- Linux-stable-mirror - lists.linaro.org

FAILED: patch "[PATCH] arm64: dts: rockchip: Fix broken tsadc pinctrl names for" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 5c8f9a05336cf5cadbd57ad461621b386aadb762 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025022450-tarmac-submerge-26bd@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 5c8f9a05336cf5cadbd57ad461621b386aadb762 Mon Sep 17 00:00:00 2001 From: Alexander Shiyan <eagle.alexander923(a)gmail.com> Date: Thu, 30 Jan 2025 08:38:49 +0300 Subject: [PATCH] arm64: dts: rockchip: Fix broken tsadc pinctrl names for rk3588 The tsadc driver does not handle pinctrl "gpio" and "otpout". Let's use the correct pinctrl names "default" and "sleep". Additionally, Alexey Charkov's testing [1] has established that it is necessary for pinctrl state to reference the &tsadc_shut_org configuration rather than &tsadc_shut for the driver to function correctly. [1] https://lkml.org/lkml/2025/1/24/966 Fixes: 32641b8ab1a5 ("arm64: dts: rockchip: add rk3588 thermal sensor") Cc: stable(a)vger.kernel.org Reviewed-by: Dragan Simic <dsimic(a)manjaro.org> Signed-off-by: Alexander Shiyan <eagle.alexander923(a)gmail.com> Link: https://lore.kernel.org/r/20250130053849.4902-1-eagle.alexander923@gmail.com Signed-off-by: Heiko Stuebner <heiko(a)sntech.de> diff --git a/arch/arm64/boot/dts/rockchip/rk3588-base.dtsi b/arch/arm64/boot/dts/rockchip/rk3588-base.dtsi index 8cfa30837ce7..978de506d434 100644 --- a/arch/arm64/boot/dts/rockchip/rk3588-base.dtsi +++ b/arch/arm64/boot/dts/rockchip/rk3588-base.dtsi @@ -2668,9 +2668,9 @@ tsadc: tsadc@fec00000 { rockchip,hw-tshut-temp = <120000>; rockchip,hw-tshut-mode = <0>; /* tshut mode 0:CRU 1:GPIO */ rockchip,hw-tshut-polarity = <0>; /* tshut polarity 0:LOW 1:HIGH */ - pinctrl-0 = <&tsadc_gpio_func>; - pinctrl-1 = <&tsadc_shut>; - pinctrl-names = "gpio", "otpout"; + pinctrl-0 = <&tsadc_shut_org>; + pinctrl-1 = <&tsadc_gpio_func>; + pinctrl-names = "default", "sleep"; #thermal-sensor-cells = <1>; status = "disabled"; };

4 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] mm/migrate_device: don't add folio to be freed to LRU in" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 41cddf83d8b00f29fd105e7a0777366edc69a5cf # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025022407-amplifier-catnip-6e14@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 41cddf83d8b00f29fd105e7a0777366edc69a5cf Mon Sep 17 00:00:00 2001 From: David Hildenbrand <david(a)redhat.com> Date: Mon, 10 Feb 2025 17:13:17 +0100 Subject: [PATCH] mm/migrate_device: don't add folio to be freed to LRU in migrate_device_finalize() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit If migration succeeded, we called folio_migrate_flags()->mem_cgroup_migrate() to migrate the memcg from the old to the new folio. This will set memcg_data of the old folio to 0. Similarly, if migration failed, memcg_data of the dst folio is left unset. If we call folio_putback_lru() on such folios (memcg_data == 0), we will add the folio to be freed to the LRU, making memcg code unhappy. Running the hmm selftests: # ./hmm-tests ... # RUN hmm.hmm_device_private.migrate ... [ 102.078007][T14893] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x7ff27d200 pfn:0x13cc00 [ 102.079974][T14893] anon flags: 0x17ff00000020018(uptodate|dirty|swapbacked|node=0|zone=2|lastcpupid=0x7ff) [ 102.082037][T14893] raw: 017ff00000020018 dead000000000100 dead000000000122 ffff8881353896c9 [ 102.083687][T14893] raw: 00000007ff27d200 0000000000000000 00000001ffffffff 0000000000000000 [ 102.085331][T14893] page dumped because: VM_WARN_ON_ONCE_FOLIO(!memcg && !mem_cgroup_disabled()) [ 102.087230][T14893] ------------[ cut here ]------------ [ 102.088279][T14893] WARNING: CPU: 0 PID: 14893 at ./include/linux/memcontrol.h:726 folio_lruvec_lock_irqsave+0x10e/0x170 [ 102.090478][T14893] Modules linked in: [ 102.091244][T14893] CPU: 0 UID: 0 PID: 14893 Comm: hmm-tests Not tainted 6.13.0-09623-g6c216bc522fd #151 [ 102.093089][T14893] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 04/01/2014 [ 102.094848][T14893] RIP: 0010:folio_lruvec_lock_irqsave+0x10e/0x170 [ 102.096104][T14893] Code: ... [ 102.099908][T14893] RSP: 0018:ffffc900236c37b0 EFLAGS: 00010293 [ 102.101152][T14893] RAX: 0000000000000000 RBX: ffffea0004f30000 RCX: ffffffff8183f426 [ 102.102684][T14893] RDX: ffff8881063cb880 RSI: ffffffff81b8117f RDI: ffff8881063cb880 [ 102.104227][T14893] RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000000 [ 102.105757][T14893] R10: 0000000000000001 R11: 0000000000000002 R12: ffffc900236c37d8 [ 102.107296][T14893] R13: ffff888277a2bcb0 R14: 000000000000001f R15: 0000000000000000 [ 102.108830][T14893] FS: 00007ff27dbdd740(0000) GS:ffff888277a00000(0000) knlGS:0000000000000000 [ 102.110643][T14893] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 102.111924][T14893] CR2: 00007ff27d400000 CR3: 000000010866e000 CR4: 0000000000750ef0 [ 102.113478][T14893] PKRU: 55555554 [ 102.114172][T14893] Call Trace: [ 102.114805][T14893] <TASK> [ 102.115397][T14893] ? folio_lruvec_lock_irqsave+0x10e/0x170 [ 102.116547][T14893] ? __warn.cold+0x110/0x210 [ 102.117461][T14893] ? folio_lruvec_lock_irqsave+0x10e/0x170 [ 102.118667][T14893] ? report_bug+0x1b9/0x320 [ 102.119571][T14893] ? handle_bug+0x54/0x90 [ 102.120494][T14893] ? exc_invalid_op+0x17/0x50 [ 102.121433][T14893] ? asm_exc_invalid_op+0x1a/0x20 [ 102.122435][T14893] ? __wake_up_klogd.part.0+0x76/0xd0 [ 102.123506][T14893] ? dump_page+0x4f/0x60 [ 102.124352][T14893] ? folio_lruvec_lock_irqsave+0x10e/0x170 [ 102.125500][T14893] folio_batch_move_lru+0xd4/0x200 [ 102.126577][T14893] ? __pfx_lru_add+0x10/0x10 [ 102.127505][T14893] __folio_batch_add_and_move+0x391/0x720 [ 102.128633][T14893] ? __pfx_lru_add+0x10/0x10 [ 102.129550][T14893] folio_putback_lru+0x16/0x80 [ 102.130564][T14893] migrate_device_finalize+0x9b/0x530 [ 102.131640][T14893] dmirror_migrate_to_device.constprop.0+0x7c5/0xad0 [ 102.133047][T14893] dmirror_fops_unlocked_ioctl+0x89b/0xc80 Likely, nothing else goes wrong: putting the last folio reference will remove the folio from the LRU again. So besides memcg complaining, adding the folio to be freed to the LRU is just an unnecessary step. The new flow resembles what we have in migrate_folio_move(): add the dst to the lru, remove migration ptes, unlock and unref dst. Link: https://lkml.kernel.org/r/20250210161317.717936-1-david@redhat.com Fixes: 8763cb45ab96 ("mm/migrate: new memory migration helper for use with device memory") Signed-off-by: David Hildenbrand <david(a)redhat.com> Cc: Jérôme Glisse <jglisse(a)redhat.com> Cc: John Hubbard <jhubbard(a)nvidia.com> Cc: Alistair Popple <apopple(a)nvidia.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/migrate_device.c b/mm/migrate_device.c index 9cf26592ac93..5bd888223cc8 100644 --- a/mm/migrate_device.c +++ b/mm/migrate_device.c @@ -840,20 +840,15 @@ void migrate_device_finalize(unsigned long *src_pfns, dst = src; } + if (!folio_is_zone_device(dst)) + folio_add_lru(dst); remove_migration_ptes(src, dst, 0); folio_unlock(src); - - if (folio_is_zone_device(src)) - folio_put(src); - else - folio_putback_lru(src); + folio_put(src); if (dst != src) { folio_unlock(dst); - if (folio_is_zone_device(dst)) - folio_put(dst); - else - folio_putback_lru(dst); + folio_put(dst); } } }

4 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] mm/migrate_device: don't add folio to be freed to LRU in" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 41cddf83d8b00f29fd105e7a0777366edc69a5cf # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025022405-surpass-stipend-ca02@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 41cddf83d8b00f29fd105e7a0777366edc69a5cf Mon Sep 17 00:00:00 2001 From: David Hildenbrand <david(a)redhat.com> Date: Mon, 10 Feb 2025 17:13:17 +0100 Subject: [PATCH] mm/migrate_device: don't add folio to be freed to LRU in migrate_device_finalize() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit If migration succeeded, we called folio_migrate_flags()->mem_cgroup_migrate() to migrate the memcg from the old to the new folio. This will set memcg_data of the old folio to 0. Similarly, if migration failed, memcg_data of the dst folio is left unset. If we call folio_putback_lru() on such folios (memcg_data == 0), we will add the folio to be freed to the LRU, making memcg code unhappy. Running the hmm selftests: # ./hmm-tests ... # RUN hmm.hmm_device_private.migrate ... [ 102.078007][T14893] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x7ff27d200 pfn:0x13cc00 [ 102.079974][T14893] anon flags: 0x17ff00000020018(uptodate|dirty|swapbacked|node=0|zone=2|lastcpupid=0x7ff) [ 102.082037][T14893] raw: 017ff00000020018 dead000000000100 dead000000000122 ffff8881353896c9 [ 102.083687][T14893] raw: 00000007ff27d200 0000000000000000 00000001ffffffff 0000000000000000 [ 102.085331][T14893] page dumped because: VM_WARN_ON_ONCE_FOLIO(!memcg && !mem_cgroup_disabled()) [ 102.087230][T14893] ------------[ cut here ]------------ [ 102.088279][T14893] WARNING: CPU: 0 PID: 14893 at ./include/linux/memcontrol.h:726 folio_lruvec_lock_irqsave+0x10e/0x170 [ 102.090478][T14893] Modules linked in: [ 102.091244][T14893] CPU: 0 UID: 0 PID: 14893 Comm: hmm-tests Not tainted 6.13.0-09623-g6c216bc522fd #151 [ 102.093089][T14893] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 04/01/2014 [ 102.094848][T14893] RIP: 0010:folio_lruvec_lock_irqsave+0x10e/0x170 [ 102.096104][T14893] Code: ... [ 102.099908][T14893] RSP: 0018:ffffc900236c37b0 EFLAGS: 00010293 [ 102.101152][T14893] RAX: 0000000000000000 RBX: ffffea0004f30000 RCX: ffffffff8183f426 [ 102.102684][T14893] RDX: ffff8881063cb880 RSI: ffffffff81b8117f RDI: ffff8881063cb880 [ 102.104227][T14893] RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000000 [ 102.105757][T14893] R10: 0000000000000001 R11: 0000000000000002 R12: ffffc900236c37d8 [ 102.107296][T14893] R13: ffff888277a2bcb0 R14: 000000000000001f R15: 0000000000000000 [ 102.108830][T14893] FS: 00007ff27dbdd740(0000) GS:ffff888277a00000(0000) knlGS:0000000000000000 [ 102.110643][T14893] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 102.111924][T14893] CR2: 00007ff27d400000 CR3: 000000010866e000 CR4: 0000000000750ef0 [ 102.113478][T14893] PKRU: 55555554 [ 102.114172][T14893] Call Trace: [ 102.114805][T14893] <TASK> [ 102.115397][T14893] ? folio_lruvec_lock_irqsave+0x10e/0x170 [ 102.116547][T14893] ? __warn.cold+0x110/0x210 [ 102.117461][T14893] ? folio_lruvec_lock_irqsave+0x10e/0x170 [ 102.118667][T14893] ? report_bug+0x1b9/0x320 [ 102.119571][T14893] ? handle_bug+0x54/0x90 [ 102.120494][T14893] ? exc_invalid_op+0x17/0x50 [ 102.121433][T14893] ? asm_exc_invalid_op+0x1a/0x20 [ 102.122435][T14893] ? __wake_up_klogd.part.0+0x76/0xd0 [ 102.123506][T14893] ? dump_page+0x4f/0x60 [ 102.124352][T14893] ? folio_lruvec_lock_irqsave+0x10e/0x170 [ 102.125500][T14893] folio_batch_move_lru+0xd4/0x200 [ 102.126577][T14893] ? __pfx_lru_add+0x10/0x10 [ 102.127505][T14893] __folio_batch_add_and_move+0x391/0x720 [ 102.128633][T14893] ? __pfx_lru_add+0x10/0x10 [ 102.129550][T14893] folio_putback_lru+0x16/0x80 [ 102.130564][T14893] migrate_device_finalize+0x9b/0x530 [ 102.131640][T14893] dmirror_migrate_to_device.constprop.0+0x7c5/0xad0 [ 102.133047][T14893] dmirror_fops_unlocked_ioctl+0x89b/0xc80 Likely, nothing else goes wrong: putting the last folio reference will remove the folio from the LRU again. So besides memcg complaining, adding the folio to be freed to the LRU is just an unnecessary step. The new flow resembles what we have in migrate_folio_move(): add the dst to the lru, remove migration ptes, unlock and unref dst. Link: https://lkml.kernel.org/r/20250210161317.717936-1-david@redhat.com Fixes: 8763cb45ab96 ("mm/migrate: new memory migration helper for use with device memory") Signed-off-by: David Hildenbrand <david(a)redhat.com> Cc: Jérôme Glisse <jglisse(a)redhat.com> Cc: John Hubbard <jhubbard(a)nvidia.com> Cc: Alistair Popple <apopple(a)nvidia.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/migrate_device.c b/mm/migrate_device.c index 9cf26592ac93..5bd888223cc8 100644 --- a/mm/migrate_device.c +++ b/mm/migrate_device.c @@ -840,20 +840,15 @@ void migrate_device_finalize(unsigned long *src_pfns, dst = src; } + if (!folio_is_zone_device(dst)) + folio_add_lru(dst); remove_migration_ptes(src, dst, 0); folio_unlock(src); - - if (folio_is_zone_device(src)) - folio_put(src); - else - folio_putback_lru(src); + folio_put(src); if (dst != src) { folio_unlock(dst); - if (folio_is_zone_device(dst)) - folio_put(dst); - else - folio_putback_lru(dst); + folio_put(dst); } } }

4 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] mm/migrate_device: don't add folio to be freed to LRU in" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 41cddf83d8b00f29fd105e7a0777366edc69a5cf # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025022404-rebuttal-laundry-1cf8@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 41cddf83d8b00f29fd105e7a0777366edc69a5cf Mon Sep 17 00:00:00 2001 From: David Hildenbrand <david(a)redhat.com> Date: Mon, 10 Feb 2025 17:13:17 +0100 Subject: [PATCH] mm/migrate_device: don't add folio to be freed to LRU in migrate_device_finalize() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit If migration succeeded, we called folio_migrate_flags()->mem_cgroup_migrate() to migrate the memcg from the old to the new folio. This will set memcg_data of the old folio to 0. Similarly, if migration failed, memcg_data of the dst folio is left unset. If we call folio_putback_lru() on such folios (memcg_data == 0), we will add the folio to be freed to the LRU, making memcg code unhappy. Running the hmm selftests: # ./hmm-tests ... # RUN hmm.hmm_device_private.migrate ... [ 102.078007][T14893] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x7ff27d200 pfn:0x13cc00 [ 102.079974][T14893] anon flags: 0x17ff00000020018(uptodate|dirty|swapbacked|node=0|zone=2|lastcpupid=0x7ff) [ 102.082037][T14893] raw: 017ff00000020018 dead000000000100 dead000000000122 ffff8881353896c9 [ 102.083687][T14893] raw: 00000007ff27d200 0000000000000000 00000001ffffffff 0000000000000000 [ 102.085331][T14893] page dumped because: VM_WARN_ON_ONCE_FOLIO(!memcg && !mem_cgroup_disabled()) [ 102.087230][T14893] ------------[ cut here ]------------ [ 102.088279][T14893] WARNING: CPU: 0 PID: 14893 at ./include/linux/memcontrol.h:726 folio_lruvec_lock_irqsave+0x10e/0x170 [ 102.090478][T14893] Modules linked in: [ 102.091244][T14893] CPU: 0 UID: 0 PID: 14893 Comm: hmm-tests Not tainted 6.13.0-09623-g6c216bc522fd #151 [ 102.093089][T14893] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 04/01/2014 [ 102.094848][T14893] RIP: 0010:folio_lruvec_lock_irqsave+0x10e/0x170 [ 102.096104][T14893] Code: ... [ 102.099908][T14893] RSP: 0018:ffffc900236c37b0 EFLAGS: 00010293 [ 102.101152][T14893] RAX: 0000000000000000 RBX: ffffea0004f30000 RCX: ffffffff8183f426 [ 102.102684][T14893] RDX: ffff8881063cb880 RSI: ffffffff81b8117f RDI: ffff8881063cb880 [ 102.104227][T14893] RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000000 [ 102.105757][T14893] R10: 0000000000000001 R11: 0000000000000002 R12: ffffc900236c37d8 [ 102.107296][T14893] R13: ffff888277a2bcb0 R14: 000000000000001f R15: 0000000000000000 [ 102.108830][T14893] FS: 00007ff27dbdd740(0000) GS:ffff888277a00000(0000) knlGS:0000000000000000 [ 102.110643][T14893] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 102.111924][T14893] CR2: 00007ff27d400000 CR3: 000000010866e000 CR4: 0000000000750ef0 [ 102.113478][T14893] PKRU: 55555554 [ 102.114172][T14893] Call Trace: [ 102.114805][T14893] <TASK> [ 102.115397][T14893] ? folio_lruvec_lock_irqsave+0x10e/0x170 [ 102.116547][T14893] ? __warn.cold+0x110/0x210 [ 102.117461][T14893] ? folio_lruvec_lock_irqsave+0x10e/0x170 [ 102.118667][T14893] ? report_bug+0x1b9/0x320 [ 102.119571][T14893] ? handle_bug+0x54/0x90 [ 102.120494][T14893] ? exc_invalid_op+0x17/0x50 [ 102.121433][T14893] ? asm_exc_invalid_op+0x1a/0x20 [ 102.122435][T14893] ? __wake_up_klogd.part.0+0x76/0xd0 [ 102.123506][T14893] ? dump_page+0x4f/0x60 [ 102.124352][T14893] ? folio_lruvec_lock_irqsave+0x10e/0x170 [ 102.125500][T14893] folio_batch_move_lru+0xd4/0x200 [ 102.126577][T14893] ? __pfx_lru_add+0x10/0x10 [ 102.127505][T14893] __folio_batch_add_and_move+0x391/0x720 [ 102.128633][T14893] ? __pfx_lru_add+0x10/0x10 [ 102.129550][T14893] folio_putback_lru+0x16/0x80 [ 102.130564][T14893] migrate_device_finalize+0x9b/0x530 [ 102.131640][T14893] dmirror_migrate_to_device.constprop.0+0x7c5/0xad0 [ 102.133047][T14893] dmirror_fops_unlocked_ioctl+0x89b/0xc80 Likely, nothing else goes wrong: putting the last folio reference will remove the folio from the LRU again. So besides memcg complaining, adding the folio to be freed to the LRU is just an unnecessary step. The new flow resembles what we have in migrate_folio_move(): add the dst to the lru, remove migration ptes, unlock and unref dst. Link: https://lkml.kernel.org/r/20250210161317.717936-1-david@redhat.com Fixes: 8763cb45ab96 ("mm/migrate: new memory migration helper for use with device memory") Signed-off-by: David Hildenbrand <david(a)redhat.com> Cc: Jérôme Glisse <jglisse(a)redhat.com> Cc: John Hubbard <jhubbard(a)nvidia.com> Cc: Alistair Popple <apopple(a)nvidia.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/migrate_device.c b/mm/migrate_device.c index 9cf26592ac93..5bd888223cc8 100644 --- a/mm/migrate_device.c +++ b/mm/migrate_device.c @@ -840,20 +840,15 @@ void migrate_device_finalize(unsigned long *src_pfns, dst = src; } + if (!folio_is_zone_device(dst)) + folio_add_lru(dst); remove_migration_ptes(src, dst, 0); folio_unlock(src); - - if (folio_is_zone_device(src)) - folio_put(src); - else - folio_putback_lru(src); + folio_put(src); if (dst != src) { folio_unlock(dst); - if (folio_is_zone_device(dst)) - folio_put(dst); - else - folio_putback_lru(dst); + folio_put(dst); } } }

4 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] mm/migrate_device: don't add folio to be freed to LRU in" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 41cddf83d8b00f29fd105e7a0777366edc69a5cf # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025022402-footprint-usher-aa6e@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 41cddf83d8b00f29fd105e7a0777366edc69a5cf Mon Sep 17 00:00:00 2001 From: David Hildenbrand <david(a)redhat.com> Date: Mon, 10 Feb 2025 17:13:17 +0100 Subject: [PATCH] mm/migrate_device: don't add folio to be freed to LRU in migrate_device_finalize() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit If migration succeeded, we called folio_migrate_flags()->mem_cgroup_migrate() to migrate the memcg from the old to the new folio. This will set memcg_data of the old folio to 0. Similarly, if migration failed, memcg_data of the dst folio is left unset. If we call folio_putback_lru() on such folios (memcg_data == 0), we will add the folio to be freed to the LRU, making memcg code unhappy. Running the hmm selftests: # ./hmm-tests ... # RUN hmm.hmm_device_private.migrate ... [ 102.078007][T14893] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x7ff27d200 pfn:0x13cc00 [ 102.079974][T14893] anon flags: 0x17ff00000020018(uptodate|dirty|swapbacked|node=0|zone=2|lastcpupid=0x7ff) [ 102.082037][T14893] raw: 017ff00000020018 dead000000000100 dead000000000122 ffff8881353896c9 [ 102.083687][T14893] raw: 00000007ff27d200 0000000000000000 00000001ffffffff 0000000000000000 [ 102.085331][T14893] page dumped because: VM_WARN_ON_ONCE_FOLIO(!memcg && !mem_cgroup_disabled()) [ 102.087230][T14893] ------------[ cut here ]------------ [ 102.088279][T14893] WARNING: CPU: 0 PID: 14893 at ./include/linux/memcontrol.h:726 folio_lruvec_lock_irqsave+0x10e/0x170 [ 102.090478][T14893] Modules linked in: [ 102.091244][T14893] CPU: 0 UID: 0 PID: 14893 Comm: hmm-tests Not tainted 6.13.0-09623-g6c216bc522fd #151 [ 102.093089][T14893] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 04/01/2014 [ 102.094848][T14893] RIP: 0010:folio_lruvec_lock_irqsave+0x10e/0x170 [ 102.096104][T14893] Code: ... [ 102.099908][T14893] RSP: 0018:ffffc900236c37b0 EFLAGS: 00010293 [ 102.101152][T14893] RAX: 0000000000000000 RBX: ffffea0004f30000 RCX: ffffffff8183f426 [ 102.102684][T14893] RDX: ffff8881063cb880 RSI: ffffffff81b8117f RDI: ffff8881063cb880 [ 102.104227][T14893] RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000000 [ 102.105757][T14893] R10: 0000000000000001 R11: 0000000000000002 R12: ffffc900236c37d8 [ 102.107296][T14893] R13: ffff888277a2bcb0 R14: 000000000000001f R15: 0000000000000000 [ 102.108830][T14893] FS: 00007ff27dbdd740(0000) GS:ffff888277a00000(0000) knlGS:0000000000000000 [ 102.110643][T14893] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 102.111924][T14893] CR2: 00007ff27d400000 CR3: 000000010866e000 CR4: 0000000000750ef0 [ 102.113478][T14893] PKRU: 55555554 [ 102.114172][T14893] Call Trace: [ 102.114805][T14893] <TASK> [ 102.115397][T14893] ? folio_lruvec_lock_irqsave+0x10e/0x170 [ 102.116547][T14893] ? __warn.cold+0x110/0x210 [ 102.117461][T14893] ? folio_lruvec_lock_irqsave+0x10e/0x170 [ 102.118667][T14893] ? report_bug+0x1b9/0x320 [ 102.119571][T14893] ? handle_bug+0x54/0x90 [ 102.120494][T14893] ? exc_invalid_op+0x17/0x50 [ 102.121433][T14893] ? asm_exc_invalid_op+0x1a/0x20 [ 102.122435][T14893] ? __wake_up_klogd.part.0+0x76/0xd0 [ 102.123506][T14893] ? dump_page+0x4f/0x60 [ 102.124352][T14893] ? folio_lruvec_lock_irqsave+0x10e/0x170 [ 102.125500][T14893] folio_batch_move_lru+0xd4/0x200 [ 102.126577][T14893] ? __pfx_lru_add+0x10/0x10 [ 102.127505][T14893] __folio_batch_add_and_move+0x391/0x720 [ 102.128633][T14893] ? __pfx_lru_add+0x10/0x10 [ 102.129550][T14893] folio_putback_lru+0x16/0x80 [ 102.130564][T14893] migrate_device_finalize+0x9b/0x530 [ 102.131640][T14893] dmirror_migrate_to_device.constprop.0+0x7c5/0xad0 [ 102.133047][T14893] dmirror_fops_unlocked_ioctl+0x89b/0xc80 Likely, nothing else goes wrong: putting the last folio reference will remove the folio from the LRU again. So besides memcg complaining, adding the folio to be freed to the LRU is just an unnecessary step. The new flow resembles what we have in migrate_folio_move(): add the dst to the lru, remove migration ptes, unlock and unref dst. Link: https://lkml.kernel.org/r/20250210161317.717936-1-david@redhat.com Fixes: 8763cb45ab96 ("mm/migrate: new memory migration helper for use with device memory") Signed-off-by: David Hildenbrand <david(a)redhat.com> Cc: Jérôme Glisse <jglisse(a)redhat.com> Cc: John Hubbard <jhubbard(a)nvidia.com> Cc: Alistair Popple <apopple(a)nvidia.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/migrate_device.c b/mm/migrate_device.c index 9cf26592ac93..5bd888223cc8 100644 --- a/mm/migrate_device.c +++ b/mm/migrate_device.c @@ -840,20 +840,15 @@ void migrate_device_finalize(unsigned long *src_pfns, dst = src; } + if (!folio_is_zone_device(dst)) + folio_add_lru(dst); remove_migration_ptes(src, dst, 0); folio_unlock(src); - - if (folio_is_zone_device(src)) - folio_put(src); - else - folio_putback_lru(src); + folio_put(src); if (dst != src) { folio_unlock(dst); - if (folio_is_zone_device(dst)) - folio_put(dst); - else - folio_putback_lru(dst); + folio_put(dst); } } }

4 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] mm/migrate_device: don't add folio to be freed to LRU in" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 41cddf83d8b00f29fd105e7a0777366edc69a5cf # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025022401-batting-december-cf51@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 41cddf83d8b00f29fd105e7a0777366edc69a5cf Mon Sep 17 00:00:00 2001 From: David Hildenbrand <david(a)redhat.com> Date: Mon, 10 Feb 2025 17:13:17 +0100 Subject: [PATCH] mm/migrate_device: don't add folio to be freed to LRU in migrate_device_finalize() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit If migration succeeded, we called folio_migrate_flags()->mem_cgroup_migrate() to migrate the memcg from the old to the new folio. This will set memcg_data of the old folio to 0. Similarly, if migration failed, memcg_data of the dst folio is left unset. If we call folio_putback_lru() on such folios (memcg_data == 0), we will add the folio to be freed to the LRU, making memcg code unhappy. Running the hmm selftests: # ./hmm-tests ... # RUN hmm.hmm_device_private.migrate ... [ 102.078007][T14893] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x7ff27d200 pfn:0x13cc00 [ 102.079974][T14893] anon flags: 0x17ff00000020018(uptodate|dirty|swapbacked|node=0|zone=2|lastcpupid=0x7ff) [ 102.082037][T14893] raw: 017ff00000020018 dead000000000100 dead000000000122 ffff8881353896c9 [ 102.083687][T14893] raw: 00000007ff27d200 0000000000000000 00000001ffffffff 0000000000000000 [ 102.085331][T14893] page dumped because: VM_WARN_ON_ONCE_FOLIO(!memcg && !mem_cgroup_disabled()) [ 102.087230][T14893] ------------[ cut here ]------------ [ 102.088279][T14893] WARNING: CPU: 0 PID: 14893 at ./include/linux/memcontrol.h:726 folio_lruvec_lock_irqsave+0x10e/0x170 [ 102.090478][T14893] Modules linked in: [ 102.091244][T14893] CPU: 0 UID: 0 PID: 14893 Comm: hmm-tests Not tainted 6.13.0-09623-g6c216bc522fd #151 [ 102.093089][T14893] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 04/01/2014 [ 102.094848][T14893] RIP: 0010:folio_lruvec_lock_irqsave+0x10e/0x170 [ 102.096104][T14893] Code: ... [ 102.099908][T14893] RSP: 0018:ffffc900236c37b0 EFLAGS: 00010293 [ 102.101152][T14893] RAX: 0000000000000000 RBX: ffffea0004f30000 RCX: ffffffff8183f426 [ 102.102684][T14893] RDX: ffff8881063cb880 RSI: ffffffff81b8117f RDI: ffff8881063cb880 [ 102.104227][T14893] RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000000 [ 102.105757][T14893] R10: 0000000000000001 R11: 0000000000000002 R12: ffffc900236c37d8 [ 102.107296][T14893] R13: ffff888277a2bcb0 R14: 000000000000001f R15: 0000000000000000 [ 102.108830][T14893] FS: 00007ff27dbdd740(0000) GS:ffff888277a00000(0000) knlGS:0000000000000000 [ 102.110643][T14893] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 102.111924][T14893] CR2: 00007ff27d400000 CR3: 000000010866e000 CR4: 0000000000750ef0 [ 102.113478][T14893] PKRU: 55555554 [ 102.114172][T14893] Call Trace: [ 102.114805][T14893] <TASK> [ 102.115397][T14893] ? folio_lruvec_lock_irqsave+0x10e/0x170 [ 102.116547][T14893] ? __warn.cold+0x110/0x210 [ 102.117461][T14893] ? folio_lruvec_lock_irqsave+0x10e/0x170 [ 102.118667][T14893] ? report_bug+0x1b9/0x320 [ 102.119571][T14893] ? handle_bug+0x54/0x90 [ 102.120494][T14893] ? exc_invalid_op+0x17/0x50 [ 102.121433][T14893] ? asm_exc_invalid_op+0x1a/0x20 [ 102.122435][T14893] ? __wake_up_klogd.part.0+0x76/0xd0 [ 102.123506][T14893] ? dump_page+0x4f/0x60 [ 102.124352][T14893] ? folio_lruvec_lock_irqsave+0x10e/0x170 [ 102.125500][T14893] folio_batch_move_lru+0xd4/0x200 [ 102.126577][T14893] ? __pfx_lru_add+0x10/0x10 [ 102.127505][T14893] __folio_batch_add_and_move+0x391/0x720 [ 102.128633][T14893] ? __pfx_lru_add+0x10/0x10 [ 102.129550][T14893] folio_putback_lru+0x16/0x80 [ 102.130564][T14893] migrate_device_finalize+0x9b/0x530 [ 102.131640][T14893] dmirror_migrate_to_device.constprop.0+0x7c5/0xad0 [ 102.133047][T14893] dmirror_fops_unlocked_ioctl+0x89b/0xc80 Likely, nothing else goes wrong: putting the last folio reference will remove the folio from the LRU again. So besides memcg complaining, adding the folio to be freed to the LRU is just an unnecessary step. The new flow resembles what we have in migrate_folio_move(): add the dst to the lru, remove migration ptes, unlock and unref dst. Link: https://lkml.kernel.org/r/20250210161317.717936-1-david@redhat.com Fixes: 8763cb45ab96 ("mm/migrate: new memory migration helper for use with device memory") Signed-off-by: David Hildenbrand <david(a)redhat.com> Cc: Jérôme Glisse <jglisse(a)redhat.com> Cc: John Hubbard <jhubbard(a)nvidia.com> Cc: Alistair Popple <apopple(a)nvidia.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/migrate_device.c b/mm/migrate_device.c index 9cf26592ac93..5bd888223cc8 100644 --- a/mm/migrate_device.c +++ b/mm/migrate_device.c @@ -840,20 +840,15 @@ void migrate_device_finalize(unsigned long *src_pfns, dst = src; } + if (!folio_is_zone_device(dst)) + folio_add_lru(dst); remove_migration_ptes(src, dst, 0); folio_unlock(src); - - if (folio_is_zone_device(src)) - folio_put(src); - else - folio_putback_lru(src); + folio_put(src); if (dst != src) { folio_unlock(dst); - if (folio_is_zone_device(dst)) - folio_put(dst); - else - folio_putback_lru(dst); + folio_put(dst); } } }

4 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] drop_monitor: fix incorrect initialization order" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 07b598c0e6f06a0f254c88dafb4ad50f8a8c6eea # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025022443-bondless-dastardly-bef7@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 07b598c0e6f06a0f254c88dafb4ad50f8a8c6eea Mon Sep 17 00:00:00 2001 From: Gavrilov Ilia <Ilia.Gavrilov(a)infotecs.ru> Date: Thu, 13 Feb 2025 15:20:55 +0000 Subject: [PATCH] drop_monitor: fix incorrect initialization order Syzkaller reports the following bug: BUG: spinlock bad magic on CPU#1, syz-executor.0/7995 lock: 0xffff88805303f3e0, .magic: 00000000, .owner: <none>/-1, .owner_cpu: 0 CPU: 1 PID: 7995 Comm: syz-executor.0 Tainted: G E 5.10.209+ #1 Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x119/0x179 lib/dump_stack.c:118 debug_spin_lock_before kernel/locking/spinlock_debug.c:83 [inline] do_raw_spin_lock+0x1f6/0x270 kernel/locking/spinlock_debug.c:112 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:117 [inline] _raw_spin_lock_irqsave+0x50/0x70 kernel/locking/spinlock.c:159 reset_per_cpu_data+0xe6/0x240 [drop_monitor] net_dm_cmd_trace+0x43d/0x17a0 [drop_monitor] genl_family_rcv_msg_doit+0x22f/0x330 net/netlink/genetlink.c:739 genl_family_rcv_msg net/netlink/genetlink.c:783 [inline] genl_rcv_msg+0x341/0x5a0 net/netlink/genetlink.c:800 netlink_rcv_skb+0x14d/0x440 net/netlink/af_netlink.c:2497 genl_rcv+0x29/0x40 net/netlink/genetlink.c:811 netlink_unicast_kernel net/netlink/af_netlink.c:1322 [inline] netlink_unicast+0x54b/0x800 net/netlink/af_netlink.c:1348 netlink_sendmsg+0x914/0xe00 net/netlink/af_netlink.c:1916 sock_sendmsg_nosec net/socket.c:651 [inline] __sock_sendmsg+0x157/0x190 net/socket.c:663 ____sys_sendmsg+0x712/0x870 net/socket.c:2378 ___sys_sendmsg+0xf8/0x170 net/socket.c:2432 __sys_sendmsg+0xea/0x1b0 net/socket.c:2461 do_syscall_64+0x30/0x40 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x62/0xc7 RIP: 0033:0x7f3f9815aee9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f3f972bf0c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007f3f9826d050 RCX: 00007f3f9815aee9 RDX: 0000000020000000 RSI: 0000000020001300 RDI: 0000000000000007 RBP: 00007f3f981b63bd R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 000000000000006e R14: 00007f3f9826d050 R15: 00007ffe01ee6768 If drop_monitor is built as a kernel module, syzkaller may have time to send a netlink NET_DM_CMD_START message during the module loading. This will call the net_dm_monitor_start() function that uses a spinlock that has not yet been initialized. To fix this, let's place resource initialization above the registration of a generic netlink family. Found by InfoTeCS on behalf of Linux Verification Center (linuxtesting.org) with Syzkaller. Fixes: 9a8afc8d3962 ("Network Drop Monitor: Adding drop monitor implementation & Netlink protocol") Cc: stable(a)vger.kernel.org Signed-off-by: Ilia Gavrilov <Ilia.Gavrilov(a)infotecs.ru> Reviewed-by: Ido Schimmel <idosch(a)nvidia.com> Link: https://patch.msgid.link/20250213152054.2785669-1-Ilia.Gavrilov@infotecs.ru Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/net/core/drop_monitor.c b/net/core/drop_monitor.c index 6efd4cccc9dd..212f0a048cab 100644 --- a/net/core/drop_monitor.c +++ b/net/core/drop_monitor.c @@ -1734,30 +1734,30 @@ static int __init init_net_drop_monitor(void) return -ENOSPC; } - rc = genl_register_family(&net_drop_monitor_family); - if (rc) { - pr_err("Could not create drop monitor netlink family\n"); - return rc; - } - WARN_ON(net_drop_monitor_family.mcgrp_offset != NET_DM_GRP_ALERT); - - rc = register_netdevice_notifier(&dropmon_net_notifier); - if (rc < 0) { - pr_crit("Failed to register netdevice notifier\n"); - goto out_unreg; - } - - rc = 0; - for_each_possible_cpu(cpu) { net_dm_cpu_data_init(cpu); net_dm_hw_cpu_data_init(cpu); } + rc = register_netdevice_notifier(&dropmon_net_notifier); + if (rc < 0) { + pr_crit("Failed to register netdevice notifier\n"); + return rc; + } + + rc = genl_register_family(&net_drop_monitor_family); + if (rc) { + pr_err("Could not create drop monitor netlink family\n"); + goto out_unreg; + } + WARN_ON(net_drop_monitor_family.mcgrp_offset != NET_DM_GRP_ALERT); + + rc = 0; + goto out; out_unreg: - genl_unregister_family(&net_drop_monitor_family); + WARN_ON(unregister_netdevice_notifier(&dropmon_net_notifier)); out: return rc; } @@ -1766,19 +1766,18 @@ static void exit_net_drop_monitor(void) { int cpu; - BUG_ON(unregister_netdevice_notifier(&dropmon_net_notifier)); - /* * Because of the module_get/put we do in the trace state change path * we are guaranteed not to have any current users when we get here */ + BUG_ON(genl_unregister_family(&net_drop_monitor_family)); + + BUG_ON(unregister_netdevice_notifier(&dropmon_net_notifier)); for_each_possible_cpu(cpu) { net_dm_hw_cpu_data_fini(cpu); net_dm_cpu_data_fini(cpu); } - - BUG_ON(genl_unregister_family(&net_drop_monitor_family)); } module_init(init_net_drop_monitor);

4 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] io_uring: prevent opcode speculation" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 1e988c3fe1264708f4f92109203ac5b1d65de50b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025022441-refined-barrack-4d1f@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1e988c3fe1264708f4f92109203ac5b1d65de50b Mon Sep 17 00:00:00 2001 From: Pavel Begunkov <asml.silence(a)gmail.com> Date: Fri, 14 Feb 2025 22:48:15 +0000 Subject: [PATCH] io_uring: prevent opcode speculation sqe->opcode is used for different tables, make sure we santitise it against speculations. Cc: stable(a)vger.kernel.org Fixes: d3656344fea03 ("io_uring: add lookup table for various opcode needs") Signed-off-by: Pavel Begunkov <asml.silence(a)gmail.com> Reviewed-by: Li Zetao <lizetao1(a)huawei.com> Link: https://lore.kernel.org/r/7eddbf31c8ca0a3947f8ed98271acc2b4349c016.17395684… Signed-off-by: Jens Axboe <axboe(a)kernel.dk> diff --git a/io_uring/io_uring.c b/io_uring/io_uring.c index 263e504be4a8..29a42365a481 100644 --- a/io_uring/io_uring.c +++ b/io_uring/io_uring.c @@ -2045,6 +2045,8 @@ static int io_init_req(struct io_ring_ctx *ctx, struct io_kiocb *req, req->opcode = 0; return io_init_fail_req(req, -EINVAL); } + opcode = array_index_nospec(opcode, IORING_OP_LAST); + def = &io_issue_defs[opcode]; if (unlikely(sqe_flags & ~SQE_COMMON_FLAGS)) { /* enforce forwards compatibility on users */

4 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] io_uring: prevent opcode speculation" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 1e988c3fe1264708f4f92109203ac5b1d65de50b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025022440-shadow-ambitious-5060@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1e988c3fe1264708f4f92109203ac5b1d65de50b Mon Sep 17 00:00:00 2001 From: Pavel Begunkov <asml.silence(a)gmail.com> Date: Fri, 14 Feb 2025 22:48:15 +0000 Subject: [PATCH] io_uring: prevent opcode speculation sqe->opcode is used for different tables, make sure we santitise it against speculations. Cc: stable(a)vger.kernel.org Fixes: d3656344fea03 ("io_uring: add lookup table for various opcode needs") Signed-off-by: Pavel Begunkov <asml.silence(a)gmail.com> Reviewed-by: Li Zetao <lizetao1(a)huawei.com> Link: https://lore.kernel.org/r/7eddbf31c8ca0a3947f8ed98271acc2b4349c016.17395684… Signed-off-by: Jens Axboe <axboe(a)kernel.dk> diff --git a/io_uring/io_uring.c b/io_uring/io_uring.c index 263e504be4a8..29a42365a481 100644 --- a/io_uring/io_uring.c +++ b/io_uring/io_uring.c @@ -2045,6 +2045,8 @@ static int io_init_req(struct io_ring_ctx *ctx, struct io_kiocb *req, req->opcode = 0; return io_init_fail_req(req, -EINVAL); } + opcode = array_index_nospec(opcode, IORING_OP_LAST); + def = &io_issue_defs[opcode]; if (unlikely(sqe_flags & ~SQE_COMMON_FLAGS)) { /* enforce forwards compatibility on users */

4 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] io_uring: prevent opcode speculation" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 1e988c3fe1264708f4f92109203ac5b1d65de50b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025022440-blitz-abide-81f7@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1e988c3fe1264708f4f92109203ac5b1d65de50b Mon Sep 17 00:00:00 2001 From: Pavel Begunkov <asml.silence(a)gmail.com> Date: Fri, 14 Feb 2025 22:48:15 +0000 Subject: [PATCH] io_uring: prevent opcode speculation sqe->opcode is used for different tables, make sure we santitise it against speculations. Cc: stable(a)vger.kernel.org Fixes: d3656344fea03 ("io_uring: add lookup table for various opcode needs") Signed-off-by: Pavel Begunkov <asml.silence(a)gmail.com> Reviewed-by: Li Zetao <lizetao1(a)huawei.com> Link: https://lore.kernel.org/r/7eddbf31c8ca0a3947f8ed98271acc2b4349c016.17395684… Signed-off-by: Jens Axboe <axboe(a)kernel.dk> diff --git a/io_uring/io_uring.c b/io_uring/io_uring.c index 263e504be4a8..29a42365a481 100644 --- a/io_uring/io_uring.c +++ b/io_uring/io_uring.c @@ -2045,6 +2045,8 @@ static int io_init_req(struct io_ring_ctx *ctx, struct io_kiocb *req, req->opcode = 0; return io_init_fail_req(req, -EINVAL); } + opcode = array_index_nospec(opcode, IORING_OP_LAST); + def = &io_issue_defs[opcode]; if (unlikely(sqe_flags & ~SQE_COMMON_FLAGS)) { /* enforce forwards compatibility on users */

4 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/msm/dpu: Disable dither in phys encoder cleanup" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x f063ac6b55df03ed25996bdc84d9e1c50147cfa1 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025022414-magenta-debrief-f7e5@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f063ac6b55df03ed25996bdc84d9e1c50147cfa1 Mon Sep 17 00:00:00 2001 From: Jessica Zhang <quic_jesszhan(a)quicinc.com> Date: Tue, 11 Feb 2025 19:59:19 -0800 Subject: [PATCH] drm/msm/dpu: Disable dither in phys encoder cleanup Disable pingpong dither in dpu_encoder_helper_phys_cleanup(). This avoids the issue where an encoder unknowingly uses dither after reserving a pingpong block that was previously bound to an encoder that had enabled dither. Cc: stable(a)vger.kernel.org Reported-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Closes: https://lore.kernel.org/all/jr7zbj5w7iq4apg3gofuvcwf4r2swzqjk7sshwcdjll4mn6… Signed-off-by: Jessica Zhang <quic_jesszhan(a)quicinc.com> Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Reviewed-by: Abhinav Kumar <quic_abhinavk(a)quicinc.com> Fixes: 3c128638a07d ("drm/msm/dpu: add support for dither block in display") Patchwork: https://patchwork.freedesktop.org/patch/636517/ Link: https://lore.kernel.org/r/20250211-dither-disable-v1-1-ac2cb455f6b9@quicinc… Signed-off-by: Abhinav Kumar <quic_abhinavk(a)quicinc.com> diff --git a/drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c b/drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c index 5172ab4dea99..48e6e8d74c85 100644 --- a/drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c +++ b/drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c @@ -2281,6 +2281,9 @@ void dpu_encoder_helper_phys_cleanup(struct dpu_encoder_phys *phys_enc) } } + if (phys_enc->hw_pp && phys_enc->hw_pp->ops.setup_dither) + phys_enc->hw_pp->ops.setup_dither(phys_enc->hw_pp, NULL); + /* reset the merge 3D HW block */ if (phys_enc->hw_pp && phys_enc->hw_pp->merge_3d) { phys_enc->hw_pp->merge_3d->ops.setup_3d_mode(phys_enc->hw_pp->merge_3d,

4 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/msm/dpu: Disable dither in phys encoder cleanup" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x f063ac6b55df03ed25996bdc84d9e1c50147cfa1 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025022414-briskly-payday-2d07@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f063ac6b55df03ed25996bdc84d9e1c50147cfa1 Mon Sep 17 00:00:00 2001 From: Jessica Zhang <quic_jesszhan(a)quicinc.com> Date: Tue, 11 Feb 2025 19:59:19 -0800 Subject: [PATCH] drm/msm/dpu: Disable dither in phys encoder cleanup Disable pingpong dither in dpu_encoder_helper_phys_cleanup(). This avoids the issue where an encoder unknowingly uses dither after reserving a pingpong block that was previously bound to an encoder that had enabled dither. Cc: stable(a)vger.kernel.org Reported-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Closes: https://lore.kernel.org/all/jr7zbj5w7iq4apg3gofuvcwf4r2swzqjk7sshwcdjll4mn6… Signed-off-by: Jessica Zhang <quic_jesszhan(a)quicinc.com> Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Reviewed-by: Abhinav Kumar <quic_abhinavk(a)quicinc.com> Fixes: 3c128638a07d ("drm/msm/dpu: add support for dither block in display") Patchwork: https://patchwork.freedesktop.org/patch/636517/ Link: https://lore.kernel.org/r/20250211-dither-disable-v1-1-ac2cb455f6b9@quicinc… Signed-off-by: Abhinav Kumar <quic_abhinavk(a)quicinc.com> diff --git a/drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c b/drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c index 5172ab4dea99..48e6e8d74c85 100644 --- a/drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c +++ b/drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c @@ -2281,6 +2281,9 @@ void dpu_encoder_helper_phys_cleanup(struct dpu_encoder_phys *phys_enc) } } + if (phys_enc->hw_pp && phys_enc->hw_pp->ops.setup_dither) + phys_enc->hw_pp->ops.setup_dither(phys_enc->hw_pp, NULL); + /* reset the merge 3D HW block */ if (phys_enc->hw_pp && phys_enc->hw_pp->merge_3d) { phys_enc->hw_pp->merge_3d->ops.setup_3d_mode(phys_enc->hw_pp->merge_3d,

4 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/msm/dp: account for widebus and yuv420 during mode" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x df9cf852ca3099feb8fed781bdd5d3863af001c8 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025022458-hexagram-diagnoses-10ad@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From df9cf852ca3099feb8fed781bdd5d3863af001c8 Mon Sep 17 00:00:00 2001 From: Abhinav Kumar <quic_abhinavk(a)quicinc.com> Date: Thu, 6 Feb 2025 11:46:36 -0800 Subject: [PATCH] drm/msm/dp: account for widebus and yuv420 during mode validation Widebus allows the DP controller to operate in 2 pixel per clock mode. The mode validation logic validates the mode->clock against the max DP pixel clock. However the max DP pixel clock limit assumes widebus is already enabled. Adjust the mode validation logic to only compare the adjusted pixel clock which accounts for widebus against the max DP pixel clock. Also fix the mode validation logic for YUV420 modes as in that case as well, only half the pixel clock is needed. Cc: stable(a)vger.kernel.org Fixes: 757a2f36ab09 ("drm/msm/dp: enable widebus feature for display port") Fixes: 6db6e5606576 ("drm/msm/dp: change clock related programming for YUV420 over DP") Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Tested-by: Dale Whinham <daleyo(a)gmail.com> Patchwork: https://patchwork.freedesktop.org/patch/635789/ Link: https://lore.kernel.org/r/20250206-dp-widebus-fix-v2-1-cb89a0313286@quicinc… Signed-off-by: Abhinav Kumar <quic_abhinavk(a)quicinc.com> diff --git a/drivers/gpu/drm/msm/dp/dp_display.c b/drivers/gpu/drm/msm/dp/dp_display.c index d852e7a85334..a129e26c3ddb 100644 --- a/drivers/gpu/drm/msm/dp/dp_display.c +++ b/drivers/gpu/drm/msm/dp/dp_display.c @@ -930,16 +930,17 @@ enum drm_mode_status msm_dp_bridge_mode_valid(struct drm_bridge *bridge, return -EINVAL; } - if (mode->clock > DP_MAX_PIXEL_CLK_KHZ) - return MODE_CLOCK_HIGH; - msm_dp_display = container_of(dp, struct msm_dp_display_private, msm_dp_display); link_info = &msm_dp_display->panel->link_info; - if (drm_mode_is_420_only(&dp->connector->display_info, mode) && - msm_dp_display->panel->vsc_sdp_supported) + if ((drm_mode_is_420_only(&dp->connector->display_info, mode) && + msm_dp_display->panel->vsc_sdp_supported) || + msm_dp_wide_bus_available(dp)) mode_pclk_khz /= 2; + if (mode_pclk_khz > DP_MAX_PIXEL_CLK_KHZ) + return MODE_CLOCK_HIGH; + mode_bpp = dp->connector->display_info.bpc * num_components; if (!mode_bpp) mode_bpp = default_bpp; diff --git a/drivers/gpu/drm/msm/dp/dp_drm.c b/drivers/gpu/drm/msm/dp/dp_drm.c index d3e241ea6941..16b7913d1eef 100644 --- a/drivers/gpu/drm/msm/dp/dp_drm.c +++ b/drivers/gpu/drm/msm/dp/dp_drm.c @@ -257,7 +257,10 @@ static enum drm_mode_status msm_edp_bridge_mode_valid(struct drm_bridge *bridge, return -EINVAL; } - if (mode->clock > DP_MAX_PIXEL_CLK_KHZ) + if (msm_dp_wide_bus_available(dp)) + mode_pclk_khz /= 2; + + if (mode_pclk_khz > DP_MAX_PIXEL_CLK_KHZ) return MODE_CLOCK_HIGH; /*

4 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/msm/dp: account for widebus and yuv420 during mode" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x df9cf852ca3099feb8fed781bdd5d3863af001c8 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025022458-dander-varsity-6f2b@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From df9cf852ca3099feb8fed781bdd5d3863af001c8 Mon Sep 17 00:00:00 2001 From: Abhinav Kumar <quic_abhinavk(a)quicinc.com> Date: Thu, 6 Feb 2025 11:46:36 -0800 Subject: [PATCH] drm/msm/dp: account for widebus and yuv420 during mode validation Widebus allows the DP controller to operate in 2 pixel per clock mode. The mode validation logic validates the mode->clock against the max DP pixel clock. However the max DP pixel clock limit assumes widebus is already enabled. Adjust the mode validation logic to only compare the adjusted pixel clock which accounts for widebus against the max DP pixel clock. Also fix the mode validation logic for YUV420 modes as in that case as well, only half the pixel clock is needed. Cc: stable(a)vger.kernel.org Fixes: 757a2f36ab09 ("drm/msm/dp: enable widebus feature for display port") Fixes: 6db6e5606576 ("drm/msm/dp: change clock related programming for YUV420 over DP") Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Tested-by: Dale Whinham <daleyo(a)gmail.com> Patchwork: https://patchwork.freedesktop.org/patch/635789/ Link: https://lore.kernel.org/r/20250206-dp-widebus-fix-v2-1-cb89a0313286@quicinc… Signed-off-by: Abhinav Kumar <quic_abhinavk(a)quicinc.com> diff --git a/drivers/gpu/drm/msm/dp/dp_display.c b/drivers/gpu/drm/msm/dp/dp_display.c index d852e7a85334..a129e26c3ddb 100644 --- a/drivers/gpu/drm/msm/dp/dp_display.c +++ b/drivers/gpu/drm/msm/dp/dp_display.c @@ -930,16 +930,17 @@ enum drm_mode_status msm_dp_bridge_mode_valid(struct drm_bridge *bridge, return -EINVAL; } - if (mode->clock > DP_MAX_PIXEL_CLK_KHZ) - return MODE_CLOCK_HIGH; - msm_dp_display = container_of(dp, struct msm_dp_display_private, msm_dp_display); link_info = &msm_dp_display->panel->link_info; - if (drm_mode_is_420_only(&dp->connector->display_info, mode) && - msm_dp_display->panel->vsc_sdp_supported) + if ((drm_mode_is_420_only(&dp->connector->display_info, mode) && + msm_dp_display->panel->vsc_sdp_supported) || + msm_dp_wide_bus_available(dp)) mode_pclk_khz /= 2; + if (mode_pclk_khz > DP_MAX_PIXEL_CLK_KHZ) + return MODE_CLOCK_HIGH; + mode_bpp = dp->connector->display_info.bpc * num_components; if (!mode_bpp) mode_bpp = default_bpp; diff --git a/drivers/gpu/drm/msm/dp/dp_drm.c b/drivers/gpu/drm/msm/dp/dp_drm.c index d3e241ea6941..16b7913d1eef 100644 --- a/drivers/gpu/drm/msm/dp/dp_drm.c +++ b/drivers/gpu/drm/msm/dp/dp_drm.c @@ -257,7 +257,10 @@ static enum drm_mode_status msm_edp_bridge_mode_valid(struct drm_bridge *bridge, return -EINVAL; } - if (mode->clock > DP_MAX_PIXEL_CLK_KHZ) + if (msm_dp_wide_bus_available(dp)) + mode_pclk_khz /= 2; + + if (mode_pclk_khz > DP_MAX_PIXEL_CLK_KHZ) return MODE_CLOCK_HIGH; /*

4 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/msm/dp: account for widebus and yuv420 during mode" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x df9cf852ca3099feb8fed781bdd5d3863af001c8 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025022457-capitol-primate-f197@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From df9cf852ca3099feb8fed781bdd5d3863af001c8 Mon Sep 17 00:00:00 2001 From: Abhinav Kumar <quic_abhinavk(a)quicinc.com> Date: Thu, 6 Feb 2025 11:46:36 -0800 Subject: [PATCH] drm/msm/dp: account for widebus and yuv420 during mode validation Widebus allows the DP controller to operate in 2 pixel per clock mode. The mode validation logic validates the mode->clock against the max DP pixel clock. However the max DP pixel clock limit assumes widebus is already enabled. Adjust the mode validation logic to only compare the adjusted pixel clock which accounts for widebus against the max DP pixel clock. Also fix the mode validation logic for YUV420 modes as in that case as well, only half the pixel clock is needed. Cc: stable(a)vger.kernel.org Fixes: 757a2f36ab09 ("drm/msm/dp: enable widebus feature for display port") Fixes: 6db6e5606576 ("drm/msm/dp: change clock related programming for YUV420 over DP") Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Tested-by: Dale Whinham <daleyo(a)gmail.com> Patchwork: https://patchwork.freedesktop.org/patch/635789/ Link: https://lore.kernel.org/r/20250206-dp-widebus-fix-v2-1-cb89a0313286@quicinc… Signed-off-by: Abhinav Kumar <quic_abhinavk(a)quicinc.com> diff --git a/drivers/gpu/drm/msm/dp/dp_display.c b/drivers/gpu/drm/msm/dp/dp_display.c index d852e7a85334..a129e26c3ddb 100644 --- a/drivers/gpu/drm/msm/dp/dp_display.c +++ b/drivers/gpu/drm/msm/dp/dp_display.c @@ -930,16 +930,17 @@ enum drm_mode_status msm_dp_bridge_mode_valid(struct drm_bridge *bridge, return -EINVAL; } - if (mode->clock > DP_MAX_PIXEL_CLK_KHZ) - return MODE_CLOCK_HIGH; - msm_dp_display = container_of(dp, struct msm_dp_display_private, msm_dp_display); link_info = &msm_dp_display->panel->link_info; - if (drm_mode_is_420_only(&dp->connector->display_info, mode) && - msm_dp_display->panel->vsc_sdp_supported) + if ((drm_mode_is_420_only(&dp->connector->display_info, mode) && + msm_dp_display->panel->vsc_sdp_supported) || + msm_dp_wide_bus_available(dp)) mode_pclk_khz /= 2; + if (mode_pclk_khz > DP_MAX_PIXEL_CLK_KHZ) + return MODE_CLOCK_HIGH; + mode_bpp = dp->connector->display_info.bpc * num_components; if (!mode_bpp) mode_bpp = default_bpp; diff --git a/drivers/gpu/drm/msm/dp/dp_drm.c b/drivers/gpu/drm/msm/dp/dp_drm.c index d3e241ea6941..16b7913d1eef 100644 --- a/drivers/gpu/drm/msm/dp/dp_drm.c +++ b/drivers/gpu/drm/msm/dp/dp_drm.c @@ -257,7 +257,10 @@ static enum drm_mode_status msm_edp_bridge_mode_valid(struct drm_bridge *bridge, return -EINVAL; } - if (mode->clock > DP_MAX_PIXEL_CLK_KHZ) + if (msm_dp_wide_bus_available(dp)) + mode_pclk_khz /= 2; + + if (mode_pclk_khz > DP_MAX_PIXEL_CLK_KHZ) return MODE_CLOCK_HIGH; /*

4 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] drm: panel: jd9365da-h3: fix reset signal polarity" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x a8972d5a49b408248294b5ecbdd0a085e4726349 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025022442-golf-creole-1500@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a8972d5a49b408248294b5ecbdd0a085e4726349 Mon Sep 17 00:00:00 2001 From: Hugo Villeneuve <hvilleneuve(a)dimonoff.com> Date: Fri, 27 Sep 2024 09:53:05 -0400 Subject: [PATCH] drm: panel: jd9365da-h3: fix reset signal polarity In jadard_prepare() a reset pulse is generated with the following statements (delays ommited for clarity): gpiod_set_value(jadard->reset, 1); --> Deassert reset gpiod_set_value(jadard->reset, 0); --> Assert reset for 10ms gpiod_set_value(jadard->reset, 1); --> Deassert reset However, specifying second argument of "0" to gpiod_set_value() means to deassert the GPIO, and "1" means to assert it. If the reset signal is defined as GPIO_ACTIVE_LOW in the DTS, the above statements will incorrectly generate the reset pulse (inverted) and leave it asserted (LOW) at the end of jadard_prepare(). Fix reset behavior by inverting gpiod_set_value() second argument in jadard_prepare(). Also modify second argument to devm_gpiod_get() in jadard_dsi_probe() to assert the reset when probing. Do not modify it in jadard_unprepare() as it is already properly asserted with "1", which seems to be the intended behavior. Fixes: 6b818c533dd8 ("drm: panel: Add Jadard JD9365DA-H3 DSI panel") Cc: stable(a)vger.kernel.org Signed-off-by: Hugo Villeneuve <hvilleneuve(a)dimonoff.com> Reviewed-by: Neil Armstrong <neil.armstrong(a)linaro.org> Reviewed-by: Linus Walleij <linus.walleij(a)linaro.org> Link: https://lore.kernel.org/r/20240927135306.857617-1-hugo@hugovil.com Signed-off-by: Neil Armstrong <neil.armstrong(a)linaro.org> Link: https://patchwork.freedesktop.org/patch/msgid/20240927135306.857617-1-hugo@… diff --git a/drivers/gpu/drm/panel/panel-jadard-jd9365da-h3.c b/drivers/gpu/drm/panel/panel-jadard-jd9365da-h3.c index 45d09e6fa667..7d68a8acfe2e 100644 --- a/drivers/gpu/drm/panel/panel-jadard-jd9365da-h3.c +++ b/drivers/gpu/drm/panel/panel-jadard-jd9365da-h3.c @@ -109,13 +109,13 @@ static int jadard_prepare(struct drm_panel *panel) if (jadard->desc->lp11_to_reset_delay_ms) msleep(jadard->desc->lp11_to_reset_delay_ms); - gpiod_set_value(jadard->reset, 1); + gpiod_set_value(jadard->reset, 0); msleep(5); - gpiod_set_value(jadard->reset, 0); + gpiod_set_value(jadard->reset, 1); msleep(10); - gpiod_set_value(jadard->reset, 1); + gpiod_set_value(jadard->reset, 0); msleep(130); ret = jadard->desc->init(jadard); @@ -1130,7 +1130,7 @@ static int jadard_dsi_probe(struct mipi_dsi_device *dsi) dsi->format = desc->format; dsi->lanes = desc->lanes; - jadard->reset = devm_gpiod_get(dev, "reset", GPIOD_OUT_LOW); + jadard->reset = devm_gpiod_get(dev, "reset", GPIOD_OUT_HIGH); if (IS_ERR(jadard->reset)) { DRM_DEV_ERROR(&dsi->dev, "failed to get our reset GPIO\n"); return PTR_ERR(jadard->reset);

4 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] drm: panel: jd9365da-h3: fix reset signal polarity" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x a8972d5a49b408248294b5ecbdd0a085e4726349 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025022441-stallion-given-47fc@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a8972d5a49b408248294b5ecbdd0a085e4726349 Mon Sep 17 00:00:00 2001 From: Hugo Villeneuve <hvilleneuve(a)dimonoff.com> Date: Fri, 27 Sep 2024 09:53:05 -0400 Subject: [PATCH] drm: panel: jd9365da-h3: fix reset signal polarity In jadard_prepare() a reset pulse is generated with the following statements (delays ommited for clarity): gpiod_set_value(jadard->reset, 1); --> Deassert reset gpiod_set_value(jadard->reset, 0); --> Assert reset for 10ms gpiod_set_value(jadard->reset, 1); --> Deassert reset However, specifying second argument of "0" to gpiod_set_value() means to deassert the GPIO, and "1" means to assert it. If the reset signal is defined as GPIO_ACTIVE_LOW in the DTS, the above statements will incorrectly generate the reset pulse (inverted) and leave it asserted (LOW) at the end of jadard_prepare(). Fix reset behavior by inverting gpiod_set_value() second argument in jadard_prepare(). Also modify second argument to devm_gpiod_get() in jadard_dsi_probe() to assert the reset when probing. Do not modify it in jadard_unprepare() as it is already properly asserted with "1", which seems to be the intended behavior. Fixes: 6b818c533dd8 ("drm: panel: Add Jadard JD9365DA-H3 DSI panel") Cc: stable(a)vger.kernel.org Signed-off-by: Hugo Villeneuve <hvilleneuve(a)dimonoff.com> Reviewed-by: Neil Armstrong <neil.armstrong(a)linaro.org> Reviewed-by: Linus Walleij <linus.walleij(a)linaro.org> Link: https://lore.kernel.org/r/20240927135306.857617-1-hugo@hugovil.com Signed-off-by: Neil Armstrong <neil.armstrong(a)linaro.org> Link: https://patchwork.freedesktop.org/patch/msgid/20240927135306.857617-1-hugo@… diff --git a/drivers/gpu/drm/panel/panel-jadard-jd9365da-h3.c b/drivers/gpu/drm/panel/panel-jadard-jd9365da-h3.c index 45d09e6fa667..7d68a8acfe2e 100644 --- a/drivers/gpu/drm/panel/panel-jadard-jd9365da-h3.c +++ b/drivers/gpu/drm/panel/panel-jadard-jd9365da-h3.c @@ -109,13 +109,13 @@ static int jadard_prepare(struct drm_panel *panel) if (jadard->desc->lp11_to_reset_delay_ms) msleep(jadard->desc->lp11_to_reset_delay_ms); - gpiod_set_value(jadard->reset, 1); + gpiod_set_value(jadard->reset, 0); msleep(5); - gpiod_set_value(jadard->reset, 0); + gpiod_set_value(jadard->reset, 1); msleep(10); - gpiod_set_value(jadard->reset, 1); + gpiod_set_value(jadard->reset, 0); msleep(130); ret = jadard->desc->init(jadard); @@ -1130,7 +1130,7 @@ static int jadard_dsi_probe(struct mipi_dsi_device *dsi) dsi->format = desc->format; dsi->lanes = desc->lanes; - jadard->reset = devm_gpiod_get(dev, "reset", GPIOD_OUT_LOW); + jadard->reset = devm_gpiod_get(dev, "reset", GPIOD_OUT_HIGH); if (IS_ERR(jadard->reset)) { DRM_DEV_ERROR(&dsi->dev, "failed to get our reset GPIO\n"); return PTR_ERR(jadard->reset);

4 months, 2 weeks

1
0
0 0

[PATCH] auxdisplay: hd44780: Fix an API misuse in hd44780_probe()

by Haoxiang Li

Variable "lcd" allocated by charlcd_alloc() should be released by charlcd_free(). The following patch changed kfree(lcd) to charlcd_free(lcd) to fix an API misuse. Fixes: 718e05ed92ec ("auxdisplay: Introduce hd44780_common.[ch]") Cc: stable(a)vger.kernel.org Signed-off-by: Haoxiang Li <haoxiang_li2024(a)163.com> --- drivers/auxdisplay/hd44780.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/auxdisplay/hd44780.c b/drivers/auxdisplay/hd44780.c index 0526f0d90a79..a1729196bc82 100644 --- a/drivers/auxdisplay/hd44780.c +++ b/drivers/auxdisplay/hd44780.c @@ -313,7 +313,7 @@ static int hd44780_probe(struct platform_device *pdev) fail3: kfree(hd); fail2: - kfree(lcd); + charlcd_free(lcd); fail1: kfree(hdc); return ret; -- 2.25.1

4 months, 2 weeks

2
1
0 0

[PATCH] usb: gadget: Check bmAttributes only if configuration is valid

by Prashanth K

If the USB configuration is not valid, then avoid checking for bmAttributes to prevent null pointer deference. Cc: stable(a)vger.kernel.org Fixes: 40e89ff5750f ("usb: gadget: Set self-powered based on MaxPower and bmAttributes") Signed-off-by: Prashanth K <prashanth.k(a)oss.qualcomm.com> --- drivers/usb/gadget/composite.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/usb/gadget/composite.c b/drivers/usb/gadget/composite.c index 4bcf73bae761..869ad99afb48 100644 --- a/drivers/usb/gadget/composite.c +++ b/drivers/usb/gadget/composite.c @@ -1051,7 +1051,7 @@ static int set_config(struct usb_composite_dev *cdev, usb_gadget_set_remote_wakeup(gadget, 0); done: if (power > USB_SELF_POWER_VBUS_MAX_DRAW || - !(c->bmAttributes & USB_CONFIG_ATT_SELFPOWER)) + (c && !(c->bmAttributes & USB_CONFIG_ATT_SELFPOWER))) usb_gadget_clear_selfpowered(gadget); else usb_gadget_set_selfpowered(gadget); -- 2.25.1

4 months, 2 weeks

2
3
0 0

[PATCH] btrfs: add a sanity check for btrfs root in btrfs_next_old_leaf()

by Ma Ke

btrfs_next_old_leaf() doesn't check if the target root is NULL or not, resulting the null-ptr-deref. Add sanity check for btrfs root before using it in btrfs_next_old_leaf(). Found by code review. Cc: stable(a)vger.kernel.org Fixes: d96b34248c2f ("btrfs: make send work with concurrent block group relocation") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- fs/btrfs/ctree.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/fs/btrfs/ctree.c b/fs/btrfs/ctree.c index 4e2e1c38d33a..1a3fc3863860 100644 --- a/fs/btrfs/ctree.c +++ b/fs/btrfs/ctree.c @@ -4794,13 +4794,17 @@ int btrfs_next_old_leaf(struct btrfs_root *root, struct btrfs_path *path, int level; struct extent_buffer *c; struct extent_buffer *next; - struct btrfs_fs_info *fs_info = root->fs_info; + struct btrfs_fs_info *fs_info; struct btrfs_key key; bool need_commit_sem = false; u32 nritems; int ret; int i; + if (!root) + return -EINVAL; + + fs_info = root->fs_info; /* * The nowait semantics are used only for write paths, where we don't * use the tree mod log and sequence numbers. -- 2.25.1

4 months, 2 weeks

3
2
0 0

[PATCH 6.13 000/258] 6.13.4-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.13.4 release. There are 258 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 22 Feb 2025 10:44:04 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.13.4-rc2… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.13.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.13.4-rc2 Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "vfio/platform: check the bounds of read/write syscalls" Michal Luczaj <mhal(a)rbox.co> vsock: Orphan socket after transport release Michal Luczaj <mhal(a)rbox.co> vsock: Keep the binding until socket destruction Pavel Begunkov <asml.silence(a)gmail.com> io_uring/kbuf: reallocate buf lists on upgrade Tejun Heo <tj(a)kernel.org> sched_ext: Fix incorrect assumption about migration disabled tasks in task_can_run_on_remote_rq() Avri Altman <avri.altman(a)wdc.com> scsi: ufs: core: Ensure clk_gating.lock is used only after initialization Jakub Kicinski <kuba(a)kernel.org> net: ipv6: fix dst refleaks in rpl, seg6 and ioam6 lwtunnels Dhananjay Ugwekar <dhananjay.ugwekar(a)amd.com> cpufreq/amd-pstate: Remove the goto label in amd_pstate_update_limits Chris Brandt <chris.brandt(a)renesas.com> drm: renesas: rz-du: Increase supported resolutions Thomas Hellström <thomas.hellstrom(a)linux.intel.com> drm/xe/tracing: Fix a potential TP_printk UAF Karol Przybylski <karprzy7(a)gmail.com> drm: zynqmp_dp: Fix integer overflow in zynqmp_dp_rate_get() Christian Gmeiner <cgmeiner(a)igalia.com> drm/v3d: Stop active perfmon if it is being destroyed Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dpu1: don't choke on disabling the writeback connector Stephan Gerhold <stephan.gerhold(a)linaro.org> drm/msm/dpu: fix x1e80100 intf_6 underrun/vsync interrupt Tomi Valkeinen <tomi.valkeinen+renesas(a)ideasonboard.com> drm/rcar-du: dsi: Fix PHY lock bit check Dan Carpenter <dan.carpenter(a)linaro.org> drm/msm/gem: prevent integer overflow in msm_ioctl_gem_submit() Devarsh Thakkar <devarsht(a)ti.com> drm/tidss: Clear the interrupt status for interrupts being disabled Devarsh Thakkar <devarsht(a)ti.com> drm/tidss: Fix race condition while handling interrupt registers Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> drm/tidss: Fix issue in irq handling causing irq-flood issue Jens Axboe <axboe(a)kernel.dk> io_uring/uring_cmd: unconditionally copy SQEs at prep time Eric Dumazet <edumazet(a)google.com> ipv6: mcast: add RCU protection to mld_newpack() Caleb Sander Mateos <csander(a)purestorage.com> io_uring/uring_cmd: switch sqe to async_data on EAGAIN Caleb Sander Mateos <csander(a)purestorage.com> io_uring/uring_cmd: don't assume io_uring_cmd_data layout Jens Axboe <axboe(a)kernel.dk> io_uring/uring_cmd: cleanup struct io_uring_cmd_data layout Filipe Manana <fdmanana(a)suse.com> btrfs: fix stale page cache after race between readahead and direct IO write David Sterba <dsterba(a)suse.com> btrfs: rename __get_extent_map() and pass btrfs_inode Eric Dumazet <edumazet(a)google.com> ipv6: mcast: extend RCU protection in igmp6_send() Eric Dumazet <edumazet(a)google.com> ndisc: extend RCU protection in ndisc_send_skb() Eric Dumazet <edumazet(a)google.com> openvswitch: use RCU protection in ovs_vport_cmd_fill_info() Eric Dumazet <edumazet(a)google.com> arp: use RCU protection in arp_xmit() Eric Dumazet <edumazet(a)google.com> neighbour: use RCU protection in __neigh_notify() Eric Dumazet <edumazet(a)google.com> ndisc: use RCU protection in ndisc_alloc_skb() Vicki Pfau <vi(a)endrift.com> HID: hid-steam: Move hidraw input (un)registering to work Vicki Pfau <vi(a)endrift.com> HID: hid-steam: Make sure rumble work is canceled on removal Geert Uytterhoeven <geert+renesas(a)glider.be> genirq: Remove leading space from irq_chip::irq_print_chip() callbacks Kees Cook <kees(a)kernel.org> compiler.h: Move C string helpers into C-only kernel section Eric Dumazet <edumazet(a)google.com> ipv6: icmp: convert to dev_net_rcu() Eric Dumazet <edumazet(a)google.com> ipv6: use RCU protection in ip6_default_advmss() Eric Dumazet <edumazet(a)google.com> flow_dissector: use RCU protection to fetch dev_net() Eric Dumazet <edumazet(a)google.com> ipv4: icmp: convert to dev_net_rcu() Eric Dumazet <edumazet(a)google.com> ipv4: use RCU protection in __ip_rt_update_pmtu() Eric Dumazet <edumazet(a)google.com> ipv4: use RCU protection in inet_select_addr() Eric Dumazet <edumazet(a)google.com> ipv4: use RCU protection in rt_is_expired() Eric Dumazet <edumazet(a)google.com> ipv4: use RCU protection in ipv4_default_advmss() Eric Dumazet <edumazet(a)google.com> net: add dev_net_rcu() helper Eric Dumazet <edumazet(a)google.com> ipv4: use RCU protection in ip_dst_mtu_maybe_forward() Eric Dumazet <edumazet(a)google.com> ipv4: add RCU protection to ip4_dst_hoplimit() Dhananjay Ugwekar <dhananjay.ugwekar(a)amd.com> cpufreq/amd-pstate: Fix cpufreq_policy ref counting Mario Limonciello <mario.limonciello(a)amd.com> cpufreq/amd-pstate: convert mutex use to guard() Dhananjay Ugwekar <Dhananjay.Ugwekar(a)amd.com> cpufreq/amd-pstate: Merge amd_pstate_epp_cpu_offline() and amd_pstate_epp_offline() Dhananjay Ugwekar <Dhananjay.Ugwekar(a)amd.com> cpufreq/amd-pstate: Remove the cppc_state check in offline/online functions Dhananjay Ugwekar <Dhananjay.Ugwekar(a)amd.com> cpufreq/amd-pstate: Refactor amd_pstate_epp_reenable() and amd_pstate_epp_offline() Justin M. Forbes <jforbes(a)fedoraproject.org> rust: kbuild: add -fzero-init-padding-bits to bindgen_skip_cflags Jinghao Jia <jinghao7(a)illinois.edu> samples/hid: fix broken vmlinux path for VMLINUX_BTF Jinghao Jia <jinghao7(a)illinois.edu> samples/hid: remove unnecessary -I flags from libbpf EXTRA_CFLAGS Avri Altman <avri.altman(a)wdc.com> scsi: ufs: Fix toggling of clk_gating.state when clock gating is not allowed Avri Altman <avri.altman(a)wdc.com> scsi: ufs: core: Introduce a new clock_gating lock Avri Altman <avri.altman(a)wdc.com> scsi: ufs: core: Prepare to introduce a new clock_gating lock Avri Altman <avri.altman(a)wdc.com> scsi: ufs: core: Introduce ufshcd_has_pending_tasks() Ashutosh Dixit <ashutosh.dixit(a)intel.com> drm/xe/oa: Set stream->pollin in xe_oa_buffer_check_unlocked Ashutosh Dixit <ashutosh.dixit(a)intel.com> drm/xe/oa/uapi: Expose an unblock after N reports OA property Sai Teja Pottumuttu <sai.teja.pottumuttu(a)intel.com> drm/xe/oa/uapi: Make OA buffer size configurable Waiman Long <longman(a)redhat.com> clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context Waiman Long <longman(a)redhat.com> clocksource: Use pr_info() for "Checking clocksource synchronization" message Jakub Kicinski <kuba(a)kernel.org> net: ipv6: fix dst ref loops in rpl, seg6 and ioam6 lwtunnels Justin Iurman <justin.iurman(a)uliege.be> net: ipv6: rpl_iptunnel: mitigate 2-realloc issue Justin Iurman <justin.iurman(a)uliege.be> net: ipv6: seg6_iptunnel: mitigate 2-realloc issue Justin Iurman <justin.iurman(a)uliege.be> net: ipv6: ioam6_iptunnel: mitigate 2-realloc issue Justin Iurman <justin.iurman(a)uliege.be> include: net: add static inline dst_dev_overhead() to dst.h Filipe Manana <fdmanana(a)suse.com> btrfs: fix hole expansion when writing at an offset beyond EOF Wentao Liang <vulab(a)iscas.ac.cn> mlxsw: Add return value check for mlxsw_sp_port_get_stats_raw() Oliver Upton <oliver.upton(a)linux.dev> ACPI: GTDT: Relax sanity checking on Platform Timers array count Shyam Prasad N <sprasad(a)microsoft.com> cifs: pick channels for individual subrequests Song Yoong Siang <yoong.siang.song(a)intel.com> igc: Set buffer type for empty frames in igc_init_empty_frame Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> ptp: vmclock: Set driver data before its usage Tejun Heo <tj(a)kernel.org> sched_ext: Fix migration disabled handling in targeted dispatches David Woodhouse <dwmw(a)amazon.co.uk> ptp: vmclock: Add .owner to vmclock_miscdev_fops Andy-ld Lu <andy-ld.lu(a)mediatek.com> mmc: mtk-sd: Fix register settings for hs400(es) mode Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> ptp: vmclock: Don't unregister misc device if it was not registered Nathan Chancellor <nathan(a)kernel.org> arm64: Handle .ARM.attributes section in linker scripts Jiasheng Jiang <jiashengjiangcool(a)gmail.com> regmap-irq: Add missing kfree() Lu Baolu <baolu.lu(a)linux.intel.com> iommu: Fix potential memory leak in iopf_queue_remove_device() Josua Mayer <josua(a)solid-run.com> Revert "mmc: sdhci_am654: Add sdhci_am654_start_signal_voltage_switch" Varadarajan Narayanan <quic_varada(a)quicinc.com> regulator: qcom_smd: Add l2, l5 sub-node to mp5496 regulator Tejun Heo <tj(a)kernel.org> sched_ext: Fix incorrect autogroup migration detection Lu Baolu <baolu.lu(a)linux.intel.com> iommu/vt-d: Make intel_iommu_drain_pasid_prq() cover faults for RID Jann Horn <jannh(a)google.com> partitions: mac: fix handling of bogus partition table Wentao Liang <vulab(a)iscas.ac.cn> gpio: stmpe: Check return value of stmpe_reg_read in stmpe_gpio_irq_sync_unlock Mario Limonciello <mario.limonciello(a)amd.com> gpiolib: acpi: Add a quirk for Acer Nitro ANV14 Niklas Schnelle <schnelle(a)linux.ibm.com> s390/pci: Fix handling of isolated VFs Niklas Schnelle <schnelle(a)linux.ibm.com> s390/pci: Pull search for parent PF out of zpci_iov_setup_virtfn() Ivan Kokshaysky <ink(a)unseen.parts> alpha: align stack for page fault and user unaligned trap handlers Ivan Kokshaysky <ink(a)unseen.parts> alpha: replace hardcoded stack offsets with autogenerated ones John Keeping <jkeeping(a)inmusicbrands.com> serial: 8250: Fix fifo underflow on flush Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> serial: port: Always update ->iotype in __uart_read_properties() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> serial: port: Assign ->iotype correctly when ->iobase is set Nicolas Dichtel <nicolas.dichtel(a)6wind.com> rtnetlink: fix netns leak with rtnl_setlink() Shakeel Butt <shakeel.butt(a)linux.dev> cgroup: fix race between fork and cgroup.kill Miguel Ojeda <ojeda(a)kernel.org> rust: rbtree: fix overindented list item Miguel Ojeda <ojeda(a)kernel.org> objtool/rust: add one more `noreturn` Rust function Miguel Ojeda <ojeda(a)kernel.org> arm64: rust: clean Rust 1.85.0 warning using softfloat target Ard Biesheuvel <ardb(a)kernel.org> efi: Avoid cold plugged memory for placing the kernel Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> kbuild: userprogs: fix bitsize and target detection on clang Bjorn Helgaas <bhelgaas(a)google.com> PCI: Avoid FLR for Mediatek MT7922 WiFi Aditya Kumar Singh <aditya.kumar.singh(a)oss.qualcomm.com> wifi: ath12k: fix handling of 6 GHz rules Aditya Garg <gargaditya08(a)live.com> wifi: brcmfmac: use random seed flag for BCM4355 and BCM4364 firmware Ivan Kokshaysky <ink(a)unseen.parts> alpha: make stack 16-byte aligned (most cases) Vincent Mailhol <mailhol.vincent(a)wanadoo.fr> can: etas_es58x: fix potential NULL pointer dereference on udev->serial Robin van der Gracht <robin(a)protonic.nl> can: rockchip: rkcanfd_handle_rx_fifo_overflow_int(): bail out if skb cannot be allocated Alexander Hölzl <alexander.hoelzl(a)gmx.net> can: j1939: j1939_sk_send_loop(): fix unable to send messages with data length zero Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> can: c_can: fix unbalanced runtime PM disable in error path Fedor Pchelkin <pchelkin(a)ispras.ru> can: ctucanfd: handle skb allocation failure Johan Hovold <johan(a)kernel.org> USB: serial: option: drop MeiG Smart defines Fabio Porcedda <fabio.porcedda(a)gmail.com> USB: serial: option: fix Telit Cinterion FN990A name Fabio Porcedda <fabio.porcedda(a)gmail.com> USB: serial: option: add Telit Cinterion FN990B compositions Chester A. Unal <chester.a.unal(a)arinc9.com> USB: serial: option: add MeiG Smart SLM828 Roy Luo <royluo(a)google.com> usb: gadget: core: flush gadget workqueue after device removal Jann Horn <jannh(a)google.com> usb: cdc-acm: Fix handling of oversized fragments Jann Horn <jannh(a)google.com> usb: cdc-acm: Check control transfer buffer size before access Marek Vasut <marek.vasut+renesas(a)mailbox.org> USB: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk Alan Stern <stern(a)rowland.harvard.edu> USB: hub: Ignore non-compliant devices with too many configs or interfaces John Keeping <jkeeping(a)inmusicbrands.com> usb: gadget: f_midi: fix MIDI Streaming descriptor lengths Mathias Nyman <mathias.nyman(a)linux.intel.com> USB: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone Lei Huang <huanglei(a)kylinos.cn> USB: quirks: add USB_QUIRK_NO_LPM quirk for Teclast dist Stefan Eichenberger <stefan.eichenberger(a)toradex.com> usb: core: fix pipe creation for get_bMaxPacketSize0 Huacai Chen <chenhuacai(a)kernel.org> USB: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI Michal Pecio <michal.pecio(a)gmail.com> usb: xhci: Restore xhci_pci support for Renesas HCs Fabrice Gasnier <fabrice.gasnier(a)foss.st.com> usb: dwc2: gadget: remove of_node reference upon udc_stop Guo Ren <guoren(a)kernel.org> usb: gadget: udc: renesas_usb3: Fix compiler warning Jos Wang <joswang(a)lenovo.com> usb: typec: tcpm: PSSourceOffTimer timeout in PR_Swap enters ERROR_RECOVERY Elson Roy Serrao <quic_eserrao(a)quicinc.com> usb: roles: set switch registered flag early on Selvarasu Ganesan <selvarasu.g(a)samsung.com> usb: dwc3: Fix timeout issue during controller enter/exit from halt state Selvarasu Ganesan <selvarasu.g(a)samsung.com> usb: gadget: f_midi: Fixing wMaxPacketSize exceeded issue during MIDI bind retries Steven Rostedt <rostedt(a)goodmis.org> ring-buffer: Update pages_touched to reflect persistent buffer content Steven Rostedt <rostedt(a)goodmis.org> ring-buffer: Validate the persistent meta data subbuf array Steven Rostedt <rostedt(a)goodmis.org> tracing: Do not allow mmap() of persistent ring buffer Steven Rostedt <rostedt(a)goodmis.org> ring-buffer: Unlock resize on mmap error Sean Christopherson <seanjc(a)google.com> perf/x86/intel: Ensure LBRs are disabled when a CPU is starting Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel: Fix ARCH_PERFMON_NUM_COUNTER_LEAF Sean Christopherson <seanjc(a)google.com> KVM: nSVM: Enter guest mode before initializing nested NPT MMU Sean Christopherson <seanjc(a)google.com> KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop Sean Christopherson <seanjc(a)google.com> KVM: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC isn't in-kernel Jiang Liu <gerry(a)linux.alibaba.com> drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() Nirmoy Das <nirmoy.das(a)intel.com> drm/xe: Carve out wopcm portion from the stolen memory Remi Pommarel <repk(a)triplefau.lt> batman-adv: Fix incorrect offset in batadv_tt_tvlv_ogm_handler_v1() Sven Eckelmann <sven(a)narfation.org> batman-adv: Drop unmanaged ELP metric worker Sven Eckelmann <sven(a)narfation.org> batman-adv: Ignore neighbor throughput metrics in error case Andy Strohman <andrew(a)andrewstrohman.com> batman-adv: fix panic during interface removal Kees Cook <kees(a)kernel.org> kbuild: Use -fzero-init-padding-bits=all Geert Uytterhoeven <geert+renesas(a)glider.be> ASoC: renesas: SND_SIU_MIGOR should depend on DMADEVICES Hans de Goede <hdegoede(a)redhat.com> ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet 5V Masahiro Yamada <masahiroy(a)kernel.org> kbuild: suppress stdout from merge_config for silent builds Mike Marshall <hubcap(a)omnibond.com> orangefs: fix a oob in orangefs_debug_write Rik van Riel <riel(a)fb.com> x86/mm/tlb: Only trim the mm_cpumask once a second Hans de Goede <hdegoede(a)redhat.com> ACPI: x86: Add skip i2c clients quirk for Vexia EDU ATLA 10 tablet 5V Koichiro Den <koichiro.den(a)canonical.com> selftests: gpio: gpio-sim: Fix missing chip disablements Maksym Planeta <maksym(a)exostellar.io> Grab mm lock before grabbing pt lock Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Unify inode corruption marking with _ntfs_bad_inode() Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Mark inode as bad as soon as error detected in mi_enum_attr() Ankit Agrawal <ankita(a)nvidia.com> vfio/nvgrace-gpu: Expose the blackwell device PF BAR1 to the VM Ankit Agrawal <ankita(a)nvidia.com> vfio/nvgrace-gpu: Read dvsec register to determine need for uncached resmem Zichen Xie <zichenxie0106(a)gmail.com> NFS: Fix potential buffer overflowin nfs_sysfs_link_rpc_client() Ramesh Thomas <ramesh.thomas(a)intel.com> vfio/pci: Enable iowrite64 and ioread64 for vfio pci Brian Norris <briannorris(a)chromium.org> kunit: platform: Resolve 'struct completion' warning Rengarajan S <rengarajan.s(a)microchip.com> 8250: microchip: pci1xxxx: Add workaround for RTS bit toggle Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> serial: 8250_pci: Share WCH IDs with parport_serial driver Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> serial: 8250_pci: Resolve WCH vendor ID ambiguity Tomas Glozar <tglozar(a)redhat.com> rtla/timerlat_top: Abort event processing on second signal Tomas Glozar <tglozar(a)redhat.com> rtla/timerlat_hist: Abort event processing on second signal Guixin Liu <kanie(a)linux.alibaba.com> scsi: ufs: bsg: Set bsg_queue to NULL after removal Rakesh Babu Saladi <Saladi.Rakeshbabu(a)microchip.com> PCI: switchtec: Add Microchip PCI100X device IDs Takashi Iwai <tiwai(a)suse.de> PCI/DPC: Quirk PIO log size for Intel Raptor Lake-P Lorenzo Bianconi <lorenzo(a)kernel.org> PCI: mediatek-gen3: Avoid PCIe resetting via PERST# for Airoha EN7581 SoC Naman Jain <namjain(a)linux.microsoft.com> Drivers: hv: vmbus: Wait for boot-time offers during boot and resume Edward Adam Davis <eadavis(a)qq.com> media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread Isaac Scott <isaac.scott(a)ideasonboard.com> media: uvcvideo: Add Kurokesu C1 PRO camera Isaac Scott <isaac.scott(a)ideasonboard.com> media: uvcvideo: Add new quirk definition for the Sonix Technology Co. 292a camera Isaac Scott <isaac.scott(a)ideasonboard.com> media: uvcvideo: Implement dual stream quirk to fix loss of usb packets Naushir Patuck <naush(a)raspberrypi.com> media: bcm2835-unicam: Disable trigger mode operation Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> media: i2c: ds90ub953: Add error handling for i2c reads/writes Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> media: i2c: ds90ub913: Add error handling to ub913_hw_init() Niklas Cassel <cassel(a)kernel.org> PCI: endpoint: Add size check for fixed size BARs in pci_epc_set_bar() Arnd Bergmann <arnd(a)arndb.de> media: cxd2841er: fix 64-bit division on gcc-9 Jarkko Nikula <jarkko.nikula(a)linux.intel.com> i3c: mipi-i3c-hci: Add support for MIPI I3C HCI on PCI bus Jarkko Nikula <jarkko.nikula(a)linux.intel.com> i3c: mipi-i3c-hci: Add Intel specific quirk to ring resuming Kartik Rajput <kkartik(a)nvidia.com> soc/tegra: fuse: Update Tegra234 nvmem keepout list Aaro Koskinen <aaro.koskinen(a)iki.fi> fbdev: omap: use threaded IRQ for LCD DMA Varadarajan Narayanan <quic_varada(a)quicinc.com> soc: qcom: llcc: Update configuration data for IPQ5424 Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> firmware: qcom: scm: smc: Handle missing SCM device Michael Margolin <mrgolin(a)amazon.com> RDMA/efa: Reset device on probe failure Masahiro Yamada <masahiroy(a)kernel.org> tools: fix annoying "mkdir -p ..." logs when building tools in parallel Vasant Hegde <vasant.hegde(a)amd.com> iommu/amd: Expicitly enable CNTRL.EPHEn bit in resume path Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpiolib: Fix crash on error in gpiochip_get_ngpios() Chuyi Zhou <zhouchuyi(a)bytedance.com> sched_ext: Use SCX_CALL_OP_TASK in task_tick_scx Chuyi Zhou <zhouchuyi(a)bytedance.com> sched_ext: Fix the incorrect bpf_list kfunc API in common.bpf.h. Jens Axboe <axboe(a)kernel.dk> block: cleanup and fix batch completion adding conditions Juergen Gross <jgross(a)suse.com> x86/xen: allow larger contiguous memory regions in PV guests Juergen Gross <jgross(a)suse.com> xen/swiotlb: relax alignment requirements Imre Deak <imre.deak(a)intel.com> drm: Fix DSC BPP increment decoding Jiang Liu <gerry(a)linux.alibaba.com> drm/amdgpu: bail out when failed to load fw in psp_init_cap_microcode() Zhu Lingshan <lingshan.zhu(a)amd.com> amdkfd: properly free gang_ctx_bo when failed to init user queue Benjamin Berg <benjamin.berg(a)intel.com> um: fix execve stub execution on old host OSs Benjamin Berg <benjamin.berg(a)intel.com> um: properly align signal stack on x86_64 Benjamin Berg <benjamin.berg(a)intel.com> um: avoid copying FP state from init_task Benjamin Berg <benjamin.berg(a)intel.com> um: add back support for FXSAVE registers Jens Axboe <axboe(a)kernel.dk> io_uring/uring_cmd: remove dead req_has_async_data() check Pavel Begunkov <asml.silence(a)gmail.com> io_uring/waitid: don't abuse io_tw_state Zhang Rui <rui.zhang(a)intel.com> thermal/netlink: Prevent userspace segmentation fault by adjusting UAPI header Artur Weber <aweber.kernel(a)gmail.com> gpio: bcm-kona: Add missing newline to dev_err format string Artur Weber <aweber.kernel(a)gmail.com> gpio: bcm-kona: Make sure GPIO bits are unlocked when requesting IRQ Artur Weber <aweber.kernel(a)gmail.com> gpio: bcm-kona: Fix GPIO lock/unlock for banks above bank 0 Krzysztof Karas <krzysztof.karas(a)intel.com> drm/i915/selftests: avoid using uninitialized context Tejas Upadhyay <tejas.upadhyay(a)intel.com> drm/xe/client: bo->client does not need bos_lock Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel: Clean up PEBS-via-PT on hybrid Muhammad Adeel <Muhammad.Adeel(a)ibm.com> cgroup: Remove steal time from usage_usec Su Hui <suhui(a)nfschina.com> drm/panthor: avoid garbage value in panthor_ioctl_dev_query() Rupinderjit Singh <rusingh(a)redhat.com> gpu: host1x: Fix a use of uninitialized mutex Radu Rendec <rrendec(a)redhat.com> arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array Maxime Ripard <mripard(a)kernel.org> drm/tests: hdmi: Fix WW_MUTEX_SLOWPATH failures Andrea Righi <arighi(a)nvidia.com> sched_ext: Fix lock imbalance in dispatch_to_local_dsq() Lai Jiangshan <jiangshan.ljs(a)antgroup.com> workqueue: Put the pwq after detaching the rescuer from the pool Eric Dumazet <edumazet(a)google.com> team: better TEAM_OPTION_TYPE_STRING validation Kiran K <kiran.k(a)intel.com> Bluetooth: btintel_pcie: Fix a potential race condition Roger Quadros <rogerq(a)kernel.org> net: ethernet: ti: am65_cpsw: fix tx_cleanup for XDP case Roger Quadros <rogerq(a)kernel.org> net: ethernet: ti: am65-cpsw: fix RX & TX statistics for XDP_TX case Roger Quadros <rogerq(a)kernel.org> net: ethernet: ti: am65-cpsw: fix memleak in certain XDP cases Bibo Mao <maobibo(a)loongson.cn> LoongArch: KVM: Fix typo issue about GCFG feature detection Yuli Wang <wangyuli(a)uniontech.com> LoongArch: csum: Fix OoB access in IP checksum code for negative lengths Marco Crivellari <marco.crivellari(a)suse.com> LoongArch: Fix idle VS timer enqueue Eric Dumazet <edumazet(a)google.com> vxlan: check vxlan_vnigroup_init() return value Zdenek Bouska <zdenek.bouska(a)siemens.com> igc: Fix HW RX timestamp when passed by ZC XDP Joshua Hay <joshua.a.hay(a)intel.com> idpf: call set_real_num_queues in idpf_open Sridhar Samudrala <sridhar.samudrala(a)intel.com> idpf: record rx queue in skb for RSC packets Sridhar Samudrala <sridhar.samudrala(a)intel.com> idpf: fix handling rsc packet with a single segment Jerome Brunet <jbrunet(a)baylibre.com> regulator: core: let dt properties override driver init_data Eric Dumazet <edumazet(a)google.com> vrf: use RCU protection in l3mdev_l3_out() Eric Dumazet <edumazet(a)google.com> ndisc: ndisc_send_redirect() must use dev_get_by_index_rcu() Reyders Morales <reyders1(a)gmail.com> Documentation/networking: fix basic node example document ISO 15765-2 Eric Dumazet <edumazet(a)google.com> net: fib_rules: annotate data-races around rule->[io]ifindex Murad Masimov <m.masimov(a)mt-integration.ru> ax25: Fix refcount leak caused by setting SO_BINDTODEVICE sockopt Kunihiko Hayashi <hayashi.kunihiko(a)socionext.com> spi: sn-f-ospi: Fix division by zero Vicki Pfau <vi(a)endrift.com> HID: hid-steam: Don't use cancel_delayed_work_sync in IRQ context Tulio Fernandes <tuliomf09(a)gmail.com> HID: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints() Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> pinctrl: pinconf-generic: Print unsigned value if a format is registered Nathan Chancellor <nathan(a)kernel.org> scripts/Makefile.extrawarn: Do not show clang's non-kprintf warnings at W=1 Charles Han <hanchunchao(a)inspur.com> HID: multitouch: Add NULL check in mt_input_configured Charles Han <hanchunchao(a)inspur.com> HID: winwing: Add NULL check in winwing_init_led() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> pinctrl: cy8c95x0: Respect IRQ trigger settings from firmware Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> pinctrl: cy8c95x0: Rename PWMSEL to SELPWM Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> pinctrl: cy8c95x0: Enable regmap locking for debug Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> pinctrl: cy8c95x0: Avoid accessing reserved registers Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> pinctrl: cy8c95x0: Fix off-by-one in the regmap range settings Patrick Bellasi <derkling(a)google.com> x86/cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit Jeff Layton <jlayton(a)kernel.org> nfsd: validate the nfsd_serv pointer before calling svc_wake_up Dai Ngo <dai.ngo(a)oracle.com> NFSD: fix hang in nfsd4_shutdown_callback Li Lingfeng <lilingfeng3(a)huawei.com> nfsd: clear acl_access/acl_default after releasing them Stuart Hayhurst <stuart.a.hayhurst(a)gmail.com> HID: corsair-void: Add missing delayed work cancel for headset status Stuart Hayhurst <stuart.a.hayhurst(a)gmail.com> HID: corsair-void: Initialise memory for psy_cfg ------------- Diffstat: .../bindings/regulator/qcom,smd-rpm-regulator.yaml | 2 +- Documentation/networking/iso15765-2.rst | 4 +- Makefile | 17 +-- arch/alpha/include/uapi/asm/ptrace.h | 2 + arch/alpha/kernel/asm-offsets.c | 4 + arch/alpha/kernel/entry.S | 24 ++-- arch/alpha/kernel/traps.c | 2 +- arch/alpha/mm/fault.c | 4 +- arch/arm64/Makefile | 4 + arch/arm64/kernel/cacheinfo.c | 12 +- arch/arm64/kernel/vdso/vdso.lds.S | 1 + arch/arm64/kernel/vmlinux.lds.S | 1 + arch/loongarch/kernel/genex.S | 28 ++-- arch/loongarch/kernel/idle.c | 3 +- arch/loongarch/kernel/reset.c | 6 +- arch/loongarch/kvm/main.c | 4 +- arch/loongarch/lib/csum.c | 2 +- arch/powerpc/sysdev/fsl_msi.c | 2 +- arch/s390/pci/pci_bus.c | 20 +++ arch/s390/pci/pci_iov.c | 56 ++++++-- arch/s390/pci/pci_iov.h | 7 + arch/um/kernel/process.c | 10 +- arch/um/os-Linux/skas/process.c | 16 ++- arch/x86/Kconfig | 3 +- arch/x86/events/intel/core.c | 33 ++--- arch/x86/events/intel/ds.c | 10 +- arch/x86/include/asm/kvm-x86-ops.h | 1 + arch/x86/include/asm/kvm_host.h | 1 + arch/x86/include/asm/mmu.h | 2 + arch/x86/include/asm/mmu_context.h | 1 + arch/x86/include/asm/msr-index.h | 3 +- arch/x86/include/asm/perf_event.h | 28 +++- arch/x86/include/asm/tlbflush.h | 1 + arch/x86/kernel/cpu/bugs.c | 21 ++- arch/x86/kvm/hyperv.c | 6 +- arch/x86/kvm/mmu/mmu.c | 2 +- arch/x86/kvm/svm/nested.c | 10 +- arch/x86/kvm/svm/svm.c | 13 +- arch/x86/kvm/vmx/main.c | 1 + arch/x86/kvm/vmx/vmx.c | 10 +- arch/x86/kvm/vmx/x86_ops.h | 1 + arch/x86/kvm/x86.c | 3 + arch/x86/mm/tlb.c | 35 ++++- arch/x86/um/os-Linux/registers.c | 21 ++- arch/x86/um/signal.c | 13 +- arch/x86/xen/mmu_pv.c | 75 +++++++++-- block/partitions/mac.c | 18 ++- drivers/acpi/arm64/gtdt.c | 12 +- drivers/acpi/x86/utils.c | 13 ++ drivers/base/regmap/regmap-irq.c | 2 + drivers/bluetooth/btintel_pcie.c | 5 +- drivers/bus/moxtet.c | 2 +- drivers/cpufreq/amd-pstate.c | 107 +++++---------- drivers/firmware/efi/efi.c | 6 +- drivers/firmware/efi/libstub/randomalloc.c | 3 + drivers/firmware/efi/libstub/relocate.c | 3 + drivers/firmware/qcom/qcom_scm-smc.c | 3 + drivers/gpio/gpio-bcm-kona.c | 71 ++++++++-- drivers/gpio/gpio-stmpe.c | 15 ++- drivers/gpio/gpiolib-acpi.c | 14 ++ drivers/gpio/gpiolib.c | 6 +- drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c | 5 +- .../gpu/drm/amd/amdkfd/kfd_process_queue_manager.c | 2 +- drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c | 3 +- drivers/gpu/drm/display/drm_dp_helper.c | 2 +- drivers/gpu/drm/i915/selftests/i915_gem_gtt.c | 4 +- .../drm/msm/disp/dpu1/catalog/dpu_9_2_x1e80100.h | 4 +- drivers/gpu/drm/msm/disp/dpu1/dpu_writeback.c | 3 - drivers/gpu/drm/msm/msm_gem_submit.c | 3 +- drivers/gpu/drm/panthor/panthor_drv.c | 1 + drivers/gpu/drm/renesas/rcar-du/rcar_mipi_dsi.c | 2 +- .../gpu/drm/renesas/rcar-du/rcar_mipi_dsi_regs.h | 1 - drivers/gpu/drm/renesas/rz-du/rzg2l_du_kms.c | 6 +- drivers/gpu/drm/tests/drm_hdmi_state_helper_test.c | 7 + drivers/gpu/drm/tidss/tidss_dispc.c | 26 ++-- drivers/gpu/drm/tidss/tidss_irq.c | 2 + drivers/gpu/drm/v3d/v3d_perfmon.c | 5 + drivers/gpu/drm/xe/regs/xe_oa_regs.h | 9 +- drivers/gpu/drm/xe/xe_drm_client.c | 2 +- drivers/gpu/drm/xe/xe_oa.c | 92 ++++++++++--- drivers/gpu/drm/xe/xe_oa_types.h | 5 +- drivers/gpu/drm/xe/xe_query.c | 4 +- drivers/gpu/drm/xe/xe_trace_bo.h | 12 +- drivers/gpu/drm/xe/xe_ttm_stolen_mgr.c | 70 +++++----- drivers/gpu/drm/xlnx/zynqmp_dp.c | 2 +- drivers/gpu/host1x/dev.c | 2 + drivers/gpu/host1x/intr.c | 2 - drivers/hid/hid-corsair-void.c | 3 +- drivers/hid/hid-multitouch.c | 5 +- drivers/hid/hid-steam.c | 41 ++++-- drivers/hid/hid-thrustmaster.c | 2 +- drivers/hid/hid-winwing.c | 2 + drivers/hv/channel_mgmt.c | 61 ++++++--- drivers/hv/connection.c | 4 +- drivers/hv/hyperv_vmbus.h | 14 +- drivers/hv/vmbus_drv.c | 16 --- drivers/i3c/master/Kconfig | 11 ++ drivers/i3c/master/mipi-i3c-hci/Makefile | 1 + drivers/i3c/master/mipi-i3c-hci/dma.c | 17 +++ drivers/i3c/master/mipi-i3c-hci/mipi-i3c-hci-pci.c | 148 +++++++++++++++++++++ drivers/infiniband/hw/efa/efa_main.c | 9 +- drivers/iommu/amd/amd_iommu_types.h | 1 + drivers/iommu/amd/init.c | 4 + drivers/iommu/intel/prq.c | 4 +- drivers/iommu/io-pgfault.c | 1 + drivers/irqchip/irq-partition-percpu.c | 2 +- drivers/media/dvb-frontends/cxd2841er.c | 8 +- drivers/media/i2c/ds90ub913.c | 25 +++- drivers/media/i2c/ds90ub953.c | 46 +++++-- drivers/media/platform/broadcom/bcm2835-unicam.c | 8 +- drivers/media/test-drivers/vidtv/vidtv_bridge.c | 8 +- drivers/media/usb/uvc/uvc_driver.c | 18 +++ drivers/media/usb/uvc/uvc_video.c | 27 +++- drivers/media/usb/uvc/uvcvideo.h | 1 + drivers/mmc/host/mtk-sd.c | 31 +++-- drivers/mmc/host/sdhci_am654.c | 30 ----- drivers/net/can/c_can/c_can_platform.c | 5 +- drivers/net/can/ctucanfd/ctucanfd_base.c | 10 +- drivers/net/can/rockchip/rockchip_canfd-core.c | 2 +- drivers/net/can/usb/etas_es58x/es58x_devlink.c | 6 +- drivers/net/ethernet/intel/idpf/idpf_lib.c | 5 + drivers/net/ethernet/intel/idpf/idpf_txrx.c | 5 +- drivers/net/ethernet/intel/igc/igc_main.c | 22 +-- .../net/ethernet/mellanox/mlxsw/spectrum_ethtool.c | 4 +- drivers/net/ethernet/ti/am65-cpsw-nuss.c | 50 ++++--- drivers/net/team/team_core.c | 4 +- drivers/net/vxlan/vxlan_core.c | 7 +- drivers/net/wireless/ath/ath12k/wmi.c | 61 ++++++--- drivers/net/wireless/ath/ath12k/wmi.h | 1 - .../wireless/broadcom/brcm80211/brcmfmac/pcie.c | 4 +- drivers/parport/parport_serial.c | 12 +- drivers/pci/controller/pcie-mediatek-gen3.c | 57 +++++--- drivers/pci/endpoint/pci-epc-core.c | 11 +- drivers/pci/quirks.c | 15 ++- drivers/pci/switch/switchtec.c | 26 ++++ drivers/pinctrl/pinconf-generic.c | 8 +- drivers/pinctrl/pinctrl-cy8c95x0.c | 42 +++--- drivers/ptp/ptp_vmclock.c | 8 +- drivers/regulator/core.c | 61 ++++----- drivers/soc/qcom/llcc-qcom.c | 57 +++++++- drivers/soc/qcom/smp2p.c | 2 +- drivers/soc/tegra/fuse/fuse-tegra30.c | 17 ++- drivers/spi/spi-sn-f-ospi.c | 3 + drivers/tty/serial/8250/8250.h | 2 + drivers/tty/serial/8250/8250_dma.c | 16 +++ drivers/tty/serial/8250/8250_pci.c | 76 +++++------ drivers/tty/serial/8250/8250_pci1xxxx.c | 60 ++++++++- drivers/tty/serial/8250/8250_port.c | 9 ++ drivers/tty/serial/serial_port.c | 5 +- drivers/ufs/core/ufs_bsg.c | 1 + drivers/ufs/core/ufshcd.c | 127 +++++++++--------- drivers/usb/class/cdc-acm.c | 28 +++- drivers/usb/core/hub.c | 14 +- drivers/usb/core/quirks.c | 6 + drivers/usb/dwc2/gadget.c | 1 + drivers/usb/dwc3/gadget.c | 34 +++++ drivers/usb/gadget/function/f_midi.c | 17 ++- drivers/usb/gadget/udc/core.c | 2 +- drivers/usb/gadget/udc/renesas_usb3.c | 2 +- drivers/usb/host/pci-quirks.c | 9 ++ drivers/usb/host/xhci-pci.c | 7 +- drivers/usb/roles/class.c | 5 +- drivers/usb/serial/option.c | 49 ++++--- drivers/usb/typec/tcpm/tcpm.c | 3 +- drivers/vfio/pci/nvgrace-gpu/main.c | 95 ++++++++++--- drivers/vfio/pci/vfio_pci_rdwr.c | 1 + drivers/vfio/platform/vfio_platform_common.c | 10 -- drivers/video/fbdev/omap/lcd_dma.c | 4 +- drivers/xen/swiotlb-xen.c | 20 +-- fs/btrfs/extent_io.c | 29 ++-- fs/btrfs/file.c | 4 +- fs/nfs/sysfs.c | 6 +- fs/nfsd/filecache.c | 11 +- fs/nfsd/nfs2acl.c | 2 + fs/nfsd/nfs3acl.c | 2 + fs/nfsd/nfs4callback.c | 7 +- fs/ntfs3/attrib.c | 15 ++- fs/ntfs3/dir.c | 2 +- fs/ntfs3/frecord.c | 71 +++++----- fs/ntfs3/fsntfs.c | 6 +- fs/ntfs3/index.c | 6 +- fs/ntfs3/inode.c | 3 + fs/ntfs3/ntfs_fs.h | 21 +-- fs/ntfs3/record.c | 79 +++++------ fs/orangefs/orangefs-debugfs.c | 4 +- fs/smb/client/cifsglob.h | 1 - fs/smb/client/file.c | 7 +- include/drm/display/drm_dp.h | 1 + include/kunit/platform_device.h | 1 + include/linux/blk-mq.h | 18 ++- include/linux/cgroup-defs.h | 6 +- include/linux/compiler.h | 26 ++-- include/linux/efi.h | 1 + include/linux/netdevice.h | 6 + include/linux/pci_ids.h | 11 ++ include/linux/sched/task.h | 1 + include/net/dst.h | 9 ++ include/net/ip.h | 13 +- include/net/l3mdev.h | 2 + include/net/net_namespace.h | 2 +- include/net/route.h | 9 +- include/uapi/drm/xe_drm.h | 16 +++ include/uapi/linux/thermal.h | 2 +- include/ufs/ufshcd.h | 9 +- io_uring/kbuf.c | 15 ++- io_uring/uring_cmd.c | 32 ++--- io_uring/waitid.c | 4 +- kernel/cgroup/cgroup.c | 20 +-- kernel/cgroup/rstat.c | 1 - kernel/sched/autogroup.c | 4 +- kernel/sched/core.c | 7 +- kernel/sched/ext.c | 71 ++++++---- kernel/sched/ext.h | 4 +- kernel/sched/sched.h | 2 +- kernel/time/clocksource.c | 9 +- kernel/trace/ring_buffer.c | 28 +++- kernel/trace/trace.c | 4 + kernel/workqueue.c | 12 +- net/ax25/af_ax25.c | 11 ++ net/batman-adv/bat_v.c | 2 - net/batman-adv/bat_v_elp.c | 122 ++++++++++++----- net/batman-adv/bat_v_elp.h | 2 - net/batman-adv/translation-table.c | 12 +- net/batman-adv/types.h | 3 - net/can/j1939/socket.c | 4 +- net/can/j1939/transport.c | 5 +- net/core/fib_rules.c | 24 ++-- net/core/flow_dissector.c | 21 +-- net/core/neighbour.c | 8 +- net/core/rtnetlink.c | 1 + net/ipv4/arp.c | 4 +- net/ipv4/devinet.c | 3 +- net/ipv4/icmp.c | 31 +++-- net/ipv4/route.c | 30 +++-- net/ipv6/icmp.c | 42 +++--- net/ipv6/ioam6_iptunnel.c | 73 +++++----- net/ipv6/mcast.c | 45 ++++--- net/ipv6/ndisc.c | 28 ++-- net/ipv6/route.c | 7 +- net/ipv6/rpl_iptunnel.c | 59 ++++---- net/ipv6/seg6_iptunnel.c | 98 ++++++++------ net/openvswitch/datapath.c | 12 +- net/vmw_vsock/af_vsock.c | 12 +- rust/Makefile | 1 + rust/kernel/rbtree.rs | 2 +- samples/hid/Makefile | 13 +- scripts/Makefile.defconf | 13 +- scripts/Makefile.extrawarn | 13 +- scripts/kconfig/Makefile | 4 +- sound/soc/intel/boards/bytcr_rt5640.c | 17 ++- sound/soc/renesas/Kconfig | 2 +- tools/objtool/check.c | 1 + tools/sched_ext/include/scx/common.bpf.h | 12 +- tools/testing/selftests/gpio/gpio-sim.sh | 31 ++++- tools/tracing/rtla/src/timerlat_hist.c | 8 ++ tools/tracing/rtla/src/timerlat_top.c | 8 ++ 256 files changed, 2802 insertions(+), 1341 deletions(-)

4 months, 2 weeks

12
11
0 0

[PATCH 6.12 000/225] 6.12.16-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.12.16 release. There are 225 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 22 Feb 2025 10:44:04 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.12.16-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.12.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.12.16-rc2 Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "vfio/platform: check the bounds of read/write syscalls" Michal Luczaj <mhal(a)rbox.co> vsock: Orphan socket after transport release Michal Luczaj <mhal(a)rbox.co> vsock: Keep the binding until socket destruction Pavel Begunkov <asml.silence(a)gmail.com> io_uring/kbuf: reallocate buf lists on upgrade Avri Altman <avri.altman(a)wdc.com> scsi: ufs: core: Ensure clk_gating.lock is used only after initialization Jakub Kicinski <kuba(a)kernel.org> net: ipv6: fix dst refleaks in rpl, seg6 and ioam6 lwtunnels Dhananjay Ugwekar <dhananjay.ugwekar(a)amd.com> cpufreq/amd-pstate: Remove the goto label in amd_pstate_update_limits Ping-Ke Shih <pkshih(a)realtek.com> wifi: rtw89: pci: disable PCIE wake bit when PCIE deinit Jiri Olsa <jolsa(a)kernel.org> selftests/bpf: Fix uprobe consumer test Jason Xing <kernelxing(a)tencent.com> bpf: handle implicit declaration of function gettid in bpf_iter.c Andrew Cooper <andrew.cooper3(a)citrix.com> x86/static-call: Remove early_boot_irqs_disabled check to fix Xen PVH dom0 Hangbin Liu <liuhangbin(a)gmail.com> selftests: rtnetlink: update netdevsim ipsec output format Hangbin Liu <liuhangbin(a)gmail.com> netdevsim: print human readable IP address Chris Brandt <chris.brandt(a)renesas.com> drm: renesas: rz-du: Increase supported resolutions Thomas Hellström <thomas.hellstrom(a)linux.intel.com> drm/xe/tracing: Fix a potential TP_printk UAF Christian Gmeiner <cgmeiner(a)igalia.com> drm/v3d: Stop active perfmon if it is being destroyed Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dpu1: don't choke on disabling the writeback connector Stephan Gerhold <stephan.gerhold(a)linaro.org> drm/msm/dpu: fix x1e80100 intf_6 underrun/vsync interrupt Tomi Valkeinen <tomi.valkeinen+renesas(a)ideasonboard.com> drm/rcar-du: dsi: Fix PHY lock bit check Dan Carpenter <dan.carpenter(a)linaro.org> drm/msm/gem: prevent integer overflow in msm_ioctl_gem_submit() Devarsh Thakkar <devarsht(a)ti.com> drm/tidss: Clear the interrupt status for interrupts being disabled Devarsh Thakkar <devarsht(a)ti.com> drm/tidss: Fix race condition while handling interrupt registers Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> drm/tidss: Fix issue in irq handling causing irq-flood issue Eric Dumazet <edumazet(a)google.com> ipv6: mcast: add RCU protection to mld_newpack() Filipe Manana <fdmanana(a)suse.com> btrfs: fix stale page cache after race between readahead and direct IO write David Sterba <dsterba(a)suse.com> btrfs: rename __get_extent_map() and pass btrfs_inode Eric Dumazet <edumazet(a)google.com> ipv6: mcast: extend RCU protection in igmp6_send() Eric Dumazet <edumazet(a)google.com> ndisc: extend RCU protection in ndisc_send_skb() Eric Dumazet <edumazet(a)google.com> openvswitch: use RCU protection in ovs_vport_cmd_fill_info() Eric Dumazet <edumazet(a)google.com> arp: use RCU protection in arp_xmit() Eric Dumazet <edumazet(a)google.com> neighbour: use RCU protection in __neigh_notify() Eric Dumazet <edumazet(a)google.com> ndisc: use RCU protection in ndisc_alloc_skb() Vicki Pfau <vi(a)endrift.com> HID: hid-steam: Move hidraw input (un)registering to work Vicki Pfau <vi(a)endrift.com> HID: hid-steam: Make sure rumble work is canceled on removal Eric Dumazet <edumazet(a)google.com> ipv6: icmp: convert to dev_net_rcu() Eric Dumazet <edumazet(a)google.com> ipv6: use RCU protection in ip6_default_advmss() Eric Dumazet <edumazet(a)google.com> flow_dissector: use RCU protection to fetch dev_net() Eric Dumazet <edumazet(a)google.com> ipv4: icmp: convert to dev_net_rcu() Eric Dumazet <edumazet(a)google.com> ipv4: use RCU protection in __ip_rt_update_pmtu() Vladimir Vdovin <deliran(a)verdict.gg> net: ipv4: Cache pmtu for all packet paths if multipath enabled Eric Dumazet <edumazet(a)google.com> ipv4: use RCU protection in inet_select_addr() Eric Dumazet <edumazet(a)google.com> ipv4: use RCU protection in rt_is_expired() Eric Dumazet <edumazet(a)google.com> ipv4: use RCU protection in ipv4_default_advmss() Eric Dumazet <edumazet(a)google.com> net: add dev_net_rcu() helper Eric Dumazet <edumazet(a)google.com> ipv4: use RCU protection in ip_dst_mtu_maybe_forward() Eric Dumazet <edumazet(a)google.com> ipv4: add RCU protection to ip4_dst_hoplimit() Dhananjay Ugwekar <dhananjay.ugwekar(a)amd.com> cpufreq/amd-pstate: Fix cpufreq_policy ref counting Mario Limonciello <mario.limonciello(a)amd.com> cpufreq/amd-pstate: convert mutex use to guard() Dhananjay Ugwekar <Dhananjay.Ugwekar(a)amd.com> cpufreq/amd-pstate: Merge amd_pstate_epp_cpu_offline() and amd_pstate_epp_offline() Dhananjay Ugwekar <Dhananjay.Ugwekar(a)amd.com> cpufreq/amd-pstate: Remove the cppc_state check in offline/online functions Dhananjay Ugwekar <Dhananjay.Ugwekar(a)amd.com> cpufreq/amd-pstate: Refactor amd_pstate_epp_reenable() and amd_pstate_epp_offline() Dhananjay Ugwekar <Dhananjay.Ugwekar(a)amd.com> cpufreq/amd-pstate: Align offline flow of shared memory and MSR based systems Dhananjay Ugwekar <Dhananjay.Ugwekar(a)amd.com> cpufreq/amd-pstate: Call cppc_set_epp_perf in the reenable function Justin M. Forbes <jforbes(a)fedoraproject.org> rust: kbuild: add -fzero-init-padding-bits to bindgen_skip_cflags Avri Altman <avri.altman(a)wdc.com> scsi: ufs: Fix toggling of clk_gating.state when clock gating is not allowed Avri Altman <avri.altman(a)wdc.com> scsi: ufs: core: Introduce a new clock_gating lock Avri Altman <avri.altman(a)wdc.com> scsi: ufs: core: Prepare to introduce a new clock_gating lock Avri Altman <avri.altman(a)wdc.com> scsi: ufs: core: Introduce ufshcd_has_pending_tasks() Waiman Long <longman(a)redhat.com> clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context Waiman Long <longman(a)redhat.com> clocksource: Use pr_info() for "Checking clocksource synchronization" message Jakub Kicinski <kuba(a)kernel.org> net: ipv6: fix dst ref loops in rpl, seg6 and ioam6 lwtunnels Justin Iurman <justin.iurman(a)uliege.be> net: ipv6: rpl_iptunnel: mitigate 2-realloc issue Justin Iurman <justin.iurman(a)uliege.be> net: ipv6: seg6_iptunnel: mitigate 2-realloc issue Justin Iurman <justin.iurman(a)uliege.be> net: ipv6: ioam6_iptunnel: mitigate 2-realloc issue Justin Iurman <justin.iurman(a)uliege.be> include: net: add static inline dst_dev_overhead() to dst.h Filipe Manana <fdmanana(a)suse.com> btrfs: fix hole expansion when writing at an offset beyond EOF Wentao Liang <vulab(a)iscas.ac.cn> mlxsw: Add return value check for mlxsw_sp_port_get_stats_raw() Shyam Prasad N <sprasad(a)microsoft.com> cifs: pick channels for individual subrequests Song Yoong Siang <yoong.siang.song(a)intel.com> igc: Set buffer type for empty frames in igc_init_empty_frame Andy-ld Lu <andy-ld.lu(a)mediatek.com> mmc: mtk-sd: Fix register settings for hs400(es) mode Nathan Chancellor <nathan(a)kernel.org> arm64: Handle .ARM.attributes section in linker scripts Jiasheng Jiang <jiashengjiangcool(a)gmail.com> regmap-irq: Add missing kfree() Lu Baolu <baolu.lu(a)linux.intel.com> iommu: Fix potential memory leak in iopf_queue_remove_device() Varadarajan Narayanan <quic_varada(a)quicinc.com> regulator: qcom_smd: Add l2, l5 sub-node to mp5496 regulator Tejun Heo <tj(a)kernel.org> sched_ext: Fix incorrect autogroup migration detection Jann Horn <jannh(a)google.com> partitions: mac: fix handling of bogus partition table Wentao Liang <vulab(a)iscas.ac.cn> gpio: stmpe: Check return value of stmpe_reg_read in stmpe_gpio_irq_sync_unlock Mario Limonciello <mario.limonciello(a)amd.com> gpiolib: acpi: Add a quirk for Acer Nitro ANV14 Niklas Schnelle <schnelle(a)linux.ibm.com> s390/pci: Fix handling of isolated VFs Niklas Schnelle <schnelle(a)linux.ibm.com> s390/pci: Pull search for parent PF out of zpci_iov_setup_virtfn() Ivan Kokshaysky <ink(a)unseen.parts> alpha: align stack for page fault and user unaligned trap handlers Ivan Kokshaysky <ink(a)unseen.parts> alpha: replace hardcoded stack offsets with autogenerated ones John Keeping <jkeeping(a)inmusicbrands.com> serial: 8250: Fix fifo underflow on flush Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> serial: port: Always update ->iotype in __uart_read_properties() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> serial: port: Assign ->iotype correctly when ->iobase is set Shakeel Butt <shakeel.butt(a)linux.dev> cgroup: fix race between fork and cgroup.kill Miguel Ojeda <ojeda(a)kernel.org> rust: rbtree: fix overindented list item Miguel Ojeda <ojeda(a)kernel.org> objtool/rust: add one more `noreturn` Rust function Miguel Ojeda <ojeda(a)kernel.org> arm64: rust: clean Rust 1.85.0 warning using softfloat target Ard Biesheuvel <ardb(a)kernel.org> efi: Avoid cold plugged memory for placing the kernel Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> kbuild: userprogs: fix bitsize and target detection on clang Bjorn Helgaas <bhelgaas(a)google.com> PCI: Avoid FLR for Mediatek MT7922 WiFi Aditya Kumar Singh <aditya.kumar.singh(a)oss.qualcomm.com> wifi: ath12k: fix handling of 6 GHz rules Ivan Kokshaysky <ink(a)unseen.parts> alpha: make stack 16-byte aligned (most cases) Vincent Mailhol <mailhol.vincent(a)wanadoo.fr> can: etas_es58x: fix potential NULL pointer dereference on udev->serial Robin van der Gracht <robin(a)protonic.nl> can: rockchip: rkcanfd_handle_rx_fifo_overflow_int(): bail out if skb cannot be allocated Alexander Hölzl <alexander.hoelzl(a)gmx.net> can: j1939: j1939_sk_send_loop(): fix unable to send messages with data length zero Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> can: c_can: fix unbalanced runtime PM disable in error path Fedor Pchelkin <pchelkin(a)ispras.ru> can: ctucanfd: handle skb allocation failure Johan Hovold <johan(a)kernel.org> USB: serial: option: drop MeiG Smart defines Fabio Porcedda <fabio.porcedda(a)gmail.com> USB: serial: option: fix Telit Cinterion FN990A name Fabio Porcedda <fabio.porcedda(a)gmail.com> USB: serial: option: add Telit Cinterion FN990B compositions Chester A. Unal <chester.a.unal(a)arinc9.com> USB: serial: option: add MeiG Smart SLM828 Roy Luo <royluo(a)google.com> usb: gadget: core: flush gadget workqueue after device removal Jann Horn <jannh(a)google.com> usb: cdc-acm: Fix handling of oversized fragments Jann Horn <jannh(a)google.com> usb: cdc-acm: Check control transfer buffer size before access Marek Vasut <marek.vasut+renesas(a)mailbox.org> USB: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk Alan Stern <stern(a)rowland.harvard.edu> USB: hub: Ignore non-compliant devices with too many configs or interfaces John Keeping <jkeeping(a)inmusicbrands.com> usb: gadget: f_midi: fix MIDI Streaming descriptor lengths Mathias Nyman <mathias.nyman(a)linux.intel.com> USB: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone Lei Huang <huanglei(a)kylinos.cn> USB: quirks: add USB_QUIRK_NO_LPM quirk for Teclast dist Stefan Eichenberger <stefan.eichenberger(a)toradex.com> usb: core: fix pipe creation for get_bMaxPacketSize0 Huacai Chen <chenhuacai(a)kernel.org> USB: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI Michal Pecio <michal.pecio(a)gmail.com> usb: xhci: Restore xhci_pci support for Renesas HCs Fabrice Gasnier <fabrice.gasnier(a)foss.st.com> usb: dwc2: gadget: remove of_node reference upon udc_stop Guo Ren <guoren(a)kernel.org> usb: gadget: udc: renesas_usb3: Fix compiler warning Elson Roy Serrao <quic_eserrao(a)quicinc.com> usb: roles: set switch registered flag early on Selvarasu Ganesan <selvarasu.g(a)samsung.com> usb: dwc3: Fix timeout issue during controller enter/exit from halt state Selvarasu Ganesan <selvarasu.g(a)samsung.com> usb: gadget: f_midi: Fixing wMaxPacketSize exceeded issue during MIDI bind retries Steven Rostedt <rostedt(a)goodmis.org> ring-buffer: Update pages_touched to reflect persistent buffer content Steven Rostedt <rostedt(a)goodmis.org> ring-buffer: Validate the persistent meta data subbuf array Steven Rostedt <rostedt(a)goodmis.org> tracing: Do not allow mmap() of persistent ring buffer Steven Rostedt <rostedt(a)goodmis.org> ring-buffer: Unlock resize on mmap error Sean Christopherson <seanjc(a)google.com> perf/x86/intel: Ensure LBRs are disabled when a CPU is starting Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel: Fix ARCH_PERFMON_NUM_COUNTER_LEAF Sean Christopherson <seanjc(a)google.com> KVM: nSVM: Enter guest mode before initializing nested NPT MMU Sean Christopherson <seanjc(a)google.com> KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop Sean Christopherson <seanjc(a)google.com> KVM: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC isn't in-kernel Jiang Liu <gerry(a)linux.alibaba.com> drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() Sven Eckelmann <sven(a)narfation.org> batman-adv: Drop unmanaged ELP metric worker Sven Eckelmann <sven(a)narfation.org> batman-adv: Ignore neighbor throughput metrics in error case Andy Strohman <andrew(a)andrewstrohman.com> batman-adv: fix panic during interface removal Kees Cook <kees(a)kernel.org> kbuild: Use -fzero-init-padding-bits=all Hans de Goede <hdegoede(a)redhat.com> ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet 5V Masahiro Yamada <masahiroy(a)kernel.org> kbuild: suppress stdout from merge_config for silent builds Mike Marshall <hubcap(a)omnibond.com> orangefs: fix a oob in orangefs_debug_write Rik van Riel <riel(a)fb.com> x86/mm/tlb: Only trim the mm_cpumask once a second Hans de Goede <hdegoede(a)redhat.com> ACPI: x86: Add skip i2c clients quirk for Vexia EDU ATLA 10 tablet 5V Koichiro Den <koichiro.den(a)canonical.com> selftests: gpio: gpio-sim: Fix missing chip disablements Maksym Planeta <maksym(a)exostellar.io> Grab mm lock before grabbing pt lock Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Unify inode corruption marking with _ntfs_bad_inode() Ankit Agrawal <ankita(a)nvidia.com> vfio/nvgrace-gpu: Expose the blackwell device PF BAR1 to the VM Ankit Agrawal <ankita(a)nvidia.com> vfio/nvgrace-gpu: Read dvsec register to determine need for uncached resmem Zichen Xie <zichenxie0106(a)gmail.com> NFS: Fix potential buffer overflowin nfs_sysfs_link_rpc_client() Ramesh Thomas <ramesh.thomas(a)intel.com> vfio/pci: Enable iowrite64 and ioread64 for vfio pci Brian Norris <briannorris(a)chromium.org> kunit: platform: Resolve 'struct completion' warning Rengarajan S <rengarajan.s(a)microchip.com> 8250: microchip: pci1xxxx: Add workaround for RTS bit toggle Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> serial: 8250_pci: Share WCH IDs with parport_serial driver Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> serial: 8250_pci: Resolve WCH vendor ID ambiguity Tomas Glozar <tglozar(a)redhat.com> rtla/timerlat_top: Abort event processing on second signal Tomas Glozar <tglozar(a)redhat.com> rtla/timerlat_hist: Abort event processing on second signal Guixin Liu <kanie(a)linux.alibaba.com> scsi: ufs: bsg: Set bsg_queue to NULL after removal Rakesh Babu Saladi <Saladi.Rakeshbabu(a)microchip.com> PCI: switchtec: Add Microchip PCI100X device IDs Takashi Iwai <tiwai(a)suse.de> PCI/DPC: Quirk PIO log size for Intel Raptor Lake-P Edward Adam Davis <eadavis(a)qq.com> media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread Isaac Scott <isaac.scott(a)ideasonboard.com> media: uvcvideo: Add Kurokesu C1 PRO camera Isaac Scott <isaac.scott(a)ideasonboard.com> media: uvcvideo: Add new quirk definition for the Sonix Technology Co. 292a camera Isaac Scott <isaac.scott(a)ideasonboard.com> media: uvcvideo: Implement dual stream quirk to fix loss of usb packets Naushir Patuck <naush(a)raspberrypi.com> media: bcm2835-unicam: Disable trigger mode operation Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> media: i2c: ds90ub953: Add error handling for i2c reads/writes Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> media: i2c: ds90ub913: Add error handling to ub913_hw_init() Arnd Bergmann <arnd(a)arndb.de> media: cxd2841er: fix 64-bit division on gcc-9 Jarkko Nikula <jarkko.nikula(a)linux.intel.com> i3c: mipi-i3c-hci: Add support for MIPI I3C HCI on PCI bus Jarkko Nikula <jarkko.nikula(a)linux.intel.com> i3c: mipi-i3c-hci: Add Intel specific quirk to ring resuming Kartik Rajput <kkartik(a)nvidia.com> soc/tegra: fuse: Update Tegra234 nvmem keepout list Aaro Koskinen <aaro.koskinen(a)iki.fi> fbdev: omap: use threaded IRQ for LCD DMA Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> firmware: qcom: scm: smc: Handle missing SCM device Michael Margolin <mrgolin(a)amazon.com> RDMA/efa: Reset device on probe failure Masahiro Yamada <masahiroy(a)kernel.org> tools: fix annoying "mkdir -p ..." logs when building tools in parallel Vasant Hegde <vasant.hegde(a)amd.com> iommu/amd: Expicitly enable CNTRL.EPHEn bit in resume path Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpiolib: Fix crash on error in gpiochip_get_ngpios() Chuyi Zhou <zhouchuyi(a)bytedance.com> sched_ext: Use SCX_CALL_OP_TASK in task_tick_scx Chuyi Zhou <zhouchuyi(a)bytedance.com> sched_ext: Fix the incorrect bpf_list kfunc API in common.bpf.h. Jens Axboe <axboe(a)kernel.dk> block: cleanup and fix batch completion adding conditions Juergen Gross <jgross(a)suse.com> x86/xen: allow larger contiguous memory regions in PV guests Juergen Gross <jgross(a)suse.com> xen/swiotlb: relax alignment requirements Imre Deak <imre.deak(a)intel.com> drm: Fix DSC BPP increment decoding Jiang Liu <gerry(a)linux.alibaba.com> drm/amdgpu: bail out when failed to load fw in psp_init_cap_microcode() Zhu Lingshan <lingshan.zhu(a)amd.com> amdkfd: properly free gang_ctx_bo when failed to init user queue Jens Axboe <axboe(a)kernel.dk> io_uring/uring_cmd: remove dead req_has_async_data() check Pavel Begunkov <asml.silence(a)gmail.com> io_uring/waitid: don't abuse io_tw_state Artur Weber <aweber.kernel(a)gmail.com> gpio: bcm-kona: Add missing newline to dev_err format string Artur Weber <aweber.kernel(a)gmail.com> gpio: bcm-kona: Make sure GPIO bits are unlocked when requesting IRQ Artur Weber <aweber.kernel(a)gmail.com> gpio: bcm-kona: Fix GPIO lock/unlock for banks above bank 0 Krzysztof Karas <krzysztof.karas(a)intel.com> drm/i915/selftests: avoid using uninitialized context Tejas Upadhyay <tejas.upadhyay(a)intel.com> drm/xe/client: bo->client does not need bos_lock Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel: Clean up PEBS-via-PT on hybrid Muhammad Adeel <Muhammad.Adeel(a)ibm.com> cgroup: Remove steal time from usage_usec Rupinderjit Singh <rusingh(a)redhat.com> gpu: host1x: Fix a use of uninitialized mutex Radu Rendec <rrendec(a)redhat.com> arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array Maxime Ripard <mripard(a)kernel.org> drm/tests: hdmi: Fix WW_MUTEX_SLOWPATH failures Andrea Righi <arighi(a)nvidia.com> sched_ext: Fix lock imbalance in dispatch_to_local_dsq() Lai Jiangshan <jiangshan.ljs(a)antgroup.com> workqueue: Put the pwq after detaching the rescuer from the pool Eric Dumazet <edumazet(a)google.com> team: better TEAM_OPTION_TYPE_STRING validation Kiran K <kiran.k(a)intel.com> Bluetooth: btintel_pcie: Fix a potential race condition Roger Quadros <rogerq(a)kernel.org> net: ethernet: ti: am65_cpsw: fix tx_cleanup for XDP case Roger Quadros <rogerq(a)kernel.org> net: ethernet: ti: am65-cpsw: fix memleak in certain XDP cases Bibo Mao <maobibo(a)loongson.cn> LoongArch: KVM: Fix typo issue about GCFG feature detection Yuli Wang <wangyuli(a)uniontech.com> LoongArch: csum: Fix OoB access in IP checksum code for negative lengths Marco Crivellari <marco.crivellari(a)suse.com> LoongArch: Fix idle VS timer enqueue Eric Dumazet <edumazet(a)google.com> vxlan: check vxlan_vnigroup_init() return value Zdenek Bouska <zdenek.bouska(a)siemens.com> igc: Fix HW RX timestamp when passed by ZC XDP Joshua Hay <joshua.a.hay(a)intel.com> idpf: call set_real_num_queues in idpf_open Sridhar Samudrala <sridhar.samudrala(a)intel.com> idpf: record rx queue in skb for RSC packets Sridhar Samudrala <sridhar.samudrala(a)intel.com> idpf: fix handling rsc packet with a single segment Eric Dumazet <edumazet(a)google.com> vrf: use RCU protection in l3mdev_l3_out() Eric Dumazet <edumazet(a)google.com> ndisc: ndisc_send_redirect() must use dev_get_by_index_rcu() Reyders Morales <reyders1(a)gmail.com> Documentation/networking: fix basic node example document ISO 15765-2 Eric Dumazet <edumazet(a)google.com> net: fib_rules: annotate data-races around rule->[io]ifindex Murad Masimov <m.masimov(a)mt-integration.ru> ax25: Fix refcount leak caused by setting SO_BINDTODEVICE sockopt Kunihiko Hayashi <hayashi.kunihiko(a)socionext.com> spi: sn-f-ospi: Fix division by zero Vicki Pfau <vi(a)endrift.com> HID: hid-steam: Don't use cancel_delayed_work_sync in IRQ context Tulio Fernandes <tuliomf09(a)gmail.com> HID: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints() Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> pinctrl: pinconf-generic: Print unsigned value if a format is registered Nathan Chancellor <nathan(a)kernel.org> scripts/Makefile.extrawarn: Do not show clang's non-kprintf warnings at W=1 Charles Han <hanchunchao(a)inspur.com> HID: multitouch: Add NULL check in mt_input_configured Charles Han <hanchunchao(a)inspur.com> HID: winwing: Add NULL check in winwing_init_led() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> pinctrl: cy8c95x0: Respect IRQ trigger settings from firmware Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> pinctrl: cy8c95x0: Rename PWMSEL to SELPWM Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> pinctrl: cy8c95x0: Enable regmap locking for debug Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> pinctrl: cy8c95x0: Avoid accessing reserved registers Patrick Bellasi <derkling(a)google.com> x86/cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit Jeff Layton <jlayton(a)kernel.org> nfsd: validate the nfsd_serv pointer before calling svc_wake_up Dai Ngo <dai.ngo(a)oracle.com> NFSD: fix hang in nfsd4_shutdown_callback Li Lingfeng <lilingfeng3(a)huawei.com> nfsd: clear acl_access/acl_default after releasing them ------------- Diffstat: .../bindings/regulator/qcom,smd-rpm-regulator.yaml | 2 +- Documentation/networking/iso15765-2.rst | 4 +- Makefile | 17 +-- arch/alpha/include/uapi/asm/ptrace.h | 2 + arch/alpha/kernel/asm-offsets.c | 4 + arch/alpha/kernel/entry.S | 24 ++-- arch/alpha/kernel/traps.c | 2 +- arch/alpha/mm/fault.c | 4 +- arch/arm64/Makefile | 4 + arch/arm64/kernel/cacheinfo.c | 12 +- arch/arm64/kernel/vdso/vdso.lds.S | 1 + arch/arm64/kernel/vmlinux.lds.S | 1 + arch/loongarch/kernel/genex.S | 28 ++-- arch/loongarch/kernel/idle.c | 3 +- arch/loongarch/kernel/reset.c | 6 +- arch/loongarch/kvm/main.c | 4 +- arch/loongarch/lib/csum.c | 2 +- arch/s390/pci/pci_bus.c | 20 +++ arch/s390/pci/pci_iov.c | 56 ++++++-- arch/s390/pci/pci_iov.h | 7 + arch/x86/Kconfig | 3 +- arch/x86/events/intel/core.c | 33 ++--- arch/x86/events/intel/ds.c | 10 +- arch/x86/include/asm/kvm-x86-ops.h | 1 + arch/x86/include/asm/kvm_host.h | 1 + arch/x86/include/asm/mmu.h | 2 + arch/x86/include/asm/mmu_context.h | 1 + arch/x86/include/asm/msr-index.h | 3 +- arch/x86/include/asm/perf_event.h | 28 +++- arch/x86/include/asm/tlbflush.h | 1 + arch/x86/kernel/cpu/bugs.c | 21 ++- arch/x86/kernel/static_call.c | 1 - arch/x86/kvm/hyperv.c | 6 +- arch/x86/kvm/mmu/mmu.c | 2 +- arch/x86/kvm/svm/nested.c | 10 +- arch/x86/kvm/svm/svm.c | 13 +- arch/x86/kvm/vmx/main.c | 1 + arch/x86/kvm/vmx/vmx.c | 10 +- arch/x86/kvm/vmx/x86_ops.h | 1 + arch/x86/kvm/x86.c | 3 + arch/x86/mm/tlb.c | 35 ++++- arch/x86/xen/mmu_pv.c | 75 +++++++++-- block/partitions/mac.c | 18 ++- drivers/acpi/x86/utils.c | 13 ++ drivers/base/regmap/regmap-irq.c | 2 + drivers/bluetooth/btintel_pcie.c | 5 +- drivers/cpufreq/amd-pstate.c | 104 +++++---------- drivers/firmware/efi/efi.c | 6 +- drivers/firmware/efi/libstub/randomalloc.c | 3 + drivers/firmware/efi/libstub/relocate.c | 3 + drivers/firmware/qcom/qcom_scm-smc.c | 3 + drivers/gpio/gpio-bcm-kona.c | 71 ++++++++-- drivers/gpio/gpio-stmpe.c | 15 ++- drivers/gpio/gpiolib-acpi.c | 14 ++ drivers/gpio/gpiolib.c | 6 +- drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c | 5 +- .../gpu/drm/amd/amdkfd/kfd_process_queue_manager.c | 2 +- drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c | 3 +- drivers/gpu/drm/display/drm_dp_helper.c | 2 +- drivers/gpu/drm/i915/selftests/i915_gem_gtt.c | 4 +- .../drm/msm/disp/dpu1/catalog/dpu_9_2_x1e80100.h | 4 +- drivers/gpu/drm/msm/disp/dpu1/dpu_writeback.c | 3 - drivers/gpu/drm/msm/msm_gem_submit.c | 3 +- drivers/gpu/drm/renesas/rcar-du/rcar_mipi_dsi.c | 2 +- .../gpu/drm/renesas/rcar-du/rcar_mipi_dsi_regs.h | 1 - drivers/gpu/drm/renesas/rz-du/rzg2l_du_kms.c | 6 +- drivers/gpu/drm/tests/drm_hdmi_state_helper_test.c | 7 + drivers/gpu/drm/tidss/tidss_dispc.c | 26 ++-- drivers/gpu/drm/tidss/tidss_irq.c | 2 + drivers/gpu/drm/v3d/v3d_perfmon.c | 5 + drivers/gpu/drm/xe/xe_drm_client.c | 2 +- drivers/gpu/drm/xe/xe_trace_bo.h | 12 +- drivers/gpu/host1x/dev.c | 2 + drivers/gpu/host1x/intr.c | 2 - drivers/hid/hid-multitouch.c | 5 +- drivers/hid/hid-steam.c | 41 ++++-- drivers/hid/hid-thrustmaster.c | 2 +- drivers/hid/hid-winwing.c | 2 + drivers/i3c/master/Kconfig | 11 ++ drivers/i3c/master/mipi-i3c-hci/Makefile | 1 + drivers/i3c/master/mipi-i3c-hci/dma.c | 17 +++ drivers/i3c/master/mipi-i3c-hci/mipi-i3c-hci-pci.c | 148 +++++++++++++++++++++ drivers/infiniband/hw/efa/efa_main.c | 9 +- drivers/iommu/amd/amd_iommu_types.h | 1 + drivers/iommu/amd/init.c | 4 + drivers/iommu/io-pgfault.c | 1 + drivers/media/dvb-frontends/cxd2841er.c | 8 +- drivers/media/i2c/ds90ub913.c | 25 +++- drivers/media/i2c/ds90ub953.c | 46 +++++-- drivers/media/platform/broadcom/bcm2835-unicam.c | 8 +- drivers/media/test-drivers/vidtv/vidtv_bridge.c | 8 +- drivers/media/usb/uvc/uvc_driver.c | 18 +++ drivers/media/usb/uvc/uvc_video.c | 27 +++- drivers/media/usb/uvc/uvcvideo.h | 1 + drivers/mmc/host/mtk-sd.c | 31 +++-- drivers/net/can/c_can/c_can_platform.c | 5 +- drivers/net/can/ctucanfd/ctucanfd_base.c | 10 +- drivers/net/can/rockchip/rockchip_canfd-core.c | 2 +- drivers/net/can/usb/etas_es58x/es58x_devlink.c | 6 +- drivers/net/ethernet/intel/idpf/idpf_lib.c | 5 + drivers/net/ethernet/intel/idpf/idpf_txrx.c | 5 +- drivers/net/ethernet/intel/igc/igc_main.c | 22 +-- .../net/ethernet/mellanox/mlxsw/spectrum_ethtool.c | 4 +- drivers/net/ethernet/ti/am65-cpsw-nuss.c | 40 +++--- drivers/net/netdevsim/ipsec.c | 12 +- drivers/net/team/team_core.c | 4 +- drivers/net/vxlan/vxlan_core.c | 7 +- drivers/net/wireless/ath/ath12k/wmi.c | 61 ++++++--- drivers/net/wireless/ath/ath12k/wmi.h | 1 - drivers/net/wireless/realtek/rtw89/pci.c | 17 ++- drivers/net/wireless/realtek/rtw89/pci.h | 11 ++ drivers/net/wireless/realtek/rtw89/pci_be.c | 2 + drivers/parport/parport_serial.c | 12 +- drivers/pci/quirks.c | 15 ++- drivers/pci/switch/switchtec.c | 26 ++++ drivers/pinctrl/pinconf-generic.c | 8 +- drivers/pinctrl/pinctrl-cy8c95x0.c | 36 +++-- drivers/soc/tegra/fuse/fuse-tegra30.c | 17 ++- drivers/spi/spi-sn-f-ospi.c | 3 + drivers/tty/serial/8250/8250.h | 2 + drivers/tty/serial/8250/8250_dma.c | 16 +++ drivers/tty/serial/8250/8250_pci.c | 76 +++++------ drivers/tty/serial/8250/8250_pci1xxxx.c | 60 ++++++++- drivers/tty/serial/8250/8250_port.c | 9 ++ drivers/tty/serial/serial_port.c | 5 +- drivers/ufs/core/ufs_bsg.c | 1 + drivers/ufs/core/ufshcd.c | 127 +++++++++--------- drivers/usb/class/cdc-acm.c | 28 +++- drivers/usb/core/hub.c | 14 +- drivers/usb/core/quirks.c | 6 + drivers/usb/dwc2/gadget.c | 1 + drivers/usb/dwc3/gadget.c | 34 +++++ drivers/usb/gadget/function/f_midi.c | 17 ++- drivers/usb/gadget/udc/core.c | 2 +- drivers/usb/gadget/udc/renesas_usb3.c | 2 +- drivers/usb/host/pci-quirks.c | 9 ++ drivers/usb/host/xhci-pci.c | 7 +- drivers/usb/roles/class.c | 5 +- drivers/usb/serial/option.c | 49 ++++--- drivers/vfio/pci/nvgrace-gpu/main.c | 95 ++++++++++--- drivers/vfio/pci/vfio_pci_rdwr.c | 1 + drivers/vfio/platform/vfio_platform_common.c | 10 -- drivers/video/fbdev/omap/lcd_dma.c | 4 +- drivers/xen/swiotlb-xen.c | 20 +-- fs/btrfs/extent_io.c | 29 ++-- fs/btrfs/file.c | 4 +- fs/nfs/sysfs.c | 6 +- fs/nfsd/filecache.c | 11 +- fs/nfsd/nfs2acl.c | 2 + fs/nfsd/nfs3acl.c | 2 + fs/nfsd/nfs4callback.c | 7 +- fs/ntfs3/attrib.c | 4 +- fs/ntfs3/dir.c | 2 +- fs/ntfs3/frecord.c | 12 +- fs/ntfs3/fsntfs.c | 6 +- fs/ntfs3/index.c | 6 +- fs/ntfs3/inode.c | 3 + fs/orangefs/orangefs-debugfs.c | 4 +- fs/smb/client/cifsglob.h | 1 - fs/smb/client/file.c | 7 +- include/drm/display/drm_dp.h | 1 + include/kunit/platform_device.h | 1 + include/linux/blk-mq.h | 18 ++- include/linux/cgroup-defs.h | 6 +- include/linux/efi.h | 1 + include/linux/netdevice.h | 6 + include/linux/pci_ids.h | 11 ++ include/linux/sched/task.h | 1 + include/net/dst.h | 9 ++ include/net/ip.h | 13 +- include/net/l3mdev.h | 2 + include/net/net_namespace.h | 2 +- include/net/route.h | 9 +- include/ufs/ufshcd.h | 9 +- io_uring/kbuf.c | 15 ++- io_uring/uring_cmd.c | 3 - io_uring/waitid.c | 4 +- kernel/cgroup/cgroup.c | 20 +-- kernel/cgroup/rstat.c | 1 - kernel/sched/autogroup.c | 4 +- kernel/sched/core.c | 7 +- kernel/sched/ext.c | 35 ++--- kernel/sched/ext.h | 4 +- kernel/sched/sched.h | 2 +- kernel/time/clocksource.c | 9 +- kernel/trace/ring_buffer.c | 28 +++- kernel/trace/trace.c | 4 + kernel/workqueue.c | 12 +- net/ax25/af_ax25.c | 11 ++ net/batman-adv/bat_v.c | 2 - net/batman-adv/bat_v_elp.c | 122 ++++++++++++----- net/batman-adv/bat_v_elp.h | 2 - net/batman-adv/types.h | 3 - net/can/j1939/socket.c | 4 +- net/can/j1939/transport.c | 5 +- net/core/fib_rules.c | 24 ++-- net/core/flow_dissector.c | 21 +-- net/core/neighbour.c | 8 +- net/ipv4/arp.c | 4 +- net/ipv4/devinet.c | 3 +- net/ipv4/icmp.c | 31 +++-- net/ipv4/route.c | 39 +++++- net/ipv6/icmp.c | 42 +++--- net/ipv6/ioam6_iptunnel.c | 73 +++++----- net/ipv6/mcast.c | 45 ++++--- net/ipv6/ndisc.c | 28 ++-- net/ipv6/route.c | 7 +- net/ipv6/rpl_iptunnel.c | 59 ++++---- net/ipv6/seg6_iptunnel.c | 98 ++++++++------ net/openvswitch/datapath.c | 12 +- net/vmw_vsock/af_vsock.c | 12 +- rust/Makefile | 1 + rust/kernel/rbtree.rs | 2 +- scripts/Makefile.defconf | 13 +- scripts/Makefile.extrawarn | 13 +- scripts/kconfig/Makefile | 4 +- sound/soc/intel/boards/bytcr_rt5640.c | 17 ++- tools/objtool/check.c | 1 + tools/sched_ext/include/scx/common.bpf.h | 12 +- tools/testing/selftests/bpf/prog_tests/bpf_iter.c | 6 +- .../selftests/bpf/prog_tests/uprobe_multi_test.c | 9 +- tools/testing/selftests/gpio/gpio-sim.sh | 31 ++++- tools/testing/selftests/net/pmtu.sh | 112 +++++++++++++--- tools/testing/selftests/net/rtnetlink.sh | 4 +- tools/tracing/rtla/src/timerlat_hist.c | 8 ++ tools/tracing/rtla/src/timerlat_top.c | 8 ++ 226 files changed, 2389 insertions(+), 1015 deletions(-)

4 months, 2 weeks

10
9
0 0

[PATCH] agp: Fix a potential memory leak bug in agp_amdk7_probe()

by Haoxiang Li

Variable "bridge" is allocated by agp_alloc_bridge() and have to be released by agp_put_bridge() if something goes wrong. In this patch, add the missing call of agp_put_bridge() in agp_amdk7_probe() to prevent potential memory leak bug. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable(a)vger.kernel.org Signed-off-by: Haoxiang Li <haoxiang_li2024(a)163.com> --- drivers/char/agp/amd-k7-agp.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/char/agp/amd-k7-agp.c b/drivers/char/agp/amd-k7-agp.c index 795c8c9ff680..40e1fc462dca 100644 --- a/drivers/char/agp/amd-k7-agp.c +++ b/drivers/char/agp/amd-k7-agp.c @@ -441,6 +441,7 @@ static int agp_amdk7_probe(struct pci_dev *pdev, gfxcard = pci_get_class(PCI_CLASS_DISPLAY_VGA<<8, gfxcard); if (!gfxcard) { dev_info(&pdev->dev, "no AGP VGA controller\n"); + agp_put_bridge(bridge); return -ENODEV; } cap_ptr = pci_find_capability(gfxcard, PCI_CAP_ID_AGP); -- 2.25.1

4 months, 2 weeks

1
0
0 0

[PATCH v2 0/2] media: nuvoton: Fix some reference handling issues

by Ricardo Ribalda

When trying out 6.13 cocci, some bugs were found. Signed-off-by: Ricardo Ribalda <ribalda(a)chromium.org> --- Changes in v2: - Squash fixes and port to cleanup.h. - Link to v1: https://lore.kernel.org/r/20250121-nuvoton-v1-0-1ea4f0cdbda2@chromium.org --- Ricardo Ribalda (2): media: nuvoton: Fix reference handling of ece_node media: nuvoton: Fix reference handling of ece_pdev drivers/media/platform/nuvoton/npcm-video.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) --- base-commit: c2b96a6818159fba8a3bcc38262da9e77f9b3ec7 change-id: 20250121-nuvoton-fe870cbeffb6 Best regards, -- Ricardo Ribalda <ribalda(a)chromium.org>

4 months, 2 weeks

1
2
0 0

[PATCH 0/4] media: nuvoton: Fix some reference handling issues

by Ricardo Ribalda

When trying out 6.13 cocci, some bugs were found. The fixes without using cleanup.h should be backported. The last two patches make use of cleanup.h to avoid this kind of errors in the future. Signed-off-by: Ricardo Ribalda <ribalda(a)chromium.org> --- Ricardo Ribalda (4): media: nuvoton: Fix reference handling of ece_pdev media: nuvoton: Fix reference handling of ece_node media: nuvoton: Use cleanup.h macros for device_node media: nuvoton: Use cleanup.h macros for put_device drivers/media/platform/nuvoton/npcm-video.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) --- base-commit: c4b7779abc6633677e6edb79e2809f4f61fde157 change-id: 20250121-nuvoton-fe870cbeffb6 Best regards, -- Ricardo Ribalda <ribalda(a)chromium.org>

4 months, 2 weeks

4
8
0 0

Re: REGRESSION amdgpu 20241108 firmware breaks screen updating

by mail＠tteles.dev

I can confirm amdgpu.dcdebugmask=0x200 fixes it, no more stutters. It would be very beneficial to include the patch making this behavior default (https://lore.kernel.org/amd-gfx/20250221160145.1730752-3-zaeem.mohamed@amd.…) in the relevant linux-stable trees, as this is a major issue for affected systems. I CC'd stable(a)vger.kernel.org and ask for the patch to be included in linux-stable, even though it does not have a "Fixes:" tag, if the maintainers are okay with it. Thank you for the quick response! Tiago Feb 23, 2025, 17:26 by mario.limonciello(a)amd.com: > Hello, > > This sounds like to me a problem with PSR-SU. There have been a variety of these being reported the past few months. Enough so that the policy to enable it by default is being rolled back for now. > > https://lore.kernel.org/amd-gfx/20250221160145.1730752-3-zaeem.mohamed@amd.… > > To confirm that's the root cause you can disable it with amdgpu.dcdebugmask=0x200. > > Thanks, > > On 2/23/2025 10:08, mail(a)tteles.dev wrote: > >> Greetings, >> >> I wish to report a regression in amdgpu firmware introduced in commit c99eeb4d0e13f5831ae77f7ec521162594385d5f, the problem persists until git HEAD, and reverting to the previous commit fixes the issues with no further changes to the environment. >> >> The issue appears on a Lenovo IdeaPad Pro 5, with a Ryzen 8845HS processor, using the 780M iGPU (1002:1900 I believe). The screen on this laptop is 120Hz 2800x1800, supporting HDR. >> This was tested on Archlinux 6.13.3.arch1-1, with amdgpu drivers, on both Wayland (Gnome and Hyprland) and Xorg (i3wm). I'm using amd-pstate-epp scaling driver, tested with both performance and powersave governers, to the same effect. >> >> I will list the symptoms and attempt to guess at what the issue may be. >> >> - The screen stops updating if no mouse input is given while watching low resolution video (wherever it is, Brave and mpv, regardless of software or hw decoding). >> Low resolution matters here, I can play 4k video fine, 1080p with mild stutters, but lower becomes very bad. >> Here is an example using mpv with 360p sample video, recorded on my phone as to not disturb the environment its running in. (https://youtu.be/kYHqBjPxM2s You can tell it is very choppy, the original video https://www.youtube.com/watch?v=1HrXwe6s4W8 is not choppy) >> mpv did not report any dropped frames despite there obviously being a huge amount. >> >> - In some programs, text does not get displayed instantly from when typing it, having to type 5 or 6 characters for the previous to finally show. >> All these new characters show up at the same time. This was extremely noticeable with gnome's default "Console", it also happened in Brave Browser's search bar, and Signal, it does not seem to happen with Ghostty. >> >> Constantly waving my cursor fixes all these issues. Connecting a secondary display seems to fix the issue on all displays. >> >> From my limited knowledge this seems like a bug in damage detection for eDP + power management, where low enough power levels don't trigger redraws. >> >> I am confident the issue was introduced in that commit since I bisected linux-firmware commits affecting amdgpu until the issue was no longer found. >> >> >> Extra info: >> # dmesg | grep amd >> [ 0.414396] perf/amd_iommu: Detected AMD IOMMU #0 (2 banks, 4 counters/bank). >> [ 1.875492] [drm] amdgpu kernel modesetting enabled. >> [ 1.878563] amdgpu: Virtual CRAT table created for CPU >> [ 1.878573] amdgpu: Topology: Add CPU node >> [ 1.882607] amdgpu 0000:63:00.0: amdgpu: Fetched VBIOS from VFCT >> [ 1.882610] amdgpu: ATOM BIOS: 113-PHXGENERIC-001 >> [ 1.909536] amdgpu 0000:63:00.0: vgaarb: deactivate vga console >> [ 1.909542] amdgpu 0000:63:00.0: amdgpu: Trusted Memory Zone (TMZ) feature enabled >> [ 1.909612] amdgpu 0000:63:00.0: amdgpu: VRAM: 4096M 0x0000008000000000 - 0x00000080FFFFFFFF (4096M used) >> [ 1.909614] amdgpu 0000:63:00.0: amdgpu: GART: 512M 0x00007FFF00000000 - 0x00007FFF1FFFFFFF >> [ 1.909829] [drm] amdgpu: 4096M of VRAM memory ready >> [ 1.909832] [drm] amdgpu: 13932M of GTT memory ready. >> [ 1.935030] amdgpu 0000:63:00.0: amdgpu: reserve 0x4000000 from 0x80f8000000 for PSP TMR >> [ 2.482626] amdgpu 0000:63:00.0: amdgpu: RAS: optional ras ta ucode is not available >> [ 2.491068] amdgpu 0000:63:00.0: amdgpu: RAP: optional rap ta ucode is not available >> [ 2.491071] amdgpu 0000:63:00.0: amdgpu: SECUREDISPLAY: securedisplay ta ucode is not available >> [ 2.521960] amdgpu 0000:63:00.0: amdgpu: SMU is initialized successfully! >> [ 2.601611] kfd kfd: amdgpu: Allocated 3969056 bytes on gart >> [ 2.601628] kfd kfd: amdgpu: Total number of KFD nodes to be created: 1 >> [ 2.602048] amdgpu: Virtual CRAT table created for GPU >> [ 2.602191] amdgpu: Topology: Add dGPU node [0x1900:0x1002] >> [ 2.602193] kfd kfd: amdgpu: added device 1002:1900 >> [ 2.602206] amdgpu 0000:63:00.0: amdgpu: SE 1, SH per SE 2, CU per SH 6, active_cu_number 12 >> [ 2.602212] amdgpu 0000:63:00.0: amdgpu: ring gfx_0.0.0 uses VM inv eng 0 on hub 0 >> [ 2.602215] amdgpu 0000:63:00.0: amdgpu: ring comp_1.0.0 uses VM inv eng 1 on hub 0 >> [ 2.602216] amdgpu 0000:63:00.0: amdgpu: ring comp_1.1.0 uses VM inv eng 4 on hub 0 >> [ 2.602217] amdgpu 0000:63:00.0: amdgpu: ring comp_1.2.0 uses VM inv eng 6 on hub 0 >> [ 2.602219] amdgpu 0000:63:00.0: amdgpu: ring comp_1.3.0 uses VM inv eng 7 on hub 0 >> [ 2.602220] amdgpu 0000:63:00.0: amdgpu: ring comp_1.0.1 uses VM inv eng 8 on hub 0 >> [ 2.602221] amdgpu 0000:63:00.0: amdgpu: ring comp_1.1.1 uses VM inv eng 9 on hub 0 >> [ 2.602222] amdgpu 0000:63:00.0: amdgpu: ring comp_1.2.1 uses VM inv eng 10 on hub 0 >> [ 2.602223] amdgpu 0000:63:00.0: amdgpu: ring comp_1.3.1 uses VM inv eng 11 on hub 0 >> [ 2.602224] amdgpu 0000:63:00.0: amdgpu: ring sdma0 uses VM inv eng 12 on hub 0 >> [ 2.602225] amdgpu 0000:63:00.0: amdgpu: ring vcn_unified_0 uses VM inv eng 0 on hub 8 >> [ 2.602226] amdgpu 0000:63:00.0: amdgpu: ring jpeg_dec uses VM inv eng 1 on hub 8 >> [ 2.602227] amdgpu 0000:63:00.0: amdgpu: ring mes_kiq_3.1.0 uses VM inv eng 13 on hub 0 >> [ 2.609481] amdgpu 0000:63:00.0: amdgpu: Runtime PM not available >> [ 2.610787] [drm] Initialized amdgpu 3.60.0 for 0000:63:00.0 on minor 1 >> [ 2.617618] fbcon: amdgpudrmfb (fb0) is primary device >> [ 3.788332] amdgpu 0000:63:00.0: [drm] fb0: amdgpudrmfb frame buffer device >> [ 5.120419] kvm_amd: TSC scaling supported >> [ 5.120426] kvm_amd: Nested Virtualization enabled >> [ 5.120428] kvm_amd: Nested Paging enabled >> [ 5.120430] kvm_amd: LBR virtualization supported >> [ 5.120443] kvm_amd: Virtual GIF supported >> [ 5.120444] kvm_amd: Virtual NMI enabled >> [ 5.170720] snd_hda_intel 0000:63:00.1: bound 0000:63:00.0 (ops amdgpu_dm_audio_component_bind_ops [amdgpu]) >> [ 5.191443] amd_atl: AMD Address Translation Library initialized >> >> >> Thank you for your time, >> Tiago Teles >>

4 months, 2 weeks

2
1
0 0

[PATCH v2 net 0/9] net: enetc: fix some known issues

by Wei Fang

There are some issues with the enetc driver, some of which are specific to the LS1028A platform, and some of which were introduced recently when i.MX95 ENETC support was added, so this patch set aims to clean up those issues. --- v1 link: https://lore.kernel.org/imx/20250217093906.506214-1-wei.fang@nxp.com/ v2 changes: 1. Remove the unneeded semicolon from patch 1 2. Modify the commit message of patch 1 3. Add new patch 9 to fix another off-by-one issue --- Wei Fang (9): net: enetc: fix the off-by-one issue in enetc_map_tx_buffs() net: enetc: correct the tx_swbd statistics net: enetc: correct the xdp_tx statistics net: enetc: VFs do not support HWTSTAMP_TX_ONESTEP_SYNC net: enetc: update UDP checksum when updating originTimestamp field net: enetc: add missing enetc4_link_deinit() net: enetc: remove the mm_lock from the ENETC v4 driver net: enetc: correct the EMDIO base offset for ENETC v4 net: enetc: fix the off-by-one issue in enetc_map_tx_tso_buffs() drivers/net/ethernet/freescale/enetc/enetc.c | 59 ++++++++++++++----- .../net/ethernet/freescale/enetc/enetc4_hw.h | 3 + .../net/ethernet/freescale/enetc/enetc4_pf.c | 2 +- .../ethernet/freescale/enetc/enetc_ethtool.c | 7 ++- .../freescale/enetc/enetc_pf_common.c | 10 +++- 5 files changed, 63 insertions(+), 18 deletions(-) -- 2.34.1

4 months, 2 weeks

6
38
0 0

[PATCH v2] usb: gadget: Set self-powered based on MaxPower and bmAttributes

by Prashanth K

Currently the USB gadget will be set as bus-powered based solely on whether its bMaxPower is greater than 100mA, but this may miss devices that may legitimately draw less than 100mA but still want to report as bus-powered. Similarly during suspend & resume, USB gadget is incorrectly marked as bus/self powered without checking the bmAttributes field. Fix these by configuring the USB gadget as self or bus powered based on bmAttributes, and explicitly set it as bus-powered if it draws more than 100mA. Cc: stable(a)vger.kernel.org Fixes: 5e5caf4fa8d3 ("usb: gadget: composite: Inform controller driver of self-powered") Signed-off-by: Prashanth K <prashanth.k(a)oss.qualcomm.com> --- Changes in v2: - Didn't change anything from RFC. - Link to RFC: https://lore.kernel.org/all/20250204105908.2255686-1-prashanth.k@oss.qualco… drivers/usb/gadget/composite.c | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/drivers/usb/gadget/composite.c b/drivers/usb/gadget/composite.c index bdda8c74602d..1fb28bbf6c45 100644 --- a/drivers/usb/gadget/composite.c +++ b/drivers/usb/gadget/composite.c @@ -1050,10 +1050,11 @@ static int set_config(struct usb_composite_dev *cdev, else usb_gadget_set_remote_wakeup(gadget, 0); done: - if (power <= USB_SELF_POWER_VBUS_MAX_DRAW) - usb_gadget_set_selfpowered(gadget); - else + if (power > USB_SELF_POWER_VBUS_MAX_DRAW || + !(c->bmAttributes & USB_CONFIG_ATT_SELFPOWER)) usb_gadget_clear_selfpowered(gadget); + else + usb_gadget_set_selfpowered(gadget); usb_gadget_vbus_draw(gadget, power); if (result >= 0 && cdev->delayed_status) @@ -2615,7 +2616,9 @@ void composite_suspend(struct usb_gadget *gadget) cdev->suspended = 1; - usb_gadget_set_selfpowered(gadget); + if (cdev->config->bmAttributes & USB_CONFIG_ATT_SELFPOWER) + usb_gadget_set_selfpowered(gadget); + usb_gadget_vbus_draw(gadget, 2); } @@ -2649,8 +2652,11 @@ void composite_resume(struct usb_gadget *gadget) else maxpower = min(maxpower, 900U); - if (maxpower > USB_SELF_POWER_VBUS_MAX_DRAW) + if (maxpower > USB_SELF_POWER_VBUS_MAX_DRAW || + !(cdev->config->bmAttributes & USB_CONFIG_ATT_SELFPOWER)) usb_gadget_clear_selfpowered(gadget); + else + usb_gadget_set_selfpowered(gadget); usb_gadget_vbus_draw(gadget, maxpower); } else { -- 2.25.1

4 months, 2 weeks

5
5
0 0

[PATCH] USB: Skip resume if pm_runtime_set_active() fails

by Ma Ke

A race condition occurs during system suspend if interrupted between usb_suspend() and the parent device’s PM suspend (e.g., a power domain). This triggers PM resume workflows (via usb_resume()), but if parent device is already runtime-suspended, pm_runtime_set_active() fails. Subsequent operations like pm_runtime_enable() and interface unbinding may leave the USB device in an inconsistent state or trigger unintended behavior. Found by code review. Cc: stable(a)vger.kernel.org Fixes: 98d9a82e5f75 ("USB: cleanup the handling of the PM complete call") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- drivers/usb/core/driver.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/drivers/usb/core/driver.c b/drivers/usb/core/driver.c index 460d4dde5994..7478fcc11fd4 100644 --- a/drivers/usb/core/driver.c +++ b/drivers/usb/core/driver.c @@ -1624,11 +1624,17 @@ int usb_resume(struct device *dev, pm_message_t msg) status = usb_resume_both(udev, msg); if (status == 0) { pm_runtime_disable(dev); - pm_runtime_set_active(dev); + status = pm_runtime_set_active(dev); + if (status) { + pm_runtime_enable(dev); + goto out; + } + pm_runtime_enable(dev); unbind_marked_interfaces(udev); } +out: /* Avoid PM error messages for devices disconnected while suspended * as we'll display regular disconnect messages just a bit later. */ -- 2.25.1

4 months, 2 weeks

2
1
0 0

[PATCH] mm: abort vma_modify() on merge out of memory failure

by Lorenzo Stoakes

The remainder of vma_modify() relies upon the vmg state remaining pristine after a merge attempt. Usually this is the case, however in the one edge case scenario of a merge attempt failing not due to the specified range being unmergeable, but rather due to an out of memory error arising when attempting to commit the merge, this assumption becomes untrue. This results in vmg->start, end being modified, and thus the proceeding attempts to split the VMA will be done with invalid start/end values. Thankfully, it is likely practically impossible for us to hit this in reality, as it would require a maple tree node pre-allocation failure that would likely never happen due to it being 'too small to fail', i.e. the kernel would simply keep retrying reclaim until it succeeded. However, this scenario remains theoretically possible, and what we are doing here is wrong so we must correct it. The safest option is, when this scenario occurs, to simply give up the operation. If we cannot allocate memory to merge, then we cannot allocate memory to split either (perhaps moreso!). Any scenario where this would be happening would be under very extreme (likely fatal) memory pressure, so it's best we give up early. So there is no doubt it is appropriate to simply bail out in this scenario. However, in general we must if at all possible never assume VMG state is stable after a merge attempt, since merge operations update VMG fields. As a result, additionally also make this clear by storing start, end in local variables. The issue was reported originally by syzkaller, and by Brad Spengler (via an off-list discussion), and in both instances it manifested as a triggering of the assert: VM_WARN_ON_VMG(start >= end, vmg); In vma_merge_existing_range(). It seems at least one scenario in which this is occurring is one in which the merge being attempted is due to an madvise() across multiple VMAs which looks like this: start end |<------>| |----------|------| | vma | next | |----------|------| When madvise_walk_vmas() is invoked, we first find vma in the above (determining prev to be equal to vma as we are offset into vma), and then enter the loop. We determine the end of vma that forms part of the range we are madvise()'ing by setting 'tmp' to this value: /* Here vma->vm_start <= start < (end|vma->vm_end) */ tmp = vma->vm_end; We then invoke the madvise() operation via visit(), letting prev get updated to point to vma as part of the operation: /* Here vma->vm_start <= start < tmp <= (end|vma->vm_end). */ error = visit(vma, &prev, start, tmp, arg); Where the visit() function pointer in this instance is madvise_vma_behavior(). As observed in syzkaller reports, it is ultimately madvise_update_vma() that is invoked, calling vma_modify_flags_name() and vma_modify() in turn. Then, in vma_modify(), we attempt the merge: merged = vma_merge_existing_range(vmg); if (merged) return merged; We invoke this with vmg->start, end set to start, tmp as such: start tmp |<--->| |----------|------| | vma | next | |----------|------| We find ourselves in the merge right scenario, but the one in which we cannot remove the middle (we are offset into vma). Here we have a special case where vmg->start, end get set to perhaps unintuitive values - we intended to shrink the middle VMA and expand the next. This means vmg->start, end are set to... vma->vm_start, start. Now the commit_merge() fails, and vmg->start, end are left like this. This means we return to the rest of vma_modify() with vmg->start, end (here denoted as start', end') set as: start' end' |<-->| |----------|------| | vma | next | |----------|------| So we now erroneously try to split accordingly. This is where the unfortunate stuff begins. We start with: /* Split any preceding portion of the VMA. */ if (vma->vm_start < vmg->start) { ... } This doesn't trigger as we are no longer offset into vma at the start. But then we invoke: /* Split any trailing portion of the VMA. */ if (vma->vm_end > vmg->end) { ... } Which does get invoked. This leaves us with: start' end' |<-->| |----|-----|------| | vma| new | next | |----|-----|------| We then return ultimately to madvise_walk_vmas(). Here 'new' is unknown, and putting back the values known in this function we are faced with: start tmp end | | | |----|-----|------| | vma| new | next | |----|-----|------| prev Then: start = tmp; So: start end | | |----|-----|------| | vma| new | next | |----|-----|------| prev The following code does not cause anything to happen: if (prev && start < prev->vm_end) start = prev->vm_end; if (start >= end) break; And then we invoke: if (prev) vma = find_vma(mm, prev->vm_end); Which is where a problem occurs - we don't know about 'new' so we essentially look for the vma after prev, which is new, whereas we actually intended to discover next! So we end up with: start end | | |----|-----|------| |prev| vma | next | |----|-----|------| And we have successfully bypassed all of the checks madvise_walk_vmas() has to ensure early exit should we end up moving out of range. We loop around, and hit: /* Here vma->vm_start <= start < (end|vma->vm_end) */ tmp = vma->vm_end; Oh dear. Now we have: tmp start end | | |----|-----|------| |prev| vma | next | |----|-----|------| We then invoke: /* Here vma->vm_start <= start < tmp <= (end|vma->vm_end). */ error = visit(vma, &prev, start, tmp, arg); Where start == tmp. That is, a zero range. This is not good. We invoke visit() which is madvise_vma_behavior() which does not check the range (for good reason, it assumes all checks have been done before it was called), which in turn finally calls madvise_update_vma(). The madvise_update_vma() function calls vma_modify_flags_name() in turn, which ultimately invokes vma_modify() with... start == end. vma_modify() calls vma_merge_existing_range() and finally we hit: VM_WARN_ON_VMG(start >= end, vmg); Which triggers, as start == end. While it might be useful to add some CONFIG_DEBUG_VM asserts in these instances to catch this kind of error, since we have just eliminated any possibility of that happening, we will add such asserts separately as to reduce churn and aid backporting. Signed-off-by: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Tested-by: Brad Spengler <brad.spengler(a)opensrcsec.com> Fixes: 2f1c6611b0a8 ("mm: introduce vma_merge_struct and abstract vma_merge(),vma_modify()") Reported-by: Brad Spengler <brad.spengler(a)opensrcsec.com> Reported-by: syzbot+46423ed8fa1f1148c6e4(a)syzkaller.appspotmail.com Closes: https://lore.kernel.org/linux-mm/6774c98f.050a0220.25abdd.0991.GAE@google.c… Cc: stable(a)vger.kernel.org --- mm/vma.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/mm/vma.c b/mm/vma.c index c7abef5177cc..76bec07e30b7 100644 --- a/mm/vma.c +++ b/mm/vma.c @@ -1523,24 +1523,28 @@ int do_vmi_munmap(struct vma_iterator *vmi, struct mm_struct *mm, static struct vm_area_struct *vma_modify(struct vma_merge_struct *vmg) { struct vm_area_struct *vma = vmg->middle; + unsigned long start = vmg->start; + unsigned long end = vmg->end; struct vm_area_struct *merged; /* First, try to merge. */ merged = vma_merge_existing_range(vmg); if (merged) return merged; + if (vmg_nomem(vmg)) + return ERR_PTR(-ENOMEM); /* Split any preceding portion of the VMA. */ - if (vma->vm_start < vmg->start) { - int err = split_vma(vmg->vmi, vma, vmg->start, 1); + if (vma->vm_start < start) { + int err = split_vma(vmg->vmi, vma, start, 1); if (err) return ERR_PTR(err); } /* Split any trailing portion of the VMA. */ - if (vma->vm_end > vmg->end) { - int err = split_vma(vmg->vmi, vma, vmg->end, 0); + if (vma->vm_end > end) { + int err = split_vma(vmg->vmi, vma, end, 0); if (err) return ERR_PTR(err); -- 2.48.1

4 months, 2 weeks

2
2
0 0

[PATCH AUTOSEL 6.10 01/27] wifi: nl80211: disallow setting special AP channel widths

by Sasha Levin

From: Johannes Berg <johannes.berg(a)intel.com> [ Upstream commit 23daf1b4c91db9b26f8425cc7039cf96d22ccbfe ] Setting the AP channel width is meant for use with the normal 20/40/... MHz channel width progression, and switching around in S1G or narrow channels isn't supported. Disallow that. Reported-by: syzbot+bc0f5b92cc7091f45fb6(a)syzkaller.appspotmail.com Link: https://msgid.link/20240515141600.d4a9590bfe32.I19a32d60097e81b527eafe6b092… Signed-off-by: Johannes Berg <johannes.berg(a)intel.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- net/wireless/nl80211.c | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c index 72c7bf5585816..81d5bf186180f 100644 --- a/net/wireless/nl80211.c +++ b/net/wireless/nl80211.c @@ -3419,6 +3419,33 @@ static int __nl80211_set_channel(struct cfg80211_registered_device *rdev, if (chandef.chan != cur_chan) return -EBUSY; + /* only allow this for regular channel widths */ + switch (wdev->links[link_id].ap.chandef.width) { + case NL80211_CHAN_WIDTH_20_NOHT: + case NL80211_CHAN_WIDTH_20: + case NL80211_CHAN_WIDTH_40: + case NL80211_CHAN_WIDTH_80: + case NL80211_CHAN_WIDTH_80P80: + case NL80211_CHAN_WIDTH_160: + case NL80211_CHAN_WIDTH_320: + break; + default: + return -EINVAL; + } + + switch (chandef.width) { + case NL80211_CHAN_WIDTH_20_NOHT: + case NL80211_CHAN_WIDTH_20: + case NL80211_CHAN_WIDTH_40: + case NL80211_CHAN_WIDTH_80: + case NL80211_CHAN_WIDTH_80P80: + case NL80211_CHAN_WIDTH_160: + case NL80211_CHAN_WIDTH_320: + break; + default: + return -EINVAL; + } + result = rdev_set_ap_chanwidth(rdev, dev, link_id, &chandef); if (result) -- 2.43.0

4 months, 2 weeks

4
35
0 0

[REGRESSION] Chrome and VSCode breakage with the commit b9b588f22a0c

by Takashi Iwai

Hi, we received a bug report showing the regression on 6.13.1 kernel against 6.13.0. The symptom is that Chrome and VSCode stopped working with Gnome Scaling, as reported on openSUSE Tumbleweed bug tracker https://bugzilla.suse.com/show_bug.cgi?id=1236943 Quoting from there: """ I use the latest TW on Gnome with a 4K display and 150% scaling. Everything has been working fine, but recently both Chrome and VSCode (installed from official non-openSUSE channels) stopped working with Scaling. .... I am using VSCode with: `--enable-features=UseOzonePlatform --enable-features=WaylandWindowDecorations --ozone-platform-hint=auto` and for Chrome, I select `Preferred Ozone platform` == `Wayland`. """ Surprisingly, the bisection pointed to the backport of the commit b9b588f22a0c049a14885399e27625635ae6ef91 ("libfs: Use d_children list to iterate simple_offset directories"). Indeed, the revert of this patch on the latest 6.13.4 was confirmed to fix the issue. Also, the reporter verified that the latest 6.14-rc release is still affected, too. For now I have no concrete idea how the patch could break the behavior of a graphical application like the above. Let us know if you need something for debugging. (Or at easiest, join to the bugzilla entry and ask there; or open another bug report at whatever you like.) BTW, I'll be traveling tomorrow, so my reply will be delayed. thanks, Takashi #regzbot introduced: b9b588f22a0c049a14885399e27625635ae6ef91 #regzbot monitor: https://bugzilla.suse.com/show_bug.cgi?id=1236943

4 months, 2 weeks

1
0
0 0

Please backport "drm: select DRM_KMS_HELPER from DRM_GEM_SHMEM_HELPER" to 6.13.x

by NoisyCoil

Hello. The build (actually, linking) failure described in [1] affects current stable (6.13.4). Could the commit that fixes it in mainline, namely, c40ca9ef7c5c9bbb0d2f7774c87417cc4f1713bf ("drm: select DRM_KMS_HELPER from DRM_GEM_SHMEM_HELPER") be backported to 6.13.x, please? Thank you. [1] https://lore.kernel.org/all/20250121-greedy-flounder-of-abundance-4d2ee8-mk…

4 months, 2 weeks

2
1
0 0

+ mm-abort-vma_modify-on-merge-out-of-memory-failure.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm: abort vma_modify() on merge out of memory failure has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-abort-vma_modify-on-merge-out-of-memory-failure.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Subject: mm: abort vma_modify() on merge out of memory failure Date: Sat, 22 Feb 2025 16:19:52 +0000 The remainder of vma_modify() relies upon the vmg state remaining pristine after a merge attempt. Usually this is the case, however in the one edge case scenario of a merge attempt failing not due to the specified range being unmergeable, but rather due to an out of memory error arising when attempting to commit the merge, this assumption becomes untrue. This results in vmg->start, end being modified, and thus the proceeding attempts to split the VMA will be done with invalid start/end values. Thankfully, it is likely practically impossible for us to hit this in reality, as it would require a maple tree node pre-allocation failure that would likely never happen due to it being 'too small to fail', i.e. the kernel would simply keep retrying reclaim until it succeeded. However, this scenario remains theoretically possible, and what we are doing here is wrong so we must correct it. The safest option is, when this scenario occurs, to simply give up the operation. If we cannot allocate memory to merge, then we cannot allocate memory to split either (perhaps moreso!). Any scenario where this would be happening would be under very extreme (likely fatal) memory pressure, so it's best we give up early. So there is no doubt it is appropriate to simply bail out in this scenario. However, in general we must if at all possible never assume VMG state is stable after a merge attempt, since merge operations update VMG fields. As a result, additionally also make this clear by storing start, end in local variables. The issue was reported originally by syzkaller, and by Brad Spengler (via an off-list discussion), and in both instances it manifested as a triggering of the assert: VM_WARN_ON_VMG(start >= end, vmg); In vma_merge_existing_range(). It seems at least one scenario in which this is occurring is one in which the merge being attempted is due to an madvise() across multiple VMAs which looks like this: start end |<------>| |----------|------| | vma | next | |----------|------| When madvise_walk_vmas() is invoked, we first find vma in the above (determining prev to be equal to vma as we are offset into vma), and then enter the loop. We determine the end of vma that forms part of the range we are madvise()'ing by setting 'tmp' to this value: /* Here vma->vm_start <= start < (end|vma->vm_end) */ tmp = vma->vm_end; We then invoke the madvise() operation via visit(), letting prev get updated to point to vma as part of the operation: /* Here vma->vm_start <= start < tmp <= (end|vma->vm_end). */ error = visit(vma, &prev, start, tmp, arg); Where the visit() function pointer in this instance is madvise_vma_behavior(). As observed in syzkaller reports, it is ultimately madvise_update_vma() that is invoked, calling vma_modify_flags_name() and vma_modify() in turn. Then, in vma_modify(), we attempt the merge: merged = vma_merge_existing_range(vmg); if (merged) return merged; We invoke this with vmg->start, end set to start, tmp as such: start tmp |<--->| |----------|------| | vma | next | |----------|------| We find ourselves in the merge right scenario, but the one in which we cannot remove the middle (we are offset into vma). Here we have a special case where vmg->start, end get set to perhaps unintuitive values - we intended to shrink the middle VMA and expand the next. This means vmg->start, end are set to... vma->vm_start, start. Now the commit_merge() fails, and vmg->start, end are left like this. This means we return to the rest of vma_modify() with vmg->start, end (here denoted as start', end') set as: start' end' |<-->| |----------|------| | vma | next | |----------|------| So we now erroneously try to split accordingly. This is where the unfortunate stuff begins. We start with: /* Split any preceding portion of the VMA. */ if (vma->vm_start < vmg->start) { ... } This doesn't trigger as we are no longer offset into vma at the start. But then we invoke: /* Split any trailing portion of the VMA. */ if (vma->vm_end > vmg->end) { ... } Which does get invoked. This leaves us with: start' end' |<-->| |----|-----|------| | vma| new | next | |----|-----|------| We then return ultimately to madvise_walk_vmas(). Here 'new' is unknown, and putting back the values known in this function we are faced with: start tmp end | | | |----|-----|------| | vma| new | next | |----|-----|------| prev Then: start = tmp; So: start end | | |----|-----|------| | vma| new | next | |----|-----|------| prev The following code does not cause anything to happen: if (prev && start < prev->vm_end) start = prev->vm_end; if (start >= end) break; And then we invoke: if (prev) vma = find_vma(mm, prev->vm_end); Which is where a problem occurs - we don't know about 'new' so we essentially look for the vma after prev, which is new, whereas we actually intended to discover next! So we end up with: start end | | |----|-----|------| |prev| vma | next | |----|-----|------| And we have successfully bypassed all of the checks madvise_walk_vmas() has to ensure early exit should we end up moving out of range. We loop around, and hit: /* Here vma->vm_start <= start < (end|vma->vm_end) */ tmp = vma->vm_end; Oh dear. Now we have: tmp start end | | |----|-----|------| |prev| vma | next | |----|-----|------| We then invoke: /* Here vma->vm_start <= start < tmp <= (end|vma->vm_end). */ error = visit(vma, &prev, start, tmp, arg); Where start == tmp. That is, a zero range. This is not good. We invoke visit() which is madvise_vma_behavior() which does not check the range (for good reason, it assumes all checks have been done before it was called), which in turn finally calls madvise_update_vma(). The madvise_update_vma() function calls vma_modify_flags_name() in turn, which ultimately invokes vma_modify() with... start == end. vma_modify() calls vma_merge_existing_range() and finally we hit: VM_WARN_ON_VMG(start >= end, vmg); Which triggers, as start == end. While it might be useful to add some CONFIG_DEBUG_VM asserts in these instances to catch this kind of error, since we have just eliminated any possibility of that happening, we will add such asserts separately as to reduce churn and aid backporting. Link: https://lkml.kernel.org/r/20250222161952.41957-1-lorenzo.stoakes@oracle.com Fixes: 2f1c6611b0a8 ("mm: introduce vma_merge_struct and abstract vma_merge(),vma_modify()") Signed-off-by: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Tested-by: Brad Spengler <brad.spengler(a)opensrcsec.com> Reported-by: Brad Spengler <brad.spengler(a)opensrcsec.com> Reported-by: syzbot+46423ed8fa1f1148c6e4(a)syzkaller.appspotmail.com Closes: https://lore.kernel.org/linux-mm/6774c98f.050a0220.25abdd.0991.GAE@google.c… Cc: Jann Horn <jannh(a)google.com> Cc: Liam Howlett <liam.howlett(a)oracle.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/vma.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) --- a/mm/vma.c~mm-abort-vma_modify-on-merge-out-of-memory-failure +++ a/mm/vma.c @@ -1509,24 +1509,28 @@ int do_vmi_munmap(struct vma_iterator *v static struct vm_area_struct *vma_modify(struct vma_merge_struct *vmg) { struct vm_area_struct *vma = vmg->vma; + unsigned long start = vmg->start; + unsigned long end = vmg->end; struct vm_area_struct *merged; /* First, try to merge. */ merged = vma_merge_existing_range(vmg); if (merged) return merged; + if (vmg_nomem(vmg)) + return ERR_PTR(-ENOMEM); /* Split any preceding portion of the VMA. */ - if (vma->vm_start < vmg->start) { - int err = split_vma(vmg->vmi, vma, vmg->start, 1); + if (vma->vm_start < start) { + int err = split_vma(vmg->vmi, vma, start, 1); if (err) return ERR_PTR(err); } /* Split any trailing portion of the VMA. */ - if (vma->vm_end > vmg->end) { - int err = split_vma(vmg->vmi, vma, vmg->end, 0); + if (vma->vm_end > end) { + int err = split_vma(vmg->vmi, vma, end, 0); if (err) return ERR_PTR(err); _ Patches currently in -mm which might be from lorenzo.stoakes(a)oracle.com are mm-abort-vma_modify-on-merge-out-of-memory-failure.patch mm-simplify-vma-merge-structure-and-expand-comments.patch mm-further-refactor-commit_merge.patch mm-eliminate-adj_start-parameter-from-commit_merge.patch mm-make-vmg-target-consistent-and-further-simplify-commit_merge.patch mm-completely-abstract-unnecessary-adj_start-calculation.patch mm-madvise-split-out-mmap-locking-operations-for-madvise-fix.patch mm-use-read-write_once-for-vma-vm_flags-on-migrate-mprotect.patch mm-refactor-rmap_walk_file-to-separate-out-traversal-logic.patch mm-provide-mapping_wrprotect_range-function.patch fb_defio-do-not-use-deprecated-page-mapping-index-fields.patch fb_defio-do-not-use-deprecated-page-mapping-index-fields-fix.patch mm-allow-guard-regions-in-file-backed-and-read-only-mappings.patch selftests-mm-rename-guard-pages-to-guard-regions.patch tools-selftests-expand-all-guard-region-tests-to-file-backed.patch tools-selftests-add-file-shmem-backed-mapping-guard-region-tests.patch

4 months, 2 weeks

1
0
0 0

[PATCH v2 0/5] arm64: dts: rockchip: pinmux fixes and support for 2 adapters for Theobroma boards

by Quentin Schulz

This is based on top of https://git.kernel.org/pub/scm/linux/kernel/git/mmind/linux-rockchip.git/lo… 6ee0b9ad3995 ("arm64: dts: rockchip: Add rng node to RK3588") as it depends on the (merged) series from https://lore.kernel.org/all/20250211-pre-ict-jaguar-v6-0-4484b0f88cfc@cherr… Patches for Haikou Video Demo adapter for PX30 Ringneck and RK3399 Puma (patches 4 and 5) also depend on the following patch series: https://lore.kernel.org/linux-devicetree/20250220-pca976x-reset-driver-v1-0… This fixes incorrect pinmux on UART0 and UART5 for PX30 Ringneck on Haikou. This adds support for the HAIKOU-LVDS-9904379 adapter for PX30 Ringneck fitted on a Haikou carrierboard. Additionally, this adds support for Haikou Video Demo adapter on PX30 Ringneck and RK3399 Puma fitted on a Haikou carrierboard. Notably missing from the overlay is the OV5675 camera module which expects 19.2MHz which we cannot exactly feed right now. Modifications to the OV5675 drivers will be made so it's more flexible and then support for the camera module will be added. This adapter has a 720x1280 DSI display with a GT911 touchscreen, a GPIO-controllable LED and an I2C GPIO expander. Support for this adapter on RK3588 Tiger is being added in a separate patch series[1]. Note that the DSI panel currently is glitchy on both PX30 Ringneck and RK3399 Puma but this is being tackled in another series[2]. Since this will not be fixed through DT properties for the panel, adding the DT nodes for the DSI panel even if not perfect right now seems acceptable to me. [1] https://lore.kernel.org/linux-rockchip/20241127143719.660658-1-heiko@sntech… [2] https://lore.kernel.org/r/20240626084722.832763-1-heiko@sntech.de Signed-off-by: Quentin Schulz <quentin.schulz(a)cherry.de> --- Changes in v2: - rename uart5_rts_gpio to uart5_rts_pin to stop triggering a false positive of the dtschema checker, - remove PU from uart5_rts_pin, - Link to v1: https://lore.kernel.org/r/20250220-ringneck-dtbos-v1-0-25c97f2385e6@cherry.… --- Quentin Schulz (5): arm64: dts: rockchip: fix pinmux of UART0 for PX30 Ringneck on Haikou arm64: dts: rockchip: fix pinmux of UART5 for PX30 Ringneck on Haikou arm64: dts: rockchip: add support for HAIKOU-LVDS-9904379 adapter for PX30 Ringneck arm64: dts: rockchip: add overlay for PX30 Ringneck Haikou Video Demo adapter arm64: dts: rockchip: add overlay for RK3399 Puma Haikou Video Demo adapter arch/arm64/boot/dts/rockchip/Makefile | 15 ++ .../px30-ringneck-haikou-lvds-9904379.dtso | 130 ++++++++++++++ .../rockchip/px30-ringneck-haikou-video-demo.dtso | 190 +++++++++++++++++++++ .../boot/dts/rockchip/px30-ringneck-haikou.dts | 10 +- .../rockchip/rk3399-puma-haikou-video-demo.dtso | 166 ++++++++++++++++++ 5 files changed, 510 insertions(+), 1 deletion(-) --- base-commit: 6ee0b9ad3995ee5fa229035c69013b7dd0d3634b change-id: 20250128-ringneck-dtbos-98064839355e prerequisite-change-id: 20250219-pca976x-reset-driver-c9aa95869426:v2 prerequisite-patch-id: 25c49bae002eb11bc6fec479f49f5e3b28b8f403 prerequisite-patch-id: 58e9acffbbd052710bfe672c99ef05f59b1978a6 Best regards, -- Quentin Schulz <quentin.schulz(a)cherry.de>

4 months, 2 weeks

2
3
0 0

[PATCH 6.6] x86/cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit

by Patrick Bellasi

commit 318e8c339c9a0891c389298bb328ed0762a9935e upstream. In [1] the meaning of the synthetic IBPB flags has been redefined for a better separation of concerns: - ENTRY_IBPB -- issue IBPB on entry only - IBPB_ON_VMEXIT -- issue IBPB on VM-Exit only and the Retbleed mitigations have been updated to match this new semantics. Commit [2] was merged shortly before [1], and their interaction was not handled properly. This resulted in IBPB not being triggered on VM-Exit in all SRSO mitigation configs requesting an IBPB there. Specifically, an IBPB on VM-Exit is triggered only when X86_FEATURE_IBPB_ON_VMEXIT is set. However: - X86_FEATURE_IBPB_ON_VMEXIT is not set for "spec_rstack_overflow=ibpb", because before [1] having X86_FEATURE_ENTRY_IBPB was enough. Hence, an IBPB is triggered on entry but the expected IBPB on VM-exit is not. - X86_FEATURE_IBPB_ON_VMEXIT is not set also when "spec_rstack_overflow=ibpb-vmexit" if X86_FEATURE_ENTRY_IBPB is already set. That's because before [1] this was effectively redundant. Hence, e.g. a "retbleed=ibpb spec_rstack_overflow=bpb-vmexit" config mistakenly reports the machine still vulnerable to SRSO, despite an IBPB being triggered both on entry and VM-Exit, because of the Retbleed selected mitigation config. - UNTRAIN_RET_VM won't still actually do anything unless CONFIG_MITIGATION_IBPB_ENTRY is set. For "spec_rstack_overflow=ibpb", enable IBPB on both entry and VM-Exit and clear X86_FEATURE_RSB_VMEXIT which is made superfluous by X86_FEATURE_IBPB_ON_VMEXIT. This effectively makes this mitigation option similar to the one for 'retbleed=ibpb', thus re-order the code for the RETBLEED_MITIGATION_IBPB option to be less confusing by having all features enabling before the disabling of the not needed ones. For "spec_rstack_overflow=ibpb-vmexit", guard this mitigation setting with CONFIG_MITIGATION_IBPB_ENTRY to ensure UNTRAIN_RET_VM sequence is effectively compiled in. Drop instead the CONFIG_MITIGATION_SRSO guard, since none of the SRSO compile cruft is required in this configuration. Also, check only that the required microcode is present to effectively enabled the IBPB on VM-Exit. Finally, update the KConfig description for CONFIG_MITIGATION_IBPB_ENTRY to list also all SRSO config settings enabled by this guard. Fixes: 864bcaa38ee4 ("x86/cpu/kvm: Provide UNTRAIN_RET_VM") [1] Fixes: d893832d0e1e ("x86/srso: Add IBPB on VMEXIT") [2] Reported-by: Yosry Ahmed <yosryahmed(a)google.com> Signed-off-by: Patrick Bellasi <derkling(a)google.com> Reviewed-by: Borislav Petkov (AMD) <bp(a)alien8.de> Cc: stable(a)kernel.org Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> --- arch/x86/Kconfig | 3 ++- arch/x86/kernel/cpu/bugs.c | 21 ++++++++++++++------- 2 files changed, 16 insertions(+), 8 deletions(-) diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 05c82fd5d0f60..989d432b58345 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -2514,7 +2514,8 @@ config CPU_IBPB_ENTRY depends on CPU_SUP_AMD && X86_64 default y help - Compile the kernel with support for the retbleed=ibpb mitigation. + Compile the kernel with support for the retbleed=ibpb and + spec_rstack_overflow={ibpb,ibpb-vmexit} mitigations. config CPU_IBRS_ENTRY bool "Enable IBRS on kernel entry" diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index 7b5ba5b8592a2..7df458a6553eb 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -1113,6 +1113,8 @@ static void __init retbleed_select_mitigation(void) case RETBLEED_MITIGATION_IBPB: setup_force_cpu_cap(X86_FEATURE_ENTRY_IBPB); + setup_force_cpu_cap(X86_FEATURE_IBPB_ON_VMEXIT); + mitigate_smt = true; /* * IBPB on entry already obviates the need for @@ -1122,9 +1124,6 @@ static void __init retbleed_select_mitigation(void) setup_clear_cpu_cap(X86_FEATURE_UNRET); setup_clear_cpu_cap(X86_FEATURE_RETHUNK); - setup_force_cpu_cap(X86_FEATURE_IBPB_ON_VMEXIT); - mitigate_smt = true; - /* * There is no need for RSB filling: entry_ibpb() ensures * all predictions, including the RSB, are invalidated, @@ -2626,6 +2625,7 @@ static void __init srso_select_mitigation(void) if (IS_ENABLED(CONFIG_CPU_IBPB_ENTRY)) { if (has_microcode) { setup_force_cpu_cap(X86_FEATURE_ENTRY_IBPB); + setup_force_cpu_cap(X86_FEATURE_IBPB_ON_VMEXIT); srso_mitigation = SRSO_MITIGATION_IBPB; /* @@ -2635,6 +2635,13 @@ static void __init srso_select_mitigation(void) */ setup_clear_cpu_cap(X86_FEATURE_UNRET); setup_clear_cpu_cap(X86_FEATURE_RETHUNK); + + /* + * There is no need for RSB filling: entry_ibpb() ensures + * all predictions, including the RSB, are invalidated, + * regardless of IBPB implementation. + */ + setup_clear_cpu_cap(X86_FEATURE_RSB_VMEXIT); } } else { pr_err("WARNING: kernel not compiled with CPU_IBPB_ENTRY.\n"); @@ -2643,8 +2650,8 @@ static void __init srso_select_mitigation(void) break; case SRSO_CMD_IBPB_ON_VMEXIT: - if (IS_ENABLED(CONFIG_CPU_SRSO)) { - if (!boot_cpu_has(X86_FEATURE_ENTRY_IBPB) && has_microcode) { + if (IS_ENABLED(CONFIG_CPU_IBPB_ENTRY)) { + if (has_microcode) { setup_force_cpu_cap(X86_FEATURE_IBPB_ON_VMEXIT); srso_mitigation = SRSO_MITIGATION_IBPB_ON_VMEXIT; @@ -2656,9 +2663,9 @@ static void __init srso_select_mitigation(void) setup_clear_cpu_cap(X86_FEATURE_RSB_VMEXIT); } } else { - pr_err("WARNING: kernel not compiled with CPU_SRSO.\n"); + pr_err("WARNING: kernel not compiled with CPU_IBPB_ENTRY.\n"); goto pred_cmd; - } + } break; default: -- 2.48.1.601.g30ceb7b040-goog

4 months, 2 weeks

3
2
0 0

[PATCH 5.10] x86/cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit

by Patrick Bellasi

commit 318e8c339c9a0891c389298bb328ed0762a9935e upstream. In [1] the meaning of the synthetic IBPB flags has been redefined for a better separation of concerns: - ENTRY_IBPB -- issue IBPB on entry only - IBPB_ON_VMEXIT -- issue IBPB on VM-Exit only and the Retbleed mitigations have been updated to match this new semantics. Commit [2] was merged shortly before [1], and their interaction was not handled properly. This resulted in IBPB not being triggered on VM-Exit in all SRSO mitigation configs requesting an IBPB there. Specifically, an IBPB on VM-Exit is triggered only when X86_FEATURE_IBPB_ON_VMEXIT is set. However: - X86_FEATURE_IBPB_ON_VMEXIT is not set for "spec_rstack_overflow=ibpb", because before [1] having X86_FEATURE_ENTRY_IBPB was enough. Hence, an IBPB is triggered on entry but the expected IBPB on VM-exit is not. - X86_FEATURE_IBPB_ON_VMEXIT is not set also when "spec_rstack_overflow=ibpb-vmexit" if X86_FEATURE_ENTRY_IBPB is already set. That's because before [1] this was effectively redundant. Hence, e.g. a "retbleed=ibpb spec_rstack_overflow=bpb-vmexit" config mistakenly reports the machine still vulnerable to SRSO, despite an IBPB being triggered both on entry and VM-Exit, because of the Retbleed selected mitigation config. - UNTRAIN_RET_VM won't still actually do anything unless CONFIG_MITIGATION_IBPB_ENTRY is set. For "spec_rstack_overflow=ibpb", enable IBPB on both entry and VM-Exit and clear X86_FEATURE_RSB_VMEXIT which is made superfluous by X86_FEATURE_IBPB_ON_VMEXIT. This effectively makes this mitigation option similar to the one for 'retbleed=ibpb', thus re-order the code for the RETBLEED_MITIGATION_IBPB option to be less confusing by having all features enabling before the disabling of the not needed ones. For "spec_rstack_overflow=ibpb-vmexit", guard this mitigation setting with CONFIG_MITIGATION_IBPB_ENTRY to ensure UNTRAIN_RET_VM sequence is effectively compiled in. Drop instead the CONFIG_MITIGATION_SRSO guard, since none of the SRSO compile cruft is required in this configuration. Also, check only that the required microcode is present to effectively enabled the IBPB on VM-Exit. Finally, update the KConfig description for CONFIG_MITIGATION_IBPB_ENTRY to list also all SRSO config settings enabled by this guard. Fixes: 864bcaa38ee4 ("x86/cpu/kvm: Provide UNTRAIN_RET_VM") [1] Fixes: d893832d0e1e ("x86/srso: Add IBPB on VMEXIT") [2] Reported-by: Yosry Ahmed <yosryahmed(a)google.com> Signed-off-by: Patrick Bellasi <derkling(a)google.com> Reviewed-by: Borislav Petkov (AMD) <bp(a)alien8.de> Cc: stable(a)kernel.org Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> --- arch/x86/Kconfig | 3 ++- arch/x86/kernel/cpu/bugs.c | 20 ++++++++++++++------ 2 files changed, 16 insertions(+), 7 deletions(-) diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 0c802ade80406..00ae2e2adcadb 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -2463,7 +2463,8 @@ config CPU_IBPB_ENTRY depends on CPU_SUP_AMD && X86_64 default y help - Compile the kernel with support for the retbleed=ibpb mitigation. + Compile the kernel with support for the retbleed=ibpb and + spec_rstack_overflow={ibpb,ibpb-vmexit} mitigations. config CPU_IBRS_ENTRY bool "Enable IBRS on kernel entry" diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index 0b7f6bcbb8ea9..725f827718a71 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -1061,6 +1061,8 @@ static void __init retbleed_select_mitigation(void) case RETBLEED_MITIGATION_IBPB: setup_force_cpu_cap(X86_FEATURE_ENTRY_IBPB); + setup_force_cpu_cap(X86_FEATURE_IBPB_ON_VMEXIT); + mitigate_smt = true; /* * IBPB on entry already obviates the need for @@ -1070,8 +1072,6 @@ static void __init retbleed_select_mitigation(void) setup_clear_cpu_cap(X86_FEATURE_UNRET); setup_clear_cpu_cap(X86_FEATURE_RETHUNK); - mitigate_smt = true; - /* * There is no need for RSB filling: entry_ibpb() ensures * all predictions, including the RSB, are invalidated, @@ -2469,6 +2469,7 @@ static void __init srso_select_mitigation(void) if (IS_ENABLED(CONFIG_CPU_IBPB_ENTRY)) { if (has_microcode) { setup_force_cpu_cap(X86_FEATURE_ENTRY_IBPB); + setup_force_cpu_cap(X86_FEATURE_IBPB_ON_VMEXIT); srso_mitigation = SRSO_MITIGATION_IBPB; /* @@ -2478,6 +2479,13 @@ static void __init srso_select_mitigation(void) */ setup_clear_cpu_cap(X86_FEATURE_UNRET); setup_clear_cpu_cap(X86_FEATURE_RETHUNK); + + /* + * There is no need for RSB filling: entry_ibpb() ensures + * all predictions, including the RSB, are invalidated, + * regardless of IBPB implementation. + */ + setup_clear_cpu_cap(X86_FEATURE_RSB_VMEXIT); } } else { pr_err("WARNING: kernel not compiled with CPU_IBPB_ENTRY.\n"); @@ -2486,8 +2494,8 @@ static void __init srso_select_mitigation(void) break; case SRSO_CMD_IBPB_ON_VMEXIT: - if (IS_ENABLED(CONFIG_CPU_SRSO)) { - if (!boot_cpu_has(X86_FEATURE_ENTRY_IBPB) && has_microcode) { + if (IS_ENABLED(CONFIG_CPU_IBPB_ENTRY)) { + if (has_microcode) { setup_force_cpu_cap(X86_FEATURE_IBPB_ON_VMEXIT); srso_mitigation = SRSO_MITIGATION_IBPB_ON_VMEXIT; @@ -2499,9 +2507,9 @@ static void __init srso_select_mitigation(void) setup_clear_cpu_cap(X86_FEATURE_RSB_VMEXIT); } } else { - pr_err("WARNING: kernel not compiled with CPU_SRSO.\n"); + pr_err("WARNING: kernel not compiled with CPU_IBPB_ENTRY.\n"); goto pred_cmd; - } + } break; default: -- 2.48.1.601.g30ceb7b040-goog

4 months, 2 weeks

2
1
0 0

[PATCH 6.1] x86/cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit

by Patrick Bellasi

commit 318e8c339c9a0891c389298bb328ed0762a9935e upstream. In [1] the meaning of the synthetic IBPB flags has been redefined for a better separation of concerns: - ENTRY_IBPB -- issue IBPB on entry only - IBPB_ON_VMEXIT -- issue IBPB on VM-Exit only and the Retbleed mitigations have been updated to match this new semantics. Commit [2] was merged shortly before [1], and their interaction was not handled properly. This resulted in IBPB not being triggered on VM-Exit in all SRSO mitigation configs requesting an IBPB there. Specifically, an IBPB on VM-Exit is triggered only when X86_FEATURE_IBPB_ON_VMEXIT is set. However: - X86_FEATURE_IBPB_ON_VMEXIT is not set for "spec_rstack_overflow=ibpb", because before [1] having X86_FEATURE_ENTRY_IBPB was enough. Hence, an IBPB is triggered on entry but the expected IBPB on VM-exit is not. - X86_FEATURE_IBPB_ON_VMEXIT is not set also when "spec_rstack_overflow=ibpb-vmexit" if X86_FEATURE_ENTRY_IBPB is already set. That's because before [1] this was effectively redundant. Hence, e.g. a "retbleed=ibpb spec_rstack_overflow=bpb-vmexit" config mistakenly reports the machine still vulnerable to SRSO, despite an IBPB being triggered both on entry and VM-Exit, because of the Retbleed selected mitigation config. - UNTRAIN_RET_VM won't still actually do anything unless CONFIG_MITIGATION_IBPB_ENTRY is set. For "spec_rstack_overflow=ibpb", enable IBPB on both entry and VM-Exit and clear X86_FEATURE_RSB_VMEXIT which is made superfluous by X86_FEATURE_IBPB_ON_VMEXIT. This effectively makes this mitigation option similar to the one for 'retbleed=ibpb', thus re-order the code for the RETBLEED_MITIGATION_IBPB option to be less confusing by having all features enabling before the disabling of the not needed ones. For "spec_rstack_overflow=ibpb-vmexit", guard this mitigation setting with CONFIG_MITIGATION_IBPB_ENTRY to ensure UNTRAIN_RET_VM sequence is effectively compiled in. Drop instead the CONFIG_MITIGATION_SRSO guard, since none of the SRSO compile cruft is required in this configuration. Also, check only that the required microcode is present to effectively enabled the IBPB on VM-Exit. Finally, update the KConfig description for CONFIG_MITIGATION_IBPB_ENTRY to list also all SRSO config settings enabled by this guard. Fixes: 864bcaa38ee4 ("x86/cpu/kvm: Provide UNTRAIN_RET_VM") [1] Fixes: d893832d0e1e ("x86/srso: Add IBPB on VMEXIT") [2] Reported-by: Yosry Ahmed <yosryahmed(a)google.com> Signed-off-by: Patrick Bellasi <derkling(a)google.com> Reviewed-by: Borislav Petkov (AMD) <bp(a)alien8.de> Cc: stable(a)kernel.org Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> --- arch/x86/Kconfig | 3 ++- arch/x86/kernel/cpu/bugs.c | 20 ++++++++++++++------ 2 files changed, 16 insertions(+), 7 deletions(-) diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 49cea5b81649d..ca8dd7e5585f0 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -2506,7 +2506,8 @@ config CPU_IBPB_ENTRY depends on CPU_SUP_AMD && X86_64 default y help - Compile the kernel with support for the retbleed=ibpb mitigation. + Compile the kernel with support for the retbleed=ibpb and + spec_rstack_overflow={ibpb,ibpb-vmexit} mitigations. config CPU_IBRS_ENTRY bool "Enable IBRS on kernel entry" diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index fa2045ad408a7..03221a060ae77 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -1092,6 +1092,8 @@ static void __init retbleed_select_mitigation(void) case RETBLEED_MITIGATION_IBPB: setup_force_cpu_cap(X86_FEATURE_ENTRY_IBPB); + setup_force_cpu_cap(X86_FEATURE_IBPB_ON_VMEXIT); + mitigate_smt = true; /* * IBPB on entry already obviates the need for @@ -1101,8 +1103,6 @@ static void __init retbleed_select_mitigation(void) setup_clear_cpu_cap(X86_FEATURE_UNRET); setup_clear_cpu_cap(X86_FEATURE_RETHUNK); - mitigate_smt = true; - /* * There is no need for RSB filling: entry_ibpb() ensures * all predictions, including the RSB, are invalidated, @@ -2607,6 +2607,7 @@ static void __init srso_select_mitigation(void) if (IS_ENABLED(CONFIG_CPU_IBPB_ENTRY)) { if (has_microcode) { setup_force_cpu_cap(X86_FEATURE_ENTRY_IBPB); + setup_force_cpu_cap(X86_FEATURE_IBPB_ON_VMEXIT); srso_mitigation = SRSO_MITIGATION_IBPB; /* @@ -2616,6 +2617,13 @@ static void __init srso_select_mitigation(void) */ setup_clear_cpu_cap(X86_FEATURE_UNRET); setup_clear_cpu_cap(X86_FEATURE_RETHUNK); + + /* + * There is no need for RSB filling: entry_ibpb() ensures + * all predictions, including the RSB, are invalidated, + * regardless of IBPB implementation. + */ + setup_clear_cpu_cap(X86_FEATURE_RSB_VMEXIT); } } else { pr_err("WARNING: kernel not compiled with CPU_IBPB_ENTRY.\n"); @@ -2624,8 +2632,8 @@ static void __init srso_select_mitigation(void) break; case SRSO_CMD_IBPB_ON_VMEXIT: - if (IS_ENABLED(CONFIG_CPU_SRSO)) { - if (!boot_cpu_has(X86_FEATURE_ENTRY_IBPB) && has_microcode) { + if (IS_ENABLED(CONFIG_CPU_IBPB_ENTRY)) { + if (has_microcode) { setup_force_cpu_cap(X86_FEATURE_IBPB_ON_VMEXIT); srso_mitigation = SRSO_MITIGATION_IBPB_ON_VMEXIT; @@ -2637,9 +2645,9 @@ static void __init srso_select_mitigation(void) setup_clear_cpu_cap(X86_FEATURE_RSB_VMEXIT); } } else { - pr_err("WARNING: kernel not compiled with CPU_SRSO.\n"); + pr_err("WARNING: kernel not compiled with CPU_IBPB_ENTRY.\n"); goto pred_cmd; - } + } break; default: -- 2.48.1.601.g30ceb7b040-goog

4 months, 2 weeks

2
1
0 0

[PATCH 5.15] x86/cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit

by Patrick Bellasi

commit 318e8c339c9a0891c389298bb328ed0762a9935e upstream. In [1] the meaning of the synthetic IBPB flags has been redefined for a better separation of concerns: - ENTRY_IBPB -- issue IBPB on entry only - IBPB_ON_VMEXIT -- issue IBPB on VM-Exit only and the Retbleed mitigations have been updated to match this new semantics. Commit [2] was merged shortly before [1], and their interaction was not handled properly. This resulted in IBPB not being triggered on VM-Exit in all SRSO mitigation configs requesting an IBPB there. Specifically, an IBPB on VM-Exit is triggered only when X86_FEATURE_IBPB_ON_VMEXIT is set. However: - X86_FEATURE_IBPB_ON_VMEXIT is not set for "spec_rstack_overflow=ibpb", because before [1] having X86_FEATURE_ENTRY_IBPB was enough. Hence, an IBPB is triggered on entry but the expected IBPB on VM-exit is not. - X86_FEATURE_IBPB_ON_VMEXIT is not set also when "spec_rstack_overflow=ibpb-vmexit" if X86_FEATURE_ENTRY_IBPB is already set. That's because before [1] this was effectively redundant. Hence, e.g. a "retbleed=ibpb spec_rstack_overflow=bpb-vmexit" config mistakenly reports the machine still vulnerable to SRSO, despite an IBPB being triggered both on entry and VM-Exit, because of the Retbleed selected mitigation config. - UNTRAIN_RET_VM won't still actually do anything unless CONFIG_MITIGATION_IBPB_ENTRY is set. For "spec_rstack_overflow=ibpb", enable IBPB on both entry and VM-Exit and clear X86_FEATURE_RSB_VMEXIT which is made superfluous by X86_FEATURE_IBPB_ON_VMEXIT. This effectively makes this mitigation option similar to the one for 'retbleed=ibpb', thus re-order the code for the RETBLEED_MITIGATION_IBPB option to be less confusing by having all features enabling before the disabling of the not needed ones. For "spec_rstack_overflow=ibpb-vmexit", guard this mitigation setting with CONFIG_MITIGATION_IBPB_ENTRY to ensure UNTRAIN_RET_VM sequence is effectively compiled in. Drop instead the CONFIG_MITIGATION_SRSO guard, since none of the SRSO compile cruft is required in this configuration. Also, check only that the required microcode is present to effectively enabled the IBPB on VM-Exit. Finally, update the KConfig description for CONFIG_MITIGATION_IBPB_ENTRY to list also all SRSO config settings enabled by this guard. Fixes: 864bcaa38ee4 ("x86/cpu/kvm: Provide UNTRAIN_RET_VM") [1] Fixes: d893832d0e1e ("x86/srso: Add IBPB on VMEXIT") [2] Reported-by: Yosry Ahmed <yosryahmed(a)google.com> Signed-off-by: Patrick Bellasi <derkling(a)google.com> Reviewed-by: Borislav Petkov (AMD) <bp(a)alien8.de> Cc: stable(a)kernel.org Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> --- arch/x86/Kconfig | 3 ++- arch/x86/kernel/cpu/bugs.c | 20 ++++++++++++++------ 2 files changed, 16 insertions(+), 7 deletions(-) diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 2f6312e7ce81f..90ac8d84389cf 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -2449,7 +2449,8 @@ config CPU_IBPB_ENTRY depends on CPU_SUP_AMD && X86_64 default y help - Compile the kernel with support for the retbleed=ibpb mitigation. + Compile the kernel with support for the retbleed=ibpb and + spec_rstack_overflow={ibpb,ibpb-vmexit} mitigations. config CPU_IBRS_ENTRY bool "Enable IBRS on kernel entry" diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index f84d59cd180b3..dfc02fb32375c 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -1092,6 +1092,8 @@ static void __init retbleed_select_mitigation(void) case RETBLEED_MITIGATION_IBPB: setup_force_cpu_cap(X86_FEATURE_ENTRY_IBPB); + setup_force_cpu_cap(X86_FEATURE_IBPB_ON_VMEXIT); + mitigate_smt = true; /* * IBPB on entry already obviates the need for @@ -1101,8 +1103,6 @@ static void __init retbleed_select_mitigation(void) setup_clear_cpu_cap(X86_FEATURE_UNRET); setup_clear_cpu_cap(X86_FEATURE_RETHUNK); - mitigate_smt = true; - /* * There is no need for RSB filling: entry_ibpb() ensures * all predictions, including the RSB, are invalidated, @@ -2607,6 +2607,7 @@ static void __init srso_select_mitigation(void) if (IS_ENABLED(CONFIG_CPU_IBPB_ENTRY)) { if (has_microcode) { setup_force_cpu_cap(X86_FEATURE_ENTRY_IBPB); + setup_force_cpu_cap(X86_FEATURE_IBPB_ON_VMEXIT); srso_mitigation = SRSO_MITIGATION_IBPB; /* @@ -2616,6 +2617,13 @@ static void __init srso_select_mitigation(void) */ setup_clear_cpu_cap(X86_FEATURE_UNRET); setup_clear_cpu_cap(X86_FEATURE_RETHUNK); + + /* + * There is no need for RSB filling: entry_ibpb() ensures + * all predictions, including the RSB, are invalidated, + * regardless of IBPB implementation. + */ + setup_clear_cpu_cap(X86_FEATURE_RSB_VMEXIT); } } else { pr_err("WARNING: kernel not compiled with CPU_IBPB_ENTRY.\n"); @@ -2624,8 +2632,8 @@ static void __init srso_select_mitigation(void) break; case SRSO_CMD_IBPB_ON_VMEXIT: - if (IS_ENABLED(CONFIG_CPU_SRSO)) { - if (!boot_cpu_has(X86_FEATURE_ENTRY_IBPB) && has_microcode) { + if (IS_ENABLED(CONFIG_CPU_IBPB_ENTRY)) { + if (has_microcode) { setup_force_cpu_cap(X86_FEATURE_IBPB_ON_VMEXIT); srso_mitigation = SRSO_MITIGATION_IBPB_ON_VMEXIT; @@ -2637,9 +2645,9 @@ static void __init srso_select_mitigation(void) setup_clear_cpu_cap(X86_FEATURE_RSB_VMEXIT); } } else { - pr_err("WARNING: kernel not compiled with CPU_SRSO.\n"); + pr_err("WARNING: kernel not compiled with CPU_IBPB_ENTRY.\n"); goto pred_cmd; - } + } break; default: -- 2.48.1.601.g30ceb7b040-goog

4 months, 2 weeks

2
1
0 0

[PATCH 6.6 0/3] nilfs2: fix potential kernel BUG on rename operations

by Ryusuke Konishi

Please apply this series to the 6.6-stable tree. This series makes it possible to backport the fix for the BUG_ON check failure on rename operations reported by syzbot. The first two patches are for dependency resolution. Patch 3/3 is the target patch, and it has been tailored to avoid extensive page/folio conversion. This patch set has been tested against the latest 6.6.y. Thanks, Ryusuke Konishi Ryusuke Konishi (3): nilfs2: move page release outside of nilfs_delete_entry and nilfs_set_link nilfs2: eliminate staggered calls to kunmap in nilfs_rename nilfs2: handle errors that nilfs_prepare_chunk() may return fs/nilfs2/dir.c | 24 +++++++++++------------- fs/nilfs2/namei.c | 37 ++++++++++++++++++++----------------- fs/nilfs2/nilfs.h | 10 ++++++++-- 3 files changed, 39 insertions(+), 32 deletions(-) -- 2.43.5

4 months, 2 weeks

2
6
0 0

[PATCH 6.1.y] media: mediatek: vcodec: Fix H264 multi stateless decoder smatch warning

by jetlan9＠163.com

From: Yunfei Dong <yunfei.dong(a)mediatek.com> [ Upstream commit 9be85491619f1953b8a29590ca630be571941ffa ] Fix a smatch static checker warning on vdec_h264_req_multi_if.c. Which leads to a kernel crash when fb is NULL. Fixes: 397edc703a10 ("media: mediatek: vcodec: add h264 decoder driver for mt8186") Signed-off-by: Yunfei Dong <yunfei.dong(a)mediatek.com> Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> Signed-off-by: Sebastian Fricke <sebastian.fricke(a)collabora.com> Signed-off-by: Hans Verkuil <hverkuil-cisco(a)xs4all.nl> [ drivers/media/platform/mediatek/vcodec/decoder/vdec/vdec_h264_req_multi_if.c is renamed from drivers/media/platform/mediatek/vcodec/vdec/vdec_h264_req_multi_if.c since 0934d3759615 ("media: mediatek: vcodec: separate decoder and encoder"). The path is changed accordingly to apply the patch on 6.1.y. ] Signed-off-by: Wenshan Lan <jetlan9(a)163.com> --- .../mediatek/vcodec/vdec/vdec_h264_req_multi_if.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/drivers/media/platform/mediatek/vcodec/vdec/vdec_h264_req_multi_if.c b/drivers/media/platform/mediatek/vcodec/vdec/vdec_h264_req_multi_if.c index 999ce7ee5fdc..6952875ca183 100644 --- a/drivers/media/platform/mediatek/vcodec/vdec/vdec_h264_req_multi_if.c +++ b/drivers/media/platform/mediatek/vcodec/vdec/vdec_h264_req_multi_if.c @@ -729,11 +729,16 @@ static int vdec_h264_slice_single_decode(void *h_vdec, struct mtk_vcodec_mem *bs return vpu_dec_reset(vpu); fb = inst->ctx->dev->vdec_pdata->get_cap_buffer(inst->ctx); + if (!fb) { + mtk_vcodec_err(inst, "fb buffer is NULL"); + return -ENOMEM; + } + src_buf_info = container_of(bs, struct mtk_video_dec_buf, bs_buffer); dst_buf_info = container_of(fb, struct mtk_video_dec_buf, frame_buffer); - y_fb_dma = fb ? (u64)fb->base_y.dma_addr : 0; - c_fb_dma = fb ? (u64)fb->base_c.dma_addr : 0; + y_fb_dma = fb->base_y.dma_addr; + c_fb_dma = fb->base_c.dma_addr; mtk_vcodec_debug(inst, "[h264-dec] [%d] y_dma=%llx c_dma=%llx", inst->ctx->decoded_frame_cnt, y_fb_dma, c_fb_dma); -- 2.34.1

4 months, 2 weeks

2
1
0 0

FAILED: patch "[PATCH] perf/x86/intel: Fix ARCH_PERFMON_NUM_COUNTER_LEAF" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 47a973fd75639fe80d59f9e1860113bb2a0b112b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021817-pull-grievance-de31@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 47a973fd75639fe80d59f9e1860113bb2a0b112b Mon Sep 17 00:00:00 2001 From: Kan Liang <kan.liang(a)linux.intel.com> Date: Wed, 29 Jan 2025 07:48:19 -0800 Subject: [PATCH] perf/x86/intel: Fix ARCH_PERFMON_NUM_COUNTER_LEAF The EAX of the CPUID Leaf 023H enumerates the mask of valid sub-leaves. To tell the availability of the sub-leaf 1 (enumerate the counter mask), perf should check the bit 1 (0x2) of EAS, rather than bit 0 (0x1). The error is not user-visible on bare metal. Because the sub-leaf 0 and the sub-leaf 1 are always available. However, it may bring issues in a virtualization environment when a VMM only enumerates the sub-leaf 0. Introduce the cpuid35_e?x to replace the macros, which makes the implementation style consistent. Fixes: eb467aaac21e ("perf/x86/intel: Support Architectural PerfMon Extension leaf") Signed-off-by: Kan Liang <kan.liang(a)linux.intel.com> Signed-off-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Cc: stable(a)vger.kernel.org Link: https://lkml.kernel.org/r/20250129154820.3755948-3-kan.liang@linux.intel.com diff --git a/arch/x86/events/intel/core.c b/arch/x86/events/intel/core.c index 966f7832497d..f3d5b718f93f 100644 --- a/arch/x86/events/intel/core.c +++ b/arch/x86/events/intel/core.c @@ -4905,20 +4905,22 @@ static inline bool intel_pmu_broken_perf_cap(void) static void update_pmu_cap(struct x86_hybrid_pmu *pmu) { - unsigned int sub_bitmaps, eax, ebx, ecx, edx; + unsigned int cntr, fixed_cntr, ecx, edx; + union cpuid35_eax eax; + union cpuid35_ebx ebx; - cpuid(ARCH_PERFMON_EXT_LEAF, &sub_bitmaps, &ebx, &ecx, &edx); + cpuid(ARCH_PERFMON_EXT_LEAF, &eax.full, &ebx.full, &ecx, &edx); - if (ebx & ARCH_PERFMON_EXT_UMASK2) + if (ebx.split.umask2) pmu->config_mask |= ARCH_PERFMON_EVENTSEL_UMASK2; - if (ebx & ARCH_PERFMON_EXT_EQ) + if (ebx.split.eq) pmu->config_mask |= ARCH_PERFMON_EVENTSEL_EQ; - if (sub_bitmaps & ARCH_PERFMON_NUM_COUNTER_LEAF_BIT) { + if (eax.split.cntr_subleaf) { cpuid_count(ARCH_PERFMON_EXT_LEAF, ARCH_PERFMON_NUM_COUNTER_LEAF, - &eax, &ebx, &ecx, &edx); - pmu->cntr_mask64 = eax; - pmu->fixed_cntr_mask64 = ebx; + &cntr, &fixed_cntr, &ecx, &edx); + pmu->cntr_mask64 = cntr; + pmu->fixed_cntr_mask64 = fixed_cntr; } if (!intel_pmu_broken_perf_cap()) { diff --git a/arch/x86/include/asm/perf_event.h b/arch/x86/include/asm/perf_event.h index 1ac79f361645..0ba8d20f2d1d 100644 --- a/arch/x86/include/asm/perf_event.h +++ b/arch/x86/include/asm/perf_event.h @@ -188,11 +188,33 @@ union cpuid10_edx { * detection/enumeration details: */ #define ARCH_PERFMON_EXT_LEAF 0x00000023 -#define ARCH_PERFMON_EXT_UMASK2 0x1 -#define ARCH_PERFMON_EXT_EQ 0x2 -#define ARCH_PERFMON_NUM_COUNTER_LEAF_BIT 0x1 #define ARCH_PERFMON_NUM_COUNTER_LEAF 0x1 +union cpuid35_eax { + struct { + unsigned int leaf0:1; + /* Counters Sub-Leaf */ + unsigned int cntr_subleaf:1; + /* Auto Counter Reload Sub-Leaf */ + unsigned int acr_subleaf:1; + /* Events Sub-Leaf */ + unsigned int events_subleaf:1; + unsigned int reserved:28; + } split; + unsigned int full; +}; + +union cpuid35_ebx { + struct { + /* UnitMask2 Supported */ + unsigned int umask2:1; + /* EQ-bit Supported */ + unsigned int eq:1; + unsigned int reserved:30; + } split; + unsigned int full; +}; + /* * Intel Architectural LBR CPUID detection/enumeration details: */

4 months, 2 weeks

4
5
0 0

FTBFS: Rust firmware abstractions in current stable (6.13.4) on arm64 with rustc 1.85.0

by NoisyCoil

Hi! The Rust firmware abstractions FTBFS on arm64 and current stable (6.13.4) when compiled with rustc 1.85.0: ``` RUSTC L rust/kernel.o error[E0308]: mismatched types --> rust/kernel/firmware.rs:20:14 | 20 | Self(bindings::request_firmware) | ---- ^^^^^^^^^^^^^^^^^^^^^^^^^^ expected fn pointer, found fn item | | | arguments to this function are incorrect | = note: expected fn pointer `unsafe extern "C" fn(_, *const i8, _) -> _` found fn item `unsafe extern "C" fn(_, *const u8, _) -> _ {request_firmware}` note: tuple struct defined here --> rust/kernel/firmware.rs:14:8 | 14 | struct FwFunc( | ^^^^^^ error[E0308]: mismatched types --> rust/kernel/firmware.rs:24:14 | 24 | Self(bindings::firmware_request_nowarn) | ---- ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ expected fn pointer, found fn item | | | arguments to this function are incorrect | = note: expected fn pointer `unsafe extern "C" fn(_, *const i8, _) -> _` found fn item `unsafe extern "C" fn(_, *const u8, _) -> _ {firmware_request_nowarn}` note: tuple struct defined here --> rust/kernel/firmware.rs:14:8 | 14 | struct FwFunc( | ^^^^^^ error[E0308]: mismatched types --> rust/kernel/firmware.rs:64:45 | 64 | let ret = unsafe { func.0(pfw as _, name.as_char_ptr(), dev.as_raw()) }; | ------ ^^^^^^^^^^^^^^^^^^ expected `*const i8`, found `*const u8` | | | arguments to this function are incorrect | = note: expected raw pointer `*const i8` found raw pointer `*const u8` error: aborting due to 3 previous errors For more information about this error, try `rustc --explain E0308`. ``` This is because rustc 1.85 (now stable) switched core::ffi::c_char from i8 to u8 on arm64 and other platforms [1], and because current stable still uses rustc's core's instead of the custom ffi integer types like 6.14 will. Looking for other i8's in *.rs files tells me only the QR code panic screen should be affected in addition to the firmware abstractions, and that was already reported in [2]. A simple fix would be to switch i8 to u8 in `struct FwFunc`, but that breaks rustc <= 1.84 so I guess a more robust solution is needed. Cheers! [1] https://github.com/rust-lang/rust/pull/132975 [2] https://lore.kernel.org/all/20250120124531.2581448-1-linkmauve@linkmauve.fr/

4 months, 2 weeks

2
2
0 0

[PATCH] ARM: add KEEP() keyword to ARM_VECTORS

by Christian Eggers

Without this, the vectors are removed if LD_DEAD_CODE_DATA_ELIMINATION is enabled. At startup, the CPU (silently) hangs in the undefined instruction exception as soon as the first timer interrupt arrives. On my setup, the system also boots fine without the 2nd and 3rd KEEP() statements, so I cannot tell whether these are actually required. Fixes: ed0f94102251 ("ARM: 9404/1: arm32: enable HAVE_LD_DEAD_CODE_DATA_ELIMINATION") Cc: stable(a)vger.kernel.org Signed-off-by: Christian Eggers <ceggers(a)arri.de> --- arch/arm/include/asm/vmlinux.lds.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/arch/arm/include/asm/vmlinux.lds.h b/arch/arm/include/asm/vmlinux.lds.h index d60f6e83a9f7..f2ff79f740ab 100644 --- a/arch/arm/include/asm/vmlinux.lds.h +++ b/arch/arm/include/asm/vmlinux.lds.h @@ -125,13 +125,13 @@ __vectors_lma = .; \ OVERLAY 0xffff0000 : NOCROSSREFS AT(__vectors_lma) { \ .vectors { \ - *(.vectors) \ + KEEP(*(.vectors)) \ } \ .vectors.bhb.loop8 { \ - *(.vectors.bhb.loop8) \ + KEEP(*(.vectors.bhb.loop8)) \ } \ .vectors.bhb.bpiall { \ - *(.vectors.bhb.bpiall) \ + KEEP(*(.vectors.bhb.bpiall)) \ } \ } \ ARM_LMA(__vectors, .vectors); \ -- 2.44.1

4 months, 2 weeks

2
1
0 0

[PATCH 0/2] A couple of build fixes for x86 when using GCC 15

by Nathan Chancellor

Hi all, GCC 15 changed the default C standard version from gnu17 to gnu23, which reveals a few places in the kernel where a C standard version was not set, resulting in build failures because bool, true, and false are reserved keywords in C23 [1][2]. Update these places to use the same C standard version as the rest of the kernel, gnu11. [1]: https://lore.kernel.org/4OAhbllK7x4QJGpZjkYjtBYNLd_2whHx9oFiuZcGwtVR4hIzvdu… [2]: https://lore.kernel.org/Z4467umXR2PZ0M1H@tucnak/ --- Nathan Chancellor (2): x86/boot: Use '-std=gnu11' to fix build with GCC 15 efi: libstub: Use '-std=gnu11' to fix build with GCC 15 arch/x86/boot/compressed/Makefile | 1 + drivers/firmware/efi/libstub/Makefile | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) --- base-commit: ffd294d346d185b70e28b1a28abe367bbfe53c04 change-id: 20250121-x86-use-std-consistently-gcc-15-f95146e0050f Best regards, -- Nathan Chancellor <nathan(a)kernel.org>

4 months, 2 weeks

5
8
0 0

Quick Response-Integrated Systems Europe 2025 Visitors Leads!

by Grace Green

Hi, Just following up on my previous email regarding the visitor list. Let me know your thoughts, and I'd be happy to provide more details. Best regards, Grace Subject: Integrated Systems Europe 2025! Hi, Would you like to get the latest list of exhibitors and attendees for Integrated Systems Europe 2025? This comprehensive list includes last-minute registrants as well. Event Details: Location: Fira Barcelona Gran Via, Barcelona, Spain Exhibitors: 1,460 Attendees: 73,891 Available Data Fields: Individual Email Address, Phone Number, Contact Name, Job Title, Company Name, Website, Physical Address, and more. Let me know if you're interested in the attendees list, exhibitors list, or both! I’d be happy to share pricing and additional details. Looking forward to your response! Best regards, Grace Green Sr. Demand Generation P.S. If you’d prefer not to receive updates, simply reply with “NO.”

4 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] batman-adv: Drop unmanaged ELP metric worker" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 8c8ecc98f5c65947b0070a24bac11e12e47cc65d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021841-atrium-settle-8b58@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8c8ecc98f5c65947b0070a24bac11e12e47cc65d Mon Sep 17 00:00:00 2001 From: Sven Eckelmann <sven(a)narfation.org> Date: Mon, 20 Jan 2025 00:06:11 +0100 Subject: [PATCH] batman-adv: Drop unmanaged ELP metric worker The ELP worker needs to calculate new metric values for all neighbors "reachable" over an interface. Some of the used metric sources require locks which might need to sleep. This sleep is incompatible with the RCU list iterator used for the recorded neighbors. The initial approach to work around of this problem was to queue another work item per neighbor and then run this in a new context. Even when this solved the RCU vs might_sleep() conflict, it has a major problems: Nothing was stopping the work item in case it is not needed anymore - for example because one of the related interfaces was removed or the batman-adv module was unloaded - resulting in potential invalid memory accesses. Directly canceling the metric worker also has various problems: * cancel_work_sync for a to-be-deactivated interface is called with rtnl_lock held. But the code in the ELP metric worker also tries to use rtnl_lock() - which will never return in this case. This also means that cancel_work_sync would never return because it is waiting for the worker to finish. * iterating over the neighbor list for the to-be-deactivated interface is currently done using the RCU specific methods. Which means that it is possible to miss items when iterating over it without the associated spinlock - a behaviour which is acceptable for a periodic metric check but not for a cleanup routine (which must "stop" all still running workers) The better approch is to get rid of the per interface neighbor metric worker and handle everything in the interface worker. The original problems are solved by: * creating a list of neighbors which require new metric information inside the RCU protected context, gathering the metric according to the new list outside the RCU protected context * only use rcu_trylock inside metric gathering code to avoid a deadlock when the cancel_delayed_work_sync is called in the interface removal code (which is called with the rtnl_lock held) Cc: stable(a)vger.kernel.org Fixes: c833484e5f38 ("batman-adv: ELP - compute the metric based on the estimated throughput") Signed-off-by: Sven Eckelmann <sven(a)narfation.org> Signed-off-by: Simon Wunderlich <sw(a)simonwunderlich.de> diff --git a/net/batman-adv/bat_v.c b/net/batman-adv/bat_v.c index ac11f1f08db0..d35479c465e2 100644 --- a/net/batman-adv/bat_v.c +++ b/net/batman-adv/bat_v.c @@ -113,8 +113,6 @@ static void batadv_v_hardif_neigh_init(struct batadv_hardif_neigh_node *hardif_neigh) { ewma_throughput_init(&hardif_neigh->bat_v.throughput); - INIT_WORK(&hardif_neigh->bat_v.metric_work, - batadv_v_elp_throughput_metric_update); } /** diff --git a/net/batman-adv/bat_v_elp.c b/net/batman-adv/bat_v_elp.c index 65e52de52bcd..b065578b4436 100644 --- a/net/batman-adv/bat_v_elp.c +++ b/net/batman-adv/bat_v_elp.c @@ -18,6 +18,7 @@ #include <linux/if_ether.h> #include <linux/jiffies.h> #include <linux/kref.h> +#include <linux/list.h> #include <linux/minmax.h> #include <linux/netdevice.h> #include <linux/nl80211.h> @@ -26,6 +27,7 @@ #include <linux/rcupdate.h> #include <linux/rtnetlink.h> #include <linux/skbuff.h> +#include <linux/slab.h> #include <linux/stddef.h> #include <linux/string.h> #include <linux/types.h> @@ -41,6 +43,18 @@ #include "routing.h" #include "send.h" +/** + * struct batadv_v_metric_queue_entry - list of hardif neighbors which require + * and metric update + */ +struct batadv_v_metric_queue_entry { + /** @hardif_neigh: hardif neighbor scheduled for metric update */ + struct batadv_hardif_neigh_node *hardif_neigh; + + /** @list: list node for metric_queue */ + struct list_head list; +}; + /** * batadv_v_elp_start_timer() - restart timer for ELP periodic work * @hard_iface: the interface for which the timer has to be reset @@ -137,10 +151,17 @@ static bool batadv_v_elp_get_throughput(struct batadv_hardif_neigh_node *neigh, goto default_throughput; } + /* only use rtnl_trylock because the elp worker will be cancelled while + * the rntl_lock is held. the cancel_delayed_work_sync() would otherwise + * wait forever when the elp work_item was started and it is then also + * trying to rtnl_lock + */ + if (!rtnl_trylock()) + return false; + /* if not a wifi interface, check if this device provides data via * ethtool (e.g. an Ethernet adapter) */ - rtnl_lock(); ret = __ethtool_get_link_ksettings(hard_iface->net_dev, &link_settings); rtnl_unlock(); if (ret == 0) { @@ -175,31 +196,19 @@ static bool batadv_v_elp_get_throughput(struct batadv_hardif_neigh_node *neigh, /** * batadv_v_elp_throughput_metric_update() - worker updating the throughput * metric of a single hop neighbour - * @work: the work queue item + * @neigh: the neighbour to probe */ -void batadv_v_elp_throughput_metric_update(struct work_struct *work) +static void +batadv_v_elp_throughput_metric_update(struct batadv_hardif_neigh_node *neigh) { - struct batadv_hardif_neigh_node_bat_v *neigh_bat_v; - struct batadv_hardif_neigh_node *neigh; u32 throughput; bool valid; - neigh_bat_v = container_of(work, struct batadv_hardif_neigh_node_bat_v, - metric_work); - neigh = container_of(neigh_bat_v, struct batadv_hardif_neigh_node, - bat_v); - valid = batadv_v_elp_get_throughput(neigh, &throughput); if (!valid) - goto put_neigh; + return; ewma_throughput_add(&neigh->bat_v.throughput, throughput); - -put_neigh: - /* decrement refcounter to balance increment performed before scheduling - * this task - */ - batadv_hardif_neigh_put(neigh); } /** @@ -273,14 +282,16 @@ batadv_v_elp_wifi_neigh_probe(struct batadv_hardif_neigh_node *neigh) */ static void batadv_v_elp_periodic_work(struct work_struct *work) { + struct batadv_v_metric_queue_entry *metric_entry; + struct batadv_v_metric_queue_entry *metric_safe; struct batadv_hardif_neigh_node *hardif_neigh; struct batadv_hard_iface *hard_iface; struct batadv_hard_iface_bat_v *bat_v; struct batadv_elp_packet *elp_packet; + struct list_head metric_queue; struct batadv_priv *bat_priv; struct sk_buff *skb; u32 elp_interval; - bool ret; bat_v = container_of(work, struct batadv_hard_iface_bat_v, elp_wq.work); hard_iface = container_of(bat_v, struct batadv_hard_iface, bat_v); @@ -316,6 +327,8 @@ static void batadv_v_elp_periodic_work(struct work_struct *work) atomic_inc(&hard_iface->bat_v.elp_seqno); + INIT_LIST_HEAD(&metric_queue); + /* The throughput metric is updated on each sent packet. This way, if a * node is dead and no longer sends packets, batman-adv is still able to * react timely to its death. @@ -340,16 +353,28 @@ static void batadv_v_elp_periodic_work(struct work_struct *work) /* Reading the estimated throughput from cfg80211 is a task that * may sleep and that is not allowed in an rcu protected - * context. Therefore schedule a task for that. + * context. Therefore add it to metric_queue and process it + * outside rcu protected context. */ - ret = queue_work(batadv_event_workqueue, - &hardif_neigh->bat_v.metric_work); - - if (!ret) + metric_entry = kzalloc(sizeof(*metric_entry), GFP_ATOMIC); + if (!metric_entry) { batadv_hardif_neigh_put(hardif_neigh); + continue; + } + + metric_entry->hardif_neigh = hardif_neigh; + list_add(&metric_entry->list, &metric_queue); } rcu_read_unlock(); + list_for_each_entry_safe(metric_entry, metric_safe, &metric_queue, list) { + batadv_v_elp_throughput_metric_update(metric_entry->hardif_neigh); + + batadv_hardif_neigh_put(metric_entry->hardif_neigh); + list_del(&metric_entry->list); + kfree(metric_entry); + } + restart_timer: batadv_v_elp_start_timer(hard_iface); out: diff --git a/net/batman-adv/bat_v_elp.h b/net/batman-adv/bat_v_elp.h index 9e2740195fa2..c9cb0a307100 100644 --- a/net/batman-adv/bat_v_elp.h +++ b/net/batman-adv/bat_v_elp.h @@ -10,7 +10,6 @@ #include "main.h" #include <linux/skbuff.h> -#include <linux/workqueue.h> int batadv_v_elp_iface_enable(struct batadv_hard_iface *hard_iface); void batadv_v_elp_iface_disable(struct batadv_hard_iface *hard_iface); @@ -19,6 +18,5 @@ void batadv_v_elp_iface_activate(struct batadv_hard_iface *primary_iface, void batadv_v_elp_primary_iface_set(struct batadv_hard_iface *primary_iface); int batadv_v_elp_packet_recv(struct sk_buff *skb, struct batadv_hard_iface *if_incoming); -void batadv_v_elp_throughput_metric_update(struct work_struct *work); #endif /* _NET_BATMAN_ADV_BAT_V_ELP_H_ */ diff --git a/net/batman-adv/types.h b/net/batman-adv/types.h index 04f6398b3a40..85a50096f5b2 100644 --- a/net/batman-adv/types.h +++ b/net/batman-adv/types.h @@ -596,9 +596,6 @@ struct batadv_hardif_neigh_node_bat_v { * neighbor */ unsigned long last_unicast_tx; - - /** @metric_work: work queue callback item for metric update */ - struct work_struct metric_work; }; /**

4 months, 3 weeks

3
6
0 0

[to-be-updated] panic-call-panic-handlers-before-panic_other_cpus_shutdown.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: panic: call panic handlers before panic_other_cpus_shutdown() has been removed from the -mm tree. Its filename was panic-call-panic-handlers-before-panic_other_cpus_shutdown.patch This patch was dropped because an updated version will be issued ------------------------------------------------------ From: Hamza Mahfooz <hamzamahfooz(a)linux.microsoft.com> Subject: panic: call panic handlers before panic_other_cpus_shutdown() Date: Fri, 21 Feb 2025 16:30:52 -0500 Since the panic handlers may require certain cpus to be online to panic gracefully, we should call them before turning off SMP. Without this re-ordering, on Hyper-V hv_panic_vmbus_unload() times out, because the vmbus channel is bound to VMBUS_CONNECT_CPU and unless the crashing cpu is the same as VMBUS_CONNECT_CPU, VMBUS_CONNECT_CPU will be offlined by crash_smp_send_stop() before the vmbus channel can be deconstructed. Link: https://lkml.kernel.org/r/20250221213055.133849-1-hamzamahfooz@linux.micros… Signed-off-by: Hamza Mahfooz <hamzamahfooz(a)linux.microsoft.com> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Baoquan he <bhe(a)redhat.com> Cc: Dexuan Cui <decui(a)microsoft.com> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: Haiyang Zhang <haiyangz(a)microsoft.com> Cc: Hamza Mahfooz <hamzamahfooz(a)linux.microsoft.com> Cc: Jani Nikula <jani.nikula(a)intel.com> Cc: John Ogness <john.ogness(a)linutronix.de> Cc: Petr Mladek <pmladek(a)suse.com> Cc: Ryo Takakura <takakura(a)valinux.co.jp> Cc: Wei Liu <wei.liu(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- kernel/panic.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) --- a/kernel/panic.c~panic-call-panic-handlers-before-panic_other_cpus_shutdown +++ a/kernel/panic.c @@ -372,16 +372,16 @@ void panic(const char *fmt, ...) if (!_crash_kexec_post_notifiers) __crash_kexec(NULL); - panic_other_cpus_shutdown(_crash_kexec_post_notifiers); - - printk_legacy_allow_panic_sync(); - /* * Run any panic handlers, including those that might need to * add information to the kmsg dump output. */ atomic_notifier_call_chain(&panic_notifier_list, 0, buf); + panic_other_cpus_shutdown(_crash_kexec_post_notifiers); + + printk_legacy_allow_panic_sync(); + panic_print_sys_info(false); kmsg_dump_desc(KMSG_DUMP_PANIC, buf); _ Patches currently in -mm which might be from hamzamahfooz(a)linux.microsoft.com are

4 months, 3 weeks

1
0
0 0

+ panic-call-panic-handlers-before-panic_other_cpus_shutdown.patch added to mm-nonmm-unstable branch

by Andrew Morton

The patch titled Subject: panic: call panic handlers before panic_other_cpus_shutdown() has been added to the -mm mm-nonmm-unstable branch. Its filename is panic-call-panic-handlers-before-panic_other_cpus_shutdown.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-nonmm-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Hamza Mahfooz <hamzamahfooz(a)linux.microsoft.com> Subject: panic: call panic handlers before panic_other_cpus_shutdown() Date: Fri, 21 Feb 2025 16:30:52 -0500 Since the panic handlers may require certain cpus to be online to panic gracefully, we should call them before turning off SMP. Without this re-ordering, on Hyper-V hv_panic_vmbus_unload() times out, because the vmbus channel is bound to VMBUS_CONNECT_CPU and unless the crashing cpu is the same as VMBUS_CONNECT_CPU, VMBUS_CONNECT_CPU will be offlined by crash_smp_send_stop() before the vmbus channel can be deconstructed. Link: https://lkml.kernel.org/r/20250221213055.133849-1-hamzamahfooz@linux.micros… Signed-off-by: Hamza Mahfooz <hamzamahfooz(a)linux.microsoft.com> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Baoquan he <bhe(a)redhat.com> Cc: Dexuan Cui <decui(a)microsoft.com> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: Haiyang Zhang <haiyangz(a)microsoft.com> Cc: Hamza Mahfooz <hamzamahfooz(a)linux.microsoft.com> Cc: Jani Nikula <jani.nikula(a)intel.com> Cc: John Ogness <john.ogness(a)linutronix.de> Cc: Petr Mladek <pmladek(a)suse.com> Cc: Ryo Takakura <takakura(a)valinux.co.jp> Cc: Wei Liu <wei.liu(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- kernel/panic.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) --- a/kernel/panic.c~panic-call-panic-handlers-before-panic_other_cpus_shutdown +++ a/kernel/panic.c @@ -372,16 +372,16 @@ void panic(const char *fmt, ...) if (!_crash_kexec_post_notifiers) __crash_kexec(NULL); - panic_other_cpus_shutdown(_crash_kexec_post_notifiers); - - printk_legacy_allow_panic_sync(); - /* * Run any panic handlers, including those that might need to * add information to the kmsg dump output. */ atomic_notifier_call_chain(&panic_notifier_list, 0, buf); + panic_other_cpus_shutdown(_crash_kexec_post_notifiers); + + printk_legacy_allow_panic_sync(); + panic_print_sys_info(false); kmsg_dump_desc(KMSG_DUMP_PANIC, buf); _ Patches currently in -mm which might be from hamzamahfooz(a)linux.microsoft.com are panic-call-panic-handlers-before-panic_other_cpus_shutdown.patch

4 months, 3 weeks

2
1
0 0

[PATCH RESEND net-next] net: stmmac: dwmac-rk: Provide FIFO sizes for DWMAC 1000

by Chen-Yu Tsai

From: Chen-Yu Tsai <wens(a)csie.org> The DWMAC 1000 DMA capabilities register does not provide actual FIFO sizes, nor does the driver really care. If they are not provided via some other means, the driver will work fine, only disallowing changing the MTU setting. The recent commit 8865d22656b4 ("net: stmmac: Specify hardware capability value when FIFO size isn't specified") changed this by requiring the FIFO sizes to be provided, breaking devices that were working just fine. Provide the FIFO sizes through the driver's platform data, to not only fix the breakage, but also enable MTU changes. The FIFO sizes are confirmed to be the same across RK3288, RK3328, RK3399 and PX30, based on their respective manuals. It is likely that Rockchip synthesized their DWMAC 1000 with the same parameters on all their chips that have it. Fixes: eaf4fac47807 ("net: stmmac: Do not accept invalid MTU values") Fixes: 8865d22656b4 ("net: stmmac: Specify hardware capability value when FIFO size isn't specified") Cc: <stable(a)vger.kernel.org> Signed-off-by: Chen-Yu Tsai <wens(a)csie.org> --- (Resending to net-next instead of netdev.) The commit that broke things has already been reverted in netdev. The reason for stable inclusion is not to fix the device breakage (which only broke in v6.14-rc1), but to provide the values so that MTU changes can work in older kernels. drivers/net/ethernet/stmicro/stmmac/dwmac-rk.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/net/ethernet/stmicro/stmmac/dwmac-rk.c b/drivers/net/ethernet/stmicro/stmmac/dwmac-rk.c index a4dc89e23a68..71a4c4967467 100644 --- a/drivers/net/ethernet/stmicro/stmmac/dwmac-rk.c +++ b/drivers/net/ethernet/stmicro/stmmac/dwmac-rk.c @@ -1966,8 +1966,11 @@ static int rk_gmac_probe(struct platform_device *pdev) /* If the stmmac is not already selected as gmac4, * then make sure we fallback to gmac. */ - if (!plat_dat->has_gmac4) + if (!plat_dat->has_gmac4) { plat_dat->has_gmac = true; + plat_dat->rx_fifo_size = 4096; + plat_dat->tx_fifo_size = 2048; + } plat_dat->fix_mac_speed = rk_fix_speed; plat_dat->bsp_priv = rk_gmac_setup(pdev, plat_dat, data); -- 2.39.5

4 months, 3 weeks

2
1
0 0

[PATCH] s390/tty: Fix a potential memory leak bug

by Haoxiang Li

The check for get_zeroed_page() leads to a direct return and overlooked the memory leak caused by loop allocation. Add a free helper to free spaces allocated by get_zeroed_page(). Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable(a)vger.kernel.org Signed-off-by: Haoxiang Li <haoxiang_li2024(a)163.com> --- drivers/s390/char/sclp_tty.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/drivers/s390/char/sclp_tty.c b/drivers/s390/char/sclp_tty.c index 892c18d2f87e..99de33694fe3 100644 --- a/drivers/s390/char/sclp_tty.c +++ b/drivers/s390/char/sclp_tty.c @@ -490,6 +490,17 @@ static const struct tty_operations sclp_ops = { .flush_buffer = sclp_tty_flush_buffer, }; +/* Release allocated pages. */ +static void __init __sclp_tty_free_pages(void) +{ + struct list_head *page, *p; + + list_for_each_safe(page, p, &sclp_tty_pages) { + list_del(page); + free_page((unsigned long) page); + } +} + static int __init sclp_tty_init(void) { @@ -516,6 +527,7 @@ sclp_tty_init(void) for (i = 0; i < MAX_KMEM_PAGES; i++) { page = (void *) get_zeroed_page(GFP_KERNEL | GFP_DMA); if (page == NULL) { + __sclp_tty_free_pages(); tty_driver_kref_put(driver); return -ENOMEM; } -- 2.25.1

4 months, 3 weeks

3
2
0 0

[PATCH v2] s390/sclp: Add check for get_zeroed_page()

by Haoxiang Li

Add check for the return value of get_zeroed_page() in sclp_console_init() to prevent null pointer dereference. Furthermore, to solve the memory leak caused by the loop allocation, add a free helper to do the free job. Fixes: 4c8f4794b61e ("[S390] sclp console: convert from bootmem to slab") Cc: stable(a)vger.kernel.org Signed-off-by: Haoxiang Li <haoxiang_li2024(a)163.com> --- Changes in v2: - Add a free helper to solve the memory leak caused by loop allocation. - Thanks Heiko! I realized that v1 patch overlooked a potential memory leak. After consideration, I choose to do the full exercise. I noticed a similar handling in [1], following that handling I submit this v2 patch. Thanks again! Reference link: [1]https://github.com/torvalds/linux/blob/master/drivers/s390/char/sclp_vt22… --- drivers/s390/char/sclp_con.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/drivers/s390/char/sclp_con.c b/drivers/s390/char/sclp_con.c index e5d947c763ea..c87b0c204718 100644 --- a/drivers/s390/char/sclp_con.c +++ b/drivers/s390/char/sclp_con.c @@ -263,6 +263,19 @@ static struct console sclp_console = .index = 0 /* ttyS0 */ }; +/* + * Release allocated pages. + */ +static void __init __sclp_console_free_pages(void) +{ + struct list_head *page, *p; + + list_for_each_safe(page, p, &sclp_con_pages) { + list_del(page); + free_page((unsigned long) page); + } +} + /* * called by console_init() in drivers/char/tty_io.c at boot-time. */ @@ -282,6 +295,10 @@ sclp_console_init(void) /* Allocate pages for output buffering */ for (i = 0; i < sclp_console_pages; i++) { page = (void *) get_zeroed_page(GFP_KERNEL | GFP_DMA); + if (!page) { + __sclp_console_free_pages(); + return -ENOMEM; + } list_add_tail(page, &sclp_con_pages); } sclp_conbuf = NULL; -- 2.25.1

4 months, 3 weeks

3
2
0 0

Backporting patches to resolve rsa-caam self-test issues in kernel 5.10.231

by Kamila Sionek

Dear Maintainers, I would like to bring to your attention the need for a backport of several patches to the 5.10.X kernel to address issues with self-tests for rsa-caam. In kernel version 5.10.231-rt123, the introduction of commit dead96e1c748ff84ecac83ea3c5a4d7a2e57e051 (crypto: caam - add error check to caam_rsa_set_priv_key_form), which added checks for memory allocation errors, has caused the self-test for rsa-caam to fail in FIPS mode, resulting in the following error message: alg: akcipher: test 1 failed for rsa-caam, err=-12 Kernel panic - not syncing: alg: self-tests for rsa-caam (rsa) failed in fips mode! The following patches should be backported to resolve this issue: 8aaa4044999863199124991dfa489fd248d73789 (crypto: testmgr - some more fixes to RSA test vectors) d824c61df41758f8c045e9522e850b615ee0ca1c (crypto: testmgr - populate RSA CRT parameters in RSA test vectors) ceb31f1c4c6894c4f9e65f4381781917a7a4c898 (crypto: testmgr - fix version number of RSA tests) 88c2d62e7920edb50661656c85932b5cd100069b (crypto: testmgr - Fix wrong test case of RSA) 1040cf9c9e7518600e7fcc24764d1c4b8a1b62f5 (crypto: testmgr - fix wrong key length for pkcs1pad) Thank you for your attention to this matter. Regards, Kamila Sionek General Business

4 months, 3 weeks

2
1
0 0

[PATCH] perf/x86/intel: Fix event constraints for LNC

by kan.liang＠linux.intel.com

From: Kan Liang <kan.liang(a)linux.intel.com> According to the latest event list, update the event constraint tables for Lion Cove core. The general rule (the event codes < 0x90 are restricted to counters 0-3.) has been removed. There is no restriction for most of the performance monitoring events. Fixes: a932aa0e868f ("perf/x86: Add Lunar Lake and Arrow Lake support") Reported-by: Amiri Khalil <amiri.khalil(a)intel.com> Signed-off-by: Kan Liang <kan.liang(a)linux.intel.com> Cc: stable(a)vger.kernel.org --- arch/x86/events/intel/core.c | 20 +++++++------------- arch/x86/events/intel/ds.c | 2 +- 2 files changed, 8 insertions(+), 14 deletions(-) diff --git a/arch/x86/events/intel/core.c b/arch/x86/events/intel/core.c index da70526194b0..051a5bea0568 100644 --- a/arch/x86/events/intel/core.c +++ b/arch/x86/events/intel/core.c @@ -397,34 +397,28 @@ static struct event_constraint intel_lnc_event_constraints[] = { METRIC_EVENT_CONSTRAINT(INTEL_TD_METRIC_FETCH_LAT, 6), METRIC_EVENT_CONSTRAINT(INTEL_TD_METRIC_MEM_BOUND, 7), + INTEL_EVENT_CONSTRAINT(0x20, 0xf), + + INTEL_UEVENT_CONSTRAINT(0x012a, 0xf), + INTEL_UEVENT_CONSTRAINT(0x012b, 0xf), INTEL_UEVENT_CONSTRAINT(0x0148, 0x4), INTEL_UEVENT_CONSTRAINT(0x0175, 0x4), INTEL_EVENT_CONSTRAINT(0x2e, 0x3ff), INTEL_EVENT_CONSTRAINT(0x3c, 0x3ff), - /* - * Generally event codes < 0x90 are restricted to counters 0-3. - * The 0x2E and 0x3C are exception, which has no restriction. - */ - INTEL_EVENT_CONSTRAINT_RANGE(0x01, 0x8f, 0xf), - INTEL_UEVENT_CONSTRAINT(0x01a3, 0xf), - INTEL_UEVENT_CONSTRAINT(0x02a3, 0xf), INTEL_UEVENT_CONSTRAINT(0x08a3, 0x4), INTEL_UEVENT_CONSTRAINT(0x0ca3, 0x4), INTEL_UEVENT_CONSTRAINT(0x04a4, 0x1), INTEL_UEVENT_CONSTRAINT(0x08a4, 0x1), INTEL_UEVENT_CONSTRAINT(0x10a4, 0x1), INTEL_UEVENT_CONSTRAINT(0x01b1, 0x8), + INTEL_UEVENT_CONSTRAINT(0x01cd, 0x3fc), INTEL_UEVENT_CONSTRAINT(0x02cd, 0x3), - INTEL_EVENT_CONSTRAINT(0xce, 0x1), INTEL_EVENT_CONSTRAINT_RANGE(0xd0, 0xdf, 0xf), - /* - * Generally event codes >= 0x90 are likely to have no restrictions. - * The exception are defined as above. - */ - INTEL_EVENT_CONSTRAINT_RANGE(0x90, 0xfe, 0x3ff), + + INTEL_UEVENT_CONSTRAINT(0x00e0, 0xf), EVENT_CONSTRAINT_END }; diff --git a/arch/x86/events/intel/ds.c b/arch/x86/events/intel/ds.c index df9499d6e4dc..a04618c47f05 100644 --- a/arch/x86/events/intel/ds.c +++ b/arch/x86/events/intel/ds.c @@ -1199,7 +1199,7 @@ struct event_constraint intel_lnc_pebs_event_constraints[] = { INTEL_FLAGS_UEVENT_CONSTRAINT(0x100, 0x100000000ULL), /* INST_RETIRED.PREC_DIST */ INTEL_FLAGS_UEVENT_CONSTRAINT(0x0400, 0x800000000ULL), - INTEL_HYBRID_LDLAT_CONSTRAINT(0x1cd, 0x3ff), + INTEL_HYBRID_LDLAT_CONSTRAINT(0x1cd, 0x3fc), INTEL_HYBRID_STLAT_CONSTRAINT(0x2cd, 0x3), INTEL_FLAGS_UEVENT_CONSTRAINT_DATALA_LD(0x11d0, 0xf), /* MEM_INST_RETIRED.STLB_MISS_LOADS */ INTEL_FLAGS_UEVENT_CONSTRAINT_DATALA_ST(0x12d0, 0xf), /* MEM_INST_RETIRED.STLB_MISS_STORES */ -- 2.38.1

4 months, 3 weeks

2
1
0 0

[PATCH] x86/tsc: Always save/restore TSC sched_clock on suspend/resume

by Guilherme G. Piccoli

TSC could be reset in deep ACPI sleep states, even with invariant TSC. That's the reason we have sched_clock() save/restore functions, to deal with this situation. But happens that such functions are guarded with a check for the stability of sched_clock - if not considered stable, the save/restore routines aren't executed. On top of that, we have a clear comment on native_sched_clock() saying that *even* with TSC unstable, we continue using TSC for sched_clock due to its speed. In other words, if we have a situation of TSC getting detected as unstable, it marks the sched_clock as unstable as well, so subsequent S3 sleep cycles could bring bogus sched_clock values due to the lack of the save/restore mechanism, causing warnings like this: [22.954918] ------------[ cut here ]------------ [22.954923] Delta way too big! 18446743750843854390 ts=18446744072977390405 before=322133536015 after=322133536015 write stamp=18446744072977390405 [22.954923] If you just came from a suspend/resume, [22.954923] please switch to the trace global clock: [22.954923] echo global > /sys/kernel/tracing/trace_clock [22.954923] or add trace_clock=global to the kernel command line [22.954937] WARNING: CPU: 2 PID: 5728 at kernel/trace/ring_buffer.c:2890 rb_add_timestamp+0x193/0x1c0 Notice that the above was reproduced even with "trace_clock=global". The fix for that is to _always_ save/restore the sched_clock on suspend cycle _if TSC is used_ as sched_clock - only if we fallback to jiffies the sched_clock_stable() check becomes relevant to save/restore the sched_clock. Cc: stable(a)vger.kernel.org Signed-off-by: Guilherme G. Piccoli <gpiccoli(a)igalia.com> --- arch/x86/kernel/tsc.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/x86/kernel/tsc.c b/arch/x86/kernel/tsc.c index 34dec0b72ea8..88e5a4ed9db3 100644 --- a/arch/x86/kernel/tsc.c +++ b/arch/x86/kernel/tsc.c @@ -959,7 +959,7 @@ static unsigned long long cyc2ns_suspend; void tsc_save_sched_clock_state(void) { - if (!sched_clock_stable()) + if (!static_branch_likely(&__use_tsc) && !sched_clock_stable()) return; cyc2ns_suspend = sched_clock(); @@ -979,7 +979,7 @@ void tsc_restore_sched_clock_state(void) unsigned long flags; int cpu; - if (!sched_clock_stable()) + if (!static_branch_likely(&__use_tsc) && !sched_clock_stable()) return; local_irq_save(flags); -- 2.47.1

4 months, 3 weeks

3
3
0 0

FAILED: patch "[PATCH] batman-adv: Drop unmanaged ELP metric worker" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 8c8ecc98f5c65947b0070a24bac11e12e47cc65d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021839-primal-stiffen-ba9e@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8c8ecc98f5c65947b0070a24bac11e12e47cc65d Mon Sep 17 00:00:00 2001 From: Sven Eckelmann <sven(a)narfation.org> Date: Mon, 20 Jan 2025 00:06:11 +0100 Subject: [PATCH] batman-adv: Drop unmanaged ELP metric worker The ELP worker needs to calculate new metric values for all neighbors "reachable" over an interface. Some of the used metric sources require locks which might need to sleep. This sleep is incompatible with the RCU list iterator used for the recorded neighbors. The initial approach to work around of this problem was to queue another work item per neighbor and then run this in a new context. Even when this solved the RCU vs might_sleep() conflict, it has a major problems: Nothing was stopping the work item in case it is not needed anymore - for example because one of the related interfaces was removed or the batman-adv module was unloaded - resulting in potential invalid memory accesses. Directly canceling the metric worker also has various problems: * cancel_work_sync for a to-be-deactivated interface is called with rtnl_lock held. But the code in the ELP metric worker also tries to use rtnl_lock() - which will never return in this case. This also means that cancel_work_sync would never return because it is waiting for the worker to finish. * iterating over the neighbor list for the to-be-deactivated interface is currently done using the RCU specific methods. Which means that it is possible to miss items when iterating over it without the associated spinlock - a behaviour which is acceptable for a periodic metric check but not for a cleanup routine (which must "stop" all still running workers) The better approch is to get rid of the per interface neighbor metric worker and handle everything in the interface worker. The original problems are solved by: * creating a list of neighbors which require new metric information inside the RCU protected context, gathering the metric according to the new list outside the RCU protected context * only use rcu_trylock inside metric gathering code to avoid a deadlock when the cancel_delayed_work_sync is called in the interface removal code (which is called with the rtnl_lock held) Cc: stable(a)vger.kernel.org Fixes: c833484e5f38 ("batman-adv: ELP - compute the metric based on the estimated throughput") Signed-off-by: Sven Eckelmann <sven(a)narfation.org> Signed-off-by: Simon Wunderlich <sw(a)simonwunderlich.de> diff --git a/net/batman-adv/bat_v.c b/net/batman-adv/bat_v.c index ac11f1f08db0..d35479c465e2 100644 --- a/net/batman-adv/bat_v.c +++ b/net/batman-adv/bat_v.c @@ -113,8 +113,6 @@ static void batadv_v_hardif_neigh_init(struct batadv_hardif_neigh_node *hardif_neigh) { ewma_throughput_init(&hardif_neigh->bat_v.throughput); - INIT_WORK(&hardif_neigh->bat_v.metric_work, - batadv_v_elp_throughput_metric_update); } /** diff --git a/net/batman-adv/bat_v_elp.c b/net/batman-adv/bat_v_elp.c index 65e52de52bcd..b065578b4436 100644 --- a/net/batman-adv/bat_v_elp.c +++ b/net/batman-adv/bat_v_elp.c @@ -18,6 +18,7 @@ #include <linux/if_ether.h> #include <linux/jiffies.h> #include <linux/kref.h> +#include <linux/list.h> #include <linux/minmax.h> #include <linux/netdevice.h> #include <linux/nl80211.h> @@ -26,6 +27,7 @@ #include <linux/rcupdate.h> #include <linux/rtnetlink.h> #include <linux/skbuff.h> +#include <linux/slab.h> #include <linux/stddef.h> #include <linux/string.h> #include <linux/types.h> @@ -41,6 +43,18 @@ #include "routing.h" #include "send.h" +/** + * struct batadv_v_metric_queue_entry - list of hardif neighbors which require + * and metric update + */ +struct batadv_v_metric_queue_entry { + /** @hardif_neigh: hardif neighbor scheduled for metric update */ + struct batadv_hardif_neigh_node *hardif_neigh; + + /** @list: list node for metric_queue */ + struct list_head list; +}; + /** * batadv_v_elp_start_timer() - restart timer for ELP periodic work * @hard_iface: the interface for which the timer has to be reset @@ -137,10 +151,17 @@ static bool batadv_v_elp_get_throughput(struct batadv_hardif_neigh_node *neigh, goto default_throughput; } + /* only use rtnl_trylock because the elp worker will be cancelled while + * the rntl_lock is held. the cancel_delayed_work_sync() would otherwise + * wait forever when the elp work_item was started and it is then also + * trying to rtnl_lock + */ + if (!rtnl_trylock()) + return false; + /* if not a wifi interface, check if this device provides data via * ethtool (e.g. an Ethernet adapter) */ - rtnl_lock(); ret = __ethtool_get_link_ksettings(hard_iface->net_dev, &link_settings); rtnl_unlock(); if (ret == 0) { @@ -175,31 +196,19 @@ static bool batadv_v_elp_get_throughput(struct batadv_hardif_neigh_node *neigh, /** * batadv_v_elp_throughput_metric_update() - worker updating the throughput * metric of a single hop neighbour - * @work: the work queue item + * @neigh: the neighbour to probe */ -void batadv_v_elp_throughput_metric_update(struct work_struct *work) +static void +batadv_v_elp_throughput_metric_update(struct batadv_hardif_neigh_node *neigh) { - struct batadv_hardif_neigh_node_bat_v *neigh_bat_v; - struct batadv_hardif_neigh_node *neigh; u32 throughput; bool valid; - neigh_bat_v = container_of(work, struct batadv_hardif_neigh_node_bat_v, - metric_work); - neigh = container_of(neigh_bat_v, struct batadv_hardif_neigh_node, - bat_v); - valid = batadv_v_elp_get_throughput(neigh, &throughput); if (!valid) - goto put_neigh; + return; ewma_throughput_add(&neigh->bat_v.throughput, throughput); - -put_neigh: - /* decrement refcounter to balance increment performed before scheduling - * this task - */ - batadv_hardif_neigh_put(neigh); } /** @@ -273,14 +282,16 @@ batadv_v_elp_wifi_neigh_probe(struct batadv_hardif_neigh_node *neigh) */ static void batadv_v_elp_periodic_work(struct work_struct *work) { + struct batadv_v_metric_queue_entry *metric_entry; + struct batadv_v_metric_queue_entry *metric_safe; struct batadv_hardif_neigh_node *hardif_neigh; struct batadv_hard_iface *hard_iface; struct batadv_hard_iface_bat_v *bat_v; struct batadv_elp_packet *elp_packet; + struct list_head metric_queue; struct batadv_priv *bat_priv; struct sk_buff *skb; u32 elp_interval; - bool ret; bat_v = container_of(work, struct batadv_hard_iface_bat_v, elp_wq.work); hard_iface = container_of(bat_v, struct batadv_hard_iface, bat_v); @@ -316,6 +327,8 @@ static void batadv_v_elp_periodic_work(struct work_struct *work) atomic_inc(&hard_iface->bat_v.elp_seqno); + INIT_LIST_HEAD(&metric_queue); + /* The throughput metric is updated on each sent packet. This way, if a * node is dead and no longer sends packets, batman-adv is still able to * react timely to its death. @@ -340,16 +353,28 @@ static void batadv_v_elp_periodic_work(struct work_struct *work) /* Reading the estimated throughput from cfg80211 is a task that * may sleep and that is not allowed in an rcu protected - * context. Therefore schedule a task for that. + * context. Therefore add it to metric_queue and process it + * outside rcu protected context. */ - ret = queue_work(batadv_event_workqueue, - &hardif_neigh->bat_v.metric_work); - - if (!ret) + metric_entry = kzalloc(sizeof(*metric_entry), GFP_ATOMIC); + if (!metric_entry) { batadv_hardif_neigh_put(hardif_neigh); + continue; + } + + metric_entry->hardif_neigh = hardif_neigh; + list_add(&metric_entry->list, &metric_queue); } rcu_read_unlock(); + list_for_each_entry_safe(metric_entry, metric_safe, &metric_queue, list) { + batadv_v_elp_throughput_metric_update(metric_entry->hardif_neigh); + + batadv_hardif_neigh_put(metric_entry->hardif_neigh); + list_del(&metric_entry->list); + kfree(metric_entry); + } + restart_timer: batadv_v_elp_start_timer(hard_iface); out: diff --git a/net/batman-adv/bat_v_elp.h b/net/batman-adv/bat_v_elp.h index 9e2740195fa2..c9cb0a307100 100644 --- a/net/batman-adv/bat_v_elp.h +++ b/net/batman-adv/bat_v_elp.h @@ -10,7 +10,6 @@ #include "main.h" #include <linux/skbuff.h> -#include <linux/workqueue.h> int batadv_v_elp_iface_enable(struct batadv_hard_iface *hard_iface); void batadv_v_elp_iface_disable(struct batadv_hard_iface *hard_iface); @@ -19,6 +18,5 @@ void batadv_v_elp_iface_activate(struct batadv_hard_iface *primary_iface, void batadv_v_elp_primary_iface_set(struct batadv_hard_iface *primary_iface); int batadv_v_elp_packet_recv(struct sk_buff *skb, struct batadv_hard_iface *if_incoming); -void batadv_v_elp_throughput_metric_update(struct work_struct *work); #endif /* _NET_BATMAN_ADV_BAT_V_ELP_H_ */ diff --git a/net/batman-adv/types.h b/net/batman-adv/types.h index 04f6398b3a40..85a50096f5b2 100644 --- a/net/batman-adv/types.h +++ b/net/batman-adv/types.h @@ -596,9 +596,6 @@ struct batadv_hardif_neigh_node_bat_v { * neighbor */ unsigned long last_unicast_tx; - - /** @metric_work: work queue callback item for metric update */ - struct work_struct metric_work; }; /**

4 months, 3 weeks

3
4
0 0

[PATCH v3 1/3] drm/xe/userptr: restore invalidation list on error

by Matthew Auld

On error restore anything still on the pin_list back to the invalidation list on error. For the actual pin, so long as the vma is tracked on either list it should get picked up on the next pin, however it looks possible for the vma to get nuked but still be present on this per vm pin_list leading to corruption. An alternative might be then to instead just remove the link when destroying the vma. v2: - Also add some asserts. - Keep the overzealous locking so that we are consistent with the docs; updating the docs and related bits will be done as a follow up. Fixes: ed2bdf3b264d ("drm/xe/vm: Subclass userptr vmas") Suggested-by: Matthew Brost <matthew.brost(a)intel.com> Signed-off-by: Matthew Auld <matthew.auld(a)intel.com> Cc: Thomas Hellström <thomas.hellstrom(a)linux.intel.com> Cc: <stable(a)vger.kernel.org> # v6.8+ --- drivers/gpu/drm/xe/xe_vm.c | 28 +++++++++++++++++++++------- 1 file changed, 21 insertions(+), 7 deletions(-) diff --git a/drivers/gpu/drm/xe/xe_vm.c b/drivers/gpu/drm/xe/xe_vm.c index d664f2e418b2..3dbfb20a7c60 100644 --- a/drivers/gpu/drm/xe/xe_vm.c +++ b/drivers/gpu/drm/xe/xe_vm.c @@ -667,15 +667,16 @@ int xe_vm_userptr_pin(struct xe_vm *vm) /* Collect invalidated userptrs */ spin_lock(&vm->userptr.invalidated_lock); + xe_assert(vm->xe, list_empty(&vm->userptr.repin_list)); list_for_each_entry_safe(uvma, next, &vm->userptr.invalidated, userptr.invalidate_link) { list_del_init(&uvma->userptr.invalidate_link); - list_move_tail(&uvma->userptr.repin_link, - &vm->userptr.repin_list); + list_add_tail(&uvma->userptr.repin_link, + &vm->userptr.repin_list); } spin_unlock(&vm->userptr.invalidated_lock); - /* Pin and move to temporary list */ + /* Pin and move to bind list */ list_for_each_entry_safe(uvma, next, &vm->userptr.repin_list, userptr.repin_link) { err = xe_vma_userptr_pin_pages(uvma); @@ -691,10 +692,10 @@ int xe_vm_userptr_pin(struct xe_vm *vm) err = xe_vm_invalidate_vma(&uvma->vma); xe_vm_unlock(vm); if (err) - return err; + break; } else { - if (err < 0) - return err; + if (err) + break; list_del_init(&uvma->userptr.repin_link); list_move_tail(&uvma->vma.combined_links.rebind, @@ -702,7 +703,19 @@ int xe_vm_userptr_pin(struct xe_vm *vm) } } - return 0; + if (err) { + down_write(&vm->userptr.notifier_lock); + spin_lock(&vm->userptr.invalidated_lock); + list_for_each_entry_safe(uvma, next, &vm->userptr.repin_list, + userptr.repin_link) { + list_del_init(&uvma->userptr.repin_link); + list_move_tail(&uvma->userptr.invalidate_link, + &vm->userptr.invalidated); + } + spin_unlock(&vm->userptr.invalidated_lock); + up_write(&vm->userptr.notifier_lock); + } + return err; } /** @@ -1067,6 +1080,7 @@ static void xe_vma_destroy(struct xe_vma *vma, struct dma_fence *fence) xe_assert(vm->xe, vma->gpuva.flags & XE_VMA_DESTROYED); spin_lock(&vm->userptr.invalidated_lock); + xe_assert(vm->xe, list_empty(&to_userptr_vma(vma)->userptr.repin_link)); list_del(&to_userptr_vma(vma)->userptr.invalidate_link); spin_unlock(&vm->userptr.invalidated_lock); } else if (!xe_vma_is_null(vma)) { -- 2.48.1

4 months, 3 weeks

2
2
0 0

Re: [PATCH] platform/x86: thinkpad_acpi: Add battery quirk for ThinkPad X131e

by Mingcong Bai

Hi all, 在 2025/2/22 00:48, Mingcong Bai 写道: > Based on the dmesg messages from the original reporter: > > [ 4.964073] ACPI: \_SB_.PCI0.LPCB.EC__.HKEY: BCTG evaluated but flagged as error > [ 4.964083] thinkpad_acpi: Error probing battery 2 > > Lenovo ThinkPad X131e also needs this battery quirk. > > Reported-by: Fan Yang <804284660(a)qq.com> > Tested-by: Fan Yang <804284660(a)qq.com> > Co-developed-by: Xi Ruoyao <xry111(a)xry111.site> > Signed-off-by: Xi Ruoyao <xry111(a)xry111.site> > Signed-off-by: Mingcong Bai <jeffbai(a)aosc.io> > --- > drivers/platform/x86/thinkpad_acpi.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/drivers/platform/x86/thinkpad_acpi.c b/drivers/platform/x86/thinkpad_acpi.c > index 1fcb0f99695a7..64765c6939a50 100644 > --- a/drivers/platform/x86/thinkpad_acpi.c > +++ b/drivers/platform/x86/thinkpad_acpi.c > @@ -9960,6 +9960,7 @@ static const struct tpacpi_quirk battery_quirk_table[] __initconst = { > * Individual addressing is broken on models that expose the > * primary battery as BAT1. > */ > + TPACPI_Q_LNV('G', '8', true), /* ThinkPad X131e */ > TPACPI_Q_LNV('8', 'F', true), /* Thinkpad X120e */ > TPACPI_Q_LNV('J', '7', true), /* B5400 */ > TPACPI_Q_LNV('J', 'I', true), /* Thinkpad 11e */ I forgot to include a Cc to stable. This issue dates back to as far as 5.19 (the oldest version available in our distro repository). Cc: stable(a)vger.kernel.org Best Regards, Mingcong Bai

4 months, 3 weeks

1
0
0 0

[PATCH v4 0/4] Venus driver fixes to avoid possible OOB accesses

by Vikash Garodia

This series primarily adds check at relevant places in venus driver where there are possible OOB accesses due to unexpected payload from venus firmware. The patches describes the specific OOB possibility. Please review and share your feedback. Validated on sc7180(v4), rb5(v6) and db410c(v1). Changes in v4: - fix an uninitialize variable(media ci) - Link to v3: https://lore.kernel.org/r/20250128-venus_oob_2-v3-0-0144ecee68d8@quicinc.com Changes in v3: - update the packet parsing logic in hfi_parser. The utility parsing api now returns the size of data parsed, accordingly the parser adjust the remaining bytes, taking care of OOB scenario as well (Bryan) - Link to v2: https://lore.kernel.org/r/20241128-venus_oob_2-v2-0-483ae0a464b8@quicinc.com Changes in v2: - init_codec to always update with latest payload from firmware (Dmitry/Bryan) - Rewrite the logic of packet parsing to consider payload size for different packet type (Bryan) - Consider reading sfr data till available space (Dmitry) - Add reviewed-by tags - Link to v1: https://lore.kernel.org/all/20241105-venus_oob-v1-0-8d4feedfe2bb@quicinc.co… Signed-off-by: Vikash Garodia <quic_vgarodia(a)quicinc.com> --- Vikash Garodia (4): media: venus: hfi_parser: add check to avoid out of bound access media: venus: hfi_parser: refactor hfi packet parsing logic media: venus: hfi: add check to handle incorrect queue size media: venus: hfi: add a check to handle OOB in sfr region drivers/media/platform/qcom/venus/hfi_parser.c | 96 +++++++++++++++++++------- drivers/media/platform/qcom/venus/hfi_venus.c | 15 +++- 2 files changed, 83 insertions(+), 28 deletions(-) --- base-commit: c7ccf3683ac9746b263b0502255f5ce47f64fe0a change-id: 20241115-venus_oob_2-21708239176a Best regards, -- Vikash Garodia <quic_vgarodia(a)quicinc.com>

4 months, 3 weeks

4
16
0 0

[PATCH 12/24] drm/amd/display: add a quirk to enable eDP0 on DP1

by Zaeem Mohamed

From: Yilin Chen <Yilin.Chen(a)amd.com> [why] some board designs have eDP0 connected to DP1, need a way to enable support_edp0_on_dp1 flag, otherwise edp related features cannot work [how] do a dmi check during dm initialization to identify systems that require support_edp0_on_dp1. Optimize quirk table with callback functions to set quirk entries, retrieve_dmi_info can set quirks according to quirk entries Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: stable(a)vger.kernel.org Reviewed-by: Mario Limonciello <mario.limonciello(a)amd.com> Reviewed-by: Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com> Signed-off-by: Yilin Chen <Yilin.Chen(a)amd.com> Signed-off-by: Zaeem Mohamed <zaeem.mohamed(a)amd.com> --- .../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 69 +++++++++++++++++-- 1 file changed, 62 insertions(+), 7 deletions(-) diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c index 0d21448ea700..9f53d88ad7ca 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c @@ -1622,75 +1622,130 @@ static bool dm_should_disable_stutter(struct pci_dev *pdev) return false; } -static const struct dmi_system_id hpd_disconnect_quirk_table[] = { +struct amdgpu_dm_quirks { + bool aux_hpd_discon; + bool support_edp0_on_dp1; +}; + +static struct amdgpu_dm_quirks quirk_entries = { + .aux_hpd_discon = false, + .support_edp0_on_dp1 = false +}; + +static int edp0_on_dp1_callback(const struct dmi_system_id *id) +{ + quirk_entries.support_edp0_on_dp1 = true; + return 0; +} + +static int aux_hpd_discon_callback(const struct dmi_system_id *id) +{ + quirk_entries.aux_hpd_discon = true; + return 0; +} + +static const struct dmi_system_id dmi_quirk_table[] = { { + .callback = aux_hpd_discon_callback, .matches = { DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."), DMI_MATCH(DMI_PRODUCT_NAME, "Precision 3660"), }, }, { + .callback = aux_hpd_discon_callback, .matches = { DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."), DMI_MATCH(DMI_PRODUCT_NAME, "Precision 3260"), }, }, { + .callback = aux_hpd_discon_callback, .matches = { DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."), DMI_MATCH(DMI_PRODUCT_NAME, "Precision 3460"), }, }, { + .callback = aux_hpd_discon_callback, .matches = { DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."), DMI_MATCH(DMI_PRODUCT_NAME, "OptiPlex Tower Plus 7010"), }, }, { + .callback = aux_hpd_discon_callback, .matches = { DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."), DMI_MATCH(DMI_PRODUCT_NAME, "OptiPlex Tower 7010"), }, }, { + .callback = aux_hpd_discon_callback, .matches = { DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."), DMI_MATCH(DMI_PRODUCT_NAME, "OptiPlex SFF Plus 7010"), }, }, { + .callback = aux_hpd_discon_callback, .matches = { DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."), DMI_MATCH(DMI_PRODUCT_NAME, "OptiPlex SFF 7010"), }, }, { + .callback = aux_hpd_discon_callback, .matches = { DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."), DMI_MATCH(DMI_PRODUCT_NAME, "OptiPlex Micro Plus 7010"), }, }, { + .callback = aux_hpd_discon_callback, .matches = { DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."), DMI_MATCH(DMI_PRODUCT_NAME, "OptiPlex Micro 7010"), }, }, + { + .callback = edp0_on_dp1_callback, + .matches = { + DMI_MATCH(DMI_SYS_VENDOR, "HP"), + DMI_MATCH(DMI_PRODUCT_NAME, "HP Elite mt645 G8 Mobile Thin Client"), + }, + }, + { + .callback = edp0_on_dp1_callback, + .matches = { + DMI_MATCH(DMI_SYS_VENDOR, "HP"), + DMI_MATCH(DMI_PRODUCT_NAME, "HP EliteBook 665 16 inch G11 Notebook PC"), + }, + }, {} /* TODO: refactor this from a fixed table to a dynamic option */ }; -static void retrieve_dmi_info(struct amdgpu_display_manager *dm) +static void retrieve_dmi_info(struct amdgpu_display_manager *dm, struct dc_init_data *init_data) { - const struct dmi_system_id *dmi_id; + int dmi_id; + struct drm_device *dev = dm->ddev; dm->aux_hpd_discon_quirk = false; + init_data->flags.support_edp0_on_dp1 = false; + + dmi_id = dmi_check_system(dmi_quirk_table); - dmi_id = dmi_first_match(hpd_disconnect_quirk_table); - if (dmi_id) { + if (!dmi_id) + return; + + if (quirk_entries.aux_hpd_discon) { dm->aux_hpd_discon_quirk = true; - DRM_INFO("aux_hpd_discon_quirk attached\n"); + drm_info(dev, "aux_hpd_discon_quirk attached\n"); + } + if (quirk_entries.support_edp0_on_dp1) { + init_data->flags.support_edp0_on_dp1 = true; + drm_info(dev, "aux_hpd_discon_quirk attached\n"); } } @@ -1999,7 +2054,7 @@ static int amdgpu_dm_init(struct amdgpu_device *adev) if (amdgpu_ip_version(adev, DCE_HWIP, 0) >= IP_VERSION(3, 0, 0)) init_data.num_virtual_links = 1; - retrieve_dmi_info(&adev->dm); + retrieve_dmi_info(&adev->dm, &init_data); if (adev->dm.bb_from_dmub) init_data.bb_from_dmub = adev->dm.bb_from_dmub; -- 2.34.1

4 months, 3 weeks

1
0
0 0

[PATCH 02/24] drm/amd/display: Disable PSR-SU on eDP panels

by Zaeem Mohamed

From: Tom Chung <chiahsuan.chung(a)amd.com> [Why] PSR-SU may cause some glitching randomly on several panels. [How] Temporarily disable the PSR-SU and fallback to PSR1 for all eDP panels. Link: https://gitlab.freedesktop.org/drm/amd/-/issues/3388 Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org Reviewed-by: Sun peng Li <sunpeng.li(a)amd.com> Signed-off-by: Tom Chung <chiahsuan.chung(a)amd.com> Signed-off-by: Roman Li <roman.li(a)amd.com> --- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_psr.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_psr.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_psr.c index 45858bf1523d..e140b7a04d72 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_psr.c +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_psr.c @@ -54,7 +54,8 @@ static bool link_supports_psrsu(struct dc_link *link) if (amdgpu_dc_debug_mask & DC_DISABLE_PSR_SU) return false; - return dc_dmub_check_min_version(dc->ctx->dmub_srv->dmub); + /* Temporarily disable PSR-SU to avoid glitches */ + return false; } /* -- 2.34.1

4 months, 3 weeks

1
0
0 0

[PATCH 12/24] drm/amd/display: add a quirk to enable eDP0 on DP1

by Zaeem Mohamed

From: Yilin Chen <Yilin.Chen(a)amd.com> [why] some board designs have eDP0 connected to DP1, need a way to enable support_edp0_on_dp1 flag, otherwise edp related features cannot work [how] do a dmi check during dm initialization to identify systems that require support_edp0_on_dp1. Optimize quirk table with callback functions to set quirk entries, retrieve_dmi_info can set quirks according to quirk entries Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: stable(a)vger.kernel.org Reviewed-by: Mario Limonciello <mario.limonciello(a)amd.com> Reviewed-by: Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com> Signed-off-by: Yilin Chen <Yilin.Chen(a)amd.com> Signed-off-by: Zaeem Mohamed <zaeem.mohamed(a)amd.com> --- .../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 69 +++++++++++++++++-- 1 file changed, 62 insertions(+), 7 deletions(-) diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c index 0d21448ea700..9f53d88ad7ca 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c @@ -1622,75 +1622,130 @@ static bool dm_should_disable_stutter(struct pci_dev *pdev) return false; } -static const struct dmi_system_id hpd_disconnect_quirk_table[] = { +struct amdgpu_dm_quirks { + bool aux_hpd_discon; + bool support_edp0_on_dp1; +}; + +static struct amdgpu_dm_quirks quirk_entries = { + .aux_hpd_discon = false, + .support_edp0_on_dp1 = false +}; + +static int edp0_on_dp1_callback(const struct dmi_system_id *id) +{ + quirk_entries.support_edp0_on_dp1 = true; + return 0; +} + +static int aux_hpd_discon_callback(const struct dmi_system_id *id) +{ + quirk_entries.aux_hpd_discon = true; + return 0; +} + +static const struct dmi_system_id dmi_quirk_table[] = { { + .callback = aux_hpd_discon_callback, .matches = { DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."), DMI_MATCH(DMI_PRODUCT_NAME, "Precision 3660"), }, }, { + .callback = aux_hpd_discon_callback, .matches = { DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."), DMI_MATCH(DMI_PRODUCT_NAME, "Precision 3260"), }, }, { + .callback = aux_hpd_discon_callback, .matches = { DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."), DMI_MATCH(DMI_PRODUCT_NAME, "Precision 3460"), }, }, { + .callback = aux_hpd_discon_callback, .matches = { DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."), DMI_MATCH(DMI_PRODUCT_NAME, "OptiPlex Tower Plus 7010"), }, }, { + .callback = aux_hpd_discon_callback, .matches = { DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."), DMI_MATCH(DMI_PRODUCT_NAME, "OptiPlex Tower 7010"), }, }, { + .callback = aux_hpd_discon_callback, .matches = { DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."), DMI_MATCH(DMI_PRODUCT_NAME, "OptiPlex SFF Plus 7010"), }, }, { + .callback = aux_hpd_discon_callback, .matches = { DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."), DMI_MATCH(DMI_PRODUCT_NAME, "OptiPlex SFF 7010"), }, }, { + .callback = aux_hpd_discon_callback, .matches = { DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."), DMI_MATCH(DMI_PRODUCT_NAME, "OptiPlex Micro Plus 7010"), }, }, { + .callback = aux_hpd_discon_callback, .matches = { DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."), DMI_MATCH(DMI_PRODUCT_NAME, "OptiPlex Micro 7010"), }, }, + { + .callback = edp0_on_dp1_callback, + .matches = { + DMI_MATCH(DMI_SYS_VENDOR, "HP"), + DMI_MATCH(DMI_PRODUCT_NAME, "HP Elite mt645 G8 Mobile Thin Client"), + }, + }, + { + .callback = edp0_on_dp1_callback, + .matches = { + DMI_MATCH(DMI_SYS_VENDOR, "HP"), + DMI_MATCH(DMI_PRODUCT_NAME, "HP EliteBook 665 16 inch G11 Notebook PC"), + }, + }, {} /* TODO: refactor this from a fixed table to a dynamic option */ }; -static void retrieve_dmi_info(struct amdgpu_display_manager *dm) +static void retrieve_dmi_info(struct amdgpu_display_manager *dm, struct dc_init_data *init_data) { - const struct dmi_system_id *dmi_id; + int dmi_id; + struct drm_device *dev = dm->ddev; dm->aux_hpd_discon_quirk = false; + init_data->flags.support_edp0_on_dp1 = false; + + dmi_id = dmi_check_system(dmi_quirk_table); - dmi_id = dmi_first_match(hpd_disconnect_quirk_table); - if (dmi_id) { + if (!dmi_id) + return; + + if (quirk_entries.aux_hpd_discon) { dm->aux_hpd_discon_quirk = true; - DRM_INFO("aux_hpd_discon_quirk attached\n"); + drm_info(dev, "aux_hpd_discon_quirk attached\n"); + } + if (quirk_entries.support_edp0_on_dp1) { + init_data->flags.support_edp0_on_dp1 = true; + drm_info(dev, "aux_hpd_discon_quirk attached\n"); } } @@ -1999,7 +2054,7 @@ static int amdgpu_dm_init(struct amdgpu_device *adev) if (amdgpu_ip_version(adev, DCE_HWIP, 0) >= IP_VERSION(3, 0, 0)) init_data.num_virtual_links = 1; - retrieve_dmi_info(&adev->dm); + retrieve_dmi_info(&adev->dm, &init_data); if (adev->dm.bb_from_dmub) init_data.bb_from_dmub = adev->dm.bb_from_dmub; -- 2.34.1

4 months, 3 weeks

1
0
0 0

[PATCH 02/24] drm/amd/display: Disable PSR-SU on eDP panels

by Zaeem Mohamed

From: Tom Chung <chiahsuan.chung(a)amd.com> [Why] PSR-SU may cause some glitching randomly on several panels. [How] Temporarily disable the PSR-SU and fallback to PSR1 for all eDP panels. Link: https://gitlab.freedesktop.org/drm/amd/-/issues/3388 Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org Reviewed-by: Sun peng Li <sunpeng.li(a)amd.com> Signed-off-by: Tom Chung <chiahsuan.chung(a)amd.com> Signed-off-by: Roman Li <roman.li(a)amd.com> --- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_psr.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_psr.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_psr.c index 45858bf1523d..e140b7a04d72 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_psr.c +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_psr.c @@ -54,7 +54,8 @@ static bool link_supports_psrsu(struct dc_link *link) if (amdgpu_dc_debug_mask & DC_DISABLE_PSR_SU) return false; - return dc_dmub_check_min_version(dc->ctx->dmub_srv->dmub); + /* Temporarily disable PSR-SU to avoid glitches */ + return false; } /* -- 2.34.1

4 months, 3 weeks

1
0
0 0

Re Yes..

by Lasith Malinga

Hi, I was looking at your website. I found some errors on your website. We can place your website on the first page of Google. yahoo etc. Can I send you a quote and errors? if interested. I am waiting for your reply Thank you.

4 months, 3 weeks

1
0
0 0

[for-linus][PATCH 6/7] ftrace: Correct preemption accounting for function tracing.

by Steven Rostedt

From: Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> The function tracer should record the preemption level at the point when the function is invoked. If the tracing subsystem decrement the preemption counter it needs to correct this before feeding the data into the trace buffer. This was broken in the commit cited below while shifting the preempt-disabled section. Use tracing_gen_ctx_dec() which properly subtracts one from the preemption counter on a preemptible kernel. Cc: stable(a)vger.kernel.org Cc: Wander Lairson Costa <wander(a)redhat.com> Cc: Masami Hiramatsu <mhiramat(a)kernel.org> Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Cc: Thomas Gleixner <tglx(a)linutronix.de> Link: https://lore.kernel.org/20250220140749.pfw8qoNZ@linutronix.de Fixes: ce5e48036c9e7 ("ftrace: disable preemption when recursion locked") Signed-off-by: Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> Tested-by: Wander Lairson Costa <wander(a)redhat.com> Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- kernel/trace/trace_functions.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/kernel/trace/trace_functions.c b/kernel/trace/trace_functions.c index d358c9935164..df56f9b76010 100644 --- a/kernel/trace/trace_functions.c +++ b/kernel/trace/trace_functions.c @@ -216,7 +216,7 @@ function_trace_call(unsigned long ip, unsigned long parent_ip, parent_ip = function_get_true_parent_ip(parent_ip, fregs); - trace_ctx = tracing_gen_ctx(); + trace_ctx = tracing_gen_ctx_dec(); data = this_cpu_ptr(tr->array_buffer.data); if (!atomic_read(&data->disabled)) @@ -321,7 +321,6 @@ function_no_repeats_trace_call(unsigned long ip, unsigned long parent_ip, struct trace_array *tr = op->private; struct trace_array_cpu *data; unsigned int trace_ctx; - unsigned long flags; int bit; if (unlikely(!tr->function_enabled)) @@ -347,8 +346,7 @@ function_no_repeats_trace_call(unsigned long ip, unsigned long parent_ip, if (is_repeat_check(tr, last_info, ip, parent_ip)) goto out; - local_save_flags(flags); - trace_ctx = tracing_gen_ctx_flags(flags); + trace_ctx = tracing_gen_ctx_dec(); process_repeats(tr, ip, parent_ip, last_info, trace_ctx); trace_function(tr, ip, parent_ip, trace_ctx); -- 2.47.2

4 months, 3 weeks

1
0
0 0

[for-linus][PATCH 4/7] fprobe: Fix accounting of when to unregister from function graph

by Steven Rostedt

From: Steven Rostedt <rostedt(a)goodmis.org> When adding a new fprobe, it will update the function hash to the functions the fprobe is attached to and register with function graph to have it call the registered functions. The fprobe_graph_active variable keeps track of the number of fprobes that are using function graph. If two fprobes attach to the same function, it increments the fprobe_graph_active for each of them. But when they are removed, the first fprobe to be removed will see that the function it is attached to is also used by another fprobe and it will not remove that function from function_graph. The logic will skip decrementing the fprobe_graph_active variable. This causes the fprobe_graph_active variable to not go to zero when all fprobes are removed, and in doing so it does not unregister from function graph. As the fgraph ops hash will now be empty, and an empty filter hash means all functions are enabled, this triggers function graph to add a callback to the fprobe infrastructure for every function! # echo "f:myevent1 kernel_clone" >> /sys/kernel/tracing/dynamic_events # echo "f:myevent2 kernel_clone%return" >> /sys/kernel/tracing/dynamic_events # cat /sys/kernel/tracing/enabled_functions kernel_clone (1) tramp: 0xffffffffc0024000 (ftrace_graph_func+0x0/0x60) ->ftrace_graph_func+0x0/0x60 # > /sys/kernel/tracing/dynamic_events # cat /sys/kernel/tracing/enabled_functions trace_initcall_start_cb (1) tramp: 0xffffffffc0026000 (function_trace_call+0x0/0x170) ->function_trace_call+0x0/0x170 run_init_process (1) tramp: 0xffffffffc0026000 (function_trace_call+0x0/0x170) ->function_trace_call+0x0/0x170 try_to_run_init_process (1) tramp: 0xffffffffc0026000 (function_trace_call+0x0/0x170) ->function_trace_call+0x0/0x170 x86_pmu_show_pmu_cap (1) tramp: 0xffffffffc0026000 (function_trace_call+0x0/0x170) ->function_trace_call+0x0/0x170 cleanup_rapl_pmus (1) tramp: 0xffffffffc0026000 (function_trace_call+0x0/0x170) ->function_trace_call+0x0/0x170 uncore_free_pcibus_map (1) tramp: 0xffffffffc0026000 (function_trace_call+0x0/0x170) ->function_trace_call+0x0/0x170 uncore_types_exit (1) tramp: 0xffffffffc0026000 (function_trace_call+0x0/0x170) ->function_trace_call+0x0/0x170 uncore_pci_exit.part.0 (1) tramp: 0xffffffffc0026000 (function_trace_call+0x0/0x170) ->function_trace_call+0x0/0x170 kvm_shutdown (1) tramp: 0xffffffffc0026000 (function_trace_call+0x0/0x170) ->function_trace_call+0x0/0x170 vmx_dump_msrs (1) tramp: 0xffffffffc0026000 (function_trace_call+0x0/0x170) ->function_trace_call+0x0/0x170 [..] # cat /sys/kernel/tracing/enabled_functions | wc -l 54702 If a fprobe is being removed and all its functions are also traced by other fprobes, still decrement the fprobe_graph_active counter. Cc: stable(a)vger.kernel.org Cc: Mark Rutland <mark.rutland(a)arm.com> Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Cc: Andrew Morton <akpm(a)linux-foundation.org> Cc: Sven Schnelle <svens(a)linux.ibm.com> Cc: Vasily Gorbik <gor(a)linux.ibm.com> Cc: Alexander Gordeev <agordeev(a)linux.ibm.com> Link: https://lore.kernel.org/20250220202055.565129766@goodmis.org Fixes: 4346ba1604093 ("fprobe: Rewrite fprobe on function-graph tracer") Closes: https://lore.kernel.org/all/20250217114918.10397-A-hca@linux.ibm.com/ Reported-by: Heiko Carstens <hca(a)linux.ibm.com> Tested-by: Heiko Carstens <hca(a)linux.ibm.com> Acked-by: Masami Hiramatsu (Google) <mhiramat(a)kernel.org> Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- kernel/trace/fprobe.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/kernel/trace/fprobe.c b/kernel/trace/fprobe.c index 62e8f7d56602..33082c4e8154 100644 --- a/kernel/trace/fprobe.c +++ b/kernel/trace/fprobe.c @@ -407,7 +407,8 @@ static void fprobe_graph_remove_ips(unsigned long *addrs, int num) if (!fprobe_graph_active) unregister_ftrace_graph(&fprobe_graph_ops); - ftrace_set_filter_ips(&fprobe_graph_ops.ops, addrs, num, 1, 0); + if (num) + ftrace_set_filter_ips(&fprobe_graph_ops.ops, addrs, num, 1, 0); } static int symbols_cmp(const void *a, const void *b) @@ -677,8 +678,7 @@ int unregister_fprobe(struct fprobe *fp) } del_fprobe_hash(fp); - if (count) - fprobe_graph_remove_ips(addrs, count); + fprobe_graph_remove_ips(addrs, count); kfree_rcu(hlist_array, rcu); fp->hlist_array = NULL; -- 2.47.2

4 months, 3 weeks

1
0
0 0

[for-linus][PATCH 3/7] fprobe: Always unregister fgraph function from ops

by Steven Rostedt

From: Steven Rostedt <rostedt(a)goodmis.org> When the last fprobe is removed, it calls unregister_ftrace_graph() to remove the graph_ops from function graph. The issue is when it does so, it calls return before removing the function from its graph ops via ftrace_set_filter_ips(). This leaves the last function lingering in the fprobe's fgraph ops and if a probe is added it also enables that last function (even though the callback will just drop it, it does add unneeded overhead to make that call). # echo "f:myevent1 kernel_clone" >> /sys/kernel/tracing/dynamic_events # cat /sys/kernel/tracing/enabled_functions kernel_clone (1) tramp: 0xffffffffc02f3000 (ftrace_graph_func+0x0/0x60) ->ftrace_graph_func+0x0/0x60 # echo "f:myevent2 schedule_timeout" >> /sys/kernel/tracing/dynamic_events # cat /sys/kernel/tracing/enabled_functions kernel_clone (1) tramp: 0xffffffffc02f3000 (ftrace_graph_func+0x0/0x60) ->ftrace_graph_func+0x0/0x60 schedule_timeout (1) tramp: 0xffffffffc02f3000 (ftrace_graph_func+0x0/0x60) ->ftrace_graph_func+0x0/0x60 # > /sys/kernel/tracing/dynamic_events # cat /sys/kernel/tracing/enabled_functions # echo "f:myevent3 kmem_cache_free" >> /sys/kernel/tracing/dynamic_events # cat /sys/kernel/tracing/enabled_functions kmem_cache_free (1) tramp: 0xffffffffc0219000 (ftrace_graph_func+0x0/0x60) ->ftrace_graph_func+0x0/0x60 schedule_timeout (1) tramp: 0xffffffffc0219000 (ftrace_graph_func+0x0/0x60) ->ftrace_graph_func+0x0/0x60 The above enabled a fprobe on kernel_clone, and then on schedule_timeout. The content of the enabled_functions shows the functions that have a callback attached to them. The fprobe attached to those functions properly. Then the fprobes were cleared, and enabled_functions was empty after that. But after adding a fprobe on kmem_cache_free, the enabled_functions shows that the schedule_timeout was attached again. This is because it was still left in the fprobe ops that is used to tell function graph what functions it wants callbacks from. Cc: stable(a)vger.kernel.org Cc: Mark Rutland <mark.rutland(a)arm.com> Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Cc: Andrew Morton <akpm(a)linux-foundation.org> Cc: Sven Schnelle <svens(a)linux.ibm.com> Cc: Vasily Gorbik <gor(a)linux.ibm.com> Cc: Alexander Gordeev <agordeev(a)linux.ibm.com> Link: https://lore.kernel.org/20250220202055.393254452@goodmis.org Fixes: 4346ba1604093 ("fprobe: Rewrite fprobe on function-graph tracer") Tested-by: Heiko Carstens <hca(a)linux.ibm.com> Acked-by: Masami Hiramatsu (Google) <mhiramat(a)kernel.org> Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- kernel/trace/fprobe.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/kernel/trace/fprobe.c b/kernel/trace/fprobe.c index 2560b312ad57..62e8f7d56602 100644 --- a/kernel/trace/fprobe.c +++ b/kernel/trace/fprobe.c @@ -403,11 +403,9 @@ static void fprobe_graph_remove_ips(unsigned long *addrs, int num) lockdep_assert_held(&fprobe_mutex); fprobe_graph_active--; - if (!fprobe_graph_active) { - /* Q: should we unregister it ? */ + /* Q: should we unregister it ? */ + if (!fprobe_graph_active) unregister_ftrace_graph(&fprobe_graph_ops); - return; - } ftrace_set_filter_ips(&fprobe_graph_ops.ops, addrs, num, 1, 0); } -- 2.47.2

4 months, 3 weeks

1
0
0 0

[for-linus][PATCH 2/7] ftrace: Do not add duplicate entries in subops manager ops

by Steven Rostedt

From: Steven Rostedt <rostedt(a)goodmis.org> Check if a function is already in the manager ops of a subops. A manager ops contains multiple subops, and if two or more subops are tracing the same function, the manager ops only needs a single entry in its hash. Cc: stable(a)vger.kernel.org Cc: Mark Rutland <mark.rutland(a)arm.com> Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Cc: Andrew Morton <akpm(a)linux-foundation.org> Cc: Sven Schnelle <svens(a)linux.ibm.com> Cc: Vasily Gorbik <gor(a)linux.ibm.com> Cc: Alexander Gordeev <agordeev(a)linux.ibm.com> Link: https://lore.kernel.org/20250220202055.226762894@goodmis.org Fixes: 4f554e955614f ("ftrace: Add ftrace_set_filter_ips function") Tested-by: Heiko Carstens <hca(a)linux.ibm.com> Reviewed-by: Masami Hiramatsu (Google) <mhiramat(a)kernel.org> Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- kernel/trace/ftrace.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c index bec54dc27204..6b0c25761ccb 100644 --- a/kernel/trace/ftrace.c +++ b/kernel/trace/ftrace.c @@ -5718,6 +5718,9 @@ __ftrace_match_addr(struct ftrace_hash *hash, unsigned long ip, int remove) return -ENOENT; free_hash_entry(hash, entry); return 0; + } else if (__ftrace_lookup_ip(hash, ip) != NULL) { + /* Already exists */ + return 0; } entry = add_hash_entry(hash, ip); -- 2.47.2

4 months, 3 weeks

1
0
0 0

[for-linus][PATCH 1/7] ftrace: Fix accounting of adding subops to a manager ops

by Steven Rostedt

From: Steven Rostedt <rostedt(a)goodmis.org> Function graph uses a subops and manager ops mechanism to attach to ftrace. The manager ops connects to ftrace and the functions it connects to is defined by a list of subops that it manages. The function hash that defines what the above ops attaches to limits the functions to attach if the hash has any content. If the hash is empty, it means to trace all functions. The creation of the manager ops hash is done by iterating over all the subops hashes. If any of the subops hashes is empty, it means that the manager ops hash must trace all functions as well. The issue is in the creation of the manager ops. When a second subops is attached, a new hash is created by starting it as NULL and adding the subops one at a time. But the NULL ops is mistaken as an empty hash, and once an empty hash is found, it stops the loop of subops and just enables all functions. # echo "f:myevent1 kernel_clone" >> /sys/kernel/tracing/dynamic_events # cat /sys/kernel/tracing/enabled_functions kernel_clone (1) tramp: 0xffffffffc0309000 (ftrace_graph_func+0x0/0x60) ->ftrace_graph_func+0x0/0x60 # echo "f:myevent2 schedule_timeout" >> /sys/kernel/tracing/dynamic_events # cat /sys/kernel/tracing/enabled_functions trace_initcall_start_cb (1) tramp: 0xffffffffc0309000 (ftrace_graph_func+0x0/0x60) ->ftrace_graph_func+0x0/0x60 run_init_process (1) tramp: 0xffffffffc0309000 (ftrace_graph_func+0x0/0x60) ->ftrace_graph_func+0x0/0x60 try_to_run_init_process (1) tramp: 0xffffffffc0309000 (ftrace_graph_func+0x0/0x60) ->ftrace_graph_func+0x0/0x60 x86_pmu_show_pmu_cap (1) tramp: 0xffffffffc0309000 (ftrace_graph_func+0x0/0x60) ->ftrace_graph_func+0x0/0x60 cleanup_rapl_pmus (1) tramp: 0xffffffffc0309000 (ftrace_graph_func+0x0/0x60) ->ftrace_graph_func+0x0/0x60 uncore_free_pcibus_map (1) tramp: 0xffffffffc0309000 (ftrace_graph_func+0x0/0x60) ->ftrace_graph_func+0x0/0x60 uncore_types_exit (1) tramp: 0xffffffffc0309000 (ftrace_graph_func+0x0/0x60) ->ftrace_graph_func+0x0/0x60 uncore_pci_exit.part.0 (1) tramp: 0xffffffffc0309000 (ftrace_graph_func+0x0/0x60) ->ftrace_graph_func+0x0/0x60 kvm_shutdown (1) tramp: 0xffffffffc0309000 (ftrace_graph_func+0x0/0x60) ->ftrace_graph_func+0x0/0x60 vmx_dump_msrs (1) tramp: 0xffffffffc0309000 (ftrace_graph_func+0x0/0x60) ->ftrace_graph_func+0x0/0x60 vmx_cleanup_l1d_flush (1) tramp: 0xffffffffc0309000 (ftrace_graph_func+0x0/0x60) ->ftrace_graph_func+0x0/0x60 [..] Fix this by initializing the new hash to NULL and if the hash is NULL do not treat it as an empty hash but instead allocate by copying the content of the first sub ops. Then on subsequent iterations, the new hash will not be NULL, but the content of the previous subops. If that first subops attached to all functions, then new hash may assume that the manager ops also needs to attach to all functions. Cc: stable(a)vger.kernel.org Cc: Masami Hiramatsu <mhiramat(a)kernel.org> Cc: Mark Rutland <mark.rutland(a)arm.com> Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Cc: Andrew Morton <akpm(a)linux-foundation.org> Cc: Heiko Carstens <hca(a)linux.ibm.com> Cc: Sven Schnelle <svens(a)linux.ibm.com> Cc: Vasily Gorbik <gor(a)linux.ibm.com> Cc: Alexander Gordeev <agordeev(a)linux.ibm.com> Link: https://lore.kernel.org/20250220202055.060300046@goodmis.org Fixes: 5fccc7552ccbc ("ftrace: Add subops logic to allow one ops to manage many") Reviewed-by: Masami Hiramatsu (Google) <mhiramat(a)kernel.org> Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- kernel/trace/ftrace.c | 33 ++++++++++++++++++++++----------- 1 file changed, 22 insertions(+), 11 deletions(-) diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c index 728ecda6e8d4..bec54dc27204 100644 --- a/kernel/trace/ftrace.c +++ b/kernel/trace/ftrace.c @@ -3220,15 +3220,22 @@ static struct ftrace_hash *copy_hash(struct ftrace_hash *src) * The filter_hash updates uses just the append_hash() function * and the notrace_hash does not. */ -static int append_hash(struct ftrace_hash **hash, struct ftrace_hash *new_hash) +static int append_hash(struct ftrace_hash **hash, struct ftrace_hash *new_hash, + int size_bits) { struct ftrace_func_entry *entry; int size; int i; - /* An empty hash does everything */ - if (ftrace_hash_empty(*hash)) - return 0; + if (*hash) { + /* An empty hash does everything */ + if (ftrace_hash_empty(*hash)) + return 0; + } else { + *hash = alloc_ftrace_hash(size_bits); + if (!*hash) + return -ENOMEM; + } /* If new_hash has everything make hash have everything */ if (ftrace_hash_empty(new_hash)) { @@ -3292,16 +3299,18 @@ static int intersect_hash(struct ftrace_hash **hash, struct ftrace_hash *new_has /* Return a new hash that has a union of all @ops->filter_hash entries */ static struct ftrace_hash *append_hashes(struct ftrace_ops *ops) { - struct ftrace_hash *new_hash; + struct ftrace_hash *new_hash = NULL; struct ftrace_ops *subops; + int size_bits; int ret; - new_hash = alloc_ftrace_hash(ops->func_hash->filter_hash->size_bits); - if (!new_hash) - return NULL; + if (ops->func_hash->filter_hash) + size_bits = ops->func_hash->filter_hash->size_bits; + else + size_bits = FTRACE_HASH_DEFAULT_BITS; list_for_each_entry(subops, &ops->subop_list, list) { - ret = append_hash(&new_hash, subops->func_hash->filter_hash); + ret = append_hash(&new_hash, subops->func_hash->filter_hash, size_bits); if (ret < 0) { free_ftrace_hash(new_hash); return NULL; @@ -3310,7 +3319,8 @@ static struct ftrace_hash *append_hashes(struct ftrace_ops *ops) if (ftrace_hash_empty(new_hash)) break; } - return new_hash; + /* Can't return NULL as that means this failed */ + return new_hash ? : EMPTY_HASH; } /* Make @ops trace evenything except what all its subops do not trace */ @@ -3505,7 +3515,8 @@ int ftrace_startup_subops(struct ftrace_ops *ops, struct ftrace_ops *subops, int filter_hash = alloc_and_copy_ftrace_hash(size_bits, ops->func_hash->filter_hash); if (!filter_hash) return -ENOMEM; - ret = append_hash(&filter_hash, subops->func_hash->filter_hash); + ret = append_hash(&filter_hash, subops->func_hash->filter_hash, + size_bits); if (ret < 0) { free_ftrace_hash(filter_hash); return ret; -- 2.47.2

4 months, 3 weeks

1
0
0 0

[PATCH 12/24] drm/amd/display: add a quirk to enable eDP0 on DP1

by Zaeem Mohamed

From: Yilin Chen <Yilin.Chen(a)amd.com> [why] some board designs have eDP0 connected to DP1, need a way to enable support_edp0_on_dp1 flag, otherwise edp related features cannot work [how] do a dmi check during dm initialization to identify systems that require support_edp0_on_dp1. Optimize quirk table with callback functions to set quirk entries, retrieve_dmi_info can set quirks according to quirk entries Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: stable(a)vger.kernel.org Reviewed-by: Mario Limonciello <mario.limonciello(a)amd.com> Reviewed-by: Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com> Signed-off-by: Yilin Chen <Yilin.Chen(a)amd.com> Signed-off-by: Zaeem Mohamed <zaeem.mohamed(a)amd.com> --- .../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 69 +++++++++++++++++-- 1 file changed, 62 insertions(+), 7 deletions(-) diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c index 0d21448ea700..9f53d88ad7ca 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c @@ -1622,75 +1622,130 @@ static bool dm_should_disable_stutter(struct pci_dev *pdev) return false; } -static const struct dmi_system_id hpd_disconnect_quirk_table[] = { +struct amdgpu_dm_quirks { + bool aux_hpd_discon; + bool support_edp0_on_dp1; +}; + +static struct amdgpu_dm_quirks quirk_entries = { + .aux_hpd_discon = false, + .support_edp0_on_dp1 = false +}; + +static int edp0_on_dp1_callback(const struct dmi_system_id *id) +{ + quirk_entries.support_edp0_on_dp1 = true; + return 0; +} + +static int aux_hpd_discon_callback(const struct dmi_system_id *id) +{ + quirk_entries.aux_hpd_discon = true; + return 0; +} + +static const struct dmi_system_id dmi_quirk_table[] = { { + .callback = aux_hpd_discon_callback, .matches = { DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."), DMI_MATCH(DMI_PRODUCT_NAME, "Precision 3660"), }, }, { + .callback = aux_hpd_discon_callback, .matches = { DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."), DMI_MATCH(DMI_PRODUCT_NAME, "Precision 3260"), }, }, { + .callback = aux_hpd_discon_callback, .matches = { DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."), DMI_MATCH(DMI_PRODUCT_NAME, "Precision 3460"), }, }, { + .callback = aux_hpd_discon_callback, .matches = { DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."), DMI_MATCH(DMI_PRODUCT_NAME, "OptiPlex Tower Plus 7010"), }, }, { + .callback = aux_hpd_discon_callback, .matches = { DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."), DMI_MATCH(DMI_PRODUCT_NAME, "OptiPlex Tower 7010"), }, }, { + .callback = aux_hpd_discon_callback, .matches = { DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."), DMI_MATCH(DMI_PRODUCT_NAME, "OptiPlex SFF Plus 7010"), }, }, { + .callback = aux_hpd_discon_callback, .matches = { DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."), DMI_MATCH(DMI_PRODUCT_NAME, "OptiPlex SFF 7010"), }, }, { + .callback = aux_hpd_discon_callback, .matches = { DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."), DMI_MATCH(DMI_PRODUCT_NAME, "OptiPlex Micro Plus 7010"), }, }, { + .callback = aux_hpd_discon_callback, .matches = { DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."), DMI_MATCH(DMI_PRODUCT_NAME, "OptiPlex Micro 7010"), }, }, + { + .callback = edp0_on_dp1_callback, + .matches = { + DMI_MATCH(DMI_SYS_VENDOR, "HP"), + DMI_MATCH(DMI_PRODUCT_NAME, "HP Elite mt645 G8 Mobile Thin Client"), + }, + }, + { + .callback = edp0_on_dp1_callback, + .matches = { + DMI_MATCH(DMI_SYS_VENDOR, "HP"), + DMI_MATCH(DMI_PRODUCT_NAME, "HP EliteBook 665 16 inch G11 Notebook PC"), + }, + }, {} /* TODO: refactor this from a fixed table to a dynamic option */ }; -static void retrieve_dmi_info(struct amdgpu_display_manager *dm) +static void retrieve_dmi_info(struct amdgpu_display_manager *dm, struct dc_init_data *init_data) { - const struct dmi_system_id *dmi_id; + int dmi_id; + struct drm_device *dev = dm->ddev; dm->aux_hpd_discon_quirk = false; + init_data->flags.support_edp0_on_dp1 = false; + + dmi_id = dmi_check_system(dmi_quirk_table); - dmi_id = dmi_first_match(hpd_disconnect_quirk_table); - if (dmi_id) { + if (!dmi_id) + return; + + if (quirk_entries.aux_hpd_discon) { dm->aux_hpd_discon_quirk = true; - DRM_INFO("aux_hpd_discon_quirk attached\n"); + drm_info(dev, "aux_hpd_discon_quirk attached\n"); + } + if (quirk_entries.support_edp0_on_dp1) { + init_data->flags.support_edp0_on_dp1 = true; + drm_info(dev, "aux_hpd_discon_quirk attached\n"); } } @@ -1999,7 +2054,7 @@ static int amdgpu_dm_init(struct amdgpu_device *adev) if (amdgpu_ip_version(adev, DCE_HWIP, 0) >= IP_VERSION(3, 0, 0)) init_data.num_virtual_links = 1; - retrieve_dmi_info(&adev->dm); + retrieve_dmi_info(&adev->dm, &init_data); if (adev->dm.bb_from_dmub) init_data.bb_from_dmub = adev->dm.bb_from_dmub; -- 2.34.1

4 months, 3 weeks

1
0
0 0

[PATCH 02/24] drm/amd/display: Disable PSR-SU on eDP panels

by Zaeem Mohamed

From: Tom Chung <chiahsuan.chung(a)amd.com> [Why] PSR-SU may cause some glitching randomly on several panels. [How] Temporarily disable the PSR-SU and fallback to PSR1 for all eDP panels. Link: https://gitlab.freedesktop.org/drm/amd/-/issues/3388 Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org Reviewed-by: Sun peng Li <sunpeng.li(a)amd.com> Signed-off-by: Tom Chung <chiahsuan.chung(a)amd.com> Signed-off-by: Roman Li <roman.li(a)amd.com> --- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_psr.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_psr.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_psr.c index 45858bf1523d..e140b7a04d72 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_psr.c +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_psr.c @@ -54,7 +54,8 @@ static bool link_supports_psrsu(struct dc_link *link) if (amdgpu_dc_debug_mask & DC_DISABLE_PSR_SU) return false; - return dc_dmub_check_min_version(dc->ctx->dmub_srv->dmub); + /* Temporarily disable PSR-SU to avoid glitches */ + return false; } /* -- 2.34.1

4 months, 3 weeks

1
0
0 0

[PATCH stable 5.10.y-6.12.y] arm64: mte: Do not allow PROT_MTE on MAP_HUGETLB user mappings

by Catalin Marinas

PROT_MTE (memory tagging extensions) is not supported on all user mmap() types for various reasons (memory attributes, backing storage, CoW handling). The arm64 arch_validate_flags() function checks whether the VM_MTE_ALLOWED flag has been set for a vma during mmap(), usually by arch_calc_vm_flag_bits(). Linux prior to 6.13 does not support PROT_MTE hugetlb mappings. This was added by commit 25c17c4b55de ("hugetlb: arm64: add mte support"). However, earlier kernels inadvertently set VM_MTE_ALLOWED on (MAP_ANONYMOUS | MAP_HUGETLB) mappings by only checking for MAP_ANONYMOUS. Explicitly check MAP_HUGETLB in arch_calc_vm_flag_bits() and avoid setting VM_MTE_ALLOWED for such mappings. Fixes: 9f3419315f3c ("arm64: mte: Add PROT_MTE support to mmap() and mprotect()") Cc: <stable(a)vger.kernel.org> # 5.10.x-6.12.x Reported-by: Naresh Kamboju <naresh.kamboju(a)linaro.org> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> --- Hi Greg, This patch applies cleanly on top of the stable-rc/linux-6.12.y to 5.10.y LTS, so I'm only sending it once. It's not for 6.13 onwards since those kernels support hugetlbfs with MTE. Thanks, Catalin arch/arm64/include/asm/mman.h | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/arch/arm64/include/asm/mman.h b/arch/arm64/include/asm/mman.h index 798d965760d4..5a280ac7570c 100644 --- a/arch/arm64/include/asm/mman.h +++ b/arch/arm64/include/asm/mman.h @@ -41,9 +41,12 @@ static inline unsigned long arch_calc_vm_flag_bits(struct file *file, * backed by tags-capable memory. The vm_flags may be overridden by a * filesystem supporting MTE (RAM-based). */ - if (system_supports_mte() && - ((flags & MAP_ANONYMOUS) || shmem_file(file))) - return VM_MTE_ALLOWED; + if (system_supports_mte()) { + if ((flags & MAP_ANONYMOUS) && !(flags & MAP_HUGETLB)) + return VM_MTE_ALLOWED; + if (shmem_file(file)) + return VM_MTE_ALLOWED; + } return 0; }

4 months, 3 weeks

3
4
0 0

[PATCH 6.13 000/274] 6.13.4-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.13.4 release. There are 274 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 21 Feb 2025 08:25:11 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.13.4-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.13.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.13.4-rc1 Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "vfio/platform: check the bounds of read/write syscalls" Michal Luczaj <mhal(a)rbox.co> vsock: Orphan socket after transport release Michal Luczaj <mhal(a)rbox.co> vsock: Keep the binding until socket destruction Pavel Begunkov <asml.silence(a)gmail.com> io_uring/kbuf: reallocate buf lists on upgrade Tejun Heo <tj(a)kernel.org> sched_ext: Fix incorrect assumption about migration disabled tasks in task_can_run_on_remote_rq() Avri Altman <avri.altman(a)wdc.com> scsi: ufs: core: Ensure clk_gating.lock is used only after initialization Jakub Kicinski <kuba(a)kernel.org> net: ipv6: fix dst refleaks in rpl, seg6 and ioam6 lwtunnels Dhananjay Ugwekar <dhananjay.ugwekar(a)amd.com> cpufreq/amd-pstate: Remove the goto label in amd_pstate_update_limits Eric Dumazet <edumazet(a)google.com> net: destroy dev->lock later in free_netdev() Juri Lelli <juri.lelli(a)redhat.com> sched/deadline: Check bandwidth overflow earlier for hotplug Juri Lelli <juri.lelli(a)redhat.com> sched/deadline: Correctly account for allocated bandwidth during hotplug Juri Lelli <juri.lelli(a)redhat.com> sched/deadline: Restore dl_server bandwidth on non-destructive root domain changes Chris Brandt <chris.brandt(a)renesas.com> drm: renesas: rz-du: Increase supported resolutions Thomas Hellström <thomas.hellstrom(a)linux.intel.com> drm/xe/tracing: Fix a potential TP_printk UAF Karol Przybylski <karprzy7(a)gmail.com> drm: zynqmp_dp: Fix integer overflow in zynqmp_dp_rate_get() Christian Gmeiner <cgmeiner(a)igalia.com> drm/v3d: Stop active perfmon if it is being destroyed Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dpu1: don't choke on disabling the writeback connector Stephan Gerhold <stephan.gerhold(a)linaro.org> drm/msm/dpu: fix x1e80100 intf_6 underrun/vsync interrupt Tomi Valkeinen <tomi.valkeinen+renesas(a)ideasonboard.com> drm/rcar-du: dsi: Fix PHY lock bit check Dan Carpenter <dan.carpenter(a)linaro.org> drm/msm/gem: prevent integer overflow in msm_ioctl_gem_submit() Devarsh Thakkar <devarsht(a)ti.com> drm/tidss: Clear the interrupt status for interrupts being disabled Devarsh Thakkar <devarsht(a)ti.com> drm/tidss: Fix race condition while handling interrupt registers Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> drm/tidss: Fix issue in irq handling causing irq-flood issue Jens Axboe <axboe(a)kernel.dk> io_uring/uring_cmd: unconditionally copy SQEs at prep time Jakub Kicinski <kuba(a)kernel.org> Reapply "net: skb: introduce and use a single page frag cache" Alexandra Winter <wintera(a)linux.ibm.com> s390/qeth: move netif_napi_add_tx() and napi_enable() from under BH Eric Dumazet <edumazet(a)google.com> ipv6: mcast: add RCU protection to mld_newpack() Caleb Sander Mateos <csander(a)purestorage.com> io_uring/uring_cmd: switch sqe to async_data on EAGAIN Caleb Sander Mateos <csander(a)purestorage.com> io_uring/uring_cmd: don't assume io_uring_cmd_data layout Jens Axboe <axboe(a)kernel.dk> io_uring/uring_cmd: cleanup struct io_uring_cmd_data layout Bart Van Assche <bvanassche(a)acm.org> iavf: Fix a locking bug in an error path Filipe Manana <fdmanana(a)suse.com> btrfs: fix stale page cache after race between readahead and direct IO write David Sterba <dsterba(a)suse.com> btrfs: rename __get_extent_map() and pass btrfs_inode Eric Dumazet <edumazet(a)google.com> ipv6: mcast: extend RCU protection in igmp6_send() Eric Dumazet <edumazet(a)google.com> ndisc: extend RCU protection in ndisc_send_skb() Eric Dumazet <edumazet(a)google.com> openvswitch: use RCU protection in ovs_vport_cmd_fill_info() Eric Dumazet <edumazet(a)google.com> arp: use RCU protection in arp_xmit() Eric Dumazet <edumazet(a)google.com> neighbour: use RCU protection in __neigh_notify() Eric Dumazet <edumazet(a)google.com> ndisc: use RCU protection in ndisc_alloc_skb() Paolo Abeni <pabeni(a)redhat.com> Revert "net: skb: introduce and use a single page frag cache" Jakub Kicinski <kuba(a)kernel.org> net: protect netdev->napi_list with netdev_lock() Jakub Kicinski <kuba(a)kernel.org> net: add netdev->up protected by netdev_lock() Jakub Kicinski <kuba(a)kernel.org> net: make netdev_lock() protect netdev->reg_state Jakub Kicinski <kuba(a)kernel.org> net: add netdev_lock() / netdev_unlock() helpers Jakub Kicinski <kuba(a)kernel.org> eth: iavf: extend the netdev_lock usage Jakub Kicinski <kuba(a)kernel.org> net: make sure we retain NAPI ordering on netdev->napi_list Vicki Pfau <vi(a)endrift.com> HID: hid-steam: Move hidraw input (un)registering to work Vicki Pfau <vi(a)endrift.com> HID: hid-steam: Make sure rumble work is canceled on removal Geert Uytterhoeven <geert+renesas(a)glider.be> genirq: Remove leading space from irq_chip::irq_print_chip() callbacks Kees Cook <kees(a)kernel.org> compiler.h: Move C string helpers into C-only kernel section Eric Dumazet <edumazet(a)google.com> ipv6: icmp: convert to dev_net_rcu() Eric Dumazet <edumazet(a)google.com> ipv6: use RCU protection in ip6_default_advmss() Eric Dumazet <edumazet(a)google.com> flow_dissector: use RCU protection to fetch dev_net() Eric Dumazet <edumazet(a)google.com> ipv4: icmp: convert to dev_net_rcu() Eric Dumazet <edumazet(a)google.com> ipv4: use RCU protection in __ip_rt_update_pmtu() Eric Dumazet <edumazet(a)google.com> ipv4: use RCU protection in inet_select_addr() Eric Dumazet <edumazet(a)google.com> ipv4: use RCU protection in rt_is_expired() Eric Dumazet <edumazet(a)google.com> ipv4: use RCU protection in ipv4_default_advmss() Eric Dumazet <edumazet(a)google.com> net: add dev_net_rcu() helper Eric Dumazet <edumazet(a)google.com> ipv4: use RCU protection in ip_dst_mtu_maybe_forward() Eric Dumazet <edumazet(a)google.com> ipv4: add RCU protection to ip4_dst_hoplimit() Dhananjay Ugwekar <dhananjay.ugwekar(a)amd.com> cpufreq/amd-pstate: Fix cpufreq_policy ref counting Mario Limonciello <mario.limonciello(a)amd.com> cpufreq/amd-pstate: convert mutex use to guard() Dhananjay Ugwekar <Dhananjay.Ugwekar(a)amd.com> cpufreq/amd-pstate: Merge amd_pstate_epp_cpu_offline() and amd_pstate_epp_offline() Dhananjay Ugwekar <Dhananjay.Ugwekar(a)amd.com> cpufreq/amd-pstate: Remove the cppc_state check in offline/online functions Dhananjay Ugwekar <Dhananjay.Ugwekar(a)amd.com> cpufreq/amd-pstate: Refactor amd_pstate_epp_reenable() and amd_pstate_epp_offline() Justin M. Forbes <jforbes(a)fedoraproject.org> rust: kbuild: add -fzero-init-padding-bits to bindgen_skip_cflags Jinghao Jia <jinghao7(a)illinois.edu> samples/hid: fix broken vmlinux path for VMLINUX_BTF Jinghao Jia <jinghao7(a)illinois.edu> samples/hid: remove unnecessary -I flags from libbpf EXTRA_CFLAGS Avri Altman <avri.altman(a)wdc.com> scsi: ufs: Fix toggling of clk_gating.state when clock gating is not allowed Avri Altman <avri.altman(a)wdc.com> scsi: ufs: core: Introduce a new clock_gating lock Avri Altman <avri.altman(a)wdc.com> scsi: ufs: core: Prepare to introduce a new clock_gating lock Avri Altman <avri.altman(a)wdc.com> scsi: ufs: core: Introduce ufshcd_has_pending_tasks() Ashutosh Dixit <ashutosh.dixit(a)intel.com> drm/xe/oa: Set stream->pollin in xe_oa_buffer_check_unlocked Ashutosh Dixit <ashutosh.dixit(a)intel.com> drm/xe/oa/uapi: Expose an unblock after N reports OA property Sai Teja Pottumuttu <sai.teja.pottumuttu(a)intel.com> drm/xe/oa/uapi: Make OA buffer size configurable Waiman Long <longman(a)redhat.com> clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context Waiman Long <longman(a)redhat.com> clocksource: Use pr_info() for "Checking clocksource synchronization" message Jakub Kicinski <kuba(a)kernel.org> net: ipv6: fix dst ref loops in rpl, seg6 and ioam6 lwtunnels Justin Iurman <justin.iurman(a)uliege.be> net: ipv6: rpl_iptunnel: mitigate 2-realloc issue Justin Iurman <justin.iurman(a)uliege.be> net: ipv6: seg6_iptunnel: mitigate 2-realloc issue Justin Iurman <justin.iurman(a)uliege.be> net: ipv6: ioam6_iptunnel: mitigate 2-realloc issue Justin Iurman <justin.iurman(a)uliege.be> include: net: add static inline dst_dev_overhead() to dst.h Filipe Manana <fdmanana(a)suse.com> btrfs: fix hole expansion when writing at an offset beyond EOF Wentao Liang <vulab(a)iscas.ac.cn> mlxsw: Add return value check for mlxsw_sp_port_get_stats_raw() Oliver Upton <oliver.upton(a)linux.dev> ACPI: GTDT: Relax sanity checking on Platform Timers array count Shyam Prasad N <sprasad(a)microsoft.com> cifs: pick channels for individual subrequests Song Yoong Siang <yoong.siang.song(a)intel.com> igc: Set buffer type for empty frames in igc_init_empty_frame Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> ptp: vmclock: Set driver data before its usage Tejun Heo <tj(a)kernel.org> sched_ext: Fix migration disabled handling in targeted dispatches David Woodhouse <dwmw(a)amazon.co.uk> ptp: vmclock: Add .owner to vmclock_miscdev_fops Andy-ld Lu <andy-ld.lu(a)mediatek.com> mmc: mtk-sd: Fix register settings for hs400(es) mode Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> ptp: vmclock: Don't unregister misc device if it was not registered Nathan Chancellor <nathan(a)kernel.org> arm64: Handle .ARM.attributes section in linker scripts Jiasheng Jiang <jiashengjiangcool(a)gmail.com> regmap-irq: Add missing kfree() Lu Baolu <baolu.lu(a)linux.intel.com> iommu: Fix potential memory leak in iopf_queue_remove_device() Josua Mayer <josua(a)solid-run.com> Revert "mmc: sdhci_am654: Add sdhci_am654_start_signal_voltage_switch" Varadarajan Narayanan <quic_varada(a)quicinc.com> regulator: qcom_smd: Add l2, l5 sub-node to mp5496 regulator Tejun Heo <tj(a)kernel.org> sched_ext: Fix incorrect autogroup migration detection Lu Baolu <baolu.lu(a)linux.intel.com> iommu/vt-d: Make intel_iommu_drain_pasid_prq() cover faults for RID Jann Horn <jannh(a)google.com> partitions: mac: fix handling of bogus partition table Wentao Liang <vulab(a)iscas.ac.cn> gpio: stmpe: Check return value of stmpe_reg_read in stmpe_gpio_irq_sync_unlock Mario Limonciello <mario.limonciello(a)amd.com> gpiolib: acpi: Add a quirk for Acer Nitro ANV14 Niklas Schnelle <schnelle(a)linux.ibm.com> s390/pci: Fix handling of isolated VFs Niklas Schnelle <schnelle(a)linux.ibm.com> s390/pci: Pull search for parent PF out of zpci_iov_setup_virtfn() Ivan Kokshaysky <ink(a)unseen.parts> alpha: align stack for page fault and user unaligned trap handlers Ivan Kokshaysky <ink(a)unseen.parts> alpha: replace hardcoded stack offsets with autogenerated ones John Keeping <jkeeping(a)inmusicbrands.com> serial: 8250: Fix fifo underflow on flush Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> serial: port: Always update ->iotype in __uart_read_properties() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> serial: port: Assign ->iotype correctly when ->iobase is set Nicolas Dichtel <nicolas.dichtel(a)6wind.com> rtnetlink: fix netns leak with rtnl_setlink() Shakeel Butt <shakeel.butt(a)linux.dev> cgroup: fix race between fork and cgroup.kill Miguel Ojeda <ojeda(a)kernel.org> rust: rbtree: fix overindented list item Miguel Ojeda <ojeda(a)kernel.org> objtool/rust: add one more `noreturn` Rust function Miguel Ojeda <ojeda(a)kernel.org> arm64: rust: clean Rust 1.85.0 warning using softfloat target Ard Biesheuvel <ardb(a)kernel.org> efi: Avoid cold plugged memory for placing the kernel Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> kbuild: userprogs: fix bitsize and target detection on clang Bjorn Helgaas <bhelgaas(a)google.com> PCI: Avoid FLR for Mediatek MT7922 WiFi Aditya Kumar Singh <aditya.kumar.singh(a)oss.qualcomm.com> wifi: ath12k: fix handling of 6 GHz rules Aditya Garg <gargaditya08(a)live.com> wifi: brcmfmac: use random seed flag for BCM4355 and BCM4364 firmware Ivan Kokshaysky <ink(a)unseen.parts> alpha: make stack 16-byte aligned (most cases) Vincent Mailhol <mailhol.vincent(a)wanadoo.fr> can: etas_es58x: fix potential NULL pointer dereference on udev->serial Robin van der Gracht <robin(a)protonic.nl> can: rockchip: rkcanfd_handle_rx_fifo_overflow_int(): bail out if skb cannot be allocated Alexander Hölzl <alexander.hoelzl(a)gmx.net> can: j1939: j1939_sk_send_loop(): fix unable to send messages with data length zero Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> can: c_can: fix unbalanced runtime PM disable in error path Fedor Pchelkin <pchelkin(a)ispras.ru> can: ctucanfd: handle skb allocation failure Johan Hovold <johan(a)kernel.org> USB: serial: option: drop MeiG Smart defines Fabio Porcedda <fabio.porcedda(a)gmail.com> USB: serial: option: fix Telit Cinterion FN990A name Fabio Porcedda <fabio.porcedda(a)gmail.com> USB: serial: option: add Telit Cinterion FN990B compositions Chester A. Unal <chester.a.unal(a)arinc9.com> USB: serial: option: add MeiG Smart SLM828 Roy Luo <royluo(a)google.com> usb: gadget: core: flush gadget workqueue after device removal Jann Horn <jannh(a)google.com> usb: cdc-acm: Fix handling of oversized fragments Jann Horn <jannh(a)google.com> usb: cdc-acm: Check control transfer buffer size before access Marek Vasut <marek.vasut+renesas(a)mailbox.org> USB: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk Alan Stern <stern(a)rowland.harvard.edu> USB: hub: Ignore non-compliant devices with too many configs or interfaces John Keeping <jkeeping(a)inmusicbrands.com> usb: gadget: f_midi: fix MIDI Streaming descriptor lengths Mathias Nyman <mathias.nyman(a)linux.intel.com> USB: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone Lei Huang <huanglei(a)kylinos.cn> USB: quirks: add USB_QUIRK_NO_LPM quirk for Teclast dist Stefan Eichenberger <stefan.eichenberger(a)toradex.com> usb: core: fix pipe creation for get_bMaxPacketSize0 Huacai Chen <chenhuacai(a)kernel.org> USB: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI Michal Pecio <michal.pecio(a)gmail.com> usb: xhci: Restore xhci_pci support for Renesas HCs Fabrice Gasnier <fabrice.gasnier(a)foss.st.com> usb: dwc2: gadget: remove of_node reference upon udc_stop Guo Ren <guoren(a)kernel.org> usb: gadget: udc: renesas_usb3: Fix compiler warning Jos Wang <joswang(a)lenovo.com> usb: typec: tcpm: PSSourceOffTimer timeout in PR_Swap enters ERROR_RECOVERY Elson Roy Serrao <quic_eserrao(a)quicinc.com> usb: roles: set switch registered flag early on Selvarasu Ganesan <selvarasu.g(a)samsung.com> usb: dwc3: Fix timeout issue during controller enter/exit from halt state Selvarasu Ganesan <selvarasu.g(a)samsung.com> usb: gadget: f_midi: Fixing wMaxPacketSize exceeded issue during MIDI bind retries Steven Rostedt <rostedt(a)goodmis.org> ring-buffer: Update pages_touched to reflect persistent buffer content Steven Rostedt <rostedt(a)goodmis.org> ring-buffer: Validate the persistent meta data subbuf array Steven Rostedt <rostedt(a)goodmis.org> tracing: Do not allow mmap() of persistent ring buffer Steven Rostedt <rostedt(a)goodmis.org> ring-buffer: Unlock resize on mmap error Sean Christopherson <seanjc(a)google.com> perf/x86/intel: Ensure LBRs are disabled when a CPU is starting Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel: Fix ARCH_PERFMON_NUM_COUNTER_LEAF Sean Christopherson <seanjc(a)google.com> KVM: nSVM: Enter guest mode before initializing nested NPT MMU Sean Christopherson <seanjc(a)google.com> KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop Sean Christopherson <seanjc(a)google.com> KVM: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC isn't in-kernel Jiang Liu <gerry(a)linux.alibaba.com> drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: bump version for RV/PCO compute fix Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/gfx9: manually control gfxoff for CS on RV Nirmoy Das <nirmoy.das(a)intel.com> drm/xe: Carve out wopcm portion from the stolen memory Remi Pommarel <repk(a)triplefau.lt> batman-adv: Fix incorrect offset in batadv_tt_tvlv_ogm_handler_v1() Sven Eckelmann <sven(a)narfation.org> batman-adv: Drop unmanaged ELP metric worker Sven Eckelmann <sven(a)narfation.org> batman-adv: Ignore neighbor throughput metrics in error case Andy Strohman <andrew(a)andrewstrohman.com> batman-adv: fix panic during interface removal Kees Cook <kees(a)kernel.org> kbuild: Use -fzero-init-padding-bits=all Geert Uytterhoeven <geert+renesas(a)glider.be> ASoC: renesas: SND_SIU_MIGOR should depend on DMADEVICES Hans de Goede <hdegoede(a)redhat.com> ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet 5V Masahiro Yamada <masahiroy(a)kernel.org> kbuild: suppress stdout from merge_config for silent builds Mike Marshall <hubcap(a)omnibond.com> orangefs: fix a oob in orangefs_debug_write Rik van Riel <riel(a)fb.com> x86/mm/tlb: Only trim the mm_cpumask once a second Hans de Goede <hdegoede(a)redhat.com> ACPI: x86: Add skip i2c clients quirk for Vexia EDU ATLA 10 tablet 5V Koichiro Den <koichiro.den(a)canonical.com> selftests: gpio: gpio-sim: Fix missing chip disablements Maksym Planeta <maksym(a)exostellar.io> Grab mm lock before grabbing pt lock Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Unify inode corruption marking with _ntfs_bad_inode() Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Mark inode as bad as soon as error detected in mi_enum_attr() Ankit Agrawal <ankita(a)nvidia.com> vfio/nvgrace-gpu: Expose the blackwell device PF BAR1 to the VM Ankit Agrawal <ankita(a)nvidia.com> vfio/nvgrace-gpu: Read dvsec register to determine need for uncached resmem Zichen Xie <zichenxie0106(a)gmail.com> NFS: Fix potential buffer overflowin nfs_sysfs_link_rpc_client() Ramesh Thomas <ramesh.thomas(a)intel.com> vfio/pci: Enable iowrite64 and ioread64 for vfio pci Brian Norris <briannorris(a)chromium.org> kunit: platform: Resolve 'struct completion' warning Rengarajan S <rengarajan.s(a)microchip.com> 8250: microchip: pci1xxxx: Add workaround for RTS bit toggle Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> serial: 8250_pci: Share WCH IDs with parport_serial driver Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> serial: 8250_pci: Resolve WCH vendor ID ambiguity Tomas Glozar <tglozar(a)redhat.com> rtla/timerlat_top: Abort event processing on second signal Tomas Glozar <tglozar(a)redhat.com> rtla/timerlat_hist: Abort event processing on second signal Guixin Liu <kanie(a)linux.alibaba.com> scsi: ufs: bsg: Set bsg_queue to NULL after removal Rakesh Babu Saladi <Saladi.Rakeshbabu(a)microchip.com> PCI: switchtec: Add Microchip PCI100X device IDs Takashi Iwai <tiwai(a)suse.de> PCI/DPC: Quirk PIO log size for Intel Raptor Lake-P Lorenzo Bianconi <lorenzo(a)kernel.org> PCI: mediatek-gen3: Avoid PCIe resetting via PERST# for Airoha EN7581 SoC Naman Jain <namjain(a)linux.microsoft.com> Drivers: hv: vmbus: Wait for boot-time offers during boot and resume Edward Adam Davis <eadavis(a)qq.com> media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread Isaac Scott <isaac.scott(a)ideasonboard.com> media: uvcvideo: Add Kurokesu C1 PRO camera Isaac Scott <isaac.scott(a)ideasonboard.com> media: uvcvideo: Add new quirk definition for the Sonix Technology Co. 292a camera Isaac Scott <isaac.scott(a)ideasonboard.com> media: uvcvideo: Implement dual stream quirk to fix loss of usb packets Naushir Patuck <naush(a)raspberrypi.com> media: bcm2835-unicam: Disable trigger mode operation Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> media: i2c: ds90ub953: Add error handling for i2c reads/writes Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> media: i2c: ds90ub913: Add error handling to ub913_hw_init() Niklas Cassel <cassel(a)kernel.org> PCI: endpoint: Add size check for fixed size BARs in pci_epc_set_bar() Arnd Bergmann <arnd(a)arndb.de> media: cxd2841er: fix 64-bit division on gcc-9 Jarkko Nikula <jarkko.nikula(a)linux.intel.com> i3c: mipi-i3c-hci: Add support for MIPI I3C HCI on PCI bus Jarkko Nikula <jarkko.nikula(a)linux.intel.com> i3c: mipi-i3c-hci: Add Intel specific quirk to ring resuming Kartik Rajput <kkartik(a)nvidia.com> soc/tegra: fuse: Update Tegra234 nvmem keepout list Aaro Koskinen <aaro.koskinen(a)iki.fi> fbdev: omap: use threaded IRQ for LCD DMA Varadarajan Narayanan <quic_varada(a)quicinc.com> soc: qcom: llcc: Update configuration data for IPQ5424 Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> firmware: qcom: scm: smc: Handle missing SCM device Michael Margolin <mrgolin(a)amazon.com> RDMA/efa: Reset device on probe failure Masahiro Yamada <masahiroy(a)kernel.org> tools: fix annoying "mkdir -p ..." logs when building tools in parallel Vasant Hegde <vasant.hegde(a)amd.com> iommu/amd: Expicitly enable CNTRL.EPHEn bit in resume path Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpiolib: Fix crash on error in gpiochip_get_ngpios() Chuyi Zhou <zhouchuyi(a)bytedance.com> sched_ext: Use SCX_CALL_OP_TASK in task_tick_scx Chuyi Zhou <zhouchuyi(a)bytedance.com> sched_ext: Fix the incorrect bpf_list kfunc API in common.bpf.h. Jens Axboe <axboe(a)kernel.dk> block: cleanup and fix batch completion adding conditions Juergen Gross <jgross(a)suse.com> x86/xen: allow larger contiguous memory regions in PV guests Juergen Gross <jgross(a)suse.com> xen/swiotlb: relax alignment requirements Imre Deak <imre.deak(a)intel.com> drm: Fix DSC BPP increment decoding Jiang Liu <gerry(a)linux.alibaba.com> drm/amdgpu: bail out when failed to load fw in psp_init_cap_microcode() Zhu Lingshan <lingshan.zhu(a)amd.com> amdkfd: properly free gang_ctx_bo when failed to init user queue Benjamin Berg <benjamin.berg(a)intel.com> um: fix execve stub execution on old host OSs Benjamin Berg <benjamin.berg(a)intel.com> um: properly align signal stack on x86_64 Benjamin Berg <benjamin.berg(a)intel.com> um: avoid copying FP state from init_task Benjamin Berg <benjamin.berg(a)intel.com> um: add back support for FXSAVE registers Jens Axboe <axboe(a)kernel.dk> io_uring/uring_cmd: remove dead req_has_async_data() check Pavel Begunkov <asml.silence(a)gmail.com> io_uring/waitid: don't abuse io_tw_state Zhang Rui <rui.zhang(a)intel.com> thermal/netlink: Prevent userspace segmentation fault by adjusting UAPI header Artur Weber <aweber.kernel(a)gmail.com> gpio: bcm-kona: Add missing newline to dev_err format string Artur Weber <aweber.kernel(a)gmail.com> gpio: bcm-kona: Make sure GPIO bits are unlocked when requesting IRQ Artur Weber <aweber.kernel(a)gmail.com> gpio: bcm-kona: Fix GPIO lock/unlock for banks above bank 0 Krzysztof Karas <krzysztof.karas(a)intel.com> drm/i915/selftests: avoid using uninitialized context Tejas Upadhyay <tejas.upadhyay(a)intel.com> drm/xe/client: bo->client does not need bos_lock Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel: Clean up PEBS-via-PT on hybrid Muhammad Adeel <Muhammad.Adeel(a)ibm.com> cgroup: Remove steal time from usage_usec Su Hui <suhui(a)nfschina.com> drm/panthor: avoid garbage value in panthor_ioctl_dev_query() Rupinderjit Singh <rusingh(a)redhat.com> gpu: host1x: Fix a use of uninitialized mutex Radu Rendec <rrendec(a)redhat.com> arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array Maxime Ripard <mripard(a)kernel.org> drm/tests: hdmi: Fix WW_MUTEX_SLOWPATH failures Andrea Righi <arighi(a)nvidia.com> sched_ext: Fix lock imbalance in dispatch_to_local_dsq() Lai Jiangshan <jiangshan.ljs(a)antgroup.com> workqueue: Put the pwq after detaching the rescuer from the pool Eric Dumazet <edumazet(a)google.com> team: better TEAM_OPTION_TYPE_STRING validation Kiran K <kiran.k(a)intel.com> Bluetooth: btintel_pcie: Fix a potential race condition Roger Quadros <rogerq(a)kernel.org> net: ethernet: ti: am65_cpsw: fix tx_cleanup for XDP case Roger Quadros <rogerq(a)kernel.org> net: ethernet: ti: am65-cpsw: fix RX & TX statistics for XDP_TX case Roger Quadros <rogerq(a)kernel.org> net: ethernet: ti: am65-cpsw: fix memleak in certain XDP cases Bibo Mao <maobibo(a)loongson.cn> LoongArch: KVM: Fix typo issue about GCFG feature detection Yuli Wang <wangyuli(a)uniontech.com> LoongArch: csum: Fix OoB access in IP checksum code for negative lengths Marco Crivellari <marco.crivellari(a)suse.com> LoongArch: Fix idle VS timer enqueue Eric Dumazet <edumazet(a)google.com> vxlan: check vxlan_vnigroup_init() return value Zdenek Bouska <zdenek.bouska(a)siemens.com> igc: Fix HW RX timestamp when passed by ZC XDP Joshua Hay <joshua.a.hay(a)intel.com> idpf: call set_real_num_queues in idpf_open Sridhar Samudrala <sridhar.samudrala(a)intel.com> idpf: record rx queue in skb for RSC packets Sridhar Samudrala <sridhar.samudrala(a)intel.com> idpf: fix handling rsc packet with a single segment Jerome Brunet <jbrunet(a)baylibre.com> regulator: core: let dt properties override driver init_data Eric Dumazet <edumazet(a)google.com> vrf: use RCU protection in l3mdev_l3_out() Eric Dumazet <edumazet(a)google.com> ndisc: ndisc_send_redirect() must use dev_get_by_index_rcu() Reyders Morales <reyders1(a)gmail.com> Documentation/networking: fix basic node example document ISO 15765-2 Eric Dumazet <edumazet(a)google.com> net: fib_rules: annotate data-races around rule->[io]ifindex Murad Masimov <m.masimov(a)mt-integration.ru> ax25: Fix refcount leak caused by setting SO_BINDTODEVICE sockopt Kunihiko Hayashi <hayashi.kunihiko(a)socionext.com> spi: sn-f-ospi: Fix division by zero Vicki Pfau <vi(a)endrift.com> HID: hid-steam: Don't use cancel_delayed_work_sync in IRQ context Tulio Fernandes <tuliomf09(a)gmail.com> HID: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints() Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> pinctrl: pinconf-generic: Print unsigned value if a format is registered Nathan Chancellor <nathan(a)kernel.org> scripts/Makefile.extrawarn: Do not show clang's non-kprintf warnings at W=1 Charles Han <hanchunchao(a)inspur.com> HID: multitouch: Add NULL check in mt_input_configured Charles Han <hanchunchao(a)inspur.com> HID: winwing: Add NULL check in winwing_init_led() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> pinctrl: cy8c95x0: Respect IRQ trigger settings from firmware Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> pinctrl: cy8c95x0: Rename PWMSEL to SELPWM Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> pinctrl: cy8c95x0: Enable regmap locking for debug Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> pinctrl: cy8c95x0: Avoid accessing reserved registers Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> pinctrl: cy8c95x0: Fix off-by-one in the regmap range settings Patrick Bellasi <derkling(a)google.com> x86/cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit Jeff Layton <jlayton(a)kernel.org> nfsd: validate the nfsd_serv pointer before calling svc_wake_up Dai Ngo <dai.ngo(a)oracle.com> NFSD: fix hang in nfsd4_shutdown_callback Li Lingfeng <lilingfeng3(a)huawei.com> nfsd: clear acl_access/acl_default after releasing them Stuart Hayhurst <stuart.a.hayhurst(a)gmail.com> HID: corsair-void: Add missing delayed work cancel for headset status Stuart Hayhurst <stuart.a.hayhurst(a)gmail.com> HID: corsair-void: Initialise memory for psy_cfg ------------- Diffstat: .../bindings/regulator/qcom,smd-rpm-regulator.yaml | 2 +- Documentation/networking/iso15765-2.rst | 4 +- Makefile | 17 +-- arch/alpha/include/uapi/asm/ptrace.h | 2 + arch/alpha/kernel/asm-offsets.c | 4 + arch/alpha/kernel/entry.S | 24 ++-- arch/alpha/kernel/traps.c | 2 +- arch/alpha/mm/fault.c | 4 +- arch/arm64/Makefile | 4 + arch/arm64/kernel/cacheinfo.c | 12 +- arch/arm64/kernel/vdso/vdso.lds.S | 1 + arch/arm64/kernel/vmlinux.lds.S | 1 + arch/loongarch/kernel/genex.S | 28 ++-- arch/loongarch/kernel/idle.c | 3 +- arch/loongarch/kernel/reset.c | 6 +- arch/loongarch/kvm/main.c | 4 +- arch/loongarch/lib/csum.c | 2 +- arch/powerpc/sysdev/fsl_msi.c | 2 +- arch/s390/pci/pci_bus.c | 20 +++ arch/s390/pci/pci_iov.c | 56 ++++++-- arch/s390/pci/pci_iov.h | 7 + arch/um/kernel/process.c | 10 +- arch/um/os-Linux/skas/process.c | 16 ++- arch/x86/Kconfig | 3 +- arch/x86/events/intel/core.c | 33 ++--- arch/x86/events/intel/ds.c | 10 +- arch/x86/include/asm/kvm-x86-ops.h | 1 + arch/x86/include/asm/kvm_host.h | 1 + arch/x86/include/asm/mmu.h | 2 + arch/x86/include/asm/mmu_context.h | 1 + arch/x86/include/asm/msr-index.h | 3 +- arch/x86/include/asm/perf_event.h | 28 +++- arch/x86/include/asm/tlbflush.h | 1 + arch/x86/kernel/cpu/bugs.c | 21 ++- arch/x86/kvm/hyperv.c | 6 +- arch/x86/kvm/mmu/mmu.c | 2 +- arch/x86/kvm/svm/nested.c | 10 +- arch/x86/kvm/svm/svm.c | 13 +- arch/x86/kvm/vmx/main.c | 1 + arch/x86/kvm/vmx/vmx.c | 10 +- arch/x86/kvm/vmx/x86_ops.h | 1 + arch/x86/kvm/x86.c | 3 + arch/x86/mm/tlb.c | 35 ++++- arch/x86/um/os-Linux/registers.c | 21 ++- arch/x86/um/signal.c | 13 +- arch/x86/xen/mmu_pv.c | 75 +++++++++-- block/partitions/mac.c | 18 ++- drivers/acpi/arm64/gtdt.c | 12 +- drivers/acpi/x86/utils.c | 13 ++ drivers/base/regmap/regmap-irq.c | 2 + drivers/bluetooth/btintel_pcie.c | 5 +- drivers/bus/moxtet.c | 2 +- drivers/cpufreq/amd-pstate.c | 107 +++++---------- drivers/firmware/efi/efi.c | 6 +- drivers/firmware/efi/libstub/randomalloc.c | 3 + drivers/firmware/efi/libstub/relocate.c | 3 + drivers/firmware/qcom/qcom_scm-smc.c | 3 + drivers/gpio/gpio-bcm-kona.c | 71 ++++++++-- drivers/gpio/gpio-stmpe.c | 15 ++- drivers/gpio/gpiolib-acpi.c | 14 ++ drivers/gpio/gpiolib.c | 6 +- drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 3 +- drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c | 5 +- drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c | 36 ++++- .../gpu/drm/amd/amdkfd/kfd_process_queue_manager.c | 2 +- drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c | 3 +- drivers/gpu/drm/display/drm_dp_helper.c | 2 +- drivers/gpu/drm/i915/selftests/i915_gem_gtt.c | 4 +- .../drm/msm/disp/dpu1/catalog/dpu_9_2_x1e80100.h | 4 +- drivers/gpu/drm/msm/disp/dpu1/dpu_writeback.c | 3 - drivers/gpu/drm/msm/msm_gem_submit.c | 3 +- drivers/gpu/drm/panthor/panthor_drv.c | 1 + drivers/gpu/drm/renesas/rcar-du/rcar_mipi_dsi.c | 2 +- .../gpu/drm/renesas/rcar-du/rcar_mipi_dsi_regs.h | 1 - drivers/gpu/drm/renesas/rz-du/rzg2l_du_kms.c | 6 +- drivers/gpu/drm/tests/drm_hdmi_state_helper_test.c | 7 + drivers/gpu/drm/tidss/tidss_dispc.c | 26 ++-- drivers/gpu/drm/tidss/tidss_irq.c | 2 + drivers/gpu/drm/v3d/v3d_perfmon.c | 5 + drivers/gpu/drm/xe/regs/xe_oa_regs.h | 9 +- drivers/gpu/drm/xe/xe_drm_client.c | 2 +- drivers/gpu/drm/xe/xe_oa.c | 92 ++++++++++--- drivers/gpu/drm/xe/xe_oa_types.h | 5 +- drivers/gpu/drm/xe/xe_query.c | 4 +- drivers/gpu/drm/xe/xe_trace_bo.h | 12 +- drivers/gpu/drm/xe/xe_ttm_stolen_mgr.c | 70 +++++----- drivers/gpu/drm/xlnx/zynqmp_dp.c | 2 +- drivers/gpu/host1x/dev.c | 2 + drivers/gpu/host1x/intr.c | 2 - drivers/hid/hid-corsair-void.c | 3 +- drivers/hid/hid-multitouch.c | 5 +- drivers/hid/hid-steam.c | 41 ++++-- drivers/hid/hid-thrustmaster.c | 2 +- drivers/hid/hid-winwing.c | 2 + drivers/hv/channel_mgmt.c | 61 ++++++--- drivers/hv/connection.c | 4 +- drivers/hv/hyperv_vmbus.h | 14 +- drivers/hv/vmbus_drv.c | 16 --- drivers/i3c/master/Kconfig | 11 ++ drivers/i3c/master/mipi-i3c-hci/Makefile | 1 + drivers/i3c/master/mipi-i3c-hci/dma.c | 17 +++ drivers/i3c/master/mipi-i3c-hci/mipi-i3c-hci-pci.c | 148 +++++++++++++++++++++ drivers/infiniband/hw/efa/efa_main.c | 9 +- drivers/iommu/amd/amd_iommu_types.h | 1 + drivers/iommu/amd/init.c | 4 + drivers/iommu/intel/prq.c | 4 +- drivers/iommu/io-pgfault.c | 1 + drivers/irqchip/irq-partition-percpu.c | 2 +- drivers/media/dvb-frontends/cxd2841er.c | 8 +- drivers/media/i2c/ds90ub913.c | 25 +++- drivers/media/i2c/ds90ub953.c | 46 +++++-- drivers/media/platform/broadcom/bcm2835-unicam.c | 8 +- drivers/media/test-drivers/vidtv/vidtv_bridge.c | 8 +- drivers/media/usb/uvc/uvc_driver.c | 18 +++ drivers/media/usb/uvc/uvc_video.c | 27 +++- drivers/media/usb/uvc/uvcvideo.h | 1 + drivers/mmc/host/mtk-sd.c | 31 +++-- drivers/mmc/host/sdhci_am654.c | 30 ----- drivers/net/can/c_can/c_can_platform.c | 5 +- drivers/net/can/ctucanfd/ctucanfd_base.c | 10 +- drivers/net/can/rockchip/rockchip_canfd-core.c | 2 +- drivers/net/can/usb/etas_es58x/es58x_devlink.c | 6 +- drivers/net/ethernet/intel/iavf/iavf_main.c | 75 ++++++++--- drivers/net/ethernet/intel/idpf/idpf_lib.c | 5 + drivers/net/ethernet/intel/idpf/idpf_txrx.c | 5 +- drivers/net/ethernet/intel/igc/igc_main.c | 22 +-- .../net/ethernet/mellanox/mlxsw/spectrum_ethtool.c | 4 +- drivers/net/ethernet/ti/am65-cpsw-nuss.c | 50 ++++--- drivers/net/netdevsim/ethtool.c | 4 +- drivers/net/team/team_core.c | 4 +- drivers/net/vxlan/vxlan_core.c | 7 +- drivers/net/wireless/ath/ath12k/wmi.c | 61 ++++++--- drivers/net/wireless/ath/ath12k/wmi.h | 1 - .../wireless/broadcom/brcm80211/brcmfmac/pcie.c | 4 +- drivers/parport/parport_serial.c | 12 +- drivers/pci/controller/pcie-mediatek-gen3.c | 57 +++++--- drivers/pci/endpoint/pci-epc-core.c | 11 +- drivers/pci/quirks.c | 15 ++- drivers/pci/switch/switchtec.c | 26 ++++ drivers/pinctrl/pinconf-generic.c | 8 +- drivers/pinctrl/pinctrl-cy8c95x0.c | 42 +++--- drivers/ptp/ptp_vmclock.c | 8 +- drivers/regulator/core.c | 61 ++++----- drivers/s390/net/qeth_core_main.c | 8 +- drivers/soc/qcom/llcc-qcom.c | 57 +++++++- drivers/soc/qcom/smp2p.c | 2 +- drivers/soc/tegra/fuse/fuse-tegra30.c | 17 ++- drivers/spi/spi-sn-f-ospi.c | 3 + drivers/tty/serial/8250/8250.h | 2 + drivers/tty/serial/8250/8250_dma.c | 16 +++ drivers/tty/serial/8250/8250_pci.c | 76 +++++------ drivers/tty/serial/8250/8250_pci1xxxx.c | 60 ++++++++- drivers/tty/serial/8250/8250_port.c | 9 ++ drivers/tty/serial/serial_port.c | 5 +- drivers/ufs/core/ufs_bsg.c | 1 + drivers/ufs/core/ufshcd.c | 127 +++++++++--------- drivers/usb/class/cdc-acm.c | 28 +++- drivers/usb/core/hub.c | 14 +- drivers/usb/core/quirks.c | 6 + drivers/usb/dwc2/gadget.c | 1 + drivers/usb/dwc3/gadget.c | 34 +++++ drivers/usb/gadget/function/f_midi.c | 17 ++- drivers/usb/gadget/udc/core.c | 2 +- drivers/usb/gadget/udc/renesas_usb3.c | 2 +- drivers/usb/host/pci-quirks.c | 9 ++ drivers/usb/host/xhci-pci.c | 7 +- drivers/usb/roles/class.c | 5 +- drivers/usb/serial/option.c | 49 ++++--- drivers/usb/typec/tcpm/tcpm.c | 3 +- drivers/vfio/pci/nvgrace-gpu/main.c | 95 ++++++++++--- drivers/vfio/pci/vfio_pci_rdwr.c | 1 + drivers/vfio/platform/vfio_platform_common.c | 10 -- drivers/video/fbdev/omap/lcd_dma.c | 4 +- drivers/xen/swiotlb-xen.c | 20 +-- fs/btrfs/extent_io.c | 29 ++-- fs/btrfs/file.c | 4 +- fs/nfs/sysfs.c | 6 +- fs/nfsd/filecache.c | 11 +- fs/nfsd/nfs2acl.c | 2 + fs/nfsd/nfs3acl.c | 2 + fs/nfsd/nfs4callback.c | 7 +- fs/ntfs3/attrib.c | 15 ++- fs/ntfs3/dir.c | 2 +- fs/ntfs3/frecord.c | 71 +++++----- fs/ntfs3/fsntfs.c | 6 +- fs/ntfs3/index.c | 6 +- fs/ntfs3/inode.c | 3 + fs/ntfs3/ntfs_fs.h | 21 +-- fs/ntfs3/record.c | 79 +++++------ fs/orangefs/orangefs-debugfs.c | 4 +- fs/smb/client/cifsglob.h | 1 - fs/smb/client/file.c | 7 +- include/drm/display/drm_dp.h | 1 + include/kunit/platform_device.h | 1 + include/linux/blk-mq.h | 18 ++- include/linux/cgroup-defs.h | 6 +- include/linux/compiler.h | 26 ++-- include/linux/efi.h | 1 + include/linux/netdevice.h | 93 +++++++++++-- include/linux/pci_ids.h | 11 ++ include/linux/sched/task.h | 1 + include/net/dst.h | 9 ++ include/net/ip.h | 13 +- include/net/l3mdev.h | 2 + include/net/net_namespace.h | 2 +- include/net/route.h | 9 +- include/uapi/drm/xe_drm.h | 16 +++ include/uapi/linux/thermal.h | 2 +- include/ufs/ufshcd.h | 9 +- io_uring/kbuf.c | 15 ++- io_uring/uring_cmd.c | 32 ++--- io_uring/waitid.c | 4 +- kernel/cgroup/cgroup.c | 20 +-- kernel/cgroup/rstat.c | 1 - kernel/sched/autogroup.c | 4 +- kernel/sched/core.c | 29 ++-- kernel/sched/deadline.c | 73 ++++++++-- kernel/sched/ext.c | 71 ++++++---- kernel/sched/ext.h | 4 +- kernel/sched/sched.h | 4 +- kernel/sched/topology.c | 8 +- kernel/time/clocksource.c | 9 +- kernel/trace/ring_buffer.c | 28 +++- kernel/trace/trace.c | 4 + kernel/workqueue.c | 12 +- net/ax25/af_ax25.c | 11 ++ net/batman-adv/bat_v.c | 2 - net/batman-adv/bat_v_elp.c | 122 ++++++++++++----- net/batman-adv/bat_v_elp.h | 2 - net/batman-adv/translation-table.c | 12 +- net/batman-adv/types.h | 3 - net/can/j1939/socket.c | 4 +- net/can/j1939/transport.c | 5 +- net/core/dev.c | 71 +++++++--- net/core/dev.h | 12 ++ net/core/fib_rules.c | 24 ++-- net/core/flow_dissector.c | 21 +-- net/core/neighbour.c | 8 +- net/core/rtnetlink.c | 1 + net/ipv4/arp.c | 4 +- net/ipv4/devinet.c | 3 +- net/ipv4/icmp.c | 31 +++-- net/ipv4/route.c | 30 +++-- net/ipv6/icmp.c | 42 +++--- net/ipv6/ioam6_iptunnel.c | 73 +++++----- net/ipv6/mcast.c | 45 ++++--- net/ipv6/ndisc.c | 28 ++-- net/ipv6/route.c | 7 +- net/ipv6/rpl_iptunnel.c | 59 ++++---- net/ipv6/seg6_iptunnel.c | 98 ++++++++------ net/openvswitch/datapath.c | 12 +- net/shaper/shaper.c | 6 +- net/vmw_vsock/af_vsock.c | 12 +- rust/Makefile | 1 + rust/kernel/rbtree.rs | 2 +- samples/hid/Makefile | 13 +- scripts/Makefile.defconf | 13 +- scripts/Makefile.extrawarn | 13 +- scripts/kconfig/Makefile | 4 +- sound/soc/intel/boards/bytcr_rt5640.c | 17 ++- sound/soc/renesas/Kconfig | 2 +- tools/objtool/check.c | 1 + tools/sched_ext/include/scx/common.bpf.h | 12 +- tools/testing/selftests/gpio/gpio-sim.sh | 31 ++++- tools/tracing/rtla/src/timerlat_hist.c | 8 ++ tools/tracing/rtla/src/timerlat_top.c | 8 ++ 266 files changed, 3125 insertions(+), 1425 deletions(-)

4 months, 3 weeks

15
302
0 0

[PATCH] drm/radeon: Add error handlings for r420 cp errata initiation

by Wentao Liang

In r420_cp_errata_init(), the RESYNC information is stored even when the Scratch register is not correctly allocated. Change the return type of r420_cp_errata_init() from void to int to propagate errors to the caller. Add error checking after radeon_scratch_get() to ensure RESYNC information is stored to an allocated address. Log an error message and return the error code immediately when radeon_scratch_get() fails. Additionally, handle the return value of r420_cp_errata_init() in r420_startup() to log an appropriate error message and propagate the error if initialization fails. Fixes: 62cdc0c20663 ("drm/radeon/kms: Workaround RV410/R420 CP errata (V3)") Cc: stable(a)vger.kernel.org # 2.6.33+ Signed-off-by: Wentao Liang <vulab(a)iscas.ac.cn> --- drivers/gpu/drm/radeon/r420.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/drivers/gpu/drm/radeon/r420.c b/drivers/gpu/drm/radeon/r420.c index 9a31cdec6415..67c55153cba8 100644 --- a/drivers/gpu/drm/radeon/r420.c +++ b/drivers/gpu/drm/radeon/r420.c @@ -204,7 +204,7 @@ static void r420_clock_resume(struct radeon_device *rdev) WREG32_PLL(R_00000D_SCLK_CNTL, sclk_cntl); } -static void r420_cp_errata_init(struct radeon_device *rdev) +static int r420_cp_errata_init(struct radeon_device *rdev) { int r; struct radeon_ring *ring = &rdev->ring[RADEON_RING_TYPE_GFX_INDEX]; @@ -215,7 +215,11 @@ static void r420_cp_errata_init(struct radeon_device *rdev) * The proper workaround is to queue a RESYNC at the beginning * of the CP init, apparently. */ - radeon_scratch_get(rdev, &rdev->config.r300.resync_scratch); + r = radeon_scratch_get(rdev, &rdev->config.r300.resync_scratch); + if (r) { + DRM_ERROR("failed to get scratch reg (%d).\n", r); + return r; + } r = radeon_ring_lock(rdev, ring, 8); WARN_ON(r); radeon_ring_write(ring, PACKET0(R300_CP_RESYNC_ADDR, 1)); @@ -290,8 +294,11 @@ static int r420_startup(struct radeon_device *rdev) dev_err(rdev->dev, "failed initializing CP (%d).\n", r); return r; } - r420_cp_errata_init(rdev); - + r = r420_cp_errata_init(rdev); + if (r) { + dev_err(rdev->dev, "failed initializing CP errata workaround (%d).\n", r); + return r; + } r = radeon_ib_pool_init(rdev); if (r) { dev_err(rdev->dev, "IB initialization failed (%d).\n", r); -- 2.42.0.windows.2

4 months, 3 weeks

3
2
0 0

Linux 6.13.4

by Greg Kroah-Hartman

I'm announcing the release of the 6.13.4 kernel. All users of the 6.13 kernel series must upgrade. The updated 6.13.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.13.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/devicetree/bindings/regulator/qcom,smd-rpm-regulator.yaml | 2 Documentation/networking/iso15765-2.rst | 4 Makefile | 15 - arch/alpha/include/uapi/asm/ptrace.h | 2 arch/alpha/kernel/asm-offsets.c | 4 arch/alpha/kernel/entry.S | 24 - arch/alpha/kernel/traps.c | 2 arch/alpha/mm/fault.c | 4 arch/arm64/Makefile | 4 arch/arm64/kernel/cacheinfo.c | 12 arch/arm64/kernel/vdso/vdso.lds.S | 1 arch/arm64/kernel/vmlinux.lds.S | 1 arch/loongarch/kernel/genex.S | 28 + arch/loongarch/kernel/idle.c | 3 arch/loongarch/kernel/reset.c | 6 arch/loongarch/kvm/main.c | 4 arch/loongarch/lib/csum.c | 2 arch/powerpc/sysdev/fsl_msi.c | 2 arch/s390/pci/pci_bus.c | 20 + arch/s390/pci/pci_iov.c | 56 ++- arch/s390/pci/pci_iov.h | 7 arch/um/kernel/process.c | 10 arch/um/os-Linux/skas/process.c | 16 - arch/x86/Kconfig | 3 arch/x86/events/intel/core.c | 33 -- arch/x86/events/intel/ds.c | 10 arch/x86/include/asm/kvm-x86-ops.h | 1 arch/x86/include/asm/kvm_host.h | 1 arch/x86/include/asm/mmu.h | 2 arch/x86/include/asm/mmu_context.h | 1 arch/x86/include/asm/msr-index.h | 3 arch/x86/include/asm/perf_event.h | 28 + arch/x86/include/asm/tlbflush.h | 1 arch/x86/kernel/cpu/bugs.c | 21 - arch/x86/kvm/hyperv.c | 6 arch/x86/kvm/mmu/mmu.c | 2 arch/x86/kvm/svm/nested.c | 10 arch/x86/kvm/svm/svm.c | 13 arch/x86/kvm/vmx/main.c | 1 arch/x86/kvm/vmx/vmx.c | 10 arch/x86/kvm/vmx/x86_ops.h | 1 arch/x86/kvm/x86.c | 3 arch/x86/mm/tlb.c | 35 ++ arch/x86/um/os-Linux/registers.c | 21 + arch/x86/um/signal.c | 13 arch/x86/xen/mmu_pv.c | 75 ++++- block/partitions/mac.c | 18 + drivers/acpi/arm64/gtdt.c | 12 drivers/acpi/x86/utils.c | 13 drivers/base/regmap/regmap-irq.c | 2 drivers/bluetooth/btintel_pcie.c | 5 drivers/bus/moxtet.c | 2 drivers/cpufreq/amd-pstate.c | 105 ++----- drivers/firmware/efi/efi.c | 6 drivers/firmware/efi/libstub/randomalloc.c | 3 drivers/firmware/efi/libstub/relocate.c | 3 drivers/firmware/qcom/qcom_scm-smc.c | 3 drivers/gpio/gpio-bcm-kona.c | 71 +++- drivers/gpio/gpio-stmpe.c | 15 - drivers/gpio/gpiolib-acpi.c | 14 drivers/gpio/gpiolib.c | 6 drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c | 5 drivers/gpu/drm/amd/amdkfd/kfd_process_queue_manager.c | 2 drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c | 3 drivers/gpu/drm/display/drm_dp_helper.c | 2 drivers/gpu/drm/i915/selftests/i915_gem_gtt.c | 4 drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_9_2_x1e80100.h | 4 drivers/gpu/drm/msm/disp/dpu1/dpu_writeback.c | 3 drivers/gpu/drm/msm/msm_gem_submit.c | 3 drivers/gpu/drm/panthor/panthor_drv.c | 1 drivers/gpu/drm/renesas/rcar-du/rcar_mipi_dsi.c | 2 drivers/gpu/drm/renesas/rcar-du/rcar_mipi_dsi_regs.h | 1 drivers/gpu/drm/renesas/rz-du/rzg2l_du_kms.c | 6 drivers/gpu/drm/tests/drm_hdmi_state_helper_test.c | 7 drivers/gpu/drm/tidss/tidss_dispc.c | 26 + drivers/gpu/drm/tidss/tidss_irq.c | 2 drivers/gpu/drm/v3d/v3d_perfmon.c | 5 drivers/gpu/drm/xe/regs/xe_oa_regs.h | 9 drivers/gpu/drm/xe/xe_drm_client.c | 2 drivers/gpu/drm/xe/xe_oa.c | 92 ++++-- drivers/gpu/drm/xe/xe_oa_types.h | 5 drivers/gpu/drm/xe/xe_query.c | 4 drivers/gpu/drm/xe/xe_trace_bo.h | 12 drivers/gpu/drm/xe/xe_ttm_stolen_mgr.c | 54 ++- drivers/gpu/drm/xlnx/zynqmp_dp.c | 2 drivers/gpu/host1x/dev.c | 2 drivers/gpu/host1x/intr.c | 2 drivers/hid/hid-corsair-void.c | 3 drivers/hid/hid-multitouch.c | 5 drivers/hid/hid-steam.c | 41 ++ drivers/hid/hid-thrustmaster.c | 2 drivers/hid/hid-winwing.c | 2 drivers/hv/channel_mgmt.c | 61 +++- drivers/hv/connection.c | 4 drivers/hv/hyperv_vmbus.h | 14 drivers/hv/vmbus_drv.c | 16 - drivers/i3c/master/Kconfig | 11 drivers/i3c/master/mipi-i3c-hci/Makefile | 1 drivers/i3c/master/mipi-i3c-hci/dma.c | 17 + drivers/i3c/master/mipi-i3c-hci/mipi-i3c-hci-pci.c | 148 ++++++++++ drivers/infiniband/hw/efa/efa_main.c | 9 drivers/iommu/amd/amd_iommu_types.h | 1 drivers/iommu/amd/init.c | 4 drivers/iommu/intel/prq.c | 4 drivers/iommu/io-pgfault.c | 1 drivers/irqchip/irq-partition-percpu.c | 2 drivers/media/dvb-frontends/cxd2841er.c | 8 drivers/media/i2c/ds90ub913.c | 25 + drivers/media/i2c/ds90ub953.c | 46 ++- drivers/media/platform/broadcom/bcm2835-unicam.c | 8 drivers/media/test-drivers/vidtv/vidtv_bridge.c | 8 drivers/media/usb/uvc/uvc_driver.c | 18 + drivers/media/usb/uvc/uvc_video.c | 27 + drivers/media/usb/uvc/uvcvideo.h | 1 drivers/mmc/host/mtk-sd.c | 31 +- drivers/mmc/host/sdhci_am654.c | 30 -- drivers/net/can/c_can/c_can_platform.c | 5 drivers/net/can/ctucanfd/ctucanfd_base.c | 10 drivers/net/can/rockchip/rockchip_canfd-core.c | 2 drivers/net/can/usb/etas_es58x/es58x_devlink.c | 6 drivers/net/ethernet/intel/idpf/idpf_lib.c | 5 drivers/net/ethernet/intel/idpf/idpf_txrx.c | 5 drivers/net/ethernet/intel/igc/igc_main.c | 22 - drivers/net/ethernet/mellanox/mlxsw/spectrum_ethtool.c | 4 drivers/net/ethernet/ti/am65-cpsw-nuss.c | 50 ++- drivers/net/team/team_core.c | 4 drivers/net/vxlan/vxlan_core.c | 7 drivers/net/wireless/ath/ath12k/wmi.c | 61 +++- drivers/net/wireless/ath/ath12k/wmi.h | 1 drivers/net/wireless/broadcom/brcm80211/brcmfmac/pcie.c | 4 drivers/parport/parport_serial.c | 12 drivers/pci/controller/pcie-mediatek-gen3.c | 59 ++- drivers/pci/endpoint/pci-epc-core.c | 11 drivers/pci/quirks.c | 15 - drivers/pci/switch/switchtec.c | 26 + drivers/pinctrl/pinconf-generic.c | 8 drivers/pinctrl/pinctrl-cy8c95x0.c | 42 +- drivers/ptp/ptp_vmclock.c | 8 drivers/regulator/core.c | 61 +--- drivers/soc/qcom/llcc-qcom.c | 57 +++ drivers/soc/qcom/smp2p.c | 2 drivers/soc/tegra/fuse/fuse-tegra30.c | 17 - drivers/spi/spi-sn-f-ospi.c | 3 drivers/tty/serial/8250/8250.h | 2 drivers/tty/serial/8250/8250_dma.c | 16 + drivers/tty/serial/8250/8250_pci.c | 76 ++--- drivers/tty/serial/8250/8250_pci1xxxx.c | 60 +++- drivers/tty/serial/8250/8250_port.c | 9 drivers/tty/serial/serial_port.c | 5 drivers/ufs/core/ufs_bsg.c | 1 drivers/ufs/core/ufshcd.c | 127 ++++---- drivers/usb/class/cdc-acm.c | 28 + drivers/usb/core/hub.c | 14 drivers/usb/core/quirks.c | 6 drivers/usb/dwc2/gadget.c | 1 drivers/usb/dwc3/gadget.c | 34 ++ drivers/usb/gadget/function/f_midi.c | 17 - drivers/usb/gadget/udc/core.c | 2 drivers/usb/gadget/udc/renesas_usb3.c | 2 drivers/usb/host/pci-quirks.c | 9 drivers/usb/host/xhci-pci.c | 7 drivers/usb/roles/class.c | 5 drivers/usb/serial/option.c | 49 +-- drivers/usb/typec/tcpm/tcpm.c | 3 drivers/vfio/pci/nvgrace-gpu/main.c | 95 ++++-- drivers/vfio/pci/vfio_pci_rdwr.c | 1 drivers/vfio/platform/vfio_platform_common.c | 10 drivers/video/fbdev/omap/lcd_dma.c | 4 drivers/xen/swiotlb-xen.c | 20 - fs/btrfs/extent_io.c | 29 + fs/btrfs/file.c | 4 fs/nfs/sysfs.c | 6 fs/nfsd/filecache.c | 11 fs/nfsd/nfs2acl.c | 2 fs/nfsd/nfs3acl.c | 2 fs/nfsd/nfs4callback.c | 7 fs/ntfs3/attrib.c | 15 - fs/ntfs3/dir.c | 2 fs/ntfs3/frecord.c | 71 ++-- fs/ntfs3/fsntfs.c | 6 fs/ntfs3/index.c | 6 fs/ntfs3/inode.c | 3 fs/ntfs3/ntfs_fs.h | 21 - fs/ntfs3/record.c | 79 ++--- fs/orangefs/orangefs-debugfs.c | 4 fs/smb/client/cifsglob.h | 1 fs/smb/client/file.c | 7 include/drm/display/drm_dp.h | 1 include/kunit/platform_device.h | 1 include/linux/blk-mq.h | 18 - include/linux/cgroup-defs.h | 6 include/linux/compiler.h | 26 - include/linux/efi.h | 1 include/linux/netdevice.h | 6 include/linux/pci_ids.h | 11 include/linux/sched/task.h | 1 include/net/dst.h | 9 include/net/ip.h | 13 include/net/l3mdev.h | 2 include/net/net_namespace.h | 2 include/net/route.h | 9 include/uapi/drm/xe_drm.h | 16 + include/uapi/linux/thermal.h | 2 include/ufs/ufshcd.h | 9 io_uring/kbuf.c | 15 - io_uring/uring_cmd.c | 32 -- io_uring/waitid.c | 4 kernel/cgroup/cgroup.c | 20 - kernel/cgroup/rstat.c | 1 kernel/sched/autogroup.c | 4 kernel/sched/core.c | 7 kernel/sched/ext.c | 71 ++-- kernel/sched/ext.h | 4 kernel/sched/sched.h | 2 kernel/time/clocksource.c | 9 kernel/trace/ring_buffer.c | 28 + kernel/trace/trace.c | 4 kernel/workqueue.c | 12 net/ax25/af_ax25.c | 11 net/batman-adv/bat_v.c | 2 net/batman-adv/bat_v_elp.c | 122 +++++--- net/batman-adv/bat_v_elp.h | 2 net/batman-adv/translation-table.c | 12 net/batman-adv/types.h | 3 net/can/j1939/socket.c | 4 net/can/j1939/transport.c | 5 net/core/fib_rules.c | 24 - net/core/flow_dissector.c | 21 - net/core/neighbour.c | 8 net/core/rtnetlink.c | 1 net/ipv4/arp.c | 4 net/ipv4/devinet.c | 3 net/ipv4/icmp.c | 31 +- net/ipv4/route.c | 30 +- net/ipv6/icmp.c | 42 +- net/ipv6/ioam6_iptunnel.c | 75 ++--- net/ipv6/mcast.c | 45 +-- net/ipv6/ndisc.c | 24 - net/ipv6/route.c | 7 net/ipv6/rpl_iptunnel.c | 59 ++- net/ipv6/seg6_iptunnel.c | 98 ++++-- net/openvswitch/datapath.c | 12 net/vmw_vsock/af_vsock.c | 12 rust/Makefile | 1 rust/kernel/rbtree.rs | 2 samples/hid/Makefile | 13 scripts/Makefile.defconf | 13 scripts/Makefile.extrawarn | 13 scripts/kconfig/Makefile | 4 sound/soc/intel/boards/bytcr_rt5640.c | 17 + sound/soc/renesas/Kconfig | 2 tools/objtool/check.c | 1 tools/sched_ext/include/scx/common.bpf.h | 12 tools/testing/selftests/gpio/gpio-sim.sh | 31 +- tools/tracing/rtla/src/timerlat_hist.c | 8 tools/tracing/rtla/src/timerlat_top.c | 8 256 files changed, 2792 insertions(+), 1331 deletions(-) Aaro Koskinen (1): fbdev: omap: use threaded IRQ for LCD DMA Aditya Garg (1): wifi: brcmfmac: use random seed flag for BCM4355 and BCM4364 firmware Aditya Kumar Singh (1): wifi: ath12k: fix handling of 6 GHz rules Alan Stern (1): USB: hub: Ignore non-compliant devices with too many configs or interfaces Alexander Hölzl (1): can: j1939: j1939_sk_send_loop(): fix unable to send messages with data length zero Andrea Righi (1): sched_ext: Fix lock imbalance in dispatch_to_local_dsq() Andy Shevchenko (10): pinctrl: cy8c95x0: Fix off-by-one in the regmap range settings pinctrl: cy8c95x0: Avoid accessing reserved registers pinctrl: cy8c95x0: Enable regmap locking for debug pinctrl: cy8c95x0: Rename PWMSEL to SELPWM pinctrl: cy8c95x0: Respect IRQ trigger settings from firmware gpiolib: Fix crash on error in gpiochip_get_ngpios() serial: 8250_pci: Resolve WCH vendor ID ambiguity serial: 8250_pci: Share WCH IDs with parport_serial driver serial: port: Assign ->iotype correctly when ->iobase is set serial: port: Always update ->iotype in __uart_read_properties() Andy Strohman (1): batman-adv: fix panic during interface removal Andy-ld Lu (1): mmc: mtk-sd: Fix register settings for hs400(es) mode Ankit Agrawal (2): vfio/nvgrace-gpu: Read dvsec register to determine need for uncached resmem vfio/nvgrace-gpu: Expose the blackwell device PF BAR1 to the VM Ard Biesheuvel (1): efi: Avoid cold plugged memory for placing the kernel Arnd Bergmann (1): media: cxd2841er: fix 64-bit division on gcc-9 Artur Weber (3): gpio: bcm-kona: Fix GPIO lock/unlock for banks above bank 0 gpio: bcm-kona: Make sure GPIO bits are unlocked when requesting IRQ gpio: bcm-kona: Add missing newline to dev_err format string Ashutosh Dixit (2): drm/xe/oa/uapi: Expose an unblock after N reports OA property drm/xe/oa: Set stream->pollin in xe_oa_buffer_check_unlocked Avri Altman (5): scsi: ufs: core: Introduce ufshcd_has_pending_tasks() scsi: ufs: core: Prepare to introduce a new clock_gating lock scsi: ufs: core: Introduce a new clock_gating lock scsi: ufs: Fix toggling of clk_gating.state when clock gating is not allowed scsi: ufs: core: Ensure clk_gating.lock is used only after initialization Benjamin Berg (4): um: add back support for FXSAVE registers um: avoid copying FP state from init_task um: properly align signal stack on x86_64 um: fix execve stub execution on old host OSs Bibo Mao (1): LoongArch: KVM: Fix typo issue about GCFG feature detection Bjorn Helgaas (1): PCI: Avoid FLR for Mediatek MT7922 WiFi Brian Norris (1): kunit: platform: Resolve 'struct completion' warning Caleb Sander Mateos (2): io_uring/uring_cmd: don't assume io_uring_cmd_data layout io_uring/uring_cmd: switch sqe to async_data on EAGAIN Charles Han (2): HID: winwing: Add NULL check in winwing_init_led() HID: multitouch: Add NULL check in mt_input_configured Chester A. Unal (1): USB: serial: option: add MeiG Smart SLM828 Chris Brandt (1): drm: renesas: rz-du: Increase supported resolutions Christian Gmeiner (1): drm/v3d: Stop active perfmon if it is being destroyed Chuyi Zhou (2): sched_ext: Fix the incorrect bpf_list kfunc API in common.bpf.h. sched_ext: Use SCX_CALL_OP_TASK in task_tick_scx Claudiu Beznea (1): pinctrl: pinconf-generic: Print unsigned value if a format is registered Dai Ngo (1): NFSD: fix hang in nfsd4_shutdown_callback Dan Carpenter (1): drm/msm/gem: prevent integer overflow in msm_ioctl_gem_submit() David Sterba (1): btrfs: rename __get_extent_map() and pass btrfs_inode David Woodhouse (1): ptp: vmclock: Add .owner to vmclock_miscdev_fops Devarsh Thakkar (2): drm/tidss: Fix race condition while handling interrupt registers drm/tidss: Clear the interrupt status for interrupts being disabled Dhananjay Ugwekar (5): cpufreq/amd-pstate: Refactor amd_pstate_epp_reenable() and amd_pstate_epp_offline() cpufreq/amd-pstate: Remove the cppc_state check in offline/online functions cpufreq/amd-pstate: Merge amd_pstate_epp_cpu_offline() and amd_pstate_epp_offline() cpufreq/amd-pstate: Fix cpufreq_policy ref counting cpufreq/amd-pstate: Remove the goto label in amd_pstate_update_limits Dmitry Baryshkov (1): drm/msm/dpu1: don't choke on disabling the writeback connector Edward Adam Davis (1): media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread Elson Roy Serrao (1): usb: roles: set switch registered flag early on Eric Dumazet (23): net: fib_rules: annotate data-races around rule->[io]ifindex ndisc: ndisc_send_redirect() must use dev_get_by_index_rcu() vrf: use RCU protection in l3mdev_l3_out() vxlan: check vxlan_vnigroup_init() return value team: better TEAM_OPTION_TYPE_STRING validation ipv4: add RCU protection to ip4_dst_hoplimit() ipv4: use RCU protection in ip_dst_mtu_maybe_forward() net: add dev_net_rcu() helper ipv4: use RCU protection in ipv4_default_advmss() ipv4: use RCU protection in rt_is_expired() ipv4: use RCU protection in inet_select_addr() ipv4: use RCU protection in __ip_rt_update_pmtu() ipv4: icmp: convert to dev_net_rcu() flow_dissector: use RCU protection to fetch dev_net() ipv6: use RCU protection in ip6_default_advmss() ipv6: icmp: convert to dev_net_rcu() ndisc: use RCU protection in ndisc_alloc_skb() neighbour: use RCU protection in __neigh_notify() arp: use RCU protection in arp_xmit() openvswitch: use RCU protection in ovs_vport_cmd_fill_info() ndisc: extend RCU protection in ndisc_send_skb() ipv6: mcast: extend RCU protection in igmp6_send() ipv6: mcast: add RCU protection to mld_newpack() Fabio Porcedda (2): USB: serial: option: add Telit Cinterion FN990B compositions USB: serial: option: fix Telit Cinterion FN990A name Fabrice Gasnier (1): usb: dwc2: gadget: remove of_node reference upon udc_stop Fedor Pchelkin (1): can: ctucanfd: handle skb allocation failure Filipe Manana (2): btrfs: fix hole expansion when writing at an offset beyond EOF btrfs: fix stale page cache after race between readahead and direct IO write Geert Uytterhoeven (2): ASoC: renesas: SND_SIU_MIGOR should depend on DMADEVICES genirq: Remove leading space from irq_chip::irq_print_chip() callbacks Greg Kroah-Hartman (2): Revert "vfio/platform: check the bounds of read/write syscalls" Linux 6.13.4 Guixin Liu (1): scsi: ufs: bsg: Set bsg_queue to NULL after removal Guo Ren (1): usb: gadget: udc: renesas_usb3: Fix compiler warning Hans de Goede (2): ACPI: x86: Add skip i2c clients quirk for Vexia EDU ATLA 10 tablet 5V ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet 5V Huacai Chen (1): USB: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI Imre Deak (1): drm: Fix DSC BPP increment decoding Isaac Scott (3): media: uvcvideo: Implement dual stream quirk to fix loss of usb packets media: uvcvideo: Add new quirk definition for the Sonix Technology Co. 292a camera media: uvcvideo: Add Kurokesu C1 PRO camera Ivan Kokshaysky (3): alpha: make stack 16-byte aligned (most cases) alpha: replace hardcoded stack offsets with autogenerated ones alpha: align stack for page fault and user unaligned trap handlers Jakub Kicinski (2): net: ipv6: fix dst ref loops in rpl, seg6 and ioam6 lwtunnels net: ipv6: fix dst refleaks in rpl, seg6 and ioam6 lwtunnels Jann Horn (3): usb: cdc-acm: Check control transfer buffer size before access usb: cdc-acm: Fix handling of oversized fragments partitions: mac: fix handling of bogus partition table Jarkko Nikula (2): i3c: mipi-i3c-hci: Add Intel specific quirk to ring resuming i3c: mipi-i3c-hci: Add support for MIPI I3C HCI on PCI bus Jeff Layton (1): nfsd: validate the nfsd_serv pointer before calling svc_wake_up Jens Axboe (4): io_uring/uring_cmd: remove dead req_has_async_data() check block: cleanup and fix batch completion adding conditions io_uring/uring_cmd: cleanup struct io_uring_cmd_data layout io_uring/uring_cmd: unconditionally copy SQEs at prep time Jerome Brunet (1): regulator: core: let dt properties override driver init_data Jiang Liu (2): drm/amdgpu: bail out when failed to load fw in psp_init_cap_microcode() drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() Jiasheng Jiang (1): regmap-irq: Add missing kfree() Jinghao Jia (2): samples/hid: remove unnecessary -I flags from libbpf EXTRA_CFLAGS samples/hid: fix broken vmlinux path for VMLINUX_BTF Johan Hovold (1): USB: serial: option: drop MeiG Smart defines John Keeping (2): usb: gadget: f_midi: fix MIDI Streaming descriptor lengths serial: 8250: Fix fifo underflow on flush Jos Wang (1): usb: typec: tcpm: PSSourceOffTimer timeout in PR_Swap enters ERROR_RECOVERY Joshua Hay (1): idpf: call set_real_num_queues in idpf_open Josua Mayer (1): Revert "mmc: sdhci_am654: Add sdhci_am654_start_signal_voltage_switch" Juergen Gross (2): xen/swiotlb: relax alignment requirements x86/xen: allow larger contiguous memory regions in PV guests Justin Iurman (4): include: net: add static inline dst_dev_overhead() to dst.h net: ipv6: ioam6_iptunnel: mitigate 2-realloc issue net: ipv6: seg6_iptunnel: mitigate 2-realloc issue net: ipv6: rpl_iptunnel: mitigate 2-realloc issue Justin M. Forbes (1): rust: kbuild: add -fzero-init-padding-bits to bindgen_skip_cflags Kan Liang (2): perf/x86/intel: Clean up PEBS-via-PT on hybrid perf/x86/intel: Fix ARCH_PERFMON_NUM_COUNTER_LEAF Karol Przybylski (1): drm: zynqmp_dp: Fix integer overflow in zynqmp_dp_rate_get() Kartik Rajput (1): soc/tegra: fuse: Update Tegra234 nvmem keepout list Kees Cook (2): kbuild: Use -fzero-init-padding-bits=all compiler.h: Move C string helpers into C-only kernel section Kiran K (1): Bluetooth: btintel_pcie: Fix a potential race condition Koichiro Den (1): selftests: gpio: gpio-sim: Fix missing chip disablements Konstantin Komarov (2): fs/ntfs3: Mark inode as bad as soon as error detected in mi_enum_attr() fs/ntfs3: Unify inode corruption marking with _ntfs_bad_inode() Krzysztof Karas (1): drm/i915/selftests: avoid using uninitialized context Krzysztof Kozlowski (2): firmware: qcom: scm: smc: Handle missing SCM device can: c_can: fix unbalanced runtime PM disable in error path Kunihiko Hayashi (1): spi: sn-f-ospi: Fix division by zero Lai Jiangshan (1): workqueue: Put the pwq after detaching the rescuer from the pool Lei Huang (1): USB: quirks: add USB_QUIRK_NO_LPM quirk for Teclast dist Li Lingfeng (1): nfsd: clear acl_access/acl_default after releasing them Lorenzo Bianconi (1): PCI: mediatek-gen3: Avoid PCIe resetting via PERST# for Airoha EN7581 SoC Lu Baolu (2): iommu/vt-d: Make intel_iommu_drain_pasid_prq() cover faults for RID iommu: Fix potential memory leak in iopf_queue_remove_device() Maksym Planeta (1): Grab mm lock before grabbing pt lock Marco Crivellari (1): LoongArch: Fix idle VS timer enqueue Marek Vasut (1): USB: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk Mario Limonciello (2): gpiolib: acpi: Add a quirk for Acer Nitro ANV14 cpufreq/amd-pstate: convert mutex use to guard() Masahiro Yamada (2): tools: fix annoying "mkdir -p ..." logs when building tools in parallel kbuild: suppress stdout from merge_config for silent builds Mathias Nyman (1): USB: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone Maxime Ripard (1): drm/tests: hdmi: Fix WW_MUTEX_SLOWPATH failures Michael Margolin (1): RDMA/efa: Reset device on probe failure Michal Luczaj (2): vsock: Keep the binding until socket destruction vsock: Orphan socket after transport release Michal Pecio (1): usb: xhci: Restore xhci_pci support for Renesas HCs Miguel Ojeda (3): arm64: rust: clean Rust 1.85.0 warning using softfloat target objtool/rust: add one more `noreturn` Rust function rust: rbtree: fix overindented list item Mike Marshall (1): orangefs: fix a oob in orangefs_debug_write Muhammad Adeel (1): cgroup: Remove steal time from usage_usec Murad Masimov (1): ax25: Fix refcount leak caused by setting SO_BINDTODEVICE sockopt Naman Jain (1): Drivers: hv: vmbus: Wait for boot-time offers during boot and resume Nathan Chancellor (2): scripts/Makefile.extrawarn: Do not show clang's non-kprintf warnings at W=1 arm64: Handle .ARM.attributes section in linker scripts Naushir Patuck (1): media: bcm2835-unicam: Disable trigger mode operation Nicolas Dichtel (1): rtnetlink: fix netns leak with rtnl_setlink() Niklas Cassel (1): PCI: endpoint: Add size check for fixed size BARs in pci_epc_set_bar() Niklas Schnelle (2): s390/pci: Pull search for parent PF out of zpci_iov_setup_virtfn() s390/pci: Fix handling of isolated VFs Nirmoy Das (1): drm/xe: Carve out wopcm portion from the stolen memory Oliver Upton (1): ACPI: GTDT: Relax sanity checking on Platform Timers array count Patrick Bellasi (1): x86/cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit Pavel Begunkov (2): io_uring/waitid: don't abuse io_tw_state io_uring/kbuf: reallocate buf lists on upgrade Radu Rendec (1): arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array Rakesh Babu Saladi (1): PCI: switchtec: Add Microchip PCI100X device IDs Ramesh Thomas (1): vfio/pci: Enable iowrite64 and ioread64 for vfio pci Remi Pommarel (1): batman-adv: Fix incorrect offset in batadv_tt_tvlv_ogm_handler_v1() Rengarajan S (1): 8250: microchip: pci1xxxx: Add workaround for RTS bit toggle Reyders Morales (1): Documentation/networking: fix basic node example document ISO 15765-2 Rik van Riel (1): x86/mm/tlb: Only trim the mm_cpumask once a second Robin van der Gracht (1): can: rockchip: rkcanfd_handle_rx_fifo_overflow_int(): bail out if skb cannot be allocated Roger Quadros (3): net: ethernet: ti: am65-cpsw: fix memleak in certain XDP cases net: ethernet: ti: am65-cpsw: fix RX & TX statistics for XDP_TX case net: ethernet: ti: am65_cpsw: fix tx_cleanup for XDP case Roy Luo (1): usb: gadget: core: flush gadget workqueue after device removal Rupinderjit Singh (1): gpu: host1x: Fix a use of uninitialized mutex Sai Teja Pottumuttu (1): drm/xe/oa/uapi: Make OA buffer size configurable Sean Christopherson (4): KVM: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC isn't in-kernel KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop KVM: nSVM: Enter guest mode before initializing nested NPT MMU perf/x86/intel: Ensure LBRs are disabled when a CPU is starting Selvarasu Ganesan (2): usb: gadget: f_midi: Fixing wMaxPacketSize exceeded issue during MIDI bind retries usb: dwc3: Fix timeout issue during controller enter/exit from halt state Shakeel Butt (1): cgroup: fix race between fork and cgroup.kill Shyam Prasad N (1): cifs: pick channels for individual subrequests Song Yoong Siang (1): igc: Set buffer type for empty frames in igc_init_empty_frame Sridhar Samudrala (2): idpf: fix handling rsc packet with a single segment idpf: record rx queue in skb for RSC packets Stefan Eichenberger (1): usb: core: fix pipe creation for get_bMaxPacketSize0 Stephan Gerhold (1): drm/msm/dpu: fix x1e80100 intf_6 underrun/vsync interrupt Steven Rostedt (4): ring-buffer: Unlock resize on mmap error tracing: Do not allow mmap() of persistent ring buffer ring-buffer: Validate the persistent meta data subbuf array ring-buffer: Update pages_touched to reflect persistent buffer content Stuart Hayhurst (2): HID: corsair-void: Initialise memory for psy_cfg HID: corsair-void: Add missing delayed work cancel for headset status Su Hui (1): drm/panthor: avoid garbage value in panthor_ioctl_dev_query() Sven Eckelmann (2): batman-adv: Ignore neighbor throughput metrics in error case batman-adv: Drop unmanaged ELP metric worker Takashi Iwai (1): PCI/DPC: Quirk PIO log size for Intel Raptor Lake-P Tejas Upadhyay (1): drm/xe/client: bo->client does not need bos_lock Tejun Heo (3): sched_ext: Fix incorrect autogroup migration detection sched_ext: Fix migration disabled handling in targeted dispatches sched_ext: Fix incorrect assumption about migration disabled tasks in task_can_run_on_remote_rq() Thomas Hellström (1): drm/xe/tracing: Fix a potential TP_printk UAF Thomas Weißschuh (3): kbuild: userprogs: fix bitsize and target detection on clang ptp: vmclock: Don't unregister misc device if it was not registered ptp: vmclock: Set driver data before its usage Tomas Glozar (2): rtla/timerlat_hist: Abort event processing on second signal rtla/timerlat_top: Abort event processing on second signal Tomi Valkeinen (4): media: i2c: ds90ub913: Add error handling to ub913_hw_init() media: i2c: ds90ub953: Add error handling for i2c reads/writes drm/tidss: Fix issue in irq handling causing irq-flood issue drm/rcar-du: dsi: Fix PHY lock bit check Tulio Fernandes (1): HID: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints() Varadarajan Narayanan (2): soc: qcom: llcc: Update configuration data for IPQ5424 regulator: qcom_smd: Add l2, l5 sub-node to mp5496 regulator Vasant Hegde (1): iommu/amd: Expicitly enable CNTRL.EPHEn bit in resume path Vicki Pfau (3): HID: hid-steam: Don't use cancel_delayed_work_sync in IRQ context HID: hid-steam: Make sure rumble work is canceled on removal HID: hid-steam: Move hidraw input (un)registering to work Vincent Mailhol (1): can: etas_es58x: fix potential NULL pointer dereference on udev->serial Waiman Long (2): clocksource: Use pr_info() for "Checking clocksource synchronization" message clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context Wentao Liang (2): gpio: stmpe: Check return value of stmpe_reg_read in stmpe_gpio_irq_sync_unlock mlxsw: Add return value check for mlxsw_sp_port_get_stats_raw() Yuli Wang (1): LoongArch: csum: Fix OoB access in IP checksum code for negative lengths Zdenek Bouska (1): igc: Fix HW RX timestamp when passed by ZC XDP Zhang Rui (1): thermal/netlink: Prevent userspace segmentation fault by adjusting UAPI header Zhu Lingshan (1): amdkfd: properly free gang_ctx_bo when failed to init user queue Zichen Xie (1): NFS: Fix potential buffer overflowin nfs_sysfs_link_rpc_client()

4 months, 3 weeks

1
1
0 0

Linux 6.12.16

by Greg Kroah-Hartman

I'm announcing the release of the 6.12.16 kernel. All users of the 6.12 kernel series must upgrade. The updated 6.12.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.12.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/devicetree/bindings/regulator/qcom,smd-rpm-regulator.yaml | 2 Documentation/networking/iso15765-2.rst | 4 Makefile | 15 - arch/alpha/include/uapi/asm/ptrace.h | 2 arch/alpha/kernel/asm-offsets.c | 4 arch/alpha/kernel/entry.S | 24 - arch/alpha/kernel/traps.c | 2 arch/alpha/mm/fault.c | 4 arch/arm64/Makefile | 4 arch/arm64/kernel/cacheinfo.c | 12 arch/arm64/kernel/vdso/vdso.lds.S | 1 arch/arm64/kernel/vmlinux.lds.S | 1 arch/loongarch/kernel/genex.S | 28 + arch/loongarch/kernel/idle.c | 3 arch/loongarch/kernel/reset.c | 6 arch/loongarch/kvm/main.c | 4 arch/loongarch/lib/csum.c | 2 arch/s390/pci/pci_bus.c | 20 + arch/s390/pci/pci_iov.c | 56 ++- arch/s390/pci/pci_iov.h | 7 arch/x86/Kconfig | 3 arch/x86/events/intel/core.c | 33 -- arch/x86/events/intel/ds.c | 10 arch/x86/include/asm/kvm-x86-ops.h | 1 arch/x86/include/asm/kvm_host.h | 1 arch/x86/include/asm/mmu.h | 2 arch/x86/include/asm/mmu_context.h | 1 arch/x86/include/asm/msr-index.h | 3 arch/x86/include/asm/perf_event.h | 28 + arch/x86/include/asm/tlbflush.h | 1 arch/x86/kernel/cpu/bugs.c | 21 - arch/x86/kernel/static_call.c | 1 arch/x86/kvm/hyperv.c | 6 arch/x86/kvm/mmu/mmu.c | 2 arch/x86/kvm/svm/nested.c | 10 arch/x86/kvm/svm/svm.c | 13 arch/x86/kvm/vmx/main.c | 1 arch/x86/kvm/vmx/vmx.c | 10 arch/x86/kvm/vmx/x86_ops.h | 1 arch/x86/kvm/x86.c | 3 arch/x86/mm/tlb.c | 35 ++ arch/x86/xen/mmu_pv.c | 75 ++++- block/partitions/mac.c | 18 + drivers/acpi/x86/utils.c | 13 drivers/base/regmap/regmap-irq.c | 2 drivers/bluetooth/btintel_pcie.c | 5 drivers/cpufreq/amd-pstate.c | 102 ++---- drivers/firmware/efi/efi.c | 6 drivers/firmware/efi/libstub/randomalloc.c | 3 drivers/firmware/efi/libstub/relocate.c | 3 drivers/firmware/qcom/qcom_scm-smc.c | 3 drivers/gpio/gpio-bcm-kona.c | 71 +++- drivers/gpio/gpio-stmpe.c | 15 - drivers/gpio/gpiolib-acpi.c | 14 drivers/gpio/gpiolib.c | 6 drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c | 5 drivers/gpu/drm/amd/amdkfd/kfd_process_queue_manager.c | 2 drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c | 3 drivers/gpu/drm/display/drm_dp_helper.c | 2 drivers/gpu/drm/i915/selftests/i915_gem_gtt.c | 4 drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_9_2_x1e80100.h | 4 drivers/gpu/drm/msm/disp/dpu1/dpu_writeback.c | 3 drivers/gpu/drm/msm/msm_gem_submit.c | 3 drivers/gpu/drm/renesas/rcar-du/rcar_mipi_dsi.c | 2 drivers/gpu/drm/renesas/rcar-du/rcar_mipi_dsi_regs.h | 1 drivers/gpu/drm/renesas/rz-du/rzg2l_du_kms.c | 6 drivers/gpu/drm/tests/drm_hdmi_state_helper_test.c | 7 drivers/gpu/drm/tidss/tidss_dispc.c | 26 + drivers/gpu/drm/tidss/tidss_irq.c | 2 drivers/gpu/drm/v3d/v3d_perfmon.c | 5 drivers/gpu/drm/xe/xe_drm_client.c | 2 drivers/gpu/drm/xe/xe_trace_bo.h | 12 drivers/gpu/host1x/dev.c | 2 drivers/gpu/host1x/intr.c | 2 drivers/hid/hid-multitouch.c | 5 drivers/hid/hid-steam.c | 41 ++ drivers/hid/hid-thrustmaster.c | 2 drivers/hid/hid-winwing.c | 2 drivers/i3c/master/Kconfig | 11 drivers/i3c/master/mipi-i3c-hci/Makefile | 1 drivers/i3c/master/mipi-i3c-hci/dma.c | 17 + drivers/i3c/master/mipi-i3c-hci/mipi-i3c-hci-pci.c | 148 ++++++++++ drivers/infiniband/hw/efa/efa_main.c | 9 drivers/iommu/amd/amd_iommu_types.h | 1 drivers/iommu/amd/init.c | 4 drivers/iommu/io-pgfault.c | 1 drivers/media/dvb-frontends/cxd2841er.c | 8 drivers/media/i2c/ds90ub913.c | 25 + drivers/media/i2c/ds90ub953.c | 46 ++- drivers/media/platform/broadcom/bcm2835-unicam.c | 8 drivers/media/test-drivers/vidtv/vidtv_bridge.c | 8 drivers/media/usb/uvc/uvc_driver.c | 18 + drivers/media/usb/uvc/uvc_video.c | 27 + drivers/media/usb/uvc/uvcvideo.h | 1 drivers/mmc/host/mtk-sd.c | 31 +- drivers/net/can/c_can/c_can_platform.c | 5 drivers/net/can/ctucanfd/ctucanfd_base.c | 10 drivers/net/can/rockchip/rockchip_canfd-core.c | 2 drivers/net/can/usb/etas_es58x/es58x_devlink.c | 6 drivers/net/ethernet/intel/idpf/idpf_lib.c | 5 drivers/net/ethernet/intel/idpf/idpf_txrx.c | 5 drivers/net/ethernet/intel/igc/igc_main.c | 22 - drivers/net/ethernet/mellanox/mlxsw/spectrum_ethtool.c | 4 drivers/net/ethernet/ti/am65-cpsw-nuss.c | 40 +- drivers/net/netdevsim/ipsec.c | 12 drivers/net/team/team_core.c | 4 drivers/net/vxlan/vxlan_core.c | 7 drivers/net/wireless/ath/ath12k/wmi.c | 61 +++- drivers/net/wireless/ath/ath12k/wmi.h | 1 drivers/net/wireless/realtek/rtw89/pci.c | 17 - drivers/net/wireless/realtek/rtw89/pci.h | 11 drivers/net/wireless/realtek/rtw89/pci_be.c | 2 drivers/parport/parport_serial.c | 12 drivers/pci/quirks.c | 15 - drivers/pci/switch/switchtec.c | 26 + drivers/pinctrl/pinconf-generic.c | 8 drivers/pinctrl/pinctrl-cy8c95x0.c | 36 +- drivers/soc/tegra/fuse/fuse-tegra30.c | 17 - drivers/spi/spi-sn-f-ospi.c | 3 drivers/tty/serial/8250/8250.h | 2 drivers/tty/serial/8250/8250_dma.c | 16 + drivers/tty/serial/8250/8250_pci.c | 76 ++--- drivers/tty/serial/8250/8250_pci1xxxx.c | 60 +++- drivers/tty/serial/8250/8250_port.c | 9 drivers/tty/serial/serial_port.c | 5 drivers/ufs/core/ufs_bsg.c | 1 drivers/ufs/core/ufshcd.c | 127 ++++---- drivers/usb/class/cdc-acm.c | 28 + drivers/usb/core/hub.c | 14 drivers/usb/core/quirks.c | 6 drivers/usb/dwc2/gadget.c | 1 drivers/usb/dwc3/gadget.c | 34 ++ drivers/usb/gadget/function/f_midi.c | 17 - drivers/usb/gadget/udc/core.c | 2 drivers/usb/gadget/udc/renesas_usb3.c | 2 drivers/usb/host/pci-quirks.c | 9 drivers/usb/host/xhci-pci.c | 7 drivers/usb/roles/class.c | 5 drivers/usb/serial/option.c | 49 +-- drivers/vfio/pci/nvgrace-gpu/main.c | 95 ++++-- drivers/vfio/pci/vfio_pci_rdwr.c | 1 drivers/vfio/platform/vfio_platform_common.c | 10 drivers/video/fbdev/omap/lcd_dma.c | 4 drivers/xen/swiotlb-xen.c | 20 - fs/btrfs/extent_io.c | 29 + fs/btrfs/file.c | 4 fs/nfs/sysfs.c | 6 fs/nfsd/filecache.c | 11 fs/nfsd/nfs2acl.c | 2 fs/nfsd/nfs3acl.c | 2 fs/nfsd/nfs4callback.c | 7 fs/ntfs3/attrib.c | 4 fs/ntfs3/dir.c | 2 fs/ntfs3/frecord.c | 12 fs/ntfs3/fsntfs.c | 6 fs/ntfs3/index.c | 6 fs/ntfs3/inode.c | 3 fs/orangefs/orangefs-debugfs.c | 4 fs/smb/client/cifsglob.h | 1 fs/smb/client/file.c | 7 include/drm/display/drm_dp.h | 1 include/kunit/platform_device.h | 1 include/linux/blk-mq.h | 18 - include/linux/cgroup-defs.h | 6 include/linux/efi.h | 1 include/linux/netdevice.h | 6 include/linux/pci_ids.h | 11 include/linux/sched/task.h | 1 include/net/dst.h | 9 include/net/ip.h | 13 include/net/l3mdev.h | 2 include/net/net_namespace.h | 2 include/net/route.h | 9 include/ufs/ufshcd.h | 9 io_uring/kbuf.c | 15 - io_uring/uring_cmd.c | 3 io_uring/waitid.c | 4 kernel/cgroup/cgroup.c | 20 - kernel/cgroup/rstat.c | 1 kernel/sched/autogroup.c | 4 kernel/sched/core.c | 7 kernel/sched/ext.c | 35 -- kernel/sched/ext.h | 4 kernel/sched/sched.h | 2 kernel/time/clocksource.c | 9 kernel/trace/ring_buffer.c | 28 + kernel/trace/trace.c | 4 kernel/workqueue.c | 12 net/ax25/af_ax25.c | 11 net/batman-adv/bat_v.c | 2 net/batman-adv/bat_v_elp.c | 122 +++++--- net/batman-adv/bat_v_elp.h | 2 net/batman-adv/types.h | 3 net/can/j1939/socket.c | 4 net/can/j1939/transport.c | 5 net/core/fib_rules.c | 24 - net/core/flow_dissector.c | 21 - net/core/neighbour.c | 8 net/ipv4/arp.c | 4 net/ipv4/devinet.c | 3 net/ipv4/icmp.c | 31 +- net/ipv4/route.c | 39 ++ net/ipv6/icmp.c | 42 +- net/ipv6/ioam6_iptunnel.c | 75 ++--- net/ipv6/mcast.c | 45 +-- net/ipv6/ndisc.c | 24 - net/ipv6/route.c | 7 net/ipv6/rpl_iptunnel.c | 59 ++- net/ipv6/seg6_iptunnel.c | 98 ++++-- net/openvswitch/datapath.c | 12 net/vmw_vsock/af_vsock.c | 12 rust/Makefile | 1 rust/kernel/rbtree.rs | 2 scripts/Makefile.defconf | 13 scripts/Makefile.extrawarn | 13 scripts/kconfig/Makefile | 4 sound/soc/intel/boards/bytcr_rt5640.c | 17 + tools/objtool/check.c | 1 tools/sched_ext/include/scx/common.bpf.h | 12 tools/testing/selftests/bpf/prog_tests/bpf_iter.c | 6 tools/testing/selftests/bpf/prog_tests/uprobe_multi_test.c | 9 tools/testing/selftests/gpio/gpio-sim.sh | 31 +- tools/testing/selftests/net/pmtu.sh | 112 ++++++- tools/testing/selftests/net/rtnetlink.sh | 4 tools/tracing/rtla/src/timerlat_hist.c | 8 tools/tracing/rtla/src/timerlat_top.c | 8 226 files changed, 2386 insertions(+), 1012 deletions(-) Aaro Koskinen (1): fbdev: omap: use threaded IRQ for LCD DMA Aditya Kumar Singh (1): wifi: ath12k: fix handling of 6 GHz rules Alan Stern (1): USB: hub: Ignore non-compliant devices with too many configs or interfaces Alexander Hölzl (1): can: j1939: j1939_sk_send_loop(): fix unable to send messages with data length zero Andrea Righi (1): sched_ext: Fix lock imbalance in dispatch_to_local_dsq() Andrew Cooper (1): x86/static-call: Remove early_boot_irqs_disabled check to fix Xen PVH dom0 Andy Shevchenko (9): pinctrl: cy8c95x0: Avoid accessing reserved registers pinctrl: cy8c95x0: Enable regmap locking for debug pinctrl: cy8c95x0: Rename PWMSEL to SELPWM pinctrl: cy8c95x0: Respect IRQ trigger settings from firmware gpiolib: Fix crash on error in gpiochip_get_ngpios() serial: 8250_pci: Resolve WCH vendor ID ambiguity serial: 8250_pci: Share WCH IDs with parport_serial driver serial: port: Assign ->iotype correctly when ->iobase is set serial: port: Always update ->iotype in __uart_read_properties() Andy Strohman (1): batman-adv: fix panic during interface removal Andy-ld Lu (1): mmc: mtk-sd: Fix register settings for hs400(es) mode Ankit Agrawal (2): vfio/nvgrace-gpu: Read dvsec register to determine need for uncached resmem vfio/nvgrace-gpu: Expose the blackwell device PF BAR1 to the VM Ard Biesheuvel (1): efi: Avoid cold plugged memory for placing the kernel Arnd Bergmann (1): media: cxd2841er: fix 64-bit division on gcc-9 Artur Weber (3): gpio: bcm-kona: Fix GPIO lock/unlock for banks above bank 0 gpio: bcm-kona: Make sure GPIO bits are unlocked when requesting IRQ gpio: bcm-kona: Add missing newline to dev_err format string Avri Altman (5): scsi: ufs: core: Introduce ufshcd_has_pending_tasks() scsi: ufs: core: Prepare to introduce a new clock_gating lock scsi: ufs: core: Introduce a new clock_gating lock scsi: ufs: Fix toggling of clk_gating.state when clock gating is not allowed scsi: ufs: core: Ensure clk_gating.lock is used only after initialization Bibo Mao (1): LoongArch: KVM: Fix typo issue about GCFG feature detection Bjorn Helgaas (1): PCI: Avoid FLR for Mediatek MT7922 WiFi Brian Norris (1): kunit: platform: Resolve 'struct completion' warning Charles Han (2): HID: winwing: Add NULL check in winwing_init_led() HID: multitouch: Add NULL check in mt_input_configured Chester A. Unal (1): USB: serial: option: add MeiG Smart SLM828 Chris Brandt (1): drm: renesas: rz-du: Increase supported resolutions Christian Gmeiner (1): drm/v3d: Stop active perfmon if it is being destroyed Chuyi Zhou (2): sched_ext: Fix the incorrect bpf_list kfunc API in common.bpf.h. sched_ext: Use SCX_CALL_OP_TASK in task_tick_scx Claudiu Beznea (1): pinctrl: pinconf-generic: Print unsigned value if a format is registered Dai Ngo (1): NFSD: fix hang in nfsd4_shutdown_callback Dan Carpenter (1): drm/msm/gem: prevent integer overflow in msm_ioctl_gem_submit() David Sterba (1): btrfs: rename __get_extent_map() and pass btrfs_inode Devarsh Thakkar (2): drm/tidss: Fix race condition while handling interrupt registers drm/tidss: Clear the interrupt status for interrupts being disabled Dhananjay Ugwekar (7): cpufreq/amd-pstate: Call cppc_set_epp_perf in the reenable function cpufreq/amd-pstate: Align offline flow of shared memory and MSR based systems cpufreq/amd-pstate: Refactor amd_pstate_epp_reenable() and amd_pstate_epp_offline() cpufreq/amd-pstate: Remove the cppc_state check in offline/online functions cpufreq/amd-pstate: Merge amd_pstate_epp_cpu_offline() and amd_pstate_epp_offline() cpufreq/amd-pstate: Fix cpufreq_policy ref counting cpufreq/amd-pstate: Remove the goto label in amd_pstate_update_limits Dmitry Baryshkov (1): drm/msm/dpu1: don't choke on disabling the writeback connector Edward Adam Davis (1): media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread Elson Roy Serrao (1): usb: roles: set switch registered flag early on Eric Dumazet (23): net: fib_rules: annotate data-races around rule->[io]ifindex ndisc: ndisc_send_redirect() must use dev_get_by_index_rcu() vrf: use RCU protection in l3mdev_l3_out() vxlan: check vxlan_vnigroup_init() return value team: better TEAM_OPTION_TYPE_STRING validation ipv4: add RCU protection to ip4_dst_hoplimit() ipv4: use RCU protection in ip_dst_mtu_maybe_forward() net: add dev_net_rcu() helper ipv4: use RCU protection in ipv4_default_advmss() ipv4: use RCU protection in rt_is_expired() ipv4: use RCU protection in inet_select_addr() ipv4: use RCU protection in __ip_rt_update_pmtu() ipv4: icmp: convert to dev_net_rcu() flow_dissector: use RCU protection to fetch dev_net() ipv6: use RCU protection in ip6_default_advmss() ipv6: icmp: convert to dev_net_rcu() ndisc: use RCU protection in ndisc_alloc_skb() neighbour: use RCU protection in __neigh_notify() arp: use RCU protection in arp_xmit() openvswitch: use RCU protection in ovs_vport_cmd_fill_info() ndisc: extend RCU protection in ndisc_send_skb() ipv6: mcast: extend RCU protection in igmp6_send() ipv6: mcast: add RCU protection to mld_newpack() Fabio Porcedda (2): USB: serial: option: add Telit Cinterion FN990B compositions USB: serial: option: fix Telit Cinterion FN990A name Fabrice Gasnier (1): usb: dwc2: gadget: remove of_node reference upon udc_stop Fedor Pchelkin (1): can: ctucanfd: handle skb allocation failure Filipe Manana (2): btrfs: fix hole expansion when writing at an offset beyond EOF btrfs: fix stale page cache after race between readahead and direct IO write Greg Kroah-Hartman (2): Revert "vfio/platform: check the bounds of read/write syscalls" Linux 6.12.16 Guixin Liu (1): scsi: ufs: bsg: Set bsg_queue to NULL after removal Guo Ren (1): usb: gadget: udc: renesas_usb3: Fix compiler warning Hangbin Liu (2): netdevsim: print human readable IP address selftests: rtnetlink: update netdevsim ipsec output format Hans de Goede (2): ACPI: x86: Add skip i2c clients quirk for Vexia EDU ATLA 10 tablet 5V ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet 5V Huacai Chen (1): USB: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI Imre Deak (1): drm: Fix DSC BPP increment decoding Isaac Scott (3): media: uvcvideo: Implement dual stream quirk to fix loss of usb packets media: uvcvideo: Add new quirk definition for the Sonix Technology Co. 292a camera media: uvcvideo: Add Kurokesu C1 PRO camera Ivan Kokshaysky (3): alpha: make stack 16-byte aligned (most cases) alpha: replace hardcoded stack offsets with autogenerated ones alpha: align stack for page fault and user unaligned trap handlers Jakub Kicinski (2): net: ipv6: fix dst ref loops in rpl, seg6 and ioam6 lwtunnels net: ipv6: fix dst refleaks in rpl, seg6 and ioam6 lwtunnels Jann Horn (3): usb: cdc-acm: Check control transfer buffer size before access usb: cdc-acm: Fix handling of oversized fragments partitions: mac: fix handling of bogus partition table Jarkko Nikula (2): i3c: mipi-i3c-hci: Add Intel specific quirk to ring resuming i3c: mipi-i3c-hci: Add support for MIPI I3C HCI on PCI bus Jason Xing (1): bpf: handle implicit declaration of function gettid in bpf_iter.c Jeff Layton (1): nfsd: validate the nfsd_serv pointer before calling svc_wake_up Jens Axboe (2): io_uring/uring_cmd: remove dead req_has_async_data() check block: cleanup and fix batch completion adding conditions Jiang Liu (2): drm/amdgpu: bail out when failed to load fw in psp_init_cap_microcode() drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() Jiasheng Jiang (1): regmap-irq: Add missing kfree() Jiri Olsa (1): selftests/bpf: Fix uprobe consumer test Johan Hovold (1): USB: serial: option: drop MeiG Smart defines John Keeping (2): usb: gadget: f_midi: fix MIDI Streaming descriptor lengths serial: 8250: Fix fifo underflow on flush Joshua Hay (1): idpf: call set_real_num_queues in idpf_open Juergen Gross (2): xen/swiotlb: relax alignment requirements x86/xen: allow larger contiguous memory regions in PV guests Justin Iurman (4): include: net: add static inline dst_dev_overhead() to dst.h net: ipv6: ioam6_iptunnel: mitigate 2-realloc issue net: ipv6: seg6_iptunnel: mitigate 2-realloc issue net: ipv6: rpl_iptunnel: mitigate 2-realloc issue Justin M. Forbes (1): rust: kbuild: add -fzero-init-padding-bits to bindgen_skip_cflags Kan Liang (2): perf/x86/intel: Clean up PEBS-via-PT on hybrid perf/x86/intel: Fix ARCH_PERFMON_NUM_COUNTER_LEAF Kartik Rajput (1): soc/tegra: fuse: Update Tegra234 nvmem keepout list Kees Cook (1): kbuild: Use -fzero-init-padding-bits=all Kiran K (1): Bluetooth: btintel_pcie: Fix a potential race condition Koichiro Den (1): selftests: gpio: gpio-sim: Fix missing chip disablements Konstantin Komarov (1): fs/ntfs3: Unify inode corruption marking with _ntfs_bad_inode() Krzysztof Karas (1): drm/i915/selftests: avoid using uninitialized context Krzysztof Kozlowski (2): firmware: qcom: scm: smc: Handle missing SCM device can: c_can: fix unbalanced runtime PM disable in error path Kunihiko Hayashi (1): spi: sn-f-ospi: Fix division by zero Lai Jiangshan (1): workqueue: Put the pwq after detaching the rescuer from the pool Lei Huang (1): USB: quirks: add USB_QUIRK_NO_LPM quirk for Teclast dist Li Lingfeng (1): nfsd: clear acl_access/acl_default after releasing them Lu Baolu (1): iommu: Fix potential memory leak in iopf_queue_remove_device() Maksym Planeta (1): Grab mm lock before grabbing pt lock Marco Crivellari (1): LoongArch: Fix idle VS timer enqueue Marek Vasut (1): USB: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk Mario Limonciello (2): gpiolib: acpi: Add a quirk for Acer Nitro ANV14 cpufreq/amd-pstate: convert mutex use to guard() Masahiro Yamada (2): tools: fix annoying "mkdir -p ..." logs when building tools in parallel kbuild: suppress stdout from merge_config for silent builds Mathias Nyman (1): USB: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone Maxime Ripard (1): drm/tests: hdmi: Fix WW_MUTEX_SLOWPATH failures Michael Margolin (1): RDMA/efa: Reset device on probe failure Michal Luczaj (2): vsock: Keep the binding until socket destruction vsock: Orphan socket after transport release Michal Pecio (1): usb: xhci: Restore xhci_pci support for Renesas HCs Miguel Ojeda (3): arm64: rust: clean Rust 1.85.0 warning using softfloat target objtool/rust: add one more `noreturn` Rust function rust: rbtree: fix overindented list item Mike Marshall (1): orangefs: fix a oob in orangefs_debug_write Muhammad Adeel (1): cgroup: Remove steal time from usage_usec Murad Masimov (1): ax25: Fix refcount leak caused by setting SO_BINDTODEVICE sockopt Nathan Chancellor (2): scripts/Makefile.extrawarn: Do not show clang's non-kprintf warnings at W=1 arm64: Handle .ARM.attributes section in linker scripts Naushir Patuck (1): media: bcm2835-unicam: Disable trigger mode operation Niklas Schnelle (2): s390/pci: Pull search for parent PF out of zpci_iov_setup_virtfn() s390/pci: Fix handling of isolated VFs Patrick Bellasi (1): x86/cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit Pavel Begunkov (2): io_uring/waitid: don't abuse io_tw_state io_uring/kbuf: reallocate buf lists on upgrade Ping-Ke Shih (1): wifi: rtw89: pci: disable PCIE wake bit when PCIE deinit Radu Rendec (1): arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array Rakesh Babu Saladi (1): PCI: switchtec: Add Microchip PCI100X device IDs Ramesh Thomas (1): vfio/pci: Enable iowrite64 and ioread64 for vfio pci Rengarajan S (1): 8250: microchip: pci1xxxx: Add workaround for RTS bit toggle Reyders Morales (1): Documentation/networking: fix basic node example document ISO 15765-2 Rik van Riel (1): x86/mm/tlb: Only trim the mm_cpumask once a second Robin van der Gracht (1): can: rockchip: rkcanfd_handle_rx_fifo_overflow_int(): bail out if skb cannot be allocated Roger Quadros (2): net: ethernet: ti: am65-cpsw: fix memleak in certain XDP cases net: ethernet: ti: am65_cpsw: fix tx_cleanup for XDP case Roy Luo (1): usb: gadget: core: flush gadget workqueue after device removal Rupinderjit Singh (1): gpu: host1x: Fix a use of uninitialized mutex Sean Christopherson (4): KVM: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC isn't in-kernel KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop KVM: nSVM: Enter guest mode before initializing nested NPT MMU perf/x86/intel: Ensure LBRs are disabled when a CPU is starting Selvarasu Ganesan (2): usb: gadget: f_midi: Fixing wMaxPacketSize exceeded issue during MIDI bind retries usb: dwc3: Fix timeout issue during controller enter/exit from halt state Shakeel Butt (1): cgroup: fix race between fork and cgroup.kill Shyam Prasad N (1): cifs: pick channels for individual subrequests Song Yoong Siang (1): igc: Set buffer type for empty frames in igc_init_empty_frame Sridhar Samudrala (2): idpf: fix handling rsc packet with a single segment idpf: record rx queue in skb for RSC packets Stefan Eichenberger (1): usb: core: fix pipe creation for get_bMaxPacketSize0 Stephan Gerhold (1): drm/msm/dpu: fix x1e80100 intf_6 underrun/vsync interrupt Steven Rostedt (4): ring-buffer: Unlock resize on mmap error tracing: Do not allow mmap() of persistent ring buffer ring-buffer: Validate the persistent meta data subbuf array ring-buffer: Update pages_touched to reflect persistent buffer content Sven Eckelmann (2): batman-adv: Ignore neighbor throughput metrics in error case batman-adv: Drop unmanaged ELP metric worker Takashi Iwai (1): PCI/DPC: Quirk PIO log size for Intel Raptor Lake-P Tejas Upadhyay (1): drm/xe/client: bo->client does not need bos_lock Tejun Heo (1): sched_ext: Fix incorrect autogroup migration detection Thomas Hellström (1): drm/xe/tracing: Fix a potential TP_printk UAF Thomas Weißschuh (1): kbuild: userprogs: fix bitsize and target detection on clang Tomas Glozar (2): rtla/timerlat_hist: Abort event processing on second signal rtla/timerlat_top: Abort event processing on second signal Tomi Valkeinen (4): media: i2c: ds90ub913: Add error handling to ub913_hw_init() media: i2c: ds90ub953: Add error handling for i2c reads/writes drm/tidss: Fix issue in irq handling causing irq-flood issue drm/rcar-du: dsi: Fix PHY lock bit check Tulio Fernandes (1): HID: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints() Varadarajan Narayanan (1): regulator: qcom_smd: Add l2, l5 sub-node to mp5496 regulator Vasant Hegde (1): iommu/amd: Expicitly enable CNTRL.EPHEn bit in resume path Vicki Pfau (3): HID: hid-steam: Don't use cancel_delayed_work_sync in IRQ context HID: hid-steam: Make sure rumble work is canceled on removal HID: hid-steam: Move hidraw input (un)registering to work Vincent Mailhol (1): can: etas_es58x: fix potential NULL pointer dereference on udev->serial Vladimir Vdovin (1): net: ipv4: Cache pmtu for all packet paths if multipath enabled Waiman Long (2): clocksource: Use pr_info() for "Checking clocksource synchronization" message clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context Wentao Liang (2): gpio: stmpe: Check return value of stmpe_reg_read in stmpe_gpio_irq_sync_unlock mlxsw: Add return value check for mlxsw_sp_port_get_stats_raw() Yuli Wang (1): LoongArch: csum: Fix OoB access in IP checksum code for negative lengths Zdenek Bouska (1): igc: Fix HW RX timestamp when passed by ZC XDP Zhu Lingshan (1): amdkfd: properly free gang_ctx_bo when failed to init user queue Zichen Xie (1): NFS: Fix potential buffer overflowin nfs_sysfs_link_rpc_client()

4 months, 3 weeks

1
1
0 0

Linux 6.6.79

by Greg Kroah-Hartman

I'm announcing the release of the 6.6.79 kernel. All users of the 6.6 kernel series must upgrade. The updated 6.6.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.6.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/arch/arm64/elf_hwcaps.rst | 36 Documentation/devicetree/bindings/regulator/qcom,smd-rpm-regulator.yaml | 2 Makefile | 15 arch/alpha/include/uapi/asm/ptrace.h | 2 arch/alpha/kernel/asm-offsets.c | 2 arch/alpha/kernel/entry.S | 24 arch/alpha/kernel/traps.c | 2 arch/alpha/mm/fault.c | 4 arch/arm64/kernel/cacheinfo.c | 12 arch/arm64/kernel/cpufeature.c | 38 arch/arm64/kernel/vdso/vdso.lds.S | 1 arch/arm64/kernel/vmlinux.lds.S | 1 arch/loongarch/kernel/genex.S | 28 arch/loongarch/kernel/idle.c | 3 arch/loongarch/kernel/reset.c | 6 arch/loongarch/lib/csum.c | 2 arch/x86/events/intel/core.c | 5 arch/x86/include/asm/mmu.h | 2 arch/x86/include/asm/mmu_context.h | 1 arch/x86/include/asm/msr-index.h | 3 arch/x86/include/asm/tlbflush.h | 1 arch/x86/kernel/i8253.c | 11 arch/x86/kernel/static_call.c | 1 arch/x86/kvm/hyperv.c | 6 arch/x86/kvm/mmu/mmu.c | 2 arch/x86/kvm/svm/nested.c | 10 arch/x86/mm/tlb.c | 35 arch/x86/xen/mmu_pv.c | 75 - block/partitions/mac.c | 18 drivers/acpi/x86/utils.c | 13 drivers/base/regmap/regmap-irq.c | 2 drivers/clocksource/i8253.c | 13 drivers/firmware/efi/efi.c | 6 drivers/firmware/efi/libstub/randomalloc.c | 3 drivers/firmware/efi/libstub/relocate.c | 3 drivers/gpio/gpio-bcm-kona.c | 71 drivers/gpio/gpio-stmpe.c | 15 drivers/gpio/gpiolib-acpi.c | 14 drivers/gpio/gpiolib.c | 6 drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c | 5 drivers/gpu/drm/amd/display/dc/dcn20/dcn20_resource.c | 3 drivers/gpu/drm/amd/display/dc/dcn201/dcn201_resource.c | 4 drivers/gpu/drm/amd/display/dc/dcn21/dcn21_resource.c | 3 drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c | 3 drivers/gpu/drm/i915/selftests/i915_gem_gtt.c | 4 drivers/gpu/drm/renesas/rcar-du/rcar_mipi_dsi.c | 2 drivers/gpu/drm/renesas/rcar-du/rcar_mipi_dsi_regs.h | 1 drivers/gpu/drm/tidss/tidss_dispc.c | 22 drivers/gpu/drm/v3d/v3d_perfmon.c | 5 drivers/hid/hid-multitouch.c | 5 drivers/hid/hid-steam.c | 740 +++++++--- drivers/hid/hid-thrustmaster.c | 2 drivers/infiniband/hw/efa/efa_main.c | 9 drivers/md/md-bitmap.c | 75 - drivers/md/md-bitmap.h | 6 drivers/md/md.c | 26 drivers/md/md.h | 5 drivers/md/raid1.c | 35 drivers/md/raid1.h | 1 drivers/md/raid10.c | 26 drivers/md/raid10.h | 1 drivers/md/raid5-cache.c | 4 drivers/md/raid5.c | 174 +- drivers/md/raid5.h | 4 drivers/media/dvb-frontends/cxd2841er.c | 8 drivers/media/i2c/ds90ub913.c | 25 drivers/media/i2c/ds90ub953.c | 46 drivers/media/test-drivers/vidtv/vidtv_bridge.c | 8 drivers/media/usb/uvc/uvc_driver.c | 18 drivers/media/usb/uvc/uvc_video.c | 27 drivers/media/usb/uvc/uvcvideo.h | 1 drivers/mmc/host/mtk-sd.c | 31 drivers/net/can/c_can/c_can_platform.c | 5 drivers/net/can/ctucanfd/ctucanfd_base.c | 10 drivers/net/can/usb/etas_es58x/es58x_devlink.c | 6 drivers/net/ethernet/intel/igc/igc_main.c | 1 drivers/net/ethernet/mellanox/mlxsw/spectrum_ethtool.c | 4 drivers/net/netdevsim/ipsec.c | 12 drivers/net/team/team.c | 4 drivers/net/vxlan/vxlan_core.c | 7 drivers/net/wireless/ath/ath12k/wmi.c | 61 drivers/net/wireless/ath/ath12k/wmi.h | 1 drivers/pci/quirks.c | 12 drivers/pci/switch/switchtec.c | 26 drivers/pinctrl/pinctrl-cy8c95x0.c | 2 drivers/soc/tegra/fuse/fuse-tegra30.c | 17 drivers/spi/spi-sn-f-ospi.c | 3 drivers/tty/serial/8250/8250.h | 2 drivers/tty/serial/8250/8250_dma.c | 16 drivers/tty/serial/8250/8250_port.c | 9 drivers/tty/serial/serial_port.c | 5 drivers/ufs/core/ufs_bsg.c | 1 drivers/usb/class/cdc-acm.c | 28 drivers/usb/core/hub.c | 14 drivers/usb/core/quirks.c | 6 drivers/usb/dwc2/gadget.c | 1 drivers/usb/dwc3/gadget.c | 34 drivers/usb/gadget/function/f_midi.c | 17 drivers/usb/gadget/udc/renesas_usb3.c | 2 drivers/usb/host/pci-quirks.c | 9 drivers/usb/roles/class.c | 5 drivers/usb/serial/option.c | 49 drivers/vfio/pci/vfio_pci_rdwr.c | 1 drivers/vfio/platform/vfio_platform_common.c | 10 drivers/video/fbdev/omap/lcd_dma.c | 4 drivers/xen/swiotlb-xen.c | 20 fs/btrfs/file.c | 4 fs/nfs/sysfs.c | 6 fs/nfsd/nfs2acl.c | 2 fs/nfsd/nfs3acl.c | 2 fs/nfsd/nfs4callback.c | 7 fs/orangefs/orangefs-debugfs.c | 4 include/linux/blk-mq.h | 18 include/linux/cgroup-defs.h | 6 include/linux/efi.h | 1 include/linux/i8253.h | 1 include/linux/netdevice.h | 6 include/linux/sched/task.h | 1 include/net/l3mdev.h | 2 include/net/net_namespace.h | 15 include/net/route.h | 9 io_uring/kbuf.c | 15 kernel/cgroup/cgroup.c | 20 kernel/cgroup/rstat.c | 1 kernel/time/clocksource.c | 9 mm/gup.c | 14 net/ax25/af_ax25.c | 11 net/batman-adv/bat_v.c | 2 net/batman-adv/bat_v_elp.c | 122 + net/batman-adv/bat_v_elp.h | 2 net/batman-adv/types.h | 3 net/can/j1939/socket.c | 4 net/can/j1939/transport.c | 5 net/core/flow_dissector.c | 21 net/core/neighbour.c | 11 net/ipv4/arp.c | 4 net/ipv4/devinet.c | 3 net/ipv4/icmp.c | 31 net/ipv4/route.c | 39 net/ipv6/icmp.c | 42 net/ipv6/mcast.c | 45 net/ipv6/ndisc.c | 24 net/ipv6/route.c | 7 net/openvswitch/datapath.c | 12 net/vmw_vsock/af_vsock.c | 12 sound/soc/intel/boards/bytcr_rt5640.c | 17 tools/testing/selftests/gpio/gpio-sim.sh | 31 tools/testing/selftests/net/pmtu.sh | 112 + tools/testing/selftests/net/rtnetlink.sh | 4 tools/tracing/rtla/src/timerlat_hist.c | 8 tools/tracing/rtla/src/timerlat_top.c | 8 151 files changed, 2106 insertions(+), 844 deletions(-) Aaro Koskinen (1): fbdev: omap: use threaded IRQ for LCD DMA Aditya Kumar Singh (1): wifi: ath12k: fix handling of 6 GHz rules Alan Stern (1): USB: hub: Ignore non-compliant devices with too many configs or interfaces Alex Hung (1): drm/amd/display: Pass non-null to dcn20_validate_apply_pipe_split_flags Alexander Hölzl (1): can: j1939: j1939_sk_send_loop(): fix unable to send messages with data length zero Andrew Cooper (1): x86/static-call: Remove early_boot_irqs_disabled check to fix Xen PVH dom0 Andy Shevchenko (4): pinctrl: cy8c95x0: Respect IRQ trigger settings from firmware gpiolib: Fix crash on error in gpiochip_get_ngpios() serial: port: Assign ->iotype correctly when ->iobase is set serial: port: Always update ->iotype in __uart_read_properties() Andy Strohman (1): batman-adv: fix panic during interface removal Andy-ld Lu (1): mmc: mtk-sd: Fix register settings for hs400(es) mode Ard Biesheuvel (1): efi: Avoid cold plugged memory for placing the kernel Arnd Bergmann (1): media: cxd2841er: fix 64-bit division on gcc-9 Artur Weber (3): gpio: bcm-kona: Fix GPIO lock/unlock for banks above bank 0 gpio: bcm-kona: Make sure GPIO bits are unlocked when requesting IRQ gpio: bcm-kona: Add missing newline to dev_err format string Benjamin Marzinski (1): md/raid5: recheck if reshape has finished with device_lock held Charles Han (1): HID: multitouch: Add NULL check in mt_input_configured Chester A. Unal (1): USB: serial: option: add MeiG Smart SLM828 Christian Gmeiner (1): drm/v3d: Stop active perfmon if it is being destroyed Dai Ngo (1): NFSD: fix hang in nfsd4_shutdown_callback Dan Carpenter (2): HID: hid-steam: remove pointless error message HID: hid-steam: Fix cleanup in probe() David Woodhouse (1): x86/i8253: Disable PIT timer 0 when not in use Devarsh Thakkar (1): drm/tidss: Clear the interrupt status for interrupts being disabled Edward Adam Davis (1): media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread Elson Roy Serrao (1): usb: roles: set switch registered flag early on Eric Dumazet (21): ndisc: ndisc_send_redirect() must use dev_get_by_index_rcu() vrf: use RCU protection in l3mdev_l3_out() vxlan: check vxlan_vnigroup_init() return value team: better TEAM_OPTION_TYPE_STRING validation ipv4: add RCU protection to ip4_dst_hoplimit() net: add dev_net_rcu() helper ipv4: use RCU protection in ipv4_default_advmss() ipv4: use RCU protection in rt_is_expired() ipv4: use RCU protection in inet_select_addr() ipv4: use RCU protection in __ip_rt_update_pmtu() ipv4: icmp: convert to dev_net_rcu() flow_dissector: use RCU protection to fetch dev_net() ipv6: use RCU protection in ip6_default_advmss() ipv6: icmp: convert to dev_net_rcu() ndisc: use RCU protection in ndisc_alloc_skb() neighbour: use RCU protection in __neigh_notify() arp: use RCU protection in arp_xmit() openvswitch: use RCU protection in ovs_vport_cmd_fill_info() ndisc: extend RCU protection in ndisc_send_skb() ipv6: mcast: extend RCU protection in igmp6_send() ipv6: mcast: add RCU protection to mld_newpack() Fabio Porcedda (2): USB: serial: option: add Telit Cinterion FN990B compositions USB: serial: option: fix Telit Cinterion FN990A name Fabrice Gasnier (1): usb: dwc2: gadget: remove of_node reference upon udc_stop Fedor Pchelkin (1): can: ctucanfd: handle skb allocation failure Filipe Manana (1): btrfs: fix hole expansion when writing at an offset beyond EOF Greg Kroah-Hartman (2): Revert "vfio/platform: check the bounds of read/write syscalls" Linux 6.6.79 Guixin Liu (1): scsi: ufs: bsg: Set bsg_queue to NULL after removal Guo Ren (1): usb: gadget: udc: renesas_usb3: Fix compiler warning Hangbin Liu (2): netdevsim: print human readable IP address selftests: rtnetlink: update netdevsim ipsec output format Hans de Goede (2): ACPI: x86: Add skip i2c clients quirk for Vexia EDU ATLA 10 tablet 5V ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet 5V Huacai Chen (1): USB: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI Isaac Scott (3): media: uvcvideo: Implement dual stream quirk to fix loss of usb packets media: uvcvideo: Add new quirk definition for the Sonix Technology Co. 292a camera media: uvcvideo: Add Kurokesu C1 PRO camera Ivan Kokshaysky (3): alpha: make stack 16-byte aligned (most cases) alpha: align stack for page fault and user unaligned trap handlers alpha: replace hardcoded stack offsets with autogenerated ones Jann Horn (3): usb: cdc-acm: Check control transfer buffer size before access usb: cdc-acm: Fix handling of oversized fragments partitions: mac: fix handling of bogus partition table Jens Axboe (1): block: cleanup and fix batch completion adding conditions Jiang Liu (2): drm/amdgpu: bail out when failed to load fw in psp_init_cap_microcode() drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() Jiasheng Jiang (1): regmap-irq: Add missing kfree() Jiri Pirko (1): net: treat possible_net_t net pointer as an RCU one and add read_pnet_rcu() Johan Hovold (1): USB: serial: option: drop MeiG Smart defines John Keeping (2): usb: gadget: f_midi: fix MIDI Streaming descriptor lengths serial: 8250: Fix fifo underflow on flush Juergen Gross (2): xen/swiotlb: relax alignment requirements x86/xen: allow larger contiguous memory regions in PV guests Kartik Rajput (1): soc/tegra: fuse: Update Tegra234 nvmem keepout list Koichiro Den (1): selftests: gpio: gpio-sim: Fix missing chip disablements Krzysztof Karas (1): drm/i915/selftests: avoid using uninitialized context Krzysztof Kozlowski (1): can: c_can: fix unbalanced runtime PM disable in error path Kunihiko Hayashi (1): spi: sn-f-ospi: Fix division by zero Lei Huang (1): USB: quirks: add USB_QUIRK_NO_LPM quirk for Teclast dist Li Lingfeng (1): nfsd: clear acl_access/acl_default after releasing them Li Zetao (1): neighbour: delete redundant judgment statements Maksym Planeta (1): Grab mm lock before grabbing pt lock Marc Zyngier (1): arm64: Filter out SVE hwcaps when FEAT_SVE isn't implemented Marco Crivellari (1): LoongArch: Fix idle VS timer enqueue Marek Vasut (1): USB: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk Mario Limonciello (1): gpiolib: acpi: Add a quirk for Acer Nitro ANV14 Masahiro Yamada (1): tools: fix annoying "mkdir -p ..." logs when building tools in parallel Mathias Nyman (1): USB: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone Max Maisel (1): HID: hid-steam: Add Deck IMU support Michael Margolin (1): RDMA/efa: Reset device on probe failure Michal Luczaj (2): vsock: Keep the binding until socket destruction vsock: Orphan socket after transport release Mike Marshall (1): orangefs: fix a oob in orangefs_debug_write Muhammad Adeel (1): cgroup: Remove steal time from usage_usec Murad Masimov (1): ax25: Fix refcount leak caused by setting SO_BINDTODEVICE sockopt Nathan Chancellor (1): arm64: Handle .ARM.attributes section in linker scripts Pavel Begunkov (1): io_uring/kbuf: reallocate buf lists on upgrade Radu Rendec (1): arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array Rakesh Babu Saladi (1): PCI: switchtec: Add Microchip PCI100X device IDs Ramesh Thomas (1): vfio/pci: Enable iowrite64 and ioread64 for vfio pci Rik van Riel (1): x86/mm/tlb: Only trim the mm_cpumask once a second Sean Christopherson (3): KVM: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC isn't in-kernel KVM: nSVM: Enter guest mode before initializing nested NPT MMU perf/x86/intel: Ensure LBRs are disabled when a CPU is starting Selvarasu Ganesan (2): usb: gadget: f_midi: Fixing wMaxPacketSize exceeded issue during MIDI bind retries usb: dwc3: Fix timeout issue during controller enter/exit from halt state Shakeel Butt (1): cgroup: fix race between fork and cgroup.kill Song Yoong Siang (1): igc: Set buffer type for empty frames in igc_init_empty_frame Srinivasan Shanmugam (1): drm/amd/display: Add null check for head_pipe in dcn201_acquire_free_pipe_for_layer Stefan Eichenberger (1): usb: core: fix pipe creation for get_bMaxPacketSize0 Sven Eckelmann (2): batman-adv: Ignore neighbor throughput metrics in error case batman-adv: Drop unmanaged ELP metric worker Takashi Iwai (1): PCI/DPC: Quirk PIO log size for Intel Raptor Lake-P Thomas Weißschuh (1): kbuild: userprogs: fix bitsize and target detection on clang Tomas Glozar (2): rtla/timerlat_hist: Abort event processing on second signal rtla/timerlat_top: Abort event processing on second signal Tomi Valkeinen (4): media: i2c: ds90ub913: Add error handling to ub913_hw_init() media: i2c: ds90ub953: Add error handling for i2c reads/writes drm/tidss: Fix issue in irq handling causing irq-flood issue drm/rcar-du: dsi: Fix PHY lock bit check Tulio Fernandes (1): HID: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints() Varadarajan Narayanan (1): regulator: qcom_smd: Add l2, l5 sub-node to mp5496 regulator Vicki Pfau (8): HID: hid-steam: Avoid overwriting smoothing parameter HID: hid-steam: Disable watchdog instead of using a heartbeat HID: hid-steam: Clean up locking HID: hid-steam: Update list of identifiers from SDL HID: hid-steam: Add gamepad-only mode switched to by holding options HID: hid-steam: Make sure rumble work is canceled on removal HID: hid-steam: Move hidraw input (un)registering to work HID: hid-steam: Don't use cancel_delayed_work_sync in IRQ context Vincent Mailhol (1): can: etas_es58x: fix potential NULL pointer dereference on udev->serial Vladimir Vdovin (1): net: ipv4: Cache pmtu for all packet paths if multipath enabled Waiman Long (2): clocksource: Use pr_info() for "Checking clocksource synchronization" message clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context Wentao Liang (2): gpio: stmpe: Check return value of stmpe_reg_read in stmpe_gpio_irq_sync_unlock mlxsw: Add return value check for mlxsw_sp_port_get_stats_raw() Yu Kuai (5): md/md-bitmap: factor behind write counters out from bitmap_{start/end}write() md/md-bitmap: remove the last parameter for bimtap_ops->endwrite() md: add a new callback pers->bitmap_sector() md/raid5: implement pers->bitmap_sector() md/md-bitmap: move bitmap_{start, end}write to md upper layer Yuli Wang (1): LoongArch: csum: Fix OoB access in IP checksum code for negative lengths Zhaoyang Huang (1): mm: gup: fix infinite loop within __get_longterm_locked Zichen Xie (1): NFS: Fix potential buffer overflowin nfs_sysfs_link_rpc_client()

4 months, 3 weeks

1
1
0 0

Linux 6.1.129

by Greg Kroah-Hartman

I'm announcing the release of the 6.1.129 kernel. All users of the 6.1 kernel series must upgrade. The updated 6.1.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.1.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/devicetree/bindings/leds/leds-class-multicolor.yaml | 2 Documentation/devicetree/bindings/mfd/rohm,bd71815-pmic.yaml | 20 - Documentation/devicetree/bindings/mmc/mmc-controller.yaml | 2 Documentation/devicetree/bindings/regulator/mt6315-regulator.yaml | 6 Documentation/kbuild/kconfig.rst | 9 Makefile | 4 arch/alpha/include/uapi/asm/ptrace.h | 2 arch/alpha/kernel/asm-offsets.c | 2 arch/alpha/kernel/entry.S | 24 - arch/alpha/kernel/traps.c | 2 arch/alpha/mm/fault.c | 4 arch/arm/boot/dts/dra7-l4.dtsi | 2 arch/arm/boot/dts/mt7623.dtsi | 2 arch/arm/mach-at91/pm.c | 31 + arch/arm64/boot/dts/mediatek/mt8173-elm.dtsi | 29 - arch/arm64/boot/dts/mediatek/mt8173-evb.dts | 25 - arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi-damu.dts | 4 arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi-kenzo.dts | 15 arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi-willow.dtsi | 15 arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi.dtsi | 2 arch/arm64/boot/dts/mediatek/mt8192-asurada.dtsi | 3 arch/arm64/boot/dts/mediatek/mt8195-cherry.dtsi | 2 arch/arm64/boot/dts/mediatek/mt8195-demo.dts | 9 arch/arm64/boot/dts/mediatek/mt8195.dtsi | 2 arch/arm64/boot/dts/mediatek/mt8516.dtsi | 11 arch/arm64/boot/dts/mediatek/pumpkin-common.dtsi | 2 arch/arm64/boot/dts/nvidia/tegra234.dtsi | 6 arch/arm64/boot/dts/qcom/msm8916.dtsi | 2 arch/arm64/boot/dts/qcom/msm8994.dtsi | 11 arch/arm64/boot/dts/qcom/msm8996-xiaomi-gemini.dts | 2 arch/arm64/boot/dts/qcom/msm8996.dtsi | 9 arch/arm64/boot/dts/qcom/pm6150.dtsi | 2 arch/arm64/boot/dts/qcom/pm6150l.dtsi | 35 ++ arch/arm64/boot/dts/qcom/sc7180-idp.dts | 15 arch/arm64/boot/dts/qcom/sc7180-trogdor-coachz.dtsi | 1 arch/arm64/boot/dts/qcom/sc7180-trogdor-homestar.dtsi | 1 arch/arm64/boot/dts/qcom/sc7180-trogdor-pompom.dtsi | 7 arch/arm64/boot/dts/qcom/sc7180-trogdor-quackingstick.dtsi | 12 arch/arm64/boot/dts/qcom/sc7180-trogdor-wormdingler.dtsi | 12 arch/arm64/boot/dts/qcom/sc7180-trogdor.dtsi | 9 arch/arm64/boot/dts/qcom/sc7180.dtsi | 34 -- arch/arm64/boot/dts/qcom/sc7280.dtsi | 2 arch/arm64/boot/dts/qcom/sc8280xp.dtsi | 6 arch/arm64/boot/dts/qcom/sdm845.dtsi | 20 - arch/arm64/boot/dts/qcom/sm6125.dtsi | 2 arch/arm64/boot/dts/qcom/sm6350.dtsi | 4 arch/arm64/boot/dts/qcom/sm7225-fairphone-fp4.dts | 2 arch/arm64/boot/dts/qcom/sm8150-microsoft-surface-duo.dts | 4 arch/arm64/boot/dts/qcom/sm8250.dtsi | 30 - arch/arm64/boot/dts/qcom/sm8350.dtsi | 4 arch/arm64/boot/dts/qcom/sm8450.dtsi | 4 arch/arm64/boot/dts/rockchip/rk3399-puma.dtsi | 2 arch/arm64/boot/dts/ti/k3-am62-main.dtsi | 1 arch/arm64/boot/dts/ti/k3-am62a-main.dtsi | 1 arch/arm64/kernel/cacheinfo.c | 12 arch/arm64/kernel/vdso/vdso.lds.S | 1 arch/arm64/kernel/vmlinux.lds.S | 1 arch/arm64/mm/hugetlbpage.c | 12 arch/hexagon/include/asm/cmpxchg.h | 2 arch/hexagon/kernel/traps.c | 4 arch/m68k/include/asm/vga.h | 8 arch/mips/kernel/ftrace.c | 2 arch/mips/loongson64/boardinfo.c | 2 arch/mips/math-emu/cp1emu.c | 2 arch/powerpc/include/asm/hugetlb.h | 9 arch/powerpc/kvm/e500_mmu_host.c | 21 - arch/powerpc/platforms/pseries/eeh_pseries.c | 6 arch/s390/Makefile | 2 arch/s390/include/asm/futex.h | 2 arch/s390/kvm/vsie.c | 25 + arch/s390/purgatory/Makefile | 2 arch/x86/boot/compressed/Makefile | 1 arch/x86/events/intel/core.c | 5 arch/x86/include/asm/kexec.h | 18 - arch/x86/include/asm/mmu.h | 2 arch/x86/include/asm/mmu_context.h | 1 arch/x86/include/asm/msr-index.h | 3 arch/x86/include/asm/tlbflush.h | 1 arch/x86/kernel/amd_nb.c | 4 arch/x86/kernel/i8253.c | 11 arch/x86/kernel/machine_kexec_64.c | 45 +- arch/x86/kernel/static_call.c | 1 arch/x86/kvm/hyperv.c | 6 arch/x86/kvm/mmu/mmu.c | 2 arch/x86/kvm/svm/nested.c | 10 arch/x86/mm/tlb.c | 35 +- arch/x86/xen/mmu_pv.c | 79 +++- arch/x86/xen/xen-head.S | 5 block/blk-cgroup.c | 1 block/fops.c | 5 block/genhd.c | 22 + block/partitions/ldm.h | 2 block/partitions/mac.c | 18 - drivers/acpi/apei/ghes.c | 10 drivers/acpi/fan_core.c | 10 drivers/acpi/prmt.c | 4 drivers/acpi/property.c | 10 drivers/ata/libata-sff.c | 18 - drivers/base/regmap/regmap-irq.c | 2 drivers/block/nbd.c | 1 drivers/char/ipmi/ipmb_dev_int.c | 3 drivers/clk/analogbits/wrpll-cln28hpc.c | 2 drivers/clk/imx/clk-imx8mp.c | 5 drivers/clk/qcom/clk-alpha-pll.c | 2 drivers/clk/qcom/clk-rpmh.c | 2 drivers/clk/qcom/dispcc-sm6350.c | 7 drivers/clk/qcom/gcc-mdm9607.c | 2 drivers/clk/qcom/gcc-sdm845.c | 32 - drivers/clk/qcom/gcc-sm6350.c | 22 - drivers/clk/sunxi-ng/ccu-sun50i-a100.c | 6 drivers/clocksource/i8253.c | 13 drivers/cpufreq/acpi-cpufreq.c | 36 +- drivers/cpufreq/s3c64xx-cpufreq.c | 11 drivers/crypto/hisilicon/sec2/sec.h | 3 drivers/crypto/hisilicon/sec2/sec_crypto.c | 168 ++++------ drivers/crypto/hisilicon/sec2/sec_crypto.h | 11 drivers/crypto/ixp4xx_crypto.c | 3 drivers/crypto/qce/aead.c | 2 drivers/crypto/qce/core.c | 13 drivers/crypto/qce/sha.c | 2 drivers/crypto/qce/skcipher.c | 2 drivers/dma/ti/edma.c | 3 drivers/firmware/Kconfig | 2 drivers/firmware/efi/efi.c | 6 drivers/firmware/efi/libstub/Makefile | 2 drivers/firmware/efi/libstub/randomalloc.c | 3 drivers/firmware/efi/libstub/relocate.c | 3 drivers/firmware/efi/sysfb_efi.c | 2 drivers/gpio/gpio-bcm-kona.c | 71 +++- drivers/gpio/gpio-mxc.c | 3 drivers/gpio/gpio-pca953x.c | 19 - drivers/gpio/gpio-stmpe.c | 15 drivers/gpio/gpio-xilinx.c | 56 +-- drivers/gpio/gpiolib-acpi.c | 14 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 6 drivers/gpu/drm/amd/display/dc/clk_mgr/dcn30/dcn30_clk_mgr.c | 8 drivers/gpu/drm/amd/display/dc/clk_mgr/dcn32/dcn32_clk_mgr.c | 8 drivers/gpu/drm/amd/display/dc/core/dc_link.c | 2 drivers/gpu/drm/amd/display/dc/dce/dmub_hw_lock_mgr.c | 3 drivers/gpu/drm/amd/display/dc/dcn30/dcn30_resource.c | 3 drivers/gpu/drm/amd/display/dc/dcn31/dcn31_resource.c | 5 drivers/gpu/drm/amd/display/dc/dcn314/dcn314_resource.c | 5 drivers/gpu/drm/amd/display/dc/dcn315/dcn315_resource.c | 2 drivers/gpu/drm/amd/display/dc/dcn316/dcn316_resource.c | 2 drivers/gpu/drm/amd/display/dc/dcn32/dcn32_resource.c | 5 drivers/gpu/drm/amd/display/dc/dcn321/dcn321_resource.c | 2 drivers/gpu/drm/amd/pm/powerplay/hwmgr/ppatomctrl.c | 2 drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c | 3 drivers/gpu/drm/amd/pm/swsmu/smu13/aldebaran_ppt.c | 1 drivers/gpu/drm/arm/display/komeda/komeda_wb_connector.c | 4 drivers/gpu/drm/bridge/ite-it6505.c | 65 ++- drivers/gpu/drm/display/drm_dp_cec.c | 14 drivers/gpu/drm/drm_fb_helper.c | 14 drivers/gpu/drm/etnaviv/etnaviv_gem.c | 16 drivers/gpu/drm/i915/display/skl_universal_plane.c | 4 drivers/gpu/drm/i915/gt/uc/intel_guc_submission.c | 20 - drivers/gpu/drm/i915/selftests/i915_gem_gtt.c | 4 drivers/gpu/drm/msm/dp/dp_audio.c | 2 drivers/gpu/drm/rockchip/cdn-dp-core.c | 9 drivers/gpu/drm/rockchip/rockchip_drm_drv.h | 1 drivers/gpu/drm/rockchip/rockchip_drm_vop2.c | 120 +++++-- drivers/gpu/drm/rockchip/rockchip_drm_vop2.h | 1 drivers/gpu/drm/tidss/tidss_dispc.c | 22 - drivers/gpu/drm/v3d/v3d_perfmon.c | 5 drivers/gpu/drm/virtio/virtgpu_drv.h | 7 drivers/gpu/drm/virtio/virtgpu_plane.c | 58 ++- drivers/hid/hid-core.c | 2 drivers/hid/hid-multitouch.c | 7 drivers/hid/hid-sensor-hub.c | 21 - drivers/hid/hid-thrustmaster.c | 8 drivers/hid/wacom_wac.c | 5 drivers/i2c/i2c-core-acpi.c | 22 + drivers/i3c/master.c | 2 drivers/i3c/master/i3c-master-cdns.c | 1 drivers/iio/light/as73211.c | 24 + drivers/infiniband/hw/cxgb4/device.c | 6 drivers/infiniband/hw/efa/efa_main.c | 9 drivers/infiniband/hw/mlx4/main.c | 6 drivers/infiniband/hw/mlx5/odp.c | 32 - drivers/infiniband/sw/rxe/rxe_pool.c | 11 drivers/infiniband/ulp/srp/ib_srp.c | 1 drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 17 - drivers/irqchip/irq-apple-aic.c | 3 drivers/leds/leds-lp8860.c | 2 drivers/leds/leds-netxbig.c | 1 drivers/mailbox/tegra-hsp.c | 6 drivers/md/dm-crypt.c | 27 - drivers/media/dvb-frontends/cxd2841er.c | 8 drivers/media/i2c/ccs/ccs-core.c | 6 drivers/media/i2c/ccs/ccs-data.c | 14 drivers/media/i2c/imx412.c | 42 +- drivers/media/i2c/ov5640.c | 1 drivers/media/i2c/ov9282.c | 2 drivers/media/platform/marvell/mcam-core.c | 7 drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c | 7 drivers/media/platform/samsung/exynos4-is/mipi-csis.c | 10 drivers/media/platform/samsung/s3c-camif/camif-core.c | 13 drivers/media/rc/iguanair.c | 4 drivers/media/test-drivers/vidtv/vidtv_bridge.c | 8 drivers/media/usb/dvb-usb-v2/lmedm04.c | 12 drivers/media/usb/uvc/uvc_ctrl.c | 8 drivers/media/usb/uvc/uvc_driver.c | 70 +--- drivers/media/usb/uvc/uvc_queue.c | 3 drivers/media/usb/uvc/uvc_status.c | 1 drivers/media/v4l2-core/v4l2-mc.c | 2 drivers/memory/tegra/tegra20-emc.c | 8 drivers/mfd/lpc_ich.c | 3 drivers/mfd/syscon.c | 81 +++- drivers/misc/cardreader/rtsx_usb.c | 15 drivers/misc/fastrpc.c | 8 drivers/mmc/core/sdio.c | 2 drivers/mmc/host/mtk-sd.c | 31 + drivers/mmc/host/sdhci-msm.c | 53 +++ drivers/mtd/hyperbus/hbmc-am654.c | 25 - drivers/mtd/nand/onenand/onenand_base.c | 1 drivers/net/can/c_can/c_can_platform.c | 5 drivers/net/can/ctucanfd/ctucanfd_base.c | 10 drivers/net/ethernet/aquantia/atlantic/aq_nic.c | 4 drivers/net/ethernet/broadcom/bgmac.h | 3 drivers/net/ethernet/broadcom/tg3.c | 58 +++ drivers/net/ethernet/davicom/dm9000.c | 3 drivers/net/ethernet/freescale/fec_main.c | 31 + drivers/net/ethernet/hisilicon/hns3/hnae3.c | 15 drivers/net/ethernet/hisilicon/hns3/hnae3.h | 2 drivers/net/ethernet/hisilicon/hns3/hns3_enet.c | 2 drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 2 drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 2 drivers/net/ethernet/intel/iavf/iavf_main.c | 19 + drivers/net/ethernet/mellanox/mlx5/core/lib/clock.c | 24 - drivers/net/ethernet/mellanox/mlxfw/mlxfw_fsm.c | 2 drivers/net/ethernet/mellanox/mlxsw/spectrum_ethtool.c | 4 drivers/net/ethernet/renesas/sh_eth.c | 4 drivers/net/ethernet/ti/am65-cpsw-nuss.c | 2 drivers/net/netdevsim/ipsec.c | 12 drivers/net/netdevsim/netdevsim.h | 1 drivers/net/netdevsim/udp_tunnels.c | 23 - drivers/net/phy/nxp-c45-tja11xx.c | 2 drivers/net/team/team.c | 11 drivers/net/tun.c | 2 drivers/net/usb/rtl8150.c | 22 + drivers/net/vxlan/vxlan_core.c | 7 drivers/net/vxlan/vxlan_vnifilter.c | 5 drivers/net/wireless/ath/ath11k/dp_rx.c | 1 drivers/net/wireless/ath/ath11k/hal_rx.c | 3 drivers/net/wireless/ath/wcn36xx/main.c | 5 drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c | 5 drivers/net/wireless/broadcom/brcm80211/brcmfmac/of.c | 8 drivers/net/wireless/broadcom/brcm80211/brcmsmac/phy/phy_n.c | 3 drivers/net/wireless/intel/iwlwifi/fw/acpi.c | 13 drivers/net/wireless/mediatek/mt76/mt7915/mmio.c | 2 drivers/net/wireless/mediatek/mt76/mt7921/main.c | 8 drivers/net/wireless/mediatek/mt76/usb.c | 4 drivers/net/wireless/realtek/rtlwifi/base.c | 29 - drivers/net/wireless/realtek/rtlwifi/base.h | 2 drivers/net/wireless/realtek/rtlwifi/pci.c | 66 --- drivers/net/wireless/realtek/rtlwifi/rtl8192se/sw.c | 7 drivers/net/wireless/realtek/rtlwifi/rtl8821ae/fw.h | 4 drivers/net/wireless/realtek/rtlwifi/usb.c | 12 drivers/net/wireless/realtek/rtlwifi/wifi.h | 23 - drivers/net/wireless/ti/wlcore/main.c | 10 drivers/net/wwan/iosm/iosm_ipc_pcie.c | 56 +++ drivers/nvme/host/core.c | 16 drivers/nvme/host/ioctl.c | 8 drivers/nvme/host/pci.c | 4 drivers/nvmem/core.c | 2 drivers/nvmem/qcom-spmi-sdam.c | 1 drivers/of/base.c | 8 drivers/of/of_reserved_mem.c | 7 drivers/opp/core.c | 156 +++++++-- drivers/opp/of.c | 4 drivers/parport/parport_pc.c | 5 drivers/pci/controller/pcie-rcar-ep.c | 2 drivers/pci/endpoint/functions/pci-epf-test.c | 51 +-- drivers/pci/endpoint/pci-epc-core.c | 2 drivers/pci/endpoint/pci-epf-core.c | 1 drivers/pci/quirks.c | 12 drivers/pci/switch/switchtec.c | 26 + drivers/pinctrl/pinctrl-cy8c95x0.c | 2 drivers/pinctrl/samsung/pinctrl-samsung.c | 2 drivers/pinctrl/stm32/pinctrl-stm32.c | 105 ++++-- drivers/platform/x86/acer-wmi.c | 4 drivers/platform/x86/intel/int3472/discrete.c | 3 drivers/platform/x86/intel/int3472/tps68470.c | 3 drivers/pps/clients/pps-gpio.c | 4 drivers/pps/clients/pps-ktimer.c | 4 drivers/pps/clients/pps-ldisc.c | 6 drivers/pps/clients/pps_parport.c | 4 drivers/pps/kapi.c | 10 drivers/pps/kc.c | 10 drivers/pps/pps.c | 127 +++---- drivers/ptp/ptp_chardev.c | 4 drivers/ptp/ptp_clock.c | 8 drivers/ptp/ptp_ocp.c | 2 drivers/pwm/pwm-stm32-lp.c | 8 drivers/pwm/pwm-stm32.c | 7 drivers/regulator/core.c | 2 drivers/regulator/of_regulator.c | 14 drivers/remoteproc/remoteproc_core.c | 14 drivers/rtc/rtc-pcf85063.c | 11 drivers/rtc/rtc-zynqmp.c | 4 drivers/scsi/mpt3sas/mpt3sas_base.c | 3 drivers/scsi/qla2xxx/qla_def.h | 2 drivers/scsi/qla2xxx/qla_dfs.c | 124 ++++++- drivers/scsi/qla2xxx/qla_gbl.h | 3 drivers/scsi/qla2xxx/qla_init.c | 28 + drivers/scsi/storvsc_drv.c | 1 drivers/soc/atmel/soc.c | 2 drivers/soc/qcom/smem_state.c | 3 drivers/soc/qcom/socinfo.c | 2 drivers/spi/spi-zynq-qspi.c | 13 drivers/staging/media/imx/imx-media-of.c | 8 drivers/staging/media/max96712/max96712.c | 4 drivers/tty/serial/8250/8250.h | 2 drivers/tty/serial/8250/8250_dma.c | 16 drivers/tty/serial/8250/8250_pci.c | 10 drivers/tty/serial/8250/8250_port.c | 41 ++ drivers/tty/serial/sh-sci.c | 25 + drivers/tty/serial/xilinx_uartps.c | 10 drivers/ufs/core/ufs_bsg.c | 2 drivers/usb/chipidea/ci_hdrc_imx.c | 31 + drivers/usb/class/cdc-acm.c | 28 + drivers/usb/core/hub.c | 14 drivers/usb/core/quirks.c | 6 drivers/usb/dwc2/gadget.c | 1 drivers/usb/dwc3/core.c | 30 + drivers/usb/dwc3/dwc3-am62.c | 1 drivers/usb/dwc3/gadget.c | 34 ++ drivers/usb/gadget/function/f_midi.c | 8 drivers/usb/gadget/function/f_tcm.c | 66 +-- drivers/usb/gadget/udc/renesas_usb3.c | 2 drivers/usb/host/pci-quirks.c | 9 drivers/usb/host/xhci-ring.c | 3 drivers/usb/roles/class.c | 5 drivers/usb/serial/option.c | 49 +- drivers/usb/typec/tcpm/tcpci.c | 13 drivers/usb/typec/tcpm/tcpm.c | 10 drivers/vfio/iova_bitmap.c | 2 drivers/vfio/pci/vfio_pci_rdwr.c | 1 drivers/vfio/platform/vfio_platform_common.c | 10 drivers/video/fbdev/omap/lcd_dma.c | 4 drivers/video/fbdev/omap2/omapfb/dss/dss-of.c | 1 drivers/xen/swiotlb-xen.c | 20 - fs/afs/dir.c | 7 fs/afs/xdr_fs.h | 2 fs/afs/yfsclient.c | 5 fs/binfmt_flat.c | 2 fs/btrfs/file.c | 6 fs/btrfs/inode.c | 4 fs/btrfs/relocation.c | 14 fs/btrfs/super.c | 2 fs/btrfs/transaction.c | 4 fs/cachefiles/interface.c | 14 fs/cachefiles/ondemand.c | 30 + fs/exec.c | 29 + fs/f2fs/dir.c | 53 ++- fs/f2fs/f2fs.h | 6 fs/f2fs/file.c | 13 fs/f2fs/inline.c | 5 fs/file_table.c | 2 fs/nfs/flexfilelayout/flexfilelayout.c | 27 + fs/nfs/nfs42proc.c | 2 fs/nfs/nfs42xdr.c | 2 fs/nfsd/nfs2acl.c | 2 fs/nfsd/nfs3acl.c | 2 fs/nfsd/nfs4callback.c | 8 fs/nilfs2/inode.c | 10 fs/nilfs2/mdt.c | 6 fs/nilfs2/page.c | 55 +-- fs/nilfs2/page.h | 4 fs/nilfs2/segment.c | 4 fs/ocfs2/dir.c | 25 + fs/ocfs2/quota_global.c | 5 fs/ocfs2/super.c | 2 fs/ocfs2/symlink.c | 5 fs/orangefs/orangefs-debugfs.c | 4 fs/proc/array.c | 2 fs/pstore/blk.c | 4 fs/select.c | 4 fs/smb/client/cifsglob.h | 14 fs/smb/client/smb1ops.c | 2 fs/smb/client/smb2ops.c | 21 - fs/smb/client/smb2pdu.c | 2 fs/smb/client/smb2proto.h | 2 fs/smb/server/transport_ipc.c | 9 fs/ubifs/debug.c | 22 - fs/xfs/xfs_inode.c | 7 fs/xfs/xfs_qm_bhv.c | 41 +- fs/xfs/xfs_super.c | 11 include/linux/binfmts.h | 4 include/linux/cgroup-defs.h | 6 include/linux/efi.h | 1 include/linux/i8253.h | 1 include/linux/ieee80211.h | 11 include/linux/iommu.h | 2 include/linux/kallsyms.h | 2 include/linux/kvm_host.h | 9 include/linux/mfd/syscon.h | 33 + include/linux/mlx5/driver.h | 1 include/linux/netdevice.h | 8 include/linux/pci_ids.h | 4 include/linux/pm_opp.h | 62 ++- include/linux/pps_kernel.h | 3 include/linux/sched.h | 4 include/linux/sched/task.h | 1 include/linux/usb/tcpm.h | 3 include/net/ax25.h | 10 include/net/inetpeer.h | 12 include/net/l3mdev.h | 2 include/net/net_namespace.h | 15 include/net/route.h | 9 include/net/sch_generic.h | 2 include/rv/da_monitor.h | 4 include/uapi/linux/input-event-codes.h | 1 include/ufs/ufs.h | 4 io_uring/io_uring.c | 5 io_uring/net.c | 5 io_uring/poll.c | 4 io_uring/rw.c | 10 kernel/cgroup/cgroup.c | 20 - kernel/cgroup/rstat.c | 1 kernel/debug/kdb/kdb_io.c | 2 kernel/irq/internals.h | 9 kernel/padata.c | 45 ++ kernel/power/hibernate.c | 7 kernel/printk/printk.c | 2 kernel/sched/core.c | 8 kernel/sched/cpufreq_schedutil.c | 4 kernel/sched/fair.c | 17 - kernel/sched/stats.h | 22 - kernel/time/clocksource.c | 9 kernel/trace/bpf_trace.c | 2 lib/Kconfig.debug | 8 lib/maple_tree.c | 22 - mm/gup.c | 14 mm/kfence/core.c | 2 mm/kmemleak.c | 2 net/ax25/af_ax25.c | 23 + net/ax25/ax25_dev.c | 4 net/ax25/ax25_ip.c | 3 net/ax25/ax25_out.c | 22 + net/ax25/ax25_route.c | 2 net/batman-adv/bat_v.c | 2 net/batman-adv/bat_v_elp.c | 122 +++++-- net/batman-adv/bat_v_elp.h | 2 net/batman-adv/types.h | 3 net/bluetooth/l2cap_sock.c | 7 net/bluetooth/mgmt.c | 12 net/can/j1939/socket.c | 4 net/can/j1939/transport.c | 5 net/core/filter.c | 2 net/core/flow_dissector.c | 21 - net/core/neighbour.c | 11 net/core/sysctl_net_core.c | 5 net/dsa/slave.c | 7 net/ethtool/netlink.c | 2 net/hsr/hsr_forward.c | 7 net/ipv4/arp.c | 4 net/ipv4/devinet.c | 3 net/ipv4/icmp.c | 40 +- net/ipv4/inetpeer.c | 31 - net/ipv4/ip_fragment.c | 15 net/ipv4/ipmr_base.c | 3 net/ipv4/route.c | 56 ++- net/ipv4/tcp_cubic.c | 8 net/ipv4/udp.c | 4 net/ipv6/icmp.c | 6 net/ipv6/ip6_output.c | 6 net/ipv6/mcast.c | 14 net/ipv6/ndisc.c | 32 + net/ipv6/route.c | 7 net/ipv6/udp.c | 4 net/mac80211/debugfs_netdev.c | 2 net/mptcp/options.c | 13 net/mptcp/pm_netlink.c | 3 net/mptcp/protocol.c | 5 net/mptcp/protocol.h | 30 - net/ncsi/internal.h | 2 net/ncsi/ncsi-cmd.c | 3 net/ncsi/ncsi-manage.c | 38 +- net/ncsi/ncsi-pkt.h | 10 net/ncsi/ncsi-rsp.c | 58 ++- net/netfilter/nf_tables_api.c | 8 net/netfilter/nft_flow_offload.c | 16 net/nfc/nci/hci.c | 2 net/openvswitch/datapath.c | 12 net/rose/af_rose.c | 40 +- net/rose/rose_timer.c | 15 net/sched/sch_api.c | 4 net/sched/sch_netem.c | 2 net/sched/sch_sfq.c | 56 +-- net/smc/af_smc.c | 2 net/smc/smc_rx.c | 37 +- net/smc/smc_rx.h | 8 net/tipc/crypto.c | 4 net/wireless/scan.c | 35 ++ net/xfrm/xfrm_replay.c | 10 samples/landlock/sandboxer.c | 7 scripts/Makefile.extrawarn | 5 scripts/Makefile.lib | 4 scripts/genksyms/genksyms.c | 11 scripts/genksyms/genksyms.h | 2 scripts/genksyms/parse.y | 18 - scripts/kconfig/conf.c | 6 scripts/kconfig/confdata.c | 102 +++--- scripts/kconfig/lkc_proto.h | 2 scripts/kconfig/symbol.c | 10 security/landlock/fs.c | 11 security/safesetid/securityfs.c | 3 security/tomoyo/common.c | 2 sound/pci/hda/hda_auto_parser.c | 8 sound/pci/hda/hda_auto_parser.h | 1 sound/pci/hda/patch_realtek.c | 3 sound/soc/amd/Kconfig | 2 sound/soc/amd/yc/acp6x-mach.c | 28 + sound/soc/intel/avs/apl.c | 2 sound/soc/intel/boards/bytcr_rt5640.c | 17 - sound/soc/rockchip/rockchip_i2s_tdm.c | 31 + sound/soc/sh/rz-ssi.c | 3 sound/soc/soc-pcm.c | 31 + sound/soc/sunxi/sun4i-spdif.c | 7 sound/usb/quirks.c | 2 tools/bootconfig/main.c | 4 tools/lib/bpf/linker.c | 22 - tools/lib/bpf/usdt.c | 2 tools/power/cpupower/utils/idle_monitor/mperf_monitor.c | 15 tools/testing/ktest/ktest.pl | 7 tools/testing/selftests/bpf/test_tc_tunnel.sh | 1 tools/testing/selftests/drivers/net/netdevsim/udp_tunnel_nic.sh | 16 tools/testing/selftests/gpio/gpio-sim.sh | 31 + tools/testing/selftests/kselftest_harness.h | 24 - tools/testing/selftests/landlock/fs_test.c | 3 tools/testing/selftests/net/ipsec.c | 3 tools/testing/selftests/net/mptcp/mptcp_connect.c | 2 tools/testing/selftests/net/pmtu.sh | 112 +++++- tools/testing/selftests/net/rtnetlink.sh | 4 tools/testing/selftests/net/udpgso.c | 26 + tools/testing/selftests/powerpc/benchmarks/gettimeofday.c | 2 tools/testing/selftests/timers/clocksource-switch.c | 6 tools/tracing/rtla/src/osnoise.c | 2 tools/tracing/rtla/src/timerlat_hist.c | 19 + tools/tracing/rtla/src/timerlat_top.c | 20 + tools/tracing/rtla/src/trace.c | 8 tools/tracing/rtla/src/trace.h | 1 543 files changed, 4579 insertions(+), 2310 deletions(-) Aaro Koskinen (1): fbdev: omap: use threaded IRQ for LCD DMA Ahmad Fatoum (1): gpio: mxc: remove dead code after switch to DT-only Alan Stern (2): HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections USB: hub: Ignore non-compliant devices with too many configs or interfaces Alex Williamson (1): vfio/platform: check the bounds of read/write syscalls Alexander Hölzl (1): can: j1939: j1939_sk_send_loop(): fix unable to send messages with data length zero Alexander Stein (1): regulator: core: Add missing newline character Alexander Sverdlin (1): leds: lp8860: Write full EEPROM, not only half of it Amit Pundir (1): clk: qcom: gcc-sdm845: Do not use shared clk_ops for QUPs Anandu Krishnan E (1): misc: fastrpc: Deregister device nodes properly in error scenarios Anastasia Belova (1): clk: qcom: clk-rpmh: prevent integer overflow in recalc_rate Andreas Kemnade (1): wifi: wlcore: fix unbalanced pm_runtime calls Andrew Cooper (1): x86/static-call: Remove early_boot_irqs_disabled check to fix Xen PVH dom0 Andrii Nakryiko (1): libbpf: don't adjust USDT semaphore address if .stapsdt.base addr is missing Andy Shevchenko (2): ACPI: property: Fix return value for nval == 0 in acpi_data_prop_read() pinctrl: cy8c95x0: Respect IRQ trigger settings from firmware Andy Strohman (1): batman-adv: fix panic during interface removal Andy Yan (6): drm/rockchip: vop2: Fix cluster windows alpha ctrl regsiters offset drm/rockchip: vop2: Fix the mixer alpha setup for layer 0 drm/rockchip: vop2: Set YUV/RGB overlay mode drm/rockchip: vop2: set bg dly and prescan dly at vop2_post_config drm/rockchip: vop2: Fix the windows switch between different layers drm/rockchip: vop2: Check linear format for Cluster windows on rk3566/8 Andy-ld Lu (1): mmc: mtk-sd: Fix register settings for hs400(es) mode Anshuman Khandual (1): arm64/mm: Ensure adequate HUGE_MAX_HSTATE Antoine Tenart (1): net: avoid race between device unregistration and ethnl ops Antonio Borneo (1): pinctrl: stm32: fix array read out of bound Ard Biesheuvel (1): efi: Avoid cold plugged memory for placing the kernel Armin Wolf (1): platform/x86: acer-wmi: Ignore AC events Arnaud Pouliquen (1): remoteproc: core: Fix ida_free call while not allocated Arnd Bergmann (1): media: cxd2841er: fix 64-bit division on gcc-9 Artur Weber (3): gpio: bcm-kona: Fix GPIO lock/unlock for banks above bank 0 gpio: bcm-kona: Make sure GPIO bits are unlocked when requesting IRQ gpio: bcm-kona: Add missing newline to dev_err format string Aubrey Li (1): ACPI: PRM: Remove unnecessary strict handler address checks Ba Jing (1): ktest.pl: Remove unused declarations in run_bisect_test function Balaji Pothunoori (1): wifi: ath11k: Fix unexpected return buffer manager error for WCN6750/WCN6855 Bao D. Nguyen (1): scsi: ufs: core: Fix the HIGH/LOW_TEMP Bit Definitions Barnabás Czémán (1): wifi: wcn36xx: fix channel survey memory allocation size Bartosz Golaszewski (3): crypto: qce - fix goto jump in error path crypto: qce - unregister previously registered algos in error path gpio: xilinx: remove excess kernel doc Bitterblue Smith (1): wifi: rtlwifi: rtl8821ae: Fix media status report Bo Gan (1): clk: analogbits: Fix incorrect calculation of vco rate delta Borislav Petkov (1): APEI: GHES: Have GHES honor the panic= setting Brad Griffis (1): arm64: tegra: Fix Tegra234 PCIe interrupt-map Bryan Brattlof (2): arm64: dts: ti: k3-am62: Remove duplicate GICR reg arm64: dts: ti: k3-am62a: Remove duplicate GICR reg Bryan O'Donoghue (1): arm64: dts: qcom: sc7180: Add compat qcom,sc7180-dsi-ctrl Calvin Owens (1): pps: Fix a use-after-free Carlos Llamas (1): lockdep: Fix upper limit for LOCKDEP_*_BITS configs Catalin Marinas (1): mm: kmemleak: fix upper boundary check for physical address objects Cezary Rojewski (1): ASoC: Intel: avs: Fix theoretical infinite loop Chao Yu (1): f2fs: fix to wait dio completion Charles Han (2): ipmi: ipmb: Add check devm_kasprintf() returned value HID: multitouch: Add NULL check in mt_input_configured Chen Ni (2): pinctrl: stm32: Add check for devm_kcalloc media: lmedm04: Handle errors for lme2510_int_read Chen Ridong (3): padata: fix UAF in padata_reorder padata: add pd get/put refcnt helper padata: avoid UAF for reorder_work Chen-Yu Tsai (9): regulator: dt-bindings: mt6315: Drop regulator-compatible property arm64: dts: mediatek: mt8173-evb: Drop regulator-compatible property arm64: dts: mediatek: mt8173-elm: Drop regulator-compatible property arm64: dts: mediatek: mt8192-asurada: Drop regulator-compatible property arm64: dts: mediatek: mt8195-cherry: Drop regulator-compatible property arm64: dts: mediatek: mt8195-demo: Drop regulator-compatible property arm64: dts: mediatek: mt8173-elm: Fix MT6397 PMIC sub-node names arm64: dts: mediatek: mt8173-evb: Fix MT6397 PMIC sub-node names arm64: dts: mediatek: mt8183-kukui-jacuzzi: Drop pp3300_panel voltage settings Chenghai Huang (1): crypto: hisilicon/sec2 - optimize the error return process Chengming Zhou (1): sched/psi: Use task->psi_flags to clear in CPU migration Chenyuan Yang (1): net: davicom: fix UAF in dm9000_drv_remove Chester A. Unal (1): USB: serial: option: add MeiG Smart SLM828 Christian Gmeiner (1): drm/v3d: Stop active perfmon if it is being destroyed Christophe Leroy (1): select: Fix unbalanced user_access_end() Chuck Lever (1): NFSD: Reset cb_seq_status after NFS4ERR_DELAY Claudiu Beznea (3): ASoC: renesas: rz-ssi: Use only the proper amount of dividers serial: sh-sci: Drop __initdata macro for port_cfg serial: sh-sci: Do not probe the serial port if its slot in sci_ports[] is in use Cody Eksal (1): clk: sunxi-ng: a100: enable MMC clock reparenting Cong Wang (1): netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() Cosmin Tanislav (1): media: mc: fix endpoint iteration Dai Ngo (1): NFSD: fix hang in nfsd4_shutdown_callback Damien Le Moal (1): PCI: epf-test: Simplify DMA support checks Dan Carpenter (6): rdma/cxgb4: Prevent potential integer overflow on 32bit media: imx-jpeg: Fix potential error pointer dereference in detach_pm() tipc: re-order conditions in tipc_crypto_key_rcv() binfmt_flat: Fix integer overflow bug on 32 bit systems ksmbd: fix integer overflows on 32 bit systems NFC: nci: Add bounds checking in nci_hci_create_pipe() Daniel Lee (1): f2fs: Introduce linear search for dentries Daniel Wagner (1): nvme: handle connectivity loss in nvme_set_queue_count Daniel Xu (1): bpf: tcp: Mark bpf_load_hdr_opt() arg2 as read-write Daniele Ceraolo Spurio (1): drm/i915/guc: Debug print LRC state entries only if the context is pinned Darrick J. Wong (2): xfs: report realtime block quota limits on realtime directories xfs: don't over-report free space or inodes in statvfs Dave Stevenson (1): media: i2c: ov9282: Correct the exposure offset David Hildenbrand (1): KVM: s390: vsie: fix some corner-cases when grabbing vsie pages David Howells (3): afs: Fix EEXIST error returned from afs_rmdir() to be ENOTEMPTY afs: Fix directory format encoding struct afs: Fix the fallback handling for the YFS.RemoveFile2 RPC call David Woodhouse (2): x86/kexec: Allocate PGD for x86_64 transition page tables separately x86/i8253: Disable PIT timer 0 when not in use Detlev Casanova (1): ASoC: rockchip: i2s_tdm: Re-add the set_sysclk callback Devarsh Thakkar (1): drm/tidss: Clear the interrupt status for interrupts being disabled Dheeraj Reddy Jonnalagadda (1): net: fec: implement TSO descriptor cleanup Dmitry Antipov (4): wifi: rtlwifi: remove unused timer and related code wifi: rtlwifi: remove unused dualmac control leftovers wifi: cfg80211: adjust allocation of colocated AP data wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() Dmitry Baryshkov (8): drm/msm/dp: set safe_to_exit_level before printing it arm64: dts: qcom: msm8916: correct sleep clock frequency arm64: dts: qcom: msm8994: correct sleep clock frequency arm64: dts: qcom: sc7280: correct sleep clock frequency arm64: dts: qcom: sm6125: correct sleep clock frequency arm64: dts: qcom: sm8250: correct sleep clock frequency arm64: dts: qcom: sm8350: correct sleep clock frequency arm64: dts: qcom: sm8450: correct sleep clock frequency Dmitry V. Levin (1): selftests: harness: fix printing of mismatch values in __EXPECT() Dongwon Kim (1): drm/virtio: New fence for every plane update Edson Juliano Drosdeck (1): ALSA: hda/realtek: Enable headset mic on Positivo C6400 Edward Adam Davis (1): media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread Ekansh Gupta (2): misc: fastrpc: Fix registered buffer page address misc: fastrpc: Fix copy buffer page size Elson Roy Serrao (1): usb: roles: set switch registered flag early on Eric Biggers (1): crypto: qce - fix priority to be less than ARMv8 CE Eric Dumazet (30): net_sched: sch_sfq: annotate data-races around q->perturb_period net_sched: sch_sfq: handle bigger packets inetpeer: remove create argument of inet_getpeer_v[46]() inetpeer: remove create argument of inet_getpeer() inetpeer: update inetpeer timestamp in inet_getpeer() inetpeer: do not get a refcount in inet_getpeer() ax25: rcu protect dev->ax25_ptr ipmr: do not call mr_mfc_uses_dev() for unres entries net: rose: fix timer races against user threads net: hsr: fix fill_frame_info() regression vs VLAN packets net: rose: lock the socket in rose_bind() ndisc: ndisc_send_redirect() must use dev_get_by_index_rcu() vrf: use RCU protection in l3mdev_l3_out() vxlan: check vxlan_vnigroup_init() return value team: better TEAM_OPTION_TYPE_STRING validation ipv4: add RCU protection to ip4_dst_hoplimit() net: add dev_net_rcu() helper ipv4: use RCU protection in ipv4_default_advmss() ipv4: use RCU protection in rt_is_expired() ipv4: use RCU protection in inet_select_addr() ipv4: use RCU protection in __ip_rt_update_pmtu() ipv4: icmp: convert to dev_net_rcu() flow_dissector: use RCU protection to fetch dev_net() ipv6: use RCU protection in ip6_default_advmss() ndisc: use RCU protection in ndisc_alloc_skb() neighbour: use RCU protection in __neigh_notify() arp: use RCU protection in arp_xmit() openvswitch: use RCU protection in ovs_vport_cmd_fill_info() ndisc: extend RCU protection in ndisc_send_skb() ipv6: mcast: add RCU protection to mld_newpack() Eugen Hristev (1): pstore/blk: trivial typo fixes Even Xu (1): HID: Wacom: Add PCI Wacom device support Fabio Porcedda (2): USB: serial: option: add Telit Cinterion FN990B compositions USB: serial: option: fix Telit Cinterion FN990A name Fabrice Gasnier (1): usb: dwc2: gadget: remove of_node reference upon udc_stop Fangzhi Zuo (1): drm/amd/display: Fix Mode Cutoff in DSC Passthrough to DP2.1 Monitor Fedor Pchelkin (3): Bluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc Bluetooth: L2CAP: accept zero as a special value for MTU auto-selection can: ctucanfd: handle skb allocation failure Filipe Manana (3): btrfs: fix use-after-free when attempting to join an aborted transaction btrfs: avoid monopolizing a core when activating a swap file btrfs: fix hole expansion when writing at an offset beyond EOF Florian Westphal (1): netfilter: nft_flow_offload: update tcp state flags under lock Frank Li (1): i3c: master: Fix missing 'ret' assignment in set_speed() Gabor Juhos (1): clk: qcom: clk-alpha-pll: fix alpha mode configuration Gabriele Monaco (1): rv: Reset per-task monitors also for idle tasks Gautham R. Shenoy (1): cpufreq: ACPI: Fix max-frequency computation Geert Uytterhoeven (2): dt-bindings: leds: class-multicolor: Fix path to color definitions selftests: timers: clocksource-switch: Adapt progress to kselftest framework Georg Gottleuber (2): nvme-pci: Add TUXEDO InfinityFlex to Samsung sleep quirk nvme-pci: Add TUXEDO IBP Gen9 to Samsung sleep quirk George Lander (1): ASoC: sun4i-spdif: Add clock multiplier settings Greg Kroah-Hartman (1): Linux 6.1.129 Guangguan Wang (1): net/smc: fix data error when recvmsg with MSG_PEEK flag Guixin Liu (2): scsi: ufs: bsg: Delete bsg_dev when setting up bsg fails scsi: ufs: bsg: Set bsg_queue to NULL after removal Guo Ren (1): usb: gadget: udc: renesas_usb3: Fix compiler warning Hangbin Liu (2): netdevsim: print human readable IP address selftests: rtnetlink: update netdevsim ipsec output format Hans Verkuil (1): gpu: drm_dp_cec: fix broken CEC adapter properties check Hans de Goede (3): mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id platform/x86: int3472: Check for adev == NULL ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet 5V Hao-ran Zheng (1): btrfs: fix data race when accessing the inode's disk_i_size at btrfs_drop_extents() Haoxiang Li (1): drm/komeda: Add check for komeda_get_layer_fourcc_list() He Rongguang (1): cpupower: fix TSC MHz calculation Heiko Carstens (1): s390/futex: Fix FUTEX_OP_ANDN implementation Heiko Stuebner (1): HID: hid-sensor-hub: don't use stale platform-data on remove Heming Zhao (1): ocfs2: fix incorrect CPU endianness conversion causing mount failure Hermes Wu (5): drm/bridge: it6505: Change definition of AUX_FIFO_MAX_SIZE drm/bridge: it6505: Change definition MAX_HDCP_DOWN_STREAM_COUNT drm/bridge: it6505: fix HDCP Bstatus check drm/bridge: it6505: fix HDCP encryption when R0 ready drm/bridge: it6505: fix HDCP CTS compare V matching Hersen Wu (1): drm/amd/display: Add NULL pointer check for kzalloc Hou Tao (2): dm-crypt: don't update io->sector after kcryptd_crypt_write_io_submit() dm-crypt: track tag_offset in convert_context Hsin-Te Yuan (2): arm64: dts: mediatek: mt8183: kenzo: Support second source touchscreen arm64: dts: mediatek: mt8183: willow: Support second source touchscreen Hsin-Yi Wang (1): arm64: dts: mt8183: set DMIC one-wire mode on Damu Huacai Chen (1): USB: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI Ido Schimmel (1): net: sched: Fix truncation of offloaded action statistics Ilan Peer (2): wifi: mac80211: Fix common size calculation for ML element wifi: cfg80211: Handle specific BSSID in 6GHz scanning Illia Ostapyshyn (1): Input: allocate keycode for phone linking Ivan Kokshaysky (3): alpha: make stack 16-byte aligned (most cases) alpha: align stack for page fault and user unaligned trap handlers alpha: replace hardcoded stack offsets with autogenerated ones Ivan Stepchenko (2): drm/amdgpu: Fix potential NULL pointer dereference in atomctrl_get_smc_sclk_range_table mtd: onenand: Fix uninitialized retlen in do_otp_read() Jacob Moroni (1): net: atlantic: fix warning during hot unplug Jakob Unterwurzacher (1): arm64: dts: rockchip: increase gmac rx_delay on rk3399-puma Jakub Kicinski (1): net: netdevsim: try to close UDP port harness races Jamal Hadi Salim (1): net: sched: Disallow replacing of child qdisc from one parent to another Jann Horn (3): usb: cdc-acm: Check control transfer buffer size before access usb: cdc-acm: Fix handling of oversized fragments partitions: mac: fix handling of bogus partition table Jason-JH.Lin (1): dts: arm64: mediatek: mt8195: Remove MT8183 compatible for OVL Javier Carrasco (3): soc: atmel: fix device_node release in atmel_soc_device_init() iio: light: as73211: fix channel handling in only-color triggered buffer pinctrl: samsung: fix fwnode refcount cleanup if platform_get_irq_optional() fails Jennifer Berringer (1): nvmem: core: improve range check for nvmem_cell_write() Jens Axboe (2): block: don't revert iter for -EIOCBQUEUED io_uring/net: don't retry connect operation on EPOLLERR Jian Shen (1): net: hns3: fix oops when unload drivers paralleling Jianbo Liu (1): xfrm: replay: Fix the update of replay_esn->oseq_hi for GSO Jiang Liu (1): drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() Jiaqing Zhao (3): can: ems_pci: move ASIX AX99100 ids to pci_ids.h serial: 8250_pci: add support for ASIX AX99100 parport_pc: add support for ASIX AX99100 Jiasheng Jiang (4): media: marvell: Add check for clk_enable() media: mipi-csis: Add check for clk_enable() media: camif-core: Add check for clk_enable() regmap-irq: Add missing kfree() Jinliang Zheng (1): fs: fix proc_handler for sysctl_nr_open Jiri Kosina (1): HID: multitouch: fix support for Goodix PID 0x01e9 Jiri Pirko (1): net: treat possible_net_t net pointer as an RCU one and add read_pnet_rcu() Joe Hattori (12): ACPI: fan: cleanup resources in the error path of .probe() leds: netxbig: Fix an OF node reference leak in netxbig_leds_get_of_pdata() regulator: of: Implement the unwind path of of_regulator_match() OPP: OF: Fix an OF node leak in _opp_add_static_v2() crypto: ixp4xx - fix OF node reference leaks in init_ixp_crypto() memory: tegra20-emc: fix an OF node reference bug in tegra_emc_find_node_by_ram_code() fbdev: omapfb: Fix an OF node leak in dss_of_port_get_parent_device() mtd: hyperbus: hbmc-am654: fix an OF node reference leak staging: media: imx: fix OF node leak in imx_media_add_of_subdevs() dmaengine: ti: edma: fix OF node reference leaks in edma_driver usb: dwc3-am62: Fix an OF node leak in phy_syscon_pll_refclk() usb: chipidea: ci_hdrc_imx: decrement device's refcount in .remove() and in the error path of .probe() Johan Hovold (1): USB: serial: option: drop MeiG Smart defines Johannes Berg (1): wifi: mac80211: prohibit deactivating all links John Keeping (2): usb: gadget: f_midi: fix MIDI Streaming descriptor lengths serial: 8250: Fix fifo underflow on flush John Ogness (2): serial: 8250: Adjust the timeout for FIFO mode kdb: Do not assume write() callback available Jos Wang (1): usb: typec: tcpm: set SRC_SEND_CAPABILITIES timeout to PD_T_SENDER_RESPONSE Josef Bacik (1): btrfs: convert BUG_ON in btrfs_reloc_cow_block() to proper error handling Juergen Gross (4): x86/xen: fix xen_hypercall_hvm() to not clobber %rbx x86/xen: add FRAME_END to xen_hypercall_hvm() xen/swiotlb: relax alignment requirements x86/xen: allow larger contiguous memory regions in PV guests Kailang Yang (1): ALSA: hda/realtek - Fixed headphone distorted sound on Acer Aspire A115-31 laptop Kaixin Wang (1): i3c: master: cdns: Fix use after free vulnerability in cdns_i3c_master Driver Due to Race Condition Karol Przybylski (1): HID: hid-thrustmaster: Fix warning in thrustmaster_probe by adding endpoint check Kees Cook (1): exec: fix up /proc/pid/comm in the execveat(AT_EMPTY_PATH) case Keisuke Nishimura (1): nvme: Add error check for xa_store in nvme_get_effects_log Kexy Biscuit (1): MIPS: Loongson64: remove ROM Size unit in boardinfo King Dix (1): PCI: rcar-ep: Fix incorrect variable used when calling devm_request_mem_region() Koichiro Den (2): Revert "btrfs: avoid monopolizing a core when activating a swap file" selftests: gpio: gpio-sim: Fix missing chip disablements Konrad Dybcio (4): arm64: dts: qcom: msm8996: Fix up USB3 interrupts arm64: dts: qcom: msm8994: Describe USB interrupts arm64: dts: qcom: sc7180-*: Remove thermal zone polling delays arm64: dts: qcom: sc8280xp: Fix up remoteproc register space sizes Kory Maincent (1): net: sh_eth: Fix missing rtnl lock in suspend/resume path Krzysztof Karas (1): drm/i915/selftests: avoid using uninitialized context Krzysztof Kozlowski (10): mfd: syscon: Use scoped variables with memory allocators to simplify error paths arm64: dts: qcom: sc7180-idp: use just "port" in panel arm64: dts: qcom: sc7180-trogdor-quackingstick: use just "port" in panel arm64: dts: qcom: sc7180-trogdor-wormdingler: use just "port" in panel arm64: dts: qcom: sm6350: Fix ADSP memory length arm64: dts: qcom: sm6350: Fix MPSS memory length arm64: dts: qcom: sm8350: Fix MPSS memory length arm64: dts: qcom: sm8450: Fix MPSS memory length soc: qcom: smem_state: fix missing of_node_put in error path can: c_can: fix unbalanced runtime PM disable in error path Kuan-Wei Chiu (2): printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX ALSA: hda: Fix headset detection failure due to unstable sort Kuninori Morimoto (1): ASoC: soc-pcm: don't use soc_pcm_ret() on .prepare callback Kyle Tso (2): usb: dwc3: core: Defer the probe until USB power supply ready usb: typec: tcpci: Prevent Sink disconnection before vPpsShutdown in SPR PPS Laurent Pinchart (1): media: uvcvideo: Fix double free in error path Laurentiu Palcu (1): staging: media: max96712: fix kernel oops when removing module Lei Huang (1): USB: quirks: add USB_QUIRK_NO_LPM quirk for Teclast dist Lenny Szubowicz (1): tg3: Disable tg3 PCIe AER on system reboot Leo Stone (1): safesetid: check size of policy writes Leon Romanovsky (1): RDMA/mlx4: Avoid false error about access to uninitialized gids array Li Lingfeng (1): nfsd: clear acl_access/acl_default after releasing them Li Zetao (1): neighbour: delete redundant judgment statements Liam R. Howlett (1): maple_tree: fix static analyser cppcheck issue Lianqin Hu (1): ALSA: usb-audio: Add delay quirk for iBasso DC07 Pro Lijo Lazar (1): drm/amd/pm: Mark MM activity as unsupported Lin Yujun (1): hexagon: Fix unbalanced spinlock in die() Linus Walleij (1): gpio: xilinx: Convert to immutable irq_chip Liu Jian (1): net: let net.core.dev_weight always be non-zero Liu Ye (1): selftests/net/ipsec: Fix Null pointer dereference in rtattr_pack() Long Li (1): scsi: storvsc: Set correct data length for sending SCSI command without payload Lu Baolu (1): iommu: Return right value in iommu_sva_bind_device() Luca Weiss (6): arm64: dts: qcom: sm7225-fairphone-fp4: Drop extra qcom,msm-id value arm64: dts: qcom: pm6150l: add temp sensor and thermal zone config media: i2c: imx412: Add missing newline to prints clk: qcom: gcc-sm6350: Add missing parent_map for two clocks clk: qcom: dispcc-sm6350: Add missing parent_map for a clock nvmem: qcom-spmi-sdam: Set size in struct nvmem_config Luo Yifan (1): tools/bootconfig: Fix the wrong format specifier Ma Ke (2): pinctrl: stm32: check devm_kasprintf() returned value RDMA/srp: Fix error handling in srp_add_port Maarten Lankhorst (1): drm/modeset: Handle tiled displays in pan_display_atomic. Maciej S. Szmigiero (1): net: wwan: iosm: Fix hibernation by re-binding the driver around it Mahdi Arghavani (1): tcp_cubic: fix incorrect HyStart round start detection Maher Sanalla (1): net/mlxfw: Drop hard coded max FW flash image size Maksym Planeta (1): Grab mm lock before grabbing pt lock Manivannan Sadhasivam (3): OPP: Introduce dev_pm_opp_find_freq_{ceil/floor}_indexed() APIs OPP: Introduce dev_pm_opp_get_freq_indexed() API PCI: endpoint: pci-epf-test: Fix check for DMA MEMCPY test Marcel Hamer (1): wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize() Marco Elver (1): kfence: skip __GFP_THISNODE allocations on NUMA systems Marco Leogrande (1): tools/testing/selftests/bpf/test_tc_tunnel.sh: Fix wait for server bind Marek Vasut (3): clk: imx8mp: Fix clkout1/2 support arm64: dts: qcom: msm8996-xiaomi-gemini: Fix LP5562 LED1 reg property USB: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk Mario Limonciello (2): ASoC: acp: Support microphone from Lenovo Go S gpiolib: acpi: Add a quirk for Acer Nitro ANV14 Mark Tomlinson (1): gpio: pca953x: Improve interrupt support Masahiro Yamada (7): genksyms: fix memory leak when the same symbol is added from source genksyms: fix memory leak when the same symbol is read from *.symref file kconfig: fix file name in warnings when loading KCONFIG_DEFCONFIG_LIST kconfig: require a space after '#' for valid input kconfig: remove unused code for S_DEF_AUTO in conf_read_simple() kconfig: deduplicate code in conf_read_simple() kconfig: fix memory leak in sym_warn_unmet_dep() Mateusz Jończyk (1): mips/math-emu: fix emulation of the prefx instruction Mathias Nyman (1): USB: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone Matthew Wilcox (Oracle) (1): ocfs2: handle a symlink read error correctly Matthieu Baerts (NGI0) (2): selftests: mptcp: connect: -f: no reconnect mptcp: pm: only set fullmesh for subflow endp Matti Vaittinen (1): dt-bindings: mfd: bd71815: Fix rsense and typos Mazin Al Haddad (1): Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync Meetakshi Setiya (1): smb: client: change lease epoch type from unsigned int to __u16 Mehdi Djait (1): media: ccs: Fix cleanup order in ccs_probe() Michael Ellerman (1): selftests/powerpc: Fix argument order to timer_sub() Michael Guralnik (1): RDMA/mlx5: Fix indirect mkey ODP page count Michael Lo (1): wifi: mt76: mt7921: fix using incorrect group cipher after disconnection. Michael Margolin (1): RDMA/efa: Reset device on probe failure Michal Pecio (1): usb: xhci: Fix NULL pointer dereference on certain command aborts Michal Simek (1): rtc: zynqmp: Fix optional clock name property Michal Swiatkowski (1): iavf: allow changing VLAN state without calling PF Mickaël Salaün (2): landlock: Handle weird files selftests/landlock: Fix error message Mike Marshall (1): orangefs: fix a oob in orangefs_debug_write Mike Snitzer (1): pnfs/flexfiles: retry getting layout segment for reads Milos Reljin (1): net: phy: c45-tjaxx: add delay between MDIO write and read in soft_reset Mingwei Zheng (4): spi: zynq-qspi: Add check for clk_enable() pwm: stm32-lp: Add check for clk_enable() pwm: stm32: Add check for clk_enable() pinctrl: stm32: Add check for clk_enable() Miri Korenblit (1): wifi: iwlwifi: avoid memory leak Mohamed Khalfella (1): PCI: endpoint: pci-epf-test: Set dma_chan_rx pointer to NULL on error Muhammad Adeel (1): cgroup: Remove steal time from usage_usec Murad Masimov (1): ax25: Fix refcount leak caused by setting SO_BINDTODEVICE sockopt Nam Cao (1): fs/proc: do_task_stat: Fix ESP not readable during coredump Narayana Murty N (1): powerpc/pseries/eeh: Fix get PE state translation Nathan Chancellor (5): s390: Add '-std=gnu11' to decompressor and purgatory CFLAGS efi: libstub: Use '-std=gnu11' to fix build with GCC 15 kbuild: Move -Wenum-enum-conversion to W=2 x86/boot: Use '-std=gnu11' to fix build with GCC 15 arm64: Handle .ARM.attributes section in linker scripts Neil Armstrong (6): OPP: add index check to assert to avoid buffer overflow in _read_freq() OPP: fix dev_pm_opp_find_bw_*() when bandwidth table not initialized dt-bindings: mmc: controller: clarify the address-cells description arm64: dts: qcom: sc7180-trogdor-quackingstick: add missing avee-supply arm64: dts: qcom: sc7180-trogdor-pompom: rename 5v-choke thermal zone arm64: dts: qcom: sm8150-microsoft-surface-duo: fix typos in da7280 properties Nick Chan (1): irqchip/apple-aic: Only handle PMC interrupt as FIQ when configured so Nicolas Ferre (1): ARM: at91: pm: change BU Power Switch to automatic mode Nikita Travkin (2): arm64: dts: qcom: sc7180: Don't enable lpass clocks by default arm64: dts: qcom: sc7180: Drop redundant disable in mdp Nikita Zhandarovich (3): net/rose: prevent integer overflows in rose_setsockopt() net: usb: rtl8150: enable basic endpoint checking nilfs2: fix possible int overflows in nilfs_fiemap() Niklas Cassel (1): ata: libata-sff: Ensure that we cannot write outside the allocated buffer Octavian Purdila (2): net_sched: sch_sfq: don't allow 1 packet limit team: prevent adding a device which is already a team device lower Oleksij Rempel (1): rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read Olga Kornievskaia (2): NFSv4.2: fix COPY_NOTIFY xdr buf size calculation NFSv4.2: mark OFFLOAD_CANCEL MOVEABLE Oliver Neukum (1): media: rc: iguanair: handle timeouts Pablo Neira Ayuso (1): netfilter: nf_tables: reject mismatching sum of field_len with set key length Paolo Abeni (3): mptcp: consolidate suboption status mptcp: handle fastopen disconnect correctly mptcp: prevent excessive coalescing on receive Paolo Bonzini (1): KVM: e500: always restore irqs Parth Pancholi (1): kbuild: switch from lz4c to lz4 for compression Paul Fertser (3): net/ncsi: fix locking in Get MAC Address handling net/ncsi: wait for the last response to Deselect Package before configuring channel net/ncsi: use dev_set_mac_address() for Get MC MAC Address handling Paul Menzel (1): scsi: mpt3sas: Set ioc->manu_pg11.EEDPTagMode directly to 1 Paulo Alcantara (1): smb: client: fix oops due to unset link speed Pavel Begunkov (3): io_uring: fix multishots with selected buffers io_uring: fix io_req_prep_async with provided buffers io_uring/rw: commit provided buffer state on async Pekka Pessi (1): mailbox: tegra-hsp: Clear mailbox before using message Peter Chiu (1): wifi: mt76: mt7915: fix register mapping Peter Delevoryas (1): net/ncsi: Add NC-SI 1.2 Get MC MAC Address command Peter Griffin (2): mfd: syscon: Remove extern from function prototypes mfd: syscon: Add of_syscon_register_regmap() API Peter Zijlstra (1): sched/fair: Fix value reported by hot tasks pulled in /proc/schedstat Petr Tesarik (1): xen: remove a confusing comment on auto-translated guest I/O Prasad Pandit (1): firmware: iscsi_ibft: fix ISCSI_IBFT Kconfig entry Puranjay Mohan (2): bpf: Send signals asynchronously if !preemptible nvme: fix metadata handling in nvme-passthrough Qasim Ijaz (1): iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index() Qu Wenruo (1): btrfs: output the reason for open_ctree() failure Quentin Monnet (1): libbpf: Fix segfault due to libelf functions not setting errno Quinn Tran (1): scsi: qla2xxx: Move FCE Trace buffer allocation to user control Radu Rendec (1): arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array Rafał Miłecki (2): ARM: dts: mediatek: mt7623: fix IR nodename bgmac: reduce max frame size to support just MTU 1500 Rakesh Babu Saladi (1): PCI: switchtec: Add Microchip PCI100X device IDs Ramesh Thomas (1): vfio/pci: Enable iowrite64 and ioread64 for vfio pci Randolph Ha (1): i2c: Force ELAN06FA touchpad I2C bus freq to 100KHz Randy Dunlap (2): partitions: ldm: remove the initial kernel-doc notation efi: sysfb_efi: fix W=1 warnings when EFI is not set Ricardo B. Marliere (1): ktest.pl: Check kernelrelease return in get_version Ricardo Ribalda (3): media: uvcvideo: Propagate buf->error to userspace media: uvcvideo: Fix event flags in uvc_ctrl_send_events media: uvcvideo: Remove redundant NULL assignment Rik van Riel (1): x86/mm/tlb: Only trim the mm_cpumask once a second Rob Herring (Arm) (1): mfd: syscon: Fix race in device_node_get_regmap() Robin Murphy (1): iommu/arm-smmu-v3: Clean up more on probe failure Roger Quadros (1): net: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns() Romain Naour (1): ARM: dts: dra7: Add bus_dma_limit for l4 cfg bus Ryusuke Konishi (3): nilfs2: do not output warnings when clearing dirty buffers nilfs2: do not force clear folio if buffer is referenced nilfs2: protect access to buffers with no active references Sakari Ailus (2): media: ccs: Clean up parsed CCS static data on parse failure media: ccs: Fix CCS static data parsing for large block sizes Sam Bobrowicz (1): media: ov5640: fix get_light_freq on auto Satya Priya Kakitapalli (1): clk: qcom: gcc-mdm9607: Fix cmd_rcgr offset for blsp1_uart6 rcg Sean Anderson (2): gpio: xilinx: Convert gpio_lock to raw spinlock tty: xilinx_uartps: split sysrq handling Sean Christopherson (7): KVM: PPC: e500: Mark "struct page" dirty in kvmppc_e500_shadow_map() KVM: PPC: e500: Mark "struct page" pfn accessed before dropping mmu_lock KVM: PPC: e500: Use __kvm_faultin_pfn() to handle page faults KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() KVM: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC isn't in-kernel KVM: nSVM: Enter guest mode before initializing nested NPT MMU perf/x86/intel: Ensure LBRs are disabled when a CPU is starting Sean Rhodes (1): drivers/card_reader/rtsx_usb: Restore interrupt based detection Sebastian Andrzej Siewior (1): module: Extend the preempt disabled section in dereference_symbol_descriptor(). Sebastian Wiese-Wagner (1): ALSA: hda/realtek: Enable Mute LED on HP Laptop 14s-fq1xxx Selvarasu Ganesan (1): usb: dwc3: Fix timeout issue during controller enter/exit from halt state Sergey Senozhatsky (2): kconfig: add warn-unknown-symbols sanity check kconfig: WERROR unmet symbol dependency Shakeel Butt (1): cgroup: fix race between fork and cgroup.kill Shawn Lin (1): mmc: core: Respect quirk_max_rate for non-UHS SDIO card Shigeru Yoshida (1): vxlan: Fix uninit-value in vxlan_vnifilter_dump() Sourabh Jain (1): powerpc/book3s64/hugetlb: Fix disabling hugetlb when fadump is active Stas Sergeev (1): tun: fix group permission check Stefan Dösinger (1): wifi: brcmfmac: Check the return value of of_property_read_string_index() Stefan Eichenberger (1): usb: core: fix pipe creation for get_bMaxPacketSize0 Stephan Gerhold (1): soc: qcom: socinfo: Avoid out of bounds read of serial number Su Yue (2): ocfs2: mark dquot as inactive if failed to start trans while releasing dquot ocfs2: check dir i_size in ocfs2_find_entry Sui Jingfeng (1): drm/etnaviv: Fix page property being used for non writecombine buffers Suleiman Souhlal (1): sched: Don't try to catch up excess steal time. Sultan Alsawaf (unemployed) (1): cpufreq: schedutil: Fix superfluous updates caused by need_freq_update Sumit Gupta (2): arm64: tegra: Disable Tegra234 sce-fabric node arm64: tegra: Fix typo in Tegra234 dce-fabric compatible Sven Eckelmann (2): batman-adv: Ignore neighbor throughput metrics in error case batman-adv: Drop unmanaged ELP metric worker Takashi Iwai (1): PCI/DPC: Quirk PIO log size for Intel Raptor Lake-P Tetsuo Handa (1): tomoyo: don't emit warning in tomoyo_write_control() Thadeu Lima de Souza Cascardo (10): wifi: rtlwifi: do not complete firmware loading needlessly wifi: rtlwifi: rtl8192se: rise completion of firmware loading as last step wifi: rtlwifi: wait for firmware loading before releasing memory wifi: rtlwifi: fix init_sw_vars leak when probe fails wifi: rtlwifi: usb: fix workqueue leak when probe fails wifi: rtlwifi: remove unused check_buddy_priv wifi: rtlwifi: destroy workqueue at rtl_deinit_core wifi: rtlwifi: fix memory leaks and invalid access at probe error path wifi: rtlwifi: pci: wait for firmware loading before releasing memory Revert "media: uvcvideo: Require entities to have a non-zero unique ID" Thinh Nguyen (6): usb: gadget: f_tcm: Fix Get/SetInterface return value usb: gadget: f_tcm: Don't free command immediately usb: gadget: f_tcm: Translate error to sense usb: gadget: f_tcm: Decrement command ref count on cleanup usb: gadget: f_tcm: ep_autoconfig with fullspeed endpoint usb: gadget: f_tcm: Don't prepare BOT write request twice Thomas Gleixner (1): genirq: Make handle_enforce_irqctx() unconditionally available Thomas Weißschuh (3): padata: fix sysfs store callback check ptp: Properly handle compat ioctls ptp: Ensure info->enable callback is always set Thomas Zimmermann (2): m68k: vga: Fix I/O defines drm/rockchip: cdn-dp: Use drm_connector_helper_hpd_irq_event() Tim Huang (1): drm/amd/display: fix double free issue during amdgpu module unload Tom Chung (1): Revert "drm/amd/display: Use HW lock mgr for PSR1" Tomas Glozar (6): rtla/osnoise: Distinguish missing workload option rtla: Add trace_instance_stop rtla/timerlat_hist: Stop timerlat tracer on signal rtla/timerlat_top: Stop timerlat tracer on signal rtla/timerlat_hist: Abort event processing on second signal rtla/timerlat_top: Abort event processing on second signal Tomi Valkeinen (1): drm/tidss: Fix issue in irq handling causing irq-flood issue Tulio Fernandes (1): HID: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints() Uwe Kleine-König (2): mtd: hyperbus: hbmc-am654: Convert to platform remove callback returning void usb: chipidea/ci_hdrc_imx: Convert to platform remove callback returning void Vadim Fedorenko (1): net/mlx5: use do_aux_work for PHC overflow checks Val Packett (4): arm64: dts: mediatek: mt8516: fix GICv2 range arm64: dts: mediatek: mt8516: fix wdt irq type arm64: dts: mediatek: mt8516: add i2c clock-div property arm64: dts: mediatek: mt8516: reserve 192 KiB for TF-A Valentin Caron (1): pinctrl: stm32: set default gpio line names using pin names Ville Syrjälä (1): drm/i915: Drop 64bpp YUV formats from ICL+ SDR planes Viresh Kumar (4): OPP: Rearrange entries in pm_opp.h OPP: Add dev_pm_opp_find_freq_exact_indexed() OPP: Reuse dev_pm_opp_get_freq_indexed() cpufreq: s3c64xx: Fix compilation warning Vladimir Oltean (1): net: dsa: fix netdev_priv() dereference before check on non-DSA netdevice events Vladimir Vdovin (1): net: ipv4: Cache pmtu for all packet paths if multipath enabled Vladimir Zapolskiy (2): arm64: dts: qcom: sdm845: Fix interrupt types of camss interrupts arm64: dts: qcom: sm8250: Fix interrupt types of camss interrupts Waiman Long (2): clocksource: Use pr_info() for "Checking clocksource synchronization" message clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context WangYuli (2): wifi: mt76: mt76u_vendor_request: Do not print error messages when -EPROTO MIPS: ftrace: Declare ftrace_get_parent_ra_addr() as static Wei Yang (1): maple_tree: simplify split calculation Wenkai Lin (2): crypto: hisilicon/sec2 - fix for aead icv error crypto: hisilicon/sec2 - fix for aead invalid authsize Wentao Liang (4): PM: hibernate: Add error handling for syscore_suspend() xfs: Add error handling for xfs_reflink_cancel_cow_range gpio: stmpe: Check return value of stmpe_reg_read in stmpe_gpio_irq_sync_unlock mlxsw: Add return value check for mlxsw_sp_port_get_stats_raw() Willem de Bruijn (2): hexagon: fix using plain integer as NULL pointer warning in cmpxchg tun: revert fix group permission check Yan Zhai (1): udp: gso: do not drop small packets when PMTU reduces Yang Erkun (1): block: retry call probe after request_module in blk_request_module Yazen Ghannam (1): x86/amd_nb: Restrict init function to AMD-based systems Yu Kuai (1): nbd: don't allow reconnect after disconnect Yu-Chun Lin (1): ASoC: amd: Add ACPI dependency to fix build error Yuanjie Yang (1): mmc: sdhci-msm: Correctly set the load for the regulator Zhaoyang Huang (1): mm: gup: fix infinite loop within __get_longterm_locked Zhu Yanjun (1): RDMA/rxe: Fix the warning "__rxe_cleanup+0x12c/0x170 [rdma_rxe]" Zichen Xie (1): samples/landlock: Fix possible NULL dereference in parse_path() Zijun Hu (7): of: reserved-memory: Do not make kmemleak ignore freed address PCI: endpoint: Destroy the EPC device in devm_pci_epc_destroy() blk-cgroup: Fix class @block_class's subsystem refcount leakage of: Correct child specifier used as input of the 2nd nexus node of: Fix of_find_node_opts_by_path() handling of alias+path+options of: reserved-memory: Fix using wrong number of cells to get property 'alignment' PCI: endpoint: Finish virtual EP removal in pci_epf_remove_vepf() Zizhi Wo (1): cachefiles: Fix NULL pointer dereference in object->file pangliyuan (1): ubifs: skip dumping tnc tree when zroot is null

4 months, 3 weeks

1
1
0 0

[PATCH v2 1/3] drm/xe/userptr: restore invalidation list on error

by Matthew Auld

On error restore anything still on the pin_list back to the invalidation list on error. For the actual pin, so long as the vma is tracked on either list it should get picked up on the next pin, however it looks possible for the vma to get nuked but still be present on this per vm pin_list leading to corruption. An alternative might be then to instead just remove the link when destroying the vma. Fixes: ed2bdf3b264d ("drm/xe/vm: Subclass userptr vmas") Suggested-by: Matthew Brost <matthew.brost(a)intel.com> Signed-off-by: Matthew Auld <matthew.auld(a)intel.com> Cc: Thomas Hellström <thomas.hellstrom(a)linux.intel.com> Cc: <stable(a)vger.kernel.org> # v6.8+ --- drivers/gpu/drm/xe/xe_vm.c | 26 +++++++++++++++++++------- 1 file changed, 19 insertions(+), 7 deletions(-) diff --git a/drivers/gpu/drm/xe/xe_vm.c b/drivers/gpu/drm/xe/xe_vm.c index d664f2e418b2..668b0bde7822 100644 --- a/drivers/gpu/drm/xe/xe_vm.c +++ b/drivers/gpu/drm/xe/xe_vm.c @@ -670,12 +670,12 @@ int xe_vm_userptr_pin(struct xe_vm *vm) list_for_each_entry_safe(uvma, next, &vm->userptr.invalidated, userptr.invalidate_link) { list_del_init(&uvma->userptr.invalidate_link); - list_move_tail(&uvma->userptr.repin_link, - &vm->userptr.repin_list); + list_add_tail(&uvma->userptr.repin_link, + &vm->userptr.repin_list); } spin_unlock(&vm->userptr.invalidated_lock); - /* Pin and move to temporary list */ + /* Pin and move to bind list */ list_for_each_entry_safe(uvma, next, &vm->userptr.repin_list, userptr.repin_link) { err = xe_vma_userptr_pin_pages(uvma); @@ -691,10 +691,10 @@ int xe_vm_userptr_pin(struct xe_vm *vm) err = xe_vm_invalidate_vma(&uvma->vma); xe_vm_unlock(vm); if (err) - return err; + break; } else { - if (err < 0) - return err; + if (err) + break; list_del_init(&uvma->userptr.repin_link); list_move_tail(&uvma->vma.combined_links.rebind, @@ -702,7 +702,19 @@ int xe_vm_userptr_pin(struct xe_vm *vm) } } - return 0; + if (err) { + down_write(&vm->userptr.notifier_lock); + spin_lock(&vm->userptr.invalidated_lock); + list_for_each_entry_safe(uvma, next, &vm->userptr.repin_list, + userptr.repin_link) { + list_del_init(&uvma->userptr.repin_link); + list_move_tail(&uvma->userptr.invalidate_link, + &vm->userptr.invalidated); + } + spin_unlock(&vm->userptr.invalidated_lock); + up_write(&vm->userptr.notifier_lock); + } + return err; } /** -- 2.48.1

4 months, 3 weeks

3
11
0 0

[PATCH 0/5] arm64: dts: rockchip: pinmux fixes and support for 2 adapters for Theobroma boards

by Quentin Schulz

This is based on top of https://git.kernel.org/pub/scm/linux/kernel/git/mmind/linux-rockchip.git/lo… 6ee0b9ad3995 ("arm64: dts: rockchip: Add rng node to RK3588") as it depends on the (merged) series from https://lore.kernel.org/all/20250211-pre-ict-jaguar-v6-0-4484b0f88cfc@cherr… Patches for Haikou Video Demo adapter for PX30 Ringneck and RK3399 Puma (patches 4 and 5) also depend on the following patch series: https://lore.kernel.org/linux-devicetree/20250220-pca976x-reset-driver-v1-0… This fixes incorrect pinmux on UART0 and UART5 for PX30 Ringneck on Haikou. This adds support for the HAIKOU-LVDS-9904379 adapter for PX30 Ringneck fitted on a Haikou carrierboard. Additionally, this adds support for Haikou Video Demo adapter on PX30 Ringneck and RK3399 Puma fitted on a Haikou carrierboard. Notably missing from the overlay is the OV5675 camera module which expects 19.2MHz which we cannot exactly feed right now. Modifications to the OV5675 drivers will be made so it's more flexible and then support for the camera module will be added. This adapter has a 720x1280 DSI display with a GT911 touchscreen, a GPIO-controllable LED and an I2C GPIO expander. Support for this adapter on RK3588 Tiger is being added in a separate patch series[1]. Note that the DSI panel currently is glitchy on both PX30 Ringneck and RK3399 Puma but this is being tackled in another series[2]. Since this will not be fixed through DT properties for the panel, adding the DT nodes for the DSI panel even if not perfect right now seems acceptable to me. [1] https://lore.kernel.org/linux-rockchip/20241127143719.660658-1-heiko@sntech… [2] https://lore.kernel.org/r/20240626084722.832763-1-heiko@sntech.de Signed-off-by: Quentin Schulz <quentin.schulz(a)cherry.de> --- Quentin Schulz (5): arm64: dts: rockchip: fix pinmux of UART0 for PX30 Ringneck on Haikou arm64: dts: rockchip: fix pinmux of UART5 for PX30 Ringneck on Haikou arm64: dts: rockchip: add support for HAIKOU-LVDS-9904379 adapter for PX30 Ringneck arm64: dts: rockchip: add overlay for PX30 Ringneck Haikou Video Demo adapter arm64: dts: rockchip: add overlay for RK3399 Puma Haikou Video Demo adapter arch/arm64/boot/dts/rockchip/Makefile | 15 ++ .../px30-ringneck-haikou-lvds-9904379.dtso | 130 ++++++++++++++ .../rockchip/px30-ringneck-haikou-video-demo.dtso | 190 +++++++++++++++++++++ .../boot/dts/rockchip/px30-ringneck-haikou.dts | 10 +- .../rockchip/rk3399-puma-haikou-video-demo.dtso | 166 ++++++++++++++++++ 5 files changed, 510 insertions(+), 1 deletion(-) --- base-commit: 6ee0b9ad3995ee5fa229035c69013b7dd0d3634b change-id: 20250128-ringneck-dtbos-98064839355e prerequisite-change-id: 20250219-pca976x-reset-driver-c9aa95869426:v1 prerequisite-patch-id: 24af74693654b4a456aca0a1399ec8509e141c01 prerequisite-patch-id: df17910ec117317f2f456f679a77ed60e9168fa3 Best regards, -- Quentin Schulz <quentin.schulz(a)cherry.de>

4 months, 3 weeks

4
5
0 0

[PATCH v2] Bluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected()

by Haoxiang Li

Add check for the return value of mgmt_alloc_skb() in mgmt_device_connected() to prevent null pointer dereference. Fixes: e96741437ef0 ("Bluetooth: mgmt: Make use of mgmt_send_event_skb in MGMT_EV_DEVICE_CONNECTED") Cc: stable(a)vger.kernel.org Signed-off-by: Haoxiang Li <haoxiang_li2024(a)163.com> --- Changes in v2: - modify the title description. --- net/bluetooth/mgmt.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c index f53304cb09db..f1a9f58d1c7e 100644 --- a/net/bluetooth/mgmt.c +++ b/net/bluetooth/mgmt.c @@ -9659,7 +9659,8 @@ void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn, skb = mgmt_alloc_skb(hdev, MGMT_EV_DEVICE_CONNECTED, sizeof(*ev) + (name ? eir_precalc_len(name_len) : 0) + eir_precalc_len(sizeof(conn->dev_class))); - + if (!skb) + return; ev = skb_put(skb, sizeof(*ev)); bacpy(&ev->addr.bdaddr, &conn->dst); ev->addr.type = link_to_bdaddr(conn->type, conn->dst_type); -- 2.25.1

4 months, 3 weeks

1
0
0 0

[PATCH 0/2] driver core: platform: avoid use-after-free on device name

by Théo Lebrun

The use-after-free bug appears when: - A platform device is created from OF, by of_device_add(); - The same device's name is changed afterwards using dev_set_name(), by its probe for example. Out of the 37 drivers that deal with platform devices and do a dev_set_name() call, only one might be affected. That driver is loongson-i2s-plat [0]. All other dev_set_name() calls are on children devices created on the spot. The issue was found on downstream kernels and we don't have what it takes to test loongson-i2s-plat. Note: loongson-i2s-plat maintainers are CCed. ⟩ # Finding potential trouble-makers: ⟩ git grep -l 'struct platform_device' | xargs grep -l dev_set_name The solution proposed is to add a flag to platform_device that tells if it is responsible for freeing its name. We can then duplicate the device name inside of_device_add() instead of copying the pointer. What is done elsewhere? - Platform bus code does a copy of the argument name that is stored alongside the struct platform_device; see platform_device_alloc()[1]. - Other busses duplicate the device name; either through a dynamic allocation [2] or through an array embedded inside devices [3]. - Some busses don't have a separate name; when they want a name they take it from the device [4]. [0]: https://elixir.bootlin.com/linux/v6.13.2/source/sound/soc/loongson/loongson… [1]: https://elixir.bootlin.com/linux/v6.13.2/source/drivers/base/platform.c#L581 [2]: https://elixir.bootlin.com/linux/v6.13.2/source/drivers/gpu/drm/drm_drv.c#L… [3]: https://elixir.bootlin.com/linux/v6.13.2/source/include/linux/i2c.h#L343 [4]: https://elixir.bootlin.com/linux/v6.13.2/source/include/linux/pci.h#L2150 This can be reproduced using Buildroot's qemu_aarch64_virt_defconfig with CONFIG_KASAN=y and a dev_set_name() inside the probe of: drivers/pci/controller/pci-host-common.c The below splat appears at boot. It happens whenever something tries to access pdev->name; one big consumer of this field is platform_match() that fallbacks to name matching. ================================================================== BUG: KASAN: slab-use-after-free in strcmp+0x2c/0x78 Read of size 1 at addr ffffff80c0300160 by task swapper/0/1 CPU: 0 PID: 1 Comm: swapper/0 Not tainted 6.6.32 #1 Hardware name: linux,dummy-virt (DT) Call trace: dump_backtrace+0x90/0xe8 show_stack+0x18/0x24 dump_stack_lvl+0x48/0x60 print_report+0xf8/0x5d8 kasan_report+0x90/0xcc __asan_load1+0x60/0x6c strcmp+0x2c/0x78 platform_match+0xd0/0x140 __driver_attach+0x44/0x240 bus_for_each_dev+0xe4/0x160 driver_attach+0x34/0x44 bus_add_driver+0x134/0x270 driver_register+0xa4/0x1e4 __platform_driver_register+0x44/0x54 ged_driver_init+0x1c/0x28 do_one_initcall+0xdc/0x260 kernel_init_freeable+0x314/0x448 kernel_init+0x2c/0x1e0 ret_from_fork+0x10/0x20 Allocated by task 1: kasan_save_stack+0x3c/0x64 kasan_set_track+0x2c/0x40 kasan_save_alloc_info+0x24/0x34 __kasan_kmalloc+0xb8/0xbc __kmalloc_node_track_caller+0x64/0xa4 kvasprintf+0xcc/0x16c kvasprintf_const+0xe8/0x180 kobject_set_name_vargs+0x54/0xd4 dev_set_name+0xa8/0xe4 of_device_make_bus_id+0x298/0x2b0 of_device_alloc+0x1ec/0x204 of_platform_device_create_pdata+0x60/0x168 of_platform_bus_create+0x20c/0x4a0 of_platform_populate+0x50/0x10c of_platform_default_populate_init+0xe0/0x100 do_one_initcall+0xdc/0x260 kernel_init_freeable+0x314/0x448 kernel_init+0x2c/0x1e0 ret_from_fork+0x10/0x20 Freed by task 1: kasan_save_stack+0x3c/0x64 kasan_set_track+0x2c/0x40 kasan_save_free_info+0x38/0x60 __kasan_slab_free+0xe4/0x150 __kmem_cache_free+0x134/0x26c kfree+0x54/0x6c kfree_const+0x34/0x40 kobject_set_name_vargs+0xa8/0xd4 dev_set_name+0xa8/0xe4 pci_host_common_probe+0x9c/0x294 platform_probe+0x90/0x100 really_probe+0x100/0x3cc __driver_probe_device+0xb8/0x18c driver_probe_device+0x108/0x1d8 __driver_attach+0xc8/0x240 bus_for_each_dev+0xe4/0x160 driver_attach+0x34/0x44 bus_add_driver+0x134/0x270 driver_register+0xa4/0x1e4 __platform_driver_register+0x44/0x54 gen_pci_driver_init+0x1c/0x28 do_one_initcall+0xdc/0x260 kernel_init_freeable+0x314/0x448 kernel_init+0x2c/0x1e0 ret_from_fork+0x10/0x20 The buggy address belongs to the object at ffffff80c0300160 which belongs to the cache kmalloc-16 of size 16 The buggy address is located 0 bytes inside of freed 16-byte region [ffffff80c0300160, ffffff80c0300170) The buggy address belongs to the physical page: page:0000000099fe29a0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100300 flags: 0x8000000000000800(slab|zone=2) page_type: 0xffffffff() raw: 8000000000000800 ffffff80c00013c0 dead000000000122 0000000000000000 raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffffff80c0300000: fa fb fc fc fa fb fc fc 00 07 fc fc 00 07 fc fc ffffff80c0300080: 00 07 fc fc 00 02 fc fc 00 02 fc fc 00 02 fc fc >ffffff80c0300100: 00 06 fc fc 00 06 fc fc 00 06 fc fc fa fb fc fc ^ ffffff80c0300180: 00 00 fc fc 00 00 fc fc 00 06 fc fc 00 06 fc fc ffffff80c0300200: 00 06 fc fc 00 06 fc fc 00 06 fc fc 00 06 fc fc ================================================================== Signed-off-by: Théo Lebrun <theo.lebrun(a)bootlin.com> --- Théo Lebrun (2): driver core: platform: turn pdev->id_auto into pdev->flags driver core: platform: avoid use-after-free on pdev->name drivers/base/platform.c | 8 +++++--- drivers/of/platform.c | 12 +++++++++++- include/linux/platform_device.h | 4 +++- 3 files changed, 19 insertions(+), 5 deletions(-) --- base-commit: 0ad2507d5d93f39619fc42372c347d6006b64319 change-id: 20250217-pdev-uaf-1a779a98d81b Best regards, -- Théo Lebrun <theo.lebrun(a)bootlin.com>

4 months, 3 weeks

3
10
0 0

[PATCH 1/1] iommu/vt-d: Fix suspicious RCU usage

by Lu Baolu

Commit <d74169ceb0d2> ("iommu/vt-d: Allocate DMAR fault interrupts locally") moved the call to enable_drhd_fault_handling() to a code path that does not hold any lock while traversing the drhd list. Fix it by ensuring the dmar_global_lock lock is held when traversing the drhd list. Without this fix, the following warning is triggered: ============================= WARNING: suspicious RCU usage 6.14.0-rc3 #55 Not tainted ----------------------------- drivers/iommu/intel/dmar.c:2046 RCU-list traversed in non-reader section!! other info that might help us debug this: rcu_scheduler_active = 1, debug_locks = 1 2 locks held by cpuhp/1/23: #0: ffffffff84a67c50 (cpu_hotplug_lock){++++}-{0:0}, at: cpuhp_thread_fun+0x87/0x2c0 #1: ffffffff84a6a380 (cpuhp_state-up){+.+.}-{0:0}, at: cpuhp_thread_fun+0x87/0x2c0 stack backtrace: CPU: 1 UID: 0 PID: 23 Comm: cpuhp/1 Not tainted 6.14.0-rc3 #55 Call Trace: <TASK> dump_stack_lvl+0xb7/0xd0 lockdep_rcu_suspicious+0x159/0x1f0 ? __pfx_enable_drhd_fault_handling+0x10/0x10 enable_drhd_fault_handling+0x151/0x180 cpuhp_invoke_callback+0x1df/0x990 cpuhp_thread_fun+0x1ea/0x2c0 smpboot_thread_fn+0x1f5/0x2e0 ? __pfx_smpboot_thread_fn+0x10/0x10 kthread+0x12a/0x2d0 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x4a/0x60 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30 </TASK> Simply holding the lock in enable_drhd_fault_handling() will trigger a lock order splat. Avoid holding the dmar_global_lock when calling iommu_device_register(), which starts the device probe process. Fixes: d74169ceb0d2 ("iommu/vt-d: Allocate DMAR fault interrupts locally") Reported-by: Ido Schimmel <idosch(a)idosch.org> Closes: https://lore.kernel.org/linux-iommu/Zx9OwdLIc_VoQ0-a@shredder.mtl.com/ Cc: stable(a)vger.kernel.org Signed-off-by: Lu Baolu <baolu.lu(a)linux.intel.com> --- drivers/iommu/intel/dmar.c | 1 + drivers/iommu/intel/iommu.c | 7 +++++++ 2 files changed, 8 insertions(+) diff --git a/drivers/iommu/intel/dmar.c b/drivers/iommu/intel/dmar.c index 9f424acf474e..e540092d664d 100644 --- a/drivers/iommu/intel/dmar.c +++ b/drivers/iommu/intel/dmar.c @@ -2043,6 +2043,7 @@ int enable_drhd_fault_handling(unsigned int cpu) /* * Enable fault control interrupt. */ + guard(rwsem_read)(&dmar_global_lock); for_each_iommu(iommu, drhd) { u32 fault_status; int ret; diff --git a/drivers/iommu/intel/iommu.c b/drivers/iommu/intel/iommu.c index cc46098f875b..9a1e61b429ca 100644 --- a/drivers/iommu/intel/iommu.c +++ b/drivers/iommu/intel/iommu.c @@ -3146,7 +3146,14 @@ int __init intel_iommu_init(void) iommu_device_sysfs_add(&iommu->iommu, NULL, intel_iommu_groups, "%s", iommu->name); + /* + * The iommu device probe is protected by the iommu_probe_device_lock. + * Release the dmar_global_lock before entering the device probe path + * to avoid unnecessary lock order splat. + */ + up_read(&dmar_global_lock); iommu_device_register(&iommu->iommu, &intel_iommu_ops, NULL); + down_read(&dmar_global_lock); iommu_pmu_register(iommu); } -- 2.43.0

4 months, 3 weeks

5
6
0 0

[PATCH v3] ufs: core: bsg: Fix memory crash in case arpmb command failed

by Arthur Simchaev

In case the device doesn't support arpmb, the kernel get memory crash due to copy user data in bsg_transport_sg_io_fn level. So in case ufs_bsg_exec_advanced_rpmb_req returned error, do not set the job's reply_len. Memory crash backtrace: 3,1290,531166405,-;ufshcd 0000:00:12.5: ARPMB OP failed: error code -22 4,1308,531166555,-;Call Trace: 4,1309,531166559,-; <TASK> 4,1310,531166565,-; ? show_regs+0x6d/0x80 4,1311,531166575,-; ? die+0x37/0xa0 4,1312,531166583,-; ? do_trap+0xd4/0xf0 4,1313,531166593,-; ? do_error_trap+0x71/0xb0 4,1314,531166601,-; ? usercopy_abort+0x6c/0x80 4,1315,531166610,-; ? exc_invalid_op+0x52/0x80 4,1316,531166622,-; ? usercopy_abort+0x6c/0x80 4,1317,531166630,-; ? asm_exc_invalid_op+0x1b/0x20 4,1318,531166643,-; ? usercopy_abort+0x6c/0x80 4,1319,531166652,-; __check_heap_object+0xe3/0x120 4,1320,531166661,-; check_heap_object+0x185/0x1d0 4,1321,531166670,-; __check_object_size.part.0+0x72/0x150 4,1322,531166679,-; __check_object_size+0x23/0x30 4,1323,531166688,-; bsg_transport_sg_io_fn+0x314/0x3b0 Fixes: 6ff265fc5ef6 ("scsi: ufs: core: bsg: Add advanced RPMB support in ufs_bsg") Cc: stable(a)vger.kernel.org Reviewed-by: Bean Huo <beanhuo(a)micron.com> Signed-off-by: Arthur Simchaev <arthur.simchaev(a)sandisk.com> --- Changes in v3: - changing !rpmb into rpmb and by swapping the two sizeof() expressions --- Changes in v2: - Add Fixes tag - Elaborate commit log --- drivers/ufs/core/ufs_bsg.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/ufs/core/ufs_bsg.c b/drivers/ufs/core/ufs_bsg.c index 8d4ad0a3f2cf..252186124669 100644 --- a/drivers/ufs/core/ufs_bsg.c +++ b/drivers/ufs/core/ufs_bsg.c @@ -194,10 +194,12 @@ static int ufs_bsg_request(struct bsg_job *job) ufshcd_rpm_put_sync(hba); kfree(buff); bsg_reply->result = ret; - job->reply_len = !rpmb ? sizeof(struct ufs_bsg_reply) : sizeof(struct ufs_rpmb_reply); /* complete the job here only if no error */ - if (ret == 0) + if (ret == 0) { + job->reply_len = rpmb ? sizeof(struct ufs_rpmb_reply) : + sizeof(struct ufs_bsg_reply); bsg_job_done(job, ret, bsg_reply->reply_payload_rcv_len); + } return ret; } -- 2.34.1

4 months, 3 weeks

3
2
0 0

[PATCH v2] drm/i915/display: Add check for alloc_ordered_workqueue() and alloc_workqueue()

by Haoxiang Li

Add check for the return value of alloc_ordered_workqueue() and alloc_workqueue(). Furthermore, if some allocations fail, cleanup works are added to avoid potential memory leak problem. Fixes: 40053823baad ("drm/i915/display: move modeset probe/remove functions to intel_display_driver.c") Cc: stable(a)vger.kernel.org Signed-off-by: Haoxiang Li <haoxiang_li2024(a)163.com> --- Changes in v2: - Split the compound conditional statement into separate conditional statements to facilitate cleanup works. - Add cleanup works to destory work queues if allocations fail, and modify the later goto destination to do the full excercise. - modify the patch description. Thanks, Jani! --- .../drm/i915/display/intel_display_driver.c | 29 +++++++++++++++---- 1 file changed, 24 insertions(+), 5 deletions(-) diff --git a/drivers/gpu/drm/i915/display/intel_display_driver.c b/drivers/gpu/drm/i915/display/intel_display_driver.c index 50ec0c3c7588..0b9971a5626b 100644 --- a/drivers/gpu/drm/i915/display/intel_display_driver.c +++ b/drivers/gpu/drm/i915/display/intel_display_driver.c @@ -241,31 +241,44 @@ int intel_display_driver_probe_noirq(struct intel_display *display) intel_dmc_init(display); display->wq.modeset = alloc_ordered_workqueue("i915_modeset", 0); + if (!display->wq.modeset) { + ret = -ENOMEM; + goto cleanup_vga_client_pw_domain_dmc; + } + display->wq.flip = alloc_workqueue("i915_flip", WQ_HIGHPRI | WQ_UNBOUND, WQ_UNBOUND_MAX_ACTIVE); + if (!display->wq.flip) { + ret = -ENOMEM; + goto cleanup_wq_modeset; + } display->wq.cleanup = alloc_workqueue("i915_cleanup", WQ_HIGHPRI, 0); + if (!display->wq.cleanup) { + ret = -ENOMEM; + goto cleanup_wq_flip; + } intel_mode_config_init(display); ret = intel_cdclk_init(display); if (ret) - goto cleanup_vga_client_pw_domain_dmc; + goto cleanup_wq_cleanup; ret = intel_color_init(display); if (ret) - goto cleanup_vga_client_pw_domain_dmc; + goto cleanup_wq_cleanup; ret = intel_dbuf_init(i915); if (ret) - goto cleanup_vga_client_pw_domain_dmc; + goto cleanup_wq_cleanup; ret = intel_bw_init(i915); if (ret) - goto cleanup_vga_client_pw_domain_dmc; + goto cleanup_wq_cleanup; ret = intel_pmdemand_init(display); if (ret) - goto cleanup_vga_client_pw_domain_dmc; + goto cleanup_wq_cleanup; intel_init_quirks(display); @@ -273,6 +286,12 @@ int intel_display_driver_probe_noirq(struct intel_display *display) return 0; +cleanup_wq_cleanup: + destroy_workqueue(display->wq.cleanup); +cleanup_wq_flip: + destroy_workqueue(display->wq.flip); +cleanup_wq_modeset: + destroy_workqueue(display->wq.modeset); cleanup_vga_client_pw_domain_dmc: intel_dmc_fini(display); intel_power_domains_driver_remove(display); -- 2.25.1

4 months, 3 weeks

1
0
0 0

[PATCH net V3] net: stmmac: dwmac-loongson: Add fix_soc_reset() callback

by Qunqin Zhao

Loongson's DWMAC device may take nearly two seconds to complete DMA reset, however, the default waiting time for reset is 200 milliseconds. Therefore, the following error message may appear: [14.427169] dwmac-loongson-pci 0000:00:03.2: Failed to reset the dma Fixes: 803fc61df261 ("net: stmmac: dwmac-loongson: Add Loongson Multi-channels GMAC support") Cc: stable(a)vger.kernel.org Signed-off-by: Qunqin Zhao <zhaoqunqin(a)loongson.cn> Reviewed-by: Huacai Chen <chenhuacai(a)loongson.cn> --- v3: Added "Cc: stable(a)vger.kernel.org" tag. Added error message to commit message. v2: Added comments. Changed callback name to loongson_dwmac_fix_reset. .../net/ethernet/stmicro/stmmac/dwmac-loongson.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/drivers/net/ethernet/stmicro/stmmac/dwmac-loongson.c b/drivers/net/ethernet/stmicro/stmmac/dwmac-loongson.c index bfe6e2d631bd..f5acfb7d4ff6 100644 --- a/drivers/net/ethernet/stmicro/stmmac/dwmac-loongson.c +++ b/drivers/net/ethernet/stmicro/stmmac/dwmac-loongson.c @@ -516,6 +516,19 @@ static int loongson_dwmac_acpi_config(struct pci_dev *pdev, return 0; } +/* Loongson's DWMAC device may take nearly two seconds to complete DMA reset */ +static int loongson_dwmac_fix_reset(void *priv, void __iomem *ioaddr) +{ + u32 value = readl(ioaddr + DMA_BUS_MODE); + + value |= DMA_BUS_MODE_SFT_RESET; + writel(value, ioaddr + DMA_BUS_MODE); + + return readl_poll_timeout(ioaddr + DMA_BUS_MODE, value, + !(value & DMA_BUS_MODE_SFT_RESET), + 10000, 2000000); +} + static int loongson_dwmac_probe(struct pci_dev *pdev, const struct pci_device_id *id) { struct plat_stmmacenet_data *plat; @@ -566,6 +579,7 @@ static int loongson_dwmac_probe(struct pci_dev *pdev, const struct pci_device_id plat->bsp_priv = ld; plat->setup = loongson_dwmac_setup; + plat->fix_soc_reset = loongson_dwmac_fix_reset; ld->dev = &pdev->dev; ld->loongson_id = readl(res.addr + GMAC_VERSION) & 0xff; base-commit: a64dcfb451e254085a7daee5fe51bf22959d52d3 -- 2.43.0

4 months, 3 weeks

4
3
0 0

[PATCH RFT 4/5] phy: renesas: rcar-gen3-usb2: Assert PLL reset on PHY power off

by Claudiu

From: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> Assert PLL reset on PHY power off. This saves power. Fixes: f3b5a8d9b50d ("phy: rcar-gen3-usb2: Add R-Car Gen3 USB2 PHY driver") Cc: stable(a)vger.kernel.org Signed-off-by: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> --- drivers/phy/renesas/phy-rcar-gen3-usb2.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/drivers/phy/renesas/phy-rcar-gen3-usb2.c b/drivers/phy/renesas/phy-rcar-gen3-usb2.c index 5c0ceba09b67..087937407b0b 100644 --- a/drivers/phy/renesas/phy-rcar-gen3-usb2.c +++ b/drivers/phy/renesas/phy-rcar-gen3-usb2.c @@ -537,9 +537,16 @@ static int rcar_gen3_phy_usb2_power_off(struct phy *p) struct rcar_gen3_chan *channel = rphy->ch; int ret = 0; - scoped_guard(spinlock_irqsave, &channel->lock) + scoped_guard(spinlock_irqsave, &channel->lock) { rphy->powered = false; + if (rcar_gen3_are_all_rphys_power_off(channel)) { + u32 val = readl(channel->base + USB2_USBCTR); + val |= USB2_USBCTR_PLL_RST; + writel(val, channel->base + USB2_USBCTR); + } + } + if (channel->vbus) ret = regulator_disable(channel->vbus); -- 2.43.0

4 months, 3 weeks

2
1
0 0

[PATCH V5 2/4] x86/tdx: Route safe halt execution via tdx_safe_halt()

by Vishal Annapurve

Direct HLT instruction execution causes #VEs for TDX VMs which is routed to hypervisor via TDCALL. safe_halt() routines execute HLT in STI-shadow so IRQs need to remain disabled until the TDCALL to ensure that pending IRQs are correctly treated as wake events. So "sti;hlt" sequence needs to be replaced for TDX VMs with "TDCALL; *_irq_enable()" to keep interrupts disabled during TDCALL execution. Commit bfe6ed0c6727 ("x86/tdx: Add HLT support for TDX guests") prevented the idle routines from using "sti;hlt". But it missed the paravirt routine which can be reached like this as an example: acpi_safe_halt() => raw_safe_halt() => arch_safe_halt() => irq.safe_halt() => pv_native_safe_halt() Modify tdx_safe_halt() to implement the sequence "TDCALL; raw_local_irq_enable()" and invoke tdx_halt() from idle routine which just executes TDCALL without toggling interrupt state. Introduce dependency on CONFIG_PARAVIRT and override paravirt halt()/safe_halt() routines for TDX VMs. Cc: stable(a)vger.kernel.org Fixes: bfe6ed0c6727 ("x86/tdx: Add HLT support for TDX guests") Signed-off-by: Vishal Annapurve <vannapurve(a)google.com> --- arch/x86/Kconfig | 1 + arch/x86/coco/tdx/tdx.c | 22 +++++++++++++++++++++- arch/x86/include/asm/tdx.h | 2 +- arch/x86/kernel/process.c | 2 +- 4 files changed, 24 insertions(+), 3 deletions(-) diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 87198d957e2f..afcdbc9693dc 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -902,6 +902,7 @@ config INTEL_TDX_GUEST depends on X86_64 && CPU_SUP_INTEL depends on X86_X2APIC depends on EFI_STUB + depends on PARAVIRT select ARCH_HAS_CC_PLATFORM select X86_MEM_ENCRYPT select X86_MCE diff --git a/arch/x86/coco/tdx/tdx.c b/arch/x86/coco/tdx/tdx.c index 32809a06dab4..7ab427e85bd3 100644 --- a/arch/x86/coco/tdx/tdx.c +++ b/arch/x86/coco/tdx/tdx.c @@ -14,6 +14,7 @@ #include <asm/ia32.h> #include <asm/insn.h> #include <asm/insn-eval.h> +#include <asm/paravirt_types.h> #include <asm/pgtable.h> #include <asm/set_memory.h> #include <asm/traps.h> @@ -398,7 +399,7 @@ static int handle_halt(struct ve_info *ve) return ve_instr_len(ve); } -void __cpuidle tdx_safe_halt(void) +void __cpuidle tdx_halt(void) { const bool irq_disabled = false; @@ -409,6 +410,16 @@ void __cpuidle tdx_safe_halt(void) WARN_ONCE(1, "HLT instruction emulation failed\n"); } +static void __cpuidle tdx_safe_halt(void) +{ + tdx_halt(); + /* + * "__cpuidle" section doesn't support instrumentation, so stick + * with raw_* variant that avoids tracing hooks. + */ + raw_local_irq_enable(); +} + static int read_msr(struct pt_regs *regs, struct ve_info *ve) { struct tdx_module_args args = { @@ -1109,6 +1120,15 @@ void __init tdx_early_init(void) x86_platform.guest.enc_kexec_begin = tdx_kexec_begin; x86_platform.guest.enc_kexec_finish = tdx_kexec_finish; + /* + * "sti;hlt" execution in TDX guests will induce a #VE in the STI-shadow + * which will enable interrupts before HLT TDCALL inocation possibly + * resulting in missed wakeup events. Modify all possible HLT + * execution paths to use TDCALL for performance/reliability reasons. + */ + pv_ops.irq.safe_halt = tdx_safe_halt; + pv_ops.irq.halt = tdx_halt; + /* * TDX intercepts the RDMSR to read the X2APIC ID in the parallel * bringup low level code. That raises #VE which cannot be handled diff --git a/arch/x86/include/asm/tdx.h b/arch/x86/include/asm/tdx.h index b4b16dafd55e..393ee2dfaab1 100644 --- a/arch/x86/include/asm/tdx.h +++ b/arch/x86/include/asm/tdx.h @@ -58,7 +58,7 @@ void tdx_get_ve_info(struct ve_info *ve); bool tdx_handle_virt_exception(struct pt_regs *regs, struct ve_info *ve); -void tdx_safe_halt(void); +void tdx_halt(void); bool tdx_early_handle_ve(struct pt_regs *regs); diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c index 6da6769d7254..d11956a178df 100644 --- a/arch/x86/kernel/process.c +++ b/arch/x86/kernel/process.c @@ -934,7 +934,7 @@ void __init select_idle_routine(void) static_call_update(x86_idle, mwait_idle); } else if (cpu_feature_enabled(X86_FEATURE_TDX_GUEST)) { pr_info("using TDX aware idle routine\n"); - static_call_update(x86_idle, tdx_safe_halt); + static_call_update(x86_idle, tdx_halt); } else { static_call_update(x86_idle, default_idle); } -- 2.48.1.601.g30ceb7b040-goog

4 months, 3 weeks

2
2
0 0

[PATCH v3 1/5] ftrace: Fix accounting of adding subops to a manager ops

by Steven Rostedt

From: Steven Rostedt <rostedt(a)goodmis.org> Function graph uses a subops and manager ops mechanism to attach to ftrace. The manager ops connects to ftrace and the functions it connects to is defined by a list of subops that it manages. The function hash that defines what the above ops attaches to limits the functions to attach if the hash has any content. If the hash is empty, it means to trace all functions. The creation of the manager ops hash is done by iterating over all the subops hashes. If any of the subops hashes is empty, it means that the manager ops hash must trace all functions as well. The issue is in the creation of the manager ops. When a second subops is attached, a new hash is created by starting it as NULL and adding the subops one at a time. But the NULL ops is mistaken as an empty hash, and once an empty hash is found, it stops the loop of subops and just enables all functions. # echo "f:myevent1 kernel_clone" >> /sys/kernel/tracing/dynamic_events # cat /sys/kernel/tracing/enabled_functions kernel_clone (1) tramp: 0xffffffffc0309000 (ftrace_graph_func+0x0/0x60) ->ftrace_graph_func+0x0/0x60 # echo "f:myevent2 schedule_timeout" >> /sys/kernel/tracing/dynamic_events # cat /sys/kernel/tracing/enabled_functions trace_initcall_start_cb (1) tramp: 0xffffffffc0309000 (ftrace_graph_func+0x0/0x60) ->ftrace_graph_func+0x0/0x60 run_init_process (1) tramp: 0xffffffffc0309000 (ftrace_graph_func+0x0/0x60) ->ftrace_graph_func+0x0/0x60 try_to_run_init_process (1) tramp: 0xffffffffc0309000 (ftrace_graph_func+0x0/0x60) ->ftrace_graph_func+0x0/0x60 x86_pmu_show_pmu_cap (1) tramp: 0xffffffffc0309000 (ftrace_graph_func+0x0/0x60) ->ftrace_graph_func+0x0/0x60 cleanup_rapl_pmus (1) tramp: 0xffffffffc0309000 (ftrace_graph_func+0x0/0x60) ->ftrace_graph_func+0x0/0x60 uncore_free_pcibus_map (1) tramp: 0xffffffffc0309000 (ftrace_graph_func+0x0/0x60) ->ftrace_graph_func+0x0/0x60 uncore_types_exit (1) tramp: 0xffffffffc0309000 (ftrace_graph_func+0x0/0x60) ->ftrace_graph_func+0x0/0x60 uncore_pci_exit.part.0 (1) tramp: 0xffffffffc0309000 (ftrace_graph_func+0x0/0x60) ->ftrace_graph_func+0x0/0x60 kvm_shutdown (1) tramp: 0xffffffffc0309000 (ftrace_graph_func+0x0/0x60) ->ftrace_graph_func+0x0/0x60 vmx_dump_msrs (1) tramp: 0xffffffffc0309000 (ftrace_graph_func+0x0/0x60) ->ftrace_graph_func+0x0/0x60 vmx_cleanup_l1d_flush (1) tramp: 0xffffffffc0309000 (ftrace_graph_func+0x0/0x60) ->ftrace_graph_func+0x0/0x60 [..] Fix this by initializing the new hash to NULL and if the hash is NULL do not treat it as an empty hash but instead allocate by copying the content of the first sub ops. Then on subsequent iterations, the new hash will not be NULL, but the content of the previous subops. If that first subops attached to all functions, then new hash may assume that the manager ops also needs to attach to all functions. Cc: stable(a)vger.kernel.org Fixes: 5fccc7552ccbc ("ftrace: Add subops logic to allow one ops to manage many") Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- Changes since v2: https://lore.kernel.org/20250219220510.888959028@goodmis.org - Have append_hashes() return EMPTY_HASH and not NULL if the resulting new hash is empty. kernel/trace/ftrace.c | 33 ++++++++++++++++++++++----------- 1 file changed, 22 insertions(+), 11 deletions(-) diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c index 728ecda6e8d4..bec54dc27204 100644 --- a/kernel/trace/ftrace.c +++ b/kernel/trace/ftrace.c @@ -3220,15 +3220,22 @@ static struct ftrace_hash *copy_hash(struct ftrace_hash *src) * The filter_hash updates uses just the append_hash() function * and the notrace_hash does not. */ -static int append_hash(struct ftrace_hash **hash, struct ftrace_hash *new_hash) +static int append_hash(struct ftrace_hash **hash, struct ftrace_hash *new_hash, + int size_bits) { struct ftrace_func_entry *entry; int size; int i; - /* An empty hash does everything */ - if (ftrace_hash_empty(*hash)) - return 0; + if (*hash) { + /* An empty hash does everything */ + if (ftrace_hash_empty(*hash)) + return 0; + } else { + *hash = alloc_ftrace_hash(size_bits); + if (!*hash) + return -ENOMEM; + } /* If new_hash has everything make hash have everything */ if (ftrace_hash_empty(new_hash)) { @@ -3292,16 +3299,18 @@ static int intersect_hash(struct ftrace_hash **hash, struct ftrace_hash *new_has /* Return a new hash that has a union of all @ops->filter_hash entries */ static struct ftrace_hash *append_hashes(struct ftrace_ops *ops) { - struct ftrace_hash *new_hash; + struct ftrace_hash *new_hash = NULL; struct ftrace_ops *subops; + int size_bits; int ret; - new_hash = alloc_ftrace_hash(ops->func_hash->filter_hash->size_bits); - if (!new_hash) - return NULL; + if (ops->func_hash->filter_hash) + size_bits = ops->func_hash->filter_hash->size_bits; + else + size_bits = FTRACE_HASH_DEFAULT_BITS; list_for_each_entry(subops, &ops->subop_list, list) { - ret = append_hash(&new_hash, subops->func_hash->filter_hash); + ret = append_hash(&new_hash, subops->func_hash->filter_hash, size_bits); if (ret < 0) { free_ftrace_hash(new_hash); return NULL; @@ -3310,7 +3319,8 @@ static struct ftrace_hash *append_hashes(struct ftrace_ops *ops) if (ftrace_hash_empty(new_hash)) break; } - return new_hash; + /* Can't return NULL as that means this failed */ + return new_hash ? : EMPTY_HASH; } /* Make @ops trace evenything except what all its subops do not trace */ @@ -3505,7 +3515,8 @@ int ftrace_startup_subops(struct ftrace_ops *ops, struct ftrace_ops *subops, int filter_hash = alloc_and_copy_ftrace_hash(size_bits, ops->func_hash->filter_hash); if (!filter_hash) return -ENOMEM; - ret = append_hash(&filter_hash, subops->func_hash->filter_hash); + ret = append_hash(&filter_hash, subops->func_hash->filter_hash, + size_bits); if (ret < 0) { free_ftrace_hash(filter_hash); return ret; -- 2.47.2

4 months, 3 weeks

2
1
0 0

[PATCH v2 1/2] asm-generic/vmlinux.lds: Move .data.rel.ro input into .rodata segment

by Ard Biesheuvel

From: Ard Biesheuvel <ardb(a)kernel.org> When using -fPIE codegen, the compiler will emit const global objects (which are useless unless statically initialized) into .data.rel.ro rather than .rodata if the object contains fields that carry absolute addresses of other code or data objects. This permits the linker to annotate such regions as requiring read-write access only at load time, but not at execution time (in user space). This distinction does not matter for the kernel, but it does imply that const data will end up in writable memory if the .data.rel.ro sections are not treated in a special way. So emit .data.rel.ro into the .rodata segment. Cc: <stable(a)vger.kernel.org> Signed-off-by: Ard Biesheuvel <ardb(a)kernel.org> --- include/asm-generic/vmlinux.lds.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h index 02a4adb4a999..0d5b186abee8 100644 --- a/include/asm-generic/vmlinux.lds.h +++ b/include/asm-generic/vmlinux.lds.h @@ -457,7 +457,7 @@ defined(CONFIG_AUTOFDO_CLANG) || defined(CONFIG_PROPELLER_CLANG) . = ALIGN((align)); \ .rodata : AT(ADDR(.rodata) - LOAD_OFFSET) { \ __start_rodata = .; \ - *(.rodata) *(.rodata.*) \ + *(.rodata) *(.rodata.*) *(.data.rel.ro*) \ SCHED_DATA \ RO_AFTER_INIT_DATA /* Read only after init */ \ . = ALIGN(8); \ -- 2.48.1.601.g30ceb7b040-goog

4 months, 3 weeks

3
2
0 0

[PATCH] firmware: cs_dsp: test_control_parse: null-terminate test strings

by Thomas Weißschuh

The char pointers in 'struct cs_dsp_mock_coeff_def' are expected to point to C strings. They need to be terminated by a null byte. However the code does not allocate that trailing null byte and only works if by chance the allocation is followed by such a null byte. Refactor the repeated string allocation logic into a new helper which makes sure the terminating null is always present. It also makes the code more readable. Signed-off-by: Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> Fixes: 83baecd92e7c ("firmware: cs_dsp: Add KUnit testing of control parsing") Cc: stable(a)vger.kernel.org --- .../cirrus/test/cs_dsp_test_control_parse.c | 51 ++++++++-------------- 1 file changed, 19 insertions(+), 32 deletions(-) diff --git a/drivers/firmware/cirrus/test/cs_dsp_test_control_parse.c b/drivers/firmware/cirrus/test/cs_dsp_test_control_parse.c index cb90964740ea351113dac274f0366de7cedfd3d1..942ba1af5e7c1e47e8a2fbe548a7993b94f96515 100644 --- a/drivers/firmware/cirrus/test/cs_dsp_test_control_parse.c +++ b/drivers/firmware/cirrus/test/cs_dsp_test_control_parse.c @@ -73,6 +73,18 @@ static const struct cs_dsp_mock_coeff_def mock_coeff_template = { .length_bytes = 4, }; +static char *cs_dsp_ctl_alloc_test_string(struct kunit *test, char c, size_t len) +{ + char *str; + + str = kunit_kmalloc(test, len + 1, GFP_KERNEL); + KUNIT_ASSERT_NOT_ERR_OR_NULL(test, str); + memset(str, c, len); + str[len] = '\0'; + + return str; +} + /* Algorithm info block without controls should load */ static void cs_dsp_ctl_parse_no_coeffs(struct kunit *test) { @@ -160,12 +172,8 @@ static void cs_dsp_ctl_parse_max_v1_name(struct kunit *test) struct cs_dsp_mock_coeff_def def = mock_coeff_template; struct cs_dsp_coeff_ctl *ctl; struct firmware *wmfw; - char *name; - name = kunit_kzalloc(test, 256, GFP_KERNEL); - KUNIT_ASSERT_NOT_ERR_OR_NULL(test, name); - memset(name, 'A', 255); - def.fullname = name; + def.fullname = cs_dsp_ctl_alloc_test_string(test, 'A', 255); cs_dsp_mock_wmfw_start_alg_info_block(local->wmfw_builder, cs_dsp_ctl_parse_test_algs[0].id, @@ -252,14 +260,9 @@ static void cs_dsp_ctl_parse_max_short_name(struct kunit *test) struct cs_dsp_test_local *local = priv->local; struct cs_dsp_mock_coeff_def def = mock_coeff_template; struct cs_dsp_coeff_ctl *ctl; - char *name; struct firmware *wmfw; - name = kunit_kmalloc(test, 255, GFP_KERNEL); - KUNIT_ASSERT_NOT_ERR_OR_NULL(test, name); - memset(name, 'A', 255); - - def.shortname = name; + def.shortname = cs_dsp_ctl_alloc_test_string(test, 'A', 255); cs_dsp_mock_wmfw_start_alg_info_block(local->wmfw_builder, cs_dsp_ctl_parse_test_algs[0].id, @@ -273,7 +276,7 @@ static void cs_dsp_ctl_parse_max_short_name(struct kunit *test) ctl = list_first_entry_or_null(&priv->dsp->ctl_list, struct cs_dsp_coeff_ctl, list); KUNIT_ASSERT_NOT_NULL(test, ctl); KUNIT_EXPECT_EQ(test, ctl->subname_len, 255); - KUNIT_EXPECT_MEMEQ(test, ctl->subname, name, ctl->subname_len); + KUNIT_EXPECT_MEMEQ(test, ctl->subname, def.shortname, ctl->subname_len); KUNIT_EXPECT_EQ(test, ctl->flags, def.flags); KUNIT_EXPECT_EQ(test, ctl->type, def.type); KUNIT_EXPECT_EQ(test, ctl->len, def.length_bytes); @@ -323,12 +326,8 @@ static void cs_dsp_ctl_parse_with_max_fullname(struct kunit *test) struct cs_dsp_mock_coeff_def def = mock_coeff_template; struct cs_dsp_coeff_ctl *ctl; struct firmware *wmfw; - char *fullname; - fullname = kunit_kmalloc(test, 255, GFP_KERNEL); - KUNIT_ASSERT_NOT_ERR_OR_NULL(test, fullname); - memset(fullname, 'A', 255); - def.fullname = fullname; + def.fullname = cs_dsp_ctl_alloc_test_string(test, 'A', 255); cs_dsp_mock_wmfw_start_alg_info_block(local->wmfw_builder, cs_dsp_ctl_parse_test_algs[0].id, @@ -392,12 +391,8 @@ static void cs_dsp_ctl_parse_with_max_description(struct kunit *test) struct cs_dsp_mock_coeff_def def = mock_coeff_template; struct cs_dsp_coeff_ctl *ctl; struct firmware *wmfw; - char *description; - description = kunit_kmalloc(test, 65535, GFP_KERNEL); - KUNIT_ASSERT_NOT_ERR_OR_NULL(test, description); - memset(description, 'A', 65535); - def.description = description; + def.description = cs_dsp_ctl_alloc_test_string(test, 'A', 65535); cs_dsp_mock_wmfw_start_alg_info_block(local->wmfw_builder, cs_dsp_ctl_parse_test_algs[0].id, @@ -429,17 +424,9 @@ static void cs_dsp_ctl_parse_with_max_fullname_and_description(struct kunit *tes struct cs_dsp_mock_coeff_def def = mock_coeff_template; struct cs_dsp_coeff_ctl *ctl; struct firmware *wmfw; - char *fullname, *description; - - fullname = kunit_kmalloc(test, 255, GFP_KERNEL); - KUNIT_ASSERT_NOT_ERR_OR_NULL(test, fullname); - memset(fullname, 'A', 255); - def.fullname = fullname; - description = kunit_kmalloc(test, 65535, GFP_KERNEL); - KUNIT_ASSERT_NOT_ERR_OR_NULL(test, description); - memset(description, 'A', 65535); - def.description = description; + def.fullname = cs_dsp_ctl_alloc_test_string(test, 'A', 255); + def.description = cs_dsp_ctl_alloc_test_string(test, 'A', 65535); cs_dsp_mock_wmfw_start_alg_info_block(local->wmfw_builder, cs_dsp_ctl_parse_test_algs[0].id, --- base-commit: 2014c95afecee3e76ca4a56956a936e23283f05b change-id: 20250211-cs_dsp-kunit-strings-f43e27078ed2 Best regards, -- Thomas Weißschuh <thomas.weissschuh(a)linutronix.de>

4 months, 3 weeks

3
5
0 0

[net PATCH] net: phy: qcom: qca807x fix condition for DAC_DSP_BIAS_CURRENT

by Christian Marangi

From: George Moussalem <george.moussalem(a)outlook.com> While setting the DAC value, the wrong boolean value is evaluated to set the DSP bias current. So let's correct the conditional statement and use the right boolean value read from the DTS set in the priv. Cc: stable(a)vger.kernel.org Fixes: d1cb613efbd3 ("net: phy: qcom: add support for QCA807x PHY Family") Signed-off-by: George Moussalem <george.moussalem(a)outlook.com> Signed-off-by: Christian Marangi <ansuelsmth(a)gmail.com> --- drivers/net/phy/qcom/qca807x.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/phy/qcom/qca807x.c b/drivers/net/phy/qcom/qca807x.c index 3279de857b47..2ad8c2586d64 100644 --- a/drivers/net/phy/qcom/qca807x.c +++ b/drivers/net/phy/qcom/qca807x.c @@ -774,7 +774,7 @@ static int qca807x_config_init(struct phy_device *phydev) control_dac &= ~QCA807X_CONTROL_DAC_MASK; if (!priv->dac_full_amplitude) control_dac |= QCA807X_CONTROL_DAC_DSP_AMPLITUDE; - if (!priv->dac_full_amplitude) + if (!priv->dac_full_bias_current) control_dac |= QCA807X_CONTROL_DAC_DSP_BIAS_CURRENT; if (!priv->dac_disable_bias_current_tweak) control_dac |= QCA807X_CONTROL_DAC_BIAS_CURRENT_TWEAK; -- 2.47.1

4 months, 3 weeks

3
2
0 0

[PATCH v3 4/5] fprobe: Fix accounting of when to unregister from function graph

by Steven Rostedt

From: Steven Rostedt <rostedt(a)goodmis.org> When adding a new fprobe, it will update the function hash to the functions the fprobe is attached to and register with function graph to have it call the registered functions. The fprobe_graph_active variable keeps track of the number of fprobes that are using function graph. If two fprobes attach to the same function, it increments the fprobe_graph_active for each of them. But when they are removed, the first fprobe to be removed will see that the function it is attached to is also used by another fprobe and it will not remove that function from function_graph. The logic will skip decrementing the fprobe_graph_active variable. This causes the fprobe_graph_active variable to not go to zero when all fprobes are removed, and in doing so it does not unregister from function graph. As the fgraph ops hash will now be empty, and an empty filter hash means all functions are enabled, this triggers function graph to add a callback to the fprobe infrastructure for every function! # echo "f:myevent1 kernel_clone" >> /sys/kernel/tracing/dynamic_events # echo "f:myevent2 kernel_clone%return" >> /sys/kernel/tracing/dynamic_events # cat /sys/kernel/tracing/enabled_functions kernel_clone (1) tramp: 0xffffffffc0024000 (ftrace_graph_func+0x0/0x60) ->ftrace_graph_func+0x0/0x60 # > /sys/kernel/tracing/dynamic_events # cat /sys/kernel/tracing/enabled_functions trace_initcall_start_cb (1) tramp: 0xffffffffc0026000 (function_trace_call+0x0/0x170) ->function_trace_call+0x0/0x170 run_init_process (1) tramp: 0xffffffffc0026000 (function_trace_call+0x0/0x170) ->function_trace_call+0x0/0x170 try_to_run_init_process (1) tramp: 0xffffffffc0026000 (function_trace_call+0x0/0x170) ->function_trace_call+0x0/0x170 x86_pmu_show_pmu_cap (1) tramp: 0xffffffffc0026000 (function_trace_call+0x0/0x170) ->function_trace_call+0x0/0x170 cleanup_rapl_pmus (1) tramp: 0xffffffffc0026000 (function_trace_call+0x0/0x170) ->function_trace_call+0x0/0x170 uncore_free_pcibus_map (1) tramp: 0xffffffffc0026000 (function_trace_call+0x0/0x170) ->function_trace_call+0x0/0x170 uncore_types_exit (1) tramp: 0xffffffffc0026000 (function_trace_call+0x0/0x170) ->function_trace_call+0x0/0x170 uncore_pci_exit.part.0 (1) tramp: 0xffffffffc0026000 (function_trace_call+0x0/0x170) ->function_trace_call+0x0/0x170 kvm_shutdown (1) tramp: 0xffffffffc0026000 (function_trace_call+0x0/0x170) ->function_trace_call+0x0/0x170 vmx_dump_msrs (1) tramp: 0xffffffffc0026000 (function_trace_call+0x0/0x170) ->function_trace_call+0x0/0x170 [..] # cat /sys/kernel/tracing/enabled_functions | wc -l 54702 If a fprobe is being removed and all its functions are also traced by other fprobes, still decrement the fprobe_graph_active counter. Cc: stable(a)vger.kernel.org Fixes: 4346ba1604093 ("fprobe: Rewrite fprobe on function-graph tracer") Closes: https://lore.kernel.org/all/20250217114918.10397-A-hca@linux.ibm.com/ Reported-by: Heiko Carstens <hca(a)linux.ibm.com> Tested-by: Heiko Carstens <hca(a)linux.ibm.com> Acked-by: Masami Hiramatsu (Google) <mhiramat(a)kernel.org> Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- kernel/trace/fprobe.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/kernel/trace/fprobe.c b/kernel/trace/fprobe.c index 62e8f7d56602..33082c4e8154 100644 --- a/kernel/trace/fprobe.c +++ b/kernel/trace/fprobe.c @@ -407,7 +407,8 @@ static void fprobe_graph_remove_ips(unsigned long *addrs, int num) if (!fprobe_graph_active) unregister_ftrace_graph(&fprobe_graph_ops); - ftrace_set_filter_ips(&fprobe_graph_ops.ops, addrs, num, 1, 0); + if (num) + ftrace_set_filter_ips(&fprobe_graph_ops.ops, addrs, num, 1, 0); } static int symbols_cmp(const void *a, const void *b) @@ -677,8 +678,7 @@ int unregister_fprobe(struct fprobe *fp) } del_fprobe_hash(fp); - if (count) - fprobe_graph_remove_ips(addrs, count); + fprobe_graph_remove_ips(addrs, count); kfree_rcu(hlist_array, rcu); fp->hlist_array = NULL; -- 2.47.2

4 months, 3 weeks

1
0
0 0

[PATCH v3 3/5] fprobe: Always unregister fgraph function from ops

by Steven Rostedt

From: Steven Rostedt <rostedt(a)goodmis.org> When the last fprobe is removed, it calls unregister_ftrace_graph() to remove the graph_ops from function graph. The issue is when it does so, it calls return before removing the function from its graph ops via ftrace_set_filter_ips(). This leaves the last function lingering in the fprobe's fgraph ops and if a probe is added it also enables that last function (even though the callback will just drop it, it does add unneeded overhead to make that call). # echo "f:myevent1 kernel_clone" >> /sys/kernel/tracing/dynamic_events # cat /sys/kernel/tracing/enabled_functions kernel_clone (1) tramp: 0xffffffffc02f3000 (ftrace_graph_func+0x0/0x60) ->ftrace_graph_func+0x0/0x60 # echo "f:myevent2 schedule_timeout" >> /sys/kernel/tracing/dynamic_events # cat /sys/kernel/tracing/enabled_functions kernel_clone (1) tramp: 0xffffffffc02f3000 (ftrace_graph_func+0x0/0x60) ->ftrace_graph_func+0x0/0x60 schedule_timeout (1) tramp: 0xffffffffc02f3000 (ftrace_graph_func+0x0/0x60) ->ftrace_graph_func+0x0/0x60 # > /sys/kernel/tracing/dynamic_events # cat /sys/kernel/tracing/enabled_functions # echo "f:myevent3 kmem_cache_free" >> /sys/kernel/tracing/dynamic_events # cat /sys/kernel/tracing/enabled_functions kmem_cache_free (1) tramp: 0xffffffffc0219000 (ftrace_graph_func+0x0/0x60) ->ftrace_graph_func+0x0/0x60 schedule_timeout (1) tramp: 0xffffffffc0219000 (ftrace_graph_func+0x0/0x60) ->ftrace_graph_func+0x0/0x60 The above enabled a fprobe on kernel_clone, and then on schedule_timeout. The content of the enabled_functions shows the functions that have a callback attached to them. The fprobe attached to those functions properly. Then the fprobes were cleared, and enabled_functions was empty after that. But after adding a fprobe on kmem_cache_free, the enabled_functions shows that the schedule_timeout was attached again. This is because it was still left in the fprobe ops that is used to tell function graph what functions it wants callbacks from. Cc: stable(a)vger.kernel.org Fixes: 4346ba1604093 ("fprobe: Rewrite fprobe on function-graph tracer") Tested-by: Heiko Carstens <hca(a)linux.ibm.com> Acked-by: Masami Hiramatsu (Google) <mhiramat(a)kernel.org> Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- kernel/trace/fprobe.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/kernel/trace/fprobe.c b/kernel/trace/fprobe.c index 2560b312ad57..62e8f7d56602 100644 --- a/kernel/trace/fprobe.c +++ b/kernel/trace/fprobe.c @@ -403,11 +403,9 @@ static void fprobe_graph_remove_ips(unsigned long *addrs, int num) lockdep_assert_held(&fprobe_mutex); fprobe_graph_active--; - if (!fprobe_graph_active) { - /* Q: should we unregister it ? */ + /* Q: should we unregister it ? */ + if (!fprobe_graph_active) unregister_ftrace_graph(&fprobe_graph_ops); - return; - } ftrace_set_filter_ips(&fprobe_graph_ops.ops, addrs, num, 1, 0); } -- 2.47.2

4 months, 3 weeks

1
0
0 0

[PATCH v3 2/5] ftrace: Do not add duplicate entries in subops manager ops

by Steven Rostedt

From: Steven Rostedt <rostedt(a)goodmis.org> Check if a function is already in the manager ops of a subops. A manager ops contains multiple subops, and if two or more subops are tracing the same function, the manager ops only needs a single entry in its hash. Cc: stable(a)vger.kernel.org Fixes: 4f554e955614f ("ftrace: Add ftrace_set_filter_ips function") Tested-by: Heiko Carstens <hca(a)linux.ibm.com> Reviewed-by: Masami Hiramatsu (Google) <mhiramat(a)kernel.org> Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- kernel/trace/ftrace.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c index bec54dc27204..6b0c25761ccb 100644 --- a/kernel/trace/ftrace.c +++ b/kernel/trace/ftrace.c @@ -5718,6 +5718,9 @@ __ftrace_match_addr(struct ftrace_hash *hash, unsigned long ip, int remove) return -ENOENT; free_hash_entry(hash, entry); return 0; + } else if (__ftrace_lookup_ip(hash, ip) != NULL) { + /* Already exists */ + return 0; } entry = add_hash_entry(hash, ip); -- 2.47.2

4 months, 3 weeks

1
0
0 0

[PATCH v2 1/5] ftrace: Fix accounting of adding subops to a manager ops

by Steven Rostedt

From: Steven Rostedt <rostedt(a)goodmis.org> Function graph uses a subops and manager ops mechanism to attach to ftrace. The manager ops connects to ftrace and the functions it connects to is defined by a list of subops that it manages. The function hash that defines what the above ops attaches to limits the functions to attach if the hash has any content. If the hash is empty, it means to trace all functions. The creation of the manager ops hash is done by iterating over all the subops hashes. If any of the subops hashes is empty, it means that the manager ops hash must trace all functions as well. The issue is in the creation of the manager ops. When a second subops is attached, a new hash is created by starting it as NULL and adding the subops one at a time. But the NULL ops is mistaken as an empty hash, and once an empty hash is found, it stops the loop of subops and just enables all functions. # echo "f:myevent1 kernel_clone" >> /sys/kernel/tracing/dynamic_events # cat /sys/kernel/tracing/enabled_functions kernel_clone (1) tramp: 0xffffffffc0309000 (ftrace_graph_func+0x0/0x60) ->ftrace_graph_func+0x0/0x60 # echo "f:myevent2 schedule_timeout" >> /sys/kernel/tracing/dynamic_events # cat /sys/kernel/tracing/enabled_functions trace_initcall_start_cb (1) tramp: 0xffffffffc0309000 (ftrace_graph_func+0x0/0x60) ->ftrace_graph_func+0x0/0x60 run_init_process (1) tramp: 0xffffffffc0309000 (ftrace_graph_func+0x0/0x60) ->ftrace_graph_func+0x0/0x60 try_to_run_init_process (1) tramp: 0xffffffffc0309000 (ftrace_graph_func+0x0/0x60) ->ftrace_graph_func+0x0/0x60 x86_pmu_show_pmu_cap (1) tramp: 0xffffffffc0309000 (ftrace_graph_func+0x0/0x60) ->ftrace_graph_func+0x0/0x60 cleanup_rapl_pmus (1) tramp: 0xffffffffc0309000 (ftrace_graph_func+0x0/0x60) ->ftrace_graph_func+0x0/0x60 uncore_free_pcibus_map (1) tramp: 0xffffffffc0309000 (ftrace_graph_func+0x0/0x60) ->ftrace_graph_func+0x0/0x60 uncore_types_exit (1) tramp: 0xffffffffc0309000 (ftrace_graph_func+0x0/0x60) ->ftrace_graph_func+0x0/0x60 uncore_pci_exit.part.0 (1) tramp: 0xffffffffc0309000 (ftrace_graph_func+0x0/0x60) ->ftrace_graph_func+0x0/0x60 kvm_shutdown (1) tramp: 0xffffffffc0309000 (ftrace_graph_func+0x0/0x60) ->ftrace_graph_func+0x0/0x60 vmx_dump_msrs (1) tramp: 0xffffffffc0309000 (ftrace_graph_func+0x0/0x60) ->ftrace_graph_func+0x0/0x60 vmx_cleanup_l1d_flush (1) tramp: 0xffffffffc0309000 (ftrace_graph_func+0x0/0x60) ->ftrace_graph_func+0x0/0x60 [..] Fix this by initializing the new hash to NULL and if the hash is NULL do not treat it as an empty hash but instead allocate by copying the content of the first sub ops. Then on subsequent iterations, the new hash will not be NULL, but the content of the previous subops. If that first subops attached to all functions, then new hash may assume that the manager ops also needs to attach to all functions. Cc: stable(a)vger.kernel.org Fixes: 5fccc7552ccbc ("ftrace: Add subops logic to allow one ops to manage many") Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- kernel/trace/ftrace.c | 30 ++++++++++++++++++++---------- 1 file changed, 20 insertions(+), 10 deletions(-) diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c index 728ecda6e8d4..03b35a05808c 100644 --- a/kernel/trace/ftrace.c +++ b/kernel/trace/ftrace.c @@ -3220,15 +3220,22 @@ static struct ftrace_hash *copy_hash(struct ftrace_hash *src) * The filter_hash updates uses just the append_hash() function * and the notrace_hash does not. */ -static int append_hash(struct ftrace_hash **hash, struct ftrace_hash *new_hash) +static int append_hash(struct ftrace_hash **hash, struct ftrace_hash *new_hash, + int size_bits) { struct ftrace_func_entry *entry; int size; int i; - /* An empty hash does everything */ - if (ftrace_hash_empty(*hash)) - return 0; + if (*hash) { + /* An empty hash does everything */ + if (ftrace_hash_empty(*hash)) + return 0; + } else { + *hash = alloc_ftrace_hash(size_bits); + if (!*hash) + return -ENOMEM; + } /* If new_hash has everything make hash have everything */ if (ftrace_hash_empty(new_hash)) { @@ -3292,16 +3299,18 @@ static int intersect_hash(struct ftrace_hash **hash, struct ftrace_hash *new_has /* Return a new hash that has a union of all @ops->filter_hash entries */ static struct ftrace_hash *append_hashes(struct ftrace_ops *ops) { - struct ftrace_hash *new_hash; + struct ftrace_hash *new_hash = NULL; struct ftrace_ops *subops; + int size_bits; int ret; - new_hash = alloc_ftrace_hash(ops->func_hash->filter_hash->size_bits); - if (!new_hash) - return NULL; + if (ops->func_hash->filter_hash) + size_bits = ops->func_hash->filter_hash->size_bits; + else + size_bits = FTRACE_HASH_DEFAULT_BITS; list_for_each_entry(subops, &ops->subop_list, list) { - ret = append_hash(&new_hash, subops->func_hash->filter_hash); + ret = append_hash(&new_hash, subops->func_hash->filter_hash, size_bits); if (ret < 0) { free_ftrace_hash(new_hash); return NULL; @@ -3505,7 +3514,8 @@ int ftrace_startup_subops(struct ftrace_ops *ops, struct ftrace_ops *subops, int filter_hash = alloc_and_copy_ftrace_hash(size_bits, ops->func_hash->filter_hash); if (!filter_hash) return -ENOMEM; - ret = append_hash(&filter_hash, subops->func_hash->filter_hash); + ret = append_hash(&filter_hash, subops->func_hash->filter_hash, + size_bits); if (ret < 0) { free_ftrace_hash(filter_hash); return ret; -- 2.47.2

4 months, 3 weeks

2
2
0 0

[PATCH v5 0/4] Venus driver fixes to avoid possible OOB accesses

by Vikash Garodia

This series primarily adds check at relevant places in venus driver where there are possible OOB accesses due to unexpected payload from venus firmware. The patches describes the specific OOB possibility. Please review and share your feedback. Validated on sc7180(v4), rb5(v6) and db410c(v1). Changes in v5 - Add few checks as per comments from Hans - Link to v4: https://lore.kernel.org/r/20250207-venus_oob_2-v4-0-522da0b68b22@quicinc.com Changes in v4: - fix an uninitialize variable(media ci) - Link to v3: https://lore.kernel.org/r/20250128-venus_oob_2-v3-0-0144ecee68d8@quicinc.com Changes in v3: - update the packet parsing logic in hfi_parser. The utility parsing api now returns the size of data parsed, accordingly the parser adjust the remaining bytes, taking care of OOB scenario as well (Bryan) - Link to v2: https://lore.kernel.org/r/20241128-venus_oob_2-v2-0-483ae0a464b8@quicinc.com Changes in v2: - init_codec to always update with latest payload from firmware (Dmitry/Bryan) - Rewrite the logic of packet parsing to consider payload size for different packet type (Bryan) - Consider reading sfr data till available space (Dmitry) - Add reviewed-by tags - Link to v1: https://lore.kernel.org/all/20241105-venus_oob-v1-0-8d4feedfe2bb@quicinc.co… Signed-off-by: Vikash Garodia <quic_vgarodia(a)quicinc.com> --- Vikash Garodia (4): media: venus: hfi_parser: add check to avoid out of bound access media: venus: hfi_parser: refactor hfi packet parsing logic media: venus: hfi: add check to handle incorrect queue size media: venus: hfi: add a check to handle OOB in sfr region drivers/media/platform/qcom/venus/hfi_parser.c | 100 ++++++++++++++++++------- drivers/media/platform/qcom/venus/hfi_venus.c | 18 ++++- 2 files changed, 90 insertions(+), 28 deletions(-) --- base-commit: c7ccf3683ac9746b263b0502255f5ce47f64fe0a change-id: 20241115-venus_oob_2-21708239176a Best regards, -- Vikash Garodia <quic_vgarodia(a)quicinc.com>

4 months, 3 weeks

1
4
0 0

[PATCH] KVM: arm64: Ensure a VMID is allocated before programming VTTBR_EL2

by Oliver Upton

Vladimir reports that a race condition to attach a VMID to a stage-2 MMU sometimes results in a vCPU entering the guest with a VMID of 0: | CPU1 | CPU2 | | | | kvm_arch_vcpu_ioctl_run | | vcpu_load <= load VTTBR_EL2 | | kvm_vmid->id = 0 | | | kvm_arch_vcpu_ioctl_run | | vcpu_load <= load VTTBR_EL2 | | with kvm_vmid->id = 0| | kvm_arm_vmid_update <= allocates fresh | | kvm_vmid->id and | | reload VTTBR_EL2 | | | | | kvm_arm_vmid_update <= observes that kvm_vmid->id | | already allocated, | | skips reload VTTBR_EL2 Oh yeah, it's as bad as it looks. Remember that VHE loads the stage-2 MMU eagerly but a VMID only gets attached to the MMU later on in the KVM_RUN loop. Even in the "best case" where VTTBR_EL2 correctly gets reprogrammed before entering the EL1&0 regime, there is a period of time where hardware is configured with VMID 0. That's completely insane. So, rather than decorating the 'late' binding with another hack, just allocate the damn thing up front. Attaching a VMID from vcpu_load() is still rollover safe since (surprise!) it'll always get called after a vCPU was preempted. Excuse me while I go find a brown paper bag. Cc: stable(a)vger.kernel.org Fixes: 934bf871f011 ("KVM: arm64: Load the stage-2 MMU context in kvm_vcpu_load_vhe()") Reported-by: Vladimir Murzin <vladimir.murzin(a)arm.com> Signed-off-by: Oliver Upton <oliver.upton(a)linux.dev> --- arch/arm64/include/asm/kvm_host.h | 2 +- arch/arm64/kvm/arm.c | 22 ++++++++++------------ arch/arm64/kvm/vmid.c | 11 +++-------- 3 files changed, 14 insertions(+), 21 deletions(-) diff --git a/arch/arm64/include/asm/kvm_host.h b/arch/arm64/include/asm/kvm_host.h index 7cfa024de4e3..e6e8b8970caa 100644 --- a/arch/arm64/include/asm/kvm_host.h +++ b/arch/arm64/include/asm/kvm_host.h @@ -1271,7 +1271,7 @@ int kvm_arm_pvtime_has_attr(struct kvm_vcpu *vcpu, extern unsigned int __ro_after_init kvm_arm_vmid_bits; int __init kvm_arm_vmid_alloc_init(void); void __init kvm_arm_vmid_alloc_free(void); -bool kvm_arm_vmid_update(struct kvm_vmid *kvm_vmid); +void kvm_arm_vmid_update(struct kvm_vmid *kvm_vmid); void kvm_arm_vmid_clear_active(void); static inline void kvm_arm_pvtime_vcpu_init(struct kvm_vcpu_arch *vcpu_arch) diff --git a/arch/arm64/kvm/arm.c b/arch/arm64/kvm/arm.c index 646e806c6ca6..fafe42755031 100644 --- a/arch/arm64/kvm/arm.c +++ b/arch/arm64/kvm/arm.c @@ -559,6 +559,16 @@ void kvm_arch_vcpu_load(struct kvm_vcpu *vcpu, int cpu) mmu = vcpu->arch.hw_mmu; last_ran = this_cpu_ptr(mmu->last_vcpu_ran); + /* + * Ensure a VMID is allocated for the MMU before programming VTTBR_EL2, + * which happens eagerly in VHE. + * + * Also, the VMID allocator only preserves VMIDs that are active at the + * time of rollover, so KVM might need to grab a new VMID for the MMU if + * this is called from kvm_sched_in(). + */ + kvm_arm_vmid_update(&mmu->vmid); + /* * We guarantee that both TLBs and I-cache are private to each * vcpu. If detecting that a vcpu from the same VM has @@ -1138,18 +1148,6 @@ int kvm_arch_vcpu_ioctl_run(struct kvm_vcpu *vcpu) */ preempt_disable(); - /* - * The VMID allocator only tracks active VMIDs per - * physical CPU, and therefore the VMID allocated may not be - * preserved on VMID roll-over if the task was preempted, - * making a thread's VMID inactive. So we need to call - * kvm_arm_vmid_update() in non-premptible context. - */ - if (kvm_arm_vmid_update(&vcpu->arch.hw_mmu->vmid) && - has_vhe()) - __load_stage2(vcpu->arch.hw_mmu, - vcpu->arch.hw_mmu->arch); - kvm_pmu_flush_hwstate(vcpu); local_irq_disable(); diff --git a/arch/arm64/kvm/vmid.c b/arch/arm64/kvm/vmid.c index 806223b7022a..7fe8ba1a2851 100644 --- a/arch/arm64/kvm/vmid.c +++ b/arch/arm64/kvm/vmid.c @@ -135,11 +135,10 @@ void kvm_arm_vmid_clear_active(void) atomic64_set(this_cpu_ptr(&active_vmids), VMID_ACTIVE_INVALID); } -bool kvm_arm_vmid_update(struct kvm_vmid *kvm_vmid) +void kvm_arm_vmid_update(struct kvm_vmid *kvm_vmid) { unsigned long flags; u64 vmid, old_active_vmid; - bool updated = false; vmid = atomic64_read(&kvm_vmid->id); @@ -157,21 +156,17 @@ bool kvm_arm_vmid_update(struct kvm_vmid *kvm_vmid) if (old_active_vmid != 0 && vmid_gen_match(vmid) && 0 != atomic64_cmpxchg_relaxed(this_cpu_ptr(&active_vmids), old_active_vmid, vmid)) - return false; + return; raw_spin_lock_irqsave(&cpu_vmid_lock, flags); /* Check that our VMID belongs to the current generation. */ vmid = atomic64_read(&kvm_vmid->id); - if (!vmid_gen_match(vmid)) { + if (!vmid_gen_match(vmid)) vmid = new_vmid(kvm_vmid); - updated = true; - } atomic64_set(this_cpu_ptr(&active_vmids), vmid); raw_spin_unlock_irqrestore(&cpu_vmid_lock, flags); - - return updated; } /* base-commit: 2014c95afecee3e76ca4a56956a936e23283f05b -- 2.39.5

4 months, 3 weeks

2
1
0 0

[PATCH] PCI: endpoint: Fix a double free in __pci_epc_create()

by Ma Ke

The put_device(&epc->dev) call will trigger pci_epc_release() which frees "epc" so the kfree(epc) on the next line is a double free. Found by code review. Cc: stable(a)vger.kernel.org Fixes: 5e8cb4033807 ("PCI: endpoint: Add EP core layer to enable EP controller and EP functions") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- drivers/pci/endpoint/pci-epc-core.c | 1 - 1 file changed, 1 deletion(-) diff --git a/drivers/pci/endpoint/pci-epc-core.c b/drivers/pci/endpoint/pci-epc-core.c index 46c9a5c3ca14..652350f054cf 100644 --- a/drivers/pci/endpoint/pci-epc-core.c +++ b/drivers/pci/endpoint/pci-epc-core.c @@ -818,7 +818,6 @@ __pci_epc_create(struct device *dev, const struct pci_epc_ops *ops, put_dev: put_device(&epc->dev); - kfree(epc); err_ret: return ERR_PTR(ret); -- 2.25.1

4 months, 3 weeks

2
2
0 0

[PATCH 6.1 000/578] 6.1.129-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.1.129 release. There are 578 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 21 Feb 2025 08:25:11 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.129-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.1.129-rc1 David Woodhouse <dwmw(a)amazon.co.uk> x86/i8253: Disable PIT timer 0 when not in use Hersen Wu <hersenxs.wu(a)amd.com> drm/amd/display: Add NULL pointer check for kzalloc Chao Yu <chao(a)kernel.org> f2fs: fix to wait dio completion Romain Naour <romain.naour(a)skf.com> ARM: dts: dra7: Add bus_dma_limit for l4 cfg bus Hangbin Liu <liuhangbin(a)gmail.com> selftests: rtnetlink: update netdevsim ipsec output format Hangbin Liu <liuhangbin(a)gmail.com> netdevsim: print human readable IP address Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: fix netdev_priv() dereference before check on non-DSA netdevice events Jiaqing Zhao <jiaqing.zhao(a)linux.intel.com> parport_pc: add support for ASIX AX99100 Jiaqing Zhao <jiaqing.zhao(a)linux.intel.com> serial: 8250_pci: add support for ASIX AX99100 Jiaqing Zhao <jiaqing.zhao(a)linux.intel.com> can: ems_pci: move ASIX AX99100 ids to pci_ids.h Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: protect access to buffers with no active references Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: do not force clear folio if buffer is referenced Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: do not output warnings when clearing dirty buffers Kaixin Wang <kxwang23(a)m.fudan.edu.cn> i3c: master: cdns: Fix use after free vulnerability in cdns_i3c_master Driver Due to Race Condition Ivan Kokshaysky <ink(a)unseen.parts> alpha: replace hardcoded stack offsets with autogenerated ones Zhaoyang Huang <zhaoyang.huang(a)unisoc.com> mm: gup: fix infinite loop within __get_longterm_locked Sumit Gupta <sumitg(a)nvidia.com> arm64: tegra: Fix typo in Tegra234 dce-fabric compatible Lu Baolu <baolu.lu(a)linux.intel.com> iommu: Return right value in iommu_sva_bind_device() Andrew Cooper <andrew.cooper3(a)citrix.com> x86/static-call: Remove early_boot_irqs_disabled check to fix Xen PVH dom0 John Ogness <john.ogness(a)linutronix.de> kdb: Do not assume write() callback available Christian Gmeiner <cgmeiner(a)igalia.com> drm/v3d: Stop active perfmon if it is being destroyed Devarsh Thakkar <devarsht(a)ti.com> drm/tidss: Clear the interrupt status for interrupts being disabled Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> drm/tidss: Fix issue in irq handling causing irq-flood issue Eric Dumazet <edumazet(a)google.com> ipv6: mcast: add RCU protection to mld_newpack() Eric Dumazet <edumazet(a)google.com> ndisc: extend RCU protection in ndisc_send_skb() Eric Dumazet <edumazet(a)google.com> openvswitch: use RCU protection in ovs_vport_cmd_fill_info() Eric Dumazet <edumazet(a)google.com> arp: use RCU protection in arp_xmit() Eric Dumazet <edumazet(a)google.com> neighbour: use RCU protection in __neigh_notify() Li Zetao <lizetao1(a)huawei.com> neighbour: delete redundant judgment statements Eric Dumazet <edumazet(a)google.com> ndisc: use RCU protection in ndisc_alloc_skb() Eric Dumazet <edumazet(a)google.com> ipv6: use RCU protection in ip6_default_advmss() Eric Dumazet <edumazet(a)google.com> flow_dissector: use RCU protection to fetch dev_net() Eric Dumazet <edumazet(a)google.com> ipv4: icmp: convert to dev_net_rcu() Eric Dumazet <edumazet(a)google.com> ipv4: use RCU protection in __ip_rt_update_pmtu() Vladimir Vdovin <deliran(a)verdict.gg> net: ipv4: Cache pmtu for all packet paths if multipath enabled Eric Dumazet <edumazet(a)google.com> ipv4: use RCU protection in inet_select_addr() Eric Dumazet <edumazet(a)google.com> ipv4: use RCU protection in rt_is_expired() Eric Dumazet <edumazet(a)google.com> ipv4: use RCU protection in ipv4_default_advmss() Eric Dumazet <edumazet(a)google.com> net: add dev_net_rcu() helper Jiri Pirko <jiri(a)nvidia.com> net: treat possible_net_t net pointer as an RCU one and add read_pnet_rcu() Eric Dumazet <edumazet(a)google.com> ipv4: add RCU protection to ip4_dst_hoplimit() Waiman Long <longman(a)redhat.com> clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context Waiman Long <longman(a)redhat.com> clocksource: Use pr_info() for "Checking clocksource synchronization" message Filipe Manana <fdmanana(a)suse.com> btrfs: fix hole expansion when writing at an offset beyond EOF Wentao Liang <vulab(a)iscas.ac.cn> mlxsw: Add return value check for mlxsw_sp_port_get_stats_raw() Andy-ld Lu <andy-ld.lu(a)mediatek.com> mmc: mtk-sd: Fix register settings for hs400(es) mode Nathan Chancellor <nathan(a)kernel.org> arm64: Handle .ARM.attributes section in linker scripts Jiasheng Jiang <jiashengjiangcool(a)gmail.com> regmap-irq: Add missing kfree() Jann Horn <jannh(a)google.com> partitions: mac: fix handling of bogus partition table Wentao Liang <vulab(a)iscas.ac.cn> gpio: stmpe: Check return value of stmpe_reg_read in stmpe_gpio_irq_sync_unlock Mario Limonciello <mario.limonciello(a)amd.com> gpiolib: acpi: Add a quirk for Acer Nitro ANV14 Ivan Kokshaysky <ink(a)unseen.parts> alpha: align stack for page fault and user unaligned trap handlers John Keeping <jkeeping(a)inmusicbrands.com> serial: 8250: Fix fifo underflow on flush Shakeel Butt <shakeel.butt(a)linux.dev> cgroup: fix race between fork and cgroup.kill Ard Biesheuvel <ardb(a)kernel.org> efi: Avoid cold plugged memory for placing the kernel Ivan Kokshaysky <ink(a)unseen.parts> alpha: make stack 16-byte aligned (most cases) Alexander Hölzl <alexander.hoelzl(a)gmx.net> can: j1939: j1939_sk_send_loop(): fix unable to send messages with data length zero Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> can: c_can: fix unbalanced runtime PM disable in error path Fedor Pchelkin <pchelkin(a)ispras.ru> can: ctucanfd: handle skb allocation failure Johan Hovold <johan(a)kernel.org> USB: serial: option: drop MeiG Smart defines Fabio Porcedda <fabio.porcedda(a)gmail.com> USB: serial: option: fix Telit Cinterion FN990A name Fabio Porcedda <fabio.porcedda(a)gmail.com> USB: serial: option: add Telit Cinterion FN990B compositions Chester A. Unal <chester.a.unal(a)arinc9.com> USB: serial: option: add MeiG Smart SLM828 Jann Horn <jannh(a)google.com> usb: cdc-acm: Fix handling of oversized fragments Jann Horn <jannh(a)google.com> usb: cdc-acm: Check control transfer buffer size before access Marek Vasut <marek.vasut+renesas(a)mailbox.org> USB: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk Alan Stern <stern(a)rowland.harvard.edu> USB: hub: Ignore non-compliant devices with too many configs or interfaces John Keeping <jkeeping(a)inmusicbrands.com> usb: gadget: f_midi: fix MIDI Streaming descriptor lengths Mathias Nyman <mathias.nyman(a)linux.intel.com> USB: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone Lei Huang <huanglei(a)kylinos.cn> USB: quirks: add USB_QUIRK_NO_LPM quirk for Teclast dist Stefan Eichenberger <stefan.eichenberger(a)toradex.com> usb: core: fix pipe creation for get_bMaxPacketSize0 Huacai Chen <chenhuacai(a)kernel.org> USB: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI Fabrice Gasnier <fabrice.gasnier(a)foss.st.com> usb: dwc2: gadget: remove of_node reference upon udc_stop Guo Ren <guoren(a)kernel.org> usb: gadget: udc: renesas_usb3: Fix compiler warning Elson Roy Serrao <quic_eserrao(a)quicinc.com> usb: roles: set switch registered flag early on Selvarasu Ganesan <selvarasu.g(a)samsung.com> usb: dwc3: Fix timeout issue during controller enter/exit from halt state Sean Christopherson <seanjc(a)google.com> perf/x86/intel: Ensure LBRs are disabled when a CPU is starting Sean Christopherson <seanjc(a)google.com> KVM: nSVM: Enter guest mode before initializing nested NPT MMU Sean Christopherson <seanjc(a)google.com> KVM: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC isn't in-kernel Jiang Liu <gerry(a)linux.alibaba.com> drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() Sven Eckelmann <sven(a)narfation.org> batman-adv: Drop unmanaged ELP metric worker Sven Eckelmann <sven(a)narfation.org> batman-adv: Ignore neighbor throughput metrics in error case Andy Strohman <andrew(a)andrewstrohman.com> batman-adv: fix panic during interface removal Hans de Goede <hdegoede(a)redhat.com> ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet 5V Mike Marshall <hubcap(a)omnibond.com> orangefs: fix a oob in orangefs_debug_write Rik van Riel <riel(a)fb.com> x86/mm/tlb: Only trim the mm_cpumask once a second Koichiro Den <koichiro.den(a)canonical.com> selftests: gpio: gpio-sim: Fix missing chip disablements Maksym Planeta <maksym(a)exostellar.io> Grab mm lock before grabbing pt lock Ramesh Thomas <ramesh.thomas(a)intel.com> vfio/pci: Enable iowrite64 and ioread64 for vfio pci Tomas Glozar <tglozar(a)redhat.com> rtla/timerlat_top: Abort event processing on second signal Tomas Glozar <tglozar(a)redhat.com> rtla/timerlat_hist: Abort event processing on second signal Guixin Liu <kanie(a)linux.alibaba.com> scsi: ufs: bsg: Set bsg_queue to NULL after removal Rakesh Babu Saladi <Saladi.Rakeshbabu(a)microchip.com> PCI: switchtec: Add Microchip PCI100X device IDs Takashi Iwai <tiwai(a)suse.de> PCI/DPC: Quirk PIO log size for Intel Raptor Lake-P Edward Adam Davis <eadavis(a)qq.com> media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread Arnd Bergmann <arnd(a)arndb.de> media: cxd2841er: fix 64-bit division on gcc-9 Aaro Koskinen <aaro.koskinen(a)iki.fi> fbdev: omap: use threaded IRQ for LCD DMA Michael Margolin <mrgolin(a)amazon.com> RDMA/efa: Reset device on probe failure Juergen Gross <jgross(a)suse.com> x86/xen: allow larger contiguous memory regions in PV guests Petr Tesarik <petr.tesarik.ext(a)huawei.com> xen: remove a confusing comment on auto-translated guest I/O Juergen Gross <jgross(a)suse.com> xen/swiotlb: relax alignment requirements Artur Weber <aweber.kernel(a)gmail.com> gpio: bcm-kona: Add missing newline to dev_err format string Artur Weber <aweber.kernel(a)gmail.com> gpio: bcm-kona: Make sure GPIO bits are unlocked when requesting IRQ Artur Weber <aweber.kernel(a)gmail.com> gpio: bcm-kona: Fix GPIO lock/unlock for banks above bank 0 Krzysztof Karas <krzysztof.karas(a)intel.com> drm/i915/selftests: avoid using uninitialized context Muhammad Adeel <Muhammad.Adeel(a)ibm.com> cgroup: Remove steal time from usage_usec Radu Rendec <rrendec(a)redhat.com> arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array Eric Dumazet <edumazet(a)google.com> team: better TEAM_OPTION_TYPE_STRING validation Eric Dumazet <edumazet(a)google.com> vxlan: check vxlan_vnigroup_init() return value Eric Dumazet <edumazet(a)google.com> vrf: use RCU protection in l3mdev_l3_out() Eric Dumazet <edumazet(a)google.com> ndisc: ndisc_send_redirect() must use dev_get_by_index_rcu() Murad Masimov <m.masimov(a)mt-integration.ru> ax25: Fix refcount leak caused by setting SO_BINDTODEVICE sockopt Tulio Fernandes <tuliomf09(a)gmail.com> HID: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints() Charles Han <hanchunchao(a)inspur.com> HID: multitouch: Add NULL check in mt_input_configured Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> pinctrl: cy8c95x0: Respect IRQ trigger settings from firmware Dai Ngo <dai.ngo(a)oracle.com> NFSD: fix hang in nfsd4_shutdown_callback Li Lingfeng <lilingfeng3(a)huawei.com> nfsd: clear acl_access/acl_default after releasing them Filipe Manana <fdmanana(a)suse.com> btrfs: avoid monopolizing a core when activating a swap file Koichiro Den <koichiro.den(a)canonical.com> Revert "btrfs: avoid monopolizing a core when activating a swap file" Calvin Owens <calvin(a)wbinvd.org> pps: Fix a use-after-free Wei Yang <richard.weiyang(a)gmail.com> maple_tree: simplify split calculation Liam R. Howlett <Liam.Howlett(a)oracle.com> maple_tree: fix static analyser cppcheck issue Sean Anderson <sean.anderson(a)linux.dev> tty: xilinx_uartps: split sysrq handling Paolo Abeni <pabeni(a)redhat.com> mptcp: prevent excessive coalescing on receive Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: only set fullmesh for subflow endp Zizhi Wo <wozizhi(a)huawei.com> cachefiles: Fix NULL pointer dereference in object->file Su Yue <glass.su(a)suse.com> ocfs2: check dir i_size in ocfs2_find_entry Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> gpio: xilinx: remove excess kernel doc Paul Fertser <fercerpav(a)gmail.com> net/ncsi: use dev_set_mac_address() for Get MC MAC Address handling WangYuli <wangyuli(a)uniontech.com> MIPS: ftrace: Declare ftrace_get_parent_ra_addr() as static Pavel Begunkov <asml.silence(a)gmail.com> io_uring/rw: commit provided buffer state on async Pavel Begunkov <asml.silence(a)gmail.com> io_uring: fix io_req_prep_async with provided buffers Pavel Begunkov <asml.silence(a)gmail.com> io_uring: fix multishots with selected buffers Michal Simek <michal.simek(a)amd.com> rtc: zynqmp: Fix optional clock name property Thomas Weißschuh <linux(a)weissschuh.net> ptp: Ensure info->enable callback is always set Javier Carrasco <javier.carrasco.cruz(a)gmail.com> pinctrl: samsung: fix fwnode refcount cleanup if platform_get_irq_optional() fails Tomas Glozar <tglozar(a)redhat.com> rtla/timerlat_top: Stop timerlat tracer on signal Tomas Glozar <tglozar(a)redhat.com> rtla/timerlat_hist: Stop timerlat tracer on signal Tomas Glozar <tglozar(a)redhat.com> rtla: Add trace_instance_stop Tomas Glozar <tglozar(a)redhat.com> rtla/osnoise: Distinguish missing workload option Milos Reljin <milos_reljin(a)outlook.com> net: phy: c45-tjaxx: add delay between MDIO write and read in soft_reset Paul Fertser <fercerpav(a)gmail.com> net/ncsi: wait for the last response to Deselect Package before configuring channel Ekansh Gupta <quic_ekangupt(a)quicinc.com> misc: fastrpc: Fix copy buffer page size Ekansh Gupta <quic_ekangupt(a)quicinc.com> misc: fastrpc: Fix registered buffer page address Anandu Krishnan E <quic_anane(a)quicinc.com> misc: fastrpc: Deregister device nodes properly in error scenarios Ivan Stepchenko <sid(a)itb.spb.ru> mtd: onenand: Fix uninitialized retlen in do_otp_read() Nick Chan <towinchenmi(a)gmail.com> irqchip/apple-aic: Only handle PMC interrupt as FIQ when configured so Frank Li <Frank.Li(a)nxp.com> i3c: master: Fix missing 'ret' assignment in set_speed() Dan Carpenter <dan.carpenter(a)linaro.org> NFC: nci: Add bounds checking in nci_hci_create_pipe() Pekka Pessi <ppessi(a)nvidia.com> mailbox: tegra-hsp: Clear mailbox before using message Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> nilfs2: fix possible int overflows in nilfs_fiemap() Matthew Wilcox (Oracle) <willy(a)infradead.org> ocfs2: handle a symlink read error correctly Heming Zhao <heming.zhao(a)suse.com> ocfs2: fix incorrect CPU endianness conversion causing mount failure Mike Snitzer <snitzer(a)kernel.org> pnfs/flexfiles: retry getting layout segment for reads Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: connect: -f: no reconnect Alex Williamson <alex.williamson(a)redhat.com> vfio/platform: check the bounds of read/write syscalls Jens Axboe <axboe(a)kernel.dk> io_uring/net: don't retry connect operation on EPOLLERR Jennifer Berringer <jberring(a)redhat.com> nvmem: core: improve range check for nvmem_cell_write() Luca Weiss <luca.weiss(a)fairphone.com> nvmem: qcom-spmi-sdam: Set size in struct nvmem_config Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> crypto: qce - unregister previously registered algos in error path Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> crypto: qce - fix goto jump in error path Niklas Cassel <cassel(a)kernel.org> ata: libata-sff: Ensure that we cannot write outside the allocated buffer Catalin Marinas <catalin.marinas(a)arm.com> mm: kmemleak: fix upper boundary check for physical address objects Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Remove redundant NULL assignment Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Fix event flags in uvc_ctrl_send_events Mehdi Djait <mehdi.djait(a)linux.intel.com> media: ccs: Fix cleanup order in ccs_probe() Sakari Ailus <sakari.ailus(a)linux.intel.com> media: ccs: Fix CCS static data parsing for large block sizes Sam Bobrowicz <sam(a)elite-embedded.com> media: ov5640: fix get_light_freq on auto Cosmin Tanislav <demonsingur(a)gmail.com> media: mc: fix endpoint iteration Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> soc: qcom: smem_state: fix missing of_node_put in error path Javier Carrasco <javier.carrasco.cruz(a)gmail.com> iio: light: as73211: fix channel handling in only-color triggered buffer Sakari Ailus <sakari.ailus(a)linux.intel.com> media: ccs: Clean up parsed CCS static data on parse failure Marco Elver <elver(a)google.com> kfence: skip __GFP_THISNODE allocations on NUMA systems Gabriele Monaco <gmonaco(a)redhat.com> rv: Reset per-task monitors also for idle tasks Aubrey Li <aubrey.li(a)linux.intel.com> ACPI: PRM: Remove unnecessary strict handler address checks Wentao Liang <vulab(a)iscas.ac.cn> xfs: Add error handling for xfs_reflink_cancel_cow_range Sumit Gupta <sumitg(a)nvidia.com> arm64: tegra: Disable Tegra234 sce-fabric node Eric Biggers <ebiggers(a)google.com> crypto: qce - fix priority to be less than ARMv8 CE Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8450: Fix MPSS memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8350: Fix MPSS memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm6350: Fix MPSS memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm6350: Fix ADSP memory length Nathan Chancellor <nathan(a)kernel.org> x86/boot: Use '-std=gnu11' to fix build with GCC 15 Nathan Chancellor <nathan(a)kernel.org> kbuild: Move -Wenum-enum-conversion to W=2 Long Li <longli(a)microsoft.com> scsi: storvsc: Set correct data length for sending SCSI command without payload Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Move FCE Trace buffer allocation to user control Georg Gottleuber <ggo(a)tuxedocomputers.com> nvme-pci: Add TUXEDO IBP Gen9 to Samsung sleep quirk Georg Gottleuber <ggo(a)tuxedocomputers.com> nvme-pci: Add TUXEDO InfinityFlex to Samsung sleep quirk Zijun Hu <quic_zijuhu(a)quicinc.com> PCI: endpoint: Finish virtual EP removal in pci_epf_remove_vepf() Brad Griffis <bgriffis(a)nvidia.com> arm64: tegra: Fix Tegra234 PCIe interrupt-map Kuan-Wei Chiu <visitorckw(a)gmail.com> ALSA: hda: Fix headset detection failure due to unstable sort Edson Juliano Drosdeck <edson.drosdeck(a)gmail.com> ALSA: hda/realtek: Enable headset mic on Positivo C6400 Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> Revert "media: uvcvideo: Require entities to have a non-zero unique ID" Jens Axboe <axboe(a)kernel.dk> block: don't revert iter for -EIOCBQUEUED Mateusz Jończyk <mat.jonczyk(a)o2.pl> mips/math-emu: fix emulation of the prefx instruction Hou Tao <houtao1(a)huawei.com> dm-crypt: track tag_offset in convert_context Hou Tao <houtao1(a)huawei.com> dm-crypt: don't update io->sector after kcryptd_crypt_write_io_submit() Narayana Murty N <nnmlinux(a)linux.ibm.com> powerpc/pseries/eeh: Fix get PE state translation Kexy Biscuit <kexybiscuit(a)aosc.io> MIPS: Loongson64: remove ROM Size unit in boardinfo Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> serial: sh-sci: Do not probe the serial port if its slot in sci_ports[] is in use Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> serial: sh-sci: Drop __initdata macro for port_cfg Stephan Gerhold <stephan.gerhold(a)linaro.org> soc: qcom: socinfo: Avoid out of bounds read of serial number Mario Limonciello <mario.limonciello(a)amd.com> ASoC: acp: Support microphone from Lenovo Go S Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: gadget: f_tcm: Don't prepare BOT write request twice Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: gadget: f_tcm: ep_autoconfig with fullspeed endpoint Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: gadget: f_tcm: Decrement command ref count on cleanup Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: gadget: f_tcm: Translate error to sense Marcel Hamer <marcel.hamer(a)windriver.com> wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize() Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtlwifi: rtl8821ae: Fix media status report Heiko Stuebner <heiko(a)sntech.de> HID: hid-sensor-hub: don't use stale platform-data on remove Zijun Hu <quic_zijuhu(a)quicinc.com> of: reserved-memory: Fix using wrong number of cells to get property 'alignment' Zijun Hu <quic_zijuhu(a)quicinc.com> of: Fix of_find_node_opts_by_path() handling of alias+path+options Zijun Hu <quic_zijuhu(a)quicinc.com> of: Correct child specifier used as input of the 2nd nexus node Bao D. Nguyen <quic_nguyenb(a)quicinc.com> scsi: ufs: core: Fix the HIGH/LOW_TEMP Bit Definitions Kuan-Wei Chiu <visitorckw(a)gmail.com> perf bench: Fix undefined behavior in cmpworker() Nathan Chancellor <nathan(a)kernel.org> efi: libstub: Use '-std=gnu11' to fix build with GCC 15 Zijun Hu <quic_zijuhu(a)quicinc.com> blk-cgroup: Fix class @block_class's subsystem refcount leakage Anastasia Belova <abelova(a)astralinux.ru> clk: qcom: clk-rpmh: prevent integer overflow in recalc_rate Satya Priya Kakitapalli <quic_skakitap(a)quicinc.com> clk: qcom: gcc-mdm9607: Fix cmd_rcgr offset for blsp1_uart6 rcg Luca Weiss <luca.weiss(a)fairphone.com> clk: qcom: dispcc-sm6350: Add missing parent_map for a clock Luca Weiss <luca.weiss(a)fairphone.com> clk: qcom: gcc-sm6350: Add missing parent_map for two clocks Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: clk-alpha-pll: fix alpha mode configuration Cody Eksal <masterr3c0rd(a)epochal.quest> clk: sunxi-ng: a100: enable MMC clock reparenting Fedor Pchelkin <pchelkin(a)ispras.ru> Bluetooth: L2CAP: accept zero as a special value for MTU auto-selection Fedor Pchelkin <pchelkin(a)ispras.ru> Bluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Drop 64bpp YUV formats from ICL+ SDR planes Haoxiang Li <haoxiang_li2024(a)163.com> drm/komeda: Add check for komeda_get_layer_fourcc_list() Daniele Ceraolo Spurio <daniele.ceraolospurio(a)intel.com> drm/i915/guc: Debug print LRC state entries only if the context is pinned Tom Chung <chiahsuan.chung(a)amd.com> Revert "drm/amd/display: Use HW lock mgr for PSR1" Lijo Lazar <lijo.lazar(a)amd.com> drm/amd/pm: Mark MM activity as unsupported Dan Carpenter <dan.carpenter(a)linaro.org> ksmbd: fix integer overflows on 32 bit systems David Hildenbrand <david(a)redhat.com> KVM: s390: vsie: fix some corner-cases when grabbing vsie pages Sean Christopherson <seanjc(a)google.com> KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() Jakob Unterwurzacher <jakobunt(a)gmail.com> arm64: dts: rockchip: increase gmac rx_delay on rk3399-puma Thomas Zimmermann <tzimmermann(a)suse.de> drm/rockchip: cdn-dp: Use drm_connector_helper_hpd_irq_event() Dan Carpenter <dan.carpenter(a)linaro.org> binfmt_flat: Fix integer overflow bug on 32 bit systems Nam Cao <namcao(a)linutronix.de> fs/proc: do_task_stat: Fix ESP not readable during coredump Thomas Zimmermann <tzimmermann(a)suse.de> m68k: vga: Fix I/O defines Heiko Carstens <hca(a)linux.ibm.com> s390/futex: Fix FUTEX_OP_ANDN implementation Meetakshi Setiya <msetiya(a)microsoft.com> smb: client: change lease epoch type from unsigned int to __u16 Maarten Lankhorst <dev(a)lankhorst.se> drm/modeset: Handle tiled displays in pan_display_atomic. Sebastian Wiese-Wagner <seb(a)fastmail.to> ALSA: hda/realtek: Enable Mute LED on HP Laptop 14s-fq1xxx Alexander Sverdlin <alexander.sverdlin(a)siemens.com> leds: lp8860: Write full EEPROM, not only half of it Viresh Kumar <viresh.kumar(a)linaro.org> cpufreq: s3c64xx: Fix compilation warning Ido Schimmel <idosch(a)nvidia.com> net: sched: Fix truncation of offloaded action statistics Willem de Bruijn <willemb(a)google.com> tun: revert fix group permission check Cong Wang <cong.wang(a)bytedance.com> netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> ACPI: property: Fix return value for nval == 0 in acpi_data_prop_read() Juergen Gross <jgross(a)suse.com> x86/xen: add FRAME_END to xen_hypercall_hvm() Juergen Gross <jgross(a)suse.com> x86/xen: fix xen_hypercall_hvm() to not clobber %rbx Eric Dumazet <edumazet(a)google.com> net: rose: lock the socket in rose_bind() Jacob Moroni <mail(a)jakemoroni.com> net: atlantic: fix warning during hot unplug Mark Tomlinson <mark.tomlinson(a)alliedtelesis.co.nz> gpio: pca953x: Improve interrupt support Yan Zhai <yan(a)cloudflare.com> udp: gso: do not drop small packets when PMTU reduces Lenny Szubowicz <lszubowi(a)redhat.com> tg3: Disable tg3 PCIe AER on system reboot Hans Verkuil <hverkuil(a)xs4all.nl> gpu: drm_dp_cec: fix broken CEC adapter properties check Prasad Pandit <pjp(a)fedoraproject.org> firmware: iscsi_ibft: fix ISCSI_IBFT Kconfig entry Daniel Wagner <wagi(a)kernel.org> nvme: handle connectivity loss in nvme_set_queue_count Darrick J. Wong <djwong(a)kernel.org> xfs: don't over-report free space or inodes in statvfs Darrick J. Wong <djwong(a)kernel.org> xfs: report realtime block quota limits on realtime directories Sean Anderson <sean.anderson(a)linux.dev> gpio: xilinx: Convert gpio_lock to raw spinlock Linus Walleij <linus.walleij(a)linaro.org> gpio: xilinx: Convert to immutable irq_chip Paul Fertser <fercerpav(a)gmail.com> net/ncsi: fix locking in Get MAC Address handling Peter Delevoryas <peter(a)pjd.dev> net/ncsi: Add NC-SI 1.2 Get MC MAC Address command Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> usb: chipidea: ci_hdrc_imx: decrement device's refcount in .remove() and in the error path of .probe() Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> usb: chipidea/ci_hdrc_imx: Convert to platform remove callback returning void Paolo Bonzini <pbonzini(a)redhat.com> KVM: e500: always restore irqs Sean Christopherson <seanjc(a)google.com> KVM: PPC: e500: Use __kvm_faultin_pfn() to handle page faults Sean Christopherson <seanjc(a)google.com> KVM: PPC: e500: Mark "struct page" pfn accessed before dropping mmu_lock Sean Christopherson <seanjc(a)google.com> KVM: PPC: e500: Mark "struct page" dirty in kvmppc_e500_shadow_map() Armin Wolf <W_Armin(a)gmx.de> platform/x86: acer-wmi: Ignore AC events Illia Ostapyshyn <illia(a)yshyn.com> Input: allocate keycode for phone linking Yu-Chun Lin <eleanor15x(a)gmail.com> ASoC: amd: Add ACPI dependency to fix build error Kuninori Morimoto <kuninori.morimoto.gx(a)renesas.com> ASoC: soc-pcm: don't use soc_pcm_ret() on .prepare callback Hans de Goede <hdegoede(a)redhat.com> platform/x86: int3472: Check for adev == NULL Robin Murphy <robin.murphy(a)arm.com> iommu/arm-smmu-v3: Clean up more on probe failure David Woodhouse <dwmw(a)amazon.co.uk> x86/kexec: Allocate PGD for x86_64 transition page tables separately Liu Ye <liuye(a)kylinos.cn> selftests/net/ipsec: Fix Null pointer dereference in rtattr_pack() Dan Carpenter <dan.carpenter(a)linaro.org> tipc: re-order conditions in tipc_crypto_key_rcv() Yuanjie Yang <quic_yuanjiey(a)quicinc.com> mmc: sdhci-msm: Correctly set the load for the regulator Maciej S. Szmigiero <mail(a)maciej.szmigiero.name> net: wwan: iosm: Fix hibernation by re-binding the driver around it Mazin Al Haddad <mazin(a)getstate.dev> Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync Borislav Petkov <bp(a)alien8.de> APEI: GHES: Have GHES honor the panic= setting Randolph Ha <rha051117(a)gmail.com> i2c: Force ELAN06FA touchpad I2C bus freq to 100KHz Miri Korenblit <miriam.rachel.korenblit(a)intel.com> wifi: iwlwifi: avoid memory leak Stefan Dösinger <stefan(a)codeweavers.com> wifi: brcmfmac: Check the return value of of_property_read_string_index() Vadim Fedorenko <vadfed(a)meta.com> net/mlx5: use do_aux_work for PHC overflow checks Even Xu <even.xu(a)intel.com> HID: Wacom: Add PCI Wacom device support Hans de Goede <hdegoede(a)redhat.com> mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> tomoyo: don't emit warning in tomoyo_write_control() Dmitry Antipov <dmantipov(a)yandex.ru> wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() Shawn Lin <shawn.lin(a)rock-chips.com> mmc: core: Respect quirk_max_rate for non-UHS SDIO card Stas Sergeev <stsp2(a)yandex.ru> tun: fix group permission check Leo Stone <leocstone(a)gmail.com> safesetid: check size of policy writes Hermes Wu <hermes.wu(a)ite.com.tw> drm/bridge: it6505: fix HDCP CTS compare V matching Hermes Wu <hermes.wu(a)ite.com.tw> drm/bridge: it6505: fix HDCP encryption when R0 ready Hermes Wu <hermes.wu(a)ite.com.tw> drm/bridge: it6505: fix HDCP Bstatus check Hermes Wu <hermes.wu(a)ite.com.tw> drm/bridge: it6505: Change definition MAX_HDCP_DOWN_STREAM_COUNT Fangzhi Zuo <Jerry.Zuo(a)amd.com> drm/amd/display: Fix Mode Cutoff in DSC Passthrough to DP2.1 Monitor Kuan-Wei Chiu <visitorckw(a)gmail.com> printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX Dongwon Kim <dongwon.kim(a)intel.com> drm/virtio: New fence for every plane update Yazen Ghannam <yazen.ghannam(a)amd.com> x86/amd_nb: Restrict init function to AMD-based systems Carlos Llamas <cmllamas(a)google.com> lockdep: Fix upper limit for LOCKDEP_*_BITS configs Suleiman Souhlal <suleiman(a)google.com> sched: Don't try to catch up excess steal time. Josef Bacik <josef(a)toxicpanda.com> btrfs: convert BUG_ON in btrfs_reloc_cow_block() to proper error handling Hao-ran Zheng <zhenghaoran154(a)gmail.com> btrfs: fix data race when accessing the inode's disk_i_size at btrfs_drop_extents() Kees Cook <kees(a)kernel.org> exec: fix up /proc/pid/comm in the execveat(AT_EMPTY_PATH) case Anshuman Khandual <anshuman.khandual(a)arm.com> arm64/mm: Ensure adequate HUGE_MAX_HSTATE Filipe Manana <fdmanana(a)suse.com> btrfs: fix use-after-free when attempting to join an aborted transaction Antonio Borneo <antonio.borneo(a)foss.st.com> pinctrl: stm32: fix array read out of bound Nathan Chancellor <nathan(a)kernel.org> s390: Add '-std=gnu11' to decompressor and purgatory CFLAGS Thomas Weißschuh <linux(a)weissschuh.net> ptp: Properly handle compat ioctls Qu Wenruo <wqu(a)suse.com> btrfs: output the reason for open_ctree() failure Dan Carpenter <dan.carpenter(a)linaro.org> media: imx-jpeg: Fix potential error pointer dereference in detach_pm() Laurentiu Palcu <laurentiu.palcu(a)oss.nxp.com> staging: media: max96712: fix kernel oops when removing module Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: gadget: f_tcm: Don't free command immediately Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> media: uvcvideo: Fix double free in error path Arnaud Pouliquen <arnaud.pouliquen(a)foss.st.com> remoteproc: core: Fix ida_free call while not allocated Paolo Abeni <pabeni(a)redhat.com> mptcp: handle fastopen disconnect correctly Paolo Abeni <pabeni(a)redhat.com> mptcp: consolidate suboption status Kyle Tso <kyletso(a)google.com> usb: typec: tcpci: Prevent Sink disconnection before vPpsShutdown in SPR PPS Jos Wang <joswang(a)lenovo.com> usb: typec: tcpm: set SRC_SEND_CAPABILITIES timeout to PD_T_SENDER_RESPONSE Kyle Tso <kyletso(a)google.com> usb: dwc3: core: Defer the probe until USB power supply ready Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> usb: dwc3-am62: Fix an OF node leak in phy_syscon_pll_refclk() Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: gadget: f_tcm: Fix Get/SetInterface return value Sean Rhodes <sean(a)starlabs.systems> drivers/card_reader/rtsx_usb: Restore interrupt based detection Michal Pecio <michal.pecio(a)gmail.com> usb: xhci: Fix NULL pointer dereference on certain command aborts Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> net: usb: rtl8150: enable basic endpoint checking Lianqin Hu <hulianqin(a)vivo.com> ALSA: usb-audio: Add delay quirk for iBasso DC07 Pro Ricardo B. Marliere <rbm(a)suse.com> ktest.pl: Check kernelrelease return in get_version Tim Huang <tim.huang(a)amd.com> drm/amd/display: fix double free issue during amdgpu module unload Puranjay Mohan <pjy(a)amazon.com> nvme: fix metadata handling in nvme-passthrough Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: reject mismatching sum of field_len with set key length Parth Pancholi <parth.pancholi(a)toradex.com> kbuild: switch from lz4c to lz4 for compression Chuck Lever <chuck.lever(a)oracle.com> NFSD: Reset cb_seq_status after NFS4ERR_DELAY Daniel Lee <chullee(a)google.com> f2fs: Introduce linear search for dentries Lin Yujun <linyujun809(a)huawei.com> hexagon: Fix unbalanced spinlock in die() Willem de Bruijn <willemb(a)google.com> hexagon: fix using plain integer as NULL pointer warning in cmpxchg Masahiro Yamada <masahiroy(a)kernel.org> kconfig: fix memory leak in sym_warn_unmet_dep() Sergey Senozhatsky <senozhatsky(a)chromium.org> kconfig: WERROR unmet symbol dependency Masahiro Yamada <masahiroy(a)kernel.org> kconfig: deduplicate code in conf_read_simple() Masahiro Yamada <masahiroy(a)kernel.org> kconfig: remove unused code for S_DEF_AUTO in conf_read_simple() Masahiro Yamada <masahiroy(a)kernel.org> kconfig: require a space after '#' for valid input Sergey Senozhatsky <senozhatsky(a)chromium.org> kconfig: add warn-unknown-symbols sanity check Masahiro Yamada <masahiroy(a)kernel.org> kconfig: fix file name in warnings when loading KCONFIG_DEFCONFIG_LIST Detlev Casanova <detlev.casanova(a)collabora.com> ASoC: rockchip: i2s_tdm: Re-add the set_sysclk callback Masahiro Yamada <masahiroy(a)kernel.org> genksyms: fix memory leak when the same symbol is read from *.symref file Masahiro Yamada <masahiroy(a)kernel.org> genksyms: fix memory leak when the same symbol is added from source Eric Dumazet <edumazet(a)google.com> net: hsr: fix fill_frame_info() regression vs VLAN packets Kory Maincent <kory.maincent(a)bootlin.com> net: sh_eth: Fix missing rtnl lock in suspend/resume path Rafał Miłecki <rafal(a)milecki.pl> bgmac: reduce max frame size to support just MTU 1500 Howard Chu <howardchu95(a)gmail.com> perf trace: Fix runtime error of index out of bounds Chenyuan Yang <chenyuan0y(a)gmail.com> net: davicom: fix UAF in dm9000_drv_remove Shigeru Yoshida <syoshida(a)redhat.com> vxlan: Fix uninit-value in vxlan_vnifilter_dump() Jakub Kicinski <kuba(a)kernel.org> net: netdevsim: try to close UDP port harness races Eric Dumazet <edumazet(a)google.com> net: rose: fix timer races against user threads Michal Swiatkowski <michal.swiatkowski(a)linux.intel.com> iavf: allow changing VLAN state without calling PF Wentao Liang <vulab(a)iscas.ac.cn> PM: hibernate: Add error handling for syscore_suspend() Eric Dumazet <edumazet(a)google.com> ipmr: do not call mr_mfc_uses_dev() for unres entries Dheeraj Reddy Jonnalagadda <dheeraj.linuxdev(a)gmail.com> net: fec: implement TSO descriptor cleanup Ahmad Fatoum <a.fatoum(a)pengutronix.de> gpio: mxc: remove dead code after switch to DT-only Jian Shen <shenjian15(a)huawei.com> net: hns3: fix oops when unload drivers paralleling Alexander Stein <alexander.stein(a)ew.tq-group.com> regulator: core: Add missing newline character pangliyuan <pangliyuan1(a)huawei.com> ubifs: skip dumping tnc tree when zroot is null Oleksij Rempel <linux(a)rempel-privat.de> rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> dmaengine: ti: edma: fix OF node reference leaks in edma_driver Jianbo Liu <jianbol(a)nvidia.com> xfrm: replay: Fix the update of replay_esn->oseq_hi for GSO Luo Yifan <luoyifan(a)cmss.chinamobile.com> tools/bootconfig: Fix the wrong format specifier Olga Kornievskaia <okorniev(a)redhat.com> NFSv4.2: mark OFFLOAD_CANCEL MOVEABLE Olga Kornievskaia <okorniev(a)redhat.com> NFSv4.2: fix COPY_NOTIFY xdr buf size calculation John Ogness <john.ogness(a)linutronix.de> serial: 8250: Adjust the timeout for FIFO mode Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> module: Extend the preempt disabled section in dereference_symbol_descriptor(). Su Yue <glass.su(a)suse.com> ocfs2: mark dquot as inactive if failed to start trans while releasing dquot Guixin Liu <kanie(a)linux.alibaba.com> scsi: ufs: bsg: Delete bsg_dev when setting up bsg fails Paul Menzel <pmenzel(a)molgen.mpg.de> scsi: mpt3sas: Set ioc->manu_pg11.EEDPTagMode directly to 1 Manivannan Sadhasivam <mani(a)kernel.org> PCI: endpoint: pci-epf-test: Fix check for DMA MEMCPY test Damien Le Moal <dlemoal(a)kernel.org> PCI: epf-test: Simplify DMA support checks Mohamed Khalfella <khalfella(a)gmail.com> PCI: endpoint: pci-epf-test: Set dma_chan_rx pointer to NULL on error King Dix <kingdix10(a)qq.com> PCI: rcar-ep: Fix incorrect variable used when calling devm_request_mem_region() Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> staging: media: imx: fix OF node leak in imx_media_add_of_subdevs() Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> mtd: hyperbus: hbmc-am654: fix an OF node reference leak Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> mtd: hyperbus: hbmc-am654: Convert to platform remove callback returning void Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Propagate buf->error to userspace Jiasheng Jiang <jiashengjiangcool(a)gmail.com> media: camif-core: Add check for clk_enable() Jiasheng Jiang <jiashengjiangcool(a)gmail.com> media: mipi-csis: Add check for clk_enable() Dave Stevenson <dave.stevenson(a)raspberrypi.com> media: i2c: ov9282: Correct the exposure offset Luca Weiss <luca.weiss(a)fairphone.com> media: i2c: imx412: Add missing newline to prints Jiasheng Jiang <jiashengjiangcool(a)gmail.com> media: marvell: Add check for clk_enable() Zijun Hu <quic_zijuhu(a)quicinc.com> PCI: endpoint: Destroy the EPC device in devm_pci_epc_destroy() Chen Ni <nichen(a)iscas.ac.cn> media: lmedm04: Handle errors for lme2510_int_read Oliver Neukum <oneukum(a)suse.com> media: rc: iguanair: handle timeouts Qasim Ijaz <qasdev00(a)gmail.com> iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index() Zhu Yanjun <yanjun.zhu(a)linux.dev> RDMA/rxe: Fix the warning "__rxe_cleanup+0x12c/0x170 [rdma_rxe]" Randy Dunlap <rdunlap(a)infradead.org> efi: sysfb_efi: fix W=1 warnings when EFI is not set Zijun Hu <quic_zijuhu(a)quicinc.com> of: reserved-memory: Do not make kmemleak ignore freed address Michael Guralnik <michaelgur(a)nvidia.com> RDMA/mlx5: Fix indirect mkey ODP page count Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> fbdev: omapfb: Fix an OF node leak in dss_of_port_get_parent_device() Rafał Miłecki <rafal(a)milecki.pl> ARM: dts: mediatek: mt7623: fix IR nodename Vladimir Zapolskiy <vladimir.zapolskiy(a)linaro.org> arm64: dts: qcom: sm8250: Fix interrupt types of camss interrupts Vladimir Zapolskiy <vladimir.zapolskiy(a)linaro.org> arm64: dts: qcom: sdm845: Fix interrupt types of camss interrupts Jason-JH.Lin <jason-jh.lin(a)mediatek.com> dts: arm64: mediatek: mt8195: Remove MT8183 compatible for OVL Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com> arm64: dts: qcom: sc8280xp: Fix up remoteproc register space sizes Neil Armstrong <neil.armstrong(a)linaro.org> arm64: dts: qcom: sm8150-microsoft-surface-duo: fix typos in da7280 properties Neil Armstrong <neil.armstrong(a)linaro.org> arm64: dts: qcom: sc7180-trogdor-pompom: rename 5v-choke thermal zone Konrad Dybcio <konrad.dybcio(a)linaro.org> arm64: dts: qcom: sc7180-*: Remove thermal zone polling delays Luca Weiss <luca.weiss(a)fairphone.com> arm64: dts: qcom: pm6150l: add temp sensor and thermal zone config Neil Armstrong <neil.armstrong(a)linaro.org> arm64: dts: qcom: sc7180-trogdor-quackingstick: add missing avee-supply Nikita Travkin <nikita(a)trvn.ru> arm64: dts: qcom: sc7180: Drop redundant disable in mdp Nikita Travkin <nikita(a)trvn.ru> arm64: dts: qcom: sc7180: Don't enable lpass clocks by default Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sc7180-trogdor-wormdingler: use just "port" in panel Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sc7180-trogdor-quackingstick: use just "port" in panel Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sc7180-idp: use just "port" in panel Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> arm64: dts: qcom: sc7180: Add compat qcom,sc7180-dsi-ctrl Bryan Brattlof <bb(a)ti.com> arm64: dts: ti: k3-am62a: Remove duplicate GICR reg Bryan Brattlof <bb(a)ti.com> arm64: dts: ti: k3-am62: Remove duplicate GICR reg Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sm8450: correct sleep clock frequency Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sm8350: correct sleep clock frequency Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sm8250: correct sleep clock frequency Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sm6125: correct sleep clock frequency Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sc7280: correct sleep clock frequency Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: msm8994: correct sleep clock frequency Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: msm8916: correct sleep clock frequency Luca Weiss <luca.weiss(a)fairphone.com> arm64: dts: qcom: sm7225-fairphone-fp4: Drop extra qcom,msm-id value Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com> arm64: dts: qcom: msm8994: Describe USB interrupts Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com> arm64: dts: qcom: msm8996: Fix up USB3 interrupts Marek Vasut <marex(a)denx.de> arm64: dts: qcom: msm8996-xiaomi-gemini: Fix LP5562 LED1 reg property Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8183-kukui-jacuzzi: Drop pp3300_panel voltage settings Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> memory: tegra20-emc: fix an OF node reference bug in tegra_emc_find_node_by_ram_code() Ma Ke <make_ruc2021(a)163.com> RDMA/srp: Fix error handling in srp_add_port Hsin-Te Yuan <yuanhsinte(a)chromium.org> arm64: dts: mediatek: mt8183: willow: Support second source touchscreen Hsin-Te Yuan <yuanhsinte(a)chromium.org> arm64: dts: mediatek: mt8183: kenzo: Support second source touchscreen Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8173-evb: Fix MT6397 PMIC sub-node names Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8173-elm: Fix MT6397 PMIC sub-node names Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8195-demo: Drop regulator-compatible property Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8195-cherry: Drop regulator-compatible property Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8192-asurada: Drop regulator-compatible property Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8173-elm: Drop regulator-compatible property Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8173-evb: Drop regulator-compatible property Dan Carpenter <dan.carpenter(a)linaro.org> rdma/cxgb4: Prevent potential integer overflow on 32bit Leon Romanovsky <leon(a)kernel.org> RDMA/mlx4: Avoid false error about access to uninitialized gids array Val Packett <val(a)packett.cool> arm64: dts: mediatek: mt8516: reserve 192 KiB for TF-A Val Packett <val(a)packett.cool> arm64: dts: mediatek: mt8516: add i2c clock-div property Val Packett <val(a)packett.cool> arm64: dts: mediatek: mt8516: fix wdt irq type Val Packett <val(a)packett.cool> arm64: dts: mediatek: mt8516: fix GICv2 range Hsin-Yi Wang <hsinyi(a)chromium.org> arm64: dts: mt8183: set DMIC one-wire mode on Damu Nicolas Ferre <nicolas.ferre(a)microchip.com> ARM: at91: pm: change BU Power Switch to automatic mode Javier Carrasco <javier.carrasco.cruz(a)gmail.com> soc: atmel: fix device_node release in atmel_soc_device_init() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix oops due to unset link speed Chen Ridong <chenridong(a)huawei.com> padata: avoid UAF for reorder_work Chen Ridong <chenridong(a)huawei.com> padata: add pd get/put refcnt helper Chen Ridong <chenridong(a)huawei.com> padata: fix UAF in padata_reorder Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek - Fixed headphone distorted sound on Acer Aspire A115-31 laptop Daniel Xu <dxu(a)dxuuu.xyz> bpf: tcp: Mark bpf_load_hdr_opt() arg2 as read-write Puranjay Mohan <puranjay(a)kernel.org> bpf: Send signals asynchronously if !preemptible Mingwei Zheng <zmw12306(a)gmail.com> pinctrl: stm32: Add check for clk_enable() Ma Ke <make24(a)iscas.ac.cn> pinctrl: stm32: check devm_kasprintf() returned value Chen Ni <nichen(a)iscas.ac.cn> pinctrl: stm32: Add check for devm_kcalloc Valentin Caron <valentin.caron(a)foss.st.com> pinctrl: stm32: set default gpio line names using pin names Jiachen Zhang <me(a)jcix.top> perf report: Fix misleading help message about --demangle Cezary Rojewski <cezary.rojewski(a)intel.com> ASoC: Intel: avs: Fix theoretical infinite loop Arnaldo Carvalho de Melo <acme(a)redhat.com> perf namespaces: Fixup the nsinfo__in_pidns() return type, its bool Arnaldo Carvalho de Melo <acme(a)redhat.com> perf namespaces: Introduce nsinfo__set_in_pidns() Arnaldo Carvalho de Melo <acme(a)redhat.com> perf top: Don't complain about lack of vmlinux when not resolving some kernel samples Thomas Weißschuh <linux(a)weissschuh.net> padata: fix sysfs store callback check Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> crypto: ixp4xx - fix OF node reference leaks in init_ixp_crypto() Wenkai Lin <linwenkai6(a)hisilicon.com> crypto: hisilicon/sec2 - fix for aead invalid authsize Wenkai Lin <linwenkai6(a)hisilicon.com> crypto: hisilicon/sec2 - fix for aead icv error Chenghai Huang <huangchenghai2(a)huawei.com> crypto: hisilicon/sec2 - optimize the error return process Ba Jing <bajing(a)cmss.chinamobile.com> ktest.pl: Remove unused declarations in run_bisect_test function Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> ASoC: renesas: rz-ssi: Use only the proper amount of dividers Zhongqiu Han <quic_zhonhan(a)quicinc.com> perf bpf: Fix two memory leakages when calling perf_env__insert_bpf_prog_info() Zhongqiu Han <quic_zhonhan(a)quicinc.com> perf header: Fix one memory leakage in process_bpf_prog_info() Zhongqiu Han <quic_zhonhan(a)quicinc.com> perf header: Fix one memory leakage in process_bpf_btf() George Lander <lander(a)jagmn.com> ASoC: sun4i-spdif: Add clock multiplier settings Quentin Monnet <qmo(a)kernel.org> libbpf: Fix segfault due to libelf functions not setting errno Marco Leogrande <leogrande(a)google.com> tools/testing/selftests/bpf/test_tc_tunnel.sh: Fix wait for server bind Andrii Nakryiko <andrii(a)kernel.org> libbpf: don't adjust USDT semaphore address if .stapsdt.base addr is missing Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> net/rose: prevent integer overflows in rose_setsockopt() Mahdi Arghavani <ma.arghavani(a)yahoo.com> tcp_cubic: fix incorrect HyStart round start detection Roger Quadros <rogerq(a)kernel.org> net: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns() Florian Westphal <fw(a)strlen.de> netfilter: nft_flow_offload: update tcp state flags under lock Jamal Hadi Salim <jhs(a)mojatatu.com> net: sched: Disallow replacing of child qdisc from one parent to another Antoine Tenart <atenart(a)kernel.org> net: avoid race between device unregistration and ethnl ops Maher Sanalla <msanalla(a)nvidia.com> net/mlxfw: Drop hard coded max FW flash image size Liu Jian <liujian56(a)huawei.com> net: let net.core.dev_weight always be non-zero Mickaël Salaün <mic(a)digikod.net> selftests/landlock: Fix error message Mingwei Zheng <zmw12306(a)gmail.com> pwm: stm32: Add check for clk_enable() Bo Gan <ganboing(a)gmail.com> clk: analogbits: Fix incorrect calculation of vco rate delta Dmitry Antipov <dmantipov(a)yandex.ru> wifi: cfg80211: adjust allocation of colocated AP data Ilan Peer <ilan.peer(a)intel.com> wifi: cfg80211: Handle specific BSSID in 6GHz scanning Dmitry V. Levin <ldv(a)strace.io> selftests: harness: fix printing of mismatch values in __EXPECT() Geert Uytterhoeven <geert+renesas(a)glider.be> selftests: timers: clocksource-switch: Adapt progress to kselftest framework Gautham R. Shenoy <gautham.shenoy(a)amd.com> cpufreq: ACPI: Fix max-frequency computation Peter Chiu <chui-hao.chiu(a)mediatek.com> wifi: mt76: mt7915: fix register mapping Michael Lo <michael.lo(a)mediatek.com> wifi: mt76: mt7921: fix using incorrect group cipher after disconnection. WangYuli <wangyuli(a)uniontech.com> wifi: mt76: mt76u_vendor_request: Do not print error messages when -EPROTO Mickaël Salaün <mic(a)digikod.net> landlock: Handle weird files Guangguan Wang <guangguan.wang(a)linux.alibaba.com> net/smc: fix data error when recvmsg with MSG_PEEK flag Ilan Peer <ilan.peer(a)intel.com> wifi: mac80211: Fix common size calculation for ML element Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: prohibit deactivating all links Andreas Kemnade <andreas(a)kemnade.info> wifi: wlcore: fix unbalanced pm_runtime calls Zichen Xie <zichenxie0106(a)gmail.com> samples/landlock: Fix possible NULL dereference in parse_path() Rob Herring (Arm) <robh(a)kernel.org> mfd: syscon: Fix race in device_node_get_regmap() Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> mfd: syscon: Use scoped variables with memory allocators to simplify error paths Peter Griffin <peter.griffin(a)linaro.org> mfd: syscon: Add of_syscon_register_regmap() API Peter Griffin <peter.griffin(a)linaro.org> mfd: syscon: Remove extern from function prototypes Karol Przybylski <karprzy7(a)gmail.com> HID: hid-thrustmaster: Fix warning in thrustmaster_probe by adding endpoint check Amit Pundir <amit.pundir(a)linaro.org> clk: qcom: gcc-sdm845: Do not use shared clk_ops for QUPs Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> OPP: OF: Fix an OF node leak in _opp_add_static_v2() Eric Dumazet <edumazet(a)google.com> ax25: rcu protect dev->ax25_ptr Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> regulator: of: Implement the unwind path of of_regulator_match() Octavian Purdila <tavip(a)google.com> team: prevent adding a device which is already a team device lower Marek Vasut <marex(a)denx.de> clk: imx8mp: Fix clkout1/2 support Sultan Alsawaf (unemployed) <sultan(a)kerneltoast.com> cpufreq: schedutil: Fix superfluous updates caused by need_freq_update Mingwei Zheng <zmw12306(a)gmail.com> pwm: stm32-lp: Add check for clk_enable() Eric Dumazet <edumazet(a)google.com> inetpeer: do not get a refcount in inet_getpeer() Eric Dumazet <edumazet(a)google.com> inetpeer: update inetpeer timestamp in inet_getpeer() Eric Dumazet <edumazet(a)google.com> inetpeer: remove create argument of inet_getpeer() Eric Dumazet <edumazet(a)google.com> inetpeer: remove create argument of inet_getpeer_v[46]() Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> leds: netxbig: Fix an OF node reference leak in netxbig_leds_get_of_pdata() Matti Vaittinen <mazziesaccount(a)gmail.com> dt-bindings: mfd: bd71815: Fix rsense and typos He Rongguang <herongguang(a)linux.alibaba.com> cpupower: fix TSC MHz calculation Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> ACPI: fan: cleanup resources in the error path of .probe() Chen-Yu Tsai <wenst(a)chromium.org> regulator: dt-bindings: mt6315: Drop regulator-compatible property Jiri Kosina <jkosina(a)suse.com> HID: multitouch: fix support for Goodix PID 0x01e9 Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> wifi: rtlwifi: pci: wait for firmware loading before releasing memory Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> wifi: rtlwifi: fix memory leaks and invalid access at probe error path Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> wifi: rtlwifi: destroy workqueue at rtl_deinit_core Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> wifi: rtlwifi: remove unused check_buddy_priv Dmitry Antipov <dmantipov(a)yandex.ru> wifi: rtlwifi: remove unused dualmac control leftovers Dmitry Antipov <dmantipov(a)yandex.ru> wifi: rtlwifi: remove unused timer and related code Geert Uytterhoeven <geert+renesas(a)glider.be> dt-bindings: leds: class-multicolor: Fix path to color definitions Neil Armstrong <neil.armstrong(a)linaro.org> dt-bindings: mmc: controller: clarify the address-cells description Mingwei Zheng <zmw12306(a)gmail.com> spi: zynq-qspi: Add check for clk_enable() Octavian Purdila <tavip(a)google.com> net_sched: sch_sfq: don't allow 1 packet limit Eric Dumazet <edumazet(a)google.com> net_sched: sch_sfq: handle bigger packets Eric Dumazet <edumazet(a)google.com> net_sched: sch_sfq: annotate data-races around q->perturb_period Barnabás Czémán <barnabas.czeman(a)mainlining.org> wifi: wcn36xx: fix channel survey memory allocation size Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> wifi: rtlwifi: usb: fix workqueue leak when probe fails Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> wifi: rtlwifi: fix init_sw_vars leak when probe fails Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> wifi: rtlwifi: wait for firmware loading before releasing memory Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> wifi: rtlwifi: rtl8192se: rise completion of firmware loading as last step Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> wifi: rtlwifi: do not complete firmware loading needlessly Balaji Pothunoori <quic_bpothuno(a)quicinc.com> wifi: ath11k: Fix unexpected return buffer manager error for WCN6750/WCN6855 Charles Han <hanchunchao(a)inspur.com> ipmi: ipmb: Add check devm_kasprintf() returned value Thomas Gleixner <tglx(a)linutronix.de> genirq: Make handle_enforce_irqctx() unconditionally available Hermes Wu <hermes.wu(a)ite.com.tw> drm/bridge: it6505: Change definition of AUX_FIFO_MAX_SIZE Neil Armstrong <neil.armstrong(a)linaro.org> OPP: fix dev_pm_opp_find_bw_*() when bandwidth table not initialized Neil Armstrong <neil.armstrong(a)linaro.org> OPP: add index check to assert to avoid buffer overflow in _read_freq() Viresh Kumar <viresh.kumar(a)linaro.org> OPP: Reuse dev_pm_opp_get_freq_indexed() Viresh Kumar <viresh.kumar(a)linaro.org> OPP: Add dev_pm_opp_find_freq_exact_indexed() Manivannan Sadhasivam <mani(a)kernel.org> OPP: Introduce dev_pm_opp_get_freq_indexed() API Manivannan Sadhasivam <mani(a)kernel.org> OPP: Introduce dev_pm_opp_find_freq_{ceil/floor}_indexed() APIs Viresh Kumar <viresh.kumar(a)linaro.org> OPP: Rearrange entries in pm_opp.h Andy Yan <andy.yan(a)rock-chips.com> drm/rockchip: vop2: Check linear format for Cluster windows on rk3566/8 Andy Yan <andy.yan(a)rock-chips.com> drm/rockchip: vop2: Fix the windows switch between different layers Andy Yan <andy.yan(a)rock-chips.com> drm/rockchip: vop2: set bg dly and prescan dly at vop2_post_config Andy Yan <andy.yan(a)rock-chips.com> drm/rockchip: vop2: Set YUV/RGB overlay mode Andy Yan <andy.yan(a)rock-chips.com> drm/rockchip: vop2: Fix the mixer alpha setup for layer 0 Andy Yan <andy.yan(a)rock-chips.com> drm/rockchip: vop2: Fix cluster windows alpha ctrl regsiters offset Ivan Stepchenko <sid(a)itb.spb.ru> drm/amdgpu: Fix potential NULL pointer dereference in atomctrl_get_smc_sclk_range_table Alan Stern <stern(a)rowland.harvard.edu> HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections Sui Jingfeng <sui.jingfeng(a)linux.dev> drm/etnaviv: Fix page property being used for non writecombine buffers Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dp: set safe_to_exit_level before printing it Peter Zijlstra <peterz(a)infradead.org> sched/fair: Fix value reported by hot tasks pulled in /proc/schedstat Chengming Zhou <zhouchengming(a)bytedance.com> sched/psi: Use task->psi_flags to clear in CPU migration David Howells <dhowells(a)redhat.com> afs: Fix the fallback handling for the YFS.RemoveFile2 RPC call Christophe Leroy <christophe.leroy(a)csgroup.eu> select: Fix unbalanced user_access_end() Randy Dunlap <rdunlap(a)infradead.org> partitions: ldm: remove the initial kernel-doc notation Michael Ellerman <mpe(a)ellerman.id.au> selftests/powerpc: Fix argument order to timer_sub() Keisuke Nishimura <keisuke.nishimura(a)inria.fr> nvme: Add error check for xa_store in nvme_get_effects_log Eugen Hristev <eugen.hristev(a)linaro.org> pstore/blk: trivial typo fixes Yu Kuai <yukuai3(a)huawei.com> nbd: don't allow reconnect after disconnect Yang Erkun <yangerkun(a)huawei.com> block: retry call probe after request_module in blk_request_module Jinliang Zheng <alexjlzheng(a)gmail.com> fs: fix proc_handler for sysctl_nr_open David Howells <dhowells(a)redhat.com> afs: Fix directory format encoding struct David Howells <dhowells(a)redhat.com> afs: Fix EEXIST error returned from afs_rmdir() to be ENOTEMPTY Sourabh Jain <sourabhjain(a)linux.ibm.com> powerpc/book3s64/hugetlb: Fix disabling hugetlb when fadump is active ------------- Diffstat: .../bindings/leds/leds-class-multicolor.yaml | 2 +- .../devicetree/bindings/mfd/rohm,bd71815-pmic.yaml | 20 +-- .../devicetree/bindings/mmc/mmc-controller.yaml | 2 +- .../bindings/regulator/mt6315-regulator.yaml | 6 - Documentation/kbuild/kconfig.rst | 9 ++ Makefile | 6 +- arch/alpha/include/uapi/asm/ptrace.h | 2 + arch/alpha/kernel/asm-offsets.c | 2 + arch/alpha/kernel/entry.S | 24 ++- arch/alpha/kernel/traps.c | 2 +- arch/alpha/mm/fault.c | 4 +- arch/arm/boot/dts/dra7-l4.dtsi | 2 + arch/arm/boot/dts/mt7623.dtsi | 2 +- arch/arm/mach-at91/pm.c | 31 ++-- arch/arm64/boot/dts/mediatek/mt8173-elm.dtsi | 29 +--- arch/arm64/boot/dts/mediatek/mt8173-evb.dts | 25 +--- .../dts/mediatek/mt8183-kukui-jacuzzi-damu.dts | 4 + .../dts/mediatek/mt8183-kukui-jacuzzi-kenzo.dts | 15 ++ .../dts/mediatek/mt8183-kukui-jacuzzi-willow.dtsi | 15 ++ .../boot/dts/mediatek/mt8183-kukui-jacuzzi.dtsi | 2 - arch/arm64/boot/dts/mediatek/mt8192-asurada.dtsi | 3 - arch/arm64/boot/dts/mediatek/mt8195-cherry.dtsi | 2 - arch/arm64/boot/dts/mediatek/mt8195-demo.dts | 9 -- arch/arm64/boot/dts/mediatek/mt8195.dtsi | 2 +- arch/arm64/boot/dts/mediatek/mt8516.dtsi | 11 +- arch/arm64/boot/dts/mediatek/pumpkin-common.dtsi | 2 - arch/arm64/boot/dts/nvidia/tegra234.dtsi | 6 +- arch/arm64/boot/dts/qcom/msm8916.dtsi | 2 +- arch/arm64/boot/dts/qcom/msm8994.dtsi | 11 +- arch/arm64/boot/dts/qcom/msm8996-xiaomi-gemini.dts | 2 +- arch/arm64/boot/dts/qcom/msm8996.dtsi | 9 +- arch/arm64/boot/dts/qcom/pm6150.dtsi | 2 +- arch/arm64/boot/dts/qcom/pm6150l.dtsi | 35 +++++ arch/arm64/boot/dts/qcom/sc7180-idp.dts | 15 +- .../arm64/boot/dts/qcom/sc7180-trogdor-coachz.dtsi | 1 - .../boot/dts/qcom/sc7180-trogdor-homestar.dtsi | 1 - .../arm64/boot/dts/qcom/sc7180-trogdor-pompom.dtsi | 7 +- .../dts/qcom/sc7180-trogdor-quackingstick.dtsi | 12 +- .../boot/dts/qcom/sc7180-trogdor-wormdingler.dtsi | 12 +- arch/arm64/boot/dts/qcom/sc7180-trogdor.dtsi | 9 +- arch/arm64/boot/dts/qcom/sc7180.dtsi | 34 +---- arch/arm64/boot/dts/qcom/sc7280.dtsi | 2 +- arch/arm64/boot/dts/qcom/sc8280xp.dtsi | 6 +- arch/arm64/boot/dts/qcom/sdm845.dtsi | 20 +-- arch/arm64/boot/dts/qcom/sm6125.dtsi | 2 +- arch/arm64/boot/dts/qcom/sm6350.dtsi | 4 +- arch/arm64/boot/dts/qcom/sm7225-fairphone-fp4.dts | 2 +- .../boot/dts/qcom/sm8150-microsoft-surface-duo.dts | 4 +- arch/arm64/boot/dts/qcom/sm8250.dtsi | 30 ++-- arch/arm64/boot/dts/qcom/sm8350.dtsi | 4 +- arch/arm64/boot/dts/qcom/sm8450.dtsi | 4 +- arch/arm64/boot/dts/rockchip/rk3399-puma.dtsi | 2 +- arch/arm64/boot/dts/ti/k3-am62-main.dtsi | 1 - arch/arm64/boot/dts/ti/k3-am62a-main.dtsi | 1 - arch/arm64/kernel/cacheinfo.c | 12 +- arch/arm64/kernel/vdso/vdso.lds.S | 1 + arch/arm64/kernel/vmlinux.lds.S | 1 + arch/arm64/mm/hugetlbpage.c | 12 ++ arch/hexagon/include/asm/cmpxchg.h | 2 +- arch/hexagon/kernel/traps.c | 4 +- arch/m68k/include/asm/vga.h | 8 +- arch/mips/kernel/ftrace.c | 2 +- arch/mips/loongson64/boardinfo.c | 2 - arch/mips/math-emu/cp1emu.c | 2 +- arch/powerpc/include/asm/hugetlb.h | 9 ++ arch/powerpc/kvm/e500_mmu_host.c | 21 +-- arch/powerpc/platforms/pseries/eeh_pseries.c | 6 +- arch/s390/Makefile | 2 +- arch/s390/include/asm/futex.h | 2 +- arch/s390/kvm/vsie.c | 25 +++- arch/s390/purgatory/Makefile | 2 +- arch/x86/boot/compressed/Makefile | 1 + arch/x86/events/intel/core.c | 5 +- arch/x86/include/asm/kexec.h | 18 ++- arch/x86/include/asm/mmu.h | 2 + arch/x86/include/asm/mmu_context.h | 1 + arch/x86/include/asm/msr-index.h | 3 +- arch/x86/include/asm/tlbflush.h | 1 + arch/x86/kernel/amd_nb.c | 4 + arch/x86/kernel/i8253.c | 11 +- arch/x86/kernel/machine_kexec_64.c | 45 +++--- arch/x86/kernel/static_call.c | 1 - arch/x86/kvm/hyperv.c | 6 +- arch/x86/kvm/mmu/mmu.c | 2 +- arch/x86/kvm/svm/nested.c | 10 +- arch/x86/mm/tlb.c | 35 ++++- arch/x86/xen/mmu_pv.c | 79 ++++++++-- arch/x86/xen/xen-head.S | 5 +- block/blk-cgroup.c | 1 + block/fops.c | 5 +- block/genhd.c | 22 ++- block/partitions/ldm.h | 2 +- block/partitions/mac.c | 18 ++- drivers/acpi/apei/ghes.c | 10 +- drivers/acpi/fan_core.c | 10 +- drivers/acpi/prmt.c | 4 +- drivers/acpi/property.c | 10 +- drivers/ata/libata-sff.c | 18 ++- drivers/base/regmap/regmap-irq.c | 2 + drivers/block/nbd.c | 1 + drivers/char/ipmi/ipmb_dev_int.c | 3 + drivers/clk/analogbits/wrpll-cln28hpc.c | 2 +- drivers/clk/imx/clk-imx8mp.c | 5 +- drivers/clk/qcom/clk-alpha-pll.c | 2 + drivers/clk/qcom/clk-rpmh.c | 2 +- drivers/clk/qcom/dispcc-sm6350.c | 7 +- drivers/clk/qcom/gcc-mdm9607.c | 2 +- drivers/clk/qcom/gcc-sdm845.c | 32 ++-- drivers/clk/qcom/gcc-sm6350.c | 22 ++- drivers/clk/sunxi-ng/ccu-sun50i-a100.c | 6 +- drivers/clocksource/i8253.c | 13 +- drivers/cpufreq/acpi-cpufreq.c | 36 +++-- drivers/cpufreq/s3c64xx-cpufreq.c | 11 +- drivers/crypto/hisilicon/sec2/sec.h | 3 +- drivers/crypto/hisilicon/sec2/sec_crypto.c | 164 ++++++++++----------- drivers/crypto/hisilicon/sec2/sec_crypto.h | 11 -- drivers/crypto/ixp4xx_crypto.c | 3 + drivers/crypto/qce/aead.c | 2 +- drivers/crypto/qce/core.c | 13 +- drivers/crypto/qce/sha.c | 2 +- drivers/crypto/qce/skcipher.c | 2 +- drivers/dma/ti/edma.c | 3 +- drivers/firmware/Kconfig | 2 +- drivers/firmware/efi/efi.c | 6 +- drivers/firmware/efi/libstub/Makefile | 2 +- drivers/firmware/efi/libstub/randomalloc.c | 3 + drivers/firmware/efi/libstub/relocate.c | 3 + drivers/firmware/efi/sysfb_efi.c | 2 +- drivers/gpio/gpio-bcm-kona.c | 71 +++++++-- drivers/gpio/gpio-mxc.c | 3 +- drivers/gpio/gpio-pca953x.c | 19 --- drivers/gpio/gpio-stmpe.c | 15 +- drivers/gpio/gpio-xilinx.c | 56 +++---- drivers/gpio/gpiolib-acpi.c | 14 ++ .../amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 6 +- .../amd/display/dc/clk_mgr/dcn30/dcn30_clk_mgr.c | 8 + .../amd/display/dc/clk_mgr/dcn32/dcn32_clk_mgr.c | 8 + drivers/gpu/drm/amd/display/dc/core/dc_link.c | 2 +- .../gpu/drm/amd/display/dc/dce/dmub_hw_lock_mgr.c | 3 +- .../gpu/drm/amd/display/dc/dcn30/dcn30_resource.c | 3 + .../gpu/drm/amd/display/dc/dcn31/dcn31_resource.c | 5 + .../drm/amd/display/dc/dcn314/dcn314_resource.c | 5 + .../drm/amd/display/dc/dcn315/dcn315_resource.c | 2 + .../drm/amd/display/dc/dcn316/dcn316_resource.c | 2 + .../gpu/drm/amd/display/dc/dcn32/dcn32_resource.c | 5 + .../drm/amd/display/dc/dcn321/dcn321_resource.c | 2 + .../gpu/drm/amd/pm/powerplay/hwmgr/ppatomctrl.c | 2 + drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c | 3 +- drivers/gpu/drm/amd/pm/swsmu/smu13/aldebaran_ppt.c | 1 - .../drm/arm/display/komeda/komeda_wb_connector.c | 4 + drivers/gpu/drm/bridge/ite-it6505.c | 65 ++++---- drivers/gpu/drm/display/drm_dp_cec.c | 14 +- drivers/gpu/drm/drm_fb_helper.c | 14 +- drivers/gpu/drm/etnaviv/etnaviv_gem.c | 16 +- drivers/gpu/drm/i915/display/skl_universal_plane.c | 4 - drivers/gpu/drm/i915/gt/uc/intel_guc_submission.c | 20 ++- drivers/gpu/drm/i915/selftests/i915_gem_gtt.c | 4 +- drivers/gpu/drm/msm/dp/dp_audio.c | 2 +- drivers/gpu/drm/rockchip/cdn-dp-core.c | 9 +- drivers/gpu/drm/rockchip/rockchip_drm_drv.h | 1 + drivers/gpu/drm/rockchip/rockchip_drm_vop2.c | 120 +++++++++++---- drivers/gpu/drm/rockchip/rockchip_drm_vop2.h | 1 + drivers/gpu/drm/tidss/tidss_dispc.c | 22 +-- drivers/gpu/drm/v3d/v3d_perfmon.c | 5 + drivers/gpu/drm/virtio/virtgpu_drv.h | 7 + drivers/gpu/drm/virtio/virtgpu_plane.c | 58 +++++--- drivers/hid/hid-core.c | 2 + drivers/hid/hid-multitouch.c | 7 +- drivers/hid/hid-sensor-hub.c | 21 ++- drivers/hid/hid-thrustmaster.c | 8 + drivers/hid/wacom_wac.c | 5 + drivers/i2c/i2c-core-acpi.c | 22 +++ drivers/i3c/master.c | 2 +- drivers/i3c/master/i3c-master-cdns.c | 1 + drivers/iio/light/as73211.c | 24 ++- drivers/infiniband/hw/cxgb4/device.c | 6 +- drivers/infiniband/hw/efa/efa_main.c | 9 +- drivers/infiniband/hw/mlx4/main.c | 6 +- drivers/infiniband/hw/mlx5/odp.c | 32 ++-- drivers/infiniband/sw/rxe/rxe_pool.c | 11 +- drivers/infiniband/ulp/srp/ib_srp.c | 1 - drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 17 ++- drivers/irqchip/irq-apple-aic.c | 3 +- drivers/leds/leds-lp8860.c | 2 +- drivers/leds/leds-netxbig.c | 1 + drivers/mailbox/tegra-hsp.c | 6 +- drivers/md/dm-crypt.c | 27 ++-- drivers/media/dvb-frontends/cxd2841er.c | 8 +- drivers/media/i2c/ccs/ccs-core.c | 6 +- drivers/media/i2c/ccs/ccs-data.c | 14 +- drivers/media/i2c/imx412.c | 42 +++--- drivers/media/i2c/ov5640.c | 1 + drivers/media/i2c/ov9282.c | 2 +- drivers/media/platform/marvell/mcam-core.c | 7 +- drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c | 7 +- .../media/platform/samsung/exynos4-is/mipi-csis.c | 10 +- .../media/platform/samsung/s3c-camif/camif-core.c | 13 +- drivers/media/rc/iguanair.c | 4 +- drivers/media/test-drivers/vidtv/vidtv_bridge.c | 8 +- drivers/media/usb/dvb-usb-v2/lmedm04.c | 12 +- drivers/media/usb/uvc/uvc_ctrl.c | 8 +- drivers/media/usb/uvc/uvc_driver.c | 70 ++++----- drivers/media/usb/uvc/uvc_queue.c | 3 +- drivers/media/usb/uvc/uvc_status.c | 1 + drivers/media/v4l2-core/v4l2-mc.c | 2 +- drivers/memory/tegra/tegra20-emc.c | 8 +- drivers/mfd/lpc_ich.c | 3 +- drivers/mfd/syscon.c | 81 +++++++--- drivers/misc/cardreader/rtsx_usb.c | 15 ++ drivers/misc/fastrpc.c | 8 +- drivers/mmc/core/sdio.c | 2 + drivers/mmc/host/mtk-sd.c | 31 ++-- drivers/mmc/host/sdhci-msm.c | 53 ++++++- drivers/mtd/hyperbus/hbmc-am654.c | 25 ++-- drivers/mtd/nand/onenand/onenand_base.c | 1 + drivers/net/can/c_can/c_can_platform.c | 5 +- drivers/net/can/ctucanfd/ctucanfd_base.c | 10 +- drivers/net/ethernet/aquantia/atlantic/aq_nic.c | 4 +- drivers/net/ethernet/broadcom/bgmac.h | 3 +- drivers/net/ethernet/broadcom/tg3.c | 58 ++++++++ drivers/net/ethernet/davicom/dm9000.c | 3 +- drivers/net/ethernet/freescale/fec_main.c | 31 +++- drivers/net/ethernet/hisilicon/hns3/hnae3.c | 15 ++ drivers/net/ethernet/hisilicon/hns3/hnae3.h | 2 + drivers/net/ethernet/hisilicon/hns3/hns3_enet.c | 2 + .../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 2 + .../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 2 + drivers/net/ethernet/intel/iavf/iavf_main.c | 19 ++- .../net/ethernet/mellanox/mlx5/core/lib/clock.c | 24 +-- drivers/net/ethernet/mellanox/mlxfw/mlxfw_fsm.c | 2 - .../net/ethernet/mellanox/mlxsw/spectrum_ethtool.c | 4 +- drivers/net/ethernet/renesas/sh_eth.c | 4 + drivers/net/ethernet/ti/am65-cpsw-nuss.c | 2 +- drivers/net/netdevsim/ipsec.c | 12 +- drivers/net/netdevsim/netdevsim.h | 1 + drivers/net/netdevsim/udp_tunnels.c | 23 +-- drivers/net/phy/nxp-c45-tja11xx.c | 2 + drivers/net/team/team.c | 11 +- drivers/net/tun.c | 2 +- drivers/net/usb/rtl8150.c | 22 +++ drivers/net/vxlan/vxlan_core.c | 7 +- drivers/net/vxlan/vxlan_vnifilter.c | 5 + drivers/net/wireless/ath/ath11k/dp_rx.c | 1 + drivers/net/wireless/ath/ath11k/hal_rx.c | 3 +- drivers/net/wireless/ath/wcn36xx/main.c | 5 +- .../wireless/broadcom/brcm80211/brcmfmac/core.c | 5 + .../net/wireless/broadcom/brcm80211/brcmfmac/of.c | 8 +- .../broadcom/brcm80211/brcmsmac/phy/phy_n.c | 3 + drivers/net/wireless/intel/iwlwifi/fw/acpi.c | 13 +- drivers/net/wireless/mediatek/mt76/mt7915/mmio.c | 2 +- drivers/net/wireless/mediatek/mt76/mt7921/main.c | 8 +- drivers/net/wireless/mediatek/mt76/usb.c | 4 +- drivers/net/wireless/realtek/rtlwifi/base.c | 29 +--- drivers/net/wireless/realtek/rtlwifi/base.h | 2 - drivers/net/wireless/realtek/rtlwifi/pci.c | 66 ++------- .../net/wireless/realtek/rtlwifi/rtl8192se/sw.c | 7 +- .../net/wireless/realtek/rtlwifi/rtl8821ae/fw.h | 4 +- drivers/net/wireless/realtek/rtlwifi/usb.c | 12 +- drivers/net/wireless/realtek/rtlwifi/wifi.h | 23 --- drivers/net/wireless/ti/wlcore/main.c | 10 +- drivers/net/wwan/iosm/iosm_ipc_pcie.c | 56 ++++++- drivers/nvme/host/core.c | 16 +- drivers/nvme/host/ioctl.c | 8 +- drivers/nvme/host/pci.c | 4 +- drivers/nvmem/core.c | 2 + drivers/nvmem/qcom-spmi-sdam.c | 1 + drivers/of/base.c | 8 +- drivers/of/of_reserved_mem.c | 7 +- drivers/opp/core.c | 156 ++++++++++++++++---- drivers/opp/of.c | 4 +- drivers/parport/parport_pc.c | 5 + drivers/pci/controller/pcie-rcar-ep.c | 2 +- drivers/pci/endpoint/functions/pci-epf-test.c | 51 +++---- drivers/pci/endpoint/pci-epc-core.c | 2 +- drivers/pci/endpoint/pci-epf-core.c | 1 + drivers/pci/quirks.c | 12 ++ drivers/pci/switch/switchtec.c | 26 ++++ drivers/pinctrl/pinctrl-cy8c95x0.c | 2 +- drivers/pinctrl/samsung/pinctrl-samsung.c | 2 +- drivers/pinctrl/stm32/pinctrl-stm32.c | 105 +++++++++---- drivers/platform/x86/acer-wmi.c | 4 + drivers/platform/x86/intel/int3472/discrete.c | 3 + drivers/platform/x86/intel/int3472/tps68470.c | 3 + drivers/pps/clients/pps-gpio.c | 4 +- drivers/pps/clients/pps-ktimer.c | 4 +- drivers/pps/clients/pps-ldisc.c | 6 +- drivers/pps/clients/pps_parport.c | 4 +- drivers/pps/kapi.c | 10 +- drivers/pps/kc.c | 10 +- drivers/pps/pps.c | 127 ++++++++-------- drivers/ptp/ptp_chardev.c | 4 + drivers/ptp/ptp_clock.c | 8 + drivers/ptp/ptp_ocp.c | 2 +- drivers/pwm/pwm-stm32-lp.c | 8 +- drivers/pwm/pwm-stm32.c | 7 +- drivers/regulator/core.c | 2 +- drivers/regulator/of_regulator.c | 14 +- drivers/remoteproc/remoteproc_core.c | 14 +- drivers/rtc/rtc-pcf85063.c | 11 +- drivers/rtc/rtc-zynqmp.c | 4 +- drivers/scsi/mpt3sas/mpt3sas_base.c | 3 +- drivers/scsi/qla2xxx/qla_def.h | 2 + drivers/scsi/qla2xxx/qla_dfs.c | 122 ++++++++++++--- drivers/scsi/qla2xxx/qla_gbl.h | 3 + drivers/scsi/qla2xxx/qla_init.c | 28 ++-- drivers/scsi/storvsc_drv.c | 1 + drivers/soc/atmel/soc.c | 2 +- drivers/soc/qcom/smem_state.c | 3 +- drivers/soc/qcom/socinfo.c | 2 +- drivers/spi/spi-zynq-qspi.c | 13 +- drivers/staging/media/imx/imx-media-of.c | 8 +- drivers/staging/media/max96712/max96712.c | 4 +- drivers/tty/serial/8250/8250.h | 2 + drivers/tty/serial/8250/8250_dma.c | 16 ++ drivers/tty/serial/8250/8250_pci.c | 10 ++ drivers/tty/serial/8250/8250_port.c | 41 +++++- drivers/tty/serial/sh-sci.c | 25 +++- drivers/tty/serial/xilinx_uartps.c | 10 +- drivers/ufs/core/ufs_bsg.c | 2 + drivers/usb/chipidea/ci_hdrc_imx.c | 31 ++-- drivers/usb/class/cdc-acm.c | 28 +++- drivers/usb/core/hub.c | 14 +- drivers/usb/core/quirks.c | 6 + drivers/usb/dwc2/gadget.c | 1 + drivers/usb/dwc3/core.c | 30 ++-- drivers/usb/dwc3/dwc3-am62.c | 1 + drivers/usb/dwc3/gadget.c | 34 +++++ drivers/usb/gadget/function/f_midi.c | 8 +- drivers/usb/gadget/function/f_tcm.c | 66 ++++----- drivers/usb/gadget/udc/renesas_usb3.c | 2 +- drivers/usb/host/pci-quirks.c | 9 ++ drivers/usb/host/xhci-ring.c | 3 +- drivers/usb/roles/class.c | 5 +- drivers/usb/serial/option.c | 49 +++--- drivers/usb/typec/tcpm/tcpci.c | 13 +- drivers/usb/typec/tcpm/tcpm.c | 10 +- drivers/vfio/iova_bitmap.c | 2 +- drivers/vfio/pci/vfio_pci_rdwr.c | 1 + drivers/vfio/platform/vfio_platform_common.c | 10 ++ drivers/video/fbdev/omap/lcd_dma.c | 4 +- drivers/video/fbdev/omap2/omapfb/dss/dss-of.c | 1 + drivers/xen/swiotlb-xen.c | 20 ++- fs/afs/dir.c | 7 +- fs/afs/xdr_fs.h | 2 +- fs/afs/yfsclient.c | 5 +- fs/binfmt_flat.c | 2 +- fs/btrfs/file.c | 6 +- fs/btrfs/inode.c | 4 +- fs/btrfs/relocation.c | 14 +- fs/btrfs/super.c | 2 +- fs/btrfs/transaction.c | 4 +- fs/cachefiles/interface.c | 14 +- fs/cachefiles/ondemand.c | 30 +++- fs/exec.c | 29 +++- fs/f2fs/dir.c | 53 +++++-- fs/f2fs/f2fs.h | 6 +- fs/f2fs/file.c | 13 ++ fs/f2fs/inline.c | 5 +- fs/file_table.c | 2 +- fs/nfs/flexfilelayout/flexfilelayout.c | 27 +++- fs/nfs/nfs42proc.c | 2 +- fs/nfs/nfs42xdr.c | 2 + fs/nfsd/nfs2acl.c | 2 + fs/nfsd/nfs3acl.c | 2 + fs/nfsd/nfs4callback.c | 8 +- fs/nilfs2/inode.c | 10 +- fs/nilfs2/mdt.c | 6 +- fs/nilfs2/page.c | 55 ++++--- fs/nilfs2/page.h | 4 +- fs/nilfs2/segment.c | 4 +- fs/ocfs2/dir.c | 25 +++- fs/ocfs2/quota_global.c | 5 + fs/ocfs2/super.c | 2 +- fs/ocfs2/symlink.c | 5 +- fs/orangefs/orangefs-debugfs.c | 4 +- fs/proc/array.c | 2 +- fs/pstore/blk.c | 4 +- fs/select.c | 4 +- fs/smb/client/cifsglob.h | 14 +- fs/smb/client/smb1ops.c | 2 +- fs/smb/client/smb2ops.c | 21 +-- fs/smb/client/smb2pdu.c | 2 +- fs/smb/client/smb2proto.h | 2 +- fs/smb/server/transport_ipc.c | 9 ++ fs/ubifs/debug.c | 22 +-- fs/xfs/xfs_inode.c | 7 +- fs/xfs/xfs_qm_bhv.c | 41 ++++-- fs/xfs/xfs_super.c | 11 +- include/linux/binfmts.h | 4 +- include/linux/cgroup-defs.h | 6 +- include/linux/efi.h | 1 + include/linux/i8253.h | 1 + include/linux/ieee80211.h | 11 +- include/linux/iommu.h | 2 +- include/linux/kallsyms.h | 2 +- include/linux/kvm_host.h | 9 ++ include/linux/mfd/syscon.h | 33 +++-- include/linux/mlx5/driver.h | 1 - include/linux/netdevice.h | 8 +- include/linux/pci_ids.h | 4 + include/linux/pm_opp.h | 72 ++++++--- include/linux/pps_kernel.h | 3 +- include/linux/sched.h | 4 +- include/linux/sched/task.h | 1 + include/linux/usb/tcpm.h | 3 +- include/net/ax25.h | 10 +- include/net/inetpeer.h | 12 +- include/net/l3mdev.h | 2 + include/net/net_namespace.h | 15 +- include/net/route.h | 9 +- include/net/sch_generic.h | 2 +- include/rv/da_monitor.h | 4 + include/uapi/linux/input-event-codes.h | 1 + include/ufs/ufs.h | 4 +- io_uring/io_uring.c | 5 +- io_uring/net.c | 5 + io_uring/poll.c | 4 + io_uring/rw.c | 10 ++ kernel/cgroup/cgroup.c | 20 ++- kernel/cgroup/rstat.c | 1 - kernel/debug/kdb/kdb_io.c | 2 + kernel/irq/internals.h | 9 +- kernel/padata.c | 45 ++++-- kernel/power/hibernate.c | 7 +- kernel/printk/printk.c | 2 +- kernel/sched/core.c | 8 +- kernel/sched/cpufreq_schedutil.c | 4 +- kernel/sched/fair.c | 17 ++- kernel/sched/stats.h | 22 +-- kernel/time/clocksource.c | 9 +- kernel/trace/bpf_trace.c | 2 +- lib/Kconfig.debug | 8 +- lib/maple_tree.c | 22 +-- mm/gup.c | 14 +- mm/kfence/core.c | 2 + mm/kmemleak.c | 2 +- net/ax25/af_ax25.c | 23 ++- net/ax25/ax25_dev.c | 4 +- net/ax25/ax25_ip.c | 3 +- net/ax25/ax25_out.c | 22 ++- net/ax25/ax25_route.c | 2 + net/batman-adv/bat_v.c | 2 - net/batman-adv/bat_v_elp.c | 122 ++++++++++----- net/batman-adv/bat_v_elp.h | 2 - net/batman-adv/types.h | 3 - net/bluetooth/l2cap_sock.c | 7 +- net/bluetooth/mgmt.c | 12 +- net/can/j1939/socket.c | 4 +- net/can/j1939/transport.c | 5 +- net/core/filter.c | 2 +- net/core/flow_dissector.c | 21 +-- net/core/neighbour.c | 11 +- net/core/sysctl_net_core.c | 5 +- net/dsa/slave.c | 7 +- net/ethtool/netlink.c | 2 +- net/hsr/hsr_forward.c | 7 +- net/ipv4/arp.c | 4 +- net/ipv4/devinet.c | 3 +- net/ipv4/icmp.c | 40 ++--- net/ipv4/inetpeer.c | 31 +--- net/ipv4/ip_fragment.c | 15 +- net/ipv4/ipmr_base.c | 3 - net/ipv4/route.c | 56 +++++-- net/ipv4/tcp_cubic.c | 8 +- net/ipv4/udp.c | 4 +- net/ipv6/icmp.c | 6 +- net/ipv6/ip6_output.c | 6 +- net/ipv6/mcast.c | 14 +- net/ipv6/ndisc.c | 36 +++-- net/ipv6/route.c | 7 +- net/ipv6/udp.c | 4 +- net/mac80211/debugfs_netdev.c | 2 +- net/mptcp/options.c | 13 +- net/mptcp/pm_netlink.c | 3 +- net/mptcp/protocol.c | 5 +- net/mptcp/protocol.h | 30 ++-- net/ncsi/internal.h | 2 + net/ncsi/ncsi-cmd.c | 3 +- net/ncsi/ncsi-manage.c | 38 +++-- net/ncsi/ncsi-pkt.h | 10 ++ net/ncsi/ncsi-rsp.c | 58 ++++++-- net/netfilter/nf_tables_api.c | 8 +- net/netfilter/nft_flow_offload.c | 16 +- net/nfc/nci/hci.c | 2 + net/openvswitch/datapath.c | 12 +- net/rose/af_rose.c | 40 +++-- net/rose/rose_timer.c | 15 ++ net/sched/sch_api.c | 4 + net/sched/sch_netem.c | 2 +- net/sched/sch_sfq.c | 58 ++++---- net/smc/af_smc.c | 2 +- net/smc/smc_rx.c | 37 +++-- net/smc/smc_rx.h | 8 +- net/tipc/crypto.c | 4 +- net/wireless/scan.c | 35 +++++ net/xfrm/xfrm_replay.c | 10 +- samples/landlock/sandboxer.c | 7 + scripts/Makefile.extrawarn | 5 +- scripts/Makefile.lib | 4 +- scripts/genksyms/genksyms.c | 11 +- scripts/genksyms/genksyms.h | 2 +- scripts/genksyms/parse.y | 18 ++- scripts/kconfig/conf.c | 6 + scripts/kconfig/confdata.c | 102 ++++++------- scripts/kconfig/lkc_proto.h | 2 + scripts/kconfig/symbol.c | 10 ++ security/landlock/fs.c | 11 +- security/safesetid/securityfs.c | 3 + security/tomoyo/common.c | 2 +- sound/pci/hda/hda_auto_parser.c | 8 +- sound/pci/hda/hda_auto_parser.h | 1 + sound/pci/hda/patch_realtek.c | 3 + sound/soc/amd/Kconfig | 2 +- sound/soc/amd/yc/acp6x-mach.c | 28 ++++ sound/soc/intel/avs/apl.c | 2 +- sound/soc/intel/boards/bytcr_rt5640.c | 17 ++- sound/soc/rockchip/rockchip_i2s_tdm.c | 31 +++- sound/soc/sh/rz-ssi.c | 3 +- sound/soc/soc-pcm.c | 31 +++- sound/soc/sunxi/sun4i-spdif.c | 7 + sound/usb/quirks.c | 2 + tools/bootconfig/main.c | 4 +- tools/lib/bpf/linker.c | 22 +-- tools/lib/bpf/usdt.c | 2 +- tools/perf/bench/epoll-wait.c | 7 +- tools/perf/builtin-report.c | 2 +- tools/perf/builtin-top.c | 2 +- tools/perf/builtin-trace.c | 6 +- tools/perf/util/bpf-event.c | 10 +- tools/perf/util/env.c | 13 +- tools/perf/util/env.h | 4 +- tools/perf/util/header.c | 8 +- tools/perf/util/namespaces.c | 7 +- tools/perf/util/namespaces.h | 3 +- .../cpupower/utils/idle_monitor/mperf_monitor.c | 15 +- tools/testing/ktest/ktest.pl | 7 +- tools/testing/selftests/bpf/test_tc_tunnel.sh | 1 + .../drivers/net/netdevsim/udp_tunnel_nic.sh | 16 +- tools/testing/selftests/gpio/gpio-sim.sh | 31 +++- tools/testing/selftests/kselftest_harness.h | 24 +-- tools/testing/selftests/landlock/fs_test.c | 3 +- tools/testing/selftests/net/ipsec.c | 3 +- tools/testing/selftests/net/mptcp/mptcp_connect.c | 2 +- tools/testing/selftests/net/pmtu.sh | 112 +++++++++++--- tools/testing/selftests/net/rtnetlink.sh | 4 +- tools/testing/selftests/net/udpgso.c | 26 ++++ .../selftests/powerpc/benchmarks/gettimeofday.c | 2 +- .../testing/selftests/timers/clocksource-switch.c | 6 +- tools/tracing/rtla/src/osnoise.c | 2 +- tools/tracing/rtla/src/timerlat_hist.c | 19 ++- tools/tracing/rtla/src/timerlat_top.c | 20 ++- tools/tracing/rtla/src/trace.c | 8 + tools/tracing/rtla/src/trace.h | 1 + 553 files changed, 4631 insertions(+), 2332 deletions(-)

4 months, 3 weeks

12
590
0 0

[PATCH v2] PCI: brcmstb: Fix for missing of_node_put

by Stanimir Varbanov

A call to of_parse_phandle() is incrementing the refcount, of_node_put must be called when done the work on it. Add missing of_node_put() after the check for msi_np == np and MSI initialization. Cc: stable(a)vger.kernel.org # v5.10+ Fixes: 40ca1bf580ef ("PCI: brcmstb: Add MSI support") Signed-off-by: Stanimir Varbanov <svarbanov(a)suse.de> --- v1 -> v2: - Use of_node_put instead of cleanups (Florian). - Sent the patch separately from PCIe 2712 series (Florian). drivers/pci/controller/pcie-brcmstb.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/drivers/pci/controller/pcie-brcmstb.c b/drivers/pci/controller/pcie-brcmstb.c index 744fe1a4cf9c..d171ee61eab3 100644 --- a/drivers/pci/controller/pcie-brcmstb.c +++ b/drivers/pci/controller/pcie-brcmstb.c @@ -1844,7 +1844,7 @@ static struct pci_ops brcm7425_pcie_ops = { static int brcm_pcie_probe(struct platform_device *pdev) { - struct device_node *np = pdev->dev.of_node, *msi_np; + struct device_node *np = pdev->dev.of_node; struct pci_host_bridge *bridge; const struct pcie_cfg_data *data; struct brcm_pcie *pcie; @@ -1944,9 +1944,14 @@ static int brcm_pcie_probe(struct platform_device *pdev) goto fail; } - msi_np = of_parse_phandle(pcie->np, "msi-parent", 0); - if (pci_msi_enabled() && msi_np == pcie->np) { - ret = brcm_pcie_enable_msi(pcie); + if (pci_msi_enabled()) { + struct device_node *msi_np = of_parse_phandle(pcie->np, "msi-parent", 0); + + if (msi_np == pcie->np) + ret = brcm_pcie_enable_msi(pcie); + + of_node_put(msi_np); + if (ret) { dev_err(pcie->dev, "probe of internal MSI failed"); goto fail; -- 2.47.0

4 months, 3 weeks

4
3
0 0

[PATCH 6.12 000/230] 6.12.16-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.12.16 release. There are 230 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 21 Feb 2025 08:25:11 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.12.16-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.12.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.12.16-rc1 Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "vfio/platform: check the bounds of read/write syscalls" Michal Luczaj <mhal(a)rbox.co> vsock: Orphan socket after transport release Michal Luczaj <mhal(a)rbox.co> vsock: Keep the binding until socket destruction Pavel Begunkov <asml.silence(a)gmail.com> io_uring/kbuf: reallocate buf lists on upgrade Avri Altman <avri.altman(a)wdc.com> scsi: ufs: core: Ensure clk_gating.lock is used only after initialization Jakub Kicinski <kuba(a)kernel.org> net: ipv6: fix dst refleaks in rpl, seg6 and ioam6 lwtunnels Dhananjay Ugwekar <dhananjay.ugwekar(a)amd.com> cpufreq/amd-pstate: Remove the goto label in amd_pstate_update_limits Ping-Ke Shih <pkshih(a)realtek.com> wifi: rtw89: pci: disable PCIE wake bit when PCIE deinit Jiri Olsa <jolsa(a)kernel.org> selftests/bpf: Fix uprobe consumer test Jason Xing <kernelxing(a)tencent.com> bpf: handle implicit declaration of function gettid in bpf_iter.c Andrew Cooper <andrew.cooper3(a)citrix.com> x86/static-call: Remove early_boot_irqs_disabled check to fix Xen PVH dom0 Juri Lelli <juri.lelli(a)redhat.com> sched/deadline: Check bandwidth overflow earlier for hotplug Juri Lelli <juri.lelli(a)redhat.com> sched/deadline: Correctly account for allocated bandwidth during hotplug Juri Lelli <juri.lelli(a)redhat.com> sched/deadline: Restore dl_server bandwidth on non-destructive root domain changes Hangbin Liu <liuhangbin(a)gmail.com> selftests: rtnetlink: update netdevsim ipsec output format Hangbin Liu <liuhangbin(a)gmail.com> netdevsim: print human readable IP address Chris Brandt <chris.brandt(a)renesas.com> drm: renesas: rz-du: Increase supported resolutions Thomas Hellström <thomas.hellstrom(a)linux.intel.com> drm/xe/tracing: Fix a potential TP_printk UAF Christian Gmeiner <cgmeiner(a)igalia.com> drm/v3d: Stop active perfmon if it is being destroyed Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dpu1: don't choke on disabling the writeback connector Stephan Gerhold <stephan.gerhold(a)linaro.org> drm/msm/dpu: fix x1e80100 intf_6 underrun/vsync interrupt Tomi Valkeinen <tomi.valkeinen+renesas(a)ideasonboard.com> drm/rcar-du: dsi: Fix PHY lock bit check Dan Carpenter <dan.carpenter(a)linaro.org> drm/msm/gem: prevent integer overflow in msm_ioctl_gem_submit() Devarsh Thakkar <devarsht(a)ti.com> drm/tidss: Clear the interrupt status for interrupts being disabled Devarsh Thakkar <devarsht(a)ti.com> drm/tidss: Fix race condition while handling interrupt registers Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> drm/tidss: Fix issue in irq handling causing irq-flood issue Eric Dumazet <edumazet(a)google.com> ipv6: mcast: add RCU protection to mld_newpack() Filipe Manana <fdmanana(a)suse.com> btrfs: fix stale page cache after race between readahead and direct IO write David Sterba <dsterba(a)suse.com> btrfs: rename __get_extent_map() and pass btrfs_inode Eric Dumazet <edumazet(a)google.com> ipv6: mcast: extend RCU protection in igmp6_send() Eric Dumazet <edumazet(a)google.com> ndisc: extend RCU protection in ndisc_send_skb() Eric Dumazet <edumazet(a)google.com> openvswitch: use RCU protection in ovs_vport_cmd_fill_info() Eric Dumazet <edumazet(a)google.com> arp: use RCU protection in arp_xmit() Eric Dumazet <edumazet(a)google.com> neighbour: use RCU protection in __neigh_notify() Eric Dumazet <edumazet(a)google.com> ndisc: use RCU protection in ndisc_alloc_skb() Vicki Pfau <vi(a)endrift.com> HID: hid-steam: Move hidraw input (un)registering to work Vicki Pfau <vi(a)endrift.com> HID: hid-steam: Make sure rumble work is canceled on removal Eric Dumazet <edumazet(a)google.com> ipv6: icmp: convert to dev_net_rcu() Eric Dumazet <edumazet(a)google.com> ipv6: use RCU protection in ip6_default_advmss() Eric Dumazet <edumazet(a)google.com> flow_dissector: use RCU protection to fetch dev_net() Eric Dumazet <edumazet(a)google.com> ipv4: icmp: convert to dev_net_rcu() Eric Dumazet <edumazet(a)google.com> ipv4: use RCU protection in __ip_rt_update_pmtu() Vladimir Vdovin <deliran(a)verdict.gg> net: ipv4: Cache pmtu for all packet paths if multipath enabled Eric Dumazet <edumazet(a)google.com> ipv4: use RCU protection in inet_select_addr() Eric Dumazet <edumazet(a)google.com> ipv4: use RCU protection in rt_is_expired() Eric Dumazet <edumazet(a)google.com> ipv4: use RCU protection in ipv4_default_advmss() Eric Dumazet <edumazet(a)google.com> net: add dev_net_rcu() helper Eric Dumazet <edumazet(a)google.com> ipv4: use RCU protection in ip_dst_mtu_maybe_forward() Eric Dumazet <edumazet(a)google.com> ipv4: add RCU protection to ip4_dst_hoplimit() Dhananjay Ugwekar <dhananjay.ugwekar(a)amd.com> cpufreq/amd-pstate: Fix cpufreq_policy ref counting Mario Limonciello <mario.limonciello(a)amd.com> cpufreq/amd-pstate: convert mutex use to guard() Dhananjay Ugwekar <Dhananjay.Ugwekar(a)amd.com> cpufreq/amd-pstate: Merge amd_pstate_epp_cpu_offline() and amd_pstate_epp_offline() Dhananjay Ugwekar <Dhananjay.Ugwekar(a)amd.com> cpufreq/amd-pstate: Remove the cppc_state check in offline/online functions Dhananjay Ugwekar <Dhananjay.Ugwekar(a)amd.com> cpufreq/amd-pstate: Refactor amd_pstate_epp_reenable() and amd_pstate_epp_offline() Dhananjay Ugwekar <Dhananjay.Ugwekar(a)amd.com> cpufreq/amd-pstate: Align offline flow of shared memory and MSR based systems Dhananjay Ugwekar <Dhananjay.Ugwekar(a)amd.com> cpufreq/amd-pstate: Call cppc_set_epp_perf in the reenable function Justin M. Forbes <jforbes(a)fedoraproject.org> rust: kbuild: add -fzero-init-padding-bits to bindgen_skip_cflags Avri Altman <avri.altman(a)wdc.com> scsi: ufs: Fix toggling of clk_gating.state when clock gating is not allowed Avri Altman <avri.altman(a)wdc.com> scsi: ufs: core: Introduce a new clock_gating lock Avri Altman <avri.altman(a)wdc.com> scsi: ufs: core: Prepare to introduce a new clock_gating lock Avri Altman <avri.altman(a)wdc.com> scsi: ufs: core: Introduce ufshcd_has_pending_tasks() Waiman Long <longman(a)redhat.com> clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context Waiman Long <longman(a)redhat.com> clocksource: Use pr_info() for "Checking clocksource synchronization" message Jakub Kicinski <kuba(a)kernel.org> net: ipv6: fix dst ref loops in rpl, seg6 and ioam6 lwtunnels Justin Iurman <justin.iurman(a)uliege.be> net: ipv6: rpl_iptunnel: mitigate 2-realloc issue Justin Iurman <justin.iurman(a)uliege.be> net: ipv6: seg6_iptunnel: mitigate 2-realloc issue Justin Iurman <justin.iurman(a)uliege.be> net: ipv6: ioam6_iptunnel: mitigate 2-realloc issue Justin Iurman <justin.iurman(a)uliege.be> include: net: add static inline dst_dev_overhead() to dst.h Filipe Manana <fdmanana(a)suse.com> btrfs: fix hole expansion when writing at an offset beyond EOF Wentao Liang <vulab(a)iscas.ac.cn> mlxsw: Add return value check for mlxsw_sp_port_get_stats_raw() Shyam Prasad N <sprasad(a)microsoft.com> cifs: pick channels for individual subrequests Song Yoong Siang <yoong.siang.song(a)intel.com> igc: Set buffer type for empty frames in igc_init_empty_frame Andy-ld Lu <andy-ld.lu(a)mediatek.com> mmc: mtk-sd: Fix register settings for hs400(es) mode Nathan Chancellor <nathan(a)kernel.org> arm64: Handle .ARM.attributes section in linker scripts Jiasheng Jiang <jiashengjiangcool(a)gmail.com> regmap-irq: Add missing kfree() Lu Baolu <baolu.lu(a)linux.intel.com> iommu: Fix potential memory leak in iopf_queue_remove_device() Varadarajan Narayanan <quic_varada(a)quicinc.com> regulator: qcom_smd: Add l2, l5 sub-node to mp5496 regulator Tejun Heo <tj(a)kernel.org> sched_ext: Fix incorrect autogroup migration detection Jann Horn <jannh(a)google.com> partitions: mac: fix handling of bogus partition table Wentao Liang <vulab(a)iscas.ac.cn> gpio: stmpe: Check return value of stmpe_reg_read in stmpe_gpio_irq_sync_unlock Mario Limonciello <mario.limonciello(a)amd.com> gpiolib: acpi: Add a quirk for Acer Nitro ANV14 Niklas Schnelle <schnelle(a)linux.ibm.com> s390/pci: Fix handling of isolated VFs Niklas Schnelle <schnelle(a)linux.ibm.com> s390/pci: Pull search for parent PF out of zpci_iov_setup_virtfn() Ivan Kokshaysky <ink(a)unseen.parts> alpha: align stack for page fault and user unaligned trap handlers Ivan Kokshaysky <ink(a)unseen.parts> alpha: replace hardcoded stack offsets with autogenerated ones John Keeping <jkeeping(a)inmusicbrands.com> serial: 8250: Fix fifo underflow on flush Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> serial: port: Always update ->iotype in __uart_read_properties() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> serial: port: Assign ->iotype correctly when ->iobase is set Shakeel Butt <shakeel.butt(a)linux.dev> cgroup: fix race between fork and cgroup.kill Miguel Ojeda <ojeda(a)kernel.org> rust: rbtree: fix overindented list item Miguel Ojeda <ojeda(a)kernel.org> objtool/rust: add one more `noreturn` Rust function Miguel Ojeda <ojeda(a)kernel.org> arm64: rust: clean Rust 1.85.0 warning using softfloat target Ard Biesheuvel <ardb(a)kernel.org> efi: Avoid cold plugged memory for placing the kernel Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> kbuild: userprogs: fix bitsize and target detection on clang Bjorn Helgaas <bhelgaas(a)google.com> PCI: Avoid FLR for Mediatek MT7922 WiFi Aditya Kumar Singh <aditya.kumar.singh(a)oss.qualcomm.com> wifi: ath12k: fix handling of 6 GHz rules Ivan Kokshaysky <ink(a)unseen.parts> alpha: make stack 16-byte aligned (most cases) Vincent Mailhol <mailhol.vincent(a)wanadoo.fr> can: etas_es58x: fix potential NULL pointer dereference on udev->serial Robin van der Gracht <robin(a)protonic.nl> can: rockchip: rkcanfd_handle_rx_fifo_overflow_int(): bail out if skb cannot be allocated Alexander Hölzl <alexander.hoelzl(a)gmx.net> can: j1939: j1939_sk_send_loop(): fix unable to send messages with data length zero Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> can: c_can: fix unbalanced runtime PM disable in error path Fedor Pchelkin <pchelkin(a)ispras.ru> can: ctucanfd: handle skb allocation failure Johan Hovold <johan(a)kernel.org> USB: serial: option: drop MeiG Smart defines Fabio Porcedda <fabio.porcedda(a)gmail.com> USB: serial: option: fix Telit Cinterion FN990A name Fabio Porcedda <fabio.porcedda(a)gmail.com> USB: serial: option: add Telit Cinterion FN990B compositions Chester A. Unal <chester.a.unal(a)arinc9.com> USB: serial: option: add MeiG Smart SLM828 Roy Luo <royluo(a)google.com> usb: gadget: core: flush gadget workqueue after device removal Jann Horn <jannh(a)google.com> usb: cdc-acm: Fix handling of oversized fragments Jann Horn <jannh(a)google.com> usb: cdc-acm: Check control transfer buffer size before access Marek Vasut <marek.vasut+renesas(a)mailbox.org> USB: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk Alan Stern <stern(a)rowland.harvard.edu> USB: hub: Ignore non-compliant devices with too many configs or interfaces John Keeping <jkeeping(a)inmusicbrands.com> usb: gadget: f_midi: fix MIDI Streaming descriptor lengths Mathias Nyman <mathias.nyman(a)linux.intel.com> USB: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone Lei Huang <huanglei(a)kylinos.cn> USB: quirks: add USB_QUIRK_NO_LPM quirk for Teclast dist Stefan Eichenberger <stefan.eichenberger(a)toradex.com> usb: core: fix pipe creation for get_bMaxPacketSize0 Huacai Chen <chenhuacai(a)kernel.org> USB: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI Michal Pecio <michal.pecio(a)gmail.com> usb: xhci: Restore xhci_pci support for Renesas HCs Fabrice Gasnier <fabrice.gasnier(a)foss.st.com> usb: dwc2: gadget: remove of_node reference upon udc_stop Guo Ren <guoren(a)kernel.org> usb: gadget: udc: renesas_usb3: Fix compiler warning Elson Roy Serrao <quic_eserrao(a)quicinc.com> usb: roles: set switch registered flag early on Selvarasu Ganesan <selvarasu.g(a)samsung.com> usb: dwc3: Fix timeout issue during controller enter/exit from halt state Selvarasu Ganesan <selvarasu.g(a)samsung.com> usb: gadget: f_midi: Fixing wMaxPacketSize exceeded issue during MIDI bind retries Steven Rostedt <rostedt(a)goodmis.org> ring-buffer: Update pages_touched to reflect persistent buffer content Steven Rostedt <rostedt(a)goodmis.org> ring-buffer: Validate the persistent meta data subbuf array Steven Rostedt <rostedt(a)goodmis.org> tracing: Do not allow mmap() of persistent ring buffer Steven Rostedt <rostedt(a)goodmis.org> ring-buffer: Unlock resize on mmap error Sean Christopherson <seanjc(a)google.com> perf/x86/intel: Ensure LBRs are disabled when a CPU is starting Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel: Fix ARCH_PERFMON_NUM_COUNTER_LEAF Sean Christopherson <seanjc(a)google.com> KVM: nSVM: Enter guest mode before initializing nested NPT MMU Sean Christopherson <seanjc(a)google.com> KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop Sean Christopherson <seanjc(a)google.com> KVM: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC isn't in-kernel Jiang Liu <gerry(a)linux.alibaba.com> drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: bump version for RV/PCO compute fix Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/gfx9: manually control gfxoff for CS on RV Sven Eckelmann <sven(a)narfation.org> batman-adv: Drop unmanaged ELP metric worker Sven Eckelmann <sven(a)narfation.org> batman-adv: Ignore neighbor throughput metrics in error case Andy Strohman <andrew(a)andrewstrohman.com> batman-adv: fix panic during interface removal Kees Cook <kees(a)kernel.org> kbuild: Use -fzero-init-padding-bits=all Hans de Goede <hdegoede(a)redhat.com> ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet 5V Masahiro Yamada <masahiroy(a)kernel.org> kbuild: suppress stdout from merge_config for silent builds Mike Marshall <hubcap(a)omnibond.com> orangefs: fix a oob in orangefs_debug_write Rik van Riel <riel(a)fb.com> x86/mm/tlb: Only trim the mm_cpumask once a second Hans de Goede <hdegoede(a)redhat.com> ACPI: x86: Add skip i2c clients quirk for Vexia EDU ATLA 10 tablet 5V Koichiro Den <koichiro.den(a)canonical.com> selftests: gpio: gpio-sim: Fix missing chip disablements Maksym Planeta <maksym(a)exostellar.io> Grab mm lock before grabbing pt lock Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Unify inode corruption marking with _ntfs_bad_inode() Ankit Agrawal <ankita(a)nvidia.com> vfio/nvgrace-gpu: Expose the blackwell device PF BAR1 to the VM Ankit Agrawal <ankita(a)nvidia.com> vfio/nvgrace-gpu: Read dvsec register to determine need for uncached resmem Zichen Xie <zichenxie0106(a)gmail.com> NFS: Fix potential buffer overflowin nfs_sysfs_link_rpc_client() Ramesh Thomas <ramesh.thomas(a)intel.com> vfio/pci: Enable iowrite64 and ioread64 for vfio pci Brian Norris <briannorris(a)chromium.org> kunit: platform: Resolve 'struct completion' warning Rengarajan S <rengarajan.s(a)microchip.com> 8250: microchip: pci1xxxx: Add workaround for RTS bit toggle Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> serial: 8250_pci: Share WCH IDs with parport_serial driver Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> serial: 8250_pci: Resolve WCH vendor ID ambiguity Tomas Glozar <tglozar(a)redhat.com> rtla/timerlat_top: Abort event processing on second signal Tomas Glozar <tglozar(a)redhat.com> rtla/timerlat_hist: Abort event processing on second signal Guixin Liu <kanie(a)linux.alibaba.com> scsi: ufs: bsg: Set bsg_queue to NULL after removal Rakesh Babu Saladi <Saladi.Rakeshbabu(a)microchip.com> PCI: switchtec: Add Microchip PCI100X device IDs Takashi Iwai <tiwai(a)suse.de> PCI/DPC: Quirk PIO log size for Intel Raptor Lake-P Edward Adam Davis <eadavis(a)qq.com> media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread Isaac Scott <isaac.scott(a)ideasonboard.com> media: uvcvideo: Add Kurokesu C1 PRO camera Isaac Scott <isaac.scott(a)ideasonboard.com> media: uvcvideo: Add new quirk definition for the Sonix Technology Co. 292a camera Isaac Scott <isaac.scott(a)ideasonboard.com> media: uvcvideo: Implement dual stream quirk to fix loss of usb packets Naushir Patuck <naush(a)raspberrypi.com> media: bcm2835-unicam: Disable trigger mode operation Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> media: i2c: ds90ub953: Add error handling for i2c reads/writes Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> media: i2c: ds90ub913: Add error handling to ub913_hw_init() Arnd Bergmann <arnd(a)arndb.de> media: cxd2841er: fix 64-bit division on gcc-9 Jarkko Nikula <jarkko.nikula(a)linux.intel.com> i3c: mipi-i3c-hci: Add support for MIPI I3C HCI on PCI bus Jarkko Nikula <jarkko.nikula(a)linux.intel.com> i3c: mipi-i3c-hci: Add Intel specific quirk to ring resuming Kartik Rajput <kkartik(a)nvidia.com> soc/tegra: fuse: Update Tegra234 nvmem keepout list Aaro Koskinen <aaro.koskinen(a)iki.fi> fbdev: omap: use threaded IRQ for LCD DMA Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> firmware: qcom: scm: smc: Handle missing SCM device Michael Margolin <mrgolin(a)amazon.com> RDMA/efa: Reset device on probe failure Masahiro Yamada <masahiroy(a)kernel.org> tools: fix annoying "mkdir -p ..." logs when building tools in parallel Vasant Hegde <vasant.hegde(a)amd.com> iommu/amd: Expicitly enable CNTRL.EPHEn bit in resume path Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpiolib: Fix crash on error in gpiochip_get_ngpios() Chuyi Zhou <zhouchuyi(a)bytedance.com> sched_ext: Use SCX_CALL_OP_TASK in task_tick_scx Chuyi Zhou <zhouchuyi(a)bytedance.com> sched_ext: Fix the incorrect bpf_list kfunc API in common.bpf.h. Jens Axboe <axboe(a)kernel.dk> block: cleanup and fix batch completion adding conditions Juergen Gross <jgross(a)suse.com> x86/xen: allow larger contiguous memory regions in PV guests Juergen Gross <jgross(a)suse.com> xen/swiotlb: relax alignment requirements Imre Deak <imre.deak(a)intel.com> drm: Fix DSC BPP increment decoding Jiang Liu <gerry(a)linux.alibaba.com> drm/amdgpu: bail out when failed to load fw in psp_init_cap_microcode() Zhu Lingshan <lingshan.zhu(a)amd.com> amdkfd: properly free gang_ctx_bo when failed to init user queue Jens Axboe <axboe(a)kernel.dk> io_uring/uring_cmd: remove dead req_has_async_data() check Pavel Begunkov <asml.silence(a)gmail.com> io_uring/waitid: don't abuse io_tw_state Artur Weber <aweber.kernel(a)gmail.com> gpio: bcm-kona: Add missing newline to dev_err format string Artur Weber <aweber.kernel(a)gmail.com> gpio: bcm-kona: Make sure GPIO bits are unlocked when requesting IRQ Artur Weber <aweber.kernel(a)gmail.com> gpio: bcm-kona: Fix GPIO lock/unlock for banks above bank 0 Krzysztof Karas <krzysztof.karas(a)intel.com> drm/i915/selftests: avoid using uninitialized context Tejas Upadhyay <tejas.upadhyay(a)intel.com> drm/xe/client: bo->client does not need bos_lock Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel: Clean up PEBS-via-PT on hybrid Muhammad Adeel <Muhammad.Adeel(a)ibm.com> cgroup: Remove steal time from usage_usec Rupinderjit Singh <rusingh(a)redhat.com> gpu: host1x: Fix a use of uninitialized mutex Radu Rendec <rrendec(a)redhat.com> arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array Maxime Ripard <mripard(a)kernel.org> drm/tests: hdmi: Fix WW_MUTEX_SLOWPATH failures Andrea Righi <arighi(a)nvidia.com> sched_ext: Fix lock imbalance in dispatch_to_local_dsq() Lai Jiangshan <jiangshan.ljs(a)antgroup.com> workqueue: Put the pwq after detaching the rescuer from the pool Eric Dumazet <edumazet(a)google.com> team: better TEAM_OPTION_TYPE_STRING validation Kiran K <kiran.k(a)intel.com> Bluetooth: btintel_pcie: Fix a potential race condition Roger Quadros <rogerq(a)kernel.org> net: ethernet: ti: am65_cpsw: fix tx_cleanup for XDP case Roger Quadros <rogerq(a)kernel.org> net: ethernet: ti: am65-cpsw: fix memleak in certain XDP cases Bibo Mao <maobibo(a)loongson.cn> LoongArch: KVM: Fix typo issue about GCFG feature detection Yuli Wang <wangyuli(a)uniontech.com> LoongArch: csum: Fix OoB access in IP checksum code for negative lengths Marco Crivellari <marco.crivellari(a)suse.com> LoongArch: Fix idle VS timer enqueue Eric Dumazet <edumazet(a)google.com> vxlan: check vxlan_vnigroup_init() return value Zdenek Bouska <zdenek.bouska(a)siemens.com> igc: Fix HW RX timestamp when passed by ZC XDP Joshua Hay <joshua.a.hay(a)intel.com> idpf: call set_real_num_queues in idpf_open Sridhar Samudrala <sridhar.samudrala(a)intel.com> idpf: record rx queue in skb for RSC packets Sridhar Samudrala <sridhar.samudrala(a)intel.com> idpf: fix handling rsc packet with a single segment Eric Dumazet <edumazet(a)google.com> vrf: use RCU protection in l3mdev_l3_out() Eric Dumazet <edumazet(a)google.com> ndisc: ndisc_send_redirect() must use dev_get_by_index_rcu() Reyders Morales <reyders1(a)gmail.com> Documentation/networking: fix basic node example document ISO 15765-2 Eric Dumazet <edumazet(a)google.com> net: fib_rules: annotate data-races around rule->[io]ifindex Murad Masimov <m.masimov(a)mt-integration.ru> ax25: Fix refcount leak caused by setting SO_BINDTODEVICE sockopt Kunihiko Hayashi <hayashi.kunihiko(a)socionext.com> spi: sn-f-ospi: Fix division by zero Vicki Pfau <vi(a)endrift.com> HID: hid-steam: Don't use cancel_delayed_work_sync in IRQ context Tulio Fernandes <tuliomf09(a)gmail.com> HID: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints() Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> pinctrl: pinconf-generic: Print unsigned value if a format is registered Nathan Chancellor <nathan(a)kernel.org> scripts/Makefile.extrawarn: Do not show clang's non-kprintf warnings at W=1 Charles Han <hanchunchao(a)inspur.com> HID: multitouch: Add NULL check in mt_input_configured Charles Han <hanchunchao(a)inspur.com> HID: winwing: Add NULL check in winwing_init_led() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> pinctrl: cy8c95x0: Respect IRQ trigger settings from firmware Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> pinctrl: cy8c95x0: Rename PWMSEL to SELPWM Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> pinctrl: cy8c95x0: Enable regmap locking for debug Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> pinctrl: cy8c95x0: Avoid accessing reserved registers Patrick Bellasi <derkling(a)google.com> x86/cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit Jeff Layton <jlayton(a)kernel.org> nfsd: validate the nfsd_serv pointer before calling svc_wake_up Dai Ngo <dai.ngo(a)oracle.com> NFSD: fix hang in nfsd4_shutdown_callback Li Lingfeng <lilingfeng3(a)huawei.com> nfsd: clear acl_access/acl_default after releasing them ------------- Diffstat: .../bindings/regulator/qcom,smd-rpm-regulator.yaml | 2 +- Documentation/networking/iso15765-2.rst | 4 +- Makefile | 17 +-- arch/alpha/include/uapi/asm/ptrace.h | 2 + arch/alpha/kernel/asm-offsets.c | 4 + arch/alpha/kernel/entry.S | 24 ++-- arch/alpha/kernel/traps.c | 2 +- arch/alpha/mm/fault.c | 4 +- arch/arm64/Makefile | 4 + arch/arm64/kernel/cacheinfo.c | 12 +- arch/arm64/kernel/vdso/vdso.lds.S | 1 + arch/arm64/kernel/vmlinux.lds.S | 1 + arch/loongarch/kernel/genex.S | 28 ++-- arch/loongarch/kernel/idle.c | 3 +- arch/loongarch/kernel/reset.c | 6 +- arch/loongarch/kvm/main.c | 4 +- arch/loongarch/lib/csum.c | 2 +- arch/s390/pci/pci_bus.c | 20 +++ arch/s390/pci/pci_iov.c | 56 ++++++-- arch/s390/pci/pci_iov.h | 7 + arch/x86/Kconfig | 3 +- arch/x86/events/intel/core.c | 33 ++--- arch/x86/events/intel/ds.c | 10 +- arch/x86/include/asm/kvm-x86-ops.h | 1 + arch/x86/include/asm/kvm_host.h | 1 + arch/x86/include/asm/mmu.h | 2 + arch/x86/include/asm/mmu_context.h | 1 + arch/x86/include/asm/msr-index.h | 3 +- arch/x86/include/asm/perf_event.h | 28 +++- arch/x86/include/asm/tlbflush.h | 1 + arch/x86/kernel/cpu/bugs.c | 21 ++- arch/x86/kernel/static_call.c | 1 - arch/x86/kvm/hyperv.c | 6 +- arch/x86/kvm/mmu/mmu.c | 2 +- arch/x86/kvm/svm/nested.c | 10 +- arch/x86/kvm/svm/svm.c | 13 +- arch/x86/kvm/vmx/main.c | 1 + arch/x86/kvm/vmx/vmx.c | 10 +- arch/x86/kvm/vmx/x86_ops.h | 1 + arch/x86/kvm/x86.c | 3 + arch/x86/mm/tlb.c | 35 ++++- arch/x86/xen/mmu_pv.c | 75 +++++++++-- block/partitions/mac.c | 18 ++- drivers/acpi/x86/utils.c | 13 ++ drivers/base/regmap/regmap-irq.c | 2 + drivers/bluetooth/btintel_pcie.c | 5 +- drivers/cpufreq/amd-pstate.c | 104 +++++---------- drivers/firmware/efi/efi.c | 6 +- drivers/firmware/efi/libstub/randomalloc.c | 3 + drivers/firmware/efi/libstub/relocate.c | 3 + drivers/firmware/qcom/qcom_scm-smc.c | 3 + drivers/gpio/gpio-bcm-kona.c | 71 ++++++++-- drivers/gpio/gpio-stmpe.c | 15 ++- drivers/gpio/gpiolib-acpi.c | 14 ++ drivers/gpio/gpiolib.c | 6 +- drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 3 +- drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c | 5 +- drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c | 36 ++++- .../gpu/drm/amd/amdkfd/kfd_process_queue_manager.c | 2 +- drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c | 3 +- drivers/gpu/drm/display/drm_dp_helper.c | 2 +- drivers/gpu/drm/i915/selftests/i915_gem_gtt.c | 4 +- .../drm/msm/disp/dpu1/catalog/dpu_9_2_x1e80100.h | 4 +- drivers/gpu/drm/msm/disp/dpu1/dpu_writeback.c | 3 - drivers/gpu/drm/msm/msm_gem_submit.c | 3 +- drivers/gpu/drm/renesas/rcar-du/rcar_mipi_dsi.c | 2 +- .../gpu/drm/renesas/rcar-du/rcar_mipi_dsi_regs.h | 1 - drivers/gpu/drm/renesas/rz-du/rzg2l_du_kms.c | 6 +- drivers/gpu/drm/tests/drm_hdmi_state_helper_test.c | 7 + drivers/gpu/drm/tidss/tidss_dispc.c | 26 ++-- drivers/gpu/drm/tidss/tidss_irq.c | 2 + drivers/gpu/drm/v3d/v3d_perfmon.c | 5 + drivers/gpu/drm/xe/xe_drm_client.c | 2 +- drivers/gpu/drm/xe/xe_trace_bo.h | 12 +- drivers/gpu/host1x/dev.c | 2 + drivers/gpu/host1x/intr.c | 2 - drivers/hid/hid-multitouch.c | 5 +- drivers/hid/hid-steam.c | 41 ++++-- drivers/hid/hid-thrustmaster.c | 2 +- drivers/hid/hid-winwing.c | 2 + drivers/i3c/master/Kconfig | 11 ++ drivers/i3c/master/mipi-i3c-hci/Makefile | 1 + drivers/i3c/master/mipi-i3c-hci/dma.c | 17 +++ drivers/i3c/master/mipi-i3c-hci/mipi-i3c-hci-pci.c | 148 +++++++++++++++++++++ drivers/infiniband/hw/efa/efa_main.c | 9 +- drivers/iommu/amd/amd_iommu_types.h | 1 + drivers/iommu/amd/init.c | 4 + drivers/iommu/io-pgfault.c | 1 + drivers/media/dvb-frontends/cxd2841er.c | 8 +- drivers/media/i2c/ds90ub913.c | 25 +++- drivers/media/i2c/ds90ub953.c | 46 +++++-- drivers/media/platform/broadcom/bcm2835-unicam.c | 8 +- drivers/media/test-drivers/vidtv/vidtv_bridge.c | 8 +- drivers/media/usb/uvc/uvc_driver.c | 18 +++ drivers/media/usb/uvc/uvc_video.c | 27 +++- drivers/media/usb/uvc/uvcvideo.h | 1 + drivers/mmc/host/mtk-sd.c | 31 +++-- drivers/net/can/c_can/c_can_platform.c | 5 +- drivers/net/can/ctucanfd/ctucanfd_base.c | 10 +- drivers/net/can/rockchip/rockchip_canfd-core.c | 2 +- drivers/net/can/usb/etas_es58x/es58x_devlink.c | 6 +- drivers/net/ethernet/intel/idpf/idpf_lib.c | 5 + drivers/net/ethernet/intel/idpf/idpf_txrx.c | 5 +- drivers/net/ethernet/intel/igc/igc_main.c | 22 +-- .../net/ethernet/mellanox/mlxsw/spectrum_ethtool.c | 4 +- drivers/net/ethernet/ti/am65-cpsw-nuss.c | 40 +++--- drivers/net/netdevsim/ipsec.c | 12 +- drivers/net/team/team_core.c | 4 +- drivers/net/vxlan/vxlan_core.c | 7 +- drivers/net/wireless/ath/ath12k/wmi.c | 61 ++++++--- drivers/net/wireless/ath/ath12k/wmi.h | 1 - drivers/net/wireless/realtek/rtw89/pci.c | 17 ++- drivers/net/wireless/realtek/rtw89/pci.h | 11 ++ drivers/net/wireless/realtek/rtw89/pci_be.c | 2 + drivers/parport/parport_serial.c | 12 +- drivers/pci/quirks.c | 15 ++- drivers/pci/switch/switchtec.c | 26 ++++ drivers/pinctrl/pinconf-generic.c | 8 +- drivers/pinctrl/pinctrl-cy8c95x0.c | 36 +++-- drivers/soc/tegra/fuse/fuse-tegra30.c | 17 ++- drivers/spi/spi-sn-f-ospi.c | 3 + drivers/tty/serial/8250/8250.h | 2 + drivers/tty/serial/8250/8250_dma.c | 16 +++ drivers/tty/serial/8250/8250_pci.c | 76 +++++------ drivers/tty/serial/8250/8250_pci1xxxx.c | 60 ++++++++- drivers/tty/serial/8250/8250_port.c | 9 ++ drivers/tty/serial/serial_port.c | 5 +- drivers/ufs/core/ufs_bsg.c | 1 + drivers/ufs/core/ufshcd.c | 127 +++++++++--------- drivers/usb/class/cdc-acm.c | 28 +++- drivers/usb/core/hub.c | 14 +- drivers/usb/core/quirks.c | 6 + drivers/usb/dwc2/gadget.c | 1 + drivers/usb/dwc3/gadget.c | 34 +++++ drivers/usb/gadget/function/f_midi.c | 17 ++- drivers/usb/gadget/udc/core.c | 2 +- drivers/usb/gadget/udc/renesas_usb3.c | 2 +- drivers/usb/host/pci-quirks.c | 9 ++ drivers/usb/host/xhci-pci.c | 7 +- drivers/usb/roles/class.c | 5 +- drivers/usb/serial/option.c | 49 ++++--- drivers/vfio/pci/nvgrace-gpu/main.c | 95 ++++++++++--- drivers/vfio/pci/vfio_pci_rdwr.c | 1 + drivers/vfio/platform/vfio_platform_common.c | 10 -- drivers/video/fbdev/omap/lcd_dma.c | 4 +- drivers/xen/swiotlb-xen.c | 20 +-- fs/btrfs/extent_io.c | 29 ++-- fs/btrfs/file.c | 4 +- fs/nfs/sysfs.c | 6 +- fs/nfsd/filecache.c | 11 +- fs/nfsd/nfs2acl.c | 2 + fs/nfsd/nfs3acl.c | 2 + fs/nfsd/nfs4callback.c | 7 +- fs/ntfs3/attrib.c | 4 +- fs/ntfs3/dir.c | 2 +- fs/ntfs3/frecord.c | 12 +- fs/ntfs3/fsntfs.c | 6 +- fs/ntfs3/index.c | 6 +- fs/ntfs3/inode.c | 3 + fs/orangefs/orangefs-debugfs.c | 4 +- fs/smb/client/cifsglob.h | 1 - fs/smb/client/file.c | 7 +- include/drm/display/drm_dp.h | 1 + include/kunit/platform_device.h | 1 + include/linux/blk-mq.h | 18 ++- include/linux/cgroup-defs.h | 6 +- include/linux/efi.h | 1 + include/linux/netdevice.h | 6 + include/linux/pci_ids.h | 11 ++ include/linux/sched/task.h | 1 + include/net/dst.h | 9 ++ include/net/ip.h | 13 +- include/net/l3mdev.h | 2 + include/net/net_namespace.h | 2 +- include/net/route.h | 9 +- include/ufs/ufshcd.h | 9 +- io_uring/kbuf.c | 15 ++- io_uring/uring_cmd.c | 3 - io_uring/waitid.c | 4 +- kernel/cgroup/cgroup.c | 20 +-- kernel/cgroup/rstat.c | 1 - kernel/sched/autogroup.c | 4 +- kernel/sched/core.c | 29 ++-- kernel/sched/deadline.c | 73 ++++++++-- kernel/sched/ext.c | 35 ++--- kernel/sched/ext.h | 4 +- kernel/sched/sched.h | 4 +- kernel/sched/topology.c | 8 +- kernel/time/clocksource.c | 9 +- kernel/trace/ring_buffer.c | 28 +++- kernel/trace/trace.c | 4 + kernel/workqueue.c | 12 +- net/ax25/af_ax25.c | 11 ++ net/batman-adv/bat_v.c | 2 - net/batman-adv/bat_v_elp.c | 122 ++++++++++++----- net/batman-adv/bat_v_elp.h | 2 - net/batman-adv/types.h | 3 - net/can/j1939/socket.c | 4 +- net/can/j1939/transport.c | 5 +- net/core/fib_rules.c | 24 ++-- net/core/flow_dissector.c | 21 +-- net/core/neighbour.c | 8 +- net/ipv4/arp.c | 4 +- net/ipv4/devinet.c | 3 +- net/ipv4/icmp.c | 31 +++-- net/ipv4/route.c | 39 +++++- net/ipv6/icmp.c | 42 +++--- net/ipv6/ioam6_iptunnel.c | 73 +++++----- net/ipv6/mcast.c | 45 ++++--- net/ipv6/ndisc.c | 28 ++-- net/ipv6/route.c | 7 +- net/ipv6/rpl_iptunnel.c | 59 ++++---- net/ipv6/seg6_iptunnel.c | 98 ++++++++------ net/openvswitch/datapath.c | 12 +- net/vmw_vsock/af_vsock.c | 12 +- rust/Makefile | 1 + rust/kernel/rbtree.rs | 2 +- scripts/Makefile.defconf | 13 +- scripts/Makefile.extrawarn | 13 +- scripts/kconfig/Makefile | 4 +- sound/soc/intel/boards/bytcr_rt5640.c | 17 ++- tools/objtool/check.c | 1 + tools/sched_ext/include/scx/common.bpf.h | 12 +- tools/testing/selftests/bpf/prog_tests/bpf_iter.c | 6 +- .../selftests/bpf/prog_tests/uprobe_multi_test.c | 9 +- tools/testing/selftests/gpio/gpio-sim.sh | 31 ++++- tools/testing/selftests/net/pmtu.sh | 112 +++++++++++++--- tools/testing/selftests/net/rtnetlink.sh | 4 +- tools/tracing/rtla/src/timerlat_hist.c | 8 ++ tools/tracing/rtla/src/timerlat_top.c | 8 ++ 230 files changed, 2499 insertions(+), 1049 deletions(-)

4 months, 3 weeks

13
248
0 0

[PATCH v3 Linux-6.12.y 1/1] selftests/mm: build with -O2

by Yifei Liu

From: Kevin Brodsky <kevin.brodsky(a)arm.com> [ Upstream commit 46036188ea1f5266df23a6149dea0df1c77cd1c7 ] The mm kselftests are currently built with no optimisation (-O0). It's unclear why, and besides being obviously suboptimal, this also prevents the pkeys tests from working as intended. Let's build all the tests with -O2. [kevin.brodsky(a)arm.com: silence unused-result warnings] Link: https://lkml.kernel.org/r/20250107170110.2819685-1-kevin.brodsky@arm.com Link: https://lkml.kernel.org/r/20241209095019.1732120-6-kevin.brodsky@arm.com Signed-off-by: Kevin Brodsky <kevin.brodsky(a)arm.com> Cc: Aruna Ramakrishna <aruna.ramakrishna(a)oracle.com> Cc: Catalin Marinas <catalin.marinas(a)arm.com> Cc: Dave Hansen <dave.hansen(a)linux.intel.com> Cc: Joey Gouly <joey.gouly(a)arm.com> Cc: Keith Lucas <keith.lucas(a)oracle.com> Cc: Ryan Roberts <ryan.roberts(a)arm.com> Cc: Shuah Khan <shuah(a)kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> (cherry picked from commit 46036188ea1f5266df23a6149dea0df1c77cd1c7) [Yifei: This commit also fix the failure of pkey_sighandler_tests_64, which is also in linux-6.12.y, thus backport this commit. It is already backported to linux-6.13.y by commit d9eb5a1e76f56] Signed-off-by: Yifei Liu <yifei.l.liu(a)oracle.com> --- tools/testing/selftests/mm/Makefile | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/mm/Makefile b/tools/testing/selftests/mm/Makefile index 02e1204971b0..c0138cb19705 100644 --- a/tools/testing/selftests/mm/Makefile +++ b/tools/testing/selftests/mm/Makefile @@ -33,9 +33,16 @@ endif # LDLIBS. MAKEFLAGS += --no-builtin-rules -CFLAGS = -Wall -I $(top_srcdir) $(EXTRA_CFLAGS) $(KHDR_INCLUDES) $(TOOLS_INCLUDES) +CFLAGS = -Wall -O2 -I $(top_srcdir) $(EXTRA_CFLAGS) $(KHDR_INCLUDES) $(TOOLS_INCLUDES) LDLIBS = -lrt -lpthread -lm +# Some distributions (such as Ubuntu) configure GCC so that _FORTIFY_SOURCE is +# automatically enabled at -O1 or above. This triggers various unused-result +# warnings where functions such as read() or write() are called and their +# return value is not checked. Disable _FORTIFY_SOURCE to silence those +# warnings. +CFLAGS += -U_FORTIFY_SOURCE + TEST_GEN_FILES = cow TEST_GEN_FILES += compaction_test TEST_GEN_FILES += gup_longterm -- 2.46.0

4 months, 3 weeks

2
1
0 0

6.6.78: timerlat_{hist,top} fail to build

by Guillaume Morin

Hello, The following patches prevent Linux 6.6.78+ rtla to build: - "rtla/timerlat_top: Set OSNOISE_WORKLOAD for kernel threads" (stable commit 41955b6c268154f81e34f9b61cf8156eec0730c0) - "rtla/timerlat_hist: Set OSNOISE_WORKLOAD for kernel threads" (stable commit 83b74901bdc9b58739193b8ee6989254391b6ba7) Both were added to Linux 6.6.78 based on the Fixes tag in the upstream commits. These patches prevent 6.6.78 rta to build with a similar error (missing kernel_workload in the params struct) src/timerlat_top.c:687:52: error: ‘struct timerlat_top_params’ has no member named ‘kernel_workload’ These patches appear to depend on "rtla/timerlat: Make user-space threads the default" commit fb9e90a67ee9a42779a8ea296a4cf7734258b27d which is not present in 6.6. I am not sure if it's better to revert them or pick up fb9e90a67ee9a42779a8ea296a4cf7734258b27d in 6.6. Tomas, what do you think? HTH, Guillaume. -- Guillaume Morin <guillaume(a)morinfr.org>

4 months, 3 weeks

3
3
0 0

[PATCH v3] ufs: core: bsg: Fix memory crash in case arpmb command failed

by Arthur Simchaev

In case the device doesn't support arpmb, the kernel get memory crash due to copy user data in bsg_transport_sg_io_fn level. So in case ufs_bsg_exec_advanced_rpmb_req returned error, do not set the job's reply_len. Memory crash backtrace: 3,1290,531166405,-;ufshcd 0000:00:12.5: ARPMB OP failed: error code -22 4,1308,531166555,-;Call Trace: 4,1309,531166559,-; <TASK> 4,1310,531166565,-; ? show_regs+0x6d/0x80 4,1311,531166575,-; ? die+0x37/0xa0 4,1312,531166583,-; ? do_trap+0xd4/0xf0 4,1313,531166593,-; ? do_error_trap+0x71/0xb0 4,1314,531166601,-; ? usercopy_abort+0x6c/0x80 4,1315,531166610,-; ? exc_invalid_op+0x52/0x80 4,1316,531166622,-; ? usercopy_abort+0x6c/0x80 4,1317,531166630,-; ? asm_exc_invalid_op+0x1b/0x20 4,1318,531166643,-; ? usercopy_abort+0x6c/0x80 4,1319,531166652,-; __check_heap_object+0xe3/0x120 4,1320,531166661,-; check_heap_object+0x185/0x1d0 4,1321,531166670,-; __check_object_size.part.0+0x72/0x150 4,1322,531166679,-; __check_object_size+0x23/0x30 4,1323,531166688,-; bsg_transport_sg_io_fn+0x314/0x3b0 Fixes: 6ff265fc5ef6 ("scsi: ufs: core: bsg: Add advanced RPMB support in ufs_bsg") Cc: stable(a)vger.kernel.org Reviewed-by: Bean Huo <beanhuo(a)micron.com> Signed-off-by: Arthur Simchaev <arthur.simchaev(a)sandisk.com> --- Changes in v3: - changing !rpmb into rpmb and by swapping the two sizeof() expressions --- Changes in v2: - Add Fixes tag - Elaborate commit log --- drivers/ufs/core/ufs_bsg.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/ufs/core/ufs_bsg.c b/drivers/ufs/core/ufs_bsg.c index 8d4ad0a3f2cf..252186124669 100644 --- a/drivers/ufs/core/ufs_bsg.c +++ b/drivers/ufs/core/ufs_bsg.c @@ -194,10 +194,12 @@ static int ufs_bsg_request(struct bsg_job *job) ufshcd_rpm_put_sync(hba); kfree(buff); bsg_reply->result = ret; - job->reply_len = !rpmb ? sizeof(struct ufs_bsg_reply) : sizeof(struct ufs_rpmb_reply); /* complete the job here only if no error */ - if (ret == 0) + if (ret == 0) { + job->reply_len = rpmb ? sizeof(struct ufs_rpmb_reply) : + sizeof(struct ufs_bsg_reply); bsg_job_done(job, ret, bsg_reply->reply_payload_rcv_len); + } return ret; } -- 2.34.1

4 months, 3 weeks

1
0
0 0

[PATCH] mei: Add error logging in IRQ handler to prevent silent failures

by Wentao Liang

Log mei_irq_write_handler() errors to prevent silent IRQ handling failures. Fixes: 962ff7bcec24 ("mei: replace callback structures used as list head by list_head") Cc: stable(a)vger.kernel.org # 4.11+ Signed-off-by: Wentao Liang <vulab(a)iscas.ac.cn> --- drivers/misc/mei/hw-me.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/misc/mei/hw-me.c b/drivers/misc/mei/hw-me.c index d11a0740b47c..5df42a64b4db 100644 --- a/drivers/misc/mei/hw-me.c +++ b/drivers/misc/mei/hw-me.c @@ -1415,6 +1415,8 @@ irqreturn_t mei_me_irq_thread_handler(int irq, void *dev_id) if (dev->pg_event != MEI_PG_EVENT_WAIT && dev->pg_event != MEI_PG_EVENT_RECEIVED) { rets = mei_irq_write_handler(dev, &cmpl_list); + if (rets) + dev_err(dev->dev, "mei_irq_write_handler ret = %d.\n", rets); dev->hbuf_is_ready = mei_hbuf_is_ready(dev); } -- 2.42.0.windows.2

4 months, 3 weeks

2
1
0 0

[PATCH v2] ufs: core: bsg: Fix memory crash in case arpmb command failed

by Arthur Simchaev

In case the device doesn't support arpmb, the kernel get memory crash due to copy user data in bsg_transport_sg_io_fn level. So in case ufs_bsg_exec_advanced_rpmb_req returned error, do not set the job's reply_len. Memory crash backtrace: 3,1290,531166405,-;ufshcd 0000:00:12.5: ARPMB OP failed: error code -22 4,1308,531166555,-;Call Trace: 4,1309,531166559,-; <TASK> 4,1310,531166565,-; ? show_regs+0x6d/0x80 4,1311,531166575,-; ? die+0x37/0xa0 4,1312,531166583,-; ? do_trap+0xd4/0xf0 4,1313,531166593,-; ? do_error_trap+0x71/0xb0 4,1314,531166601,-; ? usercopy_abort+0x6c/0x80 4,1315,531166610,-; ? exc_invalid_op+0x52/0x80 4,1316,531166622,-; ? usercopy_abort+0x6c/0x80 4,1317,531166630,-; ? asm_exc_invalid_op+0x1b/0x20 4,1318,531166643,-; ? usercopy_abort+0x6c/0x80 4,1319,531166652,-; __check_heap_object+0xe3/0x120 4,1320,531166661,-; check_heap_object+0x185/0x1d0 4,1321,531166670,-; __check_object_size.part.0+0x72/0x150 4,1322,531166679,-; __check_object_size+0x23/0x30 4,1323,531166688,-; bsg_transport_sg_io_fn+0x314/0x3b0 Fixes: 6ff265fc5ef6 ("scsi: ufs: core: bsg: Add advanced RPMB support in ufs_bsg") Cc: stable(a)vger.kernel.org Signed-off-by: Arthur Simchaev <arthur.simchaev(a)sandisk.com> --- Changes in v2: - Add Fixes tag - Elaborate commit log Signed-off-by: Arthur Simchaev <arthur.simchaev(a)sandisk.com> --- drivers/ufs/core/ufs_bsg.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/ufs/core/ufs_bsg.c b/drivers/ufs/core/ufs_bsg.c index 8d4ad0a3f2cf..a8ed9bc6e4f1 100644 --- a/drivers/ufs/core/ufs_bsg.c +++ b/drivers/ufs/core/ufs_bsg.c @@ -194,10 +194,12 @@ static int ufs_bsg_request(struct bsg_job *job) ufshcd_rpm_put_sync(hba); kfree(buff); bsg_reply->result = ret; - job->reply_len = !rpmb ? sizeof(struct ufs_bsg_reply) : sizeof(struct ufs_rpmb_reply); /* complete the job here only if no error */ - if (ret == 0) + if (ret == 0) { + job->reply_len = !rpmb ? sizeof(struct ufs_bsg_reply) : + sizeof(struct ufs_rpmb_reply); bsg_job_done(job, ret, bsg_reply->reply_payload_rcv_len); + } return ret; } -- 2.34.1

4 months, 3 weeks

4
7
0 0

[PATCH 5.10/5.15] smb: client: fix UAF in async decryption

by Anastasia Belova

From: Enzo Matsumiya <ematsumiya(a)suse.de> commit b0abcd65ec545701b8793e12bc27dc98042b151a upstream. Doing an async decryption (large read) crashes with a slab-use-after-free way down in the crypto API. Reproducer: # mount.cifs -o ...,seal,esize=1 //srv/share /mnt # dd if=/mnt/largefile of=/dev/null ... [ 194.196391] ================================================================== [ 194.196844] BUG: KASAN: slab-use-after-free in gf128mul_4k_lle+0xc1/0x110 [ 194.197269] Read of size 8 at addr ffff888112bd0448 by task kworker/u77:2/899 [ 194.197707] [ 194.197818] CPU: 12 UID: 0 PID: 899 Comm: kworker/u77:2 Not tainted 6.11.0-lku-00028-gfca3ca14a17a-dirty #43 [ 194.198400] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.2-3-gd478f380-prebuilt.qemu.org 04/01/2014 [ 194.199046] Workqueue: smb3decryptd smb2_decrypt_offload [cifs] [ 194.200032] Call Trace: [ 194.200191] <TASK> [ 194.200327] dump_stack_lvl+0x4e/0x70 [ 194.200558] ? gf128mul_4k_lle+0xc1/0x110 [ 194.200809] print_report+0x174/0x505 [ 194.201040] ? __pfx__raw_spin_lock_irqsave+0x10/0x10 [ 194.201352] ? srso_return_thunk+0x5/0x5f [ 194.201604] ? __virt_addr_valid+0xdf/0x1c0 [ 194.201868] ? gf128mul_4k_lle+0xc1/0x110 [ 194.202128] kasan_report+0xc8/0x150 [ 194.202361] ? gf128mul_4k_lle+0xc1/0x110 [ 194.202616] gf128mul_4k_lle+0xc1/0x110 [ 194.202863] ghash_update+0x184/0x210 [ 194.203103] shash_ahash_update+0x184/0x2a0 [ 194.203377] ? __pfx_shash_ahash_update+0x10/0x10 [ 194.203651] ? srso_return_thunk+0x5/0x5f [ 194.203877] ? crypto_gcm_init_common+0x1ba/0x340 [ 194.204142] gcm_hash_assoc_remain_continue+0x10a/0x140 [ 194.204434] crypt_message+0xec1/0x10a0 [cifs] [ 194.206489] ? __pfx_crypt_message+0x10/0x10 [cifs] [ 194.208507] ? srso_return_thunk+0x5/0x5f [ 194.209205] ? srso_return_thunk+0x5/0x5f [ 194.209925] ? srso_return_thunk+0x5/0x5f [ 194.210443] ? srso_return_thunk+0x5/0x5f [ 194.211037] decrypt_raw_data+0x15f/0x250 [cifs] [ 194.212906] ? __pfx_decrypt_raw_data+0x10/0x10 [cifs] [ 194.214670] ? srso_return_thunk+0x5/0x5f [ 194.215193] smb2_decrypt_offload+0x12a/0x6c0 [cifs] This is because TFM is being used in parallel. Fix this by allocating a new AEAD TFM for async decryption, but keep the existing one for synchronous READ cases (similar to what is done in smb3_calc_signature()). Also remove the calls to aead_request_set_callback() and crypto_wait_req() since it's always going to be a synchronous operation. Signed-off-by: Enzo Matsumiya <ematsumiya(a)suse.de> Signed-off-by: Steve French <stfrench(a)microsoft.com> Signed-off-by: Anastasia Belova <abelova(a)astralinux.ru> [ Anastasia: ] --- Backport fix for CVE-2024-50047 fs/cifs/smb2ops.c | 48 +++++++++++++++++++++++++++-------------------- fs/cifs/smb2pdu.c | 6 ++++++ 2 files changed, 34 insertions(+), 20 deletions(-) diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c index 68f93de2b152..8cfce01cf699 100644 --- a/fs/cifs/smb2ops.c +++ b/fs/cifs/smb2ops.c @@ -4291,7 +4291,7 @@ smb2_get_enc_key(struct TCP_Server_Info *server, __u64 ses_id, int enc, u8 *key) */ static int crypt_message(struct TCP_Server_Info *server, int num_rqst, - struct smb_rqst *rqst, int enc) + struct smb_rqst *rqst, int enc, struct crypto_aead *tfm) { struct smb2_transform_hdr *tr_hdr = (struct smb2_transform_hdr *)rqst[0].rq_iov[0].iov_base; @@ -4302,8 +4302,6 @@ crypt_message(struct TCP_Server_Info *server, int num_rqst, u8 key[SMB3_ENC_DEC_KEY_SIZE]; struct aead_request *req; u8 *iv; - DECLARE_CRYPTO_WAIT(wait); - struct crypto_aead *tfm; unsigned int crypt_len = le32_to_cpu(tr_hdr->OriginalMessageSize); void *creq; @@ -4314,15 +4312,6 @@ crypt_message(struct TCP_Server_Info *server, int num_rqst, return rc; } - rc = smb3_crypto_aead_allocate(server); - if (rc) { - cifs_server_dbg(VFS, "%s: crypto alloc failed\n", __func__); - return rc; - } - - tfm = enc ? server->secmech.ccmaesencrypt : - server->secmech.ccmaesdecrypt; - if ((server->cipher_type == SMB2_ENCRYPTION_AES256_CCM) || (server->cipher_type == SMB2_ENCRYPTION_AES256_GCM)) rc = crypto_aead_setkey(tfm, key, SMB3_GCM256_CRYPTKEY_SIZE); @@ -4361,11 +4350,7 @@ crypt_message(struct TCP_Server_Info *server, int num_rqst, aead_request_set_crypt(req, sg, sg, crypt_len, iv); aead_request_set_ad(req, assoc_data_len); - aead_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG, - crypto_req_done, &wait); - - rc = crypto_wait_req(enc ? crypto_aead_encrypt(req) - : crypto_aead_decrypt(req), &wait); + rc = enc ? crypto_aead_encrypt(req) : crypto_aead_decrypt(req); if (!rc && enc) memcpy(&tr_hdr->Signature, sign, SMB2_SIGNATURE_SIZE); @@ -4454,7 +4439,7 @@ smb3_init_transform_rq(struct TCP_Server_Info *server, int num_rqst, /* fill the 1st iov with a transform header */ fill_transform_hdr(tr_hdr, orig_len, old_rq, server->cipher_type); - rc = crypt_message(server, num_rqst, new_rq, 1); + rc = crypt_message(server, num_rqst, new_rq, 1, server->secmech.ccmaesencrypt); cifs_dbg(FYI, "Encrypt message returned %d\n", rc); if (rc) goto err_free; @@ -4480,8 +4465,9 @@ decrypt_raw_data(struct TCP_Server_Info *server, char *buf, unsigned int npages, unsigned int page_data_size, bool is_offloaded) { - struct kvec iov[2]; + struct crypto_aead *tfm; struct smb_rqst rqst = {NULL}; + struct kvec iov[2]; int rc; iov[0].iov_base = buf; @@ -4496,9 +4482,31 @@ decrypt_raw_data(struct TCP_Server_Info *server, char *buf, rqst.rq_pagesz = PAGE_SIZE; rqst.rq_tailsz = (page_data_size % PAGE_SIZE) ? : PAGE_SIZE; - rc = crypt_message(server, 1, &rqst, 0); + if (is_offloaded) { + if ((server->cipher_type == SMB2_ENCRYPTION_AES128_GCM) || + (server->cipher_type == SMB2_ENCRYPTION_AES256_GCM)) + tfm = crypto_alloc_aead("gcm(aes)", 0, 0); + else + tfm = crypto_alloc_aead("ccm(aes)", 0, 0); + if (IS_ERR(tfm)) { + rc = PTR_ERR(tfm); + cifs_server_dbg(VFS, "%s: Failed alloc decrypt TFM, rc=%d\n", __func__, rc); + + return rc; + } + } else { + if (unlikely(!server->secmech.ccmaesdecrypt)) + return -EIO; + + tfm = server->secmech.ccmaesdecrypt; + } + + rc = crypt_message(server, 1, &rqst, 0, tfm); cifs_dbg(FYI, "Decrypt message returned %d\n", rc); + if (is_offloaded) + crypto_free_aead(tfm); + if (rc) return rc; diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c index 03651cc6b7a5..245e2dd5a194 100644 --- a/fs/cifs/smb2pdu.c +++ b/fs/cifs/smb2pdu.c @@ -998,6 +998,12 @@ SMB2_negotiate(const unsigned int xid, struct cifs_ses *ses) else cifs_server_dbg(VFS, "Missing expected negotiate contexts\n"); } + + if (server->cipher_type && !rc) { + rc = smb3_crypto_aead_allocate(server); + if (rc) + cifs_server_dbg(VFS, "%s: crypto alloc failed, rc=%d\n", __func__, rc); + } neg_exit: free_rsp_buf(resp_buftype, rsp); return rc; -- 2.43.0

4 months, 3 weeks

1
0
0 0

[PATCH] drm/radeon: Add error handlings for r420 CP errata initialization

by Wentao Liang

In r420_cp_errata_init(), the RESYNC information is stored even when the Scratch register is not correctly allocated. Change the return type of r420_cp_errata_init() from void to int to propagate errors to the caller. Add error checking after radeon_scratch_get() to ensure RESYNC information is stored to an allocated address. Log an error message and return the error code immediately when radeon_scratch_get() fails. Additionally, handle the return value of r420_cp_errata_init() in r420_startup() to log an appropriate error message and propagate the error if initialization fails. Fixes: 62cdc0c20663 ("drm/radeon/kms: Workaround RV410/R420 CP errata (V3)") Cc: stable(a)vger.kernel.org # 2.6.33+ Signed-off-by: Wentao Liang <vulab(a)iscas.ac.cn> --- drivers/gpu/drm/radeon/r420.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/drivers/gpu/drm/radeon/r420.c b/drivers/gpu/drm/radeon/r420.c index 9a31cdec6415..67c55153cba8 100644 --- a/drivers/gpu/drm/radeon/r420.c +++ b/drivers/gpu/drm/radeon/r420.c @@ -204,7 +204,7 @@ static void r420_clock_resume(struct radeon_device *rdev) WREG32_PLL(R_00000D_SCLK_CNTL, sclk_cntl); } -static void r420_cp_errata_init(struct radeon_device *rdev) +static int r420_cp_errata_init(struct radeon_device *rdev) { int r; struct radeon_ring *ring = &rdev->ring[RADEON_RING_TYPE_GFX_INDEX]; @@ -215,7 +215,11 @@ static void r420_cp_errata_init(struct radeon_device *rdev) * The proper workaround is to queue a RESYNC at the beginning * of the CP init, apparently. */ - radeon_scratch_get(rdev, &rdev->config.r300.resync_scratch); + r = radeon_scratch_get(rdev, &rdev->config.r300.resync_scratch); + if (r) { + DRM_ERROR("failed to get scratch reg (%d).\n", r); + return r; + } r = radeon_ring_lock(rdev, ring, 8); WARN_ON(r); radeon_ring_write(ring, PACKET0(R300_CP_RESYNC_ADDR, 1)); @@ -290,8 +294,11 @@ static int r420_startup(struct radeon_device *rdev) dev_err(rdev->dev, "failed initializing CP (%d).\n", r); return r; } - r420_cp_errata_init(rdev); - + r = r420_cp_errata_init(rdev); + if (r) { + dev_err(rdev->dev, "failed initializing CP errata workaround (%d).\n", r); + return r; + } r = radeon_ib_pool_init(rdev); if (r) { dev_err(rdev->dev, "IB initialization failed (%d).\n", r); -- 2.42.0.windows.2

4 months, 3 weeks

2
1
0 0

[PATCH 4/4] char: misc: deallocate static minor in error path

by Thadeu Lima de Souza Cascardo

When creating sysfs files fail, the allocated minor must be freed such that it can be later reused. That is specially harmful for static minor numbers, since those would always fail to register later on. Fixes: 6d04d2b554b1 ("misc: misc_minor_alloc to use ida for all dynamic/misc dynamic minors") Cc: stable(a)vger.kernel.org Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> --- drivers/char/misc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/char/misc.c b/drivers/char/misc.c index 7a768775e558..7843a1a34d64 100644 --- a/drivers/char/misc.c +++ b/drivers/char/misc.c @@ -266,8 +266,8 @@ int misc_register(struct miscdevice *misc) device_create_with_groups(&misc_class, misc->parent, dev, misc, misc->groups, "%s", misc->name); if (IS_ERR(misc->this_device)) { + misc_minor_free(misc->minor); if (is_dynamic) { - misc_minor_free(misc->minor); misc->minor = MISC_DYNAMIC_MINOR; } err = PTR_ERR(misc->this_device); -- 2.34.1

4 months, 3 weeks

2
1
0 0

Re: [PATCH 6.13 000/258] 6.13.4-rc2 review

by Ronald Warsow

Hi Greg no regressions here on x86_64 (RKL, Intel 11th Gen. CPU) Thanks Tested-by: Ronald Warsow <rwarsow(a)gmx.de>

4 months, 3 weeks

1
0
0 0

Re: [PATCH 6.13 000/274] 6.13.4-rc1 review

by Ronald Warsow

Hi Greg no regressions here on x86_64 (RKL, Intel 11th Gen. CPU) Thanks Tested-by: Ronald Warsow <rwarsow(a)gmx.de>

4 months, 3 weeks

1
0
0 0

Recall: [PATCH] fpga: bridge: incorrect set to clear freeze_illegal_request register

by Kathpalia, Tanmay

Kathpalia, Tanmay would like to recall the message, "[PATCH] fpga: bridge: incorrect set to clear freeze_illegal_request register".

4 months, 3 weeks

1
0
0 0

[PATCH] usb: core: Add error handling in usb_reset_device for autoresume failure

by Wentao Liang

In usb_reset_device(), the function continues execution and calls usb_autosuspend_device() after usb_autosuspend_device fails. To fix this, add error handling for usb_autoresume_device() and return the error code immediately. This ensures that usb_autosuspend_device() is not called when usb_autoresume_device() fails, maintaining device state consistency. Fixes: 94fcda1f8ab5 ("usbcore: remove unused argument in autosuspend") Cc: stable(a)vger.kernel.org # 2.6.20+ Signed-off-by: Wentao Liang <vulab(a)iscas.ac.cn> --- drivers/usb/core/hub.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c index 21ac9b464696..f2efdbdd1533 100644 --- a/drivers/usb/core/hub.c +++ b/drivers/usb/core/hub.c @@ -6292,7 +6292,9 @@ int usb_reset_device(struct usb_device *udev) noio_flag = memalloc_noio_save(); /* Prevent autosuspend during the reset */ - usb_autoresume_device(udev); + ret = usb_autoresume_device(udev); + if (ret < 0) + goto error_autoresume; if (config) { for (i = 0; i < config->desc.bNumInterfaces; ++i) { @@ -6341,6 +6343,7 @@ int usb_reset_device(struct usb_device *udev) } usb_autosuspend_device(udev); +error_autoresume: memalloc_noio_restore(noio_flag); udev->reset_in_progress = 0; return ret; -- 2.42.0.windows.2

4 months, 3 weeks

3
2
0 0

[PATCH] fpga: bridge: incorrect set to clear freeze_illegal_request register

by Kathpalia, Tanmay

From: Tanmay Kathpalia <tanmay.kathpalia(a)altera.com> A Partial Region Controller can be connected to one or more Freeze Bridge. Each Freeze Bridge has an illegal_request bit represented in the freeze_illegal_request register. Thus, instead of just set to clear the illegal_request bit for first Freeze Bridge, we need to ensure the set to clear action is applied to which ever Freeze Bridge that has occurrence of illegal request. Fixes: ca24a648f535 ("fpga: add altera freeze bridge support") Cc: stable(a)vger.kernel.org Signed-off-by: Chiau Ee Chew <chiau.ee.chew(a)intel.com> Signed-off-by: Tanmay Kathpalia <tanmay.kathpalia(a)altera.com> --- drivers/fpga/altera-freeze-bridge.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/fpga/altera-freeze-bridge.c b/drivers/fpga/altera-freeze-bridge.c index 594693ff786e..23e8b2b54355 100644 --- a/drivers/fpga/altera-freeze-bridge.c +++ b/drivers/fpga/altera-freeze-bridge.c @@ -52,7 +52,7 @@ static int altera_freeze_br_req_ack(struct altera_freeze_br_data *priv, if (illegal) { dev_err(dev, "illegal request detected 0x%x", illegal); - writel(1, csr_illegal_req_addr); + writel(illegal, csr_illegal_req_addr); illegal = readl(csr_illegal_req_addr); if (illegal) -- 2.35.3

4 months, 3 weeks

1
0
0 0

[PATCH] scsi: mpi3mr: fix invalid 64-bit phy bitmask calculation

by Fedor Pchelkin

ffs() operates on arguments of type 'int', not generally considered to be 64-bit values. Shifts like (1 << i) can also only be helpful for calculations that are expected to have a range equal to the width of type 'int'. When the left operand is of type 'int', valid values of the shift argument should not exceed the width of this type (almost always 32 bits), otherwise it is considered as undefined behavior. Since there is a need for manipulating the phy mask bits higher than that, perform the calculations directly in 64 bits. Found by Linux Verification Center (linuxtesting.org). Fixes: cb5b60894602 ("scsi: mpi3mr: Increase maximum number of PHYs to 64 from 32") Cc: stable(a)vger.kernel.org Signed-off-by: Fedor Pchelkin <pchelkin(a)ispras.ru> --- drivers/scsi/mpi3mr/mpi3mr_transport.c | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/drivers/scsi/mpi3mr/mpi3mr_transport.c b/drivers/scsi/mpi3mr/mpi3mr_transport.c index 0ba9e6a6a13c..f0da8c0dc55d 100644 --- a/drivers/scsi/mpi3mr/mpi3mr_transport.c +++ b/drivers/scsi/mpi3mr/mpi3mr_transport.c @@ -7,6 +7,7 @@ * */ +#include <linux/bits.h> #include <linux/vmalloc.h> #include "mpi3mr.h" @@ -608,10 +609,12 @@ static void mpi3mr_delete_sas_phy(struct mpi3mr_ioc *mrioc, mr_sas_port->num_phys--; if (host_node) { - mr_sas_port->phy_mask &= ~(1 << mr_sas_phy->phy_id); + mr_sas_port->phy_mask &= ~BIT_ULL(mr_sas_phy->phy_id); - if (mr_sas_port->lowest_phy == mr_sas_phy->phy_id) - mr_sas_port->lowest_phy = ffs(mr_sas_port->phy_mask) - 1; + if (mr_sas_port->lowest_phy == mr_sas_phy->phy_id && + mr_sas_port->phy_mask) + mr_sas_port->lowest_phy = + __ffs64(mr_sas_port->phy_mask) - 1; } sas_port_delete_phy(mr_sas_port->port, mr_sas_phy->phy); mr_sas_phy->phy_belongs_to_port = 0; @@ -639,10 +642,11 @@ static void mpi3mr_add_sas_phy(struct mpi3mr_ioc *mrioc, list_add_tail(&mr_sas_phy->port_siblings, &mr_sas_port->phy_list); mr_sas_port->num_phys++; if (host_node) { - mr_sas_port->phy_mask |= (1 << mr_sas_phy->phy_id); + mr_sas_port->phy_mask |= BIT_ULL(mr_sas_phy->phy_id); if (mr_sas_phy->phy_id < mr_sas_port->lowest_phy) - mr_sas_port->lowest_phy = ffs(mr_sas_port->phy_mask) - 1; + mr_sas_port->lowest_phy = + __ffs64(mr_sas_port->phy_mask) - 1; } sas_port_add_phy(mr_sas_port->port, mr_sas_phy->phy); mr_sas_phy->phy_belongs_to_port = 1; @@ -1396,7 +1400,7 @@ static struct mpi3mr_sas_port *mpi3mr_sas_port_add(struct mpi3mr_ioc *mrioc, &mr_sas_port->phy_list); mr_sas_port->num_phys++; if (mr_sas_node->host_node) - mr_sas_port->phy_mask |= (1 << i); + mr_sas_port->phy_mask |= BIT_ULL(i); } if (!mr_sas_port->num_phys) { @@ -1406,7 +1410,7 @@ static struct mpi3mr_sas_port *mpi3mr_sas_port_add(struct mpi3mr_ioc *mrioc, } if (mr_sas_node->host_node) - mr_sas_port->lowest_phy = ffs(mr_sas_port->phy_mask) - 1; + mr_sas_port->lowest_phy = __ffs64(mr_sas_port->phy_mask) - 1; if (mr_sas_port->remote_identify.device_type == SAS_END_DEVICE) { tgtdev = mpi3mr_get_tgtdev_by_addr(mrioc, @@ -1738,7 +1742,7 @@ mpi3mr_refresh_sas_ports(struct mpi3mr_ioc *mrioc) found = 0; for (j = 0; j < host_port_count; j++) { if (h_port[j].handle == attached_handle) { - h_port[j].phy_mask |= (1 << i); + h_port[j].phy_mask |= BIT_ULL(i); found = 1; break; } @@ -1765,7 +1769,7 @@ mpi3mr_refresh_sas_ports(struct mpi3mr_ioc *mrioc) port_idx = host_port_count; h_port[port_idx].sas_address = le64_to_cpu(sasinf->sas_address); h_port[port_idx].handle = attached_handle; - h_port[port_idx].phy_mask = (1 << i); + h_port[port_idx].phy_mask = BIT_ULL(i); h_port[port_idx].iounit_port_id = sas_io_unit_pg0->phy_data[i].io_unit_port; h_port[port_idx].lowest_phy = sasinf->phy_num; h_port[port_idx].used = 0; -- 2.48.1

4 months, 3 weeks

1
0
0 0

[PATCH v5.10/v5.15/v6.1] x86/i8253: Disable PIT timer 0 when not in use

by Jay Wang

commit 70e6b7d9ae3c63df90a7bba7700e8d5c300c3c60 upstream Leaving the PIT interrupt running can cause noticeable steal time for virtual guests. The VMM generally has a timer which toggles the IRQ input to the PIC and I/O APIC, which takes CPU time away from the guest. Even on real hardware, running the counter may use power needlessly (albeit not much). Make sure it's turned off if it isn't going to be used. Signed-off-by: David Woodhouse <dwmw(a)amazon.co.uk> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Tested-by: Michael Kelley <mhkelley(a)outlook.com> Link: https://lore.kernel.org/all/20240802135555.564941-1-dwmw2@infradead.org Signed-off-by: Jay Wang <wanjay(a)amazon.com> Cc: stable(a)vger.kernel.org #v5.10/v5.15/v6.1 --- arch/x86/kernel/i8253.c | 11 +++++++++-- drivers/clocksource/i8253.c | 13 +++++++++---- include/linux/i8253.h | 1 + 3 files changed, 19 insertions(+), 6 deletions(-) diff --git a/arch/x86/kernel/i8253.c b/arch/x86/kernel/i8253.c index 2b7999a1a50a..80e262bb627f 100644 --- a/arch/x86/kernel/i8253.c +++ b/arch/x86/kernel/i8253.c @@ -8,6 +8,7 @@ #include <linux/timex.h> #include <linux/i8253.h> +#include <asm/hypervisor.h> #include <asm/apic.h> #include <asm/hpet.h> #include <asm/time.h> @@ -39,9 +40,15 @@ static bool __init use_pit(void) bool __init pit_timer_init(void) { - if (!use_pit()) + if (!use_pit()) { + /* + * Don't just ignore the PIT. Ensure it's stopped, because + * VMMs otherwise steal CPU time just to pointlessly waggle + * the (masked) IRQ. + */ + clockevent_i8253_disable(); return false; - + } clockevent_i8253_init(true); global_clock_event = &i8253_clockevent; return true; diff --git a/drivers/clocksource/i8253.c b/drivers/clocksource/i8253.c index d4350bb10b83..cb215e6f2e83 100644 --- a/drivers/clocksource/i8253.c +++ b/drivers/clocksource/i8253.c @@ -108,11 +108,8 @@ int __init clocksource_i8253_init(void) #endif #ifdef CONFIG_CLKEVT_I8253 -static int pit_shutdown(struct clock_event_device *evt) +void clockevent_i8253_disable(void) { - if (!clockevent_state_oneshot(evt) && !clockevent_state_periodic(evt)) - return 0; - raw_spin_lock(&i8253_lock); outb_p(0x30, PIT_MODE); @@ -123,6 +120,14 @@ static int pit_shutdown(struct clock_event_device *evt) } raw_spin_unlock(&i8253_lock); +} + +static int pit_shutdown(struct clock_event_device *evt) +{ + if (!clockevent_state_oneshot(evt) && !clockevent_state_periodic(evt)) + return 0; + + clockevent_i8253_disable(); return 0; } diff --git a/include/linux/i8253.h b/include/linux/i8253.h index 8336b2f6f834..bf169cfef7f1 100644 --- a/include/linux/i8253.h +++ b/include/linux/i8253.h @@ -24,6 +24,7 @@ extern raw_spinlock_t i8253_lock; extern bool i8253_clear_counter_on_shutdown; extern struct clock_event_device i8253_clockevent; extern void clockevent_i8253_init(bool oneshot); +extern void clockevent_i8253_disable(void); extern void setup_pit_timer(void); -- 2.47.1

4 months, 3 weeks

2
2
0 0

[PATCH] scsi: message: fusion: Fix out-of-bounds shift in phy bitmask calculation

by Fedor Pchelkin

In mptsas_setup_wide_ports() the calculation of phy bitmask is a subject to undefined behavior when phy index exceeds the width of type 'int', but is still less than 64. Utilize BIT_ULL macro to fix this. Found by Linux Verification Center (linuxtesting.org) with SVACE static analysis tool. Fixes: 547f9a218436 ("[SCSI] mptsas: wide port support") Cc: stable(a)vger.kernel.org Co-developed-by: Aleksandr Mishin <amishin(a)t-argos.ru> Signed-off-by: Aleksandr Mishin <amishin(a)t-argos.ru> Signed-off-by: Fedor Pchelkin <pchelkin(a)ispras.ru> --- struct mptsas_portinfo_details::phy_bitmask is used only in various logging printks throughout the driver. Another option would be to drop this field completely if it is considered a more appropriate solution.. drivers/message/fusion/mptsas.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/drivers/message/fusion/mptsas.c b/drivers/message/fusion/mptsas.c index 7e79da9684ed..cd95655f1592 100644 --- a/drivers/message/fusion/mptsas.c +++ b/drivers/message/fusion/mptsas.c @@ -43,6 +43,7 @@ */ /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/ +#include <linux/bits.h> #include <linux/module.h> #include <linux/kernel.h> #include <linux/slab.h> @@ -880,7 +881,7 @@ mptsas_setup_wide_ports(MPT_ADAPTER *ioc, struct mptsas_portinfo *port_info) "%s: [%p]: deleting phy = %d\n", ioc->name, __func__, port_details, i)); port_details->num_phys--; - port_details->phy_bitmask &= ~ (1 << phy_info->phy_id); + port_details->phy_bitmask &= ~BIT_ULL(phy_info->phy_id); memset(&phy_info->attached, 0, sizeof(struct mptsas_devinfo)); if (phy_info->phy) { devtprintk(ioc, dev_printk(KERN_DEBUG, @@ -915,7 +916,7 @@ mptsas_setup_wide_ports(MPT_ADAPTER *ioc, struct mptsas_portinfo *port_info) port_details->port_info = port_info; if (phy_info->phy_id < 64 ) port_details->phy_bitmask |= - (1 << phy_info->phy_id); + BIT_ULL(phy_info->phy_id); phy_info->sas_port_add_phy=1; dsaswideprintk(ioc, printk(MYIOC_s_DEBUG_FMT "\t\tForming port\n\t\t" "phy_id=%d sas_address=0x%018llX\n", @@ -957,7 +958,7 @@ mptsas_setup_wide_ports(MPT_ADAPTER *ioc, struct mptsas_portinfo *port_info) phy_info_cmp->port_details = port_details; if (phy_info_cmp->phy_id < 64 ) port_details->phy_bitmask |= - (1 << phy_info_cmp->phy_id); + BIT_ULL(phy_info_cmp->phy_id); port_details->num_phys++; } } -- 2.48.1

4 months, 3 weeks

1
0
0 0

[PATCH net v3] nfp: bpf: Add check for nfp_app_ctrl_msg_alloc()

by Haoxiang Li

Add check for the return value of nfp_app_ctrl_msg_alloc() in nfp_bpf_cmsg_alloc() to prevent null pointer dereference. Fixes: ff3d43f7568c ("nfp: bpf: implement helpers for FW map ops") Cc: stable(a)vger.kernel.org Signed-off-by: Haoxiang Li <haoxiang_li2024(a)163.com> --- Changes in v3: - modify a spell error. Thanks, Kalesh! Changes in v2: - remove the bracket for one single-statement. Thanks, Guru! --- drivers/net/ethernet/netronome/nfp/bpf/cmsg.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/net/ethernet/netronome/nfp/bpf/cmsg.c b/drivers/net/ethernet/netronome/nfp/bpf/cmsg.c index 2ec62c8d86e1..59486fe2ad18 100644 --- a/drivers/net/ethernet/netronome/nfp/bpf/cmsg.c +++ b/drivers/net/ethernet/netronome/nfp/bpf/cmsg.c @@ -20,6 +20,8 @@ nfp_bpf_cmsg_alloc(struct nfp_app_bpf *bpf, unsigned int size) struct sk_buff *skb; skb = nfp_app_ctrl_msg_alloc(bpf->app, size, GFP_KERNEL); + if (!skb) + return NULL; skb_put(skb, size); return skb; -- 2.25.1

4 months, 3 weeks

3
2
0 0

Re: [PATCH 0/2] vsock: fix use-after free and null-ptr-deref

by Luigi Leonardi

<qh6envvnuw45w2omvpufqtbq5k5343ymdzswxrxmczwoe64d6g@a4z5wjdbdw6w> Reply-To: In-Reply-To: <ah4qm66q5q7we7ykhl3uywgrexi7izdxrmfyn2zm3jhswitebt@cz2ipkdgr6yf> On Tue, Feb 18, 2025 at 05:01:31PM +0100, Stefano Garzarella wrote: >> >>No, nothing I can think of. >> >>Note however that the comment above vsock_close() ("Dummy callback >>required >>by sockmap. See unconditional call of saved_close() in >>sock_map_close().") >>becomes somewhat misleading :) >> > >Yeah, we can mention in the commit description of the backport that we >backport it just to reduce conflicts but sockmap features are not >backported. I'd touch as less as possibile in the patch, otherwise IMHO >is better to just fix the conflicts in the 2 patches. > >Thanks, >Stefano > Totally agree with you, will send the backport in a couple of days if nobody has any objections. Luigi

4 months, 3 weeks

1
0
0 0

[PATCH 5.10] f2fs: fix shift-out-of-bounds in parse_options()

by Denis Arefev

No upstream commit exists for this commit. Using an arbitrary value that does not fall into the required range as an argument of the shift operator when outputting an error is wrong in itself. Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1e3/0x2cb lib/dump_stack.c:106 ubsan_epilogue lib/ubsan.c:151 [inline] __ubsan_handle_shift_out_of_bounds+0x3bf/0x420 lib/ubsan.c:321 parse_options+0x4ad6/0x4ae0 fs/f2fs/super.c:919 f2fs_fill_super+0x321b/0x7c40 fs/f2fs/super.c:4214 mount_bdev+0x2c9/0x3f0 fs/super.c:1443 legacy_get_tree+0xeb/0x180 fs/fs_context.c:632 vfs_get_tree+0x88/0x270 fs/super.c:1573 do_new_mount+0x2ba/0xb40 fs/namespace.c:3051 do_mount fs/namespace.c:3394 [inline] __do_sys_mount fs/namespace.c:3602 [inline] __se_sys_mount+0x2d5/0x3c0 fs/namespace.c:3579 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x3b/0xb0 arch/x86/entry/common.c:81 entry_SYSCALL_64_after_hwframe+0x68/0xd2 There is a commit 87161a2b0aed ("f2fs: deprecate io_bits") that completely removes these strings, but it's not practical to backport it. Found by Linux Verification Center (linuxtesting.org) with Syzkaller. Link: syzbot+410500002694f3ff65b1(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=410500002694f3ff65b1 Fixes: ec91538dccd4 ("f2fs: get io size bit from mount option") Signed-off-by: Denis Arefev <arefev(a)swemel.ru> --- fs/f2fs/super.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c index 9afbb51bd678..5fd64bc35f31 100644 --- a/fs/f2fs/super.c +++ b/fs/f2fs/super.c @@ -722,8 +722,8 @@ static int parse_options(struct super_block *sb, char *options, bool is_remount) if (args->from && match_int(args, &arg)) return -EINVAL; if (arg <= 0 || arg > __ilog2_u32(BIO_MAX_PAGES)) { - f2fs_warn(sbi, "Not support %d, larger than %d", - 1 << arg, BIO_MAX_PAGES); + f2fs_warn(sbi, "Not support 2^%d, invalid argument %d", + arg, BIO_MAX_PAGES); return -EINVAL; } F2FS_OPTION(sbi).write_io_size_bits = arg; -- 2.43.0

4 months, 3 weeks

1
0
0 0

[PATCH 5.15] f2fs: fix shift-out-of-bounds in parse_options()

by Denis Arefev

No upstream commit exists for this commit. Using an arbitrary value that does not fall into the required range as an argument of the shift operator when outputting an error is wrong in itself. Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1e3/0x2cb lib/dump_stack.c:106 ubsan_epilogue lib/ubsan.c:151 [inline] __ubsan_handle_shift_out_of_bounds+0x3bf/0x420 lib/ubsan.c:321 parse_options+0x4ad6/0x4ae0 fs/f2fs/super.c:919 f2fs_fill_super+0x321b/0x7c40 fs/f2fs/super.c:4214 mount_bdev+0x2c9/0x3f0 fs/super.c:1443 legacy_get_tree+0xeb/0x180 fs/fs_context.c:632 vfs_get_tree+0x88/0x270 fs/super.c:1573 do_new_mount+0x2ba/0xb40 fs/namespace.c:3051 do_mount fs/namespace.c:3394 [inline] __do_sys_mount fs/namespace.c:3602 [inline] __se_sys_mount+0x2d5/0x3c0 fs/namespace.c:3579 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x3b/0xb0 arch/x86/entry/common.c:81 entry_SYSCALL_64_after_hwframe+0x68/0xd2 There is a commit 87161a2b0aed ("f2fs: deprecate io_bits") that completely removes these strings, but it's not practical to backport it. Found by Linux Verification Center (linuxtesting.org) with Syzkaller. Link: syzbot+410500002694f3ff65b1(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=410500002694f3ff65b1 Fixes: ec91538dccd4 ("f2fs: get io size bit from mount option") Signed-off-by: Denis Arefev <arefev(a)swemel.ru> --- fs/f2fs/super.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c index f8aaff9b1784..c0fa7d785f3c 100644 --- a/fs/f2fs/super.c +++ b/fs/f2fs/super.c @@ -891,8 +891,8 @@ static int parse_options(struct super_block *sb, char *options, bool is_remount) if (args->from && match_int(args, &arg)) return -EINVAL; if (arg <= 0 || arg > __ilog2_u32(BIO_MAX_VECS)) { - f2fs_warn(sbi, "Not support %d, larger than %d", - 1 << arg, BIO_MAX_VECS); + f2fs_warn(sbi, "Not support 2^%d, invalid argument %d", + arg, BIO_MAX_VECS); return -EINVAL; } F2FS_OPTION(sbi).write_io_size_bits = arg; -- 2.43.0

4 months, 3 weeks

1
0
0 0

[PATCH 6.1] f2fs: fix shift-out-of-bounds in parse_options()

by Denis Arefev

No upstream commit exists for this commit. Using an arbitrary value that does not fall into the required range as an argument of the shift operator when outputting an error is wrong in itself. Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1e3/0x2cb lib/dump_stack.c:106 ubsan_epilogue lib/ubsan.c:151 [inline] __ubsan_handle_shift_out_of_bounds+0x3bf/0x420 lib/ubsan.c:321 parse_options+0x4ad6/0x4ae0 fs/f2fs/super.c:919 f2fs_fill_super+0x321b/0x7c40 fs/f2fs/super.c:4214 mount_bdev+0x2c9/0x3f0 fs/super.c:1443 legacy_get_tree+0xeb/0x180 fs/fs_context.c:632 vfs_get_tree+0x88/0x270 fs/super.c:1573 do_new_mount+0x2ba/0xb40 fs/namespace.c:3051 do_mount fs/namespace.c:3394 [inline] __do_sys_mount fs/namespace.c:3602 [inline] __se_sys_mount+0x2d5/0x3c0 fs/namespace.c:3579 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x3b/0xb0 arch/x86/entry/common.c:81 entry_SYSCALL_64_after_hwframe+0x68/0xd2 There is a commit 87161a2b0aed ("f2fs: deprecate io_bits") that completely removes these strings, but it's not practical to backport it. Found by Linux Verification Center (linuxtesting.org) with Syzkaller. Link: syzbot+410500002694f3ff65b1(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=410500002694f3ff65b1 Fixes: ec91538dccd4 ("f2fs: get io size bit from mount option") Signed-off-by: Denis Arefev <arefev(a)swemel.ru> --- fs/f2fs/super.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c index 72160b906f4b..7d7766761fe4 100644 --- a/fs/f2fs/super.c +++ b/fs/f2fs/super.c @@ -916,8 +916,8 @@ static int parse_options(struct super_block *sb, char *options, bool is_remount) if (args->from && match_int(args, &arg)) return -EINVAL; if (arg <= 0 || arg > __ilog2_u32(BIO_MAX_VECS)) { - f2fs_warn(sbi, "Not support %ld, larger than %d", - BIT(arg), BIO_MAX_VECS); + f2fs_warn(sbi, "Not support 2^%d, invalid argument %d", + arg, BIO_MAX_VECS); return -EINVAL; } F2FS_OPTION(sbi).write_io_size_bits = arg; -- 2.43.0

4 months, 3 weeks

1
0
0 0

[PATCH v2] soc: loongson: loongson2_guts: Add check for devm_kstrdup()

by Haoxiang Li

Add check for the return value of devm_kstrdup() in loongson2_guts_probe() to catch potential exception. Fixes: b82621ac8450 ("soc: loongson: add GUTS driver for loongson-2 platforms") Cc: stable(a)vger.kernel.org Signed-off-by: Haoxiang Li <haoxiang_li2024(a)163.com> --- Changes in v2: - modify the check position. Thanks, Binbin! - modify the title description. --- drivers/soc/loongson/loongson2_guts.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/soc/loongson/loongson2_guts.c b/drivers/soc/loongson/loongson2_guts.c index ae42e3a9127f..16913c3ef65c 100644 --- a/drivers/soc/loongson/loongson2_guts.c +++ b/drivers/soc/loongson/loongson2_guts.c @@ -114,8 +114,11 @@ static int loongson2_guts_probe(struct platform_device *pdev) if (of_property_read_string(root, "model", &machine)) of_property_read_string_index(root, "compatible", 0, &machine); of_node_put(root); - if (machine) + if (machine) { soc_dev_attr.machine = devm_kstrdup(dev, machine, GFP_KERNEL); + if (!soc_dev_attr.machine) + return -ENOMEM; + } svr = loongson2_guts_get_svr(); soc_die = loongson2_soc_die_match(svr, loongson2_soc_die); -- 2.25.1

4 months, 3 weeks

1
0
0 0

[PATCH v3 3/5] misc: pci_endpoint_test: Fix irq_type to convey the correct type

by Kunihiko Hayashi

There are two variables that indicate the interrupt type to be used in the next test execution, "irq_type" as global and test->irq_type. The global is referenced from pci_endpoint_test_get_irq() to preserve the current type for ioctl(PCITEST_GET_IRQTYPE). The type set in this function isn't reflected in the global "irq_type", so ioctl(PCITEST_GET_IRQTYPE) returns the previous type. As a result, the wrong type will be displayed in "pcitest" as follows: # pcitest -i 0 SET IRQ TYPE TO LEGACY: OKAY # pcitest -I GET IRQ TYPE: MSI Fix this issue by propagating the current type to the global "irq_type". Cc: stable(a)vger.kernel.org Fixes: b2ba9225e031 ("misc: pci_endpoint_test: Avoid using module parameter to determine irqtype") Signed-off-by: Kunihiko Hayashi <hayashi.kunihiko(a)socionext.com> --- drivers/misc/pci_endpoint_test.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/misc/pci_endpoint_test.c b/drivers/misc/pci_endpoint_test.c index f13fa32ef91a..6a0972e7674f 100644 --- a/drivers/misc/pci_endpoint_test.c +++ b/drivers/misc/pci_endpoint_test.c @@ -829,6 +829,7 @@ static int pci_endpoint_test_set_irq(struct pci_endpoint_test *test, return ret; } + irq_type = test->irq_type; return 0; } -- 2.25.1

4 months, 3 weeks

3
6
0 0

[PATCH v2 2/5] ftrace: Do not add duplicate entries in subops manager ops

by Steven Rostedt

From: Steven Rostedt <rostedt(a)goodmis.org> Check if a function is already in the manager ops of a subops. A manager ops contains multiple subops, and if two or more subops are tracing the same function, the manager ops only needs a single entry in its hash. Cc: stable(a)vger.kernel.org Fixes: 4f554e955614f ("ftrace: Add ftrace_set_filter_ips function") Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- kernel/trace/ftrace.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c index 03b35a05808c..189eb0a12f4b 100644 --- a/kernel/trace/ftrace.c +++ b/kernel/trace/ftrace.c @@ -5717,6 +5717,9 @@ __ftrace_match_addr(struct ftrace_hash *hash, unsigned long ip, int remove) return -ENOENT; free_hash_entry(hash, entry); return 0; + } else if (__ftrace_lookup_ip(hash, ip) != NULL) { + /* Already exists */ + return 0; } entry = add_hash_entry(hash, ip); -- 2.47.2

4 months, 3 weeks

2
1
0 0

[PATCH] drivers: loongson: Add check for devm_kstrdup()

by Haoxiang Li

Add check for the return value of devm_kstrdup() in loongson2_guts_probe() to catch potential exception. Fixes: b82621ac8450 ("soc: loongson: add GUTS driver for loongson-2 platforms") Cc: stable(a)vger.kernel.org Signed-off-by: Haoxiang Li <haoxiang_li2024(a)163.com> --- drivers/soc/loongson/loongson2_guts.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/soc/loongson/loongson2_guts.c b/drivers/soc/loongson/loongson2_guts.c index ae42e3a9127f..26212cfcf6b0 100644 --- a/drivers/soc/loongson/loongson2_guts.c +++ b/drivers/soc/loongson/loongson2_guts.c @@ -117,6 +117,8 @@ static int loongson2_guts_probe(struct platform_device *pdev) if (machine) soc_dev_attr.machine = devm_kstrdup(dev, machine, GFP_KERNEL); + if (!soc_dev_attr.machine) + return -ENOMEM; svr = loongson2_guts_get_svr(); soc_die = loongson2_soc_die_match(svr, loongson2_soc_die); if (soc_die) { -- 2.25.1

4 months, 3 weeks

2
1
0 0

[PATCH] smb: client: Add check for next_buffer in receive_encrypted_standard()

by Haoxiang Li

Add check for the return value of cifs_buf_get() and cifs_small_buf_get() in receive_encrypted_standard() to prevent null pointer dereference. Fixes: eec04ea11969 ("smb: client: fix OOB in receive_encrypted_standard()") Cc: stable(a)vger.kernel.org Signed-off-by: Haoxiang Li <haoxiang_li2024(a)163.com> --- fs/smb/client/smb2ops.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/fs/smb/client/smb2ops.c b/fs/smb/client/smb2ops.c index ec36bed54b0b..2ca8fe196051 100644 --- a/fs/smb/client/smb2ops.c +++ b/fs/smb/client/smb2ops.c @@ -4964,6 +4964,10 @@ receive_encrypted_standard(struct TCP_Server_Info *server, next_buffer = (char *)cifs_buf_get(); else next_buffer = (char *)cifs_small_buf_get(); + if (!next_buffer) { + cifs_server_dbg(VFS, "No memory for (large) SMB response\n"); + return -1; + } memcpy(next_buffer, buf + next_cmd, pdu_length - next_cmd); } -- 2.25.1

4 months, 3 weeks

2
1
0 0

[PATCH v2 4/5] fprobe: Fix accounting of when to unregister from function graph

by Steven Rostedt

From: Steven Rostedt <rostedt(a)goodmis.org> When adding a new fprobe, it will update the function hash to the functions the fprobe is attached to and register with function graph to have it call the registered functions. The fprobe_graph_active variable keeps track of the number of fprobes that are using function graph. If two fprobes attach to the same function, it increments the fprobe_graph_active for each of them. But when they are removed, the first fprobe to be removed will see that the function it is attached to is also used by another fprobe and it will not remove that function from function_graph. The logic will skip decrementing the fprobe_graph_active variable. This causes the fprobe_graph_active variable to not go to zero when all fprobes are removed, and in doing so it does not unregister from function graph. As the fgraph ops hash will now be empty, and an empty filter hash means all functions are enabled, this triggers function graph to add a callback to the fprobe infrastructure for every function! # echo "f:myevent1 kernel_clone" >> /sys/kernel/tracing/dynamic_events # echo "f:myevent2 kernel_clone%return" >> /sys/kernel/tracing/dynamic_events # cat /sys/kernel/tracing/enabled_functions kernel_clone (1) tramp: 0xffffffffc0024000 (ftrace_graph_func+0x0/0x60) ->ftrace_graph_func+0x0/0x60 # > /sys/kernel/tracing/dynamic_events # cat /sys/kernel/tracing/enabled_functions trace_initcall_start_cb (1) tramp: 0xffffffffc0026000 (function_trace_call+0x0/0x170) ->function_trace_call+0x0/0x170 run_init_process (1) tramp: 0xffffffffc0026000 (function_trace_call+0x0/0x170) ->function_trace_call+0x0/0x170 try_to_run_init_process (1) tramp: 0xffffffffc0026000 (function_trace_call+0x0/0x170) ->function_trace_call+0x0/0x170 x86_pmu_show_pmu_cap (1) tramp: 0xffffffffc0026000 (function_trace_call+0x0/0x170) ->function_trace_call+0x0/0x170 cleanup_rapl_pmus (1) tramp: 0xffffffffc0026000 (function_trace_call+0x0/0x170) ->function_trace_call+0x0/0x170 uncore_free_pcibus_map (1) tramp: 0xffffffffc0026000 (function_trace_call+0x0/0x170) ->function_trace_call+0x0/0x170 uncore_types_exit (1) tramp: 0xffffffffc0026000 (function_trace_call+0x0/0x170) ->function_trace_call+0x0/0x170 uncore_pci_exit.part.0 (1) tramp: 0xffffffffc0026000 (function_trace_call+0x0/0x170) ->function_trace_call+0x0/0x170 kvm_shutdown (1) tramp: 0xffffffffc0026000 (function_trace_call+0x0/0x170) ->function_trace_call+0x0/0x170 vmx_dump_msrs (1) tramp: 0xffffffffc0026000 (function_trace_call+0x0/0x170) ->function_trace_call+0x0/0x170 [..] # cat /sys/kernel/tracing/enabled_functions | wc -l 54702 If a fprobe is being removed and all its functions are also traced by other fprobes, still decrement the fprobe_graph_active counter. Cc: stable(a)vger.kernel.org Fixes: 4346ba1604093 ("fprobe: Rewrite fprobe on function-graph tracer") Closes: https://lore.kernel.org/all/20250217114918.10397-A-hca@linux.ibm.com/ Reported-by: Heiko Carstens <hca(a)linux.ibm.com> Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- Changes since v1: https://lore.kernel.org/20250218193126.619197190@goodmis.org - Move the check into fprobe_graph_remove_ips() to keep it matching with fprobe_graph_add_ips() (Masami Hiramatsu) kernel/trace/fprobe.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/kernel/trace/fprobe.c b/kernel/trace/fprobe.c index 62e8f7d56602..33082c4e8154 100644 --- a/kernel/trace/fprobe.c +++ b/kernel/trace/fprobe.c @@ -407,7 +407,8 @@ static void fprobe_graph_remove_ips(unsigned long *addrs, int num) if (!fprobe_graph_active) unregister_ftrace_graph(&fprobe_graph_ops); - ftrace_set_filter_ips(&fprobe_graph_ops.ops, addrs, num, 1, 0); + if (num) + ftrace_set_filter_ips(&fprobe_graph_ops.ops, addrs, num, 1, 0); } static int symbols_cmp(const void *a, const void *b) @@ -677,8 +678,7 @@ int unregister_fprobe(struct fprobe *fp) } del_fprobe_hash(fp); - if (count) - fprobe_graph_remove_ips(addrs, count); + fprobe_graph_remove_ips(addrs, count); kfree_rcu(hlist_array, rcu); fp->hlist_array = NULL; -- 2.47.2

4 months, 3 weeks

2
1
0 0

[PATCH v2 3/5] fprobe: Always unregister fgraph function from ops

by Steven Rostedt

From: Steven Rostedt <rostedt(a)goodmis.org> When the last fprobe is removed, it calls unregister_ftrace_graph() to remove the graph_ops from function graph. The issue is when it does so, it calls return before removing the function from its graph ops via ftrace_set_filter_ips(). This leaves the last function lingering in the fprobe's fgraph ops and if a probe is added it also enables that last function (even though the callback will just drop it, it does add unneeded overhead to make that call). # echo "f:myevent1 kernel_clone" >> /sys/kernel/tracing/dynamic_events # cat /sys/kernel/tracing/enabled_functions kernel_clone (1) tramp: 0xffffffffc02f3000 (ftrace_graph_func+0x0/0x60) ->ftrace_graph_func+0x0/0x60 # echo "f:myevent2 schedule_timeout" >> /sys/kernel/tracing/dynamic_events # cat /sys/kernel/tracing/enabled_functions kernel_clone (1) tramp: 0xffffffffc02f3000 (ftrace_graph_func+0x0/0x60) ->ftrace_graph_func+0x0/0x60 schedule_timeout (1) tramp: 0xffffffffc02f3000 (ftrace_graph_func+0x0/0x60) ->ftrace_graph_func+0x0/0x60 # > /sys/kernel/tracing/dynamic_events # cat /sys/kernel/tracing/enabled_functions # echo "f:myevent3 kmem_cache_free" >> /sys/kernel/tracing/dynamic_events # cat /sys/kernel/tracing/enabled_functions kmem_cache_free (1) tramp: 0xffffffffc0219000 (ftrace_graph_func+0x0/0x60) ->ftrace_graph_func+0x0/0x60 schedule_timeout (1) tramp: 0xffffffffc0219000 (ftrace_graph_func+0x0/0x60) ->ftrace_graph_func+0x0/0x60 The above enabled a fprobe on kernel_clone, and then on schedule_timeout. The content of the enabled_functions shows the functions that have a callback attached to them. The fprobe attached to those functions properly. Then the fprobes were cleared, and enabled_functions was empty after that. But after adding a fprobe on kmem_cache_free, the enabled_functions shows that the schedule_timeout was attached again. This is because it was still left in the fprobe ops that is used to tell function graph what functions it wants callbacks from. Cc: stable(a)vger.kernel.org Fixes: 4346ba1604093 ("fprobe: Rewrite fprobe on function-graph tracer") Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- kernel/trace/fprobe.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/kernel/trace/fprobe.c b/kernel/trace/fprobe.c index 2560b312ad57..62e8f7d56602 100644 --- a/kernel/trace/fprobe.c +++ b/kernel/trace/fprobe.c @@ -403,11 +403,9 @@ static void fprobe_graph_remove_ips(unsigned long *addrs, int num) lockdep_assert_held(&fprobe_mutex); fprobe_graph_active--; - if (!fprobe_graph_active) { - /* Q: should we unregister it ? */ + /* Q: should we unregister it ? */ + if (!fprobe_graph_active) unregister_ftrace_graph(&fprobe_graph_ops); - return; - } ftrace_set_filter_ips(&fprobe_graph_ops.ops, addrs, num, 1, 0); } -- 2.47.2

4 months, 3 weeks

2
1
0 0

[PATCH v3] arm: pgtable: fix NULL pointer dereference issue

by Qi Zheng

When update_mmu_cache_range() is called by update_mmu_cache(), the vmf parameter is NULL, which will cause a NULL pointer dereference issue in adjust_pte(): Unable to handle kernel NULL pointer dereference at virtual address 00000030 when read Hardware name: Atmel AT91SAM9 PC is at update_mmu_cache_range+0x1e0/0x278 LR is at pte_offset_map_rw_nolock+0x18/0x2c Call trace: update_mmu_cache_range from remove_migration_pte+0x29c/0x2ec remove_migration_pte from rmap_walk_file+0xcc/0x130 rmap_walk_file from remove_migration_ptes+0x90/0xa4 remove_migration_ptes from migrate_pages_batch+0x6d4/0x858 migrate_pages_batch from migrate_pages+0x188/0x488 migrate_pages from compact_zone+0x56c/0x954 compact_zone from compact_node+0x90/0xf0 compact_node from kcompactd+0x1d4/0x204 kcompactd from kthread+0x120/0x12c kthread from ret_from_fork+0x14/0x38 Exception stack(0xc0d8bfb0 to 0xc0d8bff8) To fix it, do not rely on whether 'ptl' is equal to decide whether to hold the pte lock, but decide it by whether CONFIG_SPLIT_PTE_PTLOCKS is enabled. In addition, if two vmas map to the same PTE page, there is no need to hold the pte lock again, otherwise a deadlock will occur. Just add the need_lock parameter to let adjust_pte() know this information. Reported-by: Ezra Buehler <ezra.buehler(a)husqvarnagroup.com> Closes: https://lore.kernel.org/lkml/CAM1KZSmZ2T_riHvay+7cKEFxoPgeVpHkVFTzVVEQ1BO0c… Fixes: fc9c45b71f43 ("arm: adjust_pte() use pte_offset_map_rw_nolock()") Cc: stable(a)vger.kernel.org Signed-off-by: Qi Zheng <zhengqi.arch(a)bytedance.com> Acked-by: David Hildenbrand <david(a)redhat.com> --- Changes in v3: - move pmd_start_addr and pmd_end_addr to the top and initialize directly (David Hildenbrand) - collect an Acked-by Changes in v2: - change Ezra's email address (Ezra Buehler) - some cleanups (David Hildenbrand) arch/arm/mm/fault-armv.c | 37 +++++++++++++++++++++++++------------ 1 file changed, 25 insertions(+), 12 deletions(-) diff --git a/arch/arm/mm/fault-armv.c b/arch/arm/mm/fault-armv.c index 2bec87c3327d2..39fd5df733178 100644 --- a/arch/arm/mm/fault-armv.c +++ b/arch/arm/mm/fault-armv.c @@ -62,7 +62,7 @@ static int do_adjust_pte(struct vm_area_struct *vma, unsigned long address, } static int adjust_pte(struct vm_area_struct *vma, unsigned long address, - unsigned long pfn, struct vm_fault *vmf) + unsigned long pfn, bool need_lock) { spinlock_t *ptl; pgd_t *pgd; @@ -99,12 +99,11 @@ static int adjust_pte(struct vm_area_struct *vma, unsigned long address, if (!pte) return 0; - /* - * If we are using split PTE locks, then we need to take the page - * lock here. Otherwise we are using shared mm->page_table_lock - * which is already locked, thus cannot take it. - */ - if (ptl != vmf->ptl) { + if (need_lock) { + /* + * Use nested version here to indicate that we are already + * holding one similar spinlock. + */ spin_lock_nested(ptl, SINGLE_DEPTH_NESTING); if (unlikely(!pmd_same(pmdval, pmdp_get_lockless(pmd)))) { pte_unmap_unlock(pte, ptl); @@ -114,7 +113,7 @@ static int adjust_pte(struct vm_area_struct *vma, unsigned long address, ret = do_adjust_pte(vma, address, pfn, pte); - if (ptl != vmf->ptl) + if (need_lock) spin_unlock(ptl); pte_unmap(pte); @@ -123,9 +122,10 @@ static int adjust_pte(struct vm_area_struct *vma, unsigned long address, static void make_coherent(struct address_space *mapping, struct vm_area_struct *vma, - unsigned long addr, pte_t *ptep, unsigned long pfn, - struct vm_fault *vmf) + unsigned long addr, pte_t *ptep, unsigned long pfn) { + const unsigned long pmd_start_addr = ALIGN_DOWN(addr, PMD_SIZE); + const unsigned long pmd_end_addr = pmd_start_addr + PMD_SIZE; struct mm_struct *mm = vma->vm_mm; struct vm_area_struct *mpnt; unsigned long offset; @@ -141,6 +141,14 @@ make_coherent(struct address_space *mapping, struct vm_area_struct *vma, */ flush_dcache_mmap_lock(mapping); vma_interval_tree_foreach(mpnt, &mapping->i_mmap, pgoff, pgoff) { + /* + * If we are using split PTE locks, then we need to take the pte + * lock. Otherwise we are using shared mm->page_table_lock which + * is already locked, thus cannot take it. + */ + bool need_lock = IS_ENABLED(CONFIG_SPLIT_PTE_PTLOCKS); + unsigned long mpnt_addr; + /* * If this VMA is not in our MM, we can ignore it. * Note that we intentionally mask out the VMA @@ -151,7 +159,12 @@ make_coherent(struct address_space *mapping, struct vm_area_struct *vma, if (!(mpnt->vm_flags & VM_MAYSHARE)) continue; offset = (pgoff - mpnt->vm_pgoff) << PAGE_SHIFT; - aliases += adjust_pte(mpnt, mpnt->vm_start + offset, pfn, vmf); + mpnt_addr = mpnt->vm_start + offset; + + /* Avoid deadlocks by not grabbing the same PTE lock again. */ + if (mpnt_addr >= pmd_start_addr && mpnt_addr < pmd_end_addr) + need_lock = false; + aliases += adjust_pte(mpnt, mpnt_addr, pfn, need_lock); } flush_dcache_mmap_unlock(mapping); if (aliases) @@ -194,7 +207,7 @@ void update_mmu_cache_range(struct vm_fault *vmf, struct vm_area_struct *vma, __flush_dcache_folio(mapping, folio); if (mapping) { if (cache_is_vivt()) - make_coherent(mapping, vma, addr, ptep, pfn, vmf); + make_coherent(mapping, vma, addr, ptep, pfn); else if (vma->vm_flags & VM_EXEC) __flush_icache_all(); } -- 2.20.1

4 months, 3 weeks

2
2
0 0

+ mm-hugetlb-wait-for-hugetlb-folios-to-be-freed.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/hugetlb: wait for hugetlb folios to be freed has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-hugetlb-wait-for-hugetlb-folios-to-be-freed.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Ge Yang <yangge1116(a)126.com> Subject: mm/hugetlb: wait for hugetlb folios to be freed Date: Wed, 19 Feb 2025 11:46:44 +0800 Since the introduction of commit c77c0a8ac4c52 ("mm/hugetlb: defer freeing of huge pages if in non-task context"), which supports deferring the freeing of hugetlb pages, the allocation of contiguous memory through cma_alloc() may fail probabilistically. In the CMA allocation process, if it is found that the CMA area is occupied by in-use hugetlb folios, these in-use hugetlb folios need to be migrated to another location. When there are no available hugetlb folios in the free hugetlb pool during the migration of in-use hugetlb folios, new folios are allocated from the buddy system. A temporary state is set on the newly allocated folio. Upon completion of the hugetlb folio migration, the temporary state is transferred from the new folios to the old folios. Normally, when the old folios with the temporary state are freed, it is directly released back to the buddy system. However, due to the deferred freeing of hugetlb pages, the PageBuddy() check fails, ultimately leading to the failure of cma_alloc(). Here is a simplified call trace illustrating the process: cma_alloc() ->__alloc_contig_migrate_range() // Migrate in-use hugetlb folios ->unmap_and_move_huge_page() ->folio_putback_hugetlb() // Free old folios ->test_pages_isolated() ->__test_page_isolated_in_pageblock() ->PageBuddy(page) // Check if the page is in buddy To resolve this issue, we have implemented a function named wait_for_freed_hugetlb_folios(). This function ensures that the hugetlb folios are properly released back to the buddy system after their migration is completed. By invoking wait_for_freed_hugetlb_folios() before calling PageBuddy(), we ensure that PageBuddy() will succeed. Link: https://lkml.kernel.org/r/1739936804-18199-1-git-send-email-yangge1116@126.… Fixes: c77c0a8ac4c52 ("mm/hugetlb: defer freeing of huge pages if in non-task context") Signed-off-by: Ge Yang <yangge1116(a)126.com> Reviewed-by: Muchun Song <muchun.song(a)linux.dev> Acked-by: David Hildenbrand <david(a)redhat.com> Cc: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: Barry Song <21cnbao(a)gmail.com> Cc: Oscar Salvador <osalvador(a)suse.de> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/hugetlb.h | 5 +++++ mm/hugetlb.c | 8 ++++++++ mm/page_isolation.c | 10 ++++++++++ 3 files changed, 23 insertions(+) --- a/include/linux/hugetlb.h~mm-hugetlb-wait-for-hugetlb-folios-to-be-freed +++ a/include/linux/hugetlb.h @@ -682,6 +682,7 @@ struct huge_bootmem_page { int isolate_or_dissolve_huge_page(struct page *page, struct list_head *list); int replace_free_hugepage_folios(unsigned long start_pfn, unsigned long end_pfn); +void wait_for_freed_hugetlb_folios(void); struct folio *alloc_hugetlb_folio(struct vm_area_struct *vma, unsigned long addr, bool cow_from_owner); struct folio *alloc_hugetlb_folio_nodemask(struct hstate *h, int preferred_nid, @@ -1066,6 +1067,10 @@ static inline int replace_free_hugepage_ return 0; } +static inline void wait_for_freed_hugetlb_folios(void) +{ +} + static inline struct folio *alloc_hugetlb_folio(struct vm_area_struct *vma, unsigned long addr, bool cow_from_owner) --- a/mm/hugetlb.c~mm-hugetlb-wait-for-hugetlb-folios-to-be-freed +++ a/mm/hugetlb.c @@ -2943,6 +2943,14 @@ int replace_free_hugepage_folios(unsigne return ret; } +void wait_for_freed_hugetlb_folios(void) +{ + if (llist_empty(&hpage_freelist)) + return; + + flush_work(&free_hpage_work); +} + typedef enum { /* * For either 0/1: we checked the per-vma resv map, and one resv --- a/mm/page_isolation.c~mm-hugetlb-wait-for-hugetlb-folios-to-be-freed +++ a/mm/page_isolation.c @@ -608,6 +608,16 @@ int test_pages_isolated(unsigned long st int ret; /* + * Due to the deferred freeing of hugetlb folios, the hugepage folios may + * not immediately release to the buddy system. This can cause PageBuddy() + * to fail in __test_page_isolated_in_pageblock(). To ensure that the + * hugetlb folios are properly released back to the buddy system, we + * invoke the wait_for_freed_hugetlb_folios() function to wait for the + * release to complete. + */ + wait_for_freed_hugetlb_folios(); + + /* * Note: pageblock_nr_pages != MAX_PAGE_ORDER. Then, chunks of free * pages are not aligned to pageblock_nr_pages. * Then we just check migratetype first. _ Patches currently in -mm which might be from yangge1116(a)126.com are mm-hugetlb-wait-for-hugetlb-folios-to-be-freed.patch

4 months, 3 weeks

1
0
0 0

[PATCH v2] jfs: fix slab-out-of-bounds read in ea_get()

by Qasim Ijaz

During the "size_check" label in ea_get(), the code checks if the extended attribute list (xattr) size matches ea_size. If not, it logs "ea_get: invalid extended attribute" and calls print_hex_dump(). Here, EALIST_SIZE(ea_buf->xattr) returns 4110417968, which exceeds INT_MAX (2,147,483,647). Then ea_size is clamped: int size = clamp_t(int, ea_size, 0, EALIST_SIZE(ea_buf->xattr)); Although clamp_t aims to bound ea_size between 0 and 4110417968, the upper limit is treated as an int, causing an overflow above 2^31 - 1. This leads "size" to wrap around and become negative (-184549328). The "size" is then passed to print_hex_dump() (called "len" in print_hex_dump()), it is passed as type size_t (an unsigned type), this is then stored inside a variable called "int remaining", which is then assigned to "int linelen" which is then passed to hex_dump_to_buffer(). In print_hex_dump() the for loop, iterates through 0 to len-1, where len is 18446744073525002176, calling hex_dump_to_buffer() on each iteration: for (i = 0; i < len; i += rowsize) { linelen = min(remaining, rowsize); remaining -= rowsize; hex_dump_to_buffer(ptr + i, linelen, rowsize, groupsize, linebuf, sizeof(linebuf), ascii); ... } The expected stopping condition (i < len) is effectively broken since len is corrupted and very large. This eventually leads to the "ptr+i" being passed to hex_dump_to_buffer() to get closer to the end of the actual bounds of "ptr", eventually an out of bounds access is done in hex_dump_to_buffer() in the following for loop: for (j = 0; j < len; j++) { if (linebuflen < lx + 2) goto overflow2; ch = ptr[j]; ... } To fix this we should validate "EALIST_SIZE(ea_buf->xattr)" before it is utilised. Reported-by: syzbot <syzbot+4e6e7e4279d046613bc5(a)syzkaller.appspotmail.com> Tested-by: syzbot <syzbot+4e6e7e4279d046613bc5(a)syzkaller.appspotmail.com> Closes: https://syzkaller.appspot.com/bug?extid=4e6e7e4279d046613bc5 Fixes: d9f9d96136cb ("jfs: xattr: check invalid xattr size more strictly") Cc: stable(a)vger.kernel.org Signed-off-by: Qasim Ijaz <qasdev00(a)gmail.com> --- v2: - Added Cc stable tag fs/jfs/xattr.c | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/fs/jfs/xattr.c b/fs/jfs/xattr.c index 24afbae87225..7575c51cce9b 100644 --- a/fs/jfs/xattr.c +++ b/fs/jfs/xattr.c @@ -559,11 +555,16 @@ static int ea_get(struct inode *inode, struct ea_buffer *ea_buf, int min_size) size_check: if (EALIST_SIZE(ea_buf->xattr) != ea_size) { - int size = clamp_t(int, ea_size, 0, EALIST_SIZE(ea_buf->xattr)); - - printk(KERN_ERR "ea_get: invalid extended attribute\n"); - print_hex_dump(KERN_ERR, "", DUMP_PREFIX_ADDRESS, 16, 1, - ea_buf->xattr, size, 1); + if (unlikely(EALIST_SIZE(ea_buf->xattr) > INT_MAX)) { + printk(KERN_ERR "ea_get: extended attribute size too large: %u > INT_MAX\n", + EALIST_SIZE(ea_buf->xattr)); + } else { + int size = clamp_t(int, ea_size, 0, EALIST_SIZE(ea_buf->xattr)); + + printk(KERN_ERR "ea_get: invalid extended attribute\n"); + print_hex_dump(KERN_ERR, "", DUMP_PREFIX_ADDRESS, 16, 1, + ea_buf->xattr, size, 1); + } ea_release(inode, ea_buf); rc = -EIO; goto clean_up; -- 2.39.5

4 months, 3 weeks

2
1
0 0

FAILED: patch "[PATCH] s390/dasd: Use correct lock while counting channel queue" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x ccc45cb4e7271c74dbb27776ae8f73d84557f5c6 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2023061111-tracing-shakiness-9054@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ccc45cb4e7271c74dbb27776ae8f73d84557f5c6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20H=C3=B6ppner?= <hoeppner(a)linux.ibm.com> Date: Fri, 9 Jun 2023 17:37:50 +0200 Subject: [PATCH] s390/dasd: Use correct lock while counting channel queue length MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The lock around counting the channel queue length in the BIODASDINFO ioctl was incorrectly changed to the dasd_block->queue_lock with commit 583d6535cb9d ("dasd: remove dead code"). This can lead to endless list iterations and a subsequent crash. The queue_lock is supposed to be used only for queue lists belonging to dasd_block. For dasd_device related queue lists the ccwdev lock must be used. Fix the mentioned issues by correctly using the ccwdev lock instead of the queue lock. Fixes: 583d6535cb9d ("dasd: remove dead code") Cc: stable(a)vger.kernel.org # v5.0+ Signed-off-by: Jan Höppner <hoeppner(a)linux.ibm.com> Reviewed-by: Stefan Haberland <sth(a)linux.ibm.com> Signed-off-by: Stefan Haberland <sth(a)linux.ibm.com> Link: https://lore.kernel.org/r/20230609153750.1258763-2-sth@linux.ibm.com Signed-off-by: Jens Axboe <axboe(a)kernel.dk> diff --git a/drivers/s390/block/dasd_ioctl.c b/drivers/s390/block/dasd_ioctl.c index 9327dcdd6e5e..8fca725b3dae 100644 --- a/drivers/s390/block/dasd_ioctl.c +++ b/drivers/s390/block/dasd_ioctl.c @@ -552,10 +552,10 @@ static int __dasd_ioctl_information(struct dasd_block *block, memcpy(dasd_info->type, base->discipline->name, 4); - spin_lock_irqsave(&block->queue_lock, flags); + spin_lock_irqsave(get_ccwdev_lock(base->cdev), flags); list_for_each(l, &base->ccw_queue) dasd_info->chanq_len++; - spin_unlock_irqrestore(&block->queue_lock, flags); + spin_unlock_irqrestore(get_ccwdev_lock(base->cdev), flags); return 0; }

4 months, 3 weeks

4
5
0 0

Linux 5.4.x DLM Regression

by Marc Smith

Hi, I noticed there appears to be a regression in DLM (fs/dlm/) when moving from Linux 5.4.229 to 5.4.288; I get a kernel panic when using dlm_ls_lockx() (DLM user) with a timeout >0, and the panic occurs when the timeout is reached (eg, attempting to take a lock on a resource that is already locked); the host where the timeout occurs is the one that panics: ... [ 187.976007] DLM: Assertion failed on line 1239 of file fs/dlm/lock.c DLM: assertion: "!lkb->lkb_status" DLM: time = 4294853632 [ 187.976009] lkb: nodeid 2 id 1 remid 2 exflags 40000 flags 800001 sts 1 rq 5 gr -1 wait_type 4 wait_nodeid 2 seq 0 [ 187.976009] [ 187.976010] Kernel panic - not syncing: DLM: Record message above and reboot. [ 187.976099] CPU: 9 PID: 7409 Comm: dlm_scand Kdump: loaded Tainted: P OE 5.4.288-esos.prod #1 [ 187.976195] Hardware name: Quantum H2012/H12SSW-NT, BIOS T20201009143356 10/09/2020 [ 187.976282] Call Trace: [ 187.976356] dump_stack+0x50/0x63 [ 187.976429] panic+0x10c/0x2e3 [ 187.976501] kill_lkb+0x51/0x52 [ 187.976570] kref_put+0x16/0x2f [ 187.976638] __put_lkb+0x2f/0x95 [ 187.976707] dlm_scan_timeout+0x18b/0x19c [ 187.976779] ? dlm_uevent+0x19/0x19 [ 187.976848] dlm_scand+0x94/0xd1 [ 187.976920] kthread+0xe4/0xe9 [ 187.976988] ? kthread_flush_worker+0x70/0x70 [ 187.977062] ret_from_fork+0x35/0x40 ... I examined the commits for fs/dlm/ between 5.4.229 and 5.4.288 and this is the offender: dlm: replace usage of found with dedicated list iterator variable [ Upstream commit dc1acd5c94699389a9ed023e94dd860c846ea1f6 ] Specifically, the change highlighted below in this hunk for dlm_scan_timeout() in fs/dlm/lock.c: @@ -1867,27 +1867,28 @@ void dlm_scan_timeout(struct dlm_ls *ls) do_cancel = 0; do_warn = 0; mutex_lock(&ls->ls_timeout_mutex); - list_for_each_entry(lkb, &ls->ls_timeout, lkb_time_list) { + list_for_each_entry(iter, &ls->ls_timeout, lkb_time_list) { wait_us = ktime_to_us(ktime_sub(ktime_get(), - lkb->lkb_timestamp)); + iter->lkb_timestamp)); - if ((lkb->lkb_exflags & DLM_LKF_TIMEOUT) && - wait_us >= (lkb->lkb_timeout_cs * 10000)) + if ((iter->lkb_exflags & DLM_LKF_TIMEOUT) && + wait_us >= (iter->lkb_timeout_cs * 10000)) do_cancel = 1; - if ((lkb->lkb_flags & DLM_IFL_WATCH_TIMEWARN) && + if ((iter->lkb_flags & DLM_IFL_WATCH_TIMEWARN) && wait_us >= dlm_config.ci_timewarn_cs * 10000) do_warn = 1; if (!do_cancel && !do_warn) continue; - hold_lkb(lkb); + hold_lkb(iter); + lkb = iter; break; } mutex_unlock(&ls->ls_timeout_mutex); - if (!do_cancel && !do_warn) + if (!lkb) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ break; r = lkb->lkb_resource; Reverting this single line change resolves the kernel panic: $ diff -Naur fs/dlm/lock.c{.orig,} --- fs/dlm/lock.c.orig 2024-12-19 12:05:05.000000000 -0500 +++ fs/dlm/lock.c 2025-02-16 21:21:42.544181390 -0500 @@ -1888,7 +1888,7 @@ } mutex_unlock(&ls->ls_timeout_mutex); - if (!lkb) + if (!do_cancel && !do_warn) break; r = lkb->lkb_resource; It appears this same "dlm: replace usage of found with dedicated list iterator variable" commit was pulled into other stable branches as well, and I don't see any fix in the latest 5.4.x patch release (5.4.290). --Marc

4 months, 3 weeks

3
3
0 0

[PATCH 6.6 000/389] 6.6.76-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.6.76 release. There are 389 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 08 Feb 2025 15:51:12 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.76-rc2… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.6.76-rc2 Tiezhu Yang <yangtiezhu(a)loongson.cn> LoongArch: Change 8 to 14 for LOONGARCH_MAX_{BRP,WRP} Nathan Chancellor <nathan(a)kernel.org> s390: Add '-std=gnu11' to decompressor and purgatory CFLAGS Qu Wenruo <wqu(a)suse.com> btrfs: output the reason for open_ctree() failure Dan Carpenter <dan.carpenter(a)linaro.org> media: imx-jpeg: Fix potential error pointer dereference in detach_pm() Laurentiu Palcu <laurentiu.palcu(a)oss.nxp.com> staging: media: max96712: fix kernel oops when removing module Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: gadget: f_tcm: Don't free command immediately Calvin Owens <calvin(a)wbinvd.org> pps: Fix a use-after-free Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> media: uvcvideo: Fix double free in error path Arnaud Pouliquen <arnaud.pouliquen(a)foss.st.com> remoteproc: core: Fix ida_free call while not allocated Paolo Abeni <pabeni(a)redhat.com> mptcp: handle fastopen disconnect correctly Paolo Abeni <pabeni(a)redhat.com> mptcp: consolidate suboption status Kyle Tso <kyletso(a)google.com> usb: typec: tcpci: Prevent Sink disconnection before vPpsShutdown in SPR PPS Jos Wang <joswang(a)lenovo.com> usb: typec: tcpm: set SRC_SEND_CAPABILITIES timeout to PD_T_SENDER_RESPONSE Kyle Tso <kyletso(a)google.com> usb: dwc3: core: Defer the probe until USB power supply ready Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> usb: dwc3-am62: Fix an OF node leak in phy_syscon_pll_refclk() Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: gadget: f_tcm: Fix Get/SetInterface return value Sean Rhodes <sean(a)starlabs.systems> drivers/card_reader/rtsx_usb: Restore interrupt based detection Michal Pecio <michal.pecio(a)gmail.com> usb: xhci: Fix NULL pointer dereference on certain command aborts Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> net: usb: rtl8150: enable basic endpoint checking Lianqin Hu <hulianqin(a)vivo.com> ALSA: usb-audio: Add delay quirk for iBasso DC07 Pro Ricardo B. Marliere <rbm(a)suse.com> ktest.pl: Check kernelrelease return in get_version Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> selftests/rseq: Fix handling of glibc without rseq support Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: reject mismatching sum of field_len with set key length Parth Pancholi <parth.pancholi(a)toradex.com> kbuild: switch from lz4c to lz4 for compression Chuck Lever <chuck.lever(a)oracle.com> Revert "SUNRPC: Reduce thread wake-up rate when receiving large RPC messages" Chuck Lever <chuck.lever(a)oracle.com> NFSD: Reset cb_seq_status after NFS4ERR_DELAY Daniel Lee <chullee(a)google.com> f2fs: Introduce linear search for dentries Lin Yujun <linyujun809(a)huawei.com> hexagon: Fix unbalanced spinlock in die() Willem de Bruijn <willemb(a)google.com> hexagon: fix using plain integer as NULL pointer warning in cmpxchg Masahiro Yamada <masahiroy(a)kernel.org> kconfig: fix memory leak in sym_warn_unmet_dep() Sergey Senozhatsky <senozhatsky(a)chromium.org> kconfig: WERROR unmet symbol dependency Masahiro Yamada <masahiroy(a)kernel.org> kconfig: deduplicate code in conf_read_simple() Masahiro Yamada <masahiroy(a)kernel.org> kconfig: remove unused code for S_DEF_AUTO in conf_read_simple() Masahiro Yamada <masahiroy(a)kernel.org> kconfig: require a space after '#' for valid input Masahiro Yamada <masahiroy(a)kernel.org> kconfig: fix file name in warnings when loading KCONFIG_DEFCONFIG_LIST Pali Rohár <pali(a)kernel.org> cifs: Fix getting and setting SACLs over SMB1 Pali Rohár <pali(a)kernel.org> cifs: Validate EAs for WSL reparse points Jens Axboe <axboe(a)kernel.dk> io_uring/uring_cmd: use cached cmd_op in io_uring_cmd_sock() Detlev Casanova <detlev.casanova(a)collabora.com> ASoC: rockchip: i2s_tdm: Re-add the set_sysclk callback Palmer Dabbelt <palmer(a)rivosinc.com> RISC-V: Mark riscv_v_init() as __init Hongbo Li <lihongbo22(a)huawei.com> hostfs: fix the host directory parse when mounting. Nathan Chancellor <nathan(a)kernel.org> hostfs: Add const qualifier to host_root in hostfs_fill_super() Al Viro <viro(a)zeniv.linux.org.uk> hostfs: fix string handling in __dentry_name() Hongbo Li <lihongbo22(a)huawei.com> hostfs: convert hostfs to use the new mount API Masahiro Yamada <masahiroy(a)kernel.org> genksyms: fix memory leak when the same symbol is read from *.symref file Masahiro Yamada <masahiroy(a)kernel.org> genksyms: fix memory leak when the same symbol is added from source Eric Dumazet <edumazet(a)google.com> net: hsr: fix fill_frame_info() regression vs VLAN packets Kory Maincent <kory.maincent(a)bootlin.com> net: sh_eth: Fix missing rtnl lock in suspend/resume path Toke Høiland-Jørgensen <toke(a)redhat.com> net: xdp: Disallow attaching device-bound programs in generic mode Jon Maloy <jmaloy(a)redhat.com> tcp: correct handling of extreme memory squeeze Rafał Miłecki <rafal(a)milecki.pl> bgmac: reduce max frame size to support just MTU 1500 Michal Luczaj <mhal(a)rbox.co> vsock: Allow retrying on connect() failure Neeraj Sanjay Kale <neeraj.sanjaykale(a)nxp.com> Bluetooth: btnxpuart: Fix glitches seen in dual A2DP streaming Howard Chu <howardchu95(a)gmail.com> perf trace: Fix runtime error of index out of bounds Kunihiko Hayashi <hayashi.kunihiko(a)socionext.com> net: stmmac: Limit FIFO size by hardware capability Kunihiko Hayashi <hayashi.kunihiko(a)socionext.com> net: stmmac: Limit the number of MTL queues to hardware capability Thomas Weißschuh <linux(a)weissschuh.net> ptp: Properly handle compat ioctls Chenyuan Yang <chenyuan0y(a)gmail.com> net: davicom: fix UAF in dm9000_drv_remove Shigeru Yoshida <syoshida(a)redhat.com> vxlan: Fix uninit-value in vxlan_vnifilter_dump() Jakub Kicinski <kuba(a)kernel.org> net: netdevsim: try to close UDP port harness races Eric Dumazet <edumazet(a)google.com> net: rose: fix timer races against user threads Michal Swiatkowski <michal.swiatkowski(a)linux.intel.com> iavf: allow changing VLAN state without calling PF Wentao Liang <vulab(a)iscas.ac.cn> PM: hibernate: Add error handling for syscore_suspend() Eric Dumazet <edumazet(a)google.com> ipmr: do not call mr_mfc_uses_dev() for unres entries Dheeraj Reddy Jonnalagadda <dheeraj.linuxdev(a)gmail.com> net: fec: implement TSO descriptor cleanup Ahmad Fatoum <a.fatoum(a)pengutronix.de> gpio: mxc: remove dead code after switch to DT-only Jian Shen <shenjian15(a)huawei.com> net: hns3: fix oops when unload drivers paralleling Alexander Stein <alexander.stein(a)ew.tq-group.com> regulator: core: Add missing newline character pangliyuan <pangliyuan1(a)huawei.com> ubifs: skip dumping tnc tree when zroot is null Ming Wang <wangming01(a)loongson.cn> rtc: loongson: clear TOY_MATCH0_REG in loongson_rtc_isr() Oleksij Rempel <o.rempel(a)pengutronix.de> rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read Alexandre Cassen <acassen(a)corp.free.fr> xfrm: delete intermediate secpath entry in packet offload mode Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> dmaengine: ti: edma: fix OF node reference leaks in edma_driver Jianbo Liu <jianbol(a)nvidia.com> xfrm: replay: Fix the update of replay_esn->oseq_hi for GSO Luo Yifan <luoyifan(a)cmss.chinamobile.com> tools/bootconfig: Fix the wrong format specifier Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Fix warnings during S3 suspend Olga Kornievskaia <okorniev(a)redhat.com> NFSv4.2: mark OFFLOAD_CANCEL MOVEABLE Olga Kornievskaia <okorniev(a)redhat.com> NFSv4.2: fix COPY_NOTIFY xdr buf size calculation John Ogness <john.ogness(a)linutronix.de> serial: 8250: Adjust the timeout for FIFO mode Zijun Hu <quic_zijuhu(a)quicinc.com> driver core: class: Fix wild pointer dereferences in API class_dev_iter_next() Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> module: Extend the preempt disabled section in dereference_symbol_descriptor(). Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: protect access to buffers with no active references Matthew Wilcox (Oracle) <willy(a)infradead.org> nilfs2: convert nilfs_lookup_dirty_data_buffers to use folio_create_empty_buffers Matthew Wilcox (Oracle) <willy(a)infradead.org> buffer: make folio_create_empty_buffers() return a buffer_head Su Yue <glass.su(a)suse.com> ocfs2: mark dquot as inactive if failed to start trans while releasing dquot Guixin Liu <kanie(a)linux.alibaba.com> scsi: ufs: bsg: Delete bsg_dev when setting up bsg fails Paul Menzel <pmenzel(a)molgen.mpg.de> scsi: mpt3sas: Set ioc->manu_pg11.EEDPTagMode directly to 1 Manivannan Sadhasivam <mani(a)kernel.org> PCI: endpoint: pci-epf-test: Fix check for DMA MEMCPY test Mohamed Khalfella <khalfella(a)gmail.com> PCI: endpoint: pci-epf-test: Set dma_chan_rx pointer to NULL on error Richard Zhu <hongxing.zhu(a)nxp.com> PCI: imx6: Skip controller_id generation logic for i.MX7D Frank Li <Frank.Li(a)nxp.com> PCI: imx6: Simplify clock handling by using clk_bulk*() function King Dix <kingdix10(a)qq.com> PCI: rcar-ep: Fix incorrect variable used when calling devm_request_mem_region() Desnes Nunes <desnesn(a)redhat.com> media: dvb-usb-v2: af9035: fix ISO C90 compilation error on af9035_i2c_master_xfer Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> staging: media: imx: fix OF node leak in imx_media_add_of_subdevs() Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> watchdog: rti_wdt: Fix an OF node leak in rti_wdt_probe() Laurentiu Palcu <laurentiu.palcu(a)oss.nxp.com> media: nxp: imx8-isi: fix v4l2-compliance test errors Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> mtd: hyperbus: hbmc-am654: fix an OF node reference leak Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> mtd: hyperbus: hbmc-am654: Convert to platform remove callback returning void david regan <dregan(a)broadcom.com> mtd: rawnand: brcmnand: fix status read of brcmnand_waitfunc Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Propagate buf->error to userspace Jiasheng Jiang <jiashengjiangcool(a)gmail.com> media: camif-core: Add check for clk_enable() Jiasheng Jiang <jiashengjiangcool(a)gmail.com> media: mipi-csis: Add check for clk_enable() Dave Stevenson <dave.stevenson(a)raspberrypi.com> media: i2c: ov9282: Correct the exposure offset Luca Weiss <luca.weiss(a)fairphone.com> media: i2c: imx412: Add missing newline to prints Dave Stevenson <dave.stevenson(a)raspberrypi.com> media: i2c: imx290: Register 0x3011 varies between imx327 and imx290 Jiasheng Jiang <jiashengjiangcool(a)gmail.com> media: marvell: Add check for clk_enable() Zijun Hu <quic_zijuhu(a)quicinc.com> PCI: endpoint: Destroy the EPC device in devm_pci_epc_destroy() Chen Ni <nichen(a)iscas.ac.cn> media: lmedm04: Handle errors for lme2510_int_read Oliver Neukum <oneukum(a)suse.com> media: rc: iguanair: handle timeouts Mark Brown <broonie(a)kernel.org> spi: omap2-mcspi: Correctly handle devm_clk_get_optional() errors Qasim Ijaz <qasdev00(a)gmail.com> iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index() Zhu Yanjun <yanjun.zhu(a)linux.dev> RDMA/rxe: Fix the warning "__rxe_cleanup+0x12c/0x170 [rdma_rxe]" Randy Dunlap <rdunlap(a)infradead.org> efi: sysfb_efi: fix W=1 warnings when EFI is not set Zijun Hu <quic_zijuhu(a)quicinc.com> of: reserved-memory: Do not make kmemleak ignore freed address Michael Guralnik <michaelgur(a)nvidia.com> RDMA/mlx5: Fix indirect mkey ODP page count Pei Xiao <xiaopei01(a)kylinos.cn> i3c: dw: Fix use-after-free in dw_i3c_master driver due to race condition Billy Tsai <billy_tsai(a)aspeedtech.com> i3c: dw: Add hot-join support. Akhil R <akhilrajeev(a)nvidia.com> arm64: tegra: Fix DMA ID for SPI2 Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> fbdev: omapfb: Fix an OF node leak in dss_of_port_get_parent_device() Rafał Miłecki <rafal(a)milecki.pl> ARM: dts: mediatek: mt7623: fix IR nodename Vladimir Zapolskiy <vladimir.zapolskiy(a)linaro.org> arm64: dts: qcom: sm8250: Fix interrupt types of camss interrupts Vladimir Zapolskiy <vladimir.zapolskiy(a)linaro.org> arm64: dts: qcom: sdm845: Fix interrupt types of camss interrupts Val Packett <val(a)packett.cool> arm64: dts: mediatek: add per-SoC compatibles for keypad nodes Jason-JH.Lin <jason-jh.lin(a)mediatek.com> dts: arm64: mediatek: mt8195: Remove MT8183 compatible for OVL Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com> arm64: dts: qcom: sc8280xp: Fix up remoteproc register space sizes Neil Armstrong <neil.armstrong(a)linaro.org> arm64: dts: qcom: sm8150-microsoft-surface-duo: fix typos in da7280 properties Neil Armstrong <neil.armstrong(a)linaro.org> arm64: dts: qcom: sc7180: fix psci power domain node names Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sc7180: change labels to lower-case David Wronek <davidwronek(a)gmail.com> arm64: dts: qcom: Add SM7125 device tree Neil Armstrong <neil.armstrong(a)linaro.org> arm64: dts: qcom: sc7180-trogdor-pompom: rename 5v-choke thermal zone Konrad Dybcio <konrad.dybcio(a)linaro.org> arm64: dts: qcom: sc7180-*: Remove thermal zone polling delays Neil Armstrong <neil.armstrong(a)linaro.org> arm64: dts: qcom: sc7180-trogdor-quackingstick: add missing avee-supply Neil Armstrong <neil.armstrong(a)linaro.org> arm64: dts: qcom: sdm845-db845c-navigation-mezzanine: remove disabled ov7251 camera Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> arm64: dts: qcom: sdm845-db845c-navigation-mezzanine: Convert mezzanine riser to dtso Aaro Koskinen <aaro.koskinen(a)iki.fi> ARM: omap1: Fix up the Retu IRQ on Nokia 770 Kalesh AP <kalesh-anakkur.purayil(a)broadcom.com> RDMA/bnxt_re: Fix to drop reference to the mmap entry in case of error Vasily Khoruzhick <anarsoul(a)gmail.com> arm64: dts: allwinner: a64: explicitly assign clock parent for TCON0 Bryan Brattlof <bb(a)ti.com> arm64: dts: ti: k3-am62a: Remove duplicate GICR reg Bryan Brattlof <bb(a)ti.com> arm64: dts: ti: k3-am62: Remove duplicate GICR reg Cristian Birsan <cristian.birsan(a)microchip.com> ARM: dts: microchip: sama5d27_wlsom1_ek: Add no-1-8-v property to sdmmc0 node Mihai Sain <mihai.sain(a)microchip.com> ARM: dts: microchip: sama5d27_wlsom1_ek: Remove mmc-ddr-3_3v property from sdmmc0 node Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sm8450: correct sleep clock frequency Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sm8350: correct sleep clock frequency Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sm8250: correct sleep clock frequency Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sm6375: correct sleep clock frequency Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sm6125: correct sleep clock frequency Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sm4450: correct sleep clock frequency Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sdx75: correct sleep clock frequency Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sc7280: correct sleep clock frequency Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: qrb4210-rb2: correct sleep clock frequency Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: q[dr]u1000: correct sleep clock frequency Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: qcs404: correct sleep clock frequency Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: msm8994: correct sleep clock frequency Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: msm8939: correct sleep clock frequency Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: msm8916: correct sleep clock frequency Luca Weiss <luca.weiss(a)fairphone.com> arm64: dts: qcom: sm7225-fairphone-fp4: Drop extra qcom,msm-id value Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com> arm64: dts: qcom: msm8994: Describe USB interrupts Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com> arm64: dts: qcom: msm8996: Fix up USB3 interrupts Taniya Das <quic_tdas(a)quicinc.com> arm64: dts: qcom: sa8775p: Update sleep_clk frequency Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> arm64: dts: qcom: move common parts for sa8775p-ride variants into a .dtsi Shazad Hussain <quic_shazhuss(a)quicinc.com> arm64: dts: qcom: sa8775p-ride: enable pmm8654au_0_pon_resin Andrew Halaney <ahalaney(a)redhat.com> arm64: dts: qcom: sa8775p-ride: Describe sgmii_phy1 irq Andrew Halaney <ahalaney(a)redhat.com> arm64: dts: qcom: sa8775p-ride: Describe sgmii_phy0 irq Marek Vasut <marex(a)denx.de> arm64: dts: qcom: msm8996-xiaomi-gemini: Fix LP5562 LED1 reg property Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8183-kukui-jacuzzi: Drop pp3300_panel voltage settings Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> memory: tegra20-emc: fix an OF node reference bug in tegra_emc_find_node_by_ram_code() Marek Vasut <marex(a)denx.de> ARM: dts: stm32: Swap USART3 and UART8 alias on STM32MP15xx DHCOM SoM Marek Vasut <marex(a)denx.de> ARM: dts: stm32: Deduplicate serial aliases and chosen node for STM32MP15xx DHCOM SoM Nícolas F. R. A. Prado <nfraprado(a)collabora.com> arm64: dts: mediatek: mt8195: Remove suspend-breaking reset from pcie1 Ma Ke <make_ruc2021(a)163.com> RDMA/srp: Fix error handling in srp_add_port Hsin-Te Yuan <yuanhsinte(a)chromium.org> arm64: dts: mediatek: mt8183: willow: Support second source touchscreen Hsin-Te Yuan <yuanhsinte(a)chromium.org> arm64: dts: mediatek: mt8183: kenzo: Support second source touchscreen zhenwei pi <pizhenwei(a)bytedance.com> RDMA/rxe: Fix mismatched max_msg_sz Li Zhijian <lizhijian(a)fujitsu.com> RDMA/rxe: Improve newline in printing messages Mamta Shukla <mamta.shukla(a)leica-geosystems.com> arm: dts: socfpga: use reset-name "stmmaceth-ocp" instead of "ahb" Ricky CX Wu <ricky.cx.wu.wiwynn(a)gmail.com> ARM: dts: aspeed: yosemite4: correct the compatible string for max31790 Ricky CX Wu <ricky.cx.wu.wiwynn(a)gmail.com> ARM: dts: aspeed: yosemite4: Add required properties for IOE on fan boards Ricky CX Wu <ricky.cx.wu.wiwynn(a)gmail.com> ARM: dts: aspeed: yosemite4: correct the compatible string of adm1272 Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8173-evb: Fix MT6397 PMIC sub-node names Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8173-elm: Fix MT6397 PMIC sub-node names Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8195-demo: Drop regulator-compatible property Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8195-cherry: Drop regulator-compatible property Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8192-asurada: Drop regulator-compatible property Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8173-elm: Drop regulator-compatible property Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8173-evb: Drop regulator-compatible property Dan Carpenter <dan.carpenter(a)linaro.org> rdma/cxgb4: Prevent potential integer overflow on 32bit Leon Romanovsky <leon(a)kernel.org> RDMA/mlx4: Avoid false error about access to uninitialized gids array Arnaud Pouliquen <arnaud.pouliquen(a)foss.st.com> ARM: dts: stm32: Fix IPCC EXTI declaration on stm32mp151 Val Packett <val(a)packett.cool> arm64: dts: mediatek: mt8516: reserve 192 KiB for TF-A Val Packett <val(a)packett.cool> arm64: dts: mediatek: mt8516: add i2c clock-div property Val Packett <val(a)packett.cool> arm64: dts: mediatek: mt8516: fix wdt irq type Val Packett <val(a)packett.cool> arm64: dts: mediatek: mt8516: fix GICv2 range Hsin-Yi Wang <hsinyi(a)chromium.org> arm64: dts: mt8183: set DMIC one-wire mode on Damu Nícolas F. R. A. Prado <nfraprado(a)collabora.com> arm64: dts: mediatek: mt8186: Move wakeup to MTU3 to get working suspend Nicolas Ferre <nicolas.ferre(a)microchip.com> ARM: at91: pm: change BU Power Switch to automatic mode Javier Carrasco <javier.carrasco.cruz(a)gmail.com> soc: atmel: fix device_node release in atmel_soc_device_init() Pali Rohár <pali(a)kernel.org> cifs: Use cifs_autodisable_serverino() for disabling CIFS_MOUNT_SERVER_INUM in readdir.c Paulo Alcantara <pc(a)manguebit.com> smb: client: fix oops due to unset link speed Chen Ridong <chenridong(a)huawei.com> padata: avoid UAF for reorder_work Chen Ridong <chenridong(a)huawei.com> padata: add pd get/put refcnt helper Chen Ridong <chenridong(a)huawei.com> padata: fix UAF in padata_reorder Chun-Tse Shao <ctshao(a)google.com> perf lock: Fix parse_lock_type which only retrieve one lock flag Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek - Fixed headphone distorted sound on Acer Aspire A115-31 laptop Daniel Xu <dxu(a)dxuuu.xyz> bpf: tcp: Mark bpf_load_hdr_opt() arg2 as read-write Puranjay Mohan <puranjay(a)kernel.org> bpf: Send signals asynchronously if !preemptible Maciej S. Szmigiero <mail(a)maciej.szmigiero.name> pinctrl: amd: Take suspend type into consideration which pins are non-wake Mingwei Zheng <zmw12306(a)gmail.com> pinctrl: stm32: Add check for clk_enable() Jiachen Zhang <me(a)jcix.top> perf report: Fix misleading help message about --demangle Cezary Rojewski <cezary.rojewski(a)intel.com> ASoC: Intel: avs: Fix theoretical infinite loop Cezary Rojewski <cezary.rojewski(a)intel.com> ASoC: Intel: avs: Do not readq() u32 registers Cezary Rojewski <cezary.rojewski(a)intel.com> ASoC: Intel: avs: Abstract IPC handling Cezary Rojewski <cezary.rojewski(a)intel.com> ASoC: Intel: avs: Prefix SKL/APL-specific members Arnaldo Carvalho de Melo <acme(a)redhat.com> perf namespaces: Fixup the nsinfo__in_pidns() return type, its bool Arnaldo Carvalho de Melo <acme(a)redhat.com> perf namespaces: Introduce nsinfo__set_in_pidns() Christophe Leroy <christophe.leroy(a)csgroup.eu> perf machine: Don't ignore _etext when not a text symbol Arnaldo Carvalho de Melo <acme(a)redhat.com> perf top: Don't complain about lack of vmlinux when not resolving some kernel samples Thomas Weißschuh <linux(a)weissschuh.net> padata: fix sysfs store callback check Takashi Iwai <tiwai(a)suse.de> ALSA: seq: Make dependency on UMP clearer Masahiro Yamada <masahiroy(a)kernel.org> ALSA: seq: remove redundant 'tristate' for SND_SEQ_UMP_CLIENT Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> crypto: ixp4xx - fix OF node reference leaks in init_ixp_crypto() Wenkai Lin <linwenkai6(a)hisilicon.com> crypto: hisilicon/sec2 - fix for aead invalid authsize Wenkai Lin <linwenkai6(a)hisilicon.com> crypto: hisilicon/sec2 - fix for aead icv error Chenghai Huang <huangchenghai2(a)huawei.com> crypto: hisilicon/sec2 - optimize the error return process Martin KaFai Lau <martin.lau(a)kernel.org> bpf: bpf_local_storage: Always use bpf_mem_alloc in PREEMPT_RT Ba Jing <bajing(a)cmss.chinamobile.com> ktest.pl: Remove unused declarations in run_bisect_test function Levi Yun <yeoreum.yun(a)arm.com> perf expr: Initialize is_test value in expr__ctx_new() Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> ASoC: renesas: rz-ssi: Use only the proper amount of dividers Zhongqiu Han <quic_zhonhan(a)quicinc.com> perf bpf: Fix two memory leakages when calling perf_env__insert_bpf_prog_info() Zhongqiu Han <quic_zhonhan(a)quicinc.com> perf header: Fix one memory leakage in process_bpf_prog_info() Zhongqiu Han <quic_zhonhan(a)quicinc.com> perf header: Fix one memory leakage in process_bpf_btf() Gaurav Jain <gaurav.jain(a)nxp.com> crypto: caam - use JobR's space to access page 0 regs Herbert Xu <herbert(a)gondor.apana.org.au> crypto: api - Fix boot-up self-test race Saket Kumar Bhaskar <skb99(a)linux.ibm.com> selftests/bpf: Fix fill_link_info selftest on powerpc George Lander <lander(a)jagmn.com> ASoC: sun4i-spdif: Add clock multiplier settings Quentin Monnet <qmo(a)kernel.org> libbpf: Fix segfault due to libelf functions not setting errno Marco Leogrande <leogrande(a)google.com> tools/testing/selftests/bpf/test_tc_tunnel.sh: Fix wait for server bind Andrii Nakryiko <andrii(a)kernel.org> libbpf: don't adjust USDT semaphore address if .stapsdt.base addr is missing Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> net/rose: prevent integer overflows in rose_setsockopt() Mahdi Arghavani <ma.arghavani(a)yahoo.com> tcp_cubic: fix incorrect HyStart round start detection Roger Quadros <rogerq(a)kernel.org> net: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns() Florian Westphal <fw(a)strlen.de> netfilter: nft_flow_offload: update tcp state flags under lock Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: fix set size with rbtree backend Florian Westphal <fw(a)strlen.de> netfilter: nft_set_rbtree: prefer sync gc to async worker Florian Westphal <fw(a)strlen.de> netfilter: nft_set_rbtree: rename gc deactivate+erase function Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: de-constify set commit ops function argument Jamal Hadi Salim <jhs(a)mojatatu.com> net: sched: Disallow replacing of child qdisc from one parent to another Antoine Tenart <atenart(a)kernel.org> net: avoid race between device unregistration and ethnl ops Shinas Rasheed <srasheed(a)marvell.com> octeon_ep: remove firmware stats fetch in ndo_get_stats64 Maher Sanalla <msanalla(a)nvidia.com> net/mlxfw: Drop hard coded max FW flash image size Liu Jian <liujian56(a)huawei.com> net: let net.core.dev_weight always be non-zero Mickaël Salaün <mic(a)digikod.net> selftests/landlock: Fix error message Mingwei Zheng <zmw12306(a)gmail.com> pwm: stm32: Add check for clk_enable() Bo Gan <ganboing(a)gmail.com> clk: analogbits: Fix incorrect calculation of vco rate delta Eric Dumazet <edumazet(a)google.com> inet: ipmr: fix data-races Dmitry Antipov <dmantipov(a)yandex.ru> wifi: cfg80211: adjust allocation of colocated AP data Ilan Peer <ilan.peer(a)intel.com> wifi: cfg80211: Handle specific BSSID in 6GHz scanning Dmitry V. Levin <ldv(a)strace.io> selftests: harness: fix printing of mismatch values in __EXPECT() Geert Uytterhoeven <geert+renesas(a)glider.be> selftests: timers: clocksource-switch: Adapt progress to kselftest framework Gautham R. Shenoy <gautham.shenoy(a)amd.com> cpufreq: ACPI: Fix max-frequency computation Peter Chiu <chui-hao.chiu(a)mediatek.com> wifi: mt76: mt7996: fix ldpc setting Benjamin Lin <benjamin-jw.lin(a)mediatek.com> wifi: mt76: mt7996: fix incorrect indexing of MIB FW event Howard Hsu <howard-yh.hsu(a)mediatek.com> wifi: mt76: mt7996: fix HE Phy capability Howard Hsu <howard-yh.hsu(a)mediatek.com> wifi: mt76: mt7996: fix the capability of reception of EHT MU PPDU Peter Chiu <chui-hao.chiu(a)mediatek.com> wifi: mt76: mt7996: add max mpdu len capability Peter Chiu <chui-hao.chiu(a)mediatek.com> wifi: mt76: mt7996: fix register mapping Peter Chiu <chui-hao.chiu(a)mediatek.com> wifi: mt76: mt7915: fix register mapping Felix Fietkau <nbd(a)nbd.name> wifi: mt76: mt7915: fix omac index assignment after hardware reset Felix Fietkau <nbd(a)nbd.name> wifi: mt76: mt7915: improve hardware restart reliability Felix Fietkau <nbd(a)nbd.name> wifi: mt76: connac: move mt7615_mcu_del_wtbl_all to connac Felix Fietkau <nbd(a)nbd.name> wifi: mt76: mt7915: firmware restart on devices with a second pcie link Felix Fietkau <nbd(a)nbd.name> wifi: mt76: mt7996: fix rx filter setting for bfee functionality xueqin Luo <luoxueqin(a)kylinos.cn> wifi: mt76: mt7915: fix overflows seen when writing limit attributes Michael Lo <michael.lo(a)mediatek.com> wifi: mt76: mt7921: fix using incorrect group cipher after disconnection. WangYuli <wangyuli(a)uniontech.com> wifi: mt76: mt76u_vendor_request: Do not print error messages when -EPROTO Mickaël Salaün <mic(a)digikod.net> landlock: Handle weird files Guangguan Wang <guangguan.wang(a)linux.alibaba.com> net/smc: fix data error when recvmsg with MSG_PEEK flag Sergio Paracuellos <sergio.paracuellos(a)gmail.com> clk: ralink: mtmips: remove duplicated 'xtal' clock for Ralink SoC RT3883 Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: don't flush non-uploaded STAs Ilan Peer <ilan.peer(a)intel.com> wifi: mac80211: Fix common size calculation for ML element Andy Strohman <andrew(a)andrewstrohman.com> wifi: mac80211: fix tid removal during mesh forwarding Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: prohibit deactivating all links Nicolas Cavallari <nicolas.cavallari(a)green-communications.fr> wifi: mt76: mt7915: Fix mesh scan on MT7916 DBDC Andreas Kemnade <andreas(a)kemnade.info> wifi: wlcore: fix unbalanced pm_runtime calls Zichen Xie <zichenxie0106(a)gmail.com> samples/landlock: Fix possible NULL dereference in parse_path() Rob Herring (Arm) <robh(a)kernel.org> mfd: syscon: Fix race in device_node_get_regmap() Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> mfd: syscon: Use scoped variables with memory allocators to simplify error paths Peter Griffin <peter.griffin(a)linaro.org> mfd: syscon: Add of_syscon_register_regmap() API Peter Griffin <peter.griffin(a)linaro.org> mfd: syscon: Remove extern from function prototypes Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> leds: cht-wcove: Use devm_led_classdev_register() to avoid memory leak Terry Tritton <terry.tritton(a)linaro.org> HID: fix generic desktop D-Pad controls Karol Przybylski <karprzy7(a)gmail.com> HID: hid-thrustmaster: Fix warning in thrustmaster_probe by adding endpoint check Amit Pundir <amit.pundir(a)linaro.org> clk: qcom: gcc-sdm845: Do not use shared clk_ops for QUPs Sathishkumar Muruganandam <quic_murugana(a)quicinc.com> wifi: ath12k: fix tx power, max reg power update to firmware Quan Nguyen <quan(a)os.amperecomputing.com> ipmi: ssif_bmc: Fix new request loss when bmc ready for a response Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> OPP: OF: Fix an OF node leak in _opp_add_static_v2() Eric Dumazet <edumazet(a)google.com> ax25: rcu protect dev->ax25_ptr Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> regulator: of: Implement the unwind path of of_regulator_match() Vasily Khoruzhick <anarsoul(a)gmail.com> clk: sunxi-ng: a64: stop force-selecting PLL-MIPI as TCON0 parent Vasily Khoruzhick <anarsoul(a)gmail.com> clk: sunxi-ng: a64: drop redundant CLK_PLL_VIDEO0_2X and CLK_PLL_MIPI Vasily Khoruzhick <anarsoul(a)gmail.com> dt-bindings: clock: sunxi: Export PLL_VIDEO_2X and PLL_MIPI Octavian Purdila <tavip(a)google.com> team: prevent adding a device which is already a team device lower Marek Vasut <marex(a)denx.de> clk: imx8mp: Fix clkout1/2 support Manivannan Sadhasivam <mani(a)kernel.org> cpufreq: qcom: Implement clk_ops::determine_rate() for qcom_cpufreq* clocks Manivannan Sadhasivam <mani(a)kernel.org> cpufreq: qcom: Fix qcom_cpufreq_hw_recalc_rate() to query LUT if LMh IRQ is not available Luca Ceresoli <luca.ceresoli(a)bootlin.com> gpio: pca953x: log an error when failing to get the reset GPIO Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpio: pca953x: Fully convert to device managed resources Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpio: pca953x: Drop unused fields in struct pca953x_platform_data Sultan Alsawaf (unemployed) <sultan(a)kerneltoast.com> cpufreq: schedutil: Fix superfluous updates caused by need_freq_update Mingwei Zheng <zmw12306(a)gmail.com> pwm: stm32-lp: Add check for clk_enable() Eric Dumazet <edumazet(a)google.com> inetpeer: do not get a refcount in inet_getpeer() Eric Dumazet <edumazet(a)google.com> inetpeer: update inetpeer timestamp in inet_getpeer() Eric Dumazet <edumazet(a)google.com> inetpeer: remove create argument of inet_getpeer() Eric Dumazet <edumazet(a)google.com> inetpeer: remove create argument of inet_getpeer_v[46]() Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> leds: netxbig: Fix an OF node reference leak in netxbig_leds_get_of_pdata() Matti Vaittinen <mazziesaccount(a)gmail.com> dt-bindings: mfd: bd71815: Fix rsense and typos He Rongguang <herongguang(a)linux.alibaba.com> cpupower: fix TSC MHz calculation Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> ACPI: fan: cleanup resources in the error path of .probe() Marcel Hamer <marcel.hamer(a)windriver.com> wifi: brcmfmac: add missing header include for brcmf_dbg Chen-Yu Tsai <wenst(a)chromium.org> regulator: dt-bindings: mt6315: Drop regulator-compatible property Jiri Kosina <jkosina(a)suse.com> HID: multitouch: fix support for Goodix PID 0x01e9 Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> wifi: rtlwifi: pci: wait for firmware loading before releasing memory Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> wifi: rtlwifi: fix memory leaks and invalid access at probe error path Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> wifi: rtlwifi: destroy workqueue at rtl_deinit_core Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> wifi: rtlwifi: remove unused check_buddy_priv Geert Uytterhoeven <geert+renesas(a)glider.be> dt-bindings: leds: class-multicolor: Fix path to color definitions Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> clk: fix an OF node reference leak in of_clk_get_parent_name() Luca Ceresoli <luca.ceresoli(a)bootlin.com> of: remove internal arguments from of_property_for_each_u32() Alvin Šipraga <alsi(a)bang-olufsen.dk> clk: si5351: allow PLLs to be adjusted without reset Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: sc16is7xx: use device_property APIs when configuring irda mode Neil Armstrong <neil.armstrong(a)linaro.org> dt-bindings: mmc: controller: clarify the address-cells description David Howells <dhowells(a)redhat.com> rxrpc: Fix handling of received connection abort Mingwei Zheng <zmw12306(a)gmail.com> spi: zynq-qspi: Add check for clk_enable() Octavian Purdila <tavip(a)google.com> net_sched: sch_sfq: don't allow 1 packet limit Eric Dumazet <edumazet(a)google.com> net_sched: sch_sfq: handle bigger packets Eric Dumazet <edumazet(a)google.com> net_sched: sch_sfq: annotate data-races around q->perturb_period Barnabás Czémán <barnabas.czeman(a)mainlining.org> wifi: wcn36xx: fix channel survey memory allocation size Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> wifi: rtlwifi: usb: fix workqueue leak when probe fails Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> wifi: rtlwifi: fix init_sw_vars leak when probe fails Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> wifi: rtlwifi: wait for firmware loading before releasing memory Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> wifi: rtlwifi: rtl8192se: rise completion of firmware loading as last step Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> wifi: rtlwifi: do not complete firmware loading needlessly Balaji Pothunoori <quic_bpothuno(a)quicinc.com> wifi: ath11k: Fix unexpected return buffer manager error for WCN6750/WCN6855 Charles Han <hanchunchao(a)inspur.com> ipmi: ipmb: Add check devm_kasprintf() returned value Thomas Gleixner <tglx(a)linutronix.de> genirq: Make handle_enforce_irqctx() unconditionally available Jiang Liu <gerry(a)linux.alibaba.com> drm/amdgpu: tear down ttm range manager for doorbell in amdgpu_ttm_fini() Hermes Wu <hermes.wu(a)ite.com.tw> drm/bridge: it6505: Change definition of AUX_FIFO_MAX_SIZE Sui Jingfeng <sui.jingfeng(a)linux.dev> drm/msm: Check return value of of_dma_configure() Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dpu: link DSPP_2/_3 blocks on SM8550 Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dpu: link DSPP_2/_3 blocks on SM8350 Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dpu: link DSPP_2/_3 blocks on SM8250 Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dpu: link DSPP_2/_3 blocks on SC8180X Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dpu: link DSPP_2/_3 blocks on SM8150 Neil Armstrong <neil.armstrong(a)linaro.org> OPP: fix dev_pm_opp_find_bw_*() when bandwidth table not initialized Neil Armstrong <neil.armstrong(a)linaro.org> OPP: add index check to assert to avoid buffer overflow in _read_freq() Bokun Zhang <bokun.zhang(a)amd.com> drm/amdgpu/vcn: reset fw_shared under SRIOV Min-Hua Chen <minhuadotchen(a)gmail.com> drm/rockchip: vop2: include rockchip_drm_drv.h Andy Yan <andy.yan(a)rock-chips.com> drm/rockchip: move output interface related definition to rockchip_drm_drv.h Andy Yan <andy.yan(a)rock-chips.com> drm/rockchip: vop2: Check linear format for Cluster windows on rk3566/8 Andy Yan <andy.yan(a)rock-chips.com> drm/rockchip: vop2: Fix the windows switch between different layers Andy Yan <andy.yan(a)rock-chips.com> drm/rockchip: vop2: set bg dly and prescan dly at vop2_post_config Andy Yan <andy.yan(a)rock-chips.com> drm/rockchip: vop2: Set YUV/RGB overlay mode Andy Yan <andy.yan(a)rock-chips.com> drm/rockchip: vop2: Fix the mixer alpha setup for layer 0 Andy Yan <andy.yan(a)rock-chips.com> drm/rockchip: vop2: Fix cluster windows alpha ctrl regsiters offset Ivan Stepchenko <sid(a)itb.spb.ru> drm/amdgpu: Fix potential NULL pointer dereference in atomctrl_get_smc_sclk_range_table Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> drm/amd/pm: Fix an error handling path in vega10_enable_se_edc_force_stall_config() Alan Stern <stern(a)rowland.harvard.edu> HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections Sui Jingfeng <sui.jingfeng(a)linux.dev> drm/etnaviv: Fix page property being used for non writecombine buffers Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dp: set safe_to_exit_level before printing it K Prateek Nayak <kprateek.nayak(a)amd.com> x86/topology: Use x86_sched_itmt_flags for PKG domain unconditionally Perry Yuan <perry.yuan(a)amd.com> x86/cpu: Enable SD_ASYM_PACKING for PKG domain on AMD Peter Zijlstra <peterz(a)infradead.org> sched/topology: Rename 'DIE' domain to 'PKG' Peter Zijlstra <peterz(a)infradead.org> sched/fair: Fix value reported by hot tasks pulled in /proc/schedstat Yabin Cui <yabinc(a)google.com> perf/core: Save raw sample data conditionally based on sample type David Howells <dhowells(a)redhat.com> afs: Fix the fallback handling for the YFS.RemoveFile2 RPC call Jens Axboe <axboe(a)kernel.dk> nvme: fix bogus kzalloc() return check in nvme_init_effects_log() Christophe Leroy <christophe.leroy(a)csgroup.eu> select: Fix unbalanced user_access_end() Randy Dunlap <rdunlap(a)infradead.org> partitions: ldm: remove the initial kernel-doc notation Keisuke Nishimura <keisuke.nishimura(a)inria.fr> nvme: Add error path for xa_store in nvme_init_effects Michael Ellerman <mpe(a)ellerman.id.au> selftests/powerpc: Fix argument order to timer_sub() Keisuke Nishimura <keisuke.nishimura(a)inria.fr> nvme: Add error check for xa_store in nvme_get_effects_log Eugen Hristev <eugen.hristev(a)linaro.org> pstore/blk: trivial typo fixes Yu Kuai <yukuai3(a)huawei.com> nbd: don't allow reconnect after disconnect Yang Erkun <yangerkun(a)huawei.com> block: retry call probe after request_module in blk_request_module Jinliang Zheng <alexjlzheng(a)gmail.com> fs: fix proc_handler for sysctl_nr_open David Howells <dhowells(a)redhat.com> afs: Fix cleanup of immediately failed async calls David Howells <dhowells(a)redhat.com> afs: Fix directory format encoding struct David Howells <dhowells(a)redhat.com> afs: Fix EEXIST error returned from afs_rmdir() to be ENOTEMPTY Alexander Aring <aahringo(a)redhat.com> dlm: fix srcu_read_lock() return type to int Sourabh Jain <sourabhjain(a)linux.ibm.com> powerpc/book3s64/hugetlb: Fix disabling hugetlb when fadump is active ------------- Diffstat: .../bindings/leds/leds-class-multicolor.yaml | 2 +- .../devicetree/bindings/mfd/rohm,bd71815-pmic.yaml | 20 +- .../devicetree/bindings/mmc/mmc-controller.yaml | 2 +- .../bindings/regulator/mt6315-regulator.yaml | 6 - Makefile | 6 +- .../dts/aspeed/aspeed-bmc-facebook-yosemite4.dts | 24 +- .../boot/dts/intel/socfpga/socfpga_arria10.dtsi | 6 +- arch/arm/boot/dts/mediatek/mt7623.dtsi | 2 +- .../boot/dts/microchip/at91-sama5d27_wlsom1_ek.dts | 2 +- arch/arm/boot/dts/st/stm32mp151.dtsi | 2 +- arch/arm/boot/dts/st/stm32mp15xx-dhcom-drc02.dtsi | 12 - arch/arm/boot/dts/st/stm32mp15xx-dhcom-pdk2.dtsi | 10 - .../arm/boot/dts/st/stm32mp15xx-dhcom-picoitx.dtsi | 10 - arch/arm/boot/dts/st/stm32mp15xx-dhcom-som.dtsi | 7 + arch/arm/mach-at91/pm.c | 31 +- arch/arm/mach-omap1/board-nokia770.c | 2 +- .../boot/dts/allwinner/sun50i-a64-pinebook.dts | 2 + .../boot/dts/allwinner/sun50i-a64-teres-i.dts | 2 + arch/arm64/boot/dts/allwinner/sun50i-a64.dtsi | 2 + arch/arm64/boot/dts/mediatek/mt8173-elm.dtsi | 29 +- arch/arm64/boot/dts/mediatek/mt8173-evb.dts | 25 +- .../dts/mediatek/mt8183-kukui-jacuzzi-damu.dts | 4 + .../dts/mediatek/mt8183-kukui-jacuzzi-kenzo.dts | 15 + .../dts/mediatek/mt8183-kukui-jacuzzi-willow.dtsi | 15 + .../boot/dts/mediatek/mt8183-kukui-jacuzzi.dtsi | 2 - arch/arm64/boot/dts/mediatek/mt8183.dtsi | 3 +- arch/arm64/boot/dts/mediatek/mt8186.dtsi | 8 +- arch/arm64/boot/dts/mediatek/mt8192-asurada.dtsi | 3 - arch/arm64/boot/dts/mediatek/mt8195-cherry.dtsi | 2 - arch/arm64/boot/dts/mediatek/mt8195-demo.dts | 9 - arch/arm64/boot/dts/mediatek/mt8195.dtsi | 5 +- arch/arm64/boot/dts/mediatek/mt8365.dtsi | 3 +- arch/arm64/boot/dts/mediatek/mt8516.dtsi | 11 +- arch/arm64/boot/dts/mediatek/pumpkin-common.dtsi | 2 - arch/arm64/boot/dts/nvidia/tegra234.dtsi | 2 +- arch/arm64/boot/dts/qcom/Makefile | 3 + arch/arm64/boot/dts/qcom/msm8916.dtsi | 2 +- arch/arm64/boot/dts/qcom/msm8939.dtsi | 2 +- arch/arm64/boot/dts/qcom/msm8994.dtsi | 11 +- arch/arm64/boot/dts/qcom/msm8996-xiaomi-gemini.dts | 2 +- arch/arm64/boot/dts/qcom/msm8996.dtsi | 9 +- arch/arm64/boot/dts/qcom/pm6150.dtsi | 2 +- arch/arm64/boot/dts/qcom/pm6150l.dtsi | 3 - arch/arm64/boot/dts/qcom/qcs404.dtsi | 2 +- arch/arm64/boot/dts/qcom/qdu1000-idp.dts | 2 +- arch/arm64/boot/dts/qcom/qrb4210-rb2.dts | 2 +- arch/arm64/boot/dts/qcom/qru1000-idp.dts | 2 +- arch/arm64/boot/dts/qcom/sa8775p-ride.dts | 829 +-------------------- arch/arm64/boot/dts/qcom/sa8775p-ride.dtsi | 814 ++++++++++++++++++++ arch/arm64/boot/dts/qcom/sc7180-firmware-tfa.dtsi | 84 +-- .../arm64/boot/dts/qcom/sc7180-trogdor-coachz.dtsi | 9 +- .../boot/dts/qcom/sc7180-trogdor-homestar.dtsi | 9 +- .../arm64/boot/dts/qcom/sc7180-trogdor-pompom.dtsi | 7 +- .../dts/qcom/sc7180-trogdor-quackingstick.dtsi | 1 + .../boot/dts/qcom/sc7180-trogdor-wormdingler.dtsi | 9 +- arch/arm64/boot/dts/qcom/sc7180-trogdor.dtsi | 3 - arch/arm64/boot/dts/qcom/sc7180.dtsi | 387 +++++----- arch/arm64/boot/dts/qcom/sc7280.dtsi | 2 +- arch/arm64/boot/dts/qcom/sc8280xp.dtsi | 6 +- ...dts => sdm845-db845c-navigation-mezzanine.dtso} | 46 +- arch/arm64/boot/dts/qcom/sdm845.dtsi | 20 +- arch/arm64/boot/dts/qcom/sdx75.dtsi | 2 +- arch/arm64/boot/dts/qcom/sm4450.dtsi | 2 +- arch/arm64/boot/dts/qcom/sm6125.dtsi | 2 +- arch/arm64/boot/dts/qcom/sm6375.dtsi | 2 +- arch/arm64/boot/dts/qcom/sm7125.dtsi | 16 + arch/arm64/boot/dts/qcom/sm7225-fairphone-fp4.dts | 2 +- .../boot/dts/qcom/sm8150-microsoft-surface-duo.dts | 4 +- arch/arm64/boot/dts/qcom/sm8250.dtsi | 30 +- arch/arm64/boot/dts/qcom/sm8350.dtsi | 2 +- arch/arm64/boot/dts/qcom/sm8450.dtsi | 2 +- arch/arm64/boot/dts/ti/k3-am62-main.dtsi | 1 - arch/arm64/boot/dts/ti/k3-am62a-main.dtsi | 1 - arch/hexagon/include/asm/cmpxchg.h | 2 +- arch/hexagon/kernel/traps.c | 4 +- arch/loongarch/include/asm/hw_breakpoint.h | 4 +- arch/loongarch/include/asm/loongarch.h | 60 ++ arch/loongarch/kernel/hw_breakpoint.c | 16 +- arch/loongarch/power/platform.c | 2 +- arch/powerpc/include/asm/hugetlb.h | 9 + arch/powerpc/kernel/smp.c | 4 +- arch/powerpc/sysdev/xive/native.c | 4 +- arch/powerpc/sysdev/xive/spapr.c | 3 +- arch/riscv/kernel/vector.c | 2 +- arch/s390/Makefile | 2 +- arch/s390/kernel/perf_cpum_cf.c | 2 +- arch/s390/kernel/perf_pai_crypto.c | 2 +- arch/s390/kernel/perf_pai_ext.c | 2 +- arch/s390/kernel/topology.c | 2 +- arch/s390/purgatory/Makefile | 2 +- arch/x86/events/amd/ibs.c | 2 +- arch/x86/kernel/smpboot.c | 12 +- block/genhd.c | 22 +- block/partitions/ldm.h | 2 +- crypto/algapi.c | 4 +- drivers/acpi/acpica/achware.h | 2 - drivers/acpi/fan_core.c | 10 +- drivers/base/class.c | 9 +- drivers/block/nbd.c | 1 + drivers/bluetooth/btnxpuart.c | 3 +- drivers/bus/ti-sysc.c | 4 +- drivers/char/ipmi/ipmb_dev_int.c | 3 + drivers/char/ipmi/ssif_bmc.c | 5 +- drivers/clk/analogbits/wrpll-cln28hpc.c | 2 +- drivers/clk/clk-conf.c | 4 +- drivers/clk/clk-si5351.c | 76 +- drivers/clk/clk.c | 14 +- drivers/clk/imx/clk-imx8mp.c | 5 +- drivers/clk/qcom/common.c | 4 +- drivers/clk/qcom/gcc-sdm845.c | 32 +- drivers/clk/ralink/clk-mtmips.c | 1 - drivers/clk/sunxi-ng/ccu-sun50i-a64.c | 13 +- drivers/clk/sunxi-ng/ccu-sun50i-a64.h | 2 - drivers/clk/sunxi/clk-simple-gates.c | 4 +- drivers/clk/sunxi/clk-sun8i-bus-gates.c | 4 +- drivers/clocksource/samsung_pwm_timer.c | 4 +- drivers/cpufreq/acpi-cpufreq.c | 36 +- drivers/cpufreq/qcom-cpufreq-hw.c | 34 +- drivers/crypto/caam/blob_gen.c | 3 +- drivers/crypto/hisilicon/sec2/sec.h | 3 +- drivers/crypto/hisilicon/sec2/sec_crypto.c | 164 ++-- drivers/crypto/hisilicon/sec2/sec_crypto.h | 11 - drivers/crypto/intel/ixp4xx/ixp4xx_crypto.c | 3 + drivers/dma/ti/edma.c | 3 +- drivers/firmware/efi/sysfb_efi.c | 2 +- drivers/gpio/gpio-brcmstb.c | 5 +- drivers/gpio/gpio-mxc.c | 3 +- drivers/gpio/gpio-pca953x.c | 108 ++- drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 1 + drivers/gpu/drm/amd/amdgpu/vcn_v4_0_3.c | 2 + .../gpu/drm/amd/pm/powerplay/hwmgr/ppatomctrl.c | 2 + .../drm/amd/pm/powerplay/hwmgr/vega10_powertune.c | 5 +- drivers/gpu/drm/bridge/ite-it6505.c | 2 +- drivers/gpu/drm/etnaviv/etnaviv_gem.c | 16 +- drivers/gpu/drm/msm/adreno/a6xx_gmu.c | 8 +- .../gpu/drm/msm/disp/dpu1/catalog/dpu_5_0_sm8150.h | 2 + .../drm/msm/disp/dpu1/catalog/dpu_5_1_sc8180x.h | 2 + .../gpu/drm/msm/disp/dpu1/catalog/dpu_6_0_sm8250.h | 2 + .../gpu/drm/msm/disp/dpu1/catalog/dpu_7_0_sm8350.h | 2 + .../gpu/drm/msm/disp/dpu1/catalog/dpu_9_0_sm8550.h | 2 + drivers/gpu/drm/msm/dp/dp_audio.c | 2 +- drivers/gpu/drm/rockchip/analogix_dp-rockchip.c | 1 - drivers/gpu/drm/rockchip/cdn-dp-core.c | 1 - drivers/gpu/drm/rockchip/dw-mipi-dsi-rockchip.c | 1 - drivers/gpu/drm/rockchip/dw_hdmi-rockchip.c | 1 - drivers/gpu/drm/rockchip/inno_hdmi.c | 1 - drivers/gpu/drm/rockchip/rk3066_hdmi.c | 1 - drivers/gpu/drm/rockchip/rockchip_drm_drv.h | 18 + drivers/gpu/drm/rockchip/rockchip_drm_vop.h | 12 - drivers/gpu/drm/rockchip/rockchip_drm_vop2.c | 121 ++- drivers/gpu/drm/rockchip/rockchip_drm_vop2.h | 18 +- drivers/gpu/drm/rockchip/rockchip_lvds.c | 1 - drivers/gpu/drm/rockchip/rockchip_rgb.c | 1 - drivers/hid/hid-core.c | 2 + drivers/hid/hid-input.c | 37 +- drivers/hid/hid-multitouch.c | 2 +- drivers/hid/hid-thrustmaster.c | 8 + drivers/i3c/master/dw-i3c-master.c | 66 +- drivers/i3c/master/dw-i3c-master.h | 2 + drivers/iio/adc/ti_am335x_adc.c | 4 +- drivers/infiniband/hw/bnxt_re/ib_verbs.c | 7 +- drivers/infiniband/hw/cxgb4/device.c | 6 +- drivers/infiniband/hw/mlx4/main.c | 8 +- drivers/infiniband/hw/mlx5/odp.c | 32 +- drivers/infiniband/sw/rxe/rxe.c | 6 +- drivers/infiniband/sw/rxe/rxe.h | 6 +- drivers/infiniband/sw/rxe/rxe_comp.c | 4 +- drivers/infiniband/sw/rxe/rxe_cq.c | 4 +- drivers/infiniband/sw/rxe/rxe_mr.c | 16 +- drivers/infiniband/sw/rxe/rxe_mw.c | 2 +- drivers/infiniband/sw/rxe/rxe_param.h | 2 +- drivers/infiniband/sw/rxe/rxe_pool.c | 11 +- drivers/infiniband/sw/rxe/rxe_qp.c | 8 +- drivers/infiniband/sw/rxe/rxe_resp.c | 12 +- drivers/infiniband/sw/rxe/rxe_task.c | 4 +- drivers/infiniband/sw/rxe/rxe_verbs.c | 221 +++--- drivers/infiniband/ulp/srp/ib_srp.c | 1 - drivers/irqchip/irq-atmel-aic-common.c | 4 +- drivers/irqchip/irq-pic32-evic.c | 4 +- drivers/leds/leds-cht-wcove.c | 6 +- drivers/leds/leds-netxbig.c | 1 + drivers/media/i2c/imx290.c | 3 +- drivers/media/i2c/imx412.c | 42 +- drivers/media/i2c/ov9282.c | 2 +- drivers/media/platform/marvell/mcam-core.c | 7 +- drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c | 7 +- .../media/platform/nxp/imx8-isi/imx8-isi-video.c | 3 + .../media/platform/samsung/exynos4-is/mipi-csis.c | 10 +- .../media/platform/samsung/s3c-camif/camif-core.c | 13 +- drivers/media/rc/iguanair.c | 4 +- drivers/media/usb/dvb-usb-v2/af9035.c | 18 +- drivers/media/usb/dvb-usb-v2/lmedm04.c | 12 +- drivers/media/usb/uvc/uvc_queue.c | 3 +- drivers/media/usb/uvc/uvc_status.c | 1 + drivers/memory/tegra/tegra20-emc.c | 8 +- drivers/mfd/syscon.c | 81 +- drivers/mfd/ti_am335x_tscadc.c | 4 +- drivers/misc/cardreader/rtsx_usb.c | 15 + drivers/mtd/hyperbus/hbmc-am654.c | 25 +- drivers/mtd/nand/raw/brcmnand/brcmnand.c | 5 + drivers/net/ethernet/broadcom/bgmac.h | 3 +- drivers/net/ethernet/davicom/dm9000.c | 3 +- drivers/net/ethernet/freescale/fec_main.c | 31 +- drivers/net/ethernet/hisilicon/hns3/hnae3.c | 15 + drivers/net/ethernet/hisilicon/hns3/hnae3.h | 2 + drivers/net/ethernet/hisilicon/hns3/hns3_enet.c | 2 + .../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 2 + .../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 2 + drivers/net/ethernet/intel/iavf/iavf_main.c | 19 +- .../net/ethernet/marvell/octeon_ep/octep_main.c | 10 - drivers/net/ethernet/mellanox/mlxfw/mlxfw_fsm.c | 2 - drivers/net/ethernet/mellanox/mlxsw/spectrum_mr.c | 8 +- drivers/net/ethernet/renesas/sh_eth.c | 4 + drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 30 + drivers/net/ethernet/ti/am65-cpsw-nuss.c | 2 +- drivers/net/netdevsim/netdevsim.h | 1 + drivers/net/netdevsim/udp_tunnels.c | 23 +- drivers/net/team/team.c | 7 + drivers/net/usb/rtl8150.c | 22 + drivers/net/vxlan/vxlan_vnifilter.c | 5 + drivers/net/wireless/ath/ath11k/dp_rx.c | 1 + drivers/net/wireless/ath/ath11k/hal_rx.c | 3 +- drivers/net/wireless/ath/ath12k/mac.c | 6 +- drivers/net/wireless/ath/wcn36xx/main.c | 5 +- .../wireless/broadcom/brcm80211/brcmfmac/fwil.h | 2 + drivers/net/wireless/mediatek/mt76/mt7615/init.c | 2 +- drivers/net/wireless/mediatek/mt76/mt7615/mcu.c | 10 - drivers/net/wireless/mediatek/mt76/mt7615/mt7615.h | 1 - .../net/wireless/mediatek/mt76/mt76_connac_mcu.c | 11 + .../net/wireless/mediatek/mt76/mt76_connac_mcu.h | 1 + drivers/net/wireless/mediatek/mt76/mt7915/init.c | 2 +- drivers/net/wireless/mediatek/mt76/mt7915/mac.c | 34 +- drivers/net/wireless/mediatek/mt76/mt7915/main.c | 15 +- drivers/net/wireless/mediatek/mt76/mt7915/mcu.c | 2 + drivers/net/wireless/mediatek/mt76/mt7915/mmio.c | 2 +- drivers/net/wireless/mediatek/mt76/mt7915/mt7915.h | 1 + drivers/net/wireless/mediatek/mt76/mt7915/pci.c | 1 + drivers/net/wireless/mediatek/mt76/mt7921/main.c | 8 +- drivers/net/wireless/mediatek/mt76/mt7996/init.c | 15 +- drivers/net/wireless/mediatek/mt76/mt7996/main.c | 3 +- drivers/net/wireless/mediatek/mt76/mt7996/mcu.c | 47 +- drivers/net/wireless/mediatek/mt76/mt7996/mmio.c | 2 +- drivers/net/wireless/mediatek/mt76/usb.c | 4 +- drivers/net/wireless/realtek/rtlwifi/base.c | 13 +- drivers/net/wireless/realtek/rtlwifi/base.h | 1 - drivers/net/wireless/realtek/rtlwifi/pci.c | 61 +- .../net/wireless/realtek/rtlwifi/rtl8192se/sw.c | 7 +- drivers/net/wireless/realtek/rtlwifi/usb.c | 12 +- drivers/net/wireless/realtek/rtlwifi/wifi.h | 12 - drivers/net/wireless/ti/wlcore/main.c | 10 +- drivers/nvme/host/core.c | 34 +- drivers/of/of_reserved_mem.c | 3 +- drivers/opp/core.c | 57 +- drivers/opp/of.c | 4 +- drivers/pci/controller/dwc/pci-imx6.c | 139 ++-- drivers/pci/controller/pcie-rcar-ep.c | 2 +- drivers/pci/endpoint/functions/pci-epf-test.c | 6 +- drivers/pci/endpoint/pci-epc-core.c | 2 +- drivers/pinctrl/nxp/pinctrl-s32cc.c | 4 +- drivers/pinctrl/pinctrl-amd.c | 27 +- drivers/pinctrl/pinctrl-amd.h | 7 +- drivers/pinctrl/pinctrl-k210.c | 4 +- drivers/pinctrl/stm32/pinctrl-stm32.c | 76 +- drivers/pps/clients/pps-gpio.c | 4 +- drivers/pps/clients/pps-ktimer.c | 4 +- drivers/pps/clients/pps-ldisc.c | 6 +- drivers/pps/clients/pps_parport.c | 4 +- drivers/pps/kapi.c | 10 +- drivers/pps/kc.c | 10 +- drivers/pps/pps.c | 127 ++-- drivers/ptp/ptp_chardev.c | 4 + drivers/ptp/ptp_ocp.c | 2 +- drivers/pwm/pwm-samsung.c | 4 +- drivers/pwm/pwm-stm32-lp.c | 8 +- drivers/pwm/pwm-stm32.c | 7 +- drivers/regulator/core.c | 2 +- drivers/regulator/of_regulator.c | 14 +- drivers/remoteproc/remoteproc_core.c | 14 +- drivers/rtc/rtc-loongson.c | 13 +- drivers/rtc/rtc-pcf85063.c | 11 +- drivers/scsi/mpt3sas/mpt3sas_base.c | 3 +- drivers/soc/atmel/soc.c | 2 +- drivers/spi/spi-omap2-mcspi.c | 11 +- drivers/spi/spi-zynq-qspi.c | 13 +- drivers/staging/media/imx/imx-media-of.c | 8 +- drivers/staging/media/max96712/max96712.c | 4 +- drivers/tty/serial/8250/8250_port.c | 32 +- drivers/tty/serial/sc16is7xx.c | 34 +- drivers/tty/sysrq.c | 4 +- drivers/ufs/core/ufs_bsg.c | 1 + drivers/usb/dwc3/core.c | 30 +- drivers/usb/dwc3/dwc3-am62.c | 1 + drivers/usb/gadget/function/f_tcm.c | 14 +- drivers/usb/host/xhci-ring.c | 3 +- drivers/usb/misc/usb251xb.c | 4 +- drivers/usb/typec/tcpm/tcpci.c | 13 +- drivers/usb/typec/tcpm/tcpm.c | 10 +- drivers/vfio/iova_bitmap.c | 2 +- drivers/video/fbdev/omap2/omapfb/dss/dss-of.c | 1 + drivers/watchdog/rti_wdt.c | 1 + fs/afs/dir.c | 7 +- fs/afs/internal.h | 9 + fs/afs/rxrpc.c | 12 +- fs/afs/xdr_fs.h | 2 +- fs/afs/yfsclient.c | 5 +- fs/btrfs/super.c | 2 +- fs/buffer.c | 24 +- fs/dlm/lowcomms.c | 3 +- fs/f2fs/dir.c | 53 +- fs/f2fs/f2fs.h | 6 +- fs/f2fs/inline.c | 5 +- fs/file_table.c | 2 +- fs/hostfs/hostfs_kern.c | 157 ++-- fs/nfs/nfs42proc.c | 2 +- fs/nfs/nfs42xdr.c | 2 + fs/nfsd/nfs4callback.c | 1 + fs/nilfs2/segment.c | 11 +- fs/ocfs2/quota_global.c | 5 + fs/pstore/blk.c | 4 +- fs/select.c | 4 +- fs/smb/client/cifsacl.c | 25 +- fs/smb/client/cifsproto.h | 2 +- fs/smb/client/cifssmb.c | 4 +- fs/smb/client/readdir.c | 2 +- fs/smb/client/reparse.c | 22 +- fs/smb/client/smb2ops.c | 3 +- fs/ubifs/debug.c | 22 +- include/acpi/acpixf.h | 1 + include/dt-bindings/clock/sun50i-a64-ccu.h | 2 + include/linux/buffer_head.h | 4 +- include/linux/hid.h | 1 + include/linux/ieee80211.h | 11 +- include/linux/kallsyms.h | 2 +- include/linux/mfd/syscon.h | 33 +- include/linux/mroute_base.h | 6 +- include/linux/netdevice.h | 2 +- include/linux/of.h | 15 +- include/linux/perf_event.h | 6 + include/linux/platform_data/pca953x.h | 13 - include/linux/platform_data/si5351.h | 2 + include/linux/pps_kernel.h | 3 +- include/linux/sched.h | 1 + include/linux/usb/tcpm.h | 3 +- include/net/ax25.h | 10 +- include/net/inetpeer.h | 12 +- include/net/netfilter/nf_tables.h | 8 +- include/net/xfrm.h | 16 +- include/trace/events/afs.h | 2 + include/trace/events/rxrpc.h | 25 + io_uring/uring_cmd.c | 2 +- kernel/bpf/bpf_local_storage.c | 8 +- kernel/events/core.c | 35 +- kernel/irq/internals.h | 9 +- kernel/padata.c | 45 +- kernel/power/hibernate.c | 7 +- kernel/sched/cpufreq_schedutil.c | 4 +- kernel/sched/fair.c | 19 +- kernel/sched/topology.c | 8 +- kernel/trace/bpf_trace.c | 13 +- net/ax25/af_ax25.c | 12 +- net/ax25/ax25_dev.c | 4 +- net/ax25/ax25_ip.c | 3 +- net/ax25/ax25_out.c | 22 +- net/ax25/ax25_route.c | 2 + net/core/dev.c | 4 + net/core/filter.c | 2 +- net/core/sysctl_net_core.c | 5 +- net/ethtool/netlink.c | 2 +- net/hsr/hsr_forward.c | 7 +- net/ipv4/icmp.c | 9 +- net/ipv4/inetpeer.c | 31 +- net/ipv4/ip_fragment.c | 15 +- net/ipv4/ipmr.c | 28 +- net/ipv4/ipmr_base.c | 9 +- net/ipv4/route.c | 17 +- net/ipv4/tcp_cubic.c | 8 +- net/ipv4/tcp_output.c | 9 +- net/ipv6/icmp.c | 6 +- net/ipv6/ip6_output.c | 6 +- net/ipv6/ip6mr.c | 28 +- net/ipv6/ndisc.c | 8 +- net/mac80211/debugfs_netdev.c | 2 +- net/mac80211/driver-ops.h | 3 + net/mac80211/rx.c | 1 + net/mptcp/options.c | 13 +- net/mptcp/protocol.c | 4 +- net/mptcp/protocol.h | 30 +- net/netfilter/nf_tables_api.c | 57 +- net/netfilter/nft_flow_offload.c | 16 +- net/netfilter/nft_set_pipapo.c | 7 +- net/netfilter/nft_set_rbtree.c | 178 +++-- net/rose/af_rose.c | 16 +- net/rose/rose_timer.c | 15 + net/rxrpc/conn_event.c | 12 +- net/sched/sch_api.c | 4 + net/sched/sch_sfq.c | 58 +- net/smc/af_smc.c | 2 +- net/smc/smc_rx.c | 37 +- net/smc/smc_rx.h | 8 +- net/sunrpc/svcsock.c | 12 +- net/vmw_vsock/af_vsock.c | 5 + net/wireless/scan.c | 35 + net/xfrm/xfrm_replay.c | 10 +- samples/landlock/sandboxer.c | 7 + scripts/Makefile.lib | 4 +- scripts/genksyms/genksyms.c | 11 +- scripts/genksyms/genksyms.h | 2 +- scripts/genksyms/parse.y | 18 +- scripts/kconfig/conf.c | 6 + scripts/kconfig/confdata.c | 113 ++- scripts/kconfig/lkc_proto.h | 2 + scripts/kconfig/symbol.c | 10 + security/landlock/fs.c | 11 +- sound/core/seq/Kconfig | 5 +- sound/pci/hda/patch_realtek.c | 1 + sound/soc/codecs/arizona.c | 12 +- sound/soc/intel/avs/apl.c | 53 +- sound/soc/intel/avs/avs.h | 40 +- sound/soc/intel/avs/core.c | 51 +- sound/soc/intel/avs/ipc.c | 36 +- sound/soc/intel/avs/loader.c | 2 +- sound/soc/intel/avs/messages.h | 10 +- sound/soc/intel/avs/registers.h | 6 +- sound/soc/intel/avs/skl.c | 30 +- sound/soc/rockchip/rockchip_i2s_tdm.c | 31 +- sound/soc/sh/rz-ssi.c | 3 +- sound/soc/sunxi/sun4i-spdif.c | 7 + sound/usb/quirks.c | 2 + tools/bootconfig/main.c | 4 +- tools/lib/bpf/linker.c | 22 +- tools/lib/bpf/usdt.c | 2 +- tools/perf/builtin-lock.c | 66 +- tools/perf/builtin-report.c | 2 +- tools/perf/builtin-top.c | 2 +- tools/perf/builtin-trace.c | 6 +- tools/perf/util/bpf-event.c | 10 +- tools/perf/util/env.c | 13 +- tools/perf/util/env.h | 4 +- tools/perf/util/expr.c | 5 +- tools/perf/util/header.c | 8 +- tools/perf/util/machine.c | 2 +- tools/perf/util/namespaces.c | 7 +- tools/perf/util/namespaces.h | 3 +- .../cpupower/utils/idle_monitor/mperf_monitor.c | 15 +- tools/testing/ktest/ktest.pl | 7 +- .../selftests/bpf/prog_tests/fill_link_info.c | 4 + .../selftests/bpf/progs/test_fill_link_info.c | 13 +- tools/testing/selftests/bpf/test_tc_tunnel.sh | 1 + .../drivers/net/netdevsim/udp_tunnel_nic.sh | 16 +- tools/testing/selftests/kselftest_harness.h | 24 +- tools/testing/selftests/landlock/fs_test.c | 3 +- .../selftests/powerpc/benchmarks/gettimeofday.c | 2 +- tools/testing/selftests/rseq/rseq.c | 32 +- tools/testing/selftests/rseq/rseq.h | 9 +- .../testing/selftests/timers/clocksource-switch.c | 6 +- 455 files changed, 4496 insertions(+), 3375 deletions(-)

4 months, 3 weeks

12
24
0 0

[PATCH v2 4/4] mm: Don't skip arch_sync_kernel_mappings() in error paths

by Ryan Roberts

Fix callers that previously skipped calling arch_sync_kernel_mappings() if an error occurred during a pgtable update. The call is still required to sync any pgtable updates that may have occurred prior to hitting the error condition. These are theoretical bugs discovered during code review. Cc: stable(a)vger.kernel.org Fixes: 2ba3e6947aed ("mm/vmalloc: track which page-table levels were modified") Fixes: 0c95cba49255 ("mm: apply_to_pte_range warn and fail if a large pte is encountered") Reviewed-by: Anshuman Khandual <anshuman.khandual(a)arm.com> Signed-off-by: Ryan Roberts <ryan.roberts(a)arm.com> --- mm/memory.c | 6 ++++-- mm/vmalloc.c | 4 ++-- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/mm/memory.c b/mm/memory.c index 539c0f7c6d54..a15f7dd500ea 100644 --- a/mm/memory.c +++ b/mm/memory.c @@ -3040,8 +3040,10 @@ static int __apply_to_page_range(struct mm_struct *mm, unsigned long addr, next = pgd_addr_end(addr, end); if (pgd_none(*pgd) && !create) continue; - if (WARN_ON_ONCE(pgd_leaf(*pgd))) - return -EINVAL; + if (WARN_ON_ONCE(pgd_leaf(*pgd))) { + err = -EINVAL; + break; + } if (!pgd_none(*pgd) && WARN_ON_ONCE(pgd_bad(*pgd))) { if (!create) continue; diff --git a/mm/vmalloc.c b/mm/vmalloc.c index a6e7acebe9ad..61981ee1c9d2 100644 --- a/mm/vmalloc.c +++ b/mm/vmalloc.c @@ -586,13 +586,13 @@ static int vmap_small_pages_range_noflush(unsigned long addr, unsigned long end, mask |= PGTBL_PGD_MODIFIED; err = vmap_pages_p4d_range(pgd, addr, next, prot, pages, &nr, &mask); if (err) - return err; + break; } while (pgd++, addr = next, addr != end); if (mask & ARCH_PAGE_TABLE_SYNC_MASK) arch_sync_kernel_mappings(start, end); - return 0; + return err; } /* -- 2.43.0

4 months, 3 weeks

2
1
0 0

FAILED: patch "[PATCH] batman-adv: Drop unmanaged ELP metric worker" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 8c8ecc98f5c65947b0070a24bac11e12e47cc65d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021842-crusher-corrode-54d0@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8c8ecc98f5c65947b0070a24bac11e12e47cc65d Mon Sep 17 00:00:00 2001 From: Sven Eckelmann <sven(a)narfation.org> Date: Mon, 20 Jan 2025 00:06:11 +0100 Subject: [PATCH] batman-adv: Drop unmanaged ELP metric worker The ELP worker needs to calculate new metric values for all neighbors "reachable" over an interface. Some of the used metric sources require locks which might need to sleep. This sleep is incompatible with the RCU list iterator used for the recorded neighbors. The initial approach to work around of this problem was to queue another work item per neighbor and then run this in a new context. Even when this solved the RCU vs might_sleep() conflict, it has a major problems: Nothing was stopping the work item in case it is not needed anymore - for example because one of the related interfaces was removed or the batman-adv module was unloaded - resulting in potential invalid memory accesses. Directly canceling the metric worker also has various problems: * cancel_work_sync for a to-be-deactivated interface is called with rtnl_lock held. But the code in the ELP metric worker also tries to use rtnl_lock() - which will never return in this case. This also means that cancel_work_sync would never return because it is waiting for the worker to finish. * iterating over the neighbor list for the to-be-deactivated interface is currently done using the RCU specific methods. Which means that it is possible to miss items when iterating over it without the associated spinlock - a behaviour which is acceptable for a periodic metric check but not for a cleanup routine (which must "stop" all still running workers) The better approch is to get rid of the per interface neighbor metric worker and handle everything in the interface worker. The original problems are solved by: * creating a list of neighbors which require new metric information inside the RCU protected context, gathering the metric according to the new list outside the RCU protected context * only use rcu_trylock inside metric gathering code to avoid a deadlock when the cancel_delayed_work_sync is called in the interface removal code (which is called with the rtnl_lock held) Cc: stable(a)vger.kernel.org Fixes: c833484e5f38 ("batman-adv: ELP - compute the metric based on the estimated throughput") Signed-off-by: Sven Eckelmann <sven(a)narfation.org> Signed-off-by: Simon Wunderlich <sw(a)simonwunderlich.de> diff --git a/net/batman-adv/bat_v.c b/net/batman-adv/bat_v.c index ac11f1f08db0..d35479c465e2 100644 --- a/net/batman-adv/bat_v.c +++ b/net/batman-adv/bat_v.c @@ -113,8 +113,6 @@ static void batadv_v_hardif_neigh_init(struct batadv_hardif_neigh_node *hardif_neigh) { ewma_throughput_init(&hardif_neigh->bat_v.throughput); - INIT_WORK(&hardif_neigh->bat_v.metric_work, - batadv_v_elp_throughput_metric_update); } /** diff --git a/net/batman-adv/bat_v_elp.c b/net/batman-adv/bat_v_elp.c index 65e52de52bcd..b065578b4436 100644 --- a/net/batman-adv/bat_v_elp.c +++ b/net/batman-adv/bat_v_elp.c @@ -18,6 +18,7 @@ #include <linux/if_ether.h> #include <linux/jiffies.h> #include <linux/kref.h> +#include <linux/list.h> #include <linux/minmax.h> #include <linux/netdevice.h> #include <linux/nl80211.h> @@ -26,6 +27,7 @@ #include <linux/rcupdate.h> #include <linux/rtnetlink.h> #include <linux/skbuff.h> +#include <linux/slab.h> #include <linux/stddef.h> #include <linux/string.h> #include <linux/types.h> @@ -41,6 +43,18 @@ #include "routing.h" #include "send.h" +/** + * struct batadv_v_metric_queue_entry - list of hardif neighbors which require + * and metric update + */ +struct batadv_v_metric_queue_entry { + /** @hardif_neigh: hardif neighbor scheduled for metric update */ + struct batadv_hardif_neigh_node *hardif_neigh; + + /** @list: list node for metric_queue */ + struct list_head list; +}; + /** * batadv_v_elp_start_timer() - restart timer for ELP periodic work * @hard_iface: the interface for which the timer has to be reset @@ -137,10 +151,17 @@ static bool batadv_v_elp_get_throughput(struct batadv_hardif_neigh_node *neigh, goto default_throughput; } + /* only use rtnl_trylock because the elp worker will be cancelled while + * the rntl_lock is held. the cancel_delayed_work_sync() would otherwise + * wait forever when the elp work_item was started and it is then also + * trying to rtnl_lock + */ + if (!rtnl_trylock()) + return false; + /* if not a wifi interface, check if this device provides data via * ethtool (e.g. an Ethernet adapter) */ - rtnl_lock(); ret = __ethtool_get_link_ksettings(hard_iface->net_dev, &link_settings); rtnl_unlock(); if (ret == 0) { @@ -175,31 +196,19 @@ static bool batadv_v_elp_get_throughput(struct batadv_hardif_neigh_node *neigh, /** * batadv_v_elp_throughput_metric_update() - worker updating the throughput * metric of a single hop neighbour - * @work: the work queue item + * @neigh: the neighbour to probe */ -void batadv_v_elp_throughput_metric_update(struct work_struct *work) +static void +batadv_v_elp_throughput_metric_update(struct batadv_hardif_neigh_node *neigh) { - struct batadv_hardif_neigh_node_bat_v *neigh_bat_v; - struct batadv_hardif_neigh_node *neigh; u32 throughput; bool valid; - neigh_bat_v = container_of(work, struct batadv_hardif_neigh_node_bat_v, - metric_work); - neigh = container_of(neigh_bat_v, struct batadv_hardif_neigh_node, - bat_v); - valid = batadv_v_elp_get_throughput(neigh, &throughput); if (!valid) - goto put_neigh; + return; ewma_throughput_add(&neigh->bat_v.throughput, throughput); - -put_neigh: - /* decrement refcounter to balance increment performed before scheduling - * this task - */ - batadv_hardif_neigh_put(neigh); } /** @@ -273,14 +282,16 @@ batadv_v_elp_wifi_neigh_probe(struct batadv_hardif_neigh_node *neigh) */ static void batadv_v_elp_periodic_work(struct work_struct *work) { + struct batadv_v_metric_queue_entry *metric_entry; + struct batadv_v_metric_queue_entry *metric_safe; struct batadv_hardif_neigh_node *hardif_neigh; struct batadv_hard_iface *hard_iface; struct batadv_hard_iface_bat_v *bat_v; struct batadv_elp_packet *elp_packet; + struct list_head metric_queue; struct batadv_priv *bat_priv; struct sk_buff *skb; u32 elp_interval; - bool ret; bat_v = container_of(work, struct batadv_hard_iface_bat_v, elp_wq.work); hard_iface = container_of(bat_v, struct batadv_hard_iface, bat_v); @@ -316,6 +327,8 @@ static void batadv_v_elp_periodic_work(struct work_struct *work) atomic_inc(&hard_iface->bat_v.elp_seqno); + INIT_LIST_HEAD(&metric_queue); + /* The throughput metric is updated on each sent packet. This way, if a * node is dead and no longer sends packets, batman-adv is still able to * react timely to its death. @@ -340,16 +353,28 @@ static void batadv_v_elp_periodic_work(struct work_struct *work) /* Reading the estimated throughput from cfg80211 is a task that * may sleep and that is not allowed in an rcu protected - * context. Therefore schedule a task for that. + * context. Therefore add it to metric_queue and process it + * outside rcu protected context. */ - ret = queue_work(batadv_event_workqueue, - &hardif_neigh->bat_v.metric_work); - - if (!ret) + metric_entry = kzalloc(sizeof(*metric_entry), GFP_ATOMIC); + if (!metric_entry) { batadv_hardif_neigh_put(hardif_neigh); + continue; + } + + metric_entry->hardif_neigh = hardif_neigh; + list_add(&metric_entry->list, &metric_queue); } rcu_read_unlock(); + list_for_each_entry_safe(metric_entry, metric_safe, &metric_queue, list) { + batadv_v_elp_throughput_metric_update(metric_entry->hardif_neigh); + + batadv_hardif_neigh_put(metric_entry->hardif_neigh); + list_del(&metric_entry->list); + kfree(metric_entry); + } + restart_timer: batadv_v_elp_start_timer(hard_iface); out: diff --git a/net/batman-adv/bat_v_elp.h b/net/batman-adv/bat_v_elp.h index 9e2740195fa2..c9cb0a307100 100644 --- a/net/batman-adv/bat_v_elp.h +++ b/net/batman-adv/bat_v_elp.h @@ -10,7 +10,6 @@ #include "main.h" #include <linux/skbuff.h> -#include <linux/workqueue.h> int batadv_v_elp_iface_enable(struct batadv_hard_iface *hard_iface); void batadv_v_elp_iface_disable(struct batadv_hard_iface *hard_iface); @@ -19,6 +18,5 @@ void batadv_v_elp_iface_activate(struct batadv_hard_iface *primary_iface, void batadv_v_elp_primary_iface_set(struct batadv_hard_iface *primary_iface); int batadv_v_elp_packet_recv(struct sk_buff *skb, struct batadv_hard_iface *if_incoming); -void batadv_v_elp_throughput_metric_update(struct work_struct *work); #endif /* _NET_BATMAN_ADV_BAT_V_ELP_H_ */ diff --git a/net/batman-adv/types.h b/net/batman-adv/types.h index 04f6398b3a40..85a50096f5b2 100644 --- a/net/batman-adv/types.h +++ b/net/batman-adv/types.h @@ -596,9 +596,6 @@ struct batadv_hardif_neigh_node_bat_v { * neighbor */ unsigned long last_unicast_tx; - - /** @metric_work: work queue callback item for metric update */ - struct work_struct metric_work; }; /**

4 months, 3 weeks

2
2
0 0

[PATCH v2 3/4] arm64: hugetlb: Fix flush_hugetlb_tlb_range() invalidation level

by Ryan Roberts

commit c910f2b65518 ("arm64/mm: Update tlb invalidation routines for FEAT_LPA2") changed the "invalidation level unknown" hint from 0 to TLBI_TTL_UNKNOWN (INT_MAX). But the fallback "unknown level" path in flush_hugetlb_tlb_range() was not updated. So as it stands, when trying to invalidate CONT_PMD_SIZE or CONT_PTE_SIZE hugetlb mappings, we will spuriously try to invalidate at level 0 on LPA2-enabled systems. Fix this so that the fallback passes TLBI_TTL_UNKNOWN, and while we are at it, explicitly use the correct stride and level for CONT_PMD_SIZE and CONT_PTE_SIZE, which should provide a minor optimization. Cc: stable(a)vger.kernel.org Fixes: c910f2b65518 ("arm64/mm: Update tlb invalidation routines for FEAT_LPA2") Signed-off-by: Ryan Roberts <ryan.roberts(a)arm.com> --- arch/arm64/include/asm/hugetlb.h | 22 ++++++++++++++++------ 1 file changed, 16 insertions(+), 6 deletions(-) diff --git a/arch/arm64/include/asm/hugetlb.h b/arch/arm64/include/asm/hugetlb.h index 03db9cb21ace..07fbf5bf85a7 100644 --- a/arch/arm64/include/asm/hugetlb.h +++ b/arch/arm64/include/asm/hugetlb.h @@ -76,12 +76,22 @@ static inline void flush_hugetlb_tlb_range(struct vm_area_struct *vma, { unsigned long stride = huge_page_size(hstate_vma(vma)); - if (stride == PMD_SIZE) - __flush_tlb_range(vma, start, end, stride, false, 2); - else if (stride == PUD_SIZE) - __flush_tlb_range(vma, start, end, stride, false, 1); - else - __flush_tlb_range(vma, start, end, PAGE_SIZE, false, 0); + switch (stride) { +#ifndef __PAGETABLE_PMD_FOLDED + case PUD_SIZE: + __flush_tlb_range(vma, start, end, PUD_SIZE, false, 1); + break; +#endif + case CONT_PMD_SIZE: + case PMD_SIZE: + __flush_tlb_range(vma, start, end, PMD_SIZE, false, 2); + break; + case CONT_PTE_SIZE: + __flush_tlb_range(vma, start, end, PAGE_SIZE, false, 3); + break; + default: + __flush_tlb_range(vma, start, end, PAGE_SIZE, false, TLBI_TTL_UNKNOWN); + } } #endif /* __ASM_HUGETLB_H */ -- 2.43.0

4 months, 3 weeks

3
2
0 0

[PATCH] tty: owl-uart: fix call balance of owl_port->clk handling routines

by Vitalii Mordan

If owl_port->clk was enabled in owl_uart_probe(), it must be disabled in all error paths to ensure proper cleanup. However, if uart_add_one_port() returns an error in owl_uart_probe(), the owl_port->clk clock will not be disabled. Use the devm_clk_get_enabled() helper function to ensure proper call balance for owl_port->clk. Found by Linux Verification Center (linuxtesting.org) with Klever. Fixes: abf42d2f333b ("tty: serial: owl: add "much needed" clk_prepare_enable()") Cc: stable(a)vger.kernel.org Signed-off-by: Vitalii Mordan <mordan(a)ispras.ru> --- drivers/tty/serial/owl-uart.c | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) diff --git a/drivers/tty/serial/owl-uart.c b/drivers/tty/serial/owl-uart.c index 0542882cfbbe..64446820437c 100644 --- a/drivers/tty/serial/owl-uart.c +++ b/drivers/tty/serial/owl-uart.c @@ -680,18 +680,12 @@ static int owl_uart_probe(struct platform_device *pdev) if (!owl_port) return -ENOMEM; - owl_port->clk = devm_clk_get(&pdev->dev, NULL); + owl_port->clk = devm_clk_get_enabled(&pdev->dev, NULL); if (IS_ERR(owl_port->clk)) { - dev_err(&pdev->dev, "could not get clk\n"); + dev_err(&pdev->dev, "could not get and enable clk\n"); return PTR_ERR(owl_port->clk); } - ret = clk_prepare_enable(owl_port->clk); - if (ret) { - dev_err(&pdev->dev, "could not enable clk\n"); - return ret; - } - owl_port->port.dev = &pdev->dev; owl_port->port.line = pdev->id; owl_port->port.type = PORT_OWL; @@ -701,7 +695,6 @@ static int owl_uart_probe(struct platform_device *pdev) owl_port->port.uartclk = clk_get_rate(owl_port->clk); if (owl_port->port.uartclk == 0) { dev_err(&pdev->dev, "clock rate is zero\n"); - clk_disable_unprepare(owl_port->clk); return -EINVAL; } owl_port->port.flags = UPF_BOOT_AUTOCONF | UPF_IOREMAP | UPF_LOW_LATENCY; @@ -725,7 +718,6 @@ static void owl_uart_remove(struct platform_device *pdev) uart_remove_one_port(&owl_uart_driver, &owl_port->port); owl_uart_ports[pdev->id] = NULL; - clk_disable_unprepare(owl_port->clk); } static struct platform_driver owl_uart_platform_driver = { -- 2.25.1

4 months, 3 weeks

4
4
0 0

[PATCH RTF 3/3] usb: renesas_usbhs: Flush the notify_hotplug_work

by Claudiu

From: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> When performing continuous unbind/bind operations on the USB drivers available on the Renesas RZ/G2L SoC, a kernel crash with the message "Unable to handle kernel NULL pointer dereference at virtual address" may occur. This issue points to the usbhsc_notify_hotplug() function. Flush the delayed work to avoid its execution when driver resources are unavailable. Fixes: bc57381e6347 ("usb: renesas_usbhs: use delayed_work instead of work_struct") Cc: stable(a)vger.kernel.org Signed-off-by: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> --- drivers/usb/renesas_usbhs/common.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/usb/renesas_usbhs/common.c b/drivers/usb/renesas_usbhs/common.c index 6c7857b66a21..4b35ef216125 100644 --- a/drivers/usb/renesas_usbhs/common.c +++ b/drivers/usb/renesas_usbhs/common.c @@ -781,6 +781,8 @@ static void usbhs_remove(struct platform_device *pdev) dev_dbg(&pdev->dev, "usb remove\n"); + flush_delayed_work(&priv->notify_hotplug_work); + /* power off */ if (!usbhs_get_dparam(priv, runtime_pwctrl)) usbhsc_power_ctrl(priv, 0); -- 2.43.0

4 months, 3 weeks

1
0
0 0

[PATCH RTF 2/3] usb: renesas_usbhs: Use devm_usb_get_phy()

by Claudiu

From: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> The gpriv->transceiver is retrieved in probe() through usb_get_phy() but never released. Use devm_usb_get_phy() to handle this scenario. This issue was identified through code investigation. No issue was found without this change. Fixes: b5a2875605ca ("usb: renesas_usbhs: Allow an OTG PHY driver to provide VBUS") Cc: stable(a)vger.kernel.org Signed-off-by: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> --- drivers/usb/renesas_usbhs/mod_gadget.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/usb/renesas_usbhs/mod_gadget.c b/drivers/usb/renesas_usbhs/mod_gadget.c index 105132ae87ac..e8e5723f5412 100644 --- a/drivers/usb/renesas_usbhs/mod_gadget.c +++ b/drivers/usb/renesas_usbhs/mod_gadget.c @@ -1094,7 +1094,7 @@ int usbhs_mod_gadget_probe(struct usbhs_priv *priv) goto usbhs_mod_gadget_probe_err_gpriv; } - gpriv->transceiver = usb_get_phy(USB_PHY_TYPE_UNDEFINED); + gpriv->transceiver = devm_usb_get_phy(dev, USB_PHY_TYPE_UNDEFINED); dev_info(dev, "%stransceiver found\n", !IS_ERR(gpriv->transceiver) ? "" : "no "); -- 2.43.0

4 months, 3 weeks

1
0
0 0

[PATCH RTF 1/3] usb: renesas_usbhs: Call clk_put()

by Claudiu

From: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> Clocks acquired with of_clk_get() need to be freed with clk_put(). Call clk_put() on priv->clks[0] on error path. Fixes: 3df0e240caba ("usb: renesas_usbhs: Add multiple clocks management") Cc: stable(a)vger.kernel.org Signed-off-by: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> --- drivers/usb/renesas_usbhs/common.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/usb/renesas_usbhs/common.c b/drivers/usb/renesas_usbhs/common.c index 935fc496fe94..6c7857b66a21 100644 --- a/drivers/usb/renesas_usbhs/common.c +++ b/drivers/usb/renesas_usbhs/common.c @@ -312,8 +312,10 @@ static int usbhsc_clk_get(struct device *dev, struct usbhs_priv *priv) priv->clks[1] = of_clk_get(dev_of_node(dev), 1); if (PTR_ERR(priv->clks[1]) == -ENOENT) priv->clks[1] = NULL; - else if (IS_ERR(priv->clks[1])) + else if (IS_ERR(priv->clks[1])) { + clk_put(priv->clks[0]); return PTR_ERR(priv->clks[1]); + } return 0; } -- 2.43.0

4 months, 3 weeks

1
0
0 0

[PATCH RFT 5/5] phy: renesas: rcar-gen3-usb2: Set timing registers only once

by Claudiu

From: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> phy-rcar-gen3-usb2 driver exports 4 PHYs. The timing registers are common to all PHYs. There is no need to set them every time a PHY is initialized. Set timing register only when the 1st PHY is initialized. Fixes: f3b5a8d9b50d ("phy: rcar-gen3-usb2: Add R-Car Gen3 USB2 PHY driver") Cc: stable(a)vger.kernel.org Signed-off-by: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> --- drivers/phy/renesas/phy-rcar-gen3-usb2.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/drivers/phy/renesas/phy-rcar-gen3-usb2.c b/drivers/phy/renesas/phy-rcar-gen3-usb2.c index 087937407b0b..8e57fa8c1cff 100644 --- a/drivers/phy/renesas/phy-rcar-gen3-usb2.c +++ b/drivers/phy/renesas/phy-rcar-gen3-usb2.c @@ -467,8 +467,11 @@ static int rcar_gen3_phy_usb2_init(struct phy *p) val = readl(usb2_base + USB2_INT_ENABLE); val |= USB2_INT_ENABLE_UCOM_INTEN | rphy->int_enable_bits; writel(val, usb2_base + USB2_INT_ENABLE); - writel(USB2_SPD_RSM_TIMSET_INIT, usb2_base + USB2_SPD_RSM_TIMSET); - writel(USB2_OC_TIMSET_INIT, usb2_base + USB2_OC_TIMSET); + + if (!rcar_gen3_is_any_rphy_initialized(channel)) { + writel(USB2_SPD_RSM_TIMSET_INIT, usb2_base + USB2_SPD_RSM_TIMSET); + writel(USB2_OC_TIMSET_INIT, usb2_base + USB2_OC_TIMSET); + } /* Initialize otg part (only if we initialize a PHY with IRQs). */ if (rphy->int_enable_bits) -- 2.43.0

4 months, 3 weeks

1
0
0 0

[PATCH RFT 3/5] phy: renesas: rcar-gen3-usb2: Lock around hardware registers and driver data

by Claudiu

From: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> The phy-rcar-gen3-usb2 driver exposes four individual PHYs that are requested and configured by PHY users. The struct phy_ops APIs access the same set of registers to configure all PHYs. Additionally, PHY settings can be modified through sysfs or an IRQ handler. While some struct phy_ops APIs are protected by a driver-wide mutex, others rely on individual PHY-specific mutexes. This approach can lead to various issues, including: 1/ the IRQ handler may interrupt PHY settings in progress, racing with hardware configuration protected by a mutex lock 2/ due to msleep(20) in rcar_gen3_init_otg(), while a configuration thread suspends to wait for the delay, another thread may try to configure another PHY (with phy_init() + phy_power_on()); re-running the phy_init() goes to the exact same configuration code, re-running the same hardware configuration on the same set of registers (and bits) which might impact the result of the msleep for the 1st configuring thread 3/ sysfs can configure the hardware (though role_store()) and it can still race with the phy_init()/phy_power_on() APIs calling into the drivers struct phy_ops To address these issues, add a spinlock to protect hardware register access and driver private data structures (e.g., calls to rcar_gen3_is_any_rphy_initialized()). Checking driver-specific data remains necessary as all PHY instances share common settings. With this change, the existing mutex protection is removed and the cleanup.h helpers are used. While at it, to keep the code simpler, do not skip regulator_enable()/regulator_disable() APIs in rcar_gen3_phy_usb2_power_on()/rcar_gen3_phy_usb2_power_off() as the regulators enable/disable operations are reference counted anyway. Fixes: f3b5a8d9b50d ("phy: rcar-gen3-usb2: Add R-Car Gen3 USB2 PHY driver") Cc: stable(a)vger.kernel.org Signed-off-by: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> --- drivers/phy/renesas/phy-rcar-gen3-usb2.c | 49 +++++++++++++----------- 1 file changed, 26 insertions(+), 23 deletions(-) diff --git a/drivers/phy/renesas/phy-rcar-gen3-usb2.c b/drivers/phy/renesas/phy-rcar-gen3-usb2.c index 826c9c4dd4c0..5c0ceba09b67 100644 --- a/drivers/phy/renesas/phy-rcar-gen3-usb2.c +++ b/drivers/phy/renesas/phy-rcar-gen3-usb2.c @@ -9,6 +9,7 @@ * Copyright (C) 2014 Cogent Embedded, Inc. */ +#include <linux/cleanup.h> #include <linux/extcon-provider.h> #include <linux/interrupt.h> #include <linux/io.h> @@ -118,7 +119,7 @@ struct rcar_gen3_chan { struct regulator *vbus; struct reset_control *rstc; struct work_struct work; - struct mutex lock; /* protects rphys[...].powered */ + spinlock_t lock; /* protects access to hardware and driver data structure. */ enum usb_dr_mode dr_mode; u32 obint_enable_bits; bool extcon_host; @@ -348,6 +349,8 @@ static ssize_t role_store(struct device *dev, struct device_attribute *attr, bool is_b_device; enum phy_mode cur_mode, new_mode; + guard(spinlock_irqsave)(&ch->lock); + if (!ch->is_otg_channel || !rcar_gen3_is_any_otg_rphy_initialized(ch)) return -EIO; @@ -415,7 +418,7 @@ static void rcar_gen3_init_otg(struct rcar_gen3_chan *ch) val = readl(usb2_base + USB2_ADPCTRL); writel(val | USB2_ADPCTRL_IDPULLUP, usb2_base + USB2_ADPCTRL); } - msleep(20); + mdelay(20); writel(0xffffffff, usb2_base + USB2_OBINTSTA); writel(ch->obint_enable_bits, usb2_base + USB2_OBINTEN); @@ -436,12 +439,14 @@ static irqreturn_t rcar_gen3_phy_usb2_irq(int irq, void *_ch) if (pm_runtime_suspended(dev)) goto rpm_put; - status = readl(usb2_base + USB2_OBINTSTA); - if (status & ch->obint_enable_bits) { - dev_vdbg(dev, "%s: %08x\n", __func__, status); - writel(ch->obint_enable_bits, usb2_base + USB2_OBINTSTA); - rcar_gen3_device_recognition(ch); - ret = IRQ_HANDLED; + scoped_guard(spinlock, &ch->lock) { + status = readl(usb2_base + USB2_OBINTSTA); + if (status & ch->obint_enable_bits) { + dev_vdbg(dev, "%s: %08x\n", __func__, status); + writel(ch->obint_enable_bits, usb2_base + USB2_OBINTSTA); + rcar_gen3_device_recognition(ch); + ret = IRQ_HANDLED; + } } rpm_put: @@ -456,6 +461,8 @@ static int rcar_gen3_phy_usb2_init(struct phy *p) void __iomem *usb2_base = channel->base; u32 val; + guard(spinlock_irqsave)(&channel->lock); + /* Initialize USB2 part */ val = readl(usb2_base + USB2_INT_ENABLE); val |= USB2_INT_ENABLE_UCOM_INTEN | rphy->int_enable_bits; @@ -479,6 +486,8 @@ static int rcar_gen3_phy_usb2_exit(struct phy *p) void __iomem *usb2_base = channel->base; u32 val; + guard(spinlock_irqsave)(&channel->lock); + rphy->initialized = false; val = readl(usb2_base + USB2_INT_ENABLE); @@ -498,16 +507,17 @@ static int rcar_gen3_phy_usb2_power_on(struct phy *p) u32 val; int ret = 0; - mutex_lock(&channel->lock); - if (!rcar_gen3_are_all_rphys_power_off(channel)) - goto out; - if (channel->vbus) { ret = regulator_enable(channel->vbus); if (ret) - goto out; + return ret; } + guard(spinlock_irqsave)(&channel->lock); + + if (!rcar_gen3_are_all_rphys_power_off(channel)) + goto out; + val = readl(usb2_base + USB2_USBCTR); val |= USB2_USBCTR_PLL_RST; writel(val, usb2_base + USB2_USBCTR); @@ -517,7 +527,6 @@ static int rcar_gen3_phy_usb2_power_on(struct phy *p) out: /* The powered flag should be set for any other phys anyway */ rphy->powered = true; - mutex_unlock(&channel->lock); return 0; } @@ -528,18 +537,12 @@ static int rcar_gen3_phy_usb2_power_off(struct phy *p) struct rcar_gen3_chan *channel = rphy->ch; int ret = 0; - mutex_lock(&channel->lock); - rphy->powered = false; - - if (!rcar_gen3_are_all_rphys_power_off(channel)) - goto out; + scoped_guard(spinlock_irqsave, &channel->lock) + rphy->powered = false; if (channel->vbus) ret = regulator_disable(channel->vbus); -out: - mutex_unlock(&channel->lock); - return ret; } @@ -750,7 +753,7 @@ static int rcar_gen3_phy_usb2_probe(struct platform_device *pdev) if (phy_data->no_adp_ctrl) channel->obint_enable_bits = USB2_OBINT_IDCHG_EN; - mutex_init(&channel->lock); + spin_lock_init(&channel->lock); for (i = 0; i < NUM_OF_PHYS; i++) { channel->rphys[i].phy = devm_phy_create(dev, NULL, phy_data->phy_usb2_ops); -- 2.43.0

4 months, 3 weeks

1
0
0 0

[PATCH RFT 1/5] phy: renesas: rcar-gen3-usb2: Fix role detection on unbind/bind

by Claudiu

From: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> It has been observed on the Renesas RZ/G3S SoC that unbinding and binding the PHY driver leads to role autodetection failures. This issue occurs when PHY 3 is the first initialized PHY. PHY 3 does not have an interrupt associated with the USB2_INT_ENABLE register (as rcar_gen3_int_enable[3] = 0). As a result, rcar_gen3_init_otg() is called to initialize OTG without enabling PHY interrupts. To resolve this, add rcar_gen3_is_any_otg_rphy_initialized() and call it in role_store(), role_show(), and rcar_gen3_init_otg(). At the same time, rcar_gen3_init_otg() is only called when initialization for a PHY with interrupt bits is in progress. As a result, the struct rcar_gen3_phy::otg_initialized is no longer needed. Fixes: 549b6b55b005 ("phy: renesas: rcar-gen3-usb2: enable/disable independent irqs") Cc: stable(a)vger.kernel.org Signed-off-by: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> --- drivers/phy/renesas/phy-rcar-gen3-usb2.c | 33 ++++++++++-------------- 1 file changed, 14 insertions(+), 19 deletions(-) diff --git a/drivers/phy/renesas/phy-rcar-gen3-usb2.c b/drivers/phy/renesas/phy-rcar-gen3-usb2.c index 775f4f973a6c..46afba2fe0dc 100644 --- a/drivers/phy/renesas/phy-rcar-gen3-usb2.c +++ b/drivers/phy/renesas/phy-rcar-gen3-usb2.c @@ -107,7 +107,6 @@ struct rcar_gen3_phy { struct rcar_gen3_chan *ch; u32 int_enable_bits; bool initialized; - bool otg_initialized; bool powered; }; @@ -320,16 +319,15 @@ static bool rcar_gen3_is_any_rphy_initialized(struct rcar_gen3_chan *ch) return false; } -static bool rcar_gen3_needs_init_otg(struct rcar_gen3_chan *ch) +static bool rcar_gen3_is_any_otg_rphy_initialized(struct rcar_gen3_chan *ch) { - int i; - - for (i = 0; i < NUM_OF_PHYS; i++) { - if (ch->rphys[i].otg_initialized) - return false; + for (enum rcar_gen3_phy_index i = PHY_INDEX_BOTH_HC; i <= PHY_INDEX_EHCI; + i++) { + if (ch->rphys[i].initialized) + return true; } - return true; + return false; } static bool rcar_gen3_are_all_rphys_power_off(struct rcar_gen3_chan *ch) @@ -351,7 +349,7 @@ static ssize_t role_store(struct device *dev, struct device_attribute *attr, bool is_b_device; enum phy_mode cur_mode, new_mode; - if (!ch->is_otg_channel || !rcar_gen3_is_any_rphy_initialized(ch)) + if (!ch->is_otg_channel || !rcar_gen3_is_any_otg_rphy_initialized(ch)) return -EIO; if (sysfs_streq(buf, "host")) @@ -389,7 +387,7 @@ static ssize_t role_show(struct device *dev, struct device_attribute *attr, { struct rcar_gen3_chan *ch = dev_get_drvdata(dev); - if (!ch->is_otg_channel || !rcar_gen3_is_any_rphy_initialized(ch)) + if (!ch->is_otg_channel || !rcar_gen3_is_any_otg_rphy_initialized(ch)) return -EIO; return sprintf(buf, "%s\n", rcar_gen3_is_host(ch) ? "host" : @@ -402,6 +400,9 @@ static void rcar_gen3_init_otg(struct rcar_gen3_chan *ch) void __iomem *usb2_base = ch->base; u32 val; + if (!ch->is_otg_channel || rcar_gen3_is_any_otg_rphy_initialized(ch)) + return; + /* Should not use functions of read-modify-write a register */ val = readl(usb2_base + USB2_LINECTRL1); val = (val & ~USB2_LINECTRL1_DP_RPD) | USB2_LINECTRL1_DPRPD_EN | @@ -465,12 +466,9 @@ static int rcar_gen3_phy_usb2_init(struct phy *p) writel(USB2_SPD_RSM_TIMSET_INIT, usb2_base + USB2_SPD_RSM_TIMSET); writel(USB2_OC_TIMSET_INIT, usb2_base + USB2_OC_TIMSET); - /* Initialize otg part */ - if (channel->is_otg_channel) { - if (rcar_gen3_needs_init_otg(channel)) - rcar_gen3_init_otg(channel); - rphy->otg_initialized = true; - } + /* Initialize otg part (only if we initialize a PHY with IRQs). */ + if (rphy->int_enable_bits) + rcar_gen3_init_otg(channel); rphy->initialized = true; @@ -486,9 +484,6 @@ static int rcar_gen3_phy_usb2_exit(struct phy *p) rphy->initialized = false; - if (channel->is_otg_channel) - rphy->otg_initialized = false; - val = readl(usb2_base + USB2_INT_ENABLE); val &= ~rphy->int_enable_bits; if (!rcar_gen3_is_any_rphy_initialized(channel)) -- 2.43.0

4 months, 3 weeks

1
0
0 0

[PATCH] drm/i915/display: Add check for alloc_ordered_workqueue() and alloc_workqueue()

by Haoxiang Li

Add check for the return value of alloc_ordered_workqueue() and alloc_workqueue() to catch potential exception. Fixes: 40053823baad ("drm/i915/display: move modeset probe/remove functions to intel_display_driver.c") Cc: stable(a)vger.kernel.org Signed-off-by: Haoxiang Li <haoxiang_li2024(a)163.com> --- drivers/gpu/drm/i915/display/intel_display_driver.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/gpu/drm/i915/display/intel_display_driver.c b/drivers/gpu/drm/i915/display/intel_display_driver.c index 50ec0c3c7588..dfe5b779aefd 100644 --- a/drivers/gpu/drm/i915/display/intel_display_driver.c +++ b/drivers/gpu/drm/i915/display/intel_display_driver.c @@ -245,6 +245,11 @@ int intel_display_driver_probe_noirq(struct intel_display *display) WQ_UNBOUND, WQ_UNBOUND_MAX_ACTIVE); display->wq.cleanup = alloc_workqueue("i915_cleanup", WQ_HIGHPRI, 0); + if (!display->wq.modeset || !display->wq.flip || !display->wq.cleanup) { + ret = -ENOMEM; + goto cleanup_vga_client_pw_domain_dmc; + } + intel_mode_config_init(display); ret = intel_cdclk_init(display); -- 2.25.1

4 months, 3 weeks

2
1
0 0

[PATCH 1/2] jffs2: initialize filesystem-private inode info in ->alloc_inode callback

by Fedor Pchelkin

The symlink body (->target) should be freed at the same time as the inode itself per commit 4fdcfab5b553 ("jffs2: fix use-after-free on symlink traversal"). It is a filesystem-specific field but there exist several error paths during generic inode allocation when ->free_inode(), namely jffs2_free_inode(), is called with still uninitialized private info. The calltrace looks like: alloc_inode inode_init_always // fails i_callback free_inode jffs2_free_inode // touches uninit ->target field Commit af9a8730ddb6 ("jffs2: Fix potential illegal address access in jffs2_free_inode") approached the observed problem but fixed it only partially. Our local Syzkaller instance is still hitting these kinds of failures. The thing is that jffs2_i_init_once(), where the initialization of f->target has been moved, is called once per slab allocation so it won't be called for the object structure possibly retrieved later from the slab cache for reuse. The practice followed by many other filesystems is to initialize filesystem-private inode contents in the corresponding ->alloc_inode() callbacks. This also allows to drop initialization from jffs2_iget() and jffs2_new_inode() as ->alloc_inode() is called in those places. Found by Linux Verification Center (linuxtesting.org) with Syzkaller. Fixes: 4fdcfab5b553 ("jffs2: fix use-after-free on symlink traversal") Cc: stable(a)vger.kernel.org Signed-off-by: Fedor Pchelkin <pchelkin(a)ispras.ru> --- fs/jffs2/fs.c | 2 -- fs/jffs2/super.c | 3 ++- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/fs/jffs2/fs.c b/fs/jffs2/fs.c index d175cccb7c55..85c4b273918f 100644 --- a/fs/jffs2/fs.c +++ b/fs/jffs2/fs.c @@ -271,7 +271,6 @@ struct inode *jffs2_iget(struct super_block *sb, unsigned long ino) f = JFFS2_INODE_INFO(inode); c = JFFS2_SB_INFO(inode->i_sb); - jffs2_init_inode_info(f); mutex_lock(&f->sem); ret = jffs2_do_read_inode(c, f, inode->i_ino, &latest_node); @@ -439,7 +438,6 @@ struct inode *jffs2_new_inode (struct inode *dir_i, umode_t mode, struct jffs2_r return ERR_PTR(-ENOMEM); f = JFFS2_INODE_INFO(inode); - jffs2_init_inode_info(f); mutex_lock(&f->sem); memset(ri, 0, sizeof(*ri)); diff --git a/fs/jffs2/super.c b/fs/jffs2/super.c index 4545f885c41e..b56ff63357f3 100644 --- a/fs/jffs2/super.c +++ b/fs/jffs2/super.c @@ -42,6 +42,8 @@ static struct inode *jffs2_alloc_inode(struct super_block *sb) f = alloc_inode_sb(sb, jffs2_inode_cachep, GFP_KERNEL); if (!f) return NULL; + + jffs2_init_inode_info(f); return &f->vfs_inode; } @@ -58,7 +60,6 @@ static void jffs2_i_init_once(void *foo) struct jffs2_inode_info *f = foo; mutex_init(&f->sem); - f->target = NULL; inode_init_once(&f->vfs_inode); } -- 2.39.5

4 months, 3 weeks

3
3
0 0

[PATCH 6.12 000/418] 6.12.14-rc3 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.12.14 release. There are 418 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Mon, 17 Feb 2025 07:52:41 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.12.14-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.12.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.12.14-rc3 Su Yue <glass.su(a)suse.com> ocfs2: check dir i_size in ocfs2_find_entry Chukun Pan <amadeus(a)jmu.edu.cn> arm64: dts: rockchip: add reset-names for combphy on rk3568 Miklos Szeredi <mszeredi(a)redhat.com> statmount: let unset strings be empty Miklos Szeredi <mszeredi(a)redhat.com> fs: fix adding security options to statmount.mnt_opt Jeff Layton <jlayton(a)kernel.org> fs: prepend statmount.mnt_opts string with security_sb_mnt_opts() Lucas De Marchi <lucas.demarchi(a)intel.com> drm/xe: Fix and re-enable xe_print_blob_ascii85() Rodrigo Siqueira <Rodrigo.Siqueira(a)amd.com> Revert "drm/amd/display: Fix green screen issue after suspend" Libo Chen <libo.chen(a)oracle.com> Revert "selftests/sched_ext: fix build after renames in sched_ext API" Bart Van Assche <bvanassche(a)acm.org> md: Fix linear_set_limits() Dan Carpenter <dan.carpenter(a)linaro.org> md/md-linear: Fix a NULL vs IS_ERR() bug in linear_add() Peter Zijlstra <peterz(a)infradead.org> x86/mm: Convert unreachable() to BUG() Paolo Abeni <pabeni(a)redhat.com> mptcp: prevent excessive coalescing on receive Filipe Manana <fdmanana(a)suse.com> btrfs: avoid monopolizing a core when activating a swap file Koichiro Den <koichiro.den(a)canonical.com> Revert "btrfs: avoid monopolizing a core when activating a swap file" Bence Csókás <csokas.bence(a)prolan.hu> spi: atmel-qspi: Memory barriers after memory-mapped I/O Csókás, Bence <csokas.bence(a)prolan.hu> spi: atmel-quadspi: Create `atmel_qspi_ops` to support newer SoC families Long Li <leo.lilong(a)huawei.com> xfs: fix mount hang during primary superblock recovery failure Darrick J. Wong <djwong(a)kernel.org> xfs: lock dquot buffer before detaching dquot from b_li_list Darrick J. Wong <djwong(a)kernel.org> xfs: release the dquot buf outside of qli_lock Darrick J. Wong <djwong(a)kernel.org> xfs: convert quotacheck to attach dquot buffers Darrick J. Wong <djwong(a)kernel.org> xfs: attach dquot buffer to dquot log item buffer Darrick J. Wong <djwong(a)kernel.org> xfs: clean up log item accesses in xfs_qm_dqflush{,_done} Darrick J. Wong <djwong(a)kernel.org> xfs: separate dquot buffer reads from xfs_dqflush Darrick J. Wong <djwong(a)kernel.org> xfs: don't lose solo superblock counter update transactions Darrick J. Wong <djwong(a)kernel.org> xfs: avoid nested calls to __xfs_trans_commit WangYuli <wangyuli(a)uniontech.com> MIPS: ftrace: Declare ftrace_get_parent_ra_addr() as static Heiko Carstens <hca(a)linux.ibm.com> s390/fpu: Add fpc exception handler / remove fixup section again Frederic Weisbecker <frederic(a)kernel.org> timers/migration: Fix off-by-one root mis-connection Michal Simek <michal.simek(a)amd.com> rtc: zynqmp: Fix optional clock name property Yishai Hadas <yishaih(a)nvidia.com> RDMA/mlx5: Fix a race for an ODP MR which leads to CQE with error Thomas Weißschuh <linux(a)weissschuh.net> ptp: Ensure info->enable callback is always set Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> pinctrl: renesas: rzg2l: Fix PFC_MASK for RZ/V2H and RZ/G3E Javier Carrasco <javier.carrasco.cruz(a)gmail.com> pinctrl: samsung: fix fwnode refcount cleanup if platform_get_irq_optional() fails Tomas Glozar <tglozar(a)redhat.com> rtla/timerlat_top: Stop timerlat tracer on signal Tomas Glozar <tglozar(a)redhat.com> rtla/timerlat_hist: Stop timerlat tracer on signal Tomas Glozar <tglozar(a)redhat.com> rtla: Add trace_instance_stop Tomas Glozar <tglozar(a)redhat.com> rtla/timerlat_top: Set OSNOISE_WORKLOAD for kernel threads Tomas Glozar <tglozar(a)redhat.com> rtla/timerlat_hist: Set OSNOISE_WORKLOAD for kernel threads Tomas Glozar <tglozar(a)redhat.com> rtla/osnoise: Distinguish missing workload option Steven Rostedt <rostedt(a)goodmis.org> tracing/osnoise: Fix resetting of tracepoints Jan Kiszka <jan.kiszka(a)siemens.com> scripts/gdb: fix aarch64 userspace detection in get_current_task Wei Yang <richard.weiyang(a)gmail.com> maple_tree: simplify split calculation Milos Reljin <milos_reljin(a)outlook.com> net: phy: c45-tjaxx: add delay between MDIO write and read in soft_reset Paul Fertser <fercerpav(a)gmail.com> net/ncsi: wait for the last response to Deselect Package before configuring channel Ekansh Gupta <quic_ekangupt(a)quicinc.com> misc: fastrpc: Fix copy buffer page size Ekansh Gupta <quic_ekangupt(a)quicinc.com> misc: fastrpc: Fix registered buffer page address Anandu Krishnan E <quic_anane(a)quicinc.com> misc: fastrpc: Deregister device nodes properly in error scenarios Vimal Agrawal <vimal.agrawal(a)sophos.com> misc: misc_minor_alloc to use ida for all dynamic/misc dynamic minors Ivan Stepchenko <sid(a)itb.spb.ru> mtd: onenand: Fix uninitialized retlen in do_otp_read() Nick Chan <towinchenmi(a)gmail.com> irqchip/apple-aic: Only handle PMC interrupt as FIQ when configured so Frank Li <Frank.Li(a)nxp.com> i3c: master: Fix missing 'ret' assignment in set_speed() Steven Rostedt <rostedt(a)goodmis.org> fgraph: Fix set_graph_notrace with setting TRACE_GRAPH_NOTRACE_BIT Dan Carpenter <dan.carpenter(a)linaro.org> NFC: nci: Add bounds checking in nci_hci_create_pipe() Uros Bizjak <ubizjak(a)gmail.com> mailbox: zynqmp: Remove invalid __percpu annotation in zynqmp_ipi_probe() Pekka Pessi <ppessi(a)nvidia.com> mailbox: tegra-hsp: Clear mailbox before using message Chuck Lever <chuck.lever(a)oracle.com> NFSD: Encode COMPOUND operation status on page boundaries Dragan Simic <dsimic(a)manjaro.org> nfs: Make NFS_FSCACHE select NETFS_SUPPORT instead of depending on it Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> nilfs2: fix possible int overflows in nilfs_fiemap() Matthew Wilcox (Oracle) <willy(a)infradead.org> ocfs2: handle a symlink read error correctly Heming Zhao <heming.zhao(a)suse.com> ocfs2: fix incorrect CPU endianness conversion causing mount failure Mike Snitzer <snitzer(a)kernel.org> pnfs/flexfiles: retry getting layout segment for reads Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: connect: -f: no reconnect Alex Williamson <alex.williamson(a)redhat.com> vfio/platform: check the bounds of read/write syscalls Jens Axboe <axboe(a)kernel.dk> io_uring/net: don't retry connect operation on EPOLLERR Pavel Begunkov <asml.silence(a)gmail.com> io_uring: fix multishots with selected buffers Sascha Hauer <s.hauer(a)pengutronix.de> nvmem: imx-ocotp-ele: set word length to 1 Sascha Hauer <s.hauer(a)pengutronix.de> nvmem: imx-ocotp-ele: fix reading from non zero offset Sascha Hauer <s.hauer(a)pengutronix.de> nvmem: imx-ocotp-ele: fix MAC address byte order Sascha Hauer <s.hauer(a)pengutronix.de> nvmem: imx-ocotp-ele: simplify read beyond device check Jennifer Berringer <jberring(a)redhat.com> nvmem: core: improve range check for nvmem_cell_write() Luca Weiss <luca.weiss(a)fairphone.com> nvmem: qcom-spmi-sdam: Set size in struct nvmem_config Antoine Viallon <antoine(a)lesviallon.fr> ceph: fix memory leak in ceph_mds_auth_match() Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> crypto: qce - unregister previously registered algos in error path Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> crypto: qce - fix goto jump in error path Stefan Eichenberger <eichest(a)gmail.com> irqchip/irq-mvebu-icu: Fix access to msi_data from irq_domain::host_data Niklas Cassel <cassel(a)kernel.org> ata: libata-sff: Ensure that we cannot write outside the allocated buffer Liu Shixin <liushixin2(a)huawei.com> mm/compaction: fix UBSAN shift-out-of-bounds warning Ritesh Harjani (IBM) <ritesh.list(a)gmail.com> mm/hugetlb: fix hugepage allocation for interleaved memory nodes Li Zhijian <lizhijian(a)fujitsu.com> mm/vmscan: accumulate nr_demoted for accurate demotion statistics Zhaoyang Huang <zhaoyang.huang(a)unisoc.com> mm: gup: fix infinite loop within __get_longterm_locked Catalin Marinas <catalin.marinas(a)arm.com> mm: kmemleak: fix upper boundary check for physical address objects Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Remove dangling pointers Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Remove redundant NULL assignment Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Only save async fh if success Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Support partial control reads Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Fix event flags in uvc_ctrl_send_events Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Fix crash during unbind if gpio unit is in use Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> media: i2c: ds90ub960: Fix logging SP & EQ status only for UB9702 Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> media: i2c: ds90ub960: Fix UB9702 VC map Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> media: i2c: ds90ub960: Fix use of non-existing registers on UB9702 Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> media: i2c: ds90ub9x3: Fix extra fwnode_handle_put() Mehdi Djait <mehdi.djait(a)linux.intel.com> media: ccs: Fix cleanup order in ccs_probe() Sakari Ailus <sakari.ailus(a)linux.intel.com> media: ccs: Fix CCS static data parsing for large block sizes Alain Volmat <alain.volmat(a)foss.st.com> media: stm32: dcmipp: correct dma_set_mask_and_coherent mask value Sam Bobrowicz <sam(a)elite-embedded.com> media: ov5640: fix get_light_freq on auto Stanislaw Gruszka <stanislaw.gruszka(a)linux.intel.com> media: intel/ipu6: remove cpu latency qos request on error Naushir Patuck <naush(a)raspberrypi.com> media: imx296: Add standby delay during probe Zhen Lei <thunder.leizhen(a)huawei.com> media: nuvoton: Fix an error check in npcm_video_ece_init() Cosmin Tanislav <demonsingur(a)gmail.com> media: mc: fix endpoint iteration Lubomir Rintel <lkundrak(a)v3.sk> media: mmp: Bring back registration of the device Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> soc: qcom: smem_state: fix missing of_node_put in error path Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com> soc: qcom: llcc: Enable LLCC_WRCACHE at boot on X1 Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> soc: mediatek: mtk-devapc: Fix leaking IO map on driver remove Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> soc: mediatek: mtk-devapc: Fix leaking IO map on error paths Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> soc: samsung: exynos-pmu: Fix uninitialized ret in tensor_set_bits_atomic() Nicolin Chen <nicolinc(a)nvidia.com> iommufd/fault: Use a separate spinlock to protect fault->deliver list Nicolin Chen <nicolinc(a)nvidia.com> iommufd/fault: Destroy response and mutex in iommufd_fault_destroy() Nicolin Chen <nicolinc(a)nvidia.com> iommu/tegra241-cmdqv: Read SMMU IDR1.CMDQS instead of hardcoding Javier Carrasco <javier.carrasco.cruz(a)gmail.com> iio: light: as73211: fix channel handling in only-color triggered buffer Peter Xu <peterx(a)redhat.com> mm/hugetlb: fix avoid_reserve to allow taking folio from subpool Sakari Ailus <sakari.ailus(a)linux.intel.com> media: ccs: Clean up parsed CCS static data on parse failure Marco Elver <elver(a)google.com> kfence: skip __GFP_THISNODE allocations on NUMA systems Nicolin Chen <nicolinc(a)nvidia.com> iommufd: Fix struct iommu_hwpt_pgfault init and padding Frederic Weisbecker <frederic(a)kernel.org> hrtimers: Force migrate away hrtimers queued after CPUHP_AP_HRTIMERS_DYING Gabriele Monaco <gmonaco(a)redhat.com> rv: Reset per-task monitors also for idle tasks Jarkko Sakkinen <jarkko(a)kernel.org> tpm: Change to kvalloc() in eventlog/acpi.c Aubrey Li <aubrey.li(a)linux.intel.com> ACPI: PRM: Remove unnecessary strict handler address checks Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com> accel/ivpu: Clear runtime_error after pm_runtime_resume_and_get() fails Wentao Liang <vulab(a)iscas.ac.cn> xfs: Add error handling for xfs_reflink_cancel_cow_range Wentao Liang <vulab(a)iscas.ac.cn> xfs: Propagate errors from xfs_reflink_cancel_cow_range in xfs_dax_write_iomap_end Christoph Hellwig <hch(a)lst.de> xfs: don't call remap_verify_area with sb write protection held Conor Dooley <conor.dooley(a)microchip.com> pwm: microchip-core: fix incorrect comparison with max period Helge Deller <deller(a)kernel.org> parisc: Temporarily disable jump label support Sumit Gupta <sumitg(a)nvidia.com> arm64: tegra: Disable Tegra234 sce-fabric node Sumit Gupta <sumitg(a)nvidia.com> arm64: tegra: Fix typo in Tegra234 dce-fabric compatible Eric Biggers <ebiggers(a)google.com> crypto: qce - fix priority to be less than ARMv8 CE Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sm8650: correct MDSS interconnects Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sm8550: correct MDSS interconnects Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8650: Fix MPSS memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8650: Fix CDSP memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8650: Fix ADSP memory base and length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8550: Fix MPSS memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8550: Fix CDSP memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8550: Fix ADSP memory base and length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8450: Fix MPSS memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8450: Fix CDSP memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8450: Fix ADSP memory base and length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8350: Fix MPSS memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8350: Fix CDSP memory base and length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8350: Fix ADSP memory base and length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm6375: Fix MPSS memory base and length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm6375: Fix CDSP memory base and length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm6375: Fix ADSP memory length Luca Weiss <luca.weiss(a)fairphone.com> arm64: dts: qcom: sm6350: Fix uart1 interconnect path Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm6350: Fix MPSS memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm6350: Fix ADSP memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm6115: Fix ADSP memory base and length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm6115: Fix CDSP memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm6115: Fix MPSS memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: x1e80100: Fix CDSP memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: x1e80100: Fix ADSP memory base and length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sdx75: Fix MPSS memory length Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8183: Disable DPI display output by default Andreas Kemnade <andreas(a)kemnade.info> ARM: dts: ti/omap: gta04: fix pm issues caused by spi module Romain Naour <romain.naour(a)skf.com> ARM: dts: dra7: Add bus_dma_limit for l4 cfg bus Denis Arefev <arefev(a)swemel.ru> ubi: Add a check for ubi_num Nathan Chancellor <nathan(a)kernel.org> x86/boot: Use '-std=gnu11' to fix build with GCC 15 Zhang Rui <rui.zhang(a)intel.com> x86/acpi: Fix LAPIC/x2APIC parsing order Alice Ryhl <aliceryhl(a)google.com> x86: rust: set rustc-abi=x86-softfloat on rustc>=1.86.0 Miguel Ojeda <ojeda(a)kernel.org> rust: init: use explicit ABI to clean warning in future compilers Nathan Chancellor <nathan(a)kernel.org> kbuild: Move -Wenum-enum-conversion to W=2 Igor Pylypiv <ipylypiv(a)google.com> scsi: core: Do not retry I/Os during depopulation Long Li <longli(a)microsoft.com> scsi: storvsc: Set correct data length for sending SCSI command without payload André Draszik <andre.draszik(a)linaro.org> scsi: ufs: core: Fix use-after free in init error and remove paths Eric Biggers <ebiggers(a)google.com> scsi: ufs: qcom: Fix crypto key eviction Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Move FCE Trace buffer allocation to user control Kai Mäkisara <Kai.Makisara(a)kolumbus.fi> scsi: st: Don't set pos_unknown just after device recognition Sean Christopherson <seanjc(a)google.com> KVM: x86/mmu: Ensure NX huge page recovery thread is alive before waking Georg Gottleuber <ggo(a)tuxedocomputers.com> nvme-pci: Add TUXEDO IBP Gen9 to Samsung sleep quirk Georg Gottleuber <ggo(a)tuxedocomputers.com> nvme-pci: Add TUXEDO InfinityFlex to Samsung sleep quirk Niklas Cassel <cassel(a)kernel.org> PCI: dwc: ep: Prevent changing BAR size/flags in pci_epc_set_bar() Niklas Cassel <cassel(a)kernel.org> PCI: dwc: ep: Write BAR_MASK before iATU registers in pci_epc_set_bar() Zijun Hu <quic_zijuhu(a)quicinc.com> PCI: endpoint: Finish virtual EP removal in pci_epf_remove_vepf() Werner Sembach <wse(a)tuxedocomputers.com> PCI: Avoid putting some root ports into D3 on TUXEDO Sirius Gen1 Niklas Schnelle <schnelle(a)linux.ibm.com> s390/pci: Fix SR-IOV for PFs initially in standby Brad Griffis <bgriffis(a)nvidia.com> arm64: tegra: Fix Tegra234 PCIe interrupt-map Kuan-Wei Chiu <visitorckw(a)gmail.com> ALSA: hda: Fix headset detection failure due to unstable sort Takashi Iwai <tiwai(a)suse.de> ALSA: hda/realtek: Fix quirk matching for Legion Pro 7 Edson Juliano Drosdeck <edson.drosdeck(a)gmail.com> ALSA: hda/realtek: Enable headset mic on Positivo C6400 Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> firmware: qcom: scm: Fix missing read barrier in qcom_scm_get_tzmem_pool() Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> firmware: qcom: scm: Fix missing read barrier in qcom_scm_is_available() Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> Revert "media: uvcvideo: Require entities to have a non-zero unique ID" Jens Axboe <axboe(a)kernel.dk> block: don't revert iter for -EIOCBQUEUED Xi Ruoyao <xry111(a)xry111.site> Revert "MIPS: csrc-r4k: Select HAVE_UNSTABLE_SCHED_CLOCK if SMP && 64BIT" Jiaxun Yang <jiaxun.yang(a)flygoat.com> MIPS: pci-legacy: Override pci_address_to_pio Mateusz Jończyk <mat.jonczyk(a)o2.pl> mips/math-emu: fix emulation of the prefx instruction Hou Tao <houtao1(a)huawei.com> dm-crypt: track tag_offset in convert_context Hou Tao <houtao1(a)huawei.com> dm-crypt: don't update io->sector after kcryptd_crypt_write_io_submit() Narayana Murty N <nnmlinux(a)linux.ibm.com> powerpc/pseries/eeh: Fix get PE state translation Tiezhu Yang <yangtiezhu(a)loongson.cn> LoongArch: Extend the maximum number of watchpoints Kexy Biscuit <kexybiscuit(a)aosc.io> MIPS: Loongson64: remove ROM Size unit in boardinfo Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> serial: sh-sci: Do not probe the serial port if its slot in sci_ports[] is in use Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> serial: sh-sci: Drop __initdata macro for port_cfg Stephan Gerhold <stephan.gerhold(a)linaro.org> soc: qcom: socinfo: Avoid out of bounds read of serial number Mario Limonciello <mario.limonciello(a)amd.com> ASoC: acp: Support microphone from Lenovo Go S Abel Vesa <abel.vesa(a)linaro.org> arm64: dts: qcom: x1e80100: Fix usb_2 controller interrupts Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: x1e80100-microsoft-romulus: Fix USB QMP PHY supplies Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: x1e80100-lenovo-yoga-slim7x: Fix USB QMP PHY supplies Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: x1e80100-crd: Fix USB QMP PHY supplies Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: x1e78100-lenovo-thinkpad-t14s: Fix USB QMP PHY supplies Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: x1e80100-qcp: Fix USB QMP PHY supplies Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: x1e80100-asus-vivobook-s15: Fix USB QMP PHY supplies Foster Snowhill <forst(a)pen.gy> usbnet: ipheth: document scope of NCM implementation Foster Snowhill <forst(a)pen.gy> usbnet: ipheth: fix DPE OoB read Foster Snowhill <forst(a)pen.gy> usbnet: ipheth: break up NCM header size computation Foster Snowhill <forst(a)pen.gy> usbnet: ipheth: refactor NCM datagram loop Foster Snowhill <forst(a)pen.gy> usbnet: ipheth: check that DPE points past NCM header Foster Snowhill <forst(a)pen.gy> usbnet: ipheth: use static NDP16 location in URB Foster Snowhill <forst(a)pen.gy> usbnet: ipheth: fix possible overflow in DPE length check Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: gadget: f_tcm: Don't prepare BOT write request twice Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: gadget: f_tcm: ep_autoconfig with fullspeed endpoint Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: gadget: f_tcm: Decrement command ref count on cleanup Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: gadget: f_tcm: Translate error to sense Vasily Khoruzhick <anarsoul(a)gmail.com> wifi: rtw88: 8703b: Fix RX/TX issues Shayne Chen <shayne.chen(a)mediatek.com> wifi: mt76: mt7915: add module param to select 5 GHz or 6 GHz on MT7916 Fiona Klute <fiona.klute(a)gmx.de> wifi: rtw88: sdio: Fix disconnection after beacon loss Nick Morrow <usbwifi2024(a)gmail.com> wifi: mt76: mt7921u: Add VID/PID for TP-Link TXE50UH Marcel Hamer <marcel.hamer(a)windriver.com> wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize() Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtlwifi: rtl8821ae: Fix media status report Steven Rostedt <rostedt(a)goodmis.org> atomic64: Use arch_spin_locks instead of raw_spin_locks Steven Rostedt <rostedt(a)goodmis.org> ring-buffer: Do not allow events in NMI with generic atomic64 cmpxchg() Heiko Stuebner <heiko(a)sntech.de> HID: hid-sensor-hub: don't use stale platform-data on remove Peng Fan <peng.fan(a)nxp.com> Input: bbnsm_pwrkey - add remove hook Zijun Hu <quic_zijuhu(a)quicinc.com> of: reserved-memory: Fix using wrong number of cells to get property 'alignment' Zijun Hu <quic_zijuhu(a)quicinc.com> of: Fix of_find_node_opts_by_path() handling of alias+path+options Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> of: address: Fix empty resource handling in __of_address_resource_bounds() Zijun Hu <quic_zijuhu(a)quicinc.com> of: Correct child specifier used as input of the 2nd nexus node Bao D. Nguyen <quic_nguyenb(a)quicinc.com> scsi: ufs: core: Fix the HIGH/LOW_TEMP Bit Definitions Kuan-Wei Chiu <visitorckw(a)gmail.com> perf bench: Fix undefined behavior in cmpworker() Nathan Chancellor <nathan(a)kernel.org> efi: libstub: Use '-std=gnu11' to fix build with GCC 15 Zijun Hu <quic_zijuhu(a)quicinc.com> blk-cgroup: Fix class @block_class's subsystem refcount leakage Eyal Birger <eyal.birger(a)gmail.com> seccomp: passthrough uretprobe systemcall without filtering Daniel Golle <daniel(a)makrotopia.org> clk: mediatek: mt2701-mm: add missing dummy clk Daniel Golle <daniel(a)makrotopia.org> clk: mediatek: mt2701-img: add missing dummy clk Daniel Golle <daniel(a)makrotopia.org> clk: mediatek: mt2701-bdp: add missing dummy clk Daniel Golle <daniel(a)makrotopia.org> clk: mediatek: mt2701-aud: fix conversion to mtk_clk_simple_probe Daniel Golle <daniel(a)makrotopia.org> clk: mediatek: mt2701-vdec: fix conversion to mtk_clk_simple_probe Anastasia Belova <abelova(a)astralinux.ru> clk: qcom: clk-rpmh: prevent integer overflow in recalc_rate Satya Priya Kakitapalli <quic_skakitap(a)quicinc.com> clk: qcom: gcc-mdm9607: Fix cmd_rcgr offset for blsp1_uart6 rcg Luca Weiss <luca.weiss(a)fairphone.com> clk: qcom: dispcc-sm6350: Add missing parent_map for a clock Luca Weiss <luca.weiss(a)fairphone.com> clk: qcom: gcc-sm6350: Add missing parent_map for two clocks Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> clk: qcom: gcc-sm8650: Do not turn off PCIe GDSCs during gdsc_disable() Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> clk: qcom: gcc-sm8550: Do not turn off PCIe GDSCs during gdsc_disable() Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: clk-alpha-pll: fix alpha mode configuration Binbin Zhou <zhoubinbin(a)loongson.cn> clk: clk-loongson2: Fix the number count of clk provider Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> media: i2c: ds90ub960: Fix UB9702 refclk register access Lubomir Rintel <lkundrak(a)v3.sk> clk: mmp2: call pm_genpd_init() only after genpd.name is set Cody Eksal <masterr3c0rd(a)epochal.quest> clk: sunxi-ng: a100: enable MMC clock reparenting David Gstir <david(a)sigma-star.at> KEYS: trusted: dcp: fix improper sg use with CONFIG_VMAP_STACK=y Fedor Pchelkin <pchelkin(a)ispras.ru> Bluetooth: L2CAP: accept zero as a special value for MTU auto-selection Fedor Pchelkin <pchelkin(a)ispras.ru> Bluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc Lo-an Chen <lo-an.chen(a)amd.com> drm/amd/display: Fix seamless boot sequence Marek Olšák <marek.olsak(a)amd.com> drm/amdgpu: add a BO metadata flag to disable write compression for Vulkan Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Drop 64bpp YUV formats from ICL+ SDR planes Jani Nikula <jani.nikula(a)intel.com> drm/i915/dp: Iterate DSC BPP from high to low on all platforms Lucas De Marchi <lucas.demarchi(a)intel.com> drm/xe/devcoredump: Move exec queue snapshot to Contexts section Haoxiang Li <haoxiang_li2024(a)163.com> drm/komeda: Add check for komeda_get_layer_fourcc_list() Brian Geffon <bgeffon(a)google.com> drm/i915: Fix page cleanup on DMA remap failure Daniele Ceraolo Spurio <daniele.ceraolospurio(a)intel.com> drm/i915/guc: Debug print LRC state entries only if the context is pinned Tom Chung <chiahsuan.chung(a)amd.com> Revert "drm/amd/display: Use HW lock mgr for PSR1" Jay Cornwall <jay.cornwall(a)amd.com> drm/amdkfd: Block per-queue reset when halt_if_hws_hang=1 Prike Liang <Prike.Liang(a)amd.com> drm/amdkfd: only flush the validate MES contex Kenneth Feng <kenneth.feng(a)amd.com> drm/amd/amdgpu: change the config of cgcg on gfx12 Lijo Lazar <lijo.lazar(a)amd.com> drm/amd/pm: Mark MM activity as unsupported Aric Cyr <Aric.Cyr(a)amd.com> drm/amd/display: Optimize cursor position updates Dan Carpenter <dan.carpenter(a)linaro.org> ksmbd: fix integer overflows on 32 bit systems David Hildenbrand <david(a)redhat.com> KVM: s390: vsie: fix some corner-cases when grabbing vsie pages Keith Busch <kbusch(a)kernel.org> kvm: defer huge page recovery vhost task to later Sean Christopherson <seanjc(a)google.com> KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() Robin Murphy <robin.murphy(a)arm.com> remoteproc: omap: Handle ARM dma_iommu_mapping Jakob Unterwurzacher <jakobunt(a)gmail.com> arm64: dts: rockchip: increase gmac rx_delay on rk3399-puma Thomas Zimmermann <tzimmermann(a)suse.de> drm/rockchip: cdn-dp: Use drm_connector_helper_hpd_irq_event() Marc Zyngier <maz(a)kernel.org> KVM: arm64: timer: Always evaluate the need for a soft timer Ard Biesheuvel <ardb(a)kernel.org> arm64/mm: Reduce PA space to 48 bits when LPA2 is not enabled Mark Brown <broonie(a)kernel.org> arm64/sme: Move storage of reg_smidr to __cpuinfo_store_cpu() Ard Biesheuvel <ardb(a)kernel.org> arm64/mm: Override PARange for !LPA2 and use it consistently Ard Biesheuvel <ardb(a)kernel.org> arm64/kvm: Configure HYP TCR.PS/DS based on host stage1 Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com> accel/ivpu: Fix Qemu crash when running in passthrough Dan Carpenter <dan.carpenter(a)linaro.org> binfmt_flat: Fix integer overflow bug on 32 bit systems Nam Cao <namcao(a)linutronix.de> fs/proc: do_task_stat: Fix ESP not readable during coredump Thomas Zimmermann <tzimmermann(a)suse.de> m68k: vga: Fix I/O defines Marc Zyngier <maz(a)kernel.org> arm64: Filter out SVE hwcaps when FEAT_SVE isn't implemented Heiko Carstens <hca(a)linux.ibm.com> s390/futex: Fix FUTEX_OP_ANDN implementation Yu Kuai <yukuai3(a)huawei.com> md: reintroduce md-linear Meetakshi Setiya <msetiya(a)microsoft.com> smb: client: change lease epoch type from unsigned int to __u16 Ruben Devos <devosruben6(a)gmail.com> smb: client: fix order of arguments of tracepoints Maarten Lankhorst <dev(a)lankhorst.se> drm/client: Handle tiled displays better Maarten Lankhorst <dev(a)lankhorst.se> drm/modeset: Handle tiled displays in pan_display_atomic. Pali Rohár <pali(a)kernel.org> cifs: Remove intermediate object of failed create SFU call Sebastian Wiese-Wagner <seb(a)fastmail.to> ALSA: hda/realtek: Enable Mute LED on HP Laptop 14s-fq1xxx Alexander Sverdlin <alexander.sverdlin(a)siemens.com> leds: lp8860: Write full EEPROM, not only half of it Viresh Kumar <viresh.kumar(a)linaro.org> cpufreq: s3c64xx: Fix compilation warning Andreas Kemnade <andreas(a)kemnade.info> cpufreq: fix using cpufreq-dt as module David Howells <dhowells(a)redhat.com> rxrpc: Fix call state set to not include the SERVER_SECURING state Ido Schimmel <idosch(a)nvidia.com> net: sched: Fix truncation of offloaded action statistics Willem de Bruijn <willemb(a)google.com> tun: revert fix group permission check Cong Wang <cong.wang(a)bytedance.com> netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() Quang Le <quanglex97(a)gmail.com> pfifo_tail_enqueue: Drop new packet when sch->limit == 0 Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> ACPI: property: Fix return value for nval == 0 in acpi_data_prop_read() Juergen Gross <jgross(a)suse.com> x86/xen: add FRAME_END to xen_hypercall_hvm() Juergen Gross <jgross(a)suse.com> x86/xen: fix xen_hypercall_hvm() to not clobber %rbx Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> gpio: sim: lock hog configfs items if present Eric Dumazet <edumazet(a)google.com> net: rose: lock the socket in rose_bind() Jacob Moroni <mail(a)jakemoroni.com> net: atlantic: fix warning during hot unplug Mark Tomlinson <mark.tomlinson(a)alliedtelesis.co.nz> gpio: pca953x: Improve interrupt support David Howells <dhowells(a)redhat.com> rxrpc: Fix the rxrpc_connection attend queue handling Jakub Kicinski <kuba(a)kernel.org> ethtool: rss: fix hiding unsupported fields in dumps Ankit Nautiyal <ankit.k.nautiyal(a)intel.com> drm/i915/dp: fix the Adaptive sync Operation mode for SDP Yan Zhai <yan(a)cloudflare.com> udp: gso: do not drop small packets when PMTU reduces Lenny Szubowicz <lszubowi(a)redhat.com> tg3: Disable tg3 PCIe AER on system reboot Sankararaman Jayaraman <sankararaman.jayaraman(a)broadcom.com> vmxnet3: Fix tx queue race condition with XDP Jiasheng Jiang <jiashengjiangcool(a)gmail.com> ice: Add check for devm_kzalloc() Florian Fainelli <florian.fainelli(a)broadcom.com> net: bcmgenet: Correct overlaying of PHY and MAC Wake-on-LAN Daniel Wagner <wagi(a)kernel.org> nvme-fc: use ctrl state getter Keith Busch <kbusch(a)kernel.org> nvme: make nvme_tls_attrs_group static Maciej Fijalkowski <maciej.fijalkowski(a)intel.com> ice: stop storing XDP verdict within ice_rx_buf Maciej Fijalkowski <maciej.fijalkowski(a)intel.com> ice: gather page_count()'s of each frag right before XDP prog call Maciej Fijalkowski <maciej.fijalkowski(a)intel.com> ice: put Rx buffers after being done with current frame Hans Verkuil <hverkuil(a)xs4all.nl> gpu: drm_dp_cec: fix broken CEC adapter properties check Prasad Pandit <pjp(a)fedoraproject.org> firmware: iscsi_ibft: fix ISCSI_IBFT Kconfig entry Daniel Wagner <wagi(a)kernel.org> nvme: handle connectivity loss in nvme_set_queue_count K Prateek Nayak <kprateek.nayak(a)amd.com> sched/fair: Fix inaccurate h_nr_runnable accounting with delayed dequeue Hans de Goede <hdegoede(a)redhat.com> platform/x86: serdev_helpers: Check for serial_ctrl_uid == NULL Günther Noack <gnoack(a)google.com> tty: Permit some TIOCL_SETSEL modes without CAP_SYS_ADMIN Sean Anderson <sean.anderson(a)linux.dev> tty: xilinx_uartps: split sysrq handling Darrick J. Wong <djwong(a)kernel.org> xfs: don't over-report free space or inodes in statvfs Darrick J. Wong <djwong(a)kernel.org> xfs: report realtime block quota limits on realtime directories Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amdgpu: Fix Circular Locking Dependency in AMDGPU GFX Isolation Paolo Bonzini <pbonzini(a)redhat.com> KVM: e500: always restore irqs Sean Christopherson <seanjc(a)google.com> KVM: PPC: e500: Use __kvm_faultin_pfn() to handle page faults Sean Christopherson <seanjc(a)google.com> KVM: PPC: e500: Mark "struct page" pfn accessed before dropping mmu_lock Sean Christopherson <seanjc(a)google.com> KVM: PPC: e500: Mark "struct page" dirty in kvmppc_e500_shadow_map() Armin Wolf <W_Armin(a)gmx.de> platform/x86: acer-wmi: Ignore AC events Hridesh MG <hridesh699(a)gmail.com> platform/x86: acer-wmi: add support for Acer Nitro AN515-58 Illia Ostapyshyn <illia(a)yshyn.com> Input: allocate keycode for phone linking Yu-Chun Lin <eleanor15x(a)gmail.com> ASoC: amd: Add ACPI dependency to fix build error Armin Wolf <W_Armin(a)gmx.de> platform/x86: acer-wmi: Add support for Acer Predator PH16-72 Kuninori Morimoto <kuninori.morimoto.gx(a)renesas.com> ASoC: soc-pcm: don't use soc_pcm_ret() on .prepare callback Armin Wolf <W_Armin(a)gmx.de> platform/x86: acer-wmi: Add support for Acer PH14-51 Hans de Goede <hdegoede(a)redhat.com> platform/x86: int3472: Check for adev == NULL Robin Murphy <robin.murphy(a)arm.com> iommu/arm-smmu-v3: Clean up more on probe failure Richard Acayan <mailingradian(a)gmail.com> iommu/arm-smmu-qcom: add sdm670 adreno iommu compatible Simon Trimmer <simont(a)opensource.cirrus.com> ASoC: Intel: sof_sdw: Correct quirk for Lenovo Yoga Slim 7 David Woodhouse <dwmw(a)amazon.co.uk> x86/kexec: Allocate PGD for x86_64 transition page tables separately Bard Liao <yung-chuan.liao(a)linux.intel.com> ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params Roger Quadros <rogerq(a)kernel.org> net: ethernet: ti: am65-cpsw: ensure proper channel cleanup in error path Liu Ye <liuye(a)kylinos.cn> selftests/net/ipsec: Fix Null pointer dereference in rtattr_pack() Dan Carpenter <dan.carpenter(a)linaro.org> tipc: re-order conditions in tipc_crypto_key_rcv() Shinas Rasheed <srasheed(a)marvell.com> octeon_ep_vf: update tx/rx stats locally for persistence Shinas Rasheed <srasheed(a)marvell.com> octeon_ep: update tx/rx stats locally for persistence Yuanjie Yang <quic_yuanjiey(a)quicinc.com> mmc: sdhci-msm: Correctly set the load for the regulator Luke D. Jones <luke(a)ljones.dev> HID: hid-asus: Disable OOBE mode on the ProArt P16 Maciej S. Szmigiero <mail(a)maciej.szmigiero.name> net: wwan: iosm: Fix hibernation by re-binding the driver around it Mazin Al Haddad <mazin(a)getstate.dev> Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync En-Wei Wu <en-wei.wu(a)canonical.com> Bluetooth: btusb: Add new VID/PID 13d3/3628 for MT7925 Andrew Halaney <ajhalaney(a)gmail.com> Bluetooth: btusb: Add new VID/PID 13d3/3610 for MT7922 Borislav Petkov <bp(a)alien8.de> APEI: GHES: Have GHES honor the panic= setting Randolph Ha <rha051117(a)gmail.com> i2c: Force ELAN06FA touchpad I2C bus freq to 100KHz Miri Korenblit <miriam.rachel.korenblit(a)intel.com> wifi: iwlwifi: avoid memory leak Somashekhar(Som) <somashekhar.puttagangaiah(a)intel.com> wifi: iwlwifi: pcie: Add support for new device ids Stefan Dösinger <stefan(a)codeweavers.com> wifi: brcmfmac: Check the return value of of_property_read_string_index() Vadim Fedorenko <vadim.fedorenko(a)linux.dev> net/mlx5: use do_aux_work for PHC overflow checks Even Xu <even.xu(a)intel.com> HID: Wacom: Add PCI Wacom device support Youwan Wang <youwan(a)nfschina.com> HID: multitouch: Add quirk for Hantick 5288 touchpad Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com> clk: qcom: Make GCC_8150 depend on QCOM_GDSC Ping-Ke Shih <pkshih(a)realtek.com> wifi: rtw88: add __packed attribute to efuse layout struct Hans de Goede <hdegoede(a)redhat.com> mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> tomoyo: don't emit warning in tomoyo_write_control() Dmitry Antipov <dmantipov(a)yandex.ru> wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() Ciprian Marian Costea <ciprianmarian.costea(a)oss.nxp.com> mmc: sdhci-esdhc-imx: enable 'SDHCI_QUIRK_NO_LED' quirk for S32G Shawn Lin <shawn.lin(a)rock-chips.com> mmc: core: Respect quirk_max_rate for non-UHS SDIO card Stas Sergeev <stsp2(a)yandex.ru> tun: fix group permission check Chih-Kang Chang <gary.chang(a)realtek.com> wifi: rtw89: add crystal_cap check to avoid setting as overflow value Jeongjun Park <aha310510(a)gmail.com> ring-buffer: Make reading page consistent with the code logic Gabe Teeger <Gabe.Teeger(a)amd.com> drm/amd/display: Limit Scaling Ratio on DCN3.01 Nathan Chancellor <nathan(a)kernel.org> drm/amd/display: Increase sanitizer frame larger than limit when compile testing with clang Leo Stone <leocstone(a)gmail.com> safesetid: check size of policy writes Hermes Wu <hermes.wu(a)ite.com.tw> drm/bridge: it6505: fix HDCP CTS KSV list wait timer Hermes Wu <hermes.wu(a)ite.com.tw> drm/bridge: it6505: fix HDCP CTS compare V matching Hermes Wu <hermes.wu(a)ite.com.tw> drm/bridge: it6505: fix HDCP encryption when R0 ready Hermes Wu <hermes.wu(a)ite.com.tw> drm/bridge: it6505: fix HDCP Bstatus check Hermes Wu <hermes.wu(a)ite.com.tw> drm/bridge: it6505: Change definition MAX_HDCP_DOWN_STREAM_COUNT Philip Yang <Philip.Yang(a)amd.com> drm/amdkfd: Queue interrupt work to different CPU Philip Yang <Philip.Yang(a)amd.com> drm/amdgpu: Don't enable sdma 4.4.5 CTXEMPTY interrupt Fangzhi Zuo <Jerry.Zuo(a)amd.com> drm/amd/display: Fix Mode Cutoff in DSC Passthrough to DP2.1 Monitor Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/vc4: hdmi: use eld_mutex to protect access to connector->eld Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/sti: hdmi: use eld_mutex to protect access to connector->eld Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/radeon: use eld_mutex to protect access to connector->eld Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/exynos: hdmi: use eld_mutex to protect access to connector->eld Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/amd/display: use eld_mutex to protect access to connector->eld Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/bridge: ite-it66121: use eld_mutex to protect access to connector->eld Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/bridge: anx7625: use eld_mutex to protect access to connector->eld Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/connector: add mutex to protect ELD from concurrent access Kuan-Wei Chiu <visitorckw(a)gmail.com> printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX Ausef Yousof <Ausef.Yousof(a)amd.com> drm/amd/display: Overwriting dualDPP UBF values before usage Ausef Yousof <Ausef.Yousof(a)amd.com> drm/amd/display: Populate chroma prefetch parameters, DET buffer fix Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/tests: hdmi: return meaningful value from set_connector_edid() Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/tests: hdmi: handle empty modes in find_preferred_mode() Zhi Wang <zhiw(a)nvidia.com> nvkm: correctly calculate the available space of the GSP cmdq buffer Zhi Wang <zhiw(a)nvidia.com> nvkm/gsp: correctly advance the read pointer of GSP message queue Dustin L. Howett <dustin(a)howett.net> drm: panel-backlight-quirks: Add Framework 13 glossy and 2.8k panels Thomas Weißschuh <linux(a)weissschuh.net> drm: panel-backlight-quirks: Add Framework 13 matte panel Thomas Weißschuh <linux(a)weissschuh.net> drm: Add panel backlight quirks Dongwon Kim <dongwon.kim(a)intel.com> drm/virtio: New fence for every plane update Yazen Ghannam <yazen.ghannam(a)amd.com> x86/amd_nb: Restrict init function to AMD-based systems Carlos Llamas <cmllamas(a)google.com> lockdep: Fix upper limit for LOCKDEP_*_BITS configs Thorsten Blum <thorsten.blum(a)linux.dev> locking/ww_mutex/test: Use swap() macro Peter Zijlstra <peterz(a)infradead.org> x86: Convert unreachable() to BUG() Suleiman Souhlal <suleiman(a)google.com> sched: Don't try to catch up excess steal time. Josef Bacik <josef(a)toxicpanda.com> btrfs: convert BUG_ON in btrfs_reloc_cow_block() to proper error handling Hao-ran Zheng <zhenghaoran154(a)gmail.com> btrfs: fix data race when accessing the inode's disk_i_size at btrfs_drop_extents() Sven Schnelle <svens(a)linux.ibm.com> s390/stackleak: Use exrl instead of ex in __stackleak_poison() Kees Cook <kees(a)kernel.org> exec: fix up /proc/pid/comm in the execveat(AT_EMPTY_PATH) case Anshuman Khandual <anshuman.khandual(a)arm.com> arm64/mm: Ensure adequate HUGE_MAX_HSTATE Filipe Manana <fdmanana(a)suse.com> btrfs: fix use-after-free when attempting to join an aborted transaction Qu Wenruo <wqu(a)suse.com> btrfs: do not output error message if a qgroup has been already cleaned up Filipe Manana <fdmanana(a)suse.com> btrfs: fix assertion failure when splitting ordered extent after transaction abort Geert Uytterhoeven <geert+renesas(a)glider.be> irqchip/lan966x-oic: Make CONFIG_LAN966X_OIC depend on CONFIG_MCHP_LAN966X_PCI ------------- Diffstat: Documentation/arch/arm64/elf_hwcaps.rst | 39 +- Documentation/gpu/drm-kms-helpers.rst | 3 + Makefile | 4 +- arch/arm/boot/dts/ti/omap/dra7-l4.dtsi | 2 + arch/arm/boot/dts/ti/omap/omap3-gta04.dtsi | 10 + arch/arm64/boot/dts/mediatek/mt8183-kukui.dtsi | 5 - arch/arm64/boot/dts/mediatek/mt8183.dtsi | 1 + arch/arm64/boot/dts/nvidia/tegra234.dtsi | 6 +- arch/arm64/boot/dts/qcom/sdx75.dtsi | 2 +- arch/arm64/boot/dts/qcom/sm6115.dtsi | 8 +- arch/arm64/boot/dts/qcom/sm6350.dtsi | 6 +- arch/arm64/boot/dts/qcom/sm6375.dtsi | 10 +- arch/arm64/boot/dts/qcom/sm8350.dtsi | 492 ++++++++++----------- arch/arm64/boot/dts/qcom/sm8450.dtsi | 216 ++++----- arch/arm64/boot/dts/qcom/sm8550.dtsi | 271 ++++++------ arch/arm64/boot/dts/qcom/sm8650.dtsi | 305 +++++++------ .../dts/qcom/x1e78100-lenovo-thinkpad-t14s.dts | 4 +- .../boot/dts/qcom/x1e80100-asus-vivobook-s15.dts | 4 +- arch/arm64/boot/dts/qcom/x1e80100-crd.dts | 6 +- .../boot/dts/qcom/x1e80100-lenovo-yoga-slim7x.dts | 6 +- .../boot/dts/qcom/x1e80100-microsoft-romulus.dtsi | 4 +- arch/arm64/boot/dts/qcom/x1e80100-qcp.dts | 6 +- arch/arm64/boot/dts/qcom/x1e80100.dtsi | 280 ++++++------ arch/arm64/boot/dts/rockchip/rk3399-puma.dtsi | 2 +- arch/arm64/boot/dts/rockchip/rk3568.dtsi | 1 + arch/arm64/boot/dts/rockchip/rk356x.dtsi | 2 + arch/arm64/include/asm/assembler.h | 5 + arch/arm64/include/asm/pgtable-hwdef.h | 6 - arch/arm64/include/asm/pgtable-prot.h | 7 + arch/arm64/include/asm/sparsemem.h | 5 +- arch/arm64/kernel/cpufeature.c | 55 +-- arch/arm64/kernel/cpuinfo.c | 10 + arch/arm64/kernel/pi/idreg-override.c | 9 + arch/arm64/kernel/pi/map_kernel.c | 6 + arch/arm64/kvm/arch_timer.c | 4 +- arch/arm64/kvm/arm.c | 8 +- arch/arm64/mm/hugetlbpage.c | 12 + arch/arm64/mm/init.c | 7 +- arch/loongarch/include/uapi/asm/ptrace.h | 10 + arch/loongarch/kernel/ptrace.c | 6 +- arch/m68k/include/asm/vga.h | 8 +- arch/mips/Kconfig | 1 - arch/mips/kernel/ftrace.c | 2 +- arch/mips/loongson64/boardinfo.c | 2 - arch/mips/math-emu/cp1emu.c | 2 +- arch/mips/pci/pci-legacy.c | 8 + arch/parisc/Kconfig | 4 +- arch/powerpc/kvm/e500_mmu_host.c | 21 +- arch/powerpc/platforms/pseries/eeh_pseries.c | 6 +- arch/s390/include/asm/asm-extable.h | 4 + arch/s390/include/asm/fpu-insn.h | 17 +- arch/s390/include/asm/futex.h | 2 +- arch/s390/include/asm/processor.h | 3 +- arch/s390/kernel/vmlinux.lds.S | 1 - arch/s390/kvm/vsie.c | 25 +- arch/s390/mm/extable.c | 9 + arch/s390/pci/pci_bus.c | 1 - arch/x86/boot/compressed/Makefile | 1 + arch/x86/include/asm/kexec.h | 18 +- arch/x86/include/asm/kvm_host.h | 2 + arch/x86/kernel/acpi/boot.c | 50 ++- arch/x86/kernel/amd_nb.c | 4 + arch/x86/kernel/machine_kexec_64.c | 45 +- arch/x86/kernel/process.c | 2 +- arch/x86/kernel/reboot.c | 2 +- arch/x86/kvm/mmu/mmu.c | 45 +- arch/x86/kvm/svm/sev.c | 2 +- arch/x86/kvm/x86.c | 7 +- arch/x86/mm/fault.c | 2 +- arch/x86/pci/fixup.c | 30 ++ arch/x86/xen/xen-head.S | 5 +- block/blk-cgroup.c | 1 + block/fops.c | 5 +- drivers/accel/ivpu/ivpu_pm.c | 7 +- drivers/acpi/apei/ghes.c | 10 +- drivers/acpi/prmt.c | 4 +- drivers/acpi/property.c | 10 +- drivers/ata/libata-sff.c | 18 +- drivers/bluetooth/btusb.c | 4 + drivers/char/misc.c | 37 +- drivers/char/tpm/eventlog/acpi.c | 15 +- drivers/clk/clk-loongson2.c | 5 +- drivers/clk/mediatek/clk-mt2701-aud.c | 10 + drivers/clk/mediatek/clk-mt2701-bdp.c | 1 + drivers/clk/mediatek/clk-mt2701-img.c | 1 + drivers/clk/mediatek/clk-mt2701-mm.c | 1 + drivers/clk/mediatek/clk-mt2701-vdec.c | 1 + drivers/clk/mmp/pwr-island.c | 2 +- drivers/clk/qcom/Kconfig | 1 + drivers/clk/qcom/clk-alpha-pll.c | 2 + drivers/clk/qcom/clk-rpmh.c | 2 +- drivers/clk/qcom/dispcc-sm6350.c | 7 +- drivers/clk/qcom/gcc-mdm9607.c | 2 +- drivers/clk/qcom/gcc-sm6350.c | 22 +- drivers/clk/qcom/gcc-sm8550.c | 8 +- drivers/clk/qcom/gcc-sm8650.c | 8 +- drivers/clk/sunxi-ng/ccu-sun50i-a100.c | 6 +- drivers/cpufreq/Kconfig | 2 +- drivers/cpufreq/cpufreq-dt-platdev.c | 2 - drivers/cpufreq/s3c64xx-cpufreq.c | 11 +- drivers/crypto/qce/aead.c | 2 +- drivers/crypto/qce/core.c | 13 +- drivers/crypto/qce/sha.c | 2 +- drivers/crypto/qce/skcipher.c | 2 +- drivers/firmware/Kconfig | 2 +- drivers/firmware/efi/libstub/Makefile | 2 +- drivers/firmware/qcom/qcom_scm.c | 10 +- drivers/gpio/gpio-pca953x.c | 19 - drivers/gpio/gpio-sim.c | 13 +- drivers/gpu/drm/Kconfig | 4 + drivers/gpu/drm/Makefile | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 3 +- drivers/gpu/drm/amd/amdgpu/amdgpu_gfx.c | 12 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 8 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.h | 2 + drivers/gpu/drm/amd/amdgpu/gfx_v12_0.c | 11 - drivers/gpu/drm/amd/amdgpu/sdma_v4_4_2.c | 8 +- drivers/gpu/drm/amd/amdgpu/sdma_v7_0.c | 5 +- drivers/gpu/drm/amd/amdkfd/kfd_device.c | 25 +- .../gpu/drm/amd/amdkfd/kfd_device_queue_manager.c | 4 +- drivers/gpu/drm/amd/amdkfd/kfd_interrupt.c | 25 +- drivers/gpu/drm/amd/amdkfd/kfd_priv.h | 3 +- .../gpu/drm/amd/amdkfd/kfd_process_queue_manager.c | 7 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 14 +- .../amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 6 +- .../drm/amd/display/amdgpu_dm/amdgpu_dm_plane.c | 22 +- .../drm/amd/display/amdgpu_dm/amdgpu_dm_plane.h | 3 +- drivers/gpu/drm/amd/display/dc/core/dc.c | 2 +- .../gpu/drm/amd/display/dc/dce/dmub_hw_lock_mgr.c | 3 +- drivers/gpu/drm/amd/display/dc/dml2/Makefile | 4 + .../drm/amd/display/dc/dml2/display_mode_core.c | 35 +- .../display/dc/dml2/display_mode_core_structs.h | 6 +- drivers/gpu/drm/amd/display/dc/dml2/dml2_wrapper.c | 35 +- .../gpu/drm/amd/display/dc/dpp/dcn10/dcn10_dpp.c | 7 +- .../drm/amd/display/dc/dpp/dcn401/dcn401_dpp_cm.c | 6 +- .../drm/amd/display/dc/hubbub/dcn30/dcn30_hubbub.c | 3 +- .../drm/amd/display/dc/hubbub/dcn31/dcn31_hubbub.c | 3 +- .../drm/amd/display/dc/hubbub/dcn32/dcn32_hubbub.c | 3 +- .../drm/amd/display/dc/hubbub/dcn35/dcn35_hubbub.c | 3 +- .../gpu/drm/amd/display/dc/hubp/dcn20/dcn20_hubp.c | 8 +- .../gpu/drm/amd/display/dc/hubp/dcn30/dcn30_hubp.c | 2 + .../gpu/drm/amd/display/dc/hubp/dcn32/dcn32_hubp.c | 2 + .../drm/amd/display/dc/hubp/dcn401/dcn401_hubp.c | 10 +- .../drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c | 3 +- .../display/dc/resource/dcn301/dcn301_resource.c | 8 +- drivers/gpu/drm/amd/pm/swsmu/smu13/aldebaran_ppt.c | 1 - .../drm/arm/display/komeda/komeda_wb_connector.c | 4 + drivers/gpu/drm/bridge/analogix/anx7625.c | 2 + drivers/gpu/drm/bridge/ite-it6505.c | 83 ++-- drivers/gpu/drm/bridge/ite-it66121.c | 2 + drivers/gpu/drm/display/drm_dp_cec.c | 14 +- drivers/gpu/drm/drm_client_modeset.c | 9 + drivers/gpu/drm/drm_connector.c | 1 + drivers/gpu/drm/drm_edid.c | 6 + drivers/gpu/drm/drm_fb_helper.c | 14 +- drivers/gpu/drm/drm_panel_backlight_quirks.c | 94 ++++ drivers/gpu/drm/exynos/exynos_hdmi.c | 2 + drivers/gpu/drm/i915/display/intel_dp.c | 10 +- drivers/gpu/drm/i915/display/skl_universal_plane.c | 4 - drivers/gpu/drm/i915/gem/i915_gem_shmem.c | 6 +- drivers/gpu/drm/i915/gt/uc/intel_guc_submission.c | 20 +- drivers/gpu/drm/nouveau/nvkm/subdev/gsp/r535.c | 16 +- drivers/gpu/drm/radeon/radeon_audio.c | 2 + drivers/gpu/drm/rockchip/cdn-dp-core.c | 9 +- drivers/gpu/drm/sti/sti_hdmi.c | 2 + drivers/gpu/drm/tests/drm_hdmi_state_helper_test.c | 33 +- drivers/gpu/drm/vc4/vc4_hdmi.c | 4 +- drivers/gpu/drm/virtio/virtgpu_drv.h | 7 + drivers/gpu/drm/virtio/virtgpu_plane.c | 58 ++- drivers/gpu/drm/xe/xe_devcoredump.c | 42 +- drivers/gpu/drm/xe/xe_devcoredump.h | 2 +- drivers/gpu/drm/xe/xe_guc_log.c | 2 +- drivers/hid/hid-asus.c | 26 ++ drivers/hid/hid-multitouch.c | 5 + drivers/hid/hid-sensor-hub.c | 21 +- drivers/hid/wacom_wac.c | 5 + drivers/i2c/i2c-core-acpi.c | 22 + drivers/i3c/master.c | 2 +- drivers/iio/light/as73211.c | 24 +- drivers/infiniband/hw/mlx5/mr.c | 17 +- drivers/infiniband/hw/mlx5/odp.c | 2 + drivers/input/misc/nxp-bbnsm-pwrkey.c | 8 + drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 17 +- drivers/iommu/arm/arm-smmu-v3/tegra241-cmdqv.c | 8 +- drivers/iommu/arm/arm-smmu/arm-smmu-qcom.c | 1 + drivers/iommu/iommufd/fault.c | 44 +- drivers/iommu/iommufd/iommufd_private.h | 29 +- drivers/irqchip/Kconfig | 1 + drivers/irqchip/irq-apple-aic.c | 3 +- drivers/irqchip/irq-mvebu-icu.c | 3 +- drivers/leds/leds-lp8860.c | 2 +- drivers/mailbox/tegra-hsp.c | 6 +- drivers/mailbox/zynqmp-ipi-mailbox.c | 2 +- drivers/md/Kconfig | 13 + drivers/md/Makefile | 2 + drivers/md/dm-crypt.c | 27 +- drivers/md/md-autodetect.c | 8 +- drivers/md/md-linear.c | 352 +++++++++++++++ drivers/md/md.c | 2 +- drivers/media/i2c/ccs/ccs-core.c | 6 +- drivers/media/i2c/ccs/ccs-data.c | 14 +- drivers/media/i2c/ds90ub913.c | 1 - drivers/media/i2c/ds90ub953.c | 1 - drivers/media/i2c/ds90ub960.c | 123 +++--- drivers/media/i2c/imx296.c | 2 + drivers/media/i2c/ov5640.c | 1 + drivers/media/pci/intel/ipu6/ipu6-isys.c | 1 + drivers/media/platform/marvell/mmp-driver.c | 21 +- drivers/media/platform/nuvoton/npcm-video.c | 4 +- .../st/stm32/stm32-dcmipp/dcmipp-bytecap.c | 2 +- drivers/media/usb/uvc/uvc_ctrl.c | 83 +++- drivers/media/usb/uvc/uvc_driver.c | 98 ++-- drivers/media/usb/uvc/uvc_v4l2.c | 2 + drivers/media/usb/uvc/uvc_video.c | 21 + drivers/media/usb/uvc/uvcvideo.h | 10 +- drivers/media/v4l2-core/v4l2-mc.c | 2 +- drivers/mfd/lpc_ich.c | 3 +- drivers/misc/fastrpc.c | 8 +- drivers/mmc/core/sdio.c | 2 + drivers/mmc/host/sdhci-esdhc-imx.c | 1 + drivers/mmc/host/sdhci-msm.c | 53 ++- drivers/mtd/nand/onenand/onenand_base.c | 1 + drivers/mtd/ubi/build.c | 2 +- drivers/net/ethernet/aquantia/atlantic/aq_nic.c | 4 +- drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c | 16 +- drivers/net/ethernet/broadcom/tg3.c | 58 +++ drivers/net/ethernet/intel/ice/devlink/devlink.c | 3 + drivers/net/ethernet/intel/ice/ice_txrx.c | 150 +++++-- drivers/net/ethernet/intel/ice/ice_txrx.h | 1 - drivers/net/ethernet/intel/ice/ice_txrx_lib.h | 43 -- .../net/ethernet/marvell/octeon_ep/octep_ethtool.c | 39 +- .../net/ethernet/marvell/octeon_ep/octep_main.c | 19 +- .../net/ethernet/marvell/octeon_ep/octep_main.h | 6 + drivers/net/ethernet/marvell/octeon_ep/octep_rx.c | 11 +- drivers/net/ethernet/marvell/octeon_ep/octep_rx.h | 4 +- drivers/net/ethernet/marvell/octeon_ep/octep_tx.c | 7 +- drivers/net/ethernet/marvell/octeon_ep/octep_tx.h | 4 +- .../marvell/octeon_ep_vf/octep_vf_ethtool.c | 29 +- .../ethernet/marvell/octeon_ep_vf/octep_vf_main.c | 17 +- .../ethernet/marvell/octeon_ep_vf/octep_vf_main.h | 6 + .../ethernet/marvell/octeon_ep_vf/octep_vf_rx.c | 9 +- .../ethernet/marvell/octeon_ep_vf/octep_vf_rx.h | 2 +- .../ethernet/marvell/octeon_ep_vf/octep_vf_tx.c | 7 +- .../ethernet/marvell/octeon_ep_vf/octep_vf_tx.h | 2 +- .../net/ethernet/mellanox/mlx5/core/lib/clock.c | 24 +- drivers/net/ethernet/ti/am65-cpsw-nuss.c | 67 ++- drivers/net/phy/nxp-c45-tja11xx.c | 2 + drivers/net/tun.c | 2 +- drivers/net/usb/ipheth.c | 69 ++- drivers/net/vmxnet3/vmxnet3_xdp.c | 14 +- .../wireless/broadcom/brcm80211/brcmfmac/core.c | 5 + .../net/wireless/broadcom/brcm80211/brcmfmac/of.c | 8 +- .../broadcom/brcm80211/brcmsmac/phy/phy_n.c | 3 + drivers/net/wireless/intel/iwlwifi/Makefile | 2 +- drivers/net/wireless/intel/iwlwifi/cfg/dr.c | 167 +++++++ drivers/net/wireless/intel/iwlwifi/fw/acpi.c | 13 +- drivers/net/wireless/intel/iwlwifi/iwl-config.h | 10 + drivers/net/wireless/intel/iwlwifi/pcie/drv.c | 16 + drivers/net/wireless/mediatek/mt76/mt7915/eeprom.c | 21 +- drivers/net/wireless/mediatek/mt76/mt7915/init.c | 4 +- drivers/net/wireless/mediatek/mt76/mt7921/usb.c | 3 + .../net/wireless/realtek/rtlwifi/rtl8821ae/fw.h | 4 +- drivers/net/wireless/realtek/rtw88/main.h | 4 +- drivers/net/wireless/realtek/rtw88/rtw8703b.c | 8 +- drivers/net/wireless/realtek/rtw88/rtw8723x.h | 8 +- drivers/net/wireless/realtek/rtw88/rtw8821c.h | 9 +- drivers/net/wireless/realtek/rtw88/rtw8822b.h | 9 +- drivers/net/wireless/realtek/rtw88/rtw8822c.h | 9 +- drivers/net/wireless/realtek/rtw88/sdio.c | 2 + drivers/net/wireless/realtek/rtw89/phy.c | 13 +- drivers/net/wireless/realtek/rtw89/phy.h | 2 +- drivers/net/wwan/iosm/iosm_ipc_pcie.c | 56 ++- drivers/nvme/host/core.c | 8 +- drivers/nvme/host/fc.c | 9 +- drivers/nvme/host/pci.c | 4 +- drivers/nvme/host/sysfs.c | 2 +- drivers/nvmem/core.c | 2 + drivers/nvmem/imx-ocotp-ele.c | 38 +- drivers/nvmem/qcom-spmi-sdam.c | 1 + drivers/of/address.c | 12 +- drivers/of/base.c | 8 +- drivers/of/of_reserved_mem.c | 4 +- drivers/pci/controller/dwc/pcie-designware-ep.c | 48 +- drivers/pci/endpoint/pci-epf-core.c | 1 + drivers/pinctrl/renesas/pinctrl-rzg2l.c | 2 +- drivers/pinctrl/samsung/pinctrl-samsung.c | 2 +- drivers/platform/x86/acer-wmi.c | 45 ++ drivers/platform/x86/intel/int3472/discrete.c | 3 + drivers/platform/x86/intel/int3472/tps68470.c | 3 + drivers/platform/x86/serdev_helpers.h | 4 +- drivers/ptp/ptp_clock.c | 8 + drivers/pwm/pwm-microchip-core.c | 2 +- drivers/remoteproc/omap_remoteproc.c | 17 + drivers/rtc/rtc-zynqmp.c | 4 +- drivers/scsi/qla2xxx/qla_def.h | 2 + drivers/scsi/qla2xxx/qla_dfs.c | 122 ++++- drivers/scsi/qla2xxx/qla_gbl.h | 3 + drivers/scsi/qla2xxx/qla_init.c | 28 +- drivers/scsi/scsi_lib.c | 9 +- drivers/scsi/st.c | 6 + drivers/scsi/st.h | 1 + drivers/scsi/storvsc_drv.c | 1 + drivers/soc/mediatek/mtk-devapc.c | 19 +- drivers/soc/qcom/llcc-qcom.c | 1 + drivers/soc/qcom/smem_state.c | 3 +- drivers/soc/qcom/socinfo.c | 2 +- drivers/soc/samsung/exynos-pmu.c | 2 +- drivers/spi/atmel-quadspi.c | 118 +++-- drivers/tty/serial/sh-sci.c | 25 +- drivers/tty/serial/xilinx_uartps.c | 8 +- drivers/tty/vt/selection.c | 14 + drivers/tty/vt/vt.c | 2 - drivers/ufs/core/ufshcd.c | 31 +- drivers/ufs/host/ufs-qcom.c | 18 +- drivers/ufs/host/ufshcd-pci.c | 2 - drivers/ufs/host/ufshcd-pltfrm.c | 28 +- drivers/usb/gadget/function/f_tcm.c | 52 +-- drivers/vfio/platform/vfio_platform_common.c | 10 + fs/binfmt_flat.c | 2 +- fs/btrfs/file.c | 2 +- fs/btrfs/inode.c | 4 +- fs/btrfs/ordered-data.c | 12 + fs/btrfs/qgroup.c | 5 +- fs/btrfs/relocation.c | 14 +- fs/btrfs/transaction.c | 4 +- fs/ceph/mds_client.c | 16 +- fs/exec.c | 29 +- fs/namespace.c | 45 +- fs/nfs/Kconfig | 3 +- fs/nfs/flexfilelayout/flexfilelayout.c | 27 +- fs/nfsd/nfs4xdr.c | 20 +- fs/nilfs2/inode.c | 6 +- fs/ocfs2/dir.c | 25 +- fs/ocfs2/super.c | 2 +- fs/ocfs2/symlink.c | 5 +- fs/proc/array.c | 2 +- fs/smb/client/cifsglob.h | 14 +- fs/smb/client/dir.c | 6 +- fs/smb/client/smb1ops.c | 2 +- fs/smb/client/smb2inode.c | 108 ++--- fs/smb/client/smb2ops.c | 41 +- fs/smb/client/smb2pdu.c | 2 +- fs/smb/client/smb2proto.h | 2 +- fs/smb/server/transport_ipc.c | 9 + fs/xfs/xfs_buf_item_recover.c | 11 +- fs/xfs/xfs_dquot.c | 199 +++++++-- fs/xfs/xfs_dquot.h | 6 +- fs/xfs/xfs_dquot_item.c | 51 ++- fs/xfs/xfs_dquot_item.h | 7 + fs/xfs/xfs_exchrange.c | 71 ++- fs/xfs/xfs_inode.c | 7 +- fs/xfs/xfs_iomap.c | 6 +- fs/xfs/xfs_qm.c | 50 ++- fs/xfs/xfs_qm_bhv.c | 41 +- fs/xfs/xfs_super.c | 11 +- fs/xfs/xfs_trans.c | 29 +- fs/xfs/xfs_trans_ail.c | 2 +- include/drm/drm_connector.h | 5 +- include/drm/drm_utils.h | 4 + include/linux/binfmts.h | 4 +- include/linux/call_once.h | 45 ++ include/linux/hrtimer_defs.h | 1 + include/linux/kvm_host.h | 9 + include/linux/mlx5/driver.h | 1 - include/linux/platform_data/x86/asus-wmi.h | 5 + include/net/sch_generic.h | 2 +- include/rv/da_monitor.h | 4 + include/trace/events/rxrpc.h | 1 + include/uapi/drm/amdgpu_drm.h | 9 +- include/uapi/linux/input-event-codes.h | 1 + include/uapi/linux/iommufd.h | 4 +- include/uapi/linux/raid/md_p.h | 2 +- include/uapi/linux/raid/md_u.h | 2 + include/ufs/ufs.h | 4 +- include/ufs/ufshcd.h | 1 - io_uring/net.c | 5 + io_uring/poll.c | 4 + kernel/locking/test-ww_mutex.c | 9 +- kernel/printk/printk.c | 2 +- kernel/sched/core.c | 6 +- kernel/sched/fair.c | 19 + kernel/seccomp.c | 12 + kernel/time/hrtimer.c | 103 ++++- kernel/time/timer_migration.c | 10 +- kernel/trace/ring_buffer.c | 13 +- kernel/trace/trace_functions_graph.c | 2 +- kernel/trace/trace_osnoise.c | 17 +- lib/Kconfig.debug | 8 +- lib/atomic64.c | 78 ++-- lib/maple_tree.c | 23 +- mm/compaction.c | 3 +- mm/gup.c | 14 +- mm/hugetlb.c | 24 +- mm/kfence/core.c | 2 + mm/kmemleak.c | 2 +- mm/vmscan.c | 7 +- net/bluetooth/l2cap_sock.c | 7 +- net/bluetooth/mgmt.c | 12 +- net/ethtool/rss.c | 3 +- net/ipv4/udp.c | 4 +- net/ipv6/udp.c | 4 +- net/mptcp/protocol.c | 1 + net/ncsi/ncsi-manage.c | 13 +- net/nfc/nci/hci.c | 2 + net/rose/af_rose.c | 24 +- net/rxrpc/ar-internal.h | 2 +- net/rxrpc/call_object.c | 6 +- net/rxrpc/conn_event.c | 21 +- net/rxrpc/conn_object.c | 1 + net/rxrpc/input.c | 2 +- net/rxrpc/sendmsg.c | 2 +- net/sched/sch_fifo.c | 3 + net/sched/sch_netem.c | 2 +- net/tipc/crypto.c | 4 +- rust/kernel/init.rs | 2 +- scripts/Makefile.extrawarn | 5 +- scripts/gdb/linux/cpus.py | 2 +- scripts/generate_rust_target.rs | 18 + security/keys/trusted-keys/trusted_dcp.c | 22 +- security/safesetid/securityfs.c | 3 + security/tomoyo/common.c | 2 +- sound/pci/hda/hda_auto_parser.c | 8 +- sound/pci/hda/hda_auto_parser.h | 1 + sound/pci/hda/patch_realtek.c | 4 +- sound/soc/amd/Kconfig | 2 +- sound/soc/amd/yc/acp6x-mach.c | 28 ++ sound/soc/intel/boards/sof_sdw.c | 5 +- sound/soc/soc-pcm.c | 32 +- sound/soc/sof/intel/hda-dai.c | 12 + sound/soc/sof/intel/hda.c | 5 + tools/perf/bench/epoll-wait.c | 7 +- tools/testing/selftests/net/ipsec.c | 3 +- tools/testing/selftests/net/mptcp/mptcp_connect.c | 2 +- tools/testing/selftests/net/udpgso.c | 26 ++ .../selftests/sched_ext/ddsp_bogus_dsq_fail.bpf.c | 2 +- .../selftests/sched_ext/ddsp_vtimelocal_fail.bpf.c | 4 +- .../testing/selftests/sched_ext/dsp_local_on.bpf.c | 2 +- .../selftests/sched_ext/enq_select_cpu_fails.bpf.c | 2 +- tools/testing/selftests/sched_ext/exit.bpf.c | 4 +- tools/testing/selftests/sched_ext/maximal.bpf.c | 4 +- .../selftests/sched_ext/select_cpu_dfl.bpf.c | 2 +- .../sched_ext/select_cpu_dfl_nodispatch.bpf.c | 2 +- .../selftests/sched_ext/select_cpu_dispatch.bpf.c | 2 +- .../sched_ext/select_cpu_dispatch_bad_dsq.bpf.c | 2 +- .../sched_ext/select_cpu_dispatch_dbl_dsp.bpf.c | 4 +- .../selftests/sched_ext/select_cpu_vtime.bpf.c | 8 +- tools/tracing/rtla/src/osnoise.c | 2 +- tools/tracing/rtla/src/timerlat_hist.c | 26 +- tools/tracing/rtla/src/timerlat_top.c | 27 +- tools/tracing/rtla/src/trace.c | 8 + tools/tracing/rtla/src/trace.h | 1 + 451 files changed, 5230 insertions(+), 2579 deletions(-)

4 months, 3 weeks

8
8
0 0

[PATCH] drm/xe: Add check for alloc_ordered_workqueue()

by Haoxiang Li

Add check for the return value of alloc_ordered_workqueue() in xe_gt_alloc() to catch potential exception. Fixes: e2d84e5b2205 ("drm/xe: Mark GT work queue with WQ_MEM_RECLAIM") Cc: stable(a)vger.kernel.org Signed-off-by: Haoxiang Li <haoxiang_li2024(a)163.com> --- drivers/gpu/drm/xe/xe_gt.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/gpu/drm/xe/xe_gt.c b/drivers/gpu/drm/xe/xe_gt.c index 5d6fb79957b6..0f42bbcb8d42 100644 --- a/drivers/gpu/drm/xe/xe_gt.c +++ b/drivers/gpu/drm/xe/xe_gt.c @@ -79,6 +79,8 @@ struct xe_gt *xe_gt_alloc(struct xe_tile *tile) gt->tile = tile; gt->ordered_wq = alloc_ordered_workqueue("gt-ordered-wq", WQ_MEM_RECLAIM); + if (!gt->ordered_wq) + return ERR_PTR(-ENOMEM); err = drmm_add_action_or_reset(&gt_to_xe(gt)->drm, gt_fini, gt); if (err) -- 2.25.1

4 months, 3 weeks

2
1
0 0

[PATCH 4/5] fprobe: Always unregister fgraph function from ops

by Steven Rostedt

From: Steven Rostedt <rostedt(a)goodmis.org> When the last fprobe is removed, it calls unregister_ftrace_graph() to remove the graph_ops from function graph. The issue is when it does so, it calls return before removing the function from its graph ops via ftrace_set_filter_ips(). This leaves the last function lingering in the fprobe's fgraph ops and if a probe is added it also enables that last function (even though the callback will just drop it, it does add unneeded overhead to make that call). # echo "f:myevent1 kernel_clone" >> /sys/kernel/tracing/dynamic_events # cat /sys/kernel/tracing/enabled_functions kernel_clone (1) tramp: 0xffffffffc02f3000 (ftrace_graph_func+0x0/0x60) ->ftrace_graph_func+0x0/0x60 # echo "f:myevent2 schedule_timeout" >> /sys/kernel/tracing/dynamic_events # cat /sys/kernel/tracing/enabled_functions kernel_clone (1) tramp: 0xffffffffc02f3000 (ftrace_graph_func+0x0/0x60) ->ftrace_graph_func+0x0/0x60 schedule_timeout (1) tramp: 0xffffffffc02f3000 (ftrace_graph_func+0x0/0x60) ->ftrace_graph_func+0x0/0x60 # > /sys/kernel/tracing/dynamic_events # cat /sys/kernel/tracing/enabled_functions # echo "f:myevent3 kmem_cache_free" >> /sys/kernel/tracing/dynamic_events # cat /sys/kernel/tracing/enabled_functions kmem_cache_free (1) tramp: 0xffffffffc0219000 (ftrace_graph_func+0x0/0x60) ->ftrace_graph_func+0x0/0x60 schedule_timeout (1) tramp: 0xffffffffc0219000 (ftrace_graph_func+0x0/0x60) ->ftrace_graph_func+0x0/0x60 The above enabled a fprobe on kernel_clone, and then on schedule_timeout. The content of the enabled_functions shows the functions that have a callback attached to them. The fprobe attached to those functions properly. Then the fprobes were cleared, and enabled_functions was empty after that. But after adding a fprobe on kmem_cache_free, the enabled_functions shows that the schedule_timeout was attached again. This is because it was still left in the fprobe ops that is used to tell function graph what functions it wants callbacks from. Cc: stable(a)vger.kernel.org Fixes: 4346ba1604093 ("fprobe: Rewrite fprobe on function-graph tracer") Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- kernel/trace/fprobe.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/kernel/trace/fprobe.c b/kernel/trace/fprobe.c index 90241091ca61..886090845b1a 100644 --- a/kernel/trace/fprobe.c +++ b/kernel/trace/fprobe.c @@ -403,11 +403,9 @@ static void fprobe_graph_remove_ips(unsigned long *addrs, int num) lockdep_assert_held(&fprobe_mutex); fprobe_graph_active--; - if (!fprobe_graph_active) { - /* Q: should we unregister it ? */ + /* Q: should we unregister it ? */ + if (!fprobe_graph_active) unregister_ftrace_graph(&fprobe_graph_ops); - return; - } ftrace_set_filter_ips(&fprobe_graph_ops.ops, addrs, num, 1, 0); } -- 2.47.2

4 months, 3 weeks

2
2
0 0

[PATCH 3/5] fprobe: Fix accounting of when to unregister from function graph

by Steven Rostedt

From: Steven Rostedt <rostedt(a)goodmis.org> When adding a new fprobe, it will update the function hash to the functions the fprobe is attached to and register with function graph to have it call the registered functions. The fprobe_graph_active variable keeps track of the number of fprobes that are using function graph. If two fprobes attach to the same function, it increments the fprobe_graph_active for each of them. But when they are removed, the first fprobe to be removed will see that the function it is attached to is also used by another fprobe and it will not remove that function from function_graph. The logic will skip decrementing the fprobe_graph_active variable. This causes the fprobe_graph_active variable to not go to zero when all fprobes are removed, and in doing so it does not unregister from function graph. As the fgraph ops hash will now be empty, and an empty filter hash means all functions are enabled, this triggers function graph to add a callback to the fprobe infrastructure for every function! # echo "f:myevent1 kernel_clone" >> /sys/kernel/tracing/dynamic_events # echo "f:myevent2 kernel_clone%return" >> /sys/kernel/tracing/dynamic_events # cat /sys/kernel/tracing/enabled_functions kernel_clone (1) tramp: 0xffffffffc0024000 (ftrace_graph_func+0x0/0x60) ->ftrace_graph_func+0x0/0x60 # > /sys/kernel/tracing/dynamic_events # cat /sys/kernel/tracing/enabled_functions trace_initcall_start_cb (1) tramp: 0xffffffffc0026000 (function_trace_call+0x0/0x170) ->function_trace_call+0x0/0x170 run_init_process (1) tramp: 0xffffffffc0026000 (function_trace_call+0x0/0x170) ->function_trace_call+0x0/0x170 try_to_run_init_process (1) tramp: 0xffffffffc0026000 (function_trace_call+0x0/0x170) ->function_trace_call+0x0/0x170 x86_pmu_show_pmu_cap (1) tramp: 0xffffffffc0026000 (function_trace_call+0x0/0x170) ->function_trace_call+0x0/0x170 cleanup_rapl_pmus (1) tramp: 0xffffffffc0026000 (function_trace_call+0x0/0x170) ->function_trace_call+0x0/0x170 uncore_free_pcibus_map (1) tramp: 0xffffffffc0026000 (function_trace_call+0x0/0x170) ->function_trace_call+0x0/0x170 uncore_types_exit (1) tramp: 0xffffffffc0026000 (function_trace_call+0x0/0x170) ->function_trace_call+0x0/0x170 uncore_pci_exit.part.0 (1) tramp: 0xffffffffc0026000 (function_trace_call+0x0/0x170) ->function_trace_call+0x0/0x170 kvm_shutdown (1) tramp: 0xffffffffc0026000 (function_trace_call+0x0/0x170) ->function_trace_call+0x0/0x170 vmx_dump_msrs (1) tramp: 0xffffffffc0026000 (function_trace_call+0x0/0x170) ->function_trace_call+0x0/0x170 [..] # cat /sys/kernel/tracing/enabled_functions | wc -l 54702 If a fprobe is being removed and all its functions are also traced by other fprobes, still decrement the fprobe_graph_active counter. Cc: stable(a)vger.kernel.org Fixes: 4346ba1604093 ("fprobe: Rewrite fprobe on function-graph tracer") Closes: https://lore.kernel.org/all/20250217114918.10397-A-hca@linux.ibm.com/ Reported-by: Heiko Carstens <hca(a)linux.ibm.com> Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- kernel/trace/fprobe.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/kernel/trace/fprobe.c b/kernel/trace/fprobe.c index 2560b312ad57..90241091ca61 100644 --- a/kernel/trace/fprobe.c +++ b/kernel/trace/fprobe.c @@ -681,6 +681,8 @@ int unregister_fprobe(struct fprobe *fp) if (count) fprobe_graph_remove_ips(addrs, count); + else + fprobe_graph_active--; kfree_rcu(hlist_array, rcu); fp->hlist_array = NULL; -- 2.47.2

4 months, 3 weeks

2
2
0 0

[PATCH 0/2] bus: mhi: host: pci_generic: Couple of recovery fixes

by Manivannan Sadhasivam via B4 Relay

Hi, This series fixes a couple of issues reported by Johan in [1]. First one fixes a deadlock that happens during shutdown and suspend. Second one fixes the driver's PM behavior. [1] https://lore.kernel.org/mhi/Z1me8iaK7cwgjL92@hovoldconsulting.com Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> --- Manivannan Sadhasivam (2): bus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid deadlock bus: mhi: host: pci_generic: Recover the device synchronously from mhi_pci_runtime_resume() drivers/bus/mhi/host/pci_generic.c | 29 +++++++++++++++++------------ 1 file changed, 17 insertions(+), 12 deletions(-) --- base-commit: fc033cf25e612e840e545f8d5ad2edd6ba613ed5 change-id: 20250108-mhi_recovery_fix-a8f37168f91c Best regards, -- Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org>

4 months, 3 weeks

4
13
0 0

[PATCH v2] arm64: dts: socfpga: agilex5: fix gpio0 address

by niravkumar.l.rabara＠intel.com

From: Niravkumar L Rabara <niravkumar.l.rabara(a)intel.com> Use the correct gpio0 address for Agilex5. Fixes: 3f7c869e143a ("arm64: dts: socfpga: agilex5: Add gpio0 node and spi dma handshake id") Cc: stable(a)vger.kernel.org Signed-off-by: Niravkumar L Rabara <niravkumar.l.rabara(a)intel.com> --- changes in v2: * Fix dtbs_check warning and update commit message for better clarity. link to v1: - https://lore.kernel.org/all/20250212100131.2668403-1-niravkumar.l.rabara@in… arch/arm64/boot/dts/intel/socfpga_agilex5.dtsi | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/arm64/boot/dts/intel/socfpga_agilex5.dtsi b/arch/arm64/boot/dts/intel/socfpga_agilex5.dtsi index 51c6e19e40b8..7d9394a04302 100644 --- a/arch/arm64/boot/dts/intel/socfpga_agilex5.dtsi +++ b/arch/arm64/boot/dts/intel/socfpga_agilex5.dtsi @@ -222,9 +222,9 @@ i3c1: i3c@10da1000 { status = "disabled"; }; - gpio0: gpio@ffc03200 { + gpio0: gpio@10c03200 { compatible = "snps,dw-apb-gpio"; - reg = <0xffc03200 0x100>; + reg = <0x10c03200 0x100>; #address-cells = <1>; #size-cells = <0>; resets = <&rst GPIO0_RESET>; -- 2.25.1

4 months, 3 weeks

3
2
0 0

[PATCH 1/2] drm/amdgpu/gfx9: manually control gfxoff for CS on RV

by Alex Deucher

When mesa started using compute queues more often we started seeing additional hangs with compute queues. Disabling gfxoff seems to mitigate that. Manually control gfxoff and gfx pg with command submissions to avoid any issues related to gfxoff. KFD already does the same thing for these chips. v2: limit to compute v3: limit to APUs v4: limit to Raven/PCO v5: only update the compute ring_funcs v6: Disable GFX PG v7: adjust order Backport the change to 6.13 and older kernels due to a change in function signatures. Reviewed-by: Lijo Lazar <lijo.lazar(a)amd.com> Suggested-by: Błażej Szczygieł <mumei6102(a)gmail.com> Suggested-by: Sergey Kovalenko <seryoga.engineering(a)gmail.com> Link: https://gitlab.freedesktop.org/drm/amd/-/issues/3861 Link: https://lists.freedesktop.org/archives/amd-gfx/2025-January/119116.html Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org # 6.12.x (cherry picked from commit b35eb9128ebeec534eed1cefd6b9b1b7282cf5ba) --- drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c | 32 +++++++++++++++++++++++++-- 1 file changed, 30 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c b/drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c index 0b6f09f2cc9b..d28258bb6d29 100644 --- a/drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c +++ b/drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c @@ -7439,6 +7439,34 @@ static void gfx_v9_0_ring_emit_cleaner_shader(struct amdgpu_ring *ring) amdgpu_ring_write(ring, 0); /* RESERVED field, programmed to zero */ } +static void gfx_v9_0_ring_begin_use_compute(struct amdgpu_ring *ring) +{ + struct amdgpu_device *adev = ring->adev; + + amdgpu_gfx_enforce_isolation_ring_begin_use(ring); + + /* Raven and PCO APUs seem to have stability issues + * with compute and gfxoff and gfx pg. Disable gfx pg during + * submission and allow again afterwards. + */ + if (amdgpu_ip_version(adev, GC_HWIP, 0) == IP_VERSION(9, 1, 0)) + gfx_v9_0_set_powergating_state(adev, AMD_PG_STATE_UNGATE); +} + +static void gfx_v9_0_ring_end_use_compute(struct amdgpu_ring *ring) +{ + struct amdgpu_device *adev = ring->adev; + + /* Raven and PCO APUs seem to have stability issues + * with compute and gfxoff and gfx pg. Disable gfx pg during + * submission and allow again afterwards. + */ + if (amdgpu_ip_version(adev, GC_HWIP, 0) == IP_VERSION(9, 1, 0)) + gfx_v9_0_set_powergating_state(adev, AMD_PG_STATE_GATE); + + amdgpu_gfx_enforce_isolation_ring_end_use(ring); +} + static const struct amd_ip_funcs gfx_v9_0_ip_funcs = { .name = "gfx_v9_0", .early_init = gfx_v9_0_early_init, @@ -7615,8 +7643,8 @@ static const struct amdgpu_ring_funcs gfx_v9_0_ring_funcs_compute = { .emit_wave_limit = gfx_v9_0_emit_wave_limit, .reset = gfx_v9_0_reset_kcq, .emit_cleaner_shader = gfx_v9_0_ring_emit_cleaner_shader, - .begin_use = amdgpu_gfx_enforce_isolation_ring_begin_use, - .end_use = amdgpu_gfx_enforce_isolation_ring_end_use, + .begin_use = gfx_v9_0_ring_begin_use_compute, + .end_use = gfx_v9_0_ring_end_use_compute, }; static const struct amdgpu_ring_funcs gfx_v9_0_ring_funcs_kiq = { -- 2.48.1

4 months, 3 weeks

1
1
0 0

[PATCH net-next v2 1/2] net: advertise 'netns local' property via netlink

by Nicolas Dichtel

Since the below commit, there is no way to see if the netns_local property is set on a device. Let's add a netlink attribute to advertise it. CC: stable(a)vger.kernel.org Fixes: 05c1280a2bcf ("netdev_features: convert NETIF_F_NETNS_LOCAL to dev->netns_local") Signed-off-by: Nicolas Dichtel <nicolas.dichtel(a)6wind.com> --- Documentation/netlink/specs/rt_link.yaml | 3 +++ include/uapi/linux/if_link.h | 1 + net/core/rtnetlink.c | 3 +++ 3 files changed, 7 insertions(+) diff --git a/Documentation/netlink/specs/rt_link.yaml b/Documentation/netlink/specs/rt_link.yaml index 0d492500c7e5..a646d8a6bf9d 100644 --- a/Documentation/netlink/specs/rt_link.yaml +++ b/Documentation/netlink/specs/rt_link.yaml @@ -1148,6 +1148,9 @@ attribute-sets: name: max-pacing-offload-horizon type: uint doc: EDT offload horizon supported by the device (in nsec). + - + name: netns-local + type: u8 - name: af-spec-attrs attributes: diff --git a/include/uapi/linux/if_link.h b/include/uapi/linux/if_link.h index bfe880fbbb24..ed4a64e1c8f1 100644 --- a/include/uapi/linux/if_link.h +++ b/include/uapi/linux/if_link.h @@ -378,6 +378,7 @@ enum { IFLA_GRO_IPV4_MAX_SIZE, IFLA_DPLL_PIN, IFLA_MAX_PACING_OFFLOAD_HORIZON, + IFLA_NETNS_LOCAL, __IFLA_MAX }; diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c index abe1a461ea67..acf787e4d22d 100644 --- a/net/core/rtnetlink.c +++ b/net/core/rtnetlink.c @@ -1292,6 +1292,7 @@ static noinline size_t if_nlmsg_size(const struct net_device *dev, + nla_total_size(4) /* IFLA_TSO_MAX_SEGS */ + nla_total_size(1) /* IFLA_OPERSTATE */ + nla_total_size(1) /* IFLA_LINKMODE */ + + nla_total_size(1) /* IFLA_NETNS_LOCAL */ + nla_total_size(4) /* IFLA_CARRIER_CHANGES */ + nla_total_size(4) /* IFLA_LINK_NETNSID */ + nla_total_size(4) /* IFLA_GROUP */ @@ -2046,6 +2047,7 @@ static int rtnl_fill_ifinfo(struct sk_buff *skb, netif_running(dev) ? READ_ONCE(dev->operstate) : IF_OPER_DOWN) || nla_put_u8(skb, IFLA_LINKMODE, READ_ONCE(dev->link_mode)) || + nla_put_u8(skb, IFLA_NETNS_LOCAL, dev->netns_local) || nla_put_u32(skb, IFLA_MTU, READ_ONCE(dev->mtu)) || nla_put_u32(skb, IFLA_MIN_MTU, READ_ONCE(dev->min_mtu)) || nla_put_u32(skb, IFLA_MAX_MTU, READ_ONCE(dev->max_mtu)) || @@ -2234,6 +2236,7 @@ static const struct nla_policy ifla_policy[IFLA_MAX+1] = { [IFLA_ALLMULTI] = { .type = NLA_REJECT }, [IFLA_GSO_IPV4_MAX_SIZE] = NLA_POLICY_MIN(NLA_U32, MAX_TCP_HEADER + 1), [IFLA_GRO_IPV4_MAX_SIZE] = { .type = NLA_U32 }, + [IFLA_NETNS_LOCAL] = { .type = NLA_REJECT }, }; static const struct nla_policy ifla_info_policy[IFLA_INFO_MAX+1] = { -- 2.47.1

4 months, 3 weeks

2
2
0 0

[PATCH 6.1] block, bfq: split sync bfq_queues on a per-actuator basis

by Hagar Hemdan

From: Paolo Valente <paolo.valente(a)linaro.org> commit 9778369a2d6c5ed2b81a04164c4aa9da1bdb193d upstream. Single-LUN multi-actuator SCSI drives, as well as all multi-actuator SATA drives appear as a single device to the I/O subsystem [1]. Yet they address commands to different actuators internally, as a function of Logical Block Addressing (LBAs). A given sector is reachable by only one of the actuators. For example, Seagate’s Serial Advanced Technology Attachment (SATA) version contains two actuators and maps the lower half of the SATA LBA space to the lower actuator and the upper half to the upper actuator. Evidently, to fully utilize actuators, no actuator must be left idle or underutilized while there is pending I/O for it. The block layer must somehow control the load of each actuator individually. This commit lays the ground for allowing BFQ to provide such a per-actuator control. BFQ associates an I/O-request sync bfq_queue with each process doing synchronous I/O, or with a group of processes, in case of queue merging. Then BFQ serves one bfq_queue at a time. While in service, a bfq_queue is emptied in request-position order. Yet the same process, or group of processes, may generate I/O for different actuators. In this case, different streams of I/O (each for a different actuator) get all inserted into the same sync bfq_queue. So there is basically no individual control on when each stream is served, i.e., on when the I/O requests of the stream are picked from the bfq_queue and dispatched to the drive. This commit enables BFQ to control the service of each actuator individually for synchronous I/O, by simply splitting each sync bfq_queue into N queues, one for each actuator. In other words, a sync bfq_queue is now associated to a pair (process, actuator). As a consequence of this split, the per-queue proportional-share policy implemented by BFQ will guarantee that the sync I/O generated for each actuator, by each process, receives its fair share of service. This is just a preparatory patch. If the I/O of the same process happens to be sent to different queues, then each of these queues may undergo queue merging. To handle this event, the bfq_io_cq data structure must be properly extended. In addition, stable merging must be disabled to avoid loss of control on individual actuators. Finally, also async queues must be split. These issues are described in detail and addressed in next commits. As for this commit, although multiple per-process bfq_queues are provided, the I/O of each process or group of processes is still sent to only one queue, regardless of the actuator the I/O is for. The forwarding to distinct bfq_queues will be enabled after addressing the above issues. [1] https://www.linaro.org/blog/budget-fair-queueing-bfq-linux-io-scheduler-opt… Reviewed-by: Damien Le Moal <damien.lemoal(a)opensource.wdc.com> Signed-off-by: Gabriele Felici <felicigb(a)gmail.com> Signed-off-by: Carmine Zaccagnino <carmine(a)carminezacc.com> Signed-off-by: Paolo Valente <paolo.valente(a)linaro.org> Link: https://lore.kernel.org/r/20230103145503.71712-2-paolo.valente@linaro.org Signed-off-by: Jens Axboe <axboe(a)kernel.dk> Stable-dep-of: e8b8344de398 ("block, bfq: fix bfqq uaf in bfq_limit_depth()") [Hagar: needed contextual fixes] Signed-off-by: Hagar Hemdan <hagarhem(a)amazon.com> --- block/bfq-cgroup.c | 95 +++++++++++++------------- block/bfq-iosched.c | 160 +++++++++++++++++++++++++++++--------------- block/bfq-iosched.h | 51 +++++++++++--- 3 files changed, 196 insertions(+), 110 deletions(-) diff --git a/block/bfq-cgroup.c b/block/bfq-cgroup.c index 60b4299bec8ec..5d202b775beb4 100644 --- a/block/bfq-cgroup.c +++ b/block/bfq-cgroup.c @@ -704,6 +704,46 @@ void bfq_bfqq_move(struct bfq_data *bfqd, struct bfq_queue *bfqq, bfq_put_queue(bfqq); } +static void bfq_sync_bfqq_move(struct bfq_data *bfqd, + struct bfq_queue *sync_bfqq, + struct bfq_io_cq *bic, + struct bfq_group *bfqg, + unsigned int act_idx) +{ + struct bfq_queue *bfqq; + + if (!sync_bfqq->new_bfqq && !bfq_bfqq_coop(sync_bfqq)) { + /* We are the only user of this bfqq, just move it */ + if (sync_bfqq->entity.sched_data != &bfqg->sched_data) + bfq_bfqq_move(bfqd, sync_bfqq, bfqg); + return; + } + + /* + * The queue was merged to a different queue. Check + * that the merge chain still belongs to the same + * cgroup. + */ + for (bfqq = sync_bfqq; bfqq; bfqq = bfqq->new_bfqq) + if (bfqq->entity.sched_data != &bfqg->sched_data) + break; + if (bfqq) { + /* + * Some queue changed cgroup so the merge is not valid + * anymore. We cannot easily just cancel the merge (by + * clearing new_bfqq) as there may be other processes + * using this queue and holding refs to all queues + * below sync_bfqq->new_bfqq. Similarly if the merge + * already happened, we need to detach from bfqq now + * so that we cannot merge bio to a request from the + * old cgroup. + */ + bfq_put_cooperator(sync_bfqq); + bfq_release_process_ref(bfqd, sync_bfqq); + bic_set_bfqq(bic, NULL, true, act_idx); + } +} + /** * __bfq_bic_change_cgroup - move @bic to @bfqg. * @bfqd: the queue descriptor. @@ -714,60 +754,25 @@ void bfq_bfqq_move(struct bfq_data *bfqd, struct bfq_queue *bfqq, * sure that the reference to cgroup is valid across the call (see * comments in bfq_bic_update_cgroup on this issue) */ -static void *__bfq_bic_change_cgroup(struct bfq_data *bfqd, +static void __bfq_bic_change_cgroup(struct bfq_data *bfqd, struct bfq_io_cq *bic, struct bfq_group *bfqg) { - struct bfq_queue *async_bfqq = bic_to_bfqq(bic, false); - struct bfq_queue *sync_bfqq = bic_to_bfqq(bic, true); - struct bfq_entity *entity; + unsigned int act_idx; - if (async_bfqq) { - entity = &async_bfqq->entity; + for (act_idx = 0; act_idx < bfqd->num_actuators; act_idx++) { + struct bfq_queue *async_bfqq = bic_to_bfqq(bic, false, act_idx); + struct bfq_queue *sync_bfqq = bic_to_bfqq(bic, true, act_idx); - if (entity->sched_data != &bfqg->sched_data) { - bic_set_bfqq(bic, NULL, false); + if (async_bfqq && + async_bfqq->entity.sched_data != &bfqg->sched_data) { + bic_set_bfqq(bic, NULL, false, act_idx); bfq_release_process_ref(bfqd, async_bfqq); } - } - if (sync_bfqq) { - if (!sync_bfqq->new_bfqq && !bfq_bfqq_coop(sync_bfqq)) { - /* We are the only user of this bfqq, just move it */ - if (sync_bfqq->entity.sched_data != &bfqg->sched_data) - bfq_bfqq_move(bfqd, sync_bfqq, bfqg); - } else { - struct bfq_queue *bfqq; - - /* - * The queue was merged to a different queue. Check - * that the merge chain still belongs to the same - * cgroup. - */ - for (bfqq = sync_bfqq; bfqq; bfqq = bfqq->new_bfqq) - if (bfqq->entity.sched_data != - &bfqg->sched_data) - break; - if (bfqq) { - /* - * Some queue changed cgroup so the merge is - * not valid anymore. We cannot easily just - * cancel the merge (by clearing new_bfqq) as - * there may be other processes using this - * queue and holding refs to all queues below - * sync_bfqq->new_bfqq. Similarly if the merge - * already happened, we need to detach from - * bfqq now so that we cannot merge bio to a - * request from the old cgroup. - */ - bfq_put_cooperator(sync_bfqq); - bic_set_bfqq(bic, NULL, true); - bfq_release_process_ref(bfqd, sync_bfqq); - } - } + if (sync_bfqq) + bfq_sync_bfqq_move(bfqd, sync_bfqq, bic, bfqg, act_idx); } - - return bfqg; } void bfq_bic_update_cgroup(struct bfq_io_cq *bic, struct bio *bio) diff --git a/block/bfq-iosched.c b/block/bfq-iosched.c index f759457646530..76b2e66d09070 100644 --- a/block/bfq-iosched.c +++ b/block/bfq-iosched.c @@ -377,16 +377,23 @@ static const unsigned long bfq_late_stable_merging = 600; #define RQ_BIC(rq) ((struct bfq_io_cq *)((rq)->elv.priv[0])) #define RQ_BFQQ(rq) ((rq)->elv.priv[1]) -struct bfq_queue *bic_to_bfqq(struct bfq_io_cq *bic, bool is_sync) +struct bfq_queue *bic_to_bfqq(struct bfq_io_cq *bic, bool is_sync, + unsigned int actuator_idx) { - return bic->bfqq[is_sync]; + if (is_sync) + return bic->bfqq[1][actuator_idx]; + + return bic->bfqq[0][actuator_idx]; } static void bfq_put_stable_ref(struct bfq_queue *bfqq); -void bic_set_bfqq(struct bfq_io_cq *bic, struct bfq_queue *bfqq, bool is_sync) +void bic_set_bfqq(struct bfq_io_cq *bic, + struct bfq_queue *bfqq, + bool is_sync, + unsigned int actuator_idx) { - struct bfq_queue *old_bfqq = bic->bfqq[is_sync]; + struct bfq_queue *old_bfqq = bic->bfqq[is_sync][actuator_idx]; /* Clear bic pointer if bfqq is detached from this bic */ if (old_bfqq && old_bfqq->bic == bic) @@ -405,7 +412,10 @@ void bic_set_bfqq(struct bfq_io_cq *bic, struct bfq_queue *bfqq, bool is_sync) * we cancel the stable merge if * bic->stable_merge_bfqq == bfqq. */ - bic->bfqq[is_sync] = bfqq; + if (is_sync) + bic->bfqq[1][actuator_idx] = bfqq; + else + bic->bfqq[0][actuator_idx] = bfqq; if (bfqq && bic->stable_merge_bfqq == bfqq) { /* @@ -680,9 +690,9 @@ static void bfq_limit_depth(blk_opf_t opf, struct blk_mq_alloc_data *data) { struct bfq_data *bfqd = data->q->elevator->elevator_data; struct bfq_io_cq *bic = bfq_bic_lookup(data->q); - struct bfq_queue *bfqq = bic ? bic_to_bfqq(bic, op_is_sync(opf)) : NULL; int depth; unsigned limit = data->q->nr_requests; + unsigned int act_idx; /* Sync reads have full depth available */ if (op_is_sync(opf) && !op_is_write(opf)) { @@ -692,14 +702,21 @@ static void bfq_limit_depth(blk_opf_t opf, struct blk_mq_alloc_data *data) limit = (limit * depth) >> bfqd->full_depth_shift; } - /* - * Does queue (or any parent entity) exceed number of requests that - * should be available to it? Heavily limit depth so that it cannot - * consume more available requests and thus starve other entities. - */ - if (bfqq && bfqq_request_over_limit(bfqq, limit)) - depth = 1; + for (act_idx = 0; bic && act_idx < bfqd->num_actuators; act_idx++) { + struct bfq_queue *bfqq = + bic_to_bfqq(bic, op_is_sync(opf), act_idx); + /* + * Does queue (or any parent entity) exceed number of + * requests that should be available to it? Heavily + * limit depth so that it cannot consume more + * available requests and thus starve other entities. + */ + if (bfqq && bfqq_request_over_limit(bfqq, limit)) { + depth = 1; + break; + } + } bfq_log(bfqd, "[%s] wr_busy %d sync %d depth %u", __func__, bfqd->wr_busy_queues, op_is_sync(opf), depth); if (depth) @@ -1820,6 +1837,18 @@ static bool bfq_bfqq_higher_class_or_weight(struct bfq_queue *bfqq, return bfqq_weight > in_serv_weight; } +/* + * Get the index of the actuator that will serve bio. + */ +static unsigned int bfq_actuator_index(struct bfq_data *bfqd, struct bio *bio) +{ + /* + * Multi-actuator support not complete yet, so always return 0 + * for the moment (to keep incomplete mechanisms off). + */ + return 0; +} + static bool bfq_better_to_idle(struct bfq_queue *bfqq); static void bfq_bfqq_handle_idle_busy_switch(struct bfq_data *bfqd, @@ -2150,7 +2179,7 @@ static void bfq_check_waker(struct bfq_data *bfqd, struct bfq_queue *bfqq, * We reset waker detection logic also if too much time has passed * since the first detection. If wakeups are rare, pointless idling * doesn't hurt throughput that much. The condition below makes sure - * we do not uselessly idle blocking waker in more than 1/64 cases. + * we do not uselessly idle blocking waker in more than 1/64 cases. */ if (bfqd->last_completed_rq_bfqq != bfqq->tentative_waker_bfqq || @@ -2486,7 +2515,8 @@ static bool bfq_bio_merge(struct request_queue *q, struct bio *bio, */ bfq_bic_update_cgroup(bic, bio); - bfqd->bio_bfqq = bic_to_bfqq(bic, op_is_sync(bio->bi_opf)); + bfqd->bio_bfqq = bic_to_bfqq(bic, op_is_sync(bio->bi_opf), + bfq_actuator_index(bfqd, bio)); } else { bfqd->bio_bfqq = NULL; } @@ -3188,7 +3218,7 @@ static struct bfq_queue *bfq_merge_bfqqs(struct bfq_data *bfqd, /* * Merge queues (that is, let bic redirect its requests to new_bfqq) */ - bic_set_bfqq(bic, new_bfqq, true); + bic_set_bfqq(bic, new_bfqq, true, bfqq->actuator_idx); bfq_mark_bfqq_coop(new_bfqq); /* * new_bfqq now belongs to at least two bics (it is a shared queue): @@ -4818,11 +4848,8 @@ static struct bfq_queue *bfq_select_queue(struct bfq_data *bfqd) */ if (bfq_bfqq_wait_request(bfqq) || (bfqq->dispatched != 0 && bfq_better_to_idle(bfqq))) { - struct bfq_queue *async_bfqq = - bfqq->bic && bfqq->bic->bfqq[0] && - bfq_bfqq_busy(bfqq->bic->bfqq[0]) && - bfqq->bic->bfqq[0]->next_rq ? - bfqq->bic->bfqq[0] : NULL; + unsigned int act_idx = bfqq->actuator_idx; + struct bfq_queue *async_bfqq = NULL; struct bfq_queue *blocked_bfqq = !hlist_empty(&bfqq->woken_list) ? container_of(bfqq->woken_list.first, @@ -4830,6 +4857,10 @@ static struct bfq_queue *bfq_select_queue(struct bfq_data *bfqd) woken_list_node) : NULL; + if (bfqq->bic && bfqq->bic->bfqq[0][act_idx] && + bfq_bfqq_busy(bfqq->bic->bfqq[0][act_idx]) && + bfqq->bic->bfqq[0][act_idx]->next_rq) + async_bfqq = bfqq->bic->bfqq[0][act_idx]; /* * The next four mutually-exclusive ifs decide * whether to try injection, and choose the queue to @@ -4914,7 +4945,7 @@ static struct bfq_queue *bfq_select_queue(struct bfq_data *bfqd) icq_to_bic(async_bfqq->next_rq->elv.icq) == bfqq->bic && bfq_serv_to_charge(async_bfqq->next_rq, async_bfqq) <= bfq_bfqq_budget_left(async_bfqq)) - bfqq = bfqq->bic->bfqq[0]; + bfqq = bfqq->bic->bfqq[0][act_idx]; else if (bfqq->waker_bfqq && bfq_bfqq_busy(bfqq->waker_bfqq) && bfqq->waker_bfqq->next_rq && @@ -5375,48 +5406,54 @@ static void bfq_exit_bfqq(struct bfq_data *bfqd, struct bfq_queue *bfqq) bfq_release_process_ref(bfqd, bfqq); } -static void bfq_exit_icq_bfqq(struct bfq_io_cq *bic, bool is_sync) +static void bfq_exit_icq_bfqq(struct bfq_io_cq *bic, bool is_sync, + unsigned int actuator_idx) { - struct bfq_queue *bfqq = bic_to_bfqq(bic, is_sync); + struct bfq_queue *bfqq = bic_to_bfqq(bic, is_sync, actuator_idx); struct bfq_data *bfqd; if (bfqq) bfqd = bfqq->bfqd; /* NULL if scheduler already exited */ if (bfqq && bfqd) { - unsigned long flags; - - spin_lock_irqsave(&bfqd->lock, flags); - bic_set_bfqq(bic, NULL, is_sync); + bic_set_bfqq(bic, NULL, is_sync, actuator_idx); bfq_exit_bfqq(bfqd, bfqq); - spin_unlock_irqrestore(&bfqd->lock, flags); } } static void bfq_exit_icq(struct io_cq *icq) { struct bfq_io_cq *bic = icq_to_bic(icq); + struct bfq_data *bfqd = bic_to_bfqd(bic); + unsigned long flags; + unsigned int act_idx; + /* + * If bfqd and thus bfqd->num_actuators is not available any + * longer, then cycle over all possible per-actuator bfqqs in + * next loop. We rely on bic being zeroed on creation, and + * therefore on its unused per-actuator fields being NULL. + */ + unsigned int num_actuators = BFQ_MAX_ACTUATORS; - if (bic->stable_merge_bfqq) { - struct bfq_data *bfqd = bic->stable_merge_bfqq->bfqd; + /* + * bfqd is NULL if scheduler already exited, and in that case + * this is the last time these queues are accessed. + */ + if (bfqd) { + spin_lock_irqsave(&bfqd->lock, flags); + num_actuators = bfqd->num_actuators; + } - /* - * bfqd is NULL if scheduler already exited, and in - * that case this is the last time bfqq is accessed. - */ - if (bfqd) { - unsigned long flags; + if (bic->stable_merge_bfqq) + bfq_put_stable_ref(bic->stable_merge_bfqq); - spin_lock_irqsave(&bfqd->lock, flags); - bfq_put_stable_ref(bic->stable_merge_bfqq); - spin_unlock_irqrestore(&bfqd->lock, flags); - } else { - bfq_put_stable_ref(bic->stable_merge_bfqq); - } + for (act_idx = 0; act_idx < num_actuators; act_idx++) { + bfq_exit_icq_bfqq(bic, true, act_idx); + bfq_exit_icq_bfqq(bic, false, act_idx); } - bfq_exit_icq_bfqq(bic, true); - bfq_exit_icq_bfqq(bic, false); + if (bfqd) + spin_unlock_irqrestore(&bfqd->lock, flags); } /* @@ -5493,25 +5530,27 @@ static void bfq_check_ioprio_change(struct bfq_io_cq *bic, struct bio *bio) bic->ioprio = ioprio; - bfqq = bic_to_bfqq(bic, false); + bfqq = bic_to_bfqq(bic, false, bfq_actuator_index(bfqd, bio)); if (bfqq) { struct bfq_queue *old_bfqq = bfqq; bfqq = bfq_get_queue(bfqd, bio, false, bic, true); - bic_set_bfqq(bic, bfqq, false); + bic_set_bfqq(bic, bfqq, false, bfq_actuator_index(bfqd, bio)); bfq_release_process_ref(bfqd, old_bfqq); } - bfqq = bic_to_bfqq(bic, true); + bfqq = bic_to_bfqq(bic, true, bfq_actuator_index(bfqd, bio)); if (bfqq) bfq_set_next_ioprio_data(bfqq, bic); } static void bfq_init_bfqq(struct bfq_data *bfqd, struct bfq_queue *bfqq, - struct bfq_io_cq *bic, pid_t pid, int is_sync) + struct bfq_io_cq *bic, pid_t pid, int is_sync, + unsigned int act_idx) { u64 now_ns = ktime_get_ns(); + bfqq->actuator_idx = act_idx; RB_CLEAR_NODE(&bfqq->entity.rb_node); INIT_LIST_HEAD(&bfqq->fifo); INIT_HLIST_NODE(&bfqq->burst_list_node); @@ -5762,7 +5801,7 @@ static struct bfq_queue *bfq_get_queue(struct bfq_data *bfqd, if (bfqq) { bfq_init_bfqq(bfqd, bfqq, bic, current->pid, - is_sync); + is_sync, bfq_actuator_index(bfqd, bio)); bfq_init_entity(&bfqq->entity, bfqg); bfq_log_bfqq(bfqd, bfqq, "allocated"); } else { @@ -6078,7 +6117,8 @@ static bool __bfq_insert_request(struct bfq_data *bfqd, struct request *rq) * then complete the merge and redirect it to * new_bfqq. */ - if (bic_to_bfqq(RQ_BIC(rq), 1) == bfqq) { + if (bic_to_bfqq(RQ_BIC(rq), true, + bfq_actuator_index(bfqd, rq->bio)) == bfqq) { while (bfqq != new_bfqq) bfqq = bfq_merge_bfqqs(bfqd, RQ_BIC(rq), bfqq); } @@ -6632,7 +6672,7 @@ bfq_split_bfqq(struct bfq_io_cq *bic, struct bfq_queue *bfqq) return bfqq; } - bic_set_bfqq(bic, NULL, true); + bic_set_bfqq(bic, NULL, true, bfqq->actuator_idx); bfq_put_cooperator(bfqq); @@ -6646,7 +6686,8 @@ static struct bfq_queue *bfq_get_bfqq_handle_split(struct bfq_data *bfqd, bool split, bool is_sync, bool *new_queue) { - struct bfq_queue *bfqq = bic_to_bfqq(bic, is_sync); + unsigned int act_idx = bfq_actuator_index(bfqd, bio); + struct bfq_queue *bfqq = bic_to_bfqq(bic, is_sync, act_idx); if (likely(bfqq && bfqq != &bfqd->oom_bfqq)) return bfqq; @@ -6658,7 +6699,7 @@ static struct bfq_queue *bfq_get_bfqq_handle_split(struct bfq_data *bfqd, bfq_put_queue(bfqq); bfqq = bfq_get_queue(bfqd, bio, is_sync, bic, split); - bic_set_bfqq(bic, bfqq, is_sync); + bic_set_bfqq(bic, bfqq, is_sync, act_idx); if (split && is_sync) { if ((bic->was_in_burst_list && bfqd->large_burst) || bic->saved_in_large_burst) @@ -7139,8 +7180,10 @@ static int bfq_init_queue(struct request_queue *q, struct elevator_type *e) * Our fallback bfqq if bfq_find_alloc_queue() runs into OOM issues. * Grab a permanent reference to it, so that the normal code flow * will not attempt to free it. + * Set zero as actuator index: we will pretend that + * all I/O requests are for the same actuator. */ - bfq_init_bfqq(bfqd, &bfqd->oom_bfqq, NULL, 1, 0); + bfq_init_bfqq(bfqd, &bfqd->oom_bfqq, NULL, 1, 0, 0); bfqd->oom_bfqq.ref++; bfqd->oom_bfqq.new_ioprio = BFQ_DEFAULT_QUEUE_IOPRIO; bfqd->oom_bfqq.new_ioprio_class = IOPRIO_CLASS_BE; @@ -7159,6 +7202,13 @@ static int bfq_init_queue(struct request_queue *q, struct elevator_type *e) bfqd->queue = q; + /* + * Multi-actuator support not complete yet, unconditionally + * set to only one actuator for the moment (to keep incomplete + * mechanisms off). + */ + bfqd->num_actuators = 1; + INIT_LIST_HEAD(&bfqd->dispatch); hrtimer_init(&bfqd->idle_slice_timer, CLOCK_MONOTONIC, diff --git a/block/bfq-iosched.h b/block/bfq-iosched.h index 71f721670ab62..2b413ddffbb95 100644 --- a/block/bfq-iosched.h +++ b/block/bfq-iosched.h @@ -33,6 +33,14 @@ */ #define BFQ_SOFTRT_WEIGHT_FACTOR 100 +/* + * Maximum number of actuators supported. This constant is used simply + * to define the size of the static array that will contain + * per-actuator data. The current value is hopefully a good upper + * bound to the possible number of actuators of any actual drive. + */ +#define BFQ_MAX_ACTUATORS 8 + struct bfq_entity; /** @@ -225,12 +233,14 @@ struct bfq_ttime { * struct bfq_queue - leaf schedulable entity. * * A bfq_queue is a leaf request queue; it can be associated with an - * io_context or more, if it is async or shared between cooperating - * processes. @cgroup holds a reference to the cgroup, to be sure that it - * does not disappear while a bfqq still references it (mostly to avoid - * races between request issuing and task migration followed by cgroup - * destruction). - * All the fields are protected by the queue lock of the containing bfqd. + * io_context or more, if it is async or shared between cooperating + * processes. Besides, it contains I/O requests for only one actuator + * (an io_context is associated with a different bfq_queue for each + * actuator it generates I/O for). @cgroup holds a reference to the + * cgroup, to be sure that it does not disappear while a bfqq still + * references it (mostly to avoid races between request issuing and + * task migration followed by cgroup destruction). All the fields are + * protected by the queue lock of the containing bfqd. */ struct bfq_queue { /* reference counter */ @@ -395,6 +405,9 @@ struct bfq_queue { * the woken queues when this queue exits. */ struct hlist_head woken_list; + + /* index of the actuator this queue is associated with */ + unsigned int actuator_idx; }; /** @@ -403,8 +416,17 @@ struct bfq_queue { struct bfq_io_cq { /* associated io_cq structure */ struct io_cq icq; /* must be the first member */ - /* array of two process queues, the sync and the async */ - struct bfq_queue *bfqq[2]; + /* + * Matrix of associated process queues: first row for async + * queues, second row sync queues. Each row contains one + * column for each actuator. An I/O request generated by the + * process is inserted into the queue pointed by bfqq[i][j] if + * the request is to be served by the j-th actuator of the + * drive, where i==0 or i==1, depending on whether the request + * is async or sync. So there is a distinct queue for each + * actuator. + */ + struct bfq_queue *bfqq[2][BFQ_MAX_ACTUATORS]; /* per (request_queue, blkcg) ioprio */ int ioprio; #ifdef CONFIG_BFQ_GROUP_IOSCHED @@ -768,6 +790,13 @@ struct bfq_data { */ unsigned int word_depths[2][2]; unsigned int full_depth_shift; + + /* + * Number of independent actuators. This is equal to 1 in + * case of single-actuator drives. + */ + unsigned int num_actuators; + }; enum bfqq_state_flags { @@ -964,8 +993,10 @@ struct bfq_group { extern const int bfq_timeout; -struct bfq_queue *bic_to_bfqq(struct bfq_io_cq *bic, bool is_sync); -void bic_set_bfqq(struct bfq_io_cq *bic, struct bfq_queue *bfqq, bool is_sync); +struct bfq_queue *bic_to_bfqq(struct bfq_io_cq *bic, bool is_sync, + unsigned int actuator_idx); +void bic_set_bfqq(struct bfq_io_cq *bic, struct bfq_queue *bfqq, bool is_sync, + unsigned int actuator_idx); struct bfq_data *bic_to_bfqd(struct bfq_io_cq *bic); void bfq_pos_tree_add_move(struct bfq_data *bfqd, struct bfq_queue *bfqq); void bfq_weights_tree_add(struct bfq_data *bfqd, struct bfq_queue *bfqq, -- 2.47.1

4 months, 3 weeks

2
3
0 0

[PATCH] drm/xe/display: Add check for alloc_ordered_workqueue()

by Haoxiang Li

Add check for the return value of alloc_ordered_workqueue() in xe_display_create() to catch potential exception. Fixes: 44e694958b95 ("drm/xe/display: Implement display support") Cc: stable(a)vger.kernel.org Signed-off-by: Haoxiang Li <haoxiang_li2024(a)163.com> --- drivers/gpu/drm/xe/display/xe_display.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/gpu/drm/xe/display/xe_display.c b/drivers/gpu/drm/xe/display/xe_display.c index b3921dbc52ff..b5d6ae05d936 100644 --- a/drivers/gpu/drm/xe/display/xe_display.c +++ b/drivers/gpu/drm/xe/display/xe_display.c @@ -97,6 +97,8 @@ int xe_display_create(struct xe_device *xe) spin_lock_init(&xe->display.fb_tracking.lock); xe->display.hotplug.dp_wq = alloc_ordered_workqueue("xe-dp", 0); + if (!xe->display.hotplug.dp_wq) + return -ENOMEM; return drmm_add_action_or_reset(&xe->drm, display_destroy, NULL); } -- 2.25.1

4 months, 3 weeks

1
0
0 0

[PATCH] mlx5: Add check for get_macsec_device()

by Haoxiang Li

Add check for the return value of get_macsec_device() in mlx5r_del_gid_macsec_operations() to prevent null pointer dereference. Fixes: 58dbd6428a68 ("RDMA/mlx5: Handles RoCE MACsec steering rules addition and deletion") Cc: stable(a)vger.kernel.org Signed-off-by: Haoxiang Li <haoxiang_li2024(a)163.com> --- drivers/infiniband/hw/mlx5/macsec.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/infiniband/hw/mlx5/macsec.c b/drivers/infiniband/hw/mlx5/macsec.c index 3c56eb5eddf3..623b0a58f721 100644 --- a/drivers/infiniband/hw/mlx5/macsec.c +++ b/drivers/infiniband/hw/mlx5/macsec.c @@ -354,6 +354,11 @@ void mlx5r_del_gid_macsec_operations(const struct ib_gid_attr *attr) } } macsec_device = get_macsec_device(ndev, &dev->macsec.macsec_devices_list); + if (!macsec_device) { + dev_put(ndev); + mutex_unlock(&dev->macsec.lock); + return; + } mlx5_macsec_del_roce_rule(attr->index, dev->mdev->macsec_fs, &macsec_device->tx_rules_list, &macsec_device->rx_rules_list); mlx5_macsec_del_roce_gid(macsec_device, attr->index); -- 2.25.1

4 months, 3 weeks

2
1
0 0

FAILED: patch "[PATCH] io_uring/kbuf: reallocate buf lists on upgrade" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 8802766324e1f5d414a81ac43365c20142e85603 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021801-splinter-sappy-56b3@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8802766324e1f5d414a81ac43365c20142e85603 Mon Sep 17 00:00:00 2001 From: Pavel Begunkov <asml.silence(a)gmail.com> Date: Wed, 12 Feb 2025 13:46:46 +0000 Subject: [PATCH] io_uring/kbuf: reallocate buf lists on upgrade IORING_REGISTER_PBUF_RING can reuse an old struct io_buffer_list if it was created for legacy selected buffer and has been emptied. It violates the requirement that most of the field should stay stable after publish. Always reallocate it instead. Cc: stable(a)vger.kernel.org Reported-by: Pumpkin Chang <pumpkin(a)devco.re> Fixes: 2fcabce2d7d34 ("io_uring: disallow mixed provided buffer group registrations") Signed-off-by: Pavel Begunkov <asml.silence(a)gmail.com> Signed-off-by: Jens Axboe <axboe(a)kernel.dk> diff --git a/io_uring/kbuf.c b/io_uring/kbuf.c index 04bf493eecae..8e72de7712ac 100644 --- a/io_uring/kbuf.c +++ b/io_uring/kbuf.c @@ -415,6 +415,13 @@ void io_destroy_buffers(struct io_ring_ctx *ctx) } } +static void io_destroy_bl(struct io_ring_ctx *ctx, struct io_buffer_list *bl) +{ + scoped_guard(mutex, &ctx->mmap_lock) + WARN_ON_ONCE(xa_erase(&ctx->io_bl_xa, bl->bgid) != bl); + io_put_bl(ctx, bl); +} + int io_remove_buffers_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe) { struct io_provide_buf *p = io_kiocb_to_cmd(req, struct io_provide_buf); @@ -636,12 +643,13 @@ int io_register_pbuf_ring(struct io_ring_ctx *ctx, void __user *arg) /* if mapped buffer ring OR classic exists, don't allow */ if (bl->flags & IOBL_BUF_RING || !list_empty(&bl->buf_list)) return -EEXIST; - } else { - free_bl = bl = kzalloc(sizeof(*bl), GFP_KERNEL); - if (!bl) - return -ENOMEM; + io_destroy_bl(ctx, bl); } + free_bl = bl = kzalloc(sizeof(*bl), GFP_KERNEL); + if (!bl) + return -ENOMEM; + mmap_offset = (unsigned long)reg.bgid << IORING_OFF_PBUF_SHIFT; ring_size = flex_array_size(br, bufs, reg.ring_entries);

4 months, 3 weeks

2
1
0 0

FAILED: patch "[PATCH] io_uring/kbuf: reallocate buf lists on upgrade" failed to apply to 6.13-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.13-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.13.y git checkout FETCH_HEAD git cherry-pick -x 8802766324e1f5d414a81ac43365c20142e85603 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021855-snugly-hacked-a8fa@gregkh' --subject-prefix 'PATCH 6.13.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8802766324e1f5d414a81ac43365c20142e85603 Mon Sep 17 00:00:00 2001 From: Pavel Begunkov <asml.silence(a)gmail.com> Date: Wed, 12 Feb 2025 13:46:46 +0000 Subject: [PATCH] io_uring/kbuf: reallocate buf lists on upgrade IORING_REGISTER_PBUF_RING can reuse an old struct io_buffer_list if it was created for legacy selected buffer and has been emptied. It violates the requirement that most of the field should stay stable after publish. Always reallocate it instead. Cc: stable(a)vger.kernel.org Reported-by: Pumpkin Chang <pumpkin(a)devco.re> Fixes: 2fcabce2d7d34 ("io_uring: disallow mixed provided buffer group registrations") Signed-off-by: Pavel Begunkov <asml.silence(a)gmail.com> Signed-off-by: Jens Axboe <axboe(a)kernel.dk> diff --git a/io_uring/kbuf.c b/io_uring/kbuf.c index 04bf493eecae..8e72de7712ac 100644 --- a/io_uring/kbuf.c +++ b/io_uring/kbuf.c @@ -415,6 +415,13 @@ void io_destroy_buffers(struct io_ring_ctx *ctx) } } +static void io_destroy_bl(struct io_ring_ctx *ctx, struct io_buffer_list *bl) +{ + scoped_guard(mutex, &ctx->mmap_lock) + WARN_ON_ONCE(xa_erase(&ctx->io_bl_xa, bl->bgid) != bl); + io_put_bl(ctx, bl); +} + int io_remove_buffers_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe) { struct io_provide_buf *p = io_kiocb_to_cmd(req, struct io_provide_buf); @@ -636,12 +643,13 @@ int io_register_pbuf_ring(struct io_ring_ctx *ctx, void __user *arg) /* if mapped buffer ring OR classic exists, don't allow */ if (bl->flags & IOBL_BUF_RING || !list_empty(&bl->buf_list)) return -EEXIST; - } else { - free_bl = bl = kzalloc(sizeof(*bl), GFP_KERNEL); - if (!bl) - return -ENOMEM; + io_destroy_bl(ctx, bl); } + free_bl = bl = kzalloc(sizeof(*bl), GFP_KERNEL); + if (!bl) + return -ENOMEM; + mmap_offset = (unsigned long)reg.bgid << IORING_OFF_PBUF_SHIFT; ring_size = flex_array_size(br, bufs, reg.ring_entries);

4 months, 3 weeks

3
4
0 0

Re: [PATCH 6.13 000/274] 6.13.4-rc1 review

by Ronald Warsow

Hi Greg no regressions here on x86_64 (RKL, Intel 11th Gen. CPU) Thanks Tested-by: Ronald Warsow <rwarsow(a)gmx.de>

4 months, 3 weeks

1
0
0 0

[PATCH 5.10] mm: call the security_mmap_file() LSM hook in remap_file_pages()

by Pratyush Yadav

From: Shu Han <ebpqwerty472123(a)gmail.com> commit ea7e2d5e49c05e5db1922387b09ca74aa40f46e2 upstream. The remap_file_pages syscall handler calls do_mmap() directly, which doesn't contain the LSM security check. And if the process has called personality(READ_IMPLIES_EXEC) before and remap_file_pages() is called for RW pages, this will actually result in remapping the pages to RWX, bypassing a W^X policy enforced by SELinux. So we should check prot by security_mmap_file LSM hook in the remap_file_pages syscall handler before do_mmap() is called. Otherwise, it potentially permits an attacker to bypass a W^X policy enforced by SELinux. The bypass is similar to CVE-2016-10044, which bypass the same thing via AIO and can be found in [1]. The PoC: $ cat > test.c int main(void) { size_t pagesz = sysconf(_SC_PAGE_SIZE); int mfd = syscall(SYS_memfd_create, "test", 0); const char *buf = mmap(NULL, 4 * pagesz, PROT_READ | PROT_WRITE, MAP_SHARED, mfd, 0); unsigned int old = syscall(SYS_personality, 0xffffffff); syscall(SYS_personality, READ_IMPLIES_EXEC | old); syscall(SYS_remap_file_pages, buf, pagesz, 0, 2, 0); syscall(SYS_personality, old); // show the RWX page exists even if W^X policy is enforced int fd = open("/proc/self/maps", O_RDONLY); unsigned char buf2[1024]; while (1) { int ret = read(fd, buf2, 1024); if (ret <= 0) break; write(1, buf2, ret); } close(fd); } $ gcc test.c -o test $ ./test | grep rwx 7f1836c34000-7f1836c35000 rwxs 00002000 00:01 2050 /memfd:test (deleted) Link: https://project-zero.issues.chromium.org/issues/42452389 [1] Cc: stable(a)vger.kernel.org Signed-off-by: Shu Han <ebpqwerty472123(a)gmail.com> Acked-by: Stephen Smalley <stephen.smalley.work(a)gmail.com> [PM: subject line tweaks] Signed-off-by: Paul Moore <paul(a)paul-moore.com> Signed-off-by: Pratyush Yadav <ptyadav(a)amazon.de> --- mm/mmap.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/mm/mmap.c b/mm/mmap.c index 9f76625a1743..2c17eb840e44 100644 --- a/mm/mmap.c +++ b/mm/mmap.c @@ -3078,8 +3078,12 @@ SYSCALL_DEFINE5(remap_file_pages, unsigned long, start, unsigned long, size, } file = get_file(vma->vm_file); + ret = security_mmap_file(vma->vm_file, prot, flags); + if (ret) + goto out_fput; ret = do_mmap(vma->vm_file, start, size, prot, flags, pgoff, &populate, NULL); +out_fput: fput(file); out: mmap_write_unlock(mm); -- 2.47.1

4 months, 3 weeks

2
2
0 0

[PATCH] btrfs: fix data overwriting bug during buffered write when block size < page size

by Qu Wenruo

[BUG] When running generic/417 with a btrfs whose block size < page size (subpage cases), it always fails. And the following minimal reproducer is more than enough to trigger it reliably: workload() { mkfs.btrfs -s 4k -f $dev > /dev/null dmesg -C mount $dev $mnt $fsstree_dir/src/dio-invalidate-cache -r -b 4096 -n 3 -i 1 -f $mnt/diotest ret=$? umount $mnt stop_trace if [ $ret -ne 0 ]; then fail fi } for (( i = 0; i < 1024; i++)); do echo "=== $i/$runtime ===" workload done [CAUSE] With extra trace printk added to the following functions: - btrfs_buffered_write() * Which folio is touched * The file offset (start) where the buffered write is at * How many bytes are copied * The content of the write (the first 2 bytes) - submit_one_sector() * Which folio is touched * The position inside the folio - pagecache_isize_extended() * The parameters of the function itself * The parameters of the folio_zero_range() Which are enough to show the problem: 22.158114: btrfs_buffered_write: folio pos=0 start=0 copied=4096 content=0x0101 22.158161: submit_one_sector: r/i=5/257 folio=0 pos=0 content=0x0101 22.158609: btrfs_buffered_write: folio pos=0 start=4096 copied=4096 content=0x0101 22.158634: btrfs_buffered_write: folio pos=0 start=8192 copied=4096 content=0x0101 22.158650: pagecache_isize_extended: folio=0 from=4096 to=8192 bsize=4096 zero off=4096 len=8192 22.158682: submit_one_sector: r/i=5/257 folio=0 pos=4096 content=0x0000 22.158686: submit_one_sector: r/i=5/257 folio=0 pos=8192 content=0x0101 The tool dio-invalidate-cache will start 3 threads, each doing a buffered write with 0x01 at 4096 * i (i is 0, 1 ,2), do a fsync, then do a direct read, and compare the read buffer with the write buffer. Note that all 3 btrfs_buffered_write() are writing the correct 0x01 into the page cache. But at submit_one_sector(), at file offset 4096, the content is zeroed out, mostly by pagecache_isize_extended(). The race happens like this: Thread A is writing into range [4K, 8K). Thread B is writing into range [8K, 12k). Thread A | Thread B -------------------------------------+------------------------------------ btrfs_buffered_write() | btrfs_buffered_write() |- old_isize = 4K; | |- old_isize = 4096; |- btrfs_inode_lock() | | |- write into folio range [4K, 8K) | | |- pagecache_isize_extended() | | | extend isize from 4096 to 8192 | | | no folio_zero_range() called | | |- btrfs_inode_lock() | | | |- btrfs_inode_lock() | |- write into folio range [8K, 12K) | |- pagecache_isize_extended() | | calling folio_zero_range(4K, 8K) | | This is caused by the old_isize is | | grabbed too early, without any | | inode lock. | |- btrfs_inode_unlock() The @old_isize is grabbed without inode lock, causing race between two buffered write threads and making pagecache_isize_extended() to zero range which is still containing cached data. And this is only affecting subpage btrfs, because for regular blocksize == page size case, the function pagecache_isize_extended() will do nothing if the block size >= page size. [FIX] Grab the old isize with inode lock hold. This means each buffered write thread will have a stable view of the old inode size, thus avoid the above race. Cc: stable(a)vger.kernel.org Signed-off-by: Qu Wenruo <wqu(a)suse.com> --- fs/btrfs/file.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/fs/btrfs/file.c b/fs/btrfs/file.c index fd90855fe717..896dc03689d6 100644 --- a/fs/btrfs/file.c +++ b/fs/btrfs/file.c @@ -1090,7 +1090,7 @@ ssize_t btrfs_buffered_write(struct kiocb *iocb, struct iov_iter *i) u64 lockend; size_t num_written = 0; ssize_t ret; - loff_t old_isize = i_size_read(inode); + loff_t old_isize; unsigned int ilock_flags = 0; const bool nowait = (iocb->ki_flags & IOCB_NOWAIT); unsigned int bdp_flags = (nowait ? BDP_ASYNC : 0); @@ -1103,6 +1103,13 @@ ssize_t btrfs_buffered_write(struct kiocb *iocb, struct iov_iter *i) if (ret < 0) return ret; + /* + * We can only trust the isize with inode lock hold, or it can race with + * other buffered writes and cause incorrect call of + * pagecache_isize_extended() to overwrite existing data. + */ + old_isize = i_size_read(inode); + ret = generic_write_checks(iocb, i); if (ret <= 0) goto out; -- 2.48.1

4 months, 3 weeks

2
1
0 0

Re: [External] : Re: Please backport: netfilter: nft_counter: Use u64_stats_t for statistic.

by MOESSBAUER, Felix

On Fri, 2024-10-04 at 09:39 +0200, Sebastian Andrzej Siewior wrote: > On 2024-09-27 15:01:00 [-0400], Joseph Salisbury wrote: > > Is it needed in all stable release patch sets, including v5.15? > > Yes. I would appreciate backporting it all the way where the code is > available. The dependencies > 1eacdd71b3436 ("netfilter: nft_counter: Disable BH in > nft_counter_offload_stats().") > a0b39e2dc7017 ("netfilter: nft_counter: Synchronize > nft_counter_reset() against reader.") > > were already routed via stable. > The problem is that the seqcount has no lock associated so a reader > could preempt a writer and then lockup spinning. Hi, this needs to be backported to all stable RT trees (just checked 4.19 and 6.1. 5.15 already has it). We observed the reader live-lock issue in "nft_counter_fetch" on 6.1.120-rt47 (leading to a system stall) and were also able to find it with lockdep (see stacktrace below). I'm wondering if this patch could be applied to linux-stable, even if it is just a performance optimization on non-rt kernels (not a fix). The patch "netfilter: nft_counter: Use u64_stats_t for statistic" cleanly applies on 6.1.y and 6.1.127-rt48. Stacktrace from lockdep: [ 33.643632] ------------[ cut here ]------------ [ 33.643637] WARNING: CPU: 0 PID: 972 at include/linux/seqlock.h:269 nft_counter_eval+0x6b/0xd0 [nf_tables] [ 33.643657] Modules linked in: br_netfilter bridge stp llc xt_comment xt_recent xt_hl ip6_tables ip6t_rt ipt_REJECT nf_reject_ipv4 xt_LOG nf_log_syslog nft_limit xt_limit xt_addrtype xt_tcpudp xt_conntrack nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 nft_compat nf_tables libcrc32c nfnetlink rfkill intel_rapl_msr intel_rapl_common ccp binfmt_misc kvm irqbypass ghash_clmulni_intel sha512_ssse3 sha512_generic sha256_ssse3 sha1_ssse3 ppdev snd_pcm snd_timer aesni_intel snd crypto_simd cryptd soundcore pcspkr parport_pc iTCO_wdt bochs parport drm_vram_helper intel_pmc_bxt drm_ttm_helper iTCO_vendor_support button ttm drm_kms_helper watchdog sg joydev evdev serio_raw drm fuse loop efi_pstore configfs qemu_fw_cfg ip_tables x_tables autofs4 overlay nls_ascii nls_cp437 vfat fat ext4 crc32c_generic crc16 mbcache jbd2 xts ecb squashfs dm_verity dm_bufio reed_solomon dm_mod sd_mod t10_pi crc64_rocksoft crc64 crc_t10dif crct10dif_generic virtio_net net_failover ahci failover libahci crct10dif_pclmul [ 33.643727] crct10dif_common libata virtio_pci i2c_i801 crc32_pclmul scsi_mod crc32c_intel virtio_pci_legacy_dev i2c_smbus psmouse virtio_pci_modern_dev virtio scsi_common virtio_ring lpc_ich [ 33.643739] CPU: 0 PID: 972 Comm: onboardservice Not tainted 6.1.120-rt47 #1 [ 33.643742] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015 [ 33.643744] RIP: 0010:nft_counter_eval+0x6b/0xd0 [nf_tables] [ 33.643759] Code: 52 3f 85 d2 74 26 65 8b 05 ba bd 52 3f 85 c0 75 1b 65 8b 05 e7 b3 52 3f a9 ff ff ff 7f 75 0d 65 8b 05 dd ba 52 3f 85 c0 74 02 <0f> 0b ff 74 24 20 4c 8d 6d 08 45 31 c9 31 c9 41 b8 01 00 00 00 31 [ 33.643776] RSP: 0018:ffffa045007736a0 EFLAGS: 00010202 [ 33.643778] RAX: 0000000000000001 RBX: ffffc044ffc2ae80 RCX: 00000000000026af [ 33.643780] RDX: 0000000000000001 RSI: ffff8d29050db388 RDI: ffffffffc0af49a4 [ 33.643781] RBP: ffff8d293f638060 R08: 0000000000000000 R09: 0000000000000000 [ 33.643782] R10: 0000000000000001 R11: 000000009bb77572 R12: ffffa04500773920 [ 33.643783] R13: ffff8d29011db358 R14: ffff8d29011db208 R15: ffff8d29011db240 [ 33.643807] FS: 000000c000047c90(0000) GS:ffff8d293f600000(0000) knlGS:0000000000000000 [ 33.643811] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 33.643813] CR2: 000000c0005fe000 CR3: 000000003a212000 CR4: 00000000003506f0 [ 33.643836] Call Trace: [ 33.643840] <TASK> [ 33.643844] ? __warn+0x82/0xe0 [ 33.643852] ? nft_counter_eval+0x6b/0xd0 [nf_tables] [ 33.643877] ? report_bug+0x10e/0x180 [ 33.643889] ? handle_bug+0x41/0x70 [ 33.643895] ? exc_invalid_op+0x13/0x60 [ 33.643899] ? asm_exc_invalid_op+0x16/0x20 [ 33.643912] ? nft_counter_eval+0x24/0xd0 [nf_tables] [ 33.643931] ? nft_counter_eval+0x6b/0xd0 [nf_tables] [ 33.643962] nft_do_chain+0x45b/0x690 [nf_tables] [ 33.644025] nft_do_chain_ipv4+0x78/0xa0 [nf_tables] [ 33.644046] nf_hook_slow+0x41/0xc0 [ 33.644054] __ip_local_out+0x14c/0x300 [ 33.644062] ? ip_output+0xb0/0xb0 [ 33.644074] __ip_queue_xmit+0x1c0/0x7f0 [ 33.644086] __tcp_transmit_skb+0xabe/0xcb0 [ 33.644107] tcp_write_xmit+0x521/0x14a0 [ 33.644117] __tcp_push_pending_frames+0x32/0xf0 [ 33.644120] tcp_sendmsg_locked+0x4cd/0xc20 [ 33.644133] tcp_sendmsg+0x27/0x40 [ 33.644137] __sock_sendmsg+0x58/0x70 [ 33.644142] sock_write_iter+0x9a/0x100 [ 33.644151] vfs_write+0x2c8/0x330 [ 33.644164] ksys_write+0xc3/0xf0 [ 33.644169] do_syscall_64+0x55/0xb0 [ 33.644173] ? lock_acquire+0xc4/0x2d0 [ 33.644178] ? find_held_lock+0x2b/0x80 [ 33.644182] ? finish_task_switch.isra.0+0xca/0x380 [ 33.644186] ? lock_release+0xd0/0x2d0 [ 33.644191] ? lockdep_hardirqs_on_prepare+0xdc/0x190 [ 33.644196] ? finish_task_switch.isra.0+0xcf/0x380 [ 33.644201] ? __schedule+0x3f8/0xd20 [ 33.644206] ? restore_fpregs_from_fpstate+0x38/0x90 [ 33.644211] ? trace_x86_fpu_regs_activated+0x1f/0xb0 [ 33.644213] ? switch_fpu_return+0x58/0x90 [ 33.644218] ? exit_to_user_mode_prepare+0x1af/0x250 [ 33.644223] entry_SYSCALL_64_after_hwframe+0x6e/0xd8 [ 33.644227] RIP: 0033:0x40720e [ 33.644230] Code: 48 83 ec 38 e8 13 00 00 00 48 83 c4 38 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc 49 89 f2 48 89 fa 48 89 ce 48 89 df 0f 05 <48> 3d 01 f0 ff ff 76 15 48 f7 d8 48 89 c1 48 c7 c0 ff ff ff ff 48 [ 33.644232] RSP: 002b:000000c000069980 EFLAGS: 00000216 ORIG_RAX: 0000000000000001 [ 33.644234] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 000000000040720e [ 33.644236] RDX: 000000000000008c RSI: 000000c0001746c0 RDI: 0000000000000009 [ 33.644237] RBP: 000000c0000699c0 R08: 0000000000000000 R09: 0000000000000000 [ 33.644238] R10: 0000000000000000 R11: 0000000000000216 R12: 000000c000069b00 [ 33.644239] R13: 000000000000000e R14: 000000c00016ed00 R15: 0000000000a88360 [ 33.644250] </TASK> [ 33.644250] irq event stamp: 10266 [ 33.644251] hardirqs last enabled at (10268): [<ffffffff96339836>] vprintk_store+0x326/0x550 [ 33.644256] hardirqs last disabled at (10269): [<ffffffff9633987c>] vprintk_store+0x36c/0x550 [ 33.644259] softirqs last enabled at (9900): [<ffffffff962af77e>] __local_bh_enable_ip+0xfe/0x140 [ 33.644264] softirqs last disabled at (9904): [<ffffffffc0af49a4>] nft_counter_eval+0x24/0xd0 [nf_tables] [ 33.644277] ---[ end trace 0000000000000000 ]--- Best regards, Felix > > Sebastian -- Siemens AG Linux Expert Center Friedrich-Ludwig-Bauer-Str. 3 85748 Garching, Germany

4 months, 3 weeks

2
1
0 0

[PATCH v2] i2c: ls2x: Fix frequency division register access

by Binbin Zhou

According to the chip manual, the I2C register access type of Loongson-2K2000/LS7A is "B", so we can only access registers in byte form (readb/writeb). Although Loongson-2K0500/Loongson-2K1000 do not have similar constraints, register accesses in byte form also behave correctly. Also, in hardware, the frequency division registers are defined as two separate registers (high 8-bit and low 8-bit), so we just access them directly as bytes. Cc: stable(a)vger.kernel.org Fixes: 015e61f0bffd ("i2c: ls2x: Add driver for Loongson-2K/LS7A I2C controller") Co-developed-by: Hongliang Wang <wanghongliang(a)loongson.cn> Signed-off-by: Hongliang Wang <wanghongliang(a)loongson.cn> Signed-off-by: Binbin Zhou <zhoubinbin(a)loongson.cn> --- V2: - Add a comment to prevent from changing that back to 16-bit write. Link to V1: https://lore.kernel.org/all/20250218111133.3058590-1-zhoubinbin@loongson.cn/ drivers/i2c/busses/i2c-ls2x.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/drivers/i2c/busses/i2c-ls2x.c b/drivers/i2c/busses/i2c-ls2x.c index 8821cac3897b..61377693a4d6 100644 --- a/drivers/i2c/busses/i2c-ls2x.c +++ b/drivers/i2c/busses/i2c-ls2x.c @@ -10,6 +10,7 @@ * Rewritten for mainline by Binbin Zhou <zhoubinbin(a)loongson.cn> */ +#include <linux/bitfield.h> #include <linux/bits.h> #include <linux/completion.h> #include <linux/device.h> @@ -26,7 +27,8 @@ #include <linux/units.h> /* I2C Registers */ -#define I2C_LS2X_PRER 0x0 /* Freq Division Register(16 bits) */ +#define I2C_LS2X_PRER_LO 0x0 /* Freq Division Low Byte Register */ +#define I2C_LS2X_PRER_HI 0x1 /* Freq Division High Byte Register */ #define I2C_LS2X_CTR 0x2 /* Control Register */ #define I2C_LS2X_TXR 0x3 /* Transport Data Register */ #define I2C_LS2X_RXR 0x3 /* Receive Data Register */ @@ -93,6 +95,7 @@ static irqreturn_t ls2x_i2c_isr(int this_irq, void *dev_id) */ static void ls2x_i2c_adjust_bus_speed(struct ls2x_i2c_priv *priv) { + u16 val; struct i2c_timings *t = &priv->i2c_t; struct device *dev = priv->adapter.dev.parent; u32 acpi_speed = i2c_acpi_find_bus_speed(dev); @@ -104,9 +107,14 @@ static void ls2x_i2c_adjust_bus_speed(struct ls2x_i2c_priv *priv) else t->bus_freq_hz = LS2X_I2C_FREQ_STD; - /* Calculate and set i2c frequency. */ - writew(LS2X_I2C_PCLK_FREQ / (5 * t->bus_freq_hz) - 1, - priv->base + I2C_LS2X_PRER); + /* + * According to the chip manual, we can only access the registers as bytes, + * otherwise the high bits will be truncated. + * So set the I2C frequency with a sequential writeb instead of writew. + */ + val = LS2X_I2C_PCLK_FREQ / (5 * t->bus_freq_hz) - 1; + writeb(FIELD_GET(GENMASK(7, 0), val), priv->base + I2C_LS2X_PRER_LO); + writeb(FIELD_GET(GENMASK(15, 8), val), priv->base + I2C_LS2X_PRER_HI); } static void ls2x_i2c_init(struct ls2x_i2c_priv *priv) base-commit: 7e45b505e699f4c80aa8bf79b4ea2a5f5a66bb51 -- 2.47.1

4 months, 3 weeks

2
1
0 0

[PATCH 0/2] HID: intel-ish-hid: Fix use-after-free issues in driver removal process

by Zhang Lixu

These patches address use-after-free issues in the `intel_ishtp_hid` driver during the removal process. Zhang Lixu (2): HID: intel-ish-hid: Fix use-after-free issue in hid_ishtp_cl_remove() HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() drivers/hid/intel-ish-hid/ishtp-hid-client.c | 2 +- drivers/hid/intel-ish-hid/ishtp-hid.c | 4 +++- 2 files changed, 4 insertions(+), 2 deletions(-) base-commit: 0ae0fa3bf0b44c8611d114a9f69985bf451010c3 -- 2.43.0

4 months, 3 weeks

2
3
0 0

[PATCH V4] mm/hugetlb: wait for hugetlb folios to be freed

by yangge1116＠126.com

From: Ge Yang <yangge1116(a)126.com> Since the introduction of commit c77c0a8ac4c52 ("mm/hugetlb: defer freeing of huge pages if in non-task context"), which supports deferring the freeing of hugetlb pages, the allocation of contiguous memory through cma_alloc() may fail probabilistically. In the CMA allocation process, if it is found that the CMA area is occupied by in-use hugetlb folios, these in-use hugetlb folios need to be migrated to another location. When there are no available hugetlb folios in the free hugetlb pool during the migration of in-use hugetlb folios, new folios are allocated from the buddy system. A temporary state is set on the newly allocated folio. Upon completion of the hugetlb folio migration, the temporary state is transferred from the new folios to the old folios. Normally, when the old folios with the temporary state are freed, it is directly released back to the buddy system. However, due to the deferred freeing of hugetlb pages, the PageBuddy() check fails, ultimately leading to the failure of cma_alloc(). Here is a simplified call trace illustrating the process: cma_alloc() ->__alloc_contig_migrate_range() // Migrate in-use hugetlb folios ->unmap_and_move_huge_page() ->folio_putback_hugetlb() // Free old folios ->test_pages_isolated() ->__test_page_isolated_in_pageblock() ->PageBuddy(page) // Check if the page is in buddy To resolve this issue, we have implemented a function named wait_for_freed_hugetlb_folios(). This function ensures that the hugetlb folios are properly released back to the buddy system after their migration is completed. By invoking wait_for_freed_hugetlb_folios() before calling PageBuddy(), we ensure that PageBuddy() will succeed. Fixes: c77c0a8ac4c52 ("mm/hugetlb: defer freeing of huge pages if in non-task context") Signed-off-by: Ge Yang <yangge1116(a)126.com> Cc: <stable(a)vger.kernel.org> --- V4: - add a check to determine if hpage_freelist is empty suggested by David V3: - adjust code and message suggested by Muchun and David V2: - flush all folios at once suggested by David include/linux/hugetlb.h | 5 +++++ mm/hugetlb.c | 8 ++++++++ mm/page_isolation.c | 10 ++++++++++ 3 files changed, 23 insertions(+) diff --git a/include/linux/hugetlb.h b/include/linux/hugetlb.h index 6c6546b..0c54b3a 100644 --- a/include/linux/hugetlb.h +++ b/include/linux/hugetlb.h @@ -697,6 +697,7 @@ bool hugetlb_bootmem_page_zones_valid(int nid, struct huge_bootmem_page *m); int isolate_or_dissolve_huge_page(struct page *page, struct list_head *list); int replace_free_hugepage_folios(unsigned long start_pfn, unsigned long end_pfn); +void wait_for_freed_hugetlb_folios(void); struct folio *alloc_hugetlb_folio(struct vm_area_struct *vma, unsigned long addr, bool cow_from_owner); struct folio *alloc_hugetlb_folio_nodemask(struct hstate *h, int preferred_nid, @@ -1092,6 +1093,10 @@ static inline int replace_free_hugepage_folios(unsigned long start_pfn, return 0; } +static inline void wait_for_freed_hugetlb_folios(void) +{ +} + static inline struct folio *alloc_hugetlb_folio(struct vm_area_struct *vma, unsigned long addr, bool cow_from_owner) diff --git a/mm/hugetlb.c b/mm/hugetlb.c index 30bc34d..8801dbc 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c @@ -2955,6 +2955,14 @@ int replace_free_hugepage_folios(unsigned long start_pfn, unsigned long end_pfn) return ret; } +void wait_for_freed_hugetlb_folios(void) +{ + if (llist_empty(&hpage_freelist)) + return; + + flush_work(&free_hpage_work); +} + typedef enum { /* * For either 0/1: we checked the per-vma resv map, and one resv diff --git a/mm/page_isolation.c b/mm/page_isolation.c index 8ed53ee0..b2fc526 100644 --- a/mm/page_isolation.c +++ b/mm/page_isolation.c @@ -615,6 +615,16 @@ int test_pages_isolated(unsigned long start_pfn, unsigned long end_pfn, int ret; /* + * Due to the deferred freeing of hugetlb folios, the hugepage folios may + * not immediately release to the buddy system. This can cause PageBuddy() + * to fail in __test_page_isolated_in_pageblock(). To ensure that the + * hugetlb folios are properly released back to the buddy system, we + * invoke the wait_for_freed_hugetlb_folios() function to wait for the + * release to complete. + */ + wait_for_freed_hugetlb_folios(); + + /* * Note: pageblock_nr_pages != MAX_PAGE_ORDER. Then, chunks of free * pages are not aligned to pageblock_nr_pages. * Then we just check migratetype first. -- 2.7.4

4 months, 3 weeks

3
2
0 0

[PATCH] scsi: esas2r: Add check for alloc_ordered_workqueue()

by Haoxiang Li

Add check for the return value of alloc_ordered_workqueue() in esas2r_init_adapter() to catch potential exception. Fixes: 4cb1b41a5ee4 ("scsi: esas2r: Simplify an alloc_ordered_workqueue() invocation") Cc: stable(a)vger.kernel.org Signed-off-by: Haoxiang Li <haoxiang_li2024(a)163.com> --- drivers/scsi/esas2r/esas2r_init.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/scsi/esas2r/esas2r_init.c b/drivers/scsi/esas2r/esas2r_init.c index 0cea5f3d1a08..48bb8aaf9df4 100644 --- a/drivers/scsi/esas2r/esas2r_init.c +++ b/drivers/scsi/esas2r/esas2r_init.c @@ -314,6 +314,11 @@ int esas2r_init_adapter(struct Scsi_Host *host, struct pci_dev *pcid, a->fw_event_q = alloc_ordered_workqueue("esas2r/%d", WQ_MEM_RECLAIM, a->index); + if (!a->fw_event_q) { + esas2r_log(ESAS2R_LOG_CRIT, "failed to create work queue\n"); + esas2r_kill_adapter(index); + return 0; + } init_waitqueue_head(&a->buffered_ioctl_waiter); init_waitqueue_head(&a->nvram_waiter); init_waitqueue_head(&a->fm_api_waiter); -- 2.25.1

4 months, 3 weeks

1
0
0 0

[PATCH] Revert "ext4: apply umask if ACL support is disabled"

by Max Kellermann

This reverts commit 484fd6c1de13b336806a967908a927cc0356e312. The commit caused a regression because now the umask was applied to symlinks and the fix is unnecessary because the umask/O_TMPFILE bug has been fixed somewhere else already. Fixes: https://lore.kernel.org/lkml/28DSITL9912E1.2LSZUVTGTO52Q@mforney.org/ Signed-off-by: Max Kellermann <max.kellermann(a)ionos.com> --- fs/ext4/acl.h | 5 ----- 1 file changed, 5 deletions(-) diff --git a/fs/ext4/acl.h b/fs/ext4/acl.h index ef4c19e5f570..0c5a79c3b5d4 100644 --- a/fs/ext4/acl.h +++ b/fs/ext4/acl.h @@ -68,11 +68,6 @@ extern int ext4_init_acl(handle_t *, struct inode *, struct inode *); static inline int ext4_init_acl(handle_t *handle, struct inode *inode, struct inode *dir) { - /* usually, the umask is applied by posix_acl_create(), but if - ext4 ACL support is disabled at compile time, we need to do - it here, because posix_acl_create() will never be called */ - inode->i_mode &= ~current_umask(); - return 0; } #endif /* CONFIG_EXT4_FS_POSIX_ACL */ -- 2.39.2

4 months, 3 weeks

6
6
0 0

Re: [PATCH] jfs: fix slab-out-of-bounds read in ea_get()

by Qasim Ijaz

On Thu, Feb 13, 2025 at 11:07:07AM +0100, Greg KH wrote: > On Thu, Feb 13, 2025 at 12:20:25AM +0000, Qasim Ijaz wrote: > > During the "size_check" label in ea_get(), the code checks if the extended > > attribute list (xattr) size matches ea_size. If not, it logs > > "ea_get: invalid extended attribute" and calls print_hex_dump(). > > > > Here, EALIST_SIZE(ea_buf->xattr) returns 4110417968, which exceeds > > INT_MAX (2,147,483,647). Then ea_size is clamped: > > > > int size = clamp_t(int, ea_size, 0, EALIST_SIZE(ea_buf->xattr)); > > > > Although clamp_t aims to bound ea_size between 0 and 4110417968, the upper > > limit is treated as an int, causing an overflow above 2^31 - 1. This leads > > "size" to wrap around and become negative (-184549328). > > > > The "size" is then passed to print_hex_dump() (called "len" in > > print_hex_dump()), it is passed as type size_t (an unsigned > > type), this is then stored inside a variable called > > "int remaining", which is then assigned to "int linelen" which > > is then passed to hex_dump_to_buffer(). In print_hex_dump() > > the for loop, iterates through 0 to len-1, where len is > > 18446744073525002176, calling hex_dump_to_buffer() > > on each iteration: > > > > for (i = 0; i < len; i += rowsize) { > > linelen = min(remaining, rowsize); > > remaining -= rowsize; > > > > hex_dump_to_buffer(ptr + i, linelen, rowsize, groupsize, > > linebuf, sizeof(linebuf), ascii); > > > > ... > > } > > > > The expected stopping condition (i < len) is effectively broken > > since len is corrupted and very large. This eventually leads to > > the "ptr+i" being passed to hex_dump_to_buffer() to get closer > > to the end of the actual bounds of "ptr", eventually an out of > > bounds access is done in hex_dump_to_buffer() in the following > > for loop: > > > > for (j = 0; j < len; j++) { > > if (linebuflen < lx + 2) > > goto overflow2; > > ch = ptr[j]; > > ... > > } > > > > To fix this we should validate "EALIST_SIZE(ea_buf->xattr)" > > before it is utilised. > > > > Reported-by: syzbot <syzbot+4e6e7e4279d046613bc5(a)syzkaller.appspotmail.com> > > Tested-by: syzbot <syzbot+4e6e7e4279d046613bc5(a)syzkaller.appspotmail.com> > > Closes: https://syzkaller.appspot.com/bug?extid=4e6e7e4279d046613bc5 > > Fixes: d9f9d96136cb ("jfs: xattr: check invalid xattr size more strictly") > > Signed-off-by: Qasim Ijaz <qasdev00(a)gmail.com> > > --- > > fs/jfs/xattr.c | 15 ++++++++++----- > > 1 file changed, 10 insertions(+), 5 deletions(-) > > > > diff --git a/fs/jfs/xattr.c b/fs/jfs/xattr.c > > index 24afbae87225..7575c51cce9b 100644 > > --- a/fs/jfs/xattr.c > > +++ b/fs/jfs/xattr.c > > @@ -559,11 +555,16 @@ static int ea_get(struct inode *inode, struct ea_buffer *ea_buf, int min_size) > > > > size_check: > > if (EALIST_SIZE(ea_buf->xattr) != ea_size) { > > - int size = clamp_t(int, ea_size, 0, EALIST_SIZE(ea_buf->xattr)); > > - > > - printk(KERN_ERR "ea_get: invalid extended attribute\n"); > > - print_hex_dump(KERN_ERR, "", DUMP_PREFIX_ADDRESS, 16, 1, > > - ea_buf->xattr, size, 1); > > + if (unlikely(EALIST_SIZE(ea_buf->xattr) > INT_MAX)) { > > + printk(KERN_ERR "ea_get: extended attribute size too large: %u > INT_MAX\n", > > + EALIST_SIZE(ea_buf->xattr)); > > + } else { > > + int size = clamp_t(int, ea_size, 0, EALIST_SIZE(ea_buf->xattr)); > > + > > + printk(KERN_ERR "ea_get: invalid extended attribute\n"); > > + print_hex_dump(KERN_ERR, "", DUMP_PREFIX_ADDRESS, 16, 1, > > + ea_buf->xattr, size, 1); > > + } > > ea_release(inode, ea_buf); > > rc = -EIO; > > goto clean_up; > > -- > > 2.39.5 > > > > Hi, > > This is the friendly patch-bot of Greg Kroah-Hartman. You have sent him > a patch that has triggered this response. He used to manually respond > to these common problems, but in order to save his sanity (he kept > writing the same thing over and over, yet to different people), I was > created. Hopefully you will not take offence and will fix the problem > in your patch and resubmit it so that it can be accepted into the Linux > kernel tree. > > You are receiving this message because of the following common error(s) > as indicated below: > > - You have marked a patch with a "Fixes:" tag for a commit that is in an > older released kernel, yet you do not have a cc: stable line in the > signed-off-by area at all, which means that the patch will not be > applied to any older kernel releases. To properly fix this, please > follow the documented rules in the > Documentation/process/stable-kernel-rules.rst file for how to resolve > this. > > If you wish to discuss this problem further, or you have questions about > how to resolve this issue, please feel free to respond to this email and > Greg will reply once he has dug out from the pending patches received > from other developers. > Hi Greg, Just following up on this patch. I’ve sent v2 with the added CC stable tag. Here’s the link: https://lore.kernel.org/all/20250213210553.28613-1-qasdev00@gmail.com/ Let me know if any further changes are needed. Thanks, Qasim > thanks, > > greg k-h's patch email bot

4 months, 3 weeks

2
1
0 0

[PATCH v2 Linux-6.12.y Linux-6.13.y 1/1] selftests/mm: build with -O2

by Yifei Liu

From: Kevin Brodsky <kevin.brodsky(a)arm.com> [ Upstream commit 46036188ea1f5266df23a6149dea0df1c77cd1c7 ] The mm kselftests are currently built with no optimisation (-O0). It's unclear why, and besides being obviously suboptimal, this also prevents the pkeys tests from working as intended. Let's build all the tests with -O2. [kevin.brodsky(a)arm.com: silence unused-result warnings] Link: https://lkml.kernel.org/r/20250107170110.2819685-1-kevin.brodsky@arm.com Link: https://lkml.kernel.org/r/20241209095019.1732120-6-kevin.brodsky@arm.com Signed-off-by: Kevin Brodsky <kevin.brodsky(a)arm.com> Cc: Aruna Ramakrishna <aruna.ramakrishna(a)oracle.com> Cc: Catalin Marinas <catalin.marinas(a)arm.com> Cc: Dave Hansen <dave.hansen(a)linux.intel.com> Cc: Joey Gouly <joey.gouly(a)arm.com> Cc: Keith Lucas <keith.lucas(a)oracle.com> Cc: Ryan Roberts <ryan.roberts(a)arm.com> Cc: Shuah Khan <shuah(a)kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> (cherry picked from commit 46036188ea1f5266df23a6149dea0df1c77cd1c7) [Yifei: This commit also fix the failure of pkey_sighandler_tests_64, which is also in linux-6.12.y and linux-6.13.y, thus backport this commit] Signed-off-by: Yifei Liu <yifei.l.liu(a)oracle.com> --- tools/testing/selftests/mm/Makefile | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/mm/Makefile b/tools/testing/selftests/mm/Makefile index 02e1204971b0..c0138cb19705 100644 --- a/tools/testing/selftests/mm/Makefile +++ b/tools/testing/selftests/mm/Makefile @@ -33,9 +33,16 @@ endif # LDLIBS. MAKEFLAGS += --no-builtin-rules -CFLAGS = -Wall -I $(top_srcdir) $(EXTRA_CFLAGS) $(KHDR_INCLUDES) $(TOOLS_INCLUDES) +CFLAGS = -Wall -O2 -I $(top_srcdir) $(EXTRA_CFLAGS) $(KHDR_INCLUDES) $(TOOLS_INCLUDES) LDLIBS = -lrt -lpthread -lm +# Some distributions (such as Ubuntu) configure GCC so that _FORTIFY_SOURCE is +# automatically enabled at -O1 or above. This triggers various unused-result +# warnings where functions such as read() or write() are called and their +# return value is not checked. Disable _FORTIFY_SOURCE to silence those +# warnings. +CFLAGS += -U_FORTIFY_SOURCE + TEST_GEN_FILES = cow TEST_GEN_FILES += compaction_test TEST_GEN_FILES += gup_longterm -- 2.46.0

4 months, 3 weeks

4
7
0 0

[PATCH] drm/xe: Fix exporting xe buffers multiple times

by Jacek Lawrynowicz

From: Tomasz Rusinowicz <tomasz.rusinowicz(a)intel.com> The `struct ttm_resource->placement` contains TTM_PL_FLAG_* flags, but it was incorrectly tested for XE_PL_* flags. This caused xe_dma_buf_pin() to always fail when invoked for the second time. Fix this by checking the `mem_type` field instead. Fixes: 7764222d54b7 ("drm/xe: Disallow pinning dma-bufs in VRAM") Cc: Thomas Hellström <thomas.hellstrom(a)linux.intel.com> Cc: Rodrigo Vivi <rodrigo.vivi(a)intel.com> Cc: Lucas De Marchi <lucas.demarchi(a)intel.com> Cc: "Thomas Hellström" <thomas.hellstrom(a)linux.intel.com> Cc: Michal Wajdeczko <michal.wajdeczko(a)intel.com> Cc: Matthew Brost <matthew.brost(a)intel.com> Cc: Matthew Auld <matthew.auld(a)intel.com> Cc: Nirmoy Das <nirmoy.das(a)intel.com> Cc: Jani Nikula <jani.nikula(a)intel.com> Cc: intel-xe(a)lists.freedesktop.org Cc: <stable(a)vger.kernel.org> # v6.8+ Signed-off-by: Tomasz Rusinowicz <tomasz.rusinowicz(a)intel.com> Signed-off-by: Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com> --- drivers/gpu/drm/xe/xe_bo.h | 2 -- drivers/gpu/drm/xe/xe_dma_buf.c | 2 +- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/drivers/gpu/drm/xe/xe_bo.h b/drivers/gpu/drm/xe/xe_bo.h index d9386ab031404..43bf6f140d40d 100644 --- a/drivers/gpu/drm/xe/xe_bo.h +++ b/drivers/gpu/drm/xe/xe_bo.h @@ -341,7 +341,6 @@ static inline unsigned int xe_sg_segment_size(struct device *dev) return round_down(max / 2, PAGE_SIZE); } -#if IS_ENABLED(CONFIG_DRM_XE_KUNIT_TEST) /** * xe_bo_is_mem_type - Whether the bo currently resides in the given * TTM memory type @@ -356,4 +355,3 @@ static inline bool xe_bo_is_mem_type(struct xe_bo *bo, u32 mem_type) return bo->ttm.resource->mem_type == mem_type; } #endif -#endif diff --git a/drivers/gpu/drm/xe/xe_dma_buf.c b/drivers/gpu/drm/xe/xe_dma_buf.c index c5b95470fa324..f67803e15a0e6 100644 --- a/drivers/gpu/drm/xe/xe_dma_buf.c +++ b/drivers/gpu/drm/xe/xe_dma_buf.c @@ -58,7 +58,7 @@ static int xe_dma_buf_pin(struct dma_buf_attachment *attach) * 1) Avoid pinning in a placement not accessible to some importers. * 2) Pinning in VRAM requires PIN accounting which is a to-do. */ - if (xe_bo_is_pinned(bo) && bo->ttm.resource->placement != XE_PL_TT) { + if (xe_bo_is_pinned(bo) && !xe_bo_is_mem_type(bo, XE_PL_TT)) { drm_dbg(&xe->drm, "Can't migrate pinned bo for dma-buf pin.\n"); return -EINVAL; } -- 2.45.1

4 months, 3 weeks

2
1
0 0

[PATCH V3] mm/hugetlb: wait for hugetlb folios to be freed

by yangge1116＠126.com

From: Ge Yang <yangge1116(a)126.com> Since the introduction of commit c77c0a8ac4c52 ("mm/hugetlb: defer freeing of huge pages if in non-task context"), which supports deferring the freeing of hugetlb pages, the allocation of contiguous memory through cma_alloc() may fail probabilistically. In the CMA allocation process, if it is found that the CMA area is occupied by in-use hugetlb folios, these in-use hugetlb folios need to be migrated to another location. When there are no available hugetlb folios in the free hugetlb pool during the migration of in-use hugetlb folios, new folios are allocated from the buddy system. A temporary state is set on the newly allocated folio. Upon completion of the hugetlb folio migration, the temporary state is transferred from the new folios to the old folios. Normally, when the old folios with the temporary state are freed, it is directly released back to the buddy system. However, due to the deferred freeing of hugetlb pages, the PageBuddy() check fails, ultimately leading to the failure of cma_alloc(). Here is a simplified call trace illustrating the process: cma_alloc() ->__alloc_contig_migrate_range() // Migrate in-use hugetlb folios ->unmap_and_move_huge_page() ->folio_putback_hugetlb() // Free old folios ->test_pages_isolated() ->__test_page_isolated_in_pageblock() ->PageBuddy(page) // Check if the page is in buddy To resolve this issue, we have implemented a function named wait_for_freed_hugetlb_folios(). This function ensures that the hugetlb folios are properly released back to the buddy system after their migration is completed. By invoking wait_for_freed_hugetlb_folios() before calling PageBuddy(), we ensure that PageBuddy() will succeed. Fixes: c77c0a8ac4c52 ("mm/hugetlb: defer freeing of huge pages if in non-task context") Signed-off-by: Ge Yang <yangge1116(a)126.com> Cc: <stable(a)vger.kernel.org> --- V3: - adjust code and message suggested by Muchun and David V2: - flush all folios at once suggested by David include/linux/hugetlb.h | 5 +++++ mm/hugetlb.c | 5 +++++ mm/page_isolation.c | 10 ++++++++++ 3 files changed, 20 insertions(+) diff --git a/include/linux/hugetlb.h b/include/linux/hugetlb.h index 6c6546b..0c54b3a 100644 --- a/include/linux/hugetlb.h +++ b/include/linux/hugetlb.h @@ -697,6 +697,7 @@ bool hugetlb_bootmem_page_zones_valid(int nid, struct huge_bootmem_page *m); int isolate_or_dissolve_huge_page(struct page *page, struct list_head *list); int replace_free_hugepage_folios(unsigned long start_pfn, unsigned long end_pfn); +void wait_for_freed_hugetlb_folios(void); struct folio *alloc_hugetlb_folio(struct vm_area_struct *vma, unsigned long addr, bool cow_from_owner); struct folio *alloc_hugetlb_folio_nodemask(struct hstate *h, int preferred_nid, @@ -1092,6 +1093,10 @@ static inline int replace_free_hugepage_folios(unsigned long start_pfn, return 0; } +static inline void wait_for_freed_hugetlb_folios(void) +{ +} + static inline struct folio *alloc_hugetlb_folio(struct vm_area_struct *vma, unsigned long addr, bool cow_from_owner) diff --git a/mm/hugetlb.c b/mm/hugetlb.c index 30bc34d..b4630b3 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c @@ -2955,6 +2955,11 @@ int replace_free_hugepage_folios(unsigned long start_pfn, unsigned long end_pfn) return ret; } +void wait_for_freed_hugetlb_folios(void) +{ + flush_work(&free_hpage_work); +} + typedef enum { /* * For either 0/1: we checked the per-vma resv map, and one resv diff --git a/mm/page_isolation.c b/mm/page_isolation.c index 8ed53ee0..b2fc526 100644 --- a/mm/page_isolation.c +++ b/mm/page_isolation.c @@ -615,6 +615,16 @@ int test_pages_isolated(unsigned long start_pfn, unsigned long end_pfn, int ret; /* + * Due to the deferred freeing of hugetlb folios, the hugepage folios may + * not immediately release to the buddy system. This can cause PageBuddy() + * to fail in __test_page_isolated_in_pageblock(). To ensure that the + * hugetlb folios are properly released back to the buddy system, we + * invoke the wait_for_freed_hugetlb_folios() function to wait for the + * release to complete. + */ + wait_for_freed_hugetlb_folios(); + + /* * Note: pageblock_nr_pages != MAX_PAGE_ORDER. Then, chunks of free * pages are not aligned to pageblock_nr_pages. * Then we just check migratetype first. -- 2.7.4

4 months, 3 weeks

3
4
0 0

[PATCH] wifi: mt76: Add check for devm_kstrdup()

by Haoxiang Li

Add check for the return value of devm_kstrdup() in mt76_get_of_data_from_mtd() to catch potential exception. Fixes: e7a6a044f9b9 ("mt76: testmode: move mtd part to mt76_dev") Cc: stable(a)vger.kernel.org Signed-off-by: Haoxiang Li <haoxiang_li2024(a)163.com> --- drivers/net/wireless/mediatek/mt76/eeprom.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/net/wireless/mediatek/mt76/eeprom.c b/drivers/net/wireless/mediatek/mt76/eeprom.c index 0bc66cc19acd..443517d06c9f 100644 --- a/drivers/net/wireless/mediatek/mt76/eeprom.c +++ b/drivers/net/wireless/mediatek/mt76/eeprom.c @@ -95,6 +95,10 @@ int mt76_get_of_data_from_mtd(struct mt76_dev *dev, void *eep, int offset, int l #ifdef CONFIG_NL80211_TESTMODE dev->test_mtd.name = devm_kstrdup(dev->dev, part, GFP_KERNEL); + if (!dev->test_mtd.name) { + ret = -ENOMEM; + goto out_put_node; + } dev->test_mtd.offset = offset; #endif -- 2.25.1

4 months, 3 weeks

1
0
0 0

[PATCH net] gve: set xdp redirect target only when it is available

by joshwash＠google.com

From: Joshua Washington <joshwash(a)google.com> Before this patch the NETDEV_XDP_ACT_NDO_XMIT XDP feature flag is set by default as part of driver initialization, and is never cleared. However, this flag differs from others in that it is used as an indicator for whether the driver is ready to perform the ndo_xdp_xmit operation as part of an XDP_REDIRECT. Kernel helpers xdp_features_(set|clear)_redirect_target exist to convey this meaning. This patch ensures that the netdev is only reported as a redirect target when XDP queues exist to forward traffic. Fixes: 39a7f4aa3e4a ("gve: Add XDP REDIRECT support for GQI-QPL format") Cc: stable(a)vger.kernel.org Reviewed-by: Praveen Kaligineedi <pkaligineedi(a)google.com> Reviewed-by: Jeroen de Borst <jeroendb(a)google.com> Signed-off-by: Joshua Washington <joshwash(a)google.com> --- drivers/net/ethernet/google/gve/gve.h | 10 ++++++++++ drivers/net/ethernet/google/gve/gve_main.c | 6 +++++- 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/drivers/net/ethernet/google/gve/gve.h b/drivers/net/ethernet/google/gve/gve.h index 8167cc5fb0df..78d2a19593d1 100644 --- a/drivers/net/ethernet/google/gve/gve.h +++ b/drivers/net/ethernet/google/gve/gve.h @@ -1116,6 +1116,16 @@ static inline u32 gve_xdp_tx_start_queue_id(struct gve_priv *priv) return gve_xdp_tx_queue_id(priv, 0); } +static inline bool gve_supports_xdp_xmit(struct gve_priv *priv) +{ + switch (priv->queue_format) { + case GVE_GQI_QPL_FORMAT: + return true; + default: + return false; + } +} + /* gqi napi handler defined in gve_main.c */ int gve_napi_poll(struct napi_struct *napi, int budget); diff --git a/drivers/net/ethernet/google/gve/gve_main.c b/drivers/net/ethernet/google/gve/gve_main.c index 533e659b15b3..92237fb0b60c 100644 --- a/drivers/net/ethernet/google/gve/gve_main.c +++ b/drivers/net/ethernet/google/gve/gve_main.c @@ -1903,6 +1903,8 @@ static void gve_turndown(struct gve_priv *priv) /* Stop tx queues */ netif_tx_disable(priv->dev); + xdp_features_clear_redirect_target(priv->dev); + gve_clear_napi_enabled(priv); gve_clear_report_stats(priv); @@ -1972,6 +1974,9 @@ static void gve_turnup(struct gve_priv *priv) napi_schedule(&block->napi); } + if (priv->num_xdp_queues && gve_supports_xdp_xmit(priv)) + xdp_features_set_redirect_target(priv->dev, false); + gve_set_napi_enabled(priv); } @@ -2246,7 +2251,6 @@ static void gve_set_netdev_xdp_features(struct gve_priv *priv) if (priv->queue_format == GVE_GQI_QPL_FORMAT) { xdp_features = NETDEV_XDP_ACT_BASIC; xdp_features |= NETDEV_XDP_ACT_REDIRECT; - xdp_features |= NETDEV_XDP_ACT_NDO_XMIT; xdp_features |= NETDEV_XDP_ACT_XSK_ZEROCOPY; } else { xdp_features = 0; -- 2.48.1.601.g30ceb7b040-goog

4 months, 3 weeks

2
1
0 0

FAILED: patch "[PATCH] io_uring/kbuf: reallocate buf lists on upgrade" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 8802766324e1f5d414a81ac43365c20142e85603 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021855-fancy-trough-87ae@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8802766324e1f5d414a81ac43365c20142e85603 Mon Sep 17 00:00:00 2001 From: Pavel Begunkov <asml.silence(a)gmail.com> Date: Wed, 12 Feb 2025 13:46:46 +0000 Subject: [PATCH] io_uring/kbuf: reallocate buf lists on upgrade IORING_REGISTER_PBUF_RING can reuse an old struct io_buffer_list if it was created for legacy selected buffer and has been emptied. It violates the requirement that most of the field should stay stable after publish. Always reallocate it instead. Cc: stable(a)vger.kernel.org Reported-by: Pumpkin Chang <pumpkin(a)devco.re> Fixes: 2fcabce2d7d34 ("io_uring: disallow mixed provided buffer group registrations") Signed-off-by: Pavel Begunkov <asml.silence(a)gmail.com> Signed-off-by: Jens Axboe <axboe(a)kernel.dk> diff --git a/io_uring/kbuf.c b/io_uring/kbuf.c index 04bf493eecae..8e72de7712ac 100644 --- a/io_uring/kbuf.c +++ b/io_uring/kbuf.c @@ -415,6 +415,13 @@ void io_destroy_buffers(struct io_ring_ctx *ctx) } } +static void io_destroy_bl(struct io_ring_ctx *ctx, struct io_buffer_list *bl) +{ + scoped_guard(mutex, &ctx->mmap_lock) + WARN_ON_ONCE(xa_erase(&ctx->io_bl_xa, bl->bgid) != bl); + io_put_bl(ctx, bl); +} + int io_remove_buffers_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe) { struct io_provide_buf *p = io_kiocb_to_cmd(req, struct io_provide_buf); @@ -636,12 +643,13 @@ int io_register_pbuf_ring(struct io_ring_ctx *ctx, void __user *arg) /* if mapped buffer ring OR classic exists, don't allow */ if (bl->flags & IOBL_BUF_RING || !list_empty(&bl->buf_list)) return -EEXIST; - } else { - free_bl = bl = kzalloc(sizeof(*bl), GFP_KERNEL); - if (!bl) - return -ENOMEM; + io_destroy_bl(ctx, bl); } + free_bl = bl = kzalloc(sizeof(*bl), GFP_KERNEL); + if (!bl) + return -ENOMEM; + mmap_offset = (unsigned long)reg.bgid << IORING_OFF_PBUF_SHIFT; ring_size = flex_array_size(br, bufs, reg.ring_entries);

4 months, 3 weeks

2
1
0 0

[PATCH 5.15.y] nfsd: release svc_expkey/svc_export with rcu_work

by lanbincn＠qq.com

From: Yang Erkun <yangerkun(a)huawei.com> commit f8c989a0c89a75d30f899a7cabdc14d72522bb8d upstream. The last reference for `cache_head` can be reduced to zero in `c_show` and `e_show`(using `rcu_read_lock` and `rcu_read_unlock`). Consequently, `svc_export_put` and `expkey_put` will be invoked, leading to two issues: 1. The `svc_export_put` will directly free ex_uuid. However, `e_show`/`c_show` will access `ex_uuid` after `cache_put`, which can trigger a use-after-free issue, shown below. ================================================================== BUG: KASAN: slab-use-after-free in svc_export_show+0x362/0x430 [nfsd] Read of size 1 at addr ff11000010fdc120 by task cat/870 CPU: 1 UID: 0 PID: 870 Comm: cat Not tainted 6.12.0-rc3+ #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.1-2.fc37 04/01/2014 Call Trace: <TASK> dump_stack_lvl+0x53/0x70 print_address_description.constprop.0+0x2c/0x3a0 print_report+0xb9/0x280 kasan_report+0xae/0xe0 svc_export_show+0x362/0x430 [nfsd] c_show+0x161/0x390 [sunrpc] seq_read_iter+0x589/0x770 seq_read+0x1e5/0x270 proc_reg_read+0xe1/0x140 vfs_read+0x125/0x530 ksys_read+0xc1/0x160 do_syscall_64+0x5f/0x170 entry_SYSCALL_64_after_hwframe+0x76/0x7e Allocated by task 830: kasan_save_stack+0x20/0x40 kasan_save_track+0x14/0x30 __kasan_kmalloc+0x8f/0xa0 __kmalloc_node_track_caller_noprof+0x1bc/0x400 kmemdup_noprof+0x22/0x50 svc_export_parse+0x8a9/0xb80 [nfsd] cache_do_downcall+0x71/0xa0 [sunrpc] cache_write_procfs+0x8e/0xd0 [sunrpc] proc_reg_write+0xe1/0x140 vfs_write+0x1a5/0x6d0 ksys_write+0xc1/0x160 do_syscall_64+0x5f/0x170 entry_SYSCALL_64_after_hwframe+0x76/0x7e Freed by task 868: kasan_save_stack+0x20/0x40 kasan_save_track+0x14/0x30 kasan_save_free_info+0x3b/0x60 __kasan_slab_free+0x37/0x50 kfree+0xf3/0x3e0 svc_export_put+0x87/0xb0 [nfsd] cache_purge+0x17f/0x1f0 [sunrpc] nfsd_destroy_serv+0x226/0x2d0 [nfsd] nfsd_svc+0x125/0x1e0 [nfsd] write_threads+0x16a/0x2a0 [nfsd] nfsctl_transaction_write+0x74/0xa0 [nfsd] vfs_write+0x1a5/0x6d0 ksys_write+0xc1/0x160 do_syscall_64+0x5f/0x170 entry_SYSCALL_64_after_hwframe+0x76/0x7e 2. We cannot sleep while using `rcu_read_lock`/`rcu_read_unlock`. However, `svc_export_put`/`expkey_put` will call path_put, which subsequently triggers a sleeping operation due to the following `dput`. ============================= WARNING: suspicious RCU usage 5.10.0-dirty #141 Not tainted ----------------------------- ... Call Trace: dump_stack+0x9a/0xd0 ___might_sleep+0x231/0x240 dput+0x39/0x600 path_put+0x1b/0x30 svc_export_put+0x17/0x80 e_show+0x1c9/0x200 seq_read_iter+0x63f/0x7c0 seq_read+0x226/0x2d0 vfs_read+0x113/0x2c0 ksys_read+0xc9/0x170 do_syscall_64+0x33/0x40 entry_SYSCALL_64_after_hwframe+0x67/0xd1 Fix these issues by using `rcu_work` to help release `svc_expkey`/`svc_export`. This approach allows for an asynchronous context to invoke `path_put` and also facilitates the freeing of `uuid/exp/key` after an RCU grace period. Fixes: 9ceddd9da134 ("knfsd: Allow lockless lookups of the exports") Signed-off-by: Yang Erkun <yangerkun(a)huawei.com> Reviewed-by: Jeff Layton <jlayton(a)kernel.org> Signed-off-by: Chuck Lever <chuck.lever(a)oracle.com> Signed-off-by: Bin Lan <lanbincn(a)qq.com> --- fs/nfsd/export.c | 31 +++++++++++++++++++++++++------ fs/nfsd/export.h | 4 ++-- 2 files changed, 27 insertions(+), 8 deletions(-) diff --git a/fs/nfsd/export.c b/fs/nfsd/export.c index 39228bd7492a..78db46f6cbc6 100644 --- a/fs/nfsd/export.c +++ b/fs/nfsd/export.c @@ -40,15 +40,24 @@ #define EXPKEY_HASHMAX (1 << EXPKEY_HASHBITS) #define EXPKEY_HASHMASK (EXPKEY_HASHMAX -1) -static void expkey_put(struct kref *ref) +static void expkey_put_work(struct work_struct *work) { - struct svc_expkey *key = container_of(ref, struct svc_expkey, h.ref); + struct svc_expkey *key = + container_of(to_rcu_work(work), struct svc_expkey, ek_rcu_work); if (test_bit(CACHE_VALID, &key->h.flags) && !test_bit(CACHE_NEGATIVE, &key->h.flags)) path_put(&key->ek_path); auth_domain_put(key->ek_client); - kfree_rcu(key, ek_rcu); + kfree(key); +} + +static void expkey_put(struct kref *ref) +{ + struct svc_expkey *key = container_of(ref, struct svc_expkey, h.ref); + + INIT_RCU_WORK(&key->ek_rcu_work, expkey_put_work); + queue_rcu_work(system_wq, &key->ek_rcu_work); } static int expkey_upcall(struct cache_detail *cd, struct cache_head *h) @@ -351,16 +360,26 @@ static void export_stats_destroy(struct export_stats *stats) EXP_STATS_COUNTERS_NUM); } -static void svc_export_put(struct kref *ref) +static void svc_export_put_work(struct work_struct *work) { - struct svc_export *exp = container_of(ref, struct svc_export, h.ref); + struct svc_export *exp = + container_of(to_rcu_work(work), struct svc_export, ex_rcu_work); + path_put(&exp->ex_path); auth_domain_put(exp->ex_client); nfsd4_fslocs_free(&exp->ex_fslocs); export_stats_destroy(exp->ex_stats); kfree(exp->ex_stats); kfree(exp->ex_uuid); - kfree_rcu(exp, ex_rcu); + kfree(exp); +} + +static void svc_export_put(struct kref *ref) +{ + struct svc_export *exp = container_of(ref, struct svc_export, h.ref); + + INIT_RCU_WORK(&exp->ex_rcu_work, svc_export_put_work); + queue_rcu_work(system_wq, &exp->ex_rcu_work); } static int svc_export_upcall(struct cache_detail *cd, struct cache_head *h) diff --git a/fs/nfsd/export.h b/fs/nfsd/export.h index f73e23bb24a1..fa545d8dcc36 100644 --- a/fs/nfsd/export.h +++ b/fs/nfsd/export.h @@ -75,7 +75,7 @@ struct svc_export { u32 ex_layout_types; struct nfsd4_deviceid_map *ex_devid_map; struct cache_detail *cd; - struct rcu_head ex_rcu; + struct rcu_work ex_rcu_work; struct export_stats *ex_stats; }; @@ -91,7 +91,7 @@ struct svc_expkey { u32 ek_fsid[6]; struct path ek_path; - struct rcu_head ek_rcu; + struct rcu_work ek_rcu_work; }; #define EX_ISSYNC(exp) (!((exp)->ex_flags & NFSEXP_ASYNC)) -- 2.43.0

4 months, 3 weeks

3
2
0 0

+ dma-kmsan-export-kmsan_handle_dma-for-modules.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: dma: kmsan: export kmsan_handle_dma() for modules has been added to the -mm mm-hotfixes-unstable branch. Its filename is dma-kmsan-export-kmsan_handle_dma-for-modules.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> Subject: dma: kmsan: export kmsan_handle_dma() for modules Date: Tue, 18 Feb 2025 10:14:11 +0100 kmsan_handle_dma() is used by virtio_ring() which can be built as a module. kmsan_handle_dma() needs to be exported otherwise building the virtio_ring fails. Export kmsan_handle_dma for modules. Link: https://lkml.kernel.org/r/20250218091411.MMS3wBN9@linutronix.de Reported-by: kernel test robot <lkp(a)intel.com> Closes: https://lore.kernel.org/oe-kbuild-all/202502150634.qjxwSeJR-lkp@intel.com/ Fixes: 7ade4f10779cb ("dma: kmsan: unpoison DMA mappings") Signed-off-by: Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> Cc: Alexander Potapenko <glider(a)google.com> Cc: Dmitriy Vyukov <dvyukov(a)google.com> Cc: Macro Elver <elver(a)google.com> Cc: Peter Zijlstra (Intel) <peterz(a)infradead.org> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/kmsan/hooks.c | 1 + 1 file changed, 1 insertion(+) --- a/mm/kmsan/hooks.c~dma-kmsan-export-kmsan_handle_dma-for-modules +++ a/mm/kmsan/hooks.c @@ -357,6 +357,7 @@ void kmsan_handle_dma(struct page *page, size -= to_go; } } +EXPORT_SYMBOL_GPL(kmsan_handle_dma); void kmsan_handle_dma_sg(struct scatterlist *sg, int nents, enum dma_data_direction dir) _ Patches currently in -mm which might be from bigeasy(a)linutronix.de are dma-kmsan-export-kmsan_handle_dma-for-modules.patch rcu-provide-a-static-initializer-for-hlist_nulls_head.patch ucount-replace-get_ucounts_or_wrap-with-atomic_inc_not_zero.patch ucount-use-rcu-for-ucounts-lookups.patch ucount-use-rcuref_t-for-reference-counting.patch

4 months, 3 weeks

1
0
0 0

+ mm-hugetlb-wait-for-hugetlb-folios-to-be-freed.patch added to mm-unstable branch

by Andrew Morton

The patch titled Subject: mm/hugetlb: wait for hugetlb folios to be freed has been added to the -mm mm-unstable branch. Its filename is mm-hugetlb-wait-for-hugetlb-folios-to-be-freed.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Ge Yang <yangge1116(a)126.com> Subject: mm/hugetlb: wait for hugetlb folios to be freed Date: Tue, 18 Feb 2025 19:40:28 +0800 Since the introduction of commit c77c0a8ac4c52 ("mm/hugetlb: defer freeing of huge pages if in non-task context"), which supports deferring the freeing of hugetlb pages, the allocation of contiguous memory through cma_alloc() may fail probabilistically. In the CMA allocation process, if it is found that the CMA area is occupied by in-use hugetlb folios, these in-use hugetlb folios need to be migrated to another location. When there are no available hugetlb folios in the free hugetlb pool during the migration of in-use hugetlb folios, new folios are allocated from the buddy system. A temporary state is set on the newly allocated folio. Upon completion of the hugetlb folio migration, the temporary state is transferred from the new folios to the old folios. Normally, when the old folios with the temporary state are freed, it is directly released back to the buddy system. However, due to the deferred freeing of hugetlb pages, the PageBuddy() check fails, ultimately leading to the failure of cma_alloc(). Here is a simplified call trace illustrating the process: cma_alloc() ->__alloc_contig_migrate_range() // Migrate in-use hugetlb folios ->unmap_and_move_huge_page() ->folio_putback_hugetlb() // Free old folios ->test_pages_isolated() ->__test_page_isolated_in_pageblock() ->PageBuddy(page) // Check if the page is in buddy To resolve this issue, we have implemented a function named wait_for_freed_hugetlb_folios(). This function ensures that the hugetlb folios are properly released back to the buddy system after their migration is completed. By invoking wait_for_freed_hugetlb_folios() before calling PageBuddy(), we ensure that PageBuddy() will succeed. Link: https://lkml.kernel.org/r/1739878828-9960-1-git-send-email-yangge1116@126.c… Fixes: c77c0a8ac4c52 ("mm/hugetlb: defer freeing of huge pages if in non-task context") Signed-off-by: Ge Yang <yangge1116(a)126.com> Acked-by: David Hildenbrand <david(a)redhat.com> Cc: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: Barry Song <21cnbao(a)gmail.com> Cc: Muchun Song <muchun.song(a)linux.dev> Cc: Oscar Salvador <osalvador(a)suse.de> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/hugetlb.h | 5 +++++ mm/hugetlb.c | 5 +++++ mm/page_isolation.c | 10 ++++++++++ 3 files changed, 20 insertions(+) --- a/include/linux/hugetlb.h~mm-hugetlb-wait-for-hugetlb-folios-to-be-freed +++ a/include/linux/hugetlb.h @@ -697,6 +697,7 @@ bool hugetlb_bootmem_page_zones_valid(in int isolate_or_dissolve_huge_page(struct page *page, struct list_head *list); int replace_free_hugepage_folios(unsigned long start_pfn, unsigned long end_pfn); +void wait_for_freed_hugetlb_folios(void); struct folio *alloc_hugetlb_folio(struct vm_area_struct *vma, unsigned long addr, bool cow_from_owner); struct folio *alloc_hugetlb_folio_nodemask(struct hstate *h, int preferred_nid, @@ -1092,6 +1093,10 @@ static inline int replace_free_hugepage_ return 0; } +static inline void wait_for_freed_hugetlb_folios(void) +{ +} + static inline struct folio *alloc_hugetlb_folio(struct vm_area_struct *vma, unsigned long addr, bool cow_from_owner) --- a/mm/hugetlb.c~mm-hugetlb-wait-for-hugetlb-folios-to-be-freed +++ a/mm/hugetlb.c @@ -2955,6 +2955,11 @@ int replace_free_hugepage_folios(unsigne return ret; } +void wait_for_freed_hugetlb_folios(void) +{ + flush_work(&free_hpage_work); +} + typedef enum { /* * For either 0/1: we checked the per-vma resv map, and one resv --- a/mm/page_isolation.c~mm-hugetlb-wait-for-hugetlb-folios-to-be-freed +++ a/mm/page_isolation.c @@ -615,6 +615,16 @@ int test_pages_isolated(unsigned long st int ret; /* + * Due to the deferred freeing of hugetlb folios, the hugepage folios may + * not immediately release to the buddy system. This can cause PageBuddy() + * to fail in __test_page_isolated_in_pageblock(). To ensure that the + * hugetlb folios are properly released back to the buddy system, we + * invoke the wait_for_freed_hugetlb_folios() function to wait for the + * release to complete. + */ + wait_for_freed_hugetlb_folios(); + + /* * Note: pageblock_nr_pages != MAX_PAGE_ORDER. Then, chunks of free * pages are not aligned to pageblock_nr_pages. * Then we just check migratetype first. _ Patches currently in -mm which might be from yangge1116(a)126.com are mm-hugetlb-wait-for-hugepage-folios-to-be-freed.patch mm-hugetlb-wait-for-hugetlb-folios-to-be-freed.patch

4 months, 3 weeks

1
0
0 0

Re: [REGRESSION] xfs kernel panic

by Lorenz Brun

Am Mo., 17. Feb. 2025 um 16:00 Uhr schrieb Lorenz Brun <lorenz(a)monogon.tech>: > > Hi everyone, > > Linux 6.12.14 (released today) contains a regression for XFS, causing > a kernel panic after just a few seconds of working with a > freshly-created (xfsprogs 6.9) XFS filesystem. I have not yet bisected > this because I wanted to get this report out ASAP but I'm going to do > that now. There are multiple associated stack traces, but all of them > have xfs_buf_offset as the faulting function. > > Example backtrace: > [ 31.745932] BUG: kernel NULL pointer dereference, address: 0000000000000098 > [ 31.746590] #PF: supervisor read access in kernel mode > [ 31.747072] #PF: error_code(0x0000) - not-present page > [ 31.747537] PGD 5bee067 P4D 5bee067 PUD 5bef067 PMD 0 > [ 31.748016] Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI > [ 31.748459] CPU: 0 UID: 0 PID: 116 Comm: xfsaild/vda4 Not tainted > 6.12.14-metropolis #1 9b2470be3d7713b818a3236e4a2804dd9cbef735 > [ 31.749490] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), > BIOS 0.0.0 02/06/2015 > [ 31.750340] RIP: 0010:xfs_buf_offset+0x9/0x50 > [ 31.750823] Code: 08 5b e9 8a 2c c4 00 66 2e 0f 1f 84 00 00 00 00 > 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 0f 1f > 44 00 00 <48> 8b 87 98 00 00 00 48 85 c0 75 2e 48 8b 87 00 01 00 00 48 > 89 f2 > [ 31.752775] RSP: 0018:ffffbf50c07abdb8 EFLAGS: 00010246 > [ 31.753343] RAX: 0000000000000002 RBX: ffff9c0985817d58 RCX: 0000000000000016 > [ 31.754103] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 > [ 31.754734] RBP: 0000000000000000 R08: ffff9c09fb704000 R09: 00000000e0be9fc4 > [ 31.755396] R10: 0000000000000000 R11: ffff9c0985827df8 R12: ffff9c09fb57ff58 > [ 31.756078] R13: ffff9c0985817eb0 R14: ffff9c09fb704000 R15: ffff9c0985817f00 > [ 31.756764] FS: 0000000000000000(0000) GS:ffff9c09fc000000(0000) > knlGS:0000000000000000 > [ 31.757529] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > [ 31.758041] CR2: 0000000000000098 CR3: 0000000005b70000 CR4: 0000000000350ef0 > [ 31.758696] Call Trace: > [ 31.758940] <TASK> > [ 31.759172] ? __die+0x56/0x97 > [ 31.759473] ? page_fault_oops+0x15c/0x2d0 > [ 31.759853] ? exc_page_fault+0x4c5/0x790 > [ 31.760237] ? asm_exc_page_fault+0x26/0x30 > [ 31.760637] ? xfs_buf_offset+0x9/0x50 > [ 31.761002] ? srso_return_thunk+0x5/0x5f > [ 31.761409] xfs_qm_dqflush+0xd0/0x350 > [ 31.761799] xfs_qm_dquot_logitem_push+0xe9/0x140 > [ 31.762253] xfsaild+0x347/0xa10 > [ 31.762567] ? srso_return_thunk+0x5/0x5f > [ 31.762952] ? srso_return_thunk+0x5/0x5f > [ 31.763325] ? __pfx_xfsaild+0x10/0x10 > [ 31.763665] kthread+0xd2/0x100 > [ 31.763985] ? __pfx_kthread+0x10/0x10 > [ 31.764342] ret_from_fork+0x34/0x50 > [ 31.764675] ? __pfx_kthread+0x10/0x10 > [ 31.765029] ret_from_fork_asm+0x1a/0x30 > [ 31.765408] </TASK> > [ 31.765618] Modules linked in: kvm_amd > [ 31.765978] CR2: 0000000000000098 > [ 31.766297] ---[ end trace 0000000000000000 ]--- > [ 32.371004] RIP: 0010:xfs_buf_offset+0x9/0x50 > [ 32.371453] Code: 08 5b e9 8a 2c c4 00 66 2e 0f 1f 84 00 00 00 00 > 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 0f 1f > 44 00 00 <48> 8b 87 98 00 00 00 48 85 c0 75 2e 48 8b 87 00 01 00 00 48 > 89 f2 > [ 32.373133] RSP: 0018:ffffbf50c07abdb8 EFLAGS: 00010246 > [ 32.373611] RAX: 0000000000000002 RBX: ffff9c0985817d58 RCX: 0000000000000016 > [ 32.374275] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 > [ 32.374921] RBP: 0000000000000000 R08: ffff9c09fb704000 R09: 00000000e0be9fc4 > [ 32.375720] R10: 0000000000000000 R11: ffff9c0985827df8 R12: ffff9c09fb57ff58 > [ 32.376376] R13: ffff9c0985817eb0 R14: ffff9c09fb704000 R15: ffff9c0985817f00 > [ 32.377027] FS: 0000000000000000(0000) GS:ffff9c09fc000000(0000) > knlGS:0000000000000000 > [ 32.377761] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > [ 32.378292] CR2: 0000000000000098 CR3: 0000000005b70000 CR4: 0000000000350ef0 > [ 32.378940] Kernel panic - not syncing: Fatal exception > [ 32.379492] Kernel Offset: 0x2a600000 from 0xffffffff81000000 > (relocation range: 0xffffffff80000000-0xffffffffbfffffff) > > #regzbot introduced: v6.12.13..v6.12.14 > > Regards, > Lorenz Hi everyone, I root-caused this to 5808d420 ("xfs: attach dquot buffer to dquot log item buffer"), but needs reverting of the 3 follow-up commits (d331fc15, ee6984a2 and 84307caf) as well as they depend on the broken one. With that 6.12.14 passes our test suite again. Reproduction should be rather easy by just creating a fresh filesystem, mounting with "prjquota" and performing I/O. Regards, Lorenz

4 months, 3 weeks

3
4
0 0

[PATCH AUTOSEL 5.4 1/3] HID: intel-ish-hid: fix the length of MNG_SYNC_FW_CLOCK in doorbell

by Sasha Levin

From: Zhang Lixu <lixu.zhang(a)intel.com> [ Upstream commit 4b54ae69197b9f416baa0fceadff7e89075f8454 ] The timestamps in the Firmware log and HID sensor samples are incorrect. They show 1970-01-01 because the current IPC driver only uses the first 8 bytes of bootup time when synchronizing time with the firmware. The firmware converts the bootup time to UTC time, which results in the display of 1970-01-01. In write_ipc_from_queue(), when sending the MNG_SYNC_FW_CLOCK message, the clock is updated according to the definition of ipc_time_update_msg. However, in _ish_sync_fw_clock(), the message length is specified as the size of uint64_t when building the doorbell. As a result, the firmware only receives the first 8 bytes of struct ipc_time_update_msg. This patch corrects the length in the doorbell to ensure the entire ipc_time_update_msg is sent, fixing the timestamp issue. Signed-off-by: Zhang Lixu <lixu.zhang(a)intel.com> Acked-by: Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> Signed-off-by: Jiri Kosina <jkosina(a)suse.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/hid/intel-ish-hid/ipc/ipc.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/hid/intel-ish-hid/ipc/ipc.c b/drivers/hid/intel-ish-hid/ipc/ipc.c index 8f8dfdf64833e..871f043eeba1e 100644 --- a/drivers/hid/intel-ish-hid/ipc/ipc.c +++ b/drivers/hid/intel-ish-hid/ipc/ipc.c @@ -549,14 +549,14 @@ static void fw_reset_work_fn(struct work_struct *unused) static void _ish_sync_fw_clock(struct ishtp_device *dev) { static unsigned long prev_sync; - uint64_t usec; + struct ipc_time_update_msg time = {}; if (prev_sync && jiffies - prev_sync < 20 * HZ) return; prev_sync = jiffies; - usec = ktime_to_us(ktime_get_boottime()); - ipc_send_mng_msg(dev, MNG_SYNC_FW_CLOCK, &usec, sizeof(uint64_t)); + /* The fields of time would be updated while sending message */ + ipc_send_mng_msg(dev, MNG_SYNC_FW_CLOCK, &time, sizeof(time)); } /** -- 2.39.5

4 months, 3 weeks

1
2
0 0

[PATCH AUTOSEL 5.10 1/4] HID: intel-ish-hid: fix the length of MNG_SYNC_FW_CLOCK in doorbell

by Sasha Levin

From: Zhang Lixu <lixu.zhang(a)intel.com> [ Upstream commit 4b54ae69197b9f416baa0fceadff7e89075f8454 ] The timestamps in the Firmware log and HID sensor samples are incorrect. They show 1970-01-01 because the current IPC driver only uses the first 8 bytes of bootup time when synchronizing time with the firmware. The firmware converts the bootup time to UTC time, which results in the display of 1970-01-01. In write_ipc_from_queue(), when sending the MNG_SYNC_FW_CLOCK message, the clock is updated according to the definition of ipc_time_update_msg. However, in _ish_sync_fw_clock(), the message length is specified as the size of uint64_t when building the doorbell. As a result, the firmware only receives the first 8 bytes of struct ipc_time_update_msg. This patch corrects the length in the doorbell to ensure the entire ipc_time_update_msg is sent, fixing the timestamp issue. Signed-off-by: Zhang Lixu <lixu.zhang(a)intel.com> Acked-by: Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> Signed-off-by: Jiri Kosina <jkosina(a)suse.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/hid/intel-ish-hid/ipc/ipc.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/hid/intel-ish-hid/ipc/ipc.c b/drivers/hid/intel-ish-hid/ipc/ipc.c index a45ac7fa417b9..da896f5c74424 100644 --- a/drivers/hid/intel-ish-hid/ipc/ipc.c +++ b/drivers/hid/intel-ish-hid/ipc/ipc.c @@ -549,14 +549,14 @@ static void fw_reset_work_fn(struct work_struct *unused) static void _ish_sync_fw_clock(struct ishtp_device *dev) { static unsigned long prev_sync; - uint64_t usec; + struct ipc_time_update_msg time = {}; if (prev_sync && jiffies - prev_sync < 20 * HZ) return; prev_sync = jiffies; - usec = ktime_to_us(ktime_get_boottime()); - ipc_send_mng_msg(dev, MNG_SYNC_FW_CLOCK, &usec, sizeof(uint64_t)); + /* The fields of time would be updated while sending message */ + ipc_send_mng_msg(dev, MNG_SYNC_FW_CLOCK, &time, sizeof(time)); } /** -- 2.39.5

4 months, 3 weeks

1
3
0 0

[PATCH AUTOSEL 5.15 1/6] HID: intel-ish-hid: fix the length of MNG_SYNC_FW_CLOCK in doorbell

by Sasha Levin

From: Zhang Lixu <lixu.zhang(a)intel.com> [ Upstream commit 4b54ae69197b9f416baa0fceadff7e89075f8454 ] The timestamps in the Firmware log and HID sensor samples are incorrect. They show 1970-01-01 because the current IPC driver only uses the first 8 bytes of bootup time when synchronizing time with the firmware. The firmware converts the bootup time to UTC time, which results in the display of 1970-01-01. In write_ipc_from_queue(), when sending the MNG_SYNC_FW_CLOCK message, the clock is updated according to the definition of ipc_time_update_msg. However, in _ish_sync_fw_clock(), the message length is specified as the size of uint64_t when building the doorbell. As a result, the firmware only receives the first 8 bytes of struct ipc_time_update_msg. This patch corrects the length in the doorbell to ensure the entire ipc_time_update_msg is sent, fixing the timestamp issue. Signed-off-by: Zhang Lixu <lixu.zhang(a)intel.com> Acked-by: Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> Signed-off-by: Jiri Kosina <jkosina(a)suse.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/hid/intel-ish-hid/ipc/ipc.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/hid/intel-ish-hid/ipc/ipc.c b/drivers/hid/intel-ish-hid/ipc/ipc.c index ba45605fc6b52..a48f7cd514b0f 100644 --- a/drivers/hid/intel-ish-hid/ipc/ipc.c +++ b/drivers/hid/intel-ish-hid/ipc/ipc.c @@ -577,14 +577,14 @@ static void fw_reset_work_fn(struct work_struct *unused) static void _ish_sync_fw_clock(struct ishtp_device *dev) { static unsigned long prev_sync; - uint64_t usec; + struct ipc_time_update_msg time = {}; if (prev_sync && jiffies - prev_sync < 20 * HZ) return; prev_sync = jiffies; - usec = ktime_to_us(ktime_get_boottime()); - ipc_send_mng_msg(dev, MNG_SYNC_FW_CLOCK, &usec, sizeof(uint64_t)); + /* The fields of time would be updated while sending message */ + ipc_send_mng_msg(dev, MNG_SYNC_FW_CLOCK, &time, sizeof(time)); } /** -- 2.39.5

4 months, 3 weeks

1
5
0 0

[PATCH AUTOSEL 6.1 01/13] HID: intel-ish-hid: fix the length of MNG_SYNC_FW_CLOCK in doorbell

by Sasha Levin

From: Zhang Lixu <lixu.zhang(a)intel.com> [ Upstream commit 4b54ae69197b9f416baa0fceadff7e89075f8454 ] The timestamps in the Firmware log and HID sensor samples are incorrect. They show 1970-01-01 because the current IPC driver only uses the first 8 bytes of bootup time when synchronizing time with the firmware. The firmware converts the bootup time to UTC time, which results in the display of 1970-01-01. In write_ipc_from_queue(), when sending the MNG_SYNC_FW_CLOCK message, the clock is updated according to the definition of ipc_time_update_msg. However, in _ish_sync_fw_clock(), the message length is specified as the size of uint64_t when building the doorbell. As a result, the firmware only receives the first 8 bytes of struct ipc_time_update_msg. This patch corrects the length in the doorbell to ensure the entire ipc_time_update_msg is sent, fixing the timestamp issue. Signed-off-by: Zhang Lixu <lixu.zhang(a)intel.com> Acked-by: Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> Signed-off-by: Jiri Kosina <jkosina(a)suse.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/hid/intel-ish-hid/ipc/ipc.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/hid/intel-ish-hid/ipc/ipc.c b/drivers/hid/intel-ish-hid/ipc/ipc.c index dd5fc60874ba1..b1a41c90c5741 100644 --- a/drivers/hid/intel-ish-hid/ipc/ipc.c +++ b/drivers/hid/intel-ish-hid/ipc/ipc.c @@ -577,14 +577,14 @@ static void fw_reset_work_fn(struct work_struct *unused) static void _ish_sync_fw_clock(struct ishtp_device *dev) { static unsigned long prev_sync; - uint64_t usec; + struct ipc_time_update_msg time = {}; if (prev_sync && time_before(jiffies, prev_sync + 20 * HZ)) return; prev_sync = jiffies; - usec = ktime_to_us(ktime_get_boottime()); - ipc_send_mng_msg(dev, MNG_SYNC_FW_CLOCK, &usec, sizeof(uint64_t)); + /* The fields of time would be updated while sending message */ + ipc_send_mng_msg(dev, MNG_SYNC_FW_CLOCK, &time, sizeof(time)); } /** -- 2.39.5

4 months, 3 weeks

1
12
0 0

[PATCH AUTOSEL 6.12 01/31] sched_ext: selftests/dsp_local_on: Fix sporadic failures

by Sasha Levin

From: Tejun Heo <tj(a)kernel.org> [ Upstream commit e9fe182772dcb2630964724fd93e9c90b68ea0fd ] dsp_local_on has several incorrect assumptions, one of which is that p->nr_cpus_allowed always tracks p->cpus_ptr. This is not true when a task is scheduled out while migration is disabled - p->cpus_ptr is temporarily overridden to the previous CPU while p->nr_cpus_allowed remains unchanged. This led to sporadic test faliures when dsp_local_on_dispatch() tries to put a migration disabled task to a different CPU. Fix it by keeping the previous CPU when migration is disabled. There are SCX schedulers that make use of p->nr_cpus_allowed. They should also implement explicit handling for p->migration_disabled. Signed-off-by: Tejun Heo <tj(a)kernel.org> Reported-by: Ihor Solodrai <ihor.solodrai(a)pm.me> Cc: Andrea Righi <arighi(a)nvidia.com> Cc: Changwoo Min <changwoo(a)igalia.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- tools/testing/selftests/sched_ext/dsp_local_on.bpf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/testing/selftests/sched_ext/dsp_local_on.bpf.c b/tools/testing/selftests/sched_ext/dsp_local_on.bpf.c index c9a2da0575a0f..eea06decb6f59 100644 --- a/tools/testing/selftests/sched_ext/dsp_local_on.bpf.c +++ b/tools/testing/selftests/sched_ext/dsp_local_on.bpf.c @@ -43,7 +43,7 @@ void BPF_STRUCT_OPS(dsp_local_on_dispatch, s32 cpu, struct task_struct *prev) if (!p) return; - if (p->nr_cpus_allowed == nr_cpus) + if (p->nr_cpus_allowed == nr_cpus && !p->migration_disabled) target = bpf_get_prandom_u32() % nr_cpus; else target = scx_bpf_task_cpu(p); -- 2.39.5

4 months, 3 weeks

1
30
0 0

[PATCH AUTOSEL 6.13 01/31] sched_ext: selftests/dsp_local_on: Fix sporadic failures

by Sasha Levin

From: Tejun Heo <tj(a)kernel.org> [ Upstream commit e9fe182772dcb2630964724fd93e9c90b68ea0fd ] dsp_local_on has several incorrect assumptions, one of which is that p->nr_cpus_allowed always tracks p->cpus_ptr. This is not true when a task is scheduled out while migration is disabled - p->cpus_ptr is temporarily overridden to the previous CPU while p->nr_cpus_allowed remains unchanged. This led to sporadic test faliures when dsp_local_on_dispatch() tries to put a migration disabled task to a different CPU. Fix it by keeping the previous CPU when migration is disabled. There are SCX schedulers that make use of p->nr_cpus_allowed. They should also implement explicit handling for p->migration_disabled. Signed-off-by: Tejun Heo <tj(a)kernel.org> Reported-by: Ihor Solodrai <ihor.solodrai(a)pm.me> Cc: Andrea Righi <arighi(a)nvidia.com> Cc: Changwoo Min <changwoo(a)igalia.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- tools/testing/selftests/sched_ext/dsp_local_on.bpf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/testing/selftests/sched_ext/dsp_local_on.bpf.c b/tools/testing/selftests/sched_ext/dsp_local_on.bpf.c index fbda6bf546712..758b479bd1ee1 100644 --- a/tools/testing/selftests/sched_ext/dsp_local_on.bpf.c +++ b/tools/testing/selftests/sched_ext/dsp_local_on.bpf.c @@ -43,7 +43,7 @@ void BPF_STRUCT_OPS(dsp_local_on_dispatch, s32 cpu, struct task_struct *prev) if (!p) return; - if (p->nr_cpus_allowed == nr_cpus) + if (p->nr_cpus_allowed == nr_cpus && !p->migration_disabled) target = bpf_get_prandom_u32() % nr_cpus; else target = scx_bpf_task_cpu(p); -- 2.39.5

4 months, 3 weeks

1
30
0 0

[PATCH v3] HID: corsair-void: Update power supply values with a unified work handler

by Stuart Hayhurst

corsair_void_process_receiver can be called from an interrupt context, locking battery_mutex in it was causing a kernel panic. Fix it by moving the critical section into its own work, sharing this work with battery_add_work and battery_remove_work to remove the need for any locking Closes: https://bugzilla.suse.com/show_bug.cgi?id=1236843 Fixes: 6ea2a6fd3872 ("HID: corsair-void: Add Corsair Void headset family driver") Cc: stable(a)vger.kernel.org Signed-off-by: Stuart Hayhurst <stuart.a.hayhurst(a)gmail.com> --- v2 -> v3: - Use an enum instead of a define for battery flag values - Use an integer instead of BIT() for the bit index - Drop unhelpful comments - Simplify corsair_void_battery_work_handler logic - Remove extra newline in commit message v1 -> v2: - Actually remove the mutex --- drivers/hid/hid-corsair-void.c | 83 ++++++++++++++++++---------------- 1 file changed, 43 insertions(+), 40 deletions(-) diff --git a/drivers/hid/hid-corsair-void.c b/drivers/hid/hid-corsair-void.c index 56e858066c3c..afbd67aa9719 100644 --- a/drivers/hid/hid-corsair-void.c +++ b/drivers/hid/hid-corsair-void.c @@ -71,11 +71,9 @@ #include <linux/bitfield.h> #include <linux/bitops.h> -#include <linux/cleanup.h> #include <linux/device.h> #include <linux/hid.h> #include <linux/module.h> -#include <linux/mutex.h> #include <linux/power_supply.h> #include <linux/usb.h> #include <linux/workqueue.h> @@ -120,6 +118,12 @@ enum { CORSAIR_VOID_BATTERY_CHARGING = 5, }; +enum { + CORSAIR_VOID_ADD_BATTERY = 0, + CORSAIR_VOID_REMOVE_BATTERY = 1, + CORSAIR_VOID_UPDATE_BATTERY = 2, +}; + static enum power_supply_property corsair_void_battery_props[] = { POWER_SUPPLY_PROP_STATUS, POWER_SUPPLY_PROP_PRESENT, @@ -155,12 +159,12 @@ struct corsair_void_drvdata { struct power_supply *battery; struct power_supply_desc battery_desc; - struct mutex battery_mutex; struct delayed_work delayed_status_work; struct delayed_work delayed_firmware_work; - struct work_struct battery_remove_work; - struct work_struct battery_add_work; + + unsigned long battery_work_flags; + struct work_struct battery_work; }; /* @@ -260,11 +264,9 @@ static void corsair_void_process_receiver(struct corsair_void_drvdata *drvdata, /* Inform power supply if battery values changed */ if (memcmp(&orig_battery_data, battery_data, sizeof(*battery_data))) { - scoped_guard(mutex, &drvdata->battery_mutex) { - if (drvdata->battery) { - power_supply_changed(drvdata->battery); - } - } + set_bit(CORSAIR_VOID_UPDATE_BATTERY, + &drvdata->battery_work_flags); + schedule_work(&drvdata->battery_work); } } @@ -536,29 +538,11 @@ static void corsair_void_firmware_work_handler(struct work_struct *work) } -static void corsair_void_battery_remove_work_handler(struct work_struct *work) -{ - struct corsair_void_drvdata *drvdata; - - drvdata = container_of(work, struct corsair_void_drvdata, - battery_remove_work); - scoped_guard(mutex, &drvdata->battery_mutex) { - if (drvdata->battery) { - power_supply_unregister(drvdata->battery); - drvdata->battery = NULL; - } - } -} - -static void corsair_void_battery_add_work_handler(struct work_struct *work) +static void corsair_void_add_battery(struct corsair_void_drvdata *drvdata) { - struct corsair_void_drvdata *drvdata; struct power_supply_config psy_cfg = {}; struct power_supply *new_supply; - drvdata = container_of(work, struct corsair_void_drvdata, - battery_add_work); - guard(mutex)(&drvdata->battery_mutex); if (drvdata->battery) return; @@ -583,16 +567,42 @@ static void corsair_void_battery_add_work_handler(struct work_struct *work) drvdata->battery = new_supply; } +static void corsair_void_battery_work_handler(struct work_struct *work) +{ + struct corsair_void_drvdata *drvdata = container_of(work, + struct corsair_void_drvdata, battery_work); + + bool add_battery = test_and_clear_bit(CORSAIR_VOID_ADD_BATTERY, + &drvdata->battery_work_flags); + bool remove_battery = test_and_clear_bit(CORSAIR_VOID_REMOVE_BATTERY, + &drvdata->battery_work_flags); + bool update_battery = test_and_clear_bit(CORSAIR_VOID_UPDATE_BATTERY, + &drvdata->battery_work_flags); + + if (add_battery && !remove_battery) { + corsair_void_add_battery(drvdata); + } else if (remove_battery && !add_battery && drvdata->battery) { + power_supply_unregister(drvdata->battery); + drvdata->battery = NULL; + } + + if (update_battery && drvdata->battery) + power_supply_changed(drvdata->battery); + +} + static void corsair_void_headset_connected(struct corsair_void_drvdata *drvdata) { - schedule_work(&drvdata->battery_add_work); + set_bit(CORSAIR_VOID_ADD_BATTERY, &drvdata->battery_work_flags); + schedule_work(&drvdata->battery_work); schedule_delayed_work(&drvdata->delayed_firmware_work, msecs_to_jiffies(100)); } static void corsair_void_headset_disconnected(struct corsair_void_drvdata *drvdata) { - schedule_work(&drvdata->battery_remove_work); + set_bit(CORSAIR_VOID_REMOVE_BATTERY, &drvdata->battery_work_flags); + schedule_work(&drvdata->battery_work); corsair_void_set_unknown_wireless_data(drvdata); corsair_void_set_unknown_batt(drvdata); @@ -678,13 +688,7 @@ static int corsair_void_probe(struct hid_device *hid_dev, drvdata->battery_desc.get_property = corsair_void_battery_get_property; drvdata->battery = NULL; - INIT_WORK(&drvdata->battery_remove_work, - corsair_void_battery_remove_work_handler); - INIT_WORK(&drvdata->battery_add_work, - corsair_void_battery_add_work_handler); - ret = devm_mutex_init(drvdata->dev, &drvdata->battery_mutex); - if (ret) - return ret; + INIT_WORK(&drvdata->battery_work, corsair_void_battery_work_handler); ret = sysfs_create_group(&hid_dev->dev.kobj, &corsair_void_attr_group); if (ret) @@ -721,8 +725,7 @@ static void corsair_void_remove(struct hid_device *hid_dev) struct corsair_void_drvdata *drvdata = hid_get_drvdata(hid_dev); hid_hw_stop(hid_dev); - cancel_work_sync(&drvdata->battery_remove_work); - cancel_work_sync(&drvdata->battery_add_work); + cancel_work_sync(&drvdata->battery_work); if (drvdata->battery) power_supply_unregister(drvdata->battery); -- 2.47.2

4 months, 3 weeks

4
4
0 0

[PATCH RFC 2/2] usb: typec: ucsi: increase timeout for PPM reset operations

by Fedor Pchelkin

It is observed that on some systems an initial PPM reset during the boot phase can trigger a timeout: [ 6.482546] ucsi_acpi USBC000:00: failed to reset PPM! [ 6.482551] ucsi_acpi USBC000:00: error -ETIMEDOUT: PPM init failed Still, increasing the timeout value, albeit being the most straightforward solution, eliminates the problem: the initial PPM reset may take up to ~8000-10000ms on some Lenovo laptops. When it is reset after the above period of time (or even if ucsi_reset_ppm() is not called overall), UCSI works as expected. Moreover, if the ucsi_acpi module is loaded/unloaded manually after the system has booted, reading the CCI values and resetting the PPM works perfectly, without any timeout. Thus it's only a boot-time issue. The reason for this behavior is not clear but it may be the consequence of some tricks that the firmware performs or be an actual firmware bug. As a workaround, increase the timeout to avoid failing the UCSI initialization prematurely. Fixes: b1b59e16075f ("usb: typec: ucsi: Increase command completion timeout value") Cc: stable(a)vger.kernel.org Signed-off-by: Fedor Pchelkin <boddah8794(a)gmail.com> --- drivers/usb/typec/ucsi/ucsi.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/usb/typec/ucsi/ucsi.c b/drivers/usb/typec/ucsi/ucsi.c index 0fe1476f4c29..7a56d3f840d7 100644 --- a/drivers/usb/typec/ucsi/ucsi.c +++ b/drivers/usb/typec/ucsi/ucsi.c @@ -25,7 +25,7 @@ * difficult to estimate the time it takes for the system to process the command * before it is actually passed to the PPM. */ -#define UCSI_TIMEOUT_MS 5000 +#define UCSI_TIMEOUT_MS 10000 /* * UCSI_SWAP_TIMEOUT_MS - Timeout for role swap requests -- 2.48.1

4 months, 3 weeks

4
5
0 0

[PATCH vhost] vdpa/mlx5: Fix oversized null mkey longer than 32bit

by Dragos Tatulea

From: Si-Wei Liu <si-wei.liu(a)oracle.com> create_user_mr() has correct code to count the number of null keys used to fill in a hole for the memory map. However, fill_indir() does not follow the same to cap the range up to the 1GB limit correspondinly. Fill in more null keys for the gaps in between, so that null keys are correctly populated. Fixes: 94abbccdf291 ("vdpa/mlx5: Add shared memory registration code") Cc: stable(a)vger.kernel.org Signed-off-by: Si-Wei Liu <si-wei.liu(a)oracle.com> Signed-off-by: Dragos Tatulea <dtatulea(a)nvidia.com> --- drivers/vdpa/mlx5/core/mr.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/drivers/vdpa/mlx5/core/mr.c b/drivers/vdpa/mlx5/core/mr.c index 8455f08f5d40..61424342c096 100644 --- a/drivers/vdpa/mlx5/core/mr.c +++ b/drivers/vdpa/mlx5/core/mr.c @@ -190,9 +190,12 @@ static void fill_indir(struct mlx5_vdpa_dev *mvdev, struct mlx5_vdpa_mr *mkey, v klm->bcount = cpu_to_be32(klm_bcount(dmr->end - dmr->start)); preve = dmr->end; } else { + u64 bcount = min_t(u64, dmr->start - preve, MAX_KLM_SIZE); + klm->key = cpu_to_be32(mvdev->res.null_mkey); - klm->bcount = cpu_to_be32(klm_bcount(dmr->start - preve)); - preve = dmr->start; + klm->bcount = cpu_to_be32(klm_bcount(bcount)); + preve += bcount; + goto again; } } -- 2.43.0

4 months, 3 weeks

2
2
0 0

[REGRESSION] stable-rc/linux-6.1.y: (build) stack frame size (2488) exceeds limit (2048) in 'dml31_ModeSupport...

by KernelCI bot

Hello, New build issue found on stable-rc/linux-6.1.y: --- stack frame size (2488) exceeds limit (2048) in 'dml31_ModeSupportAndSystemConfigurationFull' [-Werror,-Wframe-larger-than] in drivers/gpu/drm/amd/amdgpu/../display/dc/dml/dcn31/display_mode_vba_31.o (drivers/gpu/drm/amd/amdgpu/../display/dc/dml/dcn31/display_mode_vba_31.c) [logspec:kbuild,kbuild.compiler.error] --- - dashboard: https://d.kernelci.org/issue/maestro:bd2798b6baf3af3d8f6fcf670eac9f5235e8b3… - giturl: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git - commit HEAD: c703a7b9b55f8b3d701c14cd8d841ead509baa08 Log excerpt: ===================================================== drivers/gpu/drm/amd/amdgpu/../display/dc/dml/dcn31/display_mode_vba_31.c:3795:6: error: stack frame size (2488) exceeds limit (2048) in 'dml31_ModeSupportAndSystemConfigurationFull' [-Werror,-Wframe-larger-than] 3795 | void dml31_ModeSupportAndSystemConfigurationFull(struct display_mode_lib *mode_lib) | ^ 1 error generated. ===================================================== # Builds where the incident occurred: ## x86_64_defconfig on (x86_64): - compiler: clang-17 - dashboard: https://d.kernelci.org/build/maestro:67b4a3dc50b59caecce1cb05 #kernelci issue maestro:bd2798b6baf3af3d8f6fcf670eac9f5235e8b3a6 Reported-by: kernelci.org bot <bot(a)kernelci.org> -- This is an experimental report format. Please send feedback in! Talk to us at kernelci(a)lists.linux.dev Made with love by the KernelCI team - https://kernelci.org

4 months, 3 weeks

1
0
0 0

[PATCH 2/5] ftrace: Do not add duplicate entries in subops manager ops

by Steven Rostedt

From: Steven Rostedt <rostedt(a)goodmis.org> Check if a function is already in the manager ops of a subops. A manager ops contains multiple subops, and if two or more subops are tracing the same function, the manager ops only needs a single entry in its hash. Cc: stable(a)vger.kernel.org Fixes: 4f554e955614f ("ftrace: Add ftrace_set_filter_ips function") Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- kernel/trace/ftrace.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c index 03b35a05808c..189eb0a12f4b 100644 --- a/kernel/trace/ftrace.c +++ b/kernel/trace/ftrace.c @@ -5717,6 +5717,9 @@ __ftrace_match_addr(struct ftrace_hash *hash, unsigned long ip, int remove) return -ENOENT; free_hash_entry(hash, entry); return 0; + } else if (__ftrace_lookup_ip(hash, ip) != NULL) { + /* Already exists */ + return 0; } entry = add_hash_entry(hash, ip); -- 2.47.2

4 months, 3 weeks

1
0
0 0

[PATCH 1/5] ftrace: Fix accounting of adding subops to a manager ops

by Steven Rostedt

From: Steven Rostedt <rostedt(a)goodmis.org> Function graph uses a subops and manager ops mechanism to attach to ftrace. The manager ops connects to ftrace and the functions it connects to is defined by a list of subops that it manages. The function hash that defines what the above ops attaches to limits the functions to attach if the hash has any content. If the hash is empty, it means to trace all functions. The creation of the manager ops hash is done by iterating over all the subops hashes. If any of the subops hashes is empty, it means that the manager ops hash must trace all functions as well. The issue is in the creation of the manager ops. When a second subops is attached, a new hash is created by starting it as NULL and adding the subops one at a time. But the NULL ops is mistaken as an empty hash, and once an empty hash is found, it stops the loop of subops and just enables all functions. # echo "f:myevent1 kernel_clone" >> /sys/kernel/tracing/dynamic_events # cat /sys/kernel/tracing/enabled_functions kernel_clone (1) tramp: 0xffffffffc0309000 (ftrace_graph_func+0x0/0x60) ->ftrace_graph_func+0x0/0x60 # echo "f:myevent2 schedule_timeout" >> /sys/kernel/tracing/dynamic_events # cat /sys/kernel/tracing/enabled_functions trace_initcall_start_cb (1) tramp: 0xffffffffc0309000 (ftrace_graph_func+0x0/0x60) ->ftrace_graph_func+0x0/0x60 run_init_process (1) tramp: 0xffffffffc0309000 (ftrace_graph_func+0x0/0x60) ->ftrace_graph_func+0x0/0x60 try_to_run_init_process (1) tramp: 0xffffffffc0309000 (ftrace_graph_func+0x0/0x60) ->ftrace_graph_func+0x0/0x60 x86_pmu_show_pmu_cap (1) tramp: 0xffffffffc0309000 (ftrace_graph_func+0x0/0x60) ->ftrace_graph_func+0x0/0x60 cleanup_rapl_pmus (1) tramp: 0xffffffffc0309000 (ftrace_graph_func+0x0/0x60) ->ftrace_graph_func+0x0/0x60 uncore_free_pcibus_map (1) tramp: 0xffffffffc0309000 (ftrace_graph_func+0x0/0x60) ->ftrace_graph_func+0x0/0x60 uncore_types_exit (1) tramp: 0xffffffffc0309000 (ftrace_graph_func+0x0/0x60) ->ftrace_graph_func+0x0/0x60 uncore_pci_exit.part.0 (1) tramp: 0xffffffffc0309000 (ftrace_graph_func+0x0/0x60) ->ftrace_graph_func+0x0/0x60 kvm_shutdown (1) tramp: 0xffffffffc0309000 (ftrace_graph_func+0x0/0x60) ->ftrace_graph_func+0x0/0x60 vmx_dump_msrs (1) tramp: 0xffffffffc0309000 (ftrace_graph_func+0x0/0x60) ->ftrace_graph_func+0x0/0x60 vmx_cleanup_l1d_flush (1) tramp: 0xffffffffc0309000 (ftrace_graph_func+0x0/0x60) ->ftrace_graph_func+0x0/0x60 [..] Fix this by initializing the new hash to NULL and if the hash is NULL do not treat it as an empty hash but instead allocate by copying the content of the first sub ops. Then on subsequent iterations, the new hash will not be NULL, but the content of the previous subops. If that first subops attached to all functions, then new hash may assume that the manager ops also needs to attach to all functions. Cc: stable(a)vger.kernel.org Fixes: 5fccc7552ccbc ("ftrace: Add subops logic to allow one ops to manage many") Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- kernel/trace/ftrace.c | 30 ++++++++++++++++++++---------- 1 file changed, 20 insertions(+), 10 deletions(-) diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c index 728ecda6e8d4..03b35a05808c 100644 --- a/kernel/trace/ftrace.c +++ b/kernel/trace/ftrace.c @@ -3220,15 +3220,22 @@ static struct ftrace_hash *copy_hash(struct ftrace_hash *src) * The filter_hash updates uses just the append_hash() function * and the notrace_hash does not. */ -static int append_hash(struct ftrace_hash **hash, struct ftrace_hash *new_hash) +static int append_hash(struct ftrace_hash **hash, struct ftrace_hash *new_hash, + int size_bits) { struct ftrace_func_entry *entry; int size; int i; - /* An empty hash does everything */ - if (ftrace_hash_empty(*hash)) - return 0; + if (*hash) { + /* An empty hash does everything */ + if (ftrace_hash_empty(*hash)) + return 0; + } else { + *hash = alloc_ftrace_hash(size_bits); + if (!*hash) + return -ENOMEM; + } /* If new_hash has everything make hash have everything */ if (ftrace_hash_empty(new_hash)) { @@ -3292,16 +3299,18 @@ static int intersect_hash(struct ftrace_hash **hash, struct ftrace_hash *new_has /* Return a new hash that has a union of all @ops->filter_hash entries */ static struct ftrace_hash *append_hashes(struct ftrace_ops *ops) { - struct ftrace_hash *new_hash; + struct ftrace_hash *new_hash = NULL; struct ftrace_ops *subops; + int size_bits; int ret; - new_hash = alloc_ftrace_hash(ops->func_hash->filter_hash->size_bits); - if (!new_hash) - return NULL; + if (ops->func_hash->filter_hash) + size_bits = ops->func_hash->filter_hash->size_bits; + else + size_bits = FTRACE_HASH_DEFAULT_BITS; list_for_each_entry(subops, &ops->subop_list, list) { - ret = append_hash(&new_hash, subops->func_hash->filter_hash); + ret = append_hash(&new_hash, subops->func_hash->filter_hash, size_bits); if (ret < 0) { free_ftrace_hash(new_hash); return NULL; @@ -3505,7 +3514,8 @@ int ftrace_startup_subops(struct ftrace_ops *ops, struct ftrace_ops *subops, int filter_hash = alloc_and_copy_ftrace_hash(size_bits, ops->func_hash->filter_hash); if (!filter_hash) return -ENOMEM; - ret = append_hash(&filter_hash, subops->func_hash->filter_hash); + ret = append_hash(&filter_hash, subops->func_hash->filter_hash, + size_bits); if (ret < 0) { free_ftrace_hash(filter_hash); return ret; -- 2.47.2

4 months, 3 weeks

1
0
0 0

[REGRESSION] stable-rc/linux-5.4.y: (build) ./arch/mips/include/asm/syscall.h:66:28: error: ‘struct pt_regs’ h...

by KernelCI bot

Hello, New build issue found on stable-rc/linux-5.4.y: --- ./arch/mips/include/asm/syscall.h:66:28: error: ‘struct pt_regs’ has no member named ‘args’ in arch/mips/kernel/ptrace.o (arch/mips/kernel/ptrace.c) [logspec:kbuild,kbuild.compiler.error] --- - dashboard: https://d.kernelci.org/issue/maestro:609e973861db59e6d6e75d96a9f0f0a24ba09b… - giturl: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git - commit HEAD: 46b505f46fed8d28d9f0cf8e2aace766b99e48ce Log excerpt: ===================================================== In file included from arch/mips/kernel/ptrace.c:45: ./arch/mips/include/asm/syscall.h: In function ‘mips_get_syscall_arg’: ./arch/mips/include/asm/syscall.h:66:28: error: ‘struct pt_regs’ has no member named ‘args’ 66 | *arg = regs->args[n]; | ^~ ===================================================== # Builds where the incident occurred: ## 32r2el_defconfig on (mips): - compiler: gcc-12 - dashboard: https://d.kernelci.org/build/maestro:67b4a28b50b59caecce1c871 #kernelci issue maestro:609e973861db59e6d6e75d96a9f0f0a24ba09ba0 Reported-by: kernelci.org bot <bot(a)kernelci.org> -- This is an experimental report format. Please send feedback in! Talk to us at kernelci(a)lists.linux.dev Made with love by the KernelCI team - https://kernelci.org

4 months, 3 weeks

1
0
0 0

[PATCH v3] ACPI: platform-profile: Fix CFI violation when accessing sysfs files

by Nathan Chancellor

When an attribute group is created with sysfs_create_group(), the ->sysfs_ops() callback is set to kobj_sysfs_ops, which sets the ->show() and ->store() callbacks to kobj_attr_show() and kobj_attr_store() respectively. These functions use container_of() to get the respective callback from the passed attribute, meaning that these callbacks need to be the same type as the callbacks in 'struct kobj_attribute'. However, the platform_profile sysfs functions have the type of the ->show() and ->store() callbacks in 'struct device_attribute', which results a CFI violation when accessing platform_profile or platform_profile_choices under /sys/firmware/acpi because the types do not match: CFI failure at kobj_attr_show+0x19/0x30 (target: platform_profile_choices_show+0x0/0x140; expected type: 0x7a69590c) There is no functional issue from the type mismatch because the layout of 'struct kobj_attribute' and 'struct device_attribute' are the same, so the container_of() cast does not break anything aside from CFI. Change the type of platform_profile_choices_show() and platform_profile_{show,store}() to match the callbacks in 'struct kobj_attribute' and update the attribute variables to match, which resolves the CFI violation. Cc: stable(a)vger.kernel.org Fixes: a2ff95e018f1 ("ACPI: platform: Add platform profile support") Reported-by: John Rowley <lkml(a)johnrowley.me> Closes: https://github.com/ClangBuiltLinux/linux/issues/2047 Tested-by: John Rowley <lkml(a)johnrowley.me> Reviewed-by: Sami Tolvanen <samitolvanen(a)google.com> Signed-off-by: Nathan Chancellor <nathan(a)kernel.org> --- Changes in v3: - Rebase on 6.14-rc1, which includes updates to the driver to address Greg's previous concerns but this change is still needed for the legacy sysfs interface. v2 can be used for the stable backport. - Link to v2: https://lore.kernel.org/r/20241118-acpi-platform_profile-fix-cfi-violation-… Changes in v2: - Rebase on linux-pm/acpi - Pick up Sami's reviewed-by tag - Adjust wording around why there is no functional issue from the mismatched types - Link to v1: https://lore.kernel.org/r/20240819-acpi-platform_profile-fix-cfi-violation-… --- drivers/acpi/platform_profile.c | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/drivers/acpi/platform_profile.c b/drivers/acpi/platform_profile.c index fc92e43d0fe9..1b6317f759f9 100644 --- a/drivers/acpi/platform_profile.c +++ b/drivers/acpi/platform_profile.c @@ -260,14 +260,14 @@ static int _aggregate_choices(struct device *dev, void *data) /** * platform_profile_choices_show - Show the available profile choices for legacy sysfs interface - * @dev: The device + * @kobj: The kobject * @attr: The attribute * @buf: The buffer to write to * * Return: The number of bytes written */ -static ssize_t platform_profile_choices_show(struct device *dev, - struct device_attribute *attr, +static ssize_t platform_profile_choices_show(struct kobject *kobj, + struct kobj_attribute *attr, char *buf) { unsigned long aggregate[BITS_TO_LONGS(PLATFORM_PROFILE_LAST)]; @@ -333,14 +333,14 @@ static int _store_and_notify(struct device *dev, void *data) /** * platform_profile_show - Show the current profile for legacy sysfs interface - * @dev: The device + * @kobj: The kobject * @attr: The attribute * @buf: The buffer to write to * * Return: The number of bytes written */ -static ssize_t platform_profile_show(struct device *dev, - struct device_attribute *attr, +static ssize_t platform_profile_show(struct kobject *kobj, + struct kobj_attribute *attr, char *buf) { enum platform_profile_option profile = PLATFORM_PROFILE_LAST; @@ -362,15 +362,15 @@ static ssize_t platform_profile_show(struct device *dev, /** * platform_profile_store - Set the profile for legacy sysfs interface - * @dev: The device + * @kobj: The kobject * @attr: The attribute * @buf: The buffer to read from * @count: The number of bytes to read * * Return: The number of bytes read */ -static ssize_t platform_profile_store(struct device *dev, - struct device_attribute *attr, +static ssize_t platform_profile_store(struct kobject *kobj, + struct kobj_attribute *attr, const char *buf, size_t count) { unsigned long choices[BITS_TO_LONGS(PLATFORM_PROFILE_LAST)]; @@ -401,12 +401,12 @@ static ssize_t platform_profile_store(struct device *dev, return count; } -static DEVICE_ATTR_RO(platform_profile_choices); -static DEVICE_ATTR_RW(platform_profile); +static struct kobj_attribute attr_platform_profile_choices = __ATTR_RO(platform_profile_choices); +static struct kobj_attribute attr_platform_profile = __ATTR_RW(platform_profile); static struct attribute *platform_profile_attrs[] = { - &dev_attr_platform_profile_choices.attr, - &dev_attr_platform_profile.attr, + &attr_platform_profile_choices.attr, + &attr_platform_profile.attr, NULL }; --- base-commit: 2014c95afecee3e76ca4a56956a936e23283f05b change-id: 20240819-acpi-platform_profile-fix-cfi-violation-de278753bd5f Best regards, -- Nathan Chancellor <nathan(a)kernel.org>

4 months, 3 weeks

4
5
0 0

Re: Patch "s390/qeth: move netif_napi_add_tx() and napi_enable() from under BH" has been added to the 6.13-stable tree

by Alexandra Winter

On 18.02.25 13:36, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > s390/qeth: move netif_napi_add_tx() and napi_enable() from under BH > > to the 6.13-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > s390-qeth-move-netif_napi_add_tx-and-napi_enable-fro.patch > and it can be found in the queue-6.13 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > Hello Sasha, this is a fix for a regression that was introduced with v6.14-rc1. So I do not think it needs to go into 6.13 stable tree. But it does not hurt either. > > > commit 48eda8093b86b426078bd245a9b4fbc5d057c436 > Author: Alexandra Winter <wintera(a)linux.ibm.com> > Date: Wed Feb 12 17:36:59 2025 +0100 > > s390/qeth: move netif_napi_add_tx() and napi_enable() from under BH > > [ Upstream commit 0d0b752f2497471ddd2b32143d167d42e18a8f3c ] > > Like other drivers qeth is calling local_bh_enable() after napi_schedule() > to kick-start softirqs [0]. > Since netif_napi_add_tx() and napi_enable() now take the netdev_lock() > mutex [1], move them out from under the BH protection. Same solution as in > commit a60558644e20 ("wifi: mt76: move napi_enable() from under BH") > > Fixes: 1b23cdbd2bbc ("net: protect netdev->napi_list with netdev_lock()") > Link: https://lore.kernel.org/netdev/20240612181900.4d9d18d0@kernel.org/ [0] > Link: https://lore.kernel.org/netdev/20250115035319.559603-1-kuba@kernel.org/ [1] > Signed-off-by: Alexandra Winter <wintera(a)linux.ibm.com> > Acked-by: Joe Damato <jdamato(a)fastly.com> > Link: https://patch.msgid.link/20250212163659.2287292-1-wintera@linux.ibm.com > Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> > Signed-off-by: Sasha Levin <sashal(a)kernel.org> > > diff --git a/drivers/s390/net/qeth_core_main.c b/drivers/s390/net/qeth_core_main.c > index a3adaec5504e4..20328d695ef92 100644 > --- a/drivers/s390/net/qeth_core_main.c > +++ b/drivers/s390/net/qeth_core_main.c > @@ -7050,14 +7050,16 @@ int qeth_open(struct net_device *dev) > card->data.state = CH_STATE_UP; > netif_tx_start_all_queues(dev); > > - local_bh_disable(); > qeth_for_each_output_queue(card, queue, i) { > netif_napi_add_tx(dev, &queue->napi, qeth_tx_poll); > napi_enable(&queue->napi); > - napi_schedule(&queue->napi); > } > - > napi_enable(&card->napi); > + > + local_bh_disable(); > + qeth_for_each_output_queue(card, queue, i) { > + napi_schedule(&queue->napi); > + } > napi_schedule(&card->napi); > /* kick-start the NAPI softirq: */ > local_bh_enable();

4 months, 3 weeks

2
3
0 0

FAILED: patch "[PATCH] Revert "net: skb: introduce and use a single page frag cache"" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 011b0335903832facca86cd8ed05d7d8d94c9c76 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021859-renewal-onto-1877@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 011b0335903832facca86cd8ed05d7d8d94c9c76 Mon Sep 17 00:00:00 2001 From: Paolo Abeni <pabeni(a)redhat.com> Date: Thu, 6 Feb 2025 22:28:48 +0100 Subject: [PATCH] Revert "net: skb: introduce and use a single page frag cache" This reverts commit dbae2b062824 ("net: skb: introduce and use a single page frag cache"). The intended goal of such change was to counter a performance regression introduced by commit 3226b158e67c ("net: avoid 32 x truesize under-estimation for tiny skbs"). Unfortunately, the blamed commit introduces another regression for the virtio_net driver. Such a driver calls napi_alloc_skb() with a tiny size, so that the whole head frag could fit a 512-byte block. The single page frag cache uses a 1K fragment for such allocation, and the additional overhead, under small UDP packets flood, makes the page allocator a bottleneck. Thanks to commit bf9f1baa279f ("net: add dedicated kmem_cache for typical/small skb->head"), this revert does not re-introduce the original regression. Actually, in the relevant test on top of this revert, I measure a small but noticeable positive delta, just above noise level. The revert itself required some additional mangling due to the introduction of the SKB_HEAD_ALIGN() helper and local lock infra in the affected code. Suggested-by: Eric Dumazet <edumazet(a)google.com> Fixes: dbae2b062824 ("net: skb: introduce and use a single page frag cache") Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> Link: https://patch.msgid.link/e649212fde9f0fdee23909ca0d14158d32bb7425.173887729… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h index c0a86afb85da..365f0e2098d1 100644 --- a/include/linux/netdevice.h +++ b/include/linux/netdevice.h @@ -4115,7 +4115,6 @@ void netif_receive_skb_list(struct list_head *head); gro_result_t napi_gro_receive(struct napi_struct *napi, struct sk_buff *skb); void napi_gro_flush(struct napi_struct *napi, bool flush_old); struct sk_buff *napi_get_frags(struct napi_struct *napi); -void napi_get_frags_check(struct napi_struct *napi); gro_result_t napi_gro_frags(struct napi_struct *napi); static inline void napi_free_frags(struct napi_struct *napi) diff --git a/net/core/dev.c b/net/core/dev.c index b91658e8aedb..55e356a68db6 100644 --- a/net/core/dev.c +++ b/net/core/dev.c @@ -6920,6 +6920,23 @@ netif_napi_dev_list_add(struct net_device *dev, struct napi_struct *napi) list_add_rcu(&napi->dev_list, higher); /* adds after higher */ } +/* Double check that napi_get_frags() allocates skbs with + * skb->head being backed by slab, not a page fragment. + * This is to make sure bug fixed in 3226b158e67c + * ("net: avoid 32 x truesize under-estimation for tiny skbs") + * does not accidentally come back. + */ +static void napi_get_frags_check(struct napi_struct *napi) +{ + struct sk_buff *skb; + + local_bh_disable(); + skb = napi_get_frags(napi); + WARN_ON_ONCE(skb && skb->head_frag); + napi_free_frags(napi); + local_bh_enable(); +} + void netif_napi_add_weight_locked(struct net_device *dev, struct napi_struct *napi, int (*poll)(struct napi_struct *, int), diff --git a/net/core/skbuff.c b/net/core/skbuff.c index a441613a1e6c..6a99c453397f 100644 --- a/net/core/skbuff.c +++ b/net/core/skbuff.c @@ -220,67 +220,9 @@ static void skb_under_panic(struct sk_buff *skb, unsigned int sz, void *addr) #define NAPI_SKB_CACHE_BULK 16 #define NAPI_SKB_CACHE_HALF (NAPI_SKB_CACHE_SIZE / 2) -#if PAGE_SIZE == SZ_4K - -#define NAPI_HAS_SMALL_PAGE_FRAG 1 -#define NAPI_SMALL_PAGE_PFMEMALLOC(nc) ((nc).pfmemalloc) - -/* specialized page frag allocator using a single order 0 page - * and slicing it into 1K sized fragment. Constrained to systems - * with a very limited amount of 1K fragments fitting a single - * page - to avoid excessive truesize underestimation - */ - -struct page_frag_1k { - void *va; - u16 offset; - bool pfmemalloc; -}; - -static void *page_frag_alloc_1k(struct page_frag_1k *nc, gfp_t gfp) -{ - struct page *page; - int offset; - - offset = nc->offset - SZ_1K; - if (likely(offset >= 0)) - goto use_frag; - - page = alloc_pages_node(NUMA_NO_NODE, gfp, 0); - if (!page) - return NULL; - - nc->va = page_address(page); - nc->pfmemalloc = page_is_pfmemalloc(page); - offset = PAGE_SIZE - SZ_1K; - page_ref_add(page, offset / SZ_1K); - -use_frag: - nc->offset = offset; - return nc->va + offset; -} -#else - -/* the small page is actually unused in this build; add dummy helpers - * to please the compiler and avoid later preprocessor's conditionals - */ -#define NAPI_HAS_SMALL_PAGE_FRAG 0 -#define NAPI_SMALL_PAGE_PFMEMALLOC(nc) false - -struct page_frag_1k { -}; - -static void *page_frag_alloc_1k(struct page_frag_1k *nc, gfp_t gfp_mask) -{ - return NULL; -} - -#endif - struct napi_alloc_cache { local_lock_t bh_lock; struct page_frag_cache page; - struct page_frag_1k page_small; unsigned int skb_count; void *skb_cache[NAPI_SKB_CACHE_SIZE]; }; @@ -290,23 +232,6 @@ static DEFINE_PER_CPU(struct napi_alloc_cache, napi_alloc_cache) = { .bh_lock = INIT_LOCAL_LOCK(bh_lock), }; -/* Double check that napi_get_frags() allocates skbs with - * skb->head being backed by slab, not a page fragment. - * This is to make sure bug fixed in 3226b158e67c - * ("net: avoid 32 x truesize under-estimation for tiny skbs") - * does not accidentally come back. - */ -void napi_get_frags_check(struct napi_struct *napi) -{ - struct sk_buff *skb; - - local_bh_disable(); - skb = napi_get_frags(napi); - WARN_ON_ONCE(!NAPI_HAS_SMALL_PAGE_FRAG && skb && skb->head_frag); - napi_free_frags(napi); - local_bh_enable(); -} - void *__napi_alloc_frag_align(unsigned int fragsz, unsigned int align_mask) { struct napi_alloc_cache *nc = this_cpu_ptr(&napi_alloc_cache); @@ -813,10 +738,8 @@ struct sk_buff *napi_alloc_skb(struct napi_struct *napi, unsigned int len) /* If requested length is either too small or too big, * we use kmalloc() for skb->head allocation. - * When the small frag allocator is available, prefer it over kmalloc - * for small fragments */ - if ((!NAPI_HAS_SMALL_PAGE_FRAG && len <= SKB_WITH_OVERHEAD(1024)) || + if (len <= SKB_WITH_OVERHEAD(1024) || len > SKB_WITH_OVERHEAD(PAGE_SIZE) || (gfp_mask & (__GFP_DIRECT_RECLAIM | GFP_DMA))) { skb = __alloc_skb(len, gfp_mask, SKB_ALLOC_RX | SKB_ALLOC_NAPI, @@ -826,32 +749,16 @@ struct sk_buff *napi_alloc_skb(struct napi_struct *napi, unsigned int len) goto skb_success; } + len = SKB_HEAD_ALIGN(len); + if (sk_memalloc_socks()) gfp_mask |= __GFP_MEMALLOC; local_lock_nested_bh(&napi_alloc_cache.bh_lock); nc = this_cpu_ptr(&napi_alloc_cache); - if (NAPI_HAS_SMALL_PAGE_FRAG && len <= SKB_WITH_OVERHEAD(1024)) { - /* we are artificially inflating the allocation size, but - * that is not as bad as it may look like, as: - * - 'len' less than GRO_MAX_HEAD makes little sense - * - On most systems, larger 'len' values lead to fragment - * size above 512 bytes - * - kmalloc would use the kmalloc-1k slab for such values - * - Builds with smaller GRO_MAX_HEAD will very likely do - * little networking, as that implies no WiFi and no - * tunnels support, and 32 bits arches. - */ - len = SZ_1K; - data = page_frag_alloc_1k(&nc->page_small, gfp_mask); - pfmemalloc = NAPI_SMALL_PAGE_PFMEMALLOC(nc->page_small); - } else { - len = SKB_HEAD_ALIGN(len); - - data = page_frag_alloc(&nc->page, len, gfp_mask); - pfmemalloc = page_frag_cache_is_pfmemalloc(&nc->page); - } + data = page_frag_alloc(&nc->page, len, gfp_mask); + pfmemalloc = page_frag_cache_is_pfmemalloc(&nc->page); local_unlock_nested_bh(&napi_alloc_cache.bh_lock); if (unlikely(!data))

4 months, 3 weeks

2
2
0 0

[PATCH 0/2] vsock: fix use-after free and null-ptr-deref

by Luigi Leonardi

Hi all, This series contains two patches that are already available upstream: - The first commit fixes a use-after-free[1], but introduced a null-ptr-deref[2]. - The second commit fixes it. [3] I suggested waiting for both of them to be merged upstream and then applying them togheter to stable[4]. It should be applied to: - 6.13.y - 6.12.y - 6.6.y I will send another series for - 6.1.y - 5.15.y - 5.10.y because of conflicts. [1]https://lore.kernel.org/all/20250128-vsock-transport-vs-autobind-v3-0-1cf… [2]https://lore.kernel.org/all/67a09300.050a0220.d7c5a.008b.GAE@google.com/ [3]https://lore.kernel.org/all/20250210-vsock-linger-nullderef-v3-0-ef6244d0… [4]https://lore.kernel.org/all/2025020644-unwitting-scary-3c0d@gregkh/ Thanks, Luigi --- Michal Luczaj (2): vsock: Keep the binding until socket destruction vsock: Orphan socket after transport release net/vmw_vsock/af_vsock.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) --- base-commit: a1856aaa2ca74c88751f7d255dfa0c8c50fcc1ca change-id: 20250214-linux-rolling-stable-d73f0bed815d Best regards, -- Luigi Leonardi <leonardi(a)redhat.com>

4 months, 3 weeks

3
7
0 0

[PATCH 6.6.y] drm/amd/display: Add null check for head_pipe in dcn201_acquire_free_pipe_for_layer

by Xiangyu Chen

From: Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> [ Upstream commit f22f4754aaa47d8c59f166ba3042182859e5dff7 ] This commit addresses a potential null pointer dereference issue in the `dcn201_acquire_free_pipe_for_layer` function. The issue could occur when `head_pipe` is null. The fix adds a check to ensure `head_pipe` is not null before asserting it. If `head_pipe` is null, the function returns NULL to prevent a potential null pointer dereference. Reported by smatch: drivers/gpu/drm/amd/amdgpu/../display/dc/resource/dcn201/dcn201_resource.c:1016 dcn201_acquire_free_pipe_for_layer() error: we previously assumed 'head_pipe' could be null (see line 1010) Cc: Tom Chung <chiahsuan.chung(a)amd.com> Cc: Rodrigo Siqueira <Rodrigo.Siqueira(a)amd.com> Cc: Roman Li <roman.li(a)amd.com> Cc: Alex Hung <alex.hung(a)amd.com> Cc: Aurabindo Pillai <aurabindo.pillai(a)amd.com> Cc: Harry Wentland <harry.wentland(a)amd.com> Cc: Hamza Mahfooz <hamza.mahfooz(a)amd.com> Signed-off-by: Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> Reviewed-by: Tom Chung <chiahsuan.chung(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> [dcn201 was moved from drivers/gpu/drm/amd/display/dc to drivers/gpu/drm/amd/display/dc/resource since 8b8eed05a1c6 ("drm/amd/display: Refactor resource into component directory"). The path is changed accordingly to apply the patch on 6.6.y.] Signed-off-by: Xiangyu Chen <xiangyu.chen(a)windriver.com> Signed-off-by: He Zhe <zhe.he(a)windriver.com> --- Verified the build test only due to we don't have DCN201 device. --- drivers/gpu/drm/amd/display/dc/dcn201/dcn201_resource.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/amd/display/dc/dcn201/dcn201_resource.c b/drivers/gpu/drm/amd/display/dc/dcn201/dcn201_resource.c index 2dc4d2c1410b..8efe3f32a0e7 100644 --- a/drivers/gpu/drm/amd/display/dc/dcn201/dcn201_resource.c +++ b/drivers/gpu/drm/amd/display/dc/dcn201/dcn201_resource.c @@ -1002,8 +1002,10 @@ static struct pipe_ctx *dcn201_acquire_free_pipe_for_layer( struct pipe_ctx *head_pipe = resource_get_otg_master_for_stream(res_ctx, opp_head_pipe->stream); struct pipe_ctx *idle_pipe = resource_find_free_secondary_pipe_legacy(res_ctx, pool, head_pipe); - if (!head_pipe) + if (!head_pipe) { ASSERT(0); + return NULL; + } if (!idle_pipe) return NULL; -- 2.25.1

4 months, 3 weeks

3
2
0 0

Re: Patch "alpha: make stack 16-byte aligned (most cases)" has been added to the 6.6-stable tree

by Ivan Kokshaysky

On Tue, Feb 18, 2025 at 01:55:45PM +0100, gregkh(a)linuxfoundation.org wrote: > > This is a note to let you know that I've just added the patch titled > > alpha: make stack 16-byte aligned (most cases) Hi Greg, thanks for applying this! > Patches currently in stable-queue which might be from ink(a)unseen.parts are > > queue-6.6/alpha-make-stack-16-byte-aligned-most-cases.patch > queue-6.6/alpha-align-stack-for-page-fault-and-user-unaligned-trap-handlers.patch The third one (commit 77b823fa619f97d alpha: replace hardcoded stack offsets with autogenerated ones) is also needed, but it won't apply as-is to 6.6 and older kernels. Do you want me to provide the patches? Ivan.

4 months, 3 weeks

2
4
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror