- Linux-stable-mirror - lists.linaro.org

[PATCH 5.10] cifs: fix small mempool leak in SMB2_negotiate()

by Anastasia Belova

From: Enzo Matsumiya <ematsumiya(a)suse.de> commit 27893dfc1285f80f80f46b3b8c95f5d15d2e66d0 upstream. In some cases of failure (dialect mismatches) in SMB2_negotiate(), after the request is sent, the checks would return -EIO when they should be rather setting rc = -EIO and jumping to neg_exit to free the response buffer from mempool. Signed-off-by: Enzo Matsumiya <ematsumiya(a)suse.de> Cc: stable(a)vger.kernel.org Reviewed-by: Ronnie Sahlberg <lsahlber(a)redhat.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Anastasia Belova <abelova(a)astralinux.ru> --- Backport fix for CVE-2022-49938 fs/cifs/smb2pdu.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c index 4197096e7fdb..fa75dc0a372d 100644 --- a/fs/cifs/smb2pdu.c +++ b/fs/cifs/smb2pdu.c @@ -883,23 +883,24 @@ SMB2_negotiate(const unsigned int xid, struct cifs_ses *ses) } else if (rc != 0) goto neg_exit; + rc = -EIO; if (strcmp(server->vals->version_string, SMB3ANY_VERSION_STRING) == 0) { if (rsp->DialectRevision == cpu_to_le16(SMB20_PROT_ID)) { cifs_server_dbg(VFS, "SMB2 dialect returned but not requested\n"); - return -EIO; + goto neg_exit; } else if (rsp->DialectRevision == cpu_to_le16(SMB21_PROT_ID)) { cifs_server_dbg(VFS, "SMB2.1 dialect returned but not requested\n"); - return -EIO; + goto neg_exit; } } else if (strcmp(server->vals->version_string, SMBDEFAULT_VERSION_STRING) == 0) { if (rsp->DialectRevision == cpu_to_le16(SMB20_PROT_ID)) { cifs_server_dbg(VFS, "SMB2 dialect returned but not requested\n"); - return -EIO; + goto neg_exit; } else if (rsp->DialectRevision == cpu_to_le16(SMB21_PROT_ID)) { /* ops set to 3.0 by default for default so update */ server->ops = &smb21_operations; @@ -913,7 +914,7 @@ SMB2_negotiate(const unsigned int xid, struct cifs_ses *ses) /* if requested single dialect ensure returned dialect matched */ cifs_server_dbg(VFS, "Invalid 0x%x dialect returned: not requested\n", le16_to_cpu(rsp->DialectRevision)); - return -EIO; + goto neg_exit; } cifs_dbg(FYI, "mode 0x%x\n", rsp->SecurityMode); @@ -931,9 +932,10 @@ SMB2_negotiate(const unsigned int xid, struct cifs_ses *ses) else { cifs_server_dbg(VFS, "Invalid dialect returned by server 0x%x\n", le16_to_cpu(rsp->DialectRevision)); - rc = -EIO; goto neg_exit; } + + rc = 0; server->dialect = le16_to_cpu(rsp->DialectRevision); /* -- 2.43.0

4 months, 1 week

1
0
0 0

[PATCH 1/3] block: Remove queue freezing from several sysfs store callbacks

by Bart Van Assche

Freezing the request queue from inside sysfs store callbacks may cause a deadlock in combination with the dm-multipath driver and the queue_if_no_path option. Additionally, freezing the request queue slows down system boot on systems where sysfs attributes are set synchronously. Fix this by removing the blk_mq_freeze_queue() / blk_mq_unfreeze_queue() calls from the store callbacks that do not strictly need these callbacks. This patch may cause a small delay in applying the new settings. This patch affects the following sysfs attributes: * io_poll_delay * io_timeout * nomerges * read_ahead_kb * rq_affinity Here is an example of a deadlock triggered by running test srp/002: task:multipathd Call Trace: <TASK> __schedule+0x8c1/0x1bf0 schedule+0xdd/0x270 schedule_preempt_disabled+0x1c/0x30 __mutex_lock+0xb89/0x1650 mutex_lock_nested+0x1f/0x30 dm_table_set_restrictions+0x823/0xdf0 __bind+0x166/0x590 dm_swap_table+0x2a7/0x490 do_resume+0x1b1/0x610 dev_suspend+0x55/0x1a0 ctl_ioctl+0x3a5/0x7e0 dm_ctl_ioctl+0x12/0x20 __x64_sys_ioctl+0x127/0x1a0 x64_sys_call+0xe2b/0x17d0 do_syscall_64+0x96/0x3a0 entry_SYSCALL_64_after_hwframe+0x4b/0x53 </TASK> task:(udev-worker) Call Trace: <TASK> __schedule+0x8c1/0x1bf0 schedule+0xdd/0x270 blk_mq_freeze_queue_wait+0xf2/0x140 blk_mq_freeze_queue_nomemsave+0x23/0x30 queue_ra_store+0x14e/0x290 queue_attr_store+0x23e/0x2c0 sysfs_kf_write+0xde/0x140 kernfs_fop_write_iter+0x3b2/0x630 vfs_write+0x4fd/0x1390 ksys_write+0xfd/0x230 __x64_sys_write+0x76/0xc0 x64_sys_call+0x276/0x17d0 do_syscall_64+0x96/0x3a0 entry_SYSCALL_64_after_hwframe+0x4b/0x53 </TASK> Cc: Christoph Hellwig <hch(a)lst.de> Cc: Nilay Shroff <nilay(a)linux.ibm.com> Cc: stable(a)vger.kernel.org Fixes: af2814149883 ("block: freeze the queue in queue_attr_store") Signed-off-by: Bart Van Assche <bvanassche(a)acm.org> --- block/blk-sysfs.c | 16 +--------------- 1 file changed, 1 insertion(+), 15 deletions(-) diff --git a/block/blk-sysfs.c b/block/blk-sysfs.c index b2b9b89d6967..ab34fe62f4da 100644 --- a/block/blk-sysfs.c +++ b/block/blk-sysfs.c @@ -105,7 +105,6 @@ queue_ra_store(struct gendisk *disk, const char *page, size_t count) { unsigned long ra_kb; ssize_t ret; - unsigned int memflags; struct request_queue *q = disk->queue; ret = queue_var_store(&ra_kb, page, count); @@ -116,10 +115,8 @@ queue_ra_store(struct gendisk *disk, const char *page, size_t count) * calculated from the queue limits by queue_limits_commit_update. */ mutex_lock(&q->limits_lock); - memflags = blk_mq_freeze_queue(q); disk->bdi->ra_pages = ra_kb >> (PAGE_SHIFT - 10); mutex_unlock(&q->limits_lock); - blk_mq_unfreeze_queue(q, memflags); return ret; } @@ -317,21 +314,18 @@ static ssize_t queue_nomerges_store(struct gendisk *disk, const char *page, size_t count) { unsigned long nm; - unsigned int memflags; struct request_queue *q = disk->queue; ssize_t ret = queue_var_store(&nm, page, count); if (ret < 0) return ret; - memflags = blk_mq_freeze_queue(q); blk_queue_flag_clear(QUEUE_FLAG_NOMERGES, q); blk_queue_flag_clear(QUEUE_FLAG_NOXMERGES, q); if (nm == 2) blk_queue_flag_set(QUEUE_FLAG_NOMERGES, q); else if (nm) blk_queue_flag_set(QUEUE_FLAG_NOXMERGES, q); - blk_mq_unfreeze_queue(q, memflags); return ret; } @@ -351,7 +345,6 @@ queue_rq_affinity_store(struct gendisk *disk, const char *page, size_t count) #ifdef CONFIG_SMP struct request_queue *q = disk->queue; unsigned long val; - unsigned int memflags; ret = queue_var_store(&val, page, count); if (ret < 0) @@ -363,7 +356,6 @@ queue_rq_affinity_store(struct gendisk *disk, const char *page, size_t count) * are accessed individually using atomic test_bit operation. So we * don't grab any lock while updating these flags. */ - memflags = blk_mq_freeze_queue(q); if (val == 2) { blk_queue_flag_set(QUEUE_FLAG_SAME_COMP, q); blk_queue_flag_set(QUEUE_FLAG_SAME_FORCE, q); @@ -374,7 +366,6 @@ queue_rq_affinity_store(struct gendisk *disk, const char *page, size_t count) blk_queue_flag_clear(QUEUE_FLAG_SAME_COMP, q); blk_queue_flag_clear(QUEUE_FLAG_SAME_FORCE, q); } - blk_mq_unfreeze_queue(q, memflags); #endif return ret; } @@ -388,11 +379,9 @@ static ssize_t queue_poll_delay_store(struct gendisk *disk, const char *page, static ssize_t queue_poll_store(struct gendisk *disk, const char *page, size_t count) { - unsigned int memflags; ssize_t ret = count; struct request_queue *q = disk->queue; - memflags = blk_mq_freeze_queue(q); if (!(q->limits.features & BLK_FEAT_POLL)) { ret = -EINVAL; goto out; @@ -401,7 +390,6 @@ static ssize_t queue_poll_store(struct gendisk *disk, const char *page, pr_info_ratelimited("writes to the poll attribute are ignored.\n"); pr_info_ratelimited("please use driver specific parameters instead.\n"); out: - blk_mq_unfreeze_queue(q, memflags); return ret; } @@ -414,7 +402,7 @@ static ssize_t queue_io_timeout_show(struct gendisk *disk, char *page) static ssize_t queue_io_timeout_store(struct gendisk *disk, const char *page, size_t count) { - unsigned int val, memflags; + unsigned int val; int err; struct request_queue *q = disk->queue; @@ -422,9 +410,7 @@ static ssize_t queue_io_timeout_store(struct gendisk *disk, const char *page, if (err || val == 0) return -EINVAL; - memflags = blk_mq_freeze_queue(q); blk_queue_rq_timeout(q, msecs_to_jiffies(val)); - blk_mq_unfreeze_queue(q, memflags); return count; }

4 months, 1 week

3
2
0 0

[PATCH v2 0/4] HID: avoid setting up battery timer when not needed in hid-apple and magicmouse

by Aditya Garg

Both hid-apple and hid-magicmouse require set up a battery timer for certain devices in order to fetch battery status. However, the timer is being set unconditionally for all devices. This patch series introduces checks to ensure that the battery timer is only set up for devices that actually require it. v2: - Address the cases of out_err and err_stop_hw left in v1 - Create a function to check if the device is a USB Magic Mouse 2 or Magic Trackpad 2 to reduce code duplication. - Add 2 new patches that convert the battery timeout to use secs_to_jiffies() instead of msecs_to_jiffies(). Aditya Garg (4): HID: apple: avoid setting up battery timer for devices without battery HID: magicmouse: avoid setting up battery timer when not needed HID: apple: use secs_to_jiffies() for battery timeout HID: magicmouse: use secs_to_jiffies() for battery timeout drivers/hid/hid-apple.c | 21 +++++++----- drivers/hid/hid-magicmouse.c | 66 ++++++++++++++++++++++-------------- 2 files changed, 54 insertions(+), 33 deletions(-) Range-diff against v1: 1: 05b6ac964 ! 1: 41c49e1d6 HID: apple: avoid setting up battery timer for devices without battery @@ drivers/hid/hid-apple.c: static int apple_probe(struct hid_device *hdev, if (quirks & APPLE_BACKLIGHT_CTL) apple_backlight_init(hdev); +@@ drivers/hid/hid-apple.c: static int apple_probe(struct hid_device *hdev, + return 0; + + out_err: +- timer_delete_sync(&asc->battery_timer); ++ if (quirks & APPLE_RDESC_BATTERY) ++ timer_delete_sync(&asc->battery_timer); ++ + hid_hw_stop(hdev); + return ret; + } @@ drivers/hid/hid-apple.c: static void apple_remove(struct hid_device *hdev) { struct apple_sc *asc = hid_get_drvdata(hdev); 2: 25b52facf ! 2: a1617042f HID: magicmouse: avoid setting up battery timer when not needed @@ Commit message Signed-off-by: Aditya Garg <gargaditya08(a)live.com> ## drivers/hid/hid-magicmouse.c ## +@@ drivers/hid/hid-magicmouse.c: static void magicmouse_enable_mt_work(struct work_struct *work) + hid_err(msc->hdev, "unable to request touch data (%d)\n", ret); + } + ++static bool is_usb_magicmouse2(__u32 vendor, __u32 product) ++{ ++ if (vendor != USB_VENDOR_ID_APPLE) ++ return false; ++ return product == USB_DEVICE_ID_APPLE_MAGICMOUSE2 || ++ product == USB_DEVICE_ID_APPLE_MAGICMOUSE2_USBC; ++} ++ ++static bool is_usb_magictrackpad2(__u32 vendor, __u32 product) ++{ ++ if (vendor != USB_VENDOR_ID_APPLE) ++ return false; ++ return product == USB_DEVICE_ID_APPLE_MAGICTRACKPAD2 || ++ product == USB_DEVICE_ID_APPLE_MAGICTRACKPAD2_USBC; ++} ++ + static int magicmouse_fetch_battery(struct hid_device *hdev) + { + #ifdef CONFIG_HID_BATTERY_STRENGTH + struct hid_report_enum *report_enum; + struct hid_report *report; + +- if (!hdev->battery || hdev->vendor != USB_VENDOR_ID_APPLE || +- (hdev->product != USB_DEVICE_ID_APPLE_MAGICMOUSE2 && +- hdev->product != USB_DEVICE_ID_APPLE_MAGICMOUSE2_USBC && +- hdev->product != USB_DEVICE_ID_APPLE_MAGICTRACKPAD2 && +- hdev->product != USB_DEVICE_ID_APPLE_MAGICTRACKPAD2_USBC)) ++ if (!hdev->battery || ++ (!is_usb_magicmouse2(hdev->vendor, hdev->product) && ++ !is_usb_magictrackpad2(hdev->vendor, hdev->product))) + return -1; + + report_enum = &hdev->report_enum[hdev->battery_report_type]; @@ drivers/hid/hid-magicmouse.c: static int magicmouse_probe(struct hid_device *hdev, return ret; } @@ drivers/hid/hid-magicmouse.c: static int magicmouse_probe(struct hid_device *hde - ((id->product == USB_DEVICE_ID_APPLE_MAGICTRACKPAD2 || - id->product == USB_DEVICE_ID_APPLE_MAGICTRACKPAD2_USBC) && - hdev->type != HID_TYPE_USBMOUSE))) -- return 0; -+ if (id->vendor == USB_VENDOR_ID_APPLE) { -+ bool is_mouse2 = (id->product == USB_DEVICE_ID_APPLE_MAGICMOUSE2 || -+ id->product == USB_DEVICE_ID_APPLE_MAGICMOUSE2_USBC); -+ bool is_trackpad2 = (id->product == USB_DEVICE_ID_APPLE_MAGICTRACKPAD2 || -+ id->product == USB_DEVICE_ID_APPLE_MAGICTRACKPAD2_USBC); -+ -+ if (is_mouse2 || is_trackpad2) { -+ timer_setup(&msc->battery_timer, magicmouse_battery_timer_tick, 0); -+ mod_timer(&msc->battery_timer, -+ jiffies + msecs_to_jiffies(USB_BATTERY_TIMEOUT_MS)); -+ magicmouse_fetch_battery(hdev); -+ } -+ -+ if (is_mouse2 || (is_trackpad2 && hdev->type != HID_TYPE_USBMOUSE)) -+ return 0; ++ if (is_usb_magicmouse2(id->vendor, id->product) || ++ is_usb_magictrackpad2(id->vendor, id->product)) { ++ timer_setup(&msc->battery_timer, magicmouse_battery_timer_tick, 0); ++ mod_timer(&msc->battery_timer, ++ jiffies + msecs_to_jiffies(USB_BATTERY_TIMEOUT_MS)); ++ magicmouse_fetch_battery(hdev); + } ++ ++ if (is_usb_magicmouse2(id->vendor, id->product) || ++ (is_usb_magictrackpad2(id->vendor, id->product) && ++ hdev->type != HID_TYPE_USBMOUSE)) + return 0; if (!msc->input) { - hid_err(hdev, "magicmouse input not registered\n"); +@@ drivers/hid/hid-magicmouse.c: static int magicmouse_probe(struct hid_device *hdev, + + return 0; + err_stop_hw: +- timer_delete_sync(&msc->battery_timer); ++ if (is_usb_magicmouse2(id->vendor, id->product) || ++ is_usb_magictrackpad2(id->vendor, id->product)) ++ timer_delete_sync(&msc->battery_timer); ++ + hid_hw_stop(hdev); + return ret; + } @@ drivers/hid/hid-magicmouse.c: static void magicmouse_remove(struct hid_device *hdev) if (msc) { cancel_delayed_work_sync(&msc->work); - timer_delete_sync(&msc->battery_timer); -+ if (hdev->vendor == USB_VENDOR_ID_APPLE && -+ (hdev->product == USB_DEVICE_ID_APPLE_MAGICMOUSE2 || -+ hdev->product == USB_DEVICE_ID_APPLE_MAGICMOUSE2_USBC || -+ hdev->product == USB_DEVICE_ID_APPLE_MAGICTRACKPAD2 || -+ hdev->product == USB_DEVICE_ID_APPLE_MAGICTRACKPAD2_USBC)) -+ ++ if (is_usb_magicmouse2(hdev->vendor, hdev->product) || ++ is_usb_magictrackpad2(hdev->vendor, hdev->product)) + timer_delete_sync(&msc->battery_timer); } hid_hw_stop(hdev); +@@ drivers/hid/hid-magicmouse.c: static const __u8 *magicmouse_report_fixup(struct hid_device *hdev, __u8 *rdesc, + * 0x05, 0x01, // Usage Page (Generic Desktop) 0 + * 0x09, 0x02, // Usage (Mouse) 2 + */ +- if (hdev->vendor == USB_VENDOR_ID_APPLE && +- (hdev->product == USB_DEVICE_ID_APPLE_MAGICMOUSE2 || +- hdev->product == USB_DEVICE_ID_APPLE_MAGICMOUSE2_USBC || +- hdev->product == USB_DEVICE_ID_APPLE_MAGICTRACKPAD2 || +- hdev->product == USB_DEVICE_ID_APPLE_MAGICTRACKPAD2_USBC) && ++ if ((is_usb_magicmouse2(hdev->vendor, hdev->product) || ++ is_usb_magictrackpad2(hdev->vendor, hdev->product)) && + *rsize == 83 && rdesc[46] == 0x84 && rdesc[58] == 0x85) { + hid_info(hdev, + "fixing up magicmouse battery report descriptor\n"); -: --------- > 3: 3ebe25998 HID: apple: use secs_to_jiffies() for battery timeout -: --------- > 4: 1d3400714 HID: magicmouse: use secs_to_jiffies() for battery timeout -- 2.49.0

4 months, 1 week

3
7
0 0

Re: [PATCH v2 1/3] drm/amdgpu: Dirty cleared blocks on free

by Christian König

On 02.07.25 13:58, Arunpravin Paneer Selvam wrote: > Hi Christian, > > On 7/2/2025 1:27 PM, Christian König wrote: >> On 01.07.25 21:08, Arunpravin Paneer Selvam wrote: >>> Set the dirty bit when the memory resource is not cleared >>> during BO release. >>> >>> v2(Christian): >>> - Drop the cleared flag set to false. >>> - Improve the amdgpu_vram_mgr_set_clear_state() function. >>> >>> Signed-off-by: Arunpravin Paneer Selvam <Arunpravin.PaneerSelvam(a)amd.com> >>> Suggested-by: Christian König <christian.koenig(a)amd.com> >>> Cc: stable(a)vger.kernel.org >>> Fixes: a68c7eaa7a8f ("drm/amdgpu: Enable clear page functionality") >>> --- >>> drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 1 - >>> drivers/gpu/drm/amd/amdgpu/amdgpu_vram_mgr.h | 5 ++++- >>> 2 files changed, 4 insertions(+), 2 deletions(-) >>> >>> diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c >>> index 9c5df35f05b7..86eb6d47dcc5 100644 >>> --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c >>> +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c >>> @@ -409,7 +409,6 @@ static int amdgpu_move_blit(struct ttm_buffer_object *bo, >>> if (r) { >>> goto error; >>> } else if (wipe_fence) { >>> - amdgpu_vram_mgr_set_cleared(bo->resource); >> Mhm, that looks incorrect to me. >> >> Why don't we consider the resource cleared after it go wiped during eviction? > > Modifying the resource flag here doesn't go into effect until we call the drm_buddy_free_list() in amdgpu_vram_mgr_del(). This BO will be cleared once again after executing amdgpu_bo_release_notify(). With the new implementation, there's a chance that changing the resource flag the second time would cause the WARN_ON to occur. Hence I removed the resource cleared function call in amdgpu_move_blit. Thanks, Arun. Something fishy is going on that we don't fully understand. What happens here is that we move from VRAM to GTT, clear the VRAM BO after the move and set the flag. When the BO is destroyed the it is backed by GTT and not VRAM any more, so no clear operation and no flag setting is performed. It looks more like we forget to clear the flag in some cases. Regards, Christian. > >> Regards, >> Christian. >> >>> dma_fence_put(fence); >>> fence = wipe_fence; >>> } >>> diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_vram_mgr.h b/drivers/gpu/drm/amd/amdgpu/amdgpu_vram_mgr.h >>> index b256cbc2bc27..2c88d5fd87da 100644 >>> --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_vram_mgr.h >>> +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_vram_mgr.h >>> @@ -66,7 +66,10 @@ to_amdgpu_vram_mgr_resource(struct ttm_resource *res) >>> >>> static inline void amdgpu_vram_mgr_set_cleared(struct ttm_resource *res) >>> { >>> - to_amdgpu_vram_mgr_resource(res)->flags |= DRM_BUDDY_CLEARED; >>> + struct amdgpu_vram_mgr_resource *ares = to_amdgpu_vram_mgr_resource(res); >>> + >>> + WARN_ON(ares->flags & DRM_BUDDY_CLEARED); >>> + ares->flags |= DRM_BUDDY_CLEARED; >>> } >>> >>> #endif

4 months, 1 week

2
1
0 0

Please cherry-pick this commit to v5.15.y, 5.10.y and 5.4.y: 23e118a48acf ("PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time")

by Dexuan Cui

Hi, The commit has been in v6.1.y for 3+ years (but not in the 5.x stable branches): 23e118a48acf ("PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time") The commit can be cherry-picked cleanly to the latest 5.x stable branches, i.e. 5.15.185, 5.10.238 and 5.4.294. Some Linux distro kernels are still based on the 5.x stable branches, and they have been carrying the commit explicitly. It would be great to have the commit in the upstream 5.x branches, so they don't have to carry the commit explicitly. There is a Debian 10.3 user who wants the commit, but the commit is absent from Debian 10.3's kernel, whose full version string is: Linux version 5.10.0-0.deb10.30-amd64 (debian-kernel(a)lists.debian.org) (gcc-8 (Debian 8.3.0-6) 8.3.0, GNU ld (GNU Binutils for Debian) 2.31.1) #1 SMP Debian 5.10.218-1~deb10u1 (2024-06-12) If the commit is cherry-picked into the upstream 5.10.y, the next Debian 10.3 kernel update would have the commit automatically. Thanks! -- Dexuan

4 months, 1 week

2
4
0 0

[PATCH v3 1/2] platform/x86: int3472: add hpd pin support

by Dongcheng Yan

Typically HDMI to MIPI CSI-2 bridges have a pin to signal image data is being received. On the host side this is wired to a GPIO for polling or interrupts. This includes the Lontium HDMI to MIPI CSI-2 bridges lt6911uxe and lt6911uxc. The GPIO "hpd" is used already by other HDMI to CSI-2 bridges, use it here as well. Signed-off-by: Dongcheng Yan <dongcheng.yan(a)intel.com> --- drivers/platform/x86/intel/int3472/common.h | 1 + drivers/platform/x86/intel/int3472/discrete.c | 6 ++++++ 2 files changed, 7 insertions(+) diff --git a/drivers/platform/x86/intel/int3472/common.h b/drivers/platform/x86/intel/int3472/common.h index 51b818e62a25..4593d567caf4 100644 --- a/drivers/platform/x86/intel/int3472/common.h +++ b/drivers/platform/x86/intel/int3472/common.h @@ -23,6 +23,7 @@ #define INT3472_GPIO_TYPE_CLK_ENABLE 0x0c #define INT3472_GPIO_TYPE_PRIVACY_LED 0x0d #define INT3472_GPIO_TYPE_HANDSHAKE 0x12 +#define INT3472_GPIO_TYPE_HOTPLUG_DETECT 0x13 #define INT3472_PDEV_MAX_NAME_LEN 23 #define INT3472_MAX_SENSOR_GPIOS 3 diff --git a/drivers/platform/x86/intel/int3472/discrete.c b/drivers/platform/x86/intel/int3472/discrete.c index 394975f55d64..efa3bc7af193 100644 --- a/drivers/platform/x86/intel/int3472/discrete.c +++ b/drivers/platform/x86/intel/int3472/discrete.c @@ -191,6 +191,10 @@ static void int3472_get_con_id_and_polarity(struct int3472_discrete_device *int3 *con_id = "privacy-led"; *gpio_flags = GPIO_ACTIVE_HIGH; break; + case INT3472_GPIO_TYPE_HOTPLUG_DETECT: + *con_id = "hpd"; + *gpio_flags = GPIO_ACTIVE_HIGH; + break; case INT3472_GPIO_TYPE_POWER_ENABLE: *con_id = "avdd"; *gpio_flags = GPIO_ACTIVE_HIGH; @@ -221,6 +225,7 @@ static void int3472_get_con_id_and_polarity(struct int3472_discrete_device *int3 * 0x0b Power enable * 0x0c Clock enable * 0x0d Privacy LED + * 0x13 Hotplug detect * * There are some known platform specific quirks where that does not quite * hold up; for example where a pin with type 0x01 (Power down) is mapped to @@ -290,6 +295,7 @@ static int skl_int3472_handle_gpio_resources(struct acpi_resource *ares, switch (type) { case INT3472_GPIO_TYPE_RESET: case INT3472_GPIO_TYPE_POWERDOWN: + case INT3472_GPIO_TYPE_HOTPLUG_DETECT: ret = skl_int3472_map_gpio_to_sensor(int3472, agpio, con_id, gpio_flags); if (ret) err_msg = "Failed to map GPIO pin to sensor\n"; base-commit: 4d1e8c8f11c611db5828e4bae7292bc295eea8ef -- 2.34.1

4 months, 1 week

8
12
0 0

[REGRESSION][BISECTED] Performance Regression in IOMMU/VT-d Since Kernel 6.10

by Ioanna Alifieraki

#regzbot introduced: 129dab6e1286 Hello everyone, We've identified a performance regression that starts with linux kernel 6.10 and persists through 6.16(tested at commit e540341508ce). Bisection pointed to commit: 129dab6e1286 ("iommu/vt-d: Use cache_tag_flush_range_np() in iotlb_sync_map"). The issue occurs when running fio against two NVMe devices located under the same PCIe bridge (dual-port NVMe configuration). Performance drops compared to configurations where the devices are on different bridges. Observed Performance: - Before the commit: ~6150 MiB/s, regardless of NVMe device placement. - After the commit: -- Same PCIe bridge: ~4985 MiB/s -- Different PCIe bridges: ~6150 MiB/s Currently we can only reproduce the issue on a Z3 metal instance on gcp. I suspect the issue can be reproducible if you have a dual port nvme on any machine. At [1] there's a more detailed description of the issue and details on the reproducer. Could you please advise on the appropriate path forward to mitigate or address this regression? Thanks, Jo [1] https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2115738

4 months, 1 week

2
4
0 0

[PATCH net] net: libwx: fix double put of page to page_pool

by Jiawen Wu

wx_dma_sync_frag() incorrectly attempted to return the page to page_pool, which is already handled via buffer reuse or wx_build_skb() paths. Under high MTU and high throughput, this causes list corruption inside page_pool due to double free. [ 876.949950] Call Trace: [ 876.949951] <IRQ> [ 876.949952] __rmqueue_pcplist+0x53/0x2c0 [ 876.949955] alloc_pages_bulk_noprof+0x2e0/0x660 [ 876.949958] __page_pool_alloc_pages_slow+0xa9/0x400 [ 876.949961] page_pool_alloc_pages+0xa/0x20 [ 876.949963] wx_alloc_rx_buffers+0xd7/0x110 [libwx] [ 876.949967] wx_clean_rx_irq+0x262/0x430 [libwx] [ 876.949971] wx_poll+0x92/0x130 [libwx] [ 876.949975] __napi_poll+0x28/0x190 [ 876.949977] net_rx_action+0x301/0x3f0 [ 876.949980] ? srso_alias_return_thunk+0x5/0xfbef5 [ 876.949981] ? profile_tick+0x30/0x70 [ 876.949983] ? srso_alias_return_thunk+0x5/0xfbef5 [ 876.949984] ? srso_alias_return_thunk+0x5/0xfbef5 [ 876.949986] ? timerqueue_add+0xa3/0xc0 [ 876.949988] ? srso_alias_return_thunk+0x5/0xfbef5 [ 876.949989] ? __raise_softirq_irqoff+0x16/0x70 [ 876.949991] ? srso_alias_return_thunk+0x5/0xfbef5 [ 876.949993] ? srso_alias_return_thunk+0x5/0xfbef5 [ 876.949994] ? wx_msix_clean_rings+0x41/0x50 [libwx] [ 876.949998] handle_softirqs+0xf9/0x2c0 Fixes: 3c47e8ae113a ("net: libwx: Support to receive packets in NAPI") Cc: stable(a)vger.kernel.org Signed-off-by: Jiawen Wu <jiawenwu(a)trustnetic.com> --- drivers/net/ethernet/wangxun/libwx/wx_lib.c | 4 ---- 1 file changed, 4 deletions(-) diff --git a/drivers/net/ethernet/wangxun/libwx/wx_lib.c b/drivers/net/ethernet/wangxun/libwx/wx_lib.c index c57cc4f27249..246b18a0285e 100644 --- a/drivers/net/ethernet/wangxun/libwx/wx_lib.c +++ b/drivers/net/ethernet/wangxun/libwx/wx_lib.c @@ -174,10 +174,6 @@ static void wx_dma_sync_frag(struct wx_ring *rx_ring, skb_frag_off(frag), skb_frag_size(frag), DMA_FROM_DEVICE); - - /* If the page was released, just unmap it. */ - if (unlikely(WX_CB(skb)->page_released)) - page_pool_put_full_page(rx_ring->page_pool, rx_buffer->page, false); } static struct wx_rx_buffer *wx_get_rx_buffer(struct wx_ring *rx_ring, -- 2.48.1

4 months, 1 week

2
2
0 0

[PATCH] drm/v3d: Disable interrupts before resetting the GPU

by Maíra Canal

Currently, an interrupt can be triggered during a GPU reset, which can lead to GPU hangs and NULL pointer dereference in an interrupt context as shown in the following trace: [ 314.035040] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000c0 [ 314.043822] Mem abort info: [ 314.046606] ESR = 0x0000000096000005 [ 314.050347] EC = 0x25: DABT (current EL), IL = 32 bits [ 314.055651] SET = 0, FnV = 0 [ 314.058695] EA = 0, S1PTW = 0 [ 314.061826] FSC = 0x05: level 1 translation fault [ 314.066694] Data abort info: [ 314.069564] ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000 [ 314.075039] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 314.080080] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 314.085382] user pgtable: 4k pages, 39-bit VAs, pgdp=0000000102728000 [ 314.091814] [00000000000000c0] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000 [ 314.100511] Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP [ 314.106770] Modules linked in: v3d i2c_brcmstb vc4 snd_soc_hdmi_codec gpu_sched drm_shmem_helper drm_display_helper cec drm_dma_helper drm_kms_helper drm drm_panel_orientation_quirks snd_soc_core snd_compress snd_pcm_dmaengine snd_pcm snd_timer snd backlight [ 314.129654] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.12.25+rpt-rpi-v8 #1 Debian 1:6.12.25-1+rpt1 [ 314.139388] Hardware name: Raspberry Pi 4 Model B Rev 1.4 (DT) [ 314.145211] pstate: 600000c5 (nZCv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 314.152165] pc : v3d_irq+0xec/0x2e0 [v3d] [ 314.156187] lr : v3d_irq+0xe0/0x2e0 [v3d] [ 314.160198] sp : ffffffc080003ea0 [ 314.163502] x29: ffffffc080003ea0 x28: ffffffec1f184980 x27: 021202b000000000 [ 314.170633] x26: ffffffec1f17f630 x25: ffffff8101372000 x24: ffffffec1f17d9f0 [ 314.177764] x23: 000000000000002a x22: 000000000000002a x21: ffffff8103252000 [ 314.184895] x20: 0000000000000001 x19: 00000000deadbeef x18: 0000000000000000 [ 314.192026] x17: ffffff94e51d2000 x16: ffffffec1dac3cb0 x15: c306000000000000 [ 314.199156] x14: 0000000000000000 x13: b2fc982e03cc5168 x12: 0000000000000001 [ 314.206286] x11: ffffff8103f8bcc0 x10: ffffffec1f196868 x9 : ffffffec1dac3874 [ 314.213416] x8 : 0000000000000000 x7 : 0000000000042a3a x6 : ffffff810017a180 [ 314.220547] x5 : ffffffec1ebad400 x4 : ffffffec1ebad320 x3 : 00000000000bebeb [ 314.227677] x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000000 [ 314.234807] Call trace: [ 314.237243] v3d_irq+0xec/0x2e0 [v3d] [ 314.240906] __handle_irq_event_percpu+0x58/0x218 [ 314.245609] handle_irq_event+0x54/0xb8 [ 314.249439] handle_fasteoi_irq+0xac/0x240 [ 314.253527] handle_irq_desc+0x48/0x68 [ 314.257269] generic_handle_domain_irq+0x24/0x38 [ 314.261879] gic_handle_irq+0x48/0xd8 [ 314.265533] call_on_irq_stack+0x24/0x58 [ 314.269448] do_interrupt_handler+0x88/0x98 [ 314.273624] el1_interrupt+0x34/0x68 [ 314.277193] el1h_64_irq_handler+0x18/0x28 [ 314.281281] el1h_64_irq+0x64/0x68 [ 314.284673] default_idle_call+0x3c/0x168 [ 314.288675] do_idle+0x1fc/0x230 [ 314.291895] cpu_startup_entry+0x3c/0x50 [ 314.295810] rest_init+0xe4/0xf0 [ 314.299030] start_kernel+0x5e8/0x790 [ 314.302684] __primary_switched+0x80/0x90 [ 314.306691] Code: 940029eb 360ffc13 f9442ea0 52800001 (f9406017) [ 314.312775] ---[ end trace 0000000000000000 ]--- [ 314.317384] Kernel panic - not syncing: Oops: Fatal exception in interrupt [ 314.324249] SMP: stopping secondary CPUs [ 314.328167] Kernel Offset: 0x2b9da00000 from 0xffffffc080000000 [ 314.334076] PHYS_OFFSET: 0x0 [ 314.336946] CPU features: 0x08,00002013,c0200000,0200421b [ 314.342337] Memory Limit: none [ 314.345382] ---[ end Kernel panic - not syncing: Oops: Fatal exception in interrupt ]--- Before resetting the GPU, it's necessary to disable all interrupts and deal with any interrupt handler still in-flight. Otherwise, the GPU might reset with jobs still running, or yet, an interrupt could be handled during the reset. Cc: stable(a)vger.kernel.org Fixes: 57692c94dcbe ("drm/v3d: Introduce a new DRM driver for Broadcom V3D V3.x+") Signed-off-by: Maíra Canal <mcanal(a)igalia.com> --- drivers/gpu/drm/v3d/v3d_drv.h | 8 ++++++++ drivers/gpu/drm/v3d/v3d_gem.c | 2 ++ drivers/gpu/drm/v3d/v3d_irq.c | 37 +++++++++++++++++++++++++---------- 3 files changed, 37 insertions(+), 10 deletions(-) diff --git a/drivers/gpu/drm/v3d/v3d_drv.h b/drivers/gpu/drm/v3d/v3d_drv.h index b51f0b648a08..411e47702f8a 100644 --- a/drivers/gpu/drm/v3d/v3d_drv.h +++ b/drivers/gpu/drm/v3d/v3d_drv.h @@ -101,6 +101,12 @@ enum v3d_gen { V3D_GEN_71 = 71, }; +enum v3d_irq { + V3D_CORE_IRQ, + V3D_HUB_IRQ, + V3D_MAX_IRQS, +}; + struct v3d_dev { struct drm_device drm; @@ -112,6 +118,8 @@ struct v3d_dev { bool single_irq_line; + int irq[V3D_MAX_IRQS]; + struct v3d_perfmon_info perfmon_info; void __iomem *hub_regs; diff --git a/drivers/gpu/drm/v3d/v3d_gem.c b/drivers/gpu/drm/v3d/v3d_gem.c index d7d16da78db3..37bf5eecdd2c 100644 --- a/drivers/gpu/drm/v3d/v3d_gem.c +++ b/drivers/gpu/drm/v3d/v3d_gem.c @@ -134,6 +134,8 @@ v3d_reset(struct v3d_dev *v3d) if (false) v3d_idle_axi(v3d, 0); + v3d_irq_disable(v3d); + v3d_idle_gca(v3d); v3d_reset_sms(v3d); v3d_reset_v3d(v3d); diff --git a/drivers/gpu/drm/v3d/v3d_irq.c b/drivers/gpu/drm/v3d/v3d_irq.c index 2cca5d3a26a2..a515a301e480 100644 --- a/drivers/gpu/drm/v3d/v3d_irq.c +++ b/drivers/gpu/drm/v3d/v3d_irq.c @@ -260,7 +260,7 @@ v3d_hub_irq(int irq, void *arg) int v3d_irq_init(struct v3d_dev *v3d) { - int irq1, ret, core; + int irq, ret, core; INIT_WORK(&v3d->overflow_mem_work, v3d_overflow_mem_work); @@ -271,17 +271,24 @@ v3d_irq_init(struct v3d_dev *v3d) V3D_CORE_WRITE(core, V3D_CTL_INT_CLR, V3D_CORE_IRQS(v3d->ver)); V3D_WRITE(V3D_HUB_INT_CLR, V3D_HUB_IRQS(v3d->ver)); - irq1 = platform_get_irq_optional(v3d_to_pdev(v3d), 1); - if (irq1 == -EPROBE_DEFER) - return irq1; - if (irq1 > 0) { - ret = devm_request_irq(v3d->drm.dev, irq1, + irq = platform_get_irq_optional(v3d_to_pdev(v3d), 1); + if (irq == -EPROBE_DEFER) + return irq; + if (irq > 0) { + v3d->irq[V3D_CORE_IRQ] = irq; + + ret = devm_request_irq(v3d->drm.dev, v3d->irq[V3D_CORE_IRQ], v3d_irq, IRQF_SHARED, "v3d_core0", v3d); if (ret) goto fail; - ret = devm_request_irq(v3d->drm.dev, - platform_get_irq(v3d_to_pdev(v3d), 0), + + irq = platform_get_irq(v3d_to_pdev(v3d), 0); + if (irq < 0) + return irq; + v3d->irq[V3D_HUB_IRQ] = irq; + + ret = devm_request_irq(v3d->drm.dev, v3d->irq[V3D_HUB_IRQ], v3d_hub_irq, IRQF_SHARED, "v3d_hub", v3d); if (ret) @@ -289,8 +296,12 @@ v3d_irq_init(struct v3d_dev *v3d) } else { v3d->single_irq_line = true; - ret = devm_request_irq(v3d->drm.dev, - platform_get_irq(v3d_to_pdev(v3d), 0), + irq = platform_get_irq(v3d_to_pdev(v3d), 0); + if (irq < 0) + return irq; + v3d->irq[V3D_CORE_IRQ] = irq; + + ret = devm_request_irq(v3d->drm.dev, v3d->irq[V3D_CORE_IRQ], v3d_irq, IRQF_SHARED, "v3d", v3d); if (ret) @@ -331,6 +342,12 @@ v3d_irq_disable(struct v3d_dev *v3d) V3D_CORE_WRITE(core, V3D_CTL_INT_MSK_SET, ~0); V3D_WRITE(V3D_HUB_INT_MSK_SET, ~0); + /* Finish any interrupt handler still in flight. */ + for (int i = 0; i < V3D_MAX_IRQS; i++) { + if (v3d->irq[i]) + synchronize_irq(v3d->irq[i]); + } + /* Clear any pending interrupts we might have left. */ for (core = 0; core < v3d->cores; core++) V3D_CORE_WRITE(core, V3D_CTL_INT_CLR, V3D_CORE_IRQS(v3d->ver)); -- 2.50.0

4 months, 1 week

3
3
0 0

[PATCH net v2] net: libwx: fix the incorrect display of the queue number

by Jiawen Wu

When setting "ethtool -L eth0 combined 1", the number of RX/TX queue is changed to be 1. RSS is disabled at this moment, and the indices of FDIR have not be changed in wx_set_rss_queues(). So the combined count still shows the previous value. This issue was introduced when supporting FDIR. Fix it for those devices that support FDIR. Fixes: 34744a7749b3 ("net: txgbe: add FDIR info to ethtool ops") Cc: stable(a)vger.kernel.org Signed-off-by: Jiawen Wu <jiawenwu(a)trustnetic.com> Reviewed-by: Simon Horman <horms(a)kernel.org> --- v1 -> v2: - fix it in wx_set_rss_queues() --- drivers/net/ethernet/wangxun/libwx/wx_lib.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/net/ethernet/wangxun/libwx/wx_lib.c b/drivers/net/ethernet/wangxun/libwx/wx_lib.c index 85c606805e27..55e252789db3 100644 --- a/drivers/net/ethernet/wangxun/libwx/wx_lib.c +++ b/drivers/net/ethernet/wangxun/libwx/wx_lib.c @@ -1705,6 +1705,7 @@ static void wx_set_rss_queues(struct wx *wx) clear_bit(WX_FLAG_FDIR_HASH, wx->flags); + wx->ring_feature[RING_F_FDIR].indices = 1; /* Use Flow Director in addition to RSS to ensure the best * distribution of flows across cores, even when an FDIR flow * isn't matched. -- 2.48.1

4 months, 1 week

3
2
0 0

FAILED: patch "[PATCH] staging: rtl8723bs: Avoid memset() in aes_cipher() and" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x a55bc4ffc06d8c965a7d6f0a01ed0ed41380df28 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025063055-overfed-dispute-71ba@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a55bc4ffc06d8c965a7d6f0a01ed0ed41380df28 Mon Sep 17 00:00:00 2001 From: Nathan Chancellor <nathan(a)kernel.org> Date: Mon, 9 Jun 2025 14:13:14 -0700 Subject: [PATCH] staging: rtl8723bs: Avoid memset() in aes_cipher() and aes_decipher() After commit 6f110a5e4f99 ("Disable SLUB_TINY for build testing"), which causes CONFIG_KASAN to be enabled in allmodconfig again, arm64 allmodconfig builds with older versions of clang (15 through 17) show an instance of -Wframe-larger-than (which breaks the build with CONFIG_WERROR=y): drivers/staging/rtl8723bs/core/rtw_security.c:1287:5: error: stack frame size (2208) exceeds limit (2048) in 'rtw_aes_decrypt' [-Werror,-Wframe-larger-than] 1287 | u32 rtw_aes_decrypt(struct adapter *padapter, u8 *precvframe) | ^ This comes from aes_decipher() being inlined in rtw_aes_decrypt(). Running the same build with CONFIG_FRAME_WARN=128 shows aes_cipher() also uses a decent amount of stack, just under the limit of 2048: drivers/staging/rtl8723bs/core/rtw_security.c:864:19: warning: stack frame size (1952) exceeds limit (128) in 'aes_cipher' [-Wframe-larger-than] 864 | static signed int aes_cipher(u8 *key, uint hdrlen, | ^ -Rpass-analysis=stack-frame-layout only shows one large structure on the stack, which is the ctx variable inlined from aes128k128d(). A good number of the other variables come from the additional checks of fortified string routines, which are present in memset(), which both aes_cipher() and aes_decipher() use to initialize some temporary buffers. In this case, since the size is known at compile time, these additional checks should not result in any code generation changes but allmodconfig has several sanitizers enabled, which may make it harder for the compiler to eliminate the compile time checks and the variables that come about from them. The memset() calls are just initializing these buffers to zero, so use '= {}' instead, which is used all over the kernel and does the exact same thing as memset() without the fortify checks, which drops the stack usage of these functions by a few hundred kilobytes. drivers/staging/rtl8723bs/core/rtw_security.c:864:19: warning: stack frame size (1584) exceeds limit (128) in 'aes_cipher' [-Wframe-larger-than] 864 | static signed int aes_cipher(u8 *key, uint hdrlen, | ^ drivers/staging/rtl8723bs/core/rtw_security.c:1271:5: warning: stack frame size (1456) exceeds limit (128) in 'rtw_aes_decrypt' [-Wframe-larger-than] 1271 | u32 rtw_aes_decrypt(struct adapter *padapter, u8 *precvframe) | ^ Cc: stable(a)vger.kernel.org Fixes: 554c0a3abf21 ("staging: Add rtl8723bs sdio wifi driver") Signed-off-by: Nathan Chancellor <nathan(a)kernel.org> Reviewed-by: Dan Carpenter <dan.carpenter(a)linaro.org> Link: https://lore.kernel.org/r/20250609-rtl8723bs-fix-clang-arm64-wflt-v1-1-e2ac… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/staging/rtl8723bs/core/rtw_security.c b/drivers/staging/rtl8723bs/core/rtw_security.c index 1e9eff01b1aa..e9f382c280d9 100644 --- a/drivers/staging/rtl8723bs/core/rtw_security.c +++ b/drivers/staging/rtl8723bs/core/rtw_security.c @@ -868,29 +868,21 @@ static signed int aes_cipher(u8 *key, uint hdrlen, num_blocks, payload_index; u8 pn_vector[6]; - u8 mic_iv[16]; - u8 mic_header1[16]; - u8 mic_header2[16]; - u8 ctr_preload[16]; + u8 mic_iv[16] = {}; + u8 mic_header1[16] = {}; + u8 mic_header2[16] = {}; + u8 ctr_preload[16] = {}; /* Intermediate Buffers */ - u8 chain_buffer[16]; - u8 aes_out[16]; - u8 padded_buffer[16]; + u8 chain_buffer[16] = {}; + u8 aes_out[16] = {}; + u8 padded_buffer[16] = {}; u8 mic[8]; uint frtype = GetFrameType(pframe); uint frsubtype = GetFrameSubType(pframe); frsubtype = frsubtype>>4; - memset((void *)mic_iv, 0, 16); - memset((void *)mic_header1, 0, 16); - memset((void *)mic_header2, 0, 16); - memset((void *)ctr_preload, 0, 16); - memset((void *)chain_buffer, 0, 16); - memset((void *)aes_out, 0, 16); - memset((void *)padded_buffer, 0, 16); - if ((hdrlen == WLAN_HDR_A3_LEN) || (hdrlen == WLAN_HDR_A3_QOS_LEN)) a4_exists = 0; else @@ -1080,15 +1072,15 @@ static signed int aes_decipher(u8 *key, uint hdrlen, num_blocks, payload_index; signed int res = _SUCCESS; u8 pn_vector[6]; - u8 mic_iv[16]; - u8 mic_header1[16]; - u8 mic_header2[16]; - u8 ctr_preload[16]; + u8 mic_iv[16] = {}; + u8 mic_header1[16] = {}; + u8 mic_header2[16] = {}; + u8 ctr_preload[16] = {}; /* Intermediate Buffers */ - u8 chain_buffer[16]; - u8 aes_out[16]; - u8 padded_buffer[16]; + u8 chain_buffer[16] = {}; + u8 aes_out[16] = {}; + u8 padded_buffer[16] = {}; u8 mic[8]; uint frtype = GetFrameType(pframe); @@ -1096,14 +1088,6 @@ static signed int aes_decipher(u8 *key, uint hdrlen, frsubtype = frsubtype>>4; - memset((void *)mic_iv, 0, 16); - memset((void *)mic_header1, 0, 16); - memset((void *)mic_header2, 0, 16); - memset((void *)ctr_preload, 0, 16); - memset((void *)chain_buffer, 0, 16); - memset((void *)aes_out, 0, 16); - memset((void *)padded_buffer, 0, 16); - /* start to decrypt the payload */ num_blocks = (plen-8) / 16; /* plen including LLC, payload_length and mic) */

4 months, 1 week

4
3
0 0

[PATCH] riscv: cpu_ops_sbi: Use static array for boot_data

by Vivian Wang

Since commit 6b9f29b81b15 ("riscv: Enable pcpu page first chunk allocator"), if NUMA is enabled, the page percpu allocator may be used on very sparse configurations, or when requested on boot with percpu_alloc=page. In that case, percpu data gets put in the vmalloc area. However, sbi_hsm_hart_start() needs the physical address of a sbi_hart_boot_data, and simply assumes that __pa() would work. This causes the just started hart to immediately access an invalid address and hang. Fortunately, struct sbi_hart_boot_data is not too large, so we can simply allocate an array for boot_data statically, putting it in the kernel image. This fixes NUMA=y SMP boot on Sophgo SG2042. To reproduce on QEMU: Set CONFIG_NUMA=y and CONFIG_DEBUG_VIRTUAL=y, then run with: qemu-system-riscv64 -M virt -smp 2 -nographic \ -kernel arch/riscv/boot/Image \ -append "percpu_alloc=page" Kernel output: [ 0.000000] Booting Linux on hartid 0 [ 0.000000] Linux version 6.16.0-rc1 (dram@sakuya) (riscv64-unknown-linux-gnu-gcc (GCC) 14.2.1 20250322, GNU ld (GNU Binutils) 2.44) #11 SMP Tue Jun 24 14:56:22 CST 2025 ... [ 0.000000] percpu: 28 4K pages/cpu s85784 r8192 d20712 ... [ 0.083192] smp: Bringing up secondary CPUs ... [ 0.086722] ------------[ cut here ]------------ [ 0.086849] virt_to_phys used for non-linear address: (____ptrval____) (0xff2000000001d080) [ 0.088001] WARNING: CPU: 0 PID: 1 at arch/riscv/mm/physaddr.c:14 __virt_to_phys+0xae/0xe8 [ 0.088376] Modules linked in: [ 0.088656] CPU: 0 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.16.0-rc1 #11 NONE [ 0.088833] Hardware name: riscv-virtio,qemu (DT) [ 0.088948] epc : __virt_to_phys+0xae/0xe8 [ 0.089001] ra : __virt_to_phys+0xae/0xe8 [ 0.089037] epc : ffffffff80021eaa ra : ffffffff80021eaa sp : ff2000000004bbc0 [ 0.089057] gp : ffffffff817f49c0 tp : ff60000001d60000 t0 : 5f6f745f74726976 [ 0.089076] t1 : 0000000000000076 t2 : 705f6f745f747269 s0 : ff2000000004bbe0 [ 0.089095] s1 : ff2000000001d080 a0 : 0000000000000000 a1 : 0000000000000000 [ 0.089113] a2 : 0000000000000000 a3 : 0000000000000000 a4 : 0000000000000000 [ 0.089131] a5 : 0000000000000000 a6 : 0000000000000000 a7 : 0000000000000000 [ 0.089155] s2 : ffffffff8130dc00 s3 : 0000000000000001 s4 : 0000000000000001 [ 0.089174] s5 : ffffffff8185eff8 s6 : ff2000007f1eb000 s7 : ffffffff8002a2ec [ 0.089193] s8 : 0000000000000001 s9 : 0000000000000001 s10: 0000000000000000 [ 0.089211] s11: 0000000000000000 t3 : ffffffff8180a9f7 t4 : ffffffff8180a9f7 [ 0.089960] t5 : ffffffff8180a9f8 t6 : ff2000000004b9d8 [ 0.089984] status: 0000000200000120 badaddr: ffffffff80021eaa cause: 0000000000000003 [ 0.090101] [<ffffffff80021eaa>] __virt_to_phys+0xae/0xe8 [ 0.090228] [<ffffffff8001d796>] sbi_cpu_start+0x6e/0xe8 [ 0.090247] [<ffffffff8001a5da>] __cpu_up+0x1e/0x8c [ 0.090260] [<ffffffff8002a32e>] bringup_cpu+0x42/0x258 [ 0.090277] [<ffffffff8002914c>] cpuhp_invoke_callback+0xe0/0x40c [ 0.090292] [<ffffffff800294e0>] __cpuhp_invoke_callback_range+0x68/0xfc [ 0.090320] [<ffffffff8002a96a>] _cpu_up+0x11a/0x244 [ 0.090334] [<ffffffff8002aae6>] cpu_up+0x52/0x90 [ 0.090384] [<ffffffff80c09350>] bringup_nonboot_cpus+0x78/0x118 [ 0.090411] [<ffffffff80c11060>] smp_init+0x34/0xb8 [ 0.090425] [<ffffffff80c01220>] kernel_init_freeable+0x148/0x2e4 [ 0.090442] [<ffffffff80b83802>] kernel_init+0x1e/0x14c [ 0.090455] [<ffffffff800124ca>] ret_from_fork_kernel+0xe/0xf0 [ 0.090471] [<ffffffff80b8d9c2>] ret_from_fork_kernel_asm+0x16/0x18 [ 0.090560] ---[ end trace 0000000000000000 ]--- [ 1.179875] CPU1: failed to come online [ 1.190324] smp: Brought up 1 node, 1 CPU Cc: stable(a)vger.kernel.org Reported-by: Han Gao <rabenda.cn(a)gmail.com> Fixes: 9a2451f18663 ("RISC-V: Avoid using per cpu array for ordered booting") Signed-off-by: Vivian Wang <wangruikang(a)iscas.ac.cn> --- arch/riscv/kernel/cpu_ops_sbi.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/arch/riscv/kernel/cpu_ops_sbi.c b/arch/riscv/kernel/cpu_ops_sbi.c index e6fbaaf549562d6e9ca63a66371441fe8b230cb3..87d6559448039cdd2e8a604a19bd832ab5a98fc2 100644 --- a/arch/riscv/kernel/cpu_ops_sbi.c +++ b/arch/riscv/kernel/cpu_ops_sbi.c @@ -18,10 +18,10 @@ const struct cpu_operations cpu_ops_sbi; /* * Ordered booting via HSM brings one cpu at a time. However, cpu hotplug can - * be invoked from multiple threads in parallel. Define a per cpu data + * be invoked from multiple threads in parallel. Define an array of boot data * to handle that. */ -static DEFINE_PER_CPU(struct sbi_hart_boot_data, boot_data); +static struct sbi_hart_boot_data boot_data[NR_CPUS]; static int sbi_hsm_hart_start(unsigned long hartid, unsigned long saddr, unsigned long priv) @@ -67,7 +67,7 @@ static int sbi_cpu_start(unsigned int cpuid, struct task_struct *tidle) unsigned long boot_addr = __pa_symbol(secondary_start_sbi); unsigned long hartid = cpuid_to_hartid_map(cpuid); unsigned long hsm_data; - struct sbi_hart_boot_data *bdata = &per_cpu(boot_data, cpuid); + struct sbi_hart_boot_data *bdata = &boot_data[cpuid]; /* Make sure tidle is updated */ smp_mb(); --- base-commit: 19272b37aa4f83ca52bdf9c16d5d81bdd1354494 change-id: 20250624-riscv-hsm-boot-data-array-1d392098bd22 Best regards, -- Vivian "dramforever" Wang

4 months, 1 week

3
2
0 0

[PATCH] media: iris: Call correct power off callback in cleanup path

by Krzysztof Kozlowski

Driver implements different callbacks for the power off controller (.power_off_controller): - iris_vpu_power_off_controller, - iris_vpu33_power_off_controller, The generic wrapper for handling power off - iris_vpu_power_off() - calls them via 'iris_platform_data->vpu_ops', so shall the cleanup code in iris_vpu_power_on(). This makes also sense if looking at caller of iris_vpu_power_on(), which unwinds also with the wrapper calling respective platfortm code (unwinds with iris_vpu_power_off()). Otherwise power off sequence on the newer VPU3.3 in error path is not complete. Fixes: c69df5de4ac3 ("media: platform: qcom/iris: add power_off_controller to vpu_ops") Cc: <stable(a)vger.kernel.org> Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> --- drivers/media/platform/qcom/iris/iris_vpu_common.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/media/platform/qcom/iris/iris_vpu_common.c b/drivers/media/platform/qcom/iris/iris_vpu_common.c index 268e45acaa7c..42a7c53ce48e 100644 --- a/drivers/media/platform/qcom/iris/iris_vpu_common.c +++ b/drivers/media/platform/qcom/iris/iris_vpu_common.c @@ -359,7 +359,7 @@ int iris_vpu_power_on(struct iris_core *core) return 0; err_power_off_ctrl: - iris_vpu_power_off_controller(core); + core->iris_platform_data->vpu_ops->power_off_controller(core); err_unvote_icc: iris_unset_icc_bw(core); err: -- 2.43.0

4 months, 1 week

3
2
0 0

[PATCH net] net: ipv4: fix incorrect MTU in broadcast routes

by Oscar Maes

Currently, __mkroute_output overrules the MTU value configured for broadcast routes. This buggy behaviour can be reproduced with: ip link set dev eth1 mtu 9000 ip route del broadcast 192.168.0.255 dev eth1 proto kernel scope link src 192.168.0.2 ip route add broadcast 192.168.0.255 dev eth1 proto kernel scope link src 192.168.0.2 mtu 1500 The maximum packet size should be 1500, but it is actually 8000: ping -b 192.168.0.255 -s 8000 Fix __mkroute_output to allow MTU values to be configured for for broadcast routes (to support a mixed-MTU local-area-network). Signed-off-by: Oscar Maes <oscmaes92(a)gmail.com> --- net/ipv4/route.c | 1 - 1 file changed, 1 deletion(-) diff --git a/net/ipv4/route.c b/net/ipv4/route.c index fccb05fb3..a2a3b6482 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c @@ -2585,7 +2585,6 @@ static struct rtable *__mkroute_output(const struct fib_result *res, do_cache = true; if (type == RTN_BROADCAST) { flags |= RTCF_BROADCAST | RTCF_LOCAL; - fi = NULL; } else if (type == RTN_MULTICAST) { flags |= RTCF_MULTICAST | RTCF_LOCAL; if (!ip_check_mc_rcu(in_dev, fl4->daddr, fl4->saddr, -- 2.39.5

4 months, 2 weeks

3
2
0 0

[PATCH] dt-bindings: i2c: realtek,rtl9301: Fix missing 'reg' constraint

by Krzysztof Kozlowski

Lists should have fixed amount if items, so add missing constraint to the 'reg' property (only one address space entry). Fixes: c5eda0333076 ("dt-bindings: i2c: Add Realtek RTL I2C Controller") Cc: <stable(a)vger.kernel.org> Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> --- Documentation/devicetree/bindings/i2c/realtek,rtl9301-i2c.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Documentation/devicetree/bindings/i2c/realtek,rtl9301-i2c.yaml b/Documentation/devicetree/bindings/i2c/realtek,rtl9301-i2c.yaml index eddfd329c67b..69ac5db8b914 100644 --- a/Documentation/devicetree/bindings/i2c/realtek,rtl9301-i2c.yaml +++ b/Documentation/devicetree/bindings/i2c/realtek,rtl9301-i2c.yaml @@ -26,7 +26,8 @@ properties: - const: realtek,rtl9301-i2c reg: - description: Register offset and size this I2C controller. + items: + - description: Register offset and size this I2C controller. "#address-cells": const: 1 -- 2.43.0

4 months, 2 weeks

2
1
0 0

FAILED: patch "[PATCH] io_uring/kbuf: account ring io_buffer_list memory" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 475a8d30371604a6363da8e304a608a5959afc40 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062043-header-audio-50d2@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 475a8d30371604a6363da8e304a608a5959afc40 Mon Sep 17 00:00:00 2001 From: Pavel Begunkov <asml.silence(a)gmail.com> Date: Tue, 13 May 2025 18:26:46 +0100 Subject: [PATCH] io_uring/kbuf: account ring io_buffer_list memory Follow the non-ringed pbuf struct io_buffer_list allocations and account it against the memcg. There is low chance of that being an actual problem as ring provided buffer should either pin user memory or allocate it, which is already accounted. Cc: stable(a)vger.kernel.org # 6.1 Signed-off-by: Pavel Begunkov <asml.silence(a)gmail.com> Link: https://lore.kernel.org/r/3985218b50d341273cafff7234e1a7e6d0db9808.17471504… Signed-off-by: Jens Axboe <axboe(a)kernel.dk> diff --git a/io_uring/kbuf.c b/io_uring/kbuf.c index 1cf0d2c01287..446207db1edf 100644 --- a/io_uring/kbuf.c +++ b/io_uring/kbuf.c @@ -621,7 +621,7 @@ int io_register_pbuf_ring(struct io_ring_ctx *ctx, void __user *arg) io_destroy_bl(ctx, bl); } - free_bl = bl = kzalloc(sizeof(*bl), GFP_KERNEL); + free_bl = bl = kzalloc(sizeof(*bl), GFP_KERNEL_ACCOUNT); if (!bl) return -ENOMEM;

4 months, 2 weeks

3
2
0 0

FAILED: patch "[PATCH] nvme: always punt polled uring_cmd end_io work to task_work" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 9ce6c9875f3e995be5fd720b65835291f8a609b1 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062012-veggie-grout-8f7e@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 9ce6c9875f3e995be5fd720b65835291f8a609b1 Mon Sep 17 00:00:00 2001 From: Jens Axboe <axboe(a)kernel.dk> Date: Fri, 13 Jun 2025 13:37:41 -0600 Subject: [PATCH] nvme: always punt polled uring_cmd end_io work to task_work Currently NVMe uring_cmd completions will complete locally, if they are polled. This is done because those completions are always invoked from task context. And while that is true, there's no guarantee that it's invoked under the right ring context, or even task. If someone does NVMe passthrough via multiple threads and with a limited number of poll queues, then ringA may find completions from ringB. For that case, completing the request may not be sound. Always just punt the passthrough completions via task_work, which will redirect the completion, if needed. Cc: stable(a)vger.kernel.org Fixes: 585079b6e425 ("nvme: wire up async polling for io passthrough commands") Signed-off-by: Jens Axboe <axboe(a)kernel.dk> diff --git a/drivers/nvme/host/ioctl.c b/drivers/nvme/host/ioctl.c index 0b50da2f1175..6b3ac8ae3f34 100644 --- a/drivers/nvme/host/ioctl.c +++ b/drivers/nvme/host/ioctl.c @@ -429,21 +429,14 @@ static enum rq_end_io_ret nvme_uring_cmd_end_io(struct request *req, pdu->result = le64_to_cpu(nvme_req(req)->result.u64); /* - * For iopoll, complete it directly. Note that using the uring_cmd - * helper for this is safe only because we check blk_rq_is_poll(). - * As that returns false if we're NOT on a polled queue, then it's - * safe to use the polled completion helper. - * - * Otherwise, move the completion to task work. + * IOPOLL could potentially complete this request directly, but + * if multiple rings are polling on the same queue, then it's possible + * for one ring to find completions for another ring. Punting the + * completion via task_work will always direct it to the right + * location, rather than potentially complete requests for ringA + * under iopoll invocations from ringB. */ - if (blk_rq_is_poll(req)) { - if (pdu->bio) - blk_rq_unmap_user(pdu->bio); - io_uring_cmd_iopoll_done(ioucmd, pdu->result, pdu->status); - } else { - io_uring_cmd_do_in_task_lazy(ioucmd, nvme_uring_task_cb); - } - + io_uring_cmd_do_in_task_lazy(ioucmd, nvme_uring_task_cb); return RQ_END_IO_FREE; }

4 months, 2 weeks

3
2
0 0

FAILED: patch "[PATCH] nvme: always punt polled uring_cmd end_io work to task_work" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 9ce6c9875f3e995be5fd720b65835291f8a609b1 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062012-skydiver-undergrad-6e0f@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 9ce6c9875f3e995be5fd720b65835291f8a609b1 Mon Sep 17 00:00:00 2001 From: Jens Axboe <axboe(a)kernel.dk> Date: Fri, 13 Jun 2025 13:37:41 -0600 Subject: [PATCH] nvme: always punt polled uring_cmd end_io work to task_work Currently NVMe uring_cmd completions will complete locally, if they are polled. This is done because those completions are always invoked from task context. And while that is true, there's no guarantee that it's invoked under the right ring context, or even task. If someone does NVMe passthrough via multiple threads and with a limited number of poll queues, then ringA may find completions from ringB. For that case, completing the request may not be sound. Always just punt the passthrough completions via task_work, which will redirect the completion, if needed. Cc: stable(a)vger.kernel.org Fixes: 585079b6e425 ("nvme: wire up async polling for io passthrough commands") Signed-off-by: Jens Axboe <axboe(a)kernel.dk> diff --git a/drivers/nvme/host/ioctl.c b/drivers/nvme/host/ioctl.c index 0b50da2f1175..6b3ac8ae3f34 100644 --- a/drivers/nvme/host/ioctl.c +++ b/drivers/nvme/host/ioctl.c @@ -429,21 +429,14 @@ static enum rq_end_io_ret nvme_uring_cmd_end_io(struct request *req, pdu->result = le64_to_cpu(nvme_req(req)->result.u64); /* - * For iopoll, complete it directly. Note that using the uring_cmd - * helper for this is safe only because we check blk_rq_is_poll(). - * As that returns false if we're NOT on a polled queue, then it's - * safe to use the polled completion helper. - * - * Otherwise, move the completion to task work. + * IOPOLL could potentially complete this request directly, but + * if multiple rings are polling on the same queue, then it's possible + * for one ring to find completions for another ring. Punting the + * completion via task_work will always direct it to the right + * location, rather than potentially complete requests for ringA + * under iopoll invocations from ringB. */ - if (blk_rq_is_poll(req)) { - if (pdu->bio) - blk_rq_unmap_user(pdu->bio); - io_uring_cmd_iopoll_done(ioucmd, pdu->result, pdu->status); - } else { - io_uring_cmd_do_in_task_lazy(ioucmd, nvme_uring_task_cb); - } - + io_uring_cmd_do_in_task_lazy(ioucmd, nvme_uring_task_cb); return RQ_END_IO_FREE; }

4 months, 2 weeks

3
2
0 0

[PATCH 5.10] scsi: lpfc: Move NPIV's transport unregistration to after resource clean up

by Anastasia Belova

From: Justin Tee <justin.tee(a)broadcom.com> commit 4ddf01f2f1504fa08b766e8cfeec558e9f8eef6c upstream. There are cases after NPIV deletion where the fabric switch still believes the NPIV is logged into the fabric. This occurs when a vport is unregistered before the Remove All DA_ID CT and LOGO ELS are sent to the fabric. Currently fc_remove_host(), which calls dev_loss_tmo for all D_IDs including the fabric D_ID, removes the last ndlp reference and frees the ndlp rport object. This sometimes causes the race condition where the final DA_ID and LOGO are skipped from being sent to the fabric switch. Fix by moving the fc_remove_host() and scsi_remove_host() calls after DA_ID and LOGO are sent. Signed-off-by: Justin Tee <justin.tee(a)broadcom.com> Link: https://lore.kernel.org/r/20240305200503.57317-3-justintee8345@gmail.com Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> Signed-off-by: Anastasia Belova <abelova(a)astralinux.ru> --- Backport fix for CVE-2024-36952 drivers/scsi/lpfc/lpfc_vport.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/scsi/lpfc/lpfc_vport.c b/drivers/scsi/lpfc/lpfc_vport.c index aa4e451d5dc1..921630f71ee9 100644 --- a/drivers/scsi/lpfc/lpfc_vport.c +++ b/drivers/scsi/lpfc/lpfc_vport.c @@ -668,10 +668,6 @@ lpfc_vport_delete(struct fc_vport *fc_vport) ns_ndlp_referenced = true; } - /* Remove FC host and then SCSI host with the vport */ - fc_remove_host(shost); - scsi_remove_host(shost); - ndlp = lpfc_findnode_did(phba->pport, Fabric_DID); /* In case of driver unload, we shall not perform fabric logo as the @@ -783,6 +779,10 @@ lpfc_vport_delete(struct fc_vport *fc_vport) lpfc_nlp_put(ndlp); } + /* Remove FC host to break driver binding. */ + fc_remove_host(shost); + scsi_remove_host(shost); + lpfc_cleanup(vport); lpfc_sli_host_down(vport); -- 2.43.0

4 months, 2 weeks

1
0
0 0

[PATCH] btrfs: populate otime when logging an inode item

by Qu Wenruo

[TEST FAILURE WITH EXPERIMENTAL FEATURES] When running test case generic/508, the test case will fail with the new btrfs shutdown support: generic/508 - output mismatch (see /home/adam/xfstests/results//generic/508.out.bad) --- tests/generic/508.out 2022-05-11 11:25:30.806666664 +0930 +++ /home/adam/xfstests/results//generic/508.out.bad 2025-07-02 14:53:22.401824212 +0930 @@ -1,2 +1,6 @@ QA output created by 508 Silence is golden +Before: +After : stat.btime = Thu Jan 1 09:30:00 1970 +Before: +After : stat.btime = Wed Jul 2 14:53:22 2025 ... (Run 'diff -u /home/adam/xfstests/tests/generic/508.out /home/adam/xfstests/results//generic/508.out.bad' to see the entire diff) Ran: generic/508 Failures: generic/508 Failed 1 of 1 tests Please note that the test case requires shutdown support, thus the test case will be skipped using the current upstream kernel, as it doesn't have shutdown ioctl support. [CAUSE] The direct cause the 0 time stamp in the log tree: leaf 30507008 items 2 free space 16057 generation 9 owner TREE_LOG leaf 30507008 flags 0x1(WRITTEN) backref revision 1 checksum stored e522548d checksum calced e522548d fs uuid 57d45451-481e-43e4-aa93-289ad707a3a0 chunk uuid d52bd3fd-5163-4337-98a7-7986993ad398 item 0 key (257 INODE_ITEM 0) itemoff 16123 itemsize 160 generation 9 transid 9 size 0 nbytes 0 block group 0 mode 100644 links 1 uid 0 gid 0 rdev 0 sequence 1 flags 0x0(none) atime 1751432947.492000000 (2025-07-02 14:39:07) ctime 1751432947.492000000 (2025-07-02 14:39:07) mtime 1751432947.492000000 (2025-07-02 14:39:07) otime 0.0 (1970-01-01 09:30:00) <<< But the old fs tree has all the correct time stamp: btrfs-progs v6.12 fs tree key (FS_TREE ROOT_ITEM 0) leaf 30425088 items 2 free space 16061 generation 5 owner FS_TREE leaf 30425088 flags 0x1(WRITTEN) backref revision 1 checksum stored 48f6c57e checksum calced 48f6c57e fs uuid 57d45451-481e-43e4-aa93-289ad707a3a0 chunk uuid d52bd3fd-5163-4337-98a7-7986993ad398 item 0 key (256 INODE_ITEM 0) itemoff 16123 itemsize 160 generation 3 transid 0 size 0 nbytes 16384 block group 0 mode 40755 links 1 uid 0 gid 0 rdev 0 sequence 0 flags 0x0(none) atime 1751432947.0 (2025-07-02 14:39:07) ctime 1751432947.0 (2025-07-02 14:39:07) mtime 1751432947.0 (2025-07-02 14:39:07) otime 1751432947.0 (2025-07-02 14:39:07) <<< The root cause is that fill_inode_item() in tree-log.c is only populating a/c/m time, not the otime (or btime in statx output). Part of the reason is that, the vfs inode only has a/c/m time, no native btime support yet. [FIX] Thankfully btrfs has its otime stored in btrfs_inode::i_otime_sec and btrfs_inode::i_otime_nsec. So what we really need is just fill the otime time stamp in fill_inode_item() of tree-log.c There is another fill_inode_item() in inode.c, which is doing the proper otime population. CC: stable(a)vger.kernel.org Signed-off-by: Qu Wenruo <wqu(a)suse.com> --- fs/btrfs/tree-log.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/fs/btrfs/tree-log.c b/fs/btrfs/tree-log.c index 7e52d8f92e5b..5bdd89c44193 100644 --- a/fs/btrfs/tree-log.c +++ b/fs/btrfs/tree-log.c @@ -4233,6 +4233,9 @@ static void fill_inode_item(struct btrfs_trans_handle *trans, btrfs_set_timespec_sec(leaf, &item->ctime, inode_get_ctime_sec(inode)); btrfs_set_timespec_nsec(leaf, &item->ctime, inode_get_ctime_nsec(inode)); + btrfs_set_timespec_sec(leaf, &item->otime, BTRFS_I(inode)->i_otime_sec); + btrfs_set_timespec_nsec(leaf, &item->otime, BTRFS_I(inode)->i_otime_nsec); + /* * We do not need to set the nbytes field, in fact during a fast fsync * its value may not even be correct, since a fast fsync does not wait -- 2.50.0

4 months, 2 weeks

2
1
0 0

[PATCH v2] mtd: rawnand: atmel: Add missing check after DMA map

by Thomas Fourier

The DMA map functions can fail and should be tested for errors. Fixes: 4774fb0a48aa ("mtd: nand/fsmc: Add DMA support") Signed-off-by: Thomas Fourier <fourier.thomas(a)gmail.com> --- v1 -> v2: - Add stable(a)vger.kernel.org - Fix subject prefix drivers/mtd/nand/raw/fsmc_nand.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/mtd/nand/raw/fsmc_nand.c b/drivers/mtd/nand/raw/fsmc_nand.c index d579d5dd60d6..df61db8ce466 100644 --- a/drivers/mtd/nand/raw/fsmc_nand.c +++ b/drivers/mtd/nand/raw/fsmc_nand.c @@ -503,6 +503,8 @@ static int dma_xfer(struct fsmc_nand_data *host, void *buffer, int len, dma_dev = chan->device; dma_addr = dma_map_single(dma_dev->dev, buffer, len, direction); + if (dma_mapping_error(dma_dev->dev, dma_addr)) + return -EINVAL; if (direction == DMA_TO_DEVICE) { dma_src = dma_addr; -- 2.43.0

4 months, 2 weeks

3
2
0 0

[PATCH 6.12.y] iommu/vt-d: Avoid use of NULL after WARN_ON_ONCE

by Rajani kantha

From: Kees Bakker <kees(a)ijzerbout.nl> [ Upstream commit 60f030f7418d3f1d94f2fb207fe3080e1844630b ] There is a WARN_ON_ONCE to catch an unlikely situation when domain_remove_dev_pasid can't find the `pasid`. In case it nevertheless happens we must avoid using a NULL pointer. Signed-off-by: Kees Bakker <kees(a)ijzerbout.nl> Link: https://lore.kernel.org/r/20241218201048.E544818E57E@bout3.ijzerbout.nl Signed-off-by: Lu Baolu <baolu.lu(a)linux.intel.com> Signed-off-by: Joerg Roedel <jroedel(a)suse.de> Signed-off-by: Rajani Kantha <rajanikantha(a)engineer.com> --- drivers/iommu/intel/iommu.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/drivers/iommu/intel/iommu.c b/drivers/iommu/intel/iommu.c index 56e9f125cda9..7c351274d004 100644 --- a/drivers/iommu/intel/iommu.c +++ b/drivers/iommu/intel/iommu.c @@ -4306,13 +4306,14 @@ static void intel_iommu_remove_dev_pasid(struct device *dev, ioasid_t pasid, break; } } - WARN_ON_ONCE(!dev_pasid); spin_unlock_irqrestore(&dmar_domain->lock, flags); cache_tag_unassign_domain(dmar_domain, dev, pasid); domain_detach_iommu(dmar_domain, iommu); - intel_iommu_debugfs_remove_dev_pasid(dev_pasid); - kfree(dev_pasid); + if (!WARN_ON_ONCE(!dev_pasid)) { + intel_iommu_debugfs_remove_dev_pasid(dev_pasid); + kfree(dev_pasid); + } intel_pasid_tear_down_entry(iommu, dev, pasid, false); intel_drain_pasid_prq(dev, pasid); } -- 2.34.1

4 months, 2 weeks

3
2
0 0

FAILED: patch "[PATCH] io_uring/kbuf: flag partial buffer mappings" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 178b8ff66ff827c41b4fa105e9aabb99a0b5c537 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062921-froth-singing-509c@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 178b8ff66ff827c41b4fa105e9aabb99a0b5c537 Mon Sep 17 00:00:00 2001 From: Jens Axboe <axboe(a)kernel.dk> Date: Thu, 26 Jun 2025 12:17:48 -0600 Subject: [PATCH] io_uring/kbuf: flag partial buffer mappings A previous commit aborted mapping more for a non-incremental ring for bundle peeking, but depending on where in the process this peeking happened, it would not necessarily prevent a retry by the user. That can create gaps in the received/read data. Add struct buf_sel_arg->partial_map, which can pass this information back. The networking side can then map that to internal state and use it to gate retry as well. Since this necessitates a new flag, change io_sr_msg->retry to a retry_flags member, and store both the retry and partial map condition in there. Cc: stable(a)vger.kernel.org Fixes: 26ec15e4b0c1 ("io_uring/kbuf: don't truncate end buffer for multiple buffer peeks") Signed-off-by: Jens Axboe <axboe(a)kernel.dk> diff --git a/io_uring/kbuf.c b/io_uring/kbuf.c index ce95e3af44a9..f2d2cc319faa 100644 --- a/io_uring/kbuf.c +++ b/io_uring/kbuf.c @@ -271,6 +271,7 @@ static int io_ring_buffers_peek(struct io_kiocb *req, struct buf_sel_arg *arg, if (len > arg->max_len) { len = arg->max_len; if (!(bl->flags & IOBL_INC)) { + arg->partial_map = 1; if (iov != arg->iovs) break; buf->len = len; diff --git a/io_uring/kbuf.h b/io_uring/kbuf.h index 5d83c7adc739..723d0361898e 100644 --- a/io_uring/kbuf.h +++ b/io_uring/kbuf.h @@ -58,7 +58,8 @@ struct buf_sel_arg { size_t max_len; unsigned short nr_iovs; unsigned short mode; - unsigned buf_group; + unsigned short buf_group; + unsigned short partial_map; }; void __user *io_buffer_select(struct io_kiocb *req, size_t *len, diff --git a/io_uring/net.c b/io_uring/net.c index 5c1e8c4ba468..43a43522f406 100644 --- a/io_uring/net.c +++ b/io_uring/net.c @@ -75,12 +75,17 @@ struct io_sr_msg { u16 flags; /* initialised and used only by !msg send variants */ u16 buf_group; - bool retry; + unsigned short retry_flags; void __user *msg_control; /* used only for send zerocopy */ struct io_kiocb *notif; }; +enum sr_retry_flags { + IO_SR_MSG_RETRY = 1, + IO_SR_MSG_PARTIAL_MAP = 2, +}; + /* * Number of times we'll try and do receives if there's more data. If we * exceed this limit, then add us to the back of the queue and retry from @@ -187,7 +192,7 @@ static inline void io_mshot_prep_retry(struct io_kiocb *req, req->flags &= ~REQ_F_BL_EMPTY; sr->done_io = 0; - sr->retry = false; + sr->retry_flags = 0; sr->len = 0; /* get from the provided buffer */ } @@ -397,7 +402,7 @@ int io_sendmsg_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe) struct io_sr_msg *sr = io_kiocb_to_cmd(req, struct io_sr_msg); sr->done_io = 0; - sr->retry = false; + sr->retry_flags = 0; sr->len = READ_ONCE(sqe->len); sr->flags = READ_ONCE(sqe->ioprio); if (sr->flags & ~SENDMSG_FLAGS) @@ -751,7 +756,7 @@ int io_recvmsg_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe) struct io_sr_msg *sr = io_kiocb_to_cmd(req, struct io_sr_msg); sr->done_io = 0; - sr->retry = false; + sr->retry_flags = 0; if (unlikely(sqe->file_index || sqe->addr2)) return -EINVAL; @@ -823,7 +828,7 @@ static inline bool io_recv_finish(struct io_kiocb *req, int *ret, cflags |= io_put_kbufs(req, this_ret, io_bundle_nbufs(kmsg, this_ret), issue_flags); - if (sr->retry) + if (sr->retry_flags & IO_SR_MSG_RETRY) cflags = req->cqe.flags | (cflags & CQE_F_MASK); /* bundle with no more immediate buffers, we're done */ if (req->flags & REQ_F_BL_EMPTY) @@ -832,12 +837,12 @@ static inline bool io_recv_finish(struct io_kiocb *req, int *ret, * If more is available AND it was a full transfer, retry and * append to this one */ - if (!sr->retry && kmsg->msg.msg_inq > 1 && this_ret > 0 && + if (!sr->retry_flags && kmsg->msg.msg_inq > 1 && this_ret > 0 && !iov_iter_count(&kmsg->msg.msg_iter)) { req->cqe.flags = cflags & ~CQE_F_MASK; sr->len = kmsg->msg.msg_inq; sr->done_io += this_ret; - sr->retry = true; + sr->retry_flags |= IO_SR_MSG_RETRY; return false; } } else { @@ -1082,6 +1087,8 @@ static int io_recv_buf_select(struct io_kiocb *req, struct io_async_msghdr *kmsg kmsg->vec.iovec = arg.iovs; req->flags |= REQ_F_NEED_CLEANUP; } + if (arg.partial_map) + sr->retry_flags |= IO_SR_MSG_PARTIAL_MAP; /* special case 1 vec, can be a fast path */ if (ret == 1) { @@ -1276,7 +1283,7 @@ int io_send_zc_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe) int ret; zc->done_io = 0; - zc->retry = false; + zc->retry_flags = 0; if (unlikely(READ_ONCE(sqe->__pad2[0]) || READ_ONCE(sqe->addr3))) return -EINVAL;

4 months, 2 weeks

3
2
0 0

FAILED: patch "[PATCH] io_uring/rsrc: fix folio unpinning" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 5afb4bf9fc62d828647647ec31745083637132e4 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062950-football-lifting-1443@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 5afb4bf9fc62d828647647ec31745083637132e4 Mon Sep 17 00:00:00 2001 From: Pavel Begunkov <asml.silence(a)gmail.com> Date: Tue, 24 Jun 2025 14:40:33 +0100 Subject: [PATCH] io_uring/rsrc: fix folio unpinning syzbot complains about an unmapping failure: [ 108.070381][ T14] kernel BUG at mm/gup.c:71! [ 108.070502][ T14] Internal error: Oops - BUG: 00000000f2000800 [#1] SMP [ 108.123672][ T14] Hardware name: QEMU KVM Virtual Machine, BIOS edk2-20250221-8.fc42 02/21/2025 [ 108.127458][ T14] Workqueue: iou_exit io_ring_exit_work [ 108.174205][ T14] Call trace: [ 108.175649][ T14] sanity_check_pinned_pages+0x7cc/0x7d0 (P) [ 108.178138][ T14] unpin_user_page+0x80/0x10c [ 108.180189][ T14] io_release_ubuf+0x84/0xf8 [ 108.182196][ T14] io_free_rsrc_node+0x250/0x57c [ 108.184345][ T14] io_rsrc_data_free+0x148/0x298 [ 108.186493][ T14] io_sqe_buffers_unregister+0x84/0xa0 [ 108.188991][ T14] io_ring_ctx_free+0x48/0x480 [ 108.191057][ T14] io_ring_exit_work+0x764/0x7d8 [ 108.193207][ T14] process_one_work+0x7e8/0x155c [ 108.195431][ T14] worker_thread+0x958/0xed8 [ 108.197561][ T14] kthread+0x5fc/0x75c [ 108.199362][ T14] ret_from_fork+0x10/0x20 We can pin a tail page of a folio, but then io_uring will try to unpin the head page of the folio. While it should be fine in terms of keeping the page actually alive, mm folks say it's wrong and triggers a debug warning. Use unpin_user_folio() instead of unpin_user_page*. Cc: stable(a)vger.kernel.org Debugged-by: David Hildenbrand <david(a)redhat.com> Reported-by: syzbot+1d335893772467199ab6(a)syzkaller.appspotmail.com Closes: https://lkml.kernel.org/r/683f1551.050a0220.55ceb.0017.GAE@google.com Fixes: a8edbb424b139 ("io_uring/rsrc: enable multi-hugepage buffer coalescing") Signed-off-by: Pavel Begunkov <asml.silence(a)gmail.com> Link: https://lore.kernel.org/io-uring/a28b0f87339ac2acf14a645dad1e95bbcbf18acd.1… [axboe: adapt to current tree, massage commit message] Signed-off-by: Jens Axboe <axboe(a)kernel.dk> diff --git a/io_uring/rsrc.c b/io_uring/rsrc.c index d724602697e7..0c09e38784c9 100644 --- a/io_uring/rsrc.c +++ b/io_uring/rsrc.c @@ -112,8 +112,11 @@ static void io_release_ubuf(void *priv) struct io_mapped_ubuf *imu = priv; unsigned int i; - for (i = 0; i < imu->nr_bvecs; i++) - unpin_user_page(imu->bvec[i].bv_page); + for (i = 0; i < imu->nr_bvecs; i++) { + struct folio *folio = page_folio(imu->bvec[i].bv_page); + + unpin_user_folio(folio, 1); + } } static struct io_mapped_ubuf *io_alloc_imu(struct io_ring_ctx *ctx, @@ -840,8 +843,10 @@ static struct io_rsrc_node *io_sqe_buffer_register(struct io_ring_ctx *ctx, if (ret) { if (imu) io_free_imu(ctx, imu); - if (pages) - unpin_user_pages(pages, nr_pages); + if (pages) { + for (i = 0; i < nr_pages; i++) + unpin_user_folio(page_folio(pages[i]), 1); + } io_cache_free(&ctx->node_cache, node); node = ERR_PTR(ret); }

4 months, 2 weeks

3
2
0 0

[PATCH 1/1] md/md-bitmap: fix GPF in bitmap_get_stats()

by Håkon Bugge

The commit message of commit 6ec1f0239485 ("md/md-bitmap: fix stats collection for external bitmaps") states: Remove the external bitmap check as the statistics should be available regardless of bitmap storage location. Return -EINVAL only for invalid bitmap with no storage (neither in superblock nor in external file). But, the code does not adhere to the above, as it does only check for a valid super-block for "internal" bitmaps. Hence, we observe: Oops: GPF, probably for non-canonical address 0x1cd66f1f40000028 RIP: 0010:bitmap_get_stats+0x45/0xd0 Call Trace: seq_read_iter+0x2b9/0x46a seq_read+0x12f/0x180 proc_reg_read+0x57/0xb0 vfs_read+0xf6/0x380 ksys_read+0x6d/0xf0 do_syscall_64+0x8c/0x1b0 entry_SYSCALL_64_after_hwframe+0x76/0x7e We fix this by checking the existence of a super-block for both the internal and external case. Fixes: 6ec1f0239485 ("md/md-bitmap: fix stats collection for external bitmaps") Cc: stable(a)vger.kernel.org Reported-by: Gerald Gibson <gerald.gibson(a)oracle.com> Signed-off-by: Håkon Bugge <haakon.bugge(a)oracle.com> --- drivers/md/md-bitmap.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/drivers/md/md-bitmap.c b/drivers/md/md-bitmap.c index bd694910b01b0..7f524a26cebca 100644 --- a/drivers/md/md-bitmap.c +++ b/drivers/md/md-bitmap.c @@ -2366,8 +2366,7 @@ static int bitmap_get_stats(void *data, struct md_bitmap_stats *stats) if (!bitmap) return -ENOENT; - if (!bitmap->mddev->bitmap_info.external && - !bitmap->storage.sb_page) + if (!bitmap->storage.sb_page) return -EINVAL; sb = kmap_local_page(bitmap->storage.sb_page); stats->sync_size = le64_to_cpu(sb->sync_size); -- 2.43.5

4 months, 2 weeks

1
0
0 0

[PATCH v3 0/3] platform/x86: think-lmi: Fix resource cleanup flaws

by Kurt Borja

Hi all, First patch is a prerequisite in order to avoid NULL pointer dereferences in error paths. Then two fixes follow. Signed-off-by: Kurt Borja <kuurtb(a)gmail.com> --- Changes in v3: - Add Cc stable tags to all patches - Rebase on top of the 'fixes' branch - Link to v2: https://lore.kernel.org/r/20250628-lmi-fix-v2-0-c530e1c959d7@gmail.com Changes in v2: [PATCH 02] - Remove kobject_del() and commit message remark. It turns out it's optional to call this (my bad) - Leave only one fixes tag. The other two are not necessary. - Link to v1: https://lore.kernel.org/r/20250628-lmi-fix-v1-0-c6eec9aa3ca7@gmail.com --- Kurt Borja (3): platform/x86: think-lmi: Create ksets consecutively platform/x86: think-lmi: Fix kobject cleanup platform/x86: think-lmi: Fix sysfs group cleanup drivers/platform/x86/think-lmi.c | 90 ++++++++++++++-------------------------- 1 file changed, 30 insertions(+), 60 deletions(-) --- base-commit: 173bbec6693f3f3f00dac144f3aa0cd62fb60d33 change-id: 20250628-lmi-fix-98143b10d9fd -- ~ Kurt

4 months, 2 weeks

2
4
0 0

6.15.5 stable request, regression from 6.15.3..6.15.4

by Jens Axboe

Hi, Details in the patch attached, but an unrelated vfs change broke io_uring for anon inode reading/writing. Please queue this up asap for 6.15.5 so we don't have have any further 6.15-stable kernels with this regression. You can also just cherry pick it, picks cleanly. Sha is: 6f11adcc6f36ffd8f33dbdf5f5ce073368975bc3 Thanks, -- Jens Axboe

4 months, 2 weeks

2
1
0 0

[PATCH] mtd: rawnand: renesas: Add missing check after DMA map

by Thomas Fourier

The DMA map functions can fail and should be tested for errors. Fixes: d8701fe890ec ("mtd: rawnand: renesas: Add new NAND controller driver") Cc: stable(a)vger.kernel.org Signed-off-by: Thomas Fourier <fourier.thomas(a)gmail.com> --- drivers/mtd/nand/raw/renesas-nand-controller.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/drivers/mtd/nand/raw/renesas-nand-controller.c b/drivers/mtd/nand/raw/renesas-nand-controller.c index 44f6603736d1..f4a775571733 100644 --- a/drivers/mtd/nand/raw/renesas-nand-controller.c +++ b/drivers/mtd/nand/raw/renesas-nand-controller.c @@ -426,6 +426,10 @@ static int rnandc_read_page_hw_ecc(struct nand_chip *chip, u8 *buf, /* Configure DMA */ dma_addr = dma_map_single(rnandc->dev, rnandc->buf, mtd->writesize, DMA_FROM_DEVICE); + if (dma_mapping_error(rnandc->dev, dma_addr)) { + dev_err(rnandc->dev, "DMA mapping failed.\n"); + return -ENOMEM; + } writel(dma_addr, rnandc->regs + DMA_ADDR_LOW_REG); writel(mtd->writesize, rnandc->regs + DMA_CNT_REG); writel(DMA_TLVL_MAX, rnandc->regs + DMA_TLVL_REG); @@ -606,6 +610,10 @@ static int rnandc_write_page_hw_ecc(struct nand_chip *chip, const u8 *buf, /* Configure DMA */ dma_addr = dma_map_single(rnandc->dev, (void *)rnandc->buf, mtd->writesize, DMA_TO_DEVICE); + if (dma_mapping_error(rnandc->dev, dma_addr)) { + dev_err(rnandc->dev, "DMA mapping failed.\n"); + return -ENOMEM; + } writel(dma_addr, rnandc->regs + DMA_ADDR_LOW_REG); writel(mtd->writesize, rnandc->regs + DMA_CNT_REG); writel(DMA_TLVL_MAX, rnandc->regs + DMA_TLVL_REG); -- 2.43.0

4 months, 2 weeks

2
1
0 0

Re: Patch "drm/i915/gem: Allow EXEC_CAPTURE on recoverable contexts on DG1" has been added to the 6.1-stable tree

by Joonas Lahtinen

Hi Greg, Please do note that there is a revert for this patch that was part of the same pull request. That needs to be picked in too in case you are picking the original patch. I already got the automated mails from Sasha that both the original commit and revert were already picked into 6.1, 6.6 and 6.12 trees. Are now in a perpetual machinery induced loop where the original commit and revert will be picked in alternating fashion to the stable trees? [1] Regards, Joonas [1] Originally, I was under the assumption stable machinery would automatically skip over patches that have later been reverted, but that doesn't seem to be the case? Quoting gregkh(a)linuxfoundation.org (2025-06-30 14:39:44) > > This is a note to let you know that I've just added the patch titled > > drm/i915/gem: Allow EXEC_CAPTURE on recoverable contexts on DG1 > > to the 6.1-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > drm-i915-gem-allow-exec_capture-on-recoverable-contexts-on-dg1.patch > and it can be found in the queue-6.1 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > > > From 25eeba495b2fc16037647c1a51bcdf6fc157af5c Mon Sep 17 00:00:00 2001 > From: =?UTF-8?q?Ville=20Syrj=C3=A4l=C3=A4?= <ville.syrjala(a)linux.intel.com> > Date: Mon, 12 May 2025 21:22:15 +0200 > Subject: drm/i915/gem: Allow EXEC_CAPTURE on recoverable contexts on DG1 > MIME-Version: 1.0 > Content-Type: text/plain; charset=UTF-8 > Content-Transfer-Encoding: 8bit > > From: Ville Syrjälä <ville.syrjala(a)linux.intel.com> > > commit 25eeba495b2fc16037647c1a51bcdf6fc157af5c upstream. > > The intel-media-driver is currently broken on DG1 because > it uses EXEC_CAPTURE with recovarable contexts. Relax the > check to allow that. > > I've also submitted a fix for the intel-media-driver: > https://github.com/intel/media-driver/pull/1920 > > Cc: stable(a)vger.kernel.org # v6.0+ > Cc: Matthew Auld <matthew.auld(a)intel.com> > Cc: Thomas Hellström <thomas.hellstrom(a)linux.intel.com> > Testcase: igt/gem_exec_capture/capture-invisible > Fixes: 71b1669ea9bd ("drm/i915/uapi: tweak error capture on recoverable contexts") > Reviewed-by: Andi Shyti <andi.shyti(a)linux.intel.com> > Signed-off-by: Ville Syrjälä <ville.syrjala(a)linux.intel.com> > Signed-off-by: Andi Shyti <andi.shyti(a)kernel.org> > Link: https://lore.kernel.org/r/20250411144313.11660-2-ville.syrjala@linux.intel.… > (cherry picked from commit d6e020819612a4a06207af858e0978be4d3e3140) > Signed-off-by: Joonas Lahtinen <joonas.lahtinen(a)linux.intel.com> > Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> > --- > drivers/gpu/drm/i915/gem/i915_gem_execbuffer.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > --- a/drivers/gpu/drm/i915/gem/i915_gem_execbuffer.c > +++ b/drivers/gpu/drm/i915/gem/i915_gem_execbuffer.c > @@ -2001,7 +2001,7 @@ static int eb_capture_stage(struct i915_ > continue; > > if (i915_gem_context_is_recoverable(eb->gem_context) && > - (IS_DGFX(eb->i915) || GRAPHICS_VER_FULL(eb->i915) > IP_VER(12, 0))) > + GRAPHICS_VER_FULL(eb->i915) > IP_VER(12, 10)) > return -EINVAL; > > for_each_batch_create_order(eb, j) { > > > Patches currently in stable-queue which might be from ville.syrjala(a)linux.intel.com are > > queue-6.1/drm-dp-change-aux-dpcd-probe-address-from-dpcd_rev-to-lane0_1_status.patch > queue-6.1/revert-drm-i915-gem-allow-exec_capture-on-recoverabl.patch > queue-6.1/drm-i915-gem-allow-exec_capture-on-recoverable-contexts-on-dg1.patch > queue-6.1/drm-i915-gem-allow-exec_capture-on-recoverable-conte.patch

4 months, 2 weeks

2
1
0 0

FAILED: patch "[PATCH] arm64: Restrict pagetable teardown to avoid false warning" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 650768c512faba8070bf4cfbb28c95eb5cd203f3 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062303-unsworn-penpal-7142@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 650768c512faba8070bf4cfbb28c95eb5cd203f3 Mon Sep 17 00:00:00 2001 From: Dev Jain <dev.jain(a)arm.com> Date: Tue, 27 May 2025 13:56:33 +0530 Subject: [PATCH] arm64: Restrict pagetable teardown to avoid false warning Commit 9c006972c3fe ("arm64: mmu: drop pXd_present() checks from pXd_free_pYd_table()") removes the pxd_present() checks because the caller checks pxd_present(). But, in case of vmap_try_huge_pud(), the caller only checks pud_present(); pud_free_pmd_page() recurses on each pmd through pmd_free_pte_page(), wherein the pmd may be none. Thus it is possible to hit a warning in the latter, since pmd_none => !pmd_table(). Thus, add a pmd_present() check in pud_free_pmd_page(). This problem was found by code inspection. Fixes: 9c006972c3fe ("arm64: mmu: drop pXd_present() checks from pXd_free_pYd_table()") Cc: stable(a)vger.kernel.org Reported-by: Ryan Roberts <ryan.roberts(a)arm.com> Acked-by: David Hildenbrand <david(a)redhat.com> Signed-off-by: Dev Jain <dev.jain(a)arm.com> Reviewed-by: Catalin Marinas <catalin.marinas(a)arm.com> Reviewed-by: Anshuman Khandual <anshuman.khandual(a)arm.com> Reviewed-by: Ryan Roberts <ryan.roberts(a)arm.com> Link: https://lore.kernel.org/r/20250527082633.61073-1-dev.jain@arm.com Signed-off-by: Will Deacon <will(a)kernel.org> diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c index 8fcf59ba39db..00ab1d648db6 100644 --- a/arch/arm64/mm/mmu.c +++ b/arch/arm64/mm/mmu.c @@ -1305,7 +1305,8 @@ int pud_free_pmd_page(pud_t *pudp, unsigned long addr) next = addr; end = addr + PUD_SIZE; do { - pmd_free_pte_page(pmdp, next); + if (pmd_present(pmdp_get(pmdp))) + pmd_free_pte_page(pmdp, next); } while (pmdp++, next += PMD_SIZE, next != end); pud_clear(pudp);

4 months, 2 weeks

3
2
0 0

FAILED: patch "[PATCH] arm64: Restrict pagetable teardown to avoid false warning" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 650768c512faba8070bf4cfbb28c95eb5cd203f3 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062303-spoon-unfrosted-5eee@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 650768c512faba8070bf4cfbb28c95eb5cd203f3 Mon Sep 17 00:00:00 2001 From: Dev Jain <dev.jain(a)arm.com> Date: Tue, 27 May 2025 13:56:33 +0530 Subject: [PATCH] arm64: Restrict pagetable teardown to avoid false warning Commit 9c006972c3fe ("arm64: mmu: drop pXd_present() checks from pXd_free_pYd_table()") removes the pxd_present() checks because the caller checks pxd_present(). But, in case of vmap_try_huge_pud(), the caller only checks pud_present(); pud_free_pmd_page() recurses on each pmd through pmd_free_pte_page(), wherein the pmd may be none. Thus it is possible to hit a warning in the latter, since pmd_none => !pmd_table(). Thus, add a pmd_present() check in pud_free_pmd_page(). This problem was found by code inspection. Fixes: 9c006972c3fe ("arm64: mmu: drop pXd_present() checks from pXd_free_pYd_table()") Cc: stable(a)vger.kernel.org Reported-by: Ryan Roberts <ryan.roberts(a)arm.com> Acked-by: David Hildenbrand <david(a)redhat.com> Signed-off-by: Dev Jain <dev.jain(a)arm.com> Reviewed-by: Catalin Marinas <catalin.marinas(a)arm.com> Reviewed-by: Anshuman Khandual <anshuman.khandual(a)arm.com> Reviewed-by: Ryan Roberts <ryan.roberts(a)arm.com> Link: https://lore.kernel.org/r/20250527082633.61073-1-dev.jain@arm.com Signed-off-by: Will Deacon <will(a)kernel.org> diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c index 8fcf59ba39db..00ab1d648db6 100644 --- a/arch/arm64/mm/mmu.c +++ b/arch/arm64/mm/mmu.c @@ -1305,7 +1305,8 @@ int pud_free_pmd_page(pud_t *pudp, unsigned long addr) next = addr; end = addr + PUD_SIZE; do { - pmd_free_pte_page(pmdp, next); + if (pmd_present(pmdp_get(pmdp))) + pmd_free_pte_page(pmdp, next); } while (pmdp++, next += PMD_SIZE, next != end); pud_clear(pudp);

4 months, 2 weeks

3
2
0 0

FAILED: patch "[PATCH] arm64: Restrict pagetable teardown to avoid false warning" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 650768c512faba8070bf4cfbb28c95eb5cd203f3 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062304-oyster-overhang-6204@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 650768c512faba8070bf4cfbb28c95eb5cd203f3 Mon Sep 17 00:00:00 2001 From: Dev Jain <dev.jain(a)arm.com> Date: Tue, 27 May 2025 13:56:33 +0530 Subject: [PATCH] arm64: Restrict pagetable teardown to avoid false warning Commit 9c006972c3fe ("arm64: mmu: drop pXd_present() checks from pXd_free_pYd_table()") removes the pxd_present() checks because the caller checks pxd_present(). But, in case of vmap_try_huge_pud(), the caller only checks pud_present(); pud_free_pmd_page() recurses on each pmd through pmd_free_pte_page(), wherein the pmd may be none. Thus it is possible to hit a warning in the latter, since pmd_none => !pmd_table(). Thus, add a pmd_present() check in pud_free_pmd_page(). This problem was found by code inspection. Fixes: 9c006972c3fe ("arm64: mmu: drop pXd_present() checks from pXd_free_pYd_table()") Cc: stable(a)vger.kernel.org Reported-by: Ryan Roberts <ryan.roberts(a)arm.com> Acked-by: David Hildenbrand <david(a)redhat.com> Signed-off-by: Dev Jain <dev.jain(a)arm.com> Reviewed-by: Catalin Marinas <catalin.marinas(a)arm.com> Reviewed-by: Anshuman Khandual <anshuman.khandual(a)arm.com> Reviewed-by: Ryan Roberts <ryan.roberts(a)arm.com> Link: https://lore.kernel.org/r/20250527082633.61073-1-dev.jain@arm.com Signed-off-by: Will Deacon <will(a)kernel.org> diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c index 8fcf59ba39db..00ab1d648db6 100644 --- a/arch/arm64/mm/mmu.c +++ b/arch/arm64/mm/mmu.c @@ -1305,7 +1305,8 @@ int pud_free_pmd_page(pud_t *pudp, unsigned long addr) next = addr; end = addr + PUD_SIZE; do { - pmd_free_pte_page(pmdp, next); + if (pmd_present(pmdp_get(pmdp))) + pmd_free_pte_page(pmdp, next); } while (pmdp++, next += PMD_SIZE, next != end); pud_clear(pudp);

4 months, 2 weeks

3
2
0 0

FAILED: patch "[PATCH] arm64: Restrict pagetable teardown to avoid false warning" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 650768c512faba8070bf4cfbb28c95eb5cd203f3 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062304-prune-getup-2943@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 650768c512faba8070bf4cfbb28c95eb5cd203f3 Mon Sep 17 00:00:00 2001 From: Dev Jain <dev.jain(a)arm.com> Date: Tue, 27 May 2025 13:56:33 +0530 Subject: [PATCH] arm64: Restrict pagetable teardown to avoid false warning Commit 9c006972c3fe ("arm64: mmu: drop pXd_present() checks from pXd_free_pYd_table()") removes the pxd_present() checks because the caller checks pxd_present(). But, in case of vmap_try_huge_pud(), the caller only checks pud_present(); pud_free_pmd_page() recurses on each pmd through pmd_free_pte_page(), wherein the pmd may be none. Thus it is possible to hit a warning in the latter, since pmd_none => !pmd_table(). Thus, add a pmd_present() check in pud_free_pmd_page(). This problem was found by code inspection. Fixes: 9c006972c3fe ("arm64: mmu: drop pXd_present() checks from pXd_free_pYd_table()") Cc: stable(a)vger.kernel.org Reported-by: Ryan Roberts <ryan.roberts(a)arm.com> Acked-by: David Hildenbrand <david(a)redhat.com> Signed-off-by: Dev Jain <dev.jain(a)arm.com> Reviewed-by: Catalin Marinas <catalin.marinas(a)arm.com> Reviewed-by: Anshuman Khandual <anshuman.khandual(a)arm.com> Reviewed-by: Ryan Roberts <ryan.roberts(a)arm.com> Link: https://lore.kernel.org/r/20250527082633.61073-1-dev.jain@arm.com Signed-off-by: Will Deacon <will(a)kernel.org> diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c index 8fcf59ba39db..00ab1d648db6 100644 --- a/arch/arm64/mm/mmu.c +++ b/arch/arm64/mm/mmu.c @@ -1305,7 +1305,8 @@ int pud_free_pmd_page(pud_t *pudp, unsigned long addr) next = addr; end = addr + PUD_SIZE; do { - pmd_free_pte_page(pmdp, next); + if (pmd_present(pmdp_get(pmdp))) + pmd_free_pte_page(pmdp, next); } while (pmdp++, next += PMD_SIZE, next != end); pud_clear(pudp);

4 months, 2 weeks

3
2
0 0

[PATCH v3 4/4] mm/damon: fix divide by zero in damon_get_intervals_score()

by Honggyu Kim

The current implementation allows having zero size regions with no special reasons, but damon_get_intervals_score() gets crashed by divide by zero when the region size is zero. [ 29.403950] Oops: divide error: 0000 [#1] SMP NOPTI This patch fixes the bug, but does not disallow zero size regions to keep the backward compatibility since disallowing zero size regions might be a breaking change for some users. In addition, the same crash can happen when intervals_goal.access_bp is zero so this should be fixed in stable trees as well. Fixes: f04b0fedbe71 ("mm/damon/core: implement intervals auto-tuning") Signed-off-by: Honggyu Kim <honggyu.kim(a)sk.com> Cc: stable(a)vger.kernel.org --- mm/damon/core.c | 1 + 1 file changed, 1 insertion(+) diff --git a/mm/damon/core.c b/mm/damon/core.c index b217e0120e09..2a6b8d1c2c9e 100644 --- a/mm/damon/core.c +++ b/mm/damon/core.c @@ -1449,6 +1449,7 @@ static unsigned long damon_get_intervals_score(struct damon_ctx *c) } } target_access_events = max_access_events * goal_bp / 10000; + target_access_events = target_access_events ? : 1; return access_events * 10000 / target_access_events; } -- 2.34.1

4 months, 2 weeks

2
1
0 0

[PATCH v3 3/4] samples/damon: fix damon sample mtier for start failure

by Honggyu Kim

The damon_sample_mtier_start() can fail so we must reset the "enable" parameter to "false" again for proper rollback. In such cases, setting Y to "enable" then N triggers the similar crash with mtier because damon sample start failed but the "enable" stays as Y. Fixes: 82a08bde3cf7 ("samples/damon: implement a DAMON module for memory tiering") Signed-off-by: Honggyu Kim <honggyu.kim(a)sk.com> Reviewed-by: SeongJae Park <sj(a)kernel.org> Cc: stable(a)vger.kernel.org --- samples/damon/mtier.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/samples/damon/mtier.c b/samples/damon/mtier.c index 36d2cd933f5a..c94254b77fc9 100644 --- a/samples/damon/mtier.c +++ b/samples/damon/mtier.c @@ -164,8 +164,12 @@ static int damon_sample_mtier_enable_store( if (enable == enabled) return 0; - if (enable) - return damon_sample_mtier_start(); + if (enable) { + err = damon_sample_mtier_start(); + if (err) + enable = false; + return err; + } damon_sample_mtier_stop(); return 0; } -- 2.34.1

4 months, 2 weeks

1
0
0 0

[PATCH v3 2/4] samples/damon: fix damon sample wsse for start failure

by Honggyu Kim

The damon_sample_wsse_start() can fail so we must reset the "enable" parameter to "false" again for proper rollback. In such cases, setting Y to "enable" then N triggers the similar crash with wsse because damon sample start failed but the "enable" stays as Y. Fixes: b757c6cfc696 ("samples/damon/wsse: start and stop DAMON as the user requests") Signed-off-by: Honggyu Kim <honggyu.kim(a)sk.com> Reviewed-by: SeongJae Park <sj(a)kernel.org> Cc: stable(a)vger.kernel.org --- samples/damon/wsse.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/samples/damon/wsse.c b/samples/damon/wsse.c index 11be25803274..e20238a249e7 100644 --- a/samples/damon/wsse.c +++ b/samples/damon/wsse.c @@ -102,8 +102,12 @@ static int damon_sample_wsse_enable_store( if (enable == enabled) return 0; - if (enable) - return damon_sample_wsse_start(); + if (enable) { + err = damon_sample_wsse_start(); + if (err) + enable = false; + return err; + } damon_sample_wsse_stop(); return 0; } -- 2.34.1

4 months, 2 weeks

1
0
0 0

[PATCH v3 1/4] samples/damon: fix damon sample prcl for start failure

by Honggyu Kim

The damon_sample_prcl_start() can fail so we must reset the "enable" parameter to "false" again for proper rollback. In such cases, setting Y to "enable" then N triggers the following crash because damon sample start failed but the "enable" stays as Y. [ 2441.419649] damon_sample_prcl: start [ 2454.146817] damon_sample_prcl: stop [ 2454.146862] ------------[ cut here ]------------ [ 2454.146865] kernel BUG at mm/slub.c:546! [ 2454.148183] Oops: invalid opcode: 0000 [#1] SMP NOPTI ... [ 2454.167555] Call Trace: [ 2454.167822] <TASK> [ 2454.168061] damon_destroy_ctx+0x78/0x140 [ 2454.168454] damon_sample_prcl_enable_store+0x8d/0xd0 [ 2454.168932] param_attr_store+0xa1/0x120 [ 2454.169315] module_attr_store+0x20/0x50 [ 2454.169695] sysfs_kf_write+0x72/0x90 [ 2454.170065] kernfs_fop_write_iter+0x150/0x1e0 [ 2454.170491] vfs_write+0x315/0x440 [ 2454.170833] ksys_write+0x69/0xf0 [ 2454.171162] __x64_sys_write+0x19/0x30 [ 2454.171525] x64_sys_call+0x18b2/0x2700 [ 2454.171900] do_syscall_64+0x7f/0x680 [ 2454.172258] ? exit_to_user_mode_loop+0xf6/0x180 [ 2454.172694] ? clear_bhb_loop+0x30/0x80 [ 2454.173067] ? clear_bhb_loop+0x30/0x80 [ 2454.173439] entry_SYSCALL_64_after_hwframe+0x76/0x7e Fixes: 2aca254620a8 ("samples/damon: introduce a skeleton of a smaple DAMON module for proactive reclamation") Signed-off-by: Honggyu Kim <honggyu.kim(a)sk.com> Reviewed-by: SeongJae Park <sj(a)kernel.org> Cc: stable(a)vger.kernel.org --- samples/damon/prcl.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/samples/damon/prcl.c b/samples/damon/prcl.c index 056b1b21a0fe..5597e6a08ab2 100644 --- a/samples/damon/prcl.c +++ b/samples/damon/prcl.c @@ -122,8 +122,12 @@ static int damon_sample_prcl_enable_store( if (enable == enabled) return 0; - if (enable) - return damon_sample_prcl_start(); + if (enable) { + err = damon_sample_prcl_start(); + if (err) + enable = false; + return err; + } damon_sample_prcl_stop(); return 0; } -- 2.34.1

4 months, 2 weeks

1
0
0 0

+ scripts-gdb-vfs-support-external-dentry-names.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: scripts: gdb: vfs: support external dentry names has been added to the -mm mm-hotfixes-unstable branch. Its filename is scripts-gdb-vfs-support-external-dentry-names.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Illia Ostapyshyn <illia(a)yshyn.com> Subject: scripts: gdb: vfs: support external dentry names Date: Sun, 29 Jun 2025 02:38:11 +0200 d_shortname of struct dentry only reserves D_NAME_INLINE_LEN characters and contains garbage for longer names. Use d_name instead, which always references the valid name. Link: https://lore.kernel.org/all/20250525213709.878287-2-illia@yshyn.com/ Link: https://lkml.kernel.org/r/20250629003811.2420418-1-illia@yshyn.com Fixes: 79300ac805b672a84b64 ("scripts/gdb: fix dentry_name() lookup") Signed-off-by: Illia Ostapyshyn <illia(a)yshyn.com> Tested-by: Florian Fainelli <florian.fainelli(a)broadcom.com> Reviewed-by: Florian Fainelli <florian.fainelli(a)broadcom.com> Cc: Al Viro <viro(a)zeniv.linux.org.uk> Cc: Christian Brauner <brauner(a)kernel.org> Cc: Jan Kara <jack(a)suse.cz> Cc: Jan Kiszka <jan.kiszka(a)siemens.com> Cc: Kieran Bingham <kbingham(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- scripts/gdb/linux/vfs.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/scripts/gdb/linux/vfs.py~scripts-gdb-vfs-support-external-dentry-names +++ a/scripts/gdb/linux/vfs.py @@ -22,7 +22,7 @@ def dentry_name(d): if parent == d or parent == 0: return "" p = dentry_name(d['d_parent']) + "/" - return p + d['d_shortname']['string'].string() + return p + d['d_name']['name'].string() class DentryName(gdb.Function): """Return string of the full path of a dentry. _ Patches currently in -mm which might be from illia(a)yshyn.com are scripts-gdb-vfs-support-external-dentry-names.patch

4 months, 2 weeks

1
0
0 0

[to-be-updated] fix-do_pages_stat-to-use-compat_uptr_t.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/migrate.c: fix do_pages_stat to use compat_uptr_t has been removed from the -mm tree. Its filename was fix-do_pages_stat-to-use-compat_uptr_t.patch This patch was dropped because an updated version will be issued ------------------------------------------------------ From: Christoph Berg <myon(a)debian.org> Subject: mm/migrate.c: fix do_pages_stat to use compat_uptr_t Date: Wed, 25 Jun 2025 17:24:14 +0200 For arrays with more than 16 entries, the old code would incorrectly advance the pages pointer by 16 words instead of 16 compat_uptr_t. [akpm(a)linux-foundation.org: fix coding style] Link: https://lkml.kernel.org/r/aFwUnu7ObizycCZ8@msg.df7cb.de Signed-off-by: Christoph Berg <myon(a)debian.org> Suggested-by: Bertrand Drouvot <bertranddrouvot.pg(a)gmail.com> Suggested-by: David Hildenbrand <david(a)redhat.com> Cc: Alistair Popple <apopple(a)nvidia.com> Cc: Byungchul Park <byungchul(a)sk.com> Cc: Gregory Price <gourry(a)gourry.net> Cc: "Huang, Ying" <ying.huang(a)linux.alibaba.com> Cc: Joshua Hahn <joshua.hahnjy(a)gmail.com> Cc: Mathew Brost <matthew.brost(a)intel.com> Cc: Rakie Kim <rakie.kim(a)sk.com> Cc: Zi Yan <ziy(a)nvidia.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/migrate.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) --- a/mm/migrate.c~fix-do_pages_stat-to-use-compat_uptr_t +++ a/mm/migrate.c @@ -2444,7 +2444,14 @@ static int do_pages_stat(struct mm_struc if (copy_to_user(status, chunk_status, chunk_nr * sizeof(*status))) break; - pages += chunk_nr; + if (in_compat_syscall()) { + compat_uptr_t __user *pages32 = (compat_uptr_t __user *)pages; + + pages32 += chunk_nr; + pages = (const void __user * __user *) pages32; + } else { + pages += chunk_nr; + } status += chunk_nr; nr_pages -= chunk_nr; } _ Patches currently in -mm which might be from myon(a)debian.org are

4 months, 2 weeks

1
0
0 0

+ kallsyms-fix-build-without-execinfo.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: kallsyms: fix build without execinfo has been added to the -mm mm-hotfixes-unstable branch. Its filename is kallsyms-fix-build-without-execinfo.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Achill Gilgenast <fossdd(a)pwned.life> Subject: kallsyms: fix build without execinfo Date: Sun, 22 Jun 2025 03:45:49 +0200 Some libc's like musl libc don't provide execinfo.h since it's not part of POSIX. In order to fix compilation on musl, only include execinfo.h if available (HAVE_BACKTRACE_SUPPORT) This was discovered with c104c16073b7 ("Kunit to check the longest symbol length") which starts to include linux/kallsyms.h with Alpine Linux' configs. Link: https://lkml.kernel.org/r/20250622014608.448718-1-fossdd@pwned.life Fixes: c104c16073b7 ("Kunit to check the longest symbol length") Signed-off-by: Achill Gilgenast <fossdd(a)pwned.life> Cc: Luis Henriques <luis(a)igalia.com> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- tools/include/linux/kallsyms.h | 4 ++++ 1 file changed, 4 insertions(+) --- a/tools/include/linux/kallsyms.h~kallsyms-fix-build-without-execinfo +++ a/tools/include/linux/kallsyms.h @@ -18,6 +18,7 @@ static inline const char *kallsyms_looku return NULL; } +#ifdef HAVE_BACKTRACE_SUPPORT #include <execinfo.h> #include <stdlib.h> static inline void print_ip_sym(const char *loglvl, unsigned long ip) @@ -30,5 +31,8 @@ static inline void print_ip_sym(const ch free(name); } +#else +static inline void print_ip_sym(const char *loglvl, unsigned long ip) {} +#endif #endif _ Patches currently in -mm which might be from fossdd(a)pwned.life are kallsyms-fix-build-without-execinfo.patch

4 months, 2 weeks

1
0
0 0

[RESEND PATCH v2] kallsyms: fix build without execinfo

by Achill Gilgenast

Some libc's like musl libc don't provide execinfo.h since it's not part of POSIX. In order to fix compilation on musl, only include execinfo.h if available (HAVE_BACKTRACE_SUPPORT) This was discovered with c104c16073b7 ("Kunit to check the longest symbol length") which starts to include linux/kallsyms.h with Alpine Linux' configs. Signed-off-by: Achill Gilgenast <fossdd(a)pwned.life> Cc: stable(a)vger.kernel.org --- tools/include/linux/kallsyms.h | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tools/include/linux/kallsyms.h b/tools/include/linux/kallsyms.h index 5a37ccbec54f..f61a01dd7eb7 100644 --- a/tools/include/linux/kallsyms.h +++ b/tools/include/linux/kallsyms.h @@ -18,6 +18,7 @@ static inline const char *kallsyms_lookup(unsigned long addr, return NULL; } +#ifdef HAVE_BACKTRACE_SUPPORT #include <execinfo.h> #include <stdlib.h> static inline void print_ip_sym(const char *loglvl, unsigned long ip) @@ -30,5 +31,8 @@ static inline void print_ip_sym(const char *loglvl, unsigned long ip) free(name); } +#else +static inline void print_ip_sym(const char *loglvl, unsigned long ip) {} +#endif #endif -- 2.50.0

4 months, 2 weeks

3
5
0 0

[PATCH v2 2/8] vsock/virtio: Validate length in packet header before skb_put()

by Will Deacon

When receiving a vsock packet in the guest, only the virtqueue buffer size is validated prior to virtio_vsock_skb_rx_put(). Unfortunately, virtio_vsock_skb_rx_put() uses the length from the packet header as the length argument to skb_put(), potentially resulting in SKB overflow if the host has gone wonky. Validate the length as advertised by the packet header before calling virtio_vsock_skb_rx_put(). Cc: <stable(a)vger.kernel.org> Fixes: 71dc9ec9ac7d ("virtio/vsock: replace virtio_vsock_pkt with sk_buff") Signed-off-by: Will Deacon <will(a)kernel.org> --- net/vmw_vsock/virtio_transport.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/net/vmw_vsock/virtio_transport.c b/net/vmw_vsock/virtio_transport.c index f0e48e6911fc..bd2c6aaa1a93 100644 --- a/net/vmw_vsock/virtio_transport.c +++ b/net/vmw_vsock/virtio_transport.c @@ -624,8 +624,9 @@ static void virtio_transport_rx_work(struct work_struct *work) do { virtqueue_disable_cb(vq); for (;;) { + unsigned int len, payload_len; + struct virtio_vsock_hdr *hdr; struct sk_buff *skb; - unsigned int len; if (!virtio_transport_more_replies(vsock)) { /* Stop rx until the device processes already @@ -642,12 +643,19 @@ static void virtio_transport_rx_work(struct work_struct *work) vsock->rx_buf_nr--; /* Drop short/long packets */ - if (unlikely(len < sizeof(struct virtio_vsock_hdr) || + if (unlikely(len < sizeof(*hdr) || len > virtio_vsock_skb_len(skb))) { kfree_skb(skb); continue; } + hdr = virtio_vsock_hdr(skb); + payload_len = le32_to_cpu(hdr->len); + if (payload_len > len - sizeof(*hdr)) { + kfree_skb(skb); + continue; + } + virtio_vsock_skb_rx_put(skb); virtio_transport_deliver_tap_pkt(skb); virtio_transport_recv_pkt(&virtio_transport, skb); -- 2.50.0.727.gbf7dc18ff4-goog

4 months, 2 weeks

1
0
0 0

[PATCH v2 1/8] vhost/vsock: Avoid allocating arbitrarily-sized SKBs

by Will Deacon

vhost_vsock_alloc_skb() returns NULL for packets advertising a length larger than VIRTIO_VSOCK_MAX_PKT_BUF_SIZE in the packet header. However, this is only checked once the SKB has been allocated and, if the length in the packet header is zero, the SKB may not be freed immediately. Hoist the size check before the SKB allocation so that an iovec larger than VIRTIO_VSOCK_MAX_PKT_BUF_SIZE + the header size is rejected outright. The subsequent check on the length field in the header can then simply check that the allocated SKB is indeed large enough to hold the packet. Cc: <stable(a)vger.kernel.org> Fixes: 71dc9ec9ac7d ("virtio/vsock: replace virtio_vsock_pkt with sk_buff") Signed-off-by: Will Deacon <will(a)kernel.org> --- drivers/vhost/vsock.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/vhost/vsock.c b/drivers/vhost/vsock.c index 802153e23073..66a0f060770e 100644 --- a/drivers/vhost/vsock.c +++ b/drivers/vhost/vsock.c @@ -344,6 +344,9 @@ vhost_vsock_alloc_skb(struct vhost_virtqueue *vq, len = iov_length(vq->iov, out); + if (len > VIRTIO_VSOCK_MAX_PKT_BUF_SIZE + VIRTIO_VSOCK_SKB_HEADROOM) + return NULL; + /* len contains both payload and hdr */ skb = virtio_vsock_alloc_skb(len, GFP_KERNEL); if (!skb) @@ -367,8 +370,7 @@ vhost_vsock_alloc_skb(struct vhost_virtqueue *vq, return skb; /* The pkt is too big or the length in the header is invalid */ - if (payload_len > VIRTIO_VSOCK_MAX_PKT_BUF_SIZE || - payload_len + sizeof(*hdr) > len) { + if (payload_len + sizeof(*hdr) > len) { kfree_skb(skb); return NULL; } -- 2.50.0.727.gbf7dc18ff4-goog

4 months, 2 weeks

1
0
0 0

[PATCH v2] usb: musb: fix gadget state on disconnect

by Drew Hamilton

When unplugging the USB cable or disconnecting a gadget in usb peripheral mode with echo "" > /sys/kernel/config/usb_gadget/<your_gadget>/UDC, /sys/class/udc/musb-hdrc.0/state does not change from USB_STATE_CONFIGURED. Testing on dwc2/3 shows they both update the state to USB_STATE_NOTATTACHED. Add calls to usb_gadget_set_state in musb_g_disconnect and musb_gadget_stop to fix both cases. Fixes: 49401f4169c0 ("usb: gadget: introduce gadget state tracking") Cc: stable(a)vger.kernel.org Co-authored-by: Yehowshua Immanuel <yehowshua.immanuel(a)twosixtech.com> Signed-off-by: Yehowshua Immanuel <yehowshua.immanuel(a)twosixtech.com> Signed-off-by: Drew Hamilton <drew.hamilton(a)zetier.com> --- Changes in v2: - Cleaned up changelog and added Fixes and Cc tags --- drivers/usb/musb/musb_gadget.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/usb/musb/musb_gadget.c b/drivers/usb/musb/musb_gadget.c index 6869c58367f2..caf4d4cd4b75 100644 --- a/drivers/usb/musb/musb_gadget.c +++ b/drivers/usb/musb/musb_gadget.c @@ -1913,6 +1913,7 @@ static int musb_gadget_stop(struct usb_gadget *g) * gadget driver here and have everything work; * that currently misbehaves. */ + usb_gadget_set_state(g, USB_STATE_NOTATTACHED); /* Force check of devctl register for PM runtime */ pm_runtime_mark_last_busy(musb->controller); @@ -2019,6 +2020,7 @@ void musb_g_disconnect(struct musb *musb) case OTG_STATE_B_PERIPHERAL: case OTG_STATE_B_IDLE: musb_set_state(musb, OTG_STATE_B_IDLE); + usb_gadget_set_state(&musb->g, USB_STATE_NOTATTACHED); break; case OTG_STATE_B_SRP_INIT: break; -- 2.34.1

4 months, 2 weeks

1
0
0 0

[PATCH v3 1/1] mm/rmap: fix potential out-of-bounds page table access during batched unmap

by Lance Yang

From: Lance Yang <lance.yang(a)linux.dev> As pointed out by David[1], the batched unmap logic in try_to_unmap_one() may read past the end of a PTE table when a large folio's PTE mappings are not fully contained within a single page table. While this scenario might be rare, an issue triggerable from userspace must be fixed regardless of its likelihood. This patch fixes the out-of-bounds access by refactoring the logic into a new helper, folio_unmap_pte_batch(). The new helper correctly calculates the safe batch size by capping the scan at both the VMA and PMD boundaries. To simplify the code, it also supports partial batching (i.e., any number of pages from 1 up to the calculated safe maximum), as there is no strong reason to special-case for fully mapped folios. [1] https://lore.kernel.org/linux-mm/a694398c-9f03-4737-81b9-7e49c857fcbe@redha… Fixes: 354dffd29575 ("mm: support batched unmap for lazyfree large folios during reclamation") Cc: <stable(a)vger.kernel.org> Acked-by: Barry Song <baohua(a)kernel.org> Suggested-by: David Hildenbrand <david(a)redhat.com> Suggested-by: Barry Song <baohua(a)kernel.org> Signed-off-by: Lance Yang <lance.yang(a)linux.dev> --- v2 -> v3: - Tweak changelog (per Barry and David) - Pick AB from Barry - thanks! - https://lore.kernel.org/linux-mm/20250627062319.84936-1-lance.yang@linux.dev v1 -> v2: - Update subject and changelog (per Barry) - https://lore.kernel.org/linux-mm/20250627025214.30887-1-lance.yang@linux.dev mm/rmap.c | 46 ++++++++++++++++++++++++++++------------------ 1 file changed, 28 insertions(+), 18 deletions(-) diff --git a/mm/rmap.c b/mm/rmap.c index fb63d9256f09..1320b88fab74 100644 --- a/mm/rmap.c +++ b/mm/rmap.c @@ -1845,23 +1845,32 @@ void folio_remove_rmap_pud(struct folio *folio, struct page *page, #endif } -/* We support batch unmapping of PTEs for lazyfree large folios */ -static inline bool can_batch_unmap_folio_ptes(unsigned long addr, - struct folio *folio, pte_t *ptep) +static inline unsigned int folio_unmap_pte_batch(struct folio *folio, + struct page_vma_mapped_walk *pvmw, + enum ttu_flags flags, pte_t pte) { const fpb_t fpb_flags = FPB_IGNORE_DIRTY | FPB_IGNORE_SOFT_DIRTY; - int max_nr = folio_nr_pages(folio); - pte_t pte = ptep_get(ptep); + unsigned long end_addr, addr = pvmw->address; + struct vm_area_struct *vma = pvmw->vma; + unsigned int max_nr; + + if (flags & TTU_HWPOISON) + return 1; + if (!folio_test_large(folio)) + return 1; + /* We may only batch within a single VMA and a single page table. */ + end_addr = pmd_addr_end(addr, vma->vm_end); + max_nr = (end_addr - addr) >> PAGE_SHIFT; + + /* We only support lazyfree batching for now ... */ if (!folio_test_anon(folio) || folio_test_swapbacked(folio)) - return false; + return 1; if (pte_unused(pte)) - return false; - if (pte_pfn(pte) != folio_pfn(folio)) - return false; + return 1; - return folio_pte_batch(folio, addr, ptep, pte, max_nr, fpb_flags, NULL, - NULL, NULL) == max_nr; + return folio_pte_batch(folio, addr, pvmw->pte, pte, max_nr, fpb_flags, + NULL, NULL, NULL); } /* @@ -2024,9 +2033,7 @@ static bool try_to_unmap_one(struct folio *folio, struct vm_area_struct *vma, if (pte_dirty(pteval)) folio_mark_dirty(folio); } else if (likely(pte_present(pteval))) { - if (folio_test_large(folio) && !(flags & TTU_HWPOISON) && - can_batch_unmap_folio_ptes(address, folio, pvmw.pte)) - nr_pages = folio_nr_pages(folio); + nr_pages = folio_unmap_pte_batch(folio, &pvmw, flags, pteval); end_addr = address + nr_pages * PAGE_SIZE; flush_cache_range(vma, address, end_addr); @@ -2206,13 +2213,16 @@ static bool try_to_unmap_one(struct folio *folio, struct vm_area_struct *vma, hugetlb_remove_rmap(folio); } else { folio_remove_rmap_ptes(folio, subpage, nr_pages, vma); - folio_ref_sub(folio, nr_pages - 1); } if (vma->vm_flags & VM_LOCKED) mlock_drain_local(); - folio_put(folio); - /* We have already batched the entire folio */ - if (nr_pages > 1) + folio_put_refs(folio, nr_pages); + + /* + * If we are sure that we batched the entire folio and cleared + * all PTEs, we can just optimize and stop right here. + */ + if (nr_pages == folio_nr_pages(folio)) goto walk_done; continue; walk_abort: -- 2.49.0

4 months, 2 weeks

4
4
0 0

Fix forgotten in stable backports?

by Yann Sionneau

Hello Greg, all, I am wondering if by accident this fix would have been forgotten while backporting to stable branches: 2437513a814b3e93bd02879740a8a06e52e2cf7d ? It has been backported in 6.0 and 6.1: * https://lore.kernel.org/all/20221228144352.366979745@linuxfoundation.org/ * https://lore.kernel.org/all/20221228144356.096159479@linuxfoundation.org/ But not in 5.4, 5.10, 5.15 Even though, indeed, the patch would not apply as such, but it seems trivial to adapt. Downstream XCP-ng (Xen based distribution for virtualization solution) is about to package it https://github.com/xcp-ng-rpms/kernel/pull/20/files (that's how I noticed the lack of backport). Or maybe it was intentional? Thanks for your lights :) Regards, PS: please CC me in answer since I'm not subscribed to stable@ mailing list. -- Yann Sionneau Yann Sionneau | Vates XCP-ng Developer XCP-ng & Xen Orchestra - Vates solutions web: https://vates.tech

4 months, 2 weeks

2
1
0 0

[PATCH v2 1/4] arm64: dts: imx8mp-venice-gw71xx: fix TPM SPI frequency

by Tim Harvey

The IMX8MPDS Table 37 [1] shows that the max SPI master read frequency depends on the pins the interface is muxed behind with ECSPI2 muxed behind ECSPI2 supporting up to 25MHz. Adjust the spi-max-frequency based on these findings. [1] https://www.nxp.com/webapp/Download?colCode=IMX8MPIEC Fixes: 1a8f6ff6a291 ("arm64: dts: imx8mp-venice-gw71xx: add TPM device") Cc: stable(a)vger.kernel.org Signed-off-by: Tim Harvey <tharvey(a)gateworks.com> --- v2: add cc to stable --- arch/arm64/boot/dts/freescale/imx8mp-venice-gw71xx.dtsi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm64/boot/dts/freescale/imx8mp-venice-gw71xx.dtsi b/arch/arm64/boot/dts/freescale/imx8mp-venice-gw71xx.dtsi index 2f740d74707b..4bf818873fe3 100644 --- a/arch/arm64/boot/dts/freescale/imx8mp-venice-gw71xx.dtsi +++ b/arch/arm64/boot/dts/freescale/imx8mp-venice-gw71xx.dtsi @@ -70,7 +70,7 @@ &ecspi2 { tpm@1 { compatible = "atmel,attpm20p", "tcg,tpm_tis-spi"; reg = <0x1>; - spi-max-frequency = <36000000>; + spi-max-frequency = <25000000>; }; }; -- 2.25.1

4 months, 2 weeks

2
4
0 0

[PATCH v2] sched: Fix preemption string of preempt_dynamic_none

by Thomas Weißschuh

Zero is a valid value for "preempt_dynamic_mode", namely "preempt_dynamic_none". Fix the off-by-one in preempt_model_str(), so that "preempty_dynamic_none" is correctly formatted as PREEMPT(none) instead of PREEMPT(undef). Fixes: 8bdc5daaa01e ("sched: Add a generic function to return the preemption string") Cc: stable(a)vger.kernel.org Signed-off-by: Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> Tested-by: Shrikanth Hegde <sshegde(a)linux.ibm.com> Reviewed-by: Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> --- Changes in v2: - Pick up Reviewed-by and Tested-by - Rebase on v6.16-rc1 - Link to v1: https://lore.kernel.org/r/20250603-preempt-str-none-v1-1-f0e9916dcf44@linut… --- kernel/sched/core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/sched/core.c b/kernel/sched/core.c index dce50fa57471dffc4311b9d393ae300a43d38d20..021b0a703d094b3386c5ba50e0e111e3a7c2b3df 100644 --- a/kernel/sched/core.c +++ b/kernel/sched/core.c @@ -7663,7 +7663,7 @@ const char *preempt_model_str(void) if (IS_ENABLED(CONFIG_PREEMPT_DYNAMIC)) { seq_buf_printf(&s, "(%s)%s", - preempt_dynamic_mode > 0 ? + preempt_dynamic_mode >= 0 ? preempt_modes[preempt_dynamic_mode] : "undef", brace ? "}" : ""); return seq_buf_str(&s); --- base-commit: 19272b37aa4f83ca52bdf9c16d5d81bdd1354494 change-id: 20250603-preempt-str-none-d21231cc2238 Best regards, -- Thomas Weißschuh <thomas.weissschuh(a)linutronix.de>

4 months, 2 weeks

2
1
0 0

GOOD DAY

by Muhammad Sohaib Manzoor

GOOD DAY Thanks for your response. I'm Muhammad Sohaib Manzoor, a financial consultant in Dubai. I'm managing the estate of late AU metal dealers— $55 million USD and 320kg of gold. Their daughter seeks a trusted partner to help reinvest in low-risk ventures. Funds will be transferred legally through a secured financial channel. Let me know, I’m seeking just a 15% share once the business starts. Let me know if you're interested. if you're interested, and I’ll share full details. Best, Muhammad

4 months, 2 weeks

1
0
0 0

[PATCH stable] ipmi:msghandler: Fix potential memory corruption in ipmi_create_user()

by Brendan Jackman

From: Dan Carpenter <dan.carpenter(a)linaro.org> commit fa332f5dc6fc662ad7d3200048772c96b861cf6b upstream The "intf" list iterator is an invalid pointer if the correct "intf->intf_num" is not found. Calling atomic_dec(&intf->nr_users) on and invalid pointer will lead to memory corruption. We don't really need to call atomic_dec() if we haven't called atomic_add_return() so update the if (intf->in_shutdown) path as well. Fixes: 8e76741c3d8b ("ipmi: Add a limit on the number of users that may use IPMI") Signed-off-by: Dan Carpenter <dan.carpenter(a)linaro.org> Message-ID: <aBjMZ8RYrOt6NOgi(a)stanley.mountain> Signed-off-by: Corey Minyard <corey(a)minyard.net> Signed-off-by: Brendan Jackman <jackmanb(a)google.com> --- I have tested this in 6.12 with Google's platform drivers added to reproduce the bug. The bug causes the panic notifier chain to get corrupted leading to a crash. With the fix this goes away. Applies to 6.6 too but I haven't tested it there. Backport changes: - Dropped change to the `if (intf->in_shutdown)` block since that logic doesn't exist yet. - Modified out_unlock to release the srcu lock instead of the mutex since we don't have the mutex here yet. --- drivers/char/ipmi/ipmi_msghandler.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/char/ipmi/ipmi_msghandler.c b/drivers/char/ipmi/ipmi_msghandler.c index e12b531f5c2f338008a42dc2c35b0a62395c9f3c..6a4a8ecd0edd02793eda70f9f9ae578e37da477f 100644 --- a/drivers/char/ipmi/ipmi_msghandler.c +++ b/drivers/char/ipmi/ipmi_msghandler.c @@ -1241,7 +1241,7 @@ int ipmi_create_user(unsigned int if_num, } /* Not found, return an error */ rv = -EINVAL; - goto out_kfree; + goto out_unlock; found: if (atomic_add_return(1, &intf->nr_users) > max_users) { @@ -1283,6 +1283,7 @@ int ipmi_create_user(unsigned int if_num, out_kfree: atomic_dec(&intf->nr_users); +out_unlock: srcu_read_unlock(&ipmi_interfaces_srcu, index); vfree(new_user); return rv; --- base-commit: 783cd2c3dca8b6c434e955b84c20c8940588dc68 change-id: 20250630-ipmi-fix-c565f7098afd Best regards, -- Brendan Jackman <jackmanb(a)google.com>

4 months, 2 weeks

3
5
0 0

[PATCH v2] drm/xe/bmg: fix compressed VRAM handling

by Matthew Auld

There looks to be an issue in our compression handling when the BO pages are very fragmented, where we choose to skip the identity map and instead fall back to emitting the PTEs by hand when migrating memory, such that we can hopefully do more work per blit operation. However in such a case we need to ensure the src PTEs are correctly tagged with a compression enabled PAT index on dgpu xe2+, otherwise the copy will simply treat the src memory as uncompressed, leading to corruption if the memory was compressed by the user. To fix this pass along use_comp_pat into emit_pte() on the src side, to indicate that compression should be considered. v2 (Jonathan): tweak the commit message Fixes: 523f191cc0c7 ("drm/xe/xe_migrate: Handle migration logic for xe2+ dgfx") Signed-off-by: Matthew Auld <matthew.auld(a)intel.com> Cc: Himal Prasad Ghimiray <himal.prasad.ghimiray(a)intel.com> Cc: Thomas Hellström <thomas.hellstrom(a)linux.intel.com> Cc: Akshata Jahagirdar <akshata.jahagirdar(a)intel.com> Cc: <stable(a)vger.kernel.org> # v6.12+ Reviewed-by: Jonathan Cavitt <jonathan.cavitt(a)intel.com> --- drivers/gpu/drm/xe/xe_migrate.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/xe/xe_migrate.c b/drivers/gpu/drm/xe/xe_migrate.c index 0838582537e8..4e2bdf70eb70 100644 --- a/drivers/gpu/drm/xe/xe_migrate.c +++ b/drivers/gpu/drm/xe/xe_migrate.c @@ -863,7 +863,7 @@ struct dma_fence *xe_migrate_copy(struct xe_migrate *m, if (src_is_vram && xe_migrate_allow_identity(src_L0, &src_it)) xe_res_next(&src_it, src_L0); else - emit_pte(m, bb, src_L0_pt, src_is_vram, copy_system_ccs, + emit_pte(m, bb, src_L0_pt, src_is_vram, copy_system_ccs || use_comp_pat, &src_it, src_L0, src); if (dst_is_vram && xe_migrate_allow_identity(src_L0, &dst_it)) -- 2.50.0

4 months, 2 weeks

1
0
0 0

[PATCH] x86/mm: Disable hugetlb page table sharing on non-PAE 32-bit

by Jann Horn

Only select ARCH_WANT_HUGE_PMD_SHARE if hugetlb page table sharing is actually possible; page table sharing requires at least three levels, because it involves shared references to PMD tables. Having ARCH_WANT_HUGE_PMD_SHARE enabled on non-PAE 32-bit X86 (which has 2-level paging) became particularly problematic after commit 59d9094df3d7 ("mm: hugetlb: independent PMD page table shared count"), since that changes `struct ptdesc` such that the `pt_mm` (for PGDs) and the `pt_share_count` (for PMDs) share the same union storage - and with 2-level paging, PMDs are PGDs. (For comparison, arm64 also gates ARCH_WANT_HUGE_PMD_SHARE on the configuration of page tables such that it is never enabled with 2-level paging.) Reported-by: Vitaly Chikunov <vt(a)altlinux.org> Closes: https://lore.kernel.org/r/srhpjxlqfna67blvma5frmy3aa@altlinux.org Fixes: cfe28c5d63d8 ("x86: mm: Remove x86 version of huge_pmd_share.") Cc: stable(a)vger.kernel.org Signed-off-by: Jann Horn <jannh(a)google.com> --- arch/x86/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 71019b3b54ea..917f523b994b 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -147,7 +147,7 @@ config X86 select ARCH_WANTS_DYNAMIC_TASK_STRUCT select ARCH_WANTS_NO_INSTR select ARCH_WANT_GENERAL_HUGETLB - select ARCH_WANT_HUGE_PMD_SHARE + select ARCH_WANT_HUGE_PMD_SHARE if PGTABLE_LEVELS > 2 select ARCH_WANT_LD_ORPHAN_WARN select ARCH_WANT_OPTIMIZE_DAX_VMEMMAP if X86_64 select ARCH_WANT_OPTIMIZE_HUGETLB_VMEMMAP if X86_64 --- base-commit: d0b3b7b22dfa1f4b515fd3a295b3fd958f9e81af change-id: 20250630-x86-2level-hugetlb-b1d8feb255ce -- Jann Horn <jannh(a)google.com>

4 months, 2 weeks

3
3
0 0

[PATCH] fs: Prevent file descriptor table allocations exceeding INT_MAX

by Sasha Levin

When sysctl_nr_open is set to a very high value (for example, 1073741816 as set by systemd), processes attempting to use file descriptors near the limit can trigger massive memory allocation attempts that exceed INT_MAX, resulting in a WARNING in mm/slub.c: WARNING: CPU: 0 PID: 44 at mm/slub.c:5027 __kvmalloc_node_noprof+0x21a/0x288 This happens because kvmalloc_array() and kvmalloc() check if the requested size exceeds INT_MAX and emit a warning when the allocation is not flagged with __GFP_NOWARN. Specifically, when nr_open is set to 1073741816 (0x3ffffff8) and a process calls dup2(oldfd, 1073741880), the kernel attempts to allocate: - File descriptor array: 1073741880 * 8 bytes = 8,589,935,040 bytes - Multiple bitmaps: ~400MB - Total allocation size: > 8GB (exceeding INT_MAX = 2,147,483,647) Reproducer: 1. Set /proc/sys/fs/nr_open to 1073741816: # echo 1073741816 > /proc/sys/fs/nr_open 2. Run a program that uses a high file descriptor: #include <unistd.h> #include <sys/resource.h> int main() { struct rlimit rlim = {1073741824, 1073741824}; setrlimit(RLIMIT_NOFILE, &rlim); dup2(2, 1073741880); // Triggers the warning return 0; } 3. Observe WARNING in dmesg at mm/slub.c:5027 systemd commit a8b627a introduced automatic bumping of fs.nr_open to the maximum possible value. The rationale was that systems with memory control groups (memcg) no longer need separate file descriptor limits since memory is properly accounted. However, this change overlooked that: 1. The kernel's allocation functions still enforce INT_MAX as a maximum size regardless of memcg accounting 2. Programs and tests that legitimately test file descriptor limits can inadvertently trigger massive allocations 3. The resulting allocations (>8GB) are impractical and will always fail systemd's algorithm starts with INT_MAX and keeps halving the value until the kernel accepts it. On most systems, this results in nr_open being set to 1073741816 (0x3ffffff8), which is just under 1GB of file descriptors. While processes rarely use file descriptors near this limit in normal operation, certain selftests (like tools/testing/selftests/core/unshare_test.c) and programs that test file descriptor limits can trigger this issue. Fix this by adding a check in alloc_fdtable() to ensure the requested allocation size does not exceed INT_MAX. This causes the operation to fail with -EMFILE instead of triggering a kernel warning and avoids the impractical >8GB memory allocation request. Fixes: 9cfe015aa424 ("get rid of NR_OPEN and introduce a sysctl_nr_open") Cc: stable(a)vger.kernel.org Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- fs/file.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/fs/file.c b/fs/file.c index b6db031545e65..6d2275c3be9c6 100644 --- a/fs/file.c +++ b/fs/file.c @@ -197,6 +197,21 @@ static struct fdtable *alloc_fdtable(unsigned int slots_wanted) return ERR_PTR(-EMFILE); } + /* + * Check if the allocation size would exceed INT_MAX. kvmalloc_array() + * and kvmalloc() will warn if the allocation size is greater than + * INT_MAX, as filp_cachep objects are not __GFP_NOWARN. + * + * This can happen when sysctl_nr_open is set to a very high value and + * a process tries to use a file descriptor near that limit. For example, + * if sysctl_nr_open is set to 1073741816 (0x3ffffff8) - which is what + * systemd typically sets it to - then trying to use a file descriptor + * close to that value will require allocating a file descriptor table + * that exceeds 8GB in size. + */ + if (unlikely(nr > INT_MAX / sizeof(struct file *))) + return ERR_PTR(-EMFILE); + fdt = kmalloc(sizeof(struct fdtable), GFP_KERNEL_ACCOUNT); if (!fdt) goto out; -- 2.39.5

4 months, 2 weeks

3
5
0 0

[PATCH 1/1] usb: cdnsp: do not disable slot for disabled slot

by Peter Chen

It doesn't need to do it, and the related command event returns 'Slot Not Enabled Error' status. Fixes: 3d82904559f4 ("usb: cdnsp: cdns3 Add main part of Cadence USBSSP DRD Driver") cc: stable(a)vger.kernel.org Suggested-by: Hongliang Yang <hongliang.yang(a)cixtech.com> Signed-off-by: Peter Chen <peter.chen(a)cixtech.com> --- drivers/usb/cdns3/cdnsp-ring.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/usb/cdns3/cdnsp-ring.c b/drivers/usb/cdns3/cdnsp-ring.c index fd06cb85c4ea..757fdd918286 100644 --- a/drivers/usb/cdns3/cdnsp-ring.c +++ b/drivers/usb/cdns3/cdnsp-ring.c @@ -772,7 +772,9 @@ static int cdnsp_update_port_id(struct cdnsp_device *pdev, u32 port_id) } if (port_id != old_port) { - cdnsp_disable_slot(pdev); + if (pdev->slot_id) + cdnsp_disable_slot(pdev); + pdev->active_port = port; cdnsp_enable_slot(pdev); } -- 2.25.1

4 months, 2 weeks

3
3
0 0

[PATCH] net: libwx: fix the incorrect display of the queue number

by Jiawen Wu

When setting "ethtool -L eth0 combined 1", the number of RX/TX queue is changed to be 1. RSS is disabled at this moment, and the indices of FDIR have not be changed in wx_set_rss_queues(). So the combined count still shows the previous value. This issue was introduced when supporting FDIR. Fix it for those devices that support FDIR. Fixes: 34744a7749b3 ("net: txgbe: add FDIR info to ethtool ops") Cc: stable(a)vger.kernel.org Signed-off-by: Jiawen Wu <jiawenwu(a)trustnetic.com> --- drivers/net/ethernet/wangxun/libwx/wx_ethtool.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/net/ethernet/wangxun/libwx/wx_ethtool.c b/drivers/net/ethernet/wangxun/libwx/wx_ethtool.c index c12a4cb951f6..d9de600e685a 100644 --- a/drivers/net/ethernet/wangxun/libwx/wx_ethtool.c +++ b/drivers/net/ethernet/wangxun/libwx/wx_ethtool.c @@ -438,6 +438,10 @@ void wx_get_channels(struct net_device *dev, /* record RSS queues */ ch->combined_count = wx->ring_feature[RING_F_RSS].indices; + /* nothing else to report if RSS is disabled */ + if (ch->combined_count == 1) + return; + if (test_bit(WX_FLAG_FDIR_CAPABLE, wx->flags)) ch->combined_count = wx->ring_feature[RING_F_FDIR].indices; } -- 2.48.1

