[PATCH net 5/6] can: etas_es58x: fix potential NULL pointer dereference on udev->serial
by Marc Kleine-Budde
From: Vincent Mailhol <mailhol.vincent(a)wanadoo.fr>
The driver assumed that es58x_dev->udev->serial could never be NULL.
While this is true on commercially available devices, an attacker
could spoof the device identity providing a NULL USB serial number.
That would trigger a NULL pointer dereference.
Add a check on es58x_dev->udev->serial before accessing it.
Reported-by: yan kang <kangyan91(a)outlook.com>
Reported-by: yue sun <samsun1006219(a)gmail.com>
Closes: https://lore.kernel.org/linux-can/SY8P300MB0421E0013C0EBD2AA46BA709A1F42@SY…
Fixes: 9f06631c3f1f ("can: etas_es58x: export product information through devlink_ops::info_get()")
Signed-off-by: Vincent Mailhol <mailhol.vincent(a)wanadoo.fr>
Link: https://patch.msgid.link/20250204154859.9797-2-mailhol.vincent@wanadoo.fr
Cc: stable(a)vger.kernel.org
Signed-off-by: Marc Kleine-Budde <mkl(a)pengutronix.de>
---
drivers/net/can/usb/etas_es58x/es58x_devlink.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/drivers/net/can/usb/etas_es58x/es58x_devlink.c b/drivers/net/can/usb/etas_es58x/es58x_devlink.c
index eee20839d96f..0d155eb1b9e9 100644
--- a/drivers/net/can/usb/etas_es58x/es58x_devlink.c
+++ b/drivers/net/can/usb/etas_es58x/es58x_devlink.c
@@ -248,7 +248,11 @@ static int es58x_devlink_info_get(struct devlink *devlink,
return ret;
}
- return devlink_info_serial_number_put(req, es58x_dev->udev->serial);
+ if (es58x_dev->udev->serial)
+ ret = devlink_info_serial_number_put(req,
+ es58x_dev->udev->serial);
+
+ return ret;
}
const struct devlink_ops es58x_dl_ops = {
--
2.47.2
4 months, 1 week
- 1
- 0
[PATCH net 4/6] can: c_can: fix unbalanced runtime PM disable in error path
by Marc Kleine-Budde
From: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org>
Runtime PM is enabled as one of the last steps of probe(), so all
earlier gotos to "exit_free_device" label were not correct and were
leading to unbalanced runtime PM disable depth.
Fixes: 6e2fe01dd6f9 ("can: c_can: move runtime PM enable/disable to c_can_platform")
Cc: stable(a)vger.kernel.org
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org>
Reviewed-by: Vincent Mailhol <mailhol.vincent(a)wanadoo.fr>
Link: https://patch.msgid.link/20250112-syscon-phandle-args-can-v1-1-314d9549906f…
Signed-off-by: Marc Kleine-Budde <mkl(a)pengutronix.de>
---
drivers/net/can/c_can/c_can_platform.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/net/can/c_can/c_can_platform.c b/drivers/net/can/c_can/c_can_platform.c
index 6cba9717a6d8..399844809bbe 100644
--- a/drivers/net/can/c_can/c_can_platform.c
+++ b/drivers/net/can/c_can/c_can_platform.c
@@ -385,15 +385,16 @@ static int c_can_plat_probe(struct platform_device *pdev)
if (ret) {
dev_err(&pdev->dev, "registering %s failed (err=%d)\n",
KBUILD_MODNAME, ret);
- goto exit_free_device;
+ goto exit_pm_runtime;
}
dev_info(&pdev->dev, "%s device registered (regs=%p, irq=%d)\n",
KBUILD_MODNAME, priv->base, dev->irq);
return 0;
-exit_free_device:
+exit_pm_runtime:
pm_runtime_disable(priv->device);
+exit_free_device:
free_c_can_dev(dev);
exit:
dev_err(&pdev->dev, "probe failed\n");
--
2.47.2
4 months, 1 week
- 1
- 0
[PATCH net 3/6] can: ctucanfd: handle skb allocation failure
by Marc Kleine-Budde
From: Fedor Pchelkin <pchelkin(a)ispras.ru>
If skb allocation fails, the pointer to struct can_frame is NULL. This
is actually handled everywhere inside ctucan_err_interrupt() except for
the only place.
Add the missed NULL check.
Found by Linux Verification Center (linuxtesting.org) with SVACE static
analysis tool.
Fixes: 2dcb8e8782d8 ("can: ctucanfd: add support for CTU CAN FD open-source IP core - bus independent part.")
Cc: stable(a)vger.kernel.org
Signed-off-by: Fedor Pchelkin <pchelkin(a)ispras.ru>
Acked-by: Pavel Pisa <pisa(a)cmp.felk.cvut.cz>
Reviewed-by: Vincent Mailhol <mailhol.vincent(a)wanadoo.fr>
Link: https://patch.msgid.link/20250114152138.139580-1-pchelkin@ispras.ru
Signed-off-by: Marc Kleine-Budde <mkl(a)pengutronix.de>
---
drivers/net/can/ctucanfd/ctucanfd_base.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/drivers/net/can/ctucanfd/ctucanfd_base.c b/drivers/net/can/ctucanfd/ctucanfd_base.c
index 64c349fd4600..f65c1a1e05cc 100644
--- a/drivers/net/can/ctucanfd/ctucanfd_base.c
+++ b/drivers/net/can/ctucanfd/ctucanfd_base.c
@@ -867,10 +867,12 @@ static void ctucan_err_interrupt(struct net_device *ndev, u32 isr)
}
break;
case CAN_STATE_ERROR_ACTIVE:
- cf->can_id |= CAN_ERR_CNT;
- cf->data[1] = CAN_ERR_CRTL_ACTIVE;
- cf->data[6] = bec.txerr;
- cf->data[7] = bec.rxerr;
+ if (skb) {
+ cf->can_id |= CAN_ERR_CNT;
+ cf->data[1] = CAN_ERR_CRTL_ACTIVE;
+ cf->data[6] = bec.txerr;
+ cf->data[7] = bec.rxerr;
+ }
break;
default:
netdev_warn(ndev, "unhandled error state (%d:%s)!\n",
--
2.47.2
4 months, 1 week
- 1
- 0
[PATCH net 2/6] can: j1939: j1939_sk_send_loop(): fix unable to send messages with data length zero
by Marc Kleine-Budde
From: Alexander Hölzl <alexander.hoelzl(a)gmx.net>
The J1939 standard requires the transmission of messages of length 0.
For example proprietary messages are specified with a data length of 0
to 1785. The transmission of such messages is not possible. Sending
results in no error being returned but no corresponding can frame
being generated.
Enable the transmission of zero length J1939 messages. In order to
facilitate this two changes are necessary:
1) If the transmission of a new message is requested from user space
the message is segmented in j1939_sk_send_loop(). Let the segmentation
take into account zero length messages, do not terminate immediately,
queue the corresponding skb.
2) j1939_session_skb_get_by_offset() selects the next skb to transmit
for a session. Take into account that there might be zero length skbs
in the queue.
Signed-off-by: Alexander Hölzl <alexander.hoelzl(a)gmx.net>
Acked-by: Oleksij Rempel <o.rempel(a)pengutronix.de>
Link: https://patch.msgid.link/20250205174651.103238-1-alexander.hoelzl@gmx.net
Fixes: 9d71dd0c7009 ("can: add support of SAE J1939 protocol")
Cc: stable(a)vger.kernel.org
[mkl: commit message rephrased]
Signed-off-by: Marc Kleine-Budde <mkl(a)pengutronix.de>
---
net/can/j1939/socket.c | 4 ++--
net/can/j1939/transport.c | 5 +++--
2 files changed, 5 insertions(+), 4 deletions(-)
diff --git a/net/can/j1939/socket.c b/net/can/j1939/socket.c
index 305dd72c844c..17226b2341d0 100644
--- a/net/can/j1939/socket.c
+++ b/net/can/j1939/socket.c
@@ -1132,7 +1132,7 @@ static int j1939_sk_send_loop(struct j1939_priv *priv, struct sock *sk,
todo_size = size;
- while (todo_size) {
+ do {
struct j1939_sk_buff_cb *skcb;
segment_size = min_t(size_t, J1939_MAX_TP_PACKET_SIZE,
@@ -1177,7 +1177,7 @@ static int j1939_sk_send_loop(struct j1939_priv *priv, struct sock *sk,
todo_size -= segment_size;
session->total_queued_size += segment_size;
- }
+ } while (todo_size);
switch (ret) {
case 0: /* OK */
diff --git a/net/can/j1939/transport.c b/net/can/j1939/transport.c
index 95f7a7e65a73..9b72d118d756 100644
--- a/net/can/j1939/transport.c
+++ b/net/can/j1939/transport.c
@@ -382,8 +382,9 @@ sk_buff *j1939_session_skb_get_by_offset(struct j1939_session *session,
skb_queue_walk(&session->skb_queue, do_skb) {
do_skcb = j1939_skb_to_cb(do_skb);
- if (offset_start >= do_skcb->offset &&
- offset_start < (do_skcb->offset + do_skb->len)) {
+ if ((offset_start >= do_skcb->offset &&
+ offset_start < (do_skcb->offset + do_skb->len)) ||
+ (offset_start == 0 && do_skcb->offset == 0 && do_skb->len == 0)) {
skb = do_skb;
}
}
--
2.47.2
4 months, 1 week
- 1
- 0
[PATCH] can: rockchip: rkcanfd_handle_rx_fifo_overflow_int(): bail out if skb cannot be allocated
by Marc Kleine-Budde
From: Robin van der Gracht <robin(a)protonic.nl>
Fix NULL pointer check in rkcanfd_handle_rx_fifo_overflow_int() to
bail out if skb cannot be allocated.
Fixes: ff60bfbaf67f ("can: rockchip_canfd: add driver for Rockchip CAN-FD controller")
Cc: stable(a)vger.kernel.org
Signed-off-by: Robin van der Gracht <robin(a)protonic.nl>
Signed-off-by: Marc Kleine-Budde <mkl(a)pengutronix.de>
---
drivers/net/can/rockchip/rockchip_canfd-core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/can/rockchip/rockchip_canfd-core.c b/drivers/net/can/rockchip/rockchip_canfd-core.c
index df18c85fc078..d9a937ba126c 100644
--- a/drivers/net/can/rockchip/rockchip_canfd-core.c
+++ b/drivers/net/can/rockchip/rockchip_canfd-core.c
@@ -622,7 +622,7 @@ rkcanfd_handle_rx_fifo_overflow_int(struct rkcanfd_priv *priv)
netdev_dbg(priv->ndev, "RX-FIFO overflow\n");
skb = rkcanfd_alloc_can_err_skb(priv, &cf, ×tamp);
- if (skb)
+ if (!skb)
return 0;
rkcanfd_get_berr_counter_corrected(priv, &bec);
---
base-commit: 1438f5d07b9a7afb15e1d0e26df04a6fd4e56a3c
change-id: 20250208-fix-rockchip-canfd-ce09e1e424ce
Best regards,
--
Marc Kleine-Budde <mkl(a)pengutronix.de>
4 months, 1 week
- 1
- 0
Linux 6.13.2
by Greg Kroah-Hartman
I'm announcing the release of the 6.13.2 kernel.
All users of the 6.13 kernel series must upgrade.
The updated 6.13.y git tree can be found at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.13.y
and can be browsed at the normal kernel.org git web browser:
https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary
thanks,
greg k-h
------------
Documentation/devicetree/bindings/display/msm/qcom,sa8775p-mdss.yaml | 3
Documentation/devicetree/bindings/leds/leds-class-multicolor.yaml | 2
Documentation/devicetree/bindings/mfd/rohm,bd71815-pmic.yaml | 20 -
Documentation/devicetree/bindings/mmc/mmc-controller.yaml | 2
Documentation/devicetree/bindings/regulator/mt6315-regulator.yaml | 6
Documentation/driver-api/crypto/iaa/iaa-crypto.rst | 9
Makefile | 2
arch/arm/boot/dts/aspeed/aspeed-bmc-facebook-yosemite4.dts | 24 -
arch/arm/boot/dts/intel/socfpga/socfpga_arria10.dtsi | 6
arch/arm/boot/dts/mediatek/mt7623.dtsi | 2
arch/arm/boot/dts/microchip/at91-sama5d27_wlsom1_ek.dts | 1
arch/arm/boot/dts/microchip/at91-sama5d29_curiosity.dts | 1
arch/arm/boot/dts/nxp/imx/imx7-tqma7.dtsi | 1
arch/arm/boot/dts/st/stm32mp13xx-dhcor-som.dtsi | 16
arch/arm/boot/dts/st/stm32mp151.dtsi | 2
arch/arm/boot/dts/st/stm32mp15xx-dhcom-drc02.dtsi | 12
arch/arm/boot/dts/st/stm32mp15xx-dhcom-pdk2.dtsi | 10
arch/arm/boot/dts/st/stm32mp15xx-dhcom-picoitx.dtsi | 10
arch/arm/boot/dts/st/stm32mp15xx-dhcom-som.dtsi | 7
arch/arm/mach-at91/pm.c | 31 +
arch/arm/mach-omap1/board-nokia770.c | 2
arch/arm64/boot/dts/freescale/imx93.dtsi | 2
arch/arm64/boot/dts/marvell/cn9131-cf-solidwan.dts | 4
arch/arm64/boot/dts/mediatek/mt7988a.dtsi | 3
arch/arm64/boot/dts/mediatek/mt8173-elm.dtsi | 29 -
arch/arm64/boot/dts/mediatek/mt8173-evb.dts | 25 -
arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi-damu.dts | 4
arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi-kenzo.dts | 15
arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi-willow.dtsi | 15
arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi.dtsi | 2
arch/arm64/boot/dts/mediatek/mt8183.dtsi | 3
arch/arm64/boot/dts/mediatek/mt8186.dtsi | 8
arch/arm64/boot/dts/mediatek/mt8188.dtsi | 2
arch/arm64/boot/dts/mediatek/mt8192-asurada.dtsi | 3
arch/arm64/boot/dts/mediatek/mt8195-cherry.dtsi | 2
arch/arm64/boot/dts/mediatek/mt8195-demo.dts | 9
arch/arm64/boot/dts/mediatek/mt8195.dtsi | 5
arch/arm64/boot/dts/mediatek/mt8365.dtsi | 3
arch/arm64/boot/dts/mediatek/mt8395-genio-1200-evk.dts | 2
arch/arm64/boot/dts/mediatek/mt8395-radxa-nio-12l.dts | 2
arch/arm64/boot/dts/mediatek/mt8516.dtsi | 11
arch/arm64/boot/dts/mediatek/pumpkin-common.dtsi | 2
arch/arm64/boot/dts/nvidia/tegra234.dtsi | 2
arch/arm64/boot/dts/qcom/msm8916.dtsi | 2
arch/arm64/boot/dts/qcom/msm8939.dtsi | 2
arch/arm64/boot/dts/qcom/msm8994.dtsi | 11
arch/arm64/boot/dts/qcom/msm8996-xiaomi-gemini.dts | 2
arch/arm64/boot/dts/qcom/msm8996.dtsi | 9
arch/arm64/boot/dts/qcom/qcm6490-shift-otter.dts | 2
arch/arm64/boot/dts/qcom/qcs404.dtsi | 2
arch/arm64/boot/dts/qcom/qcs8550-aim300.dtsi | 2
arch/arm64/boot/dts/qcom/qdu1000-idp.dts | 2
arch/arm64/boot/dts/qcom/qrb4210-rb2.dts | 2
arch/arm64/boot/dts/qcom/qru1000-idp.dts | 2
arch/arm64/boot/dts/qcom/sa8775p-ride.dtsi | 2
arch/arm64/boot/dts/qcom/sa8775p.dtsi | 32 +
arch/arm64/boot/dts/qcom/sc7180-trogdor-pompom.dtsi | 4
arch/arm64/boot/dts/qcom/sc7180-trogdor-quackingstick.dtsi | 1
arch/arm64/boot/dts/qcom/sc7180.dtsi | 18 -
arch/arm64/boot/dts/qcom/sc7280.dtsi | 2
arch/arm64/boot/dts/qcom/sc8280xp.dtsi | 46 +-
arch/arm64/boot/dts/qcom/sdm845-db845c-navigation-mezzanine.dtso | 42 --
arch/arm64/boot/dts/qcom/sdm845.dtsi | 20 -
arch/arm64/boot/dts/qcom/sdx75.dtsi | 2
arch/arm64/boot/dts/qcom/sm4450.dtsi | 2
arch/arm64/boot/dts/qcom/sm6125.dtsi | 2
arch/arm64/boot/dts/qcom/sm6375.dtsi | 2
arch/arm64/boot/dts/qcom/sm7225-fairphone-fp4.dts | 2
arch/arm64/boot/dts/qcom/sm8150-microsoft-surface-duo.dts | 4
arch/arm64/boot/dts/qcom/sm8250.dtsi | 30 -
arch/arm64/boot/dts/qcom/sm8350.dtsi | 2
arch/arm64/boot/dts/qcom/sm8450.dtsi | 2
arch/arm64/boot/dts/qcom/sm8550-hdk.dts | 2
arch/arm64/boot/dts/qcom/sm8550-mtp.dts | 2
arch/arm64/boot/dts/qcom/sm8550-qrd.dts | 2
arch/arm64/boot/dts/qcom/sm8550-samsung-q5q.dts | 2
arch/arm64/boot/dts/qcom/sm8550-sony-xperia-yodo-pdx234.dts | 2
arch/arm64/boot/dts/qcom/sm8650-hdk.dts | 2
arch/arm64/boot/dts/qcom/sm8650-mtp.dts | 2
arch/arm64/boot/dts/qcom/sm8650-qrd.dts | 2
arch/arm64/boot/dts/qcom/sm8650.dtsi | 6
arch/arm64/boot/dts/qcom/x1e80100-microsoft-romulus.dtsi | 4
arch/arm64/boot/dts/qcom/x1e80100.dtsi | 2
arch/arm64/boot/dts/renesas/rzg3s-smarc-som.dtsi | 5
arch/arm64/boot/dts/renesas/rzg3s-smarc.dtsi | 7
arch/arm64/boot/dts/rockchip/rk3308-rock-s0.dts | 25 +
arch/arm64/boot/dts/rockchip/rk3568-wolfvision-pf5.dts | 2
arch/arm64/boot/dts/rockchip/rk3588-edgeble-neu6a-io.dtsi | 81 +++-
arch/arm64/boot/dts/ti/Makefile | 6
arch/arm64/boot/dts/ti/k3-am62-main.dtsi | 1
arch/arm64/boot/dts/ti/k3-am62a-main.dtsi | 1
arch/arm64/boot/dts/ti/k3-am642-hummingboard-t-pcie.dts | 47 ++
arch/arm64/boot/dts/ti/k3-am642-hummingboard-t-pcie.dtso | 45 --
arch/arm64/boot/dts/ti/k3-am642-hummingboard-t-usb3.dts | 47 ++
arch/arm64/boot/dts/ti/k3-am642-hummingboard-t-usb3.dtso | 44 --
arch/arm64/configs/defconfig | 1
arch/hexagon/include/asm/cmpxchg.h | 2
arch/hexagon/kernel/traps.c | 4
arch/loongarch/include/asm/hw_breakpoint.h | 4
arch/loongarch/include/asm/loongarch.h | 60 +++
arch/loongarch/kernel/hw_breakpoint.c | 16
arch/loongarch/power/platform.c | 2
arch/powerpc/include/asm/hugetlb.h | 9
arch/powerpc/kernel/iommu.c | 2
arch/powerpc/platforms/pseries/iommu.c | 12
arch/riscv/kernel/vector.c | 2
arch/s390/Kconfig | 1
arch/s390/Makefile | 2
arch/s390/boot/vmem.c | 74 ++--
arch/s390/include/asm/sclp.h | 1
arch/s390/kernel/perf_cpum_cf.c | 2
arch/s390/kernel/perf_pai_crypto.c | 2
arch/s390/kernel/perf_pai_ext.c | 2
arch/s390/kernel/setup.c | 5
arch/s390/purgatory/Makefile | 2
arch/x86/events/amd/ibs.c | 2
arch/x86/include/asm/kvm_host.h | 2
arch/x86/kernel/smpboot.c | 11
arch/x86/kvm/lapic.c | 11
arch/x86/kvm/vmx/vmx.c | 2
arch/x86/kvm/vmx/x86_ops.h | 2
block/bio-integrity.c | 15
block/blk-core.c | 21 -
block/blk-integrity.c | 4
block/blk-mq.c | 34 -
block/blk-mq.h | 6
block/blk-settings.c | 31 +
block/blk-sysfs.c | 137 +++----
block/blk-zoned.c | 7
block/genhd.c | 22 -
block/partitions/ldm.h | 2
crypto/algapi.c | 4
drivers/acpi/acpica/achware.h | 2
drivers/acpi/fan_core.c | 10
drivers/base/class.c | 9
drivers/block/nbd.c | 1
drivers/block/ps3disk.c | 4
drivers/block/virtio_blk.c | 4
drivers/bluetooth/btbcm.c | 3
drivers/bluetooth/btnxpuart.c | 3
drivers/bluetooth/btrtl.c | 4
drivers/bluetooth/btusb.c | 7
drivers/char/ipmi/ipmb_dev_int.c | 3
drivers/char/ipmi/ssif_bmc.c | 5
drivers/clk/analogbits/wrpll-cln28hpc.c | 2
drivers/clk/clk.c | 4
drivers/clk/imx/clk-imx8mp.c | 5
drivers/clk/imx/clk-imx93.c | 32 -
drivers/clk/mmp/clk-pxa1908-apbc.c | 4
drivers/clk/mmp/clk-pxa1908-apbcp.c | 4
drivers/clk/mmp/clk-pxa1908-mpmu.c | 4
drivers/clk/qcom/camcc-x1e80100.c | 7
drivers/clk/qcom/gcc-sdm845.c | 32 -
drivers/clk/qcom/gcc-x1e80100.c | 2
drivers/clk/ralink/clk-mtmips.c | 1
drivers/clk/renesas/renesas-cpg-mssr.c | 2
drivers/clk/sunxi-ng/ccu-sun50i-a64.c | 13
drivers/clk/thead/clk-th1520-ap.c | 13
drivers/cpufreq/acpi-cpufreq.c | 36 +-
drivers/cpufreq/amd-pstate.c | 2
drivers/cpufreq/qcom-cpufreq-hw.c | 34 +
drivers/crypto/caam/blob_gen.c | 3
drivers/crypto/hisilicon/sec2/sec.h | 3
drivers/crypto/hisilicon/sec2/sec_crypto.c | 161 ++++-----
drivers/crypto/hisilicon/sec2/sec_crypto.h | 11
drivers/crypto/intel/iaa/iaa_crypto_main.c | 2
drivers/crypto/intel/ixp4xx/ixp4xx_crypto.c | 3
drivers/crypto/tegra/tegra-se-aes.c | 7
drivers/crypto/tegra/tegra-se-hash.c | 7
drivers/dma/ti/edma.c | 3
drivers/firewire/device-attribute-test.c | 2
drivers/firmware/efi/sysfb_efi.c | 2
drivers/firmware/qcom/qcom_scm.c | 42 +-
drivers/gpio/gpio-mxc.c | 3
drivers/gpio/gpio-pca953x.c | 3
drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gfx_v9.c | 6
drivers/gpu/drm/amd/amdgpu/amdgpu_gfx.c | 8
drivers/gpu/drm/amd/amdgpu/amdgpu_sdma.c | 4
drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 1
drivers/gpu/drm/amd/amdgpu/vcn_v4_0_3.c | 2
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 12
drivers/gpu/drm/amd/display/dc/dpp/dcn10/dcn10_dpp.c | 3
drivers/gpu/drm/amd/display/dc/hubp/dcn10/dcn10_hubp.c | 10
drivers/gpu/drm/amd/display/dc/hubp/dcn10/dcn10_hubp.h | 2
drivers/gpu/drm/amd/display/dc/hubp/dcn20/dcn20_hubp.c | 1
drivers/gpu/drm/amd/display/dc/hubp/dcn201/dcn201_hubp.c | 1
drivers/gpu/drm/amd/display/dc/hubp/dcn21/dcn21_hubp.c | 3
drivers/gpu/drm/amd/display/dc/hubp/dcn30/dcn30_hubp.c | 3
drivers/gpu/drm/amd/display/dc/hubp/dcn31/dcn31_hubp.c | 1
drivers/gpu/drm/amd/display/dc/hubp/dcn32/dcn32_hubp.c | 1
drivers/gpu/drm/amd/display/dc/hubp/dcn35/dcn35_hubp.c | 1
drivers/gpu/drm/amd/display/dc/hubp/dcn401/dcn401_hubp.c | 3
drivers/gpu/drm/amd/display/dc/hwss/dcn10/dcn10_hwseq.c | 2
drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c | 2
drivers/gpu/drm/amd/display/dc/inc/hw/hubp.h | 2
drivers/gpu/drm/amd/pm/powerplay/hwmgr/ppatomctrl.c | 2
drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega10_powertune.c | 5
drivers/gpu/drm/bridge/ite-it6505.c | 2
drivers/gpu/drm/display/drm_hdmi_state_helper.c | 8
drivers/gpu/drm/etnaviv/etnaviv_gem.c | 16
drivers/gpu/drm/i915/display/intel_crt.c | 10
drivers/gpu/drm/msm/adreno/a6xx_gmu.c | 8
drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_10_0_sm8650.h | 2
drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_4_1_sdm670.h | 54 ++-
drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_5_0_sm8150.h | 2
drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_5_1_sc8180x.h | 2
drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_6_0_sm8250.h | 2
drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_7_0_sm8350.h | 2
drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_9_0_sm8550.h | 2
drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_9_2_x1e80100.h | 2
drivers/gpu/drm/msm/disp/dpu1/dpu_plane.c | 15
drivers/gpu/drm/msm/disp/mdp4/mdp4_lcdc_encoder.c | 2
drivers/gpu/drm/msm/dp/dp_audio.c | 2
drivers/gpu/drm/msm/dp/dp_catalog.c | 1
drivers/gpu/drm/msm/dp/dp_ctrl.c | 2
drivers/gpu/drm/msm/dp/dp_utils.c | 10
drivers/gpu/drm/msm/dp/dp_utils.h | 2
drivers/gpu/drm/msm/hdmi/hdmi_phy_8998.c | 2
drivers/gpu/drm/msm/msm_kms.c | 1
drivers/gpu/drm/panthor/panthor_device.c | 4
drivers/gpu/drm/rockchip/rockchip_drm_vop2.c | 115 +++++-
drivers/gpu/drm/rockchip/rockchip_drm_vop2.h | 10
drivers/gpu/drm/rockchip/rockchip_vop2_reg.c | 26 +
drivers/gpu/drm/v3d/v3d_debugfs.c | 4
drivers/gpu/drm/v3d/v3d_perfmon.c | 15
drivers/gpu/drm/v3d/v3d_regs.h | 29 -
drivers/hid/hid-core.c | 2
drivers/hid/hid-input.c | 37 --
drivers/hid/hid-multitouch.c | 2
drivers/hid/hid-thrustmaster.c | 8
drivers/hwmon/Kconfig | 4
drivers/hwmon/nct6775-core.c | 6
drivers/i2c/busses/i2c-designware-common.c | 5
drivers/i2c/busses/i2c-designware-master.c | 5
drivers/i2c/busses/i2c-designware-slave.c | 5
drivers/i3c/master/dw-i3c-master.c | 1
drivers/infiniband/hw/Makefile | 2
drivers/infiniband/hw/bnxt_re/ib_verbs.c | 7
drivers/infiniband/hw/cxgb4/device.c | 6
drivers/infiniband/hw/cxgb4/qp.c | 8
drivers/infiniband/hw/hns/Kconfig | 20 -
drivers/infiniband/hw/hns/Makefile | 9
drivers/infiniband/hw/mlx4/main.c | 8
drivers/infiniband/hw/mlx5/odp.c | 62 ++-
drivers/infiniband/sw/rxe/rxe_param.h | 2
drivers/infiniband/sw/rxe/rxe_pool.c | 11
drivers/infiniband/sw/rxe/rxe_verbs.c | 5
drivers/infiniband/ulp/rtrs/rtrs.c | 3
drivers/infiniband/ulp/srp/ib_srp.c | 1
drivers/iommu/amd/amd_iommu.h | 5
drivers/iommu/amd/init.c | 14
drivers/iommu/amd/iommu.c | 132 ++-----
drivers/iommu/amd/pasid.c | 3
drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 17
drivers/iommu/intel/pasid.c | 22 +
drivers/iommu/intel/pasid.h | 6
drivers/iommu/iommufd/iova_bitmap.c | 2
drivers/iommu/iommufd/main.c | 2
drivers/iommu/riscv/iommu.c | 2
drivers/leds/leds-cht-wcove.c | 6
drivers/leds/leds-netxbig.c | 1
drivers/mailbox/mailbox-mpfs.c | 2
drivers/mailbox/mailbox-th1520.c | 6
drivers/md/md-bitmap.c | 79 ++--
drivers/md/md-bitmap.h | 7
drivers/md/md.c | 34 +
drivers/md/md.h | 5
drivers/md/raid1.c | 34 -
drivers/md/raid1.h | 1
drivers/md/raid10.c | 26 -
drivers/md/raid10.h | 1
drivers/md/raid5-cache.c | 4
drivers/md/raid5.c | 111 +++---
drivers/md/raid5.h | 4
drivers/media/i2c/imx290.c | 3
drivers/media/i2c/imx412.c | 42 +-
drivers/media/i2c/ov9282.c | 2
drivers/media/platform/marvell/mcam-core.c | 7
drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c | 7
drivers/media/platform/nxp/imx8-isi/imx8-isi-video.c | 3
drivers/media/platform/samsung/exynos4-is/mipi-csis.c | 10
drivers/media/platform/samsung/s3c-camif/camif-core.c | 13
drivers/media/rc/iguanair.c | 4
drivers/media/usb/dvb-usb-v2/af9035.c | 18 -
drivers/media/usb/dvb-usb-v2/lmedm04.c | 12
drivers/media/usb/uvc/uvc_queue.c | 3
drivers/media/usb/uvc/uvc_status.c | 4
drivers/memory/tegra/tegra20-emc.c | 8
drivers/mfd/syscon.c | 19 -
drivers/misc/cardreader/rtsx_usb.c | 15
drivers/mtd/hyperbus/hbmc-am654.c | 19 -
drivers/mtd/nand/raw/brcmnand/brcmnand.c | 5
drivers/mtd/ubi/ubi.h | 2
drivers/mtd/ubi/wl.c | 21 -
drivers/net/bonding/bond_main.c | 19 -
drivers/net/ethernet/broadcom/bgmac.h | 3
drivers/net/ethernet/davicom/dm9000.c | 3
drivers/net/ethernet/freescale/fec_main.c | 31 +
drivers/net/ethernet/hisilicon/hns3/hnae3.c | 15
drivers/net/ethernet/hisilicon/hns3/hnae3.h | 2
drivers/net/ethernet/hisilicon/hns3/hns3_enet.c | 2
drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 2
drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 2
drivers/net/ethernet/intel/iavf/iavf_main.c | 19 -
drivers/net/ethernet/intel/ice/ice_adminq_cmd.h | 1
drivers/net/ethernet/intel/ice/ice_ethtool.c | 1
drivers/net/ethernet/intel/ice/ice_ethtool.h | 1
drivers/net/ethernet/intel/ice/ice_parser.h | 6
drivers/net/ethernet/intel/ice/ice_parser_rt.c | 12
drivers/net/ethernet/intel/idpf/idpf_controlq.c | 6
drivers/net/ethernet/intel/idpf/idpf_main.c | 15
drivers/net/ethernet/intel/idpf/idpf_virtchnl.c | 14
drivers/net/ethernet/marvell/octeon_ep/octep_main.c | 10
drivers/net/ethernet/marvell/octeon_ep_vf/octep_vf_main.c | 8
drivers/net/ethernet/mediatek/airoha_eth.c | 37 +-
drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 2
drivers/net/ethernet/mellanox/mlx5/core/steering/hws/definer.c | 2
drivers/net/ethernet/mellanox/mlxfw/mlxfw_fsm.c | 2
drivers/net/ethernet/mellanox/mlxsw/spectrum_mr.c | 8
drivers/net/ethernet/renesas/ravb_main.c | 22 -
drivers/net/ethernet/renesas/sh_eth.c | 4
drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 30 +
drivers/net/ethernet/ti/am65-cpsw-nuss.c | 2
drivers/net/netdevsim/netdevsim.h | 1
drivers/net/netdevsim/udp_tunnels.c | 23 -
drivers/net/phy/marvell-88q2xxx.c | 33 +
drivers/net/phy/realtek.c | 29 -
drivers/net/tap.c | 6
drivers/net/team/team_core.c | 7
drivers/net/tun.c | 6
drivers/net/usb/rtl8150.c | 22 +
drivers/net/vxlan/vxlan_vnifilter.c | 5
drivers/net/wireless/ath/ath11k/dp_rx.c | 1
drivers/net/wireless/ath/ath11k/hal_rx.c | 3
drivers/net/wireless/ath/ath12k/mac.c | 42 +-
drivers/net/wireless/ath/wcn36xx/main.c | 5
drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwil.h | 2
drivers/net/wireless/intel/iwlwifi/fw/uefi.c | 44 +-
drivers/net/wireless/intel/iwlwifi/mvm/coex.c | 9
drivers/net/wireless/intel/iwlwifi/mvm/d3.c | 18 -
drivers/net/wireless/intel/iwlwifi/mvm/tx.c | 4
drivers/net/wireless/mediatek/mt76/mac80211.c | 2
drivers/net/wireless/mediatek/mt76/mt7615/mcu.c | 2
drivers/net/wireless/mediatek/mt76/mt76_connac_mcu.c | 2
drivers/net/wireless/mediatek/mt76/mt76_connac_mcu.h | 1
drivers/net/wireless/mediatek/mt76/mt7915/init.c | 2
drivers/net/wireless/mediatek/mt76/mt7915/mac.c | 7
drivers/net/wireless/mediatek/mt76/mt7915/main.c | 9
drivers/net/wireless/mediatek/mt76/mt7915/mmio.c | 2
drivers/net/wireless/mediatek/mt76/mt7915/mt7915.h | 1
drivers/net/wireless/mediatek/mt76/mt7915/pci.c | 1
drivers/net/wireless/mediatek/mt76/mt7921/mac.c | 1
drivers/net/wireless/mediatek/mt76/mt7921/main.c | 9
drivers/net/wireless/mediatek/mt76/mt7925/mac.c | 6
drivers/net/wireless/mediatek/mt76/mt7925/main.c | 109 ++++--
drivers/net/wireless/mediatek/mt76/mt7925/mcu.c | 142 +++++---
drivers/net/wireless/mediatek/mt76/mt7925/mcu.h | 5
drivers/net/wireless/mediatek/mt76/mt7925/mt7925.h | 2
drivers/net/wireless/mediatek/mt76/mt792x.h | 7
drivers/net/wireless/mediatek/mt76/mt792x_core.c | 3
drivers/net/wireless/mediatek/mt76/mt792x_mac.c | 2
drivers/net/wireless/mediatek/mt76/mt7996/init.c | 20 -
drivers/net/wireless/mediatek/mt76/mt7996/mac.c | 5
drivers/net/wireless/mediatek/mt76/mt7996/main.c | 3
drivers/net/wireless/mediatek/mt76/mt7996/mcu.c | 47 +-
drivers/net/wireless/mediatek/mt76/mt7996/mmio.c | 2
drivers/net/wireless/mediatek/mt76/usb.c | 4
drivers/net/wireless/microchip/wilc1000/netdev.c | 2
drivers/net/wireless/microchip/wilc1000/sdio.c | 9
drivers/net/wireless/microchip/wilc1000/spi.c | 9
drivers/net/wireless/realtek/rtlwifi/base.c | 13
drivers/net/wireless/realtek/rtlwifi/base.h | 1
drivers/net/wireless/realtek/rtlwifi/pci.c | 61 ---
drivers/net/wireless/realtek/rtlwifi/rtl8192se/sw.c | 7
drivers/net/wireless/realtek/rtlwifi/rtl8821ae/phy.c | 4
drivers/net/wireless/realtek/rtlwifi/usb.c | 12
drivers/net/wireless/realtek/rtlwifi/wifi.h | 12
drivers/net/wireless/realtek/rtw89/chan.c | 31 +
drivers/net/wireless/realtek/rtw89/chan.h | 9
drivers/net/wireless/realtek/rtw89/core.c | 11
drivers/net/wireless/realtek/rtw89/core.h | 3
drivers/net/wireless/realtek/rtw89/fw.c | 40 +-
drivers/net/wireless/realtek/rtw89/mac80211.c | 12
drivers/net/wireless/ti/wlcore/main.c | 10
drivers/nvme/host/core.c | 34 +
drivers/nvme/host/tcp.c | 70 +++
drivers/of/fdt.c | 10
drivers/of/of_reserved_mem.c | 3
drivers/of/property.c | 2
drivers/opp/core.c | 57 ++-
drivers/opp/of.c | 4
drivers/pci/controller/dwc/pci-imx6.c | 30 -
drivers/pci/controller/dwc/pcie-designware-host.c | 1
drivers/pci/controller/dwc/pcie-qcom.c | 2
drivers/pci/controller/pcie-rcar-ep.c | 2
drivers/pci/controller/pcie-rockchip-ep.c | 5
drivers/pci/controller/plda/pcie-microchip-host.c | 96 +++++
drivers/pci/controller/plda/pcie-plda-host.c | 17
drivers/pci/controller/plda/pcie-plda.h | 6
drivers/pci/endpoint/functions/pci-epf-test.c | 6
drivers/pci/endpoint/pci-epc-core.c | 2
drivers/pinctrl/nomadik/pinctrl-nomadik.c | 35 +
drivers/pinctrl/pinctrl-amd.c | 27 +
drivers/pinctrl/pinctrl-amd.h | 7
drivers/pinctrl/samsung/pinctrl-exynos.c | 3
drivers/pinctrl/stm32/pinctrl-stm32.c | 76 ++--
drivers/platform/mellanox/mlxbf-pmc.c | 6
drivers/platform/x86/x86-android-tablets/core.c | 4
drivers/platform/x86/x86-android-tablets/lenovo.c | 4
drivers/platform/x86/x86-android-tablets/other.c | 4
drivers/pps/clients/pps-gpio.c | 4
drivers/pps/clients/pps-ktimer.c | 4
drivers/pps/clients/pps-ldisc.c | 6
drivers/pps/clients/pps_parport.c | 4
drivers/pps/kapi.c | 10
drivers/pps/kc.c | 10
drivers/pps/pps.c | 127 +++----
drivers/ptp/ptp_chardev.c | 4
drivers/ptp/ptp_ocp.c | 2
drivers/pwm/core.c | 13
drivers/pwm/pwm-stm32-lp.c | 8
drivers/pwm/pwm-stm32.c | 7
drivers/regulator/core.c | 2
drivers/regulator/of_regulator.c | 14
drivers/remoteproc/mtk_scp.c | 12
drivers/remoteproc/remoteproc_core.c | 14
drivers/rtc/rtc-loongson.c | 13
drivers/rtc/rtc-pcf85063.c | 11
drivers/rtc/rtc-tps6594.c | 2
drivers/s390/char/sclp.c | 12
drivers/scsi/mpi3mr/mpi3mr_app.c | 8
drivers/scsi/mpt3sas/mpt3sas_base.c | 3
drivers/scsi/sd.c | 17
drivers/scsi/sr.c | 5
drivers/soc/atmel/soc.c | 2
drivers/spi/spi-omap2-mcspi.c | 11
drivers/spi/spi-zynq-qspi.c | 13
drivers/staging/media/imx/imx-media-of.c | 8
drivers/staging/media/max96712/max96712.c | 4
drivers/tty/mips_ejtag_fdc.c | 4
drivers/tty/serial/8250/8250_port.c | 32 +
drivers/ufs/core/ufs_bsg.c | 1
drivers/usb/dwc3/core.c | 35 +
drivers/usb/dwc3/dwc3-am62.c | 1
drivers/usb/gadget/function/f_tcm.c | 14
drivers/usb/host/xhci-ring.c | 3
drivers/usb/typec/tcpm/tcpci.c | 13
drivers/usb/typec/tcpm/tcpm.c | 10
drivers/video/fbdev/omap2/omapfb/dss/dss-of.c | 1
drivers/watchdog/rti_wdt.c | 1
fs/afs/dir.c | 7
fs/afs/internal.h | 9
fs/afs/rxrpc.c | 12
fs/afs/xdr_fs.h | 2
fs/afs/yfsclient.c | 5
fs/btrfs/inode.c | 158 ++++++--
fs/btrfs/qgroup.c | 21 -
fs/btrfs/subpage.c | 6
fs/btrfs/subpage.h | 13
fs/btrfs/super.c | 2
fs/dlm/lock.c | 46 +-
fs/dlm/lowcomms.c | 3
fs/erofs/zdata.c | 3
fs/f2fs/dir.c | 53 ++
fs/f2fs/f2fs.h | 6
fs/f2fs/inline.c | 5
fs/file_table.c | 2
fs/hostfs/hostfs_kern.c | 27 -
fs/nfs/localio.c | 4
fs/nfs/nfs42proc.c | 2
fs/nfs/nfs42xdr.c | 2
fs/nfs_common/common.c | 89 ++++-
fs/nilfs2/dir.c | 13
fs/nilfs2/namei.c | 29 -
fs/nilfs2/nilfs.h | 4
fs/nilfs2/page.c | 31 +
fs/nilfs2/segment.c | 4
fs/ocfs2/quota_global.c | 5
fs/pstore/blk.c | 4
fs/select.c | 4
fs/smb/client/cifsacl.c | 25 -
fs/smb/client/cifsproto.h | 2
fs/smb/client/cifssmb.c | 4
fs/smb/client/readdir.c | 2
fs/smb/client/reparse.c | 22 +
fs/smb/client/smb2ops.c | 3
fs/ubifs/debug.c | 22 -
fs/xfs/xfs_buf.c | 3
fs/xfs/xfs_buf_item_recover.c | 11
fs/xfs/xfs_dquot.c | 12
fs/xfs/xfs_notify_failure.c | 121 ++++--
fs/xfs/xfs_qm_bhv.c | 27 -
include/acpi/acpixf.h | 1
include/dt-bindings/clock/imx93-clock.h | 1
include/linux/alloc_tag.h | 11
include/linux/blkdev.h | 23 -
include/linux/btf.h | 5
include/linux/coredump.h | 4
include/linux/hid.h | 1
include/linux/ieee80211.h | 11
include/linux/kallsyms.h | 2
include/linux/mroute_base.h | 6
include/linux/netdevice.h | 2
include/linux/nfs_common.h | 3
include/linux/perf_event.h | 6
include/linux/pps_kernel.h | 3
include/linux/ptr_ring.h | 21 -
include/linux/pwm.h | 17
include/linux/sched.h | 1
include/linux/skb_array.h | 17
include/linux/usb/tcpm.h | 3
include/net/ax25.h | 10
include/net/inetpeer.h | 12
include/net/netfilter/nf_tables.h | 6
include/net/page_pool/types.h | 1
include/net/pkt_cls.h | 13
include/net/sch_generic.h | 5
include/net/xfrm.h | 16
include/sound/hdaudio_ext.h | 45 --
include/trace/events/afs.h | 2
include/trace/events/rxrpc.h | 25 +
io_uring/io_uring.c | 1
io_uring/msg_ring.c | 4
io_uring/register.c | 2
io_uring/uring_cmd.c | 2
kernel/bpf/arena.c | 8
kernel/bpf/bpf_local_storage.c | 8
kernel/bpf/bpf_struct_ops.c | 21 +
kernel/bpf/btf.c | 5
kernel/bpf/helpers.c | 18 -
kernel/events/core.c | 35 +
kernel/events/uprobes.c | 4
kernel/fork.c | 17
kernel/irq/internals.h | 9
kernel/module/main.c | 7
kernel/padata.c | 45 ++
kernel/power/hibernate.c | 7
kernel/printk/internal.h | 6
kernel/printk/printk.c | 5
kernel/printk/printk_safe.c | 7
kernel/sched/core.c | 6
kernel/sched/cpufreq_schedutil.c | 4
kernel/sched/ext.c | 114 ++++--
kernel/sched/fair.c | 21 -
kernel/sched/features.h | 9
kernel/sched/stats.h | 4
kernel/sched/syscalls.c | 2
kernel/trace/bpf_trace.c | 13
lib/alloc_tag.c | 2
lib/rhashtable.c | 12
mm/memcontrol.c | 7
mm/oom_kill.c | 8
net/ax25/af_ax25.c | 12
net/ax25/ax25_dev.c | 4
net/ax25/ax25_ip.c | 3
net/ax25/ax25_out.c | 22 -
net/ax25/ax25_route.c | 2
net/core/dev.c | 23 -
net/core/filter.c | 2
net/core/page_pool.c | 2
net/core/page_pool_priv.h | 2
net/core/page_pool_user.c | 15
net/core/sysctl_net_core.c | 5
net/ethtool/ioctl.c | 2
net/ethtool/netlink.c | 2
net/hsr/hsr_forward.c | 7
net/ipv4/icmp.c | 9
net/ipv4/inetpeer.c | 31 -
net/ipv4/ip_fragment.c | 15
net/ipv4/ipmr.c | 28 -
net/ipv4/ipmr_base.c | 9
net/ipv4/route.c | 17
net/ipv4/tcp_cubic.c | 8
net/ipv4/tcp_output.c | 9
net/ipv4/udp.c | 56 +++
net/ipv6/icmp.c | 6
net/ipv6/ip6_output.c | 6
net/ipv6/ip6mr.c | 28 -
net/ipv6/ndisc.c | 8
net/ipv6/udp.c | 50 ++
net/mac80211/debugfs_netdev.c | 2
net/mac80211/driver-ops.h | 3
net/mac80211/rx.c | 1
net/mptcp/ctrl.c | 4
net/mptcp/options.c | 13
net/mptcp/pm_netlink.c | 3
net/mptcp/protocol.c | 4
net/mptcp/protocol.h | 30 -
net/ncsi/ncsi-rsp.c | 18 -
net/netfilter/nf_tables_api.c | 57 ++-
net/netfilter/nft_flow_offload.c | 16
net/netfilter/nft_set_rbtree.c | 43 ++
net/rose/af_rose.c | 16
net/rose/rose_timer.c | 15
net/rxrpc/conn_event.c | 12
net/rxrpc/peer_event.c | 16
net/rxrpc/peer_object.c | 12
net/sched/cls_api.c | 57 +--
net/sched/cls_bpf.c | 2
net/sched/cls_flower.c | 2
net/sched/cls_matchall.c | 2
net/sched/cls_u32.c | 4
net/sched/sch_api.c | 4
net/sched/sch_generic.c | 4
net/sched/sch_sfq.c | 4
net/smc/af_smc.c | 2
net/smc/smc_rx.c | 37 +-
net/smc/smc_rx.h | 8
net/sunrpc/svcsock.c | 12
net/vmw_vsock/af_vsock.c | 5
net/wireless/scan.c | 7
net/wireless/tests/scan.c | 2
net/xfrm/xfrm_replay.c | 10
net/xfrm/xfrm_state.c | 93 ++++-
samples/landlock/sandboxer.c | 7
scripts/Makefile.build | 2
scripts/Makefile.lib | 10
scripts/Makefile.modinst | 2
scripts/genksyms/genksyms.c | 11
scripts/genksyms/genksyms.h | 2
scripts/genksyms/parse.y | 18 -
scripts/kconfig/confdata.c | 6
scripts/kconfig/symbol.c | 1
security/landlock/fs.c | 11
sound/core/seq/Kconfig | 4
sound/pci/hda/patch_realtek.c | 1
sound/soc/amd/acp/acp-i2s.c | 1
sound/soc/codecs/Makefile | 8
sound/soc/codecs/da7213.c | 2
sound/soc/intel/avs/apl.c | 3
sound/soc/intel/avs/cnl.c | 1
sound/soc/intel/avs/core.c | 14
sound/soc/intel/avs/loader.c | 2
sound/soc/intel/avs/registers.h | 45 ++
sound/soc/intel/avs/skl.c | 1
sound/soc/intel/avs/topology.c | 4
sound/soc/intel/boards/sof_sdw.c | 47 +-
sound/soc/mediatek/mt8365/Makefile | 2
sound/soc/renesas/rz-ssi.c | 3
sound/soc/rockchip/rockchip_i2s_tdm.c | 31 +
sound/soc/sdca/Makefile | 2
sound/soc/sunxi/sun4i-spdif.c | 7
sound/usb/quirks.c | 2
tools/bootconfig/main.c | 4
tools/build/Makefile.feature | 7
tools/build/feature/test-all.c | 5
tools/include/uapi/linux/if_xdp.h | 4
tools/lib/bpf/btf.c | 1
tools/lib/bpf/btf_relocate.c | 2
tools/lib/bpf/linker.c | 22 -
tools/lib/bpf/usdt.c | 2
tools/net/ynl/lib/ynl.c | 2
tools/perf/MANIFEST | 1
tools/perf/Makefile.config | 83 ++--
tools/perf/builtin-inject.c | 8
tools/perf/builtin-lock.c | 66 ++-
tools/perf/builtin-report.c | 2
tools/perf/builtin-top.c | 2
tools/perf/builtin-trace.c | 6
tools/perf/tests/shell/lib/perf_json_output_lint.py | 14
tools/perf/tests/shell/stat.sh | 6
tools/perf/tests/shell/trace_btf_enum.sh | 8
tools/perf/util/annotate.c | 76 ++++
tools/perf/util/annotate.h | 15
tools/perf/util/bpf-event.c | 10
tools/perf/util/bpf_skel/augmented_raw_syscalls.bpf.c | 11
tools/perf/util/disasm.c | 83 ----
tools/perf/util/env.c | 13
tools/perf/util/env.h | 4
tools/perf/util/expr.c | 5
tools/perf/util/header.c | 8
tools/perf/util/machine.c | 2
tools/perf/util/maps.c | 7
tools/perf/util/namespaces.c | 7
tools/perf/util/namespaces.h | 3
tools/perf/util/stat-display.c | 177 +++++-----
tools/perf/util/symbol.c | 9
tools/power/cpupower/utils/idle_monitor/mperf_monitor.c | 15
tools/power/x86/turbostat/turbostat.c | 58 +++
tools/testing/ktest/ktest.pl | 7
tools/testing/selftests/bpf/Makefile | 4
tools/testing/selftests/bpf/prog_tests/btf_distill.c | 4
tools/testing/selftests/bpf/prog_tests/fill_link_info.c | 4
tools/testing/selftests/bpf/progs/test_fill_link_info.c | 13
tools/testing/selftests/bpf/test_tc_tunnel.sh | 1
tools/testing/selftests/bpf/veristat.c | 1
tools/testing/selftests/bpf/xdp_hw_metadata.c | 2
tools/testing/selftests/drivers/net/netdevsim/udp_tunnel_nic.sh | 16
tools/testing/selftests/ftrace/test.d/00basic/mount_options.tc | 8
tools/testing/selftests/kselftest/ktap_helpers.sh | 2
tools/testing/selftests/kselftest_harness.h | 24 -
tools/testing/selftests/landlock/Makefile | 4
tools/testing/selftests/landlock/fs_test.c | 3
tools/testing/selftests/mm/Makefile | 9
tools/testing/selftests/net/lib/Makefile | 2
tools/testing/selftests/net/mptcp/Makefile | 2
tools/testing/selftests/net/openvswitch/Makefile | 2
tools/testing/selftests/powerpc/benchmarks/gettimeofday.c | 2
tools/testing/selftests/rseq/rseq.c | 32 +
tools/testing/selftests/rseq/rseq.h | 9
tools/testing/selftests/timers/clocksource-switch.c | 6
701 files changed, 5743 insertions(+), 3312 deletions(-)
Aaro Koskinen (1):
ARM: omap1: Fix up the Retu IRQ on Nokia 770
Abel Vesa (1):
clk: qcom: gcc-x1e80100: Do not turn off usb_2 controller GDSC
Abhinav Kumar (4):
drm/msm/dp: do not touch the MMSS_DP_INTF_CONFIG for tpg
drm/msm/dp: dont call dp_catalog_ctrl_mainlink_ctrl in dp_ctrl_configure_source_params()
drm/msm/dp: disable the opp table request even for dp_ctrl_off_link()
drm/msm/dpu: check dpu_plane_atomic_print_state() for valid sspp
Aditya Kumar Singh (2):
wifi: ath12k: fix read pointer after free in ath12k_mac_assign_vif_to_vdev()
wifi: ath12k: fix key cache handling
Ahmad Fatoum (1):
gpio: mxc: remove dead code after switch to DT-only
Akhil R (1):
arm64: tegra: Fix DMA ID for SPI2
Al Viro (1):
hostfs: fix string handling in __dentry_name()
Alan Stern (1):
HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections
Alejandro Jimenez (1):
iommu/amd: Remove unused amd_iommu_domain_update()
Alexander Aring (2):
dlm: fix removal of rsb struct that is master and dir record
dlm: fix srcu_read_lock() return type to int
Alexander Stein (2):
ARM: dts: imx7-tqma7: add missing vs-supply for LM75A (rev. 01xxx)
regulator: core: Add missing newline character
Alexandre Cassen (1):
xfrm: delete intermediate secpath entry in packet offload mode
Alexis Lothoré (2):
wifi: wilc1000: unregister wiphy only if it has been registered
wifi: wilc1000: unregister wiphy only after netdev registration
Amadeusz Sławiński (1):
ASoC: Intel: avs: Fix init-config parsing
Amit Pundir (1):
clk: qcom: gcc-sdm845: Do not use shared clk_ops for QUPs
Andrea Righi (1):
sched_ext: Use the NUMA scheduling domain for NUMA optimizations
Andreas Kemnade (1):
wifi: wlcore: fix unbalanced pm_runtime calls
Andrii Nakryiko (1):
libbpf: don't adjust USDT semaphore address if .stapsdt.base addr is missing
Andy Strohman (1):
wifi: mac80211: fix tid removal during mesh forwarding
Andy Yan (7):
drm/rockchip: vop2: Fix cluster windows alpha ctrl regsiters offset
drm/rockchip: vop2: Fix the mixer alpha setup for layer 0
drm/rockchip: vop2: Fix the windows switch between different layers
drm/rockchip: vop2: Set AXI id for rk3588
drm/rockchip: vop2: Setup delay cycle for Esmart2/3
drm/rockchip: vop2: Check linear format for Cluster windows on rk3566/8
drm/rockchip: vop2: Add check for 32 bpp format for rk3588
Antoine Tenart (1):
net: avoid race between device unregistration and ethnl ops
Anumula Murali Mohan Reddy (1):
RDMA/cxgb4: Notify rdma stack for IB_EVENT_QP_LAST_WQE_REACHED event
Aric Cyr (1):
drm/amd/display: Add hubp cache reset when powergating
Arnaldo Carvalho de Melo (6):
tools features: Don't check for libunwind devel files by default
tools build: Remove the libunwind feature tests from the ones detected when test-all.o builds
perf top: Don't complain about lack of vmlinux when not resolving some kernel samples
perf namespaces: Introduce nsinfo__set_in_pidns()
perf namespaces: Fixup the nsinfo__in_pidns() return type, its bool
perf MANIFEST: Add arch/*/include/uapi/asm/bpf_perf_event.h to the perf tarball
Arnaud Pouliquen (2):
ARM: dts: stm32: Fix IPCC EXTI declaration on stm32mp151
remoteproc: core: Fix ida_free call while not allocated
Ba Jing (1):
ktest.pl: Remove unused declarations in run_bisect_test function
Balaji Pothunoori (1):
wifi: ath11k: Fix unexpected return buffer manager error for WCN6750/WCN6855
Bard Liao (1):
ASoC: Intel: sof_sdw: correct mach_params->dmic_num
Barnabás Czémán (1):
wifi: wcn36xx: fix channel survey memory allocation size
Benjamin Lin (2):
wifi: mt76: mt7996: fix incorrect indexing of MIB FW event
wifi: mt76: mt7996: fix definition of tx descriptor
Bo Gan (1):
clk: analogbits: Fix incorrect calculation of vco rate delta
Bokun Zhang (1):
drm/amdgpu/vcn: reset fw_shared under SRIOV
Boris Brezillon (1):
drm/panthor: Preserve the result returned by panthor_fw_resume()
Breno Leitao (1):
rhashtable: Fix potential deadlock by moving schedule_work outside lock
Bryan Brattlof (2):
arm64: dts: ti: k3-am62: Remove duplicate GICR reg
arm64: dts: ti: k3-am62a: Remove duplicate GICR reg
Bryan O'Donoghue (1):
clk: qcom: camcc-x1e80100: Set titan_top_gdsc as the parent GDSC of subordinate GDSCs
Calvin Owens (1):
pps: Fix a use-after-free
Cezary Rojewski (4):
ASoC: Intel: avs: Do not readq() u32 registers
ASoC: Intel: avs: Fix the minimum firmware version numbers
ASoC: Intel: avs: Fix theoretical infinite loop
ALSA: hda: Fix compilation of snd_hdac_adsp_xxx() helpers
Charles Han (4):
ipmi: ipmb: Add check devm_kasprintf() returned value
wifi: mt76: mt7925: fix NULL deref check in mt7925_change_vif_links
Bluetooth: btbcm: Fix NULL deref in btbcm_get_board_name()
firewire: test: Fix potential null dereference in firewire kunit test
Chen Ni (1):
media: lmedm04: Handle errors for lme2510_int_read
Chen Ridong (5):
crypto: tegra - do not transfer req when tegra init fails
padata: fix UAF in padata_reorder
padata: add pd get/put refcnt helper
padata: avoid UAF for reorder_work
memcg: fix soft lockup in the OOM process
Chen-Yu Tsai (12):
regulator: dt-bindings: mt6315: Drop regulator-compatible property
arm64: dts: mediatek: mt8173-evb: Drop regulator-compatible property
arm64: dts: mediatek: mt8173-elm: Drop regulator-compatible property
arm64: dts: mediatek: mt8192-asurada: Drop regulator-compatible property
arm64: dts: mediatek: mt8195-cherry: Drop regulator-compatible property
arm64: dts: mediatek: mt8195-demo: Drop regulator-compatible property
arm64: dts: medaitek: mt8395-nio-12l: Drop regulator-compatible property
arm64: dts: mediatek: mt8395-genio-1200-evk: Drop regulator-compatible property
arm64: dts: mediatek: mt8173-elm: Fix MT6397 PMIC sub-node names
arm64: dts: mediatek: mt8173-evb: Fix MT6397 PMIC sub-node names
arm64: dts: mediatek: mt8183-kukui-jacuzzi: Drop pp3300_panel voltage settings
remoteproc: mtk_scp: Only populate devices for SCP cores
Chengming Zhou (1):
psi: Fix race when task wakes up before psi_sched_switch() adjusts flags
Chenyuan Yang (1):
net: davicom: fix UAF in dm9000_drv_remove
Chih-Kang Chang (1):
wifi: rtw89: avoid to init mgnt_entry list twice when WoWLAN failed
Christian Marangi (1):
net: airoha: Fix wrong GDM4 register definition
Christoph Hellwig (7):
block: copy back bounce buffer to user-space correctly in case of split
block: check BLK_FEAT_POLL under q_usage_count
block: don't update BLK_FEAT_POLL in __blk_mq_update_nr_hw_queues
block: add a queue_limits_commit_update_frozen helper
block: add a store_limit operations for sysfs entries
block: fix queue freeze vs limits lock order in sysfs store methods
xfs: check for dead buffers in xfs_buf_find_insert
Christophe JAILLET (3):
drm/amd/pm: Fix an error handling path in vega10_enable_se_edc_force_stall_config()
wifi: mt76: mt7915: Fix an error handling path in mt7915_add_interface()
pinctrl: samsung: Fix irq handling if an error occurs in exynos_irq_demux_eint16_31()
Christophe Leroy (4):
select: Fix unbalanced user_access_end()
perf maps: Fix display of kernel symbols
perf machine: Don't ignore _etext when not a text symbol
module: Don't fail module loading when setting ro_after_init section RO failed
Chuck Lever (1):
Revert "SUNRPC: Reduce thread wake-up rate when receiving large RPC messages"
Chun-Tse Shao (1):
perf lock: Fix parse_lock_type which only retrieve one lock flag
Claudiu Beznea (3):
ASoC: renesas: rz-ssi: Use only the proper amount of dividers
arm64: dts: renesas: rzg3s-smarc: Fix the debug serial alias
ASoC: da7213: Initialize the mutex
Colin Ian King (1):
wifi: rtlwifi: rtl8821ae: phy: restore removed code to fix infinite loop
Cosmin Ratiu (1):
bonding: Correctly support GSO ESP offload
Cristian Birsan (2):
ARM: dts: microchip: sama5d29_curiosity: Add no-1-8-v property to sdmmc0 node
ARM: dts: microchip: sama5d27_wlsom1_ek: Add no-1-8-v property to sdmmc0 node
Daire McNamara (1):
PCI: microchip: Set inbound address translation for coherent or non-coherent mode
Damien Le Moal (1):
PCI: rockchip: Add missing fields descriptions for struct rockchip_pcie_ep
Dan Carpenter (11):
drm/amdgpu: Fix shift type in amdgpu_debugfs_sdma_sched_mask_set()
clk: mmp: pxa1908-mpmu: Fix a NULL vs IS_ERR() check
clk: mmp: pxa1908-apbcp: Fix a NULL vs IS_ERR() check
clk: mmp: pxa1908-apbc: Fix NULL vs IS_ERR() check
wifi: mt76: mt7925: fix off by one in mt7925_load_clc()
rdma/cxgb4: Prevent potential integer overflow on 32bit
mailbox: th1520: Fix a NULL vs IS_ERR() bug
mailbox: mpfs: fix copy and paste bug in probe
PCI: rockchip-ep: Fix error code in rockchip_pcie_ep_init_ob_mem()
rtc: tps6594: Fix integer overflow on 32bit systems
media: imx-jpeg: Fix potential error pointer dereference in detach_pm()
Daniel Baluta (1):
ASoC: amd: acp: Fix possible deadlock
Daniel Gabay (1):
wifi: iwlwifi: mvm: don't count mgmt frames as MPDU
Daniel Golle (3):
net: phy: realtek: clear 1000Base-T lpa if link is down
net: phy: realtek: clear master_slave_state if link is down
net: phy: realtek: always clear NBase-T lpa
Daniel Lee (1):
f2fs: Introduce linear search for dentries
Daniel Xu (1):
bpf: tcp: Mark bpf_load_hdr_opt() arg2 as read-write
Darrick J. Wong (3):
xfs: don't over-report free space or inodes in statvfs
xfs: release the dquot buf outside of qli_lock
xfs: don't shut down the filesystem for media failures beyond end of log
Dave Stevenson (2):
media: i2c: imx290: Register 0x3011 varies between imx327 and imx290
media: i2c: ov9282: Correct the exposure offset
David Howells (6):
afs: Fix EEXIST error returned from afs_rmdir() to be ENOTEMPTY
afs: Fix directory format encoding struct
afs: Fix cleanup of immediately failed async calls
afs: Fix the fallback handling for the YFS.RemoveFile2 RPC call
rxrpc: Fix handling of received connection abort
rxrpc, afs: Fix peer hash locking vs RCU callback
Derek Foreman (1):
drm/connector: Allow clearing HDMI infoframes
Desnes Nunes (1):
media: dvb-usb-v2: af9035: fix ISO C90 compilation error on af9035_i2c_master_xfer
Detlev Casanova (1):
ASoC: rockchip: i2s_tdm: Re-add the set_sysclk callback
Dheeraj Reddy Jonnalagadda (1):
net: fec: implement TSO descriptor cleanup
Dimitri Fedrau (1):
net: phy: marvell-88q2xxx: Fix temperature measurement with reset-gpios
Dmitry Antipov (1):
wifi: cfg80211: adjust allocation of colocated AP data
Dmitry Baryshkov (30):
drm/msm/dp: set safe_to_exit_level before printing it
drm/msm/dp: fix msm_dp_utils_pack_sdp_header interface
dt-bindings: display/msm: qcom,sa8775p-mdss: fix the example
drm/msm/dpu: provide DSPP and correct LM config for SDM670
drm/msm/dpu: link DSPP_2/_3 blocks on SM8150
drm/msm/dpu: link DSPP_2/_3 blocks on SC8180X
drm/msm/dpu: link DSPP_2/_3 blocks on SM8250
drm/msm/dpu: link DSPP_2/_3 blocks on SM8350
drm/msm/dpu: link DSPP_2/_3 blocks on SM8550
drm/msm/dpu: link DSPP_2/_3 blocks on SM8650
drm/msm/dpu: link DSPP_2/_3 blocks on X1E80100
drm/msm: don't clean up priv->kms prematurely
drm/msm/mdp4: correct LCDC regulator name
arm64: dts: qcom: msm8916: correct sleep clock frequency
arm64: dts: qcom: msm8939: correct sleep clock frequency
arm64: dts: qcom: msm8994: correct sleep clock frequency
arm64: dts: qcom: qcs404: correct sleep clock frequency
arm64: dts: qcom: q[dr]u1000: correct sleep clock frequency
arm64: dts: qcom: qrb4210-rb2: correct sleep clock frequency
arm64: dts: qcom: sc7280: correct sleep clock frequency
arm64: dts: qcom: sdx75: correct sleep clock frequency
arm64: dts: qcom: sm4450: correct sleep clock frequency
arm64: dts: qcom: sm6125: correct sleep clock frequency
arm64: dts: qcom: sm6375: correct sleep clock frequency
arm64: dts: qcom: sm8250: correct sleep clock frequency
arm64: dts: qcom: sm8350: correct sleep clock frequency
arm64: dts: qcom: sm8450: correct sleep clock frequency
arm64: dts: qcom: sm8550: correct sleep clock frequency
arm64: dts: qcom: sm8650: correct sleep clock frequency
arm64: dts: qcom: x1e80100: correct sleep clock frequency
Dmitry V. Levin (1):
selftests: harness: fix printing of mismatch values in __EXPECT()
Dmytro Maluka (1):
of/fdt: Restore possibility to use both ACPI and FDT from bootloader
Douglas Anderson (1):
Bluetooth: btusb: mediatek: Add locks for usb_driver_claim_interface()
Drew Fustini (3):
clk: thead: Fix clk gate registration to pass flags
clk: thead: Add CLK_IGNORE_UNUSED to fix TH1520 boot
clk: thead: Fix cpu2vp_clk for TH1520 AP_SUBSYS clocks
Emil Tantilov (2):
idpf: add read memory barrier when checking descriptor done bit
idpf: fix transaction timeouts on reset
Emmanuel Grumbach (1):
wifi: iwlwifi: mvm: remove unneeded NULL pointer checks
Eric Dumazet (10):
inetpeer: remove create argument of inet_getpeer_v[46]()
inetpeer: remove create argument of inet_getpeer()
inetpeer: update inetpeer timestamp in inet_getpeer()
inetpeer: do not get a refcount in inet_getpeer()
ptr_ring: do not block hard interrupts in ptr_ring_resize_multiple()
ax25: rcu protect dev->ax25_ptr
inet: ipmr: fix data-races
ipmr: do not call mr_mfc_uses_dev() for unres entries
net: rose: fix timer races against user threads
net: hsr: fix fill_frame_info() regression vs VLAN packets
Eric-SY Chang (1):
wifi: mt76: mt7925: fix wrong band_idx setting when enable sniffer mode
Eugen Hristev (1):
pstore/blk: trivial typo fixes
Felix Fietkau (4):
wifi: mt76: mt7996: fix rx filter setting for bfee functionality
wifi: mt76: only enable tx worker after setting the channel
wifi: mt76: mt7915: firmware restart on devices with a second pcie link
wifi: mt76: mt7915: fix omac index assignment after hardware reset
Florian Westphal (2):
netfilter: nft_flow_offload: update tcp state flags under lock
xfrm: state: fix out-of-bounds read during lookup
Frank Li (1):
PCI: imx6: Configure PHY based on Root Complex or Endpoint mode
Frank Wunderlich (1):
arm64: dts: mediatek: mt7988: Add missing clock-div property for i2c
Gal Pressman (1):
ethtool: Fix set RXNFC command with symmetric RSS hash
Gao Xiang (1):
erofs: fix potential return value overflow of z_erofs_shrink_scan()
Gaurav Batra (1):
powerpc/pseries/iommu: IOMMU incorrectly marks MMIO range in DDW
Gaurav Jain (1):
crypto: caam - use JobR's space to access page 0 regs
Gautham R. Shenoy (1):
cpufreq: ACPI: Fix max-frequency computation
Geert Uytterhoeven (3):
ps3disk: Do not use dev->bounce_size before it is set
dt-bindings: leds: class-multicolor: Fix path to color definitions
selftests: timers: clocksource-switch: Adapt progress to kselftest framework
George Lander (1):
ASoC: sun4i-spdif: Add clock multiplier settings
Greg Kroah-Hartman (1):
Linux 6.13.2
Guangguan Wang (1):
net/smc: fix data error when recvmsg with MSG_PEEK flag
Guixin Liu (2):
scsi: ufs: bsg: Delete bsg_dev when setting up bsg fails
scsi: mpi3mr: Fix possible crash when setting up bsg fails
Guo Ren (1):
iommu/riscv: Fixup compile warning
Hans de Goede (2):
platform/x86: x86-android-tablets: Add missing __init to get_i2c_adap_by_*()
platform/x86: x86-android-tablets: Make variables only used locally static
He Rongguang (1):
cpupower: fix TSC MHz calculation
Heiko Carstens (1):
s390/sclp: Initialize sclp subsystem via arch_cpu_finalize_init()
Heiko Stuebner (1):
drm/rockchip: vop2: fix rk3588 dp+dsi maxclk verification
Herbert Xu (2):
crypto: api - Fix boot-up self-test race
rhashtable: Fix rhashtable_try_insert test
Hermes Wu (1):
drm/bridge: it6505: Change definition of AUX_FIFO_MAX_SIZE
Hou Tao (1):
bpf: Cancel the running bpf_timer through kworker for PREEMPT_RT
Howard Chu (2):
perf trace: Fix BPF loading failure (-E2BIG)
perf trace: Fix runtime error of index out of bounds
Howard Hsu (2):
wifi: mt76: mt7996: fix the capability of reception of EHT MU PPDU
wifi: mt76: mt7996: fix HE Phy capability
Hsin-Te Yuan (2):
arm64: dts: mediatek: mt8183: kenzo: Support second source touchscreen
arm64: dts: mediatek: mt8183: willow: Support second source touchscreen
Hsin-Yi Wang (1):
arm64: dts: mt8183: set DMIC one-wire mode on Damu
Huacai Chen (1):
LoongArch: Fix warnings during S3 suspend
Ian Rogers (3):
perf test stat: Avoid hybrid assumption when virtualized
perf inject: Fix use without initialization of local variables
perf annotate: Use an array for the disassembler preference
Ilan Peer (1):
wifi: mac80211: Fix common size calculation for ML element
Ivan Stepchenko (1):
drm/amdgpu: Fix potential NULL pointer dereference in atomctrl_get_smc_sclk_range_table
Jagan Teki (1):
arm64: dts: rockchip: Fix PCIe3 handling for Edgeble-6TOPS Modules
Jakub Kicinski (3):
net: netdevsim: try to close UDP port harness races
tools: ynl: c: correct reverse decode of empty attrs
net: page_pool: don't try to stash the napi id
Jamal Hadi Salim (1):
net: sched: Disallow replacing of child qdisc from one parent to another
James Clark (1):
perf stat: Fix trailing comma when there is no metric unit
Jan Stancek (2):
selftests: mptcp: extend CFLAGS to keep options from environment
selftests: net/{lib,openvswitch}: extend CFLAGS to keep options from environment
Jason Gunthorpe (6):
iommu/arm-smmuv3: Update comments about ATS and bypass
iommu/amd: Remove domain_alloc()
iommu/amd: Remove dev == NULL checks
iommu/amd: Remove type argument from do_iommu_domain_alloc() and related
iommu/amd: Change amd_iommu_pgtable to use enum protection_domain_mode
iommu/amd: Fully decode all combinations of alloc_paging_flags
Jason-JH.Lin (2):
dts: arm64: mediatek: mt8188: Update OVL compatible from MT8183 to MT8195
dts: arm64: mediatek: mt8195: Remove MT8183 compatible for OVL
Javier Carrasco (2):
clk: renesas: cpg-mssr: Fix 'soc' node handling in cpg_mssr_reserved_init()
soc: atmel: fix device_node release in atmel_soc_device_init()
Jens Axboe (4):
nvme: fix bogus kzalloc() return check in nvme_init_effects_log()
io_uring/msg_ring: don't leave potentially dangling ->tctx pointer
io_uring/uring_cmd: use cached cmd_op in io_uring_cmd_sock()
io_uring/register: use atomic_read/write for sq_flags migration
Jiachen Zhang (1):
perf report: Fix misleading help message about --demangle
Jian Shen (1):
net: hns3: fix oops when unload drivers paralleling
Jianbo Liu (1):
xfrm: replay: Fix the update of replay_esn->oseq_hi for GSO
Jiang Liu (1):
drm/amdgpu: tear down ttm range manager for doorbell in amdgpu_ttm_fini()
Jiasheng Jiang (3):
media: marvell: Add check for clk_enable()
media: mipi-csis: Add check for clk_enable()
media: camif-core: Add check for clk_enable()
Jiayuan Chen (1):
selftests/bpf: Avoid generating untracked files when running bpf selftests
Jinliang Zheng (1):
fs: fix proc_handler for sysctl_nr_open
Jiri Kosina (1):
HID: multitouch: fix support for Goodix PID 0x01e9
Jiri Slaby (SUSE) (1):
tty: mips_ejtag_fdc: fix one more u8 warning
Joe Hattori (14):
clk: fix an OF node reference leak in of_clk_get_parent_name()
ACPI: fan: cleanup resources in the error path of .probe()
leds: netxbig: Fix an OF node reference leak in netxbig_leds_get_of_pdata()
regulator: of: Implement the unwind path of of_regulator_match()
OPP: OF: Fix an OF node leak in _opp_add_static_v2()
leds: cht-wcove: Use devm_led_classdev_register() to avoid memory leak
crypto: ixp4xx - fix OF node reference leaks in init_ixp_crypto()
memory: tegra20-emc: fix an OF node reference bug in tegra_emc_find_node_by_ram_code()
fbdev: omapfb: Fix an OF node leak in dss_of_port_get_parent_device()
mtd: hyperbus: hbmc-am654: fix an OF node reference leak
watchdog: rti_wdt: Fix an OF node leak in rti_wdt_probe()
staging: media: imx: fix OF node leak in imx_media_add_of_subdevs()
dmaengine: ti: edma: fix OF node reference leaks in edma_driver
usb: dwc3-am62: Fix an OF node leak in phy_syscon_pll_refclk()
Joel Stanley (2):
hwmon: Fix help text for aspeed-g6-pwm-tach
arm64: dts: qcom: x1e80100-romulus: Update firmware nodes
Johannes Berg (3):
wifi: iwlwifi: fw: read STEP table from correct UEFI var
wifi: mac80211: prohibit deactivating all links
wifi: mac80211: don't flush non-uploaded STAs
John Garry (1):
block: Ensure start sector is aligned for stacking atomic writes
John Ogness (2):
printk: Defer legacy printing when holding printk_cpu_sync
serial: 8250: Adjust the timeout for FIFO mode
Jon Maloy (1):
tcp: correct handling of extreme memory squeeze
Jonas Karlman (1):
arm64: dts: rockchip: Fix sdmmc access on rk3308-rock-s0 v1.1 boards
Jonathan Kim (1):
drm/amdgpu: fix gpu recovery disable with per queue reset
Jos Wang (1):
usb: typec: tcpm: set SRC_SEND_CAPABILITIES timeout to PD_T_SENDER_RESPONSE
Josua Mayer (2):
arm64: dts: marvell: cn9131-cf-solidwan: fix cp1 comphy links
arm64: dts: ti: k3-am642-hummingboard-t: Convert overlay to board dts
Junxian Huang (1):
RDMA/hns: Clean up the legacy CONFIG_INFINIBAND_HNS
K Prateek Nayak (1):
x86/topology: Use x86_sched_itmt_flags for PKG domain unconditionally
Kailang Yang (1):
ALSA: hda/realtek - Fixed headphone distorted sound on Acer Aspire A115-31 laptop
Kalesh AP (1):
RDMA/bnxt_re: Fix to drop reference to the mmap entry in case of error
Kanchana P Sridhar (1):
crypto: iaa - Fix IAA disabling that occurs when sync_mode is set to 'async'
Karol Przybylski (2):
drm/amdgpu: Fix potential integer overflow in scheduler mask calculations
HID: hid-thrustmaster: Fix warning in thrustmaster_probe by adding endpoint check
Kees Cook (2):
coredump: Do not lock during 'comm' reporting
wifi: cfg80211: Move cfg80211_scan_req_add_chan() n_channels increment earlier
Keisuke Nishimura (2):
nvme: Add error check for xa_store in nvme_get_effects_log
nvme: Add error path for xa_store in nvme_init_effects
Kevin Brodsky (1):
selftests/mm: build with -O2
King Dix (1):
PCI: rcar-ep: Fix incorrect variable used when calling devm_request_mem_region()
Konrad Dybcio (5):
arm64: dts: qcom: sa8775p: Use a SoC-specific compatible for GPI DMA
arm64: dts: qcom: sa8775p: Use valid node names for GPI DMAs
arm64: dts: qcom: msm8996: Fix up USB3 interrupts
arm64: dts: qcom: msm8994: Describe USB interrupts
arm64: dts: qcom: sc8280xp: Fix up remoteproc register space sizes
Kory Maincent (2):
net: ravb: Fix missing rtnl lock in suspend/resume path
net: sh_eth: Fix missing rtnl lock in suspend/resume path
Krishna chaitanya chundru (1):
PCI: qcom: Update ICC and OPP values after Link Up event
Krzysztof Kozlowski (2):
arm64: dts: qcom: sm8650: Fix CDSP context banks unit addresses
firmware: qcom: scm: Cleanup global '__scm' on probe failures
Kunihiko Hayashi (2):
net: stmmac: Limit the number of MTL queues to hardware capability
net: stmmac: Limit FIFO size by hardware capability
Kuniyuki Iwashima (1):
dev: Acquire netdev_rename_lock before restoring dev->name in dev_change_name().
Kyle Tso (2):
usb: dwc3: core: Defer the probe until USB power supply ready
usb: typec: tcpci: Prevent Sink disconnection before vPpsShutdown in SPR PPS
Laurent Pinchart (1):
media: uvcvideo: Fix double free in error path
Laurentiu Palcu (2):
media: nxp: imx8-isi: fix v4l2-compliance test errors
staging: media: max96712: fix kernel oops when removing module
Len Brown (1):
tools/power turbostat: Fix forked child affinity regression
Leon Romanovsky (1):
RDMA/mlx4: Avoid false error about access to uninitialized gids array
Leon Yen (1):
wifi: mt76: mt7925: Fix CNM Timeout with Single Active Link in MLO
Levi Yun (1):
perf expr: Initialize is_test value in expr__ctx_new()
Li Zhijian (1):
RDMA/rtrs: Add missing deinit() call
Liam R. Howlett (1):
kernel: be more careful about dup_mmap() failures and uprobe registering
Lianqin Hu (1):
ALSA: usb-audio: Add delay quirk for iBasso DC07 Pro
Lin Yujun (1):
hexagon: Fix unbalanced spinlock in die()
Liu Jian (1):
net: let net.core.dev_weight always be non-zero
Long Li (1):
xfs: fix mount hang during primary superblock recovery failure
Lorenzo Bianconi (1):
net: airoha: Fix error path in airoha_probe()
Lu Baolu (1):
iommu/vt-d: Draining PRQ in sva unbind path when FPD bit set
Luca Ceresoli (1):
gpio: pca953x: log an error when failing to get the reset GPIO
Luca Weiss (2):
arm64: dts: qcom: sm7225-fairphone-fp4: Drop extra qcom,msm-id value
media: i2c: imx412: Add missing newline to prints
Luo Yifan (1):
tools/bootconfig: Fix the wrong format specifier
Ma Ke (1):
RDMA/srp: Fix error handling in srp_add_port
Maciej S. Szmigiero (1):
pinctrl: amd: Take suspend type into consideration which pins are non-wake
Mahdi Arghavani (1):
tcp_cubic: fix incorrect HyStart round start detection
Maher Sanalla (1):
net/mlxfw: Drop hard coded max FW flash image size
Mamta Shukla (1):
arm: dts: socfpga: use reset-name "stmmaceth-ocp" instead of "ahb"
Manivannan Sadhasivam (3):
cpufreq: qcom: Fix qcom_cpufreq_hw_recalc_rate() to query LUT if LMh IRQ is not available
cpufreq: qcom: Implement clk_ops::determine_rate() for qcom_cpufreq* clocks
PCI: endpoint: pci-epf-test: Fix check for DMA MEMCPY test
Manoj Vishwanathan (1):
idpf: Acquire the lock before accessing the xn->salt
Marcel Hamer (1):
wifi: brcmfmac: add missing header include for brcmf_dbg
Marco Leogrande (2):
tools/testing/selftests/bpf/test_tc_tunnel.sh: Fix wait for server bind
idpf: convert workqueues to unbound
Marek Vasut (6):
clk: imx8mp: Fix clkout1/2 support
ARM: dts: stm32: Increase CPU core voltage on STM32MP13xx DHCOR SoM
ARM: dts: stm32: Sort M24256E write-lockable page in DH STM32MP13xx DHCOR SoM DT
ARM: dts: stm32: Deduplicate serial aliases and chosen node for STM32MP15xx DHCOM SoM
ARM: dts: stm32: Swap USART3 and UART8 alias on STM32MP15xx DHCOM SoM
arm64: dts: qcom: msm8996-xiaomi-gemini: Fix LP5562 LED1 reg property
Mario Limonciello (1):
cpufreq/amd-pstate: Fix prefcore rankings
Mark Brown (1):
spi: omap2-mcspi: Correctly handle devm_clk_get_optional() errors
Martin KaFai Lau (2):
bpf: bpf_local_storage: Always use bpf_mem_alloc in PREEMPT_RT
bpf: Reject struct_ops registration that uses module ptr and the module btf_id is missing
Masahiro Yamada (5):
genksyms: fix memory leak when the same symbol is added from source
genksyms: fix memory leak when the same symbol is read from *.symref file
kconfig: fix file name in warnings when loading KCONFIG_DEFCONFIG_LIST
kconfig: fix memory leak in sym_warn_unmet_dep()
kbuild: fix Clang LTO with CONFIG_OBJTOOL=n
Masami Hiramatsu (Google) (1):
selftests/ftrace: Fix to use remount when testing mount GID option
Mateusz Polchlopek (1):
ice: remove invalid parameter of equalizer
Mathieu Desnoyers (1):
selftests/rseq: Fix handling of glibc without rseq support
Matthieu Baerts (NGI0) (2):
mptcp: pm: only set fullmesh for subflow endp
mptcp: blackhole only if 1st SYN retrans w/o MPC is accepted
Matti Vaittinen (1):
dt-bindings: mfd: bd71815: Fix rsense and typos
Maulik Shah (1):
arm64: dts: qcom: sa8775p: Add CPUs to psci power domain
Max Chou (1):
Bluetooth: btrtl: check for NULL in btrtl_setup_realtek()
Maíra Canal (1):
drm/v3d: Fix performance counter source settings on V3D 7.x
Melissa Wen (1):
drm/amd/display: restore invalid MSA timing check for freesync
Michael Ellerman (1):
selftests/powerpc: Fix argument order to timer_sub()
Michael Guralnik (1):
RDMA/mlx5: Fix indirect mkey ODP page count
Michael Lo (1):
wifi: mt76: mt7921: fix using incorrect group cipher after disconnection.
Michael Riesch (1):
arm64: dts: rockchip: fix num-channels property of wolfvision pf5 mic
Michal Luczaj (1):
vsock: Allow retrying on connect() failure
Michal Pecio (1):
usb: xhci: Fix NULL pointer dereference on certain command aborts
Michal Swiatkowski (1):
iavf: allow changing VLAN state without calling PF
Michal Wilczynski (1):
mailbox: th1520: Fix memory corruption due to incorrect array size
Mickaël Salaün (4):
selftests: ktap_helpers: Fix uninitialized variable
landlock: Handle weird files
selftests/landlock: Fix build with non-default pthread linking
selftests/landlock: Fix error message
Mike Snitzer (1):
nfs: fix incorrect error handling in LOCALIO
Min-Hua Chen (1):
drm/rockchip: vop2: include rockchip_drm_drv.h
Ming Wang (1):
rtc: loongson: clear TOY_MATCH0_REG in loongson_rtc_isr()
Ming Yen Hsieh (15):
wifi: mt76: mt7925: fix get wrong chip cap from incorrect pointer
wifi: mt76: mt7925: fix the invalid ip address for arp offload
wifi: mt76: mt7925: Fix incorrect MLD address in bss_mld_tlv for MLO support
wifi: mt76: mt7925: Fix incorrect WCID assignment for MLO
wifi: mt76: mt7925: fix wrong parameter for related cmd of chan info
wifi: mt76: mt7925: Enhance mt7925_mac_link_bss_add to support MLO
wifi: mt76: Enhance mt7925_mac_link_sta_add to support MLO
wifi: mt76: mt7925: Update mt7925_mcu_sta_update for BC in ASSOC state
wifi: mt76: mt7925: Update mt792x_rx_get_wcid for per-link STA
wifi: mt76: mt7925: Update mt7925_unassign_vif_chanctx for per-link BSS
wifi: mt76: mt7925: Update secondary link PS flow
wifi: mt76: mt7925: Init secondary link PM state
wifi: mt76: mt7925: Update mt7925_mcu_uni_[tx,rx]_ba for MLO
wifi: mt76: mt7925: Cleanup MLO settings post-disconnection
wifi: mt76: mt7925: Properly handle responses for commands with events
Mingwei Zheng (5):
spi: zynq-qspi: Add check for clk_enable()
pwm: stm32-lp: Add check for clk_enable()
pwm: stm32: Add check for clk_enable()
pinctrl: nomadik: Add check for clk_enable()
pinctrl: stm32: Add check for clk_enable()
Miri Korenblit (1):
wifi: iwlwifi: mvm: avoid NULL pointer dereference
Mohamed Khalfella (1):
PCI: endpoint: pci-epf-test: Set dma_chan_rx pointer to NULL on error
Namhyung Kim (2):
perf symbol: Prefer non-label symbols with same address
perf test: Skip syscall enum test if no landlock syscall
Nathan Chancellor (1):
s390: Add '-std=gnu11' to decompressor and purgatory CFLAGS
Neeraj Sanjay Kale (1):
Bluetooth: btnxpuart: Fix glitches seen in dual A2DP streaming
Neil Armstrong (9):
OPP: add index check to assert to avoid buffer overflow in _read_freq()
OPP: fix dev_pm_opp_find_bw_*() when bandwidth table not initialized
dt-bindings: mmc: controller: clarify the address-cells description
arm64: dts: qcom: qcm6490-shift-otter: remove invalid orientation-switch
arm64: dts: qcom: sdm845-db845c-navigation-mezzanine: remove disabled ov7251 camera
arm64: dts: qcom: sc7180-trogdor-quackingstick: add missing avee-supply
arm64: dts: qcom: sc7180-trogdor-pompom: rename 5v-choke thermal zone
arm64: dts: qcom: sc7180: fix psci power domain node names
arm64: dts: qcom: sm8150-microsoft-surface-duo: fix typos in da7280 properties
Nicolas Cavallari (1):
wifi: mt76: mt7915: Fix mesh scan on MT7916 DBDC
Nicolas Ferre (1):
ARM: at91: pm: change BU Power Switch to automatic mode
Nikita Zhandarovich (2):
net/rose: prevent integer overflows in rose_setsockopt()
net: usb: rtl8150: enable basic endpoint checking
Nícolas F. R. A. Prado (2):
arm64: dts: mediatek: mt8186: Move wakeup to MTU3 to get working suspend
arm64: dts: mediatek: mt8195: Remove suspend-breaking reset from pcie1
Octavian Purdila (2):
net_sched: sch_sfq: don't allow 1 packet limit
team: prevent adding a device which is already a team device lower
Oleksij Rempel (1):
rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read
Olga Kornievskaia (2):
NFSv4.2: fix COPY_NOTIFY xdr buf size calculation
NFSv4.2: mark OFFLOAD_CANCEL MOVEABLE
Oliver Neukum (1):
media: rc: iguanair: handle timeouts
Pablo Neira Ayuso (2):
netfilter: nf_tables: fix set size with rbtree backend
netfilter: nf_tables: reject mismatching sum of field_len with set key length
Pali Rohár (3):
cifs: Use cifs_autodisable_serverino() for disabling CIFS_MOUNT_SERVER_INUM in readdir.c
cifs: Validate EAs for WSL reparse points
cifs: Fix getting and setting SACLs over SMB1
Palmer Dabbelt (1):
RISC-V: Mark riscv_v_init() as __init
Paolo Abeni (2):
mptcp: consolidate suboption status
mptcp: handle fastopen disconnect correctly
Patrisious Haddad (1):
RDMA/mlx5: Fix implicit ODP use after free
Patryk Wlazlyn (1):
tools/power turbostat: Fix PMT mmaped file size rounding
Paul Fertser (1):
net/ncsi: use dev_set_mac_address() for Get MC MAC Address handling
Paul Menzel (1):
scsi: mpt3sas: Set ioc->manu_pg11.EEDPTagMode directly to 1
Paulo Alcantara (1):
smb: client: fix oops due to unset link speed
Pavel Begunkov (1):
io_uring: prevent reg-wait speculations
Pei Xiao (4):
platform/mellanox: mlxbf-pmc: incorrect type in assignment
platform/x86: x86-android-tablets: make platform data be static
bpf: Use refcount_t instead of atomic_t for mmap_count
i3c: dw: Fix use-after-free in dw_i3c_master driver due to race condition
Peng Fan (1):
clk: imx: Apply some clks only for i.MX93
Peter Chiu (4):
wifi: mt76: mt7915: fix register mapping
wifi: mt76: mt7996: fix register mapping
wifi: mt76: mt7996: add max mpdu len capability
wifi: mt76: mt7996: fix ldpc setting
Peter Zijlstra (2):
sched/fair: Untangle NEXT_BUDDY and pick_next_task()
sched/fair: Fix value reported by hot tasks pulled in /proc/schedstat
Ping-Ke Shih (1):
wifi: rtw89: fix race between cancel_hw_scan and hw_scan completion
Po-Hao Huang (1):
wifi: rtw89: correct header conversion rule for MLO only
Przemek Kitszel (1):
ice: fix ice_parser_rt::bst_key array size
Pu Lehui (3):
selftests/bpf: Fix btf leak on new btf alloc failure in btf_distill test
libbpf: Fix return zero when elf_begin failed
libbpf: Fix incorrect traversal end type ID when marking BTF_IS_EMBEDDED
Puranjay Mohan (1):
bpf: Send signals asynchronously if !preemptible
Qasim Ijaz (1):
iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index()
Qu Wenruo (5):
btrfs: improve the warning and error message for btrfs_remove_qgroup()
btrfs: subpage: fix the bitmap dump of the locked flags
btrfs: output the reason for open_ctree() failure
btrfs: do proper folio cleanup when cow_file_range() failed
btrfs: do proper folio cleanup when run_delalloc_nocow() failed
Quan Nguyen (1):
ipmi: ssif_bmc: Fix new request loss when bmc ready for a response
Quentin Monnet (1):
libbpf: Fix segfault due to libelf functions not setting errno
Rafał Miłecki (2):
ARM: dts: mediatek: mt7623: fix IR nodename
bgmac: reduce max frame size to support just MTU 1500
Randy Dunlap (2):
partitions: ldm: remove the initial kernel-doc notation
efi: sysfb_efi: fix W=1 warnings when EFI is not set
Ray Chi (1):
usb: dwc3: Skip resume if pm_runtime_set_active() fails
Rex Nie (1):
drm/msm/hdmi: simplify code in pll_get_integloop_gain
Ricardo B. Marliere (1):
ktest.pl: Check kernelrelease return in get_version
Ricardo Ribalda (2):
media: uvcvideo: Fix deadlock during uvc_probe
media: uvcvideo: Propagate buf->error to userspace
Richard Zhu (4):
PCI: imx6: Skip controller_id generation logic for i.MX7D
PCI: imx6: Deassert apps_reset in imx_pcie_deassert_core_reset()
PCI: imx6: Add missing reference clock disable logic
PCI: dwc: Always stop link in the dw_pcie_suspend_noirq
Ricky CX Wu (3):
ARM: dts: aspeed: yosemite4: correct the compatible string of adm1272
ARM: dts: aspeed: yosemite4: Add required properties for IOE on fan boards
ARM: dts: aspeed: yosemite4: correct the compatible string for max31790
Rob Herring (Arm) (1):
mfd: syscon: Fix race in device_node_get_regmap()
Roger Quadros (1):
net: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns()
Ross Burton (1):
arm64: defconfig: remove obsolete CONFIG_SM_DISPCC_8650
Ryusuke Konishi (3):
nilfs2: do not force clear folio if buffer is referenced
nilfs2: protect access to buffers with no active references
nilfs2: handle errors that nilfs_prepare_chunk() may return
Sagi Grimberg (1):
nvme-tcp: Fix I/O queue cpu spreading for multiple controllers
Saket Kumar Bhaskar (1):
selftests/bpf: Fix fill_link_info selftest on powerpc
Sathishkumar Muruganandam (1):
wifi: ath12k: fix tx power, max reg power update to firmware
Sean Christopherson (1):
KVM: x86: Plumb in the vCPU to kvm_x86_ops.hwapic_isr_update()
Sean Rhodes (1):
drivers/card_reader/rtsx_usb: Restore interrupt based detection
Sean Wang (1):
wifi: mt76: connac: Extend mt76_connac_mcu_uni_add_dev for MLO
Sebastian Andrzej Siewior (1):
module: Extend the preempt disabled section in dereference_symbol_descriptor().
Sebastian Sewior (1):
xfrm: Don't disable preemption while looking up cache state.
Sergio Paracuellos (1):
clk: ralink: mtmips: remove duplicated 'xtal' clock for Ralink SoC RT3883
Shayne Chen (1):
wifi: mt76: mt7996: fix invalid interface combinations
Shengjiu Wang (3):
dt-bindings: clock: imx93: Add SPDIF IPG clk
clk: imx93: Add IMX93_CLK_SPDIF_IPG clock
arm64: dts: imx93: Use IMX93_CLK_SPDIF_IPG as SPDIF IPG clock
Shigeru Yoshida (1):
vxlan: Fix uninit-value in vxlan_vnifilter_dump()
Shinas Rasheed (2):
octeon_ep: remove firmware stats fetch in ndo_get_stats64
octeon_ep_vf: remove firmware stats fetch in ndo_get_stats64
Shivaprasad G Bhat (1):
powerpc/pseries/iommu: Don't unset window if it was never set
Siddharth Vadapalli (1):
arm64: dts: ti: Makefile: Fix typo "k3-j7200-evm-pcie1-ep.dtbo"
Simon Trimmer (2):
ASoC: Intel: sof_sdw: Fix DMI match for Lenovo 83LC
ASoC: Intel: sof_sdw: Fix DMI match for Lenovo 83JX, 83MC and 83NM
Song Yoong Siang (1):
selftests/bpf: Actuate tx_metadata_len in xdp_hw_metadata
Sourabh Jain (1):
powerpc/book3s64/hugetlb: Fix disabling hugetlb when fadump is active
Stanislav Fomichev (1):
net/mlx5e: add missing cpu_to_node to kvzalloc_node in mlx5e_open_xdpredirect_sq
Stefano Brivio (1):
udp: Deal with race between UDP socket address change and rehash
Su Yue (1):
ocfs2: mark dquot as inactive if failed to start trans while releasing dquot
Sui Jingfeng (2):
drm/etnaviv: Fix page property being used for non writecombine buffers
drm/msm: Check return value of of_dma_configure()
Sultan Alsawaf (unemployed) (1):
cpufreq: schedutil: Fix superfluous updates caused by need_freq_update
Suraj Sonawane (1):
iommu: iommufd: fix WARNING in iommufd_device_unbind
Suren Baghdasaryan (1):
alloc_tag: avoid current->alloc_tag manipulations when profiling is disabled
Takashi Iwai (6):
ASoC: cs40l50: Use *-y for Makefile
ASoC: mediatek: mt8365: Use *-y for Makefile
ASoC: SDCA: Use *-y for Makefile
ASoC: cs42l84: Use *-y for Makefile
ASoC: wcd937x: Use *-y for Makefile
ALSA: seq: Make dependency on UMP clearer
Taniya Das (1):
arm64: dts: qcom: sa8775p: Update sleep_clk frequency
Terry Tritton (1):
HID: fix generic desktop D-Pad controls
Thadeu Lima de Souza Cascardo (9):
wifi: rtlwifi: do not complete firmware loading needlessly
wifi: rtlwifi: rtl8192se: rise completion of firmware loading as last step
wifi: rtlwifi: wait for firmware loading before releasing memory
wifi: rtlwifi: fix init_sw_vars leak when probe fails
wifi: rtlwifi: usb: fix workqueue leak when probe fails
wifi: rtlwifi: remove unused check_buddy_priv
wifi: rtlwifi: destroy workqueue at rtl_deinit_core
wifi: rtlwifi: fix memory leaks and invalid access at probe error path
wifi: rtlwifi: pci: wait for firmware loading before releasing memory
Thinh Nguyen (2):
usb: gadget: f_tcm: Fix Get/SetInterface return value
usb: gadget: f_tcm: Don't free command immediately
Thomas Gleixner (1):
genirq: Make handle_enforce_irqctx() unconditionally available
Thomas Weißschuh (2):
padata: fix sysfs store callback check
ptp: Properly handle compat ioctls
Tianchen Ding (1):
sched: Fix race between yield_to() and try_to_wake_up()
Tiezhu Yang (1):
LoongArch: Change 8 to 14 for LOONGARCH_MAX_{BRP,WRP}
Toke Høiland-Jørgensen (1):
net: xdp: Disallow attaching device-bound programs in generic mode
Tony Ambardar (1):
selftests/bpf: Fix undefined UINT_MAX in veristat.c
Torsten Hilbrich (1):
kbuild: Fix signing issue for external modules
Uwe Kleine-König (3):
hwmon: (nct6775): Actually make use of the HWMON_NCT6775 symbol namespace
i2c: designware: Actually make use of the I2C_DW_COMMON and I2C_DW symbol namespaces
pwm: Ensure callbacks exist before calling them
Val Packett (5):
arm64: dts: mediatek: mt8516: fix GICv2 range
arm64: dts: mediatek: mt8516: fix wdt irq type
arm64: dts: mediatek: mt8516: add i2c clock-div property
arm64: dts: mediatek: mt8516: reserve 192 KiB for TF-A
arm64: dts: mediatek: add per-SoC compatibles for keypad nodes
Vasily Gorbik (1):
s390/mm: Allow large pages for KASAN shadow mapping
Vasily Khoruzhick (1):
clk: sunxi-ng: a64: stop force-selecting PLL-MIPI as TCON0 parent
Ville Syrjälä (1):
drm/i915: Grab intel_display from the encoder to avoid potential oopsies
Vishal Chourasia (1):
tools: Sync if_xdp.h uapi tooling header
Vladimir Zapolskiy (3):
arm64: dts: qcom: sc8280xp: Fix interrupt type of camss interrupts
arm64: dts: qcom: sdm845: Fix interrupt types of camss interrupts
arm64: dts: qcom: sm8250: Fix interrupt types of camss interrupts
WangYuli (1):
wifi: mt76: mt76u_vendor_request: Do not print error messages when -EPROTO
Wenkai Lin (2):
crypto: hisilicon/sec2 - fix for aead icv error
crypto: hisilicon/sec2 - fix for aead invalid authsize
Wentao Liang (1):
PM: hibernate: Add error handling for syscore_suspend()
Willem de Bruijn (1):
hexagon: fix using plain integer as NULL pointer warning in cmpxchg
Xin Long (1):
net: sched: refine software bypass handling in tc_run
Yabin Cui (1):
perf/core: Save raw sample data conditionally based on sample type
Yang Erkun (1):
block: retry call probe after request_module in blk_request_module
Yevgeny Kliteynik (1):
net/mlx5: HWS, fix definer's HWS_SET32 macro for negative offset
Yu Kuai (7):
nbd: don't allow reconnect after disconnect
md/md-bitmap: factor behind write counters out from bitmap_{start/end}write()
md/md-bitmap: remove the last parameter for bimtap_ops->endwrite()
md: add a new callback pers->bitmap_sector()
md/raid5: implement pers->bitmap_sector()
md/md-bitmap: move bitmap_{start, end}write to md upper layer
md/md-bitmap: Synchronize bitmap_get_stats() with bitmap lifetime
Zhihao Cheng (1):
ubi: Revert "ubi: wl: Close down wear-leveling before nand is suspended"
Zhongqiu Han (3):
perf header: Fix one memory leakage in process_bpf_btf()
perf header: Fix one memory leakage in process_bpf_prog_info()
perf bpf: Fix two memory leakages when calling perf_env__insert_bpf_prog_info()
Zhu Yanjun (1):
RDMA/rxe: Fix the warning "__rxe_cleanup+0x12c/0x170 [rdma_rxe]"
Zichen Xie (2):
wifi: cfg80211: tests: Fix potential NULL dereference in test_cfg80211_parse_colocated_ap()
samples/landlock: Fix possible NULL dereference in parse_path()
Zijun Hu (4):
of: property: Avoiding using uninitialized variable @imaplen in parse_interrupt_map()
of: reserved-memory: Do not make kmemleak ignore freed address
PCI: endpoint: Destroy the EPC device in devm_pci_epc_destroy()
driver core: class: Fix wild pointer dereferences in API class_dev_iter_next()
Zong-Zhe Yang (3):
wifi: rtw89: fix proceeding MCC with wrong scanning state after sequence changes
wifi: rtw89: chan: fix soft lockup in rtw89_entity_recalc_mgnt_roles()
wifi: rtw89: mcc: consider time limits not divisible by 1024
allan.wang (1):
wifi: mt76: mt7925: Fix incorrect WCID phy_idx assignment
david regan (1):
mtd: rawnand: brcmnand: fix status read of brcmnand_waitfunc
pangliyuan (1):
ubifs: skip dumping tnc tree when zroot is null
xueqin Luo (2):
wifi: mt76: mt7996: fix overflows seen when writing limit attributes
wifi: mt76: mt7915: fix overflows seen when writing limit attributes
zhenwei pi (1):
RDMA/rxe: Fix mismatched max_msg_sz
4 months, 1 week
- 1
- 1
Linux 6.12.13
by Greg Kroah-Hartman
I'm announcing the release of the 6.12.13 kernel.
All users of the 6.12 kernel series must upgrade.
The updated 6.12.y git tree can be found at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.12.y
and can be browsed at the normal kernel.org git web browser:
https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary
thanks,
greg k-h
------------
Documentation/core-api/symbol-namespaces.rst | 4
Documentation/devicetree/bindings/clock/imx93-clock.yaml | 1
Documentation/devicetree/bindings/leds/leds-class-multicolor.yaml | 2
Documentation/devicetree/bindings/mfd/rohm,bd71815-pmic.yaml | 20
Documentation/devicetree/bindings/mmc/mmc-controller.yaml | 2
Documentation/devicetree/bindings/regulator/mt6315-regulator.yaml | 6
Documentation/driver-api/crypto/iaa/iaa-crypto.rst | 9
Documentation/translations/it_IT/core-api/symbol-namespaces.rst | 4
Documentation/translations/zh_CN/core-api/symbol-namespaces.rst | 4
Makefile | 4
arch/arm/boot/dts/aspeed/aspeed-bmc-facebook-yosemite4.dts | 24
arch/arm/boot/dts/intel/socfpga/socfpga_arria10.dtsi | 6
arch/arm/boot/dts/mediatek/mt7623.dtsi | 2
arch/arm/boot/dts/microchip/at91-sama5d27_wlsom1_ek.dts | 1
arch/arm/boot/dts/microchip/at91-sama5d29_curiosity.dts | 1
arch/arm/boot/dts/nxp/imx/imx7-tqma7.dtsi | 1
arch/arm/boot/dts/st/stm32mp13xx-dhcor-som.dtsi | 4
arch/arm/boot/dts/st/stm32mp151.dtsi | 2
arch/arm/boot/dts/st/stm32mp15xx-dhcom-drc02.dtsi | 12
arch/arm/boot/dts/st/stm32mp15xx-dhcom-pdk2.dtsi | 10
arch/arm/boot/dts/st/stm32mp15xx-dhcom-picoitx.dtsi | 10
arch/arm/boot/dts/st/stm32mp15xx-dhcom-som.dtsi | 7
arch/arm/mach-at91/pm.c | 31
arch/arm/mach-omap1/board-nokia770.c | 2
arch/arm64/boot/dts/allwinner/sun50i-a64-pinebook.dts | 2
arch/arm64/boot/dts/allwinner/sun50i-a64-teres-i.dts | 2
arch/arm64/boot/dts/allwinner/sun50i-a64.dtsi | 2
arch/arm64/boot/dts/freescale/imx93.dtsi | 2
arch/arm64/boot/dts/marvell/cn9131-cf-solidwan.dts | 4
arch/arm64/boot/dts/mediatek/mt7988a.dtsi | 3
arch/arm64/boot/dts/mediatek/mt8173-elm.dtsi | 29
arch/arm64/boot/dts/mediatek/mt8173-evb.dts | 25
arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi-damu.dts | 4
arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi-kenzo.dts | 15
arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi-willow.dtsi | 15
arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi.dtsi | 2
arch/arm64/boot/dts/mediatek/mt8183.dtsi | 3
arch/arm64/boot/dts/mediatek/mt8186.dtsi | 8
arch/arm64/boot/dts/mediatek/mt8192-asurada.dtsi | 3
arch/arm64/boot/dts/mediatek/mt8195-cherry.dtsi | 2
arch/arm64/boot/dts/mediatek/mt8195-demo.dts | 9
arch/arm64/boot/dts/mediatek/mt8195.dtsi | 5
arch/arm64/boot/dts/mediatek/mt8365.dtsi | 3
arch/arm64/boot/dts/mediatek/mt8395-genio-1200-evk.dts | 2
arch/arm64/boot/dts/mediatek/mt8395-radxa-nio-12l.dts | 2
arch/arm64/boot/dts/mediatek/mt8516.dtsi | 11
arch/arm64/boot/dts/mediatek/pumpkin-common.dtsi | 2
arch/arm64/boot/dts/nvidia/tegra234.dtsi | 2
arch/arm64/boot/dts/qcom/Makefile | 3
arch/arm64/boot/dts/qcom/msm8916.dtsi | 2
arch/arm64/boot/dts/qcom/msm8939.dtsi | 2
arch/arm64/boot/dts/qcom/msm8994.dtsi | 11
arch/arm64/boot/dts/qcom/msm8996-xiaomi-gemini.dts | 2
arch/arm64/boot/dts/qcom/msm8996.dtsi | 9
arch/arm64/boot/dts/qcom/qcm6490-shift-otter.dts | 2
arch/arm64/boot/dts/qcom/qcs404.dtsi | 2
arch/arm64/boot/dts/qcom/qcs8550-aim300.dtsi | 2
arch/arm64/boot/dts/qcom/qdu1000-idp.dts | 2
arch/arm64/boot/dts/qcom/qrb4210-rb2.dts | 2
arch/arm64/boot/dts/qcom/qru1000-idp.dts | 2
arch/arm64/boot/dts/qcom/sa8775p-ride.dtsi | 2
arch/arm64/boot/dts/qcom/sc7180-firmware-tfa.dtsi | 84 +-
arch/arm64/boot/dts/qcom/sc7180-trogdor-coachz.dtsi | 8
arch/arm64/boot/dts/qcom/sc7180-trogdor-homestar.dtsi | 8
arch/arm64/boot/dts/qcom/sc7180-trogdor-pompom.dtsi | 4
arch/arm64/boot/dts/qcom/sc7180-trogdor-quackingstick.dtsi | 1
arch/arm64/boot/dts/qcom/sc7180-trogdor-wormdingler.dtsi | 8
arch/arm64/boot/dts/qcom/sc7180.dtsi | 362 +++++-----
arch/arm64/boot/dts/qcom/sc7280.dtsi | 2
arch/arm64/boot/dts/qcom/sc8280xp.dtsi | 46 -
arch/arm64/boot/dts/qcom/sdm845-db845c-navigation-mezzanine.dts | 104 --
arch/arm64/boot/dts/qcom/sdm845-db845c-navigation-mezzanine.dtso | 70 +
arch/arm64/boot/dts/qcom/sdm845.dtsi | 20
arch/arm64/boot/dts/qcom/sdx75.dtsi | 2
arch/arm64/boot/dts/qcom/sm4450.dtsi | 2
arch/arm64/boot/dts/qcom/sm6125.dtsi | 2
arch/arm64/boot/dts/qcom/sm6375.dtsi | 2
arch/arm64/boot/dts/qcom/sm7125.dtsi | 16
arch/arm64/boot/dts/qcom/sm7225-fairphone-fp4.dts | 2
arch/arm64/boot/dts/qcom/sm8150-microsoft-surface-duo.dts | 4
arch/arm64/boot/dts/qcom/sm8250.dtsi | 30
arch/arm64/boot/dts/qcom/sm8350.dtsi | 2
arch/arm64/boot/dts/qcom/sm8450.dtsi | 2
arch/arm64/boot/dts/qcom/sm8550-hdk.dts | 2
arch/arm64/boot/dts/qcom/sm8550-mtp.dts | 2
arch/arm64/boot/dts/qcom/sm8550-qrd.dts | 2
arch/arm64/boot/dts/qcom/sm8550-samsung-q5q.dts | 2
arch/arm64/boot/dts/qcom/sm8550-sony-xperia-yodo-pdx234.dts | 2
arch/arm64/boot/dts/qcom/sm8650-hdk.dts | 2
arch/arm64/boot/dts/qcom/sm8650-mtp.dts | 2
arch/arm64/boot/dts/qcom/sm8650-qrd.dts | 2
arch/arm64/boot/dts/qcom/sm8650.dtsi | 6
arch/arm64/boot/dts/qcom/x1e80100-microsoft-romulus.dtsi | 4
arch/arm64/boot/dts/qcom/x1e80100.dtsi | 2
arch/arm64/boot/dts/renesas/rzg3s-smarc-som.dtsi | 5
arch/arm64/boot/dts/renesas/rzg3s-smarc.dtsi | 7
arch/arm64/boot/dts/rockchip/rk3308-rock-s0.dts | 25
arch/arm64/boot/dts/rockchip/rk3568-wolfvision-pf5.dts | 2
arch/arm64/boot/dts/ti/Makefile | 4
arch/arm64/boot/dts/ti/k3-am62-main.dtsi | 1
arch/arm64/boot/dts/ti/k3-am62a-main.dtsi | 1
arch/arm64/boot/dts/ti/k3-am642-hummingboard-t-pcie.dts | 47 +
arch/arm64/boot/dts/ti/k3-am642-hummingboard-t-pcie.dtso | 45 -
arch/arm64/boot/dts/ti/k3-am642-hummingboard-t-usb3.dts | 47 +
arch/arm64/boot/dts/ti/k3-am642-hummingboard-t-usb3.dtso | 44 -
arch/arm64/configs/defconfig | 1
arch/hexagon/include/asm/cmpxchg.h | 2
arch/hexagon/kernel/traps.c | 4
arch/loongarch/include/asm/hw_breakpoint.h | 4
arch/loongarch/include/asm/loongarch.h | 60 +
arch/loongarch/kernel/hw_breakpoint.c | 16
arch/loongarch/power/platform.c | 2
arch/powerpc/include/asm/hugetlb.h | 9
arch/powerpc/kernel/iommu.c | 2
arch/powerpc/platforms/pseries/iommu.c | 12
arch/riscv/kernel/vector.c | 2
arch/s390/Kconfig | 1
arch/s390/Makefile | 2
arch/s390/include/asm/sclp.h | 1
arch/s390/kernel/perf_cpum_cf.c | 2
arch/s390/kernel/perf_pai_crypto.c | 2
arch/s390/kernel/perf_pai_ext.c | 2
arch/s390/kernel/setup.c | 5
arch/s390/purgatory/Makefile | 2
arch/x86/events/amd/ibs.c | 2
arch/x86/include/asm/kvm_host.h | 2
arch/x86/kernel/smpboot.c | 10
arch/x86/kvm/lapic.c | 11
arch/x86/kvm/vmx/vmx.c | 2
arch/x86/kvm/vmx/x86_ops.h | 2
block/bio-integrity.c | 15
block/blk-core.c | 21
block/blk-mq.c | 34
block/blk-mq.h | 6
block/blk-sysfs.c | 9
block/genhd.c | 22
block/partitions/ldm.h | 2
crypto/algapi.c | 4
drivers/acpi/acpica/achware.h | 2
drivers/acpi/fan_core.c | 10
drivers/base/class.c | 9
drivers/block/nbd.c | 1
drivers/block/ps3disk.c | 4
drivers/bluetooth/btbcm.c | 3
drivers/bluetooth/btnxpuart.c | 3
drivers/bluetooth/btrtl.c | 4
drivers/bluetooth/btusb.c | 7
drivers/cdx/Makefile | 2
drivers/char/ipmi/ipmb_dev_int.c | 3
drivers/char/ipmi/ssif_bmc.c | 5
drivers/clk/analogbits/wrpll-cln28hpc.c | 2
drivers/clk/clk.c | 4
drivers/clk/imx/clk-imx8mp.c | 5
drivers/clk/imx/clk-imx93.c | 89 +-
drivers/clk/qcom/camcc-x1e80100.c | 7
drivers/clk/qcom/gcc-sdm845.c | 32
drivers/clk/qcom/gcc-x1e80100.c | 2
drivers/clk/ralink/clk-mtmips.c | 1
drivers/clk/renesas/renesas-cpg-mssr.c | 2
drivers/clk/sunxi-ng/ccu-sun50i-a64.c | 13
drivers/clk/sunxi-ng/ccu-sun50i-a64.h | 2
drivers/clk/thead/clk-th1520-ap.c | 13
drivers/cpufreq/acpi-cpufreq.c | 36
drivers/cpufreq/qcom-cpufreq-hw.c | 34
drivers/crypto/caam/blob_gen.c | 3
drivers/crypto/hisilicon/sec2/sec.h | 3
drivers/crypto/hisilicon/sec2/sec_crypto.c | 161 ++--
drivers/crypto/hisilicon/sec2/sec_crypto.h | 11
drivers/crypto/intel/iaa/Makefile | 2
drivers/crypto/intel/iaa/iaa_crypto_main.c | 2
drivers/crypto/intel/ixp4xx/ixp4xx_crypto.c | 3
drivers/crypto/intel/qat/qat_common/Makefile | 2
drivers/crypto/tegra/tegra-se-aes.c | 7
drivers/crypto/tegra/tegra-se-hash.c | 7
drivers/dma/idxd/Makefile | 2
drivers/dma/ti/edma.c | 3
drivers/firewire/device-attribute-test.c | 2
drivers/firmware/efi/sysfb_efi.c | 2
drivers/firmware/qcom/qcom_scm.c | 42 -
drivers/gpio/gpio-idio-16.c | 2
drivers/gpio/gpio-mxc.c | 3
drivers/gpio/gpio-pca953x.c | 3
drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gfx_v9.c | 6
drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 1
drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c | 4
drivers/gpu/drm/amd/amdgpu/gfx_v9_4_3.c | 6
drivers/gpu/drm/amd/amdgpu/vcn_v4_0_3.c | 2
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.h | 2
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 34
drivers/gpu/drm/amd/display/dc/dpp/dcn10/dcn10_dpp.c | 3
drivers/gpu/drm/amd/display/dc/hubp/dcn10/dcn10_hubp.c | 10
drivers/gpu/drm/amd/display/dc/hubp/dcn10/dcn10_hubp.h | 2
drivers/gpu/drm/amd/display/dc/hubp/dcn20/dcn20_hubp.c | 1
drivers/gpu/drm/amd/display/dc/hubp/dcn201/dcn201_hubp.c | 1
drivers/gpu/drm/amd/display/dc/hubp/dcn21/dcn21_hubp.c | 3
drivers/gpu/drm/amd/display/dc/hubp/dcn30/dcn30_hubp.c | 3
drivers/gpu/drm/amd/display/dc/hubp/dcn31/dcn31_hubp.c | 1
drivers/gpu/drm/amd/display/dc/hubp/dcn32/dcn32_hubp.c | 1
drivers/gpu/drm/amd/display/dc/hubp/dcn35/dcn35_hubp.c | 1
drivers/gpu/drm/amd/display/dc/hubp/dcn401/dcn401_hubp.c | 3
drivers/gpu/drm/amd/display/dc/hwss/dcn10/dcn10_hwseq.c | 2
drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c | 2
drivers/gpu/drm/amd/display/dc/inc/hw/hubp.h | 2
drivers/gpu/drm/amd/pm/powerplay/hwmgr/ppatomctrl.c | 2
drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega10_powertune.c | 5
drivers/gpu/drm/bridge/ite-it6505.c | 2
drivers/gpu/drm/display/drm_hdmi_state_helper.c | 8
drivers/gpu/drm/etnaviv/etnaviv_gem.c | 16
drivers/gpu/drm/msm/adreno/a6xx_gmu.c | 8
drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_10_0_sm8650.h | 2
drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_4_1_sdm670.h | 54 +
drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_5_0_sm8150.h | 2
drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_5_1_sc8180x.h | 2
drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_6_0_sm8250.h | 2
drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_7_0_sm8350.h | 2
drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_9_0_sm8550.h | 2
drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_9_2_x1e80100.h | 2
drivers/gpu/drm/msm/disp/mdp4/mdp4_lcdc_encoder.c | 2
drivers/gpu/drm/msm/dp/dp_audio.c | 2
drivers/gpu/drm/msm/hdmi/hdmi_phy_8998.c | 2
drivers/gpu/drm/msm/msm_kms.c | 1
drivers/gpu/drm/panthor/panthor_device.c | 4
drivers/gpu/drm/rockchip/rockchip_drm_vop2.c | 115 ++-
drivers/gpu/drm/rockchip/rockchip_drm_vop2.h | 10
drivers/gpu/drm/rockchip/rockchip_vop2_reg.c | 26
drivers/gpu/drm/v3d/v3d_debugfs.c | 4
drivers/gpu/drm/v3d/v3d_perfmon.c | 15
drivers/gpu/drm/v3d/v3d_regs.h | 29
drivers/hid/hid-core.c | 2
drivers/hid/hid-input.c | 37 -
drivers/hid/hid-multitouch.c | 2
drivers/hid/hid-thrustmaster.c | 8
drivers/hwmon/Kconfig | 4
drivers/hwmon/nct6775-core.c | 6
drivers/i2c/busses/i2c-designware-common.c | 5
drivers/i2c/busses/i2c-designware-master.c | 5
drivers/i2c/busses/i2c-designware-slave.c | 5
drivers/i3c/master/dw-i3c-master.c | 1
drivers/infiniband/hw/Makefile | 2
drivers/infiniband/hw/bnxt_re/ib_verbs.c | 7
drivers/infiniband/hw/cxgb4/device.c | 6
drivers/infiniband/hw/cxgb4/qp.c | 8
drivers/infiniband/hw/hns/Kconfig | 20
drivers/infiniband/hw/hns/Makefile | 9
drivers/infiniband/hw/mlx4/main.c | 8
drivers/infiniband/hw/mlx5/odp.c | 62 +
drivers/infiniband/sw/rxe/rxe_param.h | 2
drivers/infiniband/sw/rxe/rxe_pool.c | 11
drivers/infiniband/sw/rxe/rxe_verbs.c | 5
drivers/infiniband/ulp/rtrs/rtrs.c | 3
drivers/infiniband/ulp/srp/ib_srp.c | 1
drivers/iommu/amd/amd_iommu.h | 1
drivers/iommu/amd/iommu.c | 9
drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 17
drivers/iommu/iommufd/iova_bitmap.c | 2
drivers/iommu/iommufd/main.c | 2
drivers/leds/leds-cht-wcove.c | 6
drivers/leds/leds-netxbig.c | 1
drivers/md/md-bitmap.c | 79 +-
drivers/md/md-bitmap.h | 7
drivers/md/md.c | 34
drivers/md/md.h | 5
drivers/md/raid1.c | 34
drivers/md/raid1.h | 1
drivers/md/raid10.c | 26
drivers/md/raid10.h | 1
drivers/md/raid5-cache.c | 4
drivers/md/raid5.c | 111 +--
drivers/md/raid5.h | 4
drivers/media/i2c/imx290.c | 3
drivers/media/i2c/imx412.c | 42 -
drivers/media/i2c/ov9282.c | 2
drivers/media/platform/marvell/mcam-core.c | 7
drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c | 7
drivers/media/platform/nxp/imx8-isi/imx8-isi-video.c | 3
drivers/media/platform/samsung/exynos4-is/mipi-csis.c | 10
drivers/media/platform/samsung/s3c-camif/camif-core.c | 13
drivers/media/rc/iguanair.c | 4
drivers/media/usb/dvb-usb-v2/af9035.c | 18
drivers/media/usb/dvb-usb-v2/lmedm04.c | 12
drivers/media/usb/uvc/uvc_queue.c | 3
drivers/media/usb/uvc/uvc_status.c | 1
drivers/memory/tegra/tegra20-emc.c | 8
drivers/mfd/syscon.c | 19
drivers/misc/cardreader/rtsx_usb.c | 15
drivers/mtd/hyperbus/hbmc-am654.c | 19
drivers/mtd/nand/raw/brcmnand/brcmnand.c | 5
drivers/net/ethernet/broadcom/bgmac.h | 3
drivers/net/ethernet/davicom/dm9000.c | 3
drivers/net/ethernet/freescale/fec_main.c | 31
drivers/net/ethernet/hisilicon/hns3/hnae3.c | 15
drivers/net/ethernet/hisilicon/hns3/hnae3.h | 2
drivers/net/ethernet/hisilicon/hns3/hns3_enet.c | 2
drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 2
drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 2
drivers/net/ethernet/intel/iavf/iavf_main.c | 19
drivers/net/ethernet/intel/ice/ice_adminq_cmd.h | 18
drivers/net/ethernet/intel/ice/ice_ethtool.c | 109 +--
drivers/net/ethernet/intel/ice/ice_ethtool.h | 38 -
drivers/net/ethernet/intel/ice/ice_parser.h | 6
drivers/net/ethernet/intel/ice/ice_parser_rt.c | 12
drivers/net/ethernet/intel/idpf/idpf_controlq.c | 6
drivers/net/ethernet/intel/idpf/idpf_main.c | 15
drivers/net/ethernet/intel/idpf/idpf_virtchnl.c | 14
drivers/net/ethernet/marvell/octeon_ep/octep_main.c | 10
drivers/net/ethernet/marvell/octeon_ep_vf/octep_vf_main.c | 8
drivers/net/ethernet/mediatek/airoha_eth.c | 37 -
drivers/net/ethernet/mellanox/mlx5/core/steering/hws/mlx5hws_definer.c | 2
drivers/net/ethernet/mellanox/mlxfw/mlxfw_fsm.c | 2
drivers/net/ethernet/mellanox/mlxsw/spectrum_mr.c | 8
drivers/net/ethernet/renesas/ravb_main.c | 22
drivers/net/ethernet/renesas/sh_eth.c | 4
drivers/net/ethernet/sfc/ef100_ethtool.c | 1
drivers/net/ethernet/sfc/ethtool.c | 1
drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 30
drivers/net/ethernet/ti/am65-cpsw-nuss.c | 2
drivers/net/netdevsim/netdevsim.h | 1
drivers/net/netdevsim/udp_tunnels.c | 23
drivers/net/phy/marvell-88q2xxx.c | 33
drivers/net/tap.c | 6
drivers/net/team/team_core.c | 7
drivers/net/tun.c | 6
drivers/net/usb/rtl8150.c | 22
drivers/net/vxlan/vxlan_vnifilter.c | 5
drivers/net/wireless/ath/ath11k/dp_rx.c | 1
drivers/net/wireless/ath/ath11k/hal_rx.c | 3
drivers/net/wireless/ath/ath12k/mac.c | 6
drivers/net/wireless/ath/wcn36xx/main.c | 5
drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwil.h | 2
drivers/net/wireless/intel/iwlwifi/fw/uefi.c | 44 -
drivers/net/wireless/intel/iwlwifi/mvm/coex.c | 9
drivers/net/wireless/intel/iwlwifi/mvm/tx.c | 4
drivers/net/wireless/mediatek/mt76/mac80211.c | 2
drivers/net/wireless/mediatek/mt76/mt7615/mcu.c | 2
drivers/net/wireless/mediatek/mt76/mt76_connac_mcu.c | 2
drivers/net/wireless/mediatek/mt76/mt76_connac_mcu.h | 1
drivers/net/wireless/mediatek/mt76/mt7915/init.c | 2
drivers/net/wireless/mediatek/mt76/mt7915/mac.c | 7
drivers/net/wireless/mediatek/mt76/mt7915/main.c | 9
drivers/net/wireless/mediatek/mt76/mt7915/mmio.c | 2
drivers/net/wireless/mediatek/mt76/mt7915/mt7915.h | 1
drivers/net/wireless/mediatek/mt76/mt7915/pci.c | 1
drivers/net/wireless/mediatek/mt76/mt7921/mac.c | 1
drivers/net/wireless/mediatek/mt76/mt7921/main.c | 9
drivers/net/wireless/mediatek/mt76/mt7925/mac.c | 6
drivers/net/wireless/mediatek/mt76/mt7925/main.c | 109 ++-
drivers/net/wireless/mediatek/mt76/mt7925/mcu.c | 142 ++-
drivers/net/wireless/mediatek/mt76/mt7925/mcu.h | 5
drivers/net/wireless/mediatek/mt76/mt7925/mt7925.h | 2
drivers/net/wireless/mediatek/mt76/mt792x.h | 7
drivers/net/wireless/mediatek/mt76/mt792x_core.c | 3
drivers/net/wireless/mediatek/mt76/mt792x_mac.c | 2
drivers/net/wireless/mediatek/mt76/mt7996/init.c | 20
drivers/net/wireless/mediatek/mt76/mt7996/mac.c | 5
drivers/net/wireless/mediatek/mt76/mt7996/main.c | 3
drivers/net/wireless/mediatek/mt76/mt7996/mcu.c | 47 -
drivers/net/wireless/mediatek/mt76/mt7996/mmio.c | 2
drivers/net/wireless/mediatek/mt76/usb.c | 4
drivers/net/wireless/realtek/rtlwifi/base.c | 13
drivers/net/wireless/realtek/rtlwifi/base.h | 1
drivers/net/wireless/realtek/rtlwifi/pci.c | 61 -
drivers/net/wireless/realtek/rtlwifi/rtl8192se/sw.c | 7
drivers/net/wireless/realtek/rtlwifi/rtl8821ae/phy.c | 4
drivers/net/wireless/realtek/rtlwifi/usb.c | 12
drivers/net/wireless/realtek/rtlwifi/wifi.h | 12
drivers/net/wireless/realtek/rtw89/chan.c | 212 +++++
drivers/net/wireless/realtek/rtw89/chan.h | 28
drivers/net/wireless/realtek/rtw89/core.c | 122 +--
drivers/net/wireless/realtek/rtw89/core.h | 27
drivers/net/wireless/realtek/rtw89/fw.c | 40 -
drivers/net/wireless/realtek/rtw89/mac.c | 3
drivers/net/wireless/realtek/rtw89/mac80211.c | 10
drivers/net/wireless/ti/wlcore/main.c | 10
drivers/nvme/host/core.c | 34
drivers/nvme/host/tcp.c | 70 +
drivers/of/fdt.c | 13
drivers/of/of_private.h | 3
drivers/of/of_reserved_mem.c | 176 +++-
drivers/of/property.c | 2
drivers/opp/core.c | 57 +
drivers/opp/of.c | 4
drivers/pci/controller/dwc/pci-imx6.c | 30
drivers/pci/controller/dwc/pcie-designware-host.c | 1
drivers/pci/controller/dwc/pcie-qcom.c | 2
drivers/pci/controller/pcie-rcar-ep.c | 2
drivers/pci/controller/plda/pcie-microchip-host.c | 222 ++++--
drivers/pci/controller/plda/pcie-plda-host.c | 17
drivers/pci/controller/plda/pcie-plda.h | 6
drivers/pci/endpoint/functions/pci-epf-test.c | 6
drivers/pci/endpoint/pci-epc-core.c | 2
drivers/pinctrl/nomadik/pinctrl-nomadik.c | 35
drivers/pinctrl/pinctrl-amd.c | 27
drivers/pinctrl/pinctrl-amd.h | 7
drivers/pinctrl/samsung/pinctrl-exynos.c | 3
drivers/pinctrl/stm32/pinctrl-stm32.c | 76 +-
drivers/platform/mellanox/mlxbf-pmc.c | 6
drivers/platform/x86/x86-android-tablets/lenovo.c | 4
drivers/pps/clients/pps-gpio.c | 4
drivers/pps/clients/pps-ktimer.c | 4
drivers/pps/clients/pps-ldisc.c | 6
drivers/pps/clients/pps_parport.c | 4
drivers/pps/kapi.c | 10
drivers/pps/kc.c | 10
drivers/pps/pps.c | 127 +--
drivers/ptp/ptp_chardev.c | 4
drivers/ptp/ptp_ocp.c | 2
drivers/pwm/core.c | 2
drivers/pwm/pwm-dwc-core.c | 2
drivers/pwm/pwm-lpss.c | 2
drivers/pwm/pwm-stm32-lp.c | 8
drivers/pwm/pwm-stm32.c | 7
drivers/regulator/core.c | 2
drivers/regulator/of_regulator.c | 14
drivers/remoteproc/mtk_scp.c | 12
drivers/remoteproc/remoteproc_core.c | 14
drivers/rtc/rtc-loongson.c | 13
drivers/rtc/rtc-pcf85063.c | 11
drivers/rtc/rtc-tps6594.c | 2
drivers/s390/char/sclp.c | 12
drivers/scsi/mpi3mr/mpi3mr_app.c | 8
drivers/scsi/mpt3sas/mpt3sas_base.c | 3
drivers/soc/atmel/soc.c | 2
drivers/spi/spi-omap2-mcspi.c | 11
drivers/spi/spi-zynq-qspi.c | 13
drivers/staging/media/imx/imx-media-of.c | 8
drivers/staging/media/max96712/max96712.c | 4
drivers/tty/mips_ejtag_fdc.c | 4
drivers/tty/serial/8250/8250_port.c | 32
drivers/tty/serial/sc16is7xx.c | 2
drivers/ufs/core/ufs_bsg.c | 1
drivers/usb/dwc3/core.c | 35
drivers/usb/dwc3/dwc3-am62.c | 1
drivers/usb/gadget/function/f_tcm.c | 14
drivers/usb/host/xhci-ring.c | 3
drivers/usb/storage/Makefile | 2
drivers/usb/typec/tcpm/tcpci.c | 13
drivers/usb/typec/tcpm/tcpm.c | 10
drivers/video/fbdev/omap2/omapfb/dss/dss-of.c | 1
drivers/watchdog/rti_wdt.c | 1
fs/afs/dir.c | 7
fs/afs/internal.h | 9
fs/afs/rxrpc.c | 12
fs/afs/xdr_fs.h | 2
fs/afs/yfsclient.c | 5
fs/btrfs/inode.c | 95 ++
fs/btrfs/qgroup.c | 21
fs/btrfs/subpage.c | 6
fs/btrfs/subpage.h | 13
fs/btrfs/super.c | 2
fs/dlm/lock.c | 46 -
fs/dlm/lowcomms.c | 3
fs/erofs/internal.h | 17
fs/erofs/zdata.c | 190 +++--
fs/erofs/zutil.c | 155 ----
fs/f2fs/dir.c | 53 +
fs/f2fs/f2fs.h | 6
fs/f2fs/inline.c | 5
fs/file_table.c | 2
fs/hostfs/hostfs_kern.c | 27
fs/nfs/localio.c | 4
fs/nfs/nfs42proc.c | 2
fs/nfs/nfs42xdr.c | 2
fs/nfs_common/common.c | 89 ++
fs/nilfs2/dir.c | 13
fs/nilfs2/namei.c | 29
fs/nilfs2/nilfs.h | 4
fs/nilfs2/page.c | 31
fs/nilfs2/segment.c | 4
fs/ocfs2/quota_global.c | 5
fs/pstore/blk.c | 4
fs/select.c | 4
fs/smb/client/cifsacl.c | 25
fs/smb/client/cifsproto.h | 2
fs/smb/client/cifssmb.c | 4
fs/smb/client/readdir.c | 2
fs/smb/client/reparse.c | 22
fs/smb/client/smb2ops.c | 3
fs/ubifs/debug.c | 22
fs/xfs/xfs_buf.c | 3
fs/xfs/xfs_notify_failure.c | 121 ++-
include/acpi/acpixf.h | 1
include/dt-bindings/clock/imx93-clock.h | 7
include/dt-bindings/clock/sun50i-a64-ccu.h | 2
include/linux/btf.h | 5
include/linux/coredump.h | 4
include/linux/ethtool.h | 4
include/linux/export.h | 2
include/linux/hid.h | 1
include/linux/ieee80211.h | 11
include/linux/kallsyms.h | 2
include/linux/mroute_base.h | 6
include/linux/netdevice.h | 2
include/linux/nfs_common.h | 3
include/linux/perf_event.h | 6
include/linux/pps_kernel.h | 3
include/linux/ptr_ring.h | 21
include/linux/sched.h | 1
include/linux/skb_array.h | 17
include/linux/usb/tcpm.h | 3
include/net/ax25.h | 10
include/net/inetpeer.h | 12
include/net/netfilter/nf_tables.h | 6
include/net/netns/xfrm.h | 1
include/net/pkt_cls.h | 13
include/net/sch_generic.h | 5
include/net/xfrm.h | 30
include/sound/hdaudio_ext.h | 45 -
include/trace/events/afs.h | 2
include/trace/events/rxrpc.h | 25
include/uapi/linux/xfrm.h | 2
io_uring/uring_cmd.c | 2
kernel/bpf/arena.c | 8
kernel/bpf/bpf_local_storage.c | 8
kernel/bpf/bpf_struct_ops.c | 21
kernel/bpf/btf.c | 5
kernel/bpf/helpers.c | 18
kernel/dma/coherent.c | 14
kernel/events/core.c | 35
kernel/irq/internals.h | 9
kernel/module/main.c | 7
kernel/padata.c | 45 -
kernel/power/hibernate.c | 7
kernel/printk/internal.h | 6
kernel/printk/printk.c | 5
kernel/printk/printk_safe.c | 7
kernel/sched/core.c | 83 +-
kernel/sched/cpufreq_schedutil.c | 4
kernel/sched/fair.c | 21
kernel/sched/features.h | 9
kernel/sched/sched.h | 56 -
kernel/sched/stats.h | 33
kernel/sched/syscalls.c | 2
kernel/trace/bpf_trace.c | 13
lib/rhashtable.c | 12
mm/memcontrol.c | 7
mm/oom_kill.c | 8
net/ax25/af_ax25.c | 12
net/ax25/ax25_dev.c | 4
net/ax25/ax25_ip.c | 3
net/ax25/ax25_out.c | 22
net/ax25/ax25_route.c | 2
net/core/dev.c | 21
net/core/filter.c | 2
net/core/sysctl_net_core.c | 5
net/ethtool/ioctl.c | 8
net/ethtool/netlink.c | 2
net/hsr/hsr_forward.c | 7
net/ipv4/esp4_offload.c | 6
net/ipv4/icmp.c | 9
net/ipv4/inetpeer.c | 31
net/ipv4/ip_fragment.c | 15
net/ipv4/ipmr.c | 28
net/ipv4/ipmr_base.c | 9
net/ipv4/route.c | 17
net/ipv4/tcp_cubic.c | 8
net/ipv4/tcp_output.c | 9
net/ipv4/udp.c | 56 +
net/ipv6/esp6_offload.c | 6
net/ipv6/icmp.c | 6
net/ipv6/ip6_output.c | 6
net/ipv6/ip6mr.c | 28
net/ipv6/ndisc.c | 8
net/ipv6/udp.c | 50 +
net/key/af_key.c | 7
net/mac80211/debugfs_netdev.c | 2
net/mac80211/driver-ops.h | 3
net/mac80211/rx.c | 1
net/mptcp/ctrl.c | 4
net/mptcp/options.c | 13
net/mptcp/pm_netlink.c | 3
net/mptcp/protocol.c | 4
net/mptcp/protocol.h | 30
net/ncsi/ncsi-rsp.c | 18
net/netfilter/nf_tables_api.c | 57 +
net/netfilter/nft_flow_offload.c | 16
net/netfilter/nft_set_rbtree.c | 43 +
net/rose/af_rose.c | 16
net/rose/rose_timer.c | 15
net/rxrpc/conn_event.c | 12
net/rxrpc/peer_event.c | 16
net/rxrpc/peer_object.c | 12
net/sched/cls_api.c | 57 -
net/sched/cls_bpf.c | 2
net/sched/cls_flower.c | 2
net/sched/cls_matchall.c | 2
net/sched/cls_u32.c | 4
net/sched/sch_api.c | 4
net/sched/sch_generic.c | 4
net/sched/sch_sfq.c | 43 -
net/smc/af_smc.c | 2
net/smc/smc_rx.c | 37 -
net/smc/smc_rx.h | 8
net/sunrpc/svcsock.c | 12
net/vmw_vsock/af_vsock.c | 5
net/wireless/scan.c | 7
net/wireless/tests/scan.c | 2
net/xfrm/xfrm_compat.c | 6
net/xfrm/xfrm_input.c | 2
net/xfrm/xfrm_policy.c | 12
net/xfrm/xfrm_replay.c | 10
net/xfrm/xfrm_state.c | 256 ++++++-
net/xfrm/xfrm_user.c | 59 +
samples/landlock/sandboxer.c | 7
scripts/Makefile.lib | 4
scripts/genksyms/genksyms.c | 11
scripts/genksyms/genksyms.h | 2
scripts/genksyms/parse.y | 18
scripts/kconfig/confdata.c | 6
scripts/kconfig/symbol.c | 1
security/landlock/fs.c | 11
sound/core/seq/Kconfig | 4
sound/pci/hda/patch_realtek.c | 1
sound/soc/amd/acp/acp-i2s.c | 1
sound/soc/codecs/Makefile | 6
sound/soc/codecs/da7213.c | 2
sound/soc/intel/avs/apl.c | 3
sound/soc/intel/avs/cnl.c | 1
sound/soc/intel/avs/core.c | 14
sound/soc/intel/avs/loader.c | 2
sound/soc/intel/avs/registers.h | 45 +
sound/soc/intel/avs/skl.c | 1
sound/soc/intel/avs/topology.c | 4
sound/soc/intel/boards/sof_sdw.c | 47 -
sound/soc/mediatek/mt8365/Makefile | 2
sound/soc/rockchip/rockchip_i2s_tdm.c | 31
sound/soc/sh/rz-ssi.c | 3
sound/soc/sunxi/sun4i-spdif.c | 7
sound/usb/quirks.c | 2
tools/bootconfig/main.c | 4
tools/include/uapi/linux/if_xdp.h | 4
tools/lib/bpf/btf.c | 1
tools/lib/bpf/btf_relocate.c | 2
tools/lib/bpf/linker.c | 22
tools/lib/bpf/usdt.c | 2
tools/net/ynl/lib/ynl.c | 2
tools/perf/MANIFEST | 1
tools/perf/builtin-inject.c | 8
tools/perf/builtin-lock.c | 66 +
tools/perf/builtin-report.c | 2
tools/perf/builtin-top.c | 2
tools/perf/builtin-trace.c | 6
tools/perf/tests/shell/trace_btf_enum.sh | 8
tools/perf/util/bpf-event.c | 10
tools/perf/util/bpf_skel/augmented_raw_syscalls.bpf.c | 11
tools/perf/util/env.c | 13
tools/perf/util/env.h | 4
tools/perf/util/expr.c | 5
tools/perf/util/header.c | 8
tools/perf/util/machine.c | 2
tools/perf/util/maps.c | 7
tools/perf/util/namespaces.c | 7
tools/perf/util/namespaces.h | 3
tools/power/cpupower/utils/idle_monitor/mperf_monitor.c | 15
tools/power/x86/turbostat/turbostat.8 | 25
tools/power/x86/turbostat/turbostat.c | 163 ++++
tools/testing/ktest/ktest.pl | 7
tools/testing/selftests/bpf/Makefile | 4
tools/testing/selftests/bpf/prog_tests/btf_distill.c | 4
tools/testing/selftests/bpf/prog_tests/fill_link_info.c | 4
tools/testing/selftests/bpf/prog_tests/tailcalls.c | 120 ++-
tools/testing/selftests/bpf/progs/tc_bpf2bpf.c | 5
tools/testing/selftests/bpf/progs/test_fill_link_info.c | 13
tools/testing/selftests/bpf/test_tc_tunnel.sh | 1
tools/testing/selftests/bpf/xdp_hw_metadata.c | 2
tools/testing/selftests/drivers/net/netdevsim/udp_tunnel_nic.sh | 16
tools/testing/selftests/ftrace/test.d/00basic/mount_options.tc | 8
tools/testing/selftests/kselftest/ktap_helpers.sh | 2
tools/testing/selftests/kselftest_harness.h | 24
tools/testing/selftests/landlock/Makefile | 4
tools/testing/selftests/landlock/fs_test.c | 3
tools/testing/selftests/net/lib/Makefile | 2
tools/testing/selftests/net/mptcp/Makefile | 2
tools/testing/selftests/net/openvswitch/Makefile | 2
tools/testing/selftests/powerpc/benchmarks/gettimeofday.c | 2
tools/testing/selftests/rseq/rseq.c | 32
tools/testing/selftests/rseq/rseq.h | 9
tools/testing/selftests/timers/clocksource-switch.c | 6
677 files changed, 6485 insertions(+), 3583 deletions(-)
Aaro Koskinen (1):
ARM: omap1: Fix up the Retu IRQ on Nokia 770
Abel Vesa (1):
clk: qcom: gcc-x1e80100: Do not turn off usb_2 controller GDSC
Ahmad Fatoum (1):
gpio: mxc: remove dead code after switch to DT-only
Akhil R (1):
arm64: tegra: Fix DMA ID for SPI2
Al Viro (1):
hostfs: fix string handling in __dentry_name()
Alan Stern (1):
HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections
Alejandro Jimenez (1):
iommu/amd: Remove unused amd_iommu_domain_update()
Alex Deucher (1):
Revert "drm/amdgpu/gfx9: put queue resets behind a debug option"
Alexander Aring (2):
dlm: fix removal of rsb struct that is master and dir record
dlm: fix srcu_read_lock() return type to int
Alexander Stein (2):
ARM: dts: imx7-tqma7: add missing vs-supply for LM75A (rev. 01xxx)
regulator: core: Add missing newline character
Alexandre Cassen (1):
xfrm: delete intermediate secpath entry in packet offload mode
Amadeusz Sławiński (1):
ASoC: Intel: avs: Fix init-config parsing
Amit Pundir (1):
clk: qcom: gcc-sdm845: Do not use shared clk_ops for QUPs
Andreas Kemnade (1):
wifi: wlcore: fix unbalanced pm_runtime calls
Andrii Nakryiko (1):
libbpf: don't adjust USDT semaphore address if .stapsdt.base addr is missing
Andy Strohman (1):
wifi: mac80211: fix tid removal during mesh forwarding
Andy Yan (7):
drm/rockchip: vop2: Fix cluster windows alpha ctrl regsiters offset
drm/rockchip: vop2: Fix the mixer alpha setup for layer 0
drm/rockchip: vop2: Fix the windows switch between different layers
drm/rockchip: vop2: Set AXI id for rk3588
drm/rockchip: vop2: Setup delay cycle for Esmart2/3
drm/rockchip: vop2: Check linear format for Cluster windows on rk3566/8
drm/rockchip: vop2: Add check for 32 bpp format for rk3588
Antoine Tenart (1):
net: avoid race between device unregistration and ethnl ops
Anumula Murali Mohan Reddy (1):
RDMA/cxgb4: Notify rdma stack for IB_EVENT_QP_LAST_WQE_REACHED event
Aric Cyr (1):
drm/amd/display: Add hubp cache reset when powergating
Arnaldo Carvalho de Melo (4):
perf top: Don't complain about lack of vmlinux when not resolving some kernel samples
perf namespaces: Introduce nsinfo__set_in_pidns()
perf namespaces: Fixup the nsinfo__in_pidns() return type, its bool
perf MANIFEST: Add arch/*/include/uapi/asm/bpf_perf_event.h to the perf tarball
Arnaud Pouliquen (2):
ARM: dts: stm32: Fix IPCC EXTI declaration on stm32mp151
remoteproc: core: Fix ida_free call while not allocated
Ba Jing (1):
ktest.pl: Remove unused declarations in run_bisect_test function
Balaji Pothunoori (1):
wifi: ath11k: Fix unexpected return buffer manager error for WCN6750/WCN6855
Bard Liao (1):
ASoC: Intel: sof_sdw: correct mach_params->dmic_num
Barnabás Czémán (1):
wifi: wcn36xx: fix channel survey memory allocation size
Benjamin Lin (2):
wifi: mt76: mt7996: fix incorrect indexing of MIB FW event
wifi: mt76: mt7996: fix definition of tx descriptor
Bo Gan (1):
clk: analogbits: Fix incorrect calculation of vco rate delta
Bokun Zhang (1):
drm/amdgpu/vcn: reset fw_shared under SRIOV
Boris Brezillon (1):
drm/panthor: Preserve the result returned by panthor_fw_resume()
Breno Leitao (1):
rhashtable: Fix potential deadlock by moving schedule_work outside lock
Bryan Brattlof (2):
arm64: dts: ti: k3-am62: Remove duplicate GICR reg
arm64: dts: ti: k3-am62a: Remove duplicate GICR reg
Bryan O'Donoghue (2):
clk: qcom: camcc-x1e80100: Set titan_top_gdsc as the parent GDSC of subordinate GDSCs
arm64: dts: qcom: sdm845-db845c-navigation-mezzanine: Convert mezzanine riser to dtso
Calvin Owens (1):
pps: Fix a use-after-free
Cezary Rojewski (4):
ASoC: Intel: avs: Do not readq() u32 registers
ASoC: Intel: avs: Fix the minimum firmware version numbers
ASoC: Intel: avs: Fix theoretical infinite loop
ALSA: hda: Fix compilation of snd_hdac_adsp_xxx() helpers
Charles Han (4):
ipmi: ipmb: Add check devm_kasprintf() returned value
wifi: mt76: mt7925: fix NULL deref check in mt7925_change_vif_links
Bluetooth: btbcm: Fix NULL deref in btbcm_get_board_name()
firewire: test: Fix potential null dereference in firewire kunit test
Chen Ni (1):
media: lmedm04: Handle errors for lme2510_int_read
Chen Ridong (5):
crypto: tegra - do not transfer req when tegra init fails
padata: fix UAF in padata_reorder
padata: add pd get/put refcnt helper
padata: avoid UAF for reorder_work
memcg: fix soft lockup in the OOM process
Chen-Yu Tsai (12):
regulator: dt-bindings: mt6315: Drop regulator-compatible property
arm64: dts: mediatek: mt8173-evb: Drop regulator-compatible property
arm64: dts: mediatek: mt8173-elm: Drop regulator-compatible property
arm64: dts: mediatek: mt8192-asurada: Drop regulator-compatible property
arm64: dts: mediatek: mt8195-cherry: Drop regulator-compatible property
arm64: dts: mediatek: mt8195-demo: Drop regulator-compatible property
arm64: dts: medaitek: mt8395-nio-12l: Drop regulator-compatible property
arm64: dts: mediatek: mt8395-genio-1200-evk: Drop regulator-compatible property
arm64: dts: mediatek: mt8173-elm: Fix MT6397 PMIC sub-node names
arm64: dts: mediatek: mt8173-evb: Fix MT6397 PMIC sub-node names
arm64: dts: mediatek: mt8183-kukui-jacuzzi: Drop pp3300_panel voltage settings
remoteproc: mtk_scp: Only populate devices for SCP cores
Chengming Zhou (1):
psi: Fix race when task wakes up before psi_sched_switch() adjusts flags
Chenyuan Yang (1):
net: davicom: fix UAF in dm9000_drv_remove
Chih-Kang Chang (1):
wifi: rtw89: avoid to init mgnt_entry list twice when WoWLAN failed
Christian Marangi (1):
net: airoha: Fix wrong GDM4 register definition
Christoph Hellwig (4):
block: copy back bounce buffer to user-space correctly in case of split
block: check BLK_FEAT_POLL under q_usage_count
block: don't update BLK_FEAT_POLL in __blk_mq_update_nr_hw_queues
xfs: check for dead buffers in xfs_buf_find_insert
Christophe JAILLET (3):
drm/amd/pm: Fix an error handling path in vega10_enable_se_edc_force_stall_config()
wifi: mt76: mt7915: Fix an error handling path in mt7915_add_interface()
pinctrl: samsung: Fix irq handling if an error occurs in exynos_irq_demux_eint16_31()
Christophe Leroy (4):
select: Fix unbalanced user_access_end()
perf maps: Fix display of kernel symbols
perf machine: Don't ignore _etext when not a text symbol
module: Don't fail module loading when setting ro_after_init section RO failed
Chuck Lever (1):
Revert "SUNRPC: Reduce thread wake-up rate when receiving large RPC messages"
Chun-Tse Shao (1):
perf lock: Fix parse_lock_type which only retrieve one lock flag
Claudiu Beznea (3):
ASoC: renesas: rz-ssi: Use only the proper amount of dividers
arm64: dts: renesas: rzg3s-smarc: Fix the debug serial alias
ASoC: da7213: Initialize the mutex
Colin Ian King (1):
wifi: rtlwifi: rtl8821ae: phy: restore removed code to fix infinite loop
Conor Dooley (1):
PCI: microchip: Add support for using either Root Port 1 or 2
Cristian Birsan (2):
ARM: dts: microchip: sama5d29_curiosity: Add no-1-8-v property to sdmmc0 node
ARM: dts: microchip: sama5d27_wlsom1_ek: Add no-1-8-v property to sdmmc0 node
Daire McNamara (1):
PCI: microchip: Set inbound address translation for coherent or non-coherent mode
Dan Carpenter (4):
wifi: mt76: mt7925: fix off by one in mt7925_load_clc()
rdma/cxgb4: Prevent potential integer overflow on 32bit
rtc: tps6594: Fix integer overflow on 32bit systems
media: imx-jpeg: Fix potential error pointer dereference in detach_pm()
Daniel Baluta (1):
ASoC: amd: acp: Fix possible deadlock
Daniel Gabay (1):
wifi: iwlwifi: mvm: don't count mgmt frames as MPDU
Daniel Lee (1):
f2fs: Introduce linear search for dentries
Daniel Xu (1):
bpf: tcp: Mark bpf_load_hdr_opt() arg2 as read-write
Darrick J. Wong (1):
xfs: don't shut down the filesystem for media failures beyond end of log
Dave Stevenson (2):
media: i2c: imx290: Register 0x3011 varies between imx327 and imx290
media: i2c: ov9282: Correct the exposure offset
David Howells (6):
afs: Fix EEXIST error returned from afs_rmdir() to be ENOTEMPTY
afs: Fix directory format encoding struct
afs: Fix cleanup of immediately failed async calls
afs: Fix the fallback handling for the YFS.RemoveFile2 RPC call
rxrpc: Fix handling of received connection abort
rxrpc, afs: Fix peer hash locking vs RCU callback
Derek Foreman (1):
drm/connector: Allow clearing HDMI infoframes
Desnes Nunes (1):
media: dvb-usb-v2: af9035: fix ISO C90 compilation error on af9035_i2c_master_xfer
Detlev Casanova (1):
ASoC: rockchip: i2s_tdm: Re-add the set_sysclk callback
Dheeraj Reddy Jonnalagadda (1):
net: fec: implement TSO descriptor cleanup
Dimitri Fedrau (1):
net: phy: marvell-88q2xxx: Fix temperature measurement with reset-gpios
Dmitry Antipov (1):
wifi: cfg80211: adjust allocation of colocated AP data
Dmitry Baryshkov (28):
drm/msm/dp: set safe_to_exit_level before printing it
drm/msm/dpu: provide DSPP and correct LM config for SDM670
drm/msm/dpu: link DSPP_2/_3 blocks on SM8150
drm/msm/dpu: link DSPP_2/_3 blocks on SC8180X
drm/msm/dpu: link DSPP_2/_3 blocks on SM8250
drm/msm/dpu: link DSPP_2/_3 blocks on SM8350
drm/msm/dpu: link DSPP_2/_3 blocks on SM8550
drm/msm/dpu: link DSPP_2/_3 blocks on SM8650
drm/msm/dpu: link DSPP_2/_3 blocks on X1E80100
drm/msm: don't clean up priv->kms prematurely
drm/msm/mdp4: correct LCDC regulator name
arm64: dts: qcom: msm8916: correct sleep clock frequency
arm64: dts: qcom: msm8939: correct sleep clock frequency
arm64: dts: qcom: msm8994: correct sleep clock frequency
arm64: dts: qcom: qcs404: correct sleep clock frequency
arm64: dts: qcom: q[dr]u1000: correct sleep clock frequency
arm64: dts: qcom: qrb4210-rb2: correct sleep clock frequency
arm64: dts: qcom: sc7280: correct sleep clock frequency
arm64: dts: qcom: sdx75: correct sleep clock frequency
arm64: dts: qcom: sm4450: correct sleep clock frequency
arm64: dts: qcom: sm6125: correct sleep clock frequency
arm64: dts: qcom: sm6375: correct sleep clock frequency
arm64: dts: qcom: sm8250: correct sleep clock frequency
arm64: dts: qcom: sm8350: correct sleep clock frequency
arm64: dts: qcom: sm8450: correct sleep clock frequency
arm64: dts: qcom: sm8550: correct sleep clock frequency
arm64: dts: qcom: sm8650: correct sleep clock frequency
arm64: dts: qcom: x1e80100: correct sleep clock frequency
Dmitry V. Levin (1):
selftests: harness: fix printing of mismatch values in __EXPECT()
Dmytro Maluka (1):
of/fdt: Restore possibility to use both ACPI and FDT from bootloader
Douglas Anderson (1):
Bluetooth: btusb: mediatek: Add locks for usb_driver_claim_interface()
Drew Fustini (3):
clk: thead: Fix clk gate registration to pass flags
clk: thead: Add CLK_IGNORE_UNUSED to fix TH1520 boot
clk: thead: Fix cpu2vp_clk for TH1520 AP_SUBSYS clocks
Edward Cree (1):
net: ethtool: only allow set_rxnfc with rss + ring_cookie if driver opts in
Emil Tantilov (2):
idpf: add read memory barrier when checking descriptor done bit
idpf: fix transaction timeouts on reset
Eric Dumazet (11):
net_sched: sch_sfq: handle bigger packets
inetpeer: remove create argument of inet_getpeer_v[46]()
inetpeer: remove create argument of inet_getpeer()
inetpeer: update inetpeer timestamp in inet_getpeer()
inetpeer: do not get a refcount in inet_getpeer()
ptr_ring: do not block hard interrupts in ptr_ring_resize_multiple()
ax25: rcu protect dev->ax25_ptr
inet: ipmr: fix data-races
ipmr: do not call mr_mfc_uses_dev() for unres entries
net: rose: fix timer races against user threads
net: hsr: fix fill_frame_info() regression vs VLAN packets
Eric-SY Chang (1):
wifi: mt76: mt7925: fix wrong band_idx setting when enable sniffer mode
Eugen Hristev (1):
pstore/blk: trivial typo fixes
Everest K.C (1):
xfrm: Add error handling when nla_put_u32() returns an error
Felix Fietkau (4):
wifi: mt76: mt7996: fix rx filter setting for bfee functionality
wifi: mt76: only enable tx worker after setting the channel
wifi: mt76: mt7915: firmware restart on devices with a second pcie link
wifi: mt76: mt7915: fix omac index assignment after hardware reset
Florian Westphal (2):
netfilter: nft_flow_offload: update tcp state flags under lock
xfrm: state: fix out-of-bounds read during lookup
Frank Li (1):
PCI: imx6: Configure PHY based on Root Complex or Endpoint mode
Frank Wunderlich (1):
arm64: dts: mediatek: mt7988: Add missing clock-div property for i2c
Gal Pressman (2):
ethtool: Fix set RXNFC command with symmetric RSS hash
ethtool: Fix access to uninitialized fields in set RXNFC command
Gao Xiang (4):
erofs: get rid of erofs_{find,insert}_workgroup
erofs: move erofs_workgroup operations into zdata.c
erofs: sunset `struct erofs_workgroup`
erofs: fix potential return value overflow of z_erofs_shrink_scan()
Gaurav Batra (1):
powerpc/pseries/iommu: IOMMU incorrectly marks MMIO range in DDW
Gaurav Jain (1):
crypto: caam - use JobR's space to access page 0 regs
Gautham R. Shenoy (1):
cpufreq: ACPI: Fix max-frequency computation
Geert Uytterhoeven (4):
ps3disk: Do not use dev->bounce_size before it is set
dt-bindings: leds: class-multicolor: Fix path to color definitions
selftests: timers: clocksource-switch: Adapt progress to kselftest framework
dma-mapping: save base/size instead of pointer to shared DMA pool
George Lander (1):
ASoC: sun4i-spdif: Add clock multiplier settings
Greg Kroah-Hartman (1):
Linux 6.12.13
Guangguan Wang (1):
net/smc: fix data error when recvmsg with MSG_PEEK flag
Guixin Liu (2):
scsi: ufs: bsg: Delete bsg_dev when setting up bsg fails
scsi: mpi3mr: Fix possible crash when setting up bsg fails
He Rongguang (1):
cpupower: fix TSC MHz calculation
Heiko Carstens (1):
s390/sclp: Initialize sclp subsystem via arch_cpu_finalize_init()
Heiko Stuebner (1):
drm/rockchip: vop2: fix rk3588 dp+dsi maxclk verification
Herbert Xu (2):
crypto: api - Fix boot-up self-test race
rhashtable: Fix rhashtable_try_insert test
Hermes Wu (1):
drm/bridge: it6505: Change definition of AUX_FIFO_MAX_SIZE
Hou Tao (1):
bpf: Cancel the running bpf_timer through kworker for PREEMPT_RT
Howard Chu (2):
perf trace: Fix BPF loading failure (-E2BIG)
perf trace: Fix runtime error of index out of bounds
Howard Hsu (2):
wifi: mt76: mt7996: fix the capability of reception of EHT MU PPDU
wifi: mt76: mt7996: fix HE Phy capability
Hsin-Te Yuan (2):
arm64: dts: mediatek: mt8183: kenzo: Support second source touchscreen
arm64: dts: mediatek: mt8183: willow: Support second source touchscreen
Hsin-Yi Wang (1):
arm64: dts: mt8183: set DMIC one-wire mode on Damu
Huacai Chen (1):
LoongArch: Fix warnings during S3 suspend
Ian Rogers (1):
perf inject: Fix use without initialization of local variables
Ilan Peer (1):
wifi: mac80211: Fix common size calculation for ML element
Ivan Stepchenko (1):
drm/amdgpu: Fix potential NULL pointer dereference in atomctrl_get_smc_sclk_range_table
Jakub Kicinski (3):
net: netdevsim: try to close UDP port harness races
tools: ynl: c: correct reverse decode of empty attrs
ethtool: ntuple: fix rss + ring_cookie check
Jamal Hadi Salim (1):
net: sched: Disallow replacing of child qdisc from one parent to another
Jan Stancek (2):
selftests: mptcp: extend CFLAGS to keep options from environment
selftests: net/{lib,openvswitch}: extend CFLAGS to keep options from environment
Jason Gunthorpe (1):
iommu/arm-smmuv3: Update comments about ATS and bypass
Jason-JH.Lin (1):
dts: arm64: mediatek: mt8195: Remove MT8183 compatible for OVL
Javier Carrasco (2):
clk: renesas: cpg-mssr: Fix 'soc' node handling in cpg_mssr_reserved_init()
soc: atmel: fix device_node release in atmel_soc_device_init()
Jens Axboe (2):
nvme: fix bogus kzalloc() return check in nvme_init_effects_log()
io_uring/uring_cmd: use cached cmd_op in io_uring_cmd_sock()
Jiachen Zhang (1):
perf report: Fix misleading help message about --demangle
Jian Shen (1):
net: hns3: fix oops when unload drivers paralleling
Jianbo Liu (1):
xfrm: replay: Fix the update of replay_esn->oseq_hi for GSO
Jiang Liu (1):
drm/amdgpu: tear down ttm range manager for doorbell in amdgpu_ttm_fini()
Jiasheng Jiang (3):
media: marvell: Add check for clk_enable()
media: mipi-csis: Add check for clk_enable()
media: camif-core: Add check for clk_enable()
Jiayuan Chen (1):
selftests/bpf: Avoid generating untracked files when running bpf selftests
Jinliang Zheng (1):
fs: fix proc_handler for sysctl_nr_open
Jiri Kosina (1):
HID: multitouch: fix support for Goodix PID 0x01e9
Jiri Slaby (SUSE) (1):
tty: mips_ejtag_fdc: fix one more u8 warning
Joe Hattori (14):
clk: fix an OF node reference leak in of_clk_get_parent_name()
ACPI: fan: cleanup resources in the error path of .probe()
leds: netxbig: Fix an OF node reference leak in netxbig_leds_get_of_pdata()
regulator: of: Implement the unwind path of of_regulator_match()
OPP: OF: Fix an OF node leak in _opp_add_static_v2()
leds: cht-wcove: Use devm_led_classdev_register() to avoid memory leak
crypto: ixp4xx - fix OF node reference leaks in init_ixp_crypto()
memory: tegra20-emc: fix an OF node reference bug in tegra_emc_find_node_by_ram_code()
fbdev: omapfb: Fix an OF node leak in dss_of_port_get_parent_device()
mtd: hyperbus: hbmc-am654: fix an OF node reference leak
watchdog: rti_wdt: Fix an OF node leak in rti_wdt_probe()
staging: media: imx: fix OF node leak in imx_media_add_of_subdevs()
dmaengine: ti: edma: fix OF node reference leaks in edma_driver
usb: dwc3-am62: Fix an OF node leak in phy_syscon_pll_refclk()
Joel Stanley (2):
hwmon: Fix help text for aspeed-g6-pwm-tach
arm64: dts: qcom: x1e80100-romulus: Update firmware nodes
Johannes Berg (3):
wifi: iwlwifi: fw: read STEP table from correct UEFI var
wifi: mac80211: prohibit deactivating all links
wifi: mac80211: don't flush non-uploaded STAs
Johannes Weiner (1):
sched: psi: pass enqueue/dequeue flags to psi callbacks directly
John Ogness (2):
printk: Defer legacy printing when holding printk_cpu_sync
serial: 8250: Adjust the timeout for FIFO mode
John Stultz (1):
sched: Split out __schedule() deactivate task logic into a helper
Jon Maloy (1):
tcp: correct handling of extreme memory squeeze
Jonas Karlman (1):
arm64: dts: rockchip: Fix sdmmc access on rk3308-rock-s0 v1.1 boards
Jonathan Kim (1):
drm/amdgpu: fix gpu recovery disable with per queue reset
Jos Wang (1):
usb: typec: tcpm: set SRC_SEND_CAPABILITIES timeout to PD_T_SENDER_RESPONSE
Josua Mayer (2):
arm64: dts: marvell: cn9131-cf-solidwan: fix cp1 comphy links
arm64: dts: ti: k3-am642-hummingboard-t: Convert overlay to board dts
Junxian Huang (1):
RDMA/hns: Clean up the legacy CONFIG_INFINIBAND_HNS
K Prateek Nayak (1):
x86/topology: Use x86_sched_itmt_flags for PKG domain unconditionally
Kailang Yang (1):
ALSA: hda/realtek - Fixed headphone distorted sound on Acer Aspire A115-31 laptop
Kalesh AP (1):
RDMA/bnxt_re: Fix to drop reference to the mmap entry in case of error
Kanchana P Sridhar (1):
crypto: iaa - Fix IAA disabling that occurs when sync_mode is set to 'async'
Karol Przybylski (1):
HID: hid-thrustmaster: Fix warning in thrustmaster_probe by adding endpoint check
Kees Cook (2):
coredump: Do not lock during 'comm' reporting
wifi: cfg80211: Move cfg80211_scan_req_add_chan() n_channels increment earlier
Keisuke Nishimura (2):
nvme: Add error check for xa_store in nvme_get_effects_log
nvme: Add error path for xa_store in nvme_init_effects
King Dix (1):
PCI: rcar-ep: Fix incorrect variable used when calling devm_request_mem_region()
Konrad Dybcio (3):
arm64: dts: qcom: msm8996: Fix up USB3 interrupts
arm64: dts: qcom: msm8994: Describe USB interrupts
arm64: dts: qcom: sc8280xp: Fix up remoteproc register space sizes
Kory Maincent (2):
net: ravb: Fix missing rtnl lock in suspend/resume path
net: sh_eth: Fix missing rtnl lock in suspend/resume path
Krishna chaitanya chundru (1):
PCI: qcom: Update ICC and OPP values after Link Up event
Krzysztof Kozlowski (3):
arm64: dts: qcom: sm8650: Fix CDSP context banks unit addresses
arm64: dts: qcom: sc7180: change labels to lower-case
firmware: qcom: scm: Cleanup global '__scm' on probe failures
Kunihiko Hayashi (2):
net: stmmac: Limit the number of MTL queues to hardware capability
net: stmmac: Limit FIFO size by hardware capability
Kuniyuki Iwashima (1):
dev: Acquire netdev_rename_lock before restoring dev->name in dev_change_name().
Kyle Tso (2):
usb: dwc3: core: Defer the probe until USB power supply ready
usb: typec: tcpci: Prevent Sink disconnection before vPpsShutdown in SPR PPS
Laurent Pinchart (1):
media: uvcvideo: Fix double free in error path
Laurentiu Palcu (2):
media: nxp: imx8-isi: fix v4l2-compliance test errors
staging: media: max96712: fix kernel oops when removing module
Len Brown (1):
tools/power turbostat: Fix forked child affinity regression
Leon Hwang (1):
selftests/bpf: Add test to verify tailcall and freplace restrictions
Leon Romanovsky (1):
RDMA/mlx4: Avoid false error about access to uninitialized gids array
Leon Yen (1):
wifi: mt76: mt7925: Fix CNM Timeout with Single Active Link in MLO
Levi Yun (1):
perf expr: Initialize is_test value in expr__ctx_new()
Li Zhijian (1):
RDMA/rtrs: Add missing deinit() call
Lianqin Hu (1):
ALSA: usb-audio: Add delay quirk for iBasso DC07 Pro
Lin Yujun (1):
hexagon: Fix unbalanced spinlock in die()
Liu Jian (1):
net: let net.core.dev_weight always be non-zero
Lorenzo Bianconi (1):
net: airoha: Fix error path in airoha_probe()
Luca Ceresoli (1):
gpio: pca953x: log an error when failing to get the reset GPIO
Luca Weiss (2):
arm64: dts: qcom: sm7225-fairphone-fp4: Drop extra qcom,msm-id value
media: i2c: imx412: Add missing newline to prints
Luo Yifan (1):
tools/bootconfig: Fix the wrong format specifier
Ma Ke (1):
RDMA/srp: Fix error handling in srp_add_port
Maciej S. Szmigiero (1):
pinctrl: amd: Take suspend type into consideration which pins are non-wake
Mahdi Arghavani (1):
tcp_cubic: fix incorrect HyStart round start detection
Maher Sanalla (1):
net/mlxfw: Drop hard coded max FW flash image size
Mamta Shukla (1):
arm: dts: socfpga: use reset-name "stmmaceth-ocp" instead of "ahb"
Manivannan Sadhasivam (3):
cpufreq: qcom: Fix qcom_cpufreq_hw_recalc_rate() to query LUT if LMh IRQ is not available
cpufreq: qcom: Implement clk_ops::determine_rate() for qcom_cpufreq* clocks
PCI: endpoint: pci-epf-test: Fix check for DMA MEMCPY test
Manoj Vishwanathan (1):
idpf: Acquire the lock before accessing the xn->salt
Marcel Hamer (1):
wifi: brcmfmac: add missing header include for brcmf_dbg
Marco Leogrande (2):
tools/testing/selftests/bpf/test_tc_tunnel.sh: Fix wait for server bind
idpf: convert workqueues to unbound
Marek Vasut (5):
clk: imx8mp: Fix clkout1/2 support
ARM: dts: stm32: Increase CPU core voltage on STM32MP13xx DHCOR SoM
ARM: dts: stm32: Deduplicate serial aliases and chosen node for STM32MP15xx DHCOM SoM
ARM: dts: stm32: Swap USART3 and UART8 alias on STM32MP15xx DHCOM SoM
arm64: dts: qcom: msm8996-xiaomi-gemini: Fix LP5562 LED1 reg property
Mark Brown (1):
spi: omap2-mcspi: Correctly handle devm_clk_get_optional() errors
Martin KaFai Lau (2):
bpf: bpf_local_storage: Always use bpf_mem_alloc in PREEMPT_RT
bpf: Reject struct_ops registration that uses module ptr and the module btf_id is missing
Masahiro Yamada (5):
module: Convert default symbol namespace to string literal
genksyms: fix memory leak when the same symbol is added from source
genksyms: fix memory leak when the same symbol is read from *.symref file
kconfig: fix file name in warnings when loading KCONFIG_DEFCONFIG_LIST
kconfig: fix memory leak in sym_warn_unmet_dep()
Masami Hiramatsu (Google) (1):
selftests/ftrace: Fix to use remount when testing mount GID option
Mateusz Polchlopek (3):
ice: rework of dump serdes equalizer values feature
ice: extend dump serdes equalizer values feature
ice: remove invalid parameter of equalizer
Mathieu Desnoyers (1):
selftests/rseq: Fix handling of glibc without rseq support
Matthieu Baerts (NGI0) (2):
mptcp: pm: only set fullmesh for subflow endp
mptcp: blackhole only if 1st SYN retrans w/o MPC is accepted
Matti Vaittinen (1):
dt-bindings: mfd: bd71815: Fix rsense and typos
Max Chou (1):
Bluetooth: btrtl: check for NULL in btrtl_setup_realtek()
Maíra Canal (1):
drm/v3d: Fix performance counter source settings on V3D 7.x
Michael Ellerman (1):
selftests/powerpc: Fix argument order to timer_sub()
Michael Guralnik (1):
RDMA/mlx5: Fix indirect mkey ODP page count
Michael Lo (1):
wifi: mt76: mt7921: fix using incorrect group cipher after disconnection.
Michael Riesch (1):
arm64: dts: rockchip: fix num-channels property of wolfvision pf5 mic
Michal Luczaj (1):
vsock: Allow retrying on connect() failure
Michal Pecio (1):
usb: xhci: Fix NULL pointer dereference on certain command aborts
Michal Swiatkowski (1):
iavf: allow changing VLAN state without calling PF
Mickaël Salaün (4):
selftests: ktap_helpers: Fix uninitialized variable
landlock: Handle weird files
selftests/landlock: Fix build with non-default pthread linking
selftests/landlock: Fix error message
Mike Snitzer (1):
nfs: fix incorrect error handling in LOCALIO
Min-Hua Chen (1):
drm/rockchip: vop2: include rockchip_drm_drv.h
Ming Wang (1):
rtc: loongson: clear TOY_MATCH0_REG in loongson_rtc_isr()
Ming Yen Hsieh (15):
wifi: mt76: mt7925: fix get wrong chip cap from incorrect pointer
wifi: mt76: mt7925: fix the invalid ip address for arp offload
wifi: mt76: mt7925: Fix incorrect MLD address in bss_mld_tlv for MLO support
wifi: mt76: mt7925: Fix incorrect WCID assignment for MLO
wifi: mt76: mt7925: fix wrong parameter for related cmd of chan info
wifi: mt76: mt7925: Enhance mt7925_mac_link_bss_add to support MLO
wifi: mt76: Enhance mt7925_mac_link_sta_add to support MLO
wifi: mt76: mt7925: Update mt7925_mcu_sta_update for BC in ASSOC state
wifi: mt76: mt7925: Update mt792x_rx_get_wcid for per-link STA
wifi: mt76: mt7925: Update mt7925_unassign_vif_chanctx for per-link BSS
wifi: mt76: mt7925: Update secondary link PS flow
wifi: mt76: mt7925: Init secondary link PM state
wifi: mt76: mt7925: Update mt7925_mcu_uni_[tx,rx]_ba for MLO
wifi: mt76: mt7925: Cleanup MLO settings post-disconnection
wifi: mt76: mt7925: Properly handle responses for commands with events
Mingwei Zheng (5):
spi: zynq-qspi: Add check for clk_enable()
pwm: stm32-lp: Add check for clk_enable()
pwm: stm32: Add check for clk_enable()
pinctrl: nomadik: Add check for clk_enable()
pinctrl: stm32: Add check for clk_enable()
Miri Korenblit (1):
wifi: iwlwifi: mvm: avoid NULL pointer dereference
Mohamed Khalfella (1):
PCI: endpoint: pci-epf-test: Set dma_chan_rx pointer to NULL on error
Namhyung Kim (1):
perf test: Skip syscall enum test if no landlock syscall
Nathan Chancellor (1):
s390: Add '-std=gnu11' to decompressor and purgatory CFLAGS
Neeraj Sanjay Kale (1):
Bluetooth: btnxpuart: Fix glitches seen in dual A2DP streaming
Neil Armstrong (9):
OPP: add index check to assert to avoid buffer overflow in _read_freq()
OPP: fix dev_pm_opp_find_bw_*() when bandwidth table not initialized
dt-bindings: mmc: controller: clarify the address-cells description
arm64: dts: qcom: qcm6490-shift-otter: remove invalid orientation-switch
arm64: dts: qcom: sdm845-db845c-navigation-mezzanine: remove disabled ov7251 camera
arm64: dts: qcom: sc7180-trogdor-quackingstick: add missing avee-supply
arm64: dts: qcom: sc7180-trogdor-pompom: rename 5v-choke thermal zone
arm64: dts: qcom: sc7180: fix psci power domain node names
arm64: dts: qcom: sm8150-microsoft-surface-duo: fix typos in da7280 properties
Nicolas Cavallari (1):
wifi: mt76: mt7915: Fix mesh scan on MT7916 DBDC
Nicolas Ferre (1):
ARM: at91: pm: change BU Power Switch to automatic mode
Nikita Zhandarovich (2):
net/rose: prevent integer overflows in rose_setsockopt()
net: usb: rtl8150: enable basic endpoint checking
Nícolas F. R. A. Prado (2):
arm64: dts: mediatek: mt8186: Move wakeup to MTU3 to get working suspend
arm64: dts: mediatek: mt8195: Remove suspend-breaking reset from pcie1
Octavian Purdila (2):
net_sched: sch_sfq: don't allow 1 packet limit
team: prevent adding a device which is already a team device lower
Oleksij Rempel (1):
rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read
Olga Kornievskaia (2):
NFSv4.2: fix COPY_NOTIFY xdr buf size calculation
NFSv4.2: mark OFFLOAD_CANCEL MOVEABLE
Oliver Neukum (1):
media: rc: iguanair: handle timeouts
Oreoluwa Babatunde (1):
of: reserved_mem: Restructure how the reserved memory regions are processed
Pablo Neira Ayuso (2):
netfilter: nf_tables: fix set size with rbtree backend
netfilter: nf_tables: reject mismatching sum of field_len with set key length
Pali Rohár (3):
cifs: Use cifs_autodisable_serverino() for disabling CIFS_MOUNT_SERVER_INUM in readdir.c
cifs: Validate EAs for WSL reparse points
cifs: Fix getting and setting SACLs over SMB1
Palmer Dabbelt (1):
RISC-V: Mark riscv_v_init() as __init
Paolo Abeni (2):
mptcp: consolidate suboption status
mptcp: handle fastopen disconnect correctly
Parth Pancholi (1):
kbuild: switch from lz4c to lz4 for compression
Patrisious Haddad (1):
RDMA/mlx5: Fix implicit ODP use after free
Patryk Wlazlyn (2):
tools/power turbostat: Allow using cpu device in perf counters on hybrid platforms
tools/power turbostat: Fix PMT mmaped file size rounding
Paul Fertser (1):
net/ncsi: use dev_set_mac_address() for Get MC MAC Address handling
Paul Menzel (1):
scsi: mpt3sas: Set ioc->manu_pg11.EEDPTagMode directly to 1
Paulo Alcantara (1):
smb: client: fix oops due to unset link speed
Pei Xiao (4):
platform/mellanox: mlxbf-pmc: incorrect type in assignment
platform/x86: x86-android-tablets: make platform data be static
bpf: Use refcount_t instead of atomic_t for mmap_count
i3c: dw: Fix use-after-free in dw_i3c_master driver due to race condition
Peng Fan (1):
clk: imx: Apply some clks only for i.MX93
Pengfei Li (4):
dt-bindings: clock: imx93: Drop IMX93_CLK_END macro definition
dt-bindings: clock: Add i.MX91 clock support
clk: imx93: Move IMX93_CLK_END macro to clk driver
clk: imx: add i.MX91 clk
Perry Yuan (1):
x86/cpu: Enable SD_ASYM_PACKING for PKG domain on AMD
Peter Chiu (4):
wifi: mt76: mt7915: fix register mapping
wifi: mt76: mt7996: fix register mapping
wifi: mt76: mt7996: add max mpdu len capability
wifi: mt76: mt7996: fix ldpc setting
Peter Zijlstra (2):
sched/fair: Untangle NEXT_BUDDY and pick_next_task()
sched/fair: Fix value reported by hot tasks pulled in /proc/schedstat
Ping-Ke Shih (1):
wifi: rtw89: fix race between cancel_hw_scan and hw_scan completion
Przemek Kitszel (1):
ice: fix ice_parser_rt::bst_key array size
Pu Lehui (3):
selftests/bpf: Fix btf leak on new btf alloc failure in btf_distill test
libbpf: Fix return zero when elf_begin failed
libbpf: Fix incorrect traversal end type ID when marking BTF_IS_EMBEDDED
Puranjay Mohan (1):
bpf: Send signals asynchronously if !preemptible
Qasim Ijaz (1):
iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index()
Qu Wenruo (4):
btrfs: improve the warning and error message for btrfs_remove_qgroup()
btrfs: subpage: fix the bitmap dump of the locked flags
btrfs: output the reason for open_ctree() failure
btrfs: do proper folio cleanup when run_delalloc_nocow() failed
Quan Nguyen (1):
ipmi: ssif_bmc: Fix new request loss when bmc ready for a response
Quentin Monnet (1):
libbpf: Fix segfault due to libelf functions not setting errno
Rafał Miłecki (2):
ARM: dts: mediatek: mt7623: fix IR nodename
bgmac: reduce max frame size to support just MTU 1500
Randy Dunlap (2):
partitions: ldm: remove the initial kernel-doc notation
efi: sysfb_efi: fix W=1 warnings when EFI is not set
Ray Chi (1):
usb: dwc3: Skip resume if pm_runtime_set_active() fails
Rex Nie (1):
drm/msm/hdmi: simplify code in pll_get_integloop_gain
Ricardo B. Marliere (1):
ktest.pl: Check kernelrelease return in get_version
Ricardo Ribalda (1):
media: uvcvideo: Propagate buf->error to userspace
Richard Zhu (4):
PCI: imx6: Skip controller_id generation logic for i.MX7D
PCI: imx6: Deassert apps_reset in imx_pcie_deassert_core_reset()
PCI: imx6: Add missing reference clock disable logic
PCI: dwc: Always stop link in the dw_pcie_suspend_noirq
Ricky CX Wu (3):
ARM: dts: aspeed: yosemite4: correct the compatible string of adm1272
ARM: dts: aspeed: yosemite4: Add required properties for IOE on fan boards
ARM: dts: aspeed: yosemite4: correct the compatible string for max31790
Rob Herring (Arm) (1):
mfd: syscon: Fix race in device_node_get_regmap()
Roger Quadros (1):
net: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns()
Ross Burton (1):
arm64: defconfig: remove obsolete CONFIG_SM_DISPCC_8650
Ryusuke Konishi (3):
nilfs2: do not force clear folio if buffer is referenced
nilfs2: protect access to buffers with no active references
nilfs2: handle errors that nilfs_prepare_chunk() may return
Sagi Grimberg (1):
nvme-tcp: Fix I/O queue cpu spreading for multiple controllers
Saket Kumar Bhaskar (1):
selftests/bpf: Fix fill_link_info selftest on powerpc
Sathishkumar Muruganandam (1):
wifi: ath12k: fix tx power, max reg power update to firmware
Sean Christopherson (1):
KVM: x86: Plumb in the vCPU to kvm_x86_ops.hwapic_isr_update()
Sean Rhodes (1):
drivers/card_reader/rtsx_usb: Restore interrupt based detection
Sean Wang (1):
wifi: mt76: connac: Extend mt76_connac_mcu_uni_add_dev for MLO
Sebastian Andrzej Siewior (1):
module: Extend the preempt disabled section in dereference_symbol_descriptor().
Sebastian Sewior (1):
xfrm: Don't disable preemption while looking up cache state.
Sergio Paracuellos (1):
clk: ralink: mtmips: remove duplicated 'xtal' clock for Ralink SoC RT3883
Shayne Chen (1):
wifi: mt76: mt7996: fix invalid interface combinations
Shengjiu Wang (3):
dt-bindings: clock: imx93: Add SPDIF IPG clk
clk: imx93: Add IMX93_CLK_SPDIF_IPG clock
arm64: dts: imx93: Use IMX93_CLK_SPDIF_IPG as SPDIF IPG clock
Shigeru Yoshida (1):
vxlan: Fix uninit-value in vxlan_vnifilter_dump()
Shinas Rasheed (2):
octeon_ep: remove firmware stats fetch in ndo_get_stats64
octeon_ep_vf: remove firmware stats fetch in ndo_get_stats64
Shivaprasad G Bhat (1):
powerpc/pseries/iommu: Don't unset window if it was never set
Simon Trimmer (2):
ASoC: Intel: sof_sdw: Fix DMI match for Lenovo 83LC
ASoC: Intel: sof_sdw: Fix DMI match for Lenovo 83JX, 83MC and 83NM
Song Yoong Siang (1):
selftests/bpf: Actuate tx_metadata_len in xdp_hw_metadata
Sourabh Jain (1):
powerpc/book3s64/hugetlb: Fix disabling hugetlb when fadump is active
Stefano Brivio (1):
udp: Deal with race between UDP socket address change and rehash
Steffen Klassert (4):
xfrm: Add support for per cpu xfrm state handling.
xfrm: Cache used outbound xfrm states at the policy.
xfrm: Add an inbound percpu state cache.
xfrm: Fix acquire state insertion.
Su Yue (1):
ocfs2: mark dquot as inactive if failed to start trans while releasing dquot
Sui Jingfeng (2):
drm/etnaviv: Fix page property being used for non writecombine buffers
drm/msm: Check return value of of_dma_configure()
Sultan Alsawaf (unemployed) (1):
cpufreq: schedutil: Fix superfluous updates caused by need_freq_update
Suraj Sonawane (1):
iommu: iommufd: fix WARNING in iommufd_device_unbind
Takashi Iwai (4):
ASoC: cs40l50: Use *-y for Makefile
ASoC: mediatek: mt8365: Use *-y for Makefile
ASoC: wcd937x: Use *-y for Makefile
ALSA: seq: Make dependency on UMP clearer
Taniya Das (1):
arm64: dts: qcom: sa8775p: Update sleep_clk frequency
Terry Tritton (1):
HID: fix generic desktop D-Pad controls
Thadeu Lima de Souza Cascardo (9):
wifi: rtlwifi: do not complete firmware loading needlessly
wifi: rtlwifi: rtl8192se: rise completion of firmware loading as last step
wifi: rtlwifi: wait for firmware loading before releasing memory
wifi: rtlwifi: fix init_sw_vars leak when probe fails
wifi: rtlwifi: usb: fix workqueue leak when probe fails
wifi: rtlwifi: remove unused check_buddy_priv
wifi: rtlwifi: destroy workqueue at rtl_deinit_core
wifi: rtlwifi: fix memory leaks and invalid access at probe error path
wifi: rtlwifi: pci: wait for firmware loading before releasing memory
Thinh Nguyen (2):
usb: gadget: f_tcm: Fix Get/SetInterface return value
usb: gadget: f_tcm: Don't free command immediately
Thomas Gleixner (1):
genirq: Make handle_enforce_irqctx() unconditionally available
Thomas Weißschuh (2):
padata: fix sysfs store callback check
ptp: Properly handle compat ioctls
Tianchen Ding (1):
sched: Fix race between yield_to() and try_to_wake_up()
Tiezhu Yang (1):
LoongArch: Change 8 to 14 for LOONGARCH_MAX_{BRP,WRP}
Toke Høiland-Jørgensen (1):
net: xdp: Disallow attaching device-bound programs in generic mode
Uwe Kleine-König (2):
hwmon: (nct6775): Actually make use of the HWMON_NCT6775 symbol namespace
i2c: designware: Actually make use of the I2C_DW_COMMON and I2C_DW symbol namespaces
Val Packett (5):
arm64: dts: mediatek: mt8516: fix GICv2 range
arm64: dts: mediatek: mt8516: fix wdt irq type
arm64: dts: mediatek: mt8516: add i2c clock-div property
arm64: dts: mediatek: mt8516: reserve 192 KiB for TF-A
arm64: dts: mediatek: add per-SoC compatibles for keypad nodes
Vasily Gorbik (2):
s390/mm: Allow large pages for KASAN shadow mapping
Revert "s390/mm: Allow large pages for KASAN shadow mapping"
Vasily Khoruzhick (4):
dt-bindings: clock: sunxi: Export PLL_VIDEO_2X and PLL_MIPI
clk: sunxi-ng: a64: drop redundant CLK_PLL_VIDEO0_2X and CLK_PLL_MIPI
clk: sunxi-ng: a64: stop force-selecting PLL-MIPI as TCON0 parent
arm64: dts: allwinner: a64: explicitly assign clock parent for TCON0
Vishal Chourasia (1):
tools: Sync if_xdp.h uapi tooling header
Vladimir Zapolskiy (3):
arm64: dts: qcom: sc8280xp: Fix interrupt type of camss interrupts
arm64: dts: qcom: sdm845: Fix interrupt types of camss interrupts
arm64: dts: qcom: sm8250: Fix interrupt types of camss interrupts
WangYuli (1):
wifi: mt76: mt76u_vendor_request: Do not print error messages when -EPROTO
Wayne Lin (1):
drm/amd/display: Reduce accessing remote DPCD overhead
Wenkai Lin (2):
crypto: hisilicon/sec2 - fix for aead icv error
crypto: hisilicon/sec2 - fix for aead invalid authsize
Wentao Liang (1):
PM: hibernate: Add error handling for syscore_suspend()
Willem de Bruijn (1):
hexagon: fix using plain integer as NULL pointer warning in cmpxchg
Xin Long (1):
net: sched: refine software bypass handling in tc_run
Yabin Cui (1):
perf/core: Save raw sample data conditionally based on sample type
Yang Erkun (1):
block: retry call probe after request_module in blk_request_module
Yevgeny Kliteynik (1):
net/mlx5: HWS, fix definer's HWS_SET32 macro for negative offset
Yu Kuai (7):
nbd: don't allow reconnect after disconnect
md/md-bitmap: factor behind write counters out from bitmap_{start/end}write()
md/md-bitmap: remove the last parameter for bimtap_ops->endwrite()
md: add a new callback pers->bitmap_sector()
md/raid5: implement pers->bitmap_sector()
md/md-bitmap: move bitmap_{start, end}write to md upper layer
md/md-bitmap: Synchronize bitmap_get_stats() with bitmap lifetime
Zhongqiu Han (3):
perf header: Fix one memory leakage in process_bpf_btf()
perf header: Fix one memory leakage in process_bpf_prog_info()
perf bpf: Fix two memory leakages when calling perf_env__insert_bpf_prog_info()
Zhu Yanjun (1):
RDMA/rxe: Fix the warning "__rxe_cleanup+0x12c/0x170 [rdma_rxe]"
Zichen Xie (2):
wifi: cfg80211: tests: Fix potential NULL dereference in test_cfg80211_parse_colocated_ap()
samples/landlock: Fix possible NULL dereference in parse_path()
Zijun Hu (5):
of: property: Avoiding using uninitialized variable @imaplen in parse_interrupt_map()
of: reserved-memory: Do not make kmemleak ignore freed address
PCI: endpoint: Destroy the EPC device in devm_pci_epc_destroy()
driver core: class: Fix wild pointer dereferences in API class_dev_iter_next()
of: reserved-memory: Warn for missing static reserved memory regions
Zong-Zhe Yang (6):
wifi: rtw89: handle entity active flag per PHY
wifi: rtw89: chan: manage active interfaces
wifi: rtw89: tweak setting of channel and TX power for MLO
wifi: rtw89: fix proceeding MCC with wrong scanning state after sequence changes
wifi: rtw89: chan: fix soft lockup in rtw89_entity_recalc_mgnt_roles()
wifi: rtw89: mcc: consider time limits not divisible by 1024
allan.wang (1):
wifi: mt76: mt7925: Fix incorrect WCID phy_idx assignment
david regan (1):
mtd: rawnand: brcmnand: fix status read of brcmnand_waitfunc
pangliyuan (1):
ubifs: skip dumping tnc tree when zroot is null
xueqin Luo (2):
wifi: mt76: mt7996: fix overflows seen when writing limit attributes
wifi: mt76: mt7915: fix overflows seen when writing limit attributes
zhenwei pi (1):
RDMA/rxe: Fix mismatched max_msg_sz
4 months, 1 week
- 1
- 1
Linux 6.6.76
by Greg Kroah-Hartman
I'm announcing the release of the 6.6.76 kernel.
All users of the 6.6 kernel series must upgrade.
The updated 6.6.y git tree can be found at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.6.y
and can be browsed at the normal kernel.org git web browser:
https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary
thanks,
greg k-h
------------
Documentation/devicetree/bindings/leds/leds-class-multicolor.yaml | 2
Documentation/devicetree/bindings/mfd/rohm,bd71815-pmic.yaml | 20
Documentation/devicetree/bindings/mmc/mmc-controller.yaml | 2
Documentation/devicetree/bindings/regulator/mt6315-regulator.yaml | 6
Makefile | 4
arch/arm/boot/dts/aspeed/aspeed-bmc-facebook-yosemite4.dts | 24
arch/arm/boot/dts/intel/socfpga/socfpga_arria10.dtsi | 6
arch/arm/boot/dts/mediatek/mt7623.dtsi | 2
arch/arm/boot/dts/microchip/at91-sama5d27_wlsom1_ek.dts | 2
arch/arm/boot/dts/st/stm32mp151.dtsi | 2
arch/arm/boot/dts/st/stm32mp15xx-dhcom-drc02.dtsi | 12
arch/arm/boot/dts/st/stm32mp15xx-dhcom-pdk2.dtsi | 10
arch/arm/boot/dts/st/stm32mp15xx-dhcom-picoitx.dtsi | 10
arch/arm/boot/dts/st/stm32mp15xx-dhcom-som.dtsi | 7
arch/arm/mach-at91/pm.c | 31
arch/arm/mach-omap1/board-nokia770.c | 2
arch/arm64/boot/dts/allwinner/sun50i-a64-pinebook.dts | 2
arch/arm64/boot/dts/allwinner/sun50i-a64-teres-i.dts | 2
arch/arm64/boot/dts/allwinner/sun50i-a64.dtsi | 2
arch/arm64/boot/dts/mediatek/mt8173-elm.dtsi | 29
arch/arm64/boot/dts/mediatek/mt8173-evb.dts | 25
arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi-damu.dts | 4
arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi-kenzo.dts | 15
arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi-willow.dtsi | 15
arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi.dtsi | 2
arch/arm64/boot/dts/mediatek/mt8183.dtsi | 3
arch/arm64/boot/dts/mediatek/mt8186.dtsi | 8
arch/arm64/boot/dts/mediatek/mt8192-asurada.dtsi | 3
arch/arm64/boot/dts/mediatek/mt8195-cherry.dtsi | 2
arch/arm64/boot/dts/mediatek/mt8195-demo.dts | 9
arch/arm64/boot/dts/mediatek/mt8195.dtsi | 5
arch/arm64/boot/dts/mediatek/mt8365.dtsi | 3
arch/arm64/boot/dts/mediatek/mt8516.dtsi | 11
arch/arm64/boot/dts/mediatek/pumpkin-common.dtsi | 2
arch/arm64/boot/dts/nvidia/tegra234.dtsi | 2
arch/arm64/boot/dts/qcom/Makefile | 3
arch/arm64/boot/dts/qcom/msm8916.dtsi | 2
arch/arm64/boot/dts/qcom/msm8939.dtsi | 2
arch/arm64/boot/dts/qcom/msm8994.dtsi | 11
arch/arm64/boot/dts/qcom/msm8996-xiaomi-gemini.dts | 2
arch/arm64/boot/dts/qcom/msm8996.dtsi | 9
arch/arm64/boot/dts/qcom/pm6150.dtsi | 2
arch/arm64/boot/dts/qcom/pm6150l.dtsi | 3
arch/arm64/boot/dts/qcom/qcs404.dtsi | 2
arch/arm64/boot/dts/qcom/qdu1000-idp.dts | 2
arch/arm64/boot/dts/qcom/qrb4210-rb2.dts | 2
arch/arm64/boot/dts/qcom/qru1000-idp.dts | 2
arch/arm64/boot/dts/qcom/sa8775p-ride.dts | 827 ----------
arch/arm64/boot/dts/qcom/sa8775p-ride.dtsi | 814 +++++++++
arch/arm64/boot/dts/qcom/sc7180-firmware-tfa.dtsi | 84 -
arch/arm64/boot/dts/qcom/sc7180-trogdor-coachz.dtsi | 9
arch/arm64/boot/dts/qcom/sc7180-trogdor-homestar.dtsi | 9
arch/arm64/boot/dts/qcom/sc7180-trogdor-pompom.dtsi | 7
arch/arm64/boot/dts/qcom/sc7180-trogdor-quackingstick.dtsi | 1
arch/arm64/boot/dts/qcom/sc7180-trogdor-wormdingler.dtsi | 9
arch/arm64/boot/dts/qcom/sc7180-trogdor.dtsi | 3
arch/arm64/boot/dts/qcom/sc7180.dtsi | 387 ++--
arch/arm64/boot/dts/qcom/sc7280.dtsi | 2
arch/arm64/boot/dts/qcom/sc8280xp.dtsi | 6
arch/arm64/boot/dts/qcom/sdm845-db845c-navigation-mezzanine.dts | 104 -
arch/arm64/boot/dts/qcom/sdm845-db845c-navigation-mezzanine.dtso | 70
arch/arm64/boot/dts/qcom/sdm845.dtsi | 20
arch/arm64/boot/dts/qcom/sdx75.dtsi | 2
arch/arm64/boot/dts/qcom/sm4450.dtsi | 2
arch/arm64/boot/dts/qcom/sm6125.dtsi | 2
arch/arm64/boot/dts/qcom/sm6375.dtsi | 2
arch/arm64/boot/dts/qcom/sm7125.dtsi | 16
arch/arm64/boot/dts/qcom/sm7225-fairphone-fp4.dts | 2
arch/arm64/boot/dts/qcom/sm8150-microsoft-surface-duo.dts | 4
arch/arm64/boot/dts/qcom/sm8250.dtsi | 30
arch/arm64/boot/dts/qcom/sm8350.dtsi | 2
arch/arm64/boot/dts/qcom/sm8450.dtsi | 2
arch/arm64/boot/dts/ti/k3-am62-main.dtsi | 1
arch/arm64/boot/dts/ti/k3-am62a-main.dtsi | 1
arch/hexagon/include/asm/cmpxchg.h | 2
arch/hexagon/kernel/traps.c | 4
arch/loongarch/include/asm/hw_breakpoint.h | 4
arch/loongarch/include/asm/loongarch.h | 60
arch/loongarch/kernel/hw_breakpoint.c | 16
arch/loongarch/power/platform.c | 2
arch/powerpc/include/asm/hugetlb.h | 9
arch/powerpc/kernel/smp.c | 4
arch/powerpc/sysdev/xive/native.c | 4
arch/powerpc/sysdev/xive/spapr.c | 3
arch/riscv/kernel/vector.c | 2
arch/s390/Makefile | 2
arch/s390/kernel/perf_cpum_cf.c | 2
arch/s390/kernel/perf_pai_crypto.c | 2
arch/s390/kernel/perf_pai_ext.c | 2
arch/s390/kernel/topology.c | 2
arch/s390/purgatory/Makefile | 2
arch/x86/events/amd/ibs.c | 2
arch/x86/kernel/smpboot.c | 12
block/genhd.c | 22
block/partitions/ldm.h | 2
drivers/acpi/acpica/achware.h | 2
drivers/acpi/fan_core.c | 10
drivers/base/class.c | 9
drivers/block/nbd.c | 1
drivers/bluetooth/btnxpuart.c | 3
drivers/bus/ti-sysc.c | 4
drivers/char/ipmi/ipmb_dev_int.c | 3
drivers/char/ipmi/ssif_bmc.c | 5
drivers/clk/analogbits/wrpll-cln28hpc.c | 2
drivers/clk/clk-conf.c | 4
drivers/clk/clk-si5351.c | 76
drivers/clk/clk.c | 14
drivers/clk/imx/clk-imx8mp.c | 5
drivers/clk/qcom/common.c | 4
drivers/clk/qcom/gcc-sdm845.c | 32
drivers/clk/ralink/clk-mtmips.c | 1
drivers/clk/sunxi-ng/ccu-sun50i-a64.c | 13
drivers/clk/sunxi-ng/ccu-sun50i-a64.h | 2
drivers/clk/sunxi/clk-simple-gates.c | 4
drivers/clk/sunxi/clk-sun8i-bus-gates.c | 4
drivers/clocksource/samsung_pwm_timer.c | 4
drivers/cpufreq/acpi-cpufreq.c | 36
drivers/cpufreq/qcom-cpufreq-hw.c | 34
drivers/crypto/caam/blob_gen.c | 3
drivers/crypto/hisilicon/sec2/sec.h | 3
drivers/crypto/hisilicon/sec2/sec_crypto.c | 168 --
drivers/crypto/hisilicon/sec2/sec_crypto.h | 11
drivers/crypto/intel/ixp4xx/ixp4xx_crypto.c | 3
drivers/dma/ti/edma.c | 3
drivers/firmware/efi/sysfb_efi.c | 2
drivers/gpio/gpio-brcmstb.c | 5
drivers/gpio/gpio-mxc.c | 3
drivers/gpio/gpio-pca953x.c | 108 -
drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 1
drivers/gpu/drm/amd/amdgpu/vcn_v4_0_3.c | 2
drivers/gpu/drm/amd/pm/powerplay/hwmgr/ppatomctrl.c | 2
drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega10_powertune.c | 5
drivers/gpu/drm/bridge/ite-it6505.c | 2
drivers/gpu/drm/etnaviv/etnaviv_gem.c | 16
drivers/gpu/drm/msm/adreno/a6xx_gmu.c | 8
drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_5_0_sm8150.h | 2
drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_5_1_sc8180x.h | 2
drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_6_0_sm8250.h | 2
drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_7_0_sm8350.h | 2
drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_9_0_sm8550.h | 2
drivers/gpu/drm/msm/dp/dp_audio.c | 2
drivers/gpu/drm/rockchip/analogix_dp-rockchip.c | 1
drivers/gpu/drm/rockchip/cdn-dp-core.c | 1
drivers/gpu/drm/rockchip/dw-mipi-dsi-rockchip.c | 1
drivers/gpu/drm/rockchip/dw_hdmi-rockchip.c | 1
drivers/gpu/drm/rockchip/inno_hdmi.c | 1
drivers/gpu/drm/rockchip/rk3066_hdmi.c | 1
drivers/gpu/drm/rockchip/rockchip_drm_drv.h | 18
drivers/gpu/drm/rockchip/rockchip_drm_vop.h | 12
drivers/gpu/drm/rockchip/rockchip_drm_vop2.c | 121 +
drivers/gpu/drm/rockchip/rockchip_drm_vop2.h | 18
drivers/gpu/drm/rockchip/rockchip_lvds.c | 1
drivers/gpu/drm/rockchip/rockchip_rgb.c | 1
drivers/hid/hid-core.c | 2
drivers/hid/hid-input.c | 37
drivers/hid/hid-multitouch.c | 2
drivers/hid/hid-thrustmaster.c | 8
drivers/i3c/master/dw-i3c-master.c | 68
drivers/i3c/master/dw-i3c-master.h | 2
drivers/iio/adc/ti_am335x_adc.c | 4
drivers/infiniband/hw/bnxt_re/ib_verbs.c | 7
drivers/infiniband/hw/cxgb4/device.c | 6
drivers/infiniband/hw/mlx4/main.c | 8
drivers/infiniband/hw/mlx5/odp.c | 32
drivers/infiniband/sw/rxe/rxe.c | 6
drivers/infiniband/sw/rxe/rxe.h | 6
drivers/infiniband/sw/rxe/rxe_comp.c | 4
drivers/infiniband/sw/rxe/rxe_cq.c | 4
drivers/infiniband/sw/rxe/rxe_mr.c | 16
drivers/infiniband/sw/rxe/rxe_mw.c | 2
drivers/infiniband/sw/rxe/rxe_param.h | 2
drivers/infiniband/sw/rxe/rxe_pool.c | 11
drivers/infiniband/sw/rxe/rxe_qp.c | 8
drivers/infiniband/sw/rxe/rxe_resp.c | 12
drivers/infiniband/sw/rxe/rxe_task.c | 4
drivers/infiniband/sw/rxe/rxe_verbs.c | 221 +-
drivers/infiniband/ulp/srp/ib_srp.c | 1
drivers/irqchip/irq-atmel-aic-common.c | 4
drivers/irqchip/irq-pic32-evic.c | 4
drivers/leds/leds-cht-wcove.c | 6
drivers/leds/leds-netxbig.c | 1
drivers/media/i2c/imx290.c | 3
drivers/media/i2c/imx412.c | 42
drivers/media/i2c/ov9282.c | 2
drivers/media/platform/marvell/mcam-core.c | 7
drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c | 7
drivers/media/platform/nxp/imx8-isi/imx8-isi-video.c | 3
drivers/media/platform/samsung/exynos4-is/mipi-csis.c | 10
drivers/media/platform/samsung/s3c-camif/camif-core.c | 13
drivers/media/rc/iguanair.c | 4
drivers/media/usb/dvb-usb-v2/af9035.c | 18
drivers/media/usb/dvb-usb-v2/lmedm04.c | 12
drivers/media/usb/uvc/uvc_queue.c | 3
drivers/media/usb/uvc/uvc_status.c | 1
drivers/memory/tegra/tegra20-emc.c | 8
drivers/mfd/syscon.c | 81
drivers/mfd/ti_am335x_tscadc.c | 4
drivers/misc/cardreader/rtsx_usb.c | 15
drivers/mtd/hyperbus/hbmc-am654.c | 25
drivers/mtd/nand/raw/brcmnand/brcmnand.c | 5
drivers/net/ethernet/broadcom/bgmac.h | 3
drivers/net/ethernet/davicom/dm9000.c | 3
drivers/net/ethernet/freescale/fec_main.c | 31
drivers/net/ethernet/hisilicon/hns3/hnae3.c | 15
drivers/net/ethernet/hisilicon/hns3/hnae3.h | 2
drivers/net/ethernet/hisilicon/hns3/hns3_enet.c | 2
drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 2
drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 2
drivers/net/ethernet/intel/iavf/iavf_main.c | 19
drivers/net/ethernet/marvell/octeon_ep/octep_main.c | 10
drivers/net/ethernet/mellanox/mlxfw/mlxfw_fsm.c | 2
drivers/net/ethernet/mellanox/mlxsw/spectrum_mr.c | 8
drivers/net/ethernet/renesas/sh_eth.c | 4
drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 30
drivers/net/ethernet/ti/am65-cpsw-nuss.c | 2
drivers/net/netdevsim/netdevsim.h | 1
drivers/net/netdevsim/udp_tunnels.c | 23
drivers/net/team/team.c | 7
drivers/net/usb/rtl8150.c | 22
drivers/net/vxlan/vxlan_vnifilter.c | 5
drivers/net/wireless/ath/ath11k/dp_rx.c | 1
drivers/net/wireless/ath/ath11k/hal_rx.c | 3
drivers/net/wireless/ath/ath12k/mac.c | 6
drivers/net/wireless/ath/wcn36xx/main.c | 5
drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwil.h | 2
drivers/net/wireless/mediatek/mt76/mt7615/init.c | 2
drivers/net/wireless/mediatek/mt76/mt7615/mcu.c | 10
drivers/net/wireless/mediatek/mt76/mt7615/mt7615.h | 1
drivers/net/wireless/mediatek/mt76/mt76_connac_mcu.c | 11
drivers/net/wireless/mediatek/mt76/mt76_connac_mcu.h | 1
drivers/net/wireless/mediatek/mt76/mt7915/init.c | 2
drivers/net/wireless/mediatek/mt76/mt7915/mac.c | 32
drivers/net/wireless/mediatek/mt76/mt7915/main.c | 15
drivers/net/wireless/mediatek/mt76/mt7915/mcu.c | 2
drivers/net/wireless/mediatek/mt76/mt7915/mmio.c | 2
drivers/net/wireless/mediatek/mt76/mt7915/mt7915.h | 1
drivers/net/wireless/mediatek/mt76/mt7915/pci.c | 1
drivers/net/wireless/mediatek/mt76/mt7921/main.c | 8
drivers/net/wireless/mediatek/mt76/mt7996/init.c | 15
drivers/net/wireless/mediatek/mt76/mt7996/main.c | 3
drivers/net/wireless/mediatek/mt76/mt7996/mcu.c | 47
drivers/net/wireless/mediatek/mt76/mt7996/mmio.c | 2
drivers/net/wireless/mediatek/mt76/usb.c | 4
drivers/net/wireless/realtek/rtlwifi/base.c | 13
drivers/net/wireless/realtek/rtlwifi/base.h | 1
drivers/net/wireless/realtek/rtlwifi/pci.c | 61
drivers/net/wireless/realtek/rtlwifi/rtl8192se/sw.c | 7
drivers/net/wireless/realtek/rtlwifi/usb.c | 12
drivers/net/wireless/realtek/rtlwifi/wifi.h | 12
drivers/net/wireless/ti/wlcore/main.c | 10
drivers/nvme/host/core.c | 34
drivers/of/of_reserved_mem.c | 3
drivers/opp/core.c | 57
drivers/opp/of.c | 4
drivers/pci/controller/dwc/pci-imx6.c | 139 -
drivers/pci/controller/pcie-rcar-ep.c | 2
drivers/pci/endpoint/functions/pci-epf-test.c | 6
drivers/pci/endpoint/pci-epc-core.c | 2
drivers/pinctrl/nxp/pinctrl-s32cc.c | 4
drivers/pinctrl/pinctrl-amd.c | 27
drivers/pinctrl/pinctrl-amd.h | 7
drivers/pinctrl/pinctrl-k210.c | 4
drivers/pinctrl/stm32/pinctrl-stm32.c | 76
drivers/pps/clients/pps-gpio.c | 4
drivers/pps/clients/pps-ktimer.c | 4
drivers/pps/clients/pps-ldisc.c | 6
drivers/pps/clients/pps_parport.c | 4
drivers/pps/kapi.c | 10
drivers/pps/kc.c | 10
drivers/pps/pps.c | 127 -
drivers/ptp/ptp_chardev.c | 4
drivers/ptp/ptp_ocp.c | 2
drivers/pwm/pwm-samsung.c | 4
drivers/pwm/pwm-stm32-lp.c | 8
drivers/pwm/pwm-stm32.c | 7
drivers/regulator/core.c | 2
drivers/regulator/of_regulator.c | 14
drivers/remoteproc/remoteproc_core.c | 14
drivers/rtc/rtc-loongson.c | 13
drivers/rtc/rtc-pcf85063.c | 11
drivers/scsi/mpt3sas/mpt3sas_base.c | 3
drivers/soc/atmel/soc.c | 2
drivers/spi/spi-omap2-mcspi.c | 11
drivers/spi/spi-zynq-qspi.c | 13
drivers/staging/media/imx/imx-media-of.c | 8
drivers/staging/media/max96712/max96712.c | 4
drivers/tty/serial/8250/8250_port.c | 32
drivers/tty/serial/sc16is7xx.c | 34
drivers/tty/sysrq.c | 4
drivers/ufs/core/ufs_bsg.c | 1
drivers/usb/dwc3/core.c | 30
drivers/usb/dwc3/dwc3-am62.c | 1
drivers/usb/gadget/function/f_tcm.c | 14
drivers/usb/host/xhci-ring.c | 3
drivers/usb/misc/usb251xb.c | 4
drivers/usb/typec/tcpm/tcpci.c | 13
drivers/usb/typec/tcpm/tcpm.c | 10
drivers/vfio/iova_bitmap.c | 2
drivers/video/fbdev/omap2/omapfb/dss/dss-of.c | 1
drivers/watchdog/rti_wdt.c | 1
fs/afs/dir.c | 7
fs/afs/internal.h | 9
fs/afs/rxrpc.c | 12
fs/afs/xdr_fs.h | 2
fs/afs/yfsclient.c | 5
fs/btrfs/super.c | 2
fs/buffer.c | 24
fs/dlm/lowcomms.c | 3
fs/f2fs/dir.c | 53
fs/f2fs/f2fs.h | 6
fs/f2fs/inline.c | 5
fs/file_table.c | 2
fs/hostfs/hostfs_kern.c | 157 +
fs/nfs/nfs42proc.c | 2
fs/nfs/nfs42xdr.c | 2
fs/nfsd/nfs4callback.c | 1
fs/nilfs2/segment.c | 11
fs/ocfs2/quota_global.c | 5
fs/pstore/blk.c | 4
fs/select.c | 4
fs/smb/client/cifsacl.c | 25
fs/smb/client/cifsproto.h | 2
fs/smb/client/cifssmb.c | 4
fs/smb/client/readdir.c | 2
fs/smb/client/reparse.c | 22
fs/smb/client/smb2ops.c | 3
fs/ubifs/debug.c | 22
include/acpi/acpixf.h | 1
include/dt-bindings/clock/sun50i-a64-ccu.h | 2
include/linux/buffer_head.h | 4
include/linux/hid.h | 1
include/linux/ieee80211.h | 11
include/linux/kallsyms.h | 2
include/linux/mfd/syscon.h | 33
include/linux/mroute_base.h | 6
include/linux/netdevice.h | 2
include/linux/of.h | 15
include/linux/perf_event.h | 6
include/linux/platform_data/pca953x.h | 13
include/linux/platform_data/si5351.h | 2
include/linux/pps_kernel.h | 3
include/linux/sched.h | 1
include/linux/usb/tcpm.h | 3
include/net/ax25.h | 10
include/net/inetpeer.h | 12
include/net/netfilter/nf_tables.h | 8
include/net/xfrm.h | 16
include/trace/events/afs.h | 2
include/trace/events/rxrpc.h | 25
io_uring/uring_cmd.c | 2
kernel/bpf/bpf_local_storage.c | 8
kernel/events/core.c | 35
kernel/irq/internals.h | 9
kernel/padata.c | 45
kernel/power/hibernate.c | 7
kernel/sched/cpufreq_schedutil.c | 4
kernel/sched/fair.c | 19
kernel/sched/topology.c | 8
kernel/trace/bpf_trace.c | 13
net/ax25/af_ax25.c | 12
net/ax25/ax25_dev.c | 4
net/ax25/ax25_ip.c | 3
net/ax25/ax25_out.c | 22
net/ax25/ax25_route.c | 2
net/core/dev.c | 4
net/core/filter.c | 2
net/core/sysctl_net_core.c | 5
net/ethtool/netlink.c | 2
net/hsr/hsr_forward.c | 7
net/ipv4/icmp.c | 9
net/ipv4/inetpeer.c | 31
net/ipv4/ip_fragment.c | 15
net/ipv4/ipmr.c | 28
net/ipv4/ipmr_base.c | 9
net/ipv4/route.c | 17
net/ipv4/tcp_cubic.c | 8
net/ipv4/tcp_output.c | 9
net/ipv6/icmp.c | 6
net/ipv6/ip6_output.c | 6
net/ipv6/ip6mr.c | 28
net/ipv6/ndisc.c | 8
net/mac80211/debugfs_netdev.c | 2
net/mac80211/driver-ops.h | 3
net/mac80211/rx.c | 1
net/mptcp/options.c | 13
net/mptcp/protocol.c | 4
net/mptcp/protocol.h | 30
net/netfilter/nf_tables_api.c | 57
net/netfilter/nft_flow_offload.c | 16
net/netfilter/nft_set_pipapo.c | 7
net/netfilter/nft_set_rbtree.c | 178 +-
net/rose/af_rose.c | 16
net/rose/rose_timer.c | 15
net/rxrpc/conn_event.c | 12
net/sched/sch_api.c | 4
net/sched/sch_sfq.c | 56
net/smc/af_smc.c | 2
net/smc/smc_rx.c | 37
net/smc/smc_rx.h | 8
net/sunrpc/svcsock.c | 12
net/vmw_vsock/af_vsock.c | 5
net/wireless/scan.c | 35
net/xfrm/xfrm_replay.c | 10
samples/landlock/sandboxer.c | 7
scripts/Makefile.lib | 4
scripts/genksyms/genksyms.c | 11
scripts/genksyms/genksyms.h | 2
scripts/genksyms/parse.y | 18
scripts/kconfig/conf.c | 6
scripts/kconfig/confdata.c | 115 -
scripts/kconfig/lkc_proto.h | 2
scripts/kconfig/symbol.c | 10
security/landlock/fs.c | 11
sound/core/seq/Kconfig | 5
sound/pci/hda/patch_realtek.c | 1
sound/soc/codecs/arizona.c | 12
sound/soc/intel/avs/apl.c | 53
sound/soc/intel/avs/avs.h | 40
sound/soc/intel/avs/core.c | 51
sound/soc/intel/avs/ipc.c | 36
sound/soc/intel/avs/loader.c | 2
sound/soc/intel/avs/messages.h | 10
sound/soc/intel/avs/registers.h | 6
sound/soc/intel/avs/skl.c | 30
sound/soc/rockchip/rockchip_i2s_tdm.c | 31
sound/soc/sh/rz-ssi.c | 3
sound/soc/sunxi/sun4i-spdif.c | 7
sound/usb/quirks.c | 2
tools/bootconfig/main.c | 4
tools/lib/bpf/linker.c | 22
tools/lib/bpf/usdt.c | 2
tools/perf/builtin-lock.c | 66
tools/perf/builtin-report.c | 2
tools/perf/builtin-top.c | 2
tools/perf/builtin-trace.c | 6
tools/perf/util/bpf-event.c | 10
tools/perf/util/env.c | 13
tools/perf/util/env.h | 4
tools/perf/util/expr.c | 5
tools/perf/util/header.c | 8
tools/perf/util/machine.c | 2
tools/perf/util/namespaces.c | 7
tools/perf/util/namespaces.h | 3
tools/power/cpupower/utils/idle_monitor/mperf_monitor.c | 15
tools/testing/ktest/ktest.pl | 7
tools/testing/selftests/bpf/prog_tests/fill_link_info.c | 4
tools/testing/selftests/bpf/progs/test_fill_link_info.c | 13
tools/testing/selftests/bpf/test_tc_tunnel.sh | 1
tools/testing/selftests/drivers/net/netdevsim/udp_tunnel_nic.sh | 16
tools/testing/selftests/kselftest_harness.h | 24
tools/testing/selftests/landlock/fs_test.c | 3
tools/testing/selftests/powerpc/benchmarks/gettimeofday.c | 2
tools/testing/selftests/rseq/rseq.c | 32
tools/testing/selftests/rseq/rseq.h | 9
tools/testing/selftests/timers/clocksource-switch.c | 6
455 files changed, 4558 insertions(+), 3437 deletions(-)
Aaro Koskinen (1):
ARM: omap1: Fix up the Retu IRQ on Nokia 770
Ahmad Fatoum (1):
gpio: mxc: remove dead code after switch to DT-only
Akhil R (1):
arm64: tegra: Fix DMA ID for SPI2
Al Viro (1):
hostfs: fix string handling in __dentry_name()
Alan Stern (1):
HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections
Alexander Aring (1):
dlm: fix srcu_read_lock() return type to int
Alexander Stein (1):
regulator: core: Add missing newline character
Alexandre Cassen (1):
xfrm: delete intermediate secpath entry in packet offload mode
Alvin Šipraga (1):
clk: si5351: allow PLLs to be adjusted without reset
Amit Pundir (1):
clk: qcom: gcc-sdm845: Do not use shared clk_ops for QUPs
Andreas Kemnade (1):
wifi: wlcore: fix unbalanced pm_runtime calls
Andrew Halaney (2):
arm64: dts: qcom: sa8775p-ride: Describe sgmii_phy0 irq
arm64: dts: qcom: sa8775p-ride: Describe sgmii_phy1 irq
Andrii Nakryiko (1):
libbpf: don't adjust USDT semaphore address if .stapsdt.base addr is missing
Andy Shevchenko (2):
gpio: pca953x: Drop unused fields in struct pca953x_platform_data
gpio: pca953x: Fully convert to device managed resources
Andy Strohman (1):
wifi: mac80211: fix tid removal during mesh forwarding
Andy Yan (7):
drm/rockchip: vop2: Fix cluster windows alpha ctrl regsiters offset
drm/rockchip: vop2: Fix the mixer alpha setup for layer 0
drm/rockchip: vop2: Set YUV/RGB overlay mode
drm/rockchip: vop2: set bg dly and prescan dly at vop2_post_config
drm/rockchip: vop2: Fix the windows switch between different layers
drm/rockchip: vop2: Check linear format for Cluster windows on rk3566/8
drm/rockchip: move output interface related definition to rockchip_drm_drv.h
Antoine Tenart (1):
net: avoid race between device unregistration and ethnl ops
Arnaldo Carvalho de Melo (3):
perf top: Don't complain about lack of vmlinux when not resolving some kernel samples
perf namespaces: Introduce nsinfo__set_in_pidns()
perf namespaces: Fixup the nsinfo__in_pidns() return type, its bool
Arnaud Pouliquen (2):
ARM: dts: stm32: Fix IPCC EXTI declaration on stm32mp151
remoteproc: core: Fix ida_free call while not allocated
Ba Jing (1):
ktest.pl: Remove unused declarations in run_bisect_test function
Balaji Pothunoori (1):
wifi: ath11k: Fix unexpected return buffer manager error for WCN6750/WCN6855
Barnabás Czémán (1):
wifi: wcn36xx: fix channel survey memory allocation size
Bartosz Golaszewski (1):
arm64: dts: qcom: move common parts for sa8775p-ride variants into a .dtsi
Benjamin Lin (1):
wifi: mt76: mt7996: fix incorrect indexing of MIB FW event
Billy Tsai (1):
i3c: dw: Add hot-join support.
