i3c: dw: Fix use-after-free in dw_i3c_master driver due to race condition Peng Fan (1): clk: imx: Apply some clks only for i.MX93 Pengfei Li (4): dt-bindings: clock: imx93: Drop IMX93_CLK_END macro definition dt-bindings: clock: Add i.MX91 clock support clk: imx93: Move IMX93_CLK_END macro to clk driver clk: imx: add i.MX91 clk Perry Yuan (1): x86/cpu: Enable SD_ASYM_PACKING for PKG domain on AMD Peter Chiu (4): wifi: mt76: mt7915: fix register mapping wifi: mt76: mt7996: fix register mapping wifi: mt76: mt7996: add max mpdu len capability wifi: mt76: mt7996: fix ldpc setting Peter Zijlstra (2): sched/fair: Untangle NEXT_BUDDY and pick_next_task() sched/fair: Fix value reported by hot tasks pulled in /proc/schedstat Ping-Ke Shih (1): wifi: rtw89: fix race between cancel_hw_scan and hw_scan completion Przemek Kitszel (1): ice: fix ice_parser_rt::bst_key array size Pu Lehui (3): selftests/bpf: Fix btf leak on new btf alloc failure in btf_distill test libbpf: Fix return zero when elf_begin failed libbpf: Fix incorrect traversal end type ID when marking BTF_IS_EMBEDDED Puranjay Mohan (1): bpf: Send signals asynchronously if !preemptible Qasim Ijaz (1): iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index() Qu Wenruo (4): btrfs: improve the warning and error message for btrfs_remove_qgroup() btrfs: subpage: fix the bitmap dump of the locked flags btrfs: output the reason for open_ctree() failure btrfs: do proper folio cleanup when run_delalloc_nocow() failed Quan Nguyen (1): ipmi: ssif_bmc: Fix new request loss when bmc ready for a response Quentin Monnet (1): libbpf: Fix segfault due to libelf functions not setting errno Rafał Miłecki (2): ARM: dts: mediatek: mt7623: fix IR nodename bgmac: reduce max frame size to support just MTU 1500 Randy Dunlap (2): partitions: ldm: remove the initial kernel-doc notation efi: sysfb_efi: fix W=1 warnings when EFI is not set Ray Chi (1): usb: dwc3: Skip resume if pm_runtime_set_active() fails Rex Nie (1): drm/msm/hdmi: simplify code in pll_get_integloop_gain Ricardo B. Marliere (1): ktest.pl: Check kernelrelease return in get_version Ricardo Ribalda (1): media: uvcvideo: Propagate buf->error to userspace Richard Zhu (4): PCI: imx6: Skip controller_id generation logic for i.MX7D PCI: imx6: Deassert apps_reset in imx_pcie_deassert_core_reset() PCI: imx6: Add missing reference clock disable logic PCI: dwc: Always stop link in the dw_pcie_suspend_noirq Ricky CX Wu (3): ARM: dts: aspeed: yosemite4: correct the compatible string of adm1272 ARM: dts: aspeed: yosemite4: Add required properties for IOE on fan boards ARM: dts: aspeed: yosemite4: correct the compatible string for max31790 Rob Herring (Arm) (1): mfd: syscon: Fix race in device_node_get_regmap() Roger Quadros (1): net: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns() Ross Burton (1): arm64: defconfig: remove obsolete CONFIG_SM_DISPCC_8650 Ryusuke Konishi (3): nilfs2: do not force clear folio if buffer is referenced nilfs2: protect access to buffers with no active references nilfs2: handle errors that nilfs_prepare_chunk() may return Sagi Grimberg (1): nvme-tcp: Fix I/O queue cpu spreading for multiple controllers Saket Kumar Bhaskar (1): selftests/bpf: Fix fill_link_info selftest on powerpc Sathishkumar Muruganandam (1): wifi: ath12k: fix tx power, max reg power update to firmware Sean Christopherson (1): KVM: x86: Plumb in the vCPU to kvm_x86_ops.hwapic_isr_update() Sean Rhodes (1): drivers/card_reader/rtsx_usb: Restore interrupt based detection Sean Wang (1): wifi: mt76: connac: Extend mt76_connac_mcu_uni_add_dev for MLO Sebastian Andrzej Siewior (1): module: Extend the preempt disabled section in dereference_symbol_descriptor(). Sebastian Sewior (1): xfrm: Don't disable preemption while looking up cache state. Sergio Paracuellos (1): clk: ralink: mtmips: remove duplicated 'xtal' clock for Ralink SoC RT3883 Shayne Chen (1): wifi: mt76: mt7996: fix invalid interface combinations Shengjiu Wang (3): dt-bindings: clock: imx93: Add SPDIF IPG clk clk: imx93: Add IMX93_CLK_SPDIF_IPG clock arm64: dts: imx93: Use IMX93_CLK_SPDIF_IPG as SPDIF IPG clock Shigeru Yoshida (1): vxlan: Fix uninit-value in vxlan_vnifilter_dump() Shinas Rasheed (2): octeon_ep: remove firmware stats fetch in ndo_get_stats64 octeon_ep_vf: remove firmware stats fetch in ndo_get_stats64 Shivaprasad G Bhat (1): powerpc/pseries/iommu: Don't unset window if it was never set Simon Trimmer (2): ASoC: Intel: sof_sdw: Fix DMI match for Lenovo 83LC ASoC: Intel: sof_sdw: Fix DMI match for Lenovo 83JX, 83MC and 83NM Song Yoong Siang (1): selftests/bpf: Actuate tx_metadata_len in xdp_hw_metadata Sourabh Jain (1): powerpc/book3s64/hugetlb: Fix disabling hugetlb when fadump is active Stefano Brivio (1): udp: Deal with race between UDP socket address change and rehash Steffen Klassert (4): xfrm: Add support for per cpu xfrm state handling. xfrm: Cache used outbound xfrm states at the policy. xfrm: Add an inbound percpu state cache. xfrm: Fix acquire state insertion. Su Yue (1): ocfs2: mark dquot as inactive if failed to start trans while releasing dquot Sui Jingfeng (2): drm/etnaviv: Fix page property being used for non writecombine buffers drm/msm: Check return value of of_dma_configure() Sultan Alsawaf (unemployed) (1): cpufreq: schedutil: Fix superfluous updates caused by need_freq_update Suraj Sonawane (1): iommu: iommufd: fix WARNING in iommufd_device_unbind Takashi Iwai (4): ASoC: cs40l50: Use *-y for Makefile ASoC: mediatek: mt8365: Use *-y for Makefile ASoC: wcd937x: Use *-y for Makefile ALSA: seq: Make dependency on UMP clearer Taniya Das (1): arm64: dts: qcom: sa8775p: Update sleep_clk frequency Terry Tritton (1): HID: fix generic desktop D-Pad controls Thadeu Lima de Souza Cascardo (9): wifi: rtlwifi: do not complete firmware loading needlessly wifi: rtlwifi: rtl8192se: rise completion of firmware loading as last step wifi: rtlwifi: wait for firmware loading before releasing memory wifi: rtlwifi: fix init_sw_vars leak when probe fails wifi: rtlwifi: usb: fix workqueue leak when probe fails wifi: rtlwifi: remove unused check_buddy_priv wifi: rtlwifi: destroy workqueue at rtl_deinit_core wifi: rtlwifi: fix memory leaks and invalid access at probe error path wifi: rtlwifi: pci: wait for firmware loading before releasing memory Thinh Nguyen (2): usb: gadget: f_tcm: Fix Get/SetInterface return value usb: gadget: f_tcm: Don't free command immediately Thomas Gleixner (1): genirq: Make handle_enforce_irqctx() unconditionally available Thomas Weißschuh (2): padata: fix sysfs store callback check ptp: Properly handle compat ioctls Tianchen Ding (1): sched: Fix race between yield_to() and try_to_wake_up() Tiezhu Yang (1): LoongArch: Change 8 to 14 for LOONGARCH_MAX_{BRP,WRP} Toke Høiland-Jørgensen (1): net: xdp: Disallow attaching device-bound programs in generic mode Uwe Kleine-König (2): hwmon: (nct6775): Actually make use of the HWMON_NCT6775 symbol namespace i2c: designware: Actually make use of the I2C_DW_COMMON and I2C_DW symbol namespaces Val Packett (5): arm64: dts: mediatek: mt8516: fix GICv2 range arm64: dts: mediatek: mt8516: fix wdt irq type arm64: dts: mediatek: mt8516: add i2c clock-div property arm64: dts: mediatek: mt8516: reserve 192 KiB for TF-A arm64: dts: mediatek: add per-SoC compatibles for keypad nodes Vasily Gorbik (2): s390/mm: Allow large pages for KASAN shadow mapping Revert "s390/mm: Allow large pages for KASAN shadow mapping" Vasily Khoruzhick (4): dt-bindings: clock: sunxi: Export PLL_VIDEO_2X and PLL_MIPI clk: sunxi-ng: a64: drop redundant CLK_PLL_VIDEO0_2X and CLK_PLL_MIPI clk: sunxi-ng: a64: stop force-selecting PLL-MIPI as TCON0 parent arm64: dts: allwinner: a64: explicitly assign clock parent for TCON0 Vishal Chourasia (1): tools: Sync if_xdp.h uapi tooling header Vladimir Zapolskiy (3): arm64: dts: qcom: sc8280xp: Fix interrupt type of camss interrupts arm64: dts: qcom: sdm845: Fix interrupt types of camss interrupts arm64: dts: qcom: sm8250: Fix interrupt types of camss interrupts WangYuli (1): wifi: mt76: mt76u_vendor_request: Do not print error messages when -EPROTO Wayne Lin (1): drm/amd/display: Reduce accessing remote DPCD overhead Wenkai Lin (2): crypto: hisilicon/sec2 - fix for aead icv error crypto: hisilicon/sec2 - fix for aead invalid authsize Wentao Liang (1): PM: hibernate: Add error handling for syscore_suspend() Willem de Bruijn (1): hexagon: fix using plain integer as NULL pointer warning in cmpxchg Xin Long (1): net: sched: refine software bypass handling in tc_run Yabin Cui (1): perf/core: Save raw sample data conditionally based on sample type Yang Erkun (1): block: retry call probe after request_module in blk_request_module Yevgeny Kliteynik (1): net/mlx5: HWS, fix definer's HWS_SET32 macro for negative offset Yu Kuai (7): nbd: don't allow reconnect after disconnect md/md-bitmap: factor behind write counters out from bitmap_{start/end}write() md/md-bitmap: remove the last parameter for bimtap_ops->endwrite() md: add a new callback pers->bitmap_sector() md/raid5: implement pers->bitmap_sector() md/md-bitmap: move bitmap_{start, end}write to md upper layer md/md-bitmap: Synchronize bitmap_get_stats() with bitmap lifetime Zhongqiu Han (3): perf header: Fix one memory leakage in process_bpf_btf() perf header: Fix one memory leakage in process_bpf_prog_info() perf bpf: Fix two memory leakages when calling perf_env__insert_bpf_prog_info() Zhu Yanjun (1): RDMA/rxe: Fix the warning "__rxe_cleanup+0x12c/0x170 [rdma_rxe]" Zichen Xie (2): wifi: cfg80211: tests: Fix potential NULL dereference in test_cfg80211_parse_colocated_ap() samples/landlock: Fix possible NULL dereference in parse_path() Zijun Hu (5): of: property: Avoiding using uninitialized variable @imaplen in parse_interrupt_map() of: reserved-memory: Do not make kmemleak ignore freed address PCI: endpoint: Destroy the EPC device in devm_pci_epc_destroy() driver core: class: Fix wild pointer dereferences in API class_dev_iter_next() of: reserved-memory: Warn for missing static reserved memory regions Zong-Zhe Yang (6): wifi: rtw89: handle entity active flag per PHY wifi: rtw89: chan: manage active interfaces wifi: rtw89: tweak setting of channel and TX power for MLO wifi: rtw89: fix proceeding MCC with wrong scanning state after sequence changes wifi: rtw89: chan: fix soft lockup in rtw89_entity_recalc_mgnt_roles() wifi: rtw89: mcc: consider time limits not divisible by 1024 allan.wang (1): wifi: mt76: mt7925: Fix incorrect WCID phy_idx assignment david regan (1): mtd: rawnand: brcmnand: fix status read of brcmnand_waitfunc pangliyuan (1): ubifs: skip dumping tnc tree when zroot is null xueqin Luo (2): wifi: mt76: mt7996: fix overflows seen when writing limit attributes wifi: mt76: mt7915: fix overflows seen when writing limit attributes zhenwei pi (1): RDMA/rxe: Fix mismatched max_msg_sz

4 months, 1 week

1
1
0 0

Linux 6.6.76

by Greg Kroah-Hartman

I'm announcing the release of the 6.6.76 kernel. All users of the 6.6 kernel series must upgrade. The updated 6.6.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.6.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/devicetree/bindings/leds/leds-class-multicolor.yaml | 2 Documentation/devicetree/bindings/mfd/rohm,bd71815-pmic.yaml | 20 Documentation/devicetree/bindings/mmc/mmc-controller.yaml | 2 Documentation/devicetree/bindings/regulator/mt6315-regulator.yaml | 6 Makefile | 4 arch/arm/boot/dts/aspeed/aspeed-bmc-facebook-yosemite4.dts | 24 arch/arm/boot/dts/intel/socfpga/socfpga_arria10.dtsi | 6 arch/arm/boot/dts/mediatek/mt7623.dtsi | 2 arch/arm/boot/dts/microchip/at91-sama5d27_wlsom1_ek.dts | 2 arch/arm/boot/dts/st/stm32mp151.dtsi | 2 arch/arm/boot/dts/st/stm32mp15xx-dhcom-drc02.dtsi | 12 arch/arm/boot/dts/st/stm32mp15xx-dhcom-pdk2.dtsi | 10 arch/arm/boot/dts/st/stm32mp15xx-dhcom-picoitx.dtsi | 10 arch/arm/boot/dts/st/stm32mp15xx-dhcom-som.dtsi | 7 arch/arm/mach-at91/pm.c | 31 arch/arm/mach-omap1/board-nokia770.c | 2 arch/arm64/boot/dts/allwinner/sun50i-a64-pinebook.dts | 2 arch/arm64/boot/dts/allwinner/sun50i-a64-teres-i.dts | 2 arch/arm64/boot/dts/allwinner/sun50i-a64.dtsi | 2 arch/arm64/boot/dts/mediatek/mt8173-elm.dtsi | 29 arch/arm64/boot/dts/mediatek/mt8173-evb.dts | 25 arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi-damu.dts | 4 arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi-kenzo.dts | 15 arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi-willow.dtsi | 15 arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi.dtsi | 2 arch/arm64/boot/dts/mediatek/mt8183.dtsi | 3 arch/arm64/boot/dts/mediatek/mt8186.dtsi | 8 arch/arm64/boot/dts/mediatek/mt8192-asurada.dtsi | 3 arch/arm64/boot/dts/mediatek/mt8195-cherry.dtsi | 2 arch/arm64/boot/dts/mediatek/mt8195-demo.dts | 9 arch/arm64/boot/dts/mediatek/mt8195.dtsi | 5 arch/arm64/boot/dts/mediatek/mt8365.dtsi | 3 arch/arm64/boot/dts/mediatek/mt8516.dtsi | 11 arch/arm64/boot/dts/mediatek/pumpkin-common.dtsi | 2 arch/arm64/boot/dts/nvidia/tegra234.dtsi | 2 arch/arm64/boot/dts/qcom/Makefile | 3 arch/arm64/boot/dts/qcom/msm8916.dtsi | 2 arch/arm64/boot/dts/qcom/msm8939.dtsi | 2 arch/arm64/boot/dts/qcom/msm8994.dtsi | 11 arch/arm64/boot/dts/qcom/msm8996-xiaomi-gemini.dts | 2 arch/arm64/boot/dts/qcom/msm8996.dtsi | 9 arch/arm64/boot/dts/qcom/pm6150.dtsi | 2 arch/arm64/boot/dts/qcom/pm6150l.dtsi | 3 arch/arm64/boot/dts/qcom/qcs404.dtsi | 2 arch/arm64/boot/dts/qcom/qdu1000-idp.dts | 2 arch/arm64/boot/dts/qcom/qrb4210-rb2.dts | 2 arch/arm64/boot/dts/qcom/qru1000-idp.dts | 2 arch/arm64/boot/dts/qcom/sa8775p-ride.dts | 827 ---------- arch/arm64/boot/dts/qcom/sa8775p-ride.dtsi | 814 +++++++++ arch/arm64/boot/dts/qcom/sc7180-firmware-tfa.dtsi | 84 - arch/arm64/boot/dts/qcom/sc7180-trogdor-coachz.dtsi | 9 arch/arm64/boot/dts/qcom/sc7180-trogdor-homestar.dtsi | 9 arch/arm64/boot/dts/qcom/sc7180-trogdor-pompom.dtsi | 7 arch/arm64/boot/dts/qcom/sc7180-trogdor-quackingstick.dtsi | 1 arch/arm64/boot/dts/qcom/sc7180-trogdor-wormdingler.dtsi | 9 arch/arm64/boot/dts/qcom/sc7180-trogdor.dtsi | 3 arch/arm64/boot/dts/qcom/sc7180.dtsi | 387 ++-- arch/arm64/boot/dts/qcom/sc7280.dtsi | 2 arch/arm64/boot/dts/qcom/sc8280xp.dtsi | 6 arch/arm64/boot/dts/qcom/sdm845-db845c-navigation-mezzanine.dts | 104 - arch/arm64/boot/dts/qcom/sdm845-db845c-navigation-mezzanine.dtso | 70 arch/arm64/boot/dts/qcom/sdm845.dtsi | 20 arch/arm64/boot/dts/qcom/sdx75.dtsi | 2 arch/arm64/boot/dts/qcom/sm4450.dtsi | 2 arch/arm64/boot/dts/qcom/sm6125.dtsi | 2 arch/arm64/boot/dts/qcom/sm6375.dtsi | 2 arch/arm64/boot/dts/qcom/sm7125.dtsi | 16 arch/arm64/boot/dts/qcom/sm7225-fairphone-fp4.dts | 2 arch/arm64/boot/dts/qcom/sm8150-microsoft-surface-duo.dts | 4 arch/arm64/boot/dts/qcom/sm8250.dtsi | 30 arch/arm64/boot/dts/qcom/sm8350.dtsi | 2 arch/arm64/boot/dts/qcom/sm8450.dtsi | 2 arch/arm64/boot/dts/ti/k3-am62-main.dtsi | 1 arch/arm64/boot/dts/ti/k3-am62a-main.dtsi | 1 arch/hexagon/include/asm/cmpxchg.h | 2 arch/hexagon/kernel/traps.c | 4 arch/loongarch/include/asm/hw_breakpoint.h | 4 arch/loongarch/include/asm/loongarch.h | 60 arch/loongarch/kernel/hw_breakpoint.c | 16 arch/loongarch/power/platform.c | 2 arch/powerpc/include/asm/hugetlb.h | 9 arch/powerpc/kernel/smp.c | 4 arch/powerpc/sysdev/xive/native.c | 4 arch/powerpc/sysdev/xive/spapr.c | 3 arch/riscv/kernel/vector.c | 2 arch/s390/Makefile | 2 arch/s390/kernel/perf_cpum_cf.c | 2 arch/s390/kernel/perf_pai_crypto.c | 2 arch/s390/kernel/perf_pai_ext.c | 2 arch/s390/kernel/topology.c | 2 arch/s390/purgatory/Makefile | 2 arch/x86/events/amd/ibs.c | 2 arch/x86/kernel/smpboot.c | 12 block/genhd.c | 22 block/partitions/ldm.h | 2 drivers/acpi/acpica/achware.h | 2 drivers/acpi/fan_core.c | 10 drivers/base/class.c | 9 drivers/block/nbd.c | 1 drivers/bluetooth/btnxpuart.c | 3 drivers/bus/ti-sysc.c | 4 drivers/char/ipmi/ipmb_dev_int.c | 3 drivers/char/ipmi/ssif_bmc.c | 5 drivers/clk/analogbits/wrpll-cln28hpc.c | 2 drivers/clk/clk-conf.c | 4 drivers/clk/clk-si5351.c | 76 drivers/clk/clk.c | 14 drivers/clk/imx/clk-imx8mp.c | 5 drivers/clk/qcom/common.c | 4 drivers/clk/qcom/gcc-sdm845.c | 32 drivers/clk/ralink/clk-mtmips.c | 1 drivers/clk/sunxi-ng/ccu-sun50i-a64.c | 13 drivers/clk/sunxi-ng/ccu-sun50i-a64.h | 2 drivers/clk/sunxi/clk-simple-gates.c | 4 drivers/clk/sunxi/clk-sun8i-bus-gates.c | 4 drivers/clocksource/samsung_pwm_timer.c | 4 drivers/cpufreq/acpi-cpufreq.c | 36 drivers/cpufreq/qcom-cpufreq-hw.c | 34 drivers/crypto/caam/blob_gen.c | 3 drivers/crypto/hisilicon/sec2/sec.h | 3 drivers/crypto/hisilicon/sec2/sec_crypto.c | 168 -- drivers/crypto/hisilicon/sec2/sec_crypto.h | 11 drivers/crypto/intel/ixp4xx/ixp4xx_crypto.c | 3 drivers/dma/ti/edma.c | 3 drivers/firmware/efi/sysfb_efi.c | 2 drivers/gpio/gpio-brcmstb.c | 5 drivers/gpio/gpio-mxc.c | 3 drivers/gpio/gpio-pca953x.c | 108 - drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 1 drivers/gpu/drm/amd/amdgpu/vcn_v4_0_3.c | 2 drivers/gpu/drm/amd/pm/powerplay/hwmgr/ppatomctrl.c | 2 drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega10_powertune.c | 5 drivers/gpu/drm/bridge/ite-it6505.c | 2 drivers/gpu/drm/etnaviv/etnaviv_gem.c | 16 drivers/gpu/drm/msm/adreno/a6xx_gmu.c | 8 drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_5_0_sm8150.h | 2 drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_5_1_sc8180x.h | 2 drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_6_0_sm8250.h | 2 drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_7_0_sm8350.h | 2 drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_9_0_sm8550.h | 2 drivers/gpu/drm/msm/dp/dp_audio.c | 2 drivers/gpu/drm/rockchip/analogix_dp-rockchip.c | 1 drivers/gpu/drm/rockchip/cdn-dp-core.c | 1 drivers/gpu/drm/rockchip/dw-mipi-dsi-rockchip.c | 1 drivers/gpu/drm/rockchip/dw_hdmi-rockchip.c | 1 drivers/gpu/drm/rockchip/inno_hdmi.c | 1 drivers/gpu/drm/rockchip/rk3066_hdmi.c | 1 drivers/gpu/drm/rockchip/rockchip_drm_drv.h | 18 drivers/gpu/drm/rockchip/rockchip_drm_vop.h | 12 drivers/gpu/drm/rockchip/rockchip_drm_vop2.c | 121 + drivers/gpu/drm/rockchip/rockchip_drm_vop2.h | 18 drivers/gpu/drm/rockchip/rockchip_lvds.c | 1 drivers/gpu/drm/rockchip/rockchip_rgb.c | 1 drivers/hid/hid-core.c | 2 drivers/hid/hid-input.c | 37 drivers/hid/hid-multitouch.c | 2 drivers/hid/hid-thrustmaster.c | 8 drivers/i3c/master/dw-i3c-master.c | 68 drivers/i3c/master/dw-i3c-master.h | 2 drivers/iio/adc/ti_am335x_adc.c | 4 drivers/infiniband/hw/bnxt_re/ib_verbs.c | 7 drivers/infiniband/hw/cxgb4/device.c | 6 drivers/infiniband/hw/mlx4/main.c | 8 drivers/infiniband/hw/mlx5/odp.c | 32 drivers/infiniband/sw/rxe/rxe.c | 6 drivers/infiniband/sw/rxe/rxe.h | 6 drivers/infiniband/sw/rxe/rxe_comp.c | 4 drivers/infiniband/sw/rxe/rxe_cq.c | 4 drivers/infiniband/sw/rxe/rxe_mr.c | 16 drivers/infiniband/sw/rxe/rxe_mw.c | 2 drivers/infiniband/sw/rxe/rxe_param.h | 2 drivers/infiniband/sw/rxe/rxe_pool.c | 11 drivers/infiniband/sw/rxe/rxe_qp.c | 8 drivers/infiniband/sw/rxe/rxe_resp.c | 12 drivers/infiniband/sw/rxe/rxe_task.c | 4 drivers/infiniband/sw/rxe/rxe_verbs.c | 221 +- drivers/infiniband/ulp/srp/ib_srp.c | 1 drivers/irqchip/irq-atmel-aic-common.c | 4 drivers/irqchip/irq-pic32-evic.c | 4 drivers/leds/leds-cht-wcove.c | 6 drivers/leds/leds-netxbig.c | 1 drivers/media/i2c/imx290.c | 3 drivers/media/i2c/imx412.c | 42 drivers/media/i2c/ov9282.c | 2 drivers/media/platform/marvell/mcam-core.c | 7 drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c | 7 drivers/media/platform/nxp/imx8-isi/imx8-isi-video.c | 3 drivers/media/platform/samsung/exynos4-is/mipi-csis.c | 10 drivers/media/platform/samsung/s3c-camif/camif-core.c | 13 drivers/media/rc/iguanair.c | 4 drivers/media/usb/dvb-usb-v2/af9035.c | 18 drivers/media/usb/dvb-usb-v2/lmedm04.c | 12 drivers/media/usb/uvc/uvc_queue.c | 3 drivers/media/usb/uvc/uvc_status.c | 1 drivers/memory/tegra/tegra20-emc.c | 8 drivers/mfd/syscon.c | 81 drivers/mfd/ti_am335x_tscadc.c | 4 drivers/misc/cardreader/rtsx_usb.c | 15 drivers/mtd/hyperbus/hbmc-am654.c | 25 drivers/mtd/nand/raw/brcmnand/brcmnand.c | 5 drivers/net/ethernet/broadcom/bgmac.h | 3 drivers/net/ethernet/davicom/dm9000.c | 3 drivers/net/ethernet/freescale/fec_main.c | 31 drivers/net/ethernet/hisilicon/hns3/hnae3.c | 15 drivers/net/ethernet/hisilicon/hns3/hnae3.h | 2 drivers/net/ethernet/hisilicon/hns3/hns3_enet.c | 2 drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 2 drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 2 drivers/net/ethernet/intel/iavf/iavf_main.c | 19 drivers/net/ethernet/marvell/octeon_ep/octep_main.c | 10 drivers/net/ethernet/mellanox/mlxfw/mlxfw_fsm.c | 2 drivers/net/ethernet/mellanox/mlxsw/spectrum_mr.c | 8 drivers/net/ethernet/renesas/sh_eth.c | 4 drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 30 drivers/net/ethernet/ti/am65-cpsw-nuss.c | 2 drivers/net/netdevsim/netdevsim.h | 1 drivers/net/netdevsim/udp_tunnels.c | 23 drivers/net/team/team.c | 7 drivers/net/usb/rtl8150.c | 22 drivers/net/vxlan/vxlan_vnifilter.c | 5 drivers/net/wireless/ath/ath11k/dp_rx.c | 1 drivers/net/wireless/ath/ath11k/hal_rx.c | 3 drivers/net/wireless/ath/ath12k/mac.c | 6 drivers/net/wireless/ath/wcn36xx/main.c | 5 drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwil.h | 2 drivers/net/wireless/mediatek/mt76/mt7615/init.c | 2 drivers/net/wireless/mediatek/mt76/mt7615/mcu.c | 10 drivers/net/wireless/mediatek/mt76/mt7615/mt7615.h | 1 drivers/net/wireless/mediatek/mt76/mt76_connac_mcu.c | 11 drivers/net/wireless/mediatek/mt76/mt76_connac_mcu.h | 1 drivers/net/wireless/mediatek/mt76/mt7915/init.c | 2 drivers/net/wireless/mediatek/mt76/mt7915/mac.c | 32 drivers/net/wireless/mediatek/mt76/mt7915/main.c | 15 drivers/net/wireless/mediatek/mt76/mt7915/mcu.c | 2 drivers/net/wireless/mediatek/mt76/mt7915/mmio.c | 2 drivers/net/wireless/mediatek/mt76/mt7915/mt7915.h | 1 drivers/net/wireless/mediatek/mt76/mt7915/pci.c | 1 drivers/net/wireless/mediatek/mt76/mt7921/main.c | 8 drivers/net/wireless/mediatek/mt76/mt7996/init.c | 15 drivers/net/wireless/mediatek/mt76/mt7996/main.c | 3 drivers/net/wireless/mediatek/mt76/mt7996/mcu.c | 47 drivers/net/wireless/mediatek/mt76/mt7996/mmio.c | 2 drivers/net/wireless/mediatek/mt76/usb.c | 4 drivers/net/wireless/realtek/rtlwifi/base.c | 13 drivers/net/wireless/realtek/rtlwifi/base.h | 1 drivers/net/wireless/realtek/rtlwifi/pci.c | 61 drivers/net/wireless/realtek/rtlwifi/rtl8192se/sw.c | 7 drivers/net/wireless/realtek/rtlwifi/usb.c | 12 drivers/net/wireless/realtek/rtlwifi/wifi.h | 12 drivers/net/wireless/ti/wlcore/main.c | 10 drivers/nvme/host/core.c | 34 drivers/of/of_reserved_mem.c | 3 drivers/opp/core.c | 57 drivers/opp/of.c | 4 drivers/pci/controller/dwc/pci-imx6.c | 139 - drivers/pci/controller/pcie-rcar-ep.c | 2 drivers/pci/endpoint/functions/pci-epf-test.c | 6 drivers/pci/endpoint/pci-epc-core.c | 2 drivers/pinctrl/nxp/pinctrl-s32cc.c | 4 drivers/pinctrl/pinctrl-amd.c | 27 drivers/pinctrl/pinctrl-amd.h | 7 drivers/pinctrl/pinctrl-k210.c | 4 drivers/pinctrl/stm32/pinctrl-stm32.c | 76 drivers/pps/clients/pps-gpio.c | 4 drivers/pps/clients/pps-ktimer.c | 4 drivers/pps/clients/pps-ldisc.c | 6 drivers/pps/clients/pps_parport.c | 4 drivers/pps/kapi.c | 10 drivers/pps/kc.c | 10 drivers/pps/pps.c | 127 - drivers/ptp/ptp_chardev.c | 4 drivers/ptp/ptp_ocp.c | 2 drivers/pwm/pwm-samsung.c | 4 drivers/pwm/pwm-stm32-lp.c | 8 drivers/pwm/pwm-stm32.c | 7 drivers/regulator/core.c | 2 drivers/regulator/of_regulator.c | 14 drivers/remoteproc/remoteproc_core.c | 14 drivers/rtc/rtc-loongson.c | 13 drivers/rtc/rtc-pcf85063.c | 11 drivers/scsi/mpt3sas/mpt3sas_base.c | 3 drivers/soc/atmel/soc.c | 2 drivers/spi/spi-omap2-mcspi.c | 11 drivers/spi/spi-zynq-qspi.c | 13 drivers/staging/media/imx/imx-media-of.c | 8 drivers/staging/media/max96712/max96712.c | 4 drivers/tty/serial/8250/8250_port.c | 32 drivers/tty/serial/sc16is7xx.c | 34 drivers/tty/sysrq.c | 4 drivers/ufs/core/ufs_bsg.c | 1 drivers/usb/dwc3/core.c | 30 drivers/usb/dwc3/dwc3-am62.c | 1 drivers/usb/gadget/function/f_tcm.c | 14 drivers/usb/host/xhci-ring.c | 3 drivers/usb/misc/usb251xb.c | 4 drivers/usb/typec/tcpm/tcpci.c | 13 drivers/usb/typec/tcpm/tcpm.c | 10 drivers/vfio/iova_bitmap.c | 2 drivers/video/fbdev/omap2/omapfb/dss/dss-of.c | 1 drivers/watchdog/rti_wdt.c | 1 fs/afs/dir.c | 7 fs/afs/internal.h | 9 fs/afs/rxrpc.c | 12 fs/afs/xdr_fs.h | 2 fs/afs/yfsclient.c | 5 fs/btrfs/super.c | 2 fs/buffer.c | 24 fs/dlm/lowcomms.c | 3 fs/f2fs/dir.c | 53 fs/f2fs/f2fs.h | 6 fs/f2fs/inline.c | 5 fs/file_table.c | 2 fs/hostfs/hostfs_kern.c | 157 + fs/nfs/nfs42proc.c | 2 fs/nfs/nfs42xdr.c | 2 fs/nfsd/nfs4callback.c | 1 fs/nilfs2/segment.c | 11 fs/ocfs2/quota_global.c | 5 fs/pstore/blk.c | 4 fs/select.c | 4 fs/smb/client/cifsacl.c | 25 fs/smb/client/cifsproto.h | 2 fs/smb/client/cifssmb.c | 4 fs/smb/client/readdir.c | 2 fs/smb/client/reparse.c | 22 fs/smb/client/smb2ops.c | 3 fs/ubifs/debug.c | 22 include/acpi/acpixf.h | 1 include/dt-bindings/clock/sun50i-a64-ccu.h | 2 include/linux/buffer_head.h | 4 include/linux/hid.h | 1 include/linux/ieee80211.h | 11 include/linux/kallsyms.h | 2 include/linux/mfd/syscon.h | 33 include/linux/mroute_base.h | 6 include/linux/netdevice.h | 2 include/linux/of.h | 15 include/linux/perf_event.h | 6 include/linux/platform_data/pca953x.h | 13 include/linux/platform_data/si5351.h | 2 include/linux/pps_kernel.h | 3 include/linux/sched.h | 1 include/linux/usb/tcpm.h | 3 include/net/ax25.h | 10 include/net/inetpeer.h | 12 include/net/netfilter/nf_tables.h | 8 include/net/xfrm.h | 16 include/trace/events/afs.h | 2 include/trace/events/rxrpc.h | 25 io_uring/uring_cmd.c | 2 kernel/bpf/bpf_local_storage.c | 8 kernel/events/core.c | 35 kernel/irq/internals.h | 9 kernel/padata.c | 45 kernel/power/hibernate.c | 7 kernel/sched/cpufreq_schedutil.c | 4 kernel/sched/fair.c | 19 kernel/sched/topology.c | 8 kernel/trace/bpf_trace.c | 13 net/ax25/af_ax25.c | 12 net/ax25/ax25_dev.c | 4 net/ax25/ax25_ip.c | 3 net/ax25/ax25_out.c | 22 net/ax25/ax25_route.c | 2 net/core/dev.c | 4 net/core/filter.c | 2 net/core/sysctl_net_core.c | 5 net/ethtool/netlink.c | 2 net/hsr/hsr_forward.c | 7 net/ipv4/icmp.c | 9 net/ipv4/inetpeer.c | 31 net/ipv4/ip_fragment.c | 15 net/ipv4/ipmr.c | 28 net/ipv4/ipmr_base.c | 9 net/ipv4/route.c | 17 net/ipv4/tcp_cubic.c | 8 net/ipv4/tcp_output.c | 9 net/ipv6/icmp.c | 6 net/ipv6/ip6_output.c | 6 net/ipv6/ip6mr.c | 28 net/ipv6/ndisc.c | 8 net/mac80211/debugfs_netdev.c | 2 net/mac80211/driver-ops.h | 3 net/mac80211/rx.c | 1 net/mptcp/options.c | 13 net/mptcp/protocol.c | 4 net/mptcp/protocol.h | 30 net/netfilter/nf_tables_api.c | 57 net/netfilter/nft_flow_offload.c | 16 net/netfilter/nft_set_pipapo.c | 7 net/netfilter/nft_set_rbtree.c | 178 +- net/rose/af_rose.c | 16 net/rose/rose_timer.c | 15 net/rxrpc/conn_event.c | 12 net/sched/sch_api.c | 4 net/sched/sch_sfq.c | 56 net/smc/af_smc.c | 2 net/smc/smc_rx.c | 37 net/smc/smc_rx.h | 8 net/sunrpc/svcsock.c | 12 net/vmw_vsock/af_vsock.c | 5 net/wireless/scan.c | 35 net/xfrm/xfrm_replay.c | 10 samples/landlock/sandboxer.c | 7 scripts/Makefile.lib | 4 scripts/genksyms/genksyms.c | 11 scripts/genksyms/genksyms.h | 2 scripts/genksyms/parse.y | 18 scripts/kconfig/conf.c | 6 scripts/kconfig/confdata.c | 115 - scripts/kconfig/lkc_proto.h | 2 scripts/kconfig/symbol.c | 10 security/landlock/fs.c | 11 sound/core/seq/Kconfig | 5 sound/pci/hda/patch_realtek.c | 1 sound/soc/codecs/arizona.c | 12 sound/soc/intel/avs/apl.c | 53 sound/soc/intel/avs/avs.h | 40 sound/soc/intel/avs/core.c | 51 sound/soc/intel/avs/ipc.c | 36 sound/soc/intel/avs/loader.c | 2 sound/soc/intel/avs/messages.h | 10 sound/soc/intel/avs/registers.h | 6 sound/soc/intel/avs/skl.c | 30 sound/soc/rockchip/rockchip_i2s_tdm.c | 31 sound/soc/sh/rz-ssi.c | 3 sound/soc/sunxi/sun4i-spdif.c | 7 sound/usb/quirks.c | 2 tools/bootconfig/main.c | 4 tools/lib/bpf/linker.c | 22 tools/lib/bpf/usdt.c | 2 tools/perf/builtin-lock.c | 66 tools/perf/builtin-report.c | 2 tools/perf/builtin-top.c | 2 tools/perf/builtin-trace.c | 6 tools/perf/util/bpf-event.c | 10 tools/perf/util/env.c | 13 tools/perf/util/env.h | 4 tools/perf/util/expr.c | 5 tools/perf/util/header.c | 8 tools/perf/util/machine.c | 2 tools/perf/util/namespaces.c | 7 tools/perf/util/namespaces.h | 3 tools/power/cpupower/utils/idle_monitor/mperf_monitor.c | 15 tools/testing/ktest/ktest.pl | 7 tools/testing/selftests/bpf/prog_tests/fill_link_info.c | 4 tools/testing/selftests/bpf/progs/test_fill_link_info.c | 13 tools/testing/selftests/bpf/test_tc_tunnel.sh | 1 tools/testing/selftests/drivers/net/netdevsim/udp_tunnel_nic.sh | 16 tools/testing/selftests/kselftest_harness.h | 24 tools/testing/selftests/landlock/fs_test.c | 3 tools/testing/selftests/powerpc/benchmarks/gettimeofday.c | 2 tools/testing/selftests/rseq/rseq.c | 32 tools/testing/selftests/rseq/rseq.h | 9 tools/testing/selftests/timers/clocksource-switch.c | 6 455 files changed, 4558 insertions(+), 3437 deletions(-) Aaro Koskinen (1): ARM: omap1: Fix up the Retu IRQ on Nokia 770 Ahmad Fatoum (1): gpio: mxc: remove dead code after switch to DT-only Akhil R (1): arm64: tegra: Fix DMA ID for SPI2 Al Viro (1): hostfs: fix string handling in __dentry_name() Alan Stern (1): HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections Alexander Aring (1): dlm: fix srcu_read_lock() return type to int Alexander Stein (1): regulator: core: Add missing newline character Alexandre Cassen (1): xfrm: delete intermediate secpath entry in packet offload mode Alvin Šipraga (1): clk: si5351: allow PLLs to be adjusted without reset Amit Pundir (1): clk: qcom: gcc-sdm845: Do not use shared clk_ops for QUPs Andreas Kemnade (1): wifi: wlcore: fix unbalanced pm_runtime calls Andrew Halaney (2): arm64: dts: qcom: sa8775p-ride: Describe sgmii_phy0 irq arm64: dts: qcom: sa8775p-ride: Describe sgmii_phy1 irq Andrii Nakryiko (1): libbpf: don't adjust USDT semaphore address if .stapsdt.base addr is missing Andy Shevchenko (2): gpio: pca953x: Drop unused fields in struct pca953x_platform_data gpio: pca953x: Fully convert to device managed resources Andy Strohman (1): wifi: mac80211: fix tid removal during mesh forwarding Andy Yan (7): drm/rockchip: vop2: Fix cluster windows alpha ctrl regsiters offset drm/rockchip: vop2: Fix the mixer alpha setup for layer 0 drm/rockchip: vop2: Set YUV/RGB overlay mode drm/rockchip: vop2: set bg dly and prescan dly at vop2_post_config drm/rockchip: vop2: Fix the windows switch between different layers drm/rockchip: vop2: Check linear format for Cluster windows on rk3566/8 drm/rockchip: move output interface related definition to rockchip_drm_drv.h Antoine Tenart (1): net: avoid race between device unregistration and ethnl ops Arnaldo Carvalho de Melo (3): perf top: Don't complain about lack of vmlinux when not resolving some kernel samples perf namespaces: Introduce nsinfo__set_in_pidns() perf namespaces: Fixup the nsinfo__in_pidns() return type, its bool Arnaud Pouliquen (2): ARM: dts: stm32: Fix IPCC EXTI declaration on stm32mp151 remoteproc: core: Fix ida_free call while not allocated Ba Jing (1): ktest.pl: Remove unused declarations in run_bisect_test function Balaji Pothunoori (1): wifi: ath11k: Fix unexpected return buffer manager error for WCN6750/WCN6855 Barnabás Czémán (1): wifi: wcn36xx: fix channel survey memory allocation size Bartosz Golaszewski (1): arm64: dts: qcom: move common parts for sa8775p-ride variants into a .dtsi Benjamin Lin (1): wifi: mt76: mt7996: fix incorrect indexing of MIB FW event Billy Tsai (1): i3c: dw: Add hot-join support. Bo Gan (1): clk: analogbits: Fix incorrect calculation of vco rate delta Bokun Zhang (1): drm/amdgpu/vcn: reset fw_shared under SRIOV Bryan Brattlof (2): arm64: dts: ti: k3-am62: Remove duplicate GICR reg arm64: dts: ti: k3-am62a: Remove duplicate GICR reg Bryan O'Donoghue (1): arm64: dts: qcom: sdm845-db845c-navigation-mezzanine: Convert mezzanine riser to dtso Calvin Owens (1): pps: Fix a use-after-free Cezary Rojewski (4): ASoC: Intel: avs: Prefix SKL/APL-specific members ASoC: Intel: avs: Abstract IPC handling ASoC: Intel: avs: Do not readq() u32 registers ASoC: Intel: avs: Fix theoretical infinite loop Charles Han (1): ipmi: ipmb: Add check devm_kasprintf() returned value Chen Ni (1): media: lmedm04: Handle errors for lme2510_int_read Chen Ridong (3): padata: fix UAF in padata_reorder padata: add pd get/put refcnt helper padata: avoid UAF for reorder_work Chen-Yu Tsai (9): regulator: dt-bindings: mt6315: Drop regulator-compatible property arm64: dts: mediatek: mt8173-evb: Drop regulator-compatible property arm64: dts: mediatek: mt8173-elm: Drop regulator-compatible property arm64: dts: mediatek: mt8192-asurada: Drop regulator-compatible property arm64: dts: mediatek: mt8195-cherry: Drop regulator-compatible property arm64: dts: mediatek: mt8195-demo: Drop regulator-compatible property arm64: dts: mediatek: mt8173-elm: Fix MT6397 PMIC sub-node names arm64: dts: mediatek: mt8173-evb: Fix MT6397 PMIC sub-node names arm64: dts: mediatek: mt8183-kukui-jacuzzi: Drop pp3300_panel voltage settings Chenghai Huang (1): crypto: hisilicon/sec2 - optimize the error return process Chenyuan Yang (1): net: davicom: fix UAF in dm9000_drv_remove Christophe JAILLET (1): drm/amd/pm: Fix an error handling path in vega10_enable_se_edc_force_stall_config() Christophe Leroy (2): select: Fix unbalanced user_access_end() perf machine: Don't ignore _etext when not a text symbol Chuck Lever (2): NFSD: Reset cb_seq_status after NFS4ERR_DELAY Revert "SUNRPC: Reduce thread wake-up rate when receiving large RPC messages" Chun-Tse Shao (1): perf lock: Fix parse_lock_type which only retrieve one lock flag Claudiu Beznea (1): ASoC: renesas: rz-ssi: Use only the proper amount of dividers Cristian Birsan (1): ARM: dts: microchip: sama5d27_wlsom1_ek: Add no-1-8-v property to sdmmc0 node Dan Carpenter (2): rdma/cxgb4: Prevent potential integer overflow on 32bit media: imx-jpeg: Fix potential error pointer dereference in detach_pm() Daniel Lee (1): f2fs: Introduce linear search for dentries Daniel Xu (1): bpf: tcp: Mark bpf_load_hdr_opt() arg2 as read-write Dave Stevenson (2): media: i2c: imx290: Register 0x3011 varies between imx327 and imx290 media: i2c: ov9282: Correct the exposure offset David Howells (5): afs: Fix EEXIST error returned from afs_rmdir() to be ENOTEMPTY afs: Fix directory format encoding struct afs: Fix cleanup of immediately failed async calls afs: Fix the fallback handling for the YFS.RemoveFile2 RPC call rxrpc: Fix handling of received connection abort David Wronek (1): arm64: dts: qcom: Add SM7125 device tree Desnes Nunes (1): media: dvb-usb-v2: af9035: fix ISO C90 compilation error on af9035_i2c_master_xfer Detlev Casanova (1): ASoC: rockchip: i2s_tdm: Re-add the set_sysclk callback Dheeraj Reddy Jonnalagadda (1): net: fec: implement TSO descriptor cleanup Dmitry Antipov (1): wifi: cfg80211: adjust allocation of colocated AP data Dmitry Baryshkov (20): drm/msm/dp: set safe_to_exit_level before printing it drm/msm/dpu: link DSPP_2/_3 blocks on SM8150 drm/msm/dpu: link DSPP_2/_3 blocks on SC8180X drm/msm/dpu: link DSPP_2/_3 blocks on SM8250 drm/msm/dpu: link DSPP_2/_3 blocks on SM8350 drm/msm/dpu: link DSPP_2/_3 blocks on SM8550 arm64: dts: qcom: msm8916: correct sleep clock frequency arm64: dts: qcom: msm8939: correct sleep clock frequency arm64: dts: qcom: msm8994: correct sleep clock frequency arm64: dts: qcom: qcs404: correct sleep clock frequency arm64: dts: qcom: q[dr]u1000: correct sleep clock frequency arm64: dts: qcom: qrb4210-rb2: correct sleep clock frequency arm64: dts: qcom: sc7280: correct sleep clock frequency arm64: dts: qcom: sdx75: correct sleep clock frequency arm64: dts: qcom: sm4450: correct sleep clock frequency arm64: dts: qcom: sm6125: correct sleep clock frequency arm64: dts: qcom: sm6375: correct sleep clock frequency arm64: dts: qcom: sm8250: correct sleep clock frequency arm64: dts: qcom: sm8350: correct sleep clock frequency arm64: dts: qcom: sm8450: correct sleep clock frequency Dmitry V. Levin (1): selftests: harness: fix printing of mismatch values in __EXPECT() Eric Dumazet (11): net_sched: sch_sfq: annotate data-races around q->perturb_period net_sched: sch_sfq: handle bigger packets inetpeer: remove create argument of inet_getpeer_v[46]() inetpeer: remove create argument of inet_getpeer() inetpeer: update inetpeer timestamp in inet_getpeer() inetpeer: do not get a refcount in inet_getpeer() ax25: rcu protect dev->ax25_ptr inet: ipmr: fix data-races ipmr: do not call mr_mfc_uses_dev() for unres entries net: rose: fix timer races against user threads net: hsr: fix fill_frame_info() regression vs VLAN packets Eugen Hristev (1): pstore/blk: trivial typo fixes Felix Fietkau (5): wifi: mt76: mt7996: fix rx filter setting for bfee functionality wifi: mt76: mt7915: firmware restart on devices with a second pcie link wifi: mt76: connac: move mt7615_mcu_del_wtbl_all to connac wifi: mt76: mt7915: improve hardware restart reliability wifi: mt76: mt7915: fix omac index assignment after hardware reset Florian Westphal (4): netfilter: nf_tables: de-constify set commit ops function argument netfilter: nft_set_rbtree: rename gc deactivate+erase function netfilter: nft_set_rbtree: prefer sync gc to async worker netfilter: nft_flow_offload: update tcp state flags under lock Frank Li (1): PCI: imx6: Simplify clock handling by using clk_bulk*() function Gaurav Jain (1): crypto: caam - use JobR's space to access page 0 regs Gautham R. Shenoy (1): cpufreq: ACPI: Fix max-frequency computation Geert Uytterhoeven (2): dt-bindings: leds: class-multicolor: Fix path to color definitions selftests: timers: clocksource-switch: Adapt progress to kselftest framework George Lander (1): ASoC: sun4i-spdif: Add clock multiplier settings Greg Kroah-Hartman (1): Linux 6.6.76 Guangguan Wang (1): net/smc: fix data error when recvmsg with MSG_PEEK flag Guixin Liu (1): scsi: ufs: bsg: Delete bsg_dev when setting up bsg fails He Rongguang (1): cpupower: fix TSC MHz calculation Hermes Wu (1): drm/bridge: it6505: Change definition of AUX_FIFO_MAX_SIZE Hongbo Li (2): hostfs: convert hostfs to use the new mount API hostfs: fix the host directory parse when mounting. Howard Chu (1): perf trace: Fix runtime error of index out of bounds Howard Hsu (2): wifi: mt76: mt7996: fix the capability of reception of EHT MU PPDU wifi: mt76: mt7996: fix HE Phy capability Hsin-Te Yuan (2): arm64: dts: mediatek: mt8183: kenzo: Support second source touchscreen arm64: dts: mediatek: mt8183: willow: Support second source touchscreen Hsin-Yi Wang (1): arm64: dts: mt8183: set DMIC one-wire mode on Damu Huacai Chen (1): LoongArch: Fix warnings during S3 suspend Hugo Villeneuve (1): serial: sc16is7xx: use device_property APIs when configuring irda mode Ilan Peer (2): wifi: mac80211: Fix common size calculation for ML element wifi: cfg80211: Handle specific BSSID in 6GHz scanning Ivan Stepchenko (1): drm/amdgpu: Fix potential NULL pointer dereference in atomctrl_get_smc_sclk_range_table Jakub Kicinski (1): net: netdevsim: try to close UDP port harness races Jamal Hadi Salim (1): net: sched: Disallow replacing of child qdisc from one parent to another Jason-JH.Lin (1): dts: arm64: mediatek: mt8195: Remove MT8183 compatible for OVL Javier Carrasco (1): soc: atmel: fix device_node release in atmel_soc_device_init() Jens Axboe (2): nvme: fix bogus kzalloc() return check in nvme_init_effects_log() io_uring/uring_cmd: use cached cmd_op in io_uring_cmd_sock() Jiachen Zhang (1): perf report: Fix misleading help message about --demangle Jian Shen (1): net: hns3: fix oops when unload drivers paralleling Jianbo Liu (1): xfrm: replay: Fix the update of replay_esn->oseq_hi for GSO Jiang Liu (1): drm/amdgpu: tear down ttm range manager for doorbell in amdgpu_ttm_fini() Jiasheng Jiang (3): media: marvell: Add check for clk_enable() media: mipi-csis: Add check for clk_enable() media: camif-core: Add check for clk_enable() Jinliang Zheng (1): fs: fix proc_handler for sysctl_nr_open Jiri Kosina (1): HID: multitouch: fix support for Goodix PID 0x01e9 Joe Hattori (14): clk: fix an OF node reference leak in of_clk_get_parent_name() ACPI: fan: cleanup resources in the error path of .probe() leds: netxbig: Fix an OF node reference leak in netxbig_leds_get_of_pdata() regulator: of: Implement the unwind path of of_regulator_match() OPP: OF: Fix an OF node leak in _opp_add_static_v2() leds: cht-wcove: Use devm_led_classdev_register() to avoid memory leak crypto: ixp4xx - fix OF node reference leaks in init_ixp_crypto() memory: tegra20-emc: fix an OF node reference bug in tegra_emc_find_node_by_ram_code() fbdev: omapfb: Fix an OF node leak in dss_of_port_get_parent_device() mtd: hyperbus: hbmc-am654: fix an OF node reference leak watchdog: rti_wdt: Fix an OF node leak in rti_wdt_probe() staging: media: imx: fix OF node leak in imx_media_add_of_subdevs() dmaengine: ti: edma: fix OF node reference leaks in edma_driver usb: dwc3-am62: Fix an OF node leak in phy_syscon_pll_refclk() Johannes Berg (2): wifi: mac80211: prohibit deactivating all links wifi: mac80211: don't flush non-uploaded STAs John Ogness (1): serial: 8250: Adjust the timeout for FIFO mode Jon Maloy (1): tcp: correct handling of extreme memory squeeze Jos Wang (1): usb: typec: tcpm: set SRC_SEND_CAPABILITIES timeout to PD_T_SENDER_RESPONSE K Prateek Nayak (1): x86/topology: Use x86_sched_itmt_flags for PKG domain unconditionally Kailang Yang (1): ALSA: hda/realtek - Fixed headphone distorted sound on Acer Aspire A115-31 laptop Kalesh AP (1): RDMA/bnxt_re: Fix to drop reference to the mmap entry in case of error Karol Przybylski (1): HID: hid-thrustmaster: Fix warning in thrustmaster_probe by adding endpoint check Keisuke Nishimura (2): nvme: Add error check for xa_store in nvme_get_effects_log nvme: Add error path for xa_store in nvme_init_effects King Dix (1): PCI: rcar-ep: Fix incorrect variable used when calling devm_request_mem_region() Konrad Dybcio (4): arm64: dts: qcom: msm8996: Fix up USB3 interrupts arm64: dts: qcom: msm8994: Describe USB interrupts arm64: dts: qcom: sc7180-*: Remove thermal zone polling delays arm64: dts: qcom: sc8280xp: Fix up remoteproc register space sizes Kory Maincent (1): net: sh_eth: Fix missing rtnl lock in suspend/resume path Krzysztof Kozlowski (2): mfd: syscon: Use scoped variables with memory allocators to simplify error paths arm64: dts: qcom: sc7180: change labels to lower-case Kunihiko Hayashi (2): net: stmmac: Limit the number of MTL queues to hardware capability net: stmmac: Limit FIFO size by hardware capability Kyle Tso (2): usb: dwc3: core: Defer the probe until USB power supply ready usb: typec: tcpci: Prevent Sink disconnection before vPpsShutdown in SPR PPS Laurent Pinchart (1): media: uvcvideo: Fix double free in error path Laurentiu Palcu (2): media: nxp: imx8-isi: fix v4l2-compliance test errors staging: media: max96712: fix kernel oops when removing module Leon Romanovsky (1): RDMA/mlx4: Avoid false error about access to uninitialized gids array Levi Yun (1): perf expr: Initialize is_test value in expr__ctx_new() Li Zhijian (1): RDMA/rxe: Improve newline in printing messages Lianqin Hu (1): ALSA: usb-audio: Add delay quirk for iBasso DC07 Pro Lin Yujun (1): hexagon: Fix unbalanced spinlock in die() Liu Jian (1): net: let net.core.dev_weight always be non-zero Luca Ceresoli (2): of: remove internal arguments from of_property_for_each_u32() gpio: pca953x: log an error when failing to get the reset GPIO Luca Weiss (2): arm64: dts: qcom: sm7225-fairphone-fp4: Drop extra qcom,msm-id value media: i2c: imx412: Add missing newline to prints Luo Yifan (1): tools/bootconfig: Fix the wrong format specifier Ma Ke (1): RDMA/srp: Fix error handling in srp_add_port Maciej S. Szmigiero (1): pinctrl: amd: Take suspend type into consideration which pins are non-wake Mahdi Arghavani (1): tcp_cubic: fix incorrect HyStart round start detection Maher Sanalla (1): net/mlxfw: Drop hard coded max FW flash image size Mamta Shukla (1): arm: dts: socfpga: use reset-name "stmmaceth-ocp" instead of "ahb" Manivannan Sadhasivam (3): cpufreq: qcom: Fix qcom_cpufreq_hw_recalc_rate() to query LUT if LMh IRQ is not available cpufreq: qcom: Implement clk_ops::determine_rate() for qcom_cpufreq* clocks PCI: endpoint: pci-epf-test: Fix check for DMA MEMCPY test Marcel Hamer (1): wifi: brcmfmac: add missing header include for brcmf_dbg Marco Leogrande (1): tools/testing/selftests/bpf/test_tc_tunnel.sh: Fix wait for server bind Marek Vasut (4): clk: imx8mp: Fix clkout1/2 support ARM: dts: stm32: Deduplicate serial aliases and chosen node for STM32MP15xx DHCOM SoM ARM: dts: stm32: Swap USART3 and UART8 alias on STM32MP15xx DHCOM SoM arm64: dts: qcom: msm8996-xiaomi-gemini: Fix LP5562 LED1 reg property Mark Brown (1): spi: omap2-mcspi: Correctly handle devm_clk_get_optional() errors Martin KaFai Lau (1): bpf: bpf_local_storage: Always use bpf_mem_alloc in PREEMPT_RT Masahiro Yamada (8): ALSA: seq: remove redundant 'tristate' for SND_SEQ_UMP_CLIENT genksyms: fix memory leak when the same symbol is added from source genksyms: fix memory leak when the same symbol is read from *.symref file kconfig: fix file name in warnings when loading KCONFIG_DEFCONFIG_LIST kconfig: require a space after '#' for valid input kconfig: remove unused code for S_DEF_AUTO in conf_read_simple() kconfig: deduplicate code in conf_read_simple() kconfig: fix memory leak in sym_warn_unmet_dep() Mathieu Desnoyers (1): selftests/rseq: Fix handling of glibc without rseq support Matthew Wilcox (Oracle) (2): buffer: make folio_create_empty_buffers() return a buffer_head nilfs2: convert nilfs_lookup_dirty_data_buffers to use folio_create_empty_buffers Matti Vaittinen (1): dt-bindings: mfd: bd71815: Fix rsense and typos Michael Ellerman (1): selftests/powerpc: Fix argument order to timer_sub() Michael Guralnik (1): RDMA/mlx5: Fix indirect mkey ODP page count Michael Lo (1): wifi: mt76: mt7921: fix using incorrect group cipher after disconnection. Michal Luczaj (1): vsock: Allow retrying on connect() failure Michal Pecio (1): usb: xhci: Fix NULL pointer dereference on certain command aborts Michal Swiatkowski (1): iavf: allow changing VLAN state without calling PF Mickaël Salaün (2): landlock: Handle weird files selftests/landlock: Fix error message Mihai Sain (1): ARM: dts: microchip: sama5d27_wlsom1_ek: Remove mmc-ddr-3_3v property from sdmmc0 node Min-Hua Chen (1): drm/rockchip: vop2: include rockchip_drm_drv.h Ming Wang (1): rtc: loongson: clear TOY_MATCH0_REG in loongson_rtc_isr() Mingwei Zheng (4): spi: zynq-qspi: Add check for clk_enable() pwm: stm32-lp: Add check for clk_enable() pwm: stm32: Add check for clk_enable() pinctrl: stm32: Add check for clk_enable() Mohamed Khalfella (1): PCI: endpoint: pci-epf-test: Set dma_chan_rx pointer to NULL on error Nathan Chancellor (2): hostfs: Add const qualifier to host_root in hostfs_fill_super() s390: Add '-std=gnu11' to decompressor and purgatory CFLAGS Neeraj Sanjay Kale (1): Bluetooth: btnxpuart: Fix glitches seen in dual A2DP streaming Neil Armstrong (8): OPP: add index check to assert to avoid buffer overflow in _read_freq() OPP: fix dev_pm_opp_find_bw_*() when bandwidth table not initialized dt-bindings: mmc: controller: clarify the address-cells description arm64: dts: qcom: sdm845-db845c-navigation-mezzanine: remove disabled ov7251 camera arm64: dts: qcom: sc7180-trogdor-quackingstick: add missing avee-supply arm64: dts: qcom: sc7180-trogdor-pompom: rename 5v-choke thermal zone arm64: dts: qcom: sc7180: fix psci power domain node names arm64: dts: qcom: sm8150-microsoft-surface-duo: fix typos in da7280 properties Nicolas Cavallari (1): wifi: mt76: mt7915: Fix mesh scan on MT7916 DBDC Nicolas Ferre (1): ARM: at91: pm: change BU Power Switch to automatic mode Nikita Zhandarovich (2): net/rose: prevent integer overflows in rose_setsockopt() net: usb: rtl8150: enable basic endpoint checking Nícolas F. R. A. Prado (2): arm64: dts: mediatek: mt8186: Move wakeup to MTU3 to get working suspend arm64: dts: mediatek: mt8195: Remove suspend-breaking reset from pcie1 Octavian Purdila (2): net_sched: sch_sfq: don't allow 1 packet limit team: prevent adding a device which is already a team device lower Oleksij Rempel (1): rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read Olga Kornievskaia (2): NFSv4.2: fix COPY_NOTIFY xdr buf size calculation NFSv4.2: mark OFFLOAD_CANCEL MOVEABLE Oliver Neukum (1): media: rc: iguanair: handle timeouts Pablo Neira Ayuso (2): netfilter: nf_tables: fix set size with rbtree backend netfilter: nf_tables: reject mismatching sum of field_len with set key length Pali Rohár (3): cifs: Use cifs_autodisable_serverino() for disabling CIFS_MOUNT_SERVER_INUM in readdir.c cifs: Validate EAs for WSL reparse points cifs: Fix getting and setting SACLs over SMB1 Palmer Dabbelt (1): RISC-V: Mark riscv_v_init() as __init Paolo Abeni (2): mptcp: consolidate suboption status mptcp: handle fastopen disconnect correctly Parth Pancholi (1): kbuild: switch from lz4c to lz4 for compression Paul Menzel (1): scsi: mpt3sas: Set ioc->manu_pg11.EEDPTagMode directly to 1 Paulo Alcantara (1): smb: client: fix oops due to unset link speed Pei Xiao (1): i3c: dw: Fix use-after-free in dw_i3c_master driver due to race condition Perry Yuan (1): x86/cpu: Enable SD_ASYM_PACKING for PKG domain on AMD Peter Chiu (4): wifi: mt76: mt7915: fix register mapping wifi: mt76: mt7996: fix register mapping wifi: mt76: mt7996: add max mpdu len capability wifi: mt76: mt7996: fix ldpc setting Peter Griffin (2): mfd: syscon: Remove extern from function prototypes mfd: syscon: Add of_syscon_register_regmap() API Peter Zijlstra (2): sched/fair: Fix value reported by hot tasks pulled in /proc/schedstat sched/topology: Rename 'DIE' domain to 'PKG' Puranjay Mohan (1): bpf: Send signals asynchronously if !preemptible Qasim Ijaz (1): iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index() Qu Wenruo (1): btrfs: output the reason for open_ctree() failure Quan Nguyen (1): ipmi: ssif_bmc: Fix new request loss when bmc ready for a response Quentin Monnet (1): libbpf: Fix segfault due to libelf functions not setting errno Rafał Miłecki (2): ARM: dts: mediatek: mt7623: fix IR nodename bgmac: reduce max frame size to support just MTU 1500 Randy Dunlap (2): partitions: ldm: remove the initial kernel-doc notation efi: sysfb_efi: fix W=1 warnings when EFI is not set Ricardo B. Marliere (1): ktest.pl: Check kernelrelease return in get_version Ricardo Ribalda (1): media: uvcvideo: Propagate buf->error to userspace Richard Zhu (1): PCI: imx6: Skip controller_id generation logic for i.MX7D Ricky CX Wu (3): ARM: dts: aspeed: yosemite4: correct the compatible string of adm1272 ARM: dts: aspeed: yosemite4: Add required properties for IOE on fan boards ARM: dts: aspeed: yosemite4: correct the compatible string for max31790 Rob Herring (Arm) (1): mfd: syscon: Fix race in device_node_get_regmap() Roger Quadros (1): net: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns() Ryusuke Konishi (1): nilfs2: protect access to buffers with no active references Saket Kumar Bhaskar (1): selftests/bpf: Fix fill_link_info selftest on powerpc Sathishkumar Muruganandam (1): wifi: ath12k: fix tx power, max reg power update to firmware Sean Rhodes (1): drivers/card_reader/rtsx_usb: Restore interrupt based detection Sebastian Andrzej Siewior (1): module: Extend the preempt disabled section in dereference_symbol_descriptor(). Sergey Senozhatsky (1): kconfig: WERROR unmet symbol dependency Sergio Paracuellos (1): clk: ralink: mtmips: remove duplicated 'xtal' clock for Ralink SoC RT3883 Shazad Hussain (1): arm64: dts: qcom: sa8775p-ride: enable pmm8654au_0_pon_resin Shigeru Yoshida (1): vxlan: Fix uninit-value in vxlan_vnifilter_dump() Shinas Rasheed (1): octeon_ep: remove firmware stats fetch in ndo_get_stats64 Sourabh Jain (1): powerpc/book3s64/hugetlb: Fix disabling hugetlb when fadump is active Su Yue (1): ocfs2: mark dquot as inactive if failed to start trans while releasing dquot Sui Jingfeng (2): drm/etnaviv: Fix page property being used for non writecombine buffers drm/msm: Check return value of of_dma_configure() Sultan Alsawaf (unemployed) (1): cpufreq: schedutil: Fix superfluous updates caused by need_freq_update Takashi Iwai (1): ALSA: seq: Make dependency on UMP clearer Taniya Das (1): arm64: dts: qcom: sa8775p: Update sleep_clk frequency Terry Tritton (1): HID: fix generic desktop D-Pad controls Thadeu Lima de Souza Cascardo (9): wifi: rtlwifi: do not complete firmware loading needlessly wifi: rtlwifi: rtl8192se: rise completion of firmware loading as last step wifi: rtlwifi: wait for firmware loading before releasing memory wifi: rtlwifi: fix init_sw_vars leak when probe fails wifi: rtlwifi: usb: fix workqueue leak when probe fails wifi: rtlwifi: remove unused check_buddy_priv wifi: rtlwifi: destroy workqueue at rtl_deinit_core wifi: rtlwifi: fix memory leaks and invalid access at probe error path wifi: rtlwifi: pci: wait for firmware loading before releasing memory Thinh Nguyen (2): usb: gadget: f_tcm: Fix Get/SetInterface return value usb: gadget: f_tcm: Don't free command immediately Thomas Gleixner (1): genirq: Make handle_enforce_irqctx() unconditionally available Thomas Weißschuh (2): padata: fix sysfs store callback check ptp: Properly handle compat ioctls Tiezhu Yang (1): LoongArch: Change 8 to 14 for LOONGARCH_MAX_{BRP,WRP} Toke Høiland-Jørgensen (1): net: xdp: Disallow attaching device-bound programs in generic mode Uwe Kleine-König (1): mtd: hyperbus: hbmc-am654: Convert to platform remove callback returning void Val Packett (5): arm64: dts: mediatek: mt8516: fix GICv2 range arm64: dts: mediatek: mt8516: fix wdt irq type arm64: dts: mediatek: mt8516: add i2c clock-div property arm64: dts: mediatek: mt8516: reserve 192 KiB for TF-A arm64: dts: mediatek: add per-SoC compatibles for keypad nodes Vasily Khoruzhick (4): dt-bindings: clock: sunxi: Export PLL_VIDEO_2X and PLL_MIPI clk: sunxi-ng: a64: drop redundant CLK_PLL_VIDEO0_2X and CLK_PLL_MIPI clk: sunxi-ng: a64: stop force-selecting PLL-MIPI as TCON0 parent arm64: dts: allwinner: a64: explicitly assign clock parent for TCON0 Vladimir Zapolskiy (2): arm64: dts: qcom: sdm845: Fix interrupt types of camss interrupts arm64: dts: qcom: sm8250: Fix interrupt types of camss interrupts WangYuli (1): wifi: mt76: mt76u_vendor_request: Do not print error messages when -EPROTO Wenkai Lin (2): crypto: hisilicon/sec2 - fix for aead icv error crypto: hisilicon/sec2 - fix for aead invalid authsize Wentao Liang (1): PM: hibernate: Add error handling for syscore_suspend() Willem de Bruijn (1): hexagon: fix using plain integer as NULL pointer warning in cmpxchg Yabin Cui (1): perf/core: Save raw sample data conditionally based on sample type Yang Erkun (1): block: retry call probe after request_module in blk_request_module Yu Kuai (1): nbd: don't allow reconnect after disconnect Zhongqiu Han (3): perf header: Fix one memory leakage in process_bpf_btf() perf header: Fix one memory leakage in process_bpf_prog_info() perf bpf: Fix two memory leakages when calling perf_env__insert_bpf_prog_info() Zhu Yanjun (1): RDMA/rxe: Fix the warning "__rxe_cleanup+0x12c/0x170 [rdma_rxe]" Zichen Xie (1): samples/landlock: Fix possible NULL dereference in parse_path() Zijun Hu (3): of: reserved-memory: Do not make kmemleak ignore freed address PCI: endpoint: Destroy the EPC device in devm_pci_epc_destroy() driver core: class: Fix wild pointer dereferences in API class_dev_iter_next() david regan (1): mtd: rawnand: brcmnand: fix status read of brcmnand_waitfunc pangliyuan (1): ubifs: skip dumping tnc tree when zroot is null xueqin Luo (1): wifi: mt76: mt7915: fix overflows seen when writing limit attributes zhenwei pi (1): RDMA/rxe: Fix mismatched max_msg_sz