4 months, 2 weeks

3
3
0 0

[PATCH net v4 2/3] net: wangxun: revert the adjustment of the IRQ vector sequence

by Jiawen Wu

Due to hardware limitations of NGBE, queue IRQs can only be requested on vector 0 to 7. When the number of queues is set to the maximum 8, the PCI IRQ vectors are allocated from 0 to 8. The vector 0 is used by MISC interrupt, and althrough the vector 8 is used by queue interrupt, it is unable to receive packets. This will cause some packets to be dropped when RSS is enabled and they are assigned to queue 8. So revert the adjustment of the MISC IRQ location, to make it be the last one in IRQ vectors. Fixes: 937d46ecc5f9 ("net: wangxun: add ethtool_ops for channel number") Cc: stable(a)vger.kernel.org Signed-off-by: Jiawen Wu <jiawenwu(a)trustnetic.com> Reviewed-by: Larysa Zaremba <larysa.zaremba(a)intel.com> --- drivers/net/ethernet/wangxun/libwx/wx_lib.c | 17 ++++++++--------- drivers/net/ethernet/wangxun/libwx/wx_type.h | 2 +- drivers/net/ethernet/wangxun/ngbe/ngbe_main.c | 2 +- drivers/net/ethernet/wangxun/ngbe/ngbe_type.h | 2 +- drivers/net/ethernet/wangxun/txgbe/txgbe_irq.c | 6 +++--- drivers/net/ethernet/wangxun/txgbe/txgbe_type.h | 4 ++-- 6 files changed, 16 insertions(+), 17 deletions(-) diff --git a/drivers/net/ethernet/wangxun/libwx/wx_lib.c b/drivers/net/ethernet/wangxun/libwx/wx_lib.c index 7f2e6cddfeb1..66eaf5446115 100644 --- a/drivers/net/ethernet/wangxun/libwx/wx_lib.c +++ b/drivers/net/ethernet/wangxun/libwx/wx_lib.c @@ -1746,7 +1746,7 @@ static void wx_set_num_queues(struct wx *wx) */ static int wx_acquire_msix_vectors(struct wx *wx) { - struct irq_affinity affd = { .pre_vectors = 1 }; + struct irq_affinity affd = { .post_vectors = 1 }; int nvecs, i; /* We start by asking for one vector per queue pair */ @@ -1783,16 +1783,17 @@ static int wx_acquire_msix_vectors(struct wx *wx) return nvecs; } - wx->msix_entry->entry = 0; - wx->msix_entry->vector = pci_irq_vector(wx->pdev, 0); nvecs -= 1; for (i = 0; i < nvecs; i++) { wx->msix_q_entries[i].entry = i; - wx->msix_q_entries[i].vector = pci_irq_vector(wx->pdev, i + 1); + wx->msix_q_entries[i].vector = pci_irq_vector(wx->pdev, i); } wx->num_q_vectors = nvecs; + wx->msix_entry->entry = nvecs; + wx->msix_entry->vector = pci_irq_vector(wx->pdev, nvecs); + return 0; } @@ -2299,8 +2300,6 @@ static void wx_set_ivar(struct wx *wx, s8 direction, wr32(wx, WX_PX_MISC_IVAR, ivar); } else { /* tx or rx causes */ - if (!(wx->mac.type == wx_mac_em && wx->num_vfs == 7)) - msix_vector += 1; /* offset for queue vectors */ msix_vector |= WX_PX_IVAR_ALLOC_VAL; index = ((16 * (queue & 1)) + (8 * direction)); ivar = rd32(wx, WX_PX_IVAR(queue >> 1)); @@ -2339,7 +2338,7 @@ void wx_write_eitr(struct wx_q_vector *q_vector) itr_reg |= WX_PX_ITR_CNT_WDIS; - wr32(wx, WX_PX_ITR(v_idx + 1), itr_reg); + wr32(wx, WX_PX_ITR(v_idx), itr_reg); } /** @@ -2392,9 +2391,9 @@ void wx_configure_vectors(struct wx *wx) wx_write_eitr(q_vector); } - wx_set_ivar(wx, -1, 0, 0); + wx_set_ivar(wx, -1, 0, v_idx); if (pdev->msix_enabled) - wr32(wx, WX_PX_ITR(0), 1950); + wr32(wx, WX_PX_ITR(v_idx), 1950); } EXPORT_SYMBOL(wx_configure_vectors); diff --git a/drivers/net/ethernet/wangxun/libwx/wx_type.h b/drivers/net/ethernet/wangxun/libwx/wx_type.h index 7730c9fc3e02..d392394791b3 100644 --- a/drivers/net/ethernet/wangxun/libwx/wx_type.h +++ b/drivers/net/ethernet/wangxun/libwx/wx_type.h @@ -1343,7 +1343,7 @@ struct wx { }; #define WX_INTR_ALL (~0ULL) -#define WX_INTR_Q(i) BIT((i) + 1) +#define WX_INTR_Q(i) BIT((i)) /* register operations */ #define wr32(a, reg, value) writel((value), ((a)->hw_addr + (reg))) diff --git a/drivers/net/ethernet/wangxun/ngbe/ngbe_main.c b/drivers/net/ethernet/wangxun/ngbe/ngbe_main.c index b5022c49dc5e..68415a7ef12f 100644 --- a/drivers/net/ethernet/wangxun/ngbe/ngbe_main.c +++ b/drivers/net/ethernet/wangxun/ngbe/ngbe_main.c @@ -161,7 +161,7 @@ static void ngbe_irq_enable(struct wx *wx, bool queues) if (queues) wx_intr_enable(wx, NGBE_INTR_ALL); else - wx_intr_enable(wx, NGBE_INTR_MISC); + wx_intr_enable(wx, NGBE_INTR_MISC(wx)); } /** diff --git a/drivers/net/ethernet/wangxun/ngbe/ngbe_type.h b/drivers/net/ethernet/wangxun/ngbe/ngbe_type.h index bb74263f0498..6eca6de475f7 100644 --- a/drivers/net/ethernet/wangxun/ngbe/ngbe_type.h +++ b/drivers/net/ethernet/wangxun/ngbe/ngbe_type.h @@ -87,7 +87,7 @@ #define NGBE_PX_MISC_IC_TIMESYNC BIT(11) /* time sync */ #define NGBE_INTR_ALL 0x1FF -#define NGBE_INTR_MISC BIT(0) +#define NGBE_INTR_MISC(A) BIT((A)->num_q_vectors) #define NGBE_PHY_CONFIG(reg_offset) (0x14000 + ((reg_offset) * 4)) #define NGBE_CFG_LAN_SPEED 0x14440 diff --git a/drivers/net/ethernet/wangxun/txgbe/txgbe_irq.c b/drivers/net/ethernet/wangxun/txgbe/txgbe_irq.c index dc468053bdf8..3885283681ec 100644 --- a/drivers/net/ethernet/wangxun/txgbe/txgbe_irq.c +++ b/drivers/net/ethernet/wangxun/txgbe/txgbe_irq.c @@ -31,7 +31,7 @@ void txgbe_irq_enable(struct wx *wx, bool queues) wr32(wx, WX_PX_MISC_IEN, misc_ien); /* unmask interrupt */ - wx_intr_enable(wx, TXGBE_INTR_MISC); + wx_intr_enable(wx, TXGBE_INTR_MISC(wx)); if (queues) wx_intr_enable(wx, TXGBE_INTR_QALL(wx)); } @@ -131,7 +131,7 @@ static irqreturn_t txgbe_misc_irq_handle(int irq, void *data) txgbe->eicr = eicr; if (eicr & TXGBE_PX_MISC_IC_VF_MBOX) { wx_msg_task(txgbe->wx); - wx_intr_enable(wx, TXGBE_INTR_MISC); + wx_intr_enable(wx, TXGBE_INTR_MISC(wx)); } return IRQ_WAKE_THREAD; } @@ -183,7 +183,7 @@ static irqreturn_t txgbe_misc_irq_thread_fn(int irq, void *data) nhandled++; } - wx_intr_enable(wx, TXGBE_INTR_MISC); + wx_intr_enable(wx, TXGBE_INTR_MISC(wx)); return (nhandled > 0 ? IRQ_HANDLED : IRQ_NONE); } diff --git a/drivers/net/ethernet/wangxun/txgbe/txgbe_type.h b/drivers/net/ethernet/wangxun/txgbe/txgbe_type.h index 42ec815159e8..41915d7dd372 100644 --- a/drivers/net/ethernet/wangxun/txgbe/txgbe_type.h +++ b/drivers/net/ethernet/wangxun/txgbe/txgbe_type.h @@ -302,8 +302,8 @@ struct txgbe_fdir_filter { #define TXGBE_DEFAULT_RX_WORK 128 #endif -#define TXGBE_INTR_MISC BIT(0) -#define TXGBE_INTR_QALL(A) GENMASK((A)->num_q_vectors, 1) +#define TXGBE_INTR_MISC(A) BIT((A)->num_q_vectors) +#define TXGBE_INTR_QALL(A) (TXGBE_INTR_MISC(A) - 1) #define TXGBE_MAX_EITR GENMASK(11, 3) -- 2.48.1

4 months, 2 weeks

1
0
0 0

[PATCH net v4 1/3] net: txgbe: request MISC IRQ in ndo_open

by Jiawen Wu

Move the creating of irq_domain for MISC IRQ from .probe to .ndo_open, and free it in .ndo_stop, to maintain consistency with the queue IRQs. This it for subsequent adjustments to the IRQ vectors. Fixes: aefd013624a1 ("net: txgbe: use irq_domain for interrupt controller") Cc: stable(a)vger.kernel.org Signed-off-by: Jiawen Wu <jiawenwu(a)trustnetic.com> Reviewed-by: Michal Swiatkowski <michal.swiatkowski(a)linux.intel.com> --- .../net/ethernet/wangxun/txgbe/txgbe_irq.c | 2 +- .../net/ethernet/wangxun/txgbe/txgbe_main.c | 22 +++++++++---------- 2 files changed, 11 insertions(+), 13 deletions(-) diff --git a/drivers/net/ethernet/wangxun/txgbe/txgbe_irq.c b/drivers/net/ethernet/wangxun/txgbe/txgbe_irq.c index 20b9a28bcb55..dc468053bdf8 100644 --- a/drivers/net/ethernet/wangxun/txgbe/txgbe_irq.c +++ b/drivers/net/ethernet/wangxun/txgbe/txgbe_irq.c @@ -78,7 +78,6 @@ int txgbe_request_queue_irqs(struct wx *wx) free_irq(wx->msix_q_entries[vector].vector, wx->q_vector[vector]); } - wx_reset_interrupt_capability(wx); return err; } @@ -211,6 +210,7 @@ void txgbe_free_misc_irq(struct txgbe *txgbe) free_irq(txgbe->link_irq, txgbe); free_irq(txgbe->misc.irq, txgbe); txgbe_del_irq_domain(txgbe); + txgbe->wx->misc_irq_domain = false; } int txgbe_setup_misc_irq(struct txgbe *txgbe) diff --git a/drivers/net/ethernet/wangxun/txgbe/txgbe_main.c b/drivers/net/ethernet/wangxun/txgbe/txgbe_main.c index f3d2778b8e35..a5867f3c93fc 100644 --- a/drivers/net/ethernet/wangxun/txgbe/txgbe_main.c +++ b/drivers/net/ethernet/wangxun/txgbe/txgbe_main.c @@ -458,10 +458,14 @@ static int txgbe_open(struct net_device *netdev) wx_configure(wx); - err = txgbe_request_queue_irqs(wx); + err = txgbe_setup_misc_irq(wx->priv); if (err) goto err_free_resources; + err = txgbe_request_queue_irqs(wx); + if (err) + goto err_free_misc_irq; + /* Notify the stack of the actual queue counts. */ err = netif_set_real_num_tx_queues(netdev, wx->num_tx_queues); if (err) @@ -479,6 +483,9 @@ static int txgbe_open(struct net_device *netdev) err_free_irq: wx_free_irq(wx); +err_free_misc_irq: + txgbe_free_misc_irq(wx->priv); + wx_reset_interrupt_capability(wx); err_free_resources: wx_free_resources(wx); err_reset: @@ -519,6 +526,7 @@ static int txgbe_close(struct net_device *netdev) wx_ptp_stop(wx); txgbe_down(wx); wx_free_irq(wx); + txgbe_free_misc_irq(wx->priv); wx_free_resources(wx); txgbe_fdir_filter_exit(wx); wx_control_hw(wx, false); @@ -564,7 +572,6 @@ static void txgbe_shutdown(struct pci_dev *pdev) int txgbe_setup_tc(struct net_device *dev, u8 tc) { struct wx *wx = netdev_priv(dev); - struct txgbe *txgbe = wx->priv; /* Hardware has to reinitialize queues and interrupts to * match packet buffer alignment. Unfortunately, the @@ -575,7 +582,6 @@ int txgbe_setup_tc(struct net_device *dev, u8 tc) else txgbe_reset(wx); - txgbe_free_misc_irq(txgbe); wx_clear_interrupt_scheme(wx); if (tc) @@ -584,7 +590,6 @@ int txgbe_setup_tc(struct net_device *dev, u8 tc) netdev_reset_tc(dev); wx_init_interrupt_scheme(wx); - txgbe_setup_misc_irq(txgbe); if (netif_running(dev)) txgbe_open(dev); @@ -882,13 +887,9 @@ static int txgbe_probe(struct pci_dev *pdev, txgbe_init_fdir(txgbe); - err = txgbe_setup_misc_irq(txgbe); - if (err) - goto err_release_hw; - err = txgbe_init_phy(txgbe); if (err) - goto err_free_misc_irq; + goto err_release_hw; err = register_netdev(netdev); if (err) @@ -916,8 +917,6 @@ static int txgbe_probe(struct pci_dev *pdev, err_remove_phy: txgbe_remove_phy(txgbe); -err_free_misc_irq: - txgbe_free_misc_irq(txgbe); err_release_hw: wx_clear_interrupt_scheme(wx); wx_control_hw(wx, false); @@ -957,7 +956,6 @@ static void txgbe_remove(struct pci_dev *pdev) unregister_netdev(netdev); txgbe_remove_phy(txgbe); - txgbe_free_misc_irq(txgbe); wx_free_isb_resources(wx); pci_release_selected_regions(pdev, -- 2.48.1

4 months, 2 weeks

1
0
0 0

[PATCH v2] block: Fix a deadlock related to modifying the readahead attribute

by Bart Van Assche

Every time I run test srp/002 the following deadlock is triggered: task:multipathd Call Trace: <TASK> __schedule+0x8c1/0x1bf0 schedule+0xdd/0x270 schedule_preempt_disabled+0x1c/0x30 __mutex_lock+0xb89/0x1650 mutex_lock_nested+0x1f/0x30 dm_table_set_restrictions+0x823/0xdf0 __bind+0x166/0x590 dm_swap_table+0x2a7/0x490 do_resume+0x1b1/0x610 dev_suspend+0x55/0x1a0 ctl_ioctl+0x3a5/0x7e0 dm_ctl_ioctl+0x12/0x20 __x64_sys_ioctl+0x127/0x1a0 x64_sys_call+0xe2b/0x17d0 do_syscall_64+0x96/0x3a0 entry_SYSCALL_64_after_hwframe+0x4b/0x53 </TASK> task:(udev-worker) Call Trace: <TASK> __schedule+0x8c1/0x1bf0 schedule+0xdd/0x270 blk_mq_freeze_queue_wait+0xf2/0x140 blk_mq_freeze_queue_nomemsave+0x23/0x30 queue_ra_store+0x14e/0x290 queue_attr_store+0x23e/0x2c0 sysfs_kf_write+0xde/0x140 kernfs_fop_write_iter+0x3b2/0x630 vfs_write+0x4fd/0x1390 ksys_write+0xfd/0x230 __x64_sys_write+0x76/0xc0 x64_sys_call+0x276/0x17d0 do_syscall_64+0x96/0x3a0 entry_SYSCALL_64_after_hwframe+0x4b/0x53 </TASK> This deadlock happens because blk_mq_freeze_queue_nomemsave() waits for pending requests to finish. The pending requests do never complete because the dm-multipath queue_if_no_path option is enabled and the only path in the dm-multipath configuration is being removed. Fix this deadlock by removing the queue freezing/unfreezing code from queue_ra_store(). Freezing the request queue from inside a block layer sysfs store callback function is essential when modifying parameters that affect how bios or requests are processed, e.g. parameters that affect bio_split_to_limit(). Freezing the request queue when modifying parameters that do not affect bio nor request processing is not necessary. Cc: Nilay Shroff <nilay(a)linux.ibm.com> Cc: stable(a)vger.kernel.org Fixes: b07a889e8335 ("block: move q->sysfs_lock and queue-freeze under show/store method") Signed-off-by: Bart Van Assche <bvanassche(a)acm.org> --- Changes compared to v1: made the patch description more detailed. block/blk-sysfs.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/block/blk-sysfs.c b/block/blk-sysfs.c index b2b9b89d6967..1f63b184c6e9 100644 --- a/block/blk-sysfs.c +++ b/block/blk-sysfs.c @@ -105,7 +105,6 @@ queue_ra_store(struct gendisk *disk, const char *page, size_t count) { unsigned long ra_kb; ssize_t ret; - unsigned int memflags; struct request_queue *q = disk->queue; ret = queue_var_store(&ra_kb, page, count); @@ -116,10 +115,8 @@ queue_ra_store(struct gendisk *disk, const char *page, size_t count) * calculated from the queue limits by queue_limits_commit_update. */ mutex_lock(&q->limits_lock); - memflags = blk_mq_freeze_queue(q); disk->bdi->ra_pages = ra_kb >> (PAGE_SHIFT - 10); mutex_unlock(&q->limits_lock); - blk_mq_unfreeze_queue(q, memflags); return ret; }

4 months, 2 weeks

4
7
0 0

[PATCH] block: Fix a deadlock related to modifying the readahead attribute

by Bart Van Assche

Every time I run test srp/002 the following deadlock is triggered: task:multipathd Call Trace: <TASK> __schedule+0x8c1/0x1bf0 schedule+0xdd/0x270 schedule_preempt_disabled+0x1c/0x30 __mutex_lock+0xb89/0x1650 mutex_lock_nested+0x1f/0x30 dm_table_set_restrictions+0x823/0xdf0 __bind+0x166/0x590 dm_swap_table+0x2a7/0x490 do_resume+0x1b1/0x610 dev_suspend+0x55/0x1a0 ctl_ioctl+0x3a5/0x7e0 dm_ctl_ioctl+0x12/0x20 __x64_sys_ioctl+0x127/0x1a0 x64_sys_call+0xe2b/0x17d0 do_syscall_64+0x96/0x3a0 entry_SYSCALL_64_after_hwframe+0x4b/0x53 </TASK> task:(udev-worker) Call Trace: <TASK> __schedule+0x8c1/0x1bf0 schedule+0xdd/0x270 blk_mq_freeze_queue_wait+0xf2/0x140 blk_mq_freeze_queue_nomemsave+0x23/0x30 queue_ra_store+0x14e/0x290 queue_attr_store+0x23e/0x2c0 sysfs_kf_write+0xde/0x140 kernfs_fop_write_iter+0x3b2/0x630 vfs_write+0x4fd/0x1390 ksys_write+0xfd/0x230 __x64_sys_write+0x76/0xc0 x64_sys_call+0x276/0x17d0 do_syscall_64+0x96/0x3a0 entry_SYSCALL_64_after_hwframe+0x4b/0x53 </TASK> Fix this by removing the superfluous queue freezing/unfreezing code from queue_ra_store(). Cc: Nilay Shroff <nilay(a)linux.ibm.com> Cc: stable(a)vger.kernel.org Fixes: b07a889e8335 ("block: move q->sysfs_lock and queue-freeze under show/store method") Signed-off-by: Bart Van Assche <bvanassche(a)acm.org> --- block/blk-sysfs.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/block/blk-sysfs.c b/block/blk-sysfs.c index b2b9b89d6967..1f63b184c6e9 100644 --- a/block/blk-sysfs.c +++ b/block/blk-sysfs.c @@ -105,7 +105,6 @@ queue_ra_store(struct gendisk *disk, const char *page, size_t count) { unsigned long ra_kb; ssize_t ret; - unsigned int memflags; struct request_queue *q = disk->queue; ret = queue_var_store(&ra_kb, page, count); @@ -116,10 +115,8 @@ queue_ra_store(struct gendisk *disk, const char *page, size_t count) * calculated from the queue limits by queue_limits_commit_update. */ mutex_lock(&q->limits_lock); - memflags = blk_mq_freeze_queue(q); disk->bdi->ra_pages = ra_kb >> (PAGE_SHIFT - 10); mutex_unlock(&q->limits_lock); - blk_mq_unfreeze_queue(q, memflags); return ret; }

4 months, 2 weeks

3
9
0 0

[PATCH] cifs: all initializations for tcon should happen in tcon_info_alloc

by nspmangalore＠gmail.com

From: Shyam Prasad N <sprasad(a)microsoft.com> Today, a few work structs inside tcon are initialized inside cifs_get_tcon and not in tcon_info_alloc. As a result, if a tcon is obtained from tcon_info_alloc, but not called as a part of cifs_get_tcon, we may trip over. Cc: <stable(a)vger.kernel.org> Signed-off-by: Shyam Prasad N <sprasad(a)microsoft.com> --- fs/smb/client/cifsproto.h | 1 + fs/smb/client/connect.c | 8 +------- fs/smb/client/misc.c | 6 ++++++ 3 files changed, 8 insertions(+), 7 deletions(-) diff --git a/fs/smb/client/cifsproto.h b/fs/smb/client/cifsproto.h index 66093fa78aed..045227ed4efc 100644 --- a/fs/smb/client/cifsproto.h +++ b/fs/smb/client/cifsproto.h @@ -136,6 +136,7 @@ extern int SendReceiveBlockingLock(const unsigned int xid, struct smb_hdr *out_buf, int *bytes_returned); +void smb2_query_server_interfaces(struct work_struct *work); void cifs_signal_cifsd_for_reconnect(struct TCP_Server_Info *server, bool all_channels); diff --git a/fs/smb/client/connect.c b/fs/smb/client/connect.c index c48869c29e15..16c4f7fa1f34 100644 --- a/fs/smb/client/connect.c +++ b/fs/smb/client/connect.c @@ -97,7 +97,7 @@ static int reconn_set_ipaddr_from_hostname(struct TCP_Server_Info *server) return rc; } -static void smb2_query_server_interfaces(struct work_struct *work) +void smb2_query_server_interfaces(struct work_struct *work) { int rc; int xid; @@ -2866,20 +2866,14 @@ cifs_get_tcon(struct cifs_ses *ses, struct smb3_fs_context *ctx) tcon->max_cached_dirs = ctx->max_cached_dirs; tcon->nodelete = ctx->nodelete; tcon->local_lease = ctx->local_lease; - INIT_LIST_HEAD(&tcon->pending_opens); tcon->status = TID_GOOD; - INIT_DELAYED_WORK(&tcon->query_interfaces, - smb2_query_server_interfaces); if (ses->server->dialect >= SMB30_PROT_ID && (ses->server->capabilities & SMB2_GLOBAL_CAP_MULTI_CHANNEL)) { /* schedule query interfaces poll */ queue_delayed_work(cifsiod_wq, &tcon->query_interfaces, (SMB_INTERFACE_POLL_INTERVAL * HZ)); } -#ifdef CONFIG_CIFS_DFS_UPCALL - INIT_DELAYED_WORK(&tcon->dfs_cache_work, dfs_cache_refresh); -#endif spin_lock(&cifs_tcp_ses_lock); list_add(&tcon->tcon_list, &ses->tcon_list); spin_unlock(&cifs_tcp_ses_lock); diff --git a/fs/smb/client/misc.c b/fs/smb/client/misc.c index e77017f47084..da23cc12a52c 100644 --- a/fs/smb/client/misc.c +++ b/fs/smb/client/misc.c @@ -151,6 +151,12 @@ tcon_info_alloc(bool dir_leases_enabled, enum smb3_tcon_ref_trace trace) #ifdef CONFIG_CIFS_DFS_UPCALL INIT_LIST_HEAD(&ret_buf->dfs_ses_list); #endif + INIT_LIST_HEAD(&ret_buf->pending_opens); + INIT_DELAYED_WORK(&ret_buf->query_interfaces, + smb2_query_server_interfaces); +#ifdef CONFIG_CIFS_DFS_UPCALL + INIT_DELAYED_WORK(&ret_buf->dfs_cache_work, dfs_cache_refresh); +#endif return ret_buf; } -- 2.43.0

4 months, 2 weeks

4
4
0 0

[PATCH net v2 1/3] virtio-net: ensure the received length does not exceed allocated size

by Bui Quang Minh

In xdp_linearize_page, when reading the following buffers from the ring, we forget to check the received length with the true allocate size. This can lead to an out-of-bound read. This commit adds that missing check. Cc: <stable(a)vger.kernel.org> Fixes: 4941d472bf95 ("virtio-net: do not reset during XDP set") Signed-off-by: Bui Quang Minh <minhquangbui99(a)gmail.com> --- drivers/net/virtio_net.c | 38 ++++++++++++++++++++++++++++++++++---- 1 file changed, 34 insertions(+), 4 deletions(-) diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c index e53ba600605a..31661bcb3932 100644 --- a/drivers/net/virtio_net.c +++ b/drivers/net/virtio_net.c @@ -778,6 +778,26 @@ static unsigned int mergeable_ctx_to_truesize(void *mrg_ctx) return (unsigned long)mrg_ctx & ((1 << MRG_CTX_HEADER_SHIFT) - 1); } +static int check_mergeable_len(struct net_device *dev, void *mrg_ctx, + unsigned int len) +{ + unsigned int headroom, tailroom, room, truesize; + + truesize = mergeable_ctx_to_truesize(mrg_ctx); + headroom = mergeable_ctx_to_headroom(mrg_ctx); + tailroom = headroom ? sizeof(struct skb_shared_info) : 0; + room = SKB_DATA_ALIGN(headroom + tailroom); + + if (len > truesize - room) { + pr_debug("%s: rx error: len %u exceeds truesize %lu\n", + dev->name, len, (unsigned long)(truesize - room)); + DEV_STATS_INC(dev, rx_length_errors); + return -1; + } + + return 0; +} + static struct sk_buff *virtnet_build_skb(void *buf, unsigned int buflen, unsigned int headroom, unsigned int len) @@ -1797,7 +1817,8 @@ static unsigned int virtnet_get_headroom(struct virtnet_info *vi) * across multiple buffers (num_buf > 1), and we make sure buffers * have enough headroom. */ -static struct page *xdp_linearize_page(struct receive_queue *rq, +static struct page *xdp_linearize_page(struct net_device *dev, + struct receive_queue *rq, int *num_buf, struct page *p, int offset, @@ -1817,18 +1838,27 @@ static struct page *xdp_linearize_page(struct receive_queue *rq, memcpy(page_address(page) + page_off, page_address(p) + offset, *len); page_off += *len; + /* Only mergeable mode can go inside this while loop. In small mode, + * *num_buf == 1, so it cannot go inside. + */ while (--*num_buf) { unsigned int buflen; void *buf; + void *ctx; int off; - buf = virtnet_rq_get_buf(rq, &buflen, NULL); + buf = virtnet_rq_get_buf(rq, &buflen, &ctx); if (unlikely(!buf)) goto err_buf; p = virt_to_head_page(buf); off = buf - page_address(p); + if (check_mergeable_len(dev, ctx, buflen)) { + put_page(p); + goto err_buf; + } + /* guard against a misconfigured or uncooperative backend that * is sending packet larger than the MTU. */ @@ -1917,7 +1947,7 @@ static struct sk_buff *receive_small_xdp(struct net_device *dev, headroom = vi->hdr_len + header_offset; buflen = SKB_DATA_ALIGN(GOOD_PACKET_LEN + headroom) + SKB_DATA_ALIGN(sizeof(struct skb_shared_info)); - xdp_page = xdp_linearize_page(rq, &num_buf, page, + xdp_page = xdp_linearize_page(dev, rq, &num_buf, page, offset, header_offset, &tlen); if (!xdp_page) @@ -2252,7 +2282,7 @@ static void *mergeable_xdp_get_buf(struct virtnet_info *vi, */ if (!xdp_prog->aux->xdp_has_frags) { /* linearize data for XDP */ - xdp_page = xdp_linearize_page(rq, num_buf, + xdp_page = xdp_linearize_page(vi->dev, rq, num_buf, *page, offset, XDP_PACKET_HEADROOM, len); -- 2.43.0

4 months, 2 weeks

2
1
0 0

FAILED: patch "[PATCH] s390/ptrace: Fix pointer dereferencing in" failed to apply to 6.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.15.y git checkout FETCH_HEAD git cherry-pick -x 7f8073cfb04a97842fe891ca50dad60afd1e3121 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062928-revival-saint-3ba2@gregkh' --subject-prefix 'PATCH 6.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 7f8073cfb04a97842fe891ca50dad60afd1e3121 Mon Sep 17 00:00:00 2001 From: Heiko Carstens <hca(a)linux.ibm.com> Date: Fri, 13 Jun 2025 17:53:04 +0200 Subject: [PATCH] s390/ptrace: Fix pointer dereferencing in regs_get_kernel_stack_nth() The recent change which added READ_ONCE_NOCHECK() to read the nth entry from the kernel stack incorrectly dropped dereferencing of the stack pointer in order to read the requested entry. In result the address of the entry is returned instead of its content. Dereference the pointer again to fix this. Reported-by: Will Deacon <will(a)kernel.org> Closes: https://lore.kernel.org/r/20250612163331.GA13384@willie-the-truck Fixes: d93a855c31b7 ("s390/ptrace: Avoid KASAN false positives in regs_get_kernel_stack_nth()") Cc: stable(a)vger.kernel.org Reviewed-by: Alexander Gordeev <agordeev(a)linux.ibm.com> Signed-off-by: Heiko Carstens <hca(a)linux.ibm.com> Signed-off-by: Alexander Gordeev <agordeev(a)linux.ibm.com> diff --git a/arch/s390/include/asm/ptrace.h b/arch/s390/include/asm/ptrace.h index 62c0ab4a4b9d..0905fa99a31e 100644 --- a/arch/s390/include/asm/ptrace.h +++ b/arch/s390/include/asm/ptrace.h @@ -265,7 +265,7 @@ static __always_inline unsigned long regs_get_kernel_stack_nth(struct pt_regs *r addr = kernel_stack_pointer(regs) + n * sizeof(long); if (!regs_within_kernel_stack(regs, addr)) return 0; - return READ_ONCE_NOCHECK(addr); + return READ_ONCE_NOCHECK(*(unsigned long *)addr); } /**

4 months, 2 weeks

3
2
0 0

FAILED: patch "[PATCH] spi: spi-cadence-quadspi: Fix pm runtime unbalance" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x b07f349d1864abe29436f45e3047da2bdd476462 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025063006-expose-blandness-ffd5@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b07f349d1864abe29436f45e3047da2bdd476462 Mon Sep 17 00:00:00 2001 From: Khairul Anuar Romli <khairul.anuar.romli(a)altera.com> Date: Mon, 16 Jun 2025 09:13:53 +0800 Subject: [PATCH] spi: spi-cadence-quadspi: Fix pm runtime unbalance Having PM put sync in remove function is causing PM underflow during remove operation. This is caused by the function, runtime_pm_get_sync, not being called anywhere during the op. Ensure that calls to pm_runtime_enable()/pm_runtime_disable() and pm_runtime_get_sync()/pm_runtime_put_sync() match. echo 108d2000.spi > /sys/bus/platform/drivers/cadence-qspi/unbind [ 49.644256] Deleting MTD partitions on "108d2000.spi.0": [ 49.649575] Deleting u-boot MTD partition [ 49.684087] Deleting root MTD partition [ 49.724188] cadence-qspi 108d2000.spi: Runtime PM usage count underflow! Continuous bind/unbind will result in an "Unbalanced pm_runtime_enable" error. Subsequent unbind attempts will return a "No such device" error, while bind attempts will return a "Resource temporarily unavailable" error. [ 47.592434] cadence-qspi 108d2000.spi: Runtime PM usage count underflow! [ 49.592233] cadence-qspi 108d2000.spi: detected FIFO depth (1024) different from config (128) [ 53.232309] cadence-qspi 108d2000.spi: Runtime PM usage count underflow! [ 55.828550] cadence-qspi 108d2000.spi: detected FIFO depth (1024) different from config (128) [ 57.940627] cadence-qspi 108d2000.spi: Runtime PM usage count underflow! [ 59.912490] cadence-qspi 108d2000.spi: detected FIFO depth (1024) different from config (128) [ 61.876243] cadence-qspi 108d2000.spi: Runtime PM usage count underflow! [ 61.883000] platform 108d2000.spi: Unbalanced pm_runtime_enable! [ 532.012270] cadence-qspi 108d2000.spi: probe with driver cadence-qspi failed1 Also, change clk_disable_unprepare() to clk_disable() since continuous bind and unbind operations will trigger a warning indicating that the clock is already unprepared. Fixes: 4892b374c9b7 ("mtd: spi-nor: cadence-quadspi: Add runtime PM support") cc: stable(a)vger.kernel.org # 6.6+ Signed-off-by: Khairul Anuar Romli <khairul.anuar.romli(a)altera.com> Reviewed-by: Matthew Gerlach <matthew.gerlach(a)altera.com> Link: https://patch.msgid.link/4e7a4b8aba300e629b45a04f90bddf665fbdb335.174960187… Signed-off-by: Mark Brown <broonie(a)kernel.org> diff --git a/drivers/spi/spi-cadence-quadspi.c b/drivers/spi/spi-cadence-quadspi.c index fe0f122f07b0..aa1932ba17cb 100644 --- a/drivers/spi/spi-cadence-quadspi.c +++ b/drivers/spi/spi-cadence-quadspi.c @@ -1958,10 +1958,10 @@ static int cqspi_probe(struct platform_device *pdev) goto probe_setup_failed; } - ret = devm_pm_runtime_enable(dev); - if (ret) { - if (cqspi->rx_chan) - dma_release_channel(cqspi->rx_chan); + pm_runtime_enable(dev); + + if (cqspi->rx_chan) { + dma_release_channel(cqspi->rx_chan); goto probe_setup_failed; } @@ -1981,6 +1981,7 @@ static int cqspi_probe(struct platform_device *pdev) return 0; probe_setup_failed: cqspi_controller_enable(cqspi, 0); + pm_runtime_disable(dev); probe_reset_failed: if (cqspi->is_jh7110) cqspi_jh7110_disable_clk(pdev, cqspi); @@ -1999,7 +2000,8 @@ static void cqspi_remove(struct platform_device *pdev) if (cqspi->rx_chan) dma_release_channel(cqspi->rx_chan); - clk_disable_unprepare(cqspi->clk); + if (pm_runtime_get_sync(&pdev->dev) >= 0) + clk_disable(cqspi->clk); if (cqspi->is_jh7110) cqspi_jh7110_disable_clk(pdev, cqspi);

4 months, 2 weeks

3
2
0 0

FAILED: patch "[PATCH] mm/vma: reset VMA iterator on commit_merge() OOM failure" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 0cf4b1687a187ba9247c71721d8b064634eda1f7 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062053-gills-deliverer-bafc@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0cf4b1687a187ba9247c71721d8b064634eda1f7 Mon Sep 17 00:00:00 2001 From: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Date: Fri, 6 Jun 2025 13:50:32 +0100 Subject: [PATCH] mm/vma: reset VMA iterator on commit_merge() OOM failure While an OOM failure in commit_merge() isn't really feasible due to the allocation which might fail (a maple tree pre-allocation) being 'too small to fail', we do need to handle this case correctly regardless. In vma_merge_existing_range(), we can theoretically encounter failures which result in an OOM error in two ways - firstly dup_anon_vma() might fail with an OOM error, and secondly commit_merge() failing, ultimately, to pre-allocate a maple tree node. The abort logic for dup_anon_vma() resets the VMA iterator to the initial range, ensuring that any logic looping on this iterator will correctly proceed to the next VMA. However the commit_merge() abort logic does not do the same thing. This resulted in a syzbot report occurring because mlockall() iterates through VMAs, is tolerant of errors, but ended up with an incorrect previous VMA being specified due to incorrect iterator state. While making this change, it became apparent we are duplicating logic - the logic introduced in commit 41e6ddcaa0f1 ("mm/vma: add give_up_on_oom option on modify/merge, use in uffd release") duplicates the vmg->give_up_on_oom check in both abort branches. Additionally, we observe that we can perform the anon_dup check safely on dup_anon_vma() failure, as this will not be modified should this call fail. Finally, we need to reset the iterator in both cases, so now we can simply use the exact same code to abort for both. We remove the VM_WARN_ON(err != -ENOMEM) as it would be silly for this to be otherwise and it allows us to implement the abort check more neatly. Link: https://lkml.kernel.org/r/20250606125032.164249-1-lorenzo.stoakes@oracle.com Fixes: 47b16d0462a4 ("mm: abort vma_modify() on merge out of memory failure") Signed-off-by: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Reported-by: syzbot+d16409ea9ecc16ed261a(a)syzkaller.appspotmail.com Closes: https://lore.kernel.org/linux-mm/6842cc67.a00a0220.29ac89.003b.GAE@google.c… Reviewed-by: Pedro Falcato <pfalcato(a)suse.de> Reviewed-by: Vlastimil Babka <vbabka(a)suse.cz> Reviewed-by: Liam R. Howlett <Liam.Howlett(a)oracle.com> Cc: Jann Horn <jannh(a)google.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/vma.c b/mm/vma.c index 726b2a31ce59..0fb9b2c7b734 100644 --- a/mm/vma.c +++ b/mm/vma.c @@ -967,26 +967,9 @@ static __must_check struct vm_area_struct *vma_merge_existing_range( err = dup_anon_vma(next, middle, &anon_dup); } - if (err) + if (err || commit_merge(vmg)) goto abort; - err = commit_merge(vmg); - if (err) { - VM_WARN_ON(err != -ENOMEM); - - if (anon_dup) - unlink_anon_vmas(anon_dup); - - /* - * We've cleaned up any cloned anon_vma's, no VMAs have been - * modified, no harm no foul if the user requests that we not - * report this and just give up, leaving the VMAs unmerged. - */ - if (!vmg->give_up_on_oom) - vmg->state = VMA_MERGE_ERROR_NOMEM; - return NULL; - } - khugepaged_enter_vma(vmg->target, vmg->flags); vmg->state = VMA_MERGE_SUCCESS; return vmg->target; @@ -995,6 +978,9 @@ static __must_check struct vm_area_struct *vma_merge_existing_range( vma_iter_set(vmg->vmi, start); vma_iter_load(vmg->vmi); + if (anon_dup) + unlink_anon_vmas(anon_dup); + /* * This means we have failed to clone anon_vma's correctly, but no * actual changes to VMAs have occurred, so no harm no foul - if the

4 months, 2 weeks

3
2
0 0

Re: [PATCH] thunderbolt: Fix a logic error in wake on connect

by Sasha Levin

[ Sasha's backport helper bot ] Hi, Summary of potential issues: ❌ Build failures detected ⚠️ Found matching upstream commit but patch is missing proper reference to it Found matching upstream commit: 1a760d10ded372d113a0410c42be246315bbc2ff WARNING: Author mismatch between patch and found commit: Backport author: Mario Limonciello<superm1(a)kernel.org> Commit author: Mario Limonciello<mario.limonciello(a)amd.com> Note: The patch differs from the upstream commit: --- 1: 1a760d10ded37 < -: ------------- thunderbolt: Fix a logic error in wake on connect -: ------------- > 1: e60eb441596d1 Linux 6.15.4 --- Results of testing on various branches: | Branch | Patch Apply | Build Test | |---------------------------|-------------|------------| | stable/linux-6.15.y | Success | Success | | stable/linux-6.12.y | Success | Success | | stable/linux-6.6.y | Success | Success | | stable/linux-6.1.y | Success | Success | | stable/linux-5.15.y | Success | Success | | stable/linux-5.10.y | Success | Success | | stable/linux-5.4.y | Success | Failed | Build Errors: Build error for stable/linux-5.4.y: arch/x86/entry/entry_64.o: warning: objtool: .entry.text+0x1e1: stack state mismatch: cfa1=7+56 cfa2=7+40 arch/x86/kvm/vmx/vmenter.o: warning: objtool: __vmx_vcpu_run()+0x12a: return with modified stack frame In file included from ./include/linux/list.h:9, from ./include/linux/kobject.h:19, from ./include/linux/of.h:17, from ./include/linux/clk-provider.h:9, from drivers/clk/qcom/clk-rpmh.c:6: drivers/clk/qcom/clk-rpmh.c: In function 'clk_rpmh_bcm_send_cmd': ./include/linux/kernel.h:843:43: warning: comparison of distinct pointer types lacks a cast [-Wcompare-distinct-pointer-types] 843 | (!!(sizeof((typeof(x) *)1 == (typeof(y) *)1))) | ^~ ./include/linux/kernel.h:857:18: note: in expansion of macro '__typecheck' 857 | (__typecheck(x, y) && __no_side_effects(x, y)) | ^~~~~~~~~~~ ./include/linux/kernel.h:867:31: note: in expansion of macro '__safe_cmp' 867 | __builtin_choose_expr(__safe_cmp(x, y), \ | ^~~~~~~~~~ ./include/linux/kernel.h:876:25: note: in expansion of macro '__careful_cmp' 876 | #define min(x, y) __careful_cmp(x, y, <) | ^~~~~~~~~~~~~ drivers/clk/qcom/clk-rpmh.c:273:21: note: in expansion of macro 'min' 273 | cmd_state = min(cmd_state, BCM_TCS_CMD_VOTE_MASK); | ^~~ fs/xfs/libxfs/xfs_inode_fork.c: In function 'xfs_ifork_verify_attr': fs/xfs/libxfs/xfs_inode_fork.c:735:13: warning: the comparison will always evaluate as 'true' for the address of 'i_df' will never be NULL [-Waddress] 735 | if (!XFS_IFORK_PTR(ip, XFS_ATTR_FORK)) | ^ In file included from fs/xfs/libxfs/xfs_inode_fork.c:14: ./fs/xfs/xfs_inode.h:38:33: note: 'i_df' declared here 38 | struct xfs_ifork i_df; /* data fork */ | ^~~~ drivers/gpu/drm/i915/display/intel_dp.c: In function 'intel_dp_mode_valid': drivers/gpu/drm/i915/display/intel_dp.c:639:33: warning: 'drm_dp_dsc_sink_max_slice_count' reading 16 bytes from a region of size 0 [-Wstringop-overread] 639 | drm_dp_dsc_sink_max_slice_count(intel_dp->dsc_dpcd, | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 640 | true); | ~~~~~ drivers/gpu/drm/i915/display/intel_dp.c:639:33: note: referencing argument 1 of type 'const u8[16]' {aka 'const unsigned char[16]'} In file included from drivers/gpu/drm/i915/display/intel_dp.c:39: ./include/drm/drm_dp_helper.h:1174:4: note: in a call to function 'drm_dp_dsc_sink_max_slice_count' 1174 | u8 drm_dp_dsc_sink_max_slice_count(const u8 dsc_dpcd[DP_DSC_RECEIVER_CAP_SIZE], | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ drivers/net/dsa/microchip/ksz9477.c: In function 'ksz9477_reset_switch': drivers/net/dsa/microchip/ksz9477.c:198:12: warning: unused variable 'data8' [-Wunused-variable] 198 | u8 data8; | ^~~~~ drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c: In function 'vmw_execbuf_process': drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c:3834:25: warning: ISO C90 forbids mixed declarations and code [-Wdeclaration-after-statement] 3834 | struct seqno_waiter_rm_context *ctx = | ^~~~~~ In file included from ./include/linux/bitops.h:5, from ./include/linux/kernel.h:12, from ./include/linux/list.h:9, from ./include/linux/module.h:9, from drivers/net/ethernet/qlogic/qed/qed_debug.c:6: drivers/net/ethernet/qlogic/qed/qed_debug.c: In function 'qed_grc_dump_addr_range': ./include/linux/bits.h:8:33: warning: overflow in conversion from 'long unsigned int' to 'u8' {aka 'unsigned char'} changes value from '(long unsigned int)((int)vf_id << 8 | 128)' to '128' [-Woverflow] 8 | #define BIT(nr) (UL(1) << (nr)) | ^ drivers/net/ethernet/qlogic/qed/qed_debug.c:2572:31: note: in expansion of macro 'BIT' 2572 | fid = BIT(PXP_PRETEND_CONCRETE_FID_VFVALID_SHIFT) | | ^~~ drivers/gpu/drm/nouveau/dispnv50/wndw.c:628:1: warning: conflicting types for 'nv50_wndw_new_' due to enum/integer mismatch; have 'int(const struct nv50_wndw_func *, struct drm_device *, enum drm_plane_type, const char *, int, const u32 *, u32, enum nv50_disp_interlock_type, u32, struct nv50_wndw **)' {aka 'int(const struct nv50_wndw_func *, struct drm_device *, enum drm_plane_type, const char *, int, const unsigned int *, unsigned int, enum nv50_disp_interlock_type, unsigned int, struct nv50_wndw **)'} [-Wenum-int-mismatch] 628 | nv50_wndw_new_(const struct nv50_wndw_func *func, struct drm_device *dev, | ^~~~~~~~~~~~~~ In file included from drivers/gpu/drm/nouveau/dispnv50/wndw.c:22: drivers/gpu/drm/nouveau/dispnv50/wndw.h:39:5: note: previous declaration of 'nv50_wndw_new_' with type 'int(const struct nv50_wndw_func *, struct drm_device *, enum drm_plane_type, const char *, int, const u32 *, enum nv50_disp_interlock_type, u32, u32, struct nv50_wndw **)' {aka 'int(const struct nv50_wndw_func *, struct drm_device *, enum drm_plane_type, const char *, int, const unsigned int *, enum nv50_disp_interlock_type, unsigned int, unsigned int, struct nv50_wndw **)'} 39 | int nv50_wndw_new_(const struct nv50_wndw_func *, struct drm_device *, | ^~~~~~~~~~~~~~ client_loop: send disconnect: Broken pipe

4 months, 2 weeks

1
0
0 0

+ mm-rmap-fix-potential-out-of-bounds-page-table-access-during-batched-unmap.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/rmap: fix potential out-of-bounds page table access during batched unmap has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-rmap-fix-potential-out-of-bounds-page-table-access-during-batched-unmap.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Lance Yang <lance.yang(a)linux.dev> Subject: mm/rmap: fix potential out-of-bounds page table access during batched unmap Date: Fri, 27 Jun 2025 14:23:19 +0800 As pointed out by David[1], the batched unmap logic in try_to_unmap_one() may read past the end of a PTE table when a large folio's PTE mappings are not fully contained within a single page table. While this scenario might be rare, an issue triggerable from userspace must be fixed regardless of its likelihood. This patch fixes the out-of-bounds access by refactoring the logic into a new helper, folio_unmap_pte_batch(). The new helper correctly calculates the safe batch size by capping the scan at both the VMA and PMD boundaries. To simplify the code, it also supports partial batching (i.e., any number of pages from 1 up to the calculated safe maximum), as there is no strong reason to special-case for fully mapped folios. Link: https://lkml.kernel.org/r/20250630011305.23754-1-lance.yang@linux.dev Link: https://lkml.kernel.org/r/20250627062319.84936-1-lance.yang@linux.dev Link: https://lore.kernel.org/linux-mm/a694398c-9f03-4737-81b9-7e49c857fcbe@redha… [1] Fixes: 354dffd29575 ("mm: support batched unmap for lazyfree large folios during reclamation") Signed-off-by: Lance Yang <lance.yang(a)linux.dev> Suggested-by: David Hildenbrand <david(a)redhat.com> Suggested-by: Barry Song <baohua(a)kernel.org> Acked-by: Barry Song <baohua(a)kernel.org> Reviewed-by: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Acked-by: David Hildenbrand <david(a)redhat.com> Cc: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: Chris Li <chrisl(a)kernel.org> Cc: "Huang, Ying" <huang.ying.caritas(a)gmail.com> Cc: Kairui Song <kasong(a)tencent.com> Cc: Lance Yang <lance.yang(a)linux.dev> Cc: Liam Howlett <liam.howlett(a)oracle.com> Cc: Mingzhe Yang <mingzhe.yang(a)ly.com> Cc: Rik van Riel <riel(a)surriel.com> Cc: Ryan Roberts <ryan.roberts(a)arm.com> Cc: Tangquan Zheng <zhengtangquan(a)oppo.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/rmap.c | 46 ++++++++++++++++++++++++++++------------------ 1 file changed, 28 insertions(+), 18 deletions(-) --- a/mm/rmap.c~mm-rmap-fix-potential-out-of-bounds-page-table-access-during-batched-unmap +++ a/mm/rmap.c @@ -1845,23 +1845,32 @@ void folio_remove_rmap_pud(struct folio #endif } -/* We support batch unmapping of PTEs for lazyfree large folios */ -static inline bool can_batch_unmap_folio_ptes(unsigned long addr, - struct folio *folio, pte_t *ptep) +static inline unsigned int folio_unmap_pte_batch(struct folio *folio, + struct page_vma_mapped_walk *pvmw, + enum ttu_flags flags, pte_t pte) { const fpb_t fpb_flags = FPB_IGNORE_DIRTY | FPB_IGNORE_SOFT_DIRTY; - int max_nr = folio_nr_pages(folio); - pte_t pte = ptep_get(ptep); + unsigned long end_addr, addr = pvmw->address; + struct vm_area_struct *vma = pvmw->vma; + unsigned int max_nr; + + if (flags & TTU_HWPOISON) + return 1; + if (!folio_test_large(folio)) + return 1; + + /* We may only batch within a single VMA and a single page table. */ + end_addr = pmd_addr_end(addr, vma->vm_end); + max_nr = (end_addr - addr) >> PAGE_SHIFT; + /* We only support lazyfree batching for now ... */ if (!folio_test_anon(folio) || folio_test_swapbacked(folio)) - return false; + return 1; if (pte_unused(pte)) - return false; - if (pte_pfn(pte) != folio_pfn(folio)) - return false; + return 1; - return folio_pte_batch(folio, addr, ptep, pte, max_nr, fpb_flags, NULL, - NULL, NULL) == max_nr; + return folio_pte_batch(folio, addr, pvmw->pte, pte, max_nr, fpb_flags, + NULL, NULL, NULL); } /* @@ -2024,9 +2033,7 @@ static bool try_to_unmap_one(struct foli if (pte_dirty(pteval)) folio_mark_dirty(folio); } else if (likely(pte_present(pteval))) { - if (folio_test_large(folio) && !(flags & TTU_HWPOISON) && - can_batch_unmap_folio_ptes(address, folio, pvmw.pte)) - nr_pages = folio_nr_pages(folio); + nr_pages = folio_unmap_pte_batch(folio, &pvmw, flags, pteval); end_addr = address + nr_pages * PAGE_SIZE; flush_cache_range(vma, address, end_addr); @@ -2206,13 +2213,16 @@ discard: hugetlb_remove_rmap(folio); } else { folio_remove_rmap_ptes(folio, subpage, nr_pages, vma); - folio_ref_sub(folio, nr_pages - 1); } if (vma->vm_flags & VM_LOCKED) mlock_drain_local(); - folio_put(folio); - /* We have already batched the entire folio */ - if (nr_pages > 1) + folio_put_refs(folio, nr_pages); + + /* + * If we are sure that we batched the entire folio and cleared + * all PTEs, we can just optimize and stop right here. + */ + if (nr_pages == folio_nr_pages(folio)) goto walk_done; continue; walk_abort: _ Patches currently in -mm which might be from lance.yang(a)linux.dev are mm-rmap-fix-potential-out-of-bounds-page-table-access-during-batched-unmap.patch

4 months, 2 weeks

1
0
0 0

[PATCH v3] x86/sev: Use TSC_FACTOR for Secure TSC frequency calculation

by Nikunj A Dadhania

When using Secure TSC, the GUEST_TSC_FREQ MSR reports a frequency based on the nominal P0 frequency, which deviates slightly (typically ~0.2%) from the actual mean TSC frequency due to clocking parameters. Over extended VM uptime, this discrepancy accumulates, causing clock skew between the hypervisor and SEV-SNP VM, leading to early timer interrupts as perceived by the guest. The guest kernel relies on the reported nominal frequency for TSC-based timekeeping, while the actual frequency set during SNP_LAUNCH_START may differ. This mismatch results in inaccurate time calculations, causing the guest to perceive hrtimers as firing earlier than expected. Utilize the TSC_FACTOR from the SEV firmware's secrets page (see "Secrets Page Format" in the SNP Firmware ABI Specification) to calculate the mean TSC frequency, ensuring accurate timekeeping and mitigating clock skew in SEV-SNP VMs. Use early_ioremap_encrypted() to map the secrets page as ioremap_encrypted() uses kmalloc() which is not available during early TSC initialization and causes a panic. Fixes: 73bbf3b0fbba ("x86/tsc: Init the TSC for Secure TSC guests") Cc: stable(a)vger.kernel.org Signed-off-by: Nikunj A Dadhania <nikunj(a)amd.com> --- v3: * Remove unnecessary parenthesis (Ingo) * To avoid type cast, harmonize the types of snp_tsc_freq_khz and securetsc_get_tsc_khz() (Ingo) * Use rdmsr for GUEST_TSC_FREQ and extract BIT[17:0] from lower 32-bit v2: * Move the SNP TSC scaling constant to the header (Dionna) * Drop the unsigned long cast and add in securetsc_get_tsc_khz (Tom) * Drop the RB from Tom as the code has changed --- arch/x86/include/asm/sev.h | 18 +++++++++++++++++- arch/x86/coco/sev/core.c | 22 ++++++++++++++++++---- 2 files changed, 35 insertions(+), 5 deletions(-) diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h index a81769a32eaa..cfa3ace227e6 100644 --- a/arch/x86/include/asm/sev.h +++ b/arch/x86/include/asm/sev.h @@ -223,6 +223,19 @@ struct snp_tsc_info_resp { u8 rsvd2[100]; } __packed; + +/* + * Obtain the mean TSC frequency by decreasing the nominal TSC frequency with + * TSC_FACTOR as documented in the SNP Firmware ABI specification: + * + * GUEST_TSC_FREQ * (1 - (TSC_FACTOR * 0.00001)) + * + * which is equivalent to: + * + * GUEST_TSC_FREQ -= (GUEST_TSC_FREQ * TSC_FACTOR) / 100000; + */ +#define SNP_SCALE_TSC_FREQ(freq, factor) ((freq) - (freq) * (factor) / 100000) + struct snp_guest_req { void *req_buf; size_t req_sz; @@ -283,8 +296,11 @@ struct snp_secrets_page { u8 svsm_guest_vmpl; u8 rsvd3[3]; + /* The percentage decrease from nominal to mean TSC frequency. */ + u32 tsc_factor; + /* Remainder of page */ - u8 rsvd4[3744]; + u8 rsvd4[3740]; } __packed; struct snp_msg_desc { diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c index 46bd89578ec7..115a5750c40d 100644 --- a/arch/x86/coco/sev/core.c +++ b/arch/x86/coco/sev/core.c @@ -88,7 +88,7 @@ static const char * const sev_status_feat_names[] = { */ static u64 snp_tsc_scale __ro_after_init; static u64 snp_tsc_offset __ro_after_init; -static u64 snp_tsc_freq_khz __ro_after_init; +static unsigned long snp_tsc_freq_khz __ro_after_init; DEFINE_PER_CPU(struct sev_es_runtime_data*, runtime_data); DEFINE_PER_CPU(struct sev_es_save_area *, sev_vmsa); @@ -2174,15 +2174,29 @@ static unsigned long securetsc_get_tsc_khz(void) void __init snp_secure_tsc_init(void) { - unsigned long long tsc_freq_mhz; + unsigned long tsc_freq_mhz, dummy; + struct snp_secrets_page *secrets; + void *mem; if (!cc_platform_has(CC_ATTR_GUEST_SNP_SECURE_TSC)) return; + mem = early_memremap_encrypted(sev_secrets_pa, PAGE_SIZE); + if (!mem) { + pr_err("Unable to get TSC_FACTOR: failed to map the SNP secrets page.\n"); + sev_es_terminate(SEV_TERM_SET_LINUX, GHCB_TERM_SECURE_TSC); + } + + secrets = (__force struct snp_secrets_page *)mem; + setup_force_cpu_cap(X86_FEATURE_TSC_KNOWN_FREQ); - rdmsrq(MSR_AMD64_GUEST_TSC_FREQ, tsc_freq_mhz); - snp_tsc_freq_khz = (unsigned long)(tsc_freq_mhz * 1000); + rdmsr(MSR_AMD64_GUEST_TSC_FREQ, tsc_freq_mhz, dummy); + /* Extract the GUEST TSC MHZ from BIT[17:0], rest is reserved space */ + tsc_freq_mhz = tsc_freq_mhz & GENMASK_ULL(17, 0); + snp_tsc_freq_khz = SNP_SCALE_TSC_FREQ(tsc_freq_mhz * 1000, secrets->tsc_factor); x86_platform.calibrate_cpu = securetsc_get_tsc_khz; x86_platform.calibrate_tsc = securetsc_get_tsc_khz; + + early_memunmap(mem, PAGE_SIZE); } base-commit: 4da71e9f8939987cd2063e0b2ab5bb5eafc80a87 -- 2.43.0

4 months, 2 weeks

2
2
0 0

[PATCH] drm/vmwgfx: handle allocation failure of waiter context

by Fedor Pchelkin

Handle result of kmalloc() to prevent possible NULL pointer dereference. For the sake of not introducing additional layer of indentation, extract seqno_waiter_rm_context creating code into a separate helper function. Judging by commit 0039a3b35b10 ("drm/vmwgfx: Add seqno waiter for sync_files"), possible errors in seqno waiting aren't fatal, thus just skip this block if an allocation failure occurs - no need to propagate upwards. Found by Linux Verification Center (linuxtesting.org) with Svace static analysis tool. Fixes: 0039a3b35b10 ("drm/vmwgfx: Add seqno waiter for sync_files") Cc: stable(a)vger.kernel.org Signed-off-by: Fedor Pchelkin <pchelkin(a)ispras.ru> --- drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 27 ++++++++++++++++--------- 1 file changed, 18 insertions(+), 9 deletions(-) diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c b/drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c index e831e324e737..12d897eca410 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c @@ -4085,6 +4085,23 @@ static void seqno_waiter_rm_cb(struct dma_fence *f, struct dma_fence_cb *cb) kfree(ctx); } +static void seqno_waiter_create(struct dma_fence *f, + struct vmw_private *dev_priv) +{ + struct seqno_waiter_rm_context *ctx; + + ctx = kmalloc(sizeof(*ctx), GFP_KERNEL); + if (!ctx) + return; + + ctx->dev_priv = dev_priv; + vmw_seqno_waiter_add(dev_priv); + if (dma_fence_add_callback(f, &ctx->base, seqno_waiter_rm_cb) < 0) { + vmw_seqno_waiter_remove(dev_priv); + kfree(ctx); + } +} + int vmw_execbuf_process(struct drm_file *file_priv, struct vmw_private *dev_priv, void __user *user_commands, void *kernel_commands, @@ -4265,15 +4282,7 @@ int vmw_execbuf_process(struct drm_file *file_priv, } else { /* Link the fence with the FD created earlier */ fd_install(out_fence_fd, sync_file->file); - struct seqno_waiter_rm_context *ctx = - kmalloc(sizeof(*ctx), GFP_KERNEL); - ctx->dev_priv = dev_priv; - vmw_seqno_waiter_add(dev_priv); - if (dma_fence_add_callback(&fence->base, &ctx->base, - seqno_waiter_rm_cb) < 0) { - vmw_seqno_waiter_remove(dev_priv); - kfree(ctx); - } + seqno_waiter_create(&fence->base, dev_priv); } } -- 2.50.0

4 months, 2 weeks

1
0
0 0

[PATCH AUTOSEL 5.4 1/5] atm: idt77252: Add missing `dma_map_error()`

by Sasha Levin

From: Thomas Fourier <fourier.thomas(a)gmail.com> [ Upstream commit c4890963350dcf4e9a909bae23665921fba4ad27 ] The DMA map functions can fail and should be tested for errors. Signed-off-by: Thomas Fourier <fourier.thomas(a)gmail.com> Reviewed-by: Simon Horman <horms(a)kernel.org> Link: https://patch.msgid.link/20250624064148.12815-3-fourier.thomas@gmail.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- **YES** This commit should be backported to stable kernel trees. ## Detailed Analysis: **Nature of the fix:** The commit adds missing error checking for `dma_map_single()` calls in two locations within the idt77252 ATM driver: 1. **In `queue_skb()` function (line 853-854):** ```c IDT77252_PRV_PADDR(skb) = dma_map_single(&card->pcidev->dev, skb->data, skb->len, DMA_TO_DEVICE); +if (dma_mapping_error(&card->pcidev->dev, IDT77252_PRV_PADDR(skb))) + return -ENOMEM; ``` This correctly returns -ENOMEM before reaching the errout label, avoiding any cleanup issues since the DMA mapping never succeeded. 2. **In `add_rx_skb()` function (line 1857-1860):** ```c paddr = dma_map_single(&card->pcidev->dev, skb->data, skb_end_pointer(skb) - skb->data, DMA_FROM_DEVICE); +if (dma_mapping_error(&card->pcidev->dev, paddr)) + goto outpoolrm; ``` This properly jumps to the new `outpoolrm` label which removes the SKB from the pool before freeing it, maintaining correct cleanup order. **Why this qualifies for stable backporting:** 1. **Fixes a real bug**: Missing DMA mapping error checks can cause system crashes or data corruption, especially on systems with IOMMU or SWIOTLB where DMA mapping failures are more likely. 2. **Simple and contained**: The fix adds only 5 lines of error checking code with no architectural changes. 3. **Similar to approved backports**: This follows the exact same pattern as Similar Commits #1 (eni driver) and #2 (aic94xx driver) which were both marked "YES" for backporting. 4. **Long-standing issue**: The driver has existed since at least 2005 (Linux 2.6.12-rc2), meaning this bug has been present for nearly 20 years. 5. **Minimal regression risk**: The changes only add error checking; they don't modify any existing logic paths. 6. **Proper error handling**: Both error paths are correctly implemented with appropriate cleanup sequences. The commit clearly meets all stable tree criteria as an important bug fix with minimal risk and should be backported to protect users from potential DMA-related crashes. drivers/atm/idt77252.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/atm/idt77252.c b/drivers/atm/idt77252.c index 06e2fea1ffa92..03b3b9c7c8b5c 100644 --- a/drivers/atm/idt77252.c +++ b/drivers/atm/idt77252.c @@ -849,6 +849,8 @@ queue_skb(struct idt77252_dev *card, struct vc_map *vc, IDT77252_PRV_PADDR(skb) = dma_map_single(&card->pcidev->dev, skb->data, skb->len, DMA_TO_DEVICE); + if (dma_mapping_error(&card->pcidev->dev, IDT77252_PRV_PADDR(skb))) + return -ENOMEM; error = -EINVAL; @@ -1862,6 +1864,8 @@ add_rx_skb(struct idt77252_dev *card, int queue, paddr = dma_map_single(&card->pcidev->dev, skb->data, skb_end_pointer(skb) - skb->data, DMA_FROM_DEVICE); + if (dma_mapping_error(&card->pcidev->dev, paddr)) + goto outpoolrm; IDT77252_PRV_PADDR(skb) = paddr; if (push_rx_skb(card, skb, queue)) { @@ -1876,6 +1880,7 @@ add_rx_skb(struct idt77252_dev *card, int queue, dma_unmap_single(&card->pcidev->dev, IDT77252_PRV_PADDR(skb), skb_end_pointer(skb) - skb->data, DMA_FROM_DEVICE); +outpoolrm: handle = IDT77252_PRV_POOL(skb); card->sbpool[POOL_QUEUE(handle)].skb[POOL_INDEX(handle)] = NULL; -- 2.39.5

4 months, 2 weeks

1
4
0 0

[PATCH AUTOSEL 5.10 1/6] atm: idt77252: Add missing `dma_map_error()`

by Sasha Levin

From: Thomas Fourier <fourier.thomas(a)gmail.com> [ Upstream commit c4890963350dcf4e9a909bae23665921fba4ad27 ] The DMA map functions can fail and should be tested for errors. Signed-off-by: Thomas Fourier <fourier.thomas(a)gmail.com> Reviewed-by: Simon Horman <horms(a)kernel.org> Link: https://patch.msgid.link/20250624064148.12815-3-fourier.thomas@gmail.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- **YES** This commit should be backported to stable kernel trees. ## Detailed Analysis: **Nature of the fix:** The commit adds missing error checking for `dma_map_single()` calls in two locations within the idt77252 ATM driver: 1. **In `queue_skb()` function (line 853-854):** ```c IDT77252_PRV_PADDR(skb) = dma_map_single(&card->pcidev->dev, skb->data, skb->len, DMA_TO_DEVICE); +if (dma_mapping_error(&card->pcidev->dev, IDT77252_PRV_PADDR(skb))) + return -ENOMEM; ``` This correctly returns -ENOMEM before reaching the errout label, avoiding any cleanup issues since the DMA mapping never succeeded. 2. **In `add_rx_skb()` function (line 1857-1860):** ```c paddr = dma_map_single(&card->pcidev->dev, skb->data, skb_end_pointer(skb) - skb->data, DMA_FROM_DEVICE); +if (dma_mapping_error(&card->pcidev->dev, paddr)) + goto outpoolrm; ``` This properly jumps to the new `outpoolrm` label which removes the SKB from the pool before freeing it, maintaining correct cleanup order. **Why this qualifies for stable backporting:** 1. **Fixes a real bug**: Missing DMA mapping error checks can cause system crashes or data corruption, especially on systems with IOMMU or SWIOTLB where DMA mapping failures are more likely. 2. **Simple and contained**: The fix adds only 5 lines of error checking code with no architectural changes. 3. **Similar to approved backports**: This follows the exact same pattern as Similar Commits #1 (eni driver) and #2 (aic94xx driver) which were both marked "YES" for backporting. 4. **Long-standing issue**: The driver has existed since at least 2005 (Linux 2.6.12-rc2), meaning this bug has been present for nearly 20 years. 5. **Minimal regression risk**: The changes only add error checking; they don't modify any existing logic paths. 6. **Proper error handling**: Both error paths are correctly implemented with appropriate cleanup sequences. The commit clearly meets all stable tree criteria as an important bug fix with minimal risk and should be backported to protect users from potential DMA-related crashes. drivers/atm/idt77252.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/atm/idt77252.c b/drivers/atm/idt77252.c index 25fd73fafb371..89b0ed8e51430 100644 --- a/drivers/atm/idt77252.c +++ b/drivers/atm/idt77252.c @@ -852,6 +852,8 @@ queue_skb(struct idt77252_dev *card, struct vc_map *vc, IDT77252_PRV_PADDR(skb) = dma_map_single(&card->pcidev->dev, skb->data, skb->len, DMA_TO_DEVICE); + if (dma_mapping_error(&card->pcidev->dev, IDT77252_PRV_PADDR(skb))) + return -ENOMEM; error = -EINVAL; @@ -1863,6 +1865,8 @@ add_rx_skb(struct idt77252_dev *card, int queue, paddr = dma_map_single(&card->pcidev->dev, skb->data, skb_end_pointer(skb) - skb->data, DMA_FROM_DEVICE); + if (dma_mapping_error(&card->pcidev->dev, paddr)) + goto outpoolrm; IDT77252_PRV_PADDR(skb) = paddr; if (push_rx_skb(card, skb, queue)) { @@ -1877,6 +1881,7 @@ add_rx_skb(struct idt77252_dev *card, int queue, dma_unmap_single(&card->pcidev->dev, IDT77252_PRV_PADDR(skb), skb_end_pointer(skb) - skb->data, DMA_FROM_DEVICE); +outpoolrm: handle = IDT77252_PRV_POOL(skb); card->sbpool[POOL_QUEUE(handle)].skb[POOL_INDEX(handle)] = NULL; -- 2.39.5

4 months, 2 weeks

1
5
0 0

[PATCH AUTOSEL 5.15 1/7] atm: idt77252: Add missing `dma_map_error()`

by Sasha Levin

From: Thomas Fourier <fourier.thomas(a)gmail.com> [ Upstream commit c4890963350dcf4e9a909bae23665921fba4ad27 ] The DMA map functions can fail and should be tested for errors. Signed-off-by: Thomas Fourier <fourier.thomas(a)gmail.com> Reviewed-by: Simon Horman <horms(a)kernel.org> Link: https://patch.msgid.link/20250624064148.12815-3-fourier.thomas@gmail.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- **YES** This commit should be backported to stable kernel trees. ## Detailed Analysis: **Nature of the fix:** The commit adds missing error checking for `dma_map_single()` calls in two locations within the idt77252 ATM driver: 1. **In `queue_skb()` function (line 853-854):** ```c IDT77252_PRV_PADDR(skb) = dma_map_single(&card->pcidev->dev, skb->data, skb->len, DMA_TO_DEVICE); +if (dma_mapping_error(&card->pcidev->dev, IDT77252_PRV_PADDR(skb))) + return -ENOMEM; ``` This correctly returns -ENOMEM before reaching the errout label, avoiding any cleanup issues since the DMA mapping never succeeded. 2. **In `add_rx_skb()` function (line 1857-1860):** ```c paddr = dma_map_single(&card->pcidev->dev, skb->data, skb_end_pointer(skb) - skb->data, DMA_FROM_DEVICE); +if (dma_mapping_error(&card->pcidev->dev, paddr)) + goto outpoolrm; ``` This properly jumps to the new `outpoolrm` label which removes the SKB from the pool before freeing it, maintaining correct cleanup order. **Why this qualifies for stable backporting:** 1. **Fixes a real bug**: Missing DMA mapping error checks can cause system crashes or data corruption, especially on systems with IOMMU or SWIOTLB where DMA mapping failures are more likely. 2. **Simple and contained**: The fix adds only 5 lines of error checking code with no architectural changes. 3. **Similar to approved backports**: This follows the exact same pattern as Similar Commits #1 (eni driver) and #2 (aic94xx driver) which were both marked "YES" for backporting. 4. **Long-standing issue**: The driver has existed since at least 2005 (Linux 2.6.12-rc2), meaning this bug has been present for nearly 20 years. 5. **Minimal regression risk**: The changes only add error checking; they don't modify any existing logic paths. 6. **Proper error handling**: Both error paths are correctly implemented with appropriate cleanup sequences. The commit clearly meets all stable tree criteria as an important bug fix with minimal risk and should be backported to protect users from potential DMA-related crashes. drivers/atm/idt77252.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/atm/idt77252.c b/drivers/atm/idt77252.c index 7810f974b2ca9..d9ee20f0048fe 100644 --- a/drivers/atm/idt77252.c +++ b/drivers/atm/idt77252.c @@ -852,6 +852,8 @@ queue_skb(struct idt77252_dev *card, struct vc_map *vc, IDT77252_PRV_PADDR(skb) = dma_map_single(&card->pcidev->dev, skb->data, skb->len, DMA_TO_DEVICE); + if (dma_mapping_error(&card->pcidev->dev, IDT77252_PRV_PADDR(skb))) + return -ENOMEM; error = -EINVAL; @@ -1857,6 +1859,8 @@ add_rx_skb(struct idt77252_dev *card, int queue, paddr = dma_map_single(&card->pcidev->dev, skb->data, skb_end_pointer(skb) - skb->data, DMA_FROM_DEVICE); + if (dma_mapping_error(&card->pcidev->dev, paddr)) + goto outpoolrm; IDT77252_PRV_PADDR(skb) = paddr; if (push_rx_skb(card, skb, queue)) { @@ -1871,6 +1875,7 @@ add_rx_skb(struct idt77252_dev *card, int queue, dma_unmap_single(&card->pcidev->dev, IDT77252_PRV_PADDR(skb), skb_end_pointer(skb) - skb->data, DMA_FROM_DEVICE); +outpoolrm: handle = IDT77252_PRV_POOL(skb); card->sbpool[POOL_QUEUE(handle)].skb[POOL_INDEX(handle)] = NULL; -- 2.39.5

4 months, 2 weeks

1
6
0 0

[PATCH AUTOSEL 6.1 01/10] atm: idt77252: Add missing `dma_map_error()`

by Sasha Levin

From: Thomas Fourier <fourier.thomas(a)gmail.com> [ Upstream commit c4890963350dcf4e9a909bae23665921fba4ad27 ] The DMA map functions can fail and should be tested for errors. Signed-off-by: Thomas Fourier <fourier.thomas(a)gmail.com> Reviewed-by: Simon Horman <horms(a)kernel.org> Link: https://patch.msgid.link/20250624064148.12815-3-fourier.thomas@gmail.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- **YES** This commit should be backported to stable kernel trees. ## Detailed Analysis: **Nature of the fix:** The commit adds missing error checking for `dma_map_single()` calls in two locations within the idt77252 ATM driver: 1. **In `queue_skb()` function (line 853-854):** ```c IDT77252_PRV_PADDR(skb) = dma_map_single(&card->pcidev->dev, skb->data, skb->len, DMA_TO_DEVICE); +if (dma_mapping_error(&card->pcidev->dev, IDT77252_PRV_PADDR(skb))) + return -ENOMEM; ``` This correctly returns -ENOMEM before reaching the errout label, avoiding any cleanup issues since the DMA mapping never succeeded. 2. **In `add_rx_skb()` function (line 1857-1860):** ```c paddr = dma_map_single(&card->pcidev->dev, skb->data, skb_end_pointer(skb) - skb->data, DMA_FROM_DEVICE); +if (dma_mapping_error(&card->pcidev->dev, paddr)) + goto outpoolrm; ``` This properly jumps to the new `outpoolrm` label which removes the SKB from the pool before freeing it, maintaining correct cleanup order. **Why this qualifies for stable backporting:** 1. **Fixes a real bug**: Missing DMA mapping error checks can cause system crashes or data corruption, especially on systems with IOMMU or SWIOTLB where DMA mapping failures are more likely. 2. **Simple and contained**: The fix adds only 5 lines of error checking code with no architectural changes. 3. **Similar to approved backports**: This follows the exact same pattern as Similar Commits #1 (eni driver) and #2 (aic94xx driver) which were both marked "YES" for backporting. 4. **Long-standing issue**: The driver has existed since at least 2005 (Linux 2.6.12-rc2), meaning this bug has been present for nearly 20 years. 5. **Minimal regression risk**: The changes only add error checking; they don't modify any existing logic paths. 6. **Proper error handling**: Both error paths are correctly implemented with appropriate cleanup sequences. The commit clearly meets all stable tree criteria as an important bug fix with minimal risk and should be backported to protect users from potential DMA-related crashes. drivers/atm/idt77252.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/atm/idt77252.c b/drivers/atm/idt77252.c index 7810f974b2ca9..d9ee20f0048fe 100644 --- a/drivers/atm/idt77252.c +++ b/drivers/atm/idt77252.c @@ -852,6 +852,8 @@ queue_skb(struct idt77252_dev *card, struct vc_map *vc, IDT77252_PRV_PADDR(skb) = dma_map_single(&card->pcidev->dev, skb->data, skb->len, DMA_TO_DEVICE); + if (dma_mapping_error(&card->pcidev->dev, IDT77252_PRV_PADDR(skb))) + return -ENOMEM; error = -EINVAL; @@ -1857,6 +1859,8 @@ add_rx_skb(struct idt77252_dev *card, int queue, paddr = dma_map_single(&card->pcidev->dev, skb->data, skb_end_pointer(skb) - skb->data, DMA_FROM_DEVICE); + if (dma_mapping_error(&card->pcidev->dev, paddr)) + goto outpoolrm; IDT77252_PRV_PADDR(skb) = paddr; if (push_rx_skb(card, skb, queue)) { @@ -1871,6 +1875,7 @@ add_rx_skb(struct idt77252_dev *card, int queue, dma_unmap_single(&card->pcidev->dev, IDT77252_PRV_PADDR(skb), skb_end_pointer(skb) - skb->data, DMA_FROM_DEVICE); +outpoolrm: handle = IDT77252_PRV_POOL(skb); card->sbpool[POOL_QUEUE(handle)].skb[POOL_INDEX(handle)] = NULL; -- 2.39.5

4 months, 2 weeks

1
9
0 0

[PATCH AUTOSEL 6.6 01/14] ublk: sanity check add_dev input for underflow

by Sasha Levin

From: Ronnie Sahlberg <rsahlberg(a)whamcloud.com> [ Upstream commit 969127bf0783a4ac0c8a27e633a9e8ea1738583f ] Add additional checks that queue depth and number of queues are non-zero. Signed-off-by: Ronnie Sahlberg <rsahlberg(a)whamcloud.com> Reviewed-by: Ming Lei <ming.lei(a)redhat.com> Link: https://lore.kernel.org/r/20250626022046.235018-1-ronniesahlberg@gmail.com Signed-off-by: Jens Axboe <axboe(a)kernel.dk> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- **YES** This commit should be backported to stable kernel trees for the following reasons: **1. Fixes a Critical Input Validation Bug** The commit addresses a serious bug where userspace could pass zero values for `queue_depth` or `nr_hw_queues`, leading to: - Memory allocation failures (`kcalloc(0, ubq_size, GFP_KERNEL)` in `ublk_init_queues()`) - Non-functional block devices with zero queues - Potential kernel crashes or undefined behavior **2. Minimal and Contained Fix** The change is extremely minimal - just adding two checks to an existing validation: ```diff - if (info.queue_depth > UBLK_MAX_QUEUE_DEPTH || info.nr_hw_queues > UBLK_MAX_NR_QUEUES) + if (info.queue_depth > UBLK_MAX_QUEUE_DEPTH || !info.queue_depth || + info.nr_hw_queues > UBLK_MAX_NR_QUEUES || !info.nr_hw_queues) ``` **3. Prevents Security/Stability Issues** Based on the kernel source analysis: - `ublk_init_queues()` uses these values directly for memory allocation - Multiple loops iterate based on `nr_hw_queues` - zero would skip all initialization - The block layer's `blk_mq_alloc_tag_set()` expects non-zero values **4. Similar to Previously Backported Commits** This is very similar to "block: ublk: extending queue_size to fix overflow" (Similar Commit #2), which was marked YES for backporting. Both fix input validation issues that could cause memory/stability problems. **5. Clear Bug Fix Following Stable Rules** - Fixes a real bug (not theoretical) - No new features or architectural changes - Minimal risk - simply rejects invalid input - Confined to the ublk subsystem - Prevents userspace from creating broken/dangerous kernel state The commit prevents userspace from triggering undefined behavior in the kernel by passing invalid parameters, which is exactly the type of bug fix that belongs in stable kernels. drivers/block/ublk_drv.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/block/ublk_drv.c b/drivers/block/ublk_drv.c index df3e5aab4b5ac..8c873a8e39cd9 100644 --- a/drivers/block/ublk_drv.c +++ b/drivers/block/ublk_drv.c @@ -2323,7 +2323,8 @@ static int ublk_ctrl_add_dev(struct io_uring_cmd *cmd) if (copy_from_user(&info, argp, sizeof(info))) return -EFAULT; - if (info.queue_depth > UBLK_MAX_QUEUE_DEPTH || info.nr_hw_queues > UBLK_MAX_NR_QUEUES) + if (info.queue_depth > UBLK_MAX_QUEUE_DEPTH || !info.queue_depth || + info.nr_hw_queues > UBLK_MAX_NR_QUEUES || !info.nr_hw_queues) return -EINVAL; if (capable(CAP_SYS_ADMIN)) -- 2.39.5

4 months, 2 weeks

1
13
0 0

[PATCH AUTOSEL 6.12 01/21] ublk: sanity check add_dev input for underflow

by Sasha Levin

From: Ronnie Sahlberg <rsahlberg(a)whamcloud.com> [ Upstream commit 969127bf0783a4ac0c8a27e633a9e8ea1738583f ] Add additional checks that queue depth and number of queues are non-zero. Signed-off-by: Ronnie Sahlberg <rsahlberg(a)whamcloud.com> Reviewed-by: Ming Lei <ming.lei(a)redhat.com> Link: https://lore.kernel.org/r/20250626022046.235018-1-ronniesahlberg@gmail.com Signed-off-by: Jens Axboe <axboe(a)kernel.dk> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- **YES** This commit should be backported to stable kernel trees for the following reasons: **1. Fixes a Critical Input Validation Bug** The commit addresses a serious bug where userspace could pass zero values for `queue_depth` or `nr_hw_queues`, leading to: - Memory allocation failures (`kcalloc(0, ubq_size, GFP_KERNEL)` in `ublk_init_queues()`) - Non-functional block devices with zero queues - Potential kernel crashes or undefined behavior **2. Minimal and Contained Fix** The change is extremely minimal - just adding two checks to an existing validation: ```diff - if (info.queue_depth > UBLK_MAX_QUEUE_DEPTH || info.nr_hw_queues > UBLK_MAX_NR_QUEUES) + if (info.queue_depth > UBLK_MAX_QUEUE_DEPTH || !info.queue_depth || + info.nr_hw_queues > UBLK_MAX_NR_QUEUES || !info.nr_hw_queues) ``` **3. Prevents Security/Stability Issues** Based on the kernel source analysis: - `ublk_init_queues()` uses these values directly for memory allocation - Multiple loops iterate based on `nr_hw_queues` - zero would skip all initialization - The block layer's `blk_mq_alloc_tag_set()` expects non-zero values **4. Similar to Previously Backported Commits** This is very similar to "block: ublk: extending queue_size to fix overflow" (Similar Commit #2), which was marked YES for backporting. Both fix input validation issues that could cause memory/stability problems. **5. Clear Bug Fix Following Stable Rules** - Fixes a real bug (not theoretical) - No new features or architectural changes - Minimal risk - simply rejects invalid input - Confined to the ublk subsystem - Prevents userspace from creating broken/dangerous kernel state The commit prevents userspace from triggering undefined behavior in the kernel by passing invalid parameters, which is exactly the type of bug fix that belongs in stable kernels. drivers/block/ublk_drv.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/block/ublk_drv.c b/drivers/block/ublk_drv.c index 746ef36e58df2..3b1a5cdd63116 100644 --- a/drivers/block/ublk_drv.c +++ b/drivers/block/ublk_drv.c @@ -2457,7 +2457,8 @@ static int ublk_ctrl_add_dev(struct io_uring_cmd *cmd) if (copy_from_user(&info, argp, sizeof(info))) return -EFAULT; - if (info.queue_depth > UBLK_MAX_QUEUE_DEPTH || info.nr_hw_queues > UBLK_MAX_NR_QUEUES) + if (info.queue_depth > UBLK_MAX_QUEUE_DEPTH || !info.queue_depth || + info.nr_hw_queues > UBLK_MAX_NR_QUEUES || !info.nr_hw_queues) return -EINVAL; if (capable(CAP_SYS_ADMIN)) -- 2.39.5

4 months, 2 weeks

1
20
0 0

[PATCH AUTOSEL 6.15 01/23] ublk: sanity check add_dev input for underflow

by Sasha Levin

From: Ronnie Sahlberg <rsahlberg(a)whamcloud.com> [ Upstream commit 969127bf0783a4ac0c8a27e633a9e8ea1738583f ] Add additional checks that queue depth and number of queues are non-zero. Signed-off-by: Ronnie Sahlberg <rsahlberg(a)whamcloud.com> Reviewed-by: Ming Lei <ming.lei(a)redhat.com> Link: https://lore.kernel.org/r/20250626022046.235018-1-ronniesahlberg@gmail.com Signed-off-by: Jens Axboe <axboe(a)kernel.dk> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- **YES** This commit should be backported to stable kernel trees for the following reasons: **1. Fixes a Critical Input Validation Bug** The commit addresses a serious bug where userspace could pass zero values for `queue_depth` or `nr_hw_queues`, leading to: - Memory allocation failures (`kcalloc(0, ubq_size, GFP_KERNEL)` in `ublk_init_queues()`) - Non-functional block devices with zero queues - Potential kernel crashes or undefined behavior **2. Minimal and Contained Fix** The change is extremely minimal - just adding two checks to an existing validation: ```diff - if (info.queue_depth > UBLK_MAX_QUEUE_DEPTH || info.nr_hw_queues > UBLK_MAX_NR_QUEUES) + if (info.queue_depth > UBLK_MAX_QUEUE_DEPTH || !info.queue_depth || + info.nr_hw_queues > UBLK_MAX_NR_QUEUES || !info.nr_hw_queues) ``` **3. Prevents Security/Stability Issues** Based on the kernel source analysis: - `ublk_init_queues()` uses these values directly for memory allocation - Multiple loops iterate based on `nr_hw_queues` - zero would skip all initialization - The block layer's `blk_mq_alloc_tag_set()` expects non-zero values **4. Similar to Previously Backported Commits** This is very similar to "block: ublk: extending queue_size to fix overflow" (Similar Commit #2), which was marked YES for backporting. Both fix input validation issues that could cause memory/stability problems. **5. Clear Bug Fix Following Stable Rules** - Fixes a real bug (not theoretical) - No new features or architectural changes - Minimal risk - simply rejects invalid input - Confined to the ublk subsystem - Prevents userspace from creating broken/dangerous kernel state The commit prevents userspace from triggering undefined behavior in the kernel by passing invalid parameters, which is exactly the type of bug fix that belongs in stable kernels. drivers/block/ublk_drv.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/block/ublk_drv.c b/drivers/block/ublk_drv.c index 8a482853a75ed..0e017eae97fb1 100644 --- a/drivers/block/ublk_drv.c +++ b/drivers/block/ublk_drv.c @@ -2710,7 +2710,8 @@ static int ublk_ctrl_add_dev(const struct ublksrv_ctrl_cmd *header) if (copy_from_user(&info, argp, sizeof(info))) return -EFAULT; - if (info.queue_depth > UBLK_MAX_QUEUE_DEPTH || info.nr_hw_queues > UBLK_MAX_NR_QUEUES) + if (info.queue_depth > UBLK_MAX_QUEUE_DEPTH || !info.queue_depth || + info.nr_hw_queues > UBLK_MAX_NR_QUEUES || !info.nr_hw_queues) return -EINVAL; if (capable(CAP_SYS_ADMIN)) -- 2.39.5

4 months, 2 weeks

1
22
0 0

[PATCH] media: uvcvideo: fix build error in uvc_ctrl_cleanup_fh

by Desnes Nunes

This fixes the following compilation failure: "error: ‘for’ loop initial declarations are only allowed in C99 or C11 mode" Cc: stable(a)vger.kernel.org Fixes: 221cd51efe45 ("media: uvcvideo: Remove dangling pointers") Signed-off-by: Desnes Nunes <desnesn(a)redhat.com> --- drivers/media/usb/uvc/uvc_ctrl.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/media/usb/uvc/uvc_ctrl.c b/drivers/media/usb/uvc/uvc_ctrl.c index 44b6513c5264..532615d8484b 100644 --- a/drivers/media/usb/uvc/uvc_ctrl.c +++ b/drivers/media/usb/uvc/uvc_ctrl.c @@ -3260,7 +3260,7 @@ int uvc_ctrl_init_device(struct uvc_device *dev) void uvc_ctrl_cleanup_fh(struct uvc_fh *handle) { struct uvc_entity *entity; - int i; + unsigned int i; guard(mutex)(&handle->chain->ctrl_mutex); @@ -3268,7 +3268,7 @@ void uvc_ctrl_cleanup_fh(struct uvc_fh *handle) return; list_for_each_entry(entity, &handle->chain->dev->entities, list) { - for (unsigned int i = 0; i < entity->ncontrols; ++i) { + for (i = 0; i < entity->ncontrols; ++i) { if (entity->controls[i].handle != handle) continue; uvc_ctrl_set_handle(handle, &entity->controls[i], NULL); -- 2.49.0

4 months, 2 weeks

4
6
0 0

[PATCH] i2c/designware: Fix an initialization issue

by Michael J. Ruhl

The i2c_dw_xfer_init() function requires msgs and msg_write_idx from the dev context to be initialized. amd_i2c_dw_xfer_quirk() inits msgs and msgs_num, but not msg_write_idx. This could allow an out of bounds access (of msgs). Initialize msg_write_idx before calling i2c_dw_xfer_init(). Reviewed-by: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Fixes: 17631e8ca2d3 ("i2c: designware: Add driver support for AMD NAVI GPU") Cc: <stable(a)vger.kernel.org> Signed-off-by: Michael J. Ruhl <michael.j.ruhl(a)intel.com> --- drivers/i2c/busses/i2c-designware-master.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/i2c/busses/i2c-designware-master.c b/drivers/i2c/busses/i2c-designware-master.c index c5394229b77f..40aa5114bf8c 100644 --- a/drivers/i2c/busses/i2c-designware-master.c +++ b/drivers/i2c/busses/i2c-designware-master.c @@ -363,6 +363,7 @@ static int amd_i2c_dw_xfer_quirk(struct i2c_adapter *adap, struct i2c_msg *msgs, dev->msgs = msgs; dev->msgs_num = num_msgs; + dev->msg_write_idx = 0; i2c_dw_xfer_init(dev); /* Initiate messages read/write transaction */ -- 2.49.0

4 months, 2 weeks

2
1
0 0

[PATCH 5.10 1/2] string.h: add array-wrappers for (v)memdup_user()

by Fedor Pchelkin

From: Philipp Stanner <pstanner(a)redhat.com> commit 313ebe47d75558511aa1237b6e35c663b5c0ec6f upstream. Currently, user array duplications are sometimes done without an overflow check. Sometimes the checks are done manually; sometimes the array size is calculated with array_size() and sometimes by calculating n * size directly in code. Introduce wrappers for arrays for memdup_user() and vmemdup_user() to provide a standardized and safe way for duplicating user arrays. This is both for new code as well as replacing usage of (v)memdup_user() in existing code that uses, e.g., n * size to calculate array sizes. Suggested-by: David Airlie <airlied(a)redhat.com> Signed-off-by: Philipp Stanner <pstanner(a)redhat.com> Reviewed-by: Andy Shevchenko <andy.shevchenko(a)gmail.com> Reviewed-by: Kees Cook <keescook(a)chromium.org> Reviewed-by: Zack Rusin <zackr(a)vmware.com> Signed-off-by: Dave Airlie <airlied(a)redhat.com> Link: https://patchwork.freedesktop.org/patch/msgid/20230920123612.16914-3-pstann… [ fp: fix small conflict in header includes; take linux/errno.h as well ] Signed-off-by: Fedor Pchelkin <pchelkin(a)ispras.ru> --- s390 and x86_64 allmodconfig build passed. include/linux/string.h | 41 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) diff --git a/include/linux/string.h b/include/linux/string.h index 0cef345a6e87..cd8c007ad3be 100644 --- a/include/linux/string.h +++ b/include/linux/string.h @@ -5,6 +5,9 @@ #include <linux/compiler.h> /* for inline */ #include <linux/types.h> /* for size_t */ #include <linux/stddef.h> /* for NULL */ +#include <linux/err.h> /* for ERR_PTR() */ +#include <linux/errno.h> /* for E2BIG */ +#include <linux/overflow.h> /* for check_mul_overflow() */ #include <stdarg.h> #include <uapi/linux/string.h> @@ -13,6 +16,44 @@ extern void *memdup_user(const void __user *, size_t); extern void *vmemdup_user(const void __user *, size_t); extern void *memdup_user_nul(const void __user *, size_t); +/** + * memdup_array_user - duplicate array from user space + * @src: source address in user space + * @n: number of array members to copy + * @size: size of one array member + * + * Return: an ERR_PTR() on failure. Result is physically + * contiguous, to be freed by kfree(). + */ +static inline void *memdup_array_user(const void __user *src, size_t n, size_t size) +{ + size_t nbytes; + + if (check_mul_overflow(n, size, &nbytes)) + return ERR_PTR(-EOVERFLOW); + + return memdup_user(src, nbytes); +} + +/** + * vmemdup_array_user - duplicate array from user space + * @src: source address in user space + * @n: number of array members to copy + * @size: size of one array member + * + * Return: an ERR_PTR() on failure. Result may be not + * physically contiguous. Use kvfree() to free. + */ +static inline void *vmemdup_array_user(const void __user *src, size_t n, size_t size) +{ + size_t nbytes; + + if (check_mul_overflow(n, size, &nbytes)) + return ERR_PTR(-EOVERFLOW); + + return vmemdup_user(src, nbytes); +} + /* * Include machine specific inline routines */ -- 2.50.0

4 months, 2 weeks

1
1
0 0

[PATCH net v3 1/2] virtio-net: xsk: rx: fix the frame's length check

by Bui Quang Minh

When calling buf_to_xdp, the len argument is the frame data's length without virtio header's length (vi->hdr_len). We check that len with xsk_pool_get_rx_frame_size() + vi->hdr_len to ensure the provided len does not larger than the allocated chunk size. The additional vi->hdr_len is because in virtnet_add_recvbuf_xsk, we use part of XDP_PACKET_HEADROOM for virtio header and ask the vhost to start placing data from hard_start + XDP_PACKET_HEADROOM - vi->hdr_len not hard_start + XDP_PACKET_HEADROOM But the first buffer has virtio_header, so the maximum frame's length in the first buffer can only be xsk_pool_get_rx_frame_size() not xsk_pool_get_rx_frame_size() + vi->hdr_len like in the current check. This commit adds an additional argument to buf_to_xdp differentiate between the first buffer and other ones to correctly calculate the maximum frame's length. Cc: stable(a)vger.kernel.org Reviewed-by: Xuan Zhuo <xuanzhuo(a)linux.alibaba.com> Fixes: a4e7ba702701 ("virtio_net: xsk: rx: support recv small mode") Signed-off-by: Bui Quang Minh <minhquangbui99(a)gmail.com> --- drivers/net/virtio_net.c | 22 ++++++++++++++++++---- 1 file changed, 18 insertions(+), 4 deletions(-) diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c index e53ba600605a..1eb237cd5d0b 100644 --- a/drivers/net/virtio_net.c +++ b/drivers/net/virtio_net.c @@ -1127,15 +1127,29 @@ static void check_sq_full_and_disable(struct virtnet_info *vi, } } +/* Note that @len is the length of received data without virtio header */ static struct xdp_buff *buf_to_xdp(struct virtnet_info *vi, - struct receive_queue *rq, void *buf, u32 len) + struct receive_queue *rq, void *buf, + u32 len, bool first_buf) { struct xdp_buff *xdp; u32 bufsize; xdp = (struct xdp_buff *)buf; - bufsize = xsk_pool_get_rx_frame_size(rq->xsk_pool) + vi->hdr_len; + /* In virtnet_add_recvbuf_xsk, we use part of XDP_PACKET_HEADROOM for + * virtio header and ask the vhost to fill data from + * hard_start + XDP_PACKET_HEADROOM - vi->hdr_len + * The first buffer has virtio header so the remaining region for frame + * data is + * xsk_pool_get_rx_frame_size() + * While other buffers than the first one do not have virtio header, so + * the maximum frame data's length can be + * xsk_pool_get_rx_frame_size() + vi->hdr_len + */ + bufsize = xsk_pool_get_rx_frame_size(rq->xsk_pool); + if (!first_buf) + bufsize += vi->hdr_len; if (unlikely(len > bufsize)) { pr_debug("%s: rx error: len %u exceeds truesize %u\n", @@ -1260,7 +1274,7 @@ static int xsk_append_merge_buffer(struct virtnet_info *vi, u64_stats_add(&stats->bytes, len); - xdp = buf_to_xdp(vi, rq, buf, len); + xdp = buf_to_xdp(vi, rq, buf, len, false); if (!xdp) goto err; @@ -1358,7 +1372,7 @@ static void virtnet_receive_xsk_buf(struct virtnet_info *vi, struct receive_queu u64_stats_add(&stats->bytes, len); - xdp = buf_to_xdp(vi, rq, buf, len); + xdp = buf_to_xdp(vi, rq, buf, len, true); if (!xdp) return; -- 2.43.0

4 months, 2 weeks

1
0
0 0

[PATCH] ext4: fix JBD2 credit overflow with large folios

by Sasha Levin

When large folios are enabled, the blocks-per-folio calculation in ext4_da_writepages_trans_blocks() can overflow the journal transaction limits, causing the writeback path to fail with errors like: JBD2: kworker/u8:0 wants too many credits credits:416 rsv_credits:21 max:334 This occurs with small block sizes (1KB) and large folios (32MB), where the calculation results in 32768 blocks per folio. The transaction credit calculation then requests more credits than the journal can handle, leading to the following warning and writeback failure: WARNING: CPU: 1 PID: 43 at fs/jbd2/transaction.c:334 start_this_handle+0x4c0/0x4e0 EXT4-fs (loop0): ext4_do_writepages: jbd2_start: 9223372036854775807 pages, ino 14; err -28 Call trace leading to the issue: ext4_do_writepages() ext4_da_writepages_trans_blocks() bpp = ext4_journal_blocks_per_folio() // Returns 32768 for 32MB folio with 1KB blocks ext4_meta_trans_blocks(inode, MAX_WRITEPAGES_EXTENT_LEN + bpp - 1, bpp) // With bpp=32768, lblocks=34815, pextents=32768 // Returns credits=415, but with overhead becomes 416 > max 334 ext4_journal_start_with_reserve() jbd2_journal_start_reserved() start_this_handle() // Fails with warning when credits:416 > max:334 The issue was introduced by commit d6bf294773a47 ("ext4/jbd2: convert jbd2_journal_blocks_per_page() to support large folio"), which added support for large folios but didn't account for the journal credit limits. Fix this by capping the blocks-per-folio value at 8192 in the writeback path. This is the value we'd get with 32MB folios and 4KB blocks, or 8MB folios with 1KB blocks, which is reasonable and safe for typical journal configurations. Fixes: d6bf294773a4 ("ext4/jbd2: convert jbd2_journal_blocks_per_page() to support large folio") Cc: stable(a)vger.kernel.org Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- fs/ext4/inode.c | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c index be9a4cba35fd5..860e59a176c97 100644 --- a/fs/ext4/inode.c +++ b/fs/ext4/inode.c @@ -2070,6 +2070,14 @@ static int mpage_submit_folio(struct mpage_da_data *mpd, struct folio *folio) */ #define MAX_WRITEPAGES_EXTENT_LEN 2048 +/* + * Maximum blocks per folio to avoid JBD2 credit overflow. + * This is the value we'd get with 32MB folios and 4KB blocks, + * or 8MB folios with 1KB blocks, which is reasonable and safe + * for typical journal configurations. + */ +#define MAX_BLOCKS_PER_FOLIO_FOR_WRITEBACK 8192 + /* * mpage_add_bh_to_extent - try to add bh to extent of blocks to map * @@ -2481,6 +2489,18 @@ static int ext4_da_writepages_trans_blocks(struct inode *inode) { int bpp = ext4_journal_blocks_per_folio(inode); + /* + * With large folios, blocks per folio can get excessively large, + * especially with small block sizes. For example, with 32MB folios + * (order 11) and 1KB blocks, we get 32768 blocks per folio. This + * leads to credit requests that overflow the journal's transaction + * limit. + * + * Limit the value to avoid excessive credit requests. + */ + if (bpp > MAX_BLOCKS_PER_FOLIO_FOR_WRITEBACK) + bpp = MAX_BLOCKS_PER_FOLIO_FOR_WRITEBACK; + return ext4_meta_trans_blocks(inode, MAX_WRITEPAGES_EXTENT_LEN + bpp - 1, bpp); } @@ -2559,6 +2579,13 @@ static int mpage_prepare_extent_to_map(struct mpage_da_data *mpd) handle_t *handle = NULL; int bpp = ext4_journal_blocks_per_folio(mpd->inode); + /* + * With large folios, blocks per folio can get excessively large, + * especially with small block sizes. Cap it to avoid credit overflow. + */ + if (bpp > MAX_BLOCKS_PER_FOLIO_FOR_WRITEBACK) + bpp = MAX_BLOCKS_PER_FOLIO_FOR_WRITEBACK; + if (mpd->wbc->sync_mode == WB_SYNC_ALL || mpd->wbc->tagged_writepages) tag = PAGECACHE_TAG_TOWRITE; else @@ -6179,6 +6206,13 @@ int ext4_writepage_trans_blocks(struct inode *inode) int bpp = ext4_journal_blocks_per_folio(inode); int ret; + /* + * With large folios, blocks per folio can get excessively large, + * especially with small block sizes. Cap it to avoid credit overflow. + */ + if (bpp > MAX_BLOCKS_PER_FOLIO_FOR_WRITEBACK) + bpp = MAX_BLOCKS_PER_FOLIO_FOR_WRITEBACK; + ret = ext4_meta_trans_blocks(inode, bpp, bpp); /* Account for data blocks for journalled mode */ -- 2.39.5

4 months, 2 weeks

2
2
0 0

[PATCH v5 01/12] platform/x86/intel/pmt: fix a crashlog NULL pointer access

by Michael J. Ruhl

Usage of the intel_pmt_read() for binary sysfs, requires a pcidev. The current use of the endpoint value is only valid for telemetry endpoint usage. Without the ep, the crashlog usage causes the following NULL pointer exception: BUG: kernel NULL pointer dereference, address: 0000000000000000 Oops: Oops: 0000 [#1] SMP NOPTI RIP: 0010:intel_pmt_read+0x3b/0x70 [pmt_class] Code: Call Trace: <TASK> ? sysfs_kf_bin_read+0xc0/0xe0 kernfs_fop_read_iter+0xac/0x1a0 vfs_read+0x26d/0x350 ksys_read+0x6b/0xe0 __x64_sys_read+0x1d/0x30 x64_sys_call+0x1bc8/0x1d70 do_syscall_64+0x6d/0x110 Augment struct intel_pmt_entry with a pointer to the pcidev to avoid the NULL pointer exception. Reviewed-by: Tejas Upadhyay <tejas.upadhyay(a)intel.com> Fixes: 416eeb2e1fc7 ("platform/x86/intel/pmt: telemetry: Export API to read telemetry") Cc: <stable(a)vger.kernel.org> Signed-off-by: Michael J. Ruhl <michael.j.ruhl(a)intel.com> --- drivers/platform/x86/intel/pmt/class.c | 3 ++- drivers/platform/x86/intel/pmt/class.h | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/platform/x86/intel/pmt/class.c b/drivers/platform/x86/intel/pmt/class.c index 7233b654bbad..d046e8752173 100644 --- a/drivers/platform/x86/intel/pmt/class.c +++ b/drivers/platform/x86/intel/pmt/class.c @@ -97,7 +97,7 @@ intel_pmt_read(struct file *filp, struct kobject *kobj, if (count > entry->size - off) count = entry->size - off; - count = pmt_telem_read_mmio(entry->ep->pcidev, entry->cb, entry->header.guid, buf, + count = pmt_telem_read_mmio(entry->pcidev, entry->cb, entry->header.guid, buf, entry->base, off, count); return count; @@ -252,6 +252,7 @@ static int intel_pmt_populate_entry(struct intel_pmt_entry *entry, return -EINVAL; } + entry->pcidev = pci_dev; entry->guid = header->guid; entry->size = header->size; entry->cb = ivdev->priv_data; diff --git a/drivers/platform/x86/intel/pmt/class.h b/drivers/platform/x86/intel/pmt/class.h index b2006d57779d..f6ce80c4e051 100644 --- a/drivers/platform/x86/intel/pmt/class.h +++ b/drivers/platform/x86/intel/pmt/class.h @@ -39,6 +39,7 @@ struct intel_pmt_header { struct intel_pmt_entry { struct telem_endpoint *ep; + struct pci_dev *pcidev; struct intel_pmt_header header; struct bin_attribute pmt_bin_attr; struct kobject *kobj; -- 2.49.0

4 months, 2 weeks

3
2
0 0

[PATCH] obexd: reject to accept file when replying any error message

by Chengyi Zhao

For security reasons, it will reject the file when the obex agent replies with any error message, and accept the file when the obex agent replies with the new file name. --- obexd/src/manager.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/obexd/src/manager.c b/obexd/src/manager.c index 5a6fd9b4b..cecf9f90a 100644 --- a/obexd/src/manager.c +++ b/obexd/src/manager.c @@ -658,6 +658,8 @@ static void agent_reply(DBusPendingCall *call, void *user_data) agent->new_name = g_strdup(slash + 1); agent->new_folder = g_strndup(name, slash - name); } + + agent->auth_reject = FALSE; } dbus_message_unref(reply); @@ -703,7 +705,7 @@ int manager_request_authorization(struct obex_transfer *transfer, dbus_message_unref(msg); agent->auth_pending = TRUE; - agent->auth_reject = FALSE; + agent->auth_reject = TRUE; got_reply = FALSE; /* Catches errors before authorization response comes */ -- 2.20.1

4 months, 2 weeks

1
0
0 0

[PATCH net v3 2/3] net: wangxun: revert the adjustment of the IRQ vector sequence

by Jiawen Wu

Due to hardware limitations of NGBE, queue IRQs can only be requested on vector 0 to 7. When the number of queues is set to the maximum 8, the PCI IRQ vectors are allocated from 0 to 8. The vector 0 is used by MISC interrupt, and althrough the vector 8 is used by queue interrupt, it is unable to receive packets. This will cause some packets to be dropped when RSS is enabled and they are assigned to queue 8. So revert the adjustment of the MISC IRQ location, to make it be the last one in IRQ vectors. Fixes: 937d46ecc5f9 ("net: wangxun: add ethtool_ops for channel number") Cc: stable(a)vger.kernel.org Signed-off-by: Jiawen Wu <jiawenwu(a)trustnetic.com> --- drivers/net/ethernet/wangxun/libwx/wx_lib.c | 17 ++++++++--------- drivers/net/ethernet/wangxun/libwx/wx_type.h | 2 +- drivers/net/ethernet/wangxun/ngbe/ngbe_main.c | 2 +- drivers/net/ethernet/wangxun/ngbe/ngbe_type.h | 2 +- drivers/net/ethernet/wangxun/txgbe/txgbe_irq.c | 6 +++--- drivers/net/ethernet/wangxun/txgbe/txgbe_type.h | 4 ++-- 6 files changed, 16 insertions(+), 17 deletions(-) diff --git a/drivers/net/ethernet/wangxun/libwx/wx_lib.c b/drivers/net/ethernet/wangxun/libwx/wx_lib.c index 7f2e6cddfeb1..66eaf5446115 100644 --- a/drivers/net/ethernet/wangxun/libwx/wx_lib.c +++ b/drivers/net/ethernet/wangxun/libwx/wx_lib.c @@ -1746,7 +1746,7 @@ static void wx_set_num_queues(struct wx *wx) */ static int wx_acquire_msix_vectors(struct wx *wx) { - struct irq_affinity affd = { .pre_vectors = 1 }; + struct irq_affinity affd = { .post_vectors = 1 }; int nvecs, i; /* We start by asking for one vector per queue pair */ @@ -1783,16 +1783,17 @@ static int wx_acquire_msix_vectors(struct wx *wx) return nvecs; } - wx->msix_entry->entry = 0; - wx->msix_entry->vector = pci_irq_vector(wx->pdev, 0); nvecs -= 1; for (i = 0; i < nvecs; i++) { wx->msix_q_entries[i].entry = i; - wx->msix_q_entries[i].vector = pci_irq_vector(wx->pdev, i + 1); + wx->msix_q_entries[i].vector = pci_irq_vector(wx->pdev, i); } wx->num_q_vectors = nvecs; + wx->msix_entry->entry = nvecs; + wx->msix_entry->vector = pci_irq_vector(wx->pdev, nvecs); + return 0; } @@ -2299,8 +2300,6 @@ static void wx_set_ivar(struct wx *wx, s8 direction, wr32(wx, WX_PX_MISC_IVAR, ivar); } else { /* tx or rx causes */ - if (!(wx->mac.type == wx_mac_em && wx->num_vfs == 7)) - msix_vector += 1; /* offset for queue vectors */ msix_vector |= WX_PX_IVAR_ALLOC_VAL; index = ((16 * (queue & 1)) + (8 * direction)); ivar = rd32(wx, WX_PX_IVAR(queue >> 1)); @@ -2339,7 +2338,7 @@ void wx_write_eitr(struct wx_q_vector *q_vector) itr_reg |= WX_PX_ITR_CNT_WDIS; - wr32(wx, WX_PX_ITR(v_idx + 1), itr_reg); + wr32(wx, WX_PX_ITR(v_idx), itr_reg); } /** @@ -2392,9 +2391,9 @@ void wx_configure_vectors(struct wx *wx) wx_write_eitr(q_vector); } - wx_set_ivar(wx, -1, 0, 0); + wx_set_ivar(wx, -1, 0, v_idx); if (pdev->msix_enabled) - wr32(wx, WX_PX_ITR(0), 1950); + wr32(wx, WX_PX_ITR(v_idx), 1950); } EXPORT_SYMBOL(wx_configure_vectors); diff --git a/drivers/net/ethernet/wangxun/libwx/wx_type.h b/drivers/net/ethernet/wangxun/libwx/wx_type.h index 7730c9fc3e02..d392394791b3 100644 --- a/drivers/net/ethernet/wangxun/libwx/wx_type.h +++ b/drivers/net/ethernet/wangxun/libwx/wx_type.h @@ -1343,7 +1343,7 @@ struct wx { }; #define WX_INTR_ALL (~0ULL) -#define WX_INTR_Q(i) BIT((i) + 1) +#define WX_INTR_Q(i) BIT((i)) /* register operations */ #define wr32(a, reg, value) writel((value), ((a)->hw_addr + (reg))) diff --git a/drivers/net/ethernet/wangxun/ngbe/ngbe_main.c b/drivers/net/ethernet/wangxun/ngbe/ngbe_main.c index b5022c49dc5e..68415a7ef12f 100644 --- a/drivers/net/ethernet/wangxun/ngbe/ngbe_main.c +++ b/drivers/net/ethernet/wangxun/ngbe/ngbe_main.c @@ -161,7 +161,7 @@ static void ngbe_irq_enable(struct wx *wx, bool queues) if (queues) wx_intr_enable(wx, NGBE_INTR_ALL); else - wx_intr_enable(wx, NGBE_INTR_MISC); + wx_intr_enable(wx, NGBE_INTR_MISC(wx)); } /** diff --git a/drivers/net/ethernet/wangxun/ngbe/ngbe_type.h b/drivers/net/ethernet/wangxun/ngbe/ngbe_type.h index bb74263f0498..6eca6de475f7 100644 --- a/drivers/net/ethernet/wangxun/ngbe/ngbe_type.h +++ b/drivers/net/ethernet/wangxun/ngbe/ngbe_type.h @@ -87,7 +87,7 @@ #define NGBE_PX_MISC_IC_TIMESYNC BIT(11) /* time sync */ #define NGBE_INTR_ALL 0x1FF -#define NGBE_INTR_MISC BIT(0) +#define NGBE_INTR_MISC(A) BIT((A)->num_q_vectors) #define NGBE_PHY_CONFIG(reg_offset) (0x14000 + ((reg_offset) * 4)) #define NGBE_CFG_LAN_SPEED 0x14440 diff --git a/drivers/net/ethernet/wangxun/txgbe/txgbe_irq.c b/drivers/net/ethernet/wangxun/txgbe/txgbe_irq.c index dc468053bdf8..3885283681ec 100644 --- a/drivers/net/ethernet/wangxun/txgbe/txgbe_irq.c +++ b/drivers/net/ethernet/wangxun/txgbe/txgbe_irq.c @@ -31,7 +31,7 @@ void txgbe_irq_enable(struct wx *wx, bool queues) wr32(wx, WX_PX_MISC_IEN, misc_ien); /* unmask interrupt */ - wx_intr_enable(wx, TXGBE_INTR_MISC); + wx_intr_enable(wx, TXGBE_INTR_MISC(wx)); if (queues) wx_intr_enable(wx, TXGBE_INTR_QALL(wx)); } @@ -131,7 +131,7 @@ static irqreturn_t txgbe_misc_irq_handle(int irq, void *data) txgbe->eicr = eicr; if (eicr & TXGBE_PX_MISC_IC_VF_MBOX) { wx_msg_task(txgbe->wx); - wx_intr_enable(wx, TXGBE_INTR_MISC); + wx_intr_enable(wx, TXGBE_INTR_MISC(wx)); } return IRQ_WAKE_THREAD; } @@ -183,7 +183,7 @@ static irqreturn_t txgbe_misc_irq_thread_fn(int irq, void *data) nhandled++; } - wx_intr_enable(wx, TXGBE_INTR_MISC); + wx_intr_enable(wx, TXGBE_INTR_MISC(wx)); return (nhandled > 0 ? IRQ_HANDLED : IRQ_NONE); } diff --git a/drivers/net/ethernet/wangxun/txgbe/txgbe_type.h b/drivers/net/ethernet/wangxun/txgbe/txgbe_type.h index 42ec815159e8..41915d7dd372 100644 --- a/drivers/net/ethernet/wangxun/txgbe/txgbe_type.h +++ b/drivers/net/ethernet/wangxun/txgbe/txgbe_type.h @@ -302,8 +302,8 @@ struct txgbe_fdir_filter { #define TXGBE_DEFAULT_RX_WORK 128 #endif -#define TXGBE_INTR_MISC BIT(0) -#define TXGBE_INTR_QALL(A) GENMASK((A)->num_q_vectors, 1) +#define TXGBE_INTR_MISC(A) BIT((A)->num_q_vectors) +#define TXGBE_INTR_QALL(A) (TXGBE_INTR_MISC(A) - 1) #define TXGBE_MAX_EITR GENMASK(11, 3) -- 2.48.1

4 months, 2 weeks

2
1
0 0

[PATCH v2] wifi: wilc1000: Handle wilc_sdio_cmd52() failure in wilc_sdio_read_init()

by Wentao Liang

The wilc_sdio_read_init() calls wilc_sdio_cmd52() but does not check the return value. This could lead to execution with potentially invalid data if wilc_sdio_cmd52() fails. A proper implementation can be found in wilc_sdio_read_reg(). Add error handling for wilc_sdio_cmd52(). If wilc_sdio_cmd52() fails, log an error message via dev_err(). Fixes: eda308be643f ("staging: wilc1000: refactor interrupt handling for sdio") Cc: stable(a)vger.kernel.org # v5.7 Signed-off-by: Wentao Liang <vulab(a)iscas.ac.cn> --- v2: Fix code error. drivers/net/wireless/microchip/wilc1000/sdio.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/drivers/net/wireless/microchip/wilc1000/sdio.c b/drivers/net/wireless/microchip/wilc1000/sdio.c index 8ff49b08bbd2..e85aa5c605ef 100644 --- a/drivers/net/wireless/microchip/wilc1000/sdio.c +++ b/drivers/net/wireless/microchip/wilc1000/sdio.c @@ -808,6 +808,7 @@ static int wilc_sdio_read_int(struct wilc *wilc, u32 *int_status) u32 tmp; u8 irq_flags; struct sdio_cmd52 cmd; + int ret; wilc_sdio_read_size(wilc, &tmp); @@ -826,7 +827,12 @@ static int wilc_sdio_read_int(struct wilc *wilc, u32 *int_status) cmd.raw = 0; cmd.read_write = 0; cmd.data = 0; - wilc_sdio_cmd52(wilc, &cmd); + ret = wilc_sdio_cmd52(wilc, &cmd); + if (ret) { + dev_err(&func->dev, "Fail cmd 52, get IRQ register...\n"); + return ret; + } + irq_flags = cmd.data; if (sdio_priv->irq_gpio) -- 2.42.0.windows.2

4 months, 2 weeks

2
1
0 0

FAILED: patch "[PATCH] drm/amd/display: Fix AMDGPU_MAX_BL_LEVEL value" failed to apply to 6.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.15.y git checkout FETCH_HEAD git cherry-pick -x 66abb996999de0d440a02583a6e70c2c24deab45 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025063040-sanctity-jolly-859c@gregkh' --subject-prefix 'PATCH 6.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 66abb996999de0d440a02583a6e70c2c24deab45 Mon Sep 17 00:00:00 2001 From: Mario Limonciello <mario.limonciello(a)amd.com> Date: Mon, 23 Jun 2025 12:11:13 -0500 Subject: [PATCH] drm/amd/display: Fix AMDGPU_MAX_BL_LEVEL value [Why] commit 16dc8bc27c2a ("drm/amd/display: Export full brightness range to userspace") adjusted the brightness range to scale to larger values, but missed updating AMDGPU_MAX_BL_LEVEL which is needed to make sure that scaling works properly with custom brightness curves. [How] As the change for max brightness of 0xFFFF only applies to devices supporting DC, use existing DC define MAX_BACKLIGHT_LEVEL. Fixes: 16dc8bc27c2a ("drm/amd/display: Export full brightness range to userspace") Acked-by: Alex Deucher <alexander.deucher(a)amd.com> Link: https://lore.kernel.org/r/20250623171114.1156451-1-mario.limonciello@amd.com Signed-off-by: Mario Limonciello <mario.limonciello(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> (cherry picked from commit 5b852044eb0d3e1f1c946d32e05fcb068e0a20a0) Cc: stable(a)vger.kernel.org diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c index bc4cd11bfc79..0b8ac9edc070 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c @@ -4718,16 +4718,16 @@ static int get_brightness_range(const struct amdgpu_dm_backlight_caps *caps, return 1; } -/* Rescale from [min..max] to [0..AMDGPU_MAX_BL_LEVEL] */ +/* Rescale from [min..max] to [0..MAX_BACKLIGHT_LEVEL] */ static inline u32 scale_input_to_fw(int min, int max, u64 input) { - return DIV_ROUND_CLOSEST_ULL(input * AMDGPU_MAX_BL_LEVEL, max - min); + return DIV_ROUND_CLOSEST_ULL(input * MAX_BACKLIGHT_LEVEL, max - min); } -/* Rescale from [0..AMDGPU_MAX_BL_LEVEL] to [min..max] */ +/* Rescale from [0..MAX_BACKLIGHT_LEVEL] to [min..max] */ static inline u32 scale_fw_to_input(int min, int max, u64 input) { - return min + DIV_ROUND_CLOSEST_ULL(input * (max - min), AMDGPU_MAX_BL_LEVEL); + return min + DIV_ROUND_CLOSEST_ULL(input * (max - min), MAX_BACKLIGHT_LEVEL); } static void convert_custom_brightness(const struct amdgpu_dm_backlight_caps *caps, @@ -4947,7 +4947,7 @@ amdgpu_dm_register_backlight_device(struct amdgpu_dm_connector *aconnector) drm_dbg(drm, "Backlight caps: min: %d, max: %d, ac %d, dc %d\n", min, max, caps->ac_level, caps->dc_level); } else - props.brightness = props.max_brightness = AMDGPU_MAX_BL_LEVEL; + props.brightness = props.max_brightness = MAX_BACKLIGHT_LEVEL; if (caps->data_points && !(amdgpu_dc_debug_mask & DC_DISABLE_CUSTOM_BRIGHTNESS_CURVE)) drm_info(drm, "Using custom brightness curve\n");

4 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/amd/display: Export full brightness range to userspace" failed to apply to 6.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.15.y git checkout FETCH_HEAD git cherry-pick -x 16dc8bc27c2aa3c93905d3e885e27f1e3535f09a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025063030-pardon-shock-f4d7@gregkh' --subject-prefix 'PATCH 6.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 16dc8bc27c2aa3c93905d3e885e27f1e3535f09a Mon Sep 17 00:00:00 2001 From: Mario Limonciello <mario.limonciello(a)amd.com> Date: Thu, 29 May 2025 09:46:32 -0500 Subject: [PATCH] drm/amd/display: Export full brightness range to userspace [WHY] Userspace currently is offered a range from 0-0xFF but the PWM is programmed from 0-0xFFFF. This can be limiting to some software that wants to apply greater granularity. [HOW] Convert internally to firmware values only when mapping custom brightness curves because these are in 0-0xFF range. Advertise full PWM range to userspace. Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Reviewed-by: Roman Li <roman.li(a)amd.com> Signed-off-by: Mario Limonciello <mario.limonciello(a)amd.com> Signed-off-by: Alex Hung <alex.hung(a)amd.com> Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> (cherry picked from commit 8dbd72cb790058ce52279af38a43c2b302fdd3e5) Cc: stable(a)vger.kernel.org diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c index 0b5d5ab14a69..bc4cd11bfc79 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c @@ -4718,9 +4718,23 @@ static int get_brightness_range(const struct amdgpu_dm_backlight_caps *caps, return 1; } -static void convert_custom_brightness(const struct amdgpu_dm_backlight_caps *caps, - uint32_t *brightness) +/* Rescale from [min..max] to [0..AMDGPU_MAX_BL_LEVEL] */ +static inline u32 scale_input_to_fw(int min, int max, u64 input) { + return DIV_ROUND_CLOSEST_ULL(input * AMDGPU_MAX_BL_LEVEL, max - min); +} + +/* Rescale from [0..AMDGPU_MAX_BL_LEVEL] to [min..max] */ +static inline u32 scale_fw_to_input(int min, int max, u64 input) +{ + return min + DIV_ROUND_CLOSEST_ULL(input * (max - min), AMDGPU_MAX_BL_LEVEL); +} + +static void convert_custom_brightness(const struct amdgpu_dm_backlight_caps *caps, + unsigned int min, unsigned int max, + uint32_t *user_brightness) +{ + u32 brightness = scale_input_to_fw(min, max, *user_brightness); u8 prev_signal = 0, prev_lum = 0; int i = 0; @@ -4731,7 +4745,7 @@ static void convert_custom_brightness(const struct amdgpu_dm_backlight_caps *cap return; /* choose start to run less interpolation steps */ - if (caps->luminance_data[caps->data_points/2].input_signal > *brightness) + if (caps->luminance_data[caps->data_points/2].input_signal > brightness) i = caps->data_points/2; do { u8 signal = caps->luminance_data[i].input_signal; @@ -4742,17 +4756,18 @@ static void convert_custom_brightness(const struct amdgpu_dm_backlight_caps *cap * brightness < signal: interpolate between previous and current luminance numerator * brightness > signal: find next data point */ - if (*brightness > signal) { + if (brightness > signal) { prev_signal = signal; prev_lum = lum; i++; continue; } - if (*brightness < signal) + if (brightness < signal) lum = prev_lum + DIV_ROUND_CLOSEST((lum - prev_lum) * - (*brightness - prev_signal), + (brightness - prev_signal), signal - prev_signal); - *brightness = DIV_ROUND_CLOSEST(lum * *brightness, 101); + *user_brightness = scale_fw_to_input(min, max, + DIV_ROUND_CLOSEST(lum * brightness, 101)); return; } while (i < caps->data_points); } @@ -4765,11 +4780,10 @@ static u32 convert_brightness_from_user(const struct amdgpu_dm_backlight_caps *c if (!get_brightness_range(caps, &min, &max)) return brightness; - convert_custom_brightness(caps, &brightness); + convert_custom_brightness(caps, min, max, &brightness); - // Rescale 0..255 to min..max - return min + DIV_ROUND_CLOSEST((max - min) * brightness, - AMDGPU_MAX_BL_LEVEL); + // Rescale 0..max to min..max + return min + DIV_ROUND_CLOSEST_ULL((u64)(max - min) * brightness, max); } static u32 convert_brightness_to_user(const struct amdgpu_dm_backlight_caps *caps, @@ -4782,8 +4796,8 @@ static u32 convert_brightness_to_user(const struct amdgpu_dm_backlight_caps *cap if (brightness < min) return 0; - // Rescale min..max to 0..255 - return DIV_ROUND_CLOSEST(AMDGPU_MAX_BL_LEVEL * (brightness - min), + // Rescale min..max to 0..max + return DIV_ROUND_CLOSEST_ULL((u64)max * (brightness - min), max - min); } @@ -4933,11 +4947,10 @@ amdgpu_dm_register_backlight_device(struct amdgpu_dm_connector *aconnector) drm_dbg(drm, "Backlight caps: min: %d, max: %d, ac %d, dc %d\n", min, max, caps->ac_level, caps->dc_level); } else - props.brightness = AMDGPU_MAX_BL_LEVEL; + props.brightness = props.max_brightness = AMDGPU_MAX_BL_LEVEL; if (caps->data_points && !(amdgpu_dc_debug_mask & DC_DISABLE_CUSTOM_BRIGHTNESS_CURVE)) drm_info(drm, "Using custom brightness curve\n"); - props.max_brightness = AMDGPU_MAX_BL_LEVEL; props.type = BACKLIGHT_RAW; snprintf(bl_name, sizeof(bl_name), "amdgpu_bl%d",

4 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/amdgpu: Use logical instance ID for SDMA v4_4_2 queue" failed to apply to 6.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.15.y git checkout FETCH_HEAD git cherry-pick -x caade9d69f2e2b76d2e2d47089736a99135b8772 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025063013-outrank-ecology-3fc7@gregkh' --subject-prefix 'PATCH 6.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From caade9d69f2e2b76d2e2d47089736a99135b8772 Mon Sep 17 00:00:00 2001 From: Jesse Zhang <jesse.zhang(a)amd.com> Date: Wed, 11 Jun 2025 15:07:11 +0800 Subject: [PATCH] drm/amdgpu: Use logical instance ID for SDMA v4_4_2 queue operations Simplify SDMA v4_4_2 queue reset and stop operations by: 1. Removing GET_INST(SDMA0) conversion for ring->me 2. Using the logical instance ID (ring->me) directly 3. Maintaining consistent behavior with other SDMA queue operations This change aligns with the existing queue handling logic where ring->me already represents the correct instance identifier. Signed-off-by: Lijo Lazar <lijo.lazar(a)amd.com> Signed-off-by: Jesse Zhang <Jesse.Zhang(a)amd.com> Reviewed-by: Alex Deucher <alexander.deucher(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> (cherry picked from commit 3bab282dfe25dff7a55add432f56898505a6cc6c) Cc: stable(a)vger.kernel.org diff --git a/drivers/gpu/drm/amd/amdgpu/sdma_v4_4_2.c b/drivers/gpu/drm/amd/amdgpu/sdma_v4_4_2.c index 9c169112a5e7..3de125062ee3 100644 --- a/drivers/gpu/drm/amd/amdgpu/sdma_v4_4_2.c +++ b/drivers/gpu/drm/amd/amdgpu/sdma_v4_4_2.c @@ -1670,7 +1670,7 @@ static bool sdma_v4_4_2_page_ring_is_guilty(struct amdgpu_ring *ring) static int sdma_v4_4_2_reset_queue(struct amdgpu_ring *ring, unsigned int vmid) { struct amdgpu_device *adev = ring->adev; - u32 id = GET_INST(SDMA0, ring->me); + u32 id = ring->me; int r; if (!(adev->sdma.supported_reset & AMDGPU_RESET_TYPE_PER_QUEUE)) @@ -1686,7 +1686,7 @@ static int sdma_v4_4_2_reset_queue(struct amdgpu_ring *ring, unsigned int vmid) static int sdma_v4_4_2_stop_queue(struct amdgpu_ring *ring) { struct amdgpu_device *adev = ring->adev; - u32 instance_id = GET_INST(SDMA0, ring->me); + u32 instance_id = ring->me; u32 inst_mask; uint64_t rptr;

4 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/amd/display: Only read ACPI backlight caps once" failed to apply to 6.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.15.y git checkout FETCH_HEAD git cherry-pick -x ffcaed1d7ecef31198000dfbbea791f30f7ca437 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025063002-talcum-exclusion-49fc@gregkh' --subject-prefix 'PATCH 6.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ffcaed1d7ecef31198000dfbbea791f30f7ca437 Mon Sep 17 00:00:00 2001 From: Mario Limonciello <mario.limonciello(a)amd.com> Date: Thu, 29 May 2025 11:33:44 -0500 Subject: [PATCH] drm/amd/display: Only read ACPI backlight caps once [WHY] Backlight caps are read already in amdgpu_dm_update_backlight_caps(). They may be updated by update_connector_ext_caps(). Reading again when registering backlight device may cause wrong values to be used. [HOW] Use backlight caps already registered to the dm. Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Reviewed-by: Roman Li <roman.li(a)amd.com> Signed-off-by: Mario Limonciello <mario.limonciello(a)amd.com> Signed-off-by: Alex Hung <alex.hung(a)amd.com> Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> (cherry picked from commit 148144f6d2f14b02eaaa39b86bbe023cbff350bd) Cc: stable(a)vger.kernel.org diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c index d3100f641ac6..0b5d5ab14a69 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c @@ -4908,7 +4908,7 @@ amdgpu_dm_register_backlight_device(struct amdgpu_dm_connector *aconnector) struct drm_device *drm = aconnector->base.dev; struct amdgpu_display_manager *dm = &drm_to_adev(drm)->dm; struct backlight_properties props = { 0 }; - struct amdgpu_dm_backlight_caps caps = { 0 }; + struct amdgpu_dm_backlight_caps *caps; char bl_name[16]; int min, max; @@ -4922,20 +4922,20 @@ amdgpu_dm_register_backlight_device(struct amdgpu_dm_connector *aconnector) return; } - amdgpu_acpi_get_backlight_caps(&caps); - if (caps.caps_valid && get_brightness_range(&caps, &min, &max)) { + caps = &dm->backlight_caps[aconnector->bl_idx]; + if (get_brightness_range(caps, &min, &max)) { if (power_supply_is_system_supplied() > 0) - props.brightness = (max - min) * DIV_ROUND_CLOSEST(caps.ac_level, 100); + props.brightness = (max - min) * DIV_ROUND_CLOSEST(caps->ac_level, 100); else - props.brightness = (max - min) * DIV_ROUND_CLOSEST(caps.dc_level, 100); + props.brightness = (max - min) * DIV_ROUND_CLOSEST(caps->dc_level, 100); /* min is zero, so max needs to be adjusted */ props.max_brightness = max - min; drm_dbg(drm, "Backlight caps: min: %d, max: %d, ac %d, dc %d\n", min, max, - caps.ac_level, caps.dc_level); + caps->ac_level, caps->dc_level); } else props.brightness = AMDGPU_MAX_BL_LEVEL; - if (caps.data_points && !(amdgpu_dc_debug_mask & DC_DISABLE_CUSTOM_BRIGHTNESS_CURVE)) + if (caps->data_points && !(amdgpu_dc_debug_mask & DC_DISABLE_CUSTOM_BRIGHTNESS_CURVE)) drm_info(drm, "Using custom brightness curve\n"); props.max_brightness = AMDGPU_MAX_BL_LEVEL; props.type = BACKLIGHT_RAW;

4 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/amdgpu/mes: add missing locking in helper functions" failed to apply to 6.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.15.y git checkout FETCH_HEAD git cherry-pick -x 40f970ba7a4ab77be2ffe6d50a70416c8876496a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025063045-shrubs-unmanaged-5146@gregkh' --subject-prefix 'PATCH 6.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 40f970ba7a4ab77be2ffe6d50a70416c8876496a Mon Sep 17 00:00:00 2001 From: Alex Deucher <alexander.deucher(a)amd.com> Date: Mon, 19 May 2025 15:46:25 -0400 Subject: [PATCH] drm/amdgpu/mes: add missing locking in helper functions We need to take the MES lock. Reviewed-by: Michael Chen <michael.chen(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_mes.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_mes.c index 2febb63ab232..fe772c380120 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_mes.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_mes.c @@ -300,7 +300,9 @@ int amdgpu_mes_map_legacy_queue(struct amdgpu_device *adev, queue_input.mqd_addr = amdgpu_bo_gpu_offset(ring->mqd_obj); queue_input.wptr_addr = ring->wptr_gpu_addr; + amdgpu_mes_lock(&adev->mes); r = adev->mes.funcs->map_legacy_queue(&adev->mes, &queue_input); + amdgpu_mes_unlock(&adev->mes); if (r) DRM_ERROR("failed to map legacy queue\n"); @@ -323,7 +325,9 @@ int amdgpu_mes_unmap_legacy_queue(struct amdgpu_device *adev, queue_input.trail_fence_addr = gpu_addr; queue_input.trail_fence_data = seq; + amdgpu_mes_lock(&adev->mes); r = adev->mes.funcs->unmap_legacy_queue(&adev->mes, &queue_input); + amdgpu_mes_unlock(&adev->mes); if (r) DRM_ERROR("failed to unmap legacy queue\n"); @@ -353,7 +357,9 @@ int amdgpu_mes_reset_legacy_queue(struct amdgpu_device *adev, if (ring->funcs->type == AMDGPU_RING_TYPE_GFX) queue_input.legacy_gfx = true; + amdgpu_mes_lock(&adev->mes); r = adev->mes.funcs->reset_hw_queue(&adev->mes, &queue_input); + amdgpu_mes_unlock(&adev->mes); if (r) DRM_ERROR("failed to reset legacy queue\n"); @@ -383,7 +389,9 @@ uint32_t amdgpu_mes_rreg(struct amdgpu_device *adev, uint32_t reg) goto error; } + amdgpu_mes_lock(&adev->mes); r = adev->mes.funcs->misc_op(&adev->mes, &op_input); + amdgpu_mes_unlock(&adev->mes); if (r) dev_err(adev->dev, "failed to read reg (0x%x)\n", reg); else @@ -411,7 +419,9 @@ int amdgpu_mes_wreg(struct amdgpu_device *adev, goto error; } + amdgpu_mes_lock(&adev->mes); r = adev->mes.funcs->misc_op(&adev->mes, &op_input); + amdgpu_mes_unlock(&adev->mes); if (r) dev_err(adev->dev, "failed to write reg (0x%x)\n", reg); @@ -438,7 +448,9 @@ int amdgpu_mes_reg_write_reg_wait(struct amdgpu_device *adev, goto error; } + amdgpu_mes_lock(&adev->mes); r = adev->mes.funcs->misc_op(&adev->mes, &op_input); + amdgpu_mes_unlock(&adev->mes); if (r) dev_err(adev->dev, "failed to reg_write_reg_wait\n"); @@ -463,7 +475,9 @@ int amdgpu_mes_reg_wait(struct amdgpu_device *adev, uint32_t reg, goto error; } + amdgpu_mes_lock(&adev->mes); r = adev->mes.funcs->misc_op(&adev->mes, &op_input); + amdgpu_mes_unlock(&adev->mes); if (r) dev_err(adev->dev, "failed to reg_write_reg_wait\n"); @@ -694,7 +708,9 @@ static int amdgpu_mes_set_enforce_isolation(struct amdgpu_device *adev, goto error; } + amdgpu_mes_lock(&adev->mes); r = adev->mes.funcs->misc_op(&adev->mes, &op_input); + amdgpu_mes_unlock(&adev->mes); if (r) dev_err(adev->dev, "failed to change_config.\n");

4 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/amd/display: Get LTTPR IEEE OUI/Device ID From Closest" failed to apply to 6.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.15.y git checkout FETCH_HEAD git cherry-pick -x d358a51444c88bcc995e471dc8cc840f19e4b374 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025063005-crop-granular-c1cb@gregkh' --subject-prefix 'PATCH 6.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d358a51444c88bcc995e471dc8cc840f19e4b374 Mon Sep 17 00:00:00 2001 From: Michael Strauss <michael.strauss(a)amd.com> Date: Wed, 26 Feb 2025 10:03:48 -0500 Subject: [PATCH] drm/amd/display: Get LTTPR IEEE OUI/Device ID From Closest LTTPR To Host [WHY] These fields are read for the explicit purpose of detecting embedded LTTPRs (i.e. between host ASIC and the user-facing port), and thus need to calculate the correct DPCD address offset based on LTTPR count to target the appropriate LTTPR's DPCD register space with these queries. [HOW] Cascaded LTTPRs in a link each snoop and increment LTTPR count when queried via DPCD read, so an LTTPR embedded in a source device (e.g. USB4 port on a laptop) will always be addressible using the max LTTPR count seen by the host. Therefore we simply need to use a recently added helper function to calculate the correct DPCD address to target potentially embedded LTTPRs based on the received LTTPR count. Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Reviewed-by: Wenjing Liu <wenjing.liu(a)amd.com> Signed-off-by: Michael Strauss <michael.strauss(a)amd.com> Signed-off-by: Alex Hung <alex.hung(a)amd.com> Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> (cherry picked from commit 791897f5c77a2a65d0e500be4743af2ddf6eb061) Cc: stable(a)vger.kernel.org diff --git a/drivers/gpu/drm/amd/display/dc/dc_dp_types.h b/drivers/gpu/drm/amd/display/dc/dc_dp_types.h index 0bad8304ccf6..d346f8ae1634 100644 --- a/drivers/gpu/drm/amd/display/dc/dc_dp_types.h +++ b/drivers/gpu/drm/amd/display/dc/dc_dp_types.h @@ -1172,8 +1172,8 @@ struct dc_lttpr_caps { union dp_128b_132b_supported_lttpr_link_rates supported_128b_132b_rates; union dp_alpm_lttpr_cap alpm; uint8_t aux_rd_interval[MAX_REPEATER_CNT - 1]; - uint8_t lttpr_ieee_oui[3]; - uint8_t lttpr_device_id[6]; + uint8_t lttpr_ieee_oui[3]; // Always read from closest LTTPR to host + uint8_t lttpr_device_id[6]; // Always read from closest LTTPR to host }; struct dc_dongle_dfp_cap_ext { diff --git a/drivers/gpu/drm/amd/display/dc/link/protocols/link_dp_capability.c b/drivers/gpu/drm/amd/display/dc/link/protocols/link_dp_capability.c index a5127c2d47ef..0f965380a9b4 100644 --- a/drivers/gpu/drm/amd/display/dc/link/protocols/link_dp_capability.c +++ b/drivers/gpu/drm/amd/display/dc/link/protocols/link_dp_capability.c @@ -385,9 +385,15 @@ bool dp_is_128b_132b_signal(struct pipe_ctx *pipe_ctx) bool dp_is_lttpr_present(struct dc_link *link) { /* Some sink devices report invalid LTTPR revision, so don't validate against that cap */ - return (dp_parse_lttpr_repeater_count(link->dpcd_caps.lttpr_caps.phy_repeater_cnt) != 0 && + uint32_t lttpr_count = dp_parse_lttpr_repeater_count(link->dpcd_caps.lttpr_caps.phy_repeater_cnt); + bool is_lttpr_present = (lttpr_count > 0 && link->dpcd_caps.lttpr_caps.max_lane_count > 0 && link->dpcd_caps.lttpr_caps.max_lane_count <= 4); + + if (lttpr_count > 0 && !is_lttpr_present) + DC_LOG_ERROR("LTTPR count is nonzero but invalid lane count reported. Assuming no LTTPR present.\n"); + + return is_lttpr_present; } /* in DP compliance test, DPR-120 may have @@ -1551,6 +1557,8 @@ enum dc_status dp_retrieve_lttpr_cap(struct dc_link *link) uint8_t lttpr_dpcd_data[10] = {0}; enum dc_status status; bool is_lttpr_present; + uint32_t lttpr_count; + uint32_t closest_lttpr_offset; /* Logic to determine LTTPR support*/ bool vbios_lttpr_interop = link->dc->caps.vbios_lttpr_aware; @@ -1602,20 +1610,22 @@ enum dc_status dp_retrieve_lttpr_cap(struct dc_link *link) lttpr_dpcd_data[DP_LTTPR_ALPM_CAPABILITIES - DP_LT_TUNABLE_PHY_REPEATER_FIELD_DATA_STRUCTURE_REV]; + lttpr_count = dp_parse_lttpr_repeater_count(link->dpcd_caps.lttpr_caps.phy_repeater_cnt); + /* If this chip cap is set, at least one retimer must exist in the chain * Override count to 1 if we receive a known bad count (0 or an invalid value) */ if (((link->chip_caps & AMD_EXT_DISPLAY_PATH_CAPS__EXT_CHIP_MASK) == AMD_EXT_DISPLAY_PATH_CAPS__DP_FIXED_VS_EN) && - (dp_parse_lttpr_repeater_count(link->dpcd_caps.lttpr_caps.phy_repeater_cnt) == 0)) { + lttpr_count == 0) { /* If you see this message consistently, either the host platform has FIXED_VS flag * incorrectly configured or the sink device is returning an invalid count. */ DC_LOG_ERROR("lttpr_caps phy_repeater_cnt is 0x%x, forcing it to 0x80.", link->dpcd_caps.lttpr_caps.phy_repeater_cnt); link->dpcd_caps.lttpr_caps.phy_repeater_cnt = 0x80; + lttpr_count = 1; DC_LOG_DC("lttpr_caps forced phy_repeater_cnt = %d\n", link->dpcd_caps.lttpr_caps.phy_repeater_cnt); } - /* Attempt to train in LTTPR transparent mode if repeater count exceeds 8. */ is_lttpr_present = dp_is_lttpr_present(link); DC_LOG_DC("is_lttpr_present = %d\n", is_lttpr_present); @@ -1623,11 +1633,25 @@ enum dc_status dp_retrieve_lttpr_cap(struct dc_link *link) if (is_lttpr_present) { CONN_DATA_DETECT(link, lttpr_dpcd_data, sizeof(lttpr_dpcd_data), "LTTPR Caps: "); - core_link_read_dpcd(link, DP_LTTPR_IEEE_OUI, link->dpcd_caps.lttpr_caps.lttpr_ieee_oui, sizeof(link->dpcd_caps.lttpr_caps.lttpr_ieee_oui)); - CONN_DATA_DETECT(link, link->dpcd_caps.lttpr_caps.lttpr_ieee_oui, sizeof(link->dpcd_caps.lttpr_caps.lttpr_ieee_oui), "LTTPR IEEE OUI: "); + // Identify closest LTTPR to determine if workarounds required for known embedded LTTPR + closest_lttpr_offset = dp_get_closest_lttpr_offset(lttpr_count); - core_link_read_dpcd(link, DP_LTTPR_DEVICE_ID, link->dpcd_caps.lttpr_caps.lttpr_device_id, sizeof(link->dpcd_caps.lttpr_caps.lttpr_device_id)); - CONN_DATA_DETECT(link, link->dpcd_caps.lttpr_caps.lttpr_device_id, sizeof(link->dpcd_caps.lttpr_caps.lttpr_device_id), "LTTPR Device ID: "); + core_link_read_dpcd(link, (DP_LTTPR_IEEE_OUI + closest_lttpr_offset), + link->dpcd_caps.lttpr_caps.lttpr_ieee_oui, sizeof(link->dpcd_caps.lttpr_caps.lttpr_ieee_oui)); + core_link_read_dpcd(link, (DP_LTTPR_DEVICE_ID + closest_lttpr_offset), + link->dpcd_caps.lttpr_caps.lttpr_device_id, sizeof(link->dpcd_caps.lttpr_caps.lttpr_device_id)); + + if (lttpr_count > 1) { + CONN_DATA_DETECT(link, link->dpcd_caps.lttpr_caps.lttpr_ieee_oui, sizeof(link->dpcd_caps.lttpr_caps.lttpr_ieee_oui), + "Closest LTTPR To Host's IEEE OUI: "); + CONN_DATA_DETECT(link, link->dpcd_caps.lttpr_caps.lttpr_device_id, sizeof(link->dpcd_caps.lttpr_caps.lttpr_device_id), + "Closest LTTPR To Host's LTTPR Device ID: "); + } else { + CONN_DATA_DETECT(link, link->dpcd_caps.lttpr_caps.lttpr_ieee_oui, sizeof(link->dpcd_caps.lttpr_caps.lttpr_ieee_oui), + "LTTPR IEEE OUI: "); + CONN_DATA_DETECT(link, link->dpcd_caps.lttpr_caps.lttpr_device_id, sizeof(link->dpcd_caps.lttpr_caps.lttpr_device_id), + "LTTPR Device ID: "); + } } return status;

4 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/i915/dp_mst: Work around Thunderbolt sink disconnect" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 9cb15478916e849d62a6ec44b10c593b9663328c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025063026-urgent-bladder-604a@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 9cb15478916e849d62a6ec44b10c593b9663328c Mon Sep 17 00:00:00 2001 From: Imre Deak <imre.deak(a)intel.com> Date: Mon, 19 May 2025 16:34:17 +0300 Subject: [PATCH] drm/i915/dp_mst: Work around Thunderbolt sink disconnect after SINK_COUNT_ESI read Due to a problem in the iTBT DP-in adapter's firmware the sink on a TBT link may get disconnected inadvertently if the SINK_COUNT_ESI and the DP_LINK_SERVICE_IRQ_VECTOR_ESI0 registers are read in a single AUX transaction. Work around the issue by reading these registers in separate transactions. The issue affects MTL+ platforms and will be fixed in the DP-in adapter firmware, however releasing that firmware fix may take some time and is not guaranteed to be available for all systems. Based on this apply the workaround on affected platforms. See HSD #13013007775. v2: Cc'ing Mika Westerberg. Closes: https://gitlab.freedesktop.org/drm/i915/kernel/-/issues/13760 Closes: https://gitlab.freedesktop.org/drm/i915/kernel/-/issues/14147 Cc: Mika Westerberg <mika.westerberg(a)linux.intel.com> Cc: stable(a)vger.kernel.org Reviewed-by: Mika Westerberg <mika.westerberg(a)linux.intel.com> Signed-off-by: Imre Deak <imre.deak(a)intel.com> Link: https://lore.kernel.org/r/20250519133417.1469181-1-imre.deak@intel.com (cherry picked from commit c3a48363cf1f76147088b1adb518136ac5df86a0) Signed-off-by: Joonas Lahtinen <joonas.lahtinen(a)linux.intel.com> diff --git a/drivers/gpu/drm/i915/display/intel_dp.c b/drivers/gpu/drm/i915/display/intel_dp.c index ad1e4fc9c7fe..640c43bf62d4 100644 --- a/drivers/gpu/drm/i915/display/intel_dp.c +++ b/drivers/gpu/drm/i915/display/intel_dp.c @@ -4532,6 +4532,23 @@ intel_dp_mst_disconnect(struct intel_dp *intel_dp) static bool intel_dp_get_sink_irq_esi(struct intel_dp *intel_dp, u8 *esi) { + struct intel_display *display = to_intel_display(intel_dp); + + /* + * Display WA for HSD #13013007775: mtl/arl/lnl + * Read the sink count and link service IRQ registers in separate + * transactions to prevent disconnecting the sink on a TBT link + * inadvertently. + */ + if (IS_DISPLAY_VER(display, 14, 20) && !display->platform.battlemage) { + if (drm_dp_dpcd_read(&intel_dp->aux, DP_SINK_COUNT_ESI, esi, 3) != 3) + return false; + + /* DP_SINK_COUNT_ESI + 3 == DP_LINK_SERVICE_IRQ_VECTOR_ESI0 */ + return drm_dp_dpcd_readb(&intel_dp->aux, DP_LINK_SERVICE_IRQ_VECTOR_ESI0, + &esi[3]) == 1; + } + return drm_dp_dpcd_read(&intel_dp->aux, DP_SINK_COUNT_ESI, esi, 4) == 4; }

4 months, 2 weeks

1
0
0 0

[PATCH v4] ASoC: fsl_sai: Force a software reset when starting in consumer mode

by Arun Raghavan

From: Arun Raghavan <arun(a)asymptotic.io> On an imx8mm platform with an external clock provider, when running the receiver (arecord) and triggering an xrun with xrun_injection, we see a channel swap/offset. This happens sometimes when running only the receiver, but occurs reliably if a transmitter (aplay) is also concurrently running. It seems that the SAI loses track of frame sync during the trigger stop -> trigger start cycle that occurs during an xrun. Doing just a FIFO reset in this case does not suffice, and only a software reset seems to get it back on track. This looks like the same h/w bug that is already handled for the producer case, so we now do the reset unconditionally on config disable. Signed-off-by: Arun Raghavan <arun(a)asymptotic.io> Reported-by: Pieterjan Camerlynck <p.camerlynck(a)televic.com> Fixes: 3e3f8bd56955 ("ASoC: fsl_sai: fix no frame clk in master mode") Cc: stable(a)vger.kernel.org --- v4 - Add Fixes and cc stable v3 - Incorporate feedback from Shengjiu Wang to consolidate with the existing handling of this issue in producer mode v2 (no longer relevant) - Address build warning from kernel test robot sound/soc/fsl/fsl_sai.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/sound/soc/fsl/fsl_sai.c b/sound/soc/fsl/fsl_sai.c index af1a168d35e3..50af6b725670 100644 --- a/sound/soc/fsl/fsl_sai.c +++ b/sound/soc/fsl/fsl_sai.c @@ -803,13 +803,15 @@ static void fsl_sai_config_disable(struct fsl_sai *sai, int dir) * anymore. Add software reset to fix this issue. * This is a hardware bug, and will be fix in the * next sai version. + * + * In consumer mode, this can happen even after a + * single open/close, especially if both tx and rx + * are running concurrently. */ - if (!sai->is_consumer_mode[tx]) { - /* Software Reset */ - regmap_write(sai->regmap, FSL_SAI_xCSR(tx, ofs), FSL_SAI_CSR_SR); - /* Clear SR bit to finish the reset */ - regmap_write(sai->regmap, FSL_SAI_xCSR(tx, ofs), 0); - } + /* Software Reset */ + regmap_write(sai->regmap, FSL_SAI_xCSR(tx, ofs), FSL_SAI_CSR_SR); + /* Clear SR bit to finish the reset */ + regmap_write(sai->regmap, FSL_SAI_xCSR(tx, ofs), 0); } static int fsl_sai_trigger(struct snd_pcm_substream *substream, int cmd, -- 2.49.0

4 months, 2 weeks

4
3
0 0

FAILED: patch "[PATCH] drm/i915/dp_mst: Work around Thunderbolt sink disconnect" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 9cb15478916e849d62a6ec44b10c593b9663328c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025063042-aviation-smelting-90dd@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 9cb15478916e849d62a6ec44b10c593b9663328c Mon Sep 17 00:00:00 2001 From: Imre Deak <imre.deak(a)intel.com> Date: Mon, 19 May 2025 16:34:17 +0300 Subject: [PATCH] drm/i915/dp_mst: Work around Thunderbolt sink disconnect after SINK_COUNT_ESI read Due to a problem in the iTBT DP-in adapter's firmware the sink on a TBT link may get disconnected inadvertently if the SINK_COUNT_ESI and the DP_LINK_SERVICE_IRQ_VECTOR_ESI0 registers are read in a single AUX transaction. Work around the issue by reading these registers in separate transactions. The issue affects MTL+ platforms and will be fixed in the DP-in adapter firmware, however releasing that firmware fix may take some time and is not guaranteed to be available for all systems. Based on this apply the workaround on affected platforms. See HSD #13013007775. v2: Cc'ing Mika Westerberg. Closes: https://gitlab.freedesktop.org/drm/i915/kernel/-/issues/13760 Closes: https://gitlab.freedesktop.org/drm/i915/kernel/-/issues/14147 Cc: Mika Westerberg <mika.westerberg(a)linux.intel.com> Cc: stable(a)vger.kernel.org Reviewed-by: Mika Westerberg <mika.westerberg(a)linux.intel.com> Signed-off-by: Imre Deak <imre.deak(a)intel.com> Link: https://lore.kernel.org/r/20250519133417.1469181-1-imre.deak@intel.com (cherry picked from commit c3a48363cf1f76147088b1adb518136ac5df86a0) Signed-off-by: Joonas Lahtinen <joonas.lahtinen(a)linux.intel.com> diff --git a/drivers/gpu/drm/i915/display/intel_dp.c b/drivers/gpu/drm/i915/display/intel_dp.c index ad1e4fc9c7fe..640c43bf62d4 100644 --- a/drivers/gpu/drm/i915/display/intel_dp.c +++ b/drivers/gpu/drm/i915/display/intel_dp.c @@ -4532,6 +4532,23 @@ intel_dp_mst_disconnect(struct intel_dp *intel_dp) static bool intel_dp_get_sink_irq_esi(struct intel_dp *intel_dp, u8 *esi) { + struct intel_display *display = to_intel_display(intel_dp); + + /* + * Display WA for HSD #13013007775: mtl/arl/lnl + * Read the sink count and link service IRQ registers in separate + * transactions to prevent disconnecting the sink on a TBT link + * inadvertently. + */ + if (IS_DISPLAY_VER(display, 14, 20) && !display->platform.battlemage) { + if (drm_dp_dpcd_read(&intel_dp->aux, DP_SINK_COUNT_ESI, esi, 3) != 3) + return false; + + /* DP_SINK_COUNT_ESI + 3 == DP_LINK_SERVICE_IRQ_VECTOR_ESI0 */ + return drm_dp_dpcd_readb(&intel_dp->aux, DP_LINK_SERVICE_IRQ_VECTOR_ESI0, + &esi[3]) == 1; + } + return drm_dp_dpcd_read(&intel_dp->aux, DP_SINK_COUNT_ESI, esi, 4) == 4; }

4 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/i915/dp_mst: Work around Thunderbolt sink disconnect" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 9cb15478916e849d62a6ec44b10c593b9663328c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025063007-january-unworldly-01d5@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 9cb15478916e849d62a6ec44b10c593b9663328c Mon Sep 17 00:00:00 2001 From: Imre Deak <imre.deak(a)intel.com> Date: Mon, 19 May 2025 16:34:17 +0300 Subject: [PATCH] drm/i915/dp_mst: Work around Thunderbolt sink disconnect after SINK_COUNT_ESI read Due to a problem in the iTBT DP-in adapter's firmware the sink on a TBT link may get disconnected inadvertently if the SINK_COUNT_ESI and the DP_LINK_SERVICE_IRQ_VECTOR_ESI0 registers are read in a single AUX transaction. Work around the issue by reading these registers in separate transactions. The issue affects MTL+ platforms and will be fixed in the DP-in adapter firmware, however releasing that firmware fix may take some time and is not guaranteed to be available for all systems. Based on this apply the workaround on affected platforms. See HSD #13013007775. v2: Cc'ing Mika Westerberg. Closes: https://gitlab.freedesktop.org/drm/i915/kernel/-/issues/13760 Closes: https://gitlab.freedesktop.org/drm/i915/kernel/-/issues/14147 Cc: Mika Westerberg <mika.westerberg(a)linux.intel.com> Cc: stable(a)vger.kernel.org Reviewed-by: Mika Westerberg <mika.westerberg(a)linux.intel.com> Signed-off-by: Imre Deak <imre.deak(a)intel.com> Link: https://lore.kernel.org/r/20250519133417.1469181-1-imre.deak@intel.com (cherry picked from commit c3a48363cf1f76147088b1adb518136ac5df86a0) Signed-off-by: Joonas Lahtinen <joonas.lahtinen(a)linux.intel.com> diff --git a/drivers/gpu/drm/i915/display/intel_dp.c b/drivers/gpu/drm/i915/display/intel_dp.c index ad1e4fc9c7fe..640c43bf62d4 100644 --- a/drivers/gpu/drm/i915/display/intel_dp.c +++ b/drivers/gpu/drm/i915/display/intel_dp.c @@ -4532,6 +4532,23 @@ intel_dp_mst_disconnect(struct intel_dp *intel_dp) static bool intel_dp_get_sink_irq_esi(struct intel_dp *intel_dp, u8 *esi) { + struct intel_display *display = to_intel_display(intel_dp); + + /* + * Display WA for HSD #13013007775: mtl/arl/lnl + * Read the sink count and link service IRQ registers in separate + * transactions to prevent disconnecting the sink on a TBT link + * inadvertently. + */ + if (IS_DISPLAY_VER(display, 14, 20) && !display->platform.battlemage) { + if (drm_dp_dpcd_read(&intel_dp->aux, DP_SINK_COUNT_ESI, esi, 3) != 3) + return false; + + /* DP_SINK_COUNT_ESI + 3 == DP_LINK_SERVICE_IRQ_VECTOR_ESI0 */ + return drm_dp_dpcd_readb(&intel_dp->aux, DP_LINK_SERVICE_IRQ_VECTOR_ESI0, + &esi[3]) == 1; + } + return drm_dp_dpcd_read(&intel_dp->aux, DP_SINK_COUNT_ESI, esi, 4) == 4; }

4 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/amd/display: Add null pointer check for" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x c3e9826a22027a21d998d3e64882fa377b613006 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025063028-crayon-registry-8ae0@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c3e9826a22027a21d998d3e64882fa377b613006 Mon Sep 17 00:00:00 2001 From: Wentao Liang <vulab(a)iscas.ac.cn> Date: Mon, 26 May 2025 10:37:31 +0800 Subject: [PATCH] drm/amd/display: Add null pointer check for get_first_active_display() The function mod_hdcp_hdcp1_enable_encryption() calls the function get_first_active_display(), but does not check its return value. The return value is a null pointer if the display list is empty. This will lead to a null pointer dereference in mod_hdcp_hdcp2_enable_encryption(). Add a null pointer check for get_first_active_display() and return MOD_HDCP_STATUS_DISPLAY_NOT_FOUND if the function return null. Fixes: 2deade5ede56 ("drm/amd/display: Remove hdcp display state with mst fix") Signed-off-by: Wentao Liang <vulab(a)iscas.ac.cn> Reviewed-by: Alex Hung <alex.hung(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org # v5.8 diff --git a/drivers/gpu/drm/amd/display/modules/hdcp/hdcp_psp.c b/drivers/gpu/drm/amd/display/modules/hdcp/hdcp_psp.c index 8c137d7c032e..e58e7b93810b 100644 --- a/drivers/gpu/drm/amd/display/modules/hdcp/hdcp_psp.c +++ b/drivers/gpu/drm/amd/display/modules/hdcp/hdcp_psp.c @@ -368,6 +368,9 @@ enum mod_hdcp_status mod_hdcp_hdcp1_enable_encryption(struct mod_hdcp *hdcp) struct mod_hdcp_display *display = get_first_active_display(hdcp); enum mod_hdcp_status status = MOD_HDCP_STATUS_SUCCESS; + if (!display) + return MOD_HDCP_STATUS_DISPLAY_NOT_FOUND; + mutex_lock(&psp->hdcp_context.mutex); hdcp_cmd = (struct ta_hdcp_shared_memory *)psp->hdcp_context.context.mem_context.shared_buf; memset(hdcp_cmd, 0, sizeof(struct ta_hdcp_shared_memory));

4 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/bridge: cdns-dsi: Wait for Clk and Data Lanes to be ready" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 47c03e6660e96cbba0239125b1d4a9db3c724b1d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025063019-deceiving-cubicle-a65e@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 47c03e6660e96cbba0239125b1d4a9db3c724b1d Mon Sep 17 00:00:00 2001 From: Aradhya Bhatia <a-bhatia1(a)ti.com> Date: Sat, 29 Mar 2025 17:09:16 +0530 Subject: [PATCH] drm/bridge: cdns-dsi: Wait for Clk and Data Lanes to be ready Once the DSI Link and DSI Phy are initialized, the code needs to wait for Clk and Data Lanes to be ready, before continuing configuration. This is in accordance with the DSI Start-up procedure, found in the Technical Reference Manual of Texas Instrument's J721E SoC[0] which houses this DSI TX controller. If the previous bridge (or crtc/encoder) are configured pre-maturely, the input signal FIFO gets corrupt. This introduces a color-shift on the display. Allow the driver to wait for the clk and data lanes to get ready during DSI enable. [0]: See section 12.6.5.7.3 "Start-up Procedure" in J721E SoC TRM TRM Link: http://www.ti.com/lit/pdf/spruil1 Fixes: e19233955d9e ("drm/bridge: Add Cadence DSI driver") Cc: stable(a)vger.kernel.org Tested-by: Dominik Haller <d.haller(a)phytec.de> Reviewed-by: Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> Tested-by: Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> Signed-off-by: Aradhya Bhatia <a-bhatia1(a)ti.com> Signed-off-by: Aradhya Bhatia <aradhya.bhatia(a)linux.dev> Link: https://lore.kernel.org/r/20250329113925.68204-6-aradhya.bhatia@linux.dev Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov(a)oss.qualcomm.com> diff --git a/drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c b/drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c index 741d676b8266..93c3d5f1651d 100644 --- a/drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c +++ b/drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c @@ -776,7 +776,7 @@ static void cdns_dsi_bridge_atomic_enable(struct drm_bridge *bridge, struct drm_connector *connector; unsigned long tx_byte_period; struct cdns_dsi_cfg dsi_cfg; - u32 tmp, reg_wakeup, div; + u32 tmp, reg_wakeup, div, status; int nlanes; if (WARN_ON(pm_runtime_get_sync(dsi->base.dev) < 0)) @@ -796,6 +796,19 @@ static void cdns_dsi_bridge_atomic_enable(struct drm_bridge *bridge, cdns_dsi_hs_init(dsi); cdns_dsi_init_link(dsi); + /* + * Now that the DSI Link and DSI Phy are initialized, + * wait for the CLK and Data Lanes to be ready. + */ + tmp = CLK_LANE_RDY; + for (int i = 0; i < nlanes; i++) + tmp |= DATA_LANE_RDY(i); + + if (readl_poll_timeout(dsi->regs + MCTL_MAIN_STS, status, + (tmp == (status & tmp)), 100, 500000)) + dev_err(dsi->base.dev, + "Timed Out: DSI-DPhy Clock and Data Lanes not ready.\n"); + writel(HBP_LEN(dsi_cfg.hbp) | HSA_LEN(dsi_cfg.hsa), dsi->regs + VID_HSIZE1); writel(HFP_LEN(dsi_cfg.hfp) | HACT_LEN(dsi_cfg.hact),

4 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/bridge: cdns-dsi: Fix phy de-init and flag it so" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x fd2611c13f69cbbc6b81d9fc7502abf4f7031d21 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025063040-crablike-endorse-741f@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From fd2611c13f69cbbc6b81d9fc7502abf4f7031d21 Mon Sep 17 00:00:00 2001 From: Aradhya Bhatia <a-bhatia1(a)ti.com> Date: Sat, 29 Mar 2025 17:09:13 +0530 Subject: [PATCH] drm/bridge: cdns-dsi: Fix phy de-init and flag it so The driver code doesn't have a Phy de-initialization path as yet, and so it does not clear the phy_initialized flag while suspending. This is a problem because after resume the driver looks at this flag to determine if a Phy re-initialization is required or not. It is in fact required because the hardware is resuming from a suspend, but the driver does not carry out any re-initialization causing the D-Phy to not work at all. Call the counterparts of phy_init() and phy_power_on(), that are phy_exit() and phy_power_off(), from _bridge_post_disable(), and clear the flags so that the Phy can be initialized again when required. Fixes: fced5a364dee ("drm/bridge: cdns: Convert to phy framework") Cc: stable(a)vger.kernel.org Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Reviewed-by: Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> Tested-by: Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> Signed-off-by: Aradhya Bhatia <a-bhatia1(a)ti.com> Signed-off-by: Aradhya Bhatia <aradhya.bhatia(a)linux.dev> Link: https://lore.kernel.org/r/20250329113925.68204-3-aradhya.bhatia@linux.dev Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov(a)oss.qualcomm.com> diff --git a/drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c b/drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c index 1cfe17865b06..3b15528713fe 100644 --- a/drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c +++ b/drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c @@ -683,6 +683,11 @@ static void cdns_dsi_bridge_atomic_post_disable(struct drm_bridge *bridge, struct cdns_dsi_input *input = bridge_to_cdns_dsi_input(bridge); struct cdns_dsi *dsi = input_to_dsi(input); + dsi->phy_initialized = false; + dsi->link_initialized = false; + phy_power_off(dsi->dphy); + phy_exit(dsi->dphy); + pm_runtime_put(dsi->base.dev); } @@ -1166,7 +1171,6 @@ static int __maybe_unused cdns_dsi_suspend(struct device *dev) clk_disable_unprepare(dsi->dsi_sys_clk); clk_disable_unprepare(dsi->dsi_p_clk); reset_control_assert(dsi->dsi_p_rst); - dsi->link_initialized = false; return 0; }

4 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/bridge: cdns-dsi: Fix phy de-init and flag it so" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x fd2611c13f69cbbc6b81d9fc7502abf4f7031d21 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025063039-tidiness-cuddly-578d@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From fd2611c13f69cbbc6b81d9fc7502abf4f7031d21 Mon Sep 17 00:00:00 2001 From: Aradhya Bhatia <a-bhatia1(a)ti.com> Date: Sat, 29 Mar 2025 17:09:13 +0530 Subject: [PATCH] drm/bridge: cdns-dsi: Fix phy de-init and flag it so The driver code doesn't have a Phy de-initialization path as yet, and so it does not clear the phy_initialized flag while suspending. This is a problem because after resume the driver looks at this flag to determine if a Phy re-initialization is required or not. It is in fact required because the hardware is resuming from a suspend, but the driver does not carry out any re-initialization causing the D-Phy to not work at all. Call the counterparts of phy_init() and phy_power_on(), that are phy_exit() and phy_power_off(), from _bridge_post_disable(), and clear the flags so that the Phy can be initialized again when required. Fixes: fced5a364dee ("drm/bridge: cdns: Convert to phy framework") Cc: stable(a)vger.kernel.org Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Reviewed-by: Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> Tested-by: Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> Signed-off-by: Aradhya Bhatia <a-bhatia1(a)ti.com> Signed-off-by: Aradhya Bhatia <aradhya.bhatia(a)linux.dev> Link: https://lore.kernel.org/r/20250329113925.68204-3-aradhya.bhatia@linux.dev Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov(a)oss.qualcomm.com> diff --git a/drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c b/drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c index 1cfe17865b06..3b15528713fe 100644 --- a/drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c +++ b/drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c @@ -683,6 +683,11 @@ static void cdns_dsi_bridge_atomic_post_disable(struct drm_bridge *bridge, struct cdns_dsi_input *input = bridge_to_cdns_dsi_input(bridge); struct cdns_dsi *dsi = input_to_dsi(input); + dsi->phy_initialized = false; + dsi->link_initialized = false; + phy_power_off(dsi->dphy); + phy_exit(dsi->dphy); + pm_runtime_put(dsi->base.dev); } @@ -1166,7 +1171,6 @@ static int __maybe_unused cdns_dsi_suspend(struct device *dev) clk_disable_unprepare(dsi->dsi_sys_clk); clk_disable_unprepare(dsi->dsi_p_clk); reset_control_assert(dsi->dsi_p_rst); - dsi->link_initialized = false; return 0; }

4 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/bridge: cdns-dsi: Fix phy de-init and flag it so" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x fd2611c13f69cbbc6b81d9fc7502abf4f7031d21 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025063039-bladder-suitor-bfad@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From fd2611c13f69cbbc6b81d9fc7502abf4f7031d21 Mon Sep 17 00:00:00 2001 From: Aradhya Bhatia <a-bhatia1(a)ti.com> Date: Sat, 29 Mar 2025 17:09:13 +0530 Subject: [PATCH] drm/bridge: cdns-dsi: Fix phy de-init and flag it so The driver code doesn't have a Phy de-initialization path as yet, and so it does not clear the phy_initialized flag while suspending. This is a problem because after resume the driver looks at this flag to determine if a Phy re-initialization is required or not. It is in fact required because the hardware is resuming from a suspend, but the driver does not carry out any re-initialization causing the D-Phy to not work at all. Call the counterparts of phy_init() and phy_power_on(), that are phy_exit() and phy_power_off(), from _bridge_post_disable(), and clear the flags so that the Phy can be initialized again when required. Fixes: fced5a364dee ("drm/bridge: cdns: Convert to phy framework") Cc: stable(a)vger.kernel.org Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Reviewed-by: Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> Tested-by: Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> Signed-off-by: Aradhya Bhatia <a-bhatia1(a)ti.com> Signed-off-by: Aradhya Bhatia <aradhya.bhatia(a)linux.dev> Link: https://lore.kernel.org/r/20250329113925.68204-3-aradhya.bhatia@linux.dev Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov(a)oss.qualcomm.com> diff --git a/drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c b/drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c index 1cfe17865b06..3b15528713fe 100644 --- a/drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c +++ b/drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c @@ -683,6 +683,11 @@ static void cdns_dsi_bridge_atomic_post_disable(struct drm_bridge *bridge, struct cdns_dsi_input *input = bridge_to_cdns_dsi_input(bridge); struct cdns_dsi *dsi = input_to_dsi(input); + dsi->phy_initialized = false; + dsi->link_initialized = false; + phy_power_off(dsi->dphy); + phy_exit(dsi->dphy); + pm_runtime_put(dsi->base.dev); } @@ -1166,7 +1171,6 @@ static int __maybe_unused cdns_dsi_suspend(struct device *dev) clk_disable_unprepare(dsi->dsi_sys_clk); clk_disable_unprepare(dsi->dsi_p_clk); reset_control_assert(dsi->dsi_p_rst); - dsi->link_initialized = false; return 0; }

4 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] selinux: change security_compute_sid to return the ssid or" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x fde46f60f6c5138ee422087addbc5bf5b4968bf1 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025063004-landslide-grinning-5ff4@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From fde46f60f6c5138ee422087addbc5bf5b4968bf1 Mon Sep 17 00:00:00 2001 From: Stephen Smalley <stephen.smalley.work(a)gmail.com> Date: Tue, 10 Jun 2025 15:48:27 -0400 Subject: [PATCH] selinux: change security_compute_sid to return the ssid or tsid on match If the end result of a security_compute_sid() computation matches the ssid or tsid, return that SID rather than looking it up again. This avoids the problem of multiple initial SIDs that map to the same context. Cc: stable(a)vger.kernel.org Reported-by: Guido Trentalancia <guido(a)trentalancia.com> Fixes: ae254858ce07 ("selinux: introduce an initial SID for early boot processes") Signed-off-by: Stephen Smalley <stephen.smalley.work(a)gmail.com> Tested-by: Guido Trentalancia <guido(a)trentalancia.com> Signed-off-by: Paul Moore <paul(a)paul-moore.com> diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index 7becf3808818..d185754c2786 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c @@ -1909,11 +1909,17 @@ static int security_compute_sid(u32 ssid, goto out_unlock; } /* Obtain the sid for the context. */ - rc = sidtab_context_to_sid(sidtab, &newcontext, out_sid); - if (rc == -ESTALE) { - rcu_read_unlock(); - context_destroy(&newcontext); - goto retry; + if (context_equal(scontext, &newcontext)) + *out_sid = ssid; + else if (context_equal(tcontext, &newcontext)) + *out_sid = tsid; + else { + rc = sidtab_context_to_sid(sidtab, &newcontext, out_sid); + if (rc == -ESTALE) { + rcu_read_unlock(); + context_destroy(&newcontext); + goto retry; + } } out_unlock: rcu_read_unlock();

4 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] s390/pkey: Prevent overflow in size calculation for" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 7360ee47599af91a1d5f4e74d635d9408a54e489 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062906-tightwad-overvalue-2006@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 7360ee47599af91a1d5f4e74d635d9408a54e489 Mon Sep 17 00:00:00 2001 From: Fedor Pchelkin <pchelkin(a)ispras.ru> Date: Wed, 11 Jun 2025 22:20:10 +0300 Subject: [PATCH] s390/pkey: Prevent overflow in size calculation for memdup_user() Number of apqn target list entries contained in 'nr_apqns' variable is determined by userspace via an ioctl call so the result of the product in calculation of size passed to memdup_user() may overflow. In this case the actual size of the allocated area and the value describing it won't be in sync leading to various types of unpredictable behaviour later. Use a proper memdup_array_user() helper which returns an error if an overflow is detected. Note that it is different from when nr_apqns is initially zero - that case is considered valid and should be handled in subsequent pkey_handler implementations. Found by Linux Verification Center (linuxtesting.org). Fixes: f2bbc96e7cfa ("s390/pkey: add CCA AES cipher key support") Cc: stable(a)vger.kernel.org Signed-off-by: Fedor Pchelkin <pchelkin(a)ispras.ru> Reviewed-by: Holger Dengler <dengler(a)linux.ibm.com> Reviewed-by: Heiko Carstens <hca(a)linux.ibm.com> Link: https://lore.kernel.org/r/20250611192011.206057-1-pchelkin@ispras.ru Signed-off-by: Alexander Gordeev <agordeev(a)linux.ibm.com> diff --git a/drivers/s390/crypto/pkey_api.c b/drivers/s390/crypto/pkey_api.c index cef60770f68b..b3fcdcae379e 100644 --- a/drivers/s390/crypto/pkey_api.c +++ b/drivers/s390/crypto/pkey_api.c @@ -86,7 +86,7 @@ static void *_copy_apqns_from_user(void __user *uapqns, size_t nr_apqns) if (!uapqns || nr_apqns == 0) return NULL; - return memdup_user(uapqns, nr_apqns * sizeof(struct pkey_apqn)); + return memdup_array_user(uapqns, nr_apqns, sizeof(struct pkey_apqn)); } static int pkey_ioctl_genseck(struct pkey_genseck __user *ugs)

4 months, 2 weeks

2
1
0 0

[PATCH 0/3] arm64: dts: rockchip: Fix HDMI output on RK3576

by Cristian Ciocaltea

Since commit c871a311edf0 ("phy: rockchip: samsung-hdptx: Setup TMDS char rate via phy_configure_opts_hdmi"), the workaround of passing the PHY rate from DW HDMI QP bridge driver via phy_set_bus_width() became partially broken, unless the rate adjustment is done as with RK3588, i.e. by CCF from VOP2. Attempting to fix this up at PHY level would not only introduce additional hacks, but it would also fail to adequately resolve the display issues that are a consequence of the system CRU limitations. Therefore, let's proceed with the solution already implemented for RK3588, that is to make use of the HDMI PHY PLL as a more accurate DCLK source in VOP2. It's worth noting a follow-up patch is going to drop the hack from the bridge driver altogether, while switching to HDMI PHY configuration API for setting up the TMDS character rate. Signed-off-by: Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> --- Cristian Ciocaltea (3): dt-bindings: display: vop2: Add optional PLL clock property for rk3576 arm64: dts: rockchip: Enable HDMI PHY clk provider on rk3576 arm64: dts: rockchip: Add HDMI PHY PLL clock source to VOP2 on rk3576 .../bindings/display/rockchip/rockchip-vop2.yaml | 56 +++++++++++++++++----- arch/arm64/boot/dts/rockchip/rk3576.dtsi | 7 ++- 2 files changed, 49 insertions(+), 14 deletions(-) --- base-commit: 19272b37aa4f83ca52bdf9c16d5d81bdd1354494 change-id: 20250611-rk3576-hdmitx-fix-e030fbdb0d17

4 months, 2 weeks

6
12
0 0

FAILED: patch "[PATCH] drm/tegra: Fix a possible null pointer dereference" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 780351a5f61416ed2ba1199cc57e4a076fca644d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025063053-vastness-consuming-8fce@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 780351a5f61416ed2ba1199cc57e4a076fca644d Mon Sep 17 00:00:00 2001 From: Qiu-ji Chen <chenqiuji666(a)gmail.com> Date: Wed, 6 Nov 2024 17:59:06 +0800 Subject: [PATCH] drm/tegra: Fix a possible null pointer dereference In tegra_crtc_reset(), new memory is allocated with kzalloc(), but no check is performed. Before calling __drm_atomic_helper_crtc_reset, state should be checked to prevent possible null pointer dereference. Fixes: b7e0b04ae450 ("drm/tegra: Convert to using __drm_atomic_helper_crtc_reset() for reset.") Cc: stable(a)vger.kernel.org Signed-off-by: Qiu-ji Chen <chenqiuji666(a)gmail.com> Signed-off-by: Thierry Reding <treding(a)nvidia.com> Link: https://lore.kernel.org/r/20241106095906.15247-1-chenqiuji666@gmail.com diff --git a/drivers/gpu/drm/tegra/dc.c b/drivers/gpu/drm/tegra/dc.c index 56f12dbcee3e..59d5c1ba145a 100644 --- a/drivers/gpu/drm/tegra/dc.c +++ b/drivers/gpu/drm/tegra/dc.c @@ -1393,7 +1393,10 @@ static void tegra_crtc_reset(struct drm_crtc *crtc) if (crtc->state) tegra_crtc_atomic_destroy_state(crtc, crtc->state); - __drm_atomic_helper_crtc_reset(crtc, &state->base); + if (state) + __drm_atomic_helper_crtc_reset(crtc, &state->base); + else + __drm_atomic_helper_crtc_reset(crtc, NULL); } static struct drm_crtc_state *

4 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/cirrus-qemu: Fix pitch programming" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 4bfb389a0136a13f0802eeb5e97a0e76d88f77ae # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025063024-nibble-exit-e642@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 4bfb389a0136a13f0802eeb5e97a0e76d88f77ae Mon Sep 17 00:00:00 2001 From: Thomas Zimmermann <tzimmermann(a)suse.de> Date: Fri, 28 Mar 2025 10:17:05 +0100 Subject: [PATCH] drm/cirrus-qemu: Fix pitch programming Do not set CR1B[6] when programming the pitch. The bit effects VGA text mode and is not interpreted by qemu. [1] It has no affect on the scanline pitch. The scanline bit that is set into CR1B[6] belongs into CR13[7], which the driver sets up correctly. This bug goes back to the driver's initial commit. Signed-off-by: Thomas Zimmermann <tzimmermann(a)suse.de> Acked-by: Gerd Hoffmann <kraxel(a)redhat.com> Link: https://gitlab.com/qemu-project/qemu/-/blob/stable-9.2/hw/display/cirrus_vg… # 1 Fixes: f9aa76a85248 ("drm/kms: driver for virtual cirrus under qemu") Cc: Adam Jackson <ajax(a)redhat.com> Cc: Dave Airlie <airlied(a)redhat.com> Cc: Maarten Lankhorst <maarten.lankhorst(a)linux.intel.com> Cc: Maxime Ripard <mripard(a)kernel.org> Cc: Thomas Zimmermann <tzimmermann(a)suse.de> Cc: <stable(a)vger.kernel.org> # v3.5+ Link: https://lore.kernel.org/r/20250328091821.195061-2-tzimmermann@suse.de diff --git a/drivers/gpu/drm/tiny/cirrus-qemu.c b/drivers/gpu/drm/tiny/cirrus-qemu.c index 52ec1e4ea9e5..a00d3b7ded6c 100644 --- a/drivers/gpu/drm/tiny/cirrus-qemu.c +++ b/drivers/gpu/drm/tiny/cirrus-qemu.c @@ -318,7 +318,6 @@ static void cirrus_pitch_set(struct cirrus_device *cirrus, unsigned int pitch) /* Enable extended blanking and pitch bits, and enable full memory */ cr1b = 0x22; cr1b |= (pitch >> 7) & 0x10; - cr1b |= (pitch >> 6) & 0x40; wreg_crt(cirrus, 0x1b, cr1b); cirrus_set_start_address(cirrus, 0);

4 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/cirrus-qemu: Fix pitch programming" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 4bfb389a0136a13f0802eeb5e97a0e76d88f77ae # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025063024-sighing-rascal-cce8@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 4bfb389a0136a13f0802eeb5e97a0e76d88f77ae Mon Sep 17 00:00:00 2001 From: Thomas Zimmermann <tzimmermann(a)suse.de> Date: Fri, 28 Mar 2025 10:17:05 +0100 Subject: [PATCH] drm/cirrus-qemu: Fix pitch programming Do not set CR1B[6] when programming the pitch. The bit effects VGA text mode and is not interpreted by qemu. [1] It has no affect on the scanline pitch. The scanline bit that is set into CR1B[6] belongs into CR13[7], which the driver sets up correctly. This bug goes back to the driver's initial commit. Signed-off-by: Thomas Zimmermann <tzimmermann(a)suse.de> Acked-by: Gerd Hoffmann <kraxel(a)redhat.com> Link: https://gitlab.com/qemu-project/qemu/-/blob/stable-9.2/hw/display/cirrus_vg… # 1 Fixes: f9aa76a85248 ("drm/kms: driver for virtual cirrus under qemu") Cc: Adam Jackson <ajax(a)redhat.com> Cc: Dave Airlie <airlied(a)redhat.com> Cc: Maarten Lankhorst <maarten.lankhorst(a)linux.intel.com> Cc: Maxime Ripard <mripard(a)kernel.org> Cc: Thomas Zimmermann <tzimmermann(a)suse.de> Cc: <stable(a)vger.kernel.org> # v3.5+ Link: https://lore.kernel.org/r/20250328091821.195061-2-tzimmermann@suse.de diff --git a/drivers/gpu/drm/tiny/cirrus-qemu.c b/drivers/gpu/drm/tiny/cirrus-qemu.c index 52ec1e4ea9e5..a00d3b7ded6c 100644 --- a/drivers/gpu/drm/tiny/cirrus-qemu.c +++ b/drivers/gpu/drm/tiny/cirrus-qemu.c @@ -318,7 +318,6 @@ static void cirrus_pitch_set(struct cirrus_device *cirrus, unsigned int pitch) /* Enable extended blanking and pitch bits, and enable full memory */ cr1b = 0x22; cr1b |= (pitch >> 7) & 0x10; - cr1b |= (pitch >> 6) & 0x40; wreg_crt(cirrus, 0x1b, cr1b); cirrus_set_start_address(cirrus, 0);

4 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/cirrus-qemu: Fix pitch programming" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 4bfb389a0136a13f0802eeb5e97a0e76d88f77ae # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025063023-underfoot-alright-f57c@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 4bfb389a0136a13f0802eeb5e97a0e76d88f77ae Mon Sep 17 00:00:00 2001 From: Thomas Zimmermann <tzimmermann(a)suse.de> Date: Fri, 28 Mar 2025 10:17:05 +0100 Subject: [PATCH] drm/cirrus-qemu: Fix pitch programming Do not set CR1B[6] when programming the pitch. The bit effects VGA text mode and is not interpreted by qemu. [1] It has no affect on the scanline pitch. The scanline bit that is set into CR1B[6] belongs into CR13[7], which the driver sets up correctly. This bug goes back to the driver's initial commit. Signed-off-by: Thomas Zimmermann <tzimmermann(a)suse.de> Acked-by: Gerd Hoffmann <kraxel(a)redhat.com> Link: https://gitlab.com/qemu-project/qemu/-/blob/stable-9.2/hw/display/cirrus_vg… # 1 Fixes: f9aa76a85248 ("drm/kms: driver for virtual cirrus under qemu") Cc: Adam Jackson <ajax(a)redhat.com> Cc: Dave Airlie <airlied(a)redhat.com> Cc: Maarten Lankhorst <maarten.lankhorst(a)linux.intel.com> Cc: Maxime Ripard <mripard(a)kernel.org> Cc: Thomas Zimmermann <tzimmermann(a)suse.de> Cc: <stable(a)vger.kernel.org> # v3.5+ Link: https://lore.kernel.org/r/20250328091821.195061-2-tzimmermann@suse.de diff --git a/drivers/gpu/drm/tiny/cirrus-qemu.c b/drivers/gpu/drm/tiny/cirrus-qemu.c index 52ec1e4ea9e5..a00d3b7ded6c 100644 --- a/drivers/gpu/drm/tiny/cirrus-qemu.c +++ b/drivers/gpu/drm/tiny/cirrus-qemu.c @@ -318,7 +318,6 @@ static void cirrus_pitch_set(struct cirrus_device *cirrus, unsigned int pitch) /* Enable extended blanking and pitch bits, and enable full memory */ cr1b = 0x22; cr1b |= (pitch >> 7) & 0x10; - cr1b |= (pitch >> 6) & 0x40; wreg_crt(cirrus, 0x1b, cr1b); cirrus_set_start_address(cirrus, 0);

4 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/cirrus-qemu: Fix pitch programming" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 4bfb389a0136a13f0802eeb5e97a0e76d88f77ae # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025063022-scrap-uncured-d6c9@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 4bfb389a0136a13f0802eeb5e97a0e76d88f77ae Mon Sep 17 00:00:00 2001 From: Thomas Zimmermann <tzimmermann(a)suse.de> Date: Fri, 28 Mar 2025 10:17:05 +0100 Subject: [PATCH] drm/cirrus-qemu: Fix pitch programming Do not set CR1B[6] when programming the pitch. The bit effects VGA text mode and is not interpreted by qemu. [1] It has no affect on the scanline pitch. The scanline bit that is set into CR1B[6] belongs into CR13[7], which the driver sets up correctly. This bug goes back to the driver's initial commit. Signed-off-by: Thomas Zimmermann <tzimmermann(a)suse.de> Acked-by: Gerd Hoffmann <kraxel(a)redhat.com> Link: https://gitlab.com/qemu-project/qemu/-/blob/stable-9.2/hw/display/cirrus_vg… # 1 Fixes: f9aa76a85248 ("drm/kms: driver for virtual cirrus under qemu") Cc: Adam Jackson <ajax(a)redhat.com> Cc: Dave Airlie <airlied(a)redhat.com> Cc: Maarten Lankhorst <maarten.lankhorst(a)linux.intel.com> Cc: Maxime Ripard <mripard(a)kernel.org> Cc: Thomas Zimmermann <tzimmermann(a)suse.de> Cc: <stable(a)vger.kernel.org> # v3.5+ Link: https://lore.kernel.org/r/20250328091821.195061-2-tzimmermann@suse.de diff --git a/drivers/gpu/drm/tiny/cirrus-qemu.c b/drivers/gpu/drm/tiny/cirrus-qemu.c index 52ec1e4ea9e5..a00d3b7ded6c 100644 --- a/drivers/gpu/drm/tiny/cirrus-qemu.c +++ b/drivers/gpu/drm/tiny/cirrus-qemu.c @@ -318,7 +318,6 @@ static void cirrus_pitch_set(struct cirrus_device *cirrus, unsigned int pitch) /* Enable extended blanking and pitch bits, and enable full memory */ cr1b = 0x22; cr1b |= (pitch >> 7) & 0x10; - cr1b |= (pitch >> 6) & 0x40; wreg_crt(cirrus, 0x1b, cr1b); cirrus_set_start_address(cirrus, 0);

4 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] scsi: ufs: core: Fix clk scaling to be conditional in reset" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 2e083cd802294693a5414e4557a183dd7e442e71 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025063005-groggily-acid-85ff@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 2e083cd802294693a5414e4557a183dd7e442e71 Mon Sep 17 00:00:00 2001 From: anvithdosapati <anvithdosapati(a)google.com> Date: Mon, 16 Jun 2025 08:57:34 +0000 Subject: [PATCH] scsi: ufs: core: Fix clk scaling to be conditional in reset and restore In ufshcd_host_reset_and_restore(), scale up clocks only when clock scaling is supported. Without this change CPU latency is voted for 0 (ufshcd_pm_qos_update) during resume unconditionally. Signed-off-by: anvithdosapati <anvithdosapati(a)google.com> Link: https://lore.kernel.org/r/20250616085734.2133581-1-anvithdosapati@google.com Fixes: a3cd5ec55f6c ("scsi: ufs: add load based scaling of UFS gear") Cc: stable(a)vger.kernel.org Reviewed-by: Bart Van Assche <bvanassche(a)acm.org> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> diff --git a/drivers/ufs/core/ufshcd.c b/drivers/ufs/core/ufshcd.c index f62d89c8e580..50adfb8b335b 100644 --- a/drivers/ufs/core/ufshcd.c +++ b/drivers/ufs/core/ufshcd.c @@ -7807,7 +7807,8 @@ static int ufshcd_host_reset_and_restore(struct ufs_hba *hba) hba->silence_err_logs = false; /* scale up clocks to max frequency before full reinitialization */ - ufshcd_scale_clks(hba, ULONG_MAX, true); + if (ufshcd_is_clkscaling_supported(hba)) + ufshcd_scale_clks(hba, ULONG_MAX, true); err = ufshcd_hba_enable(hba);

4 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] scsi: ufs: core: Fix clk scaling to be conditional in reset" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 2e083cd802294693a5414e4557a183dd7e442e71 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025063003-boring-overdraft-ac97@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 2e083cd802294693a5414e4557a183dd7e442e71 Mon Sep 17 00:00:00 2001 From: anvithdosapati <anvithdosapati(a)google.com> Date: Mon, 16 Jun 2025 08:57:34 +0000 Subject: [PATCH] scsi: ufs: core: Fix clk scaling to be conditional in reset and restore In ufshcd_host_reset_and_restore(), scale up clocks only when clock scaling is supported. Without this change CPU latency is voted for 0 (ufshcd_pm_qos_update) during resume unconditionally. Signed-off-by: anvithdosapati <anvithdosapati(a)google.com> Link: https://lore.kernel.org/r/20250616085734.2133581-1-anvithdosapati@google.com Fixes: a3cd5ec55f6c ("scsi: ufs: add load based scaling of UFS gear") Cc: stable(a)vger.kernel.org Reviewed-by: Bart Van Assche <bvanassche(a)acm.org> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> diff --git a/drivers/ufs/core/ufshcd.c b/drivers/ufs/core/ufshcd.c index f62d89c8e580..50adfb8b335b 100644 --- a/drivers/ufs/core/ufshcd.c +++ b/drivers/ufs/core/ufshcd.c @@ -7807,7 +7807,8 @@ static int ufshcd_host_reset_and_restore(struct ufs_hba *hba) hba->silence_err_logs = false; /* scale up clocks to max frequency before full reinitialization */ - ufshcd_scale_clks(hba, ULONG_MAX, true); + if (ufshcd_is_clkscaling_supported(hba)) + ufshcd_scale_clks(hba, ULONG_MAX, true); err = ufshcd_hba_enable(hba);

4 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] scsi: ufs: core: Fix clk scaling to be conditional in reset" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 2e083cd802294693a5414e4557a183dd7e442e71 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025063004-kinetic-implosive-0499@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 2e083cd802294693a5414e4557a183dd7e442e71 Mon Sep 17 00:00:00 2001 From: anvithdosapati <anvithdosapati(a)google.com> Date: Mon, 16 Jun 2025 08:57:34 +0000 Subject: [PATCH] scsi: ufs: core: Fix clk scaling to be conditional in reset and restore In ufshcd_host_reset_and_restore(), scale up clocks only when clock scaling is supported. Without this change CPU latency is voted for 0 (ufshcd_pm_qos_update) during resume unconditionally. Signed-off-by: anvithdosapati <anvithdosapati(a)google.com> Link: https://lore.kernel.org/r/20250616085734.2133581-1-anvithdosapati@google.com Fixes: a3cd5ec55f6c ("scsi: ufs: add load based scaling of UFS gear") Cc: stable(a)vger.kernel.org Reviewed-by: Bart Van Assche <bvanassche(a)acm.org> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> diff --git a/drivers/ufs/core/ufshcd.c b/drivers/ufs/core/ufshcd.c index f62d89c8e580..50adfb8b335b 100644 --- a/drivers/ufs/core/ufshcd.c +++ b/drivers/ufs/core/ufshcd.c @@ -7807,7 +7807,8 @@ static int ufshcd_host_reset_and_restore(struct ufs_hba *hba) hba->silence_err_logs = false; /* scale up clocks to max frequency before full reinitialization */ - ufshcd_scale_clks(hba, ULONG_MAX, true); + if (ufshcd_is_clkscaling_supported(hba)) + ufshcd_scale_clks(hba, ULONG_MAX, true); err = ufshcd_hba_enable(hba);

4 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] scsi: ufs: core: Fix clk scaling to be conditional in reset" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 2e083cd802294693a5414e4557a183dd7e442e71 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025063004-observer-ruckus-6111@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 2e083cd802294693a5414e4557a183dd7e442e71 Mon Sep 17 00:00:00 2001 From: anvithdosapati <anvithdosapati(a)google.com> Date: Mon, 16 Jun 2025 08:57:34 +0000 Subject: [PATCH] scsi: ufs: core: Fix clk scaling to be conditional in reset and restore In ufshcd_host_reset_and_restore(), scale up clocks only when clock scaling is supported. Without this change CPU latency is voted for 0 (ufshcd_pm_qos_update) during resume unconditionally. Signed-off-by: anvithdosapati <anvithdosapati(a)google.com> Link: https://lore.kernel.org/r/20250616085734.2133581-1-anvithdosapati@google.com Fixes: a3cd5ec55f6c ("scsi: ufs: add load based scaling of UFS gear") Cc: stable(a)vger.kernel.org Reviewed-by: Bart Van Assche <bvanassche(a)acm.org> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> diff --git a/drivers/ufs/core/ufshcd.c b/drivers/ufs/core/ufshcd.c index f62d89c8e580..50adfb8b335b 100644 --- a/drivers/ufs/core/ufshcd.c +++ b/drivers/ufs/core/ufshcd.c @@ -7807,7 +7807,8 @@ static int ufshcd_host_reset_and_restore(struct ufs_hba *hba) hba->silence_err_logs = false; /* scale up clocks to max frequency before full reinitialization */ - ufshcd_scale_clks(hba, ULONG_MAX, true); + if (ufshcd_is_clkscaling_supported(hba)) + ufshcd_scale_clks(hba, ULONG_MAX, true); err = ufshcd_hba_enable(hba);

4 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] scsi: ufs: core: Fix clk scaling to be conditional in reset" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 2e083cd802294693a5414e4557a183dd7e442e71 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025063003-stalemate-sniff-e4ff@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 2e083cd802294693a5414e4557a183dd7e442e71 Mon Sep 17 00:00:00 2001 From: anvithdosapati <anvithdosapati(a)google.com> Date: Mon, 16 Jun 2025 08:57:34 +0000 Subject: [PATCH] scsi: ufs: core: Fix clk scaling to be conditional in reset and restore In ufshcd_host_reset_and_restore(), scale up clocks only when clock scaling is supported. Without this change CPU latency is voted for 0 (ufshcd_pm_qos_update) during resume unconditionally. Signed-off-by: anvithdosapati <anvithdosapati(a)google.com> Link: https://lore.kernel.org/r/20250616085734.2133581-1-anvithdosapati@google.com Fixes: a3cd5ec55f6c ("scsi: ufs: add load based scaling of UFS gear") Cc: stable(a)vger.kernel.org Reviewed-by: Bart Van Assche <bvanassche(a)acm.org> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> diff --git a/drivers/ufs/core/ufshcd.c b/drivers/ufs/core/ufshcd.c index f62d89c8e580..50adfb8b335b 100644 --- a/drivers/ufs/core/ufshcd.c +++ b/drivers/ufs/core/ufshcd.c @@ -7807,7 +7807,8 @@ static int ufshcd_host_reset_and_restore(struct ufs_hba *hba) hba->silence_err_logs = false; /* scale up clocks to max frequency before full reinitialization */ - ufshcd_scale_clks(hba, ULONG_MAX, true); + if (ufshcd_is_clkscaling_supported(hba)) + ufshcd_scale_clks(hba, ULONG_MAX, true); err = ufshcd_hba_enable(hba);

4 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] mm/gup: revert "mm: gup: fix infinite loop within" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 517f496e1e61bd169d585dab4dd77e7147506322 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025063015-rumor-coconut-92be@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 517f496e1e61bd169d585dab4dd77e7147506322 Mon Sep 17 00:00:00 2001 From: David Hildenbrand <david(a)redhat.com> Date: Wed, 11 Jun 2025 15:13:14 +0200 Subject: [PATCH] mm/gup: revert "mm: gup: fix infinite loop within __get_longterm_locked" After commit 1aaf8c122918 ("mm: gup: fix infinite loop within __get_longterm_locked") we are able to longterm pin folios that are not supposed to get longterm pinned, simply because they temporarily have the LRU flag cleared (esp. temporarily isolated). For example, two __get_longterm_locked() callers can race, or __get_longterm_locked() can race with anything else that temporarily isolates folios. The introducing commit mentions the use case of a driver that uses vm_ops->fault to insert pages allocated through cma_alloc() into the page tables, assuming they can later get longterm pinned. These pages/ folios would never have the LRU flag set and consequently cannot get isolated. There is no known in-tree user making use of that so far, fortunately. To handle that in the future -- and avoid retrying forever to isolate/migrate them -- we will need a different mechanism for the CMA area *owner* to indicate that it actually already allocated the page and is fine with longterm pinning it. The LRU flag is not suitable for that. Probably we can lookup the relevant CMA area and query the bitmap; we only have have to care about some races, probably. If already allocated, we could just allow longterm pinning) Anyhow, let's fix the "must not be longterm pinned" problem first by reverting the original commit. Link: https://lkml.kernel.org/r/20250611131314.594529-1-david@redhat.com Fixes: 1aaf8c122918 ("mm: gup: fix infinite loop within __get_longterm_locked") Signed-off-by: David Hildenbrand <david(a)redhat.com> Closes: https://lore.kernel.org/all/20250522092755.GA3277597@tiffany/ Reported-by: Hyesoo Yu <hyesoo.yu(a)samsung.com> Reviewed-by: John Hubbard <jhubbard(a)nvidia.com> Cc: Jason Gunthorpe <jgg(a)ziepe.ca> Cc: Peter Xu <peterx(a)redhat.com> Cc: Zhaoyang Huang <zhaoyang.huang(a)unisoc.com> Cc: Aijun Sun <aijun.sun(a)unisoc.com> Cc: Alistair Popple <apopple(a)nvidia.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/gup.c b/mm/gup.c index e065a49842a8..3c39cbbeebef 100644 --- a/mm/gup.c +++ b/mm/gup.c @@ -2303,13 +2303,13 @@ static void pofs_unpin(struct pages_or_folios *pofs) /* * Returns the number of collected folios. Return value is always >= 0. */ -static void collect_longterm_unpinnable_folios( +static unsigned long collect_longterm_unpinnable_folios( struct list_head *movable_folio_list, struct pages_or_folios *pofs) { + unsigned long i, collected = 0; struct folio *prev_folio = NULL; bool drain_allow = true; - unsigned long i; for (i = 0; i < pofs->nr_entries; i++) { struct folio *folio = pofs_get_folio(pofs, i); @@ -2321,6 +2321,8 @@ static void collect_longterm_unpinnable_folios( if (folio_is_longterm_pinnable(folio)) continue; + collected++; + if (folio_is_device_coherent(folio)) continue; @@ -2342,6 +2344,8 @@ static void collect_longterm_unpinnable_folios( NR_ISOLATED_ANON + folio_is_file_lru(folio), folio_nr_pages(folio)); } + + return collected; } /* @@ -2418,9 +2422,11 @@ static long check_and_migrate_movable_pages_or_folios(struct pages_or_folios *pofs) { LIST_HEAD(movable_folio_list); + unsigned long collected; - collect_longterm_unpinnable_folios(&movable_folio_list, pofs); - if (list_empty(&movable_folio_list)) + collected = collect_longterm_unpinnable_folios(&movable_folio_list, + pofs); + if (!collected) return 0; return migrate_longterm_unpinnable_folios(&movable_folio_list, pofs);

4 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] mm/gup: revert "mm: gup: fix infinite loop within" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 517f496e1e61bd169d585dab4dd77e7147506322 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025063014-plural-roster-e4a8@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 517f496e1e61bd169d585dab4dd77e7147506322 Mon Sep 17 00:00:00 2001 From: David Hildenbrand <david(a)redhat.com> Date: Wed, 11 Jun 2025 15:13:14 +0200 Subject: [PATCH] mm/gup: revert "mm: gup: fix infinite loop within __get_longterm_locked" After commit 1aaf8c122918 ("mm: gup: fix infinite loop within __get_longterm_locked") we are able to longterm pin folios that are not supposed to get longterm pinned, simply because they temporarily have the LRU flag cleared (esp. temporarily isolated). For example, two __get_longterm_locked() callers can race, or __get_longterm_locked() can race with anything else that temporarily isolates folios. The introducing commit mentions the use case of a driver that uses vm_ops->fault to insert pages allocated through cma_alloc() into the page tables, assuming they can later get longterm pinned. These pages/ folios would never have the LRU flag set and consequently cannot get isolated. There is no known in-tree user making use of that so far, fortunately. To handle that in the future -- and avoid retrying forever to isolate/migrate them -- we will need a different mechanism for the CMA area *owner* to indicate that it actually already allocated the page and is fine with longterm pinning it. The LRU flag is not suitable for that. Probably we can lookup the relevant CMA area and query the bitmap; we only have have to care about some races, probably. If already allocated, we could just allow longterm pinning) Anyhow, let's fix the "must not be longterm pinned" problem first by reverting the original commit. Link: https://lkml.kernel.org/r/20250611131314.594529-1-david@redhat.com Fixes: 1aaf8c122918 ("mm: gup: fix infinite loop within __get_longterm_locked") Signed-off-by: David Hildenbrand <david(a)redhat.com> Closes: https://lore.kernel.org/all/20250522092755.GA3277597@tiffany/ Reported-by: Hyesoo Yu <hyesoo.yu(a)samsung.com> Reviewed-by: John Hubbard <jhubbard(a)nvidia.com> Cc: Jason Gunthorpe <jgg(a)ziepe.ca> Cc: Peter Xu <peterx(a)redhat.com> Cc: Zhaoyang Huang <zhaoyang.huang(a)unisoc.com> Cc: Aijun Sun <aijun.sun(a)unisoc.com> Cc: Alistair Popple <apopple(a)nvidia.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/gup.c b/mm/gup.c index e065a49842a8..3c39cbbeebef 100644 --- a/mm/gup.c +++ b/mm/gup.c @@ -2303,13 +2303,13 @@ static void pofs_unpin(struct pages_or_folios *pofs) /* * Returns the number of collected folios. Return value is always >= 0. */ -static void collect_longterm_unpinnable_folios( +static unsigned long collect_longterm_unpinnable_folios( struct list_head *movable_folio_list, struct pages_or_folios *pofs) { + unsigned long i, collected = 0; struct folio *prev_folio = NULL; bool drain_allow = true; - unsigned long i; for (i = 0; i < pofs->nr_entries; i++) { struct folio *folio = pofs_get_folio(pofs, i); @@ -2321,6 +2321,8 @@ static void collect_longterm_unpinnable_folios( if (folio_is_longterm_pinnable(folio)) continue; + collected++; + if (folio_is_device_coherent(folio)) continue; @@ -2342,6 +2344,8 @@ static void collect_longterm_unpinnable_folios( NR_ISOLATED_ANON + folio_is_file_lru(folio), folio_nr_pages(folio)); } + + return collected; } /* @@ -2418,9 +2422,11 @@ static long check_and_migrate_movable_pages_or_folios(struct pages_or_folios *pofs) { LIST_HEAD(movable_folio_list); + unsigned long collected; - collect_longterm_unpinnable_folios(&movable_folio_list, pofs); - if (list_empty(&movable_folio_list)) + collected = collect_longterm_unpinnable_folios(&movable_folio_list, + pofs); + if (!collected) return 0; return migrate_longterm_unpinnable_folios(&movable_folio_list, pofs);

4 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] spi: spi-cadence-quadspi: Fix pm runtime unbalance" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x b07f349d1864abe29436f45e3047da2bdd476462 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025063009-ashamed-tipper-8da4@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b07f349d1864abe29436f45e3047da2bdd476462 Mon Sep 17 00:00:00 2001 From: Khairul Anuar Romli <khairul.anuar.romli(a)altera.com> Date: Mon, 16 Jun 2025 09:13:53 +0800 Subject: [PATCH] spi: spi-cadence-quadspi: Fix pm runtime unbalance Having PM put sync in remove function is causing PM underflow during remove operation. This is caused by the function, runtime_pm_get_sync, not being called anywhere during the op. Ensure that calls to pm_runtime_enable()/pm_runtime_disable() and pm_runtime_get_sync()/pm_runtime_put_sync() match. echo 108d2000.spi > /sys/bus/platform/drivers/cadence-qspi/unbind [ 49.644256] Deleting MTD partitions on "108d2000.spi.0": [ 49.649575] Deleting u-boot MTD partition [ 49.684087] Deleting root MTD partition [ 49.724188] cadence-qspi 108d2000.spi: Runtime PM usage count underflow! Continuous bind/unbind will result in an "Unbalanced pm_runtime_enable" error. Subsequent unbind attempts will return a "No such device" error, while bind attempts will return a "Resource temporarily unavailable" error. [ 47.592434] cadence-qspi 108d2000.spi: Runtime PM usage count underflow! [ 49.592233] cadence-qspi 108d2000.spi: detected FIFO depth (1024) different from config (128) [ 53.232309] cadence-qspi 108d2000.spi: Runtime PM usage count underflow! [ 55.828550] cadence-qspi 108d2000.spi: detected FIFO depth (1024) different from config (128) [ 57.940627] cadence-qspi 108d2000.spi: Runtime PM usage count underflow! [ 59.912490] cadence-qspi 108d2000.spi: detected FIFO depth (1024) different from config (128) [ 61.876243] cadence-qspi 108d2000.spi: Runtime PM usage count underflow! [ 61.883000] platform 108d2000.spi: Unbalanced pm_runtime_enable! [ 532.012270] cadence-qspi 108d2000.spi: probe with driver cadence-qspi failed1 Also, change clk_disable_unprepare() to clk_disable() since continuous bind and unbind operations will trigger a warning indicating that the clock is already unprepared. Fixes: 4892b374c9b7 ("mtd: spi-nor: cadence-quadspi: Add runtime PM support") cc: stable(a)vger.kernel.org # 6.6+ Signed-off-by: Khairul Anuar Romli <khairul.anuar.romli(a)altera.com> Reviewed-by: Matthew Gerlach <matthew.gerlach(a)altera.com> Link: https://patch.msgid.link/4e7a4b8aba300e629b45a04f90bddf665fbdb335.174960187… Signed-off-by: Mark Brown <broonie(a)kernel.org> diff --git a/drivers/spi/spi-cadence-quadspi.c b/drivers/spi/spi-cadence-quadspi.c index fe0f122f07b0..aa1932ba17cb 100644 --- a/drivers/spi/spi-cadence-quadspi.c +++ b/drivers/spi/spi-cadence-quadspi.c @@ -1958,10 +1958,10 @@ static int cqspi_probe(struct platform_device *pdev) goto probe_setup_failed; } - ret = devm_pm_runtime_enable(dev); - if (ret) { - if (cqspi->rx_chan) - dma_release_channel(cqspi->rx_chan); + pm_runtime_enable(dev); + + if (cqspi->rx_chan) { + dma_release_channel(cqspi->rx_chan); goto probe_setup_failed; } @@ -1981,6 +1981,7 @@ static int cqspi_probe(struct platform_device *pdev) return 0; probe_setup_failed: cqspi_controller_enable(cqspi, 0); + pm_runtime_disable(dev); probe_reset_failed: if (cqspi->is_jh7110) cqspi_jh7110_disable_clk(pdev, cqspi); @@ -1999,7 +2000,8 @@ static void cqspi_remove(struct platform_device *pdev) if (cqspi->rx_chan) dma_release_channel(cqspi->rx_chan); - clk_disable_unprepare(cqspi->clk); + if (pm_runtime_get_sync(&pdev->dev) >= 0) + clk_disable(cqspi->clk); if (cqspi->is_jh7110) cqspi_jh7110_disable_clk(pdev, cqspi);

4 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] spi: spi-cadence-quadspi: Fix pm runtime unbalance" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x b07f349d1864abe29436f45e3047da2bdd476462 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025063008-bonehead-poach-8e42@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b07f349d1864abe29436f45e3047da2bdd476462 Mon Sep 17 00:00:00 2001 From: Khairul Anuar Romli <khairul.anuar.romli(a)altera.com> Date: Mon, 16 Jun 2025 09:13:53 +0800 Subject: [PATCH] spi: spi-cadence-quadspi: Fix pm runtime unbalance Having PM put sync in remove function is causing PM underflow during remove operation. This is caused by the function, runtime_pm_get_sync, not being called anywhere during the op. Ensure that calls to pm_runtime_enable()/pm_runtime_disable() and pm_runtime_get_sync()/pm_runtime_put_sync() match. echo 108d2000.spi > /sys/bus/platform/drivers/cadence-qspi/unbind [ 49.644256] Deleting MTD partitions on "108d2000.spi.0": [ 49.649575] Deleting u-boot MTD partition [ 49.684087] Deleting root MTD partition [ 49.724188] cadence-qspi 108d2000.spi: Runtime PM usage count underflow! Continuous bind/unbind will result in an "Unbalanced pm_runtime_enable" error. Subsequent unbind attempts will return a "No such device" error, while bind attempts will return a "Resource temporarily unavailable" error. [ 47.592434] cadence-qspi 108d2000.spi: Runtime PM usage count underflow! [ 49.592233] cadence-qspi 108d2000.spi: detected FIFO depth (1024) different from config (128) [ 53.232309] cadence-qspi 108d2000.spi: Runtime PM usage count underflow! [ 55.828550] cadence-qspi 108d2000.spi: detected FIFO depth (1024) different from config (128) [ 57.940627] cadence-qspi 108d2000.spi: Runtime PM usage count underflow! [ 59.912490] cadence-qspi 108d2000.spi: detected FIFO depth (1024) different from config (128) [ 61.876243] cadence-qspi 108d2000.spi: Runtime PM usage count underflow! [ 61.883000] platform 108d2000.spi: Unbalanced pm_runtime_enable! [ 532.012270] cadence-qspi 108d2000.spi: probe with driver cadence-qspi failed1 Also, change clk_disable_unprepare() to clk_disable() since continuous bind and unbind operations will trigger a warning indicating that the clock is already unprepared. Fixes: 4892b374c9b7 ("mtd: spi-nor: cadence-quadspi: Add runtime PM support") cc: stable(a)vger.kernel.org # 6.6+ Signed-off-by: Khairul Anuar Romli <khairul.anuar.romli(a)altera.com> Reviewed-by: Matthew Gerlach <matthew.gerlach(a)altera.com> Link: https://patch.msgid.link/4e7a4b8aba300e629b45a04f90bddf665fbdb335.174960187… Signed-off-by: Mark Brown <broonie(a)kernel.org> diff --git a/drivers/spi/spi-cadence-quadspi.c b/drivers/spi/spi-cadence-quadspi.c index fe0f122f07b0..aa1932ba17cb 100644 --- a/drivers/spi/spi-cadence-quadspi.c +++ b/drivers/spi/spi-cadence-quadspi.c @@ -1958,10 +1958,10 @@ static int cqspi_probe(struct platform_device *pdev) goto probe_setup_failed; } - ret = devm_pm_runtime_enable(dev); - if (ret) { - if (cqspi->rx_chan) - dma_release_channel(cqspi->rx_chan); + pm_runtime_enable(dev); + + if (cqspi->rx_chan) { + dma_release_channel(cqspi->rx_chan); goto probe_setup_failed; } @@ -1981,6 +1981,7 @@ static int cqspi_probe(struct platform_device *pdev) return 0; probe_setup_failed: cqspi_controller_enable(cqspi, 0); + pm_runtime_disable(dev); probe_reset_failed: if (cqspi->is_jh7110) cqspi_jh7110_disable_clk(pdev, cqspi); @@ -1999,7 +2000,8 @@ static void cqspi_remove(struct platform_device *pdev) if (cqspi->rx_chan) dma_release_channel(cqspi->rx_chan); - clk_disable_unprepare(cqspi->clk); + if (pm_runtime_get_sync(&pdev->dev) >= 0) + clk_disable(cqspi->clk); if (cqspi->is_jh7110) cqspi_jh7110_disable_clk(pdev, cqspi);

4 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] spi: spi-cadence-quadspi: Fix pm runtime unbalance" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x b07f349d1864abe29436f45e3047da2bdd476462 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025063008-celibacy-lukewarm-7bc5@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b07f349d1864abe29436f45e3047da2bdd476462 Mon Sep 17 00:00:00 2001 From: Khairul Anuar Romli <khairul.anuar.romli(a)altera.com> Date: Mon, 16 Jun 2025 09:13:53 +0800 Subject: [PATCH] spi: spi-cadence-quadspi: Fix pm runtime unbalance Having PM put sync in remove function is causing PM underflow during remove operation. This is caused by the function, runtime_pm_get_sync, not being called anywhere during the op. Ensure that calls to pm_runtime_enable()/pm_runtime_disable() and pm_runtime_get_sync()/pm_runtime_put_sync() match. echo 108d2000.spi > /sys/bus/platform/drivers/cadence-qspi/unbind [ 49.644256] Deleting MTD partitions on "108d2000.spi.0": [ 49.649575] Deleting u-boot MTD partition [ 49.684087] Deleting root MTD partition [ 49.724188] cadence-qspi 108d2000.spi: Runtime PM usage count underflow! Continuous bind/unbind will result in an "Unbalanced pm_runtime_enable" error. Subsequent unbind attempts will return a "No such device" error, while bind attempts will return a "Resource temporarily unavailable" error. [ 47.592434] cadence-qspi 108d2000.spi: Runtime PM usage count underflow! [ 49.592233] cadence-qspi 108d2000.spi: detected FIFO depth (1024) different from config (128) [ 53.232309] cadence-qspi 108d2000.spi: Runtime PM usage count underflow! [ 55.828550] cadence-qspi 108d2000.spi: detected FIFO depth (1024) different from config (128) [ 57.940627] cadence-qspi 108d2000.spi: Runtime PM usage count underflow! [ 59.912490] cadence-qspi 108d2000.spi: detected FIFO depth (1024) different from config (128) [ 61.876243] cadence-qspi 108d2000.spi: Runtime PM usage count underflow! [ 61.883000] platform 108d2000.spi: Unbalanced pm_runtime_enable! [ 532.012270] cadence-qspi 108d2000.spi: probe with driver cadence-qspi failed1 Also, change clk_disable_unprepare() to clk_disable() since continuous bind and unbind operations will trigger a warning indicating that the clock is already unprepared. Fixes: 4892b374c9b7 ("mtd: spi-nor: cadence-quadspi: Add runtime PM support") cc: stable(a)vger.kernel.org # 6.6+ Signed-off-by: Khairul Anuar Romli <khairul.anuar.romli(a)altera.com> Reviewed-by: Matthew Gerlach <matthew.gerlach(a)altera.com> Link: https://patch.msgid.link/4e7a4b8aba300e629b45a04f90bddf665fbdb335.174960187… Signed-off-by: Mark Brown <broonie(a)kernel.org> diff --git a/drivers/spi/spi-cadence-quadspi.c b/drivers/spi/spi-cadence-quadspi.c index fe0f122f07b0..aa1932ba17cb 100644 --- a/drivers/spi/spi-cadence-quadspi.c +++ b/drivers/spi/spi-cadence-quadspi.c @@ -1958,10 +1958,10 @@ static int cqspi_probe(struct platform_device *pdev) goto probe_setup_failed; } - ret = devm_pm_runtime_enable(dev); - if (ret) { - if (cqspi->rx_chan) - dma_release_channel(cqspi->rx_chan); + pm_runtime_enable(dev); + + if (cqspi->rx_chan) { + dma_release_channel(cqspi->rx_chan); goto probe_setup_failed; } @@ -1981,6 +1981,7 @@ static int cqspi_probe(struct platform_device *pdev) return 0; probe_setup_failed: cqspi_controller_enable(cqspi, 0); + pm_runtime_disable(dev); probe_reset_failed: if (cqspi->is_jh7110) cqspi_jh7110_disable_clk(pdev, cqspi); @@ -1999,7 +2000,8 @@ static void cqspi_remove(struct platform_device *pdev) if (cqspi->rx_chan) dma_release_channel(cqspi->rx_chan); - clk_disable_unprepare(cqspi->clk); + if (pm_runtime_get_sync(&pdev->dev) >= 0) + clk_disable(cqspi->clk); if (cqspi->is_jh7110) cqspi_jh7110_disable_clk(pdev, cqspi);

4 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] spi: spi-cadence-quadspi: Fix pm runtime unbalance" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x b07f349d1864abe29436f45e3047da2bdd476462 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025063007-cruelty-mortality-e0da@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b07f349d1864abe29436f45e3047da2bdd476462 Mon Sep 17 00:00:00 2001 From: Khairul Anuar Romli <khairul.anuar.romli(a)altera.com> Date: Mon, 16 Jun 2025 09:13:53 +0800 Subject: [PATCH] spi: spi-cadence-quadspi: Fix pm runtime unbalance Having PM put sync in remove function is causing PM underflow during remove operation. This is caused by the function, runtime_pm_get_sync, not being called anywhere during the op. Ensure that calls to pm_runtime_enable()/pm_runtime_disable() and pm_runtime_get_sync()/pm_runtime_put_sync() match. echo 108d2000.spi > /sys/bus/platform/drivers/cadence-qspi/unbind [ 49.644256] Deleting MTD partitions on "108d2000.spi.0": [ 49.649575] Deleting u-boot MTD partition [ 49.684087] Deleting root MTD partition [ 49.724188] cadence-qspi 108d2000.spi: Runtime PM usage count underflow! Continuous bind/unbind will result in an "Unbalanced pm_runtime_enable" error. Subsequent unbind attempts will return a "No such device" error, while bind attempts will return a "Resource temporarily unavailable" error. [ 47.592434] cadence-qspi 108d2000.spi: Runtime PM usage count underflow! [ 49.592233] cadence-qspi 108d2000.spi: detected FIFO depth (1024) different from config (128) [ 53.232309] cadence-qspi 108d2000.spi: Runtime PM usage count underflow! [ 55.828550] cadence-qspi 108d2000.spi: detected FIFO depth (1024) different from config (128) [ 57.940627] cadence-qspi 108d2000.spi: Runtime PM usage count underflow! [ 59.912490] cadence-qspi 108d2000.spi: detected FIFO depth (1024) different from config (128) [ 61.876243] cadence-qspi 108d2000.spi: Runtime PM usage count underflow! [ 61.883000] platform 108d2000.spi: Unbalanced pm_runtime_enable! [ 532.012270] cadence-qspi 108d2000.spi: probe with driver cadence-qspi failed1 Also, change clk_disable_unprepare() to clk_disable() since continuous bind and unbind operations will trigger a warning indicating that the clock is already unprepared. Fixes: 4892b374c9b7 ("mtd: spi-nor: cadence-quadspi: Add runtime PM support") cc: stable(a)vger.kernel.org # 6.6+ Signed-off-by: Khairul Anuar Romli <khairul.anuar.romli(a)altera.com> Reviewed-by: Matthew Gerlach <matthew.gerlach(a)altera.com> Link: https://patch.msgid.link/4e7a4b8aba300e629b45a04f90bddf665fbdb335.174960187… Signed-off-by: Mark Brown <broonie(a)kernel.org> diff --git a/drivers/spi/spi-cadence-quadspi.c b/drivers/spi/spi-cadence-quadspi.c index fe0f122f07b0..aa1932ba17cb 100644 --- a/drivers/spi/spi-cadence-quadspi.c +++ b/drivers/spi/spi-cadence-quadspi.c @@ -1958,10 +1958,10 @@ static int cqspi_probe(struct platform_device *pdev) goto probe_setup_failed; } - ret = devm_pm_runtime_enable(dev); - if (ret) { - if (cqspi->rx_chan) - dma_release_channel(cqspi->rx_chan); + pm_runtime_enable(dev); + + if (cqspi->rx_chan) { + dma_release_channel(cqspi->rx_chan); goto probe_setup_failed; } @@ -1981,6 +1981,7 @@ static int cqspi_probe(struct platform_device *pdev) return 0; probe_setup_failed: cqspi_controller_enable(cqspi, 0); + pm_runtime_disable(dev); probe_reset_failed: if (cqspi->is_jh7110) cqspi_jh7110_disable_clk(pdev, cqspi); @@ -1999,7 +2000,8 @@ static void cqspi_remove(struct platform_device *pdev) if (cqspi->rx_chan) dma_release_channel(cqspi->rx_chan); - clk_disable_unprepare(cqspi->clk); + if (pm_runtime_get_sync(&pdev->dev) >= 0) + clk_disable(cqspi->clk); if (cqspi->is_jh7110) cqspi_jh7110_disable_clk(pdev, cqspi);

4 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] staging: rtl8723bs: Avoid memset() in aes_cipher() and" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x a55bc4ffc06d8c965a7d6f0a01ed0ed41380df28 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025063056-envision-frivolous-150b@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a55bc4ffc06d8c965a7d6f0a01ed0ed41380df28 Mon Sep 17 00:00:00 2001 From: Nathan Chancellor <nathan(a)kernel.org> Date: Mon, 9 Jun 2025 14:13:14 -0700 Subject: [PATCH] staging: rtl8723bs: Avoid memset() in aes_cipher() and aes_decipher() After commit 6f110a5e4f99 ("Disable SLUB_TINY for build testing"), which causes CONFIG_KASAN to be enabled in allmodconfig again, arm64 allmodconfig builds with older versions of clang (15 through 17) show an instance of -Wframe-larger-than (which breaks the build with CONFIG_WERROR=y): drivers/staging/rtl8723bs/core/rtw_security.c:1287:5: error: stack frame size (2208) exceeds limit (2048) in 'rtw_aes_decrypt' [-Werror,-Wframe-larger-than] 1287 | u32 rtw_aes_decrypt(struct adapter *padapter, u8 *precvframe) | ^ This comes from aes_decipher() being inlined in rtw_aes_decrypt(). Running the same build with CONFIG_FRAME_WARN=128 shows aes_cipher() also uses a decent amount of stack, just under the limit of 2048: drivers/staging/rtl8723bs/core/rtw_security.c:864:19: warning: stack frame size (1952) exceeds limit (128) in 'aes_cipher' [-Wframe-larger-than] 864 | static signed int aes_cipher(u8 *key, uint hdrlen, | ^ -Rpass-analysis=stack-frame-layout only shows one large structure on the stack, which is the ctx variable inlined from aes128k128d(). A good number of the other variables come from the additional checks of fortified string routines, which are present in memset(), which both aes_cipher() and aes_decipher() use to initialize some temporary buffers. In this case, since the size is known at compile time, these additional checks should not result in any code generation changes but allmodconfig has several sanitizers enabled, which may make it harder for the compiler to eliminate the compile time checks and the variables that come about from them. The memset() calls are just initializing these buffers to zero, so use '= {}' instead, which is used all over the kernel and does the exact same thing as memset() without the fortify checks, which drops the stack usage of these functions by a few hundred kilobytes. drivers/staging/rtl8723bs/core/rtw_security.c:864:19: warning: stack frame size (1584) exceeds limit (128) in 'aes_cipher' [-Wframe-larger-than] 864 | static signed int aes_cipher(u8 *key, uint hdrlen, | ^ drivers/staging/rtl8723bs/core/rtw_security.c:1271:5: warning: stack frame size (1456) exceeds limit (128) in 'rtw_aes_decrypt' [-Wframe-larger-than] 1271 | u32 rtw_aes_decrypt(struct adapter *padapter, u8 *precvframe) | ^ Cc: stable(a)vger.kernel.org Fixes: 554c0a3abf21 ("staging: Add rtl8723bs sdio wifi driver") Signed-off-by: Nathan Chancellor <nathan(a)kernel.org> Reviewed-by: Dan Carpenter <dan.carpenter(a)linaro.org> Link: https://lore.kernel.org/r/20250609-rtl8723bs-fix-clang-arm64-wflt-v1-1-e2ac… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/staging/rtl8723bs/core/rtw_security.c b/drivers/staging/rtl8723bs/core/rtw_security.c index 1e9eff01b1aa..e9f382c280d9 100644 --- a/drivers/staging/rtl8723bs/core/rtw_security.c +++ b/drivers/staging/rtl8723bs/core/rtw_security.c @@ -868,29 +868,21 @@ static signed int aes_cipher(u8 *key, uint hdrlen, num_blocks, payload_index; u8 pn_vector[6]; - u8 mic_iv[16]; - u8 mic_header1[16]; - u8 mic_header2[16]; - u8 ctr_preload[16]; + u8 mic_iv[16] = {}; + u8 mic_header1[16] = {}; + u8 mic_header2[16] = {}; + u8 ctr_preload[16] = {}; /* Intermediate Buffers */ - u8 chain_buffer[16]; - u8 aes_out[16]; - u8 padded_buffer[16]; + u8 chain_buffer[16] = {}; + u8 aes_out[16] = {}; + u8 padded_buffer[16] = {}; u8 mic[8]; uint frtype = GetFrameType(pframe); uint frsubtype = GetFrameSubType(pframe); frsubtype = frsubtype>>4; - memset((void *)mic_iv, 0, 16); - memset((void *)mic_header1, 0, 16); - memset((void *)mic_header2, 0, 16); - memset((void *)ctr_preload, 0, 16); - memset((void *)chain_buffer, 0, 16); - memset((void *)aes_out, 0, 16); - memset((void *)padded_buffer, 0, 16); - if ((hdrlen == WLAN_HDR_A3_LEN) || (hdrlen == WLAN_HDR_A3_QOS_LEN)) a4_exists = 0; else @@ -1080,15 +1072,15 @@ static signed int aes_decipher(u8 *key, uint hdrlen, num_blocks, payload_index; signed int res = _SUCCESS; u8 pn_vector[6]; - u8 mic_iv[16]; - u8 mic_header1[16]; - u8 mic_header2[16]; - u8 ctr_preload[16]; + u8 mic_iv[16] = {}; + u8 mic_header1[16] = {}; + u8 mic_header2[16] = {}; + u8 ctr_preload[16] = {}; /* Intermediate Buffers */ - u8 chain_buffer[16]; - u8 aes_out[16]; - u8 padded_buffer[16]; + u8 chain_buffer[16] = {}; + u8 aes_out[16] = {}; + u8 padded_buffer[16] = {}; u8 mic[8]; uint frtype = GetFrameType(pframe); @@ -1096,14 +1088,6 @@ static signed int aes_decipher(u8 *key, uint hdrlen, frsubtype = frsubtype>>4; - memset((void *)mic_iv, 0, 16); - memset((void *)mic_header1, 0, 16); - memset((void *)mic_header2, 0, 16); - memset((void *)ctr_preload, 0, 16); - memset((void *)chain_buffer, 0, 16); - memset((void *)aes_out, 0, 16); - memset((void *)padded_buffer, 0, 16); - /* start to decrypt the payload */ num_blocks = (plen-8) / 16; /* plen including LLC, payload_length and mic) */

4 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] x86/traps: Initialize DR7 by writing its architectural reset" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x fa7d0f83c5c4223a01598876352473cb3d3bd4d7 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025063028-reproduce-turtle-6e00@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From fa7d0f83c5c4223a01598876352473cb3d3bd4d7 Mon Sep 17 00:00:00 2001 From: "Xin Li (Intel)" <xin(a)zytor.com> Date: Fri, 20 Jun 2025 16:15:04 -0700 Subject: [PATCH] x86/traps: Initialize DR7 by writing its architectural reset value Initialize DR7 by writing its architectural reset value to always set bit 10, which is reserved to '1', when "clearing" DR7 so as not to trigger unanticipated behavior if said bit is ever unreserved, e.g. as a feature enabling flag with inverted polarity. Signed-off-by: Xin Li (Intel) <xin(a)zytor.com> Signed-off-by: Dave Hansen <dave.hansen(a)linux.intel.com> Reviewed-by: H. Peter Anvin (Intel) <hpa(a)zytor.com> Reviewed-by: Sohil Mehta <sohil.mehta(a)intel.com> Acked-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Acked-by: Sean Christopherson <seanjc(a)google.com> Tested-by: Sohil Mehta <sohil.mehta(a)intel.com> Cc:stable@vger.kernel.org Link: https://lore.kernel.org/all/20250620231504.2676902-3-xin%40zytor.com diff --git a/arch/x86/include/asm/debugreg.h b/arch/x86/include/asm/debugreg.h index 363110e6b2e3..a2c1f2d24b64 100644 --- a/arch/x86/include/asm/debugreg.h +++ b/arch/x86/include/asm/debugreg.h @@ -9,6 +9,14 @@ #include <asm/cpufeature.h> #include <asm/msr.h> +/* + * Define bits that are always set to 1 in DR7, only bit 10 is + * architecturally reserved to '1'. + * + * This is also the init/reset value for DR7. + */ +#define DR7_FIXED_1 0x00000400 + DECLARE_PER_CPU(unsigned long, cpu_dr7); #ifndef CONFIG_PARAVIRT_XXL @@ -100,8 +108,8 @@ static __always_inline void native_set_debugreg(int regno, unsigned long value) static inline void hw_breakpoint_disable(void) { - /* Zero the control register for HW Breakpoint */ - set_debugreg(0UL, 7); + /* Reset the control register for HW Breakpoint */ + set_debugreg(DR7_FIXED_1, 7); /* Zero-out the individual HW breakpoint address registers */ set_debugreg(0UL, 0); @@ -125,9 +133,12 @@ static __always_inline unsigned long local_db_save(void) return 0; get_debugreg(dr7, 7); - dr7 &= ~0x400; /* architecturally set bit */ + + /* Architecturally set bit */ + dr7 &= ~DR7_FIXED_1; if (dr7) - set_debugreg(0, 7); + set_debugreg(DR7_FIXED_1, 7); + /* * Ensure the compiler doesn't lower the above statements into * the critical section; disabling breakpoints late would not diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index b4a391929cdb..639d9bcee842 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -31,6 +31,7 @@ #include <asm/apic.h> #include <asm/pvclock-abi.h> +#include <asm/debugreg.h> #include <asm/desc.h> #include <asm/mtrr.h> #include <asm/msr-index.h> @@ -249,7 +250,6 @@ enum x86_intercept_stage; #define DR7_BP_EN_MASK 0x000000ff #define DR7_GE (1 << 9) #define DR7_GD (1 << 13) -#define DR7_FIXED_1 0x00000400 #define DR7_VOLATILE 0xffff2bff #define KVM_GUESTDBG_VALID_MASK \ diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c index 0f6c280a94f0..27125e009847 100644 --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -2246,7 +2246,7 @@ EXPORT_PER_CPU_SYMBOL(__stack_chk_guard); static void initialize_debug_regs(void) { /* Control register first -- to make sure everything is disabled. */ - set_debugreg(0, 7); + set_debugreg(DR7_FIXED_1, 7); set_debugreg(DR6_RESERVED, 6); /* dr5 and dr4 don't exist */ set_debugreg(0, 3); diff --git a/arch/x86/kernel/kgdb.c b/arch/x86/kernel/kgdb.c index 102641fd2172..8b1a9733d13e 100644 --- a/arch/x86/kernel/kgdb.c +++ b/arch/x86/kernel/kgdb.c @@ -385,7 +385,7 @@ static void kgdb_disable_hw_debug(struct pt_regs *regs) struct perf_event *bp; /* Disable hardware debugging while we are in kgdb: */ - set_debugreg(0UL, 7); + set_debugreg(DR7_FIXED_1, 7); for (i = 0; i < HBP_NUM; i++) { if (!breakinfo[i].enabled) continue; diff --git a/arch/x86/kernel/process_32.c b/arch/x86/kernel/process_32.c index a10e180cbf23..3ef15c2f152f 100644 --- a/arch/x86/kernel/process_32.c +++ b/arch/x86/kernel/process_32.c @@ -93,7 +93,7 @@ void __show_regs(struct pt_regs *regs, enum show_regs_mode mode, /* Only print out debug registers if they are in their non-default state. */ if ((d0 == 0) && (d1 == 0) && (d2 == 0) && (d3 == 0) && - (d6 == DR6_RESERVED) && (d7 == 0x400)) + (d6 == DR6_RESERVED) && (d7 == DR7_FIXED_1)) return; printk("%sDR0: %08lx DR1: %08lx DR2: %08lx DR3: %08lx\n", diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c index 8d6cf25127aa..b972bf72fb8b 100644 --- a/arch/x86/kernel/process_64.c +++ b/arch/x86/kernel/process_64.c @@ -133,7 +133,7 @@ void __show_regs(struct pt_regs *regs, enum show_regs_mode mode, /* Only print out debug registers if they are in their non-default state. */ if (!((d0 == 0) && (d1 == 0) && (d2 == 0) && (d3 == 0) && - (d6 == DR6_RESERVED) && (d7 == 0x400))) { + (d6 == DR6_RESERVED) && (d7 == DR7_FIXED_1))) { printk("%sDR0: %016lx DR1: %016lx DR2: %016lx\n", log_lvl, d0, d1, d2); printk("%sDR3: %016lx DR6: %016lx DR7: %016lx\n", diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index b58a74c1722d..a9d992d5652f 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -11035,7 +11035,7 @@ static int vcpu_enter_guest(struct kvm_vcpu *vcpu) if (unlikely(vcpu->arch.switch_db_regs && !(vcpu->arch.switch_db_regs & KVM_DEBUGREG_AUTO_SWITCH))) { - set_debugreg(0, 7); + set_debugreg(DR7_FIXED_1, 7); set_debugreg(vcpu->arch.eff_db[0], 0); set_debugreg(vcpu->arch.eff_db[1], 1); set_debugreg(vcpu->arch.eff_db[2], 2); @@ -11044,7 +11044,7 @@ static int vcpu_enter_guest(struct kvm_vcpu *vcpu) if (unlikely(vcpu->arch.switch_db_regs & KVM_DEBUGREG_WONT_EXIT)) kvm_x86_call(set_dr6)(vcpu, vcpu->arch.dr6); } else if (unlikely(hw_breakpoint_active())) { - set_debugreg(0, 7); + set_debugreg(DR7_FIXED_1, 7); } vcpu->arch.host_debugctl = get_debugctlmsr();

4 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] x86/traps: Initialize DR7 by writing its architectural reset" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x fa7d0f83c5c4223a01598876352473cb3d3bd4d7 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025063027-herring-canned-83b0@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From fa7d0f83c5c4223a01598876352473cb3d3bd4d7 Mon Sep 17 00:00:00 2001 From: "Xin Li (Intel)" <xin(a)zytor.com> Date: Fri, 20 Jun 2025 16:15:04 -0700 Subject: [PATCH] x86/traps: Initialize DR7 by writing its architectural reset value Initialize DR7 by writing its architectural reset value to always set bit 10, which is reserved to '1', when "clearing" DR7 so as not to trigger unanticipated behavior if said bit is ever unreserved, e.g. as a feature enabling flag with inverted polarity. Signed-off-by: Xin Li (Intel) <xin(a)zytor.com> Signed-off-by: Dave Hansen <dave.hansen(a)linux.intel.com> Reviewed-by: H. Peter Anvin (Intel) <hpa(a)zytor.com> Reviewed-by: Sohil Mehta <sohil.mehta(a)intel.com> Acked-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Acked-by: Sean Christopherson <seanjc(a)google.com> Tested-by: Sohil Mehta <sohil.mehta(a)intel.com> Cc:stable@vger.kernel.org Link: https://lore.kernel.org/all/20250620231504.2676902-3-xin%40zytor.com diff --git a/arch/x86/include/asm/debugreg.h b/arch/x86/include/asm/debugreg.h index 363110e6b2e3..a2c1f2d24b64 100644 --- a/arch/x86/include/asm/debugreg.h +++ b/arch/x86/include/asm/debugreg.h @@ -9,6 +9,14 @@ #include <asm/cpufeature.h> #include <asm/msr.h> +/* + * Define bits that are always set to 1 in DR7, only bit 10 is + * architecturally reserved to '1'. + * + * This is also the init/reset value for DR7. + */ +#define DR7_FIXED_1 0x00000400 + DECLARE_PER_CPU(unsigned long, cpu_dr7); #ifndef CONFIG_PARAVIRT_XXL @@ -100,8 +108,8 @@ static __always_inline void native_set_debugreg(int regno, unsigned long value) static inline void hw_breakpoint_disable(void) { - /* Zero the control register for HW Breakpoint */ - set_debugreg(0UL, 7); + /* Reset the control register for HW Breakpoint */ + set_debugreg(DR7_FIXED_1, 7); /* Zero-out the individual HW breakpoint address registers */ set_debugreg(0UL, 0); @@ -125,9 +133,12 @@ static __always_inline unsigned long local_db_save(void) return 0; get_debugreg(dr7, 7); - dr7 &= ~0x400; /* architecturally set bit */ + + /* Architecturally set bit */ + dr7 &= ~DR7_FIXED_1; if (dr7) - set_debugreg(0, 7); + set_debugreg(DR7_FIXED_1, 7); + /* * Ensure the compiler doesn't lower the above statements into * the critical section; disabling breakpoints late would not diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index b4a391929cdb..639d9bcee842 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -31,6 +31,7 @@ #include <asm/apic.h> #include <asm/pvclock-abi.h> +#include <asm/debugreg.h> #include <asm/desc.h> #include <asm/mtrr.h> #include <asm/msr-index.h> @@ -249,7 +250,6 @@ enum x86_intercept_stage; #define DR7_BP_EN_MASK 0x000000ff #define DR7_GE (1 << 9) #define DR7_GD (1 << 13) -#define DR7_FIXED_1 0x00000400 #define DR7_VOLATILE 0xffff2bff #define KVM_GUESTDBG_VALID_MASK \ diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c index 0f6c280a94f0..27125e009847 100644 --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -2246,7 +2246,7 @@ EXPORT_PER_CPU_SYMBOL(__stack_chk_guard); static void initialize_debug_regs(void) { /* Control register first -- to make sure everything is disabled. */ - set_debugreg(0, 7); + set_debugreg(DR7_FIXED_1, 7); set_debugreg(DR6_RESERVED, 6); /* dr5 and dr4 don't exist */ set_debugreg(0, 3); diff --git a/arch/x86/kernel/kgdb.c b/arch/x86/kernel/kgdb.c index 102641fd2172..8b1a9733d13e 100644 --- a/arch/x86/kernel/kgdb.c +++ b/arch/x86/kernel/kgdb.c @@ -385,7 +385,7 @@ static void kgdb_disable_hw_debug(struct pt_regs *regs) struct perf_event *bp; /* Disable hardware debugging while we are in kgdb: */ - set_debugreg(0UL, 7); + set_debugreg(DR7_FIXED_1, 7); for (i = 0; i < HBP_NUM; i++) { if (!breakinfo[i].enabled) continue; diff --git a/arch/x86/kernel/process_32.c b/arch/x86/kernel/process_32.c index a10e180cbf23..3ef15c2f152f 100644 --- a/arch/x86/kernel/process_32.c +++ b/arch/x86/kernel/process_32.c @@ -93,7 +93,7 @@ void __show_regs(struct pt_regs *regs, enum show_regs_mode mode, /* Only print out debug registers if they are in their non-default state. */ if ((d0 == 0) && (d1 == 0) && (d2 == 0) && (d3 == 0) && - (d6 == DR6_RESERVED) && (d7 == 0x400)) + (d6 == DR6_RESERVED) && (d7 == DR7_FIXED_1)) return; printk("%sDR0: %08lx DR1: %08lx DR2: %08lx DR3: %08lx\n", diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c index 8d6cf25127aa..b972bf72fb8b 100644 --- a/arch/x86/kernel/process_64.c +++ b/arch/x86/kernel/process_64.c @@ -133,7 +133,7 @@ void __show_regs(struct pt_regs *regs, enum show_regs_mode mode, /* Only print out debug registers if they are in their non-default state. */ if (!((d0 == 0) && (d1 == 0) && (d2 == 0) && (d3 == 0) && - (d6 == DR6_RESERVED) && (d7 == 0x400))) { + (d6 == DR6_RESERVED) && (d7 == DR7_FIXED_1))) { printk("%sDR0: %016lx DR1: %016lx DR2: %016lx\n", log_lvl, d0, d1, d2); printk("%sDR3: %016lx DR6: %016lx DR7: %016lx\n", diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index b58a74c1722d..a9d992d5652f 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -11035,7 +11035,7 @@ static int vcpu_enter_guest(struct kvm_vcpu *vcpu) if (unlikely(vcpu->arch.switch_db_regs && !(vcpu->arch.switch_db_regs & KVM_DEBUGREG_AUTO_SWITCH))) { - set_debugreg(0, 7); + set_debugreg(DR7_FIXED_1, 7); set_debugreg(vcpu->arch.eff_db[0], 0); set_debugreg(vcpu->arch.eff_db[1], 1); set_debugreg(vcpu->arch.eff_db[2], 2); @@ -11044,7 +11044,7 @@ static int vcpu_enter_guest(struct kvm_vcpu *vcpu) if (unlikely(vcpu->arch.switch_db_regs & KVM_DEBUGREG_WONT_EXIT)) kvm_x86_call(set_dr6)(vcpu, vcpu->arch.dr6); } else if (unlikely(hw_breakpoint_active())) { - set_debugreg(0, 7); + set_debugreg(DR7_FIXED_1, 7); } vcpu->arch.host_debugctl = get_debugctlmsr();

4 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] x86/traps: Initialize DR7 by writing its architectural reset" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x fa7d0f83c5c4223a01598876352473cb3d3bd4d7 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025063027-myspace-germproof-6a5c@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From fa7d0f83c5c4223a01598876352473cb3d3bd4d7 Mon Sep 17 00:00:00 2001 From: "Xin Li (Intel)" <xin(a)zytor.com> Date: Fri, 20 Jun 2025 16:15:04 -0700 Subject: [PATCH] x86/traps: Initialize DR7 by writing its architectural reset value Initialize DR7 by writing its architectural reset value to always set bit 10, which is reserved to '1', when "clearing" DR7 so as not to trigger unanticipated behavior if said bit is ever unreserved, e.g. as a feature enabling flag with inverted polarity. Signed-off-by: Xin Li (Intel) <xin(a)zytor.com> Signed-off-by: Dave Hansen <dave.hansen(a)linux.intel.com> Reviewed-by: H. Peter Anvin (Intel) <hpa(a)zytor.com> Reviewed-by: Sohil Mehta <sohil.mehta(a)intel.com> Acked-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Acked-by: Sean Christopherson <seanjc(a)google.com> Tested-by: Sohil Mehta <sohil.mehta(a)intel.com> Cc:stable@vger.kernel.org Link: https://lore.kernel.org/all/20250620231504.2676902-3-xin%40zytor.com diff --git a/arch/x86/include/asm/debugreg.h b/arch/x86/include/asm/debugreg.h index 363110e6b2e3..a2c1f2d24b64 100644 --- a/arch/x86/include/asm/debugreg.h +++ b/arch/x86/include/asm/debugreg.h @@ -9,6 +9,14 @@ #include <asm/cpufeature.h> #include <asm/msr.h> +/* + * Define bits that are always set to 1 in DR7, only bit 10 is + * architecturally reserved to '1'. + * + * This is also the init/reset value for DR7. + */ +#define DR7_FIXED_1 0x00000400 + DECLARE_PER_CPU(unsigned long, cpu_dr7); #ifndef CONFIG_PARAVIRT_XXL @@ -100,8 +108,8 @@ static __always_inline void native_set_debugreg(int regno, unsigned long value) static inline void hw_breakpoint_disable(void) { - /* Zero the control register for HW Breakpoint */ - set_debugreg(0UL, 7); + /* Reset the control register for HW Breakpoint */ + set_debugreg(DR7_FIXED_1, 7); /* Zero-out the individual HW breakpoint address registers */ set_debugreg(0UL, 0); @@ -125,9 +133,12 @@ static __always_inline unsigned long local_db_save(void) return 0; get_debugreg(dr7, 7); - dr7 &= ~0x400; /* architecturally set bit */ + + /* Architecturally set bit */ + dr7 &= ~DR7_FIXED_1; if (dr7) - set_debugreg(0, 7); + set_debugreg(DR7_FIXED_1, 7); + /* * Ensure the compiler doesn't lower the above statements into * the critical section; disabling breakpoints late would not diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index b4a391929cdb..639d9bcee842 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -31,6 +31,7 @@ #include <asm/apic.h> #include <asm/pvclock-abi.h> +#include <asm/debugreg.h> #include <asm/desc.h> #include <asm/mtrr.h> #include <asm/msr-index.h> @@ -249,7 +250,6 @@ enum x86_intercept_stage; #define DR7_BP_EN_MASK 0x000000ff #define DR7_GE (1 << 9) #define DR7_GD (1 << 13) -#define DR7_FIXED_1 0x00000400 #define DR7_VOLATILE 0xffff2bff #define KVM_GUESTDBG_VALID_MASK \ diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c index 0f6c280a94f0..27125e009847 100644 --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -2246,7 +2246,7 @@ EXPORT_PER_CPU_SYMBOL(__stack_chk_guard); static void initialize_debug_regs(void) { /* Control register first -- to make sure everything is disabled. */ - set_debugreg(0, 7); + set_debugreg(DR7_FIXED_1, 7); set_debugreg(DR6_RESERVED, 6); /* dr5 and dr4 don't exist */ set_debugreg(0, 3); diff --git a/arch/x86/kernel/kgdb.c b/arch/x86/kernel/kgdb.c index 102641fd2172..8b1a9733d13e 100644 --- a/arch/x86/kernel/kgdb.c +++ b/arch/x86/kernel/kgdb.c @@ -385,7 +385,7 @@ static void kgdb_disable_hw_debug(struct pt_regs *regs) struct perf_event *bp; /* Disable hardware debugging while we are in kgdb: */ - set_debugreg(0UL, 7); + set_debugreg(DR7_FIXED_1, 7); for (i = 0; i < HBP_NUM; i++) { if (!breakinfo[i].enabled) continue; diff --git a/arch/x86/kernel/process_32.c b/arch/x86/kernel/process_32.c index a10e180cbf23..3ef15c2f152f 100644 --- a/arch/x86/kernel/process_32.c +++ b/arch/x86/kernel/process_32.c @@ -93,7 +93,7 @@ void __show_regs(struct pt_regs *regs, enum show_regs_mode mode, /* Only print out debug registers if they are in their non-default state. */ if ((d0 == 0) && (d1 == 0) && (d2 == 0) && (d3 == 0) && - (d6 == DR6_RESERVED) && (d7 == 0x400)) + (d6 == DR6_RESERVED) && (d7 == DR7_FIXED_1)) return; printk("%sDR0: %08lx DR1: %08lx DR2: %08lx DR3: %08lx\n", diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c index 8d6cf25127aa..b972bf72fb8b 100644 --- a/arch/x86/kernel/process_64.c +++ b/arch/x86/kernel/process_64.c @@ -133,7 +133,7 @@ void __show_regs(struct pt_regs *regs, enum show_regs_mode mode, /* Only print out debug registers if they are in their non-default state. */ if (!((d0 == 0) && (d1 == 0) && (d2 == 0) && (d3 == 0) && - (d6 == DR6_RESERVED) && (d7 == 0x400))) { + (d6 == DR6_RESERVED) && (d7 == DR7_FIXED_1))) { printk("%sDR0: %016lx DR1: %016lx DR2: %016lx\n", log_lvl, d0, d1, d2); printk("%sDR3: %016lx DR6: %016lx DR7: %016lx\n", diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index b58a74c1722d..a9d992d5652f 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -11035,7 +11035,7 @@ static int vcpu_enter_guest(struct kvm_vcpu *vcpu) if (unlikely(vcpu->arch.switch_db_regs && !(vcpu->arch.switch_db_regs & KVM_DEBUGREG_AUTO_SWITCH))) { - set_debugreg(0, 7); + set_debugreg(DR7_FIXED_1, 7); set_debugreg(vcpu->arch.eff_db[0], 0); set_debugreg(vcpu->arch.eff_db[1], 1); set_debugreg(vcpu->arch.eff_db[2], 2); @@ -11044,7 +11044,7 @@ static int vcpu_enter_guest(struct kvm_vcpu *vcpu) if (unlikely(vcpu->arch.switch_db_regs & KVM_DEBUGREG_WONT_EXIT)) kvm_x86_call(set_dr6)(vcpu, vcpu->arch.dr6); } else if (unlikely(hw_breakpoint_active())) { - set_debugreg(0, 7); + set_debugreg(DR7_FIXED_1, 7); } vcpu->arch.host_debugctl = get_debugctlmsr();

4 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] x86/traps: Initialize DR6 by writing its architectural reset" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 5f465c148c61e876b6d6eacd8e8e365f2d47758f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025063013-city-unloaded-a949@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 5f465c148c61e876b6d6eacd8e8e365f2d47758f Mon Sep 17 00:00:00 2001 From: "Xin Li (Intel)" <xin(a)zytor.com> Date: Fri, 20 Jun 2025 16:15:03 -0700 Subject: [PATCH] x86/traps: Initialize DR6 by writing its architectural reset value Initialize DR6 by writing its architectural reset value to avoid incorrectly zeroing DR6 to clear DR6.BLD at boot time, which leads to a false bus lock detected warning. The Intel SDM says: 1) Certain debug exceptions may clear bits 0-3 of DR6. 2) BLD induced #DB clears DR6.BLD and any other debug exception doesn't modify DR6.BLD. 3) RTM induced #DB clears DR6.RTM and any other debug exception sets DR6.RTM. To avoid confusion in identifying debug exceptions, debug handlers should set DR6.BLD and DR6.RTM, and clear other DR6 bits before returning. The DR6 architectural reset value 0xFFFF0FF0, already defined as macro DR6_RESERVED, satisfies these requirements, so just use it to reinitialize DR6 whenever needed. Since clear_all_debug_regs() no longer zeros all debug registers, rename it to initialize_debug_regs() to better reflect its current behavior. Since debug_read_clear_dr6() no longer clears DR6, rename it to debug_read_reset_dr6() to better reflect its current behavior. Fixes: ebb1064e7c2e9 ("x86/traps: Handle #DB for bus lock") Reported-by: Sohil Mehta <sohil.mehta(a)intel.com> Suggested-by: H. Peter Anvin (Intel) <hpa(a)zytor.com> Signed-off-by: Xin Li (Intel) <xin(a)zytor.com> Signed-off-by: Dave Hansen <dave.hansen(a)linux.intel.com> Reviewed-by: H. Peter Anvin (Intel) <hpa(a)zytor.com> Reviewed-by: Sohil Mehta <sohil.mehta(a)intel.com> Acked-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Tested-by: Sohil Mehta <sohil.mehta(a)intel.com> Link: https://lore.kernel.org/lkml/06e68373-a92b-472e-8fd9-ba548119770c@intel.com/ Cc:stable@vger.kernel.org Link: https://lore.kernel.org/all/20250620231504.2676902-2-xin%40zytor.com diff --git a/arch/x86/include/uapi/asm/debugreg.h b/arch/x86/include/uapi/asm/debugreg.h index 0007ba077c0c..41da492dfb01 100644 --- a/arch/x86/include/uapi/asm/debugreg.h +++ b/arch/x86/include/uapi/asm/debugreg.h @@ -15,7 +15,26 @@ which debugging register was responsible for the trap. The other bits are either reserved or not of interest to us. */ -/* Define reserved bits in DR6 which are always set to 1 */ +/* + * Define bits in DR6 which are set to 1 by default. + * + * This is also the DR6 architectural value following Power-up, Reset or INIT. + * + * Note, with the introduction of Bus Lock Detection (BLD) and Restricted + * Transactional Memory (RTM), the DR6 register has been modified: + * + * 1) BLD flag (bit 11) is no longer reserved to 1 if the CPU supports + * Bus Lock Detection. The assertion of a bus lock could clear it. + * + * 2) RTM flag (bit 16) is no longer reserved to 1 if the CPU supports + * restricted transactional memory. #DB occurred inside an RTM region + * could clear it. + * + * Apparently, DR6.BLD and DR6.RTM are active low bits. + * + * As a result, DR6_RESERVED is an incorrect name now, but it is kept for + * compatibility. + */ #define DR6_RESERVED (0xFFFF0FF0) #define DR_TRAP0 (0x1) /* db0 */ diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c index 8feb8fd2957a..0f6c280a94f0 100644 --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -2243,20 +2243,16 @@ EXPORT_PER_CPU_SYMBOL(__stack_chk_guard); #endif #endif -/* - * Clear all 6 debug registers: - */ -static void clear_all_debug_regs(void) +static void initialize_debug_regs(void) { - int i; - - for (i = 0; i < 8; i++) { - /* Ignore db4, db5 */ - if ((i == 4) || (i == 5)) - continue; - - set_debugreg(0, i); - } + /* Control register first -- to make sure everything is disabled. */ + set_debugreg(0, 7); + set_debugreg(DR6_RESERVED, 6); + /* dr5 and dr4 don't exist */ + set_debugreg(0, 3); + set_debugreg(0, 2); + set_debugreg(0, 1); + set_debugreg(0, 0); } #ifdef CONFIG_KGDB @@ -2417,7 +2413,7 @@ void cpu_init(void) load_mm_ldt(&init_mm); - clear_all_debug_regs(); + initialize_debug_regs(); dbg_restore_debug_regs(); doublefault_init_cpu_tss(); diff --git a/arch/x86/kernel/traps.c b/arch/x86/kernel/traps.c index c5c897a86418..36354b470590 100644 --- a/arch/x86/kernel/traps.c +++ b/arch/x86/kernel/traps.c @@ -1022,24 +1022,32 @@ static bool is_sysenter_singlestep(struct pt_regs *regs) #endif } -static __always_inline unsigned long debug_read_clear_dr6(void) +static __always_inline unsigned long debug_read_reset_dr6(void) { unsigned long dr6; + get_debugreg(dr6, 6); + dr6 ^= DR6_RESERVED; /* Flip to positive polarity */ + /* * The Intel SDM says: * - * Certain debug exceptions may clear bits 0-3. The remaining - * contents of the DR6 register are never cleared by the - * processor. To avoid confusion in identifying debug - * exceptions, debug handlers should clear the register before - * returning to the interrupted task. + * Certain debug exceptions may clear bits 0-3 of DR6. * - * Keep it simple: clear DR6 immediately. + * BLD induced #DB clears DR6.BLD and any other debug + * exception doesn't modify DR6.BLD. + * + * RTM induced #DB clears DR6.RTM and any other debug + * exception sets DR6.RTM. + * + * To avoid confusion in identifying debug exceptions, + * debug handlers should set DR6.BLD and DR6.RTM, and + * clear other DR6 bits before returning. + * + * Keep it simple: write DR6 with its architectural reset + * value 0xFFFF0FF0, defined as DR6_RESERVED, immediately. */ - get_debugreg(dr6, 6); set_debugreg(DR6_RESERVED, 6); - dr6 ^= DR6_RESERVED; /* Flip to positive polarity */ return dr6; } @@ -1239,13 +1247,13 @@ static noinstr void exc_debug_user(struct pt_regs *regs, unsigned long dr6) /* IST stack entry */ DEFINE_IDTENTRY_DEBUG(exc_debug) { - exc_debug_kernel(regs, debug_read_clear_dr6()); + exc_debug_kernel(regs, debug_read_reset_dr6()); } /* User entry, runs on regular task stack */ DEFINE_IDTENTRY_DEBUG_USER(exc_debug) { - exc_debug_user(regs, debug_read_clear_dr6()); + exc_debug_user(regs, debug_read_reset_dr6()); } #ifdef CONFIG_X86_FRED @@ -1264,7 +1272,7 @@ DEFINE_FREDENTRY_DEBUG(exc_debug) { /* * FRED #DB stores DR6 on the stack in the format which - * debug_read_clear_dr6() returns for the IDT entry points. + * debug_read_reset_dr6() returns for the IDT entry points. */ unsigned long dr6 = fred_event_data(regs); @@ -1279,7 +1287,7 @@ DEFINE_FREDENTRY_DEBUG(exc_debug) /* 32 bit does not have separate entry points. */ DEFINE_IDTENTRY_RAW(exc_debug) { - unsigned long dr6 = debug_read_clear_dr6(); + unsigned long dr6 = debug_read_reset_dr6(); if (user_mode(regs)) exc_debug_user(regs, dr6);

4 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] x86/traps: Initialize DR6 by writing its architectural reset" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 5f465c148c61e876b6d6eacd8e8e365f2d47758f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025063012-clammy-bluish-930d@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 5f465c148c61e876b6d6eacd8e8e365f2d47758f Mon Sep 17 00:00:00 2001 From: "Xin Li (Intel)" <xin(a)zytor.com> Date: Fri, 20 Jun 2025 16:15:03 -0700 Subject: [PATCH] x86/traps: Initialize DR6 by writing its architectural reset value Initialize DR6 by writing its architectural reset value to avoid incorrectly zeroing DR6 to clear DR6.BLD at boot time, which leads to a false bus lock detected warning. The Intel SDM says: 1) Certain debug exceptions may clear bits 0-3 of DR6. 2) BLD induced #DB clears DR6.BLD and any other debug exception doesn't modify DR6.BLD. 3) RTM induced #DB clears DR6.RTM and any other debug exception sets DR6.RTM. To avoid confusion in identifying debug exceptions, debug handlers should set DR6.BLD and DR6.RTM, and clear other DR6 bits before returning. The DR6 architectural reset value 0xFFFF0FF0, already defined as macro DR6_RESERVED, satisfies these requirements, so just use it to reinitialize DR6 whenever needed. Since clear_all_debug_regs() no longer zeros all debug registers, rename it to initialize_debug_regs() to better reflect its current behavior. Since debug_read_clear_dr6() no longer clears DR6, rename it to debug_read_reset_dr6() to better reflect its current behavior. Fixes: ebb1064e7c2e9 ("x86/traps: Handle #DB for bus lock") Reported-by: Sohil Mehta <sohil.mehta(a)intel.com> Suggested-by: H. Peter Anvin (Intel) <hpa(a)zytor.com> Signed-off-by: Xin Li (Intel) <xin(a)zytor.com> Signed-off-by: Dave Hansen <dave.hansen(a)linux.intel.com> Reviewed-by: H. Peter Anvin (Intel) <hpa(a)zytor.com> Reviewed-by: Sohil Mehta <sohil.mehta(a)intel.com> Acked-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Tested-by: Sohil Mehta <sohil.mehta(a)intel.com> Link: https://lore.kernel.org/lkml/06e68373-a92b-472e-8fd9-ba548119770c@intel.com/ Cc:stable@vger.kernel.org Link: https://lore.kernel.org/all/20250620231504.2676902-2-xin%40zytor.com diff --git a/arch/x86/include/uapi/asm/debugreg.h b/arch/x86/include/uapi/asm/debugreg.h index 0007ba077c0c..41da492dfb01 100644 --- a/arch/x86/include/uapi/asm/debugreg.h +++ b/arch/x86/include/uapi/asm/debugreg.h @@ -15,7 +15,26 @@ which debugging register was responsible for the trap. The other bits are either reserved or not of interest to us. */ -/* Define reserved bits in DR6 which are always set to 1 */ +/* + * Define bits in DR6 which are set to 1 by default. + * + * This is also the DR6 architectural value following Power-up, Reset or INIT. + * + * Note, with the introduction of Bus Lock Detection (BLD) and Restricted + * Transactional Memory (RTM), the DR6 register has been modified: + * + * 1) BLD flag (bit 11) is no longer reserved to 1 if the CPU supports + * Bus Lock Detection. The assertion of a bus lock could clear it. + * + * 2) RTM flag (bit 16) is no longer reserved to 1 if the CPU supports + * restricted transactional memory. #DB occurred inside an RTM region + * could clear it. + * + * Apparently, DR6.BLD and DR6.RTM are active low bits. + * + * As a result, DR6_RESERVED is an incorrect name now, but it is kept for + * compatibility. + */ #define DR6_RESERVED (0xFFFF0FF0) #define DR_TRAP0 (0x1) /* db0 */ diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c index 8feb8fd2957a..0f6c280a94f0 100644 --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -2243,20 +2243,16 @@ EXPORT_PER_CPU_SYMBOL(__stack_chk_guard); #endif #endif -/* - * Clear all 6 debug registers: - */ -static void clear_all_debug_regs(void) +static void initialize_debug_regs(void) { - int i; - - for (i = 0; i < 8; i++) { - /* Ignore db4, db5 */ - if ((i == 4) || (i == 5)) - continue; - - set_debugreg(0, i); - } + /* Control register first -- to make sure everything is disabled. */ + set_debugreg(0, 7); + set_debugreg(DR6_RESERVED, 6); + /* dr5 and dr4 don't exist */ + set_debugreg(0, 3); + set_debugreg(0, 2); + set_debugreg(0, 1); + set_debugreg(0, 0); } #ifdef CONFIG_KGDB @@ -2417,7 +2413,7 @@ void cpu_init(void) load_mm_ldt(&init_mm); - clear_all_debug_regs(); + initialize_debug_regs(); dbg_restore_debug_regs(); doublefault_init_cpu_tss(); diff --git a/arch/x86/kernel/traps.c b/arch/x86/kernel/traps.c index c5c897a86418..36354b470590 100644 --- a/arch/x86/kernel/traps.c +++ b/arch/x86/kernel/traps.c @@ -1022,24 +1022,32 @@ static bool is_sysenter_singlestep(struct pt_regs *regs) #endif } -static __always_inline unsigned long debug_read_clear_dr6(void) +static __always_inline unsigned long debug_read_reset_dr6(void) { unsigned long dr6; + get_debugreg(dr6, 6); + dr6 ^= DR6_RESERVED; /* Flip to positive polarity */ + /* * The Intel SDM says: * - * Certain debug exceptions may clear bits 0-3. The remaining - * contents of the DR6 register are never cleared by the - * processor. To avoid confusion in identifying debug - * exceptions, debug handlers should clear the register before - * returning to the interrupted task. + * Certain debug exceptions may clear bits 0-3 of DR6. * - * Keep it simple: clear DR6 immediately. + * BLD induced #DB clears DR6.BLD and any other debug + * exception doesn't modify DR6.BLD. + * + * RTM induced #DB clears DR6.RTM and any other debug + * exception sets DR6.RTM. + * + * To avoid confusion in identifying debug exceptions, + * debug handlers should set DR6.BLD and DR6.RTM, and + * clear other DR6 bits before returning. + * + * Keep it simple: write DR6 with its architectural reset + * value 0xFFFF0FF0, defined as DR6_RESERVED, immediately. */ - get_debugreg(dr6, 6); set_debugreg(DR6_RESERVED, 6); - dr6 ^= DR6_RESERVED; /* Flip to positive polarity */ return dr6; } @@ -1239,13 +1247,13 @@ static noinstr void exc_debug_user(struct pt_regs *regs, unsigned long dr6) /* IST stack entry */ DEFINE_IDTENTRY_DEBUG(exc_debug) { - exc_debug_kernel(regs, debug_read_clear_dr6()); + exc_debug_kernel(regs, debug_read_reset_dr6()); } /* User entry, runs on regular task stack */ DEFINE_IDTENTRY_DEBUG_USER(exc_debug) { - exc_debug_user(regs, debug_read_clear_dr6()); + exc_debug_user(regs, debug_read_reset_dr6()); } #ifdef CONFIG_X86_FRED @@ -1264,7 +1272,7 @@ DEFINE_FREDENTRY_DEBUG(exc_debug) { /* * FRED #DB stores DR6 on the stack in the format which - * debug_read_clear_dr6() returns for the IDT entry points. + * debug_read_reset_dr6() returns for the IDT entry points. */ unsigned long dr6 = fred_event_data(regs); @@ -1279,7 +1287,7 @@ DEFINE_FREDENTRY_DEBUG(exc_debug) /* 32 bit does not have separate entry points. */ DEFINE_IDTENTRY_RAW(exc_debug) { - unsigned long dr6 = debug_read_clear_dr6(); + unsigned long dr6 = debug_read_reset_dr6(); if (user_mode(regs)) exc_debug_user(regs, dr6);

4 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] x86/traps: Initialize DR6 by writing its architectural reset" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 5f465c148c61e876b6d6eacd8e8e365f2d47758f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025063008-shimmy-doorstep-3c89@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 5f465c148c61e876b6d6eacd8e8e365f2d47758f Mon Sep 17 00:00:00 2001 From: "Xin Li (Intel)" <xin(a)zytor.com> Date: Fri, 20 Jun 2025 16:15:03 -0700 Subject: [PATCH] x86/traps: Initialize DR6 by writing its architectural reset value Initialize DR6 by writing its architectural reset value to avoid incorrectly zeroing DR6 to clear DR6.BLD at boot time, which leads to a false bus lock detected warning. The Intel SDM says: 1) Certain debug exceptions may clear bits 0-3 of DR6. 2) BLD induced #DB clears DR6.BLD and any other debug exception doesn't modify DR6.BLD. 3) RTM induced #DB clears DR6.RTM and any other debug exception sets DR6.RTM. To avoid confusion in identifying debug exceptions, debug handlers should set DR6.BLD and DR6.RTM, and clear other DR6 bits before returning. The DR6 architectural reset value 0xFFFF0FF0, already defined as macro DR6_RESERVED, satisfies these requirements, so just use it to reinitialize DR6 whenever needed. Since clear_all_debug_regs() no longer zeros all debug registers, rename it to initialize_debug_regs() to better reflect its current behavior. Since debug_read_clear_dr6() no longer clears DR6, rename it to debug_read_reset_dr6() to better reflect its current behavior. Fixes: ebb1064e7c2e9 ("x86/traps: Handle #DB for bus lock") Reported-by: Sohil Mehta <sohil.mehta(a)intel.com> Suggested-by: H. Peter Anvin (Intel) <hpa(a)zytor.com> Signed-off-by: Xin Li (Intel) <xin(a)zytor.com> Signed-off-by: Dave Hansen <dave.hansen(a)linux.intel.com> Reviewed-by: H. Peter Anvin (Intel) <hpa(a)zytor.com> Reviewed-by: Sohil Mehta <sohil.mehta(a)intel.com> Acked-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Tested-by: Sohil Mehta <sohil.mehta(a)intel.com> Link: https://lore.kernel.org/lkml/06e68373-a92b-472e-8fd9-ba548119770c@intel.com/ Cc:stable@vger.kernel.org Link: https://lore.kernel.org/all/20250620231504.2676902-2-xin%40zytor.com diff --git a/arch/x86/include/uapi/asm/debugreg.h b/arch/x86/include/uapi/asm/debugreg.h index 0007ba077c0c..41da492dfb01 100644 --- a/arch/x86/include/uapi/asm/debugreg.h +++ b/arch/x86/include/uapi/asm/debugreg.h @@ -15,7 +15,26 @@ which debugging register was responsible for the trap. The other bits are either reserved or not of interest to us. */ -/* Define reserved bits in DR6 which are always set to 1 */ +/* + * Define bits in DR6 which are set to 1 by default. + * + * This is also the DR6 architectural value following Power-up, Reset or INIT. + * + * Note, with the introduction of Bus Lock Detection (BLD) and Restricted + * Transactional Memory (RTM), the DR6 register has been modified: + * + * 1) BLD flag (bit 11) is no longer reserved to 1 if the CPU supports + * Bus Lock Detection. The assertion of a bus lock could clear it. + * + * 2) RTM flag (bit 16) is no longer reserved to 1 if the CPU supports + * restricted transactional memory. #DB occurred inside an RTM region + * could clear it. + * + * Apparently, DR6.BLD and DR6.RTM are active low bits. + * + * As a result, DR6_RESERVED is an incorrect name now, but it is kept for + * compatibility. + */ #define DR6_RESERVED (0xFFFF0FF0) #define DR_TRAP0 (0x1) /* db0 */ diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c index 8feb8fd2957a..0f6c280a94f0 100644 --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -2243,20 +2243,16 @@ EXPORT_PER_CPU_SYMBOL(__stack_chk_guard); #endif #endif -/* - * Clear all 6 debug registers: - */ -static void clear_all_debug_regs(void) +static void initialize_debug_regs(void) { - int i; - - for (i = 0; i < 8; i++) { - /* Ignore db4, db5 */ - if ((i == 4) || (i == 5)) - continue; - - set_debugreg(0, i); - } + /* Control register first -- to make sure everything is disabled. */ + set_debugreg(0, 7); + set_debugreg(DR6_RESERVED, 6); + /* dr5 and dr4 don't exist */ + set_debugreg(0, 3); + set_debugreg(0, 2); + set_debugreg(0, 1); + set_debugreg(0, 0); } #ifdef CONFIG_KGDB @@ -2417,7 +2413,7 @@ void cpu_init(void) load_mm_ldt(&init_mm); - clear_all_debug_regs(); + initialize_debug_regs(); dbg_restore_debug_regs(); doublefault_init_cpu_tss(); diff --git a/arch/x86/kernel/traps.c b/arch/x86/kernel/traps.c index c5c897a86418..36354b470590 100644 --- a/arch/x86/kernel/traps.c +++ b/arch/x86/kernel/traps.c @@ -1022,24 +1022,32 @@ static bool is_sysenter_singlestep(struct pt_regs *regs) #endif } -static __always_inline unsigned long debug_read_clear_dr6(void) +static __always_inline unsigned long debug_read_reset_dr6(void) { unsigned long dr6; + get_debugreg(dr6, 6); + dr6 ^= DR6_RESERVED; /* Flip to positive polarity */ + /* * The Intel SDM says: * - * Certain debug exceptions may clear bits 0-3. The remaining - * contents of the DR6 register are never cleared by the - * processor. To avoid confusion in identifying debug - * exceptions, debug handlers should clear the register before - * returning to the interrupted task. + * Certain debug exceptions may clear bits 0-3 of DR6. * - * Keep it simple: clear DR6 immediately. + * BLD induced #DB clears DR6.BLD and any other debug + * exception doesn't modify DR6.BLD. + * + * RTM induced #DB clears DR6.RTM and any other debug + * exception sets DR6.RTM. + * + * To avoid confusion in identifying debug exceptions, + * debug handlers should set DR6.BLD and DR6.RTM, and + * clear other DR6 bits before returning. + * + * Keep it simple: write DR6 with its architectural reset + * value 0xFFFF0FF0, defined as DR6_RESERVED, immediately. */ - get_debugreg(dr6, 6); set_debugreg(DR6_RESERVED, 6); - dr6 ^= DR6_RESERVED; /* Flip to positive polarity */ return dr6; } @@ -1239,13 +1247,13 @@ static noinstr void exc_debug_user(struct pt_regs *regs, unsigned long dr6) /* IST stack entry */ DEFINE_IDTENTRY_DEBUG(exc_debug) { - exc_debug_kernel(regs, debug_read_clear_dr6()); + exc_debug_kernel(regs, debug_read_reset_dr6()); } /* User entry, runs on regular task stack */ DEFINE_IDTENTRY_DEBUG_USER(exc_debug) { - exc_debug_user(regs, debug_read_clear_dr6()); + exc_debug_user(regs, debug_read_reset_dr6()); } #ifdef CONFIG_X86_FRED @@ -1264,7 +1272,7 @@ DEFINE_FREDENTRY_DEBUG(exc_debug) { /* * FRED #DB stores DR6 on the stack in the format which - * debug_read_clear_dr6() returns for the IDT entry points. + * debug_read_reset_dr6() returns for the IDT entry points. */ unsigned long dr6 = fred_event_data(regs); @@ -1279,7 +1287,7 @@ DEFINE_FREDENTRY_DEBUG(exc_debug) /* 32 bit does not have separate entry points. */ DEFINE_IDTENTRY_RAW(exc_debug) { - unsigned long dr6 = debug_read_clear_dr6(); + unsigned long dr6 = debug_read_reset_dr6(); if (user_mode(regs)) exc_debug_user(regs, dr6);

4 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] EDAC/amd64: Fix size calculation for Non-Power-of-Two DIMMs" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x a3f3040657417aeadb9622c629d4a0c2693a0f93 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025063041-arrival-closable-5d15@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a3f3040657417aeadb9622c629d4a0c2693a0f93 Mon Sep 17 00:00:00 2001 From: Avadhut Naik <avadhut.naik(a)amd.com> Date: Thu, 29 May 2025 20:50:04 +0000 Subject: [PATCH] EDAC/amd64: Fix size calculation for Non-Power-of-Two DIMMs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Each Chip-Select (CS) of a Unified Memory Controller (UMC) on AMD Zen-based SOCs has an Address Mask and a Secondary Address Mask register associated with it. The amd64_edac module logs DIMM sizes on a per-UMC per-CS granularity during init using these two registers. Currently, the module primarily considers only the Address Mask register for computing DIMM sizes. The Secondary Address Mask register is only considered for odd CS. Additionally, if it has been considered, the Address Mask register is ignored altogether for that CS. For power-of-two DIMMs i.e. DIMMs whose total capacity is a power of two (32GB, 64GB, etc), this is not an issue since only the Address Mask register is used. For non-power-of-two DIMMs i.e., DIMMs whose total capacity is not a power of two (48GB, 96GB, etc), however, the Secondary Address Mask register is used in conjunction with the Address Mask register. However, since the module only considers either of the two registers for a CS, the size computed by the module is incorrect. The Secondary Address Mask register is not considered for even CS, and the Address Mask register is not considered for odd CS. Introduce a new helper function so that both Address Mask and Secondary Address Mask registers are considered, when valid, for computing DIMM sizes. Furthermore, also rename some variables for greater clarity. Fixes: 81f5090db843 ("EDAC/amd64: Support asymmetric dual-rank DIMMs") Closes: https://lore.kernel.org/dbec22b6-00f2-498b-b70d-ab6f8a5ec87e@natrix.lt Reported-by: Žilvinas Žaltiena <zilvinas(a)natrix.lt> Signed-off-by: Avadhut Naik <avadhut.naik(a)amd.com> Signed-off-by: Borislav Petkov (AMD) <bp(a)alien8.de> Reviewed-by: Yazen Ghannam <yazen.ghannam(a)amd.com> Tested-by: Žilvinas Žaltiena <zilvinas(a)natrix.lt> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/20250529205013.403450-1-avadhut.naik@amd.com diff --git a/drivers/edac/amd64_edac.c b/drivers/edac/amd64_edac.c index b681c0663203..07f1e9dc1ca7 100644 --- a/drivers/edac/amd64_edac.c +++ b/drivers/edac/amd64_edac.c @@ -1209,7 +1209,9 @@ static int umc_get_cs_mode(int dimm, u8 ctrl, struct amd64_pvt *pvt) if (csrow_enabled(2 * dimm + 1, ctrl, pvt)) cs_mode |= CS_ODD_PRIMARY; - /* Asymmetric dual-rank DIMM support. */ + if (csrow_sec_enabled(2 * dimm, ctrl, pvt)) + cs_mode |= CS_EVEN_SECONDARY; + if (csrow_sec_enabled(2 * dimm + 1, ctrl, pvt)) cs_mode |= CS_ODD_SECONDARY; @@ -1230,12 +1232,13 @@ static int umc_get_cs_mode(int dimm, u8 ctrl, struct amd64_pvt *pvt) return cs_mode; } -static int __addr_mask_to_cs_size(u32 addr_mask_orig, unsigned int cs_mode, - int csrow_nr, int dimm) +static int calculate_cs_size(u32 mask, unsigned int cs_mode) { - u32 msb, weight, num_zero_bits; - u32 addr_mask_deinterleaved; - int size = 0; + int msb, weight, num_zero_bits; + u32 deinterleaved_mask; + + if (!mask) + return 0; /* * The number of zero bits in the mask is equal to the number of bits @@ -1248,19 +1251,30 @@ static int __addr_mask_to_cs_size(u32 addr_mask_orig, unsigned int cs_mode, * without swapping with the most significant bit. This can be handled * by keeping the MSB where it is and ignoring the single zero bit. */ - msb = fls(addr_mask_orig) - 1; - weight = hweight_long(addr_mask_orig); + msb = fls(mask) - 1; + weight = hweight_long(mask); num_zero_bits = msb - weight - !!(cs_mode & CS_3R_INTERLEAVE); /* Take the number of zero bits off from the top of the mask. */ - addr_mask_deinterleaved = GENMASK_ULL(msb - num_zero_bits, 1); + deinterleaved_mask = GENMASK(msb - num_zero_bits, 1); + edac_dbg(1, " Deinterleaved AddrMask: 0x%x\n", deinterleaved_mask); + + return (deinterleaved_mask >> 2) + 1; +} + +static int __addr_mask_to_cs_size(u32 addr_mask, u32 addr_mask_sec, + unsigned int cs_mode, int csrow_nr, int dimm) +{ + int size; edac_dbg(1, "CS%d DIMM%d AddrMasks:\n", csrow_nr, dimm); - edac_dbg(1, " Original AddrMask: 0x%x\n", addr_mask_orig); - edac_dbg(1, " Deinterleaved AddrMask: 0x%x\n", addr_mask_deinterleaved); + edac_dbg(1, " Primary AddrMask: 0x%x\n", addr_mask); /* Register [31:1] = Address [39:9]. Size is in kBs here. */ - size = (addr_mask_deinterleaved >> 2) + 1; + size = calculate_cs_size(addr_mask, cs_mode); + + edac_dbg(1, " Secondary AddrMask: 0x%x\n", addr_mask_sec); + size += calculate_cs_size(addr_mask_sec, cs_mode); /* Return size in MBs. */ return size >> 10; @@ -1269,8 +1283,8 @@ static int __addr_mask_to_cs_size(u32 addr_mask_orig, unsigned int cs_mode, static int umc_addr_mask_to_cs_size(struct amd64_pvt *pvt, u8 umc, unsigned int cs_mode, int csrow_nr) { + u32 addr_mask = 0, addr_mask_sec = 0; int cs_mask_nr = csrow_nr; - u32 addr_mask_orig; int dimm, size = 0; /* No Chip Selects are enabled. */ @@ -1308,13 +1322,13 @@ static int umc_addr_mask_to_cs_size(struct amd64_pvt *pvt, u8 umc, if (!pvt->flags.zn_regs_v2) cs_mask_nr >>= 1; - /* Asymmetric dual-rank DIMM support. */ - if ((csrow_nr & 1) && (cs_mode & CS_ODD_SECONDARY)) - addr_mask_orig = pvt->csels[umc].csmasks_sec[cs_mask_nr]; - else - addr_mask_orig = pvt->csels[umc].csmasks[cs_mask_nr]; + if (cs_mode & (CS_EVEN_PRIMARY | CS_ODD_PRIMARY)) + addr_mask = pvt->csels[umc].csmasks[cs_mask_nr]; - return __addr_mask_to_cs_size(addr_mask_orig, cs_mode, csrow_nr, dimm); + if (cs_mode & (CS_EVEN_SECONDARY | CS_ODD_SECONDARY)) + addr_mask_sec = pvt->csels[umc].csmasks_sec[cs_mask_nr]; + + return __addr_mask_to_cs_size(addr_mask, addr_mask_sec, cs_mode, csrow_nr, dimm); } static void umc_debug_display_dimm_sizes(struct amd64_pvt *pvt, u8 ctrl) @@ -3512,9 +3526,10 @@ static void gpu_get_err_info(struct mce *m, struct err_info *err) static int gpu_addr_mask_to_cs_size(struct amd64_pvt *pvt, u8 umc, unsigned int cs_mode, int csrow_nr) { - u32 addr_mask_orig = pvt->csels[umc].csmasks[csrow_nr]; + u32 addr_mask = pvt->csels[umc].csmasks[csrow_nr]; + u32 addr_mask_sec = pvt->csels[umc].csmasks_sec[csrow_nr]; - return __addr_mask_to_cs_size(addr_mask_orig, cs_mode, csrow_nr, csrow_nr >> 1); + return __addr_mask_to_cs_size(addr_mask, addr_mask_sec, cs_mode, csrow_nr, csrow_nr >> 1); } static void gpu_debug_display_dimm_sizes(struct amd64_pvt *pvt, u8 ctrl)

4 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] EDAC/amd64: Fix size calculation for Non-Power-of-Two DIMMs" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x a3f3040657417aeadb9622c629d4a0c2693a0f93 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025063036-washroom-swiftness-1860@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a3f3040657417aeadb9622c629d4a0c2693a0f93 Mon Sep 17 00:00:00 2001 From: Avadhut Naik <avadhut.naik(a)amd.com> Date: Thu, 29 May 2025 20:50:04 +0000 Subject: [PATCH] EDAC/amd64: Fix size calculation for Non-Power-of-Two DIMMs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Each Chip-Select (CS) of a Unified Memory Controller (UMC) on AMD Zen-based SOCs has an Address Mask and a Secondary Address Mask register associated with it. The amd64_edac module logs DIMM sizes on a per-UMC per-CS granularity during init using these two registers. Currently, the module primarily considers only the Address Mask register for computing DIMM sizes. The Secondary Address Mask register is only considered for odd CS. Additionally, if it has been considered, the Address Mask register is ignored altogether for that CS. For power-of-two DIMMs i.e. DIMMs whose total capacity is a power of two (32GB, 64GB, etc), this is not an issue since only the Address Mask register is used. For non-power-of-two DIMMs i.e., DIMMs whose total capacity is not a power of two (48GB, 96GB, etc), however, the Secondary Address Mask register is used in conjunction with the Address Mask register. However, since the module only considers either of the two registers for a CS, the size computed by the module is incorrect. The Secondary Address Mask register is not considered for even CS, and the Address Mask register is not considered for odd CS. Introduce a new helper function so that both Address Mask and Secondary Address Mask registers are considered, when valid, for computing DIMM sizes. Furthermore, also rename some variables for greater clarity. Fixes: 81f5090db843 ("EDAC/amd64: Support asymmetric dual-rank DIMMs") Closes: https://lore.kernel.org/dbec22b6-00f2-498b-b70d-ab6f8a5ec87e@natrix.lt Reported-by: Žilvinas Žaltiena <zilvinas(a)natrix.lt> Signed-off-by: Avadhut Naik <avadhut.naik(a)amd.com> Signed-off-by: Borislav Petkov (AMD) <bp(a)alien8.de> Reviewed-by: Yazen Ghannam <yazen.ghannam(a)amd.com> Tested-by: Žilvinas Žaltiena <zilvinas(a)natrix.lt> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/20250529205013.403450-1-avadhut.naik@amd.com diff --git a/drivers/edac/amd64_edac.c b/drivers/edac/amd64_edac.c index b681c0663203..07f1e9dc1ca7 100644 --- a/drivers/edac/amd64_edac.c +++ b/drivers/edac/amd64_edac.c @@ -1209,7 +1209,9 @@ static int umc_get_cs_mode(int dimm, u8 ctrl, struct amd64_pvt *pvt) if (csrow_enabled(2 * dimm + 1, ctrl, pvt)) cs_mode |= CS_ODD_PRIMARY; - /* Asymmetric dual-rank DIMM support. */ + if (csrow_sec_enabled(2 * dimm, ctrl, pvt)) + cs_mode |= CS_EVEN_SECONDARY; + if (csrow_sec_enabled(2 * dimm + 1, ctrl, pvt)) cs_mode |= CS_ODD_SECONDARY; @@ -1230,12 +1232,13 @@ static int umc_get_cs_mode(int dimm, u8 ctrl, struct amd64_pvt *pvt) return cs_mode; } -static int __addr_mask_to_cs_size(u32 addr_mask_orig, unsigned int cs_mode, - int csrow_nr, int dimm) +static int calculate_cs_size(u32 mask, unsigned int cs_mode) { - u32 msb, weight, num_zero_bits; - u32 addr_mask_deinterleaved; - int size = 0; + int msb, weight, num_zero_bits; + u32 deinterleaved_mask; + + if (!mask) + return 0; /* * The number of zero bits in the mask is equal to the number of bits @@ -1248,19 +1251,30 @@ static int __addr_mask_to_cs_size(u32 addr_mask_orig, unsigned int cs_mode, * without swapping with the most significant bit. This can be handled * by keeping the MSB where it is and ignoring the single zero bit. */ - msb = fls(addr_mask_orig) - 1; - weight = hweight_long(addr_mask_orig); + msb = fls(mask) - 1; + weight = hweight_long(mask); num_zero_bits = msb - weight - !!(cs_mode & CS_3R_INTERLEAVE); /* Take the number of zero bits off from the top of the mask. */ - addr_mask_deinterleaved = GENMASK_ULL(msb - num_zero_bits, 1); + deinterleaved_mask = GENMASK(msb - num_zero_bits, 1); + edac_dbg(1, " Deinterleaved AddrMask: 0x%x\n", deinterleaved_mask); + + return (deinterleaved_mask >> 2) + 1; +} + +static int __addr_mask_to_cs_size(u32 addr_mask, u32 addr_mask_sec, + unsigned int cs_mode, int csrow_nr, int dimm) +{ + int size; edac_dbg(1, "CS%d DIMM%d AddrMasks:\n", csrow_nr, dimm); - edac_dbg(1, " Original AddrMask: 0x%x\n", addr_mask_orig); - edac_dbg(1, " Deinterleaved AddrMask: 0x%x\n", addr_mask_deinterleaved); + edac_dbg(1, " Primary AddrMask: 0x%x\n", addr_mask); /* Register [31:1] = Address [39:9]. Size is in kBs here. */ - size = (addr_mask_deinterleaved >> 2) + 1; + size = calculate_cs_size(addr_mask, cs_mode); + + edac_dbg(1, " Secondary AddrMask: 0x%x\n", addr_mask_sec); + size += calculate_cs_size(addr_mask_sec, cs_mode); /* Return size in MBs. */ return size >> 10; @@ -1269,8 +1283,8 @@ static int __addr_mask_to_cs_size(u32 addr_mask_orig, unsigned int cs_mode, static int umc_addr_mask_to_cs_size(struct amd64_pvt *pvt, u8 umc, unsigned int cs_mode, int csrow_nr) { + u32 addr_mask = 0, addr_mask_sec = 0; int cs_mask_nr = csrow_nr; - u32 addr_mask_orig; int dimm, size = 0; /* No Chip Selects are enabled. */ @@ -1308,13 +1322,13 @@ static int umc_addr_mask_to_cs_size(struct amd64_pvt *pvt, u8 umc, if (!pvt->flags.zn_regs_v2) cs_mask_nr >>= 1; - /* Asymmetric dual-rank DIMM support. */ - if ((csrow_nr & 1) && (cs_mode & CS_ODD_SECONDARY)) - addr_mask_orig = pvt->csels[umc].csmasks_sec[cs_mask_nr]; - else - addr_mask_orig = pvt->csels[umc].csmasks[cs_mask_nr]; + if (cs_mode & (CS_EVEN_PRIMARY | CS_ODD_PRIMARY)) + addr_mask = pvt->csels[umc].csmasks[cs_mask_nr]; - return __addr_mask_to_cs_size(addr_mask_orig, cs_mode, csrow_nr, dimm); + if (cs_mode & (CS_EVEN_SECONDARY | CS_ODD_SECONDARY)) + addr_mask_sec = pvt->csels[umc].csmasks_sec[cs_mask_nr]; + + return __addr_mask_to_cs_size(addr_mask, addr_mask_sec, cs_mode, csrow_nr, dimm); } static void umc_debug_display_dimm_sizes(struct amd64_pvt *pvt, u8 ctrl) @@ -3512,9 +3526,10 @@ static void gpu_get_err_info(struct mce *m, struct err_info *err) static int gpu_addr_mask_to_cs_size(struct amd64_pvt *pvt, u8 umc, unsigned int cs_mode, int csrow_nr) { - u32 addr_mask_orig = pvt->csels[umc].csmasks[csrow_nr]; + u32 addr_mask = pvt->csels[umc].csmasks[csrow_nr]; + u32 addr_mask_sec = pvt->csels[umc].csmasks_sec[csrow_nr]; - return __addr_mask_to_cs_size(addr_mask_orig, cs_mode, csrow_nr, csrow_nr >> 1); + return __addr_mask_to_cs_size(addr_mask, addr_mask_sec, cs_mode, csrow_nr, csrow_nr >> 1); } static void gpu_debug_display_dimm_sizes(struct amd64_pvt *pvt, u8 ctrl)

4 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] EDAC/amd64: Fix size calculation for Non-Power-of-Two DIMMs" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x a3f3040657417aeadb9622c629d4a0c2693a0f93 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025063027-delighted-selection-2dde@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a3f3040657417aeadb9622c629d4a0c2693a0f93 Mon Sep 17 00:00:00 2001 From: Avadhut Naik <avadhut.naik(a)amd.com> Date: Thu, 29 May 2025 20:50:04 +0000 Subject: [PATCH] EDAC/amd64: Fix size calculation for Non-Power-of-Two DIMMs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Each Chip-Select (CS) of a Unified Memory Controller (UMC) on AMD Zen-based SOCs has an Address Mask and a Secondary Address Mask register associated with it. The amd64_edac module logs DIMM sizes on a per-UMC per-CS granularity during init using these two registers. Currently, the module primarily considers only the Address Mask register for computing DIMM sizes. The Secondary Address Mask register is only considered for odd CS. Additionally, if it has been considered, the Address Mask register is ignored altogether for that CS. For power-of-two DIMMs i.e. DIMMs whose total capacity is a power of two (32GB, 64GB, etc), this is not an issue since only the Address Mask register is used. For non-power-of-two DIMMs i.e., DIMMs whose total capacity is not a power of two (48GB, 96GB, etc), however, the Secondary Address Mask register is used in conjunction with the Address Mask register. However, since the module only considers either of the two registers for a CS, the size computed by the module is incorrect. The Secondary Address Mask register is not considered for even CS, and the Address Mask register is not considered for odd CS. Introduce a new helper function so that both Address Mask and Secondary Address Mask registers are considered, when valid, for computing DIMM sizes. Furthermore, also rename some variables for greater clarity. Fixes: 81f5090db843 ("EDAC/amd64: Support asymmetric dual-rank DIMMs") Closes: https://lore.kernel.org/dbec22b6-00f2-498b-b70d-ab6f8a5ec87e@natrix.lt Reported-by: Žilvinas Žaltiena <zilvinas(a)natrix.lt> Signed-off-by: Avadhut Naik <avadhut.naik(a)amd.com> Signed-off-by: Borislav Petkov (AMD) <bp(a)alien8.de> Reviewed-by: Yazen Ghannam <yazen.ghannam(a)amd.com> Tested-by: Žilvinas Žaltiena <zilvinas(a)natrix.lt> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/20250529205013.403450-1-avadhut.naik@amd.com diff --git a/drivers/edac/amd64_edac.c b/drivers/edac/amd64_edac.c index b681c0663203..07f1e9dc1ca7 100644 --- a/drivers/edac/amd64_edac.c +++ b/drivers/edac/amd64_edac.c @@ -1209,7 +1209,9 @@ static int umc_get_cs_mode(int dimm, u8 ctrl, struct amd64_pvt *pvt) if (csrow_enabled(2 * dimm + 1, ctrl, pvt)) cs_mode |= CS_ODD_PRIMARY; - /* Asymmetric dual-rank DIMM support. */ + if (csrow_sec_enabled(2 * dimm, ctrl, pvt)) + cs_mode |= CS_EVEN_SECONDARY; + if (csrow_sec_enabled(2 * dimm + 1, ctrl, pvt)) cs_mode |= CS_ODD_SECONDARY; @@ -1230,12 +1232,13 @@ static int umc_get_cs_mode(int dimm, u8 ctrl, struct amd64_pvt *pvt) return cs_mode; } -static int __addr_mask_to_cs_size(u32 addr_mask_orig, unsigned int cs_mode, - int csrow_nr, int dimm) +static int calculate_cs_size(u32 mask, unsigned int cs_mode) { - u32 msb, weight, num_zero_bits; - u32 addr_mask_deinterleaved; - int size = 0; + int msb, weight, num_zero_bits; + u32 deinterleaved_mask; + + if (!mask) + return 0; /* * The number of zero bits in the mask is equal to the number of bits @@ -1248,19 +1251,30 @@ static int __addr_mask_to_cs_size(u32 addr_mask_orig, unsigned int cs_mode, * without swapping with the most significant bit. This can be handled * by keeping the MSB where it is and ignoring the single zero bit. */ - msb = fls(addr_mask_orig) - 1; - weight = hweight_long(addr_mask_orig); + msb = fls(mask) - 1; + weight = hweight_long(mask); num_zero_bits = msb - weight - !!(cs_mode & CS_3R_INTERLEAVE); /* Take the number of zero bits off from the top of the mask. */ - addr_mask_deinterleaved = GENMASK_ULL(msb - num_zero_bits, 1); + deinterleaved_mask = GENMASK(msb - num_zero_bits, 1); + edac_dbg(1, " Deinterleaved AddrMask: 0x%x\n", deinterleaved_mask); + + return (deinterleaved_mask >> 2) + 1; +} + +static int __addr_mask_to_cs_size(u32 addr_mask, u32 addr_mask_sec, + unsigned int cs_mode, int csrow_nr, int dimm) +{ + int size; edac_dbg(1, "CS%d DIMM%d AddrMasks:\n", csrow_nr, dimm); - edac_dbg(1, " Original AddrMask: 0x%x\n", addr_mask_orig); - edac_dbg(1, " Deinterleaved AddrMask: 0x%x\n", addr_mask_deinterleaved); + edac_dbg(1, " Primary AddrMask: 0x%x\n", addr_mask); /* Register [31:1] = Address [39:9]. Size is in kBs here. */ - size = (addr_mask_deinterleaved >> 2) + 1; + size = calculate_cs_size(addr_mask, cs_mode); + + edac_dbg(1, " Secondary AddrMask: 0x%x\n", addr_mask_sec); + size += calculate_cs_size(addr_mask_sec, cs_mode); /* Return size in MBs. */ return size >> 10; @@ -1269,8 +1283,8 @@ static int __addr_mask_to_cs_size(u32 addr_mask_orig, unsigned int cs_mode, static int umc_addr_mask_to_cs_size(struct amd64_pvt *pvt, u8 umc, unsigned int cs_mode, int csrow_nr) { + u32 addr_mask = 0, addr_mask_sec = 0; int cs_mask_nr = csrow_nr; - u32 addr_mask_orig; int dimm, size = 0; /* No Chip Selects are enabled. */ @@ -1308,13 +1322,13 @@ static int umc_addr_mask_to_cs_size(struct amd64_pvt *pvt, u8 umc, if (!pvt->flags.zn_regs_v2) cs_mask_nr >>= 1; - /* Asymmetric dual-rank DIMM support. */ - if ((csrow_nr & 1) && (cs_mode & CS_ODD_SECONDARY)) - addr_mask_orig = pvt->csels[umc].csmasks_sec[cs_mask_nr]; - else - addr_mask_orig = pvt->csels[umc].csmasks[cs_mask_nr]; + if (cs_mode & (CS_EVEN_PRIMARY | CS_ODD_PRIMARY)) + addr_mask = pvt->csels[umc].csmasks[cs_mask_nr]; - return __addr_mask_to_cs_size(addr_mask_orig, cs_mode, csrow_nr, dimm); + if (cs_mode & (CS_EVEN_SECONDARY | CS_ODD_SECONDARY)) + addr_mask_sec = pvt->csels[umc].csmasks_sec[cs_mask_nr]; + + return __addr_mask_to_cs_size(addr_mask, addr_mask_sec, cs_mode, csrow_nr, dimm); } static void umc_debug_display_dimm_sizes(struct amd64_pvt *pvt, u8 ctrl) @@ -3512,9 +3526,10 @@ static void gpu_get_err_info(struct mce *m, struct err_info *err) static int gpu_addr_mask_to_cs_size(struct amd64_pvt *pvt, u8 umc, unsigned int cs_mode, int csrow_nr) { - u32 addr_mask_orig = pvt->csels[umc].csmasks[csrow_nr]; + u32 addr_mask = pvt->csels[umc].csmasks[csrow_nr]; + u32 addr_mask_sec = pvt->csels[umc].csmasks_sec[csrow_nr]; - return __addr_mask_to_cs_size(addr_mask_orig, cs_mode, csrow_nr, csrow_nr >> 1); + return __addr_mask_to_cs_size(addr_mask, addr_mask_sec, cs_mode, csrow_nr, csrow_nr >> 1); } static void gpu_debug_display_dimm_sizes(struct amd64_pvt *pvt, u8 ctrl)

4 months, 2 weeks

1
0
0 0

[PATCH v2] arm64: dts: rockchip: use cs-gpios for spi1 on ringneck

by Jakob Unterwurzacher

From: Jakob Unterwurzacher <jakob.unterwurzacher(a)cherry.de> Hardware CS has a very slow rise time of about 6us, causing transmission errors when CS does not reach high between transaction. It looks like it's not driven actively when transitioning from low to high but switched to input, so only the CPU pull-up pulls it high, slowly. Transitions from high to low are fast. On the oscilloscope, CS looks like an irregular sawtooth pattern like this: _____ ^ / | ^ /| / | /| / | / | / | / | / | ___/ |___/ |_____/ |___ With cs-gpios we have a CS rise time of about 20ns, as it should be, and CS looks rectangular. This fixes the data errors when running a flashcp loop against a m25p40 spi flash. With the Rockchip 6.1 kernel we see the same slow rise time, but for some reason CS is always high for long enough to reach a solid high. The RK3399 and RK3588 SoCs use the same SPI driver, so we also checked our "Puma" (RK3399) and "Tiger" (RK3588) boards. They do not have this problem. Hardware CS rise time is good. Fixes: c484cf93f61b ("arm64: dts: rockchip: add PX30-µQ7 (Ringneck) SoM with Haikou baseboard") Cc: stable(a)vger.kernel.org Reviewed-by: Quentin Schulz <quentin.schulz(a)cherry.de> Signed-off-by: Jakob Unterwurzacher <jakob.unterwurzacher(a)cherry.de> --- v2: * Rename spi1_csn0_gpio -> spi1_csn0_gpio_pin to make CHECK_DTBS=y happy * Add pinctrl-names = "default"; v1: https://lore.kernel.org/all/20250620113549.2900285-1-jakob.unterwurzacher@c… .../boot/dts/rockchip/px30-ringneck.dtsi | 23 +++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/arch/arm64/boot/dts/rockchip/px30-ringneck.dtsi b/arch/arm64/boot/dts/rockchip/px30-ringneck.dtsi index ab232e5c7ad6..4203b335a263 100644 --- a/arch/arm64/boot/dts/rockchip/px30-ringneck.dtsi +++ b/arch/arm64/boot/dts/rockchip/px30-ringneck.dtsi @@ -379,6 +379,18 @@ pmic_int: pmic-int { <0 RK_PA7 RK_FUNC_GPIO &pcfg_pull_up>; }; }; + + spi1 { + spi1_csn0_gpio_pin: spi1-csn0-gpio-pin { + rockchip,pins = + <3 RK_PB1 RK_FUNC_GPIO &pcfg_pull_up_4ma>; + }; + + spi1_csn1_gpio_pin: spi1-csn1-gpio-pin { + rockchip,pins = + <3 RK_PB2 RK_FUNC_GPIO &pcfg_pull_up_4ma>; + }; + }; }; &pmu_io_domains { @@ -396,6 +408,17 @@ &sdmmc { vqmmc-supply = <&vccio_sd>; }; +&spi1 { + /* + * Hardware CS has a very slow rise time of about 6us, + * causing transmission errors. + * With cs-gpios we have a rise time of about 20ns. + */ + cs-gpios = <&gpio3 RK_PB1 GPIO_ACTIVE_LOW>, <&gpio3 RK_PB2 GPIO_ACTIVE_LOW>; + pinctrl-names = "default"; + pinctrl-0 = <&spi1_clk &spi1_csn0_gpio_pin &spi1_csn1_gpio_pin &spi1_miso &spi1_mosi>; +}; + &tsadc { status = "okay"; }; -- 2.39.5

4 months, 2 weeks

2
1
0 0

[PATCH v2 10/16] ext4: fix largest free orders lists corruption on mb_optimize_scan switch

by Baokun Li

The grp->bb_largest_free_order is updated regardless of whether mb_optimize_scan is enabled. This can lead to inconsistencies between grp->bb_largest_free_order and the actual s_mb_largest_free_orders list index when mb_optimize_scan is repeatedly enabled and disabled via remount. For example, if mb_optimize_scan is initially enabled, largest free order is 3, and the group is in s_mb_largest_free_orders[3]. Then, mb_optimize_scan is disabled via remount, block allocations occur, updating largest free order to 2. Finally, mb_optimize_scan is re-enabled via remount, more block allocations update largest free order to 1. At this point, the group would be removed from s_mb_largest_free_orders[3] under the protection of s_mb_largest_free_orders_locks[2]. This lock mismatch can lead to list corruption. To fix this, a new field bb_largest_free_order_idx is added to struct ext4_group_info to explicitly track the list index. Then still update bb_largest_free_order unconditionally, but only update bb_largest_free_order_idx when mb_optimize_scan is enabled. so that there is no inconsistency between the lock and the data to be protected. Fixes: 196e402adf2e ("ext4: improve cr 0 / cr 1 group scanning") CC: stable(a)vger.kernel.org Signed-off-by: Baokun Li <libaokun1(a)huawei.com> --- fs/ext4/ext4.h | 1 + fs/ext4/mballoc.c | 35 ++++++++++++++++------------------- 2 files changed, 17 insertions(+), 19 deletions(-) diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h index 003b8d3726e8..0e574378c6a3 100644 --- a/fs/ext4/ext4.h +++ b/fs/ext4/ext4.h @@ -3476,6 +3476,7 @@ struct ext4_group_info { int bb_avg_fragment_size_order; /* order of average fragment in BG */ ext4_grpblk_t bb_largest_free_order;/* order of largest frag in BG */ + ext4_grpblk_t bb_largest_free_order_idx; /* index of largest frag */ ext4_group_t bb_group; /* Group number */ struct list_head bb_prealloc_list; #ifdef DOUBLE_CHECK diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c index e6d6c2da3c6e..dc82124f0905 100644 --- a/fs/ext4/mballoc.c +++ b/fs/ext4/mballoc.c @@ -1152,33 +1152,29 @@ static void mb_set_largest_free_order(struct super_block *sb, struct ext4_group_info *grp) { struct ext4_sb_info *sbi = EXT4_SB(sb); - int i; + int new, old = grp->bb_largest_free_order_idx; - for (i = MB_NUM_ORDERS(sb) - 1; i >= 0; i--) - if (grp->bb_counters[i] > 0) + for (new = MB_NUM_ORDERS(sb) - 1; new >= 0; new--) + if (grp->bb_counters[new] > 0) break; + + grp->bb_largest_free_order = new; /* No need to move between order lists? */ - if (!test_opt2(sb, MB_OPTIMIZE_SCAN) || - i == grp->bb_largest_free_order) { - grp->bb_largest_free_order = i; + if (!test_opt2(sb, MB_OPTIMIZE_SCAN) || new == old) return; - } - if (grp->bb_largest_free_order >= 0) { - write_lock(&sbi->s_mb_largest_free_orders_locks[ - grp->bb_largest_free_order]); + if (old >= 0) { + write_lock(&sbi->s_mb_largest_free_orders_locks[old]); list_del_init(&grp->bb_largest_free_order_node); - write_unlock(&sbi->s_mb_largest_free_orders_locks[ - grp->bb_largest_free_order]); + write_unlock(&sbi->s_mb_largest_free_orders_locks[old]); } - grp->bb_largest_free_order = i; - if (grp->bb_largest_free_order >= 0 && grp->bb_free) { - write_lock(&sbi->s_mb_largest_free_orders_locks[ - grp->bb_largest_free_order]); + + grp->bb_largest_free_order_idx = new; + if (new >= 0 && grp->bb_free) { + write_lock(&sbi->s_mb_largest_free_orders_locks[new]); list_add_tail(&grp->bb_largest_free_order_node, - &sbi->s_mb_largest_free_orders[grp->bb_largest_free_order]); - write_unlock(&sbi->s_mb_largest_free_orders_locks[ - grp->bb_largest_free_order]); + &sbi->s_mb_largest_free_orders[new]); + write_unlock(&sbi->s_mb_largest_free_orders_locks[new]); } } @@ -3391,6 +3387,7 @@ int ext4_mb_add_groupinfo(struct super_block *sb, ext4_group_t group, INIT_LIST_HEAD(&meta_group_info[i]->bb_avg_fragment_size_node); meta_group_info[i]->bb_largest_free_order = -1; /* uninit */ meta_group_info[i]->bb_avg_fragment_size_order = -1; /* uninit */ + meta_group_info[i]->bb_largest_free_order_idx = -1; /* uninit */ meta_group_info[i]->bb_group = group; mb_group_bb_bitmap_alloc(sb, meta_group_info[i], group); -- 2.46.1

4 months, 2 weeks

2
2
0 0

[PATCH 0/2] Add dma-coherent for gs101 UFS dt node

by Peter Griffin

ufs-exynos driver enables the shareability option for gs101 which means the descriptors need to be allocated as cacheable. Fix the DT node and update bindings to add the dma-coherent property. This fixes the UFS stability issues we have seen with the upstream UFS driver. Note this DT fix can go in independently of the other UFS fixes series I sent recently [1], as the bootloader already leaves the sharability bits enabled. regards, Peter [1] https://lore.kernel.org/linux-scsi/20250226220414.343659-1-peter.griffin@li… To: André Draszik <andre.draszik(a)linaro.org> To: Tudor Ambarus <tudor.ambarus(a)linaro.org> To: Rob Herring <robh(a)kernel.org> To: Krzysztof Kozlowski <krzk+dt(a)kernel.org> To: Conor Dooley <conor+dt(a)kernel.org> To: Alim Akhtar <alim.akhtar(a)samsung.com> To: Avri Altman <avri.altman(a)wdc.com> To: Bart Van Assche <bvanassche(a)acm.org> To: Martin K. Petersen <martin.petersen(a)oracle.com> Cc: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Cc: linux-arm-kernel(a)lists.infradead.org Cc: linux-samsung-soc(a)vger.kernel.org Cc: devicetree(a)vger.kernel.org Cc: linux-kernel(a)vger.kernel.org Cc: linux-scsi(a)vger.kernel.org Cc: kernel-team(a)android.com Cc: willmcvicker(a)google.com Signed-off-by: Peter Griffin <peter.griffin(a)linaro.org> --- Peter Griffin (2): arm64: dts: exynos: gs101: ufs: add dma-coherent property scsi: ufs: dt-bindings: exynos: add dma-coherent property for gs101 Documentation/devicetree/bindings/ufs/samsung,exynos-ufs.yaml | 2 ++ arch/arm64/boot/dts/exynos/google/gs101.dtsi | 1 + 2 files changed, 3 insertions(+) --- base-commit: b323d8e7bc03d27dec646bfdccb7d1a92411f189 change-id: 20250314-ufs-dma-coherent-980f2467690d Best regards, -- Peter Griffin <peter.griffin(a)linaro.org>