Bo Gan (1):
clk: analogbits: Fix incorrect calculation of vco rate delta
Bokun Zhang (1):
drm/amdgpu/vcn: reset fw_shared under SRIOV
Bryan Brattlof (2):
arm64: dts: ti: k3-am62: Remove duplicate GICR reg
arm64: dts: ti: k3-am62a: Remove duplicate GICR reg
Bryan O'Donoghue (1):
arm64: dts: qcom: sdm845-db845c-navigation-mezzanine: Convert mezzanine riser to dtso
Calvin Owens (1):
pps: Fix a use-after-free
Cezary Rojewski (4):
ASoC: Intel: avs: Prefix SKL/APL-specific members
ASoC: Intel: avs: Abstract IPC handling
ASoC: Intel: avs: Do not readq() u32 registers
ASoC: Intel: avs: Fix theoretical infinite loop
Charles Han (1):
ipmi: ipmb: Add check devm_kasprintf() returned value
Chen Ni (1):
media: lmedm04: Handle errors for lme2510_int_read
Chen Ridong (3):
padata: fix UAF in padata_reorder
padata: add pd get/put refcnt helper
padata: avoid UAF for reorder_work
Chen-Yu Tsai (9):
regulator: dt-bindings: mt6315: Drop regulator-compatible property
arm64: dts: mediatek: mt8173-evb: Drop regulator-compatible property
arm64: dts: mediatek: mt8173-elm: Drop regulator-compatible property
arm64: dts: mediatek: mt8192-asurada: Drop regulator-compatible property
arm64: dts: mediatek: mt8195-cherry: Drop regulator-compatible property
arm64: dts: mediatek: mt8195-demo: Drop regulator-compatible property
arm64: dts: mediatek: mt8173-elm: Fix MT6397 PMIC sub-node names
arm64: dts: mediatek: mt8173-evb: Fix MT6397 PMIC sub-node names
arm64: dts: mediatek: mt8183-kukui-jacuzzi: Drop pp3300_panel voltage settings
Chenghai Huang (1):
crypto: hisilicon/sec2 - optimize the error return process
Chenyuan Yang (1):
net: davicom: fix UAF in dm9000_drv_remove
Christophe JAILLET (1):
drm/amd/pm: Fix an error handling path in vega10_enable_se_edc_force_stall_config()
Christophe Leroy (2):
select: Fix unbalanced user_access_end()
perf machine: Don't ignore _etext when not a text symbol
Chuck Lever (2):
NFSD: Reset cb_seq_status after NFS4ERR_DELAY
Revert "SUNRPC: Reduce thread wake-up rate when receiving large RPC messages"
Chun-Tse Shao (1):
perf lock: Fix parse_lock_type which only retrieve one lock flag
Claudiu Beznea (1):
ASoC: renesas: rz-ssi: Use only the proper amount of dividers
Cristian Birsan (1):
ARM: dts: microchip: sama5d27_wlsom1_ek: Add no-1-8-v property to sdmmc0 node
Dan Carpenter (2):
rdma/cxgb4: Prevent potential integer overflow on 32bit
media: imx-jpeg: Fix potential error pointer dereference in detach_pm()
Daniel Lee (1):
f2fs: Introduce linear search for dentries
Daniel Xu (1):
bpf: tcp: Mark bpf_load_hdr_opt() arg2 as read-write
Dave Stevenson (2):
media: i2c: imx290: Register 0x3011 varies between imx327 and imx290
media: i2c: ov9282: Correct the exposure offset
David Howells (5):
afs: Fix EEXIST error returned from afs_rmdir() to be ENOTEMPTY
afs: Fix directory format encoding struct
afs: Fix cleanup of immediately failed async calls
afs: Fix the fallback handling for the YFS.RemoveFile2 RPC call
rxrpc: Fix handling of received connection abort
David Wronek (1):
arm64: dts: qcom: Add SM7125 device tree
Desnes Nunes (1):
media: dvb-usb-v2: af9035: fix ISO C90 compilation error on af9035_i2c_master_xfer
Detlev Casanova (1):
ASoC: rockchip: i2s_tdm: Re-add the set_sysclk callback
Dheeraj Reddy Jonnalagadda (1):
net: fec: implement TSO descriptor cleanup
Dmitry Antipov (1):
wifi: cfg80211: adjust allocation of colocated AP data
Dmitry Baryshkov (20):
drm/msm/dp: set safe_to_exit_level before printing it
drm/msm/dpu: link DSPP_2/_3 blocks on SM8150
drm/msm/dpu: link DSPP_2/_3 blocks on SC8180X
drm/msm/dpu: link DSPP_2/_3 blocks on SM8250
drm/msm/dpu: link DSPP_2/_3 blocks on SM8350
drm/msm/dpu: link DSPP_2/_3 blocks on SM8550
arm64: dts: qcom: msm8916: correct sleep clock frequency
arm64: dts: qcom: msm8939: correct sleep clock frequency
arm64: dts: qcom: msm8994: correct sleep clock frequency
arm64: dts: qcom: qcs404: correct sleep clock frequency
arm64: dts: qcom: q[dr]u1000: correct sleep clock frequency
arm64: dts: qcom: qrb4210-rb2: correct sleep clock frequency
arm64: dts: qcom: sc7280: correct sleep clock frequency
arm64: dts: qcom: sdx75: correct sleep clock frequency
arm64: dts: qcom: sm4450: correct sleep clock frequency
arm64: dts: qcom: sm6125: correct sleep clock frequency
arm64: dts: qcom: sm6375: correct sleep clock frequency
arm64: dts: qcom: sm8250: correct sleep clock frequency
arm64: dts: qcom: sm8350: correct sleep clock frequency
arm64: dts: qcom: sm8450: correct sleep clock frequency
Dmitry V. Levin (1):
selftests: harness: fix printing of mismatch values in __EXPECT()
Eric Dumazet (11):
net_sched: sch_sfq: annotate data-races around q->perturb_period
net_sched: sch_sfq: handle bigger packets
inetpeer: remove create argument of inet_getpeer_v[46]()
inetpeer: remove create argument of inet_getpeer()
inetpeer: update inetpeer timestamp in inet_getpeer()
inetpeer: do not get a refcount in inet_getpeer()
ax25: rcu protect dev->ax25_ptr
inet: ipmr: fix data-races
ipmr: do not call mr_mfc_uses_dev() for unres entries
net: rose: fix timer races against user threads
net: hsr: fix fill_frame_info() regression vs VLAN packets
Eugen Hristev (1):
pstore/blk: trivial typo fixes
Felix Fietkau (5):
wifi: mt76: mt7996: fix rx filter setting for bfee functionality
wifi: mt76: mt7915: firmware restart on devices with a second pcie link
wifi: mt76: connac: move mt7615_mcu_del_wtbl_all to connac
wifi: mt76: mt7915: improve hardware restart reliability
wifi: mt76: mt7915: fix omac index assignment after hardware reset
Florian Westphal (4):
netfilter: nf_tables: de-constify set commit ops function argument
netfilter: nft_set_rbtree: rename gc deactivate+erase function
netfilter: nft_set_rbtree: prefer sync gc to async worker
netfilter: nft_flow_offload: update tcp state flags under lock
Frank Li (1):
PCI: imx6: Simplify clock handling by using clk_bulk*() function
Gaurav Jain (1):
crypto: caam - use JobR's space to access page 0 regs
Gautham R. Shenoy (1):
cpufreq: ACPI: Fix max-frequency computation
Geert Uytterhoeven (2):
dt-bindings: leds: class-multicolor: Fix path to color definitions
selftests: timers: clocksource-switch: Adapt progress to kselftest framework
George Lander (1):
ASoC: sun4i-spdif: Add clock multiplier settings
Greg Kroah-Hartman (1):
Linux 6.6.76
Guangguan Wang (1):
net/smc: fix data error when recvmsg with MSG_PEEK flag
Guixin Liu (1):
scsi: ufs: bsg: Delete bsg_dev when setting up bsg fails
He Rongguang (1):
cpupower: fix TSC MHz calculation
Hermes Wu (1):
drm/bridge: it6505: Change definition of AUX_FIFO_MAX_SIZE
Hongbo Li (2):
hostfs: convert hostfs to use the new mount API
hostfs: fix the host directory parse when mounting.
Howard Chu (1):
perf trace: Fix runtime error of index out of bounds
Howard Hsu (2):
wifi: mt76: mt7996: fix the capability of reception of EHT MU PPDU
wifi: mt76: mt7996: fix HE Phy capability
Hsin-Te Yuan (2):
arm64: dts: mediatek: mt8183: kenzo: Support second source touchscreen
arm64: dts: mediatek: mt8183: willow: Support second source touchscreen
Hsin-Yi Wang (1):
arm64: dts: mt8183: set DMIC one-wire mode on Damu
Huacai Chen (1):
LoongArch: Fix warnings during S3 suspend
Hugo Villeneuve (1):
serial: sc16is7xx: use device_property APIs when configuring irda mode
Ilan Peer (2):
wifi: mac80211: Fix common size calculation for ML element
wifi: cfg80211: Handle specific BSSID in 6GHz scanning
Ivan Stepchenko (1):
drm/amdgpu: Fix potential NULL pointer dereference in atomctrl_get_smc_sclk_range_table
Jakub Kicinski (1):
net: netdevsim: try to close UDP port harness races
Jamal Hadi Salim (1):
net: sched: Disallow replacing of child qdisc from one parent to another
Jason-JH.Lin (1):
dts: arm64: mediatek: mt8195: Remove MT8183 compatible for OVL
Javier Carrasco (1):
soc: atmel: fix device_node release in atmel_soc_device_init()
Jens Axboe (2):
nvme: fix bogus kzalloc() return check in nvme_init_effects_log()
io_uring/uring_cmd: use cached cmd_op in io_uring_cmd_sock()
Jiachen Zhang (1):
perf report: Fix misleading help message about --demangle
Jian Shen (1):
net: hns3: fix oops when unload drivers paralleling
Jianbo Liu (1):
xfrm: replay: Fix the update of replay_esn->oseq_hi for GSO
Jiang Liu (1):
drm/amdgpu: tear down ttm range manager for doorbell in amdgpu_ttm_fini()
Jiasheng Jiang (3):
media: marvell: Add check for clk_enable()
media: mipi-csis: Add check for clk_enable()
media: camif-core: Add check for clk_enable()
Jinliang Zheng (1):
fs: fix proc_handler for sysctl_nr_open
Jiri Kosina (1):
HID: multitouch: fix support for Goodix PID 0x01e9
Joe Hattori (14):
clk: fix an OF node reference leak in of_clk_get_parent_name()
ACPI: fan: cleanup resources in the error path of .probe()
leds: netxbig: Fix an OF node reference leak in netxbig_leds_get_of_pdata()
regulator: of: Implement the unwind path of of_regulator_match()
OPP: OF: Fix an OF node leak in _opp_add_static_v2()
leds: cht-wcove: Use devm_led_classdev_register() to avoid memory leak
crypto: ixp4xx - fix OF node reference leaks in init_ixp_crypto()
memory: tegra20-emc: fix an OF node reference bug in tegra_emc_find_node_by_ram_code()
fbdev: omapfb: Fix an OF node leak in dss_of_port_get_parent_device()
mtd: hyperbus: hbmc-am654: fix an OF node reference leak
watchdog: rti_wdt: Fix an OF node leak in rti_wdt_probe()
staging: media: imx: fix OF node leak in imx_media_add_of_subdevs()
dmaengine: ti: edma: fix OF node reference leaks in edma_driver
usb: dwc3-am62: Fix an OF node leak in phy_syscon_pll_refclk()
Johannes Berg (2):
wifi: mac80211: prohibit deactivating all links
wifi: mac80211: don't flush non-uploaded STAs
John Ogness (1):
serial: 8250: Adjust the timeout for FIFO mode
Jon Maloy (1):
tcp: correct handling of extreme memory squeeze
Jos Wang (1):
usb: typec: tcpm: set SRC_SEND_CAPABILITIES timeout to PD_T_SENDER_RESPONSE
K Prateek Nayak (1):
x86/topology: Use x86_sched_itmt_flags for PKG domain unconditionally
Kailang Yang (1):
ALSA: hda/realtek - Fixed headphone distorted sound on Acer Aspire A115-31 laptop
Kalesh AP (1):
RDMA/bnxt_re: Fix to drop reference to the mmap entry in case of error
Karol Przybylski (1):
HID: hid-thrustmaster: Fix warning in thrustmaster_probe by adding endpoint check
Keisuke Nishimura (2):
nvme: Add error check for xa_store in nvme_get_effects_log
nvme: Add error path for xa_store in nvme_init_effects
King Dix (1):
PCI: rcar-ep: Fix incorrect variable used when calling devm_request_mem_region()
Konrad Dybcio (4):
arm64: dts: qcom: msm8996: Fix up USB3 interrupts
arm64: dts: qcom: msm8994: Describe USB interrupts
arm64: dts: qcom: sc7180-*: Remove thermal zone polling delays
arm64: dts: qcom: sc8280xp: Fix up remoteproc register space sizes
Kory Maincent (1):
net: sh_eth: Fix missing rtnl lock in suspend/resume path
Krzysztof Kozlowski (2):
mfd: syscon: Use scoped variables with memory allocators to simplify error paths
arm64: dts: qcom: sc7180: change labels to lower-case
Kunihiko Hayashi (2):
net: stmmac: Limit the number of MTL queues to hardware capability
net: stmmac: Limit FIFO size by hardware capability
Kyle Tso (2):
usb: dwc3: core: Defer the probe until USB power supply ready
usb: typec: tcpci: Prevent Sink disconnection before vPpsShutdown in SPR PPS
Laurent Pinchart (1):
media: uvcvideo: Fix double free in error path
Laurentiu Palcu (2):
media: nxp: imx8-isi: fix v4l2-compliance test errors
staging: media: max96712: fix kernel oops when removing module
Leon Romanovsky (1):
RDMA/mlx4: Avoid false error about access to uninitialized gids array
Levi Yun (1):
perf expr: Initialize is_test value in expr__ctx_new()
Li Zhijian (1):
RDMA/rxe: Improve newline in printing messages
Lianqin Hu (1):
ALSA: usb-audio: Add delay quirk for iBasso DC07 Pro
Lin Yujun (1):
hexagon: Fix unbalanced spinlock in die()
Liu Jian (1):
net: let net.core.dev_weight always be non-zero
Luca Ceresoli (2):
of: remove internal arguments from of_property_for_each_u32()
gpio: pca953x: log an error when failing to get the reset GPIO
Luca Weiss (2):
arm64: dts: qcom: sm7225-fairphone-fp4: Drop extra qcom,msm-id value
media: i2c: imx412: Add missing newline to prints
Luo Yifan (1):
tools/bootconfig: Fix the wrong format specifier
Ma Ke (1):
RDMA/srp: Fix error handling in srp_add_port
Maciej S. Szmigiero (1):
pinctrl: amd: Take suspend type into consideration which pins are non-wake
Mahdi Arghavani (1):
tcp_cubic: fix incorrect HyStart round start detection
Maher Sanalla (1):
net/mlxfw: Drop hard coded max FW flash image size
Mamta Shukla (1):
arm: dts: socfpga: use reset-name "stmmaceth-ocp" instead of "ahb"
Manivannan Sadhasivam (3):
cpufreq: qcom: Fix qcom_cpufreq_hw_recalc_rate() to query LUT if LMh IRQ is not available
cpufreq: qcom: Implement clk_ops::determine_rate() for qcom_cpufreq* clocks
PCI: endpoint: pci-epf-test: Fix check for DMA MEMCPY test
Marcel Hamer (1):
wifi: brcmfmac: add missing header include for brcmf_dbg
Marco Leogrande (1):
tools/testing/selftests/bpf/test_tc_tunnel.sh: Fix wait for server bind
Marek Vasut (4):
clk: imx8mp: Fix clkout1/2 support
ARM: dts: stm32: Deduplicate serial aliases and chosen node for STM32MP15xx DHCOM SoM
ARM: dts: stm32: Swap USART3 and UART8 alias on STM32MP15xx DHCOM SoM
arm64: dts: qcom: msm8996-xiaomi-gemini: Fix LP5562 LED1 reg property
Mark Brown (1):
spi: omap2-mcspi: Correctly handle devm_clk_get_optional() errors
Martin KaFai Lau (1):
bpf: bpf_local_storage: Always use bpf_mem_alloc in PREEMPT_RT
Masahiro Yamada (8):
ALSA: seq: remove redundant 'tristate' for SND_SEQ_UMP_CLIENT
genksyms: fix memory leak when the same symbol is added from source
genksyms: fix memory leak when the same symbol is read from *.symref file
kconfig: fix file name in warnings when loading KCONFIG_DEFCONFIG_LIST
kconfig: require a space after '#' for valid input
kconfig: remove unused code for S_DEF_AUTO in conf_read_simple()
kconfig: deduplicate code in conf_read_simple()
kconfig: fix memory leak in sym_warn_unmet_dep()
Mathieu Desnoyers (1):
selftests/rseq: Fix handling of glibc without rseq support
Matthew Wilcox (Oracle) (2):
buffer: make folio_create_empty_buffers() return a buffer_head
nilfs2: convert nilfs_lookup_dirty_data_buffers to use folio_create_empty_buffers
Matti Vaittinen (1):
dt-bindings: mfd: bd71815: Fix rsense and typos
Michael Ellerman (1):
selftests/powerpc: Fix argument order to timer_sub()
Michael Guralnik (1):
RDMA/mlx5: Fix indirect mkey ODP page count
Michael Lo (1):
wifi: mt76: mt7921: fix using incorrect group cipher after disconnection.
Michal Luczaj (1):
vsock: Allow retrying on connect() failure
Michal Pecio (1):
usb: xhci: Fix NULL pointer dereference on certain command aborts
Michal Swiatkowski (1):
iavf: allow changing VLAN state without calling PF
Mickaël Salaün (2):
landlock: Handle weird files
selftests/landlock: Fix error message
Mihai Sain (1):
ARM: dts: microchip: sama5d27_wlsom1_ek: Remove mmc-ddr-3_3v property from sdmmc0 node
Min-Hua Chen (1):
drm/rockchip: vop2: include rockchip_drm_drv.h
Ming Wang (1):
rtc: loongson: clear TOY_MATCH0_REG in loongson_rtc_isr()
Mingwei Zheng (4):
spi: zynq-qspi: Add check for clk_enable()
pwm: stm32-lp: Add check for clk_enable()
pwm: stm32: Add check for clk_enable()
pinctrl: stm32: Add check for clk_enable()
Mohamed Khalfella (1):
PCI: endpoint: pci-epf-test: Set dma_chan_rx pointer to NULL on error
Nathan Chancellor (2):
hostfs: Add const qualifier to host_root in hostfs_fill_super()
s390: Add '-std=gnu11' to decompressor and purgatory CFLAGS
Neeraj Sanjay Kale (1):
Bluetooth: btnxpuart: Fix glitches seen in dual A2DP streaming
Neil Armstrong (8):
OPP: add index check to assert to avoid buffer overflow in _read_freq()
OPP: fix dev_pm_opp_find_bw_*() when bandwidth table not initialized
dt-bindings: mmc: controller: clarify the address-cells description
arm64: dts: qcom: sdm845-db845c-navigation-mezzanine: remove disabled ov7251 camera
arm64: dts: qcom: sc7180-trogdor-quackingstick: add missing avee-supply
arm64: dts: qcom: sc7180-trogdor-pompom: rename 5v-choke thermal zone
arm64: dts: qcom: sc7180: fix psci power domain node names
arm64: dts: qcom: sm8150-microsoft-surface-duo: fix typos in da7280 properties
Nicolas Cavallari (1):
wifi: mt76: mt7915: Fix mesh scan on MT7916 DBDC
Nicolas Ferre (1):
ARM: at91: pm: change BU Power Switch to automatic mode
Nikita Zhandarovich (2):
net/rose: prevent integer overflows in rose_setsockopt()
net: usb: rtl8150: enable basic endpoint checking
Nícolas F. R. A. Prado (2):
arm64: dts: mediatek: mt8186: Move wakeup to MTU3 to get working suspend
arm64: dts: mediatek: mt8195: Remove suspend-breaking reset from pcie1
Octavian Purdila (2):
net_sched: sch_sfq: don't allow 1 packet limit
team: prevent adding a device which is already a team device lower
Oleksij Rempel (1):
rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read
Olga Kornievskaia (2):
NFSv4.2: fix COPY_NOTIFY xdr buf size calculation
NFSv4.2: mark OFFLOAD_CANCEL MOVEABLE
Oliver Neukum (1):
media: rc: iguanair: handle timeouts
Pablo Neira Ayuso (2):
netfilter: nf_tables: fix set size with rbtree backend
netfilter: nf_tables: reject mismatching sum of field_len with set key length
Pali Rohár (3):
cifs: Use cifs_autodisable_serverino() for disabling CIFS_MOUNT_SERVER_INUM in readdir.c
cifs: Validate EAs for WSL reparse points
cifs: Fix getting and setting SACLs over SMB1
Palmer Dabbelt (1):
RISC-V: Mark riscv_v_init() as __init
Paolo Abeni (2):
mptcp: consolidate suboption status
mptcp: handle fastopen disconnect correctly
Parth Pancholi (1):
kbuild: switch from lz4c to lz4 for compression
Paul Menzel (1):
scsi: mpt3sas: Set ioc->manu_pg11.EEDPTagMode directly to 1
Paulo Alcantara (1):
smb: client: fix oops due to unset link speed
Pei Xiao (1):
i3c: dw: Fix use-after-free in dw_i3c_master driver due to race condition
Perry Yuan (1):
x86/cpu: Enable SD_ASYM_PACKING for PKG domain on AMD
Peter Chiu (4):
wifi: mt76: mt7915: fix register mapping
wifi: mt76: mt7996: fix register mapping
wifi: mt76: mt7996: add max mpdu len capability
wifi: mt76: mt7996: fix ldpc setting
Peter Griffin (2):
mfd: syscon: Remove extern from function prototypes
mfd: syscon: Add of_syscon_register_regmap() API
Peter Zijlstra (2):
sched/fair: Fix value reported by hot tasks pulled in /proc/schedstat
sched/topology: Rename 'DIE' domain to 'PKG'
Puranjay Mohan (1):
bpf: Send signals asynchronously if !preemptible
Qasim Ijaz (1):
iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index()
Qu Wenruo (1):
btrfs: output the reason for open_ctree() failure
Quan Nguyen (1):
ipmi: ssif_bmc: Fix new request loss when bmc ready for a response
Quentin Monnet (1):
libbpf: Fix segfault due to libelf functions not setting errno
Rafał Miłecki (2):
ARM: dts: mediatek: mt7623: fix IR nodename
bgmac: reduce max frame size to support just MTU 1500
Randy Dunlap (2):
partitions: ldm: remove the initial kernel-doc notation
efi: sysfb_efi: fix W=1 warnings when EFI is not set
Ricardo B. Marliere (1):
ktest.pl: Check kernelrelease return in get_version
Ricardo Ribalda (1):
media: uvcvideo: Propagate buf->error to userspace
Richard Zhu (1):
PCI: imx6: Skip controller_id generation logic for i.MX7D
Ricky CX Wu (3):
ARM: dts: aspeed: yosemite4: correct the compatible string of adm1272
ARM: dts: aspeed: yosemite4: Add required properties for IOE on fan boards
ARM: dts: aspeed: yosemite4: correct the compatible string for max31790
Rob Herring (Arm) (1):
mfd: syscon: Fix race in device_node_get_regmap()
Roger Quadros (1):
net: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns()
Ryusuke Konishi (1):
nilfs2: protect access to buffers with no active references
Saket Kumar Bhaskar (1):
selftests/bpf: Fix fill_link_info selftest on powerpc
Sathishkumar Muruganandam (1):
wifi: ath12k: fix tx power, max reg power update to firmware
Sean Rhodes (1):
drivers/card_reader/rtsx_usb: Restore interrupt based detection
Sebastian Andrzej Siewior (1):
module: Extend the preempt disabled section in dereference_symbol_descriptor().
Sergey Senozhatsky (1):
kconfig: WERROR unmet symbol dependency
Sergio Paracuellos (1):
clk: ralink: mtmips: remove duplicated 'xtal' clock for Ralink SoC RT3883
Shazad Hussain (1):
arm64: dts: qcom: sa8775p-ride: enable pmm8654au_0_pon_resin
Shigeru Yoshida (1):
vxlan: Fix uninit-value in vxlan_vnifilter_dump()
Shinas Rasheed (1):
octeon_ep: remove firmware stats fetch in ndo_get_stats64
Sourabh Jain (1):
powerpc/book3s64/hugetlb: Fix disabling hugetlb when fadump is active
Su Yue (1):
ocfs2: mark dquot as inactive if failed to start trans while releasing dquot
Sui Jingfeng (2):
drm/etnaviv: Fix page property being used for non writecombine buffers
drm/msm: Check return value of of_dma_configure()
Sultan Alsawaf (unemployed) (1):
cpufreq: schedutil: Fix superfluous updates caused by need_freq_update
Takashi Iwai (1):
ALSA: seq: Make dependency on UMP clearer
Taniya Das (1):
arm64: dts: qcom: sa8775p: Update sleep_clk frequency
Terry Tritton (1):
HID: fix generic desktop D-Pad controls
Thadeu Lima de Souza Cascardo (9):
wifi: rtlwifi: do not complete firmware loading needlessly
wifi: rtlwifi: rtl8192se: rise completion of firmware loading as last step
wifi: rtlwifi: wait for firmware loading before releasing memory
wifi: rtlwifi: fix init_sw_vars leak when probe fails
wifi: rtlwifi: usb: fix workqueue leak when probe fails
wifi: rtlwifi: remove unused check_buddy_priv
wifi: rtlwifi: destroy workqueue at rtl_deinit_core
wifi: rtlwifi: fix memory leaks and invalid access at probe error path
wifi: rtlwifi: pci: wait for firmware loading before releasing memory
Thinh Nguyen (2):
usb: gadget: f_tcm: Fix Get/SetInterface return value
usb: gadget: f_tcm: Don't free command immediately
Thomas Gleixner (1):
genirq: Make handle_enforce_irqctx() unconditionally available
Thomas Weißschuh (2):
padata: fix sysfs store callback check
ptp: Properly handle compat ioctls
Tiezhu Yang (1):
LoongArch: Change 8 to 14 for LOONGARCH_MAX_{BRP,WRP}
Toke Høiland-Jørgensen (1):
net: xdp: Disallow attaching device-bound programs in generic mode
Uwe Kleine-König (1):
mtd: hyperbus: hbmc-am654: Convert to platform remove callback returning void
Val Packett (5):
arm64: dts: mediatek: mt8516: fix GICv2 range
arm64: dts: mediatek: mt8516: fix wdt irq type
arm64: dts: mediatek: mt8516: add i2c clock-div property
arm64: dts: mediatek: mt8516: reserve 192 KiB for TF-A
arm64: dts: mediatek: add per-SoC compatibles for keypad nodes
Vasily Khoruzhick (4):
dt-bindings: clock: sunxi: Export PLL_VIDEO_2X and PLL_MIPI
clk: sunxi-ng: a64: drop redundant CLK_PLL_VIDEO0_2X and CLK_PLL_MIPI
clk: sunxi-ng: a64: stop force-selecting PLL-MIPI as TCON0 parent
arm64: dts: allwinner: a64: explicitly assign clock parent for TCON0
Vladimir Zapolskiy (2):
arm64: dts: qcom: sdm845: Fix interrupt types of camss interrupts
arm64: dts: qcom: sm8250: Fix interrupt types of camss interrupts
WangYuli (1):
wifi: mt76: mt76u_vendor_request: Do not print error messages when -EPROTO
Wenkai Lin (2):
crypto: hisilicon/sec2 - fix for aead icv error
crypto: hisilicon/sec2 - fix for aead invalid authsize
Wentao Liang (1):
PM: hibernate: Add error handling for syscore_suspend()
Willem de Bruijn (1):
hexagon: fix using plain integer as NULL pointer warning in cmpxchg
Yabin Cui (1):
perf/core: Save raw sample data conditionally based on sample type
Yang Erkun (1):
block: retry call probe after request_module in blk_request_module
Yu Kuai (1):
nbd: don't allow reconnect after disconnect
Zhongqiu Han (3):
perf header: Fix one memory leakage in process_bpf_btf()
perf header: Fix one memory leakage in process_bpf_prog_info()
perf bpf: Fix two memory leakages when calling perf_env__insert_bpf_prog_info()
Zhu Yanjun (1):
RDMA/rxe: Fix the warning "__rxe_cleanup+0x12c/0x170 [rdma_rxe]"
Zichen Xie (1):
samples/landlock: Fix possible NULL dereference in parse_path()
Zijun Hu (3):
of: reserved-memory: Do not make kmemleak ignore freed address
PCI: endpoint: Destroy the EPC device in devm_pci_epc_destroy()
driver core: class: Fix wild pointer dereferences in API class_dev_iter_next()
david regan (1):
mtd: rawnand: brcmnand: fix status read of brcmnand_waitfunc
pangliyuan (1):
ubifs: skip dumping tnc tree when zroot is null
xueqin Luo (1):
wifi: mt76: mt7915: fix overflows seen when writing limit attributes
zhenwei pi (1):
RDMA/rxe: Fix mismatched max_msg_sz
4 months, 1 week
- 1
- 1
[PATCH 6.1.y] cachefiles: Fix NULL pointer dereference in object->file
by lanbincn@qq.com
From: Zizhi Wo <wozizhi(a)huawei.com>
commit 31ad74b20227ce6b40910ff78b1c604e42975cf1 upstream.
At present, the object->file has the NULL pointer dereference problem in
ondemand-mode. The root cause is that the allocated fd and object->file
lifetime are inconsistent, and the user-space invocation to anon_fd uses
object->file. Following is the process that triggers the issue:
[write fd] [umount]
cachefiles_ondemand_fd_write_iter
fscache_cookie_state_machine
cachefiles_withdraw_cookie
if (!file) return -ENOBUFS
cachefiles_clean_up_object
cachefiles_unmark_inode_in_use
fput(object->file)
object->file = NULL
// file NULL pointer dereference!
__cachefiles_write(..., file, ...)
Fix this issue by add an additional reference count to the object->file
before write/llseek, and decrement after it finished.
Fixes: c8383054506c ("cachefiles: notify the user daemon when looking up cookie")
Signed-off-by: Zizhi Wo <wozizhi(a)huawei.com>
Link: https://lore.kernel.org/r/20241107110649.3980193-5-wozizhi@huawei.com
Reviewed-by: David Howells <dhowells(a)redhat.com>
Signed-off-by: Christian Brauner <brauner(a)kernel.org>
Signed-off-by: Bin Lan <lanbincn(a)qq.com>
---
fs/cachefiles/interface.c | 14 ++++++++++----
fs/cachefiles/ondemand.c | 30 ++++++++++++++++++++++++------
2 files changed, 34 insertions(+), 10 deletions(-)
diff --git a/fs/cachefiles/interface.c b/fs/cachefiles/interface.c
index bde23e156a63..fd71775c703a 100644
--- a/fs/cachefiles/interface.c
+++ b/fs/cachefiles/interface.c
@@ -327,6 +327,8 @@ static void cachefiles_commit_object(struct cachefiles_object *object,
static void cachefiles_clean_up_object(struct cachefiles_object *object,
struct cachefiles_cache *cache)
{
+ struct file *file;
+
if (test_bit(FSCACHE_COOKIE_RETIRED, &object->cookie->flags)) {
if (!test_bit(CACHEFILES_OBJECT_USING_TMPFILE, &object->flags)) {
cachefiles_see_object(object, cachefiles_obj_see_clean_delete);
@@ -342,10 +344,14 @@ static void cachefiles_clean_up_object(struct cachefiles_object *object,
}
cachefiles_unmark_inode_in_use(object, object->file);
- if (object->file) {
- fput(object->file);
- object->file = NULL;
- }
+
+ spin_lock(&object->lock);
+ file = object->file;
+ object->file = NULL;
+ spin_unlock(&object->lock);
+
+ if (file)
+ fput(file);
}
/*
diff --git a/fs/cachefiles/ondemand.c b/fs/cachefiles/ondemand.c
index d1a0264b08a6..3389a373faf6 100644
--- a/fs/cachefiles/ondemand.c
+++ b/fs/cachefiles/ondemand.c
@@ -61,20 +61,26 @@ static ssize_t cachefiles_ondemand_fd_write_iter(struct kiocb *kiocb,
{
struct cachefiles_object *object = kiocb->ki_filp->private_data;
struct cachefiles_cache *cache = object->volume->cache;
- struct file *file = object->file;
+ struct file *file;
size_t len = iter->count;
loff_t pos = kiocb->ki_pos;
const struct cred *saved_cred;
int ret;
- if (!file)
+ spin_lock(&object->lock);
+ file = object->file;
+ if (!file) {
+ spin_unlock(&object->lock);
return -ENOBUFS;
+ }
+ get_file(file);
+ spin_unlock(&object->lock);
cachefiles_begin_secure(cache, &saved_cred);
ret = __cachefiles_prepare_write(object, file, &pos, &len, true);
cachefiles_end_secure(cache, saved_cred);
if (ret < 0)
- return ret;
+ goto out;
trace_cachefiles_ondemand_fd_write(object, file_inode(file), pos, len);
ret = __cachefiles_write(object, file, pos, iter, NULL, NULL);
@@ -83,6 +89,8 @@ static ssize_t cachefiles_ondemand_fd_write_iter(struct kiocb *kiocb,
kiocb->ki_pos += ret;
}
+out:
+ fput(file);
return ret;
}
@@ -90,12 +98,22 @@ static loff_t cachefiles_ondemand_fd_llseek(struct file *filp, loff_t pos,
int whence)
{
struct cachefiles_object *object = filp->private_data;
- struct file *file = object->file;
+ struct file *file;
+ loff_t ret;
- if (!file)
+ spin_lock(&object->lock);
+ file = object->file;
+ if (!file) {
+ spin_unlock(&object->lock);
return -ENOBUFS;
+ }
+ get_file(file);
+ spin_unlock(&object->lock);
- return vfs_llseek(file, pos, whence);
+ ret = vfs_llseek(file, pos, whence);
+ fput(file);
+
+ return ret;
}
static long cachefiles_ondemand_fd_ioctl(struct file *filp, unsigned int ioctl,
--
2.43.0
4 months, 1 week
- 1
- 0
[PATCH 6.6.y] cachefiles: Fix NULL pointer dereference in object->file
by lanbincn@qq.com
From: Zizhi Wo <wozizhi(a)huawei.com>
commit 31ad74b20227ce6b40910ff78b1c604e42975cf1 upstream.
At present, the object->file has the NULL pointer dereference problem in
ondemand-mode. The root cause is that the allocated fd and object->file
lifetime are inconsistent, and the user-space invocation to anon_fd uses
object->file. Following is the process that triggers the issue:
[write fd] [umount]
cachefiles_ondemand_fd_write_iter
fscache_cookie_state_machine
cachefiles_withdraw_cookie
if (!file) return -ENOBUFS
cachefiles_clean_up_object
cachefiles_unmark_inode_in_use
fput(object->file)
object->file = NULL
// file NULL pointer dereference!
__cachefiles_write(..., file, ...)
Fix this issue by add an additional reference count to the object->file
before write/llseek, and decrement after it finished.
Fixes: c8383054506c ("cachefiles: notify the user daemon when looking up cookie")
Signed-off-by: Zizhi Wo <wozizhi(a)huawei.com>
Link: https://lore.kernel.org/r/20241107110649.3980193-5-wozizhi@huawei.com
Reviewed-by: David Howells <dhowells(a)redhat.com>
Signed-off-by: Christian Brauner <brauner(a)kernel.org>
Signed-off-by: Bin Lan <lanbincn(a)qq.com>
---
fs/cachefiles/interface.c | 14 ++++++++++----
fs/cachefiles/ondemand.c | 30 ++++++++++++++++++++++++------
2 files changed, 34 insertions(+), 10 deletions(-)
diff --git a/fs/cachefiles/interface.c b/fs/cachefiles/interface.c
index 35ba2117a6f6..3e63cfe15874 100644
--- a/fs/cachefiles/interface.c
+++ b/fs/cachefiles/interface.c
@@ -327,6 +327,8 @@ static void cachefiles_commit_object(struct cachefiles_object *object,
static void cachefiles_clean_up_object(struct cachefiles_object *object,
struct cachefiles_cache *cache)
{
+ struct file *file;
+
if (test_bit(FSCACHE_COOKIE_RETIRED, &object->cookie->flags)) {
if (!test_bit(CACHEFILES_OBJECT_USING_TMPFILE, &object->flags)) {
cachefiles_see_object(object, cachefiles_obj_see_clean_delete);
@@ -342,10 +344,14 @@ static void cachefiles_clean_up_object(struct cachefiles_object *object,
}
cachefiles_unmark_inode_in_use(object, object->file);
- if (object->file) {
- fput(object->file);
- object->file = NULL;
- }
+
+ spin_lock(&object->lock);
+ file = object->file;
+ object->file = NULL;
+ spin_unlock(&object->lock);
+
+ if (file)
+ fput(file);
}
/*
diff --git a/fs/cachefiles/ondemand.c b/fs/cachefiles/ondemand.c
index d1a0264b08a6..3389a373faf6 100644
--- a/fs/cachefiles/ondemand.c
+++ b/fs/cachefiles/ondemand.c
@@ -61,20 +61,26 @@ static ssize_t cachefiles_ondemand_fd_write_iter(struct kiocb *kiocb,
{
struct cachefiles_object *object = kiocb->ki_filp->private_data;
struct cachefiles_cache *cache = object->volume->cache;
- struct file *file = object->file;
+ struct file *file;
size_t len = iter->count;
loff_t pos = kiocb->ki_pos;
const struct cred *saved_cred;
int ret;
- if (!file)
+ spin_lock(&object->lock);
+ file = object->file;
+ if (!file) {
+ spin_unlock(&object->lock);
return -ENOBUFS;
+ }
+ get_file(file);
+ spin_unlock(&object->lock);
cachefiles_begin_secure(cache, &saved_cred);
ret = __cachefiles_prepare_write(object, file, &pos, &len, true);
cachefiles_end_secure(cache, saved_cred);
if (ret < 0)
- return ret;
+ goto out;
trace_cachefiles_ondemand_fd_write(object, file_inode(file), pos, len);
ret = __cachefiles_write(object, file, pos, iter, NULL, NULL);
@@ -83,6 +89,8 @@ static ssize_t cachefiles_ondemand_fd_write_iter(struct kiocb *kiocb,
kiocb->ki_pos += ret;
}
+out:
+ fput(file);
return ret;
}
@@ -90,12 +98,22 @@ static loff_t cachefiles_ondemand_fd_llseek(struct file *filp, loff_t pos,
int whence)
{
struct cachefiles_object *object = filp->private_data;
- struct file *file = object->file;
+ struct file *file;
+ loff_t ret;
- if (!file)
+ spin_lock(&object->lock);
+ file = object->file;
+ if (!file) {
+ spin_unlock(&object->lock);
return -ENOBUFS;
+ }
+ get_file(file);
+ spin_unlock(&object->lock);
- return vfs_llseek(file, pos, whence);
+ ret = vfs_llseek(file, pos, whence);
+ fput(file);
+
+ return ret;
}
static long cachefiles_ondemand_fd_ioctl(struct file *filp, unsigned int ioctl,
--
2.43.0
4 months, 1 week
- 1
- 0
[PATCH] usb: cdns3: exit cdns3_gadget_udc_start if FAST_REG_ACCESS cannot be set
by Siddharth Vadapalli
When the device is in a low power state, access to the following
registers takes a long time:
- EP_CFG
- EP_TRADDR
- EP_CMD
- EP_SEL
- EP_STS
- USB_CONF
To address this, the fast register access feature can be enabled by
setting PUSB_PWR_FST_REG_ACCESS bit of the USB_PWR register, which
allows quick access by software. Software is expected to poll on
PUSB_PWR_FST_REG_ACCESS_STAT to ensure that fast register access has
been enabled by the controller. Attempting to access any of the
aforementioned registers after setting PUSB_PWR_FST_REG_ACCESS but
before PUSB_PWR_FST_REG_ACCESS_STAT has been set will result in
undefined behavior and potentially result in system hang.
Hence, poll on PUSB_PWR_FST_REG_ACCESS_STAT before proceeding with
gadget configuration, and exit if it cannot be enabled.
Fixes: b5148d946f45 ("usb: cdns3: gadget: set fast access bit")
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Siddharth Vadapalli <s-vadapalli(a)ti.com>
---
Hello,
This patch is based on commit
92514ef226f5 Merge tag 'for-6.14-rc1-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux
of Mainline Linux.
Regards,
Siddharth.
drivers/usb/cdns3/cdns3-gadget.c | 18 ++++++++++++++++--
1 file changed, 16 insertions(+), 2 deletions(-)
diff --git a/drivers/usb/cdns3/cdns3-gadget.c b/drivers/usb/cdns3/cdns3-gadget.c
index fd1beb10bba7..b62691944272 100644
--- a/drivers/usb/cdns3/cdns3-gadget.c
+++ b/drivers/usb/cdns3/cdns3-gadget.c
@@ -2971,8 +2971,6 @@ static void cdns3_gadget_config(struct cdns3_device *priv_dev)
/* enable generic interrupt*/
writel(USB_IEN_INIT, ®s->usb_ien);
writel(USB_CONF_CLK2OFFDS | USB_CONF_L1DS, ®s->usb_conf);
- /* keep Fast Access bit */
- writel(PUSB_PWR_FST_REG_ACCESS, &priv_dev->regs->usb_pwr);
cdns3_configure_dmult(priv_dev, NULL);
}
@@ -2990,6 +2988,8 @@ static int cdns3_gadget_udc_start(struct usb_gadget *gadget,
struct cdns3_device *priv_dev = gadget_to_cdns3_device(gadget);
unsigned long flags;
enum usb_device_speed max_speed = driver->max_speed;
+ int ret;
+ u32 reg;
spin_lock_irqsave(&priv_dev->lock, flags);
priv_dev->gadget_driver = driver;
@@ -2997,6 +2997,20 @@ static int cdns3_gadget_udc_start(struct usb_gadget *gadget,
/* limit speed if necessary */
max_speed = min(driver->max_speed, gadget->max_speed);
+ /* keep Fast Access bit */
+ writel(PUSB_PWR_FST_REG_ACCESS, &priv_dev->regs->usb_pwr);
+ reg = readl(&priv_dev->regs->usb_pwr);
+ if (!(reg & PUSB_PWR_FST_REG_ACCESS_STAT)) {
+ ret = readl_poll_timeout_atomic(&priv_dev->regs->usb_pwr, reg,
+ (reg & PUSB_PWR_FST_REG_ACCESS_STAT),
+ 10, 1000);
+ if (ret) {
+ dev_err(priv_dev->dev, "Failed to enable fast access\n");
+ spin_unlock_irqrestore(&priv_dev->lock, flags);
+ return ret;
+ }
+ }
+
switch (max_speed) {
case USB_SPEED_FULL:
writel(USB_CONF_SFORCE_FS, &priv_dev->regs->usb_conf);
--
2.43.0
4 months, 1 week
- 2
- 4
Re: The business loan-
by David Song
Hello,
My name is David Song, at AA4 FS, we are a consultancy and
brokerage Firm specializing in Growth Financial Loan and joint
partnership venture. We specialize in investments in all Private
and public sectors in a broad range of areas within our Financial
Investment Services.
We are experts in financial and operational management, due
diligence and capital planning in all markets and industries. Our
Investors wish to invest in any viable Project presented by your
Management after reviews on your Business Project Presentation
Plan.
We look forward to your Swift response. We also offer commission
to consultants and brokers for any partnership referrals.
Regards,
David Song
Senior Broker
AA4 Financial Services
13 Wonersh Way, Cheam,
Sutton, Surrey, SM2 7LX
Email: dsong(a)aa4financialservice.com
4 months, 1 week
- 1
- 0
[PATCH 6.13 000/619] 6.13.2-rc2 review
by Greg Kroah-Hartman
This is the start of the stable review cycle for the 6.13.2 release.
There are 619 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Sat, 08 Feb 2025 16:05:17 +0000.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.13.2-rc2…
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.13.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
Linux 6.13.2-rc2
Qu Wenruo <wqu(a)suse.com>
btrfs: do proper folio cleanup when run_delalloc_nocow() failed
Qu Wenruo <wqu(a)suse.com>
btrfs: do proper folio cleanup when cow_file_range() failed
Tiezhu Yang <yangtiezhu(a)loongson.cn>
LoongArch: Change 8 to 14 for LOONGARCH_MAX_{BRP,WRP}
Uwe Kleine-König <u.kleine-koenig(a)baylibre.com>
pwm: Ensure callbacks exist before calling them
Chen Ridong <chenridong(a)huawei.com>
memcg: fix soft lockup in the OOM process
Sean Christopherson <seanjc(a)google.com>
KVM: x86: Plumb in the vCPU to kvm_x86_ops.hwapic_isr_update()
Aric Cyr <Aric.Cyr(a)amd.com>
drm/amd/display: Add hubp cache reset when powergating
Nathan Chancellor <nathan(a)kernel.org>
s390: Add '-std=gnu11' to decompressor and purgatory CFLAGS
Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com>
ASoC: da7213: Initialize the mutex
Kevin Brodsky <kevin.brodsky(a)arm.com>
selftests/mm: build with -O2
Qu Wenruo <wqu(a)suse.com>
btrfs: output the reason for open_ctree() failure
Yu Kuai <yukuai3(a)huawei.com>
md/md-bitmap: Synchronize bitmap_get_stats() with bitmap lifetime
Shivaprasad G Bhat <sbhat(a)linux.ibm.com>
powerpc/pseries/iommu: Don't unset window if it was never set
Dan Carpenter <dan.carpenter(a)linaro.org>
media: imx-jpeg: Fix potential error pointer dereference in detach_pm()
Laurentiu Palcu <laurentiu.palcu(a)oss.nxp.com>
staging: media: max96712: fix kernel oops when removing module
Melissa Wen <mwen(a)igalia.com>
drm/amd/display: restore invalid MSA timing check for freesync
Thinh Nguyen <Thinh.Nguyen(a)synopsys.com>
usb: gadget: f_tcm: Don't free command immediately
Calvin Owens <calvin(a)wbinvd.org>
pps: Fix a use-after-free
Laurent Pinchart <laurent.pinchart(a)ideasonboard.com>
media: uvcvideo: Fix double free in error path
Arnaud Pouliquen <arnaud.pouliquen(a)foss.st.com>
remoteproc: core: Fix ida_free call while not allocated
Patrisious Haddad <phaddad(a)nvidia.com>
RDMA/mlx5: Fix implicit ODP use after free
Matthieu Baerts (NGI0) <matttbe(a)kernel.org>
mptcp: blackhole only if 1st SYN retrans w/o MPC is accepted
Paolo Abeni <pabeni(a)redhat.com>
mptcp: handle fastopen disconnect correctly
Matthieu Baerts (NGI0) <matttbe(a)kernel.org>
mptcp: pm: only set fullmesh for subflow endp
Paolo Abeni <pabeni(a)redhat.com>
mptcp: consolidate suboption status
Abel Vesa <abel.vesa(a)linaro.org>
clk: qcom: gcc-x1e80100: Do not turn off usb_2 controller GDSC
Kyle Tso <kyletso(a)google.com>
usb: typec: tcpci: Prevent Sink disconnection before vPpsShutdown in SPR PPS
Jos Wang <joswang(a)lenovo.com>
usb: typec: tcpm: set SRC_SEND_CAPABILITIES timeout to PD_T_SENDER_RESPONSE
Ray Chi <raychi(a)google.com>
usb: dwc3: Skip resume if pm_runtime_set_active() fails
Kyle Tso <kyletso(a)google.com>
usb: dwc3: core: Defer the probe until USB power supply ready
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
usb: dwc3-am62: Fix an OF node leak in phy_syscon_pll_refclk()
Thinh Nguyen <Thinh.Nguyen(a)synopsys.com>
usb: gadget: f_tcm: Fix Get/SetInterface return value
Sean Rhodes <sean(a)starlabs.systems>
drivers/card_reader/rtsx_usb: Restore interrupt based detection
Michal Pecio <michal.pecio(a)gmail.com>
usb: xhci: Fix NULL pointer dereference on certain command aborts
Nikita Zhandarovich <n.zhandarovich(a)fintech.ru>
net: usb: rtl8150: enable basic endpoint checking
Lianqin Hu <hulianqin(a)vivo.com>
ALSA: usb-audio: Add delay quirk for iBasso DC07 Pro
Darrick J. Wong <djwong(a)kernel.org>
xfs: don't shut down the filesystem for media failures beyond end of log
Darrick J. Wong <djwong(a)kernel.org>
xfs: release the dquot buf outside of qli_lock
Darrick J. Wong <djwong(a)kernel.org>
xfs: don't over-report free space or inodes in statvfs
Long Li <leo.lilong(a)huawei.com>
xfs: fix mount hang during primary superblock recovery failure
Christoph Hellwig <hch(a)lst.de>
xfs: check for dead buffers in xfs_buf_find_insert
Ricardo B. Marliere <rbm(a)suse.com>
ktest.pl: Check kernelrelease return in get_version
Masami Hiramatsu (Google) <mhiramat(a)kernel.org>
selftests/ftrace: Fix to use remount when testing mount GID option
Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com>
selftests/rseq: Fix handling of glibc without rseq support
Pablo Neira Ayuso <pablo(a)netfilter.org>
netfilter: nf_tables: reject mismatching sum of field_len with set key length
Chuck Lever <chuck.lever(a)oracle.com>
Revert "SUNRPC: Reduce thread wake-up rate when receiving large RPC messages"
Yu Kuai <yukuai3(a)huawei.com>
md/md-bitmap: move bitmap_{start, end}write to md upper layer
Yu Kuai <yukuai3(a)huawei.com>
md/raid5: implement pers->bitmap_sector()
Yu Kuai <yukuai3(a)huawei.com>
md: add a new callback pers->bitmap_sector()
Yu Kuai <yukuai3(a)huawei.com>
md/md-bitmap: remove the last parameter for bimtap_ops->endwrite()
Yu Kuai <yukuai3(a)huawei.com>
md/md-bitmap: factor behind write counters out from bitmap_{start/end}write()
Daniel Lee <chullee(a)google.com>
f2fs: Introduce linear search for dentries
Liam R. Howlett <Liam.Howlett(a)Oracle.com>
kernel: be more careful about dup_mmap() failures and uprobe registering
Masahiro Yamada <masahiroy(a)kernel.org>
kbuild: fix Clang LTO with CONFIG_OBJTOOL=n
Lin Yujun <linyujun809(a)huawei.com>
hexagon: Fix unbalanced spinlock in die()
Willem de Bruijn <willemb(a)google.com>
hexagon: fix using plain integer as NULL pointer warning in cmpxchg
Masahiro Yamada <masahiroy(a)kernel.org>
kconfig: fix memory leak in sym_warn_unmet_dep()
Masahiro Yamada <masahiroy(a)kernel.org>
kconfig: fix file name in warnings when loading KCONFIG_DEFCONFIG_LIST
Pali Rohár <pali(a)kernel.org>
cifs: Fix getting and setting SACLs over SMB1
Pali Rohár <pali(a)kernel.org>
cifs: Validate EAs for WSL reparse points
Len Brown <len.brown(a)intel.com>
tools/power turbostat: Fix forked child affinity regression
Daniel Baluta <daniel.baluta(a)nxp.com>
ASoC: amd: acp: Fix possible deadlock
Jens Axboe <axboe(a)kernel.dk>
io_uring/register: use atomic_read/write for sq_flags migration
Jens Axboe <axboe(a)kernel.dk>
io_uring/uring_cmd: use cached cmd_op in io_uring_cmd_sock()
Jens Axboe <axboe(a)kernel.dk>
io_uring/msg_ring: don't leave potentially dangling ->tctx pointer
Detlev Casanova <detlev.casanova(a)collabora.com>
ASoC: rockchip: i2s_tdm: Re-add the set_sysclk callback
Palmer Dabbelt <palmer(a)rivosinc.com>
RISC-V: Mark riscv_v_init() as __init
Torsten Hilbrich <torsten.hilbrich(a)secunet.com>
kbuild: Fix signing issue for external modules
Patryk Wlazlyn <patryk.wlazlyn(a)linux.intel.com>
tools/power turbostat: Fix PMT mmaped file size rounding
Al Viro <viro(a)zeniv.linux.org.uk>
hostfs: fix string handling in __dentry_name()
Masahiro Yamada <masahiroy(a)kernel.org>
genksyms: fix memory leak when the same symbol is read from *.symref file
Masahiro Yamada <masahiroy(a)kernel.org>
genksyms: fix memory leak when the same symbol is added from source
Eric Dumazet <edumazet(a)google.com>
net: hsr: fix fill_frame_info() regression vs VLAN packets
Kory Maincent <kory.maincent(a)bootlin.com>
net: sh_eth: Fix missing rtnl lock in suspend/resume path
Kory Maincent <kory.maincent(a)bootlin.com>
net: ravb: Fix missing rtnl lock in suspend/resume path
Toke Høiland-Jørgensen <toke(a)redhat.com>
net: xdp: Disallow attaching device-bound programs in generic mode
Jon Maloy <jmaloy(a)redhat.com>
tcp: correct handling of extreme memory squeeze
Rafał Miłecki <rafal(a)milecki.pl>
bgmac: reduce max frame size to support just MTU 1500
Michal Luczaj <mhal(a)rbox.co>
vsock: Allow retrying on connect() failure
Neeraj Sanjay Kale <neeraj.sanjaykale(a)nxp.com>
Bluetooth: btnxpuart: Fix glitches seen in dual A2DP streaming
Douglas Anderson <dianders(a)chromium.org>
Bluetooth: btusb: mediatek: Add locks for usb_driver_claim_interface()
Namhyung Kim <namhyung(a)kernel.org>
perf test: Skip syscall enum test if no landlock syscall
Howard Chu <howardchu95(a)gmail.com>
perf trace: Fix runtime error of index out of bounds
Heiko Carstens <hca(a)linux.ibm.com>
s390/sclp: Initialize sclp subsystem via arch_cpu_finalize_init()
Cosmin Ratiu <cratiu(a)nvidia.com>
bonding: Correctly support GSO ESP offload
Kunihiko Hayashi <hayashi.kunihiko(a)socionext.com>
net: stmmac: Limit FIFO size by hardware capability
Kunihiko Hayashi <hayashi.kunihiko(a)socionext.com>
net: stmmac: Limit the number of MTL queues to hardware capability
Gal Pressman <gal(a)nvidia.com>
ethtool: Fix set RXNFC command with symmetric RSS hash
Thomas Weißschuh <linux(a)weissschuh.net>
ptp: Properly handle compat ioctls
Ian Rogers <irogers(a)google.com>
perf annotate: Use an array for the disassembler preference
Chenyuan Yang <chenyuan0y(a)gmail.com>
net: davicom: fix UAF in dm9000_drv_remove
Shigeru Yoshida <syoshida(a)redhat.com>
vxlan: Fix uninit-value in vxlan_vnifilter_dump()
David Howells <dhowells(a)redhat.com>
rxrpc, afs: Fix peer hash locking vs RCU callback
Jan Stancek <jstancek(a)redhat.com>
selftests: net/{lib,openvswitch}: extend CFLAGS to keep options from environment
Jan Stancek <jstancek(a)redhat.com>
selftests: mptcp: extend CFLAGS to keep options from environment
Jakub Kicinski <kuba(a)kernel.org>
net: page_pool: don't try to stash the napi id
Jakub Kicinski <kuba(a)kernel.org>
tools: ynl: c: correct reverse decode of empty attrs
Stanislav Fomichev <sdf(a)fomichev.me>
net/mlx5e: add missing cpu_to_node to kvzalloc_node in mlx5e_open_xdpredirect_sq
Jakub Kicinski <kuba(a)kernel.org>
net: netdevsim: try to close UDP port harness races
Eric Dumazet <edumazet(a)google.com>
net: rose: fix timer races against user threads
Paul Fertser <fercerpav(a)gmail.com>
net/ncsi: use dev_set_mac_address() for Get MC MAC Address handling
Vasily Gorbik <gor(a)linux.ibm.com>
s390/mm: Allow large pages for KASAN shadow mapping
Michal Swiatkowski <michal.swiatkowski(a)linux.intel.com>
iavf: allow changing VLAN state without calling PF
Mateusz Polchlopek <mateusz.polchlopek(a)intel.com>
ice: remove invalid parameter of equalizer
Przemek Kitszel <przemyslaw.kitszel(a)intel.com>
ice: fix ice_parser_rt::bst_key array size
Marco Leogrande <leogrande(a)google.com>
idpf: convert workqueues to unbound
Manoj Vishwanathan <manojvishy(a)google.com>
idpf: Acquire the lock before accessing the xn->salt
Emil Tantilov <emil.s.tantilov(a)intel.com>
idpf: fix transaction timeouts on reset
Emil Tantilov <emil.s.tantilov(a)intel.com>
idpf: add read memory barrier when checking descriptor done bit
Sebastian Sewior <bigeasy(a)linutronix.de>
xfrm: Don't disable preemption while looking up cache state.
Howard Chu <howardchu95(a)gmail.com>
perf trace: Fix BPF loading failure (-E2BIG)
Wentao Liang <vulab(a)iscas.ac.cn>
PM: hibernate: Add error handling for syscore_suspend()
Eric Dumazet <edumazet(a)google.com>
ipmr: do not call mr_mfc_uses_dev() for unres entries
Dheeraj Reddy Jonnalagadda <dheeraj.linuxdev(a)gmail.com>
net: fec: implement TSO descriptor cleanup
Dimitri Fedrau <dima.fedrau(a)gmail.com>
net: phy: marvell-88q2xxx: Fix temperature measurement with reset-gpios
Ahmad Fatoum <a.fatoum(a)pengutronix.de>
gpio: mxc: remove dead code after switch to DT-only
Jian Shen <shenjian15(a)huawei.com>
net: hns3: fix oops when unload drivers paralleling
Christian Marangi <ansuelsmth(a)gmail.com>
net: airoha: Fix wrong GDM4 register definition
Alexander Stein <alexander.stein(a)ew.tq-group.com>
regulator: core: Add missing newline character
pangliyuan <pangliyuan1(a)huawei.com>
ubifs: skip dumping tnc tree when zroot is null
Zhihao Cheng <chengzhihao1(a)huawei.com>
ubi: Revert "ubi: wl: Close down wear-leveling before nand is suspended"
Ming Wang <wangming01(a)loongson.cn>
rtc: loongson: clear TOY_MATCH0_REG in loongson_rtc_isr()
Oleksij Rempel <o.rempel(a)pengutronix.de>
rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read
Dan Carpenter <dan.carpenter(a)linaro.org>
rtc: tps6594: Fix integer overflow on 32bit systems
Alexandre Cassen <acassen(a)corp.free.fr>
xfrm: delete intermediate secpath entry in packet offload mode
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
dmaengine: ti: edma: fix OF node reference leaks in edma_driver
Florian Westphal <fw(a)strlen.de>
xfrm: state: fix out-of-bounds read during lookup
Jianbo Liu <jianbol(a)nvidia.com>
xfrm: replay: Fix the update of replay_esn->oseq_hi for GSO
Luo Yifan <luoyifan(a)cmss.chinamobile.com>
tools/bootconfig: Fix the wrong format specifier
Huacai Chen <chenhuacai(a)kernel.org>
LoongArch: Fix warnings during S3 suspend
Olga Kornievskaia <okorniev(a)redhat.com>
NFSv4.2: mark OFFLOAD_CANCEL MOVEABLE
Olga Kornievskaia <okorniev(a)redhat.com>
NFSv4.2: fix COPY_NOTIFY xdr buf size calculation
Mike Snitzer <snitzer(a)kernel.org>
nfs: fix incorrect error handling in LOCALIO
John Ogness <john.ogness(a)linutronix.de>
serial: 8250: Adjust the timeout for FIFO mode
Jiri Slaby (SUSE) <jirislaby(a)kernel.org>
tty: mips_ejtag_fdc: fix one more u8 warning
Zijun Hu <quic_zijuhu(a)quicinc.com>
driver core: class: Fix wild pointer dereferences in API class_dev_iter_next()
Christophe Leroy <christophe.leroy(a)csgroup.eu>
module: Don't fail module loading when setting ro_after_init section RO failed
Sebastian Andrzej Siewior <bigeasy(a)linutronix.de>
module: Extend the preempt disabled section in dereference_symbol_descriptor().
Suren Baghdasaryan <surenb(a)google.com>
alloc_tag: avoid current->alloc_tag manipulations when profiling is disabled
Ryusuke Konishi <konishi.ryusuke(a)gmail.com>
nilfs2: handle errors that nilfs_prepare_chunk() may return
Ryusuke Konishi <konishi.ryusuke(a)gmail.com>
nilfs2: protect access to buffers with no active references
Ryusuke Konishi <konishi.ryusuke(a)gmail.com>
nilfs2: do not force clear folio if buffer is referenced
Su Yue <glass.su(a)suse.com>
ocfs2: mark dquot as inactive if failed to start trans while releasing dquot
Gao Xiang <xiang(a)kernel.org>
erofs: fix potential return value overflow of z_erofs_shrink_scan()
Charles Han <hanchunchao(a)inspur.com>
firewire: test: Fix potential null dereference in firewire kunit test
Guixin Liu <kanie(a)linux.alibaba.com>
scsi: mpi3mr: Fix possible crash when setting up bsg fails
Guixin Liu <kanie(a)linux.alibaba.com>
scsi: ufs: bsg: Delete bsg_dev when setting up bsg fails
Paul Menzel <pmenzel(a)molgen.mpg.de>
scsi: mpt3sas: Set ioc->manu_pg11.EEDPTagMode directly to 1
Daire McNamara <daire.mcnamara(a)microchip.com>
PCI: microchip: Set inbound address translation for coherent or non-coherent mode
Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org>
PCI: endpoint: pci-epf-test: Fix check for DMA MEMCPY test
Mohamed Khalfella <khalfella(a)gmail.com>
PCI: endpoint: pci-epf-test: Set dma_chan_rx pointer to NULL on error
Richard Zhu <hongxing.zhu(a)nxp.com>
PCI: dwc: Always stop link in the dw_pcie_suspend_noirq
Krishna chaitanya chundru <quic_krichai(a)quicinc.com>
PCI: qcom: Update ICC and OPP values after Link Up event
Richard Zhu <hongxing.zhu(a)nxp.com>
PCI: imx6: Add missing reference clock disable logic
Richard Zhu <hongxing.zhu(a)nxp.com>
PCI: imx6: Deassert apps_reset in imx_pcie_deassert_core_reset()
Richard Zhu <hongxing.zhu(a)nxp.com>
PCI: imx6: Skip controller_id generation logic for i.MX7D
Frank Li <Frank.Li(a)nxp.com>
PCI: imx6: Configure PHY based on Root Complex or Endpoint mode
Dan Carpenter <dan.carpenter(a)linaro.org>
PCI: rockchip-ep: Fix error code in rockchip_pcie_ep_init_ob_mem()
Damien Le Moal <dlemoal(a)kernel.org>
PCI: rockchip: Add missing fields descriptions for struct rockchip_pcie_ep
King Dix <kingdix10(a)qq.com>
PCI: rcar-ep: Fix incorrect variable used when calling devm_request_mem_region()
Desnes Nunes <desnesn(a)redhat.com>
media: dvb-usb-v2: af9035: fix ISO C90 compilation error on af9035_i2c_master_xfer
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
staging: media: imx: fix OF node leak in imx_media_add_of_subdevs()
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
watchdog: rti_wdt: Fix an OF node leak in rti_wdt_probe()
Laurentiu Palcu <laurentiu.palcu(a)oss.nxp.com>
media: nxp: imx8-isi: fix v4l2-compliance test errors
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
mtd: hyperbus: hbmc-am654: fix an OF node reference leak
david regan <dregan(a)broadcom.com>
mtd: rawnand: brcmnand: fix status read of brcmnand_waitfunc
Ricardo Ribalda <ribalda(a)chromium.org>
media: uvcvideo: Propagate buf->error to userspace
Ricardo Ribalda <ribalda(a)chromium.org>
media: uvcvideo: Fix deadlock during uvc_probe
Jiasheng Jiang <jiashengjiangcool(a)gmail.com>
media: camif-core: Add check for clk_enable()
Jiasheng Jiang <jiashengjiangcool(a)gmail.com>
media: mipi-csis: Add check for clk_enable()
Dave Stevenson <dave.stevenson(a)raspberrypi.com>
media: i2c: ov9282: Correct the exposure offset
Luca Weiss <luca.weiss(a)fairphone.com>
media: i2c: imx412: Add missing newline to prints
Dave Stevenson <dave.stevenson(a)raspberrypi.com>
media: i2c: imx290: Register 0x3011 varies between imx327 and imx290
Jiasheng Jiang <jiashengjiangcool(a)gmail.com>
media: marvell: Add check for clk_enable()
Chen-Yu Tsai <wenst(a)chromium.org>
remoteproc: mtk_scp: Only populate devices for SCP cores
Zijun Hu <quic_zijuhu(a)quicinc.com>
PCI: endpoint: Destroy the EPC device in devm_pci_epc_destroy()
Chen Ni <nichen(a)iscas.ac.cn>
media: lmedm04: Handle errors for lme2510_int_read
Oliver Neukum <oneukum(a)suse.com>
media: rc: iguanair: handle timeouts
Dmytro Maluka <dmaluka(a)chromium.org>
of/fdt: Restore possibility to use both ACPI and FDT from bootloader
Mark Brown <broonie(a)kernel.org>
spi: omap2-mcspi: Correctly handle devm_clk_get_optional() errors
Michal Wilczynski <m.wilczynski(a)samsung.com>
mailbox: th1520: Fix memory corruption due to incorrect array size
Dan Carpenter <dan.carpenter(a)linaro.org>
mailbox: mpfs: fix copy and paste bug in probe
Dan Carpenter <dan.carpenter(a)linaro.org>
mailbox: th1520: Fix a NULL vs IS_ERR() bug
Qasim Ijaz <qasdev00(a)gmail.com>
iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index()
Suraj Sonawane <surajsonawane0215(a)gmail.com>
iommu: iommufd: fix WARNING in iommufd_device_unbind
Zhu Yanjun <yanjun.zhu(a)linux.dev>
RDMA/rxe: Fix the warning "__rxe_cleanup+0x12c/0x170 [rdma_rxe]"
Anumula Murali Mohan Reddy <anumula(a)chelsio.com>
RDMA/cxgb4: Notify rdma stack for IB_EVENT_QP_LAST_WQE_REACHED event
Randy Dunlap <rdunlap(a)infradead.org>
efi: sysfb_efi: fix W=1 warnings when EFI is not set
Zijun Hu <quic_zijuhu(a)quicinc.com>
of: reserved-memory: Do not make kmemleak ignore freed address
Zijun Hu <quic_zijuhu(a)quicinc.com>
of: property: Avoiding using uninitialized variable @imaplen in parse_interrupt_map()
Michael Guralnik <michaelgur(a)nvidia.com>
RDMA/mlx5: Fix indirect mkey ODP page count
Pei Xiao <xiaopei01(a)kylinos.cn>
i3c: dw: Fix use-after-free in dw_i3c_master driver due to race condition
Joel Stanley <joel(a)jms.id.au>
arm64: dts: qcom: x1e80100-romulus: Update firmware nodes
Akhil R <akhilrajeev(a)nvidia.com>
arm64: tegra: Fix DMA ID for SPI2
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
fbdev: omapfb: Fix an OF node leak in dss_of_port_get_parent_device()
Josua Mayer <josua(a)solid-run.com>
arm64: dts: ti: k3-am642-hummingboard-t: Convert overlay to board dts
Siddharth Vadapalli <s-vadapalli(a)ti.com>
arm64: dts: ti: Makefile: Fix typo "k3-j7200-evm-pcie1-ep.dtbo"
Michael Riesch <michael.riesch(a)wolfvision.net>
arm64: dts: rockchip: fix num-channels property of wolfvision pf5 mic
Jagan Teki <jagan(a)edgeble.ai>
arm64: dts: rockchip: Fix PCIe3 handling for Edgeble-6TOPS Modules
Rafał Miłecki <rafal(a)milecki.pl>
ARM: dts: mediatek: mt7623: fix IR nodename
Josua Mayer <josua(a)solid-run.com>
arm64: dts: marvell: cn9131-cf-solidwan: fix cp1 comphy links
Vladimir Zapolskiy <vladimir.zapolskiy(a)linaro.org>
arm64: dts: qcom: sm8250: Fix interrupt types of camss interrupts
Vladimir Zapolskiy <vladimir.zapolskiy(a)linaro.org>
arm64: dts: qcom: sdm845: Fix interrupt types of camss interrupts
Vladimir Zapolskiy <vladimir.zapolskiy(a)linaro.org>
arm64: dts: qcom: sc8280xp: Fix interrupt type of camss interrupts
Val Packett <val(a)packett.cool>
arm64: dts: mediatek: add per-SoC compatibles for keypad nodes
Jason-JH.Lin <jason-jh.lin(a)mediatek.com>
dts: arm64: mediatek: mt8195: Remove MT8183 compatible for OVL
Jason-JH.Lin <jason-jh.lin(a)mediatek.com>
dts: arm64: mediatek: mt8188: Update OVL compatible from MT8183 to MT8195
Frank Wunderlich <frank-w(a)public-files.de>
arm64: dts: mediatek: mt7988: Add missing clock-div property for i2c
Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org>
firmware: qcom: scm: Cleanup global '__scm' on probe failures
Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com>
arm64: dts: qcom: sc8280xp: Fix up remoteproc register space sizes
Neil Armstrong <neil.armstrong(a)linaro.org>
arm64: dts: qcom: sm8150-microsoft-surface-duo: fix typos in da7280 properties
Neil Armstrong <neil.armstrong(a)linaro.org>
arm64: dts: qcom: sc7180: fix psci power domain node names
Alan Stern <stern(a)rowland.harvard.edu>
HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections
Neil Armstrong <neil.armstrong(a)linaro.org>
arm64: dts: qcom: sc7180-trogdor-pompom: rename 5v-choke thermal zone
Neil Armstrong <neil.armstrong(a)linaro.org>
arm64: dts: qcom: sc7180-trogdor-quackingstick: add missing avee-supply
Neil Armstrong <neil.armstrong(a)linaro.org>
arm64: dts: qcom: sdm845-db845c-navigation-mezzanine: remove disabled ov7251 camera
Neil Armstrong <neil.armstrong(a)linaro.org>
arm64: dts: qcom: qcm6490-shift-otter: remove invalid orientation-switch
Aaro Koskinen <aaro.koskinen(a)iki.fi>
ARM: omap1: Fix up the Retu IRQ on Nokia 770
Junxian Huang <huangjunxian6(a)hisilicon.com>
RDMA/hns: Clean up the legacy CONFIG_INFINIBAND_HNS
Li Zhijian <lizhijian(a)fujitsu.com>
RDMA/rtrs: Add missing deinit() call
Kalesh AP <kalesh-anakkur.purayil(a)broadcom.com>
RDMA/bnxt_re: Fix to drop reference to the mmap entry in case of error
Jonas Karlman <jonas(a)kwiboo.se>
arm64: dts: rockchip: Fix sdmmc access on rk3308-rock-s0 v1.1 boards
Bryan Brattlof <bb(a)ti.com>
arm64: dts: ti: k3-am62a: Remove duplicate GICR reg
Bryan Brattlof <bb(a)ti.com>
arm64: dts: ti: k3-am62: Remove duplicate GICR reg
Cristian Birsan <cristian.birsan(a)microchip.com>
ARM: dts: microchip: sama5d27_wlsom1_ek: Add no-1-8-v property to sdmmc0 node
Cristian Birsan <cristian.birsan(a)microchip.com>
ARM: dts: microchip: sama5d29_curiosity: Add no-1-8-v property to sdmmc0 node
Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org>
arm64: dts: qcom: sm8650: Fix CDSP context banks unit addresses
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: x1e80100: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: sm8650: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: sm8550: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: sm8450: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: sm8350: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: sm8250: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: sm6375: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: sm6125: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: sm4450: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: sdx75: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: sc7280: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: qrb4210-rb2: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: q[dr]u1000: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: qcs404: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: msm8994: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: msm8939: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: msm8916: correct sleep clock frequency
Luca Weiss <luca.weiss(a)fairphone.com>
arm64: dts: qcom: sm7225-fairphone-fp4: Drop extra qcom,msm-id value
Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com>
arm64: dts: qcom: msm8994: Describe USB interrupts
Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com>
arm64: dts: qcom: msm8996: Fix up USB3 interrupts
Ross Burton <ross.burton(a)arm.com>
arm64: defconfig: remove obsolete CONFIG_SM_DISPCC_8650
Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com>
arm64: dts: qcom: sa8775p: Use valid node names for GPI DMAs
Maulik Shah <quic_mkshah(a)quicinc.com>
arm64: dts: qcom: sa8775p: Add CPUs to psci power domain
Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com>
arm64: dts: qcom: sa8775p: Use a SoC-specific compatible for GPI DMA
Taniya Das <quic_tdas(a)quicinc.com>
arm64: dts: qcom: sa8775p: Update sleep_clk frequency
Marek Vasut <marex(a)denx.de>
arm64: dts: qcom: msm8996-xiaomi-gemini: Fix LP5562 LED1 reg property
Chen-Yu Tsai <wenst(a)chromium.org>
arm64: dts: mediatek: mt8183-kukui-jacuzzi: Drop pp3300_panel voltage settings
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
memory: tegra20-emc: fix an OF node reference bug in tegra_emc_find_node_by_ram_code()
Marek Vasut <marex(a)denx.de>
ARM: dts: stm32: Swap USART3 and UART8 alias on STM32MP15xx DHCOM SoM
Marek Vasut <marex(a)denx.de>
ARM: dts: stm32: Deduplicate serial aliases and chosen node for STM32MP15xx DHCOM SoM
Nícolas F. R. A. Prado <nfraprado(a)collabora.com>
arm64: dts: mediatek: mt8195: Remove suspend-breaking reset from pcie1
Ma Ke <make_ruc2021(a)163.com>
RDMA/srp: Fix error handling in srp_add_port
Hsin-Te Yuan <yuanhsinte(a)chromium.org>
arm64: dts: mediatek: mt8183: willow: Support second source touchscreen
Hsin-Te Yuan <yuanhsinte(a)chromium.org>
arm64: dts: mediatek: mt8183: kenzo: Support second source touchscreen
zhenwei pi <pizhenwei(a)bytedance.com>
RDMA/rxe: Fix mismatched max_msg_sz
Mamta Shukla <mamta.shukla(a)leica-geosystems.com>
arm: dts: socfpga: use reset-name "stmmaceth-ocp" instead of "ahb"
Ricky CX Wu <ricky.cx.wu.wiwynn(a)gmail.com>
ARM: dts: aspeed: yosemite4: correct the compatible string for max31790
Ricky CX Wu <ricky.cx.wu.wiwynn(a)gmail.com>
ARM: dts: aspeed: yosemite4: Add required properties for IOE on fan boards
Ricky CX Wu <ricky.cx.wu.wiwynn(a)gmail.com>
ARM: dts: aspeed: yosemite4: correct the compatible string of adm1272
Chen-Yu Tsai <wenst(a)chromium.org>
arm64: dts: mediatek: mt8173-evb: Fix MT6397 PMIC sub-node names
Chen-Yu Tsai <wenst(a)chromium.org>
arm64: dts: mediatek: mt8173-elm: Fix MT6397 PMIC sub-node names
Chen-Yu Tsai <wenst(a)chromium.org>
arm64: dts: mediatek: mt8395-genio-1200-evk: Drop regulator-compatible property
Chen-Yu Tsai <wenst(a)chromium.org>
arm64: dts: medaitek: mt8395-nio-12l: Drop regulator-compatible property
Chen-Yu Tsai <wenst(a)chromium.org>
arm64: dts: mediatek: mt8195-demo: Drop regulator-compatible property
Chen-Yu Tsai <wenst(a)chromium.org>
arm64: dts: mediatek: mt8195-cherry: Drop regulator-compatible property
Chen-Yu Tsai <wenst(a)chromium.org>
arm64: dts: mediatek: mt8192-asurada: Drop regulator-compatible property
Chen-Yu Tsai <wenst(a)chromium.org>
arm64: dts: mediatek: mt8173-elm: Drop regulator-compatible property
Chen-Yu Tsai <wenst(a)chromium.org>
arm64: dts: mediatek: mt8173-evb: Drop regulator-compatible property
Dan Carpenter <dan.carpenter(a)linaro.org>
rdma/cxgb4: Prevent potential integer overflow on 32bit
Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com>
arm64: dts: renesas: rzg3s-smarc: Fix the debug serial alias
Leon Romanovsky <leon(a)kernel.org>
RDMA/mlx4: Avoid false error about access to uninitialized gids array
Arnaud Pouliquen <arnaud.pouliquen(a)foss.st.com>
ARM: dts: stm32: Fix IPCC EXTI declaration on stm32mp151
Marek Vasut <marex(a)denx.de>
ARM: dts: stm32: Sort M24256E write-lockable page in DH STM32MP13xx DHCOR SoM DT
Marek Vasut <marex(a)denx.de>
ARM: dts: stm32: Increase CPU core voltage on STM32MP13xx DHCOR SoM
Val Packett <val(a)packett.cool>
arm64: dts: mediatek: mt8516: reserve 192 KiB for TF-A
Val Packett <val(a)packett.cool>
arm64: dts: mediatek: mt8516: add i2c clock-div property
Val Packett <val(a)packett.cool>
arm64: dts: mediatek: mt8516: fix wdt irq type
Val Packett <val(a)packett.cool>
arm64: dts: mediatek: mt8516: fix GICv2 range
Hsin-Yi Wang <hsinyi(a)chromium.org>
arm64: dts: mt8183: set DMIC one-wire mode on Damu
Nícolas F. R. A. Prado <nfraprado(a)collabora.com>
arm64: dts: mediatek: mt8186: Move wakeup to MTU3 to get working suspend
Alexander Stein <alexander.stein(a)ew.tq-group.com>
ARM: dts: imx7-tqma7: add missing vs-supply for LM75A (rev. 01xxx)
Nicolas Ferre <nicolas.ferre(a)microchip.com>
ARM: at91: pm: change BU Power Switch to automatic mode
Javier Carrasco <javier.carrasco.cruz(a)gmail.com>
soc: atmel: fix device_node release in atmel_soc_device_init()
Hou Tao <houtao1(a)huawei.com>
bpf: Cancel the running bpf_timer through kworker for PREEMPT_RT
Pali Rohár <pali(a)kernel.org>
cifs: Use cifs_autodisable_serverino() for disabling CIFS_MOUNT_SERVER_INUM in readdir.c
Paulo Alcantara <pc(a)manguebit.com>
smb: client: fix oops due to unset link speed
Herbert Xu <herbert(a)gondor.apana.org.au>
rhashtable: Fix rhashtable_try_insert test
Chen Ridong <chenridong(a)huawei.com>
padata: avoid UAF for reorder_work
Chen Ridong <chenridong(a)huawei.com>
padata: add pd get/put refcnt helper
Chen Ridong <chenridong(a)huawei.com>
padata: fix UAF in padata_reorder
Chun-Tse Shao <ctshao(a)google.com>
perf lock: Fix parse_lock_type which only retrieve one lock flag
Vishal Chourasia <vishalc(a)linux.ibm.com>
tools: Sync if_xdp.h uapi tooling header
Kailang Yang <kailang(a)realtek.com>
ALSA: hda/realtek - Fixed headphone distorted sound on Acer Aspire A115-31 laptop
Jason Gunthorpe <jgg(a)ziepe.ca>
iommu/amd: Fully decode all combinations of alloc_paging_flags
Jason Gunthorpe <jgg(a)ziepe.ca>
iommu/amd: Change amd_iommu_pgtable to use enum protection_domain_mode
Jason Gunthorpe <jgg(a)ziepe.ca>
iommu/amd: Remove type argument from do_iommu_domain_alloc() and related
Jason Gunthorpe <jgg(a)ziepe.ca>
iommu/amd: Remove dev == NULL checks
Jason Gunthorpe <jgg(a)ziepe.ca>
iommu/amd: Remove domain_alloc()
Alejandro Jimenez <alejandro.j.jimenez(a)oracle.com>
iommu/amd: Remove unused amd_iommu_domain_update()
Guo Ren <guoren(a)kernel.org>
iommu/riscv: Fixup compile warning
Daniel Xu <dxu(a)dxuuu.xyz>
bpf: tcp: Mark bpf_load_hdr_opt() arg2 as read-write
Pu Lehui <pulehui(a)huawei.com>
libbpf: Fix incorrect traversal end type ID when marking BTF_IS_EMBEDDED
Pu Lehui <pulehui(a)huawei.com>
libbpf: Fix return zero when elf_begin failed
Pu Lehui <pulehui(a)huawei.com>
selftests/bpf: Fix btf leak on new btf alloc failure in btf_distill test
Tony Ambardar <tony.ambardar(a)gmail.com>
selftests/bpf: Fix undefined UINT_MAX in veristat.c
Puranjay Mohan <puranjay(a)kernel.org>
bpf: Send signals asynchronously if !preemptible
Simon Trimmer <simont(a)opensource.cirrus.com>
ASoC: Intel: sof_sdw: Fix DMI match for Lenovo 83JX, 83MC and 83NM
Simon Trimmer <simont(a)opensource.cirrus.com>
ASoC: Intel: sof_sdw: Fix DMI match for Lenovo 83LC
Ian Rogers <irogers(a)google.com>
perf inject: Fix use without initialization of local variables
Ian Rogers <irogers(a)google.com>
perf test stat: Avoid hybrid assumption when virtualized
Maciej S. Szmigiero <mail(a)maciej.szmigiero.name>
pinctrl: amd: Take suspend type into consideration which pins are non-wake
Mingwei Zheng <zmw12306(a)gmail.com>
pinctrl: stm32: Add check for clk_enable()
Jiachen Zhang <me(a)jcix.top>
perf report: Fix misleading help message about --demangle
Cezary Rojewski <cezary.rojewski(a)intel.com>
ALSA: hda: Fix compilation of snd_hdac_adsp_xxx() helpers
Arnaldo Carvalho de Melo <acme(a)kernel.org>
perf MANIFEST: Add arch/*/include/uapi/asm/bpf_perf_event.h to the perf tarball
Namhyung Kim <namhyung(a)kernel.org>
perf symbol: Prefer non-label symbols with same address
Amadeusz Sławiński <amadeuszx.slawinski(a)linux.intel.com>
ASoC: Intel: avs: Fix init-config parsing
Cezary Rojewski <cezary.rojewski(a)intel.com>
ASoC: Intel: avs: Fix theoretical infinite loop
Cezary Rojewski <cezary.rojewski(a)intel.com>
ASoC: Intel: avs: Fix the minimum firmware version numbers
Cezary Rojewski <cezary.rojewski(a)intel.com>
ASoC: Intel: avs: Do not readq() u32 registers
Arnaldo Carvalho de Melo <acme(a)redhat.com>
perf namespaces: Fixup the nsinfo__in_pidns() return type, its bool
Arnaldo Carvalho de Melo <acme(a)redhat.com>
perf namespaces: Introduce nsinfo__set_in_pidns()
Christophe Leroy <christophe.leroy(a)csgroup.eu>
perf machine: Don't ignore _etext when not a text symbol
Christophe Leroy <christophe.leroy(a)csgroup.eu>
perf maps: Fix display of kernel symbols
Arnaldo Carvalho de Melo <acme(a)redhat.com>
perf top: Don't complain about lack of vmlinux when not resolving some kernel samples
Lu Baolu <baolu.lu(a)linux.intel.com>
iommu/vt-d: Draining PRQ in sva unbind path when FPD bit set
Jiayuan Chen <mrpre(a)163.com>
selftests/bpf: Avoid generating untracked files when running bpf selftests
Thomas Weißschuh <linux(a)weissschuh.net>
padata: fix sysfs store callback check
Martin KaFai Lau <martin.lau(a)kernel.org>
bpf: Reject struct_ops registration that uses module ptr and the module btf_id is missing
Takashi Iwai <tiwai(a)suse.de>
ALSA: seq: Make dependency on UMP clearer
Pei Xiao <xiaopei01(a)kylinos.cn>
bpf: Use refcount_t instead of atomic_t for mmap_count
Kanchana P Sridhar <kanchana.p.sridhar(a)intel.com>
crypto: iaa - Fix IAA disabling that occurs when sync_mode is set to 'async'
James Clark <james.clark(a)linaro.org>
perf stat: Fix trailing comma when there is no metric unit
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
crypto: ixp4xx - fix OF node reference leaks in init_ixp_crypto()
Wenkai Lin <linwenkai6(a)hisilicon.com>
crypto: hisilicon/sec2 - fix for aead invalid authsize
Wenkai Lin <linwenkai6(a)hisilicon.com>
crypto: hisilicon/sec2 - fix for aead icv error
Breno Leitao <leitao(a)debian.org>
rhashtable: Fix potential deadlock by moving schedule_work outside lock
Martin KaFai Lau <martin.lau(a)kernel.org>
bpf: bpf_local_storage: Always use bpf_mem_alloc in PREEMPT_RT
Ba Jing <bajing(a)cmss.chinamobile.com>
ktest.pl: Remove unused declarations in run_bisect_test function
Mingwei Zheng <zmw12306(a)gmail.com>
pinctrl: nomadik: Add check for clk_enable()
Levi Yun <yeoreum.yun(a)arm.com>
perf expr: Initialize is_test value in expr__ctx_new()
Arnaldo Carvalho de Melo <acme(a)redhat.com>
tools build: Remove the libunwind feature tests from the ones detected when test-all.o builds
Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com>
ASoC: renesas: rz-ssi: Use only the proper amount of dividers
Zhongqiu Han <quic_zhonhan(a)quicinc.com>
perf bpf: Fix two memory leakages when calling perf_env__insert_bpf_prog_info()
Zhongqiu Han <quic_zhonhan(a)quicinc.com>
perf header: Fix one memory leakage in process_bpf_prog_info()
Zhongqiu Han <quic_zhonhan(a)quicinc.com>
perf header: Fix one memory leakage in process_bpf_btf()
Hans de Goede <hdegoede(a)redhat.com>
platform/x86: x86-android-tablets: Make variables only used locally static
Hans de Goede <hdegoede(a)redhat.com>
platform/x86: x86-android-tablets: Add missing __init to get_i2c_adap_by_*()
Gaurav Jain <gaurav.jain(a)nxp.com>
crypto: caam - use JobR's space to access page 0 regs
Herbert Xu <herbert(a)gondor.apana.org.au>
crypto: api - Fix boot-up self-test race
Chen Ridong <chenridong(a)huawei.com>
crypto: tegra - do not transfer req when tegra init fails
Jason Gunthorpe <jgg(a)ziepe.ca>
iommu/arm-smmuv3: Update comments about ATS and bypass
Saket Kumar Bhaskar <skb99(a)linux.ibm.com>
selftests/bpf: Fix fill_link_info selftest on powerpc
Arnaldo Carvalho de Melo <acme(a)redhat.com>
tools features: Don't check for libunwind devel files by default
George Lander <lander(a)jagmn.com>
ASoC: sun4i-spdif: Add clock multiplier settings
Bard Liao <yung-chuan.liao(a)linux.intel.com>
ASoC: Intel: sof_sdw: correct mach_params->dmic_num
Quentin Monnet <qmo(a)kernel.org>
libbpf: Fix segfault due to libelf functions not setting errno
Andrea Righi <arighi(a)nvidia.com>
sched_ext: Use the NUMA scheduling domain for NUMA optimizations
Marco Leogrande <leogrande(a)google.com>
tools/testing/selftests/bpf/test_tc_tunnel.sh: Fix wait for server bind
Takashi Iwai <tiwai(a)suse.de>
ASoC: wcd937x: Use *-y for Makefile
Takashi Iwai <tiwai(a)suse.de>
ASoC: cs42l84: Use *-y for Makefile
Takashi Iwai <tiwai(a)suse.de>
ASoC: SDCA: Use *-y for Makefile
Takashi Iwai <tiwai(a)suse.de>
ASoC: mediatek: mt8365: Use *-y for Makefile
Takashi Iwai <tiwai(a)suse.de>
ASoC: cs40l50: Use *-y for Makefile
Andrii Nakryiko <andrii(a)kernel.org>
libbpf: don't adjust USDT semaphore address if .stapsdt.base addr is missing
Christophe JAILLET <christophe.jaillet(a)wanadoo.fr>
pinctrl: samsung: Fix irq handling if an error occurs in exynos_irq_demux_eint16_31()
Pei Xiao <xiaopei01(a)kylinos.cn>
platform/x86: x86-android-tablets: make platform data be static
Pei Xiao <xiaopei01(a)kylinos.cn>
platform/mellanox: mlxbf-pmc: incorrect type in assignment
Nikita Zhandarovich <n.zhandarovich(a)fintech.ru>
net/rose: prevent integer overflows in rose_setsockopt()
Mahdi Arghavani <ma.arghavani(a)yahoo.com>
tcp_cubic: fix incorrect HyStart round start detection
Roger Quadros <rogerq(a)kernel.org>
net: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns()
Xin Long <lucien.xin(a)gmail.com>
net: sched: refine software bypass handling in tc_run
Florian Westphal <fw(a)strlen.de>
netfilter: nft_flow_offload: update tcp state flags under lock
Pablo Neira Ayuso <pablo(a)netfilter.org>
netfilter: nf_tables: fix set size with rbtree backend
Jamal Hadi Salim <jhs(a)mojatatu.com>
net: sched: Disallow replacing of child qdisc from one parent to another
Antoine Tenart <atenart(a)kernel.org>
net: avoid race between device unregistration and ethnl ops
Shinas Rasheed <srasheed(a)marvell.com>
octeon_ep_vf: remove firmware stats fetch in ndo_get_stats64
Shinas Rasheed <srasheed(a)marvell.com>
octeon_ep: remove firmware stats fetch in ndo_get_stats64
Maher Sanalla <msanalla(a)nvidia.com>
net/mlxfw: Drop hard coded max FW flash image size
Liu Jian <liujian56(a)huawei.com>
net: let net.core.dev_weight always be non-zero
Mickaël Salaün <mic(a)digikod.net>
selftests/landlock: Fix error message
Mickaël Salaün <mic(a)digikod.net>
selftests/landlock: Fix build with non-default pthread linking
Daniel Golle <daniel(a)makrotopia.org>
net: phy: realtek: always clear NBase-T lpa
Daniel Golle <daniel(a)makrotopia.org>
net: phy: realtek: clear master_slave_state if link is down
Daniel Golle <daniel(a)makrotopia.org>
net: phy: realtek: clear 1000Base-T lpa if link is down
Mingwei Zheng <zmw12306(a)gmail.com>
pwm: stm32: Add check for clk_enable()
Kuniyuki Iwashima <kuniyu(a)amazon.com>
dev: Acquire netdev_rename_lock before restoring dev->name in dev_change_name().
Bo Gan <ganboing(a)gmail.com>
clk: analogbits: Fix incorrect calculation of vco rate delta
Eric Dumazet <edumazet(a)google.com>
inet: ipmr: fix data-races
Alexis Lothoré <alexis.lothore(a)bootlin.com>
wifi: wilc1000: unregister wiphy only after netdev registration
Max Chou <max.chou(a)realtek.com>
Bluetooth: btrtl: check for NULL in btrtl_setup_realtek()
Charles Han <hanchunchao(a)inspur.com>
Bluetooth: btbcm: Fix NULL deref in btbcm_get_board_name()
Dmitry Antipov <dmantipov(a)yandex.ru>
wifi: cfg80211: adjust allocation of colocated AP data
Dmitry V. Levin <ldv(a)strace.io>
selftests: harness: fix printing of mismatch values in __EXPECT()
Geert Uytterhoeven <geert+renesas(a)glider.be>
selftests: timers: clocksource-switch: Adapt progress to kselftest framework
Aditya Kumar Singh <quic_adisi(a)quicinc.com>
wifi: ath12k: fix key cache handling
Gautham R. Shenoy <gautham.shenoy(a)amd.com>
cpufreq: ACPI: Fix max-frequency computation
Uwe Kleine-König <u.kleine-koenig(a)baylibre.com>
i2c: designware: Actually make use of the I2C_DW_COMMON and I2C_DW symbol namespaces
Peter Chiu <chui-hao.chiu(a)mediatek.com>
wifi: mt76: mt7996: fix ldpc setting
Benjamin Lin <benjamin-jw.lin(a)mediatek.com>
wifi: mt76: mt7996: fix definition of tx descriptor
Benjamin Lin <benjamin-jw.lin(a)mediatek.com>
wifi: mt76: mt7996: fix incorrect indexing of MIB FW event
Howard Hsu <howard-yh.hsu(a)mediatek.com>
wifi: mt76: mt7996: fix HE Phy capability
Howard Hsu <howard-yh.hsu(a)mediatek.com>
wifi: mt76: mt7996: fix the capability of reception of EHT MU PPDU
Peter Chiu <chui-hao.chiu(a)mediatek.com>
wifi: mt76: mt7996: add max mpdu len capability
Peter Chiu <chui-hao.chiu(a)mediatek.com>
wifi: mt76: mt7996: fix register mapping
Peter Chiu <chui-hao.chiu(a)mediatek.com>
wifi: mt76: mt7915: fix register mapping
Felix Fietkau <nbd(a)nbd.name>
wifi: mt76: mt7915: fix omac index assignment after hardware reset
Felix Fietkau <nbd(a)nbd.name>
wifi: mt76: mt7915: firmware restart on devices with a second pcie link
Felix Fietkau <nbd(a)nbd.name>
wifi: mt76: only enable tx worker after setting the channel
Felix Fietkau <nbd(a)nbd.name>
wifi: mt76: mt7996: fix rx filter setting for bfee functionality
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: Properly handle responses for commands with events
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: Cleanup MLO settings post-disconnection
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: Update mt7925_mcu_uni_[tx,rx]_ba for MLO
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: Init secondary link PM state
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: Update secondary link PS flow
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: Update mt7925_unassign_vif_chanctx for per-link BSS
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: Update mt792x_rx_get_wcid for per-link STA
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: Update mt7925_mcu_sta_update for BC in ASSOC state
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: Enhance mt7925_mac_link_sta_add to support MLO
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: Enhance mt7925_mac_link_bss_add to support MLO
Leon Yen <leon.yen(a)mediatek.com>
wifi: mt76: mt7925: Fix CNM Timeout with Single Active Link in MLO
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: fix wrong parameter for related cmd of chan info
allan.wang <allan.wang(a)mediatek.com>
wifi: mt76: mt7925: Fix incorrect WCID phy_idx assignment
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: Fix incorrect WCID assignment for MLO
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: Fix incorrect MLD address in bss_mld_tlv for MLO support
Sean Wang <sean.wang(a)mediatek.com>
wifi: mt76: connac: Extend mt76_connac_mcu_uni_add_dev for MLO
xueqin Luo <luoxueqin(a)kylinos.cn>
wifi: mt76: mt7915: fix overflows seen when writing limit attributes
xueqin Luo <luoxueqin(a)kylinos.cn>
wifi: mt76: mt7996: fix overflows seen when writing limit attributes
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: fix the invalid ip address for arp offload
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: fix get wrong chip cap from incorrect pointer
Eric-SY Chang <eric-sy.chang(a)mediatek.com>
wifi: mt76: mt7925: fix wrong band_idx setting when enable sniffer mode
Charles Han <hanchunchao(a)inspur.com>
wifi: mt76: mt7925: fix NULL deref check in mt7925_change_vif_links
Christophe JAILLET <christophe.jaillet(a)wanadoo.fr>
wifi: mt76: mt7915: Fix an error handling path in mt7915_add_interface()
Michael Lo <michael.lo(a)mediatek.com>
wifi: mt76: mt7921: fix using incorrect group cipher after disconnection.
WangYuli <wangyuli(a)uniontech.com>
wifi: mt76: mt76u_vendor_request: Do not print error messages when -EPROTO
Mickaël Salaün <mic(a)digikod.net>
landlock: Handle weird files
Guangguan Wang <guangguan.wang(a)linux.alibaba.com>
net/smc: fix data error when recvmsg with MSG_PEEK flag
Drew Fustini <dfustini(a)tenstorrent.com>
clk: thead: Fix cpu2vp_clk for TH1520 AP_SUBSYS clocks
Drew Fustini <dfustini(a)tenstorrent.com>
clk: thead: Add CLK_IGNORE_UNUSED to fix TH1520 boot
Drew Fustini <dfustini(a)tenstorrent.com>
clk: thead: Fix clk gate registration to pass flags
Sergio Paracuellos <sergio.paracuellos(a)gmail.com>
clk: ralink: mtmips: remove duplicated 'xtal' clock for Ralink SoC RT3883
Johannes Berg <johannes.berg(a)intel.com>
wifi: mac80211: don't flush non-uploaded STAs
Ilan Peer <ilan.peer(a)intel.com>
wifi: mac80211: Fix common size calculation for ML element
Andy Strohman <andrew(a)andrewstrohman.com>
wifi: mac80211: fix tid removal during mesh forwarding
Kees Cook <kees(a)kernel.org>
wifi: cfg80211: Move cfg80211_scan_req_add_chan() n_channels increment earlier
Johannes Berg <johannes.berg(a)intel.com>
wifi: mac80211: prohibit deactivating all links
Emmanuel Grumbach <emmanuel.grumbach(a)intel.com>
wifi: iwlwifi: mvm: remove unneeded NULL pointer checks
Daniel Gabay <daniel.gabay(a)intel.com>
wifi: iwlwifi: mvm: don't count mgmt frames as MPDU
Miri Korenblit <miriam.rachel.korenblit(a)intel.com>
wifi: iwlwifi: mvm: avoid NULL pointer dereference
Johannes Berg <johannes.berg(a)intel.com>
wifi: iwlwifi: fw: read STEP table from correct UEFI var
Nicolas Cavallari <nicolas.cavallari(a)green-communications.fr>
wifi: mt76: mt7915: Fix mesh scan on MT7916 DBDC
Dan Carpenter <dan.carpenter(a)linaro.org>
wifi: mt76: mt7925: fix off by one in mt7925_load_clc()
Joel Stanley <joel(a)jms.id.au>
hwmon: Fix help text for aspeed-g6-pwm-tach
Ping-Ke Shih <pkshih(a)realtek.com>
wifi: rtw89: fix race between cancel_hw_scan and hw_scan completion
Zong-Zhe Yang <kevin_yang(a)realtek.com>
wifi: rtw89: mcc: consider time limits not divisible by 1024
Chih-Kang Chang <gary.chang(a)realtek.com>
wifi: rtw89: avoid to init mgnt_entry list twice when WoWLAN failed
Po-Hao Huang <phhuang(a)realtek.com>
wifi: rtw89: correct header conversion rule for MLO only
Zong-Zhe Yang <kevin_yang(a)realtek.com>
wifi: rtw89: chan: fix soft lockup in rtw89_entity_recalc_mgnt_roles()
Zong-Zhe Yang <kevin_yang(a)realtek.com>
wifi: rtw89: fix proceeding MCC with wrong scanning state after sequence changes
Andreas Kemnade <andreas(a)kemnade.info>
wifi: wlcore: fix unbalanced pm_runtime calls
Alexis Lothoré <alexis.lothore(a)bootlin.com>
wifi: wilc1000: unregister wiphy only if it has been registered
Shayne Chen <shayne.chen(a)mediatek.com>
wifi: mt76: mt7996: fix invalid interface combinations
Zichen Xie <zichenxie0106(a)gmail.com>
samples/landlock: Fix possible NULL dereference in parse_path()
Rob Herring (Arm) <robh(a)kernel.org>
mfd: syscon: Fix race in device_node_get_regmap()
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
leds: cht-wcove: Use devm_led_classdev_register() to avoid memory leak
Terry Tritton <terry.tritton(a)linaro.org>
HID: fix generic desktop D-Pad controls
Karol Przybylski <karprzy7(a)gmail.com>
HID: hid-thrustmaster: Fix warning in thrustmaster_probe by adding endpoint check
Amit Pundir <amit.pundir(a)linaro.org>
clk: qcom: gcc-sdm845: Do not use shared clk_ops for QUPs
Sathishkumar Muruganandam <quic_murugana(a)quicinc.com>
wifi: ath12k: fix tx power, max reg power update to firmware
Quan Nguyen <quan(a)os.amperecomputing.com>
ipmi: ssif_bmc: Fix new request loss when bmc ready for a response
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
OPP: OF: Fix an OF node leak in _opp_add_static_v2()
Yevgeny Kliteynik <kliteyn(a)nvidia.com>
net/mlx5: HWS, fix definer's HWS_SET32 macro for negative offset
Eric Dumazet <edumazet(a)google.com>
ax25: rcu protect dev->ax25_ptr
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
regulator: of: Implement the unwind path of of_regulator_match()
Vasily Khoruzhick <anarsoul(a)gmail.com>
clk: sunxi-ng: a64: stop force-selecting PLL-MIPI as TCON0 parent
Mario Limonciello <mario.limonciello(a)amd.com>
cpufreq/amd-pstate: Fix prefcore rankings
Octavian Purdila <tavip(a)google.com>
team: prevent adding a device which is already a team device lower
Bryan O'Donoghue <bryan.odonoghue(a)linaro.org>
clk: qcom: camcc-x1e80100: Set titan_top_gdsc as the parent GDSC of subordinate GDSCs
Peng Fan <peng.fan(a)nxp.com>
clk: imx: Apply some clks only for i.MX93
Shengjiu Wang <shengjiu.wang(a)nxp.com>
arm64: dts: imx93: Use IMX93_CLK_SPDIF_IPG as SPDIF IPG clock
Shengjiu Wang <shengjiu.wang(a)nxp.com>
clk: imx93: Add IMX93_CLK_SPDIF_IPG clock
Shengjiu Wang <shengjiu.wang(a)nxp.com>
dt-bindings: clock: imx93: Add SPDIF IPG clk
Marek Vasut <marex(a)denx.de>
clk: imx8mp: Fix clkout1/2 support
Stefano Brivio <sbrivio(a)redhat.com>
udp: Deal with race between UDP socket address change and rehash
Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org>
cpufreq: qcom: Implement clk_ops::determine_rate() for qcom_cpufreq* clocks
Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org>
cpufreq: qcom: Fix qcom_cpufreq_hw_recalc_rate() to query LUT if LMh IRQ is not available
Luca Ceresoli <luca.ceresoli(a)bootlin.com>
gpio: pca953x: log an error when failing to get the reset GPIO
Lorenzo Bianconi <lorenzo(a)kernel.org>
net: airoha: Fix error path in airoha_probe()
Eric Dumazet <edumazet(a)google.com>
ptr_ring: do not block hard interrupts in ptr_ring_resize_multiple()
Mickaël Salaün <mic(a)digikod.net>
selftests: ktap_helpers: Fix uninitialized variable
Sultan Alsawaf (unemployed) <sultan(a)kerneltoast.com>
cpufreq: schedutil: Fix superfluous updates caused by need_freq_update
Mingwei Zheng <zmw12306(a)gmail.com>
pwm: stm32-lp: Add check for clk_enable()
Eric Dumazet <edumazet(a)google.com>
inetpeer: do not get a refcount in inet_getpeer()
Eric Dumazet <edumazet(a)google.com>
inetpeer: update inetpeer timestamp in inet_getpeer()
Eric Dumazet <edumazet(a)google.com>
inetpeer: remove create argument of inet_getpeer()
Eric Dumazet <edumazet(a)google.com>
inetpeer: remove create argument of inet_getpeer_v[46]()
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
leds: netxbig: Fix an OF node reference leak in netxbig_leds_get_of_pdata()
Matti Vaittinen <mazziesaccount(a)gmail.com>
dt-bindings: mfd: bd71815: Fix rsense and typos
He Rongguang <herongguang(a)linux.alibaba.com>
cpupower: fix TSC MHz calculation
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
ACPI: fan: cleanup resources in the error path of .probe()
Uwe Kleine-König <u.kleine-koenig(a)baylibre.com>
hwmon: (nct6775): Actually make use of the HWMON_NCT6775 symbol namespace
Marcel Hamer <marcel.hamer(a)windriver.com>
wifi: brcmfmac: add missing header include for brcmf_dbg
Aditya Kumar Singh <quic_adisi(a)quicinc.com>
wifi: ath12k: fix read pointer after free in ath12k_mac_assign_vif_to_vdev()
Chen-Yu Tsai <wenst(a)chromium.org>
regulator: dt-bindings: mt6315: Drop regulator-compatible property
Jiri Kosina <jikos(a)kernel.org>
HID: multitouch: fix support for Goodix PID 0x01e9
Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>
wifi: rtlwifi: pci: wait for firmware loading before releasing memory
Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>
wifi: rtlwifi: fix memory leaks and invalid access at probe error path
Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>
wifi: rtlwifi: destroy workqueue at rtl_deinit_core
Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>
wifi: rtlwifi: remove unused check_buddy_priv
Geert Uytterhoeven <geert+renesas(a)glider.be>
dt-bindings: leds: class-multicolor: Fix path to color definitions
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
clk: fix an OF node reference leak in of_clk_get_parent_name()
Neil Armstrong <neil.armstrong(a)linaro.org>
dt-bindings: mmc: controller: clarify the address-cells description
David Howells <dhowells(a)redhat.com>
rxrpc: Fix handling of received connection abort
Mingwei Zheng <zmw12306(a)gmail.com>
spi: zynq-qspi: Add check for clk_enable()
Octavian Purdila <tavip(a)google.com>
net_sched: sch_sfq: don't allow 1 packet limit
Song Yoong Siang <yoong.siang.song(a)intel.com>
selftests/bpf: Actuate tx_metadata_len in xdp_hw_metadata
Zichen Xie <zichenxie0106(a)gmail.com>
wifi: cfg80211: tests: Fix potential NULL dereference in test_cfg80211_parse_colocated_ap()
Dan Carpenter <dan.carpenter(a)linaro.org>
clk: mmp: pxa1908-apbc: Fix NULL vs IS_ERR() check
Dan Carpenter <dan.carpenter(a)linaro.org>
clk: mmp: pxa1908-apbcp: Fix a NULL vs IS_ERR() check
Dan Carpenter <dan.carpenter(a)linaro.org>
clk: mmp: pxa1908-mpmu: Fix a NULL vs IS_ERR() check
Javier Carrasco <javier.carrasco.cruz(a)gmail.com>
clk: renesas: cpg-mssr: Fix 'soc' node handling in cpg_mssr_reserved_init()
Barnabás Czémán <barnabas.czeman(a)mainlining.org>
wifi: wcn36xx: fix channel survey memory allocation size
Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>
wifi: rtlwifi: usb: fix workqueue leak when probe fails
Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>
wifi: rtlwifi: fix init_sw_vars leak when probe fails
Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>
wifi: rtlwifi: wait for firmware loading before releasing memory
Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>
wifi: rtlwifi: rtl8192se: rise completion of firmware loading as last step
Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>
wifi: rtlwifi: do not complete firmware loading needlessly
Colin Ian King <colin.i.king(a)gmail.com>
wifi: rtlwifi: rtl8821ae: phy: restore removed code to fix infinite loop
Balaji Pothunoori <quic_bpothuno(a)quicinc.com>
wifi: ath11k: Fix unexpected return buffer manager error for WCN6750/WCN6855
Charles Han <hanchunchao(a)inspur.com>
ipmi: ipmb: Add check devm_kasprintf() returned value
Thomas Gleixner <tglx(a)linutronix.de>
genirq: Make handle_enforce_irqctx() unconditionally available
Jonathan Kim <jonathan.kim(a)amd.com>
drm/amdgpu: fix gpu recovery disable with per queue reset
Jiang Liu <gerry(a)linux.alibaba.com>
drm/amdgpu: tear down ttm range manager for doorbell in amdgpu_ttm_fini()
Dan Carpenter <dan.carpenter(a)linaro.org>
drm/amdgpu: Fix shift type in amdgpu_debugfs_sdma_sched_mask_set()
Hermes Wu <hermes.wu(a)ite.com.tw>
drm/bridge: it6505: Change definition of AUX_FIFO_MAX_SIZE
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
drm/msm/mdp4: correct LCDC regulator name
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
drm/msm: don't clean up priv->kms prematurely
Sui Jingfeng <sui.jingfeng(a)linux.dev>
drm/msm: Check return value of of_dma_configure()
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
drm/msm/dpu: link DSPP_2/_3 blocks on X1E80100
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
drm/msm/dpu: link DSPP_2/_3 blocks on SM8650
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
drm/msm/dpu: link DSPP_2/_3 blocks on SM8550
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
drm/msm/dpu: link DSPP_2/_3 blocks on SM8350
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
drm/msm/dpu: link DSPP_2/_3 blocks on SM8250
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
drm/msm/dpu: link DSPP_2/_3 blocks on SC8180X
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
drm/msm/dpu: link DSPP_2/_3 blocks on SM8150
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
drm/msm/dpu: provide DSPP and correct LM config for SDM670
Neil Armstrong <neil.armstrong(a)linaro.org>
OPP: fix dev_pm_opp_find_bw_*() when bandwidth table not initialized
Neil Armstrong <neil.armstrong(a)linaro.org>
OPP: add index check to assert to avoid buffer overflow in _read_freq()
Karol Przybylski <karprzy7(a)gmail.com>
drm/amdgpu: Fix potential integer overflow in scheduler mask calculations
Bokun Zhang <bokun.zhang(a)amd.com>
drm/amdgpu/vcn: reset fw_shared under SRIOV
Min-Hua Chen <minhuadotchen(a)gmail.com>
drm/rockchip: vop2: include rockchip_drm_drv.h
Andy Yan <andy.yan(a)rock-chips.com>
drm/rockchip: vop2: Add check for 32 bpp format for rk3588
Andy Yan <andy.yan(a)rock-chips.com>
drm/rockchip: vop2: Check linear format for Cluster windows on rk3566/8
Andy Yan <andy.yan(a)rock-chips.com>
drm/rockchip: vop2: Setup delay cycle for Esmart2/3
Andy Yan <andy.yan(a)rock-chips.com>
drm/rockchip: vop2: Set AXI id for rk3588
Derek Foreman <derek.foreman(a)collabora.com>
drm/connector: Allow clearing HDMI infoframes
John Ogness <john.ogness(a)linutronix.de>
printk: Defer legacy printing when holding printk_cpu_sync
Andy Yan <andy.yan(a)rock-chips.com>
drm/rockchip: vop2: Fix the windows switch between different layers
Abhinav Kumar <quic_abhinavk(a)quicinc.com>
drm/msm/dpu: check dpu_plane_atomic_print_state() for valid sspp
Abhinav Kumar <quic_abhinavk(a)quicinc.com>
drm/msm/dp: disable the opp table request even for dp_ctrl_off_link()
Abhinav Kumar <quic_abhinavk(a)quicinc.com>
drm/msm/dp: dont call dp_catalog_ctrl_mainlink_ctrl in dp_ctrl_configure_source_params()
Abhinav Kumar <quic_abhinavk(a)quicinc.com>
drm/msm/dp: do not touch the MMSS_DP_INTF_CONFIG for tpg
Boris Brezillon <boris.brezillon(a)collabora.com>
drm/panthor: Preserve the result returned by panthor_fw_resume()
Andy Yan <andy.yan(a)rock-chips.com>
drm/rockchip: vop2: Fix the mixer alpha setup for layer 0
Andy Yan <andy.yan(a)rock-chips.com>
drm/rockchip: vop2: Fix cluster windows alpha ctrl regsiters offset
Ivan Stepchenko <sid(a)itb.spb.ru>
drm/amdgpu: Fix potential NULL pointer dereference in atomctrl_get_smc_sclk_range_table
Christophe JAILLET <christophe.jaillet(a)wanadoo.fr>
drm/amd/pm: Fix an error handling path in vega10_enable_se_edc_force_stall_config()
Sui Jingfeng <sui.jingfeng(a)linux.dev>
drm/etnaviv: Fix page property being used for non writecombine buffers
Rex Nie <rex.nie(a)jaguarmicro.com>
drm/msm/hdmi: simplify code in pll_get_integloop_gain
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
dt-bindings: display/msm: qcom,sa8775p-mdss: fix the example
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
drm/msm/dp: fix msm_dp_utils_pack_sdp_header interface
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
drm/msm/dp: set safe_to_exit_level before printing it
Heiko Stuebner <heiko.stuebner(a)cherry.de>
drm/rockchip: vop2: fix rk3588 dp+dsi maxclk verification
Ville Syrjälä <ville.syrjala(a)linux.intel.com>
drm/i915: Grab intel_display from the encoder to avoid potential oopsies
Maíra Canal <mcanal(a)igalia.com>
drm/v3d: Fix performance counter source settings on V3D 7.x
Chengming Zhou <chengming.zhou(a)linux.dev>
psi: Fix race when task wakes up before psi_sched_switch() adjusts flags
K Prateek Nayak <kprateek.nayak(a)amd.com>
x86/topology: Use x86_sched_itmt_flags for PKG domain unconditionally
Tianchen Ding <dtcccc(a)linux.alibaba.com>
sched: Fix race between yield_to() and try_to_wake_up()
Peter Zijlstra <peterz(a)infradead.org>
sched/fair: Fix value reported by hot tasks pulled in /proc/schedstat
Peter Zijlstra <peterz(a)infradead.org>
sched/fair: Untangle NEXT_BUDDY and pick_next_task()
Yabin Cui <yabinc(a)google.com>
perf/core: Save raw sample data conditionally based on sample type
John Garry <john.g.garry(a)oracle.com>
block: Ensure start sector is aligned for stacking atomic writes
David Howells <dhowells(a)redhat.com>
afs: Fix the fallback handling for the YFS.RemoveFile2 RPC call
Jens Axboe <axboe(a)kernel.dk>
nvme: fix bogus kzalloc() return check in nvme_init_effects_log()
Christophe Leroy <christophe.leroy(a)csgroup.eu>
select: Fix unbalanced user_access_end()
Qu Wenruo <wqu(a)suse.com>
btrfs: subpage: fix the bitmap dump of the locked flags
Randy Dunlap <rdunlap(a)infradead.org>
partitions: ldm: remove the initial kernel-doc notation
Qu Wenruo <wqu(a)suse.com>
btrfs: improve the warning and error message for btrfs_remove_qgroup()
Keisuke Nishimura <keisuke.nishimura(a)inria.fr>
nvme: Add error path for xa_store in nvme_init_effects
Michael Ellerman <mpe(a)ellerman.id.au>
selftests/powerpc: Fix argument order to timer_sub()
Gaurav Batra <gbatra(a)linux.ibm.com>
powerpc/pseries/iommu: IOMMU incorrectly marks MMIO range in DDW
Keisuke Nishimura <keisuke.nishimura(a)inria.fr>
nvme: Add error check for xa_store in nvme_get_effects_log
Sagi Grimberg <sagi(a)grimberg.me>
nvme-tcp: Fix I/O queue cpu spreading for multiple controllers
Christoph Hellwig <hch(a)lst.de>
block: fix queue freeze vs limits lock order in sysfs store methods
Christoph Hellwig <hch(a)lst.de>
block: add a store_limit operations for sysfs entries
Christoph Hellwig <hch(a)lst.de>
block: add a queue_limits_commit_update_frozen helper
Christoph Hellwig <hch(a)lst.de>
block: don't update BLK_FEAT_POLL in __blk_mq_update_nr_hw_queues
Christoph Hellwig <hch(a)lst.de>
block: check BLK_FEAT_POLL under q_usage_count
Eugen Hristev <eugen.hristev(a)linaro.org>
pstore/blk: trivial typo fixes
Yu Kuai <yukuai3(a)huawei.com>
nbd: don't allow reconnect after disconnect
Geert Uytterhoeven <geert+renesas(a)glider.be>
ps3disk: Do not use dev->bounce_size before it is set
Yang Erkun <yangerkun(a)huawei.com>
block: retry call probe after request_module in blk_request_module
Pavel Begunkov <asml.silence(a)gmail.com>
io_uring: prevent reg-wait speculations
Christoph Hellwig <hch(a)lst.de>
block: copy back bounce buffer to user-space correctly in case of split
Jinliang Zheng <alexjlzheng(a)gmail.com>
fs: fix proc_handler for sysctl_nr_open
David Howells <dhowells(a)redhat.com>
afs: Fix cleanup of immediately failed async calls
David Howells <dhowells(a)redhat.com>
afs: Fix directory format encoding struct
David Howells <dhowells(a)redhat.com>
afs: Fix EEXIST error returned from afs_rmdir() to be ENOTEMPTY
Alexander Aring <aahringo(a)redhat.com>
dlm: fix srcu_read_lock() return type to int
Alexander Aring <aahringo(a)redhat.com>
dlm: fix removal of rsb struct that is master and dir record
Sourabh Jain <sourabhjain(a)linux.ibm.com>
powerpc/book3s64/hugetlb: Fix disabling hugetlb when fadump is active
Kees Cook <kees(a)kernel.org>
coredump: Do not lock during 'comm' reporting
-------------
Diffstat:
.../bindings/display/msm/qcom,sa8775p-mdss.yaml | 3 +-
.../bindings/leds/leds-class-multicolor.yaml | 2 +-
.../devicetree/bindings/mfd/rohm,bd71815-pmic.yaml | 20 +--
.../devicetree/bindings/mmc/mmc-controller.yaml | 2 +-
.../bindings/regulator/mt6315-regulator.yaml | 6 -
Documentation/driver-api/crypto/iaa/iaa-crypto.rst | 9 +-
Makefile | 4 +-
.../dts/aspeed/aspeed-bmc-facebook-yosemite4.dts | 24 ++-
.../boot/dts/intel/socfpga/socfpga_arria10.dtsi | 6 +-
arch/arm/boot/dts/mediatek/mt7623.dtsi | 2 +-
.../boot/dts/microchip/at91-sama5d27_wlsom1_ek.dts | 1 +
.../boot/dts/microchip/at91-sama5d29_curiosity.dts | 1 +
arch/arm/boot/dts/nxp/imx/imx7-tqma7.dtsi | 1 +
arch/arm/boot/dts/st/stm32mp13xx-dhcor-som.dtsi | 16 +-
arch/arm/boot/dts/st/stm32mp151.dtsi | 2 +-
arch/arm/boot/dts/st/stm32mp15xx-dhcom-drc02.dtsi | 12 --
arch/arm/boot/dts/st/stm32mp15xx-dhcom-pdk2.dtsi | 10 --
.../arm/boot/dts/st/stm32mp15xx-dhcom-picoitx.dtsi | 10 --
arch/arm/boot/dts/st/stm32mp15xx-dhcom-som.dtsi | 7 +
arch/arm/mach-at91/pm.c | 31 ++--
arch/arm/mach-omap1/board-nokia770.c | 2 +-
arch/arm64/boot/dts/freescale/imx93.dtsi | 2 +-
arch/arm64/boot/dts/marvell/cn9131-cf-solidwan.dts | 4 +-
arch/arm64/boot/dts/mediatek/mt7988a.dtsi | 3 +
arch/arm64/boot/dts/mediatek/mt8173-elm.dtsi | 29 +---
arch/arm64/boot/dts/mediatek/mt8173-evb.dts | 25 +--
.../dts/mediatek/mt8183-kukui-jacuzzi-damu.dts | 4 +
.../dts/mediatek/mt8183-kukui-jacuzzi-kenzo.dts | 15 ++
.../dts/mediatek/mt8183-kukui-jacuzzi-willow.dtsi | 15 ++
.../boot/dts/mediatek/mt8183-kukui-jacuzzi.dtsi | 2 -
arch/arm64/boot/dts/mediatek/mt8183.dtsi | 3 +-
arch/arm64/boot/dts/mediatek/mt8186.dtsi | 8 +-
arch/arm64/boot/dts/mediatek/mt8188.dtsi | 2 +-
arch/arm64/boot/dts/mediatek/mt8192-asurada.dtsi | 3 -
arch/arm64/boot/dts/mediatek/mt8195-cherry.dtsi | 2 -
arch/arm64/boot/dts/mediatek/mt8195-demo.dts | 9 --
arch/arm64/boot/dts/mediatek/mt8195.dtsi | 5 +-
arch/arm64/boot/dts/mediatek/mt8365.dtsi | 3 +-
.../boot/dts/mediatek/mt8395-genio-1200-evk.dts | 2 -
.../boot/dts/mediatek/mt8395-radxa-nio-12l.dts | 2 -
arch/arm64/boot/dts/mediatek/mt8516.dtsi | 11 +-
arch/arm64/boot/dts/mediatek/pumpkin-common.dtsi | 2 -
arch/arm64/boot/dts/nvidia/tegra234.dtsi | 2 +-
arch/arm64/boot/dts/qcom/msm8916.dtsi | 2 +-
arch/arm64/boot/dts/qcom/msm8939.dtsi | 2 +-
arch/arm64/boot/dts/qcom/msm8994.dtsi | 11 +-
arch/arm64/boot/dts/qcom/msm8996-xiaomi-gemini.dts | 2 +-
arch/arm64/boot/dts/qcom/msm8996.dtsi | 9 +-
arch/arm64/boot/dts/qcom/qcm6490-shift-otter.dts | 2 -
arch/arm64/boot/dts/qcom/qcs404.dtsi | 2 +-
arch/arm64/boot/dts/qcom/qcs8550-aim300.dtsi | 2 +-
arch/arm64/boot/dts/qcom/qdu1000-idp.dts | 2 +-
arch/arm64/boot/dts/qcom/qrb4210-rb2.dts | 2 +-
arch/arm64/boot/dts/qcom/qru1000-idp.dts | 2 +-
arch/arm64/boot/dts/qcom/sa8775p-ride.dtsi | 2 +-
arch/arm64/boot/dts/qcom/sa8775p.dtsi | 32 +++-
.../arm64/boot/dts/qcom/sc7180-trogdor-pompom.dtsi | 4 +-
.../dts/qcom/sc7180-trogdor-quackingstick.dtsi | 1 +
arch/arm64/boot/dts/qcom/sc7180.dtsi | 18 +--
arch/arm64/boot/dts/qcom/sc7280.dtsi | 2 +-
arch/arm64/boot/dts/qcom/sc8280xp.dtsi | 46 +++---
.../qcom/sdm845-db845c-navigation-mezzanine.dtso | 42 -----
arch/arm64/boot/dts/qcom/sdm845.dtsi | 20 +--
arch/arm64/boot/dts/qcom/sdx75.dtsi | 2 +-
arch/arm64/boot/dts/qcom/sm4450.dtsi | 2 +-
arch/arm64/boot/dts/qcom/sm6125.dtsi | 2 +-
arch/arm64/boot/dts/qcom/sm6375.dtsi | 2 +-
arch/arm64/boot/dts/qcom/sm7225-fairphone-fp4.dts | 2 +-
.../boot/dts/qcom/sm8150-microsoft-surface-duo.dts | 4 +-
arch/arm64/boot/dts/qcom/sm8250.dtsi | 30 ++--
arch/arm64/boot/dts/qcom/sm8350.dtsi | 2 +-
arch/arm64/boot/dts/qcom/sm8450.dtsi | 2 +-
arch/arm64/boot/dts/qcom/sm8550-hdk.dts | 2 +-
arch/arm64/boot/dts/qcom/sm8550-mtp.dts | 2 +-
arch/arm64/boot/dts/qcom/sm8550-qrd.dts | 2 +-
arch/arm64/boot/dts/qcom/sm8550-samsung-q5q.dts | 2 +-
.../dts/qcom/sm8550-sony-xperia-yodo-pdx234.dts | 2 +-
arch/arm64/boot/dts/qcom/sm8650-hdk.dts | 2 +-
arch/arm64/boot/dts/qcom/sm8650-mtp.dts | 2 +-
arch/arm64/boot/dts/qcom/sm8650-qrd.dts | 2 +-
arch/arm64/boot/dts/qcom/sm8650.dtsi | 6 +-
.../boot/dts/qcom/x1e80100-microsoft-romulus.dtsi | 4 +-
arch/arm64/boot/dts/qcom/x1e80100.dtsi | 2 +-
arch/arm64/boot/dts/renesas/rzg3s-smarc-som.dtsi | 5 -
arch/arm64/boot/dts/renesas/rzg3s-smarc.dtsi | 7 +-
arch/arm64/boot/dts/rockchip/rk3308-rock-s0.dts | 25 ++-
.../boot/dts/rockchip/rk3568-wolfvision-pf5.dts | 2 +-
.../boot/dts/rockchip/rk3588-edgeble-neu6a-io.dtsi | 95 +++++++----
arch/arm64/boot/dts/ti/Makefile | 6 +-
arch/arm64/boot/dts/ti/k3-am62-main.dtsi | 1 -
arch/arm64/boot/dts/ti/k3-am62a-main.dtsi | 1 -
...-pcie.dtso => k3-am642-hummingboard-t-pcie.dts} | 14 +-
...-usb3.dtso => k3-am642-hummingboard-t-usb3.dts} | 13 +-
arch/arm64/configs/defconfig | 1 -
arch/hexagon/include/asm/cmpxchg.h | 2 +-
arch/hexagon/kernel/traps.c | 4 +-
arch/loongarch/include/asm/hw_breakpoint.h | 4 +-
arch/loongarch/include/asm/loongarch.h | 60 +++++++
arch/loongarch/kernel/hw_breakpoint.c | 16 +-
arch/loongarch/power/platform.c | 2 +-
arch/powerpc/include/asm/hugetlb.h | 9 ++
arch/powerpc/kernel/iommu.c | 2 +-
arch/powerpc/platforms/pseries/iommu.c | 12 +-
arch/riscv/kernel/vector.c | 2 +-
arch/s390/Kconfig | 1 +
arch/s390/Makefile | 2 +-
arch/s390/boot/vmem.c | 74 ++++++---
arch/s390/include/asm/sclp.h | 1 +
arch/s390/kernel/perf_cpum_cf.c | 2 +-
arch/s390/kernel/perf_pai_crypto.c | 2 +-
arch/s390/kernel/perf_pai_ext.c | 2 +-
arch/s390/kernel/setup.c | 5 +
arch/s390/purgatory/Makefile | 2 +-
arch/x86/events/amd/ibs.c | 2 +-
arch/x86/include/asm/kvm_host.h | 2 +-
arch/x86/kernel/smpboot.c | 11 +-
arch/x86/kvm/lapic.c | 11 +-
arch/x86/kvm/vmx/vmx.c | 2 +-
arch/x86/kvm/vmx/x86_ops.h | 2 +-
block/bio-integrity.c | 15 +-
block/blk-core.c | 21 +--
block/blk-integrity.c | 4 +-
block/blk-mq.c | 34 ++--
block/blk-mq.h | 6 +
block/blk-settings.c | 31 +++-
block/blk-sysfs.c | 137 ++++++++--------
block/blk-zoned.c | 7 +-
block/genhd.c | 22 ++-
block/partitions/ldm.h | 2 +-
crypto/algapi.c | 4 +-
drivers/acpi/acpica/achware.h | 2 -
drivers/acpi/fan_core.c | 10 +-
drivers/base/class.c | 9 +-
drivers/block/nbd.c | 1 +
drivers/block/ps3disk.c | 4 +-
drivers/block/virtio_blk.c | 4 +-
drivers/bluetooth/btbcm.c | 3 +
drivers/bluetooth/btnxpuart.c | 3 +-
drivers/bluetooth/btrtl.c | 4 +-
drivers/bluetooth/btusb.c | 7 +
drivers/char/ipmi/ipmb_dev_int.c | 3 +
drivers/char/ipmi/ssif_bmc.c | 5 +-
drivers/clk/analogbits/wrpll-cln28hpc.c | 2 +-
drivers/clk/clk.c | 4 +-
drivers/clk/imx/clk-imx8mp.c | 5 +-
drivers/clk/imx/clk-imx93.c | 32 ++--
drivers/clk/mmp/clk-pxa1908-apbc.c | 4 +-
drivers/clk/mmp/clk-pxa1908-apbcp.c | 4 +-
drivers/clk/mmp/clk-pxa1908-mpmu.c | 4 +-
drivers/clk/qcom/camcc-x1e80100.c | 7 +
drivers/clk/qcom/gcc-sdm845.c | 32 ++--
drivers/clk/qcom/gcc-x1e80100.c | 2 +-
drivers/clk/ralink/clk-mtmips.c | 1 -
drivers/clk/renesas/renesas-cpg-mssr.c | 2 +-
drivers/clk/sunxi-ng/ccu-sun50i-a64.c | 13 +-
drivers/clk/thead/clk-th1520-ap.c | 13 +-
drivers/cpufreq/acpi-cpufreq.c | 36 +++--
drivers/cpufreq/amd-pstate.c | 2 +-
drivers/cpufreq/qcom-cpufreq-hw.c | 34 ++--
drivers/crypto/caam/blob_gen.c | 3 +-
drivers/crypto/hisilicon/sec2/sec.h | 3 +-
drivers/crypto/hisilicon/sec2/sec_crypto.c | 157 +++++++++---------
drivers/crypto/hisilicon/sec2/sec_crypto.h | 11 --
drivers/crypto/intel/iaa/iaa_crypto_main.c | 2 +-
drivers/crypto/intel/ixp4xx/ixp4xx_crypto.c | 3 +
drivers/crypto/tegra/tegra-se-aes.c | 7 +-
drivers/crypto/tegra/tegra-se-hash.c | 7 +-
drivers/dma/ti/edma.c | 3 +-
drivers/firewire/device-attribute-test.c | 2 +
drivers/firmware/efi/sysfb_efi.c | 2 +-
drivers/firmware/qcom/qcom_scm.c | 42 +++--
drivers/gpio/gpio-mxc.c | 3 +-
drivers/gpio/gpio-pca953x.c | 3 +-
drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gfx_v9.c | 6 +
drivers/gpu/drm/amd/amdgpu/amdgpu_gfx.c | 8 +-
drivers/gpu/drm/amd/amdgpu/amdgpu_sdma.c | 4 +-
drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 1 +
drivers/gpu/drm/amd/amdgpu/vcn_v4_0_3.c | 2 +
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 12 +-
.../gpu/drm/amd/display/dc/dpp/dcn10/dcn10_dpp.c | 3 +
.../gpu/drm/amd/display/dc/hubp/dcn10/dcn10_hubp.c | 10 +-
.../gpu/drm/amd/display/dc/hubp/dcn10/dcn10_hubp.h | 2 +
.../gpu/drm/amd/display/dc/hubp/dcn20/dcn20_hubp.c | 1 +
.../drm/amd/display/dc/hubp/dcn201/dcn201_hubp.c | 1 +
.../gpu/drm/amd/display/dc/hubp/dcn21/dcn21_hubp.c | 3 +
.../gpu/drm/amd/display/dc/hubp/dcn30/dcn30_hubp.c | 3 +
.../gpu/drm/amd/display/dc/hubp/dcn31/dcn31_hubp.c | 1 +
.../gpu/drm/amd/display/dc/hubp/dcn32/dcn32_hubp.c | 1 +
.../gpu/drm/amd/display/dc/hubp/dcn35/dcn35_hubp.c | 1 +
.../drm/amd/display/dc/hubp/dcn401/dcn401_hubp.c | 3 +-
.../drm/amd/display/dc/hwss/dcn10/dcn10_hwseq.c | 2 +
.../drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c | 2 +
drivers/gpu/drm/amd/display/dc/inc/hw/hubp.h | 2 +
.../gpu/drm/amd/pm/powerplay/hwmgr/ppatomctrl.c | 2 +
.../drm/amd/pm/powerplay/hwmgr/vega10_powertune.c | 5 +-
drivers/gpu/drm/bridge/ite-it6505.c | 2 +-
drivers/gpu/drm/display/drm_hdmi_state_helper.c | 8 +
drivers/gpu/drm/etnaviv/etnaviv_gem.c | 16 +-
drivers/gpu/drm/i915/display/intel_crt.c | 10 +-
drivers/gpu/drm/msm/adreno/a6xx_gmu.c | 8 +-
.../drm/msm/disp/dpu1/catalog/dpu_10_0_sm8650.h | 2 +
.../gpu/drm/msm/disp/dpu1/catalog/dpu_4_1_sdm670.h | 54 ++++++-
.../gpu/drm/msm/disp/dpu1/catalog/dpu_5_0_sm8150.h | 2 +
.../drm/msm/disp/dpu1/catalog/dpu_5_1_sc8180x.h | 2 +
.../gpu/drm/msm/disp/dpu1/catalog/dpu_6_0_sm8250.h | 2 +
.../gpu/drm/msm/disp/dpu1/catalog/dpu_7_0_sm8350.h | 2 +
.../gpu/drm/msm/disp/dpu1/catalog/dpu_9_0_sm8550.h | 2 +
.../drm/msm/disp/dpu1/catalog/dpu_9_2_x1e80100.h | 2 +
drivers/gpu/drm/msm/disp/dpu1/dpu_plane.c | 15 +-
drivers/gpu/drm/msm/disp/mdp4/mdp4_lcdc_encoder.c | 2 +-
drivers/gpu/drm/msm/dp/dp_audio.c | 2 +-
drivers/gpu/drm/msm/dp/dp_catalog.c | 1 -
drivers/gpu/drm/msm/dp/dp_ctrl.c | 2 +-
drivers/gpu/drm/msm/dp/dp_utils.c | 10 +-
drivers/gpu/drm/msm/dp/dp_utils.h | 2 +-
drivers/gpu/drm/msm/hdmi/hdmi_phy_8998.c | 2 +-
drivers/gpu/drm/msm/msm_kms.c | 1 -
drivers/gpu/drm/panthor/panthor_device.c | 4 +-
drivers/gpu/drm/rockchip/rockchip_drm_vop2.c | 115 ++++++++++---
drivers/gpu/drm/rockchip/rockchip_drm_vop2.h | 10 ++
drivers/gpu/drm/rockchip/rockchip_vop2_reg.c | 26 ++-
drivers/gpu/drm/v3d/v3d_debugfs.c | 4 +-
drivers/gpu/drm/v3d/v3d_perfmon.c | 15 +-
drivers/gpu/drm/v3d/v3d_regs.h | 29 ++--
drivers/hid/hid-core.c | 2 +
drivers/hid/hid-input.c | 37 ++---
drivers/hid/hid-multitouch.c | 2 +-
drivers/hid/hid-thrustmaster.c | 8 +
drivers/hwmon/Kconfig | 4 +-
drivers/hwmon/nct6775-core.c | 6 +-
drivers/i2c/busses/i2c-designware-common.c | 5 +-
drivers/i2c/busses/i2c-designware-master.c | 5 +-
drivers/i2c/busses/i2c-designware-slave.c | 5 +-
drivers/i3c/master/dw-i3c-master.c | 1 +
drivers/infiniband/hw/Makefile | 2 +-
drivers/infiniband/hw/bnxt_re/ib_verbs.c | 7 +-
drivers/infiniband/hw/cxgb4/device.c | 6 +-
drivers/infiniband/hw/cxgb4/qp.c | 8 +
drivers/infiniband/hw/hns/Kconfig | 20 +--
drivers/infiniband/hw/hns/Makefile | 9 +-
drivers/infiniband/hw/mlx4/main.c | 8 +-
drivers/infiniband/hw/mlx5/odp.c | 62 +++++---
drivers/infiniband/sw/rxe/rxe_param.h | 2 +-
drivers/infiniband/sw/rxe/rxe_pool.c | 11 +-
drivers/infiniband/sw/rxe/rxe_verbs.c | 5 +-
drivers/infiniband/ulp/rtrs/rtrs.c | 3 +
drivers/infiniband/ulp/srp/ib_srp.c | 1 -
drivers/iommu/amd/amd_iommu.h | 5 +-
drivers/iommu/amd/init.c | 14 +-
drivers/iommu/amd/iommu.c | 132 +++++----------
drivers/iommu/amd/pasid.c | 3 +-
drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 17 +-
drivers/iommu/intel/pasid.c | 22 ++-
drivers/iommu/intel/pasid.h | 6 +
drivers/iommu/iommufd/iova_bitmap.c | 2 +-
drivers/iommu/iommufd/main.c | 2 +-
drivers/iommu/riscv/iommu.c | 2 +-
drivers/leds/leds-cht-wcove.c | 6 +-
drivers/leds/leds-netxbig.c | 1 +
drivers/mailbox/mailbox-mpfs.c | 2 +-
drivers/mailbox/mailbox-th1520.c | 6 +-
drivers/md/md-bitmap.c | 79 +++++----
drivers/md/md-bitmap.h | 7 +-
drivers/md/md.c | 34 ++++
drivers/md/md.h | 5 +
drivers/md/raid1.c | 34 +---
drivers/md/raid1.h | 1 -
drivers/md/raid10.c | 26 +--
drivers/md/raid10.h | 1 -
drivers/md/raid5-cache.c | 4 -
drivers/md/raid5.c | 111 ++++++-------
drivers/md/raid5.h | 4 -
drivers/media/i2c/imx290.c | 3 +-
drivers/media/i2c/imx412.c | 42 ++---
drivers/media/i2c/ov9282.c | 2 +-
drivers/media/platform/marvell/mcam-core.c | 7 +-
drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c | 7 +-
.../media/platform/nxp/imx8-isi/imx8-isi-video.c | 3 +
.../media/platform/samsung/exynos4-is/mipi-csis.c | 10 +-
.../media/platform/samsung/s3c-camif/camif-core.c | 13 +-
drivers/media/rc/iguanair.c | 4 +-
drivers/media/usb/dvb-usb-v2/af9035.c | 18 ++-
drivers/media/usb/dvb-usb-v2/lmedm04.c | 12 +-
drivers/media/usb/uvc/uvc_queue.c | 3 +-
drivers/media/usb/uvc/uvc_status.c | 4 +
drivers/memory/tegra/tegra20-emc.c | 8 +-
drivers/mfd/syscon.c | 19 +--
drivers/misc/cardreader/rtsx_usb.c | 15 ++
drivers/mtd/hyperbus/hbmc-am654.c | 19 ++-
drivers/mtd/nand/raw/brcmnand/brcmnand.c | 5 +
drivers/mtd/ubi/ubi.h | 2 -
drivers/mtd/ubi/wl.c | 21 ---
drivers/net/bonding/bond_main.c | 19 +--
drivers/net/ethernet/broadcom/bgmac.h | 3 +-
drivers/net/ethernet/davicom/dm9000.c | 3 +-
drivers/net/ethernet/freescale/fec_main.c | 31 +++-
drivers/net/ethernet/hisilicon/hns3/hnae3.c | 15 ++
drivers/net/ethernet/hisilicon/hns3/hnae3.h | 2 +
drivers/net/ethernet/hisilicon/hns3/hns3_enet.c | 2 +
.../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 2 +
.../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 2 +
drivers/net/ethernet/intel/iavf/iavf_main.c | 19 ++-
drivers/net/ethernet/intel/ice/ice_adminq_cmd.h | 1 -
drivers/net/ethernet/intel/ice/ice_ethtool.c | 1 -
drivers/net/ethernet/intel/ice/ice_ethtool.h | 1 -
drivers/net/ethernet/intel/ice/ice_parser.h | 6 +-
drivers/net/ethernet/intel/ice/ice_parser_rt.c | 12 +-
drivers/net/ethernet/intel/idpf/idpf_controlq.c | 6 +
drivers/net/ethernet/intel/idpf/idpf_main.c | 15 +-
drivers/net/ethernet/intel/idpf/idpf_virtchnl.c | 14 +-
.../net/ethernet/marvell/octeon_ep/octep_main.c | 10 --
.../ethernet/marvell/octeon_ep_vf/octep_vf_main.c | 8 -
drivers/net/ethernet/mediatek/airoha_eth.c | 37 +++--
drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 2 +-
.../mellanox/mlx5/core/steering/hws/definer.c | 2 +-
drivers/net/ethernet/mellanox/mlxfw/mlxfw_fsm.c | 2 -
drivers/net/ethernet/mellanox/mlxsw/spectrum_mr.c | 8 +-
drivers/net/ethernet/renesas/ravb_main.c | 22 ++-
drivers/net/ethernet/renesas/sh_eth.c | 4 +
drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 30 ++++
drivers/net/ethernet/ti/am65-cpsw-nuss.c | 2 +-
drivers/net/netdevsim/netdevsim.h | 1 +
drivers/net/netdevsim/udp_tunnels.c | 23 +--
drivers/net/phy/marvell-88q2xxx.c | 33 +++-
drivers/net/phy/realtek.c | 29 ++--
drivers/net/tap.c | 6 +-
drivers/net/team/team_core.c | 7 +
drivers/net/tun.c | 6 +-
drivers/net/usb/rtl8150.c | 22 +++
drivers/net/vxlan/vxlan_vnifilter.c | 5 +
drivers/net/wireless/ath/ath11k/dp_rx.c | 1 +
drivers/net/wireless/ath/ath11k/hal_rx.c | 3 +-
drivers/net/wireless/ath/ath12k/mac.c | 42 ++---
drivers/net/wireless/ath/wcn36xx/main.c | 5 +-
.../wireless/broadcom/brcm80211/brcmfmac/fwil.h | 2 +
drivers/net/wireless/intel/iwlwifi/fw/uefi.c | 44 +++--
drivers/net/wireless/intel/iwlwifi/mvm/coex.c | 9 +-
drivers/net/wireless/intel/iwlwifi/mvm/d3.c | 18 ---
drivers/net/wireless/intel/iwlwifi/mvm/tx.c | 4 +-
drivers/net/wireless/mediatek/mt76/mac80211.c | 2 +-
drivers/net/wireless/mediatek/mt76/mt7615/mcu.c | 2 +-
.../net/wireless/mediatek/mt76/mt76_connac_mcu.c | 2 +-
.../net/wireless/mediatek/mt76/mt76_connac_mcu.h | 1 +
drivers/net/wireless/mediatek/mt76/mt7915/init.c | 2 +-
drivers/net/wireless/mediatek/mt76/mt7915/mac.c | 7 +
drivers/net/wireless/mediatek/mt76/mt7915/main.c | 9 +-
drivers/net/wireless/mediatek/mt76/mt7915/mmio.c | 2 +-
drivers/net/wireless/mediatek/mt76/mt7915/mt7915.h | 1 +
drivers/net/wireless/mediatek/mt76/mt7915/pci.c | 1 +
drivers/net/wireless/mediatek/mt76/mt7921/mac.c | 1 +
drivers/net/wireless/mediatek/mt76/mt7921/main.c | 9 +-
drivers/net/wireless/mediatek/mt76/mt7925/mac.c | 6 +-
drivers/net/wireless/mediatek/mt76/mt7925/main.c | 109 +++++++++----
drivers/net/wireless/mediatek/mt76/mt7925/mcu.c | 142 +++++++++++------
drivers/net/wireless/mediatek/mt76/mt7925/mcu.h | 5 +-
drivers/net/wireless/mediatek/mt76/mt7925/mt7925.h | 2 +
drivers/net/wireless/mediatek/mt76/mt792x.h | 7 +-
drivers/net/wireless/mediatek/mt76/mt792x_core.c | 3 +-
drivers/net/wireless/mediatek/mt76/mt792x_mac.c | 2 +-
drivers/net/wireless/mediatek/mt76/mt7996/init.c | 20 +--
drivers/net/wireless/mediatek/mt76/mt7996/mac.c | 5 +-
drivers/net/wireless/mediatek/mt76/mt7996/main.c | 3 +-
drivers/net/wireless/mediatek/mt76/mt7996/mcu.c | 47 ++++--
drivers/net/wireless/mediatek/mt76/mt7996/mmio.c | 2 +-
drivers/net/wireless/mediatek/mt76/usb.c | 4 +-
drivers/net/wireless/microchip/wilc1000/netdev.c | 2 -
drivers/net/wireless/microchip/wilc1000/sdio.c | 9 +-
drivers/net/wireless/microchip/wilc1000/spi.c | 9 +-
drivers/net/wireless/realtek/rtlwifi/base.c | 13 +-
drivers/net/wireless/realtek/rtlwifi/base.h | 1 -
drivers/net/wireless/realtek/rtlwifi/pci.c | 61 ++-----
.../net/wireless/realtek/rtlwifi/rtl8192se/sw.c | 7 +-
.../net/wireless/realtek/rtlwifi/rtl8821ae/phy.c | 4 +-
drivers/net/wireless/realtek/rtlwifi/usb.c | 12 +-
drivers/net/wireless/realtek/rtlwifi/wifi.h | 12 --
drivers/net/wireless/realtek/rtw89/chan.c | 31 +++-
drivers/net/wireless/realtek/rtw89/chan.h | 9 +-
drivers/net/wireless/realtek/rtw89/core.c | 11 +-
drivers/net/wireless/realtek/rtw89/core.h | 3 +
drivers/net/wireless/realtek/rtw89/fw.c | 40 ++++-
drivers/net/wireless/realtek/rtw89/mac80211.c | 12 +-
drivers/net/wireless/ti/wlcore/main.c | 10 +-
drivers/nvme/host/core.c | 34 +++-
drivers/nvme/host/tcp.c | 70 ++++++--
drivers/of/fdt.c | 10 +-
drivers/of/of_reserved_mem.c | 3 +-
drivers/of/property.c | 2 +-
drivers/opp/core.c | 57 +++++--
drivers/opp/of.c | 4 +-
drivers/pci/controller/dwc/pci-imx6.c | 30 ++--
drivers/pci/controller/dwc/pcie-designware-host.c | 1 +
drivers/pci/controller/dwc/pcie-qcom.c | 2 +
drivers/pci/controller/pcie-rcar-ep.c | 2 +-
drivers/pci/controller/pcie-rockchip-ep.c | 5 +
drivers/pci/controller/plda/pcie-microchip-host.c | 96 +++++++++++
drivers/pci/controller/plda/pcie-plda-host.c | 17 +-
drivers/pci/controller/plda/pcie-plda.h | 6 +-
drivers/pci/endpoint/functions/pci-epf-test.c | 6 +-
drivers/pci/endpoint/pci-epc-core.c | 2 +-
drivers/pinctrl/nomadik/pinctrl-nomadik.c | 35 +++-
drivers/pinctrl/pinctrl-amd.c | 27 +++-
drivers/pinctrl/pinctrl-amd.h | 7 +-
drivers/pinctrl/samsung/pinctrl-exynos.c | 3 +-
drivers/pinctrl/stm32/pinctrl-stm32.c | 76 ++++-----
drivers/platform/mellanox/mlxbf-pmc.c | 6 +-
drivers/platform/x86/x86-android-tablets/core.c | 4 +-
drivers/platform/x86/x86-android-tablets/lenovo.c | 4 +-
drivers/platform/x86/x86-android-tablets/other.c | 4 +-
drivers/pps/clients/pps-gpio.c | 4 +-
drivers/pps/clients/pps-ktimer.c | 4 +-
drivers/pps/clients/pps-ldisc.c | 6 +-
drivers/pps/clients/pps_parport.c | 4 +-
drivers/pps/kapi.c | 10 +-
drivers/pps/kc.c | 10 +-
drivers/pps/pps.c | 127 ++++++++-------
drivers/ptp/ptp_chardev.c | 4 +
drivers/ptp/ptp_ocp.c | 2 +-
drivers/pwm/core.c | 13 +-
drivers/pwm/pwm-stm32-lp.c | 8 +-
drivers/pwm/pwm-stm32.c | 7 +-
drivers/regulator/core.c | 2 +-
drivers/regulator/of_regulator.c | 14 +-
drivers/remoteproc/mtk_scp.c | 12 +-
drivers/remoteproc/remoteproc_core.c | 14 +-
drivers/rtc/rtc-loongson.c | 13 +-
drivers/rtc/rtc-pcf85063.c | 11 +-
drivers/rtc/rtc-tps6594.c | 2 +-
drivers/s390/char/sclp.c | 12 +-
drivers/scsi/mpi3mr/mpi3mr_app.c | 8 +-
drivers/scsi/mpt3sas/mpt3sas_base.c | 3 +-
drivers/scsi/sd.c | 17 +-
drivers/scsi/sr.c | 5 +-
drivers/soc/atmel/soc.c | 2 +-
drivers/spi/spi-omap2-mcspi.c | 11 +-
drivers/spi/spi-zynq-qspi.c | 13 +-
drivers/staging/media/imx/imx-media-of.c | 8 +-
drivers/staging/media/max96712/max96712.c | 4 +-
drivers/tty/mips_ejtag_fdc.c | 4 +-
drivers/tty/serial/8250/8250_port.c | 32 +++-
drivers/ufs/core/ufs_bsg.c | 1 +
drivers/usb/dwc3/core.c | 35 ++--
drivers/usb/dwc3/dwc3-am62.c | 1 +
drivers/usb/gadget/function/f_tcm.c | 14 +-
drivers/usb/host/xhci-ring.c | 3 +-
drivers/usb/typec/tcpm/tcpci.c | 13 +-
drivers/usb/typec/tcpm/tcpm.c | 10 +-
drivers/video/fbdev/omap2/omapfb/dss/dss-of.c | 1 +
drivers/watchdog/rti_wdt.c | 1 +
fs/afs/dir.c | 7 +-
fs/afs/internal.h | 9 ++
fs/afs/rxrpc.c | 12 +-
fs/afs/xdr_fs.h | 2 +-
fs/afs/yfsclient.c | 5 +-
fs/btrfs/inode.c | 160 ++++++++++++++-----
fs/btrfs/qgroup.c | 21 ++-
fs/btrfs/subpage.c | 6 +-
fs/btrfs/subpage.h | 13 ++
fs/btrfs/super.c | 2 +-
fs/dlm/lock.c | 46 ++++--
fs/dlm/lowcomms.c | 3 +-
fs/erofs/zdata.c | 3 +-
fs/f2fs/dir.c | 53 ++++--
fs/f2fs/f2fs.h | 6 +-
fs/f2fs/inline.c | 5 +-
fs/file_table.c | 2 +-
fs/hostfs/hostfs_kern.c | 27 +---
fs/nfs/localio.c | 4 +-
fs/nfs/nfs42proc.c | 2 +-
fs/nfs/nfs42xdr.c | 2 +
fs/nfs_common/common.c | 89 +++++++++--
fs/nilfs2/dir.c | 13 +-
fs/nilfs2/namei.c | 29 ++--
fs/nilfs2/nilfs.h | 4 +-
fs/nilfs2/page.c | 31 +++-
fs/nilfs2/segment.c | 4 +-
fs/ocfs2/quota_global.c | 5 +
fs/pstore/blk.c | 4 +-
fs/select.c | 4 +-
fs/smb/client/cifsacl.c | 25 +--
fs/smb/client/cifsproto.h | 2 +-
fs/smb/client/cifssmb.c | 4 +-
fs/smb/client/readdir.c | 2 +-
fs/smb/client/reparse.c | 22 ++-
fs/smb/client/smb2ops.c | 3 +-
fs/ubifs/debug.c | 22 +--
fs/xfs/xfs_buf.c | 3 +-
fs/xfs/xfs_buf_item_recover.c | 11 +-
fs/xfs/xfs_dquot.c | 12 +-
fs/xfs/xfs_notify_failure.c | 121 +++++++++-----
fs/xfs/xfs_qm_bhv.c | 27 ++--
include/acpi/acpixf.h | 1 +
include/dt-bindings/clock/imx93-clock.h | 1 +
include/linux/alloc_tag.h | 11 +-
include/linux/blkdev.h | 23 +--
include/linux/btf.h | 5 +
include/linux/coredump.h | 4 +-
include/linux/hid.h | 1 +
include/linux/ieee80211.h | 11 +-
include/linux/kallsyms.h | 2 +-
include/linux/mroute_base.h | 6 +-
include/linux/netdevice.h | 2 +-
include/linux/nfs_common.h | 3 +-
include/linux/perf_event.h | 6 +
include/linux/pps_kernel.h | 3 +-
include/linux/ptr_ring.h | 21 ++-
include/linux/pwm.h | 17 ++
include/linux/sched.h | 1 +
include/linux/skb_array.h | 17 +-
include/linux/usb/tcpm.h | 3 +-
include/net/ax25.h | 10 +-
include/net/inetpeer.h | 12 +-
include/net/netfilter/nf_tables.h | 6 +
include/net/page_pool/types.h | 1 -
include/net/pkt_cls.h | 13 +-
include/net/sch_generic.h | 5 +-
include/net/xfrm.h | 16 +-
include/sound/hdaudio_ext.h | 45 ------
include/trace/events/afs.h | 2 +
include/trace/events/rxrpc.h | 25 +++
io_uring/io_uring.c | 1 +
io_uring/msg_ring.c | 4 +-
io_uring/register.c | 2 +-
io_uring/uring_cmd.c | 2 +-
kernel/bpf/arena.c | 8 +-
kernel/bpf/bpf_local_storage.c | 8 +-
kernel/bpf/bpf_struct_ops.c | 21 +++
kernel/bpf/btf.c | 5 -
kernel/bpf/helpers.c | 18 ++-
kernel/events/core.c | 35 ++--
kernel/events/uprobes.c | 4 +
kernel/fork.c | 17 +-
kernel/irq/internals.h | 9 +-
kernel/module/main.c | 7 +-
kernel/padata.c | 45 ++++--
kernel/power/hibernate.c | 7 +-
kernel/printk/internal.h | 6 +
kernel/printk/printk.c | 5 +
kernel/printk/printk_safe.c | 7 +-
kernel/sched/core.c | 6 +-
kernel/sched/cpufreq_schedutil.c | 4 +-
kernel/sched/ext.c | 114 +++++++++----
kernel/sched/fair.c | 21 ++-
kernel/sched/features.h | 9 ++
kernel/sched/stats.h | 4 +
kernel/sched/syscalls.c | 2 +-
kernel/trace/bpf_trace.c | 13 +-
lib/alloc_tag.c | 2 +
lib/rhashtable.c | 12 +-
mm/memcontrol.c | 7 +-
mm/oom_kill.c | 8 +-
net/ax25/af_ax25.c | 12 +-
net/ax25/ax25_dev.c | 4 +-
net/ax25/ax25_ip.c | 3 +-
net/ax25/ax25_out.c | 22 ++-
net/ax25/ax25_route.c | 2 +
net/core/dev.c | 23 ++-
net/core/filter.c | 2 +-
net/core/page_pool.c | 2 +
net/core/page_pool_priv.h | 2 +
net/core/page_pool_user.c | 15 +-
net/core/sysctl_net_core.c | 5 +-
net/ethtool/ioctl.c | 2 +-
net/ethtool/netlink.c | 2 +-
net/hsr/hsr_forward.c | 7 +-
net/ipv4/icmp.c | 9 +-
net/ipv4/inetpeer.c | 31 +---
net/ipv4/ip_fragment.c | 15 +-
net/ipv4/ipmr.c | 28 ++--
net/ipv4/ipmr_base.c | 9 +-
net/ipv4/route.c | 17 +-
net/ipv4/tcp_cubic.c | 8 +-
net/ipv4/tcp_output.c | 9 +-
net/ipv4/udp.c | 56 +++++++
net/ipv6/icmp.c | 6 +-
net/ipv6/ip6_output.c | 6 +-
net/ipv6/ip6mr.c | 28 ++--
net/ipv6/ndisc.c | 8 +-
net/ipv6/udp.c | 50 ++++++
net/mac80211/debugfs_netdev.c | 2 +-
net/mac80211/driver-ops.h | 3 +
net/mac80211/rx.c | 1 +
net/mptcp/ctrl.c | 4 +-
net/mptcp/options.c | 13 +-
net/mptcp/pm_netlink.c | 3 +-
net/mptcp/protocol.c | 4 +-
net/mptcp/protocol.h | 30 ++--
net/ncsi/ncsi-rsp.c | 18 +--
net/netfilter/nf_tables_api.c | 57 ++++++-
net/netfilter/nft_flow_offload.c | 16 +-
net/netfilter/nft_set_rbtree.c | 43 +++++
net/rose/af_rose.c | 16 +-
net/rose/rose_timer.c | 15 ++
net/rxrpc/conn_event.c | 12 +-
net/rxrpc/peer_event.c | 16 +-
net/rxrpc/peer_object.c | 12 +-
net/sched/cls_api.c | 57 +++----
net/sched/cls_bpf.c | 2 +
net/sched/cls_flower.c | 2 +
net/sched/cls_matchall.c | 2 +
net/sched/cls_u32.c | 4 +
net/sched/sch_api.c | 4 +
net/sched/sch_generic.c | 4 +-
net/sched/sch_sfq.c | 4 +
net/smc/af_smc.c | 2 +-
net/smc/smc_rx.c | 37 +++--
net/smc/smc_rx.h | 8 +-
net/sunrpc/svcsock.c | 12 +-
net/vmw_vsock/af_vsock.c | 5 +
net/wireless/scan.c | 7 +-
net/wireless/tests/scan.c | 2 +
net/xfrm/xfrm_replay.c | 10 +-
net/xfrm/xfrm_state.c | 93 ++++++++---
samples/landlock/sandboxer.c | 7 +
scripts/Makefile.build | 2 +
scripts/Makefile.lib | 10 +-
scripts/Makefile.modinst | 2 +-
scripts/genksyms/genksyms.c | 11 +-
scripts/genksyms/genksyms.h | 2 +-
scripts/genksyms/parse.y | 18 ++-
scripts/kconfig/confdata.c | 6 +-
scripts/kconfig/symbol.c | 1 +
security/landlock/fs.c | 11 +-
sound/core/seq/Kconfig | 4 +-
sound/pci/hda/patch_realtek.c | 1 +
sound/soc/amd/acp/acp-i2s.c | 1 +
sound/soc/codecs/Makefile | 8 +-
sound/soc/codecs/da7213.c | 2 +
sound/soc/intel/avs/apl.c | 3 +-
sound/soc/intel/avs/cnl.c | 1 +
sound/soc/intel/avs/core.c | 14 +-
sound/soc/intel/avs/loader.c | 2 +-
sound/soc/intel/avs/registers.h | 45 ++++++
sound/soc/intel/avs/skl.c | 1 +
sound/soc/intel/avs/topology.c | 4 +-
sound/soc/intel/boards/sof_sdw.c | 47 ++++--
sound/soc/mediatek/mt8365/Makefile | 2 +-
sound/soc/renesas/rz-ssi.c | 3 +-
sound/soc/rockchip/rockchip_i2s_tdm.c | 31 +++-
sound/soc/sdca/Makefile | 2 +-
sound/soc/sunxi/sun4i-spdif.c | 7 +
sound/usb/quirks.c | 2 +
tools/bootconfig/main.c | 4 +-
tools/build/Makefile.feature | 7 -
tools/build/feature/test-all.c | 5 -
tools/include/uapi/linux/if_xdp.h | 4 +-
tools/lib/bpf/btf.c | 1 +
tools/lib/bpf/btf_relocate.c | 2 +-
tools/lib/bpf/linker.c | 22 +--
tools/lib/bpf/usdt.c | 2 +-
tools/net/ynl/lib/ynl.c | 2 +-
tools/perf/MANIFEST | 1 +
tools/perf/Makefile.config | 83 ++++++----
tools/perf/builtin-inject.c | 8 +-
tools/perf/builtin-lock.c | 66 +++++---
tools/perf/builtin-report.c | 2 +-
tools/perf/builtin-top.c | 2 +-
tools/perf/builtin-trace.c | 6 +-
.../perf/tests/shell/lib/perf_json_output_lint.py | 14 +-
tools/perf/tests/shell/stat.sh | 6 +-
tools/perf/tests/shell/trace_btf_enum.sh | 8 +-
tools/perf/util/annotate.c | 76 ++++++++-
tools/perf/util/annotate.h | 15 +-
tools/perf/util/bpf-event.c | 10 +-
.../util/bpf_skel/augmented_raw_syscalls.bpf.c | 11 +-
tools/perf/util/disasm.c | 83 ++--------
tools/perf/util/env.c | 13 +-
tools/perf/util/env.h | 4 +-
tools/perf/util/expr.c | 5 +-
tools/perf/util/header.c | 8 +-
tools/perf/util/machine.c | 2 +-
tools/perf/util/maps.c | 7 +-
tools/perf/util/namespaces.c | 7 +-
tools/perf/util/namespaces.h | 3 +-
tools/perf/util/stat-display.c | 177 +++++++++++----------
tools/perf/util/symbol.c | 9 +-
.../cpupower/utils/idle_monitor/mperf_monitor.c | 15 +-
tools/power/x86/turbostat/turbostat.c | 58 ++++++-
tools/testing/ktest/ktest.pl | 7 +-
tools/testing/selftests/bpf/Makefile | 4 +-
.../testing/selftests/bpf/prog_tests/btf_distill.c | 4 +-
.../selftests/bpf/prog_tests/fill_link_info.c | 4 +
.../selftests/bpf/progs/test_fill_link_info.c | 13 +-
tools/testing/selftests/bpf/test_tc_tunnel.sh | 1 +
tools/testing/selftests/bpf/veristat.c | 1 +
tools/testing/selftests/bpf/xdp_hw_metadata.c | 2 +-
.../drivers/net/netdevsim/udp_tunnel_nic.sh | 16 +-
.../ftrace/test.d/00basic/mount_options.tc | 8 +-
tools/testing/selftests/kselftest/ktap_helpers.sh | 2 +-
tools/testing/selftests/kselftest_harness.h | 24 +--
tools/testing/selftests/landlock/Makefile | 4 +-
tools/testing/selftests/landlock/fs_test.c | 3 +-
tools/testing/selftests/mm/Makefile | 9 +-
tools/testing/selftests/net/lib/Makefile | 2 +-
tools/testing/selftests/net/mptcp/Makefile | 2 +-
tools/testing/selftests/net/openvswitch/Makefile | 2 +-
.../selftests/powerpc/benchmarks/gettimeofday.c | 2 +-
tools/testing/selftests/rseq/rseq.c | 32 +++-
tools/testing/selftests/rseq/rseq.h | 9 +-
.../testing/selftests/timers/clocksource-switch.c | 6 +-
699 files changed, 5672 insertions(+), 3241 deletions(-)
4 months, 1 week
- 12
- 11
[PATCH 6.1.y v2] net: dsa: fix netdev_priv() dereference before check on non-DSA netdevice events
by jetlan9@163.com
From: Vladimir Oltean <vladimir.oltean(a)nxp.com>
commit 844f104790bd69c2e4dbb9ee3eba46fde1fcea7b upstream.
After the blamed commit, we started doing this dereference for every
NETDEV_CHANGEUPPER and NETDEV_PRECHANGEUPPER event in the system.
static inline struct dsa_port *dsa_user_to_port(const struct net_device *dev)
{
struct dsa_user_priv *p = netdev_priv(dev);
return p->dp;
}
Which is obviously bogus, because not all net_devices have a netdev_priv()
of type struct dsa_user_priv. But struct dsa_user_priv is fairly small,
and p->dp means dereferencing 8 bytes starting with offset 16. Most
drivers allocate that much private memory anyway, making our access not
fault, and we discard the bogus data quickly afterwards, so this wasn't
caught.
But the dummy interface is somewhat special in that it calls
alloc_netdev() with a priv size of 0. So every netdev_priv() dereference
is invalid, and we get this when we emit a NETDEV_PRECHANGEUPPER event
with a VLAN as its new upper:
$ ip link add dummy1 type dummy
$ ip link add link dummy1 name dummy1.100 type vlan id 100
[ 43.309174] ==================================================================
[ 43.316456] BUG: KASAN: slab-out-of-bounds in dsa_user_prechangeupper+0x30/0xe8
[ 43.323835] Read of size 8 at addr ffff3f86481d2990 by task ip/374
[ 43.330058]
[ 43.342436] Call trace:
[ 43.366542] dsa_user_prechangeupper+0x30/0xe8
[ 43.371024] dsa_user_netdevice_event+0xb38/0xee8
[ 43.375768] notifier_call_chain+0xa4/0x210
[ 43.379985] raw_notifier_call_chain+0x24/0x38
[ 43.384464] __netdev_upper_dev_link+0x3ec/0x5d8
[ 43.389120] netdev_upper_dev_link+0x70/0xa8
[ 43.393424] register_vlan_dev+0x1bc/0x310
[ 43.397554] vlan_newlink+0x210/0x248
[ 43.401247] rtnl_newlink+0x9fc/0xe30
[ 43.404942] rtnetlink_rcv_msg+0x378/0x580
Avoid the kernel oops by dereferencing after the type check, as customary.
Fixes: 4c3f80d22b2e ("net: dsa: walk through all changeupper notifier functions")
Reported-and-tested-by: syzbot+d81bcd883824180500c8(a)syzkaller.appspotmail.com
Closes: https://lore.kernel.org/netdev/0000000000001d4255060e87545c@google.com/
Signed-off-by: Vladimir Oltean <vladimir.oltean(a)nxp.com>
Reviewed-by: Florian Fainelli <florian.fainelli(a)broadcom.com>
Reviewed-by: Eric Dumazet <edumazet(a)google.com>
Link: https://lore.kernel.org/r/20240110003354.2796778-1-vladimir.oltean@nxp.com
Signed-off-by: Jakub Kicinski <kuba(a)kernel.org>
Signed-off-by: Wenshan Lan <jetlan9(a)163.com>
---
v2: add the upstream commit in this commit log.
---
net/dsa/slave.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/net/dsa/slave.c b/net/dsa/slave.c
index 5fe075bf479e..caeb7e75b287 100644
--- a/net/dsa/slave.c
+++ b/net/dsa/slave.c
@@ -2592,13 +2592,14 @@ EXPORT_SYMBOL_GPL(dsa_slave_dev_check);
static int dsa_slave_changeupper(struct net_device *dev,
struct netdev_notifier_changeupper_info *info)
{
- struct dsa_port *dp = dsa_slave_to_port(dev);
struct netlink_ext_ack *extack;
int err = NOTIFY_DONE;
+ struct dsa_port *dp;
if (!dsa_slave_dev_check(dev))
return err;
+ dp = dsa_slave_to_port(dev);
extack = netdev_notifier_info_to_extack(&info->info);
if (netif_is_bridge_master(info->upper_dev)) {
@@ -2652,11 +2653,13 @@ static int dsa_slave_changeupper(struct net_device *dev,
static int dsa_slave_prechangeupper(struct net_device *dev,
struct netdev_notifier_changeupper_info *info)
{
- struct dsa_port *dp = dsa_slave_to_port(dev);
+ struct dsa_port *dp;
if (!dsa_slave_dev_check(dev))
return NOTIFY_DONE;
+ dp = dsa_slave_to_port(dev);
+
if (netif_is_bridge_master(info->upper_dev) && !info->linking)
dsa_port_pre_bridge_leave(dp, info->upper_dev);
else if (netif_is_lag_master(info->upper_dev) && !info->linking)
--
2.43.0
4 months, 1 week
- 1
- 0
[PATCH 6.12 000/583] 6.12.13-rc2 review
by Greg Kroah-Hartman
This is the start of the stable review cycle for the 6.12.13 release.
There are 583 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Sat, 08 Feb 2025 16:05:14 +0000.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.12.13-rc…
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.12.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
Linux 6.12.13-rc2
Jakub Kicinski <kuba(a)kernel.org>
ethtool: ntuple: fix rss + ring_cookie check
Qu Wenruo <wqu(a)suse.com>
btrfs: do proper folio cleanup when run_delalloc_nocow() failed
Tiezhu Yang <yangtiezhu(a)loongson.cn>
LoongArch: Change 8 to 14 for LOONGARCH_MAX_{BRP,WRP}
Chen Ridong <chenridong(a)huawei.com>
memcg: fix soft lockup in the OOM process
Sean Christopherson <seanjc(a)google.com>
KVM: x86: Plumb in the vCPU to kvm_x86_ops.hwapic_isr_update()
Aric Cyr <Aric.Cyr(a)amd.com>
drm/amd/display: Add hubp cache reset when powergating
Nathan Chancellor <nathan(a)kernel.org>
s390: Add '-std=gnu11' to decompressor and purgatory CFLAGS
Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com>
ASoC: da7213: Initialize the mutex
Leon Hwang <leon.hwang(a)linux.dev>
selftests/bpf: Add test to verify tailcall and freplace restrictions
Vasily Gorbik <gor(a)linux.ibm.com>
Revert "s390/mm: Allow large pages for KASAN shadow mapping"
Gal Pressman <gal(a)nvidia.com>
ethtool: Fix access to uninitialized fields in set RXNFC command
Steffen Klassert <steffen.klassert(a)secunet.com>
xfrm: Fix acquire state insertion.
Everest K.C <everestkc(a)everestkc.com.np>
xfrm: Add error handling when nla_put_u32() returns an error
Geert Uytterhoeven <geert+renesas(a)glider.be>
dma-mapping: save base/size instead of pointer to shared DMA pool
Zijun Hu <quic_zijuhu(a)quicinc.com>
of: reserved-memory: Warn for missing static reserved memory regions
Qu Wenruo <wqu(a)suse.com>
btrfs: output the reason for open_ctree() failure
Yu Kuai <yukuai3(a)huawei.com>
md/md-bitmap: Synchronize bitmap_get_stats() with bitmap lifetime
Shivaprasad G Bhat <sbhat(a)linux.ibm.com>
powerpc/pseries/iommu: Don't unset window if it was never set
Dan Carpenter <dan.carpenter(a)linaro.org>
media: imx-jpeg: Fix potential error pointer dereference in detach_pm()
Laurentiu Palcu <laurentiu.palcu(a)oss.nxp.com>
staging: media: max96712: fix kernel oops when removing module
Thinh Nguyen <Thinh.Nguyen(a)synopsys.com>
usb: gadget: f_tcm: Don't free command immediately
Calvin Owens <calvin(a)wbinvd.org>
pps: Fix a use-after-free
Laurent Pinchart <laurent.pinchart(a)ideasonboard.com>
media: uvcvideo: Fix double free in error path
Arnaud Pouliquen <arnaud.pouliquen(a)foss.st.com>
remoteproc: core: Fix ida_free call while not allocated
Patrisious Haddad <phaddad(a)nvidia.com>
RDMA/mlx5: Fix implicit ODP use after free
Matthieu Baerts (NGI0) <matttbe(a)kernel.org>
mptcp: blackhole only if 1st SYN retrans w/o MPC is accepted
Paolo Abeni <pabeni(a)redhat.com>
mptcp: handle fastopen disconnect correctly
Matthieu Baerts (NGI0) <matttbe(a)kernel.org>
mptcp: pm: only set fullmesh for subflow endp
Paolo Abeni <pabeni(a)redhat.com>
mptcp: consolidate suboption status
Abel Vesa <abel.vesa(a)linaro.org>
clk: qcom: gcc-x1e80100: Do not turn off usb_2 controller GDSC
Kyle Tso <kyletso(a)google.com>
usb: typec: tcpci: Prevent Sink disconnection before vPpsShutdown in SPR PPS
Jos Wang <joswang(a)lenovo.com>
usb: typec: tcpm: set SRC_SEND_CAPABILITIES timeout to PD_T_SENDER_RESPONSE
Ray Chi <raychi(a)google.com>
usb: dwc3: Skip resume if pm_runtime_set_active() fails
Kyle Tso <kyletso(a)google.com>
usb: dwc3: core: Defer the probe until USB power supply ready
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
usb: dwc3-am62: Fix an OF node leak in phy_syscon_pll_refclk()
Thinh Nguyen <Thinh.Nguyen(a)synopsys.com>
usb: gadget: f_tcm: Fix Get/SetInterface return value
Sean Rhodes <sean(a)starlabs.systems>
drivers/card_reader/rtsx_usb: Restore interrupt based detection
Michal Pecio <michal.pecio(a)gmail.com>
usb: xhci: Fix NULL pointer dereference on certain command aborts
Nikita Zhandarovich <n.zhandarovich(a)fintech.ru>
net: usb: rtl8150: enable basic endpoint checking
Lianqin Hu <hulianqin(a)vivo.com>
ALSA: usb-audio: Add delay quirk for iBasso DC07 Pro
Darrick J. Wong <djwong(a)kernel.org>
xfs: don't shut down the filesystem for media failures beyond end of log
Christoph Hellwig <hch(a)lst.de>
xfs: check for dead buffers in xfs_buf_find_insert
Ricardo B. Marliere <rbm(a)suse.com>
ktest.pl: Check kernelrelease return in get_version
Masami Hiramatsu (Google) <mhiramat(a)kernel.org>
selftests/ftrace: Fix to use remount when testing mount GID option
Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com>
selftests/rseq: Fix handling of glibc without rseq support
Wayne Lin <Wayne.Lin(a)amd.com>
drm/amd/display: Reduce accessing remote DPCD overhead
Pablo Neira Ayuso <pablo(a)netfilter.org>
netfilter: nf_tables: reject mismatching sum of field_len with set key length
Parth Pancholi <parth.pancholi(a)toradex.com>
kbuild: switch from lz4c to lz4 for compression
Chuck Lever <chuck.lever(a)oracle.com>
Revert "SUNRPC: Reduce thread wake-up rate when receiving large RPC messages"
Yu Kuai <yukuai3(a)huawei.com>
md/md-bitmap: move bitmap_{start, end}write to md upper layer
Yu Kuai <yukuai3(a)huawei.com>
md/raid5: implement pers->bitmap_sector()
Yu Kuai <yukuai3(a)huawei.com>
md: add a new callback pers->bitmap_sector()
Yu Kuai <yukuai3(a)huawei.com>
md/md-bitmap: remove the last parameter for bimtap_ops->endwrite()
Yu Kuai <yukuai3(a)huawei.com>
md/md-bitmap: factor behind write counters out from bitmap_{start/end}write()
Daniel Lee <chullee(a)google.com>
f2fs: Introduce linear search for dentries
Lin Yujun <linyujun809(a)huawei.com>
hexagon: Fix unbalanced spinlock in die()
Willem de Bruijn <willemb(a)google.com>
hexagon: fix using plain integer as NULL pointer warning in cmpxchg
Masahiro Yamada <masahiroy(a)kernel.org>
kconfig: fix memory leak in sym_warn_unmet_dep()
Masahiro Yamada <masahiroy(a)kernel.org>
kconfig: fix file name in warnings when loading KCONFIG_DEFCONFIG_LIST
Pali Rohár <pali(a)kernel.org>
cifs: Fix getting and setting SACLs over SMB1
Pali Rohár <pali(a)kernel.org>
cifs: Validate EAs for WSL reparse points
Len Brown <len.brown(a)intel.com>
tools/power turbostat: Fix forked child affinity regression
Daniel Baluta <daniel.baluta(a)nxp.com>
ASoC: amd: acp: Fix possible deadlock
Jens Axboe <axboe(a)kernel.dk>
io_uring/uring_cmd: use cached cmd_op in io_uring_cmd_sock()
Detlev Casanova <detlev.casanova(a)collabora.com>
ASoC: rockchip: i2s_tdm: Re-add the set_sysclk callback
Palmer Dabbelt <palmer(a)rivosinc.com>
RISC-V: Mark riscv_v_init() as __init
Patryk Wlazlyn <patryk.wlazlyn(a)linux.intel.com>
tools/power turbostat: Fix PMT mmaped file size rounding
Patryk Wlazlyn <patryk.wlazlyn(a)linux.intel.com>
tools/power turbostat: Allow using cpu device in perf counters on hybrid platforms
Al Viro <viro(a)zeniv.linux.org.uk>
hostfs: fix string handling in __dentry_name()
Masahiro Yamada <masahiroy(a)kernel.org>
genksyms: fix memory leak when the same symbol is read from *.symref file
Masahiro Yamada <masahiroy(a)kernel.org>
genksyms: fix memory leak when the same symbol is added from source
Eric Dumazet <edumazet(a)google.com>
net: hsr: fix fill_frame_info() regression vs VLAN packets
Kory Maincent <kory.maincent(a)bootlin.com>
net: sh_eth: Fix missing rtnl lock in suspend/resume path
Kory Maincent <kory.maincent(a)bootlin.com>
net: ravb: Fix missing rtnl lock in suspend/resume path
Toke Høiland-Jørgensen <toke(a)redhat.com>
net: xdp: Disallow attaching device-bound programs in generic mode
Jon Maloy <jmaloy(a)redhat.com>
tcp: correct handling of extreme memory squeeze
Rafał Miłecki <rafal(a)milecki.pl>
bgmac: reduce max frame size to support just MTU 1500
Michal Luczaj <mhal(a)rbox.co>
vsock: Allow retrying on connect() failure
Neeraj Sanjay Kale <neeraj.sanjaykale(a)nxp.com>
Bluetooth: btnxpuart: Fix glitches seen in dual A2DP streaming
Douglas Anderson <dianders(a)chromium.org>
Bluetooth: btusb: mediatek: Add locks for usb_driver_claim_interface()
Namhyung Kim <namhyung(a)kernel.org>
perf test: Skip syscall enum test if no landlock syscall
Howard Chu <howardchu95(a)gmail.com>
perf trace: Fix runtime error of index out of bounds
Heiko Carstens <hca(a)linux.ibm.com>
s390/sclp: Initialize sclp subsystem via arch_cpu_finalize_init()
Kunihiko Hayashi <hayashi.kunihiko(a)socionext.com>
net: stmmac: Limit FIFO size by hardware capability
Kunihiko Hayashi <hayashi.kunihiko(a)socionext.com>
net: stmmac: Limit the number of MTL queues to hardware capability
Gal Pressman <gal(a)nvidia.com>
ethtool: Fix set RXNFC command with symmetric RSS hash
Edward Cree <ecree.xilinx(a)gmail.com>
net: ethtool: only allow set_rxnfc with rss + ring_cookie if driver opts in
Thomas Weißschuh <linux(a)weissschuh.net>
ptp: Properly handle compat ioctls
Chenyuan Yang <chenyuan0y(a)gmail.com>
net: davicom: fix UAF in dm9000_drv_remove
Shigeru Yoshida <syoshida(a)redhat.com>
vxlan: Fix uninit-value in vxlan_vnifilter_dump()
David Howells <dhowells(a)redhat.com>
rxrpc, afs: Fix peer hash locking vs RCU callback
Jan Stancek <jstancek(a)redhat.com>
selftests: net/{lib,openvswitch}: extend CFLAGS to keep options from environment
Jan Stancek <jstancek(a)redhat.com>
selftests: mptcp: extend CFLAGS to keep options from environment
Jakub Kicinski <kuba(a)kernel.org>
tools: ynl: c: correct reverse decode of empty attrs
Jakub Kicinski <kuba(a)kernel.org>
net: netdevsim: try to close UDP port harness races
Eric Dumazet <edumazet(a)google.com>
net: rose: fix timer races against user threads
Paul Fertser <fercerpav(a)gmail.com>
net/ncsi: use dev_set_mac_address() for Get MC MAC Address handling
Vasily Gorbik <gor(a)linux.ibm.com>
s390/mm: Allow large pages for KASAN shadow mapping
Michal Swiatkowski <michal.swiatkowski(a)linux.intel.com>
iavf: allow changing VLAN state without calling PF
Mateusz Polchlopek <mateusz.polchlopek(a)intel.com>
ice: remove invalid parameter of equalizer
Mateusz Polchlopek <mateusz.polchlopek(a)intel.com>
ice: extend dump serdes equalizer values feature
Mateusz Polchlopek <mateusz.polchlopek(a)intel.com>
ice: rework of dump serdes equalizer values feature
Przemek Kitszel <przemyslaw.kitszel(a)intel.com>
ice: fix ice_parser_rt::bst_key array size
Marco Leogrande <leogrande(a)google.com>
idpf: convert workqueues to unbound
Manoj Vishwanathan <manojvishy(a)google.com>
idpf: Acquire the lock before accessing the xn->salt
Emil Tantilov <emil.s.tantilov(a)intel.com>
idpf: fix transaction timeouts on reset
Emil Tantilov <emil.s.tantilov(a)intel.com>
idpf: add read memory barrier when checking descriptor done bit
Sebastian Sewior <bigeasy(a)linutronix.de>
xfrm: Don't disable preemption while looking up cache state.
Howard Chu <howardchu95(a)gmail.com>
perf trace: Fix BPF loading failure (-E2BIG)
Wentao Liang <vulab(a)iscas.ac.cn>
PM: hibernate: Add error handling for syscore_suspend()
Eric Dumazet <edumazet(a)google.com>
ipmr: do not call mr_mfc_uses_dev() for unres entries
Dheeraj Reddy Jonnalagadda <dheeraj.linuxdev(a)gmail.com>
net: fec: implement TSO descriptor cleanup
Dimitri Fedrau <dima.fedrau(a)gmail.com>
net: phy: marvell-88q2xxx: Fix temperature measurement with reset-gpios
Ahmad Fatoum <a.fatoum(a)pengutronix.de>
gpio: mxc: remove dead code after switch to DT-only
Jian Shen <shenjian15(a)huawei.com>
net: hns3: fix oops when unload drivers paralleling
Christian Marangi <ansuelsmth(a)gmail.com>
net: airoha: Fix wrong GDM4 register definition
Alexander Stein <alexander.stein(a)ew.tq-group.com>
regulator: core: Add missing newline character
pangliyuan <pangliyuan1(a)huawei.com>
ubifs: skip dumping tnc tree when zroot is null
Ming Wang <wangming01(a)loongson.cn>
rtc: loongson: clear TOY_MATCH0_REG in loongson_rtc_isr()
Oleksij Rempel <o.rempel(a)pengutronix.de>
rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read
Dan Carpenter <dan.carpenter(a)linaro.org>
rtc: tps6594: Fix integer overflow on 32bit systems
Alexandre Cassen <acassen(a)corp.free.fr>
xfrm: delete intermediate secpath entry in packet offload mode
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
dmaengine: ti: edma: fix OF node reference leaks in edma_driver
Florian Westphal <fw(a)strlen.de>
xfrm: state: fix out-of-bounds read during lookup
Steffen Klassert <steffen.klassert(a)secunet.com>
xfrm: Add an inbound percpu state cache.
Steffen Klassert <steffen.klassert(a)secunet.com>
xfrm: Cache used outbound xfrm states at the policy.
Steffen Klassert <steffen.klassert(a)secunet.com>
xfrm: Add support for per cpu xfrm state handling.
Jianbo Liu <jianbol(a)nvidia.com>
xfrm: replay: Fix the update of replay_esn->oseq_hi for GSO
Luo Yifan <luoyifan(a)cmss.chinamobile.com>
tools/bootconfig: Fix the wrong format specifier
Huacai Chen <chenhuacai(a)kernel.org>
LoongArch: Fix warnings during S3 suspend
Olga Kornievskaia <okorniev(a)redhat.com>
NFSv4.2: mark OFFLOAD_CANCEL MOVEABLE
Olga Kornievskaia <okorniev(a)redhat.com>
NFSv4.2: fix COPY_NOTIFY xdr buf size calculation
Mike Snitzer <snitzer(a)kernel.org>
nfs: fix incorrect error handling in LOCALIO
John Ogness <john.ogness(a)linutronix.de>
serial: 8250: Adjust the timeout for FIFO mode
Jiri Slaby (SUSE) <jirislaby(a)kernel.org>
tty: mips_ejtag_fdc: fix one more u8 warning
Zijun Hu <quic_zijuhu(a)quicinc.com>
driver core: class: Fix wild pointer dereferences in API class_dev_iter_next()
Christophe Leroy <christophe.leroy(a)csgroup.eu>
module: Don't fail module loading when setting ro_after_init section RO failed
Sebastian Andrzej Siewior <bigeasy(a)linutronix.de>
module: Extend the preempt disabled section in dereference_symbol_descriptor().