4 months, 1 week

1
1
0 0

[PATCH 6.1.y] cachefiles: Fix NULL pointer dereference in object->file

by lanbincn＠qq.com

From: Zizhi Wo <wozizhi(a)huawei.com> commit 31ad74b20227ce6b40910ff78b1c604e42975cf1 upstream. At present, the object->file has the NULL pointer dereference problem in ondemand-mode. The root cause is that the allocated fd and object->file lifetime are inconsistent, and the user-space invocation to anon_fd uses object->file. Following is the process that triggers the issue: [write fd] [umount] cachefiles_ondemand_fd_write_iter fscache_cookie_state_machine cachefiles_withdraw_cookie if (!file) return -ENOBUFS cachefiles_clean_up_object cachefiles_unmark_inode_in_use fput(object->file) object->file = NULL // file NULL pointer dereference! __cachefiles_write(..., file, ...) Fix this issue by add an additional reference count to the object->file before write/llseek, and decrement after it finished. Fixes: c8383054506c ("cachefiles: notify the user daemon when looking up cookie") Signed-off-by: Zizhi Wo <wozizhi(a)huawei.com> Link: https://lore.kernel.org/r/20241107110649.3980193-5-wozizhi@huawei.com Reviewed-by: David Howells <dhowells(a)redhat.com> Signed-off-by: Christian Brauner <brauner(a)kernel.org> Signed-off-by: Bin Lan <lanbincn(a)qq.com> --- fs/cachefiles/interface.c | 14 ++++++++++---- fs/cachefiles/ondemand.c | 30 ++++++++++++++++++++++++------ 2 files changed, 34 insertions(+), 10 deletions(-) diff --git a/fs/cachefiles/interface.c b/fs/cachefiles/interface.c index bde23e156a63..fd71775c703a 100644 --- a/fs/cachefiles/interface.c +++ b/fs/cachefiles/interface.c @@ -327,6 +327,8 @@ static void cachefiles_commit_object(struct cachefiles_object *object, static void cachefiles_clean_up_object(struct cachefiles_object *object, struct cachefiles_cache *cache) { + struct file *file; + if (test_bit(FSCACHE_COOKIE_RETIRED, &object->cookie->flags)) { if (!test_bit(CACHEFILES_OBJECT_USING_TMPFILE, &object->flags)) { cachefiles_see_object(object, cachefiles_obj_see_clean_delete); @@ -342,10 +344,14 @@ static void cachefiles_clean_up_object(struct cachefiles_object *object, } cachefiles_unmark_inode_in_use(object, object->file); - if (object->file) { - fput(object->file); - object->file = NULL; - } + + spin_lock(&object->lock); + file = object->file; + object->file = NULL; + spin_unlock(&object->lock); + + if (file) + fput(file); } /* diff --git a/fs/cachefiles/ondemand.c b/fs/cachefiles/ondemand.c index d1a0264b08a6..3389a373faf6 100644 --- a/fs/cachefiles/ondemand.c +++ b/fs/cachefiles/ondemand.c @@ -61,20 +61,26 @@ static ssize_t cachefiles_ondemand_fd_write_iter(struct kiocb *kiocb, { struct cachefiles_object *object = kiocb->ki_filp->private_data; struct cachefiles_cache *cache = object->volume->cache; - struct file *file = object->file; + struct file *file; size_t len = iter->count; loff_t pos = kiocb->ki_pos; const struct cred *saved_cred; int ret; - if (!file) + spin_lock(&object->lock); + file = object->file; + if (!file) { + spin_unlock(&object->lock); return -ENOBUFS; + } + get_file(file); + spin_unlock(&object->lock); cachefiles_begin_secure(cache, &saved_cred); ret = __cachefiles_prepare_write(object, file, &pos, &len, true); cachefiles_end_secure(cache, saved_cred); if (ret < 0) - return ret; + goto out; trace_cachefiles_ondemand_fd_write(object, file_inode(file), pos, len); ret = __cachefiles_write(object, file, pos, iter, NULL, NULL); @@ -83,6 +89,8 @@ static ssize_t cachefiles_ondemand_fd_write_iter(struct kiocb *kiocb, kiocb->ki_pos += ret; } +out: + fput(file); return ret; } @@ -90,12 +98,22 @@ static loff_t cachefiles_ondemand_fd_llseek(struct file *filp, loff_t pos, int whence) { struct cachefiles_object *object = filp->private_data; - struct file *file = object->file; + struct file *file; + loff_t ret; - if (!file) + spin_lock(&object->lock); + file = object->file; + if (!file) { + spin_unlock(&object->lock); return -ENOBUFS; + } + get_file(file); + spin_unlock(&object->lock); - return vfs_llseek(file, pos, whence); + ret = vfs_llseek(file, pos, whence); + fput(file); + + return ret; } static long cachefiles_ondemand_fd_ioctl(struct file *filp, unsigned int ioctl, -- 2.43.0

4 months, 1 week

1
0
0 0

[PATCH 6.6.y] cachefiles: Fix NULL pointer dereference in object->file

by lanbincn＠qq.com

From: Zizhi Wo <wozizhi(a)huawei.com> commit 31ad74b20227ce6b40910ff78b1c604e42975cf1 upstream. At present, the object->file has the NULL pointer dereference problem in ondemand-mode. The root cause is that the allocated fd and object->file lifetime are inconsistent, and the user-space invocation to anon_fd uses object->file. Following is the process that triggers the issue: [write fd] [umount] cachefiles_ondemand_fd_write_iter fscache_cookie_state_machine cachefiles_withdraw_cookie if (!file) return -ENOBUFS cachefiles_clean_up_object cachefiles_unmark_inode_in_use fput(object->file) object->file = NULL // file NULL pointer dereference! __cachefiles_write(..., file, ...) Fix this issue by add an additional reference count to the object->file before write/llseek, and decrement after it finished. Fixes: c8383054506c ("cachefiles: notify the user daemon when looking up cookie") Signed-off-by: Zizhi Wo <wozizhi(a)huawei.com> Link: https://lore.kernel.org/r/20241107110649.3980193-5-wozizhi@huawei.com Reviewed-by: David Howells <dhowells(a)redhat.com> Signed-off-by: Christian Brauner <brauner(a)kernel.org> Signed-off-by: Bin Lan <lanbincn(a)qq.com> --- fs/cachefiles/interface.c | 14 ++++++++++---- fs/cachefiles/ondemand.c | 30 ++++++++++++++++++++++++------ 2 files changed, 34 insertions(+), 10 deletions(-) diff --git a/fs/cachefiles/interface.c b/fs/cachefiles/interface.c index 35ba2117a6f6..3e63cfe15874 100644 --- a/fs/cachefiles/interface.c +++ b/fs/cachefiles/interface.c @@ -327,6 +327,8 @@ static void cachefiles_commit_object(struct cachefiles_object *object, static void cachefiles_clean_up_object(struct cachefiles_object *object, struct cachefiles_cache *cache) { + struct file *file; + if (test_bit(FSCACHE_COOKIE_RETIRED, &object->cookie->flags)) { if (!test_bit(CACHEFILES_OBJECT_USING_TMPFILE, &object->flags)) { cachefiles_see_object(object, cachefiles_obj_see_clean_delete); @@ -342,10 +344,14 @@ static void cachefiles_clean_up_object(struct cachefiles_object *object, } cachefiles_unmark_inode_in_use(object, object->file); - if (object->file) { - fput(object->file); - object->file = NULL; - } + + spin_lock(&object->lock); + file = object->file; + object->file = NULL; + spin_unlock(&object->lock); + + if (file) + fput(file); } /* diff --git a/fs/cachefiles/ondemand.c b/fs/cachefiles/ondemand.c index d1a0264b08a6..3389a373faf6 100644 --- a/fs/cachefiles/ondemand.c +++ b/fs/cachefiles/ondemand.c @@ -61,20 +61,26 @@ static ssize_t cachefiles_ondemand_fd_write_iter(struct kiocb *kiocb, { struct cachefiles_object *object = kiocb->ki_filp->private_data; struct cachefiles_cache *cache = object->volume->cache; - struct file *file = object->file; + struct file *file; size_t len = iter->count; loff_t pos = kiocb->ki_pos; const struct cred *saved_cred; int ret; - if (!file) + spin_lock(&object->lock); + file = object->file; + if (!file) { + spin_unlock(&object->lock); return -ENOBUFS; + } + get_file(file); + spin_unlock(&object->lock); cachefiles_begin_secure(cache, &saved_cred); ret = __cachefiles_prepare_write(object, file, &pos, &len, true); cachefiles_end_secure(cache, saved_cred); if (ret < 0) - return ret; + goto out; trace_cachefiles_ondemand_fd_write(object, file_inode(file), pos, len); ret = __cachefiles_write(object, file, pos, iter, NULL, NULL); @@ -83,6 +89,8 @@ static ssize_t cachefiles_ondemand_fd_write_iter(struct kiocb *kiocb, kiocb->ki_pos += ret; } +out: + fput(file); return ret; } @@ -90,12 +98,22 @@ static loff_t cachefiles_ondemand_fd_llseek(struct file *filp, loff_t pos, int whence) { struct cachefiles_object *object = filp->private_data; - struct file *file = object->file; + struct file *file; + loff_t ret; - if (!file) + spin_lock(&object->lock); + file = object->file; + if (!file) { + spin_unlock(&object->lock); return -ENOBUFS; + } + get_file(file); + spin_unlock(&object->lock); - return vfs_llseek(file, pos, whence); + ret = vfs_llseek(file, pos, whence); + fput(file); + + return ret; } static long cachefiles_ondemand_fd_ioctl(struct file *filp, unsigned int ioctl, -- 2.43.0

4 months, 1 week

1
0
0 0

[PATCH] usb: cdns3: exit cdns3_gadget_udc_start if FAST_REG_ACCESS cannot be set

by Siddharth Vadapalli

When the device is in a low power state, access to the following registers takes a long time: - EP_CFG - EP_TRADDR - EP_CMD - EP_SEL - EP_STS - USB_CONF To address this, the fast register access feature can be enabled by setting PUSB_PWR_FST_REG_ACCESS bit of the USB_PWR register, which allows quick access by software. Software is expected to poll on PUSB_PWR_FST_REG_ACCESS_STAT to ensure that fast register access has been enabled by the controller. Attempting to access any of the aforementioned registers after setting PUSB_PWR_FST_REG_ACCESS but before PUSB_PWR_FST_REG_ACCESS_STAT has been set will result in undefined behavior and potentially result in system hang. Hence, poll on PUSB_PWR_FST_REG_ACCESS_STAT before proceeding with gadget configuration, and exit if it cannot be enabled. Fixes: b5148d946f45 ("usb: cdns3: gadget: set fast access bit") Cc: <stable(a)vger.kernel.org> Signed-off-by: Siddharth Vadapalli <s-vadapalli(a)ti.com> --- Hello, This patch is based on commit 92514ef226f5 Merge tag 'for-6.14-rc1-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux of Mainline Linux. Regards, Siddharth. drivers/usb/cdns3/cdns3-gadget.c | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/drivers/usb/cdns3/cdns3-gadget.c b/drivers/usb/cdns3/cdns3-gadget.c index fd1beb10bba7..b62691944272 100644 --- a/drivers/usb/cdns3/cdns3-gadget.c +++ b/drivers/usb/cdns3/cdns3-gadget.c @@ -2971,8 +2971,6 @@ static void cdns3_gadget_config(struct cdns3_device *priv_dev) /* enable generic interrupt*/ writel(USB_IEN_INIT, &regs->usb_ien); writel(USB_CONF_CLK2OFFDS | USB_CONF_L1DS, &regs->usb_conf); - /* keep Fast Access bit */ - writel(PUSB_PWR_FST_REG_ACCESS, &priv_dev->regs->usb_pwr); cdns3_configure_dmult(priv_dev, NULL); } @@ -2990,6 +2988,8 @@ static int cdns3_gadget_udc_start(struct usb_gadget *gadget, struct cdns3_device *priv_dev = gadget_to_cdns3_device(gadget); unsigned long flags; enum usb_device_speed max_speed = driver->max_speed; + int ret; + u32 reg; spin_lock_irqsave(&priv_dev->lock, flags); priv_dev->gadget_driver = driver; @@ -2997,6 +2997,20 @@ static int cdns3_gadget_udc_start(struct usb_gadget *gadget, /* limit speed if necessary */ max_speed = min(driver->max_speed, gadget->max_speed); + /* keep Fast Access bit */ + writel(PUSB_PWR_FST_REG_ACCESS, &priv_dev->regs->usb_pwr); + reg = readl(&priv_dev->regs->usb_pwr); + if (!(reg & PUSB_PWR_FST_REG_ACCESS_STAT)) { + ret = readl_poll_timeout_atomic(&priv_dev->regs->usb_pwr, reg, + (reg & PUSB_PWR_FST_REG_ACCESS_STAT), + 10, 1000); + if (ret) { + dev_err(priv_dev->dev, "Failed to enable fast access\n"); + spin_unlock_irqrestore(&priv_dev->lock, flags); + return ret; + } + } + switch (max_speed) { case USB_SPEED_FULL: writel(USB_CONF_SFORCE_FS, &priv_dev->regs->usb_conf); -- 2.43.0

4 months, 1 week

2
4
0 0

Re: The business loan-

by David Song

Hello, My name is David Song, at AA4 FS, we are a consultancy and brokerage Firm specializing in Growth Financial Loan and joint partnership venture. We specialize in investments in all Private and public sectors in a broad range of areas within our Financial Investment Services. We are experts in financial and operational management, due diligence and capital planning in all markets and industries. Our Investors wish to invest in any viable Project presented by your Management after reviews on your Business Project Presentation Plan. We look forward to your Swift response. We also offer commission to consultants and brokers for any partnership referrals. Regards, David Song Senior Broker AA4 Financial Services 13 Wonersh Way, Cheam, Sutton, Surrey, SM2 7LX Email: dsong(a)aa4financialservice.com

4 months, 1 week

1
0
0 0

[PATCH 6.13 000/619] 6.13.2-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.13.2 release. There are 619 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 08 Feb 2025 16:05:17 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.13.2-rc2… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.13.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.13.2-rc2 Qu Wenruo <wqu(a)suse.com> btrfs: do proper folio cleanup when run_delalloc_nocow() failed Qu Wenruo <wqu(a)suse.com> btrfs: do proper folio cleanup when cow_file_range() failed Tiezhu Yang <yangtiezhu(a)loongson.cn> LoongArch: Change 8 to 14 for LOONGARCH_MAX_{BRP,WRP} Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> pwm: Ensure callbacks exist before calling them Chen Ridong <chenridong(a)huawei.com> memcg: fix soft lockup in the OOM process Sean Christopherson <seanjc(a)google.com> KVM: x86: Plumb in the vCPU to kvm_x86_ops.hwapic_isr_update() Aric Cyr <Aric.Cyr(a)amd.com> drm/amd/display: Add hubp cache reset when powergating Nathan Chancellor <nathan(a)kernel.org> s390: Add '-std=gnu11' to decompressor and purgatory CFLAGS Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> ASoC: da7213: Initialize the mutex Kevin Brodsky <kevin.brodsky(a)arm.com> selftests/mm: build with -O2 Qu Wenruo <wqu(a)suse.com> btrfs: output the reason for open_ctree() failure Yu Kuai <yukuai3(a)huawei.com> md/md-bitmap: Synchronize bitmap_get_stats() with bitmap lifetime Shivaprasad G Bhat <sbhat(a)linux.ibm.com> powerpc/pseries/iommu: Don't unset window if it was never set Dan Carpenter <dan.carpenter(a)linaro.org> media: imx-jpeg: Fix potential error pointer dereference in detach_pm() Laurentiu Palcu <laurentiu.palcu(a)oss.nxp.com> staging: media: max96712: fix kernel oops when removing module Melissa Wen <mwen(a)igalia.com> drm/amd/display: restore invalid MSA timing check for freesync Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: gadget: f_tcm: Don't free command immediately Calvin Owens <calvin(a)wbinvd.org> pps: Fix a use-after-free Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> media: uvcvideo: Fix double free in error path Arnaud Pouliquen <arnaud.pouliquen(a)foss.st.com> remoteproc: core: Fix ida_free call while not allocated Patrisious Haddad <phaddad(a)nvidia.com> RDMA/mlx5: Fix implicit ODP use after free Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: blackhole only if 1st SYN retrans w/o MPC is accepted Paolo Abeni <pabeni(a)redhat.com> mptcp: handle fastopen disconnect correctly Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: only set fullmesh for subflow endp Paolo Abeni <pabeni(a)redhat.com> mptcp: consolidate suboption status Abel Vesa <abel.vesa(a)linaro.org> clk: qcom: gcc-x1e80100: Do not turn off usb_2 controller GDSC Kyle Tso <kyletso(a)google.com> usb: typec: tcpci: Prevent Sink disconnection before vPpsShutdown in SPR PPS Jos Wang <joswang(a)lenovo.com> usb: typec: tcpm: set SRC_SEND_CAPABILITIES timeout to PD_T_SENDER_RESPONSE Ray Chi <raychi(a)google.com> usb: dwc3: Skip resume if pm_runtime_set_active() fails Kyle Tso <kyletso(a)google.com> usb: dwc3: core: Defer the probe until USB power supply ready Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> usb: dwc3-am62: Fix an OF node leak in phy_syscon_pll_refclk() Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: gadget: f_tcm: Fix Get/SetInterface return value Sean Rhodes <sean(a)starlabs.systems> drivers/card_reader/rtsx_usb: Restore interrupt based detection Michal Pecio <michal.pecio(a)gmail.com> usb: xhci: Fix NULL pointer dereference on certain command aborts Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> net: usb: rtl8150: enable basic endpoint checking Lianqin Hu <hulianqin(a)vivo.com> ALSA: usb-audio: Add delay quirk for iBasso DC07 Pro Darrick J. Wong <djwong(a)kernel.org> xfs: don't shut down the filesystem for media failures beyond end of log Darrick J. Wong <djwong(a)kernel.org> xfs: release the dquot buf outside of qli_lock Darrick J. Wong <djwong(a)kernel.org> xfs: don't over-report free space or inodes in statvfs Long Li <leo.lilong(a)huawei.com> xfs: fix mount hang during primary superblock recovery failure Christoph Hellwig <hch(a)lst.de> xfs: check for dead buffers in xfs_buf_find_insert Ricardo B. Marliere <rbm(a)suse.com> ktest.pl: Check kernelrelease return in get_version Masami Hiramatsu (Google) <mhiramat(a)kernel.org> selftests/ftrace: Fix to use remount when testing mount GID option Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> selftests/rseq: Fix handling of glibc without rseq support Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: reject mismatching sum of field_len with set key length Chuck Lever <chuck.lever(a)oracle.com> Revert "SUNRPC: Reduce thread wake-up rate when receiving large RPC messages" Yu Kuai <yukuai3(a)huawei.com> md/md-bitmap: move bitmap_{start, end}write to md upper layer Yu Kuai <yukuai3(a)huawei.com> md/raid5: implement pers->bitmap_sector() Yu Kuai <yukuai3(a)huawei.com> md: add a new callback pers->bitmap_sector() Yu Kuai <yukuai3(a)huawei.com> md/md-bitmap: remove the last parameter for bimtap_ops->endwrite() Yu Kuai <yukuai3(a)huawei.com> md/md-bitmap: factor behind write counters out from bitmap_{start/end}write() Daniel Lee <chullee(a)google.com> f2fs: Introduce linear search for dentries Liam R. Howlett <Liam.Howlett(a)Oracle.com> kernel: be more careful about dup_mmap() failures and uprobe registering Masahiro Yamada <masahiroy(a)kernel.org> kbuild: fix Clang LTO with CONFIG_OBJTOOL=n Lin Yujun <linyujun809(a)huawei.com> hexagon: Fix unbalanced spinlock in die() Willem de Bruijn <willemb(a)google.com> hexagon: fix using plain integer as NULL pointer warning in cmpxchg Masahiro Yamada <masahiroy(a)kernel.org> kconfig: fix memory leak in sym_warn_unmet_dep() Masahiro Yamada <masahiroy(a)kernel.org> kconfig: fix file name in warnings when loading KCONFIG_DEFCONFIG_LIST Pali Rohár <pali(a)kernel.org> cifs: Fix getting and setting SACLs over SMB1 Pali Rohár <pali(a)kernel.org> cifs: Validate EAs for WSL reparse points Len Brown <len.brown(a)intel.com> tools/power turbostat: Fix forked child affinity regression Daniel Baluta <daniel.baluta(a)nxp.com> ASoC: amd: acp: Fix possible deadlock Jens Axboe <axboe(a)kernel.dk> io_uring/register: use atomic_read/write for sq_flags migration Jens Axboe <axboe(a)kernel.dk> io_uring/uring_cmd: use cached cmd_op in io_uring_cmd_sock() Jens Axboe <axboe(a)kernel.dk> io_uring/msg_ring: don't leave potentially dangling ->tctx pointer Detlev Casanova <detlev.casanova(a)collabora.com> ASoC: rockchip: i2s_tdm: Re-add the set_sysclk callback Palmer Dabbelt <palmer(a)rivosinc.com> RISC-V: Mark riscv_v_init() as __init Torsten Hilbrich <torsten.hilbrich(a)secunet.com> kbuild: Fix signing issue for external modules Patryk Wlazlyn <patryk.wlazlyn(a)linux.intel.com> tools/power turbostat: Fix PMT mmaped file size rounding Al Viro <viro(a)zeniv.linux.org.uk> hostfs: fix string handling in __dentry_name() Masahiro Yamada <masahiroy(a)kernel.org> genksyms: fix memory leak when the same symbol is read from *.symref file Masahiro Yamada <masahiroy(a)kernel.org> genksyms: fix memory leak when the same symbol is added from source Eric Dumazet <edumazet(a)google.com> net: hsr: fix fill_frame_info() regression vs VLAN packets Kory Maincent <kory.maincent(a)bootlin.com> net: sh_eth: Fix missing rtnl lock in suspend/resume path Kory Maincent <kory.maincent(a)bootlin.com> net: ravb: Fix missing rtnl lock in suspend/resume path Toke Høiland-Jørgensen <toke(a)redhat.com> net: xdp: Disallow attaching device-bound programs in generic mode Jon Maloy <jmaloy(a)redhat.com> tcp: correct handling of extreme memory squeeze Rafał Miłecki <rafal(a)milecki.pl> bgmac: reduce max frame size to support just MTU 1500 Michal Luczaj <mhal(a)rbox.co> vsock: Allow retrying on connect() failure Neeraj Sanjay Kale <neeraj.sanjaykale(a)nxp.com> Bluetooth: btnxpuart: Fix glitches seen in dual A2DP streaming Douglas Anderson <dianders(a)chromium.org> Bluetooth: btusb: mediatek: Add locks for usb_driver_claim_interface() Namhyung Kim <namhyung(a)kernel.org> perf test: Skip syscall enum test if no landlock syscall Howard Chu <howardchu95(a)gmail.com> perf trace: Fix runtime error of index out of bounds Heiko Carstens <hca(a)linux.ibm.com> s390/sclp: Initialize sclp subsystem via arch_cpu_finalize_init() Cosmin Ratiu <cratiu(a)nvidia.com> bonding: Correctly support GSO ESP offload Kunihiko Hayashi <hayashi.kunihiko(a)socionext.com> net: stmmac: Limit FIFO size by hardware capability Kunihiko Hayashi <hayashi.kunihiko(a)socionext.com> net: stmmac: Limit the number of MTL queues to hardware capability Gal Pressman <gal(a)nvidia.com> ethtool: Fix set RXNFC command with symmetric RSS hash Thomas Weißschuh <linux(a)weissschuh.net> ptp: Properly handle compat ioctls Ian Rogers <irogers(a)google.com> perf annotate: Use an array for the disassembler preference Chenyuan Yang <chenyuan0y(a)gmail.com> net: davicom: fix UAF in dm9000_drv_remove Shigeru Yoshida <syoshida(a)redhat.com> vxlan: Fix uninit-value in vxlan_vnifilter_dump() David Howells <dhowells(a)redhat.com> rxrpc, afs: Fix peer hash locking vs RCU callback Jan Stancek <jstancek(a)redhat.com> selftests: net/{lib,openvswitch}: extend CFLAGS to keep options from environment Jan Stancek <jstancek(a)redhat.com> selftests: mptcp: extend CFLAGS to keep options from environment Jakub Kicinski <kuba(a)kernel.org> net: page_pool: don't try to stash the napi id Jakub Kicinski <kuba(a)kernel.org> tools: ynl: c: correct reverse decode of empty attrs Stanislav Fomichev <sdf(a)fomichev.me> net/mlx5e: add missing cpu_to_node to kvzalloc_node in mlx5e_open_xdpredirect_sq Jakub Kicinski <kuba(a)kernel.org> net: netdevsim: try to close UDP port harness races Eric Dumazet <edumazet(a)google.com> net: rose: fix timer races against user threads Paul Fertser <fercerpav(a)gmail.com> net/ncsi: use dev_set_mac_address() for Get MC MAC Address handling Vasily Gorbik <gor(a)linux.ibm.com> s390/mm: Allow large pages for KASAN shadow mapping Michal Swiatkowski <michal.swiatkowski(a)linux.intel.com> iavf: allow changing VLAN state without calling PF Mateusz Polchlopek <mateusz.polchlopek(a)intel.com> ice: remove invalid parameter of equalizer Przemek Kitszel <przemyslaw.kitszel(a)intel.com> ice: fix ice_parser_rt::bst_key array size Marco Leogrande <leogrande(a)google.com> idpf: convert workqueues to unbound Manoj Vishwanathan <manojvishy(a)google.com> idpf: Acquire the lock before accessing the xn->salt Emil Tantilov <emil.s.tantilov(a)intel.com> idpf: fix transaction timeouts on reset Emil Tantilov <emil.s.tantilov(a)intel.com> idpf: add read memory barrier when checking descriptor done bit Sebastian Sewior <bigeasy(a)linutronix.de> xfrm: Don't disable preemption while looking up cache state. Howard Chu <howardchu95(a)gmail.com> perf trace: Fix BPF loading failure (-E2BIG) Wentao Liang <vulab(a)iscas.ac.cn> PM: hibernate: Add error handling for syscore_suspend() Eric Dumazet <edumazet(a)google.com> ipmr: do not call mr_mfc_uses_dev() for unres entries Dheeraj Reddy Jonnalagadda <dheeraj.linuxdev(a)gmail.com> net: fec: implement TSO descriptor cleanup Dimitri Fedrau <dima.fedrau(a)gmail.com> net: phy: marvell-88q2xxx: Fix temperature measurement with reset-gpios Ahmad Fatoum <a.fatoum(a)pengutronix.de> gpio: mxc: remove dead code after switch to DT-only Jian Shen <shenjian15(a)huawei.com> net: hns3: fix oops when unload drivers paralleling Christian Marangi <ansuelsmth(a)gmail.com> net: airoha: Fix wrong GDM4 register definition Alexander Stein <alexander.stein(a)ew.tq-group.com> regulator: core: Add missing newline character pangliyuan <pangliyuan1(a)huawei.com> ubifs: skip dumping tnc tree when zroot is null Zhihao Cheng <chengzhihao1(a)huawei.com> ubi: Revert "ubi: wl: Close down wear-leveling before nand is suspended" Ming Wang <wangming01(a)loongson.cn> rtc: loongson: clear TOY_MATCH0_REG in loongson_rtc_isr() Oleksij Rempel <o.rempel(a)pengutronix.de> rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read Dan Carpenter <dan.carpenter(a)linaro.org> rtc: tps6594: Fix integer overflow on 32bit systems Alexandre Cassen <acassen(a)corp.free.fr> xfrm: delete intermediate secpath entry in packet offload mode Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> dmaengine: ti: edma: fix OF node reference leaks in edma_driver Florian Westphal <fw(a)strlen.de> xfrm: state: fix out-of-bounds read during lookup Jianbo Liu <jianbol(a)nvidia.com> xfrm: replay: Fix the update of replay_esn->oseq_hi for GSO Luo Yifan <luoyifan(a)cmss.chinamobile.com> tools/bootconfig: Fix the wrong format specifier Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Fix warnings during S3 suspend Olga Kornievskaia <okorniev(a)redhat.com> NFSv4.2: mark OFFLOAD_CANCEL MOVEABLE Olga Kornievskaia <okorniev(a)redhat.com> NFSv4.2: fix COPY_NOTIFY xdr buf size calculation Mike Snitzer <snitzer(a)kernel.org> nfs: fix incorrect error handling in LOCALIO John Ogness <john.ogness(a)linutronix.de> serial: 8250: Adjust the timeout for FIFO mode Jiri Slaby (SUSE) <jirislaby(a)kernel.org> tty: mips_ejtag_fdc: fix one more u8 warning Zijun Hu <quic_zijuhu(a)quicinc.com> driver core: class: Fix wild pointer dereferences in API class_dev_iter_next() Christophe Leroy <christophe.leroy(a)csgroup.eu> module: Don't fail module loading when setting ro_after_init section RO failed Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> module: Extend the preempt disabled section in dereference_symbol_descriptor(). Suren Baghdasaryan <surenb(a)google.com> alloc_tag: avoid current->alloc_tag manipulations when profiling is disabled Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: handle errors that nilfs_prepare_chunk() may return Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: protect access to buffers with no active references Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: do not force clear folio if buffer is referenced Su Yue <glass.su(a)suse.com> ocfs2: mark dquot as inactive if failed to start trans while releasing dquot Gao Xiang <xiang(a)kernel.org> erofs: fix potential return value overflow of z_erofs_shrink_scan() Charles Han <hanchunchao(a)inspur.com> firewire: test: Fix potential null dereference in firewire kunit test Guixin Liu <kanie(a)linux.alibaba.com> scsi: mpi3mr: Fix possible crash when setting up bsg fails Guixin Liu <kanie(a)linux.alibaba.com> scsi: ufs: bsg: Delete bsg_dev when setting up bsg fails Paul Menzel <pmenzel(a)molgen.mpg.de> scsi: mpt3sas: Set ioc->manu_pg11.EEDPTagMode directly to 1 Daire McNamara <daire.mcnamara(a)microchip.com> PCI: microchip: Set inbound address translation for coherent or non-coherent mode Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> PCI: endpoint: pci-epf-test: Fix check for DMA MEMCPY test Mohamed Khalfella <khalfella(a)gmail.com> PCI: endpoint: pci-epf-test: Set dma_chan_rx pointer to NULL on error Richard Zhu <hongxing.zhu(a)nxp.com> PCI: dwc: Always stop link in the dw_pcie_suspend_noirq Krishna chaitanya chundru <quic_krichai(a)quicinc.com> PCI: qcom: Update ICC and OPP values after Link Up event Richard Zhu <hongxing.zhu(a)nxp.com> PCI: imx6: Add missing reference clock disable logic Richard Zhu <hongxing.zhu(a)nxp.com> PCI: imx6: Deassert apps_reset in imx_pcie_deassert_core_reset() Richard Zhu <hongxing.zhu(a)nxp.com> PCI: imx6: Skip controller_id generation logic for i.MX7D Frank Li <Frank.Li(a)nxp.com> PCI: imx6: Configure PHY based on Root Complex or Endpoint mode Dan Carpenter <dan.carpenter(a)linaro.org> PCI: rockchip-ep: Fix error code in rockchip_pcie_ep_init_ob_mem() Damien Le Moal <dlemoal(a)kernel.org> PCI: rockchip: Add missing fields descriptions for struct rockchip_pcie_ep King Dix <kingdix10(a)qq.com> PCI: rcar-ep: Fix incorrect variable used when calling devm_request_mem_region() Desnes Nunes <desnesn(a)redhat.com> media: dvb-usb-v2: af9035: fix ISO C90 compilation error on af9035_i2c_master_xfer Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> staging: media: imx: fix OF node leak in imx_media_add_of_subdevs() Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> watchdog: rti_wdt: Fix an OF node leak in rti_wdt_probe() Laurentiu Palcu <laurentiu.palcu(a)oss.nxp.com> media: nxp: imx8-isi: fix v4l2-compliance test errors Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> mtd: hyperbus: hbmc-am654: fix an OF node reference leak david regan <dregan(a)broadcom.com> mtd: rawnand: brcmnand: fix status read of brcmnand_waitfunc Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Propagate buf->error to userspace Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Fix deadlock during uvc_probe Jiasheng Jiang <jiashengjiangcool(a)gmail.com> media: camif-core: Add check for clk_enable() Jiasheng Jiang <jiashengjiangcool(a)gmail.com> media: mipi-csis: Add check for clk_enable() Dave Stevenson <dave.stevenson(a)raspberrypi.com> media: i2c: ov9282: Correct the exposure offset Luca Weiss <luca.weiss(a)fairphone.com> media: i2c: imx412: Add missing newline to prints Dave Stevenson <dave.stevenson(a)raspberrypi.com> media: i2c: imx290: Register 0x3011 varies between imx327 and imx290 Jiasheng Jiang <jiashengjiangcool(a)gmail.com> media: marvell: Add check for clk_enable() Chen-Yu Tsai <wenst(a)chromium.org> remoteproc: mtk_scp: Only populate devices for SCP cores Zijun Hu <quic_zijuhu(a)quicinc.com> PCI: endpoint: Destroy the EPC device in devm_pci_epc_destroy() Chen Ni <nichen(a)iscas.ac.cn> media: lmedm04: Handle errors for lme2510_int_read Oliver Neukum <oneukum(a)suse.com> media: rc: iguanair: handle timeouts Dmytro Maluka <dmaluka(a)chromium.org> of/fdt: Restore possibility to use both ACPI and FDT from bootloader Mark Brown <broonie(a)kernel.org> spi: omap2-mcspi: Correctly handle devm_clk_get_optional() errors Michal Wilczynski <m.wilczynski(a)samsung.com> mailbox: th1520: Fix memory corruption due to incorrect array size Dan Carpenter <dan.carpenter(a)linaro.org> mailbox: mpfs: fix copy and paste bug in probe Dan Carpenter <dan.carpenter(a)linaro.org> mailbox: th1520: Fix a NULL vs IS_ERR() bug Qasim Ijaz <qasdev00(a)gmail.com> iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index() Suraj Sonawane <surajsonawane0215(a)gmail.com> iommu: iommufd: fix WARNING in iommufd_device_unbind Zhu Yanjun <yanjun.zhu(a)linux.dev> RDMA/rxe: Fix the warning "__rxe_cleanup+0x12c/0x170 [rdma_rxe]" Anumula Murali Mohan Reddy <anumula(a)chelsio.com> RDMA/cxgb4: Notify rdma stack for IB_EVENT_QP_LAST_WQE_REACHED event Randy Dunlap <rdunlap(a)infradead.org> efi: sysfb_efi: fix W=1 warnings when EFI is not set Zijun Hu <quic_zijuhu(a)quicinc.com> of: reserved-memory: Do not make kmemleak ignore freed address Zijun Hu <quic_zijuhu(a)quicinc.com> of: property: Avoiding using uninitialized variable @imaplen in parse_interrupt_map() Michael Guralnik <michaelgur(a)nvidia.com> RDMA/mlx5: Fix indirect mkey ODP page count Pei Xiao <xiaopei01(a)kylinos.cn> i3c: dw: Fix use-after-free in dw_i3c_master driver due to race condition Joel Stanley <joel(a)jms.id.au> arm64: dts: qcom: x1e80100-romulus: Update firmware nodes Akhil R <akhilrajeev(a)nvidia.com> arm64: tegra: Fix DMA ID for SPI2 Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> fbdev: omapfb: Fix an OF node leak in dss_of_port_get_parent_device() Josua Mayer <josua(a)solid-run.com> arm64: dts: ti: k3-am642-hummingboard-t: Convert overlay to board dts Siddharth Vadapalli <s-vadapalli(a)ti.com> arm64: dts: ti: Makefile: Fix typo "k3-j7200-evm-pcie1-ep.dtbo" Michael Riesch <michael.riesch(a)wolfvision.net> arm64: dts: rockchip: fix num-channels property of wolfvision pf5 mic Jagan Teki <jagan(a)edgeble.ai> arm64: dts: rockchip: Fix PCIe3 handling for Edgeble-6TOPS Modules Rafał Miłecki <rafal(a)milecki.pl> ARM: dts: mediatek: mt7623: fix IR nodename Josua Mayer <josua(a)solid-run.com> arm64: dts: marvell: cn9131-cf-solidwan: fix cp1 comphy links Vladimir Zapolskiy <vladimir.zapolskiy(a)linaro.org> arm64: dts: qcom: sm8250: Fix interrupt types of camss interrupts Vladimir Zapolskiy <vladimir.zapolskiy(a)linaro.org> arm64: dts: qcom: sdm845: Fix interrupt types of camss interrupts Vladimir Zapolskiy <vladimir.zapolskiy(a)linaro.org> arm64: dts: qcom: sc8280xp: Fix interrupt type of camss interrupts Val Packett <val(a)packett.cool> arm64: dts: mediatek: add per-SoC compatibles for keypad nodes Jason-JH.Lin <jason-jh.lin(a)mediatek.com> dts: arm64: mediatek: mt8195: Remove MT8183 compatible for OVL Jason-JH.Lin <jason-jh.lin(a)mediatek.com> dts: arm64: mediatek: mt8188: Update OVL compatible from MT8183 to MT8195 Frank Wunderlich <frank-w(a)public-files.de> arm64: dts: mediatek: mt7988: Add missing clock-div property for i2c Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> firmware: qcom: scm: Cleanup global '__scm' on probe failures Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com> arm64: dts: qcom: sc8280xp: Fix up remoteproc register space sizes Neil Armstrong <neil.armstrong(a)linaro.org> arm64: dts: qcom: sm8150-microsoft-surface-duo: fix typos in da7280 properties Neil Armstrong <neil.armstrong(a)linaro.org> arm64: dts: qcom: sc7180: fix psci power domain node names Alan Stern <stern(a)rowland.harvard.edu> HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections Neil Armstrong <neil.armstrong(a)linaro.org> arm64: dts: qcom: sc7180-trogdor-pompom: rename 5v-choke thermal zone Neil Armstrong <neil.armstrong(a)linaro.org> arm64: dts: qcom: sc7180-trogdor-quackingstick: add missing avee-supply Neil Armstrong <neil.armstrong(a)linaro.org> arm64: dts: qcom: sdm845-db845c-navigation-mezzanine: remove disabled ov7251 camera Neil Armstrong <neil.armstrong(a)linaro.org> arm64: dts: qcom: qcm6490-shift-otter: remove invalid orientation-switch Aaro Koskinen <aaro.koskinen(a)iki.fi> ARM: omap1: Fix up the Retu IRQ on Nokia 770 Junxian Huang <huangjunxian6(a)hisilicon.com> RDMA/hns: Clean up the legacy CONFIG_INFINIBAND_HNS Li Zhijian <lizhijian(a)fujitsu.com> RDMA/rtrs: Add missing deinit() call Kalesh AP <kalesh-anakkur.purayil(a)broadcom.com> RDMA/bnxt_re: Fix to drop reference to the mmap entry in case of error Jonas Karlman <jonas(a)kwiboo.se> arm64: dts: rockchip: Fix sdmmc access on rk3308-rock-s0 v1.1 boards Bryan Brattlof <bb(a)ti.com> arm64: dts: ti: k3-am62a: Remove duplicate GICR reg Bryan Brattlof <bb(a)ti.com> arm64: dts: ti: k3-am62: Remove duplicate GICR reg Cristian Birsan <cristian.birsan(a)microchip.com> ARM: dts: microchip: sama5d27_wlsom1_ek: Add no-1-8-v property to sdmmc0 node Cristian Birsan <cristian.birsan(a)microchip.com> ARM: dts: microchip: sama5d29_curiosity: Add no-1-8-v property to sdmmc0 node Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8650: Fix CDSP context banks unit addresses Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: x1e80100: correct sleep clock frequency Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sm8650: correct sleep clock frequency Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sm8550: correct sleep clock frequency Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sm8450: correct sleep clock frequency Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sm8350: correct sleep clock frequency Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sm8250: correct sleep clock frequency Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sm6375: correct sleep clock frequency Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sm6125: correct sleep clock frequency Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sm4450: correct sleep clock frequency Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sdx75: correct sleep clock frequency Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sc7280: correct sleep clock frequency Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: qrb4210-rb2: correct sleep clock frequency Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: q[dr]u1000: correct sleep clock frequency Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: qcs404: correct sleep clock frequency Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: msm8994: correct sleep clock frequency Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: msm8939: correct sleep clock frequency Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: msm8916: correct sleep clock frequency Luca Weiss <luca.weiss(a)fairphone.com> arm64: dts: qcom: sm7225-fairphone-fp4: Drop extra qcom,msm-id value Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com> arm64: dts: qcom: msm8994: Describe USB interrupts Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com> arm64: dts: qcom: msm8996: Fix up USB3 interrupts Ross Burton <ross.burton(a)arm.com> arm64: defconfig: remove obsolete CONFIG_SM_DISPCC_8650 Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com> arm64: dts: qcom: sa8775p: Use valid node names for GPI DMAs Maulik Shah <quic_mkshah(a)quicinc.com> arm64: dts: qcom: sa8775p: Add CPUs to psci power domain Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com> arm64: dts: qcom: sa8775p: Use a SoC-specific compatible for GPI DMA Taniya Das <quic_tdas(a)quicinc.com> arm64: dts: qcom: sa8775p: Update sleep_clk frequency Marek Vasut <marex(a)denx.de> arm64: dts: qcom: msm8996-xiaomi-gemini: Fix LP5562 LED1 reg property Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8183-kukui-jacuzzi: Drop pp3300_panel voltage settings Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> memory: tegra20-emc: fix an OF node reference bug in tegra_emc_find_node_by_ram_code() Marek Vasut <marex(a)denx.de> ARM: dts: stm32: Swap USART3 and UART8 alias on STM32MP15xx DHCOM SoM Marek Vasut <marex(a)denx.de> ARM: dts: stm32: Deduplicate serial aliases and chosen node for STM32MP15xx DHCOM SoM Nícolas F. R. A. Prado <nfraprado(a)collabora.com> arm64: dts: mediatek: mt8195: Remove suspend-breaking reset from pcie1 Ma Ke <make_ruc2021(a)163.com> RDMA/srp: Fix error handling in srp_add_port Hsin-Te Yuan <yuanhsinte(a)chromium.org> arm64: dts: mediatek: mt8183: willow: Support second source touchscreen Hsin-Te Yuan <yuanhsinte(a)chromium.org> arm64: dts: mediatek: mt8183: kenzo: Support second source touchscreen zhenwei pi <pizhenwei(a)bytedance.com> RDMA/rxe: Fix mismatched max_msg_sz Mamta Shukla <mamta.shukla(a)leica-geosystems.com> arm: dts: socfpga: use reset-name "stmmaceth-ocp" instead of "ahb" Ricky CX Wu <ricky.cx.wu.wiwynn(a)gmail.com> ARM: dts: aspeed: yosemite4: correct the compatible string for max31790 Ricky CX Wu <ricky.cx.wu.wiwynn(a)gmail.com> ARM: dts: aspeed: yosemite4: Add required properties for IOE on fan boards Ricky CX Wu <ricky.cx.wu.wiwynn(a)gmail.com> ARM: dts: aspeed: yosemite4: correct the compatible string of adm1272 Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8173-evb: Fix MT6397 PMIC sub-node names Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8173-elm: Fix MT6397 PMIC sub-node names Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8395-genio-1200-evk: Drop regulator-compatible property Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: medaitek: mt8395-nio-12l: Drop regulator-compatible property Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8195-demo: Drop regulator-compatible property Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8195-cherry: Drop regulator-compatible property Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8192-asurada: Drop regulator-compatible property Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8173-elm: Drop regulator-compatible property Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8173-evb: Drop regulator-compatible property Dan Carpenter <dan.carpenter(a)linaro.org> rdma/cxgb4: Prevent potential integer overflow on 32bit Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> arm64: dts: renesas: rzg3s-smarc: Fix the debug serial alias Leon Romanovsky <leon(a)kernel.org> RDMA/mlx4: Avoid false error about access to uninitialized gids array Arnaud Pouliquen <arnaud.pouliquen(a)foss.st.com> ARM: dts: stm32: Fix IPCC EXTI declaration on stm32mp151 Marek Vasut <marex(a)denx.de> ARM: dts: stm32: Sort M24256E write-lockable page in DH STM32MP13xx DHCOR SoM DT Marek Vasut <marex(a)denx.de> ARM: dts: stm32: Increase CPU core voltage on STM32MP13xx DHCOR SoM Val Packett <val(a)packett.cool> arm64: dts: mediatek: mt8516: reserve 192 KiB for TF-A Val Packett <val(a)packett.cool> arm64: dts: mediatek: mt8516: add i2c clock-div property Val Packett <val(a)packett.cool> arm64: dts: mediatek: mt8516: fix wdt irq type Val Packett <val(a)packett.cool> arm64: dts: mediatek: mt8516: fix GICv2 range Hsin-Yi Wang <hsinyi(a)chromium.org> arm64: dts: mt8183: set DMIC one-wire mode on Damu Nícolas F. R. A. Prado <nfraprado(a)collabora.com> arm64: dts: mediatek: mt8186: Move wakeup to MTU3 to get working suspend Alexander Stein <alexander.stein(a)ew.tq-group.com> ARM: dts: imx7-tqma7: add missing vs-supply for LM75A (rev. 01xxx) Nicolas Ferre <nicolas.ferre(a)microchip.com> ARM: at91: pm: change BU Power Switch to automatic mode Javier Carrasco <javier.carrasco.cruz(a)gmail.com> soc: atmel: fix device_node release in atmel_soc_device_init() Hou Tao <houtao1(a)huawei.com> bpf: Cancel the running bpf_timer through kworker for PREEMPT_RT Pali Rohár <pali(a)kernel.org> cifs: Use cifs_autodisable_serverino() for disabling CIFS_MOUNT_SERVER_INUM in readdir.c Paulo Alcantara <pc(a)manguebit.com> smb: client: fix oops due to unset link speed Herbert Xu <herbert(a)gondor.apana.org.au> rhashtable: Fix rhashtable_try_insert test Chen Ridong <chenridong(a)huawei.com> padata: avoid UAF for reorder_work Chen Ridong <chenridong(a)huawei.com> padata: add pd get/put refcnt helper Chen Ridong <chenridong(a)huawei.com> padata: fix UAF in padata_reorder Chun-Tse Shao <ctshao(a)google.com> perf lock: Fix parse_lock_type which only retrieve one lock flag Vishal Chourasia <vishalc(a)linux.ibm.com> tools: Sync if_xdp.h uapi tooling header Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek - Fixed headphone distorted sound on Acer Aspire A115-31 laptop Jason Gunthorpe <jgg(a)ziepe.ca> iommu/amd: Fully decode all combinations of alloc_paging_flags Jason Gunthorpe <jgg(a)ziepe.ca> iommu/amd: Change amd_iommu_pgtable to use enum protection_domain_mode Jason Gunthorpe <jgg(a)ziepe.ca> iommu/amd: Remove type argument from do_iommu_domain_alloc() and related Jason Gunthorpe <jgg(a)ziepe.ca> iommu/amd: Remove dev == NULL checks Jason Gunthorpe <jgg(a)ziepe.ca> iommu/amd: Remove domain_alloc() Alejandro Jimenez <alejandro.j.jimenez(a)oracle.com> iommu/amd: Remove unused amd_iommu_domain_update() Guo Ren <guoren(a)kernel.org> iommu/riscv: Fixup compile warning Daniel Xu <dxu(a)dxuuu.xyz> bpf: tcp: Mark bpf_load_hdr_opt() arg2 as read-write Pu Lehui <pulehui(a)huawei.com> libbpf: Fix incorrect traversal end type ID when marking BTF_IS_EMBEDDED Pu Lehui <pulehui(a)huawei.com> libbpf: Fix return zero when elf_begin failed Pu Lehui <pulehui(a)huawei.com> selftests/bpf: Fix btf leak on new btf alloc failure in btf_distill test Tony Ambardar <tony.ambardar(a)gmail.com> selftests/bpf: Fix undefined UINT_MAX in veristat.c Puranjay Mohan <puranjay(a)kernel.org> bpf: Send signals asynchronously if !preemptible Simon Trimmer <simont(a)opensource.cirrus.com> ASoC: Intel: sof_sdw: Fix DMI match for Lenovo 83JX, 83MC and 83NM Simon Trimmer <simont(a)opensource.cirrus.com> ASoC: Intel: sof_sdw: Fix DMI match for Lenovo 83LC Ian Rogers <irogers(a)google.com> perf inject: Fix use without initialization of local variables Ian Rogers <irogers(a)google.com> perf test stat: Avoid hybrid assumption when virtualized Maciej S. Szmigiero <mail(a)maciej.szmigiero.name> pinctrl: amd: Take suspend type into consideration which pins are non-wake Mingwei Zheng <zmw12306(a)gmail.com> pinctrl: stm32: Add check for clk_enable() Jiachen Zhang <me(a)jcix.top> perf report: Fix misleading help message about --demangle Cezary Rojewski <cezary.rojewski(a)intel.com> ALSA: hda: Fix compilation of snd_hdac_adsp_xxx() helpers Arnaldo Carvalho de Melo <acme(a)kernel.org> perf MANIFEST: Add arch/*/include/uapi/asm/bpf_perf_event.h to the perf tarball Namhyung Kim <namhyung(a)kernel.org> perf symbol: Prefer non-label symbols with same address Amadeusz Sławiński <amadeuszx.slawinski(a)linux.intel.com> ASoC: Intel: avs: Fix init-config parsing Cezary Rojewski <cezary.rojewski(a)intel.com> ASoC: Intel: avs: Fix theoretical infinite loop Cezary Rojewski <cezary.rojewski(a)intel.com> ASoC: Intel: avs: Fix the minimum firmware version numbers Cezary Rojewski <cezary.rojewski(a)intel.com> ASoC: Intel: avs: Do not readq() u32 registers Arnaldo Carvalho de Melo <acme(a)redhat.com> perf namespaces: Fixup the nsinfo__in_pidns() return type, its bool Arnaldo Carvalho de Melo <acme(a)redhat.com> perf namespaces: Introduce nsinfo__set_in_pidns() Christophe Leroy <christophe.leroy(a)csgroup.eu> perf machine: Don't ignore _etext when not a text symbol Christophe Leroy <christophe.leroy(a)csgroup.eu> perf maps: Fix display of kernel symbols Arnaldo Carvalho de Melo <acme(a)redhat.com> perf top: Don't complain about lack of vmlinux when not resolving some kernel samples Lu Baolu <baolu.lu(a)linux.intel.com> iommu/vt-d: Draining PRQ in sva unbind path when FPD bit set Jiayuan Chen <mrpre(a)163.com> selftests/bpf: Avoid generating untracked files when running bpf selftests Thomas Weißschuh <linux(a)weissschuh.net> padata: fix sysfs store callback check Martin KaFai Lau <martin.lau(a)kernel.org> bpf: Reject struct_ops registration that uses module ptr and the module btf_id is missing Takashi Iwai <tiwai(a)suse.de> ALSA: seq: Make dependency on UMP clearer Pei Xiao <xiaopei01(a)kylinos.cn> bpf: Use refcount_t instead of atomic_t for mmap_count Kanchana P Sridhar <kanchana.p.sridhar(a)intel.com> crypto: iaa - Fix IAA disabling that occurs when sync_mode is set to 'async' James Clark <james.clark(a)linaro.org> perf stat: Fix trailing comma when there is no metric unit Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> crypto: ixp4xx - fix OF node reference leaks in init_ixp_crypto() Wenkai Lin <linwenkai6(a)hisilicon.com> crypto: hisilicon/sec2 - fix for aead invalid authsize Wenkai Lin <linwenkai6(a)hisilicon.com> crypto: hisilicon/sec2 - fix for aead icv error Breno Leitao <leitao(a)debian.org> rhashtable: Fix potential deadlock by moving schedule_work outside lock Martin KaFai Lau <martin.lau(a)kernel.org> bpf: bpf_local_storage: Always use bpf_mem_alloc in PREEMPT_RT Ba Jing <bajing(a)cmss.chinamobile.com> ktest.pl: Remove unused declarations in run_bisect_test function Mingwei Zheng <zmw12306(a)gmail.com> pinctrl: nomadik: Add check for clk_enable() Levi Yun <yeoreum.yun(a)arm.com> perf expr: Initialize is_test value in expr__ctx_new() Arnaldo Carvalho de Melo <acme(a)redhat.com> tools build: Remove the libunwind feature tests from the ones detected when test-all.o builds Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> ASoC: renesas: rz-ssi: Use only the proper amount of dividers Zhongqiu Han <quic_zhonhan(a)quicinc.com> perf bpf: Fix two memory leakages when calling perf_env__insert_bpf_prog_info() Zhongqiu Han <quic_zhonhan(a)quicinc.com> perf header: Fix one memory leakage in process_bpf_prog_info() Zhongqiu Han <quic_zhonhan(a)quicinc.com> perf header: Fix one memory leakage in process_bpf_btf() Hans de Goede <hdegoede(a)redhat.com> platform/x86: x86-android-tablets: Make variables only used locally static Hans de Goede <hdegoede(a)redhat.com> platform/x86: x86-android-tablets: Add missing __init to get_i2c_adap_by_*() Gaurav Jain <gaurav.jain(a)nxp.com> crypto: caam - use JobR's space to access page 0 regs Herbert Xu <herbert(a)gondor.apana.org.au> crypto: api - Fix boot-up self-test race Chen Ridong <chenridong(a)huawei.com> crypto: tegra - do not transfer req when tegra init fails Jason Gunthorpe <jgg(a)ziepe.ca> iommu/arm-smmuv3: Update comments about ATS and bypass Saket Kumar Bhaskar <skb99(a)linux.ibm.com> selftests/bpf: Fix fill_link_info selftest on powerpc Arnaldo Carvalho de Melo <acme(a)redhat.com> tools features: Don't check for libunwind devel files by default George Lander <lander(a)jagmn.com> ASoC: sun4i-spdif: Add clock multiplier settings Bard Liao <yung-chuan.liao(a)linux.intel.com> ASoC: Intel: sof_sdw: correct mach_params->dmic_num Quentin Monnet <qmo(a)kernel.org> libbpf: Fix segfault due to libelf functions not setting errno Andrea Righi <arighi(a)nvidia.com> sched_ext: Use the NUMA scheduling domain for NUMA optimizations Marco Leogrande <leogrande(a)google.com> tools/testing/selftests/bpf/test_tc_tunnel.sh: Fix wait for server bind Takashi Iwai <tiwai(a)suse.de> ASoC: wcd937x: Use *-y for Makefile Takashi Iwai <tiwai(a)suse.de> ASoC: cs42l84: Use *-y for Makefile Takashi Iwai <tiwai(a)suse.de> ASoC: SDCA: Use *-y for Makefile Takashi Iwai <tiwai(a)suse.de> ASoC: mediatek: mt8365: Use *-y for Makefile Takashi Iwai <tiwai(a)suse.de> ASoC: cs40l50: Use *-y for Makefile Andrii Nakryiko <andrii(a)kernel.org> libbpf: don't adjust USDT semaphore address if .stapsdt.base addr is missing Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> pinctrl: samsung: Fix irq handling if an error occurs in exynos_irq_demux_eint16_31() Pei Xiao <xiaopei01(a)kylinos.cn> platform/x86: x86-android-tablets: make platform data be static Pei Xiao <xiaopei01(a)kylinos.cn> platform/mellanox: mlxbf-pmc: incorrect type in assignment Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> net/rose: prevent integer overflows in rose_setsockopt() Mahdi Arghavani <ma.arghavani(a)yahoo.com> tcp_cubic: fix incorrect HyStart round start detection Roger Quadros <rogerq(a)kernel.org> net: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns() Xin Long <lucien.xin(a)gmail.com> net: sched: refine software bypass handling in tc_run Florian Westphal <fw(a)strlen.de> netfilter: nft_flow_offload: update tcp state flags under lock Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: fix set size with rbtree backend Jamal Hadi Salim <jhs(a)mojatatu.com> net: sched: Disallow replacing of child qdisc from one parent to another Antoine Tenart <atenart(a)kernel.org> net: avoid race between device unregistration and ethnl ops Shinas Rasheed <srasheed(a)marvell.com> octeon_ep_vf: remove firmware stats fetch in ndo_get_stats64 Shinas Rasheed <srasheed(a)marvell.com> octeon_ep: remove firmware stats fetch in ndo_get_stats64 Maher Sanalla <msanalla(a)nvidia.com> net/mlxfw: Drop hard coded max FW flash image size Liu Jian <liujian56(a)huawei.com> net: let net.core.dev_weight always be non-zero Mickaël Salaün <mic(a)digikod.net> selftests/landlock: Fix error message Mickaël Salaün <mic(a)digikod.net> selftests/landlock: Fix build with non-default pthread linking Daniel Golle <daniel(a)makrotopia.org> net: phy: realtek: always clear NBase-T lpa Daniel Golle <daniel(a)makrotopia.org> net: phy: realtek: clear master_slave_state if link is down Daniel Golle <daniel(a)makrotopia.org> net: phy: realtek: clear 1000Base-T lpa if link is down Mingwei Zheng <zmw12306(a)gmail.com> pwm: stm32: Add check for clk_enable() Kuniyuki Iwashima <kuniyu(a)amazon.com> dev: Acquire netdev_rename_lock before restoring dev->name in dev_change_name(). Bo Gan <ganboing(a)gmail.com> clk: analogbits: Fix incorrect calculation of vco rate delta Eric Dumazet <edumazet(a)google.com> inet: ipmr: fix data-races Alexis Lothoré <alexis.lothore(a)bootlin.com> wifi: wilc1000: unregister wiphy only after netdev registration Max Chou <max.chou(a)realtek.com> Bluetooth: btrtl: check for NULL in btrtl_setup_realtek() Charles Han <hanchunchao(a)inspur.com> Bluetooth: btbcm: Fix NULL deref in btbcm_get_board_name() Dmitry Antipov <dmantipov(a)yandex.ru> wifi: cfg80211: adjust allocation of colocated AP data Dmitry V. Levin <ldv(a)strace.io> selftests: harness: fix printing of mismatch values in __EXPECT() Geert Uytterhoeven <geert+renesas(a)glider.be> selftests: timers: clocksource-switch: Adapt progress to kselftest framework Aditya Kumar Singh <quic_adisi(a)quicinc.com> wifi: ath12k: fix key cache handling Gautham R. Shenoy <gautham.shenoy(a)amd.com> cpufreq: ACPI: Fix max-frequency computation Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> i2c: designware: Actually make use of the I2C_DW_COMMON and I2C_DW symbol namespaces Peter Chiu <chui-hao.chiu(a)mediatek.com> wifi: mt76: mt7996: fix ldpc setting Benjamin Lin <benjamin-jw.lin(a)mediatek.com> wifi: mt76: mt7996: fix definition of tx descriptor Benjamin Lin <benjamin-jw.lin(a)mediatek.com> wifi: mt76: mt7996: fix incorrect indexing of MIB FW event Howard Hsu <howard-yh.hsu(a)mediatek.com> wifi: mt76: mt7996: fix HE Phy capability Howard Hsu <howard-yh.hsu(a)mediatek.com> wifi: mt76: mt7996: fix the capability of reception of EHT MU PPDU Peter Chiu <chui-hao.chiu(a)mediatek.com> wifi: mt76: mt7996: add max mpdu len capability Peter Chiu <chui-hao.chiu(a)mediatek.com> wifi: mt76: mt7996: fix register mapping Peter Chiu <chui-hao.chiu(a)mediatek.com> wifi: mt76: mt7915: fix register mapping Felix Fietkau <nbd(a)nbd.name> wifi: mt76: mt7915: fix omac index assignment after hardware reset Felix Fietkau <nbd(a)nbd.name> wifi: mt76: mt7915: firmware restart on devices with a second pcie link Felix Fietkau <nbd(a)nbd.name> wifi: mt76: only enable tx worker after setting the channel Felix Fietkau <nbd(a)nbd.name> wifi: mt76: mt7996: fix rx filter setting for bfee functionality Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> wifi: mt76: mt7925: Properly handle responses for commands with events Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> wifi: mt76: mt7925: Cleanup MLO settings post-disconnection Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> wifi: mt76: mt7925: Update mt7925_mcu_uni_[tx,rx]_ba for MLO Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> wifi: mt76: mt7925: Init secondary link PM state Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> wifi: mt76: mt7925: Update secondary link PS flow Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> wifi: mt76: mt7925: Update mt7925_unassign_vif_chanctx for per-link BSS Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> wifi: mt76: mt7925: Update mt792x_rx_get_wcid for per-link STA Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> wifi: mt76: mt7925: Update mt7925_mcu_sta_update for BC in ASSOC state Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> wifi: mt76: Enhance mt7925_mac_link_sta_add to support MLO Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> wifi: mt76: mt7925: Enhance mt7925_mac_link_bss_add to support MLO Leon Yen <leon.yen(a)mediatek.com> wifi: mt76: mt7925: Fix CNM Timeout with Single Active Link in MLO Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> wifi: mt76: mt7925: fix wrong parameter for related cmd of chan info allan.wang <allan.wang(a)mediatek.com> wifi: mt76: mt7925: Fix incorrect WCID phy_idx assignment Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> wifi: mt76: mt7925: Fix incorrect WCID assignment for MLO Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> wifi: mt76: mt7925: Fix incorrect MLD address in bss_mld_tlv for MLO support Sean Wang <sean.wang(a)mediatek.com> wifi: mt76: connac: Extend mt76_connac_mcu_uni_add_dev for MLO xueqin Luo <luoxueqin(a)kylinos.cn> wifi: mt76: mt7915: fix overflows seen when writing limit attributes xueqin Luo <luoxueqin(a)kylinos.cn> wifi: mt76: mt7996: fix overflows seen when writing limit attributes Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> wifi: mt76: mt7925: fix the invalid ip address for arp offload Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> wifi: mt76: mt7925: fix get wrong chip cap from incorrect pointer Eric-SY Chang <eric-sy.chang(a)mediatek.com> wifi: mt76: mt7925: fix wrong band_idx setting when enable sniffer mode Charles Han <hanchunchao(a)inspur.com> wifi: mt76: mt7925: fix NULL deref check in mt7925_change_vif_links Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> wifi: mt76: mt7915: Fix an error handling path in mt7915_add_interface() Michael Lo <michael.lo(a)mediatek.com> wifi: mt76: mt7921: fix using incorrect group cipher after disconnection. WangYuli <wangyuli(a)uniontech.com> wifi: mt76: mt76u_vendor_request: Do not print error messages when -EPROTO Mickaël Salaün <mic(a)digikod.net> landlock: Handle weird files Guangguan Wang <guangguan.wang(a)linux.alibaba.com> net/smc: fix data error when recvmsg with MSG_PEEK flag Drew Fustini <dfustini(a)tenstorrent.com> clk: thead: Fix cpu2vp_clk for TH1520 AP_SUBSYS clocks Drew Fustini <dfustini(a)tenstorrent.com> clk: thead: Add CLK_IGNORE_UNUSED to fix TH1520 boot Drew Fustini <dfustini(a)tenstorrent.com> clk: thead: Fix clk gate registration to pass flags Sergio Paracuellos <sergio.paracuellos(a)gmail.com> clk: ralink: mtmips: remove duplicated 'xtal' clock for Ralink SoC RT3883 Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: don't flush non-uploaded STAs Ilan Peer <ilan.peer(a)intel.com> wifi: mac80211: Fix common size calculation for ML element Andy Strohman <andrew(a)andrewstrohman.com> wifi: mac80211: fix tid removal during mesh forwarding Kees Cook <kees(a)kernel.org> wifi: cfg80211: Move cfg80211_scan_req_add_chan() n_channels increment earlier Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: prohibit deactivating all links Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> wifi: iwlwifi: mvm: remove unneeded NULL pointer checks Daniel Gabay <daniel.gabay(a)intel.com> wifi: iwlwifi: mvm: don't count mgmt frames as MPDU Miri Korenblit <miriam.rachel.korenblit(a)intel.com> wifi: iwlwifi: mvm: avoid NULL pointer dereference Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: fw: read STEP table from correct UEFI var Nicolas Cavallari <nicolas.cavallari(a)green-communications.fr> wifi: mt76: mt7915: Fix mesh scan on MT7916 DBDC Dan Carpenter <dan.carpenter(a)linaro.org> wifi: mt76: mt7925: fix off by one in mt7925_load_clc() Joel Stanley <joel(a)jms.id.au> hwmon: Fix help text for aspeed-g6-pwm-tach Ping-Ke Shih <pkshih(a)realtek.com> wifi: rtw89: fix race between cancel_hw_scan and hw_scan completion Zong-Zhe Yang <kevin_yang(a)realtek.com> wifi: rtw89: mcc: consider time limits not divisible by 1024 Chih-Kang Chang <gary.chang(a)realtek.com> wifi: rtw89: avoid to init mgnt_entry list twice when WoWLAN failed Po-Hao Huang <phhuang(a)realtek.com> wifi: rtw89: correct header conversion rule for MLO only Zong-Zhe Yang <kevin_yang(a)realtek.com> wifi: rtw89: chan: fix soft lockup in rtw89_entity_recalc_mgnt_roles() Zong-Zhe Yang <kevin_yang(a)realtek.com> wifi: rtw89: fix proceeding MCC with wrong scanning state after sequence changes Andreas Kemnade <andreas(a)kemnade.info> wifi: wlcore: fix unbalanced pm_runtime calls Alexis Lothoré <alexis.lothore(a)bootlin.com> wifi: wilc1000: unregister wiphy only if it has been registered Shayne Chen <shayne.chen(a)mediatek.com> wifi: mt76: mt7996: fix invalid interface combinations Zichen Xie <zichenxie0106(a)gmail.com> samples/landlock: Fix possible NULL dereference in parse_path() Rob Herring (Arm) <robh(a)kernel.org> mfd: syscon: Fix race in device_node_get_regmap() Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> leds: cht-wcove: Use devm_led_classdev_register() to avoid memory leak Terry Tritton <terry.tritton(a)linaro.org> HID: fix generic desktop D-Pad controls Karol Przybylski <karprzy7(a)gmail.com> HID: hid-thrustmaster: Fix warning in thrustmaster_probe by adding endpoint check Amit Pundir <amit.pundir(a)linaro.org> clk: qcom: gcc-sdm845: Do not use shared clk_ops for QUPs Sathishkumar Muruganandam <quic_murugana(a)quicinc.com> wifi: ath12k: fix tx power, max reg power update to firmware Quan Nguyen <quan(a)os.amperecomputing.com> ipmi: ssif_bmc: Fix new request loss when bmc ready for a response Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> OPP: OF: Fix an OF node leak in _opp_add_static_v2() Yevgeny Kliteynik <kliteyn(a)nvidia.com> net/mlx5: HWS, fix definer's HWS_SET32 macro for negative offset Eric Dumazet <edumazet(a)google.com> ax25: rcu protect dev->ax25_ptr Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> regulator: of: Implement the unwind path of of_regulator_match() Vasily Khoruzhick <anarsoul(a)gmail.com> clk: sunxi-ng: a64: stop force-selecting PLL-MIPI as TCON0 parent Mario Limonciello <mario.limonciello(a)amd.com> cpufreq/amd-pstate: Fix prefcore rankings Octavian Purdila <tavip(a)google.com> team: prevent adding a device which is already a team device lower Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> clk: qcom: camcc-x1e80100: Set titan_top_gdsc as the parent GDSC of subordinate GDSCs Peng Fan <peng.fan(a)nxp.com> clk: imx: Apply some clks only for i.MX93 Shengjiu Wang <shengjiu.wang(a)nxp.com> arm64: dts: imx93: Use IMX93_CLK_SPDIF_IPG as SPDIF IPG clock Shengjiu Wang <shengjiu.wang(a)nxp.com> clk: imx93: Add IMX93_CLK_SPDIF_IPG clock Shengjiu Wang <shengjiu.wang(a)nxp.com> dt-bindings: clock: imx93: Add SPDIF IPG clk Marek Vasut <marex(a)denx.de> clk: imx8mp: Fix clkout1/2 support Stefano Brivio <sbrivio(a)redhat.com> udp: Deal with race between UDP socket address change and rehash Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> cpufreq: qcom: Implement clk_ops::determine_rate() for qcom_cpufreq* clocks Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> cpufreq: qcom: Fix qcom_cpufreq_hw_recalc_rate() to query LUT if LMh IRQ is not available Luca Ceresoli <luca.ceresoli(a)bootlin.com> gpio: pca953x: log an error when failing to get the reset GPIO Lorenzo Bianconi <lorenzo(a)kernel.org> net: airoha: Fix error path in airoha_probe() Eric Dumazet <edumazet(a)google.com> ptr_ring: do not block hard interrupts in ptr_ring_resize_multiple() Mickaël Salaün <mic(a)digikod.net> selftests: ktap_helpers: Fix uninitialized variable Sultan Alsawaf (unemployed) <sultan(a)kerneltoast.com> cpufreq: schedutil: Fix superfluous updates caused by need_freq_update Mingwei Zheng <zmw12306(a)gmail.com> pwm: stm32-lp: Add check for clk_enable() Eric Dumazet <edumazet(a)google.com> inetpeer: do not get a refcount in inet_getpeer() Eric Dumazet <edumazet(a)google.com> inetpeer: update inetpeer timestamp in inet_getpeer() Eric Dumazet <edumazet(a)google.com> inetpeer: remove create argument of inet_getpeer() Eric Dumazet <edumazet(a)google.com> inetpeer: remove create argument of inet_getpeer_v[46]() Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> leds: netxbig: Fix an OF node reference leak in netxbig_leds_get_of_pdata() Matti Vaittinen <mazziesaccount(a)gmail.com> dt-bindings: mfd: bd71815: Fix rsense and typos He Rongguang <herongguang(a)linux.alibaba.com> cpupower: fix TSC MHz calculation Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> ACPI: fan: cleanup resources in the error path of .probe() Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> hwmon: (nct6775): Actually make use of the HWMON_NCT6775 symbol namespace Marcel Hamer <marcel.hamer(a)windriver.com> wifi: brcmfmac: add missing header include for brcmf_dbg Aditya Kumar Singh <quic_adisi(a)quicinc.com> wifi: ath12k: fix read pointer after free in ath12k_mac_assign_vif_to_vdev() Chen-Yu Tsai <wenst(a)chromium.org> regulator: dt-bindings: mt6315: Drop regulator-compatible property Jiri Kosina <jikos(a)kernel.org> HID: multitouch: fix support for Goodix PID 0x01e9 Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> wifi: rtlwifi: pci: wait for firmware loading before releasing memory Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> wifi: rtlwifi: fix memory leaks and invalid access at probe error path Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> wifi: rtlwifi: destroy workqueue at rtl_deinit_core Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> wifi: rtlwifi: remove unused check_buddy_priv Geert Uytterhoeven <geert+renesas(a)glider.be> dt-bindings: leds: class-multicolor: Fix path to color definitions Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> clk: fix an OF node reference leak in of_clk_get_parent_name() Neil Armstrong <neil.armstrong(a)linaro.org> dt-bindings: mmc: controller: clarify the address-cells description David Howells <dhowells(a)redhat.com> rxrpc: Fix handling of received connection abort Mingwei Zheng <zmw12306(a)gmail.com> spi: zynq-qspi: Add check for clk_enable() Octavian Purdila <tavip(a)google.com> net_sched: sch_sfq: don't allow 1 packet limit Song Yoong Siang <yoong.siang.song(a)intel.com> selftests/bpf: Actuate tx_metadata_len in xdp_hw_metadata Zichen Xie <zichenxie0106(a)gmail.com> wifi: cfg80211: tests: Fix potential NULL dereference in test_cfg80211_parse_colocated_ap() Dan Carpenter <dan.carpenter(a)linaro.org> clk: mmp: pxa1908-apbc: Fix NULL vs IS_ERR() check Dan Carpenter <dan.carpenter(a)linaro.org> clk: mmp: pxa1908-apbcp: Fix a NULL vs IS_ERR() check Dan Carpenter <dan.carpenter(a)linaro.org> clk: mmp: pxa1908-mpmu: Fix a NULL vs IS_ERR() check Javier Carrasco <javier.carrasco.cruz(a)gmail.com> clk: renesas: cpg-mssr: Fix 'soc' node handling in cpg_mssr_reserved_init() Barnabás Czémán <barnabas.czeman(a)mainlining.org> wifi: wcn36xx: fix channel survey memory allocation size Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> wifi: rtlwifi: usb: fix workqueue leak when probe fails Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> wifi: rtlwifi: fix init_sw_vars leak when probe fails Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> wifi: rtlwifi: wait for firmware loading before releasing memory Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> wifi: rtlwifi: rtl8192se: rise completion of firmware loading as last step Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> wifi: rtlwifi: do not complete firmware loading needlessly Colin Ian King <colin.i.king(a)gmail.com> wifi: rtlwifi: rtl8821ae: phy: restore removed code to fix infinite loop Balaji Pothunoori <quic_bpothuno(a)quicinc.com> wifi: ath11k: Fix unexpected return buffer manager error for WCN6750/WCN6855 Charles Han <hanchunchao(a)inspur.com> ipmi: ipmb: Add check devm_kasprintf() returned value Thomas Gleixner <tglx(a)linutronix.de> genirq: Make handle_enforce_irqctx() unconditionally available Jonathan Kim <jonathan.kim(a)amd.com> drm/amdgpu: fix gpu recovery disable with per queue reset Jiang Liu <gerry(a)linux.alibaba.com> drm/amdgpu: tear down ttm range manager for doorbell in amdgpu_ttm_fini() Dan Carpenter <dan.carpenter(a)linaro.org> drm/amdgpu: Fix shift type in amdgpu_debugfs_sdma_sched_mask_set() Hermes Wu <hermes.wu(a)ite.com.tw> drm/bridge: it6505: Change definition of AUX_FIFO_MAX_SIZE Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/mdp4: correct LCDC regulator name Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm: don't clean up priv->kms prematurely Sui Jingfeng <sui.jingfeng(a)linux.dev> drm/msm: Check return value of of_dma_configure() Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dpu: link DSPP_2/_3 blocks on X1E80100 Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dpu: link DSPP_2/_3 blocks on SM8650 Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dpu: link DSPP_2/_3 blocks on SM8550 Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dpu: link DSPP_2/_3 blocks on SM8350 Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dpu: link DSPP_2/_3 blocks on SM8250 Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dpu: link DSPP_2/_3 blocks on SC8180X Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dpu: link DSPP_2/_3 blocks on SM8150 Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dpu: provide DSPP and correct LM config for SDM670 Neil Armstrong <neil.armstrong(a)linaro.org> OPP: fix dev_pm_opp_find_bw_*() when bandwidth table not initialized Neil Armstrong <neil.armstrong(a)linaro.org> OPP: add index check to assert to avoid buffer overflow in _read_freq() Karol Przybylski <karprzy7(a)gmail.com> drm/amdgpu: Fix potential integer overflow in scheduler mask calculations Bokun Zhang <bokun.zhang(a)amd.com> drm/amdgpu/vcn: reset fw_shared under SRIOV Min-Hua Chen <minhuadotchen(a)gmail.com> drm/rockchip: vop2: include rockchip_drm_drv.h Andy Yan <andy.yan(a)rock-chips.com> drm/rockchip: vop2: Add check for 32 bpp format for rk3588 Andy Yan <andy.yan(a)rock-chips.com> drm/rockchip: vop2: Check linear format for Cluster windows on rk3566/8 Andy Yan <andy.yan(a)rock-chips.com> drm/rockchip: vop2: Setup delay cycle for Esmart2/3 Andy Yan <andy.yan(a)rock-chips.com> drm/rockchip: vop2: Set AXI id for rk3588 Derek Foreman <derek.foreman(a)collabora.com> drm/connector: Allow clearing HDMI infoframes John Ogness <john.ogness(a)linutronix.de> printk: Defer legacy printing when holding printk_cpu_sync Andy Yan <andy.yan(a)rock-chips.com> drm/rockchip: vop2: Fix the windows switch between different layers Abhinav Kumar <quic_abhinavk(a)quicinc.com> drm/msm/dpu: check dpu_plane_atomic_print_state() for valid sspp Abhinav Kumar <quic_abhinavk(a)quicinc.com> drm/msm/dp: disable the opp table request even for dp_ctrl_off_link() Abhinav Kumar <quic_abhinavk(a)quicinc.com> drm/msm/dp: dont call dp_catalog_ctrl_mainlink_ctrl in dp_ctrl_configure_source_params() Abhinav Kumar <quic_abhinavk(a)quicinc.com> drm/msm/dp: do not touch the MMSS_DP_INTF_CONFIG for tpg Boris Brezillon <boris.brezillon(a)collabora.com> drm/panthor: Preserve the result returned by panthor_fw_resume() Andy Yan <andy.yan(a)rock-chips.com> drm/rockchip: vop2: Fix the mixer alpha setup for layer 0 Andy Yan <andy.yan(a)rock-chips.com> drm/rockchip: vop2: Fix cluster windows alpha ctrl regsiters offset Ivan Stepchenko <sid(a)itb.spb.ru> drm/amdgpu: Fix potential NULL pointer dereference in atomctrl_get_smc_sclk_range_table Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> drm/amd/pm: Fix an error handling path in vega10_enable_se_edc_force_stall_config() Sui Jingfeng <sui.jingfeng(a)linux.dev> drm/etnaviv: Fix page property being used for non writecombine buffers Rex Nie <rex.nie(a)jaguarmicro.com> drm/msm/hdmi: simplify code in pll_get_integloop_gain Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> dt-bindings: display/msm: qcom,sa8775p-mdss: fix the example Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dp: fix msm_dp_utils_pack_sdp_header interface Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dp: set safe_to_exit_level before printing it Heiko Stuebner <heiko.stuebner(a)cherry.de> drm/rockchip: vop2: fix rk3588 dp+dsi maxclk verification Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Grab intel_display from the encoder to avoid potential oopsies Maíra Canal <mcanal(a)igalia.com> drm/v3d: Fix performance counter source settings on V3D 7.x Chengming Zhou <chengming.zhou(a)linux.dev> psi: Fix race when task wakes up before psi_sched_switch() adjusts flags K Prateek Nayak <kprateek.nayak(a)amd.com> x86/topology: Use x86_sched_itmt_flags for PKG domain unconditionally Tianchen Ding <dtcccc(a)linux.alibaba.com> sched: Fix race between yield_to() and try_to_wake_up() Peter Zijlstra <peterz(a)infradead.org> sched/fair: Fix value reported by hot tasks pulled in /proc/schedstat Peter Zijlstra <peterz(a)infradead.org> sched/fair: Untangle NEXT_BUDDY and pick_next_task() Yabin Cui <yabinc(a)google.com> perf/core: Save raw sample data conditionally based on sample type John Garry <john.g.garry(a)oracle.com> block: Ensure start sector is aligned for stacking atomic writes David Howells <dhowells(a)redhat.com> afs: Fix the fallback handling for the YFS.RemoveFile2 RPC call Jens Axboe <axboe(a)kernel.dk> nvme: fix bogus kzalloc() return check in nvme_init_effects_log() Christophe Leroy <christophe.leroy(a)csgroup.eu> select: Fix unbalanced user_access_end() Qu Wenruo <wqu(a)suse.com> btrfs: subpage: fix the bitmap dump of the locked flags Randy Dunlap <rdunlap(a)infradead.org> partitions: ldm: remove the initial kernel-doc notation Qu Wenruo <wqu(a)suse.com> btrfs: improve the warning and error message for btrfs_remove_qgroup() Keisuke Nishimura <keisuke.nishimura(a)inria.fr> nvme: Add error path for xa_store in nvme_init_effects Michael Ellerman <mpe(a)ellerman.id.au> selftests/powerpc: Fix argument order to timer_sub() Gaurav Batra <gbatra(a)linux.ibm.com> powerpc/pseries/iommu: IOMMU incorrectly marks MMIO range in DDW Keisuke Nishimura <keisuke.nishimura(a)inria.fr> nvme: Add error check for xa_store in nvme_get_effects_log Sagi Grimberg <sagi(a)grimberg.me> nvme-tcp: Fix I/O queue cpu spreading for multiple controllers Christoph Hellwig <hch(a)lst.de> block: fix queue freeze vs limits lock order in sysfs store methods Christoph Hellwig <hch(a)lst.de> block: add a store_limit operations for sysfs entries Christoph Hellwig <hch(a)lst.de> block: add a queue_limits_commit_update_frozen helper Christoph Hellwig <hch(a)lst.de> block: don't update BLK_FEAT_POLL in __blk_mq_update_nr_hw_queues Christoph Hellwig <hch(a)lst.de> block: check BLK_FEAT_POLL under q_usage_count Eugen Hristev <eugen.hristev(a)linaro.org> pstore/blk: trivial typo fixes Yu Kuai <yukuai3(a)huawei.com> nbd: don't allow reconnect after disconnect Geert Uytterhoeven <geert+renesas(a)glider.be> ps3disk: Do not use dev->bounce_size before it is set Yang Erkun <yangerkun(a)huawei.com> block: retry call probe after request_module in blk_request_module Pavel Begunkov <asml.silence(a)gmail.com> io_uring: prevent reg-wait speculations Christoph Hellwig <hch(a)lst.de> block: copy back bounce buffer to user-space correctly in case of split Jinliang Zheng <alexjlzheng(a)gmail.com> fs: fix proc_handler for sysctl_nr_open David Howells <dhowells(a)redhat.com> afs: Fix cleanup of immediately failed async calls David Howells <dhowells(a)redhat.com> afs: Fix directory format encoding struct David Howells <dhowells(a)redhat.com> afs: Fix EEXIST error returned from afs_rmdir() to be ENOTEMPTY Alexander Aring <aahringo(a)redhat.com> dlm: fix srcu_read_lock() return type to int Alexander Aring <aahringo(a)redhat.com> dlm: fix removal of rsb struct that is master and dir record Sourabh Jain <sourabhjain(a)linux.ibm.com> powerpc/book3s64/hugetlb: Fix disabling hugetlb when fadump is active Kees Cook <kees(a)kernel.org> coredump: Do not lock during 'comm' reporting ------------- Diffstat: .../bindings/display/msm/qcom,sa8775p-mdss.yaml | 3 +- .../bindings/leds/leds-class-multicolor.yaml | 2 +- .../devicetree/bindings/mfd/rohm,bd71815-pmic.yaml | 20 +-- .../devicetree/bindings/mmc/mmc-controller.yaml | 2 +- .../bindings/regulator/mt6315-regulator.yaml | 6 - Documentation/driver-api/crypto/iaa/iaa-crypto.rst | 9 +- Makefile | 4 +- .../dts/aspeed/aspeed-bmc-facebook-yosemite4.dts | 24 ++- .../boot/dts/intel/socfpga/socfpga_arria10.dtsi | 6 +- arch/arm/boot/dts/mediatek/mt7623.dtsi | 2 +- .../boot/dts/microchip/at91-sama5d27_wlsom1_ek.dts | 1 + .../boot/dts/microchip/at91-sama5d29_curiosity.dts | 1 + arch/arm/boot/dts/nxp/imx/imx7-tqma7.dtsi | 1 + arch/arm/boot/dts/st/stm32mp13xx-dhcor-som.dtsi | 16 +- arch/arm/boot/dts/st/stm32mp151.dtsi | 2 +- arch/arm/boot/dts/st/stm32mp15xx-dhcom-drc02.dtsi | 12 -- arch/arm/boot/dts/st/stm32mp15xx-dhcom-pdk2.dtsi | 10 -- .../arm/boot/dts/st/stm32mp15xx-dhcom-picoitx.dtsi | 10 -- arch/arm/boot/dts/st/stm32mp15xx-dhcom-som.dtsi | 7 + arch/arm/mach-at91/pm.c | 31 ++-- arch/arm/mach-omap1/board-nokia770.c | 2 +- arch/arm64/boot/dts/freescale/imx93.dtsi | 2 +- arch/arm64/boot/dts/marvell/cn9131-cf-solidwan.dts | 4 +- arch/arm64/boot/dts/mediatek/mt7988a.dtsi | 3 + arch/arm64/boot/dts/mediatek/mt8173-elm.dtsi | 29 +--- arch/arm64/boot/dts/mediatek/mt8173-evb.dts | 25 +-- .../dts/mediatek/mt8183-kukui-jacuzzi-damu.dts | 4 + .../dts/mediatek/mt8183-kukui-jacuzzi-kenzo.dts | 15 ++ .../dts/mediatek/mt8183-kukui-jacuzzi-willow.dtsi | 15 ++ .../boot/dts/mediatek/mt8183-kukui-jacuzzi.dtsi | 2 - arch/arm64/boot/dts/mediatek/mt8183.dtsi | 3 +- arch/arm64/boot/dts/mediatek/mt8186.dtsi | 8 +- arch/arm64/boot/dts/mediatek/mt8188.dtsi | 2 +- arch/arm64/boot/dts/mediatek/mt8192-asurada.dtsi | 3 - arch/arm64/boot/dts/mediatek/mt8195-cherry.dtsi | 2 - arch/arm64/boot/dts/mediatek/mt8195-demo.dts | 9 -- arch/arm64/boot/dts/mediatek/mt8195.dtsi | 5 +- arch/arm64/boot/dts/mediatek/mt8365.dtsi | 3 +- .../boot/dts/mediatek/mt8395-genio-1200-evk.dts | 2 - .../boot/dts/mediatek/mt8395-radxa-nio-12l.dts | 2 - arch/arm64/boot/dts/mediatek/mt8516.dtsi | 11 +- arch/arm64/boot/dts/mediatek/pumpkin-common.dtsi | 2 - arch/arm64/boot/dts/nvidia/tegra234.dtsi | 2 +- arch/arm64/boot/dts/qcom/msm8916.dtsi | 2 +- arch/arm64/boot/dts/qcom/msm8939.dtsi | 2 +- arch/arm64/boot/dts/qcom/msm8994.dtsi | 11 +- arch/arm64/boot/dts/qcom/msm8996-xiaomi-gemini.dts | 2 +- arch/arm64/boot/dts/qcom/msm8996.dtsi | 9 +- arch/arm64/boot/dts/qcom/qcm6490-shift-otter.dts | 2 - arch/arm64/boot/dts/qcom/qcs404.dtsi | 2 +- arch/arm64/boot/dts/qcom/qcs8550-aim300.dtsi | 2 +- arch/arm64/boot/dts/qcom/qdu1000-idp.dts | 2 +- arch/arm64/boot/dts/qcom/qrb4210-rb2.dts | 2 +- arch/arm64/boot/dts/qcom/qru1000-idp.dts | 2 +- arch/arm64/boot/dts/qcom/sa8775p-ride.dtsi | 2 +- arch/arm64/boot/dts/qcom/sa8775p.dtsi | 32 +++- .../arm64/boot/dts/qcom/sc7180-trogdor-pompom.dtsi | 4 +- .../dts/qcom/sc7180-trogdor-quackingstick.dtsi | 1 + arch/arm64/boot/dts/qcom/sc7180.dtsi | 18 +-- arch/arm64/boot/dts/qcom/sc7280.dtsi | 2 +- arch/arm64/boot/dts/qcom/sc8280xp.dtsi | 46 +++--- .../qcom/sdm845-db845c-navigation-mezzanine.dtso | 42 ----- arch/arm64/boot/dts/qcom/sdm845.dtsi | 20 +-- arch/arm64/boot/dts/qcom/sdx75.dtsi | 2 +- arch/arm64/boot/dts/qcom/sm4450.dtsi | 2 +- arch/arm64/boot/dts/qcom/sm6125.dtsi | 2 +- arch/arm64/boot/dts/qcom/sm6375.dtsi | 2 +- arch/arm64/boot/dts/qcom/sm7225-fairphone-fp4.dts | 2 +- .../boot/dts/qcom/sm8150-microsoft-surface-duo.dts | 4 +- arch/arm64/boot/dts/qcom/sm8250.dtsi | 30 ++-- arch/arm64/boot/dts/qcom/sm8350.dtsi | 2 +- arch/arm64/boot/dts/qcom/sm8450.dtsi | 2 +- arch/arm64/boot/dts/qcom/sm8550-hdk.dts | 2 +- arch/arm64/boot/dts/qcom/sm8550-mtp.dts | 2 +- arch/arm64/boot/dts/qcom/sm8550-qrd.dts | 2 +- arch/arm64/boot/dts/qcom/sm8550-samsung-q5q.dts | 2 +- .../dts/qcom/sm8550-sony-xperia-yodo-pdx234.dts | 2 +- arch/arm64/boot/dts/qcom/sm8650-hdk.dts | 2 +- arch/arm64/boot/dts/qcom/sm8650-mtp.dts | 2 +- arch/arm64/boot/dts/qcom/sm8650-qrd.dts | 2 +- arch/arm64/boot/dts/qcom/sm8650.dtsi | 6 +- .../boot/dts/qcom/x1e80100-microsoft-romulus.dtsi | 4 +- arch/arm64/boot/dts/qcom/x1e80100.dtsi | 2 +- arch/arm64/boot/dts/renesas/rzg3s-smarc-som.dtsi | 5 - arch/arm64/boot/dts/renesas/rzg3s-smarc.dtsi | 7 +- arch/arm64/boot/dts/rockchip/rk3308-rock-s0.dts | 25 ++- .../boot/dts/rockchip/rk3568-wolfvision-pf5.dts | 2 +- .../boot/dts/rockchip/rk3588-edgeble-neu6a-io.dtsi | 95 +++++++---- arch/arm64/boot/dts/ti/Makefile | 6 +- arch/arm64/boot/dts/ti/k3-am62-main.dtsi | 1 - arch/arm64/boot/dts/ti/k3-am62a-main.dtsi | 1 - ...-pcie.dtso => k3-am642-hummingboard-t-pcie.dts} | 14 +- ...-usb3.dtso => k3-am642-hummingboard-t-usb3.dts} | 13 +- arch/arm64/configs/defconfig | 1 - arch/hexagon/include/asm/cmpxchg.h | 2 +- arch/hexagon/kernel/traps.c | 4 +- arch/loongarch/include/asm/hw_breakpoint.h | 4 +- arch/loongarch/include/asm/loongarch.h | 60 +++++++ arch/loongarch/kernel/hw_breakpoint.c | 16 +- arch/loongarch/power/platform.c | 2 +- arch/powerpc/include/asm/hugetlb.h | 9 ++ arch/powerpc/kernel/iommu.c | 2 +- arch/powerpc/platforms/pseries/iommu.c | 12 +- arch/riscv/kernel/vector.c | 2 +- arch/s390/Kconfig | 1 + arch/s390/Makefile | 2 +- arch/s390/boot/vmem.c | 74 ++++++--- arch/s390/include/asm/sclp.h | 1 + arch/s390/kernel/perf_cpum_cf.c | 2 +- arch/s390/kernel/perf_pai_crypto.c | 2 +- arch/s390/kernel/perf_pai_ext.c | 2 +- arch/s390/kernel/setup.c | 5 + arch/s390/purgatory/Makefile | 2 +- arch/x86/events/amd/ibs.c | 2 +- arch/x86/include/asm/kvm_host.h | 2 +- arch/x86/kernel/smpboot.c | 11 +- arch/x86/kvm/lapic.c | 11 +- arch/x86/kvm/vmx/vmx.c | 2 +- arch/x86/kvm/vmx/x86_ops.h | 2 +- block/bio-integrity.c | 15 +- block/blk-core.c | 21 +-- block/blk-integrity.c | 4 +- block/blk-mq.c | 34 ++-- block/blk-mq.h | 6 + block/blk-settings.c | 31 +++- block/blk-sysfs.c | 137 ++++++++-------- block/blk-zoned.c | 7 +- block/genhd.c | 22 ++- block/partitions/ldm.h | 2 +- crypto/algapi.c | 4 +- drivers/acpi/acpica/achware.h | 2 - drivers/acpi/fan_core.c | 10 +- drivers/base/class.c | 9 +- drivers/block/nbd.c | 1 + drivers/block/ps3disk.c | 4 +- drivers/block/virtio_blk.c | 4 +- drivers/bluetooth/btbcm.c | 3 + drivers/bluetooth/btnxpuart.c | 3 +- drivers/bluetooth/btrtl.c | 4 +- drivers/bluetooth/btusb.c | 7 + drivers/char/ipmi/ipmb_dev_int.c | 3 + drivers/char/ipmi/ssif_bmc.c | 5 +- drivers/clk/analogbits/wrpll-cln28hpc.c | 2 +- drivers/clk/clk.c | 4 +- drivers/clk/imx/clk-imx8mp.c | 5 +- drivers/clk/imx/clk-imx93.c | 32 ++-- drivers/clk/mmp/clk-pxa1908-apbc.c | 4 +- drivers/clk/mmp/clk-pxa1908-apbcp.c | 4 +- drivers/clk/mmp/clk-pxa1908-mpmu.c | 4 +- drivers/clk/qcom/camcc-x1e80100.c | 7 + drivers/clk/qcom/gcc-sdm845.c | 32 ++-- drivers/clk/qcom/gcc-x1e80100.c | 2 +- drivers/clk/ralink/clk-mtmips.c | 1 - drivers/clk/renesas/renesas-cpg-mssr.c | 2 +- drivers/clk/sunxi-ng/ccu-sun50i-a64.c | 13 +- drivers/clk/thead/clk-th1520-ap.c | 13 +- drivers/cpufreq/acpi-cpufreq.c | 36 +++-- drivers/cpufreq/amd-pstate.c | 2 +- drivers/cpufreq/qcom-cpufreq-hw.c | 34 ++-- drivers/crypto/caam/blob_gen.c | 3 +- drivers/crypto/hisilicon/sec2/sec.h | 3 +- drivers/crypto/hisilicon/sec2/sec_crypto.c | 157 +++++++++--------- drivers/crypto/hisilicon/sec2/sec_crypto.h | 11 -- drivers/crypto/intel/iaa/iaa_crypto_main.c | 2 +- drivers/crypto/intel/ixp4xx/ixp4xx_crypto.c | 3 + drivers/crypto/tegra/tegra-se-aes.c | 7 +- drivers/crypto/tegra/tegra-se-hash.c | 7 +- drivers/dma/ti/edma.c | 3 +- drivers/firewire/device-attribute-test.c | 2 + drivers/firmware/efi/sysfb_efi.c | 2 +- drivers/firmware/qcom/qcom_scm.c | 42 +++-- drivers/gpio/gpio-mxc.c | 3 +- drivers/gpio/gpio-pca953x.c | 3 +- drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gfx_v9.c | 6 + drivers/gpu/drm/amd/amdgpu/amdgpu_gfx.c | 8 +- drivers/gpu/drm/amd/amdgpu/amdgpu_sdma.c | 4 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 1 + drivers/gpu/drm/amd/amdgpu/vcn_v4_0_3.c | 2 + drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 12 +- .../gpu/drm/amd/display/dc/dpp/dcn10/dcn10_dpp.c | 3 + .../gpu/drm/amd/display/dc/hubp/dcn10/dcn10_hubp.c | 10 +- .../gpu/drm/amd/display/dc/hubp/dcn10/dcn10_hubp.h | 2 + .../gpu/drm/amd/display/dc/hubp/dcn20/dcn20_hubp.c | 1 + .../drm/amd/display/dc/hubp/dcn201/dcn201_hubp.c | 1 + .../gpu/drm/amd/display/dc/hubp/dcn21/dcn21_hubp.c | 3 + .../gpu/drm/amd/display/dc/hubp/dcn30/dcn30_hubp.c | 3 + .../gpu/drm/amd/display/dc/hubp/dcn31/dcn31_hubp.c | 1 + .../gpu/drm/amd/display/dc/hubp/dcn32/dcn32_hubp.c | 1 + .../gpu/drm/amd/display/dc/hubp/dcn35/dcn35_hubp.c | 1 + .../drm/amd/display/dc/hubp/dcn401/dcn401_hubp.c | 3 +- .../drm/amd/display/dc/hwss/dcn10/dcn10_hwseq.c | 2 + .../drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c | 2 + drivers/gpu/drm/amd/display/dc/inc/hw/hubp.h | 2 + .../gpu/drm/amd/pm/powerplay/hwmgr/ppatomctrl.c | 2 + .../drm/amd/pm/powerplay/hwmgr/vega10_powertune.c | 5 +- drivers/gpu/drm/bridge/ite-it6505.c | 2 +- drivers/gpu/drm/display/drm_hdmi_state_helper.c | 8 + drivers/gpu/drm/etnaviv/etnaviv_gem.c | 16 +- drivers/gpu/drm/i915/display/intel_crt.c | 10 +- drivers/gpu/drm/msm/adreno/a6xx_gmu.c | 8 +- .../drm/msm/disp/dpu1/catalog/dpu_10_0_sm8650.h | 2 + .../gpu/drm/msm/disp/dpu1/catalog/dpu_4_1_sdm670.h | 54 ++++++- .../gpu/drm/msm/disp/dpu1/catalog/dpu_5_0_sm8150.h | 2 + .../drm/msm/disp/dpu1/catalog/dpu_5_1_sc8180x.h | 2 + .../gpu/drm/msm/disp/dpu1/catalog/dpu_6_0_sm8250.h | 2 + .../gpu/drm/msm/disp/dpu1/catalog/dpu_7_0_sm8350.h | 2 + .../gpu/drm/msm/disp/dpu1/catalog/dpu_9_0_sm8550.h | 2 + .../drm/msm/disp/dpu1/catalog/dpu_9_2_x1e80100.h | 2 + drivers/gpu/drm/msm/disp/dpu1/dpu_plane.c | 15 +- drivers/gpu/drm/msm/disp/mdp4/mdp4_lcdc_encoder.c | 2 +- drivers/gpu/drm/msm/dp/dp_audio.c | 2 +- drivers/gpu/drm/msm/dp/dp_catalog.c | 1 - drivers/gpu/drm/msm/dp/dp_ctrl.c | 2 +- drivers/gpu/drm/msm/dp/dp_utils.c | 10 +- drivers/gpu/drm/msm/dp/dp_utils.h | 2 +- drivers/gpu/drm/msm/hdmi/hdmi_phy_8998.c | 2 +- drivers/gpu/drm/msm/msm_kms.c | 1 - drivers/gpu/drm/panthor/panthor_device.c | 4 +- drivers/gpu/drm/rockchip/rockchip_drm_vop2.c | 115 ++++++++++--- drivers/gpu/drm/rockchip/rockchip_drm_vop2.h | 10 ++ drivers/gpu/drm/rockchip/rockchip_vop2_reg.c | 26 ++- drivers/gpu/drm/v3d/v3d_debugfs.c | 4 +- drivers/gpu/drm/v3d/v3d_perfmon.c | 15 +- drivers/gpu/drm/v3d/v3d_regs.h | 29 ++-- drivers/hid/hid-core.c | 2 + drivers/hid/hid-input.c | 37 ++--- drivers/hid/hid-multitouch.c | 2 +- drivers/hid/hid-thrustmaster.c | 8 + drivers/hwmon/Kconfig | 4 +- drivers/hwmon/nct6775-core.c | 6 +- drivers/i2c/busses/i2c-designware-common.c | 5 +- drivers/i2c/busses/i2c-designware-master.c | 5 +- drivers/i2c/busses/i2c-designware-slave.c | 5 +- drivers/i3c/master/dw-i3c-master.c | 1 + drivers/infiniband/hw/Makefile | 2 +- drivers/infiniband/hw/bnxt_re/ib_verbs.c | 7 +- drivers/infiniband/hw/cxgb4/device.c | 6 +- drivers/infiniband/hw/cxgb4/qp.c | 8 + drivers/infiniband/hw/hns/Kconfig | 20 +-- drivers/infiniband/hw/hns/Makefile | 9 +- drivers/infiniband/hw/mlx4/main.c | 8 +- drivers/infiniband/hw/mlx5/odp.c | 62 +++++--- drivers/infiniband/sw/rxe/rxe_param.h | 2 +- drivers/infiniband/sw/rxe/rxe_pool.c | 11 +- drivers/infiniband/sw/rxe/rxe_verbs.c | 5 +- drivers/infiniband/ulp/rtrs/rtrs.c | 3 + drivers/infiniband/ulp/srp/ib_srp.c | 1 - drivers/iommu/amd/amd_iommu.h | 5 +- drivers/iommu/amd/init.c | 14 +- drivers/iommu/amd/iommu.c | 132 +++++---------- drivers/iommu/amd/pasid.c | 3 +- drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 17 +- drivers/iommu/intel/pasid.c | 22 ++- drivers/iommu/intel/pasid.h | 6 + drivers/iommu/iommufd/iova_bitmap.c | 2 +- drivers/iommu/iommufd/main.c | 2 +- drivers/iommu/riscv/iommu.c | 2 +- drivers/leds/leds-cht-wcove.c | 6 +- drivers/leds/leds-netxbig.c | 1 + drivers/mailbox/mailbox-mpfs.c | 2 +- drivers/mailbox/mailbox-th1520.c | 6 +- drivers/md/md-bitmap.c | 79 +++++---- drivers/md/md-bitmap.h | 7 +- drivers/md/md.c | 34 ++++ drivers/md/md.h | 5 + drivers/md/raid1.c | 34 +--- drivers/md/raid1.h | 1 - drivers/md/raid10.c | 26 +-- drivers/md/raid10.h | 1 - drivers/md/raid5-cache.c | 4 - drivers/md/raid5.c | 111 ++++++------- drivers/md/raid5.h | 4 - drivers/media/i2c/imx290.c | 3 +- drivers/media/i2c/imx412.c | 42 ++--- drivers/media/i2c/ov9282.c | 2 +- drivers/media/platform/marvell/mcam-core.c | 7 +- drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c | 7 +- .../media/platform/nxp/imx8-isi/imx8-isi-video.c | 3 + .../media/platform/samsung/exynos4-is/mipi-csis.c | 10 +- .../media/platform/samsung/s3c-camif/camif-core.c | 13 +- drivers/media/rc/iguanair.c | 4 +- drivers/media/usb/dvb-usb-v2/af9035.c | 18 ++- drivers/media/usb/dvb-usb-v2/lmedm04.c | 12 +- drivers/media/usb/uvc/uvc_queue.c | 3 +- drivers/media/usb/uvc/uvc_status.c | 4 + drivers/memory/tegra/tegra20-emc.c | 8 +- drivers/mfd/syscon.c | 19 +-- drivers/misc/cardreader/rtsx_usb.c | 15 ++ drivers/mtd/hyperbus/hbmc-am654.c | 19 ++- drivers/mtd/nand/raw/brcmnand/brcmnand.c | 5 + drivers/mtd/ubi/ubi.h | 2 - drivers/mtd/ubi/wl.c | 21 --- drivers/net/bonding/bond_main.c | 19 +-- drivers/net/ethernet/broadcom/bgmac.h | 3 +- drivers/net/ethernet/davicom/dm9000.c | 3 +- drivers/net/ethernet/freescale/fec_main.c | 31 +++- drivers/net/ethernet/hisilicon/hns3/hnae3.c | 15 ++ drivers/net/ethernet/hisilicon/hns3/hnae3.h | 2 + drivers/net/ethernet/hisilicon/hns3/hns3_enet.c | 2 + .../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 2 + .../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 2 + drivers/net/ethernet/intel/iavf/iavf_main.c | 19 ++- drivers/net/ethernet/intel/ice/ice_adminq_cmd.h | 1 - drivers/net/ethernet/intel/ice/ice_ethtool.c | 1 - drivers/net/ethernet/intel/ice/ice_ethtool.h | 1 - drivers/net/ethernet/intel/ice/ice_parser.h | 6 +- drivers/net/ethernet/intel/ice/ice_parser_rt.c | 12 +- drivers/net/ethernet/intel/idpf/idpf_controlq.c | 6 + drivers/net/ethernet/intel/idpf/idpf_main.c | 15 +- drivers/net/ethernet/intel/idpf/idpf_virtchnl.c | 14 +- .../net/ethernet/marvell/octeon_ep/octep_main.c | 10 -- .../ethernet/marvell/octeon_ep_vf/octep_vf_main.c | 8 - drivers/net/ethernet/mediatek/airoha_eth.c | 37 +++-- drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 2 +- .../mellanox/mlx5/core/steering/hws/definer.c | 2 +- drivers/net/ethernet/mellanox/mlxfw/mlxfw_fsm.c | 2 - drivers/net/ethernet/mellanox/mlxsw/spectrum_mr.c | 8 +- drivers/net/ethernet/renesas/ravb_main.c | 22 ++- drivers/net/ethernet/renesas/sh_eth.c | 4 + drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 30 ++++ drivers/net/ethernet/ti/am65-cpsw-nuss.c | 2 +- drivers/net/netdevsim/netdevsim.h | 1 + drivers/net/netdevsim/udp_tunnels.c | 23 +-- drivers/net/phy/marvell-88q2xxx.c | 33 +++- drivers/net/phy/realtek.c | 29 ++-- drivers/net/tap.c | 6 +- drivers/net/team/team_core.c | 7 + drivers/net/tun.c | 6 +- drivers/net/usb/rtl8150.c | 22 +++ drivers/net/vxlan/vxlan_vnifilter.c | 5 + drivers/net/wireless/ath/ath11k/dp_rx.c | 1 + drivers/net/wireless/ath/ath11k/hal_rx.c | 3 +- drivers/net/wireless/ath/ath12k/mac.c | 42 ++--- drivers/net/wireless/ath/wcn36xx/main.c | 5 +- .../wireless/broadcom/brcm80211/brcmfmac/fwil.h | 2 + drivers/net/wireless/intel/iwlwifi/fw/uefi.c | 44 +++-- drivers/net/wireless/intel/iwlwifi/mvm/coex.c | 9 +- drivers/net/wireless/intel/iwlwifi/mvm/d3.c | 18 --- drivers/net/wireless/intel/iwlwifi/mvm/tx.c | 4 +- drivers/net/wireless/mediatek/mt76/mac80211.c | 2 +- drivers/net/wireless/mediatek/mt76/mt7615/mcu.c | 2 +- .../net/wireless/mediatek/mt76/mt76_connac_mcu.c | 2 +- .../net/wireless/mediatek/mt76/mt76_connac_mcu.h | 1 + drivers/net/wireless/mediatek/mt76/mt7915/init.c | 2 +- drivers/net/wireless/mediatek/mt76/mt7915/mac.c | 7 + drivers/net/wireless/mediatek/mt76/mt7915/main.c | 9 +- drivers/net/wireless/mediatek/mt76/mt7915/mmio.c | 2 +- drivers/net/wireless/mediatek/mt76/mt7915/mt7915.h | 1 + drivers/net/wireless/mediatek/mt76/mt7915/pci.c | 1 + drivers/net/wireless/mediatek/mt76/mt7921/mac.c | 1 + drivers/net/wireless/mediatek/mt76/mt7921/main.c | 9 +- drivers/net/wireless/mediatek/mt76/mt7925/mac.c | 6 +- drivers/net/wireless/mediatek/mt76/mt7925/main.c | 109 +++++++++---- drivers/net/wireless/mediatek/mt76/mt7925/mcu.c | 142 +++++++++++------ drivers/net/wireless/mediatek/mt76/mt7925/mcu.h | 5 +- drivers/net/wireless/mediatek/mt76/mt7925/mt7925.h | 2 + drivers/net/wireless/mediatek/mt76/mt792x.h | 7 +- drivers/net/wireless/mediatek/mt76/mt792x_core.c | 3 +- drivers/net/wireless/mediatek/mt76/mt792x_mac.c | 2 +- drivers/net/wireless/mediatek/mt76/mt7996/init.c | 20 +-- drivers/net/wireless/mediatek/mt76/mt7996/mac.c | 5 +- drivers/net/wireless/mediatek/mt76/mt7996/main.c | 3 +- drivers/net/wireless/mediatek/mt76/mt7996/mcu.c | 47 ++++-- drivers/net/wireless/mediatek/mt76/mt7996/mmio.c | 2 +- drivers/net/wireless/mediatek/mt76/usb.c | 4 +- drivers/net/wireless/microchip/wilc1000/netdev.c | 2 - drivers/net/wireless/microchip/wilc1000/sdio.c | 9 +- drivers/net/wireless/microchip/wilc1000/spi.c | 9 +- drivers/net/wireless/realtek/rtlwifi/base.c | 13 +- drivers/net/wireless/realtek/rtlwifi/base.h | 1 - drivers/net/wireless/realtek/rtlwifi/pci.c | 61 ++----- .../net/wireless/realtek/rtlwifi/rtl8192se/sw.c | 7 +- .../net/wireless/realtek/rtlwifi/rtl8821ae/phy.c | 4 +- drivers/net/wireless/realtek/rtlwifi/usb.c | 12 +- drivers/net/wireless/realtek/rtlwifi/wifi.h | 12 -- drivers/net/wireless/realtek/rtw89/chan.c | 31 +++- drivers/net/wireless/realtek/rtw89/chan.h | 9 +- drivers/net/wireless/realtek/rtw89/core.c | 11 +- drivers/net/wireless/realtek/rtw89/core.h | 3 + drivers/net/wireless/realtek/rtw89/fw.c | 40 ++++- drivers/net/wireless/realtek/rtw89/mac80211.c | 12 +- drivers/net/wireless/ti/wlcore/main.c | 10 +- drivers/nvme/host/core.c | 34 +++- drivers/nvme/host/tcp.c | 70 ++++++-- drivers/of/fdt.c | 10 +- drivers/of/of_reserved_mem.c | 3 +- drivers/of/property.c | 2 +- drivers/opp/core.c | 57 +++++-- drivers/opp/of.c | 4 +- drivers/pci/controller/dwc/pci-imx6.c | 30 ++-- drivers/pci/controller/dwc/pcie-designware-host.c | 1 + drivers/pci/controller/dwc/pcie-qcom.c | 2 + drivers/pci/controller/pcie-rcar-ep.c | 2 +- drivers/pci/controller/pcie-rockchip-ep.c | 5 + drivers/pci/controller/plda/pcie-microchip-host.c | 96 +++++++++++ drivers/pci/controller/plda/pcie-plda-host.c | 17 +- drivers/pci/controller/plda/pcie-plda.h | 6 +- drivers/pci/endpoint/functions/pci-epf-test.c | 6 +- drivers/pci/endpoint/pci-epc-core.c | 2 +- drivers/pinctrl/nomadik/pinctrl-nomadik.c | 35 +++- drivers/pinctrl/pinctrl-amd.c | 27 +++- drivers/pinctrl/pinctrl-amd.h | 7 +- drivers/pinctrl/samsung/pinctrl-exynos.c | 3 +- drivers/pinctrl/stm32/pinctrl-stm32.c | 76 ++++----- drivers/platform/mellanox/mlxbf-pmc.c | 6 +- drivers/platform/x86/x86-android-tablets/core.c | 4 +- drivers/platform/x86/x86-android-tablets/lenovo.c | 4 +- drivers/platform/x86/x86-android-tablets/other.c | 4 +- drivers/pps/clients/pps-gpio.c | 4 +- drivers/pps/clients/pps-ktimer.c | 4 +- drivers/pps/clients/pps-ldisc.c | 6 +- drivers/pps/clients/pps_parport.c | 4 +- drivers/pps/kapi.c | 10 +- drivers/pps/kc.c | 10 +- drivers/pps/pps.c | 127 ++++++++------- drivers/ptp/ptp_chardev.c | 4 + drivers/ptp/ptp_ocp.c | 2 +- drivers/pwm/core.c | 13 +- drivers/pwm/pwm-stm32-lp.c | 8 +- drivers/pwm/pwm-stm32.c | 7 +- drivers/regulator/core.c | 2 +- drivers/regulator/of_regulator.c | 14 +- drivers/remoteproc/mtk_scp.c | 12 +- drivers/remoteproc/remoteproc_core.c | 14 +- drivers/rtc/rtc-loongson.c | 13 +- drivers/rtc/rtc-pcf85063.c | 11 +- drivers/rtc/rtc-tps6594.c | 2 +- drivers/s390/char/sclp.c | 12 +- drivers/scsi/mpi3mr/mpi3mr_app.c | 8 +- drivers/scsi/mpt3sas/mpt3sas_base.c | 3 +- drivers/scsi/sd.c | 17 +- drivers/scsi/sr.c | 5 +- drivers/soc/atmel/soc.c | 2 +- drivers/spi/spi-omap2-mcspi.c | 11 +- drivers/spi/spi-zynq-qspi.c | 13 +- drivers/staging/media/imx/imx-media-of.c | 8 +- drivers/staging/media/max96712/max96712.c | 4 +- drivers/tty/mips_ejtag_fdc.c | 4 +- drivers/tty/serial/8250/8250_port.c | 32 +++- drivers/ufs/core/ufs_bsg.c | 1 + drivers/usb/dwc3/core.c | 35 ++-- drivers/usb/dwc3/dwc3-am62.c | 1 + drivers/usb/gadget/function/f_tcm.c | 14 +- drivers/usb/host/xhci-ring.c | 3 +- drivers/usb/typec/tcpm/tcpci.c | 13 +- drivers/usb/typec/tcpm/tcpm.c | 10 +- drivers/video/fbdev/omap2/omapfb/dss/dss-of.c | 1 + drivers/watchdog/rti_wdt.c | 1 + fs/afs/dir.c | 7 +- fs/afs/internal.h | 9 ++ fs/afs/rxrpc.c | 12 +- fs/afs/xdr_fs.h | 2 +- fs/afs/yfsclient.c | 5 +- fs/btrfs/inode.c | 160 ++++++++++++++----- fs/btrfs/qgroup.c | 21 ++- fs/btrfs/subpage.c | 6 +- fs/btrfs/subpage.h | 13 ++ fs/btrfs/super.c | 2 +- fs/dlm/lock.c | 46 ++++-- fs/dlm/lowcomms.c | 3 +- fs/erofs/zdata.c | 3 +- fs/f2fs/dir.c | 53 ++++-- fs/f2fs/f2fs.h | 6 +- fs/f2fs/inline.c | 5 +- fs/file_table.c | 2 +- fs/hostfs/hostfs_kern.c | 27 +--- fs/nfs/localio.c | 4 +- fs/nfs/nfs42proc.c | 2 +- fs/nfs/nfs42xdr.c | 2 + fs/nfs_common/common.c | 89 +++++++++-- fs/nilfs2/dir.c | 13 +- fs/nilfs2/namei.c | 29 ++-- fs/nilfs2/nilfs.h | 4 +- fs/nilfs2/page.c | 31 +++- fs/nilfs2/segment.c | 4 +- fs/ocfs2/quota_global.c | 5 + fs/pstore/blk.c | 4 +- fs/select.c | 4 +- fs/smb/client/cifsacl.c | 25 +-- fs/smb/client/cifsproto.h | 2 +- fs/smb/client/cifssmb.c | 4 +- fs/smb/client/readdir.c | 2 +- fs/smb/client/reparse.c | 22 ++- fs/smb/client/smb2ops.c | 3 +- fs/ubifs/debug.c | 22 +-- fs/xfs/xfs_buf.c | 3 +- fs/xfs/xfs_buf_item_recover.c | 11 +- fs/xfs/xfs_dquot.c | 12 +- fs/xfs/xfs_notify_failure.c | 121 +++++++++----- fs/xfs/xfs_qm_bhv.c | 27 ++-- include/acpi/acpixf.h | 1 + include/dt-bindings/clock/imx93-clock.h | 1 + include/linux/alloc_tag.h | 11 +- include/linux/blkdev.h | 23 +-- include/linux/btf.h | 5 + include/linux/coredump.h | 4 +- include/linux/hid.h | 1 + include/linux/ieee80211.h | 11 +- include/linux/kallsyms.h | 2 +- include/linux/mroute_base.h | 6 +- include/linux/netdevice.h | 2 +- include/linux/nfs_common.h | 3 +- include/linux/perf_event.h | 6 + include/linux/pps_kernel.h | 3 +- include/linux/ptr_ring.h | 21 ++- include/linux/pwm.h | 17 ++ include/linux/sched.h | 1 + include/linux/skb_array.h | 17 +- include/linux/usb/tcpm.h | 3 +- include/net/ax25.h | 10 +- include/net/inetpeer.h | 12 +- include/net/netfilter/nf_tables.h | 6 + include/net/page_pool/types.h | 1 - include/net/pkt_cls.h | 13 +- include/net/sch_generic.h | 5 +- include/net/xfrm.h | 16 +- include/sound/hdaudio_ext.h | 45 ------ include/trace/events/afs.h | 2 + include/trace/events/rxrpc.h | 25 +++ io_uring/io_uring.c | 1 + io_uring/msg_ring.c | 4 +- io_uring/register.c | 2 +- io_uring/uring_cmd.c | 2 +- kernel/bpf/arena.c | 8 +- kernel/bpf/bpf_local_storage.c | 8 +- kernel/bpf/bpf_struct_ops.c | 21 +++ kernel/bpf/btf.c | 5 - kernel/bpf/helpers.c | 18 ++- kernel/events/core.c | 35 ++-- kernel/events/uprobes.c | 4 + kernel/fork.c | 17 +- kernel/irq/internals.h | 9 +- kernel/module/main.c | 7 +- kernel/padata.c | 45 ++++-- kernel/power/hibernate.c | 7 +- kernel/printk/internal.h | 6 + kernel/printk/printk.c | 5 + kernel/printk/printk_safe.c | 7 +- kernel/sched/core.c | 6 +- kernel/sched/cpufreq_schedutil.c | 4 +- kernel/sched/ext.c | 114 +++++++++---- kernel/sched/fair.c | 21 ++- kernel/sched/features.h | 9 ++ kernel/sched/stats.h | 4 + kernel/sched/syscalls.c | 2 +- kernel/trace/bpf_trace.c | 13 +- lib/alloc_tag.c | 2 + lib/rhashtable.c | 12 +- mm/memcontrol.c | 7 +- mm/oom_kill.c | 8 +- net/ax25/af_ax25.c | 12 +- net/ax25/ax25_dev.c | 4 +- net/ax25/ax25_ip.c | 3 +- net/ax25/ax25_out.c | 22 ++- net/ax25/ax25_route.c | 2 + net/core/dev.c | 23 ++- net/core/filter.c | 2 +- net/core/page_pool.c | 2 + net/core/page_pool_priv.h | 2 + net/core/page_pool_user.c | 15 +- net/core/sysctl_net_core.c | 5 +- net/ethtool/ioctl.c | 2 +- net/ethtool/netlink.c | 2 +- net/hsr/hsr_forward.c | 7 +- net/ipv4/icmp.c | 9 +- net/ipv4/inetpeer.c | 31 +--- net/ipv4/ip_fragment.c | 15 +- net/ipv4/ipmr.c | 28 ++-- net/ipv4/ipmr_base.c | 9 +- net/ipv4/route.c | 17 +- net/ipv4/tcp_cubic.c | 8 +- net/ipv4/tcp_output.c | 9 +- net/ipv4/udp.c | 56 +++++++ net/ipv6/icmp.c | 6 +- net/ipv6/ip6_output.c | 6 +- net/ipv6/ip6mr.c | 28 ++-- net/ipv6/ndisc.c | 8 +- net/ipv6/udp.c | 50 ++++++ net/mac80211/debugfs_netdev.c | 2 +- net/mac80211/driver-ops.h | 3 + net/mac80211/rx.c | 1 + net/mptcp/ctrl.c | 4 +- net/mptcp/options.c | 13 +- net/mptcp/pm_netlink.c | 3 +- net/mptcp/protocol.c | 4 +- net/mptcp/protocol.h | 30 ++-- net/ncsi/ncsi-rsp.c | 18 +-- net/netfilter/nf_tables_api.c | 57 ++++++- net/netfilter/nft_flow_offload.c | 16 +- net/netfilter/nft_set_rbtree.c | 43 +++++ net/rose/af_rose.c | 16 +- net/rose/rose_timer.c | 15 ++ net/rxrpc/conn_event.c | 12 +- net/rxrpc/peer_event.c | 16 +- net/rxrpc/peer_object.c | 12 +- net/sched/cls_api.c | 57 +++---- net/sched/cls_bpf.c | 2 + net/sched/cls_flower.c | 2 + net/sched/cls_matchall.c | 2 + net/sched/cls_u32.c | 4 + net/sched/sch_api.c | 4 + net/sched/sch_generic.c | 4 +- net/sched/sch_sfq.c | 4 + net/smc/af_smc.c | 2 +- net/smc/smc_rx.c | 37 +++-- net/smc/smc_rx.h | 8 +- net/sunrpc/svcsock.c | 12 +- net/vmw_vsock/af_vsock.c | 5 + net/wireless/scan.c | 7 +- net/wireless/tests/scan.c | 2 + net/xfrm/xfrm_replay.c | 10 +- net/xfrm/xfrm_state.c | 93 ++++++++--- samples/landlock/sandboxer.c | 7 + scripts/Makefile.build | 2 + scripts/Makefile.lib | 10 +- scripts/Makefile.modinst | 2 +- scripts/genksyms/genksyms.c | 11 +- scripts/genksyms/genksyms.h | 2 +- scripts/genksyms/parse.y | 18 ++- scripts/kconfig/confdata.c | 6 +- scripts/kconfig/symbol.c | 1 + security/landlock/fs.c | 11 +- sound/core/seq/Kconfig | 4 +- sound/pci/hda/patch_realtek.c | 1 + sound/soc/amd/acp/acp-i2s.c | 1 + sound/soc/codecs/Makefile | 8 +- sound/soc/codecs/da7213.c | 2 + sound/soc/intel/avs/apl.c | 3 +- sound/soc/intel/avs/cnl.c | 1 + sound/soc/intel/avs/core.c | 14 +- sound/soc/intel/avs/loader.c | 2 +- sound/soc/intel/avs/registers.h | 45 ++++++ sound/soc/intel/avs/skl.c | 1 + sound/soc/intel/avs/topology.c | 4 +- sound/soc/intel/boards/sof_sdw.c | 47 ++++-- sound/soc/mediatek/mt8365/Makefile | 2 +- sound/soc/renesas/rz-ssi.c | 3 +- sound/soc/rockchip/rockchip_i2s_tdm.c | 31 +++- sound/soc/sdca/Makefile | 2 +- sound/soc/sunxi/sun4i-spdif.c | 7 + sound/usb/quirks.c | 2 + tools/bootconfig/main.c | 4 +- tools/build/Makefile.feature | 7 - tools/build/feature/test-all.c | 5 - tools/include/uapi/linux/if_xdp.h | 4 +- tools/lib/bpf/btf.c | 1 + tools/lib/bpf/btf_relocate.c | 2 +- tools/lib/bpf/linker.c | 22 +-- tools/lib/bpf/usdt.c | 2 +- tools/net/ynl/lib/ynl.c | 2 +- tools/perf/MANIFEST | 1 + tools/perf/Makefile.config | 83 ++++++---- tools/perf/builtin-inject.c | 8 +- tools/perf/builtin-lock.c | 66 +++++--- tools/perf/builtin-report.c | 2 +- tools/perf/builtin-top.c | 2 +- tools/perf/builtin-trace.c | 6 +- .../perf/tests/shell/lib/perf_json_output_lint.py | 14 +- tools/perf/tests/shell/stat.sh | 6 +- tools/perf/tests/shell/trace_btf_enum.sh | 8 +- tools/perf/util/annotate.c | 76 ++++++++- tools/perf/util/annotate.h | 15 +- tools/perf/util/bpf-event.c | 10 +- .../util/bpf_skel/augmented_raw_syscalls.bpf.c | 11 +- tools/perf/util/disasm.c | 83 ++-------- tools/perf/util/env.c | 13 +- tools/perf/util/env.h | 4 +- tools/perf/util/expr.c | 5 +- tools/perf/util/header.c | 8 +- tools/perf/util/machine.c | 2 +- tools/perf/util/maps.c | 7 +- tools/perf/util/namespaces.c | 7 +- tools/perf/util/namespaces.h | 3 +- tools/perf/util/stat-display.c | 177 +++++++++++---------- tools/perf/util/symbol.c | 9 +- .../cpupower/utils/idle_monitor/mperf_monitor.c | 15 +- tools/power/x86/turbostat/turbostat.c | 58 ++++++- tools/testing/ktest/ktest.pl | 7 +- tools/testing/selftests/bpf/Makefile | 4 +- .../testing/selftests/bpf/prog_tests/btf_distill.c | 4 +- .../selftests/bpf/prog_tests/fill_link_info.c | 4 + .../selftests/bpf/progs/test_fill_link_info.c | 13 +- tools/testing/selftests/bpf/test_tc_tunnel.sh | 1 + tools/testing/selftests/bpf/veristat.c | 1 + tools/testing/selftests/bpf/xdp_hw_metadata.c | 2 +- .../drivers/net/netdevsim/udp_tunnel_nic.sh | 16 +- .../ftrace/test.d/00basic/mount_options.tc | 8 +- tools/testing/selftests/kselftest/ktap_helpers.sh | 2 +- tools/testing/selftests/kselftest_harness.h | 24 +-- tools/testing/selftests/landlock/Makefile | 4 +- tools/testing/selftests/landlock/fs_test.c | 3 +- tools/testing/selftests/mm/Makefile | 9 +- tools/testing/selftests/net/lib/Makefile | 2 +- tools/testing/selftests/net/mptcp/Makefile | 2 +- tools/testing/selftests/net/openvswitch/Makefile | 2 +- .../selftests/powerpc/benchmarks/gettimeofday.c | 2 +- tools/testing/selftests/rseq/rseq.c | 32 +++- tools/testing/selftests/rseq/rseq.h | 9 +- .../testing/selftests/timers/clocksource-switch.c | 6 +- 699 files changed, 5672 insertions(+), 3241 deletions(-)