4 months, 2 weeks

6
13
0 0

[PATCH v2 09/16] ext4: fix zombie groups in average fragment size lists

by Baokun Li

Groups with no free blocks shouldn't be in any average fragment size list. However, when all blocks in a group are allocated(i.e., bb_fragments or bb_free is 0), we currently skip updating the average fragment size, which means the group isn't removed from its previous s_mb_avg_fragment_size[old] list. This created "zombie" groups that were always skipped during traversal as they couldn't satisfy any block allocation requests, negatively impacting traversal efficiency. Therefore, when a group becomes completely free, bb_avg_fragment_size_order is now set to -1. If the old order was not -1, a removal operation is performed; if the new order is not -1, an insertion is performed. Fixes: 196e402adf2e ("ext4: improve cr 0 / cr 1 group scanning") CC: stable(a)vger.kernel.org Signed-off-by: Baokun Li <libaokun1(a)huawei.com> --- fs/ext4/mballoc.c | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c index 94950b07a577..e6d6c2da3c6e 100644 --- a/fs/ext4/mballoc.c +++ b/fs/ext4/mballoc.c @@ -841,30 +841,30 @@ static void mb_update_avg_fragment_size(struct super_block *sb, struct ext4_group_info *grp) { struct ext4_sb_info *sbi = EXT4_SB(sb); - int new_order; + int new, old; - if (!test_opt2(sb, MB_OPTIMIZE_SCAN) || grp->bb_fragments == 0) + if (!test_opt2(sb, MB_OPTIMIZE_SCAN)) return; - new_order = mb_avg_fragment_size_order(sb, - grp->bb_free / grp->bb_fragments); - if (new_order == grp->bb_avg_fragment_size_order) + old = grp->bb_avg_fragment_size_order; + new = grp->bb_fragments == 0 ? -1 : + mb_avg_fragment_size_order(sb, grp->bb_free / grp->bb_fragments); + if (new == old) return; - if (grp->bb_avg_fragment_size_order != -1) { - write_lock(&sbi->s_mb_avg_fragment_size_locks[ - grp->bb_avg_fragment_size_order]); + if (old >= 0) { + write_lock(&sbi->s_mb_avg_fragment_size_locks[old]); list_del(&grp->bb_avg_fragment_size_node); - write_unlock(&sbi->s_mb_avg_fragment_size_locks[ - grp->bb_avg_fragment_size_order]); - } - grp->bb_avg_fragment_size_order = new_order; - write_lock(&sbi->s_mb_avg_fragment_size_locks[ - grp->bb_avg_fragment_size_order]); - list_add_tail(&grp->bb_avg_fragment_size_node, - &sbi->s_mb_avg_fragment_size[grp->bb_avg_fragment_size_order]); - write_unlock(&sbi->s_mb_avg_fragment_size_locks[ - grp->bb_avg_fragment_size_order]); + write_unlock(&sbi->s_mb_avg_fragment_size_locks[old]); + } + + grp->bb_avg_fragment_size_order = new; + if (new >= 0) { + write_lock(&sbi->s_mb_avg_fragment_size_locks[new]); + list_add_tail(&grp->bb_avg_fragment_size_node, + &sbi->s_mb_avg_fragment_size[new]); + write_unlock(&sbi->s_mb_avg_fragment_size_locks[new]); + } } /* -- 2.46.1

4 months, 2 weeks

2
2
0 0

Re: Patch "ASoC: codec: wcd9335: Convert to GPIO descriptors" has been added to the 6.15-stable tree

by Bartosz Golaszewski

On Fri, Jun 27, 2025 at 4:04 PM Sasha Levin <sashal(a)kernel.org> wrote: > > This is a note to let you know that I've just added the patch titled > > ASoC: codec: wcd9335: Convert to GPIO descriptors > > to the 6.15-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > asoc-codec-wcd9335-convert-to-gpio-descriptors.patch > and it can be found in the queue-6.15 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > > Why is this being backported to stable? It's not a fix, just refactoring and updating to a more modern API. Bart

4 months, 2 weeks

2
2
0 0

[PATCH] nvmet: fix memory leak of bio integrity

by Dmitry Bogdanov

If nvmet receives commands with metadata there is a continuous memory leak of kmalloc-128 slab or more precisely bio->bi_integrity. Since that [1] patch series the integrity is not get free at bio_end_io for submitter owned integrity. It has to free explicitly. After commit bf4c89fc8797 ("block: don't call bio_uninit from bio_endio") each user of bio_init has to use bio_uninit as well. Otherwise the bio integrity is not getting free. Nvmet uses bio_init for inline bios. Uninit the inline bio to complete deallocation of integrity in bio. [1] https://lore.kernel.org/all/20240702151047.1746127-1-hch@lst.de/ Cc: stable(a)vger.kernel.org # 6.11 Signed-off-by: Dmitry Bogdanov <d.bogdanov(a)yadro.com> --- drivers/nvme/target/nvmet.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/nvme/target/nvmet.h b/drivers/nvme/target/nvmet.h index df69a9dee71c..51df72f5e89b 100644 --- a/drivers/nvme/target/nvmet.h +++ b/drivers/nvme/target/nvmet.h @@ -867,6 +867,8 @@ static inline void nvmet_req_bio_put(struct nvmet_req *req, struct bio *bio) { if (bio != &req->b.inline_bio) bio_put(bio); + else + bio_uninit(bio); } #ifdef CONFIG_NVME_TARGET_TCP_TLS -- 2.25.1

4 months, 2 weeks

2
1
0 0

[PATCH v3] lib/alloc_tag: do not acquire non-existent lock in alloc_tag_top_users()

by Harry Yoo

alloc_tag_top_users() attempts to lock alloc_tag_cttype->mod_lock even when the alloc_tag_cttype is not allocated because: 1) alloc tagging is disabled because mem profiling is disabled (!alloc_tag_cttype) 2) alloc tagging is enabled, but not yet initialized (!alloc_tag_cttype) 3) alloc tagging is enabled, but failed initialization (!alloc_tag_cttype or IS_ERR(alloc_tag_cttype)) In all cases, alloc_tag_cttype is not allocated, and therefore alloc_tag_top_users() should not attempt to acquire the semaphore. This leads to a crash on memory allocation failure by attempting to acquire a non-existent semaphore: Oops: general protection fault, probably for non-canonical address 0xdffffc000000001b: 0000 [#3] SMP KASAN NOPTI KASAN: null-ptr-deref in range [0x00000000000000d8-0x00000000000000df] CPU: 2 UID: 0 PID: 1 Comm: systemd Tainted: G D 6.16.0-rc2 #1 VOLUNTARY Tainted: [D]=DIE Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014 RIP: 0010:down_read_trylock+0xaa/0x3b0 Code: d0 7c 08 84 d2 0f 85 a0 02 00 00 8b 0d df 31 dd 04 85 c9 75 29 48 b8 00 00 00 00 00 fc ff df 48 8d 6b 68 48 89 ea 48 c1 ea 03 <80> 3c 02 00 0f 85 88 02 00 00 48 3b 5b 68 0f 85 53 01 00 00 65 ff RSP: 0000:ffff8881002ce9b8 EFLAGS: 00010016 RAX: dffffc0000000000 RBX: 0000000000000070 RCX: 0000000000000000 RDX: 000000000000001b RSI: 000000000000000a RDI: 0000000000000070 RBP: 00000000000000d8 R08: 0000000000000001 R09: ffffed107dde49d1 R10: ffff8883eef24e8b R11: ffff8881002cec20 R12: 1ffff11020059d37 R13: 00000000003fff7b R14: ffff8881002cec20 R15: dffffc0000000000 FS: 00007f963f21d940(0000) GS:ffff888458ca6000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f963f5edf71 CR3: 000000010672c000 CR4: 0000000000350ef0 Call Trace: <TASK> codetag_trylock_module_list+0xd/0x20 alloc_tag_top_users+0x369/0x4b0 __show_mem+0x1cd/0x6e0 warn_alloc+0x2b1/0x390 __alloc_frozen_pages_noprof+0x12b9/0x21a0 alloc_pages_mpol+0x135/0x3e0 alloc_slab_page+0x82/0xe0 new_slab+0x212/0x240 ___slab_alloc+0x82a/0xe00 </TASK> As David Wang points out, this issue became easier to trigger after commit 780138b12381 ("alloc_tag: check mem_profiling_support in alloc_tag_init"). Before the commit, the issue occurred only when it failed to allocate and initialize alloc_tag_cttype or if a memory allocation fails before alloc_tag_init() is called. After the commit, it can be easily triggered when memory profiling is compiled but disabled at boot. To properly determine whether alloc_tag_init() has been called and its data structures initialized, verify that alloc_tag_cttype is a valid pointer before acquiring the semaphore. If the variable is NULL or an error value, it has not been properly initialized. In such a case, just skip and do not attempt to acquire the semaphore. Reported-by: kernel test robot <oliver.sang(a)intel.com> Closes: https://lore.kernel.org/oe-lkp/202506181351.bba867dd-lkp@intel.com Closes: https://lore.kernel.org/oe-lkp/202506131711.5b41931c-lkp@intel.com Fixes: 780138b12381 ("alloc_tag: check mem_profiling_support in alloc_tag_init") Fixes: 1438d349d16b ("lib: add memory allocations report in show_mem()") Cc: stable(a)vger.kernel.org Signed-off-by: Harry Yoo <harry.yoo(a)oracle.com> --- @Suren: I did not add another pr_warn() because every error path in alloc_tag_init() already has pr_err(). v2 -> v3: - Added another Closes: tag (David) - Moved the condition into a standalone if block for better readability (Suren) - Typo fix (Suren) lib/alloc_tag.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lib/alloc_tag.c b/lib/alloc_tag.c index 41ccfb035b7b..e9b33848700a 100644 --- a/lib/alloc_tag.c +++ b/lib/alloc_tag.c @@ -127,6 +127,9 @@ size_t alloc_tag_top_users(struct codetag_bytes *tags, size_t count, bool can_sl struct codetag_bytes n; unsigned int i, nr = 0; + if (IS_ERR_OR_NULL(alloc_tag_cttype)) + return 0; + if (can_sleep) codetag_lock_module_list(alloc_tag_cttype, true); else if (!codetag_trylock_module_list(alloc_tag_cttype)) -- 2.43.0

4 months, 2 weeks

4
21
0 0

[PATCH v3 1/7] mm/shmem, swap: improve cached mTHP handling and fix potential hung

by Kairui Song

From: Kairui Song <kasong(a)tencent.com> The current swap-in code assumes that, when a swap entry in shmem mapping is order 0, its cached folios (if present) must be order 0 too, which turns out not always correct. The problem is shmem_split_large_entry is called before verifying the folio will eventually be swapped in, one possible race is: CPU1 CPU2 shmem_swapin_folio /* swap in of order > 0 swap entry S1 */ folio = swap_cache_get_folio /* folio = NULL */ order = xa_get_order /* order > 0 */ folio = shmem_swap_alloc_folio /* mTHP alloc failure, folio = NULL */ <... Interrupted ...> shmem_swapin_folio /* S1 is swapped in */ shmem_writeout /* S1 is swapped out, folio cached */ shmem_split_large_entry(..., S1) /* S1 is split, but the folio covering it has order > 0 now */ Now any following swapin of S1 will hang: `xa_get_order` returns 0, and folio lookup will return a folio with order > 0. The `xa_get_order(&mapping->i_pages, index) != folio_order(folio)` will always return false causing swap-in to return -EEXIST. And this looks fragile. So fix this up by allowing seeing a larger folio in swap cache, and check the whole shmem mapping range covered by the swapin have the right swap value upon inserting the folio. And drop the redundant tree walks before the insertion. This will actually improve performance, as it avoids two redundant Xarray tree walks in the hot path, and the only side effect is that in the failure path, shmem may redundantly reallocate a few folios causing temporary slight memory pressure. And worth noting, it may seems the order and value check before inserting might help reducing the lock contention, which is not true. The swap cache layer ensures raced swapin will either see a swap cache folio or failed to do a swapin (we have SWAP_HAS_CACHE bit even if swap cache is bypassed), so holding the folio lock and checking the folio flag is already good enough for avoiding the lock contention. The chance that a folio passes the swap entry value check but the shmem mapping slot has changed should be very low. Fixes: 809bc86517cc ("mm: shmem: support large folio swap out") Signed-off-by: Kairui Song <kasong(a)tencent.com> Reviewed-by: Kemeng Shi <shikemeng(a)huaweicloud.com> Cc: <stable(a)vger.kernel.org> --- mm/shmem.c | 30 +++++++++++++++++++++--------- 1 file changed, 21 insertions(+), 9 deletions(-) diff --git a/mm/shmem.c b/mm/shmem.c index 334b7b4a61a0..e3c9a1365ff4 100644 --- a/mm/shmem.c +++ b/mm/shmem.c @@ -884,7 +884,9 @@ static int shmem_add_to_page_cache(struct folio *folio, pgoff_t index, void *expected, gfp_t gfp) { XA_STATE_ORDER(xas, &mapping->i_pages, index, folio_order(folio)); - long nr = folio_nr_pages(folio); + unsigned long nr = folio_nr_pages(folio); + swp_entry_t iter, swap; + void *entry; VM_BUG_ON_FOLIO(index != round_down(index, nr), folio); VM_BUG_ON_FOLIO(!folio_test_locked(folio), folio); @@ -896,14 +898,24 @@ static int shmem_add_to_page_cache(struct folio *folio, gfp &= GFP_RECLAIM_MASK; folio_throttle_swaprate(folio, gfp); + swap = iter = radix_to_swp_entry(expected); do { xas_lock_irq(&xas); - if (expected != xas_find_conflict(&xas)) { - xas_set_err(&xas, -EEXIST); - goto unlock; + xas_for_each_conflict(&xas, entry) { + /* + * The range must either be empty, or filled with + * expected swap entries. Shmem swap entries are never + * partially freed without split of both entry and + * folio, so there shouldn't be any holes. + */ + if (!expected || entry != swp_to_radix_entry(iter)) { + xas_set_err(&xas, -EEXIST); + goto unlock; + } + iter.val += 1 << xas_get_order(&xas); } - if (expected && xas_find_conflict(&xas)) { + if (expected && iter.val - nr != swap.val) { xas_set_err(&xas, -EEXIST); goto unlock; } @@ -2323,7 +2335,7 @@ static int shmem_swapin_folio(struct inode *inode, pgoff_t index, error = -ENOMEM; goto failed; } - } else if (order != folio_order(folio)) { + } else if (order > folio_order(folio)) { /* * Swap readahead may swap in order 0 folios into swapcache * asynchronously, while the shmem mapping can still stores @@ -2348,15 +2360,15 @@ static int shmem_swapin_folio(struct inode *inode, pgoff_t index, swap = swp_entry(swp_type(swap), swp_offset(swap) + offset); } + } else if (order < folio_order(folio)) { + swap.val = round_down(swap.val, 1 << folio_order(folio)); } alloced: /* We have to do this with folio locked to prevent races */ folio_lock(folio); if ((!skip_swapcache && !folio_test_swapcache(folio)) || - folio->swap.val != swap.val || - !shmem_confirm_swap(mapping, index, swap) || - xa_get_order(&mapping->i_pages, index) != folio_order(folio)) { + folio->swap.val != swap.val) { error = -EEXIST; goto unlock; } -- 2.50.0

4 months, 2 weeks

2
1
0 0

+ mm-damon-core-handle-damon_call_control-as-normal-under-kdmond-deactivation.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/damon/core: handle damon_call_control as normal under kdmond deactivation has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-damon-core-handle-damon_call_control-as-normal-under-kdmond-deactivation.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: SeongJae Park <sj(a)kernel.org> Subject: mm/damon/core: handle damon_call_control as normal under kdmond deactivation Date: Sun, 29 Jun 2025 13:49:14 -0700 DAMON sysfs interface internally uses damon_call() to update DAMON parameters as users requested, online. However, DAMON core cancels any damon_call() requests when it is deactivated by DAMOS watermarks. As a result, users cannot change DAMON parameters online while DAMON is deactivated. Note that users can turn DAMON off and on with different watermarks to work around. Since deactivated DAMON is nearly same to stopped DAMON, the work around should have no big problem. Anyway, a bug is a bug. There is no real good reason to cancel the damon_call() request under DAMOS deactivation. Fix it by simply handling the request as normal, rather than cancelling under the situation. Link: https://lkml.kernel.org/r/20250629204914.54114-1-sj@kernel.org Fixes: 42b7491af14c ("mm/damon/core: introduce damon_call()") Signed-off-by: SeongJae Park <sj(a)kernel.org> Cc: <stable(a)vger.kernel.org> [6.14+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/damon/core.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) --- a/mm/damon/core.c~mm-damon-core-handle-damon_call_control-as-normal-under-kdmond-deactivation +++ a/mm/damon/core.c @@ -2355,9 +2355,8 @@ static void kdamond_usleep(unsigned long * * If there is a &struct damon_call_control request that registered via * &damon_call() on @ctx, do or cancel the invocation of the function depending - * on @cancel. @cancel is set when the kdamond is deactivated by DAMOS - * watermarks, or the kdamond is already out of the main loop and therefore - * will be terminated. + * on @cancel. @cancel is set when the kdamond is already out of the main loop + * and therefore will be terminated. */ static void kdamond_call(struct damon_ctx *ctx, bool cancel) { @@ -2405,7 +2404,7 @@ static int kdamond_wait_activation(struc if (ctx->callback.after_wmarks_check && ctx->callback.after_wmarks_check(ctx)) break; - kdamond_call(ctx, true); + kdamond_call(ctx, false); damos_walk_cancel(ctx); } return -EBUSY; _ Patches currently in -mm which might be from sj(a)kernel.org are mm-damon-core-handle-damon_call_control-as-normal-under-kdmond-deactivation.patch mm-damon-introduce-damon_stat-module.patch mm-damon-introduce-damon_stat-module-fix.patch mm-damon-stat-calculate-and-expose-estimated-memory-bandwidth.patch mm-damon-stat-calculate-and-expose-idle-time-percentiles.patch docs-admin-guide-mm-damon-add-damon_stat-usage-document.patch mm-damon-paddr-use-alloc_migartion_target-with-no-migration-fallback-nodemask.patch revert-mm-rename-alloc_demote_folio-to-alloc_migrate_folio.patch revert-mm-make-alloc_demote_folio-externally-invokable-for-migration.patch selftets-damon-add-a-test-for-memcg_path-leak.patch mm-damon-sysfs-schemes-decouple-from-damos_quota_goal_metric.patch mm-damon-sysfs-schemes-decouple-from-damos_action.patch mm-damon-sysfs-schemes-decouple-from-damos_wmark_metric.patch mm-damon-sysfs-schemes-decouple-from-damos_filter_type.patch mm-damon-sysfs-decouple-from-damon_ops_id.patch

4 months, 2 weeks

1
0
0 0

[PATCH] mm/damon/core: handle damon_call_control as normal under kdmond deactivation

by SeongJae Park

DAMON sysfs interface internally uses damon_call() to update DAMON parameters as users requested, online. However, DAMON core cancels any damon_call() requests when it is deactivated by DAMOS watermarks. As a result, users cannot change DAMON parameters online while DAMON is deactivated. Note that users can turn DAMON off and on with different watermarks to work around. Since deactivated DAMON is nearly same to stopped DAMON, the work around should have no big problem. Anyway, a bug is a bug. There is no real good reason to cancel the damon_call() request under DAMOS deactivation. Fix it by simply handling the request as normal, rather than cancelling under the situation. Fixes: 42b7491af14c ("mm/damon/core: introduce damon_call()") Cc: stable(a)vger.kernel.org # 6.14.x Signed-off-by: SeongJae Park <sj(a)kernel.org> --- mm/damon/core.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/mm/damon/core.c b/mm/damon/core.c index b217e0120e09..bc2e58c1222d 100644 --- a/mm/damon/core.c +++ b/mm/damon/core.c @@ -2355,9 +2355,8 @@ static void kdamond_usleep(unsigned long usecs) * * If there is a &struct damon_call_control request that registered via * &damon_call() on @ctx, do or cancel the invocation of the function depending - * on @cancel. @cancel is set when the kdamond is deactivated by DAMOS - * watermarks, or the kdamond is already out of the main loop and therefore - * will be terminated. + * on @cancel. @cancel is set when the kdamond is already out of the main loop + * and therefore will be terminated. */ static void kdamond_call(struct damon_ctx *ctx, bool cancel) { @@ -2405,7 +2404,7 @@ static int kdamond_wait_activation(struct damon_ctx *ctx) if (ctx->callback.after_wmarks_check && ctx->callback.after_wmarks_check(ctx)) break; - kdamond_call(ctx, true); + kdamond_call(ctx, false); damos_walk_cancel(ctx); } return -EBUSY; base-commit: 8f6082b6e60e05f9bcd5c39b19ede995a8975283 -- 2.39.5

4 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] io_uring/kbuf: flag partial buffer mappings" failed to apply to 6.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.15.y git checkout FETCH_HEAD git cherry-pick -x 178b8ff66ff827c41b4fa105e9aabb99a0b5c537 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062920-conch-hypnotist-d63d@gregkh' --subject-prefix 'PATCH 6.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 178b8ff66ff827c41b4fa105e9aabb99a0b5c537 Mon Sep 17 00:00:00 2001 From: Jens Axboe <axboe(a)kernel.dk> Date: Thu, 26 Jun 2025 12:17:48 -0600 Subject: [PATCH] io_uring/kbuf: flag partial buffer mappings A previous commit aborted mapping more for a non-incremental ring for bundle peeking, but depending on where in the process this peeking happened, it would not necessarily prevent a retry by the user. That can create gaps in the received/read data. Add struct buf_sel_arg->partial_map, which can pass this information back. The networking side can then map that to internal state and use it to gate retry as well. Since this necessitates a new flag, change io_sr_msg->retry to a retry_flags member, and store both the retry and partial map condition in there. Cc: stable(a)vger.kernel.org Fixes: 26ec15e4b0c1 ("io_uring/kbuf: don't truncate end buffer for multiple buffer peeks") Signed-off-by: Jens Axboe <axboe(a)kernel.dk> diff --git a/io_uring/kbuf.c b/io_uring/kbuf.c index ce95e3af44a9..f2d2cc319faa 100644 --- a/io_uring/kbuf.c +++ b/io_uring/kbuf.c @@ -271,6 +271,7 @@ static int io_ring_buffers_peek(struct io_kiocb *req, struct buf_sel_arg *arg, if (len > arg->max_len) { len = arg->max_len; if (!(bl->flags & IOBL_INC)) { + arg->partial_map = 1; if (iov != arg->iovs) break; buf->len = len; diff --git a/io_uring/kbuf.h b/io_uring/kbuf.h index 5d83c7adc739..723d0361898e 100644 --- a/io_uring/kbuf.h +++ b/io_uring/kbuf.h @@ -58,7 +58,8 @@ struct buf_sel_arg { size_t max_len; unsigned short nr_iovs; unsigned short mode; - unsigned buf_group; + unsigned short buf_group; + unsigned short partial_map; }; void __user *io_buffer_select(struct io_kiocb *req, size_t *len, diff --git a/io_uring/net.c b/io_uring/net.c index 5c1e8c4ba468..43a43522f406 100644 --- a/io_uring/net.c +++ b/io_uring/net.c @@ -75,12 +75,17 @@ struct io_sr_msg { u16 flags; /* initialised and used only by !msg send variants */ u16 buf_group; - bool retry; + unsigned short retry_flags; void __user *msg_control; /* used only for send zerocopy */ struct io_kiocb *notif; }; +enum sr_retry_flags { + IO_SR_MSG_RETRY = 1, + IO_SR_MSG_PARTIAL_MAP = 2, +}; + /* * Number of times we'll try and do receives if there's more data. If we * exceed this limit, then add us to the back of the queue and retry from @@ -187,7 +192,7 @@ static inline void io_mshot_prep_retry(struct io_kiocb *req, req->flags &= ~REQ_F_BL_EMPTY; sr->done_io = 0; - sr->retry = false; + sr->retry_flags = 0; sr->len = 0; /* get from the provided buffer */ } @@ -397,7 +402,7 @@ int io_sendmsg_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe) struct io_sr_msg *sr = io_kiocb_to_cmd(req, struct io_sr_msg); sr->done_io = 0; - sr->retry = false; + sr->retry_flags = 0; sr->len = READ_ONCE(sqe->len); sr->flags = READ_ONCE(sqe->ioprio); if (sr->flags & ~SENDMSG_FLAGS) @@ -751,7 +756,7 @@ int io_recvmsg_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe) struct io_sr_msg *sr = io_kiocb_to_cmd(req, struct io_sr_msg); sr->done_io = 0; - sr->retry = false; + sr->retry_flags = 0; if (unlikely(sqe->file_index || sqe->addr2)) return -EINVAL; @@ -823,7 +828,7 @@ static inline bool io_recv_finish(struct io_kiocb *req, int *ret, cflags |= io_put_kbufs(req, this_ret, io_bundle_nbufs(kmsg, this_ret), issue_flags); - if (sr->retry) + if (sr->retry_flags & IO_SR_MSG_RETRY) cflags = req->cqe.flags | (cflags & CQE_F_MASK); /* bundle with no more immediate buffers, we're done */ if (req->flags & REQ_F_BL_EMPTY) @@ -832,12 +837,12 @@ static inline bool io_recv_finish(struct io_kiocb *req, int *ret, * If more is available AND it was a full transfer, retry and * append to this one */ - if (!sr->retry && kmsg->msg.msg_inq > 1 && this_ret > 0 && + if (!sr->retry_flags && kmsg->msg.msg_inq > 1 && this_ret > 0 && !iov_iter_count(&kmsg->msg.msg_iter)) { req->cqe.flags = cflags & ~CQE_F_MASK; sr->len = kmsg->msg.msg_inq; sr->done_io += this_ret; - sr->retry = true; + sr->retry_flags |= IO_SR_MSG_RETRY; return false; } } else { @@ -1082,6 +1087,8 @@ static int io_recv_buf_select(struct io_kiocb *req, struct io_async_msghdr *kmsg kmsg->vec.iovec = arg.iovs; req->flags |= REQ_F_NEED_CLEANUP; } + if (arg.partial_map) + sr->retry_flags |= IO_SR_MSG_PARTIAL_MAP; /* special case 1 vec, can be a fast path */ if (ret == 1) { @@ -1276,7 +1283,7 @@ int io_send_zc_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe) int ret; zc->done_io = 0; - zc->retry = false; + zc->retry_flags = 0; if (unlikely(READ_ONCE(sqe->__pad2[0]) || READ_ONCE(sqe->addr3))) return -EINVAL;

4 months, 2 weeks

2
1
0 0

Re: arch/x86/Makefile REALMODE_CFLAGS needs -std=gnu11 with recent GCC versions

by Borislav Petkov

+ stable folks. On Sun, Jun 29, 2025 at 11:15:13AM -0400, Dennis Clarke wrote: > > Code fix for due to https://bugzilla.kernel.org/show_bug.cgi?id=220294 > > The summary is that recent GCC versions ( 15.1.0 today ) will assume C23 > spec compliance and get upset with ye old A20 address line code bits. > > This problem exists previous to the 6.12.35 release tarballs and is > fixed with commit b3bee1e7c3f2b1b77182302c7b2131c804175870 applied. > > The newer GCC revisions will be quite popular soon enough and this may > bite people when that happens. I don't know what the rules are for building 6.1-stable with gcc-15 but if they do that, then 6.1 will need to pick up the abovementioned commit: b3bee1e7c3f2 ("x86/boot: Compile boot code with -std=gnu11 too") Thx. -- Regards/Gruss, Boris. https://people.kernel.org/tglx/notes-about-netiquette

4 months, 2 weeks

1
0
0 0

Re: Patch "smb: client: make use of common smbdirect_socket_parameters" has been added to the 6.12-stable tree

by Stefan Metzmacher

Hi, if these patches are backported to stable then 1944f6ab4967db7ad8d4db527dceae8c77de76e9 "smb: client: let smbd_post_send_iter() respect the peers max_send_size and transmit all data" can also be backported as is. I just added the "Cc: <stable+noautosel(a)kernel.org> # sp->max_send_size should be info->max_send_size in backports" because I thought they would not be backported. I'm fine with backporting the header changes... @Steve: Do you agree? Thanks! metze Am 29.06.25 um 16:28 schrieb Sasha Levin: > This is a note to let you know that I've just added the patch titled > > smb: client: make use of common smbdirect_socket_parameters > > to the 6.12-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > smb-client-make-use-of-common-smbdirect_socket_param.patch > and it can be found in the queue-6.12 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > > > > commit a1fa1698297356797d7a0379b7e056744fd133ac > Author: Stefan Metzmacher <metze(a)samba.org> > Date: Wed May 28 18:01:40 2025 +0200 > > smb: client: make use of common smbdirect_socket_parameters > > [ Upstream commit cc55f65dd352bdb7bdf8db1c36fb348c294c3b66 ] > > Cc: Steve French <smfrench(a)gmail.com> > Cc: Tom Talpey <tom(a)talpey.com> > Cc: Long Li <longli(a)microsoft.com> > Cc: Namjae Jeon <linkinjeon(a)kernel.org> > Cc: Hyunchul Lee <hyc.lee(a)gmail.com> > Cc: Meetakshi Setiya <meetakshisetiyaoss(a)gmail.com> > Cc: linux-cifs(a)vger.kernel.org > Cc: samba-technical(a)lists.samba.org > Signed-off-by: Stefan Metzmacher <metze(a)samba.org> > Signed-off-by: Steve French <stfrench(a)microsoft.com> > Stable-dep-of: 43e7e284fc77 ("cifs: Fix the smbd_response slab to allow usercopy") > Signed-off-by: Sasha Levin <sashal(a)kernel.org> > > diff --git a/fs/smb/client/cifs_debug.c b/fs/smb/client/cifs_debug.c > index 56b0b5c82dd19..c0196be0e65fc 100644 > --- a/fs/smb/client/cifs_debug.c > +++ b/fs/smb/client/cifs_debug.c > @@ -362,6 +362,10 @@ static int cifs_debug_data_proc_show(struct seq_file *m, void *v) > c = 0; > spin_lock(&cifs_tcp_ses_lock); > list_for_each_entry(server, &cifs_tcp_ses_list, tcp_ses_list) { > +#ifdef CONFIG_CIFS_SMB_DIRECT > + struct smbdirect_socket_parameters *sp; > +#endif > + > /* channel info will be printed as a part of sessions below */ > if (SERVER_IS_CHAN(server)) > continue; > @@ -383,6 +387,7 @@ static int cifs_debug_data_proc_show(struct seq_file *m, void *v) > seq_printf(m, "\nSMBDirect transport not available"); > goto skip_rdma; > } > + sp = &server->smbd_conn->socket.parameters; > > seq_printf(m, "\nSMBDirect (in hex) protocol version: %x " > "transport status: %x", > @@ -390,18 +395,18 @@ static int cifs_debug_data_proc_show(struct seq_file *m, void *v) > server->smbd_conn->socket.status); > seq_printf(m, "\nConn receive_credit_max: %x " > "send_credit_target: %x max_send_size: %x", > - server->smbd_conn->receive_credit_max, > - server->smbd_conn->send_credit_target, > - server->smbd_conn->max_send_size); > + sp->recv_credit_max, > + sp->send_credit_target, > + sp->max_send_size); > seq_printf(m, "\nConn max_fragmented_recv_size: %x " > "max_fragmented_send_size: %x max_receive_size:%x", > - server->smbd_conn->max_fragmented_recv_size, > - server->smbd_conn->max_fragmented_send_size, > - server->smbd_conn->max_receive_size); > + sp->max_fragmented_recv_size, > + sp->max_fragmented_send_size, > + sp->max_recv_size); > seq_printf(m, "\nConn keep_alive_interval: %x " > "max_readwrite_size: %x rdma_readwrite_threshold: %x", > - server->smbd_conn->keep_alive_interval, > - server->smbd_conn->max_readwrite_size, > + sp->keepalive_interval_msec * 1000, > + sp->max_read_write_size, > server->smbd_conn->rdma_readwrite_threshold); > seq_printf(m, "\nDebug count_get_receive_buffer: %x " > "count_put_receive_buffer: %x count_send_empty: %x", > diff --git a/fs/smb/client/smb2ops.c b/fs/smb/client/smb2ops.c > index 74bcc51ccd32f..e596bc4837b68 100644 > --- a/fs/smb/client/smb2ops.c > +++ b/fs/smb/client/smb2ops.c > @@ -504,6 +504,9 @@ smb3_negotiate_wsize(struct cifs_tcon *tcon, struct smb3_fs_context *ctx) > wsize = min_t(unsigned int, wsize, server->max_write); > #ifdef CONFIG_CIFS_SMB_DIRECT > if (server->rdma) { > + struct smbdirect_socket_parameters *sp = > + &server->smbd_conn->socket.parameters; > + > if (server->sign) > /* > * Account for SMB2 data transfer packet header and > @@ -511,12 +514,12 @@ smb3_negotiate_wsize(struct cifs_tcon *tcon, struct smb3_fs_context *ctx) > */ > wsize = min_t(unsigned int, > wsize, > - server->smbd_conn->max_fragmented_send_size - > + sp->max_fragmented_send_size - > SMB2_READWRITE_PDU_HEADER_SIZE - > sizeof(struct smb2_transform_hdr)); > else > wsize = min_t(unsigned int, > - wsize, server->smbd_conn->max_readwrite_size); > + wsize, sp->max_read_write_size); > } > #endif > if (!(server->capabilities & SMB2_GLOBAL_CAP_LARGE_MTU)) > @@ -552,6 +555,9 @@ smb3_negotiate_rsize(struct cifs_tcon *tcon, struct smb3_fs_context *ctx) > rsize = min_t(unsigned int, rsize, server->max_read); > #ifdef CONFIG_CIFS_SMB_DIRECT > if (server->rdma) { > + struct smbdirect_socket_parameters *sp = > + &server->smbd_conn->socket.parameters; > + > if (server->sign) > /* > * Account for SMB2 data transfer packet header and > @@ -559,12 +565,12 @@ smb3_negotiate_rsize(struct cifs_tcon *tcon, struct smb3_fs_context *ctx) > */ > rsize = min_t(unsigned int, > rsize, > - server->smbd_conn->max_fragmented_recv_size - > + sp->max_fragmented_recv_size - > SMB2_READWRITE_PDU_HEADER_SIZE - > sizeof(struct smb2_transform_hdr)); > else > rsize = min_t(unsigned int, > - rsize, server->smbd_conn->max_readwrite_size); > + rsize, sp->max_read_write_size); > } > #endif > > diff --git a/fs/smb/client/smbdirect.c b/fs/smb/client/smbdirect.c > index ac489df8151a1..cbc85bca006f7 100644 > --- a/fs/smb/client/smbdirect.c > +++ b/fs/smb/client/smbdirect.c > @@ -320,6 +320,8 @@ static bool process_negotiation_response( > struct smbd_response *response, int packet_length) > { > struct smbd_connection *info = response->info; > + struct smbdirect_socket *sc = &info->socket; > + struct smbdirect_socket_parameters *sp = &sc->parameters; > struct smbdirect_negotiate_resp *packet = smbd_response_payload(response); > > if (packet_length < sizeof(struct smbdirect_negotiate_resp)) { > @@ -349,20 +351,20 @@ static bool process_negotiation_response( > > atomic_set(&info->receive_credits, 0); > > - if (le32_to_cpu(packet->preferred_send_size) > info->max_receive_size) { > + if (le32_to_cpu(packet->preferred_send_size) > sp->max_recv_size) { > log_rdma_event(ERR, "error: preferred_send_size=%d\n", > le32_to_cpu(packet->preferred_send_size)); > return false; > } > - info->max_receive_size = le32_to_cpu(packet->preferred_send_size); > + sp->max_recv_size = le32_to_cpu(packet->preferred_send_size); > > if (le32_to_cpu(packet->max_receive_size) < SMBD_MIN_RECEIVE_SIZE) { > log_rdma_event(ERR, "error: max_receive_size=%d\n", > le32_to_cpu(packet->max_receive_size)); > return false; > } > - info->max_send_size = min_t(int, info->max_send_size, > - le32_to_cpu(packet->max_receive_size)); > + sp->max_send_size = min_t(u32, sp->max_send_size, > + le32_to_cpu(packet->max_receive_size)); > > if (le32_to_cpu(packet->max_fragmented_size) < > SMBD_MIN_FRAGMENTED_SIZE) { > @@ -370,18 +372,18 @@ static bool process_negotiation_response( > le32_to_cpu(packet->max_fragmented_size)); > return false; > } > - info->max_fragmented_send_size = > + sp->max_fragmented_send_size = > le32_to_cpu(packet->max_fragmented_size); > info->rdma_readwrite_threshold = > - rdma_readwrite_threshold > info->max_fragmented_send_size ? > - info->max_fragmented_send_size : > + rdma_readwrite_threshold > sp->max_fragmented_send_size ? > + sp->max_fragmented_send_size : > rdma_readwrite_threshold; > > > - info->max_readwrite_size = min_t(u32, > + sp->max_read_write_size = min_t(u32, > le32_to_cpu(packet->max_readwrite_size), > info->max_frmr_depth * PAGE_SIZE); > - info->max_frmr_depth = info->max_readwrite_size / PAGE_SIZE; > + info->max_frmr_depth = sp->max_read_write_size / PAGE_SIZE; > > return true; > } > @@ -689,6 +691,7 @@ static int smbd_ia_open( > static int smbd_post_send_negotiate_req(struct smbd_connection *info) > { > struct smbdirect_socket *sc = &info->socket; > + struct smbdirect_socket_parameters *sp = &sc->parameters; > struct ib_send_wr send_wr; > int rc = -ENOMEM; > struct smbd_request *request; > @@ -704,11 +707,11 @@ static int smbd_post_send_negotiate_req(struct smbd_connection *info) > packet->min_version = cpu_to_le16(SMBDIRECT_V1); > packet->max_version = cpu_to_le16(SMBDIRECT_V1); > packet->reserved = 0; > - packet->credits_requested = cpu_to_le16(info->send_credit_target); > - packet->preferred_send_size = cpu_to_le32(info->max_send_size); > - packet->max_receive_size = cpu_to_le32(info->max_receive_size); > + packet->credits_requested = cpu_to_le16(sp->send_credit_target); > + packet->preferred_send_size = cpu_to_le32(sp->max_send_size); > + packet->max_receive_size = cpu_to_le32(sp->max_recv_size); > packet->max_fragmented_size = > - cpu_to_le32(info->max_fragmented_recv_size); > + cpu_to_le32(sp->max_fragmented_recv_size); > > request->num_sge = 1; > request->sge[0].addr = ib_dma_map_single( > @@ -800,6 +803,7 @@ static int smbd_post_send(struct smbd_connection *info, > struct smbd_request *request) > { > struct smbdirect_socket *sc = &info->socket; > + struct smbdirect_socket_parameters *sp = &sc->parameters; > struct ib_send_wr send_wr; > int rc, i; > > @@ -831,7 +835,7 @@ static int smbd_post_send(struct smbd_connection *info, > } else > /* Reset timer for idle connection after packet is sent */ > mod_delayed_work(info->workqueue, &info->idle_timer_work, > - info->keep_alive_interval*HZ); > + msecs_to_jiffies(sp->keepalive_interval_msec)); > > return rc; > } > @@ -841,6 +845,7 @@ static int smbd_post_send_iter(struct smbd_connection *info, > int *_remaining_data_length) > { > struct smbdirect_socket *sc = &info->socket; > + struct smbdirect_socket_parameters *sp = &sc->parameters; > int i, rc; > int header_length; > int data_length; > @@ -868,7 +873,7 @@ static int smbd_post_send_iter(struct smbd_connection *info, > > wait_send_queue: > wait_event(info->wait_post_send, > - atomic_read(&info->send_pending) < info->send_credit_target || > + atomic_read(&info->send_pending) < sp->send_credit_target || > sc->status != SMBDIRECT_SOCKET_CONNECTED); > > if (sc->status != SMBDIRECT_SOCKET_CONNECTED) { > @@ -878,7 +883,7 @@ static int smbd_post_send_iter(struct smbd_connection *info, > } > > if (unlikely(atomic_inc_return(&info->send_pending) > > - info->send_credit_target)) { > + sp->send_credit_target)) { > atomic_dec(&info->send_pending); > goto wait_send_queue; > } > @@ -917,7 +922,7 @@ static int smbd_post_send_iter(struct smbd_connection *info, > > /* Fill in the packet header */ > packet = smbd_request_payload(request); > - packet->credits_requested = cpu_to_le16(info->send_credit_target); > + packet->credits_requested = cpu_to_le16(sp->send_credit_target); > > new_credits = manage_credits_prior_sending(info); > atomic_add(new_credits, &info->receive_credits); > @@ -1017,16 +1022,17 @@ static int smbd_post_recv( > struct smbd_connection *info, struct smbd_response *response) > { > struct smbdirect_socket *sc = &info->socket; > + struct smbdirect_socket_parameters *sp = &sc->parameters; > struct ib_recv_wr recv_wr; > int rc = -EIO; > > response->sge.addr = ib_dma_map_single( > sc->ib.dev, response->packet, > - info->max_receive_size, DMA_FROM_DEVICE); > + sp->max_recv_size, DMA_FROM_DEVICE); > if (ib_dma_mapping_error(sc->ib.dev, response->sge.addr)) > return rc; > > - response->sge.length = info->max_receive_size; > + response->sge.length = sp->max_recv_size; > response->sge.lkey = sc->ib.pd->local_dma_lkey; > > response->cqe.done = recv_done; > @@ -1274,6 +1280,8 @@ static void idle_connection_timer(struct work_struct *work) > struct smbd_connection *info = container_of( > work, struct smbd_connection, > idle_timer_work.work); > + struct smbdirect_socket *sc = &info->socket; > + struct smbdirect_socket_parameters *sp = &sc->parameters; > > if (info->keep_alive_requested != KEEP_ALIVE_NONE) { > log_keep_alive(ERR, > @@ -1288,7 +1296,7 @@ static void idle_connection_timer(struct work_struct *work) > > /* Setup the next idle timeout work */ > queue_delayed_work(info->workqueue, &info->idle_timer_work, > - info->keep_alive_interval*HZ); > + msecs_to_jiffies(sp->keepalive_interval_msec)); > } > > /* > @@ -1300,6 +1308,7 @@ void smbd_destroy(struct TCP_Server_Info *server) > { > struct smbd_connection *info = server->smbd_conn; > struct smbdirect_socket *sc; > + struct smbdirect_socket_parameters *sp; > struct smbd_response *response; > unsigned long flags; > > @@ -1308,6 +1317,7 @@ void smbd_destroy(struct TCP_Server_Info *server) > return; > } > sc = &info->socket; > + sp = &sc->parameters; > > log_rdma_event(INFO, "destroying rdma session\n"); > if (sc->status != SMBDIRECT_SOCKET_DISCONNECTED) { > @@ -1349,7 +1359,7 @@ void smbd_destroy(struct TCP_Server_Info *server) > log_rdma_event(INFO, "free receive buffers\n"); > wait_event(info->wait_receive_queues, > info->count_receive_queue + info->count_empty_packet_queue > - == info->receive_credit_max); > + == sp->recv_credit_max); > destroy_receive_buffers(info); > > /* > @@ -1437,6 +1447,8 @@ static void destroy_caches_and_workqueue(struct smbd_connection *info) > #define MAX_NAME_LEN 80 > static int allocate_caches_and_workqueue(struct smbd_connection *info) > { > + struct smbdirect_socket *sc = &info->socket; > + struct smbdirect_socket_parameters *sp = &sc->parameters; > char name[MAX_NAME_LEN]; > int rc; > > @@ -1451,7 +1463,7 @@ static int allocate_caches_and_workqueue(struct smbd_connection *info) > return -ENOMEM; > > info->request_mempool = > - mempool_create(info->send_credit_target, mempool_alloc_slab, > + mempool_create(sp->send_credit_target, mempool_alloc_slab, > mempool_free_slab, info->request_cache); > if (!info->request_mempool) > goto out1; > @@ -1461,13 +1473,13 @@ static int allocate_caches_and_workqueue(struct smbd_connection *info) > kmem_cache_create( > name, > sizeof(struct smbd_response) + > - info->max_receive_size, > + sp->max_recv_size, > 0, SLAB_HWCACHE_ALIGN, NULL); > if (!info->response_cache) > goto out2; > > info->response_mempool = > - mempool_create(info->receive_credit_max, mempool_alloc_slab, > + mempool_create(sp->recv_credit_max, mempool_alloc_slab, > mempool_free_slab, info->response_cache); > if (!info->response_mempool) > goto out3; > @@ -1477,7 +1489,7 @@ static int allocate_caches_and_workqueue(struct smbd_connection *info) > if (!info->workqueue) > goto out4; > > - rc = allocate_receive_buffers(info, info->receive_credit_max); > + rc = allocate_receive_buffers(info, sp->recv_credit_max); > if (rc) { > log_rdma_event(ERR, "failed to allocate receive buffers\n"); > goto out5; > @@ -1505,6 +1517,7 @@ static struct smbd_connection *_smbd_get_connection( > int rc; > struct smbd_connection *info; > struct smbdirect_socket *sc; > + struct smbdirect_socket_parameters *sp; > struct rdma_conn_param conn_param; > struct ib_qp_init_attr qp_attr; > struct sockaddr_in *addr_in = (struct sockaddr_in *) dstaddr; > @@ -1515,6 +1528,7 @@ static struct smbd_connection *_smbd_get_connection( > if (!info) > return NULL; > sc = &info->socket; > + sp = &sc->parameters; > > sc->status = SMBDIRECT_SOCKET_CONNECTING; > rc = smbd_ia_open(info, dstaddr, port); > @@ -1541,12 +1555,12 @@ static struct smbd_connection *_smbd_get_connection( > goto config_failed; > } > > - info->receive_credit_max = smbd_receive_credit_max; > - info->send_credit_target = smbd_send_credit_target; > - info->max_send_size = smbd_max_send_size; > - info->max_fragmented_recv_size = smbd_max_fragmented_recv_size; > - info->max_receive_size = smbd_max_receive_size; > - info->keep_alive_interval = smbd_keep_alive_interval; > + sp->recv_credit_max = smbd_receive_credit_max; > + sp->send_credit_target = smbd_send_credit_target; > + sp->max_send_size = smbd_max_send_size; > + sp->max_fragmented_recv_size = smbd_max_fragmented_recv_size; > + sp->max_recv_size = smbd_max_receive_size; > + sp->keepalive_interval_msec = smbd_keep_alive_interval * 1000; > > if (sc->ib.dev->attrs.max_send_sge < SMBDIRECT_MAX_SEND_SGE || > sc->ib.dev->attrs.max_recv_sge < SMBDIRECT_MAX_RECV_SGE) { > @@ -1561,7 +1575,7 @@ static struct smbd_connection *_smbd_get_connection( > > sc->ib.send_cq = > ib_alloc_cq_any(sc->ib.dev, info, > - info->send_credit_target, IB_POLL_SOFTIRQ); > + sp->send_credit_target, IB_POLL_SOFTIRQ); > if (IS_ERR(sc->ib.send_cq)) { > sc->ib.send_cq = NULL; > goto alloc_cq_failed; > @@ -1569,7 +1583,7 @@ static struct smbd_connection *_smbd_get_connection( > > sc->ib.recv_cq = > ib_alloc_cq_any(sc->ib.dev, info, > - info->receive_credit_max, IB_POLL_SOFTIRQ); > + sp->recv_credit_max, IB_POLL_SOFTIRQ); > if (IS_ERR(sc->ib.recv_cq)) { > sc->ib.recv_cq = NULL; > goto alloc_cq_failed; > @@ -1578,8 +1592,8 @@ static struct smbd_connection *_smbd_get_connection( > memset(&qp_attr, 0, sizeof(qp_attr)); > qp_attr.event_handler = smbd_qp_async_error_upcall; > qp_attr.qp_context = info; > - qp_attr.cap.max_send_wr = info->send_credit_target; > - qp_attr.cap.max_recv_wr = info->receive_credit_max; > + qp_attr.cap.max_send_wr = sp->send_credit_target; > + qp_attr.cap.max_recv_wr = sp->recv_credit_max; > qp_attr.cap.max_send_sge = SMBDIRECT_MAX_SEND_SGE; > qp_attr.cap.max_recv_sge = SMBDIRECT_MAX_RECV_SGE; > qp_attr.cap.max_inline_data = 0; > @@ -1654,7 +1668,7 @@ static struct smbd_connection *_smbd_get_connection( > init_waitqueue_head(&info->wait_send_queue); > INIT_DELAYED_WORK(&info->idle_timer_work, idle_connection_timer); > queue_delayed_work(info->workqueue, &info->idle_timer_work, > - info->keep_alive_interval*HZ); > + msecs_to_jiffies(sp->keepalive_interval_msec)); > > init_waitqueue_head(&info->wait_send_pending); > atomic_set(&info->send_pending, 0); > @@ -1971,6 +1985,7 @@ int smbd_send(struct TCP_Server_Info *server, > { > struct smbd_connection *info = server->smbd_conn; > struct smbdirect_socket *sc = &info->socket; > + struct smbdirect_socket_parameters *sp = &sc->parameters; > struct smb_rqst *rqst; > struct iov_iter iter; > unsigned int remaining_data_length, klen; > @@ -1988,10 +2003,10 @@ int smbd_send(struct TCP_Server_Info *server, > for (i = 0; i < num_rqst; i++) > remaining_data_length += smb_rqst_len(server, &rqst_array[i]); > > - if (unlikely(remaining_data_length > info->max_fragmented_send_size)) { > + if (unlikely(remaining_data_length > sp->max_fragmented_send_size)) { > /* assertion: payload never exceeds negotiated maximum */ > log_write(ERR, "payload size %d > max size %d\n", > - remaining_data_length, info->max_fragmented_send_size); > + remaining_data_length, sp->max_fragmented_send_size); > return -EINVAL; > } > > diff --git a/fs/smb/client/smbdirect.h b/fs/smb/client/smbdirect.h > index 4b559a4147af1..3d552ab27e0f3 100644 > --- a/fs/smb/client/smbdirect.h > +++ b/fs/smb/client/smbdirect.h > @@ -69,15 +69,7 @@ struct smbd_connection { > spinlock_t lock_new_credits_offered; > int new_credits_offered; > > - /* Connection parameters defined in [MS-SMBD] 3.1.1.1 */ > - int receive_credit_max; > - int send_credit_target; > - int max_send_size; > - int max_fragmented_recv_size; > - int max_fragmented_send_size; > - int max_receive_size; > - int keep_alive_interval; > - int max_readwrite_size; > + /* dynamic connection parameters defined in [MS-SMBD] 3.1.1.1 */ > enum keep_alive_status keep_alive_requested; > int protocol; > atomic_t send_credits;

4 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/xe: move DPT l2 flush to a more sensible place" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x f16873f42a06b620669d48a4b5c3f888cb3653a1 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062931-astride-stoneware-df77@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f16873f42a06b620669d48a4b5c3f888cb3653a1 Mon Sep 17 00:00:00 2001 From: Matthew Auld <matthew.auld(a)intel.com> Date: Fri, 6 Jun 2025 11:45:48 +0100 Subject: [PATCH] drm/xe: move DPT l2 flush to a more sensible place MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Only need the flush for DPT host updates here. Normal GGTT updates don't need special flush. Fixes: 01570b446939 ("drm/xe/bmg: implement Wa_16023588340") Signed-off-by: Matthew Auld <matthew.auld(a)intel.com> Cc: Maarten Lankhorst <maarten.lankhorst(a)linux.intel.com> Cc: stable(a)vger.kernel.org # v6.12+ Reviewed-by: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Reviewed-by: Lucas De Marchi <lucas.demarchi(a)intel.com> Link: https://lore.kernel.org/r/20250606104546.1996818-4-matthew.auld@intel.com Signed-off-by: Lucas De Marchi <lucas.demarchi(a)intel.com> (cherry picked from commit 35db1da40c8cfd7511dc42f342a133601eb45449) Signed-off-by: Thomas Hellström <thomas.hellstrom(a)linux.intel.com> diff --git a/drivers/gpu/drm/xe/display/xe_fb_pin.c b/drivers/gpu/drm/xe/display/xe_fb_pin.c index d918ae1c8061..55259969480b 100644 --- a/drivers/gpu/drm/xe/display/xe_fb_pin.c +++ b/drivers/gpu/drm/xe/display/xe_fb_pin.c @@ -164,6 +164,9 @@ static int __xe_pin_fb_vma_dpt(const struct intel_framebuffer *fb, vma->dpt = dpt; vma->node = dpt->ggtt_node[tile0->id]; + + /* Ensure DPT writes are flushed */ + xe_device_l2_flush(xe); return 0; } @@ -333,8 +336,6 @@ static struct i915_vma *__xe_pin_fb_vma(const struct intel_framebuffer *fb, if (ret) goto err_unpin; - /* Ensure DPT writes are flushed */ - xe_device_l2_flush(xe); return vma; err_unpin:

4 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/xe: Move DSB l2 flush to a more sensible place" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x a4b1b51ae132ac199412028a2df7b6c267888190 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062922-dictate-payphone-2af2@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a4b1b51ae132ac199412028a2df7b6c267888190 Mon Sep 17 00:00:00 2001 From: Maarten Lankhorst <maarten.lankhorst(a)linux.intel.com> Date: Fri, 6 Jun 2025 11:45:47 +0100 Subject: [PATCH] drm/xe: Move DSB l2 flush to a more sensible place MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flushing l2 is only needed after all data has been written. Fixes: 01570b446939 ("drm/xe/bmg: implement Wa_16023588340") Signed-off-by: Maarten Lankhorst <maarten.lankhorst(a)linux.intel.com> Cc: Matthew Auld <matthew.auld(a)intel.com> Cc: stable(a)vger.kernel.org # v6.12+ Reviewed-by: Matthew Auld <matthew.auld(a)intel.com> Signed-off-by: Matthew Auld <matthew.auld(a)intel.com> Reviewed-by: Lucas De Marchi <lucas.demarchi(a)intel.com> Reviewed-by: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Link: https://lore.kernel.org/r/20250606104546.1996818-3-matthew.auld@intel.com Signed-off-by: Lucas De Marchi <lucas.demarchi(a)intel.com> (cherry picked from commit 0dd2dd0182bc444a62652e89d08c7f0e4fde15ba) Signed-off-by: Thomas Hellström <thomas.hellstrom(a)linux.intel.com> diff --git a/drivers/gpu/drm/xe/display/xe_dsb_buffer.c b/drivers/gpu/drm/xe/display/xe_dsb_buffer.c index f95375451e2f..9f941fc2e36b 100644 --- a/drivers/gpu/drm/xe/display/xe_dsb_buffer.c +++ b/drivers/gpu/drm/xe/display/xe_dsb_buffer.c @@ -17,10 +17,7 @@ u32 intel_dsb_buffer_ggtt_offset(struct intel_dsb_buffer *dsb_buf) void intel_dsb_buffer_write(struct intel_dsb_buffer *dsb_buf, u32 idx, u32 val) { - struct xe_device *xe = dsb_buf->vma->bo->tile->xe; - iosys_map_wr(&dsb_buf->vma->bo->vmap, idx * 4, u32, val); - xe_device_l2_flush(xe); } u32 intel_dsb_buffer_read(struct intel_dsb_buffer *dsb_buf, u32 idx) @@ -30,12 +27,9 @@ u32 intel_dsb_buffer_read(struct intel_dsb_buffer *dsb_buf, u32 idx) void intel_dsb_buffer_memset(struct intel_dsb_buffer *dsb_buf, u32 idx, u32 val, size_t size) { - struct xe_device *xe = dsb_buf->vma->bo->tile->xe; - WARN_ON(idx > (dsb_buf->buf_size - size) / sizeof(*dsb_buf->cmd_buf)); iosys_map_memset(&dsb_buf->vma->bo->vmap, idx * 4, val, size); - xe_device_l2_flush(xe); } bool intel_dsb_buffer_create(struct intel_crtc *crtc, struct intel_dsb_buffer *dsb_buf, size_t size) @@ -74,9 +68,12 @@ void intel_dsb_buffer_cleanup(struct intel_dsb_buffer *dsb_buf) void intel_dsb_buffer_flush_map(struct intel_dsb_buffer *dsb_buf) { + struct xe_device *xe = dsb_buf->vma->bo->tile->xe; + /* * The memory barrier here is to ensure coherency of DSB vs MMIO, * both for weak ordering archs and discrete cards. */ - xe_device_wmb(dsb_buf->vma->bo->tile->xe); + xe_device_wmb(xe); + xe_device_l2_flush(xe); }

4 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] mm/hugetlb: remove unnecessary holding of hugetlb_lock" failed to apply to 6.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.15.y git checkout FETCH_HEAD git cherry-pick -x 344ef45b03336e7f74658814f66483b5417c9cf1 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062948-cape-pebble-cad9@gregkh' --subject-prefix 'PATCH 6.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 344ef45b03336e7f74658814f66483b5417c9cf1 Mon Sep 17 00:00:00 2001 From: Ge Yang <yangge1116(a)126.com> Date: Tue, 27 May 2025 11:36:50 +0800 Subject: [PATCH] mm/hugetlb: remove unnecessary holding of hugetlb_lock In isolate_or_dissolve_huge_folio(), after acquiring the hugetlb_lock, it is only for the purpose of obtaining the correct hstate, which is then passed to alloc_and_dissolve_hugetlb_folio(). alloc_and_dissolve_hugetlb_folio() itself also acquires the hugetlb_lock. We can have alloc_and_dissolve_hugetlb_folio() obtain the hstate by itself, so that isolate_or_dissolve_huge_folio() no longer needs to acquire the hugetlb_lock. In addition, we keep the folio_test_hugetlb() check within isolate_or_dissolve_huge_folio(). By doing so, we can avoid disrupting the normal path by vainly holding the hugetlb_lock. replace_free_hugepage_folios() has the same issue, and we should address it as well. Addresses a possible performance problem which was added by the hotfix 113ed54ad276 ("mm/hugetlb: fix kernel NULL pointer dereference when replacing free hugetlb folios"). Link: https://lkml.kernel.org/r/1748317010-16272-1-git-send-email-yangge1116@126.… Fixes: 113ed54ad276 ("mm/hugetlb: fix kernel NULL pointer dereference when replacing free hugetlb folios") Signed-off-by: Ge Yang <yangge1116(a)126.com> Suggested-by: Oscar Salvador <osalvador(a)suse.de> Reviewed-by: Muchun Song <muchun.song(a)linux.dev> Cc: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: Barry Song <21cnbao(a)gmail.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/hugetlb.c b/mm/hugetlb.c index 8746ed2fec13..9dc95eac558c 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c @@ -2787,20 +2787,24 @@ void restore_reserve_on_error(struct hstate *h, struct vm_area_struct *vma, /* * alloc_and_dissolve_hugetlb_folio - Allocate a new folio and dissolve * the old one - * @h: struct hstate old page belongs to * @old_folio: Old folio to dissolve * @list: List to isolate the page in case we need to * Returns 0 on success, otherwise negated error. */ -static int alloc_and_dissolve_hugetlb_folio(struct hstate *h, - struct folio *old_folio, struct list_head *list) +static int alloc_and_dissolve_hugetlb_folio(struct folio *old_folio, + struct list_head *list) { - gfp_t gfp_mask = htlb_alloc_mask(h) | __GFP_THISNODE; + gfp_t gfp_mask; + struct hstate *h; int nid = folio_nid(old_folio); struct folio *new_folio = NULL; int ret = 0; retry: + /* + * The old_folio might have been dissolved from under our feet, so make sure + * to carefully check the state under the lock. + */ spin_lock_irq(&hugetlb_lock); if (!folio_test_hugetlb(old_folio)) { /* @@ -2829,8 +2833,10 @@ static int alloc_and_dissolve_hugetlb_folio(struct hstate *h, cond_resched(); goto retry; } else { + h = folio_hstate(old_folio); if (!new_folio) { spin_unlock_irq(&hugetlb_lock); + gfp_mask = htlb_alloc_mask(h) | __GFP_THISNODE; new_folio = alloc_buddy_hugetlb_folio(h, gfp_mask, nid, NULL, NULL); if (!new_folio) @@ -2874,35 +2880,24 @@ static int alloc_and_dissolve_hugetlb_folio(struct hstate *h, int isolate_or_dissolve_huge_folio(struct folio *folio, struct list_head *list) { - struct hstate *h; int ret = -EBUSY; - /* - * The page might have been dissolved from under our feet, so make sure - * to carefully check the state under the lock. - * Return success when racing as if we dissolved the page ourselves. - */ - spin_lock_irq(&hugetlb_lock); - if (folio_test_hugetlb(folio)) { - h = folio_hstate(folio); - } else { - spin_unlock_irq(&hugetlb_lock); + /* Not to disrupt normal path by vainly holding hugetlb_lock */ + if (!folio_test_hugetlb(folio)) return 0; - } - spin_unlock_irq(&hugetlb_lock); /* * Fence off gigantic pages as there is a cyclic dependency between * alloc_contig_range and them. Return -ENOMEM as this has the effect * of bailing out right away without further retrying. */ - if (hstate_is_gigantic(h)) + if (folio_order(folio) > MAX_PAGE_ORDER) return -ENOMEM; if (folio_ref_count(folio) && folio_isolate_hugetlb(folio, list)) ret = 0; else if (!folio_ref_count(folio)) - ret = alloc_and_dissolve_hugetlb_folio(h, folio, list); + ret = alloc_and_dissolve_hugetlb_folio(folio, list); return ret; } @@ -2916,7 +2911,6 @@ int isolate_or_dissolve_huge_folio(struct folio *folio, struct list_head *list) */ int replace_free_hugepage_folios(unsigned long start_pfn, unsigned long end_pfn) { - struct hstate *h; struct folio *folio; int ret = 0; @@ -2925,23 +2919,9 @@ int replace_free_hugepage_folios(unsigned long start_pfn, unsigned long end_pfn) while (start_pfn < end_pfn) { folio = pfn_folio(start_pfn); - /* - * The folio might have been dissolved from under our feet, so make sure - * to carefully check the state under the lock. - */ - spin_lock_irq(&hugetlb_lock); - if (folio_test_hugetlb(folio)) { - h = folio_hstate(folio); - } else { - spin_unlock_irq(&hugetlb_lock); - start_pfn++; - continue; - } - spin_unlock_irq(&hugetlb_lock); - - if (!folio_ref_count(folio)) { - ret = alloc_and_dissolve_hugetlb_folio(h, folio, - &isolate_list); + /* Not to disrupt normal path by vainly holding hugetlb_lock */ + if (folio_test_hugetlb(folio) && !folio_ref_count(folio)) { + ret = alloc_and_dissolve_hugetlb_folio(folio, &isolate_list); if (ret) break;

4 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] io_uring/rsrc: don't rely on user vaddr alignment" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 3a3c6d61577dbb23c09df3e21f6f9eda1ecd634b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062902-emphasize-calzone-a702@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 3a3c6d61577dbb23c09df3e21f6f9eda1ecd634b Mon Sep 17 00:00:00 2001 From: Pavel Begunkov <asml.silence(a)gmail.com> Date: Tue, 24 Jun 2025 14:40:34 +0100 Subject: [PATCH] io_uring/rsrc: don't rely on user vaddr alignment There is no guaranteed alignment for user pointers, however the calculation of an offset of the first page into a folio after coalescing uses some weird bit mask logic, get rid of it. Cc: stable(a)vger.kernel.org Reported-by: David Hildenbrand <david(a)redhat.com> Fixes: a8edbb424b139 ("io_uring/rsrc: enable multi-hugepage buffer coalescing") Signed-off-by: Pavel Begunkov <asml.silence(a)gmail.com> Link: https://lore.kernel.org/io-uring/e387b4c78b33f231105a601d84eefd8301f57954.1… Signed-off-by: Jens Axboe <axboe(a)kernel.dk> diff --git a/io_uring/rsrc.c b/io_uring/rsrc.c index 0c09e38784c9..afc67530f912 100644 --- a/io_uring/rsrc.c +++ b/io_uring/rsrc.c @@ -734,6 +734,7 @@ bool io_check_coalesce_buffer(struct page **page_array, int nr_pages, data->nr_pages_mid = folio_nr_pages(folio); data->folio_shift = folio_shift(folio); + data->first_folio_page_idx = folio_page_idx(folio, page_array[0]); /* * Check if pages are contiguous inside a folio, and all folios have @@ -827,7 +828,11 @@ static struct io_rsrc_node *io_sqe_buffer_register(struct io_ring_ctx *ctx, if (coalesced) imu->folio_shift = data.folio_shift; refcount_set(&imu->refs, 1); - off = (unsigned long) iov->iov_base & ((1UL << imu->folio_shift) - 1); + + off = (unsigned long)iov->iov_base & ~PAGE_MASK; + if (coalesced) + off += data.first_folio_page_idx << PAGE_SHIFT; + node->buf = imu; ret = 0; diff --git a/io_uring/rsrc.h b/io_uring/rsrc.h index 0d2138f16322..25e7e998dcfd 100644 --- a/io_uring/rsrc.h +++ b/io_uring/rsrc.h @@ -49,6 +49,7 @@ struct io_imu_folio_data { unsigned int nr_pages_mid; unsigned int folio_shift; unsigned int nr_folios; + unsigned long first_folio_page_idx; }; bool io_rsrc_cache_init(struct io_ring_ctx *ctx);

4 months, 2 weeks

1
0
0 0

Linux 6.15.4

by Greg Kroah-Hartman

I'm announcing the release of the 6.15.4 kernel. All users of the 6.15 kernel series must upgrade. The updated 6.15.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.15.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/devicetree/bindings/i2c/nvidia,tegra20-i2c.yaml | 24 Documentation/gpu/nouveau.rst | 5 Makefile | 2 arch/arm/mach-omap2/clockdomain.h | 1 arch/arm/mach-omap2/clockdomains33xx_data.c | 2 arch/arm/mach-omap2/cm33xx.c | 14 arch/arm/mach-omap2/pmic-cpcap.c | 6 arch/arm/mm/ioremap.c | 4 arch/arm64/include/asm/tlbflush.h | 9 arch/arm64/kernel/ptrace.c | 2 arch/arm64/kvm/hyp/include/hyp/debug-sr.h | 3 arch/arm64/mm/mmu.c | 3 arch/loongarch/include/asm/irqflags.h | 16 arch/loongarch/include/asm/vdso/getrandom.h | 2 arch/loongarch/include/asm/vdso/gettimeofday.h | 6 arch/loongarch/mm/hugetlbpage.c | 3 arch/mips/vdso/Makefile | 1 arch/nios2/include/asm/pgtable.h | 16 arch/parisc/boot/compressed/Makefile | 1 arch/parisc/kernel/unaligned.c | 2 arch/powerpc/include/asm/ppc_asm.h | 2 arch/powerpc/kernel/eeh.c | 2 arch/powerpc/kernel/trace/ftrace_entry.S | 2 arch/powerpc/kernel/vdso/Makefile | 2 arch/powerpc/net/bpf_jit.h | 20 arch/powerpc/net/bpf_jit_comp.c | 33 arch/powerpc/net/bpf_jit_comp32.c | 6 arch/powerpc/net/bpf_jit_comp64.c | 15 arch/powerpc/platforms/pseries/msi.c | 7 arch/riscv/kvm/vcpu_sbi_replace.c | 8 arch/s390/kvm/gaccess.c | 8 arch/s390/pci/pci.c | 45 arch/s390/pci/pci_bus.h | 7 arch/s390/pci/pci_event.c | 22 arch/s390/pci/pci_mmio.c | 2 arch/x86/Kconfig | 2 arch/x86/events/intel/core.c | 2 arch/x86/include/asm/module.h | 8 arch/x86/include/asm/tdx.h | 2 arch/x86/kernel/alternative.c | 79 - arch/x86/kernel/cpu/amd.c | 2 arch/x86/kernel/cpu/sgx/main.c | 2 arch/x86/kvm/svm/svm.c | 2 arch/x86/kvm/vmx/vmx.c | 5 arch/x86/mm/init_32.c | 3 arch/x86/mm/init_64.c | 3 arch/x86/mm/pat/set_memory.c | 3 arch/x86/mm/pti.c | 5 arch/x86/virt/vmx/tdx/tdx.c | 5 block/blk-merge.c | 26 block/blk-zoned.c | 1 drivers/accel/ivpu/ivpu_fw.c | 12 drivers/accel/ivpu/ivpu_gem.c | 89 - drivers/accel/ivpu/ivpu_gem.h | 2 drivers/accel/ivpu/ivpu_job.c | 6 drivers/accel/ivpu/ivpu_jsm_msg.c | 9 drivers/acpi/acpica/amlresrc.h | 8 drivers/acpi/acpica/dsutils.c | 9 drivers/acpi/acpica/psobject.c | 52 drivers/acpi/acpica/rsaddr.c | 13 drivers/acpi/acpica/rscalc.c | 22 drivers/acpi/acpica/rslist.c | 12 drivers/acpi/acpica/utprint.c | 7 drivers/acpi/acpica/utresrc.c | 14 drivers/acpi/battery.c | 19 drivers/acpi/bus.c | 6 drivers/ata/ahci.c | 35 drivers/ata/pata_via.c | 3 drivers/atm/atmtcp.c | 4 drivers/base/platform-msi.c | 1 drivers/base/power/runtime.c | 2 drivers/base/swnode.c | 2 drivers/block/aoe/aoedev.c | 8 drivers/block/ublk_drv.c | 3 drivers/bluetooth/btmrvl_sdio.c | 4 drivers/bluetooth/btmtksdio.c | 2 drivers/bluetooth/btusb.c | 5 drivers/bus/fsl-mc/fsl-mc-uapi.c | 4 drivers/bus/fsl-mc/mc-io.c | 19 drivers/bus/fsl-mc/mc-sys.c | 2 drivers/bus/mhi/ep/ring.c | 16 drivers/bus/mhi/host/pm.c | 18 drivers/bus/ti-sysc.c | 49 drivers/char/ipmi/ipmi_ssif.c | 6 drivers/clk/meson/g12a.c | 1 drivers/clk/qcom/gcc-sm8650.c | 2 drivers/clk/qcom/gcc-sm8750.c | 3 drivers/clk/qcom/gcc-x1e80100.c | 4 drivers/clk/rockchip/clk-rk3036.c | 1 drivers/cpufreq/scmi-cpufreq.c | 36 drivers/crypto/intel/qat/qat_420xx/adf_drv.c | 8 drivers/crypto/intel/qat/qat_4xxx/adf_drv.c | 8 drivers/crypto/intel/qat/qat_c3xxx/adf_drv.c | 8 drivers/crypto/intel/qat/qat_c62x/adf_drv.c | 8 drivers/crypto/intel/qat/qat_dh895xcc/adf_drv.c | 8 drivers/crypto/marvell/cesa/cesa.c | 2 drivers/crypto/marvell/cesa/cesa.h | 9 drivers/crypto/marvell/cesa/tdma.c | 53 drivers/dma-buf/udmabuf.c | 5 drivers/edac/altera_edac.c | 6 drivers/edac/amd64_edac.c | 1 drivers/edac/igen6_edac.c | 100 + drivers/firmware/arm_scmi/driver.c | 76 - drivers/firmware/arm_scmi/protocols.h | 2 drivers/firmware/cirrus/test/cs_dsp_mock_bin.c | 3 drivers/firmware/cirrus/test/cs_dsp_mock_wmfw.c | 3 drivers/firmware/cirrus/test/cs_dsp_test_control_cache.c | 1 drivers/firmware/sysfb.c | 26 drivers/firmware/ti_sci.c | 14 drivers/gpio/gpio-loongson-64bit.c | 2 drivers/gpio/gpio-mlxbf3.c | 54 drivers/gpio/gpio-pca953x.c | 2 drivers/gpio/gpiolib-of.c | 9 drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 8 drivers/gpu/drm/amd/amdgpu/amdgpu_gfx.c | 10 drivers/gpu/drm/amd/amdgpu/amdgpu_gmc.c | 4 drivers/gpu/drm/amd/amdgpu/amdgpu_mes.c | 3 drivers/gpu/drm/amd/amdgpu/amdgpu_mes.h | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_psp.h | 10 drivers/gpu/drm/amd/amdgpu/amdgpu_ras_eeprom.c | 22 drivers/gpu/drm/amd/amdgpu/amdgpu_virt.h | 12 drivers/gpu/drm/amd/amdgpu/amdgv_sriovmsg.h | 9 drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c | 2 drivers/gpu/drm/amd/amdgpu/gfx_v11_0.c | 2 drivers/gpu/drm/amd/amdgpu/gfx_v6_0.c | 2 drivers/gpu/drm/amd/amdgpu/gfx_v7_0.c | 2 drivers/gpu/drm/amd/amdgpu/gfx_v8_0.c | 2 drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c | 2 drivers/gpu/drm/amd/amdgpu/gmc_v9_0.c | 14 drivers/gpu/drm/amd/amdgpu/mes_v11_0.c | 17 drivers/gpu/drm/amd/amdgpu/mes_v12_0.c | 17 drivers/gpu/drm/amd/amdgpu/mmhub_v1_8.c | 63 drivers/gpu/drm/amd/amdgpu/psp_v13_0.c | 20 drivers/gpu/drm/amd/amdkfd/kfd_device.c | 5 drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager_v9.c | 4 drivers/gpu/drm/amd/amdkfd/kfd_queue.c | 4 drivers/gpu/drm/amd/amdkfd/kfd_svm.c | 3 drivers/gpu/drm/amd/amdkfd/kfd_topology.c | 6 drivers/gpu/drm/amd/display/amdgpu_dm/Makefile | 1 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 170 -- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.h | 9 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 17 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_quirks.c | 178 ++ drivers/gpu/drm/amd/display/dc/clk_mgr/dcn35/dcn351_clk_mgr.c | 1 drivers/gpu/drm/amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c | 8 drivers/gpu/drm/amd/display/dc/dccg/dcn35/dcn35_dccg.c | 38 drivers/gpu/drm/amd/display/dc/dml/dcn30/display_mode_vba_30.c | 1 drivers/gpu/drm/amd/display/dc/dml/dcn31/display_mode_vba_31.c | 1 drivers/gpu/drm/amd/display/dc/dml/dcn314/display_mode_vba_314.c | 1 drivers/gpu/drm/amd/display/dc/dml2/dml2_translation_helper.c | 2 drivers/gpu/drm/amd/display/dc/dml2/dml2_wrapper.c | 5 drivers/gpu/drm/amd/display/dc/dpp/dcn35/dcn35_dpp.c | 2 drivers/gpu/drm/amd/display/dc/hwss/dcn314/dcn314_hwseq.c | 14 drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c | 21 drivers/gpu/drm/amd/display/dc/inc/hw/clk_mgr_internal.h | 3 drivers/gpu/drm/amd/display/dc/irq/dcn32/irq_service_dcn32.c | 61 drivers/gpu/drm/amd/display/dc/irq/dcn401/irq_service_dcn401.c | 60 drivers/gpu/drm/amd/display/dc/irq_types.h | 9 drivers/gpu/drm/amd/display/dc/mpc/dcn32/dcn32_mpc.c | 380 ++--- drivers/gpu/drm/amd/display/dc/resource/dcn35/dcn35_resource.c | 2 drivers/gpu/drm/amd/display/dc/resource/dcn36/dcn36_resource.c | 2 drivers/gpu/drm/amd/display/dc/sspl/dc_spl.c | 4 drivers/gpu/drm/amd/pm/swsmu/inc/smu_v13_0.h | 1 drivers/gpu/drm/amd/pm/swsmu/smu13/aldebaran_ppt.c | 13 drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0.c | 10 drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_6_ppt.c | 4 drivers/gpu/drm/bridge/Kconfig | 1 drivers/gpu/drm/bridge/analogix/analogix_dp_core.c | 5 drivers/gpu/drm/bridge/analogix/anx7625.c | 26 drivers/gpu/drm/display/drm_dp_helper.c | 39 drivers/gpu/drm/drm_panel_orientation_quirks.c | 6 drivers/gpu/drm/i915/i915_pmu.c | 4 drivers/gpu/drm/msm/adreno/a6xx_gpu.c | 14 drivers/gpu/drm/msm/adreno/a6xx_hfi.c | 2 drivers/gpu/drm/msm/disp/dpu1/dpu_encoder_phys_vid.c | 17 drivers/gpu/drm/msm/dp/dp_display.c | 7 drivers/gpu/drm/msm/dsi/phy/dsi_phy_10nm.c | 7 drivers/gpu/drm/msm/hdmi/hdmi_i2c.c | 14 drivers/gpu/drm/msm/registers/adreno/adreno_pm4.xml | 3 drivers/gpu/drm/nouveau/Kbuild | 1 drivers/gpu/drm/nouveau/include/nvkm/subdev/gsp.h | 45 drivers/gpu/drm/nouveau/nouveau_backlight.c | 2 drivers/gpu/drm/nouveau/nouveau_drm.c | 8 drivers/gpu/drm/nouveau/nvkm/subdev/bar/r535.c | 2 drivers/gpu/drm/nouveau/nvkm/subdev/gsp/Kbuild | 2 drivers/gpu/drm/nouveau/nvkm/subdev/gsp/r535.c | 673 --------- drivers/gpu/drm/nouveau/nvkm/subdev/gsp/rm/Kbuild | 5 drivers/gpu/drm/nouveau/nvkm/subdev/gsp/rm/r535/Kbuild | 6 drivers/gpu/drm/nouveau/nvkm/subdev/gsp/rm/r535/rm.c | 10 drivers/gpu/drm/nouveau/nvkm/subdev/gsp/rm/r535/rpc.c | 699 ++++++++++ drivers/gpu/drm/nouveau/nvkm/subdev/gsp/rm/rm.h | 20 drivers/gpu/drm/nouveau/nvkm/subdev/gsp/rm/rpc.h | 18 drivers/gpu/drm/nouveau/nvkm/subdev/instmem/r535.c | 2 drivers/gpu/drm/panel/panel-sharp-ls043t1le01.c | 41 drivers/gpu/drm/panel/panel-simple.c | 29 drivers/gpu/drm/panthor/panthor_mmu.c | 1 drivers/gpu/drm/rockchip/inno_hdmi.c | 36 drivers/gpu/drm/rockchip/rockchip_drm_vop2.h | 1 drivers/gpu/drm/rockchip/rockchip_vop2_reg.c | 5 drivers/gpu/drm/solomon/ssd130x.c | 2 drivers/gpu/drm/tiny/Kconfig | 1 drivers/gpu/drm/ttm/tests/ttm_bo_test.c | 2 drivers/gpu/drm/v3d/v3d_sched.c | 8 drivers/gpu/drm/xe/xe_bo.c | 4 drivers/gpu/drm/xe/xe_eu_stall.c | 4 drivers/gpu/drm/xe/xe_exec.c | 4 drivers/gpu/drm/xe/xe_exec_queue.c | 9 drivers/gpu/drm/xe/xe_gt.c | 2 drivers/gpu/drm/xe/xe_gt_freq.c | 82 - drivers/gpu/drm/xe/xe_gt_idle.c | 28 drivers/gpu/drm/xe/xe_gt_throttle.c | 90 - drivers/gpu/drm/xe/xe_guc.c | 44 drivers/gpu/drm/xe/xe_oa.c | 6 drivers/gpu/drm/xe/xe_svm.c | 2 drivers/gpu/drm/xe/xe_uc_fw.c | 2 drivers/gpu/drm/xe/xe_vm.c | 6 drivers/hid/hid-asus.c | 107 + drivers/hv/connection.c | 23 drivers/hwmon/ftsteutates.c | 9 drivers/hwmon/ltc4282.c | 7 drivers/hwmon/occ/common.c | 240 +-- drivers/i2c/busses/i2c-designware-slave.c | 2 drivers/i2c/busses/i2c-k1.c | 2 drivers/i2c/busses/i2c-npcm7xx.c | 12 drivers/i2c/busses/i2c-pasemi-core.c | 2 drivers/i2c/busses/i2c-tegra.c | 5 drivers/i3c/master/mipi-i3c-hci/core.c | 6 drivers/iio/accel/fxls8962af-core.c | 15 drivers/iio/adc/Kconfig | 6 drivers/iio/adc/ad7173.c | 15 drivers/iio/adc/ad7606.c | 21 drivers/iio/adc/ad7606_spi.c | 2 drivers/iio/adc/ad7944.c | 2 drivers/iio/imu/inv_icm42600/inv_icm42600_temp.c | 8 drivers/infiniband/core/iwcm.c | 29 drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 2 drivers/input/keyboard/gpio_keys.c | 6 drivers/input/misc/ims-pcu.c | 6 drivers/iommu/amd/iommu.c | 41 drivers/iommu/intel/iommu.c | 11 drivers/iommu/intel/iommu.h | 1 drivers/iommu/intel/nested.c | 4 drivers/iommu/iommu.c | 21 drivers/md/dm-raid1.c | 5 drivers/md/dm-table.c | 14 drivers/md/dm-verity-fec.c | 4 drivers/md/dm-verity-target.c | 8 drivers/md/dm-verity-verify-sig.c | 17 drivers/media/cec/usb/extron-da-hd-4k-plus/extron-da-hd-4k-plus.c | 4 drivers/media/common/videobuf2/videobuf2-dma-sg.c | 4 drivers/media/i2c/ccs-pll.c | 23 drivers/media/i2c/ds90ub913.c | 4 drivers/media/i2c/imx334.c | 18 drivers/media/i2c/imx335.c | 5 drivers/media/i2c/lt6911uxe.c | 4 drivers/media/i2c/ov08x40.c | 2 drivers/media/i2c/ov2740.c | 4 drivers/media/i2c/ov5675.c | 5 drivers/media/i2c/ov8856.c | 9 drivers/media/i2c/tc358743.c | 4 drivers/media/pci/intel/ipu6/ipu6-dma.c | 4 drivers/media/pci/intel/ipu6/ipu6.c | 5 drivers/media/platform/imagination/e5010-jpeg-enc.c | 9 drivers/media/platform/mediatek/vcodec/decoder/vdec/vdec_hevc_req_multi_if.c | 2 drivers/media/platform/nuvoton/npcm-video.c | 15 drivers/media/platform/nxp/imx-jpeg/mxc-jpeg-hw.h | 1 drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c | 90 - drivers/media/platform/nxp/imx8-isi/imx8-isi-m2m.c | 14 drivers/media/platform/qcom/camss/camss-csid.c | 4 drivers/media/platform/qcom/camss/camss-vfe.c | 4 drivers/media/platform/qcom/iris/iris_firmware.c | 4 drivers/media/platform/qcom/venus/core.c | 16 drivers/media/platform/qcom/venus/vdec.c | 4 drivers/media/platform/renesas/rcar-vin/rcar-dma.c | 18 drivers/media/platform/renesas/rcar-vin/rcar-v4l2.c | 8 drivers/media/platform/renesas/vsp1/vsp1_rwpf.c | 13 drivers/media/platform/samsung/exynos4-is/fimc-is-regs.c | 1 drivers/media/platform/ti/cal/cal-video.c | 4 drivers/media/platform/ti/davinci/vpif.c | 4 drivers/media/platform/ti/omap3isp/ispccdc.c | 8 drivers/media/platform/ti/omap3isp/ispstat.c | 6 drivers/media/platform/verisilicon/rockchip_vpu_hw.c | 20 drivers/media/test-drivers/vidtv/vidtv_channel.c | 2 drivers/media/test-drivers/vivid/vivid-vid-cap.c | 2 drivers/media/usb/dvb-usb/cxusb.c | 3 drivers/media/usb/gspca/stv06xx/stv06xx_hdcs.c | 7 drivers/media/usb/uvc/uvc_ctrl.c | 23 drivers/media/usb/uvc/uvc_driver.c | 27 drivers/media/v4l2-core/v4l2-dev.c | 14 drivers/mmc/core/card.h | 6 drivers/mmc/core/quirks.h | 10 drivers/mmc/core/sd.c | 32 drivers/mtd/nand/qpic_common.c | 8 drivers/mtd/nand/raw/qcom_nandc.c | 18 drivers/mtd/nand/raw/sunxi_nand.c | 2 drivers/mtd/nand/spi/alliancememory.c | 12 drivers/mtd/nand/spi/ato.c | 6 drivers/mtd/nand/spi/esmt.c | 8 drivers/mtd/nand/spi/foresee.c | 8 drivers/mtd/nand/spi/gigadevice.c | 48 drivers/mtd/nand/spi/macronix.c | 8 drivers/mtd/nand/spi/micron.c | 20 drivers/mtd/nand/spi/paragon.c | 12 drivers/mtd/nand/spi/skyhigh.c | 12 drivers/mtd/nand/spi/toshiba.c | 8 drivers/mtd/nand/spi/winbond.c | 34 drivers/mtd/nand/spi/xtx.c | 12 drivers/net/can/kvaser_pciefd.c | 3 drivers/net/can/m_can/tcan4x5x-core.c | 9 drivers/net/ethernet/aquantia/atlantic/aq_main.c | 1 drivers/net/ethernet/aquantia/atlantic/aq_nic.c | 2 drivers/net/ethernet/broadcom/bnxt/bnxt.c | 87 + drivers/net/ethernet/broadcom/bnxt/bnxt_ulp.c | 29 drivers/net/ethernet/broadcom/bnxt/bnxt_ulp.h | 1 drivers/net/ethernet/cadence/macb_main.c | 6 drivers/net/ethernet/cortina/gemini.c | 37 drivers/net/ethernet/dlink/dl2k.c | 14 drivers/net/ethernet/dlink/dl2k.h | 2 drivers/net/ethernet/emulex/benet/be_cmds.c | 2 drivers/net/ethernet/faraday/Kconfig | 1 drivers/net/ethernet/intel/e1000e/netdev.c | 14 drivers/net/ethernet/intel/e1000e/ptp.c | 8 drivers/net/ethernet/intel/i40e/i40e_common.c | 7 drivers/net/ethernet/intel/ice/ice_arfs.c | 48 drivers/net/ethernet/intel/ice/ice_eswitch.c | 6 drivers/net/ethernet/intel/ice/ice_switch.c | 4 drivers/net/ethernet/intel/ixgbe/ixgbe_phy.c | 4 drivers/net/ethernet/marvell/octeontx2/nic/cn10k.c | 9 drivers/net/ethernet/marvell/octeontx2/nic/otx2_common.c | 4 drivers/net/ethernet/mellanox/mlx4/en_ethtool.c | 1 drivers/net/ethernet/mellanox/mlx5/core/steering/hws/bwc.c | 10 drivers/net/ethernet/mellanox/mlx5/core/steering/hws/definer.c | 78 - drivers/net/ethernet/mellanox/mlx5/core/vport.c | 18 drivers/net/ethernet/mellanox/mlxbf_gige/mlxbf_gige_main.c | 6 drivers/net/ethernet/meta/fbnic/fbnic_fw.c | 5 drivers/net/ethernet/microchip/lan743x_ethtool.c | 18 drivers/net/ethernet/microchip/lan743x_ptp.h | 4 drivers/net/ethernet/pensando/ionic/ionic_main.c | 3 drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 7 drivers/net/ethernet/ti/am65-cpsw-nuss.c | 24 drivers/net/ethernet/ti/icssg/icssg_common.c | 19 drivers/net/ethernet/vertexcom/mse102x.c | 15 drivers/net/hyperv/netvsc_bpf.c | 2 drivers/net/hyperv/netvsc_drv.c | 4 drivers/net/netdevsim/netdev.c | 2 drivers/net/phy/marvell-88q2xxx.c | 103 - drivers/net/phy/mediatek/mtk-ge-soc.c | 10 drivers/net/usb/asix.h | 1 drivers/net/usb/asix_common.c | 22 drivers/net/usb/asix_devices.c | 17 drivers/net/usb/ch9200.c | 7 drivers/net/vxlan/vxlan_core.c | 22 drivers/net/wireless/ath/ath11k/ce.c | 11 drivers/net/wireless/ath/ath11k/core.c | 55 drivers/net/wireless/ath/ath11k/core.h | 7 drivers/net/wireless/ath/ath11k/dp_rx.c | 25 drivers/net/wireless/ath/ath11k/hal.c | 4 drivers/net/wireless/ath/ath11k/qmi.c | 9 drivers/net/wireless/ath/ath12k/ce.c | 11 drivers/net/wireless/ath/ath12k/ce.h | 6 drivers/net/wireless/ath/ath12k/dp.c | 77 - drivers/net/wireless/ath/ath12k/dp.h | 5 drivers/net/wireless/ath/ath12k/dp_mon.c | 2 drivers/net/wireless/ath/ath12k/dp_rx.c | 15 drivers/net/wireless/ath/ath12k/hal.c | 12 drivers/net/wireless/ath/ath12k/hal.h | 6 drivers/net/wireless/ath/ath12k/hal_desc.h | 2 drivers/net/wireless/ath/ath12k/hw.c | 2 drivers/net/wireless/ath/ath12k/hw.h | 3 drivers/net/wireless/ath/ath12k/mac.c | 55 drivers/net/wireless/ath/ath12k/pci.c | 3 drivers/net/wireless/ath/ath12k/peer.c | 5 drivers/net/wireless/ath/ath12k/peer.h | 3 drivers/net/wireless/ath/ath12k/wmi.c | 28 drivers/net/wireless/ath/ath12k/wmi.h | 1 drivers/net/wireless/ath/carl9170/usb.c | 19 drivers/net/wireless/intel/iwlwifi/cfg/22000.c | 3 drivers/net/wireless/intel/iwlwifi/dvm/main.c | 6 drivers/net/wireless/intel/iwlwifi/mld/d3.c | 2 drivers/net/wireless/intel/iwlwifi/mld/mac80211.c | 2 drivers/net/wireless/intel/iwlwifi/mld/mld.c | 3 drivers/net/wireless/intel/iwlwifi/mld/thermal.c | 4 drivers/net/wireless/intel/iwlwifi/mvm/mac-ctxt.c | 4 drivers/net/wireless/intel/iwlwifi/pcie/trans.c | 6 drivers/net/wireless/intersil/p54/fwio.c | 2 drivers/net/wireless/intersil/p54/p54.h | 1 drivers/net/wireless/intersil/p54/txrx.c | 13 drivers/net/wireless/mediatek/mt76/mt76x2/usb.c | 2 drivers/net/wireless/mediatek/mt76/mt76x2/usb_init.c | 13 drivers/net/wireless/mediatek/mt76/mt7921/main.c | 5 drivers/net/wireless/mediatek/mt76/mt7925/init.c | 6 drivers/net/wireless/mediatek/mt76/mt7925/mcu.c | 20 drivers/net/wireless/mediatek/mt76/mt7925/mcu.h | 1 drivers/net/wireless/mediatek/mt76/mt7925/pci.c | 3 drivers/net/wireless/mediatek/mt76/mt7925/regs.h | 2 drivers/net/wireless/mediatek/mt76/mt7996/mac.c | 8 drivers/net/wireless/mediatek/mt76/mt7996/main.c | 4 drivers/net/wireless/purelifi/plfxlc/usb.c | 4 drivers/net/wireless/realtek/rtlwifi/pci.c | 10 drivers/net/wireless/realtek/rtw88/hci.h | 8 drivers/net/wireless/realtek/rtw88/mac.c | 11 drivers/net/wireless/realtek/rtw88/mac.h | 2 drivers/net/wireless/realtek/rtw88/mac80211.c | 2 drivers/net/wireless/realtek/rtw88/main.c | 32 drivers/net/wireless/realtek/rtw88/main.h | 3 drivers/net/wireless/realtek/rtw88/pci.c | 2 drivers/net/wireless/realtek/rtw88/rtw8703b.c | 1 drivers/net/wireless/realtek/rtw88/rtw8723d.c | 1 drivers/net/wireless/realtek/rtw88/rtw8812a.c | 1 drivers/net/wireless/realtek/rtw88/rtw8814a.c | 11 drivers/net/wireless/realtek/rtw88/rtw8821a.c | 1 drivers/net/wireless/realtek/rtw88/rtw8821c.c | 1 drivers/net/wireless/realtek/rtw88/rtw8822b.c | 1 drivers/net/wireless/realtek/rtw88/rtw8822bu.c | 2 drivers/net/wireless/realtek/rtw88/rtw8822c.c | 1 drivers/net/wireless/realtek/rtw88/sdio.c | 2 drivers/net/wireless/realtek/rtw88/usb.c | 57 drivers/net/wireless/realtek/rtw89/cam.c | 3 drivers/net/wireless/realtek/rtw89/rtw8922a_rfk.c | 5 drivers/net/wireless/virtual/mac80211_hwsim.c | 5 drivers/nvme/host/ioctl.c | 21 drivers/nvme/host/tcp.c | 2 drivers/pci/controller/cadence/pcie-cadence-ep.c | 5 drivers/pci/controller/dwc/pcie-designware-ep.c | 5 drivers/pci/controller/dwc/pcie-dw-rockchip.c | 6 drivers/pci/controller/pcie-apple.c | 2 drivers/pci/hotplug/pciehp_hpc.c | 2 drivers/pci/hotplug/s390_pci_hpc.c | 2 drivers/pci/pci.c | 3 drivers/pci/quirks.c | 23 drivers/phy/freescale/phy-fsl-imx8mq-usb.c | 10 drivers/pinctrl/mvebu/pinctrl-armada-37xx.c | 21 drivers/pinctrl/pinctrl-mcp23s08.c | 8 drivers/platform/loongarch/loongson-laptop.c | 87 - drivers/platform/x86/amd/pmc/pmc.c | 2 drivers/platform/x86/amd/pmf/core.c | 3 drivers/platform/x86/amd/pmf/tee-if.c | 67 drivers/platform/x86/dell/alienware-wmi-wmax.c | 2 drivers/platform/x86/dell/dell_rbu.c | 6 drivers/platform/x86/ideapad-laptop.c | 19 drivers/platform/x86/intel/uncore-frequency/uncore-frequency-tpmi.c | 9 drivers/pmdomain/core.c | 4 drivers/power/supply/bq27xxx_battery.c | 2 drivers/power/supply/bq27xxx_battery_i2c.c | 13 drivers/power/supply/collie_battery.c | 1 drivers/power/supply/gpio-charger.c | 4 drivers/power/supply/max17040_battery.c | 5 drivers/ptp/ptp_clock.c | 3 drivers/ptp/ptp_private.h | 22 drivers/pwm/pwm-axi-pwmgen.c | 23 drivers/rapidio/rio_cm.c | 3 drivers/regulator/max14577-regulator.c | 5 drivers/regulator/max20086-regulator.c | 4 drivers/remoteproc/remoteproc_core.c | 6 drivers/remoteproc/ti_k3_m4_remoteproc.c | 2 drivers/s390/scsi/zfcp_sysfs.c | 2 drivers/scsi/elx/efct/efct_hw.c | 5 drivers/scsi/lpfc/lpfc_hbadisc.c | 2 drivers/scsi/lpfc/lpfc_sli.c | 4 drivers/scsi/smartpqi/smartpqi_init.c | 84 + drivers/scsi/storvsc_drv.c | 10 drivers/soc/qcom/pmic_glink_altmode.c | 30 drivers/spi/spi-qpic-snand.c | 1 drivers/staging/iio/impedance-analyzer/ad5933.c | 2 drivers/staging/media/rkvdec/rkvdec.c | 14 drivers/tee/tee_core.c | 11 drivers/uio/uio_hv_generic.c | 7 drivers/video/console/dummycon.c | 18 drivers/video/console/vgacon.c | 2 drivers/video/fbdev/core/fbcon.c | 7 drivers/video/fbdev/core/fbmem.c | 22 drivers/video/screen_info_pci.c | 79 - drivers/virt/coco/tsm.c | 31 drivers/watchdog/da9052_wdt.c | 1 drivers/watchdog/stm32_iwdg.c | 2 fs/anon_inodes.c | 45 fs/ceph/addr.c | 9 fs/ceph/super.c | 1 fs/configfs/dir.c | 2 fs/dlm/lowcomms.c | 5 fs/erofs/zmap.c | 10 fs/exfat/nls.c | 1 fs/exfat/super.c | 30 fs/ext4/ext4.h | 7 fs/ext4/extents.c | 39 fs/ext4/file.c | 7 fs/ext4/inline.c | 2 fs/ext4/inode.c | 24 fs/ext4/ioctl.c | 8 fs/f2fs/compress.c | 23 fs/f2fs/f2fs.h | 5 fs/f2fs/inode.c | 10 fs/f2fs/namei.c | 9 fs/f2fs/node.c | 8 fs/f2fs/segment.c | 12 fs/f2fs/super.c | 12 fs/file.c | 8 fs/gfs2/lock_dlm.c | 3 fs/internal.h | 5 fs/ioctl.c | 7 fs/isofs/inode.c | 7 fs/isofs/isofs.h | 4 fs/isofs/rock.c | 40 fs/isofs/rock.h | 6 fs/isofs/util.c | 49 fs/jbd2/transaction.c | 5 fs/jffs2/erase.c | 4 fs/jffs2/scan.c | 4 fs/jffs2/summary.c | 7 fs/jfs/jfs_discard.c | 3 fs/jfs/jfs_dmap.c | 6 fs/jfs/jfs_dtree.c | 18 fs/libfs.c | 10 fs/nfs/client.c | 2 fs/nfs/flexfilelayout/flexfilelayoutdev.c | 2 fs/nfs/internal.h | 1 fs/nfs/localio.c | 6 fs/nfs/nfs4proc.c | 5 fs/nfs/read.c | 3 fs/nfsd/export.c | 3 fs/nfsd/nfs4proc.c | 3 fs/nfsd/nfs4xdr.c | 19 fs/nfsd/nfsctl.c | 26 fs/nfsd/nfssvc.c | 6 fs/overlayfs/file.c | 4 fs/overlayfs/overlayfs.h | 8 fs/pidfs.c | 2 fs/smb/client/cached_dir.c | 14 fs/smb/client/cached_dir.h | 8 fs/smb/client/cifsglob.h | 1 fs/smb/client/connect.c | 17 fs/smb/client/namespace.c | 3 fs/smb/client/readdir.c | 28 fs/smb/client/reparse.c | 1 fs/smb/client/sess.c | 7 fs/smb/client/smb2pdu.c | 33 fs/smb/client/smbdirect.c | 5 fs/smb/client/transport.c | 14 fs/smb/server/connection.c | 2 fs/smb/server/connection.h | 1 fs/smb/server/smb2pdu.c | 11 fs/smb/server/transport_rdma.c | 10 fs/smb/server/transport_tcp.c | 3 fs/xattr.c | 1 include/acpi/actypes.h | 2 include/drm/display/drm_dp_helper.h | 5 include/linux/acpi.h | 9 include/linux/atmdev.h | 6 include/linux/bus/stm32_firewall_device.h | 15 include/linux/codetag.h | 8 include/linux/execmem.h | 8 include/linux/f2fs_fs.h | 1 include/linux/fs.h | 2 include/linux/hugetlb.h | 3 include/linux/mmc/card.h | 1 include/linux/module.h | 5 include/linux/mtd/nand-qpic-common.h | 4 include/linux/mtd/spinand.h | 72 - include/linux/tcp.h | 2 include/net/mac80211.h | 16 include/trace/events/erofs.h | 18 include/uapi/linux/videodev2.h | 12 io_uring/io-wq.c | 4 io_uring/io_uring.c | 2 io_uring/kbuf.c | 7 io_uring/net.c | 6 io_uring/rsrc.c | 8 io_uring/sqpoll.c | 5 ipc/shm.c | 5 kernel/bpf/bpf_struct_ops.c | 2 kernel/bpf/btf.c | 4 kernel/bpf/helpers.c | 3 kernel/cgroup/legacy_freezer.c | 3 kernel/events/core.c | 80 - kernel/exit.c | 17 kernel/module/main.c | 5 kernel/sched/core.c | 4 kernel/sched/ext.c | 5 kernel/sched/ext.h | 2 kernel/sched/fair.c | 4 kernel/sched/rt.c | 54 kernel/time/clocksource.c | 2 kernel/trace/ftrace.c | 10 kernel/trace/trace.c | 5 kernel/trace/trace_events_filter.c | 184 +- kernel/trace/trace_functions_graph.c | 6 kernel/watchdog.c | 41 kernel/workqueue.c | 7 lib/Kconfig | 1 lib/alloc_tag.c | 12 lib/codetag.c | 34 mm/execmem.c | 40 mm/hugetlb.c | 67 mm/madvise.c | 7 mm/page-writeback.c | 2 mm/readahead.c | 20 mm/vma.c | 49 mm/vma.h | 7 net/atm/common.c | 1 net/atm/lec.c | 12 net/atm/raw.c | 2 net/bridge/br_mst.c | 4 net/bridge/br_multicast.c | 103 + net/bridge/br_private.h | 11 net/core/dev.c | 1 net/core/filter.c | 19 net/core/page_pool.c | 4 net/core/skbuff.c | 3 net/core/skmsg.c | 3 net/core/sock.c | 4 net/ipv4/route.c | 4 net/ipv4/tcp_fastopen.c | 3 net/ipv4/tcp_input.c | 79 - net/ipv6/calipso.c | 8 net/mac80211/cfg.c | 2 net/mac80211/debugfs_sta.c | 6 net/mac80211/mesh_hwmp.c | 6 net/mac80211/rate.c | 2 net/mac80211/sta_info.c | 28 net/mac80211/sta_info.h | 11 net/mac80211/tx.c | 15 net/mpls/af_mpls.c | 4 net/netfilter/nft_set_pipapo.c | 6 net/nfc/nci/uart.c | 8 net/sched/sch_sfq.c | 10 net/sched/sch_taprio.c | 6 net/sctp/socket.c | 3 net/sunrpc/cache.c | 17 net/sunrpc/svc.c | 11 net/sunrpc/xprtrdma/svc_rdma_transport.c | 1 net/sunrpc/xprtsock.c | 5 net/tipc/crypto.c | 2 net/tipc/udp_media.c | 4 net/xfrm/xfrm_user.c | 52 scripts/Makefile.compiler | 4 security/selinux/xfrm.c | 2 sound/pci/hda/cs35l41_hda_property.c | 6 sound/pci/hda/hda_intel.c | 2 sound/pci/hda/patch_realtek.c | 15 sound/soc/amd/acp/acp-sdw-legacy-mach.c | 2 sound/soc/amd/acp/acp-sdw-sof-mach.c | 2 sound/soc/amd/yc/acp6x-mach.c | 9 sound/soc/codecs/tas2770.c | 30 sound/soc/codecs/wcd937x.c | 7 sound/soc/generic/simple-card-utils.c | 23 sound/soc/meson/meson-card-utils.c | 2 sound/soc/qcom/sdm845.c | 4 sound/soc/sdw_utils/soc_sdw_rt_amp.c | 2 sound/soc/tegra/tegra210_ahub.c | 2 sound/usb/mixer_maps.c | 12 tools/bpf/bpftool/cgroup.c | 12 tools/lib/bpf/btf.c | 18 tools/lib/bpf/libbpf.c | 6 tools/net/ynl/pyynl/lib/ynl.py | 67 tools/perf/tests/tests-scripts.c | 1 tools/perf/util/print-events.c | 1 tools/testing/selftests/x86/Makefile | 2 tools/testing/selftests/x86/sigtrap_loop.c | 101 + tools/testing/vma/vma_internal.h | 2 tools/tracing/rtla/src/utils.c | 2 660 files changed, 6737 insertions(+), 3756 deletions(-) Aditya Dutt (1): jfs: fix array-index-out-of-bounds read in add_missing_indices Aditya Garg (1): drm/appletbdrm: Make appletbdrm depend on X86 Aditya Kumar Singh (2): wifi: mac80211: validate SCAN_FLAG_AP in scan request during MLO wifi: ath12k: fix failed to set mhi state error during reboot with hardware grouping Ahmed Salem (1): ACPICA: Avoid sequence overread in call to strncmp() Akhil P Oommen (1): drm/msm/a6xx: Increase HFI response timeout Akhil R (2): i2c: tegra: check msg length in SMBUS block read dt-bindings: i2c: nvidia,tegra20-i2c: Specify the required properties Alan Maguire (2): libbpf/btf: Fix string handling to support multi-split BTF libbpf: Add identical pointer detection to btf_dedup_is_equiv() Alex Deucher (6): drm/amdgpu/gfx6: fix CSIB handling drm/amdgpu/gfx11: fix CSIB handling drm/amdgpu/gfx10: fix CSIB handling drm/amdgpu/gfx7: fix CSIB handling drm/amdgpu/gfx8: fix CSIB handling drm/amdgpu/gfx9: fix CSIB handling Alex Elder (1): i2c: k1: check for transfer error Alexander Aring (2): gfs2: move msleep to sleepable context dlm: use SHUT_RDWR for SCTP shutdown Alexander Sverdlin (1): Revert "bus: ti-sysc: Probe for l4_wkup and l4_cfg interconnect devices first" Alexey Kodanev (1): net: lan743x: fix potential out-of-bounds write in lan743x_ptp_io_event_clock_get() Alok Tiwari (1): emulex/benet: correct command version selection in be_cmd_get_stats() Amber Lin (1): drm/amdkfd: Set SDMA_RLCx_IB_CNTL/SWITCH_INSIDE_IB Amir Goldstein (1): ovl: fix debug print in case of mkdir error Andreas Kemnade (1): ARM: omap: pmic-cpcap: do not mess around without CPCAP or OMAP4 Andrew Morton (1): drivers/rapidio/rio_cm.c: prevent possible heap overwrite Andrew Zaborowski (1): x86/sgx: Prevent attempts to reclaim poisoned pages André Almeida (1): ovl: Fix nested backing file paths Andy Yan (2): drm/rockchip: inno-hdmi: Fix video timing HSYNC/VSYNC polarity setting for rk3036 drm/rockchip: vop2: Make overlay layer select register configuration take effect by vsync Antonin Godard (1): drm/panel: simple: Add POWERTIP PH128800T004-ZZA01 panel entry Anup Patel (2): RISC-V: KVM: Fix the size parameter check in SBI SFENCE calls RISC-V: KVM: Don't treat SBI HFENCE calls as NOPs Anusha Srivatsa (1): drm/panel/sharp-ls043t1le01: Use _multi variants Apurv Mishra (1): drm/amdkfd: Drop workaround for GC v9.4.3 revID 0 Armin Wolf (1): ACPI: bus: Bail out if acpi_kobj registration fails Arnd Bergmann (3): parisc: fix building with gcc-15 hwmon: (occ) Rework attribute registration for stack usage hwmon: (occ) fix unaligned accesses Artem Sadovnikov (1): jffs2: check that raw node were preallocated before writing summary Arthur-Prince (1): iio: adc: ti-ads1298: Kconfig: add kfifo dependency to fix module build Arvind Yadav (1): drm/amdgpu: fix MES GFX mask Avadhut Naik (1): EDAC/amd64: Correct number of UMCs for family 19h models 70h-7fh Ayushi Makhija (2): drm/bridge: anx7625: enable HPD interrupts drm/bridge: anx7625: change the gpiod_set_value API Bagas Sanjaya (1): Documentation: nouveau: Update GSP message queue kernel-doc reference Balamurugan S (1): wifi: ath12k: fix incorrect CE addresses Baochen Qiang (3): wifi: ath12k: fix a possible dead lock caused by ab->base_lock wifi: ath12k: make assoc link associate first wifi: ath11k: determine PM policy based on machine model Beleswar Padhi (1): remoteproc: k3-m4: Don't assert reset in detach routine Ben Skeggs (2): drm/nouveau/gsp: fix rm shutdown wait condition drm/nouveau/gsp: split rpc handling out on its own Benjamin Berg (2): wifi: iwlwifi: mld: call thermal exit without wiphy lock held wifi: mac80211: do not offer a mesh path if forwarding is disabled Benjamin Lin (1): wifi: mt76: mt7996: drop fragments with multicast or broadcast RA Benjamin Marzinski (1): dm-table: check BLK_FEAT_ATOMIC_WRITES inside limits_lock Bharath SM (2): smb: improve directory cache reuse for readdir operations smb: fix secondary channel creation issue with kerberos by populating hostname when adding channels Binbin Zhou (1): gpio: loongson-64bit: Correct Loongson-7A2000 ACPI GPIO access mode Bitterblue Smith (3): wifi: rtw88: usb: Upload the firmware in bigger chunks wifi: rtw88: usb: Reduce control message timeout to 500 ms wifi: rtw88: Set AMPDU factor to hardware for RTL8814A Boris Brezillon (1): drm/panthor: Don't update MMU_INT_MASK in panthor_mmu_irq_handler() Brett Creeley (1): ionic: Prevent driver/fw getting out of sync on devcmd(s) Brett Werling (1): can: tcan4x5x: fix power regulator retrieval during probe Brian Foster (1): ext4: only dirty folios when data journaling regular files Chao Gao (1): KVM: VMX: Flush shadow VMCS on emergency reboot Chao Yu (6): f2fs: fix to do sanity check on ino and xnid f2fs: fix to do sanity check on sit_bitmap_size f2fs: fix to return correct error number in f2fs_sync_node_pages() f2fs: use vmalloc instead of kvmalloc in .init_{,de}compress_ctx f2fs: fix to bail out in get_new_segment() f2fs: fix to set atomic write status more clear Charan Teja Kalla (1): PM: runtime: fix denying of auto suspend in pm_suspend_timer_fn() Charlene Liu (2): drm/amd/display: disable DPP RCG before DPP CLK enable drm/amd/display: fix zero value for APU watermark_c Chen Linxuan (1): RDMA/hns: initialize db in update_srq_db() Chen Ridong (1): cgroup,freezer: fix incomplete freezing when attaching tasks Chris Chiu (1): ALSA: hda/realtek: Fix built-in mic on ASUS VivoBook X513EA Christian Brauner (4): anon_inode: use a proper mode internally anon_inode: explicitly block ->setattr() anon_inode: raise SB_I_NODEV and SB_I_NOEXEC fs: add S_ANON_INODE Christian Lamparter (1): wifi: p54: prevent buffer-overflow in p54_rx_eeprom_readback() Christoph Rudorff (1): drm/nouveau: fix hibernate on disabled GPU Christophe Leroy (1): powerpc/vdso: Fix build of VDSO32 with pcrel Chuck Lever (3): NFSD: Implement FATTR4_CLONE_BLKSIZE attribute SUNRPC: Prevent hang on NFS mount with xprtsec=[m]tls svcrdma: Unregister the device if svc_rdma_accept() fails Chuyi Zhou (1): workqueue: Initialize wq_isolated_cpumask in workqueue_init_early() Connor Abbott (2): drm/msm: Fix CP_RESET_CONTEXT_STATE bitfield names drm/msm/a7xx: Call CP_RESET_CONTEXT_STATE Corey Minyard (1): ipmi:ssif: Fix a shutdown race Da Xue (1): clk: meson-g12a: add missing fclk_div2 to spicc Damien Le Moal (1): block: Clear BIO_EMULATES_ZONE_APPEND flag on BIO completion Damon Ding (1): drm/bridge: analogix_dp: Add irq flag IRQF_NO_AUTOEN instead of calling disable_irq() Dan Carpenter (2): media: iris: fix error code in iris_load_fw_to_memory() Input: ims-pcu - check record size in ims_pcu_flash_firmware() Dan Williams (1): configfs-tsm-report: Fix NULL dereference of tsm_ops Daniel Wagner (1): scsi: lpfc: Use memcpy() for BIOS version Daniele Ceraolo Spurio (1): drm/xe/vf: Fix guc_info debugfs for VFs Dave Airlie (1): drm/dp: add option to disable zero sized address only transactions. Dave Hansen (1): x86/mm: Disable INVLPGB when PTI is enabled David Lechner (5): pwm: axi-pwmgen: fix missing separate external clock iio: adc: ad7944: mask high bits on direct read iio: adc: ad7606_spi: fix reg write value mask iio: adc: ad7173: fix compiling without gpiolib iio: adc: ad7606: fix raw read for 18-bit chips David Strahan (1): scsi: smartpqi: Add new PCI IDs David Thompson (2): mlxbf_gige: return EPROBE_DEFER if PHY IRQ is not available gpio: mlxbf3: only get IRQ for device instance 0 David Wei (1): tcp: fix passive TFO socket having invalid NAPI ID Denis Arefev (1): media: vivid: Change the siize of the composing Dennis Marttinen (1): ceph: set superblock s_magic for IMA fsmagic matching Dev Jain (1): arm64: Restrict pagetable teardown to avoid false warning Dexuan Cui (1): scsi: storvsc: Increase the timeouts to storvsc_timeout Dian-Syuan Yang (1): wifi: rtw89: leave idle mode when setting WEP encryption for AP mode Diederik de Haas (1): PCI: dw-rockchip: Fix PHY function call sequence in rockchip_pcie_phy_deinit() Dillon Varone (3): drm/amd/display: Fix Vertical Interrupt definitions for dcn32, dcn401 drm/amd/display: Fix VUpdate offset calculations for dcn401 Revert "drm/amd/display: Fix VUpdate offset calculations for dcn401" Dimitri Fedrau (1): net: phy: marvell-88q2xxx: Enable temperature measurement in probe again Dmitry Antipov (1): wifi: carl9170: do not ping device which has failed to load firmware Dmitry Baryshkov (3): drm/bridge: select DRM_KMS_HELPER for AUX_BRIDGE drm/msm/hdmi: add runtime PM calls to DDC transfer function drm/msm/dpu: don't select single flush for active CTL blocks Dmitry Nikiforov (1): media: davinci: vpif: Fix memory leak in probe error path Donald Hunter (1): tools: ynl: parse extack for sub-messages Dongcheng Yan (1): media: i2c: change lt6911uxe irq_gpio name to "hpd" Dylan Wolff (1): jfs: Fix null-ptr-deref in jfs_ioc_trim Edip Hazuri (1): ALSA: hda/realtek - Add mute LED support for HP Victus 16-s1xxx and HP Victus 15-fa1xxx Edward Adam Davis (3): media: cxusb: no longer judge rbuf when the write fails media: vidtv: Terminating the subsequent process of initialization failure wifi: mac80211_hwsim: Prevent tsf from setting if beacon is disabled Eric Dumazet (7): tcp: always seek for minimal rtt in tcp_rcv_rtt_update() tcp: remove zero TCP TS samples for autotuning tcp: fix initial tp->rcvq_space.space value for passive TS enabled flows tcp: add receive queue awareness in tcp_rcv_space_adjust() net_sched: sch_sfq: reject invalid perturb period net: atm: add lec_mutex net: atm: fix /proc/net/atm/lec handling Erick Shepherd (1): mmc: Add quirk to disable DDR50 tuning Fabrice Gasnier (1): Input: gpio-keys - fix a sleep while atomic with PREEMPT_RT Fangzhi Zuo (1): drm/amd/display: Do Not Consider DSC if Valid Config Not Found Fedor Pchelkin (2): can: kvaser_pciefd: refine error prone echo_skb_max handling logic jffs2: check jffs2_prealloc_raw_node_refs() result in few other places Fei Shao (1): media: mediatek: vcodec: Correct vsi_core framebuffer size Frank Li (1): platform-msi: Add msi_remove_device_irq_domain() in platform_device_msi_free_irqs_all() Frank Wunderlich (1): net: phy: mediatek: do not require syscon compatible for pio property GONG Ruiqi (1): vgacon: Add check for vc_origin address range in vgacon_scroll() Gabor Juhos (4): pinctrl: armada-37xx: propagate error from armada_37xx_pmx_set_by_name() pinctrl: armada-37xx: propagate error from armada_37xx_gpio_get_direction() pinctrl: armada-37xx: propagate error from armada_37xx_pmx_gpio_set_direction() pinctrl: armada-37xx: propagate error from armada_37xx_gpio_get() Gabriel Shahrouzi (1): staging: iio: ad5933: Correct settling cycles encoding per datasheet Gao Xiang (3): erofs: remove unused trace event erofs_destroy_inode erofs: refuse crafted out-of-file-range encoded extents erofs: remove a superfluous check for encoded extents Gatien Chevallier (1): Input: gpio-keys - fix possible concurrent access in gpio_keys_irq_timer() Gautam Menghani (1): powerpc/pseries/msi: Avoid reading PCI device registers in reduced power states Giovanni Cabiddu (5): crypto: qat - add shutdown handler to qat_c3xxx crypto: qat - add shutdown handler to qat_420xx crypto: qat - add shutdown handler to qat_4xxx crypto: qat - add shutdown handler to qat_c62x crypto: qat - add shutdown handler to qat_dh895xcc Greg Kroah-Hartman (1): Linux 6.15.4 Grzegorz Nitka (1): ice: fix eswitch code memory leak in reset scenario Gui-Dong Han (1): hwmon: (ftsteutates) Fix TOCTOU race in fts_read() Guilherme G. Piccoli (1): clocksource: Fix the CPUs' choice in the watchdog per CPU verification Haixia Qu (1): tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer Hans Verkuil (2): media: cec: extron-da-hd-4k-plus: Fix Wformat-truncation media: tc358743: ignore video while HPD is low Hans de Goede (2): media: ov2740: Move pm-runtime cleanup on probe-errors to proper place media: ov08x40: Extend sleep after reset to 5 ms Hao Yao (1): media: ipu6: Remove workaround for Meteor Lake ES2 Haoxiang Li (1): media: imagination: fix a potential memory leak in e5010_probe() Hari Bathini (2): powerpc64/ftrace: fix clobbered r15 during livepatching powerpc/bpf: fix JIT code size calculation of bpf trampoline Hari Chandrakanthan (1): wifi: ath12k: fix link valid field initialization in the monitor Rx Hariprasad Kelam (1): Octeontx2-pf: Fix Backpresure configuration Harish Chegondi (1): drm/xe: Use copy_from_user() instead of __copy_from_user() Harshit Agarwal (1): sched/rt: Fix race in push_rt_task Hector Martin (2): ASoC: tas2770: Power cycle amp on ISENSE/VSENSE change i2c: pasemi: Enable the unjam machine Heiko Carstens (1): s390/pci: Fix __pcilg_mio_inuser() inline assembly Heiko Stuebner (1): clk: rockchip: rk3036: mark ddrphy as critical Heiner Kallweit (1): net: ftgmac100: select FIXED_PHY Helge Deller (1): parisc/unaligned: Fix hex output to show 8 hex chars Henk Vergonet (1): wifi: mt76: mt76x2: Add support for LiteOn WN4516R,WN4519R Herbert Xu (1): crypto: marvell/cesa - Do not chain submitted requests Hou Tao (1): bpf: Check rcu_read_lock_trace_held() in bpf_map_lookup_percpu_elem() Huacai Chen (2): PCI: Add ACS quirk for Loongson PCIe LoongArch: Avoid using $r0/$r1 as "mask" for csrxchg Hyunwoo Kim (1): net/sched: fix use-after-free in taprio_dev_notifier I Hsin Cheng (1): ASoC: intel/sdw_utils: Assign initial value in asoc_sdw_rt_amp_spk_rtd_init() Ian Rogers (2): perf evsel: Missed close() when probing hybrid core PMUs perf test: Directory file descriptor leak Ido Schimmel (2): vxlan: Do not treat dst cache initialization errors as fatal vxlan: Add RCU read-side critical sections in the Tx path Ilpo Järvinen (1): PCI: Fix lock symmetry in pci_slot_unlock() Ilya Leoshkevich (1): bpf: Pass the same orig_call value to trampoline functions Ioana Ciornei (1): bus: fsl-mc: do not add a device-link for the UAPI used DPMCP device Jacek Lawrynowicz (4): accel/ivpu: Improve buffer object logging accel/ivpu: Use firmware names from upstream repo accel/ivpu: Use dma_resv_lock() instead of a custom mutex accel/ivpu: Fix warning in ivpu_gem_bo_free() Jacob Keller (1): drm/nouveau/bl: increase buffer size to avoid truncate warning Jaegeuk Kim (1): f2fs: prevent kernel warning due to negative i_nlink from corrupted image Jakub Kicinski (3): net: clear the dst when changing skb protocol eth: fbnic: avoid double free when failing to DMA-map FW msg tools: ynl: fix mixing ops and notifications on one socket James A. MacInnes (2): drm/msm/dp: Disable wide bus support for SDM845 drm/msm/disp: Correct porch timing for SDM845 Jan Kara (1): ext4: fix calculation of credits for extent tree modification Jann Horn (3): mm/hugetlb: unshare page tables during VMA split, not before mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race tee: Prevent size calculation wraparound on 32-bit kernels Janne Grunau (1): PCI: apple: Set only available ports up Jarkko Nikula (1): i3c: mipi-i3c-hci: Fix handling status of i3c_hci_irq_handler() Jaroslav Kysela (3): firmware: cs_dsp: Fix OOB memory read access in KUnit test firmware: cs_dsp: Fix OOB memory read access in KUnit test (ctl cache) firmware: cs_dsp: Fix OOB memory read access in KUnit test (wmfw info) Jason Xing (3): net: atlantic: generate software timestamp just before the doorbell net: stmmac: generate software timestamp just before the doorbell net: mlx4: add SOF_TIMESTAMPING_TX_SOFTWARE flag when getting ts info Jeevaka Prabu Badrappan (1): drm/xe: Fix CFI violation when accessing sysfs files Jeff Hugo (1): bus: mhi: host: Fix conflict between power_up and SYSERR Jeff Layton (2): nfsd: use threads array as-is in netlink interface sunrpc: handle SVC_GARBAGE during svc auth processing as auth error Jens Axboe (7): block: use plug request list tail for one-shot backmerge attempt io_uring/net: only consider msg_inq if larger than 1 io_uring/kbuf: don't truncate end buffer for multiple buffer peeks io_uring/rsrc: validate buffer count with offset for cloning nvme: always punt polled uring_cmd end_io work to task_work io_uring/net: always use current transfer count for buffer put io_uring/sqpoll: don't put task_struct on tctx setup failure Jeongjun Park (2): jbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata() ipc: fix to protect IPCS lookups using RCU Jerry Lv (1): power: supply: bq27xxx: Retrieve again when busy Jesse.Zhang (2): drm/amdgpu: Fix API status offset for MES queue reset drm/amdkfd: move SDMA queue reset capability check to node_show Jiande Lu (1): Bluetooth: btusb: Add new VID/PID 13d3/3630 for MT7925 Jiayuan Chen (2): workqueue: Fix race condition in wq->stats incrementation bpf, sockmap: Fix data lost during EAGAIN retries Jinliang Zheng (1): mm: fix ratelimit_pages update error in dirty_ratio_handler() Joe Damato (1): netdevsim: Mark NAPI ID on skb in nsim_rcv Johan Hovold (8): wifi: ath11k: fix rx completion meta data corruption wifi: ath11k: fix ring-buffer corruption wifi: ath12k: fix ring-buffer corruption media: ov8856: suppress probe deferral errors media: ov5675: suppress probe deferral errors media: qcom: camss: csid: suppress CSID log spam media: qcom: camss: vfe: suppress VFE version log spam soc: qcom: pmic_glink_altmode: fix spurious DP hotplug events Johannes Berg (2): wifi: iwlwifi: mvm: fix beacon CCK flag wifi: iwlwifi: dvm: pair transport op-mode enter/leave John Garry (1): dm-table: Set BLK_FEAT_ATOMIC_WRITES for target queue limits John Keeping (1): drm/ssd130x: fix ssd132x_clear_screen() columns Jonas 'Sortie' Termansen (1): isofs: fix Y2038 and Y2156 issues in Rock Ridge TF entry Jonathan Lane (1): ALSA: hda/realtek: enable headset mic on Latitude 5420 Rugged João Paulo Gonçalves (2): regulator: max20086: Fix MAX200086 chip id regulator: max20086: Change enable gpio to optional Juergen Gross (1): x86/mm/pat: don't collapse pages without PSE set Justin Sanders (1): aoe: clean device rq_list in aoedev_downdev() Justin Tee (1): scsi: lpfc: Fix lpfc_check_sli_ndlp() handling for GEN_REQUEST64 commands Kai Huang (1): x86/virt/tdx: Avoid indirect calls to TDX assembly functions Kalesh AP (2): bnxt_en: Remove unused field "ref_count" in struct bnxt_ulp bnxt_en: Fix double invocation of bnxt_ulp_stop()/bnxt_ulp_start() Kan Liang (1): perf/x86/intel: Fix crash in icl_update_topdown_event() Kang Yang (1): wifi: ath12k: fix macro definition HAL_RX_MSDU_PKT_LENGTH_GET Karol Wachowski (1): accel/ivpu: Trigger device recovery on engine reset/resume failure Kees Cook (2): fbcon: Make sure modelist not set on unregistered console wifi: iwlwifi: mld: Work around Clang loop unrolling bug Kendall Willis (1): firmware: ti_sci: Convert CPU latency constraint from us to ms Kevin Gao (1): drm/amd/display: Correct SSC enable detection for DCN351 Khem Raj (1): mips: Add -std= flag specified in KBUILD_CFLAGS to vdso CFLAGS Kieran Bingham (1): media: i2c: imx335: Fix frame size enumeration Krishna Kumar (1): net: ice: Perform accurate aRFS flow match Krzysztof Hałasa (1): usbnet: asix AX88772: leave the carrier control to phylink Krzysztof Kozlowski (10): ASoC: codecs: wcd9375: Fix double free of regulator supplies ASoC: codecs: wcd937x: Drop unused buck_supply bus: firewall: Fix missing static inline annotations for stubs NFC: nci: uart: Set tty->disc_data only in success path power: supply: gpio-charger: Fix wakeup source leaks on device unbind power: supply: collie: Fix wakeup source leaks on device unbind Bluetooth: btmrvl_sdio: Fix wakeup source leaks on device unbind Bluetooth: btmtksdio: Fix wakeup source leaks on device unbind watchdog: stm32: Fix wakeup source leaks on device unbind drm/msm/dsi/dsi_phy_10nm: Fix missing initial VCO rate Kuan-Chung Chen (1): wifi: rtw89: 8922a: fix TX fail with wrong VCO setting Kuninori Morimoto (1): ASoC: simple-card-utils: fixup dlc->xxx handling for error case Kuniyuki Iwashima (4): atm: Revert atm_account_tx() if copy_from_iter_full() fails. mpls: Use rcu_dereference_rtnl() in mpls_route_input_rcu(). atm: atmtcp: Free invalid length skb in atmtcp_c_send(). calipso: Fix null-ptr-deref in calipso_req_{set,del}attr(). Kurt Borja (1): Revert "platform/x86: alienware-wmi-wmax: Add G-Mode support to Alienware m16 R1" Kyungwook Boo (1): i40e: fix MMIO write access to an invalid page in i40e_clear_hw Laurent Pinchart (1): media: renesas: vsp1: Fix media bus code setup on RWPF source pad Laurentiu Palcu (1): media: nxp: imx8-isi: better handle the m2m usage_count Laurentiu Tudor (1): bus: fsl-mc: increase MC_CMD_COMPLETION_TIMEOUT_MS value Leon Romanovsky (1): xfrm: validate assignment of maximal possible SEQ number Leon Yen (1): wifi: mt76: mt7925: introduce thermal protection Li Lingfeng (1): nfsd: Initialize ssc before laundromat_work to prevent NULL dereference Lijo Lazar (3): drm/amdgpu: Add basic validation for RAS header drm/amdgpu: Disallow partition query during reset drm/amd/pm: Reset SMU v13.0.x custom settings Linus Torvalds (1): Make 'cc-option' work correctly for the -Wno-xyzzy pattern Linus Walleij (1): net: ethernet: cortina: Use TOE/TSO on all TCP Liwei Sun (1): Bluetooth: btusb: Add new VID/PID 13d3/3584 for MT7922 Loic Poulain (1): media: venus: Fix probe error handling Long Li (5): Drivers: hv: Allocate interrupt and monitor pages aligned to system page boundary uio_hv_generic: Use correct size for interrupt and monitor pages uio_hv_generic: Align ring size to system page sunrpc: update nextcheck time when adding new cache entries sunrpc: fix race in cache cleanup causing stale nextcheck time Lorenzo Stoakes (2): KVM: s390: rename PROT_NONE to PROT_TYPE_DUMMY mm/vma: reset VMA iterator on commit_merge() OOM failure Lu Baolu (2): iommu/vt-d: Restore context entry setup order for aliased devices iommu: Allow attaching static domains in iommu_attach_device_pasid() Lucas De Marchi (1): drm/xe/uc: Remove static from loop variable Luis Henriques (1): fs: drop assert in file_seek_cur_needs_f_lock Lukas Bulwahn (1): x86/its: Fix an ifdef typo in its_alloc() Lukas Wunner (1): PCI: pciehp: Ignore belated Presence Detect Changed caused by DPC Luke D. Jones (1): hid-asus: check ROG Ally MCU version and warn Luo Gengkun (2): watchdog: fix watchdog may detect false positive of softlockup perf/core: Fix WARN in perf_cgroup_switch() Ma Ke (1): media: v4l2-dev: fix error handling in __video_register_device() Maarten Lankhorst (1): drm/xe/svm: Fix regression disallowing 64K SVM migration Maninder Singh (2): NFSD: unregister filesystem in case genl_register_family() fails NFSD: fix race between nfsd registration and exports_proc Marcus Folkesson (1): watchdog: da9052_wdt: respect TWDMIN Marek Szyprowski (3): media: omap3isp: use sgtable-based scatterlist wrappers media: videobuf2: use sgtable-based scatterlist wrappers udmabuf: use sgtable-based scatterlist wrappers Mario Limonciello (7): ACPI: Add missing prototype for non CONFIG_SUSPEND/CONFIG_X86 case drm/amd/display: Avoid divide by zero by initializing dummy pitch to 1 drm/amd/display: Restructure DMI quirks iommu/amd: Allow matching ACPI HID devices without matching UIDs platform/x86/amd: pmc: Clear metrics table at start of cycle platform/x86/amd: pmf: Use device managed allocations platform/x86/amd: pmf: Prevent amd_pmf_tee_deinit() from running twice Mark Rutland (1): KVM: arm64: VHE: Synchronize restore of host debug registers Martin Blumenstingl (1): ASoC: meson: meson-card-utils: use of_property_present() for DT parsing Martin KaFai Lau (1): bpftool: Fix cgroup command to only show cgroup bpf programs Mateusz Pacuszka (1): ice: fix check for existing switch rule Max Kellermann (1): fs/nfs/read: fix double-unlock bug in nfs_return_empty_folio() Maíra Canal (1): drm/v3d: Avoid NULL pointer dereference in `v3d_job_update_stats()` Md Sadre Alam (3): mtd: rawnand: qcom: Pass 18 bit offset from NANDc base to BAM base mtd: rawnand: qcom: Fix last codeword read in qcom_param_page_type_exec() mtd: rawnand: qcom: Fix read len for onfi param page Meghana Malladi (1): net: ti: icssg-prueth: Fix packet handling for XDP_TX Michael Chang (1): media: nuvoton: npcm-video: Fix stuck due to no video signal error Michael Lo (1): wifi: mt76: mt7925: fix host interrupt register initialization Michael Walle (1): net: ethernet: ti: am65-cpsw: handle -EPROBE_DEFER Mike Looijmans (1): pinctrl: mcp23s08: Reset all pins to input at probe Mike Rapoport (Microsoft) (3): x86/Kconfig: only enable ROX cache in execmem when STRICT_MODULE_RWX is set x86/its: move its_pages array to struct mod_arch_specific Revert "mm/execmem: Unify early execmem_cache behaviour" Mike Snitzer (1): NFS: always probe for LOCALIO support asynchronously Mike Tipton (1): cpufreq: scmi: Skip SCMI devices that aren't used by the CPUs Mikko Korhonen (1): ata: ahci: Disallow LPM for Asus B550-F motherboard Mikulas Patocka (3): dm-mirror: fix a tiny race condition dm-verity: fix a memory leak if some arguments are specified multiple times dm: lock limits when reading them Mina Almasry (1): net: netmem: fix skb_ensure_writable with unreadable skbs Ming Qian (5): media: imx-jpeg: Drop the first error frames media: imx-jpeg: Move mxc_jpeg_free_slot_data() ahead media: imx-jpeg: Reset slot data pointers when freed media: imx-jpeg: Cleanup after an allocation error media: imx-jpeg: Check decoding is ongoing for motion-jpeg Mingcong Bai (1): wifi: rtlwifi: disable ASPM for RTL8723BE with subsystem ID 11ad:1723 Miquel Raynal (6): mtd: spinand: Use more specific naming for the (single) read from cache ops mtd: spinand: Use more specific naming for the (dual output) read from cache ops mtd: spinand: Use more specific naming for the (dual IO) read from cache ops mtd: spinand: Use more specific naming for the (quad output) read from cache ops mtd: spinand: Use more specific naming for the (quad IO) read from cache ops mtd: spinand: winbond: Prevent unsupported frequencies on dual/quad I/O variants Miri Korenblit (2): wifi: iwlwifi: mld: check for NULL before referencing a pointer wifi: iwlwifi: pcie: make sure to lock rxq->read Moon Yeounsu (1): net: dlink: add synchronization for stats update Muhammad Usama Anjum (1): wifi: ath11k: Fix QMI memory reuse logic Muna Sinada (1): wifi: mac80211: VLAN traffic in multicast path Murad Masimov (2): fbdev: Fix do_register_framebuffer to prevent null-ptr-deref in fb_videomode_to_var fbdev: Fix fb_set_var to prevent null-ptr-deref in fb_videomode_to_var Mykyta Yatsenko (1): libbpf: Check bpf_map_skeleton link for NULL Namjae Jeon (3): exfat: fix double free in delayed_free ksmbd: fix null pointer dereference in destroy_previous_session ksmbd: add free_transport ops in ksmbd connection Narayana Murty N (1): powerpc/eeh: Fix missing PE bridge reconfiguration during VFIO EEH recovery Nas Chung (3): media: uapi: v4l: Fix V4L2_TYPE_IS_OUTPUT condition media: uapi: v4l: Change V4L2_TYPE_IS_CAPTURE condition media: qcom: venus: Fix uninitialized variable warning Neal Cardwell (1): tcp: fix tcp_packet_delayed() for tcp_is_non_sack_preventing_reopen() behavior NeilBrown (1): nfsd: nfsd4_spo_must_allow() must check this is a v4 compound request Nicolas Dufresne (2): media: verisilicon: Enable wide 4K in AV1 decoder media: rkvdec: Initialize the m2m context before the controls Niklas Cassel (3): ata: ahci: Disallow LPM for ASUSPRO-D840SA motherboard PCI: cadence-ep: Correct PBA offset in .set_msix() callback PCI: dwc: ep: Correct PBA offset in .set_msix() callback Niklas Schnelle (4): s390/pci: Remove redundant bus removal and disable from zpci_release_device() s390/pci: Prevent self deletion in disable_slot() s390/pci: Allow re-add of a reserved but not yet removed device s390/pci: Serialize device addition and removal Niklas Söderlund (1): media: rcar-vin: Fix stride setting for RAW8 formats Niravkumar L Rabara (1): EDAC/altera: Use correct write width with the INTTEST register Nuno Sá (1): hwmon: (ltc4282) avoid repeated register write Olga Kornievskaia (1): nfsd: fix access checking for NLM under XPRTSEC policies Ovidiu Bunea (1): drm/amd/display: Update IPS sequential_ono requirement checks Pablo Neira Ayuso (1): netfilter: nft_set_pipapo: clamp maximum map bucket size to INT_MAX Pali Rohár (1): cifs: Remove duplicate fattr->cf_dtype assignment from wsl_to_fattr() function Paul Aurich (1): smb: Log an error when close_all_cached_dirs fails Paul Hsieh (1): drm/amd/display: Skip to enable dsc if it has been off Pavan Chebbi (2): bnxt_en: Add a helper function to configure MRU and RSS bnxt_en: Update MRU and RSS table of RSS contexts on queue reset Pavel Begunkov (2): io_uring: account drain memory to cgroup io_uring/kbuf: account ring io_buffer_list memory Peng Fan (1): gpiolib: of: Add polarity quirk for s5m8767 Penglei Jiang (2): io_uring: fix task leak issue in io_wq_create() io_uring: fix potential page leak in io_sqe_buffer_register() Peter Marheine (1): ACPI: battery: negate current when discharging Peter Oberparleiter (1): scsi: s390: zfcp: Ensure synchronous unit_add Peter Zijlstra (3): sched/fair: Adhere to place_entity() constraints perf: Fix sample vs do_exit() perf: Fix cgroup state vs ERROR Peter Zijlstra (Intel) (1): x86/its: explicitly manage permissions for ITS pages Petr Malat (1): sctp: Do not wake readers in __sctp_write_space() Pradeep Kumar Chitrapu (1): wifi: ath12k: Fix incorrect rates sent to firmware Pu Lehui (1): mm: fix uprobe pte be overwritten when expanding vma Qasim Ijaz (2): net: ch9200: fix uninitialised access during mii_nway_restart drm/ttm/tests: fix incorrect assert in ttm_bo_unreserve_bulk() Qiuxu Zhuo (2): EDAC/igen6: Skip absent memory controllers EDAC/igen6: Fix NULL pointer dereference Rand Deeb (1): ixgbe: Fix unreachable retry logic in combined and byte I2C write functions Rengarajan S (1): net: lan743x: Modify the EEPROM and OTP size for PCI1xxxx devices Ricardo Ribalda (3): media: uvcvideo: Return the number of processed controls media: uvcvideo: Send control events for partial succeeds media: uvcvideo: Fix deferred probing error Richard Fitzgerald (1): ALSA: hda/realtek: Add quirk for Asus GU605C Rik van Riel (1): x86/mm: Fix early boot use of INVPLGB Rong Zhang (1): platform/x86: ideapad-laptop: use usleep_range() for EC polling Ronnie Sahlberg (1): ublk: santizize the arguments from userspace when adding a device Ross Stutterheim (1): ARM: 9447/1: arm/memremap: fix arch_memremap_can_ram_remap() Ruben Devos (1): smb: client: add NULL check in automount_fullpath Ryan Roberts (2): arm64/mm: Close theoretical race where stale TLB entry remains valid mm: close theoretical race where stale TLB entries could linger Sakari Ailus (5): media: ccs-pll: Start VT pre-PLL multiplier search from correct value media: ccs-pll: Start OP pre-PLL multiplier search from correct value media: ccs-pll: Correct the upper limit of maximum op_pre_pll_clk_div media: ccs-pll: Check for too high VT PLL multiplier in dual PLL case media: ccs-pll: Better validate VT PLL branch Salah Triki (1): wireless: purelifi: plfxlc: fix memory leak in plfxlc_usb_wreq_asyn() Samson Tam (1): drm/amd/display: disable EASF narrow filter sharpening Samuel Williams (1): wifi: mt76: mt7921: add 160 MHz AP for mt7922 device Sarika Sharma (2): wifi: ath12k: correctly handle mcast packets for clients wifi: ath12k: using msdu end descriptor to check for rx multicast packets Sascha Hauer (1): gpio: pca953x: fix wrong error probe return value Saurabh Sengar (1): hv_netvsc: fix potential deadlock in netvsc_vf_setxdp() Scott Mayhew (1): NFSv4: Don't check for OPEN feature support in v4.1 Sean Christopherson (1): iommu/amd: Ensure GA log notifier callbacks finish running before module unload Sean Nyekjaer (3): iio: accel: fxls8962af: Fix temperature scan element sign iio: accel: fxls8962af: Fix temperature calculation iio: imu: inv_icm42600: Fix temperature calculation Sebastian Andrzej Siewior (2): ipv4/route: Use this_cpu_inc() for stats on PREEMPT_RT net: page_pool: Don't recycle into cache on PREEMPT_RT SeongJae Park (1): mm/madvise: handle madvise_lock() failure during race unwinding Sergio Perez Gonzalez (1): net: macb: Check return value of dma_set_mask_and_coherent() Seunghun Han (2): ACPICA: fix acpi operand cache leak in dswstate.c ACPICA: fix acpi parse and parseext cache leaks Shawn Lin (1): PCI: dw-rockchip: Remove PCIE_L0S_ENTRY check from rockchip_pcie_link_up() Shin'ichiro Kawasaki (2): RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction nvme-tcp: remove tag set when second admin queue config fails Shravan Chippa (1): media: i2c: imx334: update mode_3840x2160_regs array Shung-Hsi Yu (1): bpf: Use proper type to calculate bpf_raw_tp_null_args.mask index Shyam Prasad N (6): cifs: reset connections for all channels when reconnect requested cifs: update dstaddr whenever channel iface is updated cifs: dns resolution is needed only for primary channel cifs: deal with the channel loading lag while picking channels cifs: serialize other channels when query server interfaces is pending cifs: do not disable interface polling on failure Sibi Sankar (1): firmware: arm_scmi: Ensure that the message-id supports fastchannel Sidhanta Sahu (1): wifi: ath12k: Fix memory leak due to multiple rx_stats allocation Simon Horman (1): pldmfw: Select CRC32 when PLDMFW is selected Simon Schuster (1): nios2: force update_mmu_cache on spurious tlb-permission--related pagefaults Srinivas Pandruvada (1): platform/x86/intel-uncore-freq: Fail module load when plat_info is NULL Srinivasan Shanmugam (1): drm/amd/display: Add NULL pointer checks in dm_force_atomic_commit() Sriram R (1): wifi: ath12k: Fix the enabling of REO queue lookup table feature Stanislaw Gruszka (1): media: intel/ipu6: Fix dma mask for non-secure mode Stefan Binding (2): ALSA: hda/realtek: Add support for Acer Helios Laptops using CS35L41 HDA ALSA: hda: cs35l41: Fix swapped l/r audio channels for Acer Helios laptops Stefan Metzmacher (1): smb: client: fix max_sge overflow in smb_extract_folioq_to_rdma() Stefan Wahren (1): net: vertexcom: mse102x: Return code for mse102x_rx_pkt_spi Stephen Smalley (2): fs/xattr.c: fix simple_xattr_list() selinux: fix selinux_xfrm_alloc_user() to set correct ctx_len Steven Rostedt (4): tracing: Only return an adjusted address if it matches the kernel address tracing: Fix regression of filter waiting a long time on RCU synchronization fgraph: Do not enable function_graph tracer when setting funcgraph-args tracing: Do not free "head" on error path of filter_free_subsystem_filters() Stuart Hayes (2): platform/x86: dell_rbu: Fix list usage platform/x86: dell_rbu: Stop overwriting data buffer Sukrut Bellary (1): ARM: OMAP2+: Fix l4ls clk domain handling in STANDBY Sumit Kumar (1): bus: mhi: ep: Update read pointer only after buffer is written Suraj P Kizhakkethil (1): wifi: ath12k: Pass correct values of center freq1 and center freq2 for 160 MHz Suren Baghdasaryan (1): alloc_tag: handle module codetag load errors as module load failures Svyatoslav Ryhel (1): power: supply: max17040: adjust thermal channel scaling Takashi Iwai (1): ALSA: hda/intel: Add Thinkpad E15 to PM deny list Talhah Peerbhai (1): ASoC: amd: yc: Add quirk for Lenovo Yoga Pro 7 14ASP9 Tali Perry (1): i2c: npcm: Add clock toggle recovery Tamir Duberstein (1): ACPICA: Apply pack(1) to union aml_resource Tan En De (1): i2c: designware: Invoke runtime suspend on quick slave re-registration Taniya Das (2): clk: qcom: gcc-x1e80100: Set FORCE MEM CORE for UFS clocks clk: qcom: gcc: Set FORCE_MEM_CORE_ON for gcc_ufs_axi_clk for 8650/8750 Tarang Raval (2): media: i2c: imx334: Enable runtime PM before sub-device registration media: i2c: imx334: Fix runtime PM handling in remove function Tasos Sahanidis (1): ata: pata_via: Force PIO for ATAPI devices on VT6415/VT6330 Tejun Heo (1): sched_ext, sched/core: Don't call scx_group_set_weight() prematurely from sched_create_group() Tengda Wu (1): arm64/ptrace: Fix stack-out-of-bounds read in regs_get_kernel_stack_nth() Thadeu Lima de Souza Cascardo (1): ext4: inline: fix len overflow in ext4_prepare_inline_data Thomas Weißschuh (1): LoongArch: vDSO: Correctly use asm parameters in syscall wrappers Thomas Zimmermann (3): sysfb: Fix screen_info type check for VGA video: screen_info: Relocate framebuffers behind PCI bridges dummycon: Trigger redraw when switching consoles with deferred takeover Tianyang Zhang (1): LoongArch: Fix panic caused by NULL-PMD in huge_pte_offset() Tiezhu Yang (1): rtla: Define __NR_sched_setattr for LoongArch Toke Høiland-Jørgensen (1): Revert "mac80211: Dynamically set CoDel parameters per station" Tomi Valkeinen (3): media: i2c: ds90ub913: Fix returned fmt from .set_fmt() media: rcar-vin: Fix RAW10 media: ti: cal: Fix wrong goto on error path TungYu Lu (1): drm/amd/display: Correct prefetch calculation Tzung-Bi Shih (1): drm/i915/pmu: Fix build error with GCOV and AutoFDO enabled Ulf Hansson (1): pmdomain: core: Reset genpd->states to avoid freeing invalid data Umang Jain (1): media: imx335: Use correct register width for HNUM Vasiliy Kovalev (1): jfs: validate AG parameters in dbMount() to prevent crashes Viacheslav Dubeyko (1): ceph: avoid kernel BUG for encrypted inode with unaligned file size Vicki Pfau (1): drm: panel-orientation-quirks: Add ZOTAC Gaming Zone Victor Skvortsov (1): drm/amdgpu: Add indirect L1_TLB_CNTL reg programming for VFs Vijendar Mukunda (2): ASoC: amd: amd_sdw: Fix unlikely uninitialized variable use in create_sdw_dailinks() ASoC: amd: sof_amd_sdw: Fix unlikely uninitialized variable use in create_sdw_dailinks() Vinay Belgaumkar (1): drm/xe/bmg: Update Wa_16023588340 Vitaliy Shevtsov (1): scsi: elx: efct: Fix memory leak in efct_hw_parse_filter() Vitaly Lifshits (1): e1000e: set fixed clock frequency indication for Nahum 11 and Nahum 13 Vlad Dogaru (2): net/mlx5: HWS, Fix IP version decision net/mlx5: HWS, Harden IP version definer checks Vladimir Oltean (2): ptp: fix breakage after ptp_vclock_in_use() rework ptp: allow reading of currently dialed frequency to succeed on free-running clocks Víctor Gonzalo (1): wifi: iwlwifi: Add missing MODULE_FIRMWARE for Qu-c0-jf-b0 Wan Junjie (1): bus: fsl-mc: fix GET/SET_TAILDROP command ids WangYuli (1): Bluetooth: btusb: Add RTL8851BE device 0x0bda:0xb850 Wentao Liang (9): ASoC: qcom: sdm845: Add error handling in sdm845_slim_snd_hw_params() net/mlx5_core: Add error handling inmlx5_query_nic_vport_qkey_viol_cntr() net/mlx5: Add error handling in mlx5_query_nic_vport_node_guid() media: gspca: Add error handling for stv06xx_read_sensor() mtd: rawnand: sunxi: Add randomizer configuration in sunxi_nfc_hw_ecc_write_chunk mtd: nand: sunxi: Add randomizer configuration before randomizer enable regulator: max14577: Add error check for max14577_read_reg() media: platform: exynos4-is: Add hardware sync wait to fimc_is_hw_change_mode() octeontx2-pf: Add error log forcn10k_map_unmap_rq_policer() Xiaolei Wang (2): remoteproc: core: Cleanup acquired resources when rproc_handle_resources() fails in rproc_attach() remoteproc: core: Release rproc->clean_table after rproc_attach() fails Xin Li (Intel) (1): selftests/x86: Add a test to detect infinite SIGTRAP handler loop Xu Yang (1): phy: fsl-imx8mq-usb: fix phy_tx_vboost_level_from_property() Yao Zi (3): platform/loongarch: laptop: Get brightness setting from EC on probe platform/loongarch: laptop: Unregister generic_sub_drivers on exit platform/loongarch: laptop: Add backlight power control support Ye Bin (1): ftrace: Fix UAF when lookup kallsym after ftrace disabled Yevgeny Kliteynik (1): net/mlx5: HWS, fix counting of rules in the matcher Yihan Zhu (1): drm/amd/display: DCN32 null data check Yong Wang (2): net: bridge: mcast: update multicast contex when vlan state is changed net: bridge: mcast: re-implement br_multicast_{enable, disable}_port functions Yosry Ahmed (1): KVM: SVM: Clear current_vmcb during vCPU free for all *possible* CPUs Yuanjun Gong (1): ASoC: tegra210_ahub: Add check to of_device_get_match_data() Yuezhang Mo (1): exfat: do not clear volume dirty flag during sync Yuuki NAGAO (1): wifi: rtw88: rtw8822bu VID/PID for BUFFALO WI-U2-866DM Zhang Yi (6): ext4: fix out of bounds punch offset ext4: fix incorrect punch max_end ext4: factor out ext4_get_maxbytes() ext4: ensure i_size is smaller than maxbytes ext4: ext4: unify EXT4_EX_NOCACHE|NOFAIL flags in ext4_ext_remove_space() ext4: prevent stale extent cache entries caused by concurrent get es_cache Zhi Wang (3): drm/nouveau/nvkm: factor out current GSP RPC command policies drm/nouveau/nvkm: introduce new GSP reply policy NVKM_GSP_RPC_REPLY_POLL drm/nouveau: fix a use-after-free in r535_gsp_rpc_push() Zijun Hu (3): configfs: Do not override creating attribute file failure in populate_attrs() software node: Correct a OOB check in software_node_get_reference_args() sock: Correct error checking condition for (assign|release)_proto_idx() Zilin Guan (1): tipc: use kfree_sensitive() for aead cleanup gldrk (1): ACPICA: utilities: Fix overflow check in vsnprintf() sunliming (1): wifi: mt76: mt7996: fix uninitialized symbol warning wangdicheng (1): ALSA: usb-audio: Rename ALSA kcontrol PCM and PCM1 for the KTMicro sound card zhangjian (1): smb: client: fix first command failure during re-negotiation

4 months, 2 weeks

2
3
0 0

[PATCH] ALSA: hda/realtek - Add mute LED support for HP Victus 15-fb2xxx

by edip＠medip.dev

From: Edip Hazuri <edip(a)medip.dev> The mute led on this laptop is using ALC245 but requires a quirk to work This patch enables the existing quirk for the device. Tested on my friend's Victus 15-fb2xxx Laptop. The LED behaviour works as intended. Cc: <stable(a)vger.kernel.org> Signed-off-by: Edip Hazuri <edip(a)medip.dev> --- sound/pci/hda/patch_realtek.c | 1 + 1 file changed, 1 insertion(+) diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c index 5d6d01ecf..a33e8a654 100644 --- a/sound/pci/hda/patch_realtek.c +++ b/sound/pci/hda/patch_realtek.c @@ -10881,6 +10881,7 @@ static const struct hda_quirk alc269_fixup_tbl[] = { SND_PCI_QUIRK(0x103c, 0x8ce0, "HP SnowWhite", ALC287_FIXUP_CS35L41_I2C_2_HP_GPIO_LED), SND_PCI_QUIRK(0x103c, 0x8cf5, "HP ZBook Studio 16", ALC245_FIXUP_CS35L41_SPI_4_HP_GPIO_LED), SND_PCI_QUIRK(0x103c, 0x8d01, "HP ZBook Power 14 G12", ALC285_FIXUP_HP_GPIO_LED), + SND_PCI_QUIRK(0x103c, 0x8d07, "HP Victus 15-fb2xxx (MB 8D07)", ALC245_FIXUP_HP_MUTE_LED_COEFBIT), SND_PCI_QUIRK(0x103c, 0x8d18, "HP EliteStudio 8 AIO", ALC274_FIXUP_HP_AIO_BIND_DACS), SND_PCI_QUIRK(0x103c, 0x8d84, "HP EliteBook X G1i", ALC285_FIXUP_HP_GPIO_LED), SND_PCI_QUIRK(0x103c, 0x8d85, "HP EliteBook 14 G12", ALC285_FIXUP_HP_GPIO_LED), -- 2.50.0

4 months, 2 weeks

2
1
0 0

[PATCH v4 1/2] usb: dwc3: gadget: Fix TRB reclaim logic for short transfers and ZLPs

by Johannes Schneider

Commit 61440628a4ff ("usb: dwc3: gadget: Cleanup SG handling") updated the TRB reclaim path to use the TRB CHN (Chain) bit to determine whether a TRB was part of a chain. However, this inadvertently changed the behavior of reclaiming the final TRB in some scatter-gather or short transfer cases. In particular, if the final TRB did not have the CHN bit set, the cleanup path could incorrectly skip clearing the HWO (Hardware Own) bit, leaving stale TRBs in the ring. This resulted in broken data transfer completions in userspace, notably for MTP over FunctionFS. Fix this by unconditionally clearing the HWO bit during TRB reclaim, regardless of the CHN bit state. This restores correct behavior especially for transfers that require ZLPs or end on non-CHN TRBs. Fixes: 61440628a4ff ("usb: dwc3: gadget: Cleanup SG handling") Acked-by: Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> Signed-off-by: Johannes Schneider <johannes.schneider(a)leica-geosystems.com> Cc: <stable(a)vger.kernel.org> # v6.13 --- Changes in v4: - None, patch content is the same - re-assembled into a patch-series, and re-submission to solve b4 troubles - Link to v3: 1. https://lore.kernel.org/all/AM8PR06MB7521A29A8863C838B54987B6BC7BA@AM8PR06M… 2. https://lore.kernel.org/all/AM8PR06MB752168CCAF31023017025DD5BC7BA@AM8PR06M… Changes in v3: - re-submission as singular patch - Link to v2: https://lore.kernel.org/r/20250624-dwc3-fix-gadget-mtp-v2-0-0e2d9979328f@le… Changes in v2: - None, resubmission as separate patches - dropped Patch 3, as it did change the logic - CC to stable - Link to v1: https://lore.kernel.org/r/20250621-dwc3-fix-gadget-mtp-v1-0-a45e6def71bb@le… --- drivers/usb/dwc3/gadget.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c index 321361288935..99fbd29d8f46 100644 --- a/drivers/usb/dwc3/gadget.c +++ b/drivers/usb/dwc3/gadget.c @@ -3516,7 +3516,7 @@ static int dwc3_gadget_ep_reclaim_completed_trb(struct dwc3_ep *dep, * We're going to do that here to avoid problems of HW trying * to use bogus TRBs for transfers. */ - if (chain && (trb->ctrl & DWC3_TRB_CTRL_HWO)) + if (trb->ctrl & DWC3_TRB_CTRL_HWO) trb->ctrl &= ~DWC3_TRB_CTRL_HWO; /* -- 2.34.1

4 months, 2 weeks

1
0
0 0

[PATCH v4] iio: common: st_sensors: Fix use of uninitialize device structs

by Maud Spierings via B4 Relay

From: Maud Spierings <maudspierings(a)gocontroll.com> Throughout the various probe functions &indio_dev->dev is used before it is initialized. This caused a kernel panic in st_sensors_power_enable() when the call to devm_regulator_bulk_get_enable() fails and then calls dev_err_probe() with the uninitialized device. This seems to only cause a panic with dev_err_probe(), dev_err(), dev_warn() and dev_info() don't seem to cause a panic, but are fixed as well. The issue is reported and traced here: [1] Link: https://lore.kernel.org/all/AM7P189MB100986A83D2F28AF3FFAF976E39EA@AM7P189M… [1] Cc: stable(a)vger.kernel.org Signed-off-by: Maud Spierings <maudspierings(a)gocontroll.com> --- When I search for general &indio_dev->dev usage, I see quite a lot more hits, but I am not sure if there are issues with those too. This issue has existed for a long time it seems and therefore it is nearly impossible to find a proper fixes tag. I would love to see it at least backported to 6.12 as that is where I encountered it, and I believe the patch should apply without conflicts. --- Changes in v4: - Put the link to the original issue in a proper link tag - Remove stray newline - Link to v3: https://lore.kernel.org/r/20250526-st_iio_fix-v3-1-039fec38707c@gocontroll.… Changes in v3: - Added the stable cc to the commit message - Move the link to the original issue to the commit message - Fix function notation in the commit message - Move some more of the dev_*() calls to one line - Link to v2: https://lore.kernel.org/r/20250522-st_iio_fix-v2-1-07a32655a996@gocontroll.… Changes in v2: - Added SoB in commit message - Link to v1: https://lore.kernel.org/r/20250522-st_iio_fix-v1-1-d689b35f1612@gocontroll.… --- drivers/iio/accel/st_accel_core.c | 10 +++--- drivers/iio/common/st_sensors/st_sensors_core.c | 36 ++++++++++------------ drivers/iio/common/st_sensors/st_sensors_trigger.c | 20 ++++++------ 3 files changed, 31 insertions(+), 35 deletions(-) diff --git a/drivers/iio/accel/st_accel_core.c b/drivers/iio/accel/st_accel_core.c index 99cb661fabb2d9cc1943fa8d0a6f3becb71126e6..a7961c610ed203d039bbf298c8883031a578fb0b 100644 --- a/drivers/iio/accel/st_accel_core.c +++ b/drivers/iio/accel/st_accel_core.c @@ -1353,6 +1353,7 @@ static int apply_acpi_orientation(struct iio_dev *indio_dev) union acpi_object *ont; union acpi_object *elements; acpi_status status; + struct device *parent = indio_dev->dev.parent; int ret = -EINVAL; unsigned int val; int i, j; @@ -1371,7 +1372,7 @@ static int apply_acpi_orientation(struct iio_dev *indio_dev) }; - adev = ACPI_COMPANION(indio_dev->dev.parent); + adev = ACPI_COMPANION(parent); if (!adev) return -ENXIO; @@ -1380,8 +1381,7 @@ static int apply_acpi_orientation(struct iio_dev *indio_dev) if (status == AE_NOT_FOUND) { return -ENXIO; } else if (ACPI_FAILURE(status)) { - dev_warn(&indio_dev->dev, "failed to execute _ONT: %d\n", - status); + dev_warn(parent, "failed to execute _ONT: %d\n", status); return status; } @@ -1457,12 +1457,12 @@ static int apply_acpi_orientation(struct iio_dev *indio_dev) } ret = 0; - dev_info(&indio_dev->dev, "computed mount matrix from ACPI\n"); + dev_info(parent, "computed mount matrix from ACPI\n"); out: kfree(buffer.pointer); if (ret) - dev_dbg(&indio_dev->dev, + dev_dbg(parent, "failed to apply ACPI orientation data: %d\n", ret); return ret; diff --git a/drivers/iio/common/st_sensors/st_sensors_core.c b/drivers/iio/common/st_sensors/st_sensors_core.c index 8ce1dccfea4f5aaff45d3d40f6542323dd1f0b09..dac593be56958fd0be92e13f628350fcfd0f040d 100644 --- a/drivers/iio/common/st_sensors/st_sensors_core.c +++ b/drivers/iio/common/st_sensors/st_sensors_core.c @@ -154,7 +154,7 @@ static int st_sensors_set_fullscale(struct iio_dev *indio_dev, unsigned int fs) return err; st_accel_set_fullscale_error: - dev_err(&indio_dev->dev, "failed to set new fullscale.\n"); + dev_err(indio_dev->dev.parent, "failed to set new fullscale.\n"); return err; } @@ -231,8 +231,7 @@ int st_sensors_power_enable(struct iio_dev *indio_dev) ARRAY_SIZE(regulator_names), regulator_names); if (err) - return dev_err_probe(&indio_dev->dev, err, - "unable to enable supplies\n"); + return dev_err_probe(parent, err, "unable to enable supplies\n"); return 0; } @@ -241,13 +240,14 @@ EXPORT_SYMBOL_NS(st_sensors_power_enable, "IIO_ST_SENSORS"); static int st_sensors_set_drdy_int_pin(struct iio_dev *indio_dev, struct st_sensors_platform_data *pdata) { + struct device *parent = indio_dev->dev.parent; struct st_sensor_data *sdata = iio_priv(indio_dev); /* Sensor does not support interrupts */ if (!sdata->sensor_settings->drdy_irq.int1.addr && !sdata->sensor_settings->drdy_irq.int2.addr) { if (pdata->drdy_int_pin) - dev_info(&indio_dev->dev, + dev_info(parent, "DRDY on pin INT%d specified, but sensor does not support interrupts\n", pdata->drdy_int_pin); return 0; @@ -256,29 +256,27 @@ static int st_sensors_set_drdy_int_pin(struct iio_dev *indio_dev, switch (pdata->drdy_int_pin) { case 1: if (!sdata->sensor_settings->drdy_irq.int1.mask) { - dev_err(&indio_dev->dev, - "DRDY on INT1 not available.\n"); + dev_err(parent, "DRDY on INT1 not available.\n"); return -EINVAL; } sdata->drdy_int_pin = 1; break; case 2: if (!sdata->sensor_settings->drdy_irq.int2.mask) { - dev_err(&indio_dev->dev, - "DRDY on INT2 not available.\n"); + dev_err(parent, "DRDY on INT2 not available.\n"); return -EINVAL; } sdata->drdy_int_pin = 2; break; default: - dev_err(&indio_dev->dev, "DRDY on pdata not valid.\n"); + dev_err(parent, "DRDY on pdata not valid.\n"); return -EINVAL; } if (pdata->open_drain) { if (!sdata->sensor_settings->drdy_irq.int1.addr_od && !sdata->sensor_settings->drdy_irq.int2.addr_od) - dev_err(&indio_dev->dev, + dev_err(parent, "open drain requested but unsupported.\n"); else sdata->int_pin_open_drain = true; @@ -336,6 +334,7 @@ EXPORT_SYMBOL_NS(st_sensors_dev_name_probe, "IIO_ST_SENSORS"); int st_sensors_init_sensor(struct iio_dev *indio_dev, struct st_sensors_platform_data *pdata) { + struct device *parent = indio_dev->dev.parent; struct st_sensor_data *sdata = iio_priv(indio_dev); struct st_sensors_platform_data *of_pdata; int err = 0; @@ -343,7 +342,7 @@ int st_sensors_init_sensor(struct iio_dev *indio_dev, mutex_init(&sdata->odr_lock); /* If OF/DT pdata exists, it will take precedence of anything else */ - of_pdata = st_sensors_dev_probe(indio_dev->dev.parent, pdata); + of_pdata = st_sensors_dev_probe(parent, pdata); if (IS_ERR(of_pdata)) return PTR_ERR(of_pdata); if (of_pdata) @@ -370,7 +369,7 @@ int st_sensors_init_sensor(struct iio_dev *indio_dev, if (err < 0) return err; } else - dev_info(&indio_dev->dev, "Full-scale not possible\n"); + dev_info(parent, "Full-scale not possible\n"); err = st_sensors_set_odr(indio_dev, sdata->odr); if (err < 0) @@ -405,7 +404,7 @@ int st_sensors_init_sensor(struct iio_dev *indio_dev, mask = sdata->sensor_settings->drdy_irq.int2.mask_od; } - dev_info(&indio_dev->dev, + dev_info(parent, "set interrupt line to open drain mode on pin %d\n", sdata->drdy_int_pin); err = st_sensors_write_data_with_mask(indio_dev, addr, @@ -593,21 +592,20 @@ EXPORT_SYMBOL_NS(st_sensors_get_settings_index, "IIO_ST_SENSORS"); int st_sensors_verify_id(struct iio_dev *indio_dev) { struct st_sensor_data *sdata = iio_priv(indio_dev); + struct device *parent = indio_dev->dev.parent; int wai, err; if (sdata->sensor_settings->wai_addr) { err = regmap_read(sdata->regmap, sdata->sensor_settings->wai_addr, &wai); if (err < 0) { - dev_err(&indio_dev->dev, - "failed to read Who-Am-I register.\n"); - return err; + return dev_err_probe(parent, err, + "failed to read Who-Am-I register.\n"); } if (sdata->sensor_settings->wai != wai) { - dev_warn(&indio_dev->dev, - "%s: WhoAmI mismatch (0x%x).\n", - indio_dev->name, wai); + dev_warn(parent, "%s: WhoAmI mismatch (0x%x).\n", + indio_dev->name, wai); } } diff --git a/drivers/iio/common/st_sensors/st_sensors_trigger.c b/drivers/iio/common/st_sensors/st_sensors_trigger.c index 9d4bf822a15dfcdd6c2835f6b9d7698cd3cb0b08..8a8ab688d7980f6dd43c660f90a0eba32c38388b 100644 --- a/drivers/iio/common/st_sensors/st_sensors_trigger.c +++ b/drivers/iio/common/st_sensors/st_sensors_trigger.c @@ -127,7 +127,7 @@ int st_sensors_allocate_trigger(struct iio_dev *indio_dev, sdata->trig = devm_iio_trigger_alloc(parent, "%s-trigger", indio_dev->name); if (sdata->trig == NULL) { - dev_err(&indio_dev->dev, "failed to allocate iio trigger.\n"); + dev_err(parent, "failed to allocate iio trigger.\n"); return -ENOMEM; } @@ -143,7 +143,7 @@ int st_sensors_allocate_trigger(struct iio_dev *indio_dev, case IRQF_TRIGGER_FALLING: case IRQF_TRIGGER_LOW: if (!sdata->sensor_settings->drdy_irq.addr_ihl) { - dev_err(&indio_dev->dev, + dev_err(parent, "falling/low specified for IRQ but hardware supports only rising/high: will request rising/high\n"); if (irq_trig == IRQF_TRIGGER_FALLING) irq_trig = IRQF_TRIGGER_RISING; @@ -156,21 +156,19 @@ int st_sensors_allocate_trigger(struct iio_dev *indio_dev, sdata->sensor_settings->drdy_irq.mask_ihl, 1); if (err < 0) return err; - dev_info(&indio_dev->dev, + dev_info(parent, "interrupts on the falling edge or active low level\n"); } break; case IRQF_TRIGGER_RISING: - dev_info(&indio_dev->dev, - "interrupts on the rising edge\n"); + dev_info(parent, "interrupts on the rising edge\n"); break; case IRQF_TRIGGER_HIGH: - dev_info(&indio_dev->dev, - "interrupts active high level\n"); + dev_info(parent, "interrupts active high level\n"); break; default: /* This is the most preferred mode, if possible */ - dev_err(&indio_dev->dev, + dev_err(parent, "unsupported IRQ trigger specified (%lx), enforce rising edge\n", irq_trig); irq_trig = IRQF_TRIGGER_RISING; } @@ -179,7 +177,7 @@ int st_sensors_allocate_trigger(struct iio_dev *indio_dev, if (irq_trig == IRQF_TRIGGER_FALLING || irq_trig == IRQF_TRIGGER_RISING) { if (!sdata->sensor_settings->drdy_irq.stat_drdy.addr) { - dev_err(&indio_dev->dev, + dev_err(parent, "edge IRQ not supported w/o stat register.\n"); return -EOPNOTSUPP; } @@ -214,13 +212,13 @@ int st_sensors_allocate_trigger(struct iio_dev *indio_dev, sdata->trig->name, sdata->trig); if (err) { - dev_err(&indio_dev->dev, "failed to request trigger IRQ.\n"); + dev_err(parent, "failed to request trigger IRQ.\n"); return err; } err = devm_iio_trigger_register(parent, sdata->trig); if (err < 0) { - dev_err(&indio_dev->dev, "failed to register iio trigger.\n"); + dev_err(parent, "failed to register iio trigger.\n"); return err; } indio_dev->trig = iio_trigger_get(sdata->trig); --- base-commit: 7bac2c97af4078d7a627500c9bcdd5b033f97718 change-id: 20250522-st_iio_fix-1c58fdd4d420 Best regards, -- Maud Spierings <maudspierings(a)gocontroll.com>

4 months, 2 weeks

4
4
0 0

[PATCH v 5] usb: dwc2: gadget: Fix enter to hibernation for UTMI+ PHY

by Minas Harutyunyan

For UTMI+ PHY, according to programming guide, first should be set PMUACTV bit then STOPPCLK bit. Otherwise, when the device issues Remote Wakeup, then host notices disconnect instead. For ULPI PHY, above mentioned bits must be set in reversed order: STOPPCLK then PMUACTV. Fixes: 4483ef3c1685 ("usb: dwc2: Add hibernation updates for ULPI PHY") Cc: stable(a)vger.kernel.org Signed-off-by: Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> --- Changes in v5: - Rebased on top of Linux 6.16-rc2 Changes in v4: - Rebased on top of Linux 6.15-rc6 Changes in v3: - Rebased on top of Linux 6.15-rc4 Changes in v2: - Added Cc: stable(a)vger.kernel.org drivers/usb/dwc2/gadget.c | 38 ++++++++++++++++++++++++++------------ 1 file changed, 26 insertions(+), 12 deletions(-) diff --git a/drivers/usb/dwc2/gadget.c b/drivers/usb/dwc2/gadget.c index d5b622f78cf3..0637bfbc054e 100644 --- a/drivers/usb/dwc2/gadget.c +++ b/drivers/usb/dwc2/gadget.c @@ -5389,20 +5389,34 @@ int dwc2_gadget_enter_hibernation(struct dwc2_hsotg *hsotg) if (gusbcfg & GUSBCFG_ULPI_UTMI_SEL) { /* ULPI interface */ gpwrdn |= GPWRDN_ULPI_LATCH_EN_DURING_HIB_ENTRY; - } - dwc2_writel(hsotg, gpwrdn, GPWRDN); - udelay(10); + dwc2_writel(hsotg, gpwrdn, GPWRDN); + udelay(10); - /* Suspend the Phy Clock */ - pcgcctl = dwc2_readl(hsotg, PCGCTL); - pcgcctl |= PCGCTL_STOPPCLK; - dwc2_writel(hsotg, pcgcctl, PCGCTL); - udelay(10); + /* Suspend the Phy Clock */ + pcgcctl = dwc2_readl(hsotg, PCGCTL); + pcgcctl |= PCGCTL_STOPPCLK; + dwc2_writel(hsotg, pcgcctl, PCGCTL); + udelay(10); - gpwrdn = dwc2_readl(hsotg, GPWRDN); - gpwrdn |= GPWRDN_PMUACTV; - dwc2_writel(hsotg, gpwrdn, GPWRDN); - udelay(10); + gpwrdn = dwc2_readl(hsotg, GPWRDN); + gpwrdn |= GPWRDN_PMUACTV; + dwc2_writel(hsotg, gpwrdn, GPWRDN); + udelay(10); + } else { + /* UTMI+ Interface */ + dwc2_writel(hsotg, gpwrdn, GPWRDN); + udelay(10); + + gpwrdn = dwc2_readl(hsotg, GPWRDN); + gpwrdn |= GPWRDN_PMUACTV; + dwc2_writel(hsotg, gpwrdn, GPWRDN); + udelay(10); + + pcgcctl = dwc2_readl(hsotg, PCGCTL); + pcgcctl |= PCGCTL_STOPPCLK; + dwc2_writel(hsotg, pcgcctl, PCGCTL); + udelay(10); + } /* Set flag to indicate that we are in hibernation */ hsotg->hibernated = 1; base-commit: 7aed15379db9c6ec67999cdaf5c443b7be06ea73 -- 2.41.0

4 months, 2 weeks

2
1
0 0

[PATCH 6.12.y 0/2] crypto: rng - FIPS 140-3 compliance for random number generation

by Jay Wang

This patch series implements FIPS 140-3 compliance requirements for random number generation in the Linux kernel 6.12. The changes ensure that when the kernel is operating in FIPS mode, FIPS-compliant random number generators are used instead of the default /dev/random implementation. IMPORTANT: These two patches must be applied together as a series. Applying only the first patch without the second will cause a deadlock during boot in FIPS-enabled environments. The second patch fixes a critical timing issue introduced by the first patch where the crypto RNG attempts to override the drivers/char/random interface before the default RNG becomes available. The series consists of two patches: 1. Initial implementation to override drivers/char/random in FIPS mode 2. Refinement to ensure override only occurs after FIPS-mode RNGs are available These 2 patches are required for FIPS 140-3 certification and compliance in government and enterprise environments. Herbert Xu (1): crypto: rng - Override drivers/char/random in FIPS mode Jay Wang (1): Override drivers/char/random only after FIPS-mode RNGs become available crypto/rng.c | 92 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 92 insertions(+) -- 2.47.1

4 months, 2 weeks

3
5
0 0

[tip: ras/urgent] x86/mce: Don't remove sysfs if thresholding sysfs init fails

by tip-bot2 for Yazen Ghannam

The following commit has been merged into the ras/urgent branch of tip: Commit-ID: 4c113a5b28bfd589e2010b5fc8867578b0135ed7 Gitweb: https://git.kernel.org/tip/4c113a5b28bfd589e2010b5fc8867578b0135ed7 Author: Yazen Ghannam <yazen.ghannam(a)amd.com> AuthorDate: Tue, 24 Jun 2025 14:15:56 Committer: Borislav Petkov (AMD) <bp(a)alien8.de> CommitterDate: Thu, 26 Jun 2025 17:28:13 +02:00 x86/mce: Don't remove sysfs if thresholding sysfs init fails Currently, the MCE subsystem sysfs interface will be removed if the thresholding sysfs interface fails to be created. A common failure is due to new MCA bank types that are not recognized and don't have a short name set. The MCA thresholding feature is optional and should not break the common MCE sysfs interface. Also, new MCA bank types are occasionally introduced, and updates will be needed to recognize them. But likewise, this should not break the common sysfs interface. Keep the MCE sysfs interface regardless of the status of the thresholding sysfs interface. Signed-off-by: Yazen Ghannam <yazen.ghannam(a)amd.com> Signed-off-by: Borislav Petkov (AMD) <bp(a)alien8.de> Reviewed-by: Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> Reviewed-by: Tony Luck <tony.luck(a)intel.com> Tested-by: Tony Luck <tony.luck(a)intel.com> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/20250624-wip-mca-updates-v4-1-236dd74f645f@amd.com --- arch/x86/kernel/cpu/mce/core.c | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/arch/x86/kernel/cpu/mce/core.c b/arch/x86/kernel/cpu/mce/core.c index e9b3c5d..07d6193 100644 --- a/arch/x86/kernel/cpu/mce/core.c +++ b/arch/x86/kernel/cpu/mce/core.c @@ -2801,15 +2801,9 @@ static int mce_cpu_dead(unsigned int cpu) static int mce_cpu_online(unsigned int cpu) { struct timer_list *t = this_cpu_ptr(&mce_timer); - int ret; mce_device_create(cpu); - - ret = mce_threshold_create_device(cpu); - if (ret) { - mce_device_remove(cpu); - return ret; - } + mce_threshold_create_device(cpu); mce_reenable_cpu(); mce_start_timer(t); return 0;

4 months, 2 weeks

1
0
0 0

[tip: ras/urgent] x86/mce: Ensure user polling settings are honored when restarting timer

by tip-bot2 for Yazen Ghannam

The following commit has been merged into the ras/urgent branch of tip: Commit-ID: 00c092de6f28ebd32208aef83b02d61af2229b60 Gitweb: https://git.kernel.org/tip/00c092de6f28ebd32208aef83b02d61af2229b60 Author: Yazen Ghannam <yazen.ghannam(a)amd.com> AuthorDate: Tue, 24 Jun 2025 14:15:57 Committer: Borislav Petkov (AMD) <bp(a)alien8.de> CommitterDate: Fri, 27 Jun 2025 12:41:44 +02:00 x86/mce: Ensure user polling settings are honored when restarting timer Users can disable MCA polling by setting the "ignore_ce" parameter or by setting "check_interval=0". This tells the kernel to *not* start the MCE timer on a CPU. If the user did not disable CMCI, then storms can occur. When these happen, the MCE timer will be started with a fixed interval. After the storm subsides, the timer's next interval is set to check_interval. This disregards the user's input through "ignore_ce" and "check_interval". Furthermore, if "check_interval=0", then the new timer will run faster than expected. Create a new helper to check these conditions and use it when a CMCI storm ends. [ bp: Massage. ] Fixes: 7eae17c4add5 ("x86/mce: Add per-bank CMCI storm mitigation") Signed-off-by: Yazen Ghannam <yazen.ghannam(a)amd.com> Signed-off-by: Borislav Petkov (AMD) <bp(a)alien8.de> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/20250624-wip-mca-updates-v4-2-236dd74f645f@amd.com --- arch/x86/kernel/cpu/mce/core.c | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/arch/x86/kernel/cpu/mce/core.c b/arch/x86/kernel/cpu/mce/core.c index 07d6193..4da4eab 100644 --- a/arch/x86/kernel/cpu/mce/core.c +++ b/arch/x86/kernel/cpu/mce/core.c @@ -1740,6 +1740,11 @@ static void mc_poll_banks_default(void) void (*mc_poll_banks)(void) = mc_poll_banks_default; +static bool should_enable_timer(unsigned long iv) +{ + return !mca_cfg.ignore_ce && iv; +} + static void mce_timer_fn(struct timer_list *t) { struct timer_list *cpu_t = this_cpu_ptr(&mce_timer); @@ -1763,7 +1768,7 @@ static void mce_timer_fn(struct timer_list *t) if (mce_get_storm_mode()) { __start_timer(t, HZ); - } else { + } else if (should_enable_timer(iv)) { __this_cpu_write(mce_next_interval, iv); __start_timer(t, iv); } @@ -2156,11 +2161,10 @@ static void mce_start_timer(struct timer_list *t) { unsigned long iv = check_interval * HZ; - if (mca_cfg.ignore_ce || !iv) - return; - - this_cpu_write(mce_next_interval, iv); - __start_timer(t, iv); + if (should_enable_timer(iv)) { + this_cpu_write(mce_next_interval, iv); + __start_timer(t, iv); + } } static void __mcheck_cpu_setup_timer(void)

4 months, 2 weeks

1
0
0 0

[tip: ras/urgent] x86/mce/amd: Add default names for MCA banks and blocks

by tip-bot2 for Yazen Ghannam

The following commit has been merged into the ras/urgent branch of tip: Commit-ID: d66e1e90b16055d2f0ee76e5384e3f119c3c2773 Gitweb: https://git.kernel.org/tip/d66e1e90b16055d2f0ee76e5384e3f119c3c2773 Author: Yazen Ghannam <yazen.ghannam(a)amd.com> AuthorDate: Tue, 24 Jun 2025 14:15:58 Committer: Borislav Petkov (AMD) <bp(a)alien8.de> CommitterDate: Fri, 27 Jun 2025 13:13:36 +02:00 x86/mce/amd: Add default names for MCA banks and blocks Ensure that sysfs init doesn't fail for new/unrecognized bank types or if a bank has additional blocks available. Most MCA banks have a single thresholding block, so the block takes the same name as the bank. Unified Memory Controllers (UMCs) are a special case where there are two blocks and each has a unique name. However, the microarchitecture allows for five blocks. Any new MCA bank types with more than one block will be missing names for the extra blocks. The MCE sysfs will fail to initialize in this case. Fixes: 87a6d4091bd7 ("x86/mce/AMD: Update sysfs bank names for SMCA systems") Signed-off-by: Yazen Ghannam <yazen.ghannam(a)amd.com> Signed-off-by: Borislav Petkov (AMD) <bp(a)alien8.de> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/20250624-wip-mca-updates-v4-3-236dd74f645f@amd.com --- arch/x86/kernel/cpu/mce/amd.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/arch/x86/kernel/cpu/mce/amd.c b/arch/x86/kernel/cpu/mce/amd.c index 9d852c3..6820ebc 100644 --- a/arch/x86/kernel/cpu/mce/amd.c +++ b/arch/x86/kernel/cpu/mce/amd.c @@ -1113,13 +1113,20 @@ static const char *get_name(unsigned int cpu, unsigned int bank, struct threshol } bank_type = smca_get_bank_type(cpu, bank); - if (bank_type >= N_SMCA_BANK_TYPES) - return NULL; if (b && (bank_type == SMCA_UMC || bank_type == SMCA_UMC_V2)) { if (b->block < ARRAY_SIZE(smca_umc_block_names)) return smca_umc_block_names[b->block]; - return NULL; + } + + if (b && b->block) { + snprintf(buf_mcatype, MAX_MCATYPE_NAME_LEN, "th_block_%u", b->block); + return buf_mcatype; + } + + if (bank_type >= N_SMCA_BANK_TYPES) { + snprintf(buf_mcatype, MAX_MCATYPE_NAME_LEN, "th_bank_%u", bank); + return buf_mcatype; } if (per_cpu(smca_bank_counts, cpu)[bank_type] == 1)

4 months, 2 weeks

1
0
0 0

[tip: ras/urgent] x86/mce/amd: Fix threshold limit reset

by tip-bot2 for Yazen Ghannam

The following commit has been merged into the ras/urgent branch of tip: Commit-ID: 5f6e3b720694ad771911f637a51930f511427ce1 Gitweb: https://git.kernel.org/tip/5f6e3b720694ad771911f637a51930f511427ce1 Author: Yazen Ghannam <yazen.ghannam(a)amd.com> AuthorDate: Tue, 24 Jun 2025 14:15:59 Committer: Borislav Petkov (AMD) <bp(a)alien8.de> CommitterDate: Fri, 27 Jun 2025 13:16:23 +02:00 x86/mce/amd: Fix threshold limit reset The MCA threshold limit must be reset after servicing the interrupt. Currently, the restart function doesn't have an explicit check for this. It makes some assumptions based on the current limit and what's in the registers. These assumptions don't always hold, so the limit won't be reset in some cases. Make the reset condition explicit. Either an interrupt/overflow has occurred or the bank is being initialized. Signed-off-by: Yazen Ghannam <yazen.ghannam(a)amd.com> Signed-off-by: Borislav Petkov (AMD) <bp(a)alien8.de> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/20250624-wip-mca-updates-v4-4-236dd74f645f@amd.com --- arch/x86/kernel/cpu/mce/amd.c | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/arch/x86/kernel/cpu/mce/amd.c b/arch/x86/kernel/cpu/mce/amd.c index 6820ebc..5c4eb28 100644 --- a/arch/x86/kernel/cpu/mce/amd.c +++ b/arch/x86/kernel/cpu/mce/amd.c @@ -350,7 +350,6 @@ static void smca_configure(unsigned int bank, unsigned int cpu) struct thresh_restart { struct threshold_block *b; - int reset; int set_lvt_off; int lvt_off; u16 old_limit; @@ -432,13 +431,13 @@ static void threshold_restart_bank(void *_tr) rdmsr(tr->b->address, lo, hi); - if (tr->b->threshold_limit < (hi & THRESHOLD_MAX)) - tr->reset = 1; /* limit cannot be lower than err count */ - - if (tr->reset) { /* reset err count and overflow bit */ - hi = - (hi & ~(MASK_ERR_COUNT_HI | MASK_OVERFLOW_HI)) | - (THRESHOLD_MAX - tr->b->threshold_limit); + /* + * Reset error count and overflow bit. + * This is done during init or after handling an interrupt. + */ + if (hi & MASK_OVERFLOW_HI || tr->set_lvt_off) { + hi &= ~(MASK_ERR_COUNT_HI | MASK_OVERFLOW_HI); + hi |= THRESHOLD_MAX - tr->b->threshold_limit; } else if (tr->old_limit) { /* change limit w/o reset */ int new_count = (hi & THRESHOLD_MAX) + (tr->old_limit - tr->b->threshold_limit);

4 months, 2 weeks

1
0
0 0

[PATCH v2 1/1] mm/rmap: fix potential out-of-bounds page table access during batched unmap

by Lance Yang

From: Lance Yang <lance.yang(a)linux.dev> As pointed out by David[1], the batched unmap logic in try_to_unmap_one() can read past the end of a PTE table if a large folio is mapped starting at the last entry of that table. It would be quite rare in practice, as MADV_FREE typically splits the large folio ;) So let's fix the potential out-of-bounds read by refactoring the logic into a new helper, folio_unmap_pte_batch(). The new helper now correctly calculates the safe number of pages to scan by limiting the operation to the boundaries of the current VMA and the PTE table. In addition, the "all-or-nothing" batching restriction is removed to support partial batches. The reference counting is also cleaned up to use folio_put_refs(). [1] https://lore.kernel.org/linux-mm/a694398c-9f03-4737-81b9-7e49c857fcbe@redha… Fixes: 354dffd29575 ("mm: support batched unmap for lazyfree large folios during reclamation") Cc: <stable(a)vger.kernel.org> Suggested-by: David Hildenbrand <david(a)redhat.com> Suggested-by: Barry Song <baohua(a)kernel.org> Signed-off-by: Lance Yang <lance.yang(a)linux.dev> --- v1 -> v2: - Update subject and changelog (per Barry) - https://lore.kernel.org/linux-mm/20250627025214.30887-1-lance.yang@linux.dev mm/rmap.c | 46 ++++++++++++++++++++++++++++------------------ 1 file changed, 28 insertions(+), 18 deletions(-) diff --git a/mm/rmap.c b/mm/rmap.c index fb63d9256f09..1320b88fab74 100644 --- a/mm/rmap.c +++ b/mm/rmap.c @@ -1845,23 +1845,32 @@ void folio_remove_rmap_pud(struct folio *folio, struct page *page, #endif } -/* We support batch unmapping of PTEs for lazyfree large folios */ -static inline bool can_batch_unmap_folio_ptes(unsigned long addr, - struct folio *folio, pte_t *ptep) +static inline unsigned int folio_unmap_pte_batch(struct folio *folio, + struct page_vma_mapped_walk *pvmw, + enum ttu_flags flags, pte_t pte) { const fpb_t fpb_flags = FPB_IGNORE_DIRTY | FPB_IGNORE_SOFT_DIRTY; - int max_nr = folio_nr_pages(folio); - pte_t pte = ptep_get(ptep); + unsigned long end_addr, addr = pvmw->address; + struct vm_area_struct *vma = pvmw->vma; + unsigned int max_nr; + + if (flags & TTU_HWPOISON) + return 1; + if (!folio_test_large(folio)) + return 1; + /* We may only batch within a single VMA and a single page table. */ + end_addr = pmd_addr_end(addr, vma->vm_end); + max_nr = (end_addr - addr) >> PAGE_SHIFT; + + /* We only support lazyfree batching for now ... */ if (!folio_test_anon(folio) || folio_test_swapbacked(folio)) - return false; + return 1; if (pte_unused(pte)) - return false; - if (pte_pfn(pte) != folio_pfn(folio)) - return false; + return 1; - return folio_pte_batch(folio, addr, ptep, pte, max_nr, fpb_flags, NULL, - NULL, NULL) == max_nr; + return folio_pte_batch(folio, addr, pvmw->pte, pte, max_nr, fpb_flags, + NULL, NULL, NULL); } /* @@ -2024,9 +2033,7 @@ static bool try_to_unmap_one(struct folio *folio, struct vm_area_struct *vma, if (pte_dirty(pteval)) folio_mark_dirty(folio); } else if (likely(pte_present(pteval))) { - if (folio_test_large(folio) && !(flags & TTU_HWPOISON) && - can_batch_unmap_folio_ptes(address, folio, pvmw.pte)) - nr_pages = folio_nr_pages(folio); + nr_pages = folio_unmap_pte_batch(folio, &pvmw, flags, pteval); end_addr = address + nr_pages * PAGE_SIZE; flush_cache_range(vma, address, end_addr); @@ -2206,13 +2213,16 @@ static bool try_to_unmap_one(struct folio *folio, struct vm_area_struct *vma, hugetlb_remove_rmap(folio); } else { folio_remove_rmap_ptes(folio, subpage, nr_pages, vma); - folio_ref_sub(folio, nr_pages - 1); } if (vma->vm_flags & VM_LOCKED) mlock_drain_local(); - folio_put(folio); - /* We have already batched the entire folio */ - if (nr_pages > 1) + folio_put_refs(folio, nr_pages); + + /* + * If we are sure that we batched the entire folio and cleared + * all PTEs, we can just optimize and stop right here. + */ + if (nr_pages == folio_nr_pages(folio)) goto walk_done; continue; walk_abort: -- 2.49.0

4 months, 2 weeks

5
9
0 0

+ mm-shmem-swap-improve-cached-mthp-handling-and-fix-potential-hung.patch added to mm-new branch

by Andrew Morton

The patch titled Subject: mm/shmem, swap: improve cached mTHP handling and fix potential hung has been added to the -mm mm-new branch. Its filename is mm-shmem-swap-improve-cached-mthp-handling-and-fix-potential-hung.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-new branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Note, mm-new is a provisional staging ground for work-in-progress patches, and acceptance into mm-new is a notification for others take notice and to finish up reviews. Please do not hesitate to respond to review feedback and post updated versions to replace or incrementally fixup patches in mm-new. Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Kairui Song <kasong(a)tencent.com> Subject: mm/shmem, swap: improve cached mTHP handling and fix potential hung Date: Fri, 27 Jun 2025 14:20:14 +0800 Patch series "mm/shmem, swap: bugfix and improvement of mTHP swap in", v3. The current mTHP swapin path have some problems. It may potentially hang, may cause redundant faults due to false positive swap cache lookup, and it will involve at least 4 Xarray tree walks (get order, get order again, confirm swap, insert folio). And for !CONFIG_TRANSPARENT_HUGEPAGE builds, it will performs some mTHP related checks. This series fixes all of the mentioned issues, and the code should be more robust and prepared for the swap table series. Now tree walks is reduced to twice (get order & confirm, insert folio) and added more sanity checks and comments. !CONFIG_TRANSPARENT_HUGEPAGE build overhead is also minimized, and comes with a sanity check now. The performance is slightly better after this series, sequential swap in of 24G data from ZRAM, using transparent_hugepage_tmpfs=always (24 samples each): Before: 11.17, Standard Deviation: 0.02 After patch 1: 10.89, Standard Deviation: 0.05 After patch 2: 10.84, Standard Deviation: 0.03 After patch 3: 10.91, Standard Deviation: 0.03 After patch 4: 10.86, Standard Deviation: 0.03 After patch 5: 10.07, Standard Deviation: 0.04 After patch 7: 10.09, Standard Deviation: 0.03 Each patch improves the performance by a little, which is about ~10% faster in total. Build kernel test showed very slightly improvement, testing with make -j24 with defconfig in a 256M memcg also using ZRAM as swap, and transparent_hugepage_tmpfs=always (6 test runs): Before: system time avg: 3911.80s After: system time avg: 3863.76s This patch (of 7): The current swap-in code assumes that, when a swap entry in shmem mapping is order 0, its cached folios (if present) must be order 0 too, which turns out not always correct. The problem is shmem_split_large_entry is called before verifying the folio will eventually be swapped in, one possible race is: CPU1 CPU2 shmem_swapin_folio /* swap in of order > 0 swap entry S1 */ folio = swap_cache_get_folio /* folio = NULL */ order = xa_get_order /* order > 0 */ folio = shmem_swap_alloc_folio /* mTHP alloc failure, folio = NULL */ <... Interrupted ...> shmem_swapin_folio /* S1 is swapped in */ shmem_writeout /* S1 is swapped out, folio cached */ shmem_split_large_entry(..., S1) /* S1 is split, but the folio covering it has order > 0 now */ Now any following swapin of S1 will hang: `xa_get_order` returns 0, and folio lookup will return a folio with order > 0. The `xa_get_order(&mapping->i_pages, index) != folio_order(folio)` will always return false causing swap-in to return -EEXIST. And this looks fragile. So fix this up by allowing seeing a larger folio in swap cache, and check the whole shmem mapping range covered by the swapin have the right swap value upon inserting the folio. And drop the redundant tree walks before the insertion. This will actually improve performance, as it avoids two redundant Xarray tree walks in the hot path, and the only side effect is that in the failure path, shmem may redundantly reallocate a few folios causing temporary slight memory pressure. And worth noting, it may seems the order and value check before inserting might help reducing the lock contention, which is not true. The swap cache layer ensures raced swapin will either see a swap cache folio or failed to do a swapin (we have SWAP_HAS_CACHE bit even if swap cache is bypassed), so holding the folio lock and checking the folio flag is already good enough for avoiding the lock contention. The chance that a folio passes the swap entry value check but the shmem mapping slot has changed should be very low. Link: https://lkml.kernel.org/r/20250627062020.534-2-ryncsn@gmail.com Link: https://lkml.kernel.org/r/20250627062020.534-2-ryncsn@gmail.com Fixes: 809bc86517cc ("mm: shmem: support large folio swap out") Signed-off-by: Kairui Song <kasong(a)tencent.com> Reviewed-by: Kemeng Shi <shikemeng(a)huaweicloud.com> Cc: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: Baoquan He <bhe(a)redhat.com> Cc: Barry Song <baohua(a)kernel.org> Cc: Chris Li <chrisl(a)kernel.org> Cc: Hugh Dickins <hughd(a)google.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Nhat Pham <nphamcs(a)gmail.com> Cc: Dev Jain <dev.jain(a)arm.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/shmem.c | 30 +++++++++++++++++++++--------- 1 file changed, 21 insertions(+), 9 deletions(-) --- a/mm/shmem.c~mm-shmem-swap-improve-cached-mthp-handling-and-fix-potential-hung +++ a/mm/shmem.c @@ -884,7 +884,9 @@ static int shmem_add_to_page_cache(struc pgoff_t index, void *expected, gfp_t gfp) { XA_STATE_ORDER(xas, &mapping->i_pages, index, folio_order(folio)); - long nr = folio_nr_pages(folio); + unsigned long nr = folio_nr_pages(folio); + swp_entry_t iter, swap; + void *entry; VM_BUG_ON_FOLIO(index != round_down(index, nr), folio); VM_BUG_ON_FOLIO(!folio_test_locked(folio), folio); @@ -896,14 +898,24 @@ static int shmem_add_to_page_cache(struc gfp &= GFP_RECLAIM_MASK; folio_throttle_swaprate(folio, gfp); + swap = iter = radix_to_swp_entry(expected); do { xas_lock_irq(&xas); - if (expected != xas_find_conflict(&xas)) { - xas_set_err(&xas, -EEXIST); - goto unlock; + xas_for_each_conflict(&xas, entry) { + /* + * The range must either be empty, or filled with + * expected swap entries. Shmem swap entries are never + * partially freed without split of both entry and + * folio, so there shouldn't be any holes. + */ + if (!expected || entry != swp_to_radix_entry(iter)) { + xas_set_err(&xas, -EEXIST); + goto unlock; + } + iter.val += 1 << xas_get_order(&xas); } - if (expected && xas_find_conflict(&xas)) { + if (expected && iter.val - nr != swap.val) { xas_set_err(&xas, -EEXIST); goto unlock; } @@ -2323,7 +2335,7 @@ static int shmem_swapin_folio(struct ino error = -ENOMEM; goto failed; } - } else if (order != folio_order(folio)) { + } else if (order > folio_order(folio)) { /* * Swap readahead may swap in order 0 folios into swapcache * asynchronously, while the shmem mapping can still stores @@ -2348,15 +2360,15 @@ static int shmem_swapin_folio(struct ino swap = swp_entry(swp_type(swap), swp_offset(swap) + offset); } + } else if (order < folio_order(folio)) { + swap.val = round_down(swap.val, 1 << folio_order(folio)); } alloced: /* We have to do this with folio locked to prevent races */ folio_lock(folio); if ((!skip_swapcache && !folio_test_swapcache(folio)) || - folio->swap.val != swap.val || - !shmem_confirm_swap(mapping, index, swap) || - xa_get_order(&mapping->i_pages, index) != folio_order(folio)) { + folio->swap.val != swap.val) { error = -EEXIST; goto unlock; } _ Patches currently in -mm which might be from kasong(a)tencent.com are mm-list_lru-refactor-the-locking-code.patch mm-shmem-swap-improve-cached-mthp-handling-and-fix-potential-hung.patch mm-shmem-swap-avoid-redundant-xarray-lookup-during-swapin.patch mm-shmem-swap-tidy-up-thp-swapin-checks.patch mm-shmem-swap-clean-up-swap-entry-splitting.patch mm-shmem-swap-never-use-swap-cache-and-readahead-for-swp_synchronous_io.patch mm-shmem-swap-fix-major-fault-counting.patch mm-shmem-swap-avoid-false-positive-swap-cache-lookup.patch

4 months, 2 weeks

1
0
0 0

+ mm-rmap-fix-potential-out-of-bounds-page-table-access-during-batched-unmap.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/rmap: fix potential out-of-bounds page table access during batched unmap has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-rmap-fix-potential-out-of-bounds-page-table-access-during-batched-unmap.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Lance Yang <lance.yang(a)linux.dev> Subject: mm/rmap: fix potential out-of-bounds page table access during batched unmap Date: Fri, 27 Jun 2025 14:23:19 +0800 As pointed out by David[1], the batched unmap logic in try_to_unmap_one() can read past the end of a PTE table if a large folio is mapped starting at the last entry of that table. It would be quite rare in practice, as MADV_FREE typically splits the large folio ;) So let's fix the potential out-of-bounds read by refactoring the logic into a new helper, folio_unmap_pte_batch(). The new helper now correctly calculates the safe number of pages to scan by limiting the operation to the boundaries of the current VMA and the PTE table. In addition, the "all-or-nothing" batching restriction is removed to support partial batches. The reference counting is also cleaned up to use folio_put_refs(). [1] https://lore.kernel.org/linux-mm/a694398c-9f03-4737-81b9-7e49c857fcbe@redha… Link: https://lkml.kernel.org/r/20250627062319.84936-1-lance.yang@linux.dev Fixes: 354dffd29575 ("mm: support batched unmap for lazyfree large folios during reclamation") Signed-off-by: Lance Yang <lance.yang(a)linux.dev> Suggested-by: David Hildenbrand <david(a)redhat.com> Suggested-by: Barry Song <baohua(a)kernel.org> Cc: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: Barry Song <v-songbaohua(a)oppo.com> Cc: Chris Li <chrisl(a)kernel.org> Cc: "Huang, Ying" <huang.ying.caritas(a)gmail.com> Cc: Kairui Song <kasong(a)tencent.com> Cc: Lance Yang <lance.yang(a)linux.dev> Cc: Liam Howlett <liam.howlett(a)oracle.com> Cc: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Cc: Mingzhe Yang <mingzhe.yang(a)ly.com> Cc: Rik van Riel <riel(a)surriel.com> Cc: Ryan Roberts <ryan.roberts(a)arm.com> Cc: Tangquan Zheng <zhengtangquan(a)oppo.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/rmap.c | 46 ++++++++++++++++++++++++++++------------------ 1 file changed, 28 insertions(+), 18 deletions(-) --- a/mm/rmap.c~mm-rmap-fix-potential-out-of-bounds-page-table-access-during-batched-unmap +++ a/mm/rmap.c @@ -1845,23 +1845,32 @@ void folio_remove_rmap_pud(struct folio #endif } -/* We support batch unmapping of PTEs for lazyfree large folios */ -static inline bool can_batch_unmap_folio_ptes(unsigned long addr, - struct folio *folio, pte_t *ptep) +static inline unsigned int folio_unmap_pte_batch(struct folio *folio, + struct page_vma_mapped_walk *pvmw, + enum ttu_flags flags, pte_t pte) { const fpb_t fpb_flags = FPB_IGNORE_DIRTY | FPB_IGNORE_SOFT_DIRTY; - int max_nr = folio_nr_pages(folio); - pte_t pte = ptep_get(ptep); + unsigned long end_addr, addr = pvmw->address; + struct vm_area_struct *vma = pvmw->vma; + unsigned int max_nr; + + if (flags & TTU_HWPOISON) + return 1; + if (!folio_test_large(folio)) + return 1; + + /* We may only batch within a single VMA and a single page table. */ + end_addr = pmd_addr_end(addr, vma->vm_end); + max_nr = (end_addr - addr) >> PAGE_SHIFT; + /* We only support lazyfree batching for now ... */ if (!folio_test_anon(folio) || folio_test_swapbacked(folio)) - return false; + return 1; if (pte_unused(pte)) - return false; - if (pte_pfn(pte) != folio_pfn(folio)) - return false; + return 1; - return folio_pte_batch(folio, addr, ptep, pte, max_nr, fpb_flags, NULL, - NULL, NULL) == max_nr; + return folio_pte_batch(folio, addr, pvmw->pte, pte, max_nr, fpb_flags, + NULL, NULL, NULL); } /* @@ -2024,9 +2033,7 @@ static bool try_to_unmap_one(struct foli if (pte_dirty(pteval)) folio_mark_dirty(folio); } else if (likely(pte_present(pteval))) { - if (folio_test_large(folio) && !(flags & TTU_HWPOISON) && - can_batch_unmap_folio_ptes(address, folio, pvmw.pte)) - nr_pages = folio_nr_pages(folio); + nr_pages = folio_unmap_pte_batch(folio, &pvmw, flags, pteval); end_addr = address + nr_pages * PAGE_SIZE; flush_cache_range(vma, address, end_addr); @@ -2206,13 +2213,16 @@ discard: hugetlb_remove_rmap(folio); } else { folio_remove_rmap_ptes(folio, subpage, nr_pages, vma); - folio_ref_sub(folio, nr_pages - 1); } if (vma->vm_flags & VM_LOCKED) mlock_drain_local(); - folio_put(folio); - /* We have already batched the entire folio */ - if (nr_pages > 1) + folio_put_refs(folio, nr_pages); + + /* + * If we are sure that we batched the entire folio and cleared + * all PTEs, we can just optimize and stop right here. + */ + if (nr_pages == folio_nr_pages(folio)) goto walk_done; continue; walk_abort: _ Patches currently in -mm which might be from lance.yang(a)linux.dev are mm-rmap-fix-potential-out-of-bounds-page-table-access-during-batched-unmap.patch

4 months, 2 weeks

1
0
0 0

[PATCH v1 3/4] mpi3mr: Serialize admin queue BAR writes on 32-bit systems

by Ranjan Kumar

On 32-bit systems, 64-bit BAR writes to admin queue registers are performed as two 32-bit writes. Without locking, this can cause partial writes when accessed concurrently. Updated per-queue spinlocks is used to serialize these writes and prevent race conditions. Fixes: 824a156633df ("scsi: mpi3mr: Base driver code") Cc: stable(a)vger.kernel.org Signed-off-by: Ranjan Kumar <ranjan.kumar(a)broadcom.com> --- drivers/scsi/mpi3mr/mpi3mr.h | 4 ++++ drivers/scsi/mpi3mr/mpi3mr_fw.c | 15 +++++++++++---- drivers/scsi/mpi3mr/mpi3mr_os.c | 2 ++ 3 files changed, 17 insertions(+), 4 deletions(-) diff --git a/drivers/scsi/mpi3mr/mpi3mr.h b/drivers/scsi/mpi3mr/mpi3mr.h index bf272dd69d23..f2201108ea91 100644 --- a/drivers/scsi/mpi3mr/mpi3mr.h +++ b/drivers/scsi/mpi3mr/mpi3mr.h @@ -1137,6 +1137,8 @@ struct scmd_priv { * @logdata_buf: Circular buffer to store log data entries * @logdata_buf_idx: Index of entry in buffer to store * @logdata_entry_sz: log data entry size + * @adm_req_q_bar_writeq_lock: Admin request queue lock + * @adm_reply_q_bar_writeq_lock: Admin reply queue lock * @pend_large_data_sz: Counter to track pending large data * @io_throttle_data_length: I/O size to track in 512b blocks * @io_throttle_high: I/O size to start throttle in 512b blocks @@ -1339,6 +1341,8 @@ struct mpi3mr_ioc { u8 *logdata_buf; u16 logdata_buf_idx; u16 logdata_entry_sz; + spinlock_t adm_req_q_bar_writeq_lock; + spinlock_t adm_reply_q_bar_writeq_lock; atomic_t pend_large_data_sz; u32 io_throttle_data_length; diff --git a/drivers/scsi/mpi3mr/mpi3mr_fw.c b/drivers/scsi/mpi3mr/mpi3mr_fw.c index 8976582946a2..0152d31d430a 100644 --- a/drivers/scsi/mpi3mr/mpi3mr_fw.c +++ b/drivers/scsi/mpi3mr/mpi3mr_fw.c @@ -23,17 +23,22 @@ module_param(poll_queues, int, 0444); MODULE_PARM_DESC(poll_queues, "Number of queues for io_uring poll mode. (Range 1 - 126)"); #if defined(writeq) && defined(CONFIG_64BIT) -static inline void mpi3mr_writeq(__u64 b, void __iomem *addr) +static inline void mpi3mr_writeq(__u64 b, void __iomem *addr, + spinlock_t *write_queue_lock) { writeq(b, addr); } #else -static inline void mpi3mr_writeq(__u64 b, void __iomem *addr) +static inline void mpi3mr_writeq(__u64 b, void __iomem *addr, + spinlock_t *write_queue_lock) { __u64 data_out = b; + unsigned long flags; + spin_lock_irqsave(write_queue_lock, flags); writel((u32)(data_out), addr); writel((u32)(data_out >> 32), (addr + 4)); + spin_unlock_irqrestore(write_queue_lock, flags); } #endif @@ -2954,9 +2959,11 @@ static int mpi3mr_setup_admin_qpair(struct mpi3mr_ioc *mrioc) (mrioc->num_admin_req); writel(num_admin_entries, &mrioc->sysif_regs->admin_queue_num_entries); mpi3mr_writeq(mrioc->admin_req_dma, - &mrioc->sysif_regs->admin_request_queue_address); + &mrioc->sysif_regs->admin_request_queue_address, + &mrioc->adm_req_q_bar_writeq_lock); mpi3mr_writeq(mrioc->admin_reply_dma, - &mrioc->sysif_regs->admin_reply_queue_address); + &mrioc->sysif_regs->admin_reply_queue_address, + &mrioc->adm_reply_q_bar_writeq_lock); writel(mrioc->admin_req_pi, &mrioc->sysif_regs->admin_request_queue_pi); writel(mrioc->admin_reply_ci, &mrioc->sysif_regs->admin_reply_queue_ci); return retval; diff --git a/drivers/scsi/mpi3mr/mpi3mr_os.c b/drivers/scsi/mpi3mr/mpi3mr_os.c index ce444efd859e..0d1c9bbb13b5 100644 --- a/drivers/scsi/mpi3mr/mpi3mr_os.c +++ b/drivers/scsi/mpi3mr/mpi3mr_os.c @@ -5365,6 +5365,8 @@ mpi3mr_probe(struct pci_dev *pdev, const struct pci_device_id *id) spin_lock_init(&mrioc->tgtdev_lock); spin_lock_init(&mrioc->watchdog_lock); spin_lock_init(&mrioc->chain_buf_lock); + spin_lock_init(&mrioc->adm_req_q_bar_writeq_lock); + spin_lock_init(&mrioc->adm_reply_q_bar_writeq_lock); spin_lock_init(&mrioc->sas_node_lock); spin_lock_init(&mrioc->trigger_lock); -- 2.31.1

4 months, 2 weeks

1
0
0 0

[PATCH v1 1/4] mpi3mr: Fix race between config read submit and interrupt completion

by Ranjan Kumar

The "is_waiting" flag was updated after calling complete(), which could lead to a race where the waiting thread wakes up before the flag is cleared, may cause a missed wakeup or stale state check. Reorder the operations to update "is_waiting" before signaling completion to ensure consistent state. Fixes: 824a156633df ("scsi: mpi3mr: Base driver code") Cc: stable(a)vger.kernel.org Signed-off-by: Chandrakanth Patil <chandrakanth.patil(a)broadcom.com> Signed-off-by: Ranjan Kumar <ranjan.kumar(a)broadcom.com> --- drivers/scsi/mpi3mr/mpi3mr_fw.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/scsi/mpi3mr/mpi3mr_fw.c b/drivers/scsi/mpi3mr/mpi3mr_fw.c index 1d7901a8f0e4..0186676698d4 100644 --- a/drivers/scsi/mpi3mr/mpi3mr_fw.c +++ b/drivers/scsi/mpi3mr/mpi3mr_fw.c @@ -428,8 +428,8 @@ static void mpi3mr_process_admin_reply_desc(struct mpi3mr_ioc *mrioc, MPI3MR_SENSE_BUF_SZ); } if (cmdptr->is_waiting) { - complete(&cmdptr->done); cmdptr->is_waiting = 0; + complete(&cmdptr->done); } else if (cmdptr->callback) cmdptr->callback(mrioc, cmdptr); } -- 2.31.1

4 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] io_uring/zcrx: fix area release on registration failure" failed to apply to 6.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.15.y git checkout FETCH_HEAD git cherry-pick -x 0ec33c81d9c7342f03864101ddb2e717a0cce03e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062018-ahead-armory-59ac@gregkh' --subject-prefix 'PATCH 6.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0ec33c81d9c7342f03864101ddb2e717a0cce03e Mon Sep 17 00:00:00 2001 From: Pavel Begunkov <asml.silence(a)gmail.com> Date: Tue, 27 May 2025 18:07:33 +0100 Subject: [PATCH] io_uring/zcrx: fix area release on registration failure On area registration failure there might be no ifq set and it's not safe to access area->ifq in the release path without checking it first. Cc: stable(a)vger.kernel.org Fixes: f12ecf5e1c5ec ("io_uring/zcrx: fix late dma unmap for a dead dev") Signed-off-by: Pavel Begunkov <asml.silence(a)gmail.com> Link: https://lore.kernel.org/r/bc02878678a5fec28bc77d33355cdba735418484.17483656… Signed-off-by: Jens Axboe <axboe(a)kernel.dk> diff --git a/io_uring/zcrx.c b/io_uring/zcrx.c index 0c5b7d8f8d67..21c816c3bfe0 100644 --- a/io_uring/zcrx.c +++ b/io_uring/zcrx.c @@ -366,7 +366,8 @@ static void io_free_rbuf_ring(struct io_zcrx_ifq *ifq) static void io_zcrx_free_area(struct io_zcrx_area *area) { - io_zcrx_unmap_area(area->ifq, area); + if (area->ifq) + io_zcrx_unmap_area(area->ifq, area); io_release_area_mem(&area->mem); kvfree(area->freelist);

4 months, 2 weeks

2
1
0 0

[PATCH v3] Bluetooth: HCI: Set extended advertising data synchronously

by Christian Eggers

Currently, for controllers with extended advertising, the advertising data is set in the asynchronous response handler for extended adverstising params. As most advertising settings are performed in a synchronous context, the (asynchronous) setting of the advertising data is done too late (after enabling the advertising). Move setting of adverstising data from asynchronous response handler into synchronous context to fix ordering of HCI commands. Signed-off-by: Christian Eggers <ceggers(a)arri.de> Fixes: a0fb3726ba55 ("Bluetooth: Use Set ext adv/scan rsp data if controller supports") Cc: stable(a)vger.kernel.org v2: https://lore.kernel.org/linux-bluetooth/20250626115209.17839-1-ceggers@arri… --- v3: refactor: store adv_addr_type/tx_power within hci_set_ext_adv_params_sync() v2: convert setting of adv data into synchronous context (rather than moving more methods into asynchronous response handlers). - hci_set_ext_adv_params_sync: new method - hci_set_ext_adv_data_sync: move within source file (no changes) - hci_set_adv_data_sync: dito - hci_update_adv_data_sync: dito - hci_cc_set_ext_adv_param: remove (performed synchronously now) net/bluetooth/hci_event.c | 36 ------- net/bluetooth/hci_sync.c | 207 ++++++++++++++++++++++++-------------- 2 files changed, 130 insertions(+), 113 deletions(-) diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c index 66052d6aaa1d..4d5ace9d245d 100644 --- a/net/bluetooth/hci_event.c +++ b/net/bluetooth/hci_event.c @@ -2150,40 +2150,6 @@ static u8 hci_cc_set_adv_param(struct hci_dev *hdev, void *data, return rp->status; } -static u8 hci_cc_set_ext_adv_param(struct hci_dev *hdev, void *data, - struct sk_buff *skb) -{ - struct hci_rp_le_set_ext_adv_params *rp = data; - struct hci_cp_le_set_ext_adv_params *cp; - struct adv_info *adv_instance; - - bt_dev_dbg(hdev, "status 0x%2.2x", rp->status); - - if (rp->status) - return rp->status; - - cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_EXT_ADV_PARAMS); - if (!cp) - return rp->status; - - hci_dev_lock(hdev); - hdev->adv_addr_type = cp->own_addr_type; - if (!cp->handle) { - /* Store in hdev for instance 0 */ - hdev->adv_tx_power = rp->tx_power; - } else { - adv_instance = hci_find_adv_instance(hdev, cp->handle); - if (adv_instance) - adv_instance->tx_power = rp->tx_power; - } - /* Update adv data as tx power is known now */ - hci_update_adv_data(hdev, cp->handle); - - hci_dev_unlock(hdev); - - return rp->status; -} - static u8 hci_cc_read_rssi(struct hci_dev *hdev, void *data, struct sk_buff *skb) { @@ -4164,8 +4130,6 @@ static const struct hci_cc { HCI_CC(HCI_OP_LE_READ_NUM_SUPPORTED_ADV_SETS, hci_cc_le_read_num_adv_sets, sizeof(struct hci_rp_le_read_num_supported_adv_sets)), - HCI_CC(HCI_OP_LE_SET_EXT_ADV_PARAMS, hci_cc_set_ext_adv_param, - sizeof(struct hci_rp_le_set_ext_adv_params)), HCI_CC_STATUS(HCI_OP_LE_SET_EXT_ADV_ENABLE, hci_cc_le_set_ext_adv_enable), HCI_CC_STATUS(HCI_OP_LE_SET_ADV_SET_RAND_ADDR, diff --git a/net/bluetooth/hci_sync.c b/net/bluetooth/hci_sync.c index 1f8806dfa556..563614b53485 100644 --- a/net/bluetooth/hci_sync.c +++ b/net/bluetooth/hci_sync.c @@ -1205,9 +1205,126 @@ static int hci_set_adv_set_random_addr_sync(struct hci_dev *hdev, u8 instance, sizeof(cp), &cp, HCI_CMD_TIMEOUT); } +static int +hci_set_ext_adv_params_sync(struct hci_dev *hdev, struct adv_info *adv, + const struct hci_cp_le_set_ext_adv_params *cp, + struct hci_rp_le_set_ext_adv_params *rp) +{ + struct sk_buff *skb; + + skb = __hci_cmd_sync(hdev, HCI_OP_LE_SET_EXT_ADV_PARAMS, sizeof(*cp), + cp, HCI_CMD_TIMEOUT); + + /* If command return a status event, skb will be set to -ENODATA */ + if (skb == ERR_PTR(-ENODATA)) + return 0; + + if (IS_ERR(skb)) { + bt_dev_err(hdev, "Opcode 0x%4.4x failed: %ld", + HCI_OP_LE_SET_EXT_ADV_PARAMS, PTR_ERR(skb)); + return PTR_ERR(skb); + } + + if (skb->len != sizeof(*rp)) { + bt_dev_err(hdev, "Invalid response length for " + "HCI_OP_LE_SET_EXT_ADV_PARAMS: %u", skb->len); + kfree_skb(skb); + return -EIO; + } + + memcpy(rp, skb->data, sizeof(*rp)); + kfree_skb(skb); + + if (!rp->status) { + hdev->adv_addr_type = cp->own_addr_type; + if (!cp->handle) { + /* Store in hdev for instance 0 */ + hdev->adv_tx_power = rp->tx_power; + } else if (adv) { + adv->tx_power = rp->tx_power; + } + } + + return rp->status; +} + +static int hci_set_ext_adv_data_sync(struct hci_dev *hdev, u8 instance) +{ + DEFINE_FLEX(struct hci_cp_le_set_ext_adv_data, pdu, data, length, + HCI_MAX_EXT_AD_LENGTH); + u8 len; + struct adv_info *adv = NULL; + int err; + + if (instance) { + adv = hci_find_adv_instance(hdev, instance); + if (!adv || !adv->adv_data_changed) + return 0; + } + + len = eir_create_adv_data(hdev, instance, pdu->data, + HCI_MAX_EXT_AD_LENGTH); + + pdu->length = len; + pdu->handle = adv ? adv->handle : instance; + pdu->operation = LE_SET_ADV_DATA_OP_COMPLETE; + pdu->frag_pref = LE_SET_ADV_DATA_NO_FRAG; + + err = __hci_cmd_sync_status(hdev, HCI_OP_LE_SET_EXT_ADV_DATA, + struct_size(pdu, data, len), pdu, + HCI_CMD_TIMEOUT); + if (err) + return err; + + /* Update data if the command succeed */ + if (adv) { + adv->adv_data_changed = false; + } else { + memcpy(hdev->adv_data, pdu->data, len); + hdev->adv_data_len = len; + } + + return 0; +} + +static int hci_set_adv_data_sync(struct hci_dev *hdev, u8 instance) +{ + struct hci_cp_le_set_adv_data cp; + u8 len; + + memset(&cp, 0, sizeof(cp)); + + len = eir_create_adv_data(hdev, instance, cp.data, sizeof(cp.data)); + + /* There's nothing to do if the data hasn't changed */ + if (hdev->adv_data_len == len && + memcmp(cp.data, hdev->adv_data, len) == 0) + return 0; + + memcpy(hdev->adv_data, cp.data, sizeof(cp.data)); + hdev->adv_data_len = len; + + cp.length = len; + + return __hci_cmd_sync_status(hdev, HCI_OP_LE_SET_ADV_DATA, + sizeof(cp), &cp, HCI_CMD_TIMEOUT); +} + +int hci_update_adv_data_sync(struct hci_dev *hdev, u8 instance) +{ + if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED)) + return 0; + + if (ext_adv_capable(hdev)) + return hci_set_ext_adv_data_sync(hdev, instance); + + return hci_set_adv_data_sync(hdev, instance); +} + int hci_setup_ext_adv_instance_sync(struct hci_dev *hdev, u8 instance) { struct hci_cp_le_set_ext_adv_params cp; + struct hci_rp_le_set_ext_adv_params rp; bool connectable; u32 flags; bdaddr_t random_addr; @@ -1316,8 +1433,12 @@ int hci_setup_ext_adv_instance_sync(struct hci_dev *hdev, u8 instance) cp.secondary_phy = HCI_ADV_PHY_1M; } - err = __hci_cmd_sync_status(hdev, HCI_OP_LE_SET_EXT_ADV_PARAMS, - sizeof(cp), &cp, HCI_CMD_TIMEOUT); + err = hci_set_ext_adv_params_sync(hdev, adv, &cp, &rp); + if (err) + return err; + + /* Update adv data as tx power is known now */ + err = hci_set_ext_adv_data_sync(hdev, cp.handle); if (err) return err; @@ -1822,79 +1943,6 @@ int hci_le_terminate_big_sync(struct hci_dev *hdev, u8 handle, u8 reason) sizeof(cp), &cp, HCI_CMD_TIMEOUT); } -static int hci_set_ext_adv_data_sync(struct hci_dev *hdev, u8 instance) -{ - DEFINE_FLEX(struct hci_cp_le_set_ext_adv_data, pdu, data, length, - HCI_MAX_EXT_AD_LENGTH); - u8 len; - struct adv_info *adv = NULL; - int err; - - if (instance) { - adv = hci_find_adv_instance(hdev, instance); - if (!adv || !adv->adv_data_changed) - return 0; - } - - len = eir_create_adv_data(hdev, instance, pdu->data, - HCI_MAX_EXT_AD_LENGTH); - - pdu->length = len; - pdu->handle = adv ? adv->handle : instance; - pdu->operation = LE_SET_ADV_DATA_OP_COMPLETE; - pdu->frag_pref = LE_SET_ADV_DATA_NO_FRAG; - - err = __hci_cmd_sync_status(hdev, HCI_OP_LE_SET_EXT_ADV_DATA, - struct_size(pdu, data, len), pdu, - HCI_CMD_TIMEOUT); - if (err) - return err; - - /* Update data if the command succeed */ - if (adv) { - adv->adv_data_changed = false; - } else { - memcpy(hdev->adv_data, pdu->data, len); - hdev->adv_data_len = len; - } - - return 0; -} - -static int hci_set_adv_data_sync(struct hci_dev *hdev, u8 instance) -{ - struct hci_cp_le_set_adv_data cp; - u8 len; - - memset(&cp, 0, sizeof(cp)); - - len = eir_create_adv_data(hdev, instance, cp.data, sizeof(cp.data)); - - /* There's nothing to do if the data hasn't changed */ - if (hdev->adv_data_len == len && - memcmp(cp.data, hdev->adv_data, len) == 0) - return 0; - - memcpy(hdev->adv_data, cp.data, sizeof(cp.data)); - hdev->adv_data_len = len; - - cp.length = len; - - return __hci_cmd_sync_status(hdev, HCI_OP_LE_SET_ADV_DATA, - sizeof(cp), &cp, HCI_CMD_TIMEOUT); -} - -int hci_update_adv_data_sync(struct hci_dev *hdev, u8 instance) -{ - if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED)) - return 0; - - if (ext_adv_capable(hdev)) - return hci_set_ext_adv_data_sync(hdev, instance); - - return hci_set_adv_data_sync(hdev, instance); -} - int hci_schedule_adv_instance_sync(struct hci_dev *hdev, u8 instance, bool force) { @@ -6269,6 +6317,7 @@ static int hci_le_ext_directed_advertising_sync(struct hci_dev *hdev, struct hci_conn *conn) { struct hci_cp_le_set_ext_adv_params cp; + struct hci_rp_le_set_ext_adv_params rp; int err; bdaddr_t random_addr; u8 own_addr_type; @@ -6310,8 +6359,12 @@ static int hci_le_ext_directed_advertising_sync(struct hci_dev *hdev, if (err) return err; - err = __hci_cmd_sync_status(hdev, HCI_OP_LE_SET_EXT_ADV_PARAMS, - sizeof(cp), &cp, HCI_CMD_TIMEOUT); + err = hci_set_ext_adv_params_sync(hdev, NULL, &cp, &rp); + if (err) + return err; + + /* Update adv data as tx power is known now */ + err = hci_set_ext_adv_data_sync(hdev, cp.handle); if (err) return err; -- 2.44.1

4 months, 2 weeks

2
2
0 0

[PATCH 4/4] xhci: dbc: Flush queued requests before stopping dbc

by Mathias Nyman

Flush dbc requests when dbc is stopped and transfer rings are freed. Failure to flush them lead to leaking memory and dbc completing odd requests after resuming from suspend, leading to error messages such as: [ 95.344392] xhci_hcd 0000:00:0d.0: no matched request Cc: stable(a)vger.kernel.org Fixes: dfba2174dc42 ("usb: xhci: Add DbC support in xHCI driver") Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com> --- drivers/usb/host/xhci-dbgcap.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/usb/host/xhci-dbgcap.c b/drivers/usb/host/xhci-dbgcap.c index 0d4ce5734165..06a2edb9e86e 100644 --- a/drivers/usb/host/xhci-dbgcap.c +++ b/drivers/usb/host/xhci-dbgcap.c @@ -652,6 +652,10 @@ static void xhci_dbc_stop(struct xhci_dbc *dbc) case DS_DISABLED: return; case DS_CONFIGURED: + spin_lock(&dbc->lock); + xhci_dbc_flush_requests(dbc); + spin_unlock(&dbc->lock); + if (dbc->driver->disconnect) dbc->driver->disconnect(dbc); break; -- 2.43.0

4 months, 2 weeks

1
0
0 0

[PATCH 3/4] xhci: dbctty: disable ECHO flag by default

by Mathias Nyman

From: Łukasz Bartosik <ukaszb(a)chromium.org> When /dev/ttyDBC0 device is created then by default ECHO flag is set for the terminal device. However if data arrives from a peer before application using /dev/ttyDBC0 applies its set of terminal flags then the arriving data will be echoed which might not be desired behavior. Fixes: 4521f1613940 ("xhci: dbctty: split dbc tty driver registration and unregistration functions.") Cc: stable(a)vger.kernel.org Signed-off-by: Łukasz Bartosik <ukaszb(a)chromium.org> Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com> --- drivers/usb/host/xhci-dbgtty.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/usb/host/xhci-dbgtty.c b/drivers/usb/host/xhci-dbgtty.c index 60ed753c85bb..d894081d8d15 100644 --- a/drivers/usb/host/xhci-dbgtty.c +++ b/drivers/usb/host/xhci-dbgtty.c @@ -617,6 +617,7 @@ int dbc_tty_init(void) dbc_tty_driver->type = TTY_DRIVER_TYPE_SERIAL; dbc_tty_driver->subtype = SERIAL_TYPE_NORMAL; dbc_tty_driver->init_termios = tty_std_termios; + dbc_tty_driver->init_termios.c_lflag &= ~ECHO; dbc_tty_driver->init_termios.c_cflag = B9600 | CS8 | CREAD | HUPCL | CLOCAL; dbc_tty_driver->init_termios.c_ispeed = 9600; -- 2.43.0

4 months, 2 weeks

1
0
0 0

[PATCH 2/4] xhci: Disable stream for xHC controller with XHCI_BROKEN_STREAMS

by Mathias Nyman

From: Hongyu Xie <xiehongyu1(a)kylinos.cn> Disable stream for platform xHC controller with broken stream. Fixes: 14aec589327a6 ("storage: accept some UAS devices if streams are unavailable") Cc: stable(a)vger.kernel.org # 5.4 Signed-off-by: Hongyu Xie <xiehongyu1(a)kylinos.cn> Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com> --- drivers/usb/host/xhci-plat.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/usb/host/xhci-plat.c b/drivers/usb/host/xhci-plat.c index 6dab142e7278..c79d5ed48a08 100644 --- a/drivers/usb/host/xhci-plat.c +++ b/drivers/usb/host/xhci-plat.c @@ -328,7 +328,8 @@ int xhci_plat_probe(struct platform_device *pdev, struct device *sysdev, const s } usb3_hcd = xhci_get_usb3_hcd(xhci); - if (usb3_hcd && HCC_MAX_PSA(xhci->hcc_params) >= 4) + if (usb3_hcd && HCC_MAX_PSA(xhci->hcc_params) >= 4 && + !(xhci->quirks & XHCI_BROKEN_STREAMS)) usb3_hcd->can_do_streams = 1; if (xhci->shared_hcd) { -- 2.43.0

4 months, 2 weeks

1
0
0 0

[PATCH 1/4] usb: xhci: quirk for data loss in ISOC transfers

by Mathias Nyman

From: Raju Rangoju <Raju.Rangoju(a)amd.com> During the High-Speed Isochronous Audio transfers, xHCI controller on certain AMD platforms experiences momentary data loss. This results in Missed Service Errors (MSE) being generated by the xHCI. The root cause of the MSE is attributed to the ISOC OUT endpoint being omitted from scheduling. This can happen when an IN endpoint with a 64ms service interval either is pre-scheduled prior to the ISOC OUT endpoint or the interval of the ISOC OUT endpoint is shorter than that of the IN endpoint. Consequently, the OUT service is neglected when an IN endpoint with a service interval exceeding 32ms is scheduled concurrently (every 64ms in this scenario). This issue is particularly seen on certain older AMD platforms. To mitigate this problem, it is recommended to adjust the service interval of the IN endpoint to not exceed 32ms (interval 8). This adjustment ensures that the OUT endpoint will not be bypassed, even if a smaller interval value is utilized. Cc: stable(a)vger.kernel.org Signed-off-by: Raju Rangoju <Raju.Rangoju(a)amd.com> Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com> --- drivers/usb/host/xhci-mem.c | 4 ++++ drivers/usb/host/xhci-pci.c | 25 +++++++++++++++++++++++++ drivers/usb/host/xhci.h | 1 + 3 files changed, 30 insertions(+) diff --git a/drivers/usb/host/xhci-mem.c b/drivers/usb/host/xhci-mem.c index bd745a0f2f78..6680afa4f596 100644 --- a/drivers/usb/host/xhci-mem.c +++ b/drivers/usb/host/xhci-mem.c @@ -1449,6 +1449,10 @@ int xhci_endpoint_init(struct xhci_hcd *xhci, /* Periodic endpoint bInterval limit quirk */ if (usb_endpoint_xfer_int(&ep->desc) || usb_endpoint_xfer_isoc(&ep->desc)) { + if ((xhci->quirks & XHCI_LIMIT_ENDPOINT_INTERVAL_9) && + interval >= 9) { + interval = 8; + } if ((xhci->quirks & XHCI_LIMIT_ENDPOINT_INTERVAL_7) && udev->speed >= USB_SPEED_HIGH && interval >= 7) { diff --git a/drivers/usb/host/xhci-pci.c b/drivers/usb/host/xhci-pci.c index 0c481cbc8f08..00fac8b233d2 100644 --- a/drivers/usb/host/xhci-pci.c +++ b/drivers/usb/host/xhci-pci.c @@ -71,12 +71,22 @@ #define PCI_DEVICE_ID_INTEL_TITAN_RIDGE_4C_XHCI 0x15ec #define PCI_DEVICE_ID_INTEL_TITAN_RIDGE_DD_XHCI 0x15f0 +#define PCI_DEVICE_ID_AMD_ARIEL_TYPEC_XHCI 0x13ed +#define PCI_DEVICE_ID_AMD_ARIEL_TYPEA_XHCI 0x13ee +#define PCI_DEVICE_ID_AMD_STARSHIP_XHCI 0x148c +#define PCI_DEVICE_ID_AMD_FIREFLIGHT_15D4_XHCI 0x15d4 +#define PCI_DEVICE_ID_AMD_FIREFLIGHT_15D5_XHCI 0x15d5 +#define PCI_DEVICE_ID_AMD_RAVEN_15E0_XHCI 0x15e0 +#define PCI_DEVICE_ID_AMD_RAVEN_15E1_XHCI 0x15e1 +#define PCI_DEVICE_ID_AMD_RAVEN2_XHCI 0x15e5 #define PCI_DEVICE_ID_AMD_RENOIR_XHCI 0x1639 #define PCI_DEVICE_ID_AMD_PROMONTORYA_4 0x43b9 #define PCI_DEVICE_ID_AMD_PROMONTORYA_3 0x43ba #define PCI_DEVICE_ID_AMD_PROMONTORYA_2 0x43bb #define PCI_DEVICE_ID_AMD_PROMONTORYA_1 0x43bc +#define PCI_DEVICE_ID_ATI_NAVI10_7316_XHCI 0x7316 + #define PCI_DEVICE_ID_ASMEDIA_1042_XHCI 0x1042 #define PCI_DEVICE_ID_ASMEDIA_1042A_XHCI 0x1142 #define PCI_DEVICE_ID_ASMEDIA_1142_XHCI 0x1242 @@ -280,6 +290,21 @@ static void xhci_pci_quirks(struct device *dev, struct xhci_hcd *xhci) if (pdev->vendor == PCI_VENDOR_ID_NEC) xhci->quirks |= XHCI_NEC_HOST; + if (pdev->vendor == PCI_VENDOR_ID_AMD && + (pdev->device == PCI_DEVICE_ID_AMD_ARIEL_TYPEC_XHCI || + pdev->device == PCI_DEVICE_ID_AMD_ARIEL_TYPEA_XHCI || + pdev->device == PCI_DEVICE_ID_AMD_STARSHIP_XHCI || + pdev->device == PCI_DEVICE_ID_AMD_FIREFLIGHT_15D4_XHCI || + pdev->device == PCI_DEVICE_ID_AMD_FIREFLIGHT_15D5_XHCI || + pdev->device == PCI_DEVICE_ID_AMD_RAVEN_15E0_XHCI || + pdev->device == PCI_DEVICE_ID_AMD_RAVEN_15E1_XHCI || + pdev->device == PCI_DEVICE_ID_AMD_RAVEN2_XHCI)) + xhci->quirks |= XHCI_LIMIT_ENDPOINT_INTERVAL_9; + + if (pdev->vendor == PCI_VENDOR_ID_ATI && + pdev->device == PCI_DEVICE_ID_ATI_NAVI10_7316_XHCI) + xhci->quirks |= XHCI_LIMIT_ENDPOINT_INTERVAL_9; + if (pdev->vendor == PCI_VENDOR_ID_AMD && xhci->hci_version == 0x96) xhci->quirks |= XHCI_AMD_0x96_HOST; diff --git a/drivers/usb/host/xhci.h b/drivers/usb/host/xhci.h index fa1ea0e0c7fb..a20f4e7cd43a 100644 --- a/drivers/usb/host/xhci.h +++ b/drivers/usb/host/xhci.h @@ -1643,6 +1643,7 @@ struct xhci_hcd { #define XHCI_WRITE_64_HI_LO BIT_ULL(47) #define XHCI_CDNS_SCTX_QUIRK BIT_ULL(48) #define XHCI_ETRON_HOST BIT_ULL(49) +#define XHCI_LIMIT_ENDPOINT_INTERVAL_9 BIT_ULL(50) unsigned int num_active_eps; unsigned int limit_active_eps; -- 2.43.0

4 months, 2 weeks

1
0
0 0

Re: [PATCH v5] virtio_blk: Fix disk deletion hang on device surprise removal

by Stefan Hajnoczi

On Mon, Jun 02, 2025 at 02:44:33AM +0000, Parav Pandit wrote: > When the PCI device is surprise removed, requests may not complete > the device as the VQ is marked as broken. Due to this, the disk > deletion hangs. There are loops in the core virtio driver code that expect device register reads to eventually return 0: drivers/virtio/virtio_pci_modern.c:vp_reset() drivers/virtio/virtio_pci_modern_dev.c:vp_modern_set_queue_reset() Is there a hang if these loops are hit when a device has been surprise removed? I'm trying to understand whether surprise removal is fully supported or whether this patch is one step in that direction. Apart from that, I'm happy with the virtio_blk.c aspects of the patch: Reviewed-by: Stefan Hajnoczi <stefanha(a)redhat.com> > > Fix it by aborting the requests when the VQ is broken. > > With this fix now fio completes swiftly. > An alternative of IO timeout has been considered, however > when the driver knows about unresponsive block device, swiftly clearing > them enables users and upper layers to react quickly. > > Verified with multiple device unplug iterations with pending requests in > virtio used ring and some pending with the device. > > Fixes: 43bb40c5b926 ("virtio_pci: Support surprise removal of virtio pci device") > Cc: stable(a)vger.kernel.org > Reported-by: Li RongQing <lirongqing(a)baidu.com> > Closes: https://lore.kernel.org/virtualization/c45dd68698cd47238c55fb73ca9b4741@bai… > Reviewed-by: Max Gurtovoy <mgurtovoy(a)nvidia.com> > Reviewed-by: Israel Rukshin <israelr(a)nvidia.com> > Signed-off-by: Parav Pandit <parav(a)nvidia.com> > > --- > v4->v5: > - fixed comment style where comment to start with one empty line at start > - Addressed comments from Alok > - fixed typo in broken vq check > v3->v4: > - Addressed comments from Michael > - renamed virtblk_request_cancel() to > virtblk_complete_request_with_ioerr() > - Added comments for virtblk_complete_request_with_ioerr() > - Renamed virtblk_broken_device_cleanup() to > virtblk_cleanup_broken_device() > - Added comments for virtblk_cleanup_broken_device() > - Moved the broken vq check in virtblk_remove() > - Fixed comment style to have first empty line > - replaced freezed to frozen > - Fixed comments rephrased > > v2->v3: > - Addressed comments from Michael > - updated comment for synchronizing with callbacks > > v1->v2: > - Addressed comments from Stephan > - fixed spelling to 'waiting' > - Addressed comments from Michael > - Dropped checking broken vq from queue_rq() and queue_rqs() > because it is checked in lower layer routines in virtio core > > v0->v1: > - Fixed comments from Stefan to rename a cleanup function > - Improved logic for handling any outstanding requests > in bio layer > - improved cancel callback to sync with ongoing done() > --- > drivers/block/virtio_blk.c | 95 ++++++++++++++++++++++++++++++++++++++ > 1 file changed, 95 insertions(+) > > diff --git a/drivers/block/virtio_blk.c b/drivers/block/virtio_blk.c > index 7cffea01d868..c5e383c0ac48 100644 > --- a/drivers/block/virtio_blk.c > +++ b/drivers/block/virtio_blk.c > @@ -1554,6 +1554,98 @@ static int virtblk_probe(struct virtio_device *vdev) > return err; > } > > +/* > + * If the vq is broken, device will not complete requests. > + * So we do it for the device. > + */ > +static bool virtblk_complete_request_with_ioerr(struct request *rq, void *data) > +{ > + struct virtblk_req *vbr = blk_mq_rq_to_pdu(rq); > + struct virtio_blk *vblk = data; > + struct virtio_blk_vq *vq; > + unsigned long flags; > + > + vq = &vblk->vqs[rq->mq_hctx->queue_num]; > + > + spin_lock_irqsave(&vq->lock, flags); > + > + vbr->in_hdr.status = VIRTIO_BLK_S_IOERR; > + if (blk_mq_request_started(rq) && !blk_mq_request_completed(rq)) > + blk_mq_complete_request(rq); > + > + spin_unlock_irqrestore(&vq->lock, flags); > + return true; > +} > + > +/* > + * If the device is broken, it will not use any buffers and waiting > + * for that to happen is pointless. We'll do the cleanup in the driver, > + * completing all requests for the device. > + */ > +static void virtblk_cleanup_broken_device(struct virtio_blk *vblk) > +{ > + struct request_queue *q = vblk->disk->queue; > + > + /* > + * Start freezing the queue, so that new requests keeps waiting at the > + * door of bio_queue_enter(). We cannot fully freeze the queue because > + * frozen queue is an empty queue and there are pending requests, so > + * only start freezing it. > + */ > + blk_freeze_queue_start(q); > + > + /* > + * When quiescing completes, all ongoing dispatches have completed > + * and no new dispatch will happen towards the driver. > + */ > + blk_mq_quiesce_queue(q); > + > + /* > + * Synchronize with any ongoing VQ callbacks that may have started > + * before the VQs were marked as broken. Any outstanding requests > + * will be completed by virtblk_complete_request_with_ioerr(). > + */ > + virtio_synchronize_cbs(vblk->vdev); > + > + /* > + * At this point, no new requests can enter the queue_rq() and > + * completion routine will not complete any new requests either for the > + * broken vq. Hence, it is safe to cancel all requests which are > + * started. > + */ > + blk_mq_tagset_busy_iter(&vblk->tag_set, > + virtblk_complete_request_with_ioerr, vblk); > + blk_mq_tagset_wait_completed_request(&vblk->tag_set); > + > + /* > + * All pending requests are cleaned up. Time to resume so that disk > + * deletion can be smooth. Start the HW queues so that when queue is > + * unquiesced requests can again enter the driver. > + */ > + blk_mq_start_stopped_hw_queues(q, true); > + > + /* > + * Unquiescing will trigger dispatching any pending requests to the > + * driver which has crossed bio_queue_enter() to the driver. > + */ > + blk_mq_unquiesce_queue(q); > + > + /* > + * Wait for all pending dispatches to terminate which may have been > + * initiated after unquiescing. > + */ > + blk_mq_freeze_queue_wait(q); > + > + /* > + * Mark the disk dead so that once we unfreeze the queue, requests > + * waiting at the door of bio_queue_enter() can be aborted right away. > + */ > + blk_mark_disk_dead(vblk->disk); > + > + /* Unfreeze the queue so that any waiting requests will be aborted. */ > + blk_mq_unfreeze_queue_nomemrestore(q); > +} > + > static void virtblk_remove(struct virtio_device *vdev) > { > struct virtio_blk *vblk = vdev->priv; > @@ -1561,6 +1653,9 @@ static void virtblk_remove(struct virtio_device *vdev) > /* Make sure no work handler is accessing the device. */ > flush_work(&vblk->config_work); > > + if (virtqueue_is_broken(vblk->vqs[0].vq)) > + virtblk_cleanup_broken_device(vblk); > + > del_gendisk(vblk->disk); > blk_mq_free_tag_set(&vblk->tag_set); > > -- > 2.34.1 >

4 months, 2 weeks

4
20
0 0

[PATCH v3 0/3] Samsung Exynos 7870 DECON driver support

by Kaustabh Chakraborty

This patch series aims at adding support for Exynos7870's DECON in the Exynos7 DECON driver. It introduces a driver data struct so that support for DECON on other SoCs can be added to it in the future. It also fixes a few bugs in the driver, such as functions receiving bad pointers. Tested on Samsung Galaxy J7 Prime (samsung-on7xelte), Samsung Galaxy A2 Core (samsung-a2corelte), and Samsung Galaxy J6 (samsung-j6lte). Signed-off-by: Kaustabh Chakraborty <kauschluss(a)disroot.org> --- Changes in v3: - Add a new commit documenting iommus and ports dt properties. - Link to v2: https://lore.kernel.org/r/20250612-exynosdrm-decon-v2-0-d6c1d21c8057@disroo… Changes in v2: - Add a new commit to prevent an occasional panic under circumstances. - Rewrite and redo [v1 2/6] to be a more sensible commit. - Link to v1: https://lore.kernel.org/r/20240919-exynosdrm-decon-v1-0-6c5861c1cb04@disroo… --- Kaustabh Chakraborty (3): dt-bindings: display: samsung,exynos7-decon: add properties for iommus and ports drm/exynos: exynos7_drm_decon: fix call of decon_commit() drm/exynos: exynos7_drm_decon: add vblank check in IRQ handling .../bindings/display/samsung/samsung,exynos7-decon.yaml | 8 ++++++++ drivers/gpu/drm/exynos/exynos7_drm_decon.c | 8 ++++++-- 2 files changed, 14 insertions(+), 2 deletions(-) --- base-commit: 1b152eeca84a02bdb648f16b82ef3394007a9dcf change-id: 20240917-exynosdrm-decon-4c228dd1d2bf Best regards, -- Kaustabh Chakraborty <kauschluss(a)disroot.org>

4 months, 2 weeks

2
5
0 0

[PATCH] drm/gem: Acquire references on GEM handles for framebuffers

by Thomas Zimmermann

A GEM handle can be released while the GEM buffer object is attached to a DRM framebuffer. This leads to the release of the dma-buf backing the buffer object, if any. [1] Trying to use the framebuffer in further mode-setting operations leads to a segmentation fault. Most easily happens with driver that use shadow planes for vmap-ing the dma-buf during a page flip. An example is shown below. [ 156.791968] ------------[ cut here ]------------ [ 156.796830] WARNING: CPU: 2 PID: 2255 at drivers/dma-buf/dma-buf.c:1527 dma_buf_vmap+0x224/0x430 [...] [ 156.942028] RIP: 0010:dma_buf_vmap+0x224/0x430 [ 157.043420] Call Trace: [ 157.045898] <TASK> [ 157.048030] ? show_trace_log_lvl+0x1af/0x2c0 [ 157.052436] ? show_trace_log_lvl+0x1af/0x2c0 [ 157.056836] ? show_trace_log_lvl+0x1af/0x2c0 [ 157.061253] ? drm_gem_shmem_vmap+0x74/0x710 [ 157.065567] ? dma_buf_vmap+0x224/0x430 [ 157.069446] ? __warn.cold+0x58/0xe4 [ 157.073061] ? dma_buf_vmap+0x224/0x430 [ 157.077111] ? report_bug+0x1dd/0x390 [ 157.080842] ? handle_bug+0x5e/0xa0 [ 157.084389] ? exc_invalid_op+0x14/0x50 [ 157.088291] ? asm_exc_invalid_op+0x16/0x20 [ 157.092548] ? dma_buf_vmap+0x224/0x430 [ 157.096663] ? dma_resv_get_singleton+0x6d/0x230 [ 157.101341] ? __pfx_dma_buf_vmap+0x10/0x10 [ 157.105588] ? __pfx_dma_resv_get_singleton+0x10/0x10 [ 157.110697] drm_gem_shmem_vmap+0x74/0x710 [ 157.114866] drm_gem_vmap+0xa9/0x1b0 [ 157.118763] drm_gem_vmap_unlocked+0x46/0xa0 [ 157.123086] drm_gem_fb_vmap+0xab/0x300 [ 157.126979] drm_atomic_helper_prepare_planes.part.0+0x487/0xb10 [ 157.133032] ? lockdep_init_map_type+0x19d/0x880 [ 157.137701] drm_atomic_helper_commit+0x13d/0x2e0 [ 157.142671] ? drm_atomic_nonblocking_commit+0xa0/0x180 [ 157.147988] drm_mode_atomic_ioctl+0x766/0xe40 [...] [ 157.346424] ---[ end trace 0000000000000000 ]--- Acquiring GEM handles for the framebuffer's GEM buffer objects prevents this from happening. The framebuffer's cleanup later puts the handle references. The Fixes tag points to commit 1a148af06000 ("drm/gem-shmem: Use dma_buf from GEM object instance"), which triggers the segmentation fault. The issue has been present before. Suggested-by: Christian König <christian.koenig(a)amd.com> Signed-off-by: Thomas Zimmermann <tzimmermann(a)suse.de> Fixes: 1a148af06000 ("drm/gem-shmem: Use dma_buf from GEM object instance") Cc: Thomas Zimmermann <tzimmermann(a)suse.de> Cc: Anusha Srivatsa <asrivats(a)redhat.com> Cc: Christian König <christian.koenig(a)amd.com> Cc: Maarten Lankhorst <maarten.lankhorst(a)linux.intel.com> Cc: Maxime Ripard <mripard(a)kernel.org> Cc: Sumit Semwal <sumit.semwal(a)linaro.org> Cc: "Christian König" <christian.koenig(a)amd.com> Cc: linux-media(a)vger.kernel.org Cc: dri-devel(a)lists.freedesktop.org Cc: linaro-mm-sig(a)lists.linaro.org Cc: <stable(a)vger.kernel.org> --- drivers/gpu/drm/drm_gem.c | 44 ++++++++++++++++++-- drivers/gpu/drm/drm_gem_framebuffer_helper.c | 7 +++- drivers/gpu/drm/drm_internal.h | 2 + 3 files changed, 48 insertions(+), 5 deletions(-) diff --git a/drivers/gpu/drm/drm_gem.c b/drivers/gpu/drm/drm_gem.c index 19d50d254fe6..8be50b3cc9c2 100644 --- a/drivers/gpu/drm/drm_gem.c +++ b/drivers/gpu/drm/drm_gem.c @@ -213,6 +213,35 @@ void drm_gem_private_object_fini(struct drm_gem_object *obj) } EXPORT_SYMBOL(drm_gem_private_object_fini); +static void drm_gem_object_handle_get(struct drm_gem_object *obj) +{ + struct drm_device *dev = obj->dev; + + drm_WARN_ON(dev, !mutex_is_locked(&dev->object_name_lock)); + + if (obj->handle_count++ == 0) + drm_gem_object_get(obj); +} + +/** + * drm_gem_object_handle_get_unlocked - acquire reference on user-space handles + * @obj: GEM object + * + * Acquires a reference on the GEM buffer object's handle. Required + * to keep the GEM object alive. Call drm_gem_object_handle_put_unlocked() + * to release the reference. + */ +void drm_gem_object_handle_get_unlocked(struct drm_gem_object *obj) +{ + struct drm_device *dev = obj->dev; + + guard(mutex)(&dev->object_name_lock); + + drm_WARN_ON(dev, !obj->handle_count); // first ref taken in create-tail helper + drm_gem_object_handle_get(obj); +} +EXPORT_SYMBOL(drm_gem_object_handle_get_unlocked); + /** * drm_gem_object_handle_free - release resources bound to userspace handles * @obj: GEM object to clean up. @@ -243,8 +272,14 @@ static void drm_gem_object_exported_dma_buf_free(struct drm_gem_object *obj) } } -static void -drm_gem_object_handle_put_unlocked(struct drm_gem_object *obj) +/** + * drm_gem_object_handle_put_unlocked - releases reference on user-space handles + * @obj: GEM object + * + * Releases a reference on the GEM buffer object's handle. Possibly releases + * the GEM buffer object and associated dma-buf objects. + */ +void drm_gem_object_handle_put_unlocked(struct drm_gem_object *obj) { struct drm_device *dev = obj->dev; bool final = false; @@ -269,6 +304,7 @@ drm_gem_object_handle_put_unlocked(struct drm_gem_object *obj) if (final) drm_gem_object_put(obj); } +EXPORT_SYMBOL(drm_gem_object_handle_put_unlocked); /* * Called at device or object close to release the file's @@ -390,8 +426,8 @@ drm_gem_handle_create_tail(struct drm_file *file_priv, int ret; WARN_ON(!mutex_is_locked(&dev->object_name_lock)); - if (obj->handle_count++ == 0) - drm_gem_object_get(obj); + + drm_gem_object_handle_get(obj); /* * Get the user-visible handle using idr. Preload and perform diff --git a/drivers/gpu/drm/drm_gem_framebuffer_helper.c b/drivers/gpu/drm/drm_gem_framebuffer_helper.c index 618ce725cd75..723f1d652c01 100644 --- a/drivers/gpu/drm/drm_gem_framebuffer_helper.c +++ b/drivers/gpu/drm/drm_gem_framebuffer_helper.c @@ -99,8 +99,10 @@ void drm_gem_fb_destroy(struct drm_framebuffer *fb) { unsigned int i; - for (i = 0; i < fb->format->num_planes; i++) + for (i = 0; i < fb->format->num_planes; i++) { + drm_gem_object_handle_put_unlocked(fb->obj[i]); drm_gem_object_put(fb->obj[i]); + } drm_framebuffer_cleanup(fb); kfree(fb); @@ -185,6 +187,7 @@ int drm_gem_fb_init_with_funcs(struct drm_device *dev, ret = -ENOENT; goto err_gem_object_put; } + drm_gem_object_handle_get_unlocked(objs[i]); min_size = (height - 1) * mode_cmd->pitches[i] + drm_format_info_min_pitch(info, i, width) @@ -195,6 +198,7 @@ int drm_gem_fb_init_with_funcs(struct drm_device *dev, "GEM object size (%zu) smaller than minimum size (%u) for plane %d\n", objs[i]->size, min_size, i); drm_gem_object_put(objs[i]); + drm_gem_object_handle_put_unlocked(objs[i]); ret = -EINVAL; goto err_gem_object_put; } @@ -210,6 +214,7 @@ int drm_gem_fb_init_with_funcs(struct drm_device *dev, while (i > 0) { --i; drm_gem_object_put(objs[i]); + drm_gem_object_handle_put_unlocked(objs[i]); } return ret; } diff --git a/drivers/gpu/drm/drm_internal.h b/drivers/gpu/drm/drm_internal.h index 442eb31351dd..f7b414a813ae 100644 --- a/drivers/gpu/drm/drm_internal.h +++ b/drivers/gpu/drm/drm_internal.h @@ -161,6 +161,8 @@ void drm_sysfs_lease_event(struct drm_device *dev); /* drm_gem.c */ int drm_gem_init(struct drm_device *dev); +void drm_gem_object_handle_get_unlocked(struct drm_gem_object *obj); +void drm_gem_object_handle_put_unlocked(struct drm_gem_object *obj); int drm_gem_handle_create_tail(struct drm_file *file_priv, struct drm_gem_object *obj, u32 *handlep); -- 2.50.0

4 months, 2 weeks

2
1
0 0

[PATCH v1 RESEND stable tags] nvmem: layouts: u-boot-env: remove crc32 endianness conversion

by Michael C. Pratt

On 11 Oct 2022, it was reported that the crc32 verification of the u-boot environment failed only on big-endian systems for the u-boot-env nvmem layout driver with the following error. Invalid calculated CRC32: 0x88cd6f09 (expected: 0x096fcd88) This problem has been present since the driver was introduced, and before it was made into a layout driver. The suggested fix at the time was to use further endianness conversion macros in order to have both the stored and calculated crc32 values to compare always represented in the system's endianness. This was not accepted due to sparse warnings and some disagreement on how to handle the situation. Later on in a newer revision of the patch, it was proposed to use cpu_to_le32() for both values to compare instead of le32_to_cpu() and store the values as __le32 type to remove compilation errors. The necessity of this is based on the assumption that the use of crc32() requires endianness conversion because the algorithm uses little-endian, however, this does not prove to be the case and the issue is unrelated. Upon inspecting the current kernel code, there already is an existing use of le32_to_cpu() in this driver, which suggests there already is special handling for big-endian systems, however, it is big-endian systems that have the problem. This, being the only functional difference between architectures in the driver combined with the fact that the suggested fix was to use the exact same endianness conversion for the values brings up the possibility that it was not necessary to begin with, as the same endianness conversion for two values expected to be the same is expected to be equivalent to no conversion at all. After inspecting the u-boot environment of devices of both endianness and trying to remove the existing endianness conversion, the problem is resolved in an equivalent way as the other suggested fixes. Ultimately, it seems that u-boot is agnostic to endianness at least for the purpose of environment variables. In other words, u-boot reads and writes the stored crc32 value with the same endianness that the crc32 value is calculated with in whichever endianness a certain architecture runs on. Therefore, the u-boot-env driver does not need to convert endianness. Remove the usage of endianness macros in the u-boot-env driver, and change the type of local variables to maintain the same return type. If there is a special situation in the case of endianness, it would be a corner case and should be handled by a unique "compatible". Even though it is not necessary to use endianness conversion macros here, it may be useful to use them in the future for consistent error printing. Fixes: d5542923f200 ("nvmem: add driver handling U-Boot environment variables") Reported-by: INAGAKI Hiroshi <musashino.open(a)gmail.com> Link: https://lore.kernel.org/all/20221011024928.1807-1-musashino.open@gmail.com Cc: <stable(a)vger.kernel.org> # 6.12.x Cc: <stable(a)vger.kernel.org> # 6.6.x: f4cf4e5: Revert "nvmem: add new config option" Cc: <stable(a)vger.kernel.org> # 6.6.x: 7f38b70: of: device: Export of_device_make_bus_id() Cc: <stable(a)vger.kernel.org> # 6.6.x: 4a1a402: nvmem: Move of_nvmem_layout_get_container() in another header Cc: <stable(a)vger.kernel.org> # 6.6.x: fc29fd8: nvmem: core: Rework layouts to become regular devices Cc: <stable(a)vger.kernel.org> # 6.6.x: 0331c61: nvmem: core: Expose cells through sysfs Cc: <stable(a)vger.kernel.org> # 6.6.x: 401df0d: nvmem: layouts: refactor .add_cells() callback arguments Cc: <stable(a)vger.kernel.org> # 6.6.x: 6d0ca4a: nvmem: layouts: store owner from modules with nvmem_layout_driver_register() Cc: <stable(a)vger.kernel.org> # 6.6.x: 5f15811: nvmem: layouts: add U-Boot env layout Cc: <stable(a)vger.kernel.org> # 6.6.x Signed-off-by: Michael C. Pratt <mcpratt(a)pm.me> --- drivers/nvmem/layouts/u-boot-env.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/nvmem/layouts/u-boot-env.c b/drivers/nvmem/layouts/u-boot-env.c index 731e6f4f12b2..21f6dcf905dd 100644 --- a/drivers/nvmem/layouts/u-boot-env.c +++ b/drivers/nvmem/layouts/u-boot-env.c @@ -92,7 +92,7 @@ int u_boot_env_parse(struct device *dev, struct nvmem_device *nvmem, size_t crc32_data_offset; size_t crc32_data_len; size_t crc32_offset; - __le32 *crc32_addr; + uint32_t *crc32_addr; size_t data_offset; size_t data_len; size_t dev_size; @@ -143,8 +143,8 @@ int u_boot_env_parse(struct device *dev, struct nvmem_device *nvmem, goto err_kfree; } - crc32_addr = (__le32 *)(buf + crc32_offset); - crc32 = le32_to_cpu(*crc32_addr); + crc32_addr = (uint32_t *)(buf + crc32_offset); + crc32 = *crc32_addr; crc32_data_len = dev_size - crc32_data_offset; data_len = dev_size - data_offset; base-commit: 38fec10eb60d687e30c8c6b5420d86e8149f7557 -- 2.30.2

4 months, 2 weeks

2
1
0 0

[PATCH] HID: appletb-kbd: fix memory corruption of input_handler_list

by Qasim Ijaz

In appletb_kbd_probe an input handler is initialised and then registered with input core through input_register_handler(). When this happens input core will add the input handler (specifically its node) to the global input_handler_list. The input_handler_list is central to the functionality of input core and is traversed in various places in input core. An example of this is when a new input device is plugged in and gets registered with input core. The input_handler in probe is allocated as device managed memory. If a probe failure occurs after input_register_handler() the input_handler memory is freed, yet it will remain in the input_handler_list. This effectively means the input_handler_list contains a dangling pointer to data belonging to a freed input handler. This causes an issue when any other input device is plugged in - in my case I had an old PixArt HP USB optical mouse and I decided to plug it in after a failure occurred after input_register_handler(). This lead to the registration of this input device via input_register_device which involves traversing over every handler in the corrupted input_handler_list and calling input_attach_handler(), giving each handler a chance to bind to newly registered device. The core of this bug is a UAF which causes memory corruption of input_handler_list and to fix it we must ensure the input handler is unregistered from input core, this is done through input_unregister_handler(). [ 63.191597] ================================================================== [ 63.192094] BUG: KASAN: slab-use-after-free in input_attach_handler.isra.0+0x1a9/0x1e0 [ 63.192094] Read of size 8 at addr ffff888105ea7c80 by task kworker/0:2/54 [ 63.192094] [ 63.192094] CPU: 0 UID: 0 PID: 54 Comm: kworker/0:2 Not tainted 6.16.0-rc2-00321-g2aa6621d [ 63.192094] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.164 [ 63.192094] Workqueue: usb_hub_wq hub_event [ 63.192094] Call Trace: [ 63.192094] <TASK> [ 63.192094] dump_stack_lvl+0x53/0x70 [ 63.192094] print_report+0xce/0x670 [ 63.192094] ? input_attach_handler.isra.0+0x1a9/0x1e0 [ 63.192094] kasan_report+0xce/0x100 [ 63.192094] ? input_attach_handler.isra.0+0x1a9/0x1e0 [ 63.192094] input_attach_handler.isra.0+0x1a9/0x1e0 [ 63.192094] input_register_device+0x76c/0xd00 [ 63.192094] hidinput_connect+0x686d/0xad60 [ 63.192094] ? __pfx_hidinput_connect+0x10/0x10 [ 63.192094] ? xhci_urb_enqueue+0x523/0x930 [ 63.192094] hid_connect+0xf20/0x1b10 [ 63.192094] ? mutex_unlock+0x7d/0xd0 [ 63.192094] ? __pfx_mutex_unlock+0x10/0x10 [ 63.192094] ? __pm_runtime_idle+0x95/0x1c0 [ 63.192094] ? __pfx_hid_connect+0x10/0x10 [ 63.192094] hid_hw_start+0x83/0x100 [ 63.192094] hid_device_probe+0x2d1/0x680 [ 63.192094] really_probe+0x1c3/0x690 [ 63.192094] __driver_probe_device+0x247/0x300 [ 63.192094] driver_probe_device+0x49/0x210 [ 63.192094] __device_attach_driver+0x160/0x320 [ 63.192094] ? __pfx___device_attach_driver+0x10/0x10 [ 63.192094] bus_for_each_drv+0x10f/0x190 [ 63.192094] ? __pfx_bus_for_each_drv+0x10/0x10 [ 63.192094] __device_attach+0x18e/0x370 [ 63.192094] ? __pfx___device_attach+0x10/0x10 [ 63.192094] ? kobject_get+0x50/0xe0 [ 63.192094] bus_probe_device+0x123/0x170 [ 63.192094] device_add+0xd4d/0x1460 [ 63.192094] ? __pfx_device_add+0x10/0x10 [ 63.192094] ? up_write+0x4d/0x90 [ 63.192094] ? __debugfs_create_file+0x377/0x5a0 [ 63.192094] hid_add_device+0x30b/0x910 [ 63.192094] ? __pfx_hid_add_device+0x10/0x10 [ 63.192094] usbhid_probe+0x920/0xe00 [ 63.192094] ? pm_runtime_enable+0xfa/0x2a0 [ 63.192094] usb_probe_interface+0x363/0x9a0 [ 63.192094] ? sysfs_do_create_link_sd+0x89/0x100 [ 63.192094] really_probe+0x1c3/0x690 [ 63.192094] __driver_probe_device+0x247/0x300 [ 63.192094] driver_probe_device+0x49/0x210 [ 63.192094] __device_attach_driver+0x160/0x320 [ 63.192094] ? __pfx___device_attach_driver+0x10/0x10 [ 63.192094] bus_for_each_drv+0x10f/0x190 [ 63.192094] ? __pfx_bus_for_each_drv+0x10/0x10 [ 63.192094] __device_attach+0x18e/0x370 [ 63.192094] ? __pfx___device_attach+0x10/0x10 [ 63.192094] ? kobject_get+0x50/0xe0 [ 63.192094] bus_probe_device+0x123/0x170 [ 63.192094] device_add+0xd4d/0x1460 [ 63.192094] ? __pfx_device_add+0x10/0x10 [ 63.192094] ? mutex_unlock+0x7d/0xd0 [ 63.192094] ? __pfx_mutex_unlock+0x10/0x10 [ 63.192094] usb_set_configuration+0xd14/0x1880 [ 63.192094] usb_generic_driver_probe+0x78/0xb0 [ 63.192094] usb_probe_device+0xaa/0x2e0 [ 63.192094] really_probe+0x1c3/0x690 [ 63.192094] __driver_probe_device+0x247/0x300 [ 63.192094] ? usb_generic_driver_match+0x58/0x80 [ 63.192094] driver_probe_device+0x49/0x210 [ 63.192094] __device_attach_driver+0x160/0x320 [ 63.192094] ? __pfx___device_attach_driver+0x10/0x10 [ 63.192094] bus_for_each_drv+0x10f/0x190 [ 63.192094] ? __pfx_bus_for_each_drv+0x10/0x10 [ 63.192094] __device_attach+0x18e/0x370 [ 63.192094] ? __pfx___device_attach+0x10/0x10 [ 63.192094] ? kobject_get+0x50/0xe0 [ 63.192094] bus_probe_device+0x123/0x170 [ 63.192094] device_add+0xd4d/0x1460 [ 63.192094] ? __pfx_device_add+0x10/0x10 [ 63.192094] ? add_device_randomness+0xb2/0xe0 [ 63.192094] usb_new_device+0x7b4/0x1000 [ 63.192094] hub_event+0x234d/0x3fa0 [ 63.192094] ? __pfx_hub_event+0x10/0x10 [ 63.192094] ? _raw_spin_lock_irqsave+0x85/0xe0 [ 63.192094] ? _raw_spin_lock_irqsave+0x85/0xe0 [ 63.192094] ? mutex_unlock+0x7d/0xd0 [ 63.192094] ? _raw_spin_lock_irq+0x80/0xe0 [ 63.192094] ? __pfx__raw_spin_lock_irq+0x10/0x10 [ 63.192094] ? __pm_runtime_suspend+0x74/0x1c0 [ 63.192094] process_one_work+0x5bf/0xfe0 [ 63.192094] worker_thread+0x777/0x13a0 [ 63.192094] ? __kthread_parkme+0x99/0x180 [ 63.192094] ? __pfx_worker_thread+0x10/0x10 [ 63.192094] kthread+0x327/0x630 [ 63.192094] ? __pfx_kthread+0x10/0x10 [ 63.192094] ? __pfx__raw_spin_lock_irq+0x10/0x10 [ 63.192094] ? __pfx_kthread+0x10/0x10 [ 63.192094] ? __pfx_kthread+0x10/0x10 [ 63.192094] ret_from_fork+0xff/0x1a0 [ 63.192094] ? __pfx_kthread+0x10/0x10 [ 63.192094] ret_from_fork_asm+0x1a/0x30 [ 63.192094] </TASK> [ 63.192094] [ 63.192094] Allocated by task 54: [ 63.192094] kasan_save_stack+0x33/0x60 [ 63.192094] kasan_save_track+0x14/0x30 [ 63.192094] __kasan_kmalloc+0x8f/0xa0 [ 63.192094] __kmalloc_node_track_caller_noprof+0x195/0x420 [ 63.192094] devm_kmalloc+0x74/0x1e0 [ 63.192094] appletb_kbd_probe+0x39/0x440 [ 63.192094] hid_device_probe+0x2d1/0x680 [ 63.192094] really_probe+0x1c3/0x690 [ 63.192094] __driver_probe_device+0x247/0x300 [ 63.192094] driver_probe_device+0x49/0x210 [ 63.192094] __device_attach_driver+0x160/0x320 [...] [ 63.192094] [ 63.192094] Freed by task 54: [ 63.192094] kasan_save_stack+0x33/0x60 [ 63.192094] kasan_save_track+0x14/0x30 [ 63.192094] kasan_save_free_info+0x3b/0x60 [ 63.192094] __kasan_slab_free+0x37/0x50 [ 63.192094] kfree+0xcf/0x360 [ 63.192094] devres_release_group+0x1f8/0x3c0 [ 63.192094] hid_device_probe+0x315/0x680 [ 63.192094] really_probe+0x1c3/0x690 [ 63.192094] __driver_probe_device+0x247/0x300 [ 63.192094] driver_probe_device+0x49/0x210 [ 63.192094] __device_attach_driver+0x160/0x320 [...] Fixes: 93a0fc489481 ("HID: hid-appletb-kbd: add support for automatic brightness control while using the touchbar") Cc: stable(a)vger.kernel.org Signed-off-by: Qasim Ijaz <qasdev00(a)gmail.com> --- drivers/hid/hid-appletb-kbd.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/hid/hid-appletb-kbd.c b/drivers/hid/hid-appletb-kbd.c index d11c49665147..271d1b27b8dd 100644 --- a/drivers/hid/hid-appletb-kbd.c +++ b/drivers/hid/hid-appletb-kbd.c @@ -430,13 +430,15 @@ static int appletb_kbd_probe(struct hid_device *hdev, const struct hid_device_id ret = appletb_kbd_set_mode(kbd, appletb_tb_def_mode); if (ret) { dev_err_probe(dev, ret, "Failed to set touchbar mode\n"); - goto close_hw; + goto unregister_handler; } hid_set_drvdata(hdev, kbd); return 0; +unregister_handler: + input_unregister_handler(&kbd->inp_handler); close_hw: if (kbd->backlight_dev) { put_device(&kbd->backlight_dev->dev); -- 2.39.5

4 months, 2 weeks

3
4
0 0

Linux 6.12.35

by Greg Kroah-Hartman

I'm announcing the release of the 6.12.35 kernel. All users of the 6.12 kernel series must upgrade. The updated 6.12.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.12.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/devicetree/bindings/i2c/nvidia,tegra20-i2c.yaml | 24 - Documentation/kbuild/makefiles.rst | 14 Makefile | 2 arch/arm/mach-omap2/clockdomain.h | 1 arch/arm/mach-omap2/clockdomains33xx_data.c | 2 arch/arm/mach-omap2/cm33xx.c | 14 arch/arm/mach-omap2/pmic-cpcap.c | 6 arch/arm/mm/ioremap.c | 4 arch/arm64/Makefile | 2 arch/arm64/include/asm/tlbflush.h | 9 arch/arm64/kernel/ptrace.c | 2 arch/arm64/mm/mmu.c | 3 arch/loongarch/include/asm/irqflags.h | 16 arch/loongarch/include/asm/vdso/getrandom.h | 2 arch/loongarch/include/asm/vdso/gettimeofday.h | 6 arch/loongarch/mm/hugetlbpage.c | 3 arch/mips/vdso/Makefile | 1 arch/parisc/boot/compressed/Makefile | 1 arch/parisc/kernel/unaligned.c | 2 arch/powerpc/include/asm/ppc_asm.h | 2 arch/powerpc/kernel/eeh.c | 2 arch/powerpc/kernel/vdso/Makefile | 2 arch/powerpc/platforms/pseries/msi.c | 7 arch/riscv/kvm/vcpu_sbi_replace.c | 8 arch/s390/kvm/gaccess.c | 8 arch/s390/pci/pci.c | 45 + arch/s390/pci/pci_bus.h | 7 arch/s390/pci/pci_event.c | 22 arch/s390/pci/pci_mmio.c | 2 arch/x86/include/asm/tdx.h | 2 arch/x86/kernel/cpu/sgx/main.c | 2 arch/x86/kvm/svm/svm.c | 2 arch/x86/kvm/vmx/vmx.c | 5 arch/x86/tools/insn_decoder_test.c | 5 arch/x86/virt/vmx/tdx/tdx.c | 5 block/blk-merge.c | 26 - block/blk-zoned.c | 1 drivers/accel/ivpu/ivpu_fw.c | 12 drivers/accel/ivpu/ivpu_gem.c | 89 ++- drivers/accel/ivpu/ivpu_gem.h | 2 drivers/acpi/acpica/amlresrc.h | 8 drivers/acpi/acpica/dsutils.c | 9 drivers/acpi/acpica/psobject.c | 52 -- drivers/acpi/acpica/rsaddr.c | 13 drivers/acpi/acpica/rscalc.c | 22 drivers/acpi/acpica/rslist.c | 12 drivers/acpi/acpica/utprint.c | 7 drivers/acpi/acpica/utresrc.c | 14 drivers/acpi/battery.c | 19 drivers/acpi/bus.c | 6 drivers/ata/ahci.c | 35 + drivers/ata/pata_via.c | 3 drivers/atm/atmtcp.c | 4 drivers/base/platform-msi.c | 1 drivers/base/power/runtime.c | 2 drivers/base/swnode.c | 2 drivers/block/aoe/aoedev.c | 8 drivers/block/ublk_drv.c | 3 drivers/bluetooth/btusb.c | 4 drivers/bus/fsl-mc/fsl-mc-uapi.c | 4 drivers/bus/fsl-mc/mc-io.c | 19 drivers/bus/fsl-mc/mc-sys.c | 2 drivers/bus/mhi/ep/ring.c | 16 drivers/bus/mhi/host/pm.c | 18 drivers/bus/ti-sysc.c | 49 -- drivers/clk/meson/g12a.c | 1 drivers/clk/qcom/gcc-x1e80100.c | 4 drivers/clk/rockchip/clk-rk3036.c | 1 drivers/cpufreq/amd-pstate.c | 3 drivers/cpufreq/scmi-cpufreq.c | 36 + drivers/crypto/intel/qat/qat_420xx/adf_drv.c | 8 drivers/crypto/intel/qat/qat_4xxx/adf_drv.c | 8 drivers/crypto/intel/qat/qat_c3xxx/adf_drv.c | 8 drivers/crypto/intel/qat/qat_c62x/adf_drv.c | 8 drivers/crypto/intel/qat/qat_dh895xcc/adf_drv.c | 8 drivers/crypto/marvell/cesa/cesa.c | 2 drivers/crypto/marvell/cesa/cesa.h | 9 drivers/crypto/marvell/cesa/tdma.c | 53 +- drivers/dma-buf/udmabuf.c | 5 drivers/edac/altera_edac.c | 6 drivers/edac/amd64_edac.c | 1 drivers/firmware/arm_scmi/driver.c | 76 +-- drivers/firmware/arm_scmi/protocols.h | 2 drivers/firmware/sysfb.c | 26 - drivers/gpio/gpio-mlxbf3.c | 54 +- drivers/gpio/gpio-pca953x.c | 2 drivers/gpio/gpiolib-of.c | 9 drivers/gpu/drm/amd/amdgpu/vcn_v4_0_5.c | 8 drivers/gpu/drm/i915/i915_pmu.c | 4 drivers/gpu/drm/msm/adreno/a6xx_gpu.c | 14 drivers/gpu/drm/msm/disp/dpu1/dpu_encoder_phys_vid.c | 14 drivers/gpu/drm/msm/dsi/phy/dsi_phy_10nm.c | 7 drivers/gpu/drm/msm/registers/adreno/adreno_pm4.xml | 3 drivers/gpu/drm/nouveau/nouveau_backlight.c | 2 drivers/gpu/drm/solomon/ssd130x.c | 2 drivers/gpu/drm/v3d/v3d_sched.c | 8 drivers/gpu/drm/xe/display/xe_display.c | 43 + drivers/gpu/drm/xe/display/xe_display.h | 4 drivers/gpu/drm/xe/xe_device.c | 40 + drivers/gpu/drm/xe/xe_gt.c | 110 ++-- drivers/gpu/drm/xe/xe_gt.h | 1 drivers/hid/hid-asus.c | 107 ++++ drivers/hv/connection.c | 23 drivers/hwmon/ftsteutates.c | 9 drivers/hwmon/ltc4282.c | 7 drivers/hwmon/occ/common.c | 240 ++++------ drivers/i2c/busses/i2c-designware-slave.c | 2 drivers/i2c/busses/i2c-npcm7xx.c | 12 drivers/i2c/busses/i2c-tegra.c | 5 drivers/iio/accel/fxls8962af-core.c | 15 drivers/iio/adc/Kconfig | 1 drivers/iio/adc/ad7606_spi.c | 2 drivers/iio/adc/ad7944.c | 2 drivers/iio/imu/inv_icm42600/inv_icm42600_temp.c | 8 drivers/infiniband/core/iwcm.c | 29 - drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 2 drivers/input/keyboard/gpio_keys.c | 2 drivers/input/misc/ims-pcu.c | 6 drivers/input/misc/sparcspkr.c | 22 drivers/iommu/amd/iommu.c | 41 + drivers/iommu/intel/iommu.c | 11 drivers/iommu/intel/iommu.h | 1 drivers/iommu/intel/nested.c | 4 drivers/md/dm-raid1.c | 5 drivers/md/dm-table.c | 8 drivers/md/dm-verity-fec.c | 4 drivers/md/dm-verity-target.c | 8 drivers/md/dm-verity-verify-sig.c | 17 drivers/media/common/videobuf2/videobuf2-dma-sg.c | 4 drivers/media/i2c/ccs-pll.c | 11 drivers/media/i2c/ds90ub913.c | 4 drivers/media/i2c/imx335.c | 5 drivers/media/i2c/ov2740.c | 4 drivers/media/i2c/ov5675.c | 5 drivers/media/i2c/ov8856.c | 9 drivers/media/pci/intel/ipu6/ipu6-dma.c | 4 drivers/media/pci/intel/ipu6/ipu6.c | 5 drivers/media/platform/imagination/e5010-jpeg-enc.c | 9 drivers/media/platform/mediatek/vcodec/decoder/vdec/vdec_hevc_req_multi_if.c | 2 drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c | 59 +- drivers/media/platform/nxp/imx8-isi/imx8-isi-m2m.c | 14 drivers/media/platform/qcom/venus/core.c | 16 drivers/media/platform/ti/davinci/vpif.c | 4 drivers/media/platform/ti/omap3isp/ispccdc.c | 8 drivers/media/platform/ti/omap3isp/ispstat.c | 6 drivers/media/test-drivers/vidtv/vidtv_channel.c | 2 drivers/media/test-drivers/vivid/vivid-vid-cap.c | 2 drivers/media/usb/dvb-usb/cxusb.c | 3 drivers/media/usb/gspca/stv06xx/stv06xx_hdcs.c | 7 drivers/media/usb/uvc/uvc_ctrl.c | 23 drivers/media/usb/uvc/uvc_driver.c | 27 - drivers/media/v4l2-core/v4l2-dev.c | 14 drivers/mmc/core/card.h | 6 drivers/mmc/core/quirks.h | 10 drivers/mmc/core/sd.c | 32 + drivers/mtd/nand/raw/qcom_nandc.c | 2 drivers/mtd/nand/raw/sunxi_nand.c | 2 drivers/net/can/kvaser_pciefd.c | 3 drivers/net/can/m_can/tcan4x5x-core.c | 9 drivers/net/ethernet/aquantia/atlantic/aq_main.c | 1 drivers/net/ethernet/aquantia/atlantic/aq_nic.c | 2 drivers/net/ethernet/broadcom/bnxt/bnxt.c | 91 +++ drivers/net/ethernet/broadcom/bnxt/bnxt_ulp.c | 29 - drivers/net/ethernet/broadcom/bnxt/bnxt_ulp.h | 1 drivers/net/ethernet/cadence/macb_main.c | 6 drivers/net/ethernet/cortina/gemini.c | 37 + drivers/net/ethernet/dlink/dl2k.c | 14 drivers/net/ethernet/dlink/dl2k.h | 2 drivers/net/ethernet/emulex/benet/be_cmds.c | 2 drivers/net/ethernet/faraday/Kconfig | 1 drivers/net/ethernet/intel/e1000e/netdev.c | 14 drivers/net/ethernet/intel/e1000e/ptp.c | 8 drivers/net/ethernet/intel/i40e/i40e_common.c | 7 drivers/net/ethernet/intel/ice/ice_arfs.c | 48 ++ drivers/net/ethernet/intel/ice/ice_eswitch.c | 6 drivers/net/ethernet/intel/ice/ice_switch.c | 4 drivers/net/ethernet/intel/ixgbe/ixgbe_phy.c | 4 drivers/net/ethernet/marvell/octeontx2/nic/cn10k.c | 9 drivers/net/ethernet/mellanox/mlx4/en_ethtool.c | 1 drivers/net/ethernet/mellanox/mlx5/core/steering/hws/mlx5hws_definer.c | 78 ++- drivers/net/ethernet/mellanox/mlx5/core/vport.c | 18 drivers/net/ethernet/mellanox/mlxbf_gige/mlxbf_gige_main.c | 6 drivers/net/ethernet/meta/fbnic/fbnic_fw.c | 5 drivers/net/ethernet/microchip/lan743x_ethtool.c | 18 drivers/net/ethernet/microchip/lan743x_ptp.h | 4 drivers/net/ethernet/pensando/ionic/ionic_main.c | 3 drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 7 drivers/net/ethernet/ti/am65-cpsw-nuss.c | 24 - drivers/net/ethernet/vertexcom/mse102x.c | 15 drivers/net/netdevsim/netdev.c | 2 drivers/net/usb/asix.h | 1 drivers/net/usb/asix_common.c | 22 drivers/net/usb/asix_devices.c | 17 drivers/net/usb/ch9200.c | 7 drivers/net/vxlan/vxlan_core.c | 8 drivers/net/wireless/ath/ath11k/ce.c | 11 drivers/net/wireless/ath/ath11k/core.c | 55 ++ drivers/net/wireless/ath/ath11k/core.h | 7 drivers/net/wireless/ath/ath11k/dp_rx.c | 25 - drivers/net/wireless/ath/ath11k/hal.c | 4 drivers/net/wireless/ath/ath11k/qmi.c | 9 drivers/net/wireless/ath/ath12k/ce.c | 11 drivers/net/wireless/ath/ath12k/ce.h | 6 drivers/net/wireless/ath/ath12k/dp_mon.c | 2 drivers/net/wireless/ath/ath12k/hal.c | 12 drivers/net/wireless/ath/ath12k/hal_desc.h | 2 drivers/net/wireless/ath/ath12k/pci.c | 5 drivers/net/wireless/ath/ath12k/wmi.c | 20 drivers/net/wireless/ath/carl9170/usb.c | 19 drivers/net/wireless/intel/iwlwifi/cfg/22000.c | 3 drivers/net/wireless/intel/iwlwifi/mvm/mac-ctxt.c | 4 drivers/net/wireless/intel/iwlwifi/pcie/trans.c | 6 drivers/net/wireless/intersil/p54/fwio.c | 2 drivers/net/wireless/intersil/p54/p54.h | 1 drivers/net/wireless/intersil/p54/txrx.c | 13 drivers/net/wireless/mediatek/mt76/mt76x2/usb.c | 2 drivers/net/wireless/mediatek/mt76/mt76x2/usb_init.c | 13 drivers/net/wireless/mediatek/mt76/mt7921/main.c | 5 drivers/net/wireless/mediatek/mt76/mt7925/init.c | 6 drivers/net/wireless/mediatek/mt76/mt7925/mcu.c | 20 drivers/net/wireless/mediatek/mt76/mt7925/mcu.h | 1 drivers/net/wireless/mediatek/mt76/mt7925/pci.c | 3 drivers/net/wireless/mediatek/mt76/mt7925/regs.h | 2 drivers/net/wireless/mediatek/mt76/mt7996/mac.c | 8 drivers/net/wireless/purelifi/plfxlc/usb.c | 4 drivers/net/wireless/realtek/rtlwifi/pci.c | 10 drivers/net/wireless/realtek/rtw88/hci.h | 8 drivers/net/wireless/realtek/rtw88/mac.c | 11 drivers/net/wireless/realtek/rtw88/mac.h | 2 drivers/net/wireless/realtek/rtw88/pci.c | 2 drivers/net/wireless/realtek/rtw88/sdio.c | 2 drivers/net/wireless/realtek/rtw88/usb.c | 57 ++ drivers/net/wireless/realtek/rtw89/cam.c | 3 drivers/net/wireless/realtek/rtw89/mac.c | 4 drivers/net/wireless/realtek/rtw89/phy.c | 10 drivers/net/wireless/realtek/rtw89/phy.h | 1 drivers/net/wireless/realtek/rtw89/rtw8922a_rfk.c | 5 drivers/net/wireless/virtual/mac80211_hwsim.c | 5 drivers/nvme/host/ioctl.c | 21 drivers/pci/controller/cadence/pcie-cadence-ep.c | 5 drivers/pci/controller/dwc/pcie-designware-ep.c | 5 drivers/pci/controller/dwc/pcie-dw-rockchip.c | 6 drivers/pci/hotplug/s390_pci_hpc.c | 2 drivers/pci/pci.c | 3 drivers/pci/quirks.c | 23 drivers/phy/freescale/phy-fsl-imx8mq-usb.c | 10 drivers/pinctrl/mvebu/pinctrl-armada-37xx.c | 21 drivers/pinctrl/pinctrl-mcp23s08.c | 8 drivers/platform/loongarch/loongson-laptop.c | 87 +-- drivers/platform/x86/amd/pmc/pmc.c | 2 drivers/platform/x86/amd/pmf/tee-if.c | 11 drivers/platform/x86/dell/dell_rbu.c | 6 drivers/platform/x86/ideapad-laptop.c | 19 drivers/platform/x86/intel/uncore-frequency/uncore-frequency-tpmi.c | 9 drivers/pmdomain/core.c | 4 drivers/power/supply/bq27xxx_battery.c | 2 drivers/power/supply/bq27xxx_battery_i2c.c | 13 drivers/power/supply/collie_battery.c | 1 drivers/power/supply/max17040_battery.c | 5 drivers/ptp/ptp_clock.c | 3 drivers/ptp/ptp_private.h | 22 drivers/pwm/pwm-axi-pwmgen.c | 23 drivers/rapidio/rio_cm.c | 3 drivers/regulator/max14577-regulator.c | 5 drivers/regulator/max20086-regulator.c | 4 drivers/remoteproc/remoteproc_core.c | 6 drivers/remoteproc/ti_k3_m4_remoteproc.c | 2 drivers/s390/scsi/zfcp_sysfs.c | 2 drivers/scsi/elx/efct/efct_hw.c | 5 drivers/scsi/lpfc/lpfc_hbadisc.c | 2 drivers/scsi/lpfc/lpfc_sli.c | 4 drivers/scsi/smartpqi/smartpqi_init.c | 84 +++ drivers/scsi/storvsc_drv.c | 10 drivers/soc/qcom/pmic_glink_altmode.c | 30 - drivers/staging/iio/impedance-analyzer/ad5933.c | 2 drivers/tee/tee_core.c | 11 drivers/tty/serial/sh-sci.c | 48 +- drivers/uio/uio_hv_generic.c | 7 drivers/video/console/dummycon.c | 18 drivers/video/console/vgacon.c | 2 drivers/video/fbdev/core/fbcon.c | 7 drivers/video/fbdev/core/fbmem.c | 22 drivers/video/screen_info_pci.c | 79 ++- drivers/virt/coco/tsm.c | 31 + drivers/watchdog/da9052_wdt.c | 1 fs/ceph/addr.c | 9 fs/ceph/super.c | 1 fs/configfs/dir.c | 2 fs/ext4/ext4.h | 7 fs/ext4/extents.c | 18 fs/ext4/file.c | 7 fs/ext4/inline.c | 2 fs/ext4/inode.c | 10 fs/f2fs/compress.c | 23 fs/f2fs/f2fs.h | 5 fs/f2fs/inode.c | 10 fs/f2fs/namei.c | 9 fs/f2fs/segment.c | 12 fs/f2fs/super.c | 12 fs/gfs2/lock_dlm.c | 3 fs/isofs/inode.c | 7 fs/isofs/isofs.h | 4 fs/isofs/rock.c | 40 - fs/isofs/rock.h | 6 fs/isofs/util.c | 49 +- fs/jbd2/transaction.c | 5 fs/jffs2/erase.c | 4 fs/jffs2/scan.c | 4 fs/jffs2/summary.c | 7 fs/nfs/nfs4proc.c | 5 fs/nfs/read.c | 3 fs/nfsd/nfs4proc.c | 3 fs/nfsd/nfs4xdr.c | 19 fs/nfsd/nfsctl.c | 26 - fs/nfsd/nfssvc.c | 6 fs/overlayfs/file.c | 4 fs/smb/client/cached_dir.c | 14 fs/smb/client/cached_dir.h | 8 fs/smb/client/cifsglob.h | 1 fs/smb/client/connect.c | 17 fs/smb/client/namespace.c | 3 fs/smb/client/readdir.c | 28 - fs/smb/client/reparse.c | 1 fs/smb/client/sess.c | 7 fs/smb/client/smb2pdu.c | 33 - fs/smb/client/smbdirect.c | 5 fs/smb/client/transport.c | 14 fs/smb/server/connection.c | 2 fs/smb/server/connection.h | 1 fs/smb/server/smb2pdu.c | 11 fs/smb/server/transport_rdma.c | 10 fs/smb/server/transport_tcp.c | 3 fs/xattr.c | 1 include/acpi/actypes.h | 2 include/linux/acpi.h | 9 include/linux/atmdev.h | 6 include/linux/bus/stm32_firewall_device.h | 15 include/linux/f2fs_fs.h | 1 include/linux/hugetlb.h | 3 include/linux/mmc/card.h | 1 include/linux/tcp.h | 2 include/net/checksum.h | 2 include/net/ipv6.h | 9 include/net/mac80211.h | 16 include/trace/events/erofs.h | 18 include/uapi/linux/bpf.h | 2 io_uring/io-wq.c | 4 io_uring/io_uring.c | 2 io_uring/kbuf.c | 7 io_uring/sqpoll.c | 5 ipc/shm.c | 5 kernel/bpf/bpf_struct_ops.c | 2 kernel/bpf/btf.c | 4 kernel/bpf/helpers.c | 3 kernel/cgroup/legacy_freezer.c | 3 kernel/events/core.c | 80 ++- kernel/exit.c | 17 kernel/sched/core.c | 4 kernel/sched/ext.c | 5 kernel/sched/ext.h | 2 kernel/time/clocksource.c | 2 kernel/trace/ftrace.c | 10 kernel/watchdog.c | 41 + kernel/workqueue.c | 3 lib/Kconfig | 1 lib/Kconfig.debug | 9 lib/Makefile | 2 lib/longest_symbol_kunit.c | 82 +++ mm/hugetlb.c | 67 ++ mm/madvise.c | 2 mm/page-writeback.c | 2 mm/vma.c | 7 mm/vma_internal.h | 1 net/atm/common.c | 1 net/atm/lec.c | 12 net/atm/raw.c | 2 net/bridge/br_mst.c | 4 net/bridge/br_multicast.c | 103 +++- net/bridge/br_private.h | 11 net/core/filter.c | 24 - net/core/page_pool.c | 4 net/core/skbuff.c | 3 net/core/skmsg.c | 3 net/core/sock.c | 4 net/core/utils.c | 4 net/ipv4/route.c | 4 net/ipv4/tcp_fastopen.c | 3 net/ipv4/tcp_input.c | 79 +-- net/ipv6/calipso.c | 8 net/ipv6/ila/ila_common.c | 6 net/ipv6/ip6_output.c | 2 net/ipv6/raw.c | 8 net/ipv6/udp.c | 7 net/l2tp/l2tp_ip6.c | 8 net/mac80211/cfg.c | 2 net/mac80211/debugfs_sta.c | 6 net/mac80211/mesh_hwmp.c | 6 net/mac80211/rate.c | 2 net/mac80211/sta_info.c | 28 - net/mac80211/sta_info.h | 11 net/mac80211/tx.c | 15 net/mpls/af_mpls.c | 4 net/netfilter/nft_set_pipapo.c | 6 net/nfc/nci/uart.c | 8 net/sched/sch_sfq.c | 10 net/sched/sch_taprio.c | 6 net/sctp/socket.c | 3 net/sunrpc/svc.c | 11 net/sunrpc/xprtrdma/svc_rdma_transport.c | 1 net/sunrpc/xprtsock.c | 5 net/tipc/crypto.c | 2 net/tipc/udp_media.c | 4 net/wireless/core.c | 6 net/xfrm/xfrm_user.c | 52 +- rust/Makefile | 14 scripts/Makefile.compiler | 8 scripts/generate_rust_analyzer.py | 13 security/selinux/xfrm.c | 2 sound/pci/hda/cs35l41_hda_property.c | 6 sound/pci/hda/hda_intel.c | 2 sound/pci/hda/patch_realtek.c | 5 sound/soc/amd/acp/acp-sdw-sof-mach.c | 2 sound/soc/amd/yc/acp6x-mach.c | 9 sound/soc/codecs/tas2770.c | 30 + sound/soc/codecs/wcd937x.c | 7 sound/soc/meson/meson-card-utils.c | 2 sound/soc/qcom/sdm845.c | 4 sound/soc/sdw_utils/soc_sdw_rt_amp.c | 2 sound/soc/tegra/tegra210_ahub.c | 2 sound/usb/mixer_maps.c | 12 tools/bpf/bpftool/cgroup.c | 12 tools/include/uapi/linux/bpf.h | 2 tools/lib/bpf/btf.c | 18 tools/lib/bpf/libbpf.c | 6 tools/perf/tests/tests-scripts.c | 1 tools/perf/util/print-events.c | 1 tools/testing/selftests/x86/Makefile | 2 tools/testing/selftests/x86/sigtrap_loop.c | 101 ++++ tools/testing/vma/vma_internal.h | 2 439 files changed, 3803 insertions(+), 1704 deletions(-) Aditya Kumar Singh (2): wifi: mac80211: validate SCAN_FLAG_AP in scan request during MLO wifi: ath12k: fix failed to set mhi state error during reboot with hardware grouping Ahmed Salem (1): ACPICA: Avoid sequence overread in call to strncmp() Akhil R (2): i2c: tegra: check msg length in SMBUS block read dt-bindings: i2c: nvidia,tegra20-i2c: Specify the required properties Alan Maguire (2): libbpf/btf: Fix string handling to support multi-split BTF libbpf: Add identical pointer detection to btf_dedup_is_equiv() Alexander Aring (1): gfs2: move msleep to sleepable context Alexander Sverdlin (1): Revert "bus: ti-sysc: Probe for l4_wkup and l4_cfg interconnect devices first" Alexey Kodanev (1): net: lan743x: fix potential out-of-bounds write in lan743x_ptp_io_event_clock_get() Alok Tiwari (1): emulex/benet: correct command version selection in be_cmd_get_stats() Andreas Kemnade (1): ARM: omap: pmic-cpcap: do not mess around without CPCAP or OMAP4 Andrew Morton (1): drivers/rapidio/rio_cm.c: prevent possible heap overwrite Andrew Zaborowski (1): x86/sgx: Prevent attempts to reclaim poisoned pages André Almeida (1): ovl: Fix nested backing file paths Anup Patel (2): RISC-V: KVM: Fix the size parameter check in SBI SFENCE calls RISC-V: KVM: Don't treat SBI HFENCE calls as NOPs Armin Wolf (1): ACPI: bus: Bail out if acpi_kobj registration fails Arnd Bergmann (3): parisc: fix building with gcc-15 hwmon: (occ) Rework attribute registration for stack usage hwmon: (occ) fix unaligned accesses Artem Sadovnikov (1): jffs2: check that raw node were preallocated before writing summary Arthur-Prince (1): iio: adc: ti-ads1298: Kconfig: add kfifo dependency to fix module build Avadhut Naik (1): EDAC/amd64: Correct number of UMCs for family 19h models 70h-7fh Balamurugan S (1): wifi: ath12k: fix incorrect CE addresses Baochen Qiang (2): wifi: ath12k: fix a possible dead lock caused by ab->base_lock wifi: ath11k: determine PM policy based on machine model Beleswar Padhi (1): remoteproc: k3-m4: Don't assert reset in detach routine Benjamin Berg (1): wifi: mac80211: do not offer a mesh path if forwarding is disabled Benjamin Lin (1): wifi: mt76: mt7996: drop fragments with multicast or broadcast RA Bharath SM (2): smb: improve directory cache reuse for readdir operations smb: fix secondary channel creation issue with kerberos by populating hostname when adding channels Bitterblue Smith (2): wifi: rtw88: usb: Upload the firmware in bigger chunks wifi: rtw88: usb: Reduce control message timeout to 500 ms Brett Creeley (1): ionic: Prevent driver/fw getting out of sync on devcmd(s) Brett Werling (1): can: tcan4x5x: fix power regulator retrieval during probe Brian Foster (1): ext4: only dirty folios when data journaling regular files Chao Gao (1): KVM: VMX: Flush shadow VMCS on emergency reboot Chao Yu (5): f2fs: fix to do sanity check on ino and xnid f2fs: fix to do sanity check on sit_bitmap_size f2fs: use vmalloc instead of kvmalloc in .init_{,de}compress_ctx f2fs: fix to bail out in get_new_segment() f2fs: fix to set atomic write status more clear Charan Teja Kalla (1): PM: runtime: fix denying of auto suspend in pm_suspend_timer_fn() Chen Linxuan (1): RDMA/hns: initialize db in update_srq_db() Chen Ridong (1): cgroup,freezer: fix incomplete freezing when attaching tasks Chris Chiu (1): ALSA: hda/realtek: Fix built-in mic on ASUS VivoBook X513EA Christian Lamparter (1): wifi: p54: prevent buffer-overflow in p54_rx_eeprom_readback() Christophe Leroy (1): powerpc/vdso: Fix build of VDSO32 with pcrel Chuck Lever (3): NFSD: Implement FATTR4_CLONE_BLKSIZE attribute SUNRPC: Prevent hang on NFS mount with xprtsec=[m]tls svcrdma: Unregister the device if svc_rdma_accept() fails Chuyi Zhou (1): workqueue: Initialize wq_isolated_cpumask in workqueue_init_early() Claudiu Beznea (2): serial: sh-sci: Clean sci_ports[0] after at earlycon exit serial: sh-sci: Increment the runtime usage counter for the earlycon device Connor Abbott (2): drm/msm: Fix CP_RESET_CONTEXT_STATE bitfield names drm/msm/a7xx: Call CP_RESET_CONTEXT_STATE Da Xue (1): clk: meson-g12a: add missing fclk_div2 to spicc Damien Le Moal (1): block: Clear BIO_EMULATES_ZONE_APPEND flag on BIO completion Dan Carpenter (1): Input: ims-pcu - check record size in ims_pcu_flash_firmware() Dan Williams (1): configfs-tsm-report: Fix NULL dereference of tsm_ops Daniel Wagner (1): scsi: lpfc: Use memcpy() for BIOS version David (Ming Qiang) Wu (1): drm/amdgpu: read back register after written for VCN v4.0.5 David Lechner (3): pwm: axi-pwmgen: fix missing separate external clock iio: adc: ad7944: mask high bits on direct read iio: adc: ad7606_spi: fix reg write value mask David Strahan (1): scsi: smartpqi: Add new PCI IDs David Thompson (2): mlxbf_gige: return EPROBE_DEFER if PHY IRQ is not available gpio: mlxbf3: only get IRQ for device instance 0 David Wei (1): tcp: fix passive TFO socket having invalid NAPI ID Denis Arefev (1): media: vivid: Change the siize of the composing Dennis Marttinen (1): ceph: set superblock s_magic for IMA fsmagic matching Dev Jain (1): arm64: Restrict pagetable teardown to avoid false warning Dexuan Cui (1): scsi: storvsc: Increase the timeouts to storvsc_timeout Dhananjay Ugwekar (1): cpufreq/amd-pstate: Add missing NULL ptr check in amd_pstate_update Dian-Syuan Yang (1): wifi: rtw89: leave idle mode when setting WEP encryption for AP mode Diederik de Haas (1): PCI: dw-rockchip: Fix PHY function call sequence in rockchip_pcie_phy_deinit() Dmitry Antipov (1): wifi: carl9170: do not ping device which has failed to load firmware Dmitry Nikiforov (1): media: davinci: vpif: Fix memory leak in probe error path Edip Hazuri (1): ALSA: hda/realtek - Add mute LED support for HP Victus 16-s1xxx and HP Victus 15-fa1xxx Edward Adam Davis (4): media: cxusb: no longer judge rbuf when the write fails media: vidtv: Terminating the subsequent process of initialization failure wifi: mac80211_hwsim: Prevent tsf from setting if beacon is disabled wifi: cfg80211: init wiphy_work before allocating rfkill fails Eric Dumazet (7): tcp: always seek for minimal rtt in tcp_rcv_rtt_update() tcp: remove zero TCP TS samples for autotuning tcp: fix initial tp->rcvq_space.space value for passive TS enabled flows tcp: add receive queue awareness in tcp_rcv_space_adjust() net_sched: sch_sfq: reject invalid perturb period net: atm: add lec_mutex net: atm: fix /proc/net/atm/lec handling Erick Shepherd (1): mmc: Add quirk to disable DDR50 tuning Fedor Pchelkin (2): can: kvaser_pciefd: refine error prone echo_skb_max handling logic jffs2: check jffs2_prealloc_raw_node_refs() result in few other places Fei Shao (1): media: mediatek: vcodec: Correct vsi_core framebuffer size Frank Li (1): platform-msi: Add msi_remove_device_irq_domain() in platform_device_msi_free_irqs_all() GONG Ruiqi (1): vgacon: Add check for vc_origin address range in vgacon_scroll() Gabor Juhos (4): pinctrl: armada-37xx: propagate error from armada_37xx_pmx_set_by_name() pinctrl: armada-37xx: propagate error from armada_37xx_gpio_get_direction() pinctrl: armada-37xx: propagate error from armada_37xx_pmx_gpio_set_direction() pinctrl: armada-37xx: propagate error from armada_37xx_gpio_get() Gabriel Shahrouzi (1): staging: iio: ad5933: Correct settling cycles encoding per datasheet Gao Xiang (1): erofs: remove unused trace event erofs_destroy_inode Gary Guo (1): rust: compile libcore with edition 2024 for 1.87+ Gatien Chevallier (1): Input: gpio-keys - fix possible concurrent access in gpio_keys_irq_timer() Gautam Menghani (1): powerpc/pseries/msi: Avoid reading PCI device registers in reduced power states Giovanni Cabiddu (5): crypto: qat - add shutdown handler to qat_c3xxx crypto: qat - add shutdown handler to qat_420xx crypto: qat - add shutdown handler to qat_4xxx crypto: qat - add shutdown handler to qat_c62x crypto: qat - add shutdown handler to qat_dh895xcc Greg Kroah-Hartman (1): Linux 6.12.35 Grzegorz Nitka (1): ice: fix eswitch code memory leak in reset scenario Gui-Dong Han (1): hwmon: (ftsteutates) Fix TOCTOU race in fts_read() Guilherme G. Piccoli (1): clocksource: Fix the CPUs' choice in the watchdog per CPU verification Haixia Qu (1): tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer Hans de Goede (1): media: ov2740: Move pm-runtime cleanup on probe-errors to proper place Hao Yao (1): media: ipu6: Remove workaround for Meteor Lake ES2 Haoxiang Li (1): media: imagination: fix a potential memory leak in e5010_probe() Hari Chandrakanthan (1): wifi: ath12k: fix link valid field initialization in the monitor Rx Hector Martin (1): ASoC: tas2770: Power cycle amp on ISENSE/VSENSE change Heiko Carstens (1): s390/pci: Fix __pcilg_mio_inuser() inline assembly Heiko Stuebner (1): clk: rockchip: rk3036: mark ddrphy as critical Heiner Kallweit (1): net: ftgmac100: select FIXED_PHY Helge Deller (1): parisc/unaligned: Fix hex output to show 8 hex chars Henk Vergonet (1): wifi: mt76: mt76x2: Add support for LiteOn WN4516R,WN4519R Herbert Xu (1): crypto: marvell/cesa - Do not chain submitted requests Himal Prasad Ghimiray (1): drm/xe/gt: Update handling of xe_force_wake_get return Hou Tao (1): bpf: Check rcu_read_lock_trace_held() in bpf_map_lookup_percpu_elem() Huacai Chen (2): PCI: Add ACS quirk for Loongson PCIe LoongArch: Avoid using $r0/$r1 as "mask" for csrxchg Hyunwoo Kim (1): net/sched: fix use-after-free in taprio_dev_notifier I Hsin Cheng (1): ASoC: intel/sdw_utils: Assign initial value in asoc_sdw_rt_amp_spk_rtd_init() Ian Rogers (2): perf evsel: Missed close() when probing hybrid core PMUs perf test: Directory file descriptor leak Ido Schimmel (1): vxlan: Do not treat dst cache initialization errors as fatal Ilpo Järvinen (1): PCI: Fix lock symmetry in pci_slot_unlock() Ilya Leoshkevich (1): bpf: Pass the same orig_call value to trampoline functions Ioana Ciornei (1): bus: fsl-mc: do not add a device-link for the UAPI used DPMCP device Jacek Lawrynowicz (4): accel/ivpu: Improve buffer object logging accel/ivpu: Use firmware names from upstream repo accel/ivpu: Use dma_resv_lock() instead of a custom mutex accel/ivpu: Fix warning in ivpu_gem_bo_free() Jacob Keller (1): drm/nouveau/bl: increase buffer size to avoid truncate warning Jaegeuk Kim (1): f2fs: prevent kernel warning due to negative i_nlink from corrupted image Jakub Kicinski (2): net: clear the dst when changing skb protocol eth: fbnic: avoid double free when failing to DMA-map FW msg James A. MacInnes (1): drm/msm/disp: Correct porch timing for SDM845 Jan Kara (1): ext4: fix calculation of credits for extent tree modification Jann Horn (3): mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race tee: Prevent size calculation wraparound on 32-bit kernels mm/hugetlb: unshare page tables during VMA split, not before Jason Xing (3): net: atlantic: generate software timestamp just before the doorbell net: stmmac: generate software timestamp just before the doorbell net: mlx4: add SOF_TIMESTAMPING_TX_SOFTWARE flag when getting ts info Jeff Hugo (1): bus: mhi: host: Fix conflict between power_up and SYSERR Jeff Layton (2): nfsd: use threads array as-is in netlink interface sunrpc: handle SVC_GARBAGE during svc auth processing as auth error Jens Axboe (4): block: use plug request list tail for one-shot backmerge attempt io_uring/kbuf: don't truncate end buffer for multiple buffer peeks nvme: always punt polled uring_cmd end_io work to task_work io_uring/sqpoll: don't put task_struct on tctx setup failure Jeongjun Park (2): jbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata() ipc: fix to protect IPCS lookups using RCU Jerry Lv (1): power: supply: bq27xxx: Retrieve again when busy Jiande Lu (1): Bluetooth: btusb: Add new VID/PID 13d3/3630 for MT7925 Jiayuan Chen (1): bpf, sockmap: Fix data lost during EAGAIN retries Jinliang Zheng (1): mm: fix ratelimit_pages update error in dirty_ratio_handler() Joe Damato (1): netdevsim: Mark NAPI ID on skb in nsim_rcv Johan Hovold (6): wifi: ath11k: fix rx completion meta data corruption wifi: ath11k: fix ring-buffer corruption wifi: ath12k: fix ring-buffer corruption media: ov8856: suppress probe deferral errors media: ov5675: suppress probe deferral errors soc: qcom: pmic_glink_altmode: fix spurious DP hotplug events Johannes Berg (1): wifi: iwlwifi: mvm: fix beacon CCK flag John Keeping (1): drm/ssd130x: fix ssd132x_clear_screen() columns Jonas 'Sortie' Termansen (1): isofs: fix Y2038 and Y2156 issues in Rock Ridge TF entry Jonathan Lane (1): ALSA: hda/realtek: enable headset mic on Latitude 5420 Rugged João Paulo Gonçalves (2): regulator: max20086: Fix MAX200086 chip id regulator: max20086: Change enable gpio to optional Justin Sanders (1): aoe: clean device rq_list in aoedev_downdev() Justin Tee (1): scsi: lpfc: Fix lpfc_check_sli_ndlp() handling for GEN_REQUEST64 commands Kai Huang (1): x86/virt/tdx: Avoid indirect calls to TDX assembly functions Kalesh AP (2): bnxt_en: Remove unused field "ref_count" in struct bnxt_ulp bnxt_en: Fix double invocation of bnxt_ulp_stop()/bnxt_ulp_start() Kang Yang (1): wifi: ath12k: fix macro definition HAL_RX_MSDU_PKT_LENGTH_GET Kees Cook (1): fbcon: Make sure modelist not set on unregistered console Khem Raj (1): mips: Add -std= flag specified in KBUILD_CFLAGS to vdso CFLAGS Kieran Bingham (1): media: i2c: imx335: Fix frame size enumeration Krishna Kumar (1): net: ice: Perform accurate aRFS flow match Krzysztof Hałasa (1): usbnet: asix AX88772: leave the carrier control to phylink Krzysztof Kozlowski (6): ASoC: codecs: wcd9375: Fix double free of regulator supplies ASoC: codecs: wcd937x: Drop unused buck_supply bus: firewall: Fix missing static inline annotations for stubs NFC: nci: uart: Set tty->disc_data only in success path power: supply: collie: Fix wakeup source leaks on device unbind drm/msm/dsi/dsi_phy_10nm: Fix missing initial VCO rate Kuan-Chung Chen (1): wifi: rtw89: 8922a: fix TX fail with wrong VCO setting Kuniyuki Iwashima (4): atm: Revert atm_account_tx() if copy_from_iter_full() fails. mpls: Use rcu_dereference_rtnl() in mpls_route_input_rcu(). atm: atmtcp: Free invalid length skb in atmtcp_c_send(). calipso: Fix null-ptr-deref in calipso_req_{set,del}attr(). Kyungwook Boo (1): i40e: fix MMIO write access to an invalid page in i40e_clear_hw Laurentiu Palcu (1): media: nxp: imx8-isi: better handle the m2m usage_count Laurentiu Tudor (1): bus: fsl-mc: increase MC_CMD_COMPLETION_TIMEOUT_MS value Leon Romanovsky (1): xfrm: validate assignment of maximal possible SEQ number Leon Yen (1): wifi: mt76: mt7925: introduce thermal protection Li Lingfeng (1): nfsd: Initialize ssc before laundromat_work to prevent NULL dereference Linus Torvalds (1): Make 'cc-option' work correctly for the -Wno-xyzzy pattern Linus Walleij (1): net: ethernet: cortina: Use TOE/TSO on all TCP Liwei Sun (1): Bluetooth: btusb: Add new VID/PID 13d3/3584 for MT7922 Loic Poulain (1): media: venus: Fix probe error handling Long Li (3): Drivers: hv: Allocate interrupt and monitor pages aligned to system page boundary uio_hv_generic: Use correct size for interrupt and monitor pages uio_hv_generic: Align ring size to system page Lorenzo Stoakes (1): KVM: s390: rename PROT_NONE to PROT_TYPE_DUMMY Lu Baolu (1): iommu/vt-d: Restore context entry setup order for aliased devices Luke D. Jones (1): hid-asus: check ROG Ally MCU version and warn Luo Gengkun (2): watchdog: fix watchdog may detect false positive of softlockup perf/core: Fix WARN in perf_cgroup_switch() Ma Ke (1): media: v4l2-dev: fix error handling in __video_register_device() Maarten Lankhorst (1): drm/xe: Wire up device shutdown handler Maninder Singh (2): NFSD: unregister filesystem in case genl_register_family() fails NFSD: fix race between nfsd registration and exports_proc Manivannan Sadhasivam (1): wifi: ath12k: Clear affinity hint before calling ath12k_pci_free_irq() in error path Marcus Folkesson (1): watchdog: da9052_wdt: respect TWDMIN Marek Szyprowski (3): media: omap3isp: use sgtable-based scatterlist wrappers media: videobuf2: use sgtable-based scatterlist wrappers udmabuf: use sgtable-based scatterlist wrappers Mario Limonciello (4): ACPI: Add missing prototype for non CONFIG_SUSPEND/CONFIG_X86 case iommu/amd: Allow matching ACPI HID devices without matching UIDs platform/x86/amd: pmc: Clear metrics table at start of cycle platform/x86/amd: pmf: Prevent amd_pmf_tee_deinit() from running twice Martin Blumenstingl (1): ASoC: meson: meson-card-utils: use of_property_present() for DT parsing Martin KaFai Lau (1): bpftool: Fix cgroup command to only show cgroup bpf programs Mateusz Pacuszka (1): ice: fix check for existing switch rule Max Kellermann (1): fs/nfs/read: fix double-unlock bug in nfs_return_empty_folio() Maíra Canal (1): drm/v3d: Avoid NULL pointer dereference in `v3d_job_update_stats()` Md Sadre Alam (1): mtd: rawnand: qcom: Fix read len for onfi param page Michael Lo (1): wifi: mt76: mt7925: fix host interrupt register initialization Michael Walle (1): net: ethernet: ti: am65-cpsw: handle -EPROBE_DEFER Miguel Ojeda (1): kbuild: rust: add rustc-min-version support function Mike Looijmans (1): pinctrl: mcp23s08: Reset all pins to input at probe Mike Tipton (1): cpufreq: scmi: Skip SCMI devices that aren't used by the CPUs Mikko Korhonen (1): ata: ahci: Disallow LPM for Asus B550-F motherboard Mikulas Patocka (3): dm-mirror: fix a tiny race condition dm-verity: fix a memory leak if some arguments are specified multiple times dm: lock limits when reading them Mina Almasry (1): net: netmem: fix skb_ensure_writable with unreadable skbs Ming Qian (4): media: imx-jpeg: Drop the first error frames media: imx-jpeg: Move mxc_jpeg_free_slot_data() ahead media: imx-jpeg: Reset slot data pointers when freed media: imx-jpeg: Cleanup after an allocation error Mingcong Bai (1): wifi: rtlwifi: disable ASPM for RTL8723BE with subsystem ID 11ad:1723 Miri Korenblit (1): wifi: iwlwifi: pcie: make sure to lock rxq->read Moon Yeounsu (1): net: dlink: add synchronization for stats update Muhammad Usama Anjum (1): wifi: ath11k: Fix QMI memory reuse logic Muna Sinada (1): wifi: mac80211: VLAN traffic in multicast path Murad Masimov (2): fbdev: Fix do_register_framebuffer to prevent null-ptr-deref in fb_videomode_to_var fbdev: Fix fb_set_var to prevent null-ptr-deref in fb_videomode_to_var Mykyta Yatsenko (1): libbpf: Check bpf_map_skeleton link for NULL Namjae Jeon (2): ksmbd: fix null pointer dereference in destroy_previous_session ksmbd: add free_transport ops in ksmbd connection Narayana Murty N (1): powerpc/eeh: Fix missing PE bridge reconfiguration during VFIO EEH recovery Nathan Chancellor (1): x86/tools: Drop duplicate unlikely() definition in insn_decoder_test.c Neal Cardwell (1): tcp: fix tcp_packet_delayed() for tcp_is_non_sack_preventing_reopen() behavior NeilBrown (1): nfsd: nfsd4_spo_must_allow() must check this is a v4 compound request Niklas Cassel (3): ata: ahci: Disallow LPM for ASUSPRO-D840SA motherboard PCI: cadence-ep: Correct PBA offset in .set_msix() callback PCI: dwc: ep: Correct PBA offset in .set_msix() callback Niklas Schnelle (4): s390/pci: Remove redundant bus removal and disable from zpci_release_device() s390/pci: Prevent self deletion in disable_slot() s390/pci: Allow re-add of a reserved but not yet removed device s390/pci: Serialize device addition and removal Niravkumar L Rabara (1): EDAC/altera: Use correct write width with the INTTEST register Nuno Sá (1): hwmon: (ltc4282) avoid repeated register write Pablo Neira Ayuso (1): netfilter: nft_set_pipapo: clamp maximum map bucket size to INT_MAX Pali Rohár (1): cifs: Remove duplicate fattr->cf_dtype assignment from wsl_to_fattr() function Paul Aurich (1): smb: Log an error when close_all_cached_dirs fails Paul Chaignon (2): net: Fix checksum update for ILA adj-transport bpf: Fix L4 csum update on IPv6 in CHECKSUM_COMPLETE Pavan Chebbi (2): bnxt_en: Add a helper function to configure MRU and RSS bnxt_en: Update MRU and RSS table of RSS contexts on queue reset Pavel Begunkov (2): io_uring: account drain memory to cgroup io_uring/kbuf: account ring io_buffer_list memory Peng Fan (1): gpiolib: of: Add polarity quirk for s5m8767 Penglei Jiang (1): io_uring: fix task leak issue in io_wq_create() Peter Marheine (1): ACPI: battery: negate current when discharging Peter Oberparleiter (1): scsi: s390: zfcp: Ensure synchronous unit_add Peter Zijlstra (2): perf: Fix sample vs do_exit() perf: Fix cgroup state vs ERROR Petr Malat (1): sctp: Do not wake readers in __sctp_write_space() Ping-Ke Shih (1): wifi: rtw89: phy: add dummy C2H event handler for report of TAS power Qasim Ijaz (1): net: ch9200: fix uninitialised access during mii_nway_restart Rand Deeb (1): ixgbe: Fix unreachable retry logic in combined and byte I2C write functions Rengarajan S (1): net: lan743x: Modify the EEPROM and OTP size for PCI1xxxx devices Ricardo Ribalda (3): media: uvcvideo: Return the number of processed controls media: uvcvideo: Send control events for partial succeeds media: uvcvideo: Fix deferred probing error Richard Fitzgerald (1): ALSA: hda/realtek: Add quirk for Asus GU605C Rong Zhang (1): platform/x86: ideapad-laptop: use usleep_range() for EC polling Ronnie Sahlberg (1): ublk: santizize the arguments from userspace when adding a device Ross Stutterheim (1): ARM: 9447/1: arm/memremap: fix arch_memremap_can_ram_remap() Ruben Devos (1): smb: client: add NULL check in automount_fullpath Ryan Roberts (2): arm64/mm: Close theoretical race where stale TLB entry remains valid mm: close theoretical race where stale TLB entries could linger Sakari Ailus (4): media: ccs-pll: Start VT pre-PLL multiplier search from correct value media: ccs-pll: Start OP pre-PLL multiplier search from correct value media: ccs-pll: Correct the upper limit of maximum op_pre_pll_clk_div media: ccs-pll: Check for too high VT PLL multiplier in dual PLL case Salah Triki (1): wireless: purelifi: plfxlc: fix memory leak in plfxlc_usb_wreq_asyn() Samuel Williams (1): wifi: mt76: mt7921: add 160 MHz AP for mt7922 device Sarika Sharma (1): wifi: ath12k: using msdu end descriptor to check for rx multicast packets Sascha Hauer (1): gpio: pca953x: fix wrong error probe return value Scott Mayhew (1): NFSv4: Don't check for OPEN feature support in v4.1 Sean Christopherson (1): iommu/amd: Ensure GA log notifier callbacks finish running before module unload Sean Nyekjaer (3): iio: accel: fxls8962af: Fix temperature scan element sign iio: imu: inv_icm42600: Fix temperature calculation iio: accel: fxls8962af: Fix temperature calculation Sebastian Andrzej Siewior (2): ipv4/route: Use this_cpu_inc() for stats on PREEMPT_RT net: page_pool: Don't recycle into cache on PREEMPT_RT Sergio González Collado (1): Kunit to check the longest symbol length Sergio Perez Gonzalez (1): net: macb: Check return value of dma_set_mask_and_coherent() Seunghun Han (2): ACPICA: fix acpi operand cache leak in dswstate.c ACPICA: fix acpi parse and parseext cache leaks Shawn Lin (1): PCI: dw-rockchip: Remove PCIE_L0S_ENTRY check from rockchip_pcie_link_up() Shin'ichiro Kawasaki (1): RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction Shung-Hsi Yu (1): bpf: Use proper type to calculate bpf_raw_tp_null_args.mask index Shyam Prasad N (6): cifs: reset connections for all channels when reconnect requested cifs: update dstaddr whenever channel iface is updated cifs: dns resolution is needed only for primary channel cifs: deal with the channel loading lag while picking channels cifs: serialize other channels when query server interfaces is pending cifs: do not disable interface polling on failure Sibi Sankar (1): firmware: arm_scmi: Ensure that the message-id supports fastchannel Simon Horman (1): pldmfw: Select CRC32 when PLDMFW is selected Srinivas Pandruvada (1): platform/x86/intel-uncore-freq: Fail module load when plat_info is NULL Stanislaw Gruszka (1): media: intel/ipu6: Fix dma mask for non-secure mode Stefan Binding (1): ALSA: hda: cs35l41: Fix swapped l/r audio channels for Acer Helios laptops Stefan Metzmacher (1): smb: client: fix max_sge overflow in smb_extract_folioq_to_rdma() Stefan Wahren (1): net: vertexcom: mse102x: Return code for mse102x_rx_pkt_spi Stephen Smalley (2): fs/xattr.c: fix simple_xattr_list() selinux: fix selinux_xfrm_alloc_user() to set correct ctx_len Stuart Hayes (2): platform/x86: dell_rbu: Fix list usage platform/x86: dell_rbu: Stop overwriting data buffer Sukrut Bellary (1): ARM: OMAP2+: Fix l4ls clk domain handling in STANDBY Sumit Kumar (1): bus: mhi: ep: Update read pointer only after buffer is written Suraj P Kizhakkethil (1): wifi: ath12k: Pass correct values of center freq1 and center freq2 for 160 MHz Svyatoslav Ryhel (1): power: supply: max17040: adjust thermal channel scaling Taehee Yoo (1): eth: bnxt: fix out-of-range access of vnic_info array Takashi Iwai (1): ALSA: hda/intel: Add Thinkpad E15 to PM deny list Talhah Peerbhai (1): ASoC: amd: yc: Add quirk for Lenovo Yoga Pro 7 14ASP9 Tali Perry (1): i2c: npcm: Add clock toggle recovery Tamir Duberstein (1): ACPICA: Apply pack(1) to union aml_resource Tan En De (1): i2c: designware: Invoke runtime suspend on quick slave re-registration Taniya Das (1): clk: qcom: gcc-x1e80100: Set FORCE MEM CORE for UFS clocks Tasos Sahanidis (1): ata: pata_via: Force PIO for ATAPI devices on VT6415/VT6330 Tejun Heo (1): sched_ext, sched/core: Don't call scx_group_set_weight() prematurely from sched_create_group() Tengda Wu (1): arm64/ptrace: Fix stack-out-of-bounds read in regs_get_kernel_stack_nth() Thadeu Lima de Souza Cascardo (1): ext4: inline: fix len overflow in ext4_prepare_inline_data Thomas Weißschuh (1): LoongArch: vDSO: Correctly use asm parameters in syscall wrappers Thomas Zimmermann (3): sysfb: Fix screen_info type check for VGA video: screen_info: Relocate framebuffers behind PCI bridges dummycon: Trigger redraw when switching consoles with deferred takeover Tianyang Zhang (1): LoongArch: Fix panic caused by NULL-PMD in huge_pte_offset() Toke Høiland-Jørgensen (1): Revert "mac80211: Dynamically set CoDel parameters per station" Tomi Valkeinen (1): media: i2c: ds90ub913: Fix returned fmt from .set_fmt() Tzung-Bi Shih (1): drm/i915/pmu: Fix build error with GCOV and AutoFDO enabled Ulf Hansson (1): pmdomain: core: Reset genpd->states to avoid freeing invalid data Umang Jain (1): media: imx335: Use correct register width for HNUM Viacheslav Dubeyko (1): ceph: avoid kernel BUG for encrypted inode with unaligned file size Vijendar Mukunda (1): ASoC: amd: sof_amd_sdw: Fix unlikely uninitialized variable use in create_sdw_dailinks() Vinay Belgaumkar (1): drm/xe/bmg: Update Wa_16023588340 Vitaliy Shevtsov (1): scsi: elx: efct: Fix memory leak in efct_hw_parse_filter() Vitaly Lifshits (1): e1000e: set fixed clock frequency indication for Nahum 11 and Nahum 13 Vlad Dogaru (2): net/mlx5: HWS, Fix IP version decision net/mlx5: HWS, Harden IP version definer checks Vladimir Oltean (2): ptp: fix breakage after ptp_vclock_in_use() rework ptp: allow reading of currently dialed frequency to succeed on free-running clocks Víctor Gonzalo (1): wifi: iwlwifi: Add missing MODULE_FIRMWARE for Qu-c0-jf-b0 Wan Junjie (1): bus: fsl-mc: fix GET/SET_TAILDROP command ids WangYuli (1): Input: sparcspkr - avoid unannotated fall-through Wentao Liang (8): ASoC: qcom: sdm845: Add error handling in sdm845_slim_snd_hw_params() net/mlx5_core: Add error handling inmlx5_query_nic_vport_qkey_viol_cntr() net/mlx5: Add error handling in mlx5_query_nic_vport_node_guid() media: gspca: Add error handling for stv06xx_read_sensor() mtd: rawnand: sunxi: Add randomizer configuration in sunxi_nfc_hw_ecc_write_chunk mtd: nand: sunxi: Add randomizer configuration before randomizer enable regulator: max14577: Add error check for max14577_read_reg() octeontx2-pf: Add error log forcn10k_map_unmap_rq_policer() Willem de Bruijn (2): ipv6: remove leftover ip6 cookie initializer ipv6: replace ipcm6_init calls with ipcm6_init_sk Xiaolei Wang (2): remoteproc: core: Cleanup acquired resources when rproc_handle_resources() fails in rproc_attach() remoteproc: core: Release rproc->clean_table after rproc_attach() fails Xin Li (Intel) (1): selftests/x86: Add a test to detect infinite SIGTRAP handler loop Xu Yang (1): phy: fsl-imx8mq-usb: fix phy_tx_vboost_level_from_property() Yao Zi (3): platform/loongarch: laptop: Get brightness setting from EC on probe platform/loongarch: laptop: Unregister generic_sub_drivers on exit platform/loongarch: laptop: Add backlight power control support Ye Bin (1): ftrace: Fix UAF when lookup kallsym after ftrace disabled Yong Wang (2): net: bridge: mcast: update multicast contex when vlan state is changed net: bridge: mcast: re-implement br_multicast_{enable, disable}_port functions Yosry Ahmed (1): KVM: SVM: Clear current_vmcb during vCPU free for all *possible* CPUs Yuanjun Gong (1): ASoC: tegra210_ahub: Add check to of_device_get_match_data() Zhang Yi (2): ext4: factor out ext4_get_maxbytes() ext4: ensure i_size is smaller than maxbytes Zijun Hu (3): configfs: Do not override creating attribute file failure in populate_attrs() software node: Correct a OOB check in software_node_get_reference_args() sock: Correct error checking condition for (assign|release)_proto_idx() Zilin Guan (1): tipc: use kfree_sensitive() for aead cleanup gldrk (1): ACPICA: utilities: Fix overflow check in vsnprintf() wangdicheng (1): ALSA: usb-audio: Rename ALSA kcontrol PCM and PCM1 for the KTMicro sound card zhangjian (1): smb: client: fix first command failure during re-negotiation

4 months, 2 weeks

1
1
0 0

Linux 6.6.95

by Greg Kroah-Hartman

I'm announcing the release of the 6.6.95 kernel. All users of the 6.6 kernel series must upgrade. The updated 6.6.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.6.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/admin-guide/kernel-parameters.txt | 2 Documentation/devicetree/bindings/i2c/nvidia,tegra20-i2c.yaml | 24 - Makefile | 2 arch/arm/boot/dts/ti/omap/am335x-bone-common.dtsi | 2 arch/arm/mach-omap2/clockdomain.h | 1 arch/arm/mach-omap2/clockdomains33xx_data.c | 2 arch/arm/mach-omap2/cm33xx.c | 14 arch/arm/mach-omap2/pmic-cpcap.c | 6 arch/arm/mm/ioremap.c | 4 arch/arm64/include/asm/tlbflush.h | 9 arch/arm64/kernel/ptrace.c | 2 arch/arm64/mm/mmu.c | 3 arch/loongarch/include/asm/irqflags.h | 16 arch/loongarch/mm/hugetlbpage.c | 3 arch/mips/vdso/Makefile | 1 arch/parisc/boot/compressed/Makefile | 1 arch/parisc/kernel/unaligned.c | 2 arch/powerpc/include/asm/ppc_asm.h | 2 arch/powerpc/kernel/eeh.c | 2 arch/powerpc/kernel/vdso/Makefile | 2 arch/powerpc/platforms/pseries/msi.c | 7 arch/riscv/kvm/vcpu_sbi_replace.c | 8 arch/s390/kvm/gaccess.c | 8 arch/s390/pci/pci_mmio.c | 2 arch/x86/kernel/cpu/bugs.c | 10 arch/x86/kernel/cpu/sgx/main.c | 2 arch/x86/kvm/svm/svm.c | 2 arch/x86/kvm/vmx/vmx.c | 5 drivers/acpi/acpica/dsutils.c | 9 drivers/acpi/acpica/psobject.c | 52 -- drivers/acpi/acpica/utprint.c | 7 drivers/acpi/battery.c | 19 drivers/acpi/bus.c | 6 drivers/ata/pata_via.c | 3 drivers/atm/atmtcp.c | 4 drivers/base/power/runtime.c | 2 drivers/base/swnode.c | 2 drivers/block/aoe/aoedev.c | 8 drivers/block/ublk_drv.c | 3 drivers/bus/fsl-mc/fsl-mc-uapi.c | 4 drivers/bus/fsl-mc/mc-io.c | 19 drivers/bus/fsl-mc/mc-sys.c | 2 drivers/bus/mhi/ep/ring.c | 16 drivers/bus/mhi/host/pm.c | 18 drivers/bus/ti-sysc.c | 49 -- drivers/clk/meson/g12a.c | 1 drivers/clk/rockchip/clk-rk3036.c | 1 drivers/cpufreq/scmi-cpufreq.c | 36 + drivers/cpufreq/tegra186-cpufreq.c | 7 drivers/crypto/marvell/cesa/cesa.c | 2 drivers/crypto/marvell/cesa/cesa.h | 9 drivers/crypto/marvell/cesa/tdma.c | 53 +- drivers/dma-buf/udmabuf.c | 5 drivers/edac/altera_edac.c | 6 drivers/edac/amd64_edac.c | 1 drivers/gpio/gpio-mlxbf3.c | 54 +- drivers/gpio/gpiolib-of.c | 9 drivers/gpu/drm/i915/i915_pmu.c | 4 drivers/gpu/drm/msm/disp/dpu1/dpu_encoder_phys_vid.c | 14 drivers/gpu/drm/msm/dsi/phy/dsi_phy_10nm.c | 7 drivers/gpu/drm/nouveau/nouveau_backlight.c | 2 drivers/hv/connection.c | 23 drivers/hwmon/ftsteutates.c | 9 drivers/hwmon/occ/common.c | 240 ++++------ drivers/i2c/busses/i2c-designware-slave.c | 2 drivers/i2c/busses/i2c-npcm7xx.c | 12 drivers/i2c/busses/i2c-tegra.c | 5 drivers/iio/accel/fxls8962af-core.c | 15 drivers/iio/adc/ad7606_spi.c | 2 drivers/iio/imu/inv_icm42600/inv_icm42600_temp.c | 8 drivers/infiniband/core/iwcm.c | 29 - drivers/input/keyboard/gpio_keys.c | 2 drivers/input/misc/ims-pcu.c | 6 drivers/input/misc/sparcspkr.c | 22 drivers/iommu/amd/iommu.c | 8 drivers/md/dm-raid1.c | 5 drivers/md/dm-verity-fec.c | 4 drivers/md/dm-verity-target.c | 8 drivers/md/dm-verity-verify-sig.c | 17 drivers/media/common/videobuf2/videobuf2-dma-sg.c | 4 drivers/media/i2c/ccs-pll.c | 11 drivers/media/i2c/ds90ub913.c | 4 drivers/media/i2c/ov5675.c | 5 drivers/media/i2c/ov8856.c | 9 drivers/media/platform/mediatek/vcodec/decoder/vdec/vdec_hevc_req_multi_if.c | 2 drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c | 59 +- drivers/media/platform/nxp/imx8-isi/imx8-isi-m2m.c | 14 drivers/media/platform/qcom/venus/core.c | 16 drivers/media/platform/ti/davinci/vpif.c | 4 drivers/media/platform/ti/omap3isp/ispccdc.c | 8 drivers/media/platform/ti/omap3isp/ispstat.c | 6 drivers/media/test-drivers/vidtv/vidtv_channel.c | 2 drivers/media/test-drivers/vivid/vivid-vid-cap.c | 2 drivers/media/usb/dvb-usb/cxusb.c | 3 drivers/media/usb/gspca/stv06xx/stv06xx_hdcs.c | 7 drivers/media/usb/uvc/uvc_ctrl.c | 23 drivers/media/usb/uvc/uvc_driver.c | 27 - drivers/media/v4l2-core/v4l2-dev.c | 14 drivers/mmc/core/card.h | 6 drivers/mmc/core/quirks.h | 10 drivers/mmc/core/sd.c | 32 + drivers/mtd/nand/raw/qcom_nandc.c | 2 drivers/mtd/nand/raw/sunxi_nand.c | 2 drivers/net/can/m_can/tcan4x5x-core.c | 9 drivers/net/ethernet/aquantia/atlantic/aq_main.c | 1 drivers/net/ethernet/aquantia/atlantic/aq_nic.c | 2 drivers/net/ethernet/cadence/macb_main.c | 6 drivers/net/ethernet/cortina/gemini.c | 37 + drivers/net/ethernet/dlink/dl2k.c | 14 drivers/net/ethernet/dlink/dl2k.h | 2 drivers/net/ethernet/emulex/benet/be_cmds.c | 2 drivers/net/ethernet/faraday/Kconfig | 1 drivers/net/ethernet/intel/e1000e/netdev.c | 14 drivers/net/ethernet/intel/e1000e/ptp.c | 8 drivers/net/ethernet/intel/i40e/i40e_common.c | 7 drivers/net/ethernet/intel/ice/ice_arfs.c | 48 ++ drivers/net/ethernet/intel/ice/ice_switch.c | 4 drivers/net/ethernet/marvell/octeontx2/nic/cn10k.c | 9 drivers/net/ethernet/mellanox/mlx4/en_ethtool.c | 1 drivers/net/ethernet/mellanox/mlx5/core/vport.c | 18 drivers/net/ethernet/microchip/lan743x_ethtool.c | 18 drivers/net/ethernet/microchip/lan743x_ptp.c | 2 drivers/net/ethernet/microchip/lan743x_ptp.h | 5 drivers/net/ethernet/pensando/ionic/ionic_main.c | 3 drivers/net/ethernet/ti/am65-cpsw-nuss.c | 24 - drivers/net/ethernet/vertexcom/mse102x.c | 15 drivers/net/usb/asix.h | 1 drivers/net/usb/asix_common.c | 22 drivers/net/usb/asix_devices.c | 17 drivers/net/usb/ch9200.c | 7 drivers/net/vxlan/vxlan_core.c | 8 drivers/net/wireless/ath/ath11k/ce.c | 11 drivers/net/wireless/ath/ath11k/core.c | 55 ++ drivers/net/wireless/ath/ath11k/core.h | 7 drivers/net/wireless/ath/ath11k/dp_rx.c | 25 - drivers/net/wireless/ath/ath11k/hal.c | 4 drivers/net/wireless/ath/ath11k/qmi.c | 9 drivers/net/wireless/ath/ath12k/ce.c | 11 drivers/net/wireless/ath/ath12k/ce.h | 6 drivers/net/wireless/ath/ath12k/dp_mon.c | 2 drivers/net/wireless/ath/ath12k/hal.c | 4 drivers/net/wireless/ath/ath12k/hal_desc.h | 2 drivers/net/wireless/ath/ath12k/pci.c | 3 drivers/net/wireless/ath/ath12k/wmi.c | 20 drivers/net/wireless/ath/carl9170/usb.c | 19 drivers/net/wireless/intel/iwlwifi/cfg/22000.c | 3 drivers/net/wireless/intel/iwlwifi/pcie/trans.c | 6 drivers/net/wireless/intersil/p54/fwio.c | 2 drivers/net/wireless/intersil/p54/p54.h | 1 drivers/net/wireless/intersil/p54/txrx.c | 13 drivers/net/wireless/mediatek/mt76/mt76x2/usb.c | 2 drivers/net/wireless/mediatek/mt76/mt76x2/usb_init.c | 13 drivers/net/wireless/mediatek/mt76/mt7921/main.c | 5 drivers/net/wireless/mediatek/mt76/mt7996/mac.c | 8 drivers/net/wireless/purelifi/plfxlc/usb.c | 4 drivers/net/wireless/realtek/rtlwifi/pci.c | 10 drivers/net/wireless/realtek/rtw88/usb.c | 2 drivers/net/wireless/realtek/rtw89/cam.c | 3 drivers/net/wireless/realtek/rtw89/pci.c | 69 ++ drivers/net/wireless/realtek/rtw89/pci.h | 1 drivers/net/wireless/virtual/mac80211_hwsim.c | 5 drivers/pci/controller/cadence/pcie-cadence-ep.c | 5 drivers/pci/controller/dwc/pcie-dw-rockchip.c | 2 drivers/pci/pci.c | 3 drivers/pci/quirks.c | 23 drivers/phy/freescale/phy-fsl-imx8mq-usb.c | 10 drivers/pinctrl/mvebu/pinctrl-armada-37xx.c | 21 drivers/pinctrl/pinctrl-mcp23s08.c | 8 drivers/platform/loongarch/loongson-laptop.c | 87 +-- drivers/platform/x86/amd/pmc/pmc.c | 2 drivers/platform/x86/dell/dell_rbu.c | 6 drivers/platform/x86/ideapad-laptop.c | 3 drivers/platform/x86/intel/uncore-frequency/uncore-frequency-tpmi.c | 9 drivers/power/supply/bq27xxx_battery.c | 2 drivers/power/supply/bq27xxx_battery_i2c.c | 13 drivers/power/supply/collie_battery.c | 1 drivers/ptp/ptp_clock.c | 3 drivers/ptp/ptp_private.h | 22 drivers/rapidio/rio_cm.c | 3 drivers/regulator/max14577-regulator.c | 5 drivers/regulator/max20086-regulator.c | 4 drivers/remoteproc/remoteproc_core.c | 6 drivers/s390/scsi/zfcp_sysfs.c | 2 drivers/scsi/elx/efct/efct_hw.c | 5 drivers/scsi/lpfc/lpfc_hbadisc.c | 2 drivers/scsi/lpfc/lpfc_sli.c | 4 drivers/scsi/storvsc_drv.c | 10 drivers/staging/iio/impedance-analyzer/ad5933.c | 2 drivers/tee/tee_core.c | 11 drivers/tty/serial/sh-sci.c | 16 drivers/uio/uio_hv_generic.c | 4 drivers/video/console/vgacon.c | 2 drivers/video/fbdev/core/fbcon.c | 7 drivers/video/fbdev/core/fbmem.c | 22 drivers/video/screen_info_pci.c | 79 ++- drivers/watchdog/da9052_wdt.c | 1 fs/ceph/super.c | 1 fs/configfs/dir.c | 2 fs/ext4/ext4.h | 7 fs/ext4/extents.c | 18 fs/ext4/file.c | 7 fs/ext4/inline.c | 2 fs/ext4/inode.c | 10 fs/f2fs/compress.c | 23 fs/f2fs/f2fs.h | 5 fs/f2fs/inode.c | 10 fs/f2fs/namei.c | 9 fs/f2fs/segment.c | 6 fs/f2fs/super.c | 12 fs/gfs2/lock_dlm.c | 3 fs/jbd2/transaction.c | 5 fs/jffs2/erase.c | 4 fs/jffs2/scan.c | 4 fs/jffs2/summary.c | 7 fs/nfs/read.c | 3 fs/nfsd/nfs4proc.c | 3 fs/nfsd/nfssvc.c | 6 fs/smb/client/cached_dir.c | 14 fs/smb/client/cached_dir.h | 8 fs/smb/client/cifsglob.h | 1 fs/smb/client/connect.c | 17 fs/smb/client/namespace.c | 3 fs/smb/client/readdir.c | 28 - fs/smb/client/reparse.c | 1 fs/smb/client/sess.c | 7 fs/smb/client/smb2pdu.c | 33 - fs/smb/client/transport.c | 14 fs/smb/server/smb2pdu.c | 11 fs/xattr.c | 1 include/acpi/actypes.h | 2 include/linux/acpi.h | 9 include/linux/atmdev.h | 6 include/linux/hugetlb.h | 3 include/linux/mmc/card.h | 1 include/linux/netdevice.h | 3 include/net/checksum.h | 2 include/trace/events/erofs.h | 18 include/uapi/linux/bpf.h | 2 io_uring/io-wq.c | 4 io_uring/io_uring.c | 2 io_uring/kbuf.c | 2 ipc/shm.c | 5 kernel/bpf/helpers.c | 3 kernel/cgroup/legacy_freezer.c | 3 kernel/events/core.c | 80 ++- kernel/exit.c | 17 kernel/time/clocksource.c | 2 kernel/trace/ftrace.c | 10 kernel/watchdog.c | 41 + lib/Kconfig | 1 mm/huge_memory.c | 11 mm/hugetlb.c | 67 ++ mm/mmap.c | 6 mm/page-writeback.c | 2 net/atm/common.c | 1 net/atm/lec.c | 12 net/atm/raw.c | 2 net/bridge/br_mst.c | 4 net/bridge/br_multicast.c | 103 +++- net/bridge/br_private.h | 11 net/core/filter.c | 24 - net/core/skmsg.c | 3 net/core/sock.c | 4 net/core/utils.c | 4 net/ipv4/route.c | 4 net/ipv4/tcp_fastopen.c | 3 net/ipv4/tcp_input.c | 63 +- net/ipv6/calipso.c | 8 net/ipv6/ila/ila_common.c | 6 net/mac80211/mesh_hwmp.c | 6 net/mac80211/tx.c | 6 net/mpls/af_mpls.c | 4 net/nfc/nci/uart.c | 8 net/sched/sch_sfq.c | 10 net/sched/sch_taprio.c | 6 net/sctp/socket.c | 3 net/sunrpc/svc.c | 11 net/sunrpc/xprtsock.c | 5 net/tipc/crypto.c | 2 net/tipc/udp_media.c | 4 net/wireless/core.c | 6 security/selinux/xfrm.c | 2 sound/pci/hda/hda_intel.c | 2 sound/pci/hda/patch_realtek.c | 1 sound/soc/amd/yc/acp6x-mach.c | 9 sound/soc/codecs/tas2770.c | 30 + sound/soc/meson/meson-card-utils.c | 2 sound/soc/qcom/sdm845.c | 4 sound/soc/tegra/tegra210_ahub.c | 2 sound/usb/mixer_maps.c | 12 tools/include/uapi/linux/bpf.h | 2 tools/lib/bpf/btf.c | 16 tools/perf/util/print-events.c | 1 tools/testing/selftests/x86/Makefile | 2 tools/testing/selftests/x86/sigtrap_loop.c | 101 ++++ 295 files changed, 2321 insertions(+), 1077 deletions(-) Aditya Kumar Singh (1): wifi: ath12k: fix failed to set mhi state error during reboot with hardware grouping Ahmed Salem (1): ACPICA: Avoid sequence overread in call to strncmp() Akhil R (2): i2c: tegra: check msg length in SMBUS block read dt-bindings: i2c: nvidia,tegra20-i2c: Specify the required properties Alan Maguire (1): libbpf: Add identical pointer detection to btf_dedup_is_equiv() Alexander Aring (1): gfs2: move msleep to sleepable context Alexander Sverdlin (1): Revert "bus: ti-sysc: Probe for l4_wkup and l4_cfg interconnect devices first" Alexey Kodanev (1): net: lan743x: fix potential out-of-bounds write in lan743x_ptp_io_event_clock_get() Alok Tiwari (1): emulex/benet: correct command version selection in be_cmd_get_stats() Andreas Kemnade (1): ARM: omap: pmic-cpcap: do not mess around without CPCAP or OMAP4 Andrew Morton (1): drivers/rapidio/rio_cm.c: prevent possible heap overwrite Andrew Zaborowski (1): x86/sgx: Prevent attempts to reclaim poisoned pages Anup Patel (2): RISC-V: KVM: Fix the size parameter check in SBI SFENCE calls RISC-V: KVM: Don't treat SBI HFENCE calls as NOPs Armin Wolf (1): ACPI: bus: Bail out if acpi_kobj registration fails Arnd Bergmann (3): parisc: fix building with gcc-15 hwmon: (occ) Rework attribute registration for stack usage hwmon: (occ) fix unaligned accesses Artem Sadovnikov (1): jffs2: check that raw node were preallocated before writing summary Avadhut Naik (1): EDAC/amd64: Correct number of UMCs for family 19h models 70h-7fh Balamurugan S (1): wifi: ath12k: fix incorrect CE addresses Baochen Qiang (2): wifi: ath12k: fix a possible dead lock caused by ab->base_lock wifi: ath11k: determine PM policy based on machine model Benjamin Berg (1): wifi: mac80211: do not offer a mesh path if forwarding is disabled Benjamin Lin (1): wifi: mt76: mt7996: drop fragments with multicast or broadcast RA Bharath SM (2): smb: improve directory cache reuse for readdir operations smb: fix secondary channel creation issue with kerberos by populating hostname when adding channels Bitterblue Smith (1): wifi: rtw88: usb: Reduce control message timeout to 500 ms Breno Leitao (1): Revert "x86/bugs: Make spectre user default depend on MITIGATION_SPECTRE_V2" on v6.6 and older Brett Creeley (1): ionic: Prevent driver/fw getting out of sync on devcmd(s) Brett Werling (1): can: tcan4x5x: fix power regulator retrieval during probe Brian Foster (1): ext4: only dirty folios when data journaling regular files Chao Gao (1): KVM: VMX: Flush shadow VMCS on emergency reboot Chao Yu (4): f2fs: fix to do sanity check on ino and xnid f2fs: fix to do sanity check on sit_bitmap_size f2fs: use vmalloc instead of kvmalloc in .init_{,de}compress_ctx f2fs: fix to set atomic write status more clear Charan Teja Kalla (1): PM: runtime: fix denying of auto suspend in pm_suspend_timer_fn() Chen Ridong (1): cgroup,freezer: fix incomplete freezing when attaching tasks Chin-Yen Lee (1): wifi: rtw89: pci: use DBI function for 8852AE/8852BE/8851BE Christian Lamparter (1): wifi: p54: prevent buffer-overflow in p54_rx_eeprom_readback() Christophe Leroy (1): powerpc/vdso: Fix build of VDSO32 with pcrel Chuck Lever (1): SUNRPC: Prevent hang on NFS mount with xprtsec=[m]tls Claudiu Beznea (1): serial: sh-sci: Increment the runtime usage counter for the earlycon device Colin Foster (1): ARM: dts: am335x-bone-common: Increase MDIO reset deassert time Da Xue (1): clk: meson-g12a: add missing fclk_div2 to spicc Dan Carpenter (1): Input: ims-pcu - check record size in ims_pcu_flash_firmware() Daniel Wagner (1): scsi: lpfc: Use memcpy() for BIOS version David Lechner (1): iio: adc: ad7606_spi: fix reg write value mask David Thompson (1): gpio: mlxbf3: only get IRQ for device instance 0 David Wei (1): tcp: fix passive TFO socket having invalid NAPI ID Denis Arefev (1): media: vivid: Change the siize of the composing Dennis Marttinen (1): ceph: set superblock s_magic for IMA fsmagic matching Dev Jain (1): arm64: Restrict pagetable teardown to avoid false warning Dexuan Cui (1): scsi: storvsc: Increase the timeouts to storvsc_timeout Dian-Syuan Yang (1): wifi: rtw89: leave idle mode when setting WEP encryption for AP mode Diederik de Haas (1): PCI: dw-rockchip: Fix PHY function call sequence in rockchip_pcie_phy_deinit() Dmitry Antipov (1): wifi: carl9170: do not ping device which has failed to load firmware Dmitry Nikiforov (1): media: davinci: vpif: Fix memory leak in probe error path Edward Adam Davis (4): media: cxusb: no longer judge rbuf when the write fails media: vidtv: Terminating the subsequent process of initialization failure wifi: mac80211_hwsim: Prevent tsf from setting if beacon is disabled wifi: cfg80211: init wiphy_work before allocating rfkill fails Eric Dumazet (5): tcp: always seek for minimal rtt in tcp_rcv_rtt_update() tcp: fix initial tp->rcvq_space.space value for passive TS enabled flows net_sched: sch_sfq: reject invalid perturb period net: atm: add lec_mutex net: atm: fix /proc/net/atm/lec handling Erick Shepherd (1): mmc: Add quirk to disable DDR50 tuning Fedor Pchelkin (1): jffs2: check jffs2_prealloc_raw_node_refs() result in few other places Fei Shao (1): media: mediatek: vcodec: Correct vsi_core framebuffer size GONG Ruiqi (1): vgacon: Add check for vc_origin address range in vgacon_scroll() Gabor Juhos (4): pinctrl: armada-37xx: propagate error from armada_37xx_pmx_set_by_name() pinctrl: armada-37xx: propagate error from armada_37xx_gpio_get_direction() pinctrl: armada-37xx: propagate error from armada_37xx_pmx_gpio_set_direction() pinctrl: armada-37xx: propagate error from armada_37xx_gpio_get() Gabriel Shahrouzi (1): staging: iio: ad5933: Correct settling cycles encoding per datasheet Gao Xiang (1): erofs: remove unused trace event erofs_destroy_inode Gatien Chevallier (1): Input: gpio-keys - fix possible concurrent access in gpio_keys_irq_timer() Gautam Menghani (1): powerpc/pseries/msi: Avoid reading PCI device registers in reduced power states Gavin Guo (1): mm/huge_memory: fix dereferencing invalid pmd migration entry Geert Uytterhoeven (1): ARM: dts: am335x-bone-common: Increase MDIO reset deassert delay to 50ms Greg Kroah-Hartman (1): Linux 6.6.95 Gui-Dong Han (1): hwmon: (ftsteutates) Fix TOCTOU race in fts_read() Guilherme G. Piccoli (1): clocksource: Fix the CPUs' choice in the watchdog per CPU verification Haixia Qu (1): tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer Hari Chandrakanthan (1): wifi: ath12k: fix link valid field initialization in the monitor Rx Hector Martin (1): ASoC: tas2770: Power cycle amp on ISENSE/VSENSE change Heiko Carstens (1): s390/pci: Fix __pcilg_mio_inuser() inline assembly Heiko Stuebner (1): clk: rockchip: rk3036: mark ddrphy as critical Heiner Kallweit (1): net: ftgmac100: select FIXED_PHY Helge Deller (1): parisc/unaligned: Fix hex output to show 8 hex chars Henk Vergonet (1): wifi: mt76: mt76x2: Add support for LiteOn WN4516R,WN4519R Herbert Xu (1): crypto: marvell/cesa - Do not chain submitted requests Hou Tao (1): bpf: Check rcu_read_lock_trace_held() in bpf_map_lookup_percpu_elem() Huacai Chen (2): PCI: Add ACS quirk for Loongson PCIe LoongArch: Avoid using $r0/$r1 as "mask" for csrxchg Hyunwoo Kim (1): net/sched: fix use-after-free in taprio_dev_notifier Ian Rogers (1): perf evsel: Missed close() when probing hybrid core PMUs Ido Schimmel (1): vxlan: Do not treat dst cache initialization errors as fatal Ilpo Järvinen (1): PCI: Fix lock symmetry in pci_slot_unlock() Ioana Ciornei (1): bus: fsl-mc: do not add a device-link for the UAPI used DPMCP device Jacob Keller (1): drm/nouveau/bl: increase buffer size to avoid truncate warning Jaegeuk Kim (1): f2fs: prevent kernel warning due to negative i_nlink from corrupted image Jakub Kicinski (2): net: clear the dst when changing skb protocol net: make for_each_netdev_dump() a little more bug-proof James A. MacInnes (1): drm/msm/disp: Correct porch timing for SDM845 Jan Kara (1): ext4: fix calculation of credits for extent tree modification Jann Horn (3): mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race tee: Prevent size calculation wraparound on 32-bit kernels mm/hugetlb: unshare page tables during VMA split, not before Jason Xing (2): net: atlantic: generate software timestamp just before the doorbell net: mlx4: add SOF_TIMESTAMPING_TX_SOFTWARE flag when getting ts info Jeff Hugo (1): bus: mhi: host: Fix conflict between power_up and SYSERR Jeff Layton (1): sunrpc: handle SVC_GARBAGE during svc auth processing as auth error Jeongjun Park (2): jbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata() ipc: fix to protect IPCS lookups using RCU Jerry Lv (1): power: supply: bq27xxx: Retrieve again when busy Jiayuan Chen (1): bpf, sockmap: Fix data lost during EAGAIN retries Jinliang Zheng (1): mm: fix ratelimit_pages update error in dirty_ratio_handler() Johan Hovold (5): wifi: ath11k: fix rx completion meta data corruption wifi: ath11k: fix ring-buffer corruption wifi: ath12k: fix ring-buffer corruption media: ov8856: suppress probe deferral errors media: ov5675: suppress probe deferral errors Jon Hunter (1): Revert "cpufreq: tegra186: Share policy per cluster" Jonathan Lane (1): ALSA: hda/realtek: enable headset mic on Latitude 5420 Rugged João Paulo Gonçalves (2): regulator: max20086: Fix MAX200086 chip id regulator: max20086: Change enable gpio to optional Justin Sanders (1): aoe: clean device rq_list in aoedev_downdev() Justin Tee (1): scsi: lpfc: Fix lpfc_check_sli_ndlp() handling for GEN_REQUEST64 commands Kang Yang (1): wifi: ath12k: fix macro definition HAL_RX_MSDU_PKT_LENGTH_GET Kees Cook (1): fbcon: Make sure modelist not set on unregistered console Khem Raj (1): mips: Add -std= flag specified in KBUILD_CFLAGS to vdso CFLAGS Krishna Kumar (1): net: ice: Perform accurate aRFS flow match Krzysztof Hałasa (1): usbnet: asix AX88772: leave the carrier control to phylink Krzysztof Kozlowski (3): NFC: nci: uart: Set tty->disc_data only in success path power: supply: collie: Fix wakeup source leaks on device unbind drm/msm/dsi/dsi_phy_10nm: Fix missing initial VCO rate Kuniyuki Iwashima (4): atm: Revert atm_account_tx() if copy_from_iter_full() fails. mpls: Use rcu_dereference_rtnl() in mpls_route_input_rcu(). atm: atmtcp: Free invalid length skb in atmtcp_c_send(). calipso: Fix null-ptr-deref in calipso_req_{set,del}attr(). Kyungwook Boo (1): i40e: fix MMIO write access to an invalid page in i40e_clear_hw Laurentiu Palcu (1): media: nxp: imx8-isi: better handle the m2m usage_count Laurentiu Tudor (1): bus: fsl-mc: increase MC_CMD_COMPLETION_TIMEOUT_MS value Li Lingfeng (1): nfsd: Initialize ssc before laundromat_work to prevent NULL dereference Linus Walleij (1): net: ethernet: cortina: Use TOE/TSO on all TCP Loic Poulain (1): media: venus: Fix probe error handling Long Li (2): Drivers: hv: Allocate interrupt and monitor pages aligned to system page boundary uio_hv_generic: Use correct size for interrupt and monitor pages Lorenzo Stoakes (1): KVM: s390: rename PROT_NONE to PROT_TYPE_DUMMY Luo Gengkun (2): watchdog: fix watchdog may detect false positive of softlockup perf/core: Fix WARN in perf_cgroup_switch() Ma Ke (1): media: v4l2-dev: fix error handling in __video_register_device() Marcus Folkesson (1): watchdog: da9052_wdt: respect TWDMIN Marek Szyprowski (3): media: omap3isp: use sgtable-based scatterlist wrappers media: videobuf2: use sgtable-based scatterlist wrappers udmabuf: use sgtable-based scatterlist wrappers Mario Limonciello (2): ACPI: Add missing prototype for non CONFIG_SUSPEND/CONFIG_X86 case platform/x86/amd: pmc: Clear metrics table at start of cycle Martin Blumenstingl (1): ASoC: meson: meson-card-utils: use of_property_present() for DT parsing Mateusz Pacuszka (1): ice: fix check for existing switch rule Max Kellermann (1): fs/nfs/read: fix double-unlock bug in nfs_return_empty_folio() Md Sadre Alam (1): mtd: rawnand: qcom: Fix read len for onfi param page Michael Walle (1): net: ethernet: ti: am65-cpsw: handle -EPROBE_DEFER Mike Looijmans (1): pinctrl: mcp23s08: Reset all pins to input at probe Mike Tipton (1): cpufreq: scmi: Skip SCMI devices that aren't used by the CPUs Mikulas Patocka (2): dm-mirror: fix a tiny race condition dm-verity: fix a memory leak if some arguments are specified multiple times Ming Qian (4): media: imx-jpeg: Drop the first error frames media: imx-jpeg: Move mxc_jpeg_free_slot_data() ahead media: imx-jpeg: Reset slot data pointers when freed media: imx-jpeg: Cleanup after an allocation error Mingcong Bai (1): wifi: rtlwifi: disable ASPM for RTL8723BE with subsystem ID 11ad:1723 Miri Korenblit (1): wifi: iwlwifi: pcie: make sure to lock rxq->read Moon Yeounsu (1): net: dlink: add synchronization for stats update Muhammad Usama Anjum (1): wifi: ath11k: Fix QMI memory reuse logic Muna Sinada (1): wifi: mac80211: VLAN traffic in multicast path Murad Masimov (2): fbdev: Fix do_register_framebuffer to prevent null-ptr-deref in fb_videomode_to_var fbdev: Fix fb_set_var to prevent null-ptr-deref in fb_videomode_to_var Namjae Jeon (1): ksmbd: fix null pointer dereference in destroy_previous_session Narayana Murty N (1): powerpc/eeh: Fix missing PE bridge reconfiguration during VFIO EEH recovery Neal Cardwell (1): tcp: fix tcp_packet_delayed() for tcp_is_non_sack_preventing_reopen() behavior NeilBrown (1): nfsd: nfsd4_spo_must_allow() must check this is a v4 compound request Niklas Cassel (1): PCI: cadence-ep: Correct PBA offset in .set_msix() callback Niravkumar L Rabara (1): EDAC/altera: Use correct write width with the INTTEST register Pali Rohár (1): cifs: Remove duplicate fattr->cf_dtype assignment from wsl_to_fattr() function Paul Aurich (1): smb: Log an error when close_all_cached_dirs fails Paul Chaignon (2): net: Fix checksum update for ILA adj-transport bpf: Fix L4 csum update on IPv6 in CHECKSUM_COMPLETE Pavel Begunkov (2): io_uring: account drain memory to cgroup io_uring/kbuf: account ring io_buffer_list memory Peng Fan (1): gpiolib: of: Add polarity quirk for s5m8767 Penglei Jiang (1): io_uring: fix task leak issue in io_wq_create() Peter Marheine (1): ACPI: battery: negate current when discharging Peter Oberparleiter (1): scsi: s390: zfcp: Ensure synchronous unit_add Peter Zijlstra (2): perf: Fix sample vs do_exit() perf: Fix cgroup state vs ERROR Petr Malat (1): sctp: Do not wake readers in __sctp_write_space() Qasim Ijaz (1): net: ch9200: fix uninitialised access during mii_nway_restart Renato Caldas (1): platform/x86: ideapad-laptop: add missing Ideapad Pro 5 fn keys Rengarajan S (2): net: lan743x: Modify the EEPROM and OTP size for PCI1xxxx devices net: microchip: lan743x: Reduce PTP timeout on HW failure Ricardo Ribalda (3): media: uvcvideo: Return the number of processed controls media: uvcvideo: Send control events for partial succeeds media: uvcvideo: Fix deferred probing error Ronnie Sahlberg (1): ublk: santizize the arguments from userspace when adding a device Ross Stutterheim (1): ARM: 9447/1: arm/memremap: fix arch_memremap_can_ram_remap() Ruben Devos (1): smb: client: add NULL check in automount_fullpath Ryan Roberts (1): arm64/mm: Close theoretical race where stale TLB entry remains valid Sakari Ailus (4): media: ccs-pll: Start VT pre-PLL multiplier search from correct value media: ccs-pll: Start OP pre-PLL multiplier search from correct value media: ccs-pll: Correct the upper limit of maximum op_pre_pll_clk_div media: ccs-pll: Check for too high VT PLL multiplier in dual PLL case Salah Triki (1): wireless: purelifi: plfxlc: fix memory leak in plfxlc_usb_wreq_asyn() Samuel Williams (1): wifi: mt76: mt7921: add 160 MHz AP for mt7922 device Sean Christopherson (1): iommu/amd: Ensure GA log notifier callbacks finish running before module unload Sean Nyekjaer (3): iio: accel: fxls8962af: Fix temperature scan element sign iio: imu: inv_icm42600: Fix temperature calculation iio: accel: fxls8962af: Fix temperature calculation Sebastian Andrzej Siewior (1): ipv4/route: Use this_cpu_inc() for stats on PREEMPT_RT Sergio Perez Gonzalez (1): net: macb: Check return value of dma_set_mask_and_coherent() Seunghun Han (2): ACPICA: fix acpi operand cache leak in dswstate.c ACPICA: fix acpi parse and parseext cache leaks Shin'ichiro Kawasaki (1): RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction Shyam Prasad N (6): cifs: reset connections for all channels when reconnect requested cifs: update dstaddr whenever channel iface is updated cifs: dns resolution is needed only for primary channel cifs: deal with the channel loading lag while picking channels cifs: serialize other channels when query server interfaces is pending cifs: do not disable interface polling on failure Simon Horman (1): pldmfw: Select CRC32 when PLDMFW is selected Srinivas Pandruvada (1): platform/x86/intel-uncore-freq: Fail module load when plat_info is NULL Stefan Wahren (1): net: vertexcom: mse102x: Return code for mse102x_rx_pkt_spi Stephen Smalley (2): fs/xattr.c: fix simple_xattr_list() selinux: fix selinux_xfrm_alloc_user() to set correct ctx_len Stuart Hayes (2): platform/x86: dell_rbu: Fix list usage platform/x86: dell_rbu: Stop overwriting data buffer Sukrut Bellary (1): ARM: OMAP2+: Fix l4ls clk domain handling in STANDBY Sumit Kumar (1): bus: mhi: ep: Update read pointer only after buffer is written Suraj P Kizhakkethil (1): wifi: ath12k: Pass correct values of center freq1 and center freq2 for 160 MHz Takashi Iwai (1): ALSA: hda/intel: Add Thinkpad E15 to PM deny list Talhah Peerbhai (1): ASoC: amd: yc: Add quirk for Lenovo Yoga Pro 7 14ASP9 Tali Perry (1): i2c: npcm: Add clock toggle recovery Tan En De (1): i2c: designware: Invoke runtime suspend on quick slave re-registration Tasos Sahanidis (1): ata: pata_via: Force PIO for ATAPI devices on VT6415/VT6330 Tengda Wu (1): arm64/ptrace: Fix stack-out-of-bounds read in regs_get_kernel_stack_nth() Thadeu Lima de Souza Cascardo (1): ext4: inline: fix len overflow in ext4_prepare_inline_data Thomas Zimmermann (1): video: screen_info: Relocate framebuffers behind PCI bridges Tianyang Zhang (1): LoongArch: Fix panic caused by NULL-PMD in huge_pte_offset() Tomi Valkeinen (1): media: i2c: ds90ub913: Fix returned fmt from .set_fmt() Tzung-Bi Shih (1): drm/i915/pmu: Fix build error with GCOV and AutoFDO enabled Vitaliy Shevtsov (1): scsi: elx: efct: Fix memory leak in efct_hw_parse_filter() Vitaly Lifshits (1): e1000e: set fixed clock frequency indication for Nahum 11 and Nahum 13 Vladimir Oltean (2): ptp: fix breakage after ptp_vclock_in_use() rework ptp: allow reading of currently dialed frequency to succeed on free-running clocks Víctor Gonzalo (1): wifi: iwlwifi: Add missing MODULE_FIRMWARE for Qu-c0-jf-b0 Wan Junjie (1): bus: fsl-mc: fix GET/SET_TAILDROP command ids WangYuli (1): Input: sparcspkr - avoid unannotated fall-through Wentao Liang (8): ASoC: qcom: sdm845: Add error handling in sdm845_slim_snd_hw_params() net/mlx5_core: Add error handling inmlx5_query_nic_vport_qkey_viol_cntr() net/mlx5: Add error handling in mlx5_query_nic_vport_node_guid() media: gspca: Add error handling for stv06xx_read_sensor() mtd: rawnand: sunxi: Add randomizer configuration in sunxi_nfc_hw_ecc_write_chunk mtd: nand: sunxi: Add randomizer configuration before randomizer enable regulator: max14577: Add error check for max14577_read_reg() octeontx2-pf: Add error log forcn10k_map_unmap_rq_policer() Xiaolei Wang (2): remoteproc: core: Cleanup acquired resources when rproc_handle_resources() fails in rproc_attach() remoteproc: core: Release rproc->clean_table after rproc_attach() fails Xin Li (Intel) (1): selftests/x86: Add a test to detect infinite SIGTRAP handler loop Xu Yang (1): phy: fsl-imx8mq-usb: fix phy_tx_vboost_level_from_property() Yao Zi (3): platform/loongarch: laptop: Get brightness setting from EC on probe platform/loongarch: laptop: Unregister generic_sub_drivers on exit platform/loongarch: laptop: Add backlight power control support Ye Bin (1): ftrace: Fix UAF when lookup kallsym after ftrace disabled Yong Wang (2): net: bridge: mcast: update multicast contex when vlan state is changed net: bridge: mcast: re-implement br_multicast_{enable, disable}_port functions Yosry Ahmed (1): KVM: SVM: Clear current_vmcb during vCPU free for all *possible* CPUs Yuanjun Gong (1): ASoC: tegra210_ahub: Add check to of_device_get_match_data() Zhang Yi (2): ext4: factor out ext4_get_maxbytes() ext4: ensure i_size is smaller than maxbytes Zijun Hu (3): configfs: Do not override creating attribute file failure in populate_attrs() software node: Correct a OOB check in software_node_get_reference_args() sock: Correct error checking condition for (assign|release)_proto_idx() Zilin Guan (1): tipc: use kfree_sensitive() for aead cleanup gldrk (1): ACPICA: utilities: Fix overflow check in vsnprintf() wangdicheng (1): ALSA: usb-audio: Rename ALSA kcontrol PCM and PCM1 for the KTMicro sound card zhangjian (1): smb: client: fix first command failure during re-negotiation

4 months, 2 weeks

1
1
0 0

Linux 6.1.142

by Greg Kroah-Hartman

I'm announcing the release of the 6.1.142 kernel. All users of the 6.1 kernel series must upgrade. The updated 6.1.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.1.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/ABI/testing/sysfs-fs-xfs | 8 Documentation/admin-guide/kernel-parameters.txt | 2 Documentation/devicetree/bindings/i2c/nvidia,tegra20-i2c.yaml | 24 Documentation/devicetree/bindings/vendor-prefixes.yaml | 2 Makefile | 6 arch/arm/boot/dts/am335x-bone-common.dtsi | 8 arch/arm/boot/dts/at91sam9263ek.dts | 2 arch/arm/boot/dts/qcom-apq8064.dtsi | 13 arch/arm/boot/dts/tny_a9263.dts | 2 arch/arm/boot/dts/usb_a9263.dts | 4 arch/arm/mach-aspeed/Kconfig | 1 arch/arm/mach-omap2/clockdomain.h | 1 arch/arm/mach-omap2/clockdomains33xx_data.c | 2 arch/arm/mach-omap2/cm33xx.c | 14 arch/arm/mach-omap2/pmic-cpcap.c | 6 arch/arm/mm/ioremap.c | 4 arch/arm64/Kconfig | 6 arch/arm64/boot/dts/freescale/imx8mm-beacon-som.dtsi | 1 arch/arm64/boot/dts/freescale/imx8mm-verdin.dtsi | 1 arch/arm64/boot/dts/freescale/imx8mn-beacon-som.dtsi | 1 arch/arm64/boot/dts/marvell/armada-3720-uDPU.dtsi | 8 arch/arm64/boot/dts/mediatek/mt6359.dtsi | 4 arch/arm64/boot/dts/mediatek/mt8195.dtsi | 50 + arch/arm64/boot/dts/qcom/sda660-inforce-ifc6560.dts | 2 arch/arm64/boot/dts/qcom/sdm660-xiaomi-lavender.dts | 3 arch/arm64/boot/dts/qcom/sm8250.dtsi | 2 arch/arm64/boot/dts/rockchip/rk3399-puma-haikou.dts | 8 arch/arm64/boot/dts/ti/k3-am65-main.dtsi | 20 arch/arm64/boot/dts/ti/k3-j721e-sk.dts | 31 + arch/arm64/configs/defconfig | 3 arch/arm64/kernel/fpsimd.c | 4 arch/arm64/kernel/ptrace.c | 2 arch/arm64/xen/hypercall.S | 21 arch/loongarch/include/asm/irqflags.h | 16 arch/m68k/mac/config.c | 2 arch/mips/Makefile | 2 arch/mips/boot/dts/loongson/loongson64c_4core_ls7a.dts | 1 arch/mips/vdso/Makefile | 1 arch/parisc/boot/compressed/Makefile | 1 arch/parisc/kernel/unaligned.c | 2 arch/powerpc/kernel/eeh.c | 2 arch/powerpc/kexec/crash.c | 5 arch/powerpc/platforms/book3s/vas-api.c | 9 arch/powerpc/platforms/powernv/memtrace.c | 8 arch/powerpc/platforms/pseries/msi.c | 7 arch/riscv/kvm/vcpu_sbi_replace.c | 8 arch/s390/kvm/gaccess.c | 8 arch/s390/net/bpf_jit_comp.c | 12 arch/s390/pci/pci_mmio.c | 2 arch/x86/kernel/cpu/bugs.c | 10 arch/x86/kernel/cpu/common.c | 17 arch/x86/kernel/cpu/mtrr/generic.c | 2 arch/x86/kernel/cpu/sgx/main.c | 2 arch/x86/kernel/ioport.c | 13 arch/x86/kernel/process.c | 6 arch/x86/kvm/svm/svm.c | 2 crypto/lrw.c | 4 crypto/xts.c | 4 drivers/acpi/acpica/dsutils.c | 9 drivers/acpi/acpica/psobject.c | 52 - drivers/acpi/acpica/utprint.c | 7 drivers/acpi/apei/Kconfig | 1 drivers/acpi/apei/ghes.c | 2 drivers/acpi/battery.c | 19 drivers/acpi/bus.c | 6 drivers/acpi/cppc_acpi.c | 2 drivers/acpi/osi.c | 1 drivers/ata/pata_via.c | 3 drivers/atm/atmtcp.c | 4 drivers/base/power/domain.c | 2 drivers/base/power/main.c | 3 drivers/base/power/runtime.c | 2 drivers/base/swnode.c | 2 drivers/block/aoe/aoedev.c | 8 drivers/bluetooth/hci_qca.c | 14 drivers/bus/fsl-mc/fsl-mc-bus.c | 6 drivers/bus/fsl-mc/fsl-mc-uapi.c | 4 drivers/bus/fsl-mc/mc-io.c | 19 drivers/bus/fsl-mc/mc-sys.c | 2 drivers/bus/mhi/host/pm.c | 18 drivers/bus/ti-sysc.c | 49 - drivers/clk/bcm/clk-raspberrypi.c | 2 drivers/clk/meson/g12a.c | 1 drivers/clk/qcom/dispcc-sm6350.c | 3 drivers/clk/qcom/gcc-msm8939.c | 4 drivers/clk/qcom/gcc-sm6350.c | 6 drivers/clk/qcom/gpucc-sm6350.c | 6 drivers/clk/rockchip/clk-rk3036.c | 1 drivers/counter/interrupt-cnt.c | 9 drivers/cpufreq/acpi-cpufreq.c | 2 drivers/cpufreq/scmi-cpufreq.c | 36 + drivers/cpufreq/tegra186-cpufreq.c | 7 drivers/crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c | 7 drivers/crypto/allwinner/sun8i-ce/sun8i-ce.h | 2 drivers/crypto/allwinner/sun8i-ss/sun8i-ss-cipher.c | 2 drivers/crypto/marvell/cesa/cesa.c | 2 drivers/crypto/marvell/cesa/cesa.h | 9 drivers/crypto/marvell/cesa/cipher.c | 3 drivers/crypto/marvell/cesa/hash.c | 2 drivers/crypto/marvell/cesa/tdma.c | 53 + drivers/dma-buf/udmabuf.c | 5 drivers/dma/ti/k3-udma.c | 3 drivers/edac/altera_edac.c | 6 drivers/edac/skx_common.c | 1 drivers/firmware/Kconfig | 1 drivers/firmware/arm_sdei.c | 11 drivers/firmware/efi/libstub/efi-stub-helper.c | 1 drivers/firmware/psci/psci.c | 4 drivers/gpu/drm/amd/display/dc/dml/Makefile | 3 drivers/gpu/drm/amd/pm/powerplay/hwmgr/ppatomctrl.c | 8 drivers/gpu/drm/bridge/lontium-lt9611uxc.c | 6 drivers/gpu/drm/meson/meson_drv.c | 2 drivers/gpu/drm/meson/meson_drv.h | 2 drivers/gpu/drm/meson/meson_encoder_hdmi.c | 29 - drivers/gpu/drm/meson/meson_vclk.c | 226 ++++---- drivers/gpu/drm/meson/meson_vclk.h | 13 drivers/gpu/drm/msm/disp/dpu1/dpu_encoder_phys_vid.c | 14 drivers/gpu/drm/msm/dsi/phy/dsi_phy_10nm.c | 7 drivers/gpu/drm/nouveau/nouveau_backlight.c | 2 drivers/gpu/drm/rcar-du/rcar_du_kms.c | 10 drivers/gpu/drm/tegra/rgb.c | 14 drivers/gpu/drm/vkms/vkms_crtc.c | 2 drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 26 drivers/hid/hid-hyperv.c | 4 drivers/hid/usbhid/hid-core.c | 25 drivers/hwmon/asus-ec-sensors.c | 4 drivers/hwmon/occ/common.c | 240 +++------ drivers/hwtracing/coresight/coresight-config.h | 2 drivers/hwtracing/coresight/coresight-syscfg.c | 49 + drivers/i2c/busses/i2c-designware-slave.c | 2 drivers/i2c/busses/i2c-npcm7xx.c | 12 drivers/i2c/busses/i2c-tegra.c | 5 drivers/iio/accel/fxls8962af-core.c | 15 drivers/iio/adc/ad7124.c | 4 drivers/iio/adc/ad7606_spi.c | 2 drivers/iio/filter/admv8818.c | 224 ++++++-- drivers/iio/imu/inv_icm42600/inv_icm42600_temp.c | 8 drivers/infiniband/core/cm.c | 16 drivers/infiniband/core/cma.c | 3 drivers/infiniband/core/iwcm.c | 29 - drivers/infiniband/hw/hns/hns_roce_ah.c | 1 drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 1 drivers/infiniband/hw/hns/hns_roce_hw_v2.h | 1 drivers/infiniband/hw/hns/hns_roce_main.c | 1 drivers/infiniband/hw/hns/hns_roce_restrack.c | 1 drivers/infiniband/hw/mlx5/qpc.c | 30 + drivers/input/keyboard/gpio_keys.c | 2 drivers/input/misc/ims-pcu.c | 6 drivers/input/misc/sparcspkr.c | 22 drivers/input/rmi4/rmi_f34.c | 135 ++--- drivers/iommu/Kconfig | 1 drivers/iommu/amd/iommu.c | 8 drivers/iommu/iommu.c | 4 drivers/md/dm-raid1.c | 5 drivers/md/dm.c | 30 - drivers/media/common/videobuf2/videobuf2-dma-sg.c | 4 drivers/media/i2c/ccs-pll.c | 11 drivers/media/i2c/ov8856.c | 9 drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c | 12 drivers/media/platform/qcom/venus/core.c | 16 drivers/media/platform/ti/davinci/vpif.c | 4 drivers/media/platform/ti/omap3isp/ispccdc.c | 8 drivers/media/platform/ti/omap3isp/ispstat.c | 6 drivers/media/test-drivers/vidtv/vidtv_channel.c | 2 drivers/media/test-drivers/vivid/vivid-vid-cap.c | 2 drivers/media/usb/dvb-usb/cxusb.c | 3 drivers/media/usb/gspca/stv06xx/stv06xx_hdcs.c | 7 drivers/media/usb/uvc/uvc_ctrl.c | 23 drivers/media/usb/uvc/uvc_driver.c | 27 - drivers/media/v4l2-core/v4l2-dev.c | 14 drivers/mfd/exynos-lpass.c | 1 drivers/mfd/stmpe-spi.c | 2 drivers/misc/vmw_vmci/vmci_host.c | 11 drivers/mmc/core/card.h | 6 drivers/mmc/core/quirks.h | 10 drivers/mmc/core/sd.c | 32 - drivers/mtd/nand/ecc-mxic.c | 2 drivers/mtd/nand/raw/sunxi_nand.c | 2 drivers/net/can/m_can/tcan4x5x-core.c | 9 drivers/net/ethernet/aquantia/atlantic/aq_main.c | 1 drivers/net/ethernet/aquantia/atlantic/aq_nic.c | 2 drivers/net/ethernet/cadence/macb_main.c | 6 drivers/net/ethernet/cortina/gemini.c | 37 + drivers/net/ethernet/dlink/dl2k.c | 14 drivers/net/ethernet/dlink/dl2k.h | 2 drivers/net/ethernet/emulex/benet/be_cmds.c | 2 drivers/net/ethernet/faraday/Kconfig | 1 drivers/net/ethernet/google/gve/gve_main.c | 2 drivers/net/ethernet/google/gve/gve_tx_dqo.c | 3 drivers/net/ethernet/intel/i40e/i40e_common.c | 7 drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 11 drivers/net/ethernet/intel/ice/ice_arfs.c | 48 + drivers/net/ethernet/intel/ice/ice_sched.c | 181 +++++- drivers/net/ethernet/intel/ice/ice_switch.c | 4 drivers/net/ethernet/marvell/octeontx2/nic/cn10k.c | 9 drivers/net/ethernet/mediatek/mtk_star_emac.c | 4 drivers/net/ethernet/mellanox/mlx4/en_clock.c | 2 drivers/net/ethernet/mellanox/mlx4/en_ethtool.c | 1 drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 12 drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 5 drivers/net/ethernet/mellanox/mlx5/core/pagealloc.c | 2 drivers/net/ethernet/mellanox/mlx5/core/vport.c | 18 drivers/net/ethernet/microchip/lan743x_ethtool.c | 18 drivers/net/ethernet/microchip/lan743x_main.c | 4 drivers/net/ethernet/microchip/lan743x_ptp.c | 2 drivers/net/ethernet/microchip/lan743x_ptp.h | 5 drivers/net/ethernet/microchip/lan966x/lan966x_main.c | 1 drivers/net/ethernet/microchip/lan966x/lan966x_main.h | 1 drivers/net/ethernet/microchip/lan966x/lan966x_switchdev.c | 1 drivers/net/ethernet/microchip/lan966x/lan966x_vlan.c | 21 drivers/net/ethernet/pensando/ionic/ionic_main.c | 3 drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 5 drivers/net/ethernet/stmicro/stmmac/stmmac_platform.c | 11 drivers/net/ethernet/stmicro/stmmac/stmmac_ptp.c | 2 drivers/net/ethernet/vertexcom/mse102x.c | 15 drivers/net/macsec.c | 40 + drivers/net/phy/mdio_bus.c | 16 drivers/net/phy/mscc/mscc_ptp.c | 20 drivers/net/usb/aqc111.c | 10 drivers/net/usb/ch9200.c | 7 drivers/net/vmxnet3/vmxnet3_drv.c | 26 drivers/net/vxlan/vxlan_core.c | 8 drivers/net/wireguard/device.c | 1 drivers/net/wireless/ath/ath10k/snoc.c | 4 drivers/net/wireless/ath/ath11k/ce.c | 11 drivers/net/wireless/ath/ath11k/core.c | 37 - drivers/net/wireless/ath/ath11k/core.h | 4 drivers/net/wireless/ath/ath11k/debugfs.c | 61 +- drivers/net/wireless/ath/ath11k/dp_rx.c | 25 drivers/net/wireless/ath/ath11k/hal.c | 4 drivers/net/wireless/ath/ath11k/mac.c | 4 drivers/net/wireless/ath/ath11k/qmi.c | 9 drivers/net/wireless/ath/ath11k/testmode.c | 64 -- drivers/net/wireless/ath/ath11k/testmode.h | 8 drivers/net/wireless/ath/ath11k/wmi.c | 2 drivers/net/wireless/ath/ath9k/htc_drv_beacon.c | 3 drivers/net/wireless/ath/carl9170/usb.c | 19 drivers/net/wireless/intersil/p54/fwio.c | 2 drivers/net/wireless/intersil/p54/p54.h | 1 drivers/net/wireless/intersil/p54/txrx.c | 13 drivers/net/wireless/mac80211_hwsim.c | 5 drivers/net/wireless/mediatek/mt76/mt76x2/usb.c | 2 drivers/net/wireless/mediatek/mt76/mt76x2/usb_init.c | 13 drivers/net/wireless/mediatek/mt76/mt7921/main.c | 5 drivers/net/wireless/purelifi/plfxlc/usb.c | 4 drivers/net/wireless/realtek/rtlwifi/pci.c | 10 drivers/net/wireless/realtek/rtw88/coex.c | 2 drivers/net/wireless/realtek/rtw88/rtw8822c.c | 3 drivers/nvme/target/fcloop.c | 31 - drivers/pci/controller/cadence/pcie-cadence-ep.c | 5 drivers/pci/controller/cadence/pcie-cadence-host.c | 11 drivers/pci/controller/dwc/pcie-dw-rockchip.c | 2 drivers/pci/controller/pcie-apple.c | 4 drivers/pci/pci.c | 3 drivers/pci/pcie/dpc.c | 2 drivers/pci/quirks.c | 23 drivers/phy/qualcomm/phy-qcom-qmp-usb.c | 6 drivers/pinctrl/mvebu/pinctrl-armada-37xx.c | 35 - drivers/pinctrl/pinctrl-at91.c | 6 drivers/pinctrl/pinctrl-mcp23s08.c | 8 drivers/pinctrl/qcom/pinctrl-qcm2290.c | 9 drivers/platform/loongarch/loongson-laptop.c | 87 +-- drivers/platform/x86/dell/dell_rbu.c | 6 drivers/platform/x86/ideapad-laptop.c | 3 drivers/power/reset/at91-reset.c | 5 drivers/power/supply/bq27xxx_battery.c | 2 drivers/power/supply/bq27xxx_battery_i2c.c | 13 drivers/ptp/ptp_clock.c | 3 drivers/ptp/ptp_private.h | 12 drivers/rapidio/rio_cm.c | 3 drivers/regulator/max14577-regulator.c | 5 drivers/regulator/max20086-regulator.c | 10 drivers/remoteproc/qcom_wcnss_iris.c | 2 drivers/remoteproc/remoteproc_core.c | 6 drivers/remoteproc/ti_k3_r5_remoteproc.c | 8 drivers/rpmsg/qcom_smd.c | 2 drivers/rtc/class.c | 2 drivers/rtc/lib.c | 24 drivers/rtc/rtc-sh.c | 12 drivers/s390/scsi/zfcp_sysfs.c | 2 drivers/scsi/elx/efct/efct_hw.c | 5 drivers/scsi/hisi_sas/hisi_sas_main.c | 29 - drivers/scsi/lpfc/lpfc_hbadisc.c | 2 drivers/scsi/lpfc/lpfc_sli.c | 4 drivers/scsi/qedf/qedf_main.c | 2 drivers/scsi/scsi_transport_iscsi.c | 11 drivers/scsi/storvsc_drv.c | 10 drivers/soc/aspeed/aspeed-lpc-snoop.c | 17 drivers/spi/spi-bcm63xx-hsspi.c | 2 drivers/spi/spi-bcm63xx.c | 2 drivers/spi/spi-sh-msiof.c | 13 drivers/spi/spi-tegra210-quad.c | 24 drivers/staging/iio/impedance-analyzer/ad5933.c | 2 drivers/staging/media/rkvdec/rkvdec.c | 10 drivers/tee/tee_core.c | 11 drivers/thunderbolt/ctl.c | 5 drivers/tty/serial/milbeaut_usio.c | 5 drivers/tty/serial/sh-sci.c | 97 ++- drivers/tty/vt/vt_ioctl.c | 2 drivers/ufs/core/ufshcd.c | 7 drivers/uio/uio_hv_generic.c | 4 drivers/usb/cdns3/cdnsp-gadget.c | 21 drivers/usb/cdns3/cdnsp-gadget.h | 4 drivers/usb/class/usbtmc.c | 21 drivers/usb/core/hub.c | 16 drivers/usb/core/quirks.c | 3 drivers/usb/gadget/function/f_hid.c | 12 drivers/usb/renesas_usbhs/common.c | 50 + drivers/usb/serial/pl2303.c | 2 drivers/usb/storage/unusual_uas.h | 7 drivers/usb/typec/tcpm/tcpci_maxim.c | 3 drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.c | 57 +- drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.h | 14 drivers/vfio/vfio_iommu_type1.c | 2 drivers/video/backlight/qcom-wled.c | 6 drivers/video/console/vgacon.c | 2 drivers/video/fbdev/core/fbcon.c | 7 drivers/video/fbdev/core/fbcvt.c | 2 drivers/video/fbdev/core/fbmem.c | 4 drivers/watchdog/da9052_wdt.c | 1 drivers/watchdog/exar_wdt.c | 2 fs/ceph/super.c | 1 fs/configfs/dir.c | 2 fs/ext4/ext4.h | 7 fs/ext4/extents.c | 18 fs/ext4/file.c | 7 fs/ext4/inline.c | 2 fs/ext4/inode.c | 3 fs/f2fs/data.c | 4 fs/f2fs/f2fs.h | 10 fs/f2fs/namei.c | 19 fs/f2fs/super.c | 12 fs/filesystems.c | 14 fs/gfs2/inode.c | 3 fs/gfs2/lock_dlm.c | 3 fs/jbd2/transaction.c | 5 fs/jffs2/erase.c | 4 fs/jffs2/scan.c | 4 fs/jffs2/summary.c | 7 fs/kernfs/dir.c | 5 fs/kernfs/file.c | 3 fs/namespace.c | 6 fs/nfs/super.c | 19 fs/nfsd/nfs4proc.c | 3 fs/nfsd/nfssvc.c | 6 fs/nilfs2/btree.c | 4 fs/nilfs2/direct.c | 3 fs/ntfs3/index.c | 8 fs/ocfs2/quota_local.c | 2 fs/smb/client/cached_dir.h | 8 fs/smb/client/connect.c | 8 fs/smb/client/readdir.c | 28 - fs/smb/server/smb2pdu.c | 11 fs/squashfs/super.c | 5 fs/userfaultfd.c | 6 fs/xfs/Kconfig | 12 fs/xfs/libxfs/xfs_alloc.c | 10 fs/xfs/libxfs/xfs_dir2_data.c | 31 - fs/xfs/libxfs/xfs_dir2_priv.h | 7 fs/xfs/libxfs/xfs_quota_defs.h | 2 fs/xfs/libxfs/xfs_refcount.c | 13 fs/xfs/libxfs/xfs_rmap.c | 10 fs/xfs/libxfs/xfs_trans_resv.c | 28 - fs/xfs/scrub/bmap.c | 8 fs/xfs/xfs.h | 4 fs/xfs/xfs_bmap_util.c | 22 fs/xfs/xfs_buf_item.c | 32 + fs/xfs/xfs_dquot_item.c | 31 + fs/xfs/xfs_file.c | 33 - fs/xfs/xfs_file.h | 15 fs/xfs/xfs_fsmap.c | 266 +++++----- fs/xfs/xfs_inode.c | 29 - fs/xfs/xfs_inode.h | 2 fs/xfs/xfs_inode_item.c | 32 + fs/xfs/xfs_ioctl.c | 12 fs/xfs/xfs_iops.c | 1 fs/xfs/xfs_iops.h | 3 fs/xfs/xfs_rtalloc.c | 78 ++ fs/xfs/xfs_symlink.c | 8 fs/xfs/xfs_trace.h | 25 include/acpi/actypes.h | 2 include/linux/arm_sdei.h | 4 include/linux/atmdev.h | 6 include/linux/bio.h | 2 include/linux/hid.h | 3 include/linux/hugetlb.h | 3 include/linux/mlx5/driver.h | 1 include/linux/mm.h | 3 include/linux/mm_types.h | 3 include/linux/mmc/card.h | 1 include/net/bluetooth/hci_core.h | 1 include/net/checksum.h | 2 include/net/sock.h | 7 include/trace/events/erofs.h | 18 include/uapi/linux/bpf.h | 2 io_uring/io_uring.c | 10 ipc/shm.c | 5 kernel/bpf/core.c | 2 kernel/bpf/helpers.c | 3 kernel/cgroup/legacy_freezer.c | 3 kernel/events/core.c | 57 +- kernel/exit.c | 17 kernel/power/wakelock.c | 3 kernel/time/clocksource.c | 2 kernel/time/posix-cpu-timers.c | 9 kernel/trace/bpf_trace.c | 2 kernel/trace/ftrace.c | 10 kernel/trace/trace.c | 2 kernel/trace/trace.h | 8 kernel/trace/trace_events_hist.c | 2 kernel/trace/trace_events_trigger.c | 20 lib/Kconfig | 1 mm/huge_memory.c | 11 mm/hugetlb.c | 83 ++- mm/mmap.c | 8 mm/page-writeback.c | 2 net/atm/common.c | 1 net/atm/lec.c | 12 net/atm/raw.c | 2 net/bluetooth/eir.c | 10 net/bluetooth/hci_core.c | 15 net/bluetooth/hci_sync.c | 20 net/bluetooth/l2cap_core.c | 3 net/bluetooth/mgmt.c | 39 - net/bluetooth/mgmt_util.c | 2 net/bridge/br_mst.c | 4 net/bridge/br_multicast.c | 103 +++ net/bridge/br_private.h | 11 net/bridge/netfilter/nf_conntrack_bridge.c | 12 net/core/filter.c | 5 net/core/skmsg.c | 56 +- net/core/sock.c | 4 net/core/utils.c | 4 net/dsa/tag_brcm.c | 2 net/ipv4/route.c | 4 net/ipv4/tcp_fastopen.c | 3 net/ipv4/tcp_input.c | 63 +- net/ipv4/udp_offload.c | 5 net/ipv6/calipso.c | 8 net/ipv6/ila/ila_common.c | 6 net/ipv6/netfilter.c | 12 net/ipv6/netfilter/nft_fib_ipv6.c | 13 net/ipv6/seg6_local.c | 6 net/mac80211/mesh_hwmp.c | 6 net/mpls/af_mpls.c | 4 net/ncsi/internal.h | 21 net/ncsi/ncsi-pkt.h | 23 net/ncsi/ncsi-rsp.c | 21 net/netfilter/nft_quota.c | 20 net/netfilter/nft_set_pipapo_avx2.c | 21 net/netfilter/nft_tunnel.c | 8 net/netlabel/netlabel_kapi.c | 5 net/nfc/nci/uart.c | 8 net/openvswitch/flow.c | 2 net/sched/sch_ets.c | 2 net/sched/sch_prio.c | 2 net/sched/sch_red.c | 2 net/sched/sch_sfq.c | 15 net/sched/sch_tbf.c | 2 net/sctp/socket.c | 3 net/tipc/crypto.c | 8 net/tipc/udp_media.c | 4 net/tls/tls_sw.c | 15 net/wireless/core.c | 6 scripts/Makefile.clang | 3 scripts/Makefile.compiler | 4 scripts/gcc-plugins/gcc-common.h | 32 + scripts/gcc-plugins/randomize_layout_plugin.c | 40 - security/selinux/xfrm.c | 2 sound/pci/hda/hda_intel.c | 2 sound/pci/hda/patch_realtek.c | 1 sound/soc/amd/yc/acp6x-mach.c | 9 sound/soc/apple/mca.c | 23 sound/soc/codecs/hda.c | 4 sound/soc/codecs/tas2764.c | 2 sound/soc/codecs/tas2770.c | 30 + sound/soc/intel/avs/ipc.c | 4 sound/soc/meson/meson-card-utils.c | 2 sound/soc/qcom/sdm845.c | 4 sound/soc/tegra/tegra210_ahub.c | 2 sound/usb/implicit.c | 1 sound/usb/mixer_maps.c | 12 tools/bpf/resolve_btfids/Makefile | 2 tools/include/uapi/linux/bpf.h | 2 tools/lib/bpf/bpf_core_read.h | 6 tools/lib/bpf/btf.c | 16 tools/lib/bpf/libbpf.c | 2 tools/lib/bpf/linker.c | 4 tools/lib/bpf/nlattr.c | 15 tools/perf/Makefile.config | 2 tools/perf/builtin-record.c | 2 tools/perf/scripts/python/exported-sql-viewer.py | 5 tools/perf/tests/switch-tracking.c | 2 tools/perf/ui/browsers/hists.c | 2 tools/perf/util/intel-pt.c | 205 +++++++ tools/testing/selftests/seccomp/seccomp_bpf.c | 7 tools/testing/selftests/x86/Makefile | 2 tools/testing/selftests/x86/sigtrap_loop.c | 101 +++ usr/include/Makefile | 2 499 files changed, 4440 insertions(+), 2092 deletions(-) Adam Ford (2): arm64: dts: imx8mm-beacon: Fix RTC capacitive load arm64: dts: imx8mn-beacon: Fix RTC capacitive load Adrian Hunter (2): perf intel-pt: Fix PEBS-via-PT data_src perf scripts python: exported-sql-viewer.py: Fix pattern matching with Python 3 Ahmed S. Darwish (1): x86/cpu: Sanitize CPUID(0x80000000) output Ahmed Salem (1): ACPICA: Avoid sequence overread in call to strncmp() Akhil R (2): i2c: tegra: check msg length in SMBUS block read dt-bindings: i2c: nvidia,tegra20-i2c: Specify the required properties Al Viro (2): fix propagation graph breakage by MOVE_MOUNT_SET_GROUP move_mount(2) do_change_type(): refuse to operate on unmounted/not ours mounts Alan Maguire (1): libbpf: Add identical pointer detection to btf_dedup_is_equiv() Alexander Aring (1): gfs2: move msleep to sleepable context Alexander Shiyan (1): power: reset: at91-reset: Optimize at91_reset() Alexander Sverdlin (2): counter: interrupt-cnt: Protect enable/disable OPs with mutex Revert "bus: ti-sysc: Probe for l4_wkup and l4_cfg interconnect devices first" Alexandre Mergnat (2): rtc: Make rtc_time64_to_tm() support dates before 1970 rtc: Fix offset calculation for .start_secs < 0 Alexei Safin (1): hwmon: (asus-ec-sensors) check sensor index in read_string() Alexey Gladkov (1): mfd: stmpe-spi: Correct the name used in MODULE_DEVICE_TABLE Alexey Kodanev (2): wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds net: lan743x: fix potential out-of-bounds write in lan743x_ptp_io_event_clock_get() Alexey Minnekhanov (3): arm64: dts: qcom: sdm660-xiaomi-lavender: Add missing SD card detect GPIO arm64: dts: qcom: sdm660-lavender: Add missing USB phy supply arm64: dts: qcom: sda660-ifc6560: Fix dt-validate warning Alexis Lothoré (1): net: stmmac: make sure that ptp_rate is not 0 before configuring timestamping Alok Tiwari (4): gve: Fix RX_BUFFERS_POSTED stat to report per-queue fill_cnt gve: add missing NULL check for gve_alloc_pending_packet() in TX DQO scsi: iscsi: Fix incorrect error path labels for flashnode operations emulex/benet: correct command version selection in be_cmd_get_stats() Amit Sunil Dhamne (1): usb: typec: tcpm/tcpci_maxim: Fix bounds check in process_rx() Andre Przywara (1): dt-bindings: vendor-prefixes: Add Liontron name Andreas Gruenbacher (1): gfs2: gfs2_create_inode error handling fix Andreas Kemnade (1): ARM: omap: pmic-cpcap: do not mess around without CPCAP or OMAP4 Andrew Lunn (1): net: mdio: C22 is now optional, EOPNOTSUPP if not provided Andrew Morton (1): drivers/rapidio/rio_cm.c: prevent possible heap overwrite Andrew Zaborowski (1): x86/sgx: Prevent attempts to reclaim poisoned pages Andrey Vatoropin (1): fs/ntfs3: handle hdr_first_de() return value Andy Shevchenko (1): pinctrl: at91: Fix possible out-of-boundary access AngeloGioacchino Del Regno (1): arm64: dts: mediatek: mt8195: Reparent vdec1/2 and venc1 power domains Anton Protopopov (3): libbpf: Use proper errno value in linker bpf: Fix uninitialized values in BPF_{CORE,PROBE}_READ libbpf: Use proper errno value in nlattr Anup Patel (2): RISC-V: KVM: Fix the size parameter check in SBI SFENCE calls RISC-V: KVM: Don't treat SBI HFENCE calls as NOPs Armin Wolf (2): ACPI: OSI: Stop advertising support for "3.0 _SCP Extensions" ACPI: bus: Bail out if acpi_kobj registration fails Arnaldo Carvalho de Melo (2): perf build: Warn when libdebuginfod devel files are not available perf ui browser hists: Set actions->thread before calling do_zoom_thread() Arnd Bergmann (4): kbuild: hdrcheck: fix cross build with clang parisc: fix building with gcc-15 hwmon: (occ) Rework attribute registration for stack usage hwmon: (occ) fix unaligned accesses Artem Sadovnikov (1): jffs2: check that raw node were preallocated before writing summary Baochen Qiang (3): wifi: ath11k: avoid burning CPU in ath11k_debugfs_fw_stats_request() wifi: ath11k: don't use static variables in ath11k_debugfs_fw_stats_process() wifi: ath11k: don't wait when there is no vdev started Bartosz Golaszewski (1): Bluetooth: hci_qca: move the SoC type check to the right place Benjamin Berg (1): wifi: mac80211: do not offer a mesh path if forwarding is disabled Benjamin Marzinski (2): dm: don't change md if dm_table_set_restrictions() fails dm: free table mempools if not used in __bind Bharath SM (1): smb: improve directory cache reuse for readdir operations Biju Das (2): drm: rcar-du: Fix memory leak in rcar_du_vsps_init() drm/tegra: rgb: Fix the unbound reference count Bjorn Helgaas (1): PCI/DPC: Initialize aer_err_info before using it Breno Leitao (1): Revert "x86/bugs: Make spectre user default depend on MITIGATION_SPECTRE_V2" on v6.6 and older Brett Creeley (1): ionic: Prevent driver/fw getting out of sync on devcmd(s) Brett Werling (1): can: tcan4x5x: fix power regulator retrieval during probe Brian Pellegrino (1): iio: filter: admv8818: Support frequencies >= 2^32 Caleb Connolly (1): ath10k: snoc: fix unbalanced IRQ enable in crash recovery Carlos Fernandez (1): macsec: MACsec SCI assignment for ES = 0 Cezary Rojewski (2): ASoC: codecs: hda: Fix RPM usage count underflow ASoC: Intel: avs: Fix deadlock when the failing IPC is SET_D0IX Chao Yu (4): f2fs: fix to do sanity check on sbi->total_valid_block_count f2fs: clean up w/ fscrypt_is_bounce_page() f2fs: fix to detect gcing page in f2fs_is_cp_guaranteed() f2fs: fix to do sanity check on sit_bitmap_size Charalampos Mitrodimas (1): net: tipc: fix refcount warning in tipc_aead_encrypt Charan Teja Kalla (1): PM: runtime: fix denying of auto suspend in pm_suspend_timer_fn() Charles Han (1): drm/amd/pp: Fix potential NULL pointer dereference in atomctrl_initialize_mc_reg_table Charles Yeh (1): USB: serial: pl2303: add new chip PL2303GC-Q20 and PL2303GT-2AB Chen Ridong (1): cgroup,freezer: fix incomplete freezing when attaching tasks Chenyuan Yang (1): phy: qcom-qmp-usb: Fix an NULL vs IS_ERR() bug Christian Lamparter (1): wifi: p54: prevent buffer-overflow in p54_rx_eeprom_readback() Christoph Hellwig (1): xfs: fix the contact address for the sysfs ABI documentation Christophe JAILLET (2): drm/bridge: lt9611uxc: Fix an error handling path in lt9611uxc_probe() mfd: exynos-lpass: Avoid calling exynos_lpass_disable() twice in exynos_lpass_remove() Claudiu Beznea (4): serial: sh-sci: Check if TX data was written to device in .tx_empty() serial: sh-sci: Move runtime PM enable to sci_probe_single() serial: sh-sci: Clean sci_ports[0] after at earlycon exit serial: sh-sci: Increment the runtime usage counter for the earlycon device Colin Foster (1): ARM: dts: am335x-bone-common: Increase MDIO reset deassert time Corentin Labbe (1): crypto: sun8i-ss - do not use sg_dma_len before calling DMA functions Da Xue (1): clk: meson-g12a: add missing fclk_div2 to spicc Dan Carpenter (6): remoteproc: qcom_wcnss_iris: Add missing put_device() on error in probe rpmsg: qcom_smd: Fix uninitialized return variable in __qcom_smd_send() net/mlx4_en: Prevent potential integer overflow calculating Hz pmdomain: core: Fix error checking in genpd_dev_pm_attach_by_id() regulator: max20086: Fix refcount leak in max20086_parse_regulators_dt() Input: ims-pcu - check record size in ims_pcu_flash_firmware() Daniel Wagner (2): nvmet-fcloop: access fcpreq only when holding reqlock scsi: lpfc: Use memcpy() for BIOS version Dapeng Mi (1): perf record: Fix incorrect --user-regs comments Darrick J. Wong (17): xfs: fix interval filtering in multi-step fsmap queries xfs: fix integer overflows in the fsmap rtbitmap and logdev backends xfs: fix getfsmap reporting past the last rt extent xfs: clean up the rtbitmap fsmap backend xfs: fix logdev fsmap query result filtering xfs: validate fsmap offsets specified in the query keys xfs: fix xfs_btree_query_range callers to initialize btree rec fully xfs: fix an agbno overflow in __xfs_getfsmap_datadev xfs: verify buffer, inode, and dquot items every tx commit xfs: use consistent uid/gid when grabbing dquots for inodes xfs: declare xfs_file.c symbols in xfs_file.h xfs: create a new helper to return a file's allocation unit xfs: attr forks require attr, not attr2 xfs: conditionally allow FS_XFLAG_REALTIME changes if S_DAX is set xfs: use XFS_BUF_DADDR_NULL for daddrs in getfsmap code xfs: take m_growlock when running growfsrt xfs: reset rootdir extent size hint after growfsrt Dave Penkler (2): usb: usbtmc: Fix timeout value in get_stb usb: usbtmc: Fix read_stb function and get_stb ioctl David Heimann (1): ALSA: usb-audio: Add implicit feedback quirk for RODE AI-1 David Lechner (1): iio: adc: ad7606_spi: fix reg write value mask David Wei (1): tcp: fix passive TFO socket having invalid NAPI ID Denis Arefev (1): media: vivid: Change the siize of the composing Dennis Marttinen (1): ceph: set superblock s_magic for IMA fsmagic matching Dexuan Cui (1): scsi: storvsc: Increase the timeouts to storvsc_timeout Diederik de Haas (1): PCI: dw-rockchip: Fix PHY function call sequence in rockchip_pcie_phy_deinit() Dmitry Antipov (3): wifi: rtw88: do not ignore hardware read error during DPK Bluetooth: MGMT: iterate over mesh commands in mgmt_mesh_foreach() wifi: carl9170: do not ping device which has failed to load firmware Dmitry Baryshkov (1): ARM: dts: qcom: apq8064 merge hw splinlock into corresponding syscon device Dmitry Nikiforov (1): media: davinci: vpif: Fix memory leak in probe error path Dmitry Torokhov (1): Input: synaptics-rmi - fix crash with unsupported versions of F34 Easwar Hariharan (1): wifi: ath11k: convert timeouts to secs_to_jiffies() Eddie James (1): powerpc/crash: Fix non-smp kexec preparation Edward Adam Davis (4): media: cxusb: no longer judge rbuf when the write fails media: vidtv: Terminating the subsequent process of initialization failure wifi: mac80211_hwsim: Prevent tsf from setting if beacon is disabled wifi: cfg80211: init wiphy_work before allocating rfkill fails Eric Dumazet (11): net_sched: sch_sfq: fix a potential crash on gso_skb handling net_sched: prio: fix a race in prio_tune() net_sched: red: fix a race in __red_change() net_sched: tbf: fix a race in tbf_change() net_sched: ets: fix a race in ets_qdisc_change() calipso: unlock rcu before returning -EAFNOSUPPORT tcp: always seek for minimal rtt in tcp_rcv_rtt_update() tcp: fix initial tp->rcvq_space.space value for passive TS enabled flows net_sched: sch_sfq: reject invalid perturb period net: atm: add lec_mutex net: atm: fix /proc/net/atm/lec handling Erick Shepherd (1): mmc: Add quirk to disable DDR50 tuning Faicker Mo (1): net: openvswitch: Fix the dead loop of MPLS parse Fedor Pchelkin (1): jffs2: check jffs2_prealloc_raw_node_refs() result in few other places Fernando Fernandez Mancera (1): netfilter: nft_tunnel: fix geneve_opt dump Finn Thain (1): m68k: mac: Fix macintosh_config for Mac II Florian Westphal (2): netfilter: nf_tables: nft_fib_ipv6: fix VRF ipv4/ipv6 result discrepancy netfilter: nf_set_pipapo_avx2: fix initial map fill GONG Ruiqi (1): vgacon: Add check for vc_origin address range in vgacon_scroll() Gabor Juhos (7): pinctrl: armada-37xx: use correct OUTPUT_VAL register for GPIOs > 31 pinctrl: armada-37xx: set GPIO output value before setting direction arm64: dts: marvell: uDPU: define pinctrl state for alarm LEDs pinctrl: armada-37xx: propagate error from armada_37xx_pmx_set_by_name() pinctrl: armada-37xx: propagate error from armada_37xx_gpio_get_direction() pinctrl: armada-37xx: propagate error from armada_37xx_pmx_gpio_set_direction() pinctrl: armada-37xx: propagate error from armada_37xx_gpio_get() Gabriel Shahrouzi (1): staging: iio: ad5933: Correct settling cycles encoding per datasheet Gao Xiang (1): erofs: remove unused trace event erofs_destroy_inode Gatien Chevallier (1): Input: gpio-keys - fix possible concurrent access in gpio_keys_irq_timer() Gautam Menghani (1): powerpc/pseries/msi: Avoid reading PCI device registers in reduced power states Gautham R. Shenoy (1): acpi-cpufreq: Fix nominal_freq units to KHz in get_max_boost_ratio() Gavin Guo (1): mm/huge_memory: fix dereferencing invalid pmd migration entry Geert Uytterhoeven (2): spi: sh-msiof: Fix maximum DMA transfer size ARM: dts: am335x-bone-common: Increase MDIO reset deassert delay to 50ms Govindaraj Saminathan (1): wifi: ath11k: remove unused function ath11k_tm_event_wmi() Greg Kroah-Hartman (2): Revert "io_uring: ensure deferred completions are posted for multishot" Linux 6.1.142 Guilherme G. Piccoli (1): clocksource: Fix the CPUs' choice in the watchdog per CPU verification Haixia Qu (1): tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer Hans Zhang (2): efi/libstub: Describe missing 'out' parameter in efi_load_initrd PCI: cadence: Fix runtime atomic count underflow Haren Myneni (1): powerpc/vas: Return -EINVAL if the offset is non-zero in mmap() Hari Kalavakunta (1): net: ncsi: Fix GCPS 64-bit member variables Hector Martin (3): ASoC: tas2764: Enable main IRQs PCI: apple: Use gpiod_set_value_cansleep in probe flow ASoC: tas2770: Power cycle amp on ISENSE/VSENSE change Heiko Carstens (1): s390/pci: Fix __pcilg_mio_inuser() inline assembly Heiko Stuebner (1): clk: rockchip: rk3036: mark ddrphy as critical Heiner Kallweit (1): net: ftgmac100: select FIXED_PHY Helge Deller (1): parisc/unaligned: Fix hex output to show 8 hex chars Henk Vergonet (1): wifi: mt76: mt76x2: Add support for LiteOn WN4516R,WN4519R Henry Martin (5): clk: bcm: rpi: Add NULL check in raspberrypi_clk_register() soc: aspeed: Add NULL check in aspeed_lpc_enable_snoop() backlight: pm8941: Add NULL check in wled_configure() dmaengine: ti: Add NULL check in udma_probe() serial: Fix potential null-ptr-deref in mlb_usio_probe() Herbert Xu (5): crypto: marvell/cesa - Handle zero-length skcipher requests crypto: marvell/cesa - Avoid empty transfer descriptor crypto: lrw - Only add ecb if it is not already there crypto: xts - Only add ecb if it is not already there crypto: marvell/cesa - Do not chain submitted requests Hongyu Xie (1): usb: storage: Ignore UAS driver for SanDisk 3.2 Gen2 storage device Horatiu Vultur (3): net: phy: mscc: Fix memory leak when using one step timestamping net: phy: mscc: Stop clearing the the UDPv4 checksum for L2 frames net: lan966x: Make sure to insert the vlan tags also in host mode Hou Tao (1): bpf: Check rcu_read_lock_trace_held() in bpf_map_lookup_percpu_elem() Huacai Chen (2): PCI: Add ACS quirk for Loongson PCIe LoongArch: Avoid using $r0/$r1 as "mask" for csrxchg Huajian Yang (1): netfilter: bridge: Move specific fragmented packet to slow_path instead of dropping it Huang Yiwei (1): firmware: SDEI: Allow sdei initialization without ACPI_APEI_GHES I Hsin Cheng (1): drm/meson: Use 1000ULL when operating with mode->clock Ian Forbes (1): drm/vmwgfx: Add seqno waiter for sync_files Ido Schimmel (2): seg6: Fix validation of nexthop addresses vxlan: Do not treat dst cache initialization errors as fatal Ilpo Järvinen (1): PCI: Fix lock symmetry in pci_slot_unlock() Ilya Leoshkevich (1): s390/bpf: Store backchain even for leaf progs Ioana Ciornei (2): bus: fsl-mc: fix double-free on mc_dev bus: fsl-mc: do not add a device-link for the UAPI used DPMCP device Jack Morgenstein (1): RDMA/cma: Fix hang when cma_netevent_callback fails to queue_work Jacob Keller (1): drm/nouveau/bl: increase buffer size to avoid truncate warning Jacob Moroni (1): IB/cm: use rwlock for MAD agent lock Jaegeuk Kim (1): f2fs: prevent kernel warning due to negative i_nlink from corrupted image Jakub Raczynski (1): net/mdiobus: Fix potential out-of-bounds read/write access James A. MacInnes (1): drm/msm/disp: Correct porch timing for SDM845 Jan Kara (1): ext4: fix calculation of credits for extent tree modification Jann Horn (3): tee: Prevent size calculation wraparound on 32-bit kernels mm/hugetlb: unshare page tables during VMA split, not before mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race Jason Gunthorpe (1): iommu: Protect against overflow in iommu_pgsize() Jason Xing (2): net: atlantic: generate software timestamp just before the doorbell net: mlx4: add SOF_TIMESTAMPING_TX_SOFTWARE flag when getting ts info Jeff Hugo (1): bus: mhi: host: Fix conflict between power_up and SYSERR Jeff Johnson (1): wifi: ath11k: fix soc_dp_stats debugfs file permission Jeongjun Park (3): ptp: remove ptp->n_vclocks check logic in ptp_vclock_in_use() jbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata() ipc: fix to protect IPCS lookups using RCU Jerry Lv (1): power: supply: bq27xxx: Retrieve again when busy Jianbo Liu (1): net/mlx5e: Fix leak of Geneve TLV option object Jiaqing Zhao (1): x86/mtrr: Check if fixed-range MTRRs exist in mtrr_save_fixed_ranges() Jiayi Li (1): usb: quirks: Add NO_LPM quirk for SanDisk Extreme 55AE Jiayuan Chen (6): bpf: fix ktls panic with sockmap bpf, sockmap: fix duplicated data transmission bpf, sockmap: Fix panic when calling skb_linearize ktls, sockmap: Fix missing uncharge operation bpf, sockmap: Avoid using sk_socket after free when sending bpf, sockmap: Fix data lost during EAGAIN retries Jinliang Zheng (1): mm: fix ratelimit_pages update error in dirty_ratio_handler() Joel Stanley (1): ARM: aspeed: Don't select SRAM Johan Hovold (3): wifi: ath11k: fix rx completion meta data corruption wifi: ath11k: fix ring-buffer corruption media: ov8856: suppress probe deferral errors John Garry (2): xfs: Fix xfs_flush_unmap_range() range for RT xfs: Fix xfs_prepare_shift() range for RT Jon Hunter (1): Revert "cpufreq: tegra186: Share policy per cluster" Jonas Karlman (1): media: rkvdec: Fix frame size enumeration Jonathan Lane (1): ALSA: hda/realtek: enable headset mic on Latitude 5420 Rugged João Paulo Gonçalves (2): regulator: max20086: Fix MAX200086 chip id regulator: max20086: Change enable gpio to optional Judith Mendez (2): arm64: dts: ti: k3-am65-main: Fix sdhci node properties arm64: dts: ti: k3-am65-main: Add missing taps to sdhci0 Julian Sun (1): xfs: remove unused parameter in macro XFS_DQUOT_LOGRES Julien Massot (2): arm64: dts: mt6359: Add missing 'compatible' property to regulators node arm64: dts: mt6359: Rename RTC node to match binding expectations Junxian Huang (1): RDMA/hns: Include hnae3.h in hns_roce_hw_v2.h Justin Sanders (1): aoe: clean device rq_list in aoedev_downdev() Justin Tee (1): scsi: lpfc: Fix lpfc_check_sli_ndlp() handling for GEN_REQUEST64 commands KaFai Wan (1): bpf: Avoid __bpf_prog_ret0_warn when jit fails Kees Cook (6): watchdog: exar: Shorten identity name to fit correctly drm/vkms: Adjust vkms_state->active_planes allocation type scsi: qedf: Use designated initializer for struct qed_fcoe_cb_ops randstruct: gcc-plugin: Remove bogus void member randstruct: gcc-plugin: Fix attribute addition fbcon: Make sure modelist not set on unregistered console Khem Raj (1): mips: Add -std= flag specified in KBUILD_CFLAGS to vdso CFLAGS Kornel Dulęba (1): arm64: Support ARM64_VA_BITS=52 when setting ARCH_MMAP_RND_BITS_MAX Krishna Kumar (1): net: ice: Perform accurate aRFS flow match Krzysztof Kozlowski (2): NFC: nci: uart: Set tty->disc_data only in success path drm/msm/dsi/dsi_phy_10nm: Fix missing initial VCO rate Kuniyuki Iwashima (5): calipso: Don't call calipso functions for AF_INET sk. atm: Revert atm_account_tx() if copy_from_iter_full() fails. mpls: Use rcu_dereference_rtnl() in mpls_route_input_rcu(). atm: atmtcp: Free invalid length skb in atmtcp_c_send(). calipso: Fix null-ptr-deref in calipso_req_{set,del}attr(). Kyungwook Boo (1): i40e: fix MMIO write access to an invalid page in i40e_clear_hw Lad Prabhakar (1): usb: renesas_usbhs: Reorder clock handling and power management in probe Laurentiu Tudor (1): bus: fsl-mc: increase MC_CMD_COMPLETION_TIMEOUT_MS value Leo Yan (1): perf tests switch-tracking: Fix timestamp comparison Li Lingfeng (3): nfs: clear SB_RDONLY before getting superblock nfs: ignore SB_RDONLY when remounting nfs nfsd: Initialize ssc before laundromat_work to prevent NULL dereference Li RongQing (1): vfio/type1: Fix error unwind in migration dirty bitmap allocation Linus Walleij (1): net: ethernet: cortina: Use TOE/TSO on all TCP Liu Shixin (1): mm: hugetlb: independent PMD page table shared count Loic Poulain (1): media: venus: Fix probe error handling Long Li (1): uio_hv_generic: Use correct size for interrupt and monitor pages Longfang Liu (2): hisi_acc_vfio_pci: fix XQE dma address error hisi_acc_vfio_pci: add eq and aeq interruption restore Lorenzo Stoakes (1): KVM: s390: rename PROT_NONE to PROT_TYPE_DUMMY Luca Weiss (3): clk: qcom: dispcc-sm6350: Add *_wait_val values for GDSCs clk: qcom: gcc-sm6350: Add *_wait_val values for GDSCs clk: qcom: gpucc-sm6350: Add *_wait_val values for GDSCs Luiz Augusto von Dentz (5): Bluetooth: L2CAP: Fix not responding with L2CAP_CR_LE_ENCRYPTION Bluetooth: MGMT: Fix UAF on mgmt_remove_adv_monitor_complete Bluetooth: Fix NULL pointer deference on eir_get_service_data Bluetooth: hci_sync: Fix broadcast/PA when using an existing instance Bluetooth: MGMT: Fix sparse errors Ma Ke (1): media: v4l2-dev: fix error handling in __video_register_device() Marcus Folkesson (1): watchdog: da9052_wdt: respect TWDMIN Marek Szyprowski (3): media: omap3isp: use sgtable-based scatterlist wrappers media: videobuf2: use sgtable-based scatterlist wrappers udmabuf: use sgtable-based scatterlist wrappers Marek Vasut (1): arm64: dts: imx8mm: Drop sd-vsel-gpios from i.MX8M Mini Verdin SoM Mark Brown (1): arm64/fpsimd: Discard stale CPU state when handling SME traps Mark Rutland (1): arm64/fpsimd: Fix merging of FPSIMD state during signal return Martin Blumenstingl (5): drm/meson: use unsigned long long / Hz for frequency types drm/meson: fix debug log statement when setting the HDMI clocks drm/meson: use vclk_freq instead of pixel_freq in debug print drm/meson: fix more rounding issues with 59.94Hz modes ASoC: meson: meson-card-utils: use of_property_present() for DT parsing Martin Povišer (1): ASoC: apple: mca: Constrain channels according to TDM mask Masahiro Yamada (1): kbuild: add $(CLANG_FLAGS) to KBUILD_CPPFLAGS Mateusz Pacuszka (1): ice: fix check for existing switch rule Mathias Nyman (1): usb: Flush altsetting 0 endpoints before reinitializating them after reset. Matthew Wilcox (Oracle) (1): bio: Fix bio_first_folio() for SPARSEMEM without VMEMMAP Miaoqian Lin (2): firmware: psci: Fix refcount leak in psci_dt_init tracing: Fix error handling in event_trigger_parse() Michal Koutný (1): kernfs: Relax constraint in draining guard Michal Kubiak (2): ice: create new Tx scheduler nodes for new queues only ice: fix rebuilding the Tx scheduler tree for large queue counts Michal Luczaj (1): net: Fix TOCTOU issue in sk_is_readable() Mike Looijmans (1): pinctrl: mcp23s08: Reset all pins to input at probe Mike Tipton (1): cpufreq: scmi: Skip SCMI devices that aren't used by the CPUs Mikhail Arkhipov (1): mtd: nand: ecc-mxic: Fix use of uninitialized variable ret Mikulas Patocka (1): dm-mirror: fix a tiny race condition Ming Qian (1): media: imx-jpeg: Drop the first error frames Mingcong Bai (1): wifi: rtlwifi: disable ASPM for RTL8723BE with subsystem ID 11ad:1723 Mirco Barone (1): wireguard: device: enable threaded NAPI Moon Yeounsu (1): net: dlink: add synchronization for stats update Moshe Shemesh (1): net/mlx5: Ensure fw pages are always allocated on same NUMA Muhammad Usama Anjum (1): wifi: ath11k: Fix QMI memory reuse logic Murad Masimov (2): ocfs2: fix possible memory leak in ocfs2_finish_quota_recovery fbdev: Fix fb_set_var to prevent null-ptr-deref in fb_videomode_to_var Namjae Jeon (1): ksmbd: fix null pointer dereference in destroy_previous_session Narayana Murty N (1): powerpc/eeh: Fix missing PE bridge reconfiguration during VFIO EEH recovery Nathan Chancellor (4): drm/amd/display: Do not add '-mhard-float' to dml_ccflags for clang mips: Include KBUILD_CPPFLAGS in CHECKFLAGS invocation kbuild: Add CLANG_FLAGS to as-instr kbuild: Add KBUILD_CPPFLAGS to as-option invocation Neal Cardwell (1): tcp: fix tcp_packet_delayed() for tcp_is_non_sack_preventing_reopen() behavior NeilBrown (1): nfsd: nfsd4_spo_must_allow() must check this is a v4 compound request Neill Kapron (1): selftests/seccomp: fix syscall_restart test for arm compat Nicolas Pitre (1): vt: remove VT_RESIZE and VT_RESIZEX from vt_compat_ioctl() Nikita Zhandarovich (1): net: usb: aqc111: fix error handling of usbnet read calls Niklas Cassel (1): PCI: cadence-ep: Correct PBA offset in .set_msix() callback Niravkumar L Rabara (1): EDAC/altera: Use correct write width with the INTTEST register Nishanth Menon (1): arm64: dts: ti: k3-am65-main: Drop deprecated ti,otap-del-sel property Oleg Nesterov (1): posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() Oliver Neukum (1): net: usb: aqc111: debug info before sanitation Ovidiu Panait (2): crypto: sun8i-ce-cipher - fix error handling in sun8i_ce_cipher_prepare() crypto: sun8i-ce - move fallback ahash_request to the end of the struct Pan Taixi (1): tracing: Fix compilation warning on arm32 Patrisious Haddad (2): RDMA/mlx5: Fix error flow upon firmware failure for RQ destruction net/mlx5: Fix return value when searching for existing flow group Paul Chaignon (2): net: Fix checksum update for ILA adj-transport bpf: Fix L4 csum update on IPv6 in CHECKSUM_COMPLETE Pauli Virtanen (1): Bluetooth: hci_core: fix list_for_each_entry_rcu usage Pavel Begunkov (1): io_uring: account drain memory to cgroup Pawel Laszczak (2): usb: cdnsp: Fix issue with detecting command completion event usb: cdnsp: Fix issue with detecting USB 3.2 speed Peter Marheine (1): ACPI: battery: negate current when discharging Peter Oberparleiter (1): scsi: s390: zfcp: Ensure synchronous unit_add Peter Xu (1): mm/uffd: fix vma operation where start addr cuts part of vma Peter Zijlstra (2): perf: Ensure bpf_perf_link path is properly serialized perf: Fix sample vs do_exit() Petr Malat (1): sctp: Do not wake readers in __sctp_write_space() Phillip Lougher (1): Squashfs: check return result of sb_min_blocksize Qasim Ijaz (1): net: ch9200: fix uninitialised access during mii_nway_restart Qing Wang (1): perf/core: Fix broken throttling when max_samples_per_tick=1 Qiuxu Zhuo (1): EDAC/skx_common: Fix general protection fault Quentin Schulz (2): arm64: dts: rockchip: disable unrouted USB controllers and PHY on RK3399 Puma with Haikou net: stmmac: platform: guarantee uniqueness of bus_id Rafael J. Wysocki (1): PM: sleep: Fix power.is_suspended cleanup for direct-complete devices Renato Caldas (1): platform/x86: ideapad-laptop: add missing Ideapad Pro 5 fn keys Rengarajan S (2): net: lan743x: Modify the EEPROM and OTP size for PCI1xxxx devices net: microchip: lan743x: Reduce PTP timeout on HW failure Ricardo Ribalda (3): media: uvcvideo: Return the number of processed controls media: uvcvideo: Send control events for partial succeeds media: uvcvideo: Fix deferred probing error Ritesh Harjani (IBM) (1): powerpc/powernv/memtrace: Fix out of bounds issue in memtrace mmap Robert Malz (2): i40e: return false from i40e_reset_vf if reset is in progress i40e: retry VFLR handling if there is ongoing VF reset Rodrigo Gobbi (1): wifi: ath11k: validate ath11k_crypto_mode on top of ath11k_core_qmi_firmware_ready Rolf Eike Beer (1): iommu: remove duplicate selection of DMAR_TABLE Ronak Doshi (1): vmxnet3: correctly report gso type for UDP tunnels Ross Stutterheim (1): ARM: 9447/1: arm/memremap: fix arch_memremap_can_ram_remap() Ryusuke Konishi (1): nilfs2: do not propagate ENOENT error from nilfs_btree_propagate() Sakari Ailus (4): media: ccs-pll: Start VT pre-PLL multiplier search from correct value media: ccs-pll: Start OP pre-PLL multiplier search from correct value media: ccs-pll: Correct the upper limit of maximum op_pre_pll_clk_div media: ccs-pll: Check for too high VT PLL multiplier in dual PLL case Salah Triki (1): wireless: purelifi: plfxlc: fix memory leak in plfxlc_usb_wreq_asyn() Sam Winchenbach (3): iio: filter: admv8818: fix band 4, state 15 iio: filter: admv8818: fix integer overflow iio: filter: admv8818: fix range calculation Samuel Williams (1): wifi: mt76: mt7921: add 160 MHz AP for mt7922 device Sanjeev Yadav (1): scsi: core: ufs: Fix a hang in the error handler Sean Christopherson (1): iommu/amd: Ensure GA log notifier callbacks finish running before module unload Sean Nyekjaer (3): iio: accel: fxls8962af: Fix temperature scan element sign iio: imu: inv_icm42600: Fix temperature calculation iio: accel: fxls8962af: Fix temperature calculation Sebastian Andrzej Siewior (1): ipv4/route: Use this_cpu_inc() for stats on PREEMPT_RT Sergey Senozhatsky (1): thunderbolt: Do not double dequeue a configuration request Sergey Shtylyov (1): fbdev: core: fbcvt: avoid division by 0 in fb_cvt_hperiod() Sergio Perez Gonzalez (1): net: macb: Check return value of dma_set_mask_and_coherent() Seunghun Han (2): ACPICA: fix acpi operand cache leak in dswstate.c ACPICA: fix acpi parse and parseext cache leaks Shengyu Qu (1): ARM: dts: am335x-bone-common: Add GPIO PHY reset on revision C3 board Shiming Cheng (1): net: fix udp gso skb_segment after pull from frag_list Shin'ichiro Kawasaki (1): RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction Shyam Prasad N (1): cifs: reset connections for all channels when reconnect requested Siddharth Vadapalli (1): remoteproc: k3-r5: Drop check performed in k3_r5_rproc_{mbox_callback/kick} Simon Horman (1): pldmfw: Select CRC32 when PLDMFW is selected Stefan Wahren (1): net: vertexcom: mse102x: Return code for mse102x_rx_pkt_spi Stefano Stabellini (1): xen/arm: call uaccess_ttbr0_enable for dm_op hypercall Stephen Smalley (1): selinux: fix selinux_xfrm_alloc_user() to set correct ctx_len Steven Rostedt (1): tracing: Rename event_trigger_alloc() to trigger_data_alloc() Stone Zhang (1): wifi: ath11k: fix node corruption in ar->arvifs list Stuart Hayes (2): platform/x86: dell_rbu: Fix list usage platform/x86: dell_rbu: Stop overwriting data buffer Su Hui (1): soc: aspeed: lpc: Fix impossible judgment condition Sukrut Bellary (1): ARM: OMAP2+: Fix l4ls clk domain handling in STANDBY Suleiman Souhlal (1): tools/resolve_btfids: Fix build when cross compiling kernel with clang. Takashi Iwai (1): ALSA: hda/intel: Add Thinkpad E15 to PM deny list Talhah Peerbhai (1): ASoC: amd: yc: Add quirk for Lenovo Yoga Pro 7 14ASP9 Tali Perry (1): i2c: npcm: Add clock toggle recovery Tan En De (1): i2c: designware: Invoke runtime suspend on quick slave re-registration Tao Chen (1): bpf: Fix WARN() in get_bpf_raw_tp_regs Tasos Sahanidis (1): ata: pata_via: Force PIO for ATAPI devices on VT6415/VT6330 Tengda Wu (1): arm64/ptrace: Fix stack-out-of-bounds read in regs_get_kernel_stack_nth() Terry Junge (1): HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse() Thadeu Lima de Souza Cascardo (1): ext4: inline: fix len overflow in ext4_prepare_inline_data Thangaraj Samynathan (1): net: lan743x: rename lan743x_reset_phy to lan743x_hw_reset_phy Thomas Gleixner (1): x86/iopl: Cure TIF_IO_BITMAP inconsistencies Thomas Weißschuh (1): kbuild: userprogs: fix bitsize and target detection on clang Toke Høiland-Jørgensen (1): wifi: ath9k_htc: Abort software beacon handling if disabled Uwe Kleine-König (1): iio: adc: ad7124: Fix 3dB filter frequency reading Vignesh Raman (1): arm64: defconfig: mediatek: enable PHY drivers Viktor Malik (1): libbpf: Fix buffer overflow in bpf_object__init_prog Vincent Knecht (1): clk: qcom: gcc-msm8939: Fix mclk0 & mclk1 for 24 MHz Vishwaroop A (3): spi: tegra210-quad: Fix X1_X2_X4 encoding and support x4 transfers spi: tegra210-quad: remove redundant error handling code spi: tegra210-quad: modify chip select (CS) deactivation Vitaliy Shevtsov (1): scsi: elx: efct: Fix memory leak in efct_hw_parse_filter() Vladimir Oltean (2): ptp: fix breakage after ptp_vclock_in_use() rework ptp: allow reading of currently dialed frequency to succeed on free-running clocks Wan Junjie (1): bus: fsl-mc: fix GET/SET_TAILDROP command ids WangYuli (2): MIPS: Loongson64: Add missing '#interrupt-cells' for loongson64c_ls7a Input: sparcspkr - avoid unannotated fall-through Wentao Liang (9): nilfs2: add pointer check for nilfs_direct_propagate() ASoC: qcom: sdm845: Add error handling in sdm845_slim_snd_hw_params() net/mlx5_core: Add error handling inmlx5_query_nic_vport_qkey_viol_cntr() net/mlx5: Add error handling in mlx5_query_nic_vport_node_guid() media: gspca: Add error handling for stv06xx_read_sensor() mtd: rawnand: sunxi: Add randomizer configuration in sunxi_nfc_hw_ecc_write_chunk mtd: nand: sunxi: Add randomizer configuration before randomizer enable regulator: max14577: Add error check for max14577_read_reg() octeontx2-pf: Add error log forcn10k_map_unmap_rq_policer() Wojciech Slenska (1): pinctrl: qcom: pinctrl-qcm2290: Add missing pins Wolfram Sang (3): ARM: dts: at91: usb_a9263: fix GPIO for Dataflash chip select ARM: dts: at91: at91sam9263: fix NAND chip selects rtc: sh: assign correct interrupts with DT Wupeng Ma (1): VMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify Xiaolei Wang (2): remoteproc: core: Cleanup acquired resources when rproc_handle_resources() fails in rproc_attach() remoteproc: core: Release rproc->clean_table after rproc_attach() fails Xilin Wu (1): arm64: dts: qcom: sm8250: Fix CPU7 opp table Xin Li (Intel) (1): selftests/x86: Add a test to detect infinite SIGTRAP handler loop Yanqing Wang (1): driver: net: ethernet: mtk_star_emac: fix suspend/resume issue Yao Zi (3): platform/loongarch: laptop: Get brightness setting from EC on probe platform/loongarch: laptop: Unregister generic_sub_drivers on exit platform/loongarch: laptop: Add backlight power control support Ye Bin (1): ftrace: Fix UAF when lookup kallsym after ftrace disabled Yemike Abhilash Chandra (1): arm64: dts: ti: k3-j721e-sk: Add DT nodes for power regulators Yeoreum Yun (1): coresight: prevent deactivate active config while enabling the config Yihang Li (1): scsi: hisi_sas: Call I_T_nexus after soft reset for SATA disk Yong Wang (2): net: bridge: mcast: update multicast contex when vlan state is changed net: bridge: mcast: re-implement br_multicast_{enable, disable}_port functions Yosry Ahmed (1): KVM: SVM: Clear current_vmcb during vCPU free for all *possible* CPUs Yuanjun Gong (1): ASoC: tegra210_ahub: Add check to of_device_get_match_data() Yunhui Cui (1): ACPI: CPPC: Fix NULL pointer dereference when nosmp is used Zhang Yi (2): ext4: factor out ext4_get_maxbytes() ext4: ensure i_size is smaller than maxbytes Zhiguo Niu (2): f2fs: use d_inode(dentry) cleanup dentry->d_inode f2fs: fix to correct check conditions in f2fs_cross_rename Zhongqiu Duan (1): netfilter: nft_quota: match correctly when the quota just depleted Zijun Hu (5): PM: wakeup: Delete space in the end of string shown by pm_show_wakelocks() fs/filesystems: Fix potential unsigned integer underflow in fs_name() configfs: Do not override creating attribute file failure in populate_attrs() software node: Correct a OOB check in software_node_get_reference_args() sock: Correct error checking condition for (assign|release)_proto_idx() Zilin Guan (1): tipc: use kfree_sensitive() for aead cleanup Zizhi Wo (1): xfs: Fix the owner setting issue for rmap query in xfs fsmap gldrk (1): ACPICA: utilities: Fix overflow check in vsnprintf() lei lu (1): xfs: don't walk off the end of a directory data block wangdicheng (1): ALSA: usb-audio: Rename ALSA kcontrol PCM and PCM1 for the KTMicro sound card zhangjian (1): smb: client: fix first command failure during re-negotiation Álvaro Fernández Rojas (3): spi: bcm63xx-spi: fix shared reset spi: bcm63xx-hsspi: fix shared reset net: dsa: tag_brcm: legacy: fix pskb_may_pull length

4 months, 2 weeks

1
1
0 0

Linux 5.15.186

by Greg Kroah-Hartman

I'm announcing the release of the 5.15.186 kernel. All users of the 5.15 kernel series must upgrade. The updated 5.15.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.15.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/admin-guide/kernel-parameters.txt | 7 Makefile | 6 arch/arm/boot/dts/am335x-bone-common.dtsi | 8 arch/arm/boot/dts/at91sam9263ek.dts | 2 arch/arm/boot/dts/qcom-apq8064.dtsi | 13 arch/arm/boot/dts/tny_a9263.dts | 2 arch/arm/boot/dts/usb_a9263.dts | 4 arch/arm/mach-omap2/clockdomain.h | 1 arch/arm/mach-omap2/clockdomains33xx_data.c | 2 arch/arm/mach-omap2/cm33xx.c | 14 arch/arm/mach-omap2/pmic-cpcap.c | 6 arch/arm/mm/ioremap.c | 4 arch/arm64/boot/dts/freescale/imx8mm-beacon-som.dtsi | 1 arch/arm64/boot/dts/freescale/imx8mn-beacon-som.dtsi | 1 arch/arm64/boot/dts/rockchip/rk3399-puma-haikou.dts | 8 arch/arm64/boot/dts/ti/k3-am65-main.dtsi | 20 - arch/arm64/include/asm/cputype.h | 2 arch/arm64/include/asm/debug-monitors.h | 12 arch/arm64/include/asm/insn-def.h | 14 arch/arm64/include/asm/insn.h | 81 +++++ arch/arm64/include/asm/spectre.h | 3 arch/arm64/kernel/proton-pack.c | 21 + arch/arm64/kernel/ptrace.c | 2 arch/arm64/lib/insn.c | 199 ++++++++++++- arch/arm64/net/bpf_jit.h | 11 arch/arm64/net/bpf_jit_comp.c | 58 +++ arch/arm64/xen/hypercall.S | 21 + arch/m68k/mac/config.c | 2 arch/mips/Makefile | 6 arch/mips/boot/dts/loongson/loongson64c_4core_ls7a.dts | 1 arch/mips/loongson2ef/Platform | 2 arch/mips/vdso/Makefile | 1 arch/nios2/include/asm/pgtable.h | 16 + arch/parisc/boot/compressed/Makefile | 1 arch/powerpc/kernel/eeh.c | 2 arch/powerpc/platforms/book3s/vas-api.c | 9 arch/powerpc/platforms/powernv/memtrace.c | 8 arch/powerpc/platforms/pseries/msi.c | 7 arch/s390/net/bpf_jit_comp.c | 12 arch/s390/pci/pci_mmio.c | 2 arch/x86/boot/compressed/Makefile | 2 arch/x86/kernel/cpu/bugs.c | 10 arch/x86/kernel/cpu/common.c | 17 - arch/x86/kernel/cpu/mtrr/generic.c | 2 arch/x86/kernel/ioport.c | 13 arch/x86/kernel/process.c | 6 block/Kconfig | 8 block/bdev.c | 2 crypto/lrw.c | 4 crypto/xts.c | 4 drivers/acpi/acpica/dsutils.c | 9 drivers/acpi/acpica/psobject.c | 52 +-- drivers/acpi/acpica/utprint.c | 7 drivers/acpi/apei/Kconfig | 1 drivers/acpi/apei/ghes.c | 2 drivers/acpi/battery.c | 19 + drivers/acpi/bus.c | 6 drivers/acpi/osi.c | 1 drivers/ata/pata_via.c | 3 drivers/atm/atmtcp.c | 4 drivers/base/power/domain.c | 2 drivers/base/power/main.c | 3 drivers/base/power/runtime.c | 2 drivers/base/swnode.c | 2 drivers/block/aoe/aoedev.c | 8 drivers/bus/fsl-mc/fsl-mc-bus.c | 6 drivers/bus/fsl-mc/fsl-mc-uapi.c | 4 drivers/bus/fsl-mc/mc-io.c | 19 - drivers/bus/fsl-mc/mc-sys.c | 2 drivers/bus/mhi/host/pm.c | 18 + drivers/bus/ti-sysc.c | 49 --- drivers/clk/bcm/clk-raspberrypi.c | 2 drivers/clk/meson/g12a.c | 1 drivers/clk/qcom/gcc-msm8939.c | 4 drivers/clk/qcom/gcc-sm6350.c | 6 drivers/clk/rockchip/clk-rk3036.c | 1 drivers/cpufreq/acpi-cpufreq.c | 2 drivers/cpufreq/cpufreq.c | 6 drivers/cpufreq/scmi-cpufreq.c | 36 ++ drivers/cpufreq/tegra186-cpufreq.c | 7 drivers/crypto/allwinner/sun8i-ce/sun8i-ce.h | 2 drivers/crypto/allwinner/sun8i-ss/sun8i-ss-cipher.c | 2 drivers/crypto/marvell/cesa/cesa.c | 2 drivers/crypto/marvell/cesa/cesa.h | 9 drivers/crypto/marvell/cesa/cipher.c | 3 drivers/crypto/marvell/cesa/hash.c | 2 drivers/crypto/marvell/cesa/tdma.c | 53 ++- drivers/dma-buf/udmabuf.c | 5 drivers/dma/ti/k3-udma.c | 3 drivers/edac/altera_edac.c | 6 drivers/edac/skx_common.c | 1 drivers/firmware/Kconfig | 1 drivers/firmware/arm_sdei.c | 11 drivers/firmware/psci/psci.c | 4 drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c | 2 drivers/gpu/drm/amd/amdgpu/gfx_v6_0.c | 2 drivers/gpu/drm/amd/amdgpu/gfx_v7_0.c | 2 drivers/gpu/drm/amd/amdgpu/gfx_v8_0.c | 2 drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c | 2 drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager_v9.c | 4 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 18 - drivers/gpu/drm/amd/display/dc/dcn20/Makefile | 2 drivers/gpu/drm/amd/display/dc/dcn21/Makefile | 2 drivers/gpu/drm/amd/display/dc/dml/Makefile | 3 drivers/gpu/drm/amd/pm/powerplay/hwmgr/ppatomctrl.c | 8 drivers/gpu/drm/bridge/analogix/analogix_dp_core.c | 5 drivers/gpu/drm/bridge/analogix/anx7625.c | 8 drivers/gpu/drm/meson/meson_drv.c | 2 drivers/gpu/drm/meson/meson_drv.h | 2 drivers/gpu/drm/meson/meson_encoder_hdmi.c | 29 + drivers/gpu/drm/meson/meson_vclk.c | 226 ++++++++------- drivers/gpu/drm/meson/meson_vclk.h | 13 drivers/gpu/drm/msm/adreno/a6xx_hfi.c | 2 drivers/gpu/drm/msm/disp/dpu1/dpu_encoder_phys_vid.c | 3 drivers/gpu/drm/msm/dsi/phy/dsi_phy_10nm.c | 7 drivers/gpu/drm/msm/hdmi/hdmi_i2c.c | 14 drivers/gpu/drm/nouveau/nouveau_backlight.c | 2 drivers/gpu/drm/rcar-du/rcar_du_kms.c | 10 drivers/gpu/drm/tegra/rgb.c | 14 drivers/gpu/drm/vkms/vkms_crtc.c | 2 drivers/hid/hid-hyperv.c | 5 drivers/hid/usbhid/hid-core.c | 25 - drivers/hwmon/occ/common.c | 249 +++++++---------- drivers/i2c/busses/i2c-designware-slave.c | 2 drivers/i2c/busses/i2c-npcm7xx.c | 12 drivers/iio/accel/fxls8962af-core.c | 15 - drivers/iio/adc/ad7124.c | 4 drivers/iio/adc/ad7606_spi.c | 2 drivers/iio/imu/inv_icm42600/inv_icm42600_temp.c | 8 drivers/infiniband/core/cm.c | 16 - drivers/infiniband/core/iwcm.c | 29 + drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 1 drivers/infiniband/hw/hns/hns_roce_hw_v2.h | 1 drivers/infiniband/hw/hns/hns_roce_main.c | 1 drivers/infiniband/hw/hns/hns_roce_restrack.c | 1 drivers/infiniband/hw/mlx5/qpc.c | 30 +- drivers/input/misc/ims-pcu.c | 6 drivers/input/misc/sparcspkr.c | 22 + drivers/input/rmi4/rmi_f34.c | 137 +++++---- drivers/iommu/amd/iommu.c | 8 drivers/iommu/iommu.c | 4 drivers/md/dm-raid1.c | 5 drivers/media/common/videobuf2/videobuf2-dma-sg.c | 4 drivers/media/i2c/ccs-pll.c | 23 + drivers/media/i2c/imx334.c | 18 + drivers/media/i2c/ov8856.c | 9 drivers/media/i2c/tc358743.c | 4 drivers/media/platform/exynos4-is/fimc-is-regs.c | 1 drivers/media/platform/qcom/venus/core.c | 16 - drivers/media/platform/ti-vpe/cal-video.c | 4 drivers/media/test-drivers/vidtv/vidtv_channel.c | 2 drivers/media/test-drivers/vivid/vivid-vid-cap.c | 2 drivers/media/usb/dvb-usb/cxusb.c | 3 drivers/media/usb/gspca/stv06xx/stv06xx_hdcs.c | 7 drivers/media/usb/uvc/uvc_ctrl.c | 23 + drivers/media/usb/uvc/uvc_driver.c | 27 + drivers/media/v4l2-core/v4l2-dev.c | 14 drivers/mfd/exynos-lpass.c | 1 drivers/mfd/stmpe-spi.c | 2 drivers/misc/vmw_vmci/vmci_host.c | 11 drivers/mtd/nand/raw/sunxi_nand.c | 2 drivers/net/can/m_can/tcan4x5x-core.c | 9 drivers/net/ethernet/aquantia/atlantic/aq_main.c | 1 drivers/net/ethernet/aquantia/atlantic/aq_nic.c | 2 drivers/net/ethernet/cadence/macb_main.c | 6 drivers/net/ethernet/dlink/dl2k.c | 14 drivers/net/ethernet/dlink/dl2k.h | 2 drivers/net/ethernet/emulex/benet/be_cmds.c | 2 drivers/net/ethernet/google/gve/gve_main.c | 2 drivers/net/ethernet/google/gve/gve_tx_dqo.c | 3 drivers/net/ethernet/intel/i40e/i40e_common.c | 7 drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 11 drivers/net/ethernet/intel/ice/ice_arfs.c | 48 +++ drivers/net/ethernet/intel/ice/ice_sched.c | 11 drivers/net/ethernet/marvell/octeontx2/nic/cn10k.c | 9 drivers/net/ethernet/mediatek/mtk_star_emac.c | 4 drivers/net/ethernet/mellanox/mlx4/en_clock.c | 2 drivers/net/ethernet/mellanox/mlx4/en_ethtool.c | 1 drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 5 drivers/net/ethernet/mellanox/mlx5/core/pagealloc.c | 2 drivers/net/ethernet/mellanox/mlx5/core/vport.c | 18 - drivers/net/ethernet/microchip/lan743x_main.c | 4 drivers/net/ethernet/stmicro/stmmac/stmmac_platform.c | 11 drivers/net/macsec.c | 40 ++ drivers/net/phy/mdio_bus.c | 16 - drivers/net/phy/mscc/mscc_ptp.c | 4 drivers/net/usb/aqc111.c | 10 drivers/net/usb/ch9200.c | 7 drivers/net/vmxnet3/vmxnet3_drv.c | 26 + drivers/net/vxlan/vxlan_core.c | 8 drivers/net/wireguard/device.c | 1 drivers/net/wireless/ath/ath10k/snoc.c | 4 drivers/net/wireless/ath/ath11k/core.c | 8 drivers/net/wireless/ath/ath9k/htc_drv_beacon.c | 3 drivers/net/wireless/ath/carl9170/usb.c | 19 - drivers/net/wireless/intersil/p54/fwio.c | 2 drivers/net/wireless/intersil/p54/p54.h | 1 drivers/net/wireless/intersil/p54/txrx.c | 13 drivers/net/wireless/mediatek/mt76/mt76x2/usb.c | 2 drivers/net/wireless/mediatek/mt76/mt76x2/usb_init.c | 13 drivers/net/wireless/realtek/rtlwifi/pci.c | 10 drivers/net/wireless/realtek/rtw88/coex.c | 2 drivers/net/wireless/realtek/rtw88/rtw8822c.c | 3 drivers/nvme/target/fcloop.c | 31 +- drivers/pci/controller/cadence/pcie-cadence-ep.c | 5 drivers/pci/controller/cadence/pcie-cadence-host.c | 11 drivers/pci/controller/dwc/pcie-dw-rockchip.c | 2 drivers/pci/pci.c | 3 drivers/pci/pcie/dpc.c | 2 drivers/pci/quirks.c | 23 + drivers/pinctrl/mvebu/pinctrl-armada-37xx.c | 35 +- drivers/pinctrl/pinctrl-at91.c | 6 drivers/pinctrl/pinctrl-mcp23s08.c | 8 drivers/platform/x86/dell/dell_rbu.c | 6 drivers/power/reset/at91-reset.c | 5 drivers/power/supply/bq27xxx_battery.c | 2 drivers/power/supply/bq27xxx_battery_i2c.c | 13 drivers/ptp/ptp_private.h | 12 drivers/rapidio/rio_cm.c | 3 drivers/regulator/max14577-regulator.c | 5 drivers/remoteproc/qcom_wcnss_iris.c | 2 drivers/remoteproc/remoteproc_core.c | 6 drivers/rpmsg/qcom_smd.c | 2 drivers/rtc/class.c | 2 drivers/rtc/lib.c | 24 + drivers/rtc/rtc-sh.c | 12 drivers/s390/scsi/zfcp_sysfs.c | 2 drivers/scsi/elx/efct/efct_hw.c | 5 drivers/scsi/lpfc/lpfc_hbadisc.c | 2 drivers/scsi/lpfc/lpfc_sli.c | 4 drivers/scsi/qedf/qedf_main.c | 2 drivers/scsi/scsi_transport_iscsi.c | 11 drivers/scsi/storvsc_drv.c | 10 drivers/scsi/ufs/ufshcd.c | 7 drivers/soc/aspeed/aspeed-lpc-snoop.c | 17 - drivers/soc/ti/omap_prm.c | 8 drivers/spi/spi-bcm63xx-hsspi.c | 2 drivers/spi/spi-bcm63xx.c | 2 drivers/spi/spi-sh-msiof.c | 13 drivers/staging/iio/impedance-analyzer/ad5933.c | 2 drivers/staging/media/rkvdec/rkvdec.c | 24 + drivers/tee/tee_core.c | 11 drivers/thermal/qcom/tsens.c | 10 drivers/thunderbolt/ctl.c | 5 drivers/tty/serial/milbeaut_usio.c | 5 drivers/tty/serial/sh-sci.c | 97 +++++- drivers/tty/vt/vt_ioctl.c | 2 drivers/uio/uio_hv_generic.c | 4 drivers/usb/cdns3/cdnsp-gadget.c | 21 + drivers/usb/cdns3/cdnsp-gadget.h | 4 drivers/usb/class/usbtmc.c | 21 - drivers/usb/core/hub.c | 16 - drivers/usb/core/quirks.c | 3 drivers/usb/gadget/function/f_hid.c | 12 drivers/usb/renesas_usbhs/common.c | 50 ++- drivers/usb/serial/pl2303.c | 2 drivers/usb/storage/unusual_uas.h | 7 drivers/usb/typec/tcpm/tcpci_maxim.c | 3 drivers/vfio/vfio_iommu_type1.c | 2 drivers/video/backlight/qcom-wled.c | 6 drivers/video/console/vgacon.c | 2 drivers/video/fbdev/core/fbcvt.c | 2 drivers/video/fbdev/core/fbmem.c | 4 drivers/watchdog/da9052_wdt.c | 1 fs/configfs/dir.c | 2 fs/exfat/nls.c | 1 fs/ext4/ext4.h | 8 fs/ext4/extents.c | 39 +- fs/ext4/file.c | 7 fs/ext4/inline.c | 2 fs/ext4/inode.c | 3 fs/ext4/ioctl.c | 8 fs/ext4/super.c | 15 - fs/f2fs/data.c | 4 fs/f2fs/f2fs.h | 10 fs/f2fs/namei.c | 19 - fs/f2fs/super.c | 12 fs/filesystems.c | 14 fs/gfs2/inode.c | 3 fs/gfs2/lock_dlm.c | 3 fs/jbd2/transaction.c | 5 fs/jffs2/erase.c | 4 fs/jffs2/scan.c | 4 fs/jffs2/summary.c | 7 fs/jfs/jfs_discard.c | 3 fs/jfs/jfs_dtree.c | 18 + fs/namespace.c | 6 fs/nfs/super.c | 19 + fs/nfsd/nfs4proc.c | 3 fs/nfsd/nfssvc.c | 6 fs/nilfs2/btree.c | 4 fs/nilfs2/direct.c | 3 fs/ntfs3/index.c | 8 fs/ocfs2/quota_local.c | 2 fs/squashfs/super.c | 5 fs/xfs/xfs_inode.c | 15 - include/acpi/actypes.h | 2 include/linux/arm_sdei.h | 4 include/linux/atmdev.h | 6 include/linux/hid.h | 3 include/linux/hugetlb.h | 3 include/linux/mlx5/driver.h | 1 include/linux/mm.h | 3 include/linux/mm_types.h | 3 include/net/checksum.h | 2 include/net/sock.h | 7 include/trace/events/erofs.h | 18 - include/uapi/linux/bpf.h | 2 include/uapi/linux/videodev2.h | 12 ipc/shm.c | 5 kernel/bpf/core.c | 2 kernel/events/core.c | 57 +++ kernel/exit.c | 17 - kernel/power/wakelock.c | 3 kernel/time/clocksource.c | 2 kernel/time/posix-cpu-timers.c | 9 kernel/trace/bpf_trace.c | 2 kernel/trace/ftrace.c | 10 kernel/trace/trace.c | 2 lib/Kconfig | 1 mm/huge_memory.c | 2 mm/hugetlb.c | 81 +++-- mm/mmap.c | 8 mm/page-writeback.c | 2 net/atm/common.c | 1 net/atm/lec.c | 12 net/atm/raw.c | 2 net/bluetooth/l2cap_core.c | 3 net/bridge/br_multicast.c | 77 ++++- net/bridge/netfilter/nf_conntrack_bridge.c | 12 net/core/filter.c | 5 net/core/skmsg.c | 25 + net/core/sock.c | 4 net/core/utils.c | 4 net/dsa/tag_brcm.c | 2 net/ipv4/route.c | 4 net/ipv4/tcp_input.c | 63 ++-- net/ipv6/calipso.c | 8 net/ipv6/ila/ila_common.c | 6 net/ipv6/netfilter.c | 12 net/ipv6/netfilter/nft_fib_ipv6.c | 13 net/ipv6/seg6_local.c | 6 net/mac80211/mesh_hwmp.c | 6 net/mpls/af_mpls.c | 4 net/ncsi/internal.h | 21 - net/ncsi/ncsi-pkt.h | 23 - net/ncsi/ncsi-rsp.c | 21 - net/netfilter/nft_quota.c | 20 - net/netfilter/nft_set_pipapo_avx2.c | 21 + net/netfilter/nft_tunnel.c | 8 net/netlabel/netlabel_kapi.c | 5 net/nfc/nci/uart.c | 8 net/openvswitch/flow.c | 2 net/sched/sch_ets.c | 10 net/sched/sch_prio.c | 2 net/sched/sch_red.c | 2 net/sched/sch_sfq.c | 119 +++++--- net/sched/sch_tbf.c | 2 net/sctp/socket.c | 3 net/sunrpc/cache.c | 17 - net/tipc/crypto.c | 8 net/tipc/udp_media.c | 4 net/tls/tls_sw.c | 7 scripts/Kconfig.include | 2 scripts/Makefile.clang | 3 scripts/Makefile.compiler | 8 scripts/as-version.sh | 2 security/selinux/xfrm.c | 2 sound/pci/hda/hda_intel.c | 2 sound/pci/hda/patch_realtek.c | 1 sound/soc/codecs/tas2770.c | 30 +- sound/soc/meson/meson-card-utils.c | 2 sound/soc/qcom/sdm845.c | 4 sound/soc/tegra/tegra210_ahub.c | 2 sound/usb/implicit.c | 1 sound/usb/mixer_maps.c | 12 tools/include/uapi/linux/bpf.h | 2 tools/lib/bpf/bpf_core_read.h | 6 tools/lib/bpf/btf.c | 16 + tools/lib/bpf/libbpf.c | 2 tools/lib/bpf/linker.c | 4 tools/lib/bpf/nlattr.c | 15 - tools/perf/Makefile.config | 2 tools/perf/builtin-record.c | 2 tools/perf/scripts/python/exported-sql-viewer.py | 5 tools/perf/tests/switch-tracking.c | 2 tools/perf/ui/browsers/hists.c | 2 tools/testing/selftests/seccomp/seccomp_bpf.c | 7 tools/testing/selftests/x86/Makefile | 2 tools/testing/selftests/x86/sigtrap_loop.c | 101 ++++++ usr/include/Makefile | 2 391 files changed, 3112 insertions(+), 1409 deletions(-) Adam Ford (2): arm64: dts: imx8mm-beacon: Fix RTC capacitive load arm64: dts: imx8mn-beacon: Fix RTC capacitive load Aditya Dutt (1): jfs: fix array-index-out-of-bounds read in add_missing_indices Adrian Hunter (1): perf scripts python: exported-sql-viewer.py: Fix pattern matching with Python 3 Ahmed S. Darwish (1): x86/cpu: Sanitize CPUID(0x80000000) output Ahmed Salem (1): ACPICA: Avoid sequence overread in call to strncmp() Akhil P Oommen (1): drm/msm/a6xx: Increase HFI response timeout Al Viro (2): fix propagation graph breakage by MOVE_MOUNT_SET_GROUP move_mount(2) do_change_type(): refuse to operate on unmounted/not ours mounts Alan Maguire (1): libbpf: Add identical pointer detection to btf_dedup_is_equiv() Alex Deucher (5): drm/amdgpu/gfx6: fix CSIB handling drm/amdgpu/gfx10: fix CSIB handling drm/amdgpu/gfx7: fix CSIB handling drm/amdgpu/gfx8: fix CSIB handling drm/amdgpu/gfx9: fix CSIB handling Alexander Aring (1): gfs2: move msleep to sleepable context Alexander Shiyan (1): power: reset: at91-reset: Optimize at91_reset() Alexander Sverdlin (1): Revert "bus: ti-sysc: Probe for l4_wkup and l4_cfg interconnect devices first" Alexandre Mergnat (2): rtc: Make rtc_time64_to_tm() support dates before 1970 rtc: Fix offset calculation for .start_secs < 0 Alexey Gladkov (1): mfd: stmpe-spi: Correct the name used in MODULE_DEVICE_TABLE Alexey Kodanev (1): wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds Alok Tiwari (4): gve: Fix RX_BUFFERS_POSTED stat to report per-queue fill_cnt gve: add missing NULL check for gve_alloc_pending_packet() in TX DQO scsi: iscsi: Fix incorrect error path labels for flashnode operations emulex/benet: correct command version selection in be_cmd_get_stats() Amber Lin (1): drm/amdkfd: Set SDMA_RLCx_IB_CNTL/SWITCH_INSIDE_IB Amit Sunil Dhamne (1): usb: typec: tcpm/tcpci_maxim: Fix bounds check in process_rx() Andreas Gruenbacher (1): gfs2: gfs2_create_inode error handling fix Andreas Kemnade (1): ARM: omap: pmic-cpcap: do not mess around without CPCAP or OMAP4 Andrew Lunn (1): net: mdio: C22 is now optional, EOPNOTSUPP if not provided Andrew Morton (1): drivers/rapidio/rio_cm.c: prevent possible heap overwrite Andrey Vatoropin (1): fs/ntfs3: handle hdr_first_de() return value Andy Shevchenko (1): pinctrl: at91: Fix possible out-of-boundary access Anton Protopopov (3): libbpf: Use proper errno value in linker bpf: Fix uninitialized values in BPF_{CORE,PROBE}_READ libbpf: Use proper errno value in nlattr Armin Wolf (2): ACPI: OSI: Stop advertising support for "3.0 _SCP Extensions" ACPI: bus: Bail out if acpi_kobj registration fails Arnaldo Carvalho de Melo (2): perf build: Warn when libdebuginfod devel files are not available perf ui browser hists: Set actions->thread before calling do_zoom_thread() Arnd Bergmann (4): kbuild: hdrcheck: fix cross build with clang parisc: fix building with gcc-15 hwmon: (occ) Rework attribute registration for stack usage hwmon: (occ) fix unaligned accesses Artem Sadovnikov (1): jffs2: check that raw node were preallocated before writing summary Ayushi Makhija (1): drm/bridge: anx7625: change the gpiod_set_value API Benjamin Berg (1): wifi: mac80211: do not offer a mesh path if forwarding is disabled Biju Das (2): drm: rcar-du: Fix memory leak in rcar_du_vsps_init() drm/tegra: rgb: Fix the unbound reference count Bjorn Helgaas (1): PCI/DPC: Initialize aer_err_info before using it Breno Leitao (1): Revert "x86/bugs: Make spectre user default depend on MITIGATION_SPECTRE_V2" on v6.6 and older Brett Werling (1): can: tcan4x5x: fix power regulator retrieval during probe Caleb Connolly (1): ath10k: snoc: fix unbalanced IRQ enable in crash recovery Carlos Fernandez (1): macsec: MACsec SCI assignment for ES = 0 Chao Yu (4): f2fs: fix to do sanity check on sbi->total_valid_block_count f2fs: clean up w/ fscrypt_is_bounce_page() f2fs: fix to detect gcing page in f2fs_is_cp_guaranteed() f2fs: fix to do sanity check on sit_bitmap_size Charalampos Mitrodimas (1): net: tipc: fix refcount warning in tipc_aead_encrypt Charan Teja Kalla (1): PM: runtime: fix denying of auto suspend in pm_suspend_timer_fn() Charles Han (1): drm/amd/pp: Fix potential NULL pointer dereference in atomctrl_initialize_mc_reg_table Charles Yeh (1): USB: serial: pl2303: add new chip PL2303GC-Q20 and PL2303GT-2AB Christian Lamparter (1): wifi: p54: prevent buffer-overflow in p54_rx_eeprom_readback() Christoph Hellwig (1): block: default BLOCK_LEGACY_AUTOLOAD to y Christophe JAILLET (1): mfd: exynos-lpass: Avoid calling exynos_lpass_disable() twice in exynos_lpass_remove() Claudiu Beznea (4): serial: sh-sci: Check if TX data was written to device in .tx_empty() serial: sh-sci: Move runtime PM enable to sci_probe_single() serial: sh-sci: Clean sci_ports[0] after at earlycon exit serial: sh-sci: Increment the runtime usage counter for the earlycon device Colin Foster (1): ARM: dts: am335x-bone-common: Increase MDIO reset deassert time Cong Wang (1): sch_ets: make est_qlen_notify() idempotent Corentin Labbe (1): crypto: sun8i-ss - do not use sg_dma_len before calling DMA functions Da Xue (1): clk: meson-g12a: add missing fclk_div2 to spicc Damon Ding (1): drm/bridge: analogix_dp: Add irq flag IRQF_NO_AUTOEN instead of calling disable_irq() Dan Carpenter (5): remoteproc: qcom_wcnss_iris: Add missing put_device() on error in probe rpmsg: qcom_smd: Fix uninitialized return variable in __qcom_smd_send() net/mlx4_en: Prevent potential integer overflow calculating Hz pmdomain: core: Fix error checking in genpd_dev_pm_attach_by_id() Input: ims-pcu - check record size in ims_pcu_flash_firmware() Daniel Wagner (2): nvmet-fcloop: access fcpreq only when holding reqlock scsi: lpfc: Use memcpy() for BIOS version Dapeng Mi (1): perf record: Fix incorrect --user-regs comments Darrick J. Wong (1): xfs: allow inode inactivation during a ro mount log recovery Dave Penkler (2): usb: usbtmc: Fix timeout value in get_stb usb: usbtmc: Fix read_stb function and get_stb ioctl David Heimann (1): ALSA: usb-audio: Add implicit feedback quirk for RODE AI-1 David Lechner (1): iio: adc: ad7606_spi: fix reg write value mask Denis Arefev (1): media: vivid: Change the siize of the composing Dexuan Cui (1): scsi: storvsc: Increase the timeouts to storvsc_timeout Diederik de Haas (1): PCI: dw-rockchip: Fix PHY function call sequence in rockchip_pcie_phy_deinit() Dmitry Antipov (2): wifi: rtw88: do not ignore hardware read error during DPK wifi: carl9170: do not ping device which has failed to load firmware Dmitry Baryshkov (3): ARM: dts: qcom: apq8064 merge hw splinlock into corresponding syscon device drm/msm/hdmi: add runtime PM calls to DDC transfer function drm/msm/dpu: don't select single flush for active CTL blocks Dmitry Torokhov (1): Input: synaptics-rmi - fix crash with unsupported versions of F34 Dylan Wolff (1): jfs: Fix null-ptr-deref in jfs_ioc_trim Eddie James (1): hwmon: (occ) Add soft minimum power cap attribute Edward Adam Davis (2): media: cxusb: no longer judge rbuf when the write fails media: vidtv: Terminating the subsequent process of initialization failure Eric Dumazet (13): net_sched: sch_sfq: fix a potential crash on gso_skb handling net_sched: prio: fix a race in prio_tune() net_sched: red: fix a race in __red_change() net_sched: tbf: fix a race in tbf_change() net_sched: ets: fix a race in ets_qdisc_change() calipso: unlock rcu before returning -EAFNOSUPPORT tcp: always seek for minimal rtt in tcp_rcv_rtt_update() tcp: fix initial tp->rcvq_space.space value for passive TS enabled flows net: atm: add lec_mutex net: atm: fix /proc/net/atm/lec handling net_sched: sch_sfq: annotate data-races around q->perturb_period net_sched: sch_sfq: handle bigger packets net_sched: sch_sfq: reject invalid perturb period Faicker Mo (1): net: openvswitch: Fix the dead loop of MPLS parse Fedor Pchelkin (1): jffs2: check jffs2_prealloc_raw_node_refs() result in few other places Fernando Fernandez Mancera (1): netfilter: nft_tunnel: fix geneve_opt dump Finn Thain (1): m68k: mac: Fix macintosh_config for Mac II Florian Westphal (2): netfilter: nf_tables: nft_fib_ipv6: fix VRF ipv4/ipv6 result discrepancy netfilter: nf_set_pipapo_avx2: fix initial map fill GONG Ruiqi (1): vgacon: Add check for vc_origin address range in vgacon_scroll() Gabor Juhos (6): pinctrl: armada-37xx: use correct OUTPUT_VAL register for GPIOs > 31 pinctrl: armada-37xx: set GPIO output value before setting direction pinctrl: armada-37xx: propagate error from armada_37xx_pmx_set_by_name() pinctrl: armada-37xx: propagate error from armada_37xx_gpio_get_direction() pinctrl: armada-37xx: propagate error from armada_37xx_pmx_gpio_set_direction() pinctrl: armada-37xx: propagate error from armada_37xx_gpio_get() Gabriel Shahrouzi (1): staging: iio: ad5933: Correct settling cycles encoding per datasheet Gao Xiang (1): erofs: remove unused trace event erofs_destroy_inode Gautam Menghani (1): powerpc/pseries/msi: Avoid reading PCI device registers in reduced power states Gautham R. Shenoy (1): acpi-cpufreq: Fix nominal_freq units to KHz in get_max_boost_ratio() Gavin Guo (1): mm/huge_memory: fix dereferencing invalid pmd migration entry Geert Uytterhoeven (2): spi: sh-msiof: Fix maximum DMA transfer size ARM: dts: am335x-bone-common: Increase MDIO reset deassert delay to 50ms George Moussalem (1): thermal/drivers/qcom/tsens: Update conditions to strictly evaluate for IP v2+ Greg Kroah-Hartman (1): Linux 5.15.186 Guilherme G. Piccoli (1): clocksource: Fix the CPUs' choice in the watchdog per CPU verification Haixia Qu (1): tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer Hans Verkuil (1): media: tc358743: ignore video while HPD is low Hans Zhang (1): PCI: cadence: Fix runtime atomic count underflow Haren Myneni (1): powerpc/vas: Return -EINVAL if the offset is non-zero in mmap() Hari Kalavakunta (1): net: ncsi: Fix GCPS 64-bit member variables Hector Martin (1): ASoC: tas2770: Power cycle amp on ISENSE/VSENSE change Heiko Carstens (1): s390/pci: Fix __pcilg_mio_inuser() inline assembly Heiko Stuebner (1): clk: rockchip: rk3036: mark ddrphy as critical Henk Vergonet (1): wifi: mt76: mt76x2: Add support for LiteOn WN4516R,WN4519R Henry Martin (5): clk: bcm: rpi: Add NULL check in raspberrypi_clk_register() soc: aspeed: Add NULL check in aspeed_lpc_enable_snoop() backlight: pm8941: Add NULL check in wled_configure() dmaengine: ti: Add NULL check in udma_probe() serial: Fix potential null-ptr-deref in mlb_usio_probe() Herbert Xu (5): crypto: marvell/cesa - Handle zero-length skcipher requests crypto: marvell/cesa - Avoid empty transfer descriptor crypto: lrw - Only add ecb if it is not already there crypto: xts - Only add ecb if it is not already there crypto: marvell/cesa - Do not chain submitted requests Hongyu Xie (1): usb: storage: Ignore UAS driver for SanDisk 3.2 Gen2 storage device Horatiu Vultur (1): net: phy: mscc: Stop clearing the the UDPv4 checksum for L2 frames Hou Tao (2): arm64: move AARCH64_BREAK_FAULT into insn-def.h arm64: insn: add encoders for atomic operations Huacai Chen (1): PCI: Add ACS quirk for Loongson PCIe Huajian Yang (1): netfilter: bridge: Move specific fragmented packet to slow_path instead of dropping it Huang Yiwei (1): firmware: SDEI: Allow sdei initialization without ACPI_APEI_GHES I Hsin Cheng (1): drm/meson: Use 1000ULL when operating with mode->clock Ido Schimmel (2): seg6: Fix validation of nexthop addresses vxlan: Do not treat dst cache initialization errors as fatal Ilpo Järvinen (1): PCI: Fix lock symmetry in pci_slot_unlock() Ilya Leoshkevich (1): s390/bpf: Store backchain even for leaf progs Ioana Ciornei (2): bus: fsl-mc: fix double-free on mc_dev bus: fsl-mc: do not add a device-link for the UAPI used DPMCP device Jacob Keller (1): drm/nouveau/bl: increase buffer size to avoid truncate warning Jacob Moroni (1): IB/cm: use rwlock for MAD agent lock Jaegeuk Kim (1): f2fs: prevent kernel warning due to negative i_nlink from corrupted image Jakub Raczynski (1): net/mdiobus: Fix potential out-of-bounds read/write access James Morse (6): arm64: insn: Add support for encoding DSB arm64: proton-pack: Expose whether the platform is mitigated by firmware arm64: proton-pack: Expose whether the branchy loop k value arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users arm64: proton-pack: Add new CPUs 'k' values for branch mitigation Jan Kara (3): ext4: fix calculation of credits for extent tree modification ext4: make 'abort' mount option handling standard ext4: avoid remount errors with 'abort' mount option Jann Horn (3): tee: Prevent size calculation wraparound on 32-bit kernels mm/hugetlb: unshare page tables during VMA split, not before mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race Jason Gunthorpe (1): iommu: Protect against overflow in iommu_pgsize() Jason Xing (2): net: atlantic: generate software timestamp just before the doorbell net: mlx4: add SOF_TIMESTAMPING_TX_SOFTWARE flag when getting ts info Jeff Hugo (1): bus: mhi: host: Fix conflict between power_up and SYSERR Jeongjun Park (3): ptp: remove ptp->n_vclocks check logic in ptp_vclock_in_use() jbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata() ipc: fix to protect IPCS lookups using RCU Jerry Lv (1): power: supply: bq27xxx: Retrieve again when busy Jiaqing Zhao (1): x86/mtrr: Check if fixed-range MTRRs exist in mtrr_save_fixed_ranges() Jiayi Li (1): usb: quirks: Add NO_LPM quirk for SanDisk Extreme 55AE Jiayuan Chen (4): bpf, sockmap: fix duplicated data transmission ktls, sockmap: Fix missing uncharge operation bpf, sockmap: Avoid using sk_socket after free when sending bpf, sockmap: Fix data lost during EAGAIN retries Jinliang Zheng (1): mm: fix ratelimit_pages update error in dirty_ratio_handler() Johan Hovold (1): media: ov8856: suppress probe deferral errors Jon Hunter (1): Revert "cpufreq: tegra186: Share policy per cluster" Jonas Karlman (1): media: rkvdec: Fix frame size enumeration Jonathan Lane (1): ALSA: hda/realtek: enable headset mic on Latitude 5420 Rugged Judith Mendez (2): arm64: dts: ti: k3-am65-main: Fix sdhci node properties arm64: dts: ti: k3-am65-main: Add missing taps to sdhci0 Junxian Huang (1): RDMA/hns: Include hnae3.h in hns_roce_hw_v2.h Justin Sanders (1): aoe: clean device rq_list in aoedev_downdev() Justin Tee (1): scsi: lpfc: Fix lpfc_check_sli_ndlp() handling for GEN_REQUEST64 commands KaFai Wan (1): bpf: Avoid __bpf_prog_ret0_warn when jit fails Kees Cook (2): drm/vkms: Adjust vkms_state->active_planes allocation type scsi: qedf: Use designated initializer for struct qed_fcoe_cb_ops Khem Raj (1): mips: Add -std= flag specified in KBUILD_CFLAGS to vdso CFLAGS Krishna Kumar (1): net: ice: Perform accurate aRFS flow match Krzysztof Kozlowski (2): NFC: nci: uart: Set tty->disc_data only in success path drm/msm/dsi/dsi_phy_10nm: Fix missing initial VCO rate Kuniyuki Iwashima (5): calipso: Don't call calipso functions for AF_INET sk. atm: Revert atm_account_tx() if copy_from_iter_full() fails. mpls: Use rcu_dereference_rtnl() in mpls_route_input_rcu(). atm: atmtcp: Free invalid length skb in atmtcp_c_send(). calipso: Fix null-ptr-deref in calipso_req_{set,del}attr(). Kyungwook Boo (1): i40e: fix MMIO write access to an invalid page in i40e_clear_hw Lad Prabhakar (1): usb: renesas_usbhs: Reorder clock handling and power management in probe Laurentiu Tudor (1): bus: fsl-mc: increase MC_CMD_COMPLETION_TIMEOUT_MS value Leo Yan (1): perf tests switch-tracking: Fix timestamp comparison Li Lingfeng (3): nfs: clear SB_RDONLY before getting superblock nfs: ignore SB_RDONLY when remounting nfs nfsd: Initialize ssc before laundromat_work to prevent NULL dereference Li RongQing (1): vfio/type1: Fix error unwind in migration dirty bitmap allocation Liu Shixin (1): mm: hugetlb: independent PMD page table shared count Liu Song (1): arm64: spectre: increase parameters that can be used to turn off bhb mitigation individually Loic Poulain (1): media: venus: Fix probe error handling Long Li (3): uio_hv_generic: Use correct size for interrupt and monitor pages sunrpc: update nextcheck time when adding new cache entries sunrpc: fix race in cache cleanup causing stale nextcheck time Luca Weiss (1): clk: qcom: gcc-sm6350: Add *_wait_val values for GDSCs Luiz Augusto von Dentz (1): Bluetooth: L2CAP: Fix not responding with L2CAP_CR_LE_ENCRYPTION Ma Ke (1): media: v4l2-dev: fix error handling in __video_register_device() Marcus Folkesson (1): watchdog: da9052_wdt: respect TWDMIN Marek Szyprowski (2): media: videobuf2: use sgtable-based scatterlist wrappers udmabuf: use sgtable-based scatterlist wrappers Martin Blumenstingl (5): drm/meson: use unsigned long long / Hz for frequency types drm/meson: fix debug log statement when setting the HDMI clocks drm/meson: use vclk_freq instead of pixel_freq in debug print drm/meson: fix more rounding issues with 59.94Hz modes ASoC: meson: meson-card-utils: use of_property_present() for DT parsing Masahiro Yamada (1): kbuild: add $(CLANG_FLAGS) to KBUILD_CPPFLAGS Mathias Nyman (1): usb: Flush altsetting 0 endpoints before reinitializating them after reset. Miaoqian Lin (1): firmware: psci: Fix refcount leak in psci_dt_init Michal Kubiak (1): ice: create new Tx scheduler nodes for new queues only Michal Luczaj (1): net: Fix TOCTOU issue in sk_is_readable() Mike Looijmans (1): pinctrl: mcp23s08: Reset all pins to input at probe Mike Tipton (1): cpufreq: scmi: Skip SCMI devices that aren't used by the CPUs Mikulas Patocka (1): dm-mirror: fix a tiny race condition Mingcong Bai (1): wifi: rtlwifi: disable ASPM for RTL8723BE with subsystem ID 11ad:1723 Mirco Barone (1): wireguard: device: enable threaded NAPI Moon Yeounsu (1): net: dlink: add synchronization for stats update Moshe Shemesh (1): net/mlx5: Ensure fw pages are always allocated on same NUMA Murad Masimov (2): ocfs2: fix possible memory leak in ocfs2_finish_quota_recovery fbdev: Fix fb_set_var to prevent null-ptr-deref in fb_videomode_to_var Namjae Jeon (1): exfat: fix double free in delayed_free Narayana Murty N (1): powerpc/eeh: Fix missing PE bridge reconfiguration during VFIO EEH recovery Nas Chung (2): media: uapi: v4l: Fix V4L2_TYPE_IS_OUTPUT condition media: uapi: v4l: Change V4L2_TYPE_IS_CAPTURE condition Nathan Chancellor (7): MIPS: Move '-Wa,-msoft-float' check from as-option to cc-option MIPS: Prefer cc-option for additions to cflags drm/amd/display: Do not add '-mhard-float' to dml_ccflags for clang mips: Include KBUILD_CPPFLAGS in CHECKFLAGS invocation kbuild: Add CLANG_FLAGS to as-instr kbuild: Add KBUILD_CPPFLAGS to as-option invocation drm/amd/display: Do not add '-mhard-float' to dcn2{1,0}_resource.o for clang Neal Cardwell (1): tcp: fix tcp_packet_delayed() for tcp_is_non_sack_preventing_reopen() behavior NeilBrown (1): nfsd: nfsd4_spo_must_allow() must check this is a v4 compound request Neill Kapron (1): selftests/seccomp: fix syscall_restart test for arm compat Nick Desaulniers (2): x86/boot/compressed: prefer cc-option for CFLAGS additions kbuild: Update assembler calls to use proper flags and language target Nicolas Dufresne (1): media: rkvdec: Initialize the m2m context before the controls Nicolas Pitre (1): vt: remove VT_RESIZE and VT_RESIZEX from vt_compat_ioctl() Nikita Zhandarovich (1): net: usb: aqc111: fix error handling of usbnet read calls Niklas Cassel (1): PCI: cadence-ep: Correct PBA offset in .set_msix() callback Niravkumar L Rabara (1): EDAC/altera: Use correct write width with the INTTEST register Nishanth Menon (1): arm64: dts: ti: k3-am65-main: Drop deprecated ti,otap-del-sel property Octavian Purdila (3): net_sched: sch_sfq: don't allow 1 packet limit net_sched: sch_sfq: use a temporary work area for validating configuration net_sched: sch_sfq: move the limit validation Oleg Nesterov (1): posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() Oliver Neukum (1): net: usb: aqc111: debug info before sanitation Ovidiu Panait (1): crypto: sun8i-ce - move fallback ahash_request to the end of the struct Pan Taixi (1): tracing: Fix compilation warning on arm32 Patrisious Haddad (2): RDMA/mlx5: Fix error flow upon firmware failure for RQ destruction net/mlx5: Fix return value when searching for existing flow group Paul Chaignon (2): net: Fix checksum update for ILA adj-transport bpf: Fix L4 csum update on IPv6 in CHECKSUM_COMPLETE Pawel Laszczak (2): usb: cdnsp: Fix issue with detecting command completion event usb: cdnsp: Fix issue with detecting USB 3.2 speed Peter Marheine (1): ACPI: battery: negate current when discharging Peter Oberparleiter (1): scsi: s390: zfcp: Ensure synchronous unit_add Peter Zijlstra (2): perf: Ensure bpf_perf_link path is properly serialized perf: Fix sample vs do_exit() Petr Malat (1): sctp: Do not wake readers in __sctp_write_space() Phillip Lougher (1): Squashfs: check return result of sb_min_blocksize Qasim Ijaz (1): net: ch9200: fix uninitialised access during mii_nway_restart Qing Wang (1): perf/core: Fix broken throttling when max_samples_per_tick=1 Qiuxu Zhuo (1): EDAC/skx_common: Fix general protection fault Quentin Schulz (2): arm64: dts: rockchip: disable unrouted USB controllers and PHY on RK3399 Puma with Haikou net: stmmac: platform: guarantee uniqueness of bus_id Rafael J. Wysocki (1): PM: sleep: Fix power.is_suspended cleanup for direct-complete devices Ricardo Ribalda (3): media: uvcvideo: Return the number of processed controls media: uvcvideo: Send control events for partial succeeds media: uvcvideo: Fix deferred probing error Ritesh Harjani (IBM) (1): powerpc/powernv/memtrace: Fix out of bounds issue in memtrace mmap Robert Malz (2): i40e: return false from i40e_reset_vf if reset is in progress i40e: retry VFLR handling if there is ongoing VF reset Ronak Doshi (1): vmxnet3: correctly report gso type for UDP tunnels Ross Stutterheim (1): ARM: 9447/1: arm/memremap: fix arch_memremap_can_ram_remap() Ryusuke Konishi (1): nilfs2: do not propagate ENOENT error from nilfs_btree_propagate() Sakari Ailus (5): media: ccs-pll: Start VT pre-PLL multiplier search from correct value media: ccs-pll: Start OP pre-PLL multiplier search from correct value media: ccs-pll: Correct the upper limit of maximum op_pre_pll_clk_div media: ccs-pll: Check for too high VT PLL multiplier in dual PLL case media: ccs-pll: Better validate VT PLL branch Sanjeev Yadav (1): scsi: core: ufs: Fix a hang in the error handler Sean Christopherson (1): iommu/amd: Ensure GA log notifier callbacks finish running before module unload Sean Nyekjaer (3): iio: accel: fxls8962af: Fix temperature scan element sign iio: imu: inv_icm42600: Fix temperature calculation iio: accel: fxls8962af: Fix temperature calculation Sebastian Andrzej Siewior (1): ipv4/route: Use this_cpu_inc() for stats on PREEMPT_RT Sergey Senozhatsky (1): thunderbolt: Do not double dequeue a configuration request Sergey Shtylyov (1): fbdev: core: fbcvt: avoid division by 0 in fb_cvt_hperiod() Sergio Perez Gonzalez (1): net: macb: Check return value of dma_set_mask_and_coherent() Seunghun Han (2): ACPICA: fix acpi operand cache leak in dswstate.c ACPICA: fix acpi parse and parseext cache leaks Shengyu Qu (1): ARM: dts: am335x-bone-common: Add GPIO PHY reset on revision C3 board Shin'ichiro Kawasaki (1): RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction Shravan Chippa (1): media: i2c: imx334: update mode_3840x2160_regs array Simon Horman (1): pldmfw: Select CRC32 when PLDMFW is selected Simon Schuster (1): nios2: force update_mmu_cache on spurious tlb-permission--related pagefaults Srinivasan Shanmugam (1): drm/amd/display: Add NULL pointer checks in dm_force_atomic_commit() Stefano Stabellini (1): xen/arm: call uaccess_ttbr0_enable for dm_op hypercall Stephen Smalley (1): selinux: fix selinux_xfrm_alloc_user() to set correct ctx_len Stone Zhang (1): wifi: ath11k: fix node corruption in ar->arvifs list Stuart Hayes (2): platform/x86: dell_rbu: Fix list usage platform/x86: dell_rbu: Stop overwriting data buffer Su Hui (1): soc: aspeed: lpc: Fix impossible judgment condition Sukrut Bellary (2): pmdomain: ti: Fix STANDBY handling of PER power domain ARM: OMAP2+: Fix l4ls clk domain handling in STANDBY Takashi Iwai (1): ALSA: hda/intel: Add Thinkpad E15 to PM deny list Tali Perry (1): i2c: npcm: Add clock toggle recovery Tan En De (1): i2c: designware: Invoke runtime suspend on quick slave re-registration Tao Chen (1): bpf: Fix WARN() in get_bpf_raw_tp_regs Tarang Raval (2): media: i2c: imx334: Enable runtime PM before sub-device registration media: i2c: imx334: Fix runtime PM handling in remove function Tasos Sahanidis (1): ata: pata_via: Force PIO for ATAPI devices on VT6415/VT6330 Tengda Wu (1): arm64/ptrace: Fix stack-out-of-bounds read in regs_get_kernel_stack_nth() Terry Junge (1): HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse() Thadeu Lima de Souza Cascardo (1): ext4: inline: fix len overflow in ext4_prepare_inline_data Thangaraj Samynathan (1): net: lan743x: rename lan743x_reset_phy to lan743x_hw_reset_phy Thomas Gleixner (1): x86/iopl: Cure TIF_IO_BITMAP inconsistencies Thomas Weißschuh (1): kbuild: userprogs: fix bitsize and target detection on clang Toke Høiland-Jørgensen (1): wifi: ath9k_htc: Abort software beacon handling if disabled Tomi Valkeinen (1): media: ti: cal: Fix wrong goto on error path Uwe Kleine-König (1): iio: adc: ad7124: Fix 3dB filter frequency reading Viktor Malik (1): libbpf: Fix buffer overflow in bpf_object__init_prog Vincent Knecht (1): clk: qcom: gcc-msm8939: Fix mclk0 & mclk1 for 24 MHz Viresh Kumar (1): cpufreq: Force sync policy boost with global boost on sysfs update Vitaliy Shevtsov (1): scsi: elx: efct: Fix memory leak in efct_hw_parse_filter() Vladimir Oltean (1): ptp: fix breakage after ptp_vclock_in_use() rework Wan Junjie (1): bus: fsl-mc: fix GET/SET_TAILDROP command ids WangYuli (2): MIPS: Loongson64: Add missing '#interrupt-cells' for loongson64c_ls7a Input: sparcspkr - avoid unannotated fall-through Wentao Liang (10): nilfs2: add pointer check for nilfs_direct_propagate() ASoC: qcom: sdm845: Add error handling in sdm845_slim_snd_hw_params() net/mlx5_core: Add error handling inmlx5_query_nic_vport_qkey_viol_cntr() net/mlx5: Add error handling in mlx5_query_nic_vport_node_guid() media: gspca: Add error handling for stv06xx_read_sensor() mtd: rawnand: sunxi: Add randomizer configuration in sunxi_nfc_hw_ecc_write_chunk mtd: nand: sunxi: Add randomizer configuration before randomizer enable regulator: max14577: Add error check for max14577_read_reg() media: platform: exynos4-is: Add hardware sync wait to fimc_is_hw_change_mode() octeontx2-pf: Add error log forcn10k_map_unmap_rq_policer() Wolfram Sang (3): ARM: dts: at91: usb_a9263: fix GPIO for Dataflash chip select ARM: dts: at91: at91sam9263: fix NAND chip selects rtc: sh: assign correct interrupts with DT Wupeng Ma (1): VMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify Xiaolei Wang (2): remoteproc: core: Cleanup acquired resources when rproc_handle_resources() fails in rproc_attach() remoteproc: core: Release rproc->clean_table after rproc_attach() fails Xin Li (Intel) (1): selftests/x86: Add a test to detect infinite SIGTRAP handler loop Yanqing Wang (1): driver: net: ethernet: mtk_star_emac: fix suspend/resume issue Ye Bin (1): ftrace: Fix UAF when lookup kallsym after ftrace disabled Yong Wang (1): net: bridge: mcast: re-implement br_multicast_{enable, disable}_port functions Yuanjun Gong (1): ASoC: tegra210_ahub: Add check to of_device_get_match_data() Zhang Yi (4): ext4: factor out ext4_get_maxbytes() ext4: ensure i_size is smaller than maxbytes ext4: ext4: unify EXT4_EX_NOCACHE|NOFAIL flags in ext4_ext_remove_space() ext4: prevent stale extent cache entries caused by concurrent get es_cache Zhiguo Niu (2): f2fs: use d_inode(dentry) cleanup dentry->d_inode f2fs: fix to correct check conditions in f2fs_cross_rename Zhongqiu Duan (1): netfilter: nft_quota: match correctly when the quota just depleted Zijun Hu (5): PM: wakeup: Delete space in the end of string shown by pm_show_wakelocks() fs/filesystems: Fix potential unsigned integer underflow in fs_name() configfs: Do not override creating attribute file failure in populate_attrs() software node: Correct a OOB check in software_node_get_reference_args() sock: Correct error checking condition for (assign|release)_proto_idx() Zilin Guan (1): tipc: use kfree_sensitive() for aead cleanup gldrk (1): ACPICA: utilities: Fix overflow check in vsnprintf() wangdicheng (1): ALSA: usb-audio: Rename ALSA kcontrol PCM and PCM1 for the KTMicro sound card zhang songyi (1): Input: synaptics-rmi4 - convert to use sysfs_emit() APIs Álvaro Fernández Rojas (3): spi: bcm63xx-spi: fix shared reset spi: bcm63xx-hsspi: fix shared reset net: dsa: tag_brcm: legacy: fix pskb_may_pull length

4 months, 2 weeks

1
1
0 0

Linux 5.10.239

by Greg Kroah-Hartman

I'm announcing the release of the 5.10.239 kernel. All users of the 5.10 kernel series must upgrade. The updated 5.10.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.10.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/admin-guide/kernel-parameters.txt | 7 MAINTAINERS | 9 Makefile | 9 arch/arm/boot/dts/am335x-bone-common.dtsi | 8 arch/arm/boot/dts/at91sam9263ek.dts | 2 arch/arm/boot/dts/qcom-apq8064.dtsi | 13 arch/arm/boot/dts/tny_a9263.dts | 2 arch/arm/boot/dts/usb_a9263.dts | 4 arch/arm/mach-omap2/clockdomain.h | 1 arch/arm/mach-omap2/clockdomains33xx_data.c | 2 arch/arm/mach-omap2/cm33xx.c | 14 arch/arm/mach-omap2/pmic-cpcap.c | 6 arch/arm/mm/ioremap.c | 4 arch/arm64/boot/dts/freescale/imx8mm-beacon-som.dtsi | 1 arch/arm64/boot/dts/rockchip/rk3399-puma-haikou.dts | 8 arch/arm64/boot/dts/ti/k3-am65-main.dtsi | 20 - arch/arm64/include/asm/cputype.h | 2 arch/arm64/include/asm/debug-monitors.h | 12 arch/arm64/include/asm/insn.h | 115 +++++- arch/arm64/include/asm/spectre.h | 4 arch/arm64/kernel/insn.c | 199 ++++++++++ arch/arm64/kernel/proton-pack.c | 206 ++++++----- arch/arm64/kernel/ptrace.c | 2 arch/arm64/net/bpf_jit.h | 11 arch/arm64/net/bpf_jit_comp.c | 58 ++- arch/arm64/xen/hypercall.S | 21 + arch/m68k/mac/config.c | 2 arch/mips/Makefile | 6 arch/mips/boot/dts/loongson/loongson64c_4core_ls7a.dts | 1 arch/mips/loongson2ef/Platform | 2 arch/mips/vdso/Makefile | 1 arch/nios2/include/asm/pgtable.h | 16 arch/parisc/boot/compressed/Makefile | 1 arch/powerpc/include/asm/vas.h | 3 arch/powerpc/kernel/eeh.c | 2 arch/powerpc/platforms/Kconfig | 1 arch/powerpc/platforms/Makefile | 1 arch/powerpc/platforms/book3s/Kconfig | 15 arch/powerpc/platforms/book3s/Makefile | 2 arch/powerpc/platforms/book3s/vas-api.c | 287 +++++++++++++++ arch/powerpc/platforms/powernv/Kconfig | 14 arch/powerpc/platforms/powernv/Makefile | 2 arch/powerpc/platforms/powernv/vas-api.c | 278 --------------- arch/powerpc/platforms/powernv/vas.h | 2 arch/s390/net/bpf_jit_comp.c | 12 arch/s390/pci/pci_mmio.c | 2 arch/x86/boot/compressed/Makefile | 2 arch/x86/kernel/cpu/bugs.c | 10 arch/x86/kernel/cpu/common.c | 17 arch/x86/kernel/cpu/mtrr/generic.c | 2 arch/x86/kernel/ioport.c | 13 arch/x86/kernel/process.c | 6 crypto/lrw.c | 4 crypto/xts.c | 4 drivers/acpi/acpica/dsutils.c | 9 drivers/acpi/acpica/psobject.c | 52 -- drivers/acpi/acpica/utprint.c | 7 drivers/acpi/apei/Kconfig | 1 drivers/acpi/apei/ghes.c | 2 drivers/acpi/battery.c | 19 - drivers/acpi/osi.c | 1 drivers/ata/pata_via.c | 3 drivers/atm/atmtcp.c | 4 drivers/base/power/domain.c | 2 drivers/base/power/main.c | 3 drivers/base/power/runtime.c | 2 drivers/base/swnode.c | 2 drivers/block/aoe/aoedev.c | 8 drivers/bus/fsl-mc/fsl-mc-bus.c | 6 drivers/bus/fsl-mc/mc-io.c | 19 - drivers/bus/fsl-mc/mc-sys.c | 2 drivers/bus/mhi/host/pm.c | 18 drivers/bus/ti-sysc.c | 49 -- drivers/clk/bcm/clk-raspberrypi.c | 2 drivers/clk/meson/g12a.c | 1 drivers/clk/qcom/gcc-msm8939.c | 4 drivers/clk/rockchip/clk-rk3036.c | 1 drivers/cpufreq/acpi-cpufreq.c | 2 drivers/cpufreq/cpufreq.c | 6 drivers/crypto/allwinner/sun8i-ce/sun8i-ce.h | 2 drivers/crypto/allwinner/sun8i-ss/sun8i-ss-cipher.c | 2 drivers/crypto/marvell/cesa/cesa.c | 2 drivers/crypto/marvell/cesa/cesa.h | 9 drivers/crypto/marvell/cesa/cipher.c | 3 drivers/crypto/marvell/cesa/hash.c | 2 drivers/crypto/marvell/cesa/tdma.c | 53 +- drivers/dma-buf/udmabuf.c | 5 drivers/dma/ti/k3-udma.c | 3 drivers/edac/altera_edac.c | 6 drivers/edac/skx_common.c | 1 drivers/firmware/Kconfig | 1 drivers/firmware/arm_sdei.c | 11 drivers/firmware/psci/psci.c | 4 drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c | 2 drivers/gpu/drm/amd/amdgpu/gfx_v6_0.c | 2 drivers/gpu/drm/amd/amdgpu/gfx_v7_0.c | 2 drivers/gpu/drm/amd/amdgpu/gfx_v8_0.c | 2 drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c | 2 drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager_v9.c | 4 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 18 drivers/gpu/drm/amd/display/dc/dcn20/Makefile | 2 drivers/gpu/drm/amd/display/dc/dcn21/Makefile | 2 drivers/gpu/drm/amd/display/dc/dml/Makefile | 3 drivers/gpu/drm/bridge/analogix/analogix_dp_core.c | 5 drivers/gpu/drm/msm/adreno/a6xx_hfi.c | 2 drivers/gpu/drm/msm/disp/dpu1/dpu_encoder_phys_vid.c | 3 drivers/gpu/drm/msm/hdmi/hdmi_i2c.c | 14 drivers/gpu/drm/nouveau/nouveau_backlight.c | 2 drivers/gpu/drm/rcar-du/rcar_du_kms.c | 10 drivers/gpu/drm/tegra/rgb.c | 14 drivers/gpu/drm/vkms/vkms_crtc.c | 2 drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 26 + drivers/hid/hid-hyperv.c | 5 drivers/hid/usbhid/hid-core.c | 25 - drivers/hwmon/occ/common.c | 309 +++++++++-------- drivers/i2c/busses/i2c-designware-slave.c | 2 drivers/i2c/busses/i2c-npcm7xx.c | 12 drivers/iio/adc/ad7124.c | 4 drivers/iio/adc/ad7606_spi.c | 2 drivers/iio/imu/inv_icm42600/inv_icm42600_temp.c | 8 drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 1 drivers/infiniband/hw/hns/hns_roce_hw_v2.h | 1 drivers/infiniband/hw/hns/hns_roce_main.c | 1 drivers/infiniband/hw/hns/hns_roce_restrack.c | 1 drivers/infiniband/hw/mlx5/qpc.c | 30 + drivers/input/misc/ims-pcu.c | 6 drivers/input/misc/sparcspkr.c | 22 - drivers/input/rmi4/rmi_f34.c | 137 ++++--- drivers/iommu/amd/iommu.c | 8 drivers/md/dm-raid1.c | 5 drivers/media/common/videobuf2/videobuf2-dma-sg.c | 4 drivers/media/i2c/ov8856.c | 9 drivers/media/i2c/tc358743.c | 4 drivers/media/platform/exynos4-is/fimc-is-regs.c | 1 drivers/media/platform/qcom/venus/core.c | 16 drivers/media/test-drivers/vidtv/vidtv_channel.c | 2 drivers/media/test-drivers/vivid/vivid-vid-cap.c | 2 drivers/media/usb/dvb-usb/cxusb.c | 3 drivers/media/usb/gspca/stv06xx/stv06xx_hdcs.c | 7 drivers/media/v4l2-core/v4l2-dev.c | 14 drivers/mfd/exynos-lpass.c | 1 drivers/mfd/stmpe-spi.c | 2 drivers/mtd/nand/raw/sunxi_nand.c | 2 drivers/net/ethernet/aquantia/atlantic/aq_main.c | 1 drivers/net/ethernet/aquantia/atlantic/aq_nic.c | 2 drivers/net/ethernet/cadence/macb_main.c | 6 drivers/net/ethernet/dlink/dl2k.c | 14 drivers/net/ethernet/dlink/dl2k.h | 2 drivers/net/ethernet/emulex/benet/be_cmds.c | 2 drivers/net/ethernet/google/gve/gve_main.c | 2 drivers/net/ethernet/intel/i40e/i40e_common.c | 7 drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 11 drivers/net/ethernet/intel/ice/ice_arfs.c | 48 ++ drivers/net/ethernet/intel/ice/ice_sched.c | 11 drivers/net/ethernet/mediatek/mtk_star_emac.c | 4 drivers/net/ethernet/mellanox/mlx4/en_clock.c | 2 drivers/net/ethernet/mellanox/mlx4/en_ethtool.c | 1 drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 5 drivers/net/ethernet/mellanox/mlx5/core/pagealloc.c | 2 drivers/net/ethernet/mellanox/mlx5/core/vport.c | 18 drivers/net/ethernet/microchip/lan743x_main.c | 4 drivers/net/ethernet/stmicro/stmmac/stmmac_platform.c | 11 drivers/net/macsec.c | 40 +- drivers/net/phy/mdio_bus.c | 16 drivers/net/phy/mscc/mscc_ptp.c | 4 drivers/net/usb/aqc111.c | 10 drivers/net/usb/ch9200.c | 7 drivers/net/vmxnet3/vmxnet3_drv.c | 26 + drivers/net/vxlan/vxlan_core.c | 8 drivers/net/wireless/ath/ath10k/ahb.c | 5 drivers/net/wireless/ath/ath10k/core.c | 36 + drivers/net/wireless/ath/ath10k/core.h | 9 drivers/net/wireless/ath/ath10k/debug.c | 6 drivers/net/wireless/ath/ath10k/mac.c | 1 drivers/net/wireless/ath/ath10k/pci.c | 9 drivers/net/wireless/ath/ath10k/sdio.c | 11 drivers/net/wireless/ath/ath10k/snoc.c | 12 drivers/net/wireless/ath/ath10k/wmi.c | 2 drivers/net/wireless/ath/ath11k/core.c | 8 drivers/net/wireless/ath/ath9k/htc_drv_beacon.c | 3 drivers/net/wireless/ath/carl9170/usb.c | 19 - drivers/net/wireless/intersil/p54/fwio.c | 2 drivers/net/wireless/intersil/p54/p54.h | 1 drivers/net/wireless/intersil/p54/txrx.c | 13 drivers/net/wireless/mediatek/mt76/mt76x2/usb.c | 2 drivers/net/wireless/mediatek/mt76/mt76x2/usb_init.c | 13 drivers/net/wireless/realtek/rtlwifi/pci.c | 10 drivers/net/wireless/realtek/rtw88/rtw8822c.c | 3 drivers/pci/controller/cadence/pcie-cadence-host.c | 11 drivers/pci/pci.c | 3 drivers/pci/pcie/dpc.c | 2 drivers/pci/quirks.c | 23 + drivers/pinctrl/mvebu/pinctrl-armada-37xx.c | 35 + drivers/pinctrl/pinctrl-at91.c | 6 drivers/platform/Kconfig | 2 drivers/platform/Makefile | 1 drivers/platform/surface/Kconfig | 14 drivers/platform/surface/Makefile | 5 drivers/platform/x86/dell_rbu.c | 6 drivers/power/reset/at91-reset.c | 5 drivers/power/supply/bq27xxx_battery.c | 2 drivers/power/supply/bq27xxx_battery_i2c.c | 13 drivers/rapidio/rio_cm.c | 3 drivers/regulator/max14577-regulator.c | 5 drivers/rpmsg/qcom_smd.c | 2 drivers/rtc/Kconfig | 10 drivers/rtc/Makefile | 1 drivers/rtc/class.c | 2 drivers/rtc/lib.c | 127 +++++- drivers/rtc/lib_test.c | 79 ++++ drivers/rtc/rtc-sh.c | 12 drivers/s390/scsi/zfcp_sysfs.c | 2 drivers/scsi/lpfc/lpfc_hbadisc.c | 2 drivers/scsi/lpfc/lpfc_sli.c | 4 drivers/scsi/qedf/qedf_main.c | 2 drivers/scsi/scsi_transport_iscsi.c | 11 drivers/scsi/storvsc_drv.c | 10 drivers/soc/aspeed/aspeed-lpc-snoop.c | 17 drivers/spi/spi-bcm63xx-hsspi.c | 2 drivers/spi/spi-bcm63xx.c | 2 drivers/spi/spi-sh-msiof.c | 13 drivers/staging/iio/impedance-analyzer/ad5933.c | 2 drivers/staging/media/rkvdec/rkvdec.c | 24 - drivers/tee/tee_core.c | 11 drivers/thermal/qcom/tsens.c | 10 drivers/thunderbolt/ctl.c | 5 drivers/tty/serial/milbeaut_usio.c | 5 drivers/tty/serial/sh-sci.c | 97 ++++- drivers/tty/vt/vt_ioctl.c | 2 drivers/uio/uio_hv_generic.c | 4 drivers/usb/class/usbtmc.c | 4 drivers/usb/core/hub.c | 16 drivers/usb/core/quirks.c | 3 drivers/usb/gadget/function/f_hid.c | 12 drivers/usb/renesas_usbhs/common.c | 50 ++ drivers/usb/storage/unusual_uas.h | 7 drivers/vfio/vfio_iommu_type1.c | 2 drivers/video/backlight/qcom-wled.c | 6 drivers/video/console/vgacon.c | 2 drivers/video/fbdev/core/fbcvt.c | 2 drivers/video/fbdev/core/fbmem.c | 4 drivers/watchdog/da9052_wdt.c | 1 fs/configfs/dir.c | 2 fs/exfat/nls.c | 1 fs/ext4/ext4.h | 7 fs/ext4/extents.c | 39 +- fs/ext4/file.c | 7 fs/ext4/inline.c | 2 fs/ext4/inode.c | 3 fs/ext4/ioctl.c | 8 fs/f2fs/data.c | 2 fs/f2fs/f2fs.h | 10 fs/f2fs/namei.c | 19 - fs/f2fs/super.c | 12 fs/filesystems.c | 14 fs/gfs2/inode.c | 3 fs/gfs2/lock_dlm.c | 3 fs/jbd2/transaction.c | 5 fs/jffs2/erase.c | 4 fs/jffs2/scan.c | 4 fs/jffs2/summary.c | 7 fs/jfs/jfs_discard.c | 3 fs/jfs/jfs_dtree.c | 18 fs/namespace.c | 4 fs/nfs/super.c | 19 + fs/nfsd/nfs4proc.c | 3 fs/nfsd/nfssvc.c | 6 fs/nilfs2/btree.c | 4 fs/nilfs2/direct.c | 3 fs/squashfs/super.c | 5 include/acpi/actypes.h | 2 include/linux/arm_sdei.h | 4 include/linux/atmdev.h | 6 include/linux/bpf.h | 26 - include/linux/bpf_types.h | 6 include/linux/hid.h | 3 include/linux/hugetlb.h | 6 include/linux/mlx5/driver.h | 1 include/linux/mm.h | 3 include/linux/mm_types.h | 3 include/linux/skmsg.h | 18 include/net/checksum.h | 2 include/net/sock.h | 11 include/net/tcp.h | 28 + include/net/tls.h | 2 include/net/udp.h | 4 include/trace/events/erofs.h | 18 include/uapi/linux/bpf.h | 2 include/uapi/linux/videodev2.h | 12 init/Kconfig | 1 ipc/shm.c | 5 kernel/bpf/verifier.c | 21 + kernel/events/core.c | 23 - kernel/exit.c | 17 kernel/power/wakelock.c | 3 kernel/time/clocksource.c | 2 kernel/time/posix-cpu-timers.c | 9 kernel/trace/bpf_trace.c | 2 kernel/trace/ftrace.c | 10 kernel/trace/trace.c | 2 lib/Kconfig | 1 mm/huge_memory.c | 2 mm/hugetlb.c | 117 +++++- mm/mmap.c | 8 mm/page-writeback.c | 2 net/Kconfig | 6 net/atm/common.c | 1 net/atm/lec.c | 12 net/atm/raw.c | 2 net/bluetooth/l2cap_core.c | 3 net/bridge/netfilter/nf_conntrack_bridge.c | 12 net/core/Makefile | 6 net/core/filter.c | 5 net/core/skmsg.c | 145 ++++--- net/core/sock.c | 4 net/core/sock_map.c | 2 net/core/utils.c | 4 net/ipv4/Makefile | 2 net/ipv4/inet_hashtables.c | 2 net/ipv4/route.c | 4 net/ipv4/tcp.c | 21 - net/ipv4/tcp_bpf.c | 8 net/ipv4/tcp_input.c | 74 ++-- net/ipv6/calipso.c | 8 net/ipv6/ila/ila_common.c | 6 net/ipv6/netfilter.c | 12 net/ipv6/netfilter/nft_fib_ipv6.c | 13 net/mac80211/mesh_hwmp.c | 6 net/mpls/af_mpls.c | 4 net/ncsi/internal.h | 21 - net/ncsi/ncsi-pkt.h | 23 - net/ncsi/ncsi-rsp.c | 21 - net/netfilter/nft_socket.c | 5 net/netfilter/nft_tunnel.c | 8 net/netlabel/netlabel_kapi.c | 5 net/nfc/nci/uart.c | 8 net/openvswitch/flow.c | 2 net/sched/sch_ets.c | 10 net/sched/sch_prio.c | 2 net/sched/sch_red.c | 2 net/sched/sch_sfq.c | 117 ++++-- net/sched/sch_tbf.c | 2 net/sctp/socket.c | 3 net/sunrpc/cache.c | 17 net/tipc/crypto.c | 8 net/tipc/udp_media.c | 4 net/tls/tls_main.c | 4 net/tls/tls_sw.c | 9 scripts/Kbuild.include | 8 scripts/Kconfig.include | 2 scripts/as-version.sh | 2 security/selinux/xfrm.c | 2 sound/pci/hda/hda_intel.c | 2 sound/pci/hda/patch_realtek.c | 1 sound/soc/codecs/tas2770.c | 30 + sound/soc/meson/meson-card-utils.c | 2 sound/soc/qcom/sdm845.c | 4 sound/soc/tegra/tegra210_ahub.c | 2 sound/usb/mixer_maps.c | 12 tools/include/uapi/linux/bpf.h | 2 tools/lib/bpf/nlattr.c | 15 tools/perf/Makefile.config | 2 tools/perf/builtin-record.c | 2 tools/perf/scripts/python/exported-sql-viewer.py | 5 tools/perf/tests/switch-tracking.c | 2 tools/perf/ui/browsers/hists.c | 2 tools/testing/selftests/seccomp/seccomp_bpf.c | 7 usr/include/Makefile | 2 368 files changed, 3351 insertions(+), 1659 deletions(-) Adam Ford (1): arm64: dts: imx8mm-beacon: Fix RTC capacitive load Aditya Dutt (1): jfs: fix array-index-out-of-bounds read in add_missing_indices Adrian Hunter (1): perf scripts python: exported-sql-viewer.py: Fix pattern matching with Python 3 Ahmed S. Darwish (1): x86/cpu: Sanitize CPUID(0x80000000) output Ahmed Salem (1): ACPICA: Avoid sequence overread in call to strncmp() Akhil P Oommen (1): drm/msm/a6xx: Increase HFI response timeout Al Viro (1): do_change_type(): refuse to operate on unmounted/not ours mounts Alex Deucher (5): drm/amdgpu/gfx6: fix CSIB handling drm/amdgpu/gfx10: fix CSIB handling drm/amdgpu/gfx7: fix CSIB handling drm/amdgpu/gfx8: fix CSIB handling drm/amdgpu/gfx9: fix CSIB handling Alexander Aring (1): gfs2: move msleep to sleepable context Alexander Shiyan (1): power: reset: at91-reset: Optimize at91_reset() Alexander Sverdlin (1): Revert "bus: ti-sysc: Probe for l4_wkup and l4_cfg interconnect devices first" Alexandre Mergnat (2): rtc: Fix offset calculation for .start_secs < 0 rtc: Make rtc_time64_to_tm() support dates before 1970 Alexey Gladkov (1): mfd: stmpe-spi: Correct the name used in MODULE_DEVICE_TABLE Alok Tiwari (3): gve: Fix RX_BUFFERS_POSTED stat to report per-queue fill_cnt scsi: iscsi: Fix incorrect error path labels for flashnode operations emulex/benet: correct command version selection in be_cmd_get_stats() Amber Lin (1): drm/amdkfd: Set SDMA_RLCx_IB_CNTL/SWITCH_INSIDE_IB Andreas Gruenbacher (1): gfs2: gfs2_create_inode error handling fix Andreas Kemnade (1): ARM: omap: pmic-cpcap: do not mess around without CPCAP or OMAP4 Andrew Lunn (1): net: mdio: C22 is now optional, EOPNOTSUPP if not provided Andrew Morton (1): drivers/rapidio/rio_cm.c: prevent possible heap overwrite Andrii Nakryiko (1): bpf: fix precision backtracking instruction iteration Andy Shevchenko (1): pinctrl: at91: Fix possible out-of-boundary access Anton Protopopov (1): libbpf: Use proper errno value in nlattr Armin Wolf (1): ACPI: OSI: Stop advertising support for "3.0 _SCP Extensions" Arnaldo Carvalho de Melo (2): perf build: Warn when libdebuginfod devel files are not available perf ui browser hists: Set actions->thread before calling do_zoom_thread() Arnd Bergmann (4): kbuild: hdrcheck: fix cross build with clang parisc: fix building with gcc-15 hwmon: (occ) Rework attribute registration for stack usage hwmon: (occ) fix unaligned accesses Artem Sadovnikov (1): jffs2: check that raw node were preallocated before writing summary Benjamin Berg (1): wifi: mac80211: do not offer a mesh path if forwarding is disabled Biju Das (2): drm: rcar-du: Fix memory leak in rcar_du_vsps_init() drm/tegra: rgb: Fix the unbound reference count Bjorn Helgaas (1): PCI/DPC: Initialize aer_err_info before using it Breno Leitao (1): Revert "x86/bugs: Make spectre user default depend on MITIGATION_SPECTRE_V2" on v6.6 and older Caleb Connolly (1): ath10k: snoc: fix unbalanced IRQ enable in crash recovery Carlos Fernandez (1): macsec: MACsec SCI assignment for ES = 0 Cassio Neri (1): rtc: Improve performance of rtc_time64_to_tm(). Add tests. Chao Yu (3): f2fs: fix to do sanity check on sbi->total_valid_block_count f2fs: clean up w/ fscrypt_is_bounce_page() f2fs: fix to do sanity check on sit_bitmap_size Charalampos Mitrodimas (1): net: tipc: fix refcount warning in tipc_aead_encrypt Charan Teja Kalla (1): PM: runtime: fix denying of auto suspend in pm_suspend_timer_fn() Christian Lamparter (1): wifi: p54: prevent buffer-overflow in p54_rx_eeprom_readback() Christophe JAILLET (1): mfd: exynos-lpass: Avoid calling exynos_lpass_disable() twice in exynos_lpass_remove() Claudiu Beznea (4): serial: sh-sci: Check if TX data was written to device in .tx_empty() serial: sh-sci: Move runtime PM enable to sci_probe_single() serial: sh-sci: Clean sci_ports[0] after at earlycon exit serial: sh-sci: Increment the runtime usage counter for the earlycon device Colin Foster (1): ARM: dts: am335x-bone-common: Increase MDIO reset deassert time Cong Wang (3): bpf: Clean up sockmap related Kconfigs net: Rename ->stream_memory_read to ->sock_is_readable sch_ets: make est_qlen_notify() idempotent Corentin Labbe (1): crypto: sun8i-ss - do not use sg_dma_len before calling DMA functions Da Xue (1): clk: meson-g12a: add missing fclk_div2 to spicc Damon Ding (1): drm/bridge: analogix_dp: Add irq flag IRQF_NO_AUTOEN instead of calling disable_irq() Dan Carpenter (4): rpmsg: qcom_smd: Fix uninitialized return variable in __qcom_smd_send() net/mlx4_en: Prevent potential integer overflow calculating Hz pmdomain: core: Fix error checking in genpd_dev_pm_attach_by_id() Input: ims-pcu - check record size in ims_pcu_flash_firmware() Daniel Wagner (1): scsi: lpfc: Use memcpy() for BIOS version Dapeng Mi (1): perf record: Fix incorrect --user-regs comments Dave Penkler (1): usb: usbtmc: Fix timeout value in get_stb David Gow (1): rtc: test: Fix invalid format specifier. David Lechner (1): iio: adc: ad7606_spi: fix reg write value mask Denis Arefev (1): media: vivid: Change the siize of the composing Dexuan Cui (1): scsi: storvsc: Increase the timeouts to storvsc_timeout Dmitry Antipov (2): wifi: rtw88: do not ignore hardware read error during DPK wifi: carl9170: do not ping device which has failed to load firmware Dmitry Baryshkov (3): ARM: dts: qcom: apq8064 merge hw splinlock into corresponding syscon device drm/msm/hdmi: add runtime PM calls to DDC transfer function drm/msm/dpu: don't select single flush for active CTL blocks Dmitry Torokhov (1): Input: synaptics-rmi - fix crash with unsupported versions of F34 Douglas Anderson (3): arm64: errata: Assume that unknown CPUs _are_ vulnerable to Spectre BHB arm64: errata: Add KRYO 2XX/3XX/4XX silver cores to Spectre BHB safe list arm64: errata: Add newer ARM cores to the spectre_bhb_loop_affected() lists Dylan Wolff (1): jfs: Fix null-ptr-deref in jfs_ioc_trim Eddie James (3): hwmon: (occ) Add new temperature sensor type hwmon: (occ) Add soft minimum power cap attribute hwmon: (occ) Fix P10 VRM temp sensors Edward Adam Davis (2): media: cxusb: no longer judge rbuf when the write fails media: vidtv: Terminating the subsequent process of initialization failure Eliav Farber (1): net/ipv4: fix type mismatch in inet_ehash_locks_alloc() causing build failure Eric Dumazet (14): net_sched: sch_sfq: fix a potential crash on gso_skb handling tcp: factorize logic into tcp_epollin_ready() net_sched: prio: fix a race in prio_tune() net_sched: red: fix a race in __red_change() net_sched: tbf: fix a race in tbf_change() net_sched: ets: fix a race in ets_qdisc_change() calipso: unlock rcu before returning -EAFNOSUPPORT tcp: tcp_data_ready() must look at SOCK_DONE tcp: always seek for minimal rtt in tcp_rcv_rtt_update() tcp: fix initial tp->rcvq_space.space value for passive TS enabled flows net: atm: add lec_mutex net: atm: fix /proc/net/atm/lec handling net_sched: sch_sfq: annotate data-races around q->perturb_period net_sched: sch_sfq: handle bigger packets Faicker Mo (1): net: openvswitch: Fix the dead loop of MPLS parse Fedor Pchelkin (1): jffs2: check jffs2_prealloc_raw_node_refs() result in few other places Fernando Fernandez Mancera (1): netfilter: nft_tunnel: fix geneve_opt dump Finn Thain (1): m68k: mac: Fix macintosh_config for Mac II Florian Westphal (2): netfilter: nft_socket: fix sk refcount leaks netfilter: nf_tables: nft_fib_ipv6: fix VRF ipv4/ipv6 result discrepancy GONG Ruiqi (1): vgacon: Add check for vc_origin address range in vgacon_scroll() Gabor Juhos (6): pinctrl: armada-37xx: use correct OUTPUT_VAL register for GPIOs > 31 pinctrl: armada-37xx: set GPIO output value before setting direction pinctrl: armada-37xx: propagate error from armada_37xx_pmx_set_by_name() pinctrl: armada-37xx: propagate error from armada_37xx_gpio_get_direction() pinctrl: armada-37xx: propagate error from armada_37xx_pmx_gpio_set_direction() pinctrl: armada-37xx: propagate error from armada_37xx_gpio_get() Gabriel Shahrouzi (1): staging: iio: ad5933: Correct settling cycles encoding per datasheet Gao Xiang (1): erofs: remove unused trace event erofs_destroy_inode Gautham R. Shenoy (1): acpi-cpufreq: Fix nominal_freq units to KHz in get_max_boost_ratio() Gavin Guo (1): mm/huge_memory: fix dereferencing invalid pmd migration entry Geert Uytterhoeven (2): spi: sh-msiof: Fix maximum DMA transfer size ARM: dts: am335x-bone-common: Increase MDIO reset deassert delay to 50ms George Moussalem (1): thermal/drivers/qcom/tsens: Update conditions to strictly evaluate for IP v2+ Greg Kroah-Hartman (1): Linux 5.10.239 Guilherme G. Piccoli (1): clocksource: Fix the CPUs' choice in the watchdog per CPU verification Haixia Qu (1): tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer Hans Verkuil (1): media: tc358743: ignore video while HPD is low Hans Zhang (1): PCI: cadence: Fix runtime atomic count underflow Haren Myneni (2): powerpc/vas: Move VAS API to book3s common platform powerpc/vas: Return -EINVAL if the offset is non-zero in mmap() Hari Kalavakunta (1): net: ncsi: Fix GCPS 64-bit member variables Hector Martin (1): ASoC: tas2770: Power cycle amp on ISENSE/VSENSE change Heiko Carstens (1): s390/pci: Fix __pcilg_mio_inuser() inline assembly Heiko Stuebner (1): clk: rockchip: rk3036: mark ddrphy as critical Henk Vergonet (1): wifi: mt76: mt76x2: Add support for LiteOn WN4516R,WN4519R Henry Martin (5): clk: bcm: rpi: Add NULL check in raspberrypi_clk_register() soc: aspeed: Add NULL check in aspeed_lpc_enable_snoop() backlight: pm8941: Add NULL check in wled_configure() dmaengine: ti: Add NULL check in udma_probe() serial: Fix potential null-ptr-deref in mlb_usio_probe() Herbert Xu (5): crypto: marvell/cesa - Handle zero-length skcipher requests crypto: marvell/cesa - Avoid empty transfer descriptor crypto: lrw - Only add ecb if it is not already there crypto: xts - Only add ecb if it is not already there crypto: marvell/cesa - Do not chain submitted requests Hongyu Xie (1): usb: storage: Ignore UAS driver for SanDisk 3.2 Gen2 storage device Horatiu Vultur (1): net: phy: mscc: Stop clearing the the UDPv4 checksum for L2 frames Hou Tao (2): arm64: move AARCH64_BREAK_FAULT into insn-def.h arm64: insn: add encoders for atomic operations Huacai Chen (1): PCI: Add ACS quirk for Loongson PCIe Huajian Yang (1): netfilter: bridge: Move specific fragmented packet to slow_path instead of dropping it Huang Yiwei (1): firmware: SDEI: Allow sdei initialization without ACPI_APEI_GHES Ian Forbes (1): drm/vmwgfx: Add seqno waiter for sync_files Ido Schimmel (1): vxlan: Do not treat dst cache initialization errors as fatal Ilpo Järvinen (1): PCI: Fix lock symmetry in pci_slot_unlock() Ilya Leoshkevich (1): s390/bpf: Store backchain even for leaf progs Ioana Ciornei (2): bus: fsl-mc: fix double-free on mc_dev bus: fsl-mc: do not add a device-link for the UAPI used DPMCP device Jacob Keller (1): drm/nouveau/bl: increase buffer size to avoid truncate warning Jaegeuk Kim (1): f2fs: prevent kernel warning due to negative i_nlink from corrupted image Jakub Raczynski (1): net/mdiobus: Fix potential out-of-bounds read/write access James Houghton (1): hugetlb: unshare some PMDs when splitting VMAs James Morse (6): arm64: insn: Add support for encoding DSB arm64: proton-pack: Expose whether the platform is mitigated by firmware arm64: proton-pack: Expose whether the branchy loop k value arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users arm64: proton-pack: Add new CPUs 'k' values for branch mitigation Jan Kara (1): ext4: fix calculation of credits for extent tree modification Jann Horn (3): tee: Prevent size calculation wraparound on 32-bit kernels mm/hugetlb: unshare page tables during VMA split, not before mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race Jason Xing (2): net: atlantic: generate software timestamp just before the doorbell net: mlx4: add SOF_TIMESTAMPING_TX_SOFTWARE flag when getting ts info Jeff Hugo (1): bus: mhi: host: Fix conflict between power_up and SYSERR Jeongjun Park (2): jbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata() ipc: fix to protect IPCS lookups using RCU Jerry Lv (1): power: supply: bq27xxx: Retrieve again when busy Jiaqing Zhao (1): x86/mtrr: Check if fixed-range MTRRs exist in mtrr_save_fixed_ranges() Jiayi Li (1): usb: quirks: Add NO_LPM quirk for SanDisk Extreme 55AE Jiayuan Chen (1): ktls, sockmap: Fix missing uncharge operation Jinliang Zheng (1): mm: fix ratelimit_pages update error in dirty_ratio_handler() Johan Hovold (1): media: ov8856: suppress probe deferral errors Jonas Karlman (1): media: rkvdec: Fix frame size enumeration Jonathan Lane (1): ALSA: hda/realtek: enable headset mic on Latitude 5420 Rugged Judith Mendez (2): arm64: dts: ti: k3-am65-main: Fix sdhci node properties arm64: dts: ti: k3-am65-main: Add missing taps to sdhci0 Julien Thierry (1): arm64: insn: Add barrier encodings Junxian Huang (1): RDMA/hns: Include hnae3.h in hns_roce_hw_v2.h Justin Sanders (1): aoe: clean device rq_list in aoedev_downdev() Justin Tee (1): scsi: lpfc: Fix lpfc_check_sli_ndlp() handling for GEN_REQUEST64 commands Kees Cook (2): drm/vkms: Adjust vkms_state->active_planes allocation type scsi: qedf: Use designated initializer for struct qed_fcoe_cb_ops Khem Raj (1): mips: Add -std= flag specified in KBUILD_CFLAGS to vdso CFLAGS Krishna Kumar (1): net: ice: Perform accurate aRFS flow match Krzysztof Kozlowski (1): NFC: nci: uart: Set tty->disc_data only in success path Kuniyuki Iwashima (5): calipso: Don't call calipso functions for AF_INET sk. atm: Revert atm_account_tx() if copy_from_iter_full() fails. mpls: Use rcu_dereference_rtnl() in mpls_route_input_rcu(). atm: atmtcp: Free invalid length skb in atmtcp_c_send(). calipso: Fix null-ptr-deref in calipso_req_{set,del}attr(). Kyungwook Boo (1): i40e: fix MMIO write access to an invalid page in i40e_clear_hw Lad Prabhakar (1): usb: renesas_usbhs: Reorder clock handling and power management in probe Laurentiu Tudor (1): bus: fsl-mc: increase MC_CMD_COMPLETION_TIMEOUT_MS value Leo Yan (1): perf tests switch-tracking: Fix timestamp comparison Li Lingfeng (3): nfs: clear SB_RDONLY before getting superblock nfs: ignore SB_RDONLY when remounting nfs nfsd: Initialize ssc before laundromat_work to prevent NULL dereference Li RongQing (1): vfio/type1: Fix error unwind in migration dirty bitmap allocation Liu Shixin (1): mm: hugetlb: independent PMD page table shared count Liu Song (1): arm64: spectre: increase parameters that can be used to turn off bhb mitigation individually Loic Poulain (1): media: venus: Fix probe error handling Long Li (3): uio_hv_generic: Use correct size for interrupt and monitor pages sunrpc: update nextcheck time when adding new cache entries sunrpc: fix race in cache cleanup causing stale nextcheck time Luiz Augusto von Dentz (1): Bluetooth: L2CAP: Fix not responding with L2CAP_CR_LE_ENCRYPTION Ma Ke (1): media: v4l2-dev: fix error handling in __video_register_device() Marcus Folkesson (1): watchdog: da9052_wdt: respect TWDMIN Marek Szyprowski (2): media: videobuf2: use sgtable-based scatterlist wrappers udmabuf: use sgtable-based scatterlist wrappers Martin Blumenstingl (1): ASoC: meson: meson-card-utils: use of_property_present() for DT parsing Masahiro Yamada (1): kbuild: add $(CLANG_FLAGS) to KBUILD_CPPFLAGS Mathias Nyman (1): usb: Flush altsetting 0 endpoints before reinitializating them after reset. Maximilian Luz (1): platform: Add Surface platform directory Miaoqian Lin (1): firmware: psci: Fix refcount leak in psci_dt_init Michal Kubiak (1): ice: create new Tx scheduler nodes for new queues only Michal Luczaj (1): net: Fix TOCTOU issue in sk_is_readable() Mikulas Patocka (1): dm-mirror: fix a tiny race condition Mingcong Bai (1): wifi: rtlwifi: disable ASPM for RTL8723BE with subsystem ID 11ad:1723 Moon Yeounsu (1): net: dlink: add synchronization for stats update Moshe Shemesh (1): net/mlx5: Ensure fw pages are always allocated on same NUMA Murad Masimov (1): fbdev: Fix fb_set_var to prevent null-ptr-deref in fb_videomode_to_var Namjae Jeon (1): exfat: fix double free in delayed_free Narayana Murty N (1): powerpc/eeh: Fix missing PE bridge reconfiguration during VFIO EEH recovery Nas Chung (2): media: uapi: v4l: Fix V4L2_TYPE_IS_OUTPUT condition media: uapi: v4l: Change V4L2_TYPE_IS_CAPTURE condition Nathan Chancellor (7): MIPS: Move '-Wa,-msoft-float' check from as-option to cc-option MIPS: Prefer cc-option for additions to cflags drm/amd/display: Do not add '-mhard-float' to dml_ccflags for clang mips: Include KBUILD_CPPFLAGS in CHECKFLAGS invocation kbuild: Add CLANG_FLAGS to as-instr kbuild: Add KBUILD_CPPFLAGS to as-option invocation drm/amd/display: Do not add '-mhard-float' to dcn2{1,0}_resource.o for clang Neal Cardwell (1): tcp: fix tcp_packet_delayed() for tcp_is_non_sack_preventing_reopen() behavior NeilBrown (1): nfsd: nfsd4_spo_must_allow() must check this is a v4 compound request Neill Kapron (1): selftests/seccomp: fix syscall_restart test for arm compat Nick Desaulniers (2): x86/boot/compressed: prefer cc-option for CFLAGS additions kbuild: Update assembler calls to use proper flags and language target Nicolas Dufresne (1): media: rkvdec: Initialize the m2m context before the controls Nicolas Pitre (1): vt: remove VT_RESIZE and VT_RESIZEX from vt_compat_ioctl() Nikita Zhandarovich (1): net: usb: aqc111: fix error handling of usbnet read calls Niravkumar L Rabara (1): EDAC/altera: Use correct write width with the INTTEST register Nishanth Menon (1): arm64: dts: ti: k3-am65-main: Drop deprecated ti,otap-del-sel property Octavian Purdila (3): net_sched: sch_sfq: don't allow 1 packet limit net_sched: sch_sfq: use a temporary work area for validating configuration net_sched: sch_sfq: move the limit validation Oleg Nesterov (1): posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() Oliver Neukum (1): net: usb: aqc111: debug info before sanitation Ovidiu Panait (1): crypto: sun8i-ce - move fallback ahash_request to the end of the struct Pan Taixi (1): tracing: Fix compilation warning on arm32 Patrisious Haddad (2): RDMA/mlx5: Fix error flow upon firmware failure for RQ destruction net/mlx5: Fix return value when searching for existing flow group Paul Chaignon (2): net: Fix checksum update for ILA adj-transport bpf: Fix L4 csum update on IPv6 in CHECKSUM_COMPLETE Peter Marheine (1): ACPI: battery: negate current when discharging Peter Oberparleiter (1): scsi: s390: zfcp: Ensure synchronous unit_add Peter Zijlstra (1): perf: Fix sample vs do_exit() Petr Malat (1): sctp: Do not wake readers in __sctp_write_space() Phillip Lougher (1): Squashfs: check return result of sb_min_blocksize Qasim Ijaz (1): net: ch9200: fix uninitialised access during mii_nway_restart Qing Wang (1): perf/core: Fix broken throttling when max_samples_per_tick=1 Qiuxu Zhuo (1): EDAC/skx_common: Fix general protection fault Quentin Schulz (2): arm64: dts: rockchip: disable unrouted USB controllers and PHY on RK3399 Puma with Haikou net: stmmac: platform: guarantee uniqueness of bus_id Rafael J. Wysocki (1): PM: sleep: Fix power.is_suspended cleanup for direct-complete devices Robert Malz (2): i40e: return false from i40e_reset_vf if reset is in progress i40e: retry VFLR handling if there is ongoing VF reset Ronak Doshi (1): vmxnet3: correctly report gso type for UDP tunnels Ross Stutterheim (1): ARM: 9447/1: arm/memremap: fix arch_memremap_can_ram_remap() Ryusuke Konishi (1): nilfs2: do not propagate ENOENT error from nilfs_btree_propagate() Sean Christopherson (1): iommu/amd: Ensure GA log notifier callbacks finish running before module unload Sean Nyekjaer (1): iio: imu: inv_icm42600: Fix temperature calculation Sebastian Andrzej Siewior (1): ipv4/route: Use this_cpu_inc() for stats on PREEMPT_RT Sergey Senozhatsky (1): thunderbolt: Do not double dequeue a configuration request Sergey Shtylyov (1): fbdev: core: fbcvt: avoid division by 0 in fb_cvt_hperiod() Sergio Perez Gonzalez (1): net: macb: Check return value of dma_set_mask_and_coherent() Seunghun Han (2): ACPICA: fix acpi operand cache leak in dswstate.c ACPICA: fix acpi parse and parseext cache leaks Shengyu Qu (1): ARM: dts: am335x-bone-common: Add GPIO PHY reset on revision C3 board Simon Horman (1): pldmfw: Select CRC32 when PLDMFW is selected Simon Schuster (1): nios2: force update_mmu_cache on spurious tlb-permission--related pagefaults Srinivasan Shanmugam (1): drm/amd/display: Add NULL pointer checks in dm_force_atomic_commit() Stefano Stabellini (1): xen/arm: call uaccess_ttbr0_enable for dm_op hypercall Stephen Smalley (1): selinux: fix selinux_xfrm_alloc_user() to set correct ctx_len Stone Zhang (1): wifi: ath11k: fix node corruption in ar->arvifs list Stuart Hayes (2): platform/x86: dell_rbu: Fix list usage platform/x86: dell_rbu: Stop overwriting data buffer Su Hui (1): soc: aspeed: lpc: Fix impossible judgment condition Sukrut Bellary (1): ARM: OMAP2+: Fix l4ls clk domain handling in STANDBY Takashi Iwai (1): ALSA: hda/intel: Add Thinkpad E15 to PM deny list Tali Perry (1): i2c: npcm: Add clock toggle recovery Tan En De (1): i2c: designware: Invoke runtime suspend on quick slave re-registration Tao Chen (1): bpf: Fix WARN() in get_bpf_raw_tp_regs Tasos Sahanidis (1): ata: pata_via: Force PIO for ATAPI devices on VT6415/VT6330 Tengda Wu (1): arm64/ptrace: Fix stack-out-of-bounds read in regs_get_kernel_stack_nth() Terry Junge (1): HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse() Thadeu Lima de Souza Cascardo (1): ext4: inline: fix len overflow in ext4_prepare_inline_data Thangaraj Samynathan (1): net: lan743x: rename lan743x_reset_phy to lan743x_hw_reset_phy Thomas Gleixner (1): x86/iopl: Cure TIF_IO_BITMAP inconsistencies Thomas Weißschuh (1): kbuild: userprogs: fix bitsize and target detection on clang Toke Høiland-Jørgensen (1): wifi: ath9k_htc: Abort software beacon handling if disabled Uwe Kleine-König (1): iio: adc: ad7124: Fix 3dB filter frequency reading Vincent Knecht (1): clk: qcom: gcc-msm8939: Fix mclk0 & mclk1 for 24 MHz Viresh Kumar (1): cpufreq: Force sync policy boost with global boost on sysfs update WangYuli (2): MIPS: Loongson64: Add missing '#interrupt-cells' for loongson64c_ls7a Input: sparcspkr - avoid unannotated fall-through Wen Gong (2): ath10k: add atomic protection for device recovery ath10k: prevent deinitializing NAPI twice Wentao Liang (9): nilfs2: add pointer check for nilfs_direct_propagate() ASoC: qcom: sdm845: Add error handling in sdm845_slim_snd_hw_params() net/mlx5_core: Add error handling inmlx5_query_nic_vport_qkey_viol_cntr() net/mlx5: Add error handling in mlx5_query_nic_vport_node_guid() media: gspca: Add error handling for stv06xx_read_sensor() mtd: rawnand: sunxi: Add randomizer configuration in sunxi_nfc_hw_ecc_write_chunk mtd: nand: sunxi: Add randomizer configuration before randomizer enable regulator: max14577: Add error check for max14577_read_reg() media: platform: exynos4-is: Add hardware sync wait to fimc_is_hw_change_mode() Will Deacon (1): arm64: errata: Add missing sentinels to Spectre-BHB MIDR arrays Wolfram Sang (3): ARM: dts: at91: usb_a9263: fix GPIO for Dataflash chip select ARM: dts: at91: at91sam9263: fix NAND chip selects rtc: sh: assign correct interrupts with DT Yanqing Wang (1): driver: net: ethernet: mtk_star_emac: fix suspend/resume issue Ye Bin (1): ftrace: Fix UAF when lookup kallsym after ftrace disabled Yuanjun Gong (1): ASoC: tegra210_ahub: Add check to of_device_get_match_data() Zhang Yi (4): ext4: factor out ext4_get_maxbytes() ext4: ensure i_size is smaller than maxbytes ext4: ext4: unify EXT4_EX_NOCACHE|NOFAIL flags in ext4_ext_remove_space() ext4: prevent stale extent cache entries caused by concurrent get es_cache Zhiguo Niu (2): f2fs: use d_inode(dentry) cleanup dentry->d_inode f2fs: fix to correct check conditions in f2fs_cross_rename Zijun Hu (5): PM: wakeup: Delete space in the end of string shown by pm_show_wakelocks() fs/filesystems: Fix potential unsigned integer underflow in fs_name() configfs: Do not override creating attribute file failure in populate_attrs() software node: Correct a OOB check in software_node_get_reference_args() sock: Correct error checking condition for (assign|release)_proto_idx() Zilin Guan (1): tipc: use kfree_sensitive() for aead cleanup gldrk (1): ACPICA: utilities: Fix overflow check in vsnprintf() wangdicheng (1): ALSA: usb-audio: Rename ALSA kcontrol PCM and PCM1 for the KTMicro sound card zhang songyi (1): Input: synaptics-rmi4 - convert to use sysfs_emit() APIs Álvaro Fernández Rojas (2): spi: bcm63xx-spi: fix shared reset spi: bcm63xx-hsspi: fix shared reset

4 months, 2 weeks

1
1
0 0

Linux 5.4.295

by Greg Kroah-Hartman

I'm announcing the release of the 5.4.295 kernel. All users of the 5.4 kernel series must upgrade. The updated 5.4.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.4.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/admin-guide/kernel-parameters.txt | 2 MAINTAINERS | 9 + Makefile | 2 arch/arm/boot/dts/am335x-bone-common.dtsi | 8 + arch/arm/boot/dts/at91sam9263ek.dts | 2 arch/arm/boot/dts/qcom-apq8064.dtsi | 13 - arch/arm/boot/dts/tny_a9263.dts | 2 arch/arm/boot/dts/usb_a9263.dts | 4 arch/arm/mach-omap2/clockdomain.h | 1 arch/arm/mach-omap2/clockdomains33xx_data.c | 2 arch/arm/mach-omap2/cm33xx.c | 14 +- arch/arm/mm/ioremap.c | 4 arch/arm64/boot/dts/rockchip/rk3399-puma-haikou.dts | 8 - arch/arm64/kernel/ptrace.c | 2 arch/arm64/xen/hypercall.S | 21 ++- arch/m68k/mac/config.c | 2 arch/mips/Makefile | 2 arch/mips/vdso/Makefile | 1 arch/nios2/include/asm/pgtable.h | 16 ++ arch/parisc/boot/compressed/Makefile | 1 arch/powerpc/kernel/eeh.c | 2 arch/s390/pci/pci_mmio.c | 2 arch/x86/boot/compressed/Makefile | 2 arch/x86/kernel/cpu/bugs.c | 10 - arch/x86/kernel/cpu/common.c | 17 +- arch/x86/kernel/cpu/mtrr/generic.c | 2 drivers/acpi/acpica/dsutils.c | 9 + drivers/acpi/acpica/psobject.c | 52 ++----- drivers/acpi/battery.c | 19 ++ drivers/acpi/osi.c | 1 drivers/ata/pata_via.c | 3 drivers/atm/atmtcp.c | 4 drivers/base/power/domain.c | 2 drivers/base/power/main.c | 3 drivers/base/power/runtime.c | 2 drivers/block/aoe/aoedev.c | 8 + drivers/bus/fsl-mc/fsl-mc-bus.c | 6 drivers/bus/fsl-mc/mc-io.c | 19 +- drivers/bus/fsl-mc/mc-sys.c | 2 drivers/bus/ti-sysc.c | 49 ------- drivers/clk/rockchip/clk-rk3036.c | 1 drivers/cpufreq/cpufreq.c | 6 drivers/crypto/marvell/cipher.c | 3 drivers/crypto/marvell/hash.c | 2 drivers/edac/altera_edac.c | 6 drivers/edac/skx_common.c | 1 drivers/firmware/psci/psci.c | 4 drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c | 2 drivers/gpu/drm/amd/amdgpu/gfx_v6_0.c | 2 drivers/gpu/drm/amd/amdgpu/gfx_v7_0.c | 2 drivers/gpu/drm/amd/amdgpu/gfx_v8_0.c | 2 drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c | 2 drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager_v9.c | 4 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 18 +- drivers/gpu/drm/amd/display/dc/dcn20/Makefile | 2 drivers/gpu/drm/amd/display/dc/dcn21/Makefile | 2 drivers/gpu/drm/amd/display/dc/dml/Makefile | 3 drivers/gpu/drm/bridge/analogix/analogix_dp_core.c | 5 drivers/gpu/drm/msm/adreno/a6xx_hfi.c | 2 drivers/gpu/drm/msm/hdmi/hdmi_i2c.c | 14 +- drivers/gpu/drm/nouveau/nouveau_backlight.c | 2 drivers/gpu/drm/rcar-du/rcar_du_kms.c | 10 - drivers/gpu/drm/tegra/rgb.c | 14 +- drivers/gpu/drm/vkms/vkms_crtc.c | 2 drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 26 +++ drivers/hid/hid-hyperv.c | 5 drivers/hid/usbhid/hid-core.c | 25 ++- drivers/hwmon/occ/common.c | 28 +--- drivers/i2c/busses/i2c-designware-slave.c | 2 drivers/iio/adc/ad7606_spi.c | 2 drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 1 drivers/infiniband/hw/hns/hns_roce_hw_v2.h | 1 drivers/infiniband/hw/hns/hns_roce_restrack.c | 1 drivers/input/misc/ims-pcu.c | 6 drivers/input/misc/sparcspkr.c | 22 ++- drivers/input/rmi4/rmi_f34.c | 137 +++++++++++--------- drivers/md/dm-raid1.c | 5 drivers/media/i2c/tc358743.c | 4 drivers/media/platform/exynos4-is/fimc-is-regs.c | 1 drivers/media/usb/gspca/stv06xx/stv06xx_hdcs.c | 7 - drivers/media/v4l2-core/v4l2-dev.c | 14 +- drivers/mfd/exynos-lpass.c | 1 drivers/mfd/stmpe-spi.c | 2 drivers/mtd/nand/raw/sunxi_nand.c | 2 drivers/net/ethernet/cadence/macb_main.c | 6 drivers/net/ethernet/dlink/dl2k.c | 14 +- drivers/net/ethernet/dlink/dl2k.h | 2 drivers/net/ethernet/emulex/benet/be_cmds.c | 2 drivers/net/ethernet/intel/i40e/i40e_common.c | 7 - drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 11 + drivers/net/ethernet/intel/ice/ice_sched.c | 11 - drivers/net/ethernet/mellanox/mlx4/en_clock.c | 2 drivers/net/ethernet/mellanox/mlx4/en_ethtool.c | 1 drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 13 + drivers/net/ethernet/microchip/lan743x_main.c | 4 drivers/net/phy/mdio_bus.c | 16 ++ drivers/net/usb/aqc111.c | 10 + drivers/net/usb/ch9200.c | 7 - drivers/net/vxlan.c | 8 - drivers/net/wireless/ath/ath9k/htc_drv_beacon.c | 3 drivers/net/wireless/ath/carl9170/usb.c | 19 +- drivers/net/wireless/intersil/p54/fwio.c | 2 drivers/net/wireless/intersil/p54/p54.h | 1 drivers/net/wireless/intersil/p54/txrx.c | 13 + drivers/net/wireless/realtek/rtlwifi/pci.c | 10 + drivers/net/wireless/realtek/rtw88/rtw8822c.c | 3 drivers/pci/pci.c | 3 drivers/pci/quirks.c | 23 +++ drivers/pinctrl/mvebu/pinctrl-armada-37xx.c | 35 +++-- drivers/pinctrl/pinctrl-at91.c | 6 drivers/platform/Kconfig | 2 drivers/platform/Makefile | 1 drivers/platform/surface/Kconfig | 14 ++ drivers/platform/surface/Makefile | 5 drivers/platform/x86/dell_rbu.c | 2 drivers/power/supply/bq27xxx_battery.c | 2 drivers/power/supply/bq27xxx_battery_i2c.c | 13 + drivers/rapidio/rio_cm.c | 3 drivers/regulator/max14577-regulator.c | 5 drivers/rpmsg/qcom_smd.c | 2 drivers/rtc/Kconfig | 10 + drivers/rtc/Makefile | 1 drivers/rtc/class.c | 2 drivers/rtc/lib.c | 127 ++++++++++++++---- drivers/rtc/lib_test.c | 79 +++++++++++ drivers/rtc/rtc-sh.c | 12 + drivers/s390/scsi/zfcp_sysfs.c | 2 drivers/scsi/lpfc/lpfc_sli.c | 4 drivers/scsi/qedf/qedf_main.c | 2 drivers/scsi/scsi_transport_iscsi.c | 11 - drivers/scsi/storvsc_drv.c | 10 - drivers/soc/aspeed/aspeed-lpc-snoop.c | 17 ++ drivers/spi/spi-sh-msiof.c | 13 + drivers/staging/iio/impedance-analyzer/ad5933.c | 2 drivers/tee/tee_core.c | 11 - drivers/thunderbolt/ctl.c | 5 drivers/tty/serial/milbeaut_usio.c | 5 drivers/tty/vt/vt_ioctl.c | 2 drivers/uio/uio_hv_generic.c | 4 drivers/usb/class/usbtmc.c | 4 drivers/usb/core/hub.c | 16 ++ drivers/usb/core/quirks.c | 3 drivers/usb/gadget/function/f_hid.c | 12 - drivers/usb/renesas_usbhs/common.c | 50 +++++-- drivers/usb/storage/unusual_uas.h | 7 + drivers/video/console/vgacon.c | 2 drivers/video/fbdev/core/fbcvt.c | 2 drivers/video/fbdev/core/fbmem.c | 4 drivers/watchdog/da9052_wdt.c | 1 fs/configfs/dir.c | 2 fs/ext4/extents.c | 11 - fs/ext4/inline.c | 2 fs/f2fs/data.c | 2 fs/f2fs/f2fs.h | 10 + fs/f2fs/namei.c | 19 ++ fs/f2fs/super.c | 4 fs/filesystems.c | 14 +- fs/gfs2/inode.c | 3 fs/gfs2/lock_dlm.c | 3 fs/jbd2/transaction.c | 3 fs/jffs2/erase.c | 4 fs/jffs2/scan.c | 4 fs/jffs2/summary.c | 7 - fs/jfs/jfs_discard.c | 3 fs/jfs/jfs_dtree.c | 18 ++ fs/namespace.c | 4 fs/nfsd/nfs3xdr.c | 2 fs/nfsd/nfs4proc.c | 3 fs/nfsd/vfs.c | 4 fs/nilfs2/btree.c | 4 fs/nilfs2/direct.c | 3 fs/squashfs/super.c | 5 include/acpi/actypes.h | 2 include/linux/atmdev.h | 6 include/linux/hid.h | 3 include/trace/events/erofs.h | 18 -- include/uapi/linux/videodev2.h | 1 ipc/shm.c | 5 kernel/events/core.c | 23 ++- kernel/exit.c | 17 +- kernel/power/wakelock.c | 3 kernel/time/posix-cpu-timers.c | 9 + kernel/trace/bpf_trace.c | 2 kernel/trace/ftrace.c | 10 + kernel/trace/trace.c | 2 mm/huge_memory.c | 2 mm/page-writeback.c | 2 net/atm/common.c | 1 net/atm/lec.c | 12 + net/atm/raw.c | 2 net/bluetooth/l2cap_core.c | 3 net/bridge/netfilter/nf_conntrack_bridge.c | 12 - net/core/sock.c | 4 net/ipv4/route.c | 4 net/ipv4/tcp_input.c | 63 +++++---- net/ipv6/calipso.c | 8 + net/ipv6/netfilter.c | 12 - net/ipv6/netfilter/nft_fib_ipv6.c | 13 + net/mac80211/mesh_hwmp.c | 6 net/mpls/af_mpls.c | 4 net/ncsi/internal.h | 21 +-- net/ncsi/ncsi-pkt.h | 23 +-- net/ncsi/ncsi-rsp.c | 21 +-- net/netfilter/nft_socket.c | 3 net/netlabel/netlabel_kapi.c | 5 net/nfc/nci/uart.c | 8 - net/sched/sch_prio.c | 2 net/sched/sch_red.c | 2 net/sched/sch_sfq.c | 5 net/sched/sch_tbf.c | 2 net/sctp/socket.c | 3 net/sunrpc/cache.c | 2 net/sunrpc/xprtrdma/verbs.c | 2 net/tipc/udp_media.c | 4 net/tls/tls_sw.c | 7 + security/selinux/xfrm.c | 2 sound/pci/hda/hda_intel.c | 2 sound/pci/hda/patch_realtek.c | 1 tools/perf/builtin-record.c | 2 tools/perf/scripts/python/exported-sql-viewer.py | 5 tools/perf/tests/switch-tracking.c | 2 tools/perf/ui/browsers/hists.c | 2 tools/testing/selftests/seccomp/seccomp_bpf.c | 7 - 223 files changed, 1298 insertions(+), 652 deletions(-) Aditya Dutt (1): jfs: fix array-index-out-of-bounds read in add_missing_indices Adrian Hunter (1): perf scripts python: exported-sql-viewer.py: Fix pattern matching with Python 3 Ahmed S. Darwish (1): x86/cpu: Sanitize CPUID(0x80000000) output Ahmed Salem (1): ACPICA: Avoid sequence overread in call to strncmp() Akhil P Oommen (1): drm/msm/a6xx: Increase HFI response timeout Al Viro (1): do_change_type(): refuse to operate on unmounted/not ours mounts Alex Deucher (5): drm/amdgpu/gfx6: fix CSIB handling drm/amdgpu/gfx10: fix CSIB handling drm/amdgpu/gfx7: fix CSIB handling drm/amdgpu/gfx8: fix CSIB handling drm/amdgpu/gfx9: fix CSIB handling Alexander Aring (1): gfs2: move msleep to sleepable context Alexander Sverdlin (1): Revert "bus: ti-sysc: Probe for l4_wkup and l4_cfg interconnect devices first" Alexandre Mergnat (2): rtc: Fix offset calculation for .start_secs < 0 rtc: Make rtc_time64_to_tm() support dates before 1970 Alexey Gladkov (1): mfd: stmpe-spi: Correct the name used in MODULE_DEVICE_TABLE Alok Tiwari (2): scsi: iscsi: Fix incorrect error path labels for flashnode operations emulex/benet: correct command version selection in be_cmd_get_stats() Amber Lin (1): drm/amdkfd: Set SDMA_RLCx_IB_CNTL/SWITCH_INSIDE_IB Andreas Gruenbacher (1): gfs2: gfs2_create_inode error handling fix Andrew Lunn (1): net: mdio: C22 is now optional, EOPNOTSUPP if not provided Andrew Morton (1): drivers/rapidio/rio_cm.c: prevent possible heap overwrite Andy Shevchenko (1): pinctrl: at91: Fix possible out-of-boundary access Armin Wolf (1): ACPI: OSI: Stop advertising support for "3.0 _SCP Extensions" Arnaldo Carvalho de Melo (1): perf ui browser hists: Set actions->thread before calling do_zoom_thread() Arnd Bergmann (2): parisc: fix building with gcc-15 hwmon: (occ) fix unaligned accesses Artem Sadovnikov (1): jffs2: check that raw node were preallocated before writing summary Benjamin Berg (1): wifi: mac80211: do not offer a mesh path if forwarding is disabled Biju Das (2): drm: rcar-du: Fix memory leak in rcar_du_vsps_init() drm/tegra: rgb: Fix the unbound reference count Breno Leitao (1): Revert "x86/bugs: Make spectre user default depend on MITIGATION_SPECTRE_V2" on v6.6 and older Cassio Neri (1): rtc: Improve performance of rtc_time64_to_tm(). Add tests. Chao Yu (2): f2fs: fix to do sanity check on sbi->total_valid_block_count f2fs: clean up w/ fscrypt_is_bounce_page() Charan Teja Kalla (1): PM: runtime: fix denying of auto suspend in pm_suspend_timer_fn() Christian Lamparter (1): wifi: p54: prevent buffer-overflow in p54_rx_eeprom_readback() Christophe JAILLET (1): mfd: exynos-lpass: Avoid calling exynos_lpass_disable() twice in exynos_lpass_remove() Chuck Lever (2): NFSD: Fix ia_size underflow NFSD: Fix NFSv3 SETATTR/CREATE's handling of large file sizes Colin Foster (1): ARM: dts: am335x-bone-common: Increase MDIO reset deassert time Damon Ding (1): drm/bridge: analogix_dp: Add irq flag IRQF_NO_AUTOEN instead of calling disable_irq() Dan Aloni (1): xprtrdma: fix pointer derefs in error cases of rpcrdma_ep_create Dan Carpenter (4): rpmsg: qcom_smd: Fix uninitialized return variable in __qcom_smd_send() net/mlx4_en: Prevent potential integer overflow calculating Hz pmdomain: core: Fix error checking in genpd_dev_pm_attach_by_id() Input: ims-pcu - check record size in ims_pcu_flash_firmware() Daniel Wagner (1): scsi: lpfc: Use memcpy() for BIOS version Dapeng Mi (1): perf record: Fix incorrect --user-regs comments Dave Penkler (1): usb: usbtmc: Fix timeout value in get_stb David Gow (1): rtc: test: Fix invalid format specifier. David Lechner (1): iio: adc: ad7606_spi: fix reg write value mask Dexuan Cui (1): scsi: storvsc: Increase the timeouts to storvsc_timeout Dmitry Antipov (2): wifi: rtw88: do not ignore hardware read error during DPK wifi: carl9170: do not ping device which has failed to load firmware Dmitry Baryshkov (2): ARM: dts: qcom: apq8064 merge hw splinlock into corresponding syscon device drm/msm/hdmi: add runtime PM calls to DDC transfer function Dmitry Torokhov (1): Input: synaptics-rmi - fix crash with unsupported versions of F34 Dylan Wolff (1): jfs: Fix null-ptr-deref in jfs_ioc_trim Eric Dumazet (9): net_sched: sch_sfq: fix a potential crash on gso_skb handling net_sched: prio: fix a race in prio_tune() net_sched: red: fix a race in __red_change() net_sched: tbf: fix a race in tbf_change() calipso: unlock rcu before returning -EAFNOSUPPORT tcp: always seek for minimal rtt in tcp_rcv_rtt_update() tcp: fix initial tp->rcvq_space.space value for passive TS enabled flows net: atm: add lec_mutex net: atm: fix /proc/net/atm/lec handling Fedor Pchelkin (1): jffs2: check jffs2_prealloc_raw_node_refs() result in few other places Finn Thain (1): m68k: mac: Fix macintosh_config for Mac II Florian Westphal (2): netfilter: nft_socket: fix sk refcount leaks netfilter: nf_tables: nft_fib_ipv6: fix VRF ipv4/ipv6 result discrepancy GONG Ruiqi (1): vgacon: Add check for vc_origin address range in vgacon_scroll() Gabor Juhos (6): pinctrl: armada-37xx: use correct OUTPUT_VAL register for GPIOs > 31 pinctrl: armada-37xx: set GPIO output value before setting direction pinctrl: armada-37xx: propagate error from armada_37xx_pmx_set_by_name() pinctrl: armada-37xx: propagate error from armada_37xx_gpio_get_direction() pinctrl: armada-37xx: propagate error from armada_37xx_pmx_gpio_set_direction() pinctrl: armada-37xx: propagate error from armada_37xx_gpio_get() Gabriel Shahrouzi (1): staging: iio: ad5933: Correct settling cycles encoding per datasheet Gao Xiang (1): erofs: remove unused trace event erofs_destroy_inode Gavin Guo (1): mm/huge_memory: fix dereferencing invalid pmd migration entry Geert Uytterhoeven (2): spi: sh-msiof: Fix maximum DMA transfer size ARM: dts: am335x-bone-common: Increase MDIO reset deassert delay to 50ms Greg Kroah-Hartman (1): Linux 5.4.295 Haixia Qu (1): tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer Hans Verkuil (1): media: tc358743: ignore video while HPD is low Hari Kalavakunta (1): net: ncsi: Fix GCPS 64-bit member variables Heiko Carstens (1): s390/pci: Fix __pcilg_mio_inuser() inline assembly Heiko Stuebner (1): clk: rockchip: rk3036: mark ddrphy as critical Henry Martin (2): soc: aspeed: Add NULL check in aspeed_lpc_enable_snoop() serial: Fix potential null-ptr-deref in mlb_usio_probe() Herbert Xu (2): crypto: marvell/cesa - Handle zero-length skcipher requests crypto: marvell/cesa - Avoid empty transfer descriptor Hongyu Xie (1): usb: storage: Ignore UAS driver for SanDisk 3.2 Gen2 storage device Huacai Chen (1): PCI: Add ACS quirk for Loongson PCIe Huajian Yang (1): netfilter: bridge: Move specific fragmented packet to slow_path instead of dropping it Ian Forbes (1): drm/vmwgfx: Add seqno waiter for sync_files Ido Schimmel (1): vxlan: Do not treat dst cache initialization errors as fatal Ilpo Järvinen (1): PCI: Fix lock symmetry in pci_slot_unlock() Ioana Ciornei (2): bus: fsl-mc: fix double-free on mc_dev bus: fsl-mc: do not add a device-link for the UAPI used DPMCP device Jacob Keller (1): drm/nouveau/bl: increase buffer size to avoid truncate warning Jaegeuk Kim (1): f2fs: prevent kernel warning due to negative i_nlink from corrupted image Jakub Raczynski (1): net/mdiobus: Fix potential out-of-bounds read/write access Jan Kara (1): ext4: fix calculation of credits for extent tree modification Jann Horn (1): tee: Prevent size calculation wraparound on 32-bit kernels Jason Xing (1): net: mlx4: add SOF_TIMESTAMPING_TX_SOFTWARE flag when getting ts info Jeongjun Park (2): ipc: fix to protect IPCS lookups using RCU jbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata() Jerry Lv (1): power: supply: bq27xxx: Retrieve again when busy Jiaqing Zhao (1): x86/mtrr: Check if fixed-range MTRRs exist in mtrr_save_fixed_ranges() Jiayi Li (1): usb: quirks: Add NO_LPM quirk for SanDisk Extreme 55AE Jiayuan Chen (1): ktls, sockmap: Fix missing uncharge operation Jinliang Zheng (1): mm: fix ratelimit_pages update error in dirty_ratio_handler() Jonathan Lane (1): ALSA: hda/realtek: enable headset mic on Latitude 5420 Rugged Junxian Huang (1): RDMA/hns: Include hnae3.h in hns_roce_hw_v2.h Justin Sanders (1): aoe: clean device rq_list in aoedev_downdev() Kees Cook (2): drm/vkms: Adjust vkms_state->active_planes allocation type scsi: qedf: Use designated initializer for struct qed_fcoe_cb_ops Khem Raj (1): mips: Add -std= flag specified in KBUILD_CFLAGS to vdso CFLAGS Krzysztof Kozlowski (1): NFC: nci: uart: Set tty->disc_data only in success path Kuniyuki Iwashima (5): calipso: Don't call calipso functions for AF_INET sk. atm: Revert atm_account_tx() if copy_from_iter_full() fails. mpls: Use rcu_dereference_rtnl() in mpls_route_input_rcu(). atm: atmtcp: Free invalid length skb in atmtcp_c_send(). calipso: Fix null-ptr-deref in calipso_req_{set,del}attr(). Kyungwook Boo (1): i40e: fix MMIO write access to an invalid page in i40e_clear_hw Lad Prabhakar (1): usb: renesas_usbhs: Reorder clock handling and power management in probe Laurentiu Tudor (1): bus: fsl-mc: increase MC_CMD_COMPLETION_TIMEOUT_MS value Leo Yan (1): perf tests switch-tracking: Fix timestamp comparison Long Li (2): uio_hv_generic: Use correct size for interrupt and monitor pages sunrpc: update nextcheck time when adding new cache entries Luiz Augusto von Dentz (1): Bluetooth: L2CAP: Fix not responding with L2CAP_CR_LE_ENCRYPTION Ma Ke (1): media: v4l2-dev: fix error handling in __video_register_device() Marcus Folkesson (1): watchdog: da9052_wdt: respect TWDMIN Mathias Nyman (1): usb: Flush altsetting 0 endpoints before reinitializating them after reset. Maximilian Luz (1): platform: Add Surface platform directory Miaoqian Lin (1): firmware: psci: Fix refcount leak in psci_dt_init Michal Kubiak (1): ice: create new Tx scheduler nodes for new queues only Mikulas Patocka (1): dm-mirror: fix a tiny race condition Mingcong Bai (1): wifi: rtlwifi: disable ASPM for RTL8723BE with subsystem ID 11ad:1723 Moon Yeounsu (1): net: dlink: add synchronization for stats update Murad Masimov (1): fbdev: Fix fb_set_var to prevent null-ptr-deref in fb_videomode_to_var Narayana Murty N (1): powerpc/eeh: Fix missing PE bridge reconfiguration during VFIO EEH recovery Nas Chung (1): media: uapi: v4l: Fix V4L2_TYPE_IS_OUTPUT condition Nathan Chancellor (3): MIPS: Move '-Wa,-msoft-float' check from as-option to cc-option drm/amd/display: Do not add '-mhard-float' to dml_ccflags for clang drm/amd/display: Do not add '-mhard-float' to dcn2{1,0}_resource.o for clang Neal Cardwell (1): tcp: fix tcp_packet_delayed() for tcp_is_non_sack_preventing_reopen() behavior NeilBrown (1): nfsd: nfsd4_spo_must_allow() must check this is a v4 compound request Neill Kapron (1): selftests/seccomp: fix syscall_restart test for arm compat Nick Desaulniers (1): x86/boot/compressed: prefer cc-option for CFLAGS additions Nicolas Pitre (1): vt: remove VT_RESIZE and VT_RESIZEX from vt_compat_ioctl() Nikita Zhandarovich (1): net: usb: aqc111: fix error handling of usbnet read calls Niravkumar L Rabara (1): EDAC/altera: Use correct write width with the INTTEST register Oleg Nesterov (1): posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() Oliver Neukum (1): net: usb: aqc111: debug info before sanitation Pan Taixi (1): tracing: Fix compilation warning on arm32 Patrisious Haddad (1): net/mlx5: Fix return value when searching for existing flow group Paul Blakey (1): net/mlx5: Wait for inactive autogroups Peter Marheine (1): ACPI: battery: negate current when discharging Peter Oberparleiter (1): scsi: s390: zfcp: Ensure synchronous unit_add Peter Zijlstra (1): perf: Fix sample vs do_exit() Petr Malat (1): sctp: Do not wake readers in __sctp_write_space() Phillip Lougher (1): Squashfs: check return result of sb_min_blocksize Qasim Ijaz (1): net: ch9200: fix uninitialised access during mii_nway_restart Qing Wang (1): perf/core: Fix broken throttling when max_samples_per_tick=1 Qiuxu Zhuo (1): EDAC/skx_common: Fix general protection fault Quentin Schulz (1): arm64: dts: rockchip: disable unrouted USB controllers and PHY on RK3399 Puma with Haikou Rafael J. Wysocki (1): PM: sleep: Fix power.is_suspended cleanup for direct-complete devices Robert Malz (2): i40e: return false from i40e_reset_vf if reset is in progress i40e: retry VFLR handling if there is ongoing VF reset Ross Stutterheim (1): ARM: 9447/1: arm/memremap: fix arch_memremap_can_ram_remap() Ryusuke Konishi (1): nilfs2: do not propagate ENOENT error from nilfs_btree_propagate() Sebastian Andrzej Siewior (1): ipv4/route: Use this_cpu_inc() for stats on PREEMPT_RT Sergey Senozhatsky (1): thunderbolt: Do not double dequeue a configuration request Sergey Shtylyov (1): fbdev: core: fbcvt: avoid division by 0 in fb_cvt_hperiod() Sergio Perez Gonzalez (1): net: macb: Check return value of dma_set_mask_and_coherent() Seunghun Han (2): ACPICA: fix acpi operand cache leak in dswstate.c ACPICA: fix acpi parse and parseext cache leaks Shengyu Qu (1): ARM: dts: am335x-bone-common: Add GPIO PHY reset on revision C3 board Simon Schuster (1): nios2: force update_mmu_cache on spurious tlb-permission--related pagefaults Srinivasan Shanmugam (1): drm/amd/display: Add NULL pointer checks in dm_force_atomic_commit() Stefano Stabellini (1): xen/arm: call uaccess_ttbr0_enable for dm_op hypercall Stephen Smalley (1): selinux: fix selinux_xfrm_alloc_user() to set correct ctx_len Stuart Hayes (1): platform/x86: dell_rbu: Stop overwriting data buffer Su Hui (1): soc: aspeed: lpc: Fix impossible judgment condition Sukrut Bellary (1): ARM: OMAP2+: Fix l4ls clk domain handling in STANDBY Takashi Iwai (1): ALSA: hda/intel: Add Thinkpad E15 to PM deny list Tan En De (1): i2c: designware: Invoke runtime suspend on quick slave re-registration Tao Chen (1): bpf: Fix WARN() in get_bpf_raw_tp_regs Tasos Sahanidis (1): ata: pata_via: Force PIO for ATAPI devices on VT6415/VT6330 Tengda Wu (1): arm64/ptrace: Fix stack-out-of-bounds read in regs_get_kernel_stack_nth() Terry Junge (1): HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse() Thadeu Lima de Souza Cascardo (1): ext4: inline: fix len overflow in ext4_prepare_inline_data Thangaraj Samynathan (1): net: lan743x: rename lan743x_reset_phy to lan743x_hw_reset_phy Toke Høiland-Jørgensen (1): wifi: ath9k_htc: Abort software beacon handling if disabled Viresh Kumar (1): cpufreq: Force sync policy boost with global boost on sysfs update WangYuli (1): Input: sparcspkr - avoid unannotated fall-through Wentao Liang (6): nilfs2: add pointer check for nilfs_direct_propagate() media: gspca: Add error handling for stv06xx_read_sensor() mtd: rawnand: sunxi: Add randomizer configuration in sunxi_nfc_hw_ecc_write_chunk mtd: nand: sunxi: Add randomizer configuration before randomizer enable regulator: max14577: Add error check for max14577_read_reg() media: platform: exynos4-is: Add hardware sync wait to fimc_is_hw_change_mode() Wolfram Sang (3): ARM: dts: at91: usb_a9263: fix GPIO for Dataflash chip select ARM: dts: at91: at91sam9263: fix NAND chip selects rtc: sh: assign correct interrupts with DT Ye Bin (1): ftrace: Fix UAF when lookup kallsym after ftrace disabled Zhiguo Niu (2): f2fs: use d_inode(dentry) cleanup dentry->d_inode f2fs: fix to correct check conditions in f2fs_cross_rename Zijun Hu (4): PM: wakeup: Delete space in the end of string shown by pm_show_wakelocks() fs/filesystems: Fix potential unsigned integer underflow in fs_name() configfs: Do not override creating attribute file failure in populate_attrs() sock: Correct error checking condition for (assign|release)_proto_idx() zhang songyi (1): Input: synaptics-rmi4 - convert to use sysfs_emit() APIs

4 months, 2 weeks

1
1
0 0

[PATCH 6.15 000/589] 6.15.4-rc3 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.15.4 release. There are 589 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 28 Jun 2025 10:51:38 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.15.4-rc3… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.15.4-rc3 Dillon Varone <Dillon.Varone(a)amd.com> Revert "drm/amd/display: Fix VUpdate offset calculations for dcn401" Gao Xiang <xiang(a)kernel.org> erofs: remove a superfluous check for encoded extents Gao Xiang <xiang(a)kernel.org> erofs: refuse crafted out-of-file-range encoded extents Pali Rohár <pali(a)kernel.org> cifs: Remove duplicate fattr->cf_dtype assignment from wsl_to_fattr() function Lukas Wunner <lukas(a)wunner.de> PCI: pciehp: Ignore belated Presence Detect Changed caused by DPC David Thompson <davthompson(a)nvidia.com> gpio: mlxbf3: only get IRQ for device instance 0 Miquel Raynal <miquel.raynal(a)bootlin.com> mtd: spinand: winbond: Prevent unsupported frequencies on dual/quad I/O variants Miquel Raynal <miquel.raynal(a)bootlin.com> mtd: spinand: Use more specific naming for the (quad IO) read from cache ops Miquel Raynal <miquel.raynal(a)bootlin.com> mtd: spinand: Use more specific naming for the (quad output) read from cache ops Miquel Raynal <miquel.raynal(a)bootlin.com> mtd: spinand: Use more specific naming for the (dual IO) read from cache ops Miquel Raynal <miquel.raynal(a)bootlin.com> mtd: spinand: Use more specific naming for the (dual output) read from cache ops Miquel Raynal <miquel.raynal(a)bootlin.com> mtd: spinand: Use more specific naming for the (single) read from cache ops Rik van Riel <riel(a)surriel.com> x86/mm: Fix early boot use of INVPLGB Ian Rogers <irogers(a)google.com> perf test: Directory file descriptor leak Ian Rogers <irogers(a)google.com> perf evsel: Missed close() when probing hybrid core PMUs Sascha Hauer <s.hauer(a)pengutronix.de> gpio: pca953x: fix wrong error probe return value Anup Patel <apatel(a)ventanamicro.com> RISC-V: KVM: Don't treat SBI HFENCE calls as NOPs Anup Patel <apatel(a)ventanamicro.com> RISC-V: KVM: Fix the size parameter check in SBI SFENCE calls Vitaliy Shevtsov <v.shevtsov(a)mt-integration.ru> scsi: elx: efct: Fix memory leak in efct_hw_parse_filter() Tengda Wu <wutengda(a)huaweicloud.com> arm64/ptrace: Fix stack-out-of-bounds read in regs_get_kernel_stack_nth() Luo Gengkun <luogengkun(a)huaweicloud.com> perf/core: Fix WARN in perf_cgroup_switch() Peter Zijlstra <peterz(a)infradead.org> perf: Fix cgroup state vs ERROR Peter Zijlstra <peterz(a)infradead.org> perf: Fix sample vs do_exit() Bagas Sanjaya <bagasdotme(a)gmail.com> Documentation: nouveau: Update GSP message queue kernel-doc reference Steven Rostedt <rostedt(a)goodmis.org> tracing: Do not free "head" on error path of filter_free_subsystem_filters() Benjamin Marzinski <bmarzins(a)redhat.com> dm-table: check BLK_FEAT_ATOMIC_WRITES inside limits_lock Lukas Bulwahn <lukas.bulwahn(a)redhat.com> x86/its: Fix an ifdef typo in its_alloc() Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> EDAC/igen6: Fix NULL pointer dereference Stefan Metzmacher <metze(a)samba.org> smb: client: fix max_sge overflow in smb_extract_folioq_to_rdma() zhangjian <zhangjian496(a)huawei.com> smb: client: fix first command failure during re-negotiation Alex Elder <elder(a)riscstar.com> i2c: k1: check for transfer error Paul Aurich <paul(a)darkrain42.org> smb: Log an error when close_all_cached_dirs fails Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel: Fix crash in icl_update_topdown_event() Akhil R <akhilrajeev(a)nvidia.com> dt-bindings: i2c: nvidia,tegra20-i2c: Specify the required properties Avadhut Naik <avadhut.naik(a)amd.com> EDAC/amd64: Correct number of UMCs for family 19h models 70h-7fh Dave Hansen <dave.hansen(a)linux.intel.com> x86/mm: Disable INVLPGB when PTI is enabled Mark Rutland <mark.rutland(a)arm.com> KVM: arm64: VHE: Synchronize restore of host debug registers Jakub Kicinski <kuba(a)kernel.org> tools: ynl: fix mixing ops and notifications on one socket Donald Hunter <donald.hunter(a)gmail.com> tools: ynl: parse extack for sub-messages Eric Dumazet <edumazet(a)google.com> net: atm: fix /proc/net/atm/lec handling Eric Dumazet <edumazet(a)google.com> net: atm: add lec_mutex David Thompson <davthompson(a)nvidia.com> mlxbf_gige: return EPROBE_DEFER if PHY IRQ is not available Kuniyuki Iwashima <kuniyu(a)google.com> calipso: Fix null-ptr-deref in calipso_req_{set,del}attr(). Vinay Belgaumkar <vinay.belgaumkar(a)intel.com> drm/xe/bmg: Update Wa_16023588340 Ronnie Sahlberg <rsahlberg(a)whamcloud.com> ublk: santizize the arguments from userspace when adding a device Alexey Kodanev <aleksei.kodanev(a)bell-sw.com> net: lan743x: fix potential out-of-bounds write in lan743x_ptp_io_event_clock_get() Jakub Kicinski <kuba(a)kernel.org> eth: fbnic: avoid double free when failing to DMA-map FW msg David Wei <dw(a)davidwei.uk> tcp: fix passive TFO socket having invalid NAPI ID Haixia Qu <hxqu(a)hillstonenet.com> tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer Hariprasad Kelam <hkelam(a)marvell.com> Octeontx2-pf: Fix Backpresure configuration Jesse.Zhang <Jesse.Zhang(a)amd.com> drm/amdkfd: move SDMA queue reset capability check to node_show Penglei Jiang <superman.xpt(a)gmail.com> io_uring: fix potential page leak in io_sqe_buffer_register() Neal Cardwell <ncardwell(a)google.com> tcp: fix tcp_packet_delayed() for tcp_is_non_sack_preventing_reopen() behavior Kuniyuki Iwashima <kuniyu(a)google.com> atm: atmtcp: Free invalid length skb in atmtcp_c_send(). Kuniyuki Iwashima <kuniyu(a)google.com> mpls: Use rcu_dereference_rtnl() in mpls_route_input_rcu(). Dmitry Antipov <dmantipov(a)yandex.ru> wifi: carl9170: do not ping device which has failed to load firmware Vladimir Oltean <vladimir.oltean(a)nxp.com> ptp: allow reading of currently dialed frequency to succeed on free-running clocks Vladimir Oltean <vladimir.oltean(a)nxp.com> ptp: fix breakage after ptp_vclock_in_use() rework Pavan Chebbi <pavan.chebbi(a)broadcom.com> bnxt_en: Update MRU and RSS table of RSS contexts on queue reset Pavan Chebbi <pavan.chebbi(a)broadcom.com> bnxt_en: Add a helper function to configure MRU and RSS Kalesh AP <kalesh-anakkur.purayil(a)broadcom.com> bnxt_en: Fix double invocation of bnxt_ulp_stop()/bnxt_ulp_start() Mina Almasry <almasrymina(a)google.com> net: netmem: fix skb_ensure_writable with unreadable skbs Meghana Malladi <m-malladi(a)ti.com> net: ti: icssg-prueth: Fix packet handling for XDP_TX Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: add free_transport ops in ksmbd connection Chuyi Zhou <zhouchuyi(a)bytedance.com> workqueue: Initialize wq_isolated_cpumask in workqueue_init_early() Vitaly Lifshits <vitaly.lifshits(a)intel.com> e1000e: set fixed clock frequency indication for Nahum 11 and Nahum 13 Grzegorz Nitka <grzegorz.nitka(a)intel.com> ice: fix eswitch code memory leak in reset scenario Krishna Kumar <krikku(a)gmail.com> net: ice: Perform accurate aRFS flow match Jens Axboe <axboe(a)kernel.dk> io_uring/sqpoll: don't put task_struct on tctx setup failure Justin Sanders <jsanders.devel(a)gmail.com> aoe: clean device rq_list in aoedev_downdev() Simon Horman <horms(a)kernel.org> pldmfw: Select CRC32 when PLDMFW is selected Nuno Sá <nuno.sa(a)analog.com> hwmon: (ltc4282) avoid repeated register write Arnd Bergmann <arnd(a)arndb.de> hwmon: (occ) fix unaligned accesses Arnd Bergmann <arnd(a)arndb.de> hwmon: (occ) Rework attribute registration for stack usage Tzung-Bi Shih <tzungbi(a)kernel.org> drm/i915/pmu: Fix build error with GCOV and AutoFDO enabled Jacob Keller <jacob.e.keller(a)intel.com> drm/nouveau/bl: increase buffer size to avoid truncate warning Zhi Wang <zhiw(a)nvidia.com> drm/nouveau: fix a use-after-free in r535_gsp_rpc_push() Ben Skeggs <bskeggs(a)nvidia.com> drm/nouveau/gsp: split rpc handling out on its own Brett Creeley <brett.creeley(a)amd.com> ionic: Prevent driver/fw getting out of sync on devcmd(s) John Keeping <jkeeping(a)inmusicbrands.com> drm/ssd130x: fix ssd132x_clear_screen() columns Connor Abbott <cwabbott0(a)gmail.com> drm/msm/a7xx: Call CP_RESET_CONTEXT_STATE Connor Abbott <cwabbott0(a)gmail.com> drm/msm: Fix CP_RESET_CONTEXT_STATE bitfield names Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> drm/msm/dsi/dsi_phy_10nm: Fix missing initial VCO rate James A. MacInnes <james.a.macinnes(a)gmail.com> drm/msm/disp: Correct porch timing for SDM845 James A. MacInnes <james.a.macinnes(a)gmail.com> drm/msm/dp: Disable wide bus support for SDM845 Bharath SM <bharathsm(a)microsoft.com> smb: fix secondary channel creation issue with kerberos by populating hostname when adding channels Maíra Canal <mcanal(a)igalia.com> drm/v3d: Avoid NULL pointer dereference in `v3d_job_update_stats()` Maarten Lankhorst <dev(a)lankhorst.se> drm/xe/svm: Fix regression disallowing 64K SVM migration Jens Axboe <axboe(a)kernel.dk> io_uring/net: always use current transfer count for buffer put Jeff Layton <jlayton(a)kernel.org> sunrpc: handle SVC_GARBAGE during svc auth processing as auth error Jeff Layton <jlayton(a)kernel.org> nfsd: use threads array as-is in netlink interface Gao Xiang <xiang(a)kernel.org> erofs: remove unused trace event erofs_destroy_inode SeongJae Park <sj(a)kernel.org> mm/madvise: handle madvise_lock() failure during race unwinding Aditya Garg <gargaditya08(a)live.com> drm/appletbdrm: Make appletbdrm depend on X86 Richard Fitzgerald <rf(a)opensource.cirrus.com> ALSA: hda/realtek: Add quirk for Asus GU605C Chris Chiu <chris.chiu(a)canonical.com> ALSA: hda/realtek: Fix built-in mic on ASUS VivoBook X513EA Jonathan Lane <jon(a)borg.moe> ALSA: hda/realtek: enable headset mic on Latitude 5420 Rugged Edip Hazuri <edip(a)medip.dev> ALSA: hda/realtek - Add mute LED support for HP Victus 16-s1xxx and HP Victus 15-fa1xxx Takashi Iwai <tiwai(a)suse.de> ALSA: hda/intel: Add Thinkpad E15 to PM deny list wangdicheng <wangdicheng(a)kylinos.cn> ALSA: usb-audio: Rename ALSA kcontrol PCM and PCM1 for the KTMicro sound card Dev Jain <dev.jain(a)arm.com> arm64: Restrict pagetable teardown to avoid false warning Binbin Zhou <zhoubinbin(a)loongson.cn> gpio: loongson-64bit: Correct Loongson-7A2000 ACPI GPIO access mode Zhi Wang <zhiw(a)nvidia.com> drm/nouveau/nvkm: introduce new GSP reply policy NVKM_GSP_RPC_REPLY_POLL Zhi Wang <zhiw(a)nvidia.com> drm/nouveau/nvkm: factor out current GSP RPC command policies Kuniyuki Iwashima <kuniyu(a)google.com> atm: Revert atm_account_tx() if copy_from_iter_full() fails. Tejun Heo <tj(a)kernel.org> sched_ext, sched/core: Don't call scx_group_set_weight() prematurely from sched_create_group() Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> platform/x86/intel-uncore-freq: Fail module load when plat_info is NULL Stephen Smalley <stephen.smalley.work(a)gmail.com> selinux: fix selinux_xfrm_alloc_user() to set correct ctx_len Kurt Borja <kuurtb(a)gmail.com> Revert "platform/x86: alienware-wmi-wmax: Add G-Mode support to Alienware m16 R1" Rong Zhang <i(a)rong.moe> platform/x86: ideapad-laptop: use usleep_range() for EC polling Steven Rostedt <rostedt(a)goodmis.org> fgraph: Do not enable function_graph tracer when setting funcgraph-args Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix null pointer dereference in destroy_previous_session Xin Li (Intel) <xin(a)zytor.com> selftests/x86: Add a test to detect infinite SIGTRAP handler loop Kai Huang <kai.huang(a)intel.com> x86/virt/tdx: Avoid indirect calls to TDX assembly functions Mike Rapoport (Microsoft) <rppt(a)kernel.org> Revert "mm/execmem: Unify early execmem_cache behaviour" Peter Zijlstra (Intel) <peterz(a)infradead.org> x86/its: explicitly manage permissions for ITS pages Mike Rapoport (Microsoft) <rppt(a)kernel.org> x86/its: move its_pages array to struct mod_arch_specific Mike Rapoport (Microsoft) <rppt(a)kernel.org> x86/Kconfig: only enable ROX cache in execmem when STRICT_MODULE_RWX is set Juergen Gross <jgross(a)suse.com> x86/mm/pat: don't collapse pages without PSE set Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> mm/vma: reset VMA iterator on commit_merge() OOM failure Marek Szyprowski <m.szyprowski(a)samsung.com> udmabuf: use sgtable-based scatterlist wrappers Ryan Roberts <ryan.roberts(a)arm.com> mm: close theoretical race where stale TLB entries could linger Jakub Kicinski <kuba(a)kernel.org> net: clear the dst when changing skb protocol Eric Dumazet <edumazet(a)google.com> net_sched: sch_sfq: reject invalid perturb period Jens Axboe <axboe(a)kernel.dk> nvme: always punt polled uring_cmd end_io work to task_work Peter Oberparleiter <oberpar(a)linux.ibm.com> scsi: s390: zfcp: Ensure synchronous unit_add Dexuan Cui <decui(a)microsoft.com> scsi: storvsc: Increase the timeouts to storvsc_timeout Bharath SM <bharathsm.hsk(a)gmail.com> smb: improve directory cache reuse for readdir operations Steven Rostedt <rostedt(a)goodmis.org> tracing: Fix regression of filter waiting a long time on RCU synchronization Shyam Prasad N <sprasad(a)microsoft.com> cifs: do not disable interface polling on failure Shyam Prasad N <sprasad(a)microsoft.com> cifs: serialize other channels when query server interfaces is pending Shyam Prasad N <sprasad(a)microsoft.com> cifs: deal with the channel loading lag while picking channels Fedor Pchelkin <pchelkin(a)ispras.ru> jffs2: check jffs2_prealloc_raw_node_refs() result in few other places Artem Sadovnikov <a.sadovnikov(a)ispras.ru> jffs2: check that raw node were preallocated before writing summary Jaroslav Kysela <perex(a)perex.cz> firmware: cs_dsp: Fix OOB memory read access in KUnit test (wmfw info) Jaroslav Kysela <perex(a)perex.cz> firmware: cs_dsp: Fix OOB memory read access in KUnit test (ctl cache) Tianyang Zhang <zhangtianyang(a)loongson.cn> LoongArch: Fix panic caused by NULL-PMD in huge_pte_offset() Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Avoid using $r0/$r1 as "mask" for csrxchg Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> LoongArch: vDSO: Correctly use asm parameters in syscall wrappers Yao Zi <ziyao(a)disroot.org> platform/loongarch: laptop: Add backlight power control support Yao Zi <ziyao(a)disroot.org> platform/loongarch: laptop: Unregister generic_sub_drivers on exit Yao Zi <ziyao(a)disroot.org> platform/loongarch: laptop: Get brightness setting from EC on probe Andrew Morton <akpm(a)linux-foundation.org> drivers/rapidio/rio_cm.c: prevent possible heap overwrite Penglei Jiang <superman.xpt(a)gmail.com> io_uring: fix task leak issue in io_wq_create() Jens Axboe <axboe(a)kernel.dk> io_uring/rsrc: validate buffer count with offset for cloning Jens Axboe <axboe(a)kernel.dk> io_uring/kbuf: don't truncate end buffer for multiple buffer peeks Luis Henriques <luis(a)igalia.com> fs: drop assert in file_seek_cur_needs_f_lock Narayana Murty N <nnmlinux(a)linux.ibm.com> powerpc/eeh: Fix missing PE bridge reconfiguration during VFIO EEH recovery Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/vdso: Fix build of VDSO32 with pcrel Amir Goldstein <amir73il(a)gmail.com> ovl: fix debug print in case of mkdir error Stuart Hayes <stuart.w.hayes(a)gmail.com> platform/x86: dell_rbu: Stop overwriting data buffer Stuart Hayes <stuart.w.hayes(a)gmail.com> platform/x86: dell_rbu: Fix list usage Mario Limonciello <mario.limonciello(a)amd.com> platform/x86/amd: pmf: Prevent amd_pmf_tee_deinit() from running twice Mario Limonciello <mario.limonciello(a)amd.com> platform/x86/amd: pmf: Use device managed allocations Mario Limonciello <mario.limonciello(a)amd.com> platform/x86/amd: pmc: Clear metrics table at start of cycle Stephen Smalley <stephen.smalley.work(a)gmail.com> fs/xattr.c: fix simple_xattr_list() Alexander Sverdlin <alexander.sverdlin(a)gmail.com> Revert "bus: ti-sysc: Probe for l4_wkup and l4_cfg interconnect devices first" Jann Horn <jannh(a)google.com> tee: Prevent size calculation wraparound on 32-bit kernels Sukrut Bellary <sbellary(a)baylibre.com> ARM: OMAP2+: Fix l4ls clk domain handling in STANDBY Laurentiu Tudor <laurentiu.tudor(a)nxp.com> bus: fsl-mc: increase MC_CMD_COMPLETION_TIMEOUT_MS value Jarkko Nikula <jarkko.nikula(a)linux.intel.com> i3c: mipi-i3c-hci: Fix handling status of i3c_hci_irq_handler() Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> watchdog: stm32: Fix wakeup source leaks on device unbind Marcus Folkesson <marcus.folkesson(a)gmail.com> watchdog: da9052_wdt: respect TWDMIN Kees Cook <kees(a)kernel.org> wifi: iwlwifi: mld: Work around Clang loop unrolling bug Kees Cook <kees(a)kernel.org> fbcon: Make sure modelist not set on unregistered console Vlad Dogaru <vdogaru(a)nvidia.com> net/mlx5: HWS, Harden IP version definer checks Suraj P Kizhakkethil <quic_surapk(a)quicinc.com> wifi: ath12k: Pass correct values of center freq1 and center freq2 for 160 MHz Balamurugan S <quic_bselvara(a)quicinc.com> wifi: ath12k: fix incorrect CE addresses Hari Chandrakanthan <quic_haric(a)quicinc.com> wifi: ath12k: fix link valid field initialization in the monitor Rx Baochen Qiang <quic_bqiang(a)quicinc.com> wifi: ath11k: determine PM policy based on machine model Sidhanta Sahu <sidhanta.sahu(a)oss.qualcomm.com> wifi: ath12k: Fix memory leak due to multiple rx_stats allocation Sriram R <quic_srirrama(a)quicinc.com> wifi: ath12k: Fix the enabling of REO queue lookup table feature Pradeep Kumar Chitrapu <quic_pradeepc(a)quicinc.com> wifi: ath12k: Fix incorrect rates sent to firmware Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtw88: Set AMPDU factor to hardware for RTL8814A Wentao Liang <vulab(a)iscas.ac.cn> octeontx2-pf: Add error log forcn10k_map_unmap_rq_policer() Linus Walleij <linus.walleij(a)linaro.org> net: ethernet: cortina: Use TOE/TSO on all TCP Jiayuan Chen <jiayuan.chen(a)linux.dev> bpf, sockmap: Fix data lost during EAGAIN retries Chao Yu <chao(a)kernel.org> f2fs: fix to set atomic write status more clear Krzysztof Hałasa <khalasa(a)piap.pl> usbnet: asix AX88772: leave the carrier control to phylink Mateusz Pacuszka <mateuszx.pacuszka(a)intel.com> ice: fix check for existing switch rule Chen Linxuan <chenlinxuan(a)uniontech.com> RDMA/hns: initialize db in update_srq_db() Rand Deeb <rand.sec96(a)gmail.com> ixgbe: Fix unreachable retry logic in combined and byte I2C write functions Kyungwook Boo <bookyungwook(a)gmail.com> i40e: fix MMIO write access to an invalid page in i40e_clear_hw Zijun Hu <quic_zijuhu(a)quicinc.com> sock: Correct error checking condition for (assign|release)_proto_idx() Daniel Wagner <wagi(a)kernel.org> scsi: lpfc: Use memcpy() for BIOS version Aditya Kumar Singh <aditya.kumar.singh(a)oss.qualcomm.com> wifi: ath12k: fix failed to set mhi state error during reboot with hardware grouping Mike Looijmans <mike.looijmans(a)topic.nl> pinctrl: mcp23s08: Reset all pins to input at probe Jonas 'Sortie' Termansen <sortie(a)maxsi.org> isofs: fix Y2038 and Y2156 issues in Rock Ridge TF entry Baochen Qiang <quic_bqiang(a)quicinc.com> wifi: ath12k: make assoc link associate first Zijun Hu <quic_zijuhu(a)quicinc.com> software node: Correct a OOB check in software_node_get_reference_args() Michael Walle <mwalle(a)kernel.org> net: ethernet: ti: am65-cpsw: handle -EPROBE_DEFER Sarika Sharma <quic_sarishar(a)quicinc.com> wifi: ath12k: using msdu end descriptor to check for rx multicast packets Sarika Sharma <quic_sarishar(a)quicinc.com> wifi: ath12k: correctly handle mcast packets for clients Ido Schimmel <idosch(a)nvidia.com> vxlan: Add RCU read-side critical sections in the Tx path Kalesh AP <kalesh-anakkur.purayil(a)broadcom.com> bnxt_en: Remove unused field "ref_count" in struct bnxt_ulp Ido Schimmel <idosch(a)nvidia.com> vxlan: Do not treat dst cache initialization errors as fatal Yong Wang <yongwang(a)nvidia.com> net: bridge: mcast: re-implement br_multicast_{enable, disable}_port functions Yong Wang <yongwang(a)nvidia.com> net: bridge: mcast: update multicast contex when vlan state is changed Víctor Gonzalo <victor.gonzalo(a)anddroptable.net> wifi: iwlwifi: Add missing MODULE_FIRMWARE for Qu-c0-jf-b0 Toke Høiland-Jørgensen <toke(a)toke.dk> Revert "mac80211: Dynamically set CoDel parameters per station" Muna Sinada <muna.sinada(a)oss.qualcomm.com> wifi: mac80211: VLAN traffic in multicast path Shung-Hsi Yu <shung-hsi.yu(a)suse.com> bpf: Use proper type to calculate bpf_raw_tp_null_args.mask index Vlad Dogaru <vdogaru(a)nvidia.com> net/mlx5: HWS, Fix IP version decision Joe Damato <jdamato(a)fastly.com> netdevsim: Mark NAPI ID on skb in nsim_rcv Edward Adam Davis <eadavis(a)qq.com> wifi: mac80211_hwsim: Prevent tsf from setting if beacon is disabled Kuan-Chung Chen <damon.chen(a)realtek.com> wifi: rtw89: 8922a: fix TX fail with wrong VCO setting Miri Korenblit <miriam.rachel.korenblit(a)intel.com> wifi: iwlwifi: pcie: make sure to lock rxq->read Sean Christopherson <seanjc(a)google.com> iommu/amd: Ensure GA log notifier callbacks finish running before module unload David Strahan <david.strahan(a)microchip.com> scsi: smartpqi: Add new PCI IDs Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Fix lpfc_check_sli_ndlp() handling for GEN_REQUEST64 commands Alan Maguire <alan.maguire(a)oracle.com> libbpf: Add identical pointer detection to btf_dedup_is_equiv() Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_set_pipapo: clamp maximum map bucket size to INT_MAX Steven Rostedt <rostedt(a)goodmis.org> tracing: Only return an adjusted address if it matches the kernel address Chao Yu <chao(a)kernel.org> f2fs: fix to bail out in get_new_segment() Miri Korenblit <miriam.rachel.korenblit(a)intel.com> wifi: iwlwifi: mld: check for NULL before referencing a pointer Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: dvm: pair transport op-mode enter/leave Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: mvm: fix beacon CCK flag Tiezhu Yang <yangtiezhu(a)loongson.cn> rtla: Define __NR_sched_setattr for LoongArch Corey Minyard <corey(a)minyard.net> ipmi:ssif: Fix a shutdown race Luke D. Jones <luke(a)ljones.dev> hid-asus: check ROG Ally MCU version and warn Heiko Stuebner <heiko(a)sntech.de> clk: rockchip: rk3036: mark ddrphy as critical Martin KaFai Lau <martin.lau(a)kernel.org> bpftool: Fix cgroup command to only show cgroup bpf programs Benjamin Berg <benjamin(a)sipsolutions.net> wifi: mac80211: do not offer a mesh path if forwarding is disabled Salah Triki <salah.triki(a)gmail.com> wireless: purelifi: plfxlc: fix memory leak in plfxlc_usb_wreq_asyn() Benjamin Berg <benjamin.berg(a)intel.com> wifi: iwlwifi: mld: call thermal exit without wiphy lock held Yuuki NAGAO <wf.yn386(a)gmail.com> wifi: rtw88: rtw8822bu VID/PID for BUFFALO WI-U2-866DM Stefan Wahren <wahrenst(a)gmx.net> net: vertexcom: mse102x: Return code for mse102x_rx_pkt_spi Jason Xing <kernelxing(a)tencent.com> net: mlx4: add SOF_TIMESTAMPING_TX_SOFTWARE flag when getting ts info Yevgeny Kliteynik <kliteyn(a)nvidia.com> net/mlx5: HWS, fix counting of rules in the matcher Gabor Juhos <j4g8y7(a)gmail.com> pinctrl: armada-37xx: propagate error from armada_37xx_gpio_get() Mykyta Yatsenko <yatsenko(a)meta.com> libbpf: Check bpf_map_skeleton link for NULL Gabor Juhos <j4g8y7(a)gmail.com> pinctrl: armada-37xx: propagate error from armada_37xx_pmx_gpio_set_direction() Jason Xing <kernelxing(a)tencent.com> net: stmmac: generate software timestamp just before the doorbell Ilya Leoshkevich <iii(a)linux.ibm.com> bpf: Pass the same orig_call value to trampoline functions Gabor Juhos <j4g8y7(a)gmail.com> pinctrl: armada-37xx: propagate error from armada_37xx_gpio_get_direction() Gabor Juhos <j4g8y7(a)gmail.com> pinctrl: armada-37xx: propagate error from armada_37xx_pmx_set_by_name() Jason Xing <kernelxing(a)tencent.com> net: atlantic: generate software timestamp just before the doorbell Dimitri Fedrau <dima.fedrau(a)gmail.com> net: phy: marvell-88q2xxx: Enable temperature measurement in probe again Leon Romanovsky <leon(a)kernel.org> xfrm: validate assignment of maximal possible SEQ number Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> net: page_pool: Don't recycle into cache on PREEMPT_RT Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> ipv4/route: Use this_cpu_inc() for stats on PREEMPT_RT Andrew Zaborowski <andrew.zaborowski(a)intel.com> x86/sgx: Prevent attempts to reclaim poisoned pages Eric Dumazet <edumazet(a)google.com> tcp: add receive queue awareness in tcp_rcv_space_adjust() Eric Dumazet <edumazet(a)google.com> tcp: fix initial tp->rcvq_space.space value for passive TS enabled flows Eric Dumazet <edumazet(a)google.com> tcp: remove zero TCP TS samples for autotuning Eric Dumazet <edumazet(a)google.com> tcp: always seek for minimal rtt in tcp_rcv_rtt_update() Dian-Syuan Yang <dian_syuan0116(a)realtek.com> wifi: rtw89: leave idle mode when setting WEP encryption for AP mode Mario Limonciello <mario.limonciello(a)amd.com> iommu/amd: Allow matching ACPI HID devices without matching UIDs Muhammad Usama Anjum <usama.anjum(a)collabora.com> wifi: ath11k: Fix QMI memory reuse logic Baochen Qiang <quic_bqiang(a)quicinc.com> wifi: ath12k: fix a possible dead lock caused by ab->base_lock Kang Yang <kang.yang(a)oss.qualcomm.com> wifi: ath12k: fix macro definition HAL_RX_MSDU_PKT_LENGTH_GET Frank Wunderlich <frank-w(a)public-files.de> net: phy: mediatek: do not require syscon compatible for pio property Moon Yeounsu <yyyynoom(a)gmail.com> net: dlink: add synchronization for stats update Taniya Das <quic_tdas(a)quicinc.com> clk: qcom: gcc: Set FORCE_MEM_CORE_ON for gcc_ufs_axi_clk for 8650/8750 Taniya Das <quic_tdas(a)quicinc.com> clk: qcom: gcc-x1e80100: Set FORCE MEM CORE for UFS clocks Tali Perry <tali.perry1(a)gmail.com> i2c: npcm: Add clock toggle recovery Hector Martin <marcan(a)marcan.st> i2c: pasemi: Enable the unjam machine Akhil R <akhilrajeev(a)nvidia.com> i2c: tegra: check msg length in SMBUS block read Mike Tipton <quic_mdtipton(a)quicinc.com> cpufreq: scmi: Skip SCMI devices that aren't used by the CPUs Alan Maguire <alan.maguire(a)oracle.com> libbpf/btf: Fix string handling to support multi-split BTF Petr Malat <oss(a)malat.biz> sctp: Do not wake readers in __sctp_write_space() Aditya Kumar Singh <aditya.kumar.singh(a)oss.qualcomm.com> wifi: mac80211: validate SCAN_FLAG_AP in scan request during MLO Leon Yen <leon.yen(a)mediatek.com> wifi: mt76: mt7925: introduce thermal protection Samuel Williams <sam8641(a)gmail.com> wifi: mt76: mt7921: add 160 MHz AP for mt7922 device Henk Vergonet <henk.vergonet(a)gmail.com> wifi: mt76: mt76x2: Add support for LiteOn WN4516R,WN4519R sunliming <sunliming(a)kylinos.cn> wifi: mt76: mt7996: fix uninitialized symbol warning Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Bluetooth: btmtksdio: Fix wakeup source leaks on device unbind Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Bluetooth: btmrvl_sdio: Fix wakeup source leaks on device unbind WangYuli <wangyuli(a)uniontech.com> Bluetooth: btusb: Add RTL8851BE device 0x0bda:0xb850 Jiande Lu <jiande.lu(a)mediatek.com> Bluetooth: btusb: Add new VID/PID 13d3/3630 for MT7925 Alok Tiwari <alok.a.tiwari(a)oracle.com> emulex/benet: correct command version selection in be_cmd_get_stats() Benjamin Lin <benjamin-jw.lin(a)mediatek.com> wifi: mt76: mt7996: drop fragments with multicast or broadcast RA Tan En De <ende.tan(a)starfivetech.com> i2c: designware: Invoke runtime suspend on quick slave re-registration Liwei Sun <sunliweis(a)126.com> Bluetooth: btusb: Add new VID/PID 13d3/3584 for MT7922 Hou Tao <houtao1(a)huawei.com> bpf: Check rcu_read_lock_trace_held() in bpf_map_lookup_percpu_elem() Chao Yu <chao(a)kernel.org> f2fs: use vmalloc instead of kvmalloc in .init_{,de}compress_ctx Zilin Guan <zilin(a)seu.edu.cn> tipc: use kfree_sensitive() for aead cleanup Rengarajan S <rengarajan.s(a)microchip.com> net: lan743x: Modify the EEPROM and OTP size for PCI1xxxx devices Sergio Perez Gonzalez <sperezglz(a)gmail.com> net: macb: Check return value of dma_set_mask_and_coherent() Antonin Godard <antonin.godard(a)bootlin.com> drm/panel: simple: Add POWERTIP PH128800T004-ZZA01 panel entry Nas Chung <nas.chung(a)chipsnmedia.com> media: qcom: venus: Fix uninitialized variable warning Lucas De Marchi <lucas.demarchi(a)intel.com> drm/xe/uc: Remove static from loop variable Victor Skvortsov <victor.skvortsov(a)amd.com> drm/amdgpu: Add indirect L1_TLB_CNTL reg programming for VFs Andy Yan <andy.yan(a)rock-chips.com> drm/rockchip: vop2: Make overlay layer select register configuration take effect by vsync Niklas Söderlund <niklas.soderlund+renesas(a)ragnatech.se> media: rcar-vin: Fix stride setting for RAW8 formats Simon Schuster <schuster.simon(a)siemens-energy.com> nios2: force update_mmu_cache on spurious tlb-permission--related pagefaults Shravan Chippa <shravan.chippa(a)microchip.com> media: i2c: imx334: update mode_3840x2160_regs array Wentao Liang <vulab(a)iscas.ac.cn> media: platform: exynos4-is: Add hardware sync wait to fimc_is_hw_change_mode() Hans Verkuil <hverkuil(a)xs4all.nl> media: tc358743: ignore video while HPD is low Amber Lin <Amber.Lin(a)amd.com> drm/amdkfd: Set SDMA_RLCx_IB_CNTL/SWITCH_INSIDE_IB Dmitry Baryshkov <lumag(a)kernel.org> drm/msm/dpu: don't select single flush for active CTL blocks Laurent Pinchart <laurent.pinchart+renesas(a)ideasonboard.com> media: renesas: vsp1: Fix media bus code setup on RWPF source pad Mario Limonciello <mario.limonciello(a)amd.com> drm/amd/display: Restructure DMI quirks TungYu Lu <tungyu.lu(a)amd.com> drm/amd/display: Correct prefetch calculation Lijo Lazar <lijo.lazar(a)amd.com> drm/amd/pm: Reset SMU v13.0.x custom settings Dylan Wolff <wolffd(a)comp.nus.edu.sg> jfs: Fix null-ptr-deref in jfs_ioc_trim Dillon Varone <dillon.varone(a)amd.com> drm/amd/display: Fix VUpdate offset calculations for dcn401 Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/gfx9: fix CSIB handling Samson Tam <Samson.Tam(a)amd.com> drm/amd/display: disable EASF narrow filter sharpening Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/gfx8: fix CSIB handling Zhang Yi <yi.zhang(a)huawei.com> ext4: prevent stale extent cache entries caused by concurrent get es_cache Long Li <leo.lilong(a)huawei.com> sunrpc: fix race in cache cleanup causing stale nextcheck time Lijo Lazar <lijo.lazar(a)amd.com> drm/amdgpu: Disallow partition query during reset Arvind Yadav <Arvind.Yadav(a)amd.com> drm/amdgpu: fix MES GFX mask Nicolas Dufresne <nicolas.dufresne(a)collabora.com> media: rkvdec: Initialize the m2m context before the controls Hans Verkuil <hverkuil(a)xs4all.nl> media: cec: extron-da-hd-4k-plus: Fix Wformat-truncation Dillon Varone <dillon.varone(a)amd.com> drm/amd/display: Fix Vertical Interrupt definitions for dcn32, dcn401 Kevin Gao <kevin.gao3(a)amd.com> drm/amd/display: Correct SSC enable detection for DCN351 Ovidiu Bunea <Ovidiu.Bunea(a)amd.com> drm/amd/display: Update IPS sequential_ono requirement checks Daniele Ceraolo Spurio <daniele.ceraolospurio(a)intel.com> drm/xe/vf: Fix guc_info debugfs for VFs Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> media: ti: cal: Fix wrong goto on error path Aditya Dutt <duttaditya18(a)gmail.com> jfs: fix array-index-out-of-bounds read in add_missing_indices Zhang Yi <yi.zhang(a)huawei.com> ext4: ext4: unify EXT4_EX_NOCACHE|NOFAIL flags in ext4_ext_remove_space() Harish Chegondi <harish.chegondi(a)intel.com> drm/xe: Use copy_from_user() instead of __copy_from_user() Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/gfx7: fix CSIB handling Qasim Ijaz <qasdev00(a)gmail.com> drm/ttm/tests: fix incorrect assert in ttm_bo_unreserve_bulk() Charlene Liu <Charlene.Liu(a)amd.com> drm/amd/display: fix zero value for APU watermark_c Nas Chung <nas.chung(a)chipsnmedia.com> media: uapi: v4l: Change V4L2_TYPE_IS_CAPTURE condition Sakari Ailus <sakari.ailus(a)linux.intel.com> media: ccs-pll: Better validate VT PLL branch Vicki Pfau <vi(a)endrift.com> drm: panel-orientation-quirks: Add ZOTAC Gaming Zone Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/gfx10: fix CSIB handling Tarang Raval <tarang.raval(a)siliconsignals.io> media: i2c: imx334: Fix runtime PM handling in remove function Fangzhi Zuo <Jerry.Zuo(a)amd.com> drm/amd/display: Do Not Consider DSC if Valid Config Not Found Akhil P Oommen <quic_akhilpo(a)quicinc.com> drm/msm/a6xx: Increase HFI response timeout Alexander Aring <aahringo(a)redhat.com> dlm: use SHUT_RDWR for SCTP shutdown Lijo Lazar <lijo.lazar(a)amd.com> drm/amdgpu: Add basic validation for RAS header Paul Hsieh <Paul.Hsieh(a)amd.com> drm/amd/display: Skip to enable dsc if it has been off Nicolas Dufresne <nicolas.dufresne(a)collabora.com> media: verisilicon: Enable wide 4K in AV1 decoder Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Add NULL pointer checks in dm_force_atomic_commit() Nas Chung <nas.chung(a)chipsnmedia.com> media: uapi: v4l: Fix V4L2_TYPE_IS_OUTPUT condition Dmitry Baryshkov <lumag(a)kernel.org> drm/msm/hdmi: add runtime PM calls to DDC transfer function Ben Skeggs <bskeggs(a)nvidia.com> drm/nouveau/gsp: fix rm shutdown wait condition Mario Limonciello <mario.limonciello(a)amd.com> drm/amd/display: Avoid divide by zero by initializing dummy pitch to 1 Tarang Raval <tarang.raval(a)siliconsignals.io> media: i2c: imx334: Enable runtime PM before sub-device registration Christoph Rudorff <chris(a)rudorff.com> drm/nouveau: fix hibernate on disabled GPU Michael Chang <zhang971090220(a)gmail.com> media: nuvoton: npcm-video: Fix stuck due to no video signal error Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/gfx11: fix CSIB handling Apurv Mishra <Apurv.Mishra(a)amd.com> drm/amdkfd: Drop workaround for GC v9.4.3 revID 0 Yuezhang Mo <Yuezhang.Mo(a)sony.com> exfat: do not clear volume dirty flag during sync Ayushi Makhija <quic_amakhija(a)quicinc.com> drm/bridge: anx7625: change the gpiod_set_value API Boris Brezillon <boris.brezillon(a)collabora.com> drm/panthor: Don't update MMU_INT_MASK in panthor_mmu_irq_handler() Ayushi Makhija <quic_amakhija(a)quicinc.com> drm/bridge: anx7625: enable HPD interrupts Namjae Jeon <linkinjeon(a)kernel.org> exfat: fix double free in delayed_free Anusha Srivatsa <asrivats(a)redhat.com> drm/panel/sharp-ls043t1le01: Use _multi variants Jiayuan Chen <jiayuan.chen(a)linux.dev> workqueue: Fix race condition in wq->stats incrementation Damon Ding <damon.ding(a)rock-chips.com> drm/bridge: analogix_dp: Add irq flag IRQF_NO_AUTOEN instead of calling disable_irq() Jeevaka Prabu Badrappan <jeevaka.badrappan(a)intel.com> drm/xe: Fix CFI violation when accessing sysfs files Yihan Zhu <Yihan.Zhu(a)amd.com> drm/amd/display: DCN32 null data check Jesse.Zhang <Jesse.Zhang(a)amd.com> drm/amdgpu: Fix API status offset for MES queue reset Long Li <leo.lilong(a)huawei.com> sunrpc: update nextcheck time when adding new cache entries Dave Airlie <airlied(a)redhat.com> drm/dp: add option to disable zero sized address only transactions. Andy Yan <andy.yan(a)rock-chips.com> drm/rockchip: inno-hdmi: Fix video timing HSYNC/VSYNC polarity setting for rk3036 Ming Qian <ming.qian(a)oss.nxp.com> media: imx-jpeg: Check decoding is ongoing for motion-jpeg Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/gfx6: fix CSIB handling Dmitry Baryshkov <dmitry.baryshkov(a)oss.qualcomm.com> drm/bridge: select DRM_KMS_HELPER for AUX_BRIDGE Charlene Liu <Charlene.Liu(a)amd.com> drm/amd/display: disable DPP RCG before DPP CLK enable Peter Marheine <pmarheine(a)chromium.org> ACPI: battery: negate current when discharging Svyatoslav Ryhel <clamor95(a)gmail.com> power: supply: max17040: adjust thermal channel scaling Charan Teja Kalla <quic_charante(a)quicinc.com> PM: runtime: fix denying of auto suspend in pm_suspend_timer_fn() Peng Fan <peng.fan(a)nxp.com> gpiolib: of: Add polarity quirk for s5m8767 Linus Torvalds <torvalds(a)linux-foundation.org> Make 'cc-option' work correctly for the -Wno-xyzzy pattern Yuanjun Gong <ruc_gongyuanjun(a)163.com> ASoC: tegra210_ahub: Add check to of_device_get_match_data() Frank Li <Frank.Li(a)nxp.com> platform-msi: Add msi_remove_device_irq_domain() in platform_device_msi_free_irqs_all() gldrk <me(a)rarity.fan> ACPICA: utilities: Fix overflow check in vsnprintf() Ulf Hansson <ulf.hansson(a)linaro.org> pmdomain: core: Reset genpd->states to avoid freeing invalid data Kuninori Morimoto <kuninori.morimoto.gx(a)renesas.com> ASoC: simple-card-utils: fixup dlc->xxx handling for error case Jerry Lv <Jerry.Lv(a)axis.com> power: supply: bq27xxx: Retrieve again when busy Stefan Binding <sbinding(a)opensource.cirrus.com> ALSA: hda: cs35l41: Fix swapped l/r audio channels for Acer Helios laptops Tamir Duberstein <tamird(a)gmail.com> ACPICA: Apply pack(1) to union aml_resource Seunghun Han <kkamagui(a)gmail.com> ACPICA: fix acpi parse and parseext cache leaks Mario Limonciello <mario.limonciello(a)amd.com> ACPI: Add missing prototype for non CONFIG_SUSPEND/CONFIG_X86 case Stefan Binding <sbinding(a)opensource.cirrus.com> ALSA: hda/realtek: Add support for Acer Helios Laptops using CS35L41 HDA Armin Wolf <W_Armin(a)gmx.de> ACPI: bus: Bail out if acpi_kobj registration fails I Hsin Cheng <richard120310(a)gmail.com> ASoC: intel/sdw_utils: Assign initial value in asoc_sdw_rt_amp_spk_rtd_init() Hector Martin <marcan(a)marcan.st> ASoC: tas2770: Power cycle amp on ISENSE/VSENSE change Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> EDAC/igen6: Skip absent memory controllers Ahmed Salem <x0rw3ll(a)gmail.com> ACPICA: Avoid sequence overread in call to strncmp() Erick Shepherd <erick.shepherd(a)ni.com> mmc: Add quirk to disable DDR50 tuning Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> power: supply: collie: Fix wakeup source leaks on device unbind Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> power: supply: gpio-charger: Fix wakeup source leaks on device unbind Guilherme G. Piccoli <gpiccoli(a)igalia.com> clocksource: Fix the CPUs' choice in the watchdog per CPU verification Talhah Peerbhai <talhah.peerbhai(a)gmail.com> ASoC: amd: yc: Add quirk for Lenovo Yoga Pro 7 14ASP9 Seunghun Han <kkamagui(a)gmail.com> ACPICA: fix acpi operand cache leak in dswstate.c David Lechner <dlechner(a)baylibre.com> iio: adc: ad7606: fix raw read for 18-bit chips David Lechner <dlechner(a)baylibre.com> iio: adc: ad7173: fix compiling without gpiolib David Lechner <dlechner(a)baylibre.com> iio: adc: ad7606_spi: fix reg write value mask Arthur-Prince <r2.arthur.prince(a)gmail.com> iio: adc: ti-ads1298: Kconfig: add kfifo dependency to fix module build David Lechner <dlechner(a)baylibre.com> iio: adc: ad7944: mask high bits on direct read Sean Nyekjaer <sean(a)geanix.com> iio: imu: inv_icm42600: Fix temperature calculation Jann Horn <jannh(a)google.com> mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race Jann Horn <jannh(a)google.com> mm/hugetlb: unshare page tables during VMA split, not before Pu Lehui <pulehui(a)huawei.com> mm: fix uprobe pte be overwritten when expanding vma Thomas Zimmermann <tzimmermann(a)suse.de> dummycon: Trigger redraw when switching consoles with deferred takeover Jens Axboe <axboe(a)kernel.dk> io_uring/net: only consider msg_inq if larger than 1 Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com> accel/ivpu: Fix warning in ivpu_gem_bo_free() Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com> accel/ivpu: Use dma_resv_lock() instead of a custom mutex Karol Wachowski <karol.wachowski(a)intel.com> accel/ivpu: Trigger device recovery on engine reset/resume failure Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com> accel/ivpu: Use firmware names from upstream repo Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com> accel/ivpu: Improve buffer object logging Sean Nyekjaer <sean(a)geanix.com> iio: accel: fxls8962af: Fix temperature calculation Sean Nyekjaer <sean(a)geanix.com> iio: accel: fxls8962af: Fix temperature scan element sign Saurabh Sengar <ssengar(a)linux.microsoft.com> hv_netvsc: fix potential deadlock in netvsc_vf_setxdp() Diederik de Haas <didi.debian(a)cknow.org> PCI: dw-rockchip: Fix PHY function call sequence in rockchip_pcie_phy_deinit() Janne Grunau <j(a)jannau.net> PCI: apple: Set only available ports up Shawn Lin <shawn.lin(a)rock-chips.com> PCI: dw-rockchip: Remove PCIE_L0S_ENTRY check from rockchip_pcie_link_up() Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> PCI: Fix lock symmetry in pci_slot_unlock() Huacai Chen <chenhuacai(a)kernel.org> PCI: Add ACS quirk for Loongson PCIe Niklas Cassel <cassel(a)kernel.org> PCI: dwc: ep: Correct PBA offset in .set_msix() callback Niklas Cassel <cassel(a)kernel.org> PCI: cadence-ep: Correct PBA offset in .set_msix() callback Long Li <longli(a)microsoft.com> uio_hv_generic: Align ring size to system page Long Li <longli(a)microsoft.com> uio_hv_generic: Use correct size for interrupt and monitor pages Long Li <longli(a)microsoft.com> Drivers: hv: Allocate interrupt and monitor pages aligned to system page boundary Ruben Devos <devosruben6(a)gmail.com> smb: client: add NULL check in automount_fullpath Shyam Prasad N <sprasad(a)microsoft.com> cifs: dns resolution is needed only for primary channel Shyam Prasad N <sprasad(a)microsoft.com> cifs: update dstaddr whenever channel iface is updated Shyam Prasad N <sprasad(a)microsoft.com> cifs: reset connections for all channels when reconnect requested Beleswar Padhi <b-padhi(a)ti.com> remoteproc: k3-m4: Don't assert reset in detach routine Xiaolei Wang <xiaolei.wang(a)windriver.com> remoteproc: core: Release rproc->clean_table after rproc_attach() fails Xiaolei Wang <xiaolei.wang(a)windriver.com> remoteproc: core: Cleanup acquired resources when rproc_handle_resources() fails in rproc_attach() Wentao Liang <vulab(a)iscas.ac.cn> regulator: max14577: Add error check for max14577_read_reg() André Almeida <andrealmeid(a)igalia.com> ovl: Fix nested backing file paths Khem Raj <raj.khem(a)gmail.com> mips: Add -std= flag specified in KBUILD_CFLAGS to vdso CFLAGS Gabriel Shahrouzi <gshahrouzi(a)gmail.com> staging: iio: ad5933: Correct settling cycles encoding per datasheet David Lechner <dlechner(a)baylibre.com> pwm: axi-pwmgen: fix missing separate external clock Shin'ichiro Kawasaki <shinichiro.kawasaki(a)wdc.com> nvme-tcp: remove tag set when second admin queue config fails Thomas Zimmermann <tzimmermann(a)suse.de> video: screen_info: Relocate framebuffers behind PCI bridges Thomas Zimmermann <tzimmermann(a)suse.de> sysfb: Fix screen_info type check for VGA Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> KVM: s390: rename PROT_NONE to PROT_TYPE_DUMMY Qasim Ijaz <qasdev00(a)gmail.com> net: ch9200: fix uninitialised access during mii_nway_restart Xu Yang <xu.yang_2(a)nxp.com> phy: fsl-imx8mq-usb: fix phy_tx_vboost_level_from_property() John Garry <john.g.garry(a)oracle.com> dm-table: Set BLK_FEAT_ATOMIC_WRITES for target queue limits Mikulas Patocka <mpatocka(a)redhat.com> dm: lock limits when reading them Ye Bin <yebin10(a)huawei.com> ftrace: Fix UAF when lookup kallsym after ftrace disabled Md Sadre Alam <quic_mdalam(a)quicinc.com> mtd: rawnand: qcom: Fix read len for onfi param page Md Sadre Alam <quic_mdalam(a)quicinc.com> mtd: rawnand: qcom: Fix last codeword read in qcom_param_page_type_exec() Md Sadre Alam <quic_mdalam(a)quicinc.com> mtd: rawnand: qcom: Pass 18 bit offset from NANDc base to BAM base Mikulas Patocka <mpatocka(a)redhat.com> dm-verity: fix a memory leak if some arguments are specified multiple times Mikulas Patocka <mpatocka(a)redhat.com> dm-mirror: fix a tiny race condition Chao Gao <chao.gao(a)intel.com> KVM: VMX: Flush shadow VMCS on emergency reboot Yosry Ahmed <yosry.ahmed(a)linux.dev> KVM: SVM: Clear current_vmcb during vCPU free for all *possible* CPUs Wentao Liang <vulab(a)iscas.ac.cn> mtd: nand: sunxi: Add randomizer configuration before randomizer enable Wentao Liang <vulab(a)iscas.ac.cn> mtd: rawnand: sunxi: Add randomizer configuration in sunxi_nfc_hw_ecc_write_chunk Lu Baolu <baolu.lu(a)linux.intel.com> iommu: Allow attaching static domains in iommu_attach_device_pasid() Sibi Sankar <quic_sibis(a)quicinc.com> firmware: arm_scmi: Ensure that the message-id supports fastchannel Kendall Willis <k-willis(a)ti.com> firmware: ti_sci: Convert CPU latency constraint from us to ms Dan Williams <dan.j.williams(a)intel.com> configfs-tsm-report: Fix NULL dereference of tsm_ops Johan Hovold <johan+linaro(a)kernel.org> soc: qcom: pmic_glink_altmode: fix spurious DP hotplug events Jinliang Zheng <alexjlzheng(a)tencent.com> mm: fix ratelimit_pages update error in dirty_ratio_handler() Shin'ichiro Kawasaki <shinichiro.kawasaki(a)wdc.com> RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction Luo Gengkun <luogengkun(a)huaweicloud.com> watchdog: fix watchdog may detect false positive of softlockup Jeongjun Park <aha310510(a)gmail.com> ipc: fix to protect IPCS lookups using RCU Da Xue <da(a)libre.computer> clk: meson-g12a: add missing fclk_div2 to spicc Arnd Bergmann <arnd(a)arndb.de> parisc: fix building with gcc-15 GONG Ruiqi <gongruiqi1(a)huawei.com> vgacon: Add check for vc_origin address range in vgacon_scroll() Helge Deller <deller(a)gmx.de> parisc/unaligned: Fix hex output to show 8 hex chars Murad Masimov <m.masimov(a)mt-integration.ru> fbdev: Fix fb_set_var to prevent null-ptr-deref in fb_videomode_to_var Niravkumar L Rabara <niravkumar.l.rabara(a)intel.com> EDAC/altera: Use correct write width with the INTTEST register Murad Masimov <m.masimov(a)mt-integration.ru> fbdev: Fix do_register_framebuffer to prevent null-ptr-deref in fb_videomode_to_var Lu Baolu <baolu.lu(a)linux.intel.com> iommu/vt-d: Restore context entry setup order for aliased devices Heiner Kallweit <hkallweit1(a)gmail.com> net: ftgmac100: select FIXED_PHY Hyunwoo Kim <imv4bel(a)gmail.com> net/sched: fix use-after-free in taprio_dev_notifier Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> NFC: nci: uart: Set tty->disc_data only in success path Gui-Dong Han <hanguidong02(a)gmail.com> hwmon: (ftsteutates) Fix TOCTOU race in fts_read() Chao Yu <chao(a)kernel.org> f2fs: fix to return correct error number in f2fs_sync_node_pages() Chao Yu <chao(a)kernel.org> f2fs: fix to do sanity check on sit_bitmap_size Jaegeuk Kim <jaegeuk(a)kernel.org> f2fs: prevent kernel warning due to negative i_nlink from corrupted image Chao Yu <chao(a)kernel.org> f2fs: fix to do sanity check on ino and xnid Gatien Chevallier <gatien.chevallier(a)foss.st.com> Input: gpio-keys - fix possible concurrent access in gpio_keys_irq_timer() Dan Carpenter <dan.carpenter(a)linaro.org> Input: ims-pcu - check record size in ims_pcu_flash_firmware() Fabrice Gasnier <fabrice.gasnier(a)foss.st.com> Input: gpio-keys - fix a sleep while atomic with PREEMPT_RT Brian Foster <bfoster(a)redhat.com> ext4: only dirty folios when data journaling regular files Zhang Yi <yi.zhang(a)huawei.com> ext4: ensure i_size is smaller than maxbytes Zhang Yi <yi.zhang(a)huawei.com> ext4: factor out ext4_get_maxbytes() Zhang Yi <yi.zhang(a)huawei.com> ext4: fix incorrect punch max_end Zhang Yi <yi.zhang(a)huawei.com> ext4: fix out of bounds punch offset Jan Kara <jack(a)suse.cz> ext4: fix calculation of credits for extent tree modification Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> ext4: inline: fix len overflow in ext4_prepare_inline_data Wan Junjie <junjie.wan(a)inceptio.ai> bus: fsl-mc: fix GET/SET_TAILDROP command ids Ioana Ciornei <ioana.ciornei(a)nxp.com> bus: fsl-mc: do not add a device-link for the UAPI used DPMCP device Mikko Korhonen <mjkorhon(a)gmail.com> ata: ahci: Disallow LPM for Asus B550-F motherboard Niklas Cassel <cassel(a)kernel.org> ata: ahci: Disallow LPM for ASUSPRO-D840SA motherboard Tasos Sahanidis <tasos(a)tasossah.com> ata: pata_via: Force PIO for ATAPI devices on VT6415/VT6330 Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> bus: firewall: Fix missing static inline annotations for stubs Chen Ridong <chenridong(a)huawei.com> cgroup,freezer: fix incomplete freezing when attaching tasks Dennis Marttinen <twelho(a)welho.tech> ceph: set superblock s_magic for IMA fsmagic matching Viacheslav Dubeyko <Slava.Dubeyko(a)ibm.com> ceph: avoid kernel BUG for encrypted inode with unaligned file size Brett Werling <brett.werling(a)garmin.com> can: tcan4x5x: fix power regulator retrieval during probe Fedor Pchelkin <pchelkin(a)ispras.ru> can: kvaser_pciefd: refine error prone echo_skb_max handling logic Jeff Hugo <jeff.hugo(a)oss.qualcomm.com> bus: mhi: host: Fix conflict between power_up and SYSERR Sumit Kumar <quic_sumk(a)quicinc.com> bus: mhi: ep: Update read pointer only after buffer is written Damien Le Moal <dlemoal(a)kernel.org> block: Clear BIO_EMULATES_ZONE_APPEND flag on BIO completion Jens Axboe <axboe(a)kernel.dk> block: use plug request list tail for one-shot backmerge attempt Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ASoC: codecs: wcd937x: Drop unused buck_supply Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ASoC: codecs: wcd9375: Fix double free of regulator supplies Andreas Kemnade <andreas(a)kemnade.info> ARM: omap: pmic-cpcap: do not mess around without CPCAP or OMAP4 Ross Stutterheim <ross.stutterheim(a)garmin.com> ARM: 9447/1: arm/memremap: fix arch_memremap_can_ram_remap() Ryan Roberts <ryan.roberts(a)arm.com> arm64/mm: Close theoretical race where stale TLB entry remains valid Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Fix deferred probing error Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Send control events for partial succeeds Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Return the number of processed controls Ming Qian <ming.qian(a)oss.nxp.com> media: imx-jpeg: Cleanup after an allocation error Ming Qian <ming.qian(a)oss.nxp.com> media: imx-jpeg: Reset slot data pointers when freed Ming Qian <ming.qian(a)oss.nxp.com> media: imx-jpeg: Move mxc_jpeg_free_slot_data() ahead Ming Qian <ming.qian(a)oss.nxp.com> media: imx-jpeg: Drop the first error frames Denis Arefev <arefev(a)swemel.ru> media: vivid: Change the siize of the composing Edward Adam Davis <eadavis(a)qq.com> media: vidtv: Terminating the subsequent process of initialization failure Marek Szyprowski <m.szyprowski(a)samsung.com> media: videobuf2: use sgtable-based scatterlist wrappers Loic Poulain <loic.poulain(a)oss.qualcomm.com> media: venus: Fix probe error handling Ma Ke <make24(a)iscas.ac.cn> media: v4l2-dev: fix error handling in __video_register_device() Tomi Valkeinen <tomi.valkeinen+renesas(a)ideasonboard.com> media: rcar-vin: Fix RAW10 Johan Hovold <johan+linaro(a)kernel.org> media: qcom: camss: vfe: suppress VFE version log spam Johan Hovold <johan+linaro(a)kernel.org> media: qcom: camss: csid: suppress CSID log spam Hans de Goede <hdegoede(a)redhat.com> media: ov08x40: Extend sleep after reset to 5 ms Marek Szyprowski <m.szyprowski(a)samsung.com> media: omap3isp: use sgtable-based scatterlist wrappers Fei Shao <fshao(a)chromium.org> media: mediatek: vcodec: Correct vsi_core framebuffer size Dan Carpenter <dan.carpenter(a)linaro.org> media: iris: fix error code in iris_load_fw_to_memory() Hao Yao <hao.yao(a)intel.com> media: ipu6: Remove workaround for Meteor Lake ES2 Stanislaw Gruszka <stanislaw.gruszka(a)linux.intel.com> media: intel/ipu6: Fix dma mask for non-secure mode Haoxiang Li <haoxiang_li2024(a)163.com> media: imagination: fix a potential memory leak in e5010_probe() Kieran Bingham <kieran.bingham(a)ideasonboard.com> media: i2c: imx335: Fix frame size enumeration Wentao Liang <vulab(a)iscas.ac.cn> media: gspca: Add error handling for stv06xx_read_sensor() Dmitry Nikiforov <Dm1tryNk(a)yandex.ru> media: davinci: vpif: Fix memory leak in probe error path Edward Adam Davis <eadavis(a)qq.com> media: cxusb: no longer judge rbuf when the write fails Sakari Ailus <sakari.ailus(a)linux.intel.com> media: ccs-pll: Check for too high VT PLL multiplier in dual PLL case Sakari Ailus <sakari.ailus(a)linux.intel.com> media: ccs-pll: Correct the upper limit of maximum op_pre_pll_clk_div Sakari Ailus <sakari.ailus(a)linux.intel.com> media: ccs-pll: Start OP pre-PLL multiplier search from correct value Hans de Goede <hdegoede(a)redhat.com> media: ov2740: Move pm-runtime cleanup on probe-errors to proper place Sakari Ailus <sakari.ailus(a)linux.intel.com> media: ccs-pll: Start VT pre-PLL multiplier search from correct value Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> media: i2c: ds90ub913: Fix returned fmt from .set_fmt() Laurentiu Palcu <laurentiu.palcu(a)oss.nxp.com> media: nxp: imx8-isi: better handle the m2m usage_count Umang Jain <umang.jain(a)ideasonboard.com> media: imx335: Use correct register width for HNUM Dongcheng Yan <dongcheng.yan(a)intel.com> media: i2c: change lt6911uxe irq_gpio name to "hpd" Johan Hovold <johan+linaro(a)kernel.org> media: ov5675: suppress probe deferral errors Johan Hovold <johan+linaro(a)kernel.org> media: ov8856: suppress probe deferral errors Vasiliy Kovalev <kovalev(a)altlinux.org> jfs: validate AG parameters in dbMount() to prevent crashes Mingcong Bai <jeffbai(a)aosc.io> wifi: rtlwifi: disable ASPM for RTL8723BE with subsystem ID 11ad:1723 Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtw88: usb: Reduce control message timeout to 500 ms Chuck Lever <chuck.lever(a)oracle.com> svcrdma: Unregister the device if svc_rdma_accept() fails Jeongjun Park <aha310510(a)gmail.com> jbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata() Johan Hovold <johan+linaro(a)kernel.org> wifi: ath12k: fix ring-buffer corruption Max Kellermann <max.kellermann(a)ionos.com> fs/nfs/read: fix double-unlock bug in nfs_return_empty_folio() Scott Mayhew <smayhew(a)redhat.com> NFSv4: Don't check for OPEN feature support in v4.1 Mike Snitzer <snitzer(a)kernel.org> NFS: always probe for LOCALIO support asynchronously Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Prevent hang on NFS mount with xprtsec=[m]tls Li Lingfeng <lilingfeng3(a)huawei.com> nfsd: Initialize ssc before laundromat_work to prevent NULL dereference NeilBrown <neil(a)brown.name> nfsd: nfsd4_spo_must_allow() must check this is a v4 compound request Olga Kornievskaia <okorniev(a)redhat.com> nfsd: fix access checking for NLM under XPRTSEC policies Chuck Lever <chuck.lever(a)oracle.com> NFSD: Implement FATTR4_CLONE_BLKSIZE attribute Maninder Singh <maninder1.s(a)samsung.com> NFSD: fix race between nfsd registration and exports_proc Maninder Singh <maninder1.s(a)samsung.com> NFSD: unregister filesystem in case genl_register_family() fails Johan Hovold <johan+linaro(a)kernel.org> wifi: ath11k: fix ring-buffer corruption Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtw88: usb: Upload the firmware in bigger chunks Johan Hovold <johan+linaro(a)kernel.org> wifi: ath11k: fix rx completion meta data corruption Christian Brauner <brauner(a)kernel.org> fs: add S_ANON_INODE Christian Brauner <brauner(a)kernel.org> anon_inode: raise SB_I_NODEV and SB_I_NOEXEC Christian Brauner <brauner(a)kernel.org> anon_inode: explicitly block ->setattr() Christian Brauner <brauner(a)kernel.org> anon_inode: use a proper mode internally Michael Lo <michael.lo(a)mediatek.com> wifi: mt76: mt7925: fix host interrupt register initialization Christian Lamparter <chunkeey(a)gmail.com> wifi: p54: prevent buffer-overflow in p54_rx_eeprom_readback() Wentao Liang <vulab(a)iscas.ac.cn> net/mlx5: Add error handling in mlx5_query_nic_vport_node_guid() Wentao Liang <vulab(a)iscas.ac.cn> net/mlx5_core: Add error handling inmlx5_query_nic_vport_qkey_viol_cntr() João Paulo Gonçalves <jpaulo.silvagoncalves(a)gmail.com> regulator: max20086: Change enable gpio to optional João Paulo Gonçalves <jpaulo.silvagoncalves(a)gmail.com> regulator: max20086: Fix MAX200086 chip id Niklas Schnelle <schnelle(a)linux.ibm.com> s390/pci: Serialize device addition and removal Niklas Schnelle <schnelle(a)linux.ibm.com> s390/pci: Allow re-add of a reserved but not yet removed device Niklas Schnelle <schnelle(a)linux.ibm.com> s390/pci: Prevent self deletion in disable_slot() Niklas Schnelle <schnelle(a)linux.ibm.com> s390/pci: Remove redundant bus removal and disable from zpci_release_device() Heiko Carstens <hca(a)linux.ibm.com> s390/pci: Fix __pcilg_mio_inuser() inline assembly Hari Bathini <hbathini(a)linux.ibm.com> powerpc/bpf: fix JIT code size calculation of bpf trampoline Hari Bathini <hbathini(a)linux.ibm.com> powerpc64/ftrace: fix clobbered r15 during livepatching Gautam Menghani <gautam(a)linux.ibm.com> powerpc/pseries/msi: Avoid reading PCI device registers in reduced power states Pavel Begunkov <asml.silence(a)gmail.com> io_uring/kbuf: account ring io_buffer_list memory Pavel Begunkov <asml.silence(a)gmail.com> io_uring: account drain memory to cgroup Vijendar Mukunda <Vijendar.Mukunda(a)amd.com> ASoC: amd: sof_amd_sdw: Fix unlikely uninitialized variable use in create_sdw_dailinks() Vijendar Mukunda <Vijendar.Mukunda(a)amd.com> ASoC: amd: amd_sdw: Fix unlikely uninitialized variable use in create_sdw_dailinks() Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> ASoC: meson: meson-card-utils: use of_property_present() for DT parsing Jaroslav Kysela <perex(a)perex.cz> firmware: cs_dsp: Fix OOB memory read access in KUnit test Wentao Liang <vulab(a)iscas.ac.cn> ASoC: qcom: sdm845: Add error handling in sdm845_slim_snd_hw_params() Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> crypto: qat - add shutdown handler to qat_dh895xcc Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> crypto: qat - add shutdown handler to qat_c62x Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> crypto: qat - add shutdown handler to qat_4xxx Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> crypto: qat - add shutdown handler to qat_420xx Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> crypto: qat - add shutdown handler to qat_c3xxx Peter Zijlstra <peterz(a)infradead.org> sched/fair: Adhere to place_entity() constraints Harshit Agarwal <harshit(a)nutanix.com> sched/rt: Fix race in push_rt_task Alexander Aring <aahringo(a)redhat.com> gfs2: move msleep to sleepable context Herbert Xu <herbert(a)gondor.apana.org.au> crypto: marvell/cesa - Do not chain submitted requests Zijun Hu <quic_zijuhu(a)quicinc.com> configfs: Do not override creating attribute file failure in populate_attrs() Suren Baghdasaryan <surenb(a)google.com> alloc_tag: handle module codetag load errors as module load failures ------------- Diffstat: .../bindings/i2c/nvidia,tegra20-i2c.yaml | 24 +- Documentation/gpu/nouveau.rst | 5 +- Makefile | 4 +- arch/arm/mach-omap2/clockdomain.h | 1 + arch/arm/mach-omap2/clockdomains33xx_data.c | 2 +- arch/arm/mach-omap2/cm33xx.c | 14 +- arch/arm/mach-omap2/pmic-cpcap.c | 6 +- arch/arm/mm/ioremap.c | 4 +- arch/arm64/include/asm/tlbflush.h | 9 +- arch/arm64/kernel/ptrace.c | 2 +- arch/arm64/kvm/hyp/include/hyp/debug-sr.h | 3 + arch/arm64/mm/mmu.c | 3 +- arch/loongarch/include/asm/irqflags.h | 16 +- arch/loongarch/include/asm/vdso/getrandom.h | 2 +- arch/loongarch/include/asm/vdso/gettimeofday.h | 6 +- arch/loongarch/mm/hugetlbpage.c | 3 +- arch/mips/vdso/Makefile | 1 + arch/nios2/include/asm/pgtable.h | 16 + arch/parisc/boot/compressed/Makefile | 1 + arch/parisc/kernel/unaligned.c | 2 +- arch/powerpc/include/asm/ppc_asm.h | 2 +- arch/powerpc/kernel/eeh.c | 2 + arch/powerpc/kernel/trace/ftrace_entry.S | 2 +- arch/powerpc/kernel/vdso/Makefile | 2 +- arch/powerpc/net/bpf_jit.h | 20 +- arch/powerpc/net/bpf_jit_comp.c | 33 +- arch/powerpc/net/bpf_jit_comp32.c | 6 - arch/powerpc/net/bpf_jit_comp64.c | 15 +- arch/powerpc/platforms/pseries/msi.c | 7 +- arch/riscv/kvm/vcpu_sbi_replace.c | 8 +- arch/s390/kvm/gaccess.c | 8 +- arch/s390/pci/pci.c | 45 +- arch/s390/pci/pci_bus.h | 7 +- arch/s390/pci/pci_event.c | 22 +- arch/s390/pci/pci_mmio.c | 2 +- arch/x86/Kconfig | 2 +- arch/x86/events/intel/core.c | 2 +- arch/x86/include/asm/module.h | 8 + arch/x86/include/asm/tdx.h | 2 +- arch/x86/kernel/alternative.c | 79 ++- arch/x86/kernel/cpu/amd.c | 2 +- arch/x86/kernel/cpu/sgx/main.c | 2 + arch/x86/kvm/svm/svm.c | 2 +- arch/x86/kvm/vmx/vmx.c | 5 +- arch/x86/mm/init_32.c | 3 - arch/x86/mm/init_64.c | 3 - arch/x86/mm/pat/set_memory.c | 3 + arch/x86/mm/pti.c | 5 + arch/x86/virt/vmx/tdx/tdx.c | 5 +- block/blk-merge.c | 26 +- block/blk-zoned.c | 1 + drivers/accel/ivpu/ivpu_fw.c | 12 +- drivers/accel/ivpu/ivpu_gem.c | 91 +-- drivers/accel/ivpu/ivpu_gem.h | 2 +- drivers/accel/ivpu/ivpu_job.c | 6 +- drivers/accel/ivpu/ivpu_jsm_msg.c | 9 +- drivers/acpi/acpica/amlresrc.h | 8 +- drivers/acpi/acpica/dsutils.c | 9 +- drivers/acpi/acpica/psobject.c | 52 +- drivers/acpi/acpica/rsaddr.c | 13 +- drivers/acpi/acpica/rscalc.c | 22 +- drivers/acpi/acpica/rslist.c | 12 +- drivers/acpi/acpica/utprint.c | 7 +- drivers/acpi/acpica/utresrc.c | 14 +- drivers/acpi/battery.c | 19 +- drivers/acpi/bus.c | 6 +- drivers/ata/ahci.c | 35 +- drivers/ata/pata_via.c | 3 +- drivers/atm/atmtcp.c | 4 +- drivers/base/platform-msi.c | 1 + drivers/base/power/runtime.c | 2 +- drivers/base/swnode.c | 2 +- drivers/block/aoe/aoedev.c | 8 + drivers/block/ublk_drv.c | 3 + drivers/bluetooth/btmrvl_sdio.c | 4 +- drivers/bluetooth/btmtksdio.c | 2 +- drivers/bluetooth/btusb.c | 5 + drivers/bus/fsl-mc/fsl-mc-uapi.c | 4 +- drivers/bus/fsl-mc/mc-io.c | 19 +- drivers/bus/fsl-mc/mc-sys.c | 2 +- drivers/bus/mhi/ep/ring.c | 16 +- drivers/bus/mhi/host/pm.c | 18 +- drivers/bus/ti-sysc.c | 49 -- drivers/char/ipmi/ipmi_ssif.c | 6 +- drivers/clk/meson/g12a.c | 1 + drivers/clk/qcom/gcc-sm8650.c | 2 + drivers/clk/qcom/gcc-sm8750.c | 3 +- drivers/clk/qcom/gcc-x1e80100.c | 4 + drivers/clk/rockchip/clk-rk3036.c | 1 + drivers/cpufreq/scmi-cpufreq.c | 36 +- drivers/crypto/intel/qat/qat_420xx/adf_drv.c | 8 + drivers/crypto/intel/qat/qat_4xxx/adf_drv.c | 8 + drivers/crypto/intel/qat/qat_c3xxx/adf_drv.c | 8 + drivers/crypto/intel/qat/qat_c62x/adf_drv.c | 8 + drivers/crypto/intel/qat/qat_dh895xcc/adf_drv.c | 8 + drivers/crypto/marvell/cesa/cesa.c | 2 +- drivers/crypto/marvell/cesa/cesa.h | 9 +- drivers/crypto/marvell/cesa/tdma.c | 53 +- drivers/dma-buf/udmabuf.c | 5 +- drivers/edac/altera_edac.c | 6 +- drivers/edac/amd64_edac.c | 1 + drivers/edac/igen6_edac.c | 100 ++- drivers/firmware/arm_scmi/driver.c | 76 ++- drivers/firmware/arm_scmi/protocols.h | 2 + drivers/firmware/cirrus/test/cs_dsp_mock_bin.c | 3 +- drivers/firmware/cirrus/test/cs_dsp_mock_wmfw.c | 3 +- .../cirrus/test/cs_dsp_test_control_cache.c | 1 - drivers/firmware/sysfb.c | 26 +- drivers/firmware/ti_sci.c | 14 +- drivers/gpio/gpio-loongson-64bit.c | 2 +- drivers/gpio/gpio-mlxbf3.c | 52 +- drivers/gpio/gpio-pca953x.c | 2 +- drivers/gpio/gpiolib-of.c | 9 + drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 8 +- drivers/gpu/drm/amd/amdgpu/amdgpu_gfx.c | 10 + drivers/gpu/drm/amd/amdgpu/amdgpu_gmc.c | 4 + drivers/gpu/drm/amd/amdgpu/amdgpu_mes.c | 3 - drivers/gpu/drm/amd/amdgpu/amdgpu_mes.h | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_psp.h | 10 + drivers/gpu/drm/amd/amdgpu/amdgpu_ras_eeprom.c | 22 +- drivers/gpu/drm/amd/amdgpu/amdgpu_virt.h | 12 +- drivers/gpu/drm/amd/amdgpu/amdgv_sriovmsg.h | 9 +- drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c | 2 - drivers/gpu/drm/amd/amdgpu/gfx_v11_0.c | 2 - drivers/gpu/drm/amd/amdgpu/gfx_v6_0.c | 2 - drivers/gpu/drm/amd/amdgpu/gfx_v7_0.c | 2 - drivers/gpu/drm/amd/amdgpu/gfx_v8_0.c | 2 - drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c | 2 - drivers/gpu/drm/amd/amdgpu/gmc_v9_0.c | 14 +- drivers/gpu/drm/amd/amdgpu/mes_v11_0.c | 17 +- drivers/gpu/drm/amd/amdgpu/mes_v12_0.c | 17 +- drivers/gpu/drm/amd/amdgpu/mmhub_v1_8.c | 63 +- drivers/gpu/drm/amd/amdgpu/psp_v13_0.c | 20 + drivers/gpu/drm/amd/amdkfd/kfd_device.c | 5 - drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager_v9.c | 4 + drivers/gpu/drm/amd/amdkfd/kfd_queue.c | 4 +- drivers/gpu/drm/amd/amdkfd/kfd_svm.c | 3 +- drivers/gpu/drm/amd/amdkfd/kfd_topology.c | 6 +- drivers/gpu/drm/amd/display/amdgpu_dm/Makefile | 1 + drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 170 +---- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.h | 9 + .../amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 15 +- .../drm/amd/display/amdgpu_dm/amdgpu_dm_quirks.c | 178 ++++++ .../amd/display/dc/clk_mgr/dcn35/dcn351_clk_mgr.c | 1 + .../amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c | 8 +- .../gpu/drm/amd/display/dc/dccg/dcn35/dcn35_dccg.c | 38 +- .../amd/display/dc/dml/dcn30/display_mode_vba_30.c | 1 + .../amd/display/dc/dml/dcn31/display_mode_vba_31.c | 1 + .../display/dc/dml/dcn314/display_mode_vba_314.c | 1 + .../amd/display/dc/dml2/dml2_translation_helper.c | 2 +- drivers/gpu/drm/amd/display/dc/dml2/dml2_wrapper.c | 5 +- .../gpu/drm/amd/display/dc/dpp/dcn35/dcn35_dpp.c | 2 +- .../drm/amd/display/dc/hwss/dcn314/dcn314_hwseq.c | 14 + .../drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c | 21 +- .../drm/amd/display/dc/inc/hw/clk_mgr_internal.h | 3 +- .../amd/display/dc/irq/dcn32/irq_service_dcn32.c | 61 +- .../amd/display/dc/irq/dcn401/irq_service_dcn401.c | 60 +- drivers/gpu/drm/amd/display/dc/irq_types.h | 9 + .../gpu/drm/amd/display/dc/mpc/dcn32/dcn32_mpc.c | 418 ++++++------ .../amd/display/dc/resource/dcn35/dcn35_resource.c | 2 +- .../amd/display/dc/resource/dcn36/dcn36_resource.c | 2 +- drivers/gpu/drm/amd/display/dc/sspl/dc_spl.c | 4 +- drivers/gpu/drm/amd/pm/swsmu/inc/smu_v13_0.h | 1 + drivers/gpu/drm/amd/pm/swsmu/smu13/aldebaran_ppt.c | 13 +- drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0.c | 10 + .../gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_6_ppt.c | 4 +- drivers/gpu/drm/bridge/Kconfig | 1 + drivers/gpu/drm/bridge/analogix/analogix_dp_core.c | 5 +- drivers/gpu/drm/bridge/analogix/anx7625.c | 26 +- drivers/gpu/drm/display/drm_dp_helper.c | 39 +- drivers/gpu/drm/drm_panel_orientation_quirks.c | 6 + drivers/gpu/drm/i915/i915_pmu.c | 4 +- drivers/gpu/drm/msm/adreno/a6xx_gpu.c | 14 + drivers/gpu/drm/msm/adreno/a6xx_hfi.c | 2 +- .../gpu/drm/msm/disp/dpu1/dpu_encoder_phys_vid.c | 17 +- drivers/gpu/drm/msm/dp/dp_display.c | 7 +- drivers/gpu/drm/msm/dsi/phy/dsi_phy_10nm.c | 7 + drivers/gpu/drm/msm/hdmi/hdmi_i2c.c | 14 +- .../gpu/drm/msm/registers/adreno/adreno_pm4.xml | 3 +- drivers/gpu/drm/nouveau/Kbuild | 1 + drivers/gpu/drm/nouveau/include/nvkm/subdev/gsp.h | 45 +- drivers/gpu/drm/nouveau/nouveau_backlight.c | 2 +- drivers/gpu/drm/nouveau/nouveau_drm.c | 8 + drivers/gpu/drm/nouveau/nvkm/subdev/bar/r535.c | 2 +- drivers/gpu/drm/nouveau/nvkm/subdev/gsp/Kbuild | 2 + drivers/gpu/drm/nouveau/nvkm/subdev/gsp/r535.c | 673 +------------------- drivers/gpu/drm/nouveau/nvkm/subdev/gsp/rm/Kbuild | 5 + .../gpu/drm/nouveau/nvkm/subdev/gsp/rm/r535/Kbuild | 6 + .../gpu/drm/nouveau/nvkm/subdev/gsp/rm/r535/rm.c | 10 + .../gpu/drm/nouveau/nvkm/subdev/gsp/rm/r535/rpc.c | 699 +++++++++++++++++++++ drivers/gpu/drm/nouveau/nvkm/subdev/gsp/rm/rm.h | 20 + drivers/gpu/drm/nouveau/nvkm/subdev/gsp/rm/rpc.h | 18 + drivers/gpu/drm/nouveau/nvkm/subdev/instmem/r535.c | 2 +- drivers/gpu/drm/panel/panel-sharp-ls043t1le01.c | 41 +- drivers/gpu/drm/panel/panel-simple.c | 29 + drivers/gpu/drm/panthor/panthor_mmu.c | 1 - drivers/gpu/drm/rockchip/inno_hdmi.c | 36 +- drivers/gpu/drm/rockchip/rockchip_drm_vop2.h | 1 + drivers/gpu/drm/rockchip/rockchip_vop2_reg.c | 5 +- drivers/gpu/drm/solomon/ssd130x.c | 2 +- drivers/gpu/drm/tiny/Kconfig | 1 + drivers/gpu/drm/ttm/tests/ttm_bo_test.c | 2 +- drivers/gpu/drm/v3d/v3d_sched.c | 8 +- drivers/gpu/drm/xe/xe_bo.c | 4 +- drivers/gpu/drm/xe/xe_eu_stall.c | 4 +- drivers/gpu/drm/xe/xe_exec.c | 4 +- drivers/gpu/drm/xe/xe_exec_queue.c | 9 +- drivers/gpu/drm/xe/xe_gt.c | 2 +- drivers/gpu/drm/xe/xe_gt_freq.c | 82 +-- drivers/gpu/drm/xe/xe_gt_idle.c | 28 +- drivers/gpu/drm/xe/xe_gt_throttle.c | 90 +-- drivers/gpu/drm/xe/xe_guc.c | 40 +- drivers/gpu/drm/xe/xe_oa.c | 6 +- drivers/gpu/drm/xe/xe_svm.c | 2 +- drivers/gpu/drm/xe/xe_uc_fw.c | 2 +- drivers/gpu/drm/xe/xe_vm.c | 6 +- drivers/hid/hid-asus.c | 107 +++- drivers/hv/connection.c | 23 +- drivers/hwmon/ftsteutates.c | 9 +- drivers/hwmon/ltc4282.c | 7 - drivers/hwmon/occ/common.c | 238 +++---- drivers/i2c/busses/i2c-designware-slave.c | 2 +- drivers/i2c/busses/i2c-k1.c | 2 +- drivers/i2c/busses/i2c-npcm7xx.c | 12 +- drivers/i2c/busses/i2c-pasemi-core.c | 2 +- drivers/i2c/busses/i2c-tegra.c | 5 + drivers/i3c/master/mipi-i3c-hci/core.c | 6 +- drivers/iio/accel/fxls8962af-core.c | 15 +- drivers/iio/adc/Kconfig | 6 +- drivers/iio/adc/ad7173.c | 15 +- drivers/iio/adc/ad7606.c | 21 +- drivers/iio/adc/ad7606_spi.c | 2 +- drivers/iio/adc/ad7944.c | 2 + drivers/iio/imu/inv_icm42600/inv_icm42600_temp.c | 8 +- drivers/infiniband/core/iwcm.c | 29 +- drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 2 +- drivers/input/keyboard/gpio_keys.c | 6 +- drivers/input/misc/ims-pcu.c | 6 + drivers/iommu/amd/iommu.c | 41 +- drivers/iommu/intel/iommu.c | 11 + drivers/iommu/intel/iommu.h | 1 + drivers/iommu/intel/nested.c | 4 +- drivers/iommu/iommu.c | 21 +- drivers/md/dm-raid1.c | 5 +- drivers/md/dm-table.c | 14 +- drivers/md/dm-verity-fec.c | 4 + drivers/md/dm-verity-target.c | 8 +- drivers/md/dm-verity-verify-sig.c | 17 +- .../extron-da-hd-4k-plus/extron-da-hd-4k-plus.c | 4 +- drivers/media/common/videobuf2/videobuf2-dma-sg.c | 4 +- drivers/media/i2c/ccs-pll.c | 23 +- drivers/media/i2c/ds90ub913.c | 4 +- drivers/media/i2c/imx334.c | 18 +- drivers/media/i2c/imx335.c | 5 +- drivers/media/i2c/lt6911uxe.c | 4 +- drivers/media/i2c/ov08x40.c | 2 +- drivers/media/i2c/ov2740.c | 4 +- drivers/media/i2c/ov5675.c | 5 +- drivers/media/i2c/ov8856.c | 9 +- drivers/media/i2c/tc358743.c | 4 + drivers/media/pci/intel/ipu6/ipu6-dma.c | 4 +- drivers/media/pci/intel/ipu6/ipu6.c | 5 - .../media/platform/imagination/e5010-jpeg-enc.c | 9 +- .../vcodec/decoder/vdec/vdec_hevc_req_multi_if.c | 2 +- drivers/media/platform/nuvoton/npcm-video.c | 15 +- drivers/media/platform/nxp/imx-jpeg/mxc-jpeg-hw.h | 1 + drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c | 90 ++- drivers/media/platform/nxp/imx8-isi/imx8-isi-m2m.c | 14 +- drivers/media/platform/qcom/camss/camss-csid.c | 4 +- drivers/media/platform/qcom/camss/camss-vfe.c | 4 +- drivers/media/platform/qcom/iris/iris_firmware.c | 4 +- drivers/media/platform/qcom/venus/core.c | 16 +- drivers/media/platform/qcom/venus/vdec.c | 4 +- drivers/media/platform/renesas/rcar-vin/rcar-dma.c | 18 +- .../media/platform/renesas/rcar-vin/rcar-v4l2.c | 8 +- drivers/media/platform/renesas/vsp1/vsp1_rwpf.c | 13 +- .../platform/samsung/exynos4-is/fimc-is-regs.c | 1 + drivers/media/platform/ti/cal/cal-video.c | 4 +- drivers/media/platform/ti/davinci/vpif.c | 4 +- drivers/media/platform/ti/omap3isp/ispccdc.c | 8 +- drivers/media/platform/ti/omap3isp/ispstat.c | 6 +- .../media/platform/verisilicon/rockchip_vpu_hw.c | 20 +- drivers/media/test-drivers/vidtv/vidtv_channel.c | 2 +- drivers/media/test-drivers/vivid/vivid-vid-cap.c | 2 +- drivers/media/usb/dvb-usb/cxusb.c | 3 +- drivers/media/usb/gspca/stv06xx/stv06xx_hdcs.c | 7 +- drivers/media/usb/uvc/uvc_ctrl.c | 23 +- drivers/media/usb/uvc/uvc_driver.c | 27 +- drivers/media/v4l2-core/v4l2-dev.c | 14 +- drivers/mmc/core/card.h | 6 + drivers/mmc/core/quirks.h | 10 + drivers/mmc/core/sd.c | 32 +- drivers/mtd/nand/qpic_common.c | 8 +- drivers/mtd/nand/raw/qcom_nandc.c | 18 +- drivers/mtd/nand/raw/sunxi_nand.c | 2 + drivers/mtd/nand/spi/alliancememory.c | 12 +- drivers/mtd/nand/spi/ato.c | 6 +- drivers/mtd/nand/spi/esmt.c | 8 +- drivers/mtd/nand/spi/foresee.c | 8 +- drivers/mtd/nand/spi/gigadevice.c | 48 +- drivers/mtd/nand/spi/macronix.c | 8 +- drivers/mtd/nand/spi/micron.c | 20 +- drivers/mtd/nand/spi/paragon.c | 12 +- drivers/mtd/nand/spi/skyhigh.c | 12 +- drivers/mtd/nand/spi/toshiba.c | 8 +- drivers/mtd/nand/spi/winbond.c | 34 +- drivers/mtd/nand/spi/xtx.c | 12 +- drivers/net/can/kvaser_pciefd.c | 3 +- drivers/net/can/m_can/tcan4x5x-core.c | 9 +- drivers/net/ethernet/aquantia/atlantic/aq_main.c | 1 - drivers/net/ethernet/aquantia/atlantic/aq_nic.c | 2 + drivers/net/ethernet/broadcom/bnxt/bnxt.c | 87 ++- drivers/net/ethernet/broadcom/bnxt/bnxt_ulp.c | 29 +- drivers/net/ethernet/broadcom/bnxt/bnxt_ulp.h | 1 - drivers/net/ethernet/cadence/macb_main.c | 6 +- drivers/net/ethernet/cortina/gemini.c | 37 +- drivers/net/ethernet/dlink/dl2k.c | 14 +- drivers/net/ethernet/dlink/dl2k.h | 2 + drivers/net/ethernet/emulex/benet/be_cmds.c | 2 +- drivers/net/ethernet/faraday/Kconfig | 1 + drivers/net/ethernet/intel/e1000e/netdev.c | 14 +- drivers/net/ethernet/intel/e1000e/ptp.c | 8 +- drivers/net/ethernet/intel/i40e/i40e_common.c | 7 +- drivers/net/ethernet/intel/ice/ice_arfs.c | 48 ++ drivers/net/ethernet/intel/ice/ice_eswitch.c | 6 +- drivers/net/ethernet/intel/ice/ice_switch.c | 4 +- drivers/net/ethernet/intel/ixgbe/ixgbe_phy.c | 4 +- drivers/net/ethernet/marvell/octeontx2/nic/cn10k.c | 9 +- .../ethernet/marvell/octeontx2/nic/otx2_common.c | 4 +- drivers/net/ethernet/mellanox/mlx4/en_ethtool.c | 1 + .../ethernet/mellanox/mlx5/core/steering/hws/bwc.c | 10 +- .../mellanox/mlx5/core/steering/hws/definer.c | 78 ++- drivers/net/ethernet/mellanox/mlx5/core/vport.c | 18 +- .../ethernet/mellanox/mlxbf_gige/mlxbf_gige_main.c | 6 +- drivers/net/ethernet/meta/fbnic/fbnic_fw.c | 5 +- drivers/net/ethernet/microchip/lan743x_ethtool.c | 18 +- drivers/net/ethernet/microchip/lan743x_ptp.h | 4 +- drivers/net/ethernet/pensando/ionic/ionic_main.c | 3 +- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 7 +- drivers/net/ethernet/ti/am65-cpsw-nuss.c | 24 +- drivers/net/ethernet/ti/icssg/icssg_common.c | 19 +- drivers/net/ethernet/vertexcom/mse102x.c | 15 +- drivers/net/hyperv/netvsc_bpf.c | 2 +- drivers/net/hyperv/netvsc_drv.c | 4 +- drivers/net/netdevsim/netdev.c | 2 + drivers/net/phy/marvell-88q2xxx.c | 103 +-- drivers/net/phy/mediatek/mtk-ge-soc.c | 10 +- drivers/net/usb/asix.h | 1 - drivers/net/usb/asix_common.c | 22 - drivers/net/usb/asix_devices.c | 17 +- drivers/net/usb/ch9200.c | 7 +- drivers/net/vxlan/vxlan_core.c | 22 +- drivers/net/wireless/ath/ath11k/ce.c | 11 +- drivers/net/wireless/ath/ath11k/core.c | 55 ++ drivers/net/wireless/ath/ath11k/core.h | 7 + drivers/net/wireless/ath/ath11k/dp_rx.c | 25 +- drivers/net/wireless/ath/ath11k/hal.c | 4 +- drivers/net/wireless/ath/ath11k/qmi.c | 9 + drivers/net/wireless/ath/ath12k/ce.c | 11 +- drivers/net/wireless/ath/ath12k/ce.h | 6 +- drivers/net/wireless/ath/ath12k/dp.c | 77 ++- drivers/net/wireless/ath/ath12k/dp.h | 5 +- drivers/net/wireless/ath/ath12k/dp_mon.c | 2 + drivers/net/wireless/ath/ath12k/dp_rx.c | 15 +- drivers/net/wireless/ath/ath12k/hal.c | 12 +- drivers/net/wireless/ath/ath12k/hal.h | 6 + drivers/net/wireless/ath/ath12k/hal_desc.h | 2 +- drivers/net/wireless/ath/ath12k/hw.c | 2 + drivers/net/wireless/ath/ath12k/hw.h | 3 + drivers/net/wireless/ath/ath12k/mac.c | 55 +- drivers/net/wireless/ath/ath12k/pci.c | 3 + drivers/net/wireless/ath/ath12k/peer.c | 5 +- drivers/net/wireless/ath/ath12k/peer.h | 3 +- drivers/net/wireless/ath/ath12k/wmi.c | 28 +- drivers/net/wireless/ath/ath12k/wmi.h | 1 + drivers/net/wireless/ath/carl9170/usb.c | 19 +- drivers/net/wireless/intel/iwlwifi/cfg/22000.c | 3 + drivers/net/wireless/intel/iwlwifi/dvm/main.c | 6 +- drivers/net/wireless/intel/iwlwifi/mld/d3.c | 2 +- drivers/net/wireless/intel/iwlwifi/mld/mac80211.c | 2 +- drivers/net/wireless/intel/iwlwifi/mld/mld.c | 3 +- drivers/net/wireless/intel/iwlwifi/mld/thermal.c | 4 + drivers/net/wireless/intel/iwlwifi/mvm/mac-ctxt.c | 4 +- drivers/net/wireless/intel/iwlwifi/pcie/trans.c | 6 + drivers/net/wireless/intersil/p54/fwio.c | 2 + drivers/net/wireless/intersil/p54/p54.h | 1 + drivers/net/wireless/intersil/p54/txrx.c | 13 +- drivers/net/wireless/mediatek/mt76/mt76x2/usb.c | 2 + .../net/wireless/mediatek/mt76/mt76x2/usb_init.c | 13 +- drivers/net/wireless/mediatek/mt76/mt7921/main.c | 5 + drivers/net/wireless/mediatek/mt76/mt7925/init.c | 6 + drivers/net/wireless/mediatek/mt76/mt7925/mcu.c | 20 +- drivers/net/wireless/mediatek/mt76/mt7925/mcu.h | 1 + drivers/net/wireless/mediatek/mt76/mt7925/pci.c | 3 - drivers/net/wireless/mediatek/mt76/mt7925/regs.h | 2 +- drivers/net/wireless/mediatek/mt76/mt7996/mac.c | 8 + drivers/net/wireless/mediatek/mt76/mt7996/main.c | 4 +- drivers/net/wireless/purelifi/plfxlc/usb.c | 4 +- drivers/net/wireless/realtek/rtlwifi/pci.c | 10 + drivers/net/wireless/realtek/rtw88/hci.h | 8 + drivers/net/wireless/realtek/rtw88/mac.c | 11 +- drivers/net/wireless/realtek/rtw88/mac.h | 2 + drivers/net/wireless/realtek/rtw88/mac80211.c | 2 + drivers/net/wireless/realtek/rtw88/main.c | 32 + drivers/net/wireless/realtek/rtw88/main.h | 3 + drivers/net/wireless/realtek/rtw88/pci.c | 2 + drivers/net/wireless/realtek/rtw88/rtw8703b.c | 1 + drivers/net/wireless/realtek/rtw88/rtw8723d.c | 1 + drivers/net/wireless/realtek/rtw88/rtw8812a.c | 1 + drivers/net/wireless/realtek/rtw88/rtw8814a.c | 11 + drivers/net/wireless/realtek/rtw88/rtw8821a.c | 1 + drivers/net/wireless/realtek/rtw88/rtw8821c.c | 1 + drivers/net/wireless/realtek/rtw88/rtw8822b.c | 1 + drivers/net/wireless/realtek/rtw88/rtw8822bu.c | 2 + drivers/net/wireless/realtek/rtw88/rtw8822c.c | 1 + drivers/net/wireless/realtek/rtw88/sdio.c | 2 + drivers/net/wireless/realtek/rtw88/usb.c | 57 +- drivers/net/wireless/realtek/rtw89/cam.c | 3 + drivers/net/wireless/realtek/rtw89/rtw8922a_rfk.c | 5 - drivers/net/wireless/virtual/mac80211_hwsim.c | 5 + drivers/nvme/host/ioctl.c | 21 +- drivers/nvme/host/tcp.c | 2 +- drivers/pci/controller/cadence/pcie-cadence-ep.c | 5 +- drivers/pci/controller/dwc/pcie-designware-ep.c | 5 +- drivers/pci/controller/dwc/pcie-dw-rockchip.c | 6 +- drivers/pci/controller/pcie-apple.c | 2 +- drivers/pci/hotplug/pciehp_hpc.c | 2 +- drivers/pci/hotplug/s390_pci_hpc.c | 2 +- drivers/pci/pci.c | 3 +- drivers/pci/quirks.c | 23 + drivers/phy/freescale/phy-fsl-imx8mq-usb.c | 10 +- drivers/pinctrl/mvebu/pinctrl-armada-37xx.c | 21 +- drivers/pinctrl/pinctrl-mcp23s08.c | 8 + drivers/platform/loongarch/loongson-laptop.c | 87 +-- drivers/platform/x86/amd/pmc/pmc.c | 2 + drivers/platform/x86/amd/pmf/core.c | 3 +- drivers/platform/x86/amd/pmf/tee-if.c | 67 +- drivers/platform/x86/dell/alienware-wmi-wmax.c | 2 +- drivers/platform/x86/dell/dell_rbu.c | 6 +- drivers/platform/x86/ideapad-laptop.c | 19 +- .../intel/uncore-frequency/uncore-frequency-tpmi.c | 9 +- drivers/pmdomain/core.c | 4 +- drivers/power/supply/bq27xxx_battery.c | 2 +- drivers/power/supply/bq27xxx_battery_i2c.c | 13 +- drivers/power/supply/collie_battery.c | 1 + drivers/power/supply/gpio-charger.c | 4 +- drivers/power/supply/max17040_battery.c | 5 +- drivers/ptp/ptp_clock.c | 3 +- drivers/ptp/ptp_private.h | 22 +- drivers/pwm/pwm-axi-pwmgen.c | 23 +- drivers/rapidio/rio_cm.c | 3 + drivers/regulator/max14577-regulator.c | 5 +- drivers/regulator/max20086-regulator.c | 4 +- drivers/remoteproc/remoteproc_core.c | 6 +- drivers/remoteproc/ti_k3_m4_remoteproc.c | 2 +- drivers/s390/scsi/zfcp_sysfs.c | 2 + drivers/scsi/elx/efct/efct_hw.c | 5 +- drivers/scsi/lpfc/lpfc_hbadisc.c | 2 +- drivers/scsi/lpfc/lpfc_sli.c | 4 +- drivers/scsi/smartpqi/smartpqi_init.c | 84 +++ drivers/scsi/storvsc_drv.c | 10 +- drivers/soc/qcom/pmic_glink_altmode.c | 30 +- drivers/spi/spi-qpic-snand.c | 1 + drivers/staging/iio/impedance-analyzer/ad5933.c | 2 +- drivers/staging/media/rkvdec/rkvdec.c | 14 +- drivers/tee/tee_core.c | 11 +- drivers/uio/uio_hv_generic.c | 7 +- drivers/video/console/dummycon.c | 18 +- drivers/video/console/vgacon.c | 2 +- drivers/video/fbdev/core/fbcon.c | 7 +- drivers/video/fbdev/core/fbmem.c | 22 +- drivers/video/screen_info_pci.c | 75 ++- drivers/virt/coco/tsm.c | 31 +- drivers/watchdog/da9052_wdt.c | 1 + drivers/watchdog/stm32_iwdg.c | 2 +- fs/anon_inodes.c | 45 ++ fs/ceph/addr.c | 9 + fs/ceph/super.c | 1 + fs/configfs/dir.c | 2 +- fs/dlm/lowcomms.c | 5 +- fs/erofs/zmap.c | 10 +- fs/exfat/nls.c | 1 + fs/exfat/super.c | 30 +- fs/ext4/ext4.h | 7 + fs/ext4/extents.c | 39 +- fs/ext4/file.c | 7 +- fs/ext4/inline.c | 2 +- fs/ext4/inode.c | 24 +- fs/ext4/ioctl.c | 8 +- fs/f2fs/compress.c | 23 +- fs/f2fs/f2fs.h | 5 + fs/f2fs/inode.c | 10 +- fs/f2fs/namei.c | 9 + fs/f2fs/node.c | 8 +- fs/f2fs/segment.c | 12 +- fs/f2fs/super.c | 12 +- fs/file.c | 8 +- fs/gfs2/lock_dlm.c | 3 +- fs/internal.h | 5 + fs/ioctl.c | 7 +- fs/isofs/inode.c | 7 +- fs/isofs/isofs.h | 4 +- fs/isofs/rock.c | 40 +- fs/isofs/rock.h | 6 +- fs/isofs/util.c | 51 +- fs/jbd2/transaction.c | 5 +- fs/jffs2/erase.c | 4 +- fs/jffs2/scan.c | 4 +- fs/jffs2/summary.c | 7 +- fs/jfs/jfs_discard.c | 3 +- fs/jfs/jfs_dmap.c | 6 +- fs/jfs/jfs_dtree.c | 18 +- fs/libfs.c | 10 +- fs/nfs/client.c | 2 +- fs/nfs/flexfilelayout/flexfilelayoutdev.c | 2 +- fs/nfs/internal.h | 1 - fs/nfs/localio.c | 6 +- fs/nfs/nfs4proc.c | 5 +- fs/nfs/read.c | 3 +- fs/nfsd/export.c | 3 +- fs/nfsd/nfs4proc.c | 3 +- fs/nfsd/nfs4xdr.c | 19 +- fs/nfsd/nfsctl.c | 26 +- fs/nfsd/nfssvc.c | 6 +- fs/overlayfs/file.c | 4 +- fs/overlayfs/overlayfs.h | 8 +- fs/pidfs.c | 2 +- fs/smb/client/cached_dir.c | 14 +- fs/smb/client/cached_dir.h | 8 +- fs/smb/client/cifsglob.h | 1 + fs/smb/client/connect.c | 17 +- fs/smb/client/namespace.c | 3 + fs/smb/client/readdir.c | 28 +- fs/smb/client/reparse.c | 1 - fs/smb/client/sess.c | 7 +- fs/smb/client/smb2pdu.c | 33 +- fs/smb/client/smbdirect.c | 5 +- fs/smb/client/transport.c | 14 +- fs/smb/server/connection.c | 2 +- fs/smb/server/connection.h | 1 + fs/smb/server/smb2pdu.c | 11 +- fs/smb/server/transport_rdma.c | 10 +- fs/smb/server/transport_tcp.c | 3 +- fs/xattr.c | 1 + include/acpi/actypes.h | 2 +- include/drm/display/drm_dp_helper.h | 5 + include/linux/acpi.h | 9 +- include/linux/atmdev.h | 6 + include/linux/bus/stm32_firewall_device.h | 15 +- include/linux/codetag.h | 8 +- include/linux/execmem.h | 8 +- include/linux/f2fs_fs.h | 1 + include/linux/fs.h | 2 + include/linux/hugetlb.h | 3 + include/linux/mmc/card.h | 1 + include/linux/module.h | 5 - include/linux/mtd/nand-qpic-common.h | 4 +- include/linux/mtd/spinand.h | 74 +-- include/linux/tcp.h | 2 +- include/net/mac80211.h | 16 - include/trace/events/erofs.h | 18 - include/uapi/linux/videodev2.h | 12 +- io_uring/io-wq.c | 4 +- io_uring/io_uring.c | 2 +- io_uring/kbuf.c | 7 +- io_uring/net.c | 6 +- io_uring/rsrc.c | 8 +- io_uring/sqpoll.c | 5 +- ipc/shm.c | 5 +- kernel/bpf/bpf_struct_ops.c | 2 +- kernel/bpf/btf.c | 4 +- kernel/bpf/helpers.c | 3 +- kernel/cgroup/legacy_freezer.c | 3 +- kernel/events/core.c | 80 ++- kernel/exit.c | 17 +- kernel/module/main.c | 5 +- kernel/sched/core.c | 4 +- kernel/sched/ext.c | 5 + kernel/sched/ext.h | 2 + kernel/sched/fair.c | 4 +- kernel/sched/rt.c | 54 +- kernel/time/clocksource.c | 2 +- kernel/trace/ftrace.c | 10 +- kernel/trace/trace.c | 5 +- kernel/trace/trace_events_filter.c | 184 ++++-- kernel/trace/trace_functions_graph.c | 6 + kernel/watchdog.c | 41 +- kernel/workqueue.c | 7 +- lib/Kconfig | 1 + lib/alloc_tag.c | 12 +- lib/codetag.c | 34 +- mm/execmem.c | 40 +- mm/hugetlb.c | 67 +- mm/madvise.c | 7 +- mm/page-writeback.c | 2 +- mm/readahead.c | 22 +- mm/vma.c | 49 +- mm/vma.h | 7 + net/atm/common.c | 1 + net/atm/lec.c | 12 +- net/atm/raw.c | 2 +- net/bridge/br_mst.c | 4 +- net/bridge/br_multicast.c | 103 ++- net/bridge/br_private.h | 11 +- net/core/dev.c | 1 + net/core/filter.c | 19 +- net/core/page_pool.c | 4 + net/core/skbuff.c | 3 - net/core/skmsg.c | 3 +- net/core/sock.c | 4 +- net/ipv4/route.c | 4 + net/ipv4/tcp_fastopen.c | 3 + net/ipv4/tcp_input.c | 79 +-- net/ipv6/calipso.c | 8 + net/mac80211/cfg.c | 2 +- net/mac80211/debugfs_sta.c | 6 - net/mac80211/mesh_hwmp.c | 6 +- net/mac80211/rate.c | 2 - net/mac80211/sta_info.c | 28 - net/mac80211/sta_info.h | 11 - net/mac80211/tx.c | 15 +- net/mpls/af_mpls.c | 4 +- net/netfilter/nft_set_pipapo.c | 6 + net/nfc/nci/uart.c | 8 +- net/sched/sch_sfq.c | 10 +- net/sched/sch_taprio.c | 6 +- net/sctp/socket.c | 3 +- net/sunrpc/cache.c | 17 +- net/sunrpc/svc.c | 11 +- net/sunrpc/xprtrdma/svc_rdma_transport.c | 1 + net/sunrpc/xprtsock.c | 5 + net/tipc/crypto.c | 2 +- net/tipc/udp_media.c | 4 +- net/xfrm/xfrm_user.c | 52 +- scripts/Makefile.compiler | 4 +- security/selinux/xfrm.c | 2 +- sound/pci/hda/cs35l41_hda_property.c | 6 + sound/pci/hda/hda_intel.c | 2 + sound/pci/hda/patch_realtek.c | 15 + sound/soc/amd/acp/acp-sdw-legacy-mach.c | 2 +- sound/soc/amd/acp/acp-sdw-sof-mach.c | 2 +- sound/soc/amd/yc/acp6x-mach.c | 9 +- sound/soc/codecs/tas2770.c | 30 +- sound/soc/codecs/wcd937x.c | 7 +- sound/soc/generic/simple-card-utils.c | 23 +- sound/soc/meson/meson-card-utils.c | 2 +- sound/soc/qcom/sdm845.c | 4 + sound/soc/sdw_utils/soc_sdw_rt_amp.c | 2 +- sound/soc/tegra/tegra210_ahub.c | 2 + sound/usb/mixer_maps.c | 12 + tools/bpf/bpftool/cgroup.c | 12 +- tools/lib/bpf/btf.c | 18 +- tools/lib/bpf/libbpf.c | 6 + tools/net/ynl/pyynl/lib/ynl.py | 67 +- tools/perf/tests/tests-scripts.c | 1 + tools/perf/util/print-events.c | 1 + tools/testing/selftests/x86/Makefile | 2 +- tools/testing/selftests/x86/sigtrap_loop.c | 101 +++ tools/testing/vma/vma_internal.h | 2 + tools/tracing/rtla/src/utils.c | 2 + 660 files changed, 6754 insertions(+), 3773 deletions(-)

4 months, 2 weeks

10
9
0 0

[PATCH v4 6/6] LoongArch: KVM: Add address alignment check

by Bibo Mao

IOCSR instruction supports 1/2/4/8 bytes access, the address should be naturally aligned with its access size. Here address alignment checking is added in eiointc kernel emulation. Cc: stable(a)vger.kernel.org Fixes: 3956a52bc05b ("LoongArch: KVM: Add EIOINTC read and write functions") Signed-off-by: Bibo Mao <maobibo(a)loongson.cn> --- arch/loongarch/kvm/intc/eiointc.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/arch/loongarch/kvm/intc/eiointc.c b/arch/loongarch/kvm/intc/eiointc.c index d54fe805bf6e..fab5cf52779c 100644 --- a/arch/loongarch/kvm/intc/eiointc.c +++ b/arch/loongarch/kvm/intc/eiointc.c @@ -316,6 +316,11 @@ static int kvm_eiointc_read(struct kvm_vcpu *vcpu, return -EINVAL; } + if (addr & (len - 1)) { + kvm_err("%s: eiointc not aligned addr %llx len %d\n", __func__, addr, len); + return -EINVAL; + } + vcpu->kvm->stat.eiointc_read_exits++; spin_lock_irqsave(&eiointc->lock, flags); switch (len) { @@ -687,6 +692,11 @@ static int kvm_eiointc_write(struct kvm_vcpu *vcpu, return -EINVAL; } + if (addr & (len - 1)) { + kvm_err("%s: eiointc not aligned addr %llx len %d\n", __func__, addr, len); + return -EINVAL; + } + vcpu->kvm->stat.eiointc_write_exits++; spin_lock_irqsave(&eiointc->lock, flags); switch (len) { -- 2.39.3

4 months, 2 weeks

1
0
0 0

[PATCH v4 5/6] LoongArch: KVM: Avoid overflow with array index

by Bibo Mao

Variable index is modified and reused as array index when modify register EIOINTC_ENABLE. There will be array index overflow problem. Cc: stable(a)vger.kernel.org Fixes: 3956a52bc05b ("LoongArch: KVM: Add EIOINTC read and write functions") Signed-off-by: Bibo Mao <maobibo(a)loongson.cn> --- arch/loongarch/kvm/intc/eiointc.c | 17 +++++++---------- 1 file changed, 7 insertions(+), 10 deletions(-) diff --git a/arch/loongarch/kvm/intc/eiointc.c b/arch/loongarch/kvm/intc/eiointc.c index 169fe1de2c92..d54fe805bf6e 100644 --- a/arch/loongarch/kvm/intc/eiointc.c +++ b/arch/loongarch/kvm/intc/eiointc.c @@ -447,17 +447,16 @@ static int loongarch_eiointc_writew(struct kvm_vcpu *vcpu, break; case EIOINTC_ENABLE_START ... EIOINTC_ENABLE_END: index = (offset - EIOINTC_ENABLE_START) >> 1; - old_data = s->enable.reg_u32[index]; + old_data = s->enable.reg_u16[index]; s->enable.reg_u16[index] = data; /* * 1: enable irq. * update irq when isr is set. */ data = s->enable.reg_u16[index] & ~old_data & s->isr.reg_u16[index]; - index = index << 1; for (i = 0; i < sizeof(data); i++) { u8 mask = (data >> (i * 8)) & 0xff; - eiointc_enable_irq(vcpu, s, index + i, mask, 1); + eiointc_enable_irq(vcpu, s, index * 2 + i, mask, 1); } /* * 0: disable irq. @@ -466,7 +465,7 @@ static int loongarch_eiointc_writew(struct kvm_vcpu *vcpu, data = ~s->enable.reg_u16[index] & old_data & s->isr.reg_u16[index]; for (i = 0; i < sizeof(data); i++) { u8 mask = (data >> (i * 8)) & 0xff; - eiointc_enable_irq(vcpu, s, index, mask, 0); + eiointc_enable_irq(vcpu, s, index * 2 + i, mask, 0); } break; case EIOINTC_BOUNCE_START ... EIOINTC_BOUNCE_END: @@ -540,10 +539,9 @@ static int loongarch_eiointc_writel(struct kvm_vcpu *vcpu, * update irq when isr is set. */ data = s->enable.reg_u32[index] & ~old_data & s->isr.reg_u32[index]; - index = index << 2; for (i = 0; i < sizeof(data); i++) { u8 mask = (data >> (i * 8)) & 0xff; - eiointc_enable_irq(vcpu, s, index + i, mask, 1); + eiointc_enable_irq(vcpu, s, index * 4 + i, mask, 1); } /* * 0: disable irq. @@ -552,7 +550,7 @@ static int loongarch_eiointc_writel(struct kvm_vcpu *vcpu, data = ~s->enable.reg_u32[index] & old_data & s->isr.reg_u32[index]; for (i = 0; i < sizeof(data); i++) { u8 mask = (data >> (i * 8)) & 0xff; - eiointc_enable_irq(vcpu, s, index, mask, 0); + eiointc_enable_irq(vcpu, s, index * 4 + i, mask, 0); } break; case EIOINTC_BOUNCE_START ... EIOINTC_BOUNCE_END: @@ -626,10 +624,9 @@ static int loongarch_eiointc_writeq(struct kvm_vcpu *vcpu, * update irq when isr is set. */ data = s->enable.reg_u64[index] & ~old_data & s->isr.reg_u64[index]; - index = index << 3; for (i = 0; i < sizeof(data); i++) { u8 mask = (data >> (i * 8)) & 0xff; - eiointc_enable_irq(vcpu, s, index + i, mask, 1); + eiointc_enable_irq(vcpu, s, index * 8 + i, mask, 1); } /* * 0: disable irq. @@ -638,7 +635,7 @@ static int loongarch_eiointc_writeq(struct kvm_vcpu *vcpu, data = ~s->enable.reg_u64[index] & old_data & s->isr.reg_u64[index]; for (i = 0; i < sizeof(data); i++) { u8 mask = (data >> (i * 8)) & 0xff; - eiointc_enable_irq(vcpu, s, index, mask, 0); + eiointc_enable_irq(vcpu, s, index * 8 + i, mask, 0); } break; case EIOINTC_BOUNCE_START ... EIOINTC_BOUNCE_END: -- 2.39.3

4 months, 2 weeks

1
0
0 0

[PATCH v4 4/6] LoongArch: KVM: Check validation of num_cpu from user space

by Bibo Mao

The maximum supported cpu number is EIOINTC_ROUTE_MAX_VCPUS about irqchip eiointc, here add validation about cpu number to avoid array pointer overflow. Cc: stable(a)vger.kernel.org Fixes: 1ad7efa552fd ("LoongArch: KVM: Add EIOINTC user mode read and write functions") Signed-off-by: Bibo Mao <maobibo(a)loongson.cn> --- arch/loongarch/kvm/intc/eiointc.c | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/arch/loongarch/kvm/intc/eiointc.c b/arch/loongarch/kvm/intc/eiointc.c index b48511f903b5..169fe1de2c92 100644 --- a/arch/loongarch/kvm/intc/eiointc.c +++ b/arch/loongarch/kvm/intc/eiointc.c @@ -798,7 +798,7 @@ static int kvm_eiointc_ctrl_access(struct kvm_device *dev, int ret = 0; unsigned long flags; unsigned long type = (unsigned long)attr->attr; - u32 i, start_irq; + u32 i, start_irq, val; void __user *data; struct loongarch_eiointc *s = dev->kvm->arch.eiointc; @@ -806,8 +806,14 @@ static int kvm_eiointc_ctrl_access(struct kvm_device *dev, spin_lock_irqsave(&s->lock, flags); switch (type) { case KVM_DEV_LOONGARCH_EXTIOI_CTRL_INIT_NUM_CPU: - if (copy_from_user(&s->num_cpu, data, 4)) + if (copy_from_user(&val, data, 4)) ret = -EFAULT; + else { + if (val < EIOINTC_ROUTE_MAX_VCPUS) + s->num_cpu = val; + else + ret = -EINVAL; + } break; case KVM_DEV_LOONGARCH_EXTIOI_CTRL_INIT_FEATURE: if (copy_from_user(&s->features, data, 4)) @@ -835,7 +841,7 @@ static int kvm_eiointc_regs_access(struct kvm_device *dev, struct kvm_device_attr *attr, bool is_write) { - int addr, cpuid, offset, ret = 0; + int addr, cpu, offset, ret = 0; unsigned long flags; void *p = NULL; void __user *data; @@ -843,7 +849,7 @@ static int kvm_eiointc_regs_access(struct kvm_device *dev, s = dev->kvm->arch.eiointc; addr = attr->attr; - cpuid = addr >> 16; + cpu = addr >> 16; addr &= 0xffff; data = (void __user *)attr->addr; switch (addr) { @@ -868,8 +874,11 @@ static int kvm_eiointc_regs_access(struct kvm_device *dev, p = &s->isr.reg_u32[offset]; break; case EIOINTC_COREISR_START ... EIOINTC_COREISR_END: + if (cpu >= s->num_cpu) + return -EINVAL; + offset = (addr - EIOINTC_COREISR_START) / 4; - p = &s->coreisr.reg_u32[cpuid][offset]; + p = &s->coreisr.reg_u32[cpu][offset]; break; case EIOINTC_COREMAP_START ... EIOINTC_COREMAP_END: offset = (addr - EIOINTC_COREMAP_START) / 4; -- 2.39.3

4 months, 2 weeks

1
0
0 0

[PATCH v4 3/6] LoongArch: KVM: Disable update property num_cpu and feature

by Bibo Mao

Property num_cpu and feature is read-only once eiointc is created, which is set with KVM_DEV_LOONGARCH_EXTIOI_GRP_CTRL attr group before device creation. Attr group KVM_DEV_LOONGARCH_EXTIOI_GRP_SW_STATUS is to update register and software state for migration and reset usage, property num_cpu and feature can not be update again if it is created already. Here discard write operation with property num_cpu and feature in attr group KVM_DEV_LOONGARCH_EXTIOI_GRP_CTRL. Cc: stable(a)vger.kernel.org Fixes: 1ad7efa552fd ("LoongArch: KVM: Add EIOINTC user mode read and write functions") Signed-off-by: Bibo Mao <maobibo(a)loongson.cn> --- arch/loongarch/kvm/intc/eiointc.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/arch/loongarch/kvm/intc/eiointc.c b/arch/loongarch/kvm/intc/eiointc.c index 0b648c56b0c3..b48511f903b5 100644 --- a/arch/loongarch/kvm/intc/eiointc.c +++ b/arch/loongarch/kvm/intc/eiointc.c @@ -910,9 +910,22 @@ static int kvm_eiointc_sw_status_access(struct kvm_device *dev, data = (void __user *)attr->addr; switch (addr) { case KVM_DEV_LOONGARCH_EXTIOI_SW_STATUS_NUM_CPU: + /* + * Property num_cpu and feature is read-only once eiointc is + * created with KVM_DEV_LOONGARCH_EXTIOI_GRP_CTRL group API + * + * Disable writing with KVM_DEV_LOONGARCH_EXTIOI_GRP_SW_STATUS + * group API + */ + if (is_write) + return ret; + p = &s->num_cpu; break; case KVM_DEV_LOONGARCH_EXTIOI_SW_STATUS_FEATURE: + if (is_write) + return ret; + p = &s->features; break; case KVM_DEV_LOONGARCH_EXTIOI_SW_STATUS_STATE: -- 2.39.3

4 months, 2 weeks

1
0
0 0

[PATCH v4 2/6] LoongArch: KVM: Check interrupt route from physical cpu

by Bibo Mao

With eiointc interrupt controller, physical cpu id is set for irq route. However function kvm_get_vcpu() is used to get destination vCPU when delivering irq. With API kvm_get_vcpu(), logical cpu is used. With API kvm_get_vcpu_by_cpuid(), vCPU can be searched from physical cpu id. Cc: stable(a)vger.kernel.org Fixes: 3956a52bc05b ("LoongArch: KVM: Add EIOINTC read and write functions") Signed-off-by: Bibo Mao <maobibo(a)loongson.cn> --- arch/loongarch/kvm/intc/eiointc.c | 24 ++++++++++++++++++------ 1 file changed, 18 insertions(+), 6 deletions(-) diff --git a/arch/loongarch/kvm/intc/eiointc.c b/arch/loongarch/kvm/intc/eiointc.c index d2c521b0e923..0b648c56b0c3 100644 --- a/arch/loongarch/kvm/intc/eiointc.c +++ b/arch/loongarch/kvm/intc/eiointc.c @@ -9,7 +9,8 @@ static void eiointc_set_sw_coreisr(struct loongarch_eiointc *s) { - int ipnum, cpu, irq_index, irq_mask, irq; + int ipnum, cpu, irq_index, irq_mask, irq, cpuid; + struct kvm_vcpu *vcpu; for (irq = 0; irq < EIOINTC_IRQS; irq++) { ipnum = s->ipmap.reg_u8[irq / 32]; @@ -20,7 +21,12 @@ static void eiointc_set_sw_coreisr(struct loongarch_eiointc *s) irq_index = irq / 32; irq_mask = BIT(irq & 0x1f); - cpu = s->coremap.reg_u8[irq]; + cpuid = s->coremap.reg_u8[irq]; + vcpu = kvm_get_vcpu_by_cpuid(s->kvm, cpuid); + if (vcpu == NULL) + continue; + + cpu = vcpu->vcpu_id; if (!!(s->coreisr.reg_u32[cpu][irq_index] & irq_mask)) set_bit(irq, s->sw_coreisr[cpu][ipnum]); else @@ -68,17 +74,23 @@ static void eiointc_update_irq(struct loongarch_eiointc *s, int irq, int level) static inline void eiointc_update_sw_coremap(struct loongarch_eiointc *s, int irq, u64 val, u32 len, bool notify) { - int i, cpu; + int i, cpu, cpuid; + struct kvm_vcpu *vcpu; for (i = 0; i < len; i++) { - cpu = val & 0xff; + cpuid = val & 0xff; val = val >> 8; if (!(s->status & BIT(EIOINTC_ENABLE_CPU_ENCODE))) { - cpu = ffs(cpu) - 1; - cpu = (cpu >= 4) ? 0 : cpu; + cpuid = ffs(cpuid) - 1; + cpuid = (cpuid >= 4) ? 0 : cpuid; } + vcpu = kvm_get_vcpu_by_cpuid(s->kvm, cpuid); + if (vcpu == NULL) + continue; + + cpu = vcpu->vcpu_id; if (s->sw_coremap[irq + i] == cpu) continue; -- 2.39.3

4 months, 2 weeks

1
0
0 0

[PATCH v4 1/6] LoongArch: KVM: Fix interrupt route update with eiointc

by Bibo Mao

With function eiointc_update_sw_coremap(), there is forced assignment like val = *(u64 *)pvalue. Parameter pvalue may be pointer to char type or others, there is problem with forced assignment with u64 type. Here the detailed value is passed rather address pointer. Cc: stable(a)vger.kernel.org Fixes: 3956a52bc05b ("LoongArch: KVM: Add EIOINTC read and write functions") Signed-off-by: Bibo Mao <maobibo(a)loongson.cn> --- arch/loongarch/kvm/intc/eiointc.c | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/arch/loongarch/kvm/intc/eiointc.c b/arch/loongarch/kvm/intc/eiointc.c index f39929d7bf8a..d2c521b0e923 100644 --- a/arch/loongarch/kvm/intc/eiointc.c +++ b/arch/loongarch/kvm/intc/eiointc.c @@ -66,10 +66,9 @@ static void eiointc_update_irq(struct loongarch_eiointc *s, int irq, int level) } static inline void eiointc_update_sw_coremap(struct loongarch_eiointc *s, - int irq, void *pvalue, u32 len, bool notify) + int irq, u64 val, u32 len, bool notify) { int i, cpu; - u64 val = *(u64 *)pvalue; for (i = 0; i < len; i++) { cpu = val & 0xff; @@ -398,7 +397,7 @@ static int loongarch_eiointc_writeb(struct kvm_vcpu *vcpu, irq = offset - EIOINTC_COREMAP_START; index = irq; s->coremap.reg_u8[index] = data; - eiointc_update_sw_coremap(s, irq, (void *)&data, sizeof(data), true); + eiointc_update_sw_coremap(s, irq, data, sizeof(data), true); break; default: ret = -EINVAL; @@ -484,7 +483,7 @@ static int loongarch_eiointc_writew(struct kvm_vcpu *vcpu, irq = offset - EIOINTC_COREMAP_START; index = irq >> 1; s->coremap.reg_u16[index] = data; - eiointc_update_sw_coremap(s, irq, (void *)&data, sizeof(data), true); + eiointc_update_sw_coremap(s, irq, data, sizeof(data), true); break; default: ret = -EINVAL; @@ -570,7 +569,7 @@ static int loongarch_eiointc_writel(struct kvm_vcpu *vcpu, irq = offset - EIOINTC_COREMAP_START; index = irq >> 2; s->coremap.reg_u32[index] = data; - eiointc_update_sw_coremap(s, irq, (void *)&data, sizeof(data), true); + eiointc_update_sw_coremap(s, irq, data, sizeof(data), true); break; default: ret = -EINVAL; @@ -656,7 +655,7 @@ static int loongarch_eiointc_writeq(struct kvm_vcpu *vcpu, irq = offset - EIOINTC_COREMAP_START; index = irq >> 3; s->coremap.reg_u64[index] = data; - eiointc_update_sw_coremap(s, irq, (void *)&data, sizeof(data), true); + eiointc_update_sw_coremap(s, irq, data, sizeof(data), true); break; default: ret = -EINVAL; @@ -809,7 +808,7 @@ static int kvm_eiointc_ctrl_access(struct kvm_device *dev, for (i = 0; i < (EIOINTC_IRQS / 4); i++) { start_irq = i * 4; eiointc_update_sw_coremap(s, start_irq, - (void *)&s->coremap.reg_u32[i], sizeof(u32), false); + s->coremap.reg_u32[i], sizeof(u32), false); } break; default: -- 2.39.3

4 months, 2 weeks

1
0
0 0

[PATCH v3 4/9] LoongArch: KVM: INTC: Check validation of num_cpu from user space

by Bibo Mao

The maximum supported cpu number is EIOINTC_ROUTE_MAX_VCPUS about irqchip eiointc, here add validation about cpu number to avoid array pointer overflow. Cc: stable(a)vger.kernel.org Fixes: 1ad7efa552fd ("LoongArch: KVM: Add EIOINTC user mode read and write functions") Signed-off-by: Bibo Mao <maobibo(a)loongson.cn> --- arch/loongarch/kvm/intc/eiointc.c | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/arch/loongarch/kvm/intc/eiointc.c b/arch/loongarch/kvm/intc/eiointc.c index b48511f903b5..ed80bf290755 100644 --- a/arch/loongarch/kvm/intc/eiointc.c +++ b/arch/loongarch/kvm/intc/eiointc.c @@ -798,7 +798,7 @@ static int kvm_eiointc_ctrl_access(struct kvm_device *dev, int ret = 0; unsigned long flags; unsigned long type = (unsigned long)attr->attr; - u32 i, start_irq; + u32 i, start_irq, val; void __user *data; struct loongarch_eiointc *s = dev->kvm->arch.eiointc; @@ -806,7 +806,12 @@ static int kvm_eiointc_ctrl_access(struct kvm_device *dev, spin_lock_irqsave(&s->lock, flags); switch (type) { case KVM_DEV_LOONGARCH_EXTIOI_CTRL_INIT_NUM_CPU: - if (copy_from_user(&s->num_cpu, data, 4)) + if (copy_from_user(&val, data, 4) == 0) { + if (val < EIOINTC_ROUTE_MAX_VCPUS) + s->num_cpu = val; + else + ret = -EINVAL; + } else ret = -EFAULT; break; case KVM_DEV_LOONGARCH_EXTIOI_CTRL_INIT_FEATURE: @@ -835,7 +840,7 @@ static int kvm_eiointc_regs_access(struct kvm_device *dev, struct kvm_device_attr *attr, bool is_write) { - int addr, cpuid, offset, ret = 0; + int addr, cpu, offset, ret = 0; unsigned long flags; void *p = NULL; void __user *data; @@ -843,7 +848,7 @@ static int kvm_eiointc_regs_access(struct kvm_device *dev, s = dev->kvm->arch.eiointc; addr = attr->attr; - cpuid = addr >> 16; + cpu = addr >> 16; addr &= 0xffff; data = (void __user *)attr->addr; switch (addr) { @@ -868,8 +873,11 @@ static int kvm_eiointc_regs_access(struct kvm_device *dev, p = &s->isr.reg_u32[offset]; break; case EIOINTC_COREISR_START ... EIOINTC_COREISR_END: + if (cpu >= s->num_cpu) + return -EINVAL; + offset = (addr - EIOINTC_COREISR_START) / 4; - p = &s->coreisr.reg_u32[cpuid][offset]; + p = &s->coreisr.reg_u32[cpu][offset]; break; case EIOINTC_COREMAP_START ... EIOINTC_COREMAP_END: offset = (addr - EIOINTC_COREMAP_START) / 4; -- 2.39.3

4 months, 2 weeks

2
5
0 0

[PATCH 5.15] bpf, sockmap: Fix skb refcnt race after locking changes

by Pranav Tyagi

From: John Fastabend <john.fastabend(a)gmail.com> [ Upstream commit a454d84ee20baf7bd7be90721b9821f73c7d23d9 ] There is a race where skb's from the sk_psock_backlog can be referenced after userspace side has already skb_consumed() the sk_buff and its refcnt dropped to zer0 causing use after free. The flow is the following: while ((skb = skb_peek(&psock->ingress_skb)) sk_psock_handle_Skb(psock, skb, ..., ingress) if (!ingress) ... sk_psock_skb_ingress sk_psock_skb_ingress_enqueue(skb) msg->skb = skb sk_psock_queue_msg(psock, msg) skb_dequeue(&psock->ingress_skb) The sk_psock_queue_msg() puts the msg on the ingress_msg queue. This is what the application reads when recvmsg() is called. An application can read this anytime after the msg is placed on the queue. The recvmsg hook will also read msg->skb and then after user space reads the msg will call consume_skb(skb) on it effectively free'ing it. But, the race is in above where backlog queue still has a reference to the skb and calls skb_dequeue(). If the skb_dequeue happens after the user reads and free's the skb we have a use after free. The !ingress case does not suffer from this problem because it uses sendmsg_*(sk, msg) which does not pass the sk_buff further down the stack. The following splat was observed with 'test_progs -t sockmap_listen': [ 1022.710250][ T2556] general protection fault, ... [...] [ 1022.712830][ T2556] Workqueue: events sk_psock_backlog [ 1022.713262][ T2556] RIP: 0010:skb_dequeue+0x4c/0x80 [ 1022.713653][ T2556] Code: ... [...] [ 1022.720699][ T2556] Call Trace: [ 1022.720984][ T2556] <TASK> [ 1022.721254][ T2556] ? die_addr+0x32/0x80^M [ 1022.721589][ T2556] ? exc_general_protection+0x25a/0x4b0 [ 1022.722026][ T2556] ? asm_exc_general_protection+0x22/0x30 [ 1022.722489][ T2556] ? skb_dequeue+0x4c/0x80 [ 1022.722854][ T2556] sk_psock_backlog+0x27a/0x300 [ 1022.723243][ T2556] process_one_work+0x2a7/0x5b0 [ 1022.723633][ T2556] worker_thread+0x4f/0x3a0 [ 1022.723998][ T2556] ? __pfx_worker_thread+0x10/0x10 [ 1022.724386][ T2556] kthread+0xfd/0x130 [ 1022.724709][ T2556] ? __pfx_kthread+0x10/0x10 [ 1022.725066][ T2556] ret_from_fork+0x2d/0x50 [ 1022.725409][ T2556] ? __pfx_kthread+0x10/0x10 [ 1022.725799][ T2556] ret_from_fork_asm+0x1b/0x30 [ 1022.726201][ T2556] </TASK> To fix we add an skb_get() before passing the skb to be enqueued in the engress queue. This bumps the skb->users refcnt so that consume_skb() and kfree_skb will not immediately free the sk_buff. With this we can be sure the skb is still around when we do the dequeue. Then we just need to decrement the refcnt or free the skb in the backlog case which we do by calling kfree_skb() on the ingress case as well as the sendmsg case. Before locking change from fixes tag we had the sock locked so we couldn't race with user and there was no issue here. [ Backport to 5.15: context cleanly applied with no semantic changes. Build-tested. ] Fixes: 799aa7f98d53e ("skmsg: Avoid lock_sock() in sk_psock_backlog()") Reported-by: Jiri Olsa <jolsa(a)kernel.org> Signed-off-by: John Fastabend <john.fastabend(a)gmail.com> Signed-off-by: Daniel Borkmann <daniel(a)iogearbox.net> Tested-by: Xu Kuohai <xukuohai(a)huawei.com> Tested-by: Jiri Olsa <jolsa(a)kernel.org> Link: https://lore.kernel.org/bpf/20230901202137.214666-1-john.fastabend@gmail.com Signed-off-by: Pranav Tyagi <pranav.tyagi03(a)gmail.com> --- net/core/skmsg.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/net/core/skmsg.c b/net/core/skmsg.c index a5947aa55983..a13ddb9976ad 100644 --- a/net/core/skmsg.c +++ b/net/core/skmsg.c @@ -608,12 +608,18 @@ static int sk_psock_skb_ingress_self(struct sk_psock *psock, struct sk_buff *skb static int sk_psock_handle_skb(struct sk_psock *psock, struct sk_buff *skb, u32 off, u32 len, bool ingress) { + int err = 0; + if (!ingress) { if (!sock_writeable(psock->sk)) return -EAGAIN; return skb_send_sock(psock->sk, skb, off, len); } - return sk_psock_skb_ingress(psock, skb, off, len); + skb_get(skb); + err = sk_psock_skb_ingress(psock, skb, off, len); + if (err < 0) + kfree_skb(skb); + return err; } static void sk_psock_skb_state(struct sk_psock *psock, @@ -681,9 +687,7 @@ static void sk_psock_backlog(struct work_struct *work) } while (len); skb = skb_dequeue(&psock->ingress_skb); - if (!ingress) { - kfree_skb(skb); - } + kfree_skb(skb); } end: mutex_unlock(&psock->work_mutex); -- 2.49.0

4 months, 2 weeks

1
0
0 0

[PATCH] ipmi: fix underflow in ipmi_create_user()

by Yi Yang

Syzkaller reported this bug: ================================================================== BUG: KASAN: global-out-of-bounds in instrument_atomic_read_write include/linux/instrumented.h:96 [inline] BUG: KASAN: global-out-of-bounds in atomic_dec include/linux/atomic/atomic-instrumented.h:592 [inline] BUG: KASAN: global-out-of-bounds in ipmi_create_user.part.0+0x5e5/0x790 drivers/char/ipmi/ipmi_msghandler.c:1291 Write of size 4 at addr ffffffff8fc6a438 by task syz.5.1074/5888 CPU: 0 PID: 5888 Comm: syz.5.1074 Not tainted 6.6.0+ #60 ...... Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x72/0xa0 lib/dump_stack.c:106 print_address_description.constprop.0+0x6b/0x3d0 mm/kasan/report.c:364 print_report+0xba/0x280 mm/kasan/report.c:475 kasan_report+0xa9/0xe0 mm/kasan/report.c:588 check_region_inline mm/kasan/generic.c:181 [inline] kasan_check_range+0x100/0x1c0 mm/kasan/generic.c:187 instrument_atomic_read_write include/linux/instrumented.h:96 [inline] atomic_dec include/linux/atomic/atomic-instrumented.h:592 [inline] ipmi_create_user.part.0+0x5e5/0x790 drivers/char/ipmi/ipmi_msghandler.c:1291 ipmi_create_user+0x56/0x80 drivers/char/ipmi/ipmi_msghandler.c:1236 ipmi_open+0xac/0x2b0 drivers/char/ipmi/ipmi_devintf.c:97 chrdev_open+0x276/0x700 fs/char_dev.c:414 do_dentry_open+0x6a7/0x1410 fs/open.c:929 vfs_open+0xd1/0x440 fs/open.c:1060 do_open+0x957/0x10d0 fs/namei.c:3671 path_openat+0x258/0x770 fs/namei.c:3830 do_filp_open+0x1c7/0x410 fs/namei.c:3857 do_sys_openat2+0x5bd/0x6a0 fs/open.c:1428 do_sys_open fs/open.c:1443 [inline] __do_sys_openat fs/open.c:1459 [inline] __se_sys_openat fs/open.c:1454 [inline] __x64_sys_openat+0x17a/0x210 fs/open.c:1454 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x59/0x110 arch/x86/entry/common.c:81 entry_SYSCALL_64_after_hwframe+0x78/0xe2 RIP: 0033:0x54d2cd Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f4751920048 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 RAX: ffffffffffffffda RBX: 0000000000796080 RCX: 000000000054d2cd RDX: 0000000000000000 RSI: 0000000020004280 RDI: ffffffffffffff9c RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: 000000000000001e R11: 0000000000000246 R12: 000000000079608c R13: 0000000000000000 R14: 0000000000796080 R15: 00007f4751900000 </TASK> The buggy address belongs to the variable: ipmi_interfaces+0x38/0x40 The buggy address belongs to the physical page: page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x45a6a flags: 0x3fffff00004000(reserved|node=0|zone=1|lastcpupid=0x1fffff) raw: 003fffff00004000 ffffea0001169a88 ffffea0001169a88 0000000000000000 raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffffffff8fc6a300: 00 00 00 00 f9 f9 f9 f9 00 00 00 00 f9 f9 f9 f9 ffffffff8fc6a380: 00 00 f9 f9 f9 f9 f9 f9 00 00 00 00 f9 f9 f9 f9 >ffffffff8fc6a400: 00 00 f9 f9 f9 f9 f9 f9 00 00 00 00 f9 f9 f9 f9 ^ ffffffff8fc6a480: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffffffff8fc6a500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f9 f9 ================================================================== In the ipmi_create_user() function, the intf->nr_users variable has an underflow issue. Specifically, on the exception path (goto out_kfree;) before atomic_add_return(), calling atomic_dec() when intf->nr_users has not been incremented will result in an underflow. The relevant code has been completely rewritten in the next tree and has been fixed with commit 9e91f8a6c868 ("ipmi:msghandler: Remove srcu for the ipmi_interfaces list"). However, the issue still exists in the 5.19+ stable branches and needs to be fixed on those branches. Cc: stable(a)vger.kernel.org # 5.19+ Fixes: 8e76741c3d8b ("ipmi: Add a limit on the number of users that may use IPMI") Signed-off-by: Yi Yang <yiyang13(a)huawei.com> --- drivers/char/ipmi/ipmi_msghandler.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/drivers/char/ipmi/ipmi_msghandler.c b/drivers/char/ipmi/ipmi_msghandler.c index 186f1fee7534..0293fad2f4f2 100644 --- a/drivers/char/ipmi/ipmi_msghandler.c +++ b/drivers/char/ipmi/ipmi_msghandler.c @@ -1246,18 +1246,18 @@ int ipmi_create_user(unsigned int if_num, found: if (atomic_add_return(1, &intf->nr_users) > max_users) { rv = -EBUSY; - goto out_kfree; + goto out_dec; } INIT_WORK(&new_user->remove_work, free_user_work); rv = init_srcu_struct(&new_user->release_barrier); if (rv) - goto out_kfree; + goto out_dec; if (!try_module_get(intf->owner)) { rv = -ENODEV; - goto out_kfree; + goto out_dec; } /* Note that each existing user holds a refcount to the interface. */ @@ -1281,8 +1281,9 @@ int ipmi_create_user(unsigned int if_num, *user = new_user; return 0; -out_kfree: +out_dec: atomic_dec(&intf->nr_users); +out_kfree: srcu_read_unlock(&ipmi_interfaces_srcu, index); vfree(new_user); return rv; -- 2.25.1

4 months, 2 weeks

1
1
0 0

[PATCH v2] iommu/rockchip: prevent iommus dead loop when two masters share one IOMMU

by Simon Xue

When two masters share an IOMMU, calling ops->of_xlate during the second master's driver init may overwrite iommu->domain set by the first. This causes the check if (iommu->domain == domain) in rk_iommu_attach_device() to fail, resulting in the same iommu->node being added twice to &rk_domain->iommus, which can lead to an infinite loop in subsequent &rk_domain->iommus operations. Fixes: 25c2325575cc ("iommu/rockchip: Add missing set_platform_dma_ops callback") Signed-off-by: Simon Xue <xxm(a)rock-chips.com> Reviewed-by: Robin Murphy <robin.murphy(a)arm.com> v2: No functional changes. --- drivers/iommu/rockchip-iommu.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/iommu/rockchip-iommu.c b/drivers/iommu/rockchip-iommu.c index 22f74ba33a0e..e6bb3c784017 100644 --- a/drivers/iommu/rockchip-iommu.c +++ b/drivers/iommu/rockchip-iommu.c @@ -1157,7 +1157,6 @@ static int rk_iommu_of_xlate(struct device *dev, return -ENOMEM; data->iommu = platform_get_drvdata(iommu_dev); - data->iommu->domain = &rk_identity_domain; dev_iommu_priv_set(dev, data); platform_device_put(iommu_dev); @@ -1195,6 +1194,8 @@ static int rk_iommu_probe(struct platform_device *pdev) if (!iommu) return -ENOMEM; + iommu->domain = &rk_identity_domain; + platform_set_drvdata(pdev, iommu); iommu->dev = dev; iommu->num_mmu = 0; -- 2.34.1

4 months, 2 weeks

3
3
0 0

[PATCH v2] x86/sev: Use TSC_FACTOR for Secure TSC frequency calculation

by Nikunj A Dadhania

When using Secure TSC, the GUEST_TSC_FREQ MSR reports a frequency based on the nominal P0 frequency, which deviates slightly (typically ~0.2%) from the actual mean TSC frequency due to clocking parameters. Over extended VM uptime, this discrepancy accumulates, causing clock skew between the hypervisor and SEV-SNP VM, leading to early timer interrupts as perceived by the guest. The guest kernel relies on the reported nominal frequency for TSC-based timekeeping, while the actual frequency set during SNP_LAUNCH_START may differ. This mismatch results in inaccurate time calculations, causing the guest to perceive hrtimers as firing earlier than expected. Utilize the TSC_FACTOR from the SEV firmware's secrets page (see "Secrets Page Format" in the SNP Firmware ABI Specification) to calculate the mean TSC frequency, ensuring accurate timekeeping and mitigating clock skew in SEV-SNP VMs. Use early_ioremap_encrypted() to map the secrets page as ioremap_encrypted() uses kmalloc() which is not available during early TSC initialization and causes a panic. Fixes: 73bbf3b0fbba ("x86/tsc: Init the TSC for Secure TSC guests") Cc: stable(a)vger.kernel.org Signed-off-by: Nikunj A Dadhania <nikunj(a)amd.com> --- v2: * Move the SNP TSC scaling constant to the header (Dionna) * Drop the unsigned long cast and add in securetsc_get_tsc_khz (Tom) * Drop the RB from Tom as the code has changed --- arch/x86/include/asm/sev.h | 18 +++++++++++++++++- arch/x86/coco/sev/core.c | 16 ++++++++++++++-- 2 files changed, 31 insertions(+), 3 deletions(-) diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h index fbb616fcbfb8..869355367210 100644 --- a/arch/x86/include/asm/sev.h +++ b/arch/x86/include/asm/sev.h @@ -223,6 +223,19 @@ struct snp_tsc_info_resp { u8 rsvd2[100]; } __packed; + +/* + * Obtain the mean TSC frequency by decreasing the nominal TSC frequency with + * TSC_FACTOR as documented in the SNP Firmware ABI specification: + * + * GUEST_TSC_FREQ * (1 - (TSC_FACTOR * 0.00001)) + * + * which is equivalent to: + * + * GUEST_TSC_FREQ -= (GUEST_TSC_FREQ * TSC_FACTOR) / 100000; + */ +#define SNP_SCALE_TSC_FREQ(freq, factor) ((freq) - ((freq) * (factor)) / 100000) + struct snp_guest_req { void *req_buf; size_t req_sz; @@ -283,8 +296,11 @@ struct snp_secrets_page { u8 svsm_guest_vmpl; u8 rsvd3[3]; + /* The percentage decrease from nominal to mean TSC frequency. */ + u32 tsc_factor; + /* Remainder of page */ - u8 rsvd4[3744]; + u8 rsvd4[3740]; } __packed; struct snp_msg_desc { diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c index 8375ca7fbd8a..36f419ff25d4 100644 --- a/arch/x86/coco/sev/core.c +++ b/arch/x86/coco/sev/core.c @@ -2156,20 +2156,32 @@ void __init snp_secure_tsc_prepare(void) static unsigned long securetsc_get_tsc_khz(void) { - return snp_tsc_freq_khz; + return (unsigned long)snp_tsc_freq_khz; } void __init snp_secure_tsc_init(void) { + struct snp_secrets_page *secrets; unsigned long long tsc_freq_mhz; + void *mem; if (!cc_platform_has(CC_ATTR_GUEST_SNP_SECURE_TSC)) return; + mem = early_memremap_encrypted(sev_secrets_pa, PAGE_SIZE); + if (!mem) { + pr_err("Unable to get TSC_FACTOR: failed to map the SNP secrets page.\n"); + sev_es_terminate(SEV_TERM_SET_LINUX, GHCB_TERM_SECURE_TSC); + } + + secrets = (__force struct snp_secrets_page *)mem; + setup_force_cpu_cap(X86_FEATURE_TSC_KNOWN_FREQ); rdmsrq(MSR_AMD64_GUEST_TSC_FREQ, tsc_freq_mhz); - snp_tsc_freq_khz = (unsigned long)(tsc_freq_mhz * 1000); + snp_tsc_freq_khz = SNP_SCALE_TSC_FREQ(tsc_freq_mhz * 1000, secrets->tsc_factor); x86_platform.calibrate_cpu = securetsc_get_tsc_khz; x86_platform.calibrate_tsc = securetsc_get_tsc_khz; + + early_memunmap(mem, PAGE_SIZE); } base-commit: 49151ac6671fe0372261054daf5e4da3567b8271 -- 2.43.0

4 months, 2 weeks

4
4
0 0

[PATCH v2 1/1] iommu/vt-d: Assign devtlb cache tag on ATS enablement

by Lu Baolu

Commit <4f1492efb495> ("iommu/vt-d: Revert ATS timing change to fix boot failure") placed the enabling of ATS in the probe_finalize callback. This occurs after the default domain attachment, which is when the ATS cache tag is assigned. Consequently, the device TLB cache tag is missed when the domain is attached, leading to the device TLB not being invalidated in the iommu_unmap paths. Fix this by assigning the CACHE_TAG_DEVTLB cache tag when ATS is enabled. Fixes: 4f1492efb495 ("iommu/vt-d: Revert ATS timing change to fix boot failure") Cc: stable(a)vger.kernel.org Suggested-by: Kevin Tian <kevin.tian(a)intel.com> Signed-off-by: Lu Baolu <baolu.lu(a)linux.intel.com> Tested-by: Shuicheng Lin <shuicheng.lin(a)intel.com> --- drivers/iommu/intel/cache.c | 5 ++--- drivers/iommu/intel/iommu.c | 11 ++++++++++- drivers/iommu/intel/iommu.h | 2 ++ 3 files changed, 14 insertions(+), 4 deletions(-) Change log: v2: - The v1 solution has a flaw: ATS will never be enabled for drivers with driver_managed_dma enabled, as their devices are not expected to be automatically attached to the default domain. v1: https://lore.kernel.org/linux-iommu/20250620060802.3036137-1-baolu.lu@linux… diff --git a/drivers/iommu/intel/cache.c b/drivers/iommu/intel/cache.c index fc35cba59145..47692cbfaabd 100644 --- a/drivers/iommu/intel/cache.c +++ b/drivers/iommu/intel/cache.c @@ -40,9 +40,8 @@ static bool cache_tage_match(struct cache_tag *tag, u16 domain_id, } /* Assign a cache tag with specified type to domain. */ -static int cache_tag_assign(struct dmar_domain *domain, u16 did, - struct device *dev, ioasid_t pasid, - enum cache_tag_type type) +int cache_tag_assign(struct dmar_domain *domain, u16 did, struct device *dev, + ioasid_t pasid, enum cache_tag_type type) { struct device_domain_info *info = dev_iommu_priv_get(dev); struct intel_iommu *iommu = info->iommu; diff --git a/drivers/iommu/intel/iommu.c b/drivers/iommu/intel/iommu.c index 7aa3932251b2..148b944143b8 100644 --- a/drivers/iommu/intel/iommu.c +++ b/drivers/iommu/intel/iommu.c @@ -3780,8 +3780,17 @@ static void intel_iommu_probe_finalize(struct device *dev) !pci_enable_pasid(to_pci_dev(dev), info->pasid_supported & ~1)) info->pasid_enabled = 1; - if (sm_supported(iommu) && !dev_is_real_dma_subdevice(dev)) + if (sm_supported(iommu) && !dev_is_real_dma_subdevice(dev)) { iommu_enable_pci_ats(info); + /* Assign a DEVTLB cache tag to the default domain. */ + if (info->ats_enabled && info->domain) { + u16 did = domain_id_iommu(info->domain, iommu); + + if (cache_tag_assign(info->domain, did, dev, + IOMMU_NO_PASID, CACHE_TAG_DEVTLB)) + iommu_disable_pci_ats(info); + } + } iommu_enable_pci_pri(info); } diff --git a/drivers/iommu/intel/iommu.h b/drivers/iommu/intel/iommu.h index 3ddbcc603de2..2d1afab5eedc 100644 --- a/drivers/iommu/intel/iommu.h +++ b/drivers/iommu/intel/iommu.h @@ -1289,6 +1289,8 @@ struct cache_tag { unsigned int users; }; +int cache_tag_assign(struct dmar_domain *domain, u16 did, struct device *dev, + ioasid_t pasid, enum cache_tag_type type); int cache_tag_assign_domain(struct dmar_domain *domain, struct device *dev, ioasid_t pasid); void cache_tag_unassign_domain(struct dmar_domain *domain, -- 2.43.0

4 months, 2 weeks

2
1
0 0

[PATCH v2] dmaengine: mediatek: Fix a flag reuse error in mtk_cqdma_tx_status()

by Qiu-ji Chen

Fixed a flag reuse bug in the mtk_cqdma_tx_status() function. Fixes: 157ae5ffd76a ("dmaengine: mediatek: Fix a possible deadlock error in mtk_cqdma_tx_status()") Cc: stable(a)vger.kernel.org Reported-by: kernel test robot <lkp(a)intel.com> Closes: https://lore.kernel.org/oe-kbuild-all/202505270641.MStzJUfU-lkp@intel.com/ Signed-off-by: Qiu-ji Chen <chenqiuji666(a)gmail.com> --- V2: Change the inner vc lock from spin_lock_irqsave() to spin_lock() Thanks Eugen Hristev for helpful suggestion. --- drivers/dma/mediatek/mtk-cqdma.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/dma/mediatek/mtk-cqdma.c b/drivers/dma/mediatek/mtk-cqdma.c index 47c8adfdc155..9f0c41ca7770 100644 --- a/drivers/dma/mediatek/mtk-cqdma.c +++ b/drivers/dma/mediatek/mtk-cqdma.c @@ -449,9 +449,9 @@ static enum dma_status mtk_cqdma_tx_status(struct dma_chan *c, return ret; spin_lock_irqsave(&cvc->pc->lock, flags); - spin_lock_irqsave(&cvc->vc.lock, flags); + spin_lock(&cvc->vc.lock); vd = mtk_cqdma_find_active_desc(c, cookie); - spin_unlock_irqrestore(&cvc->vc.lock, flags); + spin_unlock(&cvc->vc.lock); spin_unlock_irqrestore(&cvc->pc->lock, flags); if (vd) { -- 2.34.1

4 months, 2 weeks

4
3
0 0

[PATCH] i2c/designware: Fix an initialization issue

by Michael J. Ruhl

The i2c_dw_xfer_init() function requires msgs and msg_write_idx from the dev context to be initialized. amd_i2c_dw_xfer_quirk() inits msgs and msgs_num, but not msg_write_idx. This could allow an out of bounds access (of msgs). Initialize msg_write_idx before calling i2c_dw_xfer_init(). Fixes: 17631e8ca2d3 ("i2c: designware: Add driver support for AMD NAVI GPU") Cc: <stable(a)vger.kernel.org> Signed-off-by: Michael J. Ruhl <michael.j.ruhl(a)intel.com> --- drivers/i2c/busses/i2c-designware-master.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/i2c/busses/i2c-designware-master.c b/drivers/i2c/busses/i2c-designware-master.c index c5394229b77f..40aa5114bf8c 100644 --- a/drivers/i2c/busses/i2c-designware-master.c +++ b/drivers/i2c/busses/i2c-designware-master.c @@ -363,6 +363,7 @@ static int amd_i2c_dw_xfer_quirk(struct i2c_adapter *adap, struct i2c_msg *msgs, dev->msgs = msgs; dev->msgs_num = num_msgs; + dev->msg_write_idx = 0; i2c_dw_xfer_init(dev); /* Initiate messages read/write transaction */ -- 2.49.0

4 months, 2 weeks

2
1
0 0

[PATCH V2] powercap: intel_rapl: Do not change CLAMPING bit if ENABLE bit cannot be changed

by Zhang Rui

PL1 cannot be disabled on some platforms. The ENABLE bit is still set after software clears it. This behavior leads to a scenario where, upon user request to disable the Power Limit through the powercap sysfs, the ENABLE bit remains set while the CLAMPING bit is inadvertently cleared. According to the Intel Software Developer's Manual, the CLAMPING bit, "When set, allows the processor to go below the OS requested P states in order to maintain the power below specified Platform Power Limit value." Thus this means the system may operate at higher power levels than intended on such platforms. Enhance the code to check ENABLE bit after writing to it, and stop further processing if ENABLE bit cannot be changed. Cc: stable(a)vger.kernel.org Reported-by: Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> Fixes: 2d281d8196e3 ("PowerCap: Introduce Intel RAPL power capping driver") Signed-off-by: Zhang Rui <rui.zhang(a)intel.com> --- Changes since V1: - Add Fixes tag - CC stable kernel --- drivers/powercap/intel_rapl_common.c | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/drivers/powercap/intel_rapl_common.c b/drivers/powercap/intel_rapl_common.c index e3be40adc0d7..602f540cbe15 100644 --- a/drivers/powercap/intel_rapl_common.c +++ b/drivers/powercap/intel_rapl_common.c @@ -341,12 +341,27 @@ static int set_domain_enable(struct powercap_zone *power_zone, bool mode) { struct rapl_domain *rd = power_zone_to_rapl_domain(power_zone); struct rapl_defaults *defaults = get_defaults(rd->rp); + u64 val; int ret; cpus_read_lock(); ret = rapl_write_pl_data(rd, POWER_LIMIT1, PL_ENABLE, mode); - if (!ret && defaults->set_floor_freq) + if (ret) + goto end; + + ret = rapl_read_pl_data(rd, POWER_LIMIT1, PL_ENABLE, false, &val); + if (ret) + goto end; + + if (mode != val) { + pr_debug("%s cannot be %s\n", power_zone->name, mode ? "enabled" : "disabled"); + goto end; + } + + if (defaults->set_floor_freq) defaults->set_floor_freq(rd, mode); + +end: cpus_read_unlock(); return ret; -- 2.43.0

4 months, 2 weeks

2
1
0 0

[PATCH] i2c/designware: Fix an initialization issue

by Michael J. Ruhl

The i2c_dw_xfer_init() function requires msgs and msg_write_idx from the dev context to be initialized. amd_i2c_dw_xfer_quirk() inits msgs and msgs_num, but not msg_write_idx. This could allow an out of bounds access (of msgs). Initialize msg_write_idx before calling i2c_dw_xfer_init(). Fixes: 17631e8ca2d3 ("i2c: designware: Add driver support for AMD NAVI GPU") Cc: <stable(a)vger.kernel.org> Signed-off-by: Michael J. Ruhl <michael.j.ruhl(a)intel.com> --- drivers/i2c/busses/i2c-designware-master.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/i2c/busses/i2c-designware-master.c b/drivers/i2c/busses/i2c-designware-master.c index c5394229b77f..40aa5114bf8c 100644 --- a/drivers/i2c/busses/i2c-designware-master.c +++ b/drivers/i2c/busses/i2c-designware-master.c @@ -363,6 +363,7 @@ static int amd_i2c_dw_xfer_quirk(struct i2c_adapter *adap, struct i2c_msg *msgs, dev->msgs = msgs; dev->msgs_num = num_msgs; + dev->msg_write_idx = 0; i2c_dw_xfer_init(dev); /* Initiate messages read/write transaction */ -- 2.49.0

4 months, 2 weeks

1
0
0 0

[PATCH] tpm_crb_ffa: Remove unused export

by Jarkko Sakkinen

From: Jarkko Sakkinen <jarkko.sakkinen(a)opinsys.com> Remove the export of tpm_crb_ffa_get_interface_version() as it has no callers outside tpm_crb_ffa. Cc: stable(a)vger.kernel.org # v6.15+ Fixes: eb93f0734ef1 ("tpm_crb: ffa_tpm: Implement driver compliant to CRB over FF-A") Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen(a)opinsys.com> --- drivers/char/tpm/tpm_crb_ffa.c | 3 +-- drivers/char/tpm/tpm_crb_ffa.h | 2 -- 2 files changed, 1 insertion(+), 4 deletions(-) diff --git a/drivers/char/tpm/tpm_crb_ffa.c b/drivers/char/tpm/tpm_crb_ffa.c index 462fcf610020..9c6a2988a598 100644 --- a/drivers/char/tpm/tpm_crb_ffa.c +++ b/drivers/char/tpm/tpm_crb_ffa.c @@ -247,7 +247,7 @@ static int __tpm_crb_ffa_send_recieve(unsigned long func_id, * * Return: 0 on success, negative error code on failure. */ -int tpm_crb_ffa_get_interface_version(u16 *major, u16 *minor) +static int tpm_crb_ffa_get_interface_version(u16 *major, u16 *minor) { int rc; @@ -275,7 +275,6 @@ int tpm_crb_ffa_get_interface_version(u16 *major, u16 *minor) return rc; } -EXPORT_SYMBOL_GPL(tpm_crb_ffa_get_interface_version); /** * tpm_crb_ffa_start() - signals the TPM that a field has changed in the CRB diff --git a/drivers/char/tpm/tpm_crb_ffa.h b/drivers/char/tpm/tpm_crb_ffa.h index 645c41ede10e..d7e1344ea003 100644 --- a/drivers/char/tpm/tpm_crb_ffa.h +++ b/drivers/char/tpm/tpm_crb_ffa.h @@ -11,11 +11,9 @@ #if IS_REACHABLE(CONFIG_TCG_ARM_CRB_FFA) int tpm_crb_ffa_init(void); -int tpm_crb_ffa_get_interface_version(u16 *major, u16 *minor); int tpm_crb_ffa_start(int request_type, int locality); #else static inline int tpm_crb_ffa_init(void) { return 0; } -static inline int tpm_crb_ffa_get_interface_version(u16 *major, u16 *minor) { return 0; } static inline int tpm_crb_ffa_start(int request_type, int locality) { return 0; } #endif -- 2.39.5

4 months, 2 weeks

3
4
0 0

Tulip 21142 panic on physical link disconnect

by Greg Chandler

This is a from-scratch build (non-vendor/non-distribution) Host/Target = alpha ev6 Kernel source = 6.12.12 My last working kernel on this was a 2.6.x, it's been a while since I've had time to bring this system up to date, so I don't know when this may have started. I had a 3.0.102 in there, but I didn't test the networking while using it. Please let me know what I can do to help out with figuring this one out. The kernel output: [ 0.692382] net eth0: Digital DS21142/43 Tulip rev 65 at MMIO 0xa120000, 08:00:2b:86:ab:b1, IRQ 29 [ 0.710937] net eth1: Digital DS21142/43 Tulip rev 65 at MMIO 0xa121000, 08:00:2b:86:a8:5b, IRQ 30 [ 0.989257] e1000 0000:00:10.0 eth2: (PCI:33MHz:64-bit) 00:02:b3:f3:e6:3d [ 0.990233] e1000 0000:00:10.0 eth2: Intel(R) PRO/1000 Network Connection [ 6.088864] tulip 0000:00:09.0 eth126: renamed from eth0 [ 6.103512] tulip 0000:00:09.0 rename_eth126: renamed from eth126 [ 6.164059] e1000 0000:00:10.0 eth124: renamed from eth2 [ 6.172848] e1000 0000:00:10.0 eth0: renamed from eth124 [ 6.207028] tulip 0000:00:09.0 eth2: renamed from rename_eth126 [ 18.957998] net eth2: Using user-specified media 10baseT-FDX [ 19.082021] net eth2: 21143 10baseT link beat good I attempted to set the interface to 100MB/FDX with mii-tool but didn't seem to be having any luck, so I disconnected the cord, and it dropped this immediately: [ 195.170798] ------------[ cut here ]------------ [ 195.170798] WARNING: CPU: 0 PID: 0 at kernel/time/timer.c:1657 __timer_delete_sync+0x104/0x120 [ 195.170798] Modules linked in: loop [ 195.170798] CPU: 0 UID: 0 PID: 0 Comm: swapper Not tainted 6.12.12 #4 [ 195.170798] fffffc0000c83ab0 fffffc0000388c94 fffffc0000326744 fffffc0000afbee8 [ 195.170798] 0000000000000000 fffffc0000388c94 fffffc00009e0d70 0000000000000000 [ 195.170798] fffffc0000afbee8 0000000000000679 fffffc0000388c94 0000000000000009 [ 195.170798] fffffc0000cf9100 0000000000000000 fffffc0000388c94 0000000000000000 [ 195.170798] fffffc00020e6000 fffffc00020e73d0 fffffffff0669000 fffffd000a120000 [ 195.170798] fffffc00007cff70 fffffc00024b5c00 0000000000000000 0000000000000122 [ 195.170798] Trace: [ 195.170798] [<fffffc0000388c94>] __timer_delete_sync+0x104/0x120 [ 195.170798] [<fffffc0000326744>] __warn+0x194/0x1a0 [ 195.170798] [<fffffc0000388c94>] __timer_delete_sync+0x104/0x120 [ 195.170798] [<fffffc00009e0d70>] warn_slowpath_fmt+0x84/0xf0 [ 195.170798] [<fffffc0000388c94>] __timer_delete_sync+0x104/0x120 [ 195.170798] [<fffffc0000388c94>] __timer_delete_sync+0x104/0x120 [ 195.170798] [<fffffc00007cff70>] usb_hcd_poll_rh_status+0x140/0x1a0 [ 195.170798] [<fffffc0000919a2c>] tcp_orphan_update+0x6c/0x90 [ 195.170798] [<fffffc000038be64>] timekeeping_update+0xd4/0x290 [ 195.170798] [<fffffc0000780fdc>] t21142_lnk_change+0x1bc/0x790 [ 195.170798] [<fffffc000077a890>] tulip_interrupt+0x280/0xac0 [ 195.170798] [<fffffc0000372b90>] __handle_irq_event_percpu+0x60/0x180 [ 195.170798] [<fffffc0000372d30>] handle_irq_event_percpu+0x80/0xa0 [ 195.170798] [<fffffc0000372d98>] handle_irq_event+0x48/0xe0 [ 195.170798] [<fffffc0000377af0>] handle_level_irq+0xc0/0x1f0 [ 195.170798] [<fffffc0000315300>] handle_irq+0x70/0xe0 [ 195.170798] [<fffffc000031d6c0>] dp264_srm_device_interrupt+0x30/0x50 [ 195.170798] [<fffffc00003153dc>] do_entInt+0x6c/0x1c0 [ 195.170798] [<fffffc0000310cc0>] ret_from_sys_call+0x0/0x10 [ 195.170798] [<fffffc000035c69c>] pick_task_fair+0x3c/0x100 [ 195.170798] [<fffffc000035d89c>] task_non_contending+0x6c/0x2a0 [ 195.170798] [<fffffc000035fc28>] do_idle+0x58/0x190 [ 195.170798] [<fffffc00009eda20>] cpu_idle_poll.isra.0+0x0/0x60 [ 195.170798] [<fffffc00009eda50>] cpu_idle_poll.isra.0+0x30/0x60 [ 195.170798] [<fffffc0000360058>] cpu_startup_entry+0x38/0x50 [ 195.170798] [<fffffc00009edbc8>] rest_init+0xe8/0xec [ 195.170798] [<fffffc000031001c>] _stext+0x1c/0x20 [ 195.170798] [<fffffc0000312460>] common_shutdown_1+0x0/0x150 [ 195.170798] ---[ end trace 0000000000000000 ]--- Kernel options that may be relevant: CONFIG_ALPHA_DP264=y CONFIG_NET_TULIP=y CONFIG_TULIP=y CONFIG_TULIP_MWI=y CONFIG_TULIP_MMIO=y CONFIG_TULIP_NAPI=y CONFIG_TULIP_NAPI_HW_MITIGATION=y Device info: root@bigbang:~# lspci -vvv |more 00:09.0 Ethernet controller: Digital Equipment Corporation DECchip 21142/43 (rev 41) Subsystem: Digital Equipment Corporation DE500B Fast Ethernet Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV+ VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx- Status: Cap- 66MHz- UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx- Latency: 255 (5000ns min, 10000ns max), Cache Line Size: 64 bytes Interrupt: pin A routed to IRQ 29 Region 0: I/O ports at 8400 [size=128] Region 1: Memory at 0a120000 (32-bit, non-prefetchable) [size=1K] Expansion ROM at 0a000000 [disabled] [size=256K] Kernel driver in use: tulip 00:0b.0 Ethernet controller: Digital Equipment Corporation DECchip 21142/43 (rev 41) Subsystem: Digital Equipment Corporation DE500B Fast Ethernet Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV+ VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx- Status: Cap- 66MHz- UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx- Latency: 255 (5000ns min, 10000ns max), Cache Line Size: 64 bytes Interrupt: pin A routed to IRQ 30 Region 0: I/O ports at 8480 [size=128] Region 1: Memory at 0a121000 (32-bit, non-prefetchable) [size=1K] Expansion ROM at 0a040000 [disabled] [size=256K] Kernel driver in use: tulip

4 months, 2 weeks

3
18
0 0

[PATCH] drm/vkms: Fix race-condition between the hrtimer and the atomic commit

by Pranav Tyagi

From: Maíra Canal <mcanal(a)igalia.com> [ Upstream commit a0e6a017ab56936c0405fe914a793b241ed25ee0 ] Currently, it is possible for the composer to be set as enabled and then as disabled without a proper call for the vkms_vblank_simulate(). This is problematic, because the driver would skip one CRC output, causing CRC tests to fail. Therefore, we need to make sure that, for each time the composer is set as enabled, a composer job is added to the queue. In order to provide this guarantee, add a mutex that will lock before the composer is set as enabled and will unlock only after the composer job is added to the queue. This way, we can have a guarantee that the driver won't skip a CRC entry. This race-condition is affecting the IGT test "writeback-check-output", making the test fail and also, leaking writeback framebuffers, as the writeback job is queued, but it is not signaled. This patch avoids both problems. [v2]: * Create a new mutex and keep the spinlock across the atomic commit in order to avoid interrupts that could result in deadlocks. [ Backport to 5.15: context cleanly applied with no semantic changes. Build-tested. ] Signed-off-by: Maíra Canal <mcanal(a)igalia.com> Reviewed-by: Arthur Grillo <arthurgrillo(a)riseup.net> Signed-off-by: Maíra Canal <mairacanal(a)riseup.net> Link: https://patchwork.freedesktop.org/patch/msgid/20230523123207.173976-1-mcana… Signed-off-by: Pranav Tyagi <pranav.tyagi03(a)gmail.com> --- drivers/gpu/drm/vkms/vkms_composer.c | 9 +++++++-- drivers/gpu/drm/vkms/vkms_crtc.c | 9 +++++---- drivers/gpu/drm/vkms/vkms_drv.h | 4 +++- 3 files changed, 15 insertions(+), 7 deletions(-) diff --git a/drivers/gpu/drm/vkms/vkms_composer.c b/drivers/gpu/drm/vkms/vkms_composer.c index 9e8204be9a14..77fced36af55 100644 --- a/drivers/gpu/drm/vkms/vkms_composer.c +++ b/drivers/gpu/drm/vkms/vkms_composer.c @@ -332,10 +332,15 @@ void vkms_set_composer(struct vkms_output *out, bool enabled) if (enabled) drm_crtc_vblank_get(&out->crtc); - spin_lock_irq(&out->lock); + mutex_lock(&out->enabled_lock); old_enabled = out->composer_enabled; out->composer_enabled = enabled; - spin_unlock_irq(&out->lock); + + /* the composition wasn't enabled, so unlock the lock to make sure the lock + * will be balanced even if we have a failed commit + */ + if (!out->composer_enabled) + mutex_unlock(&out->enabled_lock); if (old_enabled) drm_crtc_vblank_put(&out->crtc); diff --git a/drivers/gpu/drm/vkms/vkms_crtc.c b/drivers/gpu/drm/vkms/vkms_crtc.c index 57bbd32e9beb..1b02dee8587a 100644 --- a/drivers/gpu/drm/vkms/vkms_crtc.c +++ b/drivers/gpu/drm/vkms/vkms_crtc.c @@ -16,7 +16,7 @@ static enum hrtimer_restart vkms_vblank_simulate(struct hrtimer *timer) struct drm_crtc *crtc = &output->crtc; struct vkms_crtc_state *state; u64 ret_overrun; - bool ret, fence_cookie; + bool ret, fence_cookie, composer_enabled; fence_cookie = dma_fence_begin_signalling(); @@ -25,15 +25,15 @@ static enum hrtimer_restart vkms_vblank_simulate(struct hrtimer *timer) if (ret_overrun != 1) pr_warn("%s: vblank timer overrun\n", __func__); - spin_lock(&output->lock); ret = drm_crtc_handle_vblank(crtc); if (!ret) DRM_ERROR("vkms failure on handling vblank"); state = output->composer_state; - spin_unlock(&output->lock); + composer_enabled = output->composer_enabled; + mutex_unlock(&output->enabled_lock); - if (state && output->composer_enabled) { + if (state && composer_enabled) { u64 frame = drm_crtc_accurate_vblank_count(crtc); /* update frame_start only if a queued vkms_composer_worker() @@ -293,6 +293,7 @@ int vkms_crtc_init(struct drm_device *dev, struct drm_crtc *crtc, spin_lock_init(&vkms_out->lock); spin_lock_init(&vkms_out->composer_lock); + mutex_init(&vkms_out->enabled_lock); vkms_out->composer_workq = alloc_ordered_workqueue("vkms_composer", 0); if (!vkms_out->composer_workq) diff --git a/drivers/gpu/drm/vkms/vkms_drv.h b/drivers/gpu/drm/vkms/vkms_drv.h index d48c23d40ce5..666997e2bcab 100644 --- a/drivers/gpu/drm/vkms/vkms_drv.h +++ b/drivers/gpu/drm/vkms/vkms_drv.h @@ -83,8 +83,10 @@ struct vkms_output { struct workqueue_struct *composer_workq; /* protects concurrent access to composer */ spinlock_t lock; + /* guarantees that if the composer is enabled, a job will be queued */ + struct mutex enabled_lock; - /* protected by @lock */ + /* protected by @enabled_lock */ bool composer_enabled; struct vkms_crtc_state *composer_state; -- 2.49.0

4 months, 2 weeks

4
5
0 0

[tip: x86/urgent] x86/traps: Initialize DR7 by writing its architectural reset value

by tip-bot2 for Xin Li (Intel)

The following commit has been merged into the x86/urgent branch of tip: Commit-ID: fa7d0f83c5c4223a01598876352473cb3d3bd4d7 Gitweb: https://git.kernel.org/tip/fa7d0f83c5c4223a01598876352473cb3d3bd4d7 Author: Xin Li (Intel) <xin(a)zytor.com> AuthorDate: Fri, 20 Jun 2025 16:15:04 -07:00 Committer: Dave Hansen <dave.hansen(a)linux.intel.com> CommitterDate: Tue, 24 Jun 2025 13:15:52 -07:00 x86/traps: Initialize DR7 by writing its architectural reset value Initialize DR7 by writing its architectural reset value to always set bit 10, which is reserved to '1', when "clearing" DR7 so as not to trigger unanticipated behavior if said bit is ever unreserved, e.g. as a feature enabling flag with inverted polarity. Signed-off-by: Xin Li (Intel) <xin(a)zytor.com> Signed-off-by: Dave Hansen <dave.hansen(a)linux.intel.com> Reviewed-by: H. Peter Anvin (Intel) <hpa(a)zytor.com> Reviewed-by: Sohil Mehta <sohil.mehta(a)intel.com> Acked-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Acked-by: Sean Christopherson <seanjc(a)google.com> Tested-by: Sohil Mehta <sohil.mehta(a)intel.com> Cc:stable@vger.kernel.org Link: https://lore.kernel.org/all/20250620231504.2676902-3-xin%40zytor.com --- arch/x86/include/asm/debugreg.h | 19 +++++++++++++++---- arch/x86/include/asm/kvm_host.h | 2 +- arch/x86/kernel/cpu/common.c | 2 +- arch/x86/kernel/kgdb.c | 2 +- arch/x86/kernel/process_32.c | 2 +- arch/x86/kernel/process_64.c | 2 +- arch/x86/kvm/x86.c | 4 ++-- 7 files changed, 22 insertions(+), 11 deletions(-) diff --git a/arch/x86/include/asm/debugreg.h b/arch/x86/include/asm/debugreg.h index 363110e..a2c1f2d 100644 --- a/arch/x86/include/asm/debugreg.h +++ b/arch/x86/include/asm/debugreg.h @@ -9,6 +9,14 @@ #include <asm/cpufeature.h> #include <asm/msr.h> +/* + * Define bits that are always set to 1 in DR7, only bit 10 is + * architecturally reserved to '1'. + * + * This is also the init/reset value for DR7. + */ +#define DR7_FIXED_1 0x00000400 + DECLARE_PER_CPU(unsigned long, cpu_dr7); #ifndef CONFIG_PARAVIRT_XXL @@ -100,8 +108,8 @@ static __always_inline void native_set_debugreg(int regno, unsigned long value) static inline void hw_breakpoint_disable(void) { - /* Zero the control register for HW Breakpoint */ - set_debugreg(0UL, 7); + /* Reset the control register for HW Breakpoint */ + set_debugreg(DR7_FIXED_1, 7); /* Zero-out the individual HW breakpoint address registers */ set_debugreg(0UL, 0); @@ -125,9 +133,12 @@ static __always_inline unsigned long local_db_save(void) return 0; get_debugreg(dr7, 7); - dr7 &= ~0x400; /* architecturally set bit */ + + /* Architecturally set bit */ + dr7 &= ~DR7_FIXED_1; if (dr7) - set_debugreg(0, 7); + set_debugreg(DR7_FIXED_1, 7); + /* * Ensure the compiler doesn't lower the above statements into * the critical section; disabling breakpoints late would not diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index b4a3919..639d9bc 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -31,6 +31,7 @@ #include <asm/apic.h> #include <asm/pvclock-abi.h> +#include <asm/debugreg.h> #include <asm/desc.h> #include <asm/mtrr.h> #include <asm/msr-index.h> @@ -249,7 +250,6 @@ enum x86_intercept_stage; #define DR7_BP_EN_MASK 0x000000ff #define DR7_GE (1 << 9) #define DR7_GD (1 << 13) -#define DR7_FIXED_1 0x00000400 #define DR7_VOLATILE 0xffff2bff #define KVM_GUESTDBG_VALID_MASK \ diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c index 0f6c280..27125e0 100644 --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -2246,7 +2246,7 @@ EXPORT_PER_CPU_SYMBOL(__stack_chk_guard); static void initialize_debug_regs(void) { /* Control register first -- to make sure everything is disabled. */ - set_debugreg(0, 7); + set_debugreg(DR7_FIXED_1, 7); set_debugreg(DR6_RESERVED, 6); /* dr5 and dr4 don't exist */ set_debugreg(0, 3); diff --git a/arch/x86/kernel/kgdb.c b/arch/x86/kernel/kgdb.c index 102641f..8b1a973 100644 --- a/arch/x86/kernel/kgdb.c +++ b/arch/x86/kernel/kgdb.c @@ -385,7 +385,7 @@ static void kgdb_disable_hw_debug(struct pt_regs *regs) struct perf_event *bp; /* Disable hardware debugging while we are in kgdb: */ - set_debugreg(0UL, 7); + set_debugreg(DR7_FIXED_1, 7); for (i = 0; i < HBP_NUM; i++) { if (!breakinfo[i].enabled) continue; diff --git a/arch/x86/kernel/process_32.c b/arch/x86/kernel/process_32.c index a10e180..3ef15c2 100644 --- a/arch/x86/kernel/process_32.c +++ b/arch/x86/kernel/process_32.c @@ -93,7 +93,7 @@ void __show_regs(struct pt_regs *regs, enum show_regs_mode mode, /* Only print out debug registers if they are in their non-default state. */ if ((d0 == 0) && (d1 == 0) && (d2 == 0) && (d3 == 0) && - (d6 == DR6_RESERVED) && (d7 == 0x400)) + (d6 == DR6_RESERVED) && (d7 == DR7_FIXED_1)) return; printk("%sDR0: %08lx DR1: %08lx DR2: %08lx DR3: %08lx\n", diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c index 8d6cf25..b972bf7 100644 --- a/arch/x86/kernel/process_64.c +++ b/arch/x86/kernel/process_64.c @@ -133,7 +133,7 @@ void __show_regs(struct pt_regs *regs, enum show_regs_mode mode, /* Only print out debug registers if they are in their non-default state. */ if (!((d0 == 0) && (d1 == 0) && (d2 == 0) && (d3 == 0) && - (d6 == DR6_RESERVED) && (d7 == 0x400))) { + (d6 == DR6_RESERVED) && (d7 == DR7_FIXED_1))) { printk("%sDR0: %016lx DR1: %016lx DR2: %016lx\n", log_lvl, d0, d1, d2); printk("%sDR3: %016lx DR6: %016lx DR7: %016lx\n", diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index b58a74c..a9d992d 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -11035,7 +11035,7 @@ static int vcpu_enter_guest(struct kvm_vcpu *vcpu) if (unlikely(vcpu->arch.switch_db_regs && !(vcpu->arch.switch_db_regs & KVM_DEBUGREG_AUTO_SWITCH))) { - set_debugreg(0, 7); + set_debugreg(DR7_FIXED_1, 7); set_debugreg(vcpu->arch.eff_db[0], 0); set_debugreg(vcpu->arch.eff_db[1], 1); set_debugreg(vcpu->arch.eff_db[2], 2); @@ -11044,7 +11044,7 @@ static int vcpu_enter_guest(struct kvm_vcpu *vcpu) if (unlikely(vcpu->arch.switch_db_regs & KVM_DEBUGREG_WONT_EXIT)) kvm_x86_call(set_dr6)(vcpu, vcpu->arch.dr6); } else if (unlikely(hw_breakpoint_active())) { - set_debugreg(0, 7); + set_debugreg(DR7_FIXED_1, 7); } vcpu->arch.host_debugctl = get_debugctlmsr();

4 months, 2 weeks

3
3
0 0

[PATCH v2] Bluetooth: HCI: Set extended advertising data synchronously

by Christian Eggers

Currently, for controllers with extended advertising, the advertising data is set in the asynchronous response handler for extended adverstising params. As most advertising settings are performed in a synchronous context, the (asynchronous) setting of the advertising data is done too late (after enabling the advertising). Move setting of adverstising data from asynchronous response handler into synchronous context to fix ordering of HCI commands. Signed-off-by: Christian Eggers <ceggers(a)arri.de> Fixes: a0fb3726ba55 ("Bluetooth: Use Set ext adv/scan rsp data if controller supports") Cc: stable(a)vger.kernel.org v1: https://lore.kernel.org/linux-bluetooth/20250625130510.18382-1-ceggers@arri… --- v2: convert setting of adv data into synchronous context (rather than moving more methods into asynchronous response handlers). - hci_set_ext_adv_params_sync: new method - hci_set_ext_adv_data_sync: move within source file (no changes) - hci_set_adv_data_sync: dito - hci_update_adv_data_sync: dito - hci_cc_set_ext_adv_param: remove (performed synchronously now) On Wednesday, 25 June 2025, 15:26:58 CEST, Luiz Augusto von Dentz wrote: > That said for the likes of MGMT_OP_ADD_EXT_ADV_DATA you will still > need to detect if the instance has already been enabled then do > disable/re-enable logic if the quirk is set. The critical opcode (HCI_OP_LE_SET_EXT_ADV_DATA) is only used in hci_set_ext_adv_data_sync(). Two of the callers already ensure that the advertising instance is disabled, so only hci_update_adv_data_sync() may need a quirk. I suggest doing this in a separate patch. regards, Christian net/bluetooth/hci_event.c | 36 ------- net/bluetooth/hci_sync.c | 209 ++++++++++++++++++++++++-------------- 2 files changed, 132 insertions(+), 113 deletions(-) diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c index 66052d6aaa1d..4d5ace9d245d 100644 --- a/net/bluetooth/hci_event.c +++ b/net/bluetooth/hci_event.c @@ -2150,40 +2150,6 @@ static u8 hci_cc_set_adv_param(struct hci_dev *hdev, void *data, return rp->status; } -static u8 hci_cc_set_ext_adv_param(struct hci_dev *hdev, void *data, - struct sk_buff *skb) -{ - struct hci_rp_le_set_ext_adv_params *rp = data; - struct hci_cp_le_set_ext_adv_params *cp; - struct adv_info *adv_instance; - - bt_dev_dbg(hdev, "status 0x%2.2x", rp->status); - - if (rp->status) - return rp->status; - - cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_EXT_ADV_PARAMS); - if (!cp) - return rp->status; - - hci_dev_lock(hdev); - hdev->adv_addr_type = cp->own_addr_type; - if (!cp->handle) { - /* Store in hdev for instance 0 */ - hdev->adv_tx_power = rp->tx_power; - } else { - adv_instance = hci_find_adv_instance(hdev, cp->handle); - if (adv_instance) - adv_instance->tx_power = rp->tx_power; - } - /* Update adv data as tx power is known now */ - hci_update_adv_data(hdev, cp->handle); - - hci_dev_unlock(hdev); - - return rp->status; -} - static u8 hci_cc_read_rssi(struct hci_dev *hdev, void *data, struct sk_buff *skb) { @@ -4164,8 +4130,6 @@ static const struct hci_cc { HCI_CC(HCI_OP_LE_READ_NUM_SUPPORTED_ADV_SETS, hci_cc_le_read_num_adv_sets, sizeof(struct hci_rp_le_read_num_supported_adv_sets)), - HCI_CC(HCI_OP_LE_SET_EXT_ADV_PARAMS, hci_cc_set_ext_adv_param, - sizeof(struct hci_rp_le_set_ext_adv_params)), HCI_CC_STATUS(HCI_OP_LE_SET_EXT_ADV_ENABLE, hci_cc_le_set_ext_adv_enable), HCI_CC_STATUS(HCI_OP_LE_SET_ADV_SET_RAND_ADDR, diff --git a/net/bluetooth/hci_sync.c b/net/bluetooth/hci_sync.c index 1f8806dfa556..2a09b2cb983e 100644 --- a/net/bluetooth/hci_sync.c +++ b/net/bluetooth/hci_sync.c @@ -1205,9 +1205,116 @@ static int hci_set_adv_set_random_addr_sync(struct hci_dev *hdev, u8 instance, sizeof(cp), &cp, HCI_CMD_TIMEOUT); } +static int +hci_set_ext_adv_params_sync(struct hci_dev *hdev, + const struct hci_cp_le_set_ext_adv_params *cp, + struct hci_rp_le_set_ext_adv_params *rp) +{ + struct sk_buff *skb; + + skb = __hci_cmd_sync(hdev, HCI_OP_LE_SET_EXT_ADV_PARAMS, sizeof(*cp), + cp, HCI_CMD_TIMEOUT); + + /* If command return a status event, skb will be set to -ENODATA */ + if (skb == ERR_PTR(-ENODATA)) + return 0; + + if (IS_ERR(skb)) { + bt_dev_err(hdev, "Opcode 0x%4.4x failed: %ld", + HCI_OP_LE_SET_EXT_ADV_PARAMS, PTR_ERR(skb)); + return PTR_ERR(skb); + } + + if (skb->len != sizeof(*rp)) { + bt_dev_err(hdev, "Invalid response length for " + "HCI_OP_LE_SET_EXT_ADV_PARAMS: %u", skb->len); + kfree_skb(skb); + return -EIO; + } + + memcpy(rp, skb->data, sizeof(*rp)); + kfree_skb(skb); + + return rp->status; +} + +static int hci_set_ext_adv_data_sync(struct hci_dev *hdev, u8 instance) +{ + DEFINE_FLEX(struct hci_cp_le_set_ext_adv_data, pdu, data, length, + HCI_MAX_EXT_AD_LENGTH); + u8 len; + struct adv_info *adv = NULL; + int err; + + if (instance) { + adv = hci_find_adv_instance(hdev, instance); + if (!adv || !adv->adv_data_changed) + return 0; + } + + len = eir_create_adv_data(hdev, instance, pdu->data, + HCI_MAX_EXT_AD_LENGTH); + + pdu->length = len; + pdu->handle = adv ? adv->handle : instance; + pdu->operation = LE_SET_ADV_DATA_OP_COMPLETE; + pdu->frag_pref = LE_SET_ADV_DATA_NO_FRAG; + + err = __hci_cmd_sync_status(hdev, HCI_OP_LE_SET_EXT_ADV_DATA, + struct_size(pdu, data, len), pdu, + HCI_CMD_TIMEOUT); + if (err) + return err; + + /* Update data if the command succeed */ + if (adv) { + adv->adv_data_changed = false; + } else { + memcpy(hdev->adv_data, pdu->data, len); + hdev->adv_data_len = len; + } + + return 0; +} + +static int hci_set_adv_data_sync(struct hci_dev *hdev, u8 instance) +{ + struct hci_cp_le_set_adv_data cp; + u8 len; + + memset(&cp, 0, sizeof(cp)); + + len = eir_create_adv_data(hdev, instance, cp.data, sizeof(cp.data)); + + /* There's nothing to do if the data hasn't changed */ + if (hdev->adv_data_len == len && + memcmp(cp.data, hdev->adv_data, len) == 0) + return 0; + + memcpy(hdev->adv_data, cp.data, sizeof(cp.data)); + hdev->adv_data_len = len; + + cp.length = len; + + return __hci_cmd_sync_status(hdev, HCI_OP_LE_SET_ADV_DATA, + sizeof(cp), &cp, HCI_CMD_TIMEOUT); +} + +int hci_update_adv_data_sync(struct hci_dev *hdev, u8 instance) +{ + if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED)) + return 0; + + if (ext_adv_capable(hdev)) + return hci_set_ext_adv_data_sync(hdev, instance); + + return hci_set_adv_data_sync(hdev, instance); +} + int hci_setup_ext_adv_instance_sync(struct hci_dev *hdev, u8 instance) { struct hci_cp_le_set_ext_adv_params cp; + struct hci_rp_le_set_ext_adv_params rp; bool connectable; u32 flags; bdaddr_t random_addr; @@ -1316,8 +1423,20 @@ int hci_setup_ext_adv_instance_sync(struct hci_dev *hdev, u8 instance) cp.secondary_phy = HCI_ADV_PHY_1M; } - err = __hci_cmd_sync_status(hdev, HCI_OP_LE_SET_EXT_ADV_PARAMS, - sizeof(cp), &cp, HCI_CMD_TIMEOUT); + err = hci_set_ext_adv_params_sync(hdev, &cp, &rp); + if (err) + return err; + + hdev->adv_addr_type = own_addr_type; + if (!cp.handle) { + /* Store in hdev for instance 0 */ + hdev->adv_tx_power = rp.tx_power; + } else if (adv) { + adv->tx_power = rp.tx_power; + } + + /* Update adv data as tx power is known now */ + err = hci_set_ext_adv_data_sync(hdev, cp.handle); if (err) return err; @@ -1822,79 +1941,6 @@ int hci_le_terminate_big_sync(struct hci_dev *hdev, u8 handle, u8 reason) sizeof(cp), &cp, HCI_CMD_TIMEOUT); } -static int hci_set_ext_adv_data_sync(struct hci_dev *hdev, u8 instance) -{ - DEFINE_FLEX(struct hci_cp_le_set_ext_adv_data, pdu, data, length, - HCI_MAX_EXT_AD_LENGTH); - u8 len; - struct adv_info *adv = NULL; - int err; - - if (instance) { - adv = hci_find_adv_instance(hdev, instance); - if (!adv || !adv->adv_data_changed) - return 0; - } - - len = eir_create_adv_data(hdev, instance, pdu->data, - HCI_MAX_EXT_AD_LENGTH); - - pdu->length = len; - pdu->handle = adv ? adv->handle : instance; - pdu->operation = LE_SET_ADV_DATA_OP_COMPLETE; - pdu->frag_pref = LE_SET_ADV_DATA_NO_FRAG; - - err = __hci_cmd_sync_status(hdev, HCI_OP_LE_SET_EXT_ADV_DATA, - struct_size(pdu, data, len), pdu, - HCI_CMD_TIMEOUT); - if (err) - return err; - - /* Update data if the command succeed */ - if (adv) { - adv->adv_data_changed = false; - } else { - memcpy(hdev->adv_data, pdu->data, len); - hdev->adv_data_len = len; - } - - return 0; -} - -static int hci_set_adv_data_sync(struct hci_dev *hdev, u8 instance) -{ - struct hci_cp_le_set_adv_data cp; - u8 len; - - memset(&cp, 0, sizeof(cp)); - - len = eir_create_adv_data(hdev, instance, cp.data, sizeof(cp.data)); - - /* There's nothing to do if the data hasn't changed */ - if (hdev->adv_data_len == len && - memcmp(cp.data, hdev->adv_data, len) == 0) - return 0; - - memcpy(hdev->adv_data, cp.data, sizeof(cp.data)); - hdev->adv_data_len = len; - - cp.length = len; - - return __hci_cmd_sync_status(hdev, HCI_OP_LE_SET_ADV_DATA, - sizeof(cp), &cp, HCI_CMD_TIMEOUT); -} - -int hci_update_adv_data_sync(struct hci_dev *hdev, u8 instance) -{ - if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED)) - return 0; - - if (ext_adv_capable(hdev)) - return hci_set_ext_adv_data_sync(hdev, instance); - - return hci_set_adv_data_sync(hdev, instance); -} - int hci_schedule_adv_instance_sync(struct hci_dev *hdev, u8 instance, bool force) { @@ -6269,6 +6315,7 @@ static int hci_le_ext_directed_advertising_sync(struct hci_dev *hdev, struct hci_conn *conn) { struct hci_cp_le_set_ext_adv_params cp; + struct hci_rp_le_set_ext_adv_params rp; int err; bdaddr_t random_addr; u8 own_addr_type; @@ -6310,8 +6357,16 @@ static int hci_le_ext_directed_advertising_sync(struct hci_dev *hdev, if (err) return err; - err = __hci_cmd_sync_status(hdev, HCI_OP_LE_SET_EXT_ADV_PARAMS, - sizeof(cp), &cp, HCI_CMD_TIMEOUT); + err = hci_set_ext_adv_params_sync(hdev, &cp, &rp); + if (err) + return err; + + hdev->adv_addr_type = own_addr_type; + /* Store in hdev for instance 0 */ + hdev->adv_tx_power = rp.tx_power; + + /* Update adv data as tx power is known now */ + err = hci_set_ext_adv_data_sync(hdev, cp.handle); if (err) return err; -- 2.44.1

4 months, 2 weeks

2
1
0 0

[PATCH v2] usb: hub: fix detection of high tier USB3 devices behind suspended hubs

by Mathias Nyman

USB3 devices connected behind several external suspended hubs may not be detected when plugged in due to aggressive hub runtime pm suspend. The hub driver immediately runtime-suspends hubs if there are no active children or port activity. There is a delay between the wake signal causing hub resume, and driver visible port activity on the hub downstream facing ports. Most of the LFPS handshake, resume signaling and link training done on the downstream ports is not visible to the hub driver until completed, when device then will appear fully enabled and running on the port. This delay between wake signal and detectable port change is even more significant with chained suspended hubs where the wake signal will propagate upstream first. Suspended hubs will only start resuming downstream ports after upstream facing port resumes. The hub driver may resume a USB3 hub, read status of all ports, not yet see any activity, and runtime suspend back the hub before any port activity is visible. This exact case was seen when conncting USB3 devices to a suspended Thunderbolt dock. USB3 specification defines a 100ms tU3WakeupRetryDelay, indicating USB3 devices expect to be resumed within 100ms after signaling wake. if not then device will resend the wake signal. Give the USB3 hubs twice this time (200ms) to detect any port changes after resume, before allowing hub to runtime suspend again. Cc: stable(a)vger.kernel.org Fixes: 2839f5bcfcfc ("USB: Turn on auto-suspend for USB 3.0 hubs.") Acked-by: Alan Stern <stern(a)rowland.harvard.edu> Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com> --- v2 changes - Update commit in Fixes tag - Add Ack from Alan Stern drivers/usb/core/hub.c | 33 ++++++++++++++++++++++++++++++++- 1 file changed, 32 insertions(+), 1 deletion(-) diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c index 770d1e91183c..5c12dfdef569 100644 --- a/drivers/usb/core/hub.c +++ b/drivers/usb/core/hub.c @@ -68,6 +68,12 @@ */ #define USB_SHORT_SET_ADDRESS_REQ_TIMEOUT 500 /* ms */ +/* + * Give SS hubs 200ms time after wake to train downstream links before + * assuming no port activity and allowing hub to runtime suspend back. + */ +#define USB_SS_PORT_U0_WAKE_TIME 200 /* ms */ + /* Protect struct usb_device->state and ->children members * Note: Both are also protected by ->dev.sem, except that ->state can * change to USB_STATE_NOTATTACHED even when the semaphore isn't held. */ @@ -1068,11 +1074,12 @@ int usb_remove_device(struct usb_device *udev) enum hub_activation_type { HUB_INIT, HUB_INIT2, HUB_INIT3, /* INITs must come first */ - HUB_POST_RESET, HUB_RESUME, HUB_RESET_RESUME, + HUB_POST_RESET, HUB_RESUME, HUB_RESET_RESUME, HUB_POST_RESUME, }; static void hub_init_func2(struct work_struct *ws); static void hub_init_func3(struct work_struct *ws); +static void hub_post_resume(struct work_struct *ws); static void hub_activate(struct usb_hub *hub, enum hub_activation_type type) { @@ -1095,6 +1102,13 @@ static void hub_activate(struct usb_hub *hub, enum hub_activation_type type) goto init2; goto init3; } + + if (type == HUB_POST_RESUME) { + usb_autopm_put_interface_async(to_usb_interface(hub->intfdev)); + hub_put(hub); + return; + } + hub_get(hub); /* The superspeed hub except for root hub has to use Hub Depth @@ -1343,6 +1357,16 @@ static void hub_activate(struct usb_hub *hub, enum hub_activation_type type) device_unlock(&hdev->dev); } + if (type == HUB_RESUME && hub_is_superspeed(hub->hdev)) { + /* give usb3 downstream links training time after hub resume */ + INIT_DELAYED_WORK(&hub->init_work, hub_post_resume); + queue_delayed_work(system_power_efficient_wq, &hub->init_work, + msecs_to_jiffies(USB_SS_PORT_U0_WAKE_TIME)); + usb_autopm_get_interface_no_resume( + to_usb_interface(hub->intfdev)); + return; + } + hub_put(hub); } @@ -1361,6 +1385,13 @@ static void hub_init_func3(struct work_struct *ws) hub_activate(hub, HUB_INIT3); } +static void hub_post_resume(struct work_struct *ws) +{ + struct usb_hub *hub = container_of(ws, struct usb_hub, init_work.work); + + hub_activate(hub, HUB_POST_RESUME); +} + enum hub_quiescing_type { HUB_DISCONNECT, HUB_PRE_RESET, HUB_SUSPEND }; -- 2.43.0

4 months, 2 weeks

3
8
0 0