Ryusuke Konishi <konishi.ryusuke(a)gmail.com>
nilfs2: handle errors that nilfs_prepare_chunk() may return
Ryusuke Konishi <konishi.ryusuke(a)gmail.com>
nilfs2: protect access to buffers with no active references
Ryusuke Konishi <konishi.ryusuke(a)gmail.com>
nilfs2: do not force clear folio if buffer is referenced
Su Yue <glass.su(a)suse.com>
ocfs2: mark dquot as inactive if failed to start trans while releasing dquot
Gao Xiang <xiang(a)kernel.org>
erofs: fix potential return value overflow of z_erofs_shrink_scan()
Gao Xiang <xiang(a)kernel.org>
erofs: sunset `struct erofs_workgroup`
Gao Xiang <xiang(a)kernel.org>
erofs: move erofs_workgroup operations into zdata.c
Gao Xiang <xiang(a)kernel.org>
erofs: get rid of erofs_{find,insert}_workgroup
Charles Han <hanchunchao(a)inspur.com>
firewire: test: Fix potential null dereference in firewire kunit test
Guixin Liu <kanie(a)linux.alibaba.com>
scsi: mpi3mr: Fix possible crash when setting up bsg fails
Guixin Liu <kanie(a)linux.alibaba.com>
scsi: ufs: bsg: Delete bsg_dev when setting up bsg fails
Paul Menzel <pmenzel(a)molgen.mpg.de>
scsi: mpt3sas: Set ioc->manu_pg11.EEDPTagMode directly to 1
Daire McNamara <daire.mcnamara(a)microchip.com>
PCI: microchip: Set inbound address translation for coherent or non-coherent mode
Conor Dooley <conor.dooley(a)microchip.com>
PCI: microchip: Add support for using either Root Port 1 or 2
Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org>
PCI: endpoint: pci-epf-test: Fix check for DMA MEMCPY test
Mohamed Khalfella <khalfella(a)gmail.com>
PCI: endpoint: pci-epf-test: Set dma_chan_rx pointer to NULL on error
Richard Zhu <hongxing.zhu(a)nxp.com>
PCI: dwc: Always stop link in the dw_pcie_suspend_noirq
Krishna chaitanya chundru <quic_krichai(a)quicinc.com>
PCI: qcom: Update ICC and OPP values after Link Up event
Richard Zhu <hongxing.zhu(a)nxp.com>
PCI: imx6: Add missing reference clock disable logic
Richard Zhu <hongxing.zhu(a)nxp.com>
PCI: imx6: Deassert apps_reset in imx_pcie_deassert_core_reset()
Richard Zhu <hongxing.zhu(a)nxp.com>
PCI: imx6: Skip controller_id generation logic for i.MX7D
Frank Li <Frank.Li(a)nxp.com>
PCI: imx6: Configure PHY based on Root Complex or Endpoint mode
King Dix <kingdix10(a)qq.com>
PCI: rcar-ep: Fix incorrect variable used when calling devm_request_mem_region()
Desnes Nunes <desnesn(a)redhat.com>
media: dvb-usb-v2: af9035: fix ISO C90 compilation error on af9035_i2c_master_xfer
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
staging: media: imx: fix OF node leak in imx_media_add_of_subdevs()
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
watchdog: rti_wdt: Fix an OF node leak in rti_wdt_probe()
Laurentiu Palcu <laurentiu.palcu(a)oss.nxp.com>
media: nxp: imx8-isi: fix v4l2-compliance test errors
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
mtd: hyperbus: hbmc-am654: fix an OF node reference leak
david regan <dregan(a)broadcom.com>
mtd: rawnand: brcmnand: fix status read of brcmnand_waitfunc
Ricardo Ribalda <ribalda(a)chromium.org>
media: uvcvideo: Propagate buf->error to userspace
Jiasheng Jiang <jiashengjiangcool(a)gmail.com>
media: camif-core: Add check for clk_enable()
Jiasheng Jiang <jiashengjiangcool(a)gmail.com>
media: mipi-csis: Add check for clk_enable()
Dave Stevenson <dave.stevenson(a)raspberrypi.com>
media: i2c: ov9282: Correct the exposure offset
Luca Weiss <luca.weiss(a)fairphone.com>
media: i2c: imx412: Add missing newline to prints
Dave Stevenson <dave.stevenson(a)raspberrypi.com>
media: i2c: imx290: Register 0x3011 varies between imx327 and imx290
Jiasheng Jiang <jiashengjiangcool(a)gmail.com>
media: marvell: Add check for clk_enable()
Chen-Yu Tsai <wenst(a)chromium.org>
remoteproc: mtk_scp: Only populate devices for SCP cores
Zijun Hu <quic_zijuhu(a)quicinc.com>
PCI: endpoint: Destroy the EPC device in devm_pci_epc_destroy()
Chen Ni <nichen(a)iscas.ac.cn>
media: lmedm04: Handle errors for lme2510_int_read
Oliver Neukum <oneukum(a)suse.com>
media: rc: iguanair: handle timeouts
Dmytro Maluka <dmaluka(a)chromium.org>
of/fdt: Restore possibility to use both ACPI and FDT from bootloader
Oreoluwa Babatunde <quic_obabatun(a)quicinc.com>
of: reserved_mem: Restructure how the reserved memory regions are processed
Mark Brown <broonie(a)kernel.org>
spi: omap2-mcspi: Correctly handle devm_clk_get_optional() errors
Qasim Ijaz <qasdev00(a)gmail.com>
iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index()
Suraj Sonawane <surajsonawane0215(a)gmail.com>
iommu: iommufd: fix WARNING in iommufd_device_unbind
Zhu Yanjun <yanjun.zhu(a)linux.dev>
RDMA/rxe: Fix the warning "__rxe_cleanup+0x12c/0x170 [rdma_rxe]"
Anumula Murali Mohan Reddy <anumula(a)chelsio.com>
RDMA/cxgb4: Notify rdma stack for IB_EVENT_QP_LAST_WQE_REACHED event
Randy Dunlap <rdunlap(a)infradead.org>
efi: sysfb_efi: fix W=1 warnings when EFI is not set
Zijun Hu <quic_zijuhu(a)quicinc.com>
of: reserved-memory: Do not make kmemleak ignore freed address
Zijun Hu <quic_zijuhu(a)quicinc.com>
of: property: Avoiding using uninitialized variable @imaplen in parse_interrupt_map()
Michael Guralnik <michaelgur(a)nvidia.com>
RDMA/mlx5: Fix indirect mkey ODP page count
Pei Xiao <xiaopei01(a)kylinos.cn>
i3c: dw: Fix use-after-free in dw_i3c_master driver due to race condition
Joel Stanley <joel(a)jms.id.au>
arm64: dts: qcom: x1e80100-romulus: Update firmware nodes
Akhil R <akhilrajeev(a)nvidia.com>
arm64: tegra: Fix DMA ID for SPI2
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
fbdev: omapfb: Fix an OF node leak in dss_of_port_get_parent_device()
Josua Mayer <josua(a)solid-run.com>
arm64: dts: ti: k3-am642-hummingboard-t: Convert overlay to board dts
Michael Riesch <michael.riesch(a)wolfvision.net>
arm64: dts: rockchip: fix num-channels property of wolfvision pf5 mic
Rafał Miłecki <rafal(a)milecki.pl>
ARM: dts: mediatek: mt7623: fix IR nodename
Josua Mayer <josua(a)solid-run.com>
arm64: dts: marvell: cn9131-cf-solidwan: fix cp1 comphy links
Vladimir Zapolskiy <vladimir.zapolskiy(a)linaro.org>
arm64: dts: qcom: sm8250: Fix interrupt types of camss interrupts
Vladimir Zapolskiy <vladimir.zapolskiy(a)linaro.org>
arm64: dts: qcom: sdm845: Fix interrupt types of camss interrupts
Vladimir Zapolskiy <vladimir.zapolskiy(a)linaro.org>
arm64: dts: qcom: sc8280xp: Fix interrupt type of camss interrupts
Val Packett <val(a)packett.cool>
arm64: dts: mediatek: add per-SoC compatibles for keypad nodes
Jason-JH.Lin <jason-jh.lin(a)mediatek.com>
dts: arm64: mediatek: mt8195: Remove MT8183 compatible for OVL
Frank Wunderlich <frank-w(a)public-files.de>
arm64: dts: mediatek: mt7988: Add missing clock-div property for i2c
Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org>
firmware: qcom: scm: Cleanup global '__scm' on probe failures
Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com>
arm64: dts: qcom: sc8280xp: Fix up remoteproc register space sizes
Neil Armstrong <neil.armstrong(a)linaro.org>
arm64: dts: qcom: sm8150-microsoft-surface-duo: fix typos in da7280 properties
Neil Armstrong <neil.armstrong(a)linaro.org>
arm64: dts: qcom: sc7180: fix psci power domain node names
Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org>
arm64: dts: qcom: sc7180: change labels to lower-case
Neil Armstrong <neil.armstrong(a)linaro.org>
arm64: dts: qcom: sc7180-trogdor-pompom: rename 5v-choke thermal zone
Neil Armstrong <neil.armstrong(a)linaro.org>
arm64: dts: qcom: sc7180-trogdor-quackingstick: add missing avee-supply
Neil Armstrong <neil.armstrong(a)linaro.org>
arm64: dts: qcom: sdm845-db845c-navigation-mezzanine: remove disabled ov7251 camera
Bryan O'Donoghue <bryan.odonoghue(a)linaro.org>
arm64: dts: qcom: sdm845-db845c-navigation-mezzanine: Convert mezzanine riser to dtso
Neil Armstrong <neil.armstrong(a)linaro.org>
arm64: dts: qcom: qcm6490-shift-otter: remove invalid orientation-switch
Aaro Koskinen <aaro.koskinen(a)iki.fi>
ARM: omap1: Fix up the Retu IRQ on Nokia 770
Junxian Huang <huangjunxian6(a)hisilicon.com>
RDMA/hns: Clean up the legacy CONFIG_INFINIBAND_HNS
Li Zhijian <lizhijian(a)fujitsu.com>
RDMA/rtrs: Add missing deinit() call
Kalesh AP <kalesh-anakkur.purayil(a)broadcom.com>
RDMA/bnxt_re: Fix to drop reference to the mmap entry in case of error
Vasily Khoruzhick <anarsoul(a)gmail.com>
arm64: dts: allwinner: a64: explicitly assign clock parent for TCON0
Jonas Karlman <jonas(a)kwiboo.se>
arm64: dts: rockchip: Fix sdmmc access on rk3308-rock-s0 v1.1 boards
Bryan Brattlof <bb(a)ti.com>
arm64: dts: ti: k3-am62a: Remove duplicate GICR reg
Bryan Brattlof <bb(a)ti.com>
arm64: dts: ti: k3-am62: Remove duplicate GICR reg
Cristian Birsan <cristian.birsan(a)microchip.com>
ARM: dts: microchip: sama5d27_wlsom1_ek: Add no-1-8-v property to sdmmc0 node
Cristian Birsan <cristian.birsan(a)microchip.com>
ARM: dts: microchip: sama5d29_curiosity: Add no-1-8-v property to sdmmc0 node
Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org>
arm64: dts: qcom: sm8650: Fix CDSP context banks unit addresses
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: x1e80100: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: sm8650: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: sm8550: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: sm8450: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: sm8350: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: sm8250: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: sm6375: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: sm6125: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: sm4450: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: sdx75: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: sc7280: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: qrb4210-rb2: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: q[dr]u1000: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: qcs404: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: msm8994: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: msm8939: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: msm8916: correct sleep clock frequency
Luca Weiss <luca.weiss(a)fairphone.com>
arm64: dts: qcom: sm7225-fairphone-fp4: Drop extra qcom,msm-id value
Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com>
arm64: dts: qcom: msm8994: Describe USB interrupts
Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com>
arm64: dts: qcom: msm8996: Fix up USB3 interrupts
Ross Burton <ross.burton(a)arm.com>
arm64: defconfig: remove obsolete CONFIG_SM_DISPCC_8650
Taniya Das <quic_tdas(a)quicinc.com>
arm64: dts: qcom: sa8775p: Update sleep_clk frequency
Marek Vasut <marex(a)denx.de>
arm64: dts: qcom: msm8996-xiaomi-gemini: Fix LP5562 LED1 reg property
Chen-Yu Tsai <wenst(a)chromium.org>
arm64: dts: mediatek: mt8183-kukui-jacuzzi: Drop pp3300_panel voltage settings
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
memory: tegra20-emc: fix an OF node reference bug in tegra_emc_find_node_by_ram_code()
Marek Vasut <marex(a)denx.de>
ARM: dts: stm32: Swap USART3 and UART8 alias on STM32MP15xx DHCOM SoM
Marek Vasut <marex(a)denx.de>
ARM: dts: stm32: Deduplicate serial aliases and chosen node for STM32MP15xx DHCOM SoM
Nícolas F. R. A. Prado <nfraprado(a)collabora.com>
arm64: dts: mediatek: mt8195: Remove suspend-breaking reset from pcie1
Ma Ke <make_ruc2021(a)163.com>
RDMA/srp: Fix error handling in srp_add_port
Hsin-Te Yuan <yuanhsinte(a)chromium.org>
arm64: dts: mediatek: mt8183: willow: Support second source touchscreen
Hsin-Te Yuan <yuanhsinte(a)chromium.org>
arm64: dts: mediatek: mt8183: kenzo: Support second source touchscreen
zhenwei pi <pizhenwei(a)bytedance.com>
RDMA/rxe: Fix mismatched max_msg_sz
Mamta Shukla <mamta.shukla(a)leica-geosystems.com>
arm: dts: socfpga: use reset-name "stmmaceth-ocp" instead of "ahb"
Ricky CX Wu <ricky.cx.wu.wiwynn(a)gmail.com>
ARM: dts: aspeed: yosemite4: correct the compatible string for max31790
Ricky CX Wu <ricky.cx.wu.wiwynn(a)gmail.com>
ARM: dts: aspeed: yosemite4: Add required properties for IOE on fan boards
Ricky CX Wu <ricky.cx.wu.wiwynn(a)gmail.com>
ARM: dts: aspeed: yosemite4: correct the compatible string of adm1272
Chen-Yu Tsai <wenst(a)chromium.org>
arm64: dts: mediatek: mt8173-evb: Fix MT6397 PMIC sub-node names
Chen-Yu Tsai <wenst(a)chromium.org>
arm64: dts: mediatek: mt8173-elm: Fix MT6397 PMIC sub-node names
Chen-Yu Tsai <wenst(a)chromium.org>
arm64: dts: mediatek: mt8395-genio-1200-evk: Drop regulator-compatible property
Chen-Yu Tsai <wenst(a)chromium.org>
arm64: dts: medaitek: mt8395-nio-12l: Drop regulator-compatible property
Chen-Yu Tsai <wenst(a)chromium.org>
arm64: dts: mediatek: mt8195-demo: Drop regulator-compatible property
Chen-Yu Tsai <wenst(a)chromium.org>
arm64: dts: mediatek: mt8195-cherry: Drop regulator-compatible property
Chen-Yu Tsai <wenst(a)chromium.org>
arm64: dts: mediatek: mt8192-asurada: Drop regulator-compatible property
Chen-Yu Tsai <wenst(a)chromium.org>
arm64: dts: mediatek: mt8173-elm: Drop regulator-compatible property
Chen-Yu Tsai <wenst(a)chromium.org>
arm64: dts: mediatek: mt8173-evb: Drop regulator-compatible property
Dan Carpenter <dan.carpenter(a)linaro.org>
rdma/cxgb4: Prevent potential integer overflow on 32bit
Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com>
arm64: dts: renesas: rzg3s-smarc: Fix the debug serial alias
Leon Romanovsky <leon(a)kernel.org>
RDMA/mlx4: Avoid false error about access to uninitialized gids array
Arnaud Pouliquen <arnaud.pouliquen(a)foss.st.com>
ARM: dts: stm32: Fix IPCC EXTI declaration on stm32mp151
Marek Vasut <marex(a)denx.de>
ARM: dts: stm32: Increase CPU core voltage on STM32MP13xx DHCOR SoM
Val Packett <val(a)packett.cool>
arm64: dts: mediatek: mt8516: reserve 192 KiB for TF-A
Val Packett <val(a)packett.cool>
arm64: dts: mediatek: mt8516: add i2c clock-div property
Val Packett <val(a)packett.cool>
arm64: dts: mediatek: mt8516: fix wdt irq type
Val Packett <val(a)packett.cool>
arm64: dts: mediatek: mt8516: fix GICv2 range
Hsin-Yi Wang <hsinyi(a)chromium.org>
arm64: dts: mt8183: set DMIC one-wire mode on Damu
Nícolas F. R. A. Prado <nfraprado(a)collabora.com>
arm64: dts: mediatek: mt8186: Move wakeup to MTU3 to get working suspend
Alexander Stein <alexander.stein(a)ew.tq-group.com>
ARM: dts: imx7-tqma7: add missing vs-supply for LM75A (rev. 01xxx)
Nicolas Ferre <nicolas.ferre(a)microchip.com>
ARM: at91: pm: change BU Power Switch to automatic mode
Javier Carrasco <javier.carrasco.cruz(a)gmail.com>
soc: atmel: fix device_node release in atmel_soc_device_init()
Hou Tao <houtao1(a)huawei.com>
bpf: Cancel the running bpf_timer through kworker for PREEMPT_RT
Pali Rohár <pali(a)kernel.org>
cifs: Use cifs_autodisable_serverino() for disabling CIFS_MOUNT_SERVER_INUM in readdir.c
Paulo Alcantara <pc(a)manguebit.com>
smb: client: fix oops due to unset link speed
Herbert Xu <herbert(a)gondor.apana.org.au>
rhashtable: Fix rhashtable_try_insert test
Chen Ridong <chenridong(a)huawei.com>
padata: avoid UAF for reorder_work
Chen Ridong <chenridong(a)huawei.com>
padata: add pd get/put refcnt helper
Chen Ridong <chenridong(a)huawei.com>
padata: fix UAF in padata_reorder
Chun-Tse Shao <ctshao(a)google.com>
perf lock: Fix parse_lock_type which only retrieve one lock flag
Vishal Chourasia <vishalc(a)linux.ibm.com>
tools: Sync if_xdp.h uapi tooling header
Kailang Yang <kailang(a)realtek.com>
ALSA: hda/realtek - Fixed headphone distorted sound on Acer Aspire A115-31 laptop
Alejandro Jimenez <alejandro.j.jimenez(a)oracle.com>
iommu/amd: Remove unused amd_iommu_domain_update()
Daniel Xu <dxu(a)dxuuu.xyz>
bpf: tcp: Mark bpf_load_hdr_opt() arg2 as read-write
Pu Lehui <pulehui(a)huawei.com>
libbpf: Fix incorrect traversal end type ID when marking BTF_IS_EMBEDDED
Pu Lehui <pulehui(a)huawei.com>
libbpf: Fix return zero when elf_begin failed
Pu Lehui <pulehui(a)huawei.com>
selftests/bpf: Fix btf leak on new btf alloc failure in btf_distill test
Puranjay Mohan <puranjay(a)kernel.org>
bpf: Send signals asynchronously if !preemptible
Simon Trimmer <simont(a)opensource.cirrus.com>
ASoC: Intel: sof_sdw: Fix DMI match for Lenovo 83JX, 83MC and 83NM
Simon Trimmer <simont(a)opensource.cirrus.com>
ASoC: Intel: sof_sdw: Fix DMI match for Lenovo 83LC
Ian Rogers <irogers(a)google.com>
perf inject: Fix use without initialization of local variables
Maciej S. Szmigiero <mail(a)maciej.szmigiero.name>
pinctrl: amd: Take suspend type into consideration which pins are non-wake
Mingwei Zheng <zmw12306(a)gmail.com>
pinctrl: stm32: Add check for clk_enable()
Jiachen Zhang <me(a)jcix.top>
perf report: Fix misleading help message about --demangle
Cezary Rojewski <cezary.rojewski(a)intel.com>
ALSA: hda: Fix compilation of snd_hdac_adsp_xxx() helpers
Arnaldo Carvalho de Melo <acme(a)kernel.org>
perf MANIFEST: Add arch/*/include/uapi/asm/bpf_perf_event.h to the perf tarball
Amadeusz Sławiński <amadeuszx.slawinski(a)linux.intel.com>
ASoC: Intel: avs: Fix init-config parsing
Cezary Rojewski <cezary.rojewski(a)intel.com>
ASoC: Intel: avs: Fix theoretical infinite loop
Cezary Rojewski <cezary.rojewski(a)intel.com>
ASoC: Intel: avs: Fix the minimum firmware version numbers
Cezary Rojewski <cezary.rojewski(a)intel.com>
ASoC: Intel: avs: Do not readq() u32 registers
Arnaldo Carvalho de Melo <acme(a)redhat.com>
perf namespaces: Fixup the nsinfo__in_pidns() return type, its bool
Arnaldo Carvalho de Melo <acme(a)redhat.com>
perf namespaces: Introduce nsinfo__set_in_pidns()
Christophe Leroy <christophe.leroy(a)csgroup.eu>
perf machine: Don't ignore _etext when not a text symbol
Christophe Leroy <christophe.leroy(a)csgroup.eu>
perf maps: Fix display of kernel symbols
Arnaldo Carvalho de Melo <acme(a)redhat.com>
perf top: Don't complain about lack of vmlinux when not resolving some kernel samples
Jiayuan Chen <mrpre(a)163.com>
selftests/bpf: Avoid generating untracked files when running bpf selftests
Thomas Weißschuh <linux(a)weissschuh.net>
padata: fix sysfs store callback check
Martin KaFai Lau <martin.lau(a)kernel.org>
bpf: Reject struct_ops registration that uses module ptr and the module btf_id is missing
Takashi Iwai <tiwai(a)suse.de>
ALSA: seq: Make dependency on UMP clearer
Pei Xiao <xiaopei01(a)kylinos.cn>
bpf: Use refcount_t instead of atomic_t for mmap_count
Kanchana P Sridhar <kanchana.p.sridhar(a)intel.com>
crypto: iaa - Fix IAA disabling that occurs when sync_mode is set to 'async'
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
crypto: ixp4xx - fix OF node reference leaks in init_ixp_crypto()
Wenkai Lin <linwenkai6(a)hisilicon.com>
crypto: hisilicon/sec2 - fix for aead invalid authsize
Wenkai Lin <linwenkai6(a)hisilicon.com>
crypto: hisilicon/sec2 - fix for aead icv error
Breno Leitao <leitao(a)debian.org>
rhashtable: Fix potential deadlock by moving schedule_work outside lock
Martin KaFai Lau <martin.lau(a)kernel.org>
bpf: bpf_local_storage: Always use bpf_mem_alloc in PREEMPT_RT
Ba Jing <bajing(a)cmss.chinamobile.com>
ktest.pl: Remove unused declarations in run_bisect_test function
Mingwei Zheng <zmw12306(a)gmail.com>
pinctrl: nomadik: Add check for clk_enable()
Levi Yun <yeoreum.yun(a)arm.com>
perf expr: Initialize is_test value in expr__ctx_new()
Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com>
ASoC: renesas: rz-ssi: Use only the proper amount of dividers
Zhongqiu Han <quic_zhonhan(a)quicinc.com>
perf bpf: Fix two memory leakages when calling perf_env__insert_bpf_prog_info()
Zhongqiu Han <quic_zhonhan(a)quicinc.com>
perf header: Fix one memory leakage in process_bpf_prog_info()
Zhongqiu Han <quic_zhonhan(a)quicinc.com>
perf header: Fix one memory leakage in process_bpf_btf()
Gaurav Jain <gaurav.jain(a)nxp.com>
crypto: caam - use JobR's space to access page 0 regs
Herbert Xu <herbert(a)gondor.apana.org.au>
crypto: api - Fix boot-up self-test race
Chen Ridong <chenridong(a)huawei.com>
crypto: tegra - do not transfer req when tegra init fails
Jason Gunthorpe <jgg(a)ziepe.ca>
iommu/arm-smmuv3: Update comments about ATS and bypass
Saket Kumar Bhaskar <skb99(a)linux.ibm.com>
selftests/bpf: Fix fill_link_info selftest on powerpc
George Lander <lander(a)jagmn.com>
ASoC: sun4i-spdif: Add clock multiplier settings
Bard Liao <yung-chuan.liao(a)linux.intel.com>
ASoC: Intel: sof_sdw: correct mach_params->dmic_num
Quentin Monnet <qmo(a)kernel.org>
libbpf: Fix segfault due to libelf functions not setting errno
Marco Leogrande <leogrande(a)google.com>
tools/testing/selftests/bpf/test_tc_tunnel.sh: Fix wait for server bind
Takashi Iwai <tiwai(a)suse.de>
ASoC: wcd937x: Use *-y for Makefile
Takashi Iwai <tiwai(a)suse.de>
ASoC: mediatek: mt8365: Use *-y for Makefile
Takashi Iwai <tiwai(a)suse.de>
ASoC: cs40l50: Use *-y for Makefile
Andrii Nakryiko <andrii(a)kernel.org>
libbpf: don't adjust USDT semaphore address if .stapsdt.base addr is missing
Christophe JAILLET <christophe.jaillet(a)wanadoo.fr>
pinctrl: samsung: Fix irq handling if an error occurs in exynos_irq_demux_eint16_31()
Pei Xiao <xiaopei01(a)kylinos.cn>
platform/x86: x86-android-tablets: make platform data be static
Pei Xiao <xiaopei01(a)kylinos.cn>
platform/mellanox: mlxbf-pmc: incorrect type in assignment
Nikita Zhandarovich <n.zhandarovich(a)fintech.ru>
net/rose: prevent integer overflows in rose_setsockopt()
Mahdi Arghavani <ma.arghavani(a)yahoo.com>
tcp_cubic: fix incorrect HyStart round start detection
Roger Quadros <rogerq(a)kernel.org>
net: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns()
Xin Long <lucien.xin(a)gmail.com>
net: sched: refine software bypass handling in tc_run
Florian Westphal <fw(a)strlen.de>
netfilter: nft_flow_offload: update tcp state flags under lock
Pablo Neira Ayuso <pablo(a)netfilter.org>
netfilter: nf_tables: fix set size with rbtree backend
Jamal Hadi Salim <jhs(a)mojatatu.com>
net: sched: Disallow replacing of child qdisc from one parent to another
Antoine Tenart <atenart(a)kernel.org>
net: avoid race between device unregistration and ethnl ops
Shinas Rasheed <srasheed(a)marvell.com>
octeon_ep_vf: remove firmware stats fetch in ndo_get_stats64
Shinas Rasheed <srasheed(a)marvell.com>
octeon_ep: remove firmware stats fetch in ndo_get_stats64
Maher Sanalla <msanalla(a)nvidia.com>
net/mlxfw: Drop hard coded max FW flash image size
Liu Jian <liujian56(a)huawei.com>
net: let net.core.dev_weight always be non-zero
Mickaël Salaün <mic(a)digikod.net>
selftests/landlock: Fix error message
Mickaël Salaün <mic(a)digikod.net>
selftests/landlock: Fix build with non-default pthread linking
Mingwei Zheng <zmw12306(a)gmail.com>
pwm: stm32: Add check for clk_enable()
Kuniyuki Iwashima <kuniyu(a)amazon.com>
dev: Acquire netdev_rename_lock before restoring dev->name in dev_change_name().
Bo Gan <ganboing(a)gmail.com>
clk: analogbits: Fix incorrect calculation of vco rate delta
Eric Dumazet <edumazet(a)google.com>
inet: ipmr: fix data-races
Max Chou <max.chou(a)realtek.com>
Bluetooth: btrtl: check for NULL in btrtl_setup_realtek()
Charles Han <hanchunchao(a)inspur.com>
Bluetooth: btbcm: Fix NULL deref in btbcm_get_board_name()
Dmitry Antipov <dmantipov(a)yandex.ru>
wifi: cfg80211: adjust allocation of colocated AP data
Dmitry V. Levin <ldv(a)strace.io>
selftests: harness: fix printing of mismatch values in __EXPECT()
Geert Uytterhoeven <geert+renesas(a)glider.be>
selftests: timers: clocksource-switch: Adapt progress to kselftest framework
Gautham R. Shenoy <gautham.shenoy(a)amd.com>
cpufreq: ACPI: Fix max-frequency computation
Uwe Kleine-König <u.kleine-koenig(a)baylibre.com>
i2c: designware: Actually make use of the I2C_DW_COMMON and I2C_DW symbol namespaces
Peter Chiu <chui-hao.chiu(a)mediatek.com>
wifi: mt76: mt7996: fix ldpc setting
Benjamin Lin <benjamin-jw.lin(a)mediatek.com>
wifi: mt76: mt7996: fix definition of tx descriptor
Benjamin Lin <benjamin-jw.lin(a)mediatek.com>
wifi: mt76: mt7996: fix incorrect indexing of MIB FW event
Howard Hsu <howard-yh.hsu(a)mediatek.com>
wifi: mt76: mt7996: fix HE Phy capability
Howard Hsu <howard-yh.hsu(a)mediatek.com>
wifi: mt76: mt7996: fix the capability of reception of EHT MU PPDU
Peter Chiu <chui-hao.chiu(a)mediatek.com>
wifi: mt76: mt7996: add max mpdu len capability
Peter Chiu <chui-hao.chiu(a)mediatek.com>
wifi: mt76: mt7996: fix register mapping
Peter Chiu <chui-hao.chiu(a)mediatek.com>
wifi: mt76: mt7915: fix register mapping
Felix Fietkau <nbd(a)nbd.name>
wifi: mt76: mt7915: fix omac index assignment after hardware reset
Felix Fietkau <nbd(a)nbd.name>
wifi: mt76: mt7915: firmware restart on devices with a second pcie link
Felix Fietkau <nbd(a)nbd.name>
wifi: mt76: only enable tx worker after setting the channel
Felix Fietkau <nbd(a)nbd.name>
wifi: mt76: mt7996: fix rx filter setting for bfee functionality
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: Properly handle responses for commands with events
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: Cleanup MLO settings post-disconnection
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: Update mt7925_mcu_uni_[tx,rx]_ba for MLO
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: Init secondary link PM state
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: Update secondary link PS flow
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: Update mt7925_unassign_vif_chanctx for per-link BSS
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: Update mt792x_rx_get_wcid for per-link STA
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: Update mt7925_mcu_sta_update for BC in ASSOC state
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: Enhance mt7925_mac_link_sta_add to support MLO
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: Enhance mt7925_mac_link_bss_add to support MLO
Leon Yen <leon.yen(a)mediatek.com>
wifi: mt76: mt7925: Fix CNM Timeout with Single Active Link in MLO
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: fix wrong parameter for related cmd of chan info
allan.wang <allan.wang(a)mediatek.com>
wifi: mt76: mt7925: Fix incorrect WCID phy_idx assignment
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: Fix incorrect WCID assignment for MLO
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: Fix incorrect MLD address in bss_mld_tlv for MLO support
Sean Wang <sean.wang(a)mediatek.com>
wifi: mt76: connac: Extend mt76_connac_mcu_uni_add_dev for MLO
xueqin Luo <luoxueqin(a)kylinos.cn>
wifi: mt76: mt7915: fix overflows seen when writing limit attributes
xueqin Luo <luoxueqin(a)kylinos.cn>
wifi: mt76: mt7996: fix overflows seen when writing limit attributes
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: fix the invalid ip address for arp offload
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: fix get wrong chip cap from incorrect pointer
Eric-SY Chang <eric-sy.chang(a)mediatek.com>
wifi: mt76: mt7925: fix wrong band_idx setting when enable sniffer mode
Charles Han <hanchunchao(a)inspur.com>
wifi: mt76: mt7925: fix NULL deref check in mt7925_change_vif_links
Christophe JAILLET <christophe.jaillet(a)wanadoo.fr>
wifi: mt76: mt7915: Fix an error handling path in mt7915_add_interface()
Michael Lo <michael.lo(a)mediatek.com>
wifi: mt76: mt7921: fix using incorrect group cipher after disconnection.
WangYuli <wangyuli(a)uniontech.com>
wifi: mt76: mt76u_vendor_request: Do not print error messages when -EPROTO
Mickaël Salaün <mic(a)digikod.net>
landlock: Handle weird files
Guangguan Wang <guangguan.wang(a)linux.alibaba.com>
net/smc: fix data error when recvmsg with MSG_PEEK flag
Drew Fustini <dfustini(a)tenstorrent.com>
clk: thead: Fix cpu2vp_clk for TH1520 AP_SUBSYS clocks
Drew Fustini <dfustini(a)tenstorrent.com>
clk: thead: Add CLK_IGNORE_UNUSED to fix TH1520 boot
Drew Fustini <dfustini(a)tenstorrent.com>
clk: thead: Fix clk gate registration to pass flags
Sergio Paracuellos <sergio.paracuellos(a)gmail.com>
clk: ralink: mtmips: remove duplicated 'xtal' clock for Ralink SoC RT3883
Johannes Berg <johannes.berg(a)intel.com>
wifi: mac80211: don't flush non-uploaded STAs
Ilan Peer <ilan.peer(a)intel.com>
wifi: mac80211: Fix common size calculation for ML element
Andy Strohman <andrew(a)andrewstrohman.com>
wifi: mac80211: fix tid removal during mesh forwarding
Kees Cook <kees(a)kernel.org>
wifi: cfg80211: Move cfg80211_scan_req_add_chan() n_channels increment earlier
Johannes Berg <johannes.berg(a)intel.com>
wifi: mac80211: prohibit deactivating all links
Daniel Gabay <daniel.gabay(a)intel.com>
wifi: iwlwifi: mvm: don't count mgmt frames as MPDU
Miri Korenblit <miriam.rachel.korenblit(a)intel.com>
wifi: iwlwifi: mvm: avoid NULL pointer dereference
Johannes Berg <johannes.berg(a)intel.com>
wifi: iwlwifi: fw: read STEP table from correct UEFI var
Nicolas Cavallari <nicolas.cavallari(a)green-communications.fr>
wifi: mt76: mt7915: Fix mesh scan on MT7916 DBDC
Dan Carpenter <dan.carpenter(a)linaro.org>
wifi: mt76: mt7925: fix off by one in mt7925_load_clc()
Joel Stanley <joel(a)jms.id.au>
hwmon: Fix help text for aspeed-g6-pwm-tach
Ping-Ke Shih <pkshih(a)realtek.com>
wifi: rtw89: fix race between cancel_hw_scan and hw_scan completion
Zong-Zhe Yang <kevin_yang(a)realtek.com>
wifi: rtw89: mcc: consider time limits not divisible by 1024
Chih-Kang Chang <gary.chang(a)realtek.com>
wifi: rtw89: avoid to init mgnt_entry list twice when WoWLAN failed
Zong-Zhe Yang <kevin_yang(a)realtek.com>
wifi: rtw89: chan: fix soft lockup in rtw89_entity_recalc_mgnt_roles()
Zong-Zhe Yang <kevin_yang(a)realtek.com>
wifi: rtw89: fix proceeding MCC with wrong scanning state after sequence changes
Zong-Zhe Yang <kevin_yang(a)realtek.com>
wifi: rtw89: tweak setting of channel and TX power for MLO
Zong-Zhe Yang <kevin_yang(a)realtek.com>
wifi: rtw89: chan: manage active interfaces
Zong-Zhe Yang <kevin_yang(a)realtek.com>
wifi: rtw89: handle entity active flag per PHY
Andreas Kemnade <andreas(a)kemnade.info>
wifi: wlcore: fix unbalanced pm_runtime calls
Shayne Chen <shayne.chen(a)mediatek.com>
wifi: mt76: mt7996: fix invalid interface combinations
Zichen Xie <zichenxie0106(a)gmail.com>
samples/landlock: Fix possible NULL dereference in parse_path()
Rob Herring (Arm) <robh(a)kernel.org>
mfd: syscon: Fix race in device_node_get_regmap()
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
leds: cht-wcove: Use devm_led_classdev_register() to avoid memory leak
Terry Tritton <terry.tritton(a)linaro.org>
HID: fix generic desktop D-Pad controls
Karol Przybylski <karprzy7(a)gmail.com>
HID: hid-thrustmaster: Fix warning in thrustmaster_probe by adding endpoint check
Amit Pundir <amit.pundir(a)linaro.org>
clk: qcom: gcc-sdm845: Do not use shared clk_ops for QUPs
Sathishkumar Muruganandam <quic_murugana(a)quicinc.com>
wifi: ath12k: fix tx power, max reg power update to firmware
Quan Nguyen <quan(a)os.amperecomputing.com>
ipmi: ssif_bmc: Fix new request loss when bmc ready for a response
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
OPP: OF: Fix an OF node leak in _opp_add_static_v2()
Yevgeny Kliteynik <kliteyn(a)nvidia.com>
net/mlx5: HWS, fix definer's HWS_SET32 macro for negative offset
Eric Dumazet <edumazet(a)google.com>
ax25: rcu protect dev->ax25_ptr
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
regulator: of: Implement the unwind path of of_regulator_match()
Vasily Khoruzhick <anarsoul(a)gmail.com>
clk: sunxi-ng: a64: stop force-selecting PLL-MIPI as TCON0 parent
Vasily Khoruzhick <anarsoul(a)gmail.com>
clk: sunxi-ng: a64: drop redundant CLK_PLL_VIDEO0_2X and CLK_PLL_MIPI
Vasily Khoruzhick <anarsoul(a)gmail.com>
dt-bindings: clock: sunxi: Export PLL_VIDEO_2X and PLL_MIPI
Octavian Purdila <tavip(a)google.com>
team: prevent adding a device which is already a team device lower
Bryan O'Donoghue <bryan.odonoghue(a)linaro.org>
clk: qcom: camcc-x1e80100: Set titan_top_gdsc as the parent GDSC of subordinate GDSCs
Peng Fan <peng.fan(a)nxp.com>
clk: imx: Apply some clks only for i.MX93
Shengjiu Wang <shengjiu.wang(a)nxp.com>
arm64: dts: imx93: Use IMX93_CLK_SPDIF_IPG as SPDIF IPG clock
Shengjiu Wang <shengjiu.wang(a)nxp.com>
clk: imx93: Add IMX93_CLK_SPDIF_IPG clock
Pengfei Li <pengfei.li_1(a)nxp.com>
clk: imx: add i.MX91 clk
Pengfei Li <pengfei.li_1(a)nxp.com>
clk: imx93: Move IMX93_CLK_END macro to clk driver
Shengjiu Wang <shengjiu.wang(a)nxp.com>
dt-bindings: clock: imx93: Add SPDIF IPG clk
Pengfei Li <pengfei.li_1(a)nxp.com>
dt-bindings: clock: Add i.MX91 clock support
Pengfei Li <pengfei.li_1(a)nxp.com>
dt-bindings: clock: imx93: Drop IMX93_CLK_END macro definition
Marek Vasut <marex(a)denx.de>
clk: imx8mp: Fix clkout1/2 support
Stefano Brivio <sbrivio(a)redhat.com>
udp: Deal with race between UDP socket address change and rehash
Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org>
cpufreq: qcom: Implement clk_ops::determine_rate() for qcom_cpufreq* clocks
Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org>
cpufreq: qcom: Fix qcom_cpufreq_hw_recalc_rate() to query LUT if LMh IRQ is not available
Luca Ceresoli <luca.ceresoli(a)bootlin.com>
gpio: pca953x: log an error when failing to get the reset GPIO
Lorenzo Bianconi <lorenzo(a)kernel.org>
net: airoha: Fix error path in airoha_probe()
Eric Dumazet <edumazet(a)google.com>
ptr_ring: do not block hard interrupts in ptr_ring_resize_multiple()
Mickaël Salaün <mic(a)digikod.net>
selftests: ktap_helpers: Fix uninitialized variable
Sultan Alsawaf (unemployed) <sultan(a)kerneltoast.com>
cpufreq: schedutil: Fix superfluous updates caused by need_freq_update
Mingwei Zheng <zmw12306(a)gmail.com>
pwm: stm32-lp: Add check for clk_enable()
Eric Dumazet <edumazet(a)google.com>
inetpeer: do not get a refcount in inet_getpeer()
Eric Dumazet <edumazet(a)google.com>
inetpeer: update inetpeer timestamp in inet_getpeer()
Eric Dumazet <edumazet(a)google.com>
inetpeer: remove create argument of inet_getpeer()
Eric Dumazet <edumazet(a)google.com>
inetpeer: remove create argument of inet_getpeer_v[46]()
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
leds: netxbig: Fix an OF node reference leak in netxbig_leds_get_of_pdata()
Matti Vaittinen <mazziesaccount(a)gmail.com>
dt-bindings: mfd: bd71815: Fix rsense and typos
He Rongguang <herongguang(a)linux.alibaba.com>
cpupower: fix TSC MHz calculation
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
ACPI: fan: cleanup resources in the error path of .probe()
Uwe Kleine-König <u.kleine-koenig(a)baylibre.com>
hwmon: (nct6775): Actually make use of the HWMON_NCT6775 symbol namespace
Masahiro Yamada <masahiroy(a)kernel.org>
module: Convert default symbol namespace to string literal
Marcel Hamer <marcel.hamer(a)windriver.com>
wifi: brcmfmac: add missing header include for brcmf_dbg
Chen-Yu Tsai <wenst(a)chromium.org>
regulator: dt-bindings: mt6315: Drop regulator-compatible property
Jiri Kosina <jikos(a)kernel.org>
HID: multitouch: fix support for Goodix PID 0x01e9
Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>
wifi: rtlwifi: pci: wait for firmware loading before releasing memory
Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>
wifi: rtlwifi: fix memory leaks and invalid access at probe error path
Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>
wifi: rtlwifi: destroy workqueue at rtl_deinit_core
Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>
wifi: rtlwifi: remove unused check_buddy_priv
Geert Uytterhoeven <geert+renesas(a)glider.be>
dt-bindings: leds: class-multicolor: Fix path to color definitions
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
clk: fix an OF node reference leak in of_clk_get_parent_name()
Neil Armstrong <neil.armstrong(a)linaro.org>
dt-bindings: mmc: controller: clarify the address-cells description
David Howells <dhowells(a)redhat.com>
rxrpc: Fix handling of received connection abort
Mingwei Zheng <zmw12306(a)gmail.com>
spi: zynq-qspi: Add check for clk_enable()
Octavian Purdila <tavip(a)google.com>
net_sched: sch_sfq: don't allow 1 packet limit
Eric Dumazet <edumazet(a)google.com>
net_sched: sch_sfq: handle bigger packets
Song Yoong Siang <yoong.siang.song(a)intel.com>
selftests/bpf: Actuate tx_metadata_len in xdp_hw_metadata
Zichen Xie <zichenxie0106(a)gmail.com>
wifi: cfg80211: tests: Fix potential NULL dereference in test_cfg80211_parse_colocated_ap()
Javier Carrasco <javier.carrasco.cruz(a)gmail.com>
clk: renesas: cpg-mssr: Fix 'soc' node handling in cpg_mssr_reserved_init()
Barnabás Czémán <barnabas.czeman(a)mainlining.org>
wifi: wcn36xx: fix channel survey memory allocation size
Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>
wifi: rtlwifi: usb: fix workqueue leak when probe fails
Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>
wifi: rtlwifi: fix init_sw_vars leak when probe fails
Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>
wifi: rtlwifi: wait for firmware loading before releasing memory
Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>
wifi: rtlwifi: rtl8192se: rise completion of firmware loading as last step
Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>
wifi: rtlwifi: do not complete firmware loading needlessly
Colin Ian King <colin.i.king(a)gmail.com>
wifi: rtlwifi: rtl8821ae: phy: restore removed code to fix infinite loop
Balaji Pothunoori <quic_bpothuno(a)quicinc.com>
wifi: ath11k: Fix unexpected return buffer manager error for WCN6750/WCN6855
Charles Han <hanchunchao(a)inspur.com>
ipmi: ipmb: Add check devm_kasprintf() returned value
Thomas Gleixner <tglx(a)linutronix.de>
genirq: Make handle_enforce_irqctx() unconditionally available
Jonathan Kim <jonathan.kim(a)amd.com>
drm/amdgpu: fix gpu recovery disable with per queue reset
Alex Deucher <alexander.deucher(a)amd.com>
Revert "drm/amdgpu/gfx9: put queue resets behind a debug option"
Jiang Liu <gerry(a)linux.alibaba.com>
drm/amdgpu: tear down ttm range manager for doorbell in amdgpu_ttm_fini()
Hermes Wu <hermes.wu(a)ite.com.tw>
drm/bridge: it6505: Change definition of AUX_FIFO_MAX_SIZE
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
drm/msm/mdp4: correct LCDC regulator name
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
drm/msm: don't clean up priv->kms prematurely
Sui Jingfeng <sui.jingfeng(a)linux.dev>
drm/msm: Check return value of of_dma_configure()
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
drm/msm/dpu: link DSPP_2/_3 blocks on X1E80100
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
drm/msm/dpu: link DSPP_2/_3 blocks on SM8650
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
drm/msm/dpu: link DSPP_2/_3 blocks on SM8550
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
drm/msm/dpu: link DSPP_2/_3 blocks on SM8350
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
drm/msm/dpu: link DSPP_2/_3 blocks on SM8250
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
drm/msm/dpu: link DSPP_2/_3 blocks on SC8180X
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
drm/msm/dpu: link DSPP_2/_3 blocks on SM8150
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
drm/msm/dpu: provide DSPP and correct LM config for SDM670
Neil Armstrong <neil.armstrong(a)linaro.org>
OPP: fix dev_pm_opp_find_bw_*() when bandwidth table not initialized
Neil Armstrong <neil.armstrong(a)linaro.org>
OPP: add index check to assert to avoid buffer overflow in _read_freq()
Bokun Zhang <bokun.zhang(a)amd.com>
drm/amdgpu/vcn: reset fw_shared under SRIOV
Min-Hua Chen <minhuadotchen(a)gmail.com>
drm/rockchip: vop2: include rockchip_drm_drv.h
Andy Yan <andy.yan(a)rock-chips.com>
drm/rockchip: vop2: Add check for 32 bpp format for rk3588
Andy Yan <andy.yan(a)rock-chips.com>
drm/rockchip: vop2: Check linear format for Cluster windows on rk3566/8
Andy Yan <andy.yan(a)rock-chips.com>
drm/rockchip: vop2: Setup delay cycle for Esmart2/3
Andy Yan <andy.yan(a)rock-chips.com>
drm/rockchip: vop2: Set AXI id for rk3588
Derek Foreman <derek.foreman(a)collabora.com>
drm/connector: Allow clearing HDMI infoframes
John Ogness <john.ogness(a)linutronix.de>
printk: Defer legacy printing when holding printk_cpu_sync
Andy Yan <andy.yan(a)rock-chips.com>
drm/rockchip: vop2: Fix the windows switch between different layers
Boris Brezillon <boris.brezillon(a)collabora.com>
drm/panthor: Preserve the result returned by panthor_fw_resume()
Andy Yan <andy.yan(a)rock-chips.com>
drm/rockchip: vop2: Fix the mixer alpha setup for layer 0
Andy Yan <andy.yan(a)rock-chips.com>
drm/rockchip: vop2: Fix cluster windows alpha ctrl regsiters offset
Ivan Stepchenko <sid(a)itb.spb.ru>
drm/amdgpu: Fix potential NULL pointer dereference in atomctrl_get_smc_sclk_range_table
Christophe JAILLET <christophe.jaillet(a)wanadoo.fr>
drm/amd/pm: Fix an error handling path in vega10_enable_se_edc_force_stall_config()
Alan Stern <stern(a)rowland.harvard.edu>
HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections
Sui Jingfeng <sui.jingfeng(a)linux.dev>
drm/etnaviv: Fix page property being used for non writecombine buffers
Rex Nie <rex.nie(a)jaguarmicro.com>
drm/msm/hdmi: simplify code in pll_get_integloop_gain
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
drm/msm/dp: set safe_to_exit_level before printing it
Heiko Stuebner <heiko.stuebner(a)cherry.de>
drm/rockchip: vop2: fix rk3588 dp+dsi maxclk verification
Maíra Canal <mcanal(a)igalia.com>
drm/v3d: Fix performance counter source settings on V3D 7.x
Chengming Zhou <chengming.zhou(a)linux.dev>
psi: Fix race when task wakes up before psi_sched_switch() adjusts flags
Johannes Weiner <hannes(a)cmpxchg.org>
sched: psi: pass enqueue/dequeue flags to psi callbacks directly
John Stultz <jstultz(a)google.com>
sched: Split out __schedule() deactivate task logic into a helper
K Prateek Nayak <kprateek.nayak(a)amd.com>
x86/topology: Use x86_sched_itmt_flags for PKG domain unconditionally
Perry Yuan <perry.yuan(a)amd.com>
x86/cpu: Enable SD_ASYM_PACKING for PKG domain on AMD
Tianchen Ding <dtcccc(a)linux.alibaba.com>
sched: Fix race between yield_to() and try_to_wake_up()
Peter Zijlstra <peterz(a)infradead.org>
sched/fair: Fix value reported by hot tasks pulled in /proc/schedstat
Peter Zijlstra <peterz(a)infradead.org>
sched/fair: Untangle NEXT_BUDDY and pick_next_task()
Yabin Cui <yabinc(a)google.com>
perf/core: Save raw sample data conditionally based on sample type
David Howells <dhowells(a)redhat.com>
afs: Fix the fallback handling for the YFS.RemoveFile2 RPC call
Jens Axboe <axboe(a)kernel.dk>
nvme: fix bogus kzalloc() return check in nvme_init_effects_log()
Christophe Leroy <christophe.leroy(a)csgroup.eu>
select: Fix unbalanced user_access_end()
Qu Wenruo <wqu(a)suse.com>
btrfs: subpage: fix the bitmap dump of the locked flags
Randy Dunlap <rdunlap(a)infradead.org>
partitions: ldm: remove the initial kernel-doc notation
Qu Wenruo <wqu(a)suse.com>
btrfs: improve the warning and error message for btrfs_remove_qgroup()
Keisuke Nishimura <keisuke.nishimura(a)inria.fr>
nvme: Add error path for xa_store in nvme_init_effects
Michael Ellerman <mpe(a)ellerman.id.au>
selftests/powerpc: Fix argument order to timer_sub()
Gaurav Batra <gbatra(a)linux.ibm.com>
powerpc/pseries/iommu: IOMMU incorrectly marks MMIO range in DDW
Keisuke Nishimura <keisuke.nishimura(a)inria.fr>
nvme: Add error check for xa_store in nvme_get_effects_log
Sagi Grimberg <sagi(a)grimberg.me>
nvme-tcp: Fix I/O queue cpu spreading for multiple controllers
Christoph Hellwig <hch(a)lst.de>
block: don't update BLK_FEAT_POLL in __blk_mq_update_nr_hw_queues
Christoph Hellwig <hch(a)lst.de>
block: check BLK_FEAT_POLL under q_usage_count
Eugen Hristev <eugen.hristev(a)linaro.org>
pstore/blk: trivial typo fixes
Yu Kuai <yukuai3(a)huawei.com>
nbd: don't allow reconnect after disconnect
Geert Uytterhoeven <geert+renesas(a)glider.be>
ps3disk: Do not use dev->bounce_size before it is set
Yang Erkun <yangerkun(a)huawei.com>
block: retry call probe after request_module in blk_request_module
Christoph Hellwig <hch(a)lst.de>
block: copy back bounce buffer to user-space correctly in case of split
Jinliang Zheng <alexjlzheng(a)gmail.com>
fs: fix proc_handler for sysctl_nr_open
David Howells <dhowells(a)redhat.com>
afs: Fix cleanup of immediately failed async calls
David Howells <dhowells(a)redhat.com>
afs: Fix directory format encoding struct
David Howells <dhowells(a)redhat.com>
afs: Fix EEXIST error returned from afs_rmdir() to be ENOTEMPTY
Alexander Aring <aahringo(a)redhat.com>
dlm: fix srcu_read_lock() return type to int
Alexander Aring <aahringo(a)redhat.com>
dlm: fix removal of rsb struct that is master and dir record
Sourabh Jain <sourabhjain(a)linux.ibm.com>
powerpc/book3s64/hugetlb: Fix disabling hugetlb when fadump is active
Kees Cook <kees(a)kernel.org>
coredump: Do not lock during 'comm' reporting
-------------
Diffstat:
Documentation/core-api/symbol-namespaces.rst | 4 +-
.../devicetree/bindings/clock/imx93-clock.yaml | 1 +
.../bindings/leds/leds-class-multicolor.yaml | 2 +-
.../devicetree/bindings/mfd/rohm,bd71815-pmic.yaml | 20 +-
.../devicetree/bindings/mmc/mmc-controller.yaml | 2 +-
.../bindings/regulator/mt6315-regulator.yaml | 6 -
Documentation/driver-api/crypto/iaa/iaa-crypto.rst | 9 +-
.../it_IT/core-api/symbol-namespaces.rst | 4 +-
.../zh_CN/core-api/symbol-namespaces.rst | 4 +-
Makefile | 6 +-
.../dts/aspeed/aspeed-bmc-facebook-yosemite4.dts | 24 +-
.../boot/dts/intel/socfpga/socfpga_arria10.dtsi | 6 +-
arch/arm/boot/dts/mediatek/mt7623.dtsi | 2 +-
.../boot/dts/microchip/at91-sama5d27_wlsom1_ek.dts | 1 +
.../boot/dts/microchip/at91-sama5d29_curiosity.dts | 1 +
arch/arm/boot/dts/nxp/imx/imx7-tqma7.dtsi | 1 +
arch/arm/boot/dts/st/stm32mp13xx-dhcor-som.dtsi | 4 +-
arch/arm/boot/dts/st/stm32mp151.dtsi | 2 +-
arch/arm/boot/dts/st/stm32mp15xx-dhcom-drc02.dtsi | 12 -
arch/arm/boot/dts/st/stm32mp15xx-dhcom-pdk2.dtsi | 10 -
.../arm/boot/dts/st/stm32mp15xx-dhcom-picoitx.dtsi | 10 -
arch/arm/boot/dts/st/stm32mp15xx-dhcom-som.dtsi | 7 +
arch/arm/mach-at91/pm.c | 31 +-
arch/arm/mach-omap1/board-nokia770.c | 2 +-
.../boot/dts/allwinner/sun50i-a64-pinebook.dts | 2 +
.../boot/dts/allwinner/sun50i-a64-teres-i.dts | 2 +
arch/arm64/boot/dts/allwinner/sun50i-a64.dtsi | 2 +
arch/arm64/boot/dts/freescale/imx93.dtsi | 2 +-
arch/arm64/boot/dts/marvell/cn9131-cf-solidwan.dts | 4 +-
arch/arm64/boot/dts/mediatek/mt7988a.dtsi | 3 +
arch/arm64/boot/dts/mediatek/mt8173-elm.dtsi | 29 +-
arch/arm64/boot/dts/mediatek/mt8173-evb.dts | 25 +-
.../dts/mediatek/mt8183-kukui-jacuzzi-damu.dts | 4 +
.../dts/mediatek/mt8183-kukui-jacuzzi-kenzo.dts | 15 +
.../dts/mediatek/mt8183-kukui-jacuzzi-willow.dtsi | 15 +
.../boot/dts/mediatek/mt8183-kukui-jacuzzi.dtsi | 2 -
arch/arm64/boot/dts/mediatek/mt8183.dtsi | 3 +-
arch/arm64/boot/dts/mediatek/mt8186.dtsi | 8 +-
arch/arm64/boot/dts/mediatek/mt8192-asurada.dtsi | 3 -
arch/arm64/boot/dts/mediatek/mt8195-cherry.dtsi | 2 -
arch/arm64/boot/dts/mediatek/mt8195-demo.dts | 9 -
arch/arm64/boot/dts/mediatek/mt8195.dtsi | 5 +-
arch/arm64/boot/dts/mediatek/mt8365.dtsi | 3 +-
.../boot/dts/mediatek/mt8395-genio-1200-evk.dts | 2 -
.../boot/dts/mediatek/mt8395-radxa-nio-12l.dts | 2 -
arch/arm64/boot/dts/mediatek/mt8516.dtsi | 11 +-
arch/arm64/boot/dts/mediatek/pumpkin-common.dtsi | 2 -
arch/arm64/boot/dts/nvidia/tegra234.dtsi | 2 +-
arch/arm64/boot/dts/qcom/Makefile | 3 +
arch/arm64/boot/dts/qcom/msm8916.dtsi | 2 +-
arch/arm64/boot/dts/qcom/msm8939.dtsi | 2 +-
arch/arm64/boot/dts/qcom/msm8994.dtsi | 11 +-
arch/arm64/boot/dts/qcom/msm8996-xiaomi-gemini.dts | 2 +-
arch/arm64/boot/dts/qcom/msm8996.dtsi | 9 +-
arch/arm64/boot/dts/qcom/qcm6490-shift-otter.dts | 2 -
arch/arm64/boot/dts/qcom/qcs404.dtsi | 2 +-
arch/arm64/boot/dts/qcom/qcs8550-aim300.dtsi | 2 +-
arch/arm64/boot/dts/qcom/qdu1000-idp.dts | 2 +-
arch/arm64/boot/dts/qcom/qrb4210-rb2.dts | 2 +-
arch/arm64/boot/dts/qcom/qru1000-idp.dts | 2 +-
arch/arm64/boot/dts/qcom/sa8775p-ride.dtsi | 2 +-
arch/arm64/boot/dts/qcom/sc7180-firmware-tfa.dtsi | 84 ++---
.../arm64/boot/dts/qcom/sc7180-trogdor-coachz.dtsi | 8 +-
.../boot/dts/qcom/sc7180-trogdor-homestar.dtsi | 8 +-
.../arm64/boot/dts/qcom/sc7180-trogdor-pompom.dtsi | 4 +-
.../dts/qcom/sc7180-trogdor-quackingstick.dtsi | 1 +
.../boot/dts/qcom/sc7180-trogdor-wormdingler.dtsi | 8 +-
arch/arm64/boot/dts/qcom/sc7180.dtsi | 362 ++++++++++-----------
arch/arm64/boot/dts/qcom/sc7280.dtsi | 2 +-
arch/arm64/boot/dts/qcom/sc8280xp.dtsi | 46 +--
...dts => sdm845-db845c-navigation-mezzanine.dtso} | 46 +--
arch/arm64/boot/dts/qcom/sdm845.dtsi | 20 +-
arch/arm64/boot/dts/qcom/sdx75.dtsi | 2 +-
arch/arm64/boot/dts/qcom/sm4450.dtsi | 2 +-
arch/arm64/boot/dts/qcom/sm6125.dtsi | 2 +-
arch/arm64/boot/dts/qcom/sm6375.dtsi | 2 +-
arch/arm64/boot/dts/qcom/sm7125.dtsi | 16 +-
arch/arm64/boot/dts/qcom/sm7225-fairphone-fp4.dts | 2 +-
.../boot/dts/qcom/sm8150-microsoft-surface-duo.dts | 4 +-
arch/arm64/boot/dts/qcom/sm8250.dtsi | 30 +-
arch/arm64/boot/dts/qcom/sm8350.dtsi | 2 +-
arch/arm64/boot/dts/qcom/sm8450.dtsi | 2 +-
arch/arm64/boot/dts/qcom/sm8550-hdk.dts | 2 +-
arch/arm64/boot/dts/qcom/sm8550-mtp.dts | 2 +-
arch/arm64/boot/dts/qcom/sm8550-qrd.dts | 2 +-
arch/arm64/boot/dts/qcom/sm8550-samsung-q5q.dts | 2 +-
.../dts/qcom/sm8550-sony-xperia-yodo-pdx234.dts | 2 +-
arch/arm64/boot/dts/qcom/sm8650-hdk.dts | 2 +-
arch/arm64/boot/dts/qcom/sm8650-mtp.dts | 2 +-
arch/arm64/boot/dts/qcom/sm8650-qrd.dts | 2 +-
arch/arm64/boot/dts/qcom/sm8650.dtsi | 6 +-
.../boot/dts/qcom/x1e80100-microsoft-romulus.dtsi | 4 +-
arch/arm64/boot/dts/qcom/x1e80100.dtsi | 2 +-
arch/arm64/boot/dts/renesas/rzg3s-smarc-som.dtsi | 5 -
arch/arm64/boot/dts/renesas/rzg3s-smarc.dtsi | 7 +-
arch/arm64/boot/dts/rockchip/rk3308-rock-s0.dts | 25 +-
.../boot/dts/rockchip/rk3568-wolfvision-pf5.dts | 2 +-
arch/arm64/boot/dts/ti/Makefile | 4 -
arch/arm64/boot/dts/ti/k3-am62-main.dtsi | 1 -
arch/arm64/boot/dts/ti/k3-am62a-main.dtsi | 1 -
...-pcie.dtso => k3-am642-hummingboard-t-pcie.dts} | 14 +-
...-usb3.dtso => k3-am642-hummingboard-t-usb3.dts} | 13 +-
arch/arm64/configs/defconfig | 1 -
arch/hexagon/include/asm/cmpxchg.h | 2 +-
arch/hexagon/kernel/traps.c | 4 +-
arch/loongarch/include/asm/hw_breakpoint.h | 4 +-
arch/loongarch/include/asm/loongarch.h | 60 ++++
arch/loongarch/kernel/hw_breakpoint.c | 16 +-
arch/loongarch/power/platform.c | 2 +-
arch/powerpc/include/asm/hugetlb.h | 9 +
arch/powerpc/kernel/iommu.c | 2 +-
arch/powerpc/platforms/pseries/iommu.c | 12 +-
arch/riscv/kernel/vector.c | 2 +-
arch/s390/Kconfig | 1 +
arch/s390/Makefile | 2 +-
arch/s390/include/asm/sclp.h | 1 +
arch/s390/kernel/perf_cpum_cf.c | 2 +-
arch/s390/kernel/perf_pai_crypto.c | 2 +-
arch/s390/kernel/perf_pai_ext.c | 2 +-
arch/s390/kernel/setup.c | 5 +
arch/s390/purgatory/Makefile | 2 +-
arch/x86/events/amd/ibs.c | 2 +-
arch/x86/include/asm/kvm_host.h | 2 +-
arch/x86/kernel/smpboot.c | 10 +-
arch/x86/kvm/lapic.c | 11 +-
arch/x86/kvm/vmx/vmx.c | 2 +-
arch/x86/kvm/vmx/x86_ops.h | 2 +-
block/bio-integrity.c | 15 +-
block/blk-core.c | 21 +-
block/blk-mq.c | 34 +-
block/blk-mq.h | 6 +
block/blk-sysfs.c | 9 +-
block/genhd.c | 22 +-
block/partitions/ldm.h | 2 +-
crypto/algapi.c | 4 +-
drivers/acpi/acpica/achware.h | 2 -
drivers/acpi/fan_core.c | 10 +-
drivers/base/class.c | 9 +-
drivers/block/nbd.c | 1 +
drivers/block/ps3disk.c | 4 +-
drivers/bluetooth/btbcm.c | 3 +
drivers/bluetooth/btnxpuart.c | 3 +-
drivers/bluetooth/btrtl.c | 4 +-
drivers/bluetooth/btusb.c | 7 +
drivers/cdx/Makefile | 2 +-
drivers/char/ipmi/ipmb_dev_int.c | 3 +
drivers/char/ipmi/ssif_bmc.c | 5 +-
drivers/clk/analogbits/wrpll-cln28hpc.c | 2 +-
drivers/clk/clk.c | 4 +-
drivers/clk/imx/clk-imx8mp.c | 5 +-
drivers/clk/imx/clk-imx93.c | 89 +++--
drivers/clk/qcom/camcc-x1e80100.c | 7 +
drivers/clk/qcom/gcc-sdm845.c | 32 +-
drivers/clk/qcom/gcc-x1e80100.c | 2 +-
drivers/clk/ralink/clk-mtmips.c | 1 -
drivers/clk/renesas/renesas-cpg-mssr.c | 2 +-
drivers/clk/sunxi-ng/ccu-sun50i-a64.c | 13 +-
drivers/clk/sunxi-ng/ccu-sun50i-a64.h | 2 -
drivers/clk/thead/clk-th1520-ap.c | 13 +-
drivers/cpufreq/acpi-cpufreq.c | 36 +-
drivers/cpufreq/qcom-cpufreq-hw.c | 34 +-
drivers/crypto/caam/blob_gen.c | 3 +-
drivers/crypto/hisilicon/sec2/sec.h | 3 +-
drivers/crypto/hisilicon/sec2/sec_crypto.c | 157 +++++----
drivers/crypto/hisilicon/sec2/sec_crypto.h | 11 -
drivers/crypto/intel/iaa/Makefile | 2 +-
drivers/crypto/intel/iaa/iaa_crypto_main.c | 2 +-
drivers/crypto/intel/ixp4xx/ixp4xx_crypto.c | 3 +
drivers/crypto/intel/qat/qat_common/Makefile | 2 +-
drivers/crypto/tegra/tegra-se-aes.c | 7 +-
drivers/crypto/tegra/tegra-se-hash.c | 7 +-
drivers/dma/idxd/Makefile | 2 +-
drivers/dma/ti/edma.c | 3 +-
drivers/firewire/device-attribute-test.c | 2 +
drivers/firmware/efi/sysfb_efi.c | 2 +-
drivers/firmware/qcom/qcom_scm.c | 42 ++-
drivers/gpio/gpio-idio-16.c | 2 +-
drivers/gpio/gpio-mxc.c | 3 +-
drivers/gpio/gpio-pca953x.c | 3 +-
drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gfx_v9.c | 6 +-
drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 1 +
drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c | 4 -
drivers/gpu/drm/amd/amdgpu/gfx_v9_4_3.c | 6 -
drivers/gpu/drm/amd/amdgpu/vcn_v4_0_3.c | 2 +
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.h | 2 +
.../amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 34 +-
.../gpu/drm/amd/display/dc/dpp/dcn10/dcn10_dpp.c | 3 +
.../gpu/drm/amd/display/dc/hubp/dcn10/dcn10_hubp.c | 10 +-
.../gpu/drm/amd/display/dc/hubp/dcn10/dcn10_hubp.h | 2 +
.../gpu/drm/amd/display/dc/hubp/dcn20/dcn20_hubp.c | 1 +
.../drm/amd/display/dc/hubp/dcn201/dcn201_hubp.c | 1 +
.../gpu/drm/amd/display/dc/hubp/dcn21/dcn21_hubp.c | 3 +
.../gpu/drm/amd/display/dc/hubp/dcn30/dcn30_hubp.c | 3 +
.../gpu/drm/amd/display/dc/hubp/dcn31/dcn31_hubp.c | 1 +
.../gpu/drm/amd/display/dc/hubp/dcn32/dcn32_hubp.c | 1 +
.../gpu/drm/amd/display/dc/hubp/dcn35/dcn35_hubp.c | 1 +
.../drm/amd/display/dc/hubp/dcn401/dcn401_hubp.c | 3 +-
.../drm/amd/display/dc/hwss/dcn10/dcn10_hwseq.c | 2 +
.../drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c | 2 +
drivers/gpu/drm/amd/display/dc/inc/hw/hubp.h | 2 +
.../gpu/drm/amd/pm/powerplay/hwmgr/ppatomctrl.c | 2 +
.../drm/amd/pm/powerplay/hwmgr/vega10_powertune.c | 5 +-
drivers/gpu/drm/bridge/ite-it6505.c | 2 +-
drivers/gpu/drm/display/drm_hdmi_state_helper.c | 8 +
drivers/gpu/drm/etnaviv/etnaviv_gem.c | 16 +-
drivers/gpu/drm/msm/adreno/a6xx_gmu.c | 8 +-
.../drm/msm/disp/dpu1/catalog/dpu_10_0_sm8650.h | 2 +
.../gpu/drm/msm/disp/dpu1/catalog/dpu_4_1_sdm670.h | 54 ++-
.../gpu/drm/msm/disp/dpu1/catalog/dpu_5_0_sm8150.h | 2 +
.../drm/msm/disp/dpu1/catalog/dpu_5_1_sc8180x.h | 2 +
.../gpu/drm/msm/disp/dpu1/catalog/dpu_6_0_sm8250.h | 2 +
.../gpu/drm/msm/disp/dpu1/catalog/dpu_7_0_sm8350.h | 2 +
.../gpu/drm/msm/disp/dpu1/catalog/dpu_9_0_sm8550.h | 2 +
.../drm/msm/disp/dpu1/catalog/dpu_9_2_x1e80100.h | 2 +
drivers/gpu/drm/msm/disp/mdp4/mdp4_lcdc_encoder.c | 2 +-
drivers/gpu/drm/msm/dp/dp_audio.c | 2 +-
drivers/gpu/drm/msm/hdmi/hdmi_phy_8998.c | 2 +-
drivers/gpu/drm/msm/msm_kms.c | 1 -
drivers/gpu/drm/panthor/panthor_device.c | 4 +-
drivers/gpu/drm/rockchip/rockchip_drm_vop2.c | 115 +++++--
drivers/gpu/drm/rockchip/rockchip_drm_vop2.h | 10 +
drivers/gpu/drm/rockchip/rockchip_vop2_reg.c | 26 +-
drivers/gpu/drm/v3d/v3d_debugfs.c | 4 +-
drivers/gpu/drm/v3d/v3d_perfmon.c | 15 +-
drivers/gpu/drm/v3d/v3d_regs.h | 29 +-
drivers/hid/hid-core.c | 2 +
drivers/hid/hid-input.c | 37 +--
drivers/hid/hid-multitouch.c | 2 +-
drivers/hid/hid-thrustmaster.c | 8 +
drivers/hwmon/Kconfig | 4 +-
drivers/hwmon/nct6775-core.c | 6 +-
drivers/i2c/busses/i2c-designware-common.c | 5 +-
drivers/i2c/busses/i2c-designware-master.c | 5 +-
drivers/i2c/busses/i2c-designware-slave.c | 5 +-
drivers/i3c/master/dw-i3c-master.c | 1 +
drivers/infiniband/hw/Makefile | 2 +-
drivers/infiniband/hw/bnxt_re/ib_verbs.c | 7 +-
drivers/infiniband/hw/cxgb4/device.c | 6 +-
drivers/infiniband/hw/cxgb4/qp.c | 8 +
drivers/infiniband/hw/hns/Kconfig | 20 +-
drivers/infiniband/hw/hns/Makefile | 9 +-
drivers/infiniband/hw/mlx4/main.c | 8 +-
drivers/infiniband/hw/mlx5/odp.c | 62 ++--
drivers/infiniband/sw/rxe/rxe_param.h | 2 +-
drivers/infiniband/sw/rxe/rxe_pool.c | 11 +-
drivers/infiniband/sw/rxe/rxe_verbs.c | 5 +-
drivers/infiniband/ulp/rtrs/rtrs.c | 3 +
drivers/infiniband/ulp/srp/ib_srp.c | 1 -
drivers/iommu/amd/amd_iommu.h | 1 -
drivers/iommu/amd/iommu.c | 9 -
drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 17 +-
drivers/iommu/iommufd/iova_bitmap.c | 2 +-
drivers/iommu/iommufd/main.c | 2 +-
drivers/leds/leds-cht-wcove.c | 6 +-
drivers/leds/leds-netxbig.c | 1 +
drivers/md/md-bitmap.c | 79 +++--
drivers/md/md-bitmap.h | 7 +-
drivers/md/md.c | 34 ++
drivers/md/md.h | 5 +
drivers/md/raid1.c | 34 +-
drivers/md/raid1.h | 1 -
drivers/md/raid10.c | 26 +-
drivers/md/raid10.h | 1 -
drivers/md/raid5-cache.c | 4 -
drivers/md/raid5.c | 111 ++++---
drivers/md/raid5.h | 4 -
drivers/media/i2c/imx290.c | 3 +-
drivers/media/i2c/imx412.c | 42 +--
drivers/media/i2c/ov9282.c | 2 +-
drivers/media/platform/marvell/mcam-core.c | 7 +-
drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c | 7 +-
.../media/platform/nxp/imx8-isi/imx8-isi-video.c | 3 +
.../media/platform/samsung/exynos4-is/mipi-csis.c | 10 +-
.../media/platform/samsung/s3c-camif/camif-core.c | 13 +-
drivers/media/rc/iguanair.c | 4 +-
drivers/media/usb/dvb-usb-v2/af9035.c | 18 +-
drivers/media/usb/dvb-usb-v2/lmedm04.c | 12 +-
drivers/media/usb/uvc/uvc_queue.c | 3 +-
drivers/media/usb/uvc/uvc_status.c | 1 +
drivers/memory/tegra/tegra20-emc.c | 8 +-
drivers/mfd/syscon.c | 19 +-
drivers/misc/cardreader/rtsx_usb.c | 15 +
drivers/mtd/hyperbus/hbmc-am654.c | 19 +-
drivers/mtd/nand/raw/brcmnand/brcmnand.c | 5 +
drivers/net/ethernet/broadcom/bgmac.h | 3 +-
drivers/net/ethernet/davicom/dm9000.c | 3 +-
drivers/net/ethernet/freescale/fec_main.c | 31 +-
drivers/net/ethernet/hisilicon/hns3/hnae3.c | 15 +
drivers/net/ethernet/hisilicon/hns3/hnae3.h | 2 +
drivers/net/ethernet/hisilicon/hns3/hns3_enet.c | 2 +
.../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 2 +
.../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 2 +
drivers/net/ethernet/intel/iavf/iavf_main.c | 19 +-
drivers/net/ethernet/intel/ice/ice_adminq_cmd.h | 18 +-
drivers/net/ethernet/intel/ice/ice_ethtool.c | 109 +++----
drivers/net/ethernet/intel/ice/ice_ethtool.h | 38 ++-
drivers/net/ethernet/intel/ice/ice_parser.h | 6 +-
drivers/net/ethernet/intel/ice/ice_parser_rt.c | 12 +-
drivers/net/ethernet/intel/idpf/idpf_controlq.c | 6 +
drivers/net/ethernet/intel/idpf/idpf_main.c | 15 +-
drivers/net/ethernet/intel/idpf/idpf_virtchnl.c | 14 +-
.../net/ethernet/marvell/octeon_ep/octep_main.c | 10 -
.../ethernet/marvell/octeon_ep_vf/octep_vf_main.c | 8 -
drivers/net/ethernet/mediatek/airoha_eth.c | 37 ++-
.../mlx5/core/steering/hws/mlx5hws_definer.c | 2 +-
drivers/net/ethernet/mellanox/mlxfw/mlxfw_fsm.c | 2 -
drivers/net/ethernet/mellanox/mlxsw/spectrum_mr.c | 8 +-
drivers/net/ethernet/renesas/ravb_main.c | 22 +-
drivers/net/ethernet/renesas/sh_eth.c | 4 +
drivers/net/ethernet/sfc/ef100_ethtool.c | 1 +
drivers/net/ethernet/sfc/ethtool.c | 1 +
drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 30 ++
drivers/net/ethernet/ti/am65-cpsw-nuss.c | 2 +-
drivers/net/netdevsim/netdevsim.h | 1 +
drivers/net/netdevsim/udp_tunnels.c | 23 +-
drivers/net/phy/marvell-88q2xxx.c | 33 +-
drivers/net/tap.c | 6 +-
drivers/net/team/team_core.c | 7 +
drivers/net/tun.c | 6 +-
drivers/net/usb/rtl8150.c | 22 ++
drivers/net/vxlan/vxlan_vnifilter.c | 5 +
drivers/net/wireless/ath/ath11k/dp_rx.c | 1 +
drivers/net/wireless/ath/ath11k/hal_rx.c | 3 +-
drivers/net/wireless/ath/ath12k/mac.c | 6 +-
drivers/net/wireless/ath/wcn36xx/main.c | 5 +-
.../wireless/broadcom/brcm80211/brcmfmac/fwil.h | 2 +
drivers/net/wireless/intel/iwlwifi/fw/uefi.c | 44 ++-
drivers/net/wireless/intel/iwlwifi/mvm/coex.c | 9 +-
drivers/net/wireless/intel/iwlwifi/mvm/tx.c | 4 +-
drivers/net/wireless/mediatek/mt76/mac80211.c | 2 +-
drivers/net/wireless/mediatek/mt76/mt7615/mcu.c | 2 +-
.../net/wireless/mediatek/mt76/mt76_connac_mcu.c | 2 +-
.../net/wireless/mediatek/mt76/mt76_connac_mcu.h | 1 +
drivers/net/wireless/mediatek/mt76/mt7915/init.c | 2 +-
drivers/net/wireless/mediatek/mt76/mt7915/mac.c | 7 +
drivers/net/wireless/mediatek/mt76/mt7915/main.c | 9 +-
drivers/net/wireless/mediatek/mt76/mt7915/mmio.c | 2 +-
drivers/net/wireless/mediatek/mt76/mt7915/mt7915.h | 1 +
drivers/net/wireless/mediatek/mt76/mt7915/pci.c | 1 +
drivers/net/wireless/mediatek/mt76/mt7921/mac.c | 1 +
drivers/net/wireless/mediatek/mt76/mt7921/main.c | 9 +-
drivers/net/wireless/mediatek/mt76/mt7925/mac.c | 6 +-
drivers/net/wireless/mediatek/mt76/mt7925/main.c | 109 +++++--
drivers/net/wireless/mediatek/mt76/mt7925/mcu.c | 142 +++++---
drivers/net/wireless/mediatek/mt76/mt7925/mcu.h | 5 +-
drivers/net/wireless/mediatek/mt76/mt7925/mt7925.h | 2 +
drivers/net/wireless/mediatek/mt76/mt792x.h | 7 +-
drivers/net/wireless/mediatek/mt76/mt792x_core.c | 3 +-
drivers/net/wireless/mediatek/mt76/mt792x_mac.c | 2 +-
drivers/net/wireless/mediatek/mt76/mt7996/init.c | 20 +-
drivers/net/wireless/mediatek/mt76/mt7996/mac.c | 5 +-
drivers/net/wireless/mediatek/mt76/mt7996/main.c | 3 +-
drivers/net/wireless/mediatek/mt76/mt7996/mcu.c | 47 ++-
drivers/net/wireless/mediatek/mt76/mt7996/mmio.c | 2 +-
drivers/net/wireless/mediatek/mt76/usb.c | 4 +-
drivers/net/wireless/realtek/rtlwifi/base.c | 13 +-
drivers/net/wireless/realtek/rtlwifi/base.h | 1 -
drivers/net/wireless/realtek/rtlwifi/pci.c | 61 +---
.../net/wireless/realtek/rtlwifi/rtl8192se/sw.c | 7 +-
.../net/wireless/realtek/rtlwifi/rtl8821ae/phy.c | 4 +-
drivers/net/wireless/realtek/rtlwifi/usb.c | 12 +-
drivers/net/wireless/realtek/rtlwifi/wifi.h | 12 -
drivers/net/wireless/realtek/rtw89/chan.c | 212 +++++++++++-
drivers/net/wireless/realtek/rtw89/chan.h | 28 +-
drivers/net/wireless/realtek/rtw89/core.c | 124 ++++---
drivers/net/wireless/realtek/rtw89/core.h | 27 +-
drivers/net/wireless/realtek/rtw89/fw.c | 40 ++-
drivers/net/wireless/realtek/rtw89/mac.c | 3 +-
drivers/net/wireless/realtek/rtw89/mac80211.c | 10 +-
drivers/net/wireless/ti/wlcore/main.c | 10 +-
drivers/nvme/host/core.c | 34 +-
drivers/nvme/host/tcp.c | 70 +++-
drivers/of/fdt.c | 13 +-
drivers/of/of_private.h | 3 +-
drivers/of/of_reserved_mem.c | 174 +++++++---
drivers/of/property.c | 2 +-
drivers/opp/core.c | 57 +++-
drivers/opp/of.c | 4 +-
drivers/pci/controller/dwc/pci-imx6.c | 30 +-
drivers/pci/controller/dwc/pcie-designware-host.c | 1 +
drivers/pci/controller/dwc/pcie-qcom.c | 2 +
drivers/pci/controller/pcie-rcar-ep.c | 2 +-
drivers/pci/controller/plda/pcie-microchip-host.c | 222 +++++++++----
drivers/pci/controller/plda/pcie-plda-host.c | 17 +-
drivers/pci/controller/plda/pcie-plda.h | 6 +-
drivers/pci/endpoint/functions/pci-epf-test.c | 6 +-
drivers/pci/endpoint/pci-epc-core.c | 2 +-
drivers/pinctrl/nomadik/pinctrl-nomadik.c | 35 +-
drivers/pinctrl/pinctrl-amd.c | 27 +-
drivers/pinctrl/pinctrl-amd.h | 7 +-
drivers/pinctrl/samsung/pinctrl-exynos.c | 3 +-
drivers/pinctrl/stm32/pinctrl-stm32.c | 76 ++---
drivers/platform/mellanox/mlxbf-pmc.c | 6 +-
drivers/platform/x86/x86-android-tablets/lenovo.c | 4 +-
drivers/pps/clients/pps-gpio.c | 4 +-
drivers/pps/clients/pps-ktimer.c | 4 +-
drivers/pps/clients/pps-ldisc.c | 6 +-
drivers/pps/clients/pps_parport.c | 4 +-
drivers/pps/kapi.c | 10 +-
drivers/pps/kc.c | 10 +-
drivers/pps/pps.c | 127 ++++----
drivers/ptp/ptp_chardev.c | 4 +
drivers/ptp/ptp_ocp.c | 2 +-
drivers/pwm/core.c | 2 +-
drivers/pwm/pwm-dwc-core.c | 2 +-
drivers/pwm/pwm-lpss.c | 2 +-
drivers/pwm/pwm-stm32-lp.c | 8 +-
drivers/pwm/pwm-stm32.c | 7 +-
drivers/regulator/core.c | 2 +-
drivers/regulator/of_regulator.c | 14 +-
drivers/remoteproc/mtk_scp.c | 12 +-
drivers/remoteproc/remoteproc_core.c | 14 +-
drivers/rtc/rtc-loongson.c | 13 +-
drivers/rtc/rtc-pcf85063.c | 11 +-
drivers/rtc/rtc-tps6594.c | 2 +-
drivers/s390/char/sclp.c | 12 +-
drivers/scsi/mpi3mr/mpi3mr_app.c | 8 +-
drivers/scsi/mpt3sas/mpt3sas_base.c | 3 +-
drivers/soc/atmel/soc.c | 2 +-
drivers/spi/spi-omap2-mcspi.c | 11 +-
drivers/spi/spi-zynq-qspi.c | 13 +-
drivers/staging/media/imx/imx-media-of.c | 8 +-
drivers/staging/media/max96712/max96712.c | 4 +-
drivers/tty/mips_ejtag_fdc.c | 4 +-
drivers/tty/serial/8250/8250_port.c | 32 +-
drivers/tty/serial/sc16is7xx.c | 2 +-
drivers/ufs/core/ufs_bsg.c | 1 +
drivers/usb/dwc3/core.c | 35 +-
drivers/usb/dwc3/dwc3-am62.c | 1 +
drivers/usb/gadget/function/f_tcm.c | 14 +-
drivers/usb/host/xhci-ring.c | 3 +-
drivers/usb/storage/Makefile | 2 +-
drivers/usb/typec/tcpm/tcpci.c | 13 +-
drivers/usb/typec/tcpm/tcpm.c | 10 +-
drivers/video/fbdev/omap2/omapfb/dss/dss-of.c | 1 +
drivers/watchdog/rti_wdt.c | 1 +
fs/afs/dir.c | 7 +-
fs/afs/internal.h | 9 +
fs/afs/rxrpc.c | 12 +-
fs/afs/xdr_fs.h | 2 +-
fs/afs/yfsclient.c | 5 +-
fs/btrfs/inode.c | 97 +++++-
fs/btrfs/qgroup.c | 21 +-
fs/btrfs/subpage.c | 6 +-
fs/btrfs/subpage.h | 13 +
fs/btrfs/super.c | 2 +-
fs/dlm/lock.c | 46 ++-
fs/dlm/lowcomms.c | 3 +-
fs/erofs/internal.h | 17 +-
fs/erofs/zdata.c | 190 ++++++++---
fs/erofs/zutil.c | 155 +--------
fs/f2fs/dir.c | 53 ++-
fs/f2fs/f2fs.h | 6 +-
fs/f2fs/inline.c | 5 +-
fs/file_table.c | 2 +-
fs/hostfs/hostfs_kern.c | 27 +-
fs/nfs/localio.c | 4 +-
fs/nfs/nfs42proc.c | 2 +-
fs/nfs/nfs42xdr.c | 2 +
fs/nfs_common/common.c | 89 ++++-
fs/nilfs2/dir.c | 13 +-
fs/nilfs2/namei.c | 29 +-
fs/nilfs2/nilfs.h | 4 +-
fs/nilfs2/page.c | 31 +-
fs/nilfs2/segment.c | 4 +-
fs/ocfs2/quota_global.c | 5 +
fs/pstore/blk.c | 4 +-
fs/select.c | 4 +-
fs/smb/client/cifsacl.c | 25 +-
fs/smb/client/cifsproto.h | 2 +-
fs/smb/client/cifssmb.c | 4 +-
fs/smb/client/readdir.c | 2 +-
fs/smb/client/reparse.c | 22 +-
fs/smb/client/smb2ops.c | 3 +-
fs/ubifs/debug.c | 22 +-
fs/xfs/xfs_buf.c | 3 +-
fs/xfs/xfs_notify_failure.c | 121 ++++---
include/acpi/acpixf.h | 1 +
include/dt-bindings/clock/imx93-clock.h | 7 +-
include/dt-bindings/clock/sun50i-a64-ccu.h | 2 +
include/linux/btf.h | 5 +
include/linux/coredump.h | 4 +-
include/linux/ethtool.h | 4 +
include/linux/export.h | 2 +-
include/linux/hid.h | 1 +
include/linux/ieee80211.h | 11 +-
include/linux/kallsyms.h | 2 +-
include/linux/mroute_base.h | 6 +-
include/linux/netdevice.h | 2 +-
include/linux/nfs_common.h | 3 +-
include/linux/perf_event.h | 6 +
include/linux/pps_kernel.h | 3 +-
include/linux/ptr_ring.h | 21 +-
include/linux/sched.h | 1 +
include/linux/skb_array.h | 17 +-
include/linux/usb/tcpm.h | 3 +-
include/net/ax25.h | 10 +-
include/net/inetpeer.h | 12 +-
include/net/netfilter/nf_tables.h | 6 +
include/net/netns/xfrm.h | 1 +
include/net/pkt_cls.h | 13 +-
include/net/sch_generic.h | 5 +-
include/net/xfrm.h | 30 +-
include/sound/hdaudio_ext.h | 45 ---
include/trace/events/afs.h | 2 +
include/trace/events/rxrpc.h | 25 ++
include/uapi/linux/xfrm.h | 2 +
io_uring/uring_cmd.c | 2 +-
kernel/bpf/arena.c | 8 +-
kernel/bpf/bpf_local_storage.c | 8 +-
kernel/bpf/bpf_struct_ops.c | 21 ++
kernel/bpf/btf.c | 5 -
kernel/bpf/helpers.c | 18 +-
kernel/dma/coherent.c | 14 +-
kernel/events/core.c | 35 +-
kernel/irq/internals.h | 9 +-
kernel/module/main.c | 7 +-
kernel/padata.c | 45 ++-
kernel/power/hibernate.c | 7 +-
kernel/printk/internal.h | 6 +
kernel/printk/printk.c | 5 +
kernel/printk/printk_safe.c | 7 +-
kernel/sched/core.c | 83 +++--
kernel/sched/cpufreq_schedutil.c | 4 +-
kernel/sched/fair.c | 21 +-
kernel/sched/features.h | 9 +
kernel/sched/sched.h | 56 ++--
kernel/sched/stats.h | 33 +-
kernel/sched/syscalls.c | 2 +-
kernel/trace/bpf_trace.c | 13 +-
lib/rhashtable.c | 12 +-
mm/memcontrol.c | 7 +-
mm/oom_kill.c | 8 +-
net/ax25/af_ax25.c | 12 +-
net/ax25/ax25_dev.c | 4 +-
net/ax25/ax25_ip.c | 3 +-
net/ax25/ax25_out.c | 22 +-
net/ax25/ax25_route.c | 2 +
net/core/dev.c | 21 +-
net/core/filter.c | 2 +-
net/core/sysctl_net_core.c | 5 +-
net/ethtool/ioctl.c | 8 +-
net/ethtool/netlink.c | 2 +-
net/hsr/hsr_forward.c | 7 +-
net/ipv4/esp4_offload.c | 6 +-
net/ipv4/icmp.c | 9 +-
net/ipv4/inetpeer.c | 31 +-
net/ipv4/ip_fragment.c | 15 +-
net/ipv4/ipmr.c | 28 +-
net/ipv4/ipmr_base.c | 9 +-
net/ipv4/route.c | 17 +-
net/ipv4/tcp_cubic.c | 8 +-
net/ipv4/tcp_output.c | 9 +-
net/ipv4/udp.c | 56 ++++
net/ipv6/esp6_offload.c | 6 +-
net/ipv6/icmp.c | 6 +-
net/ipv6/ip6_output.c | 6 +-
net/ipv6/ip6mr.c | 28 +-
net/ipv6/ndisc.c | 8 +-
net/ipv6/udp.c | 50 +++
net/key/af_key.c | 7 +-
net/mac80211/debugfs_netdev.c | 2 +-
net/mac80211/driver-ops.h | 3 +
net/mac80211/rx.c | 1 +
net/mptcp/ctrl.c | 4 +-
net/mptcp/options.c | 13 +-
net/mptcp/pm_netlink.c | 3 +-
net/mptcp/protocol.c | 4 +-
net/mptcp/protocol.h | 30 +-
net/ncsi/ncsi-rsp.c | 18 +-
net/netfilter/nf_tables_api.c | 57 +++-
net/netfilter/nft_flow_offload.c | 16 +-
net/netfilter/nft_set_rbtree.c | 43 +++
net/rose/af_rose.c | 16 +-
net/rose/rose_timer.c | 15 +
net/rxrpc/conn_event.c | 12 +-
net/rxrpc/peer_event.c | 16 +-
net/rxrpc/peer_object.c | 12 +-
net/sched/cls_api.c | 57 ++--
net/sched/cls_bpf.c | 2 +
net/sched/cls_flower.c | 2 +
net/sched/cls_matchall.c | 2 +
net/sched/cls_u32.c | 4 +
net/sched/sch_api.c | 4 +
net/sched/sch_generic.c | 4 +-
net/sched/sch_sfq.c | 45 +--
net/smc/af_smc.c | 2 +-
net/smc/smc_rx.c | 37 ++-
net/smc/smc_rx.h | 8 +-
net/sunrpc/svcsock.c | 12 +-
net/vmw_vsock/af_vsock.c | 5 +
net/wireless/scan.c | 7 +-
net/wireless/tests/scan.c | 2 +
net/xfrm/xfrm_compat.c | 6 +-
net/xfrm/xfrm_input.c | 2 +-
net/xfrm/xfrm_policy.c | 12 +
net/xfrm/xfrm_replay.c | 10 +-
net/xfrm/xfrm_state.c | 256 +++++++++++++--
net/xfrm/xfrm_user.c | 59 +++-
samples/landlock/sandboxer.c | 7 +
scripts/Makefile.lib | 4 +-
scripts/genksyms/genksyms.c | 11 +-
scripts/genksyms/genksyms.h | 2 +-
scripts/genksyms/parse.y | 18 +-
scripts/kconfig/confdata.c | 6 +-
scripts/kconfig/symbol.c | 1 +
security/landlock/fs.c | 11 +-
sound/core/seq/Kconfig | 4 +-
sound/pci/hda/patch_realtek.c | 1 +
sound/soc/amd/acp/acp-i2s.c | 1 +
sound/soc/codecs/Makefile | 6 +-
sound/soc/codecs/da7213.c | 2 +
sound/soc/intel/avs/apl.c | 3 +-
sound/soc/intel/avs/cnl.c | 1 +
sound/soc/intel/avs/core.c | 14 +-
sound/soc/intel/avs/loader.c | 2 +-
sound/soc/intel/avs/registers.h | 45 +++
sound/soc/intel/avs/skl.c | 1 +
sound/soc/intel/avs/topology.c | 4 +-
sound/soc/intel/boards/sof_sdw.c | 47 ++-
sound/soc/mediatek/mt8365/Makefile | 2 +-
sound/soc/rockchip/rockchip_i2s_tdm.c | 31 +-
sound/soc/sh/rz-ssi.c | 3 +-
sound/soc/sunxi/sun4i-spdif.c | 7 +
sound/usb/quirks.c | 2 +
tools/bootconfig/main.c | 4 +-
tools/include/uapi/linux/if_xdp.h | 4 +-
tools/lib/bpf/btf.c | 1 +
tools/lib/bpf/btf_relocate.c | 2 +-
tools/lib/bpf/linker.c | 22 +-
tools/lib/bpf/usdt.c | 2 +-
tools/net/ynl/lib/ynl.c | 2 +-
tools/perf/MANIFEST | 1 +
tools/perf/builtin-inject.c | 8 +-
tools/perf/builtin-lock.c | 66 ++--
tools/perf/builtin-report.c | 2 +-
tools/perf/builtin-top.c | 2 +-
tools/perf/builtin-trace.c | 6 +-
tools/perf/tests/shell/trace_btf_enum.sh | 8 +-
tools/perf/util/bpf-event.c | 10 +-
.../util/bpf_skel/augmented_raw_syscalls.bpf.c | 11 +-
tools/perf/util/env.c | 13 +-
tools/perf/util/env.h | 4 +-
tools/perf/util/expr.c | 5 +-
tools/perf/util/header.c | 8 +-
tools/perf/util/machine.c | 2 +-
tools/perf/util/maps.c | 7 +-
tools/perf/util/namespaces.c | 7 +-
tools/perf/util/namespaces.h | 3 +-
.../cpupower/utils/idle_monitor/mperf_monitor.c | 15 +-
tools/power/x86/turbostat/turbostat.8 | 25 ++
tools/power/x86/turbostat/turbostat.c | 163 +++++++++-
tools/testing/ktest/ktest.pl | 7 +-
tools/testing/selftests/bpf/Makefile | 4 +-
.../testing/selftests/bpf/prog_tests/btf_distill.c | 4 +-
.../selftests/bpf/prog_tests/fill_link_info.c | 4 +
tools/testing/selftests/bpf/prog_tests/tailcalls.c | 124 ++++++-
tools/testing/selftests/bpf/progs/tc_bpf2bpf.c | 5 +-
.../selftests/bpf/progs/test_fill_link_info.c | 13 +-
tools/testing/selftests/bpf/test_tc_tunnel.sh | 1 +
tools/testing/selftests/bpf/xdp_hw_metadata.c | 2 +-
.../drivers/net/netdevsim/udp_tunnel_nic.sh | 16 +-
.../ftrace/test.d/00basic/mount_options.tc | 8 +-
tools/testing/selftests/kselftest/ktap_helpers.sh | 2 +-
tools/testing/selftests/kselftest_harness.h | 24 +-
tools/testing/selftests/landlock/Makefile | 4 +-
tools/testing/selftests/landlock/fs_test.c | 3 +-
tools/testing/selftests/net/lib/Makefile | 2 +-
tools/testing/selftests/net/mptcp/Makefile | 2 +-
tools/testing/selftests/net/openvswitch/Makefile | 2 +-
.../selftests/powerpc/benchmarks/gettimeofday.c | 2 +-
tools/testing/selftests/rseq/rseq.c | 32 +-
tools/testing/selftests/rseq/rseq.h | 9 +-
.../testing/selftests/timers/clocksource-switch.c | 6 +-
674 files changed, 6346 insertions(+), 3444 deletions(-)
4 months, 1 week
- 8
- 7
[PATCH 6.1.y] net: dsa: fix netdev_priv() dereference before check on non-DSA netdevice events
by jetlan9@163.com
From: Vladimir Oltean <vladimir.oltean(a)nxp.com>
After the blamed commit, we started doing this dereference for every
NETDEV_CHANGEUPPER and NETDEV_PRECHANGEUPPER event in the system.
static inline struct dsa_port *dsa_user_to_port(const struct net_device *dev)
{
struct dsa_user_priv *p = netdev_priv(dev);
return p->dp;
}
Which is obviously bogus, because not all net_devices have a netdev_priv()
of type struct dsa_user_priv. But struct dsa_user_priv is fairly small,
and p->dp means dereferencing 8 bytes starting with offset 16. Most
drivers allocate that much private memory anyway, making our access not
fault, and we discard the bogus data quickly afterwards, so this wasn't
caught.
But the dummy interface is somewhat special in that it calls
alloc_netdev() with a priv size of 0. So every netdev_priv() dereference
is invalid, and we get this when we emit a NETDEV_PRECHANGEUPPER event
with a VLAN as its new upper:
$ ip link add dummy1 type dummy
$ ip link add link dummy1 name dummy1.100 type vlan id 100
[ 43.309174] ==================================================================
[ 43.316456] BUG: KASAN: slab-out-of-bounds in dsa_user_prechangeupper+0x30/0xe8
[ 43.323835] Read of size 8 at addr ffff3f86481d2990 by task ip/374
[ 43.330058]
[ 43.342436] Call trace:
[ 43.366542] dsa_user_prechangeupper+0x30/0xe8
[ 43.371024] dsa_user_netdevice_event+0xb38/0xee8
[ 43.375768] notifier_call_chain+0xa4/0x210
[ 43.379985] raw_notifier_call_chain+0x24/0x38
[ 43.384464] __netdev_upper_dev_link+0x3ec/0x5d8
[ 43.389120] netdev_upper_dev_link+0x70/0xa8
[ 43.393424] register_vlan_dev+0x1bc/0x310
[ 43.397554] vlan_newlink+0x210/0x248
[ 43.401247] rtnl_newlink+0x9fc/0xe30
[ 43.404942] rtnetlink_rcv_msg+0x378/0x580
Avoid the kernel oops by dereferencing after the type check, as customary.
Fixes: 4c3f80d22b2e ("net: dsa: walk through all changeupper notifier functions")
Reported-and-tested-by: syzbot+d81bcd883824180500c8(a)syzkaller.appspotmail.com
Closes: https://lore.kernel.org/netdev/0000000000001d4255060e87545c@google.com/
Signed-off-by: Vladimir Oltean <vladimir.oltean(a)nxp.com>
Reviewed-by: Florian Fainelli <florian.fainelli(a)broadcom.com>
Reviewed-by: Eric Dumazet <edumazet(a)google.com>
Link: https://lore.kernel.org/r/20240110003354.2796778-1-vladimir.oltean@nxp.com
Signed-off-by: Jakub Kicinski <kuba(a)kernel.org>
Signed-off-by: Wenshan Lan <jetlan9(a)163.com>
---
net/dsa/slave.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/net/dsa/slave.c b/net/dsa/slave.c
index 5fe075bf479e..caeb7e75b287 100644
--- a/net/dsa/slave.c
+++ b/net/dsa/slave.c
@@ -2592,13 +2592,14 @@ EXPORT_SYMBOL_GPL(dsa_slave_dev_check);
static int dsa_slave_changeupper(struct net_device *dev,
struct netdev_notifier_changeupper_info *info)
{
- struct dsa_port *dp = dsa_slave_to_port(dev);
struct netlink_ext_ack *extack;
int err = NOTIFY_DONE;
+ struct dsa_port *dp;
if (!dsa_slave_dev_check(dev))
return err;
+ dp = dsa_slave_to_port(dev);
extack = netdev_notifier_info_to_extack(&info->info);
if (netif_is_bridge_master(info->upper_dev)) {
@@ -2652,11 +2653,13 @@ static int dsa_slave_changeupper(struct net_device *dev,
static int dsa_slave_prechangeupper(struct net_device *dev,
struct netdev_notifier_changeupper_info *info)
{
- struct dsa_port *dp = dsa_slave_to_port(dev);
+ struct dsa_port *dp;
if (!dsa_slave_dev_check(dev))
return NOTIFY_DONE;
+ dp = dsa_slave_to_port(dev);
+
if (netif_is_bridge_master(info->upper_dev) && !info->linking)
dsa_port_pre_bridge_leave(dp, info->upper_dev);
else if (netif_is_lag_master(info->upper_dev) && !info->linking)
--
2.43.0
4 months, 1 week
- 3
- 2
+ mm-damon-avoid-applying-damos-action-to-same-entity-multiple-times.patch added to mm-unstable branch
by Andrew Morton
The patch titled
Subject: mm/damon: avoid applying DAMOS action to same entity multiple times
has been added to the -mm mm-unstable branch. Its filename is
mm-damon-avoid-applying-damos-action-to-same-entity-multiple-times.patch
This patch will shortly appear at
https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche…
This patch will later appear in the mm-unstable branch at
git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
Before you just go and hit "reply", please:
a) Consider who else should be cc'ed
b) Prefer to cc a suitable mailing list as well
c) Ideally: find the original patch on the mailing list and do a
reply-to-all to that, adding suitable additional cc's
*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***
The -mm tree is included into linux-next via the mm-everything
branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
and is updated there every 2-3 working days
------------------------------------------------------
From: SeongJae Park <sj(a)kernel.org>
Subject: mm/damon: avoid applying DAMOS action to same entity multiple times
Date: Fri, 7 Feb 2025 13:20:33 -0800
'paddr' DAMON operations set can apply a DAMOS scheme's action to a large
folio multiple times in single DAMOS-regions-walk if the folio is laid on
multiple DAMON regions. Add a field for DAMOS scheme object that can be
used by the underlying ops to know what was the last entity that the
scheme's action has applied. The core layer unsets the field when each
DAMOS-regions-walk is done for the given scheme. And update 'paddr' ops
to use the infrastructure to avoid the problem.
Link: https://lkml.kernel.org/r/20250207212033.45269-3-sj@kernel.org
Fixes: 57223ac29584 ("mm/damon/paddr: support the pageout scheme")
Signed-off-by: SeongJae Park <sj(a)kernel.org>
Reported-by: Usama Arif <usamaarif642(a)gmail.com>
Closes: https://lore.kernel.org/20250203225604.44742-3-usamaarif642@gmail.com
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org>
---
include/linux/damon.h | 11 +++++++++++
mm/damon/core.c | 1 +
mm/damon/paddr.c | 39 +++++++++++++++++++++++++++------------
3 files changed, 39 insertions(+), 12 deletions(-)
--- a/include/linux/damon.h~mm-damon-avoid-applying-damos-action-to-same-entity-multiple-times
+++ a/include/linux/damon.h
@@ -432,6 +432,7 @@ struct damos_access_pattern {
* @wmarks: Watermarks for automated (in)activation of this scheme.
* @target_nid: Destination node if @action is "migrate_{hot,cold}".
* @filters: Additional set of &struct damos_filter for &action.
+ * @last_applied: Last @action applied ops-managing entity.
* @stat: Statistics of this scheme.
* @list: List head for siblings.
*
@@ -454,6 +455,15 @@ struct damos_access_pattern {
* implementation could check pages of the region and skip &action to respect
* &filters
*
+ * The minimum entity that @action can be applied depends on the underlying
+ * &struct damon_operations. Since it may not be aligned with the core layer
+ * abstract, namely &struct damon_region, &struct damon_operations could apply
+ * @action to same entity multiple times. Large folios that underlying on
+ * multiple &struct damon region objects could be such examples. The &struct
+ * damon_operations can use @last_applied to avoid that. DAMOS core logic
+ * unsets @last_applied when each regions walking for applying the scheme is
+ * finished.
+ *
* After applying the &action to each region, &stat_count and &stat_sz is
* updated to reflect the number of regions and total size of regions that the
* &action is applied.
@@ -477,6 +487,7 @@ struct damos {
int target_nid;
};
struct list_head filters;
+ void *last_applied;
struct damos_stat stat;
struct list_head list;
};
--- a/mm/damon/core.c~mm-damon-avoid-applying-damos-action-to-same-entity-multiple-times
+++ a/mm/damon/core.c
@@ -1851,6 +1851,7 @@ static void kdamond_apply_schemes(struct
s->next_apply_sis = c->passed_sample_intervals +
(s->apply_interval_us ? s->apply_interval_us :
c->attrs.aggr_interval) / sample_interval;
+ s->last_applied = NULL;
}
}
--- a/mm/damon/paddr.c~mm-damon-avoid-applying-damos-action-to-same-entity-multiple-times
+++ a/mm/damon/paddr.c
@@ -243,6 +243,17 @@ static bool damos_pa_filter_out(struct d
return false;
}
+static bool damon_pa_invalid_damos_folio(struct folio *folio, struct damos *s)
+{
+ if (!folio)
+ return true;
+ if (folio == s->last_applied) {
+ folio_put(folio);
+ return true;
+ }
+ return false;
+}
+
static unsigned long damon_pa_pageout(struct damon_region *r, struct damos *s,
unsigned long *sz_filter_passed)
{
@@ -250,6 +261,7 @@ static unsigned long damon_pa_pageout(st
LIST_HEAD(folio_list);
bool install_young_filter = true;
struct damos_filter *filter;
+ struct folio *folio;
/* check access in page level again by default */
damos_for_each_filter(filter, s) {
@@ -268,9 +280,8 @@ static unsigned long damon_pa_pageout(st
addr = r->ar.start;
while (addr < r->ar.end) {
- struct folio *folio = damon_get_folio(PHYS_PFN(addr));
-
- if (!folio) {
+ folio = damon_get_folio(PHYS_PFN(addr));
+ if (damon_pa_invalid_damos_folio(folio, s)) {
addr += PAGE_SIZE;
continue;
}
@@ -296,6 +307,7 @@ put_folio:
damos_destroy_filter(filter);
applied = reclaim_pages(&folio_list);
cond_resched();
+ s->last_applied = folio;
return applied * PAGE_SIZE;
}
@@ -304,12 +316,12 @@ static inline unsigned long damon_pa_mar
unsigned long *sz_filter_passed)
{
unsigned long addr, applied = 0;
+ struct folio *folio;
addr = r->ar.start;
while (addr < r->ar.end) {
- struct folio *folio = damon_get_folio(PHYS_PFN(addr));
-
- if (!folio) {
+ folio = damon_get_folio(PHYS_PFN(addr));
+ if (damon_pa_invalid_damos_folio(folio, s)) {
addr += PAGE_SIZE;
continue;
}
@@ -328,6 +340,7 @@ put_folio:
addr += folio_size(folio);
folio_put(folio);
}
+ s->last_applied = folio;
return applied * PAGE_SIZE;
}
@@ -471,12 +484,12 @@ static unsigned long damon_pa_migrate(st
{
unsigned long addr, applied;
LIST_HEAD(folio_list);
+ struct folio *folio;
addr = r->ar.start;
while (addr < r->ar.end) {
- struct folio *folio = damon_get_folio(PHYS_PFN(addr));
-
- if (!folio) {
+ folio = damon_get_folio(PHYS_PFN(addr));
+ if (damon_pa_invalid_damos_folio(folio, s)) {
addr += PAGE_SIZE;
continue;
}
@@ -495,6 +508,7 @@ put_folio:
}
applied = damon_pa_migrate_pages(&folio_list, s->target_nid);
cond_resched();
+ s->last_applied = folio;
return applied * PAGE_SIZE;
}
@@ -512,15 +526,15 @@ static unsigned long damon_pa_stat(struc
{
unsigned long addr;
LIST_HEAD(folio_list);
+ struct folio *folio;
if (!damon_pa_scheme_has_filter(s))
return 0;
addr = r->ar.start;
while (addr < r->ar.end) {
- struct folio *folio = damon_get_folio(PHYS_PFN(addr));
-
- if (!folio) {
+ folio = damon_get_folio(PHYS_PFN(addr));
+ if (damon_pa_invalid_damos_folio(folio, s)) {
addr += PAGE_SIZE;
continue;
}
@@ -530,6 +544,7 @@ static unsigned long damon_pa_stat(struc
addr += folio_size(folio);
folio_put(folio);
}
+ s->last_applied = folio;
return 0;
}
_
Patches currently in -mm which might be from sj(a)kernel.org are
mm-madvise-split-out-mmap-locking-operations-for-madvise.patch
mm-madvise-split-out-madvise-input-validity-check.patch
mm-madvise-split-out-madvise-behavior-execution.patch
mm-madvise-remove-redundant-mmap_lock-operations-from-process_madvise.patch
mm-damon-avoid-applying-damos-action-to-same-entity-multiple-times.patch
4 months, 1 week
- 1
- 0
+ mm-damon-ops-have-damon_get_folio-return-folio-even-for-tail-pages.patch added to mm-unstable branch
by Andrew Morton
The patch titled
Subject: mm/damon/ops: have damon_get_folio return folio even for tail pages
has been added to the -mm mm-unstable branch. Its filename is
mm-damon-ops-have-damon_get_folio-return-folio-even-for-tail-pages.patch
This patch will shortly appear at
https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche…
This patch will later appear in the mm-unstable branch at
git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
Before you just go and hit "reply", please:
a) Consider who else should be cc'ed
b) Prefer to cc a suitable mailing list as well
c) Ideally: find the original patch on the mailing list and do a
reply-to-all to that, adding suitable additional cc's
*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***
The -mm tree is included into linux-next via the mm-everything
branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
and is updated there every 2-3 working days
------------------------------------------------------
From: Usama Arif <usamaarif642(a)gmail.com>
Subject: mm/damon/ops: have damon_get_folio return folio even for tail pages
Date: Fri, 7 Feb 2025 13:20:32 -0800
Patch series "mm/damon/paddr: fix large folios access and schemes handling".
DAMON operations set for physical address space, namely 'paddr', treats
tail pages as unaccessed always. It can also apply DAMOS action to a
large folio multiple times within single DAMOS' regions walking. As a
result, the monitoring output has poor quality and DAMOS works in
unexpected ways when large folios are being used. Fix those.
The patches were parts of Usama's hugepage_size DAMOS filter patch
series[1]. The first fix has collected from there with a slight commit
message change for the subject prefix. The second fix is re-written by SJ
and posted as an RFC before this series. The second one also got a slight
commit message change for the subject prefix.
[1] https://lore.kernel.org/20250203225604.44742-1-usamaarif642@gmail.com
[2] https://lore.kernel.org/20250206231103.38298-1-sj@kernel.org
This patch (of 2):
This effectively adds support for large folios in damon for paddr, as
damon_pa_mkold/young won't get a null folio from this function and won't
ignore it, hence access will be checked and reported. This also means
that larger folios will be considered for different DAMOS actions like
pageout, prioritization and migration. As these DAMOS actions will
consider larger folios, iterate through the region at folio_size and not
PAGE_SIZE intervals. This should not have an affect on vaddr, as
damon_young_pmd_entry considers pmd entries.
Link: https://lkml.kernel.org/r/20250207212033.45269-1-sj@kernel.org
Link: https://lkml.kernel.org/r/20250207212033.45269-2-sj@kernel.org
Fixes: a28397beb55b ("mm/damon: implement primitives for physical address space monitoring")
Signed-off-by: Usama Arif <usamaarif642(a)gmail.com>
Signed-off-by: SeongJae Park <sj(a)kernel.org>
Reviewed-by: SeongJae Park <sj(a)kernel.org>
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org>
---
mm/damon/ops-common.c | 2 +-
mm/damon/paddr.c | 24 ++++++++++++++++++------
2 files changed, 19 insertions(+), 7 deletions(-)
--- a/mm/damon/ops-common.c~mm-damon-ops-have-damon_get_folio-return-folio-even-for-tail-pages
+++ a/mm/damon/ops-common.c
@@ -24,7 +24,7 @@ struct folio *damon_get_folio(unsigned l
struct page *page = pfn_to_online_page(pfn);
struct folio *folio;
- if (!page || PageTail(page))
+ if (!page)
return NULL;
folio = page_folio(page);
--- a/mm/damon/paddr.c~mm-damon-ops-have-damon_get_folio-return-folio-even-for-tail-pages
+++ a/mm/damon/paddr.c
@@ -266,11 +266,14 @@ static unsigned long damon_pa_pageout(st
damos_add_filter(s, filter);
}
- for (addr = r->ar.start; addr < r->ar.end; addr += PAGE_SIZE) {
+ addr = r->ar.start;
+ while (addr < r->ar.end) {
struct folio *folio = damon_get_folio(PHYS_PFN(addr));
- if (!folio)
+ if (!folio) {
+ addr += PAGE_SIZE;
continue;
+ }
if (damos_pa_filter_out(s, folio))
goto put_folio;
@@ -286,6 +289,7 @@ static unsigned long damon_pa_pageout(st
else
list_add(&folio->lru, &folio_list);
put_folio:
+ addr += folio_size(folio);
folio_put(folio);
}
if (install_young_filter)
@@ -301,11 +305,14 @@ static inline unsigned long damon_pa_mar
{
unsigned long addr, applied = 0;
- for (addr = r->ar.start; addr < r->ar.end; addr += PAGE_SIZE) {
+ addr = r->ar.start;
+ while (addr < r->ar.end) {
struct folio *folio = damon_get_folio(PHYS_PFN(addr));
- if (!folio)
+ if (!folio) {
+ addr += PAGE_SIZE;
continue;
+ }
if (damos_pa_filter_out(s, folio))
goto put_folio;
@@ -318,6 +325,7 @@ static inline unsigned long damon_pa_mar
folio_deactivate(folio);
applied += folio_nr_pages(folio);
put_folio:
+ addr += folio_size(folio);
folio_put(folio);
}
return applied * PAGE_SIZE;
@@ -464,11 +472,14 @@ static unsigned long damon_pa_migrate(st
unsigned long addr, applied;
LIST_HEAD(folio_list);
- for (addr = r->ar.start; addr < r->ar.end; addr += PAGE_SIZE) {
+ addr = r->ar.start;
+ while (addr < r->ar.end) {
struct folio *folio = damon_get_folio(PHYS_PFN(addr));
- if (!folio)
+ if (!folio) {
+ addr += PAGE_SIZE;
continue;
+ }
if (damos_pa_filter_out(s, folio))
goto put_folio;
@@ -479,6 +490,7 @@ static unsigned long damon_pa_migrate(st
goto put_folio;
list_add(&folio->lru, &folio_list);
put_folio:
+ addr += folio_size(folio);
folio_put(folio);
}
applied = damon_pa_migrate_pages(&folio_list, s->target_nid);
_
Patches currently in -mm which might be from usamaarif642(a)gmail.com are
mm-damon-ops-have-damon_get_folio-return-folio-even-for-tail-pages.patch
4 months, 1 week
- 1
- 0
[PATCH v3 0/2] rust: lockdep: Fix soundness issue affecting LockClassKeys
by Mitchell Levy
This series is aimed at fixing a soundness issue with how dynamically
allocated LockClassKeys are handled. Currently, LockClassKeys can be
used without being Pin'd, which can break lockdep since it relies on
address stability. Similarly, these keys are not automatically
(de)registered with lockdep.
At the suggestion of Alice Ryhl, this series includes a patch for
-stable kernels that disables dynamically allocated keys. This prevents
backported patches from using the unsound implementation.
Currently, this series requires that all dynamically allocated
LockClassKeys have a lifetime of 'static (i.e., they must be leaked
after allocation). This is because Lock does not currently keep a
reference to the LockClassKey, instead passing it to C via FFI. This
causes a problem because the rust compiler would allow creating a
'static Lock with a 'a LockClassKey (with 'a < 'static) while C would
expect the LockClassKey to live as long as the lock. This problem
represents an avenue for future work.
---
Changes in v3:
- Rebased on rust-next
- Fixed clippy/compiler warninings (Thanks Boqun Feng)
- Link to v2: https://lore.kernel.org/r/20241219-rust-lockdep-v2-0-f65308fbc5ca@gmail.com
Changes in v2:
- Dropped formatting change that's already fixed upstream (Thanks Dirk
Behme).
- Moved safety comment to the right point in the patch series (Thanks
Dirk Behme and Boqun Feng).
- Added an example of dynamic LockClassKey usage (Thanks Boqun Feng).
- Link to v1: https://lore.kernel.org/r/20241004-rust-lockdep-v1-0-e9a5c45721fc@gmail.com
Changes from RFC:
- Split into two commits so that dynamically allocated LockClassKeys are
removed from stable kernels. (Thanks Alice Ryhl)
- Extract calls to C lockdep functions into helpers so things build
properly when LOCKDEP=n. (Thanks Benno Lossin)
- Remove extraneous `get_ref()` calls. (Thanks Benno Lossin)
- Provide better documentation for `new_dynamic()`. (Thanks Benno
Lossin)
- Ran rustfmt to fix formatting and some extraneous changes. (Thanks
Alice Ryhl and Benno Lossin)
- Link to RFC: https://lore.kernel.org/r/20240905-rust-lockdep-v1-1-d2c9c21aa8b2@gmail.com
---
Mitchell Levy (2):
rust: lockdep: Remove support for dynamically allocated LockClassKeys
rust: lockdep: Use Pin for all LockClassKey usages
rust/helpers/helpers.c | 1 +
rust/helpers/sync.c | 13 +++++++++
rust/kernel/sync.rs | 63 ++++++++++++++++++++++++++++++++++-------
rust/kernel/sync/condvar.rs | 5 ++--
rust/kernel/sync/lock.rs | 9 ++----
rust/kernel/sync/lock/global.rs | 5 ++--
rust/kernel/sync/poll.rs | 2 +-
rust/kernel/workqueue.rs | 2 +-
8 files changed, 77 insertions(+), 23 deletions(-)
---
base-commit: ceff0757f5dafb5be5205988171809c877b1d3e3
change-id: 20240905-rust-lockdep-d3e30521c8ba
Best regards,
--
Mitchell Levy <levymitchell0(a)gmail.com>
4 months, 1 week
- 3
- 4
[PATCH v4 3/5] arm64: errata: Add KRYO 2XX/3XX/4XX silver cores to Spectre BHB safe list
by Douglas Anderson
Qualcomm has confirmed that, much like Cortex A53 and A55, KRYO
2XX/3XX/4XX silver cores are unaffected by Spectre BHB. Add them to
the safe list.
Fixes: 558c303c9734 ("arm64: Mitigate spectre style branch history side channels")
Cc: stable(a)vger.kernel.org
Cc: Scott Bauer <sbauer(a)quicinc.com>
Signed-off-by: Douglas Anderson <dianders(a)chromium.org>
---
Changes in v4:
- Re-added KRYO 2XX/3XX/4XX silver patch after Qualcomm confirmed.
Changes in v3:
- Removed KRYO 2XX/3XX/4XX silver patch.
Changes in v2:
- New
arch/arm64/kernel/proton-pack.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/arch/arm64/kernel/proton-pack.c b/arch/arm64/kernel/proton-pack.c
index 17aa836fe46d..89405be53d8f 100644
--- a/arch/arm64/kernel/proton-pack.c
+++ b/arch/arm64/kernel/proton-pack.c
@@ -854,6 +854,9 @@ static bool is_spectre_bhb_safe(int scope)
MIDR_ALL_VERSIONS(MIDR_CORTEX_A510),
MIDR_ALL_VERSIONS(MIDR_CORTEX_A520),
MIDR_ALL_VERSIONS(MIDR_BRAHMA_B53),
+ MIDR_ALL_VERSIONS(MIDR_QCOM_KRYO_2XX_SILVER),
+ MIDR_ALL_VERSIONS(MIDR_QCOM_KRYO_3XX_SILVER),
+ MIDR_ALL_VERSIONS(MIDR_QCOM_KRYO_4XX_SILVER),
{},
};
static bool all_safe = true;
--
2.47.1.613.gc27f4b7a9f-goog
4 months, 1 week
- 2
- 1
[PATCH v4 1/5] arm64: errata: Add QCOM_KRYO_4XX_GOLD to the spectre_bhb_k24_list
by Douglas Anderson
Qualcomm Kryo 400-series Gold cores have a derivative of an ARM Cortex
A76 in them. Since A76 needs Spectre mitigation via looping then the
Kyro 400-series Gold cores also need Spectre mitigation via looping.
Qualcomm has confirmed that the proper "k" value for Kryo 400-series
Gold cores is 24.
Fixes: 558c303c9734 ("arm64: Mitigate spectre style branch history side channels")
Cc: stable(a)vger.kernel.org
Cc: Scott Bauer <sbauer(a)quicinc.com>
Signed-off-by: Douglas Anderson <dianders(a)chromium.org>
---
Changes in v4:
- Re-added QCOM_KRYO_4XX_GOLD k24 patch after Qualcomm confirmed.
Changes in v3:
- Removed QCOM_KRYO_4XX_GOLD k24 patch.
Changes in v2:
- Slight change to wording and notes of KRYO_4XX_GOLD patch
arch/arm64/kernel/proton-pack.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/arm64/kernel/proton-pack.c b/arch/arm64/kernel/proton-pack.c
index da53722f95d4..e149efadff20 100644
--- a/arch/arm64/kernel/proton-pack.c
+++ b/arch/arm64/kernel/proton-pack.c
@@ -866,6 +866,7 @@ u8 spectre_bhb_loop_affected(int scope)
MIDR_ALL_VERSIONS(MIDR_CORTEX_A76),
MIDR_ALL_VERSIONS(MIDR_CORTEX_A77),
MIDR_ALL_VERSIONS(MIDR_NEOVERSE_N1),
+ MIDR_ALL_VERSIONS(MIDR_QCOM_KRYO_4XX_GOLD),
{},
};
static const struct midr_range spectre_bhb_k11_list[] = {
--
2.47.1.613.gc27f4b7a9f-goog
4 months, 1 week
- 2
- 1
[PATCH 6.6 00/24] xfs backports for 6.6.y (from 6.12)
by Catherine Hoang
Hello,
This series contains backports for 6.6 from the 6.12 release. This patchset
has gone through xfs testing and review.
Andrew Kreimer (1):
xfs: fix a typo
Brian Foster (2):
xfs: skip background cowblock trims on inodes open for write
xfs: don't free cowblocks from under dirty pagecache on unshare
Chi Zhiling (1):
xfs: Reduce unnecessary searches when searching for the best extents
Christoph Hellwig (15):
xfs: assert a valid limit in xfs_rtfind_forw
xfs: merge xfs_attr_leaf_try_add into xfs_attr_leaf_addname
xfs: return bool from xfs_attr3_leaf_add
xfs: distinguish extra split from real ENOSPC from
xfs_attr3_leaf_split
xfs: distinguish extra split from real ENOSPC from
xfs_attr_node_try_addname
xfs: fold xfs_bmap_alloc_userdata into xfs_bmapi_allocate
xfs: don't ifdef around the exact minlen allocations
xfs: call xfs_bmap_exact_minlen_extent_alloc from xfs_bmap_btalloc
xfs: support lowmode allocations in xfs_bmap_exact_minlen_extent_alloc
xfs: pass the exact range to initialize to xfs_initialize_perag
xfs: update the file system geometry after recoverying superblock
buffers
xfs: error out when a superblock buffer update reduces the agcount
xfs: don't use __GFP_RETRY_MAYFAIL in xfs_initialize_perag
xfs: update the pag for the last AG at recovery time
xfs: streamline xfs_filestream_pick_ag
Darrick J. Wong (2):
xfs: validate inumber in xfs_iget
xfs: fix a sloppy memory handling bug in xfs_iroot_realloc
Ojaswin Mujoo (1):
xfs: Check for delayed allocations before setting extsize
Uros Bizjak (1):
xfs: Use try_cmpxchg() in xlog_cil_insert_pcp_aggregate()
Zhang Zekun (1):
xfs: Remove empty declartion in header file
fs/xfs/libxfs/xfs_ag.c | 47 ++++----
fs/xfs/libxfs/xfs_ag.h | 6 +-
fs/xfs/libxfs/xfs_alloc.c | 9 +-
fs/xfs/libxfs/xfs_alloc.h | 4 +-
fs/xfs/libxfs/xfs_attr.c | 190 ++++++++++++++-------------------
fs/xfs/libxfs/xfs_attr_leaf.c | 40 +++----
fs/xfs/libxfs/xfs_attr_leaf.h | 2 +-
fs/xfs/libxfs/xfs_bmap.c | 140 ++++++++----------------
fs/xfs/libxfs/xfs_da_btree.c | 5 +-
fs/xfs/libxfs/xfs_inode_fork.c | 10 +-
fs/xfs/libxfs/xfs_rtbitmap.c | 2 +
fs/xfs/xfs_buf_item_recover.c | 70 ++++++++++++
fs/xfs/xfs_filestream.c | 96 ++++++++---------
fs/xfs/xfs_fsops.c | 18 ++--
fs/xfs/xfs_icache.c | 39 ++++---
fs/xfs/xfs_inode.c | 2 +-
fs/xfs/xfs_inode.h | 5 +
fs/xfs/xfs_ioctl.c | 4 +-
fs/xfs/xfs_log.h | 1 -
fs/xfs/xfs_log_cil.c | 11 +-
fs/xfs/xfs_log_recover.c | 9 +-
fs/xfs/xfs_mount.c | 4 +-
fs/xfs/xfs_reflink.c | 3 +
fs/xfs/xfs_reflink.h | 19 ++++
24 files changed, 375 insertions(+), 361 deletions(-)
--
2.39.3
4 months, 1 week
- 2
- 25
[PATCH 5.4 5.10 5.15 0/3] nilfs2: protect busy buffer heads from being force-cleared
by Ryusuke Konishi
Please apply this series to the stable trees indicated by the subject
prefix.
This series makes it possible to backport the latter two patches
(fixing some syzbot issues and a use-after-free issue) that could not
be backported as-is.
To achieve this, one dependent patch (patch 1/3) is included, and each
patch is tailored to avoid extensive page/folio conversion. Both
adjustments are specific to nilfs2 and do not include tree-wide
changes.
It has also been tested against the latest versions of each tree.
Thanks,
Ryusuke Konishi
Ryusuke Konishi (3):
nilfs2: do not output warnings when clearing dirty buffers
nilfs2: do not force clear folio if buffer is referenced
nilfs2: protect access to buffers with no active references
fs/nilfs2/inode.c | 4 ++--
fs/nilfs2/mdt.c | 6 ++---
fs/nilfs2/page.c | 55 ++++++++++++++++++++++++++-------------------
fs/nilfs2/page.h | 4 ++--
fs/nilfs2/segment.c | 4 +++-
5 files changed, 42 insertions(+), 31 deletions(-)
--
2.43.5
4 months, 1 week
- 2
- 4
[PATCH 5.10 1/2] Revert "btrfs: avoid monopolizing a core when activating a swap file"
by Koichiro Den
This reverts commit a1c3a19446a440c68e80e9c34c5f308ff58aac88.
The backport for linux-5.10.y, commit a1c3a19446a4 ("btrfs: avoid
monopolizing a core when activating a swap file"), inserted
cond_resched() in the wrong location.
Revert it now; a subsequent commit will re-backport the original patch.
Fixes: a1c3a19446a4 ("btrfs: avoid monopolizing a core when activating a swap file") # linux-5.10.y
Signed-off-by: Koichiro Den <koichiro.den(a)canonical.com>
---
fs/btrfs/inode.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c
index 560c4f2a1833..45c1732a9677 100644
--- a/fs/btrfs/inode.c
+++ b/fs/btrfs/inode.c
@@ -7127,8 +7127,6 @@ noinline int can_nocow_extent(struct inode *inode, u64 offset, u64 *len,
ret = -EAGAIN;
goto out;
}
-
- cond_resched();
}
btrfs_release_path(path);
--
2.45.2
4 months, 1 week
- 2
- 2
[PATCH 5.4 1/2] Revert "btrfs: avoid monopolizing a core when activating a swap file"
by Koichiro Den
This reverts commit 3d770d44dd5c6316913b003790998404636ec2a8.
The backport for linux-5.4.y, commit 3d770d44dd5c ("btrfs: avoid
monopolizing a core when activating a swap file"), inserted
cond_resched() in the wrong location.
Revert it now; a subsequent commit will re-backport the original patch.
Fixes: 3d770d44dd5c ("btrfs: avoid monopolizing a core when activating a swap file") # linux-5.4.y
Signed-off-by: Koichiro Den <koichiro.den(a)canonical.com>
---
fs/btrfs/inode.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c
index d9a581f46f13..cd72409ccc94 100644
--- a/fs/btrfs/inode.c
+++ b/fs/btrfs/inode.c
@@ -7679,8 +7679,6 @@ noinline int can_nocow_extent(struct inode *inode, u64 offset, u64 *len,
ret = -EAGAIN;
goto out;
}
-
- cond_resched();
}
btrfs_release_path(path);
--
2.45.2
4 months, 1 week
- 2
- 2
FAILED: patch "[PATCH] pps: Fix a use-after-free" failed to apply to 6.1-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.1-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y
git checkout FETCH_HEAD
git cherry-pick -x c79a39dc8d060b9e64e8b0fa9d245d44befeefbe
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025020420-subtly-blaming-0ded@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From c79a39dc8d060b9e64e8b0fa9d245d44befeefbe Mon Sep 17 00:00:00 2001
From: Calvin Owens <calvin(a)wbinvd.org>
Date: Mon, 11 Nov 2024 20:13:29 -0800
Subject: [PATCH] pps: Fix a use-after-free
On a board running ntpd and gpsd, I'm seeing a consistent use-after-free
in sys_exit() from gpsd when rebooting:
pps pps1: removed
------------[ cut here ]------------
kobject: '(null)' (00000000db4bec24): is not initialized, yet kobject_put() is being called.
WARNING: CPU: 2 PID: 440 at lib/kobject.c:734 kobject_put+0x120/0x150
CPU: 2 UID: 299 PID: 440 Comm: gpsd Not tainted 6.11.0-rc6-00308-gb31c44928842 #1
Hardware name: Raspberry Pi 4 Model B Rev 1.1 (DT)
pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : kobject_put+0x120/0x150
lr : kobject_put+0x120/0x150
sp : ffffffc0803d3ae0
x29: ffffffc0803d3ae0 x28: ffffff8042dc9738 x27: 0000000000000001
x26: 0000000000000000 x25: ffffff8042dc9040 x24: ffffff8042dc9440
x23: ffffff80402a4620 x22: ffffff8042ef4bd0 x21: ffffff80405cb600
x20: 000000000008001b x19: ffffff8040b3b6e0 x18: 0000000000000000
x17: 0000000000000000 x16: 0000000000000000 x15: 696e6920746f6e20
x14: 7369203a29343263 x13: 205d303434542020 x12: 0000000000000000
x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000
x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000000
x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000000
Call trace:
kobject_put+0x120/0x150
cdev_put+0x20/0x3c
__fput+0x2c4/0x2d8
____fput+0x1c/0x38
task_work_run+0x70/0xfc
do_exit+0x2a0/0x924
do_group_exit+0x34/0x90
get_signal+0x7fc/0x8c0
do_signal+0x128/0x13b4
do_notify_resume+0xdc/0x160
el0_svc+0xd4/0xf8
el0t_64_sync_handler+0x140/0x14c
el0t_64_sync+0x190/0x194
---[ end trace 0000000000000000 ]---
...followed by more symptoms of corruption, with similar stacks:
refcount_t: underflow; use-after-free.
kernel BUG at lib/list_debug.c:62!
Kernel panic - not syncing: Oops - BUG: Fatal exception
This happens because pps_device_destruct() frees the pps_device with the
embedded cdev immediately after calling cdev_del(), but, as the comment
above cdev_del() notes, fops for previously opened cdevs are still
callable even after cdev_del() returns. I think this bug has always
been there: I can't explain why it suddenly started happening every time
I reboot this particular board.
In commit d953e0e837e6 ("pps: Fix a use-after free bug when
unregistering a source."), George Spelvin suggested removing the
embedded cdev. That seems like the simplest way to fix this, so I've
implemented his suggestion, using __register_chrdev() with pps_idr
becoming the source of truth for which minor corresponds to which
device.
But now that pps_idr defines userspace visibility instead of cdev_add(),
we need to be sure the pps->dev refcount can't reach zero while
userspace can still find it again. So, the idr_remove() call moves to
pps_unregister_cdev(), and pps_idr now holds a reference to pps->dev.
pps_core: source serial1 got cdev (251:1)
<...>
pps pps1: removed
pps_core: unregistering pps1
pps_core: deallocating pps1
Fixes: d953e0e837e6 ("pps: Fix a use-after free bug when unregistering a source.")
Cc: stable(a)vger.kernel.org
Signed-off-by: Calvin Owens <calvin(a)wbinvd.org>
Reviewed-by: Michal Schmidt <mschmidt(a)redhat.com>
Link: https://lore.kernel.org/r/a17975fd5ae99385791929e563f72564edbcf28f.17313837…
Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
diff --git a/drivers/pps/clients/pps-gpio.c b/drivers/pps/clients/pps-gpio.c
index 634c3b2f8c26..f77b19884f05 100644
--- a/drivers/pps/clients/pps-gpio.c
+++ b/drivers/pps/clients/pps-gpio.c
@@ -214,8 +214,8 @@ static int pps_gpio_probe(struct platform_device *pdev)
return -EINVAL;
}
- dev_info(data->pps->dev, "Registered IRQ %d as PPS source\n",
- data->irq);
+ dev_dbg(&data->pps->dev, "Registered IRQ %d as PPS source\n",
+ data->irq);
return 0;
}
diff --git a/drivers/pps/clients/pps-ktimer.c b/drivers/pps/clients/pps-ktimer.c
index d33106bd7a29..2f465549b843 100644
--- a/drivers/pps/clients/pps-ktimer.c
+++ b/drivers/pps/clients/pps-ktimer.c
@@ -56,7 +56,7 @@ static struct pps_source_info pps_ktimer_info = {
static void __exit pps_ktimer_exit(void)
{
- dev_info(pps->dev, "ktimer PPS source unregistered\n");
+ dev_dbg(&pps->dev, "ktimer PPS source unregistered\n");
del_timer_sync(&ktimer);
pps_unregister_source(pps);
@@ -74,7 +74,7 @@ static int __init pps_ktimer_init(void)
timer_setup(&ktimer, pps_ktimer_event, 0);
mod_timer(&ktimer, jiffies + HZ);
- dev_info(pps->dev, "ktimer PPS source registered\n");
+ dev_dbg(&pps->dev, "ktimer PPS source registered\n");
return 0;
}
diff --git a/drivers/pps/clients/pps-ldisc.c b/drivers/pps/clients/pps-ldisc.c
index 443d6bae19d1..fa5660f3c4b7 100644
--- a/drivers/pps/clients/pps-ldisc.c
+++ b/drivers/pps/clients/pps-ldisc.c
@@ -32,7 +32,7 @@ static void pps_tty_dcd_change(struct tty_struct *tty, bool active)
pps_event(pps, &ts, active ? PPS_CAPTUREASSERT :
PPS_CAPTURECLEAR, NULL);
- dev_dbg(pps->dev, "PPS %s at %lu\n",
+ dev_dbg(&pps->dev, "PPS %s at %lu\n",
active ? "assert" : "clear", jiffies);
}
@@ -69,7 +69,7 @@ static int pps_tty_open(struct tty_struct *tty)
goto err_unregister;
}
- dev_info(pps->dev, "source \"%s\" added\n", info.path);
+ dev_dbg(&pps->dev, "source \"%s\" added\n", info.path);
return 0;
@@ -89,7 +89,7 @@ static void pps_tty_close(struct tty_struct *tty)
if (WARN_ON(!pps))
return;
- dev_info(pps->dev, "removed\n");
+ dev_info(&pps->dev, "removed\n");
pps_unregister_source(pps);
}
diff --git a/drivers/pps/clients/pps_parport.c b/drivers/pps/clients/pps_parport.c
index abaffb4e1c1c..24db06750297 100644
--- a/drivers/pps/clients/pps_parport.c
+++ b/drivers/pps/clients/pps_parport.c
@@ -81,7 +81,7 @@ static void parport_irq(void *handle)
/* check the signal (no signal means the pulse is lost this time) */
if (!signal_is_set(port)) {
local_irq_restore(flags);
- dev_err(dev->pps->dev, "lost the signal\n");
+ dev_err(&dev->pps->dev, "lost the signal\n");
goto out_assert;
}
@@ -98,7 +98,7 @@ static void parport_irq(void *handle)
/* timeout */
dev->cw_err++;
if (dev->cw_err >= CLEAR_WAIT_MAX_ERRORS) {
- dev_err(dev->pps->dev, "disabled clear edge capture after %d"
+ dev_err(&dev->pps->dev, "disabled clear edge capture after %d"
" timeouts\n", dev->cw_err);
dev->cw = 0;
dev->cw_err = 0;
diff --git a/drivers/pps/kapi.c b/drivers/pps/kapi.c
index d9d566f70ed1..92d1b62ea239 100644
--- a/drivers/pps/kapi.c
+++ b/drivers/pps/kapi.c
@@ -41,7 +41,7 @@ static void pps_add_offset(struct pps_ktime *ts, struct pps_ktime *offset)
static void pps_echo_client_default(struct pps_device *pps, int event,
void *data)
{
- dev_info(pps->dev, "echo %s %s\n",
+ dev_info(&pps->dev, "echo %s %s\n",
event & PPS_CAPTUREASSERT ? "assert" : "",
event & PPS_CAPTURECLEAR ? "clear" : "");
}
@@ -112,7 +112,7 @@ struct pps_device *pps_register_source(struct pps_source_info *info,
goto kfree_pps;
}
- dev_info(pps->dev, "new PPS source %s\n", info->name);
+ dev_dbg(&pps->dev, "new PPS source %s\n", info->name);
return pps;
@@ -166,7 +166,7 @@ void pps_event(struct pps_device *pps, struct pps_event_time *ts, int event,
/* check event type */
BUG_ON((event & (PPS_CAPTUREASSERT | PPS_CAPTURECLEAR)) == 0);
- dev_dbg(pps->dev, "PPS event at %lld.%09ld\n",
+ dev_dbg(&pps->dev, "PPS event at %lld.%09ld\n",
(s64)ts->ts_real.tv_sec, ts->ts_real.tv_nsec);
timespec_to_pps_ktime(&ts_real, ts->ts_real);
@@ -188,7 +188,7 @@ void pps_event(struct pps_device *pps, struct pps_event_time *ts, int event,
/* Save the time stamp */
pps->assert_tu = ts_real;
pps->assert_sequence++;
- dev_dbg(pps->dev, "capture assert seq #%u\n",
+ dev_dbg(&pps->dev, "capture assert seq #%u\n",
pps->assert_sequence);
captured = ~0;
@@ -202,7 +202,7 @@ void pps_event(struct pps_device *pps, struct pps_event_time *ts, int event,
/* Save the time stamp */
pps->clear_tu = ts_real;
pps->clear_sequence++;
- dev_dbg(pps->dev, "capture clear seq #%u\n",
+ dev_dbg(&pps->dev, "capture clear seq #%u\n",
pps->clear_sequence);
captured = ~0;
diff --git a/drivers/pps/kc.c b/drivers/pps/kc.c
index 50dc59af45be..fbd23295afd7 100644
--- a/drivers/pps/kc.c
+++ b/drivers/pps/kc.c
@@ -43,11 +43,11 @@ int pps_kc_bind(struct pps_device *pps, struct pps_bind_args *bind_args)
pps_kc_hardpps_mode = 0;
pps_kc_hardpps_dev = NULL;
spin_unlock_irq(&pps_kc_hardpps_lock);
- dev_info(pps->dev, "unbound kernel"
+ dev_info(&pps->dev, "unbound kernel"
" consumer\n");
} else {
spin_unlock_irq(&pps_kc_hardpps_lock);
- dev_err(pps->dev, "selected kernel consumer"
+ dev_err(&pps->dev, "selected kernel consumer"
" is not bound\n");
return -EINVAL;
}
@@ -57,11 +57,11 @@ int pps_kc_bind(struct pps_device *pps, struct pps_bind_args *bind_args)
pps_kc_hardpps_mode = bind_args->edge;
pps_kc_hardpps_dev = pps;
spin_unlock_irq(&pps_kc_hardpps_lock);
- dev_info(pps->dev, "bound kernel consumer: "
+ dev_info(&pps->dev, "bound kernel consumer: "
"edge=0x%x\n", bind_args->edge);
} else {
spin_unlock_irq(&pps_kc_hardpps_lock);
- dev_err(pps->dev, "another kernel consumer"
+ dev_err(&pps->dev, "another kernel consumer"
" is already bound\n");
return -EINVAL;
}
@@ -83,7 +83,7 @@ void pps_kc_remove(struct pps_device *pps)
pps_kc_hardpps_mode = 0;
pps_kc_hardpps_dev = NULL;
spin_unlock_irq(&pps_kc_hardpps_lock);
- dev_info(pps->dev, "unbound kernel consumer"
+ dev_info(&pps->dev, "unbound kernel consumer"
" on device removal\n");
} else
spin_unlock_irq(&pps_kc_hardpps_lock);
diff --git a/drivers/pps/pps.c b/drivers/pps/pps.c
index 25d47907db17..6a02245ea35f 100644
--- a/drivers/pps/pps.c
+++ b/drivers/pps/pps.c
@@ -25,7 +25,7 @@
* Local variables
*/
-static dev_t pps_devt;
+static int pps_major;
static struct class *pps_class;
static DEFINE_MUTEX(pps_idr_lock);
@@ -62,7 +62,7 @@ static int pps_cdev_pps_fetch(struct pps_device *pps, struct pps_fdata *fdata)
else {
unsigned long ticks;
- dev_dbg(pps->dev, "timeout %lld.%09d\n",
+ dev_dbg(&pps->dev, "timeout %lld.%09d\n",
(long long) fdata->timeout.sec,
fdata->timeout.nsec);
ticks = fdata->timeout.sec * HZ;
@@ -80,7 +80,7 @@ static int pps_cdev_pps_fetch(struct pps_device *pps, struct pps_fdata *fdata)
/* Check for pending signals */
if (err == -ERESTARTSYS) {
- dev_dbg(pps->dev, "pending signal caught\n");
+ dev_dbg(&pps->dev, "pending signal caught\n");
return -EINTR;
}
@@ -98,7 +98,7 @@ static long pps_cdev_ioctl(struct file *file,
switch (cmd) {
case PPS_GETPARAMS:
- dev_dbg(pps->dev, "PPS_GETPARAMS\n");
+ dev_dbg(&pps->dev, "PPS_GETPARAMS\n");
spin_lock_irq(&pps->lock);
@@ -114,7 +114,7 @@ static long pps_cdev_ioctl(struct file *file,
break;
case PPS_SETPARAMS:
- dev_dbg(pps->dev, "PPS_SETPARAMS\n");
+ dev_dbg(&pps->dev, "PPS_SETPARAMS\n");
/* Check the capabilities */
if (!capable(CAP_SYS_TIME))
@@ -124,14 +124,14 @@ static long pps_cdev_ioctl(struct file *file,
if (err)
return -EFAULT;
if (!(params.mode & (PPS_CAPTUREASSERT | PPS_CAPTURECLEAR))) {
- dev_dbg(pps->dev, "capture mode unspecified (%x)\n",
+ dev_dbg(&pps->dev, "capture mode unspecified (%x)\n",
params.mode);
return -EINVAL;
}
/* Check for supported capabilities */
if ((params.mode & ~pps->info.mode) != 0) {
- dev_dbg(pps->dev, "unsupported capabilities (%x)\n",
+ dev_dbg(&pps->dev, "unsupported capabilities (%x)\n",
params.mode);
return -EINVAL;
}
@@ -144,7 +144,7 @@ static long pps_cdev_ioctl(struct file *file,
/* Restore the read only parameters */
if ((params.mode & (PPS_TSFMT_TSPEC | PPS_TSFMT_NTPFP)) == 0) {
/* section 3.3 of RFC 2783 interpreted */
- dev_dbg(pps->dev, "time format unspecified (%x)\n",
+ dev_dbg(&pps->dev, "time format unspecified (%x)\n",
params.mode);
pps->params.mode |= PPS_TSFMT_TSPEC;
}
@@ -165,7 +165,7 @@ static long pps_cdev_ioctl(struct file *file,
break;
case PPS_GETCAP:
- dev_dbg(pps->dev, "PPS_GETCAP\n");
+ dev_dbg(&pps->dev, "PPS_GETCAP\n");
err = put_user(pps->info.mode, iuarg);
if (err)
@@ -176,7 +176,7 @@ static long pps_cdev_ioctl(struct file *file,
case PPS_FETCH: {
struct pps_fdata fdata;
- dev_dbg(pps->dev, "PPS_FETCH\n");
+ dev_dbg(&pps->dev, "PPS_FETCH\n");
err = copy_from_user(&fdata, uarg, sizeof(struct pps_fdata));
if (err)
@@ -206,7 +206,7 @@ static long pps_cdev_ioctl(struct file *file,
case PPS_KC_BIND: {
struct pps_bind_args bind_args;
- dev_dbg(pps->dev, "PPS_KC_BIND\n");
+ dev_dbg(&pps->dev, "PPS_KC_BIND\n");
/* Check the capabilities */
if (!capable(CAP_SYS_TIME))
@@ -218,7 +218,7 @@ static long pps_cdev_ioctl(struct file *file,
/* Check for supported capabilities */
if ((bind_args.edge & ~pps->info.mode) != 0) {
- dev_err(pps->dev, "unsupported capabilities (%x)\n",
+ dev_err(&pps->dev, "unsupported capabilities (%x)\n",
bind_args.edge);
return -EINVAL;
}
@@ -227,7 +227,7 @@ static long pps_cdev_ioctl(struct file *file,
if (bind_args.tsformat != PPS_TSFMT_TSPEC ||
(bind_args.edge & ~PPS_CAPTUREBOTH) != 0 ||
bind_args.consumer != PPS_KC_HARDPPS) {
- dev_err(pps->dev, "invalid kernel consumer bind"
+ dev_err(&pps->dev, "invalid kernel consumer bind"
" parameters (%x)\n", bind_args.edge);
return -EINVAL;
}
@@ -259,7 +259,7 @@ static long pps_cdev_compat_ioctl(struct file *file,
struct pps_fdata fdata;
int err;
- dev_dbg(pps->dev, "PPS_FETCH\n");
+ dev_dbg(&pps->dev, "PPS_FETCH\n");
err = copy_from_user(&compat, uarg, sizeof(struct pps_fdata_compat));
if (err)
@@ -296,20 +296,36 @@ static long pps_cdev_compat_ioctl(struct file *file,
#define pps_cdev_compat_ioctl NULL
#endif
+static struct pps_device *pps_idr_get(unsigned long id)
+{
+ struct pps_device *pps;
+
+ mutex_lock(&pps_idr_lock);
+ pps = idr_find(&pps_idr, id);
+ if (pps)
+ get_device(&pps->dev);
+
+ mutex_unlock(&pps_idr_lock);
+ return pps;
+}
+
static int pps_cdev_open(struct inode *inode, struct file *file)
{
- struct pps_device *pps = container_of(inode->i_cdev,
- struct pps_device, cdev);
+ struct pps_device *pps = pps_idr_get(iminor(inode));
+
+ if (!pps)
+ return -ENODEV;
+
file->private_data = pps;
- kobject_get(&pps->dev->kobj);
return 0;
}
static int pps_cdev_release(struct inode *inode, struct file *file)
{
- struct pps_device *pps = container_of(inode->i_cdev,
- struct pps_device, cdev);
- kobject_put(&pps->dev->kobj);
+ struct pps_device *pps = file->private_data;
+
+ WARN_ON(pps->id != iminor(inode));
+ put_device(&pps->dev);
return 0;
}
@@ -331,22 +347,13 @@ static void pps_device_destruct(struct device *dev)
{
struct pps_device *pps = dev_get_drvdata(dev);
- cdev_del(&pps->cdev);
-
- /* Now we can release the ID for re-use */
pr_debug("deallocating pps%d\n", pps->id);
- mutex_lock(&pps_idr_lock);
- idr_remove(&pps_idr, pps->id);
- mutex_unlock(&pps_idr_lock);
-
- kfree(dev);
kfree(pps);
}
int pps_register_cdev(struct pps_device *pps)
{
int err;
- dev_t devt;
mutex_lock(&pps_idr_lock);
/*
@@ -363,40 +370,29 @@ int pps_register_cdev(struct pps_device *pps)
goto out_unlock;
}
pps->id = err;
- mutex_unlock(&pps_idr_lock);
- devt = MKDEV(MAJOR(pps_devt), pps->id);
-
- cdev_init(&pps->cdev, &pps_cdev_fops);
- pps->cdev.owner = pps->info.owner;
-
- err = cdev_add(&pps->cdev, devt, 1);
- if (err) {
- pr_err("%s: failed to add char device %d:%d\n",
- pps->info.name, MAJOR(pps_devt), pps->id);
+ pps->dev.class = pps_class;
+ pps->dev.parent = pps->info.dev;
+ pps->dev.devt = MKDEV(pps_major, pps->id);
+ dev_set_drvdata(&pps->dev, pps);
+ dev_set_name(&pps->dev, "pps%d", pps->id);
+ err = device_register(&pps->dev);
+ if (err)
goto free_idr;
- }
- pps->dev = device_create(pps_class, pps->info.dev, devt, pps,
- "pps%d", pps->id);
- if (IS_ERR(pps->dev)) {
- err = PTR_ERR(pps->dev);
- goto del_cdev;
- }
/* Override the release function with our own */
- pps->dev->release = pps_device_destruct;
+ pps->dev.release = pps_device_destruct;
- pr_debug("source %s got cdev (%d:%d)\n", pps->info.name,
- MAJOR(pps_devt), pps->id);
+ pr_debug("source %s got cdev (%d:%d)\n", pps->info.name, pps_major,
+ pps->id);
+ get_device(&pps->dev);
+ mutex_unlock(&pps_idr_lock);
return 0;
-del_cdev:
- cdev_del(&pps->cdev);
-
free_idr:
- mutex_lock(&pps_idr_lock);
idr_remove(&pps_idr, pps->id);
+ put_device(&pps->dev);
out_unlock:
mutex_unlock(&pps_idr_lock);
return err;
@@ -406,7 +402,13 @@ void pps_unregister_cdev(struct pps_device *pps)
{
pr_debug("unregistering pps%d\n", pps->id);
pps->lookup_cookie = NULL;
- device_destroy(pps_class, pps->dev->devt);
+ device_destroy(pps_class, pps->dev.devt);
+
+ /* Now we can release the ID for re-use */
+ mutex_lock(&pps_idr_lock);
+ idr_remove(&pps_idr, pps->id);
+ put_device(&pps->dev);
+ mutex_unlock(&pps_idr_lock);
}
/*
@@ -426,6 +428,11 @@ void pps_unregister_cdev(struct pps_device *pps)
* so that it will not be used again, even if the pps device cannot
* be removed from the idr due to pending references holding the minor
* number in use.
+ *
+ * Since pps_idr holds a reference to the device, the returned
+ * pps_device is guaranteed to be valid until pps_unregister_cdev() is
+ * called on it. But after calling pps_unregister_cdev(), it may be
+ * freed at any time.
*/
struct pps_device *pps_lookup_dev(void const *cookie)
{
@@ -448,13 +455,11 @@ EXPORT_SYMBOL(pps_lookup_dev);
static void __exit pps_exit(void)
{
class_destroy(pps_class);
- unregister_chrdev_region(pps_devt, PPS_MAX_SOURCES);
+ __unregister_chrdev(pps_major, 0, PPS_MAX_SOURCES, "pps");
}
static int __init pps_init(void)
{
- int err;
-
pps_class = class_create("pps");
if (IS_ERR(pps_class)) {
pr_err("failed to allocate class\n");
@@ -462,8 +467,9 @@ static int __init pps_init(void)
}
pps_class->dev_groups = pps_groups;
- err = alloc_chrdev_region(&pps_devt, 0, PPS_MAX_SOURCES, "pps");
- if (err < 0) {
+ pps_major = __register_chrdev(0, 0, PPS_MAX_SOURCES, "pps",
+ &pps_cdev_fops);
+ if (pps_major < 0) {
pr_err("failed to allocate char device region\n");
goto remove_class;
}
@@ -476,8 +482,7 @@ static int __init pps_init(void)
remove_class:
class_destroy(pps_class);
-
- return err;
+ return pps_major;
}
subsys_initcall(pps_init);
diff --git a/drivers/ptp/ptp_ocp.c b/drivers/ptp/ptp_ocp.c
index 5feecaadde8e..120db96d9e95 100644
--- a/drivers/ptp/ptp_ocp.c
+++ b/drivers/ptp/ptp_ocp.c
@@ -4420,7 +4420,7 @@ ptp_ocp_complete(struct ptp_ocp *bp)
pps = pps_lookup_dev(bp->ptp);
if (pps)
- ptp_ocp_symlink(bp, pps->dev, "pps");
+ ptp_ocp_symlink(bp, &pps->dev, "pps");
ptp_ocp_debugfs_add_device(bp);
diff --git a/include/linux/pps_kernel.h b/include/linux/pps_kernel.h
index 78c8ac4951b5..c7abce28ed29 100644
--- a/include/linux/pps_kernel.h
+++ b/include/linux/pps_kernel.h
@@ -56,8 +56,7 @@ struct pps_device {
unsigned int id; /* PPS source unique ID */
void const *lookup_cookie; /* For pps_lookup_dev() only */
- struct cdev cdev;
- struct device *dev;
+ struct device dev;
struct fasync_struct *async_queue; /* fasync method */
spinlock_t lock;
};
4 months, 1 week
- 3
- 2
FAILED: patch "[PATCH] pps: Fix a use-after-free" failed to apply to 5.4-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 5.4-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y
git checkout FETCH_HEAD
git cherry-pick -x c79a39dc8d060b9e64e8b0fa9d245d44befeefbe
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025020424-bloated-undecided-1814@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From c79a39dc8d060b9e64e8b0fa9d245d44befeefbe Mon Sep 17 00:00:00 2001
From: Calvin Owens <calvin(a)wbinvd.org>
Date: Mon, 11 Nov 2024 20:13:29 -0800
Subject: [PATCH] pps: Fix a use-after-free
On a board running ntpd and gpsd, I'm seeing a consistent use-after-free
in sys_exit() from gpsd when rebooting:
pps pps1: removed
------------[ cut here ]------------
kobject: '(null)' (00000000db4bec24): is not initialized, yet kobject_put() is being called.
WARNING: CPU: 2 PID: 440 at lib/kobject.c:734 kobject_put+0x120/0x150
CPU: 2 UID: 299 PID: 440 Comm: gpsd Not tainted 6.11.0-rc6-00308-gb31c44928842 #1
Hardware name: Raspberry Pi 4 Model B Rev 1.1 (DT)
pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : kobject_put+0x120/0x150
lr : kobject_put+0x120/0x150
sp : ffffffc0803d3ae0
x29: ffffffc0803d3ae0 x28: ffffff8042dc9738 x27: 0000000000000001
x26: 0000000000000000 x25: ffffff8042dc9040 x24: ffffff8042dc9440
x23: ffffff80402a4620 x22: ffffff8042ef4bd0 x21: ffffff80405cb600
x20: 000000000008001b x19: ffffff8040b3b6e0 x18: 0000000000000000
x17: 0000000000000000 x16: 0000000000000000 x15: 696e6920746f6e20
x14: 7369203a29343263 x13: 205d303434542020 x12: 0000000000000000
x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000
x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000000
x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000000
Call trace:
kobject_put+0x120/0x150
cdev_put+0x20/0x3c
__fput+0x2c4/0x2d8
____fput+0x1c/0x38
task_work_run+0x70/0xfc
do_exit+0x2a0/0x924
do_group_exit+0x34/0x90
get_signal+0x7fc/0x8c0
do_signal+0x128/0x13b4
do_notify_resume+0xdc/0x160
el0_svc+0xd4/0xf8
el0t_64_sync_handler+0x140/0x14c
el0t_64_sync+0x190/0x194
---[ end trace 0000000000000000 ]---
...followed by more symptoms of corruption, with similar stacks:
refcount_t: underflow; use-after-free.
kernel BUG at lib/list_debug.c:62!
Kernel panic - not syncing: Oops - BUG: Fatal exception
This happens because pps_device_destruct() frees the pps_device with the
embedded cdev immediately after calling cdev_del(), but, as the comment
above cdev_del() notes, fops for previously opened cdevs are still
callable even after cdev_del() returns. I think this bug has always
been there: I can't explain why it suddenly started happening every time
I reboot this particular board.
In commit d953e0e837e6 ("pps: Fix a use-after free bug when
unregistering a source."), George Spelvin suggested removing the
embedded cdev. That seems like the simplest way to fix this, so I've
implemented his suggestion, using __register_chrdev() with pps_idr
becoming the source of truth for which minor corresponds to which
device.
But now that pps_idr defines userspace visibility instead of cdev_add(),
we need to be sure the pps->dev refcount can't reach zero while
userspace can still find it again. So, the idr_remove() call moves to
pps_unregister_cdev(), and pps_idr now holds a reference to pps->dev.
pps_core: source serial1 got cdev (251:1)
<...>
pps pps1: removed
pps_core: unregistering pps1
pps_core: deallocating pps1
Fixes: d953e0e837e6 ("pps: Fix a use-after free bug when unregistering a source.")
Cc: stable(a)vger.kernel.org
Signed-off-by: Calvin Owens <calvin(a)wbinvd.org>
Reviewed-by: Michal Schmidt <mschmidt(a)redhat.com>
Link: https://lore.kernel.org/r/a17975fd5ae99385791929e563f72564edbcf28f.17313837…
Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
diff --git a/drivers/pps/clients/pps-gpio.c b/drivers/pps/clients/pps-gpio.c
index 634c3b2f8c26..f77b19884f05 100644
--- a/drivers/pps/clients/pps-gpio.c
+++ b/drivers/pps/clients/pps-gpio.c
@@ -214,8 +214,8 @@ static int pps_gpio_probe(struct platform_device *pdev)
return -EINVAL;
}
- dev_info(data->pps->dev, "Registered IRQ %d as PPS source\n",
- data->irq);
+ dev_dbg(&data->pps->dev, "Registered IRQ %d as PPS source\n",
+ data->irq);
return 0;
}
diff --git a/drivers/pps/clients/pps-ktimer.c b/drivers/pps/clients/pps-ktimer.c
index d33106bd7a29..2f465549b843 100644
--- a/drivers/pps/clients/pps-ktimer.c
+++ b/drivers/pps/clients/pps-ktimer.c
@@ -56,7 +56,7 @@ static struct pps_source_info pps_ktimer_info = {
static void __exit pps_ktimer_exit(void)
{
- dev_info(pps->dev, "ktimer PPS source unregistered\n");
+ dev_dbg(&pps->dev, "ktimer PPS source unregistered\n");
del_timer_sync(&ktimer);
pps_unregister_source(pps);
@@ -74,7 +74,7 @@ static int __init pps_ktimer_init(void)
timer_setup(&ktimer, pps_ktimer_event, 0);
mod_timer(&ktimer, jiffies + HZ);
- dev_info(pps->dev, "ktimer PPS source registered\n");
+ dev_dbg(&pps->dev, "ktimer PPS source registered\n");
return 0;
}
diff --git a/drivers/pps/clients/pps-ldisc.c b/drivers/pps/clients/pps-ldisc.c
index 443d6bae19d1..fa5660f3c4b7 100644
--- a/drivers/pps/clients/pps-ldisc.c
+++ b/drivers/pps/clients/pps-ldisc.c
@@ -32,7 +32,7 @@ static void pps_tty_dcd_change(struct tty_struct *tty, bool active)
pps_event(pps, &ts, active ? PPS_CAPTUREASSERT :
PPS_CAPTURECLEAR, NULL);
- dev_dbg(pps->dev, "PPS %s at %lu\n",
+ dev_dbg(&pps->dev, "PPS %s at %lu\n",
active ? "assert" : "clear", jiffies);
}
@@ -69,7 +69,7 @@ static int pps_tty_open(struct tty_struct *tty)
goto err_unregister;
}
- dev_info(pps->dev, "source \"%s\" added\n", info.path);
+ dev_dbg(&pps->dev, "source \"%s\" added\n", info.path);
return 0;
@@ -89,7 +89,7 @@ static void pps_tty_close(struct tty_struct *tty)
if (WARN_ON(!pps))
return;
- dev_info(pps->dev, "removed\n");
+ dev_info(&pps->dev, "removed\n");
pps_unregister_source(pps);
}
diff --git a/drivers/pps/clients/pps_parport.c b/drivers/pps/clients/pps_parport.c
index abaffb4e1c1c..24db06750297 100644
--- a/drivers/pps/clients/pps_parport.c
+++ b/drivers/pps/clients/pps_parport.c
@@ -81,7 +81,7 @@ static void parport_irq(void *handle)
/* check the signal (no signal means the pulse is lost this time) */
if (!signal_is_set(port)) {
local_irq_restore(flags);
- dev_err(dev->pps->dev, "lost the signal\n");
+ dev_err(&dev->pps->dev, "lost the signal\n");
goto out_assert;
}
@@ -98,7 +98,7 @@ static void parport_irq(void *handle)
/* timeout */
dev->cw_err++;
if (dev->cw_err >= CLEAR_WAIT_MAX_ERRORS) {
- dev_err(dev->pps->dev, "disabled clear edge capture after %d"
+ dev_err(&dev->pps->dev, "disabled clear edge capture after %d"
" timeouts\n", dev->cw_err);
dev->cw = 0;
dev->cw_err = 0;
diff --git a/drivers/pps/kapi.c b/drivers/pps/kapi.c
index d9d566f70ed1..92d1b62ea239 100644
--- a/drivers/pps/kapi.c
+++ b/drivers/pps/kapi.c
@@ -41,7 +41,7 @@ static void pps_add_offset(struct pps_ktime *ts, struct pps_ktime *offset)
static void pps_echo_client_default(struct pps_device *pps, int event,
void *data)
{
- dev_info(pps->dev, "echo %s %s\n",
+ dev_info(&pps->dev, "echo %s %s\n",
event & PPS_CAPTUREASSERT ? "assert" : "",
event & PPS_CAPTURECLEAR ? "clear" : "");
}
@@ -112,7 +112,7 @@ struct pps_device *pps_register_source(struct pps_source_info *info,
goto kfree_pps;
}
- dev_info(pps->dev, "new PPS source %s\n", info->name);
+ dev_dbg(&pps->dev, "new PPS source %s\n", info->name);
return pps;
@@ -166,7 +166,7 @@ void pps_event(struct pps_device *pps, struct pps_event_time *ts, int event,
/* check event type */
BUG_ON((event & (PPS_CAPTUREASSERT | PPS_CAPTURECLEAR)) == 0);
- dev_dbg(pps->dev, "PPS event at %lld.%09ld\n",
+ dev_dbg(&pps->dev, "PPS event at %lld.%09ld\n",
(s64)ts->ts_real.tv_sec, ts->ts_real.tv_nsec);
timespec_to_pps_ktime(&ts_real, ts->ts_real);
@@ -188,7 +188,7 @@ void pps_event(struct pps_device *pps, struct pps_event_time *ts, int event,
/* Save the time stamp */
pps->assert_tu = ts_real;
pps->assert_sequence++;
- dev_dbg(pps->dev, "capture assert seq #%u\n",
+ dev_dbg(&pps->dev, "capture assert seq #%u\n",
pps->assert_sequence);
captured = ~0;
@@ -202,7 +202,7 @@ void pps_event(struct pps_device *pps, struct pps_event_time *ts, int event,
/* Save the time stamp */
pps->clear_tu = ts_real;
pps->clear_sequence++;
- dev_dbg(pps->dev, "capture clear seq #%u\n",
+ dev_dbg(&pps->dev, "capture clear seq #%u\n",
pps->clear_sequence);
captured = ~0;
diff --git a/drivers/pps/kc.c b/drivers/pps/kc.c
index 50dc59af45be..fbd23295afd7 100644
--- a/drivers/pps/kc.c
+++ b/drivers/pps/kc.c
@@ -43,11 +43,11 @@ int pps_kc_bind(struct pps_device *pps, struct pps_bind_args *bind_args)
pps_kc_hardpps_mode = 0;
pps_kc_hardpps_dev = NULL;
spin_unlock_irq(&pps_kc_hardpps_lock);
- dev_info(pps->dev, "unbound kernel"
+ dev_info(&pps->dev, "unbound kernel"
" consumer\n");
} else {
spin_unlock_irq(&pps_kc_hardpps_lock);
- dev_err(pps->dev, "selected kernel consumer"
+ dev_err(&pps->dev, "selected kernel consumer"
" is not bound\n");
return -EINVAL;
}
@@ -57,11 +57,11 @@ int pps_kc_bind(struct pps_device *pps, struct pps_bind_args *bind_args)
pps_kc_hardpps_mode = bind_args->edge;
pps_kc_hardpps_dev = pps;
spin_unlock_irq(&pps_kc_hardpps_lock);
- dev_info(pps->dev, "bound kernel consumer: "
+ dev_info(&pps->dev, "bound kernel consumer: "
"edge=0x%x\n", bind_args->edge);
} else {
spin_unlock_irq(&pps_kc_hardpps_lock);
- dev_err(pps->dev, "another kernel consumer"
+ dev_err(&pps->dev, "another kernel consumer"
" is already bound\n");
return -EINVAL;
}
@@ -83,7 +83,7 @@ void pps_kc_remove(struct pps_device *pps)
pps_kc_hardpps_mode = 0;
pps_kc_hardpps_dev = NULL;
spin_unlock_irq(&pps_kc_hardpps_lock);
- dev_info(pps->dev, "unbound kernel consumer"
+ dev_info(&pps->dev, "unbound kernel consumer"
" on device removal\n");
} else
spin_unlock_irq(&pps_kc_hardpps_lock);
diff --git a/drivers/pps/pps.c b/drivers/pps/pps.c
index 25d47907db17..6a02245ea35f 100644
--- a/drivers/pps/pps.c
+++ b/drivers/pps/pps.c
@@ -25,7 +25,7 @@
* Local variables
*/
-static dev_t pps_devt;
+static int pps_major;
static struct class *pps_class;
static DEFINE_MUTEX(pps_idr_lock);
@@ -62,7 +62,7 @@ static int pps_cdev_pps_fetch(struct pps_device *pps, struct pps_fdata *fdata)
else {
unsigned long ticks;
- dev_dbg(pps->dev, "timeout %lld.%09d\n",
+ dev_dbg(&pps->dev, "timeout %lld.%09d\n",
(long long) fdata->timeout.sec,
fdata->timeout.nsec);
ticks = fdata->timeout.sec * HZ;
@@ -80,7 +80,7 @@ static int pps_cdev_pps_fetch(struct pps_device *pps, struct pps_fdata *fdata)
/* Check for pending signals */
if (err == -ERESTARTSYS) {
- dev_dbg(pps->dev, "pending signal caught\n");
+ dev_dbg(&pps->dev, "pending signal caught\n");
return -EINTR;
}
@@ -98,7 +98,7 @@ static long pps_cdev_ioctl(struct file *file,
switch (cmd) {
case PPS_GETPARAMS:
- dev_dbg(pps->dev, "PPS_GETPARAMS\n");
+ dev_dbg(&pps->dev, "PPS_GETPARAMS\n");
spin_lock_irq(&pps->lock);
@@ -114,7 +114,7 @@ static long pps_cdev_ioctl(struct file *file,
break;
case PPS_SETPARAMS:
- dev_dbg(pps->dev, "PPS_SETPARAMS\n");
+ dev_dbg(&pps->dev, "PPS_SETPARAMS\n");
/* Check the capabilities */
if (!capable(CAP_SYS_TIME))
@@ -124,14 +124,14 @@ static long pps_cdev_ioctl(struct file *file,
if (err)
return -EFAULT;
if (!(params.mode & (PPS_CAPTUREASSERT | PPS_CAPTURECLEAR))) {
- dev_dbg(pps->dev, "capture mode unspecified (%x)\n",
+ dev_dbg(&pps->dev, "capture mode unspecified (%x)\n",
params.mode);
return -EINVAL;
}
/* Check for supported capabilities */
if ((params.mode & ~pps->info.mode) != 0) {
- dev_dbg(pps->dev, "unsupported capabilities (%x)\n",
+ dev_dbg(&pps->dev, "unsupported capabilities (%x)\n",
params.mode);
return -EINVAL;
}
@@ -144,7 +144,7 @@ static long pps_cdev_ioctl(struct file *file,
/* Restore the read only parameters */
if ((params.mode & (PPS_TSFMT_TSPEC | PPS_TSFMT_NTPFP)) == 0) {
/* section 3.3 of RFC 2783 interpreted */
- dev_dbg(pps->dev, "time format unspecified (%x)\n",
+ dev_dbg(&pps->dev, "time format unspecified (%x)\n",
params.mode);
pps->params.mode |= PPS_TSFMT_TSPEC;
}
@@ -165,7 +165,7 @@ static long pps_cdev_ioctl(struct file *file,
break;
case PPS_GETCAP:
- dev_dbg(pps->dev, "PPS_GETCAP\n");
+ dev_dbg(&pps->dev, "PPS_GETCAP\n");
err = put_user(pps->info.mode, iuarg);
if (err)
@@ -176,7 +176,7 @@ static long pps_cdev_ioctl(struct file *file,
case PPS_FETCH: {
struct pps_fdata fdata;
- dev_dbg(pps->dev, "PPS_FETCH\n");
+ dev_dbg(&pps->dev, "PPS_FETCH\n");
err = copy_from_user(&fdata, uarg, sizeof(struct pps_fdata));
if (err)
@@ -206,7 +206,7 @@ static long pps_cdev_ioctl(struct file *file,
case PPS_KC_BIND: {
struct pps_bind_args bind_args;
- dev_dbg(pps->dev, "PPS_KC_BIND\n");
+ dev_dbg(&pps->dev, "PPS_KC_BIND\n");
/* Check the capabilities */
if (!capable(CAP_SYS_TIME))
@@ -218,7 +218,7 @@ static long pps_cdev_ioctl(struct file *file,
/* Check for supported capabilities */
if ((bind_args.edge & ~pps->info.mode) != 0) {
- dev_err(pps->dev, "unsupported capabilities (%x)\n",
+ dev_err(&pps->dev, "unsupported capabilities (%x)\n",
bind_args.edge);
return -EINVAL;
}
@@ -227,7 +227,7 @@ static long pps_cdev_ioctl(struct file *file,
if (bind_args.tsformat != PPS_TSFMT_TSPEC ||
(bind_args.edge & ~PPS_CAPTUREBOTH) != 0 ||
bind_args.consumer != PPS_KC_HARDPPS) {
- dev_err(pps->dev, "invalid kernel consumer bind"
+ dev_err(&pps->dev, "invalid kernel consumer bind"
" parameters (%x)\n", bind_args.edge);
return -EINVAL;
}
@@ -259,7 +259,7 @@ static long pps_cdev_compat_ioctl(struct file *file,
struct pps_fdata fdata;
int err;
- dev_dbg(pps->dev, "PPS_FETCH\n");
+ dev_dbg(&pps->dev, "PPS_FETCH\n");
err = copy_from_user(&compat, uarg, sizeof(struct pps_fdata_compat));
if (err)
@@ -296,20 +296,36 @@ static long pps_cdev_compat_ioctl(struct file *file,
#define pps_cdev_compat_ioctl NULL
#endif
+static struct pps_device *pps_idr_get(unsigned long id)
+{
+ struct pps_device *pps;
+
+ mutex_lock(&pps_idr_lock);
+ pps = idr_find(&pps_idr, id);
+ if (pps)
+ get_device(&pps->dev);
+
+ mutex_unlock(&pps_idr_lock);
+ return pps;
+}
+
static int pps_cdev_open(struct inode *inode, struct file *file)
{
- struct pps_device *pps = container_of(inode->i_cdev,
- struct pps_device, cdev);
+ struct pps_device *pps = pps_idr_get(iminor(inode));
+
+ if (!pps)
+ return -ENODEV;
+
file->private_data = pps;
- kobject_get(&pps->dev->kobj);
return 0;
}
static int pps_cdev_release(struct inode *inode, struct file *file)
{
- struct pps_device *pps = container_of(inode->i_cdev,
- struct pps_device, cdev);
- kobject_put(&pps->dev->kobj);
+ struct pps_device *pps = file->private_data;
+
+ WARN_ON(pps->id != iminor(inode));
+ put_device(&pps->dev);
return 0;
}
@@ -331,22 +347,13 @@ static void pps_device_destruct(struct device *dev)
{
struct pps_device *pps = dev_get_drvdata(dev);
- cdev_del(&pps->cdev);
-
- /* Now we can release the ID for re-use */
pr_debug("deallocating pps%d\n", pps->id);
- mutex_lock(&pps_idr_lock);
- idr_remove(&pps_idr, pps->id);
- mutex_unlock(&pps_idr_lock);
-
- kfree(dev);
kfree(pps);
}
int pps_register_cdev(struct pps_device *pps)
{
int err;
- dev_t devt;
mutex_lock(&pps_idr_lock);
/*
@@ -363,40 +370,29 @@ int pps_register_cdev(struct pps_device *pps)
goto out_unlock;
}
pps->id = err;
- mutex_unlock(&pps_idr_lock);
- devt = MKDEV(MAJOR(pps_devt), pps->id);
-
- cdev_init(&pps->cdev, &pps_cdev_fops);
- pps->cdev.owner = pps->info.owner;
-
- err = cdev_add(&pps->cdev, devt, 1);
- if (err) {
- pr_err("%s: failed to add char device %d:%d\n",
- pps->info.name, MAJOR(pps_devt), pps->id);
+ pps->dev.class = pps_class;
+ pps->dev.parent = pps->info.dev;
+ pps->dev.devt = MKDEV(pps_major, pps->id);
+ dev_set_drvdata(&pps->dev, pps);
+ dev_set_name(&pps->dev, "pps%d", pps->id);
+ err = device_register(&pps->dev);
+ if (err)
goto free_idr;
- }
- pps->dev = device_create(pps_class, pps->info.dev, devt, pps,
- "pps%d", pps->id);
- if (IS_ERR(pps->dev)) {
- err = PTR_ERR(pps->dev);
- goto del_cdev;
- }
/* Override the release function with our own */
- pps->dev->release = pps_device_destruct;
+ pps->dev.release = pps_device_destruct;
- pr_debug("source %s got cdev (%d:%d)\n", pps->info.name,
- MAJOR(pps_devt), pps->id);
+ pr_debug("source %s got cdev (%d:%d)\n", pps->info.name, pps_major,
+ pps->id);
+ get_device(&pps->dev);
+ mutex_unlock(&pps_idr_lock);
return 0;
-del_cdev:
- cdev_del(&pps->cdev);
-
free_idr:
- mutex_lock(&pps_idr_lock);
idr_remove(&pps_idr, pps->id);
+ put_device(&pps->dev);
out_unlock:
mutex_unlock(&pps_idr_lock);
return err;
@@ -406,7 +402,13 @@ void pps_unregister_cdev(struct pps_device *pps)
{
pr_debug("unregistering pps%d\n", pps->id);
pps->lookup_cookie = NULL;
- device_destroy(pps_class, pps->dev->devt);
+ device_destroy(pps_class, pps->dev.devt);
+
+ /* Now we can release the ID for re-use */
+ mutex_lock(&pps_idr_lock);
+ idr_remove(&pps_idr, pps->id);
+ put_device(&pps->dev);
+ mutex_unlock(&pps_idr_lock);
}
/*
@@ -426,6 +428,11 @@ void pps_unregister_cdev(struct pps_device *pps)
* so that it will not be used again, even if the pps device cannot
* be removed from the idr due to pending references holding the minor
* number in use.
+ *
+ * Since pps_idr holds a reference to the device, the returned
+ * pps_device is guaranteed to be valid until pps_unregister_cdev() is
+ * called on it. But after calling pps_unregister_cdev(), it may be
+ * freed at any time.
*/
struct pps_device *pps_lookup_dev(void const *cookie)
{
@@ -448,13 +455,11 @@ EXPORT_SYMBOL(pps_lookup_dev);
static void __exit pps_exit(void)
{
class_destroy(pps_class);
- unregister_chrdev_region(pps_devt, PPS_MAX_SOURCES);
+ __unregister_chrdev(pps_major, 0, PPS_MAX_SOURCES, "pps");
}
static int __init pps_init(void)
{
- int err;
-
pps_class = class_create("pps");
if (IS_ERR(pps_class)) {
pr_err("failed to allocate class\n");
@@ -462,8 +467,9 @@ static int __init pps_init(void)
}
pps_class->dev_groups = pps_groups;
- err = alloc_chrdev_region(&pps_devt, 0, PPS_MAX_SOURCES, "pps");
- if (err < 0) {
+ pps_major = __register_chrdev(0, 0, PPS_MAX_SOURCES, "pps",
+ &pps_cdev_fops);
+ if (pps_major < 0) {
pr_err("failed to allocate char device region\n");
goto remove_class;
}
@@ -476,8 +482,7 @@ static int __init pps_init(void)
remove_class:
class_destroy(pps_class);
-
- return err;
+ return pps_major;
}
subsys_initcall(pps_init);
diff --git a/drivers/ptp/ptp_ocp.c b/drivers/ptp/ptp_ocp.c
index 5feecaadde8e..120db96d9e95 100644
--- a/drivers/ptp/ptp_ocp.c
+++ b/drivers/ptp/ptp_ocp.c
@@ -4420,7 +4420,7 @@ ptp_ocp_complete(struct ptp_ocp *bp)
pps = pps_lookup_dev(bp->ptp);
if (pps)
- ptp_ocp_symlink(bp, pps->dev, "pps");
+ ptp_ocp_symlink(bp, &pps->dev, "pps");
ptp_ocp_debugfs_add_device(bp);
diff --git a/include/linux/pps_kernel.h b/include/linux/pps_kernel.h
index 78c8ac4951b5..c7abce28ed29 100644
--- a/include/linux/pps_kernel.h
+++ b/include/linux/pps_kernel.h
@@ -56,8 +56,7 @@ struct pps_device {
unsigned int id; /* PPS source unique ID */
void const *lookup_cookie; /* For pps_lookup_dev() only */
- struct cdev cdev;
- struct device *dev;
+ struct device dev;
struct fasync_struct *async_queue; /* fasync method */
spinlock_t lock;
};
4 months, 1 week
- 3
- 2
[PATCH 6.6 1/2] Revert "btrfs: avoid monopolizing a core when activating a swap file"
by Koichiro Den
This reverts commit 6e1a8225930719a9f352d56320214e33e2dde0a6.
The backport for linux-6.6.y, commit 6e1a82259307 ("btrfs: avoid
monopolizing a core when activating a swap file"), inserted
cond_resched() in the wrong location.
Revert it now; a subsequent commit will re-backport the original patch.
Fixes: 6e1a82259307 ("btrfs: avoid monopolizing a core when activating a swap file") # linux-6.6.y
Signed-off-by: Koichiro Den <koichiro.den(a)canonical.com>
---
fs/btrfs/inode.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c
index eb9319d856f2..49c927e8a807 100644
--- a/fs/btrfs/inode.c
+++ b/fs/btrfs/inode.c
@@ -7153,8 +7153,6 @@ noinline int can_nocow_extent(struct inode *inode, u64 offset, u64 *len,
ret = -EAGAIN;
goto out;
}
-
- cond_resched();
}
if (orig_start)
--
2.45.2
4 months, 1 week
- 2
- 2
[PATCH 5.4~6.13] MIPS: ftrace: Declare ftrace_get_parent_ra_addr() as static
by WangYuli
commit ddd068d81445b17ac0bed084dfeb9e58b4df3ddd upstream.
Declare ftrace_get_parent_ra_addr() as static to suppress clang
compiler warning that 'no previous prototype'. This function is
not intended to be called from other parts.
Fix follow error with clang-19:
arch/mips/kernel/ftrace.c:251:15: error: no previous prototype for function 'ftrace_get_parent_ra_addr' [-Werror,-Wmissing-prototypes]
251 | unsigned long ftrace_get_parent_ra_addr(unsigned long self_ra, unsigned long
| ^
arch/mips/kernel/ftrace.c:251:1: note: declare 'static' if the function is not intended to be used outside of this translation unit
251 | unsigned long ftrace_get_parent_ra_addr(unsigned long self_ra, unsigned long
| ^
| static
1 error generated.
Signed-off-by: WangYuli <wangyuli(a)uniontech.com>
Acked-by: Masami Hiramatsu (Google) <mhiramat(a)kernel.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd(a)linaro.org>
Signed-off-by: Thomas Bogendoerfer <tsbogend(a)alpha.franken.de>
Signed-off-by: WangYuli <wangyuli(a)uniontech.com>
---
arch/mips/kernel/ftrace.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/mips/kernel/ftrace.c b/arch/mips/kernel/ftrace.c
index 8c401e42301c..f39e85fd58fa 100644
--- a/arch/mips/kernel/ftrace.c
+++ b/arch/mips/kernel/ftrace.c
@@ -248,7 +248,7 @@ int ftrace_disable_ftrace_graph_caller(void)
#define S_R_SP (0xafb0 << 16) /* s{d,w} R, offset(sp) */
#define OFFSET_MASK 0xffff /* stack offset range: 0 ~ PT_SIZE */
-unsigned long ftrace_get_parent_ra_addr(unsigned long self_ra, unsigned long
+static unsigned long ftrace_get_parent_ra_addr(unsigned long self_ra, unsigned long
old_parent_ra, unsigned long parent_ra_addr, unsigned long fp)
{
unsigned long sp, ip, tmp;
--
2.47.2
4 months, 1 week
- 2
- 1
[PATCH] Documentation/no_hz: Remove description that states boot CPU cannot be nohz_full
by Krishanth Jagaduri via B4 Relay
From: Oleg Nesterov <oleg(a)redhat.com>
[ Upstream commit 5097cbcb38e6e0d2627c9dde1985e91d2c9f880e ]
Documentation/timers/no_hz.rst states that the "nohz_full=" mask must not
include the boot CPU, which is no longer true after:
commit 08ae95f4fd3b ("nohz_full: Allow the boot CPU to be nohz_full").
Apply changes only to Documentation/timers/no_hz.rst in stable kernels.
Signed-off-by: Oleg Nesterov <oleg(a)redhat.com>
Cc: stable(a)vger.kernel.org # 5.4+
Signed-off-by: Krishanth Jagaduri <Krishanth.Jagaduri(a)sony.com>
---
Hi,
Before kernel 6.9, Documentation/timers/no_hz.rst states that
"nohz_full=" mask must not include the boot CPU, which is no longer
true after commit 08ae95f4fd3b ("nohz_full: Allow the boot CPU to be
nohz_full").
This was fixed upstream by commit 5097cbcb38e6 ("sched/isolation: Prevent
boot crash when the boot CPU is nohz_full").
While it fixes the document description, it also fixes issue introduced
by another commit aae17ebb53cd ("workqueue: Avoid using isolated cpus'
timers on queue_delayed_work").
It is unlikely that it will be backported to stable kernels which does
not contain the commit that introduced the issue.
Could Documentation/timers/no_hz.rst be fixed in stable kernels 5.4+?
---
Documentation/timers/no_hz.rst | 7 ++-----
1 file changed, 2 insertions(+), 5 deletions(-)
diff --git a/Documentation/timers/no_hz.rst b/Documentation/timers/no_hz.rst
index 065db217cb04fc252bbf6a05991296e7f1d3a4c5..16bda468423e88090c0dc467ca7a5c7f3fd2bf02 100644
--- a/Documentation/timers/no_hz.rst
+++ b/Documentation/timers/no_hz.rst
@@ -129,11 +129,8 @@ adaptive-tick CPUs: At least one non-adaptive-tick CPU must remain
online to handle timekeeping tasks in order to ensure that system
calls like gettimeofday() returns accurate values on adaptive-tick CPUs.
(This is not an issue for CONFIG_NO_HZ_IDLE=y because there are no running
-user processes to observe slight drifts in clock rate.) Therefore, the
-boot CPU is prohibited from entering adaptive-ticks mode. Specifying a
-"nohz_full=" mask that includes the boot CPU will result in a boot-time
-error message, and the boot CPU will be removed from the mask. Note that
-this means that your system must have at least two CPUs in order for
+user processes to observe slight drifts in clock rate.) Note that this
+means that your system must have at least two CPUs in order for
CONFIG_NO_HZ_FULL=y to do anything for you.
Finally, adaptive-ticks CPUs must have their RCU callbacks offloaded.
---
base-commit: 219d54332a09e8d8741c1e1982f5eae56099de85
change-id: 20250129-send-oss-20250129-3c42dcf463eb
Best regards,
--
Krishanth Jagaduri <Krishanth.Jagaduri(a)sony.com>
4 months, 1 week
- 4
- 3
FAILED: patch "[PATCH] pps: Fix a use-after-free" failed to apply to 5.10-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 5.10-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y
git checkout FETCH_HEAD
git cherry-pick -x c79a39dc8d060b9e64e8b0fa9d245d44befeefbe
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025020422-tragedy-splashing-50db@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From c79a39dc8d060b9e64e8b0fa9d245d44befeefbe Mon Sep 17 00:00:00 2001
From: Calvin Owens <calvin(a)wbinvd.org>
Date: Mon, 11 Nov 2024 20:13:29 -0800
Subject: [PATCH] pps: Fix a use-after-free
On a board running ntpd and gpsd, I'm seeing a consistent use-after-free
in sys_exit() from gpsd when rebooting:
pps pps1: removed
------------[ cut here ]------------
kobject: '(null)' (00000000db4bec24): is not initialized, yet kobject_put() is being called.
WARNING: CPU: 2 PID: 440 at lib/kobject.c:734 kobject_put+0x120/0x150
CPU: 2 UID: 299 PID: 440 Comm: gpsd Not tainted 6.11.0-rc6-00308-gb31c44928842 #1
Hardware name: Raspberry Pi 4 Model B Rev 1.1 (DT)
pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : kobject_put+0x120/0x150
lr : kobject_put+0x120/0x150
sp : ffffffc0803d3ae0
x29: ffffffc0803d3ae0 x28: ffffff8042dc9738 x27: 0000000000000001
x26: 0000000000000000 x25: ffffff8042dc9040 x24: ffffff8042dc9440
x23: ffffff80402a4620 x22: ffffff8042ef4bd0 x21: ffffff80405cb600
x20: 000000000008001b x19: ffffff8040b3b6e0 x18: 0000000000000000
x17: 0000000000000000 x16: 0000000000000000 x15: 696e6920746f6e20
x14: 7369203a29343263 x13: 205d303434542020 x12: 0000000000000000
x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000
x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000000
x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000000
Call trace:
kobject_put+0x120/0x150
cdev_put+0x20/0x3c
__fput+0x2c4/0x2d8
____fput+0x1c/0x38
task_work_run+0x70/0xfc
do_exit+0x2a0/0x924
do_group_exit+0x34/0x90
get_signal+0x7fc/0x8c0
do_signal+0x128/0x13b4
do_notify_resume+0xdc/0x160
el0_svc+0xd4/0xf8
el0t_64_sync_handler+0x140/0x14c
el0t_64_sync+0x190/0x194
---[ end trace 0000000000000000 ]---
...followed by more symptoms of corruption, with similar stacks:
refcount_t: underflow; use-after-free.
kernel BUG at lib/list_debug.c:62!
Kernel panic - not syncing: Oops - BUG: Fatal exception
This happens because pps_device_destruct() frees the pps_device with the
embedded cdev immediately after calling cdev_del(), but, as the comment
above cdev_del() notes, fops for previously opened cdevs are still
callable even after cdev_del() returns. I think this bug has always
been there: I can't explain why it suddenly started happening every time
I reboot this particular board.
In commit d953e0e837e6 ("pps: Fix a use-after free bug when
unregistering a source."), George Spelvin suggested removing the
embedded cdev. That seems like the simplest way to fix this, so I've
implemented his suggestion, using __register_chrdev() with pps_idr
becoming the source of truth for which minor corresponds to which
device.
But now that pps_idr defines userspace visibility instead of cdev_add(),
we need to be sure the pps->dev refcount can't reach zero while
userspace can still find it again. So, the idr_remove() call moves to
pps_unregister_cdev(), and pps_idr now holds a reference to pps->dev.
pps_core: source serial1 got cdev (251:1)
<...>
pps pps1: removed
pps_core: unregistering pps1
pps_core: deallocating pps1
Fixes: d953e0e837e6 ("pps: Fix a use-after free bug when unregistering a source.")
Cc: stable(a)vger.kernel.org
Signed-off-by: Calvin Owens <calvin(a)wbinvd.org>
Reviewed-by: Michal Schmidt <mschmidt(a)redhat.com>
Link: https://lore.kernel.org/r/a17975fd5ae99385791929e563f72564edbcf28f.17313837…
Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
diff --git a/drivers/pps/clients/pps-gpio.c b/drivers/pps/clients/pps-gpio.c
index 634c3b2f8c26..f77b19884f05 100644
--- a/drivers/pps/clients/pps-gpio.c
+++ b/drivers/pps/clients/pps-gpio.c
@@ -214,8 +214,8 @@ static int pps_gpio_probe(struct platform_device *pdev)
return -EINVAL;
}
- dev_info(data->pps->dev, "Registered IRQ %d as PPS source\n",
- data->irq);
+ dev_dbg(&data->pps->dev, "Registered IRQ %d as PPS source\n",
+ data->irq);
return 0;
}
diff --git a/drivers/pps/clients/pps-ktimer.c b/drivers/pps/clients/pps-ktimer.c
index d33106bd7a29..2f465549b843 100644
--- a/drivers/pps/clients/pps-ktimer.c
+++ b/drivers/pps/clients/pps-ktimer.c
@@ -56,7 +56,7 @@ static struct pps_source_info pps_ktimer_info = {
static void __exit pps_ktimer_exit(void)
{
- dev_info(pps->dev, "ktimer PPS source unregistered\n");
+ dev_dbg(&pps->dev, "ktimer PPS source unregistered\n");
del_timer_sync(&ktimer);
pps_unregister_source(pps);
@@ -74,7 +74,7 @@ static int __init pps_ktimer_init(void)
timer_setup(&ktimer, pps_ktimer_event, 0);
mod_timer(&ktimer, jiffies + HZ);
- dev_info(pps->dev, "ktimer PPS source registered\n");
+ dev_dbg(&pps->dev, "ktimer PPS source registered\n");
return 0;
}
diff --git a/drivers/pps/clients/pps-ldisc.c b/drivers/pps/clients/pps-ldisc.c
index 443d6bae19d1..fa5660f3c4b7 100644
--- a/drivers/pps/clients/pps-ldisc.c
+++ b/drivers/pps/clients/pps-ldisc.c
@@ -32,7 +32,7 @@ static void pps_tty_dcd_change(struct tty_struct *tty, bool active)
pps_event(pps, &ts, active ? PPS_CAPTUREASSERT :
PPS_CAPTURECLEAR, NULL);
- dev_dbg(pps->dev, "PPS %s at %lu\n",
+ dev_dbg(&pps->dev, "PPS %s at %lu\n",
active ? "assert" : "clear", jiffies);
}
@@ -69,7 +69,7 @@ static int pps_tty_open(struct tty_struct *tty)
goto err_unregister;
}
- dev_info(pps->dev, "source \"%s\" added\n", info.path);
+ dev_dbg(&pps->dev, "source \"%s\" added\n", info.path);
return 0;
@@ -89,7 +89,7 @@ static void pps_tty_close(struct tty_struct *tty)
if (WARN_ON(!pps))
return;
- dev_info(pps->dev, "removed\n");
+ dev_info(&pps->dev, "removed\n");
pps_unregister_source(pps);
}
diff --git a/drivers/pps/clients/pps_parport.c b/drivers/pps/clients/pps_parport.c
index abaffb4e1c1c..24db06750297 100644
--- a/drivers/pps/clients/pps_parport.c
+++ b/drivers/pps/clients/pps_parport.c
@@ -81,7 +81,7 @@ static void parport_irq(void *handle)
/* check the signal (no signal means the pulse is lost this time) */
if (!signal_is_set(port)) {
local_irq_restore(flags);
- dev_err(dev->pps->dev, "lost the signal\n");
+ dev_err(&dev->pps->dev, "lost the signal\n");
goto out_assert;
}
@@ -98,7 +98,7 @@ static void parport_irq(void *handle)
/* timeout */
dev->cw_err++;
if (dev->cw_err >= CLEAR_WAIT_MAX_ERRORS) {
- dev_err(dev->pps->dev, "disabled clear edge capture after %d"
+ dev_err(&dev->pps->dev, "disabled clear edge capture after %d"
" timeouts\n", dev->cw_err);
dev->cw = 0;
dev->cw_err = 0;
diff --git a/drivers/pps/kapi.c b/drivers/pps/kapi.c
index d9d566f70ed1..92d1b62ea239 100644
--- a/drivers/pps/kapi.c
+++ b/drivers/pps/kapi.c
@@ -41,7 +41,7 @@ static void pps_add_offset(struct pps_ktime *ts, struct pps_ktime *offset)
static void pps_echo_client_default(struct pps_device *pps, int event,
void *data)
{
- dev_info(pps->dev, "echo %s %s\n",
+ dev_info(&pps->dev, "echo %s %s\n",
event & PPS_CAPTUREASSERT ? "assert" : "",
event & PPS_CAPTURECLEAR ? "clear" : "");
}
@@ -112,7 +112,7 @@ struct pps_device *pps_register_source(struct pps_source_info *info,
goto kfree_pps;
}
- dev_info(pps->dev, "new PPS source %s\n", info->name);
+ dev_dbg(&pps->dev, "new PPS source %s\n", info->name);
return pps;
@@ -166,7 +166,7 @@ void pps_event(struct pps_device *pps, struct pps_event_time *ts, int event,
/* check event type */
BUG_ON((event & (PPS_CAPTUREASSERT | PPS_CAPTURECLEAR)) == 0);
- dev_dbg(pps->dev, "PPS event at %lld.%09ld\n",
+ dev_dbg(&pps->dev, "PPS event at %lld.%09ld\n",
(s64)ts->ts_real.tv_sec, ts->ts_real.tv_nsec);
timespec_to_pps_ktime(&ts_real, ts->ts_real);
@@ -188,7 +188,7 @@ void pps_event(struct pps_device *pps, struct pps_event_time *ts, int event,
/* Save the time stamp */
pps->assert_tu = ts_real;
pps->assert_sequence++;
- dev_dbg(pps->dev, "capture assert seq #%u\n",
+ dev_dbg(&pps->dev, "capture assert seq #%u\n",
pps->assert_sequence);
captured = ~0;
@@ -202,7 +202,7 @@ void pps_event(struct pps_device *pps, struct pps_event_time *ts, int event,
/* Save the time stamp */
pps->clear_tu = ts_real;
pps->clear_sequence++;
- dev_dbg(pps->dev, "capture clear seq #%u\n",
+ dev_dbg(&pps->dev, "capture clear seq #%u\n",
pps->clear_sequence);
captured = ~0;
diff --git a/drivers/pps/kc.c b/drivers/pps/kc.c
index 50dc59af45be..fbd23295afd7 100644
--- a/drivers/pps/kc.c
+++ b/drivers/pps/kc.c
@@ -43,11 +43,11 @@ int pps_kc_bind(struct pps_device *pps, struct pps_bind_args *bind_args)
pps_kc_hardpps_mode = 0;
pps_kc_hardpps_dev = NULL;
spin_unlock_irq(&pps_kc_hardpps_lock);
- dev_info(pps->dev, "unbound kernel"
+ dev_info(&pps->dev, "unbound kernel"
" consumer\n");
} else {
spin_unlock_irq(&pps_kc_hardpps_lock);
- dev_err(pps->dev, "selected kernel consumer"
+ dev_err(&pps->dev, "selected kernel consumer"
" is not bound\n");
return -EINVAL;
}
@@ -57,11 +57,11 @@ int pps_kc_bind(struct pps_device *pps, struct pps_bind_args *bind_args)
pps_kc_hardpps_mode = bind_args->edge;
pps_kc_hardpps_dev = pps;
spin_unlock_irq(&pps_kc_hardpps_lock);
- dev_info(pps->dev, "bound kernel consumer: "
+ dev_info(&pps->dev, "bound kernel consumer: "
"edge=0x%x\n", bind_args->edge);
} else {
spin_unlock_irq(&pps_kc_hardpps_lock);
- dev_err(pps->dev, "another kernel consumer"
+ dev_err(&pps->dev, "another kernel consumer"
" is already bound\n");
return -EINVAL;
}
@@ -83,7 +83,7 @@ void pps_kc_remove(struct pps_device *pps)
pps_kc_hardpps_mode = 0;
pps_kc_hardpps_dev = NULL;
spin_unlock_irq(&pps_kc_hardpps_lock);
- dev_info(pps->dev, "unbound kernel consumer"
+ dev_info(&pps->dev, "unbound kernel consumer"
" on device removal\n");
} else
spin_unlock_irq(&pps_kc_hardpps_lock);
diff --git a/drivers/pps/pps.c b/drivers/pps/pps.c
index 25d47907db17..6a02245ea35f 100644
--- a/drivers/pps/pps.c
+++ b/drivers/pps/pps.c
@@ -25,7 +25,7 @@
* Local variables
*/
-static dev_t pps_devt;
+static int pps_major;
static struct class *pps_class;
static DEFINE_MUTEX(pps_idr_lock);
@@ -62,7 +62,7 @@ static int pps_cdev_pps_fetch(struct pps_device *pps, struct pps_fdata *fdata)
else {
unsigned long ticks;
- dev_dbg(pps->dev, "timeout %lld.%09d\n",
+ dev_dbg(&pps->dev, "timeout %lld.%09d\n",
(long long) fdata->timeout.sec,
fdata->timeout.nsec);
ticks = fdata->timeout.sec * HZ;
@@ -80,7 +80,7 @@ static int pps_cdev_pps_fetch(struct pps_device *pps, struct pps_fdata *fdata)
/* Check for pending signals */
if (err == -ERESTARTSYS) {
- dev_dbg(pps->dev, "pending signal caught\n");
+ dev_dbg(&pps->dev, "pending signal caught\n");
return -EINTR;
}
@@ -98,7 +98,7 @@ static long pps_cdev_ioctl(struct file *file,
switch (cmd) {
case PPS_GETPARAMS:
- dev_dbg(pps->dev, "PPS_GETPARAMS\n");
+ dev_dbg(&pps->dev, "PPS_GETPARAMS\n");
spin_lock_irq(&pps->lock);
@@ -114,7 +114,7 @@ static long pps_cdev_ioctl(struct file *file,
break;
case PPS_SETPARAMS:
- dev_dbg(pps->dev, "PPS_SETPARAMS\n");
+ dev_dbg(&pps->dev, "PPS_SETPARAMS\n");
/* Check the capabilities */
if (!capable(CAP_SYS_TIME))
@@ -124,14 +124,14 @@ static long pps_cdev_ioctl(struct file *file,
if (err)
return -EFAULT;
if (!(params.mode & (PPS_CAPTUREASSERT | PPS_CAPTURECLEAR))) {
- dev_dbg(pps->dev, "capture mode unspecified (%x)\n",
+ dev_dbg(&pps->dev, "capture mode unspecified (%x)\n",
params.mode);
return -EINVAL;
}
/* Check for supported capabilities */
if ((params.mode & ~pps->info.mode) != 0) {
- dev_dbg(pps->dev, "unsupported capabilities (%x)\n",
+ dev_dbg(&pps->dev, "unsupported capabilities (%x)\n",
params.mode);
return -EINVAL;
}
@@ -144,7 +144,7 @@ static long pps_cdev_ioctl(struct file *file,
/* Restore the read only parameters */
if ((params.mode & (PPS_TSFMT_TSPEC | PPS_TSFMT_NTPFP)) == 0) {
/* section 3.3 of RFC 2783 interpreted */
- dev_dbg(pps->dev, "time format unspecified (%x)\n",
+ dev_dbg(&pps->dev, "time format unspecified (%x)\n",
params.mode);
pps->params.mode |= PPS_TSFMT_TSPEC;
}
@@ -165,7 +165,7 @@ static long pps_cdev_ioctl(struct file *file,
break;
case PPS_GETCAP:
- dev_dbg(pps->dev, "PPS_GETCAP\n");
+ dev_dbg(&pps->dev, "PPS_GETCAP\n");
err = put_user(pps->info.mode, iuarg);
if (err)
@@ -176,7 +176,7 @@ static long pps_cdev_ioctl(struct file *file,
case PPS_FETCH: {
struct pps_fdata fdata;
- dev_dbg(pps->dev, "PPS_FETCH\n");
+ dev_dbg(&pps->dev, "PPS_FETCH\n");
err = copy_from_user(&fdata, uarg, sizeof(struct pps_fdata));
if (err)
@@ -206,7 +206,7 @@ static long pps_cdev_ioctl(struct file *file,
case PPS_KC_BIND: {
struct pps_bind_args bind_args;
- dev_dbg(pps->dev, "PPS_KC_BIND\n");
+ dev_dbg(&pps->dev, "PPS_KC_BIND\n");
/* Check the capabilities */
if (!capable(CAP_SYS_TIME))
@@ -218,7 +218,7 @@ static long pps_cdev_ioctl(struct file *file,
/* Check for supported capabilities */
if ((bind_args.edge & ~pps->info.mode) != 0) {
- dev_err(pps->dev, "unsupported capabilities (%x)\n",
+ dev_err(&pps->dev, "unsupported capabilities (%x)\n",
bind_args.edge);
return -EINVAL;
}
@@ -227,7 +227,7 @@ static long pps_cdev_ioctl(struct file *file,
if (bind_args.tsformat != PPS_TSFMT_TSPEC ||
(bind_args.edge & ~PPS_CAPTUREBOTH) != 0 ||
bind_args.consumer != PPS_KC_HARDPPS) {
- dev_err(pps->dev, "invalid kernel consumer bind"
+ dev_err(&pps->dev, "invalid kernel consumer bind"
" parameters (%x)\n", bind_args.edge);
return -EINVAL;
}
@@ -259,7 +259,7 @@ static long pps_cdev_compat_ioctl(struct file *file,
struct pps_fdata fdata;
int err;
- dev_dbg(pps->dev, "PPS_FETCH\n");
+ dev_dbg(&pps->dev, "PPS_FETCH\n");
err = copy_from_user(&compat, uarg, sizeof(struct pps_fdata_compat));
if (err)
@@ -296,20 +296,36 @@ static long pps_cdev_compat_ioctl(struct file *file,
#define pps_cdev_compat_ioctl NULL
#endif
+static struct pps_device *pps_idr_get(unsigned long id)
+{
+ struct pps_device *pps;
+
+ mutex_lock(&pps_idr_lock);
+ pps = idr_find(&pps_idr, id);
+ if (pps)
+ get_device(&pps->dev);
+
+ mutex_unlock(&pps_idr_lock);
+ return pps;
+}
+
static int pps_cdev_open(struct inode *inode, struct file *file)
{
- struct pps_device *pps = container_of(inode->i_cdev,
- struct pps_device, cdev);
+ struct pps_device *pps = pps_idr_get(iminor(inode));
+
+ if (!pps)
+ return -ENODEV;
+
file->private_data = pps;
- kobject_get(&pps->dev->kobj);
return 0;
}
static int pps_cdev_release(struct inode *inode, struct file *file)
{
- struct pps_device *pps = container_of(inode->i_cdev,
- struct pps_device, cdev);
- kobject_put(&pps->dev->kobj);
+ struct pps_device *pps = file->private_data;
+
+ WARN_ON(pps->id != iminor(inode));
+ put_device(&pps->dev);
return 0;
}
@@ -331,22 +347,13 @@ static void pps_device_destruct(struct device *dev)
{
struct pps_device *pps = dev_get_drvdata(dev);
- cdev_del(&pps->cdev);
-
- /* Now we can release the ID for re-use */
pr_debug("deallocating pps%d\n", pps->id);
- mutex_lock(&pps_idr_lock);
- idr_remove(&pps_idr, pps->id);
- mutex_unlock(&pps_idr_lock);
-
- kfree(dev);
kfree(pps);
}
int pps_register_cdev(struct pps_device *pps)
{
int err;
- dev_t devt;
mutex_lock(&pps_idr_lock);
/*
@@ -363,40 +370,29 @@ int pps_register_cdev(struct pps_device *pps)
goto out_unlock;
}
pps->id = err;
- mutex_unlock(&pps_idr_lock);
- devt = MKDEV(MAJOR(pps_devt), pps->id);
-
- cdev_init(&pps->cdev, &pps_cdev_fops);
- pps->cdev.owner = pps->info.owner;
-
- err = cdev_add(&pps->cdev, devt, 1);
- if (err) {
- pr_err("%s: failed to add char device %d:%d\n",
- pps->info.name, MAJOR(pps_devt), pps->id);
+ pps->dev.class = pps_class;
+ pps->dev.parent = pps->info.dev;
+ pps->dev.devt = MKDEV(pps_major, pps->id);
+ dev_set_drvdata(&pps->dev, pps);
+ dev_set_name(&pps->dev, "pps%d", pps->id);
+ err = device_register(&pps->dev);
+ if (err)
goto free_idr;
- }
- pps->dev = device_create(pps_class, pps->info.dev, devt, pps,
- "pps%d", pps->id);
- if (IS_ERR(pps->dev)) {
- err = PTR_ERR(pps->dev);
- goto del_cdev;
- }
/* Override the release function with our own */
- pps->dev->release = pps_device_destruct;
+ pps->dev.release = pps_device_destruct;
- pr_debug("source %s got cdev (%d:%d)\n", pps->info.name,
- MAJOR(pps_devt), pps->id);
+ pr_debug("source %s got cdev (%d:%d)\n", pps->info.name, pps_major,
+ pps->id);
+ get_device(&pps->dev);
+ mutex_unlock(&pps_idr_lock);
return 0;
-del_cdev:
- cdev_del(&pps->cdev);
-
free_idr:
- mutex_lock(&pps_idr_lock);
idr_remove(&pps_idr, pps->id);
+ put_device(&pps->dev);
out_unlock:
mutex_unlock(&pps_idr_lock);
return err;
@@ -406,7 +402,13 @@ void pps_unregister_cdev(struct pps_device *pps)
{
pr_debug("unregistering pps%d\n", pps->id);
pps->lookup_cookie = NULL;
- device_destroy(pps_class, pps->dev->devt);
+ device_destroy(pps_class, pps->dev.devt);
+
+ /* Now we can release the ID for re-use */
+ mutex_lock(&pps_idr_lock);
+ idr_remove(&pps_idr, pps->id);
+ put_device(&pps->dev);
+ mutex_unlock(&pps_idr_lock);
}
/*
@@ -426,6 +428,11 @@ void pps_unregister_cdev(struct pps_device *pps)
* so that it will not be used again, even if the pps device cannot
* be removed from the idr due to pending references holding the minor
* number in use.
+ *
+ * Since pps_idr holds a reference to the device, the returned
+ * pps_device is guaranteed to be valid until pps_unregister_cdev() is
+ * called on it. But after calling pps_unregister_cdev(), it may be
+ * freed at any time.
*/
struct pps_device *pps_lookup_dev(void const *cookie)
{
@@ -448,13 +455,11 @@ EXPORT_SYMBOL(pps_lookup_dev);
static void __exit pps_exit(void)
{
class_destroy(pps_class);
- unregister_chrdev_region(pps_devt, PPS_MAX_SOURCES);
+ __unregister_chrdev(pps_major, 0, PPS_MAX_SOURCES, "pps");
}
static int __init pps_init(void)
{
- int err;
-
pps_class = class_create("pps");
if (IS_ERR(pps_class)) {
pr_err("failed to allocate class\n");
@@ -462,8 +467,9 @@ static int __init pps_init(void)
}
pps_class->dev_groups = pps_groups;
- err = alloc_chrdev_region(&pps_devt, 0, PPS_MAX_SOURCES, "pps");
- if (err < 0) {
+ pps_major = __register_chrdev(0, 0, PPS_MAX_SOURCES, "pps",
+ &pps_cdev_fops);
+ if (pps_major < 0) {
pr_err("failed to allocate char device region\n");
goto remove_class;
}
@@ -476,8 +482,7 @@ static int __init pps_init(void)
remove_class:
class_destroy(pps_class);
-
- return err;
+ return pps_major;
}
subsys_initcall(pps_init);
diff --git a/drivers/ptp/ptp_ocp.c b/drivers/ptp/ptp_ocp.c
index 5feecaadde8e..120db96d9e95 100644
--- a/drivers/ptp/ptp_ocp.c
+++ b/drivers/ptp/ptp_ocp.c
@@ -4420,7 +4420,7 @@ ptp_ocp_complete(struct ptp_ocp *bp)
pps = pps_lookup_dev(bp->ptp);
if (pps)
- ptp_ocp_symlink(bp, pps->dev, "pps");
+ ptp_ocp_symlink(bp, &pps->dev, "pps");
ptp_ocp_debugfs_add_device(bp);
diff --git a/include/linux/pps_kernel.h b/include/linux/pps_kernel.h
index 78c8ac4951b5..c7abce28ed29 100644
--- a/include/linux/pps_kernel.h
+++ b/include/linux/pps_kernel.h
@@ -56,8 +56,7 @@ struct pps_device {
unsigned int id; /* PPS source unique ID */
void const *lookup_cookie; /* For pps_lookup_dev() only */
- struct cdev cdev;
- struct device *dev;
+ struct device dev;
struct fasync_struct *async_queue; /* fasync method */
spinlock_t lock;
};
4 months, 1 week
- 3
- 2
[PATCH 6.1 1/2] Revert "btrfs: avoid monopolizing a core when activating a swap file"
by Koichiro Den
This reverts commit bb8e287f596b62fac18ed84cc03a9f1752f6b3b8.
The backport for linux-6.1.y, commit bb8e287f596b ("btrfs: avoid
monopolizing a core when activating a swap file"), inserted
cond_resched() in the wrong location.
Revert it now; a subsequent commit will re-backport the original patch.
Fixes: bb8e287f596b ("btrfs: avoid monopolizing a core when activating a swap file") # linux-6.1.y
Signed-off-by: Koichiro Den <koichiro.den(a)canonical.com>
---
fs/btrfs/inode.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c
index b2cded5bf69c..f4a754d62bf4 100644
--- a/fs/btrfs/inode.c
+++ b/fs/btrfs/inode.c
@@ -7387,8 +7387,6 @@ noinline int can_nocow_extent(struct inode *inode, u64 offset, u64 *len,
ret = -EAGAIN;
goto out;
}
-
- cond_resched();
}
if (orig_start)
--
2.45.2
4 months, 1 week
- 2
- 2
[PATCH 5.15 1/2] Revert "btrfs: avoid monopolizing a core when activating a swap file"
by Koichiro Den
This reverts commit 214d92f0a465f93eea15e702e743f2c63823b1fd.
The backport for linux-5.15.y, commit 214d92f0a465 ("btrfs: avoid
monopolizing a core when activating a swap file"), inserted
cond_resched() in the wrong location.
Revert it now; a subsequent commit will re-backport the original patch.
Fixes: 214d92f0a465 ("btrfs: avoid monopolizing a core when activating a swap file") # linux-5.15.y
Signed-off-by: Koichiro Den <koichiro.den(a)canonical.com>
---
fs/btrfs/inode.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c
index a6b1dd834060..8f048e517e65 100644
--- a/fs/btrfs/inode.c
+++ b/fs/btrfs/inode.c
@@ -7698,8 +7698,6 @@ noinline int can_nocow_extent(struct inode *inode, u64 offset, u64 *len,
ret = -EAGAIN;
goto out;
}
-
- cond_resched();
}
btrfs_release_path(path);
--
2.45.2
4 months, 1 week
- 2
- 2
[PATCH 5.10.y] profile: Fix use after free in profile_tick()
by Xingrui Yi
[free]
profiling_store()
--> profile_init()
--> free_cpumask_var(prof_cpu_mask) <-- freed
[use]
tick_sched_timer()
--> profile_tick()
--> cpumask_available(prof_cpu_mask) <-- prof_cpu_mask is not NULL
if cpumask offstack
--> cpumask_test_cpu(smp_processor_id(), prof_cpu_mask) <-- use after free
When profile_init() failed if prof_buffer is not allocated,
prof_cpu_mask will be kfreed by free_cpumask_var() but not set
to NULL when CONFIG_CPUMASK_OFFSTACK=y, thus profile_tick() will
use prof_cpu_mask after free.
Signed-off-by: Xingrui Yi <yixingrui(a)linux.alibaba.com>
---
kernel/profile.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/kernel/profile.c b/kernel/profile.c
index 0db1122855c0..b5e85193cb02 100644
--- a/kernel/profile.c
+++ b/kernel/profile.c
@@ -137,6 +137,9 @@ int __ref profile_init(void)
return 0;
free_cpumask_var(prof_cpu_mask);
+#ifdef CONFIG_CPUMASK_OFFSTACK
+ prof_cpu_mask = NULL;
+#endif
return -ENOMEM;
}
--
2.43.5
4 months, 1 week
- 3
- 2
[PATCH 6.12 1/2] Revert "btrfs: avoid monopolizing a core when activating a swap file"
by Koichiro Den
This reverts commit 9f372e86b9bd1914df58c8f6e30939b7a224c6b0.
The backport for linux-6.12.y, commit 9f372e86b9bd ("btrfs: avoid
monopolizing a core when activating a swap file"), inserted
cond_resched() in the wrong location.
Revert it now; a subsequent commit will re-backport the original patch.
Fixes: 9f372e86b9bd ("btrfs: avoid monopolizing a core when activating a swap file") # linux-6.12.y
Signed-off-by: Koichiro Den <koichiro.den(a)canonical.com>
---
fs/btrfs/inode.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c
index a3c861b2a6d2..a74a09cf622d 100644
--- a/fs/btrfs/inode.c
+++ b/fs/btrfs/inode.c
@@ -7117,8 +7117,6 @@ noinline int can_nocow_extent(struct inode *inode, u64 offset, u64 *len,
ret = -EAGAIN;
goto out;
}
-
- cond_resched();
}
if (file_extent)
--
2.45.2
4 months, 1 week
- 2
- 2
[PATCH 6.1&6.6 0/3] kbuild: Avoid weak external linkage where possible
by Huacai Chen
Backport this series to 6.1&6.6 because LoongArch gets build errors with
latest binutils which has commit 599df6e2db17d1c4 ("ld, LoongArch: print
error about linking without -fPIC or -fPIE flag in more detail").
CC .vmlinux.export.o
UPD include/generated/utsversion.h
CC init/version-timestamp.o
LD .tmp_vmlinux.kallsyms1
loongarch64-unknown-linux-gnu-ld: kernel/kallsyms.o:(.text+0): relocation R_LARCH_PCALA_HI20 against `kallsyms_markers` can not be used when making a PIE object; recompile with -fPIE
loongarch64-unknown-linux-gnu-ld: kernel/crash_core.o:(.init.text+0x984): relocation R_LARCH_PCALA_HI20 against `kallsyms_names` can not be used when making a PIE object; recompile with -fPIE
loongarch64-unknown-linux-gnu-ld: kernel/bpf/btf.o:(.text+0xcc7c): relocation R_LARCH_PCALA_HI20 against `__start_BTF` can not be used when making a PIE object; recompile with -fPIE
loongarch64-unknown-linux-gnu-ld: BFD (GNU Binutils) 2.43.50.20241126 assertion fail ../../bfd/elfnn-loongarch.c:2673
In theory 5.10&5.15 also need this, but since LoongArch get upstream at
5.19, so I just ignore them because there is no error report about other
archs now.
Weak external linkage is intended for cases where a symbol reference
can remain unsatisfied in the final link. Taking the address of such a
symbol should yield NULL if the reference was not satisfied.
Given that ordinary RIP or PC relative references cannot produce NULL,
some kind of indirection is always needed in such cases, and in position
independent code, this results in a GOT entry. In ordinary code, it is
arch specific but amounts to the same thing.
While unavoidable in some cases, weak references are currently also used
to declare symbols that are always defined in the final link, but not in
the first linker pass. This means we end up with worse codegen for no
good reason. So let's clean this up, by providing preliminary
definitions that are only used as a fallback.
Ard Biesheuvel (3):
kallsyms: Avoid weak references for kallsyms symbols
vmlinux: Avoid weak reference to notes section
btf: Avoid weak external references
Signed-off-by: Ard Biesheuvel <ardb(a)kernel.org>
Signed-off-by: Huacai Chen <chenhuacai(a)loongson.cn>
---
include/asm-generic/vmlinux.lds.h | 28 ++++++++++++++++++
kernel/bpf/btf.c | 7 +++--
kernel/bpf/sysfs_btf.c | 6 ++--
kernel/kallsyms.c | 6 ----
kernel/kallsyms_internal.h | 30 ++++++++------------
kernel/ksysfs.c | 4 +--
lib/buildid.c | 4 +--
7 files changed, 52 insertions(+), 33 deletions(-)
---
2.27.0
4 months, 1 week
- 8
- 16
[PATCH 6.1] net: Fix icmp host relookup triggering ip_rt_bug
by vgiraud.opensource@witekio.com
From: Dong Chenchen <dongchenchen2(a)huawei.com>
[ Upstream commit c44daa7e3c73229f7ac74985acb8c7fb909c4e0a ]
arp link failure may trigger ip_rt_bug while xfrm enabled, call trace is:
WARNING: CPU: 0 PID: 0 at net/ipv4/route.c:1241 ip_rt_bug+0x14/0x20
Modules linked in:
CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.12.0-rc6-00077-g2e1b3cc9d7f7
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014
RIP: 0010:ip_rt_bug+0x14/0x20
Call Trace:
<IRQ>
ip_send_skb+0x14/0x40
__icmp_send+0x42d/0x6a0
ipv4_link_failure+0xe2/0x1d0
arp_error_report+0x3c/0x50
neigh_invalidate+0x8d/0x100
neigh_timer_handler+0x2e1/0x330
call_timer_fn+0x21/0x120
__run_timer_base.part.0+0x1c9/0x270
run_timer_softirq+0x4c/0x80
handle_softirqs+0xac/0x280
irq_exit_rcu+0x62/0x80
sysvec_apic_timer_interrupt+0x77/0x90
The script below reproduces this scenario:
ip xfrm policy add src 0.0.0.0/0 dst 0.0.0.0/0 \
dir out priority 0 ptype main flag localok icmp
ip l a veth1 type veth
ip a a 192.168.141.111/24 dev veth0
ip l s veth0 up
ping 192.168.141.155 -c 1
icmp_route_lookup() create input routes for locally generated packets
while xfrm relookup ICMP traffic.Then it will set input route
(dst->out = ip_rt_bug) to skb for DESTUNREACH.
For ICMP err triggered by locally generated packets, dst->dev of output
route is loopback. Generally, xfrm relookup verification is not required
on loopback interfaces (net.ipv4.conf.lo.disable_xfrm = 1).
Skip icmp relookup for locally generated packets to fix it.