4 months, 1 week

12
11
0 0

[PATCH 6.1.y v2] net: dsa: fix netdev_priv() dereference before check on non-DSA netdevice events

by jetlan9＠163.com

From: Vladimir Oltean <vladimir.oltean(a)nxp.com> commit 844f104790bd69c2e4dbb9ee3eba46fde1fcea7b upstream. After the blamed commit, we started doing this dereference for every NETDEV_CHANGEUPPER and NETDEV_PRECHANGEUPPER event in the system. static inline struct dsa_port *dsa_user_to_port(const struct net_device *dev) { struct dsa_user_priv *p = netdev_priv(dev); return p->dp; } Which is obviously bogus, because not all net_devices have a netdev_priv() of type struct dsa_user_priv. But struct dsa_user_priv is fairly small, and p->dp means dereferencing 8 bytes starting with offset 16. Most drivers allocate that much private memory anyway, making our access not fault, and we discard the bogus data quickly afterwards, so this wasn't caught. But the dummy interface is somewhat special in that it calls alloc_netdev() with a priv size of 0. So every netdev_priv() dereference is invalid, and we get this when we emit a NETDEV_PRECHANGEUPPER event with a VLAN as its new upper: $ ip link add dummy1 type dummy $ ip link add link dummy1 name dummy1.100 type vlan id 100 [ 43.309174] ================================================================== [ 43.316456] BUG: KASAN: slab-out-of-bounds in dsa_user_prechangeupper+0x30/0xe8 [ 43.323835] Read of size 8 at addr ffff3f86481d2990 by task ip/374 [ 43.330058] [ 43.342436] Call trace: [ 43.366542] dsa_user_prechangeupper+0x30/0xe8 [ 43.371024] dsa_user_netdevice_event+0xb38/0xee8 [ 43.375768] notifier_call_chain+0xa4/0x210 [ 43.379985] raw_notifier_call_chain+0x24/0x38 [ 43.384464] __netdev_upper_dev_link+0x3ec/0x5d8 [ 43.389120] netdev_upper_dev_link+0x70/0xa8 [ 43.393424] register_vlan_dev+0x1bc/0x310 [ 43.397554] vlan_newlink+0x210/0x248 [ 43.401247] rtnl_newlink+0x9fc/0xe30 [ 43.404942] rtnetlink_rcv_msg+0x378/0x580 Avoid the kernel oops by dereferencing after the type check, as customary. Fixes: 4c3f80d22b2e ("net: dsa: walk through all changeupper notifier functions") Reported-and-tested-by: syzbot+d81bcd883824180500c8(a)syzkaller.appspotmail.com Closes: https://lore.kernel.org/netdev/0000000000001d4255060e87545c@google.com/ Signed-off-by: Vladimir Oltean <vladimir.oltean(a)nxp.com> Reviewed-by: Florian Fainelli <florian.fainelli(a)broadcom.com> Reviewed-by: Eric Dumazet <edumazet(a)google.com> Link: https://lore.kernel.org/r/20240110003354.2796778-1-vladimir.oltean@nxp.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> Signed-off-by: Wenshan Lan <jetlan9(a)163.com> --- v2: add the upstream commit in this commit log. --- net/dsa/slave.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/net/dsa/slave.c b/net/dsa/slave.c index 5fe075bf479e..caeb7e75b287 100644 --- a/net/dsa/slave.c +++ b/net/dsa/slave.c @@ -2592,13 +2592,14 @@ EXPORT_SYMBOL_GPL(dsa_slave_dev_check); static int dsa_slave_changeupper(struct net_device *dev, struct netdev_notifier_changeupper_info *info) { - struct dsa_port *dp = dsa_slave_to_port(dev); struct netlink_ext_ack *extack; int err = NOTIFY_DONE; + struct dsa_port *dp; if (!dsa_slave_dev_check(dev)) return err; + dp = dsa_slave_to_port(dev); extack = netdev_notifier_info_to_extack(&info->info); if (netif_is_bridge_master(info->upper_dev)) { @@ -2652,11 +2653,13 @@ static int dsa_slave_changeupper(struct net_device *dev, static int dsa_slave_prechangeupper(struct net_device *dev, struct netdev_notifier_changeupper_info *info) { - struct dsa_port *dp = dsa_slave_to_port(dev); + struct dsa_port *dp; if (!dsa_slave_dev_check(dev)) return NOTIFY_DONE; + dp = dsa_slave_to_port(dev); + if (netif_is_bridge_master(info->upper_dev) && !info->linking) dsa_port_pre_bridge_leave(dp, info->upper_dev); else if (netif_is_lag_master(info->upper_dev) && !info->linking) -- 2.43.0