Fixes: 8b7817f3a959 ("[IPSEC]: Add ICMP host relookup support")
Signed-off-by: Dong Chenchen <dongchenchen2(a)huawei.com>
Reviewed-by: David Ahern <dsahern(a)kernel.org>
Reviewed-by: Eric Dumazet <edumazet(a)google.com>
Link: https://patch.msgid.link/20241127040850.1513135-1-dongchenchen2@huawei.com
Signed-off-by: Jakub Kicinski <kuba(a)kernel.org>
Signed-off-by: Bruno VERNAY <bruno.vernay(a)se.com>
Signed-off-by: Victor Giraud <vgiraud.opensource(a)witekio.com>
---
net/ipv4/icmp.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/net/ipv4/icmp.c b/net/ipv4/icmp.c
index 9dffdd876fef..ab830c093f7e 100644
--- a/net/ipv4/icmp.c
+++ b/net/ipv4/icmp.c
@@ -522,6 +522,9 @@ static struct rtable *icmp_route_lookup(struct net *net,
if (rt != rt2)
return rt;
} else if (PTR_ERR(rt) == -EPERM) {
+ if (inet_addr_type_dev_table(net, route_lookup_dev,
+ fl4->daddr) == RTN_LOCAL)
+ return rt;
rt = NULL;
} else
return rt;
--
2.34.1
4 months, 1 week
- 2
- 1
FAILED: patch "[PATCH] pps: Fix a use-after-free" failed to apply to 5.15-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 5.15-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y
git checkout FETCH_HEAD
git cherry-pick -x c79a39dc8d060b9e64e8b0fa9d245d44befeefbe
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025020421-probe-shock-4e0d@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From c79a39dc8d060b9e64e8b0fa9d245d44befeefbe Mon Sep 17 00:00:00 2001
From: Calvin Owens <calvin(a)wbinvd.org>
Date: Mon, 11 Nov 2024 20:13:29 -0800
Subject: [PATCH] pps: Fix a use-after-free
On a board running ntpd and gpsd, I'm seeing a consistent use-after-free
in sys_exit() from gpsd when rebooting:
pps pps1: removed
------------[ cut here ]------------
kobject: '(null)' (00000000db4bec24): is not initialized, yet kobject_put() is being called.
WARNING: CPU: 2 PID: 440 at lib/kobject.c:734 kobject_put+0x120/0x150
CPU: 2 UID: 299 PID: 440 Comm: gpsd Not tainted 6.11.0-rc6-00308-gb31c44928842 #1
Hardware name: Raspberry Pi 4 Model B Rev 1.1 (DT)
pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : kobject_put+0x120/0x150
lr : kobject_put+0x120/0x150
sp : ffffffc0803d3ae0
x29: ffffffc0803d3ae0 x28: ffffff8042dc9738 x27: 0000000000000001
x26: 0000000000000000 x25: ffffff8042dc9040 x24: ffffff8042dc9440
x23: ffffff80402a4620 x22: ffffff8042ef4bd0 x21: ffffff80405cb600
x20: 000000000008001b x19: ffffff8040b3b6e0 x18: 0000000000000000
x17: 0000000000000000 x16: 0000000000000000 x15: 696e6920746f6e20
x14: 7369203a29343263 x13: 205d303434542020 x12: 0000000000000000
x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000
x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000000
x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000000
Call trace:
kobject_put+0x120/0x150
cdev_put+0x20/0x3c
__fput+0x2c4/0x2d8
____fput+0x1c/0x38
task_work_run+0x70/0xfc
do_exit+0x2a0/0x924
do_group_exit+0x34/0x90
get_signal+0x7fc/0x8c0
do_signal+0x128/0x13b4
do_notify_resume+0xdc/0x160
el0_svc+0xd4/0xf8
el0t_64_sync_handler+0x140/0x14c
el0t_64_sync+0x190/0x194
---[ end trace 0000000000000000 ]---
...followed by more symptoms of corruption, with similar stacks:
refcount_t: underflow; use-after-free.
kernel BUG at lib/list_debug.c:62!
Kernel panic - not syncing: Oops - BUG: Fatal exception
This happens because pps_device_destruct() frees the pps_device with the
embedded cdev immediately after calling cdev_del(), but, as the comment
above cdev_del() notes, fops for previously opened cdevs are still
callable even after cdev_del() returns. I think this bug has always
been there: I can't explain why it suddenly started happening every time
I reboot this particular board.
In commit d953e0e837e6 ("pps: Fix a use-after free bug when
unregistering a source."), George Spelvin suggested removing the
embedded cdev. That seems like the simplest way to fix this, so I've
implemented his suggestion, using __register_chrdev() with pps_idr
becoming the source of truth for which minor corresponds to which
device.
But now that pps_idr defines userspace visibility instead of cdev_add(),
we need to be sure the pps->dev refcount can't reach zero while
userspace can still find it again. So, the idr_remove() call moves to
pps_unregister_cdev(), and pps_idr now holds a reference to pps->dev.
pps_core: source serial1 got cdev (251:1)
<...>
pps pps1: removed
pps_core: unregistering pps1
pps_core: deallocating pps1
Fixes: d953e0e837e6 ("pps: Fix a use-after free bug when unregistering a source.")
Cc: stable(a)vger.kernel.org
Signed-off-by: Calvin Owens <calvin(a)wbinvd.org>
Reviewed-by: Michal Schmidt <mschmidt(a)redhat.com>
Link: https://lore.kernel.org/r/a17975fd5ae99385791929e563f72564edbcf28f.17313837…
Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
diff --git a/drivers/pps/clients/pps-gpio.c b/drivers/pps/clients/pps-gpio.c
index 634c3b2f8c26..f77b19884f05 100644
--- a/drivers/pps/clients/pps-gpio.c
+++ b/drivers/pps/clients/pps-gpio.c
@@ -214,8 +214,8 @@ static int pps_gpio_probe(struct platform_device *pdev)
return -EINVAL;
}
- dev_info(data->pps->dev, "Registered IRQ %d as PPS source\n",
- data->irq);
+ dev_dbg(&data->pps->dev, "Registered IRQ %d as PPS source\n",
+ data->irq);
return 0;
}
diff --git a/drivers/pps/clients/pps-ktimer.c b/drivers/pps/clients/pps-ktimer.c
index d33106bd7a29..2f465549b843 100644
--- a/drivers/pps/clients/pps-ktimer.c
+++ b/drivers/pps/clients/pps-ktimer.c
@@ -56,7 +56,7 @@ static struct pps_source_info pps_ktimer_info = {
static void __exit pps_ktimer_exit(void)
{
- dev_info(pps->dev, "ktimer PPS source unregistered\n");
+ dev_dbg(&pps->dev, "ktimer PPS source unregistered\n");
del_timer_sync(&ktimer);
pps_unregister_source(pps);
@@ -74,7 +74,7 @@ static int __init pps_ktimer_init(void)
timer_setup(&ktimer, pps_ktimer_event, 0);
mod_timer(&ktimer, jiffies + HZ);
- dev_info(pps->dev, "ktimer PPS source registered\n");
+ dev_dbg(&pps->dev, "ktimer PPS source registered\n");
return 0;
}
diff --git a/drivers/pps/clients/pps-ldisc.c b/drivers/pps/clients/pps-ldisc.c
index 443d6bae19d1..fa5660f3c4b7 100644
--- a/drivers/pps/clients/pps-ldisc.c
+++ b/drivers/pps/clients/pps-ldisc.c
@@ -32,7 +32,7 @@ static void pps_tty_dcd_change(struct tty_struct *tty, bool active)
pps_event(pps, &ts, active ? PPS_CAPTUREASSERT :
PPS_CAPTURECLEAR, NULL);
- dev_dbg(pps->dev, "PPS %s at %lu\n",
+ dev_dbg(&pps->dev, "PPS %s at %lu\n",
active ? "assert" : "clear", jiffies);
}
@@ -69,7 +69,7 @@ static int pps_tty_open(struct tty_struct *tty)
goto err_unregister;
}
- dev_info(pps->dev, "source \"%s\" added\n", info.path);
+ dev_dbg(&pps->dev, "source \"%s\" added\n", info.path);
return 0;
@@ -89,7 +89,7 @@ static void pps_tty_close(struct tty_struct *tty)
if (WARN_ON(!pps))
return;
- dev_info(pps->dev, "removed\n");
+ dev_info(&pps->dev, "removed\n");
pps_unregister_source(pps);
}
diff --git a/drivers/pps/clients/pps_parport.c b/drivers/pps/clients/pps_parport.c
index abaffb4e1c1c..24db06750297 100644
--- a/drivers/pps/clients/pps_parport.c
+++ b/drivers/pps/clients/pps_parport.c
@@ -81,7 +81,7 @@ static void parport_irq(void *handle)
/* check the signal (no signal means the pulse is lost this time) */
if (!signal_is_set(port)) {
local_irq_restore(flags);
- dev_err(dev->pps->dev, "lost the signal\n");
+ dev_err(&dev->pps->dev, "lost the signal\n");
goto out_assert;
}
@@ -98,7 +98,7 @@ static void parport_irq(void *handle)
/* timeout */
dev->cw_err++;
if (dev->cw_err >= CLEAR_WAIT_MAX_ERRORS) {
- dev_err(dev->pps->dev, "disabled clear edge capture after %d"
+ dev_err(&dev->pps->dev, "disabled clear edge capture after %d"
" timeouts\n", dev->cw_err);
dev->cw = 0;
dev->cw_err = 0;
diff --git a/drivers/pps/kapi.c b/drivers/pps/kapi.c
index d9d566f70ed1..92d1b62ea239 100644
--- a/drivers/pps/kapi.c
+++ b/drivers/pps/kapi.c
@@ -41,7 +41,7 @@ static void pps_add_offset(struct pps_ktime *ts, struct pps_ktime *offset)
static void pps_echo_client_default(struct pps_device *pps, int event,
void *data)
{
- dev_info(pps->dev, "echo %s %s\n",
+ dev_info(&pps->dev, "echo %s %s\n",
event & PPS_CAPTUREASSERT ? "assert" : "",
event & PPS_CAPTURECLEAR ? "clear" : "");
}
@@ -112,7 +112,7 @@ struct pps_device *pps_register_source(struct pps_source_info *info,
goto kfree_pps;
}
- dev_info(pps->dev, "new PPS source %s\n", info->name);
+ dev_dbg(&pps->dev, "new PPS source %s\n", info->name);
return pps;
@@ -166,7 +166,7 @@ void pps_event(struct pps_device *pps, struct pps_event_time *ts, int event,
/* check event type */
BUG_ON((event & (PPS_CAPTUREASSERT | PPS_CAPTURECLEAR)) == 0);
- dev_dbg(pps->dev, "PPS event at %lld.%09ld\n",
+ dev_dbg(&pps->dev, "PPS event at %lld.%09ld\n",
(s64)ts->ts_real.tv_sec, ts->ts_real.tv_nsec);
timespec_to_pps_ktime(&ts_real, ts->ts_real);
@@ -188,7 +188,7 @@ void pps_event(struct pps_device *pps, struct pps_event_time *ts, int event,
/* Save the time stamp */
pps->assert_tu = ts_real;
pps->assert_sequence++;
- dev_dbg(pps->dev, "capture assert seq #%u\n",
+ dev_dbg(&pps->dev, "capture assert seq #%u\n",
pps->assert_sequence);
captured = ~0;
@@ -202,7 +202,7 @@ void pps_event(struct pps_device *pps, struct pps_event_time *ts, int event,
/* Save the time stamp */
pps->clear_tu = ts_real;
pps->clear_sequence++;
- dev_dbg(pps->dev, "capture clear seq #%u\n",
+ dev_dbg(&pps->dev, "capture clear seq #%u\n",
pps->clear_sequence);
captured = ~0;
diff --git a/drivers/pps/kc.c b/drivers/pps/kc.c
index 50dc59af45be..fbd23295afd7 100644
--- a/drivers/pps/kc.c
+++ b/drivers/pps/kc.c
@@ -43,11 +43,11 @@ int pps_kc_bind(struct pps_device *pps, struct pps_bind_args *bind_args)
pps_kc_hardpps_mode = 0;
pps_kc_hardpps_dev = NULL;
spin_unlock_irq(&pps_kc_hardpps_lock);
- dev_info(pps->dev, "unbound kernel"
+ dev_info(&pps->dev, "unbound kernel"
" consumer\n");
} else {
spin_unlock_irq(&pps_kc_hardpps_lock);
- dev_err(pps->dev, "selected kernel consumer"
+ dev_err(&pps->dev, "selected kernel consumer"
" is not bound\n");
return -EINVAL;
}
@@ -57,11 +57,11 @@ int pps_kc_bind(struct pps_device *pps, struct pps_bind_args *bind_args)
pps_kc_hardpps_mode = bind_args->edge;
pps_kc_hardpps_dev = pps;
spin_unlock_irq(&pps_kc_hardpps_lock);
- dev_info(pps->dev, "bound kernel consumer: "
+ dev_info(&pps->dev, "bound kernel consumer: "
"edge=0x%x\n", bind_args->edge);
} else {
spin_unlock_irq(&pps_kc_hardpps_lock);
- dev_err(pps->dev, "another kernel consumer"
+ dev_err(&pps->dev, "another kernel consumer"
" is already bound\n");
return -EINVAL;
}
@@ -83,7 +83,7 @@ void pps_kc_remove(struct pps_device *pps)
pps_kc_hardpps_mode = 0;
pps_kc_hardpps_dev = NULL;
spin_unlock_irq(&pps_kc_hardpps_lock);
- dev_info(pps->dev, "unbound kernel consumer"
+ dev_info(&pps->dev, "unbound kernel consumer"
" on device removal\n");
} else
spin_unlock_irq(&pps_kc_hardpps_lock);
diff --git a/drivers/pps/pps.c b/drivers/pps/pps.c
index 25d47907db17..6a02245ea35f 100644
--- a/drivers/pps/pps.c
+++ b/drivers/pps/pps.c
@@ -25,7 +25,7 @@
* Local variables
*/
-static dev_t pps_devt;
+static int pps_major;
static struct class *pps_class;
static DEFINE_MUTEX(pps_idr_lock);
@@ -62,7 +62,7 @@ static int pps_cdev_pps_fetch(struct pps_device *pps, struct pps_fdata *fdata)
else {
unsigned long ticks;
- dev_dbg(pps->dev, "timeout %lld.%09d\n",
+ dev_dbg(&pps->dev, "timeout %lld.%09d\n",
(long long) fdata->timeout.sec,
fdata->timeout.nsec);
ticks = fdata->timeout.sec * HZ;
@@ -80,7 +80,7 @@ static int pps_cdev_pps_fetch(struct pps_device *pps, struct pps_fdata *fdata)
/* Check for pending signals */
if (err == -ERESTARTSYS) {
- dev_dbg(pps->dev, "pending signal caught\n");
+ dev_dbg(&pps->dev, "pending signal caught\n");
return -EINTR;
}
@@ -98,7 +98,7 @@ static long pps_cdev_ioctl(struct file *file,
switch (cmd) {
case PPS_GETPARAMS:
- dev_dbg(pps->dev, "PPS_GETPARAMS\n");
+ dev_dbg(&pps->dev, "PPS_GETPARAMS\n");
spin_lock_irq(&pps->lock);
@@ -114,7 +114,7 @@ static long pps_cdev_ioctl(struct file *file,
break;
case PPS_SETPARAMS:
- dev_dbg(pps->dev, "PPS_SETPARAMS\n");
+ dev_dbg(&pps->dev, "PPS_SETPARAMS\n");
/* Check the capabilities */
if (!capable(CAP_SYS_TIME))
@@ -124,14 +124,14 @@ static long pps_cdev_ioctl(struct file *file,
if (err)
return -EFAULT;
if (!(params.mode & (PPS_CAPTUREASSERT | PPS_CAPTURECLEAR))) {
- dev_dbg(pps->dev, "capture mode unspecified (%x)\n",
+ dev_dbg(&pps->dev, "capture mode unspecified (%x)\n",
params.mode);
return -EINVAL;
}
/* Check for supported capabilities */
if ((params.mode & ~pps->info.mode) != 0) {
- dev_dbg(pps->dev, "unsupported capabilities (%x)\n",
+ dev_dbg(&pps->dev, "unsupported capabilities (%x)\n",
params.mode);
return -EINVAL;
}
@@ -144,7 +144,7 @@ static long pps_cdev_ioctl(struct file *file,
/* Restore the read only parameters */
if ((params.mode & (PPS_TSFMT_TSPEC | PPS_TSFMT_NTPFP)) == 0) {
/* section 3.3 of RFC 2783 interpreted */
- dev_dbg(pps->dev, "time format unspecified (%x)\n",
+ dev_dbg(&pps->dev, "time format unspecified (%x)\n",
params.mode);
pps->params.mode |= PPS_TSFMT_TSPEC;
}
@@ -165,7 +165,7 @@ static long pps_cdev_ioctl(struct file *file,
break;
case PPS_GETCAP:
- dev_dbg(pps->dev, "PPS_GETCAP\n");
+ dev_dbg(&pps->dev, "PPS_GETCAP\n");
err = put_user(pps->info.mode, iuarg);
if (err)
@@ -176,7 +176,7 @@ static long pps_cdev_ioctl(struct file *file,
case PPS_FETCH: {
struct pps_fdata fdata;
- dev_dbg(pps->dev, "PPS_FETCH\n");
+ dev_dbg(&pps->dev, "PPS_FETCH\n");
err = copy_from_user(&fdata, uarg, sizeof(struct pps_fdata));
if (err)
@@ -206,7 +206,7 @@ static long pps_cdev_ioctl(struct file *file,
case PPS_KC_BIND: {
struct pps_bind_args bind_args;
- dev_dbg(pps->dev, "PPS_KC_BIND\n");
+ dev_dbg(&pps->dev, "PPS_KC_BIND\n");
/* Check the capabilities */
if (!capable(CAP_SYS_TIME))
@@ -218,7 +218,7 @@ static long pps_cdev_ioctl(struct file *file,
/* Check for supported capabilities */
if ((bind_args.edge & ~pps->info.mode) != 0) {
- dev_err(pps->dev, "unsupported capabilities (%x)\n",
+ dev_err(&pps->dev, "unsupported capabilities (%x)\n",
bind_args.edge);
return -EINVAL;
}
@@ -227,7 +227,7 @@ static long pps_cdev_ioctl(struct file *file,
if (bind_args.tsformat != PPS_TSFMT_TSPEC ||
(bind_args.edge & ~PPS_CAPTUREBOTH) != 0 ||
bind_args.consumer != PPS_KC_HARDPPS) {
- dev_err(pps->dev, "invalid kernel consumer bind"
+ dev_err(&pps->dev, "invalid kernel consumer bind"
" parameters (%x)\n", bind_args.edge);
return -EINVAL;
}
@@ -259,7 +259,7 @@ static long pps_cdev_compat_ioctl(struct file *file,
struct pps_fdata fdata;
int err;
- dev_dbg(pps->dev, "PPS_FETCH\n");
+ dev_dbg(&pps->dev, "PPS_FETCH\n");
err = copy_from_user(&compat, uarg, sizeof(struct pps_fdata_compat));
if (err)
@@ -296,20 +296,36 @@ static long pps_cdev_compat_ioctl(struct file *file,
#define pps_cdev_compat_ioctl NULL
#endif
+static struct pps_device *pps_idr_get(unsigned long id)
+{
+ struct pps_device *pps;
+
+ mutex_lock(&pps_idr_lock);
+ pps = idr_find(&pps_idr, id);
+ if (pps)
+ get_device(&pps->dev);
+
+ mutex_unlock(&pps_idr_lock);
+ return pps;
+}
+
static int pps_cdev_open(struct inode *inode, struct file *file)
{
- struct pps_device *pps = container_of(inode->i_cdev,
- struct pps_device, cdev);
+ struct pps_device *pps = pps_idr_get(iminor(inode));
+
+ if (!pps)
+ return -ENODEV;
+
file->private_data = pps;
- kobject_get(&pps->dev->kobj);
return 0;
}
static int pps_cdev_release(struct inode *inode, struct file *file)
{
- struct pps_device *pps = container_of(inode->i_cdev,
- struct pps_device, cdev);
- kobject_put(&pps->dev->kobj);
+ struct pps_device *pps = file->private_data;
+
+ WARN_ON(pps->id != iminor(inode));
+ put_device(&pps->dev);
return 0;
}
@@ -331,22 +347,13 @@ static void pps_device_destruct(struct device *dev)
{
struct pps_device *pps = dev_get_drvdata(dev);
- cdev_del(&pps->cdev);
-
- /* Now we can release the ID for re-use */
pr_debug("deallocating pps%d\n", pps->id);
- mutex_lock(&pps_idr_lock);
- idr_remove(&pps_idr, pps->id);
- mutex_unlock(&pps_idr_lock);
-
- kfree(dev);
kfree(pps);
}
int pps_register_cdev(struct pps_device *pps)
{
int err;
- dev_t devt;
mutex_lock(&pps_idr_lock);
/*
@@ -363,40 +370,29 @@ int pps_register_cdev(struct pps_device *pps)
goto out_unlock;
}
pps->id = err;
- mutex_unlock(&pps_idr_lock);
- devt = MKDEV(MAJOR(pps_devt), pps->id);
-
- cdev_init(&pps->cdev, &pps_cdev_fops);
- pps->cdev.owner = pps->info.owner;
-
- err = cdev_add(&pps->cdev, devt, 1);
- if (err) {
- pr_err("%s: failed to add char device %d:%d\n",
- pps->info.name, MAJOR(pps_devt), pps->id);
+ pps->dev.class = pps_class;
+ pps->dev.parent = pps->info.dev;
+ pps->dev.devt = MKDEV(pps_major, pps->id);
+ dev_set_drvdata(&pps->dev, pps);
+ dev_set_name(&pps->dev, "pps%d", pps->id);
+ err = device_register(&pps->dev);
+ if (err)
goto free_idr;
- }
- pps->dev = device_create(pps_class, pps->info.dev, devt, pps,
- "pps%d", pps->id);
- if (IS_ERR(pps->dev)) {
- err = PTR_ERR(pps->dev);
- goto del_cdev;
- }
/* Override the release function with our own */
- pps->dev->release = pps_device_destruct;
+ pps->dev.release = pps_device_destruct;
- pr_debug("source %s got cdev (%d:%d)\n", pps->info.name,
- MAJOR(pps_devt), pps->id);
+ pr_debug("source %s got cdev (%d:%d)\n", pps->info.name, pps_major,
+ pps->id);
+ get_device(&pps->dev);
+ mutex_unlock(&pps_idr_lock);
return 0;
-del_cdev:
- cdev_del(&pps->cdev);
-
free_idr:
- mutex_lock(&pps_idr_lock);
idr_remove(&pps_idr, pps->id);
+ put_device(&pps->dev);
out_unlock:
mutex_unlock(&pps_idr_lock);
return err;
@@ -406,7 +402,13 @@ void pps_unregister_cdev(struct pps_device *pps)
{
pr_debug("unregistering pps%d\n", pps->id);
pps->lookup_cookie = NULL;
- device_destroy(pps_class, pps->dev->devt);
+ device_destroy(pps_class, pps->dev.devt);
+
+ /* Now we can release the ID for re-use */
+ mutex_lock(&pps_idr_lock);
+ idr_remove(&pps_idr, pps->id);
+ put_device(&pps->dev);
+ mutex_unlock(&pps_idr_lock);
}
/*
@@ -426,6 +428,11 @@ void pps_unregister_cdev(struct pps_device *pps)
* so that it will not be used again, even if the pps device cannot
* be removed from the idr due to pending references holding the minor
* number in use.
+ *
+ * Since pps_idr holds a reference to the device, the returned
+ * pps_device is guaranteed to be valid until pps_unregister_cdev() is
+ * called on it. But after calling pps_unregister_cdev(), it may be
+ * freed at any time.
*/
struct pps_device *pps_lookup_dev(void const *cookie)
{
@@ -448,13 +455,11 @@ EXPORT_SYMBOL(pps_lookup_dev);
static void __exit pps_exit(void)
{
class_destroy(pps_class);
- unregister_chrdev_region(pps_devt, PPS_MAX_SOURCES);
+ __unregister_chrdev(pps_major, 0, PPS_MAX_SOURCES, "pps");
}
static int __init pps_init(void)
{
- int err;
-
pps_class = class_create("pps");
if (IS_ERR(pps_class)) {
pr_err("failed to allocate class\n");
@@ -462,8 +467,9 @@ static int __init pps_init(void)
}
pps_class->dev_groups = pps_groups;
- err = alloc_chrdev_region(&pps_devt, 0, PPS_MAX_SOURCES, "pps");
- if (err < 0) {
+ pps_major = __register_chrdev(0, 0, PPS_MAX_SOURCES, "pps",
+ &pps_cdev_fops);
+ if (pps_major < 0) {
pr_err("failed to allocate char device region\n");
goto remove_class;
}
@@ -476,8 +482,7 @@ static int __init pps_init(void)
remove_class:
class_destroy(pps_class);
-
- return err;
+ return pps_major;
}
subsys_initcall(pps_init);
diff --git a/drivers/ptp/ptp_ocp.c b/drivers/ptp/ptp_ocp.c
index 5feecaadde8e..120db96d9e95 100644
--- a/drivers/ptp/ptp_ocp.c
+++ b/drivers/ptp/ptp_ocp.c
@@ -4420,7 +4420,7 @@ ptp_ocp_complete(struct ptp_ocp *bp)
pps = pps_lookup_dev(bp->ptp);
if (pps)
- ptp_ocp_symlink(bp, pps->dev, "pps");
+ ptp_ocp_symlink(bp, &pps->dev, "pps");
ptp_ocp_debugfs_add_device(bp);
diff --git a/include/linux/pps_kernel.h b/include/linux/pps_kernel.h
index 78c8ac4951b5..c7abce28ed29 100644
--- a/include/linux/pps_kernel.h
+++ b/include/linux/pps_kernel.h
@@ -56,8 +56,7 @@ struct pps_device {
unsigned int id; /* PPS source unique ID */
void const *lookup_cookie; /* For pps_lookup_dev() only */
- struct cdev cdev;
- struct device *dev;
+ struct device dev;
struct fasync_struct *async_queue; /* fasync method */
spinlock_t lock;
};
4 months, 1 week
- 3
- 2
[PATCHSET RFC 6.12] xfs: bug fixes for 6.12.y LTS
by Darrick J. Wong
Hi all,
Here's a bunch of bespoke hand-ported bug fixes for 6.12 LTS.
If you're going to start using this code, I strongly recommend pulling
from my git trees, which are linked below.
With a bit of luck, this should all go splendidly.
Comments and questions are, as always, welcome.
--D
kernel git tree:
https://git.kernel.org/cgit/linux/kernel/git/djwong/xfs-linux.git/log/?h=ne…
---
Commits in this patchset:
* xfs: avoid nested calls to __xfs_trans_commit
* xfs: don't lose solo superblock counter update transactions
* xfs: don't lose solo dquot update transactions
* xfs: separate dquot buffer reads from xfs_dqflush
* xfs: clean up log item accesses in xfs_qm_dqflush{,_done}
* xfs: attach dquot buffer to dquot log item buffer
* xfs: convert quotacheck to attach dquot buffers
* xfs: don't over-report free space or inodes in statvfs
* xfs: release the dquot buf outside of qli_lock
* xfs: lock dquot buffer before detaching dquot from b_li_list
---
fs/xfs/xfs_dquot.c | 199 +++++++++++++++++++++++++++++++++++++++-------
fs/xfs/xfs_dquot.h | 6 +
fs/xfs/xfs_dquot_item.c | 51 +++++++++---
fs/xfs/xfs_dquot_item.h | 7 ++
fs/xfs/xfs_qm.c | 48 +++++++++--
fs/xfs/xfs_qm_bhv.c | 27 ++++--
fs/xfs/xfs_quota.h | 7 +-
fs/xfs/xfs_trans.c | 39 +++++----
fs/xfs/xfs_trans_ail.c | 2
fs/xfs/xfs_trans_dquot.c | 31 ++++++-
10 files changed, 328 insertions(+), 89 deletions(-)
4 months, 1 week
- 3
- 14
[PATCH 6.1 5.15 5.10 5.4 0/3] Backport ASIX AX99100 support
by Tomita Moeko
This patchset backports ASIX AX99100 pcie serial/parallel port
controller support to linux 6.1 5.15 5.10 5.4. It just add a device ID,
no functional changes included.
The commit 3029ad913353("can: ems_pci: move ASIX AX99100 ids to
pci_ids.h") was renamed to "PCI: add ASIX AX99100 ids to pci_ids.h",
and changes in drivers/net/can/sja1000/ems_pci.c were dropped as the
ems_pci change are only relevant for linux 6.3 and later.
Tomita Moeko (3):
PCI: add ASIX AX99100 ids to pci_ids.h
serial: 8250_pci: add support for ASIX AX99100
parport_pc: add support for ASIX AX99100
drivers/parport/parport_pc.c | 5 +++++
drivers/tty/serial/8250/8250_pci.c | 10 ++++++++++
include/linux/pci_ids.h | 4 ++++
3 files changed, 19 insertions(+)
--
2.47.2
4 months, 1 week
- 2
- 4
[PATCH 6.1 0/3] nilfs2: protect busy buffer heads from being force-cleared
by Ryusuke Konishi
Please apply this series to the 6.1-stable tree.
This series makes it possible to backport the latter two patches
(fixing some syzbot issues and a use-after-free issue) that could not
be backported to 6.1.y.
To achieve this, one dependent patch (patch 1/3) is included, and each
patch is tailored to avoid extensive page/folio conversion. Both
adjustments are specific to nilfs2 and do not include tree-wide
changes.
It has also been tested against the latest 6.1.y.
Thanks,
Ryusuke Konishi
Ryusuke Konishi (3):
nilfs2: do not output warnings when clearing dirty buffers
nilfs2: do not force clear folio if buffer is referenced
nilfs2: protect access to buffers with no active references
fs/nilfs2/inode.c | 4 ++--
fs/nilfs2/mdt.c | 6 ++---
fs/nilfs2/page.c | 55 ++++++++++++++++++++++++++-------------------
fs/nilfs2/page.h | 4 ++--
fs/nilfs2/segment.c | 4 +++-
5 files changed, 42 insertions(+), 31 deletions(-)
--
2.43.5
4 months, 1 week
- 2
- 4
[PATCH Linux-6.12.y 1/1] selftests/bpf: Add test to verify tailcall and freplace restrictions
by Yifei Liu
From: Leon Hwang <leon.hwang(a)linux.dev>
[ Upstream commit 021611d33e78694f4bd54573093c6fc70a812644 ]
Add a test case to ensure that attaching a tail callee program with an
freplace program fails, and that updating an extended program to a
prog_array map is also prohibited.
This test is designed to prevent the potential infinite loop issue caused
by the combination of tail calls and freplace, ensuring the correct
behavior and stability of the system.
Additionally, fix the broken tailcalls/tailcall_freplace selftest
because an extension prog should not be tailcalled.
cd tools/testing/selftests/bpf; ./test_progs -t tailcalls
337/25 tailcalls/tailcall_freplace:OK
337/26 tailcalls/tailcall_bpf2bpf_freplace:OK
337 tailcalls:OK
Summary: 1/26 PASSED, 0 SKIPPED, 0 FAILED
Acked-by: Eduard Zingerman <eddyz87(a)gmail.com>
Signed-off-by: Leon Hwang <leon.hwang(a)linux.dev>
Link: https://lore.kernel.org/r/20241015150207.70264-3-leon.hwang@linux.dev
Signed-off-by: Alexei Starovoitov <ast(a)kernel.org>
(cherry picked from commit 021611d33e78694f4bd54573093c6fc70a812644)
[Yifei: bpf freplace update is backported to linux-6.12 by commit 987aa730bad3 ("bpf: Prevent tailcall infinite
loop caused by freplace"). It will cause selftest #336/25 failed. Then backport this commit]
Signed-off-by: Yifei Liu <yifei.l.liu(a)oracle.com>
---
.../selftests/bpf/prog_tests/tailcalls.c | 120 ++++++++++++++++--
.../testing/selftests/bpf/progs/tc_bpf2bpf.c | 5 +-
2 files changed, 109 insertions(+), 16 deletions(-)
diff --git a/tools/testing/selftests/bpf/prog_tests/tailcalls.c b/tools/testing/selftests/bpf/prog_tests/tailcalls.c
index 21c5a37846ad..40f22454cf05 100644
--- a/tools/testing/selftests/bpf/prog_tests/tailcalls.c
+++ b/tools/testing/selftests/bpf/prog_tests/tailcalls.c
@@ -1496,8 +1496,8 @@ static void test_tailcall_bpf2bpf_hierarchy_3(void)
RUN_TESTS(tailcall_bpf2bpf_hierarchy3);
}
-/* test_tailcall_freplace checks that the attached freplace prog is OK to
- * update the prog_array map.
+/* test_tailcall_freplace checks that the freplace prog fails to update the
+ * prog_array map, no matter whether the freplace prog attaches to its target.
*/
static void test_tailcall_freplace(void)
{
@@ -1505,7 +1505,7 @@ static void test_tailcall_freplace(void)
struct bpf_link *freplace_link = NULL;
struct bpf_program *freplace_prog;
struct tc_bpf2bpf *tc_skel = NULL;
- int prog_fd, map_fd;
+ int prog_fd, tc_prog_fd, map_fd;
char buff[128] = {};
int err, key;
@@ -1523,9 +1523,10 @@ static void test_tailcall_freplace(void)
if (!ASSERT_OK_PTR(tc_skel, "tc_bpf2bpf__open_and_load"))
goto out;
- prog_fd = bpf_program__fd(tc_skel->progs.entry_tc);
+ tc_prog_fd = bpf_program__fd(tc_skel->progs.entry_tc);
freplace_prog = freplace_skel->progs.entry_freplace;
- err = bpf_program__set_attach_target(freplace_prog, prog_fd, "subprog");
+ err = bpf_program__set_attach_target(freplace_prog, tc_prog_fd,
+ "subprog_tc");
if (!ASSERT_OK(err, "set_attach_target"))
goto out;
@@ -1533,27 +1534,116 @@ static void test_tailcall_freplace(void)
if (!ASSERT_OK(err, "tailcall_freplace__load"))
goto out;
- freplace_link = bpf_program__attach_freplace(freplace_prog, prog_fd,
- "subprog");
+ map_fd = bpf_map__fd(freplace_skel->maps.jmp_table);
+ prog_fd = bpf_program__fd(freplace_prog);
+ key = 0;
+ err = bpf_map_update_elem(map_fd, &key, &prog_fd, BPF_ANY);
+ ASSERT_ERR(err, "update jmp_table failure");
+
+ freplace_link = bpf_program__attach_freplace(freplace_prog, tc_prog_fd,
+ "subprog_tc");
if (!ASSERT_OK_PTR(freplace_link, "attach_freplace"))
goto out;
- map_fd = bpf_map__fd(freplace_skel->maps.jmp_table);
- prog_fd = bpf_program__fd(freplace_prog);
+ err = bpf_map_update_elem(map_fd, &key, &prog_fd, BPF_ANY);
+ ASSERT_ERR(err, "update jmp_table failure");
+
+out:
+ bpf_link__destroy(freplace_link);
+ tailcall_freplace__destroy(freplace_skel);
+ tc_bpf2bpf__destroy(tc_skel);
+}
+
+/* test_tailcall_bpf2bpf_freplace checks the failure that fails to attach a tail
+ * callee prog with freplace prog or fails to update an extended prog to
+ * prog_array map.
+ */
+static void test_tailcall_bpf2bpf_freplace(void)
+{
+ struct tailcall_freplace *freplace_skel = NULL;
+ struct bpf_link *freplace_link = NULL;
+ struct tc_bpf2bpf *tc_skel = NULL;
+ char buff[128] = {};
+ int prog_fd, map_fd;
+ int err, key;
+
+ LIBBPF_OPTS(bpf_test_run_opts, topts,
+ .data_in = buff,
+ .data_size_in = sizeof(buff),
+ .repeat = 1,
+ );
+
+ tc_skel = tc_bpf2bpf__open_and_load();
+ if (!ASSERT_OK_PTR(tc_skel, "tc_bpf2bpf__open_and_load"))
+ goto out;
+
+ prog_fd = bpf_program__fd(tc_skel->progs.entry_tc);
+ freplace_skel = tailcall_freplace__open();
+ if (!ASSERT_OK_PTR(freplace_skel, "tailcall_freplace__open"))
+ goto out;
+
+ err = bpf_program__set_attach_target(freplace_skel->progs.entry_freplace,
+ prog_fd, "subprog_tc");
+ if (!ASSERT_OK(err, "set_attach_target"))
+ goto out;
+
+ err = tailcall_freplace__load(freplace_skel);
+ if (!ASSERT_OK(err, "tailcall_freplace__load"))
+ goto out;
+
+ /* OK to attach then detach freplace prog. */
+
+ freplace_link = bpf_program__attach_freplace(freplace_skel->progs.entry_freplace,
+ prog_fd, "subprog_tc");
+ if (!ASSERT_OK_PTR(freplace_link, "attach_freplace"))
+ goto out;
+
+ err = bpf_link__destroy(freplace_link);
+ if (!ASSERT_OK(err, "destroy link"))
+ goto out;
+
+ /* OK to update prog_array map then delete element from the map. */
+
key = 0;
+ map_fd = bpf_map__fd(freplace_skel->maps.jmp_table);
err = bpf_map_update_elem(map_fd, &key, &prog_fd, BPF_ANY);
if (!ASSERT_OK(err, "update jmp_table"))
goto out;
- prog_fd = bpf_program__fd(tc_skel->progs.entry_tc);
- err = bpf_prog_test_run_opts(prog_fd, &topts);
- ASSERT_OK(err, "test_run");
- ASSERT_EQ(topts.retval, 34, "test_run retval");
+ err = bpf_map_delete_elem(map_fd, &key);
+ if (!ASSERT_OK(err, "delete_elem from jmp_table"))
+ goto out;
+
+ /* Fail to attach a tail callee prog with freplace prog. */
+
+ err = bpf_map_update_elem(map_fd, &key, &prog_fd, BPF_ANY);
+ if (!ASSERT_OK(err, "update jmp_table"))
+ goto out;
+
+ freplace_link = bpf_program__attach_freplace(freplace_skel->progs.entry_freplace,
+ prog_fd, "subprog_tc");
+ if (!ASSERT_ERR_PTR(freplace_link, "attach_freplace failure"))
+ goto out;
+
+ err = bpf_map_delete_elem(map_fd, &key);
+ if (!ASSERT_OK(err, "delete_elem from jmp_table"))
+ goto out;
+
+ /* Fail to update an extended prog to prog_array map. */
+
+ freplace_link = bpf_program__attach_freplace(freplace_skel->progs.entry_freplace,
+ prog_fd, "subprog_tc");
+ if (!ASSERT_OK_PTR(freplace_link, "attach_freplace"))
+ goto out;
+
+ err = bpf_map_update_elem(map_fd, &key, &prog_fd, BPF_ANY);
+ if (!ASSERT_ERR(err, "update jmp_table failure"))
+ goto out;
out:
bpf_link__destroy(freplace_link);
- tc_bpf2bpf__destroy(tc_skel);
tailcall_freplace__destroy(freplace_skel);
+ tc_bpf2bpf__destroy(tc_skel);
}
void test_tailcalls(void)
@@ -1606,4 +1696,6 @@ void test_tailcalls(void)
test_tailcall_bpf2bpf_hierarchy_3();
if (test__start_subtest("tailcall_freplace"))
test_tailcall_freplace();
+ if (test__start_subtest("tailcall_bpf2bpf_freplace"))
+ test_tailcall_bpf2bpf_freplace();
}
diff --git a/tools/testing/selftests/bpf/progs/tc_bpf2bpf.c b/tools/testing/selftests/bpf/progs/tc_bpf2bpf.c
index 79f5087dade2..fe6249d99b31 100644
--- a/tools/testing/selftests/bpf/progs/tc_bpf2bpf.c
+++ b/tools/testing/selftests/bpf/progs/tc_bpf2bpf.c
@@ -5,10 +5,11 @@
#include "bpf_misc.h"
__noinline
-int subprog(struct __sk_buff *skb)
+int subprog_tc(struct __sk_buff *skb)
{
int ret = 1;
+ __sink(skb);
__sink(ret);
/* let verifier know that 'subprog_tc' can change pointers to skb->data */
bpf_skb_change_proto(skb, 0, 0);
@@ -18,7 +19,7 @@ int subprog(struct __sk_buff *skb)
SEC("tc")
int entry_tc(struct __sk_buff *skb)
{
- return subprog(skb);
+ return subprog_tc(skb);
}
char __license[] SEC("license") = "GPL";
--
2.46.0
4 months, 1 week
- 2
- 1
[PATCH 0/2] mm/damon/paddr: fix large folios access and schemes handling
by SeongJae Park
DAMON operations set for physical address space, namely 'paddr', treats
tail pages as unaccessed always. It can also apply DAMOS action to
a large folio multiple times within single DAMOS' regions walking. As a
result, the monitoring output has poor quality and DAMOS works in
unexpected ways when large folios are being used. Fix those.
The patches were parts of Usama's hugepage_size DAMOS filter patch
series[1]. The first fix has collected from there with a slight commit
message change for the subject prefix. The second fix is re-written by
SJ and posted as an RFC before this series. The second one also got a
slight commit message change for the subject prefix.
[1] https://lore.kernel.org/20250203225604.44742-1-usamaarif642@gmail.com
[2] https://lore.kernel.org/20250206231103.38298-1-sj@kernel.org
SeongJae Park (1):
mm/damon: avoid applying DAMOS action to same entity multiple times
Usama Arif (1):
mm/damon/ops: have damon_get_folio return folio even for tail pages
include/linux/damon.h | 11 +++++++++
mm/damon/core.c | 1 +
mm/damon/ops-common.c | 2 +-
mm/damon/paddr.c | 57 +++++++++++++++++++++++++++++++------------
4 files changed, 55 insertions(+), 16 deletions(-)
base-commit: 9c9a75a50e600803a157f4fc76cb856326406ce4
--
2.39.5
4 months, 1 week
- 1
- 2
[PATCH net 1/2] net: advertise 'netns local' property via netlink
by Nicolas Dichtel
Since the below commit, there is no way to see if the netns_local property
is set on a device. Let's add a netlink attribute to advertise it.
CC: stable(a)vger.kernel.org
Fixes: 05c1280a2bcf ("netdev_features: convert NETIF_F_NETNS_LOCAL to dev->netns_local")
Signed-off-by: Nicolas Dichtel <nicolas.dichtel(a)6wind.com>
---
include/uapi/linux/if_link.h | 1 +
net/core/rtnetlink.c | 3 +++
2 files changed, 4 insertions(+)
diff --git a/include/uapi/linux/if_link.h b/include/uapi/linux/if_link.h
index bfe880fbbb24..ed4a64e1c8f1 100644
--- a/include/uapi/linux/if_link.h
+++ b/include/uapi/linux/if_link.h
@@ -378,6 +378,7 @@ enum {
IFLA_GRO_IPV4_MAX_SIZE,
IFLA_DPLL_PIN,
IFLA_MAX_PACING_OFFLOAD_HORIZON,
+ IFLA_NETNS_LOCAL,
__IFLA_MAX
};
diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
index d1e559fce918..5032e65b8faa 100644
--- a/net/core/rtnetlink.c
+++ b/net/core/rtnetlink.c
@@ -1287,6 +1287,7 @@ static noinline size_t if_nlmsg_size(const struct net_device *dev,
+ nla_total_size(4) /* IFLA_TSO_MAX_SEGS */
+ nla_total_size(1) /* IFLA_OPERSTATE */
+ nla_total_size(1) /* IFLA_LINKMODE */
+ + nla_total_size(1) /* IFLA_NETNS_LOCAL */
+ nla_total_size(4) /* IFLA_CARRIER_CHANGES */
+ nla_total_size(4) /* IFLA_LINK_NETNSID */
+ nla_total_size(4) /* IFLA_GROUP */
@@ -2041,6 +2042,7 @@ static int rtnl_fill_ifinfo(struct sk_buff *skb,
netif_running(dev) ? READ_ONCE(dev->operstate) :
IF_OPER_DOWN) ||
nla_put_u8(skb, IFLA_LINKMODE, READ_ONCE(dev->link_mode)) ||
+ nla_put_u8(skb, IFLA_NETNS_LOCAL, dev->netns_local) ||
nla_put_u32(skb, IFLA_MTU, READ_ONCE(dev->mtu)) ||
nla_put_u32(skb, IFLA_MIN_MTU, READ_ONCE(dev->min_mtu)) ||
nla_put_u32(skb, IFLA_MAX_MTU, READ_ONCE(dev->max_mtu)) ||
@@ -2229,6 +2231,7 @@ static const struct nla_policy ifla_policy[IFLA_MAX+1] = {
[IFLA_ALLMULTI] = { .type = NLA_REJECT },
[IFLA_GSO_IPV4_MAX_SIZE] = NLA_POLICY_MIN(NLA_U32, MAX_TCP_HEADER + 1),
[IFLA_GRO_IPV4_MAX_SIZE] = { .type = NLA_U32 },
+ [IFLA_NETNS_LOCAL] = { .type = NLA_U8 },
};
static const struct nla_policy ifla_info_policy[IFLA_INFO_MAX+1] = {
--
2.47.1
4 months, 1 week
- 4
- 5
[PATCH 5.10/5.15] i3c: master: cdns: Fix use after free vulnerability in cdns_i3c_master Driver Due to Race Condition
by Alexey Panov
From: Kaixin Wang <kxwang23(a)m.fudan.edu.cn>
[ Upstream commit 609366e7a06d035990df78f1562291c3bf0d4a12 ]
In the cdns_i3c_master_probe function, &master->hj_work is bound with
cdns_i3c_master_hj. And cdns_i3c_master_interrupt can call
cnds_i3c_master_demux_ibis function to start the work.
If we remove the module which will call cdns_i3c_master_remove to
make cleanup, it will free master->base through i3c_master_unregister
while the work mentioned above will be used. The sequence of operations
that may lead to a UAF bug is as follows:
CPU0 CPU1
| cdns_i3c_master_hj
cdns_i3c_master_remove |
i3c_master_unregister(&master->base) |
device_unregister(&master->dev) |
device_release |
//free master->base |
| i3c_master_do_daa(&master->base)
| //use master->base
Fix it by ensuring that the work is canceled before proceeding with
the cleanup in cdns_i3c_master_remove.
Signed-off-by: Kaixin Wang <kxwang23(a)m.fudan.edu.cn>
Link: https://lore.kernel.org/r/20240911153544.848398-1-kxwang23@m.fudan.edu.cn
Signed-off-by: Alexandre Belloni <alexandre.belloni(a)bootlin.com>
Signed-off-by: Alexey Panov <apanov(a)astralinux.ru>
---
Backport fix for CVE-2024-50061
drivers/i3c/master/i3c-master-cdns.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/i3c/master/i3c-master-cdns.c b/drivers/i3c/master/i3c-master-cdns.c
index b9cfda6ae9ae..4473c0b1ae2e 100644
--- a/drivers/i3c/master/i3c-master-cdns.c
+++ b/drivers/i3c/master/i3c-master-cdns.c
@@ -1668,6 +1668,7 @@ static int cdns_i3c_master_remove(struct platform_device *pdev)
struct cdns_i3c_master *master = platform_get_drvdata(pdev);
int ret;
+ cancel_work_sync(&master->hj_work);
ret = i3c_master_unregister(&master->base);
if (ret)
return ret;
--
2.30.2
4 months, 1 week
- 1
- 0
[PATCH 6.1] i3c: master: cdns: Fix use after free vulnerability in cdns_i3c_master Driver Due to Race Condition
by Alexey Panov
From: Kaixin Wang <kxwang23(a)m.fudan.edu.cn>
[ Upstream commit 609366e7a06d035990df78f1562291c3bf0d4a12 ]
In the cdns_i3c_master_probe function, &master->hj_work is bound with
cdns_i3c_master_hj. And cdns_i3c_master_interrupt can call
cnds_i3c_master_demux_ibis function to start the work.
If we remove the module which will call cdns_i3c_master_remove to
make cleanup, it will free master->base through i3c_master_unregister
while the work mentioned above will be used. The sequence of operations
that may lead to a UAF bug is as follows:
CPU0 CPU1
| cdns_i3c_master_hj
cdns_i3c_master_remove |
i3c_master_unregister(&master->base) |
device_unregister(&master->dev) |
device_release |
//free master->base |
| i3c_master_do_daa(&master->base)
| //use master->base
Fix it by ensuring that the work is canceled before proceeding with
the cleanup in cdns_i3c_master_remove.
Signed-off-by: Kaixin Wang <kxwang23(a)m.fudan.edu.cn>
Link: https://lore.kernel.org/r/20240911153544.848398-1-kxwang23@m.fudan.edu.cn
Signed-off-by: Alexandre Belloni <alexandre.belloni(a)bootlin.com>
Signed-off-by: Alexey Panov <apanov(a)astralinux.ru>
---
Backport fix for CVE-2024-50061
drivers/i3c/master/i3c-master-cdns.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/i3c/master/i3c-master-cdns.c b/drivers/i3c/master/i3c-master-cdns.c
index 35b90bb686ad..c5a37f58079a 100644
--- a/drivers/i3c/master/i3c-master-cdns.c
+++ b/drivers/i3c/master/i3c-master-cdns.c
@@ -1667,6 +1667,7 @@ static int cdns_i3c_master_remove(struct platform_device *pdev)
{
struct cdns_i3c_master *master = platform_get_drvdata(pdev);
+ cancel_work_sync(&master->hj_work);
i3c_master_unregister(&master->base);
clk_disable_unprepare(master->sysclk);
--
2.30.2
4 months, 1 week
- 1
- 0
4 months, 1 week
- 2
- 1
[PATCH 5.10/5.15] tty: n_gsm: Fix use-after-free in gsm_cleanup_mux
by Alexey Panov
commit 9462f4ca56e7d2430fdb6dcc8498244acbfc4489 upstream.
BUG: KASAN: slab-use-after-free in gsm_cleanup_mux+0x77b/0x7b0
drivers/tty/n_gsm.c:3160 [n_gsm]
Read of size 8 at addr ffff88815fe99c00 by task poc/3379
CPU: 0 UID: 0 PID: 3379 Comm: poc Not tainted 6.11.0+ #56
Hardware name: VMware, Inc. VMware Virtual Platform/440BX
Desktop Reference Platform, BIOS 6.00 11/12/2020
Call Trace:
<TASK>
gsm_cleanup_mux+0x77b/0x7b0 drivers/tty/n_gsm.c:3160 [n_gsm]
__pfx_gsm_cleanup_mux+0x10/0x10 drivers/tty/n_gsm.c:3124 [n_gsm]
__pfx_sched_clock_cpu+0x10/0x10 kernel/sched/clock.c:389
update_load_avg+0x1c1/0x27b0 kernel/sched/fair.c:4500
__pfx_min_vruntime_cb_rotate+0x10/0x10 kernel/sched/fair.c:846
__rb_insert_augmented+0x492/0xbf0 lib/rbtree.c:161
gsmld_ioctl+0x395/0x1450 drivers/tty/n_gsm.c:3408 [n_gsm]
_raw_spin_lock_irqsave+0x92/0xf0 arch/x86/include/asm/atomic.h:107
__pfx_gsmld_ioctl+0x10/0x10 drivers/tty/n_gsm.c:3822 [n_gsm]
ktime_get+0x5e/0x140 kernel/time/timekeeping.c:195
ldsem_down_read+0x94/0x4e0 arch/x86/include/asm/atomic64_64.h:79
__pfx_ldsem_down_read+0x10/0x10 drivers/tty/tty_ldsem.c:338
__pfx_do_vfs_ioctl+0x10/0x10 fs/ioctl.c:805
tty_ioctl+0x643/0x1100 drivers/tty/tty_io.c:2818
Allocated by task 65:
gsm_data_alloc.constprop.0+0x27/0x190 drivers/tty/n_gsm.c:926 [n_gsm]
gsm_send+0x2c/0x580 drivers/tty/n_gsm.c:819 [n_gsm]
gsm1_receive+0x547/0xad0 drivers/tty/n_gsm.c:3038 [n_gsm]
gsmld_receive_buf+0x176/0x280 drivers/tty/n_gsm.c:3609 [n_gsm]
tty_ldisc_receive_buf+0x101/0x1e0 drivers/tty/tty_buffer.c:391
tty_port_default_receive_buf+0x61/0xa0 drivers/tty/tty_port.c:39
flush_to_ldisc+0x1b0/0x750 drivers/tty/tty_buffer.c:445
process_scheduled_works+0x2b0/0x10d0 kernel/workqueue.c:3229
worker_thread+0x3dc/0x950 kernel/workqueue.c:3391
kthread+0x2a3/0x370 kernel/kthread.c:389
ret_from_fork+0x2d/0x70 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:257
Freed by task 3367:
kfree+0x126/0x420 mm/slub.c:4580
gsm_cleanup_mux+0x36c/0x7b0 drivers/tty/n_gsm.c:3160 [n_gsm]
gsmld_ioctl+0x395/0x1450 drivers/tty/n_gsm.c:3408 [n_gsm]
tty_ioctl+0x643/0x1100 drivers/tty/tty_io.c:2818
[Analysis]
gsm_msg on the tx_ctrl_list or tx_data_list of gsm_mux
can be freed by multi threads through ioctl,which leads
to the occurrence of uaf. Protect it by gsm tx lock.
Signed-off-by: Longlong Xia <xialonglong(a)kylinos.cn>
Cc: stable <stable(a)kernel.org>
Suggested-by: Jiri Slaby <jirislaby(a)kernel.org>
Link: https://lore.kernel.org/r/20240926130213.531959-1-xialonglong@kylinos.cn
Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
[ Alexey: Replace guard macro with spin_lock_irqsave due to its unavailability
in pre-6.1 kernels. Based on a v1 patch from Longlong Xia [1]. ]
Link: https://lore.kernel.org/all/20240924093519.767036-1-xialonglong@kylinos.cn/ [1]
Signed-off-by: Alexey Panov <apanov(a)astralinux.ru>
---
Backport fix for CVE-2024-50073
drivers/tty/n_gsm.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/tty/n_gsm.c b/drivers/tty/n_gsm.c
index aae9f73585bd..1becbdf7c470 100644
--- a/drivers/tty/n_gsm.c
+++ b/drivers/tty/n_gsm.c
@@ -2443,6 +2443,7 @@ static void gsm_cleanup_mux(struct gsm_mux *gsm, bool disc)
int i;
struct gsm_dlci *dlci;
struct gsm_msg *txq, *ntxq;
+ unsigned long flags;
gsm->dead = true;
mutex_lock(&gsm->mutex);
@@ -2471,9 +2472,12 @@ static void gsm_cleanup_mux(struct gsm_mux *gsm, bool disc)
mutex_unlock(&gsm->mutex);
/* Now wipe the queues */
tty_ldisc_flush(gsm->tty);
+
+ spin_lock_irqsave(&gsm->tx_lock, flags);
list_for_each_entry_safe(txq, ntxq, &gsm->tx_list, list)
kfree(txq);
INIT_LIST_HEAD(&gsm->tx_list);
+ spin_unlock_irqrestore(&gsm->tx_lock, flags);
}
/**
--
2.30.2
4 months, 1 week
- 1
- 1
[PATCH 1/2] scsi: qedf: Replace kmalloc_array() with kcalloc()
by Jiasheng Jiang
Replace kmalloc_array() with kcalloc() to avoid old (dirty) data being
used/freed.
Fixes: 61d8658b4a43 ("scsi: qedf: Add QLogic FastLinQ offload FCoE driver framework.")
Cc: <stable(a)vger.kernel.org> # v5.10+
Signed-off-by: Jiasheng Jiang <jiashengjiangcool(a)gmail.com>
---
drivers/scsi/qedf/qedf_io.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/drivers/scsi/qedf/qedf_io.c b/drivers/scsi/qedf/qedf_io.c
index fcfc3bed02c6..d52057b97a4f 100644
--- a/drivers/scsi/qedf/qedf_io.c
+++ b/drivers/scsi/qedf/qedf_io.c
@@ -254,9 +254,7 @@ struct qedf_cmd_mgr *qedf_cmd_mgr_alloc(struct qedf_ctx *qedf)
}
/* Allocate pool of io_bdts - one for each qedf_ioreq */
- cmgr->io_bdt_pool = kmalloc_array(num_ios, sizeof(struct io_bdt *),
- GFP_KERNEL);
-
+ cmgr->io_bdt_pool = kcalloc(num_ios, sizeof(*cmgr->io_bdt_pool), GFP_KERNEL);
if (!cmgr->io_bdt_pool) {
QEDF_WARN(&(qedf->dbg_ctx), "Failed to alloc io_bdt_pool.\n");
goto mem_err;
--
2.25.1
4 months, 1 week
- 2
- 8
[stable] please apply media: cxd2841er: fix 64-bit division on gcc-9
by Dan Carpenter
Hi Greg and Sasha,
Could you please apply commit 8d46603eeeb4 ("media: cxd2841er: fix 64-bit
division on gcc-9") on v6.13.y? It fixes the build with gcc-8 on arm32.
It applies cleanly to older kernels as well, but it's only required
for v6.13.y.
regards,
dan carpenter
4 months, 1 week
- 1
- 0
[PATCH 6.13 000/623] 6.13.2-rc1 review
by Greg Kroah-Hartman
This is the start of the stable review cycle for the 6.13.2 release.
There are 623 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Fri, 07 Feb 2025 13:42:57 +0000.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.13.2-rc1…
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.13.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
Linux 6.13.2-rc1
Qu Wenruo <wqu(a)suse.com>
btrfs: do proper folio cleanup when run_delalloc_nocow() failed
Qu Wenruo <wqu(a)suse.com>
btrfs: do proper folio cleanup when cow_file_range() failed
Tiezhu Yang <yangtiezhu(a)loongson.cn>
LoongArch: Change 8 to 14 for LOONGARCH_MAX_{BRP,WRP}
Uwe Kleine-König <u.kleine-koenig(a)baylibre.com>
pwm: Ensure callbacks exist before calling them
Chen Ridong <chenridong(a)huawei.com>
memcg: fix soft lockup in the OOM process
Sean Christopherson <seanjc(a)google.com>
KVM: x86: Plumb in the vCPU to kvm_x86_ops.hwapic_isr_update()
Aric Cyr <Aric.Cyr(a)amd.com>
drm/amd/display: Add hubp cache reset when powergating
Nathan Chancellor <nathan(a)kernel.org>
s390: Add '-std=gnu11' to decompressor and purgatory CFLAGS
Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com>
ASoC: da7213: Initialize the mutex
Kevin Brodsky <kevin.brodsky(a)arm.com>
selftests/mm: build with -O2
Qu Wenruo <wqu(a)suse.com>
btrfs: output the reason for open_ctree() failure
Yu Kuai <yukuai3(a)huawei.com>
md/md-bitmap: Synchronize bitmap_get_stats() with bitmap lifetime
Shivaprasad G Bhat <sbhat(a)linux.ibm.com>
powerpc/pseries/iommu: Don't unset window if it was never set
Dan Carpenter <dan.carpenter(a)linaro.org>
media: imx-jpeg: Fix potential error pointer dereference in detach_pm()
Laurentiu Palcu <laurentiu.palcu(a)oss.nxp.com>
staging: media: max96712: fix kernel oops when removing module
Melissa Wen <mwen(a)igalia.com>
drm/amd/display: restore invalid MSA timing check for freesync
Thinh Nguyen <Thinh.Nguyen(a)synopsys.com>
usb: gadget: f_tcm: Don't free command immediately
Calvin Owens <calvin(a)wbinvd.org>
pps: Fix a use-after-free
Laurent Pinchart <laurent.pinchart(a)ideasonboard.com>
media: uvcvideo: Fix double free in error path
Arnaud Pouliquen <arnaud.pouliquen(a)foss.st.com>
remoteproc: core: Fix ida_free call while not allocated
Patrisious Haddad <phaddad(a)nvidia.com>
RDMA/mlx5: Fix implicit ODP use after free
Matthieu Baerts (NGI0) <matttbe(a)kernel.org>
mptcp: blackhole only if 1st SYN retrans w/o MPC is accepted
Paolo Abeni <pabeni(a)redhat.com>
mptcp: handle fastopen disconnect correctly
Matthieu Baerts (NGI0) <matttbe(a)kernel.org>
mptcp: pm: only set fullmesh for subflow endp
Paolo Abeni <pabeni(a)redhat.com>
mptcp: consolidate suboption status
Abel Vesa <abel.vesa(a)linaro.org>
clk: qcom: gcc-x1e80100: Do not turn off usb_2 controller GDSC
Kyle Tso <kyletso(a)google.com>
usb: typec: tcpci: Prevent Sink disconnection before vPpsShutdown in SPR PPS
Jos Wang <joswang(a)lenovo.com>
usb: typec: tcpm: set SRC_SEND_CAPABILITIES timeout to PD_T_SENDER_RESPONSE
Ray Chi <raychi(a)google.com>
usb: dwc3: Skip resume if pm_runtime_set_active() fails
Kyle Tso <kyletso(a)google.com>
usb: dwc3: core: Defer the probe until USB power supply ready
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
usb: dwc3-am62: Fix an OF node leak in phy_syscon_pll_refclk()
Thinh Nguyen <Thinh.Nguyen(a)synopsys.com>
usb: gadget: f_tcm: Fix Get/SetInterface return value
Sean Rhodes <sean(a)starlabs.systems>
drivers/card_reader/rtsx_usb: Restore interrupt based detection
Michal Pecio <michal.pecio(a)gmail.com>
usb: xhci: Fix NULL pointer dereference on certain command aborts
Nikita Zhandarovich <n.zhandarovich(a)fintech.ru>
net: usb: rtl8150: enable basic endpoint checking
Lianqin Hu <hulianqin(a)vivo.com>
ALSA: usb-audio: Add delay quirk for iBasso DC07 Pro
Darrick J. Wong <djwong(a)kernel.org>
xfs: don't shut down the filesystem for media failures beyond end of log
Darrick J. Wong <djwong(a)kernel.org>
xfs: release the dquot buf outside of qli_lock
Darrick J. Wong <djwong(a)kernel.org>
xfs: don't over-report free space or inodes in statvfs
Long Li <leo.lilong(a)huawei.com>
xfs: fix mount hang during primary superblock recovery failure
Christoph Hellwig <hch(a)lst.de>
xfs: check for dead buffers in xfs_buf_find_insert
Ricardo B. Marliere <rbm(a)suse.com>
ktest.pl: Check kernelrelease return in get_version
Masami Hiramatsu (Google) <mhiramat(a)kernel.org>
selftests/ftrace: Fix to use remount when testing mount GID option
Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com>
selftests/rseq: Fix handling of glibc without rseq support
Pablo Neira Ayuso <pablo(a)netfilter.org>
netfilter: nf_tables: reject mismatching sum of field_len with set key length
Chuck Lever <chuck.lever(a)oracle.com>
Revert "SUNRPC: Reduce thread wake-up rate when receiving large RPC messages"
Yu Kuai <yukuai3(a)huawei.com>
md/md-bitmap: move bitmap_{start, end}write to md upper layer
Yu Kuai <yukuai3(a)huawei.com>
md/raid5: implement pers->bitmap_sector()
Yu Kuai <yukuai3(a)huawei.com>
md: add a new callback pers->bitmap_sector()
Yu Kuai <yukuai3(a)huawei.com>
md/md-bitmap: remove the last parameter for bimtap_ops->endwrite()
Yu Kuai <yukuai3(a)huawei.com>
md/md-bitmap: factor behind write counters out from bitmap_{start/end}write()
Daniel Lee <chullee(a)google.com>
f2fs: Introduce linear search for dentries
Liam R. Howlett <Liam.Howlett(a)Oracle.com>
kernel: be more careful about dup_mmap() failures and uprobe registering
Masahiro Yamada <masahiroy(a)kernel.org>
kbuild: fix Clang LTO with CONFIG_OBJTOOL=n
Lin Yujun <linyujun809(a)huawei.com>
hexagon: Fix unbalanced spinlock in die()
Willem de Bruijn <willemb(a)google.com>
hexagon: fix using plain integer as NULL pointer warning in cmpxchg
Masahiro Yamada <masahiroy(a)kernel.org>
kconfig: fix memory leak in sym_warn_unmet_dep()
Masahiro Yamada <masahiroy(a)kernel.org>
kconfig: fix file name in warnings when loading KCONFIG_DEFCONFIG_LIST
Pali Rohár <pali(a)kernel.org>
cifs: Fix getting and setting SACLs over SMB1
Pali Rohár <pali(a)kernel.org>
cifs: Validate EAs for WSL reparse points
Len Brown <len.brown(a)intel.com>
tools/power turbostat: Fix forked child affinity regression
Daniel Baluta <daniel.baluta(a)nxp.com>
ASoC: amd: acp: Fix possible deadlock
Jens Axboe <axboe(a)kernel.dk>
io_uring/register: use atomic_read/write for sq_flags migration
Jens Axboe <axboe(a)kernel.dk>
io_uring/uring_cmd: use cached cmd_op in io_uring_cmd_sock()
Jens Axboe <axboe(a)kernel.dk>
io_uring/msg_ring: don't leave potentially dangling ->tctx pointer
Detlev Casanova <detlev.casanova(a)collabora.com>
ASoC: rockchip: i2s_tdm: Re-add the set_sysclk callback
Palmer Dabbelt <palmer(a)rivosinc.com>
RISC-V: Mark riscv_v_init() as __init
Torsten Hilbrich <torsten.hilbrich(a)secunet.com>
kbuild: Fix signing issue for external modules
Patryk Wlazlyn <patryk.wlazlyn(a)linux.intel.com>
tools/power turbostat: Fix PMT mmaped file size rounding
Al Viro <viro(a)zeniv.linux.org.uk>
hostfs: fix string handling in __dentry_name()
Masahiro Yamada <masahiroy(a)kernel.org>
genksyms: fix memory leak when the same symbol is read from *.symref file
Masahiro Yamada <masahiroy(a)kernel.org>
genksyms: fix memory leak when the same symbol is added from source
Eric Dumazet <edumazet(a)google.com>
net: hsr: fix fill_frame_info() regression vs VLAN packets
Kory Maincent <kory.maincent(a)bootlin.com>
net: sh_eth: Fix missing rtnl lock in suspend/resume path
Kory Maincent <kory.maincent(a)bootlin.com>
net: ravb: Fix missing rtnl lock in suspend/resume path
Toke Høiland-Jørgensen <toke(a)redhat.com>
net: xdp: Disallow attaching device-bound programs in generic mode
Jon Maloy <jmaloy(a)redhat.com>
tcp: correct handling of extreme memory squeeze
Rafał Miłecki <rafal(a)milecki.pl>
bgmac: reduce max frame size to support just MTU 1500
Michal Luczaj <mhal(a)rbox.co>
vsock: Allow retrying on connect() failure
Michal Luczaj <mhal(a)rbox.co>
vsock: Keep the binding until socket destruction
Neeraj Sanjay Kale <neeraj.sanjaykale(a)nxp.com>
Bluetooth: btnxpuart: Fix glitches seen in dual A2DP streaming
Douglas Anderson <dianders(a)chromium.org>
Bluetooth: btusb: mediatek: Add locks for usb_driver_claim_interface()
Rafael J. Wysocki <rafael.j.wysocki(a)intel.com>
PM: sleep: core: Synchronize runtime PM status of parents and children
Namhyung Kim <namhyung(a)kernel.org>
perf test: Skip syscall enum test if no landlock syscall
Howard Chu <howardchu95(a)gmail.com>
perf trace: Fix runtime error of index out of bounds
Heiko Carstens <hca(a)linux.ibm.com>
s390/sclp: Initialize sclp subsystem via arch_cpu_finalize_init()
Cosmin Ratiu <cratiu(a)nvidia.com>
bonding: Correctly support GSO ESP offload
Kunihiko Hayashi <hayashi.kunihiko(a)socionext.com>
net: stmmac: Limit FIFO size by hardware capability
Kunihiko Hayashi <hayashi.kunihiko(a)socionext.com>
net: stmmac: Limit the number of MTL queues to hardware capability
Gal Pressman <gal(a)nvidia.com>
ethtool: Fix set RXNFC command with symmetric RSS hash
Thomas Weißschuh <linux(a)weissschuh.net>
ptp: Properly handle compat ioctls
Ian Rogers <irogers(a)google.com>
perf annotate: Use an array for the disassembler preference
Chenyuan Yang <chenyuan0y(a)gmail.com>
net: davicom: fix UAF in dm9000_drv_remove
Shigeru Yoshida <syoshida(a)redhat.com>
vxlan: Fix uninit-value in vxlan_vnifilter_dump()
David Howells <dhowells(a)redhat.com>
rxrpc, afs: Fix peer hash locking vs RCU callback
Jan Stancek <jstancek(a)redhat.com>
selftests: net/{lib,openvswitch}: extend CFLAGS to keep options from environment
Jan Stancek <jstancek(a)redhat.com>
selftests: mptcp: extend CFLAGS to keep options from environment
Jakub Kicinski <kuba(a)kernel.org>
net: page_pool: don't try to stash the napi id
Jakub Kicinski <kuba(a)kernel.org>
tools: ynl: c: correct reverse decode of empty attrs
Stanislav Fomichev <sdf(a)fomichev.me>
net/mlx5e: add missing cpu_to_node to kvzalloc_node in mlx5e_open_xdpredirect_sq
Jakub Kicinski <kuba(a)kernel.org>
net: netdevsim: try to close UDP port harness races
Eric Dumazet <edumazet(a)google.com>
net: rose: fix timer races against user threads
Paul Fertser <fercerpav(a)gmail.com>
net/ncsi: use dev_set_mac_address() for Get MC MAC Address handling
Vasily Gorbik <gor(a)linux.ibm.com>
s390/mm: Allow large pages for KASAN shadow mapping
Michal Swiatkowski <michal.swiatkowski(a)linux.intel.com>
iavf: allow changing VLAN state without calling PF
Mateusz Polchlopek <mateusz.polchlopek(a)intel.com>
ice: remove invalid parameter of equalizer
Przemek Kitszel <przemyslaw.kitszel(a)intel.com>
ice: fix ice_parser_rt::bst_key array size
Marco Leogrande <leogrande(a)google.com>
idpf: convert workqueues to unbound
Manoj Vishwanathan <manojvishy(a)google.com>
idpf: Acquire the lock before accessing the xn->salt
Emil Tantilov <emil.s.tantilov(a)intel.com>
idpf: fix transaction timeouts on reset
Emil Tantilov <emil.s.tantilov(a)intel.com>
idpf: add read memory barrier when checking descriptor done bit
Sebastian Sewior <bigeasy(a)linutronix.de>
xfrm: Don't disable preemption while looking up cache state.
Howard Chu <howardchu95(a)gmail.com>
perf trace: Fix BPF loading failure (-E2BIG)
Wentao Liang <vulab(a)iscas.ac.cn>
PM: hibernate: Add error handling for syscore_suspend()
Eric Dumazet <edumazet(a)google.com>
ipmr: do not call mr_mfc_uses_dev() for unres entries
Dheeraj Reddy Jonnalagadda <dheeraj.linuxdev(a)gmail.com>
net: fec: implement TSO descriptor cleanup
Dimitri Fedrau <dima.fedrau(a)gmail.com>
net: phy: marvell-88q2xxx: Fix temperature measurement with reset-gpios
Ahmad Fatoum <a.fatoum(a)pengutronix.de>
gpio: mxc: remove dead code after switch to DT-only
Jian Shen <shenjian15(a)huawei.com>
net: hns3: fix oops when unload drivers paralleling
Christian Marangi <ansuelsmth(a)gmail.com>
net: airoha: Fix wrong GDM4 register definition
Alexander Stein <alexander.stein(a)ew.tq-group.com>
regulator: core: Add missing newline character
pangliyuan <pangliyuan1(a)huawei.com>
ubifs: skip dumping tnc tree when zroot is null
Zhihao Cheng <chengzhihao1(a)huawei.com>
ubi: Revert "ubi: wl: Close down wear-leveling before nand is suspended"
Ming Wang <wangming01(a)loongson.cn>
rtc: loongson: clear TOY_MATCH0_REG in loongson_rtc_isr()
Oleksij Rempel <o.rempel(a)pengutronix.de>
rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read
Dan Carpenter <dan.carpenter(a)linaro.org>
rtc: tps6594: Fix integer overflow on 32bit systems
Alexandre Cassen <acassen(a)corp.free.fr>
xfrm: delete intermediate secpath entry in packet offload mode
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
dmaengine: ti: edma: fix OF node reference leaks in edma_driver
Adam Ford <aford173(a)gmail.com>
phy: freescale: fsl-samsung-hdmi: Clean up fld_tg_code calculation
Florian Westphal <fw(a)strlen.de>
xfrm: state: fix out-of-bounds read during lookup
Jianbo Liu <jianbol(a)nvidia.com>
xfrm: replay: Fix the update of replay_esn->oseq_hi for GSO
Luo Yifan <luoyifan(a)cmss.chinamobile.com>
tools/bootconfig: Fix the wrong format specifier
Huacai Chen <chenhuacai(a)kernel.org>
LoongArch: Fix warnings during S3 suspend
Olga Kornievskaia <okorniev(a)redhat.com>
NFSv4.2: mark OFFLOAD_CANCEL MOVEABLE
Olga Kornievskaia <okorniev(a)redhat.com>
NFSv4.2: fix COPY_NOTIFY xdr buf size calculation
Mike Snitzer <snitzer(a)kernel.org>
nfs: fix incorrect error handling in LOCALIO
John Ogness <john.ogness(a)linutronix.de>
serial: 8250: Adjust the timeout for FIFO mode
Jiri Slaby (SUSE) <jirislaby(a)kernel.org>
tty: mips_ejtag_fdc: fix one more u8 warning
Zijun Hu <quic_zijuhu(a)quicinc.com>
driver core: class: Fix wild pointer dereferences in API class_dev_iter_next()
Christophe Leroy <christophe.leroy(a)csgroup.eu>
module: Don't fail module loading when setting ro_after_init section RO failed
Sebastian Andrzej Siewior <bigeasy(a)linutronix.de>
module: Extend the preempt disabled section in dereference_symbol_descriptor().
Suren Baghdasaryan <surenb(a)google.com>
alloc_tag: avoid current->alloc_tag manipulations when profiling is disabled
Ryusuke Konishi <konishi.ryusuke(a)gmail.com>
nilfs2: handle errors that nilfs_prepare_chunk() may return
Ryusuke Konishi <konishi.ryusuke(a)gmail.com>
nilfs2: protect access to buffers with no active references
Ryusuke Konishi <konishi.ryusuke(a)gmail.com>
nilfs2: do not force clear folio if buffer is referenced
Su Yue <glass.su(a)suse.com>
ocfs2: mark dquot as inactive if failed to start trans while releasing dquot
Gao Xiang <xiang(a)kernel.org>
erofs: fix potential return value overflow of z_erofs_shrink_scan()
Charles Han <hanchunchao(a)inspur.com>
firewire: test: Fix potential null dereference in firewire kunit test
Guixin Liu <kanie(a)linux.alibaba.com>
scsi: mpi3mr: Fix possible crash when setting up bsg fails
Guixin Liu <kanie(a)linux.alibaba.com>
scsi: ufs: bsg: Delete bsg_dev when setting up bsg fails
Paul Menzel <pmenzel(a)molgen.mpg.de>
scsi: mpt3sas: Set ioc->manu_pg11.EEDPTagMode directly to 1
Daire McNamara <daire.mcnamara(a)microchip.com>
PCI: microchip: Set inbound address translation for coherent or non-coherent mode
Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org>
PCI: endpoint: pci-epf-test: Fix check for DMA MEMCPY test
Mohamed Khalfella <khalfella(a)gmail.com>
PCI: endpoint: pci-epf-test: Set dma_chan_rx pointer to NULL on error
Richard Zhu <hongxing.zhu(a)nxp.com>
PCI: dwc: Always stop link in the dw_pcie_suspend_noirq
Krishna chaitanya chundru <quic_krichai(a)quicinc.com>
PCI: qcom: Update ICC and OPP values after Link Up event
Richard Zhu <hongxing.zhu(a)nxp.com>
PCI: imx6: Add missing reference clock disable logic
Richard Zhu <hongxing.zhu(a)nxp.com>
PCI: imx6: Deassert apps_reset in imx_pcie_deassert_core_reset()
Richard Zhu <hongxing.zhu(a)nxp.com>
PCI: imx6: Skip controller_id generation logic for i.MX7D
Frank Li <Frank.Li(a)nxp.com>
PCI: imx6: Configure PHY based on Root Complex or Endpoint mode
Dan Carpenter <dan.carpenter(a)linaro.org>
PCI: rockchip-ep: Fix error code in rockchip_pcie_ep_init_ob_mem()
Damien Le Moal <dlemoal(a)kernel.org>
PCI: rockchip: Add missing fields descriptions for struct rockchip_pcie_ep
King Dix <kingdix10(a)qq.com>
PCI: rcar-ep: Fix incorrect variable used when calling devm_request_mem_region()
Desnes Nunes <desnesn(a)redhat.com>
media: dvb-usb-v2: af9035: fix ISO C90 compilation error on af9035_i2c_master_xfer
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
staging: media: imx: fix OF node leak in imx_media_add_of_subdevs()
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
watchdog: rti_wdt: Fix an OF node leak in rti_wdt_probe()
Laurentiu Palcu <laurentiu.palcu(a)oss.nxp.com>
media: nxp: imx8-isi: fix v4l2-compliance test errors
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
mtd: hyperbus: hbmc-am654: fix an OF node reference leak
david regan <dregan(a)broadcom.com>
mtd: rawnand: brcmnand: fix status read of brcmnand_waitfunc
Ricardo Ribalda <ribalda(a)chromium.org>
media: uvcvideo: Propagate buf->error to userspace
Ricardo Ribalda <ribalda(a)chromium.org>
media: uvcvideo: Fix deadlock during uvc_probe
Jiasheng Jiang <jiashengjiangcool(a)gmail.com>
media: camif-core: Add check for clk_enable()
Jiasheng Jiang <jiashengjiangcool(a)gmail.com>
media: mipi-csis: Add check for clk_enable()
Dave Stevenson <dave.stevenson(a)raspberrypi.com>
media: i2c: ov9282: Correct the exposure offset
Luca Weiss <luca.weiss(a)fairphone.com>
media: i2c: imx412: Add missing newline to prints
Dave Stevenson <dave.stevenson(a)raspberrypi.com>
media: i2c: imx290: Register 0x3011 varies between imx327 and imx290
Jiasheng Jiang <jiashengjiangcool(a)gmail.com>
media: marvell: Add check for clk_enable()
Chen-Yu Tsai <wenst(a)chromium.org>
remoteproc: mtk_scp: Only populate devices for SCP cores
Jian-Hong Pan <jhp(a)endlessos.org>
PCI/ASPM: Save parent L1SS config in pci_save_aspm_l1ss_state()
Zijun Hu <quic_zijuhu(a)quicinc.com>
PCI: endpoint: Destroy the EPC device in devm_pci_epc_destroy()
Chen Ni <nichen(a)iscas.ac.cn>
media: lmedm04: Handle errors for lme2510_int_read
Oliver Neukum <oneukum(a)suse.com>
media: rc: iguanair: handle timeouts
Dmytro Maluka <dmaluka(a)chromium.org>
of/fdt: Restore possibility to use both ACPI and FDT from bootloader
Mark Brown <broonie(a)kernel.org>
spi: omap2-mcspi: Correctly handle devm_clk_get_optional() errors
Michal Wilczynski <m.wilczynski(a)samsung.com>
mailbox: th1520: Fix memory corruption due to incorrect array size
Dan Carpenter <dan.carpenter(a)linaro.org>
mailbox: mpfs: fix copy and paste bug in probe
Dan Carpenter <dan.carpenter(a)linaro.org>
mailbox: th1520: Fix a NULL vs IS_ERR() bug
Qasim Ijaz <qasdev00(a)gmail.com>
iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index()
Suraj Sonawane <surajsonawane0215(a)gmail.com>
iommu: iommufd: fix WARNING in iommufd_device_unbind
Zhu Yanjun <yanjun.zhu(a)linux.dev>
RDMA/rxe: Fix the warning "__rxe_cleanup+0x12c/0x170 [rdma_rxe]"
Anumula Murali Mohan Reddy <anumula(a)chelsio.com>
RDMA/cxgb4: Notify rdma stack for IB_EVENT_QP_LAST_WQE_REACHED event
Randy Dunlap <rdunlap(a)infradead.org>
efi: sysfb_efi: fix W=1 warnings when EFI is not set
Zijun Hu <quic_zijuhu(a)quicinc.com>
of: reserved-memory: Do not make kmemleak ignore freed address
Zijun Hu <quic_zijuhu(a)quicinc.com>
of: property: Avoiding using uninitialized variable @imaplen in parse_interrupt_map()
Michael Guralnik <michaelgur(a)nvidia.com>
RDMA/mlx5: Fix indirect mkey ODP page count
Pei Xiao <xiaopei01(a)kylinos.cn>
i3c: dw: Fix use-after-free in dw_i3c_master driver due to race condition
Joel Stanley <joel(a)jms.id.au>
arm64: dts: qcom: x1e80100-romulus: Update firmware nodes
Akhil R <akhilrajeev(a)nvidia.com>
arm64: tegra: Fix DMA ID for SPI2
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
fbdev: omapfb: Fix an OF node leak in dss_of_port_get_parent_device()
Josua Mayer <josua(a)solid-run.com>
arm64: dts: ti: k3-am642-hummingboard-t: Convert overlay to board dts
Siddharth Vadapalli <s-vadapalli(a)ti.com>
arm64: dts: ti: Makefile: Fix typo "k3-j7200-evm-pcie1-ep.dtbo"
Michael Riesch <michael.riesch(a)wolfvision.net>
arm64: dts: rockchip: fix num-channels property of wolfvision pf5 mic
Jagan Teki <jagan(a)edgeble.ai>
arm64: dts: rockchip: Fix PCIe3 handling for Edgeble-6TOPS Modules
Rafał Miłecki <rafal(a)milecki.pl>
ARM: dts: mediatek: mt7623: fix IR nodename
Josua Mayer <josua(a)solid-run.com>
arm64: dts: marvell: cn9131-cf-solidwan: fix cp1 comphy links
Vladimir Zapolskiy <vladimir.zapolskiy(a)linaro.org>
arm64: dts: qcom: sm8250: Fix interrupt types of camss interrupts
Vladimir Zapolskiy <vladimir.zapolskiy(a)linaro.org>
arm64: dts: qcom: sdm845: Fix interrupt types of camss interrupts
Vladimir Zapolskiy <vladimir.zapolskiy(a)linaro.org>
arm64: dts: qcom: sc8280xp: Fix interrupt type of camss interrupts
Val Packett <val(a)packett.cool>
arm64: dts: mediatek: add per-SoC compatibles for keypad nodes
Jason-JH.Lin <jason-jh.lin(a)mediatek.com>
dts: arm64: mediatek: mt8195: Remove MT8183 compatible for OVL
Jason-JH.Lin <jason-jh.lin(a)mediatek.com>
dts: arm64: mediatek: mt8188: Update OVL compatible from MT8183 to MT8195
Frank Wunderlich <frank-w(a)public-files.de>
arm64: dts: mediatek: mt7988: Add missing clock-div property for i2c
Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org>
firmware: qcom: scm: Cleanup global '__scm' on probe failures
Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com>
arm64: dts: qcom: sc8280xp: Fix up remoteproc register space sizes
Neil Armstrong <neil.armstrong(a)linaro.org>
arm64: dts: qcom: sm8150-microsoft-surface-duo: fix typos in da7280 properties
Neil Armstrong <neil.armstrong(a)linaro.org>
arm64: dts: qcom: sc7180: fix psci power domain node names
Alan Stern <stern(a)rowland.harvard.edu>
HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections
Neil Armstrong <neil.armstrong(a)linaro.org>
arm64: dts: qcom: sc7180-trogdor-pompom: rename 5v-choke thermal zone
Neil Armstrong <neil.armstrong(a)linaro.org>
arm64: dts: qcom: sc7180-trogdor-quackingstick: add missing avee-supply
Neil Armstrong <neil.armstrong(a)linaro.org>
arm64: dts: qcom: sdm845-db845c-navigation-mezzanine: remove disabled ov7251 camera
Neil Armstrong <neil.armstrong(a)linaro.org>
arm64: dts: qcom: qcm6490-shift-otter: remove invalid orientation-switch
Aaro Koskinen <aaro.koskinen(a)iki.fi>
ARM: omap1: Fix up the Retu IRQ on Nokia 770
Junxian Huang <huangjunxian6(a)hisilicon.com>
RDMA/hns: Clean up the legacy CONFIG_INFINIBAND_HNS
Li Zhijian <lizhijian(a)fujitsu.com>
RDMA/rtrs: Add missing deinit() call
Kalesh AP <kalesh-anakkur.purayil(a)broadcom.com>
RDMA/bnxt_re: Fix to drop reference to the mmap entry in case of error
Jonas Karlman <jonas(a)kwiboo.se>
arm64: dts: rockchip: Fix sdmmc access on rk3308-rock-s0 v1.1 boards
Bryan Brattlof <bb(a)ti.com>
arm64: dts: ti: k3-am62a: Remove duplicate GICR reg
Bryan Brattlof <bb(a)ti.com>
arm64: dts: ti: k3-am62: Remove duplicate GICR reg
Cristian Birsan <cristian.birsan(a)microchip.com>
ARM: dts: microchip: sama5d27_wlsom1_ek: Add no-1-8-v property to sdmmc0 node
Cristian Birsan <cristian.birsan(a)microchip.com>
ARM: dts: microchip: sama5d29_curiosity: Add no-1-8-v property to sdmmc0 node
Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org>
arm64: dts: qcom: sm8650: Fix CDSP context banks unit addresses
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: x1e80100: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: sm8650: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: sm8550: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: sm8450: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: sm8350: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: sm8250: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: sm6375: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: sm6125: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: sm4450: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: sdx75: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: sc7280: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: qrb4210-rb2: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: q[dr]u1000: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: qcs404: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: msm8994: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: msm8939: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: msm8916: correct sleep clock frequency
Luca Weiss <luca.weiss(a)fairphone.com>
arm64: dts: qcom: sm7225-fairphone-fp4: Drop extra qcom,msm-id value
Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com>
arm64: dts: qcom: msm8994: Describe USB interrupts
Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com>
arm64: dts: qcom: msm8996: Fix up USB3 interrupts
Ross Burton <ross.burton(a)arm.com>
arm64: defconfig: remove obsolete CONFIG_SM_DISPCC_8650
Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com>
arm64: dts: qcom: sa8775p: Use valid node names for GPI DMAs
Maulik Shah <quic_mkshah(a)quicinc.com>
arm64: dts: qcom: sa8775p: Add CPUs to psci power domain
Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com>
arm64: dts: qcom: sa8775p: Use a SoC-specific compatible for GPI DMA
Taniya Das <quic_tdas(a)quicinc.com>
arm64: dts: qcom: sa8775p: Update sleep_clk frequency
Marek Vasut <marex(a)denx.de>
arm64: dts: qcom: msm8996-xiaomi-gemini: Fix LP5562 LED1 reg property
Chen-Yu Tsai <wenst(a)chromium.org>
arm64: dts: mediatek: mt8183-kukui-jacuzzi: Drop pp3300_panel voltage settings
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
memory: tegra20-emc: fix an OF node reference bug in tegra_emc_find_node_by_ram_code()
Marek Vasut <marex(a)denx.de>
ARM: dts: stm32: Swap USART3 and UART8 alias on STM32MP15xx DHCOM SoM
Marek Vasut <marex(a)denx.de>
ARM: dts: stm32: Deduplicate serial aliases and chosen node for STM32MP15xx DHCOM SoM
Nícolas F. R. A. Prado <nfraprado(a)collabora.com>
arm64: dts: mediatek: mt8195: Remove suspend-breaking reset from pcie1
Ma Ke <make_ruc2021(a)163.com>
RDMA/srp: Fix error handling in srp_add_port
Hsin-Te Yuan <yuanhsinte(a)chromium.org>
arm64: dts: mediatek: mt8183: willow: Support second source touchscreen
Hsin-Te Yuan <yuanhsinte(a)chromium.org>
arm64: dts: mediatek: mt8183: kenzo: Support second source touchscreen
zhenwei pi <pizhenwei(a)bytedance.com>
RDMA/rxe: Fix mismatched max_msg_sz
Mamta Shukla <mamta.shukla(a)leica-geosystems.com>
arm: dts: socfpga: use reset-name "stmmaceth-ocp" instead of "ahb"
Ricky CX Wu <ricky.cx.wu.wiwynn(a)gmail.com>
ARM: dts: aspeed: yosemite4: correct the compatible string for max31790
Ricky CX Wu <ricky.cx.wu.wiwynn(a)gmail.com>
ARM: dts: aspeed: yosemite4: Add required properties for IOE on fan boards
Ricky CX Wu <ricky.cx.wu.wiwynn(a)gmail.com>
ARM: dts: aspeed: yosemite4: correct the compatible string of adm1272
Chen-Yu Tsai <wenst(a)chromium.org>
arm64: dts: mediatek: mt8173-evb: Fix MT6397 PMIC sub-node names
Chen-Yu Tsai <wenst(a)chromium.org>
arm64: dts: mediatek: mt8173-elm: Fix MT6397 PMIC sub-node names
Chen-Yu Tsai <wenst(a)chromium.org>
arm64: dts: mediatek: mt8395-genio-1200-evk: Drop regulator-compatible property
Chen-Yu Tsai <wenst(a)chromium.org>
arm64: dts: medaitek: mt8395-nio-12l: Drop regulator-compatible property
Chen-Yu Tsai <wenst(a)chromium.org>
arm64: dts: mediatek: mt8195-demo: Drop regulator-compatible property
Chen-Yu Tsai <wenst(a)chromium.org>
arm64: dts: mediatek: mt8195-cherry: Drop regulator-compatible property
Chen-Yu Tsai <wenst(a)chromium.org>
arm64: dts: mediatek: mt8192-asurada: Drop regulator-compatible property
Chen-Yu Tsai <wenst(a)chromium.org>
arm64: dts: mediatek: mt8173-elm: Drop regulator-compatible property
Chen-Yu Tsai <wenst(a)chromium.org>
arm64: dts: mediatek: mt8173-evb: Drop regulator-compatible property
Dan Carpenter <dan.carpenter(a)linaro.org>
rdma/cxgb4: Prevent potential integer overflow on 32bit
Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com>
arm64: dts: renesas: rzg3s-smarc: Fix the debug serial alias
Leon Romanovsky <leon(a)kernel.org>
RDMA/mlx4: Avoid false error about access to uninitialized gids array
Arnaud Pouliquen <arnaud.pouliquen(a)foss.st.com>
ARM: dts: stm32: Fix IPCC EXTI declaration on stm32mp151
Marek Vasut <marex(a)denx.de>
ARM: dts: stm32: Sort M24256E write-lockable page in DH STM32MP13xx DHCOR SoM DT
Marek Vasut <marex(a)denx.de>
ARM: dts: stm32: Increase CPU core voltage on STM32MP13xx DHCOR SoM
Val Packett <val(a)packett.cool>
arm64: dts: mediatek: mt8516: reserve 192 KiB for TF-A
Val Packett <val(a)packett.cool>
arm64: dts: mediatek: mt8516: add i2c clock-div property
Val Packett <val(a)packett.cool>
arm64: dts: mediatek: mt8516: fix wdt irq type
Val Packett <val(a)packett.cool>
arm64: dts: mediatek: mt8516: fix GICv2 range
Hsin-Yi Wang <hsinyi(a)chromium.org>
arm64: dts: mt8183: set DMIC one-wire mode on Damu
Nícolas F. R. A. Prado <nfraprado(a)collabora.com>
arm64: dts: mediatek: mt8186: Move wakeup to MTU3 to get working suspend
Alexander Stein <alexander.stein(a)ew.tq-group.com>
ARM: dts: imx7-tqma7: add missing vs-supply for LM75A (rev. 01xxx)
Nicolas Ferre <nicolas.ferre(a)microchip.com>
ARM: at91: pm: change BU Power Switch to automatic mode
Javier Carrasco <javier.carrasco.cruz(a)gmail.com>
soc: atmel: fix device_node release in atmel_soc_device_init()
Hou Tao <houtao1(a)huawei.com>
bpf: Cancel the running bpf_timer through kworker for PREEMPT_RT
Pali Rohár <pali(a)kernel.org>
cifs: Use cifs_autodisable_serverino() for disabling CIFS_MOUNT_SERVER_INUM in readdir.c
Paulo Alcantara <pc(a)manguebit.com>
smb: client: fix oops due to unset link speed
Herbert Xu <herbert(a)gondor.apana.org.au>
rhashtable: Fix rhashtable_try_insert test
Chen Ridong <chenridong(a)huawei.com>
padata: avoid UAF for reorder_work
Chen Ridong <chenridong(a)huawei.com>
padata: add pd get/put refcnt helper
Chen Ridong <chenridong(a)huawei.com>
padata: fix UAF in padata_reorder
Chun-Tse Shao <ctshao(a)google.com>
perf lock: Fix parse_lock_type which only retrieve one lock flag
Vishal Chourasia <vishalc(a)linux.ibm.com>
tools: Sync if_xdp.h uapi tooling header
Kailang Yang <kailang(a)realtek.com>
ALSA: hda/realtek - Fixed headphone distorted sound on Acer Aspire A115-31 laptop
Jason Gunthorpe <jgg(a)ziepe.ca>
iommu/amd: Fully decode all combinations of alloc_paging_flags
Jason Gunthorpe <jgg(a)ziepe.ca>
iommu/amd: Change amd_iommu_pgtable to use enum protection_domain_mode
Jason Gunthorpe <jgg(a)ziepe.ca>
iommu/amd: Remove type argument from do_iommu_domain_alloc() and related
Jason Gunthorpe <jgg(a)ziepe.ca>
iommu/amd: Remove dev == NULL checks
Jason Gunthorpe <jgg(a)ziepe.ca>
iommu/amd: Remove domain_alloc()
Alejandro Jimenez <alejandro.j.jimenez(a)oracle.com>
iommu/amd: Remove unused amd_iommu_domain_update()
Guo Ren <guoren(a)kernel.org>
iommu/riscv: Fixup compile warning
Daniel Xu <dxu(a)dxuuu.xyz>
bpf: tcp: Mark bpf_load_hdr_opt() arg2 as read-write
Pu Lehui <pulehui(a)huawei.com>
libbpf: Fix incorrect traversal end type ID when marking BTF_IS_EMBEDDED
Pu Lehui <pulehui(a)huawei.com>
libbpf: Fix return zero when elf_begin failed
Pu Lehui <pulehui(a)huawei.com>
selftests/bpf: Fix btf leak on new btf alloc failure in btf_distill test
Tony Ambardar <tony.ambardar(a)gmail.com>
selftests/bpf: Fix undefined UINT_MAX in veristat.c
Puranjay Mohan <puranjay(a)kernel.org>
bpf: Send signals asynchronously if !preemptible
Simon Trimmer <simont(a)opensource.cirrus.com>
ASoC: Intel: sof_sdw: Fix DMI match for Lenovo 83JX, 83MC and 83NM
Simon Trimmer <simont(a)opensource.cirrus.com>
ASoC: Intel: sof_sdw: Fix DMI match for Lenovo 83LC
Ian Rogers <irogers(a)google.com>
perf inject: Fix use without initialization of local variables
Ian Rogers <irogers(a)google.com>
perf test stat: Avoid hybrid assumption when virtualized
Maciej S. Szmigiero <mail(a)maciej.szmigiero.name>
pinctrl: amd: Take suspend type into consideration which pins are non-wake
Mingwei Zheng <zmw12306(a)gmail.com>
pinctrl: stm32: Add check for clk_enable()
Jiachen Zhang <me(a)jcix.top>
perf report: Fix misleading help message about --demangle
Cezary Rojewski <cezary.rojewski(a)intel.com>
ALSA: hda: Fix compilation of snd_hdac_adsp_xxx() helpers
Arnaldo Carvalho de Melo <acme(a)kernel.org>
perf MANIFEST: Add arch/*/include/uapi/asm/bpf_perf_event.h to the perf tarball
Namhyung Kim <namhyung(a)kernel.org>
perf symbol: Prefer non-label symbols with same address
Amadeusz Sławiński <amadeuszx.slawinski(a)linux.intel.com>
ASoC: Intel: avs: Fix init-config parsing
Cezary Rojewski <cezary.rojewski(a)intel.com>
ASoC: Intel: avs: Fix theoretical infinite loop
Cezary Rojewski <cezary.rojewski(a)intel.com>
ASoC: Intel: avs: Fix the minimum firmware version numbers
Cezary Rojewski <cezary.rojewski(a)intel.com>
ASoC: Intel: avs: Do not readq() u32 registers
Arnaldo Carvalho de Melo <acme(a)redhat.com>
perf namespaces: Fixup the nsinfo__in_pidns() return type, its bool
Arnaldo Carvalho de Melo <acme(a)redhat.com>
perf namespaces: Introduce nsinfo__set_in_pidns()
Christophe Leroy <christophe.leroy(a)csgroup.eu>
perf machine: Don't ignore _etext when not a text symbol
Christophe Leroy <christophe.leroy(a)csgroup.eu>
perf maps: Fix display of kernel symbols
Arnaldo Carvalho de Melo <acme(a)redhat.com>
perf top: Don't complain about lack of vmlinux when not resolving some kernel samples
Lu Baolu <baolu.lu(a)linux.intel.com>
iommu/vt-d: Draining PRQ in sva unbind path when FPD bit set
Jiayuan Chen <mrpre(a)163.com>
selftests/bpf: Avoid generating untracked files when running bpf selftests
Thomas Weißschuh <linux(a)weissschuh.net>
padata: fix sysfs store callback check
Martin KaFai Lau <martin.lau(a)kernel.org>
bpf: Reject struct_ops registration that uses module ptr and the module btf_id is missing
Takashi Iwai <tiwai(a)suse.de>
ALSA: seq: Make dependency on UMP clearer
Pei Xiao <xiaopei01(a)kylinos.cn>
bpf: Use refcount_t instead of atomic_t for mmap_count
Kanchana P Sridhar <kanchana.p.sridhar(a)intel.com>
crypto: iaa - Fix IAA disabling that occurs when sync_mode is set to 'async'
James Clark <james.clark(a)linaro.org>
perf stat: Fix trailing comma when there is no metric unit
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
crypto: ixp4xx - fix OF node reference leaks in init_ixp_crypto()
Wenkai Lin <linwenkai6(a)hisilicon.com>
crypto: hisilicon/sec2 - fix for aead invalid authsize
Wenkai Lin <linwenkai6(a)hisilicon.com>
crypto: hisilicon/sec2 - fix for aead icv error
Breno Leitao <leitao(a)debian.org>
rhashtable: Fix potential deadlock by moving schedule_work outside lock
Martin KaFai Lau <martin.lau(a)kernel.org>
bpf: bpf_local_storage: Always use bpf_mem_alloc in PREEMPT_RT
Ba Jing <bajing(a)cmss.chinamobile.com>
ktest.pl: Remove unused declarations in run_bisect_test function
Mingwei Zheng <zmw12306(a)gmail.com>
pinctrl: nomadik: Add check for clk_enable()
Levi Yun <yeoreum.yun(a)arm.com>
perf expr: Initialize is_test value in expr__ctx_new()
Arnaldo Carvalho de Melo <acme(a)redhat.com>
tools build: Remove the libunwind feature tests from the ones detected when test-all.o builds
Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com>
ASoC: renesas: rz-ssi: Use only the proper amount of dividers
Zhongqiu Han <quic_zhonhan(a)quicinc.com>
perf bpf: Fix two memory leakages when calling perf_env__insert_bpf_prog_info()
Zhongqiu Han <quic_zhonhan(a)quicinc.com>
perf header: Fix one memory leakage in process_bpf_prog_info()
Zhongqiu Han <quic_zhonhan(a)quicinc.com>
perf header: Fix one memory leakage in process_bpf_btf()
Hans de Goede <hdegoede(a)redhat.com>
platform/x86: x86-android-tablets: Make variables only used locally static
Hans de Goede <hdegoede(a)redhat.com>
platform/x86: x86-android-tablets: Add missing __init to get_i2c_adap_by_*()
Gaurav Jain <gaurav.jain(a)nxp.com>
crypto: caam - use JobR's space to access page 0 regs
Herbert Xu <herbert(a)gondor.apana.org.au>
crypto: api - Fix boot-up self-test race
Chen Ridong <chenridong(a)huawei.com>
crypto: tegra - do not transfer req when tegra init fails
Jason Gunthorpe <jgg(a)ziepe.ca>
iommu/arm-smmuv3: Update comments about ATS and bypass
Saket Kumar Bhaskar <skb99(a)linux.ibm.com>
selftests/bpf: Fix fill_link_info selftest on powerpc
Arnaldo Carvalho de Melo <acme(a)redhat.com>
tools features: Don't check for libunwind devel files by default
George Lander <lander(a)jagmn.com>
ASoC: sun4i-spdif: Add clock multiplier settings
Bard Liao <yung-chuan.liao(a)linux.intel.com>
ASoC: Intel: sof_sdw: correct mach_params->dmic_num
Quentin Monnet <qmo(a)kernel.org>
libbpf: Fix segfault due to libelf functions not setting errno
Andrea Righi <arighi(a)nvidia.com>
sched_ext: Use the NUMA scheduling domain for NUMA optimizations
Marco Leogrande <leogrande(a)google.com>
tools/testing/selftests/bpf/test_tc_tunnel.sh: Fix wait for server bind
Takashi Iwai <tiwai(a)suse.de>
ASoC: wcd937x: Use *-y for Makefile
Takashi Iwai <tiwai(a)suse.de>
ASoC: cs42l84: Use *-y for Makefile
Takashi Iwai <tiwai(a)suse.de>
ASoC: SDCA: Use *-y for Makefile
Takashi Iwai <tiwai(a)suse.de>
ASoC: mediatek: mt8365: Use *-y for Makefile
Takashi Iwai <tiwai(a)suse.de>
ASoC: cs40l50: Use *-y for Makefile
Andrii Nakryiko <andrii(a)kernel.org>
libbpf: don't adjust USDT semaphore address if .stapsdt.base addr is missing
Christophe JAILLET <christophe.jaillet(a)wanadoo.fr>
pinctrl: samsung: Fix irq handling if an error occurs in exynos_irq_demux_eint16_31()
Pei Xiao <xiaopei01(a)kylinos.cn>
platform/x86: x86-android-tablets: make platform data be static
Pei Xiao <xiaopei01(a)kylinos.cn>
platform/mellanox: mlxbf-pmc: incorrect type in assignment
Nikita Zhandarovich <n.zhandarovich(a)fintech.ru>
net/rose: prevent integer overflows in rose_setsockopt()
Mahdi Arghavani <ma.arghavani(a)yahoo.com>
tcp_cubic: fix incorrect HyStart round start detection
Roger Quadros <rogerq(a)kernel.org>
net: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns()
Xin Long <lucien.xin(a)gmail.com>
net: sched: refine software bypass handling in tc_run
Florian Westphal <fw(a)strlen.de>
netfilter: nft_flow_offload: update tcp state flags under lock
Pablo Neira Ayuso <pablo(a)netfilter.org>
netfilter: nf_tables: fix set size with rbtree backend
Jamal Hadi Salim <jhs(a)mojatatu.com>
net: sched: Disallow replacing of child qdisc from one parent to another
Antoine Tenart <atenart(a)kernel.org>
net: avoid race between device unregistration and ethnl ops
Shinas Rasheed <srasheed(a)marvell.com>
octeon_ep_vf: remove firmware stats fetch in ndo_get_stats64
Shinas Rasheed <srasheed(a)marvell.com>
octeon_ep: remove firmware stats fetch in ndo_get_stats64
Maher Sanalla <msanalla(a)nvidia.com>
net/mlxfw: Drop hard coded max FW flash image size
Liu Jian <liujian56(a)huawei.com>
net: let net.core.dev_weight always be non-zero
Mickaël Salaün <mic(a)digikod.net>
selftests/landlock: Fix error message
Mickaël Salaün <mic(a)digikod.net>
selftests/landlock: Fix build with non-default pthread linking
Daniel Golle <daniel(a)makrotopia.org>
net: phy: realtek: always clear NBase-T lpa
Daniel Golle <daniel(a)makrotopia.org>
net: phy: realtek: clear master_slave_state if link is down
Daniel Golle <daniel(a)makrotopia.org>
net: phy: realtek: clear 1000Base-T lpa if link is down
Mingwei Zheng <zmw12306(a)gmail.com>
pwm: stm32: Add check for clk_enable()
Kuniyuki Iwashima <kuniyu(a)amazon.com>
dev: Acquire netdev_rename_lock before restoring dev->name in dev_change_name().
Bo Gan <ganboing(a)gmail.com>
clk: analogbits: Fix incorrect calculation of vco rate delta
Eric Dumazet <edumazet(a)google.com>
inet: ipmr: fix data-races
Alexis Lothoré <alexis.lothore(a)bootlin.com>
wifi: wilc1000: unregister wiphy only after netdev registration
Max Chou <max.chou(a)realtek.com>
Bluetooth: btrtl: check for NULL in btrtl_setup_realtek()
Charles Han <hanchunchao(a)inspur.com>
Bluetooth: btbcm: Fix NULL deref in btbcm_get_board_name()
Dmitry Antipov <dmantipov(a)yandex.ru>
wifi: cfg80211: adjust allocation of colocated AP data
Dmitry V. Levin <ldv(a)strace.io>
selftests: harness: fix printing of mismatch values in __EXPECT()
Geert Uytterhoeven <geert+renesas(a)glider.be>
selftests: timers: clocksource-switch: Adapt progress to kselftest framework
Aditya Kumar Singh <quic_adisi(a)quicinc.com>
wifi: ath12k: fix key cache handling
Gautham R. Shenoy <gautham.shenoy(a)amd.com>
cpufreq: ACPI: Fix max-frequency computation
Uwe Kleine-König <u.kleine-koenig(a)baylibre.com>
i2c: designware: Actually make use of the I2C_DW_COMMON and I2C_DW symbol namespaces
Peter Chiu <chui-hao.chiu(a)mediatek.com>
wifi: mt76: mt7996: fix ldpc setting
Benjamin Lin <benjamin-jw.lin(a)mediatek.com>
wifi: mt76: mt7996: fix definition of tx descriptor
Benjamin Lin <benjamin-jw.lin(a)mediatek.com>
wifi: mt76: mt7996: fix incorrect indexing of MIB FW event
Howard Hsu <howard-yh.hsu(a)mediatek.com>
wifi: mt76: mt7996: fix HE Phy capability
Howard Hsu <howard-yh.hsu(a)mediatek.com>
wifi: mt76: mt7996: fix the capability of reception of EHT MU PPDU
Peter Chiu <chui-hao.chiu(a)mediatek.com>
wifi: mt76: mt7996: add max mpdu len capability
Peter Chiu <chui-hao.chiu(a)mediatek.com>
wifi: mt76: mt7996: fix register mapping
Peter Chiu <chui-hao.chiu(a)mediatek.com>
wifi: mt76: mt7915: fix register mapping
Felix Fietkau <nbd(a)nbd.name>
wifi: mt76: mt7915: fix omac index assignment after hardware reset
Felix Fietkau <nbd(a)nbd.name>
wifi: mt76: mt7915: firmware restart on devices with a second pcie link
Felix Fietkau <nbd(a)nbd.name>
wifi: mt76: only enable tx worker after setting the channel
Felix Fietkau <nbd(a)nbd.name>
wifi: mt76: mt7996: fix rx filter setting for bfee functionality
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: Properly handle responses for commands with events
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: Cleanup MLO settings post-disconnection
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: Update mt7925_mcu_uni_[tx,rx]_ba for MLO
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: Init secondary link PM state
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: Update secondary link PS flow
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: Update mt7925_unassign_vif_chanctx for per-link BSS
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: Update mt792x_rx_get_wcid for per-link STA
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: Update mt7925_mcu_sta_update for BC in ASSOC state
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: Enhance mt7925_mac_link_sta_add to support MLO
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: Enhance mt7925_mac_link_bss_add to support MLO
Leon Yen <leon.yen(a)mediatek.com>
wifi: mt76: mt7925: Fix CNM Timeout with Single Active Link in MLO
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: fix wrong parameter for related cmd of chan info
allan.wang <allan.wang(a)mediatek.com>
wifi: mt76: mt7925: Fix incorrect WCID phy_idx assignment
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: Fix incorrect WCID assignment for MLO
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: Fix incorrect MLD address in bss_mld_tlv for MLO support
Sean Wang <sean.wang(a)mediatek.com>
wifi: mt76: connac: Extend mt76_connac_mcu_uni_add_dev for MLO
xueqin Luo <luoxueqin(a)kylinos.cn>
wifi: mt76: mt7915: fix overflows seen when writing limit attributes
xueqin Luo <luoxueqin(a)kylinos.cn>
wifi: mt76: mt7996: fix overflows seen when writing limit attributes
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: fix the invalid ip address for arp offload
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: fix get wrong chip cap from incorrect pointer
Eric-SY Chang <eric-sy.chang(a)mediatek.com>
wifi: mt76: mt7925: fix wrong band_idx setting when enable sniffer mode
Charles Han <hanchunchao(a)inspur.com>
wifi: mt76: mt7925: fix NULL deref check in mt7925_change_vif_links
Christophe JAILLET <christophe.jaillet(a)wanadoo.fr>
wifi: mt76: mt7915: Fix an error handling path in mt7915_add_interface()
Michael Lo <michael.lo(a)mediatek.com>
wifi: mt76: mt7921: fix using incorrect group cipher after disconnection.
WangYuli <wangyuli(a)uniontech.com>
wifi: mt76: mt76u_vendor_request: Do not print error messages when -EPROTO
Mickaël Salaün <mic(a)digikod.net>
landlock: Handle weird files
Guangguan Wang <guangguan.wang(a)linux.alibaba.com>
net/smc: fix data error when recvmsg with MSG_PEEK flag
Drew Fustini <dfustini(a)tenstorrent.com>
clk: thead: Fix cpu2vp_clk for TH1520 AP_SUBSYS clocks
Drew Fustini <dfustini(a)tenstorrent.com>
clk: thead: Add CLK_IGNORE_UNUSED to fix TH1520 boot
Drew Fustini <dfustini(a)tenstorrent.com>
clk: thead: Fix clk gate registration to pass flags
Sergio Paracuellos <sergio.paracuellos(a)gmail.com>
clk: ralink: mtmips: remove duplicated 'xtal' clock for Ralink SoC RT3883
Johannes Berg <johannes.berg(a)intel.com>
wifi: mac80211: don't flush non-uploaded STAs
Ilan Peer <ilan.peer(a)intel.com>
wifi: mac80211: Fix common size calculation for ML element
Andy Strohman <andrew(a)andrewstrohman.com>
wifi: mac80211: fix tid removal during mesh forwarding
Kees Cook <kees(a)kernel.org>
wifi: cfg80211: Move cfg80211_scan_req_add_chan() n_channels increment earlier
Johannes Berg <johannes.berg(a)intel.com>
wifi: mac80211: prohibit deactivating all links
Emmanuel Grumbach <emmanuel.grumbach(a)intel.com>
wifi: iwlwifi: mvm: remove unneeded NULL pointer checks
Daniel Gabay <daniel.gabay(a)intel.com>
wifi: iwlwifi: mvm: don't count mgmt frames as MPDU
Miri Korenblit <miriam.rachel.korenblit(a)intel.com>
wifi: iwlwifi: mvm: avoid NULL pointer dereference
Johannes Berg <johannes.berg(a)intel.com>
wifi: iwlwifi: fw: read STEP table from correct UEFI var
Nicolas Cavallari <nicolas.cavallari(a)green-communications.fr>
wifi: mt76: mt7915: Fix mesh scan on MT7916 DBDC
Dan Carpenter <dan.carpenter(a)linaro.org>
wifi: mt76: mt7925: fix off by one in mt7925_load_clc()
Joel Stanley <joel(a)jms.id.au>
hwmon: Fix help text for aspeed-g6-pwm-tach
Ping-Ke Shih <pkshih(a)realtek.com>
wifi: rtw89: fix race between cancel_hw_scan and hw_scan completion
Zong-Zhe Yang <kevin_yang(a)realtek.com>
wifi: rtw89: mcc: consider time limits not divisible by 1024
Chih-Kang Chang <gary.chang(a)realtek.com>
wifi: rtw89: avoid to init mgnt_entry list twice when WoWLAN failed
Po-Hao Huang <phhuang(a)realtek.com>
wifi: rtw89: correct header conversion rule for MLO only
Zong-Zhe Yang <kevin_yang(a)realtek.com>
wifi: rtw89: chan: fix soft lockup in rtw89_entity_recalc_mgnt_roles()
Zong-Zhe Yang <kevin_yang(a)realtek.com>
wifi: rtw89: fix proceeding MCC with wrong scanning state after sequence changes
Andreas Kemnade <andreas(a)kemnade.info>
wifi: wlcore: fix unbalanced pm_runtime calls
Alexis Lothoré <alexis.lothore(a)bootlin.com>
wifi: wilc1000: unregister wiphy only if it has been registered
Shayne Chen <shayne.chen(a)mediatek.com>
wifi: mt76: mt7996: fix invalid interface combinations
Zichen Xie <zichenxie0106(a)gmail.com>
samples/landlock: Fix possible NULL dereference in parse_path()
Rob Herring (Arm) <robh(a)kernel.org>
mfd: syscon: Fix race in device_node_get_regmap()
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
leds: cht-wcove: Use devm_led_classdev_register() to avoid memory leak
Terry Tritton <terry.tritton(a)linaro.org>
HID: fix generic desktop D-Pad controls
Karol Przybylski <karprzy7(a)gmail.com>
HID: hid-thrustmaster: Fix warning in thrustmaster_probe by adding endpoint check
Amit Pundir <amit.pundir(a)linaro.org>
clk: qcom: gcc-sdm845: Do not use shared clk_ops for QUPs
Sathishkumar Muruganandam <quic_murugana(a)quicinc.com>
wifi: ath12k: fix tx power, max reg power update to firmware
Quan Nguyen <quan(a)os.amperecomputing.com>
ipmi: ssif_bmc: Fix new request loss when bmc ready for a response
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
OPP: OF: Fix an OF node leak in _opp_add_static_v2()
Yevgeny Kliteynik <kliteyn(a)nvidia.com>
net/mlx5: HWS, fix definer's HWS_SET32 macro for negative offset
Eric Dumazet <edumazet(a)google.com>
ax25: rcu protect dev->ax25_ptr
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
regulator: of: Implement the unwind path of of_regulator_match()
Vasily Khoruzhick <anarsoul(a)gmail.com>
clk: sunxi-ng: a64: stop force-selecting PLL-MIPI as TCON0 parent
Mario Limonciello <mario.limonciello(a)amd.com>
cpufreq/amd-pstate: Fix prefcore rankings
Octavian Purdila <tavip(a)google.com>
team: prevent adding a device which is already a team device lower
Bryan O'Donoghue <bryan.odonoghue(a)linaro.org>
clk: qcom: camcc-x1e80100: Set titan_top_gdsc as the parent GDSC of subordinate GDSCs
Peng Fan <peng.fan(a)nxp.com>
clk: imx: Apply some clks only for i.MX93
Shengjiu Wang <shengjiu.wang(a)nxp.com>
arm64: dts: imx93: Use IMX93_CLK_SPDIF_IPG as SPDIF IPG clock
Shengjiu Wang <shengjiu.wang(a)nxp.com>
clk: imx93: Add IMX93_CLK_SPDIF_IPG clock
Shengjiu Wang <shengjiu.wang(a)nxp.com>
dt-bindings: clock: imx93: Add SPDIF IPG clk
Marek Vasut <marex(a)denx.de>
clk: imx8mp: Fix clkout1/2 support
Stefano Brivio <sbrivio(a)redhat.com>
udp: Deal with race between UDP socket address change and rehash
Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org>
cpufreq: qcom: Implement clk_ops::determine_rate() for qcom_cpufreq* clocks
Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org>
cpufreq: qcom: Fix qcom_cpufreq_hw_recalc_rate() to query LUT if LMh IRQ is not available
Luca Ceresoli <luca.ceresoli(a)bootlin.com>
gpio: pca953x: log an error when failing to get the reset GPIO
Lorenzo Bianconi <lorenzo(a)kernel.org>
net: airoha: Fix error path in airoha_probe()
Eric Dumazet <edumazet(a)google.com>
ptr_ring: do not block hard interrupts in ptr_ring_resize_multiple()
Mickaël Salaün <mic(a)digikod.net>
selftests: ktap_helpers: Fix uninitialized variable
Sultan Alsawaf (unemployed) <sultan(a)kerneltoast.com>
cpufreq: schedutil: Fix superfluous updates caused by need_freq_update
Mingwei Zheng <zmw12306(a)gmail.com>
pwm: stm32-lp: Add check for clk_enable()
Eric Dumazet <edumazet(a)google.com>
inetpeer: do not get a refcount in inet_getpeer()
Eric Dumazet <edumazet(a)google.com>
inetpeer: update inetpeer timestamp in inet_getpeer()
Eric Dumazet <edumazet(a)google.com>
inetpeer: remove create argument of inet_getpeer()
Eric Dumazet <edumazet(a)google.com>
inetpeer: remove create argument of inet_getpeer_v[46]()
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
leds: netxbig: Fix an OF node reference leak in netxbig_leds_get_of_pdata()
Matti Vaittinen <mazziesaccount(a)gmail.com>
dt-bindings: mfd: bd71815: Fix rsense and typos
He Rongguang <herongguang(a)linux.alibaba.com>
cpupower: fix TSC MHz calculation
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
ACPI: fan: cleanup resources in the error path of .probe()
Uwe Kleine-König <u.kleine-koenig(a)baylibre.com>
hwmon: (nct6775): Actually make use of the HWMON_NCT6775 symbol namespace
Marcel Hamer <marcel.hamer(a)windriver.com>
wifi: brcmfmac: add missing header include for brcmf_dbg
Aditya Kumar Singh <quic_adisi(a)quicinc.com>
wifi: ath12k: fix read pointer after free in ath12k_mac_assign_vif_to_vdev()
Chen-Yu Tsai <wenst(a)chromium.org>
regulator: dt-bindings: mt6315: Drop regulator-compatible property
Jiri Kosina <jikos(a)kernel.org>
HID: multitouch: fix support for Goodix PID 0x01e9
Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>
wifi: rtlwifi: pci: wait for firmware loading before releasing memory
Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>
wifi: rtlwifi: fix memory leaks and invalid access at probe error path
Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>
wifi: rtlwifi: destroy workqueue at rtl_deinit_core
Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>
wifi: rtlwifi: remove unused check_buddy_priv
Geert Uytterhoeven <geert+renesas(a)glider.be>
dt-bindings: leds: class-multicolor: Fix path to color definitions
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
clk: fix an OF node reference leak in of_clk_get_parent_name()
Neil Armstrong <neil.armstrong(a)linaro.org>
dt-bindings: mmc: controller: clarify the address-cells description
David Howells <dhowells(a)redhat.com>
rxrpc: Fix handling of received connection abort
Mingwei Zheng <zmw12306(a)gmail.com>
spi: zynq-qspi: Add check for clk_enable()
Octavian Purdila <tavip(a)google.com>
net_sched: sch_sfq: don't allow 1 packet limit
Song Yoong Siang <yoong.siang.song(a)intel.com>
selftests/bpf: Actuate tx_metadata_len in xdp_hw_metadata
Zichen Xie <zichenxie0106(a)gmail.com>
wifi: cfg80211: tests: Fix potential NULL dereference in test_cfg80211_parse_colocated_ap()
Dan Carpenter <dan.carpenter(a)linaro.org>
clk: mmp: pxa1908-apbc: Fix NULL vs IS_ERR() check
Dan Carpenter <dan.carpenter(a)linaro.org>
clk: mmp: pxa1908-apbcp: Fix a NULL vs IS_ERR() check
Dan Carpenter <dan.carpenter(a)linaro.org>
clk: mmp: pxa1908-mpmu: Fix a NULL vs IS_ERR() check
Javier Carrasco <javier.carrasco.cruz(a)gmail.com>
clk: renesas: cpg-mssr: Fix 'soc' node handling in cpg_mssr_reserved_init()
Barnabás Czémán <barnabas.czeman(a)mainlining.org>
wifi: wcn36xx: fix channel survey memory allocation size
Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>
wifi: rtlwifi: usb: fix workqueue leak when probe fails
Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>
wifi: rtlwifi: fix init_sw_vars leak when probe fails
Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>
wifi: rtlwifi: wait for firmware loading before releasing memory
Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>
wifi: rtlwifi: rtl8192se: rise completion of firmware loading as last step
Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>
wifi: rtlwifi: do not complete firmware loading needlessly
Colin Ian King <colin.i.king(a)gmail.com>
wifi: rtlwifi: rtl8821ae: phy: restore removed code to fix infinite loop
Balaji Pothunoori <quic_bpothuno(a)quicinc.com>
wifi: ath11k: Fix unexpected return buffer manager error for WCN6750/WCN6855
Charles Han <hanchunchao(a)inspur.com>
ipmi: ipmb: Add check devm_kasprintf() returned value
Thomas Gleixner <tglx(a)linutronix.de>
genirq: Make handle_enforce_irqctx() unconditionally available
Jonathan Kim <jonathan.kim(a)amd.com>
drm/amdgpu: fix gpu recovery disable with per queue reset
Jiang Liu <gerry(a)linux.alibaba.com>
drm/amdgpu: tear down ttm range manager for doorbell in amdgpu_ttm_fini()
Dan Carpenter <dan.carpenter(a)linaro.org>
drm/amdgpu: Fix shift type in amdgpu_debugfs_sdma_sched_mask_set()
Hermes Wu <hermes.wu(a)ite.com.tw>
drm/bridge: it6505: Change definition of AUX_FIFO_MAX_SIZE
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
drm/msm/mdp4: correct LCDC regulator name
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
drm/msm: don't clean up priv->kms prematurely
Sui Jingfeng <sui.jingfeng(a)linux.dev>
drm/msm: Check return value of of_dma_configure()
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
drm/msm/dpu: link DSPP_2/_3 blocks on X1E80100
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
drm/msm/dpu: link DSPP_2/_3 blocks on SM8650
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
drm/msm/dpu: link DSPP_2/_3 blocks on SM8550
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
drm/msm/dpu: link DSPP_2/_3 blocks on SM8350
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
drm/msm/dpu: link DSPP_2/_3 blocks on SM8250
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
drm/msm/dpu: link DSPP_2/_3 blocks on SC8180X
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
drm/msm/dpu: link DSPP_2/_3 blocks on SM8150
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
drm/msm/dpu: provide DSPP and correct LM config for SDM670
Neil Armstrong <neil.armstrong(a)linaro.org>
OPP: fix dev_pm_opp_find_bw_*() when bandwidth table not initialized
Neil Armstrong <neil.armstrong(a)linaro.org>
OPP: add index check to assert to avoid buffer overflow in _read_freq()
Karol Przybylski <karprzy7(a)gmail.com>
drm/amdgpu: Fix potential integer overflow in scheduler mask calculations
Bokun Zhang <bokun.zhang(a)amd.com>
drm/amdgpu/vcn: reset fw_shared under SRIOV
Min-Hua Chen <minhuadotchen(a)gmail.com>
drm/rockchip: vop2: include rockchip_drm_drv.h
Andy Yan <andy.yan(a)rock-chips.com>
drm/rockchip: vop2: Add check for 32 bpp format for rk3588
Andy Yan <andy.yan(a)rock-chips.com>
drm/rockchip: vop2: Check linear format for Cluster windows on rk3566/8
Andy Yan <andy.yan(a)rock-chips.com>
drm/rockchip: vop2: Setup delay cycle for Esmart2/3
Andy Yan <andy.yan(a)rock-chips.com>
drm/rockchip: vop2: Set AXI id for rk3588
Derek Foreman <derek.foreman(a)collabora.com>
drm/connector: Allow clearing HDMI infoframes
John Ogness <john.ogness(a)linutronix.de>
printk: Defer legacy printing when holding printk_cpu_sync
Andy Yan <andy.yan(a)rock-chips.com>
drm/rockchip: vop2: Fix the windows switch between different layers
Abhinav Kumar <quic_abhinavk(a)quicinc.com>
drm/msm/dpu: check dpu_plane_atomic_print_state() for valid sspp
Abhinav Kumar <quic_abhinavk(a)quicinc.com>
drm/msm/dp: disable the opp table request even for dp_ctrl_off_link()
Abhinav Kumar <quic_abhinavk(a)quicinc.com>
drm/msm/dp: dont call dp_catalog_ctrl_mainlink_ctrl in dp_ctrl_configure_source_params()
Abhinav Kumar <quic_abhinavk(a)quicinc.com>
drm/msm/dp: do not touch the MMSS_DP_INTF_CONFIG for tpg
Boris Brezillon <boris.brezillon(a)collabora.com>
drm/panthor: Preserve the result returned by panthor_fw_resume()
Andy Yan <andy.yan(a)rock-chips.com>
drm/rockchip: vop2: Fix the mixer alpha setup for layer 0
Andy Yan <andy.yan(a)rock-chips.com>
drm/rockchip: vop2: Fix cluster windows alpha ctrl regsiters offset
Ivan Stepchenko <sid(a)itb.spb.ru>
drm/amdgpu: Fix potential NULL pointer dereference in atomctrl_get_smc_sclk_range_table
Christophe JAILLET <christophe.jaillet(a)wanadoo.fr>
drm/amd/pm: Fix an error handling path in vega10_enable_se_edc_force_stall_config()
Sui Jingfeng <sui.jingfeng(a)linux.dev>
drm/etnaviv: Fix page property being used for non writecombine buffers
Rex Nie <rex.nie(a)jaguarmicro.com>
drm/msm/hdmi: simplify code in pll_get_integloop_gain
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
dt-bindings: display/msm: qcom,sa8775p-mdss: fix the example
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
drm/msm/dp: fix msm_dp_utils_pack_sdp_header interface
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
drm/msm/dp: set safe_to_exit_level before printing it
Heiko Stuebner <heiko.stuebner(a)cherry.de>
drm/rockchip: vop2: fix rk3588 dp+dsi maxclk verification
Ville Syrjälä <ville.syrjala(a)linux.intel.com>
drm/i915: Grab intel_display from the encoder to avoid potential oopsies
Maíra Canal <mcanal(a)igalia.com>
drm/v3d: Fix performance counter source settings on V3D 7.x
Chengming Zhou <chengming.zhou(a)linux.dev>
psi: Fix race when task wakes up before psi_sched_switch() adjusts flags
K Prateek Nayak <kprateek.nayak(a)amd.com>
x86/topology: Use x86_sched_itmt_flags for PKG domain unconditionally
Tianchen Ding <dtcccc(a)linux.alibaba.com>
sched: Fix race between yield_to() and try_to_wake_up()
Peter Zijlstra <peterz(a)infradead.org>
sched/fair: Fix value reported by hot tasks pulled in /proc/schedstat
Peter Zijlstra <peterz(a)infradead.org>
sched/fair: Untangle NEXT_BUDDY and pick_next_task()
Yabin Cui <yabinc(a)google.com>
perf/core: Save raw sample data conditionally based on sample type
John Garry <john.g.garry(a)oracle.com>
block: Ensure start sector is aligned for stacking atomic writes
David Howells <dhowells(a)redhat.com>
afs: Fix the fallback handling for the YFS.RemoveFile2 RPC call
Jens Axboe <axboe(a)kernel.dk>
nvme: fix bogus kzalloc() return check in nvme_init_effects_log()
Christophe Leroy <christophe.leroy(a)csgroup.eu>
select: Fix unbalanced user_access_end()
Qu Wenruo <wqu(a)suse.com>
btrfs: subpage: fix the bitmap dump of the locked flags
Randy Dunlap <rdunlap(a)infradead.org>
partitions: ldm: remove the initial kernel-doc notation
Qu Wenruo <wqu(a)suse.com>
btrfs: improve the warning and error message for btrfs_remove_qgroup()
Keisuke Nishimura <keisuke.nishimura(a)inria.fr>
nvme: Add error path for xa_store in nvme_init_effects
Michael Ellerman <mpe(a)ellerman.id.au>
selftests/powerpc: Fix argument order to timer_sub()
Gaurav Batra <gbatra(a)linux.ibm.com>
powerpc/pseries/iommu: IOMMU incorrectly marks MMIO range in DDW
Keisuke Nishimura <keisuke.nishimura(a)inria.fr>
nvme: Add error check for xa_store in nvme_get_effects_log
Sagi Grimberg <sagi(a)grimberg.me>
nvme-tcp: Fix I/O queue cpu spreading for multiple controllers
Christoph Hellwig <hch(a)lst.de>
block: fix queue freeze vs limits lock order in sysfs store methods
Christoph Hellwig <hch(a)lst.de>
block: add a store_limit operations for sysfs entries
Christoph Hellwig <hch(a)lst.de>
block: add a queue_limits_commit_update_frozen helper
Christoph Hellwig <hch(a)lst.de>
block: don't update BLK_FEAT_POLL in __blk_mq_update_nr_hw_queues
Christoph Hellwig <hch(a)lst.de>
block: check BLK_FEAT_POLL under q_usage_count
Eugen Hristev <eugen.hristev(a)linaro.org>
pstore/blk: trivial typo fixes
Yu Kuai <yukuai3(a)huawei.com>
nbd: don't allow reconnect after disconnect
Geert Uytterhoeven <geert+renesas(a)glider.be>
ps3disk: Do not use dev->bounce_size before it is set
Yang Erkun <yangerkun(a)huawei.com>
block: retry call probe after request_module in blk_request_module
Pavel Begunkov <asml.silence(a)gmail.com>
io_uring: prevent reg-wait speculations
Christoph Hellwig <hch(a)lst.de>
block: copy back bounce buffer to user-space correctly in case of split
Jinliang Zheng <alexjlzheng(a)gmail.com>
fs: fix proc_handler for sysctl_nr_open
David Howells <dhowells(a)redhat.com>
afs: Fix cleanup of immediately failed async calls
David Howells <dhowells(a)redhat.com>
afs: Fix directory format encoding struct
David Howells <dhowells(a)redhat.com>
afs: Fix EEXIST error returned from afs_rmdir() to be ENOTEMPTY
Alexander Aring <aahringo(a)redhat.com>
dlm: fix srcu_read_lock() return type to int
Alexander Aring <aahringo(a)redhat.com>
dlm: fix removal of rsb struct that is master and dir record
Sourabh Jain <sourabhjain(a)linux.ibm.com>
powerpc/book3s64/hugetlb: Fix disabling hugetlb when fadump is active
Kees Cook <kees(a)kernel.org>
coredump: Do not lock during 'comm' reporting
-------------
Diffstat:
.../bindings/display/msm/qcom,sa8775p-mdss.yaml | 3 +-
.../bindings/leds/leds-class-multicolor.yaml | 2 +-
.../devicetree/bindings/mfd/rohm,bd71815-pmic.yaml | 20 +--
.../devicetree/bindings/mmc/mmc-controller.yaml | 2 +-
.../bindings/regulator/mt6315-regulator.yaml | 6 -
Documentation/driver-api/crypto/iaa/iaa-crypto.rst | 9 +-
Makefile | 4 +-
.../dts/aspeed/aspeed-bmc-facebook-yosemite4.dts | 24 ++-
.../boot/dts/intel/socfpga/socfpga_arria10.dtsi | 6 +-
arch/arm/boot/dts/mediatek/mt7623.dtsi | 2 +-
.../boot/dts/microchip/at91-sama5d27_wlsom1_ek.dts | 1 +
.../boot/dts/microchip/at91-sama5d29_curiosity.dts | 1 +
arch/arm/boot/dts/nxp/imx/imx7-tqma7.dtsi | 1 +
arch/arm/boot/dts/st/stm32mp13xx-dhcor-som.dtsi | 16 +-
arch/arm/boot/dts/st/stm32mp151.dtsi | 2 +-
arch/arm/boot/dts/st/stm32mp15xx-dhcom-drc02.dtsi | 12 --
arch/arm/boot/dts/st/stm32mp15xx-dhcom-pdk2.dtsi | 10 --
.../arm/boot/dts/st/stm32mp15xx-dhcom-picoitx.dtsi | 10 --
arch/arm/boot/dts/st/stm32mp15xx-dhcom-som.dtsi | 7 +
arch/arm/mach-at91/pm.c | 31 ++--
arch/arm/mach-omap1/board-nokia770.c | 2 +-
arch/arm64/boot/dts/freescale/imx93.dtsi | 2 +-
arch/arm64/boot/dts/marvell/cn9131-cf-solidwan.dts | 4 +-
arch/arm64/boot/dts/mediatek/mt7988a.dtsi | 3 +
arch/arm64/boot/dts/mediatek/mt8173-elm.dtsi | 29 +---
arch/arm64/boot/dts/mediatek/mt8173-evb.dts | 25 +--
.../dts/mediatek/mt8183-kukui-jacuzzi-damu.dts | 4 +
.../dts/mediatek/mt8183-kukui-jacuzzi-kenzo.dts | 15 ++
.../dts/mediatek/mt8183-kukui-jacuzzi-willow.dtsi | 15 ++
.../boot/dts/mediatek/mt8183-kukui-jacuzzi.dtsi | 2 -
arch/arm64/boot/dts/mediatek/mt8183.dtsi | 3 +-
arch/arm64/boot/dts/mediatek/mt8186.dtsi | 8 +-
arch/arm64/boot/dts/mediatek/mt8188.dtsi | 2 +-
arch/arm64/boot/dts/mediatek/mt8192-asurada.dtsi | 3 -
arch/arm64/boot/dts/mediatek/mt8195-cherry.dtsi | 2 -
arch/arm64/boot/dts/mediatek/mt8195-demo.dts | 9 --
arch/arm64/boot/dts/mediatek/mt8195.dtsi | 5 +-
arch/arm64/boot/dts/mediatek/mt8365.dtsi | 3 +-
.../boot/dts/mediatek/mt8395-genio-1200-evk.dts | 2 -
.../boot/dts/mediatek/mt8395-radxa-nio-12l.dts | 2 -
arch/arm64/boot/dts/mediatek/mt8516.dtsi | 11 +-
arch/arm64/boot/dts/mediatek/pumpkin-common.dtsi | 2 -
arch/arm64/boot/dts/nvidia/tegra234.dtsi | 2 +-
arch/arm64/boot/dts/qcom/msm8916.dtsi | 2 +-
arch/arm64/boot/dts/qcom/msm8939.dtsi | 2 +-
arch/arm64/boot/dts/qcom/msm8994.dtsi | 11 +-
arch/arm64/boot/dts/qcom/msm8996-xiaomi-gemini.dts | 2 +-
arch/arm64/boot/dts/qcom/msm8996.dtsi | 9 +-
arch/arm64/boot/dts/qcom/qcm6490-shift-otter.dts | 2 -
arch/arm64/boot/dts/qcom/qcs404.dtsi | 2 +-
arch/arm64/boot/dts/qcom/qcs8550-aim300.dtsi | 2 +-
arch/arm64/boot/dts/qcom/qdu1000-idp.dts | 2 +-
arch/arm64/boot/dts/qcom/qrb4210-rb2.dts | 2 +-
arch/arm64/boot/dts/qcom/qru1000-idp.dts | 2 +-
arch/arm64/boot/dts/qcom/sa8775p-ride.dtsi | 2 +-
arch/arm64/boot/dts/qcom/sa8775p.dtsi | 32 +++-
.../arm64/boot/dts/qcom/sc7180-trogdor-pompom.dtsi | 4 +-
.../dts/qcom/sc7180-trogdor-quackingstick.dtsi | 1 +
arch/arm64/boot/dts/qcom/sc7180.dtsi | 18 +--
arch/arm64/boot/dts/qcom/sc7280.dtsi | 2 +-
arch/arm64/boot/dts/qcom/sc8280xp.dtsi | 46 +++---
.../qcom/sdm845-db845c-navigation-mezzanine.dtso | 42 -----
arch/arm64/boot/dts/qcom/sdm845.dtsi | 20 +--
arch/arm64/boot/dts/qcom/sdx75.dtsi | 2 +-
arch/arm64/boot/dts/qcom/sm4450.dtsi | 2 +-
arch/arm64/boot/dts/qcom/sm6125.dtsi | 2 +-
arch/arm64/boot/dts/qcom/sm6375.dtsi | 2 +-
arch/arm64/boot/dts/qcom/sm7225-fairphone-fp4.dts | 2 +-
.../boot/dts/qcom/sm8150-microsoft-surface-duo.dts | 4 +-
arch/arm64/boot/dts/qcom/sm8250.dtsi | 30 ++--
arch/arm64/boot/dts/qcom/sm8350.dtsi | 2 +-
arch/arm64/boot/dts/qcom/sm8450.dtsi | 2 +-
arch/arm64/boot/dts/qcom/sm8550-hdk.dts | 2 +-
arch/arm64/boot/dts/qcom/sm8550-mtp.dts | 2 +-
arch/arm64/boot/dts/qcom/sm8550-qrd.dts | 2 +-
arch/arm64/boot/dts/qcom/sm8550-samsung-q5q.dts | 2 +-
.../dts/qcom/sm8550-sony-xperia-yodo-pdx234.dts | 2 +-
arch/arm64/boot/dts/qcom/sm8650-hdk.dts | 2 +-
arch/arm64/boot/dts/qcom/sm8650-mtp.dts | 2 +-
arch/arm64/boot/dts/qcom/sm8650-qrd.dts | 2 +-
arch/arm64/boot/dts/qcom/sm8650.dtsi | 6 +-
.../boot/dts/qcom/x1e80100-microsoft-romulus.dtsi | 4 +-
arch/arm64/boot/dts/qcom/x1e80100.dtsi | 2 +-
arch/arm64/boot/dts/renesas/rzg3s-smarc-som.dtsi | 5 -
arch/arm64/boot/dts/renesas/rzg3s-smarc.dtsi | 7 +-
arch/arm64/boot/dts/rockchip/rk3308-rock-s0.dts | 25 ++-
.../boot/dts/rockchip/rk3568-wolfvision-pf5.dts | 2 +-
.../boot/dts/rockchip/rk3588-edgeble-neu6a-io.dtsi | 95 +++++++----
arch/arm64/boot/dts/ti/Makefile | 6 +-
arch/arm64/boot/dts/ti/k3-am62-main.dtsi | 1 -
arch/arm64/boot/dts/ti/k3-am62a-main.dtsi | 1 -
...-pcie.dtso => k3-am642-hummingboard-t-pcie.dts} | 14 +-
...-usb3.dtso => k3-am642-hummingboard-t-usb3.dts} | 13 +-
arch/arm64/configs/defconfig | 1 -
arch/hexagon/include/asm/cmpxchg.h | 2 +-
arch/hexagon/kernel/traps.c | 4 +-
arch/loongarch/include/asm/hw_breakpoint.h | 4 +-
arch/loongarch/include/asm/loongarch.h | 60 +++++++
arch/loongarch/kernel/hw_breakpoint.c | 16 +-
arch/loongarch/power/platform.c | 2 +-
arch/powerpc/include/asm/hugetlb.h | 9 ++
arch/powerpc/kernel/iommu.c | 2 +-
arch/powerpc/platforms/pseries/iommu.c | 12 +-
arch/riscv/kernel/vector.c | 2 +-
arch/s390/Kconfig | 1 +
arch/s390/Makefile | 2 +-
arch/s390/boot/vmem.c | 74 ++++++---
arch/s390/include/asm/sclp.h | 1 +
arch/s390/kernel/perf_cpum_cf.c | 2 +-
arch/s390/kernel/perf_pai_crypto.c | 2 +-
arch/s390/kernel/perf_pai_ext.c | 2 +-
arch/s390/kernel/setup.c | 5 +
arch/s390/purgatory/Makefile | 2 +-
arch/x86/events/amd/ibs.c | 2 +-
arch/x86/include/asm/kvm_host.h | 2 +-
arch/x86/kernel/smpboot.c | 11 +-
arch/x86/kvm/lapic.c | 11 +-
arch/x86/kvm/vmx/vmx.c | 2 +-
arch/x86/kvm/vmx/x86_ops.h | 2 +-
block/bio-integrity.c | 15 +-
block/blk-core.c | 21 +--
block/blk-integrity.c | 4 +-
block/blk-mq.c | 34 ++--
block/blk-mq.h | 6 +
block/blk-settings.c | 31 +++-
block/blk-sysfs.c | 137 ++++++++--------
block/blk-zoned.c | 7 +-
block/genhd.c | 22 ++-
block/partitions/ldm.h | 2 +-
crypto/algapi.c | 4 +-
drivers/acpi/acpica/achware.h | 2 -
drivers/acpi/fan_core.c | 10 +-
drivers/base/class.c | 9 +-
drivers/base/power/main.c | 29 ++--
drivers/block/nbd.c | 1 +
drivers/block/ps3disk.c | 4 +-
drivers/block/virtio_blk.c | 4 +-
drivers/bluetooth/btbcm.c | 3 +
drivers/bluetooth/btnxpuart.c | 3 +-
drivers/bluetooth/btrtl.c | 4 +-
drivers/bluetooth/btusb.c | 7 +
drivers/char/ipmi/ipmb_dev_int.c | 3 +
drivers/char/ipmi/ssif_bmc.c | 5 +-
drivers/clk/analogbits/wrpll-cln28hpc.c | 2 +-
drivers/clk/clk.c | 4 +-
drivers/clk/imx/clk-imx8mp.c | 5 +-
drivers/clk/imx/clk-imx93.c | 32 ++--
drivers/clk/mmp/clk-pxa1908-apbc.c | 4 +-
drivers/clk/mmp/clk-pxa1908-apbcp.c | 4 +-
drivers/clk/mmp/clk-pxa1908-mpmu.c | 4 +-
drivers/clk/qcom/camcc-x1e80100.c | 7 +
drivers/clk/qcom/gcc-sdm845.c | 32 ++--
drivers/clk/qcom/gcc-x1e80100.c | 2 +-
drivers/clk/ralink/clk-mtmips.c | 1 -
drivers/clk/renesas/renesas-cpg-mssr.c | 2 +-
drivers/clk/sunxi-ng/ccu-sun50i-a64.c | 13 +-
drivers/clk/thead/clk-th1520-ap.c | 13 +-
drivers/cpufreq/acpi-cpufreq.c | 36 +++--
drivers/cpufreq/amd-pstate.c | 2 +-
drivers/cpufreq/qcom-cpufreq-hw.c | 34 ++--
drivers/crypto/caam/blob_gen.c | 3 +-
drivers/crypto/hisilicon/sec2/sec.h | 3 +-
drivers/crypto/hisilicon/sec2/sec_crypto.c | 157 +++++++++---------
drivers/crypto/hisilicon/sec2/sec_crypto.h | 11 --
drivers/crypto/intel/iaa/iaa_crypto_main.c | 2 +-
drivers/crypto/intel/ixp4xx/ixp4xx_crypto.c | 3 +
drivers/crypto/tegra/tegra-se-aes.c | 7 +-
drivers/crypto/tegra/tegra-se-hash.c | 7 +-
drivers/dma/ti/edma.c | 3 +-
drivers/firewire/device-attribute-test.c | 2 +
drivers/firmware/efi/sysfb_efi.c | 2 +-
drivers/firmware/qcom/qcom_scm.c | 42 +++--
drivers/gpio/gpio-mxc.c | 3 +-
drivers/gpio/gpio-pca953x.c | 3 +-
drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gfx_v9.c | 6 +
drivers/gpu/drm/amd/amdgpu/amdgpu_gfx.c | 8 +-
drivers/gpu/drm/amd/amdgpu/amdgpu_sdma.c | 4 +-
drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 1 +
drivers/gpu/drm/amd/amdgpu/vcn_v4_0_3.c | 2 +
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 12 +-
.../gpu/drm/amd/display/dc/dpp/dcn10/dcn10_dpp.c | 3 +
.../gpu/drm/amd/display/dc/hubp/dcn10/dcn10_hubp.c | 10 +-
.../gpu/drm/amd/display/dc/hubp/dcn10/dcn10_hubp.h | 2 +
.../gpu/drm/amd/display/dc/hubp/dcn20/dcn20_hubp.c | 1 +
.../drm/amd/display/dc/hubp/dcn201/dcn201_hubp.c | 1 +
.../gpu/drm/amd/display/dc/hubp/dcn21/dcn21_hubp.c | 3 +
.../gpu/drm/amd/display/dc/hubp/dcn30/dcn30_hubp.c | 3 +
.../gpu/drm/amd/display/dc/hubp/dcn31/dcn31_hubp.c | 1 +
.../gpu/drm/amd/display/dc/hubp/dcn32/dcn32_hubp.c | 1 +
.../gpu/drm/amd/display/dc/hubp/dcn35/dcn35_hubp.c | 1 +
.../drm/amd/display/dc/hubp/dcn401/dcn401_hubp.c | 3 +-
.../drm/amd/display/dc/hwss/dcn10/dcn10_hwseq.c | 2 +
.../drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c | 2 +
drivers/gpu/drm/amd/display/dc/inc/hw/hubp.h | 2 +
.../gpu/drm/amd/pm/powerplay/hwmgr/ppatomctrl.c | 2 +
.../drm/amd/pm/powerplay/hwmgr/vega10_powertune.c | 5 +-
drivers/gpu/drm/bridge/ite-it6505.c | 2 +-
drivers/gpu/drm/display/drm_hdmi_state_helper.c | 8 +
drivers/gpu/drm/etnaviv/etnaviv_gem.c | 16 +-
drivers/gpu/drm/i915/display/intel_crt.c | 10 +-
drivers/gpu/drm/msm/adreno/a6xx_gmu.c | 8 +-
.../drm/msm/disp/dpu1/catalog/dpu_10_0_sm8650.h | 2 +
.../gpu/drm/msm/disp/dpu1/catalog/dpu_4_1_sdm670.h | 54 ++++++-
.../gpu/drm/msm/disp/dpu1/catalog/dpu_5_0_sm8150.h | 2 +
.../drm/msm/disp/dpu1/catalog/dpu_5_1_sc8180x.h | 2 +
.../gpu/drm/msm/disp/dpu1/catalog/dpu_6_0_sm8250.h | 2 +
.../gpu/drm/msm/disp/dpu1/catalog/dpu_7_0_sm8350.h | 2 +
.../gpu/drm/msm/disp/dpu1/catalog/dpu_9_0_sm8550.h | 2 +
.../drm/msm/disp/dpu1/catalog/dpu_9_2_x1e80100.h | 2 +
drivers/gpu/drm/msm/disp/dpu1/dpu_plane.c | 15 +-
drivers/gpu/drm/msm/disp/mdp4/mdp4_lcdc_encoder.c | 2 +-
drivers/gpu/drm/msm/dp/dp_audio.c | 2 +-
drivers/gpu/drm/msm/dp/dp_catalog.c | 1 -
drivers/gpu/drm/msm/dp/dp_ctrl.c | 2 +-
drivers/gpu/drm/msm/dp/dp_utils.c | 10 +-
drivers/gpu/drm/msm/dp/dp_utils.h | 2 +-
drivers/gpu/drm/msm/hdmi/hdmi_phy_8998.c | 2 +-
drivers/gpu/drm/msm/msm_kms.c | 1 -
drivers/gpu/drm/panthor/panthor_device.c | 4 +-
drivers/gpu/drm/rockchip/rockchip_drm_vop2.c | 115 ++++++++++---
drivers/gpu/drm/rockchip/rockchip_drm_vop2.h | 10 ++
drivers/gpu/drm/rockchip/rockchip_vop2_reg.c | 26 ++-
drivers/gpu/drm/v3d/v3d_debugfs.c | 4 +-
drivers/gpu/drm/v3d/v3d_perfmon.c | 15 +-
drivers/gpu/drm/v3d/v3d_regs.h | 29 ++--
drivers/hid/hid-core.c | 2 +
drivers/hid/hid-input.c | 37 ++---
drivers/hid/hid-multitouch.c | 2 +-
drivers/hid/hid-thrustmaster.c | 8 +
drivers/hwmon/Kconfig | 4 +-
drivers/hwmon/nct6775-core.c | 6 +-
drivers/i2c/busses/i2c-designware-common.c | 5 +-
drivers/i2c/busses/i2c-designware-master.c | 5 +-
drivers/i2c/busses/i2c-designware-slave.c | 5 +-
drivers/i3c/master/dw-i3c-master.c | 1 +
drivers/infiniband/hw/Makefile | 2 +-
drivers/infiniband/hw/bnxt_re/ib_verbs.c | 7 +-
drivers/infiniband/hw/cxgb4/device.c | 6 +-
drivers/infiniband/hw/cxgb4/qp.c | 8 +
drivers/infiniband/hw/hns/Kconfig | 20 +--
drivers/infiniband/hw/hns/Makefile | 9 +-
drivers/infiniband/hw/mlx4/main.c | 8 +-
drivers/infiniband/hw/mlx5/odp.c | 62 +++++---
drivers/infiniband/sw/rxe/rxe_param.h | 2 +-
drivers/infiniband/sw/rxe/rxe_pool.c | 11 +-
drivers/infiniband/sw/rxe/rxe_verbs.c | 5 +-
drivers/infiniband/ulp/rtrs/rtrs.c | 3 +
drivers/infiniband/ulp/srp/ib_srp.c | 1 -
drivers/iommu/amd/amd_iommu.h | 5 +-
drivers/iommu/amd/init.c | 14 +-
drivers/iommu/amd/iommu.c | 132 +++++----------
drivers/iommu/amd/pasid.c | 3 +-
drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 17 +-
drivers/iommu/intel/pasid.c | 22 ++-
drivers/iommu/intel/pasid.h | 6 +
drivers/iommu/iommufd/iova_bitmap.c | 2 +-
drivers/iommu/iommufd/main.c | 2 +-
drivers/iommu/riscv/iommu.c | 2 +-
drivers/leds/leds-cht-wcove.c | 6 +-
drivers/leds/leds-netxbig.c | 1 +
drivers/mailbox/mailbox-mpfs.c | 2 +-
drivers/mailbox/mailbox-th1520.c | 6 +-
drivers/md/md-bitmap.c | 79 +++++----
drivers/md/md-bitmap.h | 7 +-
drivers/md/md.c | 34 ++++
drivers/md/md.h | 5 +
drivers/md/raid1.c | 34 +---
drivers/md/raid1.h | 1 -
drivers/md/raid10.c | 26 +--
drivers/md/raid10.h | 1 -
drivers/md/raid5-cache.c | 4 -
drivers/md/raid5.c | 111 ++++++-------
drivers/md/raid5.h | 4 -
drivers/media/i2c/imx290.c | 3 +-
drivers/media/i2c/imx412.c | 42 ++---
drivers/media/i2c/ov9282.c | 2 +-
drivers/media/platform/marvell/mcam-core.c | 7 +-
drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c | 7 +-
.../media/platform/nxp/imx8-isi/imx8-isi-video.c | 3 +
.../media/platform/samsung/exynos4-is/mipi-csis.c | 10 +-
.../media/platform/samsung/s3c-camif/camif-core.c | 13 +-
drivers/media/rc/iguanair.c | 4 +-
drivers/media/usb/dvb-usb-v2/af9035.c | 18 ++-
drivers/media/usb/dvb-usb-v2/lmedm04.c | 12 +-
drivers/media/usb/uvc/uvc_queue.c | 3 +-
drivers/media/usb/uvc/uvc_status.c | 4 +
drivers/memory/tegra/tegra20-emc.c | 8 +-
drivers/mfd/syscon.c | 19 +--
drivers/misc/cardreader/rtsx_usb.c | 15 ++
drivers/mtd/hyperbus/hbmc-am654.c | 19 ++-
drivers/mtd/nand/raw/brcmnand/brcmnand.c | 5 +
drivers/mtd/ubi/ubi.h | 2 -
drivers/mtd/ubi/wl.c | 21 ---
drivers/net/bonding/bond_main.c | 19 +--
drivers/net/ethernet/broadcom/bgmac.h | 3 +-
drivers/net/ethernet/davicom/dm9000.c | 3 +-
drivers/net/ethernet/freescale/fec_main.c | 31 +++-
drivers/net/ethernet/hisilicon/hns3/hnae3.c | 15 ++
drivers/net/ethernet/hisilicon/hns3/hnae3.h | 2 +
drivers/net/ethernet/hisilicon/hns3/hns3_enet.c | 2 +
.../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 2 +
.../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 2 +
drivers/net/ethernet/intel/iavf/iavf_main.c | 19 ++-
drivers/net/ethernet/intel/ice/ice_adminq_cmd.h | 1 -
drivers/net/ethernet/intel/ice/ice_ethtool.c | 1 -
drivers/net/ethernet/intel/ice/ice_ethtool.h | 1 -
drivers/net/ethernet/intel/ice/ice_parser.h | 6 +-
drivers/net/ethernet/intel/ice/ice_parser_rt.c | 12 +-
drivers/net/ethernet/intel/idpf/idpf_controlq.c | 6 +
drivers/net/ethernet/intel/idpf/idpf_main.c | 15 +-
drivers/net/ethernet/intel/idpf/idpf_virtchnl.c | 14 +-
.../net/ethernet/marvell/octeon_ep/octep_main.c | 10 --
.../ethernet/marvell/octeon_ep_vf/octep_vf_main.c | 8 -
drivers/net/ethernet/mediatek/airoha_eth.c | 37 +++--
drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 2 +-
.../mellanox/mlx5/core/steering/hws/definer.c | 2 +-
drivers/net/ethernet/mellanox/mlxfw/mlxfw_fsm.c | 2 -
drivers/net/ethernet/mellanox/mlxsw/spectrum_mr.c | 8 +-
drivers/net/ethernet/renesas/ravb_main.c | 22 ++-
drivers/net/ethernet/renesas/sh_eth.c | 4 +
drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 30 ++++
drivers/net/ethernet/ti/am65-cpsw-nuss.c | 2 +-
drivers/net/netdevsim/netdevsim.h | 1 +
drivers/net/netdevsim/udp_tunnels.c | 23 +--
drivers/net/phy/marvell-88q2xxx.c | 33 +++-
drivers/net/phy/realtek.c | 29 ++--
drivers/net/tap.c | 6 +-
drivers/net/team/team_core.c | 7 +
drivers/net/tun.c | 6 +-
drivers/net/usb/rtl8150.c | 22 +++
drivers/net/vxlan/vxlan_vnifilter.c | 5 +
drivers/net/wireless/ath/ath11k/dp_rx.c | 1 +
drivers/net/wireless/ath/ath11k/hal_rx.c | 3 +-
drivers/net/wireless/ath/ath12k/mac.c | 42 ++---
drivers/net/wireless/ath/wcn36xx/main.c | 5 +-
.../wireless/broadcom/brcm80211/brcmfmac/fwil.h | 2 +
drivers/net/wireless/intel/iwlwifi/fw/uefi.c | 44 +++--
drivers/net/wireless/intel/iwlwifi/mvm/coex.c | 9 +-
drivers/net/wireless/intel/iwlwifi/mvm/d3.c | 18 ---
drivers/net/wireless/intel/iwlwifi/mvm/tx.c | 4 +-
drivers/net/wireless/mediatek/mt76/mac80211.c | 2 +-
drivers/net/wireless/mediatek/mt76/mt7615/mcu.c | 2 +-
.../net/wireless/mediatek/mt76/mt76_connac_mcu.c | 2 +-
.../net/wireless/mediatek/mt76/mt76_connac_mcu.h | 1 +
drivers/net/wireless/mediatek/mt76/mt7915/init.c | 2 +-
drivers/net/wireless/mediatek/mt76/mt7915/mac.c | 7 +
drivers/net/wireless/mediatek/mt76/mt7915/main.c | 9 +-
drivers/net/wireless/mediatek/mt76/mt7915/mmio.c | 2 +-
drivers/net/wireless/mediatek/mt76/mt7915/mt7915.h | 1 +
drivers/net/wireless/mediatek/mt76/mt7915/pci.c | 1 +
drivers/net/wireless/mediatek/mt76/mt7921/mac.c | 1 +
drivers/net/wireless/mediatek/mt76/mt7921/main.c | 9 +-
drivers/net/wireless/mediatek/mt76/mt7925/mac.c | 6 +-
drivers/net/wireless/mediatek/mt76/mt7925/main.c | 109 +++++++++----
drivers/net/wireless/mediatek/mt76/mt7925/mcu.c | 142 +++++++++++------
drivers/net/wireless/mediatek/mt76/mt7925/mcu.h | 5 +-
drivers/net/wireless/mediatek/mt76/mt7925/mt7925.h | 2 +
drivers/net/wireless/mediatek/mt76/mt792x.h | 7 +-
drivers/net/wireless/mediatek/mt76/mt792x_core.c | 3 +-
drivers/net/wireless/mediatek/mt76/mt792x_mac.c | 2 +-
drivers/net/wireless/mediatek/mt76/mt7996/init.c | 20 +--
drivers/net/wireless/mediatek/mt76/mt7996/mac.c | 5 +-
drivers/net/wireless/mediatek/mt76/mt7996/main.c | 3 +-
drivers/net/wireless/mediatek/mt76/mt7996/mcu.c | 47 ++++--
drivers/net/wireless/mediatek/mt76/mt7996/mmio.c | 2 +-
drivers/net/wireless/mediatek/mt76/usb.c | 4 +-
drivers/net/wireless/microchip/wilc1000/netdev.c | 2 -
drivers/net/wireless/microchip/wilc1000/sdio.c | 9 +-
drivers/net/wireless/microchip/wilc1000/spi.c | 9 +-
drivers/net/wireless/realtek/rtlwifi/base.c | 13 +-
drivers/net/wireless/realtek/rtlwifi/base.h | 1 -
drivers/net/wireless/realtek/rtlwifi/pci.c | 61 ++-----
.../net/wireless/realtek/rtlwifi/rtl8192se/sw.c | 7 +-
.../net/wireless/realtek/rtlwifi/rtl8821ae/phy.c | 4 +-
drivers/net/wireless/realtek/rtlwifi/usb.c | 12 +-
drivers/net/wireless/realtek/rtlwifi/wifi.h | 12 --
drivers/net/wireless/realtek/rtw89/chan.c | 31 +++-
drivers/net/wireless/realtek/rtw89/chan.h | 9 +-
drivers/net/wireless/realtek/rtw89/core.c | 11 +-
drivers/net/wireless/realtek/rtw89/core.h | 3 +
drivers/net/wireless/realtek/rtw89/fw.c | 40 ++++-
drivers/net/wireless/realtek/rtw89/mac80211.c | 12 +-
drivers/net/wireless/ti/wlcore/main.c | 10 +-
drivers/nvme/host/core.c | 34 +++-
drivers/nvme/host/tcp.c | 70 ++++++--
drivers/of/fdt.c | 10 +-
drivers/of/of_reserved_mem.c | 3 +-
drivers/of/property.c | 2 +-
drivers/opp/core.c | 57 +++++--
drivers/opp/of.c | 4 +-
drivers/pci/controller/dwc/pci-imx6.c | 30 ++--
drivers/pci/controller/dwc/pcie-designware-host.c | 1 +
drivers/pci/controller/dwc/pcie-qcom.c | 2 +
drivers/pci/controller/pcie-rcar-ep.c | 2 +-
drivers/pci/controller/pcie-rockchip-ep.c | 5 +
drivers/pci/controller/plda/pcie-microchip-host.c | 96 +++++++++++
drivers/pci/controller/plda/pcie-plda-host.c | 17 +-
drivers/pci/controller/plda/pcie-plda.h | 6 +-
drivers/pci/endpoint/functions/pci-epf-test.c | 6 +-
drivers/pci/endpoint/pci-epc-core.c | 2 +-
drivers/pci/pcie/aspm.c | 35 +++-
drivers/phy/freescale/phy-fsl-samsung-hdmi.c | 30 ++--
drivers/pinctrl/nomadik/pinctrl-nomadik.c | 35 +++-
drivers/pinctrl/pinctrl-amd.c | 27 +++-
drivers/pinctrl/pinctrl-amd.h | 7 +-
drivers/pinctrl/samsung/pinctrl-exynos.c | 3 +-
drivers/pinctrl/stm32/pinctrl-stm32.c | 76 ++++-----
drivers/platform/mellanox/mlxbf-pmc.c | 6 +-
drivers/platform/x86/x86-android-tablets/core.c | 4 +-
drivers/platform/x86/x86-android-tablets/lenovo.c | 4 +-
drivers/platform/x86/x86-android-tablets/other.c | 4 +-
drivers/pps/clients/pps-gpio.c | 4 +-
drivers/pps/clients/pps-ktimer.c | 4 +-
drivers/pps/clients/pps-ldisc.c | 6 +-
drivers/pps/clients/pps_parport.c | 4 +-
drivers/pps/kapi.c | 10 +-
drivers/pps/kc.c | 10 +-
drivers/pps/pps.c | 127 ++++++++-------
drivers/ptp/ptp_chardev.c | 4 +
drivers/ptp/ptp_ocp.c | 2 +-
drivers/pwm/core.c | 13 +-
drivers/pwm/pwm-stm32-lp.c | 8 +-
drivers/pwm/pwm-stm32.c | 7 +-
drivers/regulator/core.c | 2 +-
drivers/regulator/of_regulator.c | 14 +-
drivers/remoteproc/mtk_scp.c | 12 +-
drivers/remoteproc/remoteproc_core.c | 14 +-
drivers/rtc/rtc-loongson.c | 13 +-
drivers/rtc/rtc-pcf85063.c | 11 +-
drivers/rtc/rtc-tps6594.c | 2 +-
drivers/s390/char/sclp.c | 12 +-
drivers/scsi/mpi3mr/mpi3mr_app.c | 8 +-
drivers/scsi/mpt3sas/mpt3sas_base.c | 3 +-
drivers/scsi/sd.c | 17 +-
drivers/scsi/sr.c | 5 +-
drivers/soc/atmel/soc.c | 2 +-
drivers/spi/spi-omap2-mcspi.c | 11 +-
drivers/spi/spi-zynq-qspi.c | 13 +-
drivers/staging/media/imx/imx-media-of.c | 8 +-
drivers/staging/media/max96712/max96712.c | 4 +-
drivers/tty/mips_ejtag_fdc.c | 4 +-
drivers/tty/serial/8250/8250_port.c | 32 +++-
drivers/ufs/core/ufs_bsg.c | 1 +
drivers/usb/dwc3/core.c | 35 ++--
drivers/usb/dwc3/dwc3-am62.c | 1 +
drivers/usb/gadget/function/f_tcm.c | 14 +-
drivers/usb/host/xhci-ring.c | 3 +-
drivers/usb/typec/tcpm/tcpci.c | 13 +-
drivers/usb/typec/tcpm/tcpm.c | 10 +-
drivers/video/fbdev/omap2/omapfb/dss/dss-of.c | 1 +
drivers/watchdog/rti_wdt.c | 1 +
fs/afs/dir.c | 7 +-
fs/afs/internal.h | 9 ++
fs/afs/rxrpc.c | 12 +-
fs/afs/xdr_fs.h | 2 +-
fs/afs/yfsclient.c | 5 +-
fs/btrfs/inode.c | 160 ++++++++++++++-----
fs/btrfs/qgroup.c | 21 ++-
fs/btrfs/subpage.c | 6 +-
fs/btrfs/subpage.h | 13 ++
fs/btrfs/super.c | 2 +-
fs/dlm/lock.c | 46 ++++--
fs/dlm/lowcomms.c | 3 +-
fs/erofs/zdata.c | 3 +-
fs/f2fs/dir.c | 53 ++++--
fs/f2fs/f2fs.h | 6 +-
fs/f2fs/inline.c | 5 +-
fs/file_table.c | 2 +-
fs/hostfs/hostfs_kern.c | 27 +---
fs/nfs/localio.c | 4 +-
fs/nfs/nfs42proc.c | 2 +-
fs/nfs/nfs42xdr.c | 2 +
fs/nfs_common/common.c | 89 +++++++++--
fs/nilfs2/dir.c | 13 +-
fs/nilfs2/namei.c | 29 ++--
fs/nilfs2/nilfs.h | 4 +-
fs/nilfs2/page.c | 31 +++-
fs/nilfs2/segment.c | 4 +-
fs/ocfs2/quota_global.c | 5 +
fs/pstore/blk.c | 4 +-
fs/select.c | 4 +-
fs/smb/client/cifsacl.c | 25 +--
fs/smb/client/cifsproto.h | 2 +-
fs/smb/client/cifssmb.c | 4 +-
fs/smb/client/readdir.c | 2 +-
fs/smb/client/reparse.c | 22 ++-
fs/smb/client/smb2ops.c | 3 +-
fs/ubifs/debug.c | 22 +--
fs/xfs/xfs_buf.c | 3 +-
fs/xfs/xfs_buf_item_recover.c | 11 +-
fs/xfs/xfs_dquot.c | 12 +-
fs/xfs/xfs_notify_failure.c | 121 +++++++++-----
fs/xfs/xfs_qm_bhv.c | 27 ++--
include/acpi/acpixf.h | 1 +
include/dt-bindings/clock/imx93-clock.h | 1 +
include/linux/alloc_tag.h | 11 +-
include/linux/blkdev.h | 23 +--
include/linux/btf.h | 5 +
include/linux/coredump.h | 4 +-
include/linux/hid.h | 1 +
include/linux/ieee80211.h | 11 +-
include/linux/kallsyms.h | 2 +-
include/linux/mroute_base.h | 6 +-
include/linux/netdevice.h | 2 +-
include/linux/nfs_common.h | 3 +-
include/linux/perf_event.h | 6 +
include/linux/pm.h | 1 +
include/linux/pps_kernel.h | 3 +-
include/linux/ptr_ring.h | 21 ++-
include/linux/pwm.h | 17 ++
include/linux/sched.h | 1 +
include/linux/skb_array.h | 17 +-
include/linux/usb/tcpm.h | 3 +-
include/net/ax25.h | 10 +-
include/net/inetpeer.h | 12 +-
include/net/netfilter/nf_tables.h | 6 +
include/net/page_pool/types.h | 1 -
include/net/pkt_cls.h | 13 +-
include/net/sch_generic.h | 5 +-
include/net/xfrm.h | 16 +-
include/sound/hdaudio_ext.h | 45 ------
include/trace/events/afs.h | 2 +
include/trace/events/rxrpc.h | 25 +++
io_uring/io_uring.c | 1 +
io_uring/msg_ring.c | 4 +-
io_uring/register.c | 2 +-
io_uring/uring_cmd.c | 2 +-
kernel/bpf/arena.c | 8 +-
kernel/bpf/bpf_local_storage.c | 8 +-
kernel/bpf/bpf_struct_ops.c | 21 +++
kernel/bpf/btf.c | 5 -
kernel/bpf/helpers.c | 18 ++-
kernel/events/core.c | 35 ++--
kernel/events/uprobes.c | 4 +
kernel/fork.c | 17 +-
kernel/irq/internals.h | 9 +-
kernel/module/main.c | 7 +-
kernel/padata.c | 45 ++++--
kernel/power/hibernate.c | 7 +-
kernel/printk/internal.h | 6 +
kernel/printk/printk.c | 5 +
kernel/printk/printk_safe.c | 7 +-
kernel/sched/core.c | 6 +-
kernel/sched/cpufreq_schedutil.c | 4 +-
kernel/sched/ext.c | 114 +++++++++----
kernel/sched/fair.c | 21 ++-
kernel/sched/features.h | 9 ++
kernel/sched/stats.h | 4 +
kernel/sched/syscalls.c | 2 +-
kernel/trace/bpf_trace.c | 13 +-
lib/alloc_tag.c | 2 +
lib/rhashtable.c | 12 +-
mm/memcontrol.c | 7 +-
mm/oom_kill.c | 8 +-
net/ax25/af_ax25.c | 12 +-
net/ax25/ax25_dev.c | 4 +-
net/ax25/ax25_ip.c | 3 +-
net/ax25/ax25_out.c | 22 ++-
net/ax25/ax25_route.c | 2 +
net/core/dev.c | 23 ++-
net/core/filter.c | 2 +-
net/core/page_pool.c | 2 +
net/core/page_pool_priv.h | 2 +
net/core/page_pool_user.c | 15 +-
net/core/sysctl_net_core.c | 5 +-
net/ethtool/ioctl.c | 2 +-
net/ethtool/netlink.c | 2 +-
net/hsr/hsr_forward.c | 7 +-
net/ipv4/icmp.c | 9 +-
net/ipv4/inetpeer.c | 31 +---
net/ipv4/ip_fragment.c | 15 +-
net/ipv4/ipmr.c | 28 ++--
net/ipv4/ipmr_base.c | 9 +-
net/ipv4/route.c | 17 +-
net/ipv4/tcp_cubic.c | 8 +-
net/ipv4/tcp_output.c | 9 +-
net/ipv4/udp.c | 56 +++++++
net/ipv6/icmp.c | 6 +-
net/ipv6/ip6_output.c | 6 +-
net/ipv6/ip6mr.c | 28 ++--
net/ipv6/ndisc.c | 8 +-
net/ipv6/udp.c | 50 ++++++
net/mac80211/debugfs_netdev.c | 2 +-
net/mac80211/driver-ops.h | 3 +
net/mac80211/rx.c | 1 +
net/mptcp/ctrl.c | 4 +-
net/mptcp/options.c | 13 +-
net/mptcp/pm_netlink.c | 3 +-
net/mptcp/protocol.c | 4 +-
net/mptcp/protocol.h | 30 ++--
net/ncsi/ncsi-rsp.c | 18 +--
net/netfilter/nf_tables_api.c | 57 ++++++-
net/netfilter/nft_flow_offload.c | 16 +-
net/netfilter/nft_set_rbtree.c | 43 +++++
net/rose/af_rose.c | 16 +-
net/rose/rose_timer.c | 15 ++
net/rxrpc/conn_event.c | 12 +-
net/rxrpc/peer_event.c | 16 +-
net/rxrpc/peer_object.c | 12 +-
net/sched/cls_api.c | 57 +++----
net/sched/cls_bpf.c | 2 +
net/sched/cls_flower.c | 2 +
net/sched/cls_matchall.c | 2 +
net/sched/cls_u32.c | 4 +
net/sched/sch_api.c | 4 +
net/sched/sch_generic.c | 4 +-
net/sched/sch_sfq.c | 4 +
net/smc/af_smc.c | 2 +-
net/smc/smc_rx.c | 37 +++--
net/smc/smc_rx.h | 8 +-
net/sunrpc/svcsock.c | 12 +-
net/vmw_vsock/af_vsock.c | 13 +-
net/wireless/scan.c | 7 +-
net/wireless/tests/scan.c | 2 +
net/xfrm/xfrm_replay.c | 10 +-
net/xfrm/xfrm_state.c | 93 ++++++++---
samples/landlock/sandboxer.c | 7 +
scripts/Makefile.build | 2 +
scripts/Makefile.lib | 10 +-
scripts/Makefile.modinst | 2 +-
scripts/genksyms/genksyms.c | 11 +-
scripts/genksyms/genksyms.h | 2 +-
scripts/genksyms/parse.y | 18 ++-
scripts/kconfig/confdata.c | 6 +-
scripts/kconfig/symbol.c | 1 +
security/landlock/fs.c | 11 +-
sound/core/seq/Kconfig | 4 +-
sound/pci/hda/patch_realtek.c | 1 +
sound/soc/amd/acp/acp-i2s.c | 1 +
sound/soc/codecs/Makefile | 8 +-
sound/soc/codecs/da7213.c | 2 +
sound/soc/intel/avs/apl.c | 3 +-
sound/soc/intel/avs/cnl.c | 1 +
sound/soc/intel/avs/core.c | 14 +-
sound/soc/intel/avs/loader.c | 2 +-
sound/soc/intel/avs/registers.h | 45 ++++++
sound/soc/intel/avs/skl.c | 1 +
sound/soc/intel/avs/topology.c | 4 +-
sound/soc/intel/boards/sof_sdw.c | 47 ++++--
sound/soc/mediatek/mt8365/Makefile | 2 +-
sound/soc/renesas/rz-ssi.c | 3 +-
sound/soc/rockchip/rockchip_i2s_tdm.c | 31 +++-
sound/soc/sdca/Makefile | 2 +-
sound/soc/sunxi/sun4i-spdif.c | 7 +
sound/usb/quirks.c | 2 +
tools/bootconfig/main.c | 4 +-
tools/build/Makefile.feature | 7 -
tools/build/feature/test-all.c | 5 -
tools/include/uapi/linux/if_xdp.h | 4 +-
tools/lib/bpf/btf.c | 1 +
tools/lib/bpf/btf_relocate.c | 2 +-
tools/lib/bpf/linker.c | 22 +--
tools/lib/bpf/usdt.c | 2 +-
tools/net/ynl/lib/ynl.c | 2 +-
tools/perf/MANIFEST | 1 +
tools/perf/Makefile.config | 83 ++++++----
tools/perf/builtin-inject.c | 8 +-
tools/perf/builtin-lock.c | 66 +++++---
tools/perf/builtin-report.c | 2 +-
tools/perf/builtin-top.c | 2 +-
tools/perf/builtin-trace.c | 6 +-
.../perf/tests/shell/lib/perf_json_output_lint.py | 14 +-
tools/perf/tests/shell/stat.sh | 6 +-
tools/perf/tests/shell/trace_btf_enum.sh | 8 +-
tools/perf/util/annotate.c | 76 ++++++++-
tools/perf/util/annotate.h | 15 +-
tools/perf/util/bpf-event.c | 10 +-
.../util/bpf_skel/augmented_raw_syscalls.bpf.c | 11 +-
tools/perf/util/disasm.c | 83 ++--------
tools/perf/util/env.c | 13 +-
tools/perf/util/env.h | 4 +-
tools/perf/util/expr.c | 5 +-
tools/perf/util/header.c | 8 +-
tools/perf/util/machine.c | 2 +-
tools/perf/util/maps.c | 7 +-
tools/perf/util/namespaces.c | 7 +-
tools/perf/util/namespaces.h | 3 +-
tools/perf/util/stat-display.c | 177 +++++++++++----------
tools/perf/util/symbol.c | 9 +-
.../cpupower/utils/idle_monitor/mperf_monitor.c | 15 +-
tools/power/x86/turbostat/turbostat.c | 58 ++++++-
tools/testing/ktest/ktest.pl | 7 +-
tools/testing/selftests/bpf/Makefile | 4 +-
.../testing/selftests/bpf/prog_tests/btf_distill.c | 4 +-
.../selftests/bpf/prog_tests/fill_link_info.c | 4 +
.../selftests/bpf/progs/test_fill_link_info.c | 13 +-
tools/testing/selftests/bpf/test_tc_tunnel.sh | 1 +
tools/testing/selftests/bpf/veristat.c | 1 +
tools/testing/selftests/bpf/xdp_hw_metadata.c | 2 +-
.../drivers/net/netdevsim/udp_tunnel_nic.sh | 16 +-
.../ftrace/test.d/00basic/mount_options.tc | 8 +-
tools/testing/selftests/kselftest/ktap_helpers.sh | 2 +-
tools/testing/selftests/kselftest_harness.h | 24 +--
tools/testing/selftests/landlock/Makefile | 4 +-
tools/testing/selftests/landlock/fs_test.c | 3 +-
tools/testing/selftests/mm/Makefile | 9 +-
tools/testing/selftests/net/lib/Makefile | 2 +-
tools/testing/selftests/net/mptcp/Makefile | 2 +-
tools/testing/selftests/net/openvswitch/Makefile | 2 +-
.../selftests/powerpc/benchmarks/gettimeofday.c | 2 +-
tools/testing/selftests/rseq/rseq.c | 32 +++-
tools/testing/selftests/rseq/rseq.h | 9 +-
.../testing/selftests/timers/clocksource-switch.c | 6 +-
703 files changed, 5738 insertions(+), 3278 deletions(-)
4 months, 1 week
- 16
- 642
Re: Patch "hostfs: convert hostfs to use the new mount API" has been added to the 6.6-stable tree
by Hongbo Li
On 2025/2/4 0:27, Sasha Levin wrote:
> This is a note to let you know that I've just added the patch titled
>
> hostfs: convert hostfs to use the new mount API
>
> to the 6.6-stable tree which can be found at:
> http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum…
>
Hi Sasha,
If this, the fix : ef9ca17ca458 ("hostfs: fix the host directory parse
when mounting.") also should be added. It fixes the mounting bug when
pass the host directory.
Thanks,
Hongbo
> The filename of the patch is:
> hostfs-convert-hostfs-to-use-the-new-mount-api.patch
> and it can be found in the queue-6.6 subdirectory.
>
> If you, or anyone else, feels it should not be added to the stable tree,
> please let <stable(a)vger.kernel.org> know about it.
>
>
>
> commit 6f2433956e6ade80d59bd673d4062ec2c1bacc3e
> Author: Hongbo Li <lihongbo22(a)huawei.com>
> Date: Thu May 30 20:01:11 2024 +0800
>
> hostfs: convert hostfs to use the new mount API
>
> [ Upstream commit cd140ce9f611a5e9d2a5989a282b75e55c71dab3 ]
>
> Convert the hostfs filesystem to the new internal mount API as the old
> one will be obsoleted and removed. This allows greater flexibility in
> communication of mount parameters between userspace, the VFS and the
> filesystem.
>
> See Documentation/filesystems/mount_api.txt for more information.
>
> Signed-off-by: Hongbo Li <lihongbo22(a)huawei.com>
> Link: https://lore.kernel.org/r/20240530120111.3794664-1-lihongbo22@huawei.com
> Signed-off-by: Christian Brauner <brauner(a)kernel.org>
> Stable-dep-of: 60a600243244 ("hostfs: fix string handling in __dentry_name()")
> Signed-off-by: Sasha Levin <sashal(a)kernel.org>
>
> diff --git a/fs/hostfs/hostfs_kern.c b/fs/hostfs/hostfs_kern.c
> index ff201753fd181..1fb8eacb9817f 100644
> --- a/fs/hostfs/hostfs_kern.c
> +++ b/fs/hostfs/hostfs_kern.c
> @@ -16,11 +16,16 @@
> #include <linux/seq_file.h>
> #include <linux/writeback.h>
> #include <linux/mount.h>
> +#include <linux/fs_context.h>
> #include <linux/namei.h>
> #include "hostfs.h"
> #include <init.h>
> #include <kern.h>
>
> +struct hostfs_fs_info {
> + char *host_root_path;
> +};
> +
> struct hostfs_inode_info {
> int fd;
> fmode_t mode;
> @@ -90,8 +95,10 @@ static char *__dentry_name(struct dentry *dentry, char *name)
> char *p = dentry_path_raw(dentry, name, PATH_MAX);
> char *root;
> size_t len;
> + struct hostfs_fs_info *fsi;
>
> - root = dentry->d_sb->s_fs_info;
> + fsi = dentry->d_sb->s_fs_info;
> + root = fsi->host_root_path;
> len = strlen(root);
> if (IS_ERR(p)) {
> __putname(name);
> @@ -196,8 +203,10 @@ static int hostfs_statfs(struct dentry *dentry, struct kstatfs *sf)
> long long f_bavail;
> long long f_files;
> long long f_ffree;
> + struct hostfs_fs_info *fsi;
>
> - err = do_statfs(dentry->d_sb->s_fs_info,
> + fsi = dentry->d_sb->s_fs_info;
> + err = do_statfs(fsi->host_root_path,
> &sf->f_bsize, &f_blocks, &f_bfree, &f_bavail, &f_files,
> &f_ffree, &sf->f_fsid, sizeof(sf->f_fsid),
> &sf->f_namelen);
> @@ -245,7 +254,11 @@ static void hostfs_free_inode(struct inode *inode)
>
> static int hostfs_show_options(struct seq_file *seq, struct dentry *root)
> {
> - const char *root_path = root->d_sb->s_fs_info;
> + struct hostfs_fs_info *fsi;
> + const char *root_path;
> +
> + fsi = root->d_sb->s_fs_info;
> + root_path = fsi->host_root_path;
> size_t offset = strlen(root_ino) + 1;
>
> if (strlen(root_path) > offset)
> @@ -924,10 +937,11 @@ static const struct inode_operations hostfs_link_iops = {
> .get_link = hostfs_get_link,
> };
>
> -static int hostfs_fill_sb_common(struct super_block *sb, void *d, int silent)
> +static int hostfs_fill_super(struct super_block *sb, struct fs_context *fc)
> {
> + struct hostfs_fs_info *fsi = sb->s_fs_info;
> struct inode *root_inode;
> - char *host_root_path, *req_root = d;
> + char *host_root = fc->source;
> int err;
>
> sb->s_blocksize = 1024;
> @@ -941,15 +955,15 @@ static int hostfs_fill_sb_common(struct super_block *sb, void *d, int silent)
> return err;
>
> /* NULL is printed as '(null)' by printf(): avoid that. */
> - if (req_root == NULL)
> - req_root = "";
> + if (fc->source == NULL)
> + host_root = "";
>
> - sb->s_fs_info = host_root_path =
> - kasprintf(GFP_KERNEL, "%s/%s", root_ino, req_root);
> - if (host_root_path == NULL)
> + fsi->host_root_path =
> + kasprintf(GFP_KERNEL, "%s/%s", root_ino, host_root);
> + if (fsi->host_root_path == NULL)
> return -ENOMEM;
>
> - root_inode = hostfs_iget(sb, host_root_path);
> + root_inode = hostfs_iget(sb, fsi->host_root_path);
> if (IS_ERR(root_inode))
> return PTR_ERR(root_inode);
>
> @@ -957,7 +971,7 @@ static int hostfs_fill_sb_common(struct super_block *sb, void *d, int silent)
> char *name;
>
> iput(root_inode);
> - name = follow_link(host_root_path);
> + name = follow_link(fsi->host_root_path);
> if (IS_ERR(name))
> return PTR_ERR(name);
>
> @@ -974,11 +988,38 @@ static int hostfs_fill_sb_common(struct super_block *sb, void *d, int silent)
> return 0;
> }
>
> -static struct dentry *hostfs_read_sb(struct file_system_type *type,
> - int flags, const char *dev_name,
> - void *data)
> +static int hostfs_fc_get_tree(struct fs_context *fc)
> {
> - return mount_nodev(type, flags, data, hostfs_fill_sb_common);
> + return get_tree_nodev(fc, hostfs_fill_super);
> +}
> +
> +static void hostfs_fc_free(struct fs_context *fc)
> +{
> + struct hostfs_fs_info *fsi = fc->s_fs_info;
> +
> + if (!fsi)
> + return;
> +
> + kfree(fsi->host_root_path);
> + kfree(fsi);
> +}
> +
> +static const struct fs_context_operations hostfs_context_ops = {
> + .get_tree = hostfs_fc_get_tree,
> + .free = hostfs_fc_free,
> +};
> +
> +static int hostfs_init_fs_context(struct fs_context *fc)
> +{
> + struct hostfs_fs_info *fsi;
> +
> + fsi = kzalloc(sizeof(*fsi), GFP_KERNEL);
> + if (!fsi)
> + return -ENOMEM;
> +
> + fc->s_fs_info = fsi;
> + fc->ops = &hostfs_context_ops;
> + return 0;
> }
>
> static void hostfs_kill_sb(struct super_block *s)
> @@ -988,11 +1029,11 @@ static void hostfs_kill_sb(struct super_block *s)
> }
>
> static struct file_system_type hostfs_type = {
> - .owner = THIS_MODULE,
> - .name = "hostfs",
> - .mount = hostfs_read_sb,
> - .kill_sb = hostfs_kill_sb,
> - .fs_flags = 0,
> + .owner = THIS_MODULE,
> + .name = "hostfs",
> + .init_fs_context = hostfs_init_fs_context,
> + .kill_sb = hostfs_kill_sb,
> + .fs_flags = 0,
> };
> MODULE_ALIAS_FS("hostfs");
>
4 months, 1 week
- 2
- 5
[PATCH v2] mtd: Add check and kfree() for kcalloc()
by Jiasheng Jiang
Add a check for kcalloc() to ensure successful allocation.
Moreover, add kfree() in the error-handling path to prevent memory leaks.
Fixes: 78c08247b9d3 ("mtd: Support kmsg dumper based on pstore/blk")
Cc: <stable(a)vger.kernel.org> # v5.10+
Signed-off-by: Jiasheng Jiang <jiashengjiangcool(a)gmail.com>
---
Changelog:
v1 -> v2:
1. Remove redundant logging.
2. Add kfree() in the error-handling path.
---
drivers/mtd/mtdpstore.c | 19 ++++++++++++++++++-
1 file changed, 18 insertions(+), 1 deletion(-)
diff --git a/drivers/mtd/mtdpstore.c b/drivers/mtd/mtdpstore.c
index 7ac8ac901306..2d8e330dd215 100644
--- a/drivers/mtd/mtdpstore.c
+++ b/drivers/mtd/mtdpstore.c
@@ -418,10 +418,17 @@ static void mtdpstore_notify_add(struct mtd_info *mtd)
longcnt = BITS_TO_LONGS(div_u64(mtd->size, info->kmsg_size));
cxt->rmmap = kcalloc(longcnt, sizeof(long), GFP_KERNEL);
+ if (!cxt->rmmap)
+ goto end;
+
cxt->usedmap = kcalloc(longcnt, sizeof(long), GFP_KERNEL);
+ if (!cxt->usedmap)
+ goto free_rmmap;
longcnt = BITS_TO_LONGS(div_u64(mtd->size, mtd->erasesize));
cxt->badmap = kcalloc(longcnt, sizeof(long), GFP_KERNEL);
+ if (!cxt->badmap)
+ goto free_usedmap;
/* just support dmesg right now */
cxt->dev.flags = PSTORE_FLAGS_DMESG;
@@ -435,10 +442,20 @@ static void mtdpstore_notify_add(struct mtd_info *mtd)
if (ret) {
dev_err(&mtd->dev, "mtd%d register to psblk failed\n",
mtd->index);
- return;
+ goto free_badmap;
}
cxt->mtd = mtd;
dev_info(&mtd->dev, "Attached to MTD device %d\n", mtd->index);
+ goto end;
+
+free_badmap:
+ kfree(cxt->badmap);
+free_usedmap:
+ kfree(cxt->usedmap);
+free_rmmap:
+ kfree(cxt->rmmap);
+end:
+ return;
}
static int mtdpstore_flush_removed_do(struct mtdpstore_context *cxt,
--
2.25.1
4 months, 1 week
- 4
- 9
[PATCH RFC] soc: qcom: pmic_glink: Fix device access from worker during suspend
by Abel Vesa
The pmic_glink_altmode_worker() currently gets scheduled on the system_wq.
When the system is suspended (s2idle), the fact that the worker can be
scheduled to run while devices are still suspended provesto be a problem
when a Type-C retimer, switch or mux that is controlled over a bus like
I2C, because the I2C controller is suspended.
This has been proven to be the case on the X Elite boards where such
retimers (ParadeTech PS8830) are used in order to handle Type-C
orientation and altmode configuration. The following warning is thrown:
[ 35.134876] i2c i2c-4: Transfer while suspended
[ 35.143865] WARNING: CPU: 0 PID: 99 at drivers/i2c/i2c-core.h:56 __i2c_transfer+0xb4/0x57c [i2c_core]
[ 35.352879] Workqueue: events pmic_glink_altmode_worker [pmic_glink_altmode]
[ 35.360179] pstate: 61400005 (nZCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)
[ 35.455242] Call trace:
[ 35.457826] __i2c_transfer+0xb4/0x57c [i2c_core] (P)
[ 35.463086] i2c_transfer+0x98/0xf0 [i2c_core]
[ 35.467713] i2c_transfer_buffer_flags+0x54/0x88 [i2c_core]
[ 35.473502] regmap_i2c_write+0x20/0x48 [regmap_i2c]
[ 35.478659] _regmap_raw_write_impl+0x780/0x944
[ 35.483401] _regmap_bus_raw_write+0x60/0x7c
[ 35.487848] _regmap_write+0x134/0x184
[ 35.491773] regmap_write+0x54/0x78
[ 35.495418] ps883x_set+0x58/0xec [ps883x]
[ 35.499688] ps883x_sw_set+0x60/0x84 [ps883x]
[ 35.504223] typec_switch_set+0x48/0x74 [typec]
[ 35.508952] pmic_glink_altmode_worker+0x44/0x1fc [pmic_glink_altmode]
[ 35.515712] process_scheduled_works+0x1a0/0x2d0
[ 35.520525] worker_thread+0x2a8/0x3c8
[ 35.524449] kthread+0xfc/0x184
[ 35.527749] ret_from_fork+0x10/0x20
The solution here is to schedule the altmode worker on the system_freezable_wq
instead of the system_wq. This will result in the altmode worker not being
scheduled to run until the devices are resumed first, which will give the
controllers like I2C a chance to resume before the transfer is requested.
Fixes: 080b4e24852b ("soc: qcom: pmic_glink: Introduce altmode support")
Cc: stable(a)vger.kernel.org # 6.3
Signed-off-by: Abel Vesa <abel.vesa(a)linaro.org>
---
drivers/soc/qcom/pmic_glink_altmode.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/soc/qcom/pmic_glink_altmode.c b/drivers/soc/qcom/pmic_glink_altmode.c
index bd06ce16180411059e9efb14d9aeccda27744280..bde129aa7d90a39becaa720376c0539bcaa492fb 100644
--- a/drivers/soc/qcom/pmic_glink_altmode.c
+++ b/drivers/soc/qcom/pmic_glink_altmode.c
@@ -295,7 +295,7 @@ static void pmic_glink_altmode_sc8180xp_notify(struct pmic_glink_altmode *altmod
alt_port->mode = mode;
alt_port->hpd_state = hpd_state;
alt_port->hpd_irq = hpd_irq;
- schedule_work(&alt_port->work);
+ queue_work(system_freezable_wq, &alt_port->work);
}
#define SC8280XP_DPAM_MASK 0x3f
@@ -338,7 +338,7 @@ static void pmic_glink_altmode_sc8280xp_notify(struct pmic_glink_altmode *altmod
alt_port->mode = mode;
alt_port->hpd_state = hpd_state;
alt_port->hpd_irq = hpd_irq;
- schedule_work(&alt_port->work);
+ queue_work(system_freezable_wq, &alt_port->work);
}
static void pmic_glink_altmode_callback(const void *data, size_t len, void *priv)
---
base-commit: 2b88851f583d3c4e40bcd40cfe1965241ec229dd
change-id: 20250110-soc-qcom-pmic-glink-fix-device-access-on-worker-while-suspended-af54c5e43ed6
Best regards,
--
Abel Vesa <abel.vesa(a)linaro.org>
4 months, 1 week
- 5
- 9
[PATCH v2 0/3] mtd: rawnand: cadence: improvement and fixes
by niravkumar.l.rabara@intel.com
From: Niravkumar L Rabara <niravkumar.l.rabara(a)intel.com>
This patchset introduces improvements and fixes for cadence nand driver.
The changes include:
1. Support deferred prob mechanism when DMA driver is not probed yet.
2. Map the slave DMA address using dma_map_resource. When ARM SMMU
is enabled, using a direct physical address of SDMA results in
DMA transaction failure.
3. Fixed the incorrect device context used for dma_unmap_single.
v2 changes:-
- Added the missing Fixes and Cc: stable tags to the patches.
Niravkumar L Rabara (3):
mtd: rawnand: cadence: support deferred prob when DMA is not ready
mtd: rawnand: cadence: use dma_map_resource for sdma address
mtd: rawnand: cadence: fix incorrect dev context in dma_unmap_single
.../mtd/nand/raw/cadence-nand-controller.c | 35 +++++++++++++++----
1 file changed, 28 insertions(+), 7 deletions(-)
--
2.25.1
4 months, 1 week
- 3
- 22
[PATCH v2] serial: 8250: Fix fifo underflow on flush
by John Keeping
When flushing the serial port's buffer, uart_flush_buffer() calls
kfifo_reset() but if there is an outstanding DMA transfer then the
completion function will consume data from the kfifo via
uart_xmit_advance(), underflowing and leading to ongoing DMA as the
driver tries to transmit another 2^32 bytes.
This is readily reproduced with serial-generic and amidi sending even
short messages as closing the device on exit will wait for the fifo to
drain and in the underflow case amidi hangs for 30 seconds on exit in
tty_wait_until_sent(). A trace of that gives:
kworker/1:1-84 [001] 51.769423: bprint: serial8250_tx_dma: tx_size=3 fifo_len=3
amidi-763 [001] 51.769460: bprint: uart_flush_buffer: resetting fifo
irq/21-fe530000-76 [000] 51.769474: bprint: __dma_tx_complete: tx_size=3
irq/21-fe530000-76 [000] 51.769479: bprint: serial8250_tx_dma: tx_size=4096 fifo_len=4294967293
irq/21-fe530000-76 [000] 51.781295: bprint: __dma_tx_complete: tx_size=4096
irq/21-fe530000-76 [000] 51.781301: bprint: serial8250_tx_dma: tx_size=4096 fifo_len=4294963197
irq/21-fe530000-76 [000] 51.793131: bprint: __dma_tx_complete: tx_size=4096
irq/21-fe530000-76 [000] 51.793135: bprint: serial8250_tx_dma: tx_size=4096 fifo_len=4294959101
irq/21-fe530000-76 [000] 51.804949: bprint: __dma_tx_complete: tx_size=4096
Since the port lock is held in when the kfifo is reset in
uart_flush_buffer() and in __dma_tx_complete(), adding a flush_buffer
hook to adjust the outstanding DMA byte count is sufficient to avoid the
kfifo underflow.
Fixes: 9ee4b83e51f74 ("serial: 8250: Add support for dmaengine")
Cc: stable(a)vger.kernel.org
Signed-off-by: John Keeping <jkeeping(a)inmusicbrands.com>
---
Changes in v2:
- Add Fixes: tag
- Return early to reduce indentation in serial8250_tx_dma_flush()
drivers/tty/serial/8250/8250.h | 1 +
drivers/tty/serial/8250/8250_dma.c | 16 ++++++++++++++++
drivers/tty/serial/8250/8250_port.c | 9 +++++++++
3 files changed, 26 insertions(+)
diff --git a/drivers/tty/serial/8250/8250.h b/drivers/tty/serial/8250/8250.h
index 11e05aa014e54..8ef45622e4363 100644
--- a/drivers/tty/serial/8250/8250.h
+++ b/drivers/tty/serial/8250/8250.h
@@ -374,6 +374,7 @@ static inline int is_omap1510_8250(struct uart_8250_port *pt)
#ifdef CONFIG_SERIAL_8250_DMA
extern int serial8250_tx_dma(struct uart_8250_port *);
+extern void serial8250_tx_dma_flush(struct uart_8250_port *);
extern int serial8250_rx_dma(struct uart_8250_port *);
extern void serial8250_rx_dma_flush(struct uart_8250_port *);
extern int serial8250_request_dma(struct uart_8250_port *);
diff --git a/drivers/tty/serial/8250/8250_dma.c b/drivers/tty/serial/8250/8250_dma.c
index d215c494ee24c..f245a84f4a508 100644
--- a/drivers/tty/serial/8250/8250_dma.c
+++ b/drivers/tty/serial/8250/8250_dma.c
@@ -149,6 +149,22 @@ int serial8250_tx_dma(struct uart_8250_port *p)
return ret;
}
+void serial8250_tx_dma_flush(struct uart_8250_port *p)
+{
+ struct uart_8250_dma *dma = p->dma;
+
+ if (!dma->tx_running)
+ return;
+
+ /*
+ * kfifo_reset() has been called by the serial core, avoid
+ * advancing and underflowing in __dma_tx_complete().
+ */
+ dma->tx_size = 0;
+
+ dmaengine_terminate_async(dma->rxchan);
+}
+
int serial8250_rx_dma(struct uart_8250_port *p)
{
struct uart_8250_dma *dma = p->dma;
diff --git a/drivers/tty/serial/8250/8250_port.c b/drivers/tty/serial/8250/8250_port.c
index d7976a21cca9c..442967a6cd52d 100644
--- a/drivers/tty/serial/8250/8250_port.c
+++ b/drivers/tty/serial/8250/8250_port.c
@@ -2555,6 +2555,14 @@ static void serial8250_shutdown(struct uart_port *port)
serial8250_do_shutdown(port);
}
+static void serial8250_flush_buffer(struct uart_port *port)
+{
+ struct uart_8250_port *up = up_to_u8250p(port);
+
+ if (up->dma)
+ serial8250_tx_dma_flush(up);
+}
+
static unsigned int serial8250_do_get_divisor(struct uart_port *port,
unsigned int baud,
unsigned int *frac)
@@ -3244,6 +3252,7 @@ static const struct uart_ops serial8250_pops = {
.break_ctl = serial8250_break_ctl,
.startup = serial8250_startup,
.shutdown = serial8250_shutdown,
+ .flush_buffer = serial8250_flush_buffer,
.set_termios = serial8250_set_termios,
.set_ldisc = serial8250_set_ldisc,
.pm = serial8250_pm,
--
2.48.1
4 months, 1 week
- 2
- 1
[PATCH v3] arm64: Handle .ARM.attributes section in linker scripts
by Nathan Chancellor
A recent LLVM commit [1] started generating an .ARM.attributes section
similar to the one that exists for 32-bit, which results in orphan
section warnings (or errors if CONFIG_WERROR is enabled) from the linker
because it is not handled in the arm64 linker scripts.
ld.lld: error: arch/arm64/kernel/vdso/vgettimeofday.o:(.ARM.attributes) is being placed in '.ARM.attributes'
ld.lld: error: arch/arm64/kernel/vdso/vgetrandom.o:(.ARM.attributes) is being placed in '.ARM.attributes'
ld.lld: error: vmlinux.a(lib/vsprintf.o):(.ARM.attributes) is being placed in '.ARM.attributes'
ld.lld: error: vmlinux.a(lib/win_minmax.o):(.ARM.attributes) is being placed in '.ARM.attributes'
ld.lld: error: vmlinux.a(lib/xarray.o):(.ARM.attributes) is being placed in '.ARM.attributes'
Discard the new sections in the necessary linker scripts to resolve the
warnings, as the kernel and vDSO do not need to retain it, similar to
the .note.gnu.property section.
Cc: stable(a)vger.kernel.org
Fixes: b3e5d80d0c48 ("arm64/build: Warn on orphan section placement")
Link: https://github.com/llvm/llvm-project/commit/ee99c4d4845db66c4daa2373352133f… [1]
Signed-off-by: Nathan Chancellor <nathan(a)kernel.org>
---
Changes in v3:
- Update location of section discard in vDSO to align with
.note.gnu.property discard since the sectionss are similar in
nature (Will).
- Link to v2: https://lore.kernel.org/r/20250204-arm64-handle-arm-attributes-in-linker-sc…
Changes in v2:
- Discard the section instead of adding it to the final artifacts to
mirror the .note.gnu.property section handling (Will).
- Link to v1: https://lore.kernel.org/r/20250124-arm64-handle-arm-attributes-in-linker-sc…
---
arch/arm64/kernel/vdso/vdso.lds.S | 1 +
arch/arm64/kernel/vmlinux.lds.S | 1 +
2 files changed, 2 insertions(+)
diff --git a/arch/arm64/kernel/vdso/vdso.lds.S b/arch/arm64/kernel/vdso/vdso.lds.S
index 4ec32e86a8da..47ad6944f9f0 100644
--- a/arch/arm64/kernel/vdso/vdso.lds.S
+++ b/arch/arm64/kernel/vdso/vdso.lds.S
@@ -41,6 +41,7 @@ SECTIONS
*/
/DISCARD/ : {
*(.note.GNU-stack .note.gnu.property)
+ *(.ARM.attributes)
}
.note : { *(.note.*) } :text :note
diff --git a/arch/arm64/kernel/vmlinux.lds.S b/arch/arm64/kernel/vmlinux.lds.S
index f84c71f04d9e..e73326bd3ff7 100644
--- a/arch/arm64/kernel/vmlinux.lds.S
+++ b/arch/arm64/kernel/vmlinux.lds.S
@@ -162,6 +162,7 @@ SECTIONS
/DISCARD/ : {
*(.interp .dynamic)
*(.dynsym .dynstr .hash .gnu.hash)
+ *(.ARM.attributes)
}
. = KIMAGE_VADDR;
---
base-commit: 1dd3393696efba1598aa7692939bba99d0cffae3
change-id: 20250123-arm64-handle-arm-attributes-in-linker-script-82aee25313ac
Best regards,
--
Nathan Chancellor <nathan(a)kernel.org>
4 months, 1 week
- 2
- 1
[PATCH v1 13/16] mm: Don't skip arch_sync_kernel_mappings() in error paths
by Ryan Roberts
Fix callers that previously skipped calling arch_sync_kernel_mappings()
if an error occurred during a pgtable update. The call is still required
to sync any pgtable updates that may have occurred prior to hitting the
error condition.
These are theoretical bugs discovered during code review.
Cc: <stable(a)vger.kernel.org>
Fixes: 2ba3e6947aed ("mm/vmalloc: track which page-table levels were modified")
Fixes: 0c95cba49255 ("mm: apply_to_pte_range warn and fail if a large pte is encountered")
Signed-off-by: Ryan Roberts <ryan.roberts(a)arm.com>
---
mm/memory.c | 6 ++++--
mm/vmalloc.c | 4 ++--
2 files changed, 6 insertions(+), 4 deletions(-)
diff --git a/mm/memory.c b/mm/memory.c
index 539c0f7c6d54..a15f7dd500ea 100644
--- a/mm/memory.c
+++ b/mm/memory.c
@@ -3040,8 +3040,10 @@ static int __apply_to_page_range(struct mm_struct *mm, unsigned long addr,
next = pgd_addr_end(addr, end);
if (pgd_none(*pgd) && !create)
continue;
- if (WARN_ON_ONCE(pgd_leaf(*pgd)))
- return -EINVAL;
+ if (WARN_ON_ONCE(pgd_leaf(*pgd))) {
+ err = -EINVAL;
+ break;
+ }
if (!pgd_none(*pgd) && WARN_ON_ONCE(pgd_bad(*pgd))) {
if (!create)
continue;
diff --git a/mm/vmalloc.c b/mm/vmalloc.c
index 6111ce900ec4..68950b1824d0 100644
--- a/mm/vmalloc.c
+++ b/mm/vmalloc.c
@@ -604,13 +604,13 @@ static int vmap_small_pages_range_noflush(unsigned long addr, unsigned long end,
mask |= PGTBL_PGD_MODIFIED;
err = vmap_pages_p4d_range(pgd, addr, next, prot, pages, &nr, &mask);
if (err)
- return err;
+ break;
} while (pgd++, addr = next, addr != end);
if (mask & ARCH_PAGE_TABLE_SYNC_MASK)
arch_sync_kernel_mappings(start, end);
- return 0;
+ return err;
}
/*
--
2.43.0
4 months, 1 week
- 2
- 1
[PATCH] pidfs: improve ioctl handling
by Christian Brauner
Pidfs supports extensible and non-extensible ioctls. The extensible
ioctls need to check for the ioctl number itself not just the ioctl
command otherwise both backward- and forward compatibility are broken.
The pidfs ioctl handler also needs to look at the type of the ioctl
command to guard against cases where "[...] a daemon receives some
random file descriptor from a (potentially less privileged) client and
expects the FD to be of some specific type, it might call ioctl() on
this FD with some type-specific command and expect the call to fail if
the FD is of the wrong type; but due to the missing type check, the
kernel instead performs some action that userspace didn't expect."
(cf. [1]]
Reported-by: Jann Horn <jannh(a)google.com>
Cc: stable(a)vger.kernel.org # v6.13
Fixes: https://lore.kernel.org/r/CAG48ez2K9A5GwtgqO31u9ZL292we8ZwAA=TJwwEv7wRuJ3j4… [1]
Signed-off-by: Christian Brauner <brauner(a)kernel.org>
---
Hey,
Jann reported that the pidfs extensible ioctl checking has two issues:
(1) We check for the ioctl command, not the number breaking forward and
backward compatibility.
(2) We don't verify the type encoded in the ioctl to guard against
ioctl number collisions.
This adresses both.
Greg, when this patch (or a version thereof) lands upstream then it
needs to please be backported to v6.13 together with the already
upstream commit 8ce352818820 ("pidfs: check for valid ioctl commands").
Christian
---
fs/pidfs.c | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/fs/pidfs.c b/fs/pidfs.c
index 049352f973de..63f9699ebac3 100644
--- a/fs/pidfs.c
+++ b/fs/pidfs.c
@@ -287,7 +287,6 @@ static bool pidfs_ioctl_valid(unsigned int cmd)
switch (cmd) {
case FS_IOC_GETVERSION:
case PIDFD_GET_CGROUP_NAMESPACE:
- case PIDFD_GET_INFO:
case PIDFD_GET_IPC_NAMESPACE:
case PIDFD_GET_MNT_NAMESPACE:
case PIDFD_GET_NET_NAMESPACE:
@@ -300,6 +299,17 @@ static bool pidfs_ioctl_valid(unsigned int cmd)
return true;
}
+ /* Extensible ioctls require some more careful checks. */
+ switch (_IOC_NR(cmd)) {
+ case _IOC_NR(PIDFD_GET_INFO):
+ /*
+ * Try to prevent performing a pidfd ioctl when someone
+ * erronously mistook the file descriptor for a pidfd.
+ * This is not perfect but will catch most cases.
+ */
+ return (_IOC_TYPE(cmd) == _IOC_TYPE(PIDFD_GET_INFO));
+ }
+
return false;
}
---
base-commit: 6470d2c6d4233a781c67f842d3c066bf1cfa4fdc
change-id: 20250204-work-pidfs-ioctl-6ef79a65e36b
4 months, 1 week
- 4
- 4
[PATCH 4/4] batman-adv: Fix incorrect offset in batadv_tt_tvlv_ogm_handler_v1()
by Simon Wunderlich
From: Remi Pommarel <repk(a)triplefau.lt>
Since commit 4436df478860 ("batman-adv: Add flex array to struct
batadv_tvlv_tt_data"), the introduction of batadv_tvlv_tt_data's flex
array member in batadv_tt_tvlv_ogm_handler_v1() put tt_changes at
invalid offset. Those TT changes are supposed to be filled from the end
of batadv_tvlv_tt_data structure (including vlan_data flexible array),
but only the flex array size is taken into account missing completely
the size of the fixed part of the structure itself.
Fix the tt_change offset computation by using struct_size() instead of
flex_array_size() so both flex array member and its container structure
sizes are taken into account.
Cc: stable(a)vger.kernel.org
Fixes: 4436df478860 ("batman-adv: Add flex array to struct batadv_tvlv_tt_data")
Signed-off-by: Remi Pommarel <repk(a)triplefau.lt>
Signed-off-by: Sven Eckelmann <sven(a)narfation.org>
Signed-off-by: Simon Wunderlich <sw(a)simonwunderlich.de>
---
net/batman-adv/translation-table.c | 12 +++++-------
1 file changed, 5 insertions(+), 7 deletions(-)
diff --git a/net/batman-adv/translation-table.c b/net/batman-adv/translation-table.c
index 760d51fdbdf6..7d5de4cbb814 100644
--- a/net/batman-adv/translation-table.c
+++ b/net/batman-adv/translation-table.c
@@ -3959,23 +3959,21 @@ static void batadv_tt_tvlv_ogm_handler_v1(struct batadv_priv *bat_priv,
struct batadv_tvlv_tt_change *tt_change;
struct batadv_tvlv_tt_data *tt_data;
u16 num_entries, num_vlan;
- size_t flex_size;
+ size_t tt_data_sz;
if (tvlv_value_len < sizeof(*tt_data))
return;
tt_data = tvlv_value;
- tvlv_value_len -= sizeof(*tt_data);
-
num_vlan = ntohs(tt_data->num_vlan);
- flex_size = flex_array_size(tt_data, vlan_data, num_vlan);
- if (tvlv_value_len < flex_size)
+ tt_data_sz = struct_size(tt_data, vlan_data, num_vlan);
+ if (tvlv_value_len < tt_data_sz)
return;
tt_change = (struct batadv_tvlv_tt_change *)((void *)tt_data
- + flex_size);
- tvlv_value_len -= flex_size;
+ + tt_data_sz);
+ tvlv_value_len -= tt_data_sz;
num_entries = batadv_tt_entries(tvlv_value_len);
--
2.39.5
4 months, 1 week
- 1
- 0
[PATCH 3/4] batman-adv: Drop unmanaged ELP metric worker
by Simon Wunderlich
From: Sven Eckelmann <sven(a)narfation.org>
The ELP worker needs to calculate new metric values for all neighbors
"reachable" over an interface. Some of the used metric sources require
locks which might need to sleep. This sleep is incompatible with the RCU
list iterator used for the recorded neighbors. The initial approach to work
around of this problem was to queue another work item per neighbor and then
run this in a new context.
Even when this solved the RCU vs might_sleep() conflict, it has a major
problems: Nothing was stopping the work item in case it is not needed
anymore - for example because one of the related interfaces was removed or
the batman-adv module was unloaded - resulting in potential invalid memory
accesses.
Directly canceling the metric worker also has various problems:
* cancel_work_sync for a to-be-deactivated interface is called with
rtnl_lock held. But the code in the ELP metric worker also tries to use
rtnl_lock() - which will never return in this case. This also means that
cancel_work_sync would never return because it is waiting for the worker
to finish.
* iterating over the neighbor list for the to-be-deactivated interface is
currently done using the RCU specific methods. Which means that it is
possible to miss items when iterating over it without the associated
spinlock - a behaviour which is acceptable for a periodic metric check
but not for a cleanup routine (which must "stop" all still running
workers)
The better approch is to get rid of the per interface neighbor metric
worker and handle everything in the interface worker. The original problems
are solved by:
* creating a list of neighbors which require new metric information inside
the RCU protected context, gathering the metric according to the new list
outside the RCU protected context
* only use rcu_trylock inside metric gathering code to avoid a deadlock
when the cancel_delayed_work_sync is called in the interface removal code
(which is called with the rtnl_lock held)
Cc: stable(a)vger.kernel.org
Fixes: c833484e5f38 ("batman-adv: ELP - compute the metric based on the estimated throughput")
Signed-off-by: Sven Eckelmann <sven(a)narfation.org>
Signed-off-by: Simon Wunderlich <sw(a)simonwunderlich.de>
---
net/batman-adv/bat_v.c | 2 --
net/batman-adv/bat_v_elp.c | 71 ++++++++++++++++++++++++++------------
net/batman-adv/bat_v_elp.h | 2 --
net/batman-adv/types.h | 3 --
4 files changed, 48 insertions(+), 30 deletions(-)
diff --git a/net/batman-adv/bat_v.c b/net/batman-adv/bat_v.c
index ac11f1f08db0..d35479c465e2 100644
--- a/net/batman-adv/bat_v.c
+++ b/net/batman-adv/bat_v.c
@@ -113,8 +113,6 @@ static void
batadv_v_hardif_neigh_init(struct batadv_hardif_neigh_node *hardif_neigh)
{
ewma_throughput_init(&hardif_neigh->bat_v.throughput);
- INIT_WORK(&hardif_neigh->bat_v.metric_work,
- batadv_v_elp_throughput_metric_update);
}
/**
diff --git a/net/batman-adv/bat_v_elp.c b/net/batman-adv/bat_v_elp.c
index 65e52de52bcd..b065578b4436 100644
--- a/net/batman-adv/bat_v_elp.c
+++ b/net/batman-adv/bat_v_elp.c
@@ -18,6 +18,7 @@
#include <linux/if_ether.h>
#include <linux/jiffies.h>
#include <linux/kref.h>
+#include <linux/list.h>
#include <linux/minmax.h>
#include <linux/netdevice.h>
#include <linux/nl80211.h>
@@ -26,6 +27,7 @@
#include <linux/rcupdate.h>
#include <linux/rtnetlink.h>
#include <linux/skbuff.h>
+#include <linux/slab.h>
#include <linux/stddef.h>
#include <linux/string.h>
#include <linux/types.h>
@@ -41,6 +43,18 @@
#include "routing.h"
#include "send.h"
+/**
+ * struct batadv_v_metric_queue_entry - list of hardif neighbors which require
+ * and metric update
+ */
+struct batadv_v_metric_queue_entry {
+ /** @hardif_neigh: hardif neighbor scheduled for metric update */
+ struct batadv_hardif_neigh_node *hardif_neigh;
+
+ /** @list: list node for metric_queue */
+ struct list_head list;
+};
+
/**
* batadv_v_elp_start_timer() - restart timer for ELP periodic work
* @hard_iface: the interface for which the timer has to be reset
@@ -137,10 +151,17 @@ static bool batadv_v_elp_get_throughput(struct batadv_hardif_neigh_node *neigh,
goto default_throughput;
}
+ /* only use rtnl_trylock because the elp worker will be cancelled while
+ * the rntl_lock is held. the cancel_delayed_work_sync() would otherwise
+ * wait forever when the elp work_item was started and it is then also
+ * trying to rtnl_lock
+ */
+ if (!rtnl_trylock())
+ return false;
+
/* if not a wifi interface, check if this device provides data via
* ethtool (e.g. an Ethernet adapter)
*/
- rtnl_lock();
ret = __ethtool_get_link_ksettings(hard_iface->net_dev, &link_settings);
rtnl_unlock();
if (ret == 0) {
@@ -175,31 +196,19 @@ static bool batadv_v_elp_get_throughput(struct batadv_hardif_neigh_node *neigh,
/**
* batadv_v_elp_throughput_metric_update() - worker updating the throughput
* metric of a single hop neighbour
- * @work: the work queue item
+ * @neigh: the neighbour to probe
*/
-void batadv_v_elp_throughput_metric_update(struct work_struct *work)
+static void
+batadv_v_elp_throughput_metric_update(struct batadv_hardif_neigh_node *neigh)
{
- struct batadv_hardif_neigh_node_bat_v *neigh_bat_v;
- struct batadv_hardif_neigh_node *neigh;
u32 throughput;
bool valid;
- neigh_bat_v = container_of(work, struct batadv_hardif_neigh_node_bat_v,
- metric_work);
- neigh = container_of(neigh_bat_v, struct batadv_hardif_neigh_node,
- bat_v);
-
valid = batadv_v_elp_get_throughput(neigh, &throughput);
if (!valid)
- goto put_neigh;
+ return;
ewma_throughput_add(&neigh->bat_v.throughput, throughput);
-
-put_neigh:
- /* decrement refcounter to balance increment performed before scheduling
- * this task
- */
- batadv_hardif_neigh_put(neigh);
}
/**
@@ -273,14 +282,16 @@ batadv_v_elp_wifi_neigh_probe(struct batadv_hardif_neigh_node *neigh)
*/
static void batadv_v_elp_periodic_work(struct work_struct *work)
{
+ struct batadv_v_metric_queue_entry *metric_entry;
+ struct batadv_v_metric_queue_entry *metric_safe;
struct batadv_hardif_neigh_node *hardif_neigh;
struct batadv_hard_iface *hard_iface;
struct batadv_hard_iface_bat_v *bat_v;
struct batadv_elp_packet *elp_packet;
+ struct list_head metric_queue;
struct batadv_priv *bat_priv;
struct sk_buff *skb;
u32 elp_interval;
- bool ret;
bat_v = container_of(work, struct batadv_hard_iface_bat_v, elp_wq.work);
hard_iface = container_of(bat_v, struct batadv_hard_iface, bat_v);
@@ -316,6 +327,8 @@ static void batadv_v_elp_periodic_work(struct work_struct *work)
atomic_inc(&hard_iface->bat_v.elp_seqno);
+ INIT_LIST_HEAD(&metric_queue);
+
/* The throughput metric is updated on each sent packet. This way, if a
* node is dead and no longer sends packets, batman-adv is still able to
* react timely to its death.
@@ -340,16 +353,28 @@ static void batadv_v_elp_periodic_work(struct work_struct *work)
/* Reading the estimated throughput from cfg80211 is a task that
* may sleep and that is not allowed in an rcu protected
- * context. Therefore schedule a task for that.
+ * context. Therefore add it to metric_queue and process it
+ * outside rcu protected context.
*/
- ret = queue_work(batadv_event_workqueue,
- &hardif_neigh->bat_v.metric_work);
-
- if (!ret)
+ metric_entry = kzalloc(sizeof(*metric_entry), GFP_ATOMIC);
+ if (!metric_entry) {
batadv_hardif_neigh_put(hardif_neigh);
+ continue;
+ }
+
+ metric_entry->hardif_neigh = hardif_neigh;
+ list_add(&metric_entry->list, &metric_queue);
}
rcu_read_unlock();
+ list_for_each_entry_safe(metric_entry, metric_safe, &metric_queue, list) {
+ batadv_v_elp_throughput_metric_update(metric_entry->hardif_neigh);
+
+ batadv_hardif_neigh_put(metric_entry->hardif_neigh);
+ list_del(&metric_entry->list);
+ kfree(metric_entry);
+ }
+
restart_timer:
batadv_v_elp_start_timer(hard_iface);
out:
diff --git a/net/batman-adv/bat_v_elp.h b/net/batman-adv/bat_v_elp.h
index 9e2740195fa2..c9cb0a307100 100644
--- a/net/batman-adv/bat_v_elp.h
+++ b/net/batman-adv/bat_v_elp.h
@@ -10,7 +10,6 @@
#include "main.h"
#include <linux/skbuff.h>
-#include <linux/workqueue.h>
int batadv_v_elp_iface_enable(struct batadv_hard_iface *hard_iface);
void batadv_v_elp_iface_disable(struct batadv_hard_iface *hard_iface);
@@ -19,6 +18,5 @@ void batadv_v_elp_iface_activate(struct batadv_hard_iface *primary_iface,
void batadv_v_elp_primary_iface_set(struct batadv_hard_iface *primary_iface);
int batadv_v_elp_packet_recv(struct sk_buff *skb,
struct batadv_hard_iface *if_incoming);
-void batadv_v_elp_throughput_metric_update(struct work_struct *work);
#endif /* _NET_BATMAN_ADV_BAT_V_ELP_H_ */
diff --git a/net/batman-adv/types.h b/net/batman-adv/types.h
index 04f6398b3a40..85a50096f5b2 100644
--- a/net/batman-adv/types.h
+++ b/net/batman-adv/types.h
@@ -596,9 +596,6 @@ struct batadv_hardif_neigh_node_bat_v {
* neighbor
*/
unsigned long last_unicast_tx;
-
- /** @metric_work: work queue callback item for metric update */
- struct work_struct metric_work;
};
/**
--
2.39.5
4 months, 1 week
- 1
- 0
[PATCH 2/4] batman-adv: Ignore neighbor throughput metrics in error case
by Simon Wunderlich
From: Sven Eckelmann <sven(a)narfation.org>
If a temporary error happened in the evaluation of the neighbor throughput
information, then the invalid throughput result should not be stored in the
throughtput EWMA.
Cc: stable(a)vger.kernel.org
Signed-off-by: Sven Eckelmann <sven(a)narfation.org>
Signed-off-by: Simon Wunderlich <sw(a)simonwunderlich.de>
---
net/batman-adv/bat_v_elp.c | 50 ++++++++++++++++++++++++++------------
1 file changed, 34 insertions(+), 16 deletions(-)
diff --git a/net/batman-adv/bat_v_elp.c b/net/batman-adv/bat_v_elp.c
index fbf499bcc671..65e52de52bcd 100644
--- a/net/batman-adv/bat_v_elp.c
+++ b/net/batman-adv/bat_v_elp.c
@@ -59,11 +59,13 @@ static void batadv_v_elp_start_timer(struct batadv_hard_iface *hard_iface)
/**
* batadv_v_elp_get_throughput() - get the throughput towards a neighbour
* @neigh: the neighbour for which the throughput has to be obtained
+ * @pthroughput: calculated throughput towards the given neighbour in multiples
+ * of 100kpbs (a value of '1' equals 0.1Mbps, '10' equals 1Mbps, etc).
*
- * Return: The throughput towards the given neighbour in multiples of 100kpbs
- * (a value of '1' equals 0.1Mbps, '10' equals 1Mbps, etc).
+ * Return: true when value behind @pthroughput was set
*/
-static u32 batadv_v_elp_get_throughput(struct batadv_hardif_neigh_node *neigh)
+static bool batadv_v_elp_get_throughput(struct batadv_hardif_neigh_node *neigh,
+ u32 *pthroughput)
{
struct batadv_hard_iface *hard_iface = neigh->if_incoming;
struct net_device *soft_iface = hard_iface->soft_iface;
@@ -77,14 +79,16 @@ static u32 batadv_v_elp_get_throughput(struct batadv_hardif_neigh_node *neigh)
* batman-adv interface
*/
if (!soft_iface)
- return BATADV_THROUGHPUT_DEFAULT_VALUE;
+ return false;
/* if the user specified a customised value for this interface, then
* return it directly
*/
throughput = atomic_read(&hard_iface->bat_v.throughput_override);
- if (throughput != 0)
- return throughput;
+ if (throughput != 0) {
+ *pthroughput = throughput;
+ return true;
+ }
/* if this is a wireless device, then ask its throughput through
* cfg80211 API
@@ -111,19 +115,24 @@ static u32 batadv_v_elp_get_throughput(struct batadv_hardif_neigh_node *neigh)
* possible to delete this neighbor. For now set
* the throughput metric to 0.
*/
- return 0;
+ *pthroughput = 0;
+ return true;
}
if (ret)
goto default_throughput;
- if (sinfo.filled & BIT(NL80211_STA_INFO_EXPECTED_THROUGHPUT))
- return sinfo.expected_throughput / 100;
+ if (sinfo.filled & BIT(NL80211_STA_INFO_EXPECTED_THROUGHPUT)) {
+ *pthroughput = sinfo.expected_throughput / 100;
+ return true;
+ }
/* try to estimate the expected throughput based on reported tx
* rates
*/
- if (sinfo.filled & BIT(NL80211_STA_INFO_TX_BITRATE))
- return cfg80211_calculate_bitrate(&sinfo.txrate) / 3;
+ if (sinfo.filled & BIT(NL80211_STA_INFO_TX_BITRATE)) {
+ *pthroughput = cfg80211_calculate_bitrate(&sinfo.txrate) / 3;
+ return true;
+ }
goto default_throughput;
}
@@ -142,8 +151,10 @@ static u32 batadv_v_elp_get_throughput(struct batadv_hardif_neigh_node *neigh)
hard_iface->bat_v.flags &= ~BATADV_FULL_DUPLEX;
throughput = link_settings.base.speed;
- if (throughput && throughput != SPEED_UNKNOWN)
- return throughput * 10;
+ if (throughput && throughput != SPEED_UNKNOWN) {
+ *pthroughput = throughput * 10;
+ return true;
+ }
}
default_throughput:
@@ -157,7 +168,8 @@ static u32 batadv_v_elp_get_throughput(struct batadv_hardif_neigh_node *neigh)
}
/* if none of the above cases apply, return the base_throughput */
- return BATADV_THROUGHPUT_DEFAULT_VALUE;
+ *pthroughput = BATADV_THROUGHPUT_DEFAULT_VALUE;
+ return true;
}
/**
@@ -169,15 +181,21 @@ void batadv_v_elp_throughput_metric_update(struct work_struct *work)
{
struct batadv_hardif_neigh_node_bat_v *neigh_bat_v;
struct batadv_hardif_neigh_node *neigh;
+ u32 throughput;
+ bool valid;
neigh_bat_v = container_of(work, struct batadv_hardif_neigh_node_bat_v,
metric_work);
neigh = container_of(neigh_bat_v, struct batadv_hardif_neigh_node,
bat_v);
- ewma_throughput_add(&neigh->bat_v.throughput,
- batadv_v_elp_get_throughput(neigh));
+ valid = batadv_v_elp_get_throughput(neigh, &throughput);
+ if (!valid)
+ goto put_neigh;
+
+ ewma_throughput_add(&neigh->bat_v.throughput, throughput);
+put_neigh:
/* decrement refcounter to balance increment performed before scheduling
* this task
*/
--
2.39.5
4 months, 1 week
- 1
- 0
[PATCH net-next 0/4] ptp: vmclock: bugfixes and cleanups for error handling
by Thomas Weißschuh
Some error handling issues I noticed while looking at the code.
Only compile-tested.
Signed-off-by: Thomas Weißschuh <thomas.weissschuh(a)linutronix.de>
---
Thomas Weißschuh (4):
ptp: vmclock: Set driver data before its usage
ptp: vmclock: Don't unregister misc device if it was not registered
ptp: vmclock: Clean up miscdev and ptp clock through devres
ptp: vmclock: Remove goto-based cleanup logic
drivers/ptp/ptp_vmclock.c | 46 ++++++++++++++++++++--------------------------
1 file changed, 20 insertions(+), 26 deletions(-)
---
base-commit: 2014c95afecee3e76ca4a56956a936e23283f05b
change-id: 20250206-vmclock-probe-57cbcb770925
Best regards,
--
Thomas Weißschuh <thomas.weissschuh(a)linutronix.de>
4 months, 1 week
- 4
- 9
[PATCH] fs/xattr: actually support O_PATH fds in *xattrat() syscalls
by Mike Yuan
Cited from commit message of original patch [1]:
> One use case will be setfiles(8) setting SELinux file contexts
> ("security.selinux") without race conditions and without a file
> descriptor opened with read access requiring SELinux read permission.
Also, generally all *at() syscalls operate on O_PATH fds, unlike
f*() ones. Yet the O_PATH fds are rejected by *xattrat() syscalls
in the final version merged into tree. Instead, let's switch things
to CLASS(fd_raw).
Note that there's one side effect: f*xattr() starts to work with
O_PATH fds too. It's not clear to me whether this is desirable
(e.g. fstat() accepts O_PATH fds as an outlier).
[1] https://lore.kernel.org/all/20240426162042.191916-1-cgoettsche@seltendoof.d…
Fixes: 6140be90ec70 ("fs/xattr: add *at family syscalls")
Signed-off-by: Mike Yuan <me(a)yhndnzj.com>
Cc: Al Viro <viro(a)zeniv.linux.org.uk>
Cc: Christian Göttsche <cgzones(a)googlemail.com>
Cc: Christian Brauner <brauner(a)kernel.org>
Cc: <stable(a)vger.kernel.org>
---
fs/xattr.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/fs/xattr.c b/fs/xattr.c
index 02bee149ad96..15df71e56187 100644
--- a/fs/xattr.c
+++ b/fs/xattr.c
@@ -704,7 +704,7 @@ static int path_setxattrat(int dfd, const char __user *pathname,
filename = getname_maybe_null(pathname, at_flags);
if (!filename) {
- CLASS(fd, f)(dfd);
+ CLASS(fd_raw, f)(dfd);
if (fd_empty(f))
error = -EBADF;
else
@@ -848,7 +848,7 @@ static ssize_t path_getxattrat(int dfd, const char __user *pathname,
filename = getname_maybe_null(pathname, at_flags);
if (!filename) {
- CLASS(fd, f)(dfd);
+ CLASS(fd_raw, f)(dfd);
if (fd_empty(f))
return -EBADF;
return file_getxattr(fd_file(f), &ctx);
@@ -978,7 +978,7 @@ static ssize_t path_listxattrat(int dfd, const char __user *pathname,
filename = getname_maybe_null(pathname, at_flags);
if (!filename) {
- CLASS(fd, f)(dfd);
+ CLASS(fd_raw, f)(dfd);
if (fd_empty(f))
return -EBADF;
return file_listxattr(fd_file(f), list, size);
@@ -1079,7 +1079,7 @@ static int path_removexattrat(int dfd, const char __user *pathname,
filename = getname_maybe_null(pathname, at_flags);
if (!filename) {
- CLASS(fd, f)(dfd);
+ CLASS(fd_raw, f)(dfd);
if (fd_empty(f))
return -EBADF;
return file_removexattr(fd_file(f), &kname);
base-commit: a86bf2283d2c9769205407e2b54777c03d012939
--
2.48.1
4 months, 1 week
- 2
- 9
[tip: timers/urgent] timers/migration: Fix off-by-one root mis-connection
by tip-bot2 for Frederic Weisbecker
The following commit has been merged into the timers/urgent branch of tip:
Commit-ID: 868c9037df626b3c245ee26a290a03ae1f9f58d3
Gitweb: https://git.kernel.org/tip/868c9037df626b3c245ee26a290a03ae1f9f58d3
Author: Frederic Weisbecker <frederic(a)kernel.org>
AuthorDate: Wed, 05 Feb 2025 17:02:20 +01:00
Committer: Thomas Gleixner <tglx(a)linutronix.de>
CommitterDate: Fri, 07 Feb 2025 09:02:16 +01:00
timers/migration: Fix off-by-one root mis-connection
Before attaching a new root to the old root, the children counter of the
new root is checked to verify that only the upcoming CPU's top group have
been connected to it. However since the recently added commit b729cc1ec21a
("timers/migration: Fix another race between hotplug and idle entry/exit")
this check is not valid anymore because the old root is pre-accounted
as a child to the new root. Therefore after connecting the upcoming
CPU's top group to the new root, the children count to be expected must
be 2 and not 1 anymore.
This omission results in the old root to not be connected to the new
root. Then eventually the system may run with more than one top level,
which defeats the purpose of a single idle migrator.
Also the old root is pre-accounted but not connected upon the new root
creation. But it can be connected to the new root later on. Therefore
the old root may be accounted twice to the new root. The propagation of
such overcommit can end up creating a double final top-level root with a
groupmask incorrectly initialized. Although harmless given that the final
top level roots will never have a parent to walk up to, this oddity
opportunistically reported the core issue:
WARNING: CPU: 8 PID: 0 at kernel/time/timer_migration.c:543 tmigr_requires_handle_remote
CPU: 8 UID: 0 PID: 0 Comm: swapper/8
RIP: 0010:tmigr_requires_handle_remote
Call Trace:
<IRQ>
? tmigr_requires_handle_remote
? hrtimer_run_queues
update_process_times
tick_periodic
tick_handle_periodic
__sysvec_apic_timer_interrupt
sysvec_apic_timer_interrupt
</IRQ>
Fix the problem by taking the old root into account in the children count
of the new root so the connection is not omitted.
Also warn when more than one top level group exists to better detect
similar issues in the future.
Fixes: b729cc1ec21a ("timers/migration: Fix another race between hotplug and idle entry/exit")
Reported-by: Matt Fleming <mfleming(a)cloudflare.com>
Signed-off-by: Frederic Weisbecker <frederic(a)kernel.org>
Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de>
Cc: stable(a)vger.kernel.org
Link: https://lore.kernel.org/all/20250205160220.39467-1-frederic@kernel.org
---
kernel/time/timer_migration.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/kernel/time/timer_migration.c b/kernel/time/timer_migration.c
index 9cb9b65..2f63308 100644
--- a/kernel/time/timer_migration.c
+++ b/kernel/time/timer_migration.c
@@ -1675,6 +1675,9 @@ static int tmigr_setup_groups(unsigned int cpu, unsigned int node)
} while (i < tmigr_hierarchy_levels);
+ /* Assert single root */
+ WARN_ON_ONCE(!err && !group->parent && !list_is_singular(&tmigr_level_list[top]));
+
while (i > 0) {
group = stack[--i];
@@ -1716,7 +1719,12 @@ static int tmigr_setup_groups(unsigned int cpu, unsigned int node)
WARN_ON_ONCE(top == 0);
lvllist = &tmigr_level_list[top];
- if (group->num_children == 1 && list_is_singular(lvllist)) {
+
+ /*
+ * Newly created root level should have accounted the upcoming
+ * CPU's child group and pre-accounted the old root.
+ */
+ if (group->num_children == 2 && list_is_singular(lvllist)) {
/*
* The target CPU must never do the prepare work, except
* on early boot when the boot CPU is the target. Otherwise
4 months, 1 week
- 1
- 0
[PATCH v1 2/2] arm64: dts: qcom: ipq9574: Fix USB vdd info
by Varadarajan Narayanan
USB phys in ipq9574 use the 'L5' regulator. The commit
ec4f047679d5 ("arm64: dts: qcom: ipq9574: Enable USB")
incorrectly specified it as 'L2'. Because of this when the phy
module turns off/on its regulators, 'L2' is turned off/on
resulting in 2 issues, namely 'L5' is not turned off/on and the
network module powered by the 'L2' is turned off/on.
Cc: stable(a)vger.kernel.org
Fixes: ec4f047679d5 ("arm64: dts: qcom: ipq9574: Enable USB")
Signed-off-by: Varadarajan Narayanan <quic_varada(a)quicinc.com>
---
arch/arm64/boot/dts/qcom/ipq9574-rdp-common.dtsi | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/arch/arm64/boot/dts/qcom/ipq9574-rdp-common.dtsi b/arch/arm64/boot/dts/qcom/ipq9574-rdp-common.dtsi
index ae12f069f26f..b24b795873d4 100644
--- a/arch/arm64/boot/dts/qcom/ipq9574-rdp-common.dtsi
+++ b/arch/arm64/boot/dts/qcom/ipq9574-rdp-common.dtsi
@@ -111,6 +111,13 @@ mp5496_l2: l2 {
regulator-always-on;
regulator-boot-on;
};
+
+ mp5496_l5: l5 {
+ regulator-min-microvolt = <1800000>;
+ regulator-max-microvolt = <1800000>;
+ regulator-always-on;
+ regulator-boot-on;
+ };
};
};
@@ -146,7 +153,7 @@ &usb_0_dwc3 {
};
&usb_0_qmpphy {
- vdda-pll-supply = <&mp5496_l2>;
+ vdda-pll-supply = <&mp5496_l5>;
vdda-phy-supply = <®ulator_fixed_0p925>;
status = "okay";
@@ -154,7 +161,7 @@ &usb_0_qmpphy {
&usb_0_qusbphy {
vdd-supply = <®ulator_fixed_0p925>;
- vdda-pll-supply = <&mp5496_l2>;
+ vdda-pll-supply = <&mp5496_l5>;
vdda-phy-dpdm-supply = <®ulator_fixed_3p3>;
status = "okay";
--
2.34.1
4 months, 1 week
- 2
- 2
[PATCH net] rtnetlink: fix netns leak with rtnl_setlink()
by Nicolas Dichtel
A call to rtnl_nets_destroy() is needed to release references taken on
netns put in rtnl_nets.
CC: stable(a)vger.kernel.org
Fixes: 636af13f213b ("rtnetlink: Register rtnl_dellink() and rtnl_setlink() with RTNL_FLAG_DOIT_PERNET_WIP.")
Signed-off-by: Nicolas Dichtel <nicolas.dichtel(a)6wind.com>
---
net/core/rtnetlink.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
index 1f4d4b5570ab..d1e559fce918 100644
--- a/net/core/rtnetlink.c
+++ b/net/core/rtnetlink.c
@@ -3432,6 +3432,7 @@ static int rtnl_setlink(struct sk_buff *skb, struct nlmsghdr *nlh,
err = -ENODEV;
rtnl_nets_unlock(&rtnl_nets);
+ rtnl_nets_destroy(&rtnl_nets);
errout:
return err;
}
--
2.47.1
4 months, 1 week
- 3
- 2
[PATCH] x86: rust: set rustc-abi=x86-softfloat on rustc>=1.86.0
by Alice Ryhl
When using Rust on the x86 architecture, we are currently using the
unstable target.json feature to specify the compilation target. Rustc is
going to change how softfloat is specified in the target.json file on
x86, thus update generate_rust_target.rs to specify softfloat using the
new option.
Note that if you enable this parameter with a compiler that does not
recognize it, then that triggers a warning but it does not break the
build.
Cc: stable(a)vger.kernel.org # for 6.12.y
Link: https://github.com/rust-lang/rust/pull/136146
Signed-off-by: Alice Ryhl <aliceryhl(a)google.com>
---
scripts/generate_rust_target.rs | 18 ++++++++++++++++++
1 file changed, 18 insertions(+)
diff --git a/scripts/generate_rust_target.rs b/scripts/generate_rust_target.rs
index 0d00ac3723b5..4fd6b6ab3e32 100644
--- a/scripts/generate_rust_target.rs
+++ b/scripts/generate_rust_target.rs
@@ -165,6 +165,18 @@ fn has(&self, option: &str) -> bool {
let option = "CONFIG_".to_owned() + option;
self.0.contains_key(&option)
}
+
+ /// Is the rustc version at least `major.minor.patch`?
+ fn rustc_version_atleast(&self, major: u32, minor: u32, patch: u32) -> bool {
+ let check_version = 100000 * major + 100 * minor + patch;
+ let actual_version = self
+ .0
+ .get("CONFIG_RUSTC_VERSION")
+ .unwrap()
+ .parse::<u32>()
+ .unwrap();
+ check_version <= actual_version
+ }
}
fn main() {
@@ -182,6 +194,9 @@ fn main() {
}
} else if cfg.has("X86_64") {
ts.push("arch", "x86_64");
+ if cfg.rustc_version_atleast(1, 86, 0) {
+ ts.push("rustc-abi", "x86-softfloat");
+ }
ts.push(
"data-layout",
"e-m:e-p270:32:32-p271:32:32-p272:64:64-i64:64-i128:128-f80:128-n8:16:32:64-S128",
@@ -215,6 +230,9 @@ fn main() {
panic!("32-bit x86 only works under UML");
}
ts.push("arch", "x86");
+ if cfg.rustc_version_atleast(1, 86, 0) {
+ ts.push("rustc-abi", "x86-softfloat");
+ }
ts.push(
"data-layout",
"e-m:e-p:32:32-p270:32:32-p271:32:32-p272:64:64-i128:128-f64:32:64-f80:32-n8:16:32-S128",
---
base-commit: 40384c840ea1944d7c5a392e8975ed088ecf0b37
change-id: 20250203-rustc-1-86-x86-softfloat-0b973054c4bc
Best regards,
--
Alice Ryhl <aliceryhl(a)google.com>
4 months, 1 week
- 3
- 6
[PATCH] arm64: tegra: delete the Orin NX/Nano suspend key
by Ivy Huang
From: Ninad Malwade <nmalwade(a)nvidia.com>
As per the Orin Nano Dev Kit schematic, GPIO_G.02 is not available
on this device family. It should not be used at all on Orin NX/Nano.
Having this unused pin mapped as the suspend key can lead to
unpredictable behavior for low power modes.
Orin NX/Nano uses GPIO_EE.04 as both a "power" button and a "suspend"
button. However, we cannot have two gpio-keys mapped to the same
GPIO. Therefore delete the "suspend" key.
Cc: stable(a)vger.kernel.org
Fixes: e63472eda5ea ("arm64: tegra: Support Jetson Orin NX reference platform")
Signed-off-by: Ninad Malwade <nmalwade(a)nvidia.com>
Signed-off-by: Ivy Huang <yijuh(a)nvidia.com>
---
arch/arm64/boot/dts/nvidia/tegra234-p3768-0000+p3767.dtsi | 7 -------
1 file changed, 7 deletions(-)
diff --git a/arch/arm64/boot/dts/nvidia/tegra234-p3768-0000+p3767.dtsi b/arch/arm64/boot/dts/nvidia/tegra234-p3768-0000+p3767.dtsi
index 19340d13f789..41821354bbda 100644
--- a/arch/arm64/boot/dts/nvidia/tegra234-p3768-0000+p3767.dtsi
+++ b/arch/arm64/boot/dts/nvidia/tegra234-p3768-0000+p3767.dtsi
@@ -227,13 +227,6 @@
wakeup-event-action = <EV_ACT_ASSERTED>;
wakeup-source;
};
-
- key-suspend {
- label = "Suspend";
- gpios = <&gpio TEGRA234_MAIN_GPIO(G, 2) GPIO_ACTIVE_LOW>;
- linux,input-type = <EV_KEY>;
- linux,code = <KEY_SLEEP>;
- };
};
fan: pwm-fan {
--
2.17.1
4 months, 1 week
- 1
- 0
[PATCH v3 1/2] seccomp: passthrough uretprobe systemcall without filtering
by Eyal Birger
When attaching uretprobes to processes running inside docker, the attached
process is segfaulted when encountering the retprobe.
The reason is that now that uretprobe is a system call the default seccomp
filters in docker block it as they only allow a specific set of known
syscalls. This is true for other userspace applications which use seccomp
to control their syscall surface.
Since uretprobe is a "kernel implementation detail" system call which is
not used by userspace application code directly, it is impractical and
there's very little point in forcing all userspace applications to
explicitly allow it in order to avoid crashing tracked processes.
Pass this systemcall through seccomp without depending on configuration.
Note: uretprobe isn't supported in i386 and __NR_ia32_rt_tgsigqueueinfo
uses the same number as __NR_uretprobe so the syscall isn't forced in the
compat bitmap.
Fixes: ff474a78cef5 ("uprobe: Add uretprobe syscall to speed up return probe")
Reported-by: Rafael Buchbinder <rafi(a)rbk.io>
Link: https://lore.kernel.org/lkml/CAHsH6Gs3Eh8DFU0wq58c_LF8A4_+o6z456J7BidmcVY2A…
Link: https://lore.kernel.org/lkml/20250121182939.33d05470@gandalf.local.home/T/#…
Link: https://lore.kernel.org/lkml/20250128145806.1849977-1-eyal.birger@gmail.com/
Cc: stable(a)vger.kernel.org
Signed-off-by: Eyal Birger <eyal.birger(a)gmail.com>
---
v3: no change - deferring 32bit compat handling as there aren't plans to
support this syscall in compat mode.
v2: use action_cache bitmap and mode1 array to check the syscall
---
kernel/seccomp.c | 24 +++++++++++++++++++++---
1 file changed, 21 insertions(+), 3 deletions(-)
diff --git a/kernel/seccomp.c b/kernel/seccomp.c
index f59381c4a2ff..09b6f8e6db51 100644
--- a/kernel/seccomp.c
+++ b/kernel/seccomp.c
@@ -734,13 +734,13 @@ seccomp_prepare_user_filter(const char __user *user_filter)
#ifdef SECCOMP_ARCH_NATIVE
/**
- * seccomp_is_const_allow - check if filter is constant allow with given data
+ * seccomp_is_filter_const_allow - check if filter is constant allow with given data
* @fprog: The BPF programs
* @sd: The seccomp data to check against, only syscall number and arch
* number are considered constant.
*/
-static bool seccomp_is_const_allow(struct sock_fprog_kern *fprog,
- struct seccomp_data *sd)
+static bool seccomp_is_filter_const_allow(struct sock_fprog_kern *fprog,
+ struct seccomp_data *sd)
{
unsigned int reg_value = 0;
unsigned int pc;
@@ -812,6 +812,21 @@ static bool seccomp_is_const_allow(struct sock_fprog_kern *fprog,
return false;
}
+static bool seccomp_is_const_allow(struct sock_fprog_kern *fprog,
+ struct seccomp_data *sd)
+{
+#ifdef __NR_uretprobe
+ if (sd->nr == __NR_uretprobe
+#ifdef SECCOMP_ARCH_COMPAT
+ && sd->arch != SECCOMP_ARCH_COMPAT
+#endif
+ )
+ return true;
+#endif
+
+ return seccomp_is_filter_const_allow(fprog, sd);
+}
+
static void seccomp_cache_prepare_bitmap(struct seccomp_filter *sfilter,
void *bitmap, const void *bitmap_prev,
size_t bitmap_size, int arch)
@@ -1023,6 +1038,9 @@ static inline void seccomp_log(unsigned long syscall, long signr, u32 action,
*/
static const int mode1_syscalls[] = {
__NR_seccomp_read, __NR_seccomp_write, __NR_seccomp_exit, __NR_seccomp_sigreturn,
+#ifdef __NR_uretprobe
+ __NR_uretprobe,
+#endif
-1, /* negative terminated */
};
--
2.43.0
4 months, 1 week
- 2
- 1
[PATCH] tpm: do not start chip while suspended
by Thadeu Lima de Souza Cascardo
tpm_chip_start may issue IO that should not be done while the chip is
suspended. In the particular case of I2C, it will issue the following
warning:
[35985.503769] ------------[ cut here ]------------
[35985.503771] i2c i2c-1: Transfer while suspended
[35985.503796] WARNING: CPU: 0 PID: 74 at drivers/i2c/i2c-core.h:56 __i2c_transfer+0xbe/0x810
[35985.503802] Modules linked in:
[35985.503808] CPU: 0 UID: 0 PID: 74 Comm: hwrng Tainted: G W 6.13.0-next-20250203-00005-gfa0cb5642941 #19 9c3d7f78192f2d38e32010ac9c90fdc71109ef6f
[35985.503814] Tainted: [W]=WARN
[35985.503817] Hardware name: Google Morphius/Morphius, BIOS Google_Morphius.13434.858.0 10/26/2023
[35985.503819] RIP: 0010:__i2c_transfer+0xbe/0x810
[35985.503825] Code: 30 01 00 00 4c 89 f7 e8 40 fe d8 ff 48 8b 93 80 01 00 00 48 85 d2 75 03 49 8b 16 48 c7 c7 0a fb 7c a7 48 89 c6 e8 32 ad b0 fe <0f> 0b b8 94 ff ff ff e9 33 04 00 00 be 02 00 00 00 83 fd 02 0f 5
[35985.503828] RSP: 0018:ffffa106c0333d30 EFLAGS: 00010246
[35985.503833] RAX: 074ba64aa20f7000 RBX: ffff8aa4c1167120 RCX: 0000000000000000
[35985.503836] RDX: 0000000000000000 RSI: ffffffffa77ab0e4 RDI: 0000000000000001
[35985.503838] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000
[35985.503841] R10: 0000000000000004 R11: 00000001000313d5 R12: ffff8aa4c10f1820
[35985.503843] R13: ffff8aa4c0e243c0 R14: ffff8aa4c1167250 R15: ffff8aa4c1167120
[35985.503846] FS: 0000000000000000(0000) GS:ffff8aa4eae00000(0000) knlGS:0000000000000000
[35985.503849] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[35985.503852] CR2: 00007fab0aaf1000 CR3: 0000000105328000 CR4: 00000000003506f0
[35985.503855] Call Trace:
[35985.503859] <TASK>
[35985.503863] ? __warn+0xd4/0x260
[35985.503868] ? __i2c_transfer+0xbe/0x810
[35985.503874] ? report_bug+0xf3/0x210
[35985.503882] ? handle_bug+0x63/0xb0
[35985.503887] ? exc_invalid_op+0x16/0x50
[35985.503892] ? asm_exc_invalid_op+0x16/0x20
[35985.503904] ? __i2c_transfer+0xbe/0x810
[35985.503913] tpm_cr50_i2c_transfer_message+0x24/0xf0
[35985.503920] tpm_cr50_i2c_read+0x8e/0x120
[35985.503928] tpm_cr50_request_locality+0x75/0x170
[35985.503935] tpm_chip_start+0x116/0x160
[35985.503942] tpm_try_get_ops+0x57/0x90
[35985.503948] tpm_find_get_ops+0x26/0xd0
[35985.503955] tpm_get_random+0x2d/0x80
[35985.503960] hwrng_fillfn+0x13b/0x2e0
[35985.503964] ? __cfi_hwrng_fillfn+0x10/0x10
[35985.503969] kthread+0x23d/0x250
[35985.503974] ? srso_return_thunk+0x5/0x5f
[35985.503979] ? lockdep_hardirqs_on+0x95/0x150
[35985.503985] ? __cfi_kthread+0x10/0x10
[35985.503989] ret_from_fork+0x44/0x50
[35985.503994] ? __cfi_kthread+0x10/0x10
[35985.503998] ret_from_fork_asm+0x11/0x20
[35985.504013] </TASK>
[35985.504015] irq event stamp: 107462
[35985.504017] hardirqs last enabled at (107461): [<ffffffffa6b82d41>] _raw_spin_unlock_irqrestore+0x31/0x60
[35985.504022] hardirqs last disabled at (107462): [<ffffffffa6b77309>] __schedule+0x159/0x16f0
[35985.504027] softirqs last enabled at (104760): [<ffffffffa4f62ef5>] __irq_exit_rcu+0x75/0x160
[35985.504032] softirqs last disabled at (104755): [<ffffffffa4f62ef5>] __irq_exit_rcu+0x75/0x160
[35985.504036] ---[ end trace 0000000000000000 ]---
[35985.504126] tpm tpm0: i2c transfer failed (attempt 2/3): -108
[35985.504207] tpm tpm0: i2c transfer failed (attempt 3/3): -108
[35985.504395] tpm tpm0: i2c transfer failed (attempt 2/3): -108
[35985.504474] tpm tpm0: i2c transfer failed (attempt 3/3): -108
Test for the suspended flag inside tpm_try_get_ops while holding the chip
tpm_mutex before calling tpm_chip_start. That will also prevent
tpm_get_random from doing IO while the TPM is suspended.
Fixes: 9265fed6db60 ("tpm: Lock TPM chip in tpm_pm_suspend() first")
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>
Cc: stable(a)vger.kernel.org
Cc: Jerry Snitselaar <jsnitsel(a)redhat.com>
Cc: Mike Seo <mikeseohyungjin(a)gmail.com>
Cc: Jarkko Sakkinen <jarkko(a)kernel.org>
---
drivers/char/tpm/tpm-chip.c | 5 +++++
drivers/char/tpm/tpm-interface.c | 8 +-------
2 files changed, 6 insertions(+), 7 deletions(-)
diff --git a/drivers/char/tpm/tpm-chip.c b/drivers/char/tpm/tpm-chip.c
index 7df7abaf3e526bf7e85ac9dfbaa1087a51d2ab7e..6db864696a583bf59c534ec8714900a6be7b5156 100644
--- a/drivers/char/tpm/tpm-chip.c
+++ b/drivers/char/tpm/tpm-chip.c
@@ -168,6 +168,11 @@ int tpm_try_get_ops(struct tpm_chip *chip)
goto out_ops;
mutex_lock(&chip->tpm_mutex);
+
+ /* tmp_chip_start may issue IO that is denied while suspended */
+ if (chip->flags & TPM_CHIP_FLAG_SUSPENDED)
+ goto out_lock;
+
rc = tpm_chip_start(chip);
if (rc)
goto out_lock;
diff --git a/drivers/char/tpm/tpm-interface.c b/drivers/char/tpm/tpm-interface.c
index b1daa0d7b341b1a4c71a200115f0d29d2e87512d..e6d786ce4e36970428b75d288a066e832c5b2af1 100644
--- a/drivers/char/tpm/tpm-interface.c
+++ b/drivers/char/tpm/tpm-interface.c
@@ -441,22 +441,16 @@ int tpm_get_random(struct tpm_chip *chip, u8 *out, size_t max)
if (!out || max > TPM_MAX_RNG_DATA)
return -EINVAL;
+ /* NULL will be returned if chip is suspended */
chip = tpm_find_get_ops(chip);
if (!chip)
return -ENODEV;
- /* Give back zero bytes, as TPM chip has not yet fully resumed: */
- if (chip->flags & TPM_CHIP_FLAG_SUSPENDED) {
- rc = 0;
- goto out;
- }
-
if (chip->flags & TPM_CHIP_FLAG_TPM2)
rc = tpm2_get_random(chip, out, max);
else
rc = tpm1_get_random(chip, out, max);
-out:
tpm_put_ops(chip);
return rc;
}
---
base-commit: 2014c95afecee3e76ca4a56956a936e23283f05b
change-id: 20250205-tpm-suspend-b22f745f3124
Best regards,
--
Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>
4 months, 1 week
- 2
- 1
[PATCH v2 0/2] ASoC: SOF: Correct sps->stream and cstream nullity management
by Peter Ujfalusi
Hi,
Changes since v1:
- fix the SHA of the Fixes tag
The Nullity of sps->cstream needs to be checked in sof_ipc_msg_data() and not
assume that it is not NULL.
The sps->stream must be cleared to NULL on close since this is used as a check
to see if we have active PCM stream.
Regards,
Peter
---
Peter Ujfalusi (2):
ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data()
ASoC: SOF: pcm: Clear the susbstream pointer to NULL on close
sound/soc/sof/pcm.c | 2 ++
sound/soc/sof/stream-ipc.c | 6 +++++-
2 files changed, 7 insertions(+), 1 deletion(-)
--
2.48.1
4 months, 1 week
- 2
- 3
[PATCH 0/2] ASoC: SOF: Correct sps->stream and cstream nullity management
by Peter Ujfalusi
Hi,
The Nullity of sps->cstream needs to be checked in sof_ipc_msg_data() and not
assume that it is not NULL.
The sps->stream must be cleared to NULL on close since this is used as a check
to see if we have active PCM stream.
Regards,
Peter
---
Peter Ujfalusi (2):
ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data()
ASoC: SOF: pcm: Clear the susbstream pointer to NULL on close
sound/soc/sof/pcm.c | 2 ++
sound/soc/sof/stream-ipc.c | 6 +++++-
2 files changed, 7 insertions(+), 1 deletion(-)
--
2.47.1
4 months, 1 week
- 2
- 5
[PATCH v2 0/2] ASoC: SOF: Correct sps->stream and cstream nullity management
by Peter Ujfalusi
Hi,
Changes since v1:
- Cc stable
The nullity of sps->cstream needs to be checked in sof_ipc_msg_data()
and not assume that it is not NULL.
The sps->stream must be cleared to NULL on close since this is used
as a check to see if we have active PCM stream.
Regards,
Peter
---
Peter Ujfalusi (2):
ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data()
ASoC: SOF: pcm: Clear the susbstream pointer to NULL on close
sound/soc/sof/pcm.c | 2 ++
sound/soc/sof/stream-ipc.c | 6 +++++-
2 files changed, 7 insertions(+), 1 deletion(-)
--
2.47.0
4 months, 1 week
- 2
- 4
Re: [PATCH 6.13 000/619] 6.13.2-rc2 review
by Ronald Warsow
Hi Greg
no regressions here on x86_64 (RKL, Intel 11th Gen. CPU)
Thanks
Tested-by: Ronald Warsow <rwarsow(a)gmx.de>
4 months, 1 week
- 1
- 0
[PATCH v2] arm64: Handle .ARM.attributes section in linker scripts
by Nathan Chancellor
A recent LLVM commit [1] started generating an .ARM.attributes section
similar to the one that exists for 32-bit, which results in orphan
section warnings (or errors if CONFIG_WERROR is enabled) from the linker
because it is not handled in the arm64 linker scripts.
ld.lld: error: arch/arm64/kernel/vdso/vgettimeofday.o:(.ARM.attributes) is being placed in '.ARM.attributes'
ld.lld: error: arch/arm64/kernel/vdso/vgetrandom.o:(.ARM.attributes) is being placed in '.ARM.attributes'
ld.lld: error: vmlinux.a(lib/vsprintf.o):(.ARM.attributes) is being placed in '.ARM.attributes'
ld.lld: error: vmlinux.a(lib/win_minmax.o):(.ARM.attributes) is being placed in '.ARM.attributes'
ld.lld: error: vmlinux.a(lib/xarray.o):(.ARM.attributes) is being placed in '.ARM.attributes'
Discard the new sections in the necessary linker scripts to resolve the
warnings, as the kernel and vDSO do not need to retain it, similar to
the .note.gnu.property section.
Cc: stable(a)vger.kernel.org
Fixes: b3e5d80d0c48 ("arm64/build: Warn on orphan section placement")
Link: https://github.com/llvm/llvm-project/commit/ee99c4d4845db66c4daa2373352133f… [1]
Signed-off-by: Nathan Chancellor <nathan(a)kernel.org>
---
Changes in v2:
- Discard the section instead of adding it to the final artifacts to
mirror the .note.gnu.property section handling (Will).
- Link to v1: https://lore.kernel.org/r/20250124-arm64-handle-arm-attributes-in-linker-sc…
---
arch/arm64/kernel/vdso/vdso.lds.S | 1 +
arch/arm64/kernel/vmlinux.lds.S | 1 +
2 files changed, 2 insertions(+)
diff --git a/arch/arm64/kernel/vdso/vdso.lds.S b/arch/arm64/kernel/vdso/vdso.lds.S
index 4ec32e86a8da..8095fef66209 100644
--- a/arch/arm64/kernel/vdso/vdso.lds.S
+++ b/arch/arm64/kernel/vdso/vdso.lds.S
@@ -80,6 +80,7 @@ SECTIONS
*(.data .data.* .gnu.linkonce.d.* .sdata*)
*(.bss .sbss .dynbss .dynsbss)
*(.eh_frame .eh_frame_hdr)
+ *(.ARM.attributes)
}
}
diff --git a/arch/arm64/kernel/vmlinux.lds.S b/arch/arm64/kernel/vmlinux.lds.S
index f84c71f04d9e..e73326bd3ff7 100644
--- a/arch/arm64/kernel/vmlinux.lds.S
+++ b/arch/arm64/kernel/vmlinux.lds.S
@@ -162,6 +162,7 @@ SECTIONS
/DISCARD/ : {
*(.interp .dynamic)
*(.dynsym .dynstr .hash .gnu.hash)
+ *(.ARM.attributes)
}
. = KIMAGE_VADDR;
---
base-commit: 1dd3393696efba1598aa7692939bba99d0cffae3
change-id: 20250123-arm64-handle-arm-attributes-in-linker-script-82aee25313ac
Best regards,
--
Nathan Chancellor <nathan(a)kernel.org>
4 months, 1 week
- 2
- 4
[PATCH 1/2] smb: client: change lease epoch type from unsigned int to __u16
by meetakshisetiyaoss@gmail.com
From: Meetakshi Setiya <msetiya(a)microsoft.com>
MS-SMB2 section 2.2.13.2.10 specifies that 'epoch' should be a 16-bit
unsigned integer used to track lease state changes. Change the data
type of all instances of 'epoch' from unsigned int to __u16. This
simplifies the epoch change comparisons and makes the code more
compliant with the protocol spec.
Cc: stable(a)vger.kernel.org
Signed-off-by: Meetakshi Setiya <msetiya(a)microsoft.com>
Reviewed-by: Shyam Prasad N <sprasad(a)microsoft.com>
---
fs/smb/client/cifsglob.h | 12 ++++++------
fs/smb/client/smb1ops.c | 2 +-
fs/smb/client/smb2ops.c | 18 +++++++++---------
fs/smb/client/smb2pdu.c | 2 +-
fs/smb/client/smb2proto.h | 2 +-
5 files changed, 18 insertions(+), 18 deletions(-)
diff --git a/fs/smb/client/cifsglob.h b/fs/smb/client/cifsglob.h
index a68434ad744a..2c1b0438fe7d 100644
--- a/fs/smb/client/cifsglob.h
+++ b/fs/smb/client/cifsglob.h
@@ -357,7 +357,7 @@ struct smb_version_operations {
int (*handle_cancelled_mid)(struct mid_q_entry *, struct TCP_Server_Info *);
void (*downgrade_oplock)(struct TCP_Server_Info *server,
struct cifsInodeInfo *cinode, __u32 oplock,
- unsigned int epoch, bool *purge_cache);
+ __u16 epoch, bool *purge_cache);
/* process transaction2 response */
bool (*check_trans2)(struct mid_q_entry *, struct TCP_Server_Info *,
char *, int);
@@ -552,12 +552,12 @@ struct smb_version_operations {
/* if we can do cache read operations */
bool (*is_read_op)(__u32);
/* set oplock level for the inode */
- void (*set_oplock_level)(struct cifsInodeInfo *, __u32, unsigned int,
+ void (*set_oplock_level)(struct cifsInodeInfo *, __u32, __u16,
bool *);
/* create lease context buffer for CREATE request */
char * (*create_lease_buf)(u8 *lease_key, u8 oplock);
/* parse lease context buffer and return oplock/epoch info */
- __u8 (*parse_lease_buf)(void *buf, unsigned int *epoch, char *lkey);
+ __u8 (*parse_lease_buf)(void *buf, __u16 *epoch, char *lkey);
ssize_t (*copychunk_range)(const unsigned int,
struct cifsFileInfo *src_file,
struct cifsFileInfo *target_file,
@@ -1447,7 +1447,7 @@ struct cifs_fid {
__u8 create_guid[16];
__u32 access;
struct cifs_pending_open *pending_open;
- unsigned int epoch;
+ __u16 epoch;
#ifdef CONFIG_CIFS_DEBUG2
__u64 mid;
#endif /* CIFS_DEBUG2 */
@@ -1480,7 +1480,7 @@ struct cifsFileInfo {
bool oplock_break_cancelled:1;
bool status_file_deleted:1; /* file has been deleted */
bool offload:1; /* offload final part of _put to a wq */
- unsigned int oplock_epoch; /* epoch from the lease break */
+ __u16 oplock_epoch; /* epoch from the lease break */
__u32 oplock_level; /* oplock/lease level from the lease break */
int count;
spinlock_t file_info_lock; /* protects four flag/count fields above */
@@ -1577,7 +1577,7 @@ struct cifsInodeInfo {
spinlock_t open_file_lock; /* protects openFileList */
__u32 cifsAttrs; /* e.g. DOS archive bit, sparse, compressed, system */
unsigned int oplock; /* oplock/lease level we have */
- unsigned int epoch; /* used to track lease state changes */
+ __u16 epoch; /* used to track lease state changes */
#define CIFS_INODE_PENDING_OPLOCK_BREAK (0) /* oplock break in progress */
#define CIFS_INODE_PENDING_WRITERS (1) /* Writes in progress */
#define CIFS_INODE_FLAG_UNUSED (2) /* Unused flag */
diff --git a/fs/smb/client/smb1ops.c b/fs/smb/client/smb1ops.c
index 9756b876a75e..d6e2fb669c40 100644
--- a/fs/smb/client/smb1ops.c
+++ b/fs/smb/client/smb1ops.c
@@ -377,7 +377,7 @@ coalesce_t2(char *second_buf, struct smb_hdr *target_hdr)
static void
cifs_downgrade_oplock(struct TCP_Server_Info *server,
struct cifsInodeInfo *cinode, __u32 oplock,
- unsigned int epoch, bool *purge_cache)
+ __u16 epoch, bool *purge_cache)
{
cifs_set_oplock_level(cinode, oplock);
}
diff --git a/fs/smb/client/smb2ops.c b/fs/smb/client/smb2ops.c
index 77309217dab4..ec36bed54b0b 100644
--- a/fs/smb/client/smb2ops.c
+++ b/fs/smb/client/smb2ops.c
@@ -3904,22 +3904,22 @@ static long smb3_fallocate(struct file *file, struct cifs_tcon *tcon, int mode,
static void
smb2_downgrade_oplock(struct TCP_Server_Info *server,
struct cifsInodeInfo *cinode, __u32 oplock,
- unsigned int epoch, bool *purge_cache)
+ __u16 epoch, bool *purge_cache)
{
server->ops->set_oplock_level(cinode, oplock, 0, NULL);
}
static void
smb21_set_oplock_level(struct cifsInodeInfo *cinode, __u32 oplock,
- unsigned int epoch, bool *purge_cache);
+ __u16 epoch, bool *purge_cache);
static void
smb3_downgrade_oplock(struct TCP_Server_Info *server,
struct cifsInodeInfo *cinode, __u32 oplock,
- unsigned int epoch, bool *purge_cache)
+ __u16 epoch, bool *purge_cache)
{
unsigned int old_state = cinode->oplock;
- unsigned int old_epoch = cinode->epoch;
+ __u16 old_epoch = cinode->epoch;
unsigned int new_state;
if (epoch > old_epoch) {
@@ -3939,7 +3939,7 @@ smb3_downgrade_oplock(struct TCP_Server_Info *server,
static void
smb2_set_oplock_level(struct cifsInodeInfo *cinode, __u32 oplock,
- unsigned int epoch, bool *purge_cache)
+ __u16 epoch, bool *purge_cache)
{
oplock &= 0xFF;
cinode->lease_granted = false;
@@ -3963,7 +3963,7 @@ smb2_set_oplock_level(struct cifsInodeInfo *cinode, __u32 oplock,
static void
smb21_set_oplock_level(struct cifsInodeInfo *cinode, __u32 oplock,
- unsigned int epoch, bool *purge_cache)
+ __u16 epoch, bool *purge_cache)
{
char message[5] = {0};
unsigned int new_oplock = 0;
@@ -4000,7 +4000,7 @@ smb21_set_oplock_level(struct cifsInodeInfo *cinode, __u32 oplock,
static void
smb3_set_oplock_level(struct cifsInodeInfo *cinode, __u32 oplock,
- unsigned int epoch, bool *purge_cache)
+ __u16 epoch, bool *purge_cache)
{
unsigned int old_oplock = cinode->oplock;
@@ -4114,7 +4114,7 @@ smb3_create_lease_buf(u8 *lease_key, u8 oplock)
}
static __u8
-smb2_parse_lease_buf(void *buf, unsigned int *epoch, char *lease_key)
+smb2_parse_lease_buf(void *buf, __u16 *epoch, char *lease_key)
{
struct create_lease *lc = (struct create_lease *)buf;
@@ -4125,7 +4125,7 @@ smb2_parse_lease_buf(void *buf, unsigned int *epoch, char *lease_key)
}
static __u8
-smb3_parse_lease_buf(void *buf, unsigned int *epoch, char *lease_key)
+smb3_parse_lease_buf(void *buf, __u16 *epoch, char *lease_key)
{
struct create_lease_v2 *lc = (struct create_lease_v2 *)buf;
diff --git a/fs/smb/client/smb2pdu.c b/fs/smb/client/smb2pdu.c
index 40ad9e79437a..51204ff58bf6 100644
--- a/fs/smb/client/smb2pdu.c
+++ b/fs/smb/client/smb2pdu.c
@@ -2329,7 +2329,7 @@ parse_posix_ctxt(struct create_context *cc, struct smb2_file_all_info *info,
int smb2_parse_contexts(struct TCP_Server_Info *server,
struct kvec *rsp_iov,
- unsigned int *epoch,
+ __u16 *epoch,
char *lease_key, __u8 *oplock,
struct smb2_file_all_info *buf,
struct create_posix_rsp *posix)
diff --git a/fs/smb/client/smb2proto.h b/fs/smb/client/smb2proto.h
index 2336dfb23f36..4662c7e2d259 100644
--- a/fs/smb/client/smb2proto.h
+++ b/fs/smb/client/smb2proto.h
@@ -283,7 +283,7 @@ extern enum securityEnum smb2_select_sectype(struct TCP_Server_Info *,
enum securityEnum);
int smb2_parse_contexts(struct TCP_Server_Info *server,
struct kvec *rsp_iov,
- unsigned int *epoch,
+ __u16 *epoch,
char *lease_key, __u8 *oplock,
struct smb2_file_all_info *buf,
struct create_posix_rsp *posix);
--
2.46.0.46.g406f326d27
4 months, 1 week
- 2
- 2
[PATCH] USB: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone
by Mathias Nyman
The fastboot tool for communicating with Android bootloaders does not
work reliably with this device if USB 2 Link Power Management (LPM)
is enabled.
Various fastboot commands are affected, including the
following, which usually reproduces the problem within two tries:
fastboot getvar kernel
getvar:kernel FAILED (remote: 'GetVar Variable Not found')
This issue was hidden on many systems up until commit 63a1f8454962
("xhci: stored cached port capability values in one place") as the xhci
driver failed to detect USB 2 LPM support if USB 3 ports were listed
before USB 2 ports in the "supported protocol capabilities".
Adding the quirk resolves the issue. No drawbacks are expected since
the device uses different USB product IDs outside of fastboot mode, and
since fastboot commands worked before, until LPM was enabled on the
tested system by the aforementioned commit.
Based on a patch from Forest <forestix(a)nom.one> from which most of the
code and commit message is taken.
Cc: stable(a)vger.kernel.org
Reported-by: Forest <forestix(a)nom.one>
Closes: https://lore.kernel.org/hk8umj9lv4l4qguftdq1luqtdrpa1gks5l@sonic.net
Tested-by: Forest <forestix(a)nom.one>
Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com>
---
drivers/usb/core/quirks.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/usb/core/quirks.c b/drivers/usb/core/quirks.c
index 67732c791c93..59ed9768dae1 100644
--- a/drivers/usb/core/quirks.c
+++ b/drivers/usb/core/quirks.c
@@ -435,6 +435,9 @@ static const struct usb_device_id usb_quirk_list[] = {
{ USB_DEVICE(0x0c45, 0x7056), .driver_info =
USB_QUIRK_IGNORE_REMOTE_WAKEUP },
+ /* Sony Xperia XZ1 Compact (lilac) smartphone in fastboot mode */
+ { USB_DEVICE(0x0fce, 0x0dde), .driver_info = USB_QUIRK_NO_LPM },
+
/* Action Semiconductor flash disk */
{ USB_DEVICE(0x10d6, 0x2200), .driver_info =
USB_QUIRK_STRING_FETCH_255 },
--
2.25.1
4 months, 1 week
- 1
- 0
[PATCH 6.6 000/393] 6.6.76-rc1 review
by Greg Kroah-Hartman
This is the start of the stable review cycle for the 6.6.76 release.
There are 393 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Fri, 07 Feb 2025 13:43:04 +0000.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.76-rc1…
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
Linux 6.6.76-rc1
Tiezhu Yang <yangtiezhu(a)loongson.cn>
LoongArch: Change 8 to 14 for LOONGARCH_MAX_{BRP,WRP}
Nathan Chancellor <nathan(a)kernel.org>
s390: Add '-std=gnu11' to decompressor and purgatory CFLAGS
Qu Wenruo <wqu(a)suse.com>
btrfs: output the reason for open_ctree() failure
Dan Carpenter <dan.carpenter(a)linaro.org>
media: imx-jpeg: Fix potential error pointer dereference in detach_pm()
Laurentiu Palcu <laurentiu.palcu(a)oss.nxp.com>
staging: media: max96712: fix kernel oops when removing module
Thinh Nguyen <Thinh.Nguyen(a)synopsys.com>
usb: gadget: f_tcm: Don't free command immediately
Calvin Owens <calvin(a)wbinvd.org>
pps: Fix a use-after-free
Laurent Pinchart <laurent.pinchart(a)ideasonboard.com>
media: uvcvideo: Fix double free in error path
Arnaud Pouliquen <arnaud.pouliquen(a)foss.st.com>
remoteproc: core: Fix ida_free call while not allocated
Paolo Abeni <pabeni(a)redhat.com>
mptcp: handle fastopen disconnect correctly
Paolo Abeni <pabeni(a)redhat.com>
mptcp: consolidate suboption status
Kyle Tso <kyletso(a)google.com>
usb: typec: tcpci: Prevent Sink disconnection before vPpsShutdown in SPR PPS
Jos Wang <joswang(a)lenovo.com>
usb: typec: tcpm: set SRC_SEND_CAPABILITIES timeout to PD_T_SENDER_RESPONSE
Kyle Tso <kyletso(a)google.com>
usb: dwc3: core: Defer the probe until USB power supply ready
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
usb: dwc3-am62: Fix an OF node leak in phy_syscon_pll_refclk()
Thinh Nguyen <Thinh.Nguyen(a)synopsys.com>
usb: gadget: f_tcm: Fix Get/SetInterface return value
Sean Rhodes <sean(a)starlabs.systems>
drivers/card_reader/rtsx_usb: Restore interrupt based detection
Michal Pecio <michal.pecio(a)gmail.com>
usb: xhci: Fix NULL pointer dereference on certain command aborts
Nikita Zhandarovich <n.zhandarovich(a)fintech.ru>
net: usb: rtl8150: enable basic endpoint checking
Lianqin Hu <hulianqin(a)vivo.com>
ALSA: usb-audio: Add delay quirk for iBasso DC07 Pro
Ricardo B. Marliere <rbm(a)suse.com>
ktest.pl: Check kernelrelease return in get_version
Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com>
selftests/rseq: Fix handling of glibc without rseq support
Pablo Neira Ayuso <pablo(a)netfilter.org>
netfilter: nf_tables: reject mismatching sum of field_len with set key length
Parth Pancholi <parth.pancholi(a)toradex.com>
kbuild: switch from lz4c to lz4 for compression
Chuck Lever <chuck.lever(a)oracle.com>
Revert "SUNRPC: Reduce thread wake-up rate when receiving large RPC messages"
Chuck Lever <chuck.lever(a)oracle.com>
NFSD: Reset cb_seq_status after NFS4ERR_DELAY
Daniel Lee <chullee(a)google.com>
f2fs: Introduce linear search for dentries
Lin Yujun <linyujun809(a)huawei.com>
hexagon: Fix unbalanced spinlock in die()
Willem de Bruijn <willemb(a)google.com>
hexagon: fix using plain integer as NULL pointer warning in cmpxchg
Masahiro Yamada <masahiroy(a)kernel.org>
kconfig: fix memory leak in sym_warn_unmet_dep()
Sergey Senozhatsky <senozhatsky(a)chromium.org>
kconfig: WERROR unmet symbol dependency
Masahiro Yamada <masahiroy(a)kernel.org>
kconfig: deduplicate code in conf_read_simple()
Masahiro Yamada <masahiroy(a)kernel.org>
kconfig: remove unused code for S_DEF_AUTO in conf_read_simple()
Masahiro Yamada <masahiroy(a)kernel.org>
kconfig: require a space after '#' for valid input
Masahiro Yamada <masahiroy(a)kernel.org>
kconfig: fix file name in warnings when loading KCONFIG_DEFCONFIG_LIST
Pali Rohár <pali(a)kernel.org>
cifs: Fix getting and setting SACLs over SMB1
Pali Rohár <pali(a)kernel.org>
cifs: Validate EAs for WSL reparse points
Jens Axboe <axboe(a)kernel.dk>
io_uring/uring_cmd: use cached cmd_op in io_uring_cmd_sock()
Detlev Casanova <detlev.casanova(a)collabora.com>
ASoC: rockchip: i2s_tdm: Re-add the set_sysclk callback
Palmer Dabbelt <palmer(a)rivosinc.com>
RISC-V: Mark riscv_v_init() as __init
Hongbo Li <lihongbo22(a)huawei.com>
hostfs: fix the host directory parse when mounting.
Nathan Chancellor <nathan(a)kernel.org>
hostfs: Add const qualifier to host_root in hostfs_fill_super()
Al Viro <viro(a)zeniv.linux.org.uk>
hostfs: fix string handling in __dentry_name()
Hongbo Li <lihongbo22(a)huawei.com>
hostfs: convert hostfs to use the new mount API
Masahiro Yamada <masahiroy(a)kernel.org>
genksyms: fix memory leak when the same symbol is read from *.symref file
Masahiro Yamada <masahiroy(a)kernel.org>
genksyms: fix memory leak when the same symbol is added from source
Eric Dumazet <edumazet(a)google.com>
net: hsr: fix fill_frame_info() regression vs VLAN packets
Kory Maincent <kory.maincent(a)bootlin.com>
net: sh_eth: Fix missing rtnl lock in suspend/resume path
Toke Høiland-Jørgensen <toke(a)redhat.com>
net: xdp: Disallow attaching device-bound programs in generic mode
Jon Maloy <jmaloy(a)redhat.com>
tcp: correct handling of extreme memory squeeze
Rafał Miłecki <rafal(a)milecki.pl>
bgmac: reduce max frame size to support just MTU 1500
Michal Luczaj <mhal(a)rbox.co>
vsock: Allow retrying on connect() failure
Michal Luczaj <mhal(a)rbox.co>
vsock: Keep the binding until socket destruction
Neeraj Sanjay Kale <neeraj.sanjaykale(a)nxp.com>
Bluetooth: btnxpuart: Fix glitches seen in dual A2DP streaming
Rafael J. Wysocki <rafael.j.wysocki(a)intel.com>
PM: sleep: core: Synchronize runtime PM status of parents and children
Rafael J. Wysocki <rafael.j.wysocki(a)intel.com>
PM: sleep: Use bool for all 1-bit fields in struct dev_pm_info
Rafael J. Wysocki <rafael.j.wysocki(a)intel.com>
PM: sleep: Restore asynchronous device resume optimization
Howard Chu <howardchu95(a)gmail.com>
perf trace: Fix runtime error of index out of bounds
Kunihiko Hayashi <hayashi.kunihiko(a)socionext.com>
net: stmmac: Limit FIFO size by hardware capability
Kunihiko Hayashi <hayashi.kunihiko(a)socionext.com>
net: stmmac: Limit the number of MTL queues to hardware capability
Thomas Weißschuh <linux(a)weissschuh.net>
ptp: Properly handle compat ioctls
Chenyuan Yang <chenyuan0y(a)gmail.com>
net: davicom: fix UAF in dm9000_drv_remove
Shigeru Yoshida <syoshida(a)redhat.com>
vxlan: Fix uninit-value in vxlan_vnifilter_dump()
Jakub Kicinski <kuba(a)kernel.org>
net: netdevsim: try to close UDP port harness races
Eric Dumazet <edumazet(a)google.com>
net: rose: fix timer races against user threads
Michal Swiatkowski <michal.swiatkowski(a)linux.intel.com>
iavf: allow changing VLAN state without calling PF
Wentao Liang <vulab(a)iscas.ac.cn>
PM: hibernate: Add error handling for syscore_suspend()
Eric Dumazet <edumazet(a)google.com>
ipmr: do not call mr_mfc_uses_dev() for unres entries
Dheeraj Reddy Jonnalagadda <dheeraj.linuxdev(a)gmail.com>
net: fec: implement TSO descriptor cleanup
Ahmad Fatoum <a.fatoum(a)pengutronix.de>
gpio: mxc: remove dead code after switch to DT-only
Jian Shen <shenjian15(a)huawei.com>
net: hns3: fix oops when unload drivers paralleling
Alexander Stein <alexander.stein(a)ew.tq-group.com>
regulator: core: Add missing newline character
pangliyuan <pangliyuan1(a)huawei.com>
ubifs: skip dumping tnc tree when zroot is null
Ming Wang <wangming01(a)loongson.cn>
rtc: loongson: clear TOY_MATCH0_REG in loongson_rtc_isr()
Oleksij Rempel <o.rempel(a)pengutronix.de>
rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read
Alexandre Cassen <acassen(a)corp.free.fr>
xfrm: delete intermediate secpath entry in packet offload mode
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
dmaengine: ti: edma: fix OF node reference leaks in edma_driver
Jianbo Liu <jianbol(a)nvidia.com>
xfrm: replay: Fix the update of replay_esn->oseq_hi for GSO
Luo Yifan <luoyifan(a)cmss.chinamobile.com>
tools/bootconfig: Fix the wrong format specifier
Huacai Chen <chenhuacai(a)kernel.org>
LoongArch: Fix warnings during S3 suspend
Olga Kornievskaia <okorniev(a)redhat.com>
NFSv4.2: mark OFFLOAD_CANCEL MOVEABLE
Olga Kornievskaia <okorniev(a)redhat.com>
NFSv4.2: fix COPY_NOTIFY xdr buf size calculation
John Ogness <john.ogness(a)linutronix.de>
serial: 8250: Adjust the timeout for FIFO mode
Zijun Hu <quic_zijuhu(a)quicinc.com>
driver core: class: Fix wild pointer dereferences in API class_dev_iter_next()
Sebastian Andrzej Siewior <bigeasy(a)linutronix.de>
module: Extend the preempt disabled section in dereference_symbol_descriptor().
Ryusuke Konishi <konishi.ryusuke(a)gmail.com>
nilfs2: protect access to buffers with no active references
Matthew Wilcox (Oracle) <willy(a)infradead.org>
nilfs2: convert nilfs_lookup_dirty_data_buffers to use folio_create_empty_buffers
Matthew Wilcox (Oracle) <willy(a)infradead.org>
buffer: make folio_create_empty_buffers() return a buffer_head
Su Yue <glass.su(a)suse.com>
ocfs2: mark dquot as inactive if failed to start trans while releasing dquot
Guixin Liu <kanie(a)linux.alibaba.com>
scsi: ufs: bsg: Delete bsg_dev when setting up bsg fails
Paul Menzel <pmenzel(a)molgen.mpg.de>
scsi: mpt3sas: Set ioc->manu_pg11.EEDPTagMode directly to 1
Manivannan Sadhasivam <mani(a)kernel.org>
PCI: endpoint: pci-epf-test: Fix check for DMA MEMCPY test
Mohamed Khalfella <khalfella(a)gmail.com>
PCI: endpoint: pci-epf-test: Set dma_chan_rx pointer to NULL on error
Richard Zhu <hongxing.zhu(a)nxp.com>
PCI: imx6: Skip controller_id generation logic for i.MX7D
Frank Li <Frank.Li(a)nxp.com>
PCI: imx6: Simplify clock handling by using clk_bulk*() function
King Dix <kingdix10(a)qq.com>
PCI: rcar-ep: Fix incorrect variable used when calling devm_request_mem_region()
Desnes Nunes <desnesn(a)redhat.com>
media: dvb-usb-v2: af9035: fix ISO C90 compilation error on af9035_i2c_master_xfer
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
staging: media: imx: fix OF node leak in imx_media_add_of_subdevs()
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
watchdog: rti_wdt: Fix an OF node leak in rti_wdt_probe()
Laurentiu Palcu <laurentiu.palcu(a)oss.nxp.com>
media: nxp: imx8-isi: fix v4l2-compliance test errors
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
mtd: hyperbus: hbmc-am654: fix an OF node reference leak
Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de>
mtd: hyperbus: hbmc-am654: Convert to platform remove callback returning void
david regan <dregan(a)broadcom.com>
mtd: rawnand: brcmnand: fix status read of brcmnand_waitfunc
Ricardo Ribalda <ribalda(a)chromium.org>
media: uvcvideo: Propagate buf->error to userspace
Jiasheng Jiang <jiashengjiangcool(a)gmail.com>
media: camif-core: Add check for clk_enable()
Jiasheng Jiang <jiashengjiangcool(a)gmail.com>
media: mipi-csis: Add check for clk_enable()
Dave Stevenson <dave.stevenson(a)raspberrypi.com>
media: i2c: ov9282: Correct the exposure offset
Luca Weiss <luca.weiss(a)fairphone.com>
media: i2c: imx412: Add missing newline to prints
Dave Stevenson <dave.stevenson(a)raspberrypi.com>
media: i2c: imx290: Register 0x3011 varies between imx327 and imx290
Jiasheng Jiang <jiashengjiangcool(a)gmail.com>
media: marvell: Add check for clk_enable()
Zijun Hu <quic_zijuhu(a)quicinc.com>
PCI: endpoint: Destroy the EPC device in devm_pci_epc_destroy()
Chen Ni <nichen(a)iscas.ac.cn>
media: lmedm04: Handle errors for lme2510_int_read
Oliver Neukum <oneukum(a)suse.com>
media: rc: iguanair: handle timeouts
Mark Brown <broonie(a)kernel.org>
spi: omap2-mcspi: Correctly handle devm_clk_get_optional() errors
Qasim Ijaz <qasdev00(a)gmail.com>
iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index()
Zhu Yanjun <yanjun.zhu(a)linux.dev>
RDMA/rxe: Fix the warning "__rxe_cleanup+0x12c/0x170 [rdma_rxe]"
Randy Dunlap <rdunlap(a)infradead.org>
efi: sysfb_efi: fix W=1 warnings when EFI is not set
Zijun Hu <quic_zijuhu(a)quicinc.com>
of: reserved-memory: Do not make kmemleak ignore freed address
Michael Guralnik <michaelgur(a)nvidia.com>
RDMA/mlx5: Fix indirect mkey ODP page count
Pei Xiao <xiaopei01(a)kylinos.cn>
i3c: dw: Fix use-after-free in dw_i3c_master driver due to race condition
Billy Tsai <billy_tsai(a)aspeedtech.com>
i3c: dw: Add hot-join support.
Akhil R <akhilrajeev(a)nvidia.com>
arm64: tegra: Fix DMA ID for SPI2
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
fbdev: omapfb: Fix an OF node leak in dss_of_port_get_parent_device()
Rafał Miłecki <rafal(a)milecki.pl>
ARM: dts: mediatek: mt7623: fix IR nodename
Vladimir Zapolskiy <vladimir.zapolskiy(a)linaro.org>
arm64: dts: qcom: sm8250: Fix interrupt types of camss interrupts
Vladimir Zapolskiy <vladimir.zapolskiy(a)linaro.org>
arm64: dts: qcom: sdm845: Fix interrupt types of camss interrupts
Val Packett <val(a)packett.cool>
arm64: dts: mediatek: add per-SoC compatibles for keypad nodes
Jason-JH.Lin <jason-jh.lin(a)mediatek.com>
dts: arm64: mediatek: mt8195: Remove MT8183 compatible for OVL
Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com>
arm64: dts: qcom: sc8280xp: Fix up remoteproc register space sizes
Neil Armstrong <neil.armstrong(a)linaro.org>
arm64: dts: qcom: sm8150-microsoft-surface-duo: fix typos in da7280 properties
Neil Armstrong <neil.armstrong(a)linaro.org>
arm64: dts: qcom: sc7180: fix psci power domain node names
Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org>
arm64: dts: qcom: sc7180: change labels to lower-case
David Wronek <davidwronek(a)gmail.com>
arm64: dts: qcom: Add SM7125 device tree
Neil Armstrong <neil.armstrong(a)linaro.org>
arm64: dts: qcom: sc7180-trogdor-pompom: rename 5v-choke thermal zone
Konrad Dybcio <konrad.dybcio(a)linaro.org>
arm64: dts: qcom: sc7180-*: Remove thermal zone polling delays
Neil Armstrong <neil.armstrong(a)linaro.org>
arm64: dts: qcom: sc7180-trogdor-quackingstick: add missing avee-supply
Neil Armstrong <neil.armstrong(a)linaro.org>
arm64: dts: qcom: sdm845-db845c-navigation-mezzanine: remove disabled ov7251 camera
Bryan O'Donoghue <bryan.odonoghue(a)linaro.org>
arm64: dts: qcom: sdm845-db845c-navigation-mezzanine: Convert mezzanine riser to dtso
Aaro Koskinen <aaro.koskinen(a)iki.fi>
ARM: omap1: Fix up the Retu IRQ on Nokia 770
Kalesh AP <kalesh-anakkur.purayil(a)broadcom.com>
RDMA/bnxt_re: Fix to drop reference to the mmap entry in case of error
Vasily Khoruzhick <anarsoul(a)gmail.com>
arm64: dts: allwinner: a64: explicitly assign clock parent for TCON0
Bryan Brattlof <bb(a)ti.com>
arm64: dts: ti: k3-am62a: Remove duplicate GICR reg
Bryan Brattlof <bb(a)ti.com>
arm64: dts: ti: k3-am62: Remove duplicate GICR reg
Cristian Birsan <cristian.birsan(a)microchip.com>
ARM: dts: microchip: sama5d27_wlsom1_ek: Add no-1-8-v property to sdmmc0 node
Mihai Sain <mihai.sain(a)microchip.com>
ARM: dts: microchip: sama5d27_wlsom1_ek: Remove mmc-ddr-3_3v property from sdmmc0 node
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: sm8450: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: sm8350: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: sm8250: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: sm6375: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: sm6125: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: sm4450: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: sdx75: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: sc7280: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: qrb4210-rb2: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: q[dr]u1000: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: qcs404: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: msm8994: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: msm8939: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: msm8916: correct sleep clock frequency
Luca Weiss <luca.weiss(a)fairphone.com>
arm64: dts: qcom: sm7225-fairphone-fp4: Drop extra qcom,msm-id value
Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com>
arm64: dts: qcom: msm8994: Describe USB interrupts
Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com>
arm64: dts: qcom: msm8996: Fix up USB3 interrupts
Taniya Das <quic_tdas(a)quicinc.com>
arm64: dts: qcom: sa8775p: Update sleep_clk frequency
Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org>
arm64: dts: qcom: move common parts for sa8775p-ride variants into a .dtsi
Shazad Hussain <quic_shazhuss(a)quicinc.com>
arm64: dts: qcom: sa8775p-ride: enable pmm8654au_0_pon_resin
Andrew Halaney <ahalaney(a)redhat.com>
arm64: dts: qcom: sa8775p-ride: Describe sgmii_phy1 irq
Andrew Halaney <ahalaney(a)redhat.com>
arm64: dts: qcom: sa8775p-ride: Describe sgmii_phy0 irq
Marek Vasut <marex(a)denx.de>
arm64: dts: qcom: msm8996-xiaomi-gemini: Fix LP5562 LED1 reg property
Chen-Yu Tsai <wenst(a)chromium.org>
arm64: dts: mediatek: mt8183-kukui-jacuzzi: Drop pp3300_panel voltage settings
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
memory: tegra20-emc: fix an OF node reference bug in tegra_emc_find_node_by_ram_code()
Marek Vasut <marex(a)denx.de>
ARM: dts: stm32: Swap USART3 and UART8 alias on STM32MP15xx DHCOM SoM
Marek Vasut <marex(a)denx.de>
ARM: dts: stm32: Deduplicate serial aliases and chosen node for STM32MP15xx DHCOM SoM
Nícolas F. R. A. Prado <nfraprado(a)collabora.com>
arm64: dts: mediatek: mt8195: Remove suspend-breaking reset from pcie1
Ma Ke <make_ruc2021(a)163.com>
RDMA/srp: Fix error handling in srp_add_port
Hsin-Te Yuan <yuanhsinte(a)chromium.org>
arm64: dts: mediatek: mt8183: willow: Support second source touchscreen
Hsin-Te Yuan <yuanhsinte(a)chromium.org>
arm64: dts: mediatek: mt8183: kenzo: Support second source touchscreen
zhenwei pi <pizhenwei(a)bytedance.com>
RDMA/rxe: Fix mismatched max_msg_sz
Li Zhijian <lizhijian(a)fujitsu.com>
RDMA/rxe: Improve newline in printing messages
Mamta Shukla <mamta.shukla(a)leica-geosystems.com>
arm: dts: socfpga: use reset-name "stmmaceth-ocp" instead of "ahb"
Ricky CX Wu <ricky.cx.wu.wiwynn(a)gmail.com>
ARM: dts: aspeed: yosemite4: correct the compatible string for max31790
Ricky CX Wu <ricky.cx.wu.wiwynn(a)gmail.com>
ARM: dts: aspeed: yosemite4: Add required properties for IOE on fan boards
Ricky CX Wu <ricky.cx.wu.wiwynn(a)gmail.com>
ARM: dts: aspeed: yosemite4: correct the compatible string of adm1272
Chen-Yu Tsai <wenst(a)chromium.org>
arm64: dts: mediatek: mt8173-evb: Fix MT6397 PMIC sub-node names
Chen-Yu Tsai <wenst(a)chromium.org>
arm64: dts: mediatek: mt8173-elm: Fix MT6397 PMIC sub-node names
Chen-Yu Tsai <wenst(a)chromium.org>
arm64: dts: mediatek: mt8195-demo: Drop regulator-compatible property
Chen-Yu Tsai <wenst(a)chromium.org>
arm64: dts: mediatek: mt8195-cherry: Drop regulator-compatible property
Chen-Yu Tsai <wenst(a)chromium.org>
arm64: dts: mediatek: mt8192-asurada: Drop regulator-compatible property
Chen-Yu Tsai <wenst(a)chromium.org>
arm64: dts: mediatek: mt8173-elm: Drop regulator-compatible property
Chen-Yu Tsai <wenst(a)chromium.org>
arm64: dts: mediatek: mt8173-evb: Drop regulator-compatible property
Dan Carpenter <dan.carpenter(a)linaro.org>
rdma/cxgb4: Prevent potential integer overflow on 32bit
Leon Romanovsky <leon(a)kernel.org>
RDMA/mlx4: Avoid false error about access to uninitialized gids array
Arnaud Pouliquen <arnaud.pouliquen(a)foss.st.com>
ARM: dts: stm32: Fix IPCC EXTI declaration on stm32mp151
Val Packett <val(a)packett.cool>
arm64: dts: mediatek: mt8516: reserve 192 KiB for TF-A
Val Packett <val(a)packett.cool>
arm64: dts: mediatek: mt8516: add i2c clock-div property
Val Packett <val(a)packett.cool>
arm64: dts: mediatek: mt8516: fix wdt irq type
Val Packett <val(a)packett.cool>
arm64: dts: mediatek: mt8516: fix GICv2 range
Hsin-Yi Wang <hsinyi(a)chromium.org>
arm64: dts: mt8183: set DMIC one-wire mode on Damu
Nícolas F. R. A. Prado <nfraprado(a)collabora.com>
arm64: dts: mediatek: mt8186: Move wakeup to MTU3 to get working suspend
Nicolas Ferre <nicolas.ferre(a)microchip.com>
ARM: at91: pm: change BU Power Switch to automatic mode
Javier Carrasco <javier.carrasco.cruz(a)gmail.com>
soc: atmel: fix device_node release in atmel_soc_device_init()
Pali Rohár <pali(a)kernel.org>
cifs: Use cifs_autodisable_serverino() for disabling CIFS_MOUNT_SERVER_INUM in readdir.c
Paulo Alcantara <pc(a)manguebit.com>
smb: client: fix oops due to unset link speed
Chen Ridong <chenridong(a)huawei.com>
padata: avoid UAF for reorder_work
Chen Ridong <chenridong(a)huawei.com>
padata: add pd get/put refcnt helper
Chen Ridong <chenridong(a)huawei.com>
padata: fix UAF in padata_reorder
Chun-Tse Shao <ctshao(a)google.com>
perf lock: Fix parse_lock_type which only retrieve one lock flag
Kailang Yang <kailang(a)realtek.com>
ALSA: hda/realtek - Fixed headphone distorted sound on Acer Aspire A115-31 laptop
Daniel Xu <dxu(a)dxuuu.xyz>
bpf: tcp: Mark bpf_load_hdr_opt() arg2 as read-write
Puranjay Mohan <puranjay(a)kernel.org>
bpf: Send signals asynchronously if !preemptible
Maciej S. Szmigiero <mail(a)maciej.szmigiero.name>
pinctrl: amd: Take suspend type into consideration which pins are non-wake
Mingwei Zheng <zmw12306(a)gmail.com>
pinctrl: stm32: Add check for clk_enable()
Jiachen Zhang <me(a)jcix.top>
perf report: Fix misleading help message about --demangle
Cezary Rojewski <cezary.rojewski(a)intel.com>
ASoC: Intel: avs: Fix theoretical infinite loop
Cezary Rojewski <cezary.rojewski(a)intel.com>
ASoC: Intel: avs: Do not readq() u32 registers
Cezary Rojewski <cezary.rojewski(a)intel.com>
ASoC: Intel: avs: Abstract IPC handling
Cezary Rojewski <cezary.rojewski(a)intel.com>
ASoC: Intel: avs: Prefix SKL/APL-specific members
Arnaldo Carvalho de Melo <acme(a)redhat.com>
perf namespaces: Fixup the nsinfo__in_pidns() return type, its bool
Arnaldo Carvalho de Melo <acme(a)redhat.com>
perf namespaces: Introduce nsinfo__set_in_pidns()
Christophe Leroy <christophe.leroy(a)csgroup.eu>
perf machine: Don't ignore _etext when not a text symbol
Arnaldo Carvalho de Melo <acme(a)redhat.com>
perf top: Don't complain about lack of vmlinux when not resolving some kernel samples
Thomas Weißschuh <linux(a)weissschuh.net>
padata: fix sysfs store callback check
Takashi Iwai <tiwai(a)suse.de>
ALSA: seq: Make dependency on UMP clearer
Masahiro Yamada <masahiroy(a)kernel.org>
ALSA: seq: remove redundant 'tristate' for SND_SEQ_UMP_CLIENT
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
crypto: ixp4xx - fix OF node reference leaks in init_ixp_crypto()
Wenkai Lin <linwenkai6(a)hisilicon.com>
crypto: hisilicon/sec2 - fix for aead invalid authsize
Wenkai Lin <linwenkai6(a)hisilicon.com>
crypto: hisilicon/sec2 - fix for aead icv error
Chenghai Huang <huangchenghai2(a)huawei.com>
crypto: hisilicon/sec2 - optimize the error return process
Martin KaFai Lau <martin.lau(a)kernel.org>
bpf: bpf_local_storage: Always use bpf_mem_alloc in PREEMPT_RT
Ba Jing <bajing(a)cmss.chinamobile.com>
ktest.pl: Remove unused declarations in run_bisect_test function
Levi Yun <yeoreum.yun(a)arm.com>
perf expr: Initialize is_test value in expr__ctx_new()
Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com>
ASoC: renesas: rz-ssi: Use only the proper amount of dividers
Zhongqiu Han <quic_zhonhan(a)quicinc.com>
perf bpf: Fix two memory leakages when calling perf_env__insert_bpf_prog_info()
Zhongqiu Han <quic_zhonhan(a)quicinc.com>
perf header: Fix one memory leakage in process_bpf_prog_info()
Zhongqiu Han <quic_zhonhan(a)quicinc.com>
perf header: Fix one memory leakage in process_bpf_btf()
Gaurav Jain <gaurav.jain(a)nxp.com>
crypto: caam - use JobR's space to access page 0 regs
Herbert Xu <herbert(a)gondor.apana.org.au>
crypto: api - Fix boot-up self-test race
Saket Kumar Bhaskar <skb99(a)linux.ibm.com>
selftests/bpf: Fix fill_link_info selftest on powerpc
George Lander <lander(a)jagmn.com>
ASoC: sun4i-spdif: Add clock multiplier settings
Quentin Monnet <qmo(a)kernel.org>
libbpf: Fix segfault due to libelf functions not setting errno
Marco Leogrande <leogrande(a)google.com>
tools/testing/selftests/bpf/test_tc_tunnel.sh: Fix wait for server bind
Andrii Nakryiko <andrii(a)kernel.org>
libbpf: don't adjust USDT semaphore address if .stapsdt.base addr is missing
Nikita Zhandarovich <n.zhandarovich(a)fintech.ru>
net/rose: prevent integer overflows in rose_setsockopt()
Mahdi Arghavani <ma.arghavani(a)yahoo.com>
tcp_cubic: fix incorrect HyStart round start detection
Roger Quadros <rogerq(a)kernel.org>
net: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns()
Florian Westphal <fw(a)strlen.de>
netfilter: nft_flow_offload: update tcp state flags under lock
Pablo Neira Ayuso <pablo(a)netfilter.org>
netfilter: nf_tables: fix set size with rbtree backend
Florian Westphal <fw(a)strlen.de>
netfilter: nft_set_rbtree: prefer sync gc to async worker
Florian Westphal <fw(a)strlen.de>
netfilter: nft_set_rbtree: rename gc deactivate+erase function
Florian Westphal <fw(a)strlen.de>
netfilter: nf_tables: de-constify set commit ops function argument
Jamal Hadi Salim <jhs(a)mojatatu.com>
net: sched: Disallow replacing of child qdisc from one parent to another
Antoine Tenart <atenart(a)kernel.org>
net: avoid race between device unregistration and ethnl ops
Shinas Rasheed <srasheed(a)marvell.com>
octeon_ep: remove firmware stats fetch in ndo_get_stats64
Maher Sanalla <msanalla(a)nvidia.com>
net/mlxfw: Drop hard coded max FW flash image size
Liu Jian <liujian56(a)huawei.com>
net: let net.core.dev_weight always be non-zero
Mickaël Salaün <mic(a)digikod.net>
selftests/landlock: Fix error message
Mingwei Zheng <zmw12306(a)gmail.com>
pwm: stm32: Add check for clk_enable()
Bo Gan <ganboing(a)gmail.com>
clk: analogbits: Fix incorrect calculation of vco rate delta
Eric Dumazet <edumazet(a)google.com>
inet: ipmr: fix data-races
Dmitry Antipov <dmantipov(a)yandex.ru>
wifi: cfg80211: adjust allocation of colocated AP data
Ilan Peer <ilan.peer(a)intel.com>
wifi: cfg80211: Handle specific BSSID in 6GHz scanning
Dmitry V. Levin <ldv(a)strace.io>
selftests: harness: fix printing of mismatch values in __EXPECT()
Geert Uytterhoeven <geert+renesas(a)glider.be>
selftests: timers: clocksource-switch: Adapt progress to kselftest framework
Gautham R. Shenoy <gautham.shenoy(a)amd.com>
cpufreq: ACPI: Fix max-frequency computation
Peter Chiu <chui-hao.chiu(a)mediatek.com>
wifi: mt76: mt7996: fix ldpc setting
Benjamin Lin <benjamin-jw.lin(a)mediatek.com>
wifi: mt76: mt7996: fix incorrect indexing of MIB FW event
Howard Hsu <howard-yh.hsu(a)mediatek.com>
wifi: mt76: mt7996: fix HE Phy capability
Howard Hsu <howard-yh.hsu(a)mediatek.com>
wifi: mt76: mt7996: fix the capability of reception of EHT MU PPDU
Peter Chiu <chui-hao.chiu(a)mediatek.com>
wifi: mt76: mt7996: add max mpdu len capability
Peter Chiu <chui-hao.chiu(a)mediatek.com>
wifi: mt76: mt7996: fix register mapping
Peter Chiu <chui-hao.chiu(a)mediatek.com>
wifi: mt76: mt7915: fix register mapping
Felix Fietkau <nbd(a)nbd.name>
wifi: mt76: mt7915: fix omac index assignment after hardware reset
Felix Fietkau <nbd(a)nbd.name>
wifi: mt76: mt7915: improve hardware restart reliability
Felix Fietkau <nbd(a)nbd.name>
wifi: mt76: connac: move mt7615_mcu_del_wtbl_all to connac
Felix Fietkau <nbd(a)nbd.name>
wifi: mt76: mt7915: firmware restart on devices with a second pcie link
Felix Fietkau <nbd(a)nbd.name>
wifi: mt76: mt7996: fix rx filter setting for bfee functionality
xueqin Luo <luoxueqin(a)kylinos.cn>
wifi: mt76: mt7915: fix overflows seen when writing limit attributes
Michael Lo <michael.lo(a)mediatek.com>
wifi: mt76: mt7921: fix using incorrect group cipher after disconnection.
WangYuli <wangyuli(a)uniontech.com>
wifi: mt76: mt76u_vendor_request: Do not print error messages when -EPROTO
Mickaël Salaün <mic(a)digikod.net>
landlock: Handle weird files
Guangguan Wang <guangguan.wang(a)linux.alibaba.com>
net/smc: fix data error when recvmsg with MSG_PEEK flag
Sergio Paracuellos <sergio.paracuellos(a)gmail.com>
clk: ralink: mtmips: remove duplicated 'xtal' clock for Ralink SoC RT3883
Johannes Berg <johannes.berg(a)intel.com>
wifi: mac80211: don't flush non-uploaded STAs
Ilan Peer <ilan.peer(a)intel.com>
wifi: mac80211: Fix common size calculation for ML element
Andy Strohman <andrew(a)andrewstrohman.com>
wifi: mac80211: fix tid removal during mesh forwarding
Johannes Berg <johannes.berg(a)intel.com>
wifi: mac80211: prohibit deactivating all links
Nicolas Cavallari <nicolas.cavallari(a)green-communications.fr>
wifi: mt76: mt7915: Fix mesh scan on MT7916 DBDC
Andreas Kemnade <andreas(a)kemnade.info>
wifi: wlcore: fix unbalanced pm_runtime calls
Zichen Xie <zichenxie0106(a)gmail.com>
samples/landlock: Fix possible NULL dereference in parse_path()
Rob Herring (Arm) <robh(a)kernel.org>
mfd: syscon: Fix race in device_node_get_regmap()
Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org>
mfd: syscon: Use scoped variables with memory allocators to simplify error paths
Peter Griffin <peter.griffin(a)linaro.org>
mfd: syscon: Add of_syscon_register_regmap() API
Peter Griffin <peter.griffin(a)linaro.org>
mfd: syscon: Remove extern from function prototypes
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
leds: cht-wcove: Use devm_led_classdev_register() to avoid memory leak
Terry Tritton <terry.tritton(a)linaro.org>
HID: fix generic desktop D-Pad controls
Karol Przybylski <karprzy7(a)gmail.com>
HID: hid-thrustmaster: Fix warning in thrustmaster_probe by adding endpoint check
Amit Pundir <amit.pundir(a)linaro.org>
clk: qcom: gcc-sdm845: Do not use shared clk_ops for QUPs
Sathishkumar Muruganandam <quic_murugana(a)quicinc.com>
wifi: ath12k: fix tx power, max reg power update to firmware
Quan Nguyen <quan(a)os.amperecomputing.com>
ipmi: ssif_bmc: Fix new request loss when bmc ready for a response
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
OPP: OF: Fix an OF node leak in _opp_add_static_v2()
Eric Dumazet <edumazet(a)google.com>
ax25: rcu protect dev->ax25_ptr
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
regulator: of: Implement the unwind path of of_regulator_match()
Vasily Khoruzhick <anarsoul(a)gmail.com>
clk: sunxi-ng: a64: stop force-selecting PLL-MIPI as TCON0 parent
Vasily Khoruzhick <anarsoul(a)gmail.com>
clk: sunxi-ng: a64: drop redundant CLK_PLL_VIDEO0_2X and CLK_PLL_MIPI
Vasily Khoruzhick <anarsoul(a)gmail.com>
dt-bindings: clock: sunxi: Export PLL_VIDEO_2X and PLL_MIPI
Octavian Purdila <tavip(a)google.com>
team: prevent adding a device which is already a team device lower
Marek Vasut <marex(a)denx.de>
clk: imx8mp: Fix clkout1/2 support
Manivannan Sadhasivam <mani(a)kernel.org>
cpufreq: qcom: Implement clk_ops::determine_rate() for qcom_cpufreq* clocks
Manivannan Sadhasivam <mani(a)kernel.org>
cpufreq: qcom: Fix qcom_cpufreq_hw_recalc_rate() to query LUT if LMh IRQ is not available
Luca Ceresoli <luca.ceresoli(a)bootlin.com>
gpio: pca953x: log an error when failing to get the reset GPIO
Andy Shevchenko <andriy.shevchenko(a)linux.intel.com>
gpio: pca953x: Fully convert to device managed resources
Andy Shevchenko <andriy.shevchenko(a)linux.intel.com>
gpio: pca953x: Drop unused fields in struct pca953x_platform_data
Sultan Alsawaf (unemployed) <sultan(a)kerneltoast.com>
cpufreq: schedutil: Fix superfluous updates caused by need_freq_update
Mingwei Zheng <zmw12306(a)gmail.com>
pwm: stm32-lp: Add check for clk_enable()
Eric Dumazet <edumazet(a)google.com>
inetpeer: do not get a refcount in inet_getpeer()
Eric Dumazet <edumazet(a)google.com>
inetpeer: update inetpeer timestamp in inet_getpeer()
Eric Dumazet <edumazet(a)google.com>
inetpeer: remove create argument of inet_getpeer()
Eric Dumazet <edumazet(a)google.com>
inetpeer: remove create argument of inet_getpeer_v[46]()
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
leds: netxbig: Fix an OF node reference leak in netxbig_leds_get_of_pdata()
Matti Vaittinen <mazziesaccount(a)gmail.com>
dt-bindings: mfd: bd71815: Fix rsense and typos
He Rongguang <herongguang(a)linux.alibaba.com>
cpupower: fix TSC MHz calculation
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
ACPI: fan: cleanup resources in the error path of .probe()
Marcel Hamer <marcel.hamer(a)windriver.com>
wifi: brcmfmac: add missing header include for brcmf_dbg
Chen-Yu Tsai <wenst(a)chromium.org>
regulator: dt-bindings: mt6315: Drop regulator-compatible property
Jiri Kosina <jkosina(a)suse.com>
HID: multitouch: fix support for Goodix PID 0x01e9
Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>
wifi: rtlwifi: pci: wait for firmware loading before releasing memory
Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>
wifi: rtlwifi: fix memory leaks and invalid access at probe error path
Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>
wifi: rtlwifi: destroy workqueue at rtl_deinit_core
Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>
wifi: rtlwifi: remove unused check_buddy_priv
Geert Uytterhoeven <geert+renesas(a)glider.be>
dt-bindings: leds: class-multicolor: Fix path to color definitions
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
clk: fix an OF node reference leak in of_clk_get_parent_name()
Luca Ceresoli <luca.ceresoli(a)bootlin.com>
of: remove internal arguments from of_property_for_each_u32()
Alvin Šipraga <alsi(a)bang-olufsen.dk>
clk: si5351: allow PLLs to be adjusted without reset
Hugo Villeneuve <hvilleneuve(a)dimonoff.com>
serial: sc16is7xx: use device_property APIs when configuring irda mode
Neil Armstrong <neil.armstrong(a)linaro.org>
dt-bindings: mmc: controller: clarify the address-cells description
David Howells <dhowells(a)redhat.com>
rxrpc: Fix handling of received connection abort
Mingwei Zheng <zmw12306(a)gmail.com>
spi: zynq-qspi: Add check for clk_enable()
Octavian Purdila <tavip(a)google.com>
net_sched: sch_sfq: don't allow 1 packet limit
Eric Dumazet <edumazet(a)google.com>
net_sched: sch_sfq: handle bigger packets
Eric Dumazet <edumazet(a)google.com>
net_sched: sch_sfq: annotate data-races around q->perturb_period
Barnabás Czémán <barnabas.czeman(a)mainlining.org>
wifi: wcn36xx: fix channel survey memory allocation size
Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>
wifi: rtlwifi: usb: fix workqueue leak when probe fails
Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>
wifi: rtlwifi: fix init_sw_vars leak when probe fails
Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>
wifi: rtlwifi: wait for firmware loading before releasing memory
Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>
wifi: rtlwifi: rtl8192se: rise completion of firmware loading as last step
Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>
wifi: rtlwifi: do not complete firmware loading needlessly
Balaji Pothunoori <quic_bpothuno(a)quicinc.com>
wifi: ath11k: Fix unexpected return buffer manager error for WCN6750/WCN6855
Charles Han <hanchunchao(a)inspur.com>
ipmi: ipmb: Add check devm_kasprintf() returned value
Thomas Gleixner <tglx(a)linutronix.de>
genirq: Make handle_enforce_irqctx() unconditionally available
Jiang Liu <gerry(a)linux.alibaba.com>
drm/amdgpu: tear down ttm range manager for doorbell in amdgpu_ttm_fini()
Hermes Wu <hermes.wu(a)ite.com.tw>
drm/bridge: it6505: Change definition of AUX_FIFO_MAX_SIZE
Sui Jingfeng <sui.jingfeng(a)linux.dev>
drm/msm: Check return value of of_dma_configure()
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
drm/msm/dpu: link DSPP_2/_3 blocks on SM8550
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
drm/msm/dpu: link DSPP_2/_3 blocks on SM8350
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
drm/msm/dpu: link DSPP_2/_3 blocks on SM8250
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
drm/msm/dpu: link DSPP_2/_3 blocks on SC8180X
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
drm/msm/dpu: link DSPP_2/_3 blocks on SM8150
Neil Armstrong <neil.armstrong(a)linaro.org>
OPP: fix dev_pm_opp_find_bw_*() when bandwidth table not initialized
Neil Armstrong <neil.armstrong(a)linaro.org>
OPP: add index check to assert to avoid buffer overflow in _read_freq()
Bokun Zhang <bokun.zhang(a)amd.com>
drm/amdgpu/vcn: reset fw_shared under SRIOV
Min-Hua Chen <minhuadotchen(a)gmail.com>
drm/rockchip: vop2: include rockchip_drm_drv.h
Andy Yan <andy.yan(a)rock-chips.com>
drm/rockchip: move output interface related definition to rockchip_drm_drv.h
Andy Yan <andy.yan(a)rock-chips.com>
drm/rockchip: vop2: Check linear format for Cluster windows on rk3566/8
Andy Yan <andy.yan(a)rock-chips.com>
drm/rockchip: vop2: Fix the windows switch between different layers
Andy Yan <andy.yan(a)rock-chips.com>
drm/rockchip: vop2: set bg dly and prescan dly at vop2_post_config
Andy Yan <andy.yan(a)rock-chips.com>
drm/rockchip: vop2: Set YUV/RGB overlay mode
Andy Yan <andy.yan(a)rock-chips.com>
drm/rockchip: vop2: Fix the mixer alpha setup for layer 0
Andy Yan <andy.yan(a)rock-chips.com>
drm/rockchip: vop2: Fix cluster windows alpha ctrl regsiters offset
Ivan Stepchenko <sid(a)itb.spb.ru>
drm/amdgpu: Fix potential NULL pointer dereference in atomctrl_get_smc_sclk_range_table
Christophe JAILLET <christophe.jaillet(a)wanadoo.fr>
drm/amd/pm: Fix an error handling path in vega10_enable_se_edc_force_stall_config()
Alan Stern <stern(a)rowland.harvard.edu>
HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections
Sui Jingfeng <sui.jingfeng(a)linux.dev>
drm/etnaviv: Fix page property being used for non writecombine buffers
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
drm/msm/dp: set safe_to_exit_level before printing it
K Prateek Nayak <kprateek.nayak(a)amd.com>
x86/topology: Use x86_sched_itmt_flags for PKG domain unconditionally
Perry Yuan <perry.yuan(a)amd.com>
x86/cpu: Enable SD_ASYM_PACKING for PKG domain on AMD
Peter Zijlstra <peterz(a)infradead.org>
sched/topology: Rename 'DIE' domain to 'PKG'
Peter Zijlstra <peterz(a)infradead.org>
sched/fair: Fix value reported by hot tasks pulled in /proc/schedstat
Yabin Cui <yabinc(a)google.com>
perf/core: Save raw sample data conditionally based on sample type
David Howells <dhowells(a)redhat.com>
afs: Fix the fallback handling for the YFS.RemoveFile2 RPC call
Jens Axboe <axboe(a)kernel.dk>
nvme: fix bogus kzalloc() return check in nvme_init_effects_log()
Christophe Leroy <christophe.leroy(a)csgroup.eu>
select: Fix unbalanced user_access_end()
Randy Dunlap <rdunlap(a)infradead.org>
partitions: ldm: remove the initial kernel-doc notation
Keisuke Nishimura <keisuke.nishimura(a)inria.fr>
nvme: Add error path for xa_store in nvme_init_effects
Michael Ellerman <mpe(a)ellerman.id.au>
selftests/powerpc: Fix argument order to timer_sub()
Keisuke Nishimura <keisuke.nishimura(a)inria.fr>
nvme: Add error check for xa_store in nvme_get_effects_log
Eugen Hristev <eugen.hristev(a)linaro.org>
pstore/blk: trivial typo fixes
Yu Kuai <yukuai3(a)huawei.com>
nbd: don't allow reconnect after disconnect
Yang Erkun <yangerkun(a)huawei.com>
block: retry call probe after request_module in blk_request_module
Jinliang Zheng <alexjlzheng(a)gmail.com>
fs: fix proc_handler for sysctl_nr_open
David Howells <dhowells(a)redhat.com>
afs: Fix cleanup of immediately failed async calls
David Howells <dhowells(a)redhat.com>
afs: Fix directory format encoding struct
David Howells <dhowells(a)redhat.com>
afs: Fix EEXIST error returned from afs_rmdir() to be ENOTEMPTY
Alexander Aring <aahringo(a)redhat.com>
dlm: fix srcu_read_lock() return type to int
Sourabh Jain <sourabhjain(a)linux.ibm.com>
powerpc/book3s64/hugetlb: Fix disabling hugetlb when fadump is active
-------------
Diffstat:
.../bindings/leds/leds-class-multicolor.yaml | 2 +-
.../devicetree/bindings/mfd/rohm,bd71815-pmic.yaml | 20 +-
.../devicetree/bindings/mmc/mmc-controller.yaml | 2 +-
.../bindings/regulator/mt6315-regulator.yaml | 6 -
Makefile | 6 +-
.../dts/aspeed/aspeed-bmc-facebook-yosemite4.dts | 24 +-
.../boot/dts/intel/socfpga/socfpga_arria10.dtsi | 6 +-
arch/arm/boot/dts/mediatek/mt7623.dtsi | 2 +-
.../boot/dts/microchip/at91-sama5d27_wlsom1_ek.dts | 2 +-
arch/arm/boot/dts/st/stm32mp151.dtsi | 2 +-
arch/arm/boot/dts/st/stm32mp15xx-dhcom-drc02.dtsi | 12 -
arch/arm/boot/dts/st/stm32mp15xx-dhcom-pdk2.dtsi | 10 -
.../arm/boot/dts/st/stm32mp15xx-dhcom-picoitx.dtsi | 10 -
arch/arm/boot/dts/st/stm32mp15xx-dhcom-som.dtsi | 7 +
arch/arm/mach-at91/pm.c | 31 +-
arch/arm/mach-omap1/board-nokia770.c | 2 +-
.../boot/dts/allwinner/sun50i-a64-pinebook.dts | 2 +
.../boot/dts/allwinner/sun50i-a64-teres-i.dts | 2 +
arch/arm64/boot/dts/allwinner/sun50i-a64.dtsi | 2 +
arch/arm64/boot/dts/mediatek/mt8173-elm.dtsi | 29 +-
arch/arm64/boot/dts/mediatek/mt8173-evb.dts | 25 +-
.../dts/mediatek/mt8183-kukui-jacuzzi-damu.dts | 4 +
.../dts/mediatek/mt8183-kukui-jacuzzi-kenzo.dts | 15 +
.../dts/mediatek/mt8183-kukui-jacuzzi-willow.dtsi | 15 +
.../boot/dts/mediatek/mt8183-kukui-jacuzzi.dtsi | 2 -
arch/arm64/boot/dts/mediatek/mt8183.dtsi | 3 +-
arch/arm64/boot/dts/mediatek/mt8186.dtsi | 8 +-
arch/arm64/boot/dts/mediatek/mt8192-asurada.dtsi | 3 -
arch/arm64/boot/dts/mediatek/mt8195-cherry.dtsi | 2 -
arch/arm64/boot/dts/mediatek/mt8195-demo.dts | 9 -
arch/arm64/boot/dts/mediatek/mt8195.dtsi | 5 +-
arch/arm64/boot/dts/mediatek/mt8365.dtsi | 3 +-
arch/arm64/boot/dts/mediatek/mt8516.dtsi | 11 +-
arch/arm64/boot/dts/mediatek/pumpkin-common.dtsi | 2 -
arch/arm64/boot/dts/nvidia/tegra234.dtsi | 2 +-
arch/arm64/boot/dts/qcom/Makefile | 3 +
arch/arm64/boot/dts/qcom/msm8916.dtsi | 2 +-
arch/arm64/boot/dts/qcom/msm8939.dtsi | 2 +-
arch/arm64/boot/dts/qcom/msm8994.dtsi | 11 +-
arch/arm64/boot/dts/qcom/msm8996-xiaomi-gemini.dts | 2 +-
arch/arm64/boot/dts/qcom/msm8996.dtsi | 9 +-
arch/arm64/boot/dts/qcom/pm6150.dtsi | 2 +-
arch/arm64/boot/dts/qcom/pm6150l.dtsi | 3 -
arch/arm64/boot/dts/qcom/qcs404.dtsi | 2 +-
arch/arm64/boot/dts/qcom/qdu1000-idp.dts | 2 +-
arch/arm64/boot/dts/qcom/qrb4210-rb2.dts | 2 +-
arch/arm64/boot/dts/qcom/qru1000-idp.dts | 2 +-
arch/arm64/boot/dts/qcom/sa8775p-ride.dts | 829 +--------------------
arch/arm64/boot/dts/qcom/sa8775p-ride.dtsi | 814 ++++++++++++++++++++
arch/arm64/boot/dts/qcom/sc7180-firmware-tfa.dtsi | 84 +--
.../arm64/boot/dts/qcom/sc7180-trogdor-coachz.dtsi | 9 +-
.../boot/dts/qcom/sc7180-trogdor-homestar.dtsi | 9 +-
.../arm64/boot/dts/qcom/sc7180-trogdor-pompom.dtsi | 7 +-
.../dts/qcom/sc7180-trogdor-quackingstick.dtsi | 1 +
.../boot/dts/qcom/sc7180-trogdor-wormdingler.dtsi | 9 +-
arch/arm64/boot/dts/qcom/sc7180-trogdor.dtsi | 3 -
arch/arm64/boot/dts/qcom/sc7180.dtsi | 387 +++++-----
arch/arm64/boot/dts/qcom/sc7280.dtsi | 2 +-
arch/arm64/boot/dts/qcom/sc8280xp.dtsi | 6 +-
...dts => sdm845-db845c-navigation-mezzanine.dtso} | 46 +-
arch/arm64/boot/dts/qcom/sdm845.dtsi | 20 +-
arch/arm64/boot/dts/qcom/sdx75.dtsi | 2 +-
arch/arm64/boot/dts/qcom/sm4450.dtsi | 2 +-
arch/arm64/boot/dts/qcom/sm6125.dtsi | 2 +-
arch/arm64/boot/dts/qcom/sm6375.dtsi | 2 +-
arch/arm64/boot/dts/qcom/sm7125.dtsi | 16 +
arch/arm64/boot/dts/qcom/sm7225-fairphone-fp4.dts | 2 +-
.../boot/dts/qcom/sm8150-microsoft-surface-duo.dts | 4 +-
arch/arm64/boot/dts/qcom/sm8250.dtsi | 30 +-
arch/arm64/boot/dts/qcom/sm8350.dtsi | 2 +-
arch/arm64/boot/dts/qcom/sm8450.dtsi | 2 +-
arch/arm64/boot/dts/ti/k3-am62-main.dtsi | 1 -
arch/arm64/boot/dts/ti/k3-am62a-main.dtsi | 1 -
arch/hexagon/include/asm/cmpxchg.h | 2 +-
arch/hexagon/kernel/traps.c | 4 +-
arch/loongarch/include/asm/hw_breakpoint.h | 4 +-
arch/loongarch/include/asm/loongarch.h | 60 ++
arch/loongarch/kernel/hw_breakpoint.c | 16 +-
arch/loongarch/power/platform.c | 2 +-
arch/powerpc/include/asm/hugetlb.h | 9 +
arch/powerpc/kernel/smp.c | 4 +-
arch/powerpc/sysdev/xive/native.c | 4 +-
arch/powerpc/sysdev/xive/spapr.c | 3 +-
arch/riscv/kernel/vector.c | 2 +-
arch/s390/Makefile | 2 +-
arch/s390/kernel/perf_cpum_cf.c | 2 +-
arch/s390/kernel/perf_pai_crypto.c | 2 +-
arch/s390/kernel/perf_pai_ext.c | 2 +-
arch/s390/kernel/topology.c | 2 +-
arch/s390/purgatory/Makefile | 2 +-
arch/x86/events/amd/ibs.c | 2 +-
arch/x86/kernel/smpboot.c | 12 +-
block/genhd.c | 22 +-
block/partitions/ldm.h | 2 +-
crypto/algapi.c | 4 +-
drivers/acpi/acpica/achware.h | 2 -
drivers/acpi/fan_core.c | 10 +-
drivers/base/class.c | 9 +-
drivers/base/power/main.c | 146 ++--
drivers/block/nbd.c | 1 +
drivers/bluetooth/btnxpuart.c | 3 +-
drivers/bus/ti-sysc.c | 4 +-
drivers/char/ipmi/ipmb_dev_int.c | 3 +
drivers/char/ipmi/ssif_bmc.c | 5 +-
drivers/clk/analogbits/wrpll-cln28hpc.c | 2 +-
drivers/clk/clk-conf.c | 4 +-
drivers/clk/clk-si5351.c | 76 +-
drivers/clk/clk.c | 14 +-
drivers/clk/imx/clk-imx8mp.c | 5 +-
drivers/clk/qcom/common.c | 4 +-
drivers/clk/qcom/gcc-sdm845.c | 32 +-
drivers/clk/ralink/clk-mtmips.c | 1 -
drivers/clk/sunxi-ng/ccu-sun50i-a64.c | 13 +-
drivers/clk/sunxi-ng/ccu-sun50i-a64.h | 2 -
drivers/clk/sunxi/clk-simple-gates.c | 4 +-
drivers/clk/sunxi/clk-sun8i-bus-gates.c | 4 +-
drivers/clocksource/samsung_pwm_timer.c | 4 +-
drivers/cpufreq/acpi-cpufreq.c | 36 +-
drivers/cpufreq/qcom-cpufreq-hw.c | 34 +-
drivers/crypto/caam/blob_gen.c | 3 +-
drivers/crypto/hisilicon/sec2/sec.h | 3 +-
drivers/crypto/hisilicon/sec2/sec_crypto.c | 164 ++--
drivers/crypto/hisilicon/sec2/sec_crypto.h | 11 -
drivers/crypto/intel/ixp4xx/ixp4xx_crypto.c | 3 +
drivers/dma/ti/edma.c | 3 +-
drivers/firmware/efi/sysfb_efi.c | 2 +-
drivers/gpio/gpio-brcmstb.c | 5 +-
drivers/gpio/gpio-mxc.c | 3 +-
drivers/gpio/gpio-pca953x.c | 108 ++-
drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 1 +
drivers/gpu/drm/amd/amdgpu/vcn_v4_0_3.c | 2 +
.../gpu/drm/amd/pm/powerplay/hwmgr/ppatomctrl.c | 2 +
.../drm/amd/pm/powerplay/hwmgr/vega10_powertune.c | 5 +-
drivers/gpu/drm/bridge/ite-it6505.c | 2 +-
drivers/gpu/drm/etnaviv/etnaviv_gem.c | 16 +-
drivers/gpu/drm/msm/adreno/a6xx_gmu.c | 8 +-
.../gpu/drm/msm/disp/dpu1/catalog/dpu_5_0_sm8150.h | 2 +
.../drm/msm/disp/dpu1/catalog/dpu_5_1_sc8180x.h | 2 +
.../gpu/drm/msm/disp/dpu1/catalog/dpu_6_0_sm8250.h | 2 +
.../gpu/drm/msm/disp/dpu1/catalog/dpu_7_0_sm8350.h | 2 +
.../gpu/drm/msm/disp/dpu1/catalog/dpu_9_0_sm8550.h | 2 +
drivers/gpu/drm/msm/dp/dp_audio.c | 2 +-
drivers/gpu/drm/rockchip/analogix_dp-rockchip.c | 1 -
drivers/gpu/drm/rockchip/cdn-dp-core.c | 1 -
drivers/gpu/drm/rockchip/dw-mipi-dsi-rockchip.c | 1 -
drivers/gpu/drm/rockchip/dw_hdmi-rockchip.c | 1 -
drivers/gpu/drm/rockchip/inno_hdmi.c | 1 -
drivers/gpu/drm/rockchip/rk3066_hdmi.c | 1 -
drivers/gpu/drm/rockchip/rockchip_drm_drv.h | 18 +
drivers/gpu/drm/rockchip/rockchip_drm_vop.h | 12 -
drivers/gpu/drm/rockchip/rockchip_drm_vop2.c | 121 ++-
drivers/gpu/drm/rockchip/rockchip_drm_vop2.h | 18 +-
drivers/gpu/drm/rockchip/rockchip_lvds.c | 1 -
drivers/gpu/drm/rockchip/rockchip_rgb.c | 1 -
drivers/hid/hid-core.c | 2 +
drivers/hid/hid-input.c | 37 +-
drivers/hid/hid-multitouch.c | 2 +-
drivers/hid/hid-thrustmaster.c | 8 +
drivers/i3c/master/dw-i3c-master.c | 66 +-
drivers/i3c/master/dw-i3c-master.h | 2 +
drivers/iio/adc/ti_am335x_adc.c | 4 +-
drivers/infiniband/hw/bnxt_re/ib_verbs.c | 7 +-
drivers/infiniband/hw/cxgb4/device.c | 6 +-
drivers/infiniband/hw/mlx4/main.c | 8 +-
drivers/infiniband/hw/mlx5/odp.c | 32 +-
drivers/infiniband/sw/rxe/rxe.c | 6 +-
drivers/infiniband/sw/rxe/rxe.h | 6 +-
drivers/infiniband/sw/rxe/rxe_comp.c | 4 +-
drivers/infiniband/sw/rxe/rxe_cq.c | 4 +-
drivers/infiniband/sw/rxe/rxe_mr.c | 16 +-
drivers/infiniband/sw/rxe/rxe_mw.c | 2 +-
drivers/infiniband/sw/rxe/rxe_param.h | 2 +-
drivers/infiniband/sw/rxe/rxe_pool.c | 11 +-
drivers/infiniband/sw/rxe/rxe_qp.c | 8 +-
drivers/infiniband/sw/rxe/rxe_resp.c | 12 +-
drivers/infiniband/sw/rxe/rxe_task.c | 4 +-
drivers/infiniband/sw/rxe/rxe_verbs.c | 221 +++---
drivers/infiniband/ulp/srp/ib_srp.c | 1 -
drivers/irqchip/irq-atmel-aic-common.c | 4 +-
drivers/irqchip/irq-pic32-evic.c | 4 +-
drivers/leds/leds-cht-wcove.c | 6 +-
drivers/leds/leds-netxbig.c | 1 +
drivers/media/i2c/imx290.c | 3 +-
drivers/media/i2c/imx412.c | 42 +-
drivers/media/i2c/ov9282.c | 2 +-
drivers/media/platform/marvell/mcam-core.c | 7 +-
drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c | 7 +-
.../media/platform/nxp/imx8-isi/imx8-isi-video.c | 3 +
.../media/platform/samsung/exynos4-is/mipi-csis.c | 10 +-
.../media/platform/samsung/s3c-camif/camif-core.c | 13 +-
drivers/media/rc/iguanair.c | 4 +-
drivers/media/usb/dvb-usb-v2/af9035.c | 18 +-
drivers/media/usb/dvb-usb-v2/lmedm04.c | 12 +-
drivers/media/usb/uvc/uvc_queue.c | 3 +-
drivers/media/usb/uvc/uvc_status.c | 1 +
drivers/memory/tegra/tegra20-emc.c | 8 +-
drivers/mfd/syscon.c | 81 +-
drivers/mfd/ti_am335x_tscadc.c | 4 +-
drivers/misc/cardreader/rtsx_usb.c | 15 +
drivers/mtd/hyperbus/hbmc-am654.c | 25 +-
drivers/mtd/nand/raw/brcmnand/brcmnand.c | 5 +
drivers/net/ethernet/broadcom/bgmac.h | 3 +-
drivers/net/ethernet/davicom/dm9000.c | 3 +-
drivers/net/ethernet/freescale/fec_main.c | 31 +-
drivers/net/ethernet/hisilicon/hns3/hnae3.c | 15 +
drivers/net/ethernet/hisilicon/hns3/hnae3.h | 2 +
drivers/net/ethernet/hisilicon/hns3/hns3_enet.c | 2 +
.../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 2 +
.../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 2 +
drivers/net/ethernet/intel/iavf/iavf_main.c | 19 +-
.../net/ethernet/marvell/octeon_ep/octep_main.c | 10 -
drivers/net/ethernet/mellanox/mlxfw/mlxfw_fsm.c | 2 -
drivers/net/ethernet/mellanox/mlxsw/spectrum_mr.c | 8 +-
drivers/net/ethernet/renesas/sh_eth.c | 4 +
drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 30 +
drivers/net/ethernet/ti/am65-cpsw-nuss.c | 2 +-
drivers/net/netdevsim/netdevsim.h | 1 +
drivers/net/netdevsim/udp_tunnels.c | 23 +-
drivers/net/team/team.c | 7 +
drivers/net/usb/rtl8150.c | 22 +
drivers/net/vxlan/vxlan_vnifilter.c | 5 +
drivers/net/wireless/ath/ath11k/dp_rx.c | 1 +
drivers/net/wireless/ath/ath11k/hal_rx.c | 3 +-
drivers/net/wireless/ath/ath12k/mac.c | 6 +-
drivers/net/wireless/ath/wcn36xx/main.c | 5 +-
.../wireless/broadcom/brcm80211/brcmfmac/fwil.h | 2 +
drivers/net/wireless/mediatek/mt76/mt7615/init.c | 2 +-
drivers/net/wireless/mediatek/mt76/mt7615/mcu.c | 10 -
drivers/net/wireless/mediatek/mt76/mt7615/mt7615.h | 1 -
.../net/wireless/mediatek/mt76/mt76_connac_mcu.c | 11 +
.../net/wireless/mediatek/mt76/mt76_connac_mcu.h | 1 +
drivers/net/wireless/mediatek/mt76/mt7915/init.c | 2 +-
drivers/net/wireless/mediatek/mt76/mt7915/mac.c | 34 +-
drivers/net/wireless/mediatek/mt76/mt7915/main.c | 15 +-
drivers/net/wireless/mediatek/mt76/mt7915/mcu.c | 2 +
drivers/net/wireless/mediatek/mt76/mt7915/mmio.c | 2 +-
drivers/net/wireless/mediatek/mt76/mt7915/mt7915.h | 1 +
drivers/net/wireless/mediatek/mt76/mt7915/pci.c | 1 +
drivers/net/wireless/mediatek/mt76/mt7921/main.c | 8 +-
drivers/net/wireless/mediatek/mt76/mt7996/init.c | 15 +-
drivers/net/wireless/mediatek/mt76/mt7996/main.c | 3 +-
drivers/net/wireless/mediatek/mt76/mt7996/mcu.c | 47 +-
drivers/net/wireless/mediatek/mt76/mt7996/mmio.c | 2 +-
drivers/net/wireless/mediatek/mt76/usb.c | 4 +-
drivers/net/wireless/realtek/rtlwifi/base.c | 13 +-
drivers/net/wireless/realtek/rtlwifi/base.h | 1 -
drivers/net/wireless/realtek/rtlwifi/pci.c | 61 +-
.../net/wireless/realtek/rtlwifi/rtl8192se/sw.c | 7 +-
drivers/net/wireless/realtek/rtlwifi/usb.c | 12 +-
drivers/net/wireless/realtek/rtlwifi/wifi.h | 12 -
drivers/net/wireless/ti/wlcore/main.c | 10 +-
drivers/nvme/host/core.c | 34 +-
drivers/of/of_reserved_mem.c | 3 +-
drivers/opp/core.c | 57 +-
drivers/opp/of.c | 4 +-
drivers/pci/controller/dwc/pci-imx6.c | 139 ++--
drivers/pci/controller/pcie-rcar-ep.c | 2 +-
drivers/pci/endpoint/functions/pci-epf-test.c | 6 +-
drivers/pci/endpoint/pci-epc-core.c | 2 +-
drivers/pinctrl/nxp/pinctrl-s32cc.c | 4 +-
drivers/pinctrl/pinctrl-amd.c | 27 +-
drivers/pinctrl/pinctrl-amd.h | 7 +-
drivers/pinctrl/pinctrl-k210.c | 4 +-
drivers/pinctrl/stm32/pinctrl-stm32.c | 76 +-
drivers/pps/clients/pps-gpio.c | 4 +-
drivers/pps/clients/pps-ktimer.c | 4 +-
drivers/pps/clients/pps-ldisc.c | 6 +-
drivers/pps/clients/pps_parport.c | 4 +-
drivers/pps/kapi.c | 10 +-
drivers/pps/kc.c | 10 +-
drivers/pps/pps.c | 127 ++--
drivers/ptp/ptp_chardev.c | 4 +
drivers/ptp/ptp_ocp.c | 2 +-
drivers/pwm/pwm-samsung.c | 4 +-
drivers/pwm/pwm-stm32-lp.c | 8 +-
drivers/pwm/pwm-stm32.c | 7 +-
drivers/regulator/core.c | 2 +-
drivers/regulator/of_regulator.c | 14 +-
drivers/remoteproc/remoteproc_core.c | 14 +-
drivers/rtc/rtc-loongson.c | 13 +-
drivers/rtc/rtc-pcf85063.c | 11 +-
drivers/scsi/mpt3sas/mpt3sas_base.c | 3 +-
drivers/soc/atmel/soc.c | 2 +-
drivers/spi/spi-omap2-mcspi.c | 11 +-
drivers/spi/spi-zynq-qspi.c | 13 +-
drivers/staging/media/imx/imx-media-of.c | 8 +-
drivers/staging/media/max96712/max96712.c | 4 +-
drivers/tty/serial/8250/8250_port.c | 32 +-
drivers/tty/serial/sc16is7xx.c | 34 +-
drivers/tty/sysrq.c | 4 +-
drivers/ufs/core/ufs_bsg.c | 1 +
drivers/usb/dwc3/core.c | 30 +-
drivers/usb/dwc3/dwc3-am62.c | 1 +
drivers/usb/gadget/function/f_tcm.c | 14 +-
drivers/usb/host/xhci-ring.c | 3 +-
drivers/usb/misc/usb251xb.c | 4 +-
drivers/usb/typec/tcpm/tcpci.c | 13 +-
drivers/usb/typec/tcpm/tcpm.c | 10 +-
drivers/vfio/iova_bitmap.c | 2 +-
drivers/video/fbdev/omap2/omapfb/dss/dss-of.c | 1 +
drivers/watchdog/rti_wdt.c | 1 +
fs/afs/dir.c | 7 +-
fs/afs/internal.h | 9 +
fs/afs/rxrpc.c | 12 +-
fs/afs/xdr_fs.h | 2 +-
fs/afs/yfsclient.c | 5 +-
fs/btrfs/super.c | 2 +-
fs/buffer.c | 24 +-
fs/dlm/lowcomms.c | 3 +-
fs/f2fs/dir.c | 53 +-
fs/f2fs/f2fs.h | 6 +-
fs/f2fs/inline.c | 5 +-
fs/file_table.c | 2 +-
fs/hostfs/hostfs_kern.c | 157 ++--
fs/nfs/nfs42proc.c | 2 +-
fs/nfs/nfs42xdr.c | 2 +
fs/nfsd/nfs4callback.c | 1 +
fs/nilfs2/segment.c | 11 +-
fs/ocfs2/quota_global.c | 5 +
fs/pstore/blk.c | 4 +-
fs/select.c | 4 +-
fs/smb/client/cifsacl.c | 25 +-
fs/smb/client/cifsproto.h | 2 +-
fs/smb/client/cifssmb.c | 4 +-
fs/smb/client/readdir.c | 2 +-
fs/smb/client/reparse.c | 22 +-
fs/smb/client/smb2ops.c | 3 +-
fs/ubifs/debug.c | 22 +-
include/acpi/acpixf.h | 1 +
include/dt-bindings/clock/sun50i-a64-ccu.h | 2 +
include/linux/buffer_head.h | 4 +-
include/linux/hid.h | 1 +
include/linux/ieee80211.h | 11 +-
include/linux/kallsyms.h | 2 +-
include/linux/mfd/syscon.h | 33 +-
include/linux/mroute_base.h | 6 +-
include/linux/netdevice.h | 2 +-
include/linux/of.h | 15 +-
include/linux/perf_event.h | 6 +
include/linux/platform_data/pca953x.h | 13 -
include/linux/platform_data/si5351.h | 2 +
include/linux/pm.h | 32 +-
include/linux/pps_kernel.h | 3 +-
include/linux/sched.h | 1 +
include/linux/usb/tcpm.h | 3 +-
include/net/ax25.h | 10 +-
include/net/inetpeer.h | 12 +-
include/net/netfilter/nf_tables.h | 8 +-
include/net/xfrm.h | 16 +-
include/trace/events/afs.h | 2 +
include/trace/events/rxrpc.h | 25 +
io_uring/uring_cmd.c | 2 +-
kernel/bpf/bpf_local_storage.c | 8 +-
kernel/events/core.c | 35 +-
kernel/irq/internals.h | 9 +-
kernel/padata.c | 45 +-
kernel/power/hibernate.c | 7 +-
kernel/sched/cpufreq_schedutil.c | 4 +-
kernel/sched/fair.c | 19 +-
kernel/sched/topology.c | 8 +-
kernel/trace/bpf_trace.c | 13 +-
net/ax25/af_ax25.c | 12 +-
net/ax25/ax25_dev.c | 4 +-
net/ax25/ax25_ip.c | 3 +-
net/ax25/ax25_out.c | 22 +-
net/ax25/ax25_route.c | 2 +
net/core/dev.c | 4 +
net/core/filter.c | 2 +-
net/core/sysctl_net_core.c | 5 +-
net/ethtool/netlink.c | 2 +-
net/hsr/hsr_forward.c | 7 +-
net/ipv4/icmp.c | 9 +-
net/ipv4/inetpeer.c | 31 +-
net/ipv4/ip_fragment.c | 15 +-
net/ipv4/ipmr.c | 28 +-
net/ipv4/ipmr_base.c | 9 +-
net/ipv4/route.c | 17 +-
net/ipv4/tcp_cubic.c | 8 +-
net/ipv4/tcp_output.c | 9 +-
net/ipv6/icmp.c | 6 +-
net/ipv6/ip6_output.c | 6 +-
net/ipv6/ip6mr.c | 28 +-
net/ipv6/ndisc.c | 8 +-
net/mac80211/debugfs_netdev.c | 2 +-
net/mac80211/driver-ops.h | 3 +
net/mac80211/rx.c | 1 +
net/mptcp/options.c | 13 +-
net/mptcp/protocol.c | 4 +-
net/mptcp/protocol.h | 30 +-
net/netfilter/nf_tables_api.c | 57 +-
net/netfilter/nft_flow_offload.c | 16 +-
net/netfilter/nft_set_pipapo.c | 7 +-
net/netfilter/nft_set_rbtree.c | 178 +++--
net/rose/af_rose.c | 16 +-
net/rose/rose_timer.c | 15 +
net/rxrpc/conn_event.c | 12 +-
net/sched/sch_api.c | 4 +
net/sched/sch_sfq.c | 58 +-
net/smc/af_smc.c | 2 +-
net/smc/smc_rx.c | 37 +-
net/smc/smc_rx.h | 8 +-
net/sunrpc/svcsock.c | 12 +-
net/vmw_vsock/af_vsock.c | 13 +-
net/wireless/scan.c | 35 +
net/xfrm/xfrm_replay.c | 10 +-
samples/landlock/sandboxer.c | 7 +
scripts/Makefile.lib | 4 +-
scripts/genksyms/genksyms.c | 11 +-
scripts/genksyms/genksyms.h | 2 +-
scripts/genksyms/parse.y | 18 +-
scripts/kconfig/conf.c | 6 +
scripts/kconfig/confdata.c | 113 ++-
scripts/kconfig/lkc_proto.h | 2 +
scripts/kconfig/symbol.c | 10 +
security/landlock/fs.c | 11 +-
sound/core/seq/Kconfig | 5 +-
sound/pci/hda/patch_realtek.c | 1 +
sound/soc/codecs/arizona.c | 12 +-
sound/soc/intel/avs/apl.c | 53 +-
sound/soc/intel/avs/avs.h | 40 +-
sound/soc/intel/avs/core.c | 51 +-
sound/soc/intel/avs/ipc.c | 36 +-
sound/soc/intel/avs/loader.c | 2 +-
sound/soc/intel/avs/messages.h | 10 +-
sound/soc/intel/avs/registers.h | 6 +-
sound/soc/intel/avs/skl.c | 30 +-
sound/soc/rockchip/rockchip_i2s_tdm.c | 31 +-
sound/soc/sh/rz-ssi.c | 3 +-
sound/soc/sunxi/sun4i-spdif.c | 7 +
sound/usb/quirks.c | 2 +
tools/bootconfig/main.c | 4 +-
tools/lib/bpf/linker.c | 22 +-
tools/lib/bpf/usdt.c | 2 +-
tools/perf/builtin-lock.c | 66 +-
tools/perf/builtin-report.c | 2 +-
tools/perf/builtin-top.c | 2 +-
tools/perf/builtin-trace.c | 6 +-
tools/perf/util/bpf-event.c | 10 +-
tools/perf/util/env.c | 13 +-
tools/perf/util/env.h | 4 +-
tools/perf/util/expr.c | 5 +-
tools/perf/util/header.c | 8 +-
tools/perf/util/machine.c | 2 +-
tools/perf/util/namespaces.c | 7 +-
tools/perf/util/namespaces.h | 3 +-
.../cpupower/utils/idle_monitor/mperf_monitor.c | 15 +-
tools/testing/ktest/ktest.pl | 7 +-
.../selftests/bpf/prog_tests/fill_link_info.c | 4 +
.../selftests/bpf/progs/test_fill_link_info.c | 13 +-
tools/testing/selftests/bpf/test_tc_tunnel.sh | 1 +
.../drivers/net/netdevsim/udp_tunnel_nic.sh | 16 +-
tools/testing/selftests/kselftest_harness.h | 24 +-
tools/testing/selftests/landlock/fs_test.c | 3 +-
.../selftests/powerpc/benchmarks/gettimeofday.c | 2 +-
tools/testing/selftests/rseq/rseq.c | 32 +-
tools/testing/selftests/rseq/rseq.h | 9 +-
.../testing/selftests/timers/clocksource-switch.c | 6 +-
457 files changed, 4603 insertions(+), 3454 deletions(-)
4 months, 1 week
- 9
- 401
[PATCH v2] ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers
by Peter Ujfalusi
Other, non DAI copier widgets could have the same stream name (sname) as
the ALH copier and in that case the copier->data is NULL, no alh_data is
attached, which could lead to NULL pointer dereference.
We could check for this NULL pointer in sof_ipc4_prepare_copier_module()
and avoid the crash, but a similar loop in sof_ipc4_widget_setup_comp_dai()
will miscalculate the ALH device count, causing broken audio.
The correct fix is to harden the matching logic by making sure that the
1. widget is a DAI widget - so dai = w->private is valid
2. the dai (and thus the copier) is ALH copier
Fixes: a150345aa758 ("ASoC: SOF: ipc4-topology: add SoundWire/ALH aggregation support")
Reported-by: Seppo Ingalsuo <seppo.ingalsuo(a)linux.intel.com>
Link: https://github.com/thesofproject/sof/pull/9652
Signed-off-by: Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com>
Reviewed-by: Liam Girdwood <liam.r.girdwood(a)intel.com>
Reviewed-by: Ranjani Sridharan <ranjani.sridharan(a)linux.intel.com>
Reviewed-by: Bard Liao <yung-chuan.liao(a)linux.intel.com>
---
Hi,
Changes since v1:
- correct SHA in Fixes tag
Regards,
Peter
sound/soc/sof/ipc4-topology.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/sound/soc/sof/ipc4-topology.c b/sound/soc/sof/ipc4-topology.c
index c04c62478827..6d5cda813e48 100644
--- a/sound/soc/sof/ipc4-topology.c
+++ b/sound/soc/sof/ipc4-topology.c
@@ -765,10 +765,16 @@ static int sof_ipc4_widget_setup_comp_dai(struct snd_sof_widget *swidget)
}
list_for_each_entry(w, &sdev->widget_list, list) {
- if (w->widget->sname &&
+ struct snd_sof_dai *alh_dai;
+
+ if (!WIDGET_IS_DAI(w->id) || !w->widget->sname ||
strcmp(w->widget->sname, swidget->widget->sname))
continue;
+ alh_dai = w->private;
+ if (alh_dai->type != SOF_DAI_INTEL_ALH)
+ continue;
+
blob->alh_cfg.device_count++;
}
@@ -2061,11 +2067,13 @@ sof_ipc4_prepare_copier_module(struct snd_sof_widget *swidget,
list_for_each_entry(w, &sdev->widget_list, list) {
u32 node_type;
- if (w->widget->sname &&
+ if (!WIDGET_IS_DAI(w->id) || !w->widget->sname ||
strcmp(w->widget->sname, swidget->widget->sname))
continue;
dai = w->private;
+ if (dai->type != SOF_DAI_INTEL_ALH)
+ continue;
alh_copier = (struct sof_ipc4_copier *)dai->private;
alh_data = &alh_copier->data;
node_type = SOF_IPC4_GET_NODE_TYPE(alh_data->gtw_cfg.node_id);
--
2.48.1
4 months, 1 week
- 2
- 1
[PATCH] ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers
by Peter Ujfalusi
Other, non DAI copier widgets could have the same stream name (sname) as
the ALH copier and in that case the copier->data is NULL, no alh_data is
attached, which could lead to NULL pointer dereference.
We could check for this NULL pointer in sof_ipc4_prepare_copier_module()
and avoid the crash, but a similar loop in sof_ipc4_widget_setup_comp_dai()
will miscalculate the ALH device count, causing broken audio.
The correct fix is to harden the matching logic by making sure that the
1. widget is a DAI widget - so dai = w->private is valid
2. the dai (and thus the copier) is ALH copier
Fixes: 0e357b529053 ("ASoC: SOF: ipc4-topology: add SoundWire/ALH aggregation support")
Cc: stable(a)vger.kernel.org
Reported-by: Seppo Ingalsuo <seppo.ingalsuo(a)linux.intel.com>
Link: https://github.com/thesofproject/sof/pull/9652
Signed-off-by: Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com>
Reviewed-by: Liam Girdwood <liam.r.girdwood(a)intel.com>
Reviewed-by: Ranjani Sridharan <ranjani.sridharan(a)linux.intel.com>
Reviewed-by: Bard Liao <yung-chuan.liao(a)linux.intel.com>
---
sound/soc/sof/ipc4-topology.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/sound/soc/sof/ipc4-topology.c b/sound/soc/sof/ipc4-topology.c
index b55eb977e443..70b7bfb080f4 100644
--- a/sound/soc/sof/ipc4-topology.c
+++ b/sound/soc/sof/ipc4-topology.c
@@ -765,10 +765,16 @@ static int sof_ipc4_widget_setup_comp_dai(struct snd_sof_widget *swidget)
}
list_for_each_entry(w, &sdev->widget_list, list) {
- if (w->widget->sname &&
+ struct snd_sof_dai *alh_dai;
+
+ if (!WIDGET_IS_DAI(w->id) || !w->widget->sname ||
strcmp(w->widget->sname, swidget->widget->sname))
continue;
+ alh_dai = w->private;
+ if (alh_dai->type != SOF_DAI_INTEL_ALH)
+ continue;
+
blob->alh_cfg.device_count++;
}
@@ -2061,11 +2067,13 @@ sof_ipc4_prepare_copier_module(struct snd_sof_widget *swidget,
list_for_each_entry(w, &sdev->widget_list, list) {
u32 node_type;
- if (w->widget->sname &&
+ if (!WIDGET_IS_DAI(w->id) || !w->widget->sname ||
strcmp(w->widget->sname, swidget->widget->sname))
continue;
dai = w->private;
+ if (dai->type != SOF_DAI_INTEL_ALH)
+ continue;
alh_copier = (struct sof_ipc4_copier *)dai->private;
alh_data = &alh_copier->data;
node_type = SOF_IPC4_GET_NODE_TYPE(alh_data->gtw_cfg.node_id);
--
2.47.1
4 months, 1 week
- 2
- 2
[PATCH 6.12 000/590] 6.12.13-rc1 review
by Greg Kroah-Hartman
This is the start of the stable review cycle for the 6.12.13 release.
There are 590 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Fri, 07 Feb 2025 13:43:01 +0000.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.12.13-rc…
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.12.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
Linux 6.12.13-rc1
Qu Wenruo <wqu(a)suse.com>
btrfs: do proper folio cleanup when run_delalloc_nocow() failed
Tiezhu Yang <yangtiezhu(a)loongson.cn>
LoongArch: Change 8 to 14 for LOONGARCH_MAX_{BRP,WRP}
Chen Ridong <chenridong(a)huawei.com>
memcg: fix soft lockup in the OOM process
Sean Christopherson <seanjc(a)google.com>
KVM: x86: Plumb in the vCPU to kvm_x86_ops.hwapic_isr_update()
Aric Cyr <Aric.Cyr(a)amd.com>
drm/amd/display: Add hubp cache reset when powergating
Nathan Chancellor <nathan(a)kernel.org>
s390: Add '-std=gnu11' to decompressor and purgatory CFLAGS
Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com>
ASoC: da7213: Initialize the mutex
Leon Hwang <leon.hwang(a)linux.dev>
selftests/bpf: Add test to verify tailcall and freplace restrictions
Vasily Gorbik <gor(a)linux.ibm.com>
Revert "s390/mm: Allow large pages for KASAN shadow mapping"
Adam Ford <aford173(a)gmail.com>
phy: freescale: fsl-samsung-hdmi: Fix 64-by-32 division cocci warnings
Gal Pressman <gal(a)nvidia.com>
ethtool: Fix access to uninitialized fields in set RXNFC command
Steffen Klassert <steffen.klassert(a)secunet.com>
xfrm: Fix acquire state insertion.
Everest K.C <everestkc(a)everestkc.com.np>
xfrm: Add error handling when nla_put_u32() returns an error
Geert Uytterhoeven <geert+renesas(a)glider.be>
dma-mapping: save base/size instead of pointer to shared DMA pool
Zijun Hu <quic_zijuhu(a)quicinc.com>
of: reserved-memory: Warn for missing static reserved memory regions
Qu Wenruo <wqu(a)suse.com>
btrfs: output the reason for open_ctree() failure
Yu Kuai <yukuai3(a)huawei.com>
md/md-bitmap: Synchronize bitmap_get_stats() with bitmap lifetime
Shivaprasad G Bhat <sbhat(a)linux.ibm.com>
powerpc/pseries/iommu: Don't unset window if it was never set
Dan Carpenter <dan.carpenter(a)linaro.org>
media: imx-jpeg: Fix potential error pointer dereference in detach_pm()
Laurentiu Palcu <laurentiu.palcu(a)oss.nxp.com>
staging: media: max96712: fix kernel oops when removing module
Thinh Nguyen <Thinh.Nguyen(a)synopsys.com>
usb: gadget: f_tcm: Don't free command immediately
Calvin Owens <calvin(a)wbinvd.org>
pps: Fix a use-after-free
Laurent Pinchart <laurent.pinchart(a)ideasonboard.com>
media: uvcvideo: Fix double free in error path
Arnaud Pouliquen <arnaud.pouliquen(a)foss.st.com>
remoteproc: core: Fix ida_free call while not allocated
Patrisious Haddad <phaddad(a)nvidia.com>
RDMA/mlx5: Fix implicit ODP use after free
Matthieu Baerts (NGI0) <matttbe(a)kernel.org>
mptcp: blackhole only if 1st SYN retrans w/o MPC is accepted
Paolo Abeni <pabeni(a)redhat.com>
mptcp: handle fastopen disconnect correctly
Matthieu Baerts (NGI0) <matttbe(a)kernel.org>
mptcp: pm: only set fullmesh for subflow endp
Paolo Abeni <pabeni(a)redhat.com>
mptcp: consolidate suboption status
Abel Vesa <abel.vesa(a)linaro.org>
clk: qcom: gcc-x1e80100: Do not turn off usb_2 controller GDSC
Kyle Tso <kyletso(a)google.com>
usb: typec: tcpci: Prevent Sink disconnection before vPpsShutdown in SPR PPS
Jos Wang <joswang(a)lenovo.com>
usb: typec: tcpm: set SRC_SEND_CAPABILITIES timeout to PD_T_SENDER_RESPONSE
Ray Chi <raychi(a)google.com>
usb: dwc3: Skip resume if pm_runtime_set_active() fails
Kyle Tso <kyletso(a)google.com>
usb: dwc3: core: Defer the probe until USB power supply ready
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
usb: dwc3-am62: Fix an OF node leak in phy_syscon_pll_refclk()
Thinh Nguyen <Thinh.Nguyen(a)synopsys.com>
usb: gadget: f_tcm: Fix Get/SetInterface return value
Sean Rhodes <sean(a)starlabs.systems>
drivers/card_reader/rtsx_usb: Restore interrupt based detection
Michal Pecio <michal.pecio(a)gmail.com>
usb: xhci: Fix NULL pointer dereference on certain command aborts
Nikita Zhandarovich <n.zhandarovich(a)fintech.ru>
net: usb: rtl8150: enable basic endpoint checking
Lianqin Hu <hulianqin(a)vivo.com>
ALSA: usb-audio: Add delay quirk for iBasso DC07 Pro
Darrick J. Wong <djwong(a)kernel.org>
xfs: don't shut down the filesystem for media failures beyond end of log
Christoph Hellwig <hch(a)lst.de>
xfs: check for dead buffers in xfs_buf_find_insert
Ricardo B. Marliere <rbm(a)suse.com>
ktest.pl: Check kernelrelease return in get_version
Masami Hiramatsu (Google) <mhiramat(a)kernel.org>
selftests/ftrace: Fix to use remount when testing mount GID option
Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com>
selftests/rseq: Fix handling of glibc without rseq support
Wayne Lin <Wayne.Lin(a)amd.com>
drm/amd/display: Reduce accessing remote DPCD overhead
Pablo Neira Ayuso <pablo(a)netfilter.org>
netfilter: nf_tables: reject mismatching sum of field_len with set key length
Parth Pancholi <parth.pancholi(a)toradex.com>
kbuild: switch from lz4c to lz4 for compression
Chuck Lever <chuck.lever(a)oracle.com>
Revert "SUNRPC: Reduce thread wake-up rate when receiving large RPC messages"
Yu Kuai <yukuai3(a)huawei.com>
md/md-bitmap: move bitmap_{start, end}write to md upper layer
Yu Kuai <yukuai3(a)huawei.com>
md/raid5: implement pers->bitmap_sector()
Yu Kuai <yukuai3(a)huawei.com>
md: add a new callback pers->bitmap_sector()
Yu Kuai <yukuai3(a)huawei.com>
md/md-bitmap: remove the last parameter for bimtap_ops->endwrite()
Yu Kuai <yukuai3(a)huawei.com>
md/md-bitmap: factor behind write counters out from bitmap_{start/end}write()
Daniel Lee <chullee(a)google.com>
f2fs: Introduce linear search for dentries
Lin Yujun <linyujun809(a)huawei.com>
hexagon: Fix unbalanced spinlock in die()
Willem de Bruijn <willemb(a)google.com>
hexagon: fix using plain integer as NULL pointer warning in cmpxchg
Masahiro Yamada <masahiroy(a)kernel.org>
kconfig: fix memory leak in sym_warn_unmet_dep()
Masahiro Yamada <masahiroy(a)kernel.org>
kconfig: fix file name in warnings when loading KCONFIG_DEFCONFIG_LIST
Pali Rohár <pali(a)kernel.org>
cifs: Fix getting and setting SACLs over SMB1
Pali Rohár <pali(a)kernel.org>
cifs: Validate EAs for WSL reparse points
Len Brown <len.brown(a)intel.com>
tools/power turbostat: Fix forked child affinity regression
Daniel Baluta <daniel.baluta(a)nxp.com>
ASoC: amd: acp: Fix possible deadlock
Jens Axboe <axboe(a)kernel.dk>
io_uring/uring_cmd: use cached cmd_op in io_uring_cmd_sock()
Detlev Casanova <detlev.casanova(a)collabora.com>
ASoC: rockchip: i2s_tdm: Re-add the set_sysclk callback
Palmer Dabbelt <palmer(a)rivosinc.com>
RISC-V: Mark riscv_v_init() as __init
Patryk Wlazlyn <patryk.wlazlyn(a)linux.intel.com>
tools/power turbostat: Fix PMT mmaped file size rounding
Patryk Wlazlyn <patryk.wlazlyn(a)linux.intel.com>
tools/power turbostat: Allow using cpu device in perf counters on hybrid platforms
Al Viro <viro(a)zeniv.linux.org.uk>
hostfs: fix string handling in __dentry_name()
Masahiro Yamada <masahiroy(a)kernel.org>
genksyms: fix memory leak when the same symbol is read from *.symref file
Masahiro Yamada <masahiroy(a)kernel.org>
genksyms: fix memory leak when the same symbol is added from source
Eric Dumazet <edumazet(a)google.com>
net: hsr: fix fill_frame_info() regression vs VLAN packets
Kory Maincent <kory.maincent(a)bootlin.com>
net: sh_eth: Fix missing rtnl lock in suspend/resume path
Kory Maincent <kory.maincent(a)bootlin.com>
net: ravb: Fix missing rtnl lock in suspend/resume path
Toke Høiland-Jørgensen <toke(a)redhat.com>
net: xdp: Disallow attaching device-bound programs in generic mode
Jon Maloy <jmaloy(a)redhat.com>
tcp: correct handling of extreme memory squeeze
Rafał Miłecki <rafal(a)milecki.pl>
bgmac: reduce max frame size to support just MTU 1500
Michal Luczaj <mhal(a)rbox.co>
vsock: Allow retrying on connect() failure
Michal Luczaj <mhal(a)rbox.co>
vsock: Keep the binding until socket destruction
Neeraj Sanjay Kale <neeraj.sanjaykale(a)nxp.com>
Bluetooth: btnxpuart: Fix glitches seen in dual A2DP streaming
Douglas Anderson <dianders(a)chromium.org>
Bluetooth: btusb: mediatek: Add locks for usb_driver_claim_interface()
Rafael J. Wysocki <rafael.j.wysocki(a)intel.com>
PM: sleep: core: Synchronize runtime PM status of parents and children
Namhyung Kim <namhyung(a)kernel.org>
perf test: Skip syscall enum test if no landlock syscall
Howard Chu <howardchu95(a)gmail.com>
perf trace: Fix runtime error of index out of bounds
Heiko Carstens <hca(a)linux.ibm.com>
s390/sclp: Initialize sclp subsystem via arch_cpu_finalize_init()
Kunihiko Hayashi <hayashi.kunihiko(a)socionext.com>
net: stmmac: Limit FIFO size by hardware capability
Kunihiko Hayashi <hayashi.kunihiko(a)socionext.com>
net: stmmac: Limit the number of MTL queues to hardware capability
Gal Pressman <gal(a)nvidia.com>
ethtool: Fix set RXNFC command with symmetric RSS hash
Edward Cree <ecree.xilinx(a)gmail.com>
net: ethtool: only allow set_rxnfc with rss + ring_cookie if driver opts in
Thomas Weißschuh <linux(a)weissschuh.net>
ptp: Properly handle compat ioctls
Chenyuan Yang <chenyuan0y(a)gmail.com>
net: davicom: fix UAF in dm9000_drv_remove
Shigeru Yoshida <syoshida(a)redhat.com>
vxlan: Fix uninit-value in vxlan_vnifilter_dump()
David Howells <dhowells(a)redhat.com>
rxrpc, afs: Fix peer hash locking vs RCU callback
Jan Stancek <jstancek(a)redhat.com>
selftests: net/{lib,openvswitch}: extend CFLAGS to keep options from environment
Jan Stancek <jstancek(a)redhat.com>
selftests: mptcp: extend CFLAGS to keep options from environment
Jakub Kicinski <kuba(a)kernel.org>
tools: ynl: c: correct reverse decode of empty attrs
Jakub Kicinski <kuba(a)kernel.org>
net: netdevsim: try to close UDP port harness races
Eric Dumazet <edumazet(a)google.com>
net: rose: fix timer races against user threads
Paul Fertser <fercerpav(a)gmail.com>
net/ncsi: use dev_set_mac_address() for Get MC MAC Address handling
Vasily Gorbik <gor(a)linux.ibm.com>
s390/mm: Allow large pages for KASAN shadow mapping
Michal Swiatkowski <michal.swiatkowski(a)linux.intel.com>
iavf: allow changing VLAN state without calling PF
Mateusz Polchlopek <mateusz.polchlopek(a)intel.com>
ice: remove invalid parameter of equalizer
Mateusz Polchlopek <mateusz.polchlopek(a)intel.com>
ice: extend dump serdes equalizer values feature
Mateusz Polchlopek <mateusz.polchlopek(a)intel.com>
ice: rework of dump serdes equalizer values feature
Przemek Kitszel <przemyslaw.kitszel(a)intel.com>
ice: fix ice_parser_rt::bst_key array size
Marco Leogrande <leogrande(a)google.com>
idpf: convert workqueues to unbound
Manoj Vishwanathan <manojvishy(a)google.com>
idpf: Acquire the lock before accessing the xn->salt
Emil Tantilov <emil.s.tantilov(a)intel.com>
idpf: fix transaction timeouts on reset
Emil Tantilov <emil.s.tantilov(a)intel.com>
idpf: add read memory barrier when checking descriptor done bit
Sebastian Sewior <bigeasy(a)linutronix.de>
xfrm: Don't disable preemption while looking up cache state.
Howard Chu <howardchu95(a)gmail.com>
perf trace: Fix BPF loading failure (-E2BIG)
Wentao Liang <vulab(a)iscas.ac.cn>
PM: hibernate: Add error handling for syscore_suspend()
Eric Dumazet <edumazet(a)google.com>
ipmr: do not call mr_mfc_uses_dev() for unres entries
Dheeraj Reddy Jonnalagadda <dheeraj.linuxdev(a)gmail.com>
net: fec: implement TSO descriptor cleanup
Dimitri Fedrau <dima.fedrau(a)gmail.com>
net: phy: marvell-88q2xxx: Fix temperature measurement with reset-gpios
Ahmad Fatoum <a.fatoum(a)pengutronix.de>
gpio: mxc: remove dead code after switch to DT-only
Jian Shen <shenjian15(a)huawei.com>
net: hns3: fix oops when unload drivers paralleling
Christian Marangi <ansuelsmth(a)gmail.com>
net: airoha: Fix wrong GDM4 register definition
Alexander Stein <alexander.stein(a)ew.tq-group.com>
regulator: core: Add missing newline character
pangliyuan <pangliyuan1(a)huawei.com>
ubifs: skip dumping tnc tree when zroot is null
Ming Wang <wangming01(a)loongson.cn>
rtc: loongson: clear TOY_MATCH0_REG in loongson_rtc_isr()
Oleksij Rempel <o.rempel(a)pengutronix.de>
rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read
Dan Carpenter <dan.carpenter(a)linaro.org>
rtc: tps6594: Fix integer overflow on 32bit systems
Alexandre Cassen <acassen(a)corp.free.fr>
xfrm: delete intermediate secpath entry in packet offload mode
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
dmaengine: ti: edma: fix OF node reference leaks in edma_driver
Adam Ford <aford173(a)gmail.com>
phy: freescale: fsl-samsung-hdmi: Clean up fld_tg_code calculation
Adam Ford <aford173(a)gmail.com>
phy: freescale: fsl-samsung-hdmi: Support dynamic integer
Adam Ford <aford173(a)gmail.com>
phy: freescale: fsl-samsung-hdmi: Simplify REG21_PMS_S_MASK lookup
Adam Ford <aford173(a)gmail.com>
phy: freescale: fsl-samsung-hdmi: Replace register defines with macro
Florian Westphal <fw(a)strlen.de>
xfrm: state: fix out-of-bounds read during lookup
Steffen Klassert <steffen.klassert(a)secunet.com>
xfrm: Add an inbound percpu state cache.
Steffen Klassert <steffen.klassert(a)secunet.com>
xfrm: Cache used outbound xfrm states at the policy.
Steffen Klassert <steffen.klassert(a)secunet.com>
xfrm: Add support for per cpu xfrm state handling.
Jianbo Liu <jianbol(a)nvidia.com>
xfrm: replay: Fix the update of replay_esn->oseq_hi for GSO
Luo Yifan <luoyifan(a)cmss.chinamobile.com>
tools/bootconfig: Fix the wrong format specifier
Huacai Chen <chenhuacai(a)kernel.org>
LoongArch: Fix warnings during S3 suspend
Olga Kornievskaia <okorniev(a)redhat.com>
NFSv4.2: mark OFFLOAD_CANCEL MOVEABLE
Olga Kornievskaia <okorniev(a)redhat.com>
NFSv4.2: fix COPY_NOTIFY xdr buf size calculation
Mike Snitzer <snitzer(a)kernel.org>
nfs: fix incorrect error handling in LOCALIO
John Ogness <john.ogness(a)linutronix.de>
serial: 8250: Adjust the timeout for FIFO mode
Jiri Slaby (SUSE) <jirislaby(a)kernel.org>
tty: mips_ejtag_fdc: fix one more u8 warning
Zijun Hu <quic_zijuhu(a)quicinc.com>
driver core: class: Fix wild pointer dereferences in API class_dev_iter_next()
Christophe Leroy <christophe.leroy(a)csgroup.eu>
module: Don't fail module loading when setting ro_after_init section RO failed
Sebastian Andrzej Siewior <bigeasy(a)linutronix.de>
module: Extend the preempt disabled section in dereference_symbol_descriptor().
Ryusuke Konishi <konishi.ryusuke(a)gmail.com>
nilfs2: handle errors that nilfs_prepare_chunk() may return
Ryusuke Konishi <konishi.ryusuke(a)gmail.com>
nilfs2: protect access to buffers with no active references
Ryusuke Konishi <konishi.ryusuke(a)gmail.com>
nilfs2: do not force clear folio if buffer is referenced
Su Yue <glass.su(a)suse.com>
ocfs2: mark dquot as inactive if failed to start trans while releasing dquot
Gao Xiang <xiang(a)kernel.org>
erofs: fix potential return value overflow of z_erofs_shrink_scan()
Gao Xiang <xiang(a)kernel.org>
erofs: sunset `struct erofs_workgroup`
Gao Xiang <xiang(a)kernel.org>
erofs: move erofs_workgroup operations into zdata.c
Gao Xiang <xiang(a)kernel.org>
erofs: get rid of erofs_{find,insert}_workgroup
Charles Han <hanchunchao(a)inspur.com>
firewire: test: Fix potential null dereference in firewire kunit test
Guixin Liu <kanie(a)linux.alibaba.com>
scsi: mpi3mr: Fix possible crash when setting up bsg fails
Guixin Liu <kanie(a)linux.alibaba.com>
scsi: ufs: bsg: Delete bsg_dev when setting up bsg fails
Paul Menzel <pmenzel(a)molgen.mpg.de>
scsi: mpt3sas: Set ioc->manu_pg11.EEDPTagMode directly to 1
Daire McNamara <daire.mcnamara(a)microchip.com>
PCI: microchip: Set inbound address translation for coherent or non-coherent mode
Conor Dooley <conor.dooley(a)microchip.com>
PCI: microchip: Add support for using either Root Port 1 or 2
Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org>
PCI: endpoint: pci-epf-test: Fix check for DMA MEMCPY test
Mohamed Khalfella <khalfella(a)gmail.com>
PCI: endpoint: pci-epf-test: Set dma_chan_rx pointer to NULL on error
Richard Zhu <hongxing.zhu(a)nxp.com>
PCI: dwc: Always stop link in the dw_pcie_suspend_noirq
Krishna chaitanya chundru <quic_krichai(a)quicinc.com>
PCI: qcom: Update ICC and OPP values after Link Up event
Richard Zhu <hongxing.zhu(a)nxp.com>
PCI: imx6: Add missing reference clock disable logic
Richard Zhu <hongxing.zhu(a)nxp.com>
PCI: imx6: Deassert apps_reset in imx_pcie_deassert_core_reset()
Richard Zhu <hongxing.zhu(a)nxp.com>
PCI: imx6: Skip controller_id generation logic for i.MX7D
Frank Li <Frank.Li(a)nxp.com>
PCI: imx6: Configure PHY based on Root Complex or Endpoint mode
King Dix <kingdix10(a)qq.com>
PCI: rcar-ep: Fix incorrect variable used when calling devm_request_mem_region()
Desnes Nunes <desnesn(a)redhat.com>
media: dvb-usb-v2: af9035: fix ISO C90 compilation error on af9035_i2c_master_xfer
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
staging: media: imx: fix OF node leak in imx_media_add_of_subdevs()
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
watchdog: rti_wdt: Fix an OF node leak in rti_wdt_probe()
Laurentiu Palcu <laurentiu.palcu(a)oss.nxp.com>
media: nxp: imx8-isi: fix v4l2-compliance test errors
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
mtd: hyperbus: hbmc-am654: fix an OF node reference leak
david regan <dregan(a)broadcom.com>
mtd: rawnand: brcmnand: fix status read of brcmnand_waitfunc
Ricardo Ribalda <ribalda(a)chromium.org>
media: uvcvideo: Propagate buf->error to userspace
Jiasheng Jiang <jiashengjiangcool(a)gmail.com>
media: camif-core: Add check for clk_enable()
Jiasheng Jiang <jiashengjiangcool(a)gmail.com>
media: mipi-csis: Add check for clk_enable()
Dave Stevenson <dave.stevenson(a)raspberrypi.com>
media: i2c: ov9282: Correct the exposure offset
Luca Weiss <luca.weiss(a)fairphone.com>
media: i2c: imx412: Add missing newline to prints
Dave Stevenson <dave.stevenson(a)raspberrypi.com>
media: i2c: imx290: Register 0x3011 varies between imx327 and imx290
Jiasheng Jiang <jiashengjiangcool(a)gmail.com>
media: marvell: Add check for clk_enable()
Chen-Yu Tsai <wenst(a)chromium.org>
remoteproc: mtk_scp: Only populate devices for SCP cores
Jian-Hong Pan <jhp(a)endlessos.org>
PCI/ASPM: Save parent L1SS config in pci_save_aspm_l1ss_state()
Zijun Hu <quic_zijuhu(a)quicinc.com>
PCI: endpoint: Destroy the EPC device in devm_pci_epc_destroy()
Chen Ni <nichen(a)iscas.ac.cn>
media: lmedm04: Handle errors for lme2510_int_read
Oliver Neukum <oneukum(a)suse.com>
media: rc: iguanair: handle timeouts
Dmytro Maluka <dmaluka(a)chromium.org>
of/fdt: Restore possibility to use both ACPI and FDT from bootloader
Oreoluwa Babatunde <quic_obabatun(a)quicinc.com>
of: reserved_mem: Restructure how the reserved memory regions are processed
Mark Brown <broonie(a)kernel.org>
spi: omap2-mcspi: Correctly handle devm_clk_get_optional() errors
Qasim Ijaz <qasdev00(a)gmail.com>
iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index()
Suraj Sonawane <surajsonawane0215(a)gmail.com>
iommu: iommufd: fix WARNING in iommufd_device_unbind
Zhu Yanjun <yanjun.zhu(a)linux.dev>
RDMA/rxe: Fix the warning "__rxe_cleanup+0x12c/0x170 [rdma_rxe]"
Anumula Murali Mohan Reddy <anumula(a)chelsio.com>
RDMA/cxgb4: Notify rdma stack for IB_EVENT_QP_LAST_WQE_REACHED event
Randy Dunlap <rdunlap(a)infradead.org>
efi: sysfb_efi: fix W=1 warnings when EFI is not set
Zijun Hu <quic_zijuhu(a)quicinc.com>
of: reserved-memory: Do not make kmemleak ignore freed address
Zijun Hu <quic_zijuhu(a)quicinc.com>
of: property: Avoiding using uninitialized variable @imaplen in parse_interrupt_map()
Michael Guralnik <michaelgur(a)nvidia.com>
RDMA/mlx5: Fix indirect mkey ODP page count
Pei Xiao <xiaopei01(a)kylinos.cn>
i3c: dw: Fix use-after-free in dw_i3c_master driver due to race condition
Joel Stanley <joel(a)jms.id.au>
arm64: dts: qcom: x1e80100-romulus: Update firmware nodes
Akhil R <akhilrajeev(a)nvidia.com>
arm64: tegra: Fix DMA ID for SPI2
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
fbdev: omapfb: Fix an OF node leak in dss_of_port_get_parent_device()
Josua Mayer <josua(a)solid-run.com>
arm64: dts: ti: k3-am642-hummingboard-t: Convert overlay to board dts
Michael Riesch <michael.riesch(a)wolfvision.net>
arm64: dts: rockchip: fix num-channels property of wolfvision pf5 mic
Rafał Miłecki <rafal(a)milecki.pl>
ARM: dts: mediatek: mt7623: fix IR nodename
Josua Mayer <josua(a)solid-run.com>
arm64: dts: marvell: cn9131-cf-solidwan: fix cp1 comphy links
Vladimir Zapolskiy <vladimir.zapolskiy(a)linaro.org>
arm64: dts: qcom: sm8250: Fix interrupt types of camss interrupts
Vladimir Zapolskiy <vladimir.zapolskiy(a)linaro.org>
arm64: dts: qcom: sdm845: Fix interrupt types of camss interrupts
Vladimir Zapolskiy <vladimir.zapolskiy(a)linaro.org>
arm64: dts: qcom: sc8280xp: Fix interrupt type of camss interrupts
Val Packett <val(a)packett.cool>
arm64: dts: mediatek: add per-SoC compatibles for keypad nodes
Jason-JH.Lin <jason-jh.lin(a)mediatek.com>
dts: arm64: mediatek: mt8195: Remove MT8183 compatible for OVL
Frank Wunderlich <frank-w(a)public-files.de>
arm64: dts: mediatek: mt7988: Add missing clock-div property for i2c
Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org>
firmware: qcom: scm: Cleanup global '__scm' on probe failures
Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com>
arm64: dts: qcom: sc8280xp: Fix up remoteproc register space sizes
Neil Armstrong <neil.armstrong(a)linaro.org>
arm64: dts: qcom: sm8150-microsoft-surface-duo: fix typos in da7280 properties
Neil Armstrong <neil.armstrong(a)linaro.org>
arm64: dts: qcom: sc7180: fix psci power domain node names
Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org>
arm64: dts: qcom: sc7180: change labels to lower-case
Neil Armstrong <neil.armstrong(a)linaro.org>
arm64: dts: qcom: sc7180-trogdor-pompom: rename 5v-choke thermal zone
Neil Armstrong <neil.armstrong(a)linaro.org>
arm64: dts: qcom: sc7180-trogdor-quackingstick: add missing avee-supply
Neil Armstrong <neil.armstrong(a)linaro.org>
arm64: dts: qcom: sdm845-db845c-navigation-mezzanine: remove disabled ov7251 camera
Bryan O'Donoghue <bryan.odonoghue(a)linaro.org>
arm64: dts: qcom: sdm845-db845c-navigation-mezzanine: Convert mezzanine riser to dtso
Neil Armstrong <neil.armstrong(a)linaro.org>
arm64: dts: qcom: qcm6490-shift-otter: remove invalid orientation-switch
Aaro Koskinen <aaro.koskinen(a)iki.fi>
ARM: omap1: Fix up the Retu IRQ on Nokia 770
Junxian Huang <huangjunxian6(a)hisilicon.com>
RDMA/hns: Clean up the legacy CONFIG_INFINIBAND_HNS
Li Zhijian <lizhijian(a)fujitsu.com>
RDMA/rtrs: Add missing deinit() call
Kalesh AP <kalesh-anakkur.purayil(a)broadcom.com>
RDMA/bnxt_re: Fix to drop reference to the mmap entry in case of error
Vasily Khoruzhick <anarsoul(a)gmail.com>
arm64: dts: allwinner: a64: explicitly assign clock parent for TCON0
Jonas Karlman <jonas(a)kwiboo.se>
arm64: dts: rockchip: Fix sdmmc access on rk3308-rock-s0 v1.1 boards
Bryan Brattlof <bb(a)ti.com>
arm64: dts: ti: k3-am62a: Remove duplicate GICR reg
Bryan Brattlof <bb(a)ti.com>
arm64: dts: ti: k3-am62: Remove duplicate GICR reg
Cristian Birsan <cristian.birsan(a)microchip.com>
ARM: dts: microchip: sama5d27_wlsom1_ek: Add no-1-8-v property to sdmmc0 node
Cristian Birsan <cristian.birsan(a)microchip.com>
ARM: dts: microchip: sama5d29_curiosity: Add no-1-8-v property to sdmmc0 node
Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org>
arm64: dts: qcom: sm8650: Fix CDSP context banks unit addresses
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: x1e80100: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: sm8650: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: sm8550: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: sm8450: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: sm8350: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: sm8250: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: sm6375: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: sm6125: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: sm4450: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: sdx75: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: sc7280: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: qrb4210-rb2: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: q[dr]u1000: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: qcs404: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: msm8994: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: msm8939: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
arm64: dts: qcom: msm8916: correct sleep clock frequency
Luca Weiss <luca.weiss(a)fairphone.com>
arm64: dts: qcom: sm7225-fairphone-fp4: Drop extra qcom,msm-id value
Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com>
arm64: dts: qcom: msm8994: Describe USB interrupts
Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com>
arm64: dts: qcom: msm8996: Fix up USB3 interrupts
Ross Burton <ross.burton(a)arm.com>
arm64: defconfig: remove obsolete CONFIG_SM_DISPCC_8650
Taniya Das <quic_tdas(a)quicinc.com>
arm64: dts: qcom: sa8775p: Update sleep_clk frequency
Marek Vasut <marex(a)denx.de>
arm64: dts: qcom: msm8996-xiaomi-gemini: Fix LP5562 LED1 reg property
Chen-Yu Tsai <wenst(a)chromium.org>
arm64: dts: mediatek: mt8183-kukui-jacuzzi: Drop pp3300_panel voltage settings
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
memory: tegra20-emc: fix an OF node reference bug in tegra_emc_find_node_by_ram_code()
Marek Vasut <marex(a)denx.de>
ARM: dts: stm32: Swap USART3 and UART8 alias on STM32MP15xx DHCOM SoM
Marek Vasut <marex(a)denx.de>
ARM: dts: stm32: Deduplicate serial aliases and chosen node for STM32MP15xx DHCOM SoM
Nícolas F. R. A. Prado <nfraprado(a)collabora.com>
arm64: dts: mediatek: mt8195: Remove suspend-breaking reset from pcie1
Ma Ke <make_ruc2021(a)163.com>
RDMA/srp: Fix error handling in srp_add_port
Hsin-Te Yuan <yuanhsinte(a)chromium.org>
arm64: dts: mediatek: mt8183: willow: Support second source touchscreen
Hsin-Te Yuan <yuanhsinte(a)chromium.org>
arm64: dts: mediatek: mt8183: kenzo: Support second source touchscreen
zhenwei pi <pizhenwei(a)bytedance.com>
RDMA/rxe: Fix mismatched max_msg_sz
Mamta Shukla <mamta.shukla(a)leica-geosystems.com>
arm: dts: socfpga: use reset-name "stmmaceth-ocp" instead of "ahb"
Ricky CX Wu <ricky.cx.wu.wiwynn(a)gmail.com>
ARM: dts: aspeed: yosemite4: correct the compatible string for max31790
Ricky CX Wu <ricky.cx.wu.wiwynn(a)gmail.com>
ARM: dts: aspeed: yosemite4: Add required properties for IOE on fan boards
Ricky CX Wu <ricky.cx.wu.wiwynn(a)gmail.com>
ARM: dts: aspeed: yosemite4: correct the compatible string of adm1272
Chen-Yu Tsai <wenst(a)chromium.org>
arm64: dts: mediatek: mt8173-evb: Fix MT6397 PMIC sub-node names
Chen-Yu Tsai <wenst(a)chromium.org>
arm64: dts: mediatek: mt8173-elm: Fix MT6397 PMIC sub-node names
Chen-Yu Tsai <wenst(a)chromium.org>
arm64: dts: mediatek: mt8395-genio-1200-evk: Drop regulator-compatible property
Chen-Yu Tsai <wenst(a)chromium.org>
arm64: dts: medaitek: mt8395-nio-12l: Drop regulator-compatible property
Chen-Yu Tsai <wenst(a)chromium.org>
arm64: dts: mediatek: mt8195-demo: Drop regulator-compatible property
Chen-Yu Tsai <wenst(a)chromium.org>
arm64: dts: mediatek: mt8195-cherry: Drop regulator-compatible property
Chen-Yu Tsai <wenst(a)chromium.org>
arm64: dts: mediatek: mt8192-asurada: Drop regulator-compatible property
Chen-Yu Tsai <wenst(a)chromium.org>
arm64: dts: mediatek: mt8173-elm: Drop regulator-compatible property
Chen-Yu Tsai <wenst(a)chromium.org>
arm64: dts: mediatek: mt8173-evb: Drop regulator-compatible property
Dan Carpenter <dan.carpenter(a)linaro.org>
rdma/cxgb4: Prevent potential integer overflow on 32bit
Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com>
arm64: dts: renesas: rzg3s-smarc: Fix the debug serial alias
Leon Romanovsky <leon(a)kernel.org>
RDMA/mlx4: Avoid false error about access to uninitialized gids array
Arnaud Pouliquen <arnaud.pouliquen(a)foss.st.com>
ARM: dts: stm32: Fix IPCC EXTI declaration on stm32mp151
Marek Vasut <marex(a)denx.de>
ARM: dts: stm32: Increase CPU core voltage on STM32MP13xx DHCOR SoM
Val Packett <val(a)packett.cool>
arm64: dts: mediatek: mt8516: reserve 192 KiB for TF-A
Val Packett <val(a)packett.cool>
arm64: dts: mediatek: mt8516: add i2c clock-div property
Val Packett <val(a)packett.cool>
arm64: dts: mediatek: mt8516: fix wdt irq type
Val Packett <val(a)packett.cool>
arm64: dts: mediatek: mt8516: fix GICv2 range
Hsin-Yi Wang <hsinyi(a)chromium.org>
arm64: dts: mt8183: set DMIC one-wire mode on Damu
Nícolas F. R. A. Prado <nfraprado(a)collabora.com>
arm64: dts: mediatek: mt8186: Move wakeup to MTU3 to get working suspend
Alexander Stein <alexander.stein(a)ew.tq-group.com>
ARM: dts: imx7-tqma7: add missing vs-supply for LM75A (rev. 01xxx)
Nicolas Ferre <nicolas.ferre(a)microchip.com>
ARM: at91: pm: change BU Power Switch to automatic mode
Javier Carrasco <javier.carrasco.cruz(a)gmail.com>
soc: atmel: fix device_node release in atmel_soc_device_init()
Hou Tao <houtao1(a)huawei.com>
bpf: Cancel the running bpf_timer through kworker for PREEMPT_RT
Pali Rohár <pali(a)kernel.org>
cifs: Use cifs_autodisable_serverino() for disabling CIFS_MOUNT_SERVER_INUM in readdir.c
Paulo Alcantara <pc(a)manguebit.com>
smb: client: fix oops due to unset link speed
Herbert Xu <herbert(a)gondor.apana.org.au>
rhashtable: Fix rhashtable_try_insert test
Chen Ridong <chenridong(a)huawei.com>
padata: avoid UAF for reorder_work
Chen Ridong <chenridong(a)huawei.com>
padata: add pd get/put refcnt helper
Chen Ridong <chenridong(a)huawei.com>
padata: fix UAF in padata_reorder
Chun-Tse Shao <ctshao(a)google.com>
perf lock: Fix parse_lock_type which only retrieve one lock flag
Vishal Chourasia <vishalc(a)linux.ibm.com>
tools: Sync if_xdp.h uapi tooling header
Kailang Yang <kailang(a)realtek.com>
ALSA: hda/realtek - Fixed headphone distorted sound on Acer Aspire A115-31 laptop
Alejandro Jimenez <alejandro.j.jimenez(a)oracle.com>
iommu/amd: Remove unused amd_iommu_domain_update()
Daniel Xu <dxu(a)dxuuu.xyz>
bpf: tcp: Mark bpf_load_hdr_opt() arg2 as read-write
Pu Lehui <pulehui(a)huawei.com>
libbpf: Fix incorrect traversal end type ID when marking BTF_IS_EMBEDDED
Pu Lehui <pulehui(a)huawei.com>
libbpf: Fix return zero when elf_begin failed
Pu Lehui <pulehui(a)huawei.com>
selftests/bpf: Fix btf leak on new btf alloc failure in btf_distill test
Puranjay Mohan <puranjay(a)kernel.org>
bpf: Send signals asynchronously if !preemptible
Simon Trimmer <simont(a)opensource.cirrus.com>
ASoC: Intel: sof_sdw: Fix DMI match for Lenovo 83JX, 83MC and 83NM
Simon Trimmer <simont(a)opensource.cirrus.com>
ASoC: Intel: sof_sdw: Fix DMI match for Lenovo 83LC
Ian Rogers <irogers(a)google.com>
perf inject: Fix use without initialization of local variables
Maciej S. Szmigiero <mail(a)maciej.szmigiero.name>
pinctrl: amd: Take suspend type into consideration which pins are non-wake
Mingwei Zheng <zmw12306(a)gmail.com>
pinctrl: stm32: Add check for clk_enable()
Jiachen Zhang <me(a)jcix.top>
perf report: Fix misleading help message about --demangle
Cezary Rojewski <cezary.rojewski(a)intel.com>
ALSA: hda: Fix compilation of snd_hdac_adsp_xxx() helpers
Arnaldo Carvalho de Melo <acme(a)kernel.org>
perf MANIFEST: Add arch/*/include/uapi/asm/bpf_perf_event.h to the perf tarball
Amadeusz Sławiński <amadeuszx.slawinski(a)linux.intel.com>
ASoC: Intel: avs: Fix init-config parsing
Cezary Rojewski <cezary.rojewski(a)intel.com>
ASoC: Intel: avs: Fix theoretical infinite loop
Cezary Rojewski <cezary.rojewski(a)intel.com>
ASoC: Intel: avs: Fix the minimum firmware version numbers
Cezary Rojewski <cezary.rojewski(a)intel.com>
ASoC: Intel: avs: Do not readq() u32 registers
Arnaldo Carvalho de Melo <acme(a)redhat.com>
perf namespaces: Fixup the nsinfo__in_pidns() return type, its bool
Arnaldo Carvalho de Melo <acme(a)redhat.com>
perf namespaces: Introduce nsinfo__set_in_pidns()
Christophe Leroy <christophe.leroy(a)csgroup.eu>
perf machine: Don't ignore _etext when not a text symbol
Christophe Leroy <christophe.leroy(a)csgroup.eu>
perf maps: Fix display of kernel symbols
Arnaldo Carvalho de Melo <acme(a)redhat.com>
perf top: Don't complain about lack of vmlinux when not resolving some kernel samples
Jiayuan Chen <mrpre(a)163.com>
selftests/bpf: Avoid generating untracked files when running bpf selftests
Thomas Weißschuh <linux(a)weissschuh.net>
padata: fix sysfs store callback check
Martin KaFai Lau <martin.lau(a)kernel.org>
bpf: Reject struct_ops registration that uses module ptr and the module btf_id is missing
Takashi Iwai <tiwai(a)suse.de>
ALSA: seq: Make dependency on UMP clearer
Pei Xiao <xiaopei01(a)kylinos.cn>
bpf: Use refcount_t instead of atomic_t for mmap_count
Kanchana P Sridhar <kanchana.p.sridhar(a)intel.com>
crypto: iaa - Fix IAA disabling that occurs when sync_mode is set to 'async'
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
crypto: ixp4xx - fix OF node reference leaks in init_ixp_crypto()
Wenkai Lin <linwenkai6(a)hisilicon.com>
crypto: hisilicon/sec2 - fix for aead invalid authsize
Wenkai Lin <linwenkai6(a)hisilicon.com>
crypto: hisilicon/sec2 - fix for aead icv error
Breno Leitao <leitao(a)debian.org>
rhashtable: Fix potential deadlock by moving schedule_work outside lock
Martin KaFai Lau <martin.lau(a)kernel.org>
bpf: bpf_local_storage: Always use bpf_mem_alloc in PREEMPT_RT
Ba Jing <bajing(a)cmss.chinamobile.com>
ktest.pl: Remove unused declarations in run_bisect_test function
Mingwei Zheng <zmw12306(a)gmail.com>
pinctrl: nomadik: Add check for clk_enable()
Levi Yun <yeoreum.yun(a)arm.com>
perf expr: Initialize is_test value in expr__ctx_new()
Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com>
ASoC: renesas: rz-ssi: Use only the proper amount of dividers
Zhongqiu Han <quic_zhonhan(a)quicinc.com>
perf bpf: Fix two memory leakages when calling perf_env__insert_bpf_prog_info()
Zhongqiu Han <quic_zhonhan(a)quicinc.com>
perf header: Fix one memory leakage in process_bpf_prog_info()
Zhongqiu Han <quic_zhonhan(a)quicinc.com>
perf header: Fix one memory leakage in process_bpf_btf()
Gaurav Jain <gaurav.jain(a)nxp.com>
crypto: caam - use JobR's space to access page 0 regs
Herbert Xu <herbert(a)gondor.apana.org.au>
crypto: api - Fix boot-up self-test race
Chen Ridong <chenridong(a)huawei.com>
crypto: tegra - do not transfer req when tegra init fails
Jason Gunthorpe <jgg(a)ziepe.ca>
iommu/arm-smmuv3: Update comments about ATS and bypass
Saket Kumar Bhaskar <skb99(a)linux.ibm.com>
selftests/bpf: Fix fill_link_info selftest on powerpc
George Lander <lander(a)jagmn.com>
ASoC: sun4i-spdif: Add clock multiplier settings
Bard Liao <yung-chuan.liao(a)linux.intel.com>
ASoC: Intel: sof_sdw: correct mach_params->dmic_num
Quentin Monnet <qmo(a)kernel.org>
libbpf: Fix segfault due to libelf functions not setting errno
Marco Leogrande <leogrande(a)google.com>
tools/testing/selftests/bpf/test_tc_tunnel.sh: Fix wait for server bind
Takashi Iwai <tiwai(a)suse.de>
ASoC: wcd937x: Use *-y for Makefile
Takashi Iwai <tiwai(a)suse.de>
ASoC: mediatek: mt8365: Use *-y for Makefile
Takashi Iwai <tiwai(a)suse.de>
ASoC: cs40l50: Use *-y for Makefile
Andrii Nakryiko <andrii(a)kernel.org>
libbpf: don't adjust USDT semaphore address if .stapsdt.base addr is missing
Christophe JAILLET <christophe.jaillet(a)wanadoo.fr>
pinctrl: samsung: Fix irq handling if an error occurs in exynos_irq_demux_eint16_31()
Pei Xiao <xiaopei01(a)kylinos.cn>
platform/x86: x86-android-tablets: make platform data be static
Pei Xiao <xiaopei01(a)kylinos.cn>
platform/mellanox: mlxbf-pmc: incorrect type in assignment
Nikita Zhandarovich <n.zhandarovich(a)fintech.ru>
net/rose: prevent integer overflows in rose_setsockopt()
Mahdi Arghavani <ma.arghavani(a)yahoo.com>
tcp_cubic: fix incorrect HyStart round start detection
Roger Quadros <rogerq(a)kernel.org>
net: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns()
Xin Long <lucien.xin(a)gmail.com>
net: sched: refine software bypass handling in tc_run
Florian Westphal <fw(a)strlen.de>
netfilter: nft_flow_offload: update tcp state flags under lock
Pablo Neira Ayuso <pablo(a)netfilter.org>
netfilter: nf_tables: fix set size with rbtree backend
Jamal Hadi Salim <jhs(a)mojatatu.com>
net: sched: Disallow replacing of child qdisc from one parent to another
Antoine Tenart <atenart(a)kernel.org>
net: avoid race between device unregistration and ethnl ops
Shinas Rasheed <srasheed(a)marvell.com>
octeon_ep_vf: remove firmware stats fetch in ndo_get_stats64
Shinas Rasheed <srasheed(a)marvell.com>
octeon_ep: remove firmware stats fetch in ndo_get_stats64
Maher Sanalla <msanalla(a)nvidia.com>
net/mlxfw: Drop hard coded max FW flash image size
Liu Jian <liujian56(a)huawei.com>
net: let net.core.dev_weight always be non-zero
Mickaël Salaün <mic(a)digikod.net>
selftests/landlock: Fix error message
Mickaël Salaün <mic(a)digikod.net>
selftests/landlock: Fix build with non-default pthread linking
Mingwei Zheng <zmw12306(a)gmail.com>
pwm: stm32: Add check for clk_enable()
Kuniyuki Iwashima <kuniyu(a)amazon.com>
dev: Acquire netdev_rename_lock before restoring dev->name in dev_change_name().
Bo Gan <ganboing(a)gmail.com>
clk: analogbits: Fix incorrect calculation of vco rate delta
Eric Dumazet <edumazet(a)google.com>
inet: ipmr: fix data-races
Max Chou <max.chou(a)realtek.com>
Bluetooth: btrtl: check for NULL in btrtl_setup_realtek()
Charles Han <hanchunchao(a)inspur.com>
Bluetooth: btbcm: Fix NULL deref in btbcm_get_board_name()
Dmitry Antipov <dmantipov(a)yandex.ru>
wifi: cfg80211: adjust allocation of colocated AP data
Dmitry V. Levin <ldv(a)strace.io>
selftests: harness: fix printing of mismatch values in __EXPECT()
Geert Uytterhoeven <geert+renesas(a)glider.be>
selftests: timers: clocksource-switch: Adapt progress to kselftest framework
Gautham R. Shenoy <gautham.shenoy(a)amd.com>
cpufreq: ACPI: Fix max-frequency computation
Uwe Kleine-König <u.kleine-koenig(a)baylibre.com>
i2c: designware: Actually make use of the I2C_DW_COMMON and I2C_DW symbol namespaces
Peter Chiu <chui-hao.chiu(a)mediatek.com>
wifi: mt76: mt7996: fix ldpc setting
Benjamin Lin <benjamin-jw.lin(a)mediatek.com>
wifi: mt76: mt7996: fix definition of tx descriptor
Benjamin Lin <benjamin-jw.lin(a)mediatek.com>
wifi: mt76: mt7996: fix incorrect indexing of MIB FW event
Howard Hsu <howard-yh.hsu(a)mediatek.com>
wifi: mt76: mt7996: fix HE Phy capability
Howard Hsu <howard-yh.hsu(a)mediatek.com>
wifi: mt76: mt7996: fix the capability of reception of EHT MU PPDU
Peter Chiu <chui-hao.chiu(a)mediatek.com>
wifi: mt76: mt7996: add max mpdu len capability
Peter Chiu <chui-hao.chiu(a)mediatek.com>
wifi: mt76: mt7996: fix register mapping
Peter Chiu <chui-hao.chiu(a)mediatek.com>
wifi: mt76: mt7915: fix register mapping
Felix Fietkau <nbd(a)nbd.name>
wifi: mt76: mt7915: fix omac index assignment after hardware reset
Felix Fietkau <nbd(a)nbd.name>
wifi: mt76: mt7915: firmware restart on devices with a second pcie link
Felix Fietkau <nbd(a)nbd.name>
wifi: mt76: only enable tx worker after setting the channel
Felix Fietkau <nbd(a)nbd.name>
wifi: mt76: mt7996: fix rx filter setting for bfee functionality
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: Properly handle responses for commands with events
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: Cleanup MLO settings post-disconnection
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: Update mt7925_mcu_uni_[tx,rx]_ba for MLO
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: Init secondary link PM state
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: Update secondary link PS flow
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: Update mt7925_unassign_vif_chanctx for per-link BSS
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: Update mt792x_rx_get_wcid for per-link STA
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: Update mt7925_mcu_sta_update for BC in ASSOC state
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: Enhance mt7925_mac_link_sta_add to support MLO
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: Enhance mt7925_mac_link_bss_add to support MLO
Leon Yen <leon.yen(a)mediatek.com>
wifi: mt76: mt7925: Fix CNM Timeout with Single Active Link in MLO
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: fix wrong parameter for related cmd of chan info
allan.wang <allan.wang(a)mediatek.com>
wifi: mt76: mt7925: Fix incorrect WCID phy_idx assignment
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: Fix incorrect WCID assignment for MLO
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: Fix incorrect MLD address in bss_mld_tlv for MLO support
Sean Wang <sean.wang(a)mediatek.com>
wifi: mt76: connac: Extend mt76_connac_mcu_uni_add_dev for MLO
xueqin Luo <luoxueqin(a)kylinos.cn>
wifi: mt76: mt7915: fix overflows seen when writing limit attributes
xueqin Luo <luoxueqin(a)kylinos.cn>
wifi: mt76: mt7996: fix overflows seen when writing limit attributes
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: fix the invalid ip address for arp offload
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: fix get wrong chip cap from incorrect pointer
Eric-SY Chang <eric-sy.chang(a)mediatek.com>
wifi: mt76: mt7925: fix wrong band_idx setting when enable sniffer mode
Charles Han <hanchunchao(a)inspur.com>
wifi: mt76: mt7925: fix NULL deref check in mt7925_change_vif_links
Christophe JAILLET <christophe.jaillet(a)wanadoo.fr>
wifi: mt76: mt7915: Fix an error handling path in mt7915_add_interface()
Michael Lo <michael.lo(a)mediatek.com>
wifi: mt76: mt7921: fix using incorrect group cipher after disconnection.
WangYuli <wangyuli(a)uniontech.com>
wifi: mt76: mt76u_vendor_request: Do not print error messages when -EPROTO
Mickaël Salaün <mic(a)digikod.net>
landlock: Handle weird files
Guangguan Wang <guangguan.wang(a)linux.alibaba.com>
net/smc: fix data error when recvmsg with MSG_PEEK flag
Drew Fustini <dfustini(a)tenstorrent.com>
clk: thead: Fix cpu2vp_clk for TH1520 AP_SUBSYS clocks
Drew Fustini <dfustini(a)tenstorrent.com>
clk: thead: Add CLK_IGNORE_UNUSED to fix TH1520 boot
Drew Fustini <dfustini(a)tenstorrent.com>
clk: thead: Fix clk gate registration to pass flags
Sergio Paracuellos <sergio.paracuellos(a)gmail.com>
clk: ralink: mtmips: remove duplicated 'xtal' clock for Ralink SoC RT3883
Johannes Berg <johannes.berg(a)intel.com>
wifi: mac80211: don't flush non-uploaded STAs
Ilan Peer <ilan.peer(a)intel.com>
wifi: mac80211: Fix common size calculation for ML element
Andy Strohman <andrew(a)andrewstrohman.com>
wifi: mac80211: fix tid removal during mesh forwarding
Kees Cook <kees(a)kernel.org>
wifi: cfg80211: Move cfg80211_scan_req_add_chan() n_channels increment earlier
Johannes Berg <johannes.berg(a)intel.com>
wifi: mac80211: prohibit deactivating all links
Daniel Gabay <daniel.gabay(a)intel.com>
wifi: iwlwifi: mvm: don't count mgmt frames as MPDU
Miri Korenblit <miriam.rachel.korenblit(a)intel.com>
wifi: iwlwifi: mvm: avoid NULL pointer dereference
Johannes Berg <johannes.berg(a)intel.com>
wifi: iwlwifi: fw: read STEP table from correct UEFI var
Nicolas Cavallari <nicolas.cavallari(a)green-communications.fr>
wifi: mt76: mt7915: Fix mesh scan on MT7916 DBDC
Dan Carpenter <dan.carpenter(a)linaro.org>
wifi: mt76: mt7925: fix off by one in mt7925_load_clc()
Joel Stanley <joel(a)jms.id.au>
hwmon: Fix help text for aspeed-g6-pwm-tach
Ping-Ke Shih <pkshih(a)realtek.com>
wifi: rtw89: fix race between cancel_hw_scan and hw_scan completion
Zong-Zhe Yang <kevin_yang(a)realtek.com>
wifi: rtw89: mcc: consider time limits not divisible by 1024
Chih-Kang Chang <gary.chang(a)realtek.com>
wifi: rtw89: avoid to init mgnt_entry list twice when WoWLAN failed
Zong-Zhe Yang <kevin_yang(a)realtek.com>
wifi: rtw89: chan: fix soft lockup in rtw89_entity_recalc_mgnt_roles()
Zong-Zhe Yang <kevin_yang(a)realtek.com>
wifi: rtw89: fix proceeding MCC with wrong scanning state after sequence changes
Zong-Zhe Yang <kevin_yang(a)realtek.com>
wifi: rtw89: tweak setting of channel and TX power for MLO
Zong-Zhe Yang <kevin_yang(a)realtek.com>
wifi: rtw89: chan: manage active interfaces
Zong-Zhe Yang <kevin_yang(a)realtek.com>
wifi: rtw89: handle entity active flag per PHY
Andreas Kemnade <andreas(a)kemnade.info>
wifi: wlcore: fix unbalanced pm_runtime calls
Shayne Chen <shayne.chen(a)mediatek.com>
wifi: mt76: mt7996: fix invalid interface combinations
Zichen Xie <zichenxie0106(a)gmail.com>
samples/landlock: Fix possible NULL dereference in parse_path()
Rob Herring (Arm) <robh(a)kernel.org>
mfd: syscon: Fix race in device_node_get_regmap()
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
leds: cht-wcove: Use devm_led_classdev_register() to avoid memory leak
Terry Tritton <terry.tritton(a)linaro.org>
HID: fix generic desktop D-Pad controls
Karol Przybylski <karprzy7(a)gmail.com>
HID: hid-thrustmaster: Fix warning in thrustmaster_probe by adding endpoint check
Amit Pundir <amit.pundir(a)linaro.org>
clk: qcom: gcc-sdm845: Do not use shared clk_ops for QUPs
Sathishkumar Muruganandam <quic_murugana(a)quicinc.com>
wifi: ath12k: fix tx power, max reg power update to firmware
Quan Nguyen <quan(a)os.amperecomputing.com>
ipmi: ssif_bmc: Fix new request loss when bmc ready for a response
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
OPP: OF: Fix an OF node leak in _opp_add_static_v2()
Yevgeny Kliteynik <kliteyn(a)nvidia.com>
net/mlx5: HWS, fix definer's HWS_SET32 macro for negative offset
Eric Dumazet <edumazet(a)google.com>
ax25: rcu protect dev->ax25_ptr
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
regulator: of: Implement the unwind path of of_regulator_match()
Vasily Khoruzhick <anarsoul(a)gmail.com>
clk: sunxi-ng: a64: stop force-selecting PLL-MIPI as TCON0 parent
Vasily Khoruzhick <anarsoul(a)gmail.com>
clk: sunxi-ng: a64: drop redundant CLK_PLL_VIDEO0_2X and CLK_PLL_MIPI
Vasily Khoruzhick <anarsoul(a)gmail.com>
dt-bindings: clock: sunxi: Export PLL_VIDEO_2X and PLL_MIPI
Octavian Purdila <tavip(a)google.com>
team: prevent adding a device which is already a team device lower
Bryan O'Donoghue <bryan.odonoghue(a)linaro.org>
clk: qcom: camcc-x1e80100: Set titan_top_gdsc as the parent GDSC of subordinate GDSCs
Peng Fan <peng.fan(a)nxp.com>
clk: imx: Apply some clks only for i.MX93
Shengjiu Wang <shengjiu.wang(a)nxp.com>
arm64: dts: imx93: Use IMX93_CLK_SPDIF_IPG as SPDIF IPG clock
Shengjiu Wang <shengjiu.wang(a)nxp.com>
clk: imx93: Add IMX93_CLK_SPDIF_IPG clock
Pengfei Li <pengfei.li_1(a)nxp.com>
clk: imx: add i.MX91 clk
Pengfei Li <pengfei.li_1(a)nxp.com>
clk: imx93: Move IMX93_CLK_END macro to clk driver
Shengjiu Wang <shengjiu.wang(a)nxp.com>
dt-bindings: clock: imx93: Add SPDIF IPG clk
Pengfei Li <pengfei.li_1(a)nxp.com>
dt-bindings: clock: Add i.MX91 clock support
Pengfei Li <pengfei.li_1(a)nxp.com>
dt-bindings: clock: imx93: Drop IMX93_CLK_END macro definition
Marek Vasut <marex(a)denx.de>
clk: imx8mp: Fix clkout1/2 support
Stefano Brivio <sbrivio(a)redhat.com>
udp: Deal with race between UDP socket address change and rehash
Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org>
cpufreq: qcom: Implement clk_ops::determine_rate() for qcom_cpufreq* clocks
Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org>
cpufreq: qcom: Fix qcom_cpufreq_hw_recalc_rate() to query LUT if LMh IRQ is not available
Luca Ceresoli <luca.ceresoli(a)bootlin.com>
gpio: pca953x: log an error when failing to get the reset GPIO
Lorenzo Bianconi <lorenzo(a)kernel.org>
net: airoha: Fix error path in airoha_probe()
Eric Dumazet <edumazet(a)google.com>
ptr_ring: do not block hard interrupts in ptr_ring_resize_multiple()
Mickaël Salaün <mic(a)digikod.net>
selftests: ktap_helpers: Fix uninitialized variable
Sultan Alsawaf (unemployed) <sultan(a)kerneltoast.com>
cpufreq: schedutil: Fix superfluous updates caused by need_freq_update
Mingwei Zheng <zmw12306(a)gmail.com>
pwm: stm32-lp: Add check for clk_enable()
Eric Dumazet <edumazet(a)google.com>
inetpeer: do not get a refcount in inet_getpeer()
Eric Dumazet <edumazet(a)google.com>
inetpeer: update inetpeer timestamp in inet_getpeer()
Eric Dumazet <edumazet(a)google.com>
inetpeer: remove create argument of inet_getpeer()
Eric Dumazet <edumazet(a)google.com>
inetpeer: remove create argument of inet_getpeer_v[46]()
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
leds: netxbig: Fix an OF node reference leak in netxbig_leds_get_of_pdata()
Matti Vaittinen <mazziesaccount(a)gmail.com>
dt-bindings: mfd: bd71815: Fix rsense and typos
He Rongguang <herongguang(a)linux.alibaba.com>
cpupower: fix TSC MHz calculation
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
ACPI: fan: cleanup resources in the error path of .probe()
Uwe Kleine-König <u.kleine-koenig(a)baylibre.com>
hwmon: (nct6775): Actually make use of the HWMON_NCT6775 symbol namespace
Masahiro Yamada <masahiroy(a)kernel.org>
module: Convert default symbol namespace to string literal
Marcel Hamer <marcel.hamer(a)windriver.com>
wifi: brcmfmac: add missing header include for brcmf_dbg
Chen-Yu Tsai <wenst(a)chromium.org>
regulator: dt-bindings: mt6315: Drop regulator-compatible property
Jiri Kosina <jikos(a)kernel.org>
HID: multitouch: fix support for Goodix PID 0x01e9
Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>
wifi: rtlwifi: pci: wait for firmware loading before releasing memory
Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>
wifi: rtlwifi: fix memory leaks and invalid access at probe error path
Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>
wifi: rtlwifi: destroy workqueue at rtl_deinit_core
Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>
wifi: rtlwifi: remove unused check_buddy_priv
Geert Uytterhoeven <geert+renesas(a)glider.be>
dt-bindings: leds: class-multicolor: Fix path to color definitions
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
clk: fix an OF node reference leak in of_clk_get_parent_name()
Neil Armstrong <neil.armstrong(a)linaro.org>
dt-bindings: mmc: controller: clarify the address-cells description
David Howells <dhowells(a)redhat.com>
rxrpc: Fix handling of received connection abort
Mingwei Zheng <zmw12306(a)gmail.com>
spi: zynq-qspi: Add check for clk_enable()
Octavian Purdila <tavip(a)google.com>
net_sched: sch_sfq: don't allow 1 packet limit
Eric Dumazet <edumazet(a)google.com>
net_sched: sch_sfq: handle bigger packets
Song Yoong Siang <yoong.siang.song(a)intel.com>
selftests/bpf: Actuate tx_metadata_len in xdp_hw_metadata
Zichen Xie <zichenxie0106(a)gmail.com>
wifi: cfg80211: tests: Fix potential NULL dereference in test_cfg80211_parse_colocated_ap()
Javier Carrasco <javier.carrasco.cruz(a)gmail.com>
clk: renesas: cpg-mssr: Fix 'soc' node handling in cpg_mssr_reserved_init()
Barnabás Czémán <barnabas.czeman(a)mainlining.org>
wifi: wcn36xx: fix channel survey memory allocation size
Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>
wifi: rtlwifi: usb: fix workqueue leak when probe fails
Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>
wifi: rtlwifi: fix init_sw_vars leak when probe fails
Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>
wifi: rtlwifi: wait for firmware loading before releasing memory
Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>
wifi: rtlwifi: rtl8192se: rise completion of firmware loading as last step
Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>
wifi: rtlwifi: do not complete firmware loading needlessly
Colin Ian King <colin.i.king(a)gmail.com>
wifi: rtlwifi: rtl8821ae: phy: restore removed code to fix infinite loop
Balaji Pothunoori <quic_bpothuno(a)quicinc.com>
wifi: ath11k: Fix unexpected return buffer manager error for WCN6750/WCN6855
Charles Han <hanchunchao(a)inspur.com>
ipmi: ipmb: Add check devm_kasprintf() returned value
Thomas Gleixner <tglx(a)linutronix.de>
genirq: Make handle_enforce_irqctx() unconditionally available
Jonathan Kim <jonathan.kim(a)amd.com>
drm/amdgpu: fix gpu recovery disable with per queue reset
Alex Deucher <alexander.deucher(a)amd.com>
Revert "drm/amdgpu/gfx9: put queue resets behind a debug option"
Jiang Liu <gerry(a)linux.alibaba.com>
drm/amdgpu: tear down ttm range manager for doorbell in amdgpu_ttm_fini()
Hermes Wu <hermes.wu(a)ite.com.tw>
drm/bridge: it6505: Change definition of AUX_FIFO_MAX_SIZE
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
drm/msm/mdp4: correct LCDC regulator name
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
drm/msm: don't clean up priv->kms prematurely
Sui Jingfeng <sui.jingfeng(a)linux.dev>
drm/msm: Check return value of of_dma_configure()
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
drm/msm/dpu: link DSPP_2/_3 blocks on X1E80100
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
drm/msm/dpu: link DSPP_2/_3 blocks on SM8650
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
drm/msm/dpu: link DSPP_2/_3 blocks on SM8550
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
drm/msm/dpu: link DSPP_2/_3 blocks on SM8350
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
drm/msm/dpu: link DSPP_2/_3 blocks on SM8250
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
drm/msm/dpu: link DSPP_2/_3 blocks on SC8180X
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
drm/msm/dpu: link DSPP_2/_3 blocks on SM8150
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
drm/msm/dpu: provide DSPP and correct LM config for SDM670
Neil Armstrong <neil.armstrong(a)linaro.org>
OPP: fix dev_pm_opp_find_bw_*() when bandwidth table not initialized
Neil Armstrong <neil.armstrong(a)linaro.org>
OPP: add index check to assert to avoid buffer overflow in _read_freq()
Bokun Zhang <bokun.zhang(a)amd.com>
drm/amdgpu/vcn: reset fw_shared under SRIOV
Min-Hua Chen <minhuadotchen(a)gmail.com>
drm/rockchip: vop2: include rockchip_drm_drv.h
Andy Yan <andy.yan(a)rock-chips.com>
drm/rockchip: vop2: Add check for 32 bpp format for rk3588
Andy Yan <andy.yan(a)rock-chips.com>
drm/rockchip: vop2: Check linear format for Cluster windows on rk3566/8
Andy Yan <andy.yan(a)rock-chips.com>
drm/rockchip: vop2: Setup delay cycle for Esmart2/3
Andy Yan <andy.yan(a)rock-chips.com>
drm/rockchip: vop2: Set AXI id for rk3588
Derek Foreman <derek.foreman(a)collabora.com>
drm/connector: Allow clearing HDMI infoframes
John Ogness <john.ogness(a)linutronix.de>
printk: Defer legacy printing when holding printk_cpu_sync
Andy Yan <andy.yan(a)rock-chips.com>
drm/rockchip: vop2: Fix the windows switch between different layers
Boris Brezillon <boris.brezillon(a)collabora.com>
drm/panthor: Preserve the result returned by panthor_fw_resume()
Andy Yan <andy.yan(a)rock-chips.com>
drm/rockchip: vop2: Fix the mixer alpha setup for layer 0
Andy Yan <andy.yan(a)rock-chips.com>
drm/rockchip: vop2: Fix cluster windows alpha ctrl regsiters offset
Ivan Stepchenko <sid(a)itb.spb.ru>
drm/amdgpu: Fix potential NULL pointer dereference in atomctrl_get_smc_sclk_range_table
Christophe JAILLET <christophe.jaillet(a)wanadoo.fr>
drm/amd/pm: Fix an error handling path in vega10_enable_se_edc_force_stall_config()
Alan Stern <stern(a)rowland.harvard.edu>
HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections
Sui Jingfeng <sui.jingfeng(a)linux.dev>
drm/etnaviv: Fix page property being used for non writecombine buffers
Rex Nie <rex.nie(a)jaguarmicro.com>
drm/msm/hdmi: simplify code in pll_get_integloop_gain
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
drm/msm/dp: set safe_to_exit_level before printing it
Heiko Stuebner <heiko.stuebner(a)cherry.de>
drm/rockchip: vop2: fix rk3588 dp+dsi maxclk verification
Maíra Canal <mcanal(a)igalia.com>
drm/v3d: Fix performance counter source settings on V3D 7.x
Chengming Zhou <chengming.zhou(a)linux.dev>
psi: Fix race when task wakes up before psi_sched_switch() adjusts flags
Johannes Weiner <hannes(a)cmpxchg.org>
sched: psi: pass enqueue/dequeue flags to psi callbacks directly
John Stultz <jstultz(a)google.com>
sched: Split out __schedule() deactivate task logic into a helper
K Prateek Nayak <kprateek.nayak(a)amd.com>
x86/topology: Use x86_sched_itmt_flags for PKG domain unconditionally
Perry Yuan <perry.yuan(a)amd.com>
x86/cpu: Enable SD_ASYM_PACKING for PKG domain on AMD
Tianchen Ding <dtcccc(a)linux.alibaba.com>
sched: Fix race between yield_to() and try_to_wake_up()
Peter Zijlstra <peterz(a)infradead.org>
sched/fair: Fix value reported by hot tasks pulled in /proc/schedstat
Peter Zijlstra <peterz(a)infradead.org>
sched/fair: Untangle NEXT_BUDDY and pick_next_task()
Yabin Cui <yabinc(a)google.com>
perf/core: Save raw sample data conditionally based on sample type
David Howells <dhowells(a)redhat.com>
afs: Fix the fallback handling for the YFS.RemoveFile2 RPC call
Jens Axboe <axboe(a)kernel.dk>
nvme: fix bogus kzalloc() return check in nvme_init_effects_log()
Christophe Leroy <christophe.leroy(a)csgroup.eu>
select: Fix unbalanced user_access_end()
Qu Wenruo <wqu(a)suse.com>
btrfs: subpage: fix the bitmap dump of the locked flags
Randy Dunlap <rdunlap(a)infradead.org>
partitions: ldm: remove the initial kernel-doc notation
Qu Wenruo <wqu(a)suse.com>
btrfs: improve the warning and error message for btrfs_remove_qgroup()
Keisuke Nishimura <keisuke.nishimura(a)inria.fr>
nvme: Add error path for xa_store in nvme_init_effects
Michael Ellerman <mpe(a)ellerman.id.au>
selftests/powerpc: Fix argument order to timer_sub()
Gaurav Batra <gbatra(a)linux.ibm.com>
powerpc/pseries/iommu: IOMMU incorrectly marks MMIO range in DDW
Keisuke Nishimura <keisuke.nishimura(a)inria.fr>
nvme: Add error check for xa_store in nvme_get_effects_log
Sagi Grimberg <sagi(a)grimberg.me>
nvme-tcp: Fix I/O queue cpu spreading for multiple controllers
Christoph Hellwig <hch(a)lst.de>
block: don't update BLK_FEAT_POLL in __blk_mq_update_nr_hw_queues
Christoph Hellwig <hch(a)lst.de>
block: check BLK_FEAT_POLL under q_usage_count
Eugen Hristev <eugen.hristev(a)linaro.org>
pstore/blk: trivial typo fixes
Yu Kuai <yukuai3(a)huawei.com>
nbd: don't allow reconnect after disconnect
Geert Uytterhoeven <geert+renesas(a)glider.be>
ps3disk: Do not use dev->bounce_size before it is set
Yang Erkun <yangerkun(a)huawei.com>
block: retry call probe after request_module in blk_request_module
Christoph Hellwig <hch(a)lst.de>
block: copy back bounce buffer to user-space correctly in case of split
Jinliang Zheng <alexjlzheng(a)gmail.com>
fs: fix proc_handler for sysctl_nr_open
David Howells <dhowells(a)redhat.com>
afs: Fix cleanup of immediately failed async calls
David Howells <dhowells(a)redhat.com>
afs: Fix directory format encoding struct
David Howells <dhowells(a)redhat.com>
afs: Fix EEXIST error returned from afs_rmdir() to be ENOTEMPTY
Alexander Aring <aahringo(a)redhat.com>
dlm: fix srcu_read_lock() return type to int
Alexander Aring <aahringo(a)redhat.com>
dlm: fix removal of rsb struct that is master and dir record
Sourabh Jain <sourabhjain(a)linux.ibm.com>
powerpc/book3s64/hugetlb: Fix disabling hugetlb when fadump is active
Kees Cook <kees(a)kernel.org>
coredump: Do not lock during 'comm' reporting
-------------
Diffstat:
Documentation/core-api/symbol-namespaces.rst | 4 +-
.../devicetree/bindings/clock/imx93-clock.yaml | 1 +
.../bindings/leds/leds-class-multicolor.yaml | 2 +-
.../devicetree/bindings/mfd/rohm,bd71815-pmic.yaml | 20 +-
.../devicetree/bindings/mmc/mmc-controller.yaml | 2 +-
.../bindings/regulator/mt6315-regulator.yaml | 6 -
Documentation/driver-api/crypto/iaa/iaa-crypto.rst | 9 +-
.../it_IT/core-api/symbol-namespaces.rst | 4 +-
.../zh_CN/core-api/symbol-namespaces.rst | 4 +-
Makefile | 6 +-
.../dts/aspeed/aspeed-bmc-facebook-yosemite4.dts | 24 +-
.../boot/dts/intel/socfpga/socfpga_arria10.dtsi | 6 +-
arch/arm/boot/dts/mediatek/mt7623.dtsi | 2 +-
.../boot/dts/microchip/at91-sama5d27_wlsom1_ek.dts | 1 +
.../boot/dts/microchip/at91-sama5d29_curiosity.dts | 1 +
arch/arm/boot/dts/nxp/imx/imx7-tqma7.dtsi | 1 +
arch/arm/boot/dts/st/stm32mp13xx-dhcor-som.dtsi | 4 +-
arch/arm/boot/dts/st/stm32mp151.dtsi | 2 +-
arch/arm/boot/dts/st/stm32mp15xx-dhcom-drc02.dtsi | 12 -
arch/arm/boot/dts/st/stm32mp15xx-dhcom-pdk2.dtsi | 10 -
.../arm/boot/dts/st/stm32mp15xx-dhcom-picoitx.dtsi | 10 -
arch/arm/boot/dts/st/stm32mp15xx-dhcom-som.dtsi | 7 +
arch/arm/mach-at91/pm.c | 31 +-
arch/arm/mach-omap1/board-nokia770.c | 2 +-
.../boot/dts/allwinner/sun50i-a64-pinebook.dts | 2 +
.../boot/dts/allwinner/sun50i-a64-teres-i.dts | 2 +
arch/arm64/boot/dts/allwinner/sun50i-a64.dtsi | 2 +
arch/arm64/boot/dts/freescale/imx93.dtsi | 2 +-
arch/arm64/boot/dts/marvell/cn9131-cf-solidwan.dts | 4 +-
arch/arm64/boot/dts/mediatek/mt7988a.dtsi | 3 +
arch/arm64/boot/dts/mediatek/mt8173-elm.dtsi | 29 +-
arch/arm64/boot/dts/mediatek/mt8173-evb.dts | 25 +-
.../dts/mediatek/mt8183-kukui-jacuzzi-damu.dts | 4 +
.../dts/mediatek/mt8183-kukui-jacuzzi-kenzo.dts | 15 +
.../dts/mediatek/mt8183-kukui-jacuzzi-willow.dtsi | 15 +
.../boot/dts/mediatek/mt8183-kukui-jacuzzi.dtsi | 2 -
arch/arm64/boot/dts/mediatek/mt8183.dtsi | 3 +-
arch/arm64/boot/dts/mediatek/mt8186.dtsi | 8 +-
arch/arm64/boot/dts/mediatek/mt8192-asurada.dtsi | 3 -
arch/arm64/boot/dts/mediatek/mt8195-cherry.dtsi | 2 -
arch/arm64/boot/dts/mediatek/mt8195-demo.dts | 9 -
arch/arm64/boot/dts/mediatek/mt8195.dtsi | 5 +-
arch/arm64/boot/dts/mediatek/mt8365.dtsi | 3 +-
.../boot/dts/mediatek/mt8395-genio-1200-evk.dts | 2 -
.../boot/dts/mediatek/mt8395-radxa-nio-12l.dts | 2 -
arch/arm64/boot/dts/mediatek/mt8516.dtsi | 11 +-
arch/arm64/boot/dts/mediatek/pumpkin-common.dtsi | 2 -
arch/arm64/boot/dts/nvidia/tegra234.dtsi | 2 +-
arch/arm64/boot/dts/qcom/Makefile | 3 +
arch/arm64/boot/dts/qcom/msm8916.dtsi | 2 +-
arch/arm64/boot/dts/qcom/msm8939.dtsi | 2 +-
arch/arm64/boot/dts/qcom/msm8994.dtsi | 11 +-
arch/arm64/boot/dts/qcom/msm8996-xiaomi-gemini.dts | 2 +-
arch/arm64/boot/dts/qcom/msm8996.dtsi | 9 +-
arch/arm64/boot/dts/qcom/qcm6490-shift-otter.dts | 2 -
arch/arm64/boot/dts/qcom/qcs404.dtsi | 2 +-
arch/arm64/boot/dts/qcom/qcs8550-aim300.dtsi | 2 +-
arch/arm64/boot/dts/qcom/qdu1000-idp.dts | 2 +-
arch/arm64/boot/dts/qcom/qrb4210-rb2.dts | 2 +-
arch/arm64/boot/dts/qcom/qru1000-idp.dts | 2 +-
arch/arm64/boot/dts/qcom/sa8775p-ride.dtsi | 2 +-
arch/arm64/boot/dts/qcom/sc7180-firmware-tfa.dtsi | 84 ++--
.../arm64/boot/dts/qcom/sc7180-trogdor-coachz.dtsi | 8 +-
.../boot/dts/qcom/sc7180-trogdor-homestar.dtsi | 8 +-
.../arm64/boot/dts/qcom/sc7180-trogdor-pompom.dtsi | 4 +-
.../dts/qcom/sc7180-trogdor-quackingstick.dtsi | 1 +
.../boot/dts/qcom/sc7180-trogdor-wormdingler.dtsi | 8 +-
arch/arm64/boot/dts/qcom/sc7180.dtsi | 362 ++++++-------
arch/arm64/boot/dts/qcom/sc7280.dtsi | 2 +-
arch/arm64/boot/dts/qcom/sc8280xp.dtsi | 46 +-
...dts => sdm845-db845c-navigation-mezzanine.dtso} | 46 +-
arch/arm64/boot/dts/qcom/sdm845.dtsi | 20 +-
arch/arm64/boot/dts/qcom/sdx75.dtsi | 2 +-
arch/arm64/boot/dts/qcom/sm4450.dtsi | 2 +-
arch/arm64/boot/dts/qcom/sm6125.dtsi | 2 +-
arch/arm64/boot/dts/qcom/sm6375.dtsi | 2 +-
arch/arm64/boot/dts/qcom/sm7125.dtsi | 16 +-
arch/arm64/boot/dts/qcom/sm7225-fairphone-fp4.dts | 2 +-
.../boot/dts/qcom/sm8150-microsoft-surface-duo.dts | 4 +-
arch/arm64/boot/dts/qcom/sm8250.dtsi | 30 +-
arch/arm64/boot/dts/qcom/sm8350.dtsi | 2 +-
arch/arm64/boot/dts/qcom/sm8450.dtsi | 2 +-
arch/arm64/boot/dts/qcom/sm8550-hdk.dts | 2 +-
arch/arm64/boot/dts/qcom/sm8550-mtp.dts | 2 +-
arch/arm64/boot/dts/qcom/sm8550-qrd.dts | 2 +-
arch/arm64/boot/dts/qcom/sm8550-samsung-q5q.dts | 2 +-
.../dts/qcom/sm8550-sony-xperia-yodo-pdx234.dts | 2 +-
arch/arm64/boot/dts/qcom/sm8650-hdk.dts | 2 +-
arch/arm64/boot/dts/qcom/sm8650-mtp.dts | 2 +-
arch/arm64/boot/dts/qcom/sm8650-qrd.dts | 2 +-
arch/arm64/boot/dts/qcom/sm8650.dtsi | 6 +-
.../boot/dts/qcom/x1e80100-microsoft-romulus.dtsi | 4 +-
arch/arm64/boot/dts/qcom/x1e80100.dtsi | 2 +-
arch/arm64/boot/dts/renesas/rzg3s-smarc-som.dtsi | 5 -
arch/arm64/boot/dts/renesas/rzg3s-smarc.dtsi | 7 +-
arch/arm64/boot/dts/rockchip/rk3308-rock-s0.dts | 25 +-
.../boot/dts/rockchip/rk3568-wolfvision-pf5.dts | 2 +-
arch/arm64/boot/dts/ti/Makefile | 4 -
arch/arm64/boot/dts/ti/k3-am62-main.dtsi | 1 -
arch/arm64/boot/dts/ti/k3-am62a-main.dtsi | 1 -
...-pcie.dtso => k3-am642-hummingboard-t-pcie.dts} | 14 +-
...-usb3.dtso => k3-am642-hummingboard-t-usb3.dts} | 13 +-
arch/arm64/configs/defconfig | 1 -
arch/hexagon/include/asm/cmpxchg.h | 2 +-
arch/hexagon/kernel/traps.c | 4 +-
arch/loongarch/include/asm/hw_breakpoint.h | 4 +-
arch/loongarch/include/asm/loongarch.h | 60 +++
arch/loongarch/kernel/hw_breakpoint.c | 16 +-
arch/loongarch/power/platform.c | 2 +-
arch/powerpc/include/asm/hugetlb.h | 9 +
arch/powerpc/kernel/iommu.c | 2 +-
arch/powerpc/platforms/pseries/iommu.c | 12 +-
arch/riscv/kernel/vector.c | 2 +-
arch/s390/Kconfig | 1 +
arch/s390/Makefile | 2 +-
arch/s390/include/asm/sclp.h | 1 +
arch/s390/kernel/perf_cpum_cf.c | 2 +-
arch/s390/kernel/perf_pai_crypto.c | 2 +-
arch/s390/kernel/perf_pai_ext.c | 2 +-
arch/s390/kernel/setup.c | 5 +
arch/s390/purgatory/Makefile | 2 +-
arch/x86/events/amd/ibs.c | 2 +-
arch/x86/include/asm/kvm_host.h | 2 +-
arch/x86/kernel/smpboot.c | 10 +-
arch/x86/kvm/lapic.c | 11 +-
arch/x86/kvm/vmx/vmx.c | 2 +-
arch/x86/kvm/vmx/x86_ops.h | 2 +-
block/bio-integrity.c | 15 +-
block/blk-core.c | 21 +-
block/blk-mq.c | 34 +-
block/blk-mq.h | 6 +
block/blk-sysfs.c | 9 +-
block/genhd.c | 22 +-
block/partitions/ldm.h | 2 +-
crypto/algapi.c | 4 +-
drivers/acpi/acpica/achware.h | 2 -
drivers/acpi/fan_core.c | 10 +-
drivers/base/class.c | 9 +-
drivers/base/power/main.c | 29 +-
drivers/block/nbd.c | 1 +
drivers/block/ps3disk.c | 4 +-
drivers/bluetooth/btbcm.c | 3 +
drivers/bluetooth/btnxpuart.c | 3 +-
drivers/bluetooth/btrtl.c | 4 +-
drivers/bluetooth/btusb.c | 7 +
drivers/cdx/Makefile | 2 +-
drivers/char/ipmi/ipmb_dev_int.c | 3 +
drivers/char/ipmi/ssif_bmc.c | 5 +-
drivers/clk/analogbits/wrpll-cln28hpc.c | 2 +-
drivers/clk/clk.c | 4 +-
drivers/clk/imx/clk-imx8mp.c | 5 +-
drivers/clk/imx/clk-imx93.c | 89 ++--
drivers/clk/qcom/camcc-x1e80100.c | 7 +
drivers/clk/qcom/gcc-sdm845.c | 32 +-
drivers/clk/qcom/gcc-x1e80100.c | 2 +-
drivers/clk/ralink/clk-mtmips.c | 1 -
drivers/clk/renesas/renesas-cpg-mssr.c | 2 +-
drivers/clk/sunxi-ng/ccu-sun50i-a64.c | 13 +-
drivers/clk/sunxi-ng/ccu-sun50i-a64.h | 2 -
drivers/clk/thead/clk-th1520-ap.c | 13 +-
drivers/cpufreq/acpi-cpufreq.c | 36 +-
drivers/cpufreq/qcom-cpufreq-hw.c | 34 +-
drivers/crypto/caam/blob_gen.c | 3 +-
drivers/crypto/hisilicon/sec2/sec.h | 3 +-
drivers/crypto/hisilicon/sec2/sec_crypto.c | 157 +++---
drivers/crypto/hisilicon/sec2/sec_crypto.h | 11 -
drivers/crypto/intel/iaa/Makefile | 2 +-
drivers/crypto/intel/iaa/iaa_crypto_main.c | 2 +-
drivers/crypto/intel/ixp4xx/ixp4xx_crypto.c | 3 +
drivers/crypto/intel/qat/qat_common/Makefile | 2 +-
drivers/crypto/tegra/tegra-se-aes.c | 7 +-
drivers/crypto/tegra/tegra-se-hash.c | 7 +-
drivers/dma/idxd/Makefile | 2 +-
drivers/dma/ti/edma.c | 3 +-
drivers/firewire/device-attribute-test.c | 2 +
drivers/firmware/efi/sysfb_efi.c | 2 +-
drivers/firmware/qcom/qcom_scm.c | 42 +-
drivers/gpio/gpio-idio-16.c | 2 +-
drivers/gpio/gpio-mxc.c | 3 +-
drivers/gpio/gpio-pca953x.c | 3 +-
drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gfx_v9.c | 6 +-
drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 1 +
drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c | 4 -
drivers/gpu/drm/amd/amdgpu/gfx_v9_4_3.c | 6 -
drivers/gpu/drm/amd/amdgpu/vcn_v4_0_3.c | 2 +
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.h | 2 +
.../amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 34 +-
.../gpu/drm/amd/display/dc/dpp/dcn10/dcn10_dpp.c | 3 +
.../gpu/drm/amd/display/dc/hubp/dcn10/dcn10_hubp.c | 10 +-
.../gpu/drm/amd/display/dc/hubp/dcn10/dcn10_hubp.h | 2 +
.../gpu/drm/amd/display/dc/hubp/dcn20/dcn20_hubp.c | 1 +
.../drm/amd/display/dc/hubp/dcn201/dcn201_hubp.c | 1 +
.../gpu/drm/amd/display/dc/hubp/dcn21/dcn21_hubp.c | 3 +
.../gpu/drm/amd/display/dc/hubp/dcn30/dcn30_hubp.c | 3 +
.../gpu/drm/amd/display/dc/hubp/dcn31/dcn31_hubp.c | 1 +
.../gpu/drm/amd/display/dc/hubp/dcn32/dcn32_hubp.c | 1 +
.../gpu/drm/amd/display/dc/hubp/dcn35/dcn35_hubp.c | 1 +
.../drm/amd/display/dc/hubp/dcn401/dcn401_hubp.c | 3 +-
.../drm/amd/display/dc/hwss/dcn10/dcn10_hwseq.c | 2 +
.../drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c | 2 +
drivers/gpu/drm/amd/display/dc/inc/hw/hubp.h | 2 +
.../gpu/drm/amd/pm/powerplay/hwmgr/ppatomctrl.c | 2 +
.../drm/amd/pm/powerplay/hwmgr/vega10_powertune.c | 5 +-
drivers/gpu/drm/bridge/ite-it6505.c | 2 +-
drivers/gpu/drm/display/drm_hdmi_state_helper.c | 8 +
drivers/gpu/drm/etnaviv/etnaviv_gem.c | 16 +-
drivers/gpu/drm/msm/adreno/a6xx_gmu.c | 8 +-
.../drm/msm/disp/dpu1/catalog/dpu_10_0_sm8650.h | 2 +
.../gpu/drm/msm/disp/dpu1/catalog/dpu_4_1_sdm670.h | 54 +-
.../gpu/drm/msm/disp/dpu1/catalog/dpu_5_0_sm8150.h | 2 +
.../drm/msm/disp/dpu1/catalog/dpu_5_1_sc8180x.h | 2 +
.../gpu/drm/msm/disp/dpu1/catalog/dpu_6_0_sm8250.h | 2 +
.../gpu/drm/msm/disp/dpu1/catalog/dpu_7_0_sm8350.h | 2 +
.../gpu/drm/msm/disp/dpu1/catalog/dpu_9_0_sm8550.h | 2 +
.../drm/msm/disp/dpu1/catalog/dpu_9_2_x1e80100.h | 2 +
drivers/gpu/drm/msm/disp/mdp4/mdp4_lcdc_encoder.c | 2 +-
drivers/gpu/drm/msm/dp/dp_audio.c | 2 +-
drivers/gpu/drm/msm/hdmi/hdmi_phy_8998.c | 2 +-
drivers/gpu/drm/msm/msm_kms.c | 1 -
drivers/gpu/drm/panthor/panthor_device.c | 4 +-
drivers/gpu/drm/rockchip/rockchip_drm_vop2.c | 115 ++++-
drivers/gpu/drm/rockchip/rockchip_drm_vop2.h | 10 +
drivers/gpu/drm/rockchip/rockchip_vop2_reg.c | 26 +-
drivers/gpu/drm/v3d/v3d_debugfs.c | 4 +-
drivers/gpu/drm/v3d/v3d_perfmon.c | 15 +-
drivers/gpu/drm/v3d/v3d_regs.h | 29 +-
drivers/hid/hid-core.c | 2 +
drivers/hid/hid-input.c | 37 +-
drivers/hid/hid-multitouch.c | 2 +-
drivers/hid/hid-thrustmaster.c | 8 +
drivers/hwmon/Kconfig | 4 +-
drivers/hwmon/nct6775-core.c | 6 +-
drivers/i2c/busses/i2c-designware-common.c | 5 +-
drivers/i2c/busses/i2c-designware-master.c | 5 +-
drivers/i2c/busses/i2c-designware-slave.c | 5 +-
drivers/i3c/master/dw-i3c-master.c | 1 +
drivers/infiniband/hw/Makefile | 2 +-
drivers/infiniband/hw/bnxt_re/ib_verbs.c | 7 +-
drivers/infiniband/hw/cxgb4/device.c | 6 +-
drivers/infiniband/hw/cxgb4/qp.c | 8 +
drivers/infiniband/hw/hns/Kconfig | 20 +-
drivers/infiniband/hw/hns/Makefile | 9 +-
drivers/infiniband/hw/mlx4/main.c | 8 +-
drivers/infiniband/hw/mlx5/odp.c | 62 ++-
drivers/infiniband/sw/rxe/rxe_param.h | 2 +-
drivers/infiniband/sw/rxe/rxe_pool.c | 11 +-
drivers/infiniband/sw/rxe/rxe_verbs.c | 5 +-
drivers/infiniband/ulp/rtrs/rtrs.c | 3 +
drivers/infiniband/ulp/srp/ib_srp.c | 1 -
drivers/iommu/amd/amd_iommu.h | 1 -
drivers/iommu/amd/iommu.c | 9 -
drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 17 +-
drivers/iommu/iommufd/iova_bitmap.c | 2 +-
drivers/iommu/iommufd/main.c | 2 +-
drivers/leds/leds-cht-wcove.c | 6 +-
drivers/leds/leds-netxbig.c | 1 +
drivers/md/md-bitmap.c | 79 +--
drivers/md/md-bitmap.h | 7 +-
drivers/md/md.c | 34 ++
drivers/md/md.h | 5 +
drivers/md/raid1.c | 34 +-
drivers/md/raid1.h | 1 -
drivers/md/raid10.c | 26 +-
drivers/md/raid10.h | 1 -
drivers/md/raid5-cache.c | 4 -
drivers/md/raid5.c | 111 ++--
drivers/md/raid5.h | 4 -
drivers/media/i2c/imx290.c | 3 +-
drivers/media/i2c/imx412.c | 42 +-
drivers/media/i2c/ov9282.c | 2 +-
drivers/media/platform/marvell/mcam-core.c | 7 +-
drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c | 7 +-
.../media/platform/nxp/imx8-isi/imx8-isi-video.c | 3 +
.../media/platform/samsung/exynos4-is/mipi-csis.c | 10 +-
.../media/platform/samsung/s3c-camif/camif-core.c | 13 +-
drivers/media/rc/iguanair.c | 4 +-
drivers/media/usb/dvb-usb-v2/af9035.c | 18 +-
drivers/media/usb/dvb-usb-v2/lmedm04.c | 12 +-
drivers/media/usb/uvc/uvc_queue.c | 3 +-
drivers/media/usb/uvc/uvc_status.c | 1 +
drivers/memory/tegra/tegra20-emc.c | 8 +-
drivers/mfd/syscon.c | 19 +-
drivers/misc/cardreader/rtsx_usb.c | 15 +
drivers/mtd/hyperbus/hbmc-am654.c | 19 +-
drivers/mtd/nand/raw/brcmnand/brcmnand.c | 5 +
drivers/net/ethernet/broadcom/bgmac.h | 3 +-
drivers/net/ethernet/davicom/dm9000.c | 3 +-
drivers/net/ethernet/freescale/fec_main.c | 31 +-
drivers/net/ethernet/hisilicon/hns3/hnae3.c | 15 +
drivers/net/ethernet/hisilicon/hns3/hnae3.h | 2 +
drivers/net/ethernet/hisilicon/hns3/hns3_enet.c | 2 +
.../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 2 +
.../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 2 +
drivers/net/ethernet/intel/iavf/iavf_main.c | 19 +-
drivers/net/ethernet/intel/ice/ice_adminq_cmd.h | 18 +-
drivers/net/ethernet/intel/ice/ice_ethtool.c | 109 ++--
drivers/net/ethernet/intel/ice/ice_ethtool.h | 38 +-
drivers/net/ethernet/intel/ice/ice_parser.h | 6 +-
drivers/net/ethernet/intel/ice/ice_parser_rt.c | 12 +-
drivers/net/ethernet/intel/idpf/idpf_controlq.c | 6 +
drivers/net/ethernet/intel/idpf/idpf_main.c | 15 +-
drivers/net/ethernet/intel/idpf/idpf_virtchnl.c | 14 +-
.../net/ethernet/marvell/octeon_ep/octep_main.c | 10 -
.../ethernet/marvell/octeon_ep_vf/octep_vf_main.c | 8 -
drivers/net/ethernet/mediatek/airoha_eth.c | 37 +-
.../mlx5/core/steering/hws/mlx5hws_definer.c | 2 +-
drivers/net/ethernet/mellanox/mlxfw/mlxfw_fsm.c | 2 -
drivers/net/ethernet/mellanox/mlxsw/spectrum_mr.c | 8 +-
drivers/net/ethernet/renesas/ravb_main.c | 22 +-
drivers/net/ethernet/renesas/sh_eth.c | 4 +
drivers/net/ethernet/sfc/ef100_ethtool.c | 1 +
drivers/net/ethernet/sfc/ethtool.c | 1 +
drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 30 ++
drivers/net/ethernet/ti/am65-cpsw-nuss.c | 2 +-
drivers/net/netdevsim/netdevsim.h | 1 +
drivers/net/netdevsim/udp_tunnels.c | 23 +-
drivers/net/phy/marvell-88q2xxx.c | 33 +-
drivers/net/tap.c | 6 +-
drivers/net/team/team_core.c | 7 +
drivers/net/tun.c | 6 +-
drivers/net/usb/rtl8150.c | 22 +
drivers/net/vxlan/vxlan_vnifilter.c | 5 +
drivers/net/wireless/ath/ath11k/dp_rx.c | 1 +
drivers/net/wireless/ath/ath11k/hal_rx.c | 3 +-
drivers/net/wireless/ath/ath12k/mac.c | 6 +-
drivers/net/wireless/ath/wcn36xx/main.c | 5 +-
.../wireless/broadcom/brcm80211/brcmfmac/fwil.h | 2 +
drivers/net/wireless/intel/iwlwifi/fw/uefi.c | 44 +-
drivers/net/wireless/intel/iwlwifi/mvm/coex.c | 9 +-
drivers/net/wireless/intel/iwlwifi/mvm/tx.c | 4 +-
drivers/net/wireless/mediatek/mt76/mac80211.c | 2 +-
drivers/net/wireless/mediatek/mt76/mt7615/mcu.c | 2 +-
.../net/wireless/mediatek/mt76/mt76_connac_mcu.c | 2 +-
.../net/wireless/mediatek/mt76/mt76_connac_mcu.h | 1 +
drivers/net/wireless/mediatek/mt76/mt7915/init.c | 2 +-
drivers/net/wireless/mediatek/mt76/mt7915/mac.c | 7 +
drivers/net/wireless/mediatek/mt76/mt7915/main.c | 9 +-
drivers/net/wireless/mediatek/mt76/mt7915/mmio.c | 2 +-
drivers/net/wireless/mediatek/mt76/mt7915/mt7915.h | 1 +
drivers/net/wireless/mediatek/mt76/mt7915/pci.c | 1 +
drivers/net/wireless/mediatek/mt76/mt7921/mac.c | 1 +
drivers/net/wireless/mediatek/mt76/mt7921/main.c | 9 +-
drivers/net/wireless/mediatek/mt76/mt7925/mac.c | 6 +-
drivers/net/wireless/mediatek/mt76/mt7925/main.c | 109 ++--
drivers/net/wireless/mediatek/mt76/mt7925/mcu.c | 142 ++++--
drivers/net/wireless/mediatek/mt76/mt7925/mcu.h | 5 +-
drivers/net/wireless/mediatek/mt76/mt7925/mt7925.h | 2 +
drivers/net/wireless/mediatek/mt76/mt792x.h | 7 +-
drivers/net/wireless/mediatek/mt76/mt792x_core.c | 3 +-
drivers/net/wireless/mediatek/mt76/mt792x_mac.c | 2 +-
drivers/net/wireless/mediatek/mt76/mt7996/init.c | 20 +-
drivers/net/wireless/mediatek/mt76/mt7996/mac.c | 5 +-
drivers/net/wireless/mediatek/mt76/mt7996/main.c | 3 +-
drivers/net/wireless/mediatek/mt76/mt7996/mcu.c | 47 +-
drivers/net/wireless/mediatek/mt76/mt7996/mmio.c | 2 +-
drivers/net/wireless/mediatek/mt76/usb.c | 4 +-
drivers/net/wireless/realtek/rtlwifi/base.c | 13 +-
drivers/net/wireless/realtek/rtlwifi/base.h | 1 -
drivers/net/wireless/realtek/rtlwifi/pci.c | 61 +--
.../net/wireless/realtek/rtlwifi/rtl8192se/sw.c | 7 +-
.../net/wireless/realtek/rtlwifi/rtl8821ae/phy.c | 4 +-
drivers/net/wireless/realtek/rtlwifi/usb.c | 12 +-
drivers/net/wireless/realtek/rtlwifi/wifi.h | 12 -
drivers/net/wireless/realtek/rtw89/chan.c | 212 +++++++-
drivers/net/wireless/realtek/rtw89/chan.h | 28 +-
drivers/net/wireless/realtek/rtw89/core.c | 124 +++--
drivers/net/wireless/realtek/rtw89/core.h | 27 +-
drivers/net/wireless/realtek/rtw89/fw.c | 40 +-
drivers/net/wireless/realtek/rtw89/mac.c | 3 +-
drivers/net/wireless/realtek/rtw89/mac80211.c | 10 +-
drivers/net/wireless/ti/wlcore/main.c | 10 +-
drivers/nvme/host/core.c | 34 +-
drivers/nvme/host/tcp.c | 70 ++-
drivers/of/fdt.c | 13 +-
drivers/of/of_private.h | 3 +-
drivers/of/of_reserved_mem.c | 174 +++++--
drivers/of/property.c | 2 +-
drivers/opp/core.c | 57 ++-
drivers/opp/of.c | 4 +-
drivers/pci/controller/dwc/pci-imx6.c | 30 +-
drivers/pci/controller/dwc/pcie-designware-host.c | 1 +
drivers/pci/controller/dwc/pcie-qcom.c | 2 +
drivers/pci/controller/pcie-rcar-ep.c | 2 +-
drivers/pci/controller/plda/pcie-microchip-host.c | 222 +++++---
drivers/pci/controller/plda/pcie-plda-host.c | 17 +-
drivers/pci/controller/plda/pcie-plda.h | 6 +-
drivers/pci/endpoint/functions/pci-epf-test.c | 6 +-
drivers/pci/endpoint/pci-epc-core.c | 2 +-
drivers/pci/pcie/aspm.c | 35 +-
drivers/phy/freescale/phy-fsl-samsung-hdmi.c | 558 ++++++++++++---------
drivers/pinctrl/nomadik/pinctrl-nomadik.c | 35 +-
drivers/pinctrl/pinctrl-amd.c | 27 +-
drivers/pinctrl/pinctrl-amd.h | 7 +-
drivers/pinctrl/samsung/pinctrl-exynos.c | 3 +-
drivers/pinctrl/stm32/pinctrl-stm32.c | 76 +--
drivers/platform/mellanox/mlxbf-pmc.c | 6 +-
drivers/platform/x86/x86-android-tablets/lenovo.c | 4 +-
drivers/pps/clients/pps-gpio.c | 4 +-
drivers/pps/clients/pps-ktimer.c | 4 +-
drivers/pps/clients/pps-ldisc.c | 6 +-
drivers/pps/clients/pps_parport.c | 4 +-
drivers/pps/kapi.c | 10 +-
drivers/pps/kc.c | 10 +-
drivers/pps/pps.c | 127 ++---
drivers/ptp/ptp_chardev.c | 4 +
drivers/ptp/ptp_ocp.c | 2 +-
drivers/pwm/core.c | 2 +-
drivers/pwm/pwm-dwc-core.c | 2 +-
drivers/pwm/pwm-lpss.c | 2 +-
drivers/pwm/pwm-stm32-lp.c | 8 +-
drivers/pwm/pwm-stm32.c | 7 +-
drivers/regulator/core.c | 2 +-
drivers/regulator/of_regulator.c | 14 +-
drivers/remoteproc/mtk_scp.c | 12 +-
drivers/remoteproc/remoteproc_core.c | 14 +-
drivers/rtc/rtc-loongson.c | 13 +-
drivers/rtc/rtc-pcf85063.c | 11 +-
drivers/rtc/rtc-tps6594.c | 2 +-
drivers/s390/char/sclp.c | 12 +-
drivers/scsi/mpi3mr/mpi3mr_app.c | 8 +-
drivers/scsi/mpt3sas/mpt3sas_base.c | 3 +-
drivers/soc/atmel/soc.c | 2 +-
drivers/spi/spi-omap2-mcspi.c | 11 +-
drivers/spi/spi-zynq-qspi.c | 13 +-
drivers/staging/media/imx/imx-media-of.c | 8 +-
drivers/staging/media/max96712/max96712.c | 4 +-
drivers/tty/mips_ejtag_fdc.c | 4 +-
drivers/tty/serial/8250/8250_port.c | 32 +-
drivers/tty/serial/sc16is7xx.c | 2 +-
drivers/ufs/core/ufs_bsg.c | 1 +
drivers/usb/dwc3/core.c | 35 +-
drivers/usb/dwc3/dwc3-am62.c | 1 +
drivers/usb/gadget/function/f_tcm.c | 14 +-
drivers/usb/host/xhci-ring.c | 3 +-
drivers/usb/storage/Makefile | 2 +-
drivers/usb/typec/tcpm/tcpci.c | 13 +-
drivers/usb/typec/tcpm/tcpm.c | 10 +-
drivers/video/fbdev/omap2/omapfb/dss/dss-of.c | 1 +
drivers/watchdog/rti_wdt.c | 1 +
fs/afs/dir.c | 7 +-
fs/afs/internal.h | 9 +
fs/afs/rxrpc.c | 12 +-
fs/afs/xdr_fs.h | 2 +-
fs/afs/yfsclient.c | 5 +-
fs/btrfs/inode.c | 97 +++-
fs/btrfs/qgroup.c | 21 +-
fs/btrfs/subpage.c | 6 +-
fs/btrfs/subpage.h | 13 +
fs/btrfs/super.c | 2 +-
fs/dlm/lock.c | 46 +-
fs/dlm/lowcomms.c | 3 +-
fs/erofs/internal.h | 17 +-
fs/erofs/zdata.c | 190 +++++--
fs/erofs/zutil.c | 155 +-----
fs/f2fs/dir.c | 53 +-
fs/f2fs/f2fs.h | 6 +-
fs/f2fs/inline.c | 5 +-
fs/file_table.c | 2 +-
fs/hostfs/hostfs_kern.c | 27 +-
fs/nfs/localio.c | 4 +-
fs/nfs/nfs42proc.c | 2 +-
fs/nfs/nfs42xdr.c | 2 +
fs/nfs_common/common.c | 89 +++-
fs/nilfs2/dir.c | 13 +-
fs/nilfs2/namei.c | 29 +-
fs/nilfs2/nilfs.h | 4 +-
fs/nilfs2/page.c | 31 +-
fs/nilfs2/segment.c | 4 +-
fs/ocfs2/quota_global.c | 5 +
fs/pstore/blk.c | 4 +-
fs/select.c | 4 +-
fs/smb/client/cifsacl.c | 25 +-
fs/smb/client/cifsproto.h | 2 +-
fs/smb/client/cifssmb.c | 4 +-
fs/smb/client/readdir.c | 2 +-
fs/smb/client/reparse.c | 22 +-
fs/smb/client/smb2ops.c | 3 +-
fs/ubifs/debug.c | 22 +-
fs/xfs/xfs_buf.c | 3 +-
fs/xfs/xfs_notify_failure.c | 121 +++--
include/acpi/acpixf.h | 1 +
include/dt-bindings/clock/imx93-clock.h | 7 +-
include/dt-bindings/clock/sun50i-a64-ccu.h | 2 +
include/linux/btf.h | 5 +
include/linux/coredump.h | 4 +-
include/linux/ethtool.h | 4 +
include/linux/export.h | 2 +-
include/linux/hid.h | 1 +
include/linux/ieee80211.h | 11 +-
include/linux/kallsyms.h | 2 +-
include/linux/mroute_base.h | 6 +-
include/linux/netdevice.h | 2 +-
include/linux/nfs_common.h | 3 +-
include/linux/perf_event.h | 6 +
include/linux/pm.h | 1 +
include/linux/pps_kernel.h | 3 +-
include/linux/ptr_ring.h | 21 +-
include/linux/sched.h | 1 +
include/linux/skb_array.h | 17 +-
include/linux/usb/tcpm.h | 3 +-
include/net/ax25.h | 10 +-
include/net/inetpeer.h | 12 +-
include/net/netfilter/nf_tables.h | 6 +
include/net/netns/xfrm.h | 1 +
include/net/pkt_cls.h | 13 +-
include/net/sch_generic.h | 5 +-
include/net/xfrm.h | 30 +-
include/sound/hdaudio_ext.h | 45 --
include/trace/events/afs.h | 2 +
include/trace/events/rxrpc.h | 25 +
include/uapi/linux/xfrm.h | 2 +
io_uring/uring_cmd.c | 2 +-
kernel/bpf/arena.c | 8 +-
kernel/bpf/bpf_local_storage.c | 8 +-
kernel/bpf/bpf_struct_ops.c | 21 +
kernel/bpf/btf.c | 5 -
kernel/bpf/helpers.c | 18 +-
kernel/dma/coherent.c | 14 +-
kernel/events/core.c | 35 +-
kernel/irq/internals.h | 9 +-
kernel/module/main.c | 7 +-
kernel/padata.c | 45 +-
kernel/power/hibernate.c | 7 +-
kernel/printk/internal.h | 6 +
kernel/printk/printk.c | 5 +
kernel/printk/printk_safe.c | 7 +-
kernel/sched/core.c | 83 +--
kernel/sched/cpufreq_schedutil.c | 4 +-
kernel/sched/fair.c | 21 +-
kernel/sched/features.h | 9 +
kernel/sched/sched.h | 56 +--
kernel/sched/stats.h | 33 +-
kernel/sched/syscalls.c | 2 +-
kernel/trace/bpf_trace.c | 13 +-
lib/rhashtable.c | 12 +-
mm/memcontrol.c | 7 +-
mm/oom_kill.c | 8 +-
net/ax25/af_ax25.c | 12 +-
net/ax25/ax25_dev.c | 4 +-
net/ax25/ax25_ip.c | 3 +-
net/ax25/ax25_out.c | 22 +-
net/ax25/ax25_route.c | 2 +
net/core/dev.c | 21 +-
net/core/filter.c | 2 +-
net/core/sysctl_net_core.c | 5 +-
net/ethtool/ioctl.c | 8 +-
net/ethtool/netlink.c | 2 +-
net/hsr/hsr_forward.c | 7 +-
net/ipv4/esp4_offload.c | 6 +-
net/ipv4/icmp.c | 9 +-
net/ipv4/inetpeer.c | 31 +-
net/ipv4/ip_fragment.c | 15 +-
net/ipv4/ipmr.c | 28 +-
net/ipv4/ipmr_base.c | 9 +-
net/ipv4/route.c | 17 +-
net/ipv4/tcp_cubic.c | 8 +-
net/ipv4/tcp_output.c | 9 +-
net/ipv4/udp.c | 56 +++
net/ipv6/esp6_offload.c | 6 +-
net/ipv6/icmp.c | 6 +-
net/ipv6/ip6_output.c | 6 +-
net/ipv6/ip6mr.c | 28 +-
net/ipv6/ndisc.c | 8 +-
net/ipv6/udp.c | 50 ++
net/key/af_key.c | 7 +-
net/mac80211/debugfs_netdev.c | 2 +-
net/mac80211/driver-ops.h | 3 +
net/mac80211/rx.c | 1 +
net/mptcp/ctrl.c | 4 +-
net/mptcp/options.c | 13 +-
net/mptcp/pm_netlink.c | 3 +-
net/mptcp/protocol.c | 4 +-
net/mptcp/protocol.h | 30 +-
net/ncsi/ncsi-rsp.c | 18 +-
net/netfilter/nf_tables_api.c | 57 ++-
net/netfilter/nft_flow_offload.c | 16 +-
net/netfilter/nft_set_rbtree.c | 43 ++
net/rose/af_rose.c | 16 +-
net/rose/rose_timer.c | 15 +
net/rxrpc/conn_event.c | 12 +-
net/rxrpc/peer_event.c | 16 +-
net/rxrpc/peer_object.c | 12 +-
net/sched/cls_api.c | 57 +--
net/sched/cls_bpf.c | 2 +
net/sched/cls_flower.c | 2 +
net/sched/cls_matchall.c | 2 +
net/sched/cls_u32.c | 4 +
net/sched/sch_api.c | 4 +
net/sched/sch_generic.c | 4 +-
net/sched/sch_sfq.c | 45 +-
net/smc/af_smc.c | 2 +-
net/smc/smc_rx.c | 37 +-
net/smc/smc_rx.h | 8 +-
net/sunrpc/svcsock.c | 12 +-
net/vmw_vsock/af_vsock.c | 13 +-
net/wireless/scan.c | 7 +-
net/wireless/tests/scan.c | 2 +
net/xfrm/xfrm_compat.c | 6 +-
net/xfrm/xfrm_input.c | 2 +-
net/xfrm/xfrm_policy.c | 12 +
net/xfrm/xfrm_replay.c | 10 +-
net/xfrm/xfrm_state.c | 256 ++++++++--
net/xfrm/xfrm_user.c | 59 ++-
samples/landlock/sandboxer.c | 7 +
scripts/Makefile.lib | 4 +-
scripts/genksyms/genksyms.c | 11 +-
scripts/genksyms/genksyms.h | 2 +-
scripts/genksyms/parse.y | 18 +-
scripts/kconfig/confdata.c | 6 +-
scripts/kconfig/symbol.c | 1 +
security/landlock/fs.c | 11 +-
sound/core/seq/Kconfig | 4 +-
sound/pci/hda/patch_realtek.c | 1 +
sound/soc/amd/acp/acp-i2s.c | 1 +
sound/soc/codecs/Makefile | 6 +-
sound/soc/codecs/da7213.c | 2 +
sound/soc/intel/avs/apl.c | 3 +-
sound/soc/intel/avs/cnl.c | 1 +
sound/soc/intel/avs/core.c | 14 +-
sound/soc/intel/avs/loader.c | 2 +-
sound/soc/intel/avs/registers.h | 45 ++
sound/soc/intel/avs/skl.c | 1 +
sound/soc/intel/avs/topology.c | 4 +-
sound/soc/intel/boards/sof_sdw.c | 47 +-
sound/soc/mediatek/mt8365/Makefile | 2 +-
sound/soc/rockchip/rockchip_i2s_tdm.c | 31 +-
sound/soc/sh/rz-ssi.c | 3 +-
sound/soc/sunxi/sun4i-spdif.c | 7 +
sound/usb/quirks.c | 2 +
tools/bootconfig/main.c | 4 +-
tools/include/uapi/linux/if_xdp.h | 4 +-
tools/lib/bpf/btf.c | 1 +
tools/lib/bpf/btf_relocate.c | 2 +-
tools/lib/bpf/linker.c | 22 +-
tools/lib/bpf/usdt.c | 2 +-
tools/net/ynl/lib/ynl.c | 2 +-
tools/perf/MANIFEST | 1 +
tools/perf/builtin-inject.c | 8 +-
tools/perf/builtin-lock.c | 66 ++-
tools/perf/builtin-report.c | 2 +-
tools/perf/builtin-top.c | 2 +-
tools/perf/builtin-trace.c | 6 +-
tools/perf/tests/shell/trace_btf_enum.sh | 8 +-
tools/perf/util/bpf-event.c | 10 +-
.../util/bpf_skel/augmented_raw_syscalls.bpf.c | 11 +-
tools/perf/util/env.c | 13 +-
tools/perf/util/env.h | 4 +-
tools/perf/util/expr.c | 5 +-
tools/perf/util/header.c | 8 +-
tools/perf/util/machine.c | 2 +-
tools/perf/util/maps.c | 7 +-
tools/perf/util/namespaces.c | 7 +-
tools/perf/util/namespaces.h | 3 +-
.../cpupower/utils/idle_monitor/mperf_monitor.c | 15 +-
tools/power/x86/turbostat/turbostat.8 | 25 +
tools/power/x86/turbostat/turbostat.c | 163 +++++-
tools/testing/ktest/ktest.pl | 7 +-
tools/testing/selftests/bpf/Makefile | 4 +-
.../testing/selftests/bpf/prog_tests/btf_distill.c | 4 +-
.../selftests/bpf/prog_tests/fill_link_info.c | 4 +
tools/testing/selftests/bpf/prog_tests/tailcalls.c | 124 ++++-
tools/testing/selftests/bpf/progs/tc_bpf2bpf.c | 5 +-
.../selftests/bpf/progs/test_fill_link_info.c | 13 +-
tools/testing/selftests/bpf/test_tc_tunnel.sh | 1 +
tools/testing/selftests/bpf/xdp_hw_metadata.c | 2 +-
.../drivers/net/netdevsim/udp_tunnel_nic.sh | 16 +-
.../ftrace/test.d/00basic/mount_options.tc | 8 +-
tools/testing/selftests/kselftest/ktap_helpers.sh | 2 +-
tools/testing/selftests/kselftest_harness.h | 24 +-
tools/testing/selftests/landlock/Makefile | 4 +-
tools/testing/selftests/landlock/fs_test.c | 3 +-
tools/testing/selftests/net/lib/Makefile | 2 +-
tools/testing/selftests/net/mptcp/Makefile | 2 +-
tools/testing/selftests/net/openvswitch/Makefile | 2 +-
.../selftests/powerpc/benchmarks/gettimeofday.c | 2 +-
tools/testing/selftests/rseq/rseq.c | 32 +-
tools/testing/selftests/rseq/rseq.h | 9 +-
.../testing/selftests/timers/clocksource-switch.c | 6 +-
678 files changed, 6718 insertions(+), 3703 deletions(-)
4 months, 1 week
- 12
- 604
[PATCH 0/8] KVM: arm64: FPSIMD/SVE/SME fixes
by Mark Rutland
These patches fix some isuses with the way KVM manages FPSIMD/SVE?SME
state. The series supersedes my earlier attempt at fixing the host SVE
state corruption issue:
https://lore.kernel.org/linux-arm-kernel/20250121100026.3974971-1-mark.rutl…
Patch 1 addreses the host SVE state corruption issue by always saving
and unbinding the host state when loading a vCPU, as discussed on the
earlier patch:
https://lore.kernel.org/linux-arm-kernel/Z4--YuG5SWrP_pW7@J2N7QTR9R3/
https://lore.kernel.org/linux-arm-kernel/86plkful48.wl-maz@kernel.org/
Patches 2 to 4 remove code made redundant by patch 1. These probably
warrant backporting along with patch 1 as there is some historical
brokenness in the code they remove.
Patches 5 to 7 are preparatory refactoring for patch 8, and are not
intended to have any functional impact.
Patch 8 addreses some mismanagement of ZCR_EL{1,2} which can result in
the host VMM unexpectedly receiving a SIGKILL. To fix this, we eagerly
swith ZCR_EL{1,2} at guest<->host transitions, as discussed on another
series:
https://lore.kernel.org/linux-arm-kernel/Z4pAMaEYvdLpmbg2@J2N7QTR9R3/
https://lore.kernel.org/linux-arm-kernel/86o6zzukwr.wl-maz@kernel.org/
https://lore.kernel.org/linux-arm-kernel/Z5Dc-WMu2azhTuMn@J2N7QTR9R3/
The end result is that KVM loses ~100 lines of code, and becomes a bit
simpler to reaason about.
I've pushed these patches (with some additional debug patches that can
be used for testing) to the arm64-kvm-fpsimd-fixes-20250204 tag on my
kernel.org repo:
https://git.kernel.org/pub/scm/linux/kernel/git/mark/linux.git/
git://git.kernel.org/pub/scm/linux/kernel/git/mark/linux.git
I've given this some basic testing on a virtual platform, booting a host
and a guest with and without constraining the guet's max SVE VL, with:
* kvm_arm.mode=vhe
* kvm_arm.mode=nvhe
* kvm_arm.mode=protected (IIUC this will default to hVHE)
Any additional testing would be much appreciated.
Mark.
Mark Rutland (8):
KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state
KVM: arm64: Remove host FPSIMD saving for non-protected KVM
KVM: arm64: Remove VHE host restore of CPACR_EL1.ZEN
KVM: arm64: Remove VHE host restore of CPACR_EL1.SMEN
KVM: arm64: Refactor CPTR trap deactivation
KVM: arm64: Refactor exit handlers
KVM: arm64: Mark some header functions as inline
KVM: arm64: Eagerly switch ZCR_EL{1,2}
arch/arm64/include/asm/kvm_emulate.h | 42 ---------
arch/arm64/include/asm/kvm_host.h | 22 +----
arch/arm64/kernel/fpsimd.c | 25 -----
arch/arm64/kvm/arm.c | 8 --
arch/arm64/kvm/fpsimd.c | 100 ++------------------
arch/arm64/kvm/hyp/include/hyp/switch.h | 116 +++++++++++++++++-------
arch/arm64/kvm/hyp/nvhe/hyp-main.c | 15 ++-
arch/arm64/kvm/hyp/nvhe/switch.c | 91 ++++++++++---------
arch/arm64/kvm/hyp/vhe/switch.c | 33 ++++---
9 files changed, 170 insertions(+), 282 deletions(-)
--
2.30.2
4 months, 2 weeks
- 4
- 23
[PATCH v1 01/16] mm: hugetlb: Add huge page size param to huge_ptep_get_and_clear()
by Ryan Roberts
In order to fix a bug, arm64 needs to be told the size of the huge page
for which the huge_pte is being set in huge_ptep_get_and_clear().
Provide for this by adding an `unsigned long sz` parameter to the
function. This follows the same pattern as huge_pte_clear() and
set_huge_pte_at().
This commit makes the required interface modifications to the core mm as
well as all arches that implement this function (arm64, loongarch, mips,
parisc, powerpc, riscv, s390, sparc). The actual arm64 bug will be fixed
in a separate commit.
Cc: <stable(a)vger.kernel.org>
Fixes: 66b3923a1a0f ("arm64: hugetlb: add support for PTE contiguous bit")
Signed-off-by: Ryan Roberts <ryan.roberts(a)arm.com>
---
arch/arm64/include/asm/hugetlb.h | 4 ++--
arch/arm64/mm/hugetlbpage.c | 8 +++++---
arch/loongarch/include/asm/hugetlb.h | 6 ++++--
arch/mips/include/asm/hugetlb.h | 6 ++++--
arch/parisc/include/asm/hugetlb.h | 2 +-
arch/parisc/mm/hugetlbpage.c | 2 +-
arch/powerpc/include/asm/hugetlb.h | 6 ++++--
arch/riscv/include/asm/hugetlb.h | 3 ++-
arch/riscv/mm/hugetlbpage.c | 2 +-
arch/s390/include/asm/hugetlb.h | 12 ++++++++----
arch/s390/mm/hugetlbpage.c | 10 ++++++++--
arch/sparc/include/asm/hugetlb.h | 2 +-
arch/sparc/mm/hugetlbpage.c | 2 +-
include/asm-generic/hugetlb.h | 2 +-
include/linux/hugetlb.h | 4 +++-
mm/hugetlb.c | 4 ++--
16 files changed, 48 insertions(+), 27 deletions(-)
diff --git a/arch/arm64/include/asm/hugetlb.h b/arch/arm64/include/asm/hugetlb.h
index c6dff3e69539..03db9cb21ace 100644
--- a/arch/arm64/include/asm/hugetlb.h
+++ b/arch/arm64/include/asm/hugetlb.h
@@ -42,8 +42,8 @@ extern int huge_ptep_set_access_flags(struct vm_area_struct *vma,
unsigned long addr, pte_t *ptep,
pte_t pte, int dirty);
#define __HAVE_ARCH_HUGE_PTEP_GET_AND_CLEAR
-extern pte_t huge_ptep_get_and_clear(struct mm_struct *mm,
- unsigned long addr, pte_t *ptep);
+extern pte_t huge_ptep_get_and_clear(struct mm_struct *mm, unsigned long addr,
+ pte_t *ptep, unsigned long sz);
#define __HAVE_ARCH_HUGE_PTEP_SET_WRPROTECT
extern void huge_ptep_set_wrprotect(struct mm_struct *mm,
unsigned long addr, pte_t *ptep);
diff --git a/arch/arm64/mm/hugetlbpage.c b/arch/arm64/mm/hugetlbpage.c
index 98a2a0e64e25..06db4649af91 100644
--- a/arch/arm64/mm/hugetlbpage.c
+++ b/arch/arm64/mm/hugetlbpage.c
@@ -396,8 +396,8 @@ void huge_pte_clear(struct mm_struct *mm, unsigned long addr,
__pte_clear(mm, addr, ptep);
}
-pte_t huge_ptep_get_and_clear(struct mm_struct *mm,
- unsigned long addr, pte_t *ptep)
+pte_t huge_ptep_get_and_clear(struct mm_struct *mm, unsigned long addr,
+ pte_t *ptep, unsigned long sz)
{
int ncontig;
size_t pgsize;
@@ -549,6 +549,8 @@ bool __init arch_hugetlb_valid_size(unsigned long size)
pte_t huge_ptep_modify_prot_start(struct vm_area_struct *vma, unsigned long addr, pte_t *ptep)
{
+ unsigned long psize = huge_page_size(hstate_vma(vma));
+
if (alternative_has_cap_unlikely(ARM64_WORKAROUND_2645198)) {
/*
* Break-before-make (BBM) is required for all user space mappings
@@ -558,7 +560,7 @@ pte_t huge_ptep_modify_prot_start(struct vm_area_struct *vma, unsigned long addr
if (pte_user_exec(__ptep_get(ptep)))
return huge_ptep_clear_flush(vma, addr, ptep);
}
- return huge_ptep_get_and_clear(vma->vm_mm, addr, ptep);
+ return huge_ptep_get_and_clear(vma->vm_mm, addr, ptep, psize);
}
void huge_ptep_modify_prot_commit(struct vm_area_struct *vma, unsigned long addr, pte_t *ptep,
diff --git a/arch/loongarch/include/asm/hugetlb.h b/arch/loongarch/include/asm/hugetlb.h
index c8e4057734d0..4dc4b3e04225 100644
--- a/arch/loongarch/include/asm/hugetlb.h
+++ b/arch/loongarch/include/asm/hugetlb.h
@@ -36,7 +36,8 @@ static inline void huge_pte_clear(struct mm_struct *mm, unsigned long addr,
#define __HAVE_ARCH_HUGE_PTEP_GET_AND_CLEAR
static inline pte_t huge_ptep_get_and_clear(struct mm_struct *mm,
- unsigned long addr, pte_t *ptep)
+ unsigned long addr, pte_t *ptep,
+ unsigned long sz)
{
pte_t clear;
pte_t pte = ptep_get(ptep);
@@ -51,8 +52,9 @@ static inline pte_t huge_ptep_clear_flush(struct vm_area_struct *vma,
unsigned long addr, pte_t *ptep)
{
pte_t pte;
+ unsigned long sz = huge_page_size(hstate_vma(vma));
- pte = huge_ptep_get_and_clear(vma->vm_mm, addr, ptep);
+ pte = huge_ptep_get_and_clear(vma->vm_mm, addr, ptep, sz);
flush_tlb_page(vma, addr);
return pte;
}
diff --git a/arch/mips/include/asm/hugetlb.h b/arch/mips/include/asm/hugetlb.h
index d0a86ce83de9..fbc71ddcf0f6 100644
--- a/arch/mips/include/asm/hugetlb.h
+++ b/arch/mips/include/asm/hugetlb.h
@@ -27,7 +27,8 @@ static inline int prepare_hugepage_range(struct file *file,
#define __HAVE_ARCH_HUGE_PTEP_GET_AND_CLEAR
static inline pte_t huge_ptep_get_and_clear(struct mm_struct *mm,
- unsigned long addr, pte_t *ptep)
+ unsigned long addr, pte_t *ptep,
+ unsigned long sz)
{
pte_t clear;
pte_t pte = *ptep;
@@ -42,13 +43,14 @@ static inline pte_t huge_ptep_clear_flush(struct vm_area_struct *vma,
unsigned long addr, pte_t *ptep)
{
pte_t pte;
+ unsigned long sz = huge_page_size(hstate_vma(vma));
/*
* clear the huge pte entry firstly, so that the other smp threads will
* not get old pte entry after finishing flush_tlb_page and before
* setting new huge pte entry
*/
- pte = huge_ptep_get_and_clear(vma->vm_mm, addr, ptep);
+ pte = huge_ptep_get_and_clear(vma->vm_mm, addr, ptep, sz);
flush_tlb_page(vma, addr);
return pte;
}
diff --git a/arch/parisc/include/asm/hugetlb.h b/arch/parisc/include/asm/hugetlb.h
index 5b3a5429f71b..21e9ace17739 100644
--- a/arch/parisc/include/asm/hugetlb.h
+++ b/arch/parisc/include/asm/hugetlb.h
@@ -10,7 +10,7 @@ void set_huge_pte_at(struct mm_struct *mm, unsigned long addr,
#define __HAVE_ARCH_HUGE_PTEP_GET_AND_CLEAR
pte_t huge_ptep_get_and_clear(struct mm_struct *mm, unsigned long addr,
- pte_t *ptep);
+ pte_t *ptep, unsigned long sz);
#define __HAVE_ARCH_HUGE_PTEP_CLEAR_FLUSH
static inline pte_t huge_ptep_clear_flush(struct vm_area_struct *vma,
diff --git a/arch/parisc/mm/hugetlbpage.c b/arch/parisc/mm/hugetlbpage.c
index e9d18cf25b79..a94fe546d434 100644
--- a/arch/parisc/mm/hugetlbpage.c
+++ b/arch/parisc/mm/hugetlbpage.c
@@ -126,7 +126,7 @@ void set_huge_pte_at(struct mm_struct *mm, unsigned long addr,
pte_t huge_ptep_get_and_clear(struct mm_struct *mm, unsigned long addr,
- pte_t *ptep)
+ pte_t *ptep, unsigned long sz)
{
pte_t entry;
diff --git a/arch/powerpc/include/asm/hugetlb.h b/arch/powerpc/include/asm/hugetlb.h
index dad2e7980f24..86326587e58d 100644
--- a/arch/powerpc/include/asm/hugetlb.h
+++ b/arch/powerpc/include/asm/hugetlb.h
@@ -45,7 +45,8 @@ void set_huge_pte_at(struct mm_struct *mm, unsigned long addr, pte_t *ptep,
#define __HAVE_ARCH_HUGE_PTEP_GET_AND_CLEAR
static inline pte_t huge_ptep_get_and_clear(struct mm_struct *mm,
- unsigned long addr, pte_t *ptep)
+ unsigned long addr, pte_t *ptep,
+ unsigned long sz)
{
return __pte(pte_update(mm, addr, ptep, ~0UL, 0, 1));
}
@@ -55,8 +56,9 @@ static inline pte_t huge_ptep_clear_flush(struct vm_area_struct *vma,
unsigned long addr, pte_t *ptep)
{
pte_t pte;
+ unsigned long sz = huge_page_size(hstate_vma(vma));
- pte = huge_ptep_get_and_clear(vma->vm_mm, addr, ptep);
+ pte = huge_ptep_get_and_clear(vma->vm_mm, addr, ptep, sz);
flush_hugetlb_page(vma, addr);
return pte;
}
diff --git a/arch/riscv/include/asm/hugetlb.h b/arch/riscv/include/asm/hugetlb.h
index faf3624d8057..446126497768 100644
--- a/arch/riscv/include/asm/hugetlb.h
+++ b/arch/riscv/include/asm/hugetlb.h
@@ -28,7 +28,8 @@ void set_huge_pte_at(struct mm_struct *mm,
#define __HAVE_ARCH_HUGE_PTEP_GET_AND_CLEAR
pte_t huge_ptep_get_and_clear(struct mm_struct *mm,
- unsigned long addr, pte_t *ptep);
+ unsigned long addr, pte_t *ptep,
+ unsigned long sz);
#define __HAVE_ARCH_HUGE_PTEP_CLEAR_FLUSH
pte_t huge_ptep_clear_flush(struct vm_area_struct *vma,
diff --git a/arch/riscv/mm/hugetlbpage.c b/arch/riscv/mm/hugetlbpage.c
index 42314f093922..b4a78a4b35cf 100644
--- a/arch/riscv/mm/hugetlbpage.c
+++ b/arch/riscv/mm/hugetlbpage.c
@@ -293,7 +293,7 @@ int huge_ptep_set_access_flags(struct vm_area_struct *vma,
pte_t huge_ptep_get_and_clear(struct mm_struct *mm,
unsigned long addr,
- pte_t *ptep)
+ pte_t *ptep, unsigned long sz)
{
pte_t orig_pte = ptep_get(ptep);
int pte_num;
diff --git a/arch/s390/include/asm/hugetlb.h b/arch/s390/include/asm/hugetlb.h
index 7c52acaf9f82..420c74306779 100644
--- a/arch/s390/include/asm/hugetlb.h
+++ b/arch/s390/include/asm/hugetlb.h
@@ -26,7 +26,11 @@ void __set_huge_pte_at(struct mm_struct *mm, unsigned long addr,
pte_t huge_ptep_get(struct mm_struct *mm, unsigned long addr, pte_t *ptep);
#define __HAVE_ARCH_HUGE_PTEP_GET_AND_CLEAR
-pte_t huge_ptep_get_and_clear(struct mm_struct *mm, unsigned long addr, pte_t *ptep);
+pte_t huge_ptep_get_and_clear(struct mm_struct *mm,
+ unsigned long addr, pte_t *ptep,
+ unsigned long sz);
+pte_t __huge_ptep_get_and_clear(struct mm_struct *mm,
+ unsigned long addr, pte_t *ptep);
static inline void arch_clear_hugetlb_flags(struct folio *folio)
{
@@ -48,7 +52,7 @@ static inline void huge_pte_clear(struct mm_struct *mm, unsigned long addr,
static inline pte_t huge_ptep_clear_flush(struct vm_area_struct *vma,
unsigned long address, pte_t *ptep)
{
- return huge_ptep_get_and_clear(vma->vm_mm, address, ptep);
+ return __huge_ptep_get_and_clear(vma->vm_mm, address, ptep);
}
#define __HAVE_ARCH_HUGE_PTEP_SET_ACCESS_FLAGS
@@ -59,7 +63,7 @@ static inline int huge_ptep_set_access_flags(struct vm_area_struct *vma,
int changed = !pte_same(huge_ptep_get(vma->vm_mm, addr, ptep), pte);
if (changed) {
- huge_ptep_get_and_clear(vma->vm_mm, addr, ptep);
+ __huge_ptep_get_and_clear(vma->vm_mm, addr, ptep);
__set_huge_pte_at(vma->vm_mm, addr, ptep, pte);
}
return changed;
@@ -69,7 +73,7 @@ static inline int huge_ptep_set_access_flags(struct vm_area_struct *vma,
static inline void huge_ptep_set_wrprotect(struct mm_struct *mm,
unsigned long addr, pte_t *ptep)
{
- pte_t pte = huge_ptep_get_and_clear(mm, addr, ptep);
+ pte_t pte = __huge_ptep_get_and_clear(mm, addr, ptep);
__set_huge_pte_at(mm, addr, ptep, pte_wrprotect(pte));
}
diff --git a/arch/s390/mm/hugetlbpage.c b/arch/s390/mm/hugetlbpage.c
index d9ce199953de..52ee8e854195 100644
--- a/arch/s390/mm/hugetlbpage.c
+++ b/arch/s390/mm/hugetlbpage.c
@@ -188,8 +188,8 @@ pte_t huge_ptep_get(struct mm_struct *mm, unsigned long addr, pte_t *ptep)
return __rste_to_pte(pte_val(*ptep));
}
-pte_t huge_ptep_get_and_clear(struct mm_struct *mm,
- unsigned long addr, pte_t *ptep)
+pte_t __huge_ptep_get_and_clear(struct mm_struct *mm,
+ unsigned long addr, pte_t *ptep)
{
pte_t pte = huge_ptep_get(mm, addr, ptep);
pmd_t *pmdp = (pmd_t *) ptep;
@@ -202,6 +202,12 @@ pte_t huge_ptep_get_and_clear(struct mm_struct *mm,
return pte;
}
+pte_t huge_ptep_get_and_clear(struct mm_struct *mm,
+ unsigned long addr, pte_t *ptep, unsigned long sz)
+{
+ return __huge_ptep_get_and_clear(mm, addr, ptep);
+}
+
pte_t *huge_pte_alloc(struct mm_struct *mm, struct vm_area_struct *vma,
unsigned long addr, unsigned long sz)
{
diff --git a/arch/sparc/include/asm/hugetlb.h b/arch/sparc/include/asm/hugetlb.h
index c714ca6a05aa..e7a9cdd498dc 100644
--- a/arch/sparc/include/asm/hugetlb.h
+++ b/arch/sparc/include/asm/hugetlb.h
@@ -20,7 +20,7 @@ void __set_huge_pte_at(struct mm_struct *mm, unsigned long addr,
#define __HAVE_ARCH_HUGE_PTEP_GET_AND_CLEAR
pte_t huge_ptep_get_and_clear(struct mm_struct *mm, unsigned long addr,
- pte_t *ptep);
+ pte_t *ptep, unsigned long sz);
#define __HAVE_ARCH_HUGE_PTEP_CLEAR_FLUSH
static inline pte_t huge_ptep_clear_flush(struct vm_area_struct *vma,
diff --git a/arch/sparc/mm/hugetlbpage.c b/arch/sparc/mm/hugetlbpage.c
index eee601a0d2cf..80504148d8a5 100644
--- a/arch/sparc/mm/hugetlbpage.c
+++ b/arch/sparc/mm/hugetlbpage.c
@@ -260,7 +260,7 @@ void set_huge_pte_at(struct mm_struct *mm, unsigned long addr,
}
pte_t huge_ptep_get_and_clear(struct mm_struct *mm, unsigned long addr,
- pte_t *ptep)
+ pte_t *ptep, unsigned long sz)
{
unsigned int i, nptes, orig_shift, shift;
unsigned long size;
diff --git a/include/asm-generic/hugetlb.h b/include/asm-generic/hugetlb.h
index f42133dae68e..2afc95bf1655 100644
--- a/include/asm-generic/hugetlb.h
+++ b/include/asm-generic/hugetlb.h
@@ -90,7 +90,7 @@ static inline void set_huge_pte_at(struct mm_struct *mm, unsigned long addr,
#ifndef __HAVE_ARCH_HUGE_PTEP_GET_AND_CLEAR
static inline pte_t huge_ptep_get_and_clear(struct mm_struct *mm,
- unsigned long addr, pte_t *ptep)
+ unsigned long addr, pte_t *ptep, unsigned long sz)
{
return ptep_get_and_clear(mm, addr, ptep);
}
diff --git a/include/linux/hugetlb.h b/include/linux/hugetlb.h
index ec8c0ccc8f95..bf5f7256bd28 100644
--- a/include/linux/hugetlb.h
+++ b/include/linux/hugetlb.h
@@ -1004,7 +1004,9 @@ static inline void hugetlb_count_sub(long l, struct mm_struct *mm)
static inline pte_t huge_ptep_modify_prot_start(struct vm_area_struct *vma,
unsigned long addr, pte_t *ptep)
{
- return huge_ptep_get_and_clear(vma->vm_mm, addr, ptep);
+ unsigned long psize = huge_page_size(hstate_vma(vma));
+
+ return huge_ptep_get_and_clear(vma->vm_mm, addr, ptep, psize);
}
#endif
diff --git a/mm/hugetlb.c b/mm/hugetlb.c
index 65068671e460..de9d49e521c1 100644
--- a/mm/hugetlb.c
+++ b/mm/hugetlb.c
@@ -5447,7 +5447,7 @@ static void move_huge_pte(struct vm_area_struct *vma, unsigned long old_addr,
if (src_ptl != dst_ptl)
spin_lock_nested(src_ptl, SINGLE_DEPTH_NESTING);
- pte = huge_ptep_get_and_clear(mm, old_addr, src_pte);
+ pte = huge_ptep_get_and_clear(mm, old_addr, src_pte, sz);
if (need_clear_uffd_wp && pte_marker_uffd_wp(pte))
huge_pte_clear(mm, new_addr, dst_pte, sz);
@@ -5622,7 +5622,7 @@ void __unmap_hugepage_range(struct mmu_gather *tlb, struct vm_area_struct *vma,
set_vma_resv_flags(vma, HPAGE_RESV_UNMAPPED);
}
- pte = huge_ptep_get_and_clear(mm, address, ptep);
+ pte = huge_ptep_get_and_clear(mm, address, ptep, sz);
tlb_remove_huge_tlb_entry(h, tlb, ptep, address);
if (huge_pte_dirty(pte))
set_page_dirty(page);
--
2.43.0
4 months, 2 weeks
- 2
- 2
[PATCH] regmap-irq: Add missing kfree()
by Jiasheng Jiang
Add kfree() for "d->main_status_buf" in the error-handling path to prevent
a memory leak.
Fixes: a2d21848d921 ("regmap: regmap-irq: Add main status register support")
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Jiasheng Jiang <jiashengjiangcool(a)gmail.com>
---
drivers/base/regmap/regmap-irq.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/base/regmap/regmap-irq.c b/drivers/base/regmap/regmap-irq.c
index 0bcd81389a29..b73ab3cda781 100644
--- a/drivers/base/regmap/regmap-irq.c
+++ b/drivers/base/regmap/regmap-irq.c
@@ -906,6 +906,7 @@ int regmap_add_irq_chip_fwnode(struct fwnode_handle *fwnode,
kfree(d->wake_buf);
kfree(d->mask_buf_def);
kfree(d->mask_buf);
+ kfree(d->main_status_buf);
kfree(d->status_buf);
kfree(d->status_reg_buf);
if (d->config_buf) {
--
2.25.1
4 months, 2 weeks
- 4
- 7
[PATCH netdev] net: stmmac: dwmac-rk: Provide FIFO sizes for DWMAC 1000
by Chen-Yu Tsai
From: Chen-Yu Tsai <wens(a)csie.org>
The DWMAC 1000 DMA capabilities register does not provide actual
FIFO sizes, nor does the driver really care. If they are not
provided via some other means, the driver will work fine, only
disallowing changing the MTU setting.
The recent commit 8865d22656b4 ("net: stmmac: Specify hardware
capability value when FIFO size isn't specified") changed this by
requiring the FIFO sizes to be provided, breaking devices that were
working just fine.
Provide the FIFO sizes through the driver's platform data, to not
only fix the breakage, but also enable MTU changes. The FIFO sizes
are confirmed to be the same across RK3288, RK3328, RK3399 and PX30,
based on their respective manuals. It is likely that Rockchip
synthesized their DWMAC 1000 with the same parameters on all their
chips that have it.
Fixes: eaf4fac47807 ("net: stmmac: Do not accept invalid MTU values")
Fixes: 8865d22656b4 ("net: stmmac: Specify hardware capability value when FIFO size isn't specified")
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Chen-Yu Tsai <wens(a)csie.org>
---
The reason for stable inclusion is not to fix the device breakage
(which only broke in v6.14-rc1), but to provide the values so that MTU
changes can work in older kernels.
Since a fix for stmmac in general has already been sent [1] and a revert
was also proposed [2], I'll refrain from sending mine.
[1] https://lore.kernel.org/all/20250203093419.25804-1-steven.price@arm.com/
[2] https://lore.kernel.org/all/Z6Clkh44QgdNJu_O@shell.armlinux.org.uk/
drivers/net/ethernet/stmicro/stmmac/dwmac-rk.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/stmicro/stmmac/dwmac-rk.c b/drivers/net/ethernet/stmicro/stmmac/dwmac-rk.c
index a4dc89e23a68..71a4c4967467 100644
--- a/drivers/net/ethernet/stmicro/stmmac/dwmac-rk.c
+++ b/drivers/net/ethernet/stmicro/stmmac/dwmac-rk.c
@@ -1966,8 +1966,11 @@ static int rk_gmac_probe(struct platform_device *pdev)
/* If the stmmac is not already selected as gmac4,
* then make sure we fallback to gmac.
*/
- if (!plat_dat->has_gmac4)
+ if (!plat_dat->has_gmac4) {
plat_dat->has_gmac = true;
+ plat_dat->rx_fifo_size = 4096;
+ plat_dat->tx_fifo_size = 2048;
+ }
plat_dat->fix_mac_speed = rk_fix_speed;
plat_dat->bsp_priv = rk_gmac_setup(pdev, plat_dat, data);
--
2.39.5
4 months, 2 weeks
- 6
- 8
[PATCH v2] Documentation/no_hz: Remove description that states boot CPU cannot be nohz_full
by Krishanth Jagaduri via B4 Relay
From: Oleg Nesterov <oleg(a)redhat.com>
sched/isolation: Prevent boot crash when the boot CPU is nohz_full
[ Upstream commit 5097cbcb38e6e0d2627c9dde1985e91d2c9f880e ]
Documentation/timers/no_hz.rst states that the "nohz_full=" mask must not
include the boot CPU, which is no longer true after:
commit 08ae95f4fd3b ("nohz_full: Allow the boot CPU to be nohz_full").
However after:
aae17ebb53cd ("workqueue: Avoid using isolated cpus' timers on queue_delayed_work")
the kernel will crash at boot time in this case; housekeeping_any_cpu()
returns an invalid CPU number until smp_init() brings the first
housekeeping CPU up.
Change housekeeping_any_cpu() to check the result of cpumask_any_and() and
return smp_processor_id() in this case.
This is just the simple and backportable workaround which fixes the
symptom, but smp_processor_id() at boot time should be safe at least for
type == HK_TYPE_TIMER, this more or less matches the tick_do_timer_boot_cpu
logic.
There is no worry about cpu_down(); tick_nohz_cpu_down() will not allow to
offline tick_do_timer_cpu (the 1st online housekeeping CPU).
[ Apply only documentation changes as commit which causes boot
crash when boot CPU is nohz_full is not backported to stable
kernels - Krishanth ]
Fixes: aae17ebb53cd ("workqueue: Avoid using isolated cpus' timers on queue_delayed_work")
Reported-by: Chris von Recklinghausen <crecklin(a)redhat.com>
Signed-off-by: Oleg Nesterov <oleg(a)redhat.com>
Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de>
Signed-off-by: Ingo Molnar <mingo(a)kernel.org>
Reviewed-by: Phil Auld <pauld(a)redhat.com>
Acked-by: Frederic Weisbecker <frederic(a)kernel.org>
Link: https://lore.kernel.org/r/20240411143905.GA19288@redhat.com
Closes: https://lore.kernel.org/all/20240402105847.GA24832@redhat.com/
Cc: stable(a)vger.kernel.org # 5.4+
Signed-off-by: Krishanth Jagaduri <Krishanth.Jagaduri(a)sony.com>
---
Hi,
Before kernel 6.9, Documentation/timers/no_hz.rst states that
"nohz_full=" mask must not include the boot CPU, which is no longer
true after commit 08ae95f4fd3b ("nohz_full: Allow the boot CPU to be
nohz_full").
When trying LTS kernels between 5.4 and 6.6, we noticed we could use
boot CPU as nohz_full but the information in the document was misleading.
This was fixed upstream by commit 5097cbcb38e6 ("sched/isolation: Prevent
boot crash when the boot CPU is nohz_full").
While it fixes the document description, it also fixes issue introduced
by another commit aae17ebb53cd ("workqueue: Avoid using isolated cpus'
timers on queue_delayed_work").
It is unlikely that upstream commit as a whole will be backported to
stable kernels which does not contain the commit that introduced the
issue of boot crash when boot CPU is nohz_full.
Could we fix only the document portion in stable kernels 5.4+ that
mentions boot CPU cannot be nohz_full?
---
Changes in v2:
- Add original changelog and trailers to commit message.
- Add backport note for why only document portion is modified.
- Link to v1: https://lore.kernel.org/r/20250205-send-oss-20250129-v1-1-d404921e6d7e@sony…
---
Documentation/timers/no_hz.rst | 7 ++-----
1 file changed, 2 insertions(+), 5 deletions(-)
diff --git a/Documentation/timers/no_hz.rst b/Documentation/timers/no_hz.rst
index 065db217cb04fc252bbf6a05991296e7f1d3a4c5..16bda468423e88090c0dc467ca7a5c7f3fd2bf02 100644
--- a/Documentation/timers/no_hz.rst
+++ b/Documentation/timers/no_hz.rst
@@ -129,11 +129,8 @@ adaptive-tick CPUs: At least one non-adaptive-tick CPU must remain
online to handle timekeeping tasks in order to ensure that system
calls like gettimeofday() returns accurate values on adaptive-tick CPUs.
(This is not an issue for CONFIG_NO_HZ_IDLE=y because there are no running
-user processes to observe slight drifts in clock rate.) Therefore, the
-boot CPU is prohibited from entering adaptive-ticks mode. Specifying a
-"nohz_full=" mask that includes the boot CPU will result in a boot-time
-error message, and the boot CPU will be removed from the mask. Note that
-this means that your system must have at least two CPUs in order for
+user processes to observe slight drifts in clock rate.) Note that this
+means that your system must have at least two CPUs in order for
CONFIG_NO_HZ_FULL=y to do anything for you.
Finally, adaptive-ticks CPUs must have their RCU callbacks offloaded.
---
base-commit: 219d54332a09e8d8741c1e1982f5eae56099de85
change-id: 20250129-send-oss-20250129-3c42dcf463eb
Best regards,
--
Krishanth Jagaduri <Krishanth.Jagaduri(a)sony.com>
4 months, 2 weeks
- 1
- 0
[PATCH v2] ftrace: Avoid potential division by zero in function_stat_show()
by Nikolay Kuratov
Check whether denominator expression x * (x - 1) * 1000 mod {2^32, 2^64}
produce zero and skip stddev computation in that case.
For now don't care about rec->counter * rec->counter overflow because
rec->time * rec->time overflow will likely happen earlier.
Cc: stable(a)vger.kernel.org
Fixes: e31f7939c1c27 ("ftrace: Avoid potential division by zero in function profiler")
Signed-off-by: Nikolay Kuratov <kniv(a)yandex-team.ru>
---
v2: Instead of splitting the division into two store denominator into
separate variable and zero-check it
kernel/trace/ftrace.c | 27 ++++++++++++---------------
1 file changed, 12 insertions(+), 15 deletions(-)
diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c
index 728ecda6e8d4..9ea6609588cf 100644
--- a/kernel/trace/ftrace.c
+++ b/kernel/trace/ftrace.c
@@ -540,6 +540,7 @@ static int function_stat_show(struct seq_file *m, void *v)
static struct trace_seq s;
unsigned long long avg;
unsigned long long stddev;
+ unsigned long long stddev_denom;
#endif
guard(mutex)(&ftrace_profile_lock);
@@ -559,23 +560,19 @@ static int function_stat_show(struct seq_file *m, void *v)
#ifdef CONFIG_FUNCTION_GRAPH_TRACER
seq_puts(m, " ");
- /* Sample standard deviation (s^2) */
- if (rec->counter <= 1)
- stddev = 0;
- else {
- /*
- * Apply Welford's method:
- * s^2 = 1 / (n * (n-1)) * (n * \Sum (x_i)^2 - (\Sum x_i)^2)
- */
+ /*
+ * Variance formula:
+ * s^2 = 1 / (n * (n-1)) * (n * \Sum (x_i)^2 - (\Sum x_i)^2)
+ * Maybe Welford's method is better here?
+ * Divide only by 1000 for ns^2 -> us^2 conversion.
+ * trace_print_graph_duration will divide by 1000 again.
+ */
+ stddev = 0;
+ stddev_denom = rec->counter * (rec->counter - 1) * 1000;
+ if (stddev_denom) {
stddev = rec->counter * rec->time_squared -
rec->time * rec->time;
-
- /*
- * Divide only 1000 for ns^2 -> us^2 conversion.
- * trace_print_graph_duration will divide 1000 again.
- */
- stddev = div64_ul(stddev,
- rec->counter * (rec->counter - 1) * 1000);
+ stddev = div64_ul(stddev, stddev_denom);
}
trace_seq_init(&s);
--
2.34.1
4 months, 2 weeks
- 1
- 0
[PATCH] net: stmmac: dwmac-loongson: Set correct {tx,rx}_fifo_size
by Huacai Chen
Now for dwmac-loongson {tx,rx}_fifo_size are uninitialised, which means
zero. This means dwmac-loongson doesn't support changing MTU, so set the
correct tx_fifo_size and rx_fifo_size for it (16KB multiplied by channel
counts).
Note: the Fixes tag is not exactly right, but it is a key commit of the
dwmac-loongson series.
Cc: stable(a)vger.kernel.org
Fixes: ad72f783de06827a1f ("net: stmmac: Add multi-channel support")
Signed-off-by: Chong Qiao <qiaochong(a)loongson.cn>
Signed-off-by: Huacai Chen <chenhuacai(a)loongson.cn>
---
drivers/net/ethernet/stmicro/stmmac/dwmac-loongson.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/net/ethernet/stmicro/stmmac/dwmac-loongson.c b/drivers/net/ethernet/stmicro/stmmac/dwmac-loongson.c
index bfe6e2d631bd..79acdf38c525 100644
--- a/drivers/net/ethernet/stmicro/stmmac/dwmac-loongson.c
+++ b/drivers/net/ethernet/stmicro/stmmac/dwmac-loongson.c
@@ -574,6 +574,9 @@ static int loongson_dwmac_probe(struct pci_dev *pdev, const struct pci_device_id
if (ret)
goto err_disable_device;
+ plat->tx_fifo_size = SZ_16K * plat->tx_queues_to_use;
+ plat->rx_fifo_size = SZ_16K * plat->rx_queues_to_use;
+
if (dev_of_node(&pdev->dev))
ret = loongson_dwmac_dt_config(pdev, plat, &res);
else
--
2.47.1
4 months, 2 weeks
- 5
- 5
[PATCH 2/2] scsi: qedf: Add check for bdt_info
by Jiasheng Jiang
Add a check for "bdt_info". Otherwise, if one of the allocations
for "cmgr->io_bdt_pool[i]" fails, "bdt_info->bd_tbl" will cause a NULL
pointer dereference.
Fixes: 61d8658b4a43 ("scsi: qedf: Add QLogic FastLinQ offload FCoE driver framework.")
Cc: <stable(a)vger.kernel.org> # v5.10+
Signed-off-by: Jiasheng Jiang <jiashengjiangcool(a)gmail.com>
---
drivers/scsi/qedf/qedf_io.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/scsi/qedf/qedf_io.c b/drivers/scsi/qedf/qedf_io.c
index d52057b97a4f..1ed0ee4f8dde 100644
--- a/drivers/scsi/qedf/qedf_io.c
+++ b/drivers/scsi/qedf/qedf_io.c
@@ -125,7 +125,7 @@ void qedf_cmd_mgr_free(struct qedf_cmd_mgr *cmgr)
bd_tbl_sz = QEDF_MAX_BDS_PER_CMD * sizeof(struct scsi_sge);
for (i = 0; i < num_ios; i++) {
bdt_info = cmgr->io_bdt_pool[i];
- if (bdt_info->bd_tbl) {
+ if (bdt_info && bdt_info->bd_tbl) {
dma_free_coherent(&qedf->pdev->dev, bd_tbl_sz,
bdt_info->bd_tbl, bdt_info->bd_tbl_dma);
bdt_info->bd_tbl = NULL;
--
2.25.1
4 months, 2 weeks
- 1
- 0
[PATCH net] selftests: mptcp: connect: -f: no reconnect
by Matthieu Baerts (NGI0)
The '-f' parameter is there to force the kernel to emit MPTCP FASTCLOSE
by closing the connection with unread bytes in the receive queue.
The xdisconnect() helper was used to stop the connection, but it does
more than that: it will shut it down, then wait before reconnecting to
the same address. This causes the mptcp_join's "fastclose test" to fail
all the time.
This failure is due to a recent change, with commit 218cc166321f
("selftests: mptcp: avoid spurious errors on disconnect"), but that went
unnoticed because the test is currently ignored. The recent modification
only shown an existing issue: xdisconnect() doesn't need to be used
here, only the shutdown() part is needed.
Fixes: 6bf41020b72b ("selftests: mptcp: update and extend fastclose test-cases")
Cc: stable(a)vger.kernel.org
Reviewed-by: Mat Martineau <martineau(a)kernel.org>
Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org>
---
Notes:
- The failure was not clearly visible on NIPA, because the results for
the two impacted sub-tests are currently ignored (unstable). Still,
it looks important to fix that, as this will help when the tests will
be improved not to be unstable any more.
---
tools/testing/selftests/net/mptcp/mptcp_connect.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/testing/selftests/net/mptcp/mptcp_connect.c b/tools/testing/selftests/net/mptcp/mptcp_connect.c
index 414addef9a4514c489ecd09249143fe0ce2af649..d240d02fa443a1cd802f0e705ab36db5c22063a8 100644
--- a/tools/testing/selftests/net/mptcp/mptcp_connect.c
+++ b/tools/testing/selftests/net/mptcp/mptcp_connect.c
@@ -1302,7 +1302,7 @@ int main_loop(void)
return ret;
if (cfg_truncate > 0) {
- xdisconnect(fd);
+ shutdown(fd, SHUT_WR);
} else if (--cfg_repeat > 0) {
xdisconnect(fd);
---
base-commit: 4241a702e0d0c2ca9364cfac08dbf134264962de
change-id: 20250204-net-mptcp-sft-conn-f-d1c14274ba66
Best regards,
--
Matthieu Baerts (NGI0) <matttbe(a)kernel.org>
4 months, 2 weeks
- 2
- 1
[PATCH 6.6 0/6] md/md-bitmap: move bitmap_{start, end}write to md upper layer
by Yu Kuai
From: Yu Kuai <yukuai3(a)huawei.com>
This set fix reported problem:
https://lore.kernel.org/all/CAJpMwyjmHQLvm6zg1cmQErttNNQPDAAXPKM3xgTjMhbfts…
https://lore.kernel.org/all/ADF7D720-5764-4AF3-B68E-1845988737AA@flyingcirc…
See details in patch 6.
Benjamin Marzinski (1):
md/raid5: recheck if reshape has finished with device_lock held
Yu Kuai (5):
md/md-bitmap: factor behind write counters out from
bitmap_{start/end}write()
md/md-bitmap: remove the last parameter for bimtap_ops->endwrite()
md: add a new callback pers->bitmap_sector()
md/raid5: implement pers->bitmap_sector()
md/md-bitmap: move bitmap_{start, end}write to md upper layer
drivers/md/md-bitmap.c | 75 ++++++++++-------
drivers/md/md-bitmap.h | 6 +-
drivers/md/md.c | 26 ++++++
drivers/md/md.h | 5 ++
drivers/md/raid1.c | 35 ++------
drivers/md/raid1.h | 1 -
drivers/md/raid10.c | 26 +-----
drivers/md/raid10.h | 1 -
drivers/md/raid5-cache.c | 4 -
drivers/md/raid5.c | 174 ++++++++++++++++++++++-----------------
drivers/md/raid5.h | 4 -
11 files changed, 185 insertions(+), 172 deletions(-)
--
2.39.2
4 months, 2 weeks
- 3
- 10
[PATCH 6.13 0/5] md/md-bitmap: move bitmap_{start, end}write to md upper layer
by Yu Kuai
This set fix reported problem:
https://lore.kernel.org/all/CAJpMwyjmHQLvm6zg1cmQErttNNQPDAAXPKM3xgTjMhbfts…
https://lore.kernel.org/all/ADF7D720-5764-4AF3-B68E-1845988737AA@flyingcirc…
See details in patch 5.
Yu Kuai (5):
md/md-bitmap: factor behind write counters out from
bitmap_{start/end}write()
md/md-bitmap: remove the last parameter for bimtap_ops->endwrite()
md: add a new callback pers->bitmap_sector()
md/raid5: implement pers->bitmap_sector()
md/md-bitmap: move bitmap_{start, end}write to md upper layer
drivers/md/md-bitmap.c | 74 ++++++++++++++++----------
drivers/md/md-bitmap.h | 7 ++-
drivers/md/md.c | 29 ++++++++++
drivers/md/md.h | 5 ++
drivers/md/raid1.c | 34 +++---------
drivers/md/raid1.h | 1 -
drivers/md/raid10.c | 26 +--------
drivers/md/raid10.h | 1 -
drivers/md/raid5-cache.c | 4 --
drivers/md/raid5.c | 111 ++++++++++++++++++++-------------------
drivers/md/raid5.h | 4 --
11 files changed, 149 insertions(+), 147 deletions(-)
--
2.39.2
4 months, 2 weeks
- 3
- 9
[PATCH] drivers: virt: acrn: hsm: Use kzalloc to avoid info leak in pmcmd_ioctl
by Haoyu Li
In the "pmcmd_ioctl" function, three memory objects allocated by
kmalloc are initialized by "hcall_get_cpu_state", which are then
copied to user space. The initializer is indeed implemented in
"acrn_hypercall2" (arch/x86/include/asm/acrn.h). There is a risk of
information leakage due to uninitialized bytes.
Fixes: 3d679d5aec64 ("virt: acrn: Introduce interfaces to query C-states and P-states allowed by hypervisor")
Signed-off-by: Haoyu Li <lihaoyu499(a)gmail.com>
Cc: stable(a)vger.kernel.org
---
drivers/virt/acrn/hsm.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/virt/acrn/hsm.c b/drivers/virt/acrn/hsm.c
index c24036c4e51e..e4e196abdaac 100644
--- a/drivers/virt/acrn/hsm.c
+++ b/drivers/virt/acrn/hsm.c
@@ -49,7 +49,7 @@ static int pmcmd_ioctl(u64 cmd, void __user *uptr)
switch (cmd & PMCMD_TYPE_MASK) {
case ACRN_PMCMD_GET_PX_CNT:
case ACRN_PMCMD_GET_CX_CNT:
- pm_info = kmalloc(sizeof(u64), GFP_KERNEL);
+ pm_info = kzalloc(sizeof(u64), GFP_KERNEL);
if (!pm_info)
return -ENOMEM;
@@ -64,7 +64,7 @@ static int pmcmd_ioctl(u64 cmd, void __user *uptr)
kfree(pm_info);
break;
case ACRN_PMCMD_GET_PX_DATA:
- px_data = kmalloc(sizeof(*px_data), GFP_KERNEL);
+ px_data = kzalloc(sizeof(*px_data), GFP_KERNEL);
if (!px_data)
return -ENOMEM;
@@ -79,7 +79,7 @@ static int pmcmd_ioctl(u64 cmd, void __user *uptr)
kfree(px_data);
break;
case ACRN_PMCMD_GET_CX_DATA:
- cx_data = kmalloc(sizeof(*cx_data), GFP_KERNEL);
+ cx_data = kzalloc(sizeof(*cx_data), GFP_KERNEL);
if (!cx_data)
return -ENOMEM;
--
2.34.1
4 months, 2 weeks
- 2
- 1
[PATCH] usb: roles: cache usb roles received during switch registration
by Elson Roy Serrao
The role switch registration and set_role() can happen in parallel as they
are invoked independent of each other. There is a possibility that a driver
might spend significant amount of time in usb_role_switch_register() API
due to the presence of time intensive operations like component_add()
which operate under common mutex. This leads to a time window after
allocating the switch and before setting the registered flag where the set
role notifications are dropped. Below timeline summarizes this behavior
Thread1 | Thread2
usb_role_switch_register() |
| |
---> allocate switch |
| |
---> component_add() | usb_role_switch_set_role()
| | |
| | --> Drop role notifications
| | since sw->registered
| | flag is not set.
| |
--->Set registered flag.|
To avoid this, cache the last role received and set it once the switch
registration is complete. Since we are now caching the roles based on
registered flag, protect this flag with the switch mutex.
Fixes: b787a3e78175 ("usb: roles: don't get/set_role() when usb_role_switch is unregistered")
cc: stable(a)vger.kernel.org
Signed-off-by: Elson Roy Serrao <quic_eserrao(a)quicinc.com>
---
drivers/usb/roles/class.c | 45 ++++++++++++++++++++++++++++++++-------
1 file changed, 37 insertions(+), 8 deletions(-)
diff --git a/drivers/usb/roles/class.c b/drivers/usb/roles/class.c
index c58a12c147f4..c0149c31c01b 100644
--- a/drivers/usb/roles/class.c
+++ b/drivers/usb/roles/class.c
@@ -26,6 +26,8 @@ struct usb_role_switch {
struct mutex lock; /* device lock*/
struct module *module; /* the module this device depends on */
enum usb_role role;
+ enum usb_role cached_role;
+ bool cached;
bool registered;
/* From descriptor */
@@ -65,6 +67,20 @@ static const struct component_ops connector_ops = {
.unbind = connector_unbind,
};
+static int __usb_role_switch_set_role(struct usb_role_switch *sw,
+ enum usb_role role)
+{
+ int ret;
+
+ ret = sw->set(sw, role);
+ if (!ret) {
+ sw->role = role;
+ kobject_uevent(&sw->dev.kobj, KOBJ_CHANGE);
+ }
+
+ return ret;
+}
+
/**
* usb_role_switch_set_role - Set USB role for a switch
* @sw: USB role switch
@@ -79,17 +95,21 @@ int usb_role_switch_set_role(struct usb_role_switch *sw, enum usb_role role)
if (IS_ERR_OR_NULL(sw))
return 0;
- if (!sw->registered)
- return -EOPNOTSUPP;
-
+ /*
+ * Since we have a valid sw struct here, role switch registration might
+ * be in progress. Hence cache the role here and send it out once
+ * registration is complete.
+ */
mutex_lock(&sw->lock);
-
- ret = sw->set(sw, role);
- if (!ret) {
- sw->role = role;
- kobject_uevent(&sw->dev.kobj, KOBJ_CHANGE);
+ if (!sw->registered) {
+ sw->cached = true;
+ sw->cached_role = role;
+ mutex_unlock(&sw->lock);
+ return 0;
}
+ ret = __usb_role_switch_set_role(sw, role);
+
mutex_unlock(&sw->lock);
return ret;
@@ -399,8 +419,14 @@ usb_role_switch_register(struct device *parent,
dev_warn(&sw->dev, "failed to add component\n");
}
+ mutex_lock(&sw->lock);
sw->registered = true;
+ if (sw->cached)
+ __usb_role_switch_set_role(sw, sw->cached_role);
+
+ mutex_unlock(&sw->lock);
+
/* TODO: Symlinks for the host port and the device controller. */
return sw;
@@ -417,7 +443,10 @@ void usb_role_switch_unregister(struct usb_role_switch *sw)
{
if (IS_ERR_OR_NULL(sw))
return;
+ mutex_lock(&sw->lock);
sw->registered = false;
+ sw->cached = false;
+ mutex_unlock(&sw->lock);
if (dev_fwnode(&sw->dev))
component_del(&sw->dev, &connector_ops);
device_unregister(&sw->dev);
--
2.17.1
4 months, 2 weeks
- 3
- 2
[PATCH] soc: qcom: mark pd-mapper as broken
by Johan Hovold
When using the in-kernel pd-mapper on x1e80100, client drivers often
fail to communicate with the firmware during boot, which specifically
breaks battery and USB-C altmode notifications. This has been observed
to happen on almost every second boot (41%) but likely depends on probe
order:
pmic_glink_altmode.pmic_glink_altmode pmic_glink.altmode.0: failed to send altmode request: 0x10 (-125)
pmic_glink_altmode.pmic_glink_altmode pmic_glink.altmode.0: failed to request altmode notifications: -125
ucsi_glink.pmic_glink_ucsi pmic_glink.ucsi.0: failed to send UCSI read request: -125
qcom_battmgr.pmic_glink_power_supply pmic_glink.power-supply.0: failed to request power notifications
In the same setup audio also fails to probe albeit much more rarely:
PDR: avs/audio get domain list txn wait failed: -110
PDR: service lookup for avs/audio failed: -110
Chris Lew has provided an analysis and is working on a fix for the
ECANCELED (125) errors, but it is not yet clear whether this will also
address the audio regression.
Even if this was first observed on x1e80100 there is currently no reason
to believe that these issues are specific to that platform.
Disable the in-kernel pd-mapper for now, and make sure to backport this
to stable to prevent users and distros from migrating away from the
user-space service.
Fixes: 1ebcde047c54 ("soc: qcom: add pd-mapper implementation")
Cc: stable(a)vger.kernel.org # 6.11
Link: https://lore.kernel.org/lkml/Zqet8iInnDhnxkT9@hovoldconsulting.com/
Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org>
---
It's now been over two months since I reported this regression, and even
if we seem to be making some progress on at least some of these issues I
think we need disable the pd-mapper temporarily until the fixes are in
place (e.g. to prevent distros from dropping the user-space service).
Johan
#regzbot introduced: 1ebcde047c54
drivers/soc/qcom/Kconfig | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/soc/qcom/Kconfig b/drivers/soc/qcom/Kconfig
index 74b9121240f8..35ddab9338d4 100644
--- a/drivers/soc/qcom/Kconfig
+++ b/drivers/soc/qcom/Kconfig
@@ -78,6 +78,7 @@ config QCOM_PD_MAPPER
select QCOM_PDR_MSG
select AUXILIARY_BUS
depends on NET && QRTR && (ARCH_QCOM || COMPILE_TEST)
+ depends on BROKEN
default QCOM_RPROC_COMMON
help
The Protection Domain Mapper maps registered services to the domains
--
2.45.2
4 months, 2 weeks
- 6
- 18
[PATCH AUTOSEL 6.13 01/16] ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params
by Sasha Levin
From: Bard Liao <yung-chuan.liao(a)linux.intel.com>
[ Upstream commit 569922b82ca660f8b24e705f6cf674e6b1f99cc7 ]
Each cpu DAI should associate with a widget. However, the topology might
not create the right number of DAI widgets for aggregated amps. And it
will cause NULL pointer deference.
Check that the DAI widget associated with the CPU DAI is valid to prevent
NULL pointer deference due to missing DAI widgets in topologies with
aggregated amps.
Signed-off-by: Bard Liao <yung-chuan.liao(a)linux.intel.com>
Reviewed-by: Ranjani Sridharan <ranjani.sridharan(a)linux.intel.com>
Reviewed-by: Péter Ujfalusi <peter.ujfalusi(a)linux.intel.com>
Reviewed-by: Liam Girdwood <liam.r.girdwood(a)intel.com>
Link: https://patch.msgid.link/20241203104853.56956-1-yung-chuan.liao@linux.intel…
Signed-off-by: Mark Brown <broonie(a)kernel.org>
Signed-off-by: Sasha Levin <sashal(a)kernel.org>
---
sound/soc/sof/intel/hda-dai.c | 12 ++++++++++++
sound/soc/sof/intel/hda.c | 5 +++++
2 files changed, 17 insertions(+)
diff --git a/sound/soc/sof/intel/hda-dai.c b/sound/soc/sof/intel/hda-dai.c
index 0db2a3e554fb2..da12aabc1bb85 100644
--- a/sound/soc/sof/intel/hda-dai.c
+++ b/sound/soc/sof/intel/hda-dai.c
@@ -503,6 +503,12 @@ int sdw_hda_dai_hw_params(struct snd_pcm_substream *substream,
int ret;
int i;
+ if (!w) {
+ dev_err(cpu_dai->dev, "%s widget not found, check amp link num in the topology\n",
+ cpu_dai->name);
+ return -EINVAL;
+ }
+
ops = hda_dai_get_ops(substream, cpu_dai);
if (!ops) {
dev_err(cpu_dai->dev, "DAI widget ops not set\n");
@@ -582,6 +588,12 @@ int sdw_hda_dai_hw_params(struct snd_pcm_substream *substream,
*/
for_each_rtd_cpu_dais(rtd, i, dai) {
w = snd_soc_dai_get_widget(dai, substream->stream);
+ if (!w) {
+ dev_err(cpu_dai->dev,
+ "%s widget not found, check amp link num in the topology\n",
+ dai->name);
+ return -EINVAL;
+ }
ipc4_copier = widget_to_copier(w);
memcpy(&ipc4_copier->dma_config_tlv[cpu_dai_id], dma_config_tlv,
sizeof(*dma_config_tlv));
diff --git a/sound/soc/sof/intel/hda.c b/sound/soc/sof/intel/hda.c
index f991785f727e9..be689f6e10c81 100644
--- a/sound/soc/sof/intel/hda.c
+++ b/sound/soc/sof/intel/hda.c
@@ -63,6 +63,11 @@ static int sdw_params_stream(struct device *dev,
struct snd_soc_dapm_widget *w = snd_soc_dai_get_widget(d, params_data->substream->stream);
struct snd_sof_dai_config_data data = { 0 };
+ if (!w) {
+ dev_err(dev, "%s widget not found, check amp link num in the topology\n",
+ d->name);
+ return -EINVAL;
+ }
data.dai_index = (params_data->link_id << 8) | d->id;
data.dai_data = params_data->alh_stream_id;
data.dai_node_id = data.dai_data;
--
2.39.5
4 months, 2 weeks
- 3
- 18
[PATCH] ACPI: PRM: Remove unnecessary strict handler address checks
by Aubrey Li
Commit 088984c8d54c ("ACPI: PRM: Find EFI_MEMORY_RUNTIME block for PRM
handler and context") added unnecessary strict handler address checks,
caused the PRM module to fail in translating memory error addresses.
Both static data buffer address and acpi parameter buffer address may
be NULL if they are not needed, as described in section 4.1.2 PRM Handler
Information Structure of Platform Runtime Mechanism specification [1].
Here are two examples from real hardware:
----PRMT.dsl----
- staic data address is not used
[10Ch 0268 2] Revision : 0000
[10Eh 0270 2] Length : 002C
[110h 0272 16] Handler GUID : F6A58D47-E04F-4F5A-86B8-2A50D4AA109B
[120h 0288 8] Handler address : 0000000065CE51F4
[128h 0296 8] Satic Data Address : 0000000000000000
[130h 0304 8] ACPI Parameter Address : 000000006522A718
- ACPI parameter address is not used
[1B0h 0432 2] Revision : 0000
[1B2h 0434 2] Length : 002C
[1B4h 0436 16] Handler GUID : 657E8AE6-A8FC-4877-BB28-42E7DE1899A5
[1C4h 0452 8] Handler address : 0000000065C567C8
[1CCh 0460 8] Satic Data Address : 000000006113FB98
[1D4h 0468 8] ACPI Parameter Address : 0000000000000000
Fixes: 088984c8d54c ("ACPI: PRM: Find EFI_MEMORY_RUNTIME block for PRM handler and context")
Reported-and-tested-by: Shi Liu <aurelianliu(a)tencent.com>
Cc: All applicable <stable(a)vger.kernel.org>
Signed-off-by: Aubrey Li <aubrey.li(a)linux.intel.com>
Link: https://uefi.org/sites/default/files/resources/Platform%20Runtime%20Mechani… # [1]
---
drivers/acpi/prmt.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/drivers/acpi/prmt.c b/drivers/acpi/prmt.c
index 747f83f7114d..e549914a636c 100644
--- a/drivers/acpi/prmt.c
+++ b/drivers/acpi/prmt.c
@@ -287,9 +287,7 @@ static acpi_status acpi_platformrt_space_handler(u32 function,
if (!handler || !module)
goto invalid_guid;
- if (!handler->handler_addr ||
- !handler->static_data_buffer_addr ||
- !handler->acpi_param_buffer_addr) {
+ if (!handler->handler_addr) {
buffer->prm_status = PRM_HANDLER_ERROR;
return AE_OK;
}
--
2.34.1
4 months, 2 weeks
- 4
- 3
Business Help
by Calib Cassim
Good Day,
How are you?
My name is Calib Cassim from Eskom Holdings Ltd. SA. I got your email from
my personal search.
I have in my position an (over-invoice / estimated) contract amount
executed by a Foreign Contractor through my Department, which the
contractor has been paid, and left the (over-invoice / estimated) amount
with the Payor.
So, I'm asking for your help to receive $25.5 Million on my behalf for my
investment in your area, I will obtain all the needed legal documents in
your name for the transfer of the amount to you.
If you can help, please send me your phone number for easy communication.
Thanks,
Mr. Calib
4 months, 2 weeks
- 1
- 0
[PATCH v2] scsi: core: Do not retry I/Os during depopulation
by Igor Pylypiv
Fail I/Os instead of retry to prevent user space processes from being
blocked on the I/O completion for several minutes.
Retrying I/Os during "depopulation in progress" or "depopulation restore
in progress" results in a continuous retry loop until the depopulation
completes or until the I/O retry loop is aborted due to a timeout by
the scsi_cmd_runtime_exceeced().
Depopulation is slow and can take 24+ hours to complete on 20+ TB HDDs.
Most I/Os in the depopulation retry loop end up taking several minutes
before returning the failure to user space.
Cc: <stable(a)vger.kernel.org> # 4.18.x: 2bbeb8d scsi: core: Handle depopulation and restoration in progress
Cc: <stable(a)vger.kernel.org> # 4.18.x
Fixes: e37c7d9a0341 ("scsi: core: sanitize++ in progress")
Signed-off-by: Igor Pylypiv <ipylypiv(a)google.com>
---
Changes in v2:
- Added Fixes: and Cc: stable tags.
drivers/scsi/scsi_lib.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c
index e7ea1f04164a..3ab4c958da45 100644
--- a/drivers/scsi/scsi_lib.c
+++ b/drivers/scsi/scsi_lib.c
@@ -872,13 +872,18 @@ static void scsi_io_completion_action(struct scsi_cmnd *cmd, int result)
case 0x1a: /* start stop unit in progress */
case 0x1b: /* sanitize in progress */
case 0x1d: /* configuration in progress */
- case 0x24: /* depopulation in progress */
- case 0x25: /* depopulation restore in progress */
action = ACTION_DELAYED_RETRY;
break;
case 0x0a: /* ALUA state transition */
action = ACTION_DELAYED_REPREP;
break;
+ /*
+ * Depopulation might take many hours,
+ * thus it is not worthwhile to retry.
+ */
+ case 0x24: /* depopulation in progress */
+ case 0x25: /* depopulation restore in progress */
+ fallthrough;
default:
action = ACTION_FAIL;
break;
--
2.48.1.362.g079036d154-goog
4 months, 2 weeks
- 2
- 1
[PATCH 2/5] net: usb: qmi_wwan: add Telit Cinterion FN990B composition
by Fabio Porcedda
Add the following Telit Cinterion FN990B composition:
0x10d0: rmnet + tty (AT/NMEA) + tty (AT) + tty (AT) + tty (AT) +
tty (diag) + DPL + QDSS (Qualcomm Debug SubSystem) + adb
T: Bus=01 Lev=01 Prnt=01 Port=01 Cnt=01 Dev#= 17 Spd=480 MxCh= 0
D: Ver= 2.10 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs= 1
P: Vendor=1bc7 ProdID=10d0 Rev=05.15
S: Manufacturer=Telit Cinterion
S: Product=FN990
S: SerialNumber=43b38f19
C: #Ifs= 9 Cfg#= 1 Atr=e0 MxPwr=500mA
I: If#= 0 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=50 Driver=qmi_wwan
E: Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=81(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=82(I) Atr=03(Int.) MxPS= 8 Ivl=32ms
I: If#= 1 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=60 Driver=option
E: Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=83(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=84(I) Atr=03(Int.) MxPS= 10 Ivl=32ms
I: If#= 2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=40 Driver=option
E: Ad=03(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=85(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=86(I) Atr=03(Int.) MxPS= 10 Ivl=32ms
I: If#= 3 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=40 Driver=option
E: Ad=04(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=87(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=88(I) Atr=03(Int.) MxPS= 10 Ivl=32ms
I: If#= 4 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=40 Driver=option
E: Ad=05(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=89(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=8a(I) Atr=03(Int.) MxPS= 10 Ivl=32ms
I: If#= 5 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=30 Driver=option
E: Ad=06(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=8b(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I: If#= 6 Alt= 0 #EPs= 1 Cls=ff(vend.) Sub=ff Prot=80 Driver=(none)
E: Ad=8c(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I: If#= 7 Alt= 0 #EPs= 1 Cls=ff(vend.) Sub=ff Prot=70 Driver=(none)
E: Ad=8d(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I: If#= 8 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=42 Prot=01 Driver=usbfs
E: Ad=07(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=8e(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
Cc: stable(a)vger.kernel.org
Signed-off-by: Fabio Porcedda <fabio.porcedda(a)gmail.com>
---
drivers/net/usb/qmi_wwan.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/net/usb/qmi_wwan.c b/drivers/net/usb/qmi_wwan.c
index e9208a8d2bfa..7548ac187c26 100644
--- a/drivers/net/usb/qmi_wwan.c
+++ b/drivers/net/usb/qmi_wwan.c
@@ -1368,6 +1368,7 @@ static const struct usb_device_id products[] = {
{QMI_QUIRK_SET_DTR(0x1bc7, 0x10c0, 0)}, /* Telit FE910C04 */
{QMI_QUIRK_SET_DTR(0x1bc7, 0x10c4, 0)}, /* Telit FE910C04 */
{QMI_QUIRK_SET_DTR(0x1bc7, 0x10c8, 0)}, /* Telit FE910C04 */
+ {QMI_QUIRK_SET_DTR(0x1bc7, 0x10d0, 0)}, /* Telit FN990B */
{QMI_FIXED_INTF(0x1bc7, 0x1100, 3)}, /* Telit ME910 */
{QMI_FIXED_INTF(0x1bc7, 0x1101, 3)}, /* Telit ME910 dual modem */
{QMI_FIXED_INTF(0x1bc7, 0x1200, 5)}, /* Telit LE920 */
--
2.48.1
4 months, 2 weeks
- 1
- 0
[PATCH] Input: cyttsp5 - ensure minimum reset pulse width
by Hugo Villeneuve
From: Hugo Villeneuve <hvilleneuve(a)dimonoff.com>
The current reset pulse width is measured to be 5us on a
Renesas RZ/G2L SOM. The manufacturer's minimum reset pulse width is
specified as 10us.
Extend reset pulse width to make sure it is long enough on all platforms.
Also reword confusing comments about reset pin assertion.
Fixes: 5b0c03e24a06 ("Input: Add driver for Cypress Generation 5 touchscreen")
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Hugo Villeneuve <hvilleneuve(a)dimonoff.com>
---
drivers/input/touchscreen/cyttsp5.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/input/touchscreen/cyttsp5.c b/drivers/input/touchscreen/cyttsp5.c
index eafe5a9b8964..bb09e84d0e92 100644
--- a/drivers/input/touchscreen/cyttsp5.c
+++ b/drivers/input/touchscreen/cyttsp5.c
@@ -870,13 +870,16 @@ static int cyttsp5_probe(struct device *dev, struct regmap *regmap, int irq,
ts->input->phys = ts->phys;
input_set_drvdata(ts->input, ts);
- /* Reset the gpio to be in a reset state */
+ /* Assert gpio to be in a reset state */
ts->reset_gpio = devm_gpiod_get_optional(dev, "reset", GPIOD_OUT_HIGH);
if (IS_ERR(ts->reset_gpio)) {
error = PTR_ERR(ts->reset_gpio);
dev_err(dev, "Failed to request reset gpio, error %d\n", error);
return error;
}
+
+ fsleep(1000); /* Ensure long-enough reset pulse (minimum 10us). */
+
gpiod_set_value_cansleep(ts->reset_gpio, 0);
/* Need a delay to have device up */
base-commit: 0de63bb7d91975e73338300a57c54b93d3cc151c
--
2.39.5
4 months, 2 weeks
- 3
- 3
Re: [PATCH 6.13 000/623] 6.13.2-rc1 review
by Ronald Warsow
Hi Greg
no regressions here on x86_64 (RKL, Intel 11th Gen. CPU)
Thanks
Tested-by: Ronald Warsow <rwarsow(a)gmx.de>
4 months, 2 weeks
- 1
- 0
[PATCH v2] mm,madvise,hugetlb: check for 0-length range after end address adjustment
by Ricardo Cañuelo Navarro
Add a sanity check to madvise_dontneed_free() to address a corner case
in madvise where a race condition causes the current vma being processed
to be backed by a different page size.
During a madvise(MADV_DONTNEED) call on a memory region registered with
a userfaultfd, there's a period of time where the process mm lock is
temporarily released in order to send a UFFD_EVENT_REMOVE and let
userspace handle the event. During this time, the vma covering the
current address range may change due to an explicit mmap done
concurrently by another thread.
If, after that change, the memory region, which was originally backed by
4KB pages, is now backed by hugepages, the end address is rounded down
to a hugepage boundary to avoid data loss (see "Fixes" below). This
rounding may cause the end address to be truncated to the same address
as the start.
Make this corner case follow the same semantics as in other similar
cases where the requested region has zero length (ie. return 0).
This will make madvise_walk_vmas() continue to the next vma in the
range (this time holding the process mm lock) which, due to the prev
pointer becoming stale because of the vma change, will be the same
hugepage-backed vma that was just checked before. The next time
madvise_dontneed_free() runs for this vma, if the start address isn't
aligned to a hugepage boundary, it'll return -EINVAL, which is also in
line with the madvise api.
From userspace perspective, madvise() will return EINVAL because the
start address isn't aligned according to the new vma alignment
requirements (hugepage), even though it was correctly page-aligned when
the call was issued.
Fixes: 8ebe0a5eaaeb ("mm,madvise,hugetlb: fix unexpected data loss with MADV_DONTNEED on hugetlbfs")
Cc: stable(a)vger.kernel.org
Signed-off-by: Ricardo Cañuelo Navarro <rcn(a)igalia.com>
---
Changes in v2:
- Added documentation in the code to tell the user how this situation
can happen. (Andrew)
---
mm/madvise.c | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/mm/madvise.c b/mm/madvise.c
index 49f3a75046f6..08b207f8e61e 100644
--- a/mm/madvise.c
+++ b/mm/madvise.c
@@ -933,7 +933,16 @@ static long madvise_dontneed_free(struct vm_area_struct *vma,
*/
end = vma->vm_end;
}
- VM_WARN_ON(start >= end);
+ /*
+ * If the memory region between start and end was
+ * originally backed by 4kB pages and then remapped to
+ * be backed by hugepages while mmap_lock was dropped,
+ * the adjustment for hugetlb vma above may have rounded
+ * end down to the start address.
+ */
+ if (start == end)
+ return 0;
+ VM_WARN_ON(start > end);
}
if (behavior == MADV_DONTNEED || behavior == MADV_DONTNEED_LOCKED)
--
2.48.1
4 months, 2 weeks
- 2
- 1
FAILED: patch "[PATCH] btrfs: fix double accounting race when" failed to apply to 5.4-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 5.4-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y
git checkout FETCH_HEAD
git cherry-pick -x 72dad8e377afa50435940adfb697e070d3556670
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025020535-recognize-universe-67dc@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 72dad8e377afa50435940adfb697e070d3556670 Mon Sep 17 00:00:00 2001
From: Qu Wenruo <wqu(a)suse.com>
Date: Thu, 12 Dec 2024 16:43:55 +1030
Subject: [PATCH] btrfs: fix double accounting race when
btrfs_run_delalloc_range() failed
[BUG]
When running btrfs with block size (4K) smaller than page size (64K,
aarch64), there is a very high chance to crash the kernel at
generic/750, with the following messages:
(before the call traces, there are 3 extra debug messages added)
BTRFS warning (device dm-3): read-write for sector size 4096 with page size 65536 is experimental
BTRFS info (device dm-3): checking UUID tree
hrtimer: interrupt took 5451385 ns
BTRFS error (device dm-3): cow_file_range failed, root=4957 inode=257 start=1605632 len=69632: -28
BTRFS error (device dm-3): run_delalloc_nocow failed, root=4957 inode=257 start=1605632 len=69632: -28
BTRFS error (device dm-3): failed to run delalloc range, root=4957 ino=257 folio=1572864 submit_bitmap=8-15 start=1605632 len=69632: -28
------------[ cut here ]------------
WARNING: CPU: 2 PID: 3020984 at ordered-data.c:360 can_finish_ordered_extent+0x370/0x3b8 [btrfs]
CPU: 2 UID: 0 PID: 3020984 Comm: kworker/u24:1 Tainted: G OE 6.13.0-rc1-custom+ #89
Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE
Hardware name: QEMU KVM Virtual Machine, BIOS unknown 2/2/2022
Workqueue: events_unbound btrfs_async_reclaim_data_space [btrfs]
pc : can_finish_ordered_extent+0x370/0x3b8 [btrfs]
lr : can_finish_ordered_extent+0x1ec/0x3b8 [btrfs]
Call trace:
can_finish_ordered_extent+0x370/0x3b8 [btrfs] (P)
can_finish_ordered_extent+0x1ec/0x3b8 [btrfs] (L)
btrfs_mark_ordered_io_finished+0x130/0x2b8 [btrfs]
extent_writepage+0x10c/0x3b8 [btrfs]
extent_write_cache_pages+0x21c/0x4e8 [btrfs]
btrfs_writepages+0x94/0x160 [btrfs]
do_writepages+0x74/0x190
filemap_fdatawrite_wbc+0x74/0xa0
start_delalloc_inodes+0x17c/0x3b0 [btrfs]
btrfs_start_delalloc_roots+0x17c/0x288 [btrfs]
shrink_delalloc+0x11c/0x280 [btrfs]
flush_space+0x288/0x328 [btrfs]
btrfs_async_reclaim_data_space+0x180/0x228 [btrfs]
process_one_work+0x228/0x680
worker_thread+0x1bc/0x360
kthread+0x100/0x118
ret_from_fork+0x10/0x20
---[ end trace 0000000000000000 ]---
BTRFS critical (device dm-3): bad ordered extent accounting, root=4957 ino=257 OE offset=1605632 OE len=16384 to_dec=16384 left=0
BTRFS critical (device dm-3): bad ordered extent accounting, root=4957 ino=257 OE offset=1622016 OE len=12288 to_dec=12288 left=0
Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008
BTRFS critical (device dm-3): bad ordered extent accounting, root=4957 ino=257 OE offset=1634304 OE len=8192 to_dec=4096 left=0
CPU: 1 UID: 0 PID: 3286940 Comm: kworker/u24:3 Tainted: G W OE 6.13.0-rc1-custom+ #89
Hardware name: QEMU KVM Virtual Machine, BIOS unknown 2/2/2022
Workqueue: btrfs_work_helper [btrfs] (btrfs-endio-write)
pstate: 404000c5 (nZcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : process_one_work+0x110/0x680
lr : worker_thread+0x1bc/0x360
Call trace:
process_one_work+0x110/0x680 (P)
worker_thread+0x1bc/0x360 (L)
worker_thread+0x1bc/0x360
kthread+0x100/0x118
ret_from_fork+0x10/0x20
Code: f84086a1 f9000fe1 53041c21 b9003361 (f9400661)
---[ end trace 0000000000000000 ]---
Kernel panic - not syncing: Oops: Fatal exception
SMP: stopping secondary CPUs
SMP: failed to stop secondary CPUs 2-3
Dumping ftrace buffer:
(ftrace buffer empty)
Kernel Offset: 0x275bb9540000 from 0xffff800080000000
PHYS_OFFSET: 0xffff8fbba0000000
CPU features: 0x100,00000070,00801250,8201720b
[CAUSE]
The above warning is triggered immediately after the delalloc range
failure, this happens in the following sequence:
- Range [1568K, 1636K) is dirty
1536K 1568K 1600K 1636K 1664K
| |/////////|////////| |
Where 1536K, 1600K and 1664K are page boundaries (64K page size)
- Enter extent_writepage() for page 1536K
- Enter run_delalloc_nocow() with locked page 1536K and range
[1568K, 1636K)
This is due to the inode having preallocated extents.
- Enter cow_file_range() with locked page 1536K and range
[1568K, 1636K)
- btrfs_reserve_extent() only reserved two extents
The main loop of cow_file_range() only reserved two data extents,
Now we have:
1536K 1568K 1600K 1636K 1664K
| |<-->|<--->|/|///////| |
1584K 1596K
Range [1568K, 1596K) has an ordered extent reserved.
- btrfs_reserve_extent() failed inside cow_file_range() for file offset
1596K
This is already a bug in our space reservation code, but for now let's
focus on the error handling path.
Now cow_file_range() returned -ENOSPC.
- btrfs_run_delalloc_range() do error cleanup <<< ROOT CAUSE
Call btrfs_cleanup_ordered_extents() with locked folio 1536K and range
[1568K, 1636K)
Function btrfs_cleanup_ordered_extents() normally needs to skip the
ranges inside the folio, as it will normally be cleaned up by
extent_writepage().
Such split error handling is already problematic in the first place.
What's worse is the folio range skipping itself, which is not taking
subpage cases into consideration at all, it will only skip the range
if the page start >= the range start.
In our case, the page start < the range start, since for subpage cases
we can have delalloc ranges inside the folio but not covering the
folio.
So it doesn't skip the page range at all.
This means all the ordered extents, both [1568K, 1584K) and
[1584K, 1596K) will be marked as IOERR.
And these two ordered extents have no more pending ios, they are marked
finished, and *QUEUED* to be deleted from the io tree.
- extent_writepage() do error cleanup
Call btrfs_mark_ordered_io_finished() for the range [1536K, 1600K).
Although ranges [1568K, 1584K) and [1584K, 1596K) are finished, the
deletion from io tree is async, it may or may not happen at this
time.
If the ranges have not yet been removed, we will do double cleaning on
those ranges, triggering the above ordered extent warnings.
In theory there are other bugs, like the cleanup in extent_writepage()
can cause double accounting on ranges that are submitted asynchronously
(compression for example).
But that's much harder to trigger because normally we do not mix regular
and compression delalloc ranges.
[FIX]
The folio range split is already buggy and not subpage compatible, it
was introduced a long time ago where subpage support was not even considered.
So instead of splitting the ordered extents cleanup into the folio range
and out of folio range, do all the cleanup inside writepage_delalloc().
- Pass @NULL as locked_folio for btrfs_cleanup_ordered_extents() in
btrfs_run_delalloc_range()
- Skip the btrfs_cleanup_ordered_extents() if writepage_delalloc()
failed
So all ordered extents are only cleaned up by
btrfs_run_delalloc_range().
- Handle the ranges that already have ordered extents allocated
If part of the folio already has ordered extent allocated, and
btrfs_run_delalloc_range() failed, we also need to cleanup that range.
Now we have a concentrated error handling for ordered extents during
btrfs_run_delalloc_range().
Fixes: d1051d6ebf8e ("btrfs: Fix error handling in btrfs_cleanup_ordered_extents")
CC: stable(a)vger.kernel.org # 5.15+
Reviewed-by: Boris Burkov <boris(a)bur.io>
Signed-off-by: Qu Wenruo <wqu(a)suse.com>
Signed-off-by: David Sterba <dsterba(a)suse.com>
diff --git a/fs/btrfs/extent_io.c b/fs/btrfs/extent_io.c
index c068a442753c..bc2bd103c8cc 100644
--- a/fs/btrfs/extent_io.c
+++ b/fs/btrfs/extent_io.c
@@ -1134,14 +1134,19 @@ static bool find_next_delalloc_bitmap(struct folio *folio,
}
/*
- * helper for extent_writepage(), doing all of the delayed allocation setup.
+ * Do all of the delayed allocation setup.
*
- * This returns 1 if btrfs_run_delalloc_range function did all the work required
- * to write the page (copy into inline extent). In this case the IO has
- * been started and the page is already unlocked.
+ * Return >0 if all the dirty blocks are submitted async (compression) or inlined.
+ * The @folio should no longer be touched (treat it as already unlocked).
*
- * This returns 0 if all went well (page still locked)
- * This returns < 0 if there were errors (page still locked)
+ * Return 0 if there is still dirty block that needs to be submitted through
+ * extent_writepage_io().
+ * bio_ctrl->submit_bitmap will indicate which blocks of the folio should be
+ * submitted, and @folio is still kept locked.
+ *
+ * Return <0 if there is any error hit.
+ * Any allocated ordered extent range covering this folio will be marked
+ * finished (IOERR), and @folio is still kept locked.
*/
static noinline_for_stack int writepage_delalloc(struct btrfs_inode *inode,
struct folio *folio,
@@ -1159,6 +1164,16 @@ static noinline_for_stack int writepage_delalloc(struct btrfs_inode *inode,
* last delalloc end.
*/
u64 last_delalloc_end = 0;
+ /*
+ * The range end (exclusive) of the last successfully finished delalloc
+ * range.
+ * Any range covered by ordered extent must either be manually marked
+ * finished (error handling), or has IO submitted (and finish the
+ * ordered extent normally).
+ *
+ * This records the end of ordered extent cleanup if we hit an error.
+ */
+ u64 last_finished_delalloc_end = page_start;
u64 delalloc_start = page_start;
u64 delalloc_end = page_end;
u64 delalloc_to_write = 0;
@@ -1227,11 +1242,19 @@ static noinline_for_stack int writepage_delalloc(struct btrfs_inode *inode,
found_len = last_delalloc_end + 1 - found_start;
if (ret >= 0) {
+ /*
+ * Some delalloc range may be created by previous folios.
+ * Thus we still need to clean up this range during error
+ * handling.
+ */
+ last_finished_delalloc_end = found_start;
/* No errors hit so far, run the current delalloc range. */
ret = btrfs_run_delalloc_range(inode, folio,
found_start,
found_start + found_len - 1,
wbc);
+ if (ret >= 0)
+ last_finished_delalloc_end = found_start + found_len;
} else {
/*
* We've hit an error during previous delalloc range,
@@ -1266,8 +1289,22 @@ static noinline_for_stack int writepage_delalloc(struct btrfs_inode *inode,
delalloc_start = found_start + found_len;
}
- if (ret < 0)
+ /*
+ * It's possible we had some ordered extents created before we hit
+ * an error, cleanup non-async successfully created delalloc ranges.
+ */
+ if (unlikely(ret < 0)) {
+ unsigned int bitmap_size = min(
+ (last_finished_delalloc_end - page_start) >>
+ fs_info->sectorsize_bits,
+ fs_info->sectors_per_page);
+
+ for_each_set_bit(bit, &bio_ctrl->submit_bitmap, bitmap_size)
+ btrfs_mark_ordered_io_finished(inode, folio,
+ page_start + (bit << fs_info->sectorsize_bits),
+ fs_info->sectorsize, false);
return ret;
+ }
out:
if (last_delalloc_end)
delalloc_end = last_delalloc_end;
@@ -1501,13 +1538,13 @@ static int extent_writepage(struct folio *folio, struct btrfs_bio_ctrl *bio_ctrl
bio_ctrl->wbc->nr_to_write--;
-done:
- if (ret) {
+ if (ret)
btrfs_mark_ordered_io_finished(inode, folio,
page_start, PAGE_SIZE, !ret);
- mapping_set_error(folio->mapping, ret);
- }
+done:
+ if (ret < 0)
+ mapping_set_error(folio->mapping, ret);
/*
* Only unlock ranges that are submitted. As there can be some async
* submitted ranges inside the folio.
diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c
index 1546f341f9a4..b81afe757f64 100644
--- a/fs/btrfs/inode.c
+++ b/fs/btrfs/inode.c
@@ -2301,8 +2301,7 @@ int btrfs_run_delalloc_range(struct btrfs_inode *inode, struct folio *locked_fol
out:
if (ret < 0)
- btrfs_cleanup_ordered_extents(inode, locked_folio, start,
- end - start + 1);
+ btrfs_cleanup_ordered_extents(inode, NULL, start, end - start + 1);
return ret;
}
4 months, 2 weeks
- 1
- 0
FAILED: patch "[PATCH] btrfs: fix double accounting race when" failed to apply to 5.10-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 5.10-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y
git checkout FETCH_HEAD
git cherry-pick -x 72dad8e377afa50435940adfb697e070d3556670
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025020507-parole-precise-a4a5@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 72dad8e377afa50435940adfb697e070d3556670 Mon Sep 17 00:00:00 2001
From: Qu Wenruo <wqu(a)suse.com>
Date: Thu, 12 Dec 2024 16:43:55 +1030
Subject: [PATCH] btrfs: fix double accounting race when
btrfs_run_delalloc_range() failed
[BUG]
When running btrfs with block size (4K) smaller than page size (64K,
aarch64), there is a very high chance to crash the kernel at
generic/750, with the following messages:
(before the call traces, there are 3 extra debug messages added)
BTRFS warning (device dm-3): read-write for sector size 4096 with page size 65536 is experimental
BTRFS info (device dm-3): checking UUID tree
hrtimer: interrupt took 5451385 ns
BTRFS error (device dm-3): cow_file_range failed, root=4957 inode=257 start=1605632 len=69632: -28
BTRFS error (device dm-3): run_delalloc_nocow failed, root=4957 inode=257 start=1605632 len=69632: -28
BTRFS error (device dm-3): failed to run delalloc range, root=4957 ino=257 folio=1572864 submit_bitmap=8-15 start=1605632 len=69632: -28
------------[ cut here ]------------
WARNING: CPU: 2 PID: 3020984 at ordered-data.c:360 can_finish_ordered_extent+0x370/0x3b8 [btrfs]
CPU: 2 UID: 0 PID: 3020984 Comm: kworker/u24:1 Tainted: G OE 6.13.0-rc1-custom+ #89
Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE
Hardware name: QEMU KVM Virtual Machine, BIOS unknown 2/2/2022
Workqueue: events_unbound btrfs_async_reclaim_data_space [btrfs]
pc : can_finish_ordered_extent+0x370/0x3b8 [btrfs]
lr : can_finish_ordered_extent+0x1ec/0x3b8 [btrfs]
Call trace:
can_finish_ordered_extent+0x370/0x3b8 [btrfs] (P)
can_finish_ordered_extent+0x1ec/0x3b8 [btrfs] (L)
btrfs_mark_ordered_io_finished+0x130/0x2b8 [btrfs]
extent_writepage+0x10c/0x3b8 [btrfs]
extent_write_cache_pages+0x21c/0x4e8 [btrfs]
btrfs_writepages+0x94/0x160 [btrfs]
do_writepages+0x74/0x190
filemap_fdatawrite_wbc+0x74/0xa0
start_delalloc_inodes+0x17c/0x3b0 [btrfs]
btrfs_start_delalloc_roots+0x17c/0x288 [btrfs]
shrink_delalloc+0x11c/0x280 [btrfs]
flush_space+0x288/0x328 [btrfs]
btrfs_async_reclaim_data_space+0x180/0x228 [btrfs]
process_one_work+0x228/0x680
worker_thread+0x1bc/0x360
kthread+0x100/0x118
ret_from_fork+0x10/0x20
---[ end trace 0000000000000000 ]---
BTRFS critical (device dm-3): bad ordered extent accounting, root=4957 ino=257 OE offset=1605632 OE len=16384 to_dec=16384 left=0
BTRFS critical (device dm-3): bad ordered extent accounting, root=4957 ino=257 OE offset=1622016 OE len=12288 to_dec=12288 left=0
Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008
BTRFS critical (device dm-3): bad ordered extent accounting, root=4957 ino=257 OE offset=1634304 OE len=8192 to_dec=4096 left=0
CPU: 1 UID: 0 PID: 3286940 Comm: kworker/u24:3 Tainted: G W OE 6.13.0-rc1-custom+ #89
Hardware name: QEMU KVM Virtual Machine, BIOS unknown 2/2/2022
Workqueue: btrfs_work_helper [btrfs] (btrfs-endio-write)
pstate: 404000c5 (nZcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : process_one_work+0x110/0x680
lr : worker_thread+0x1bc/0x360
Call trace:
process_one_work+0x110/0x680 (P)
worker_thread+0x1bc/0x360 (L)
worker_thread+0x1bc/0x360
kthread+0x100/0x118
ret_from_fork+0x10/0x20
Code: f84086a1 f9000fe1 53041c21 b9003361 (f9400661)
---[ end trace 0000000000000000 ]---
Kernel panic - not syncing: Oops: Fatal exception
SMP: stopping secondary CPUs
SMP: failed to stop secondary CPUs 2-3
Dumping ftrace buffer:
(ftrace buffer empty)
Kernel Offset: 0x275bb9540000 from 0xffff800080000000
PHYS_OFFSET: 0xffff8fbba0000000
CPU features: 0x100,00000070,00801250,8201720b
[CAUSE]
The above warning is triggered immediately after the delalloc range
failure, this happens in the following sequence:
- Range [1568K, 1636K) is dirty
1536K 1568K 1600K 1636K 1664K
| |/////////|////////| |
Where 1536K, 1600K and 1664K are page boundaries (64K page size)
- Enter extent_writepage() for page 1536K
- Enter run_delalloc_nocow() with locked page 1536K and range
[1568K, 1636K)
This is due to the inode having preallocated extents.
- Enter cow_file_range() with locked page 1536K and range
[1568K, 1636K)
- btrfs_reserve_extent() only reserved two extents
The main loop of cow_file_range() only reserved two data extents,
Now we have:
1536K 1568K 1600K 1636K 1664K
| |<-->|<--->|/|///////| |
1584K 1596K
Range [1568K, 1596K) has an ordered extent reserved.
- btrfs_reserve_extent() failed inside cow_file_range() for file offset
1596K
This is already a bug in our space reservation code, but for now let's
focus on the error handling path.
Now cow_file_range() returned -ENOSPC.
- btrfs_run_delalloc_range() do error cleanup <<< ROOT CAUSE
Call btrfs_cleanup_ordered_extents() with locked folio 1536K and range
[1568K, 1636K)
Function btrfs_cleanup_ordered_extents() normally needs to skip the
ranges inside the folio, as it will normally be cleaned up by
extent_writepage().
Such split error handling is already problematic in the first place.
What's worse is the folio range skipping itself, which is not taking
subpage cases into consideration at all, it will only skip the range
if the page start >= the range start.
In our case, the page start < the range start, since for subpage cases
we can have delalloc ranges inside the folio but not covering the
folio.
So it doesn't skip the page range at all.
This means all the ordered extents, both [1568K, 1584K) and
[1584K, 1596K) will be marked as IOERR.
And these two ordered extents have no more pending ios, they are marked
finished, and *QUEUED* to be deleted from the io tree.
- extent_writepage() do error cleanup
Call btrfs_mark_ordered_io_finished() for the range [1536K, 1600K).
Although ranges [1568K, 1584K) and [1584K, 1596K) are finished, the
deletion from io tree is async, it may or may not happen at this
time.
If the ranges have not yet been removed, we will do double cleaning on
those ranges, triggering the above ordered extent warnings.
In theory there are other bugs, like the cleanup in extent_writepage()
can cause double accounting on ranges that are submitted asynchronously
(compression for example).
But that's much harder to trigger because normally we do not mix regular
and compression delalloc ranges.
[FIX]
The folio range split is already buggy and not subpage compatible, it
was introduced a long time ago where subpage support was not even considered.
So instead of splitting the ordered extents cleanup into the folio range
and out of folio range, do all the cleanup inside writepage_delalloc().
- Pass @NULL as locked_folio for btrfs_cleanup_ordered_extents() in
btrfs_run_delalloc_range()
- Skip the btrfs_cleanup_ordered_extents() if writepage_delalloc()
failed
So all ordered extents are only cleaned up by
btrfs_run_delalloc_range().
- Handle the ranges that already have ordered extents allocated
If part of the folio already has ordered extent allocated, and
btrfs_run_delalloc_range() failed, we also need to cleanup that range.
Now we have a concentrated error handling for ordered extents during
btrfs_run_delalloc_range().
Fixes: d1051d6ebf8e ("btrfs: Fix error handling in btrfs_cleanup_ordered_extents")
CC: stable(a)vger.kernel.org # 5.15+
Reviewed-by: Boris Burkov <boris(a)bur.io>
Signed-off-by: Qu Wenruo <wqu(a)suse.com>
Signed-off-by: David Sterba <dsterba(a)suse.com>
diff --git a/fs/btrfs/extent_io.c b/fs/btrfs/extent_io.c
index c068a442753c..bc2bd103c8cc 100644
--- a/fs/btrfs/extent_io.c
+++ b/fs/btrfs/extent_io.c
@@ -1134,14 +1134,19 @@ static bool find_next_delalloc_bitmap(struct folio *folio,
}
/*
- * helper for extent_writepage(), doing all of the delayed allocation setup.
+ * Do all of the delayed allocation setup.
*
- * This returns 1 if btrfs_run_delalloc_range function did all the work required
- * to write the page (copy into inline extent). In this case the IO has
- * been started and the page is already unlocked.
+ * Return >0 if all the dirty blocks are submitted async (compression) or inlined.
+ * The @folio should no longer be touched (treat it as already unlocked).
*
- * This returns 0 if all went well (page still locked)
- * This returns < 0 if there were errors (page still locked)
+ * Return 0 if there is still dirty block that needs to be submitted through
+ * extent_writepage_io().
+ * bio_ctrl->submit_bitmap will indicate which blocks of the folio should be
+ * submitted, and @folio is still kept locked.
+ *
+ * Return <0 if there is any error hit.
+ * Any allocated ordered extent range covering this folio will be marked
+ * finished (IOERR), and @folio is still kept locked.
*/
static noinline_for_stack int writepage_delalloc(struct btrfs_inode *inode,
struct folio *folio,
@@ -1159,6 +1164,16 @@ static noinline_for_stack int writepage_delalloc(struct btrfs_inode *inode,
* last delalloc end.
*/
u64 last_delalloc_end = 0;
+ /*
+ * The range end (exclusive) of the last successfully finished delalloc
+ * range.
+ * Any range covered by ordered extent must either be manually marked
+ * finished (error handling), or has IO submitted (and finish the
+ * ordered extent normally).
+ *
+ * This records the end of ordered extent cleanup if we hit an error.
+ */
+ u64 last_finished_delalloc_end = page_start;
u64 delalloc_start = page_start;
u64 delalloc_end = page_end;
u64 delalloc_to_write = 0;
@@ -1227,11 +1242,19 @@ static noinline_for_stack int writepage_delalloc(struct btrfs_inode *inode,
found_len = last_delalloc_end + 1 - found_start;
if (ret >= 0) {
+ /*
+ * Some delalloc range may be created by previous folios.
+ * Thus we still need to clean up this range during error
+ * handling.
+ */
+ last_finished_delalloc_end = found_start;
/* No errors hit so far, run the current delalloc range. */
ret = btrfs_run_delalloc_range(inode, folio,
found_start,
found_start + found_len - 1,
wbc);
+ if (ret >= 0)
+ last_finished_delalloc_end = found_start + found_len;
} else {
/*
* We've hit an error during previous delalloc range,
@@ -1266,8 +1289,22 @@ static noinline_for_stack int writepage_delalloc(struct btrfs_inode *inode,
delalloc_start = found_start + found_len;
}
- if (ret < 0)
+ /*
+ * It's possible we had some ordered extents created before we hit
+ * an error, cleanup non-async successfully created delalloc ranges.
+ */
+ if (unlikely(ret < 0)) {
+ unsigned int bitmap_size = min(
+ (last_finished_delalloc_end - page_start) >>
+ fs_info->sectorsize_bits,
+ fs_info->sectors_per_page);
+
+ for_each_set_bit(bit, &bio_ctrl->submit_bitmap, bitmap_size)
+ btrfs_mark_ordered_io_finished(inode, folio,
+ page_start + (bit << fs_info->sectorsize_bits),
+ fs_info->sectorsize, false);
return ret;
+ }
out:
if (last_delalloc_end)
delalloc_end = last_delalloc_end;
@@ -1501,13 +1538,13 @@ static int extent_writepage(struct folio *folio, struct btrfs_bio_ctrl *bio_ctrl
bio_ctrl->wbc->nr_to_write--;
-done:
- if (ret) {
+ if (ret)
btrfs_mark_ordered_io_finished(inode, folio,
page_start, PAGE_SIZE, !ret);
- mapping_set_error(folio->mapping, ret);
- }
+done:
+ if (ret < 0)
+ mapping_set_error(folio->mapping, ret);
/*
* Only unlock ranges that are submitted. As there can be some async
* submitted ranges inside the folio.
diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c
index 1546f341f9a4..b81afe757f64 100644
--- a/fs/btrfs/inode.c
+++ b/fs/btrfs/inode.c
@@ -2301,8 +2301,7 @@ int btrfs_run_delalloc_range(struct btrfs_inode *inode, struct folio *locked_fol
out:
if (ret < 0)
- btrfs_cleanup_ordered_extents(inode, locked_folio, start,
- end - start + 1);
+ btrfs_cleanup_ordered_extents(inode, NULL, start, end - start + 1);
return ret;
}
4 months, 2 weeks
- 1
- 0
FAILED: patch "[PATCH] btrfs: fix double accounting race when" failed to apply to 5.15-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 5.15-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y
git checkout FETCH_HEAD
git cherry-pick -x 72dad8e377afa50435940adfb697e070d3556670
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025020557-faucet-engross-c54a@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 72dad8e377afa50435940adfb697e070d3556670 Mon Sep 17 00:00:00 2001
From: Qu Wenruo <wqu(a)suse.com>
Date: Thu, 12 Dec 2024 16:43:55 +1030
Subject: [PATCH] btrfs: fix double accounting race when
btrfs_run_delalloc_range() failed
[BUG]
When running btrfs with block size (4K) smaller than page size (64K,
aarch64), there is a very high chance to crash the kernel at
generic/750, with the following messages:
(before the call traces, there are 3 extra debug messages added)
BTRFS warning (device dm-3): read-write for sector size 4096 with page size 65536 is experimental
BTRFS info (device dm-3): checking UUID tree
hrtimer: interrupt took 5451385 ns
BTRFS error (device dm-3): cow_file_range failed, root=4957 inode=257 start=1605632 len=69632: -28
BTRFS error (device dm-3): run_delalloc_nocow failed, root=4957 inode=257 start=1605632 len=69632: -28
BTRFS error (device dm-3): failed to run delalloc range, root=4957 ino=257 folio=1572864 submit_bitmap=8-15 start=1605632 len=69632: -28
------------[ cut here ]------------
WARNING: CPU: 2 PID: 3020984 at ordered-data.c:360 can_finish_ordered_extent+0x370/0x3b8 [btrfs]
CPU: 2 UID: 0 PID: 3020984 Comm: kworker/u24:1 Tainted: G OE 6.13.0-rc1-custom+ #89
Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE
Hardware name: QEMU KVM Virtual Machine, BIOS unknown 2/2/2022
Workqueue: events_unbound btrfs_async_reclaim_data_space [btrfs]
pc : can_finish_ordered_extent+0x370/0x3b8 [btrfs]
lr : can_finish_ordered_extent+0x1ec/0x3b8 [btrfs]
Call trace:
can_finish_ordered_extent+0x370/0x3b8 [btrfs] (P)
can_finish_ordered_extent+0x1ec/0x3b8 [btrfs] (L)
btrfs_mark_ordered_io_finished+0x130/0x2b8 [btrfs]
extent_writepage+0x10c/0x3b8 [btrfs]
extent_write_cache_pages+0x21c/0x4e8 [btrfs]
btrfs_writepages+0x94/0x160 [btrfs]
do_writepages+0x74/0x190
filemap_fdatawrite_wbc+0x74/0xa0
start_delalloc_inodes+0x17c/0x3b0 [btrfs]
btrfs_start_delalloc_roots+0x17c/0x288 [btrfs]
shrink_delalloc+0x11c/0x280 [btrfs]
flush_space+0x288/0x328 [btrfs]
btrfs_async_reclaim_data_space+0x180/0x228 [btrfs]
process_one_work+0x228/0x680
worker_thread+0x1bc/0x360
kthread+0x100/0x118
ret_from_fork+0x10/0x20
---[ end trace 0000000000000000 ]---
BTRFS critical (device dm-3): bad ordered extent accounting, root=4957 ino=257 OE offset=1605632 OE len=16384 to_dec=16384 left=0
BTRFS critical (device dm-3): bad ordered extent accounting, root=4957 ino=257 OE offset=1622016 OE len=12288 to_dec=12288 left=0
Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008
BTRFS critical (device dm-3): bad ordered extent accounting, root=4957 ino=257 OE offset=1634304 OE len=8192 to_dec=4096 left=0
CPU: 1 UID: 0 PID: 3286940 Comm: kworker/u24:3 Tainted: G W OE 6.13.0-rc1-custom+ #89
Hardware name: QEMU KVM Virtual Machine, BIOS unknown 2/2/2022
Workqueue: btrfs_work_helper [btrfs] (btrfs-endio-write)
pstate: 404000c5 (nZcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : process_one_work+0x110/0x680
lr : worker_thread+0x1bc/0x360
Call trace:
process_one_work+0x110/0x680 (P)
worker_thread+0x1bc/0x360 (L)
worker_thread+0x1bc/0x360
kthread+0x100/0x118
ret_from_fork+0x10/0x20
Code: f84086a1 f9000fe1 53041c21 b9003361 (f9400661)
---[ end trace 0000000000000000 ]---
Kernel panic - not syncing: Oops: Fatal exception
SMP: stopping secondary CPUs
SMP: failed to stop secondary CPUs 2-3
Dumping ftrace buffer:
(ftrace buffer empty)
Kernel Offset: 0x275bb9540000 from 0xffff800080000000
PHYS_OFFSET: 0xffff8fbba0000000
CPU features: 0x100,00000070,00801250,8201720b
[CAUSE]
The above warning is triggered immediately after the delalloc range
failure, this happens in the following sequence:
- Range [1568K, 1636K) is dirty
1536K 1568K 1600K 1636K 1664K
| |/////////|////////| |
Where 1536K, 1600K and 1664K are page boundaries (64K page size)
- Enter extent_writepage() for page 1536K
- Enter run_delalloc_nocow() with locked page 1536K and range
[1568K, 1636K)
This is due to the inode having preallocated extents.
- Enter cow_file_range() with locked page 1536K and range
[1568K, 1636K)
- btrfs_reserve_extent() only reserved two extents
The main loop of cow_file_range() only reserved two data extents,
Now we have:
1536K 1568K 1600K 1636K 1664K
| |<-->|<--->|/|///////| |
1584K 1596K
Range [1568K, 1596K) has an ordered extent reserved.
- btrfs_reserve_extent() failed inside cow_file_range() for file offset
1596K
This is already a bug in our space reservation code, but for now let's
focus on the error handling path.
Now cow_file_range() returned -ENOSPC.
- btrfs_run_delalloc_range() do error cleanup <<< ROOT CAUSE
Call btrfs_cleanup_ordered_extents() with locked folio 1536K and range
[1568K, 1636K)
Function btrfs_cleanup_ordered_extents() normally needs to skip the
ranges inside the folio, as it will normally be cleaned up by
extent_writepage().
Such split error handling is already problematic in the first place.
What's worse is the folio range skipping itself, which is not taking
subpage cases into consideration at all, it will only skip the range
if the page start >= the range start.
In our case, the page start < the range start, since for subpage cases
we can have delalloc ranges inside the folio but not covering the
folio.
So it doesn't skip the page range at all.
This means all the ordered extents, both [1568K, 1584K) and
[1584K, 1596K) will be marked as IOERR.
And these two ordered extents have no more pending ios, they are marked
finished, and *QUEUED* to be deleted from the io tree.
- extent_writepage() do error cleanup
Call btrfs_mark_ordered_io_finished() for the range [1536K, 1600K).
Although ranges [1568K, 1584K) and [1584K, 1596K) are finished, the
deletion from io tree is async, it may or may not happen at this
time.
If the ranges have not yet been removed, we will do double cleaning on
those ranges, triggering the above ordered extent warnings.
In theory there are other bugs, like the cleanup in extent_writepage()
can cause double accounting on ranges that are submitted asynchronously
(compression for example).
But that's much harder to trigger because normally we do not mix regular
and compression delalloc ranges.
[FIX]
The folio range split is already buggy and not subpage compatible, it
was introduced a long time ago where subpage support was not even considered.
So instead of splitting the ordered extents cleanup into the folio range
and out of folio range, do all the cleanup inside writepage_delalloc().
- Pass @NULL as locked_folio for btrfs_cleanup_ordered_extents() in
btrfs_run_delalloc_range()
- Skip the btrfs_cleanup_ordered_extents() if writepage_delalloc()
failed
So all ordered extents are only cleaned up by
btrfs_run_delalloc_range().
- Handle the ranges that already have ordered extents allocated
If part of the folio already has ordered extent allocated, and
btrfs_run_delalloc_range() failed, we also need to cleanup that range.
Now we have a concentrated error handling for ordered extents during
btrfs_run_delalloc_range().
Fixes: d1051d6ebf8e ("btrfs: Fix error handling in btrfs_cleanup_ordered_extents")
CC: stable(a)vger.kernel.org # 5.15+
Reviewed-by: Boris Burkov <boris(a)bur.io>
Signed-off-by: Qu Wenruo <wqu(a)suse.com>
Signed-off-by: David Sterba <dsterba(a)suse.com>
diff --git a/fs/btrfs/extent_io.c b/fs/btrfs/extent_io.c
index c068a442753c..bc2bd103c8cc 100644
--- a/fs/btrfs/extent_io.c
+++ b/fs/btrfs/extent_io.c
@@ -1134,14 +1134,19 @@ static bool find_next_delalloc_bitmap(struct folio *folio,
}
/*
- * helper for extent_writepage(), doing all of the delayed allocation setup.
+ * Do all of the delayed allocation setup.
*
- * This returns 1 if btrfs_run_delalloc_range function did all the work required
- * to write the page (copy into inline extent). In this case the IO has
- * been started and the page is already unlocked.
+ * Return >0 if all the dirty blocks are submitted async (compression) or inlined.
+ * The @folio should no longer be touched (treat it as already unlocked).
*
- * This returns 0 if all went well (page still locked)
- * This returns < 0 if there were errors (page still locked)
+ * Return 0 if there is still dirty block that needs to be submitted through
+ * extent_writepage_io().
+ * bio_ctrl->submit_bitmap will indicate which blocks of the folio should be
+ * submitted, and @folio is still kept locked.
+ *
+ * Return <0 if there is any error hit.
+ * Any allocated ordered extent range covering this folio will be marked
+ * finished (IOERR), and @folio is still kept locked.
*/
static noinline_for_stack int writepage_delalloc(struct btrfs_inode *inode,
struct folio *folio,
@@ -1159,6 +1164,16 @@ static noinline_for_stack int writepage_delalloc(struct btrfs_inode *inode,
* last delalloc end.
*/
u64 last_delalloc_end = 0;
+ /*
+ * The range end (exclusive) of the last successfully finished delalloc
+ * range.
+ * Any range covered by ordered extent must either be manually marked
+ * finished (error handling), or has IO submitted (and finish the
+ * ordered extent normally).
+ *
+ * This records the end of ordered extent cleanup if we hit an error.
+ */
+ u64 last_finished_delalloc_end = page_start;
u64 delalloc_start = page_start;
u64 delalloc_end = page_end;
u64 delalloc_to_write = 0;
@@ -1227,11 +1242,19 @@ static noinline_for_stack int writepage_delalloc(struct btrfs_inode *inode,
found_len = last_delalloc_end + 1 - found_start;
if (ret >= 0) {
+ /*
+ * Some delalloc range may be created by previous folios.
+ * Thus we still need to clean up this range during error
+ * handling.
+ */
+ last_finished_delalloc_end = found_start;
/* No errors hit so far, run the current delalloc range. */
ret = btrfs_run_delalloc_range(inode, folio,
found_start,
found_start + found_len - 1,
wbc);
+ if (ret >= 0)
+ last_finished_delalloc_end = found_start + found_len;
} else {
/*
* We've hit an error during previous delalloc range,
@@ -1266,8 +1289,22 @@ static noinline_for_stack int writepage_delalloc(struct btrfs_inode *inode,
delalloc_start = found_start + found_len;
}
- if (ret < 0)
+ /*
+ * It's possible we had some ordered extents created before we hit
+ * an error, cleanup non-async successfully created delalloc ranges.
+ */
+ if (unlikely(ret < 0)) {
+ unsigned int bitmap_size = min(
+ (last_finished_delalloc_end - page_start) >>
+ fs_info->sectorsize_bits,
+ fs_info->sectors_per_page);
+
+ for_each_set_bit(bit, &bio_ctrl->submit_bitmap, bitmap_size)
+ btrfs_mark_ordered_io_finished(inode, folio,
+ page_start + (bit << fs_info->sectorsize_bits),
+ fs_info->sectorsize, false);
return ret;
+ }
out:
if (last_delalloc_end)
delalloc_end = last_delalloc_end;
@@ -1501,13 +1538,13 @@ static int extent_writepage(struct folio *folio, struct btrfs_bio_ctrl *bio_ctrl
bio_ctrl->wbc->nr_to_write--;
-done:
- if (ret) {
+ if (ret)
btrfs_mark_ordered_io_finished(inode, folio,
page_start, PAGE_SIZE, !ret);
- mapping_set_error(folio->mapping, ret);
- }
+done:
+ if (ret < 0)
+ mapping_set_error(folio->mapping, ret);
/*
* Only unlock ranges that are submitted. As there can be some async
* submitted ranges inside the folio.
diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c
index 1546f341f9a4..b81afe757f64 100644
--- a/fs/btrfs/inode.c
+++ b/fs/btrfs/inode.c
@@ -2301,8 +2301,7 @@ int btrfs_run_delalloc_range(struct btrfs_inode *inode, struct folio *locked_fol
out:
if (ret < 0)
- btrfs_cleanup_ordered_extents(inode, locked_folio, start,
- end - start + 1);
+ btrfs_cleanup_ordered_extents(inode, NULL, start, end - start + 1);
return ret;
}
4 months, 2 weeks
- 1
- 0
FAILED: patch "[PATCH] btrfs: fix double accounting race when" failed to apply to 6.1-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.1-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y
git checkout FETCH_HEAD
git cherry-pick -x 72dad8e377afa50435940adfb697e070d3556670
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025020552-lark-replica-ce84@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 72dad8e377afa50435940adfb697e070d3556670 Mon Sep 17 00:00:00 2001
From: Qu Wenruo <wqu(a)suse.com>
Date: Thu, 12 Dec 2024 16:43:55 +1030
Subject: [PATCH] btrfs: fix double accounting race when
btrfs_run_delalloc_range() failed
[BUG]
When running btrfs with block size (4K) smaller than page size (64K,
aarch64), there is a very high chance to crash the kernel at
generic/750, with the following messages:
(before the call traces, there are 3 extra debug messages added)
BTRFS warning (device dm-3): read-write for sector size 4096 with page size 65536 is experimental
BTRFS info (device dm-3): checking UUID tree
hrtimer: interrupt took 5451385 ns
BTRFS error (device dm-3): cow_file_range failed, root=4957 inode=257 start=1605632 len=69632: -28
BTRFS error (device dm-3): run_delalloc_nocow failed, root=4957 inode=257 start=1605632 len=69632: -28
BTRFS error (device dm-3): failed to run delalloc range, root=4957 ino=257 folio=1572864 submit_bitmap=8-15 start=1605632 len=69632: -28
------------[ cut here ]------------
WARNING: CPU: 2 PID: 3020984 at ordered-data.c:360 can_finish_ordered_extent+0x370/0x3b8 [btrfs]
CPU: 2 UID: 0 PID: 3020984 Comm: kworker/u24:1 Tainted: G OE 6.13.0-rc1-custom+ #89
Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE
Hardware name: QEMU KVM Virtual Machine, BIOS unknown 2/2/2022
Workqueue: events_unbound btrfs_async_reclaim_data_space [btrfs]
pc : can_finish_ordered_extent+0x370/0x3b8 [btrfs]
lr : can_finish_ordered_extent+0x1ec/0x3b8 [btrfs]
Call trace:
can_finish_ordered_extent+0x370/0x3b8 [btrfs] (P)
can_finish_ordered_extent+0x1ec/0x3b8 [btrfs] (L)
btrfs_mark_ordered_io_finished+0x130/0x2b8 [btrfs]
extent_writepage+0x10c/0x3b8 [btrfs]
extent_write_cache_pages+0x21c/0x4e8 [btrfs]
btrfs_writepages+0x94/0x160 [btrfs]
do_writepages+0x74/0x190
filemap_fdatawrite_wbc+0x74/0xa0
start_delalloc_inodes+0x17c/0x3b0 [btrfs]
btrfs_start_delalloc_roots+0x17c/0x288 [btrfs]
shrink_delalloc+0x11c/0x280 [btrfs]
flush_space+0x288/0x328 [btrfs]
btrfs_async_reclaim_data_space+0x180/0x228 [btrfs]
process_one_work+0x228/0x680
worker_thread+0x1bc/0x360
kthread+0x100/0x118
ret_from_fork+0x10/0x20
---[ end trace 0000000000000000 ]---
BTRFS critical (device dm-3): bad ordered extent accounting, root=4957 ino=257 OE offset=1605632 OE len=16384 to_dec=16384 left=0
BTRFS critical (device dm-3): bad ordered extent accounting, root=4957 ino=257 OE offset=1622016 OE len=12288 to_dec=12288 left=0
Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008
BTRFS critical (device dm-3): bad ordered extent accounting, root=4957 ino=257 OE offset=1634304 OE len=8192 to_dec=4096 left=0
CPU: 1 UID: 0 PID: 3286940 Comm: kworker/u24:3 Tainted: G W OE 6.13.0-rc1-custom+ #89
Hardware name: QEMU KVM Virtual Machine, BIOS unknown 2/2/2022
Workqueue: btrfs_work_helper [btrfs] (btrfs-endio-write)
pstate: 404000c5 (nZcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : process_one_work+0x110/0x680
lr : worker_thread+0x1bc/0x360
Call trace:
process_one_work+0x110/0x680 (P)
worker_thread+0x1bc/0x360 (L)
worker_thread+0x1bc/0x360
kthread+0x100/0x118
ret_from_fork+0x10/0x20
Code: f84086a1 f9000fe1 53041c21 b9003361 (f9400661)
---[ end trace 0000000000000000 ]---
Kernel panic - not syncing: Oops: Fatal exception
SMP: stopping secondary CPUs
SMP: failed to stop secondary CPUs 2-3
Dumping ftrace buffer:
(ftrace buffer empty)
Kernel Offset: 0x275bb9540000 from 0xffff800080000000
PHYS_OFFSET: 0xffff8fbba0000000
CPU features: 0x100,00000070,00801250,8201720b
[CAUSE]
The above warning is triggered immediately after the delalloc range
failure, this happens in the following sequence:
- Range [1568K, 1636K) is dirty
1536K 1568K 1600K 1636K 1664K
| |/////////|////////| |
Where 1536K, 1600K and 1664K are page boundaries (64K page size)
- Enter extent_writepage() for page 1536K
- Enter run_delalloc_nocow() with locked page 1536K and range
[1568K, 1636K)
This is due to the inode having preallocated extents.
- Enter cow_file_range() with locked page 1536K and range
[1568K, 1636K)
- btrfs_reserve_extent() only reserved two extents
The main loop of cow_file_range() only reserved two data extents,
Now we have:
1536K 1568K 1600K 1636K 1664K
| |<-->|<--->|/|///////| |
1584K 1596K
Range [1568K, 1596K) has an ordered extent reserved.
- btrfs_reserve_extent() failed inside cow_file_range() for file offset
1596K
This is already a bug in our space reservation code, but for now let's
focus on the error handling path.
Now cow_file_range() returned -ENOSPC.
- btrfs_run_delalloc_range() do error cleanup <<< ROOT CAUSE
Call btrfs_cleanup_ordered_extents() with locked folio 1536K and range
[1568K, 1636K)
Function btrfs_cleanup_ordered_extents() normally needs to skip the
ranges inside the folio, as it will normally be cleaned up by
extent_writepage().
Such split error handling is already problematic in the first place.
What's worse is the folio range skipping itself, which is not taking
subpage cases into consideration at all, it will only skip the range
if the page start >= the range start.
In our case, the page start < the range start, since for subpage cases
we can have delalloc ranges inside the folio but not covering the
folio.
So it doesn't skip the page range at all.
This means all the ordered extents, both [1568K, 1584K) and
[1584K, 1596K) will be marked as IOERR.
And these two ordered extents have no more pending ios, they are marked
finished, and *QUEUED* to be deleted from the io tree.
- extent_writepage() do error cleanup
Call btrfs_mark_ordered_io_finished() for the range [1536K, 1600K).
Although ranges [1568K, 1584K) and [1584K, 1596K) are finished, the
deletion from io tree is async, it may or may not happen at this
time.
If the ranges have not yet been removed, we will do double cleaning on
those ranges, triggering the above ordered extent warnings.
In theory there are other bugs, like the cleanup in extent_writepage()
can cause double accounting on ranges that are submitted asynchronously
(compression for example).
But that's much harder to trigger because normally we do not mix regular
and compression delalloc ranges.
[FIX]
The folio range split is already buggy and not subpage compatible, it
was introduced a long time ago where subpage support was not even considered.
So instead of splitting the ordered extents cleanup into the folio range
and out of folio range, do all the cleanup inside writepage_delalloc().
- Pass @NULL as locked_folio for btrfs_cleanup_ordered_extents() in
btrfs_run_delalloc_range()
- Skip the btrfs_cleanup_ordered_extents() if writepage_delalloc()
failed
So all ordered extents are only cleaned up by
btrfs_run_delalloc_range().
- Handle the ranges that already have ordered extents allocated
If part of the folio already has ordered extent allocated, and
btrfs_run_delalloc_range() failed, we also need to cleanup that range.
Now we have a concentrated error handling for ordered extents during
btrfs_run_delalloc_range().
Fixes: d1051d6ebf8e ("btrfs: Fix error handling in btrfs_cleanup_ordered_extents")
CC: stable(a)vger.kernel.org # 5.15+
Reviewed-by: Boris Burkov <boris(a)bur.io>
Signed-off-by: Qu Wenruo <wqu(a)suse.com>
Signed-off-by: David Sterba <dsterba(a)suse.com>
diff --git a/fs/btrfs/extent_io.c b/fs/btrfs/extent_io.c
index c068a442753c..bc2bd103c8cc 100644
--- a/fs/btrfs/extent_io.c
+++ b/fs/btrfs/extent_io.c
@@ -1134,14 +1134,19 @@ static bool find_next_delalloc_bitmap(struct folio *folio,
}
/*
- * helper for extent_writepage(), doing all of the delayed allocation setup.
+ * Do all of the delayed allocation setup.
*
- * This returns 1 if btrfs_run_delalloc_range function did all the work required
- * to write the page (copy into inline extent). In this case the IO has
- * been started and the page is already unlocked.
+ * Return >0 if all the dirty blocks are submitted async (compression) or inlined.
+ * The @folio should no longer be touched (treat it as already unlocked).
*
- * This returns 0 if all went well (page still locked)
- * This returns < 0 if there were errors (page still locked)
+ * Return 0 if there is still dirty block that needs to be submitted through
+ * extent_writepage_io().
+ * bio_ctrl->submit_bitmap will indicate which blocks of the folio should be
+ * submitted, and @folio is still kept locked.
+ *
+ * Return <0 if there is any error hit.
+ * Any allocated ordered extent range covering this folio will be marked
+ * finished (IOERR), and @folio is still kept locked.
*/
static noinline_for_stack int writepage_delalloc(struct btrfs_inode *inode,
struct folio *folio,
@@ -1159,6 +1164,16 @@ static noinline_for_stack int writepage_delalloc(struct btrfs_inode *inode,
* last delalloc end.
*/
u64 last_delalloc_end = 0;
+ /*
+ * The range end (exclusive) of the last successfully finished delalloc
+ * range.
+ * Any range covered by ordered extent must either be manually marked
+ * finished (error handling), or has IO submitted (and finish the
+ * ordered extent normally).
+ *
+ * This records the end of ordered extent cleanup if we hit an error.
+ */
+ u64 last_finished_delalloc_end = page_start;
u64 delalloc_start = page_start;
u64 delalloc_end = page_end;
u64 delalloc_to_write = 0;
@@ -1227,11 +1242,19 @@ static noinline_for_stack int writepage_delalloc(struct btrfs_inode *inode,
found_len = last_delalloc_end + 1 - found_start;
if (ret >= 0) {
+ /*
+ * Some delalloc range may be created by previous folios.
+ * Thus we still need to clean up this range during error
+ * handling.
+ */
+ last_finished_delalloc_end = found_start;
/* No errors hit so far, run the current delalloc range. */
ret = btrfs_run_delalloc_range(inode, folio,
found_start,
found_start + found_len - 1,
wbc);
+ if (ret >= 0)
+ last_finished_delalloc_end = found_start + found_len;
} else {
/*
* We've hit an error during previous delalloc range,
@@ -1266,8 +1289,22 @@ static noinline_for_stack int writepage_delalloc(struct btrfs_inode *inode,
delalloc_start = found_start + found_len;
}
- if (ret < 0)
+ /*
+ * It's possible we had some ordered extents created before we hit
+ * an error, cleanup non-async successfully created delalloc ranges.
+ */
+ if (unlikely(ret < 0)) {
+ unsigned int bitmap_size = min(
+ (last_finished_delalloc_end - page_start) >>
+ fs_info->sectorsize_bits,
+ fs_info->sectors_per_page);
+
+ for_each_set_bit(bit, &bio_ctrl->submit_bitmap, bitmap_size)
+ btrfs_mark_ordered_io_finished(inode, folio,
+ page_start + (bit << fs_info->sectorsize_bits),
+ fs_info->sectorsize, false);
return ret;
+ }
out:
if (last_delalloc_end)
delalloc_end = last_delalloc_end;
@@ -1501,13 +1538,13 @@ static int extent_writepage(struct folio *folio, struct btrfs_bio_ctrl *bio_ctrl
bio_ctrl->wbc->nr_to_write--;
-done:
- if (ret) {
+ if (ret)
btrfs_mark_ordered_io_finished(inode, folio,
page_start, PAGE_SIZE, !ret);
- mapping_set_error(folio->mapping, ret);
- }
+done:
+ if (ret < 0)
+ mapping_set_error(folio->mapping, ret);
/*
* Only unlock ranges that are submitted. As there can be some async
* submitted ranges inside the folio.
diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c
index 1546f341f9a4..b81afe757f64 100644
--- a/fs/btrfs/inode.c
+++ b/fs/btrfs/inode.c
@@ -2301,8 +2301,7 @@ int btrfs_run_delalloc_range(struct btrfs_inode *inode, struct folio *locked_fol
out:
if (ret < 0)
- btrfs_cleanup_ordered_extents(inode, locked_folio, start,
- end - start + 1);
+ btrfs_cleanup_ordered_extents(inode, NULL, start, end - start + 1);
return ret;
}
4 months, 2 weeks
- 1
- 0
FAILED: patch "[PATCH] btrfs: fix double accounting race when" failed to apply to 6.6-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.6-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y
git checkout FETCH_HEAD
git cherry-pick -x 72dad8e377afa50435940adfb697e070d3556670
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025020549-blast-sports-fb0a@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 72dad8e377afa50435940adfb697e070d3556670 Mon Sep 17 00:00:00 2001
From: Qu Wenruo <wqu(a)suse.com>
Date: Thu, 12 Dec 2024 16:43:55 +1030
Subject: [PATCH] btrfs: fix double accounting race when
btrfs_run_delalloc_range() failed
[BUG]
When running btrfs with block size (4K) smaller than page size (64K,
aarch64), there is a very high chance to crash the kernel at
generic/750, with the following messages:
(before the call traces, there are 3 extra debug messages added)
BTRFS warning (device dm-3): read-write for sector size 4096 with page size 65536 is experimental
BTRFS info (device dm-3): checking UUID tree
hrtimer: interrupt took 5451385 ns
BTRFS error (device dm-3): cow_file_range failed, root=4957 inode=257 start=1605632 len=69632: -28
BTRFS error (device dm-3): run_delalloc_nocow failed, root=4957 inode=257 start=1605632 len=69632: -28
BTRFS error (device dm-3): failed to run delalloc range, root=4957 ino=257 folio=1572864 submit_bitmap=8-15 start=1605632 len=69632: -28
------------[ cut here ]------------
WARNING: CPU: 2 PID: 3020984 at ordered-data.c:360 can_finish_ordered_extent+0x370/0x3b8 [btrfs]
CPU: 2 UID: 0 PID: 3020984 Comm: kworker/u24:1 Tainted: G OE 6.13.0-rc1-custom+ #89
Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE
Hardware name: QEMU KVM Virtual Machine, BIOS unknown 2/2/2022
Workqueue: events_unbound btrfs_async_reclaim_data_space [btrfs]
pc : can_finish_ordered_extent+0x370/0x3b8 [btrfs]
lr : can_finish_ordered_extent+0x1ec/0x3b8 [btrfs]
Call trace:
can_finish_ordered_extent+0x370/0x3b8 [btrfs] (P)
can_finish_ordered_extent+0x1ec/0x3b8 [btrfs] (L)
btrfs_mark_ordered_io_finished+0x130/0x2b8 [btrfs]
extent_writepage+0x10c/0x3b8 [btrfs]
extent_write_cache_pages+0x21c/0x4e8 [btrfs]
btrfs_writepages+0x94/0x160 [btrfs]
do_writepages+0x74/0x190
filemap_fdatawrite_wbc+0x74/0xa0
start_delalloc_inodes+0x17c/0x3b0 [btrfs]
btrfs_start_delalloc_roots+0x17c/0x288 [btrfs]
shrink_delalloc+0x11c/0x280 [btrfs]
flush_space+0x288/0x328 [btrfs]
btrfs_async_reclaim_data_space+0x180/0x228 [btrfs]
process_one_work+0x228/0x680
worker_thread+0x1bc/0x360
kthread+0x100/0x118
ret_from_fork+0x10/0x20
---[ end trace 0000000000000000 ]---
BTRFS critical (device dm-3): bad ordered extent accounting, root=4957 ino=257 OE offset=1605632 OE len=16384 to_dec=16384 left=0
BTRFS critical (device dm-3): bad ordered extent accounting, root=4957 ino=257 OE offset=1622016 OE len=12288 to_dec=12288 left=0
Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008
BTRFS critical (device dm-3): bad ordered extent accounting, root=4957 ino=257 OE offset=1634304 OE len=8192 to_dec=4096 left=0
CPU: 1 UID: 0 PID: 3286940 Comm: kworker/u24:3 Tainted: G W OE 6.13.0-rc1-custom+ #89
Hardware name: QEMU KVM Virtual Machine, BIOS unknown 2/2/2022
Workqueue: btrfs_work_helper [btrfs] (btrfs-endio-write)
pstate: 404000c5 (nZcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : process_one_work+0x110/0x680
lr : worker_thread+0x1bc/0x360
Call trace:
process_one_work+0x110/0x680 (P)
worker_thread+0x1bc/0x360 (L)
worker_thread+0x1bc/0x360
kthread+0x100/0x118
ret_from_fork+0x10/0x20
Code: f84086a1 f9000fe1 53041c21 b9003361 (f9400661)
---[ end trace 0000000000000000 ]---
Kernel panic - not syncing: Oops: Fatal exception
SMP: stopping secondary CPUs
SMP: failed to stop secondary CPUs 2-3
Dumping ftrace buffer:
(ftrace buffer empty)
Kernel Offset: 0x275bb9540000 from 0xffff800080000000
PHYS_OFFSET: 0xffff8fbba0000000
CPU features: 0x100,00000070,00801250,8201720b
[CAUSE]
The above warning is triggered immediately after the delalloc range
failure, this happens in the following sequence:
- Range [1568K, 1636K) is dirty
1536K 1568K 1600K 1636K 1664K
| |/////////|////////| |
Where 1536K, 1600K and 1664K are page boundaries (64K page size)
- Enter extent_writepage() for page 1536K
- Enter run_delalloc_nocow() with locked page 1536K and range
[1568K, 1636K)
This is due to the inode having preallocated extents.
- Enter cow_file_range() with locked page 1536K and range
[1568K, 1636K)
- btrfs_reserve_extent() only reserved two extents
The main loop of cow_file_range() only reserved two data extents,
Now we have:
1536K 1568K 1600K 1636K 1664K
| |<-->|<--->|/|///////| |
1584K 1596K
Range [1568K, 1596K) has an ordered extent reserved.
- btrfs_reserve_extent() failed inside cow_file_range() for file offset
1596K
This is already a bug in our space reservation code, but for now let's
focus on the error handling path.
Now cow_file_range() returned -ENOSPC.
- btrfs_run_delalloc_range() do error cleanup <<< ROOT CAUSE
Call btrfs_cleanup_ordered_extents() with locked folio 1536K and range
[1568K, 1636K)
Function btrfs_cleanup_ordered_extents() normally needs to skip the
ranges inside the folio, as it will normally be cleaned up by
extent_writepage().
Such split error handling is already problematic in the first place.
What's worse is the folio range skipping itself, which is not taking
subpage cases into consideration at all, it will only skip the range
if the page start >= the range start.
In our case, the page start < the range start, since for subpage cases
we can have delalloc ranges inside the folio but not covering the
folio.
So it doesn't skip the page range at all.
This means all the ordered extents, both [1568K, 1584K) and
[1584K, 1596K) will be marked as IOERR.
And these two ordered extents have no more pending ios, they are marked
finished, and *QUEUED* to be deleted from the io tree.
- extent_writepage() do error cleanup
Call btrfs_mark_ordered_io_finished() for the range [1536K, 1600K).
Although ranges [1568K, 1584K) and [1584K, 1596K) are finished, the
deletion from io tree is async, it may or may not happen at this
time.
If the ranges have not yet been removed, we will do double cleaning on
those ranges, triggering the above ordered extent warnings.
In theory there are other bugs, like the cleanup in extent_writepage()
can cause double accounting on ranges that are submitted asynchronously
(compression for example).
But that's much harder to trigger because normally we do not mix regular
and compression delalloc ranges.
[FIX]
The folio range split is already buggy and not subpage compatible, it
was introduced a long time ago where subpage support was not even considered.
So instead of splitting the ordered extents cleanup into the folio range
and out of folio range, do all the cleanup inside writepage_delalloc().
- Pass @NULL as locked_folio for btrfs_cleanup_ordered_extents() in
btrfs_run_delalloc_range()
- Skip the btrfs_cleanup_ordered_extents() if writepage_delalloc()
failed
So all ordered extents are only cleaned up by
btrfs_run_delalloc_range().
- Handle the ranges that already have ordered extents allocated
If part of the folio already has ordered extent allocated, and
btrfs_run_delalloc_range() failed, we also need to cleanup that range.
Now we have a concentrated error handling for ordered extents during
btrfs_run_delalloc_range().
Fixes: d1051d6ebf8e ("btrfs: Fix error handling in btrfs_cleanup_ordered_extents")
CC: stable(a)vger.kernel.org # 5.15+
Reviewed-by: Boris Burkov <boris(a)bur.io>
Signed-off-by: Qu Wenruo <wqu(a)suse.com>
Signed-off-by: David Sterba <dsterba(a)suse.com>
diff --git a/fs/btrfs/extent_io.c b/fs/btrfs/extent_io.c
index c068a442753c..bc2bd103c8cc 100644
--- a/fs/btrfs/extent_io.c
+++ b/fs/btrfs/extent_io.c
@@ -1134,14 +1134,19 @@ static bool find_next_delalloc_bitmap(struct folio *folio,
}
/*
- * helper for extent_writepage(), doing all of the delayed allocation setup.
+ * Do all of the delayed allocation setup.
*
- * This returns 1 if btrfs_run_delalloc_range function did all the work required
- * to write the page (copy into inline extent). In this case the IO has
- * been started and the page is already unlocked.
+ * Return >0 if all the dirty blocks are submitted async (compression) or inlined.
+ * The @folio should no longer be touched (treat it as already unlocked).
*
- * This returns 0 if all went well (page still locked)
- * This returns < 0 if there were errors (page still locked)
+ * Return 0 if there is still dirty block that needs to be submitted through
+ * extent_writepage_io().
+ * bio_ctrl->submit_bitmap will indicate which blocks of the folio should be
+ * submitted, and @folio is still kept locked.
+ *
+ * Return <0 if there is any error hit.
+ * Any allocated ordered extent range covering this folio will be marked
+ * finished (IOERR), and @folio is still kept locked.
*/
static noinline_for_stack int writepage_delalloc(struct btrfs_inode *inode,
struct folio *folio,
@@ -1159,6 +1164,16 @@ static noinline_for_stack int writepage_delalloc(struct btrfs_inode *inode,
* last delalloc end.
*/
u64 last_delalloc_end = 0;
+ /*
+ * The range end (exclusive) of the last successfully finished delalloc
+ * range.
+ * Any range covered by ordered extent must either be manually marked
+ * finished (error handling), or has IO submitted (and finish the
+ * ordered extent normally).
+ *
+ * This records the end of ordered extent cleanup if we hit an error.
+ */
+ u64 last_finished_delalloc_end = page_start;
u64 delalloc_start = page_start;
u64 delalloc_end = page_end;
u64 delalloc_to_write = 0;
@@ -1227,11 +1242,19 @@ static noinline_for_stack int writepage_delalloc(struct btrfs_inode *inode,
found_len = last_delalloc_end + 1 - found_start;
if (ret >= 0) {
+ /*
+ * Some delalloc range may be created by previous folios.
+ * Thus we still need to clean up this range during error
+ * handling.
+ */
+ last_finished_delalloc_end = found_start;
/* No errors hit so far, run the current delalloc range. */
ret = btrfs_run_delalloc_range(inode, folio,
found_start,
found_start + found_len - 1,
wbc);
+ if (ret >= 0)
+ last_finished_delalloc_end = found_start + found_len;
} else {
/*
* We've hit an error during previous delalloc range,
@@ -1266,8 +1289,22 @@ static noinline_for_stack int writepage_delalloc(struct btrfs_inode *inode,
delalloc_start = found_start + found_len;
}
- if (ret < 0)
+ /*
+ * It's possible we had some ordered extents created before we hit
+ * an error, cleanup non-async successfully created delalloc ranges.
+ */
+ if (unlikely(ret < 0)) {
+ unsigned int bitmap_size = min(
+ (last_finished_delalloc_end - page_start) >>
+ fs_info->sectorsize_bits,
+ fs_info->sectors_per_page);
+
+ for_each_set_bit(bit, &bio_ctrl->submit_bitmap, bitmap_size)
+ btrfs_mark_ordered_io_finished(inode, folio,
+ page_start + (bit << fs_info->sectorsize_bits),
+ fs_info->sectorsize, false);
return ret;
+ }
out:
if (last_delalloc_end)
delalloc_end = last_delalloc_end;
@@ -1501,13 +1538,13 @@ static int extent_writepage(struct folio *folio, struct btrfs_bio_ctrl *bio_ctrl
bio_ctrl->wbc->nr_to_write--;
-done:
- if (ret) {
+ if (ret)
btrfs_mark_ordered_io_finished(inode, folio,
page_start, PAGE_SIZE, !ret);
- mapping_set_error(folio->mapping, ret);
- }
+done:
+ if (ret < 0)
+ mapping_set_error(folio->mapping, ret);
/*
* Only unlock ranges that are submitted. As there can be some async
* submitted ranges inside the folio.
diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c
index 1546f341f9a4..b81afe757f64 100644
--- a/fs/btrfs/inode.c
+++ b/fs/btrfs/inode.c
@@ -2301,8 +2301,7 @@ int btrfs_run_delalloc_range(struct btrfs_inode *inode, struct folio *locked_fol
out:
if (ret < 0)
- btrfs_cleanup_ordered_extents(inode, locked_folio, start,
- end - start + 1);
+ btrfs_cleanup_ordered_extents(inode, NULL, start, end - start + 1);
return ret;
}
4 months, 2 weeks
- 1
- 0
FAILED: patch "[PATCH] btrfs: fix double accounting race when" failed to apply to 6.12-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.12-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y
git checkout FETCH_HEAD
git cherry-pick -x 72dad8e377afa50435940adfb697e070d3556670
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025020547-navigator-sesame-819a@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 72dad8e377afa50435940adfb697e070d3556670 Mon Sep 17 00:00:00 2001
From: Qu Wenruo <wqu(a)suse.com>
Date: Thu, 12 Dec 2024 16:43:55 +1030
Subject: [PATCH] btrfs: fix double accounting race when
btrfs_run_delalloc_range() failed
[BUG]
When running btrfs with block size (4K) smaller than page size (64K,
aarch64), there is a very high chance to crash the kernel at
generic/750, with the following messages:
(before the call traces, there are 3 extra debug messages added)
BTRFS warning (device dm-3): read-write for sector size 4096 with page size 65536 is experimental
BTRFS info (device dm-3): checking UUID tree
hrtimer: interrupt took 5451385 ns
BTRFS error (device dm-3): cow_file_range failed, root=4957 inode=257 start=1605632 len=69632: -28
BTRFS error (device dm-3): run_delalloc_nocow failed, root=4957 inode=257 start=1605632 len=69632: -28
BTRFS error (device dm-3): failed to run delalloc range, root=4957 ino=257 folio=1572864 submit_bitmap=8-15 start=1605632 len=69632: -28
------------[ cut here ]------------
WARNING: CPU: 2 PID: 3020984 at ordered-data.c:360 can_finish_ordered_extent+0x370/0x3b8 [btrfs]
CPU: 2 UID: 0 PID: 3020984 Comm: kworker/u24:1 Tainted: G OE 6.13.0-rc1-custom+ #89
Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE
Hardware name: QEMU KVM Virtual Machine, BIOS unknown 2/2/2022
Workqueue: events_unbound btrfs_async_reclaim_data_space [btrfs]
pc : can_finish_ordered_extent+0x370/0x3b8 [btrfs]
lr : can_finish_ordered_extent+0x1ec/0x3b8 [btrfs]
Call trace:
can_finish_ordered_extent+0x370/0x3b8 [btrfs] (P)
can_finish_ordered_extent+0x1ec/0x3b8 [btrfs] (L)
btrfs_mark_ordered_io_finished+0x130/0x2b8 [btrfs]
extent_writepage+0x10c/0x3b8 [btrfs]
extent_write_cache_pages+0x21c/0x4e8 [btrfs]
btrfs_writepages+0x94/0x160 [btrfs]
do_writepages+0x74/0x190
filemap_fdatawrite_wbc+0x74/0xa0
start_delalloc_inodes+0x17c/0x3b0 [btrfs]
btrfs_start_delalloc_roots+0x17c/0x288 [btrfs]
shrink_delalloc+0x11c/0x280 [btrfs]
flush_space+0x288/0x328 [btrfs]
btrfs_async_reclaim_data_space+0x180/0x228 [btrfs]
process_one_work+0x228/0x680
worker_thread+0x1bc/0x360
kthread+0x100/0x118
ret_from_fork+0x10/0x20
---[ end trace 0000000000000000 ]---
BTRFS critical (device dm-3): bad ordered extent accounting, root=4957 ino=257 OE offset=1605632 OE len=16384 to_dec=16384 left=0
BTRFS critical (device dm-3): bad ordered extent accounting, root=4957 ino=257 OE offset=1622016 OE len=12288 to_dec=12288 left=0
Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008
BTRFS critical (device dm-3): bad ordered extent accounting, root=4957 ino=257 OE offset=1634304 OE len=8192 to_dec=4096 left=0
CPU: 1 UID: 0 PID: 3286940 Comm: kworker/u24:3 Tainted: G W OE 6.13.0-rc1-custom+ #89
Hardware name: QEMU KVM Virtual Machine, BIOS unknown 2/2/2022
Workqueue: btrfs_work_helper [btrfs] (btrfs-endio-write)
pstate: 404000c5 (nZcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : process_one_work+0x110/0x680
lr : worker_thread+0x1bc/0x360
Call trace:
process_one_work+0x110/0x680 (P)
worker_thread+0x1bc/0x360 (L)
worker_thread+0x1bc/0x360
kthread+0x100/0x118
ret_from_fork+0x10/0x20
Code: f84086a1 f9000fe1 53041c21 b9003361 (f9400661)
---[ end trace 0000000000000000 ]---
Kernel panic - not syncing: Oops: Fatal exception
SMP: stopping secondary CPUs
SMP: failed to stop secondary CPUs 2-3
Dumping ftrace buffer:
(ftrace buffer empty)
Kernel Offset: 0x275bb9540000 from 0xffff800080000000
PHYS_OFFSET: 0xffff8fbba0000000
CPU features: 0x100,00000070,00801250,8201720b
[CAUSE]
The above warning is triggered immediately after the delalloc range
failure, this happens in the following sequence:
- Range [1568K, 1636K) is dirty
1536K 1568K 1600K 1636K 1664K
| |/////////|////////| |
Where 1536K, 1600K and 1664K are page boundaries (64K page size)
- Enter extent_writepage() for page 1536K
- Enter run_delalloc_nocow() with locked page 1536K and range
[1568K, 1636K)
This is due to the inode having preallocated extents.
- Enter cow_file_range() with locked page 1536K and range
[1568K, 1636K)
- btrfs_reserve_extent() only reserved two extents
The main loop of cow_file_range() only reserved two data extents,
Now we have:
1536K 1568K 1600K 1636K 1664K
| |<-->|<--->|/|///////| |
1584K 1596K
Range [1568K, 1596K) has an ordered extent reserved.
- btrfs_reserve_extent() failed inside cow_file_range() for file offset
1596K
This is already a bug in our space reservation code, but for now let's
focus on the error handling path.
Now cow_file_range() returned -ENOSPC.
- btrfs_run_delalloc_range() do error cleanup <<< ROOT CAUSE
Call btrfs_cleanup_ordered_extents() with locked folio 1536K and range
[1568K, 1636K)
Function btrfs_cleanup_ordered_extents() normally needs to skip the
ranges inside the folio, as it will normally be cleaned up by
extent_writepage().
Such split error handling is already problematic in the first place.
What's worse is the folio range skipping itself, which is not taking
subpage cases into consideration at all, it will only skip the range
if the page start >= the range start.
In our case, the page start < the range start, since for subpage cases
we can have delalloc ranges inside the folio but not covering the
folio.
So it doesn't skip the page range at all.
This means all the ordered extents, both [1568K, 1584K) and
[1584K, 1596K) will be marked as IOERR.
And these two ordered extents have no more pending ios, they are marked
finished, and *QUEUED* to be deleted from the io tree.
- extent_writepage() do error cleanup
Call btrfs_mark_ordered_io_finished() for the range [1536K, 1600K).
Although ranges [1568K, 1584K) and [1584K, 1596K) are finished, the
deletion from io tree is async, it may or may not happen at this
time.
If the ranges have not yet been removed, we will do double cleaning on
those ranges, triggering the above ordered extent warnings.
In theory there are other bugs, like the cleanup in extent_writepage()
can cause double accounting on ranges that are submitted asynchronously
(compression for example).
But that's much harder to trigger because normally we do not mix regular
and compression delalloc ranges.
[FIX]
The folio range split is already buggy and not subpage compatible, it
was introduced a long time ago where subpage support was not even considered.
So instead of splitting the ordered extents cleanup into the folio range
and out of folio range, do all the cleanup inside writepage_delalloc().
- Pass @NULL as locked_folio for btrfs_cleanup_ordered_extents() in
btrfs_run_delalloc_range()
- Skip the btrfs_cleanup_ordered_extents() if writepage_delalloc()
failed
So all ordered extents are only cleaned up by
btrfs_run_delalloc_range().
- Handle the ranges that already have ordered extents allocated
If part of the folio already has ordered extent allocated, and
btrfs_run_delalloc_range() failed, we also need to cleanup that range.
Now we have a concentrated error handling for ordered extents during
btrfs_run_delalloc_range().
Fixes: d1051d6ebf8e ("btrfs: Fix error handling in btrfs_cleanup_ordered_extents")
CC: stable(a)vger.kernel.org # 5.15+
Reviewed-by: Boris Burkov <boris(a)bur.io>
Signed-off-by: Qu Wenruo <wqu(a)suse.com>
Signed-off-by: David Sterba <dsterba(a)suse.com>
diff --git a/fs/btrfs/extent_io.c b/fs/btrfs/extent_io.c
index c068a442753c..bc2bd103c8cc 100644
--- a/fs/btrfs/extent_io.c
+++ b/fs/btrfs/extent_io.c
@@ -1134,14 +1134,19 @@ static bool find_next_delalloc_bitmap(struct folio *folio,
}
/*
- * helper for extent_writepage(), doing all of the delayed allocation setup.
+ * Do all of the delayed allocation setup.
*
- * This returns 1 if btrfs_run_delalloc_range function did all the work required
- * to write the page (copy into inline extent). In this case the IO has
- * been started and the page is already unlocked.
+ * Return >0 if all the dirty blocks are submitted async (compression) or inlined.
+ * The @folio should no longer be touched (treat it as already unlocked).
*
- * This returns 0 if all went well (page still locked)
- * This returns < 0 if there were errors (page still locked)
+ * Return 0 if there is still dirty block that needs to be submitted through
+ * extent_writepage_io().
+ * bio_ctrl->submit_bitmap will indicate which blocks of the folio should be
+ * submitted, and @folio is still kept locked.
+ *
+ * Return <0 if there is any error hit.
+ * Any allocated ordered extent range covering this folio will be marked
+ * finished (IOERR), and @folio is still kept locked.
*/
static noinline_for_stack int writepage_delalloc(struct btrfs_inode *inode,
struct folio *folio,
@@ -1159,6 +1164,16 @@ static noinline_for_stack int writepage_delalloc(struct btrfs_inode *inode,
* last delalloc end.
*/
u64 last_delalloc_end = 0;
+ /*
+ * The range end (exclusive) of the last successfully finished delalloc
+ * range.
+ * Any range covered by ordered extent must either be manually marked
+ * finished (error handling), or has IO submitted (and finish the
+ * ordered extent normally).
+ *
+ * This records the end of ordered extent cleanup if we hit an error.
+ */
+ u64 last_finished_delalloc_end = page_start;
u64 delalloc_start = page_start;
u64 delalloc_end = page_end;
u64 delalloc_to_write = 0;
@@ -1227,11 +1242,19 @@ static noinline_for_stack int writepage_delalloc(struct btrfs_inode *inode,
found_len = last_delalloc_end + 1 - found_start;
if (ret >= 0) {
+ /*
+ * Some delalloc range may be created by previous folios.
+ * Thus we still need to clean up this range during error
+ * handling.
+ */
+ last_finished_delalloc_end = found_start;
/* No errors hit so far, run the current delalloc range. */
ret = btrfs_run_delalloc_range(inode, folio,
found_start,
found_start + found_len - 1,
wbc);
+ if (ret >= 0)
+ last_finished_delalloc_end = found_start + found_len;
} else {
/*
* We've hit an error during previous delalloc range,
@@ -1266,8 +1289,22 @@ static noinline_for_stack int writepage_delalloc(struct btrfs_inode *inode,
delalloc_start = found_start + found_len;
}
- if (ret < 0)
+ /*
+ * It's possible we had some ordered extents created before we hit
+ * an error, cleanup non-async successfully created delalloc ranges.
+ */
+ if (unlikely(ret < 0)) {
+ unsigned int bitmap_size = min(
+ (last_finished_delalloc_end - page_start) >>
+ fs_info->sectorsize_bits,
+ fs_info->sectors_per_page);
+
+ for_each_set_bit(bit, &bio_ctrl->submit_bitmap, bitmap_size)
+ btrfs_mark_ordered_io_finished(inode, folio,
+ page_start + (bit << fs_info->sectorsize_bits),
+ fs_info->sectorsize, false);
return ret;
+ }
out:
if (last_delalloc_end)
delalloc_end = last_delalloc_end;
@@ -1501,13 +1538,13 @@ static int extent_writepage(struct folio *folio, struct btrfs_bio_ctrl *bio_ctrl
bio_ctrl->wbc->nr_to_write--;
-done:
- if (ret) {
+ if (ret)
btrfs_mark_ordered_io_finished(inode, folio,
page_start, PAGE_SIZE, !ret);
- mapping_set_error(folio->mapping, ret);
- }
+done:
+ if (ret < 0)
+ mapping_set_error(folio->mapping, ret);
/*
* Only unlock ranges that are submitted. As there can be some async
* submitted ranges inside the folio.
diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c
index 1546f341f9a4..b81afe757f64 100644
--- a/fs/btrfs/inode.c
+++ b/fs/btrfs/inode.c
@@ -2301,8 +2301,7 @@ int btrfs_run_delalloc_range(struct btrfs_inode *inode, struct folio *locked_fol
out:
if (ret < 0)
- btrfs_cleanup_ordered_extents(inode, locked_folio, start,
- end - start + 1);
+ btrfs_cleanup_ordered_extents(inode, NULL, start, end - start + 1);
return ret;
}
4 months, 2 weeks
- 1
- 0
FAILED: patch "[PATCH] btrfs: fix double accounting race when" failed to apply to 6.13-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.13-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.13.y
git checkout FETCH_HEAD
git cherry-pick -x 72dad8e377afa50435940adfb697e070d3556670
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025020544-aftermath-monkhood-1fa2@gregkh' --subject-prefix 'PATCH 6.13.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 72dad8e377afa50435940adfb697e070d3556670 Mon Sep 17 00:00:00 2001
From: Qu Wenruo <wqu(a)suse.com>
Date: Thu, 12 Dec 2024 16:43:55 +1030
Subject: [PATCH] btrfs: fix double accounting race when
btrfs_run_delalloc_range() failed
[BUG]
When running btrfs with block size (4K) smaller than page size (64K,
aarch64), there is a very high chance to crash the kernel at
generic/750, with the following messages:
(before the call traces, there are 3 extra debug messages added)
BTRFS warning (device dm-3): read-write for sector size 4096 with page size 65536 is experimental
BTRFS info (device dm-3): checking UUID tree
hrtimer: interrupt took 5451385 ns
BTRFS error (device dm-3): cow_file_range failed, root=4957 inode=257 start=1605632 len=69632: -28
BTRFS error (device dm-3): run_delalloc_nocow failed, root=4957 inode=257 start=1605632 len=69632: -28
BTRFS error (device dm-3): failed to run delalloc range, root=4957 ino=257 folio=1572864 submit_bitmap=8-15 start=1605632 len=69632: -28
------------[ cut here ]------------
WARNING: CPU: 2 PID: 3020984 at ordered-data.c:360 can_finish_ordered_extent+0x370/0x3b8 [btrfs]
CPU: 2 UID: 0 PID: 3020984 Comm: kworker/u24:1 Tainted: G OE 6.13.0-rc1-custom+ #89
Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE
Hardware name: QEMU KVM Virtual Machine, BIOS unknown 2/2/2022
Workqueue: events_unbound btrfs_async_reclaim_data_space [btrfs]
pc : can_finish_ordered_extent+0x370/0x3b8 [btrfs]
lr : can_finish_ordered_extent+0x1ec/0x3b8 [btrfs]
Call trace:
can_finish_ordered_extent+0x370/0x3b8 [btrfs] (P)
can_finish_ordered_extent+0x1ec/0x3b8 [btrfs] (L)
btrfs_mark_ordered_io_finished+0x130/0x2b8 [btrfs]
extent_writepage+0x10c/0x3b8 [btrfs]
extent_write_cache_pages+0x21c/0x4e8 [btrfs]
btrfs_writepages+0x94/0x160 [btrfs]
do_writepages+0x74/0x190
filemap_fdatawrite_wbc+0x74/0xa0
start_delalloc_inodes+0x17c/0x3b0 [btrfs]
btrfs_start_delalloc_roots+0x17c/0x288 [btrfs]
shrink_delalloc+0x11c/0x280 [btrfs]
flush_space+0x288/0x328 [btrfs]
btrfs_async_reclaim_data_space+0x180/0x228 [btrfs]
process_one_work+0x228/0x680
worker_thread+0x1bc/0x360
kthread+0x100/0x118
ret_from_fork+0x10/0x20
---[ end trace 0000000000000000 ]---
BTRFS critical (device dm-3): bad ordered extent accounting, root=4957 ino=257 OE offset=1605632 OE len=16384 to_dec=16384 left=0
BTRFS critical (device dm-3): bad ordered extent accounting, root=4957 ino=257 OE offset=1622016 OE len=12288 to_dec=12288 left=0
Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008
BTRFS critical (device dm-3): bad ordered extent accounting, root=4957 ino=257 OE offset=1634304 OE len=8192 to_dec=4096 left=0
CPU: 1 UID: 0 PID: 3286940 Comm: kworker/u24:3 Tainted: G W OE 6.13.0-rc1-custom+ #89
Hardware name: QEMU KVM Virtual Machine, BIOS unknown 2/2/2022
Workqueue: btrfs_work_helper [btrfs] (btrfs-endio-write)
pstate: 404000c5 (nZcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : process_one_work+0x110/0x680
lr : worker_thread+0x1bc/0x360
Call trace:
process_one_work+0x110/0x680 (P)
worker_thread+0x1bc/0x360 (L)
worker_thread+0x1bc/0x360
kthread+0x100/0x118
ret_from_fork+0x10/0x20
Code: f84086a1 f9000fe1 53041c21 b9003361 (f9400661)
---[ end trace 0000000000000000 ]---
Kernel panic - not syncing: Oops: Fatal exception
SMP: stopping secondary CPUs
SMP: failed to stop secondary CPUs 2-3
Dumping ftrace buffer:
(ftrace buffer empty)
Kernel Offset: 0x275bb9540000 from 0xffff800080000000
PHYS_OFFSET: 0xffff8fbba0000000
CPU features: 0x100,00000070,00801250,8201720b
[CAUSE]
The above warning is triggered immediately after the delalloc range
failure, this happens in the following sequence:
- Range [1568K, 1636K) is dirty
1536K 1568K 1600K 1636K 1664K
| |/////////|////////| |
Where 1536K, 1600K and 1664K are page boundaries (64K page size)
- Enter extent_writepage() for page 1536K
- Enter run_delalloc_nocow() with locked page 1536K and range
[1568K, 1636K)
This is due to the inode having preallocated extents.
- Enter cow_file_range() with locked page 1536K and range
[1568K, 1636K)
- btrfs_reserve_extent() only reserved two extents
The main loop of cow_file_range() only reserved two data extents,
Now we have:
1536K 1568K 1600K 1636K 1664K
| |<-->|<--->|/|///////| |
1584K 1596K
Range [1568K, 1596K) has an ordered extent reserved.
- btrfs_reserve_extent() failed inside cow_file_range() for file offset
1596K
This is already a bug in our space reservation code, but for now let's
focus on the error handling path.
Now cow_file_range() returned -ENOSPC.
- btrfs_run_delalloc_range() do error cleanup <<< ROOT CAUSE
Call btrfs_cleanup_ordered_extents() with locked folio 1536K and range
[1568K, 1636K)
Function btrfs_cleanup_ordered_extents() normally needs to skip the
ranges inside the folio, as it will normally be cleaned up by
extent_writepage().
Such split error handling is already problematic in the first place.
What's worse is the folio range skipping itself, which is not taking
subpage cases into consideration at all, it will only skip the range
if the page start >= the range start.
In our case, the page start < the range start, since for subpage cases
we can have delalloc ranges inside the folio but not covering the
folio.
So it doesn't skip the page range at all.
This means all the ordered extents, both [1568K, 1584K) and
[1584K, 1596K) will be marked as IOERR.
And these two ordered extents have no more pending ios, they are marked
finished, and *QUEUED* to be deleted from the io tree.
- extent_writepage() do error cleanup
Call btrfs_mark_ordered_io_finished() for the range [1536K, 1600K).
Although ranges [1568K, 1584K) and [1584K, 1596K) are finished, the
deletion from io tree is async, it may or may not happen at this
time.
If the ranges have not yet been removed, we will do double cleaning on
those ranges, triggering the above ordered extent warnings.
In theory there are other bugs, like the cleanup in extent_writepage()
can cause double accounting on ranges that are submitted asynchronously
(compression for example).
But that's much harder to trigger because normally we do not mix regular
and compression delalloc ranges.
[FIX]
The folio range split is already buggy and not subpage compatible, it
was introduced a long time ago where subpage support was not even considered.
So instead of splitting the ordered extents cleanup into the folio range
and out of folio range, do all the cleanup inside writepage_delalloc().
- Pass @NULL as locked_folio for btrfs_cleanup_ordered_extents() in
btrfs_run_delalloc_range()
- Skip the btrfs_cleanup_ordered_extents() if writepage_delalloc()
failed
So all ordered extents are only cleaned up by
btrfs_run_delalloc_range().
- Handle the ranges that already have ordered extents allocated
If part of the folio already has ordered extent allocated, and
btrfs_run_delalloc_range() failed, we also need to cleanup that range.
Now we have a concentrated error handling for ordered extents during
btrfs_run_delalloc_range().
Fixes: d1051d6ebf8e ("btrfs: Fix error handling in btrfs_cleanup_ordered_extents")
CC: stable(a)vger.kernel.org # 5.15+
Reviewed-by: Boris Burkov <boris(a)bur.io>
Signed-off-by: Qu Wenruo <wqu(a)suse.com>
Signed-off-by: David Sterba <dsterba(a)suse.com>
diff --git a/fs/btrfs/extent_io.c b/fs/btrfs/extent_io.c
index c068a442753c..bc2bd103c8cc 100644
--- a/fs/btrfs/extent_io.c
+++ b/fs/btrfs/extent_io.c
@@ -1134,14 +1134,19 @@ static bool find_next_delalloc_bitmap(struct folio *folio,
}
/*
- * helper for extent_writepage(), doing all of the delayed allocation setup.
+ * Do all of the delayed allocation setup.
*
- * This returns 1 if btrfs_run_delalloc_range function did all the work required
- * to write the page (copy into inline extent). In this case the IO has
- * been started and the page is already unlocked.
+ * Return >0 if all the dirty blocks are submitted async (compression) or inlined.
+ * The @folio should no longer be touched (treat it as already unlocked).
*
- * This returns 0 if all went well (page still locked)
- * This returns < 0 if there were errors (page still locked)
+ * Return 0 if there is still dirty block that needs to be submitted through
+ * extent_writepage_io().
+ * bio_ctrl->submit_bitmap will indicate which blocks of the folio should be
+ * submitted, and @folio is still kept locked.
+ *
+ * Return <0 if there is any error hit.
+ * Any allocated ordered extent range covering this folio will be marked
+ * finished (IOERR), and @folio is still kept locked.
*/
static noinline_for_stack int writepage_delalloc(struct btrfs_inode *inode,
struct folio *folio,
@@ -1159,6 +1164,16 @@ static noinline_for_stack int writepage_delalloc(struct btrfs_inode *inode,
* last delalloc end.
*/
u64 last_delalloc_end = 0;
+ /*
+ * The range end (exclusive) of the last successfully finished delalloc
+ * range.
+ * Any range covered by ordered extent must either be manually marked
+ * finished (error handling), or has IO submitted (and finish the
+ * ordered extent normally).
+ *
+ * This records the end of ordered extent cleanup if we hit an error.
+ */
+ u64 last_finished_delalloc_end = page_start;
u64 delalloc_start = page_start;
u64 delalloc_end = page_end;
u64 delalloc_to_write = 0;
@@ -1227,11 +1242,19 @@ static noinline_for_stack int writepage_delalloc(struct btrfs_inode *inode,
found_len = last_delalloc_end + 1 - found_start;
if (ret >= 0) {
+ /*
+ * Some delalloc range may be created by previous folios.
+ * Thus we still need to clean up this range during error
+ * handling.
+ */
+ last_finished_delalloc_end = found_start;
/* No errors hit so far, run the current delalloc range. */
ret = btrfs_run_delalloc_range(inode, folio,
found_start,
found_start + found_len - 1,
wbc);
+ if (ret >= 0)
+ last_finished_delalloc_end = found_start + found_len;
} else {
/*
* We've hit an error during previous delalloc range,
@@ -1266,8 +1289,22 @@ static noinline_for_stack int writepage_delalloc(struct btrfs_inode *inode,
delalloc_start = found_start + found_len;
}
- if (ret < 0)
+ /*
+ * It's possible we had some ordered extents created before we hit
+ * an error, cleanup non-async successfully created delalloc ranges.
+ */
+ if (unlikely(ret < 0)) {
+ unsigned int bitmap_size = min(
+ (last_finished_delalloc_end - page_start) >>
+ fs_info->sectorsize_bits,
+ fs_info->sectors_per_page);
+
+ for_each_set_bit(bit, &bio_ctrl->submit_bitmap, bitmap_size)
+ btrfs_mark_ordered_io_finished(inode, folio,
+ page_start + (bit << fs_info->sectorsize_bits),
+ fs_info->sectorsize, false);
return ret;
+ }
out:
if (last_delalloc_end)
delalloc_end = last_delalloc_end;
@@ -1501,13 +1538,13 @@ static int extent_writepage(struct folio *folio, struct btrfs_bio_ctrl *bio_ctrl
bio_ctrl->wbc->nr_to_write--;
-done:
- if (ret) {
+ if (ret)
btrfs_mark_ordered_io_finished(inode, folio,
page_start, PAGE_SIZE, !ret);
- mapping_set_error(folio->mapping, ret);
- }
+done:
+ if (ret < 0)
+ mapping_set_error(folio->mapping, ret);
/*
* Only unlock ranges that are submitted. As there can be some async
* submitted ranges inside the folio.
diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c
index 1546f341f9a4..b81afe757f64 100644
--- a/fs/btrfs/inode.c
+++ b/fs/btrfs/inode.c
@@ -2301,8 +2301,7 @@ int btrfs_run_delalloc_range(struct btrfs_inode *inode, struct folio *locked_fol
out:
if (ret < 0)
- btrfs_cleanup_ordered_extents(inode, locked_folio, start,
- end - start + 1);
+ btrfs_cleanup_ordered_extents(inode, NULL, start, end - start + 1);
return ret;
}
4 months, 2 weeks
- 1
- 0
FAILED: patch "[PATCH] btrfs: fix double accounting race when extent_writepage_io()" failed to apply to 5.4-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 5.4-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y
git checkout FETCH_HEAD
git cherry-pick -x 8bf334beb3496da3c3fbf3daf3856f7eec70dacc
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025020538-unmoving-shelving-20de@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 8bf334beb3496da3c3fbf3daf3856f7eec70dacc Mon Sep 17 00:00:00 2001
From: Qu Wenruo <wqu(a)suse.com>
Date: Thu, 12 Dec 2024 16:43:56 +1030
Subject: [PATCH] btrfs: fix double accounting race when extent_writepage_io()
failed
[BUG]
If submit_one_sector() failed inside extent_writepage_io() for sector
size < page size cases (e.g. 4K sector size and 64K page size), then
we can hit double ordered extent accounting error.
This should be very rare, as submit_one_sector() only fails when we
failed to grab the extent map, and such extent map should exist inside
the memory and has been pinned.
[CAUSE]
For example we have the following folio layout:
0 4K 32K 48K 60K 64K
|//| |//////| |///|
Where |///| is the dirty range we need to writeback. The 3 different
dirty ranges are submitted for regular COW.
Now we hit the following sequence:
- submit_one_sector() returned 0 for [0, 4K)
- submit_one_sector() returned 0 for [32K, 48K)
- submit_one_sector() returned error for [60K, 64K)
- btrfs_mark_ordered_io_finished() called for the whole folio
This will mark the following ranges as finished:
* [0, 4K)
* [32K, 48K)
Both ranges have their IO already submitted, this cleanup will
lead to double accounting.
* [60K, 64K)
That's the correct cleanup.
The only good news is, this error is only theoretical, as the target
extent map is always pinned, thus we should directly grab it from
memory, other than reading it from the disk.
[FIX]
Instead of calling btrfs_mark_ordered_io_finished() for the whole folio
range, which can touch ranges we should not touch, instead
move the error handling inside extent_writepage_io().
So that we can cleanup exact sectors that ought to be submitted but failed.
This provides much more accurate cleanup, avoiding the double accounting.
CC: stable(a)vger.kernel.org # 5.15+
Signed-off-by: Qu Wenruo <wqu(a)suse.com>
Signed-off-by: David Sterba <dsterba(a)suse.com>
diff --git a/fs/btrfs/extent_io.c b/fs/btrfs/extent_io.c
index bc2bd103c8cc..5014134b9aa2 100644
--- a/fs/btrfs/extent_io.c
+++ b/fs/btrfs/extent_io.c
@@ -1420,6 +1420,7 @@ static noinline_for_stack int extent_writepage_io(struct btrfs_inode *inode,
struct btrfs_fs_info *fs_info = inode->root->fs_info;
unsigned long range_bitmap = 0;
bool submitted_io = false;
+ bool error = false;
const u64 folio_start = folio_pos(folio);
u64 cur;
int bit;
@@ -1462,11 +1463,26 @@ static noinline_for_stack int extent_writepage_io(struct btrfs_inode *inode,
break;
}
ret = submit_one_sector(inode, folio, cur, bio_ctrl, i_size);
- if (ret < 0)
- goto out;
+ if (unlikely(ret < 0)) {
+ /*
+ * bio_ctrl may contain a bio crossing several folios.
+ * Submit it immediately so that the bio has a chance
+ * to finish normally, other than marked as error.
+ */
+ submit_one_bio(bio_ctrl);
+ /*
+ * Failed to grab the extent map which should be very rare.
+ * Since there is no bio submitted to finish the ordered
+ * extent, we have to manually finish this sector.
+ */
+ btrfs_mark_ordered_io_finished(inode, folio, cur,
+ fs_info->sectorsize, false);
+ error = true;
+ continue;
+ }
submitted_io = true;
}
-out:
+
/*
* If we didn't submitted any sector (>= i_size), folio dirty get
* cleared but PAGECACHE_TAG_DIRTY is not cleared (only cleared
@@ -1474,8 +1490,11 @@ static noinline_for_stack int extent_writepage_io(struct btrfs_inode *inode,
*
* Here we set writeback and clear for the range. If the full folio
* is no longer dirty then we clear the PAGECACHE_TAG_DIRTY tag.
+ *
+ * If we hit any error, the corresponding sector will still be dirty
+ * thus no need to clear PAGECACHE_TAG_DIRTY.
*/
- if (!submitted_io) {
+ if (!submitted_io && !error) {
btrfs_folio_set_writeback(fs_info, folio, start, len);
btrfs_folio_clear_writeback(fs_info, folio, start, len);
}
@@ -1495,7 +1514,6 @@ static int extent_writepage(struct folio *folio, struct btrfs_bio_ctrl *bio_ctrl
{
struct btrfs_inode *inode = BTRFS_I(folio->mapping->host);
struct btrfs_fs_info *fs_info = inode->root->fs_info;
- const u64 page_start = folio_pos(folio);
int ret;
size_t pg_offset;
loff_t i_size = i_size_read(&inode->vfs_inode);
@@ -1538,10 +1556,6 @@ static int extent_writepage(struct folio *folio, struct btrfs_bio_ctrl *bio_ctrl
bio_ctrl->wbc->nr_to_write--;
- if (ret)
- btrfs_mark_ordered_io_finished(inode, folio,
- page_start, PAGE_SIZE, !ret);
-
done:
if (ret < 0)
mapping_set_error(folio->mapping, ret);
@@ -2314,11 +2328,8 @@ void extent_write_locked_range(struct inode *inode, const struct folio *locked_f
if (ret == 1)
goto next_page;
- if (ret) {
- btrfs_mark_ordered_io_finished(BTRFS_I(inode), folio,
- cur, cur_len, !ret);
+ if (ret)
mapping_set_error(mapping, ret);
- }
btrfs_folio_end_lock(fs_info, folio, cur, cur_len);
if (ret < 0)
found_error = true;
4 months, 2 weeks
- 1
- 0
FAILED: patch "[PATCH] btrfs: fix double accounting race when extent_writepage_io()" failed to apply to 5.10-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 5.10-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y
git checkout FETCH_HEAD
git cherry-pick -x 8bf334beb3496da3c3fbf3daf3856f7eec70dacc
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025020537-dominoes-catty-42c4@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 8bf334beb3496da3c3fbf3daf3856f7eec70dacc Mon Sep 17 00:00:00 2001
From: Qu Wenruo <wqu(a)suse.com>
Date: Thu, 12 Dec 2024 16:43:56 +1030
Subject: [PATCH] btrfs: fix double accounting race when extent_writepage_io()
failed
[BUG]
If submit_one_sector() failed inside extent_writepage_io() for sector
size < page size cases (e.g. 4K sector size and 64K page size), then
we can hit double ordered extent accounting error.
This should be very rare, as submit_one_sector() only fails when we
failed to grab the extent map, and such extent map should exist inside
the memory and has been pinned.
[CAUSE]
For example we have the following folio layout:
0 4K 32K 48K 60K 64K
|//| |//////| |///|
Where |///| is the dirty range we need to writeback. The 3 different
dirty ranges are submitted for regular COW.
Now we hit the following sequence:
- submit_one_sector() returned 0 for [0, 4K)
- submit_one_sector() returned 0 for [32K, 48K)
- submit_one_sector() returned error for [60K, 64K)
- btrfs_mark_ordered_io_finished() called for the whole folio
This will mark the following ranges as finished:
* [0, 4K)
* [32K, 48K)
Both ranges have their IO already submitted, this cleanup will
lead to double accounting.
* [60K, 64K)
That's the correct cleanup.
The only good news is, this error is only theoretical, as the target
extent map is always pinned, thus we should directly grab it from
memory, other than reading it from the disk.
[FIX]
Instead of calling btrfs_mark_ordered_io_finished() for the whole folio
range, which can touch ranges we should not touch, instead
move the error handling inside extent_writepage_io().
So that we can cleanup exact sectors that ought to be submitted but failed.
This provides much more accurate cleanup, avoiding the double accounting.
CC: stable(a)vger.kernel.org # 5.15+
Signed-off-by: Qu Wenruo <wqu(a)suse.com>
Signed-off-by: David Sterba <dsterba(a)suse.com>
diff --git a/fs/btrfs/extent_io.c b/fs/btrfs/extent_io.c
index bc2bd103c8cc..5014134b9aa2 100644
--- a/fs/btrfs/extent_io.c
+++ b/fs/btrfs/extent_io.c
@@ -1420,6 +1420,7 @@ static noinline_for_stack int extent_writepage_io(struct btrfs_inode *inode,
struct btrfs_fs_info *fs_info = inode->root->fs_info;
unsigned long range_bitmap = 0;
bool submitted_io = false;
+ bool error = false;
const u64 folio_start = folio_pos(folio);
u64 cur;
int bit;
@@ -1462,11 +1463,26 @@ static noinline_for_stack int extent_writepage_io(struct btrfs_inode *inode,
break;
}
ret = submit_one_sector(inode, folio, cur, bio_ctrl, i_size);
- if (ret < 0)
- goto out;
+ if (unlikely(ret < 0)) {
+ /*
+ * bio_ctrl may contain a bio crossing several folios.
+ * Submit it immediately so that the bio has a chance
+ * to finish normally, other than marked as error.
+ */
+ submit_one_bio(bio_ctrl);
+ /*
+ * Failed to grab the extent map which should be very rare.
+ * Since there is no bio submitted to finish the ordered
+ * extent, we have to manually finish this sector.
+ */
+ btrfs_mark_ordered_io_finished(inode, folio, cur,
+ fs_info->sectorsize, false);
+ error = true;
+ continue;
+ }
submitted_io = true;
}
-out:
+
/*
* If we didn't submitted any sector (>= i_size), folio dirty get
* cleared but PAGECACHE_TAG_DIRTY is not cleared (only cleared
@@ -1474,8 +1490,11 @@ static noinline_for_stack int extent_writepage_io(struct btrfs_inode *inode,
*
* Here we set writeback and clear for the range. If the full folio
* is no longer dirty then we clear the PAGECACHE_TAG_DIRTY tag.
+ *
+ * If we hit any error, the corresponding sector will still be dirty
+ * thus no need to clear PAGECACHE_TAG_DIRTY.
*/
- if (!submitted_io) {
+ if (!submitted_io && !error) {
btrfs_folio_set_writeback(fs_info, folio, start, len);
btrfs_folio_clear_writeback(fs_info, folio, start, len);
}
@@ -1495,7 +1514,6 @@ static int extent_writepage(struct folio *folio, struct btrfs_bio_ctrl *bio_ctrl
{
struct btrfs_inode *inode = BTRFS_I(folio->mapping->host);
struct btrfs_fs_info *fs_info = inode->root->fs_info;
- const u64 page_start = folio_pos(folio);
int ret;
size_t pg_offset;
loff_t i_size = i_size_read(&inode->vfs_inode);
@@ -1538,10 +1556,6 @@ static int extent_writepage(struct folio *folio, struct btrfs_bio_ctrl *bio_ctrl
bio_ctrl->wbc->nr_to_write--;
- if (ret)
- btrfs_mark_ordered_io_finished(inode, folio,
- page_start, PAGE_SIZE, !ret);
-
done:
if (ret < 0)
mapping_set_error(folio->mapping, ret);
@@ -2314,11 +2328,8 @@ void extent_write_locked_range(struct inode *inode, const struct folio *locked_f
if (ret == 1)
goto next_page;
- if (ret) {
- btrfs_mark_ordered_io_finished(BTRFS_I(inode), folio,
- cur, cur_len, !ret);
+ if (ret)
mapping_set_error(mapping, ret);
- }
btrfs_folio_end_lock(fs_info, folio, cur, cur_len);
if (ret < 0)
found_error = true;
4 months, 2 weeks
- 1
- 0
FAILED: patch "[PATCH] btrfs: fix double accounting race when extent_writepage_io()" failed to apply to 5.15-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 5.15-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y
git checkout FETCH_HEAD
git cherry-pick -x 8bf334beb3496da3c3fbf3daf3856f7eec70dacc
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025020535-spender-graveness-c15e@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 8bf334beb3496da3c3fbf3daf3856f7eec70dacc Mon Sep 17 00:00:00 2001
From: Qu Wenruo <wqu(a)suse.com>
Date: Thu, 12 Dec 2024 16:43:56 +1030
Subject: [PATCH] btrfs: fix double accounting race when extent_writepage_io()
failed
[BUG]
If submit_one_sector() failed inside extent_writepage_io() for sector
size < page size cases (e.g. 4K sector size and 64K page size), then
we can hit double ordered extent accounting error.
This should be very rare, as submit_one_sector() only fails when we
failed to grab the extent map, and such extent map should exist inside
the memory and has been pinned.
[CAUSE]
For example we have the following folio layout:
0 4K 32K 48K 60K 64K
|//| |//////| |///|
Where |///| is the dirty range we need to writeback. The 3 different
dirty ranges are submitted for regular COW.
Now we hit the following sequence:
- submit_one_sector() returned 0 for [0, 4K)
- submit_one_sector() returned 0 for [32K, 48K)
- submit_one_sector() returned error for [60K, 64K)
- btrfs_mark_ordered_io_finished() called for the whole folio
This will mark the following ranges as finished:
* [0, 4K)
* [32K, 48K)
Both ranges have their IO already submitted, this cleanup will
lead to double accounting.
* [60K, 64K)
That's the correct cleanup.
The only good news is, this error is only theoretical, as the target
extent map is always pinned, thus we should directly grab it from
memory, other than reading it from the disk.
[FIX]
Instead of calling btrfs_mark_ordered_io_finished() for the whole folio
range, which can touch ranges we should not touch, instead
move the error handling inside extent_writepage_io().
So that we can cleanup exact sectors that ought to be submitted but failed.
This provides much more accurate cleanup, avoiding the double accounting.
CC: stable(a)vger.kernel.org # 5.15+
Signed-off-by: Qu Wenruo <wqu(a)suse.com>
Signed-off-by: David Sterba <dsterba(a)suse.com>
diff --git a/fs/btrfs/extent_io.c b/fs/btrfs/extent_io.c
index bc2bd103c8cc..5014134b9aa2 100644
--- a/fs/btrfs/extent_io.c
+++ b/fs/btrfs/extent_io.c
@@ -1420,6 +1420,7 @@ static noinline_for_stack int extent_writepage_io(struct btrfs_inode *inode,
struct btrfs_fs_info *fs_info = inode->root->fs_info;
unsigned long range_bitmap = 0;
bool submitted_io = false;
+ bool error = false;
const u64 folio_start = folio_pos(folio);
u64 cur;
int bit;
@@ -1462,11 +1463,26 @@ static noinline_for_stack int extent_writepage_io(struct btrfs_inode *inode,
break;
}
ret = submit_one_sector(inode, folio, cur, bio_ctrl, i_size);
- if (ret < 0)
- goto out;
+ if (unlikely(ret < 0)) {
+ /*
+ * bio_ctrl may contain a bio crossing several folios.
+ * Submit it immediately so that the bio has a chance
+ * to finish normally, other than marked as error.
+ */
+ submit_one_bio(bio_ctrl);
+ /*
+ * Failed to grab the extent map which should be very rare.
+ * Since there is no bio submitted to finish the ordered
+ * extent, we have to manually finish this sector.
+ */
+ btrfs_mark_ordered_io_finished(inode, folio, cur,
+ fs_info->sectorsize, false);
+ error = true;
+ continue;
+ }
submitted_io = true;
}
-out:
+
/*
* If we didn't submitted any sector (>= i_size), folio dirty get
* cleared but PAGECACHE_TAG_DIRTY is not cleared (only cleared
@@ -1474,8 +1490,11 @@ static noinline_for_stack int extent_writepage_io(struct btrfs_inode *inode,
*
* Here we set writeback and clear for the range. If the full folio
* is no longer dirty then we clear the PAGECACHE_TAG_DIRTY tag.
+ *
+ * If we hit any error, the corresponding sector will still be dirty
+ * thus no need to clear PAGECACHE_TAG_DIRTY.
*/
- if (!submitted_io) {
+ if (!submitted_io && !error) {
btrfs_folio_set_writeback(fs_info, folio, start, len);
btrfs_folio_clear_writeback(fs_info, folio, start, len);
}
@@ -1495,7 +1514,6 @@ static int extent_writepage(struct folio *folio, struct btrfs_bio_ctrl *bio_ctrl
{
struct btrfs_inode *inode = BTRFS_I(folio->mapping->host);
struct btrfs_fs_info *fs_info = inode->root->fs_info;
- const u64 page_start = folio_pos(folio);
int ret;
size_t pg_offset;
loff_t i_size = i_size_read(&inode->vfs_inode);
@@ -1538,10 +1556,6 @@ static int extent_writepage(struct folio *folio, struct btrfs_bio_ctrl *bio_ctrl
bio_ctrl->wbc->nr_to_write--;
- if (ret)
- btrfs_mark_ordered_io_finished(inode, folio,
- page_start, PAGE_SIZE, !ret);
-
done:
if (ret < 0)
mapping_set_error(folio->mapping, ret);
@@ -2314,11 +2328,8 @@ void extent_write_locked_range(struct inode *inode, const struct folio *locked_f
if (ret == 1)
goto next_page;
- if (ret) {
- btrfs_mark_ordered_io_finished(BTRFS_I(inode), folio,
- cur, cur_len, !ret);
+ if (ret)
mapping_set_error(mapping, ret);
- }
btrfs_folio_end_lock(fs_info, folio, cur, cur_len);
if (ret < 0)
found_error = true;
4 months, 2 weeks
- 1
- 0
FAILED: patch "[PATCH] btrfs: fix double accounting race when extent_writepage_io()" failed to apply to 6.1-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.1-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y
git checkout FETCH_HEAD
git cherry-pick -x 8bf334beb3496da3c3fbf3daf3856f7eec70dacc
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025020534-imposing-hacksaw-eff6@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 8bf334beb3496da3c3fbf3daf3856f7eec70dacc Mon Sep 17 00:00:00 2001
From: Qu Wenruo <wqu(a)suse.com>
Date: Thu, 12 Dec 2024 16:43:56 +1030
Subject: [PATCH] btrfs: fix double accounting race when extent_writepage_io()
failed
[BUG]
If submit_one_sector() failed inside extent_writepage_io() for sector
size < page size cases (e.g. 4K sector size and 64K page size), then
we can hit double ordered extent accounting error.
This should be very rare, as submit_one_sector() only fails when we
failed to grab the extent map, and such extent map should exist inside
the memory and has been pinned.
[CAUSE]
For example we have the following folio layout:
0 4K 32K 48K 60K 64K
|//| |//////| |///|
Where |///| is the dirty range we need to writeback. The 3 different
dirty ranges are submitted for regular COW.
Now we hit the following sequence:
- submit_one_sector() returned 0 for [0, 4K)
- submit_one_sector() returned 0 for [32K, 48K)
- submit_one_sector() returned error for [60K, 64K)
- btrfs_mark_ordered_io_finished() called for the whole folio
This will mark the following ranges as finished:
* [0, 4K)
* [32K, 48K)
Both ranges have their IO already submitted, this cleanup will
lead to double accounting.
* [60K, 64K)
That's the correct cleanup.
The only good news is, this error is only theoretical, as the target
extent map is always pinned, thus we should directly grab it from
memory, other than reading it from the disk.
[FIX]
Instead of calling btrfs_mark_ordered_io_finished() for the whole folio
range, which can touch ranges we should not touch, instead
move the error handling inside extent_writepage_io().
So that we can cleanup exact sectors that ought to be submitted but failed.
This provides much more accurate cleanup, avoiding the double accounting.
CC: stable(a)vger.kernel.org # 5.15+
Signed-off-by: Qu Wenruo <wqu(a)suse.com>
Signed-off-by: David Sterba <dsterba(a)suse.com>
diff --git a/fs/btrfs/extent_io.c b/fs/btrfs/extent_io.c
index bc2bd103c8cc..5014134b9aa2 100644
--- a/fs/btrfs/extent_io.c
+++ b/fs/btrfs/extent_io.c
@@ -1420,6 +1420,7 @@ static noinline_for_stack int extent_writepage_io(struct btrfs_inode *inode,
struct btrfs_fs_info *fs_info = inode->root->fs_info;
unsigned long range_bitmap = 0;
bool submitted_io = false;
+ bool error = false;
const u64 folio_start = folio_pos(folio);
u64 cur;
int bit;
@@ -1462,11 +1463,26 @@ static noinline_for_stack int extent_writepage_io(struct btrfs_inode *inode,
break;
}
ret = submit_one_sector(inode, folio, cur, bio_ctrl, i_size);
- if (ret < 0)
- goto out;
+ if (unlikely(ret < 0)) {
+ /*
+ * bio_ctrl may contain a bio crossing several folios.
+ * Submit it immediately so that the bio has a chance
+ * to finish normally, other than marked as error.
+ */
+ submit_one_bio(bio_ctrl);
+ /*
+ * Failed to grab the extent map which should be very rare.
+ * Since there is no bio submitted to finish the ordered
+ * extent, we have to manually finish this sector.
+ */
+ btrfs_mark_ordered_io_finished(inode, folio, cur,
+ fs_info->sectorsize, false);
+ error = true;
+ continue;
+ }
submitted_io = true;
}
-out:
+
/*
* If we didn't submitted any sector (>= i_size), folio dirty get
* cleared but PAGECACHE_TAG_DIRTY is not cleared (only cleared
@@ -1474,8 +1490,11 @@ static noinline_for_stack int extent_writepage_io(struct btrfs_inode *inode,
*
* Here we set writeback and clear for the range. If the full folio
* is no longer dirty then we clear the PAGECACHE_TAG_DIRTY tag.
+ *
+ * If we hit any error, the corresponding sector will still be dirty
+ * thus no need to clear PAGECACHE_TAG_DIRTY.
*/
- if (!submitted_io) {
+ if (!submitted_io && !error) {
btrfs_folio_set_writeback(fs_info, folio, start, len);
btrfs_folio_clear_writeback(fs_info, folio, start, len);
}
@@ -1495,7 +1514,6 @@ static int extent_writepage(struct folio *folio, struct btrfs_bio_ctrl *bio_ctrl
{
struct btrfs_inode *inode = BTRFS_I(folio->mapping->host);
struct btrfs_fs_info *fs_info = inode->root->fs_info;
- const u64 page_start = folio_pos(folio);
int ret;
size_t pg_offset;
loff_t i_size = i_size_read(&inode->vfs_inode);
@@ -1538,10 +1556,6 @@ static int extent_writepage(struct folio *folio, struct btrfs_bio_ctrl *bio_ctrl
bio_ctrl->wbc->nr_to_write--;
- if (ret)
- btrfs_mark_ordered_io_finished(inode, folio,
- page_start, PAGE_SIZE, !ret);
-
done:
if (ret < 0)
mapping_set_error(folio->mapping, ret);
@@ -2314,11 +2328,8 @@ void extent_write_locked_range(struct inode *inode, const struct folio *locked_f
if (ret == 1)
goto next_page;
- if (ret) {
- btrfs_mark_ordered_io_finished(BTRFS_I(inode), folio,
- cur, cur_len, !ret);
+ if (ret)
mapping_set_error(mapping, ret);
- }
btrfs_folio_end_lock(fs_info, folio, cur, cur_len);
if (ret < 0)
found_error = true;
4 months, 2 weeks
- 1
- 0
FAILED: patch "[PATCH] btrfs: fix double accounting race when extent_writepage_io()" failed to apply to 6.6-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.6-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y
git checkout FETCH_HEAD
git cherry-pick -x 8bf334beb3496da3c3fbf3daf3856f7eec70dacc
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025020533-maturity-audacious-3a1f@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 8bf334beb3496da3c3fbf3daf3856f7eec70dacc Mon Sep 17 00:00:00 2001
From: Qu Wenruo <wqu(a)suse.com>
Date: Thu, 12 Dec 2024 16:43:56 +1030
Subject: [PATCH] btrfs: fix double accounting race when extent_writepage_io()
failed
[BUG]
If submit_one_sector() failed inside extent_writepage_io() for sector
size < page size cases (e.g. 4K sector size and 64K page size), then
we can hit double ordered extent accounting error.
This should be very rare, as submit_one_sector() only fails when we
failed to grab the extent map, and such extent map should exist inside
the memory and has been pinned.
[CAUSE]
For example we have the following folio layout:
0 4K 32K 48K 60K 64K
|//| |//////| |///|
Where |///| is the dirty range we need to writeback. The 3 different
dirty ranges are submitted for regular COW.
Now we hit the following sequence:
- submit_one_sector() returned 0 for [0, 4K)
- submit_one_sector() returned 0 for [32K, 48K)
- submit_one_sector() returned error for [60K, 64K)
- btrfs_mark_ordered_io_finished() called for the whole folio
This will mark the following ranges as finished:
* [0, 4K)
* [32K, 48K)
Both ranges have their IO already submitted, this cleanup will
lead to double accounting.
* [60K, 64K)
That's the correct cleanup.
The only good news is, this error is only theoretical, as the target
extent map is always pinned, thus we should directly grab it from
memory, other than reading it from the disk.
[FIX]
Instead of calling btrfs_mark_ordered_io_finished() for the whole folio
range, which can touch ranges we should not touch, instead
move the error handling inside extent_writepage_io().
So that we can cleanup exact sectors that ought to be submitted but failed.
This provides much more accurate cleanup, avoiding the double accounting.
CC: stable(a)vger.kernel.org # 5.15+
Signed-off-by: Qu Wenruo <wqu(a)suse.com>
Signed-off-by: David Sterba <dsterba(a)suse.com>
diff --git a/fs/btrfs/extent_io.c b/fs/btrfs/extent_io.c
index bc2bd103c8cc..5014134b9aa2 100644
--- a/fs/btrfs/extent_io.c
+++ b/fs/btrfs/extent_io.c
@@ -1420,6 +1420,7 @@ static noinline_for_stack int extent_writepage_io(struct btrfs_inode *inode,
struct btrfs_fs_info *fs_info = inode->root->fs_info;
unsigned long range_bitmap = 0;
bool submitted_io = false;
+ bool error = false;
const u64 folio_start = folio_pos(folio);
u64 cur;
int bit;
@@ -1462,11 +1463,26 @@ static noinline_for_stack int extent_writepage_io(struct btrfs_inode *inode,
break;
}
ret = submit_one_sector(inode, folio, cur, bio_ctrl, i_size);
- if (ret < 0)
- goto out;
+ if (unlikely(ret < 0)) {
+ /*
+ * bio_ctrl may contain a bio crossing several folios.
+ * Submit it immediately so that the bio has a chance
+ * to finish normally, other than marked as error.
+ */
+ submit_one_bio(bio_ctrl);
+ /*
+ * Failed to grab the extent map which should be very rare.
+ * Since there is no bio submitted to finish the ordered
+ * extent, we have to manually finish this sector.
+ */
+ btrfs_mark_ordered_io_finished(inode, folio, cur,
+ fs_info->sectorsize, false);
+ error = true;
+ continue;
+ }
submitted_io = true;
}
-out:
+
/*
* If we didn't submitted any sector (>= i_size), folio dirty get
* cleared but PAGECACHE_TAG_DIRTY is not cleared (only cleared
@@ -1474,8 +1490,11 @@ static noinline_for_stack int extent_writepage_io(struct btrfs_inode *inode,
*
* Here we set writeback and clear for the range. If the full folio
* is no longer dirty then we clear the PAGECACHE_TAG_DIRTY tag.
+ *
+ * If we hit any error, the corresponding sector will still be dirty
+ * thus no need to clear PAGECACHE_TAG_DIRTY.
*/
- if (!submitted_io) {
+ if (!submitted_io && !error) {
btrfs_folio_set_writeback(fs_info, folio, start, len);
btrfs_folio_clear_writeback(fs_info, folio, start, len);
}
@@ -1495,7 +1514,6 @@ static int extent_writepage(struct folio *folio, struct btrfs_bio_ctrl *bio_ctrl
{
struct btrfs_inode *inode = BTRFS_I(folio->mapping->host);
struct btrfs_fs_info *fs_info = inode->root->fs_info;
- const u64 page_start = folio_pos(folio);
int ret;
size_t pg_offset;
loff_t i_size = i_size_read(&inode->vfs_inode);
@@ -1538,10 +1556,6 @@ static int extent_writepage(struct folio *folio, struct btrfs_bio_ctrl *bio_ctrl
bio_ctrl->wbc->nr_to_write--;
- if (ret)
- btrfs_mark_ordered_io_finished(inode, folio,
- page_start, PAGE_SIZE, !ret);
-
done:
if (ret < 0)
mapping_set_error(folio->mapping, ret);
@@ -2314,11 +2328,8 @@ void extent_write_locked_range(struct inode *inode, const struct folio *locked_f
if (ret == 1)
goto next_page;
- if (ret) {
- btrfs_mark_ordered_io_finished(BTRFS_I(inode), folio,
- cur, cur_len, !ret);
+ if (ret)
mapping_set_error(mapping, ret);
- }
btrfs_folio_end_lock(fs_info, folio, cur, cur_len);
if (ret < 0)
found_error = true;
4 months, 2 weeks
- 1
- 0
FAILED: patch "[PATCH] btrfs: fix double accounting race when extent_writepage_io()" failed to apply to 6.12-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.12-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y
git checkout FETCH_HEAD
git cherry-pick -x 8bf334beb3496da3c3fbf3daf3856f7eec70dacc
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025020532-component-gratified-8153@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 8bf334beb3496da3c3fbf3daf3856f7eec70dacc Mon Sep 17 00:00:00 2001
From: Qu Wenruo <wqu(a)suse.com>
Date: Thu, 12 Dec 2024 16:43:56 +1030
Subject: [PATCH] btrfs: fix double accounting race when extent_writepage_io()
failed
[BUG]
If submit_one_sector() failed inside extent_writepage_io() for sector
size < page size cases (e.g. 4K sector size and 64K page size), then
we can hit double ordered extent accounting error.
This should be very rare, as submit_one_sector() only fails when we
failed to grab the extent map, and such extent map should exist inside
the memory and has been pinned.
[CAUSE]
For example we have the following folio layout:
0 4K 32K 48K 60K 64K
|//| |//////| |///|
Where |///| is the dirty range we need to writeback. The 3 different
dirty ranges are submitted for regular COW.
Now we hit the following sequence:
- submit_one_sector() returned 0 for [0, 4K)
- submit_one_sector() returned 0 for [32K, 48K)
- submit_one_sector() returned error for [60K, 64K)
- btrfs_mark_ordered_io_finished() called for the whole folio
This will mark the following ranges as finished:
* [0, 4K)
* [32K, 48K)
Both ranges have their IO already submitted, this cleanup will
lead to double accounting.
* [60K, 64K)
That's the correct cleanup.
The only good news is, this error is only theoretical, as the target
extent map is always pinned, thus we should directly grab it from
memory, other than reading it from the disk.
[FIX]
Instead of calling btrfs_mark_ordered_io_finished() for the whole folio
range, which can touch ranges we should not touch, instead
move the error handling inside extent_writepage_io().
So that we can cleanup exact sectors that ought to be submitted but failed.
This provides much more accurate cleanup, avoiding the double accounting.
CC: stable(a)vger.kernel.org # 5.15+
Signed-off-by: Qu Wenruo <wqu(a)suse.com>
Signed-off-by: David Sterba <dsterba(a)suse.com>
diff --git a/fs/btrfs/extent_io.c b/fs/btrfs/extent_io.c
index bc2bd103c8cc..5014134b9aa2 100644
--- a/fs/btrfs/extent_io.c
+++ b/fs/btrfs/extent_io.c
@@ -1420,6 +1420,7 @@ static noinline_for_stack int extent_writepage_io(struct btrfs_inode *inode,
struct btrfs_fs_info *fs_info = inode->root->fs_info;
unsigned long range_bitmap = 0;
bool submitted_io = false;
+ bool error = false;
const u64 folio_start = folio_pos(folio);
u64 cur;
int bit;
@@ -1462,11 +1463,26 @@ static noinline_for_stack int extent_writepage_io(struct btrfs_inode *inode,
break;
}
ret = submit_one_sector(inode, folio, cur, bio_ctrl, i_size);
- if (ret < 0)
- goto out;
+ if (unlikely(ret < 0)) {
+ /*
+ * bio_ctrl may contain a bio crossing several folios.
+ * Submit it immediately so that the bio has a chance
+ * to finish normally, other than marked as error.
+ */
+ submit_one_bio(bio_ctrl);
+ /*
+ * Failed to grab the extent map which should be very rare.
+ * Since there is no bio submitted to finish the ordered
+ * extent, we have to manually finish this sector.
+ */
+ btrfs_mark_ordered_io_finished(inode, folio, cur,
+ fs_info->sectorsize, false);
+ error = true;
+ continue;
+ }
submitted_io = true;
}
-out:
+
/*
* If we didn't submitted any sector (>= i_size), folio dirty get
* cleared but PAGECACHE_TAG_DIRTY is not cleared (only cleared
@@ -1474,8 +1490,11 @@ static noinline_for_stack int extent_writepage_io(struct btrfs_inode *inode,
*
* Here we set writeback and clear for the range. If the full folio
* is no longer dirty then we clear the PAGECACHE_TAG_DIRTY tag.
+ *
+ * If we hit any error, the corresponding sector will still be dirty
+ * thus no need to clear PAGECACHE_TAG_DIRTY.
*/
- if (!submitted_io) {
+ if (!submitted_io && !error) {
btrfs_folio_set_writeback(fs_info, folio, start, len);
btrfs_folio_clear_writeback(fs_info, folio, start, len);
}
@@ -1495,7 +1514,6 @@ static int extent_writepage(struct folio *folio, struct btrfs_bio_ctrl *bio_ctrl
{
struct btrfs_inode *inode = BTRFS_I(folio->mapping->host);
struct btrfs_fs_info *fs_info = inode->root->fs_info;
- const u64 page_start = folio_pos(folio);
int ret;
size_t pg_offset;
loff_t i_size = i_size_read(&inode->vfs_inode);
@@ -1538,10 +1556,6 @@ static int extent_writepage(struct folio *folio, struct btrfs_bio_ctrl *bio_ctrl
bio_ctrl->wbc->nr_to_write--;
- if (ret)
- btrfs_mark_ordered_io_finished(inode, folio,
- page_start, PAGE_SIZE, !ret);
-
done:
if (ret < 0)
mapping_set_error(folio->mapping, ret);
@@ -2314,11 +2328,8 @@ void extent_write_locked_range(struct inode *inode, const struct folio *locked_f
if (ret == 1)
goto next_page;
- if (ret) {
- btrfs_mark_ordered_io_finished(BTRFS_I(inode), folio,
- cur, cur_len, !ret);
+ if (ret)
mapping_set_error(mapping, ret);
- }
btrfs_folio_end_lock(fs_info, folio, cur, cur_len);
if (ret < 0)
found_error = true;
4 months, 2 weeks
- 1
- 0
FAILED: patch "[PATCH] btrfs: fix double accounting race when extent_writepage_io()" failed to apply to 6.13-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.13-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.13.y
git checkout FETCH_HEAD
git cherry-pick -x 8bf334beb3496da3c3fbf3daf3856f7eec70dacc
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025020531-uneasily-twitch-9e6b@gregkh' --subject-prefix 'PATCH 6.13.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 8bf334beb3496da3c3fbf3daf3856f7eec70dacc Mon Sep 17 00:00:00 2001
From: Qu Wenruo <wqu(a)suse.com>
Date: Thu, 12 Dec 2024 16:43:56 +1030
Subject: [PATCH] btrfs: fix double accounting race when extent_writepage_io()
failed
[BUG]
If submit_one_sector() failed inside extent_writepage_io() for sector
size < page size cases (e.g. 4K sector size and 64K page size), then
we can hit double ordered extent accounting error.
This should be very rare, as submit_one_sector() only fails when we
failed to grab the extent map, and such extent map should exist inside
the memory and has been pinned.
[CAUSE]
For example we have the following folio layout:
0 4K 32K 48K 60K 64K
|//| |//////| |///|
Where |///| is the dirty range we need to writeback. The 3 different
dirty ranges are submitted for regular COW.
Now we hit the following sequence:
- submit_one_sector() returned 0 for [0, 4K)
- submit_one_sector() returned 0 for [32K, 48K)
- submit_one_sector() returned error for [60K, 64K)
- btrfs_mark_ordered_io_finished() called for the whole folio
This will mark the following ranges as finished:
* [0, 4K)
* [32K, 48K)
Both ranges have their IO already submitted, this cleanup will
lead to double accounting.
* [60K, 64K)
That's the correct cleanup.
The only good news is, this error is only theoretical, as the target
extent map is always pinned, thus we should directly grab it from
memory, other than reading it from the disk.
[FIX]
Instead of calling btrfs_mark_ordered_io_finished() for the whole folio
range, which can touch ranges we should not touch, instead
move the error handling inside extent_writepage_io().
So that we can cleanup exact sectors that ought to be submitted but failed.
This provides much more accurate cleanup, avoiding the double accounting.
CC: stable(a)vger.kernel.org # 5.15+
Signed-off-by: Qu Wenruo <wqu(a)suse.com>
Signed-off-by: David Sterba <dsterba(a)suse.com>
diff --git a/fs/btrfs/extent_io.c b/fs/btrfs/extent_io.c
index bc2bd103c8cc..5014134b9aa2 100644
--- a/fs/btrfs/extent_io.c
+++ b/fs/btrfs/extent_io.c
@@ -1420,6 +1420,7 @@ static noinline_for_stack int extent_writepage_io(struct btrfs_inode *inode,
struct btrfs_fs_info *fs_info = inode->root->fs_info;
unsigned long range_bitmap = 0;
bool submitted_io = false;
+ bool error = false;
const u64 folio_start = folio_pos(folio);
u64 cur;
int bit;
@@ -1462,11 +1463,26 @@ static noinline_for_stack int extent_writepage_io(struct btrfs_inode *inode,
break;
}
ret = submit_one_sector(inode, folio, cur, bio_ctrl, i_size);
- if (ret < 0)
- goto out;
+ if (unlikely(ret < 0)) {
+ /*
+ * bio_ctrl may contain a bio crossing several folios.
+ * Submit it immediately so that the bio has a chance
+ * to finish normally, other than marked as error.
+ */
+ submit_one_bio(bio_ctrl);
+ /*
+ * Failed to grab the extent map which should be very rare.
+ * Since there is no bio submitted to finish the ordered
+ * extent, we have to manually finish this sector.
+ */
+ btrfs_mark_ordered_io_finished(inode, folio, cur,
+ fs_info->sectorsize, false);
+ error = true;
+ continue;
+ }
submitted_io = true;
}
-out:
+
/*
* If we didn't submitted any sector (>= i_size), folio dirty get
* cleared but PAGECACHE_TAG_DIRTY is not cleared (only cleared
@@ -1474,8 +1490,11 @@ static noinline_for_stack int extent_writepage_io(struct btrfs_inode *inode,
*
* Here we set writeback and clear for the range. If the full folio
* is no longer dirty then we clear the PAGECACHE_TAG_DIRTY tag.
+ *
+ * If we hit any error, the corresponding sector will still be dirty
+ * thus no need to clear PAGECACHE_TAG_DIRTY.
*/
- if (!submitted_io) {
+ if (!submitted_io && !error) {
btrfs_folio_set_writeback(fs_info, folio, start, len);
btrfs_folio_clear_writeback(fs_info, folio, start, len);
}
@@ -1495,7 +1514,6 @@ static int extent_writepage(struct folio *folio, struct btrfs_bio_ctrl *bio_ctrl
{
struct btrfs_inode *inode = BTRFS_I(folio->mapping->host);
struct btrfs_fs_info *fs_info = inode->root->fs_info;
- const u64 page_start = folio_pos(folio);
int ret;
size_t pg_offset;
loff_t i_size = i_size_read(&inode->vfs_inode);
@@ -1538,10 +1556,6 @@ static int extent_writepage(struct folio *folio, struct btrfs_bio_ctrl *bio_ctrl
bio_ctrl->wbc->nr_to_write--;
- if (ret)
- btrfs_mark_ordered_io_finished(inode, folio,
- page_start, PAGE_SIZE, !ret);
-
done:
if (ret < 0)
mapping_set_error(folio->mapping, ret);
@@ -2314,11 +2328,8 @@ void extent_write_locked_range(struct inode *inode, const struct folio *locked_f
if (ret == 1)
goto next_page;
- if (ret) {
- btrfs_mark_ordered_io_finished(BTRFS_I(inode), folio,
- cur, cur_len, !ret);
+ if (ret)
mapping_set_error(mapping, ret);
- }
btrfs_folio_end_lock(fs_info, folio, cur, cur_len);
if (ret < 0)
found_error = true;
4 months, 2 weeks
- 1
- 0
FAILED: patch "[PATCH] memcg: fix soft lockup in the OOM process" failed to apply to 5.4-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 5.4-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y
git checkout FETCH_HEAD
git cherry-pick -x ade81479c7dda1ce3eedb215c78bc615bbd04f06
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025020518-carnage-deflator-99f2@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From ade81479c7dda1ce3eedb215c78bc615bbd04f06 Mon Sep 17 00:00:00 2001
From: Chen Ridong <chenridong(a)huawei.com>
Date: Tue, 24 Dec 2024 02:52:38 +0000
Subject: [PATCH] memcg: fix soft lockup in the OOM process
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
A soft lockup issue was found in the product with about 56,000 tasks were
in the OOM cgroup, it was traversing them when the soft lockup was
triggered.
watchdog: BUG: soft lockup - CPU#2 stuck for 23s! [VM Thread:1503066]
CPU: 2 PID: 1503066 Comm: VM Thread Kdump: loaded Tainted: G
Hardware name: Huawei Cloud OpenStack Nova, BIOS
RIP: 0010:console_unlock+0x343/0x540
RSP: 0000:ffffb751447db9a0 EFLAGS: 00000247 ORIG_RAX: ffffffffffffff13
RAX: 0000000000000001 RBX: 0000000000000000 RCX: 00000000ffffffff
RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000247
RBP: ffffffffafc71f90 R08: 0000000000000000 R09: 0000000000000040
R10: 0000000000000080 R11: 0000000000000000 R12: ffffffffafc74bd0
R13: ffffffffaf60a220 R14: 0000000000000247 R15: 0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f2fe6ad91f0 CR3: 00000004b2076003 CR4: 0000000000360ee0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
vprintk_emit+0x193/0x280
printk+0x52/0x6e
dump_task+0x114/0x130
mem_cgroup_scan_tasks+0x76/0x100
dump_header+0x1fe/0x210
oom_kill_process+0xd1/0x100
out_of_memory+0x125/0x570
mem_cgroup_out_of_memory+0xb5/0xd0
try_charge+0x720/0x770
mem_cgroup_try_charge+0x86/0x180
mem_cgroup_try_charge_delay+0x1c/0x40
do_anonymous_page+0xb5/0x390
handle_mm_fault+0xc4/0x1f0
This is because thousands of processes are in the OOM cgroup, it takes a
long time to traverse all of them. As a result, this lead to soft lockup
in the OOM process.
To fix this issue, call 'cond_resched' in the 'mem_cgroup_scan_tasks'
function per 1000 iterations. For global OOM, call
'touch_softlockup_watchdog' per 1000 iterations to avoid this issue.
Link: https://lkml.kernel.org/r/20241224025238.3768787-1-chenridong@huaweicloud.c…
Fixes: 9cbb78bb3143 ("mm, memcg: introduce own oom handler to iterate only over its own threads")
Signed-off-by: Chen Ridong <chenridong(a)huawei.com>
Acked-by: Michal Hocko <mhocko(a)suse.com>
Cc: Roman Gushchin <roman.gushchin(a)linux.dev>
Cc: Johannes Weiner <hannes(a)cmpxchg.org>
Cc: Shakeel Butt <shakeelb(a)google.com>
Cc: Muchun Song <songmuchun(a)bytedance.com>
Cc: Michal Koutný <mkoutny(a)suse.com>
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org>
diff --git a/mm/memcontrol.c b/mm/memcontrol.c
index 65fb5eee1466..46f8b372d212 100644
--- a/mm/memcontrol.c
+++ b/mm/memcontrol.c
@@ -1161,6 +1161,7 @@ void mem_cgroup_scan_tasks(struct mem_cgroup *memcg,
{
struct mem_cgroup *iter;
int ret = 0;
+ int i = 0;
BUG_ON(mem_cgroup_is_root(memcg));
@@ -1169,8 +1170,12 @@ void mem_cgroup_scan_tasks(struct mem_cgroup *memcg,
struct task_struct *task;
css_task_iter_start(&iter->css, CSS_TASK_ITER_PROCS, &it);
- while (!ret && (task = css_task_iter_next(&it)))
+ while (!ret && (task = css_task_iter_next(&it))) {
+ /* Avoid potential softlockup warning */
+ if ((++i & 1023) == 0)
+ cond_resched();
ret = fn(task, arg);
+ }
css_task_iter_end(&it);
if (ret) {
mem_cgroup_iter_break(memcg, iter);
diff --git a/mm/oom_kill.c b/mm/oom_kill.c
index 1c485beb0b93..044ebab2c941 100644
--- a/mm/oom_kill.c
+++ b/mm/oom_kill.c
@@ -44,6 +44,7 @@
#include <linux/init.h>
#include <linux/mmu_notifier.h>
#include <linux/cred.h>
+#include <linux/nmi.h>
#include <asm/tlb.h>
#include "internal.h"
@@ -430,10 +431,15 @@ static void dump_tasks(struct oom_control *oc)
mem_cgroup_scan_tasks(oc->memcg, dump_task, oc);
else {
struct task_struct *p;
+ int i = 0;
rcu_read_lock();
- for_each_process(p)
+ for_each_process(p) {
+ /* Avoid potential softlockup warning */
+ if ((++i & 1023) == 0)
+ touch_softlockup_watchdog();
dump_task(p, oc);
+ }
rcu_read_unlock();
}
}
4 months, 2 weeks
- 1
- 0
FAILED: patch "[PATCH] memcg: fix soft lockup in the OOM process" failed to apply to 5.10-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 5.10-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y
git checkout FETCH_HEAD
git cherry-pick -x ade81479c7dda1ce3eedb215c78bc615bbd04f06
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025020517-confident-sterile-7acb@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From ade81479c7dda1ce3eedb215c78bc615bbd04f06 Mon Sep 17 00:00:00 2001
From: Chen Ridong <chenridong(a)huawei.com>
Date: Tue, 24 Dec 2024 02:52:38 +0000
Subject: [PATCH] memcg: fix soft lockup in the OOM process
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
A soft lockup issue was found in the product with about 56,000 tasks were
in the OOM cgroup, it was traversing them when the soft lockup was
triggered.
watchdog: BUG: soft lockup - CPU#2 stuck for 23s! [VM Thread:1503066]
CPU: 2 PID: 1503066 Comm: VM Thread Kdump: loaded Tainted: G
Hardware name: Huawei Cloud OpenStack Nova, BIOS
RIP: 0010:console_unlock+0x343/0x540
RSP: 0000:ffffb751447db9a0 EFLAGS: 00000247 ORIG_RAX: ffffffffffffff13
RAX: 0000000000000001 RBX: 0000000000000000 RCX: 00000000ffffffff
RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000247
RBP: ffffffffafc71f90 R08: 0000000000000000 R09: 0000000000000040
R10: 0000000000000080 R11: 0000000000000000 R12: ffffffffafc74bd0
R13: ffffffffaf60a220 R14: 0000000000000247 R15: 0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f2fe6ad91f0 CR3: 00000004b2076003 CR4: 0000000000360ee0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
vprintk_emit+0x193/0x280
printk+0x52/0x6e
dump_task+0x114/0x130
mem_cgroup_scan_tasks+0x76/0x100
dump_header+0x1fe/0x210
oom_kill_process+0xd1/0x100
out_of_memory+0x125/0x570
mem_cgroup_out_of_memory+0xb5/0xd0
try_charge+0x720/0x770
mem_cgroup_try_charge+0x86/0x180
mem_cgroup_try_charge_delay+0x1c/0x40
do_anonymous_page+0xb5/0x390
handle_mm_fault+0xc4/0x1f0
This is because thousands of processes are in the OOM cgroup, it takes a
long time to traverse all of them. As a result, this lead to soft lockup
in the OOM process.
To fix this issue, call 'cond_resched' in the 'mem_cgroup_scan_tasks'
function per 1000 iterations. For global OOM, call
'touch_softlockup_watchdog' per 1000 iterations to avoid this issue.
Link: https://lkml.kernel.org/r/20241224025238.3768787-1-chenridong@huaweicloud.c…
Fixes: 9cbb78bb3143 ("mm, memcg: introduce own oom handler to iterate only over its own threads")
Signed-off-by: Chen Ridong <chenridong(a)huawei.com>
Acked-by: Michal Hocko <mhocko(a)suse.com>
Cc: Roman Gushchin <roman.gushchin(a)linux.dev>
Cc: Johannes Weiner <hannes(a)cmpxchg.org>
Cc: Shakeel Butt <shakeelb(a)google.com>
Cc: Muchun Song <songmuchun(a)bytedance.com>
Cc: Michal Koutný <mkoutny(a)suse.com>
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org>
diff --git a/mm/memcontrol.c b/mm/memcontrol.c
index 65fb5eee1466..46f8b372d212 100644
--- a/mm/memcontrol.c
+++ b/mm/memcontrol.c
@@ -1161,6 +1161,7 @@ void mem_cgroup_scan_tasks(struct mem_cgroup *memcg,
{
struct mem_cgroup *iter;
int ret = 0;
+ int i = 0;
BUG_ON(mem_cgroup_is_root(memcg));
@@ -1169,8 +1170,12 @@ void mem_cgroup_scan_tasks(struct mem_cgroup *memcg,
struct task_struct *task;
css_task_iter_start(&iter->css, CSS_TASK_ITER_PROCS, &it);
- while (!ret && (task = css_task_iter_next(&it)))
+ while (!ret && (task = css_task_iter_next(&it))) {
+ /* Avoid potential softlockup warning */
+ if ((++i & 1023) == 0)
+ cond_resched();
ret = fn(task, arg);
+ }
css_task_iter_end(&it);
if (ret) {
mem_cgroup_iter_break(memcg, iter);
diff --git a/mm/oom_kill.c b/mm/oom_kill.c
index 1c485beb0b93..044ebab2c941 100644
--- a/mm/oom_kill.c
+++ b/mm/oom_kill.c
@@ -44,6 +44,7 @@
#include <linux/init.h>
#include <linux/mmu_notifier.h>
#include <linux/cred.h>
+#include <linux/nmi.h>
#include <asm/tlb.h>
#include "internal.h"
@@ -430,10 +431,15 @@ static void dump_tasks(struct oom_control *oc)
mem_cgroup_scan_tasks(oc->memcg, dump_task, oc);
else {
struct task_struct *p;
+ int i = 0;
rcu_read_lock();
- for_each_process(p)
+ for_each_process(p) {
+ /* Avoid potential softlockup warning */
+ if ((++i & 1023) == 0)
+ touch_softlockup_watchdog();
dump_task(p, oc);
+ }
rcu_read_unlock();
}
}
4 months, 2 weeks
- 1
- 0
FAILED: patch "[PATCH] memcg: fix soft lockup in the OOM process" failed to apply to 5.15-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 5.15-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y
git checkout FETCH_HEAD
git cherry-pick -x ade81479c7dda1ce3eedb215c78bc615bbd04f06
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025020516-fable-crane-ab09@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From ade81479c7dda1ce3eedb215c78bc615bbd04f06 Mon Sep 17 00:00:00 2001
From: Chen Ridong <chenridong(a)huawei.com>
Date: Tue, 24 Dec 2024 02:52:38 +0000
Subject: [PATCH] memcg: fix soft lockup in the OOM process
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
A soft lockup issue was found in the product with about 56,000 tasks were
in the OOM cgroup, it was traversing them when the soft lockup was
triggered.
watchdog: BUG: soft lockup - CPU#2 stuck for 23s! [VM Thread:1503066]
CPU: 2 PID: 1503066 Comm: VM Thread Kdump: loaded Tainted: G
Hardware name: Huawei Cloud OpenStack Nova, BIOS
RIP: 0010:console_unlock+0x343/0x540
RSP: 0000:ffffb751447db9a0 EFLAGS: 00000247 ORIG_RAX: ffffffffffffff13
RAX: 0000000000000001 RBX: 0000000000000000 RCX: 00000000ffffffff
RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000247
RBP: ffffffffafc71f90 R08: 0000000000000000 R09: 0000000000000040
R10: 0000000000000080 R11: 0000000000000000 R12: ffffffffafc74bd0
R13: ffffffffaf60a220 R14: 0000000000000247 R15: 0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f2fe6ad91f0 CR3: 00000004b2076003 CR4: 0000000000360ee0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
vprintk_emit+0x193/0x280
printk+0x52/0x6e
dump_task+0x114/0x130
mem_cgroup_scan_tasks+0x76/0x100
dump_header+0x1fe/0x210
oom_kill_process+0xd1/0x100
out_of_memory+0x125/0x570
mem_cgroup_out_of_memory+0xb5/0xd0
try_charge+0x720/0x770
mem_cgroup_try_charge+0x86/0x180
mem_cgroup_try_charge_delay+0x1c/0x40
do_anonymous_page+0xb5/0x390
handle_mm_fault+0xc4/0x1f0
This is because thousands of processes are in the OOM cgroup, it takes a
long time to traverse all of them. As a result, this lead to soft lockup
in the OOM process.
To fix this issue, call 'cond_resched' in the 'mem_cgroup_scan_tasks'
function per 1000 iterations. For global OOM, call
'touch_softlockup_watchdog' per 1000 iterations to avoid this issue.
Link: https://lkml.kernel.org/r/20241224025238.3768787-1-chenridong@huaweicloud.c…
Fixes: 9cbb78bb3143 ("mm, memcg: introduce own oom handler to iterate only over its own threads")
Signed-off-by: Chen Ridong <chenridong(a)huawei.com>
Acked-by: Michal Hocko <mhocko(a)suse.com>
Cc: Roman Gushchin <roman.gushchin(a)linux.dev>
Cc: Johannes Weiner <hannes(a)cmpxchg.org>
Cc: Shakeel Butt <shakeelb(a)google.com>
Cc: Muchun Song <songmuchun(a)bytedance.com>
Cc: Michal Koutný <mkoutny(a)suse.com>
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org>
diff --git a/mm/memcontrol.c b/mm/memcontrol.c
index 65fb5eee1466..46f8b372d212 100644
--- a/mm/memcontrol.c
+++ b/mm/memcontrol.c
@@ -1161,6 +1161,7 @@ void mem_cgroup_scan_tasks(struct mem_cgroup *memcg,
{
struct mem_cgroup *iter;
int ret = 0;
+ int i = 0;
BUG_ON(mem_cgroup_is_root(memcg));
@@ -1169,8 +1170,12 @@ void mem_cgroup_scan_tasks(struct mem_cgroup *memcg,
struct task_struct *task;
css_task_iter_start(&iter->css, CSS_TASK_ITER_PROCS, &it);
- while (!ret && (task = css_task_iter_next(&it)))
+ while (!ret && (task = css_task_iter_next(&it))) {
+ /* Avoid potential softlockup warning */
+ if ((++i & 1023) == 0)
+ cond_resched();
ret = fn(task, arg);
+ }
css_task_iter_end(&it);
if (ret) {
mem_cgroup_iter_break(memcg, iter);
diff --git a/mm/oom_kill.c b/mm/oom_kill.c
index 1c485beb0b93..044ebab2c941 100644
--- a/mm/oom_kill.c
+++ b/mm/oom_kill.c
@@ -44,6 +44,7 @@
#include <linux/init.h>
#include <linux/mmu_notifier.h>
#include <linux/cred.h>
+#include <linux/nmi.h>
#include <asm/tlb.h>
#include "internal.h"
@@ -430,10 +431,15 @@ static void dump_tasks(struct oom_control *oc)
mem_cgroup_scan_tasks(oc->memcg, dump_task, oc);
else {
struct task_struct *p;
+ int i = 0;
rcu_read_lock();
- for_each_process(p)
+ for_each_process(p) {
+ /* Avoid potential softlockup warning */
+ if ((++i & 1023) == 0)
+ touch_softlockup_watchdog();
dump_task(p, oc);
+ }
rcu_read_unlock();
}
}
4 months, 2 weeks
- 1
- 0
FAILED: patch "[PATCH] memcg: fix soft lockup in the OOM process" failed to apply to 6.1-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.1-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y
git checkout FETCH_HEAD
git cherry-pick -x ade81479c7dda1ce3eedb215c78bc615bbd04f06
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025020515-nebulizer-gentleman-d288@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From ade81479c7dda1ce3eedb215c78bc615bbd04f06 Mon Sep 17 00:00:00 2001
From: Chen Ridong <chenridong(a)huawei.com>
Date: Tue, 24 Dec 2024 02:52:38 +0000
Subject: [PATCH] memcg: fix soft lockup in the OOM process
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
A soft lockup issue was found in the product with about 56,000 tasks were
in the OOM cgroup, it was traversing them when the soft lockup was
triggered.
watchdog: BUG: soft lockup - CPU#2 stuck for 23s! [VM Thread:1503066]
CPU: 2 PID: 1503066 Comm: VM Thread Kdump: loaded Tainted: G
Hardware name: Huawei Cloud OpenStack Nova, BIOS
RIP: 0010:console_unlock+0x343/0x540
RSP: 0000:ffffb751447db9a0 EFLAGS: 00000247 ORIG_RAX: ffffffffffffff13
RAX: 0000000000000001 RBX: 0000000000000000 RCX: 00000000ffffffff
RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000247
RBP: ffffffffafc71f90 R08: 0000000000000000 R09: 0000000000000040
R10: 0000000000000080 R11: 0000000000000000 R12: ffffffffafc74bd0
R13: ffffffffaf60a220 R14: 0000000000000247 R15: 0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f2fe6ad91f0 CR3: 00000004b2076003 CR4: 0000000000360ee0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
vprintk_emit+0x193/0x280
printk+0x52/0x6e
dump_task+0x114/0x130
mem_cgroup_scan_tasks+0x76/0x100
dump_header+0x1fe/0x210
oom_kill_process+0xd1/0x100
out_of_memory+0x125/0x570
mem_cgroup_out_of_memory+0xb5/0xd0
try_charge+0x720/0x770
mem_cgroup_try_charge+0x86/0x180
mem_cgroup_try_charge_delay+0x1c/0x40
do_anonymous_page+0xb5/0x390
handle_mm_fault+0xc4/0x1f0
This is because thousands of processes are in the OOM cgroup, it takes a
long time to traverse all of them. As a result, this lead to soft lockup
in the OOM process.
To fix this issue, call 'cond_resched' in the 'mem_cgroup_scan_tasks'
function per 1000 iterations. For global OOM, call
'touch_softlockup_watchdog' per 1000 iterations to avoid this issue.
Link: https://lkml.kernel.org/r/20241224025238.3768787-1-chenridong@huaweicloud.c…
Fixes: 9cbb78bb3143 ("mm, memcg: introduce own oom handler to iterate only over its own threads")
Signed-off-by: Chen Ridong <chenridong(a)huawei.com>
Acked-by: Michal Hocko <mhocko(a)suse.com>
Cc: Roman Gushchin <roman.gushchin(a)linux.dev>
Cc: Johannes Weiner <hannes(a)cmpxchg.org>
Cc: Shakeel Butt <shakeelb(a)google.com>
Cc: Muchun Song <songmuchun(a)bytedance.com>
Cc: Michal Koutný <mkoutny(a)suse.com>
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org>
diff --git a/mm/memcontrol.c b/mm/memcontrol.c
index 65fb5eee1466..46f8b372d212 100644
--- a/mm/memcontrol.c
+++ b/mm/memcontrol.c
@@ -1161,6 +1161,7 @@ void mem_cgroup_scan_tasks(struct mem_cgroup *memcg,
{
struct mem_cgroup *iter;
int ret = 0;
+ int i = 0;
BUG_ON(mem_cgroup_is_root(memcg));
@@ -1169,8 +1170,12 @@ void mem_cgroup_scan_tasks(struct mem_cgroup *memcg,
struct task_struct *task;
css_task_iter_start(&iter->css, CSS_TASK_ITER_PROCS, &it);
- while (!ret && (task = css_task_iter_next(&it)))
+ while (!ret && (task = css_task_iter_next(&it))) {
+ /* Avoid potential softlockup warning */
+ if ((++i & 1023) == 0)
+ cond_resched();
ret = fn(task, arg);
+ }
css_task_iter_end(&it);
if (ret) {
mem_cgroup_iter_break(memcg, iter);
diff --git a/mm/oom_kill.c b/mm/oom_kill.c
index 1c485beb0b93..044ebab2c941 100644
--- a/mm/oom_kill.c
+++ b/mm/oom_kill.c
@@ -44,6 +44,7 @@
#include <linux/init.h>
#include <linux/mmu_notifier.h>
#include <linux/cred.h>
+#include <linux/nmi.h>
#include <asm/tlb.h>
#include "internal.h"
@@ -430,10 +431,15 @@ static void dump_tasks(struct oom_control *oc)
mem_cgroup_scan_tasks(oc->memcg, dump_task, oc);
else {
struct task_struct *p;
+ int i = 0;
rcu_read_lock();
- for_each_process(p)
+ for_each_process(p) {
+ /* Avoid potential softlockup warning */
+ if ((++i & 1023) == 0)
+ touch_softlockup_watchdog();
dump_task(p, oc);
+ }
rcu_read_unlock();
}
}
4 months, 2 weeks
- 1
- 0
FAILED: patch "[PATCH] memcg: fix soft lockup in the OOM process" failed to apply to 6.6-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.6-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y
git checkout FETCH_HEAD
git cherry-pick -x ade81479c7dda1ce3eedb215c78bc615bbd04f06
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025020514-hacker-slouching-58c8@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From ade81479c7dda1ce3eedb215c78bc615bbd04f06 Mon Sep 17 00:00:00 2001
From: Chen Ridong <chenridong(a)huawei.com>
Date: Tue, 24 Dec 2024 02:52:38 +0000
Subject: [PATCH] memcg: fix soft lockup in the OOM process
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
A soft lockup issue was found in the product with about 56,000 tasks were
in the OOM cgroup, it was traversing them when the soft lockup was
triggered.
watchdog: BUG: soft lockup - CPU#2 stuck for 23s! [VM Thread:1503066]
CPU: 2 PID: 1503066 Comm: VM Thread Kdump: loaded Tainted: G
Hardware name: Huawei Cloud OpenStack Nova, BIOS
RIP: 0010:console_unlock+0x343/0x540
RSP: 0000:ffffb751447db9a0 EFLAGS: 00000247 ORIG_RAX: ffffffffffffff13
RAX: 0000000000000001 RBX: 0000000000000000 RCX: 00000000ffffffff
RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000247
RBP: ffffffffafc71f90 R08: 0000000000000000 R09: 0000000000000040
R10: 0000000000000080 R11: 0000000000000000 R12: ffffffffafc74bd0
R13: ffffffffaf60a220 R14: 0000000000000247 R15: 0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f2fe6ad91f0 CR3: 00000004b2076003 CR4: 0000000000360ee0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
vprintk_emit+0x193/0x280
printk+0x52/0x6e
dump_task+0x114/0x130
mem_cgroup_scan_tasks+0x76/0x100
dump_header+0x1fe/0x210
oom_kill_process+0xd1/0x100
out_of_memory+0x125/0x570
mem_cgroup_out_of_memory+0xb5/0xd0
try_charge+0x720/0x770
mem_cgroup_try_charge+0x86/0x180
mem_cgroup_try_charge_delay+0x1c/0x40
do_anonymous_page+0xb5/0x390
handle_mm_fault+0xc4/0x1f0
This is because thousands of processes are in the OOM cgroup, it takes a
long time to traverse all of them. As a result, this lead to soft lockup
in the OOM process.
To fix this issue, call 'cond_resched' in the 'mem_cgroup_scan_tasks'
function per 1000 iterations. For global OOM, call
'touch_softlockup_watchdog' per 1000 iterations to avoid this issue.
Link: https://lkml.kernel.org/r/20241224025238.3768787-1-chenridong@huaweicloud.c…
Fixes: 9cbb78bb3143 ("mm, memcg: introduce own oom handler to iterate only over its own threads")
Signed-off-by: Chen Ridong <chenridong(a)huawei.com>
Acked-by: Michal Hocko <mhocko(a)suse.com>
Cc: Roman Gushchin <roman.gushchin(a)linux.dev>
Cc: Johannes Weiner <hannes(a)cmpxchg.org>
Cc: Shakeel Butt <shakeelb(a)google.com>
Cc: Muchun Song <songmuchun(a)bytedance.com>
Cc: Michal Koutný <mkoutny(a)suse.com>
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org>
diff --git a/mm/memcontrol.c b/mm/memcontrol.c
index 65fb5eee1466..46f8b372d212 100644
--- a/mm/memcontrol.c
+++ b/mm/memcontrol.c
@@ -1161,6 +1161,7 @@ void mem_cgroup_scan_tasks(struct mem_cgroup *memcg,
{
struct mem_cgroup *iter;
int ret = 0;
+ int i = 0;
BUG_ON(mem_cgroup_is_root(memcg));
@@ -1169,8 +1170,12 @@ void mem_cgroup_scan_tasks(struct mem_cgroup *memcg,
struct task_struct *task;
css_task_iter_start(&iter->css, CSS_TASK_ITER_PROCS, &it);
- while (!ret && (task = css_task_iter_next(&it)))
+ while (!ret && (task = css_task_iter_next(&it))) {
+ /* Avoid potential softlockup warning */
+ if ((++i & 1023) == 0)
+ cond_resched();
ret = fn(task, arg);
+ }
css_task_iter_end(&it);
if (ret) {
mem_cgroup_iter_break(memcg, iter);
diff --git a/mm/oom_kill.c b/mm/oom_kill.c
index 1c485beb0b93..044ebab2c941 100644
--- a/mm/oom_kill.c
+++ b/mm/oom_kill.c
@@ -44,6 +44,7 @@
#include <linux/init.h>
#include <linux/mmu_notifier.h>
#include <linux/cred.h>
+#include <linux/nmi.h>
#include <asm/tlb.h>
#include "internal.h"
@@ -430,10 +431,15 @@ static void dump_tasks(struct oom_control *oc)
mem_cgroup_scan_tasks(oc->memcg, dump_task, oc);
else {
struct task_struct *p;
+ int i = 0;
rcu_read_lock();
- for_each_process(p)
+ for_each_process(p) {
+ /* Avoid potential softlockup warning */
+ if ((++i & 1023) == 0)
+ touch_softlockup_watchdog();
dump_task(p, oc);
+ }
rcu_read_unlock();
}
}
4 months, 2 weeks
- 1
- 0
[PATCH V10 1/4] perf/x86/intel: Apply static call for drain_pebs
by kan.liang@linux.intel.com
From: "Peter Zijlstra (Intel)" <peterz(a)infradead.org>
The x86_pmu_drain_pebs static call was introduced in commit 7c9903c9bf71
("x86/perf, static_call: Optimize x86_pmu methods"), but it's not really
used to replace the old method.
Apply the static call for drain_pebs.
Fixes: 7c9903c9bf71 ("x86/perf, static_call: Optimize x86_pmu methods")
Signed-off-by: Kan Liang <kan.liang(a)linux.intel.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz(a)infradead.org>
Cc: stable(a)vger.kernel.org
---
New for V10
arch/x86/events/intel/core.c | 2 +-
arch/x86/events/intel/ds.c | 2 +-
arch/x86/events/perf_event.h | 1 +
3 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/arch/x86/events/intel/core.c b/arch/x86/events/intel/core.c
index 2a2824e9c50d..4daa45ae9bd2 100644
--- a/arch/x86/events/intel/core.c
+++ b/arch/x86/events/intel/core.c
@@ -3066,7 +3066,7 @@ static int handle_pmi_common(struct pt_regs *regs, u64 status)
handled++;
x86_pmu_handle_guest_pebs(regs, &data);
- x86_pmu.drain_pebs(regs, &data);
+ static_call(x86_pmu_drain_pebs)(regs, &data);
status &= intel_ctrl | GLOBAL_STATUS_TRACE_TOPAPMI;
/*
diff --git a/arch/x86/events/intel/ds.c b/arch/x86/events/intel/ds.c
index ba74e1198328..322963b02a91 100644
--- a/arch/x86/events/intel/ds.c
+++ b/arch/x86/events/intel/ds.c
@@ -957,7 +957,7 @@ static inline void intel_pmu_drain_pebs_buffer(void)
{
struct perf_sample_data data;
- x86_pmu.drain_pebs(NULL, &data);
+ static_call(x86_pmu_drain_pebs)(NULL, &data);
}
/*
diff --git a/arch/x86/events/perf_event.h b/arch/x86/events/perf_event.h
index 31c2771545a6..084e9196b458 100644
--- a/arch/x86/events/perf_event.h
+++ b/arch/x86/events/perf_event.h
@@ -1107,6 +1107,7 @@ extern struct x86_pmu x86_pmu __read_mostly;
DECLARE_STATIC_CALL(x86_pmu_set_period, *x86_pmu.set_period);
DECLARE_STATIC_CALL(x86_pmu_update, *x86_pmu.update);
+DECLARE_STATIC_CALL(x86_pmu_drain_pebs, *x86_pmu.drain_pebs);
static __always_inline struct x86_perf_task_context_opt *task_context_opt(void *ctx)
{
--
2.38.1
4 months, 2 weeks
- 3
- 5
[PATCH v1 1/2] regulator: qcom_smd: Add l2, l5 sub-node to mp5496 regulator
by Varadarajan Narayanan
Adding l2, l5 sub-node entry to mp5496 regulator node.
Cc: stable(a)vger.kernel.org
Acked-by: Rob Herring <robh(a)kernel.org>
Signed-off-by: Varadarajan Narayanan <quic_varada(a)quicinc.com>
---
.../devicetree/bindings/regulator/qcom,smd-rpm-regulator.yaml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Documentation/devicetree/bindings/regulator/qcom,smd-rpm-regulator.yaml b/Documentation/devicetree/bindings/regulator/qcom,smd-rpm-regulator.yaml
index f2fd2df68a9e..b7241ce975b9 100644
--- a/Documentation/devicetree/bindings/regulator/qcom,smd-rpm-regulator.yaml
+++ b/Documentation/devicetree/bindings/regulator/qcom,smd-rpm-regulator.yaml
@@ -22,7 +22,7 @@ description:
Each sub-node is identified using the node's name, with valid values listed
for each of the pmics below.
- For mp5496, s1, s2
+ For mp5496, s1, s2, l2, l5
For pm2250, s1, s2, s3, s4, l1, l2, l3, l4, l5, l6, l7, l8, l9, l10, l11,
l12, l13, l14, l15, l16, l17, l18, l19, l20, l21, l22
--
2.34.1
4 months, 2 weeks
- 1
- 0
[PATCH v3 0/2] Tegra ADMA fixes
by Mohan Kumar D
- Fix build error due to 64-by-32 division
- Additional check for adma max page
Mohan Kumar D (2):
dmaengine: tegra210-adma: Fix build error due to 64-by-32 division
dmaengine: tegra210-adma: check for adma max page
drivers/dma/tegra210-adma.c | 19 ++++++++++++++++---
1 file changed, 16 insertions(+), 3 deletions(-)
--
2.25.1
4 months, 2 weeks
- 4
- 11
[PATCH] ima: Reset IMA_NONACTION_RULE_FLAGS after post_setattr
by Roberto Sassu
From: Roberto Sassu <roberto.sassu(a)huawei.com>
Commit 0d73a55208e9 ("ima: re-introduce own integrity cache lock")
mistakenly reverted the performance improvement introduced in commit
42a4c603198f0 ("ima: fix ima_inode_post_setattr"). The unused bit mask was
subsequently removed by commit 11c60f23ed13 ("integrity: Remove unused
macro IMA_ACTION_RULE_FLAGS").
Restore the performance improvement by introducing the new mask
IMA_NONACTION_RULE_FLAGS, equal to IMA_NONACTION_FLAGS without
IMA_NEW_FILE, which is not a rule-specific flag.
Finally, reset IMA_NONACTION_RULE_FLAGS instead of IMA_NONACTION_FLAGS in
process_measurement(), if the IMA_CHANGE_ATTR atomic flag is set (after
file metadata modification).
With this patch, new files for which metadata were modified while they are
still open, can be reopened before the last file close (when security.ima
is written), since the IMA_NEW_FILE flag is not cleared anymore. Otherwise,
appraisal fails because security.ima is missing (files with IMA_NEW_FILE
set are an exception).
Cc: stable(a)vger.kernel.org # v4.16.x
Fixes: 0d73a55208e9 ("ima: re-introduce own integrity cache lock")
Signed-off-by: Roberto Sassu <roberto.sassu(a)huawei.com>
---
security/integrity/ima/ima.h | 3 +++
security/integrity/ima/ima_main.c | 7 +++++--
2 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h
index 24d09ea91b87..a4f284bd846c 100644
--- a/security/integrity/ima/ima.h
+++ b/security/integrity/ima/ima.h
@@ -149,6 +149,9 @@ struct ima_kexec_hdr {
#define IMA_CHECK_BLACKLIST 0x40000000
#define IMA_VERITY_REQUIRED 0x80000000
+/* Exclude non-action flags which are not rule-specific. */
+#define IMA_NONACTION_RULE_FLAGS (IMA_NONACTION_FLAGS & ~IMA_NEW_FILE)
+
#define IMA_DO_MASK (IMA_MEASURE | IMA_APPRAISE | IMA_AUDIT | \
IMA_HASH | IMA_APPRAISE_SUBMASK)
#define IMA_DONE_MASK (IMA_MEASURED | IMA_APPRAISED | IMA_AUDITED | \
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
index 9b87556b03a7..b028c501949c 100644
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -269,10 +269,13 @@ static int process_measurement(struct file *file, const struct cred *cred,
mutex_lock(&iint->mutex);
if (test_and_clear_bit(IMA_CHANGE_ATTR, &iint->atomic_flags))
- /* reset appraisal flags if ima_inode_post_setattr was called */
+ /*
+ * Reset appraisal flags (action and non-action rule-specific)
+ * if ima_inode_post_setattr was called.
+ */
iint->flags &= ~(IMA_APPRAISE | IMA_APPRAISED |
IMA_APPRAISE_SUBMASK | IMA_APPRAISED_SUBMASK |
- IMA_NONACTION_FLAGS);
+ IMA_NONACTION_RULE_FLAGS);
/*
* Re-evaulate the file if either the xattr has changed or the
--
2.34.1
4 months, 2 weeks
- 2
- 1
[PATCH RESEND v3 1/2] scsi: qedf: Replace kmalloc_array() with kcalloc()
by Jiasheng Jiang
Replace kmalloc_array() with kcalloc() to avoid old (dirty) data being
used/freed.
Fixes: 61d8658b4a43 ("scsi: qedf: Add QLogic FastLinQ offload FCoE driver framework.")
Cc: <stable(a)vger.kernel.org> # v5.10+
Signed-off-by: Jiasheng Jiang <jiashengjiangcool(a)gmail.com>
---
Changelog:
v2 -> v3:
1. Remove the check for bdt_info.
v1 -> v2:
1. Replace kzalloc() with kcalloc().
---
drivers/scsi/qedf/qedf_io.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/drivers/scsi/qedf/qedf_io.c b/drivers/scsi/qedf/qedf_io.c
index fcfc3bed02c6..d52057b97a4f 100644
--- a/drivers/scsi/qedf/qedf_io.c
+++ b/drivers/scsi/qedf/qedf_io.c
@@ -254,9 +254,7 @@ struct qedf_cmd_mgr *qedf_cmd_mgr_alloc(struct qedf_ctx *qedf)
}
/* Allocate pool of io_bdts - one for each qedf_ioreq */
- cmgr->io_bdt_pool = kmalloc_array(num_ios, sizeof(struct io_bdt *),
- GFP_KERNEL);
-
+ cmgr->io_bdt_pool = kcalloc(num_ios, sizeof(*cmgr->io_bdt_pool), GFP_KERNEL);
if (!cmgr->io_bdt_pool) {
QEDF_WARN(&(qedf->dbg_ctx), "Failed to alloc io_bdt_pool.\n");
goto mem_err;
--
2.25.1
4 months, 2 weeks
- 1
- 1
[PATCH v3 2/2] scsi: qedf: Add check for bdt_info
by Jiasheng Jiang
Add a check for "bdt_info". Otherwise, if one of the allocations
for "cmgr->io_bdt_pool[i]" fails, "bdt_info->bd_tbl" will cause a NULL
pointer dereference.
Fixes: 61d8658b4a43 ("scsi: qedf: Add QLogic FastLinQ offload FCoE driver framework.")
Cc: <stable(a)vger.kernel.org> # v5.10+
Signed-off-by: Jiasheng Jiang <jiashengjiangcool(a)gmail.com>
---
Changelog:
v2 -> v3:
1. No change.
v1 -> v2:
1. No change.
---
drivers/scsi/qedf/qedf_io.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/scsi/qedf/qedf_io.c b/drivers/scsi/qedf/qedf_io.c
index d52057b97a4f..1ed0ee4f8dde 100644
--- a/drivers/scsi/qedf/qedf_io.c
+++ b/drivers/scsi/qedf/qedf_io.c
@@ -125,7 +125,7 @@ void qedf_cmd_mgr_free(struct qedf_cmd_mgr *cmgr)
bd_tbl_sz = QEDF_MAX_BDS_PER_CMD * sizeof(struct scsi_sge);
for (i = 0; i < num_ios; i++) {
bdt_info = cmgr->io_bdt_pool[i];
- if (bdt_info->bd_tbl) {
+ if (bdt_info && bdt_info->bd_tbl) {
dma_free_coherent(&qedf->pdev->dev, bd_tbl_sz,
bdt_info->bd_tbl, bdt_info->bd_tbl_dma);
bdt_info->bd_tbl = NULL;
--
2.25.1
4 months, 2 weeks
- 1
- 0
[PATCH AUTOSEL 6.13 1/8] soc: qcom: pd-mapper: Add X1P42100
by Sasha Levin
From: Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com>
[ Upstream commit e7282bf8a0e9bb8a4cb1be406674ff7bb7b264f2 ]
X1P42100 is a cousin of X1E80100, and hence can make use of the
latter's configuration. Do so.
Signed-off-by: Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com>
Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
Link: https://lore.kernel.org/r/20241221-topic-x1p4_soc-v1-3-55347831d73c@oss.qua…
Signed-off-by: Bjorn Andersson <andersson(a)kernel.org>
Signed-off-by: Sasha Levin <sashal(a)kernel.org>
---
drivers/soc/qcom/qcom_pd_mapper.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/soc/qcom/qcom_pd_mapper.c b/drivers/soc/qcom/qcom_pd_mapper.c
index 6e30f08761aa4..50aa54996901f 100644
--- a/drivers/soc/qcom/qcom_pd_mapper.c
+++ b/drivers/soc/qcom/qcom_pd_mapper.c
@@ -561,6 +561,7 @@ static const struct of_device_id qcom_pdm_domains[] __maybe_unused = {
{ .compatible = "qcom,sm8550", .data = sm8550_domains, },
{ .compatible = "qcom,sm8650", .data = sm8550_domains, },
{ .compatible = "qcom,x1e80100", .data = x1e80100_domains, },
+ { .compatible = "qcom,x1p42100", .data = x1e80100_domains, },
{},
};
--
2.39.5
4 months, 2 weeks
- 2
- 9
v6.12 backport for psi: Fix race when task wakes up before psi_sched_switch() adjusts flags
by Paul Kramme
Hello,
we are seeing broken CPU PSI metrics across our infrastructure running
6.12, with messages like "psi: inconsistent task state!
task=1831:hackbench cpu=8 psi_flags=14 clear=0 set=4" in dmesg. I
believe commit 7d9da040575b343085287686fa902a5b2d43c7ca might fix this
issue.
psi: Fix race when task wakes up before psi_sched_switch() adjusts flags
Thanks
Paul
4 months, 2 weeks
- 3
- 2
[PATCH V2 1/1] x86/tdx: Route safe halt execution via tdx_safe_halt()
by Vishal Annapurve
Direct HLT instruction execution causes #VEs for TDX VMs which is routed
to hypervisor via tdvmcall. This process renders HLT instruction
execution inatomic, so any preceding instructions like STI/MOV SS will
end up enabling interrupts before the HLT instruction is routed to the
hypervisor. This creates scenarios where interrupts could land during
HLT instruction emulation without aborting halt operation leading to
idefinite halt wait times.
Commit bfe6ed0c6727 ("x86/tdx: Add HLT support for TDX guests") already
upgraded x86_idle() to invoke tdvmcall to avoid such scenarios, but
it didn't cover pv_native_safe_halt() which can be invoked using
raw_safe_halt() from call sites like acpi_safe_halt().
raw_safe_halt() also returns with interrupts enabled so upgrade
tdx_safe_halt() to enable interrupts by default and ensure that paravirt
safe_halt() executions invoke tdx_safe_halt(). Earlier x86_idle() is now
handled via tdx_idle() which simply invokes tdvmcall while preserving
irq state.
To avoid future call sites which cause HLT instruction emulation with
irqs enabled, add a warn and fail the HLT instruction emulation.
Cc: stable(a)vger.kernel.org
Fixes: bfe6ed0c6727 ("x86/tdx: Add HLT support for TDX guests")
Signed-off-by: Vishal Annapurve <vannapurve(a)google.com>
---
Changes since V1:
1) Addressed comments from Dave H
- Comment regarding adding a check for TDX VMs in halt path is not
resolved in v2, would like feedback around better place to do so,
maybe in pv_native_safe_halt (?).
2) Added a new version of tdx_safe_halt() that will enable interrupts.
3) Previous tdx_safe_halt() implementation is moved to newly introduced
tdx_idle().
V1: https://lore.kernel.org/lkml/Z5l6L3Hen9_Y3SGC@google.com/T/
arch/x86/coco/tdx/tdx.c | 23 ++++++++++++++++++++++-
arch/x86/include/asm/tdx.h | 2 +-
arch/x86/kernel/process.c | 2 +-
3 files changed, 24 insertions(+), 3 deletions(-)
diff --git a/arch/x86/coco/tdx/tdx.c b/arch/x86/coco/tdx/tdx.c
index 0d9b090b4880..cc2a637dca15 100644
--- a/arch/x86/coco/tdx/tdx.c
+++ b/arch/x86/coco/tdx/tdx.c
@@ -14,6 +14,7 @@
#include <asm/ia32.h>
#include <asm/insn.h>
#include <asm/insn-eval.h>
+#include <asm/paravirt_types.h>
#include <asm/pgtable.h>
#include <asm/set_memory.h>
#include <asm/traps.h>
@@ -380,13 +381,18 @@ static int handle_halt(struct ve_info *ve)
{
const bool irq_disabled = irqs_disabled();
+ if (!irq_disabled) {
+ WARN_ONCE(1, "HLT instruction emulation unsafe with irqs enabled\n");
+ return -EIO;
+ }
+
if (__halt(irq_disabled))
return -EIO;
return ve_instr_len(ve);
}
-void __cpuidle tdx_safe_halt(void)
+void __cpuidle tdx_idle(void)
{
const bool irq_disabled = false;
@@ -397,6 +403,12 @@ void __cpuidle tdx_safe_halt(void)
WARN_ONCE(1, "HLT instruction emulation failed\n");
}
+static void __cpuidle tdx_safe_halt(void)
+{
+ tdx_idle();
+ raw_local_irq_enable();
+}
+
static int read_msr(struct pt_regs *regs, struct ve_info *ve)
{
struct tdx_module_args args = {
@@ -1083,6 +1095,15 @@ void __init tdx_early_init(void)
x86_platform.guest.enc_kexec_begin = tdx_kexec_begin;
x86_platform.guest.enc_kexec_finish = tdx_kexec_finish;
+#ifdef CONFIG_PARAVIRT_XXL
+ /*
+ * halt instruction execution is not atomic for TDX VMs as it generates
+ * #VEs, so otherwise "safe" halt invocations which cause interrupts to
+ * get enabled right after halt instruction don't work for TDX VMs.
+ */
+ pv_ops.irq.safe_halt = tdx_safe_halt;
+#endif
+
/*
* TDX intercepts the RDMSR to read the X2APIC ID in the parallel
* bringup low level code. That raises #VE which cannot be handled
diff --git a/arch/x86/include/asm/tdx.h b/arch/x86/include/asm/tdx.h
index eba178996d84..dd386500ab1c 100644
--- a/arch/x86/include/asm/tdx.h
+++ b/arch/x86/include/asm/tdx.h
@@ -58,7 +58,7 @@ void tdx_get_ve_info(struct ve_info *ve);
bool tdx_handle_virt_exception(struct pt_regs *regs, struct ve_info *ve);
-void tdx_safe_halt(void);
+void tdx_idle(void);
bool tdx_early_handle_ve(struct pt_regs *regs);
diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c
index f63f8fd00a91..4083838fe4a0 100644
--- a/arch/x86/kernel/process.c
+++ b/arch/x86/kernel/process.c
@@ -933,7 +933,7 @@ void __init select_idle_routine(void)
static_call_update(x86_idle, mwait_idle);
} else if (cpu_feature_enabled(X86_FEATURE_TDX_GUEST)) {
pr_info("using TDX aware idle routine\n");
- static_call_update(x86_idle, tdx_safe_halt);
+ static_call_update(x86_idle, tdx_idle);
} else {
static_call_update(x86_idle, default_idle);
}
--
2.48.1.262.g85cc9f2d1e-goog
4 months, 2 weeks
- 3
- 15
FAILED: patch "[PATCH] md/md-bitmap: Synchronize bitmap_get_stats() with bitmap" failed to apply to 5.4-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 5.4-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y
git checkout FETCH_HEAD
git cherry-pick -x 8d28d0ddb986f56920ac97ae704cc3340a699a30
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025020421-exonerate-desecrate-e5ed@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 8d28d0ddb986f56920ac97ae704cc3340a699a30 Mon Sep 17 00:00:00 2001
From: Yu Kuai <yukuai3(a)huawei.com>
Date: Fri, 24 Jan 2025 17:20:55 +0800
Subject: [PATCH] md/md-bitmap: Synchronize bitmap_get_stats() with bitmap
lifetime
After commit ec6bb299c7c3 ("md/md-bitmap: add 'sync_size' into struct
md_bitmap_stats"), following panic is reported:
Oops: general protection fault, probably for non-canonical address
RIP: 0010:bitmap_get_stats+0x2b/0xa0
Call Trace:
<TASK>
md_seq_show+0x2d2/0x5b0
seq_read_iter+0x2b9/0x470
seq_read+0x12f/0x180
proc_reg_read+0x57/0xb0
vfs_read+0xf6/0x380
ksys_read+0x6c/0xf0
do_syscall_64+0x82/0x170
entry_SYSCALL_64_after_hwframe+0x76/0x7e
Root cause is that bitmap_get_stats() can be called at anytime if mddev
is still there, even if bitmap is destroyed, or not fully initialized.
Deferenceing bitmap in this case can crash the kernel. Meanwhile, the
above commit start to deferencing bitmap->storage, make the problem
easier to trigger.
Fix the problem by protecting bitmap_get_stats() with bitmap_info.mutex.
Cc: stable(a)vger.kernel.org # v6.12+
Fixes: 32a7627cf3a3 ("[PATCH] md: optimised resync using Bitmap based intent logging")
Reported-and-tested-by: Harshit Mogalapalli <harshit.m.mogalapalli(a)oracle.com>
Closes: https://lore.kernel.org/linux-raid/ca3a91a2-50ae-4f68-b317-abd9889f3907@ora…
Signed-off-by: Yu Kuai <yukuai3(a)huawei.com>
Link: https://lore.kernel.org/r/20250124092055.4050195-1-yukuai1@huaweicloud.com
Signed-off-by: Song Liu <song(a)kernel.org>
diff --git a/drivers/md/md-bitmap.c b/drivers/md/md-bitmap.c
index ec4ecd96e6b1..23c09d22fcdb 100644
--- a/drivers/md/md-bitmap.c
+++ b/drivers/md/md-bitmap.c
@@ -2355,7 +2355,10 @@ static int bitmap_get_stats(void *data, struct md_bitmap_stats *stats)
if (!bitmap)
return -ENOENT;
-
+ if (bitmap->mddev->bitmap_info.external)
+ return -ENOENT;
+ if (!bitmap->storage.sb_page) /* no superblock */
+ return -EINVAL;
sb = kmap_local_page(bitmap->storage.sb_page);
stats->sync_size = le64_to_cpu(sb->sync_size);
kunmap_local(sb);
diff --git a/drivers/md/md.c b/drivers/md/md.c
index 866015b681af..465ca2af1e6e 100644
--- a/drivers/md/md.c
+++ b/drivers/md/md.c
@@ -8376,6 +8376,10 @@ static int md_seq_show(struct seq_file *seq, void *v)
return 0;
spin_unlock(&all_mddevs_lock);
+
+ /* prevent bitmap to be freed after checking */
+ mutex_lock(&mddev->bitmap_info.mutex);
+
spin_lock(&mddev->lock);
if (mddev->pers || mddev->raid_disks || !list_empty(&mddev->disks)) {
seq_printf(seq, "%s : ", mdname(mddev));
@@ -8451,6 +8455,7 @@ static int md_seq_show(struct seq_file *seq, void *v)
seq_printf(seq, "\n");
}
spin_unlock(&mddev->lock);
+ mutex_unlock(&mddev->bitmap_info.mutex);
spin_lock(&all_mddevs_lock);
if (mddev == list_last_entry(&all_mddevs, struct mddev, all_mddevs))
4 months, 2 weeks
- 1
- 0
FAILED: patch "[PATCH] md/md-bitmap: Synchronize bitmap_get_stats() with bitmap" failed to apply to 5.10-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 5.10-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y
git checkout FETCH_HEAD
git cherry-pick -x 8d28d0ddb986f56920ac97ae704cc3340a699a30
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025020420-dreamlike-desktop-698c@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 8d28d0ddb986f56920ac97ae704cc3340a699a30 Mon Sep 17 00:00:00 2001
From: Yu Kuai <yukuai3(a)huawei.com>
Date: Fri, 24 Jan 2025 17:20:55 +0800
Subject: [PATCH] md/md-bitmap: Synchronize bitmap_get_stats() with bitmap
lifetime
After commit ec6bb299c7c3 ("md/md-bitmap: add 'sync_size' into struct
md_bitmap_stats"), following panic is reported:
Oops: general protection fault, probably for non-canonical address
RIP: 0010:bitmap_get_stats+0x2b/0xa0
Call Trace:
<TASK>
md_seq_show+0x2d2/0x5b0
seq_read_iter+0x2b9/0x470
seq_read+0x12f/0x180
proc_reg_read+0x57/0xb0
vfs_read+0xf6/0x380
ksys_read+0x6c/0xf0
do_syscall_64+0x82/0x170
entry_SYSCALL_64_after_hwframe+0x76/0x7e
Root cause is that bitmap_get_stats() can be called at anytime if mddev
is still there, even if bitmap is destroyed, or not fully initialized.
Deferenceing bitmap in this case can crash the kernel. Meanwhile, the
above commit start to deferencing bitmap->storage, make the problem
easier to trigger.
Fix the problem by protecting bitmap_get_stats() with bitmap_info.mutex.
Cc: stable(a)vger.kernel.org # v6.12+
Fixes: 32a7627cf3a3 ("[PATCH] md: optimised resync using Bitmap based intent logging")
Reported-and-tested-by: Harshit Mogalapalli <harshit.m.mogalapalli(a)oracle.com>
Closes: https://lore.kernel.org/linux-raid/ca3a91a2-50ae-4f68-b317-abd9889f3907@ora…
Signed-off-by: Yu Kuai <yukuai3(a)huawei.com>
Link: https://lore.kernel.org/r/20250124092055.4050195-1-yukuai1@huaweicloud.com
Signed-off-by: Song Liu <song(a)kernel.org>
diff --git a/drivers/md/md-bitmap.c b/drivers/md/md-bitmap.c
index ec4ecd96e6b1..23c09d22fcdb 100644
--- a/drivers/md/md-bitmap.c
+++ b/drivers/md/md-bitmap.c
@@ -2355,7 +2355,10 @@ static int bitmap_get_stats(void *data, struct md_bitmap_stats *stats)
if (!bitmap)
return -ENOENT;
-
+ if (bitmap->mddev->bitmap_info.external)
+ return -ENOENT;
+ if (!bitmap->storage.sb_page) /* no superblock */
+ return -EINVAL;
sb = kmap_local_page(bitmap->storage.sb_page);
stats->sync_size = le64_to_cpu(sb->sync_size);
kunmap_local(sb);
diff --git a/drivers/md/md.c b/drivers/md/md.c
index 866015b681af..465ca2af1e6e 100644
--- a/drivers/md/md.c
+++ b/drivers/md/md.c
@@ -8376,6 +8376,10 @@ static int md_seq_show(struct seq_file *seq, void *v)
return 0;
spin_unlock(&all_mddevs_lock);
+
+ /* prevent bitmap to be freed after checking */
+ mutex_lock(&mddev->bitmap_info.mutex);
+
spin_lock(&mddev->lock);
if (mddev->pers || mddev->raid_disks || !list_empty(&mddev->disks)) {
seq_printf(seq, "%s : ", mdname(mddev));
@@ -8451,6 +8455,7 @@ static int md_seq_show(struct seq_file *seq, void *v)
seq_printf(seq, "\n");
}
spin_unlock(&mddev->lock);
+ mutex_unlock(&mddev->bitmap_info.mutex);
spin_lock(&all_mddevs_lock);
if (mddev == list_last_entry(&all_mddevs, struct mddev, all_mddevs))
4 months, 2 weeks
- 1
- 0
FAILED: patch "[PATCH] md/md-bitmap: Synchronize bitmap_get_stats() with bitmap" failed to apply to 5.15-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 5.15-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y
git checkout FETCH_HEAD
git cherry-pick -x 8d28d0ddb986f56920ac97ae704cc3340a699a30
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025020420-simile-joyride-42b9@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 8d28d0ddb986f56920ac97ae704cc3340a699a30 Mon Sep 17 00:00:00 2001
From: Yu Kuai <yukuai3(a)huawei.com>
Date: Fri, 24 Jan 2025 17:20:55 +0800
Subject: [PATCH] md/md-bitmap: Synchronize bitmap_get_stats() with bitmap
lifetime
After commit ec6bb299c7c3 ("md/md-bitmap: add 'sync_size' into struct
md_bitmap_stats"), following panic is reported:
Oops: general protection fault, probably for non-canonical address
RIP: 0010:bitmap_get_stats+0x2b/0xa0
Call Trace:
<TASK>
md_seq_show+0x2d2/0x5b0
seq_read_iter+0x2b9/0x470
seq_read+0x12f/0x180
proc_reg_read+0x57/0xb0
vfs_read+0xf6/0x380
ksys_read+0x6c/0xf0
do_syscall_64+0x82/0x170
entry_SYSCALL_64_after_hwframe+0x76/0x7e
Root cause is that bitmap_get_stats() can be called at anytime if mddev
is still there, even if bitmap is destroyed, or not fully initialized.
Deferenceing bitmap in this case can crash the kernel. Meanwhile, the
above commit start to deferencing bitmap->storage, make the problem
easier to trigger.
Fix the problem by protecting bitmap_get_stats() with bitmap_info.mutex.
Cc: stable(a)vger.kernel.org # v6.12+
Fixes: 32a7627cf3a3 ("[PATCH] md: optimised resync using Bitmap based intent logging")
Reported-and-tested-by: Harshit Mogalapalli <harshit.m.mogalapalli(a)oracle.com>
Closes: https://lore.kernel.org/linux-raid/ca3a91a2-50ae-4f68-b317-abd9889f3907@ora…
Signed-off-by: Yu Kuai <yukuai3(a)huawei.com>
Link: https://lore.kernel.org/r/20250124092055.4050195-1-yukuai1@huaweicloud.com
Signed-off-by: Song Liu <song(a)kernel.org>
diff --git a/drivers/md/md-bitmap.c b/drivers/md/md-bitmap.c
index ec4ecd96e6b1..23c09d22fcdb 100644
--- a/drivers/md/md-bitmap.c
+++ b/drivers/md/md-bitmap.c
@@ -2355,7 +2355,10 @@ static int bitmap_get_stats(void *data, struct md_bitmap_stats *stats)
if (!bitmap)
return -ENOENT;
-
+ if (bitmap->mddev->bitmap_info.external)
+ return -ENOENT;
+ if (!bitmap->storage.sb_page) /* no superblock */
+ return -EINVAL;
sb = kmap_local_page(bitmap->storage.sb_page);
stats->sync_size = le64_to_cpu(sb->sync_size);
kunmap_local(sb);
diff --git a/drivers/md/md.c b/drivers/md/md.c
index 866015b681af..465ca2af1e6e 100644
--- a/drivers/md/md.c
+++ b/drivers/md/md.c
@@ -8376,6 +8376,10 @@ static int md_seq_show(struct seq_file *seq, void *v)
return 0;
spin_unlock(&all_mddevs_lock);
+
+ /* prevent bitmap to be freed after checking */
+ mutex_lock(&mddev->bitmap_info.mutex);
+
spin_lock(&mddev->lock);
if (mddev->pers || mddev->raid_disks || !list_empty(&mddev->disks)) {
seq_printf(seq, "%s : ", mdname(mddev));
@@ -8451,6 +8455,7 @@ static int md_seq_show(struct seq_file *seq, void *v)
seq_printf(seq, "\n");
}
spin_unlock(&mddev->lock);
+ mutex_unlock(&mddev->bitmap_info.mutex);
spin_lock(&all_mddevs_lock);
if (mddev == list_last_entry(&all_mddevs, struct mddev, all_mddevs))
4 months, 2 weeks
- 1
- 0
FAILED: patch "[PATCH] md/md-bitmap: Synchronize bitmap_get_stats() with bitmap" failed to apply to 6.6-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.6-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y
git checkout FETCH_HEAD
git cherry-pick -x 8d28d0ddb986f56920ac97ae704cc3340a699a30
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025020419-snippet-epileptic-4280@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 8d28d0ddb986f56920ac97ae704cc3340a699a30 Mon Sep 17 00:00:00 2001
From: Yu Kuai <yukuai3(a)huawei.com>
Date: Fri, 24 Jan 2025 17:20:55 +0800
Subject: [PATCH] md/md-bitmap: Synchronize bitmap_get_stats() with bitmap
lifetime
After commit ec6bb299c7c3 ("md/md-bitmap: add 'sync_size' into struct
md_bitmap_stats"), following panic is reported:
Oops: general protection fault, probably for non-canonical address
RIP: 0010:bitmap_get_stats+0x2b/0xa0
Call Trace:
<TASK>
md_seq_show+0x2d2/0x5b0
seq_read_iter+0x2b9/0x470
seq_read+0x12f/0x180
proc_reg_read+0x57/0xb0
vfs_read+0xf6/0x380
ksys_read+0x6c/0xf0
do_syscall_64+0x82/0x170
entry_SYSCALL_64_after_hwframe+0x76/0x7e
Root cause is that bitmap_get_stats() can be called at anytime if mddev
is still there, even if bitmap is destroyed, or not fully initialized.
Deferenceing bitmap in this case can crash the kernel. Meanwhile, the
above commit start to deferencing bitmap->storage, make the problem
easier to trigger.
Fix the problem by protecting bitmap_get_stats() with bitmap_info.mutex.
Cc: stable(a)vger.kernel.org # v6.12+
Fixes: 32a7627cf3a3 ("[PATCH] md: optimised resync using Bitmap based intent logging")
Reported-and-tested-by: Harshit Mogalapalli <harshit.m.mogalapalli(a)oracle.com>
Closes: https://lore.kernel.org/linux-raid/ca3a91a2-50ae-4f68-b317-abd9889f3907@ora…
Signed-off-by: Yu Kuai <yukuai3(a)huawei.com>
Link: https://lore.kernel.org/r/20250124092055.4050195-1-yukuai1@huaweicloud.com
Signed-off-by: Song Liu <song(a)kernel.org>
diff --git a/drivers/md/md-bitmap.c b/drivers/md/md-bitmap.c
index ec4ecd96e6b1..23c09d22fcdb 100644
--- a/drivers/md/md-bitmap.c
+++ b/drivers/md/md-bitmap.c
@@ -2355,7 +2355,10 @@ static int bitmap_get_stats(void *data, struct md_bitmap_stats *stats)
if (!bitmap)
return -ENOENT;
-
+ if (bitmap->mddev->bitmap_info.external)
+ return -ENOENT;
+ if (!bitmap->storage.sb_page) /* no superblock */
+ return -EINVAL;
sb = kmap_local_page(bitmap->storage.sb_page);
stats->sync_size = le64_to_cpu(sb->sync_size);
kunmap_local(sb);
diff --git a/drivers/md/md.c b/drivers/md/md.c
index 866015b681af..465ca2af1e6e 100644
--- a/drivers/md/md.c
+++ b/drivers/md/md.c
@@ -8376,6 +8376,10 @@ static int md_seq_show(struct seq_file *seq, void *v)
return 0;
spin_unlock(&all_mddevs_lock);
+
+ /* prevent bitmap to be freed after checking */
+ mutex_lock(&mddev->bitmap_info.mutex);
+
spin_lock(&mddev->lock);
if (mddev->pers || mddev->raid_disks || !list_empty(&mddev->disks)) {
seq_printf(seq, "%s : ", mdname(mddev));
@@ -8451,6 +8455,7 @@ static int md_seq_show(struct seq_file *seq, void *v)
seq_printf(seq, "\n");
}
spin_unlock(&mddev->lock);
+ mutex_unlock(&mddev->bitmap_info.mutex);
spin_lock(&all_mddevs_lock);
if (mddev == list_last_entry(&all_mddevs, struct mddev, all_mddevs))
4 months, 2 weeks
- 1
- 0
FAILED: patch "[PATCH] md/md-bitmap: Synchronize bitmap_get_stats() with bitmap" failed to apply to 6.1-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.1-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y
git checkout FETCH_HEAD
git cherry-pick -x 8d28d0ddb986f56920ac97ae704cc3340a699a30
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025020419-arrival-portion-4908@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 8d28d0ddb986f56920ac97ae704cc3340a699a30 Mon Sep 17 00:00:00 2001
From: Yu Kuai <yukuai3(a)huawei.com>
Date: Fri, 24 Jan 2025 17:20:55 +0800
Subject: [PATCH] md/md-bitmap: Synchronize bitmap_get_stats() with bitmap
lifetime
After commit ec6bb299c7c3 ("md/md-bitmap: add 'sync_size' into struct
md_bitmap_stats"), following panic is reported:
Oops: general protection fault, probably for non-canonical address
RIP: 0010:bitmap_get_stats+0x2b/0xa0
Call Trace:
<TASK>
md_seq_show+0x2d2/0x5b0
seq_read_iter+0x2b9/0x470
seq_read+0x12f/0x180
proc_reg_read+0x57/0xb0
vfs_read+0xf6/0x380
ksys_read+0x6c/0xf0
do_syscall_64+0x82/0x170
entry_SYSCALL_64_after_hwframe+0x76/0x7e
Root cause is that bitmap_get_stats() can be called at anytime if mddev
is still there, even if bitmap is destroyed, or not fully initialized.
Deferenceing bitmap in this case can crash the kernel. Meanwhile, the
above commit start to deferencing bitmap->storage, make the problem
easier to trigger.
Fix the problem by protecting bitmap_get_stats() with bitmap_info.mutex.
Cc: stable(a)vger.kernel.org # v6.12+
Fixes: 32a7627cf3a3 ("[PATCH] md: optimised resync using Bitmap based intent logging")
Reported-and-tested-by: Harshit Mogalapalli <harshit.m.mogalapalli(a)oracle.com>
Closes: https://lore.kernel.org/linux-raid/ca3a91a2-50ae-4f68-b317-abd9889f3907@ora…
Signed-off-by: Yu Kuai <yukuai3(a)huawei.com>
Link: https://lore.kernel.org/r/20250124092055.4050195-1-yukuai1@huaweicloud.com
Signed-off-by: Song Liu <song(a)kernel.org>
diff --git a/drivers/md/md-bitmap.c b/drivers/md/md-bitmap.c
index ec4ecd96e6b1..23c09d22fcdb 100644
--- a/drivers/md/md-bitmap.c
+++ b/drivers/md/md-bitmap.c
@@ -2355,7 +2355,10 @@ static int bitmap_get_stats(void *data, struct md_bitmap_stats *stats)
if (!bitmap)
return -ENOENT;
-
+ if (bitmap->mddev->bitmap_info.external)
+ return -ENOENT;
+ if (!bitmap->storage.sb_page) /* no superblock */
+ return -EINVAL;
sb = kmap_local_page(bitmap->storage.sb_page);
stats->sync_size = le64_to_cpu(sb->sync_size);
kunmap_local(sb);
diff --git a/drivers/md/md.c b/drivers/md/md.c
index 866015b681af..465ca2af1e6e 100644
--- a/drivers/md/md.c
+++ b/drivers/md/md.c
@@ -8376,6 +8376,10 @@ static int md_seq_show(struct seq_file *seq, void *v)
return 0;
spin_unlock(&all_mddevs_lock);
+
+ /* prevent bitmap to be freed after checking */
+ mutex_lock(&mddev->bitmap_info.mutex);
+
spin_lock(&mddev->lock);
if (mddev->pers || mddev->raid_disks || !list_empty(&mddev->disks)) {
seq_printf(seq, "%s : ", mdname(mddev));
@@ -8451,6 +8455,7 @@ static int md_seq_show(struct seq_file *seq, void *v)
seq_printf(seq, "\n");
}
spin_unlock(&mddev->lock);
+ mutex_unlock(&mddev->bitmap_info.mutex);
spin_lock(&all_mddevs_lock);
if (mddev == list_last_entry(&all_mddevs, struct mddev, all_mddevs))
4 months, 2 weeks
- 1
- 0
FAILED: patch "[PATCH] media: imx-jpeg: Fix potential error pointer dereference in" failed to apply to 5.15-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 5.15-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y
git checkout FETCH_HEAD
git cherry-pick -x 1378ffec30367233152b7dbf4fa6a25ee98585d1
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025020458-egotism-espresso-bb20@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 1378ffec30367233152b7dbf4fa6a25ee98585d1 Mon Sep 17 00:00:00 2001
From: Dan Carpenter <dan.carpenter(a)linaro.org>
Date: Thu, 17 Oct 2024 23:34:16 +0300
Subject: [PATCH] media: imx-jpeg: Fix potential error pointer dereference in
detach_pm()
The proble is on the first line:
if (jpeg->pd_dev[i] && !pm_runtime_suspended(jpeg->pd_dev[i]))
If jpeg->pd_dev[i] is an error pointer, then passing it to
pm_runtime_suspended() will lead to an Oops. The other conditions
check for both error pointers and NULL, but it would be more clear to
use the IS_ERR_OR_NULL() check for that.
Fixes: fd0af4cd35da ("media: imx-jpeg: Ensure power suppliers be suspended before detach them")
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Dan Carpenter <dan.carpenter(a)linaro.org>
Reviewed-by: Ming Qian <ming.qian(a)nxp.com>
Signed-off-by: Hans Verkuil <hverkuil(a)xs4all.nl>
diff --git a/drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c b/drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c
index 7f5fe551179b..1221b309a916 100644
--- a/drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c
+++ b/drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c
@@ -2677,11 +2677,12 @@ static void mxc_jpeg_detach_pm_domains(struct mxc_jpeg_dev *jpeg)
int i;
for (i = 0; i < jpeg->num_domains; i++) {
- if (jpeg->pd_dev[i] && !pm_runtime_suspended(jpeg->pd_dev[i]))
+ if (!IS_ERR_OR_NULL(jpeg->pd_dev[i]) &&
+ !pm_runtime_suspended(jpeg->pd_dev[i]))
pm_runtime_force_suspend(jpeg->pd_dev[i]);
- if (jpeg->pd_link[i] && !IS_ERR(jpeg->pd_link[i]))
+ if (!IS_ERR_OR_NULL(jpeg->pd_link[i]))
device_link_del(jpeg->pd_link[i]);
- if (jpeg->pd_dev[i] && !IS_ERR(jpeg->pd_dev[i]))
+ if (!IS_ERR_OR_NULL(jpeg->pd_dev[i]))
dev_pm_domain_detach(jpeg->pd_dev[i], true);
jpeg->pd_dev[i] = NULL;
jpeg->pd_link[i] = NULL;
4 months, 2 weeks
- 1
- 0
FAILED: patch "[PATCH] drm/v3d: Assign job pointer to NULL before signaling the" failed to apply to 5.4-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 5.4-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y
git checkout FETCH_HEAD
git cherry-pick -x 6e64d6b3a3c39655de56682ec83e894978d23412
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025020449-angular-extortion-0889@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 6e64d6b3a3c39655de56682ec83e894978d23412 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ma=C3=ADra=20Canal?= <mcanal(a)igalia.com>
Date: Wed, 22 Jan 2025 22:24:03 -0300
Subject: [PATCH] drm/v3d: Assign job pointer to NULL before signaling the
fence
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
In commit e4b5ccd392b9 ("drm/v3d: Ensure job pointer is set to NULL
after job completion"), we introduced a change to assign the job pointer
to NULL after completing a job, indicating job completion.
However, this approach created a race condition between the DRM
scheduler workqueue and the IRQ execution thread. As soon as the fence is
signaled in the IRQ execution thread, a new job starts to be executed.
This results in a race condition where the IRQ execution thread sets the
job pointer to NULL simultaneously as the `run_job()` function assigns
a new job to the pointer.
This race condition can lead to a NULL pointer dereference if the IRQ
execution thread sets the job pointer to NULL after `run_job()` assigns
it to the new job. When the new job completes and the GPU emits an
interrupt, `v3d_irq()` is triggered, potentially causing a crash.
[ 466.310099] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000c0
[ 466.318928] Mem abort info:
[ 466.321723] ESR = 0x0000000096000005
[ 466.325479] EC = 0x25: DABT (current EL), IL = 32 bits
[ 466.330807] SET = 0, FnV = 0
[ 466.333864] EA = 0, S1PTW = 0
[ 466.337010] FSC = 0x05: level 1 translation fault
[ 466.341900] Data abort info:
[ 466.344783] ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000
[ 466.350285] CM = 0, WnR = 0, TnD = 0, TagAccess = 0
[ 466.355350] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
[ 466.360677] user pgtable: 4k pages, 39-bit VAs, pgdp=0000000089772000
[ 466.367140] [00000000000000c0] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000
[ 466.375875] Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP
[ 466.382163] Modules linked in: rfcomm snd_seq_dummy snd_hrtimer snd_seq snd_seq_device algif_hash algif_skcipher af_alg bnep binfmt_misc vc4 snd_soc_hdmi_codec drm_display_helper cec brcmfmac_wcc spidev rpivid_hevc(C) drm_client_lib brcmfmac hci_uart drm_dma_helper pisp_be btbcm brcmutil snd_soc_core aes_ce_blk v4l2_mem2mem bluetooth aes_ce_cipher snd_compress videobuf2_dma_contig ghash_ce cfg80211 gf128mul snd_pcm_dmaengine videobuf2_memops ecdh_generic sha2_ce ecc videobuf2_v4l2 snd_pcm v3d sha256_arm64 rfkill videodev snd_timer sha1_ce libaes gpu_sched snd videobuf2_common sha1_generic drm_shmem_helper mc rp1_pio drm_kms_helper raspberrypi_hwmon spi_bcm2835 gpio_keys i2c_brcmstb rp1 raspberrypi_gpiomem rp1_mailbox rp1_adc nvmem_rmem uio_pdrv_genirq uio i2c_dev drm ledtrig_pattern drm_panel_orientation_quirks backlight fuse dm_mod ip_tables x_tables ipv6
[ 466.458429] CPU: 0 UID: 1000 PID: 2008 Comm: chromium Tainted: G C 6.13.0-v8+ #18
[ 466.467336] Tainted: [C]=CRAP
[ 466.470306] Hardware name: Raspberry Pi 5 Model B Rev 1.0 (DT)
[ 466.476157] pstate: 404000c9 (nZcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[ 466.483143] pc : v3d_irq+0x118/0x2e0 [v3d]
[ 466.487258] lr : __handle_irq_event_percpu+0x60/0x228
[ 466.492327] sp : ffffffc080003ea0
[ 466.495646] x29: ffffffc080003ea0 x28: ffffff80c0c94200 x27: 0000000000000000
[ 466.502807] x26: ffffffd08dd81d7b x25: ffffff80c0c94200 x24: ffffff8003bdc200
[ 466.509969] x23: 0000000000000001 x22: 00000000000000a7 x21: 0000000000000000
[ 466.517130] x20: ffffff8041bb0000 x19: 0000000000000001 x18: 0000000000000000
[ 466.524291] x17: ffffffafadfb0000 x16: ffffffc080000000 x15: 0000000000000000
[ 466.531452] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000
[ 466.538613] x11: 0000000000000000 x10: 0000000000000000 x9 : ffffffd08c527eb0
[ 466.545777] x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000
[ 466.552941] x5 : ffffffd08c4100d0 x4 : ffffffafadfb0000 x3 : ffffffc080003f70
[ 466.560102] x2 : ffffffc0829e8058 x1 : 0000000000000001 x0 : 0000000000000000
[ 466.567263] Call trace:
[ 466.569711] v3d_irq+0x118/0x2e0 [v3d] (P)
[ 466.573826] __handle_irq_event_percpu+0x60/0x228
[ 466.578546] handle_irq_event+0x54/0xb8
[ 466.582391] handle_fasteoi_irq+0xac/0x240
[ 466.586498] generic_handle_domain_irq+0x34/0x58
[ 466.591128] gic_handle_irq+0x48/0xd8
[ 466.594798] call_on_irq_stack+0x24/0x58
[ 466.598730] do_interrupt_handler+0x88/0x98
[ 466.602923] el0_interrupt+0x44/0xc0
[ 466.606508] __el0_irq_handler_common+0x18/0x28
[ 466.611050] el0t_64_irq_handler+0x10/0x20
[ 466.615156] el0t_64_irq+0x198/0x1a0
[ 466.618740] Code: 52800035 3607faf3 f9442e80 52800021 (f9406018)
[ 466.624853] ---[ end trace 0000000000000000 ]---
[ 466.629483] Kernel panic - not syncing: Oops: Fatal exception in interrupt
[ 466.636384] SMP: stopping secondary CPUs
[ 466.640320] Kernel Offset: 0x100c400000 from 0xffffffc080000000
[ 466.646259] PHYS_OFFSET: 0x0
[ 466.649141] CPU features: 0x100,00000170,00901250,0200720b
[ 466.654644] Memory Limit: none
[ 466.657706] ---[ end Kernel panic - not syncing: Oops: Fatal exception in interrupt ]---
Fix the crash by assigning the job pointer to NULL before signaling the
fence. This ensures that the job pointer is cleared before any new job
starts execution, preventing the race condition and the NULL pointer
dereference crash.
Cc: stable(a)vger.kernel.org
Fixes: e4b5ccd392b9 ("drm/v3d: Ensure job pointer is set to NULL after job completion")
Signed-off-by: Maíra Canal <mcanal(a)igalia.com>
Reviewed-by: Jose Maria Casanova Crespo <jmcasanova(a)igalia.com>
Reviewed-by: Iago Toral Quiroga <itoral(a)igalia.com>
Tested-by: Phil Elwell <phil(a)raspberrypi.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20250123012403.20447-1-mcanal…
diff --git a/drivers/gpu/drm/v3d/v3d_irq.c b/drivers/gpu/drm/v3d/v3d_irq.c
index da203045df9b..72b6a119412f 100644
--- a/drivers/gpu/drm/v3d/v3d_irq.c
+++ b/drivers/gpu/drm/v3d/v3d_irq.c
@@ -107,8 +107,10 @@ v3d_irq(int irq, void *arg)
v3d_job_update_stats(&v3d->bin_job->base, V3D_BIN);
trace_v3d_bcl_irq(&v3d->drm, fence->seqno);
- dma_fence_signal(&fence->base);
+
v3d->bin_job = NULL;
+ dma_fence_signal(&fence->base);
+
status = IRQ_HANDLED;
}
@@ -118,8 +120,10 @@ v3d_irq(int irq, void *arg)
v3d_job_update_stats(&v3d->render_job->base, V3D_RENDER);
trace_v3d_rcl_irq(&v3d->drm, fence->seqno);
- dma_fence_signal(&fence->base);
+
v3d->render_job = NULL;
+ dma_fence_signal(&fence->base);
+
status = IRQ_HANDLED;
}
@@ -129,8 +133,10 @@ v3d_irq(int irq, void *arg)
v3d_job_update_stats(&v3d->csd_job->base, V3D_CSD);
trace_v3d_csd_irq(&v3d->drm, fence->seqno);
- dma_fence_signal(&fence->base);
+
v3d->csd_job = NULL;
+ dma_fence_signal(&fence->base);
+
status = IRQ_HANDLED;
}
@@ -167,8 +173,10 @@ v3d_hub_irq(int irq, void *arg)
v3d_job_update_stats(&v3d->tfu_job->base, V3D_TFU);
trace_v3d_tfu_irq(&v3d->drm, fence->seqno);
- dma_fence_signal(&fence->base);
+
v3d->tfu_job = NULL;
+ dma_fence_signal(&fence->base);
+
status = IRQ_HANDLED;
}
4 months, 2 weeks
- 1
- 0
FAILED: patch "[PATCH] drm/v3d: Assign job pointer to NULL before signaling the" failed to apply to 5.10-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 5.10-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y
git checkout FETCH_HEAD
git cherry-pick -x 6e64d6b3a3c39655de56682ec83e894978d23412
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025020442-retriever-preflight-5132@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 6e64d6b3a3c39655de56682ec83e894978d23412 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ma=C3=ADra=20Canal?= <mcanal(a)igalia.com>
Date: Wed, 22 Jan 2025 22:24:03 -0300
Subject: [PATCH] drm/v3d: Assign job pointer to NULL before signaling the
fence
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
In commit e4b5ccd392b9 ("drm/v3d: Ensure job pointer is set to NULL
after job completion"), we introduced a change to assign the job pointer
to NULL after completing a job, indicating job completion.
However, this approach created a race condition between the DRM
scheduler workqueue and the IRQ execution thread. As soon as the fence is
signaled in the IRQ execution thread, a new job starts to be executed.
This results in a race condition where the IRQ execution thread sets the
job pointer to NULL simultaneously as the `run_job()` function assigns
a new job to the pointer.
This race condition can lead to a NULL pointer dereference if the IRQ
execution thread sets the job pointer to NULL after `run_job()` assigns
it to the new job. When the new job completes and the GPU emits an
interrupt, `v3d_irq()` is triggered, potentially causing a crash.
[ 466.310099] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000c0
[ 466.318928] Mem abort info:
[ 466.321723] ESR = 0x0000000096000005
[ 466.325479] EC = 0x25: DABT (current EL), IL = 32 bits
[ 466.330807] SET = 0, FnV = 0
[ 466.333864] EA = 0, S1PTW = 0
[ 466.337010] FSC = 0x05: level 1 translation fault
[ 466.341900] Data abort info:
[ 466.344783] ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000
[ 466.350285] CM = 0, WnR = 0, TnD = 0, TagAccess = 0
[ 466.355350] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
[ 466.360677] user pgtable: 4k pages, 39-bit VAs, pgdp=0000000089772000
[ 466.367140] [00000000000000c0] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000
[ 466.375875] Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP
[ 466.382163] Modules linked in: rfcomm snd_seq_dummy snd_hrtimer snd_seq snd_seq_device algif_hash algif_skcipher af_alg bnep binfmt_misc vc4 snd_soc_hdmi_codec drm_display_helper cec brcmfmac_wcc spidev rpivid_hevc(C) drm_client_lib brcmfmac hci_uart drm_dma_helper pisp_be btbcm brcmutil snd_soc_core aes_ce_blk v4l2_mem2mem bluetooth aes_ce_cipher snd_compress videobuf2_dma_contig ghash_ce cfg80211 gf128mul snd_pcm_dmaengine videobuf2_memops ecdh_generic sha2_ce ecc videobuf2_v4l2 snd_pcm v3d sha256_arm64 rfkill videodev snd_timer sha1_ce libaes gpu_sched snd videobuf2_common sha1_generic drm_shmem_helper mc rp1_pio drm_kms_helper raspberrypi_hwmon spi_bcm2835 gpio_keys i2c_brcmstb rp1 raspberrypi_gpiomem rp1_mailbox rp1_adc nvmem_rmem uio_pdrv_genirq uio i2c_dev drm ledtrig_pattern drm_panel_orientation_quirks backlight fuse dm_mod ip_tables x_tables ipv6
[ 466.458429] CPU: 0 UID: 1000 PID: 2008 Comm: chromium Tainted: G C 6.13.0-v8+ #18
[ 466.467336] Tainted: [C]=CRAP
[ 466.470306] Hardware name: Raspberry Pi 5 Model B Rev 1.0 (DT)
[ 466.476157] pstate: 404000c9 (nZcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[ 466.483143] pc : v3d_irq+0x118/0x2e0 [v3d]
[ 466.487258] lr : __handle_irq_event_percpu+0x60/0x228
[ 466.492327] sp : ffffffc080003ea0
[ 466.495646] x29: ffffffc080003ea0 x28: ffffff80c0c94200 x27: 0000000000000000
[ 466.502807] x26: ffffffd08dd81d7b x25: ffffff80c0c94200 x24: ffffff8003bdc200
[ 466.509969] x23: 0000000000000001 x22: 00000000000000a7 x21: 0000000000000000
[ 466.517130] x20: ffffff8041bb0000 x19: 0000000000000001 x18: 0000000000000000
[ 466.524291] x17: ffffffafadfb0000 x16: ffffffc080000000 x15: 0000000000000000
[ 466.531452] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000
[ 466.538613] x11: 0000000000000000 x10: 0000000000000000 x9 : ffffffd08c527eb0
[ 466.545777] x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000
[ 466.552941] x5 : ffffffd08c4100d0 x4 : ffffffafadfb0000 x3 : ffffffc080003f70
[ 466.560102] x2 : ffffffc0829e8058 x1 : 0000000000000001 x0 : 0000000000000000
[ 466.567263] Call trace:
[ 466.569711] v3d_irq+0x118/0x2e0 [v3d] (P)
[ 466.573826] __handle_irq_event_percpu+0x60/0x228
[ 466.578546] handle_irq_event+0x54/0xb8
[ 466.582391] handle_fasteoi_irq+0xac/0x240
[ 466.586498] generic_handle_domain_irq+0x34/0x58
[ 466.591128] gic_handle_irq+0x48/0xd8
[ 466.594798] call_on_irq_stack+0x24/0x58
[ 466.598730] do_interrupt_handler+0x88/0x98
[ 466.602923] el0_interrupt+0x44/0xc0
[ 466.606508] __el0_irq_handler_common+0x18/0x28
[ 466.611050] el0t_64_irq_handler+0x10/0x20
[ 466.615156] el0t_64_irq+0x198/0x1a0
[ 466.618740] Code: 52800035 3607faf3 f9442e80 52800021 (f9406018)
[ 466.624853] ---[ end trace 0000000000000000 ]---
[ 466.629483] Kernel panic - not syncing: Oops: Fatal exception in interrupt
[ 466.636384] SMP: stopping secondary CPUs
[ 466.640320] Kernel Offset: 0x100c400000 from 0xffffffc080000000
[ 466.646259] PHYS_OFFSET: 0x0
[ 466.649141] CPU features: 0x100,00000170,00901250,0200720b
[ 466.654644] Memory Limit: none
[ 466.657706] ---[ end Kernel panic - not syncing: Oops: Fatal exception in interrupt ]---
Fix the crash by assigning the job pointer to NULL before signaling the
fence. This ensures that the job pointer is cleared before any new job
starts execution, preventing the race condition and the NULL pointer
dereference crash.
Cc: stable(a)vger.kernel.org
Fixes: e4b5ccd392b9 ("drm/v3d: Ensure job pointer is set to NULL after job completion")
Signed-off-by: Maíra Canal <mcanal(a)igalia.com>
Reviewed-by: Jose Maria Casanova Crespo <jmcasanova(a)igalia.com>
Reviewed-by: Iago Toral Quiroga <itoral(a)igalia.com>
Tested-by: Phil Elwell <phil(a)raspberrypi.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20250123012403.20447-1-mcanal…
diff --git a/drivers/gpu/drm/v3d/v3d_irq.c b/drivers/gpu/drm/v3d/v3d_irq.c
index da203045df9b..72b6a119412f 100644
--- a/drivers/gpu/drm/v3d/v3d_irq.c
+++ b/drivers/gpu/drm/v3d/v3d_irq.c
@@ -107,8 +107,10 @@ v3d_irq(int irq, void *arg)
v3d_job_update_stats(&v3d->bin_job->base, V3D_BIN);
trace_v3d_bcl_irq(&v3d->drm, fence->seqno);
- dma_fence_signal(&fence->base);
+
v3d->bin_job = NULL;
+ dma_fence_signal(&fence->base);
+
status = IRQ_HANDLED;
}
@@ -118,8 +120,10 @@ v3d_irq(int irq, void *arg)
v3d_job_update_stats(&v3d->render_job->base, V3D_RENDER);
trace_v3d_rcl_irq(&v3d->drm, fence->seqno);
- dma_fence_signal(&fence->base);
+
v3d->render_job = NULL;
+ dma_fence_signal(&fence->base);
+
status = IRQ_HANDLED;
}
@@ -129,8 +133,10 @@ v3d_irq(int irq, void *arg)
v3d_job_update_stats(&v3d->csd_job->base, V3D_CSD);
trace_v3d_csd_irq(&v3d->drm, fence->seqno);
- dma_fence_signal(&fence->base);
+
v3d->csd_job = NULL;
+ dma_fence_signal(&fence->base);
+
status = IRQ_HANDLED;
}
@@ -167,8 +173,10 @@ v3d_hub_irq(int irq, void *arg)
v3d_job_update_stats(&v3d->tfu_job->base, V3D_TFU);
trace_v3d_tfu_irq(&v3d->drm, fence->seqno);
- dma_fence_signal(&fence->base);
+
v3d->tfu_job = NULL;
+ dma_fence_signal(&fence->base);
+
status = IRQ_HANDLED;
}
4 months, 2 weeks
- 1
- 0
FAILED: patch "[PATCH] drm/v3d: Assign job pointer to NULL before signaling the" failed to apply to 5.15-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 5.15-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y
git checkout FETCH_HEAD
git cherry-pick -x 6e64d6b3a3c39655de56682ec83e894978d23412
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025020435-obscure-undead-82cb@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 6e64d6b3a3c39655de56682ec83e894978d23412 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ma=C3=ADra=20Canal?= <mcanal(a)igalia.com>
Date: Wed, 22 Jan 2025 22:24:03 -0300
Subject: [PATCH] drm/v3d: Assign job pointer to NULL before signaling the
fence
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
In commit e4b5ccd392b9 ("drm/v3d: Ensure job pointer is set to NULL
after job completion"), we introduced a change to assign the job pointer
to NULL after completing a job, indicating job completion.
However, this approach created a race condition between the DRM
scheduler workqueue and the IRQ execution thread. As soon as the fence is
signaled in the IRQ execution thread, a new job starts to be executed.
This results in a race condition where the IRQ execution thread sets the
job pointer to NULL simultaneously as the `run_job()` function assigns
a new job to the pointer.
This race condition can lead to a NULL pointer dereference if the IRQ
execution thread sets the job pointer to NULL after `run_job()` assigns
it to the new job. When the new job completes and the GPU emits an
interrupt, `v3d_irq()` is triggered, potentially causing a crash.
[ 466.310099] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000c0
[ 466.318928] Mem abort info:
[ 466.321723] ESR = 0x0000000096000005
[ 466.325479] EC = 0x25: DABT (current EL), IL = 32 bits
[ 466.330807] SET = 0, FnV = 0
[ 466.333864] EA = 0, S1PTW = 0
[ 466.337010] FSC = 0x05: level 1 translation fault
[ 466.341900] Data abort info:
[ 466.344783] ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000
[ 466.350285] CM = 0, WnR = 0, TnD = 0, TagAccess = 0
[ 466.355350] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
[ 466.360677] user pgtable: 4k pages, 39-bit VAs, pgdp=0000000089772000
[ 466.367140] [00000000000000c0] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000
[ 466.375875] Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP
[ 466.382163] Modules linked in: rfcomm snd_seq_dummy snd_hrtimer snd_seq snd_seq_device algif_hash algif_skcipher af_alg bnep binfmt_misc vc4 snd_soc_hdmi_codec drm_display_helper cec brcmfmac_wcc spidev rpivid_hevc(C) drm_client_lib brcmfmac hci_uart drm_dma_helper pisp_be btbcm brcmutil snd_soc_core aes_ce_blk v4l2_mem2mem bluetooth aes_ce_cipher snd_compress videobuf2_dma_contig ghash_ce cfg80211 gf128mul snd_pcm_dmaengine videobuf2_memops ecdh_generic sha2_ce ecc videobuf2_v4l2 snd_pcm v3d sha256_arm64 rfkill videodev snd_timer sha1_ce libaes gpu_sched snd videobuf2_common sha1_generic drm_shmem_helper mc rp1_pio drm_kms_helper raspberrypi_hwmon spi_bcm2835 gpio_keys i2c_brcmstb rp1 raspberrypi_gpiomem rp1_mailbox rp1_adc nvmem_rmem uio_pdrv_genirq uio i2c_dev drm ledtrig_pattern drm_panel_orientation_quirks backlight fuse dm_mod ip_tables x_tables ipv6
[ 466.458429] CPU: 0 UID: 1000 PID: 2008 Comm: chromium Tainted: G C 6.13.0-v8+ #18
[ 466.467336] Tainted: [C]=CRAP
[ 466.470306] Hardware name: Raspberry Pi 5 Model B Rev 1.0 (DT)
[ 466.476157] pstate: 404000c9 (nZcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[ 466.483143] pc : v3d_irq+0x118/0x2e0 [v3d]
[ 466.487258] lr : __handle_irq_event_percpu+0x60/0x228
[ 466.492327] sp : ffffffc080003ea0
[ 466.495646] x29: ffffffc080003ea0 x28: ffffff80c0c94200 x27: 0000000000000000
[ 466.502807] x26: ffffffd08dd81d7b x25: ffffff80c0c94200 x24: ffffff8003bdc200
[ 466.509969] x23: 0000000000000001 x22: 00000000000000a7 x21: 0000000000000000
[ 466.517130] x20: ffffff8041bb0000 x19: 0000000000000001 x18: 0000000000000000
[ 466.524291] x17: ffffffafadfb0000 x16: ffffffc080000000 x15: 0000000000000000
[ 466.531452] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000
[ 466.538613] x11: 0000000000000000 x10: 0000000000000000 x9 : ffffffd08c527eb0
[ 466.545777] x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000
[ 466.552941] x5 : ffffffd08c4100d0 x4 : ffffffafadfb0000 x3 : ffffffc080003f70
[ 466.560102] x2 : ffffffc0829e8058 x1 : 0000000000000001 x0 : 0000000000000000
[ 466.567263] Call trace:
[ 466.569711] v3d_irq+0x118/0x2e0 [v3d] (P)
[ 466.573826] __handle_irq_event_percpu+0x60/0x228
[ 466.578546] handle_irq_event+0x54/0xb8
[ 466.582391] handle_fasteoi_irq+0xac/0x240
[ 466.586498] generic_handle_domain_irq+0x34/0x58
[ 466.591128] gic_handle_irq+0x48/0xd8
[ 466.594798] call_on_irq_stack+0x24/0x58
[ 466.598730] do_interrupt_handler+0x88/0x98
[ 466.602923] el0_interrupt+0x44/0xc0
[ 466.606508] __el0_irq_handler_common+0x18/0x28
[ 466.611050] el0t_64_irq_handler+0x10/0x20
[ 466.615156] el0t_64_irq+0x198/0x1a0
[ 466.618740] Code: 52800035 3607faf3 f9442e80 52800021 (f9406018)
[ 466.624853] ---[ end trace 0000000000000000 ]---
[ 466.629483] Kernel panic - not syncing: Oops: Fatal exception in interrupt
[ 466.636384] SMP: stopping secondary CPUs
[ 466.640320] Kernel Offset: 0x100c400000 from 0xffffffc080000000
[ 466.646259] PHYS_OFFSET: 0x0
[ 466.649141] CPU features: 0x100,00000170,00901250,0200720b
[ 466.654644] Memory Limit: none
[ 466.657706] ---[ end Kernel panic - not syncing: Oops: Fatal exception in interrupt ]---
Fix the crash by assigning the job pointer to NULL before signaling the
fence. This ensures that the job pointer is cleared before any new job
starts execution, preventing the race condition and the NULL pointer
dereference crash.
Cc: stable(a)vger.kernel.org
Fixes: e4b5ccd392b9 ("drm/v3d: Ensure job pointer is set to NULL after job completion")
Signed-off-by: Maíra Canal <mcanal(a)igalia.com>
Reviewed-by: Jose Maria Casanova Crespo <jmcasanova(a)igalia.com>
Reviewed-by: Iago Toral Quiroga <itoral(a)igalia.com>
Tested-by: Phil Elwell <phil(a)raspberrypi.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20250123012403.20447-1-mcanal…
diff --git a/drivers/gpu/drm/v3d/v3d_irq.c b/drivers/gpu/drm/v3d/v3d_irq.c
index da203045df9b..72b6a119412f 100644
--- a/drivers/gpu/drm/v3d/v3d_irq.c
+++ b/drivers/gpu/drm/v3d/v3d_irq.c
@@ -107,8 +107,10 @@ v3d_irq(int irq, void *arg)
v3d_job_update_stats(&v3d->bin_job->base, V3D_BIN);
trace_v3d_bcl_irq(&v3d->drm, fence->seqno);
- dma_fence_signal(&fence->base);
+
v3d->bin_job = NULL;
+ dma_fence_signal(&fence->base);
+
status = IRQ_HANDLED;
}
@@ -118,8 +120,10 @@ v3d_irq(int irq, void *arg)
v3d_job_update_stats(&v3d->render_job->base, V3D_RENDER);
trace_v3d_rcl_irq(&v3d->drm, fence->seqno);
- dma_fence_signal(&fence->base);
+
v3d->render_job = NULL;
+ dma_fence_signal(&fence->base);
+
status = IRQ_HANDLED;
}
@@ -129,8 +133,10 @@ v3d_irq(int irq, void *arg)
v3d_job_update_stats(&v3d->csd_job->base, V3D_CSD);
trace_v3d_csd_irq(&v3d->drm, fence->seqno);
- dma_fence_signal(&fence->base);
+
v3d->csd_job = NULL;
+ dma_fence_signal(&fence->base);
+
status = IRQ_HANDLED;
}
@@ -167,8 +173,10 @@ v3d_hub_irq(int irq, void *arg)
v3d_job_update_stats(&v3d->tfu_job->base, V3D_TFU);
trace_v3d_tfu_irq(&v3d->drm, fence->seqno);
- dma_fence_signal(&fence->base);
+
v3d->tfu_job = NULL;
+ dma_fence_signal(&fence->base);
+
status = IRQ_HANDLED;
}
4 months, 2 weeks
- 1
- 0
FAILED: patch "[PATCH] drm/v3d: Assign job pointer to NULL before signaling the" failed to apply to 6.1-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.1-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y
git checkout FETCH_HEAD
git cherry-pick -x 6e64d6b3a3c39655de56682ec83e894978d23412
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025020433-skeletal-justify-17a9@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 6e64d6b3a3c39655de56682ec83e894978d23412 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ma=C3=ADra=20Canal?= <mcanal(a)igalia.com>
Date: Wed, 22 Jan 2025 22:24:03 -0300
Subject: [PATCH] drm/v3d: Assign job pointer to NULL before signaling the
fence
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
In commit e4b5ccd392b9 ("drm/v3d: Ensure job pointer is set to NULL
after job completion"), we introduced a change to assign the job pointer
to NULL after completing a job, indicating job completion.
However, this approach created a race condition between the DRM
scheduler workqueue and the IRQ execution thread. As soon as the fence is
signaled in the IRQ execution thread, a new job starts to be executed.
This results in a race condition where the IRQ execution thread sets the
job pointer to NULL simultaneously as the `run_job()` function assigns
a new job to the pointer.
This race condition can lead to a NULL pointer dereference if the IRQ
execution thread sets the job pointer to NULL after `run_job()` assigns
it to the new job. When the new job completes and the GPU emits an
interrupt, `v3d_irq()` is triggered, potentially causing a crash.
[ 466.310099] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000c0
[ 466.318928] Mem abort info:
[ 466.321723] ESR = 0x0000000096000005
[ 466.325479] EC = 0x25: DABT (current EL), IL = 32 bits
[ 466.330807] SET = 0, FnV = 0
[ 466.333864] EA = 0, S1PTW = 0
[ 466.337010] FSC = 0x05: level 1 translation fault
[ 466.341900] Data abort info:
[ 466.344783] ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000
[ 466.350285] CM = 0, WnR = 0, TnD = 0, TagAccess = 0
[ 466.355350] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
[ 466.360677] user pgtable: 4k pages, 39-bit VAs, pgdp=0000000089772000
[ 466.367140] [00000000000000c0] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000
[ 466.375875] Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP
[ 466.382163] Modules linked in: rfcomm snd_seq_dummy snd_hrtimer snd_seq snd_seq_device algif_hash algif_skcipher af_alg bnep binfmt_misc vc4 snd_soc_hdmi_codec drm_display_helper cec brcmfmac_wcc spidev rpivid_hevc(C) drm_client_lib brcmfmac hci_uart drm_dma_helper pisp_be btbcm brcmutil snd_soc_core aes_ce_blk v4l2_mem2mem bluetooth aes_ce_cipher snd_compress videobuf2_dma_contig ghash_ce cfg80211 gf128mul snd_pcm_dmaengine videobuf2_memops ecdh_generic sha2_ce ecc videobuf2_v4l2 snd_pcm v3d sha256_arm64 rfkill videodev snd_timer sha1_ce libaes gpu_sched snd videobuf2_common sha1_generic drm_shmem_helper mc rp1_pio drm_kms_helper raspberrypi_hwmon spi_bcm2835 gpio_keys i2c_brcmstb rp1 raspberrypi_gpiomem rp1_mailbox rp1_adc nvmem_rmem uio_pdrv_genirq uio i2c_dev drm ledtrig_pattern drm_panel_orientation_quirks backlight fuse dm_mod ip_tables x_tables ipv6
[ 466.458429] CPU: 0 UID: 1000 PID: 2008 Comm: chromium Tainted: G C 6.13.0-v8+ #18
[ 466.467336] Tainted: [C]=CRAP
[ 466.470306] Hardware name: Raspberry Pi 5 Model B Rev 1.0 (DT)
[ 466.476157] pstate: 404000c9 (nZcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[ 466.483143] pc : v3d_irq+0x118/0x2e0 [v3d]
[ 466.487258] lr : __handle_irq_event_percpu+0x60/0x228
[ 466.492327] sp : ffffffc080003ea0
[ 466.495646] x29: ffffffc080003ea0 x28: ffffff80c0c94200 x27: 0000000000000000
[ 466.502807] x26: ffffffd08dd81d7b x25: ffffff80c0c94200 x24: ffffff8003bdc200
[ 466.509969] x23: 0000000000000001 x22: 00000000000000a7 x21: 0000000000000000
[ 466.517130] x20: ffffff8041bb0000 x19: 0000000000000001 x18: 0000000000000000
[ 466.524291] x17: ffffffafadfb0000 x16: ffffffc080000000 x15: 0000000000000000
[ 466.531452] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000
[ 466.538613] x11: 0000000000000000 x10: 0000000000000000 x9 : ffffffd08c527eb0
[ 466.545777] x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000
[ 466.552941] x5 : ffffffd08c4100d0 x4 : ffffffafadfb0000 x3 : ffffffc080003f70
[ 466.560102] x2 : ffffffc0829e8058 x1 : 0000000000000001 x0 : 0000000000000000
[ 466.567263] Call trace:
[ 466.569711] v3d_irq+0x118/0x2e0 [v3d] (P)
[ 466.573826] __handle_irq_event_percpu+0x60/0x228
[ 466.578546] handle_irq_event+0x54/0xb8
[ 466.582391] handle_fasteoi_irq+0xac/0x240
[ 466.586498] generic_handle_domain_irq+0x34/0x58
[ 466.591128] gic_handle_irq+0x48/0xd8
[ 466.594798] call_on_irq_stack+0x24/0x58
[ 466.598730] do_interrupt_handler+0x88/0x98
[ 466.602923] el0_interrupt+0x44/0xc0
[ 466.606508] __el0_irq_handler_common+0x18/0x28
[ 466.611050] el0t_64_irq_handler+0x10/0x20
[ 466.615156] el0t_64_irq+0x198/0x1a0
[ 466.618740] Code: 52800035 3607faf3 f9442e80 52800021 (f9406018)
[ 466.624853] ---[ end trace 0000000000000000 ]---
[ 466.629483] Kernel panic - not syncing: Oops: Fatal exception in interrupt
[ 466.636384] SMP: stopping secondary CPUs
[ 466.640320] Kernel Offset: 0x100c400000 from 0xffffffc080000000
[ 466.646259] PHYS_OFFSET: 0x0
[ 466.649141] CPU features: 0x100,00000170,00901250,0200720b
[ 466.654644] Memory Limit: none
[ 466.657706] ---[ end Kernel panic - not syncing: Oops: Fatal exception in interrupt ]---
Fix the crash by assigning the job pointer to NULL before signaling the
fence. This ensures that the job pointer is cleared before any new job
starts execution, preventing the race condition and the NULL pointer
dereference crash.
Cc: stable(a)vger.kernel.org
Fixes: e4b5ccd392b9 ("drm/v3d: Ensure job pointer is set to NULL after job completion")
Signed-off-by: Maíra Canal <mcanal(a)igalia.com>
Reviewed-by: Jose Maria Casanova Crespo <jmcasanova(a)igalia.com>
Reviewed-by: Iago Toral Quiroga <itoral(a)igalia.com>
Tested-by: Phil Elwell <phil(a)raspberrypi.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20250123012403.20447-1-mcanal…
diff --git a/drivers/gpu/drm/v3d/v3d_irq.c b/drivers/gpu/drm/v3d/v3d_irq.c
index da203045df9b..72b6a119412f 100644
--- a/drivers/gpu/drm/v3d/v3d_irq.c
+++ b/drivers/gpu/drm/v3d/v3d_irq.c
@@ -107,8 +107,10 @@ v3d_irq(int irq, void *arg)
v3d_job_update_stats(&v3d->bin_job->base, V3D_BIN);
trace_v3d_bcl_irq(&v3d->drm, fence->seqno);
- dma_fence_signal(&fence->base);
+
v3d->bin_job = NULL;
+ dma_fence_signal(&fence->base);
+
status = IRQ_HANDLED;
}
@@ -118,8 +120,10 @@ v3d_irq(int irq, void *arg)
v3d_job_update_stats(&v3d->render_job->base, V3D_RENDER);
trace_v3d_rcl_irq(&v3d->drm, fence->seqno);
- dma_fence_signal(&fence->base);
+
v3d->render_job = NULL;
+ dma_fence_signal(&fence->base);
+
status = IRQ_HANDLED;
}
@@ -129,8 +133,10 @@ v3d_irq(int irq, void *arg)
v3d_job_update_stats(&v3d->csd_job->base, V3D_CSD);
trace_v3d_csd_irq(&v3d->drm, fence->seqno);
- dma_fence_signal(&fence->base);
+
v3d->csd_job = NULL;
+ dma_fence_signal(&fence->base);
+
status = IRQ_HANDLED;
}
@@ -167,8 +173,10 @@ v3d_hub_irq(int irq, void *arg)
v3d_job_update_stats(&v3d->tfu_job->base, V3D_TFU);
trace_v3d_tfu_irq(&v3d->drm, fence->seqno);
- dma_fence_signal(&fence->base);
+
v3d->tfu_job = NULL;
+ dma_fence_signal(&fence->base);
+
status = IRQ_HANDLED;
}
4 months, 2 weeks
- 1
- 0
FAILED: patch "[PATCH] drm/v3d: Assign job pointer to NULL before signaling the" failed to apply to 6.6-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.6-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y
git checkout FETCH_HEAD
git cherry-pick -x 6e64d6b3a3c39655de56682ec83e894978d23412
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025020431-radiation-snore-3970@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 6e64d6b3a3c39655de56682ec83e894978d23412 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ma=C3=ADra=20Canal?= <mcanal(a)igalia.com>
Date: Wed, 22 Jan 2025 22:24:03 -0300
Subject: [PATCH] drm/v3d: Assign job pointer to NULL before signaling the
fence
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
In commit e4b5ccd392b9 ("drm/v3d: Ensure job pointer is set to NULL
after job completion"), we introduced a change to assign the job pointer
to NULL after completing a job, indicating job completion.
However, this approach created a race condition between the DRM
scheduler workqueue and the IRQ execution thread. As soon as the fence is
signaled in the IRQ execution thread, a new job starts to be executed.
This results in a race condition where the IRQ execution thread sets the
job pointer to NULL simultaneously as the `run_job()` function assigns
a new job to the pointer.
This race condition can lead to a NULL pointer dereference if the IRQ
execution thread sets the job pointer to NULL after `run_job()` assigns
it to the new job. When the new job completes and the GPU emits an
interrupt, `v3d_irq()` is triggered, potentially causing a crash.
[ 466.310099] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000c0
[ 466.318928] Mem abort info:
[ 466.321723] ESR = 0x0000000096000005
[ 466.325479] EC = 0x25: DABT (current EL), IL = 32 bits
[ 466.330807] SET = 0, FnV = 0
[ 466.333864] EA = 0, S1PTW = 0
[ 466.337010] FSC = 0x05: level 1 translation fault
[ 466.341900] Data abort info:
[ 466.344783] ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000
[ 466.350285] CM = 0, WnR = 0, TnD = 0, TagAccess = 0
[ 466.355350] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
[ 466.360677] user pgtable: 4k pages, 39-bit VAs, pgdp=0000000089772000
[ 466.367140] [00000000000000c0] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000
[ 466.375875] Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP
[ 466.382163] Modules linked in: rfcomm snd_seq_dummy snd_hrtimer snd_seq snd_seq_device algif_hash algif_skcipher af_alg bnep binfmt_misc vc4 snd_soc_hdmi_codec drm_display_helper cec brcmfmac_wcc spidev rpivid_hevc(C) drm_client_lib brcmfmac hci_uart drm_dma_helper pisp_be btbcm brcmutil snd_soc_core aes_ce_blk v4l2_mem2mem bluetooth aes_ce_cipher snd_compress videobuf2_dma_contig ghash_ce cfg80211 gf128mul snd_pcm_dmaengine videobuf2_memops ecdh_generic sha2_ce ecc videobuf2_v4l2 snd_pcm v3d sha256_arm64 rfkill videodev snd_timer sha1_ce libaes gpu_sched snd videobuf2_common sha1_generic drm_shmem_helper mc rp1_pio drm_kms_helper raspberrypi_hwmon spi_bcm2835 gpio_keys i2c_brcmstb rp1 raspberrypi_gpiomem rp1_mailbox rp1_adc nvmem_rmem uio_pdrv_genirq uio i2c_dev drm ledtrig_pattern drm_panel_orientation_quirks backlight fuse dm_mod ip_tables x_tables ipv6
[ 466.458429] CPU: 0 UID: 1000 PID: 2008 Comm: chromium Tainted: G C 6.13.0-v8+ #18
[ 466.467336] Tainted: [C]=CRAP
[ 466.470306] Hardware name: Raspberry Pi 5 Model B Rev 1.0 (DT)
[ 466.476157] pstate: 404000c9 (nZcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[ 466.483143] pc : v3d_irq+0x118/0x2e0 [v3d]
[ 466.487258] lr : __handle_irq_event_percpu+0x60/0x228
[ 466.492327] sp : ffffffc080003ea0
[ 466.495646] x29: ffffffc080003ea0 x28: ffffff80c0c94200 x27: 0000000000000000
[ 466.502807] x26: ffffffd08dd81d7b x25: ffffff80c0c94200 x24: ffffff8003bdc200
[ 466.509969] x23: 0000000000000001 x22: 00000000000000a7 x21: 0000000000000000
[ 466.517130] x20: ffffff8041bb0000 x19: 0000000000000001 x18: 0000000000000000
[ 466.524291] x17: ffffffafadfb0000 x16: ffffffc080000000 x15: 0000000000000000
[ 466.531452] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000
[ 466.538613] x11: 0000000000000000 x10: 0000000000000000 x9 : ffffffd08c527eb0
[ 466.545777] x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000
[ 466.552941] x5 : ffffffd08c4100d0 x4 : ffffffafadfb0000 x3 : ffffffc080003f70
[ 466.560102] x2 : ffffffc0829e8058 x1 : 0000000000000001 x0 : 0000000000000000
[ 466.567263] Call trace:
[ 466.569711] v3d_irq+0x118/0x2e0 [v3d] (P)
[ 466.573826] __handle_irq_event_percpu+0x60/0x228
[ 466.578546] handle_irq_event+0x54/0xb8
[ 466.582391] handle_fasteoi_irq+0xac/0x240
[ 466.586498] generic_handle_domain_irq+0x34/0x58
[ 466.591128] gic_handle_irq+0x48/0xd8
[ 466.594798] call_on_irq_stack+0x24/0x58
[ 466.598730] do_interrupt_handler+0x88/0x98
[ 466.602923] el0_interrupt+0x44/0xc0
[ 466.606508] __el0_irq_handler_common+0x18/0x28
[ 466.611050] el0t_64_irq_handler+0x10/0x20
[ 466.615156] el0t_64_irq+0x198/0x1a0
[ 466.618740] Code: 52800035 3607faf3 f9442e80 52800021 (f9406018)
[ 466.624853] ---[ end trace 0000000000000000 ]---
[ 466.629483] Kernel panic - not syncing: Oops: Fatal exception in interrupt
[ 466.636384] SMP: stopping secondary CPUs
[ 466.640320] Kernel Offset: 0x100c400000 from 0xffffffc080000000
[ 466.646259] PHYS_OFFSET: 0x0
[ 466.649141] CPU features: 0x100,00000170,00901250,0200720b
[ 466.654644] Memory Limit: none
[ 466.657706] ---[ end Kernel panic - not syncing: Oops: Fatal exception in interrupt ]---
Fix the crash by assigning the job pointer to NULL before signaling the
fence. This ensures that the job pointer is cleared before any new job
starts execution, preventing the race condition and the NULL pointer
dereference crash.
Cc: stable(a)vger.kernel.org
Fixes: e4b5ccd392b9 ("drm/v3d: Ensure job pointer is set to NULL after job completion")
Signed-off-by: Maíra Canal <mcanal(a)igalia.com>
Reviewed-by: Jose Maria Casanova Crespo <jmcasanova(a)igalia.com>
Reviewed-by: Iago Toral Quiroga <itoral(a)igalia.com>
Tested-by: Phil Elwell <phil(a)raspberrypi.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20250123012403.20447-1-mcanal…
diff --git a/drivers/gpu/drm/v3d/v3d_irq.c b/drivers/gpu/drm/v3d/v3d_irq.c
index da203045df9b..72b6a119412f 100644
--- a/drivers/gpu/drm/v3d/v3d_irq.c
+++ b/drivers/gpu/drm/v3d/v3d_irq.c
@@ -107,8 +107,10 @@ v3d_irq(int irq, void *arg)
v3d_job_update_stats(&v3d->bin_job->base, V3D_BIN);
trace_v3d_bcl_irq(&v3d->drm, fence->seqno);
- dma_fence_signal(&fence->base);
+
v3d->bin_job = NULL;
+ dma_fence_signal(&fence->base);
+
status = IRQ_HANDLED;
}
@@ -118,8 +120,10 @@ v3d_irq(int irq, void *arg)
v3d_job_update_stats(&v3d->render_job->base, V3D_RENDER);
trace_v3d_rcl_irq(&v3d->drm, fence->seqno);
- dma_fence_signal(&fence->base);
+
v3d->render_job = NULL;
+ dma_fence_signal(&fence->base);
+
status = IRQ_HANDLED;
}
@@ -129,8 +133,10 @@ v3d_irq(int irq, void *arg)
v3d_job_update_stats(&v3d->csd_job->base, V3D_CSD);
trace_v3d_csd_irq(&v3d->drm, fence->seqno);
- dma_fence_signal(&fence->base);
+
v3d->csd_job = NULL;
+ dma_fence_signal(&fence->base);
+
status = IRQ_HANDLED;
}
@@ -167,8 +173,10 @@ v3d_hub_irq(int irq, void *arg)
v3d_job_update_stats(&v3d->tfu_job->base, V3D_TFU);
trace_v3d_tfu_irq(&v3d->drm, fence->seqno);
- dma_fence_signal(&fence->base);
+
v3d->tfu_job = NULL;
+ dma_fence_signal(&fence->base);
+
status = IRQ_HANDLED;
}
4 months, 2 weeks
- 1
- 0
FAILED: patch "[PATCH] drm/v3d: Assign job pointer to NULL before signaling the" failed to apply to 6.12-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.12-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y
git checkout FETCH_HEAD
git cherry-pick -x 6e64d6b3a3c39655de56682ec83e894978d23412
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025020429-plentiful-petal-41de@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 6e64d6b3a3c39655de56682ec83e894978d23412 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ma=C3=ADra=20Canal?= <mcanal(a)igalia.com>
Date: Wed, 22 Jan 2025 22:24:03 -0300
Subject: [PATCH] drm/v3d: Assign job pointer to NULL before signaling the
fence
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
In commit e4b5ccd392b9 ("drm/v3d: Ensure job pointer is set to NULL
after job completion"), we introduced a change to assign the job pointer
to NULL after completing a job, indicating job completion.
However, this approach created a race condition between the DRM
scheduler workqueue and the IRQ execution thread. As soon as the fence is
signaled in the IRQ execution thread, a new job starts to be executed.
This results in a race condition where the IRQ execution thread sets the
job pointer to NULL simultaneously as the `run_job()` function assigns
a new job to the pointer.
This race condition can lead to a NULL pointer dereference if the IRQ
execution thread sets the job pointer to NULL after `run_job()` assigns
it to the new job. When the new job completes and the GPU emits an
interrupt, `v3d_irq()` is triggered, potentially causing a crash.
[ 466.310099] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000c0
[ 466.318928] Mem abort info:
[ 466.321723] ESR = 0x0000000096000005
[ 466.325479] EC = 0x25: DABT (current EL), IL = 32 bits
[ 466.330807] SET = 0, FnV = 0
[ 466.333864] EA = 0, S1PTW = 0
[ 466.337010] FSC = 0x05: level 1 translation fault
[ 466.341900] Data abort info:
[ 466.344783] ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000
[ 466.350285] CM = 0, WnR = 0, TnD = 0, TagAccess = 0
[ 466.355350] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
[ 466.360677] user pgtable: 4k pages, 39-bit VAs, pgdp=0000000089772000
[ 466.367140] [00000000000000c0] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000
[ 466.375875] Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP
[ 466.382163] Modules linked in: rfcomm snd_seq_dummy snd_hrtimer snd_seq snd_seq_device algif_hash algif_skcipher af_alg bnep binfmt_misc vc4 snd_soc_hdmi_codec drm_display_helper cec brcmfmac_wcc spidev rpivid_hevc(C) drm_client_lib brcmfmac hci_uart drm_dma_helper pisp_be btbcm brcmutil snd_soc_core aes_ce_blk v4l2_mem2mem bluetooth aes_ce_cipher snd_compress videobuf2_dma_contig ghash_ce cfg80211 gf128mul snd_pcm_dmaengine videobuf2_memops ecdh_generic sha2_ce ecc videobuf2_v4l2 snd_pcm v3d sha256_arm64 rfkill videodev snd_timer sha1_ce libaes gpu_sched snd videobuf2_common sha1_generic drm_shmem_helper mc rp1_pio drm_kms_helper raspberrypi_hwmon spi_bcm2835 gpio_keys i2c_brcmstb rp1 raspberrypi_gpiomem rp1_mailbox rp1_adc nvmem_rmem uio_pdrv_genirq uio i2c_dev drm ledtrig_pattern drm_panel_orientation_quirks backlight fuse dm_mod ip_tables x_tables ipv6
[ 466.458429] CPU: 0 UID: 1000 PID: 2008 Comm: chromium Tainted: G C 6.13.0-v8+ #18
[ 466.467336] Tainted: [C]=CRAP
[ 466.470306] Hardware name: Raspberry Pi 5 Model B Rev 1.0 (DT)
[ 466.476157] pstate: 404000c9 (nZcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[ 466.483143] pc : v3d_irq+0x118/0x2e0 [v3d]
[ 466.487258] lr : __handle_irq_event_percpu+0x60/0x228
[ 466.492327] sp : ffffffc080003ea0
[ 466.495646] x29: ffffffc080003ea0 x28: ffffff80c0c94200 x27: 0000000000000000
[ 466.502807] x26: ffffffd08dd81d7b x25: ffffff80c0c94200 x24: ffffff8003bdc200
[ 466.509969] x23: 0000000000000001 x22: 00000000000000a7 x21: 0000000000000000
[ 466.517130] x20: ffffff8041bb0000 x19: 0000000000000001 x18: 0000000000000000
[ 466.524291] x17: ffffffafadfb0000 x16: ffffffc080000000 x15: 0000000000000000
[ 466.531452] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000
[ 466.538613] x11: 0000000000000000 x10: 0000000000000000 x9 : ffffffd08c527eb0
[ 466.545777] x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000
[ 466.552941] x5 : ffffffd08c4100d0 x4 : ffffffafadfb0000 x3 : ffffffc080003f70
[ 466.560102] x2 : ffffffc0829e8058 x1 : 0000000000000001 x0 : 0000000000000000
[ 466.567263] Call trace:
[ 466.569711] v3d_irq+0x118/0x2e0 [v3d] (P)
[ 466.573826] __handle_irq_event_percpu+0x60/0x228
[ 466.578546] handle_irq_event+0x54/0xb8
[ 466.582391] handle_fasteoi_irq+0xac/0x240
[ 466.586498] generic_handle_domain_irq+0x34/0x58
[ 466.591128] gic_handle_irq+0x48/0xd8
[ 466.594798] call_on_irq_stack+0x24/0x58
[ 466.598730] do_interrupt_handler+0x88/0x98
[ 466.602923] el0_interrupt+0x44/0xc0
[ 466.606508] __el0_irq_handler_common+0x18/0x28
[ 466.611050] el0t_64_irq_handler+0x10/0x20
[ 466.615156] el0t_64_irq+0x198/0x1a0
[ 466.618740] Code: 52800035 3607faf3 f9442e80 52800021 (f9406018)
[ 466.624853] ---[ end trace 0000000000000000 ]---
[ 466.629483] Kernel panic - not syncing: Oops: Fatal exception in interrupt
[ 466.636384] SMP: stopping secondary CPUs
[ 466.640320] Kernel Offset: 0x100c400000 from 0xffffffc080000000
[ 466.646259] PHYS_OFFSET: 0x0
[ 466.649141] CPU features: 0x100,00000170,00901250,0200720b
[ 466.654644] Memory Limit: none
[ 466.657706] ---[ end Kernel panic - not syncing: Oops: Fatal exception in interrupt ]---
Fix the crash by assigning the job pointer to NULL before signaling the
fence. This ensures that the job pointer is cleared before any new job
starts execution, preventing the race condition and the NULL pointer
dereference crash.
Cc: stable(a)vger.kernel.org
Fixes: e4b5ccd392b9 ("drm/v3d: Ensure job pointer is set to NULL after job completion")
Signed-off-by: Maíra Canal <mcanal(a)igalia.com>
Reviewed-by: Jose Maria Casanova Crespo <jmcasanova(a)igalia.com>
Reviewed-by: Iago Toral Quiroga <itoral(a)igalia.com>
Tested-by: Phil Elwell <phil(a)raspberrypi.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20250123012403.20447-1-mcanal…
diff --git a/drivers/gpu/drm/v3d/v3d_irq.c b/drivers/gpu/drm/v3d/v3d_irq.c
index da203045df9b..72b6a119412f 100644
--- a/drivers/gpu/drm/v3d/v3d_irq.c
+++ b/drivers/gpu/drm/v3d/v3d_irq.c
@@ -107,8 +107,10 @@ v3d_irq(int irq, void *arg)
v3d_job_update_stats(&v3d->bin_job->base, V3D_BIN);
trace_v3d_bcl_irq(&v3d->drm, fence->seqno);
- dma_fence_signal(&fence->base);
+
v3d->bin_job = NULL;
+ dma_fence_signal(&fence->base);
+
status = IRQ_HANDLED;
}
@@ -118,8 +120,10 @@ v3d_irq(int irq, void *arg)
v3d_job_update_stats(&v3d->render_job->base, V3D_RENDER);
trace_v3d_rcl_irq(&v3d->drm, fence->seqno);
- dma_fence_signal(&fence->base);
+
v3d->render_job = NULL;
+ dma_fence_signal(&fence->base);
+
status = IRQ_HANDLED;
}
@@ -129,8 +133,10 @@ v3d_irq(int irq, void *arg)
v3d_job_update_stats(&v3d->csd_job->base, V3D_CSD);
trace_v3d_csd_irq(&v3d->drm, fence->seqno);
- dma_fence_signal(&fence->base);
+
v3d->csd_job = NULL;
+ dma_fence_signal(&fence->base);
+
status = IRQ_HANDLED;
}
@@ -167,8 +173,10 @@ v3d_hub_irq(int irq, void *arg)
v3d_job_update_stats(&v3d->tfu_job->base, V3D_TFU);
trace_v3d_tfu_irq(&v3d->drm, fence->seqno);
- dma_fence_signal(&fence->base);
+
v3d->tfu_job = NULL;
+ dma_fence_signal(&fence->base);
+
status = IRQ_HANDLED;
}
4 months, 2 weeks
- 1
- 0
FAILED: patch "[PATCH] drm/v3d: Assign job pointer to NULL before signaling the" failed to apply to 6.13-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.13-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.13.y
git checkout FETCH_HEAD
git cherry-pick -x 6e64d6b3a3c39655de56682ec83e894978d23412
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025020427-navigator-squall-4540@gregkh' --subject-prefix 'PATCH 6.13.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 6e64d6b3a3c39655de56682ec83e894978d23412 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ma=C3=ADra=20Canal?= <mcanal(a)igalia.com>
Date: Wed, 22 Jan 2025 22:24:03 -0300
Subject: [PATCH] drm/v3d: Assign job pointer to NULL before signaling the
fence
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
In commit e4b5ccd392b9 ("drm/v3d: Ensure job pointer is set to NULL
after job completion"), we introduced a change to assign the job pointer
to NULL after completing a job, indicating job completion.
However, this approach created a race condition between the DRM
scheduler workqueue and the IRQ execution thread. As soon as the fence is
signaled in the IRQ execution thread, a new job starts to be executed.
This results in a race condition where the IRQ execution thread sets the
job pointer to NULL simultaneously as the `run_job()` function assigns
a new job to the pointer.
This race condition can lead to a NULL pointer dereference if the IRQ
execution thread sets the job pointer to NULL after `run_job()` assigns
it to the new job. When the new job completes and the GPU emits an
interrupt, `v3d_irq()` is triggered, potentially causing a crash.
[ 466.310099] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000c0
[ 466.318928] Mem abort info:
[ 466.321723] ESR = 0x0000000096000005
[ 466.325479] EC = 0x25: DABT (current EL), IL = 32 bits
[ 466.330807] SET = 0, FnV = 0
[ 466.333864] EA = 0, S1PTW = 0
[ 466.337010] FSC = 0x05: level 1 translation fault
[ 466.341900] Data abort info:
[ 466.344783] ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000
[ 466.350285] CM = 0, WnR = 0, TnD = 0, TagAccess = 0
[ 466.355350] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
[ 466.360677] user pgtable: 4k pages, 39-bit VAs, pgdp=0000000089772000
[ 466.367140] [00000000000000c0] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000
[ 466.375875] Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP
[ 466.382163] Modules linked in: rfcomm snd_seq_dummy snd_hrtimer snd_seq snd_seq_device algif_hash algif_skcipher af_alg bnep binfmt_misc vc4 snd_soc_hdmi_codec drm_display_helper cec brcmfmac_wcc spidev rpivid_hevc(C) drm_client_lib brcmfmac hci_uart drm_dma_helper pisp_be btbcm brcmutil snd_soc_core aes_ce_blk v4l2_mem2mem bluetooth aes_ce_cipher snd_compress videobuf2_dma_contig ghash_ce cfg80211 gf128mul snd_pcm_dmaengine videobuf2_memops ecdh_generic sha2_ce ecc videobuf2_v4l2 snd_pcm v3d sha256_arm64 rfkill videodev snd_timer sha1_ce libaes gpu_sched snd videobuf2_common sha1_generic drm_shmem_helper mc rp1_pio drm_kms_helper raspberrypi_hwmon spi_bcm2835 gpio_keys i2c_brcmstb rp1 raspberrypi_gpiomem rp1_mailbox rp1_adc nvmem_rmem uio_pdrv_genirq uio i2c_dev drm ledtrig_pattern drm_panel_orientation_quirks backlight fuse dm_mod ip_tables x_tables ipv6
[ 466.458429] CPU: 0 UID: 1000 PID: 2008 Comm: chromium Tainted: G C 6.13.0-v8+ #18
[ 466.467336] Tainted: [C]=CRAP
[ 466.470306] Hardware name: Raspberry Pi 5 Model B Rev 1.0 (DT)
[ 466.476157] pstate: 404000c9 (nZcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[ 466.483143] pc : v3d_irq+0x118/0x2e0 [v3d]
[ 466.487258] lr : __handle_irq_event_percpu+0x60/0x228
[ 466.492327] sp : ffffffc080003ea0
[ 466.495646] x29: ffffffc080003ea0 x28: ffffff80c0c94200 x27: 0000000000000000
[ 466.502807] x26: ffffffd08dd81d7b x25: ffffff80c0c94200 x24: ffffff8003bdc200
[ 466.509969] x23: 0000000000000001 x22: 00000000000000a7 x21: 0000000000000000
[ 466.517130] x20: ffffff8041bb0000 x19: 0000000000000001 x18: 0000000000000000
[ 466.524291] x17: ffffffafadfb0000 x16: ffffffc080000000 x15: 0000000000000000
[ 466.531452] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000
[ 466.538613] x11: 0000000000000000 x10: 0000000000000000 x9 : ffffffd08c527eb0
[ 466.545777] x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000
[ 466.552941] x5 : ffffffd08c4100d0 x4 : ffffffafadfb0000 x3 : ffffffc080003f70
[ 466.560102] x2 : ffffffc0829e8058 x1 : 0000000000000001 x0 : 0000000000000000
[ 466.567263] Call trace:
[ 466.569711] v3d_irq+0x118/0x2e0 [v3d] (P)
[ 466.573826] __handle_irq_event_percpu+0x60/0x228
[ 466.578546] handle_irq_event+0x54/0xb8
[ 466.582391] handle_fasteoi_irq+0xac/0x240
[ 466.586498] generic_handle_domain_irq+0x34/0x58
[ 466.591128] gic_handle_irq+0x48/0xd8
[ 466.594798] call_on_irq_stack+0x24/0x58
[ 466.598730] do_interrupt_handler+0x88/0x98
[ 466.602923] el0_interrupt+0x44/0xc0
[ 466.606508] __el0_irq_handler_common+0x18/0x28
[ 466.611050] el0t_64_irq_handler+0x10/0x20
[ 466.615156] el0t_64_irq+0x198/0x1a0
[ 466.618740] Code: 52800035 3607faf3 f9442e80 52800021 (f9406018)
[ 466.624853] ---[ end trace 0000000000000000 ]---
[ 466.629483] Kernel panic - not syncing: Oops: Fatal exception in interrupt
[ 466.636384] SMP: stopping secondary CPUs
[ 466.640320] Kernel Offset: 0x100c400000 from 0xffffffc080000000
[ 466.646259] PHYS_OFFSET: 0x0
[ 466.649141] CPU features: 0x100,00000170,00901250,0200720b
[ 466.654644] Memory Limit: none
[ 466.657706] ---[ end Kernel panic - not syncing: Oops: Fatal exception in interrupt ]---
Fix the crash by assigning the job pointer to NULL before signaling the
fence. This ensures that the job pointer is cleared before any new job
starts execution, preventing the race condition and the NULL pointer
dereference crash.
Cc: stable(a)vger.kernel.org
Fixes: e4b5ccd392b9 ("drm/v3d: Ensure job pointer is set to NULL after job completion")
Signed-off-by: Maíra Canal <mcanal(a)igalia.com>
Reviewed-by: Jose Maria Casanova Crespo <jmcasanova(a)igalia.com>
Reviewed-by: Iago Toral Quiroga <itoral(a)igalia.com>
Tested-by: Phil Elwell <phil(a)raspberrypi.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20250123012403.20447-1-mcanal…
diff --git a/drivers/gpu/drm/v3d/v3d_irq.c b/drivers/gpu/drm/v3d/v3d_irq.c
index da203045df9b..72b6a119412f 100644
--- a/drivers/gpu/drm/v3d/v3d_irq.c
+++ b/drivers/gpu/drm/v3d/v3d_irq.c
@@ -107,8 +107,10 @@ v3d_irq(int irq, void *arg)
v3d_job_update_stats(&v3d->bin_job->base, V3D_BIN);
trace_v3d_bcl_irq(&v3d->drm, fence->seqno);
- dma_fence_signal(&fence->base);
+
v3d->bin_job = NULL;
+ dma_fence_signal(&fence->base);
+
status = IRQ_HANDLED;
}
@@ -118,8 +120,10 @@ v3d_irq(int irq, void *arg)
v3d_job_update_stats(&v3d->render_job->base, V3D_RENDER);
trace_v3d_rcl_irq(&v3d->drm, fence->seqno);
- dma_fence_signal(&fence->base);
+
v3d->render_job = NULL;
+ dma_fence_signal(&fence->base);
+
status = IRQ_HANDLED;
}
@@ -129,8 +133,10 @@ v3d_irq(int irq, void *arg)
v3d_job_update_stats(&v3d->csd_job->base, V3D_CSD);
trace_v3d_csd_irq(&v3d->drm, fence->seqno);
- dma_fence_signal(&fence->base);
+
v3d->csd_job = NULL;
+ dma_fence_signal(&fence->base);
+
status = IRQ_HANDLED;
}
@@ -167,8 +173,10 @@ v3d_hub_irq(int irq, void *arg)
v3d_job_update_stats(&v3d->tfu_job->base, V3D_TFU);
trace_v3d_tfu_irq(&v3d->drm, fence->seqno);
- dma_fence_signal(&fence->base);
+
v3d->tfu_job = NULL;
+ dma_fence_signal(&fence->base);
+
status = IRQ_HANDLED;
}
4 months, 2 weeks
- 1
- 0
FAILED: patch "[PATCH] RDMA/mlx5: Fix implicit ODP use after free" failed to apply to 5.10-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 5.10-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y
git checkout FETCH_HEAD
git cherry-pick -x d3d930411ce390e532470194296658a960887773
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025020412-afraid-unearth-34e3@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From d3d930411ce390e532470194296658a960887773 Mon Sep 17 00:00:00 2001
From: Patrisious Haddad <phaddad(a)nvidia.com>
Date: Sun, 19 Jan 2025 10:21:41 +0200
Subject: [PATCH] RDMA/mlx5: Fix implicit ODP use after free
Prevent double queueing of implicit ODP mr destroy work by using
__xa_cmpxchg() to make sure this is the only time we are destroying this
specific mr.
Without this change, we could try to invalidate this mr twice, which in
turn could result in queuing a MR work destroy twice, and eventually the
second work could execute after the MR was freed due to the first work,
causing a user after free and trace below.
refcount_t: underflow; use-after-free.
WARNING: CPU: 2 PID: 12178 at lib/refcount.c:28 refcount_warn_saturate+0x12b/0x130
Modules linked in: bonding ib_ipoib vfio_pci ip_gre geneve nf_tables ip6_gre gre ip6_tunnel tunnel6 ipip tunnel4 ib_umad rdma_ucm mlx5_vfio_pci vfio_pci_core vfio_iommu_type1 mlx5_ib vfio ib_uverbs mlx5_core iptable_raw openvswitch nsh rpcrdma ib_iser libiscsi scsi_transport_iscsi rdma_cm iw_cm ib_cm ib_core xt_conntrack xt_MASQUERADE nf_conntrack_netlink nfnetlink xt_addrtype iptable_nat nf_nat br_netfilter rpcsec_gss_krb5 auth_rpcgss oid_registry overlay zram zsmalloc fuse [last unloaded: ib_uverbs]
CPU: 2 PID: 12178 Comm: kworker/u20:5 Not tainted 6.5.0-rc1_net_next_mlx5_58c644e #1
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014
Workqueue: events_unbound free_implicit_child_mr_work [mlx5_ib]
RIP: 0010:refcount_warn_saturate+0x12b/0x130
Code: 48 c7 c7 38 95 2a 82 c6 05 bc c6 fe 00 01 e8 0c 66 aa ff 0f 0b 5b c3 48 c7 c7 e0 94 2a 82 c6 05 a7 c6 fe 00 01 e8 f5 65 aa ff <0f> 0b 5b c3 90 8b 07 3d 00 00 00 c0 74 12 83 f8 01 74 13 8d 50 ff
RSP: 0018:ffff8881008e3e40 EFLAGS: 00010286
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000027
RDX: ffff88852c91b5c8 RSI: 0000000000000001 RDI: ffff88852c91b5c0
RBP: ffff8881dacd4e00 R08: 00000000ffffffff R09: 0000000000000019
R10: 000000000000072e R11: 0000000063666572 R12: ffff88812bfd9e00
R13: ffff8881c792d200 R14: ffff88810011c005 R15: ffff8881002099c0
FS: 0000000000000000(0000) GS:ffff88852c900000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f5694b5e000 CR3: 00000001153f6003 CR4: 0000000000370ea0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
? refcount_warn_saturate+0x12b/0x130
free_implicit_child_mr_work+0x180/0x1b0 [mlx5_ib]
process_one_work+0x1cc/0x3c0
worker_thread+0x218/0x3c0
kthread+0xc6/0xf0
ret_from_fork+0x1f/0x30
</TASK>
Fixes: 5256edcb98a1 ("RDMA/mlx5: Rework implicit ODP destroy")
Cc: stable(a)vger.kernel.org
Link: https://patch.msgid.link/r/c96b8645a81085abff739e6b06e286a350d1283d.1737274…
Signed-off-by: Patrisious Haddad <phaddad(a)nvidia.com>
Signed-off-by: Leon Romanovsky <leonro(a)nvidia.com>
Signed-off-by: Jason Gunthorpe <jgg(a)nvidia.com>
diff --git a/drivers/infiniband/hw/mlx5/odp.c b/drivers/infiniband/hw/mlx5/odp.c
index f655859eec00..f1e23583e6c0 100644
--- a/drivers/infiniband/hw/mlx5/odp.c
+++ b/drivers/infiniband/hw/mlx5/odp.c
@@ -228,13 +228,27 @@ static void destroy_unused_implicit_child_mr(struct mlx5_ib_mr *mr)
unsigned long idx = ib_umem_start(odp) >> MLX5_IMR_MTT_SHIFT;
struct mlx5_ib_mr *imr = mr->parent;
+ /*
+ * If userspace is racing freeing the parent implicit ODP MR then we can
+ * loose the race with parent destruction. In this case
+ * mlx5_ib_free_odp_mr() will free everything in the implicit_children
+ * xarray so NOP is fine. This child MR cannot be destroyed here because
+ * we are under its umem_mutex.
+ */
if (!refcount_inc_not_zero(&imr->mmkey.usecount))
return;
- xa_erase(&imr->implicit_children, idx);
+ xa_lock(&imr->implicit_children);
+ if (__xa_cmpxchg(&imr->implicit_children, idx, mr, NULL, GFP_KERNEL) !=
+ mr) {
+ xa_unlock(&imr->implicit_children);
+ return;
+ }
+
if (MLX5_CAP_ODP(mr_to_mdev(mr)->mdev, mem_page_fault))
- xa_erase(&mr_to_mdev(mr)->odp_mkeys,
- mlx5_base_mkey(mr->mmkey.key));
+ __xa_erase(&mr_to_mdev(mr)->odp_mkeys,
+ mlx5_base_mkey(mr->mmkey.key));
+ xa_unlock(&imr->implicit_children);
/* Freeing a MR is a sleeping operation, so bounce to a work queue */
INIT_WORK(&mr->odp_destroy.work, free_implicit_child_mr_work);
@@ -502,18 +516,18 @@ static struct mlx5_ib_mr *implicit_get_child_mr(struct mlx5_ib_mr *imr,
refcount_inc(&ret->mmkey.usecount);
goto out_lock;
}
- xa_unlock(&imr->implicit_children);
if (MLX5_CAP_ODP(dev->mdev, mem_page_fault)) {
- ret = xa_store(&dev->odp_mkeys, mlx5_base_mkey(mr->mmkey.key),
- &mr->mmkey, GFP_KERNEL);
+ ret = __xa_store(&dev->odp_mkeys, mlx5_base_mkey(mr->mmkey.key),
+ &mr->mmkey, GFP_KERNEL);
if (xa_is_err(ret)) {
ret = ERR_PTR(xa_err(ret));
- xa_erase(&imr->implicit_children, idx);
- goto out_mr;
+ __xa_erase(&imr->implicit_children, idx);
+ goto out_lock;
}
mr->mmkey.type = MLX5_MKEY_IMPLICIT_CHILD;
}
+ xa_unlock(&imr->implicit_children);
mlx5_ib_dbg(mr_to_mdev(imr), "key %x mr %p\n", mr->mmkey.key, mr);
return mr;
4 months, 2 weeks
- 1
- 0
FAILED: patch "[PATCH] RDMA/mlx5: Fix implicit ODP use after free" failed to apply to 5.15-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 5.15-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y
git checkout FETCH_HEAD
git cherry-pick -x d3d930411ce390e532470194296658a960887773
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025020411-unwritten-anvil-1852@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From d3d930411ce390e532470194296658a960887773 Mon Sep 17 00:00:00 2001
From: Patrisious Haddad <phaddad(a)nvidia.com>
Date: Sun, 19 Jan 2025 10:21:41 +0200
Subject: [PATCH] RDMA/mlx5: Fix implicit ODP use after free
Prevent double queueing of implicit ODP mr destroy work by using
__xa_cmpxchg() to make sure this is the only time we are destroying this
specific mr.
Without this change, we could try to invalidate this mr twice, which in
turn could result in queuing a MR work destroy twice, and eventually the
second work could execute after the MR was freed due to the first work,
causing a user after free and trace below.
refcount_t: underflow; use-after-free.
WARNING: CPU: 2 PID: 12178 at lib/refcount.c:28 refcount_warn_saturate+0x12b/0x130
Modules linked in: bonding ib_ipoib vfio_pci ip_gre geneve nf_tables ip6_gre gre ip6_tunnel tunnel6 ipip tunnel4 ib_umad rdma_ucm mlx5_vfio_pci vfio_pci_core vfio_iommu_type1 mlx5_ib vfio ib_uverbs mlx5_core iptable_raw openvswitch nsh rpcrdma ib_iser libiscsi scsi_transport_iscsi rdma_cm iw_cm ib_cm ib_core xt_conntrack xt_MASQUERADE nf_conntrack_netlink nfnetlink xt_addrtype iptable_nat nf_nat br_netfilter rpcsec_gss_krb5 auth_rpcgss oid_registry overlay zram zsmalloc fuse [last unloaded: ib_uverbs]
CPU: 2 PID: 12178 Comm: kworker/u20:5 Not tainted 6.5.0-rc1_net_next_mlx5_58c644e #1
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014
Workqueue: events_unbound free_implicit_child_mr_work [mlx5_ib]
RIP: 0010:refcount_warn_saturate+0x12b/0x130
Code: 48 c7 c7 38 95 2a 82 c6 05 bc c6 fe 00 01 e8 0c 66 aa ff 0f 0b 5b c3 48 c7 c7 e0 94 2a 82 c6 05 a7 c6 fe 00 01 e8 f5 65 aa ff <0f> 0b 5b c3 90 8b 07 3d 00 00 00 c0 74 12 83 f8 01 74 13 8d 50 ff
RSP: 0018:ffff8881008e3e40 EFLAGS: 00010286
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000027
RDX: ffff88852c91b5c8 RSI: 0000000000000001 RDI: ffff88852c91b5c0
RBP: ffff8881dacd4e00 R08: 00000000ffffffff R09: 0000000000000019
R10: 000000000000072e R11: 0000000063666572 R12: ffff88812bfd9e00
R13: ffff8881c792d200 R14: ffff88810011c005 R15: ffff8881002099c0
FS: 0000000000000000(0000) GS:ffff88852c900000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f5694b5e000 CR3: 00000001153f6003 CR4: 0000000000370ea0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
? refcount_warn_saturate+0x12b/0x130
free_implicit_child_mr_work+0x180/0x1b0 [mlx5_ib]
process_one_work+0x1cc/0x3c0
worker_thread+0x218/0x3c0
kthread+0xc6/0xf0
ret_from_fork+0x1f/0x30
</TASK>
Fixes: 5256edcb98a1 ("RDMA/mlx5: Rework implicit ODP destroy")
Cc: stable(a)vger.kernel.org
Link: https://patch.msgid.link/r/c96b8645a81085abff739e6b06e286a350d1283d.1737274…
Signed-off-by: Patrisious Haddad <phaddad(a)nvidia.com>
Signed-off-by: Leon Romanovsky <leonro(a)nvidia.com>
Signed-off-by: Jason Gunthorpe <jgg(a)nvidia.com>
diff --git a/drivers/infiniband/hw/mlx5/odp.c b/drivers/infiniband/hw/mlx5/odp.c
index f655859eec00..f1e23583e6c0 100644
--- a/drivers/infiniband/hw/mlx5/odp.c
+++ b/drivers/infiniband/hw/mlx5/odp.c
@@ -228,13 +228,27 @@ static void destroy_unused_implicit_child_mr(struct mlx5_ib_mr *mr)
unsigned long idx = ib_umem_start(odp) >> MLX5_IMR_MTT_SHIFT;
struct mlx5_ib_mr *imr = mr->parent;
+ /*
+ * If userspace is racing freeing the parent implicit ODP MR then we can
+ * loose the race with parent destruction. In this case
+ * mlx5_ib_free_odp_mr() will free everything in the implicit_children
+ * xarray so NOP is fine. This child MR cannot be destroyed here because
+ * we are under its umem_mutex.
+ */
if (!refcount_inc_not_zero(&imr->mmkey.usecount))
return;
- xa_erase(&imr->implicit_children, idx);
+ xa_lock(&imr->implicit_children);
+ if (__xa_cmpxchg(&imr->implicit_children, idx, mr, NULL, GFP_KERNEL) !=
+ mr) {
+ xa_unlock(&imr->implicit_children);
+ return;
+ }
+
if (MLX5_CAP_ODP(mr_to_mdev(mr)->mdev, mem_page_fault))
- xa_erase(&mr_to_mdev(mr)->odp_mkeys,
- mlx5_base_mkey(mr->mmkey.key));
+ __xa_erase(&mr_to_mdev(mr)->odp_mkeys,
+ mlx5_base_mkey(mr->mmkey.key));
+ xa_unlock(&imr->implicit_children);
/* Freeing a MR is a sleeping operation, so bounce to a work queue */
INIT_WORK(&mr->odp_destroy.work, free_implicit_child_mr_work);
@@ -502,18 +516,18 @@ static struct mlx5_ib_mr *implicit_get_child_mr(struct mlx5_ib_mr *imr,
refcount_inc(&ret->mmkey.usecount);
goto out_lock;
}
- xa_unlock(&imr->implicit_children);
if (MLX5_CAP_ODP(dev->mdev, mem_page_fault)) {
- ret = xa_store(&dev->odp_mkeys, mlx5_base_mkey(mr->mmkey.key),
- &mr->mmkey, GFP_KERNEL);
+ ret = __xa_store(&dev->odp_mkeys, mlx5_base_mkey(mr->mmkey.key),
+ &mr->mmkey, GFP_KERNEL);
if (xa_is_err(ret)) {
ret = ERR_PTR(xa_err(ret));
- xa_erase(&imr->implicit_children, idx);
- goto out_mr;
+ __xa_erase(&imr->implicit_children, idx);
+ goto out_lock;
}
mr->mmkey.type = MLX5_MKEY_IMPLICIT_CHILD;
}
+ xa_unlock(&imr->implicit_children);
mlx5_ib_dbg(mr_to_mdev(imr), "key %x mr %p\n", mr->mmkey.key, mr);
return mr;
4 months, 2 weeks
- 1
- 0
FAILED: patch "[PATCH] RDMA/mlx5: Fix implicit ODP use after free" failed to apply to 6.1-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.1-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y
git checkout FETCH_HEAD
git cherry-pick -x d3d930411ce390e532470194296658a960887773
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025020410-evacuate-dotted-2c17@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From d3d930411ce390e532470194296658a960887773 Mon Sep 17 00:00:00 2001
From: Patrisious Haddad <phaddad(a)nvidia.com>
Date: Sun, 19 Jan 2025 10:21:41 +0200
Subject: [PATCH] RDMA/mlx5: Fix implicit ODP use after free
Prevent double queueing of implicit ODP mr destroy work by using
__xa_cmpxchg() to make sure this is the only time we are destroying this
specific mr.
Without this change, we could try to invalidate this mr twice, which in
turn could result in queuing a MR work destroy twice, and eventually the
second work could execute after the MR was freed due to the first work,
causing a user after free and trace below.
refcount_t: underflow; use-after-free.
WARNING: CPU: 2 PID: 12178 at lib/refcount.c:28 refcount_warn_saturate+0x12b/0x130
Modules linked in: bonding ib_ipoib vfio_pci ip_gre geneve nf_tables ip6_gre gre ip6_tunnel tunnel6 ipip tunnel4 ib_umad rdma_ucm mlx5_vfio_pci vfio_pci_core vfio_iommu_type1 mlx5_ib vfio ib_uverbs mlx5_core iptable_raw openvswitch nsh rpcrdma ib_iser libiscsi scsi_transport_iscsi rdma_cm iw_cm ib_cm ib_core xt_conntrack xt_MASQUERADE nf_conntrack_netlink nfnetlink xt_addrtype iptable_nat nf_nat br_netfilter rpcsec_gss_krb5 auth_rpcgss oid_registry overlay zram zsmalloc fuse [last unloaded: ib_uverbs]
CPU: 2 PID: 12178 Comm: kworker/u20:5 Not tainted 6.5.0-rc1_net_next_mlx5_58c644e #1
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014
Workqueue: events_unbound free_implicit_child_mr_work [mlx5_ib]
RIP: 0010:refcount_warn_saturate+0x12b/0x130
Code: 48 c7 c7 38 95 2a 82 c6 05 bc c6 fe 00 01 e8 0c 66 aa ff 0f 0b 5b c3 48 c7 c7 e0 94 2a 82 c6 05 a7 c6 fe 00 01 e8 f5 65 aa ff <0f> 0b 5b c3 90 8b 07 3d 00 00 00 c0 74 12 83 f8 01 74 13 8d 50 ff
RSP: 0018:ffff8881008e3e40 EFLAGS: 00010286
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000027
RDX: ffff88852c91b5c8 RSI: 0000000000000001 RDI: ffff88852c91b5c0
RBP: ffff8881dacd4e00 R08: 00000000ffffffff R09: 0000000000000019
R10: 000000000000072e R11: 0000000063666572 R12: ffff88812bfd9e00
R13: ffff8881c792d200 R14: ffff88810011c005 R15: ffff8881002099c0
FS: 0000000000000000(0000) GS:ffff88852c900000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f5694b5e000 CR3: 00000001153f6003 CR4: 0000000000370ea0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
? refcount_warn_saturate+0x12b/0x130
free_implicit_child_mr_work+0x180/0x1b0 [mlx5_ib]
process_one_work+0x1cc/0x3c0
worker_thread+0x218/0x3c0
kthread+0xc6/0xf0
ret_from_fork+0x1f/0x30
</TASK>
Fixes: 5256edcb98a1 ("RDMA/mlx5: Rework implicit ODP destroy")
Cc: stable(a)vger.kernel.org
Link: https://patch.msgid.link/r/c96b8645a81085abff739e6b06e286a350d1283d.1737274…
Signed-off-by: Patrisious Haddad <phaddad(a)nvidia.com>
Signed-off-by: Leon Romanovsky <leonro(a)nvidia.com>
Signed-off-by: Jason Gunthorpe <jgg(a)nvidia.com>
diff --git a/drivers/infiniband/hw/mlx5/odp.c b/drivers/infiniband/hw/mlx5/odp.c
index f655859eec00..f1e23583e6c0 100644
--- a/drivers/infiniband/hw/mlx5/odp.c
+++ b/drivers/infiniband/hw/mlx5/odp.c
@@ -228,13 +228,27 @@ static void destroy_unused_implicit_child_mr(struct mlx5_ib_mr *mr)
unsigned long idx = ib_umem_start(odp) >> MLX5_IMR_MTT_SHIFT;
struct mlx5_ib_mr *imr = mr->parent;
+ /*
+ * If userspace is racing freeing the parent implicit ODP MR then we can
+ * loose the race with parent destruction. In this case
+ * mlx5_ib_free_odp_mr() will free everything in the implicit_children
+ * xarray so NOP is fine. This child MR cannot be destroyed here because
+ * we are under its umem_mutex.
+ */
if (!refcount_inc_not_zero(&imr->mmkey.usecount))
return;
- xa_erase(&imr->implicit_children, idx);
+ xa_lock(&imr->implicit_children);
+ if (__xa_cmpxchg(&imr->implicit_children, idx, mr, NULL, GFP_KERNEL) !=
+ mr) {
+ xa_unlock(&imr->implicit_children);
+ return;
+ }
+
if (MLX5_CAP_ODP(mr_to_mdev(mr)->mdev, mem_page_fault))
- xa_erase(&mr_to_mdev(mr)->odp_mkeys,
- mlx5_base_mkey(mr->mmkey.key));
+ __xa_erase(&mr_to_mdev(mr)->odp_mkeys,
+ mlx5_base_mkey(mr->mmkey.key));
+ xa_unlock(&imr->implicit_children);
/* Freeing a MR is a sleeping operation, so bounce to a work queue */
INIT_WORK(&mr->odp_destroy.work, free_implicit_child_mr_work);
@@ -502,18 +516,18 @@ static struct mlx5_ib_mr *implicit_get_child_mr(struct mlx5_ib_mr *imr,
refcount_inc(&ret->mmkey.usecount);
goto out_lock;
}
- xa_unlock(&imr->implicit_children);
if (MLX5_CAP_ODP(dev->mdev, mem_page_fault)) {
- ret = xa_store(&dev->odp_mkeys, mlx5_base_mkey(mr->mmkey.key),
- &mr->mmkey, GFP_KERNEL);
+ ret = __xa_store(&dev->odp_mkeys, mlx5_base_mkey(mr->mmkey.key),
+ &mr->mmkey, GFP_KERNEL);
if (xa_is_err(ret)) {
ret = ERR_PTR(xa_err(ret));
- xa_erase(&imr->implicit_children, idx);
- goto out_mr;
+ __xa_erase(&imr->implicit_children, idx);
+ goto out_lock;
}
mr->mmkey.type = MLX5_MKEY_IMPLICIT_CHILD;
}
+ xa_unlock(&imr->implicit_children);
mlx5_ib_dbg(mr_to_mdev(imr), "key %x mr %p\n", mr->mmkey.key, mr);
return mr;
4 months, 2 weeks
- 1
- 0
FAILED: patch "[PATCH] RDMA/mlx5: Fix implicit ODP use after free" failed to apply to 6.6-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.6-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y
git checkout FETCH_HEAD
git cherry-pick -x d3d930411ce390e532470194296658a960887773
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025020409-scorpion-stark-a992@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From d3d930411ce390e532470194296658a960887773 Mon Sep 17 00:00:00 2001
From: Patrisious Haddad <phaddad(a)nvidia.com>
Date: Sun, 19 Jan 2025 10:21:41 +0200
Subject: [PATCH] RDMA/mlx5: Fix implicit ODP use after free
Prevent double queueing of implicit ODP mr destroy work by using
__xa_cmpxchg() to make sure this is the only time we are destroying this
specific mr.
Without this change, we could try to invalidate this mr twice, which in
turn could result in queuing a MR work destroy twice, and eventually the
second work could execute after the MR was freed due to the first work,
causing a user after free and trace below.
refcount_t: underflow; use-after-free.
WARNING: CPU: 2 PID: 12178 at lib/refcount.c:28 refcount_warn_saturate+0x12b/0x130
Modules linked in: bonding ib_ipoib vfio_pci ip_gre geneve nf_tables ip6_gre gre ip6_tunnel tunnel6 ipip tunnel4 ib_umad rdma_ucm mlx5_vfio_pci vfio_pci_core vfio_iommu_type1 mlx5_ib vfio ib_uverbs mlx5_core iptable_raw openvswitch nsh rpcrdma ib_iser libiscsi scsi_transport_iscsi rdma_cm iw_cm ib_cm ib_core xt_conntrack xt_MASQUERADE nf_conntrack_netlink nfnetlink xt_addrtype iptable_nat nf_nat br_netfilter rpcsec_gss_krb5 auth_rpcgss oid_registry overlay zram zsmalloc fuse [last unloaded: ib_uverbs]
CPU: 2 PID: 12178 Comm: kworker/u20:5 Not tainted 6.5.0-rc1_net_next_mlx5_58c644e #1
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014
Workqueue: events_unbound free_implicit_child_mr_work [mlx5_ib]
RIP: 0010:refcount_warn_saturate+0x12b/0x130
Code: 48 c7 c7 38 95 2a 82 c6 05 bc c6 fe 00 01 e8 0c 66 aa ff 0f 0b 5b c3 48 c7 c7 e0 94 2a 82 c6 05 a7 c6 fe 00 01 e8 f5 65 aa ff <0f> 0b 5b c3 90 8b 07 3d 00 00 00 c0 74 12 83 f8 01 74 13 8d 50 ff
RSP: 0018:ffff8881008e3e40 EFLAGS: 00010286
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000027
RDX: ffff88852c91b5c8 RSI: 0000000000000001 RDI: ffff88852c91b5c0
RBP: ffff8881dacd4e00 R08: 00000000ffffffff R09: 0000000000000019
R10: 000000000000072e R11: 0000000063666572 R12: ffff88812bfd9e00
R13: ffff8881c792d200 R14: ffff88810011c005 R15: ffff8881002099c0
FS: 0000000000000000(0000) GS:ffff88852c900000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f5694b5e000 CR3: 00000001153f6003 CR4: 0000000000370ea0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
? refcount_warn_saturate+0x12b/0x130
free_implicit_child_mr_work+0x180/0x1b0 [mlx5_ib]
process_one_work+0x1cc/0x3c0
worker_thread+0x218/0x3c0
kthread+0xc6/0xf0
ret_from_fork+0x1f/0x30
</TASK>
Fixes: 5256edcb98a1 ("RDMA/mlx5: Rework implicit ODP destroy")
Cc: stable(a)vger.kernel.org
Link: https://patch.msgid.link/r/c96b8645a81085abff739e6b06e286a350d1283d.1737274…
Signed-off-by: Patrisious Haddad <phaddad(a)nvidia.com>
Signed-off-by: Leon Romanovsky <leonro(a)nvidia.com>
Signed-off-by: Jason Gunthorpe <jgg(a)nvidia.com>
diff --git a/drivers/infiniband/hw/mlx5/odp.c b/drivers/infiniband/hw/mlx5/odp.c
index f655859eec00..f1e23583e6c0 100644
--- a/drivers/infiniband/hw/mlx5/odp.c
+++ b/drivers/infiniband/hw/mlx5/odp.c
@@ -228,13 +228,27 @@ static void destroy_unused_implicit_child_mr(struct mlx5_ib_mr *mr)
unsigned long idx = ib_umem_start(odp) >> MLX5_IMR_MTT_SHIFT;
struct mlx5_ib_mr *imr = mr->parent;
+ /*
+ * If userspace is racing freeing the parent implicit ODP MR then we can
+ * loose the race with parent destruction. In this case
+ * mlx5_ib_free_odp_mr() will free everything in the implicit_children
+ * xarray so NOP is fine. This child MR cannot be destroyed here because
+ * we are under its umem_mutex.
+ */
if (!refcount_inc_not_zero(&imr->mmkey.usecount))
return;
- xa_erase(&imr->implicit_children, idx);
+ xa_lock(&imr->implicit_children);
+ if (__xa_cmpxchg(&imr->implicit_children, idx, mr, NULL, GFP_KERNEL) !=
+ mr) {
+ xa_unlock(&imr->implicit_children);
+ return;
+ }
+
if (MLX5_CAP_ODP(mr_to_mdev(mr)->mdev, mem_page_fault))
- xa_erase(&mr_to_mdev(mr)->odp_mkeys,
- mlx5_base_mkey(mr->mmkey.key));
+ __xa_erase(&mr_to_mdev(mr)->odp_mkeys,
+ mlx5_base_mkey(mr->mmkey.key));
+ xa_unlock(&imr->implicit_children);
/* Freeing a MR is a sleeping operation, so bounce to a work queue */
INIT_WORK(&mr->odp_destroy.work, free_implicit_child_mr_work);
@@ -502,18 +516,18 @@ static struct mlx5_ib_mr *implicit_get_child_mr(struct mlx5_ib_mr *imr,
refcount_inc(&ret->mmkey.usecount);
goto out_lock;
}
- xa_unlock(&imr->implicit_children);
if (MLX5_CAP_ODP(dev->mdev, mem_page_fault)) {
- ret = xa_store(&dev->odp_mkeys, mlx5_base_mkey(mr->mmkey.key),
- &mr->mmkey, GFP_KERNEL);
+ ret = __xa_store(&dev->odp_mkeys, mlx5_base_mkey(mr->mmkey.key),
+ &mr->mmkey, GFP_KERNEL);
if (xa_is_err(ret)) {
ret = ERR_PTR(xa_err(ret));
- xa_erase(&imr->implicit_children, idx);
- goto out_mr;
+ __xa_erase(&imr->implicit_children, idx);
+ goto out_lock;
}
mr->mmkey.type = MLX5_MKEY_IMPLICIT_CHILD;
}
+ xa_unlock(&imr->implicit_children);
mlx5_ib_dbg(mr_to_mdev(imr), "key %x mr %p\n", mr->mmkey.key, mr);
return mr;
4 months, 2 weeks
- 1
- 0
Re: Patch "drm/etnaviv: Drop the offset in page manipulation" has been added to the 6.12-stable tree
by Lucas Stach
Hi Sasha,
Am Samstag, dem 01.02.2025 um 23:33 -0500 schrieb Sasha Levin:
> This is a note to let you know that I've just added the patch titled
>
> drm/etnaviv: Drop the offset in page manipulation
>
> to the 6.12-stable tree which can be found at:
> http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum…
>
> The filename of the patch is:
> drm-etnaviv-drop-the-offset-in-page-manipulation.patch
> and it can be found in the queue-6.12 subdirectory.
>
> If you, or anyone else, feels it should not be added to the stable tree,
> please let <stable(a)vger.kernel.org> know about it.
>
please drop this patch and all its dependencies from all stable queues.
While the code makes certain assumptions that are corrected in this
patch, those assumptions are always true in all use-cases today. I
don't see a reason to introduce this kind of churn to the stable trees
to fix a theoretical issue.
Regards,
Lucas
>
>
> commit cc5b6c4868e20f34d46e359930f0ca45a1cab9e3
> Author: Sui Jingfeng <sui.jingfeng(a)linux.dev>
> Date: Fri Nov 15 20:32:44 2024 +0800
>
> drm/etnaviv: Drop the offset in page manipulation
>
> [ Upstream commit 9aad03e7f5db7944d5ee96cd5c595c54be2236e6 ]
>
> The etnaviv driver, both kernel space and user space, assumes that GPU page
> size is 4KiB. Its IOMMU map/unmap 4KiB physical address range once a time.
> If 'sg->offset != 0' is true, then the current implementation will map the
> IOVA to a wrong area, which may lead to coherency problem. Picture 0 and 1
> give the illustration, see below.
>
> PA start drifted
> |
> |<--- 'sg_dma_address(sg) - sg->offset'
> | .------ sg_dma_address(sg)
> | | .---- sg_dma_len(sg)
> |<-sg->offset->| |
> V |<-->| Another one cpu page
> +----+----+----+----+ +----+----+----+----+
> |xxxx| |||||| |||||||||||||||||||||
> +----+----+----+----+ +----+----+----+----+
> ^ ^ ^ ^
> |<--- da_len --->| | |
> | | | |
> | .--------------' | |
> | | .----------------' |
> | | | .----------------'
> | | | |
> | | +----+----+----+----+
> | | |||||||||||||||||||||
> | | +----+----+----+----+
> | |
> | '--------------. da_len = sg_dma_len(sg) + sg->offset, using
> | | 'sg_dma_len(sg) + sg->offset' will lead to GPUVA
> +----+ ~~~~~~~~~~~~~+ collision, but min_t(unsigned int, da_len, va_len)
> |xxxx| | will clamp it to correct size. But the IOVA will
> +----+ ~~~~~~~~~~~~~+ be redirect to wrong area.
> ^
> | Picture 0: Possibly wrong implementation.
> GPUVA (IOVA)
>
> --------------------------------------------------------------------------
>
> .------- sg_dma_address(sg)
> | .---- sg_dma_len(sg)
> |<-sg->offset->| |
> | |<-->| another one cpu page
> +----+----+----+----+ +----+----+----+----+
> | |||||| |||||||||||||||||||||
> +----+----+----+----+ +----+----+----+----+
> ^ ^ ^ ^
> | | | |
> .--------------' | | |
> | | | |
> | .--------------' | |
> | | .----------------' |
> | | | .----------------'
> | | | |
> +----+ +----+----+----+----+
> |||||| ||||||||||||||||||||| The first one is SZ_4K, the second is SZ_16K
> +----+ +----+----+----+----+
> ^
> | Picture 1: Perfectly correct implementation.
> GPUVA (IOVA)
>
> If sg->offset != 0 is true, IOVA will be mapped to wrong physical address.
> Either because there doesn't contain the data or there contains wrong data.
> Strictly speaking, the memory area that before sg_dma_address(sg) doesn't
> belong to us, and it's likely that the area is being used by other process.
>
> Because we don't want to introduce confusions about which part is visible
> to the GPU, we assumes that the size of GPUVA is always 4KiB aligned. This
> is very relaxed requirement, since we already made the decision that GPU
> page size is 4KiB (as a canonical decision). And softpin feature is landed,
> Mesa's util_vma_heap_alloc() will certainly report correct length of GPUVA
> to kernel with desired alignment ensured.
>
> With above statements agreed, drop the "offset in page" manipulation will
> return us a correct implementation at any case.
>
> Fixes: a8c21a5451d8 ("drm/etnaviv: add initial etnaviv DRM driver")
> Signed-off-by: Sui Jingfeng <sui.jingfeng(a)linux.dev>
> Signed-off-by: Lucas Stach <l.stach(a)pengutronix.de>
> Signed-off-by: Sasha Levin <sashal(a)kernel.org>
>
> diff --git a/drivers/gpu/drm/etnaviv/etnaviv_mmu.c b/drivers/gpu/drm/etnaviv/etnaviv_mmu.c
> index a382920ae2be0..b7c09fc86a2cc 100644
> --- a/drivers/gpu/drm/etnaviv/etnaviv_mmu.c
> +++ b/drivers/gpu/drm/etnaviv/etnaviv_mmu.c
> @@ -82,8 +82,8 @@ static int etnaviv_iommu_map(struct etnaviv_iommu_context *context,
> return -EINVAL;
>
> for_each_sgtable_dma_sg(sgt, sg, i) {
> - phys_addr_t pa = sg_dma_address(sg) - sg->offset;
> - unsigned int da_len = sg_dma_len(sg) + sg->offset;
> + phys_addr_t pa = sg_dma_address(sg);
> + unsigned int da_len = sg_dma_len(sg);
> unsigned int bytes = min_t(unsigned int, da_len, va_len);
>
> VERB("map[%d]: %08x %pap(%x)", i, iova, &pa, bytes);
4 months, 2 weeks
- 3
- 6
[PATCH Linux-6.12.y 1/1] selftests/mm: build with -O2
by Yifei Liu
From: Kevin Brodsky <kevin.brodsky(a)arm.com>
[ Upstream commit 46036188ea1f5266df23a6149dea0df1c77cd1c7 ]
The mm kselftests are currently built with no optimisation (-O0). It's
unclear why, and besides being obviously suboptimal, this also prevents
the pkeys tests from working as intended. Let's build all the tests with
-O2.
[kevin.brodsky(a)arm.com: silence unused-result warnings]
Link: https://lkml.kernel.org/r/20250107170110.2819685-1-kevin.brodsky@arm.com
Link: https://lkml.kernel.org/r/20241209095019.1732120-6-kevin.brodsky@arm.com
Signed-off-by: Kevin Brodsky <kevin.brodsky(a)arm.com>
Cc: Aruna Ramakrishna <aruna.ramakrishna(a)oracle.com>
Cc: Catalin Marinas <catalin.marinas(a)arm.com>
Cc: Dave Hansen <dave.hansen(a)linux.intel.com>
Cc: Joey Gouly <joey.gouly(a)arm.com>
Cc: Keith Lucas <keith.lucas(a)oracle.com>
Cc: Ryan Roberts <ryan.roberts(a)arm.com>
Cc: Shuah Khan <shuah(a)kernel.org>
Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org>
(cherry picked from commit 46036188ea1f5266df23a6149dea0df1c77cd1c7)
[Yifei: This commit also fix the failure of pkey_sighandler_tests_64,
which is also in linux-6.12.y, thus backport this commit]
Signed-off-by: Yifei Liu <yifei.l.liu(a)oracle.com>
---
tools/testing/selftests/mm/Makefile | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/tools/testing/selftests/mm/Makefile b/tools/testing/selftests/mm/Makefile
index 02e1204971b0..c0138cb19705 100644
--- a/tools/testing/selftests/mm/Makefile
+++ b/tools/testing/selftests/mm/Makefile
@@ -33,9 +33,16 @@ endif
# LDLIBS.
MAKEFLAGS += --no-builtin-rules
-CFLAGS = -Wall -I $(top_srcdir) $(EXTRA_CFLAGS) $(KHDR_INCLUDES) $(TOOLS_INCLUDES)
+CFLAGS = -Wall -O2 -I $(top_srcdir) $(EXTRA_CFLAGS) $(KHDR_INCLUDES) $(TOOLS_INCLUDES)
LDLIBS = -lrt -lpthread -lm
+# Some distributions (such as Ubuntu) configure GCC so that _FORTIFY_SOURCE is
+# automatically enabled at -O1 or above. This triggers various unused-result
+# warnings where functions such as read() or write() are called and their
+# return value is not checked. Disable _FORTIFY_SOURCE to silence those
+# warnings.