4 months, 1 week

1
0
0 0

[PATCH 6.12 000/583] 6.12.13-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.12.13 release. There are 583 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 08 Feb 2025 16:05:14 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.12.13-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.12.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.12.13-rc2 Jakub Kicinski <kuba(a)kernel.org> ethtool: ntuple: fix rss + ring_cookie check Qu Wenruo <wqu(a)suse.com> btrfs: do proper folio cleanup when run_delalloc_nocow() failed Tiezhu Yang <yangtiezhu(a)loongson.cn> LoongArch: Change 8 to 14 for LOONGARCH_MAX_{BRP,WRP} Chen Ridong <chenridong(a)huawei.com> memcg: fix soft lockup in the OOM process Sean Christopherson <seanjc(a)google.com> KVM: x86: Plumb in the vCPU to kvm_x86_ops.hwapic_isr_update() Aric Cyr <Aric.Cyr(a)amd.com> drm/amd/display: Add hubp cache reset when powergating Nathan Chancellor <nathan(a)kernel.org> s390: Add '-std=gnu11' to decompressor and purgatory CFLAGS Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> ASoC: da7213: Initialize the mutex Leon Hwang <leon.hwang(a)linux.dev> selftests/bpf: Add test to verify tailcall and freplace restrictions Vasily Gorbik <gor(a)linux.ibm.com> Revert "s390/mm: Allow large pages for KASAN shadow mapping" Gal Pressman <gal(a)nvidia.com> ethtool: Fix access to uninitialized fields in set RXNFC command Steffen Klassert <steffen.klassert(a)secunet.com> xfrm: Fix acquire state insertion. Everest K.C <everestkc(a)everestkc.com.np> xfrm: Add error handling when nla_put_u32() returns an error Geert Uytterhoeven <geert+renesas(a)glider.be> dma-mapping: save base/size instead of pointer to shared DMA pool Zijun Hu <quic_zijuhu(a)quicinc.com> of: reserved-memory: Warn for missing static reserved memory regions Qu Wenruo <wqu(a)suse.com> btrfs: output the reason for open_ctree() failure Yu Kuai <yukuai3(a)huawei.com> md/md-bitmap: Synchronize bitmap_get_stats() with bitmap lifetime Shivaprasad G Bhat <sbhat(a)linux.ibm.com> powerpc/pseries/iommu: Don't unset window if it was never set Dan Carpenter <dan.carpenter(a)linaro.org> media: imx-jpeg: Fix potential error pointer dereference in detach_pm() Laurentiu Palcu <laurentiu.palcu(a)oss.nxp.com> staging: media: max96712: fix kernel oops when removing module Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: gadget: f_tcm: Don't free command immediately Calvin Owens <calvin(a)wbinvd.org> pps: Fix a use-after-free Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> media: uvcvideo: Fix double free in error path Arnaud Pouliquen <arnaud.pouliquen(a)foss.st.com> remoteproc: core: Fix ida_free call while not allocated Patrisious Haddad <phaddad(a)nvidia.com> RDMA/mlx5: Fix implicit ODP use after free Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: blackhole only if 1st SYN retrans w/o MPC is accepted Paolo Abeni <pabeni(a)redhat.com> mptcp: handle fastopen disconnect correctly Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: only set fullmesh for subflow endp Paolo Abeni <pabeni(a)redhat.com> mptcp: consolidate suboption status Abel Vesa <abel.vesa(a)linaro.org> clk: qcom: gcc-x1e80100: Do not turn off usb_2 controller GDSC Kyle Tso <kyletso(a)google.com> usb: typec: tcpci: Prevent Sink disconnection before vPpsShutdown in SPR PPS Jos Wang <joswang(a)lenovo.com> usb: typec: tcpm: set SRC_SEND_CAPABILITIES timeout to PD_T_SENDER_RESPONSE Ray Chi <raychi(a)google.com> usb: dwc3: Skip resume if pm_runtime_set_active() fails Kyle Tso <kyletso(a)google.com> usb: dwc3: core: Defer the probe until USB power supply ready Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> usb: dwc3-am62: Fix an OF node leak in phy_syscon_pll_refclk() Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: gadget: f_tcm: Fix Get/SetInterface return value Sean Rhodes <sean(a)starlabs.systems> drivers/card_reader/rtsx_usb: Restore interrupt based detection Michal Pecio <michal.pecio(a)gmail.com> usb: xhci: Fix NULL pointer dereference on certain command aborts Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> net: usb: rtl8150: enable basic endpoint checking Lianqin Hu <hulianqin(a)vivo.com> ALSA: usb-audio: Add delay quirk for iBasso DC07 Pro Darrick J. Wong <djwong(a)kernel.org> xfs: don't shut down the filesystem for media failures beyond end of log Christoph Hellwig <hch(a)lst.de> xfs: check for dead buffers in xfs_buf_find_insert Ricardo B. Marliere <rbm(a)suse.com> ktest.pl: Check kernelrelease return in get_version Masami Hiramatsu (Google) <mhiramat(a)kernel.org> selftests/ftrace: Fix to use remount when testing mount GID option Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> selftests/rseq: Fix handling of glibc without rseq support Wayne Lin <Wayne.Lin(a)amd.com> drm/amd/display: Reduce accessing remote DPCD overhead Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: reject mismatching sum of field_len with set key length Parth Pancholi <parth.pancholi(a)toradex.com> kbuild: switch from lz4c to lz4 for compression Chuck Lever <chuck.lever(a)oracle.com> Revert "SUNRPC: Reduce thread wake-up rate when receiving large RPC messages" Yu Kuai <yukuai3(a)huawei.com> md/md-bitmap: move bitmap_{start, end}write to md upper layer Yu Kuai <yukuai3(a)huawei.com> md/raid5: implement pers->bitmap_sector() Yu Kuai <yukuai3(a)huawei.com> md: add a new callback pers->bitmap_sector() Yu Kuai <yukuai3(a)huawei.com> md/md-bitmap: remove the last parameter for bimtap_ops->endwrite() Yu Kuai <yukuai3(a)huawei.com> md/md-bitmap: factor behind write counters out from bitmap_{start/end}write() Daniel Lee <chullee(a)google.com> f2fs: Introduce linear search for dentries Lin Yujun <linyujun809(a)huawei.com> hexagon: Fix unbalanced spinlock in die() Willem de Bruijn <willemb(a)google.com> hexagon: fix using plain integer as NULL pointer warning in cmpxchg Masahiro Yamada <masahiroy(a)kernel.org> kconfig: fix memory leak in sym_warn_unmet_dep() Masahiro Yamada <masahiroy(a)kernel.org> kconfig: fix file name in warnings when loading KCONFIG_DEFCONFIG_LIST Pali Rohár <pali(a)kernel.org> cifs: Fix getting and setting SACLs over SMB1 Pali Rohár <pali(a)kernel.org> cifs: Validate EAs for WSL reparse points Len Brown <len.brown(a)intel.com> tools/power turbostat: Fix forked child affinity regression Daniel Baluta <daniel.baluta(a)nxp.com> ASoC: amd: acp: Fix possible deadlock Jens Axboe <axboe(a)kernel.dk> io_uring/uring_cmd: use cached cmd_op in io_uring_cmd_sock() Detlev Casanova <detlev.casanova(a)collabora.com> ASoC: rockchip: i2s_tdm: Re-add the set_sysclk callback Palmer Dabbelt <palmer(a)rivosinc.com> RISC-V: Mark riscv_v_init() as __init Patryk Wlazlyn <patryk.wlazlyn(a)linux.intel.com> tools/power turbostat: Fix PMT mmaped file size rounding Patryk Wlazlyn <patryk.wlazlyn(a)linux.intel.com> tools/power turbostat: Allow using cpu device in perf counters on hybrid platforms Al Viro <viro(a)zeniv.linux.org.uk> hostfs: fix string handling in __dentry_name() Masahiro Yamada <masahiroy(a)kernel.org> genksyms: fix memory leak when the same symbol is read from *.symref file Masahiro Yamada <masahiroy(a)kernel.org> genksyms: fix memory leak when the same symbol is added from source Eric Dumazet <edumazet(a)google.com> net: hsr: fix fill_frame_info() regression vs VLAN packets Kory Maincent <kory.maincent(a)bootlin.com> net: sh_eth: Fix missing rtnl lock in suspend/resume path Kory Maincent <kory.maincent(a)bootlin.com> net: ravb: Fix missing rtnl lock in suspend/resume path Toke Høiland-Jørgensen <toke(a)redhat.com> net: xdp: Disallow attaching device-bound programs in generic mode Jon Maloy <jmaloy(a)redhat.com> tcp: correct handling of extreme memory squeeze Rafał Miłecki <rafal(a)milecki.pl> bgmac: reduce max frame size to support just MTU 1500 Michal Luczaj <mhal(a)rbox.co> vsock: Allow retrying on connect() failure Neeraj Sanjay Kale <neeraj.sanjaykale(a)nxp.com> Bluetooth: btnxpuart: Fix glitches seen in dual A2DP streaming Douglas Anderson <dianders(a)chromium.org> Bluetooth: btusb: mediatek: Add locks for usb_driver_claim_interface() Namhyung Kim <namhyung(a)kernel.org> perf test: Skip syscall enum test if no landlock syscall Howard Chu <howardchu95(a)gmail.com> perf trace: Fix runtime error of index out of bounds Heiko Carstens <hca(a)linux.ibm.com> s390/sclp: Initialize sclp subsystem via arch_cpu_finalize_init() Kunihiko Hayashi <hayashi.kunihiko(a)socionext.com> net: stmmac: Limit FIFO size by hardware capability Kunihiko Hayashi <hayashi.kunihiko(a)socionext.com> net: stmmac: Limit the number of MTL queues to hardware capability Gal Pressman <gal(a)nvidia.com> ethtool: Fix set RXNFC command with symmetric RSS hash Edward Cree <ecree.xilinx(a)gmail.com> net: ethtool: only allow set_rxnfc with rss + ring_cookie if driver opts in Thomas Weißschuh <linux(a)weissschuh.net> ptp: Properly handle compat ioctls Chenyuan Yang <chenyuan0y(a)gmail.com> net: davicom: fix UAF in dm9000_drv_remove Shigeru Yoshida <syoshida(a)redhat.com> vxlan: Fix uninit-value in vxlan_vnifilter_dump() David Howells <dhowells(a)redhat.com> rxrpc, afs: Fix peer hash locking vs RCU callback Jan Stancek <jstancek(a)redhat.com> selftests: net/{lib,openvswitch}: extend CFLAGS to keep options from environment Jan Stancek <jstancek(a)redhat.com> selftests: mptcp: extend CFLAGS to keep options from environment Jakub Kicinski <kuba(a)kernel.org> tools: ynl: c: correct reverse decode of empty attrs Jakub Kicinski <kuba(a)kernel.org> net: netdevsim: try to close UDP port harness races Eric Dumazet <edumazet(a)google.com> net: rose: fix timer races against user threads Paul Fertser <fercerpav(a)gmail.com> net/ncsi: use dev_set_mac_address() for Get MC MAC Address handling Vasily Gorbik <gor(a)linux.ibm.com> s390/mm: Allow large pages for KASAN shadow mapping Michal Swiatkowski <michal.swiatkowski(a)linux.intel.com> iavf: allow changing VLAN state without calling PF Mateusz Polchlopek <mateusz.polchlopek(a)intel.com> ice: remove invalid parameter of equalizer Mateusz Polchlopek <mateusz.polchlopek(a)intel.com> ice: extend dump serdes equalizer values feature Mateusz Polchlopek <mateusz.polchlopek(a)intel.com> ice: rework of dump serdes equalizer values feature Przemek Kitszel <przemyslaw.kitszel(a)intel.com> ice: fix ice_parser_rt::bst_key array size Marco Leogrande <leogrande(a)google.com> idpf: convert workqueues to unbound Manoj Vishwanathan <manojvishy(a)google.com> idpf: Acquire the lock before accessing the xn->salt Emil Tantilov <emil.s.tantilov(a)intel.com> idpf: fix transaction timeouts on reset Emil Tantilov <emil.s.tantilov(a)intel.com> idpf: add read memory barrier when checking descriptor done bit Sebastian Sewior <bigeasy(a)linutronix.de> xfrm: Don't disable preemption while looking up cache state. Howard Chu <howardchu95(a)gmail.com> perf trace: Fix BPF loading failure (-E2BIG) Wentao Liang <vulab(a)iscas.ac.cn> PM: hibernate: Add error handling for syscore_suspend() Eric Dumazet <edumazet(a)google.com> ipmr: do not call mr_mfc_uses_dev() for unres entries Dheeraj Reddy Jonnalagadda <dheeraj.linuxdev(a)gmail.com> net: fec: implement TSO descriptor cleanup Dimitri Fedrau <dima.fedrau(a)gmail.com> net: phy: marvell-88q2xxx: Fix temperature measurement with reset-gpios Ahmad Fatoum <a.fatoum(a)pengutronix.de> gpio: mxc: remove dead code after switch to DT-only Jian Shen <shenjian15(a)huawei.com> net: hns3: fix oops when unload drivers paralleling Christian Marangi <ansuelsmth(a)gmail.com> net: airoha: Fix wrong GDM4 register definition Alexander Stein <alexander.stein(a)ew.tq-group.com> regulator: core: Add missing newline character pangliyuan <pangliyuan1(a)huawei.com> ubifs: skip dumping tnc tree when zroot is null Ming Wang <wangming01(a)loongson.cn> rtc: loongson: clear TOY_MATCH0_REG in loongson_rtc_isr() Oleksij Rempel <o.rempel(a)pengutronix.de> rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read Dan Carpenter <dan.carpenter(a)linaro.org> rtc: tps6594: Fix integer overflow on 32bit systems Alexandre Cassen <acassen(a)corp.free.fr> xfrm: delete intermediate secpath entry in packet offload mode Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> dmaengine: ti: edma: fix OF node reference leaks in edma_driver Florian Westphal <fw(a)strlen.de> xfrm: state: fix out-of-bounds read during lookup Steffen Klassert <steffen.klassert(a)secunet.com> xfrm: Add an inbound percpu state cache. Steffen Klassert <steffen.klassert(a)secunet.com> xfrm: Cache used outbound xfrm states at the policy. Steffen Klassert <steffen.klassert(a)secunet.com> xfrm: Add support for per cpu xfrm state handling. Jianbo Liu <jianbol(a)nvidia.com> xfrm: replay: Fix the update of replay_esn->oseq_hi for GSO Luo Yifan <luoyifan(a)cmss.chinamobile.com> tools/bootconfig: Fix the wrong format specifier Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Fix warnings during S3 suspend Olga Kornievskaia <okorniev(a)redhat.com> NFSv4.2: mark OFFLOAD_CANCEL MOVEABLE Olga Kornievskaia <okorniev(a)redhat.com> NFSv4.2: fix COPY_NOTIFY xdr buf size calculation Mike Snitzer <snitzer(a)kernel.org> nfs: fix incorrect error handling in LOCALIO John Ogness <john.ogness(a)linutronix.de> serial: 8250: Adjust the timeout for FIFO mode Jiri Slaby (SUSE) <jirislaby(a)kernel.org> tty: mips_ejtag_fdc: fix one more u8 warning Zijun Hu <quic_zijuhu(a)quicinc.com> driver core: class: Fix wild pointer dereferences in API class_dev_iter_next() Christophe Leroy <christophe.leroy(a)csgroup.eu> module: Don't fail module loading when setting ro_after_init section RO failed Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> module: Extend the preempt disabled section in dereference_symbol_descriptor(). Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: handle errors that nilfs_prepare_chunk() may return Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: protect access to buffers with no active references Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: do not force clear folio if buffer is referenced Su Yue <glass.su(a)suse.com> ocfs2: mark dquot as inactive if failed to start trans while releasing dquot Gao Xiang <xiang(a)kernel.org> erofs: fix potential return value overflow of z_erofs_shrink_scan() Gao Xiang <xiang(a)kernel.org> erofs: sunset `struct erofs_workgroup` Gao Xiang <xiang(a)kernel.org> erofs: move erofs_workgroup operations into zdata.c Gao Xiang <xiang(a)kernel.org> erofs: get rid of erofs_{find,insert}_workgroup Charles Han <hanchunchao(a)inspur.com> firewire: test: Fix potential null dereference in firewire kunit test Guixin Liu <kanie(a)linux.alibaba.com> scsi: mpi3mr: Fix possible crash when setting up bsg fails Guixin Liu <kanie(a)linux.alibaba.com> scsi: ufs: bsg: Delete bsg_dev when setting up bsg fails Paul Menzel <pmenzel(a)molgen.mpg.de> scsi: mpt3sas: Set ioc->manu_pg11.EEDPTagMode directly to 1 Daire McNamara <daire.mcnamara(a)microchip.com> PCI: microchip: Set inbound address translation for coherent or non-coherent mode Conor Dooley <conor.dooley(a)microchip.com> PCI: microchip: Add support for using either Root Port 1 or 2 Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> PCI: endpoint: pci-epf-test: Fix check for DMA MEMCPY test Mohamed Khalfella <khalfella(a)gmail.com> PCI: endpoint: pci-epf-test: Set dma_chan_rx pointer to NULL on error Richard Zhu <hongxing.zhu(a)nxp.com> PCI: dwc: Always stop link in the dw_pcie_suspend_noirq Krishna chaitanya chundru <quic_krichai(a)quicinc.com> PCI: qcom: Update ICC and OPP values after Link Up event Richard Zhu <hongxing.zhu(a)nxp.com> PCI: imx6: Add missing reference clock disable logic Richard Zhu <hongxing.zhu(a)nxp.com> PCI: imx6: Deassert apps_reset in imx_pcie_deassert_core_reset() Richard Zhu <hongxing.zhu(a)nxp.com> PCI: imx6: Skip controller_id generation logic for i.MX7D Frank Li <Frank.Li(a)nxp.com> PCI: imx6: Configure PHY based on Root Complex or Endpoint mode King Dix <kingdix10(a)qq.com> PCI: rcar-ep: Fix incorrect variable used when calling devm_request_mem_region() Desnes Nunes <desnesn(a)redhat.com> media: dvb-usb-v2: af9035: fix ISO C90 compilation error on af9035_i2c_master_xfer Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> staging: media: imx: fix OF node leak in imx_media_add_of_subdevs() Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> watchdog: rti_wdt: Fix an OF node leak in rti_wdt_probe() Laurentiu Palcu <laurentiu.palcu(a)oss.nxp.com> media: nxp: imx8-isi: fix v4l2-compliance test errors Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> mtd: hyperbus: hbmc-am654: fix an OF node reference leak david regan <dregan(a)broadcom.com> mtd: rawnand: brcmnand: fix status read of brcmnand_waitfunc Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Propagate buf->error to userspace Jiasheng Jiang <jiashengjiangcool(a)gmail.com> media: camif-core: Add check for clk_enable() Jiasheng Jiang <jiashengjiangcool(a)gmail.com> media: mipi-csis: Add check for clk_enable() Dave Stevenson <dave.stevenson(a)raspberrypi.com> media: i2c: ov9282: Correct the exposure offset Luca Weiss <luca.weiss(a)fairphone.com> media: i2c: imx412: Add missing newline to prints Dave Stevenson <dave.stevenson(a)raspberrypi.com> media: i2c: imx290: Register 0x3011 varies between imx327 and imx290 Jiasheng Jiang <jiashengjiangcool(a)gmail.com> media: marvell: Add check for clk_enable() Chen-Yu Tsai <wenst(a)chromium.org> remoteproc: mtk_scp: Only populate devices for SCP cores Zijun Hu <quic_zijuhu(a)quicinc.com> PCI: endpoint: Destroy the EPC device in devm_pci_epc_destroy() Chen Ni <nichen(a)iscas.ac.cn> media: lmedm04: Handle errors for lme2510_int_read Oliver Neukum <oneukum(a)suse.com> media: rc: iguanair: handle timeouts Dmytro Maluka <dmaluka(a)chromium.org> of/fdt: Restore possibility to use both ACPI and FDT from bootloader Oreoluwa Babatunde <quic_obabatun(a)quicinc.com> of: reserved_mem: Restructure how the reserved memory regions are processed Mark Brown <broonie(a)kernel.org> spi: omap2-mcspi: Correctly handle devm_clk_get_optional() errors Qasim Ijaz <qasdev00(a)gmail.com> iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index() Suraj Sonawane <surajsonawane0215(a)gmail.com> iommu: iommufd: fix WARNING in iommufd_device_unbind Zhu Yanjun <yanjun.zhu(a)linux.dev> RDMA/rxe: Fix the warning "__rxe_cleanup+0x12c/0x170 [rdma_rxe]" Anumula Murali Mohan Reddy <anumula(a)chelsio.com> RDMA/cxgb4: Notify rdma stack for IB_EVENT_QP_LAST_WQE_REACHED event Randy Dunlap <rdunlap(a)infradead.org> efi: sysfb_efi: fix W=1 warnings when EFI is not set Zijun Hu <quic_zijuhu(a)quicinc.com> of: reserved-memory: Do not make kmemleak ignore freed address Zijun Hu <quic_zijuhu(a)quicinc.com> of: property: Avoiding using uninitialized variable @imaplen in parse_interrupt_map() Michael Guralnik <michaelgur(a)nvidia.com> RDMA/mlx5: Fix indirect mkey ODP page count Pei Xiao <xiaopei01(a)kylinos.cn> i3c: dw: Fix use-after-free in dw_i3c_master driver due to race condition Joel Stanley <joel(a)jms.id.au> arm64: dts: qcom: x1e80100-romulus: Update firmware nodes Akhil R <akhilrajeev(a)nvidia.com> arm64: tegra: Fix DMA ID for SPI2 Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> fbdev: omapfb: Fix an OF node leak in dss_of_port_get_parent_device() Josua Mayer <josua(a)solid-run.com> arm64: dts: ti: k3-am642-hummingboard-t: Convert overlay to board dts Michael Riesch <michael.riesch(a)wolfvision.net> arm64: dts: rockchip: fix num-channels property of wolfvision pf5 mic Rafał Miłecki <rafal(a)milecki.pl> ARM: dts: mediatek: mt7623: fix IR nodename Josua Mayer <josua(a)solid-run.com> arm64: dts: marvell: cn9131-cf-solidwan: fix cp1 comphy links Vladimir Zapolskiy <vladimir.zapolskiy(a)linaro.org> arm64: dts: qcom: sm8250: Fix interrupt types of camss interrupts Vladimir Zapolskiy <vladimir.zapolskiy(a)linaro.org> arm64: dts: qcom: sdm845: Fix interrupt types of camss interrupts Vladimir Zapolskiy <vladimir.zapolskiy(a)linaro.org> arm64: dts: qcom: sc8280xp: Fix interrupt type of camss interrupts Val Packett <val(a)packett.cool> arm64: dts: mediatek: add per-SoC compatibles for keypad nodes Jason-JH.Lin <jason-jh.lin(a)mediatek.com> dts: arm64: mediatek: mt8195: Remove MT8183 compatible for OVL Frank Wunderlich <frank-w(a)public-files.de> arm64: dts: mediatek: mt7988: Add missing clock-div property for i2c Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> firmware: qcom: scm: Cleanup global '__scm' on probe failures Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com> arm64: dts: qcom: sc8280xp: Fix up remoteproc register space sizes Neil Armstrong <neil.armstrong(a)linaro.org> arm64: dts: qcom: sm8150-microsoft-surface-duo: fix typos in da7280 properties Neil Armstrong <neil.armstrong(a)linaro.org> arm64: dts: qcom: sc7180: fix psci power domain node names Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sc7180: change labels to lower-case Neil Armstrong <neil.armstrong(a)linaro.org> arm64: dts: qcom: sc7180-trogdor-pompom: rename 5v-choke thermal zone Neil Armstrong <neil.armstrong(a)linaro.org> arm64: dts: qcom: sc7180-trogdor-quackingstick: add missing avee-supply Neil Armstrong <neil.armstrong(a)linaro.org> arm64: dts: qcom: sdm845-db845c-navigation-mezzanine: remove disabled ov7251 camera Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> arm64: dts: qcom: sdm845-db845c-navigation-mezzanine: Convert mezzanine riser to dtso Neil Armstrong <neil.armstrong(a)linaro.org> arm64: dts: qcom: qcm6490-shift-otter: remove invalid orientation-switch Aaro Koskinen <aaro.koskinen(a)iki.fi> ARM: omap1: Fix up the Retu IRQ on Nokia 770 Junxian Huang <huangjunxian6(a)hisilicon.com> RDMA/hns: Clean up the legacy CONFIG_INFINIBAND_HNS Li Zhijian <lizhijian(a)fujitsu.com> RDMA/rtrs: Add missing deinit() call Kalesh AP <kalesh-anakkur.purayil(a)broadcom.com> RDMA/bnxt_re: Fix to drop reference to the mmap entry in case of error Vasily Khoruzhick <anarsoul(a)gmail.com> arm64: dts: allwinner: a64: explicitly assign clock parent for TCON0 Jonas Karlman <jonas(a)kwiboo.se> arm64: dts: rockchip: Fix sdmmc access on rk3308-rock-s0 v1.1 boards Bryan Brattlof <bb(a)ti.com> arm64: dts: ti: k3-am62a: Remove duplicate GICR reg Bryan Brattlof <bb(a)ti.com> arm64: dts: ti: k3-am62: Remove duplicate GICR reg Cristian Birsan <cristian.birsan(a)microchip.com> ARM: dts: microchip: sama5d27_wlsom1_ek: Add no-1-8-v property to sdmmc0 node Cristian Birsan <cristian.birsan(a)microchip.com> ARM: dts: microchip: sama5d29_curiosity: Add no-1-8-v property to sdmmc0 node Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8650: Fix CDSP context banks unit addresses Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: x1e80100: correct sleep clock frequency Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sm8650: correct sleep clock frequency Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sm8550: correct sleep clock frequency Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sm8450: correct sleep clock frequency Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sm8350: correct sleep clock frequency Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sm8250: correct sleep clock frequency Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sm6375: correct sleep clock frequency Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sm6125: correct sleep clock frequency Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sm4450: correct sleep clock frequency Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sdx75: correct sleep clock frequency Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sc7280: correct sleep clock frequency Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: qrb4210-rb2: correct sleep clock frequency Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: q[dr]u1000: correct sleep clock frequency Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: qcs404: correct sleep clock frequency Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: msm8994: correct sleep clock frequency Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: msm8939: correct sleep clock frequency Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: msm8916: correct sleep clock frequency Luca Weiss <luca.weiss(a)fairphone.com> arm64: dts: qcom: sm7225-fairphone-fp4: Drop extra qcom,msm-id value Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com> arm64: dts: qcom: msm8994: Describe USB interrupts Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com> arm64: dts: qcom: msm8996: Fix up USB3 interrupts Ross Burton <ross.burton(a)arm.com> arm64: defconfig: remove obsolete CONFIG_SM_DISPCC_8650 Taniya Das <quic_tdas(a)quicinc.com> arm64: dts: qcom: sa8775p: Update sleep_clk frequency Marek Vasut <marex(a)denx.de> arm64: dts: qcom: msm8996-xiaomi-gemini: Fix LP5562 LED1 reg property Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8183-kukui-jacuzzi: Drop pp3300_panel voltage settings Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> memory: tegra20-emc: fix an OF node reference bug in tegra_emc_find_node_by_ram_code() Marek Vasut <marex(a)denx.de> ARM: dts: stm32: Swap USART3 and UART8 alias on STM32MP15xx DHCOM SoM Marek Vasut <marex(a)denx.de> ARM: dts: stm32: Deduplicate serial aliases and chosen node for STM32MP15xx DHCOM SoM Nícolas F. R. A. Prado <nfraprado(a)collabora.com> arm64: dts: mediatek: mt8195: Remove suspend-breaking reset from pcie1 Ma Ke <make_ruc2021(a)163.com> RDMA/srp: Fix error handling in srp_add_port Hsin-Te Yuan <yuanhsinte(a)chromium.org> arm64: dts: mediatek: mt8183: willow: Support second source touchscreen Hsin-Te Yuan <yuanhsinte(a)chromium.org> arm64: dts: mediatek: mt8183: kenzo: Support second source touchscreen zhenwei pi <pizhenwei(a)bytedance.com> RDMA/rxe: Fix mismatched max_msg_sz Mamta Shukla <mamta.shukla(a)leica-geosystems.com> arm: dts: socfpga: use reset-name "stmmaceth-ocp" instead of "ahb" Ricky CX Wu <ricky.cx.wu.wiwynn(a)gmail.com> ARM: dts: aspeed: yosemite4: correct the compatible string for max31790 Ricky CX Wu <ricky.cx.wu.wiwynn(a)gmail.com> ARM: dts: aspeed: yosemite4: Add required properties for IOE on fan boards Ricky CX Wu <ricky.cx.wu.wiwynn(a)gmail.com> ARM: dts: aspeed: yosemite4: correct the compatible string of adm1272 Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8173-evb: Fix MT6397 PMIC sub-node names Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8173-elm: Fix MT6397 PMIC sub-node names Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8395-genio-1200-evk: Drop regulator-compatible property Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: medaitek: mt8395-nio-12l: Drop regulator-compatible property Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8195-demo: Drop regulator-compatible property Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8195-cherry: Drop regulator-compatible property Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8192-asurada: Drop regulator-compatible property Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8173-elm: Drop regulator-compatible property Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8173-evb: Drop regulator-compatible property Dan Carpenter <dan.carpenter(a)linaro.org> rdma/cxgb4: Prevent potential integer overflow on 32bit Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> arm64: dts: renesas: rzg3s-smarc: Fix the debug serial alias Leon Romanovsky <leon(a)kernel.org> RDMA/mlx4: Avoid false error about access to uninitialized gids array Arnaud Pouliquen <arnaud.pouliquen(a)foss.st.com> ARM: dts: stm32: Fix IPCC EXTI declaration on stm32mp151 Marek Vasut <marex(a)denx.de> ARM: dts: stm32: Increase CPU core voltage on STM32MP13xx DHCOR SoM Val Packett <val(a)packett.cool> arm64: dts: mediatek: mt8516: reserve 192 KiB for TF-A Val Packett <val(a)packett.cool> arm64: dts: mediatek: mt8516: add i2c clock-div property Val Packett <val(a)packett.cool> arm64: dts: mediatek: mt8516: fix wdt irq type Val Packett <val(a)packett.cool> arm64: dts: mediatek: mt8516: fix GICv2 range Hsin-Yi Wang <hsinyi(a)chromium.org> arm64: dts: mt8183: set DMIC one-wire mode on Damu Nícolas F. R. A. Prado <nfraprado(a)collabora.com> arm64: dts: mediatek: mt8186: Move wakeup to MTU3 to get working suspend Alexander Stein <alexander.stein(a)ew.tq-group.com> ARM: dts: imx7-tqma7: add missing vs-supply for LM75A (rev. 01xxx) Nicolas Ferre <nicolas.ferre(a)microchip.com> ARM: at91: pm: change BU Power Switch to automatic mode Javier Carrasco <javier.carrasco.cruz(a)gmail.com> soc: atmel: fix device_node release in atmel_soc_device_init() Hou Tao <houtao1(a)huawei.com> bpf: Cancel the running bpf_timer through kworker for PREEMPT_RT Pali Rohár <pali(a)kernel.org> cifs: Use cifs_autodisable_serverino() for disabling CIFS_MOUNT_SERVER_INUM in readdir.c Paulo Alcantara <pc(a)manguebit.com> smb: client: fix oops due to unset link speed Herbert Xu <herbert(a)gondor.apana.org.au> rhashtable: Fix rhashtable_try_insert test Chen Ridong <chenridong(a)huawei.com> padata: avoid UAF for reorder_work Chen Ridong <chenridong(a)huawei.com> padata: add pd get/put refcnt helper Chen Ridong <chenridong(a)huawei.com> padata: fix UAF in padata_reorder Chun-Tse Shao <ctshao(a)google.com> perf lock: Fix parse_lock_type which only retrieve one lock flag Vishal Chourasia <vishalc(a)linux.ibm.com> tools: Sync if_xdp.h uapi tooling header Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek - Fixed headphone distorted sound on Acer Aspire A115-31 laptop Alejandro Jimenez <alejandro.j.jimenez(a)oracle.com> iommu/amd: Remove unused amd_iommu_domain_update() Daniel Xu <dxu(a)dxuuu.xyz> bpf: tcp: Mark bpf_load_hdr_opt() arg2 as read-write Pu Lehui <pulehui(a)huawei.com> libbpf: Fix incorrect traversal end type ID when marking BTF_IS_EMBEDDED Pu Lehui <pulehui(a)huawei.com> libbpf: Fix return zero when elf_begin failed Pu Lehui <pulehui(a)huawei.com> selftests/bpf: Fix btf leak on new btf alloc failure in btf_distill test Puranjay Mohan <puranjay(a)kernel.org> bpf: Send signals asynchronously if !preemptible Simon Trimmer <simont(a)opensource.cirrus.com> ASoC: Intel: sof_sdw: Fix DMI match for Lenovo 83JX, 83MC and 83NM Simon Trimmer <simont(a)opensource.cirrus.com> ASoC: Intel: sof_sdw: Fix DMI match for Lenovo 83LC Ian Rogers <irogers(a)google.com> perf inject: Fix use without initialization of local variables Maciej S. Szmigiero <mail(a)maciej.szmigiero.name> pinctrl: amd: Take suspend type into consideration which pins are non-wake Mingwei Zheng <zmw12306(a)gmail.com> pinctrl: stm32: Add check for clk_enable() Jiachen Zhang <me(a)jcix.top> perf report: Fix misleading help message about --demangle Cezary Rojewski <cezary.rojewski(a)intel.com> ALSA: hda: Fix compilation of snd_hdac_adsp_xxx() helpers Arnaldo Carvalho de Melo <acme(a)kernel.org> perf MANIFEST: Add arch/*/include/uapi/asm/bpf_perf_event.h to the perf tarball Amadeusz Sławiński <amadeuszx.slawinski(a)linux.intel.com> ASoC: Intel: avs: Fix init-config parsing Cezary Rojewski <cezary.rojewski(a)intel.com> ASoC: Intel: avs: Fix theoretical infinite loop Cezary Rojewski <cezary.rojewski(a)intel.com> ASoC: Intel: avs: Fix the minimum firmware version numbers Cezary Rojewski <cezary.rojewski(a)intel.com> ASoC: Intel: avs: Do not readq() u32 registers Arnaldo Carvalho de Melo <acme(a)redhat.com> perf namespaces: Fixup the nsinfo__in_pidns() return type, its bool Arnaldo Carvalho de Melo <acme(a)redhat.com> perf namespaces: Introduce nsinfo__set_in_pidns() Christophe Leroy <christophe.leroy(a)csgroup.eu> perf machine: Don't ignore _etext when not a text symbol Christophe Leroy <christophe.leroy(a)csgroup.eu> perf maps: Fix display of kernel symbols Arnaldo Carvalho de Melo <acme(a)redhat.com> perf top: Don't complain about lack of vmlinux when not resolving some kernel samples Jiayuan Chen <mrpre(a)163.com> selftests/bpf: Avoid generating untracked files when running bpf selftests Thomas Weißschuh <linux(a)weissschuh.net> padata: fix sysfs store callback check Martin KaFai Lau <martin.lau(a)kernel.org> bpf: Reject struct_ops registration that uses module ptr and the module btf_id is missing Takashi Iwai <tiwai(a)suse.de> ALSA: seq: Make dependency on UMP clearer Pei Xiao <xiaopei01(a)kylinos.cn> bpf: Use refcount_t instead of atomic_t for mmap_count Kanchana P Sridhar <kanchana.p.sridhar(a)intel.com> crypto: iaa - Fix IAA disabling that occurs when sync_mode is set to 'async' Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> crypto: ixp4xx - fix OF node reference leaks in init_ixp_crypto() Wenkai Lin <linwenkai6(a)hisilicon.com> crypto: hisilicon/sec2 - fix for aead invalid authsize Wenkai Lin <linwenkai6(a)hisilicon.com> crypto: hisilicon/sec2 - fix for aead icv error Breno Leitao <leitao(a)debian.org> rhashtable: Fix potential deadlock by moving schedule_work outside lock Martin KaFai Lau <martin.lau(a)kernel.org> bpf: bpf_local_storage: Always use bpf_mem_alloc in PREEMPT_RT Ba Jing <bajing(a)cmss.chinamobile.com> ktest.pl: Remove unused declarations in run_bisect_test function Mingwei Zheng <zmw12306(a)gmail.com> pinctrl: nomadik: Add check for clk_enable() Levi Yun <yeoreum.yun(a)arm.com> perf expr: Initialize is_test value in expr__ctx_new() Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> ASoC: renesas: rz-ssi: Use only the proper amount of dividers Zhongqiu Han <quic_zhonhan(a)quicinc.com> perf bpf: Fix two memory leakages when calling perf_env__insert_bpf_prog_info() Zhongqiu Han <quic_zhonhan(a)quicinc.com> perf header: Fix one memory leakage in process_bpf_prog_info() Zhongqiu Han <quic_zhonhan(a)quicinc.com> perf header: Fix one memory leakage in process_bpf_btf() Gaurav Jain <gaurav.jain(a)nxp.com> crypto: caam - use JobR's space to access page 0 regs Herbert Xu <herbert(a)gondor.apana.org.au> crypto: api - Fix boot-up self-test race Chen Ridong <chenridong(a)huawei.com> crypto: tegra - do not transfer req when tegra init fails Jason Gunthorpe <jgg(a)ziepe.ca> iommu/arm-smmuv3: Update comments about ATS and bypass Saket Kumar Bhaskar <skb99(a)linux.ibm.com> selftests/bpf: Fix fill_link_info selftest on powerpc George Lander <lander(a)jagmn.com> ASoC: sun4i-spdif: Add clock multiplier settings Bard Liao <yung-chuan.liao(a)linux.intel.com> ASoC: Intel: sof_sdw: correct mach_params->dmic_num Quentin Monnet <qmo(a)kernel.org> libbpf: Fix segfault due to libelf functions not setting errno Marco Leogrande <leogrande(a)google.com> tools/testing/selftests/bpf/test_tc_tunnel.sh: Fix wait for server bind Takashi Iwai <tiwai(a)suse.de> ASoC: wcd937x: Use *-y for Makefile Takashi Iwai <tiwai(a)suse.de> ASoC: mediatek: mt8365: Use *-y for Makefile Takashi Iwai <tiwai(a)suse.de> ASoC: cs40l50: Use *-y for Makefile Andrii Nakryiko <andrii(a)kernel.org> libbpf: don't adjust USDT semaphore address if .stapsdt.base addr is missing Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> pinctrl: samsung: Fix irq handling if an error occurs in exynos_irq_demux_eint16_31() Pei Xiao <xiaopei01(a)kylinos.cn> platform/x86: x86-android-tablets: make platform data be static Pei Xiao <xiaopei01(a)kylinos.cn> platform/mellanox: mlxbf-pmc: incorrect type in assignment Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> net/rose: prevent integer overflows in rose_setsockopt() Mahdi Arghavani <ma.arghavani(a)yahoo.com> tcp_cubic: fix incorrect HyStart round start detection Roger Quadros <rogerq(a)kernel.org> net: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns() Xin Long <lucien.xin(a)gmail.com> net: sched: refine software bypass handling in tc_run Florian Westphal <fw(a)strlen.de> netfilter: nft_flow_offload: update tcp state flags under lock Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: fix set size with rbtree backend Jamal Hadi Salim <jhs(a)mojatatu.com> net: sched: Disallow replacing of child qdisc from one parent to another Antoine Tenart <atenart(a)kernel.org> net: avoid race between device unregistration and ethnl ops Shinas Rasheed <srasheed(a)marvell.com> octeon_ep_vf: remove firmware stats fetch in ndo_get_stats64 Shinas Rasheed <srasheed(a)marvell.com> octeon_ep: remove firmware stats fetch in ndo_get_stats64 Maher Sanalla <msanalla(a)nvidia.com> net/mlxfw: Drop hard coded max FW flash image size Liu Jian <liujian56(a)huawei.com> net: let net.core.dev_weight always be non-zero Mickaël Salaün <mic(a)digikod.net> selftests/landlock: Fix error message Mickaël Salaün <mic(a)digikod.net> selftests/landlock: Fix build with non-default pthread linking Mingwei Zheng <zmw12306(a)gmail.com> pwm: stm32: Add check for clk_enable() Kuniyuki Iwashima <kuniyu(a)amazon.com> dev: Acquire netdev_rename_lock before restoring dev->name in dev_change_name(). Bo Gan <ganboing(a)gmail.com> clk: analogbits: Fix incorrect calculation of vco rate delta Eric Dumazet <edumazet(a)google.com> inet: ipmr: fix data-races Max Chou <max.chou(a)realtek.com> Bluetooth: btrtl: check for NULL in btrtl_setup_realtek() Charles Han <hanchunchao(a)inspur.com> Bluetooth: btbcm: Fix NULL deref in btbcm_get_board_name() Dmitry Antipov <dmantipov(a)yandex.ru> wifi: cfg80211: adjust allocation of colocated AP data Dmitry V. Levin <ldv(a)strace.io> selftests: harness: fix printing of mismatch values in __EXPECT() Geert Uytterhoeven <geert+renesas(a)glider.be> selftests: timers: clocksource-switch: Adapt progress to kselftest framework Gautham R. Shenoy <gautham.shenoy(a)amd.com> cpufreq: ACPI: Fix max-frequency computation Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> i2c: designware: Actually make use of the I2C_DW_COMMON and I2C_DW symbol namespaces Peter Chiu <chui-hao.chiu(a)mediatek.com> wifi: mt76: mt7996: fix ldpc setting Benjamin Lin <benjamin-jw.lin(a)mediatek.com> wifi: mt76: mt7996: fix definition of tx descriptor Benjamin Lin <benjamin-jw.lin(a)mediatek.com> wifi: mt76: mt7996: fix incorrect indexing of MIB FW event Howard Hsu <howard-yh.hsu(a)mediatek.com> wifi: mt76: mt7996: fix HE Phy capability Howard Hsu <howard-yh.hsu(a)mediatek.com> wifi: mt76: mt7996: fix the capability of reception of EHT MU PPDU Peter Chiu <chui-hao.chiu(a)mediatek.com> wifi: mt76: mt7996: add max mpdu len capability Peter Chiu <chui-hao.chiu(a)mediatek.com> wifi: mt76: mt7996: fix register mapping Peter Chiu <chui-hao.chiu(a)mediatek.com> wifi: mt76: mt7915: fix register mapping Felix Fietkau <nbd(a)nbd.name> wifi: mt76: mt7915: fix omac index assignment after hardware reset Felix Fietkau <nbd(a)nbd.name> wifi: mt76: mt7915: firmware restart on devices with a second pcie link Felix Fietkau <nbd(a)nbd.name> wifi: mt76: only enable tx worker after setting the channel Felix Fietkau <nbd(a)nbd.name> wifi: mt76: mt7996: fix rx filter setting for bfee functionality Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> wifi: mt76: mt7925: Properly handle responses for commands with events Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> wifi: mt76: mt7925: Cleanup MLO settings post-disconnection Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> wifi: mt76: mt7925: Update mt7925_mcu_uni_[tx,rx]_ba for MLO Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> wifi: mt76: mt7925: Init secondary link PM state Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> wifi: mt76: mt7925: Update secondary link PS flow Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> wifi: mt76: mt7925: Update mt7925_unassign_vif_chanctx for per-link BSS Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> wifi: mt76: mt7925: Update mt792x_rx_get_wcid for per-link STA Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> wifi: mt76: mt7925: Update mt7925_mcu_sta_update for BC in ASSOC state Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> wifi: mt76: Enhance mt7925_mac_link_sta_add to support MLO Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> wifi: mt76: mt7925: Enhance mt7925_mac_link_bss_add to support MLO Leon Yen <leon.yen(a)mediatek.com> wifi: mt76: mt7925: Fix CNM Timeout with Single Active Link in MLO Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> wifi: mt76: mt7925: fix wrong parameter for related cmd of chan info allan.wang <allan.wang(a)mediatek.com> wifi: mt76: mt7925: Fix incorrect WCID phy_idx assignment Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> wifi: mt76: mt7925: Fix incorrect WCID assignment for MLO Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> wifi: mt76: mt7925: Fix incorrect MLD address in bss_mld_tlv for MLO support Sean Wang <sean.wang(a)mediatek.com> wifi: mt76: connac: Extend mt76_connac_mcu_uni_add_dev for MLO xueqin Luo <luoxueqin(a)kylinos.cn> wifi: mt76: mt7915: fix overflows seen when writing limit attributes xueqin Luo <luoxueqin(a)kylinos.cn> wifi: mt76: mt7996: fix overflows seen when writing limit attributes Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> wifi: mt76: mt7925: fix the invalid ip address for arp offload Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> wifi: mt76: mt7925: fix get wrong chip cap from incorrect pointer Eric-SY Chang <eric-sy.chang(a)mediatek.com> wifi: mt76: mt7925: fix wrong band_idx setting when enable sniffer mode Charles Han <hanchunchao(a)inspur.com> wifi: mt76: mt7925: fix NULL deref check in mt7925_change_vif_links Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> wifi: mt76: mt7915: Fix an error handling path in mt7915_add_interface() Michael Lo <michael.lo(a)mediatek.com> wifi: mt76: mt7921: fix using incorrect group cipher after disconnection. WangYuli <wangyuli(a)uniontech.com> wifi: mt76: mt76u_vendor_request: Do not print error messages when -EPROTO Mickaël Salaün <mic(a)digikod.net> landlock: Handle weird files Guangguan Wang <guangguan.wang(a)linux.alibaba.com> net/smc: fix data error when recvmsg with MSG_PEEK flag Drew Fustini <dfustini(a)tenstorrent.com> clk: thead: Fix cpu2vp_clk for TH1520 AP_SUBSYS clocks Drew Fustini <dfustini(a)tenstorrent.com> clk: thead: Add CLK_IGNORE_UNUSED to fix TH1520 boot Drew Fustini <dfustini(a)tenstorrent.com> clk: thead: Fix clk gate registration to pass flags Sergio Paracuellos <sergio.paracuellos(a)gmail.com> clk: ralink: mtmips: remove duplicated 'xtal' clock for Ralink SoC RT3883 Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: don't flush non-uploaded STAs Ilan Peer <ilan.peer(a)intel.com> wifi: mac80211: Fix common size calculation for ML element Andy Strohman <andrew(a)andrewstrohman.com> wifi: mac80211: fix tid removal during mesh forwarding Kees Cook <kees(a)kernel.org> wifi: cfg80211: Move cfg80211_scan_req_add_chan() n_channels increment earlier Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: prohibit deactivating all links Daniel Gabay <daniel.gabay(a)intel.com> wifi: iwlwifi: mvm: don't count mgmt frames as MPDU Miri Korenblit <miriam.rachel.korenblit(a)intel.com> wifi: iwlwifi: mvm: avoid NULL pointer dereference Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: fw: read STEP table from correct UEFI var Nicolas Cavallari <nicolas.cavallari(a)green-communications.fr> wifi: mt76: mt7915: Fix mesh scan on MT7916 DBDC Dan Carpenter <dan.carpenter(a)linaro.org> wifi: mt76: mt7925: fix off by one in mt7925_load_clc() Joel Stanley <joel(a)jms.id.au> hwmon: Fix help text for aspeed-g6-pwm-tach Ping-Ke Shih <pkshih(a)realtek.com> wifi: rtw89: fix race between cancel_hw_scan and hw_scan completion Zong-Zhe Yang <kevin_yang(a)realtek.com> wifi: rtw89: mcc: consider time limits not divisible by 1024 Chih-Kang Chang <gary.chang(a)realtek.com> wifi: rtw89: avoid to init mgnt_entry list twice when WoWLAN failed Zong-Zhe Yang <kevin_yang(a)realtek.com> wifi: rtw89: chan: fix soft lockup in rtw89_entity_recalc_mgnt_roles() Zong-Zhe Yang <kevin_yang(a)realtek.com> wifi: rtw89: fix proceeding MCC with wrong scanning state after sequence changes Zong-Zhe Yang <kevin_yang(a)realtek.com> wifi: rtw89: tweak setting of channel and TX power for MLO Zong-Zhe Yang <kevin_yang(a)realtek.com> wifi: rtw89: chan: manage active interfaces Zong-Zhe Yang <kevin_yang(a)realtek.com> wifi: rtw89: handle entity active flag per PHY Andreas Kemnade <andreas(a)kemnade.info> wifi: wlcore: fix unbalanced pm_runtime calls Shayne Chen <shayne.chen(a)mediatek.com> wifi: mt76: mt7996: fix invalid interface combinations Zichen Xie <zichenxie0106(a)gmail.com> samples/landlock: Fix possible NULL dereference in parse_path() Rob Herring (Arm) <robh(a)kernel.org> mfd: syscon: Fix race in device_node_get_regmap() Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> leds: cht-wcove: Use devm_led_classdev_register() to avoid memory leak Terry Tritton <terry.tritton(a)linaro.org> HID: fix generic desktop D-Pad controls Karol Przybylski <karprzy7(a)gmail.com> HID: hid-thrustmaster: Fix warning in thrustmaster_probe by adding endpoint check Amit Pundir <amit.pundir(a)linaro.org> clk: qcom: gcc-sdm845: Do not use shared clk_ops for QUPs Sathishkumar Muruganandam <quic_murugana(a)quicinc.com> wifi: ath12k: fix tx power, max reg power update to firmware Quan Nguyen <quan(a)os.amperecomputing.com> ipmi: ssif_bmc: Fix new request loss when bmc ready for a response Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> OPP: OF: Fix an OF node leak in _opp_add_static_v2() Yevgeny Kliteynik <kliteyn(a)nvidia.com> net/mlx5: HWS, fix definer's HWS_SET32 macro for negative offset Eric Dumazet <edumazet(a)google.com> ax25: rcu protect dev->ax25_ptr Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> regulator: of: Implement the unwind path of of_regulator_match() Vasily Khoruzhick <anarsoul(a)gmail.com> clk: sunxi-ng: a64: stop force-selecting PLL-MIPI as TCON0 parent Vasily Khoruzhick <anarsoul(a)gmail.com> clk: sunxi-ng: a64: drop redundant CLK_PLL_VIDEO0_2X and CLK_PLL_MIPI Vasily Khoruzhick <anarsoul(a)gmail.com> dt-bindings: clock: sunxi: Export PLL_VIDEO_2X and PLL_MIPI Octavian Purdila <tavip(a)google.com> team: prevent adding a device which is already a team device lower Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> clk: qcom: camcc-x1e80100: Set titan_top_gdsc as the parent GDSC of subordinate GDSCs Peng Fan <peng.fan(a)nxp.com> clk: imx: Apply some clks only for i.MX93 Shengjiu Wang <shengjiu.wang(a)nxp.com> arm64: dts: imx93: Use IMX93_CLK_SPDIF_IPG as SPDIF IPG clock Shengjiu Wang <shengjiu.wang(a)nxp.com> clk: imx93: Add IMX93_CLK_SPDIF_IPG clock Pengfei Li <pengfei.li_1(a)nxp.com> clk: imx: add i.MX91 clk Pengfei Li <pengfei.li_1(a)nxp.com> clk: imx93: Move IMX93_CLK_END macro to clk driver Shengjiu Wang <shengjiu.wang(a)nxp.com> dt-bindings: clock: imx93: Add SPDIF IPG clk Pengfei Li <pengfei.li_1(a)nxp.com> dt-bindings: clock: Add i.MX91 clock support Pengfei Li <pengfei.li_1(a)nxp.com> dt-bindings: clock: imx93: Drop IMX93_CLK_END macro definition Marek Vasut <marex(a)denx.de> clk: imx8mp: Fix clkout1/2 support Stefano Brivio <sbrivio(a)redhat.com> udp: Deal with race between UDP socket address change and rehash Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> cpufreq: qcom: Implement clk_ops::determine_rate() for qcom_cpufreq* clocks Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> cpufreq: qcom: Fix qcom_cpufreq_hw_recalc_rate() to query LUT if LMh IRQ is not available Luca Ceresoli <luca.ceresoli(a)bootlin.com> gpio: pca953x: log an error when failing to get the reset GPIO Lorenzo Bianconi <lorenzo(a)kernel.org> net: airoha: Fix error path in airoha_probe() Eric Dumazet <edumazet(a)google.com> ptr_ring: do not block hard interrupts in ptr_ring_resize_multiple() Mickaël Salaün <mic(a)digikod.net> selftests: ktap_helpers: Fix uninitialized variable Sultan Alsawaf (unemployed) <sultan(a)kerneltoast.com> cpufreq: schedutil: Fix superfluous updates caused by need_freq_update Mingwei Zheng <zmw12306(a)gmail.com> pwm: stm32-lp: Add check for clk_enable() Eric Dumazet <edumazet(a)google.com> inetpeer: do not get a refcount in inet_getpeer() Eric Dumazet <edumazet(a)google.com> inetpeer: update inetpeer timestamp in inet_getpeer() Eric Dumazet <edumazet(a)google.com> inetpeer: remove create argument of inet_getpeer() Eric Dumazet <edumazet(a)google.com> inetpeer: remove create argument of inet_getpeer_v[46]() Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> leds: netxbig: Fix an OF node reference leak in netxbig_leds_get_of_pdata() Matti Vaittinen <mazziesaccount(a)gmail.com> dt-bindings: mfd: bd71815: Fix rsense and typos He Rongguang <herongguang(a)linux.alibaba.com> cpupower: fix TSC MHz calculation Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> ACPI: fan: cleanup resources in the error path of .probe() Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> hwmon: (nct6775): Actually make use of the HWMON_NCT6775 symbol namespace Masahiro Yamada <masahiroy(a)kernel.org> module: Convert default symbol namespace to string literal Marcel Hamer <marcel.hamer(a)windriver.com> wifi: brcmfmac: add missing header include for brcmf_dbg Chen-Yu Tsai <wenst(a)chromium.org> regulator: dt-bindings: mt6315: Drop regulator-compatible property Jiri Kosina <jikos(a)kernel.org> HID: multitouch: fix support for Goodix PID 0x01e9 Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> wifi: rtlwifi: pci: wait for firmware loading before releasing memory Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> wifi: rtlwifi: fix memory leaks and invalid access at probe error path Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> wifi: rtlwifi: destroy workqueue at rtl_deinit_core Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> wifi: rtlwifi: remove unused check_buddy_priv Geert Uytterhoeven <geert+renesas(a)glider.be> dt-bindings: leds: class-multicolor: Fix path to color definitions Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> clk: fix an OF node reference leak in of_clk_get_parent_name() Neil Armstrong <neil.armstrong(a)linaro.org> dt-bindings: mmc: controller: clarify the address-cells description David Howells <dhowells(a)redhat.com> rxrpc: Fix handling of received connection abort Mingwei Zheng <zmw12306(a)gmail.com> spi: zynq-qspi: Add check for clk_enable() Octavian Purdila <tavip(a)google.com> net_sched: sch_sfq: don't allow 1 packet limit Eric Dumazet <edumazet(a)google.com> net_sched: sch_sfq: handle bigger packets Song Yoong Siang <yoong.siang.song(a)intel.com> selftests/bpf: Actuate tx_metadata_len in xdp_hw_metadata Zichen Xie <zichenxie0106(a)gmail.com> wifi: cfg80211: tests: Fix potential NULL dereference in test_cfg80211_parse_colocated_ap() Javier Carrasco <javier.carrasco.cruz(a)gmail.com> clk: renesas: cpg-mssr: Fix 'soc' node handling in cpg_mssr_reserved_init() Barnabás Czémán <barnabas.czeman(a)mainlining.org> wifi: wcn36xx: fix channel survey memory allocation size Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> wifi: rtlwifi: usb: fix workqueue leak when probe fails Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> wifi: rtlwifi: fix init_sw_vars leak when probe fails Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> wifi: rtlwifi: wait for firmware loading before releasing memory Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> wifi: rtlwifi: rtl8192se: rise completion of firmware loading as last step Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> wifi: rtlwifi: do not complete firmware loading needlessly Colin Ian King <colin.i.king(a)gmail.com> wifi: rtlwifi: rtl8821ae: phy: restore removed code to fix infinite loop Balaji Pothunoori <quic_bpothuno(a)quicinc.com> wifi: ath11k: Fix unexpected return buffer manager error for WCN6750/WCN6855 Charles Han <hanchunchao(a)inspur.com> ipmi: ipmb: Add check devm_kasprintf() returned value Thomas Gleixner <tglx(a)linutronix.de> genirq: Make handle_enforce_irqctx() unconditionally available Jonathan Kim <jonathan.kim(a)amd.com> drm/amdgpu: fix gpu recovery disable with per queue reset Alex Deucher <alexander.deucher(a)amd.com> Revert "drm/amdgpu/gfx9: put queue resets behind a debug option" Jiang Liu <gerry(a)linux.alibaba.com> drm/amdgpu: tear down ttm range manager for doorbell in amdgpu_ttm_fini() Hermes Wu <hermes.wu(a)ite.com.tw> drm/bridge: it6505: Change definition of AUX_FIFO_MAX_SIZE Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/mdp4: correct LCDC regulator name Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm: don't clean up priv->kms prematurely Sui Jingfeng <sui.jingfeng(a)linux.dev> drm/msm: Check return value of of_dma_configure() Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dpu: link DSPP_2/_3 blocks on X1E80100 Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dpu: link DSPP_2/_3 blocks on SM8650 Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dpu: link DSPP_2/_3 blocks on SM8550 Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dpu: link DSPP_2/_3 blocks on SM8350 Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dpu: link DSPP_2/_3 blocks on SM8250 Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dpu: link DSPP_2/_3 blocks on SC8180X Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dpu: link DSPP_2/_3 blocks on SM8150 Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dpu: provide DSPP and correct LM config for SDM670 Neil Armstrong <neil.armstrong(a)linaro.org> OPP: fix dev_pm_opp_find_bw_*() when bandwidth table not initialized Neil Armstrong <neil.armstrong(a)linaro.org> OPP: add index check to assert to avoid buffer overflow in _read_freq() Bokun Zhang <bokun.zhang(a)amd.com> drm/amdgpu/vcn: reset fw_shared under SRIOV Min-Hua Chen <minhuadotchen(a)gmail.com> drm/rockchip: vop2: include rockchip_drm_drv.h Andy Yan <andy.yan(a)rock-chips.com> drm/rockchip: vop2: Add check for 32 bpp format for rk3588 Andy Yan <andy.yan(a)rock-chips.com> drm/rockchip: vop2: Check linear format for Cluster windows on rk3566/8 Andy Yan <andy.yan(a)rock-chips.com> drm/rockchip: vop2: Setup delay cycle for Esmart2/3 Andy Yan <andy.yan(a)rock-chips.com> drm/rockchip: vop2: Set AXI id for rk3588 Derek Foreman <derek.foreman(a)collabora.com> drm/connector: Allow clearing HDMI infoframes John Ogness <john.ogness(a)linutronix.de> printk: Defer legacy printing when holding printk_cpu_sync Andy Yan <andy.yan(a)rock-chips.com> drm/rockchip: vop2: Fix the windows switch between different layers Boris Brezillon <boris.brezillon(a)collabora.com> drm/panthor: Preserve the result returned by panthor_fw_resume() Andy Yan <andy.yan(a)rock-chips.com> drm/rockchip: vop2: Fix the mixer alpha setup for layer 0 Andy Yan <andy.yan(a)rock-chips.com> drm/rockchip: vop2: Fix cluster windows alpha ctrl regsiters offset Ivan Stepchenko <sid(a)itb.spb.ru> drm/amdgpu: Fix potential NULL pointer dereference in atomctrl_get_smc_sclk_range_table Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> drm/amd/pm: Fix an error handling path in vega10_enable_se_edc_force_stall_config() Alan Stern <stern(a)rowland.harvard.edu> HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections Sui Jingfeng <sui.jingfeng(a)linux.dev> drm/etnaviv: Fix page property being used for non writecombine buffers Rex Nie <rex.nie(a)jaguarmicro.com> drm/msm/hdmi: simplify code in pll_get_integloop_gain Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dp: set safe_to_exit_level before printing it Heiko Stuebner <heiko.stuebner(a)cherry.de> drm/rockchip: vop2: fix rk3588 dp+dsi maxclk verification Maíra Canal <mcanal(a)igalia.com> drm/v3d: Fix performance counter source settings on V3D 7.x Chengming Zhou <chengming.zhou(a)linux.dev> psi: Fix race when task wakes up before psi_sched_switch() adjusts flags Johannes Weiner <hannes(a)cmpxchg.org> sched: psi: pass enqueue/dequeue flags to psi callbacks directly John Stultz <jstultz(a)google.com> sched: Split out __schedule() deactivate task logic into a helper K Prateek Nayak <kprateek.nayak(a)amd.com> x86/topology: Use x86_sched_itmt_flags for PKG domain unconditionally Perry Yuan <perry.yuan(a)amd.com> x86/cpu: Enable SD_ASYM_PACKING for PKG domain on AMD Tianchen Ding <dtcccc(a)linux.alibaba.com> sched: Fix race between yield_to() and try_to_wake_up() Peter Zijlstra <peterz(a)infradead.org> sched/fair: Fix value reported by hot tasks pulled in /proc/schedstat Peter Zijlstra <peterz(a)infradead.org> sched/fair: Untangle NEXT_BUDDY and pick_next_task() Yabin Cui <yabinc(a)google.com> perf/core: Save raw sample data conditionally based on sample type David Howells <dhowells(a)redhat.com> afs: Fix the fallback handling for the YFS.RemoveFile2 RPC call Jens Axboe <axboe(a)kernel.dk> nvme: fix bogus kzalloc() return check in nvme_init_effects_log() Christophe Leroy <christophe.leroy(a)csgroup.eu> select: Fix unbalanced user_access_end() Qu Wenruo <wqu(a)suse.com> btrfs: subpage: fix the bitmap dump of the locked flags Randy Dunlap <rdunlap(a)infradead.org> partitions: ldm: remove the initial kernel-doc notation Qu Wenruo <wqu(a)suse.com> btrfs: improve the warning and error message for btrfs_remove_qgroup() Keisuke Nishimura <keisuke.nishimura(a)inria.fr> nvme: Add error path for xa_store in nvme_init_effects Michael Ellerman <mpe(a)ellerman.id.au> selftests/powerpc: Fix argument order to timer_sub() Gaurav Batra <gbatra(a)linux.ibm.com> powerpc/pseries/iommu: IOMMU incorrectly marks MMIO range in DDW Keisuke Nishimura <keisuke.nishimura(a)inria.fr> nvme: Add error check for xa_store in nvme_get_effects_log Sagi Grimberg <sagi(a)grimberg.me> nvme-tcp: Fix I/O queue cpu spreading for multiple controllers Christoph Hellwig <hch(a)lst.de> block: don't update BLK_FEAT_POLL in __blk_mq_update_nr_hw_queues Christoph Hellwig <hch(a)lst.de> block: check BLK_FEAT_POLL under q_usage_count Eugen Hristev <eugen.hristev(a)linaro.org> pstore/blk: trivial typo fixes Yu Kuai <yukuai3(a)huawei.com> nbd: don't allow reconnect after disconnect Geert Uytterhoeven <geert+renesas(a)glider.be> ps3disk: Do not use dev->bounce_size before it is set Yang Erkun <yangerkun(a)huawei.com> block: retry call probe after request_module in blk_request_module Christoph Hellwig <hch(a)lst.de> block: copy back bounce buffer to user-space correctly in case of split Jinliang Zheng <alexjlzheng(a)gmail.com> fs: fix proc_handler for sysctl_nr_open David Howells <dhowells(a)redhat.com> afs: Fix cleanup of immediately failed async calls David Howells <dhowells(a)redhat.com> afs: Fix directory format encoding struct David Howells <dhowells(a)redhat.com> afs: Fix EEXIST error returned from afs_rmdir() to be ENOTEMPTY Alexander Aring <aahringo(a)redhat.com> dlm: fix srcu_read_lock() return type to int Alexander Aring <aahringo(a)redhat.com> dlm: fix removal of rsb struct that is master and dir record Sourabh Jain <sourabhjain(a)linux.ibm.com> powerpc/book3s64/hugetlb: Fix disabling hugetlb when fadump is active Kees Cook <kees(a)kernel.org> coredump: Do not lock during 'comm' reporting ------------- Diffstat: Documentation/core-api/symbol-namespaces.rst | 4 +- .../devicetree/bindings/clock/imx93-clock.yaml | 1 + .../bindings/leds/leds-class-multicolor.yaml | 2 +- .../devicetree/bindings/mfd/rohm,bd71815-pmic.yaml | 20 +- .../devicetree/bindings/mmc/mmc-controller.yaml | 2 +- .../bindings/regulator/mt6315-regulator.yaml | 6 - Documentation/driver-api/crypto/iaa/iaa-crypto.rst | 9 +- .../it_IT/core-api/symbol-namespaces.rst | 4 +- .../zh_CN/core-api/symbol-namespaces.rst | 4 +- Makefile | 6 +- .../dts/aspeed/aspeed-bmc-facebook-yosemite4.dts | 24 +- .../boot/dts/intel/socfpga/socfpga_arria10.dtsi | 6 +- arch/arm/boot/dts/mediatek/mt7623.dtsi | 2 +- .../boot/dts/microchip/at91-sama5d27_wlsom1_ek.dts | 1 + .../boot/dts/microchip/at91-sama5d29_curiosity.dts | 1 + arch/arm/boot/dts/nxp/imx/imx7-tqma7.dtsi | 1 + arch/arm/boot/dts/st/stm32mp13xx-dhcor-som.dtsi | 4 +- arch/arm/boot/dts/st/stm32mp151.dtsi | 2 +- arch/arm/boot/dts/st/stm32mp15xx-dhcom-drc02.dtsi | 12 - arch/arm/boot/dts/st/stm32mp15xx-dhcom-pdk2.dtsi | 10 - .../arm/boot/dts/st/stm32mp15xx-dhcom-picoitx.dtsi | 10 - arch/arm/boot/dts/st/stm32mp15xx-dhcom-som.dtsi | 7 + arch/arm/mach-at91/pm.c | 31 +- arch/arm/mach-omap1/board-nokia770.c | 2 +- .../boot/dts/allwinner/sun50i-a64-pinebook.dts | 2 + .../boot/dts/allwinner/sun50i-a64-teres-i.dts | 2 + arch/arm64/boot/dts/allwinner/sun50i-a64.dtsi | 2 + arch/arm64/boot/dts/freescale/imx93.dtsi | 2 +- arch/arm64/boot/dts/marvell/cn9131-cf-solidwan.dts | 4 +- arch/arm64/boot/dts/mediatek/mt7988a.dtsi | 3 + arch/arm64/boot/dts/mediatek/mt8173-elm.dtsi | 29 +- arch/arm64/boot/dts/mediatek/mt8173-evb.dts | 25 +- .../dts/mediatek/mt8183-kukui-jacuzzi-damu.dts | 4 + .../dts/mediatek/mt8183-kukui-jacuzzi-kenzo.dts | 15 + .../dts/mediatek/mt8183-kukui-jacuzzi-willow.dtsi | 15 + .../boot/dts/mediatek/mt8183-kukui-jacuzzi.dtsi | 2 - arch/arm64/boot/dts/mediatek/mt8183.dtsi | 3 +- arch/arm64/boot/dts/mediatek/mt8186.dtsi | 8 +- arch/arm64/boot/dts/mediatek/mt8192-asurada.dtsi | 3 - arch/arm64/boot/dts/mediatek/mt8195-cherry.dtsi | 2 - arch/arm64/boot/dts/mediatek/mt8195-demo.dts | 9 - arch/arm64/boot/dts/mediatek/mt8195.dtsi | 5 +- arch/arm64/boot/dts/mediatek/mt8365.dtsi | 3 +- .../boot/dts/mediatek/mt8395-genio-1200-evk.dts | 2 - .../boot/dts/mediatek/mt8395-radxa-nio-12l.dts | 2 - arch/arm64/boot/dts/mediatek/mt8516.dtsi | 11 +- arch/arm64/boot/dts/mediatek/pumpkin-common.dtsi | 2 - arch/arm64/boot/dts/nvidia/tegra234.dtsi | 2 +- arch/arm64/boot/dts/qcom/Makefile | 3 + arch/arm64/boot/dts/qcom/msm8916.dtsi | 2 +- arch/arm64/boot/dts/qcom/msm8939.dtsi | 2 +- arch/arm64/boot/dts/qcom/msm8994.dtsi | 11 +- arch/arm64/boot/dts/qcom/msm8996-xiaomi-gemini.dts | 2 +- arch/arm64/boot/dts/qcom/msm8996.dtsi | 9 +- arch/arm64/boot/dts/qcom/qcm6490-shift-otter.dts | 2 - arch/arm64/boot/dts/qcom/qcs404.dtsi | 2 +- arch/arm64/boot/dts/qcom/qcs8550-aim300.dtsi | 2 +- arch/arm64/boot/dts/qcom/qdu1000-idp.dts | 2 +- arch/arm64/boot/dts/qcom/qrb4210-rb2.dts | 2 +- arch/arm64/boot/dts/qcom/qru1000-idp.dts | 2 +- arch/arm64/boot/dts/qcom/sa8775p-ride.dtsi | 2 +- arch/arm64/boot/dts/qcom/sc7180-firmware-tfa.dtsi | 84 ++--- .../arm64/boot/dts/qcom/sc7180-trogdor-coachz.dtsi | 8 +- .../boot/dts/qcom/sc7180-trogdor-homestar.dtsi | 8 +- .../arm64/boot/dts/qcom/sc7180-trogdor-pompom.dtsi | 4 +- .../dts/qcom/sc7180-trogdor-quackingstick.dtsi | 1 + .../boot/dts/qcom/sc7180-trogdor-wormdingler.dtsi | 8 +- arch/arm64/boot/dts/qcom/sc7180.dtsi | 362 ++++++++++----------- arch/arm64/boot/dts/qcom/sc7280.dtsi | 2 +- arch/arm64/boot/dts/qcom/sc8280xp.dtsi | 46 +-- ...dts => sdm845-db845c-navigation-mezzanine.dtso} | 46 +-- arch/arm64/boot/dts/qcom/sdm845.dtsi | 20 +- arch/arm64/boot/dts/qcom/sdx75.dtsi | 2 +- arch/arm64/boot/dts/qcom/sm4450.dtsi | 2 +- arch/arm64/boot/dts/qcom/sm6125.dtsi | 2 +- arch/arm64/boot/dts/qcom/sm6375.dtsi | 2 +- arch/arm64/boot/dts/qcom/sm7125.dtsi | 16 +- arch/arm64/boot/dts/qcom/sm7225-fairphone-fp4.dts | 2 +- .../boot/dts/qcom/sm8150-microsoft-surface-duo.dts | 4 +- arch/arm64/boot/dts/qcom/sm8250.dtsi | 30 +- arch/arm64/boot/dts/qcom/sm8350.dtsi | 2 +- arch/arm64/boot/dts/qcom/sm8450.dtsi | 2 +- arch/arm64/boot/dts/qcom/sm8550-hdk.dts | 2 +- arch/arm64/boot/dts/qcom/sm8550-mtp.dts | 2 +- arch/arm64/boot/dts/qcom/sm8550-qrd.dts | 2 +- arch/arm64/boot/dts/qcom/sm8550-samsung-q5q.dts | 2 +- .../dts/qcom/sm8550-sony-xperia-yodo-pdx234.dts | 2 +- arch/arm64/boot/dts/qcom/sm8650-hdk.dts | 2 +- arch/arm64/boot/dts/qcom/sm8650-mtp.dts | 2 +- arch/arm64/boot/dts/qcom/sm8650-qrd.dts | 2 +- arch/arm64/boot/dts/qcom/sm8650.dtsi | 6 +- .../boot/dts/qcom/x1e80100-microsoft-romulus.dtsi | 4 +- arch/arm64/boot/dts/qcom/x1e80100.dtsi | 2 +- arch/arm64/boot/dts/renesas/rzg3s-smarc-som.dtsi | 5 - arch/arm64/boot/dts/renesas/rzg3s-smarc.dtsi | 7 +- arch/arm64/boot/dts/rockchip/rk3308-rock-s0.dts | 25 +- .../boot/dts/rockchip/rk3568-wolfvision-pf5.dts | 2 +- arch/arm64/boot/dts/ti/Makefile | 4 - arch/arm64/boot/dts/ti/k3-am62-main.dtsi | 1 - arch/arm64/boot/dts/ti/k3-am62a-main.dtsi | 1 - ...-pcie.dtso => k3-am642-hummingboard-t-pcie.dts} | 14 +- ...-usb3.dtso => k3-am642-hummingboard-t-usb3.dts} | 13 +- arch/arm64/configs/defconfig | 1 - arch/hexagon/include/asm/cmpxchg.h | 2 +- arch/hexagon/kernel/traps.c | 4 +- arch/loongarch/include/asm/hw_breakpoint.h | 4 +- arch/loongarch/include/asm/loongarch.h | 60 ++++ arch/loongarch/kernel/hw_breakpoint.c | 16 +- arch/loongarch/power/platform.c | 2 +- arch/powerpc/include/asm/hugetlb.h | 9 + arch/powerpc/kernel/iommu.c | 2 +- arch/powerpc/platforms/pseries/iommu.c | 12 +- arch/riscv/kernel/vector.c | 2 +- arch/s390/Kconfig | 1 + arch/s390/Makefile | 2 +- arch/s390/include/asm/sclp.h | 1 + arch/s390/kernel/perf_cpum_cf.c | 2 +- arch/s390/kernel/perf_pai_crypto.c | 2 +- arch/s390/kernel/perf_pai_ext.c | 2 +- arch/s390/kernel/setup.c | 5 + arch/s390/purgatory/Makefile | 2 +- arch/x86/events/amd/ibs.c | 2 +- arch/x86/include/asm/kvm_host.h | 2 +- arch/x86/kernel/smpboot.c | 10 +- arch/x86/kvm/lapic.c | 11 +- arch/x86/kvm/vmx/vmx.c | 2 +- arch/x86/kvm/vmx/x86_ops.h | 2 +- block/bio-integrity.c | 15 +- block/blk-core.c | 21 +- block/blk-mq.c | 34 +- block/blk-mq.h | 6 + block/blk-sysfs.c | 9 +- block/genhd.c | 22 +- block/partitions/ldm.h | 2 +- crypto/algapi.c | 4 +- drivers/acpi/acpica/achware.h | 2 - drivers/acpi/fan_core.c | 10 +- drivers/base/class.c | 9 +- drivers/block/nbd.c | 1 + drivers/block/ps3disk.c | 4 +- drivers/bluetooth/btbcm.c | 3 + drivers/bluetooth/btnxpuart.c | 3 +- drivers/bluetooth/btrtl.c | 4 +- drivers/bluetooth/btusb.c | 7 + drivers/cdx/Makefile | 2 +- drivers/char/ipmi/ipmb_dev_int.c | 3 + drivers/char/ipmi/ssif_bmc.c | 5 +- drivers/clk/analogbits/wrpll-cln28hpc.c | 2 +- drivers/clk/clk.c | 4 +- drivers/clk/imx/clk-imx8mp.c | 5 +- drivers/clk/imx/clk-imx93.c | 89 +++-- drivers/clk/qcom/camcc-x1e80100.c | 7 + drivers/clk/qcom/gcc-sdm845.c | 32 +- drivers/clk/qcom/gcc-x1e80100.c | 2 +- drivers/clk/ralink/clk-mtmips.c | 1 - drivers/clk/renesas/renesas-cpg-mssr.c | 2 +- drivers/clk/sunxi-ng/ccu-sun50i-a64.c | 13 +- drivers/clk/sunxi-ng/ccu-sun50i-a64.h | 2 - drivers/clk/thead/clk-th1520-ap.c | 13 +- drivers/cpufreq/acpi-cpufreq.c | 36 +- drivers/cpufreq/qcom-cpufreq-hw.c | 34 +- drivers/crypto/caam/blob_gen.c | 3 +- drivers/crypto/hisilicon/sec2/sec.h | 3 +- drivers/crypto/hisilicon/sec2/sec_crypto.c | 157 +++++---- drivers/crypto/hisilicon/sec2/sec_crypto.h | 11 - drivers/crypto/intel/iaa/Makefile | 2 +- drivers/crypto/intel/iaa/iaa_crypto_main.c | 2 +- drivers/crypto/intel/ixp4xx/ixp4xx_crypto.c | 3 + drivers/crypto/intel/qat/qat_common/Makefile | 2 +- drivers/crypto/tegra/tegra-se-aes.c | 7 +- drivers/crypto/tegra/tegra-se-hash.c | 7 +- drivers/dma/idxd/Makefile | 2 +- drivers/dma/ti/edma.c | 3 +- drivers/firewire/device-attribute-test.c | 2 + drivers/firmware/efi/sysfb_efi.c | 2 +- drivers/firmware/qcom/qcom_scm.c | 42 ++- drivers/gpio/gpio-idio-16.c | 2 +- drivers/gpio/gpio-mxc.c | 3 +- drivers/gpio/gpio-pca953x.c | 3 +- drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gfx_v9.c | 6 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 1 + drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c | 4 - drivers/gpu/drm/amd/amdgpu/gfx_v9_4_3.c | 6 - drivers/gpu/drm/amd/amdgpu/vcn_v4_0_3.c | 2 + drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.h | 2 + .../amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 34 +- .../gpu/drm/amd/display/dc/dpp/dcn10/dcn10_dpp.c | 3 + .../gpu/drm/amd/display/dc/hubp/dcn10/dcn10_hubp.c | 10 +- .../gpu/drm/amd/display/dc/hubp/dcn10/dcn10_hubp.h | 2 + .../gpu/drm/amd/display/dc/hubp/dcn20/dcn20_hubp.c | 1 + .../drm/amd/display/dc/hubp/dcn201/dcn201_hubp.c | 1 + .../gpu/drm/amd/display/dc/hubp/dcn21/dcn21_hubp.c | 3 + .../gpu/drm/amd/display/dc/hubp/dcn30/dcn30_hubp.c | 3 + .../gpu/drm/amd/display/dc/hubp/dcn31/dcn31_hubp.c | 1 + .../gpu/drm/amd/display/dc/hubp/dcn32/dcn32_hubp.c | 1 + .../gpu/drm/amd/display/dc/hubp/dcn35/dcn35_hubp.c | 1 + .../drm/amd/display/dc/hubp/dcn401/dcn401_hubp.c | 3 +- .../drm/amd/display/dc/hwss/dcn10/dcn10_hwseq.c | 2 + .../drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c | 2 + drivers/gpu/drm/amd/display/dc/inc/hw/hubp.h | 2 + .../gpu/drm/amd/pm/powerplay/hwmgr/ppatomctrl.c | 2 + .../drm/amd/pm/powerplay/hwmgr/vega10_powertune.c | 5 +- drivers/gpu/drm/bridge/ite-it6505.c | 2 +- drivers/gpu/drm/display/drm_hdmi_state_helper.c | 8 + drivers/gpu/drm/etnaviv/etnaviv_gem.c | 16 +- drivers/gpu/drm/msm/adreno/a6xx_gmu.c | 8 +- .../drm/msm/disp/dpu1/catalog/dpu_10_0_sm8650.h | 2 + .../gpu/drm/msm/disp/dpu1/catalog/dpu_4_1_sdm670.h | 54 ++- .../gpu/drm/msm/disp/dpu1/catalog/dpu_5_0_sm8150.h | 2 + .../drm/msm/disp/dpu1/catalog/dpu_5_1_sc8180x.h | 2 + .../gpu/drm/msm/disp/dpu1/catalog/dpu_6_0_sm8250.h | 2 + .../gpu/drm/msm/disp/dpu1/catalog/dpu_7_0_sm8350.h | 2 + .../gpu/drm/msm/disp/dpu1/catalog/dpu_9_0_sm8550.h | 2 + .../drm/msm/disp/dpu1/catalog/dpu_9_2_x1e80100.h | 2 + drivers/gpu/drm/msm/disp/mdp4/mdp4_lcdc_encoder.c | 2 +- drivers/gpu/drm/msm/dp/dp_audio.c | 2 +- drivers/gpu/drm/msm/hdmi/hdmi_phy_8998.c | 2 +- drivers/gpu/drm/msm/msm_kms.c | 1 - drivers/gpu/drm/panthor/panthor_device.c | 4 +- drivers/gpu/drm/rockchip/rockchip_drm_vop2.c | 115 +++++-- drivers/gpu/drm/rockchip/rockchip_drm_vop2.h | 10 + drivers/gpu/drm/rockchip/rockchip_vop2_reg.c | 26 +- drivers/gpu/drm/v3d/v3d_debugfs.c | 4 +- drivers/gpu/drm/v3d/v3d_perfmon.c | 15 +- drivers/gpu/drm/v3d/v3d_regs.h | 29 +- drivers/hid/hid-core.c | 2 + drivers/hid/hid-input.c | 37 +-- drivers/hid/hid-multitouch.c | 2 +- drivers/hid/hid-thrustmaster.c | 8 + drivers/hwmon/Kconfig | 4 +- drivers/hwmon/nct6775-core.c | 6 +- drivers/i2c/busses/i2c-designware-common.c | 5 +- drivers/i2c/busses/i2c-designware-master.c | 5 +- drivers/i2c/busses/i2c-designware-slave.c | 5 +- drivers/i3c/master/dw-i3c-master.c | 1 + drivers/infiniband/hw/Makefile | 2 +- drivers/infiniband/hw/bnxt_re/ib_verbs.c | 7 +- drivers/infiniband/hw/cxgb4/device.c | 6 +- drivers/infiniband/hw/cxgb4/qp.c | 8 + drivers/infiniband/hw/hns/Kconfig | 20 +- drivers/infiniband/hw/hns/Makefile | 9 +- drivers/infiniband/hw/mlx4/main.c | 8 +- drivers/infiniband/hw/mlx5/odp.c | 62 ++-- drivers/infiniband/sw/rxe/rxe_param.h | 2 +- drivers/infiniband/sw/rxe/rxe_pool.c | 11 +- drivers/infiniband/sw/rxe/rxe_verbs.c | 5 +- drivers/infiniband/ulp/rtrs/rtrs.c | 3 + drivers/infiniband/ulp/srp/ib_srp.c | 1 - drivers/iommu/amd/amd_iommu.h | 1 - drivers/iommu/amd/iommu.c | 9 - drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 17 +- drivers/iommu/iommufd/iova_bitmap.c | 2 +- drivers/iommu/iommufd/main.c | 2 +- drivers/leds/leds-cht-wcove.c | 6 +- drivers/leds/leds-netxbig.c | 1 + drivers/md/md-bitmap.c | 79 +++-- drivers/md/md-bitmap.h | 7 +- drivers/md/md.c | 34 ++ drivers/md/md.h | 5 + drivers/md/raid1.c | 34 +- drivers/md/raid1.h | 1 - drivers/md/raid10.c | 26 +- drivers/md/raid10.h | 1 - drivers/md/raid5-cache.c | 4 - drivers/md/raid5.c | 111 ++++--- drivers/md/raid5.h | 4 - drivers/media/i2c/imx290.c | 3 +- drivers/media/i2c/imx412.c | 42 +-- drivers/media/i2c/ov9282.c | 2 +- drivers/media/platform/marvell/mcam-core.c | 7 +- drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c | 7 +- .../media/platform/nxp/imx8-isi/imx8-isi-video.c | 3 + .../media/platform/samsung/exynos4-is/mipi-csis.c | 10 +- .../media/platform/samsung/s3c-camif/camif-core.c | 13 +- drivers/media/rc/iguanair.c | 4 +- drivers/media/usb/dvb-usb-v2/af9035.c | 18 +- drivers/media/usb/dvb-usb-v2/lmedm04.c | 12 +- drivers/media/usb/uvc/uvc_queue.c | 3 +- drivers/media/usb/uvc/uvc_status.c | 1 + drivers/memory/tegra/tegra20-emc.c | 8 +- drivers/mfd/syscon.c | 19 +- drivers/misc/cardreader/rtsx_usb.c | 15 + drivers/mtd/hyperbus/hbmc-am654.c | 19 +- drivers/mtd/nand/raw/brcmnand/brcmnand.c | 5 + drivers/net/ethernet/broadcom/bgmac.h | 3 +- drivers/net/ethernet/davicom/dm9000.c | 3 +- drivers/net/ethernet/freescale/fec_main.c | 31 +- drivers/net/ethernet/hisilicon/hns3/hnae3.c | 15 + drivers/net/ethernet/hisilicon/hns3/hnae3.h | 2 + drivers/net/ethernet/hisilicon/hns3/hns3_enet.c | 2 + .../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 2 + .../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 2 + drivers/net/ethernet/intel/iavf/iavf_main.c | 19 +- drivers/net/ethernet/intel/ice/ice_adminq_cmd.h | 18 +- drivers/net/ethernet/intel/ice/ice_ethtool.c | 109 +++---- drivers/net/ethernet/intel/ice/ice_ethtool.h | 38 ++- drivers/net/ethernet/intel/ice/ice_parser.h | 6 +- drivers/net/ethernet/intel/ice/ice_parser_rt.c | 12 +- drivers/net/ethernet/intel/idpf/idpf_controlq.c | 6 + drivers/net/ethernet/intel/idpf/idpf_main.c | 15 +- drivers/net/ethernet/intel/idpf/idpf_virtchnl.c | 14 +- .../net/ethernet/marvell/octeon_ep/octep_main.c | 10 - .../ethernet/marvell/octeon_ep_vf/octep_vf_main.c | 8 - drivers/net/ethernet/mediatek/airoha_eth.c | 37 ++- .../mlx5/core/steering/hws/mlx5hws_definer.c | 2 +- drivers/net/ethernet/mellanox/mlxfw/mlxfw_fsm.c | 2 - drivers/net/ethernet/mellanox/mlxsw/spectrum_mr.c | 8 +- drivers/net/ethernet/renesas/ravb_main.c | 22 +- drivers/net/ethernet/renesas/sh_eth.c | 4 + drivers/net/ethernet/sfc/ef100_ethtool.c | 1 + drivers/net/ethernet/sfc/ethtool.c | 1 + drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 30 ++ drivers/net/ethernet/ti/am65-cpsw-nuss.c | 2 +- drivers/net/netdevsim/netdevsim.h | 1 + drivers/net/netdevsim/udp_tunnels.c | 23 +- drivers/net/phy/marvell-88q2xxx.c | 33 +- drivers/net/tap.c | 6 +- drivers/net/team/team_core.c | 7 + drivers/net/tun.c | 6 +- drivers/net/usb/rtl8150.c | 22 ++ drivers/net/vxlan/vxlan_vnifilter.c | 5 + drivers/net/wireless/ath/ath11k/dp_rx.c | 1 + drivers/net/wireless/ath/ath11k/hal_rx.c | 3 +- drivers/net/wireless/ath/ath12k/mac.c | 6 +- drivers/net/wireless/ath/wcn36xx/main.c | 5 +- .../wireless/broadcom/brcm80211/brcmfmac/fwil.h | 2 + drivers/net/wireless/intel/iwlwifi/fw/uefi.c | 44 ++- drivers/net/wireless/intel/iwlwifi/mvm/coex.c | 9 +- drivers/net/wireless/intel/iwlwifi/mvm/tx.c | 4 +- drivers/net/wireless/mediatek/mt76/mac80211.c | 2 +- drivers/net/wireless/mediatek/mt76/mt7615/mcu.c | 2 +- .../net/wireless/mediatek/mt76/mt76_connac_mcu.c | 2 +- .../net/wireless/mediatek/mt76/mt76_connac_mcu.h | 1 + drivers/net/wireless/mediatek/mt76/mt7915/init.c | 2 +- drivers/net/wireless/mediatek/mt76/mt7915/mac.c | 7 + drivers/net/wireless/mediatek/mt76/mt7915/main.c | 9 +- drivers/net/wireless/mediatek/mt76/mt7915/mmio.c | 2 +- drivers/net/wireless/mediatek/mt76/mt7915/mt7915.h | 1 + drivers/net/wireless/mediatek/mt76/mt7915/pci.c | 1 + drivers/net/wireless/mediatek/mt76/mt7921/mac.c | 1 + drivers/net/wireless/mediatek/mt76/mt7921/main.c | 9 +- drivers/net/wireless/mediatek/mt76/mt7925/mac.c | 6 +- drivers/net/wireless/mediatek/mt76/mt7925/main.c | 109 +++++-- drivers/net/wireless/mediatek/mt76/mt7925/mcu.c | 142 +++++--- drivers/net/wireless/mediatek/mt76/mt7925/mcu.h | 5 +- drivers/net/wireless/mediatek/mt76/mt7925/mt7925.h | 2 + drivers/net/wireless/mediatek/mt76/mt792x.h | 7 +- drivers/net/wireless/mediatek/mt76/mt792x_core.c | 3 +- drivers/net/wireless/mediatek/mt76/mt792x_mac.c | 2 +- drivers/net/wireless/mediatek/mt76/mt7996/init.c | 20 +- drivers/net/wireless/mediatek/mt76/mt7996/mac.c | 5 +- drivers/net/wireless/mediatek/mt76/mt7996/main.c | 3 +- drivers/net/wireless/mediatek/mt76/mt7996/mcu.c | 47 ++- drivers/net/wireless/mediatek/mt76/mt7996/mmio.c | 2 +- drivers/net/wireless/mediatek/mt76/usb.c | 4 +- drivers/net/wireless/realtek/rtlwifi/base.c | 13 +- drivers/net/wireless/realtek/rtlwifi/base.h | 1 - drivers/net/wireless/realtek/rtlwifi/pci.c | 61 +--- .../net/wireless/realtek/rtlwifi/rtl8192se/sw.c | 7 +- .../net/wireless/realtek/rtlwifi/rtl8821ae/phy.c | 4 +- drivers/net/wireless/realtek/rtlwifi/usb.c | 12 +- drivers/net/wireless/realtek/rtlwifi/wifi.h | 12 - drivers/net/wireless/realtek/rtw89/chan.c | 212 +++++++++++- drivers/net/wireless/realtek/rtw89/chan.h | 28 +- drivers/net/wireless/realtek/rtw89/core.c | 124 ++++--- drivers/net/wireless/realtek/rtw89/core.h | 27 +- drivers/net/wireless/realtek/rtw89/fw.c | 40 ++- drivers/net/wireless/realtek/rtw89/mac.c | 3 +- drivers/net/wireless/realtek/rtw89/mac80211.c | 10 +- drivers/net/wireless/ti/wlcore/main.c | 10 +- drivers/nvme/host/core.c | 34 +- drivers/nvme/host/tcp.c | 70 +++- drivers/of/fdt.c | 13 +- drivers/of/of_private.h | 3 +- drivers/of/of_reserved_mem.c | 174 +++++++--- drivers/of/property.c | 2 +- drivers/opp/core.c | 57 +++- drivers/opp/of.c | 4 +- drivers/pci/controller/dwc/pci-imx6.c | 30 +- drivers/pci/controller/dwc/pcie-designware-host.c | 1 + drivers/pci/controller/dwc/pcie-qcom.c | 2 + drivers/pci/controller/pcie-rcar-ep.c | 2 +- drivers/pci/controller/plda/pcie-microchip-host.c | 222 +++++++++---- drivers/pci/controller/plda/pcie-plda-host.c | 17 +- drivers/pci/controller/plda/pcie-plda.h | 6 +- drivers/pci/endpoint/functions/pci-epf-test.c | 6 +- drivers/pci/endpoint/pci-epc-core.c | 2 +- drivers/pinctrl/nomadik/pinctrl-nomadik.c | 35 +- drivers/pinctrl/pinctrl-amd.c | 27 +- drivers/pinctrl/pinctrl-amd.h | 7 +- drivers/pinctrl/samsung/pinctrl-exynos.c | 3 +- drivers/pinctrl/stm32/pinctrl-stm32.c | 76 ++--- drivers/platform/mellanox/mlxbf-pmc.c | 6 +- drivers/platform/x86/x86-android-tablets/lenovo.c | 4 +- drivers/pps/clients/pps-gpio.c | 4 +- drivers/pps/clients/pps-ktimer.c | 4 +- drivers/pps/clients/pps-ldisc.c | 6 +- drivers/pps/clients/pps_parport.c | 4 +- drivers/pps/kapi.c | 10 +- drivers/pps/kc.c | 10 +- drivers/pps/pps.c | 127 ++++---- drivers/ptp/ptp_chardev.c | 4 + drivers/ptp/ptp_ocp.c | 2 +- drivers/pwm/core.c | 2 +- drivers/pwm/pwm-dwc-core.c | 2 +- drivers/pwm/pwm-lpss.c | 2 +- drivers/pwm/pwm-stm32-lp.c | 8 +- drivers/pwm/pwm-stm32.c | 7 +- drivers/regulator/core.c | 2 +- drivers/regulator/of_regulator.c | 14 +- drivers/remoteproc/mtk_scp.c | 12 +- drivers/remoteproc/remoteproc_core.c | 14 +- drivers/rtc/rtc-loongson.c | 13 +- drivers/rtc/rtc-pcf85063.c | 11 +- drivers/rtc/rtc-tps6594.c | 2 +- drivers/s390/char/sclp.c | 12 +- drivers/scsi/mpi3mr/mpi3mr_app.c | 8 +- drivers/scsi/mpt3sas/mpt3sas_base.c | 3 +- drivers/soc/atmel/soc.c | 2 +- drivers/spi/spi-omap2-mcspi.c | 11 +- drivers/spi/spi-zynq-qspi.c | 13 +- drivers/staging/media/imx/imx-media-of.c | 8 +- drivers/staging/media/max96712/max96712.c | 4 +- drivers/tty/mips_ejtag_fdc.c | 4 +- drivers/tty/serial/8250/8250_port.c | 32 +- drivers/tty/serial/sc16is7xx.c | 2 +- drivers/ufs/core/ufs_bsg.c | 1 + drivers/usb/dwc3/core.c | 35 +- drivers/usb/dwc3/dwc3-am62.c | 1 + drivers/usb/gadget/function/f_tcm.c | 14 +- drivers/usb/host/xhci-ring.c | 3 +- drivers/usb/storage/Makefile | 2 +- drivers/usb/typec/tcpm/tcpci.c | 13 +- drivers/usb/typec/tcpm/tcpm.c | 10 +- drivers/video/fbdev/omap2/omapfb/dss/dss-of.c | 1 + drivers/watchdog/rti_wdt.c | 1 + fs/afs/dir.c | 7 +- fs/afs/internal.h | 9 + fs/afs/rxrpc.c | 12 +- fs/afs/xdr_fs.h | 2 +- fs/afs/yfsclient.c | 5 +- fs/btrfs/inode.c | 97 +++++- fs/btrfs/qgroup.c | 21 +- fs/btrfs/subpage.c | 6 +- fs/btrfs/subpage.h | 13 + fs/btrfs/super.c | 2 +- fs/dlm/lock.c | 46 ++- fs/dlm/lowcomms.c | 3 +- fs/erofs/internal.h | 17 +- fs/erofs/zdata.c | 190 ++++++++--- fs/erofs/zutil.c | 155 +-------- fs/f2fs/dir.c | 53 ++- fs/f2fs/f2fs.h | 6 +- fs/f2fs/inline.c | 5 +- fs/file_table.c | 2 +- fs/hostfs/hostfs_kern.c | 27 +- fs/nfs/localio.c | 4 +- fs/nfs/nfs42proc.c | 2 +- fs/nfs/nfs42xdr.c | 2 + fs/nfs_common/common.c | 89 ++++- fs/nilfs2/dir.c | 13 +- fs/nilfs2/namei.c | 29 +- fs/nilfs2/nilfs.h | 4 +- fs/nilfs2/page.c | 31 +- fs/nilfs2/segment.c | 4 +- fs/ocfs2/quota_global.c | 5 + fs/pstore/blk.c | 4 +- fs/select.c | 4 +- fs/smb/client/cifsacl.c | 25 +- fs/smb/client/cifsproto.h | 2 +- fs/smb/client/cifssmb.c | 4 +- fs/smb/client/readdir.c | 2 +- fs/smb/client/reparse.c | 22 +- fs/smb/client/smb2ops.c | 3 +- fs/ubifs/debug.c | 22 +- fs/xfs/xfs_buf.c | 3 +- fs/xfs/xfs_notify_failure.c | 121 ++++--- include/acpi/acpixf.h | 1 + include/dt-bindings/clock/imx93-clock.h | 7 +- include/dt-bindings/clock/sun50i-a64-ccu.h | 2 + include/linux/btf.h | 5 + include/linux/coredump.h | 4 +- include/linux/ethtool.h | 4 + include/linux/export.h | 2 +- include/linux/hid.h | 1 + include/linux/ieee80211.h | 11 +- include/linux/kallsyms.h | 2 +- include/linux/mroute_base.h | 6 +- include/linux/netdevice.h | 2 +- include/linux/nfs_common.h | 3 +- include/linux/perf_event.h | 6 + include/linux/pps_kernel.h | 3 +- include/linux/ptr_ring.h | 21 +- include/linux/sched.h | 1 + include/linux/skb_array.h | 17 +- include/linux/usb/tcpm.h | 3 +- include/net/ax25.h | 10 +- include/net/inetpeer.h | 12 +- include/net/netfilter/nf_tables.h | 6 + include/net/netns/xfrm.h | 1 + include/net/pkt_cls.h | 13 +- include/net/sch_generic.h | 5 +- include/net/xfrm.h | 30 +- include/sound/hdaudio_ext.h | 45 --- include/trace/events/afs.h | 2 + include/trace/events/rxrpc.h | 25 ++ include/uapi/linux/xfrm.h | 2 + io_uring/uring_cmd.c | 2 +- kernel/bpf/arena.c | 8 +- kernel/bpf/bpf_local_storage.c | 8 +- kernel/bpf/bpf_struct_ops.c | 21 ++ kernel/bpf/btf.c | 5 - kernel/bpf/helpers.c | 18 +- kernel/dma/coherent.c | 14 +- kernel/events/core.c | 35 +- kernel/irq/internals.h | 9 +- kernel/module/main.c | 7 +- kernel/padata.c | 45 ++- kernel/power/hibernate.c | 7 +- kernel/printk/internal.h | 6 + kernel/printk/printk.c | 5 + kernel/printk/printk_safe.c | 7 +- kernel/sched/core.c | 83 +++-- kernel/sched/cpufreq_schedutil.c | 4 +- kernel/sched/fair.c | 21 +- kernel/sched/features.h | 9 + kernel/sched/sched.h | 56 ++-- kernel/sched/stats.h | 33 +- kernel/sched/syscalls.c | 2 +- kernel/trace/bpf_trace.c | 13 +- lib/rhashtable.c | 12 +- mm/memcontrol.c | 7 +- mm/oom_kill.c | 8 +- net/ax25/af_ax25.c | 12 +- net/ax25/ax25_dev.c | 4 +- net/ax25/ax25_ip.c | 3 +- net/ax25/ax25_out.c | 22 +- net/ax25/ax25_route.c | 2 + net/core/dev.c | 21 +- net/core/filter.c | 2 +- net/core/sysctl_net_core.c | 5 +- net/ethtool/ioctl.c | 8 +- net/ethtool/netlink.c | 2 +- net/hsr/hsr_forward.c | 7 +- net/ipv4/esp4_offload.c | 6 +- net/ipv4/icmp.c | 9 +- net/ipv4/inetpeer.c | 31 +- net/ipv4/ip_fragment.c | 15 +- net/ipv4/ipmr.c | 28 +- net/ipv4/ipmr_base.c | 9 +- net/ipv4/route.c | 17 +- net/ipv4/tcp_cubic.c | 8 +- net/ipv4/tcp_output.c | 9 +- net/ipv4/udp.c | 56 ++++ net/ipv6/esp6_offload.c | 6 +- net/ipv6/icmp.c | 6 +- net/ipv6/ip6_output.c | 6 +- net/ipv6/ip6mr.c | 28 +- net/ipv6/ndisc.c | 8 +- net/ipv6/udp.c | 50 +++ net/key/af_key.c | 7 +- net/mac80211/debugfs_netdev.c | 2 +- net/mac80211/driver-ops.h | 3 + net/mac80211/rx.c | 1 + net/mptcp/ctrl.c | 4 +- net/mptcp/options.c | 13 +- net/mptcp/pm_netlink.c | 3 +- net/mptcp/protocol.c | 4 +- net/mptcp/protocol.h | 30 +- net/ncsi/ncsi-rsp.c | 18 +- net/netfilter/nf_tables_api.c | 57 +++- net/netfilter/nft_flow_offload.c | 16 +- net/netfilter/nft_set_rbtree.c | 43 +++ net/rose/af_rose.c | 16 +- net/rose/rose_timer.c | 15 + net/rxrpc/conn_event.c | 12 +- net/rxrpc/peer_event.c | 16 +- net/rxrpc/peer_object.c | 12 +- net/sched/cls_api.c | 57 ++-- net/sched/cls_bpf.c | 2 + net/sched/cls_flower.c | 2 + net/sched/cls_matchall.c | 2 + net/sched/cls_u32.c | 4 + net/sched/sch_api.c | 4 + net/sched/sch_generic.c | 4 +- net/sched/sch_sfq.c | 45 +-- net/smc/af_smc.c | 2 +- net/smc/smc_rx.c | 37 ++- net/smc/smc_rx.h | 8 +- net/sunrpc/svcsock.c | 12 +- net/vmw_vsock/af_vsock.c | 5 + net/wireless/scan.c | 7 +- net/wireless/tests/scan.c | 2 + net/xfrm/xfrm_compat.c | 6 +- net/xfrm/xfrm_input.c | 2 +- net/xfrm/xfrm_policy.c | 12 + net/xfrm/xfrm_replay.c | 10 +- net/xfrm/xfrm_state.c | 256 +++++++++++++-- net/xfrm/xfrm_user.c | 59 +++- samples/landlock/sandboxer.c | 7 + scripts/Makefile.lib | 4 +- scripts/genksyms/genksyms.c | 11 +- scripts/genksyms/genksyms.h | 2 +- scripts/genksyms/parse.y | 18 +- scripts/kconfig/confdata.c | 6 +- scripts/kconfig/symbol.c | 1 + security/landlock/fs.c | 11 +- sound/core/seq/Kconfig | 4 +- sound/pci/hda/patch_realtek.c | 1 + sound/soc/amd/acp/acp-i2s.c | 1 + sound/soc/codecs/Makefile | 6 +- sound/soc/codecs/da7213.c | 2 + sound/soc/intel/avs/apl.c | 3 +- sound/soc/intel/avs/cnl.c | 1 + sound/soc/intel/avs/core.c | 14 +- sound/soc/intel/avs/loader.c | 2 +- sound/soc/intel/avs/registers.h | 45 +++ sound/soc/intel/avs/skl.c | 1 + sound/soc/intel/avs/topology.c | 4 +- sound/soc/intel/boards/sof_sdw.c | 47 ++- sound/soc/mediatek/mt8365/Makefile | 2 +- sound/soc/rockchip/rockchip_i2s_tdm.c | 31 +- sound/soc/sh/rz-ssi.c | 3 +- sound/soc/sunxi/sun4i-spdif.c | 7 + sound/usb/quirks.c | 2 + tools/bootconfig/main.c | 4 +- tools/include/uapi/linux/if_xdp.h | 4 +- tools/lib/bpf/btf.c | 1 + tools/lib/bpf/btf_relocate.c | 2 +- tools/lib/bpf/linker.c | 22 +- tools/lib/bpf/usdt.c | 2 +- tools/net/ynl/lib/ynl.c | 2 +- tools/perf/MANIFEST | 1 + tools/perf/builtin-inject.c | 8 +- tools/perf/builtin-lock.c | 66 ++-- tools/perf/builtin-report.c | 2 +- tools/perf/builtin-top.c | 2 +- tools/perf/builtin-trace.c | 6 +- tools/perf/tests/shell/trace_btf_enum.sh | 8 +- tools/perf/util/bpf-event.c | 10 +- .../util/bpf_skel/augmented_raw_syscalls.bpf.c | 11 +- tools/perf/util/env.c | 13 +- tools/perf/util/env.h | 4 +- tools/perf/util/expr.c | 5 +- tools/perf/util/header.c | 8 +- tools/perf/util/machine.c | 2 +- tools/perf/util/maps.c | 7 +- tools/perf/util/namespaces.c | 7 +- tools/perf/util/namespaces.h | 3 +- .../cpupower/utils/idle_monitor/mperf_monitor.c | 15 +- tools/power/x86/turbostat/turbostat.8 | 25 ++ tools/power/x86/turbostat/turbostat.c | 163 +++++++++- tools/testing/ktest/ktest.pl | 7 +- tools/testing/selftests/bpf/Makefile | 4 +- .../testing/selftests/bpf/prog_tests/btf_distill.c | 4 +- .../selftests/bpf/prog_tests/fill_link_info.c | 4 + tools/testing/selftests/bpf/prog_tests/tailcalls.c | 124 ++++++- tools/testing/selftests/bpf/progs/tc_bpf2bpf.c | 5 +- .../selftests/bpf/progs/test_fill_link_info.c | 13 +- tools/testing/selftests/bpf/test_tc_tunnel.sh | 1 + tools/testing/selftests/bpf/xdp_hw_metadata.c | 2 +- .../drivers/net/netdevsim/udp_tunnel_nic.sh | 16 +- .../ftrace/test.d/00basic/mount_options.tc | 8 +- tools/testing/selftests/kselftest/ktap_helpers.sh | 2 +- tools/testing/selftests/kselftest_harness.h | 24 +- tools/testing/selftests/landlock/Makefile | 4 +- tools/testing/selftests/landlock/fs_test.c | 3 +- tools/testing/selftests/net/lib/Makefile | 2 +- tools/testing/selftests/net/mptcp/Makefile | 2 +- tools/testing/selftests/net/openvswitch/Makefile | 2 +- .../selftests/powerpc/benchmarks/gettimeofday.c | 2 +- tools/testing/selftests/rseq/rseq.c | 32 +- tools/testing/selftests/rseq/rseq.h | 9 +- .../testing/selftests/timers/clocksource-switch.c | 6 +- 674 files changed, 6346 insertions(+), 3444 deletions(-)