+CFLAGS += -U_FORTIFY_SOURCE
+
TEST_GEN_FILES = cow
TEST_GEN_FILES += compaction_test
TEST_GEN_FILES += gup_longterm
--
2.46.0
4 months, 2 weeks
- 3
- 2
FAILED: patch "[PATCH] drm/amd/display: Reduce accessing remote DPCD overhead" failed to apply to 6.12-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.12-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y
git checkout FETCH_HEAD
git cherry-pick -x adb4998f4928a17d91be054218a902ba9f8c1f93
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025012032-phoenix-crushing-da7a@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From adb4998f4928a17d91be054218a902ba9f8c1f93 Mon Sep 17 00:00:00 2001
From: Wayne Lin <Wayne.Lin(a)amd.com>
Date: Mon, 9 Dec 2024 15:25:35 +0800
Subject: [PATCH] drm/amd/display: Reduce accessing remote DPCD overhead
[Why]
Observed frame rate get dropped by tool like glxgear. Even though the
output to monitor is 60Hz, the rendered frame rate drops to 30Hz lower.
It's due to code path in some cases will trigger
dm_dp_mst_is_port_support_mode() to read out remote Link status to
assess the available bandwidth for dsc maniplation. Overhead of keep
reading remote DPCD is considerable.
[How]
Store the remote link BW in mst_local_bw and use end-to-end full_pbn
as an indicator to decide whether update the remote link bw or not.
Whenever we need the info to assess the BW, visit the stored one first.
Closes: https://gitlab.freedesktop.org/drm/amd/-/issues/3720
Fixes: fa57924c76d9 ("drm/amd/display: Refactor function dm_dp_mst_is_port_support_mode()")
Cc: Mario Limonciello <mario.limonciello(a)amd.com>
Cc: Alex Deucher <alexander.deucher(a)amd.com>
Reviewed-by: Jerry Zuo <jerry.zuo(a)amd.com>
Signed-off-by: Wayne Lin <Wayne.Lin(a)amd.com>
Signed-off-by: Tom Chung <chiahsuan.chung(a)amd.com>
Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com>
Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com>
(cherry picked from commit 4a9a918545455a5979c6232fcf61ed3d8f0db3ae)
Cc: stable(a)vger.kernel.org
diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.h b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.h
index 6464a8378387..2227cd8e4a89 100644
--- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.h
+++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.h
@@ -697,6 +697,8 @@ struct amdgpu_dm_connector {
struct drm_dp_mst_port *mst_output_port;
struct amdgpu_dm_connector *mst_root;
struct drm_dp_aux *dsc_aux;
+ uint32_t mst_local_bw;
+ uint16_t vc_full_pbn;
struct mutex handle_mst_msg_ready;
/* TODO see if we can merge with ddc_bus or make a dm_connector */
diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c
index aadaa61ac5ac..1080075ccb17 100644
--- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c
+++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c
@@ -155,6 +155,17 @@ amdgpu_dm_mst_connector_late_register(struct drm_connector *connector)
return 0;
}
+
+static inline void
+amdgpu_dm_mst_reset_mst_connector_setting(struct amdgpu_dm_connector *aconnector)
+{
+ aconnector->drm_edid = NULL;
+ aconnector->dsc_aux = NULL;
+ aconnector->mst_output_port->passthrough_aux = NULL;
+ aconnector->mst_local_bw = 0;
+ aconnector->vc_full_pbn = 0;
+}
+
static void
amdgpu_dm_mst_connector_early_unregister(struct drm_connector *connector)
{
@@ -182,9 +193,7 @@ amdgpu_dm_mst_connector_early_unregister(struct drm_connector *connector)
dc_sink_release(dc_sink);
aconnector->dc_sink = NULL;
- aconnector->drm_edid = NULL;
- aconnector->dsc_aux = NULL;
- port->passthrough_aux = NULL;
+ amdgpu_dm_mst_reset_mst_connector_setting(aconnector);
}
aconnector->mst_status = MST_STATUS_DEFAULT;
@@ -504,9 +513,7 @@ dm_dp_mst_detect(struct drm_connector *connector,
dc_sink_release(aconnector->dc_sink);
aconnector->dc_sink = NULL;
- aconnector->drm_edid = NULL;
- aconnector->dsc_aux = NULL;
- port->passthrough_aux = NULL;
+ amdgpu_dm_mst_reset_mst_connector_setting(aconnector);
amdgpu_dm_set_mst_status(&aconnector->mst_status,
MST_REMOTE_EDID | MST_ALLOCATE_NEW_PAYLOAD | MST_CLEAR_ALLOCATED_PAYLOAD,
@@ -1819,9 +1826,18 @@ enum dc_status dm_dp_mst_is_port_support_mode(
struct drm_dp_mst_port *immediate_upstream_port = NULL;
uint32_t end_link_bw = 0;
- /*Get last DP link BW capability*/
- if (dp_get_link_current_set_bw(&aconnector->mst_output_port->aux, &end_link_bw)) {
- if (stream_kbps > end_link_bw) {
+ /*Get last DP link BW capability. Mode shall be supported by Legacy peer*/
+ if (aconnector->mst_output_port->pdt != DP_PEER_DEVICE_DP_LEGACY_CONV &&
+ aconnector->mst_output_port->pdt != DP_PEER_DEVICE_NONE) {
+ if (aconnector->vc_full_pbn != aconnector->mst_output_port->full_pbn) {
+ dp_get_link_current_set_bw(&aconnector->mst_output_port->aux, &end_link_bw);
+ aconnector->vc_full_pbn = aconnector->mst_output_port->full_pbn;
+ aconnector->mst_local_bw = end_link_bw;
+ } else {
+ end_link_bw = aconnector->mst_local_bw;
+ }
+
+ if (end_link_bw > 0 && stream_kbps > end_link_bw) {
DRM_DEBUG_DRIVER("MST_DSC dsc decode at last link."
"Mode required bw can't fit into last link\n");
return DC_FAIL_BANDWIDTH_VALIDATE;
4 months, 2 weeks
- 5
- 4
[PATCH v2 1/3] KVM: arm64: timer: Always evaluate the need for a soft timer
by Marc Zyngier
When updating the interrupt state for an emulated timer, we return
early and skip the setup of a soft timer that runs in parallel
with the guest.
While this is OK if we have set the interrupt pending, it is pretty
wrong if the guest moved CVAL into the future. In that case,
no timer is armed and the guest can wait for a very long time
(it will take a full put/load cycle for the situation to resolve).
This is specially visible with EDK2 running at EL2, but still
using the EL1 virtual timer, which in that case is fully emulated.
Any key-press takes ages to be captured, as there is no UART
interrupt and EDK2 relies on polling from a timer...
The fix is simply to drop the early return. If the timer interrupt
is pending, we will still return early, and otherwise arm the soft
timer.
Fixes: 4d74ecfa6458b ("KVM: arm64: Don't arm a hrtimer for an already pending timer")
Signed-off-by: Marc Zyngier <maz(a)kernel.org>
Cc: stable(a)vger.kernel.org
---
arch/arm64/kvm/arch_timer.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/arch/arm64/kvm/arch_timer.c b/arch/arm64/kvm/arch_timer.c
index d3d243366536c..035e43f5d4f9a 100644
--- a/arch/arm64/kvm/arch_timer.c
+++ b/arch/arm64/kvm/arch_timer.c
@@ -471,10 +471,8 @@ static void timer_emulate(struct arch_timer_context *ctx)
trace_kvm_timer_emulate(ctx, should_fire);
- if (should_fire != ctx->irq.level) {
+ if (should_fire != ctx->irq.level)
kvm_timer_update_irq(ctx->vcpu, should_fire, ctx);
- return;
- }
kvm_timer_update_status(ctx, should_fire);
--
2.39.2
4 months, 2 weeks
- 2
- 1
[PATCH 1/3] KVM: arm64: timer: Always evaluate the need for a soft timer
by Marc Zyngier
When updating the interrupt state for an emulated timer, we return
early and skip the setup of a soft timer that runs in parallel
with the guest.
While this is OK if we have set the interrupt pending, it is pretty
wrong if the guest moved CVAL into the future. In that case,
no timer is armed and the guest can wait for a very long time
(it will take a full put/load cycle for the situation to resolve).
This is specially visible with EDK2 running at EL2, but still
using the EL1 virtual timer, which in that case is fully emulated.
Any key-press takes ages to be captured, as there is no UART
interrupt and EDK2 relies on polling from a timer...
The fix is simply to drop the early return. If the timer interrupt
is pending, we will still return early, and otherwise arm the soft
timer.
Fixes: 4d74ecfa6458b ("KVM: arm64: Don't arm a hrtimer for an already pending timer")
Signed-off-by: Marc Zyngier <maz(a)kernel.org>
Cc: stable(a)vger.kernel.org
---
arch/arm64/kvm/arch_timer.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/arch/arm64/kvm/arch_timer.c b/arch/arm64/kvm/arch_timer.c
index d3d243366536c..035e43f5d4f9a 100644
--- a/arch/arm64/kvm/arch_timer.c
+++ b/arch/arm64/kvm/arch_timer.c
@@ -471,10 +471,8 @@ static void timer_emulate(struct arch_timer_context *ctx)
trace_kvm_timer_emulate(ctx, should_fire);
- if (should_fire != ctx->irq.level) {
+ if (should_fire != ctx->irq.level)
kvm_timer_update_irq(ctx->vcpu, should_fire, ctx);
- return;
- }
kvm_timer_update_status(ctx, should_fire);
--
2.39.2
4 months, 2 weeks
- 2
- 1
FAILED: patch "[PATCH] usb: xhci: Fix NULL pointer dereference on certain command" failed to apply to 5.4-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 5.4-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y
git checkout FETCH_HEAD
git cherry-pick -x 1e0a19912adb68a4b2b74fd77001c96cd83eb073
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025020458-rental-overbill-09f4@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 1e0a19912adb68a4b2b74fd77001c96cd83eb073 Mon Sep 17 00:00:00 2001
From: Michal Pecio <michal.pecio(a)gmail.com>
Date: Fri, 27 Dec 2024 14:01:40 +0200
Subject: [PATCH] usb: xhci: Fix NULL pointer dereference on certain command
aborts
If a command is queued to the final usable TRB of a ring segment, the
enqueue pointer is advanced to the subsequent link TRB and no further.
If the command is later aborted, when the abort completion is handled
the dequeue pointer is advanced to the first TRB of the next segment.
If no further commands are queued, xhci_handle_stopped_cmd_ring() sees
the ring pointers unequal and assumes that there is a pending command,
so it calls xhci_mod_cmd_timer() which crashes if cur_cmd was NULL.
Don't attempt timer setup if cur_cmd is NULL. The subsequent doorbell
ring likely is unnecessary too, but it's harmless. Leave it alone.
This is probably Bug 219532, but no confirmation has been received.
The issue has been independently reproduced and confirmed fixed using
a USB MCU programmed to NAK the Status stage of SET_ADDRESS forever.
Everything continued working normally after several prevented crashes.
Link: https://bugzilla.kernel.org/show_bug.cgi?id=219532
Fixes: c311e391a7ef ("xhci: rework command timeout and cancellation,")
CC: stable(a)vger.kernel.org
Signed-off-by: Michal Pecio <michal.pecio(a)gmail.com>
Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com>
Link: https://lore.kernel.org/r/20241227120142.1035206-4-mathias.nyman@linux.inte…
Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
diff --git a/drivers/usb/host/xhci-ring.c b/drivers/usb/host/xhci-ring.c
index 09b05a62375e..dfe1a676d487 100644
--- a/drivers/usb/host/xhci-ring.c
+++ b/drivers/usb/host/xhci-ring.c
@@ -422,7 +422,8 @@ static void xhci_handle_stopped_cmd_ring(struct xhci_hcd *xhci,
if ((xhci->cmd_ring->dequeue != xhci->cmd_ring->enqueue) &&
!(xhci->xhc_state & XHCI_STATE_DYING)) {
xhci->current_cmd = cur_cmd;
- xhci_mod_cmd_timer(xhci);
+ if (cur_cmd)
+ xhci_mod_cmd_timer(xhci);
xhci_ring_cmd_db(xhci);
}
}
4 months, 2 weeks
- 1
- 0
FAILED: patch "[PATCH] usb: xhci: Fix NULL pointer dereference on certain command" failed to apply to 5.15-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 5.15-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y
git checkout FETCH_HEAD
git cherry-pick -x 1e0a19912adb68a4b2b74fd77001c96cd83eb073
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025020457-afternoon-avert-fefb@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 1e0a19912adb68a4b2b74fd77001c96cd83eb073 Mon Sep 17 00:00:00 2001
From: Michal Pecio <michal.pecio(a)gmail.com>
Date: Fri, 27 Dec 2024 14:01:40 +0200
Subject: [PATCH] usb: xhci: Fix NULL pointer dereference on certain command
aborts
If a command is queued to the final usable TRB of a ring segment, the
enqueue pointer is advanced to the subsequent link TRB and no further.
If the command is later aborted, when the abort completion is handled
the dequeue pointer is advanced to the first TRB of the next segment.
If no further commands are queued, xhci_handle_stopped_cmd_ring() sees
the ring pointers unequal and assumes that there is a pending command,
so it calls xhci_mod_cmd_timer() which crashes if cur_cmd was NULL.
Don't attempt timer setup if cur_cmd is NULL. The subsequent doorbell
ring likely is unnecessary too, but it's harmless. Leave it alone.
This is probably Bug 219532, but no confirmation has been received.
The issue has been independently reproduced and confirmed fixed using
a USB MCU programmed to NAK the Status stage of SET_ADDRESS forever.
Everything continued working normally after several prevented crashes.
Link: https://bugzilla.kernel.org/show_bug.cgi?id=219532
Fixes: c311e391a7ef ("xhci: rework command timeout and cancellation,")
CC: stable(a)vger.kernel.org
Signed-off-by: Michal Pecio <michal.pecio(a)gmail.com>
Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com>
Link: https://lore.kernel.org/r/20241227120142.1035206-4-mathias.nyman@linux.inte…
Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
diff --git a/drivers/usb/host/xhci-ring.c b/drivers/usb/host/xhci-ring.c
index 09b05a62375e..dfe1a676d487 100644
--- a/drivers/usb/host/xhci-ring.c
+++ b/drivers/usb/host/xhci-ring.c
@@ -422,7 +422,8 @@ static void xhci_handle_stopped_cmd_ring(struct xhci_hcd *xhci,
if ((xhci->cmd_ring->dequeue != xhci->cmd_ring->enqueue) &&
!(xhci->xhc_state & XHCI_STATE_DYING)) {
xhci->current_cmd = cur_cmd;
- xhci_mod_cmd_timer(xhci);
+ if (cur_cmd)
+ xhci_mod_cmd_timer(xhci);
xhci_ring_cmd_db(xhci);
}
}
4 months, 2 weeks
- 1
- 0
FAILED: patch "[PATCH] usb: xhci: Fix NULL pointer dereference on certain command" failed to apply to 5.10-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 5.10-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y
git checkout FETCH_HEAD
git cherry-pick -x 1e0a19912adb68a4b2b74fd77001c96cd83eb073
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025020457-imprecise-rectify-1264@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 1e0a19912adb68a4b2b74fd77001c96cd83eb073 Mon Sep 17 00:00:00 2001
From: Michal Pecio <michal.pecio(a)gmail.com>
Date: Fri, 27 Dec 2024 14:01:40 +0200
Subject: [PATCH] usb: xhci: Fix NULL pointer dereference on certain command
aborts
If a command is queued to the final usable TRB of a ring segment, the
enqueue pointer is advanced to the subsequent link TRB and no further.
If the command is later aborted, when the abort completion is handled
the dequeue pointer is advanced to the first TRB of the next segment.
If no further commands are queued, xhci_handle_stopped_cmd_ring() sees
the ring pointers unequal and assumes that there is a pending command,
so it calls xhci_mod_cmd_timer() which crashes if cur_cmd was NULL.
Don't attempt timer setup if cur_cmd is NULL. The subsequent doorbell
ring likely is unnecessary too, but it's harmless. Leave it alone.
This is probably Bug 219532, but no confirmation has been received.
The issue has been independently reproduced and confirmed fixed using
a USB MCU programmed to NAK the Status stage of SET_ADDRESS forever.
Everything continued working normally after several prevented crashes.
Link: https://bugzilla.kernel.org/show_bug.cgi?id=219532
Fixes: c311e391a7ef ("xhci: rework command timeout and cancellation,")
CC: stable(a)vger.kernel.org
Signed-off-by: Michal Pecio <michal.pecio(a)gmail.com>
Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com>
Link: https://lore.kernel.org/r/20241227120142.1035206-4-mathias.nyman@linux.inte…
Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
diff --git a/drivers/usb/host/xhci-ring.c b/drivers/usb/host/xhci-ring.c
index 09b05a62375e..dfe1a676d487 100644
--- a/drivers/usb/host/xhci-ring.c
+++ b/drivers/usb/host/xhci-ring.c
@@ -422,7 +422,8 @@ static void xhci_handle_stopped_cmd_ring(struct xhci_hcd *xhci,
if ((xhci->cmd_ring->dequeue != xhci->cmd_ring->enqueue) &&
!(xhci->xhc_state & XHCI_STATE_DYING)) {
xhci->current_cmd = cur_cmd;
- xhci_mod_cmd_timer(xhci);
+ if (cur_cmd)
+ xhci_mod_cmd_timer(xhci);
xhci_ring_cmd_db(xhci);
}
}
4 months, 2 weeks
- 1
- 0
FAILED: patch "[PATCH] net: usb: rtl8150: enable basic endpoint checking" failed to apply to 5.4-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 5.4-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y
git checkout FETCH_HEAD
git cherry-pick -x 90b7f2961798793275b4844348619b622f983907
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025020432-salaried-spree-b4a5@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 90b7f2961798793275b4844348619b622f983907 Mon Sep 17 00:00:00 2001
From: Nikita Zhandarovich <n.zhandarovich(a)fintech.ru>
Date: Fri, 24 Jan 2025 01:30:20 -0800
Subject: [PATCH] net: usb: rtl8150: enable basic endpoint checking
Syzkaller reports [1] encountering a common issue of utilizing a wrong
usb endpoint type during URB submitting stage. This, in turn, triggers
a warning shown below.
For now, enable simple endpoint checking (specifically, bulk and
interrupt eps, testing control one is not essential) to mitigate
the issue with a view to do other related cosmetic changes later,
if they are necessary.
[1] Syzkaller report:
usb 1-1: BOGUS urb xfer, pipe 3 != type 1
WARNING: CPU: 1 PID: 2586 at drivers/usb/core/urb.c:503 usb_submit_urb+0xe4b/0x1730 driv>
Modules linked in:
CPU: 1 UID: 0 PID: 2586 Comm: dhcpcd Not tainted 6.11.0-rc4-syzkaller-00069-gfc88bb11617>
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
RIP: 0010:usb_submit_urb+0xe4b/0x1730 drivers/usb/core/urb.c:503
Code: 84 3c 02 00 00 e8 05 e4 fc fc 4c 89 ef e8 fd 25 d7 fe 45 89 e0 89 e9 4c 89 f2 48 8>
RSP: 0018:ffffc9000441f740 EFLAGS: 00010282
RAX: 0000000000000000 RBX: ffff888112487a00 RCX: ffffffff811a99a9
RDX: ffff88810df6ba80 RSI: ffffffff811a99b6 RDI: 0000000000000001
RBP: 0000000000000003 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000001
R13: ffff8881023bf0a8 R14: ffff888112452a20 R15: ffff888112487a7c
FS: 00007fc04eea5740(0000) GS:ffff8881f6300000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f0a1de9f870 CR3: 000000010dbd0000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
rtl8150_open+0x300/0xe30 drivers/net/usb/rtl8150.c:733
__dev_open+0x2d4/0x4e0 net/core/dev.c:1474
__dev_change_flags+0x561/0x720 net/core/dev.c:8838
dev_change_flags+0x8f/0x160 net/core/dev.c:8910
devinet_ioctl+0x127a/0x1f10 net/ipv4/devinet.c:1177
inet_ioctl+0x3aa/0x3f0 net/ipv4/af_inet.c:1003
sock_do_ioctl+0x116/0x280 net/socket.c:1222
sock_ioctl+0x22e/0x6c0 net/socket.c:1341
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:907 [inline]
__se_sys_ioctl fs/ioctl.c:893 [inline]
__x64_sys_ioctl+0x193/0x220 fs/ioctl.c:893
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fc04ef73d49
...
This change has not been tested on real hardware.
Reported-and-tested-by: syzbot+d7e968426f644b567e31(a)syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=d7e968426f644b567e31
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Cc: stable(a)vger.kernel.org
Signed-off-by: Nikita Zhandarovich <n.zhandarovich(a)fintech.ru>
Link: https://patch.msgid.link/20250124093020.234642-1-n.zhandarovich@fintech.ru
Signed-off-by: Paolo Abeni <pabeni(a)redhat.com>
diff --git a/drivers/net/usb/rtl8150.c b/drivers/net/usb/rtl8150.c
index 01a3b2417a54..ddff6f19ff98 100644
--- a/drivers/net/usb/rtl8150.c
+++ b/drivers/net/usb/rtl8150.c
@@ -71,6 +71,14 @@
#define MSR_SPEED (1<<3)
#define MSR_LINK (1<<2)
+/* USB endpoints */
+enum rtl8150_usb_ep {
+ RTL8150_USB_EP_CONTROL = 0,
+ RTL8150_USB_EP_BULK_IN = 1,
+ RTL8150_USB_EP_BULK_OUT = 2,
+ RTL8150_USB_EP_INT_IN = 3,
+};
+
/* Interrupt pipe data */
#define INT_TSR 0x00
#define INT_RSR 0x01
@@ -867,6 +875,13 @@ static int rtl8150_probe(struct usb_interface *intf,
struct usb_device *udev = interface_to_usbdev(intf);
rtl8150_t *dev;
struct net_device *netdev;
+ static const u8 bulk_ep_addr[] = {
+ RTL8150_USB_EP_BULK_IN | USB_DIR_IN,
+ RTL8150_USB_EP_BULK_OUT | USB_DIR_OUT,
+ 0};
+ static const u8 int_ep_addr[] = {
+ RTL8150_USB_EP_INT_IN | USB_DIR_IN,
+ 0};
netdev = alloc_etherdev(sizeof(rtl8150_t));
if (!netdev)
@@ -880,6 +895,13 @@ static int rtl8150_probe(struct usb_interface *intf,
return -ENOMEM;
}
+ /* Verify that all required endpoints are present */
+ if (!usb_check_bulk_endpoints(intf, bulk_ep_addr) ||
+ !usb_check_int_endpoints(intf, int_ep_addr)) {
+ dev_err(&intf->dev, "couldn't find required endpoints\n");
+ goto out;
+ }
+
tasklet_setup(&dev->tl, rx_fixup);
spin_lock_init(&dev->rx_pool_lock);
4 months, 2 weeks
- 1
- 0
FAILED: patch "[PATCH] net: usb: rtl8150: enable basic endpoint checking" failed to apply to 5.10-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 5.10-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y
git checkout FETCH_HEAD
git cherry-pick -x 90b7f2961798793275b4844348619b622f983907
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025020431-body-zebra-fc67@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 90b7f2961798793275b4844348619b622f983907 Mon Sep 17 00:00:00 2001
From: Nikita Zhandarovich <n.zhandarovich(a)fintech.ru>
Date: Fri, 24 Jan 2025 01:30:20 -0800
Subject: [PATCH] net: usb: rtl8150: enable basic endpoint checking
Syzkaller reports [1] encountering a common issue of utilizing a wrong
usb endpoint type during URB submitting stage. This, in turn, triggers
a warning shown below.
For now, enable simple endpoint checking (specifically, bulk and
interrupt eps, testing control one is not essential) to mitigate
the issue with a view to do other related cosmetic changes later,
if they are necessary.
[1] Syzkaller report:
usb 1-1: BOGUS urb xfer, pipe 3 != type 1
WARNING: CPU: 1 PID: 2586 at drivers/usb/core/urb.c:503 usb_submit_urb+0xe4b/0x1730 driv>
Modules linked in:
CPU: 1 UID: 0 PID: 2586 Comm: dhcpcd Not tainted 6.11.0-rc4-syzkaller-00069-gfc88bb11617>
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
RIP: 0010:usb_submit_urb+0xe4b/0x1730 drivers/usb/core/urb.c:503
Code: 84 3c 02 00 00 e8 05 e4 fc fc 4c 89 ef e8 fd 25 d7 fe 45 89 e0 89 e9 4c 89 f2 48 8>
RSP: 0018:ffffc9000441f740 EFLAGS: 00010282
RAX: 0000000000000000 RBX: ffff888112487a00 RCX: ffffffff811a99a9
RDX: ffff88810df6ba80 RSI: ffffffff811a99b6 RDI: 0000000000000001
RBP: 0000000000000003 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000001
R13: ffff8881023bf0a8 R14: ffff888112452a20 R15: ffff888112487a7c
FS: 00007fc04eea5740(0000) GS:ffff8881f6300000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f0a1de9f870 CR3: 000000010dbd0000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
rtl8150_open+0x300/0xe30 drivers/net/usb/rtl8150.c:733
__dev_open+0x2d4/0x4e0 net/core/dev.c:1474
__dev_change_flags+0x561/0x720 net/core/dev.c:8838
dev_change_flags+0x8f/0x160 net/core/dev.c:8910
devinet_ioctl+0x127a/0x1f10 net/ipv4/devinet.c:1177
inet_ioctl+0x3aa/0x3f0 net/ipv4/af_inet.c:1003
sock_do_ioctl+0x116/0x280 net/socket.c:1222
sock_ioctl+0x22e/0x6c0 net/socket.c:1341
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:907 [inline]
__se_sys_ioctl fs/ioctl.c:893 [inline]
__x64_sys_ioctl+0x193/0x220 fs/ioctl.c:893
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fc04ef73d49
...
This change has not been tested on real hardware.
Reported-and-tested-by: syzbot+d7e968426f644b567e31(a)syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=d7e968426f644b567e31
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Cc: stable(a)vger.kernel.org
Signed-off-by: Nikita Zhandarovich <n.zhandarovich(a)fintech.ru>
Link: https://patch.msgid.link/20250124093020.234642-1-n.zhandarovich@fintech.ru
Signed-off-by: Paolo Abeni <pabeni(a)redhat.com>
diff --git a/drivers/net/usb/rtl8150.c b/drivers/net/usb/rtl8150.c
index 01a3b2417a54..ddff6f19ff98 100644
--- a/drivers/net/usb/rtl8150.c
+++ b/drivers/net/usb/rtl8150.c
@@ -71,6 +71,14 @@
#define MSR_SPEED (1<<3)
#define MSR_LINK (1<<2)
+/* USB endpoints */
+enum rtl8150_usb_ep {
+ RTL8150_USB_EP_CONTROL = 0,
+ RTL8150_USB_EP_BULK_IN = 1,
+ RTL8150_USB_EP_BULK_OUT = 2,
+ RTL8150_USB_EP_INT_IN = 3,
+};
+
/* Interrupt pipe data */
#define INT_TSR 0x00
#define INT_RSR 0x01
@@ -867,6 +875,13 @@ static int rtl8150_probe(struct usb_interface *intf,
struct usb_device *udev = interface_to_usbdev(intf);
rtl8150_t *dev;
struct net_device *netdev;
+ static const u8 bulk_ep_addr[] = {
+ RTL8150_USB_EP_BULK_IN | USB_DIR_IN,
+ RTL8150_USB_EP_BULK_OUT | USB_DIR_OUT,
+ 0};
+ static const u8 int_ep_addr[] = {
+ RTL8150_USB_EP_INT_IN | USB_DIR_IN,
+ 0};
netdev = alloc_etherdev(sizeof(rtl8150_t));
if (!netdev)
@@ -880,6 +895,13 @@ static int rtl8150_probe(struct usb_interface *intf,
return -ENOMEM;
}
+ /* Verify that all required endpoints are present */
+ if (!usb_check_bulk_endpoints(intf, bulk_ep_addr) ||
+ !usb_check_int_endpoints(intf, int_ep_addr)) {
+ dev_err(&intf->dev, "couldn't find required endpoints\n");
+ goto out;
+ }
+
tasklet_setup(&dev->tl, rx_fixup);
spin_lock_init(&dev->rx_pool_lock);
4 months, 2 weeks
- 1
- 0
FAILED: patch "[PATCH] xfs: don't shut down the filesystem for media failures beyond" failed to apply to 6.1-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.1-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y
git checkout FETCH_HEAD
git cherry-pick -x f4ed93037966aea07ae6b10ab208976783d24e2e
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025020426-bobtail-police-e100@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From f4ed93037966aea07ae6b10ab208976783d24e2e Mon Sep 17 00:00:00 2001
From: "Darrick J. Wong" <djwong(a)kernel.org>
Date: Tue, 17 Dec 2024 13:43:06 -0800
Subject: [PATCH] xfs: don't shut down the filesystem for media failures beyond
end of log
If the filesystem has an external log device on pmem and the pmem
reports a media error beyond the end of the log area, don't shut down
the filesystem because we don't use that space.
Cc: <stable(a)vger.kernel.org> # v6.0
Fixes: 6f643c57d57c56 ("xfs: implement ->notify_failure() for XFS")
Signed-off-by: "Darrick J. Wong" <djwong(a)kernel.org>
Reviewed-by: Christoph Hellwig <hch(a)lst.de>
diff --git a/fs/xfs/xfs_notify_failure.c b/fs/xfs/xfs_notify_failure.c
index fa50e5308292..0b0b0f31aca2 100644
--- a/fs/xfs/xfs_notify_failure.c
+++ b/fs/xfs/xfs_notify_failure.c
@@ -153,6 +153,79 @@ xfs_dax_notify_failure_thaw(
thaw_super(sb, FREEZE_HOLDER_USERSPACE);
}
+static int
+xfs_dax_translate_range(
+ struct xfs_buftarg *btp,
+ u64 offset,
+ u64 len,
+ xfs_daddr_t *daddr,
+ uint64_t *bblen)
+{
+ u64 dev_start = btp->bt_dax_part_off;
+ u64 dev_len = bdev_nr_bytes(btp->bt_bdev);
+ u64 dev_end = dev_start + dev_len - 1;
+
+ /* Notify failure on the whole device. */
+ if (offset == 0 && len == U64_MAX) {
+ offset = dev_start;
+ len = dev_len;
+ }
+
+ /* Ignore the range out of filesystem area */
+ if (offset + len - 1 < dev_start)
+ return -ENXIO;
+ if (offset > dev_end)
+ return -ENXIO;
+
+ /* Calculate the real range when it touches the boundary */
+ if (offset > dev_start)
+ offset -= dev_start;
+ else {
+ len -= dev_start - offset;
+ offset = 0;
+ }
+ if (offset + len - 1 > dev_end)
+ len = dev_end - offset + 1;
+
+ *daddr = BTOBB(offset);
+ *bblen = BTOBB(len);
+ return 0;
+}
+
+static int
+xfs_dax_notify_logdev_failure(
+ struct xfs_mount *mp,
+ u64 offset,
+ u64 len,
+ int mf_flags)
+{
+ xfs_daddr_t daddr;
+ uint64_t bblen;
+ int error;
+
+ /*
+ * Return ENXIO instead of shutting down the filesystem if the failed
+ * region is beyond the end of the log.
+ */
+ error = xfs_dax_translate_range(mp->m_logdev_targp,
+ offset, len, &daddr, &bblen);
+ if (error)
+ return error;
+
+ /*
+ * In the pre-remove case the failure notification is attempting to
+ * trigger a force unmount. The expectation is that the device is
+ * still present, but its removal is in progress and can not be
+ * cancelled, proceed with accessing the log device.
+ */
+ if (mf_flags & MF_MEM_PRE_REMOVE)
+ return 0;
+
+ xfs_err(mp, "ondisk log corrupt, shutting down fs!");
+ xfs_force_shutdown(mp, SHUTDOWN_CORRUPT_ONDISK);
+ return -EFSCORRUPTED;
+}
+
static int
xfs_dax_notify_ddev_failure(
struct xfs_mount *mp,
@@ -263,8 +336,9 @@ xfs_dax_notify_failure(
int mf_flags)
{
struct xfs_mount *mp = dax_holder(dax_dev);
- u64 ddev_start;
- u64 ddev_end;
+ xfs_daddr_t daddr;
+ uint64_t bblen;
+ int error;
if (!(mp->m_super->s_flags & SB_BORN)) {
xfs_warn(mp, "filesystem is not ready for notify_failure()!");
@@ -279,17 +353,7 @@ xfs_dax_notify_failure(
if (mp->m_logdev_targp && mp->m_logdev_targp->bt_daxdev == dax_dev &&
mp->m_logdev_targp != mp->m_ddev_targp) {
- /*
- * In the pre-remove case the failure notification is attempting
- * to trigger a force unmount. The expectation is that the
- * device is still present, but its removal is in progress and
- * can not be cancelled, proceed with accessing the log device.
- */
- if (mf_flags & MF_MEM_PRE_REMOVE)
- return 0;
- xfs_err(mp, "ondisk log corrupt, shutting down fs!");
- xfs_force_shutdown(mp, SHUTDOWN_CORRUPT_ONDISK);
- return -EFSCORRUPTED;
+ return xfs_dax_notify_logdev_failure(mp, offset, len, mf_flags);
}
if (!xfs_has_rmapbt(mp)) {
@@ -297,33 +361,12 @@ xfs_dax_notify_failure(
return -EOPNOTSUPP;
}
- ddev_start = mp->m_ddev_targp->bt_dax_part_off;
- ddev_end = ddev_start + bdev_nr_bytes(mp->m_ddev_targp->bt_bdev) - 1;
+ error = xfs_dax_translate_range(mp->m_ddev_targp, offset, len, &daddr,
+ &bblen);
+ if (error)
+ return error;
- /* Notify failure on the whole device. */
- if (offset == 0 && len == U64_MAX) {
- offset = ddev_start;
- len = bdev_nr_bytes(mp->m_ddev_targp->bt_bdev);
- }
-
- /* Ignore the range out of filesystem area */
- if (offset + len - 1 < ddev_start)
- return -ENXIO;
- if (offset > ddev_end)
- return -ENXIO;
-
- /* Calculate the real range when it touches the boundary */
- if (offset > ddev_start)
- offset -= ddev_start;
- else {
- len -= ddev_start - offset;
- offset = 0;
- }
- if (offset + len - 1 > ddev_end)
- len = ddev_end - offset + 1;
-
- return xfs_dax_notify_ddev_failure(mp, BTOBB(offset), BTOBB(len),
- mf_flags);
+ return xfs_dax_notify_ddev_failure(mp, daddr, bblen, mf_flags);
}
const struct dax_holder_operations xfs_dax_holder_operations = {
4 months, 2 weeks
- 1
- 0
FAILED: patch "[PATCH] xfs: don't shut down the filesystem for media failures beyond" failed to apply to 6.6-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.6-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y
git checkout FETCH_HEAD
git cherry-pick -x f4ed93037966aea07ae6b10ab208976783d24e2e
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025020426-favoring-stoke-6cfa@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From f4ed93037966aea07ae6b10ab208976783d24e2e Mon Sep 17 00:00:00 2001
From: "Darrick J. Wong" <djwong(a)kernel.org>
Date: Tue, 17 Dec 2024 13:43:06 -0800
Subject: [PATCH] xfs: don't shut down the filesystem for media failures beyond
end of log
If the filesystem has an external log device on pmem and the pmem
reports a media error beyond the end of the log area, don't shut down
the filesystem because we don't use that space.
Cc: <stable(a)vger.kernel.org> # v6.0
Fixes: 6f643c57d57c56 ("xfs: implement ->notify_failure() for XFS")
Signed-off-by: "Darrick J. Wong" <djwong(a)kernel.org>
Reviewed-by: Christoph Hellwig <hch(a)lst.de>
diff --git a/fs/xfs/xfs_notify_failure.c b/fs/xfs/xfs_notify_failure.c
index fa50e5308292..0b0b0f31aca2 100644
--- a/fs/xfs/xfs_notify_failure.c
+++ b/fs/xfs/xfs_notify_failure.c
@@ -153,6 +153,79 @@ xfs_dax_notify_failure_thaw(
thaw_super(sb, FREEZE_HOLDER_USERSPACE);
}
+static int
+xfs_dax_translate_range(
+ struct xfs_buftarg *btp,
+ u64 offset,
+ u64 len,
+ xfs_daddr_t *daddr,
+ uint64_t *bblen)
+{
+ u64 dev_start = btp->bt_dax_part_off;
+ u64 dev_len = bdev_nr_bytes(btp->bt_bdev);
+ u64 dev_end = dev_start + dev_len - 1;
+
+ /* Notify failure on the whole device. */
+ if (offset == 0 && len == U64_MAX) {
+ offset = dev_start;
+ len = dev_len;
+ }
+
+ /* Ignore the range out of filesystem area */
+ if (offset + len - 1 < dev_start)
+ return -ENXIO;
+ if (offset > dev_end)
+ return -ENXIO;
+
+ /* Calculate the real range when it touches the boundary */
+ if (offset > dev_start)
+ offset -= dev_start;
+ else {
+ len -= dev_start - offset;
+ offset = 0;
+ }
+ if (offset + len - 1 > dev_end)
+ len = dev_end - offset + 1;
+
+ *daddr = BTOBB(offset);
+ *bblen = BTOBB(len);
+ return 0;
+}
+
+static int
+xfs_dax_notify_logdev_failure(
+ struct xfs_mount *mp,
+ u64 offset,
+ u64 len,
+ int mf_flags)
+{
+ xfs_daddr_t daddr;
+ uint64_t bblen;
+ int error;
+
+ /*
+ * Return ENXIO instead of shutting down the filesystem if the failed
+ * region is beyond the end of the log.
+ */
+ error = xfs_dax_translate_range(mp->m_logdev_targp,
+ offset, len, &daddr, &bblen);
+ if (error)
+ return error;
+
+ /*
+ * In the pre-remove case the failure notification is attempting to
+ * trigger a force unmount. The expectation is that the device is
+ * still present, but its removal is in progress and can not be
+ * cancelled, proceed with accessing the log device.
+ */
+ if (mf_flags & MF_MEM_PRE_REMOVE)
+ return 0;
+
+ xfs_err(mp, "ondisk log corrupt, shutting down fs!");
+ xfs_force_shutdown(mp, SHUTDOWN_CORRUPT_ONDISK);
+ return -EFSCORRUPTED;
+}
+
static int
xfs_dax_notify_ddev_failure(
struct xfs_mount *mp,
@@ -263,8 +336,9 @@ xfs_dax_notify_failure(
int mf_flags)
{
struct xfs_mount *mp = dax_holder(dax_dev);
- u64 ddev_start;
- u64 ddev_end;
+ xfs_daddr_t daddr;
+ uint64_t bblen;
+ int error;
if (!(mp->m_super->s_flags & SB_BORN)) {
xfs_warn(mp, "filesystem is not ready for notify_failure()!");
@@ -279,17 +353,7 @@ xfs_dax_notify_failure(
if (mp->m_logdev_targp && mp->m_logdev_targp->bt_daxdev == dax_dev &&
mp->m_logdev_targp != mp->m_ddev_targp) {
- /*
- * In the pre-remove case the failure notification is attempting
- * to trigger a force unmount. The expectation is that the
- * device is still present, but its removal is in progress and
- * can not be cancelled, proceed with accessing the log device.
- */
- if (mf_flags & MF_MEM_PRE_REMOVE)
- return 0;
- xfs_err(mp, "ondisk log corrupt, shutting down fs!");
- xfs_force_shutdown(mp, SHUTDOWN_CORRUPT_ONDISK);
- return -EFSCORRUPTED;
+ return xfs_dax_notify_logdev_failure(mp, offset, len, mf_flags);
}
if (!xfs_has_rmapbt(mp)) {
@@ -297,33 +361,12 @@ xfs_dax_notify_failure(
return -EOPNOTSUPP;
}
- ddev_start = mp->m_ddev_targp->bt_dax_part_off;
- ddev_end = ddev_start + bdev_nr_bytes(mp->m_ddev_targp->bt_bdev) - 1;
+ error = xfs_dax_translate_range(mp->m_ddev_targp, offset, len, &daddr,
+ &bblen);
+ if (error)
+ return error;
- /* Notify failure on the whole device. */
- if (offset == 0 && len == U64_MAX) {
- offset = ddev_start;
- len = bdev_nr_bytes(mp->m_ddev_targp->bt_bdev);
- }
-
- /* Ignore the range out of filesystem area */
- if (offset + len - 1 < ddev_start)
- return -ENXIO;
- if (offset > ddev_end)
- return -ENXIO;
-
- /* Calculate the real range when it touches the boundary */
- if (offset > ddev_start)
- offset -= ddev_start;
- else {
- len -= ddev_start - offset;
- offset = 0;
- }
- if (offset + len - 1 > ddev_end)
- len = ddev_end - offset + 1;
-
- return xfs_dax_notify_ddev_failure(mp, BTOBB(offset), BTOBB(len),
- mf_flags);
+ return xfs_dax_notify_ddev_failure(mp, daddr, bblen, mf_flags);
}
const struct dax_holder_operations xfs_dax_holder_operations = {
4 months, 2 weeks
- 1
- 0
FAILED: patch "[PATCH] xfs: don't over-report free space or inodes in statvfs" failed to apply to 5.4-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 5.4-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y
git checkout FETCH_HEAD
git cherry-pick -x 4b8d867ca6e2fc6d152f629fdaf027053b81765a
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025020417-exterior-flagman-4525@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 4b8d867ca6e2fc6d152f629fdaf027053b81765a Mon Sep 17 00:00:00 2001
From: "Darrick J. Wong" <djwong(a)kernel.org>
Date: Thu, 12 Dec 2024 14:37:56 -0800
Subject: [PATCH] xfs: don't over-report free space or inodes in statvfs
Emmanual Florac reports a strange occurrence when project quota limits
are enabled, free space is lower than the remaining quota, and someone
runs statvfs:
# mkfs.xfs -f /dev/sda
# mount /dev/sda /mnt -o prjquota
# xfs_quota -x -c 'limit -p bhard=2G 55' /mnt
# mkdir /mnt/dir
# xfs_io -c 'chproj 55' -c 'chattr +P' -c 'stat -vvvv' /mnt/dir
# fallocate -l 19g /mnt/a
# df /mnt /mnt/dir
Filesystem Size Used Avail Use% Mounted on
/dev/sda 20G 20G 345M 99% /mnt
/dev/sda 2.0G 0 2.0G 0% /mnt
I think the bug here is that xfs_fill_statvfs_from_dquot unconditionally
assigns to f_bfree without checking that the filesystem has enough free
space to fill the remaining project quota. However, this is a
longstanding behavior of xfs so it's unclear what to do here.
Cc: <stable(a)vger.kernel.org> # v2.6.18
Fixes: 932f2c323196c2 ("[XFS] statvfs component of directory/project quota support, code originally by Glen.")
Reported-by: Emmanuel Florac <eflorac(a)intellique.com>
Signed-off-by: "Darrick J. Wong" <djwong(a)kernel.org>
Reviewed-by: Christoph Hellwig <hch(a)lst.de>
diff --git a/fs/xfs/xfs_qm_bhv.c b/fs/xfs/xfs_qm_bhv.c
index 847ba29630e9..db5b8afd9d1b 100644
--- a/fs/xfs/xfs_qm_bhv.c
+++ b/fs/xfs/xfs_qm_bhv.c
@@ -32,21 +32,28 @@ xfs_fill_statvfs_from_dquot(
limit = blkres->softlimit ?
blkres->softlimit :
blkres->hardlimit;
- if (limit && statp->f_blocks > limit) {
- statp->f_blocks = limit;
- statp->f_bfree = statp->f_bavail =
- (statp->f_blocks > blkres->reserved) ?
- (statp->f_blocks - blkres->reserved) : 0;
+ if (limit) {
+ uint64_t remaining = 0;
+
+ if (limit > blkres->reserved)
+ remaining = limit - blkres->reserved;
+
+ statp->f_blocks = min(statp->f_blocks, limit);
+ statp->f_bfree = min(statp->f_bfree, remaining);
+ statp->f_bavail = min(statp->f_bavail, remaining);
}
limit = dqp->q_ino.softlimit ?
dqp->q_ino.softlimit :
dqp->q_ino.hardlimit;
- if (limit && statp->f_files > limit) {
- statp->f_files = limit;
- statp->f_ffree =
- (statp->f_files > dqp->q_ino.reserved) ?
- (statp->f_files - dqp->q_ino.reserved) : 0;
+ if (limit) {
+ uint64_t remaining = 0;
+
+ if (limit > dqp->q_ino.reserved)
+ remaining = limit - dqp->q_ino.reserved;
+
+ statp->f_files = min(statp->f_files, limit);
+ statp->f_ffree = min(statp->f_ffree, remaining);
}
}
4 months, 2 weeks
- 1
- 0
FAILED: patch "[PATCH] xfs: don't over-report free space or inodes in statvfs" failed to apply to 5.15-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 5.15-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y
git checkout FETCH_HEAD
git cherry-pick -x 4b8d867ca6e2fc6d152f629fdaf027053b81765a
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025020416-throng-creamer-864c@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 4b8d867ca6e2fc6d152f629fdaf027053b81765a Mon Sep 17 00:00:00 2001
From: "Darrick J. Wong" <djwong(a)kernel.org>
Date: Thu, 12 Dec 2024 14:37:56 -0800
Subject: [PATCH] xfs: don't over-report free space or inodes in statvfs
Emmanual Florac reports a strange occurrence when project quota limits
are enabled, free space is lower than the remaining quota, and someone
runs statvfs:
# mkfs.xfs -f /dev/sda
# mount /dev/sda /mnt -o prjquota
# xfs_quota -x -c 'limit -p bhard=2G 55' /mnt
# mkdir /mnt/dir
# xfs_io -c 'chproj 55' -c 'chattr +P' -c 'stat -vvvv' /mnt/dir
# fallocate -l 19g /mnt/a
# df /mnt /mnt/dir
Filesystem Size Used Avail Use% Mounted on
/dev/sda 20G 20G 345M 99% /mnt
/dev/sda 2.0G 0 2.0G 0% /mnt
I think the bug here is that xfs_fill_statvfs_from_dquot unconditionally
assigns to f_bfree without checking that the filesystem has enough free
space to fill the remaining project quota. However, this is a
longstanding behavior of xfs so it's unclear what to do here.
Cc: <stable(a)vger.kernel.org> # v2.6.18
Fixes: 932f2c323196c2 ("[XFS] statvfs component of directory/project quota support, code originally by Glen.")
Reported-by: Emmanuel Florac <eflorac(a)intellique.com>
Signed-off-by: "Darrick J. Wong" <djwong(a)kernel.org>
Reviewed-by: Christoph Hellwig <hch(a)lst.de>
diff --git a/fs/xfs/xfs_qm_bhv.c b/fs/xfs/xfs_qm_bhv.c
index 847ba29630e9..db5b8afd9d1b 100644
--- a/fs/xfs/xfs_qm_bhv.c
+++ b/fs/xfs/xfs_qm_bhv.c
@@ -32,21 +32,28 @@ xfs_fill_statvfs_from_dquot(
limit = blkres->softlimit ?
blkres->softlimit :
blkres->hardlimit;
- if (limit && statp->f_blocks > limit) {
- statp->f_blocks = limit;
- statp->f_bfree = statp->f_bavail =
- (statp->f_blocks > blkres->reserved) ?
- (statp->f_blocks - blkres->reserved) : 0;
+ if (limit) {
+ uint64_t remaining = 0;
+
+ if (limit > blkres->reserved)
+ remaining = limit - blkres->reserved;
+
+ statp->f_blocks = min(statp->f_blocks, limit);
+ statp->f_bfree = min(statp->f_bfree, remaining);
+ statp->f_bavail = min(statp->f_bavail, remaining);
}
limit = dqp->q_ino.softlimit ?
dqp->q_ino.softlimit :
dqp->q_ino.hardlimit;
- if (limit && statp->f_files > limit) {
- statp->f_files = limit;
- statp->f_ffree =
- (statp->f_files > dqp->q_ino.reserved) ?
- (statp->f_files - dqp->q_ino.reserved) : 0;
+ if (limit) {
+ uint64_t remaining = 0;
+
+ if (limit > dqp->q_ino.reserved)
+ remaining = limit - dqp->q_ino.reserved;
+
+ statp->f_files = min(statp->f_files, limit);
+ statp->f_ffree = min(statp->f_ffree, remaining);
}
}
4 months, 2 weeks
- 1
- 0
FAILED: patch "[PATCH] xfs: don't over-report free space or inodes in statvfs" failed to apply to 5.10-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 5.10-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y
git checkout FETCH_HEAD
git cherry-pick -x 4b8d867ca6e2fc6d152f629fdaf027053b81765a
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025020416-garter-syndrome-36bf@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 4b8d867ca6e2fc6d152f629fdaf027053b81765a Mon Sep 17 00:00:00 2001
From: "Darrick J. Wong" <djwong(a)kernel.org>
Date: Thu, 12 Dec 2024 14:37:56 -0800
Subject: [PATCH] xfs: don't over-report free space or inodes in statvfs
Emmanual Florac reports a strange occurrence when project quota limits
are enabled, free space is lower than the remaining quota, and someone
runs statvfs:
# mkfs.xfs -f /dev/sda
# mount /dev/sda /mnt -o prjquota
# xfs_quota -x -c 'limit -p bhard=2G 55' /mnt
# mkdir /mnt/dir
# xfs_io -c 'chproj 55' -c 'chattr +P' -c 'stat -vvvv' /mnt/dir
# fallocate -l 19g /mnt/a
# df /mnt /mnt/dir
Filesystem Size Used Avail Use% Mounted on
/dev/sda 20G 20G 345M 99% /mnt
/dev/sda 2.0G 0 2.0G 0% /mnt
I think the bug here is that xfs_fill_statvfs_from_dquot unconditionally
assigns to f_bfree without checking that the filesystem has enough free
space to fill the remaining project quota. However, this is a
longstanding behavior of xfs so it's unclear what to do here.
Cc: <stable(a)vger.kernel.org> # v2.6.18
Fixes: 932f2c323196c2 ("[XFS] statvfs component of directory/project quota support, code originally by Glen.")
Reported-by: Emmanuel Florac <eflorac(a)intellique.com>
Signed-off-by: "Darrick J. Wong" <djwong(a)kernel.org>
Reviewed-by: Christoph Hellwig <hch(a)lst.de>
diff --git a/fs/xfs/xfs_qm_bhv.c b/fs/xfs/xfs_qm_bhv.c
index 847ba29630e9..db5b8afd9d1b 100644
--- a/fs/xfs/xfs_qm_bhv.c
+++ b/fs/xfs/xfs_qm_bhv.c
@@ -32,21 +32,28 @@ xfs_fill_statvfs_from_dquot(
limit = blkres->softlimit ?
blkres->softlimit :
blkres->hardlimit;
- if (limit && statp->f_blocks > limit) {
- statp->f_blocks = limit;
- statp->f_bfree = statp->f_bavail =
- (statp->f_blocks > blkres->reserved) ?
- (statp->f_blocks - blkres->reserved) : 0;
+ if (limit) {
+ uint64_t remaining = 0;
+
+ if (limit > blkres->reserved)
+ remaining = limit - blkres->reserved;
+
+ statp->f_blocks = min(statp->f_blocks, limit);
+ statp->f_bfree = min(statp->f_bfree, remaining);
+ statp->f_bavail = min(statp->f_bavail, remaining);
}
limit = dqp->q_ino.softlimit ?
dqp->q_ino.softlimit :
dqp->q_ino.hardlimit;
- if (limit && statp->f_files > limit) {
- statp->f_files = limit;
- statp->f_ffree =
- (statp->f_files > dqp->q_ino.reserved) ?
- (statp->f_files - dqp->q_ino.reserved) : 0;
+ if (limit) {
+ uint64_t remaining = 0;
+
+ if (limit > dqp->q_ino.reserved)
+ remaining = limit - dqp->q_ino.reserved;
+
+ statp->f_files = min(statp->f_files, limit);
+ statp->f_ffree = min(statp->f_ffree, remaining);
}
}
4 months, 2 weeks
- 1
- 0
FAILED: patch "[PATCH] xfs: don't over-report free space or inodes in statvfs" failed to apply to 6.1-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.1-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y
git checkout FETCH_HEAD
git cherry-pick -x 4b8d867ca6e2fc6d152f629fdaf027053b81765a
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025020410-rogue-unusual-e7f8@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 4b8d867ca6e2fc6d152f629fdaf027053b81765a Mon Sep 17 00:00:00 2001
From: "Darrick J. Wong" <djwong(a)kernel.org>
Date: Thu, 12 Dec 2024 14:37:56 -0800
Subject: [PATCH] xfs: don't over-report free space or inodes in statvfs
Emmanual Florac reports a strange occurrence when project quota limits
are enabled, free space is lower than the remaining quota, and someone
runs statvfs:
# mkfs.xfs -f /dev/sda
# mount /dev/sda /mnt -o prjquota
# xfs_quota -x -c 'limit -p bhard=2G 55' /mnt
# mkdir /mnt/dir
# xfs_io -c 'chproj 55' -c 'chattr +P' -c 'stat -vvvv' /mnt/dir
# fallocate -l 19g /mnt/a
# df /mnt /mnt/dir
Filesystem Size Used Avail Use% Mounted on
/dev/sda 20G 20G 345M 99% /mnt
/dev/sda 2.0G 0 2.0G 0% /mnt
I think the bug here is that xfs_fill_statvfs_from_dquot unconditionally
assigns to f_bfree without checking that the filesystem has enough free
space to fill the remaining project quota. However, this is a
longstanding behavior of xfs so it's unclear what to do here.
Cc: <stable(a)vger.kernel.org> # v2.6.18
Fixes: 932f2c323196c2 ("[XFS] statvfs component of directory/project quota support, code originally by Glen.")
Reported-by: Emmanuel Florac <eflorac(a)intellique.com>
Signed-off-by: "Darrick J. Wong" <djwong(a)kernel.org>
Reviewed-by: Christoph Hellwig <hch(a)lst.de>
diff --git a/fs/xfs/xfs_qm_bhv.c b/fs/xfs/xfs_qm_bhv.c
index 847ba29630e9..db5b8afd9d1b 100644
--- a/fs/xfs/xfs_qm_bhv.c
+++ b/fs/xfs/xfs_qm_bhv.c
@@ -32,21 +32,28 @@ xfs_fill_statvfs_from_dquot(
limit = blkres->softlimit ?
blkres->softlimit :
blkres->hardlimit;
- if (limit && statp->f_blocks > limit) {
- statp->f_blocks = limit;
- statp->f_bfree = statp->f_bavail =
- (statp->f_blocks > blkres->reserved) ?
- (statp->f_blocks - blkres->reserved) : 0;
+ if (limit) {
+ uint64_t remaining = 0;
+
+ if (limit > blkres->reserved)
+ remaining = limit - blkres->reserved;
+
+ statp->f_blocks = min(statp->f_blocks, limit);
+ statp->f_bfree = min(statp->f_bfree, remaining);
+ statp->f_bavail = min(statp->f_bavail, remaining);
}
limit = dqp->q_ino.softlimit ?
dqp->q_ino.softlimit :
dqp->q_ino.hardlimit;
- if (limit && statp->f_files > limit) {
- statp->f_files = limit;
- statp->f_ffree =
- (statp->f_files > dqp->q_ino.reserved) ?
- (statp->f_files - dqp->q_ino.reserved) : 0;
+ if (limit) {
+ uint64_t remaining = 0;
+
+ if (limit > dqp->q_ino.reserved)
+ remaining = limit - dqp->q_ino.reserved;
+
+ statp->f_files = min(statp->f_files, limit);
+ statp->f_ffree = min(statp->f_ffree, remaining);
}
}
4 months, 2 weeks
- 1
- 0
FAILED: patch "[PATCH] xfs: don't over-report free space or inodes in statvfs" failed to apply to 6.12-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.12-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y
git checkout FETCH_HEAD
git cherry-pick -x 4b8d867ca6e2fc6d152f629fdaf027053b81765a
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025020409-duckbill-unbalance-60e9@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 4b8d867ca6e2fc6d152f629fdaf027053b81765a Mon Sep 17 00:00:00 2001
From: "Darrick J. Wong" <djwong(a)kernel.org>
Date: Thu, 12 Dec 2024 14:37:56 -0800
Subject: [PATCH] xfs: don't over-report free space or inodes in statvfs
Emmanual Florac reports a strange occurrence when project quota limits
are enabled, free space is lower than the remaining quota, and someone
runs statvfs:
# mkfs.xfs -f /dev/sda
# mount /dev/sda /mnt -o prjquota
# xfs_quota -x -c 'limit -p bhard=2G 55' /mnt
# mkdir /mnt/dir
# xfs_io -c 'chproj 55' -c 'chattr +P' -c 'stat -vvvv' /mnt/dir
# fallocate -l 19g /mnt/a
# df /mnt /mnt/dir
Filesystem Size Used Avail Use% Mounted on
/dev/sda 20G 20G 345M 99% /mnt
/dev/sda 2.0G 0 2.0G 0% /mnt
I think the bug here is that xfs_fill_statvfs_from_dquot unconditionally
assigns to f_bfree without checking that the filesystem has enough free
space to fill the remaining project quota. However, this is a
longstanding behavior of xfs so it's unclear what to do here.
Cc: <stable(a)vger.kernel.org> # v2.6.18
Fixes: 932f2c323196c2 ("[XFS] statvfs component of directory/project quota support, code originally by Glen.")
Reported-by: Emmanuel Florac <eflorac(a)intellique.com>
Signed-off-by: "Darrick J. Wong" <djwong(a)kernel.org>
Reviewed-by: Christoph Hellwig <hch(a)lst.de>
diff --git a/fs/xfs/xfs_qm_bhv.c b/fs/xfs/xfs_qm_bhv.c
index 847ba29630e9..db5b8afd9d1b 100644
--- a/fs/xfs/xfs_qm_bhv.c
+++ b/fs/xfs/xfs_qm_bhv.c
@@ -32,21 +32,28 @@ xfs_fill_statvfs_from_dquot(
limit = blkres->softlimit ?
blkres->softlimit :
blkres->hardlimit;
- if (limit && statp->f_blocks > limit) {
- statp->f_blocks = limit;
- statp->f_bfree = statp->f_bavail =
- (statp->f_blocks > blkres->reserved) ?
- (statp->f_blocks - blkres->reserved) : 0;
+ if (limit) {
+ uint64_t remaining = 0;
+
+ if (limit > blkres->reserved)
+ remaining = limit - blkres->reserved;
+
+ statp->f_blocks = min(statp->f_blocks, limit);
+ statp->f_bfree = min(statp->f_bfree, remaining);
+ statp->f_bavail = min(statp->f_bavail, remaining);
}
limit = dqp->q_ino.softlimit ?
dqp->q_ino.softlimit :
dqp->q_ino.hardlimit;
- if (limit && statp->f_files > limit) {
- statp->f_files = limit;
- statp->f_ffree =
- (statp->f_files > dqp->q_ino.reserved) ?
- (statp->f_files - dqp->q_ino.reserved) : 0;
+ if (limit) {
+ uint64_t remaining = 0;
+
+ if (limit > dqp->q_ino.reserved)
+ remaining = limit - dqp->q_ino.reserved;
+
+ statp->f_files = min(statp->f_files, limit);
+ statp->f_ffree = min(statp->f_ffree, remaining);
}
}
4 months, 2 weeks
- 1
- 0
FAILED: patch "[PATCH] xfs: don't over-report free space or inodes in statvfs" failed to apply to 6.6-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.6-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y
git checkout FETCH_HEAD
git cherry-pick -x 4b8d867ca6e2fc6d152f629fdaf027053b81765a
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025020409-refurbish-stereo-db71@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 4b8d867ca6e2fc6d152f629fdaf027053b81765a Mon Sep 17 00:00:00 2001
From: "Darrick J. Wong" <djwong(a)kernel.org>
Date: Thu, 12 Dec 2024 14:37:56 -0800
Subject: [PATCH] xfs: don't over-report free space or inodes in statvfs
Emmanual Florac reports a strange occurrence when project quota limits
are enabled, free space is lower than the remaining quota, and someone
runs statvfs:
# mkfs.xfs -f /dev/sda
# mount /dev/sda /mnt -o prjquota
# xfs_quota -x -c 'limit -p bhard=2G 55' /mnt
# mkdir /mnt/dir
# xfs_io -c 'chproj 55' -c 'chattr +P' -c 'stat -vvvv' /mnt/dir
# fallocate -l 19g /mnt/a
# df /mnt /mnt/dir
Filesystem Size Used Avail Use% Mounted on
/dev/sda 20G 20G 345M 99% /mnt
/dev/sda 2.0G 0 2.0G 0% /mnt
I think the bug here is that xfs_fill_statvfs_from_dquot unconditionally
assigns to f_bfree without checking that the filesystem has enough free
space to fill the remaining project quota. However, this is a
longstanding behavior of xfs so it's unclear what to do here.
Cc: <stable(a)vger.kernel.org> # v2.6.18
Fixes: 932f2c323196c2 ("[XFS] statvfs component of directory/project quota support, code originally by Glen.")
Reported-by: Emmanuel Florac <eflorac(a)intellique.com>
Signed-off-by: "Darrick J. Wong" <djwong(a)kernel.org>
Reviewed-by: Christoph Hellwig <hch(a)lst.de>
diff --git a/fs/xfs/xfs_qm_bhv.c b/fs/xfs/xfs_qm_bhv.c
index 847ba29630e9..db5b8afd9d1b 100644
--- a/fs/xfs/xfs_qm_bhv.c
+++ b/fs/xfs/xfs_qm_bhv.c
@@ -32,21 +32,28 @@ xfs_fill_statvfs_from_dquot(
limit = blkres->softlimit ?
blkres->softlimit :
blkres->hardlimit;
- if (limit && statp->f_blocks > limit) {
- statp->f_blocks = limit;
- statp->f_bfree = statp->f_bavail =
- (statp->f_blocks > blkres->reserved) ?
- (statp->f_blocks - blkres->reserved) : 0;
+ if (limit) {
+ uint64_t remaining = 0;
+
+ if (limit > blkres->reserved)
+ remaining = limit - blkres->reserved;
+
+ statp->f_blocks = min(statp->f_blocks, limit);
+ statp->f_bfree = min(statp->f_bfree, remaining);
+ statp->f_bavail = min(statp->f_bavail, remaining);
}
limit = dqp->q_ino.softlimit ?
dqp->q_ino.softlimit :
dqp->q_ino.hardlimit;
- if (limit && statp->f_files > limit) {
- statp->f_files = limit;
- statp->f_ffree =
- (statp->f_files > dqp->q_ino.reserved) ?
- (statp->f_files - dqp->q_ino.reserved) : 0;
+ if (limit) {
+ uint64_t remaining = 0;
+
+ if (limit > dqp->q_ino.reserved)
+ remaining = limit - dqp->q_ino.reserved;
+
+ statp->f_files = min(statp->f_files, limit);
+ statp->f_ffree = min(statp->f_ffree, remaining);
}
}
4 months, 2 weeks
- 1
- 0
FAILED: patch "[PATCH] xfs: fix mount hang during primary superblock recovery" failed to apply to 6.12-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.12-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y
git checkout FETCH_HEAD
git cherry-pick -x efebe42d95fbba91dca6e3e32cb9e0612eb56de5
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025020458-showoff-enclosure-b449@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From efebe42d95fbba91dca6e3e32cb9e0612eb56de5 Mon Sep 17 00:00:00 2001
From: Long Li <leo.lilong(a)huawei.com>
Date: Sat, 11 Jan 2025 15:05:44 +0800
Subject: [PATCH] xfs: fix mount hang during primary superblock recovery
failure
When mounting an image containing a log with sb modifications that require
log replay, the mount process hang all the time and stack as follows:
[root@localhost ~]# cat /proc/557/stack
[<0>] xfs_buftarg_wait+0x31/0x70
[<0>] xfs_buftarg_drain+0x54/0x350
[<0>] xfs_mountfs+0x66e/0xe80
[<0>] xfs_fs_fill_super+0x7f1/0xec0
[<0>] get_tree_bdev_flags+0x186/0x280
[<0>] get_tree_bdev+0x18/0x30
[<0>] xfs_fs_get_tree+0x1d/0x30
[<0>] vfs_get_tree+0x2d/0x110
[<0>] path_mount+0xb59/0xfc0
[<0>] do_mount+0x92/0xc0
[<0>] __x64_sys_mount+0xc2/0x160
[<0>] x64_sys_call+0x2de4/0x45c0
[<0>] do_syscall_64+0xa7/0x240
[<0>] entry_SYSCALL_64_after_hwframe+0x76/0x7e
During log recovery, while updating the in-memory superblock from the
primary SB buffer, if an error is encountered, such as superblock
corruption occurs or some other reasons, we will proceed to out_release
and release the xfs_buf. However, this is insufficient because the
xfs_buf's log item has already been initialized and the xfs_buf is held
by the buffer log item as follows, the xfs_buf will not be released,
causing the mount thread to hang.
xlog_recover_do_primary_sb_buffer
xlog_recover_do_reg_buffer
xlog_recover_validate_buf_type
xfs_buf_item_init(bp, mp)
The solution is straightforward, we simply need to allow it to be
handled by the normal buffer write process. The filesystem will be
shutdown before the submission of buffer_list in xlog_do_recovery_pass(),
ensuring the correct release of the xfs_buf as follows:
xlog_do_recovery_pass
error = xlog_recover_process
xlog_recover_process_data
xlog_recover_process_ophdr
xlog_recovery_process_trans
...
xlog_recover_buf_commit_pass2
error = xlog_recover_do_primary_sb_buffer
//Encounter error and return
if (error)
goto out_writebuf
...
out_writebuf:
xfs_buf_delwri_queue(bp, buffer_list) //add bp to list
return error
...
if (!list_empty(&buffer_list))
if (error)
xlog_force_shutdown(log, SHUTDOWN_LOG_IO_ERROR); //shutdown first
xfs_buf_delwri_submit(&buffer_list); //submit buffers in list
__xfs_buf_submit
if (bp->b_mount->m_log && xlog_is_shutdown(bp->b_mount->m_log))
xfs_buf_ioend_fail(bp) //release bp correctly
Fixes: 6a18765b54e2 ("xfs: update the file system geometry after recoverying superblock buffers")
Cc: stable(a)vger.kernel.org # v6.12
Signed-off-by: Long Li <leo.lilong(a)huawei.com>
Reviewed-by: Darrick J. Wong <djwong(a)kernel.org>
Reviewed-by: Christoph Hellwig <hch(a)lst.de>
Signed-off-by: Carlos Maiolino <cem(a)kernel.org>
diff --git a/fs/xfs/xfs_buf_item_recover.c b/fs/xfs/xfs_buf_item_recover.c
index b05d5b81f642..05a2f6927c12 100644
--- a/fs/xfs/xfs_buf_item_recover.c
+++ b/fs/xfs/xfs_buf_item_recover.c
@@ -1087,7 +1087,7 @@ xlog_recover_buf_commit_pass2(
error = xlog_recover_do_primary_sb_buffer(mp, item, bp, buf_f,
current_lsn);
if (error)
- goto out_release;
+ goto out_writebuf;
/* Update the rt superblock if we have one. */
if (xfs_has_rtsb(mp) && mp->m_rtsb_bp) {
@@ -1104,6 +1104,15 @@ xlog_recover_buf_commit_pass2(
xlog_recover_do_reg_buffer(mp, item, bp, buf_f, current_lsn);
}
+ /*
+ * Buffer held by buf log item during 'normal' buffer recovery must
+ * be committed through buffer I/O submission path to ensure proper
+ * release. When error occurs during sb buffer recovery, log shutdown
+ * will be done before submitting buffer list so that buffers can be
+ * released correctly through ioend failure path.
+ */
+out_writebuf:
+
/*
* Perform delayed write on the buffer. Asynchronous writes will be
* slower when taking into account all the buffers to be flushed.
4 months, 2 weeks
- 1
- 0
FAILED: patch "[PATCH] xfs: check for dead buffers in xfs_buf_find_insert" failed to apply to 6.6-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.6-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y
git checkout FETCH_HEAD
git cherry-pick -x 07eae0fa67ca4bbb199ad85645e0f9dfaef931cd
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025020447-mastiff-cauterize-c488@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 07eae0fa67ca4bbb199ad85645e0f9dfaef931cd Mon Sep 17 00:00:00 2001
From: Christoph Hellwig <hch(a)lst.de>
Date: Thu, 16 Jan 2025 07:01:41 +0100
Subject: [PATCH] xfs: check for dead buffers in xfs_buf_find_insert
Commit 32dd4f9c506b ("xfs: remove a superflous hash lookup when inserting
new buffers") converted xfs_buf_find_insert to use
rhashtable_lookup_get_insert_fast and thus an operation that returns the
existing buffer when an insert would duplicate the hash key. But this
code path misses the check for a buffer with a reference count of zero,
which could lead to reusing an about to be freed buffer. Fix this by
using the same atomic_inc_not_zero pattern as xfs_buf_insert.
Fixes: 32dd4f9c506b ("xfs: remove a superflous hash lookup when inserting new buffers")
Signed-off-by: Christoph Hellwig <hch(a)lst.de>
Reviewed-by: Dave Chinner <dchinner(a)redhat.com>
Reviewed-by: Darrick J. Wong <djwong(a)kernel.org>
Cc: stable(a)vger.kernel.org # v6.0
Signed-off-by: Carlos Maiolino <cem(a)kernel.org>
diff --git a/fs/xfs/xfs_buf.c b/fs/xfs/xfs_buf.c
index d9636bff16ce..183428fbc607 100644
--- a/fs/xfs/xfs_buf.c
+++ b/fs/xfs/xfs_buf.c
@@ -655,9 +655,8 @@ xfs_buf_find_insert(
spin_unlock(&bch->bc_lock);
goto out_free_buf;
}
- if (bp) {
+ if (bp && atomic_inc_not_zero(&bp->b_hold)) {
/* found an existing buffer */
- atomic_inc(&bp->b_hold);
spin_unlock(&bch->bc_lock);
error = xfs_buf_find_lock(bp, flags);
if (error)
4 months, 2 weeks
- 1
- 0
FAILED: patch "[PATCH] xfs: check for dead buffers in xfs_buf_find_insert" failed to apply to 6.1-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.1-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y
git checkout FETCH_HEAD
git cherry-pick -x 07eae0fa67ca4bbb199ad85645e0f9dfaef931cd
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025020447-stinking-untying-4604@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 07eae0fa67ca4bbb199ad85645e0f9dfaef931cd Mon Sep 17 00:00:00 2001
From: Christoph Hellwig <hch(a)lst.de>
Date: Thu, 16 Jan 2025 07:01:41 +0100
Subject: [PATCH] xfs: check for dead buffers in xfs_buf_find_insert
Commit 32dd4f9c506b ("xfs: remove a superflous hash lookup when inserting
new buffers") converted xfs_buf_find_insert to use
rhashtable_lookup_get_insert_fast and thus an operation that returns the
existing buffer when an insert would duplicate the hash key. But this
code path misses the check for a buffer with a reference count of zero,
which could lead to reusing an about to be freed buffer. Fix this by
using the same atomic_inc_not_zero pattern as xfs_buf_insert.
Fixes: 32dd4f9c506b ("xfs: remove a superflous hash lookup when inserting new buffers")
Signed-off-by: Christoph Hellwig <hch(a)lst.de>
Reviewed-by: Dave Chinner <dchinner(a)redhat.com>
Reviewed-by: Darrick J. Wong <djwong(a)kernel.org>
Cc: stable(a)vger.kernel.org # v6.0
Signed-off-by: Carlos Maiolino <cem(a)kernel.org>
diff --git a/fs/xfs/xfs_buf.c b/fs/xfs/xfs_buf.c
index d9636bff16ce..183428fbc607 100644
--- a/fs/xfs/xfs_buf.c
+++ b/fs/xfs/xfs_buf.c
@@ -655,9 +655,8 @@ xfs_buf_find_insert(
spin_unlock(&bch->bc_lock);
goto out_free_buf;
}
- if (bp) {
+ if (bp && atomic_inc_not_zero(&bp->b_hold)) {
/* found an existing buffer */
- atomic_inc(&bp->b_hold);
spin_unlock(&bch->bc_lock);
error = xfs_buf_find_lock(bp, flags);
if (error)
4 months, 2 weeks
- 1
- 0
[PATCH v2] usb: gadget: f_midi: Fixing wMaxPacketSize exceeded issue during MIDI bind retries
by Selvarasu Ganesan
The current implementation sets the wMaxPacketSize of bulk in/out
endpoints to 1024 bytes at the end of the f_midi_bind function. However,
in cases where there is a failure in the first midi bind attempt,
consider rebinding. This scenario may encounter an f_midi_bind issue due
to the previous bind setting the bulk endpoint's wMaxPacketSize to 1024
bytes, which exceeds the ep->maxpacket_limit where configured dwc3 TX/RX
FIFO's maxpacket size of 512 bytes for IN/OUT endpoints in support HS
speed only.
Here the term "rebind" in this context refers to attempting to bind the
MIDI function a second time in certain scenarios. The situations where
rebinding is considered include:
* When there is a failure in the first UDC write attempt, which may be
caused by other functions bind along with MIDI.
* Runtime composition change : Example : MIDI,ADB to MIDI. Or MIDI to
MIDI,ADB.
This commit addresses this issue by resetting the wMaxPacketSize before
endpoint claim. And here there is no need to reset all values in the usb
endpoint descriptor structure, as all members except wMaxPacketSize and
bEndpointAddress have predefined values.
This ensures that restores the endpoint to its expected configuration,
and preventing conflicts with value of ep->maxpacket_limit. It also
aligns with the approach used in other function drivers, which treat
endpoint descriptors as if they were full speed before endpoint claim.
Fixes: 46decc82ffd5 ("usb: gadget: unconditionally allocate hs/ss descriptor in bind operation")
Cc: stable(a)vger.kernel.org
Signed-off-by: Selvarasu Ganesan <selvarasu.g(a)samsung.com>
---
Changes in v2:
- Expanded changelog as per the comment from Greg KH.
- Link to v1: https://lore.kernel.org/all/20241208152322.1653-1-selvarasu.g@samsung.com/
---
drivers/usb/gadget/function/f_midi.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/drivers/usb/gadget/function/f_midi.c b/drivers/usb/gadget/function/f_midi.c
index 837fcdfa3840..9b991cf5b0f8 100644
--- a/drivers/usb/gadget/function/f_midi.c
+++ b/drivers/usb/gadget/function/f_midi.c
@@ -907,6 +907,15 @@ static int f_midi_bind(struct usb_configuration *c, struct usb_function *f)
status = -ENODEV;
+ /*
+ * Reset wMaxPacketSize with maximum packet size of FS bulk transfer before
+ * endpoint claim. This ensures that the wMaxPacketSize does not exceed the
+ * limit during bind retries where configured dwc3 TX/RX FIFO's maxpacket
+ * size of 512 bytes for IN/OUT endpoints in support HS speed only.
+ */
+ bulk_in_desc.wMaxPacketSize = cpu_to_le16(64);
+ bulk_out_desc.wMaxPacketSize = cpu_to_le16(64);
+
/* allocate instance-specific endpoints */
midi->in_ep = usb_ep_autoconfig(cdev->gadget, &bulk_in_desc);
if (!midi->in_ep)
--
2.17.1
4 months, 2 weeks
- 2
- 1
[PATCH 6.1] nvme: fix metadata handling in nvme-passthrough
by Hagar Hemdan
From: Puranjay Mohan <pjy(a)amazon.com>
[ Upstream commit 7c2fd76048e95dd267055b5f5e0a48e6e7c81fd9 ]
On an NVMe namespace that does not support metadata, it is possible to
send an IO command with metadata through io-passthru. This allows issues
like [1] to trigger in the completion code path.
nvme_map_user_request() doesn't check if the namespace supports metadata
before sending it forward. It also allows admin commands with metadata to
be processed as it ignores metadata when bdev == NULL and may report
success.
Reject an IO command with metadata when the NVMe namespace doesn't
support it and reject an admin command if it has metadata.
[1] https://lore.kernel.org/all/mb61pcylvnym8.fsf@amazon.com/
Suggested-by: Christoph Hellwig <hch(a)lst.de>
Reviewed-by: Christoph Hellwig <hch(a)lst.de>
Reviewed-by: Sagi Grimberg <sagi(a)grimberg.me>
Reviewed-by: Anuj Gupta <anuj20.g(a)samsung.com>
Signed-off-by: Keith Busch <kbusch(a)kernel.org>
[ Minor changes to make it work on 6.1 ]
Signed-off-by: Puranjay Mohan <pjy(a)amazon.com>
Signed-off-by: Hagar Hemdan <hagarhem(a)amazon.com>
---
Resend as all stables contain the fix except 6.1.
---
drivers/nvme/host/ioctl.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/drivers/nvme/host/ioctl.c b/drivers/nvme/host/ioctl.c
index 875dee6ecd40..19a7f0160618 100644
--- a/drivers/nvme/host/ioctl.c
+++ b/drivers/nvme/host/ioctl.c
@@ -3,6 +3,7 @@
* Copyright (c) 2011-2014, Intel Corporation.
* Copyright (c) 2017-2021 Christoph Hellwig.
*/
+#include <linux/blk-integrity.h>
#include <linux/ptrace.h> /* for force_successful_syscall_return */
#include <linux/nvme_ioctl.h>
#include <linux/io_uring.h>
@@ -171,10 +172,15 @@ static int nvme_map_user_request(struct request *req, u64 ubuffer,
struct request_queue *q = req->q;
struct nvme_ns *ns = q->queuedata;
struct block_device *bdev = ns ? ns->disk->part0 : NULL;
+ bool supports_metadata = bdev && blk_get_integrity(bdev->bd_disk);
+ bool has_metadata = meta_buffer && meta_len;
struct bio *bio = NULL;
void *meta = NULL;
int ret;
+ if (has_metadata && !supports_metadata)
+ return -EINVAL;
+
if (ioucmd && (ioucmd->flags & IORING_URING_CMD_FIXED)) {
struct iov_iter iter;
@@ -198,7 +204,7 @@ static int nvme_map_user_request(struct request *req, u64 ubuffer,
if (bdev)
bio_set_dev(bio, bdev);
- if (bdev && meta_buffer && meta_len) {
+ if (has_metadata) {
meta = nvme_add_user_metadata(req, meta_buffer, meta_len,
meta_seed);
if (IS_ERR(meta)) {
--
2.40.1
4 months, 2 weeks
- 3
- 2
[PATCH v2] kbuild: switch from lz4c to lz4 for compression
by Parth Pancholi
From: Parth Pancholi <parth.pancholi(a)toradex.com>
Replace lz4c with lz4 for kernel image compression.
Although lz4 and lz4c are functionally similar, lz4c has been deprecated
upstream since 2018. Since as early as Ubuntu 16.04 and Fedora 25, lz4
and lz4c have been packaged together, making it safe to update the
requirement from lz4c to lz4.
Consequently, some distributions and build systems, such as OpenEmbedded,
have fully transitioned to using lz4. OpenEmbedded core adopted this
change in commit fe167e082cbd ("bitbake.conf: require lz4 instead of
lz4c"), causing compatibility issues when building the mainline kernel
in the latest OpenEmbedded environment, as seen in the errors below.
This change also updates the LZ4 compression commands to make it backward
compatible by replacing stdin and stdout with the '-' option, due to some
unclear reason, the stdout keyword does not work for lz4 and '-' works for
both. In addition, this modifies the legacy '-c1' with '-9' which is also
compatible with both. This fixes the mainline kernel build failures with
the latest master OpenEmbedded builds associated with the mentioned
compatibility issues.
LZ4 arch/arm/boot/compressed/piggy_data
/bin/sh: 1: lz4c: not found
...
...
ERROR: oe_runmake failed
Cc: stable(a)vger.kernel.org
Link: https://github.com/lz4/lz4/pull/553
Suggested-by: Francesco Dolcini <francesco.dolcini(a)toradex.com>
Signed-off-by: Parth Pancholi <parth.pancholi(a)toradex.com>
---
v2: correct the compression command line to make it compatible with lz4
v1: https://lore.kernel.org/all/20241112150006.265900-1-parth105105@gmail.com/
---
Makefile | 2 +-
scripts/Makefile.lib | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/Makefile b/Makefile
index 79192a3024bf..7630f763f5b2 100644
--- a/Makefile
+++ b/Makefile
@@ -508,7 +508,7 @@ KGZIP = gzip
KBZIP2 = bzip2
KLZOP = lzop
LZMA = lzma
-LZ4 = lz4c
+LZ4 = lz4
XZ = xz
ZSTD = zstd
diff --git a/scripts/Makefile.lib b/scripts/Makefile.lib
index 01a9f567d5af..fe5e132fcea8 100644
--- a/scripts/Makefile.lib
+++ b/scripts/Makefile.lib
@@ -371,10 +371,10 @@ quiet_cmd_lzo_with_size = LZO $@
cmd_lzo_with_size = { cat $(real-prereqs) | $(KLZOP) -9; $(size_append); } > $@
quiet_cmd_lz4 = LZ4 $@
- cmd_lz4 = cat $(real-prereqs) | $(LZ4) -l -c1 stdin stdout > $@
+ cmd_lz4 = cat $(real-prereqs) | $(LZ4) -l -9 - - > $@
quiet_cmd_lz4_with_size = LZ4 $@
- cmd_lz4_with_size = { cat $(real-prereqs) | $(LZ4) -l -c1 stdin stdout; \
+ cmd_lz4_with_size = { cat $(real-prereqs) | $(LZ4) -l -9 - -; \
$(size_append); } > $@
# U-Boot mkimage
--
2.34.1
4 months, 2 weeks
- 6
- 9
[PATCH v2 0/4] alpha: stack fixes
by Ivan Kokshaysky
This series fixes oopses on Alpha/SMP observed since kernel v6.9. [1]
Thanks to Magnus Lindholm for identifying that remarkably longstanding
bug.
The problem is that GCC expects 16-byte alignment of the incoming stack
since early 2004, as Maciej found out [2]:
Having actually dug speculatively I can see that the psABI was changed in
GCC 3.5 with commit e5e10fb4a350 ("re PR target/14539 (128-bit long double
improperly aligned)") back in Mar 2004, when the stack pointer alignment
was increased from 8 bytes to 16 bytes, and arch/alpha/kernel/entry.S has
various suspicious stack pointer adjustments, starting with SP_OFF which
is not a whole multiple of 16.
Also, as Magnus noted, "ALPHA Calling Standard" [3] required the same:
D.3.1 Stack Alignment
This standard requires that stacks be octaword aligned at the time a
new procedure is invoked.
However:
- the "normal" kernel stack is always misaligned by 8 bytes, thanks to
the odd number of 64-bit words in 'struct pt_regs', which is the very
first thing pushed onto the kernel thread stack;
- syscall, fault, interrupt etc. handlers may, or may not, receive aligned
stack depending on numerous factors.
Somehow we got away with it until recently, when we ended up with
a stack corruption in kernel/smp.c:smp_call_function_single() due to
its use of 32-byte aligned local data and the compiler doing clever
things allocating it on the stack.
Patches 1-2 are preparatory; 3 - the main fix; 4 - fixes remaining
special cases.
Ivan.
[1] https://lore.kernel.org/rcu/CA+=Fv5R9NG+1SHU9QV9hjmavycHKpnNyerQ=Ei90G98ukR…
[2] https://lore.kernel.org/rcu/alpine.DEB.2.21.2501130248010.18889@angie.orcam…
[3] https://bitsavers.org/pdf/dec/alpha/Alpha_Calling_Standard_Rev_2.0_19900427…
---
Changes in v2:
- patch #1: provide empty 'struct pt_regs' to fix compile failure in libbpf,
reported by John Paul Adrian Glaubitz <glaubitz(a)physik.fu-berlin.de>;
update comment and commit message accordingly;
- cc'ed <stable(a)vger.kernel.org> as older kernels ought to be fixed as well.
---
Ivan Kokshaysky (4):
alpha/uapi: do not expose kernel-only stack frame structures
alpha: replace hardcoded stack offsets with autogenerated ones
alpha: make stack 16-byte aligned (most cases)
alpha: align stack for page fault and user unaligned trap handlers
arch/alpha/include/asm/ptrace.h | 64 ++++++++++++++++++++++++++-
arch/alpha/include/uapi/asm/ptrace.h | 65 ++--------------------------
arch/alpha/kernel/asm-offsets.c | 4 ++
arch/alpha/kernel/entry.S | 24 +++++-----
arch/alpha/kernel/traps.c | 2 +-
arch/alpha/mm/fault.c | 4 +-
6 files changed, 83 insertions(+), 80 deletions(-)
--
2.39.5
4 months, 2 weeks
- 5
- 17
[PATCH v8 02/13] drm/bridge: cdns-dsi: Fix phy de-init and flag it so
by Aradhya Bhatia
From: Aradhya Bhatia <a-bhatia1(a)ti.com>
The driver code doesn't have a Phy de-initialization path as yet, and so
it does not clear the phy_initialized flag while suspending. This is a
problem because after resume the driver looks at this flag to determine
if a Phy re-initialization is required or not. It is in fact required
because the hardware is resuming from a suspend, but the driver does not
carry out any re-initialization causing the D-Phy to not work at all.
Call the counterparts of phy_init() and phy_power_on(), that are
phy_exit() and phy_power_off(), from _bridge_post_disable(), and clear
the flags so that the Phy can be initialized again when required.
Fixes: fced5a364dee ("drm/bridge: cdns: Convert to phy framework")
Cc: Stable List <stable(a)vger.kernel.org>
Signed-off-by: Aradhya Bhatia <a-bhatia1(a)ti.com>
Signed-off-by: Aradhya Bhatia <aradhya.bhatia(a)linux.dev>
---
drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c b/drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c
index 2f897ea5e80a..b0a1a6774ea6 100644
--- a/drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c
+++ b/drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c
@@ -680,6 +680,11 @@ static void cdns_dsi_bridge_post_disable(struct drm_bridge *bridge)
struct cdns_dsi_input *input = bridge_to_cdns_dsi_input(bridge);
struct cdns_dsi *dsi = input_to_dsi(input);
+ dsi->phy_initialized = false;
+ dsi->link_initialized = false;
+ phy_power_off(dsi->dphy);
+ phy_exit(dsi->dphy);
+
pm_runtime_put(dsi->base.dev);
}
@@ -1152,7 +1157,6 @@ static int __maybe_unused cdns_dsi_suspend(struct device *dev)
clk_disable_unprepare(dsi->dsi_sys_clk);
clk_disable_unprepare(dsi->dsi_p_clk);
reset_control_assert(dsi->dsi_p_rst);
- dsi->link_initialized = false;
return 0;
}
--
2.34.1
4 months, 2 weeks
- 3
- 2
Publish Your Research in e-Informatica Software Engineering Journal (IF=1.2, Open Access & Free of Charge)
by e-Informatica Software Engineering Journal
Dear Prof./Dr. Table,
e-Informatica Software Engineering Journal (EISEJ) is an established,
peer-reviewed, ISI JCR-indexed journal with an Impact Factor (IF=1.2,
5 Year IF=1.3) calculated by Clarivate and a free-of-charge, open-access
publishing model that accepts papers in Software Engineering, including
the intersection of data science (AI/ML) and Software Engineering.
Since you have published your research results at premier software
engineering conferences, such as MSR24, we believe that
EISEJ can serve as an excellent platform to share your impactful work further,
connecting it with a broad, engaged audience and enhancing your visibility
even more.
Why choose EISEJ for your next publication?
- Reputation and Trust: Indexed in ISI Web of Science (IF=1.2, 5 Year
IF=1.3), Scopus (CiteScore'23=2.6, CiteScoreTracker'24=3.3 and growing),
DBLP, DOAJ, and Google Scholar, demonstrating our global reach and
credibility.
- No Author Fees: Publish your work under a CC-BY license without any costs,
making your research accessible worldwide.
- Global Reach and Recognition: Internationally renowned Editorial Board:
https://www.e-informatyka.pl/index.php/einformatica/editorial-board/ .
- Efficient Publishing Process: Benefit from continuous, rapid publishing
with immediate online availability post-acceptance.
- No Restrictions on Paper Length: We welcome comprehensive work without
word or page limits.
What We Publish:
In addition to regular research papers, EISEJ is an ideal venue for:
- Systematic reviews, mapping studies, and survey research studies,
and supporting tools, see, e.g.,
[1] Norsaremah Salleh, Emilia Mendes, Fabiana Mendes, Charitha Dissanayake
Lekamlage and Kai Petersen, "Value-based Software Engineering: A Systematic
Mapping Study", In e-Informatica Software Engineering Journal, vol. 17, no.
1, pp. 230106, 2023. DOI: 10.37190/e-Inf230106.
[2] Chris Marshall, Barbara Kitchenham and Pearl Brereton, "Tool Features to
Support Systematic Reviews in Software Engineering – A Cross Domain Study",
In e-Informatica Software Engineering Journal, vol. 12, no. 1, pp. 79–115,
2018. DOI: 10.5277/e-Inf180104.
- Guidelines, see, e.g.,
[3] Miroslaw Staron, "Guidelines for Conducting Action Research Studies in
Software Engineering", In e-Informatica Software Engineering Journal, vol.
19, no. 1, pp. 250105, 2025. DOI: 10.37190/e-Inf250105.
[4] Muhammad Usman, Nauman Bin Ali and Claes Wohlin, "A Quality Assessment
Instrument for Systematic Literature Reviews in Software Engineering", In
e-Informatica Software Engineering Journal, vol. 17, no. 1, pp. 230105,
2023. DOI: 10.37190/e-Inf230105.
- Research agendas and vision papers, see, e.g.,
[5] Michael Unterkalmsteiner, Pekka Abrahamsson, XiaoFeng Wang, Anh
Nguyen-Duc, Syed Shah, Sohaib Shahid Bajwa, Guido H. Baltes, Kieran Conboy,
Eoin Cullina, Denis Dennehy, Henry Edison, Carlos Fernandez-Sanchez, Juan
Garbajosa, Tony Gorschek, Eriks Klotins, Laura Hokkanen, Fabio Kon, Ilaria
Lunesu, Michele Marchesi, Lorraine Morgan, Markku Oivo, Christoph Selig,
Pertti Seppänen, Roger Sweetman, Pasi Tyrväinen, Christina Ungerer and
Agustin Yagüe, "Software Startups – A Research Agenda", In e-Informatica
Software Engineering Journal, vol. 10, no. 1, pp. 89–124, 2016. DOI:
10.5277/e-Inf160105.
[6] Einav Peretz-Andersson and Richard Torkar, "Empirical AI Transformation
Research: A Systematic Mapping Study and Future Agenda", In e-Informatica
Software Engineering Journal, vol. 16, no. 1, pp. 220108, 2022. DOI:
10.37190/e-Inf220108.
- Interdisciplinary work at the intersection of Software Engineering and
AI/ML, see, e.g.,
[7] Mirosław Ochodek and Miroslaw Staron, "ACoRA – A Platform for Automating
Code Review Tasks", In e-Informatica Software Engineering Journal, vol. 19,
no. 1, pp. 250102, 2025. DOI: 10.37190/e-Inf250102.
We are also open to proposals for special sections that reflect the latest
trends and challenges in the field. If you have ideas for collaboration or
suggestions on how we can better meet researchers’ needs, we welcome
your feedback at e-informatica(a)pwr.edu.pl .
Explore our journal at: https://www.e-informatyka.pl/ , and start your
submission process at https://mc.manuscriptcentral.com/e-InformaticaSEJ .
We recommend using our latest LaTeX template available at
https://www.e-informatyka.pl/index.php/einformatica/authors-guide/paper-sub…
With best regards,
Lech Madeyski & Miroslaw Ochodek
Editors-in-Chief, e-Informatica Software Engineering Journal (EISEJ)
---
EISEJ is indexed by:
- ISI WoS with Impact Factor (IF=1.2, 5 Year IF=1.3) calculated by Clarivate:
https://jcr.clarivate.com/jcr-jp/journal-profile?journal=E-INFORMATICA&year…
- Scopus (with CiteScore=2.6): https://www.scopus.com/sourceid/21100259509
- DBLP: https://dblp.uni-trier.de/db/journals/eInformatica/index.html
- Directory of Open Access Journals (DOAJ): https://www.doaj.org/toc/2084-4840
- Google Scholar: https://scholar.google.pl/citations?user=8-uDLDoAAAAJ&hl
---
Opt out: If you do not want to receive further e-mails from us, please use this link:
https://listmonk.e-informatyka.pl/subscription/c3d88966-bba6-42ee-af4c-3eab…
4 months, 2 weeks
- 1
- 0
[PATCH] arm64: Handle .ARM.attributes section in linker scripts
by Nathan Chancellor
A recent LLVM commit [1] started generating an .ARM.attributes section
similar to the one that exists for 32-bit, which results in orphan
section warnings (or errors if CONFIG_WERROR is enabled) from the linker
because it is not handled in the arm64 linker scripts.
ld.lld: error: arch/arm64/kernel/vdso/vgettimeofday.o:(.ARM.attributes) is being placed in '.ARM.attributes'
ld.lld: error: arch/arm64/kernel/vdso/vgetrandom.o:(.ARM.attributes) is being placed in '.ARM.attributes'
ld.lld: error: vmlinux.a(lib/vsprintf.o):(.ARM.attributes) is being placed in '.ARM.attributes'
ld.lld: error: vmlinux.a(lib/win_minmax.o):(.ARM.attributes) is being placed in '.ARM.attributes'
ld.lld: error: vmlinux.a(lib/xarray.o):(.ARM.attributes) is being placed in '.ARM.attributes'
Add this new section to the necessary linker scripts to resolve the warnings.
Cc: stable(a)vger.kernel.org
Fixes: b3e5d80d0c48 ("arm64/build: Warn on orphan section placement")
Link: https://github.com/llvm/llvm-project/commit/ee99c4d4845db66c4daa2373352133f… [1]
Signed-off-by: Nathan Chancellor <nathan(a)kernel.org>
---
arch/arm64/kernel/vdso/vdso.lds.S | 1 +
arch/arm64/kernel/vmlinux.lds.S | 1 +
2 files changed, 2 insertions(+)
diff --git a/arch/arm64/kernel/vdso/vdso.lds.S b/arch/arm64/kernel/vdso/vdso.lds.S
index 4ec32e86a8da..f8418a3a2758 100644
--- a/arch/arm64/kernel/vdso/vdso.lds.S
+++ b/arch/arm64/kernel/vdso/vdso.lds.S
@@ -75,6 +75,7 @@ SECTIONS
DWARF_DEBUG
ELF_DETAILS
+ .ARM.attributes 0 : { *(.ARM.attributes) }
/DISCARD/ : {
*(.data .data.* .gnu.linkonce.d.* .sdata*)
diff --git a/arch/arm64/kernel/vmlinux.lds.S b/arch/arm64/kernel/vmlinux.lds.S
index f84c71f04d9e..c94942e9eb46 100644
--- a/arch/arm64/kernel/vmlinux.lds.S
+++ b/arch/arm64/kernel/vmlinux.lds.S
@@ -335,6 +335,7 @@ SECTIONS
STABS_DEBUG
DWARF_DEBUG
ELF_DETAILS
+ .ARM.attributes 0 : { *(.ARM.attributes) }
HEAD_SYMBOLS
---
base-commit: 1dd3393696efba1598aa7692939bba99d0cffae3
change-id: 20250123-arm64-handle-arm-attributes-in-linker-script-82aee25313ac
Best regards,
--
Nathan Chancellor <nathan(a)kernel.org>
4 months, 2 weeks
- 2
- 1
Request to apply 961b4b5e86bf to LTS kernels
by Chuck Lever
Hi -
May I request that you apply
961b4b5e86bf ("NFSD: Reset cb_seq_status after NFS4ERR_DELAY")
to all LTS kernels that don't have it?
I've checked that it applies cleanly to at least v6.1 and run
it through NFSD CI. It should not be a problem to apply it
elsewhere.
--
Chuck Lever
4 months, 2 weeks
- 2
- 1
[PATCH] arm64: kprobe: fix an error in single stepping support
by 1534428646@qq.com
From: "Yiren Xie" <1534428646(a)qq.com>
It is obvious a conflict between the code and the comment.
The function aarch64_insn_is_steppable is used to check if a mrs
instruction can be safe in single-stepping environment, in the
comment it says only reading DAIF bits by mrs is safe in
single-stepping environment, and other mrs instructions are not. So
aarch64_insn_is_steppable should returen "TRUE" if the mrs instruction
being single stepped is reading DAIF bits.
And have verified using a kprobe kernel module which reads the DAIF bits by
function arch_local_irq_save with offset setting to 0x4, confirmed that
without this modification, it encounters
"kprobe_init: register_kprobe failed, returned -22" error while inserting
the kprobe kernel module. and with this modification, it can read the DAIF
bits in single-stepping environment.
Fixes: 2dd0e8d2d2a1 ("arm64: Kprobes with single stepping support")
Cc: stable(a)vger.kernel.org
Signed-off-by: Yiren Xie <1534428646(a)qq.com>
---
arch/arm64/kernel/probes/decode-insn.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm64/kernel/probes/decode-insn.c b/arch/arm64/kernel/probes/decode-insn.c
index 6438bf62e753..22383eb1c22c 100644
--- a/arch/arm64/kernel/probes/decode-insn.c
+++ b/arch/arm64/kernel/probes/decode-insn.c
@@ -40,7 +40,7 @@ static bool __kprobes aarch64_insn_is_steppable(u32 insn)
*/
if (aarch64_insn_is_mrs(insn))
return aarch64_insn_extract_system_reg(insn)
- != AARCH64_INSN_SPCLREG_DAIF;
+ == AARCH64_INSN_SPCLREG_DAIF;
/*
* The HINT instruction is steppable only if it is in whitelist
--
2.34.1
4 months, 2 weeks
- 3
- 2
Re: v5.4.289 failed to boot with error megasas_build_io_fusion 3219 sge_count (-12) is out of range
by Harshvardhan Jha
Hi All,
+stable
There seems to be some formatting issues in my log output. I have
attached it as a file.
Thanks & Regards,
Harshvardhan
On 29/01/25 1:57 PM, Harshvardhan Jha wrote:
> Hello there,
>
> The stable tag v5.4.289 seems to fail to boot with following trace:
>
> [ OK ] Created slice system-serial\x2dgetty.slice. [ OK ] Listening on
> udev Control Socket. [ OK ] Reached target Local Encrypted Volumes. [ OK
> ] Listening on /dev/initctl Compatibility Named Pipe. [ OK ] Listening
> on Delayed Shutdown Socket. [ OK ] Created slice
> system-selinux\x2dpol...grate\x2dlocal\x2dchanges.slice. [ OK ] Stopped
> target Initrd File Systems. [ OK ] Listening on LVM2 metadata daemon
> socket. Mounting Debug File System... [ OK ] Listening on networkd
> rtnetlink socket. [ OK ] Listening on Device-mapper event daemon FIFOs.
> Starting Monitoring of LVM2 mirrors... dmeventd or progress polling... [
> OK ] Created slice User and Session Slice. Starting Read and set NIS
> domainname from /etc/sysconfig/network... Starting Load legacy module
> configuration... [ OK ] Set up automount Arbitrary Executab...ats File
> System Automount Point. [ OK ] Created slice
> system-rdma\x2dload\x2dmodules.slice. [ OK ] Started Forward Password
> Requests to Wall Directory Watch. [ OK ] Reached target Paths. Starting
> Remount Root and Kernel File Systems... [ OK ] Created slice
> system-getty.slice. Starting Create list of required st... nodes for the
> current kernel... Starting Set Up Additional Binary Formats... [ OK ]
> Stopped target Initrd Root File System. [ OK ] Reached target Slices. [
> OK ] Created slice system-systemd\x2dfsck.slice. [ OK ] Mounted POSIX
> Message Queue File System. [ OK ] Mounted Debug File System. [ OK ]
> Started Read and set NIS domainname from /etc/sysconfig/network.
> Mounting Arbitrary Executable File Formats File System... [ OK ] Started
> Journal Service. [ OK ] Started Create list of required sta...ce nodes
> for the current kernel. Starting Create Static Device Nodes in /dev... [
> OK ] Started LVM2 metadata daemon. [ OK ] Started Remount Root and
> Kernel File Systems. Starting Load/Save Random Seed... Starting udev
> Coldplug all Devices... Starting Flush Journal to Persistent Storage...
> [FAILED] Failed to start Load Kernel Modules. See 'systemctl status
> systemd-modules-load.service' for details. Starting Apply Kernel
> Variables... [ OK ] Started Load/Save Random Seed. [ OK ] Mounted
> Arbitrary Executable File Formats File System. [ OK ] Started Set Up
> Additional Binary Formats. [ OK ] Started Create Static Device Nodes in
> /dev. Starting udev Kernel Device Manager... [ OK ] Started Apply Kernel
> Variables. [ OK ] Started Load legacy module configuration. [ OK ]
> Started udev Coldplug all Devices. Starting udev Wait for Complete
> Device Initialization... [ 24.427217] megaraid_sas 0000:65:00.0:
> megasas_build_io_fusion 3273 sge_count (-12) is out of range. Range is:
> 0-256
>
> [ 24.427217] megaraid_sas 0000:65:00.0: megasas_build_io_fusion 3273
> sge_count (-12) is out of range. Range is: 0-256 kept showing
> infinitely. It kept popping until I reset the system.
>
> Reverting the following patch seems to fix the issue:
>
> commit 07c9cccc4c3fecba175a7e5aafba6370758f5ce2
> Author: Juergen Gross <jgross(a)suse.com>
> Date: Fri Sep 13 12:05:02 2024 +0200
>
> xen/swiotlb: add alignment check for dma buffers
>
> [ Upstream commit 9f40ec84a7976d95c34e7cc070939deb103652b0 ]
>
> When checking a memory buffer to be consecutive in machine memory,
> the alignment needs to be checked, too. Failing to do so might result
> in DMA memory not being aligned according to its requested size,
> leading to error messages like:
>
> 4xxx 0000:2b:00.0: enabling device (0140 -> 0142)
> 4xxx 0000:2b:00.0: Ring address not aligned
> 4xxx 0000:2b:00.0: Failed to initialise service qat_crypto
> 4xxx 0000:2b:00.0: Resetting device qat_dev0
> 4xxx: probe of 0000:2b:00.0 failed with error -14
>
> Fixes: 9435cce87950 ("xen/swiotlb: Add support for 64KB page
> granularity")
> Signed-off-by: Juergen Gross <jgross(a)suse.com>
> Reviewed-by: Stefano Stabellini <sstabellini(a)kernel.org>
> Signed-off-by: Juergen Gross <jgross(a)suse.com>
> Signed-off-by: Sasha Levin <sashal(a)kernel.org>
>
> I tried changing swiotlb grub command line arguments but that didn't
> seem to help much unfortunately and the error was seen again.
>
> Thanks & Regards,
> Harshvardhan
>
4 months, 2 weeks
- 5
- 18
stable-rc/linux-5.10.y: new build regression: passing 'const struct net *' to parameter of type 'struc...
by KernelCI bot
Hello,
New build issue found on stable-rc/linux-5.10.y:
passing 'const struct net *' to parameter of type 'struct net *'
discards qualifiers
[-Werror,-Wincompatible-pointer-types-discards-qualifiers] in
net/ipv4/udp.o (net/ipv4/udp.c) [logspec:kbuild,kbuild.compiler.error]
- Dashboard: https://staging.dashboard.kernelci.org:9000/issue/maestro:841ec27ef8554e3fd…
- Grafana: https://grafana.kernelci.org/d/issue/issue?var-id=maestro:841ec27ef8554e3fd…
Log excerpt:
net/ipv4/udp.c:447:29: error: passing 'const struct net *' to
parameter of type 'struct net *' discards qualifiers
[-Werror,-Wincompatible-pointer-types-discards-qualifiers]
447 | score = compute_score(sk, net,
| ^~~
net/ipv4/udp.c:359:55: note: passing argument to parameter 'net' here
359 | static int compute_score(struct sock *sk, struct net *net,
| ^
1 error generated.
# Builds where the incident occurred:
## i386_defconfig+allmodconfig(clang-17):
- Dashboard: https://staging.dashboard.kernelci.org:9000/build/maestro:67a11a6a661a7bc87…
## x86_64_defconfig+allmodconfig(clang-17):
- Dashboard: https://staging.dashboard.kernelci.org:9000/build/maestro:67a11a3d661a7bc87…
## defconfig+allmodconfig(clang-17):
- Dashboard: https://staging.dashboard.kernelci.org:9000/build/maestro:67a11a31661a7bc87…
## x86_64_defconfig(clang-17):
- Dashboard: https://staging.dashboard.kernelci.org:9000/build/maestro:67a11a39661a7bc87…
## defconfig+allmodconfig(clang-17):
- Dashboard: https://staging.dashboard.kernelci.org:9000/build/maestro:67a11a35661a7bc87…
#kernelci issue maestro:841ec27ef8554e3fda7cfd5babc4831387ac9e8e
--
This is an experimental report format. Please send feedback in!
Talk to us at kerneci(a)lists.linux.dev
Made with love by the KernelCI team - https://kernelci.org
4 months, 2 weeks
- 2
- 1
stable-rc/linux-5.4.y: new build regression: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ...
by KernelCI bot
Hello,
New build issue found on stable-rc/linux-5.4.y:
expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘__free’ in
drivers/soc/atmel/soc.o (drivers/soc/atmel/soc.c)
[logspec:kbuild,kbuild.compiler.error]
- Dashboard: https://staging.dashboard.kernelci.org:9000/issue/maestro:040dcc33328a47e52…
- Grafana: https://grafana.kernelci.org/d/issue/issue?var-id=maestro:040dcc33328a47e52…
Log excerpt:
drivers/soc/atmel/soc.c:277:32: error: expected ‘=’, ‘,’, ‘;’, ‘asm’
or ‘__attribute__’ before ‘__free’
277 | struct device_node *np __free(device_node) =
of_find_node_by_path("/");
| ^~~~~~
drivers/soc/atmel/soc.c:277:32: error: implicit declaration of
function ‘__free’; did you mean ‘kzfree’?
[-Werror=implicit-function-declaration]
277 | struct device_node *np __free(device_node) =
of_find_node_by_path("/");
| ^~~~~~
| kzfree
drivers/soc/atmel/soc.c:277:39: error: ‘device_node’ undeclared (first
use in this function)
277 | struct device_node *np __free(device_node) =
of_find_node_by_path("/");
| ^~~~~~~~~~~
drivers/soc/atmel/soc.c:277:39: note: each undeclared identifier is
reported only once for each function it appears in
drivers/soc/atmel/soc.c:279:51: error: ‘np’ undeclared (first use in
this function); did you mean ‘nop’?
279 | if (!of_match_node(at91_soc_allowed_list, np))
| ^~
| nop
CC drivers/spi/spidev.o
cc1: some warnings being treated as errors
# Builds where the incident occurred:
## multi_v7_defconfig(gcc-12):
- Dashboard: https://staging.dashboard.kernelci.org:9000/build/maestro:67a119e4661a7bc87…
## multi_v5_defconfig(gcc-12):
- Dashboard: https://staging.dashboard.kernelci.org:9000/build/maestro:67a119e0661a7bc87…
## multi_v7_defconfig(gcc-12):
- Dashboard: https://staging.dashboard.kernelci.org:9000/build/maestro:67a119d8661a7bc87…
#kernelci issue maestro:040dcc33328a47e528c393a656a52b340b4ccc8b
--
This is an experimental report format. Please send feedback in!
Talk to us at kerneci(a)lists.linux.dev
Made with love by the KernelCI team - https://kernelci.org
4 months, 2 weeks
- 2
- 1
stable-rc/linux-6.6.y: new boot regression: WARNING at drivers/base/core.c:2515 device_release+0x80/...
by KernelCI bot
Hello,
New boot regression found on stable-rc/linux-6.6.y:
WARNING at drivers/base/core.c:2515 device_release+0x80/0x90
[logspec:generic_linux_boot,linux.kernel.warning]
- Dashboard: https://staging.dashboard.kernelci.org:9000/issue/maestro:18a6cd3bd705698b4…
- Grafana: https://grafana.kernelci.org/d/issue/issue?var-id=maestro:18a6cd3bd705698b4…
Log excerpt:
[ 10.292722] mtk-wdt 10007000.watchdog: Watchdog enabled (timeout=31
sec, nowayout=0)
[ 10.300525] Device 'conn' does not have a release() function, it is
broken and must be fixed. See Documentation/core-api/kobject.rst.
[ 10.300855] OF: graph: no port node found in
/soc/spi@11012000/cros-ec@0/typec/connector@0
[ 10.312539] WARNING: CPU: 4 PID: 76 at drivers/base/core.c:2515
device_release+0x80/0x90
[ 10.320803] OF: graph: no port node found in
/soc/spi@11012000/cros-ec@0/typec/connector@0
[ 10.328862] Modules linked in: videodev(+)
[ 10.337116] OF: graph: no port node found in
/soc/spi@11012000/cros-ec@0/typec/connector@0
[ 10.337122] ecdh_generic
[ 10.344606] videodev: Linux video capture interface: v2.00
[ 10.344795] OF: graph: no port node found in
/soc/spi@11012000/cros-ec@0/typec/connector@0
[ 10.344808] OF: graph: no port node found in
/soc/spi@11012000/cros-ec@0/typec/connector@0
[ 10.344813] OF: graph: no port node found in
/soc/spi@11012000/cros-ec@0/typec/connector@0
[ 10.344820] OF: graph: no port node found in
/soc/spi@11012000/cros-ec@0/typec/connector@0
[ 10.344825] OF: graph: no port node found in
/soc/spi@11012000/cros-ec@0/typec/connector@0
[ 10.344829] OF: graph: no port node found in
/soc/spi@11012000/cros-ec@0/typec/connector@0
[ 10.344862] OF: graph: no port node found in
/soc/spi@11012000/cros-ec@0/typec/connector@0
[ 10.344867] OF: graph: no port node found in
/soc/spi@11012000/cros-ec@0/typec/connector@0
[ 10.349449] ecc mtk_mutex cfg80211(+) cros_ec_typec(+) pwm_bl
videobuf2_common mtk_rpmsg mtk_mmsys mc rfkill elan_i2c auxadc_thermal
sbs_battery mtk_pmic_keys mtk_wdt(+) pwm_mediatek mtk_scp_ipi
mt6577_auxadc backlight
[ 10.443014] CPU: 4 PID: 76 Comm: kworker/u18:7 Tainted: G W
6.6.76-rc1 #1
[ 10.451183] Hardware name: Google juniper sku16 board (DT)
[ 10.456659] Workqueue: events_unbound deferred_probe_work_func
[ 10.462491] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[ 10.469443] pc : device_release+0x80/0x90
[ 10.473443] lr : device_release+0x80/0x90
[ 10.477441] sp : ffff8000806a3a80
[ 10.480744] x29: ffff8000806a3a80 x28: 0000000000000000 x27: 0000000000000000
[ 10.487871] x26: 0000000000000000 x25: 0000000000000000 x24: ffffb3a8b7360500
[ 10.494998] x23: 0000000000000000 x22: 0000000000000000 x21: ffffb3a8b735db90
[ 10.502124] x20: 0000000000000000 x19: ffff514146120880 x18: 0000000000000006
[ 10.509250] x17: 61206e656b6f7262 x16: 207369207469202c x15: 6e6f6974636e7566
[ 10.516376] x14: 202928657361656c x13: 2e7473722e746365 x12: 6a626f6b2f697061
[ 10.523502] x11: 2d65726f632f6e6f x10: 697461746e656d75 x9 : 6572206120657661
[ 10.530628] x8 : 6820746f6e207365 x7 : 205d353235303033 x6 : 332e30312020205b
[ 10.537754] x5 : 0000000000000000 x4 : 0000000000000000 x3 : 00000000ffffffff
[ 10.544880] x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff514140e28f00
[ 10.552007] Call trace:
[ 10.554442] device_release+0x80/0x90
[ 10.558095] kobject_put+0xa4/0x120
[ 10.561577] put_device+0x14/0x24
[ 10.564881] genpd_remove+0x118/0x1bc
[ 10.568534] pm_genpd_remove+0x2c/0x50
[ 10.572274] scpsys_probe+0x13c/0x218
[ 10.575927] platform_probe+0x68/0xc4
[ 10.579579] really_probe+0x148/0x2ac
[ 10.583232] __driver_probe_device+0x78/0x12c
[ 10.587579] driver_probe_device+0xd8/0x15c
[ 10.591754] __device_attach_driver+0xb8/0x134
[ 10.596188] bus_for_each_drv+0x84/0xe0
[ 10.600015] __device_attach+0x9c/0x188
[ 10.603841] device_initial_probe+0x14/0x20
[ 10.608015] bus_probe_device+0xac/0xb0
[ 10.611841] deferred_probe_work_func+0x88/0xc0
[ 10.616361] process_one_work+0x148/0x2a0
[ 10.620364] worker_thread+0x324/0x43c
[ 10.624104] kthread+0x114/0x118
[ 10.627323] ret_from_fork+0x10/0x20
# Hardware platforms affected:
## mt8183-kukui-jacuzzi-juniper-sku16
- Compatibles: google,juniper-sku16 | google,juniper | mediatek,mt8183
- Dashboard: https://staging.dashboard.kernelci.org:9000/test/maestro:67a173d8661a7bc874…
#kernelci issue maestro:18a6cd3bd705698b41106eef2a1d7f2e411c7aab
Reported-by: kernelci.org bot <bot(a)kernelci.org>
--
This is an experimental report format. Please send feedback in!
Talk to us at kerneci(a)lists.linux.dev
Made with love by the KernelCI team - https://kernelci.org
4 months, 2 weeks
- 1
- 0
stable-rc/linux-6.6.y: new boot regression: NULL pointer dereference at virtual address 000000000000...
by KernelCI bot
Hello,
New boot regression found on stable-rc/linux-6.6.y:
NULL pointer dereference at virtual address 0000000000000030
[logspec:generic_linux_boot,linux.kernel.null_pointer_dereference]
- Dashboard: https://staging.dashboard.kernelci.org:9000/issue/maestro:295973ea60dd4385e…
- Grafana: https://grafana.kernelci.org/d/issue/issue?var-id=maestro:295973ea60dd4385e…
Log excerpt:
[ 4.896353] Unable to handle kernel NULL pointer dereference at
virtual address 0000000000000030
[ 4.896354] Mem abort info:
[ 4.896355] ESR = 0x0000000096000004
[ 4.896356] EC = 0x25: DABT (current EL), IL = 32 bits
[ 4.896357] SET = 0, FnV = 0
[ 4.896358] EA = 0, S1PTW = 0
[ 4.896358] FSC = 0x04: level 0 translation fault
[ 4.896360] Data abort info:
[ 4.896366] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000
[ 4.896367] CM = 0, WnR = 0, TnD = 0, TagAccess = 0
[ 4.896368] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
[ 4.896369] user pgtable: 4k pages, 48-bit VAs, pgdp=00000001089d9000
[ 4.896370] [0000000000000030] pgd=0000000000000000, p4d=0000000000000000
[ 4.896374] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP
[ 4.896376] Modules linked in: mtk_mdp3(+) v4l2_mem2mem joydev ecc
pcie_mediatek_gen3(+) videobuf2_dma_contig elan_i2c mtk_svs
lvts_thermal r8152(+) mii cros_ec_rpmsg snd_sof_mt8195 mtk_adsp_common
snd_sof_xtensa_dsp mtk_scp snd_sof_of cros_ec_sensorhub
cros_kbd_led_backlight mtk_rpmsg snd_sof rpmsg_core mt6359_auxadc
snd_soc_mt8195_afe mt6577_auxadc snd_sof_utils mtk_scp_ipi mtk_wdt
mt8195_mt6359 uvcvideo videobuf2_vmalloc uvc videobuf2_v4l2
videobuf2_memops videobuf2_common
[ 4.896396] CPU: 7 UID: 0 PID: 207 Comm: (udev-worker) Not tainted
6.13.2-rc1 #1 8f7a24f5cbfa3d4f7c9dce5f7e52657669893a6c
[ 4.896399] Hardware name: Acer Tomato (rev2) board (DT)
[ 4.896400] pstate: 40400009 (nZcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[ 4.896402] pc : klist_put+0x28/0xf0
[ 4.896410] lr : klist_iter_exit+0x24/0x38
[ 4.896412] sp : ffff800080cab810
[ 4.896412] x29: ffff800080cab810 x28: ffffc4e77c077518 x27: 0000000000000001
[ 4.896415] x26: ffff800080cabb10 x25: ffffc4e79fb98a50 x24: ffff1beb48832bb8
[ 4.896417] x23: ffffc4e79dedd540 x22: 0000000000000000 x21: ffffc4e79d6f8f00
[ 4.896418] x20: 0000000000000000 x19: ffff1beb41095178 x18: ffffffffffffffff
[ 4.896420] x17: 656469762f766564 x16: ffffc4e79d6fb3f0 x15: 2d35393138746d2c
[ 4.896422] x14: ffffc4e79fe0e750 x13: 616964656d43746f x12: 0000000000000000
[ 4.896424] x11: 00353639333d4d55 x10: 0000a8fc3b570378 x9 : ffffc4e79dd32458
[ 4.896426] x8 : 0101010101010101 x7 : 7f7f7f7f7f7f7f7f x6 : 5c175b1c0b544003
[ 4.896427] x5 : 0340540b1c5b175c x4 : 0000000000000000 x3 : 0000000014f08001
[ 4.896429] x2 : 00000000dead4ead x1 : 0000000000000000 x0 : 0000000000000000
[ 4.896431] Call trace:
[ 4.896432] klist_put+0x28/0xf0 (P)
[ 4.896435] klist_iter_exit+0x24/0x38
[ 4.896436] bus_for_each_dev+0x90/0xe8
[ 4.896440] driver_attach+0x2c/0x40
[ 4.896442] bus_add_driver+0xec/0x218
[ 4.896443] driver_register+0x68/0x138
[ 4.896445] __platform_driver_register+0x2c/0x40
[ 4.896447] mdp_driver_init+0x28/0xff8 [mtk_mdp3
368282916f4a555c99cbc06147f8cea6ac3d5634]
[ 4.896452] do_one_initcall+0x60/0x320
[ 4.896455] do_init_module+0x60/0x238
[ 4.896458] load_module+0x1cf8/0x1de8
[ 4.896460] init_module_from_file+0x8c/0xd8
[ 4.896461] __arm64_sys_finit_module+0x150/0x338
[ 4.896463] invoke_syscall+0x70/0x100
[ 4.896466] el0_svc_common.constprop.0+0x48/0xf0
[ 4.896469] do_el0_svc+0x24/0x38
[ 4.896471] el0_svc+0x34/0xf0
[ 4.896473] el0t_64_sync_handler+0x10c/0x138
[ 4.896474] el0t_64_sync+0x1b0/0x1b8
[ 4.896477] Code: 12001c36 f9400014 927ffa94 aa1403e0 (f9401a95)
# Hardware platforms affected:
## mt8195-cherry-tomato-r2
- Compatibles: google,tomato-rev2 | google,tomato | mediatek,mt8195
- Dashboard: https://staging.dashboard.kernelci.org:9000/test/maestro:67a12193661a7bc874…
#kernelci issue maestro:295973ea60dd4385ec6b04faa6ddce9707f879a4
Reported-by: kernelci.org bot <bot(a)kernelci.org>
--
This is an experimental report format. Please send feedback in!
Talk to us at kerneci(a)lists.linux.dev
Made with love by the KernelCI team - https://kernelci.org
4 months, 2 weeks
- 1
- 0
[PATCH v3] tee: optee: Fix supplicant wait loop
by Sumit Garg
OP-TEE supplicant is a user-space daemon and it's possible for it
be hung or crashed or killed in the middle of processing an OP-TEE
RPC call. It becomes more complicated when there is incorrect shutdown
ordering of the supplicant process vs the OP-TEE client application which
can eventually lead to system hang-up waiting for the closure of the
client application.
Allow the client process waiting in kernel for supplicant response to
be killed rather than indefinitely waiting in an unkillable state. Also,
a normal uninterruptible wait should not have resulted in the hung-task
watchdog getting triggered, but the endless loop would.
This fixes issues observed during system reboot/shutdown when supplicant
got hung for some reason or gets crashed/killed which lead to client
getting hung in an unkillable state. It in turn lead to system being in
hung up state requiring hard power off/on to recover.
Fixes: 4fb0a5eb364d ("tee: add OP-TEE driver")
Suggested-by: Arnd Bergmann <arnd(a)arndb.de>
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Sumit Garg <sumit.garg(a)linaro.org>
---
Changes in v3:
- Use mutex_lock() instead of mutex_lock_killable().
- Update commit message to incorporate Arnd's feedback.
Changes in v2:
- Switch to killable wait instead as suggested by Arnd instead
of supplicant timeout. It atleast allow the client to wait for
supplicant in killable state which in turn allows system to reboot
or shutdown gracefully.
drivers/tee/optee/supp.c | 35 ++++++++---------------------------
1 file changed, 8 insertions(+), 27 deletions(-)
diff --git a/drivers/tee/optee/supp.c b/drivers/tee/optee/supp.c
index 322a543b8c27..d0f397c90242 100644
--- a/drivers/tee/optee/supp.c
+++ b/drivers/tee/optee/supp.c
@@ -80,7 +80,6 @@ u32 optee_supp_thrd_req(struct tee_context *ctx, u32 func, size_t num_params,
struct optee *optee = tee_get_drvdata(ctx->teedev);
struct optee_supp *supp = &optee->supp;
struct optee_supp_req *req;
- bool interruptable;
u32 ret;
/*
@@ -111,36 +110,18 @@ u32 optee_supp_thrd_req(struct tee_context *ctx, u32 func, size_t num_params,
/*
* Wait for supplicant to process and return result, once we've
* returned from wait_for_completion(&req->c) successfully we have
- * exclusive access again.
+ * exclusive access again. Allow the wait to be killable such that
+ * the wait doesn't turn into an indefinite state if the supplicant
+ * gets hung for some reason.
*/
- while (wait_for_completion_interruptible(&req->c)) {
+ if (wait_for_completion_killable(&req->c)) {
mutex_lock(&supp->mutex);
- interruptable = !supp->ctx;
- if (interruptable) {
- /*
- * There's no supplicant available and since the
- * supp->mutex currently is held none can
- * become available until the mutex released
- * again.
- *
- * Interrupting an RPC to supplicant is only
- * allowed as a way of slightly improving the user
- * experience in case the supplicant hasn't been
- * started yet. During normal operation the supplicant
- * will serve all requests in a timely manner and
- * interrupting then wouldn't make sense.
- */
- if (req->in_queue) {
- list_del(&req->link);
- req->in_queue = false;
- }
+ if (req->in_queue) {
+ list_del(&req->link);
+ req->in_queue = false;
}
mutex_unlock(&supp->mutex);
-
- if (interruptable) {
- req->ret = TEEC_ERROR_COMMUNICATION;
- break;
- }
+ req->ret = TEEC_ERROR_COMMUNICATION;
}
ret = req->ret;
--
2.43.0
4 months, 2 weeks
- 3
- 2
[PATCH] arm64: dts: exynos: gs101: disable pinctrl_gsacore node
by Peter Griffin
gsacore registers are not accessible from normal world.
Disable this node, so that the suspend/resume callbacks
in the pinctrl driver don't cause a Serror attempting to
access the registers.
Fixes: ea89fdf24fd9 ("arm64: dts: exynos: google: Add initial Google gs101 SoC support")
Signed-off-by: Peter Griffin <peter.griffin(a)linaro.org>
To: Rob Herring <robh(a)kernel.org>
To: Krzysztof Kozlowski <krzk+dt(a)kernel.org>
To: Conor Dooley <conor+dt(a)kernel.org>
To: Alim Akhtar <alim.akhtar(a)samsung.com>
Cc: linux-arm-kernel(a)lists.infradead.org
Cc: linux-samsung-soc(a)vger.kernel.org
Cc: devicetree(a)vger.kernel.org
Cc: linux-kernel(a)vger.kernel.org
Cc: tudor.ambarus(a)linaro.org
Cc: andre.draszik(a)linaro.org
Cc: kernel-team(a)android.com
Cc: willmcvicker(a)google.com
Cc: stable(a)vger.kernel.org
---
arch/arm64/boot/dts/exynos/google/gs101.dtsi | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/arm64/boot/dts/exynos/google/gs101.dtsi b/arch/arm64/boot/dts/exynos/google/gs101.dtsi
index 302c5beb224a..b8f8255f840b 100644
--- a/arch/arm64/boot/dts/exynos/google/gs101.dtsi
+++ b/arch/arm64/boot/dts/exynos/google/gs101.dtsi
@@ -1451,6 +1451,7 @@ pinctrl_gsacore: pinctrl@17a80000 {
/* TODO: update once support for this CMU exists */
clocks = <0>;
clock-names = "pclk";
+ status = "disabled";
};
cmu_top: clock-controller@1e080000 {
---
base-commit: ed9a4ad6e5bd3a443e81446476718abebee47e82
change-id: 20241213-contrib-pg-pinctrl_gsacore_disable-3457c942b0fe
Best regards,
--
Peter Griffin <peter.griffin(a)linaro.org>
4 months, 2 weeks
- 2
- 1
Linux 6.6.76-rc1 regression due to crypto-api-fix-boot-up-self-test-race
by Barry K. Nathan
Compared to 6.6.75, 6.6.76-rc1 freezes up for roughly one minute
during boot, and I think the log messages are indicating a crypto
self-test failure afterward. I have tried it on two different
computers (a Core 2 Duo-based PC and a Haswell-based 2015 15" MacBook
Pro) and it happens 100% of the time on both. I bisected it down to
crypto-api-fix-boot-up-self-test-race ("crypto: api - Fix boot-up
self-test race"). Reverting that one patch from 6.6.76-rc1 fixes the
regression for me.
By the way, I also tested 6.13.2-rc1 and 6.12.13-rc1, and this bug did
not reproduce on either.
Log excerpt:
[ 4.523861] ima: No TPM chip found, activating TPM-bypass!
[ 4.534858] ima: Allocated hash algorithm: sha256
[ 4.544294] ima: No architecture policies found
[ 4.553384] evm: Initialising EVM extended attributes:
[ 4.563682] evm: security.selinux
[ 4.570339] evm: security.SMACK64 (disabled)
[ 4.578900] evm: security.SMACK64EXEC (disabled)
[ 4.588156] evm: security.SMACK64TRANSMUTE (disabled)
[ 4.598279] evm: security.SMACK64MMAP (disabled)
[ 4.607534] evm: security.apparmor
[ 4.614363] evm: security.ima
[ 4.620326] evm: security.capability
[ 4.627502] evm: HMAC attrs: 0x1
[ 65.685967] random: crng init done
[ 68.452968] DRBG: could not allocate digest TFM handle: hmac(sha512)
[ 68.465701] alg: drbg: Failed to reset rng
[ 68.473914] alg: drbg: Test 0 failed for drbg_nopr_hmac_sha512
[ 68.485595] alg: self-tests for stdrng using drbg_nopr_hmac_sha512
failed (rc=-22)
[ 68.485597] ------------[ cut here ]------------
[ 68.510017] alg: self-tests for stdrng using drbg_nopr_hmac_sha512
failed (rc=-22)
[ 68.510035] WARNING: CPU: 1 PID: 78 at crypto/testmgr.c:5936
alg_test+0x49e/0x610
[ 68.540198] Modules linked in:
[ 68.546332] CPU: 1 PID: 78 Comm: cryptomgr_test Not tainted 6.6.76-rc1 #1
[ 68.559920] Hardware name: Gigabyte Technology Co., Ltd.
G41MT-S2PT/G41MT-S2PT, BIOS F2 12/06/2011
[ 68.579005] RIP: 0010:alg_test+0x49e/0x610
[ 68.587220] Code: de 48 89 df 89 04 24 e8 70 ed fe ff 44 8b 0c 24
e9 bc fc ff ff 44 89 c9 48 89 ea 4c 89 ee 48 c7 c7 80 9a ed ad e8 f2
74 b2 ff <0f> 0b 44 8b 0c 24 e9 a1 fe ff ff 8b 05 21 04 c2 01 85 c0 74
56 83
[ 68.624782] RSP: 0018:ffffbc8380307e10 EFLAGS: 00010286
[ 68.635252] RAX: 0000000000000000 RBX: 00000000ffffffff RCX: c0000000ffffefff
[ 68.649534] RDX: 0000000000000000 RSI: 00000000ffffefff RDI: 0000000000000001
[ 68.663816] RBP: ffffa01c47be0200 R08: 0000000000000000 R09: ffffbc8380307c98
[ 68.678100] R10: 0000000000000003 R11: ffffffffae0d1368 R12: 0000000000000058
[ 68.692384] R13: ffffa01c47be0280 R14: 0000000000000058 R15: 0000000000000058
[ 68.706665] FS: 0000000000000000(0000) GS:ffffa01d37c80000(0000)
knlGS:0000000000000000
[ 68.722871] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 68.734381] CR2: 00007ff2f64622e0 CR3: 0000000146c20000 CR4: 00000000000406e0
[ 68.748664] Call Trace:
[ 68.753588] <TASK>
[ 68.757817] ? alg_test+0x49e/0x610
[ 68.764817] ? __warn+0x81/0x130
[ 68.771301] ? alg_test+0x49e/0x610
[ 68.778304] ? report_bug+0x171/0x1a0
[ 68.785652] ? console_unlock+0x78/0x120
[ 68.793521] ? handle_bug+0x58/0x90
[ 68.800525] ? exc_invalid_op+0x17/0x70
[ 68.808221] ? asm_exc_invalid_op+0x1a/0x20
[ 68.816611] ? alg_test+0x49e/0x610
[ 68.823614] ? finish_task_switch.isra.0+0x90/0x2d0
[ 68.833390] ? __schedule+0x3c8/0xb00
[ 68.840739] ? __pfx_cryptomgr_test+0x10/0x10
[ 68.849473] cryptomgr_test+0x24/0x40
[ 68.856824] kthread+0xe5/0x120
[ 68.863133] ? __pfx_kthread+0x10/0x10
[ 68.870656] ret_from_fork+0x31/0x50
[ 68.877832] ? __pfx_kthread+0x10/0x10
[ 68.885354] ret_from_fork_asm+0x1b/0x30
[ 68.893226] </TASK>
[ 68.897626] ---[ end trace 0000000000000000 ]---
--
-Barry K. Nathan <barryn(a)pobox.com>
4 months, 2 weeks
- 1
- 0
[PATCH v2 1/1] scsi: ufs: core: Fix the HIGH/LOW_TEMP Bit Definitions
by Bao D. Nguyen
According to the UFS Device Specification, the dExtendedUFSFeaturesSupport
defines the support for TOO_HIGH_TEMPERATURE as bit[4] and the
TOO_LOW_TEMPERATURE as bit[5]. Correct the code to match with
the UFS device specification definition.
Fixes: e88e2d322 ("scsi: ufs: core: Probe for temperature notification support")
Cc: stable(a)vger.kernel.org
Signed-off-by: Bao D. Nguyen <quic_nguyenb(a)quicinc.com>
Reviewed-by: Avri Altman <Avri.Altman(a)wdc.com>
---
include/ufs/ufs.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/include/ufs/ufs.h b/include/ufs/ufs.h
index e594abe..f0c6111 100644
--- a/include/ufs/ufs.h
+++ b/include/ufs/ufs.h
@@ -386,8 +386,8 @@ enum {
/* Possible values for dExtendedUFSFeaturesSupport */
enum {
- UFS_DEV_LOW_TEMP_NOTIF = BIT(4),
- UFS_DEV_HIGH_TEMP_NOTIF = BIT(5),
+ UFS_DEV_HIGH_TEMP_NOTIF = BIT(4),
+ UFS_DEV_LOW_TEMP_NOTIF = BIT(5),
UFS_DEV_EXT_TEMP_NOTIF = BIT(6),
UFS_DEV_HPB_SUPPORT = BIT(7),
UFS_DEV_WRITE_BOOSTER_SUP = BIT(8),
--
2.7.4
4 months, 2 weeks
- 4
- 4
[PATCH v4] scsi: ufs: fix use-after free in init error and remove paths
by André Draszik
devm_blk_crypto_profile_init() registers a cleanup handler to run when
the associated (platform-) device is being released. For UFS, the
crypto private data and pointers are stored as part of the ufs_hba's
data structure 'struct ufs_hba::crypto_profile'. This structure is
allocated as part of the underlying ufshcd and therefore Scsi_host
allocation.
During driver release or during error handling in ufshcd_pltfrm_init(),
this structure is released as part of ufshcd_dealloc_host() before the
(platform-) device associated with the crypto call above is released.
Once this device is released, the crypto cleanup code will run, using
the just-released 'struct ufs_hba::crypto_profile'. This causes a
use-after-free situation:
Call trace:
kfree+0x60/0x2d8 (P)
kvfree+0x44/0x60
blk_crypto_profile_destroy_callback+0x28/0x70
devm_action_release+0x1c/0x30
release_nodes+0x6c/0x108
devres_release_all+0x98/0x100
device_unbind_cleanup+0x20/0x70
really_probe+0x218/0x2d0
In other words, the initialisation code flow is:
platform-device probe
ufshcd_pltfrm_init()
ufshcd_alloc_host()
scsi_host_alloc()
allocation of struct ufs_hba
creation of scsi-host devices
devm_blk_crypto_profile_init()
devm registration of cleanup handler using platform-device
and during error handling of ufshcd_pltfrm_init() or during driver
removal:
ufshcd_dealloc_host()
scsi_host_put()
put_device(scsi-host)
release of struct ufs_hba
put_device(platform-device)
crypto cleanup handler
To fix this use-after free, change ufshcd_alloc_host() to register a
devres action to automatically cleanup the underlying SCSI device on
ufshcd destruction, without requiring explicit calls to
ufshcd_dealloc_host(). This way:
* the crypto profile and all other ufs_hba-owned resources are
destroyed before SCSI (as they've been registered after)
* a memleak is plugged in tc-dwc-g210-pci.c remove() as a
side-effect
* EXPORT_SYMBOL_GPL(ufshcd_dealloc_host) can be removed fully as
it's not needed anymore
* no future drivers using ufshcd_alloc_host() could ever forget
adding the cleanup
Fixes: cb77cb5abe1f ("blk-crypto: rename blk_keyslot_manager to blk_crypto_profile")
Fixes: d76d9d7d1009 ("scsi: ufs: use devm_blk_ksm_init()")
Cc: stable(a)vger.kernel.org
Signed-off-by: André Draszik <andre.draszik(a)linaro.org>
---
Changes in v4:
- add a kdoc note to ufshcd_alloc_host() to state why there is no
ufshcd_dealloc_host() (Mani)
- use return err, without goto (Mani)
- drop register dump and abort info from commit message (Mani)
- Link to v3: https://lore.kernel.org/r/20250116-ufshcd-fix-v3-1-6a83004ea85c@linaro.org
Changes in v3:
- rename devres action handler to ufshcd_devres_release() (Bart)
- Link to v2: https://lore.kernel.org/r/20250114-ufshcd-fix-v2-1-2dc627590a4a@linaro.org
Changes in v2:
- completely new approach using devres action for Scsi_host cleanup, to
ensure ordering
- add Fixes: and CC: stable tags (Eric)
- Link to v1: https://lore.kernel.org/r/20250113-ufshcd-fix-v1-1-ca63d1d4bd55@linaro.org
---
In my case, as per above trace I initially encountered an error in
ufshcd_verify_dev_init(), which made me notice this problem both during
error handling and release. For reproducing, it'd be possible to change
that function to just return an error, or rmmod the platform glue
driver.
Other approaches for solving this issue I see are the following, but I
believe this one here is the cleanest:
* turn 'struct ufs_hba::crypto_profile' into a dynamically allocated
pointer, in which case it doesn't matter if cleanup runs after
scsi_host_put()
* add an explicit devm_blk_crypto_profile_deinit() to be called by API
users when necessary, e.g. before ufshcd_dealloc_host() in this case
* register the crypto cleanup handler against the scsi-host device
instead, like in v1 of this patch
---
drivers/ufs/core/ufshcd.c | 31 +++++++++++++++++++++----------
drivers/ufs/host/ufshcd-pci.c | 2 --
drivers/ufs/host/ufshcd-pltfrm.c | 28 +++++++++-------------------
include/ufs/ufshcd.h | 1 -
4 files changed, 30 insertions(+), 32 deletions(-)
diff --git a/drivers/ufs/core/ufshcd.c b/drivers/ufs/core/ufshcd.c
index 43ddae7318cb..4328f769a7c8 100644
--- a/drivers/ufs/core/ufshcd.c
+++ b/drivers/ufs/core/ufshcd.c
@@ -10279,16 +10279,6 @@ int ufshcd_system_thaw(struct device *dev)
EXPORT_SYMBOL_GPL(ufshcd_system_thaw);
#endif /* CONFIG_PM_SLEEP */
-/**
- * ufshcd_dealloc_host - deallocate Host Bus Adapter (HBA)
- * @hba: pointer to Host Bus Adapter (HBA)
- */
-void ufshcd_dealloc_host(struct ufs_hba *hba)
-{
- scsi_host_put(hba->host);
-}
-EXPORT_SYMBOL_GPL(ufshcd_dealloc_host);
-
/**
* ufshcd_set_dma_mask - Set dma mask based on the controller
* addressing capability
@@ -10307,12 +10297,26 @@ static int ufshcd_set_dma_mask(struct ufs_hba *hba)
return dma_set_mask_and_coherent(hba->dev, DMA_BIT_MASK(32));
}
+/**
+ * ufshcd_devres_release - devres cleanup handler, invoked during release of
+ * hba->dev
+ * @host: pointer to SCSI host
+ */
+static void ufshcd_devres_release(void *host)
+{
+ scsi_host_put(host);
+}
+
/**
* ufshcd_alloc_host - allocate Host Bus Adapter (HBA)
* @dev: pointer to device handle
* @hba_handle: driver private handle
*
* Return: 0 on success, non-zero value on failure.
+ *
+ * NOTE: There is no corresponding ufshcd_dealloc_host() because this function
+ * keeps track of its allocations using devres and deallocates everything on
+ * device removal automatically.
*/
int ufshcd_alloc_host(struct device *dev, struct ufs_hba **hba_handle)
{
@@ -10334,6 +10338,13 @@ int ufshcd_alloc_host(struct device *dev, struct ufs_hba **hba_handle)
err = -ENOMEM;
goto out_error;
}
+
+ err = devm_add_action_or_reset(dev, ufshcd_devres_release,
+ host);
+ if (err)
+ return dev_err_probe(dev, err,
+ "failed to add ufshcd dealloc action\n");
+
host->nr_maps = HCTX_TYPE_POLL + 1;
hba = shost_priv(host);
hba->host = host;
diff --git a/drivers/ufs/host/ufshcd-pci.c b/drivers/ufs/host/ufshcd-pci.c
index ea39c5d5b8cf..9cfcaad23cf9 100644
--- a/drivers/ufs/host/ufshcd-pci.c
+++ b/drivers/ufs/host/ufshcd-pci.c
@@ -562,7 +562,6 @@ static void ufshcd_pci_remove(struct pci_dev *pdev)
pm_runtime_forbid(&pdev->dev);
pm_runtime_get_noresume(&pdev->dev);
ufshcd_remove(hba);
- ufshcd_dealloc_host(hba);
}
/**
@@ -605,7 +604,6 @@ ufshcd_pci_probe(struct pci_dev *pdev, const struct pci_device_id *id)
err = ufshcd_init(hba, mmio_base, pdev->irq);
if (err) {
dev_err(&pdev->dev, "Initialization failed\n");
- ufshcd_dealloc_host(hba);
return err;
}
diff --git a/drivers/ufs/host/ufshcd-pltfrm.c b/drivers/ufs/host/ufshcd-pltfrm.c
index 505572d4fa87..ffe5d1d2b215 100644
--- a/drivers/ufs/host/ufshcd-pltfrm.c
+++ b/drivers/ufs/host/ufshcd-pltfrm.c
@@ -465,21 +465,17 @@ int ufshcd_pltfrm_init(struct platform_device *pdev,
struct device *dev = &pdev->dev;
mmio_base = devm_platform_ioremap_resource(pdev, 0);
- if (IS_ERR(mmio_base)) {
- err = PTR_ERR(mmio_base);
- goto out;
- }
+ if (IS_ERR(mmio_base))
+ return PTR_ERR(mmio_base);
irq = platform_get_irq(pdev, 0);
- if (irq < 0) {
- err = irq;
- goto out;
- }
+ if (irq < 0)
+ return irq;
err = ufshcd_alloc_host(dev, &hba);
if (err) {
dev_err(dev, "Allocation failed\n");
- goto out;
+ return err;
}
hba->vops = vops;
@@ -488,13 +484,13 @@ int ufshcd_pltfrm_init(struct platform_device *pdev,
if (err) {
dev_err(dev, "%s: clock parse failed %d\n",
__func__, err);
- goto dealloc_host;
+ return err;
}
err = ufshcd_parse_regulator_info(hba);
if (err) {
dev_err(dev, "%s: regulator init failed %d\n",
__func__, err);
- goto dealloc_host;
+ return err;
}
ufshcd_init_lanes_per_dir(hba);
@@ -502,25 +498,20 @@ int ufshcd_pltfrm_init(struct platform_device *pdev,
err = ufshcd_parse_operating_points(hba);
if (err) {
dev_err(dev, "%s: OPP parse failed %d\n", __func__, err);
- goto dealloc_host;
+ return err;
}
err = ufshcd_init(hba, mmio_base, irq);
if (err) {
dev_err_probe(dev, err, "Initialization failed with error %d\n",
err);
- goto dealloc_host;
+ return err;
}
pm_runtime_set_active(dev);
pm_runtime_enable(dev);
return 0;
-
-dealloc_host:
- ufshcd_dealloc_host(hba);
-out:
- return err;
}
EXPORT_SYMBOL_GPL(ufshcd_pltfrm_init);
@@ -534,7 +525,6 @@ void ufshcd_pltfrm_remove(struct platform_device *pdev)
pm_runtime_get_sync(&pdev->dev);
ufshcd_remove(hba);
- ufshcd_dealloc_host(hba);
pm_runtime_disable(&pdev->dev);
pm_runtime_put_noidle(&pdev->dev);
}
diff --git a/include/ufs/ufshcd.h b/include/ufs/ufshcd.h
index da0fa5c65081..58eb6e897827 100644
--- a/include/ufs/ufshcd.h
+++ b/include/ufs/ufshcd.h
@@ -1311,7 +1311,6 @@ static inline void ufshcd_rmwl(struct ufs_hba *hba, u32 mask, u32 val, u32 reg)
void ufshcd_enable_irq(struct ufs_hba *hba);
void ufshcd_disable_irq(struct ufs_hba *hba);
int ufshcd_alloc_host(struct device *, struct ufs_hba **);
-void ufshcd_dealloc_host(struct ufs_hba *);
int ufshcd_hba_enable(struct ufs_hba *hba);
int ufshcd_init(struct ufs_hba *, void __iomem *, unsigned int);
int ufshcd_link_recovery(struct ufs_hba *hba);
---
base-commit: 4e16367cfe0ce395f29d0482b78970cce8e1db73
change-id: 20250113-ufshcd-fix-52409f2d32ff
Best regards,
--
André Draszik <andre.draszik(a)linaro.org>
4 months, 2 weeks
- 5
- 4
[PATCH v3] scsi: qedf: Replace kmalloc_array() with kcalloc()
by Jiasheng Jiang
Replace kmalloc_array() with kcalloc() to avoid old (dirty) data being
used/freed.
Fixes: 61d8658b4a43 ("scsi: qedf: Add QLogic FastLinQ offload FCoE driver framework.")
Cc: <stable(a)vger.kernel.org> # v4.11+
Signed-off-by: Jiasheng Jiang <jiashengjiangcool(a)gmail.com>
---
Changelog:
v2 -> v3:
1. Remove the check for bdt_info.
v1 -> v2:
1. Replace kzalloc() with kcalloc().
---
drivers/scsi/qedf/qedf_io.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/drivers/scsi/qedf/qedf_io.c b/drivers/scsi/qedf/qedf_io.c
index fcfc3bed02c6..d52057b97a4f 100644
--- a/drivers/scsi/qedf/qedf_io.c
+++ b/drivers/scsi/qedf/qedf_io.c
@@ -254,9 +254,7 @@ struct qedf_cmd_mgr *qedf_cmd_mgr_alloc(struct qedf_ctx *qedf)
}
/* Allocate pool of io_bdts - one for each qedf_ioreq */
- cmgr->io_bdt_pool = kmalloc_array(num_ios, sizeof(struct io_bdt *),
- GFP_KERNEL);
-
+ cmgr->io_bdt_pool = kcalloc(num_ios, sizeof(*cmgr->io_bdt_pool), GFP_KERNEL);
if (!cmgr->io_bdt_pool) {
QEDF_WARN(&(qedf->dbg_ctx), "Failed to alloc io_bdt_pool.\n");
goto mem_err;
--
2.25.1
4 months, 2 weeks
- 1
- 0
[PATCH AUTOSEL 5.4 1/2] orangefs: fix a oob in orangefs_debug_write
by Sasha Levin
From: Mike Marshall <hubcap(a)omnibond.com>
[ Upstream commit f7c848431632598ff9bce57a659db6af60d75b39 ]
I got a syzbot report: slab-out-of-bounds Read in
orangefs_debug_write... several people suggested fixes,
I tested Al Viro's suggestion and made this patch.
Signed-off-by: Mike Marshall <hubcap(a)omnibond.com>
Reported-by: syzbot+fc519d7875f2d9186c1f(a)syzkaller.appspotmail.com
Signed-off-by: Sasha Levin <sashal(a)kernel.org>
---
fs/orangefs/orangefs-debugfs.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/fs/orangefs/orangefs-debugfs.c b/fs/orangefs/orangefs-debugfs.c
index 1b508f5433846..fa41db0884880 100644
--- a/fs/orangefs/orangefs-debugfs.c
+++ b/fs/orangefs/orangefs-debugfs.c
@@ -393,9 +393,9 @@ static ssize_t orangefs_debug_write(struct file *file,
* Thwart users who try to jamb a ridiculous number
* of bytes into the debug file...
*/
- if (count > ORANGEFS_MAX_DEBUG_STRING_LEN + 1) {
+ if (count > ORANGEFS_MAX_DEBUG_STRING_LEN) {
silly = count;
- count = ORANGEFS_MAX_DEBUG_STRING_LEN + 1;
+ count = ORANGEFS_MAX_DEBUG_STRING_LEN;
}
buf = kzalloc(ORANGEFS_MAX_DEBUG_STRING_LEN, GFP_KERNEL);
--
2.39.5
4 months, 2 weeks
- 1
- 1
[PATCH AUTOSEL 5.10 1/2] orangefs: fix a oob in orangefs_debug_write
by Sasha Levin
From: Mike Marshall <hubcap(a)omnibond.com>
[ Upstream commit f7c848431632598ff9bce57a659db6af60d75b39 ]
I got a syzbot report: slab-out-of-bounds Read in
orangefs_debug_write... several people suggested fixes,
I tested Al Viro's suggestion and made this patch.
Signed-off-by: Mike Marshall <hubcap(a)omnibond.com>
Reported-by: syzbot+fc519d7875f2d9186c1f(a)syzkaller.appspotmail.com
Signed-off-by: Sasha Levin <sashal(a)kernel.org>
---
fs/orangefs/orangefs-debugfs.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/fs/orangefs/orangefs-debugfs.c b/fs/orangefs/orangefs-debugfs.c
index 1b508f5433846..fa41db0884880 100644
--- a/fs/orangefs/orangefs-debugfs.c
+++ b/fs/orangefs/orangefs-debugfs.c
@@ -393,9 +393,9 @@ static ssize_t orangefs_debug_write(struct file *file,
* Thwart users who try to jamb a ridiculous number
* of bytes into the debug file...
*/
- if (count > ORANGEFS_MAX_DEBUG_STRING_LEN + 1) {
+ if (count > ORANGEFS_MAX_DEBUG_STRING_LEN) {
silly = count;
- count = ORANGEFS_MAX_DEBUG_STRING_LEN + 1;
+ count = ORANGEFS_MAX_DEBUG_STRING_LEN;
}
buf = kzalloc(ORANGEFS_MAX_DEBUG_STRING_LEN, GFP_KERNEL);
--
2.39.5
4 months, 2 weeks
- 1
- 1
[PATCH AUTOSEL 5.15 1/3] x86/mm/tlb: Only trim the mm_cpumask once a second
by Sasha Levin
From: Rik van Riel <riel(a)fb.com>
[ Upstream commit 6db2526c1d694c91c6e05e2f186c085e9460f202 ]
Setting and clearing CPU bits in the mm_cpumask is only ever done
by the CPU itself, from the context switch code or the TLB flush
code.
Synchronization is handled by switch_mm_irqs_off() blocking interrupts.
Sending TLB flush IPIs to CPUs that are in the mm_cpumask, but no
longer running the program causes a regression in the will-it-scale
tlbflush2 test. This test is contrived, but a large regression here
might cause a small regression in some real world workload.
Instead of always sending IPIs to CPUs that are in the mm_cpumask,
but no longer running the program, send these IPIs only once a second.
The rest of the time we can skip over CPUs where the loaded_mm is
different from the target mm.
Reported-by: kernel test roboto <oliver.sang(a)intel.com>
Signed-off-by: Rik van Riel <riel(a)surriel.com>
Signed-off-by: Ingo Molnar <mingo(a)kernel.org>
Cc: Dave Hansen <dave.hansen(a)linux.intel.com>
Cc: Andy Lutomirski <luto(a)kernel.org>
Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com>
Cc: Peter Zijlstra <peterz(a)infradead.org>
Cc: Linus Torvalds <torvalds(a)linux-foundation.org>
Link: https://lore.kernel.org/r/20241204210316.612ee573@fangorn
Closes: https://lore.kernel.org/oe-lkp/202411282207.6bd28eae-lkp@intel.com/
Signed-off-by: Sasha Levin <sashal(a)kernel.org>
---
arch/x86/include/asm/mmu.h | 2 ++
arch/x86/include/asm/mmu_context.h | 1 +
arch/x86/include/asm/tlbflush.h | 1 +
arch/x86/mm/tlb.c | 35 +++++++++++++++++++++++++++---
4 files changed, 36 insertions(+), 3 deletions(-)
diff --git a/arch/x86/include/asm/mmu.h b/arch/x86/include/asm/mmu.h
index 5d7494631ea95..c07c018a1c139 100644
--- a/arch/x86/include/asm/mmu.h
+++ b/arch/x86/include/asm/mmu.h
@@ -33,6 +33,8 @@ typedef struct {
*/
atomic64_t tlb_gen;
+ unsigned long next_trim_cpumask;
+
#ifdef CONFIG_MODIFY_LDT_SYSCALL
struct rw_semaphore ldt_usr_sem;
struct ldt_struct *ldt;
diff --git a/arch/x86/include/asm/mmu_context.h b/arch/x86/include/asm/mmu_context.h
index 27516046117a3..1d11aeb597542 100644
--- a/arch/x86/include/asm/mmu_context.h
+++ b/arch/x86/include/asm/mmu_context.h
@@ -106,6 +106,7 @@ static inline int init_new_context(struct task_struct *tsk,
mm->context.ctx_id = atomic64_inc_return(&last_mm_ctx_id);
atomic64_set(&mm->context.tlb_gen, 0);
+ mm->context.next_trim_cpumask = jiffies + HZ;
#ifdef CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS
if (cpu_feature_enabled(X86_FEATURE_OSPKE)) {
diff --git a/arch/x86/include/asm/tlbflush.h b/arch/x86/include/asm/tlbflush.h
index b587a9ee9cb25..22b93e35fa886 100644
--- a/arch/x86/include/asm/tlbflush.h
+++ b/arch/x86/include/asm/tlbflush.h
@@ -207,6 +207,7 @@ struct flush_tlb_info {
unsigned int initiating_cpu;
u8 stride_shift;
u8 freed_tables;
+ u8 trim_cpumask;
};
void flush_tlb_local(void);
diff --git a/arch/x86/mm/tlb.c b/arch/x86/mm/tlb.c
index 511172d70825c..19d083ad2de79 100644
--- a/arch/x86/mm/tlb.c
+++ b/arch/x86/mm/tlb.c
@@ -854,9 +854,36 @@ static void flush_tlb_func(void *info)
nr_invalidate);
}
-static bool tlb_is_not_lazy(int cpu, void *data)
+static bool should_flush_tlb(int cpu, void *data)
{
- return !per_cpu(cpu_tlbstate_shared.is_lazy, cpu);
+ struct flush_tlb_info *info = data;
+
+ /* Lazy TLB will get flushed at the next context switch. */
+ if (per_cpu(cpu_tlbstate_shared.is_lazy, cpu))
+ return false;
+
+ /* No mm means kernel memory flush. */
+ if (!info->mm)
+ return true;
+
+ /* The target mm is loaded, and the CPU is not lazy. */
+ if (per_cpu(cpu_tlbstate.loaded_mm, cpu) == info->mm)
+ return true;
+
+ /* In cpumask, but not the loaded mm? Periodically remove by flushing. */
+ if (info->trim_cpumask)
+ return true;
+
+ return false;
+}
+
+static bool should_trim_cpumask(struct mm_struct *mm)
+{
+ if (time_after(jiffies, READ_ONCE(mm->context.next_trim_cpumask))) {
+ WRITE_ONCE(mm->context.next_trim_cpumask, jiffies + HZ);
+ return true;
+ }
+ return false;
}
DEFINE_PER_CPU_SHARED_ALIGNED(struct tlb_state_shared, cpu_tlbstate_shared);
@@ -890,7 +917,7 @@ STATIC_NOPV void native_flush_tlb_multi(const struct cpumask *cpumask,
if (info->freed_tables)
on_each_cpu_mask(cpumask, flush_tlb_func, (void *)info, true);
else
- on_each_cpu_cond_mask(tlb_is_not_lazy, flush_tlb_func,
+ on_each_cpu_cond_mask(should_flush_tlb, flush_tlb_func,
(void *)info, 1, cpumask);
}
@@ -941,6 +968,7 @@ static struct flush_tlb_info *get_flush_tlb_info(struct mm_struct *mm,
info->freed_tables = freed_tables;
info->new_tlb_gen = new_tlb_gen;
info->initiating_cpu = smp_processor_id();
+ info->trim_cpumask = 0;
return info;
}
@@ -983,6 +1011,7 @@ void flush_tlb_mm_range(struct mm_struct *mm, unsigned long start,
* flush_tlb_func_local() directly in this case.
*/
if (cpumask_any_but(mm_cpumask(mm), cpu) < nr_cpu_ids) {
+ info->trim_cpumask = should_trim_cpumask(mm);
flush_tlb_multi(mm_cpumask(mm), info);
} else if (mm == this_cpu_read(cpu_tlbstate.loaded_mm)) {
lockdep_assert_irqs_enabled();
--
2.39.5
4 months, 2 weeks
- 1
- 2
[PATCH AUTOSEL 6.1 1/3] x86/mm/tlb: Only trim the mm_cpumask once a second
by Sasha Levin
From: Rik van Riel <riel(a)fb.com>
[ Upstream commit 6db2526c1d694c91c6e05e2f186c085e9460f202 ]
Setting and clearing CPU bits in the mm_cpumask is only ever done
by the CPU itself, from the context switch code or the TLB flush
code.
Synchronization is handled by switch_mm_irqs_off() blocking interrupts.
Sending TLB flush IPIs to CPUs that are in the mm_cpumask, but no
longer running the program causes a regression in the will-it-scale
tlbflush2 test. This test is contrived, but a large regression here
might cause a small regression in some real world workload.
Instead of always sending IPIs to CPUs that are in the mm_cpumask,
but no longer running the program, send these IPIs only once a second.
The rest of the time we can skip over CPUs where the loaded_mm is
different from the target mm.
Reported-by: kernel test roboto <oliver.sang(a)intel.com>
Signed-off-by: Rik van Riel <riel(a)surriel.com>
Signed-off-by: Ingo Molnar <mingo(a)kernel.org>
Cc: Dave Hansen <dave.hansen(a)linux.intel.com>
Cc: Andy Lutomirski <luto(a)kernel.org>
Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com>
Cc: Peter Zijlstra <peterz(a)infradead.org>
Cc: Linus Torvalds <torvalds(a)linux-foundation.org>
Link: https://lore.kernel.org/r/20241204210316.612ee573@fangorn
Closes: https://lore.kernel.org/oe-lkp/202411282207.6bd28eae-lkp@intel.com/
Signed-off-by: Sasha Levin <sashal(a)kernel.org>
---
arch/x86/include/asm/mmu.h | 2 ++
arch/x86/include/asm/mmu_context.h | 1 +
arch/x86/include/asm/tlbflush.h | 1 +
arch/x86/mm/tlb.c | 35 +++++++++++++++++++++++++++---
4 files changed, 36 insertions(+), 3 deletions(-)
diff --git a/arch/x86/include/asm/mmu.h b/arch/x86/include/asm/mmu.h
index 5d7494631ea95..c07c018a1c139 100644
--- a/arch/x86/include/asm/mmu.h
+++ b/arch/x86/include/asm/mmu.h
@@ -33,6 +33,8 @@ typedef struct {
*/
atomic64_t tlb_gen;
+ unsigned long next_trim_cpumask;
+
#ifdef CONFIG_MODIFY_LDT_SYSCALL
struct rw_semaphore ldt_usr_sem;
struct ldt_struct *ldt;
diff --git a/arch/x86/include/asm/mmu_context.h b/arch/x86/include/asm/mmu_context.h
index b8d40ddeab00f..6f5c7584fe1e3 100644
--- a/arch/x86/include/asm/mmu_context.h
+++ b/arch/x86/include/asm/mmu_context.h
@@ -106,6 +106,7 @@ static inline int init_new_context(struct task_struct *tsk,
mm->context.ctx_id = atomic64_inc_return(&last_mm_ctx_id);
atomic64_set(&mm->context.tlb_gen, 0);
+ mm->context.next_trim_cpumask = jiffies + HZ;
#ifdef CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS
if (cpu_feature_enabled(X86_FEATURE_OSPKE)) {
diff --git a/arch/x86/include/asm/tlbflush.h b/arch/x86/include/asm/tlbflush.h
index cda3118f3b27d..d1eb6bbfd39e3 100644
--- a/arch/x86/include/asm/tlbflush.h
+++ b/arch/x86/include/asm/tlbflush.h
@@ -208,6 +208,7 @@ struct flush_tlb_info {
unsigned int initiating_cpu;
u8 stride_shift;
u8 freed_tables;
+ u8 trim_cpumask;
};
void flush_tlb_local(void);
diff --git a/arch/x86/mm/tlb.c b/arch/x86/mm/tlb.c
index c1e31e9a85d76..b07e2167fcebf 100644
--- a/arch/x86/mm/tlb.c
+++ b/arch/x86/mm/tlb.c
@@ -878,9 +878,36 @@ static void flush_tlb_func(void *info)
nr_invalidate);
}
-static bool tlb_is_not_lazy(int cpu, void *data)
+static bool should_flush_tlb(int cpu, void *data)
{
- return !per_cpu(cpu_tlbstate_shared.is_lazy, cpu);
+ struct flush_tlb_info *info = data;
+
+ /* Lazy TLB will get flushed at the next context switch. */
+ if (per_cpu(cpu_tlbstate_shared.is_lazy, cpu))
+ return false;
+
+ /* No mm means kernel memory flush. */
+ if (!info->mm)
+ return true;
+
+ /* The target mm is loaded, and the CPU is not lazy. */
+ if (per_cpu(cpu_tlbstate.loaded_mm, cpu) == info->mm)
+ return true;
+
+ /* In cpumask, but not the loaded mm? Periodically remove by flushing. */
+ if (info->trim_cpumask)
+ return true;
+
+ return false;
+}
+
+static bool should_trim_cpumask(struct mm_struct *mm)
+{
+ if (time_after(jiffies, READ_ONCE(mm->context.next_trim_cpumask))) {
+ WRITE_ONCE(mm->context.next_trim_cpumask, jiffies + HZ);
+ return true;
+ }
+ return false;
}
DEFINE_PER_CPU_SHARED_ALIGNED(struct tlb_state_shared, cpu_tlbstate_shared);
@@ -914,7 +941,7 @@ STATIC_NOPV void native_flush_tlb_multi(const struct cpumask *cpumask,
if (info->freed_tables)
on_each_cpu_mask(cpumask, flush_tlb_func, (void *)info, true);
else
- on_each_cpu_cond_mask(tlb_is_not_lazy, flush_tlb_func,
+ on_each_cpu_cond_mask(should_flush_tlb, flush_tlb_func,
(void *)info, 1, cpumask);
}
@@ -965,6 +992,7 @@ static struct flush_tlb_info *get_flush_tlb_info(struct mm_struct *mm,
info->freed_tables = freed_tables;
info->new_tlb_gen = new_tlb_gen;
info->initiating_cpu = smp_processor_id();
+ info->trim_cpumask = 0;
return info;
}
@@ -1007,6 +1035,7 @@ void flush_tlb_mm_range(struct mm_struct *mm, unsigned long start,
* flush_tlb_func_local() directly in this case.
*/
if (cpumask_any_but(mm_cpumask(mm), cpu) < nr_cpu_ids) {
+ info->trim_cpumask = should_trim_cpumask(mm);
flush_tlb_multi(mm_cpumask(mm), info);
} else if (mm == this_cpu_read(cpu_tlbstate.loaded_mm)) {
lockdep_assert_irqs_enabled();
--
2.39.5
4 months, 2 weeks
- 1
- 2
[PATCH AUTOSEL 6.6 1/3] x86/mm/tlb: Only trim the mm_cpumask once a second
by Sasha Levin
From: Rik van Riel <riel(a)fb.com>
[ Upstream commit 6db2526c1d694c91c6e05e2f186c085e9460f202 ]
Setting and clearing CPU bits in the mm_cpumask is only ever done
by the CPU itself, from the context switch code or the TLB flush
code.
Synchronization is handled by switch_mm_irqs_off() blocking interrupts.
Sending TLB flush IPIs to CPUs that are in the mm_cpumask, but no
longer running the program causes a regression in the will-it-scale
tlbflush2 test. This test is contrived, but a large regression here
might cause a small regression in some real world workload.
Instead of always sending IPIs to CPUs that are in the mm_cpumask,
but no longer running the program, send these IPIs only once a second.
The rest of the time we can skip over CPUs where the loaded_mm is
different from the target mm.
Reported-by: kernel test roboto <oliver.sang(a)intel.com>
Signed-off-by: Rik van Riel <riel(a)surriel.com>
Signed-off-by: Ingo Molnar <mingo(a)kernel.org>
Cc: Dave Hansen <dave.hansen(a)linux.intel.com>
Cc: Andy Lutomirski <luto(a)kernel.org>
Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com>
Cc: Peter Zijlstra <peterz(a)infradead.org>
Cc: Linus Torvalds <torvalds(a)linux-foundation.org>
Link: https://lore.kernel.org/r/20241204210316.612ee573@fangorn
Closes: https://lore.kernel.org/oe-lkp/202411282207.6bd28eae-lkp@intel.com/
Signed-off-by: Sasha Levin <sashal(a)kernel.org>
---
arch/x86/include/asm/mmu.h | 2 ++
arch/x86/include/asm/mmu_context.h | 1 +
arch/x86/include/asm/tlbflush.h | 1 +
arch/x86/mm/tlb.c | 35 +++++++++++++++++++++++++++---
4 files changed, 36 insertions(+), 3 deletions(-)
diff --git a/arch/x86/include/asm/mmu.h b/arch/x86/include/asm/mmu.h
index 0da5c227f490c..53763cf192777 100644
--- a/arch/x86/include/asm/mmu.h
+++ b/arch/x86/include/asm/mmu.h
@@ -37,6 +37,8 @@ typedef struct {
*/
atomic64_t tlb_gen;
+ unsigned long next_trim_cpumask;
+
#ifdef CONFIG_MODIFY_LDT_SYSCALL
struct rw_semaphore ldt_usr_sem;
struct ldt_struct *ldt;
diff --git a/arch/x86/include/asm/mmu_context.h b/arch/x86/include/asm/mmu_context.h
index 8dac45a2c7fcf..f5afd956d5e50 100644
--- a/arch/x86/include/asm/mmu_context.h
+++ b/arch/x86/include/asm/mmu_context.h
@@ -145,6 +145,7 @@ static inline int init_new_context(struct task_struct *tsk,
mm->context.ctx_id = atomic64_inc_return(&last_mm_ctx_id);
atomic64_set(&mm->context.tlb_gen, 0);
+ mm->context.next_trim_cpumask = jiffies + HZ;
#ifdef CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS
if (cpu_feature_enabled(X86_FEATURE_OSPKE)) {
diff --git a/arch/x86/include/asm/tlbflush.h b/arch/x86/include/asm/tlbflush.h
index 25726893c6f4d..5d61adc6e892e 100644
--- a/arch/x86/include/asm/tlbflush.h
+++ b/arch/x86/include/asm/tlbflush.h
@@ -222,6 +222,7 @@ struct flush_tlb_info {
unsigned int initiating_cpu;
u8 stride_shift;
u8 freed_tables;
+ u8 trim_cpumask;
};
void flush_tlb_local(void);
diff --git a/arch/x86/mm/tlb.c b/arch/x86/mm/tlb.c
index 64f594826a282..df1794a5e38a5 100644
--- a/arch/x86/mm/tlb.c
+++ b/arch/x86/mm/tlb.c
@@ -898,9 +898,36 @@ static void flush_tlb_func(void *info)
nr_invalidate);
}
-static bool tlb_is_not_lazy(int cpu, void *data)
+static bool should_flush_tlb(int cpu, void *data)
{
- return !per_cpu(cpu_tlbstate_shared.is_lazy, cpu);
+ struct flush_tlb_info *info = data;
+
+ /* Lazy TLB will get flushed at the next context switch. */
+ if (per_cpu(cpu_tlbstate_shared.is_lazy, cpu))
+ return false;
+
+ /* No mm means kernel memory flush. */
+ if (!info->mm)
+ return true;
+
+ /* The target mm is loaded, and the CPU is not lazy. */
+ if (per_cpu(cpu_tlbstate.loaded_mm, cpu) == info->mm)
+ return true;
+
+ /* In cpumask, but not the loaded mm? Periodically remove by flushing. */
+ if (info->trim_cpumask)
+ return true;
+
+ return false;
+}
+
+static bool should_trim_cpumask(struct mm_struct *mm)
+{
+ if (time_after(jiffies, READ_ONCE(mm->context.next_trim_cpumask))) {
+ WRITE_ONCE(mm->context.next_trim_cpumask, jiffies + HZ);
+ return true;
+ }
+ return false;
}
DEFINE_PER_CPU_SHARED_ALIGNED(struct tlb_state_shared, cpu_tlbstate_shared);
@@ -934,7 +961,7 @@ STATIC_NOPV void native_flush_tlb_multi(const struct cpumask *cpumask,
if (info->freed_tables)
on_each_cpu_mask(cpumask, flush_tlb_func, (void *)info, true);
else
- on_each_cpu_cond_mask(tlb_is_not_lazy, flush_tlb_func,
+ on_each_cpu_cond_mask(should_flush_tlb, flush_tlb_func,
(void *)info, 1, cpumask);
}
@@ -985,6 +1012,7 @@ static struct flush_tlb_info *get_flush_tlb_info(struct mm_struct *mm,
info->freed_tables = freed_tables;
info->new_tlb_gen = new_tlb_gen;
info->initiating_cpu = smp_processor_id();
+ info->trim_cpumask = 0;
return info;
}
@@ -1027,6 +1055,7 @@ void flush_tlb_mm_range(struct mm_struct *mm, unsigned long start,
* flush_tlb_func_local() directly in this case.
*/
if (cpumask_any_but(mm_cpumask(mm), cpu) < nr_cpu_ids) {
+ info->trim_cpumask = should_trim_cpumask(mm);
flush_tlb_multi(mm_cpumask(mm), info);
} else if (mm == this_cpu_read(cpu_tlbstate.loaded_mm)) {
lockdep_assert_irqs_enabled();
--
2.39.5
4 months, 2 weeks
- 1
- 2
[PATCH AUTOSEL 6.12 1/5] x86/mm/tlb: Only trim the mm_cpumask once a second
by Sasha Levin
From: Rik van Riel <riel(a)fb.com>
[ Upstream commit 6db2526c1d694c91c6e05e2f186c085e9460f202 ]
Setting and clearing CPU bits in the mm_cpumask is only ever done
by the CPU itself, from the context switch code or the TLB flush
code.
Synchronization is handled by switch_mm_irqs_off() blocking interrupts.
Sending TLB flush IPIs to CPUs that are in the mm_cpumask, but no
longer running the program causes a regression in the will-it-scale
tlbflush2 test. This test is contrived, but a large regression here
might cause a small regression in some real world workload.
Instead of always sending IPIs to CPUs that are in the mm_cpumask,
but no longer running the program, send these IPIs only once a second.
The rest of the time we can skip over CPUs where the loaded_mm is
different from the target mm.
Reported-by: kernel test roboto <oliver.sang(a)intel.com>
Signed-off-by: Rik van Riel <riel(a)surriel.com>
Signed-off-by: Ingo Molnar <mingo(a)kernel.org>
Cc: Dave Hansen <dave.hansen(a)linux.intel.com>
Cc: Andy Lutomirski <luto(a)kernel.org>
Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com>
Cc: Peter Zijlstra <peterz(a)infradead.org>
Cc: Linus Torvalds <torvalds(a)linux-foundation.org>
Link: https://lore.kernel.org/r/20241204210316.612ee573@fangorn
Closes: https://lore.kernel.org/oe-lkp/202411282207.6bd28eae-lkp@intel.com/
Signed-off-by: Sasha Levin <sashal(a)kernel.org>
---
arch/x86/include/asm/mmu.h | 2 ++
arch/x86/include/asm/mmu_context.h | 1 +
arch/x86/include/asm/tlbflush.h | 1 +
arch/x86/mm/tlb.c | 35 +++++++++++++++++++++++++++---
4 files changed, 36 insertions(+), 3 deletions(-)
diff --git a/arch/x86/include/asm/mmu.h b/arch/x86/include/asm/mmu.h
index ce4677b8b7356..3b496cdcb74b3 100644
--- a/arch/x86/include/asm/mmu.h
+++ b/arch/x86/include/asm/mmu.h
@@ -37,6 +37,8 @@ typedef struct {
*/
atomic64_t tlb_gen;
+ unsigned long next_trim_cpumask;
+
#ifdef CONFIG_MODIFY_LDT_SYSCALL
struct rw_semaphore ldt_usr_sem;
struct ldt_struct *ldt;
diff --git a/arch/x86/include/asm/mmu_context.h b/arch/x86/include/asm/mmu_context.h
index 2886cb668d7fa..795fdd53bd0a6 100644
--- a/arch/x86/include/asm/mmu_context.h
+++ b/arch/x86/include/asm/mmu_context.h
@@ -151,6 +151,7 @@ static inline int init_new_context(struct task_struct *tsk,
mm->context.ctx_id = atomic64_inc_return(&last_mm_ctx_id);
atomic64_set(&mm->context.tlb_gen, 0);
+ mm->context.next_trim_cpumask = jiffies + HZ;
#ifdef CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS
if (cpu_feature_enabled(X86_FEATURE_OSPKE)) {
diff --git a/arch/x86/include/asm/tlbflush.h b/arch/x86/include/asm/tlbflush.h
index 69e79fff41b80..02fc2aa06e9e0 100644
--- a/arch/x86/include/asm/tlbflush.h
+++ b/arch/x86/include/asm/tlbflush.h
@@ -222,6 +222,7 @@ struct flush_tlb_info {
unsigned int initiating_cpu;
u8 stride_shift;
u8 freed_tables;
+ u8 trim_cpumask;
};
void flush_tlb_local(void);
diff --git a/arch/x86/mm/tlb.c b/arch/x86/mm/tlb.c
index b0678d59ebdb4..00ffa74d0dd0b 100644
--- a/arch/x86/mm/tlb.c
+++ b/arch/x86/mm/tlb.c
@@ -893,9 +893,36 @@ static void flush_tlb_func(void *info)
nr_invalidate);
}
-static bool tlb_is_not_lazy(int cpu, void *data)
+static bool should_flush_tlb(int cpu, void *data)
{
- return !per_cpu(cpu_tlbstate_shared.is_lazy, cpu);
+ struct flush_tlb_info *info = data;
+
+ /* Lazy TLB will get flushed at the next context switch. */
+ if (per_cpu(cpu_tlbstate_shared.is_lazy, cpu))
+ return false;
+
+ /* No mm means kernel memory flush. */
+ if (!info->mm)
+ return true;
+
+ /* The target mm is loaded, and the CPU is not lazy. */
+ if (per_cpu(cpu_tlbstate.loaded_mm, cpu) == info->mm)
+ return true;
+
+ /* In cpumask, but not the loaded mm? Periodically remove by flushing. */
+ if (info->trim_cpumask)
+ return true;
+
+ return false;
+}
+
+static bool should_trim_cpumask(struct mm_struct *mm)
+{
+ if (time_after(jiffies, READ_ONCE(mm->context.next_trim_cpumask))) {
+ WRITE_ONCE(mm->context.next_trim_cpumask, jiffies + HZ);
+ return true;
+ }
+ return false;
}
DEFINE_PER_CPU_SHARED_ALIGNED(struct tlb_state_shared, cpu_tlbstate_shared);
@@ -929,7 +956,7 @@ STATIC_NOPV void native_flush_tlb_multi(const struct cpumask *cpumask,
if (info->freed_tables)
on_each_cpu_mask(cpumask, flush_tlb_func, (void *)info, true);
else
- on_each_cpu_cond_mask(tlb_is_not_lazy, flush_tlb_func,
+ on_each_cpu_cond_mask(should_flush_tlb, flush_tlb_func,
(void *)info, 1, cpumask);
}
@@ -980,6 +1007,7 @@ static struct flush_tlb_info *get_flush_tlb_info(struct mm_struct *mm,
info->freed_tables = freed_tables;
info->new_tlb_gen = new_tlb_gen;
info->initiating_cpu = smp_processor_id();
+ info->trim_cpumask = 0;
return info;
}
@@ -1022,6 +1050,7 @@ void flush_tlb_mm_range(struct mm_struct *mm, unsigned long start,
* flush_tlb_func_local() directly in this case.
*/
if (cpumask_any_but(mm_cpumask(mm), cpu) < nr_cpu_ids) {
+ info->trim_cpumask = should_trim_cpumask(mm);
flush_tlb_multi(mm_cpumask(mm), info);
} else if (mm == this_cpu_read(cpu_tlbstate.loaded_mm)) {
lockdep_assert_irqs_enabled();
--
2.39.5
4 months, 2 weeks
- 1
- 4
[PATCH AUTOSEL 6.13 1/6] x86/mm/tlb: Only trim the mm_cpumask once a second
by Sasha Levin
From: Rik van Riel <riel(a)fb.com>
[ Upstream commit 6db2526c1d694c91c6e05e2f186c085e9460f202 ]
Setting and clearing CPU bits in the mm_cpumask is only ever done
by the CPU itself, from the context switch code or the TLB flush
code.
Synchronization is handled by switch_mm_irqs_off() blocking interrupts.
Sending TLB flush IPIs to CPUs that are in the mm_cpumask, but no
longer running the program causes a regression in the will-it-scale
tlbflush2 test. This test is contrived, but a large regression here
might cause a small regression in some real world workload.
Instead of always sending IPIs to CPUs that are in the mm_cpumask,
but no longer running the program, send these IPIs only once a second.
The rest of the time we can skip over CPUs where the loaded_mm is
different from the target mm.
Reported-by: kernel test roboto <oliver.sang(a)intel.com>
Signed-off-by: Rik van Riel <riel(a)surriel.com>
Signed-off-by: Ingo Molnar <mingo(a)kernel.org>
Cc: Dave Hansen <dave.hansen(a)linux.intel.com>
Cc: Andy Lutomirski <luto(a)kernel.org>
Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com>
Cc: Peter Zijlstra <peterz(a)infradead.org>
Cc: Linus Torvalds <torvalds(a)linux-foundation.org>
Link: https://lore.kernel.org/r/20241204210316.612ee573@fangorn
Closes: https://lore.kernel.org/oe-lkp/202411282207.6bd28eae-lkp@intel.com/
Signed-off-by: Sasha Levin <sashal(a)kernel.org>
---
arch/x86/include/asm/mmu.h | 2 ++
arch/x86/include/asm/mmu_context.h | 1 +
arch/x86/include/asm/tlbflush.h | 1 +
arch/x86/mm/tlb.c | 35 +++++++++++++++++++++++++++---
4 files changed, 36 insertions(+), 3 deletions(-)
diff --git a/arch/x86/include/asm/mmu.h b/arch/x86/include/asm/mmu.h
index ce4677b8b7356..3b496cdcb74b3 100644
--- a/arch/x86/include/asm/mmu.h
+++ b/arch/x86/include/asm/mmu.h
@@ -37,6 +37,8 @@ typedef struct {
*/
atomic64_t tlb_gen;
+ unsigned long next_trim_cpumask;
+
#ifdef CONFIG_MODIFY_LDT_SYSCALL
struct rw_semaphore ldt_usr_sem;
struct ldt_struct *ldt;
diff --git a/arch/x86/include/asm/mmu_context.h b/arch/x86/include/asm/mmu_context.h
index 2886cb668d7fa..795fdd53bd0a6 100644
--- a/arch/x86/include/asm/mmu_context.h
+++ b/arch/x86/include/asm/mmu_context.h
@@ -151,6 +151,7 @@ static inline int init_new_context(struct task_struct *tsk,
mm->context.ctx_id = atomic64_inc_return(&last_mm_ctx_id);
atomic64_set(&mm->context.tlb_gen, 0);
+ mm->context.next_trim_cpumask = jiffies + HZ;
#ifdef CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS
if (cpu_feature_enabled(X86_FEATURE_OSPKE)) {
diff --git a/arch/x86/include/asm/tlbflush.h b/arch/x86/include/asm/tlbflush.h
index 69e79fff41b80..02fc2aa06e9e0 100644
--- a/arch/x86/include/asm/tlbflush.h
+++ b/arch/x86/include/asm/tlbflush.h
@@ -222,6 +222,7 @@ struct flush_tlb_info {
unsigned int initiating_cpu;
u8 stride_shift;
u8 freed_tables;
+ u8 trim_cpumask;
};
void flush_tlb_local(void);
diff --git a/arch/x86/mm/tlb.c b/arch/x86/mm/tlb.c
index a2becb85bea79..90a9e47409131 100644
--- a/arch/x86/mm/tlb.c
+++ b/arch/x86/mm/tlb.c
@@ -893,9 +893,36 @@ static void flush_tlb_func(void *info)
nr_invalidate);
}
-static bool tlb_is_not_lazy(int cpu, void *data)
+static bool should_flush_tlb(int cpu, void *data)
{
- return !per_cpu(cpu_tlbstate_shared.is_lazy, cpu);
+ struct flush_tlb_info *info = data;
+
+ /* Lazy TLB will get flushed at the next context switch. */
+ if (per_cpu(cpu_tlbstate_shared.is_lazy, cpu))
+ return false;
+
+ /* No mm means kernel memory flush. */
+ if (!info->mm)
+ return true;
+
+ /* The target mm is loaded, and the CPU is not lazy. */
+ if (per_cpu(cpu_tlbstate.loaded_mm, cpu) == info->mm)
+ return true;
+
+ /* In cpumask, but not the loaded mm? Periodically remove by flushing. */
+ if (info->trim_cpumask)
+ return true;
+
+ return false;
+}
+
+static bool should_trim_cpumask(struct mm_struct *mm)
+{
+ if (time_after(jiffies, READ_ONCE(mm->context.next_trim_cpumask))) {
+ WRITE_ONCE(mm->context.next_trim_cpumask, jiffies + HZ);
+ return true;
+ }
+ return false;
}
DEFINE_PER_CPU_SHARED_ALIGNED(struct tlb_state_shared, cpu_tlbstate_shared);
@@ -929,7 +956,7 @@ STATIC_NOPV void native_flush_tlb_multi(const struct cpumask *cpumask,
if (info->freed_tables)
on_each_cpu_mask(cpumask, flush_tlb_func, (void *)info, true);
else
- on_each_cpu_cond_mask(tlb_is_not_lazy, flush_tlb_func,
+ on_each_cpu_cond_mask(should_flush_tlb, flush_tlb_func,
(void *)info, 1, cpumask);
}
@@ -980,6 +1007,7 @@ static struct flush_tlb_info *get_flush_tlb_info(struct mm_struct *mm,
info->freed_tables = freed_tables;
info->new_tlb_gen = new_tlb_gen;
info->initiating_cpu = smp_processor_id();
+ info->trim_cpumask = 0;
return info;
}
@@ -1022,6 +1050,7 @@ void flush_tlb_mm_range(struct mm_struct *mm, unsigned long start,
* flush_tlb_func_local() directly in this case.
*/
if (cpumask_any_but(mm_cpumask(mm), cpu) < nr_cpu_ids) {
+ info->trim_cpumask = should_trim_cpumask(mm);
flush_tlb_multi(mm_cpumask(mm), info);
} else if (mm == this_cpu_read(cpu_tlbstate.loaded_mm)) {
lockdep_assert_irqs_enabled();
--
2.39.5
4 months, 2 weeks
- 1
- 5
[PATCH AUTOSEL 5.4] Grab mm lock before grabbing pt lock
by Sasha Levin
From: Maksym Planeta <maksym(a)exostellar.io>
[ Upstream commit 6d002348789bc16e9203e9818b7a3688787e3b29 ]
Function xen_pin_page calls xen_pte_lock, which in turn grab page
table lock (ptlock). When locking, xen_pte_lock expect mm->page_table_lock
to be held before grabbing ptlock, but this does not happen when pinning
is caused by xen_mm_pin_all.
This commit addresses lockdep warning below, which shows up when
suspending a Xen VM.
[ 3680.658422] Freezing user space processes
[ 3680.660156] Freezing user space processes completed (elapsed 0.001 seconds)
[ 3680.660182] OOM killer disabled.
[ 3680.660192] Freezing remaining freezable tasks
[ 3680.661485] Freezing remaining freezable tasks completed (elapsed 0.001 seconds)
[ 3680.685254]
[ 3680.685265] ==================================
[ 3680.685269] WARNING: Nested lock was not taken
[ 3680.685274] 6.12.0+ #16 Tainted: G W
[ 3680.685279] ----------------------------------
[ 3680.685283] migration/0/19 is trying to lock:
[ 3680.685288] ffff88800bac33c0 (ptlock_ptr(ptdesc)#2){+.+.}-{3:3}, at: xen_pin_page+0x175/0x1d0
[ 3680.685303]
[ 3680.685303] but this task is not holding:
[ 3680.685308] init_mm.page_table_lock
[ 3680.685311]
[ 3680.685311] stack backtrace:
[ 3680.685316] CPU: 0 UID: 0 PID: 19 Comm: migration/0 Tainted: G W 6.12.0+ #16
[ 3680.685324] Tainted: [W]=WARN
[ 3680.685328] Stopper: multi_cpu_stop+0x0/0x120 <- __stop_cpus.constprop.0+0x8c/0xd0
[ 3680.685339] Call Trace:
[ 3680.685344] <TASK>
[ 3680.685347] dump_stack_lvl+0x77/0xb0
[ 3680.685356] __lock_acquire+0x917/0x2310
[ 3680.685364] lock_acquire+0xce/0x2c0
[ 3680.685369] ? xen_pin_page+0x175/0x1d0
[ 3680.685373] _raw_spin_lock_nest_lock+0x2f/0x70
[ 3680.685381] ? xen_pin_page+0x175/0x1d0
[ 3680.685386] xen_pin_page+0x175/0x1d0
[ 3680.685390] ? __pfx_xen_pin_page+0x10/0x10
[ 3680.685394] __xen_pgd_walk+0x233/0x2c0
[ 3680.685401] ? stop_one_cpu+0x91/0x100
[ 3680.685405] __xen_pgd_pin+0x5d/0x250
[ 3680.685410] xen_mm_pin_all+0x70/0xa0
[ 3680.685415] xen_pv_pre_suspend+0xf/0x280
[ 3680.685420] xen_suspend+0x57/0x1a0
[ 3680.685428] multi_cpu_stop+0x6b/0x120
[ 3680.685432] ? update_cpumasks_hier+0x7c/0xa60
[ 3680.685439] ? __pfx_multi_cpu_stop+0x10/0x10
[ 3680.685443] cpu_stopper_thread+0x8c/0x140
[ 3680.685448] ? smpboot_thread_fn+0x20/0x1f0
[ 3680.685454] ? __pfx_smpboot_thread_fn+0x10/0x10
[ 3680.685458] smpboot_thread_fn+0xed/0x1f0
[ 3680.685462] kthread+0xde/0x110
[ 3680.685467] ? __pfx_kthread+0x10/0x10
[ 3680.685471] ret_from_fork+0x2f/0x50
[ 3680.685478] ? __pfx_kthread+0x10/0x10
[ 3680.685482] ret_from_fork_asm+0x1a/0x30
[ 3680.685489] </TASK>
[ 3680.685491]
[ 3680.685491] other info that might help us debug this:
[ 3680.685497] 1 lock held by migration/0/19:
[ 3680.685500] #0: ffffffff8284df38 (pgd_lock){+.+.}-{3:3}, at: xen_mm_pin_all+0x14/0xa0
[ 3680.685512]
[ 3680.685512] stack backtrace:
[ 3680.685518] CPU: 0 UID: 0 PID: 19 Comm: migration/0 Tainted: G W 6.12.0+ #16
[ 3680.685528] Tainted: [W]=WARN
[ 3680.685531] Stopper: multi_cpu_stop+0x0/0x120 <- __stop_cpus.constprop.0+0x8c/0xd0
[ 3680.685538] Call Trace:
[ 3680.685541] <TASK>
[ 3680.685544] dump_stack_lvl+0x77/0xb0
[ 3680.685549] __lock_acquire+0x93c/0x2310
[ 3680.685554] lock_acquire+0xce/0x2c0
[ 3680.685558] ? xen_pin_page+0x175/0x1d0
[ 3680.685562] _raw_spin_lock_nest_lock+0x2f/0x70
[ 3680.685568] ? xen_pin_page+0x175/0x1d0
[ 3680.685572] xen_pin_page+0x175/0x1d0
[ 3680.685578] ? __pfx_xen_pin_page+0x10/0x10
[ 3680.685582] __xen_pgd_walk+0x233/0x2c0
[ 3680.685588] ? stop_one_cpu+0x91/0x100
[ 3680.685592] __xen_pgd_pin+0x5d/0x250
[ 3680.685596] xen_mm_pin_all+0x70/0xa0
[ 3680.685600] xen_pv_pre_suspend+0xf/0x280
[ 3680.685607] xen_suspend+0x57/0x1a0
[ 3680.685611] multi_cpu_stop+0x6b/0x120
[ 3680.685615] ? update_cpumasks_hier+0x7c/0xa60
[ 3680.685620] ? __pfx_multi_cpu_stop+0x10/0x10
[ 3680.685625] cpu_stopper_thread+0x8c/0x140
[ 3680.685629] ? smpboot_thread_fn+0x20/0x1f0
[ 3680.685634] ? __pfx_smpboot_thread_fn+0x10/0x10
[ 3680.685638] smpboot_thread_fn+0xed/0x1f0
[ 3680.685642] kthread+0xde/0x110
[ 3680.685645] ? __pfx_kthread+0x10/0x10
[ 3680.685649] ret_from_fork+0x2f/0x50
[ 3680.685654] ? __pfx_kthread+0x10/0x10
[ 3680.685657] ret_from_fork_asm+0x1a/0x30
[ 3680.685662] </TASK>
[ 3680.685267] xen:grant_table: Grant tables using version 1 layout
[ 3680.685921] OOM killer enabled.
[ 3680.685934] Restarting tasks ... done.
Signed-off-by: Maksym Planeta <maksym(a)exostellar.io>
Reviewed-by: Juergen Gross <jgross(a)suse.com>
Message-ID: <20241204103516.3309112-1-maksym(a)exostellar.io>
Signed-off-by: Juergen Gross <jgross(a)suse.com>
Signed-off-by: Sasha Levin <sashal(a)kernel.org>
---
arch/x86/xen/mmu_pv.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/arch/x86/xen/mmu_pv.c b/arch/x86/xen/mmu_pv.c
index c8dbee62ec2ab..51f8b657ec8a7 100644
--- a/arch/x86/xen/mmu_pv.c
+++ b/arch/x86/xen/mmu_pv.c
@@ -842,6 +842,7 @@ void xen_mm_pin_all(void)
{
struct page *page;
+ spin_lock(&init_mm.page_table_lock);
spin_lock(&pgd_lock);
list_for_each_entry(page, &pgd_list, lru) {
@@ -852,6 +853,7 @@ void xen_mm_pin_all(void)
}
spin_unlock(&pgd_lock);
+ spin_unlock(&init_mm.page_table_lock);
}
static int __init xen_mark_pinned(struct mm_struct *mm, struct page *page,
@@ -961,6 +963,7 @@ void xen_mm_unpin_all(void)
{
struct page *page;
+ spin_lock(&init_mm.page_table_lock);
spin_lock(&pgd_lock);
list_for_each_entry(page, &pgd_list, lru) {
@@ -972,6 +975,7 @@ void xen_mm_unpin_all(void)
}
spin_unlock(&pgd_lock);
+ spin_unlock(&init_mm.page_table_lock);
}
static void xen_activate_mm(struct mm_struct *prev, struct mm_struct *next)
--
2.39.5
4 months, 2 weeks
- 1
- 0
[PATCH AUTOSEL 5.10] Grab mm lock before grabbing pt lock
by Sasha Levin
From: Maksym Planeta <maksym(a)exostellar.io>
[ Upstream commit 6d002348789bc16e9203e9818b7a3688787e3b29 ]
Function xen_pin_page calls xen_pte_lock, which in turn grab page
table lock (ptlock). When locking, xen_pte_lock expect mm->page_table_lock
to be held before grabbing ptlock, but this does not happen when pinning
is caused by xen_mm_pin_all.
This commit addresses lockdep warning below, which shows up when
suspending a Xen VM.
[ 3680.658422] Freezing user space processes
[ 3680.660156] Freezing user space processes completed (elapsed 0.001 seconds)
[ 3680.660182] OOM killer disabled.
[ 3680.660192] Freezing remaining freezable tasks
[ 3680.661485] Freezing remaining freezable tasks completed (elapsed 0.001 seconds)
[ 3680.685254]
[ 3680.685265] ==================================
[ 3680.685269] WARNING: Nested lock was not taken
[ 3680.685274] 6.12.0+ #16 Tainted: G W
[ 3680.685279] ----------------------------------
[ 3680.685283] migration/0/19 is trying to lock:
[ 3680.685288] ffff88800bac33c0 (ptlock_ptr(ptdesc)#2){+.+.}-{3:3}, at: xen_pin_page+0x175/0x1d0
[ 3680.685303]
[ 3680.685303] but this task is not holding:
[ 3680.685308] init_mm.page_table_lock
[ 3680.685311]
[ 3680.685311] stack backtrace:
[ 3680.685316] CPU: 0 UID: 0 PID: 19 Comm: migration/0 Tainted: G W 6.12.0+ #16
[ 3680.685324] Tainted: [W]=WARN
[ 3680.685328] Stopper: multi_cpu_stop+0x0/0x120 <- __stop_cpus.constprop.0+0x8c/0xd0
[ 3680.685339] Call Trace:
[ 3680.685344] <TASK>
[ 3680.685347] dump_stack_lvl+0x77/0xb0
[ 3680.685356] __lock_acquire+0x917/0x2310
[ 3680.685364] lock_acquire+0xce/0x2c0
[ 3680.685369] ? xen_pin_page+0x175/0x1d0
[ 3680.685373] _raw_spin_lock_nest_lock+0x2f/0x70
[ 3680.685381] ? xen_pin_page+0x175/0x1d0
[ 3680.685386] xen_pin_page+0x175/0x1d0
[ 3680.685390] ? __pfx_xen_pin_page+0x10/0x10
[ 3680.685394] __xen_pgd_walk+0x233/0x2c0
[ 3680.685401] ? stop_one_cpu+0x91/0x100
[ 3680.685405] __xen_pgd_pin+0x5d/0x250
[ 3680.685410] xen_mm_pin_all+0x70/0xa0
[ 3680.685415] xen_pv_pre_suspend+0xf/0x280
[ 3680.685420] xen_suspend+0x57/0x1a0
[ 3680.685428] multi_cpu_stop+0x6b/0x120
[ 3680.685432] ? update_cpumasks_hier+0x7c/0xa60
[ 3680.685439] ? __pfx_multi_cpu_stop+0x10/0x10
[ 3680.685443] cpu_stopper_thread+0x8c/0x140
[ 3680.685448] ? smpboot_thread_fn+0x20/0x1f0
[ 3680.685454] ? __pfx_smpboot_thread_fn+0x10/0x10
[ 3680.685458] smpboot_thread_fn+0xed/0x1f0
[ 3680.685462] kthread+0xde/0x110
[ 3680.685467] ? __pfx_kthread+0x10/0x10
[ 3680.685471] ret_from_fork+0x2f/0x50
[ 3680.685478] ? __pfx_kthread+0x10/0x10
[ 3680.685482] ret_from_fork_asm+0x1a/0x30
[ 3680.685489] </TASK>
[ 3680.685491]
[ 3680.685491] other info that might help us debug this:
[ 3680.685497] 1 lock held by migration/0/19:
[ 3680.685500] #0: ffffffff8284df38 (pgd_lock){+.+.}-{3:3}, at: xen_mm_pin_all+0x14/0xa0
[ 3680.685512]
[ 3680.685512] stack backtrace:
[ 3680.685518] CPU: 0 UID: 0 PID: 19 Comm: migration/0 Tainted: G W 6.12.0+ #16
[ 3680.685528] Tainted: [W]=WARN
[ 3680.685531] Stopper: multi_cpu_stop+0x0/0x120 <- __stop_cpus.constprop.0+0x8c/0xd0
[ 3680.685538] Call Trace:
[ 3680.685541] <TASK>
[ 3680.685544] dump_stack_lvl+0x77/0xb0
[ 3680.685549] __lock_acquire+0x93c/0x2310
[ 3680.685554] lock_acquire+0xce/0x2c0
[ 3680.685558] ? xen_pin_page+0x175/0x1d0
[ 3680.685562] _raw_spin_lock_nest_lock+0x2f/0x70
[ 3680.685568] ? xen_pin_page+0x175/0x1d0
[ 3680.685572] xen_pin_page+0x175/0x1d0
[ 3680.685578] ? __pfx_xen_pin_page+0x10/0x10
[ 3680.685582] __xen_pgd_walk+0x233/0x2c0
[ 3680.685588] ? stop_one_cpu+0x91/0x100
[ 3680.685592] __xen_pgd_pin+0x5d/0x250
[ 3680.685596] xen_mm_pin_all+0x70/0xa0
[ 3680.685600] xen_pv_pre_suspend+0xf/0x280
[ 3680.685607] xen_suspend+0x57/0x1a0
[ 3680.685611] multi_cpu_stop+0x6b/0x120
[ 3680.685615] ? update_cpumasks_hier+0x7c/0xa60
[ 3680.685620] ? __pfx_multi_cpu_stop+0x10/0x10
[ 3680.685625] cpu_stopper_thread+0x8c/0x140
[ 3680.685629] ? smpboot_thread_fn+0x20/0x1f0
[ 3680.685634] ? __pfx_smpboot_thread_fn+0x10/0x10
[ 3680.685638] smpboot_thread_fn+0xed/0x1f0
[ 3680.685642] kthread+0xde/0x110
[ 3680.685645] ? __pfx_kthread+0x10/0x10
[ 3680.685649] ret_from_fork+0x2f/0x50
[ 3680.685654] ? __pfx_kthread+0x10/0x10
[ 3680.685657] ret_from_fork_asm+0x1a/0x30
[ 3680.685662] </TASK>
[ 3680.685267] xen:grant_table: Grant tables using version 1 layout
[ 3680.685921] OOM killer enabled.
[ 3680.685934] Restarting tasks ... done.
Signed-off-by: Maksym Planeta <maksym(a)exostellar.io>
Reviewed-by: Juergen Gross <jgross(a)suse.com>
Message-ID: <20241204103516.3309112-1-maksym(a)exostellar.io>
Signed-off-by: Juergen Gross <jgross(a)suse.com>
Signed-off-by: Sasha Levin <sashal(a)kernel.org>
---
arch/x86/xen/mmu_pv.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/arch/x86/xen/mmu_pv.c b/arch/x86/xen/mmu_pv.c
index cf2ade864c302..2fef8ad3f1df9 100644
--- a/arch/x86/xen/mmu_pv.c
+++ b/arch/x86/xen/mmu_pv.c
@@ -762,6 +762,7 @@ void xen_mm_pin_all(void)
{
struct page *page;
+ spin_lock(&init_mm.page_table_lock);
spin_lock(&pgd_lock);
list_for_each_entry(page, &pgd_list, lru) {
@@ -772,6 +773,7 @@ void xen_mm_pin_all(void)
}
spin_unlock(&pgd_lock);
+ spin_unlock(&init_mm.page_table_lock);
}
static void __init xen_mark_pinned(struct mm_struct *mm, struct page *page,
@@ -866,6 +868,7 @@ void xen_mm_unpin_all(void)
{
struct page *page;
+ spin_lock(&init_mm.page_table_lock);
spin_lock(&pgd_lock);
list_for_each_entry(page, &pgd_list, lru) {
@@ -877,6 +880,7 @@ void xen_mm_unpin_all(void)
}
spin_unlock(&pgd_lock);
+ spin_unlock(&init_mm.page_table_lock);
}
static void xen_activate_mm(struct mm_struct *prev, struct mm_struct *next)
--
2.39.5
4 months, 2 weeks
- 1
- 0
[PATCH AUTOSEL 5.15] Grab mm lock before grabbing pt lock
by Sasha Levin
From: Maksym Planeta <maksym(a)exostellar.io>
[ Upstream commit 6d002348789bc16e9203e9818b7a3688787e3b29 ]
Function xen_pin_page calls xen_pte_lock, which in turn grab page
table lock (ptlock). When locking, xen_pte_lock expect mm->page_table_lock
to be held before grabbing ptlock, but this does not happen when pinning
is caused by xen_mm_pin_all.
This commit addresses lockdep warning below, which shows up when
suspending a Xen VM.
[ 3680.658422] Freezing user space processes
[ 3680.660156] Freezing user space processes completed (elapsed 0.001 seconds)
[ 3680.660182] OOM killer disabled.
[ 3680.660192] Freezing remaining freezable tasks
[ 3680.661485] Freezing remaining freezable tasks completed (elapsed 0.001 seconds)
[ 3680.685254]
[ 3680.685265] ==================================
[ 3680.685269] WARNING: Nested lock was not taken
[ 3680.685274] 6.12.0+ #16 Tainted: G W
[ 3680.685279] ----------------------------------
[ 3680.685283] migration/0/19 is trying to lock:
[ 3680.685288] ffff88800bac33c0 (ptlock_ptr(ptdesc)#2){+.+.}-{3:3}, at: xen_pin_page+0x175/0x1d0
[ 3680.685303]
[ 3680.685303] but this task is not holding:
[ 3680.685308] init_mm.page_table_lock
[ 3680.685311]
[ 3680.685311] stack backtrace:
[ 3680.685316] CPU: 0 UID: 0 PID: 19 Comm: migration/0 Tainted: G W 6.12.0+ #16
[ 3680.685324] Tainted: [W]=WARN
[ 3680.685328] Stopper: multi_cpu_stop+0x0/0x120 <- __stop_cpus.constprop.0+0x8c/0xd0
[ 3680.685339] Call Trace:
[ 3680.685344] <TASK>
[ 3680.685347] dump_stack_lvl+0x77/0xb0
[ 3680.685356] __lock_acquire+0x917/0x2310
[ 3680.685364] lock_acquire+0xce/0x2c0
[ 3680.685369] ? xen_pin_page+0x175/0x1d0
[ 3680.685373] _raw_spin_lock_nest_lock+0x2f/0x70
[ 3680.685381] ? xen_pin_page+0x175/0x1d0
[ 3680.685386] xen_pin_page+0x175/0x1d0
[ 3680.685390] ? __pfx_xen_pin_page+0x10/0x10
[ 3680.685394] __xen_pgd_walk+0x233/0x2c0
[ 3680.685401] ? stop_one_cpu+0x91/0x100
[ 3680.685405] __xen_pgd_pin+0x5d/0x250
[ 3680.685410] xen_mm_pin_all+0x70/0xa0
[ 3680.685415] xen_pv_pre_suspend+0xf/0x280
[ 3680.685420] xen_suspend+0x57/0x1a0
[ 3680.685428] multi_cpu_stop+0x6b/0x120
[ 3680.685432] ? update_cpumasks_hier+0x7c/0xa60
[ 3680.685439] ? __pfx_multi_cpu_stop+0x10/0x10
[ 3680.685443] cpu_stopper_thread+0x8c/0x140
[ 3680.685448] ? smpboot_thread_fn+0x20/0x1f0
[ 3680.685454] ? __pfx_smpboot_thread_fn+0x10/0x10
[ 3680.685458] smpboot_thread_fn+0xed/0x1f0
[ 3680.685462] kthread+0xde/0x110
[ 3680.685467] ? __pfx_kthread+0x10/0x10
[ 3680.685471] ret_from_fork+0x2f/0x50
[ 3680.685478] ? __pfx_kthread+0x10/0x10
[ 3680.685482] ret_from_fork_asm+0x1a/0x30
[ 3680.685489] </TASK>
[ 3680.685491]
[ 3680.685491] other info that might help us debug this:
[ 3680.685497] 1 lock held by migration/0/19:
[ 3680.685500] #0: ffffffff8284df38 (pgd_lock){+.+.}-{3:3}, at: xen_mm_pin_all+0x14/0xa0
[ 3680.685512]
[ 3680.685512] stack backtrace:
[ 3680.685518] CPU: 0 UID: 0 PID: 19 Comm: migration/0 Tainted: G W 6.12.0+ #16
[ 3680.685528] Tainted: [W]=WARN
[ 3680.685531] Stopper: multi_cpu_stop+0x0/0x120 <- __stop_cpus.constprop.0+0x8c/0xd0
[ 3680.685538] Call Trace:
[ 3680.685541] <TASK>
[ 3680.685544] dump_stack_lvl+0x77/0xb0
[ 3680.685549] __lock_acquire+0x93c/0x2310
[ 3680.685554] lock_acquire+0xce/0x2c0
[ 3680.685558] ? xen_pin_page+0x175/0x1d0
[ 3680.685562] _raw_spin_lock_nest_lock+0x2f/0x70
[ 3680.685568] ? xen_pin_page+0x175/0x1d0
[ 3680.685572] xen_pin_page+0x175/0x1d0
[ 3680.685578] ? __pfx_xen_pin_page+0x10/0x10
[ 3680.685582] __xen_pgd_walk+0x233/0x2c0
[ 3680.685588] ? stop_one_cpu+0x91/0x100
[ 3680.685592] __xen_pgd_pin+0x5d/0x250
[ 3680.685596] xen_mm_pin_all+0x70/0xa0
[ 3680.685600] xen_pv_pre_suspend+0xf/0x280
[ 3680.685607] xen_suspend+0x57/0x1a0
[ 3680.685611] multi_cpu_stop+0x6b/0x120
[ 3680.685615] ? update_cpumasks_hier+0x7c/0xa60
[ 3680.685620] ? __pfx_multi_cpu_stop+0x10/0x10
[ 3680.685625] cpu_stopper_thread+0x8c/0x140
[ 3680.685629] ? smpboot_thread_fn+0x20/0x1f0
[ 3680.685634] ? __pfx_smpboot_thread_fn+0x10/0x10
[ 3680.685638] smpboot_thread_fn+0xed/0x1f0
[ 3680.685642] kthread+0xde/0x110
[ 3680.685645] ? __pfx_kthread+0x10/0x10
[ 3680.685649] ret_from_fork+0x2f/0x50
[ 3680.685654] ? __pfx_kthread+0x10/0x10
[ 3680.685657] ret_from_fork_asm+0x1a/0x30
[ 3680.685662] </TASK>
[ 3680.685267] xen:grant_table: Grant tables using version 1 layout
[ 3680.685921] OOM killer enabled.
[ 3680.685934] Restarting tasks ... done.
Signed-off-by: Maksym Planeta <maksym(a)exostellar.io>
Reviewed-by: Juergen Gross <jgross(a)suse.com>
Message-ID: <20241204103516.3309112-1-maksym(a)exostellar.io>
Signed-off-by: Juergen Gross <jgross(a)suse.com>
Signed-off-by: Sasha Levin <sashal(a)kernel.org>
---
arch/x86/xen/mmu_pv.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/arch/x86/xen/mmu_pv.c b/arch/x86/xen/mmu_pv.c
index 3359c23573c50..f737e3af3edcc 100644
--- a/arch/x86/xen/mmu_pv.c
+++ b/arch/x86/xen/mmu_pv.c
@@ -762,6 +762,7 @@ void xen_mm_pin_all(void)
{
struct page *page;
+ spin_lock(&init_mm.page_table_lock);
spin_lock(&pgd_lock);
list_for_each_entry(page, &pgd_list, lru) {
@@ -772,6 +773,7 @@ void xen_mm_pin_all(void)
}
spin_unlock(&pgd_lock);
+ spin_unlock(&init_mm.page_table_lock);
}
static void __init xen_mark_pinned(struct mm_struct *mm, struct page *page,
@@ -866,6 +868,7 @@ void xen_mm_unpin_all(void)
{
struct page *page;
+ spin_lock(&init_mm.page_table_lock);
spin_lock(&pgd_lock);
list_for_each_entry(page, &pgd_list, lru) {
@@ -877,6 +880,7 @@ void xen_mm_unpin_all(void)
}
spin_unlock(&pgd_lock);
+ spin_unlock(&init_mm.page_table_lock);
}
static void xen_activate_mm(struct mm_struct *prev, struct mm_struct *next)
--
2.39.5
4 months, 2 weeks
- 1
- 0