4 months, 1 week

8
7
0 0

[PATCH 6.1.y] net: dsa: fix netdev_priv() dereference before check on non-DSA netdevice events

by jetlan9＠163.com

From: Vladimir Oltean <vladimir.oltean(a)nxp.com> After the blamed commit, we started doing this dereference for every NETDEV_CHANGEUPPER and NETDEV_PRECHANGEUPPER event in the system. static inline struct dsa_port *dsa_user_to_port(const struct net_device *dev) { struct dsa_user_priv *p = netdev_priv(dev); return p->dp; } Which is obviously bogus, because not all net_devices have a netdev_priv() of type struct dsa_user_priv. But struct dsa_user_priv is fairly small, and p->dp means dereferencing 8 bytes starting with offset 16. Most drivers allocate that much private memory anyway, making our access not fault, and we discard the bogus data quickly afterwards, so this wasn't caught. But the dummy interface is somewhat special in that it calls alloc_netdev() with a priv size of 0. So every netdev_priv() dereference is invalid, and we get this when we emit a NETDEV_PRECHANGEUPPER event with a VLAN as its new upper: $ ip link add dummy1 type dummy $ ip link add link dummy1 name dummy1.100 type vlan id 100 [ 43.309174] ================================================================== [ 43.316456] BUG: KASAN: slab-out-of-bounds in dsa_user_prechangeupper+0x30/0xe8 [ 43.323835] Read of size 8 at addr ffff3f86481d2990 by task ip/374 [ 43.330058] [ 43.342436] Call trace: [ 43.366542] dsa_user_prechangeupper+0x30/0xe8 [ 43.371024] dsa_user_netdevice_event+0xb38/0xee8 [ 43.375768] notifier_call_chain+0xa4/0x210 [ 43.379985] raw_notifier_call_chain+0x24/0x38 [ 43.384464] __netdev_upper_dev_link+0x3ec/0x5d8 [ 43.389120] netdev_upper_dev_link+0x70/0xa8 [ 43.393424] register_vlan_dev+0x1bc/0x310 [ 43.397554] vlan_newlink+0x210/0x248 [ 43.401247] rtnl_newlink+0x9fc/0xe30 [ 43.404942] rtnetlink_rcv_msg+0x378/0x580 Avoid the kernel oops by dereferencing after the type check, as customary. Fixes: 4c3f80d22b2e ("net: dsa: walk through all changeupper notifier functions") Reported-and-tested-by: syzbot+d81bcd883824180500c8(a)syzkaller.appspotmail.com Closes: https://lore.kernel.org/netdev/0000000000001d4255060e87545c@google.com/ Signed-off-by: Vladimir Oltean <vladimir.oltean(a)nxp.com> Reviewed-by: Florian Fainelli <florian.fainelli(a)broadcom.com> Reviewed-by: Eric Dumazet <edumazet(a)google.com> Link: https://lore.kernel.org/r/20240110003354.2796778-1-vladimir.oltean@nxp.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> Signed-off-by: Wenshan Lan <jetlan9(a)163.com> --- net/dsa/slave.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/net/dsa/slave.c b/net/dsa/slave.c index 5fe075bf479e..caeb7e75b287 100644 --- a/net/dsa/slave.c +++ b/net/dsa/slave.c @@ -2592,13 +2592,14 @@ EXPORT_SYMBOL_GPL(dsa_slave_dev_check); static int dsa_slave_changeupper(struct net_device *dev, struct netdev_notifier_changeupper_info *info) { - struct dsa_port *dp = dsa_slave_to_port(dev); struct netlink_ext_ack *extack; int err = NOTIFY_DONE; + struct dsa_port *dp; if (!dsa_slave_dev_check(dev)) return err; + dp = dsa_slave_to_port(dev); extack = netdev_notifier_info_to_extack(&info->info); if (netif_is_bridge_master(info->upper_dev)) { @@ -2652,11 +2653,13 @@ static int dsa_slave_changeupper(struct net_device *dev, static int dsa_slave_prechangeupper(struct net_device *dev, struct netdev_notifier_changeupper_info *info) { - struct dsa_port *dp = dsa_slave_to_port(dev); + struct dsa_port *dp; if (!dsa_slave_dev_check(dev)) return NOTIFY_DONE; + dp = dsa_slave_to_port(dev); + if (netif_is_bridge_master(info->upper_dev) && !info->linking) dsa_port_pre_bridge_leave(dp, info->upper_dev); else if (netif_is_lag_master(info->upper_dev) && !info->linking) -- 2.43.0

4 months, 1 week

3
2
0 0

+ mm-damon-avoid-applying-damos-action-to-same-entity-multiple-times.patch added to mm-unstable branch

by Andrew Morton

The patch titled Subject: mm/damon: avoid applying DAMOS action to same entity multiple times has been added to the -mm mm-unstable branch. Its filename is mm-damon-avoid-applying-damos-action-to-same-entity-multiple-times.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: SeongJae Park <sj(a)kernel.org> Subject: mm/damon: avoid applying DAMOS action to same entity multiple times Date: Fri, 7 Feb 2025 13:20:33 -0800 'paddr' DAMON operations set can apply a DAMOS scheme's action to a large folio multiple times in single DAMOS-regions-walk if the folio is laid on multiple DAMON regions. Add a field for DAMOS scheme object that can be used by the underlying ops to know what was the last entity that the scheme's action has applied. The core layer unsets the field when each DAMOS-regions-walk is done for the given scheme. And update 'paddr' ops to use the infrastructure to avoid the problem. Link: https://lkml.kernel.org/r/20250207212033.45269-3-sj@kernel.org Fixes: 57223ac29584 ("mm/damon/paddr: support the pageout scheme") Signed-off-by: SeongJae Park <sj(a)kernel.org> Reported-by: Usama Arif <usamaarif642(a)gmail.com> Closes: https://lore.kernel.org/20250203225604.44742-3-usamaarif642@gmail.com Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/damon.h | 11 +++++++++++ mm/damon/core.c | 1 + mm/damon/paddr.c | 39 +++++++++++++++++++++++++++------------ 3 files changed, 39 insertions(+), 12 deletions(-) --- a/include/linux/damon.h~mm-damon-avoid-applying-damos-action-to-same-entity-multiple-times +++ a/include/linux/damon.h @@ -432,6 +432,7 @@ struct damos_access_pattern { * @wmarks: Watermarks for automated (in)activation of this scheme. * @target_nid: Destination node if @action is "migrate_{hot,cold}". * @filters: Additional set of &struct damos_filter for &action. + * @last_applied: Last @action applied ops-managing entity. * @stat: Statistics of this scheme. * @list: List head for siblings. * @@ -454,6 +455,15 @@ struct damos_access_pattern { * implementation could check pages of the region and skip &action to respect * &filters * + * The minimum entity that @action can be applied depends on the underlying + * &struct damon_operations. Since it may not be aligned with the core layer + * abstract, namely &struct damon_region, &struct damon_operations could apply + * @action to same entity multiple times. Large folios that underlying on + * multiple &struct damon region objects could be such examples. The &struct + * damon_operations can use @last_applied to avoid that. DAMOS core logic + * unsets @last_applied when each regions walking for applying the scheme is + * finished. + * * After applying the &action to each region, &stat_count and &stat_sz is * updated to reflect the number of regions and total size of regions that the * &action is applied. @@ -477,6 +487,7 @@ struct damos { int target_nid; }; struct list_head filters; + void *last_applied; struct damos_stat stat; struct list_head list; }; --- a/mm/damon/core.c~mm-damon-avoid-applying-damos-action-to-same-entity-multiple-times +++ a/mm/damon/core.c @@ -1851,6 +1851,7 @@ static void kdamond_apply_schemes(struct s->next_apply_sis = c->passed_sample_intervals + (s->apply_interval_us ? s->apply_interval_us : c->attrs.aggr_interval) / sample_interval; + s->last_applied = NULL; } } --- a/mm/damon/paddr.c~mm-damon-avoid-applying-damos-action-to-same-entity-multiple-times +++ a/mm/damon/paddr.c @@ -243,6 +243,17 @@ static bool damos_pa_filter_out(struct d return false; } +static bool damon_pa_invalid_damos_folio(struct folio *folio, struct damos *s) +{ + if (!folio) + return true; + if (folio == s->last_applied) { + folio_put(folio); + return true; + } + return false; +} + static unsigned long damon_pa_pageout(struct damon_region *r, struct damos *s, unsigned long *sz_filter_passed) { @@ -250,6 +261,7 @@ static unsigned long damon_pa_pageout(st LIST_HEAD(folio_list); bool install_young_filter = true; struct damos_filter *filter; + struct folio *folio; /* check access in page level again by default */ damos_for_each_filter(filter, s) { @@ -268,9 +280,8 @@ static unsigned long damon_pa_pageout(st addr = r->ar.start; while (addr < r->ar.end) { - struct folio *folio = damon_get_folio(PHYS_PFN(addr)); - - if (!folio) { + folio = damon_get_folio(PHYS_PFN(addr)); + if (damon_pa_invalid_damos_folio(folio, s)) { addr += PAGE_SIZE; continue; } @@ -296,6 +307,7 @@ put_folio: damos_destroy_filter(filter); applied = reclaim_pages(&folio_list); cond_resched(); + s->last_applied = folio; return applied * PAGE_SIZE; } @@ -304,12 +316,12 @@ static inline unsigned long damon_pa_mar unsigned long *sz_filter_passed) { unsigned long addr, applied = 0; + struct folio *folio; addr = r->ar.start; while (addr < r->ar.end) { - struct folio *folio = damon_get_folio(PHYS_PFN(addr)); - - if (!folio) { + folio = damon_get_folio(PHYS_PFN(addr)); + if (damon_pa_invalid_damos_folio(folio, s)) { addr += PAGE_SIZE; continue; } @@ -328,6 +340,7 @@ put_folio: addr += folio_size(folio); folio_put(folio); } + s->last_applied = folio; return applied * PAGE_SIZE; } @@ -471,12 +484,12 @@ static unsigned long damon_pa_migrate(st { unsigned long addr, applied; LIST_HEAD(folio_list); + struct folio *folio; addr = r->ar.start; while (addr < r->ar.end) { - struct folio *folio = damon_get_folio(PHYS_PFN(addr)); - - if (!folio) { + folio = damon_get_folio(PHYS_PFN(addr)); + if (damon_pa_invalid_damos_folio(folio, s)) { addr += PAGE_SIZE; continue; } @@ -495,6 +508,7 @@ put_folio: } applied = damon_pa_migrate_pages(&folio_list, s->target_nid); cond_resched(); + s->last_applied = folio; return applied * PAGE_SIZE; } @@ -512,15 +526,15 @@ static unsigned long damon_pa_stat(struc { unsigned long addr; LIST_HEAD(folio_list); + struct folio *folio; if (!damon_pa_scheme_has_filter(s)) return 0; addr = r->ar.start; while (addr < r->ar.end) { - struct folio *folio = damon_get_folio(PHYS_PFN(addr)); - - if (!folio) { + folio = damon_get_folio(PHYS_PFN(addr)); + if (damon_pa_invalid_damos_folio(folio, s)) { addr += PAGE_SIZE; continue; } @@ -530,6 +544,7 @@ static unsigned long damon_pa_stat(struc addr += folio_size(folio); folio_put(folio); } + s->last_applied = folio; return 0; } _ Patches currently in -mm which might be from sj(a)kernel.org are mm-madvise-split-out-mmap-locking-operations-for-madvise.patch mm-madvise-split-out-madvise-input-validity-check.patch mm-madvise-split-out-madvise-behavior-execution.patch mm-madvise-remove-redundant-mmap_lock-operations-from-process_madvise.patch mm-damon-avoid-applying-damos-action-to-same-entity-multiple-times.patch

4 months, 1 week

1
0
0 0

+ mm-damon-ops-have-damon_get_folio-return-folio-even-for-tail-pages.patch added to mm-unstable branch

by Andrew Morton

The patch titled Subject: mm/damon/ops: have damon_get_folio return folio even for tail pages has been added to the -mm mm-unstable branch. Its filename is mm-damon-ops-have-damon_get_folio-return-folio-even-for-tail-pages.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Usama Arif <usamaarif642(a)gmail.com> Subject: mm/damon/ops: have damon_get_folio return folio even for tail pages Date: Fri, 7 Feb 2025 13:20:32 -0800 Patch series "mm/damon/paddr: fix large folios access and schemes handling". DAMON operations set for physical address space, namely 'paddr', treats tail pages as unaccessed always. It can also apply DAMOS action to a large folio multiple times within single DAMOS' regions walking. As a result, the monitoring output has poor quality and DAMOS works in unexpected ways when large folios are being used. Fix those. The patches were parts of Usama's hugepage_size DAMOS filter patch series[1]. The first fix has collected from there with a slight commit message change for the subject prefix. The second fix is re-written by SJ and posted as an RFC before this series. The second one also got a slight commit message change for the subject prefix. [1] https://lore.kernel.org/20250203225604.44742-1-usamaarif642@gmail.com [2] https://lore.kernel.org/20250206231103.38298-1-sj@kernel.org This patch (of 2): This effectively adds support for large folios in damon for paddr, as damon_pa_mkold/young won't get a null folio from this function and won't ignore it, hence access will be checked and reported. This also means that larger folios will be considered for different DAMOS actions like pageout, prioritization and migration. As these DAMOS actions will consider larger folios, iterate through the region at folio_size and not PAGE_SIZE intervals. This should not have an affect on vaddr, as damon_young_pmd_entry considers pmd entries. Link: https://lkml.kernel.org/r/20250207212033.45269-1-sj@kernel.org Link: https://lkml.kernel.org/r/20250207212033.45269-2-sj@kernel.org Fixes: a28397beb55b ("mm/damon: implement primitives for physical address space monitoring") Signed-off-by: Usama Arif <usamaarif642(a)gmail.com> Signed-off-by: SeongJae Park <sj(a)kernel.org> Reviewed-by: SeongJae Park <sj(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/damon/ops-common.c | 2 +- mm/damon/paddr.c | 24 ++++++++++++++++++------ 2 files changed, 19 insertions(+), 7 deletions(-) --- a/mm/damon/ops-common.c~mm-damon-ops-have-damon_get_folio-return-folio-even-for-tail-pages +++ a/mm/damon/ops-common.c @@ -24,7 +24,7 @@ struct folio *damon_get_folio(unsigned l struct page *page = pfn_to_online_page(pfn); struct folio *folio; - if (!page || PageTail(page)) + if (!page) return NULL; folio = page_folio(page); --- a/mm/damon/paddr.c~mm-damon-ops-have-damon_get_folio-return-folio-even-for-tail-pages +++ a/mm/damon/paddr.c @@ -266,11 +266,14 @@ static unsigned long damon_pa_pageout(st damos_add_filter(s, filter); } - for (addr = r->ar.start; addr < r->ar.end; addr += PAGE_SIZE) { + addr = r->ar.start; + while (addr < r->ar.end) { struct folio *folio = damon_get_folio(PHYS_PFN(addr)); - if (!folio) + if (!folio) { + addr += PAGE_SIZE; continue; + } if (damos_pa_filter_out(s, folio)) goto put_folio; @@ -286,6 +289,7 @@ static unsigned long damon_pa_pageout(st else list_add(&folio->lru, &folio_list); put_folio: + addr += folio_size(folio); folio_put(folio); } if (install_young_filter) @@ -301,11 +305,14 @@ static inline unsigned long damon_pa_mar { unsigned long addr, applied = 0; - for (addr = r->ar.start; addr < r->ar.end; addr += PAGE_SIZE) { + addr = r->ar.start; + while (addr < r->ar.end) { struct folio *folio = damon_get_folio(PHYS_PFN(addr)); - if (!folio) + if (!folio) { + addr += PAGE_SIZE; continue; + } if (damos_pa_filter_out(s, folio)) goto put_folio; @@ -318,6 +325,7 @@ static inline unsigned long damon_pa_mar folio_deactivate(folio); applied += folio_nr_pages(folio); put_folio: + addr += folio_size(folio); folio_put(folio); } return applied * PAGE_SIZE; @@ -464,11 +472,14 @@ static unsigned long damon_pa_migrate(st unsigned long addr, applied; LIST_HEAD(folio_list); - for (addr = r->ar.start; addr < r->ar.end; addr += PAGE_SIZE) { + addr = r->ar.start; + while (addr < r->ar.end) { struct folio *folio = damon_get_folio(PHYS_PFN(addr)); - if (!folio) + if (!folio) { + addr += PAGE_SIZE; continue; + } if (damos_pa_filter_out(s, folio)) goto put_folio; @@ -479,6 +490,7 @@ static unsigned long damon_pa_migrate(st goto put_folio; list_add(&folio->lru, &folio_list); put_folio: + addr += folio_size(folio); folio_put(folio); } applied = damon_pa_migrate_pages(&folio_list, s->target_nid); _ Patches currently in -mm which might be from usamaarif642(a)gmail.com are mm-damon-ops-have-damon_get_folio-return-folio-even-for-tail-pages.patch

4 months, 1 week

1
0
0 0

[PATCH v3 0/2] rust: lockdep: Fix soundness issue affecting LockClassKeys

by Mitchell Levy

This series is aimed at fixing a soundness issue with how dynamically allocated LockClassKeys are handled. Currently, LockClassKeys can be used without being Pin'd, which can break lockdep since it relies on address stability. Similarly, these keys are not automatically (de)registered with lockdep. At the suggestion of Alice Ryhl, this series includes a patch for -stable kernels that disables dynamically allocated keys. This prevents backported patches from using the unsound implementation. Currently, this series requires that all dynamically allocated LockClassKeys have a lifetime of 'static (i.e., they must be leaked after allocation). This is because Lock does not currently keep a reference to the LockClassKey, instead passing it to C via FFI. This causes a problem because the rust compiler would allow creating a 'static Lock with a 'a LockClassKey (with 'a < 'static) while C would expect the LockClassKey to live as long as the lock. This problem represents an avenue for future work. --- Changes in v3: - Rebased on rust-next - Fixed clippy/compiler warninings (Thanks Boqun Feng) - Link to v2: https://lore.kernel.org/r/20241219-rust-lockdep-v2-0-f65308fbc5ca@gmail.com Changes in v2: - Dropped formatting change that's already fixed upstream (Thanks Dirk Behme). - Moved safety comment to the right point in the patch series (Thanks Dirk Behme and Boqun Feng). - Added an example of dynamic LockClassKey usage (Thanks Boqun Feng). - Link to v1: https://lore.kernel.org/r/20241004-rust-lockdep-v1-0-e9a5c45721fc@gmail.com Changes from RFC: - Split into two commits so that dynamically allocated LockClassKeys are removed from stable kernels. (Thanks Alice Ryhl) - Extract calls to C lockdep functions into helpers so things build properly when LOCKDEP=n. (Thanks Benno Lossin) - Remove extraneous `get_ref()` calls. (Thanks Benno Lossin) - Provide better documentation for `new_dynamic()`. (Thanks Benno Lossin) - Ran rustfmt to fix formatting and some extraneous changes. (Thanks Alice Ryhl and Benno Lossin) - Link to RFC: https://lore.kernel.org/r/20240905-rust-lockdep-v1-1-d2c9c21aa8b2@gmail.com --- Mitchell Levy (2): rust: lockdep: Remove support for dynamically allocated LockClassKeys rust: lockdep: Use Pin for all LockClassKey usages rust/helpers/helpers.c | 1 + rust/helpers/sync.c | 13 +++++++++ rust/kernel/sync.rs | 63 ++++++++++++++++++++++++++++++++++------- rust/kernel/sync/condvar.rs | 5 ++-- rust/kernel/sync/lock.rs | 9 ++---- rust/kernel/sync/lock/global.rs | 5 ++-- rust/kernel/sync/poll.rs | 2 +- rust/kernel/workqueue.rs | 2 +- 8 files changed, 77 insertions(+), 23 deletions(-) --- base-commit: ceff0757f5dafb5be5205988171809c877b1d3e3 change-id: 20240905-rust-lockdep-d3e30521c8ba Best regards, -- Mitchell Levy <levymitchell0(a)gmail.com>

4 months, 1 week

3
4
0 0

[PATCH v4 3/5] arm64: errata: Add KRYO 2XX/3XX/4XX silver cores to Spectre BHB safe list

by Douglas Anderson

Qualcomm has confirmed that, much like Cortex A53 and A55, KRYO 2XX/3XX/4XX silver cores are unaffected by Spectre BHB. Add them to the safe list. Fixes: 558c303c9734 ("arm64: Mitigate spectre style branch history side channels") Cc: stable(a)vger.kernel.org Cc: Scott Bauer <sbauer(a)quicinc.com> Signed-off-by: Douglas Anderson <dianders(a)chromium.org> --- Changes in v4: - Re-added KRYO 2XX/3XX/4XX silver patch after Qualcomm confirmed. Changes in v3: - Removed KRYO 2XX/3XX/4XX silver patch. Changes in v2: - New arch/arm64/kernel/proton-pack.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/arch/arm64/kernel/proton-pack.c b/arch/arm64/kernel/proton-pack.c index 17aa836fe46d..89405be53d8f 100644 --- a/arch/arm64/kernel/proton-pack.c +++ b/arch/arm64/kernel/proton-pack.c @@ -854,6 +854,9 @@ static bool is_spectre_bhb_safe(int scope) MIDR_ALL_VERSIONS(MIDR_CORTEX_A510), MIDR_ALL_VERSIONS(MIDR_CORTEX_A520), MIDR_ALL_VERSIONS(MIDR_BRAHMA_B53), + MIDR_ALL_VERSIONS(MIDR_QCOM_KRYO_2XX_SILVER), + MIDR_ALL_VERSIONS(MIDR_QCOM_KRYO_3XX_SILVER), + MIDR_ALL_VERSIONS(MIDR_QCOM_KRYO_4XX_SILVER), {}, }; static bool all_safe = true; -- 2.47.1.613.gc27f4b7a9f-goog

4 months, 1 week

2
1
0 0

[PATCH v4 1/5] arm64: errata: Add QCOM_KRYO_4XX_GOLD to the spectre_bhb_k24_list

by Douglas Anderson

Qualcomm Kryo 400-series Gold cores have a derivative of an ARM Cortex A76 in them. Since A76 needs Spectre mitigation via looping then the Kyro 400-series Gold cores also need Spectre mitigation via looping. Qualcomm has confirmed that the proper "k" value for Kryo 400-series Gold cores is 24. Fixes: 558c303c9734 ("arm64: Mitigate spectre style branch history side channels") Cc: stable(a)vger.kernel.org Cc: Scott Bauer <sbauer(a)quicinc.com> Signed-off-by: Douglas Anderson <dianders(a)chromium.org> --- Changes in v4: - Re-added QCOM_KRYO_4XX_GOLD k24 patch after Qualcomm confirmed. Changes in v3: - Removed QCOM_KRYO_4XX_GOLD k24 patch. Changes in v2: - Slight change to wording and notes of KRYO_4XX_GOLD patch arch/arm64/kernel/proton-pack.c | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/arm64/kernel/proton-pack.c b/arch/arm64/kernel/proton-pack.c index da53722f95d4..e149efadff20 100644 --- a/arch/arm64/kernel/proton-pack.c +++ b/arch/arm64/kernel/proton-pack.c @@ -866,6 +866,7 @@ u8 spectre_bhb_loop_affected(int scope) MIDR_ALL_VERSIONS(MIDR_CORTEX_A76), MIDR_ALL_VERSIONS(MIDR_CORTEX_A77), MIDR_ALL_VERSIONS(MIDR_NEOVERSE_N1), + MIDR_ALL_VERSIONS(MIDR_QCOM_KRYO_4XX_GOLD), {}, }; static const struct midr_range spectre_bhb_k11_list[] = { -- 2.47.1.613.gc27f4b7a9f-goog

4 months, 1 week

2
1
0 0

[PATCH 6.6 00/24] xfs backports for 6.6.y (from 6.12)

by Catherine Hoang

Hello, This series contains backports for 6.6 from the 6.12 release. This patchset has gone through xfs testing and review. Andrew Kreimer (1): xfs: fix a typo Brian Foster (2): xfs: skip background cowblock trims on inodes open for write xfs: don't free cowblocks from under dirty pagecache on unshare Chi Zhiling (1): xfs: Reduce unnecessary searches when searching for the best extents Christoph Hellwig (15): xfs: assert a valid limit in xfs_rtfind_forw xfs: merge xfs_attr_leaf_try_add into xfs_attr_leaf_addname xfs: return bool from xfs_attr3_leaf_add xfs: distinguish extra split from real ENOSPC from xfs_attr3_leaf_split xfs: distinguish extra split from real ENOSPC from xfs_attr_node_try_addname xfs: fold xfs_bmap_alloc_userdata into xfs_bmapi_allocate xfs: don't ifdef around the exact minlen allocations xfs: call xfs_bmap_exact_minlen_extent_alloc from xfs_bmap_btalloc xfs: support lowmode allocations in xfs_bmap_exact_minlen_extent_alloc xfs: pass the exact range to initialize to xfs_initialize_perag xfs: update the file system geometry after recoverying superblock buffers xfs: error out when a superblock buffer update reduces the agcount xfs: don't use __GFP_RETRY_MAYFAIL in xfs_initialize_perag xfs: update the pag for the last AG at recovery time xfs: streamline xfs_filestream_pick_ag Darrick J. Wong (2): xfs: validate inumber in xfs_iget xfs: fix a sloppy memory handling bug in xfs_iroot_realloc Ojaswin Mujoo (1): xfs: Check for delayed allocations before setting extsize Uros Bizjak (1): xfs: Use try_cmpxchg() in xlog_cil_insert_pcp_aggregate() Zhang Zekun (1): xfs: Remove empty declartion in header file fs/xfs/libxfs/xfs_ag.c | 47 ++++---- fs/xfs/libxfs/xfs_ag.h | 6 +- fs/xfs/libxfs/xfs_alloc.c | 9 +- fs/xfs/libxfs/xfs_alloc.h | 4 +- fs/xfs/libxfs/xfs_attr.c | 190 ++++++++++++++------------------- fs/xfs/libxfs/xfs_attr_leaf.c | 40 +++---- fs/xfs/libxfs/xfs_attr_leaf.h | 2 +- fs/xfs/libxfs/xfs_bmap.c | 140 ++++++++---------------- fs/xfs/libxfs/xfs_da_btree.c | 5 +- fs/xfs/libxfs/xfs_inode_fork.c | 10 +- fs/xfs/libxfs/xfs_rtbitmap.c | 2 + fs/xfs/xfs_buf_item_recover.c | 70 ++++++++++++ fs/xfs/xfs_filestream.c | 96 ++++++++--------- fs/xfs/xfs_fsops.c | 18 ++-- fs/xfs/xfs_icache.c | 39 ++++--- fs/xfs/xfs_inode.c | 2 +- fs/xfs/xfs_inode.h | 5 + fs/xfs/xfs_ioctl.c | 4 +- fs/xfs/xfs_log.h | 1 - fs/xfs/xfs_log_cil.c | 11 +- fs/xfs/xfs_log_recover.c | 9 +- fs/xfs/xfs_mount.c | 4 +- fs/xfs/xfs_reflink.c | 3 + fs/xfs/xfs_reflink.h | 19 ++++ 24 files changed, 375 insertions(+), 361 deletions(-) -- 2.39.3

4 months, 1 week

2
25
0 0

[PATCH 5.4 5.10 5.15 0/3] nilfs2: protect busy buffer heads from being force-cleared

by Ryusuke Konishi

Please apply this series to the stable trees indicated by the subject prefix. This series makes it possible to backport the latter two patches (fixing some syzbot issues and a use-after-free issue) that could not be backported as-is. To achieve this, one dependent patch (patch 1/3) is included, and each patch is tailored to avoid extensive page/folio conversion. Both adjustments are specific to nilfs2 and do not include tree-wide changes. It has also been tested against the latest versions of each tree. Thanks, Ryusuke Konishi Ryusuke Konishi (3): nilfs2: do not output warnings when clearing dirty buffers nilfs2: do not force clear folio if buffer is referenced nilfs2: protect access to buffers with no active references fs/nilfs2/inode.c | 4 ++-- fs/nilfs2/mdt.c | 6 ++--- fs/nilfs2/page.c | 55 ++++++++++++++++++++++++++------------------- fs/nilfs2/page.h | 4 ++-- fs/nilfs2/segment.c | 4 +++- 5 files changed, 42 insertions(+), 31 deletions(-) -- 2.43.5

4 months, 1 week

2
4
0 0

[PATCH 5.10 1/2] Revert "btrfs: avoid monopolizing a core when activating a swap file"

by Koichiro Den

This reverts commit a1c3a19446a440c68e80e9c34c5f308ff58aac88. The backport for linux-5.10.y, commit a1c3a19446a4 ("btrfs: avoid monopolizing a core when activating a swap file"), inserted cond_resched() in the wrong location. Revert it now; a subsequent commit will re-backport the original patch. Fixes: a1c3a19446a4 ("btrfs: avoid monopolizing a core when activating a swap file") # linux-5.10.y Signed-off-by: Koichiro Den <koichiro.den(a)canonical.com> --- fs/btrfs/inode.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c index 560c4f2a1833..45c1732a9677 100644 --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c @@ -7127,8 +7127,6 @@ noinline int can_nocow_extent(struct inode *inode, u64 offset, u64 *len, ret = -EAGAIN; goto out; } - - cond_resched(); } btrfs_release_path(path); -- 2.45.2

4 months, 1 week

2
2
0 0

[PATCH 5.4 1/2] Revert "btrfs: avoid monopolizing a core when activating a swap file"

by Koichiro Den

This reverts commit 3d770d44dd5c6316913b003790998404636ec2a8. The backport for linux-5.4.y, commit 3d770d44dd5c ("btrfs: avoid monopolizing a core when activating a swap file"), inserted cond_resched() in the wrong location. Revert it now; a subsequent commit will re-backport the original patch. Fixes: 3d770d44dd5c ("btrfs: avoid monopolizing a core when activating a swap file") # linux-5.4.y Signed-off-by: Koichiro Den <koichiro.den(a)canonical.com> --- fs/btrfs/inode.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c index d9a581f46f13..cd72409ccc94 100644 --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c @@ -7679,8 +7679,6 @@ noinline int can_nocow_extent(struct inode *inode, u64 offset, u64 *len, ret = -EAGAIN; goto out; } - - cond_resched(); } btrfs_release_path(path); -- 2.45.2

4 months, 1 week

2
2
0 0

FAILED: patch "[PATCH] pps: Fix a use-after-free" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x c79a39dc8d060b9e64e8b0fa9d245d44befeefbe # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025020420-subtly-blaming-0ded@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c79a39dc8d060b9e64e8b0fa9d245d44befeefbe Mon Sep 17 00:00:00 2001 From: Calvin Owens <calvin(a)wbinvd.org> Date: Mon, 11 Nov 2024 20:13:29 -0800 Subject: [PATCH] pps: Fix a use-after-free On a board running ntpd and gpsd, I'm seeing a consistent use-after-free in sys_exit() from gpsd when rebooting: pps pps1: removed ------------[ cut here ]------------ kobject: '(null)' (00000000db4bec24): is not initialized, yet kobject_put() is being called. WARNING: CPU: 2 PID: 440 at lib/kobject.c:734 kobject_put+0x120/0x150 CPU: 2 UID: 299 PID: 440 Comm: gpsd Not tainted 6.11.0-rc6-00308-gb31c44928842 #1 Hardware name: Raspberry Pi 4 Model B Rev 1.1 (DT) pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : kobject_put+0x120/0x150 lr : kobject_put+0x120/0x150 sp : ffffffc0803d3ae0 x29: ffffffc0803d3ae0 x28: ffffff8042dc9738 x27: 0000000000000001 x26: 0000000000000000 x25: ffffff8042dc9040 x24: ffffff8042dc9440 x23: ffffff80402a4620 x22: ffffff8042ef4bd0 x21: ffffff80405cb600 x20: 000000000008001b x19: ffffff8040b3b6e0 x18: 0000000000000000 x17: 0000000000000000 x16: 0000000000000000 x15: 696e6920746f6e20 x14: 7369203a29343263 x13: 205d303434542020 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000 x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000000 x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000000 Call trace: kobject_put+0x120/0x150 cdev_put+0x20/0x3c __fput+0x2c4/0x2d8 ____fput+0x1c/0x38 task_work_run+0x70/0xfc do_exit+0x2a0/0x924 do_group_exit+0x34/0x90 get_signal+0x7fc/0x8c0 do_signal+0x128/0x13b4 do_notify_resume+0xdc/0x160 el0_svc+0xd4/0xf8 el0t_64_sync_handler+0x140/0x14c el0t_64_sync+0x190/0x194 ---[ end trace 0000000000000000 ]--- ...followed by more symptoms of corruption, with similar stacks: refcount_t: underflow; use-after-free. kernel BUG at lib/list_debug.c:62! Kernel panic - not syncing: Oops - BUG: Fatal exception This happens because pps_device_destruct() frees the pps_device with the embedded cdev immediately after calling cdev_del(), but, as the comment above cdev_del() notes, fops for previously opened cdevs are still callable even after cdev_del() returns. I think this bug has always been there: I can't explain why it suddenly started happening every time I reboot this particular board. In commit d953e0e837e6 ("pps: Fix a use-after free bug when unregistering a source."), George Spelvin suggested removing the embedded cdev. That seems like the simplest way to fix this, so I've implemented his suggestion, using __register_chrdev() with pps_idr becoming the source of truth for which minor corresponds to which device. But now that pps_idr defines userspace visibility instead of cdev_add(), we need to be sure the pps->dev refcount can't reach zero while userspace can still find it again. So, the idr_remove() call moves to pps_unregister_cdev(), and pps_idr now holds a reference to pps->dev. pps_core: source serial1 got cdev (251:1) <...> pps pps1: removed pps_core: unregistering pps1 pps_core: deallocating pps1 Fixes: d953e0e837e6 ("pps: Fix a use-after free bug when unregistering a source.") Cc: stable(a)vger.kernel.org Signed-off-by: Calvin Owens <calvin(a)wbinvd.org> Reviewed-by: Michal Schmidt <mschmidt(a)redhat.com> Link: https://lore.kernel.org/r/a17975fd5ae99385791929e563f72564edbcf28f.17313837… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/pps/clients/pps-gpio.c b/drivers/pps/clients/pps-gpio.c index 634c3b2f8c26..f77b19884f05 100644 --- a/drivers/pps/clients/pps-gpio.c +++ b/drivers/pps/clients/pps-gpio.c @@ -214,8 +214,8 @@ static int pps_gpio_probe(struct platform_device *pdev) return -EINVAL; } - dev_info(data->pps->dev, "Registered IRQ %d as PPS source\n", - data->irq); + dev_dbg(&data->pps->dev, "Registered IRQ %d as PPS source\n", + data->irq); return 0; } diff --git a/drivers/pps/clients/pps-ktimer.c b/drivers/pps/clients/pps-ktimer.c index d33106bd7a29..2f465549b843 100644 --- a/drivers/pps/clients/pps-ktimer.c +++ b/drivers/pps/clients/pps-ktimer.c @@ -56,7 +56,7 @@ static struct pps_source_info pps_ktimer_info = { static void __exit pps_ktimer_exit(void) { - dev_info(pps->dev, "ktimer PPS source unregistered\n"); + dev_dbg(&pps->dev, "ktimer PPS source unregistered\n"); del_timer_sync(&ktimer); pps_unregister_source(pps); @@ -74,7 +74,7 @@ static int __init pps_ktimer_init(void) timer_setup(&ktimer, pps_ktimer_event, 0); mod_timer(&ktimer, jiffies + HZ); - dev_info(pps->dev, "ktimer PPS source registered\n"); + dev_dbg(&pps->dev, "ktimer PPS source registered\n"); return 0; } diff --git a/drivers/pps/clients/pps-ldisc.c b/drivers/pps/clients/pps-ldisc.c index 443d6bae19d1..fa5660f3c4b7 100644 --- a/drivers/pps/clients/pps-ldisc.c +++ b/drivers/pps/clients/pps-ldisc.c @@ -32,7 +32,7 @@ static void pps_tty_dcd_change(struct tty_struct *tty, bool active) pps_event(pps, &ts, active ? PPS_CAPTUREASSERT : PPS_CAPTURECLEAR, NULL); - dev_dbg(pps->dev, "PPS %s at %lu\n", + dev_dbg(&pps->dev, "PPS %s at %lu\n", active ? "assert" : "clear", jiffies); } @@ -69,7 +69,7 @@ static int pps_tty_open(struct tty_struct *tty) goto err_unregister; } - dev_info(pps->dev, "source \"%s\" added\n", info.path); + dev_dbg(&pps->dev, "source \"%s\" added\n", info.path); return 0; @@ -89,7 +89,7 @@ static void pps_tty_close(struct tty_struct *tty) if (WARN_ON(!pps)) return; - dev_info(pps->dev, "removed\n"); + dev_info(&pps->dev, "removed\n"); pps_unregister_source(pps); } diff --git a/drivers/pps/clients/pps_parport.c b/drivers/pps/clients/pps_parport.c index abaffb4e1c1c..24db06750297 100644 --- a/drivers/pps/clients/pps_parport.c +++ b/drivers/pps/clients/pps_parport.c @@ -81,7 +81,7 @@ static void parport_irq(void *handle) /* check the signal (no signal means the pulse is lost this time) */ if (!signal_is_set(port)) { local_irq_restore(flags); - dev_err(dev->pps->dev, "lost the signal\n"); + dev_err(&dev->pps->dev, "lost the signal\n"); goto out_assert; } @@ -98,7 +98,7 @@ static void parport_irq(void *handle) /* timeout */ dev->cw_err++; if (dev->cw_err >= CLEAR_WAIT_MAX_ERRORS) { - dev_err(dev->pps->dev, "disabled clear edge capture after %d" + dev_err(&dev->pps->dev, "disabled clear edge capture after %d" " timeouts\n", dev->cw_err); dev->cw = 0; dev->cw_err = 0; diff --git a/drivers/pps/kapi.c b/drivers/pps/kapi.c index d9d566f70ed1..92d1b62ea239 100644 --- a/drivers/pps/kapi.c +++ b/drivers/pps/kapi.c @@ -41,7 +41,7 @@ static void pps_add_offset(struct pps_ktime *ts, struct pps_ktime *offset) static void pps_echo_client_default(struct pps_device *pps, int event, void *data) { - dev_info(pps->dev, "echo %s %s\n", + dev_info(&pps->dev, "echo %s %s\n", event & PPS_CAPTUREASSERT ? "assert" : "", event & PPS_CAPTURECLEAR ? "clear" : ""); } @@ -112,7 +112,7 @@ struct pps_device *pps_register_source(struct pps_source_info *info, goto kfree_pps; } - dev_info(pps->dev, "new PPS source %s\n", info->name); + dev_dbg(&pps->dev, "new PPS source %s\n", info->name); return pps; @@ -166,7 +166,7 @@ void pps_event(struct pps_device *pps, struct pps_event_time *ts, int event, /* check event type */ BUG_ON((event & (PPS_CAPTUREASSERT | PPS_CAPTURECLEAR)) == 0); - dev_dbg(pps->dev, "PPS event at %lld.%09ld\n", + dev_dbg(&pps->dev, "PPS event at %lld.%09ld\n", (s64)ts->ts_real.tv_sec, ts->ts_real.tv_nsec); timespec_to_pps_ktime(&ts_real, ts->ts_real); @@ -188,7 +188,7 @@ void pps_event(struct pps_device *pps, struct pps_event_time *ts, int event, /* Save the time stamp */ pps->assert_tu = ts_real; pps->assert_sequence++; - dev_dbg(pps->dev, "capture assert seq #%u\n", + dev_dbg(&pps->dev, "capture assert seq #%u\n", pps->assert_sequence); captured = ~0; @@ -202,7 +202,7 @@ void pps_event(struct pps_device *pps, struct pps_event_time *ts, int event, /* Save the time stamp */ pps->clear_tu = ts_real; pps->clear_sequence++; - dev_dbg(pps->dev, "capture clear seq #%u\n", + dev_dbg(&pps->dev, "capture clear seq #%u\n", pps->clear_sequence); captured = ~0; diff --git a/drivers/pps/kc.c b/drivers/pps/kc.c index 50dc59af45be..fbd23295afd7 100644 --- a/drivers/pps/kc.c +++ b/drivers/pps/kc.c @@ -43,11 +43,11 @@ int pps_kc_bind(struct pps_device *pps, struct pps_bind_args *bind_args) pps_kc_hardpps_mode = 0; pps_kc_hardpps_dev = NULL; spin_unlock_irq(&pps_kc_hardpps_lock); - dev_info(pps->dev, "unbound kernel" + dev_info(&pps->dev, "unbound kernel" " consumer\n"); } else { spin_unlock_irq(&pps_kc_hardpps_lock); - dev_err(pps->dev, "selected kernel consumer" + dev_err(&pps->dev, "selected kernel consumer" " is not bound\n"); return -EINVAL; } @@ -57,11 +57,11 @@ int pps_kc_bind(struct pps_device *pps, struct pps_bind_args *bind_args) pps_kc_hardpps_mode = bind_args->edge; pps_kc_hardpps_dev = pps; spin_unlock_irq(&pps_kc_hardpps_lock); - dev_info(pps->dev, "bound kernel consumer: " + dev_info(&pps->dev, "bound kernel consumer: " "edge=0x%x\n", bind_args->edge); } else { spin_unlock_irq(&pps_kc_hardpps_lock); - dev_err(pps->dev, "another kernel consumer" + dev_err(&pps->dev, "another kernel consumer" " is already bound\n"); return -EINVAL; } @@ -83,7 +83,7 @@ void pps_kc_remove(struct pps_device *pps) pps_kc_hardpps_mode = 0; pps_kc_hardpps_dev = NULL; spin_unlock_irq(&pps_kc_hardpps_lock); - dev_info(pps->dev, "unbound kernel consumer" + dev_info(&pps->dev, "unbound kernel consumer" " on device removal\n"); } else spin_unlock_irq(&pps_kc_hardpps_lock); diff --git a/drivers/pps/pps.c b/drivers/pps/pps.c index 25d47907db17..6a02245ea35f 100644 --- a/drivers/pps/pps.c +++ b/drivers/pps/pps.c @@ -25,7 +25,7 @@ * Local variables */ -static dev_t pps_devt; +static int pps_major; static struct class *pps_class; static DEFINE_MUTEX(pps_idr_lock); @@ -62,7 +62,7 @@ static int pps_cdev_pps_fetch(struct pps_device *pps, struct pps_fdata *fdata) else { unsigned long ticks; - dev_dbg(pps->dev, "timeout %lld.%09d\n", + dev_dbg(&pps->dev, "timeout %lld.%09d\n", (long long) fdata->timeout.sec, fdata->timeout.nsec); ticks = fdata->timeout.sec * HZ; @@ -80,7 +80,7 @@ static int pps_cdev_pps_fetch(struct pps_device *pps, struct pps_fdata *fdata) /* Check for pending signals */ if (err == -ERESTARTSYS) { - dev_dbg(pps->dev, "pending signal caught\n"); + dev_dbg(&pps->dev, "pending signal caught\n"); return -EINTR; } @@ -98,7 +98,7 @@ static long pps_cdev_ioctl(struct file *file, switch (cmd) { case PPS_GETPARAMS: - dev_dbg(pps->dev, "PPS_GETPARAMS\n"); + dev_dbg(&pps->dev, "PPS_GETPARAMS\n"); spin_lock_irq(&pps->lock); @@ -114,7 +114,7 @@ static long pps_cdev_ioctl(struct file *file, break; case PPS_SETPARAMS: - dev_dbg(pps->dev, "PPS_SETPARAMS\n"); + dev_dbg(&pps->dev, "PPS_SETPARAMS\n"); /* Check the capabilities */ if (!capable(CAP_SYS_TIME)) @@ -124,14 +124,14 @@ static long pps_cdev_ioctl(struct file *file, if (err) return -EFAULT; if (!(params.mode & (PPS_CAPTUREASSERT | PPS_CAPTURECLEAR))) { - dev_dbg(pps->dev, "capture mode unspecified (%x)\n", + dev_dbg(&pps->dev, "capture mode unspecified (%x)\n", params.mode); return -EINVAL; } /* Check for supported capabilities */ if ((params.mode & ~pps->info.mode) != 0) { - dev_dbg(pps->dev, "unsupported capabilities (%x)\n", + dev_dbg(&pps->dev, "unsupported capabilities (%x)\n", params.mode); return -EINVAL; } @@ -144,7 +144,7 @@ static long pps_cdev_ioctl(struct file *file, /* Restore the read only parameters */ if ((params.mode & (PPS_TSFMT_TSPEC | PPS_TSFMT_NTPFP)) == 0) { /* section 3.3 of RFC 2783 interpreted */ - dev_dbg(pps->dev, "time format unspecified (%x)\n", + dev_dbg(&pps->dev, "time format unspecified (%x)\n", params.mode); pps->params.mode |= PPS_TSFMT_TSPEC; } @@ -165,7 +165,7 @@ static long pps_cdev_ioctl(struct file *file, break; case PPS_GETCAP: - dev_dbg(pps->dev, "PPS_GETCAP\n"); + dev_dbg(&pps->dev, "PPS_GETCAP\n"); err = put_user(pps->info.mode, iuarg); if (err) @@ -176,7 +176,7 @@ static long pps_cdev_ioctl(struct file *file, case PPS_FETCH: { struct pps_fdata fdata; - dev_dbg(pps->dev, "PPS_FETCH\n"); + dev_dbg(&pps->dev, "PPS_FETCH\n"); err = copy_from_user(&fdata, uarg, sizeof(struct pps_fdata)); if (err) @@ -206,7 +206,7 @@ static long pps_cdev_ioctl(struct file *file, case PPS_KC_BIND: { struct pps_bind_args bind_args; - dev_dbg(pps->dev, "PPS_KC_BIND\n"); + dev_dbg(&pps->dev, "PPS_KC_BIND\n"); /* Check the capabilities */ if (!capable(CAP_SYS_TIME)) @@ -218,7 +218,7 @@ static long pps_cdev_ioctl(struct file *file, /* Check for supported capabilities */ if ((bind_args.edge & ~pps->info.mode) != 0) { - dev_err(pps->dev, "unsupported capabilities (%x)\n", + dev_err(&pps->dev, "unsupported capabilities (%x)\n", bind_args.edge); return -EINVAL; } @@ -227,7 +227,7 @@ static long pps_cdev_ioctl(struct file *file, if (bind_args.tsformat != PPS_TSFMT_TSPEC || (bind_args.edge & ~PPS_CAPTUREBOTH) != 0 || bind_args.consumer != PPS_KC_HARDPPS) { - dev_err(pps->dev, "invalid kernel consumer bind" + dev_err(&pps->dev, "invalid kernel consumer bind" " parameters (%x)\n", bind_args.edge); return -EINVAL; } @@ -259,7 +259,7 @@ static long pps_cdev_compat_ioctl(struct file *file, struct pps_fdata fdata; int err; - dev_dbg(pps->dev, "PPS_FETCH\n"); + dev_dbg(&pps->dev, "PPS_FETCH\n"); err = copy_from_user(&compat, uarg, sizeof(struct pps_fdata_compat)); if (err) @@ -296,20 +296,36 @@ static long pps_cdev_compat_ioctl(struct file *file, #define pps_cdev_compat_ioctl NULL #endif +static struct pps_device *pps_idr_get(unsigned long id) +{ + struct pps_device *pps; + + mutex_lock(&pps_idr_lock); + pps = idr_find(&pps_idr, id); + if (pps) + get_device(&pps->dev); + + mutex_unlock(&pps_idr_lock); + return pps; +} + static int pps_cdev_open(struct inode *inode, struct file *file) { - struct pps_device *pps = container_of(inode->i_cdev, - struct pps_device, cdev); + struct pps_device *pps = pps_idr_get(iminor(inode)); + + if (!pps) + return -ENODEV; + file->private_data = pps; - kobject_get(&pps->dev->kobj); return 0; } static int pps_cdev_release(struct inode *inode, struct file *file) { - struct pps_device *pps = container_of(inode->i_cdev, - struct pps_device, cdev); - kobject_put(&pps->dev->kobj); + struct pps_device *pps = file->private_data; + + WARN_ON(pps->id != iminor(inode)); + put_device(&pps->dev); return 0; } @@ -331,22 +347,13 @@ static void pps_device_destruct(struct device *dev) { struct pps_device *pps = dev_get_drvdata(dev); - cdev_del(&pps->cdev); - - /* Now we can release the ID for re-use */ pr_debug("deallocating pps%d\n", pps->id); - mutex_lock(&pps_idr_lock); - idr_remove(&pps_idr, pps->id); - mutex_unlock(&pps_idr_lock); - - kfree(dev); kfree(pps); } int pps_register_cdev(struct pps_device *pps) { int err; - dev_t devt; mutex_lock(&pps_idr_lock); /* @@ -363,40 +370,29 @@ int pps_register_cdev(struct pps_device *pps) goto out_unlock; } pps->id = err; - mutex_unlock(&pps_idr_lock); - devt = MKDEV(MAJOR(pps_devt), pps->id); - - cdev_init(&pps->cdev, &pps_cdev_fops); - pps->cdev.owner = pps->info.owner; - - err = cdev_add(&pps->cdev, devt, 1); - if (err) { - pr_err("%s: failed to add char device %d:%d\n", - pps->info.name, MAJOR(pps_devt), pps->id); + pps->dev.class = pps_class; + pps->dev.parent = pps->info.dev; + pps->dev.devt = MKDEV(pps_major, pps->id); + dev_set_drvdata(&pps->dev, pps); + dev_set_name(&pps->dev, "pps%d", pps->id); + err = device_register(&pps->dev); + if (err) goto free_idr; - } - pps->dev = device_create(pps_class, pps->info.dev, devt, pps, - "pps%d", pps->id); - if (IS_ERR(pps->dev)) { - err = PTR_ERR(pps->dev); - goto del_cdev; - } /* Override the release function with our own */ - pps->dev->release = pps_device_destruct; + pps->dev.release = pps_device_destruct; - pr_debug("source %s got cdev (%d:%d)\n", pps->info.name, - MAJOR(pps_devt), pps->id); + pr_debug("source %s got cdev (%d:%d)\n", pps->info.name, pps_major, + pps->id); + get_device(&pps->dev); + mutex_unlock(&pps_idr_lock); return 0; -del_cdev: - cdev_del(&pps->cdev); - free_idr: - mutex_lock(&pps_idr_lock); idr_remove(&pps_idr, pps->id); + put_device(&pps->dev); out_unlock: mutex_unlock(&pps_idr_lock); return err; @@ -406,7 +402,13 @@ void pps_unregister_cdev(struct pps_device *pps) { pr_debug("unregistering pps%d\n", pps->id); pps->lookup_cookie = NULL; - device_destroy(pps_class, pps->dev->devt); + device_destroy(pps_class, pps->dev.devt); + + /* Now we can release the ID for re-use */ + mutex_lock(&pps_idr_lock); + idr_remove(&pps_idr, pps->id); + put_device(&pps->dev); + mutex_unlock(&pps_idr_lock); } /* @@ -426,6 +428,11 @@ void pps_unregister_cdev(struct pps_device *pps) * so that it will not be used again, even if the pps device cannot * be removed from the idr due to pending references holding the minor * number in use. + * + * Since pps_idr holds a reference to the device, the returned + * pps_device is guaranteed to be valid until pps_unregister_cdev() is + * called on it. But after calling pps_unregister_cdev(), it may be + * freed at any time. */ struct pps_device *pps_lookup_dev(void const *cookie) { @@ -448,13 +455,11 @@ EXPORT_SYMBOL(pps_lookup_dev); static void __exit pps_exit(void) { class_destroy(pps_class); - unregister_chrdev_region(pps_devt, PPS_MAX_SOURCES); + __unregister_chrdev(pps_major, 0, PPS_MAX_SOURCES, "pps"); } static int __init pps_init(void) { - int err; - pps_class = class_create("pps"); if (IS_ERR(pps_class)) { pr_err("failed to allocate class\n"); @@ -462,8 +467,9 @@ static int __init pps_init(void) } pps_class->dev_groups = pps_groups; - err = alloc_chrdev_region(&pps_devt, 0, PPS_MAX_SOURCES, "pps"); - if (err < 0) { + pps_major = __register_chrdev(0, 0, PPS_MAX_SOURCES, "pps", + &pps_cdev_fops); + if (pps_major < 0) { pr_err("failed to allocate char device region\n"); goto remove_class; } @@ -476,8 +482,7 @@ static int __init pps_init(void) remove_class: class_destroy(pps_class); - - return err; + return pps_major; } subsys_initcall(pps_init); diff --git a/drivers/ptp/ptp_ocp.c b/drivers/ptp/ptp_ocp.c index 5feecaadde8e..120db96d9e95 100644 --- a/drivers/ptp/ptp_ocp.c +++ b/drivers/ptp/ptp_ocp.c @@ -4420,7 +4420,7 @@ ptp_ocp_complete(struct ptp_ocp *bp) pps = pps_lookup_dev(bp->ptp); if (pps) - ptp_ocp_symlink(bp, pps->dev, "pps"); + ptp_ocp_symlink(bp, &pps->dev, "pps"); ptp_ocp_debugfs_add_device(bp); diff --git a/include/linux/pps_kernel.h b/include/linux/pps_kernel.h index 78c8ac4951b5..c7abce28ed29 100644 --- a/include/linux/pps_kernel.h +++ b/include/linux/pps_kernel.h @@ -56,8 +56,7 @@ struct pps_device { unsigned int id; /* PPS source unique ID */ void const *lookup_cookie; /* For pps_lookup_dev() only */ - struct cdev cdev; - struct device *dev; + struct device dev; struct fasync_struct *async_queue; /* fasync method */ spinlock_t lock; };

4 months, 1 week

3
2
0 0

FAILED: patch "[PATCH] pps: Fix a use-after-free" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x c79a39dc8d060b9e64e8b0fa9d245d44befeefbe # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025020424-bloated-undecided-1814@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c79a39dc8d060b9e64e8b0fa9d245d44befeefbe Mon Sep 17 00:00:00 2001 From: Calvin Owens <calvin(a)wbinvd.org> Date: Mon, 11 Nov 2024 20:13:29 -0800 Subject: [PATCH] pps: Fix a use-after-free On a board running ntpd and gpsd, I'm seeing a consistent use-after-free in sys_exit() from gpsd when rebooting: pps pps1: removed ------------[ cut here ]------------ kobject: '(null)' (00000000db4bec24): is not initialized, yet kobject_put() is being called. WARNING: CPU: 2 PID: 440 at lib/kobject.c:734 kobject_put+0x120/0x150 CPU: 2 UID: 299 PID: 440 Comm: gpsd Not tainted 6.11.0-rc6-00308-gb31c44928842 #1 Hardware name: Raspberry Pi 4 Model B Rev 1.1 (DT) pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : kobject_put+0x120/0x150 lr : kobject_put+0x120/0x150 sp : ffffffc0803d3ae0 x29: ffffffc0803d3ae0 x28: ffffff8042dc9738 x27: 0000000000000001 x26: 0000000000000000 x25: ffffff8042dc9040 x24: ffffff8042dc9440 x23: ffffff80402a4620 x22: ffffff8042ef4bd0 x21: ffffff80405cb600 x20: 000000000008001b x19: ffffff8040b3b6e0 x18: 0000000000000000 x17: 0000000000000000 x16: 0000000000000000 x15: 696e6920746f6e20 x14: 7369203a29343263 x13: 205d303434542020 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000 x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000000 x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000000 Call trace: kobject_put+0x120/0x150 cdev_put+0x20/0x3c __fput+0x2c4/0x2d8 ____fput+0x1c/0x38 task_work_run+0x70/0xfc do_exit+0x2a0/0x924 do_group_exit+0x34/0x90 get_signal+0x7fc/0x8c0 do_signal+0x128/0x13b4 do_notify_resume+0xdc/0x160 el0_svc+0xd4/0xf8 el0t_64_sync_handler+0x140/0x14c el0t_64_sync+0x190/0x194 ---[ end trace 0000000000000000 ]--- ...followed by more symptoms of corruption, with similar stacks: refcount_t: underflow; use-after-free. kernel BUG at lib/list_debug.c:62! Kernel panic - not syncing: Oops - BUG: Fatal exception This happens because pps_device_destruct() frees the pps_device with the embedded cdev immediately after calling cdev_del(), but, as the comment above cdev_del() notes, fops for previously opened cdevs are still callable even after cdev_del() returns. I think this bug has always been there: I can't explain why it suddenly started happening every time I reboot this particular board. In commit d953e0e837e6 ("pps: Fix a use-after free bug when unregistering a source."), George Spelvin suggested removing the embedded cdev. That seems like the simplest way to fix this, so I've implemented his suggestion, using __register_chrdev() with pps_idr becoming the source of truth for which minor corresponds to which device. But now that pps_idr defines userspace visibility instead of cdev_add(), we need to be sure the pps->dev refcount can't reach zero while userspace can still find it again. So, the idr_remove() call moves to pps_unregister_cdev(), and pps_idr now holds a reference to pps->dev. pps_core: source serial1 got cdev (251:1) <...> pps pps1: removed pps_core: unregistering pps1 pps_core: deallocating pps1 Fixes: d953e0e837e6 ("pps: Fix a use-after free bug when unregistering a source.") Cc: stable(a)vger.kernel.org Signed-off-by: Calvin Owens <calvin(a)wbinvd.org> Reviewed-by: Michal Schmidt <mschmidt(a)redhat.com> Link: https://lore.kernel.org/r/a17975fd5ae99385791929e563f72564edbcf28f.17313837… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/pps/clients/pps-gpio.c b/drivers/pps/clients/pps-gpio.c index 634c3b2f8c26..f77b19884f05 100644 --- a/drivers/pps/clients/pps-gpio.c +++ b/drivers/pps/clients/pps-gpio.c @@ -214,8 +214,8 @@ static int pps_gpio_probe(struct platform_device *pdev) return -EINVAL; } - dev_info(data->pps->dev, "Registered IRQ %d as PPS source\n", - data->irq); + dev_dbg(&data->pps->dev, "Registered IRQ %d as PPS source\n", + data->irq); return 0; } diff --git a/drivers/pps/clients/pps-ktimer.c b/drivers/pps/clients/pps-ktimer.c index d33106bd7a29..2f465549b843 100644 --- a/drivers/pps/clients/pps-ktimer.c +++ b/drivers/pps/clients/pps-ktimer.c @@ -56,7 +56,7 @@ static struct pps_source_info pps_ktimer_info = { static void __exit pps_ktimer_exit(void) { - dev_info(pps->dev, "ktimer PPS source unregistered\n"); + dev_dbg(&pps->dev, "ktimer PPS source unregistered\n"); del_timer_sync(&ktimer); pps_unregister_source(pps); @@ -74,7 +74,7 @@ static int __init pps_ktimer_init(void) timer_setup(&ktimer, pps_ktimer_event, 0); mod_timer(&ktimer, jiffies + HZ); - dev_info(pps->dev, "ktimer PPS source registered\n"); + dev_dbg(&pps->dev, "ktimer PPS source registered\n"); return 0; } diff --git a/drivers/pps/clients/pps-ldisc.c b/drivers/pps/clients/pps-ldisc.c index 443d6bae19d1..fa5660f3c4b7 100644 --- a/drivers/pps/clients/pps-ldisc.c +++ b/drivers/pps/clients/pps-ldisc.c @@ -32,7 +32,7 @@ static void pps_tty_dcd_change(struct tty_struct *tty, bool active) pps_event(pps, &ts, active ? PPS_CAPTUREASSERT : PPS_CAPTURECLEAR, NULL); - dev_dbg(pps->dev, "PPS %s at %lu\n", + dev_dbg(&pps->dev, "PPS %s at %lu\n", active ? "assert" : "clear", jiffies); } @@ -69,7 +69,7 @@ static int pps_tty_open(struct tty_struct *tty) goto err_unregister; } - dev_info(pps->dev, "source \"%s\" added\n", info.path); + dev_dbg(&pps->dev, "source \"%s\" added\n", info.path); return 0; @@ -89,7 +89,7 @@ static void pps_tty_close(struct tty_struct *tty) if (WARN_ON(!pps)) return; - dev_info(pps->dev, "removed\n"); + dev_info(&pps->dev, "removed\n"); pps_unregister_source(pps); } diff --git a/drivers/pps/clients/pps_parport.c b/drivers/pps/clients/pps_parport.c index abaffb4e1c1c..24db06750297 100644 --- a/drivers/pps/clients/pps_parport.c +++ b/drivers/pps/clients/pps_parport.c @@ -81,7 +81,7 @@ static void parport_irq(void *handle) /* check the signal (no signal means the pulse is lost this time) */ if (!signal_is_set(port)) { local_irq_restore(flags); - dev_err(dev->pps->dev, "lost the signal\n"); + dev_err(&dev->pps->dev, "lost the signal\n"); goto out_assert; } @@ -98,7 +98,7 @@ static void parport_irq(void *handle) /* timeout */ dev->cw_err++; if (dev->cw_err >= CLEAR_WAIT_MAX_ERRORS) { - dev_err(dev->pps->dev, "disabled clear edge capture after %d" + dev_err(&dev->pps->dev, "disabled clear edge capture after %d" " timeouts\n", dev->cw_err); dev->cw = 0; dev->cw_err = 0; diff --git a/drivers/pps/kapi.c b/drivers/pps/kapi.c index d9d566f70ed1..92d1b62ea239 100644 --- a/drivers/pps/kapi.c +++ b/drivers/pps/kapi.c @@ -41,7 +41,7 @@ static void pps_add_offset(struct pps_ktime *ts, struct pps_ktime *offset) static void pps_echo_client_default(struct pps_device *pps, int event, void *data) { - dev_info(pps->dev, "echo %s %s\n", + dev_info(&pps->dev, "echo %s %s\n", event & PPS_CAPTUREASSERT ? "assert" : "", event & PPS_CAPTURECLEAR ? "clear" : ""); } @@ -112,7 +112,7 @@ struct pps_device *pps_register_source(struct pps_source_info *info, goto kfree_pps; } - dev_info(pps->dev, "new PPS source %s\n", info->name); + dev_dbg(&pps->dev, "new PPS source %s\n", info->name); return pps; @@ -166,7 +166,7 @@ void pps_event(struct pps_device *pps, struct pps_event_time *ts, int event, /* check event type */ BUG_ON((event & (PPS_CAPTUREASSERT | PPS_CAPTURECLEAR)) == 0); - dev_dbg(pps->dev, "PPS event at %lld.%09ld\n", + dev_dbg(&pps->dev, "PPS event at %lld.%09ld\n", (s64)ts->ts_real.tv_sec, ts->ts_real.tv_nsec); timespec_to_pps_ktime(&ts_real, ts->ts_real); @@ -188,7 +188,7 @@ void pps_event(struct pps_device *pps, struct pps_event_time *ts, int event, /* Save the time stamp */ pps->assert_tu = ts_real; pps->assert_sequence++; - dev_dbg(pps->dev, "capture assert seq #%u\n", + dev_dbg(&pps->dev, "capture assert seq #%u\n", pps->assert_sequence); captured = ~0; @@ -202,7 +202,7 @@ void pps_event(struct pps_device *pps, struct pps_event_time *ts, int event, /* Save the time stamp */ pps->clear_tu = ts_real; pps->clear_sequence++; - dev_dbg(pps->dev, "capture clear seq #%u\n", + dev_dbg(&pps->dev, "capture clear seq #%u\n", pps->clear_sequence); captured = ~0; diff --git a/drivers/pps/kc.c b/drivers/pps/kc.c index 50dc59af45be..fbd23295afd7 100644 --- a/drivers/pps/kc.c +++ b/drivers/pps/kc.c @@ -43,11 +43,11 @@ int pps_kc_bind(struct pps_device *pps, struct pps_bind_args *bind_args) pps_kc_hardpps_mode = 0; pps_kc_hardpps_dev = NULL; spin_unlock_irq(&pps_kc_hardpps_lock); - dev_info(pps->dev, "unbound kernel" + dev_info(&pps->dev, "unbound kernel" " consumer\n"); } else { spin_unlock_irq(&pps_kc_hardpps_lock); - dev_err(pps->dev, "selected kernel consumer" + dev_err(&pps->dev, "selected kernel consumer" " is not bound\n"); return -EINVAL; } @@ -57,11 +57,11 @@ int pps_kc_bind(struct pps_device *pps, struct pps_bind_args *bind_args) pps_kc_hardpps_mode = bind_args->edge; pps_kc_hardpps_dev = pps; spin_unlock_irq(&pps_kc_hardpps_lock); - dev_info(pps->dev, "bound kernel consumer: " + dev_info(&pps->dev, "bound kernel consumer: " "edge=0x%x\n", bind_args->edge); } else { spin_unlock_irq(&pps_kc_hardpps_lock); - dev_err(pps->dev, "another kernel consumer" + dev_err(&pps->dev, "another kernel consumer" " is already bound\n"); return -EINVAL; } @@ -83,7 +83,7 @@ void pps_kc_remove(struct pps_device *pps) pps_kc_hardpps_mode = 0; pps_kc_hardpps_dev = NULL; spin_unlock_irq(&pps_kc_hardpps_lock); - dev_info(pps->dev, "unbound kernel consumer" + dev_info(&pps->dev, "unbound kernel consumer" " on device removal\n"); } else spin_unlock_irq(&pps_kc_hardpps_lock); diff --git a/drivers/pps/pps.c b/drivers/pps/pps.c index 25d47907db17..6a02245ea35f 100644 --- a/drivers/pps/pps.c +++ b/drivers/pps/pps.c @@ -25,7 +25,7 @@ * Local variables */ -static dev_t pps_devt; +static int pps_major; static struct class *pps_class; static DEFINE_MUTEX(pps_idr_lock); @@ -62,7 +62,7 @@ static int pps_cdev_pps_fetch(struct pps_device *pps, struct pps_fdata *fdata) else { unsigned long ticks; - dev_dbg(pps->dev, "timeout %lld.%09d\n", + dev_dbg(&pps->dev, "timeout %lld.%09d\n", (long long) fdata->timeout.sec, fdata->timeout.nsec); ticks = fdata->timeout.sec * HZ; @@ -80,7 +80,7 @@ static int pps_cdev_pps_fetch(struct pps_device *pps, struct pps_fdata *fdata) /* Check for pending signals */ if (err == -ERESTARTSYS) { - dev_dbg(pps->dev, "pending signal caught\n"); + dev_dbg(&pps->dev, "pending signal caught\n"); return -EINTR; } @@ -98,7 +98,7 @@ static long pps_cdev_ioctl(struct file *file, switch (cmd) { case PPS_GETPARAMS: - dev_dbg(pps->dev, "PPS_GETPARAMS\n"); + dev_dbg(&pps->dev, "PPS_GETPARAMS\n"); spin_lock_irq(&pps->lock); @@ -114,7 +114,7 @@ static long pps_cdev_ioctl(struct file *file, break; case PPS_SETPARAMS: - dev_dbg(pps->dev, "PPS_SETPARAMS\n"); + dev_dbg(&pps->dev, "PPS_SETPARAMS\n"); /* Check the capabilities */ if (!capable(CAP_SYS_TIME)) @@ -124,14 +124,14 @@ static long pps_cdev_ioctl(struct file *file, if (err) return -EFAULT; if (!(params.mode & (PPS_CAPTUREASSERT | PPS_CAPTURECLEAR))) { - dev_dbg(pps->dev, "capture mode unspecified (%x)\n", + dev_dbg(&pps->dev, "capture mode unspecified (%x)\n", params.mode); return -EINVAL; } /* Check for supported capabilities */ if ((params.mode & ~pps->info.mode) != 0) { - dev_dbg(pps->dev, "unsupported capabilities (%x)\n", + dev_dbg(&pps->dev, "unsupported capabilities (%x)\n", params.mode); return -EINVAL; } @@ -144,7 +144,7 @@ static long pps_cdev_ioctl(struct file *file, /* Restore the read only parameters */ if ((params.mode & (PPS_TSFMT_TSPEC | PPS_TSFMT_NTPFP)) == 0) { /* section 3.3 of RFC 2783 interpreted */ - dev_dbg(pps->dev, "time format unspecified (%x)\n", + dev_dbg(&pps->dev, "time format unspecified (%x)\n", params.mode); pps->params.mode |= PPS_TSFMT_TSPEC; } @@ -165,7 +165,7 @@ static long pps_cdev_ioctl(struct file *file, break; case PPS_GETCAP: - dev_dbg(pps->dev, "PPS_GETCAP\n"); + dev_dbg(&pps->dev, "PPS_GETCAP\n"); err = put_user(pps->info.mode, iuarg); if (err) @@ -176,7 +176,7 @@ static long pps_cdev_ioctl(struct file *file, case PPS_FETCH: { struct pps_fdata fdata; - dev_dbg(pps->dev, "PPS_FETCH\n"); + dev_dbg(&pps->dev, "PPS_FETCH\n"); err = copy_from_user(&fdata, uarg, sizeof(struct pps_fdata)); if (err) @@ -206,7 +206,7 @@ static long pps_cdev_ioctl(struct file *file, case PPS_KC_BIND: { struct pps_bind_args bind_args; - dev_dbg(pps->dev, "PPS_KC_BIND\n"); + dev_dbg(&pps->dev, "PPS_KC_BIND\n"); /* Check the capabilities */ if (!capable(CAP_SYS_TIME)) @@ -218,7 +218,7 @@ static long pps_cdev_ioctl(struct file *file, /* Check for supported capabilities */ if ((bind_args.edge & ~pps->info.mode) != 0) { - dev_err(pps->dev, "unsupported capabilities (%x)\n", + dev_err(&pps->dev, "unsupported capabilities (%x)\n", bind_args.edge); return -EINVAL; } @@ -227,7 +227,7 @@ static long pps_cdev_ioctl(struct file *file, if (bind_args.tsformat != PPS_TSFMT_TSPEC || (bind_args.edge & ~PPS_CAPTUREBOTH) != 0 || bind_args.consumer != PPS_KC_HARDPPS) { - dev_err(pps->dev, "invalid kernel consumer bind" + dev_err(&pps->dev, "invalid kernel consumer bind" " parameters (%x)\n", bind_args.edge); return -EINVAL; } @@ -259,7 +259,7 @@ static long pps_cdev_compat_ioctl(struct file *file, struct pps_fdata fdata; int err; - dev_dbg(pps->dev, "PPS_FETCH\n"); + dev_dbg(&pps->dev, "PPS_FETCH\n"); err = copy_from_user(&compat, uarg, sizeof(struct pps_fdata_compat)); if (err) @@ -296,20 +296,36 @@ static long pps_cdev_compat_ioctl(struct file *file, #define pps_cdev_compat_ioctl NULL #endif +static struct pps_device *pps_idr_get(unsigned long id) +{ + struct pps_device *pps; + + mutex_lock(&pps_idr_lock); + pps = idr_find(&pps_idr, id); + if (pps) + get_device(&pps->dev); + + mutex_unlock(&pps_idr_lock); + return pps; +} + static int pps_cdev_open(struct inode *inode, struct file *file) { - struct pps_device *pps = container_of(inode->i_cdev, - struct pps_device, cdev); + struct pps_device *pps = pps_idr_get(iminor(inode)); + + if (!pps) + return -ENODEV; + file->private_data = pps; - kobject_get(&pps->dev->kobj); return 0; } static int pps_cdev_release(struct inode *inode, struct file *file) { - struct pps_device *pps = container_of(inode->i_cdev, - struct pps_device, cdev); - kobject_put(&pps->dev->kobj); + struct pps_device *pps = file->private_data; + + WARN_ON(pps->id != iminor(inode)); + put_device(&pps->dev); return 0; } @@ -331,22 +347,13 @@ static void pps_device_destruct(struct device *dev) { struct pps_device *pps = dev_get_drvdata(dev); - cdev_del(&pps->cdev); - - /* Now we can release the ID for re-use */ pr_debug("deallocating pps%d\n", pps->id); - mutex_lock(&pps_idr_lock); - idr_remove(&pps_idr, pps->id); - mutex_unlock(&pps_idr_lock); - - kfree(dev); kfree(pps); } int pps_register_cdev(struct pps_device *pps) { int err; - dev_t devt; mutex_lock(&pps_idr_lock); /* @@ -363,40 +370,29 @@ int pps_register_cdev(struct pps_device *pps) goto out_unlock; } pps->id = err; - mutex_unlock(&pps_idr_lock); - devt = MKDEV(MAJOR(pps_devt), pps->id); - - cdev_init(&pps->cdev, &pps_cdev_fops); - pps->cdev.owner = pps->info.owner; - - err = cdev_add(&pps->cdev, devt, 1); - if (err) { - pr_err("%s: failed to add char device %d:%d\n", - pps->info.name, MAJOR(pps_devt), pps->id); + pps->dev.class = pps_class; + pps->dev.parent = pps->info.dev; + pps->dev.devt = MKDEV(pps_major, pps->id); + dev_set_drvdata(&pps->dev, pps); + dev_set_name(&pps->dev, "pps%d", pps->id); + err = device_register(&pps->dev); + if (err) goto free_idr; - } - pps->dev = device_create(pps_class, pps->info.dev, devt, pps, - "pps%d", pps->id); - if (IS_ERR(pps->dev)) { - err = PTR_ERR(pps->dev); - goto del_cdev; - } /* Override the release function with our own */ - pps->dev->release = pps_device_destruct; + pps->dev.release = pps_device_destruct; - pr_debug("source %s got cdev (%d:%d)\n", pps->info.name, - MAJOR(pps_devt), pps->id); + pr_debug("source %s got cdev (%d:%d)\n", pps->info.name, pps_major, + pps->id); + get_device(&pps->dev); + mutex_unlock(&pps_idr_lock); return 0; -del_cdev: - cdev_del(&pps->cdev); - free_idr: - mutex_lock(&pps_idr_lock); idr_remove(&pps_idr, pps->id); + put_device(&pps->dev); out_unlock: mutex_unlock(&pps_idr_lock); return err; @@ -406,7 +402,13 @@ void pps_unregister_cdev(struct pps_device *pps) { pr_debug("unregistering pps%d\n", pps->id); pps->lookup_cookie = NULL; - device_destroy(pps_class, pps->dev->devt); + device_destroy(pps_class, pps->dev.devt); + + /* Now we can release the ID for re-use */ + mutex_lock(&pps_idr_lock); + idr_remove(&pps_idr, pps->id); + put_device(&pps->dev); + mutex_unlock(&pps_idr_lock); } /* @@ -426,6 +428,11 @@ void pps_unregister_cdev(struct pps_device *pps) * so that it will not be used again, even if the pps device cannot * be removed from the idr due to pending references holding the minor * number in use. + * + * Since pps_idr holds a reference to the device, the returned + * pps_device is guaranteed to be valid until pps_unregister_cdev() is + * called on it. But after calling pps_unregister_cdev(), it may be + * freed at any time. */ struct pps_device *pps_lookup_dev(void const *cookie) { @@ -448,13 +455,11 @@ EXPORT_SYMBOL(pps_lookup_dev); static void __exit pps_exit(void) { class_destroy(pps_class); - unregister_chrdev_region(pps_devt, PPS_MAX_SOURCES); + __unregister_chrdev(pps_major, 0, PPS_MAX_SOURCES, "pps"); } static int __init pps_init(void) { - int err; - pps_class = class_create("pps"); if (IS_ERR(pps_class)) { pr_err("failed to allocate class\n"); @@ -462,8 +467,9 @@ static int __init pps_init(void) } pps_class->dev_groups = pps_groups; - err = alloc_chrdev_region(&pps_devt, 0, PPS_MAX_SOURCES, "pps"); - if (err < 0) { + pps_major = __register_chrdev(0, 0, PPS_MAX_SOURCES, "pps", + &pps_cdev_fops); + if (pps_major < 0) { pr_err("failed to allocate char device region\n"); goto remove_class; } @@ -476,8 +482,7 @@ static int __init pps_init(void) remove_class: class_destroy(pps_class); - - return err; + return pps_major; } subsys_initcall(pps_init); diff --git a/drivers/ptp/ptp_ocp.c b/drivers/ptp/ptp_ocp.c index 5feecaadde8e..120db96d9e95 100644 --- a/drivers/ptp/ptp_ocp.c +++ b/drivers/ptp/ptp_ocp.c @@ -4420,7 +4420,7 @@ ptp_ocp_complete(struct ptp_ocp *bp) pps = pps_lookup_dev(bp->ptp); if (pps) - ptp_ocp_symlink(bp, pps->dev, "pps"); + ptp_ocp_symlink(bp, &pps->dev, "pps"); ptp_ocp_debugfs_add_device(bp); diff --git a/include/linux/pps_kernel.h b/include/linux/pps_kernel.h index 78c8ac4951b5..c7abce28ed29 100644 --- a/include/linux/pps_kernel.h +++ b/include/linux/pps_kernel.h @@ -56,8 +56,7 @@ struct pps_device { unsigned int id; /* PPS source unique ID */ void const *lookup_cookie; /* For pps_lookup_dev() only */ - struct cdev cdev; - struct device *dev; + struct device dev; struct fasync_struct *async_queue; /* fasync method */ spinlock_t lock; };

4 months, 1 week

3
2
0 0

[PATCH 6.6 1/2] Revert "btrfs: avoid monopolizing a core when activating a swap file"

by Koichiro Den

This reverts commit 6e1a8225930719a9f352d56320214e33e2dde0a6. The backport for linux-6.6.y, commit 6e1a82259307 ("btrfs: avoid monopolizing a core when activating a swap file"), inserted cond_resched() in the wrong location. Revert it now; a subsequent commit will re-backport the original patch. Fixes: 6e1a82259307 ("btrfs: avoid monopolizing a core when activating a swap file") # linux-6.6.y Signed-off-by: Koichiro Den <koichiro.den(a)canonical.com> --- fs/btrfs/inode.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c index eb9319d856f2..49c927e8a807 100644 --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c @@ -7153,8 +7153,6 @@ noinline int can_nocow_extent(struct inode *inode, u64 offset, u64 *len, ret = -EAGAIN; goto out; } - - cond_resched(); } if (orig_start) -- 2.45.2

4 months, 1 week

2
2
0 0

[PATCH 5.4~6.13] MIPS: ftrace: Declare ftrace_get_parent_ra_addr() as static

by WangYuli

commit ddd068d81445b17ac0bed084dfeb9e58b4df3ddd upstream. Declare ftrace_get_parent_ra_addr() as static to suppress clang compiler warning that 'no previous prototype'. This function is not intended to be called from other parts. Fix follow error with clang-19: arch/mips/kernel/ftrace.c:251:15: error: no previous prototype for function 'ftrace_get_parent_ra_addr' [-Werror,-Wmissing-prototypes] 251 | unsigned long ftrace_get_parent_ra_addr(unsigned long self_ra, unsigned long | ^ arch/mips/kernel/ftrace.c:251:1: note: declare 'static' if the function is not intended to be used outside of this translation unit 251 | unsigned long ftrace_get_parent_ra_addr(unsigned long self_ra, unsigned long | ^ | static 1 error generated. Signed-off-by: WangYuli <wangyuli(a)uniontech.com> Acked-by: Masami Hiramatsu (Google) <mhiramat(a)kernel.org> Reviewed-by: Philippe Mathieu-Daudé <philmd(a)linaro.org> Signed-off-by: Thomas Bogendoerfer <tsbogend(a)alpha.franken.de> Signed-off-by: WangYuli <wangyuli(a)uniontech.com> --- arch/mips/kernel/ftrace.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/mips/kernel/ftrace.c b/arch/mips/kernel/ftrace.c index 8c401e42301c..f39e85fd58fa 100644 --- a/arch/mips/kernel/ftrace.c +++ b/arch/mips/kernel/ftrace.c @@ -248,7 +248,7 @@ int ftrace_disable_ftrace_graph_caller(void) #define S_R_SP (0xafb0 << 16) /* s{d,w} R, offset(sp) */ #define OFFSET_MASK 0xffff /* stack offset range: 0 ~ PT_SIZE */ -unsigned long ftrace_get_parent_ra_addr(unsigned long self_ra, unsigned long +static unsigned long ftrace_get_parent_ra_addr(unsigned long self_ra, unsigned long old_parent_ra, unsigned long parent_ra_addr, unsigned long fp) { unsigned long sp, ip, tmp; -- 2.47.2

4 months, 1 week

2
1
0 0

[PATCH] Documentation/no_hz: Remove description that states boot CPU cannot be nohz_full

by Krishanth Jagaduri via B4 Relay

From: Oleg Nesterov <oleg(a)redhat.com> [ Upstream commit 5097cbcb38e6e0d2627c9dde1985e91d2c9f880e ] Documentation/timers/no_hz.rst states that the "nohz_full=" mask must not include the boot CPU, which is no longer true after: commit 08ae95f4fd3b ("nohz_full: Allow the boot CPU to be nohz_full"). Apply changes only to Documentation/timers/no_hz.rst in stable kernels. Signed-off-by: Oleg Nesterov <oleg(a)redhat.com> Cc: stable(a)vger.kernel.org # 5.4+ Signed-off-by: Krishanth Jagaduri <Krishanth.Jagaduri(a)sony.com> --- Hi, Before kernel 6.9, Documentation/timers/no_hz.rst states that "nohz_full=" mask must not include the boot CPU, which is no longer true after commit 08ae95f4fd3b ("nohz_full: Allow the boot CPU to be nohz_full"). This was fixed upstream by commit 5097cbcb38e6 ("sched/isolation: Prevent boot crash when the boot CPU is nohz_full"). While it fixes the document description, it also fixes issue introduced by another commit aae17ebb53cd ("workqueue: Avoid using isolated cpus' timers on queue_delayed_work"). It is unlikely that it will be backported to stable kernels which does not contain the commit that introduced the issue. Could Documentation/timers/no_hz.rst be fixed in stable kernels 5.4+? --- Documentation/timers/no_hz.rst | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/Documentation/timers/no_hz.rst b/Documentation/timers/no_hz.rst index 065db217cb04fc252bbf6a05991296e7f1d3a4c5..16bda468423e88090c0dc467ca7a5c7f3fd2bf02 100644 --- a/Documentation/timers/no_hz.rst +++ b/Documentation/timers/no_hz.rst @@ -129,11 +129,8 @@ adaptive-tick CPUs: At least one non-adaptive-tick CPU must remain online to handle timekeeping tasks in order to ensure that system calls like gettimeofday() returns accurate values on adaptive-tick CPUs. (This is not an issue for CONFIG_NO_HZ_IDLE=y because there are no running -user processes to observe slight drifts in clock rate.) Therefore, the -boot CPU is prohibited from entering adaptive-ticks mode. Specifying a -"nohz_full=" mask that includes the boot CPU will result in a boot-time -error message, and the boot CPU will be removed from the mask. Note that -this means that your system must have at least two CPUs in order for +user processes to observe slight drifts in clock rate.) Note that this +means that your system must have at least two CPUs in order for CONFIG_NO_HZ_FULL=y to do anything for you. Finally, adaptive-ticks CPUs must have their RCU callbacks offloaded. --- base-commit: 219d54332a09e8d8741c1e1982f5eae56099de85 change-id: 20250129-send-oss-20250129-3c42dcf463eb Best regards, -- Krishanth Jagaduri <Krishanth.Jagaduri(a)sony.com>

4 months, 1 week

4
3
0 0

FAILED: patch "[PATCH] pps: Fix a use-after-free" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x c79a39dc8d060b9e64e8b0fa9d245d44befeefbe # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025020422-tragedy-splashing-50db@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c79a39dc8d060b9e64e8b0fa9d245d44befeefbe Mon Sep 17 00:00:00 2001 From: Calvin Owens <calvin(a)wbinvd.org> Date: Mon, 11 Nov 2024 20:13:29 -0800 Subject: [PATCH] pps: Fix a use-after-free On a board running ntpd and gpsd, I'm seeing a consistent use-after-free in sys_exit() from gpsd when rebooting: pps pps1: removed ------------[ cut here ]------------ kobject: '(null)' (00000000db4bec24): is not initialized, yet kobject_put() is being called. WARNING: CPU: 2 PID: 440 at lib/kobject.c:734 kobject_put+0x120/0x150 CPU: 2 UID: 299 PID: 440 Comm: gpsd Not tainted 6.11.0-rc6-00308-gb31c44928842 #1 Hardware name: Raspberry Pi 4 Model B Rev 1.1 (DT) pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : kobject_put+0x120/0x150 lr : kobject_put+0x120/0x150 sp : ffffffc0803d3ae0 x29: ffffffc0803d3ae0 x28: ffffff8042dc9738 x27: 0000000000000001 x26: 0000000000000000 x25: ffffff8042dc9040 x24: ffffff8042dc9440 x23: ffffff80402a4620 x22: ffffff8042ef4bd0 x21: ffffff80405cb600 x20: 000000000008001b x19: ffffff8040b3b6e0 x18: 0000000000000000 x17: 0000000000000000 x16: 0000000000000000 x15: 696e6920746f6e20 x14: 7369203a29343263 x13: 205d303434542020 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000 x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000000 x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000000 Call trace: kobject_put+0x120/0x150 cdev_put+0x20/0x3c __fput+0x2c4/0x2d8 ____fput+0x1c/0x38 task_work_run+0x70/0xfc do_exit+0x2a0/0x924 do_group_exit+0x34/0x90 get_signal+0x7fc/0x8c0 do_signal+0x128/0x13b4 do_notify_resume+0xdc/0x160 el0_svc+0xd4/0xf8 el0t_64_sync_handler+0x140/0x14c el0t_64_sync+0x190/0x194 ---[ end trace 0000000000000000 ]--- ...followed by more symptoms of corruption, with similar stacks: refcount_t: underflow; use-after-free. kernel BUG at lib/list_debug.c:62! Kernel panic - not syncing: Oops - BUG: Fatal exception This happens because pps_device_destruct() frees the pps_device with the embedded cdev immediately after calling cdev_del(), but, as the comment above cdev_del() notes, fops for previously opened cdevs are still callable even after cdev_del() returns. I think this bug has always been there: I can't explain why it suddenly started happening every time I reboot this particular board. In commit d953e0e837e6 ("pps: Fix a use-after free bug when unregistering a source."), George Spelvin suggested removing the embedded cdev. That seems like the simplest way to fix this, so I've implemented his suggestion, using __register_chrdev() with pps_idr becoming the source of truth for which minor corresponds to which device. But now that pps_idr defines userspace visibility instead of cdev_add(), we need to be sure the pps->dev refcount can't reach zero while userspace can still find it again. So, the idr_remove() call moves to pps_unregister_cdev(), and pps_idr now holds a reference to pps->dev. pps_core: source serial1 got cdev (251:1) <...> pps pps1: removed pps_core: unregistering pps1 pps_core: deallocating pps1 Fixes: d953e0e837e6 ("pps: Fix a use-after free bug when unregistering a source.") Cc: stable(a)vger.kernel.org Signed-off-by: Calvin Owens <calvin(a)wbinvd.org> Reviewed-by: Michal Schmidt <mschmidt(a)redhat.com> Link: https://lore.kernel.org/r/a17975fd5ae99385791929e563f72564edbcf28f.17313837… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/pps/clients/pps-gpio.c b/drivers/pps/clients/pps-gpio.c index 634c3b2f8c26..f77b19884f05 100644 --- a/drivers/pps/clients/pps-gpio.c +++ b/drivers/pps/clients/pps-gpio.c @@ -214,8 +214,8 @@ static int pps_gpio_probe(struct platform_device *pdev) return -EINVAL; } - dev_info(data->pps->dev, "Registered IRQ %d as PPS source\n", - data->irq); + dev_dbg(&data->pps->dev, "Registered IRQ %d as PPS source\n", + data->irq); return 0; } diff --git a/drivers/pps/clients/pps-ktimer.c b/drivers/pps/clients/pps-ktimer.c index d33106bd7a29..2f465549b843 100644 --- a/drivers/pps/clients/pps-ktimer.c +++ b/drivers/pps/clients/pps-ktimer.c @@ -56,7 +56,7 @@ static struct pps_source_info pps_ktimer_info = { static void __exit pps_ktimer_exit(void) { - dev_info(pps->dev, "ktimer PPS source unregistered\n"); + dev_dbg(&pps->dev, "ktimer PPS source unregistered\n"); del_timer_sync(&ktimer); pps_unregister_source(pps); @@ -74,7 +74,7 @@ static int __init pps_ktimer_init(void) timer_setup(&ktimer, pps_ktimer_event, 0); mod_timer(&ktimer, jiffies + HZ); - dev_info(pps->dev, "ktimer PPS source registered\n"); + dev_dbg(&pps->dev, "ktimer PPS source registered\n"); return 0; } diff --git a/drivers/pps/clients/pps-ldisc.c b/drivers/pps/clients/pps-ldisc.c index 443d6bae19d1..fa5660f3c4b7 100644 --- a/drivers/pps/clients/pps-ldisc.c +++ b/drivers/pps/clients/pps-ldisc.c @@ -32,7 +32,7 @@ static void pps_tty_dcd_change(struct tty_struct *tty, bool active) pps_event(pps, &ts, active ? PPS_CAPTUREASSERT : PPS_CAPTURECLEAR, NULL); - dev_dbg(pps->dev, "PPS %s at %lu\n", + dev_dbg(&pps->dev, "PPS %s at %lu\n", active ? "assert" : "clear", jiffies); } @@ -69,7 +69,7 @@ static int pps_tty_open(struct tty_struct *tty) goto err_unregister; } - dev_info(pps->dev, "source \"%s\" added\n", info.path); + dev_dbg(&pps->dev, "source \"%s\" added\n", info.path); return 0; @@ -89,7 +89,7 @@ static void pps_tty_close(struct tty_struct *tty) if (WARN_ON(!pps)) return; - dev_info(pps->dev, "removed\n"); + dev_info(&pps->dev, "removed\n"); pps_unregister_source(pps); } diff --git a/drivers/pps/clients/pps_parport.c b/drivers/pps/clients/pps_parport.c index abaffb4e1c1c..24db06750297 100644 --- a/drivers/pps/clients/pps_parport.c +++ b/drivers/pps/clients/pps_parport.c @@ -81,7 +81,7 @@ static void parport_irq(void *handle) /* check the signal (no signal means the pulse is lost this time) */ if (!signal_is_set(port)) { local_irq_restore(flags); - dev_err(dev->pps->dev, "lost the signal\n"); + dev_err(&dev->pps->dev, "lost the signal\n"); goto out_assert; } @@ -98,7 +98,7 @@ static void parport_irq(void *handle) /* timeout */ dev->cw_err++; if (dev->cw_err >= CLEAR_WAIT_MAX_ERRORS) { - dev_err(dev->pps->dev, "disabled clear edge capture after %d" + dev_err(&dev->pps->dev, "disabled clear edge capture after %d" " timeouts\n", dev->cw_err); dev->cw = 0; dev->cw_err = 0; diff --git a/drivers/pps/kapi.c b/drivers/pps/kapi.c index d9d566f70ed1..92d1b62ea239 100644 --- a/drivers/pps/kapi.c +++ b/drivers/pps/kapi.c @@ -41,7 +41,7 @@ static void pps_add_offset(struct pps_ktime *ts, struct pps_ktime *offset) static void pps_echo_client_default(struct pps_device *pps, int event, void *data) { - dev_info(pps->dev, "echo %s %s\n", + dev_info(&pps->dev, "echo %s %s\n", event & PPS_CAPTUREASSERT ? "assert" : "", event & PPS_CAPTURECLEAR ? "clear" : ""); } @@ -112,7 +112,7 @@ struct pps_device *pps_register_source(struct pps_source_info *info, goto kfree_pps; } - dev_info(pps->dev, "new PPS source %s\n", info->name); + dev_dbg(&pps->dev, "new PPS source %s\n", info->name); return pps; @@ -166,7 +166,7 @@ void pps_event(struct pps_device *pps, struct pps_event_time *ts, int event, /* check event type */ BUG_ON((event & (PPS_CAPTUREASSERT | PPS_CAPTURECLEAR)) == 0); - dev_dbg(pps->dev, "PPS event at %lld.%09ld\n", + dev_dbg(&pps->dev, "PPS event at %lld.%09ld\n", (s64)ts->ts_real.tv_sec, ts->ts_real.tv_nsec); timespec_to_pps_ktime(&ts_real, ts->ts_real); @@ -188,7 +188,7 @@ void pps_event(struct pps_device *pps, struct pps_event_time *ts, int event, /* Save the time stamp */ pps->assert_tu = ts_real; pps->assert_sequence++; - dev_dbg(pps->dev, "capture assert seq #%u\n", + dev_dbg(&pps->dev, "capture assert seq #%u\n", pps->assert_sequence); captured = ~0; @@ -202,7 +202,7 @@ void pps_event(struct pps_device *pps, struct pps_event_time *ts, int event, /* Save the time stamp */ pps->clear_tu = ts_real; pps->clear_sequence++; - dev_dbg(pps->dev, "capture clear seq #%u\n", + dev_dbg(&pps->dev, "capture clear seq #%u\n", pps->clear_sequence); captured = ~0; diff --git a/drivers/pps/kc.c b/drivers/pps/kc.c index 50dc59af45be..fbd23295afd7 100644 --- a/drivers/pps/kc.c +++ b/drivers/pps/kc.c @@ -43,11 +43,11 @@ int pps_kc_bind(struct pps_device *pps, struct pps_bind_args *bind_args) pps_kc_hardpps_mode = 0; pps_kc_hardpps_dev = NULL; spin_unlock_irq(&pps_kc_hardpps_lock); - dev_info(pps->dev, "unbound kernel" + dev_info(&pps->dev, "unbound kernel" " consumer\n"); } else { spin_unlock_irq(&pps_kc_hardpps_lock); - dev_err(pps->dev, "selected kernel consumer" + dev_err(&pps->dev, "selected kernel consumer" " is not bound\n"); return -EINVAL; } @@ -57,11 +57,11 @@ int pps_kc_bind(struct pps_device *pps, struct pps_bind_args *bind_args) pps_kc_hardpps_mode = bind_args->edge; pps_kc_hardpps_dev = pps; spin_unlock_irq(&pps_kc_hardpps_lock); - dev_info(pps->dev, "bound kernel consumer: " + dev_info(&pps->dev, "bound kernel consumer: " "edge=0x%x\n", bind_args->edge); } else { spin_unlock_irq(&pps_kc_hardpps_lock); - dev_err(pps->dev, "another kernel consumer" + dev_err(&pps->dev, "another kernel consumer" " is already bound\n"); return -EINVAL; } @@ -83,7 +83,7 @@ void pps_kc_remove(struct pps_device *pps) pps_kc_hardpps_mode = 0; pps_kc_hardpps_dev = NULL; spin_unlock_irq(&pps_kc_hardpps_lock); - dev_info(pps->dev, "unbound kernel consumer" + dev_info(&pps->dev, "unbound kernel consumer" " on device removal\n"); } else spin_unlock_irq(&pps_kc_hardpps_lock); diff --git a/drivers/pps/pps.c b/drivers/pps/pps.c index 25d47907db17..6a02245ea35f 100644 --- a/drivers/pps/pps.c +++ b/drivers/pps/pps.c @@ -25,7 +25,7 @@ * Local variables */ -static dev_t pps_devt; +static int pps_major; static struct class *pps_class; static DEFINE_MUTEX(pps_idr_lock); @@ -62,7 +62,7 @@ static int pps_cdev_pps_fetch(struct pps_device *pps, struct pps_fdata *fdata) else { unsigned long ticks; - dev_dbg(pps->dev, "timeout %lld.%09d\n", + dev_dbg(&pps->dev, "timeout %lld.%09d\n", (long long) fdata->timeout.sec, fdata->timeout.nsec); ticks = fdata->timeout.sec * HZ; @@ -80,7 +80,7 @@ static int pps_cdev_pps_fetch(struct pps_device *pps, struct pps_fdata *fdata) /* Check for pending signals */ if (err == -ERESTARTSYS) { - dev_dbg(pps->dev, "pending signal caught\n"); + dev_dbg(&pps->dev, "pending signal caught\n"); return -EINTR; } @@ -98,7 +98,7 @@ static long pps_cdev_ioctl(struct file *file, switch (cmd) { case PPS_GETPARAMS: - dev_dbg(pps->dev, "PPS_GETPARAMS\n"); + dev_dbg(&pps->dev, "PPS_GETPARAMS\n"); spin_lock_irq(&pps->lock); @@ -114,7 +114,7 @@ static long pps_cdev_ioctl(struct file *file, break; case PPS_SETPARAMS: - dev_dbg(pps->dev, "PPS_SETPARAMS\n"); + dev_dbg(&pps->dev, "PPS_SETPARAMS\n"); /* Check the capabilities */ if (!capable(CAP_SYS_TIME)) @@ -124,14 +124,14 @@ static long pps_cdev_ioctl(struct file *file, if (err) return -EFAULT; if (!(params.mode & (PPS_CAPTUREASSERT | PPS_CAPTURECLEAR))) { - dev_dbg(pps->dev, "capture mode unspecified (%x)\n", + dev_dbg(&pps->dev, "capture mode unspecified (%x)\n", params.mode); return -EINVAL; } /* Check for supported capabilities */ if ((params.mode & ~pps->info.mode) != 0) { - dev_dbg(pps->dev, "unsupported capabilities (%x)\n", + dev_dbg(&pps->dev, "unsupported capabilities (%x)\n", params.mode); return -EINVAL; } @@ -144,7 +144,7 @@ static long pps_cdev_ioctl(struct file *file, /* Restore the read only parameters */ if ((params.mode & (PPS_TSFMT_TSPEC | PPS_TSFMT_NTPFP)) == 0) { /* section 3.3 of RFC 2783 interpreted */ - dev_dbg(pps->dev, "time format unspecified (%x)\n", + dev_dbg(&pps->dev, "time format unspecified (%x)\n", params.mode); pps->params.mode |= PPS_TSFMT_TSPEC; } @@ -165,7 +165,7 @@ static long pps_cdev_ioctl(struct file *file, break; case PPS_GETCAP: - dev_dbg(pps->dev, "PPS_GETCAP\n"); + dev_dbg(&pps->dev, "PPS_GETCAP\n"); err = put_user(pps->info.mode, iuarg); if (err) @@ -176,7 +176,7 @@ static long pps_cdev_ioctl(struct file *file, case PPS_FETCH: { struct pps_fdata fdata; - dev_dbg(pps->dev, "PPS_FETCH\n"); + dev_dbg(&pps->dev, "PPS_FETCH\n"); err = copy_from_user(&fdata, uarg, sizeof(struct pps_fdata)); if (err) @@ -206,7 +206,7 @@ static long pps_cdev_ioctl(struct file *file, case PPS_KC_BIND: { struct pps_bind_args bind_args; - dev_dbg(pps->dev, "PPS_KC_BIND\n"); + dev_dbg(&pps->dev, "PPS_KC_BIND\n"); /* Check the capabilities */ if (!capable(CAP_SYS_TIME)) @@ -218,7 +218,7 @@ static long pps_cdev_ioctl(struct file *file, /* Check for supported capabilities */ if ((bind_args.edge & ~pps->info.mode) != 0) { - dev_err(pps->dev, "unsupported capabilities (%x)\n", + dev_err(&pps->dev, "unsupported capabilities (%x)\n", bind_args.edge); return -EINVAL; } @@ -227,7 +227,7 @@ static long pps_cdev_ioctl(struct file *file, if (bind_args.tsformat != PPS_TSFMT_TSPEC || (bind_args.edge & ~PPS_CAPTUREBOTH) != 0 || bind_args.consumer != PPS_KC_HARDPPS) { - dev_err(pps->dev, "invalid kernel consumer bind" + dev_err(&pps->dev, "invalid kernel consumer bind" " parameters (%x)\n", bind_args.edge); return -EINVAL; } @@ -259,7 +259,7 @@ static long pps_cdev_compat_ioctl(struct file *file, struct pps_fdata fdata; int err; - dev_dbg(pps->dev, "PPS_FETCH\n"); + dev_dbg(&pps->dev, "PPS_FETCH\n"); err = copy_from_user(&compat, uarg, sizeof(struct pps_fdata_compat)); if (err) @@ -296,20 +296,36 @@ static long pps_cdev_compat_ioctl(struct file *file, #define pps_cdev_compat_ioctl NULL #endif +static struct pps_device *pps_idr_get(unsigned long id) +{ + struct pps_device *pps; + + mutex_lock(&pps_idr_lock); + pps = idr_find(&pps_idr, id); + if (pps) + get_device(&pps->dev); + + mutex_unlock(&pps_idr_lock); + return pps; +} + static int pps_cdev_open(struct inode *inode, struct file *file) { - struct pps_device *pps = container_of(inode->i_cdev, - struct pps_device, cdev); + struct pps_device *pps = pps_idr_get(iminor(inode)); + + if (!pps) + return -ENODEV; + file->private_data = pps; - kobject_get(&pps->dev->kobj); return 0; } static int pps_cdev_release(struct inode *inode, struct file *file) { - struct pps_device *pps = container_of(inode->i_cdev, - struct pps_device, cdev); - kobject_put(&pps->dev->kobj); + struct pps_device *pps = file->private_data; + + WARN_ON(pps->id != iminor(inode)); + put_device(&pps->dev); return 0; } @@ -331,22 +347,13 @@ static void pps_device_destruct(struct device *dev) { struct pps_device *pps = dev_get_drvdata(dev); - cdev_del(&pps->cdev); - - /* Now we can release the ID for re-use */ pr_debug("deallocating pps%d\n", pps->id); - mutex_lock(&pps_idr_lock); - idr_remove(&pps_idr, pps->id); - mutex_unlock(&pps_idr_lock); - - kfree(dev); kfree(pps); } int pps_register_cdev(struct pps_device *pps) { int err; - dev_t devt; mutex_lock(&pps_idr_lock); /* @@ -363,40 +370,29 @@ int pps_register_cdev(struct pps_device *pps) goto out_unlock; } pps->id = err; - mutex_unlock(&pps_idr_lock); - devt = MKDEV(MAJOR(pps_devt), pps->id); - - cdev_init(&pps->cdev, &pps_cdev_fops); - pps->cdev.owner = pps->info.owner; - - err = cdev_add(&pps->cdev, devt, 1); - if (err) { - pr_err("%s: failed to add char device %d:%d\n", - pps->info.name, MAJOR(pps_devt), pps->id); + pps->dev.class = pps_class; + pps->dev.parent = pps->info.dev; + pps->dev.devt = MKDEV(pps_major, pps->id); + dev_set_drvdata(&pps->dev, pps); + dev_set_name(&pps->dev, "pps%d", pps->id); + err = device_register(&pps->dev); + if (err) goto free_idr; - } - pps->dev = device_create(pps_class, pps->info.dev, devt, pps, - "pps%d", pps->id); - if (IS_ERR(pps->dev)) { - err = PTR_ERR(pps->dev); - goto del_cdev; - } /* Override the release function with our own */ - pps->dev->release = pps_device_destruct; + pps->dev.release = pps_device_destruct; - pr_debug("source %s got cdev (%d:%d)\n", pps->info.name, - MAJOR(pps_devt), pps->id); + pr_debug("source %s got cdev (%d:%d)\n", pps->info.name, pps_major, + pps->id); + get_device(&pps->dev); + mutex_unlock(&pps_idr_lock); return 0; -del_cdev: - cdev_del(&pps->cdev); - free_idr: - mutex_lock(&pps_idr_lock); idr_remove(&pps_idr, pps->id); + put_device(&pps->dev); out_unlock: mutex_unlock(&pps_idr_lock); return err; @@ -406,7 +402,13 @@ void pps_unregister_cdev(struct pps_device *pps) { pr_debug("unregistering pps%d\n", pps->id); pps->lookup_cookie = NULL; - device_destroy(pps_class, pps->dev->devt); + device_destroy(pps_class, pps->dev.devt); + + /* Now we can release the ID for re-use */ + mutex_lock(&pps_idr_lock); + idr_remove(&pps_idr, pps->id); + put_device(&pps->dev); + mutex_unlock(&pps_idr_lock); } /* @@ -426,6 +428,11 @@ void pps_unregister_cdev(struct pps_device *pps) * so that it will not be used again, even if the pps device cannot * be removed from the idr due to pending references holding the minor * number in use. + * + * Since pps_idr holds a reference to the device, the returned + * pps_device is guaranteed to be valid until pps_unregister_cdev() is + * called on it. But after calling pps_unregister_cdev(), it may be + * freed at any time. */ struct pps_device *pps_lookup_dev(void const *cookie) { @@ -448,13 +455,11 @@ EXPORT_SYMBOL(pps_lookup_dev); static void __exit pps_exit(void) { class_destroy(pps_class); - unregister_chrdev_region(pps_devt, PPS_MAX_SOURCES); + __unregister_chrdev(pps_major, 0, PPS_MAX_SOURCES, "pps"); } static int __init pps_init(void) { - int err; - pps_class = class_create("pps"); if (IS_ERR(pps_class)) { pr_err("failed to allocate class\n"); @@ -462,8 +467,9 @@ static int __init pps_init(void) } pps_class->dev_groups = pps_groups; - err = alloc_chrdev_region(&pps_devt, 0, PPS_MAX_SOURCES, "pps"); - if (err < 0) { + pps_major = __register_chrdev(0, 0, PPS_MAX_SOURCES, "pps", + &pps_cdev_fops); + if (pps_major < 0) { pr_err("failed to allocate char device region\n"); goto remove_class; } @@ -476,8 +482,7 @@ static int __init pps_init(void) remove_class: class_destroy(pps_class); - - return err; + return pps_major; } subsys_initcall(pps_init); diff --git a/drivers/ptp/ptp_ocp.c b/drivers/ptp/ptp_ocp.c index 5feecaadde8e..120db96d9e95 100644 --- a/drivers/ptp/ptp_ocp.c +++ b/drivers/ptp/ptp_ocp.c @@ -4420,7 +4420,7 @@ ptp_ocp_complete(struct ptp_ocp *bp) pps = pps_lookup_dev(bp->ptp); if (pps) - ptp_ocp_symlink(bp, pps->dev, "pps"); + ptp_ocp_symlink(bp, &pps->dev, "pps"); ptp_ocp_debugfs_add_device(bp); diff --git a/include/linux/pps_kernel.h b/include/linux/pps_kernel.h index 78c8ac4951b5..c7abce28ed29 100644 --- a/include/linux/pps_kernel.h +++ b/include/linux/pps_kernel.h @@ -56,8 +56,7 @@ struct pps_device { unsigned int id; /* PPS source unique ID */ void const *lookup_cookie; /* For pps_lookup_dev() only */ - struct cdev cdev; - struct device *dev; + struct device dev; struct fasync_struct *async_queue; /* fasync method */ spinlock_t lock; };

4 months, 1 week

3
2
0 0

[PATCH 6.1 1/2] Revert "btrfs: avoid monopolizing a core when activating a swap file"

by Koichiro Den

This reverts commit bb8e287f596b62fac18ed84cc03a9f1752f6b3b8. The backport for linux-6.1.y, commit bb8e287f596b ("btrfs: avoid monopolizing a core when activating a swap file"), inserted cond_resched() in the wrong location. Revert it now; a subsequent commit will re-backport the original patch. Fixes: bb8e287f596b ("btrfs: avoid monopolizing a core when activating a swap file") # linux-6.1.y Signed-off-by: Koichiro Den <koichiro.den(a)canonical.com> --- fs/btrfs/inode.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c index b2cded5bf69c..f4a754d62bf4 100644 --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c @@ -7387,8 +7387,6 @@ noinline int can_nocow_extent(struct inode *inode, u64 offset, u64 *len, ret = -EAGAIN; goto out; } - - cond_resched(); } if (orig_start) -- 2.45.2

4 months, 1 week

2
2
0 0

[PATCH 5.15 1/2] Revert "btrfs: avoid monopolizing a core when activating a swap file"

by Koichiro Den

This reverts commit 214d92f0a465f93eea15e702e743f2c63823b1fd. The backport for linux-5.15.y, commit 214d92f0a465 ("btrfs: avoid monopolizing a core when activating a swap file"), inserted cond_resched() in the wrong location. Revert it now; a subsequent commit will re-backport the original patch. Fixes: 214d92f0a465 ("btrfs: avoid monopolizing a core when activating a swap file") # linux-5.15.y Signed-off-by: Koichiro Den <koichiro.den(a)canonical.com> --- fs/btrfs/inode.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c index a6b1dd834060..8f048e517e65 100644 --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c @@ -7698,8 +7698,6 @@ noinline int can_nocow_extent(struct inode *inode, u64 offset, u64 *len, ret = -EAGAIN; goto out; } - - cond_resched(); } btrfs_release_path(path); -- 2.45.2

4 months, 1 week

2
2
0 0

[PATCH 5.10.y] profile: Fix use after free in profile_tick()

by Xingrui Yi

[free] profiling_store() --> profile_init() --> free_cpumask_var(prof_cpu_mask) <-- freed [use] tick_sched_timer() --> profile_tick() --> cpumask_available(prof_cpu_mask) <-- prof_cpu_mask is not NULL if cpumask offstack --> cpumask_test_cpu(smp_processor_id(), prof_cpu_mask) <-- use after free When profile_init() failed if prof_buffer is not allocated, prof_cpu_mask will be kfreed by free_cpumask_var() but not set to NULL when CONFIG_CPUMASK_OFFSTACK=y, thus profile_tick() will use prof_cpu_mask after free. Signed-off-by: Xingrui Yi <yixingrui(a)linux.alibaba.com> --- kernel/profile.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/kernel/profile.c b/kernel/profile.c index 0db1122855c0..b5e85193cb02 100644 --- a/kernel/profile.c +++ b/kernel/profile.c @@ -137,6 +137,9 @@ int __ref profile_init(void) return 0; free_cpumask_var(prof_cpu_mask); +#ifdef CONFIG_CPUMASK_OFFSTACK + prof_cpu_mask = NULL; +#endif return -ENOMEM; } -- 2.43.5

4 months, 1 week

3
2
0 0

[PATCH 6.12 1/2] Revert "btrfs: avoid monopolizing a core when activating a swap file"

by Koichiro Den

This reverts commit 9f372e86b9bd1914df58c8f6e30939b7a224c6b0. The backport for linux-6.12.y, commit 9f372e86b9bd ("btrfs: avoid monopolizing a core when activating a swap file"), inserted cond_resched() in the wrong location. Revert it now; a subsequent commit will re-backport the original patch. Fixes: 9f372e86b9bd ("btrfs: avoid monopolizing a core when activating a swap file") # linux-6.12.y Signed-off-by: Koichiro Den <koichiro.den(a)canonical.com> --- fs/btrfs/inode.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c index a3c861b2a6d2..a74a09cf622d 100644 --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c @@ -7117,8 +7117,6 @@ noinline int can_nocow_extent(struct inode *inode, u64 offset, u64 *len, ret = -EAGAIN; goto out; } - - cond_resched(); } if (file_extent) -- 2.45.2

4 months, 1 week

2
2
0 0

[PATCH 6.1&6.6 0/3] kbuild: Avoid weak external linkage where possible

by Huacai Chen

Backport this series to 6.1&6.6 because LoongArch gets build errors with latest binutils which has commit 599df6e2db17d1c4 ("ld, LoongArch: print error about linking without -fPIC or -fPIE flag in more detail"). CC .vmlinux.export.o UPD include/generated/utsversion.h CC init/version-timestamp.o LD .tmp_vmlinux.kallsyms1 loongarch64-unknown-linux-gnu-ld: kernel/kallsyms.o:(.text+0): relocation R_LARCH_PCALA_HI20 against `kallsyms_markers` can not be used when making a PIE object; recompile with -fPIE loongarch64-unknown-linux-gnu-ld: kernel/crash_core.o:(.init.text+0x984): relocation R_LARCH_PCALA_HI20 against `kallsyms_names` can not be used when making a PIE object; recompile with -fPIE loongarch64-unknown-linux-gnu-ld: kernel/bpf/btf.o:(.text+0xcc7c): relocation R_LARCH_PCALA_HI20 against `__start_BTF` can not be used when making a PIE object; recompile with -fPIE loongarch64-unknown-linux-gnu-ld: BFD (GNU Binutils) 2.43.50.20241126 assertion fail ../../bfd/elfnn-loongarch.c:2673 In theory 5.10&5.15 also need this, but since LoongArch get upstream at 5.19, so I just ignore them because there is no error report about other archs now. Weak external linkage is intended for cases where a symbol reference can remain unsatisfied in the final link. Taking the address of such a symbol should yield NULL if the reference was not satisfied. Given that ordinary RIP or PC relative references cannot produce NULL, some kind of indirection is always needed in such cases, and in position independent code, this results in a GOT entry. In ordinary code, it is arch specific but amounts to the same thing. While unavoidable in some cases, weak references are currently also used to declare symbols that are always defined in the final link, but not in the first linker pass. This means we end up with worse codegen for no good reason. So let's clean this up, by providing preliminary definitions that are only used as a fallback. Ard Biesheuvel (3): kallsyms: Avoid weak references for kallsyms symbols vmlinux: Avoid weak reference to notes section btf: Avoid weak external references Signed-off-by: Ard Biesheuvel <ardb(a)kernel.org> Signed-off-by: Huacai Chen <chenhuacai(a)loongson.cn> --- include/asm-generic/vmlinux.lds.h | 28 ++++++++++++++++++ kernel/bpf/btf.c | 7 +++-- kernel/bpf/sysfs_btf.c | 6 ++-- kernel/kallsyms.c | 6 ---- kernel/kallsyms_internal.h | 30 ++++++++------------ kernel/ksysfs.c | 4 +-- lib/buildid.c | 4 +-- 7 files changed, 52 insertions(+), 33 deletions(-) --- 2.27.0

4 months, 1 week

8
16
0 0

[PATCH 6.1] net: Fix icmp host relookup triggering ip_rt_bug

by vgiraud.opensource＠witekio.com

From: Dong Chenchen <dongchenchen2(a)huawei.com> [ Upstream commit c44daa7e3c73229f7ac74985acb8c7fb909c4e0a ] arp link failure may trigger ip_rt_bug while xfrm enabled, call trace is: WARNING: CPU: 0 PID: 0 at net/ipv4/route.c:1241 ip_rt_bug+0x14/0x20 Modules linked in: CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.12.0-rc6-00077-g2e1b3cc9d7f7 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 RIP: 0010:ip_rt_bug+0x14/0x20 Call Trace: <IRQ> ip_send_skb+0x14/0x40 __icmp_send+0x42d/0x6a0 ipv4_link_failure+0xe2/0x1d0 arp_error_report+0x3c/0x50 neigh_invalidate+0x8d/0x100 neigh_timer_handler+0x2e1/0x330 call_timer_fn+0x21/0x120 __run_timer_base.part.0+0x1c9/0x270 run_timer_softirq+0x4c/0x80 handle_softirqs+0xac/0x280 irq_exit_rcu+0x62/0x80 sysvec_apic_timer_interrupt+0x77/0x90 The script below reproduces this scenario: ip xfrm policy add src 0.0.0.0/0 dst 0.0.0.0/0 \ dir out priority 0 ptype main flag localok icmp ip l a veth1 type veth ip a a 192.168.141.111/24 dev veth0 ip l s veth0 up ping 192.168.141.155 -c 1 icmp_route_lookup() create input routes for locally generated packets while xfrm relookup ICMP traffic.Then it will set input route (dst->out = ip_rt_bug) to skb for DESTUNREACH. For ICMP err triggered by locally generated packets, dst->dev of output route is loopback. Generally, xfrm relookup verification is not required on loopback interfaces (net.ipv4.conf.lo.disable_xfrm = 1). Skip icmp relookup for locally generated packets to fix it. Fixes: 8b7817f3a959 ("[IPSEC]: Add ICMP host relookup support") Signed-off-by: Dong Chenchen <dongchenchen2(a)huawei.com> Reviewed-by: David Ahern <dsahern(a)kernel.org> Reviewed-by: Eric Dumazet <edumazet(a)google.com> Link: https://patch.msgid.link/20241127040850.1513135-1-dongchenchen2@huawei.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> Signed-off-by: Bruno VERNAY <bruno.vernay(a)se.com> Signed-off-by: Victor Giraud <vgiraud.opensource(a)witekio.com> --- net/ipv4/icmp.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/net/ipv4/icmp.c b/net/ipv4/icmp.c index 9dffdd876fef..ab830c093f7e 100644 --- a/net/ipv4/icmp.c +++ b/net/ipv4/icmp.c @@ -522,6 +522,9 @@ static struct rtable *icmp_route_lookup(struct net *net, if (rt != rt2) return rt; } else if (PTR_ERR(rt) == -EPERM) { + if (inet_addr_type_dev_table(net, route_lookup_dev, + fl4->daddr) == RTN_LOCAL) + return rt; rt = NULL; } else return rt; -- 2.34.1

4 months, 1 week

2
1
0 0

FAILED: patch "[PATCH] pps: Fix a use-after-free" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x c79a39dc8d060b9e64e8b0fa9d245d44befeefbe # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025020421-probe-shock-4e0d@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c79a39dc8d060b9e64e8b0fa9d245d44befeefbe Mon Sep 17 00:00:00 2001 From: Calvin Owens <calvin(a)wbinvd.org> Date: Mon, 11 Nov 2024 20:13:29 -0800 Subject: [PATCH] pps: Fix a use-after-free On a board running ntpd and gpsd, I'm seeing a consistent use-after-free in sys_exit() from gpsd when rebooting: pps pps1: removed ------------[ cut here ]------------ kobject: '(null)' (00000000db4bec24): is not initialized, yet kobject_put() is being called. WARNING: CPU: 2 PID: 440 at lib/kobject.c:734 kobject_put+0x120/0x150 CPU: 2 UID: 299 PID: 440 Comm: gpsd Not tainted 6.11.0-rc6-00308-gb31c44928842 #1 Hardware name: Raspberry Pi 4 Model B Rev 1.1 (DT) pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : kobject_put+0x120/0x150 lr : kobject_put+0x120/0x150 sp : ffffffc0803d3ae0 x29: ffffffc0803d3ae0 x28: ffffff8042dc9738 x27: 0000000000000001 x26: 0000000000000000 x25: ffffff8042dc9040 x24: ffffff8042dc9440 x23: ffffff80402a4620 x22: ffffff8042ef4bd0 x21: ffffff80405cb600 x20: 000000000008001b x19: ffffff8040b3b6e0 x18: 0000000000000000 x17: 0000000000000000 x16: 0000000000000000 x15: 696e6920746f6e20 x14: 7369203a29343263 x13: 205d303434542020 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000 x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000000 x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000000 Call trace: kobject_put+0x120/0x150 cdev_put+0x20/0x3c __fput+0x2c4/0x2d8 ____fput+0x1c/0x38 task_work_run+0x70/0xfc do_exit+0x2a0/0x924 do_group_exit+0x34/0x90 get_signal+0x7fc/0x8c0 do_signal+0x128/0x13b4 do_notify_resume+0xdc/0x160 el0_svc+0xd4/0xf8 el0t_64_sync_handler+0x140/0x14c el0t_64_sync+0x190/0x194 ---[ end trace 0000000000000000 ]--- ...followed by more symptoms of corruption, with similar stacks: refcount_t: underflow; use-after-free. kernel BUG at lib/list_debug.c:62! Kernel panic - not syncing: Oops - BUG: Fatal exception This happens because pps_device_destruct() frees the pps_device with the embedded cdev immediately after calling cdev_del(), but, as the comment above cdev_del() notes, fops for previously opened cdevs are still callable even after cdev_del() returns. I think this bug has always been there: I can't explain why it suddenly started happening every time I reboot this particular board. In commit d953e0e837e6 ("pps: Fix a use-after free bug when unregistering a source."), George Spelvin suggested removing the embedded cdev. That seems like the simplest way to fix this, so I've implemented his suggestion, using __register_chrdev() with pps_idr becoming the source of truth for which minor corresponds to which device. But now that pps_idr defines userspace visibility instead of cdev_add(), we need to be sure the pps->dev refcount can't reach zero while userspace can still find it again. So, the idr_remove() call moves to pps_unregister_cdev(), and pps_idr now holds a reference to pps->dev. pps_core: source serial1 got cdev (251:1) <...> pps pps1: removed pps_core: unregistering pps1 pps_core: deallocating pps1 Fixes: d953e0e837e6 ("pps: Fix a use-after free bug when unregistering a source.") Cc: stable(a)vger.kernel.org Signed-off-by: Calvin Owens <calvin(a)wbinvd.org> Reviewed-by: Michal Schmidt <mschmidt(a)redhat.com> Link: https://lore.kernel.org/r/a17975fd5ae99385791929e563f72564edbcf28f.17313837… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/pps/clients/pps-gpio.c b/drivers/pps/clients/pps-gpio.c index 634c3b2f8c26..f77b19884f05 100644 --- a/drivers/pps/clients/pps-gpio.c +++ b/drivers/pps/clients/pps-gpio.c @@ -214,8 +214,8 @@ static int pps_gpio_probe(struct platform_device *pdev) return -EINVAL; } - dev_info(data->pps->dev, "Registered IRQ %d as PPS source\n", - data->irq); + dev_dbg(&data->pps->dev, "Registered IRQ %d as PPS source\n", + data->irq); return 0; } diff --git a/drivers/pps/clients/pps-ktimer.c b/drivers/pps/clients/pps-ktimer.c index d33106bd7a29..2f465549b843 100644 --- a/drivers/pps/clients/pps-ktimer.c +++ b/drivers/pps/clients/pps-ktimer.c @@ -56,7 +56,7 @@ static struct pps_source_info pps_ktimer_info = { static void __exit pps_ktimer_exit(void) { - dev_info(pps->dev, "ktimer PPS source unregistered\n"); + dev_dbg(&pps->dev, "ktimer PPS source unregistered\n"); del_timer_sync(&ktimer); pps_unregister_source(pps); @@ -74,7 +74,7 @@ static int __init pps_ktimer_init(void) timer_setup(&ktimer, pps_ktimer_event, 0); mod_timer(&ktimer, jiffies + HZ); - dev_info(pps->dev, "ktimer PPS source registered\n"); + dev_dbg(&pps->dev, "ktimer PPS source registered\n"); return 0; } diff --git a/drivers/pps/clients/pps-ldisc.c b/drivers/pps/clients/pps-ldisc.c index 443d6bae19d1..fa5660f3c4b7 100644 --- a/drivers/pps/clients/pps-ldisc.c +++ b/drivers/pps/clients/pps-ldisc.c @@ -32,7 +32,7 @@ static void pps_tty_dcd_change(struct tty_struct *tty, bool active) pps_event(pps, &ts, active ? PPS_CAPTUREASSERT : PPS_CAPTURECLEAR, NULL); - dev_dbg(pps->dev, "PPS %s at %lu\n", + dev_dbg(&pps->dev, "PPS %s at %lu\n", active ? "assert" : "clear", jiffies); } @@ -69,7 +69,7 @@ static int pps_tty_open(struct tty_struct *tty) goto err_unregister; } - dev_info(pps->dev, "source \"%s\" added\n", info.path); + dev_dbg(&pps->dev, "source \"%s\" added\n", info.path); return 0; @@ -89,7 +89,7 @@ static void pps_tty_close(struct tty_struct *tty) if (WARN_ON(!pps)) return; - dev_info(pps->dev, "removed\n"); + dev_info(&pps->dev, "removed\n"); pps_unregister_source(pps); } diff --git a/drivers/pps/clients/pps_parport.c b/drivers/pps/clients/pps_parport.c index abaffb4e1c1c..24db06750297 100644 --- a/drivers/pps/clients/pps_parport.c +++ b/drivers/pps/clients/pps_parport.c @@ -81,7 +81,7 @@ static void parport_irq(void *handle) /* check the signal (no signal means the pulse is lost this time) */ if (!signal_is_set(port)) { local_irq_restore(flags); - dev_err(dev->pps->dev, "lost the signal\n"); + dev_err(&dev->pps->dev, "lost the signal\n"); goto out_assert; } @@ -98,7 +98,7 @@ static void parport_irq(void *handle) /* timeout */ dev->cw_err++; if (dev->cw_err >= CLEAR_WAIT_MAX_ERRORS) { - dev_err(dev->pps->dev, "disabled clear edge capture after %d" + dev_err(&dev->pps->dev, "disabled clear edge capture after %d" " timeouts\n", dev->cw_err); dev->cw = 0; dev->cw_err = 0; diff --git a/drivers/pps/kapi.c b/drivers/pps/kapi.c index d9d566f70ed1..92d1b62ea239 100644 --- a/drivers/pps/kapi.c +++ b/drivers/pps/kapi.c @@ -41,7 +41,7 @@ static void pps_add_offset(struct pps_ktime *ts, struct pps_ktime *offset) static void pps_echo_client_default(struct pps_device *pps, int event, void *data) { - dev_info(pps->dev, "echo %s %s\n", + dev_info(&pps->dev, "echo %s %s\n", event & PPS_CAPTUREASSERT ? "assert" : "", event & PPS_CAPTURECLEAR ? "clear" : ""); } @@ -112,7 +112,7 @@ struct pps_device *pps_register_source(struct pps_source_info *info, goto kfree_pps; } - dev_info(pps->dev, "new PPS source %s\n", info->name); + dev_dbg(&pps->dev, "new PPS source %s\n", info->name); return pps; @@ -166,7 +166,7 @@ void pps_event(struct pps_device *pps, struct pps_event_time *ts, int event, /* check event type */ BUG_ON((event & (PPS_CAPTUREASSERT | PPS_CAPTURECLEAR)) == 0); - dev_dbg(pps->dev, "PPS event at %lld.%09ld\n", + dev_dbg(&pps->dev, "PPS event at %lld.%09ld\n", (s64)ts->ts_real.tv_sec, ts->ts_real.tv_nsec); timespec_to_pps_ktime(&ts_real, ts->ts_real); @@ -188,7 +188,7 @@ void pps_event(struct pps_device *pps, struct pps_event_time *ts, int event, /* Save the time stamp */ pps->assert_tu = ts_real; pps->assert_sequence++; - dev_dbg(pps->dev, "capture assert seq #%u\n", + dev_dbg(&pps->dev, "capture assert seq #%u\n", pps->assert_sequence); captured = ~0; @@ -202,7 +202,7 @@ void pps_event(struct pps_device *pps, struct pps_event_time *ts, int event, /* Save the time stamp */ pps->clear_tu = ts_real; pps->clear_sequence++; - dev_dbg(pps->dev, "capture clear seq #%u\n", + dev_dbg(&pps->dev, "capture clear seq #%u\n", pps->clear_sequence); captured = ~0; diff --git a/drivers/pps/kc.c b/drivers/pps/kc.c index 50dc59af45be..fbd23295afd7 100644 --- a/drivers/pps/kc.c +++ b/drivers/pps/kc.c @@ -43,11 +43,11 @@ int pps_kc_bind(struct pps_device *pps, struct pps_bind_args *bind_args) pps_kc_hardpps_mode = 0; pps_kc_hardpps_dev = NULL; spin_unlock_irq(&pps_kc_hardpps_lock); - dev_info(pps->dev, "unbound kernel" + dev_info(&pps->dev, "unbound kernel" " consumer\n"); } else { spin_unlock_irq(&pps_kc_hardpps_lock); - dev_err(pps->dev, "selected kernel consumer" + dev_err(&pps->dev, "selected kernel consumer" " is not bound\n"); return -EINVAL; } @@ -57,11 +57,11 @@ int pps_kc_bind(struct pps_device *pps, struct pps_bind_args *bind_args) pps_kc_hardpps_mode = bind_args->edge; pps_kc_hardpps_dev = pps; spin_unlock_irq(&pps_kc_hardpps_lock); - dev_info(pps->dev, "bound kernel consumer: " + dev_info(&pps->dev, "bound kernel consumer: " "edge=0x%x\n", bind_args->edge); } else { spin_unlock_irq(&pps_kc_hardpps_lock); - dev_err(pps->dev, "another kernel consumer" + dev_err(&pps->dev, "another kernel consumer" " is already bound\n"); return -EINVAL; } @@ -83,7 +83,7 @@ void pps_kc_remove(struct pps_device *pps) pps_kc_hardpps_mode = 0; pps_kc_hardpps_dev = NULL; spin_unlock_irq(&pps_kc_hardpps_lock); - dev_info(pps->dev, "unbound kernel consumer" + dev_info(&pps->dev, "unbound kernel consumer" " on device removal\n"); } else spin_unlock_irq(&pps_kc_hardpps_lock); diff --git a/drivers/pps/pps.c b/drivers/pps/pps.c index 25d47907db17..6a02245ea35f 100644 --- a/drivers/pps/pps.c +++ b/drivers/pps/pps.c @@ -25,7 +25,7 @@ * Local variables */ -static dev_t pps_devt; +static int pps_major; static struct class *pps_class; static DEFINE_MUTEX(pps_idr_lock); @@ -62,7 +62,7 @@ static int pps_cdev_pps_fetch(struct pps_device *pps, struct pps_fdata *fdata) else { unsigned long ticks; - dev_dbg(pps->dev, "timeout %lld.%09d\n", + dev_dbg(&pps->dev, "timeout %lld.%09d\n", (long long) fdata->timeout.sec, fdata->timeout.nsec); ticks = fdata->timeout.sec * HZ; @@ -80,7 +80,7 @@ static int pps_cdev_pps_fetch(struct pps_device *pps, struct pps_fdata *fdata) /* Check for pending signals */ if (err == -ERESTARTSYS) { - dev_dbg(pps->dev, "pending signal caught\n"); + dev_dbg(&pps->dev, "pending signal caught\n"); return -EINTR; } @@ -98,7 +98,7 @@ static long pps_cdev_ioctl(struct file *file, switch (cmd) { case PPS_GETPARAMS: - dev_dbg(pps->dev, "PPS_GETPARAMS\n"); + dev_dbg(&pps->dev, "PPS_GETPARAMS\n"); spin_lock_irq(&pps->lock); @@ -114,7 +114,7 @@ static long pps_cdev_ioctl(struct file *file, break; case PPS_SETPARAMS: - dev_dbg(pps->dev, "PPS_SETPARAMS\n"); + dev_dbg(&pps->dev, "PPS_SETPARAMS\n"); /* Check the capabilities */ if (!capable(CAP_SYS_TIME)) @@ -124,14 +124,14 @@ static long pps_cdev_ioctl(struct file *file, if (err) return -EFAULT; if (!(params.mode & (PPS_CAPTUREASSERT | PPS_CAPTURECLEAR))) { - dev_dbg(pps->dev, "capture mode unspecified (%x)\n", + dev_dbg(&pps->dev, "capture mode unspecified (%x)\n", params.mode); return -EINVAL; } /* Check for supported capabilities */ if ((params.mode & ~pps->info.mode) != 0) { - dev_dbg(pps->dev, "unsupported capabilities (%x)\n", + dev_dbg(&pps->dev, "unsupported capabilities (%x)\n", params.mode); return -EINVAL; } @@ -144,7 +144,7 @@ static long pps_cdev_ioctl(struct file *file, /* Restore the read only parameters */ if ((params.mode & (PPS_TSFMT_TSPEC | PPS_TSFMT_NTPFP)) == 0) { /* section 3.3 of RFC 2783 interpreted */ - dev_dbg(pps->dev, "time format unspecified (%x)\n", + dev_dbg(&pps->dev, "time format unspecified (%x)\n", params.mode); pps->params.mode |= PPS_TSFMT_TSPEC; } @@ -165,7 +165,7 @@ static long pps_cdev_ioctl(struct file *file, break; case PPS_GETCAP: - dev_dbg(pps->dev, "PPS_GETCAP\n"); + dev_dbg(&pps->dev, "PPS_GETCAP\n"); err = put_user(pps->info.mode, iuarg); if (err) @@ -176,7 +176,7 @@ static long pps_cdev_ioctl(struct file *file, case PPS_FETCH: { struct pps_fdata fdata; - dev_dbg(pps->dev, "PPS_FETCH\n"); + dev_dbg(&pps->dev, "PPS_FETCH\n"); err = copy_from_user(&fdata, uarg, sizeof(struct pps_fdata)); if (err) @@ -206,7 +206,7 @@ static long pps_cdev_ioctl(struct file *file, case PPS_KC_BIND: { struct pps_bind_args bind_args; - dev_dbg(pps->dev, "PPS_KC_BIND\n"); + dev_dbg(&pps->dev, "PPS_KC_BIND\n"); /* Check the capabilities */ if (!capable(CAP_SYS_TIME)) @@ -218,7 +218,7 @@ static long pps_cdev_ioctl(struct file *file, /* Check for supported capabilities */ if ((bind_args.edge & ~pps->info.mode) != 0) { - dev_err(pps->dev, "unsupported capabilities (%x)\n", + dev_err(&pps->dev, "unsupported capabilities (%x)\n", bind_args.edge); return -EINVAL; } @@ -227,7 +227,7 @@ static long pps_cdev_ioctl(struct file *file, if (bind_args.tsformat != PPS_TSFMT_TSPEC || (bind_args.edge & ~PPS_CAPTUREBOTH) != 0 || bind_args.consumer != PPS_KC_HARDPPS) { - dev_err(pps->dev, "invalid kernel consumer bind" + dev_err(&pps->dev, "invalid kernel consumer bind" " parameters (%x)\n", bind_args.edge); return -EINVAL; } @@ -259,7 +259,7 @@ static long pps_cdev_compat_ioctl(struct file *file, struct pps_fdata fdata; int err; - dev_dbg(pps->dev, "PPS_FETCH\n"); + dev_dbg(&pps->dev, "PPS_FETCH\n"); err = copy_from_user(&compat, uarg, sizeof(struct pps_fdata_compat)); if (err) @@ -296,20 +296,36 @@ static long pps_cdev_compat_ioctl(struct file *file, #define pps_cdev_compat_ioctl NULL #endif +static struct pps_device *pps_idr_get(unsigned long id) +{ + struct pps_device *pps; + + mutex_lock(&pps_idr_lock); + pps = idr_find(&pps_idr, id); + if (pps) + get_device(&pps->dev); + + mutex_unlock(&pps_idr_lock); + return pps; +} + static int pps_cdev_open(struct inode *inode, struct file *file) { - struct pps_device *pps = container_of(inode->i_cdev, - struct pps_device, cdev); + struct pps_device *pps = pps_idr_get(iminor(inode)); + + if (!pps) + return -ENODEV; + file->private_data = pps; - kobject_get(&pps->dev->kobj); return 0; } static int pps_cdev_release(struct inode *inode, struct file *file) { - struct pps_device *pps = container_of(inode->i_cdev, - struct pps_device, cdev); - kobject_put(&pps->dev->kobj); + struct pps_device *pps = file->private_data; + + WARN_ON(pps->id != iminor(inode)); + put_device(&pps->dev); return 0; } @@ -331,22 +347,13 @@ static void pps_device_destruct(struct device *dev) { struct pps_device *pps = dev_get_drvdata(dev); - cdev_del(&pps->cdev); - - /* Now we can release the ID for re-use */ pr_debug("deallocating pps%d\n", pps->id); - mutex_lock(&pps_idr_lock); - idr_remove(&pps_idr, pps->id); - mutex_unlock(&pps_idr_lock); - - kfree(dev); kfree(pps); } int pps_register_cdev(struct pps_device *pps) { int err; - dev_t devt; mutex_lock(&pps_idr_lock); /* @@ -363,40 +370,29 @@ int pps_register_cdev(struct pps_device *pps) goto out_unlock; } pps->id = err; - mutex_unlock(&pps_idr_lock); - devt = MKDEV(MAJOR(pps_devt), pps->id); - - cdev_init(&pps->cdev, &pps_cdev_fops); - pps->cdev.owner = pps->info.owner; - - err = cdev_add(&pps->cdev, devt, 1); - if (err) { - pr_err("%s: failed to add char device %d:%d\n", - pps->info.name, MAJOR(pps_devt), pps->id); + pps->dev.class = pps_class; + pps->dev.parent = pps->info.dev; + pps->dev.devt = MKDEV(pps_major, pps->id); + dev_set_drvdata(&pps->dev, pps); + dev_set_name(&pps->dev, "pps%d", pps->id); + err = device_register(&pps->dev); + if (err) goto free_idr; - } - pps->dev = device_create(pps_class, pps->info.dev, devt, pps, - "pps%d", pps->id); - if (IS_ERR(pps->dev)) { - err = PTR_ERR(pps->dev); - goto del_cdev; - } /* Override the release function with our own */ - pps->dev->release = pps_device_destruct; + pps->dev.release = pps_device_destruct; - pr_debug("source %s got cdev (%d:%d)\n", pps->info.name, - MAJOR(pps_devt), pps->id); + pr_debug("source %s got cdev (%d:%d)\n", pps->info.name, pps_major, + pps->id); + get_device(&pps->dev); + mutex_unlock(&pps_idr_lock); return 0; -del_cdev: - cdev_del(&pps->cdev); - free_idr: - mutex_lock(&pps_idr_lock); idr_remove(&pps_idr, pps->id); + put_device(&pps->dev); out_unlock: mutex_unlock(&pps_idr_lock); return err; @@ -406,7 +402,13 @@ void pps_unregister_cdev(struct pps_device *pps) { pr_debug("unregistering pps%d\n", pps->id); pps->lookup_cookie = NULL; - device_destroy(pps_class, pps->dev->devt); + device_destroy(pps_class, pps->dev.devt); + + /* Now we can release the ID for re-use */ + mutex_lock(&pps_idr_lock); + idr_remove(&pps_idr, pps->id); + put_device(&pps->dev); + mutex_unlock(&pps_idr_lock); } /* @@ -426,6 +428,11 @@ void pps_unregister_cdev(struct pps_device *pps) * so that it will not be used again, even if the pps device cannot * be removed from the idr due to pending references holding the minor * number in use. + * + * Since pps_idr holds a reference to the device, the returned + * pps_device is guaranteed to be valid until pps_unregister_cdev() is + * called on it. But after calling pps_unregister_cdev(), it may be + * freed at any time. */ struct pps_device *pps_lookup_dev(void const *cookie) { @@ -448,13 +455,11 @@ EXPORT_SYMBOL(pps_lookup_dev); static void __exit pps_exit(void) { class_destroy(pps_class); - unregister_chrdev_region(pps_devt, PPS_MAX_SOURCES); + __unregister_chrdev(pps_major, 0, PPS_MAX_SOURCES, "pps"); } static int __init pps_init(void) { - int err; - pps_class = class_create("pps"); if (IS_ERR(pps_class)) { pr_err("failed to allocate class\n"); @@ -462,8 +467,9 @@ static int __init pps_init(void) } pps_class->dev_groups = pps_groups; - err = alloc_chrdev_region(&pps_devt, 0, PPS_MAX_SOURCES, "pps"); - if (err < 0) { + pps_major = __register_chrdev(0, 0, PPS_MAX_SOURCES, "pps", + &pps_cdev_fops); + if (pps_major < 0) { pr_err("failed to allocate char device region\n"); goto remove_class; } @@ -476,8 +482,7 @@ static int __init pps_init(void) remove_class: class_destroy(pps_class); - - return err; + return pps_major; } subsys_initcall(pps_init); diff --git a/drivers/ptp/ptp_ocp.c b/drivers/ptp/ptp_ocp.c index 5feecaadde8e..120db96d9e95 100644 --- a/drivers/ptp/ptp_ocp.c +++ b/drivers/ptp/ptp_ocp.c @@ -4420,7 +4420,7 @@ ptp_ocp_complete(struct ptp_ocp *bp) pps = pps_lookup_dev(bp->ptp); if (pps) - ptp_ocp_symlink(bp, pps->dev, "pps"); + ptp_ocp_symlink(bp, &pps->dev, "pps"); ptp_ocp_debugfs_add_device(bp); diff --git a/include/linux/pps_kernel.h b/include/linux/pps_kernel.h index 78c8ac4951b5..c7abce28ed29 100644 --- a/include/linux/pps_kernel.h +++ b/include/linux/pps_kernel.h @@ -56,8 +56,7 @@ struct pps_device { unsigned int id; /* PPS source unique ID */ void const *lookup_cookie; /* For pps_lookup_dev() only */ - struct cdev cdev; - struct device *dev; + struct device dev; struct fasync_struct *async_queue; /* fasync method */ spinlock_t lock; };

4 months, 1 week

3
2
0 0

[PATCHSET RFC 6.12] xfs: bug fixes for 6.12.y LTS

by Darrick J. Wong

Hi all, Here's a bunch of bespoke hand-ported bug fixes for 6.12 LTS. If you're going to start using this code, I strongly recommend pulling from my git trees, which are linked below. With a bit of luck, this should all go splendidly. Comments and questions are, as always, welcome. --D kernel git tree: https://git.kernel.org/cgit/linux/kernel/git/djwong/xfs-linux.git/log/?h=ne… --- Commits in this patchset: * xfs: avoid nested calls to __xfs_trans_commit * xfs: don't lose solo superblock counter update transactions * xfs: don't lose solo dquot update transactions * xfs: separate dquot buffer reads from xfs_dqflush * xfs: clean up log item accesses in xfs_qm_dqflush{,_done} * xfs: attach dquot buffer to dquot log item buffer * xfs: convert quotacheck to attach dquot buffers * xfs: don't over-report free space or inodes in statvfs * xfs: release the dquot buf outside of qli_lock * xfs: lock dquot buffer before detaching dquot from b_li_list --- fs/xfs/xfs_dquot.c | 199 +++++++++++++++++++++++++++++++++++++++------- fs/xfs/xfs_dquot.h | 6 + fs/xfs/xfs_dquot_item.c | 51 +++++++++--- fs/xfs/xfs_dquot_item.h | 7 ++ fs/xfs/xfs_qm.c | 48 +++++++++-- fs/xfs/xfs_qm_bhv.c | 27 ++++-- fs/xfs/xfs_quota.h | 7 +- fs/xfs/xfs_trans.c | 39 +++++---- fs/xfs/xfs_trans_ail.c | 2 fs/xfs/xfs_trans_dquot.c | 31 ++++++- 10 files changed, 328 insertions(+), 89 deletions(-)

4 months, 1 week

3
14
0 0

[PATCH 6.1 5.15 5.10 5.4 0/3] Backport ASIX AX99100 support

by Tomita Moeko

This patchset backports ASIX AX99100 pcie serial/parallel port controller support to linux 6.1 5.15 5.10 5.4. It just add a device ID, no functional changes included. The commit 3029ad913353("can: ems_pci: move ASIX AX99100 ids to pci_ids.h") was renamed to "PCI: add ASIX AX99100 ids to pci_ids.h", and changes in drivers/net/can/sja1000/ems_pci.c were dropped as the ems_pci change are only relevant for linux 6.3 and later. Tomita Moeko (3): PCI: add ASIX AX99100 ids to pci_ids.h serial: 8250_pci: add support for ASIX AX99100 parport_pc: add support for ASIX AX99100 drivers/parport/parport_pc.c | 5 +++++ drivers/tty/serial/8250/8250_pci.c | 10 ++++++++++ include/linux/pci_ids.h | 4 ++++ 3 files changed, 19 insertions(+) -- 2.47.2

4 months, 1 week

2
4
0 0

[PATCH 6.1 0/3] nilfs2: protect busy buffer heads from being force-cleared

by Ryusuke Konishi

Please apply this series to the 6.1-stable tree. This series makes it possible to backport the latter two patches (fixing some syzbot issues and a use-after-free issue) that could not be backported to 6.1.y. To achieve this, one dependent patch (patch 1/3) is included, and each patch is tailored to avoid extensive page/folio conversion. Both adjustments are specific to nilfs2 and do not include tree-wide changes. It has also been tested against the latest 6.1.y. Thanks, Ryusuke Konishi Ryusuke Konishi (3): nilfs2: do not output warnings when clearing dirty buffers nilfs2: do not force clear folio if buffer is referenced nilfs2: protect access to buffers with no active references fs/nilfs2/inode.c | 4 ++-- fs/nilfs2/mdt.c | 6 ++--- fs/nilfs2/page.c | 55 ++++++++++++++++++++++++++------------------- fs/nilfs2/page.h | 4 ++-- fs/nilfs2/segment.c | 4 +++- 5 files changed, 42 insertions(+), 31 deletions(-) -- 2.43.5

4 months, 1 week

2
4
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror